# MISP export of IDS rules - optimized for # # These NIDS rules contain some variables that need to exist in your configuration. # Make sure you have set: # # $HOME_NET - Your internal network range # $EXTERNAL_NET - The network considered as outside # $SMTP_SERVERS - All your internal SMTP servers # $HTTP_PORTS - The ports used to contain HTTP traffic (not required with suricata export) # alert ip 101.35.19.119 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.19.119"; classtype:trojan-activity; sid:37077181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 101.34.78.88 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.78.88"; classtype:trojan-activity; sid:37077191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 101.43.149.225 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.149.225"; classtype:trojan-activity; sid:37077201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 103.187.147.35 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.187.147.35"; classtype:trojan-activity; sid:37077211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 104.131.144.8 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.144.8"; classtype:trojan-activity; sid:37077221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 103.237.87.240 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.237.87.240"; classtype:trojan-activity; sid:37077231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 111.68.111.100 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.68.111.100"; classtype:trojan-activity; sid:37077241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 111.224.234.167 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.224.234.167"; classtype:trojan-activity; sid:37077251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 111.89.112.77 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.89.112.77"; classtype:trojan-activity; sid:37077261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 114.67.221.40 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.67.221.40"; classtype:trojan-activity; sid:37077271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 117.72.17.146 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.17.146"; classtype:trojan-activity; sid:37077281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 117.50.189.223 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.189.223"; classtype:trojan-activity; sid:37077291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 119.27.181.250 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.27.181.250"; classtype:trojan-activity; sid:37077301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 118.195.155.71 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.155.71"; classtype:trojan-activity; sid:37077311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 123.234.6.1 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.234.6.1"; classtype:trojan-activity; sid:37077321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 123.97.72.62 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.97.72.62"; classtype:trojan-activity; sid:37077331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 125.36.253.226 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.36.253.226"; classtype:trojan-activity; sid:37077341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 124.221.23.193 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.23.193"; classtype:trojan-activity; sid:37077351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 143.198.208.216 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.208.216"; classtype:trojan-activity; sid:37077361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 150.158.102.192 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.102.192"; classtype:trojan-activity; sid:37077371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 150.158.47.202 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.47.202"; classtype:trojan-activity; sid:37077381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 205.210.31.213 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.213"; classtype:trojan-activity; sid:37077391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 170.106.195.172 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.195.172"; classtype:trojan-activity; sid:37077401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 43.156.30.2 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.30.2"; classtype:trojan-activity; sid:37077411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 41.215.130.247 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.215.130.247"; classtype:trojan-activity; sid:37077421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 220.74.78.244 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.74.78.244"; classtype:trojan-activity; sid:37077431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 180.101.88.222 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.222"; classtype:trojan-activity; sid:37077441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 59.42.214.20 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.42.214.20"; classtype:trojan-activity; sid:37077451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 85.133.222.222 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.133.222.222"; classtype:trojan-activity; sid:37077461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert http $HOME_NET any -> 91.92.242.62 8088 (msg: "MISP e25649 [CobaltStrike,cs-watermark-0,LIMENET] Outgoing URL http|3a|//91.92.242.62|3a|8088/c/msdownload/update/others/2020/10/29136388_"; flow:to_server,established; http.header; content:"91.92.242.62"; fast_pattern; nocase; http.uri; content:"/c/msdownload/update/others/2020/10/29136388_"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 39.105.51.11 28100 (msg: "MISP e25649 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-0] Outgoing URL http|3a|//39.105.51.11|3a|28100/fwlink"; flow:to_server,established; http.header; content:"39.105.51.11"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip 157.245.248.106 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.248.106"; classtype:trojan-activity; sid:37077471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 159.226.1.184 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.226.1.184"; classtype:trojan-activity; sid:37077481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 38.25.39.212 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.25.39.212"; classtype:trojan-activity; sid:37077491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 43.134.101.44 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.101.44"; classtype:trojan-activity; sid:37077501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 49.7.154.220 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.7.154.220"; classtype:trojan-activity; sid:37077511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 45.79.168.172 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.168.172"; classtype:trojan-activity; sid:37077521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert http $HOME_NET any -> 39.105.51.11 28103 (msg: "MISP e25649 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-0] Outgoing URL http|3a|//39.105.51.11|3a|28103/activity"; flow:to_server,established; http.header; content:"39.105.51.11"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip 8.222.158.100 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.158.100"; classtype:trojan-activity; sid:37077531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert http $HOME_NET any -> 39.105.51.11 28104 (msg: "MISP e25649 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-0] Outgoing URL http|3a|//39.105.51.11|3a|28104/g.pixel"; flow:to_server,established; http.header; content:"39.105.51.11"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip 205.185.127.240 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.185.127.240"; classtype:trojan-activity; sid:37077541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 211.196.120.196 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.196.120.196"; classtype:trojan-activity; sid:37077551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 47.236.21.181 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.21.181"; classtype:trojan-activity; sid:37077561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 49.113.93.82 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.113.93.82"; classtype:trojan-activity; sid:37077571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 54.151.84.21 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.151.84.21"; classtype:trojan-activity; sid:37077581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert ip 170.64.185.76 any -> $HOME_NET any (msg: "MISP e25993 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.185.76"; classtype:trojan-activity; sid:37077591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25993;) alert http $HOME_NET any -> 39.105.51.11 28104 (msg: "MISP e25810 [CobaltStrike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing URL http|3a|//39.105.51.11|3a|28104/g.pixel"; flow:to_server,established; http.header; content:"39.105.51.11"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 39.105.51.11 28103 (msg: "MISP e25810 [CobaltStrike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing URL http|3a|//39.105.51.11|3a|28103/activity"; flow:to_server,established; http.header; content:"39.105.51.11"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 39.105.51.11 28100 (msg: "MISP e25810 [CobaltStrike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing URL http|3a|//39.105.51.11|3a|28100/fwlink"; flow:to_server,established; http.header; content:"39.105.51.11"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 91.92.242.62 8088 (msg: "MISP e25810 [CobaltStrike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing URL http|3a|//91.92.242.62|3a|8088/c/msdownload/update/others/2020/10/29136388_"; flow:to_server,established; http.header; content:"91.92.242.62"; fast_pattern; nocase; http.uri; content:"/c/msdownload/update/others/2020/10/29136388_"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 3.67.62.142 11024 (msg: "MISP e25810 [] Outgoing To IP: 3.67.62.142|11024"; classtype:trojan-activity; sid:36988531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 60.247.153.126 50050 (msg: "MISP e25649 [] Outgoing To IP: 60.247.153.126|50050"; classtype:trojan-activity; sid:36898071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 60.247.153.126 50050 (msg: "MISP e25810 [] Outgoing To IP: 60.247.153.126|50050"; classtype:trojan-activity; sid:36988541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain tzitziklishop3.ddns.net"; dns.query; content:"tzitziklishop3.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tzitziklishop3\.ddns\.net$/i"; classtype:trojan-activity; sid:36988551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain tzitziklishop3.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tzitziklishop3.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tzitziklishop3\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36988552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 209.127.186.195 9443 (msg: "MISP e25649 [Bianlian Go Trojan,SERVER-MANIA] Outgoing To IP: 209.127.186.195|9443"; classtype:trojan-activity; sid:36898081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 47.236.237.46 443 (msg: "MISP e25649 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Havoc] Outgoing To IP: 47.236.237.46|443"; classtype:trojan-activity; sid:36898091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 103.195.6.58 80 (msg: "MISP e25649 [Havoc,KAMATERAINC-AS-AP Kamatera Inc.] Outgoing To IP: 103.195.6.58|80"; classtype:trojan-activity; sid:36898101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 104.238.60.14 443 (msg: "MISP e25649 [ASN-QUADRANET-GLOBAL,Havoc] Outgoing To IP: 104.238.60.14|443"; classtype:trojan-activity; sid:36898111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 158.160.65.88 443 (msg: "MISP e25649 [Havoc,YANDEXCLOUD] Outgoing To IP: 158.160.65.88|443"; classtype:trojan-activity; sid:36898121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 122.114.8.164 80 (msg: "MISP e25649 [CHINA169-BACKBONE CHINA UNICOM China169 Backbone,Havoc] Outgoing To IP: 122.114.8.164|80"; classtype:trojan-activity; sid:36898131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 79.107.143.65 995 (msg: "MISP e25649 [QakBot,WIND-AS] Outgoing To IP: 79.107.143.65|995"; classtype:trojan-activity; sid:36898141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 74.12.146.248 2078 (msg: "MISP e25649 [BACOM,QakBot] Outgoing To IP: 74.12.146.248|2078"; classtype:trojan-activity; sid:36898151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 74.12.146.248 2078 (msg: "MISP e25810 [] Outgoing To IP: 74.12.146.248|2078"; classtype:trojan-activity; sid:36988561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 79.107.143.65 995 (msg: "MISP e25810 [] Outgoing To IP: 79.107.143.65|995"; classtype:trojan-activity; sid:36988571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 122.114.8.164 80 (msg: "MISP e25810 [] Outgoing To IP: 122.114.8.164|80"; classtype:trojan-activity; sid:36988581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 158.160.65.88 443 (msg: "MISP e25810 [] Outgoing To IP: 158.160.65.88|443"; classtype:trojan-activity; sid:36988591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 104.238.60.14 443 (msg: "MISP e25810 [] Outgoing To IP: 104.238.60.14|443"; classtype:trojan-activity; sid:36988601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 103.195.6.58 80 (msg: "MISP e25810 [] Outgoing To IP: 103.195.6.58|80"; classtype:trojan-activity; sid:36988611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 47.236.237.46 443 (msg: "MISP e25810 [] Outgoing To IP: 47.236.237.46|443"; classtype:trojan-activity; sid:36988621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 209.127.186.195 9443 (msg: "MISP e25810 [] Outgoing To IP: 209.127.186.195|9443"; classtype:trojan-activity; sid:36988631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 167.71.88.65 443 (msg: "MISP e25649 [] Outgoing To IP: 167.71.88.65|443"; classtype:trojan-activity; sid:36898161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 18.229.146.63 18785 (msg: "MISP e25810 [] Outgoing To IP: 18.229.146.63|18785"; classtype:trojan-activity; sid:36988641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 18.229.248.167 18785 (msg: "MISP e25810 [] Outgoing To IP: 18.229.248.167|18785"; classtype:trojan-activity; sid:36988651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 18.228.115.60 18785 (msg: "MISP e25810 [] Outgoing To IP: 18.228.115.60|18785"; classtype:trojan-activity; sid:36988661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 167.71.88.65 443 (msg: "MISP e25810 [] Outgoing To IP: 167.71.88.65|443"; classtype:trojan-activity; sid:36988671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25811 [] Outgoing URL http|3a|//wallstreetcoachingfoundation.co.za/Dir/index.php"; flow:to_server,established; http.header; content:"wallstreetcoachingfoundation.co.za"; fast_pattern; nocase; http.uri; content:"/Dir/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36990841; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/25811;) alert ip $HOME_NET any -> 18.229.248.167 18785 (msg: "MISP e25649 [njrat,RAT] Outgoing To IP: 18.229.248.167|18785"; classtype:trojan-activity; sid:36898181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 18.228.115.60 18785 (msg: "MISP e25649 [njrat,RAT] Outgoing To IP: 18.228.115.60|18785"; classtype:trojan-activity; sid:36898171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 18.229.146.63 18785 (msg: "MISP e25649 [njrat,RAT] Outgoing To IP: 18.229.146.63|18785"; classtype:trojan-activity; sid:36898191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AEZA INTERNATIONAL LTD,CobaltStrike,cs-watermark-987654321] Domain kami.magication.us"; dns.query; content:"kami.magication.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])kami\.magication\.us$/i"; classtype:trojan-activity; sid:36898221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AEZA INTERNATIONAL LTD,CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain kami.magication.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kami.magication.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kami\.magication\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36898222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 89.208.103.187 53 (msg: "MISP e25649 [AEZA INTERNATIONAL LTD,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 89.208.103.187|53"; classtype:trojan-activity; sid:36898231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 62.72.5.16 3790 (msg: "MISP e25649 [] Outgoing To IP: 62.72.5.16|3790"; classtype:trojan-activity; sid:36898241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 62.72.5.16 3790 (msg: "MISP e25810 [] Outgoing To IP: 62.72.5.16|3790"; classtype:trojan-activity; sid:36988701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 89.208.103.187 53 (msg: "MISP e25810 [] Outgoing To IP: 89.208.103.187|53"; classtype:trojan-activity; sid:36988711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain kami.magication.us"; dns.query; content:"kami.magication.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])kami\.magication\.us$/i"; classtype:trojan-activity; sid:36988721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain kami.magication.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kami.magication.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kami\.magication\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36988722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.154 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.154|8100"; classtype:trojan-activity; sid:36988731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.155 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.155|8100"; classtype:trojan-activity; sid:36988741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.156 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.156|8100"; classtype:trojan-activity; sid:36988751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.152 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.152|8100"; classtype:trojan-activity; sid:36988761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.153 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.153|8100"; classtype:trojan-activity; sid:36988771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.149 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.149|8100"; classtype:trojan-activity; sid:36988781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.150 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.150|8100"; classtype:trojan-activity; sid:36988791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.151 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.151|8100"; classtype:trojan-activity; sid:36988801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.146 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.146|8100"; classtype:trojan-activity; sid:36988811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.147 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.147|8100"; classtype:trojan-activity; sid:36988821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.148 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.148|8100"; classtype:trojan-activity; sid:36988831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.145 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.145|8100"; classtype:trojan-activity; sid:36988841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 37.187.1.37 80 (msg: "MISP e25810 [] Outgoing To IP: 37.187.1.37|80"; classtype:trojan-activity; sid:36988851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.157 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.157|8100"; classtype:trojan-activity; sid:36988861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 51.222.51.158 8100 (msg: "MISP e25810 [] Outgoing To IP: 51.222.51.158|8100"; classtype:trojan-activity; sid:36988871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 167.114.173.191 8100 (msg: "MISP e25810 [] Outgoing To IP: 167.114.173.191|8100"; classtype:trojan-activity; sid:36988881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.209 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.209|8100"; classtype:trojan-activity; sid:36988891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.210 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.210|8100"; classtype:trojan-activity; sid:36988901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.212 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.212|8100"; classtype:trojan-activity; sid:36988911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.211 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.211|8100"; classtype:trojan-activity; sid:36988921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.213 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.213|8100"; classtype:trojan-activity; sid:36988931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.214 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.214|8100"; classtype:trojan-activity; sid:36988941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.215 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.215|8100"; classtype:trojan-activity; sid:36988951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.216 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.216|8100"; classtype:trojan-activity; sid:36988961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.217 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.217|8100"; classtype:trojan-activity; sid:36988971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.218 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.218|8100"; classtype:trojan-activity; sid:36988981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.219 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.219|8100"; classtype:trojan-activity; sid:36988991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.220 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.220|8100"; classtype:trojan-activity; sid:36989001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.221 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.221|8100"; classtype:trojan-activity; sid:36989011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 198.50.214.222 8100 (msg: "MISP e25810 [] Outgoing To IP: 198.50.214.222|8100"; classtype:trojan-activity; sid:36989021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 139.59.47.9 80 (msg: "MISP e25810 [] Outgoing To IP: 139.59.47.9|80"; classtype:trojan-activity; sid:36989031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 138.197.150.104 443 (msg: "MISP e25810 [] Outgoing To IP: 138.197.150.104|443"; classtype:trojan-activity; sid:36989041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 159.203.48.121 80 (msg: "MISP e25810 [] Outgoing To IP: 159.203.48.121|80"; classtype:trojan-activity; sid:36989051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 104.248.54.93 80 (msg: "MISP e25810 [] Outgoing To IP: 104.248.54.93|80"; classtype:trojan-activity; sid:36989061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 159.203.3.76 80 (msg: "MISP e25810 [] Outgoing To IP: 159.203.3.76|80"; classtype:trojan-activity; sid:36989071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 89.247.50.191 80 (msg: "MISP e25649 [] Outgoing To IP: 89.247.50.191|80"; classtype:trojan-activity; sid:36898251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 103.61.139.69 443 (msg: "MISP e25649 [CobaltStrike,cs-watermark-987654321,EMGINECONCEPT-01] Outgoing To IP: 103.61.139.69|443"; classtype:trojan-activity; sid:36898271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 89.247.50.191 80 (msg: "MISP e25810 [] Outgoing To IP: 89.247.50.191|80"; classtype:trojan-activity; sid:36989081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 103.61.139.69 443 (msg: "MISP e25810 [] Outgoing To IP: 103.61.139.69|443"; classtype:trojan-activity; sid:36989091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 42.236.91.107 6666 (msg: "MISP e25649 [] Outgoing To IP: 42.236.91.107|6666"; classtype:trojan-activity; sid:36898281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 191.101.209.29 20427 (msg: "MISP e25810 [] Outgoing To IP: 191.101.209.29|20427"; classtype:trojan-activity; sid:36989111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 42.236.91.107 6666 (msg: "MISP e25810 [] Outgoing To IP: 42.236.91.107|6666"; classtype:trojan-activity; sid:36989121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 45.13.227.186 3912 (msg: "MISP e25649 [Mirai] Outgoing To IP: 45.13.227.186|3912"; classtype:trojan-activity; sid:36898341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 45.13.227.186 1312 (msg: "MISP e25649 [Mirai] Outgoing To IP: 45.13.227.186|1312"; classtype:trojan-activity; sid:36898351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 45.13.227.186 3912 (msg: "MISP e25810 [] Outgoing To IP: 45.13.227.186|3912"; classtype:trojan-activity; sid:36989131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 45.13.227.186 1312 (msg: "MISP e25810 [] Outgoing To IP: 45.13.227.186|1312"; classtype:trojan-activity; sid:36989141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain statisticsong.com"; dns.query; content:"statisticsong.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])statisticsong\.com$/i"; classtype:trojan-activity; sid:36989151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain statisticsong.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"statisticsong.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])statisticsong\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain api.statisticsong.com"; dns.query; content:"api.statisticsong.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.statisticsong\.com$/i"; classtype:trojan-activity; sid:36989161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain api.statisticsong.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"api.statisticsong.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.statisticsong\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain panal.statisticsong.com"; dns.query; content:"panal.statisticsong.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])panal\.statisticsong\.com$/i"; classtype:trojan-activity; sid:36989171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain panal.statisticsong.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"panal.statisticsong.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])panal\.statisticsong\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain panel.statisticsong.com"; dns.query; content:"panel.statisticsong.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.statisticsong\.com$/i"; classtype:trojan-activity; sid:36989181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain panel.statisticsong.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"panel.statisticsong.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.statisticsong\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25645 [] Domain web.soportecancelacion.info"; dns.query; content:"web.soportecancelacion.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])web\.soportecancelacion\.info$/i"; classtype:trojan-activity; sid:36897661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25645;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25645 [] Outgoing HTTP Domain web.soportecancelacion.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"web.soportecancelacion.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])web\.soportecancelacion\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36897662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25645;) alert dns any any -> any any (msg: "MISP e25649 [balada,wordpress inject] Domain api.statisticsong.com"; dns.query; content:"api.statisticsong.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.statisticsong\.com$/i"; classtype:trojan-activity; sid:36898311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [balada,wordpress inject] Outgoing HTTP Domain api.statisticsong.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"api.statisticsong.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.statisticsong\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36898312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [balada,wordpress inject] Domain panal.statisticsong.com"; dns.query; content:"panal.statisticsong.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])panal\.statisticsong\.com$/i"; classtype:trojan-activity; sid:36898321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [balada,wordpress inject] Outgoing HTTP Domain panal.statisticsong.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"panal.statisticsong.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])panal\.statisticsong\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36898322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [balada,wordpress inject] Domain panel.statisticsong.com"; dns.query; content:"panel.statisticsong.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.statisticsong\.com$/i"; classtype:trojan-activity; sid:36898331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [balada,wordpress inject] Outgoing HTTP Domain panel.statisticsong.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"panel.statisticsong.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.statisticsong\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36898332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 191.101.209.29 20427 (msg: "MISP e25649 [NanoCore,RAT] Outgoing To IP: 191.101.209.29|20427"; classtype:trojan-activity; sid:36898291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [balada,wordpress inject] Domain statisticsong.com"; dns.query; content:"statisticsong.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])statisticsong\.com$/i"; classtype:trojan-activity; sid:36898301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [balada,wordpress inject] Outgoing HTTP Domain statisticsong.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"statisticsong.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])statisticsong\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36898302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25646 [] Domain mi-tarjetacencosud-cl.chayeparastoo.ir"; dns.query; content:"mi-tarjetacencosud-cl.chayeparastoo.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.chayeparastoo\.ir$/i"; classtype:trojan-activity; sid:36897751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25646;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25646 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.chayeparastoo.ir"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.chayeparastoo.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.chayeparastoo\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36897752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25646;) alert ip $HOME_NET any -> 85.239.34.70 9110 (msg: "MISP e25649 [Mirai] Outgoing To IP: 85.239.34.70|9110"; classtype:trojan-activity; sid:36898361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [Mirai] Domain z.botnet.rocks"; dns.query; content:"z.botnet.rocks"; nocase; pcre: "/(^|[^A-Za-z0-9-])z\.botnet\.rocks$/i"; classtype:trojan-activity; sid:36898371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [Mirai] Outgoing HTTP Domain z.botnet.rocks"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"z.botnet.rocks"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])z\.botnet\.rocks[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36898372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 85.239.34.70 9110 (msg: "MISP e25810 [] Outgoing To IP: 85.239.34.70|9110"; classtype:trojan-activity; sid:36989191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain z.botnet.rocks"; dns.query; content:"z.botnet.rocks"; nocase; pcre: "/(^|[^A-Za-z0-9-])z\.botnet\.rocks$/i"; classtype:trojan-activity; sid:36989201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain z.botnet.rocks"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"z.botnet.rocks"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])z\.botnet\.rocks[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25649 [dcrat] Outgoing URL http|3a|//f0913347.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"f0913347.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//f0913347.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"f0913347.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 139.155.90.81 $HTTP_PORTS (msg: "MISP e25649 [CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//139.155.90.81/pixel.gif"; flow:to_server,established; http.header; content:"139.155.90.81"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 139.155.90.81 $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//139.155.90.81/pixel.gif"; flow:to_server,established; http.header; content:"139.155.90.81"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25649 [CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited] Domain www.micros0fti.com"; dns.query; content:"www.micros0fti.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.micros0fti\.com$/i"; classtype:trojan-activity; sid:36898451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain www.micros0fti.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.micros0fti.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.micros0fti\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36898452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25649 [CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//service-bzbl2uq7-1312255927.bj.apigw.tencentcs.com/cx"; flow:to_server,established; http.header; content:"service-bzbl2uq7-1312255927.bj.apigw.tencentcs.com"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//service-bzbl2uq7-1312255927.bj.apigw.tencentcs.com/cx"; flow:to_server,established; http.header; content:"service-bzbl2uq7-1312255927.bj.apigw.tencentcs.com"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain www.micros0fti.com"; dns.query; content:"www.micros0fti.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.micros0fti\.com$/i"; classtype:trojan-activity; sid:36989291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain www.micros0fti.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.micros0fti.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.micros0fti\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 124.221.151.149 8083 (msg: "MISP e25649 [CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//124.221.151.149|3a|8083/visit.js"; flow:to_server,established; http.header; content:"124.221.151.149"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 182.254.140.58 9999 (msg: "MISP e25649 [CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//182.254.140.58|3a|9999/push"; flow:to_server,established; http.header; content:"182.254.140.58"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 60.204.208.32 $HTTP_PORTS (msg: "MISP e25649 [CobaltStrike,cs-watermark-391144938,Huawei Cloud Service data center] Outgoing URL http|3a|//60.204.208.32/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"60.204.208.32"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 139.155.135.131 $HTTP_PORTS (msg: "MISP e25649 [CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//139.155.135.131/ga.js"; flow:to_server,established; http.header; content:"139.155.135.131"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 120.24.70.197 8081 (msg: "MISP e25649 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//120.24.70.197|3a|8081/dot.gif"; flow:to_server,established; http.header; content:"120.24.70.197"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 45.195.76.82 9966 (msg: "MISP e25649 [CobaltStrike,cs-watermark-100000,Evoxt Enterprise] Outgoing URL http|3a|//45.195.76.82|3a|9966/__utm.gif"; flow:to_server,established; http.header; content:"45.195.76.82"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 47.115.230.159 5000 (msg: "MISP e25649 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.115.230.159|3a|5000/pixel.gif"; flow:to_server,established; http.header; content:"47.115.230.159"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 185.91.127.221 8089 (msg: "MISP e25649 [CobaltStrike,cs-watermark-987654321,FERDINANDZINK] Outgoing URL http|3a|//185.91.127.221|3a|8089/dot.gif"; flow:to_server,established; http.header; content:"185.91.127.221"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 42.193.248.127 $HTTP_PORTS (msg: "MISP e25649 [CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//42.193.248.127/dpixel"; flow:to_server,established; http.header; content:"42.193.248.127"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 120.24.70.197 8888 (msg: "MISP e25649 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//120.24.70.197|3a|8888/cm"; flow:to_server,established; http.header; content:"120.24.70.197"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e25649 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//122.51.220.170/dot.gif"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 149.104.27.40 $HTTP_PORTS (msg: "MISP e25649 [CobaltStrike,cs-watermark-987654321,LUCIDACLOUD LIMITED] Outgoing URL http|3a|//149.104.27.40/__utm.gif"; flow:to_server,established; http.header; content:"149.104.27.40"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 149.104.27.40 $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//149.104.27.40/__utm.gif"; flow:to_server,established; http.header; content:"149.104.27.40"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//122.51.220.170/dot.gif"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 120.24.70.197 8888 (msg: "MISP e25810 [] Outgoing URL http|3a|//120.24.70.197|3a|8888/cm"; flow:to_server,established; http.header; content:"120.24.70.197"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 42.193.248.127 $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//42.193.248.127/dpixel"; flow:to_server,established; http.header; content:"42.193.248.127"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 185.91.127.221 8089 (msg: "MISP e25810 [] Outgoing URL http|3a|//185.91.127.221|3a|8089/dot.gif"; flow:to_server,established; http.header; content:"185.91.127.221"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 47.115.230.159 5000 (msg: "MISP e25810 [] Outgoing URL http|3a|//47.115.230.159|3a|5000/pixel.gif"; flow:to_server,established; http.header; content:"47.115.230.159"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 45.195.76.82 9966 (msg: "MISP e25810 [] Outgoing URL http|3a|//45.195.76.82|3a|9966/__utm.gif"; flow:to_server,established; http.header; content:"45.195.76.82"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 120.24.70.197 8081 (msg: "MISP e25810 [] Outgoing URL http|3a|//120.24.70.197|3a|8081/dot.gif"; flow:to_server,established; http.header; content:"120.24.70.197"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 139.155.135.131 $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//139.155.135.131/ga.js"; flow:to_server,established; http.header; content:"139.155.135.131"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 60.204.208.32 $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//60.204.208.32/IE9CompatViewList.xml"; flow:to_server,established; http.header; content:"60.204.208.32"; fast_pattern; nocase; http.uri; content:"/IE9CompatViewList.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 182.254.140.58 9999 (msg: "MISP e25810 [] Outgoing URL http|3a|//182.254.140.58|3a|9999/push"; flow:to_server,established; http.header; content:"182.254.140.58"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 124.221.151.149 8083 (msg: "MISP e25810 [] Outgoing URL http|3a|//124.221.151.149|3a|8083/visit.js"; flow:to_server,established; http.header; content:"124.221.151.149"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 209.38.216.156 2087 (msg: "MISP e25649 [] Outgoing To IP: 209.38.216.156|2087"; classtype:trojan-activity; sid:36898621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 209.38.216.156 2087 (msg: "MISP e25810 [] Outgoing To IP: 209.38.216.156|2087"; classtype:trojan-activity; sid:36989451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 54.94.248.37 12136 (msg: "MISP e25810 [] Outgoing To IP: 54.94.248.37|12136"; classtype:trojan-activity; sid:36989461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain 0.tcp.sa.ngrok.io"; dns.query; content:"0.tcp.sa.ngrok.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])0\.tcp\.sa\.ngrok\.io$/i"; classtype:trojan-activity; sid:36989471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain 0.tcp.sa.ngrok.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"0.tcp.sa.ngrok.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])0\.tcp\.sa\.ngrok\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname are.xvx.mybluehost.me"; dns.query; content:"are.xvx.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])are\.xvx\.mybluehost\.me$/i"; classtype:trojan-activity; sid:36915561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname are.xvx.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| are.xvx.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])are\.xvx\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname eservice-cembra.s-host.net"; dns.query; content:"eservice-cembra.s-host.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eservice\-cembra\.s\-host\.net$/i"; classtype:trojan-activity; sid:36915591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname eservice-cembra.s-host.net"; flow:to_server,established; http.header; content: "Host|3a| eservice-cembra.s-host.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eservice\-cembra\.s\-host\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname santantonimurle.it"; dns.query; content:"santantonimurle.it"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])santantonimurle\.it$/i"; classtype:trojan-activity; sid:36915621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname santantonimurle.it"; flow:to_server,established; http.header; content: "Host|3a| santantonimurle.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])santantonimurle\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//www.santantonimurle.it/wp-admin/includes/ch/CHFINAL/e8491/"; flow:to_server,established; http.header; content:"www.santantonimurle.it"; fast_pattern; nocase; http.uri; content:"/wp-admin/includes/ch/CHFINAL/e8491/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname xqg.cra.mybluehost.me"; dns.query; content:"xqg.cra.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xqg\.cra\.mybluehost\.me$/i"; classtype:trojan-activity; sid:36915651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname xqg.cra.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| xqg.cra.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xqg\.cra\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//xqg.cra.mybluehost.me/final.html"; flow:to_server,established; http.header; content:"xqg.cra.mybluehost.me"; fast_pattern; nocase; http.uri; content:"/final.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cognitoforms.com"; dns.query; content:"cognitoforms.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cognitoforms\.com$/i"; classtype:trojan-activity; sid:36915681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cognitoforms.com"; flow:to_server,established; http.header; content: "Host|3a| cognitoforms.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cognitoforms\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//www.cognitoforms.com/Empowerment7/SignIn?entry={|22|Email|22||3a||22|newtonmotcentre@btconnect.com|22|}"; flow:to_server,established; http.header; content:"www.cognitoforms.com"; fast_pattern; nocase; http.uri; content:"/Empowerment7/SignIn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname ifoundstudio.com"; dns.query; content:"ifoundstudio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ifoundstudio\.com$/i"; classtype:trojan-activity; sid:36915711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname ifoundstudio.com"; flow:to_server,established; http.header; content: "Host|3a| ifoundstudio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ifoundstudio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname vtdesarrollo.com"; dns.query; content:"vtdesarrollo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vtdesarrollo\.com$/i"; classtype:trojan-activity; sid:36915741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname vtdesarrollo.com"; flow:to_server,established; http.header; content: "Host|3a| vtdesarrollo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vtdesarrollo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname web.castafina.com.co"; dns.query; content:"web.castafina.com.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.castafina\.com\.co$/i"; classtype:trojan-activity; sid:36915771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname web.castafina.com.co"; flow:to_server,established; http.header; content: "Host|3a| web.castafina.com.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.castafina\.com\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//web.castafina.com.co/.well-known/acme-challenge/h/multi"; flow:to_server,established; http.header; content:"web.castafina.com.co"; fast_pattern; nocase; http.uri; content:"/.well-known/acme-challenge/h/multi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname wbb.weeba.cyou"; dns.query; content:"wbb.weeba.cyou"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wbb\.weeba\.cyou$/i"; classtype:trojan-activity; sid:36915801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname wbb.weeba.cyou"; flow:to_server,established; http.header; content: "Host|3a| wbb.weeba.cyou"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wbb\.weeba\.cyou[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//wbb.weeba.cyou"; flow:to_server,established; http.header; content:"wbb.weeba.cyou"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname us-coin-base.weebly.com"; dns.query; content:"us-coin-base.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])us\-coin\-base\.weebly\.com$/i"; classtype:trojan-activity; sid:36915831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname us-coin-base.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| us-coin-base.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])us\-coin\-base\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//us-coin-base.weebly.com"; flow:to_server,established; http.header; content:"us-coin-base.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname upholdied-logs.weebly.com"; dns.query; content:"upholdied-logs.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upholdied\-logs\.weebly\.com$/i"; classtype:trojan-activity; sid:36915861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname upholdied-logs.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| upholdied-logs.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upholdied\-logs\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//upholdied-logs.weebly.com"; flow:to_server,established; http.header; content:"upholdied-logs.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname trezordwwallet.godaddysites.com"; dns.query; content:"trezordwwallet.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trezordwwallet\.godaddysites\.com$/i"; classtype:trojan-activity; sid:36915891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname trezordwwallet.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| trezordwwallet.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trezordwwallet\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//trezordwwallet.godaddysites.com"; flow:to_server,established; http.header; content:"trezordwwallet.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname y248.net"; dns.query; content:"y248.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])y248\.net$/i"; classtype:trojan-activity; sid:36915921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname y248.net"; flow:to_server,established; http.header; content: "Host|3a| y248.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])y248\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usps.mytrackingen.top"; dns.query; content:"usps.mytrackingen.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingen\.top$/i"; classtype:trojan-activity; sid:36915951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usps.mytrackingen.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingen.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingen\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname ukl.pages.dev"; dns.query; content:"ukl.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ukl\.pages\.dev$/i"; classtype:trojan-activity; sid:36915981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname ukl.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ukl.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ukl\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36915982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname texcote.com-xjaaewgpcx4kp14dczhr.xjaaewgpcx4kp14dczhr.manxttrider.com"; dns.query; content:"texcote.com-xjaaewgpcx4kp14dczhr.xjaaewgpcx4kp14dczhr.manxttrider.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])texcote\.com\-xjaaewgpcx4kp14dczhr\.xjaaewgpcx4kp14dczhr\.manxttrider\.com$/i"; classtype:trojan-activity; sid:36916011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname texcote.com-xjaaewgpcx4kp14dczhr.xjaaewgpcx4kp14dczhr.manxttrider.com"; flow:to_server,established; http.header; content: "Host|3a| texcote.com-xjaaewgpcx4kp14dczhr.xjaaewgpcx4kp14dczhr.manxttrider.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])texcote\.com\-xjaaewgpcx4kp14dczhr\.xjaaewgpcx4kp14dczhr\.manxttrider\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname th797a7f9asfasfasfasfas88787as8f7a8sf7afa.pages.dev"; dns.query; content:"th797a7f9asfasfasfasfas88787as8f7a8sf7afa.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])th797a7f9asfasfasfasfas88787as8f7a8sf7afa\.pages\.dev$/i"; classtype:trojan-activity; sid:36916041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname th797a7f9asfasfasfasfas88787as8f7a8sf7afa.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| th797a7f9asfasfasfasfas88787as8f7a8sf7afa.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])th797a7f9asfasfasfasfas88787as8f7a8sf7afa\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname stupendous-bombolone-14bbea.netlify.app"; dns.query; content:"stupendous-bombolone-14bbea.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stupendous\-bombolone\-14bbea\.netlify\.app$/i"; classtype:trojan-activity; sid:36916071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname stupendous-bombolone-14bbea.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| stupendous-bombolone-14bbea.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stupendous\-bombolone\-14bbea\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname splendid-hamster-0868bdszcdv.netlify.app"; dns.query; content:"splendid-hamster-0868bdszcdv.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])splendid\-hamster\-0868bdszcdv\.netlify\.app$/i"; classtype:trojan-activity; sid:36916101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname splendid-hamster-0868bdszcdv.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| splendid-hamster-0868bdszcdv.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])splendid\-hamster\-0868bdszcdv\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname shovik-2004.github.io"; dns.query; content:"shovik-2004.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shovik\-2004\.github\.io$/i"; classtype:trojan-activity; sid:36916131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname shovik-2004.github.io"; flow:to_server,established; http.header; content: "Host|3a| shovik-2004.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shovik\-2004\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname sergiodevops.com"; dns.query; content:"sergiodevops.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sergiodevops\.com$/i"; classtype:trojan-activity; sid:36916161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname sergiodevops.com"; flow:to_server,established; http.header; content: "Host|3a| sergiodevops.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sergiodevops\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname omaimaalokap-web.github.io"; dns.query; content:"omaimaalokap-web.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omaimaalokap\-web\.github\.io$/i"; classtype:trojan-activity; sid:36916191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname omaimaalokap-web.github.io"; flow:to_server,established; http.header; content: "Host|3a| omaimaalokap-web.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omaimaalokap\-web\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname ksn.pages.dev"; dns.query; content:"ksn.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksn\.pages\.dev$/i"; classtype:trojan-activity; sid:36916221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname ksn.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ksn.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksn\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname ksn.pages.dev"; dns.query; content:"ksn.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksn\.pages\.dev$/i"; classtype:trojan-activity; sid:36916251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname ksn.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ksn.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksn\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname pub-8d84562919e54131a7c066684c45ffb8.r2.dev"; dns.query; content:"pub-8d84562919e54131a7c066684c45ffb8.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8d84562919e54131a7c066684c45ffb8\.r2\.dev$/i"; classtype:trojan-activity; sid:36916281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname pub-8d84562919e54131a7c066684c45ffb8.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-8d84562919e54131a7c066684c45ffb8.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8d84562919e54131a7c066684c45ffb8\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname shivamnaithani.github.io"; dns.query; content:"shivamnaithani.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shivamnaithani\.github\.io$/i"; classtype:trojan-activity; sid:36916311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname shivamnaithani.github.io"; flow:to_server,established; http.header; content: "Host|3a| shivamnaithani.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shivamnaithani\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//shivamnaithani.github.io/task3-netflix-homepage"; flow:to_server,established; http.header; content:"shivamnaithani.github.io"; fast_pattern; nocase; http.uri; content:"/task3-netflix-homepage"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname shashank974196.github.io"; dns.query; content:"shashank974196.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shashank974196\.github\.io$/i"; classtype:trojan-activity; sid:36916341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname shashank974196.github.io"; flow:to_server,established; http.header; content: "Host|3a| shashank974196.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shashank974196\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//shashank974196.github.io/Netflix1"; flow:to_server,established; http.header; content:"shashank974196.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname sharanperla.github.io"; dns.query; content:"sharanperla.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharanperla\.github\.io$/i"; classtype:trojan-activity; sid:36916371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname sharanperla.github.io"; flow:to_server,established; http.header; content: "Host|3a| sharanperla.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharanperla\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//sharanperla.github.io/Netflixclone"; flow:to_server,established; http.header; content:"sharanperla.github.io"; fast_pattern; nocase; http.uri; content:"/Netflixclone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname gnm.pages.dev"; dns.query; content:"gnm.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gnm\.pages\.dev$/i"; classtype:trojan-activity; sid:36916401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname gnm.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gnm.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gnm\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname gnm.pages.dev"; dns.query; content:"gnm.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gnm\.pages\.dev$/i"; classtype:trojan-activity; sid:36916431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname gnm.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gnm.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gnm\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname fleek.ipfs.io"; dns.query; content:"fleek.ipfs.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fleek\.ipfs\.io$/i"; classtype:trojan-activity; sid:36916461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname fleek.ipfs.io"; flow:to_server,established; http.header; content: "Host|3a| fleek.ipfs.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fleek\.ipfs\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname disposal-account-confinement.netlify.app"; dns.query; content:"disposal-account-confinement.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])disposal\-account\-confinement\.netlify\.app$/i"; classtype:trojan-activity; sid:36916491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname disposal-account-confinement.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| disposal-account-confinement.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])disposal\-account\-confinement\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname dhdyhf-gtrf-e52349.ingress-daribow.ewp.live"; dns.query; content:"dhdyhf-gtrf-e52349.ingress-daribow.ewp.live"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhdyhf\-gtrf\-e52349\.ingress\-daribow\.ewp\.live$/i"; classtype:trojan-activity; sid:36916521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname dhdyhf-gtrf-e52349.ingress-daribow.ewp.live"; flow:to_server,established; http.header; content: "Host|3a| dhdyhf-gtrf-e52349.ingress-daribow.ewp.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhdyhf\-gtrf\-e52349\.ingress\-daribow\.ewp\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname corsicanahomevalue.com"; dns.query; content:"corsicanahomevalue.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])corsicanahomevalue\.com$/i"; classtype:trojan-activity; sid:36916551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname corsicanahomevalue.com"; flow:to_server,established; http.header; content: "Host|3a| corsicanahomevalue.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])corsicanahomevalue\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname bb04321.com"; dns.query; content:"bb04321.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bb04321\.com$/i"; classtype:trojan-activity; sid:36916581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname bb04321.com"; flow:to_server,established; http.header; content: "Host|3a| bb04321.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bb04321\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname apgworld.com"; dns.query; content:"apgworld.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apgworld\.com$/i"; classtype:trojan-activity; sid:36916611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname apgworld.com"; flow:to_server,established; http.header; content: "Host|3a| apgworld.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apgworld\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 3656aa.com"; dns.query; content:"3656aa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656aa\.com$/i"; classtype:trojan-activity; sid:36916641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 3656aa.com"; flow:to_server,established; http.header; content: "Host|3a| 3656aa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656aa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname roobinhodlogin.weebly.com"; dns.query; content:"roobinhodlogin.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])roobinhodlogin\.weebly\.com$/i"; classtype:trojan-activity; sid:36916671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname roobinhodlogin.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| roobinhodlogin.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])roobinhodlogin\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//roobinhodlogin.weebly.com"; flow:to_server,established; http.header; content:"roobinhodlogin.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname robinvhoodlogin.weebly.com"; dns.query; content:"robinvhoodlogin.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])robinvhoodlogin\.weebly\.com$/i"; classtype:trojan-activity; sid:36916701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname robinvhoodlogin.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| robinvhoodlogin.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])robinvhoodlogin\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//robinvhoodlogin.weebly.com"; flow:to_server,established; http.header; content:"robinvhoodlogin.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname pritanjan.github.io"; dns.query; content:"pritanjan.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pritanjan\.github\.io$/i"; classtype:trojan-activity; sid:36916731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname pritanjan.github.io"; flow:to_server,established; http.header; content: "Host|3a| pritanjan.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pritanjan\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//pritanjan.github.io/Homepage-of-Netflix"; flow:to_server,established; http.header; content:"pritanjan.github.io"; fast_pattern; nocase; http.uri; content:"/Homepage-of-Netflix"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname pritibarot.github.io"; dns.query; content:"pritibarot.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pritibarot\.github\.io$/i"; classtype:trojan-activity; sid:36916761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname pritibarot.github.io"; flow:to_server,established; http.header; content: "Host|3a| pritibarot.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pritibarot\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//pritibarot.github.io/netflix_homepage"; flow:to_server,established; http.header; content:"pritibarot.github.io"; fast_pattern; nocase; http.uri; content:"/netflix_homepage"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname pnsahu94.github.io"; dns.query; content:"pnsahu94.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pnsahu94\.github\.io$/i"; classtype:trojan-activity; sid:36916791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname pnsahu94.github.io"; flow:to_server,established; http.header; content: "Host|3a| pnsahu94.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pnsahu94\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//pnsahu94.github.io/Netflix-Landing-Page-CSS-VanillaJS-Clone"; flow:to_server,established; http.header; content:"pnsahu94.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-Landing-Page-CSS-VanillaJS-Clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname p64ecd8sp3.blocktoken.download"; dns.query; content:"p64ecd8sp3.blocktoken.download"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])p64ecd8sp3\.blocktoken\.download$/i"; classtype:trojan-activity; sid:36916821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname p64ecd8sp3.blocktoken.download"; flow:to_server,established; http.header; content: "Host|3a| p64ecd8sp3.blocktoken.download"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])p64ecd8sp3\.blocktoken\.download[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//p64ecd8sp3.blocktoken.download/down/ylqaET"; flow:to_server,established; http.header; content:"p64ecd8sp3.blocktoken.download"; fast_pattern; nocase; http.uri; content:"/down/ylqaET"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname noureennaaz.github.io"; dns.query; content:"noureennaaz.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])noureennaaz\.github\.io$/i"; classtype:trojan-activity; sid:36916851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname noureennaaz.github.io"; flow:to_server,established; http.header; content: "Host|3a| noureennaaz.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])noureennaaz\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//noureennaaz.github.io/NetflixClone"; flow:to_server,established; http.header; content:"noureennaaz.github.io"; fast_pattern; nocase; http.uri; content:"/NetflixClone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname mextamaskextensionus.weebly.com"; dns.query; content:"mextamaskextensionus.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mextamaskextensionus\.weebly\.com$/i"; classtype:trojan-activity; sid:36916881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname mextamaskextensionus.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| mextamaskextensionus.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mextamaskextensionus\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//mextamaskextensionus.weebly.com"; flow:to_server,established; http.header; content:"mextamaskextensionus.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname metvnask-wallet.weebly.com"; dns.query; content:"metvnask-wallet.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metvnask\-wallet\.weebly\.com$/i"; classtype:trojan-activity; sid:36916911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname metvnask-wallet.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| metvnask-wallet.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metvnask\-wallet\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//metvnask-wallet.weebly.com"; flow:to_server,established; http.header; content:"metvnask-wallet.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname metumskextension.weebly.com"; dns.query; content:"metumskextension.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metumskextension\.weebly\.com$/i"; classtype:trojan-activity; sid:36916941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname metumskextension.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| metumskextension.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metumskextension\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//metumskextension.weebly.com"; flow:to_server,established; http.header; content:"metumskextension.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname metmisak-wallot.weebly.com"; dns.query; content:"metmisak-wallot.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metmisak\-wallot\.weebly\.com$/i"; classtype:trojan-activity; sid:36916971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname metmisak-wallot.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| metmisak-wallot.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metmisak\-wallot\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36916972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//metmisak-wallot.weebly.com"; flow:to_server,established; http.header; content:"metmisak-wallot.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36916981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname metemasklogn.weebly.com"; dns.query; content:"metemasklogn.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metemasklogn\.weebly\.com$/i"; classtype:trojan-activity; sid:36917001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname metemasklogn.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| metemasklogn.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metemasklogn\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//metemasklogn.weebly.com"; flow:to_server,established; http.header; content:"metemasklogn.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname metamsak-us-wallet.weebly.com"; dns.query; content:"metamsak-us-wallet.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamsak\-us\-wallet\.weebly\.com$/i"; classtype:trojan-activity; sid:36917031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname metamsak-us-wallet.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| metamsak-us-wallet.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamsak\-us\-wallet\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//metamsak-us-wallet.weebly.com"; flow:to_server,established; http.header; content:"metamsak-us-wallet.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname metamask-walllt.weebly.com"; dns.query; content:"metamask-walllt.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamask\-walllt\.weebly\.com$/i"; classtype:trojan-activity; sid:36917061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname metamask-walllt.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| metamask-walllt.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamask\-walllt\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//metamask-walllt.weebly.com"; flow:to_server,established; http.header; content:"metamask-walllt.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname me1amaskwellet.weebly.com"; dns.query; content:"me1amaskwellet.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])me1amaskwellet\.weebly\.com$/i"; classtype:trojan-activity; sid:36917091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname me1amaskwellet.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| me1amaskwellet.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])me1amaskwellet\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//me1amaskwellet.weebly.com"; flow:to_server,established; http.header; content:"me1amaskwellet.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname mallikaag.github.io"; dns.query; content:"mallikaag.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mallikaag\.github\.io$/i"; classtype:trojan-activity; sid:36917121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname mallikaag.github.io"; flow:to_server,established; http.header; content: "Host|3a| mallikaag.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mallikaag\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//mallikaag.github.io/NETFLIX"; flow:to_server,established; http.header; content:"mallikaag.github.io"; fast_pattern; nocase; http.uri; content:"/NETFLIX"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname ku820780.github.io"; dns.query; content:"ku820780.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ku820780\.github\.io$/i"; classtype:trojan-activity; sid:36917151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname ku820780.github.io"; flow:to_server,established; http.header; content: "Host|3a| ku820780.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ku820780\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//ku820780.github.io/Netflix-clone"; flow:to_server,established; http.header; content:"ku820780.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname imtoken-vq.net"; dns.query; content:"imtoken-vq.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-vq\.net$/i"; classtype:trojan-activity; sid:36917181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname imtoken-vq.net"; flow:to_server,established; http.header; content: "Host|3a| imtoken-vq.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-vq\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//imtoken-vq.net"; flow:to_server,established; http.header; content:"imtoken-vq.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname imto-ken.pro"; dns.query; content:"imto-ken.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imto\-ken\.pro$/i"; classtype:trojan-activity; sid:36917211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname imto-ken.pro"; flow:to_server,established; http.header; content: "Host|3a| imto-ken.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imto\-ken\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//imto-ken.pro"; flow:to_server,established; http.header; content:"imto-ken.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname imto-ken.biz"; dns.query; content:"imto-ken.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imto\-ken\.biz$/i"; classtype:trojan-activity; sid:36917241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname imto-ken.biz"; flow:to_server,established; http.header; content: "Host|3a| imto-ken.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imto\-ken\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//imto-ken.biz"; flow:to_server,established; http.header; content:"imto-ken.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname imtoken-ar.net"; dns.query; content:"imtoken-ar.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ar\.net$/i"; classtype:trojan-activity; sid:36917271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname imtoken-ar.net"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ar.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ar\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//imtoken-ar.net"; flow:to_server,established; http.header; content:"imtoken-ar.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname imtoken-ao.net"; dns.query; content:"imtoken-ao.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ao\.net$/i"; classtype:trojan-activity; sid:36917301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname imtoken-ao.net"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ao.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ao\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//imtoken-ao.net"; flow:to_server,established; http.header; content:"imtoken-ao.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname gemini-lgin.weebly.com"; dns.query; content:"gemini-lgin.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gemini\-lgin\.weebly\.com$/i"; classtype:trojan-activity; sid:36917331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname gemini-lgin.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| gemini-lgin.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gemini\-lgin\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//gemini-lgin.weebly.com"; flow:to_server,established; http.header; content:"gemini-lgin.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 55100bet.com"; dns.query; content:"55100bet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])55100bet\.com$/i"; classtype:trojan-activity; sid:36917361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 55100bet.com"; flow:to_server,established; http.header; content: "Host|3a| 55100bet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])55100bet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname bafybeigvb5noumhzymjn7oh2h35aczfw6wkhvjoya6bpmhebi6lcs62r3m.ipfs.cf-ipfs.com"; dns.query; content:"bafybeigvb5noumhzymjn7oh2h35aczfw6wkhvjoya6bpmhebi6lcs62r3m.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeigvb5noumhzymjn7oh2h35aczfw6wkhvjoya6bpmhebi6lcs62r3m\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:36917391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname bafybeigvb5noumhzymjn7oh2h35aczfw6wkhvjoya6bpmhebi6lcs62r3m.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeigvb5noumhzymjn7oh2h35aczfw6wkhvjoya6bpmhebi6lcs62r3m.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeigvb5noumhzymjn7oh2h35aczfw6wkhvjoya6bpmhebi6lcs62r3m\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//bafybeigvb5noumhzymjn7oh2h35aczfw6wkhvjoya6bpmhebi6lcs62r3m.ipfs.cf-ipfs.com/B%20M%20B%20A%20C%20K%20U%20P22.htm"; flow:to_server,established; http.header; content:"bafybeigvb5noumhzymjn7oh2h35aczfw6wkhvjoya6bpmhebi6lcs62r3m.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/B%20M%20B%20A%20C%20K%20U%20P22.htm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname eshwarnaidu2003.github.io"; dns.query; content:"eshwarnaidu2003.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eshwarnaidu2003\.github\.io$/i"; classtype:trojan-activity; sid:36917421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname eshwarnaidu2003.github.io"; flow:to_server,established; http.header; content: "Host|3a| eshwarnaidu2003.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eshwarnaidu2003\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//eshwarnaidu2003.github.io/NETFLIX-HOMEPAGE"; flow:to_server,established; http.header; content:"eshwarnaidu2003.github.io"; fast_pattern; nocase; http.uri; content:"/NETFLIX-HOMEPAGE"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname dedicatess.pages.dev"; dns.query; content:"dedicatess.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dedicatess\.pages\.dev$/i"; classtype:trojan-activity; sid:36917451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname dedicatess.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dedicatess.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dedicatess\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//dedicatess.pages.dev"; flow:to_server,established; http.header; content:"dedicatess.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname d551008.com"; dns.query; content:"d551008.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d551008\.com$/i"; classtype:trojan-activity; sid:36917481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname d551008.com"; flow:to_server,established; http.header; content: "Host|3a| d551008.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d551008\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//d551008.com"; flow:to_server,established; http.header; content:"d551008.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname darshitadhiya.github.io"; dns.query; content:"darshitadhiya.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])darshitadhiya\.github\.io$/i"; classtype:trojan-activity; sid:36917511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname darshitadhiya.github.io"; flow:to_server,established; http.header; content: "Host|3a| darshitadhiya.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])darshitadhiya\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//darshitadhiya.github.io/Netflix-Main-Page-"; flow:to_server,established; http.header; content:"darshitadhiya.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-Main-Page-"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname coinbasecomsignin.weebly.com"; dns.query; content:"coinbasecomsignin.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbasecomsignin\.weebly\.com$/i"; classtype:trojan-activity; sid:36917541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname coinbasecomsignin.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| coinbasecomsignin.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbasecomsignin\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//coinbasecomsignin.weebly.com"; flow:to_server,established; http.header; content:"coinbasecomsignin.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 5fgfgfgfgfrgr4g4g.blogspot.com"; dns.query; content:"5fgfgfgfgfrgr4g4g.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfrgr4g4g\.blogspot\.com$/i"; classtype:trojan-activity; sid:36917571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 5fgfgfgfgfrgr4g4g.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgfrgr4g4g.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfrgr4g4g\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmcgM8THjv1EyrJ5amA8r3LZMYvZiTsJ9wRL5zQvwGBrqQ/B%20M%20B%20A%20C%20K%20U%20P22.htm"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmcgM8THjv1EyrJ5amA8r3LZMYvZiTsJ9wRL5zQvwGBrqQ/B%20M%20B%20A%20C%20K%20U%20P22.htm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname bodycare-hack.com"; dns.query; content:"bodycare-hack.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bodycare\-hack\.com$/i"; classtype:trojan-activity; sid:36917631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname bodycare-hack.com"; flow:to_server,established; http.header; content: "Host|3a| bodycare-hack.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bodycare\-hack\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//bodycare-hack.com/newPost/com/sa/saudipostlocal/online/info"; flow:to_server,established; http.header; content:"bodycare-hack.com"; fast_pattern; nocase; http.uri; content:"/newPost/com/sa/saudipostlocal/online/info"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname bhawanibytes.github.io"; dns.query; content:"bhawanibytes.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bhawanibytes\.github\.io$/i"; classtype:trojan-activity; sid:36917661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname bhawanibytes.github.io"; flow:to_server,established; http.header; content: "Host|3a| bhawanibytes.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bhawanibytes\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//bhawanibytes.github.io/netflix-clone"; flow:to_server,established; http.header; content:"bhawanibytes.github.io"; fast_pattern; nocase; http.uri; content:"/netflix-clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 8541.pages.dev"; dns.query; content:"8541.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])8541\.pages\.dev$/i"; classtype:trojan-activity; sid:36917691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 8541.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 8541.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])8541\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//8541.pages.dev"; flow:to_server,established; http.header; content:"8541.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 5fgfgfgfgfrgr4g4g.blogspot.tw"; dns.query; content:"5fgfgfgfgfrgr4g4g.blogspot.tw"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfrgr4g4g\.blogspot\.tw$/i"; classtype:trojan-activity; sid:36917721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 5fgfgfgfgfrgr4g4g.blogspot.tw"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgfrgr4g4g.blogspot.tw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfrgr4g4g\.blogspot\.tw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//5fgfgfgfgfrgr4g4g.blogspot.tw"; flow:to_server,established; http.header; content:"5fgfgfgfgfrgr4g4g.blogspot.tw"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname ipfs.eth.aragon.network"; dns.query; content:"ipfs.eth.aragon.network"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ipfs\.eth\.aragon\.network$/i"; classtype:trojan-activity; sid:36917751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname ipfs.eth.aragon.network"; flow:to_server,established; http.header; content: "Host|3a| ipfs.eth.aragon.network"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ipfs\.eth\.aragon\.network[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname pub-ae3d7ca94e9a46de8b99e02f52720f08.r2.dev"; dns.query; content:"pub-ae3d7ca94e9a46de8b99e02f52720f08.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ae3d7ca94e9a46de8b99e02f52720f08\.r2\.dev$/i"; classtype:trojan-activity; sid:36917781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname pub-ae3d7ca94e9a46de8b99e02f52720f08.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-ae3d7ca94e9a46de8b99e02f52720f08.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ae3d7ca94e9a46de8b99e02f52720f08\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//pub-ae3d7ca94e9a46de8b99e02f52720f08.r2.dev/chriss.html"; flow:to_server,established; http.header; content:"pub-ae3d7ca94e9a46de8b99e02f52720f08.r2.dev"; fast_pattern; nocase; http.uri; content:"/chriss.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname m.tgjeo.com"; dns.query; content:"m.tgjeo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.tgjeo\.com$/i"; classtype:trojan-activity; sid:36917811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname m.tgjeo.com"; flow:to_server,established; http.header; content: "Host|3a| m.tgjeo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.tgjeo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 004agreementmail.weebly.com"; dns.query; content:"004agreementmail.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])004agreementmail\.weebly\.com$/i"; classtype:trojan-activity; sid:36917841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 004agreementmail.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| 004agreementmail.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])004agreementmail\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//004agreementmail.weebly.com"; flow:to_server,established; http.header; content:"004agreementmail.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36917871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname pub-19d008d548424eda96d28611aeb50600.r2.dev"; dns.query; content:"pub-19d008d548424eda96d28611aeb50600.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-19d008d548424eda96d28611aeb50600\.r2\.dev$/i"; classtype:trojan-activity; sid:36917901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname pub-19d008d548424eda96d28611aeb50600.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-19d008d548424eda96d28611aeb50600.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-19d008d548424eda96d28611aeb50600\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname worker-plain-mode-d97d.ptiburziojr.workers.dev"; dns.query; content:"worker-plain-mode-d97d.ptiburziojr.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-plain\-mode\-d97d\.ptiburziojr\.workers\.dev$/i"; classtype:trojan-activity; sid:36917931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname worker-plain-mode-d97d.ptiburziojr.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-plain-mode-d97d.ptiburziojr.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-plain\-mode\-d97d\.ptiburziojr\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//worker-plain-mode-d97d.ptiburziojr.workers.dev/"; flow:to_server,established; http.header; content:"worker-plain-mode-d97d.ptiburziojr.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36917941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname tgadminuser.webapt.pw"; dns.query; content:"tgadminuser.webapt.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webapt\.pw$/i"; classtype:trojan-activity; sid:36917961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname tgadminuser.webapt.pw"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.webapt.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webapt\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname tgadminuser.webapt.xyz"; dns.query; content:"tgadminuser.webapt.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webapt\.xyz$/i"; classtype:trojan-activity; sid:36917991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname tgadminuser.webapt.xyz"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.webapt.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webapt\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36917992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:36918021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname pepsi-koola.com"; dns.query; content:"pepsi-koola.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pepsi\-koola\.com$/i"; classtype:trojan-activity; sid:36918111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname pepsi-koola.com"; flow:to_server,established; http.header; content: "Host|3a| pepsi-koola.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pepsi\-koola\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 3656k4.com"; dns.query; content:"3656k4.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656k4\.com$/i"; classtype:trojan-activity; sid:36918141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 3656k4.com"; flow:to_server,established; http.header; content: "Host|3a| 3656k4.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656k4\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//www.3656k4.com/mobile-client/bet365_627/"; flow:to_server,established; http.header; content:"www.3656k4.com"; fast_pattern; nocase; http.uri; content:"/mobile-client/bet365_627/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname pub-7fe1f587d76e4372b8247f6c119086eb.r2.dev"; dns.query; content:"pub-7fe1f587d76e4372b8247f6c119086eb.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-7fe1f587d76e4372b8247f6c119086eb\.r2\.dev$/i"; classtype:trojan-activity; sid:36918171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname pub-7fe1f587d76e4372b8247f6c119086eb.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-7fe1f587d76e4372b8247f6c119086eb.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-7fe1f587d76e4372b8247f6c119086eb\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//pub-7fe1f587d76e4372b8247f6c119086eb.r2.dev/Alldomain-index.html"; flow:to_server,established; http.header; content:"pub-7fe1f587d76e4372b8247f6c119086eb.r2.dev"; fast_pattern; nocase; http.uri; content:"/Alldomain-index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:36918201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname extrafutlike.com"; dns.query; content:"extrafutlike.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])extrafutlike\.com$/i"; classtype:trojan-activity; sid:36918231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname extrafutlike.com"; flow:to_server,established; http.header; content: "Host|3a| extrafutlike.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])extrafutlike\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//extrafutlike.com/"; flow:to_server,established; http.header; content:"extrafutlike.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname zcxzcxzcx.d2jk5f4fer48s8.amplifyapp.com"; dns.query; content:"zcxzcxzcx.d2jk5f4fer48s8.amplifyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zcxzcxzcx\.d2jk5f4fer48s8\.amplifyapp\.com$/i"; classtype:trojan-activity; sid:36918261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname zcxzcxzcx.d2jk5f4fer48s8.amplifyapp.com"; flow:to_server,established; http.header; content: "Host|3a| zcxzcxzcx.d2jk5f4fer48s8.amplifyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zcxzcxzcx\.d2jk5f4fer48s8\.amplifyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//zcxzcxzcx.d2jk5f4fer48s8.amplifyapp.com/store.html"; flow:to_server,established; http.header; content:"zcxzcxzcx.d2jk5f4fer48s8.amplifyapp.com"; fast_pattern; nocase; http.uri; content:"/store.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname videosssssasasasasasas.blogspot.sn"; dns.query; content:"videosssssasasasasasas.blogspot.sn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])videosssssasasasasasas\.blogspot\.sn$/i"; classtype:trojan-activity; sid:36918291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname videosssssasasasasasas.blogspot.sn"; flow:to_server,established; http.header; content: "Host|3a| videosssssasasasasasas.blogspot.sn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])videosssssasasasasasas\.blogspot\.sn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//videosssssasasasasasas.blogspot.sn"; flow:to_server,established; http.header; content:"videosssssasasasasasas.blogspot.sn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname verifikasi.terbaruxx.my.id"; dns.query; content:"verifikasi.terbaruxx.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifikasi\.terbaruxx\.my\.id$/i"; classtype:trojan-activity; sid:36918321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname verifikasi.terbaruxx.my.id"; flow:to_server,established; http.header; content: "Host|3a| verifikasi.terbaruxx.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifikasi\.terbaruxx\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//verifikasi.terbaruxx.my.id"; flow:to_server,established; http.header; content:"verifikasi.terbaruxx.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.usspup.top"; dns.query; content:"uspe.usspup.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspup\.top$/i"; classtype:trojan-activity; sid:36918351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.usspup.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspup.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspup\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//uspe.usspup.top"; flow:to_server,established; http.header; content:"uspe.usspup.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.ussppy.top"; dns.query; content:"uspe.ussppy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppy\.top$/i"; classtype:trojan-activity; sid:36918381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.ussppy.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.ussppy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//uspe.ussppy.top"; flow:to_server,established; http.header; content:"uspe.ussppy.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.ussppt.top"; dns.query; content:"uspe.ussppt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppt\.top$/i"; classtype:trojan-activity; sid:36918411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.ussppt.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.ussppt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//uspe.ussppt.top"; flow:to_server,established; http.header; content:"uspe.ussppt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.usspoz.top"; dns.query; content:"uspe.usspoz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspoz\.top$/i"; classtype:trojan-activity; sid:36918441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.usspoz.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspoz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspoz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//uspe.usspoz.top"; flow:to_server,established; http.header; content:"uspe.usspoz.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname syre.pages.dev"; dns.query; content:"syre.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])syre\.pages\.dev$/i"; classtype:trojan-activity; sid:36918471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname syre.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| syre.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])syre\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//syre.pages.dev/https|3a|/tapestry.tapad.com/tapestry/1"; flow:to_server,established; http.header; content:"syre.pages.dev"; fast_pattern; nocase; http.uri; content:"/https:/tapestry.tapad.com/tapestry/1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname syre.pages.dev"; dns.query; content:"syre.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])syre\.pages\.dev$/i"; classtype:trojan-activity; sid:36918501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname syre.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| syre.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])syre\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//syre.pages.dev/https/tapestry.tapad.com/tapestry/1"; flow:to_server,established; http.header; content:"syre.pages.dev"; fast_pattern; nocase; http.uri; content:"/https/tapestry.tapad.com/tapestry/1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36918511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname yahoo-secureactivation.weebly.com"; dns.query; content:"yahoo-secureactivation.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yahoo\-secureactivation\.weebly\.com$/i"; classtype:trojan-activity; sid:36918531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname yahoo-secureactivation.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| yahoo-secureactivation.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yahoo\-secureactivation\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname myanmargp.eu.org"; dns.query; content:"myanmargp.eu.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myanmargp\.eu\.org$/i"; classtype:trojan-activity; sid:36918561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname myanmargp.eu.org"; flow:to_server,established; http.header; content: "Host|3a| myanmargp.eu.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myanmargp\.eu\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname webmail-104272.weeblysite.com"; dns.query; content:"webmail-104272.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\-104272\.weeblysite\.com$/i"; classtype:trojan-activity; sid:36918591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname webmail-104272.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| webmail-104272.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\-104272\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname videosssssasasasasasas.blogspot.com"; dns.query; content:"videosssssasasasasasas.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])videosssssasasasasasas\.blogspot\.com$/i"; classtype:trojan-activity; sid:36918621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname videosssssasasasasasas.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| videosssssasasasasasas.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])videosssssasasasasasas\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzw.top"; dns.query; content:"usp.usspzw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzw\.top$/i"; classtype:trojan-activity; sid:36918651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzt.top"; dns.query; content:"usp.usspzt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzt\.top$/i"; classtype:trojan-activity; sid:36918681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzt.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzs.top"; dns.query; content:"usp.usspzs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzs\.top$/i"; classtype:trojan-activity; sid:36918711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzs.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzr.top"; dns.query; content:"usp.usspzr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzr\.top$/i"; classtype:trojan-activity; sid:36918741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzp.top"; dns.query; content:"usp.usspzp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzp\.top$/i"; classtype:trojan-activity; sid:36918771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzq.top"; dns.query; content:"usp.usspzq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzq\.top$/i"; classtype:trojan-activity; sid:36918801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzn.top"; dns.query; content:"usp.usspzn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzn\.top$/i"; classtype:trojan-activity; sid:36918831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzo.top"; dns.query; content:"usp.usspzo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzo\.top$/i"; classtype:trojan-activity; sid:36918861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzo.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzm.top"; dns.query; content:"usp.usspzm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzm\.top$/i"; classtype:trojan-activity; sid:36918891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzl.top"; dns.query; content:"usp.usspzl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzl\.top$/i"; classtype:trojan-activity; sid:36918921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzl.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzk.top"; dns.query; content:"usp.usspzk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzk\.top$/i"; classtype:trojan-activity; sid:36918951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzi.top"; dns.query; content:"usp.usspzi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzi\.top$/i"; classtype:trojan-activity; sid:36918981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzi.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36918982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzh.top"; dns.query; content:"usp.usspzh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzh\.top$/i"; classtype:trojan-activity; sid:36919011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzh.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzj.top"; dns.query; content:"usp.usspzj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzj\.top$/i"; classtype:trojan-activity; sid:36919041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzg.top"; dns.query; content:"usp.usspzg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzg\.top$/i"; classtype:trojan-activity; sid:36919071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzg.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspze.top"; dns.query; content:"usp.usspze.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspze\.top$/i"; classtype:trojan-activity; sid:36919101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspze.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspze.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspze\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyv.top"; dns.query; content:"usp.usspyv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyv\.top$/i"; classtype:trojan-activity; sid:36919131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzd.top"; dns.query; content:"usp.usspzd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzd\.top$/i"; classtype:trojan-activity; sid:36919161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspzc.top"; dns.query; content:"usp.usspzc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzc\.top$/i"; classtype:trojan-activity; sid:36919191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspzc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyu.top"; dns.query; content:"usp.usspyu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyu\.top$/i"; classtype:trojan-activity; sid:36919221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyu.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyr.top"; dns.query; content:"usp.usspyr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyr\.top$/i"; classtype:trojan-activity; sid:36919251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyt.top"; dns.query; content:"usp.usspyt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyt\.top$/i"; classtype:trojan-activity; sid:36919281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyt.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyq.top"; dns.query; content:"usp.usspyq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyq\.top$/i"; classtype:trojan-activity; sid:36919311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyp.top"; dns.query; content:"usp.usspyp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyp\.top$/i"; classtype:trojan-activity; sid:36919341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyo.top"; dns.query; content:"usp.usspyo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyo\.top$/i"; classtype:trojan-activity; sid:36919371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyo.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspym.top"; dns.query; content:"usp.usspym.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspym\.top$/i"; classtype:trojan-activity; sid:36919401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspym.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspym.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspym\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyl.top"; dns.query; content:"usp.usspyl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyl\.top$/i"; classtype:trojan-activity; sid:36919431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyl.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyk.top"; dns.query; content:"usp.usspyk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyk\.top$/i"; classtype:trojan-activity; sid:36919461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyj.top"; dns.query; content:"usp.usspyj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyj\.top$/i"; classtype:trojan-activity; sid:36919491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyi.top"; dns.query; content:"usp.usspyi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyi\.top$/i"; classtype:trojan-activity; sid:36919521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyi.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyg.top"; dns.query; content:"usp.usspyg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyg\.top$/i"; classtype:trojan-activity; sid:36919551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyg.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspye.top"; dns.query; content:"usp.usspye.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspye\.top$/i"; classtype:trojan-activity; sid:36919581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspye.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspye.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspye\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyd.top"; dns.query; content:"usp.usspyd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyd\.top$/i"; classtype:trojan-activity; sid:36919611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspyc.top"; dns.query; content:"usp.usspyc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyc\.top$/i"; classtype:trojan-activity; sid:36919641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspyc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwz.top"; dns.query; content:"usp.usspwz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwz\.top$/i"; classtype:trojan-activity; sid:36919671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwy.top"; dns.query; content:"usp.usspwy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwy\.top$/i"; classtype:trojan-activity; sid:36919701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwy.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwv.top"; dns.query; content:"usp.usspwv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwv\.top$/i"; classtype:trojan-activity; sid:36919731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwu.top"; dns.query; content:"usp.usspwu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwu\.top$/i"; classtype:trojan-activity; sid:36919761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwu.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwt.top"; dns.query; content:"usp.usspwt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwt\.top$/i"; classtype:trojan-activity; sid:36919791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwt.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspws.top"; dns.query; content:"usp.usspws.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspws\.top$/i"; classtype:trojan-activity; sid:36919821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspws.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspws.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspws\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwr.top"; dns.query; content:"usp.usspwr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwr\.top$/i"; classtype:trojan-activity; sid:36919851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwq.top"; dns.query; content:"usp.usspwq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwq\.top$/i"; classtype:trojan-activity; sid:36919881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwp.top"; dns.query; content:"usp.usspwp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwp\.top$/i"; classtype:trojan-activity; sid:36919911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwo.top"; dns.query; content:"usp.usspwo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwo\.top$/i"; classtype:trojan-activity; sid:36919941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwo.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwn.top"; dns.query; content:"usp.usspwn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwn\.top$/i"; classtype:trojan-activity; sid:36919971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36919972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwm.top"; dns.query; content:"usp.usspwm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwm\.top$/i"; classtype:trojan-activity; sid:36920001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwk.top"; dns.query; content:"usp.usspwk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwk\.top$/i"; classtype:trojan-activity; sid:36920031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwj.top"; dns.query; content:"usp.usspwj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwj\.top$/i"; classtype:trojan-activity; sid:36920061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwi.top"; dns.query; content:"usp.usspwi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwi\.top$/i"; classtype:trojan-activity; sid:36920091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwi.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwh.top"; dns.query; content:"usp.usspwh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwh\.top$/i"; classtype:trojan-activity; sid:36920121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwh.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwg.top"; dns.query; content:"usp.usspwg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwg\.top$/i"; classtype:trojan-activity; sid:36920151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwg.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwe.top"; dns.query; content:"usp.usspwe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwe\.top$/i"; classtype:trojan-activity; sid:36920181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwe.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwb.top"; dns.query; content:"usp.usspwb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwb\.top$/i"; classtype:trojan-activity; sid:36920211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwd.top"; dns.query; content:"usp.usspwd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwd\.top$/i"; classtype:trojan-activity; sid:36920241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspwa.top"; dns.query; content:"usp.usspwa.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwa\.top$/i"; classtype:trojan-activity; sid:36920271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspwa.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwa.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwa\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspve.top"; dns.query; content:"usp.usspve.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspve\.top$/i"; classtype:trojan-activity; sid:36920301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspve.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspve.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspve\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspvd.top"; dns.query; content:"usp.usspvd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvd\.top$/i"; classtype:trojan-activity; sid:36920331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspvd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspvc.top"; dns.query; content:"usp.usspvc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvc\.top$/i"; classtype:trojan-activity; sid:36920361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspvc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspvb.top"; dns.query; content:"usp.usspvb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvb\.top$/i"; classtype:trojan-activity; sid:36920391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspvb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspva.top"; dns.query; content:"usp.usspva.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspva\.top$/i"; classtype:trojan-activity; sid:36920421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspva.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspva.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspva\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspuz.top"; dns.query; content:"usp.usspuz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuz\.top$/i"; classtype:trojan-activity; sid:36920451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspuz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspuz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspuy.top"; dns.query; content:"usp.usspuy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuy\.top$/i"; classtype:trojan-activity; sid:36920481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspuy.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspuy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspux.top"; dns.query; content:"usp.usspux.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspux\.top$/i"; classtype:trojan-activity; sid:36920511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspux.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspux.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspux\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspuw.top"; dns.query; content:"usp.usspuw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuw\.top$/i"; classtype:trojan-activity; sid:36920541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspuw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspuw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspuv.top"; dns.query; content:"usp.usspuv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuv\.top$/i"; classtype:trojan-activity; sid:36920571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspuv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspuv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.ussput.top"; dns.query; content:"usp.ussput.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussput\.top$/i"; classtype:trojan-activity; sid:36920601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.ussput.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussput.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussput\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspur.top"; dns.query; content:"usp.usspur.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspur\.top$/i"; classtype:trojan-activity; sid:36920631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspur.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspur.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspur\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspul.top"; dns.query; content:"usp.usspul.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspul\.top$/i"; classtype:trojan-activity; sid:36920661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspul.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspul.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspul\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.ussptv.top"; dns.query; content:"usp.ussptv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptv\.top$/i"; classtype:trojan-activity; sid:36920691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.ussptv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.ussptc.top"; dns.query; content:"usp.ussptc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptc\.top$/i"; classtype:trojan-activity; sid:36920721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.ussptc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspti.top"; dns.query; content:"usp.usspti.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspti\.top$/i"; classtype:trojan-activity; sid:36920751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspti.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspti.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspti\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.ussptb.top"; dns.query; content:"usp.ussptb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptb\.top$/i"; classtype:trojan-activity; sid:36920781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.ussptb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspta.top"; dns.query; content:"usp.usspta.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspta\.top$/i"; classtype:trojan-activity; sid:36920811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspta.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspta.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspta\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspsq.top"; dns.query; content:"usp.usspsq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsq\.top$/i"; classtype:trojan-activity; sid:36920841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspsq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspsq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.ussprw.top"; dns.query; content:"usp.ussprw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprw\.top$/i"; classtype:trojan-activity; sid:36920871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.ussprw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussprw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspsp.top"; dns.query; content:"usp.usspsp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsp\.top$/i"; classtype:trojan-activity; sid:36920901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspsp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspsp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.ussprp.top"; dns.query; content:"usp.ussprp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprp\.top$/i"; classtype:trojan-activity; sid:36920931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.ussprp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussprp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.ussprd.top"; dns.query; content:"usp.ussprd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprd\.top$/i"; classtype:trojan-activity; sid:36920961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.ussprd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussprd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspqr.top"; dns.query; content:"usp.usspqr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqr\.top$/i"; classtype:trojan-activity; sid:36920991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspqr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36920992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspqo.top"; dns.query; content:"usp.usspqo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqo\.top$/i"; classtype:trojan-activity; sid:36921021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspqo.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspqn.top"; dns.query; content:"usp.usspqn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqn\.top$/i"; classtype:trojan-activity; sid:36921051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspqn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspqm.top"; dns.query; content:"usp.usspqm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqm\.top$/i"; classtype:trojan-activity; sid:36921081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspqm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspql.top"; dns.query; content:"usp.usspql.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspql\.top$/i"; classtype:trojan-activity; sid:36921111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspql.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspql.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspql\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspqk.top"; dns.query; content:"usp.usspqk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqk\.top$/i"; classtype:trojan-activity; sid:36921141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspqk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspqi.top"; dns.query; content:"usp.usspqi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqi\.top$/i"; classtype:trojan-activity; sid:36921171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspqi.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspqh.top"; dns.query; content:"usp.usspqh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqh\.top$/i"; classtype:trojan-activity; sid:36921201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspqh.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspqg.top"; dns.query; content:"usp.usspqg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqg\.top$/i"; classtype:trojan-activity; sid:36921231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspqg.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.ussppe.top"; dns.query; content:"usp.ussppe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppe\.top$/i"; classtype:trojan-activity; sid:36921261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.ussppe.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspom.top"; dns.query; content:"usp.usspom.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspom\.top$/i"; classtype:trojan-activity; sid:36921291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspom.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspom.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspom\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspnz.top"; dns.query; content:"usp.usspnz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnz\.top$/i"; classtype:trojan-activity; sid:36921321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspnz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspnz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspop.top"; dns.query; content:"usp.usspop.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspop\.top$/i"; classtype:trojan-activity; sid:36921351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspop.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspop.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspop\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspnr.top"; dns.query; content:"usp.usspnr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnr\.top$/i"; classtype:trojan-activity; sid:36921381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspnr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspnr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspnn.top"; dns.query; content:"usp.usspnn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnn\.top$/i"; classtype:trojan-activity; sid:36921411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspnn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspnn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspnl.top"; dns.query; content:"usp.usspnl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnl\.top$/i"; classtype:trojan-activity; sid:36921441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspnl.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspnl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspnc.top"; dns.query; content:"usp.usspnc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnc\.top$/i"; classtype:trojan-activity; sid:36921471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspnc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspnc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspky.top"; dns.query; content:"usp.usspky.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspky\.top$/i"; classtype:trojan-activity; sid:36921501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspky.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspky.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspky\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkw.top"; dns.query; content:"usp.usspkw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkw\.top$/i"; classtype:trojan-activity; sid:36921531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkv.top"; dns.query; content:"usp.usspkv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkv\.top$/i"; classtype:trojan-activity; sid:36921561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspku.top"; dns.query; content:"usp.usspku.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspku\.top$/i"; classtype:trojan-activity; sid:36921591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspku.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspku.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspku\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkt.top"; dns.query; content:"usp.usspkt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkt\.top$/i"; classtype:trojan-activity; sid:36921621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkt.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkq.top"; dns.query; content:"usp.usspkq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkq\.top$/i"; classtype:trojan-activity; sid:36921651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkr.top"; dns.query; content:"usp.usspkr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkr\.top$/i"; classtype:trojan-activity; sid:36921681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkp.top"; dns.query; content:"usp.usspkp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkp\.top$/i"; classtype:trojan-activity; sid:36921711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspko.top"; dns.query; content:"usp.usspko.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspko\.top$/i"; classtype:trojan-activity; sid:36921741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspko.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspko.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspko\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkn.top"; dns.query; content:"usp.usspkn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkn\.top$/i"; classtype:trojan-activity; sid:36921771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkl.top"; dns.query; content:"usp.usspkl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkl\.top$/i"; classtype:trojan-activity; sid:36921801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkl.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkj.top"; dns.query; content:"usp.usspkj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkj\.top$/i"; classtype:trojan-activity; sid:36921831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspki.top"; dns.query; content:"usp.usspki.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspki\.top$/i"; classtype:trojan-activity; sid:36921861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspki.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspki.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspki\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkd.top"; dns.query; content:"usp.usspkd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkd\.top$/i"; classtype:trojan-activity; sid:36921891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkh.top"; dns.query; content:"usp.usspkh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkh\.top$/i"; classtype:trojan-activity; sid:36921921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkh.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspke.top"; dns.query; content:"usp.usspke.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspke\.top$/i"; classtype:trojan-activity; sid:36921951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspke.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspke.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspke\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkc.top"; dns.query; content:"usp.usspkc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkc\.top$/i"; classtype:trojan-activity; sid:36921981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36921982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjy.top"; dns.query; content:"usp.usspjy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjy\.top$/i"; classtype:trojan-activity; sid:36922011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjy.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspkb.top"; dns.query; content:"usp.usspkb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkb\.top$/i"; classtype:trojan-activity; sid:36922041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspkb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspka.top"; dns.query; content:"usp.usspka.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspka\.top$/i"; classtype:trojan-activity; sid:36922071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspka.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspka.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspka\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjw.top"; dns.query; content:"usp.usspjw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjw\.top$/i"; classtype:trojan-activity; sid:36922101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjv.top"; dns.query; content:"usp.usspjv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjv\.top$/i"; classtype:trojan-activity; sid:36922131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjr.top"; dns.query; content:"usp.usspjr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjr\.top$/i"; classtype:trojan-activity; sid:36922161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjs.top"; dns.query; content:"usp.usspjs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjs\.top$/i"; classtype:trojan-activity; sid:36922191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjs.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjp.top"; dns.query; content:"usp.usspjp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjp\.top$/i"; classtype:trojan-activity; sid:36922221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjn.top"; dns.query; content:"usp.usspjn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjn\.top$/i"; classtype:trojan-activity; sid:36922251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjm.top"; dns.query; content:"usp.usspjm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjm\.top$/i"; classtype:trojan-activity; sid:36922281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjl.top"; dns.query; content:"usp.usspjl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjl\.top$/i"; classtype:trojan-activity; sid:36922311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjl.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjh.top"; dns.query; content:"usp.usspjh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjh\.top$/i"; classtype:trojan-activity; sid:36922341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjh.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjg.top"; dns.query; content:"usp.usspjg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjg\.top$/i"; classtype:trojan-activity; sid:36922371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjg.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspje.top"; dns.query; content:"usp.usspje.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspje\.top$/i"; classtype:trojan-activity; sid:36922401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspje.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspje.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspje\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjc.top"; dns.query; content:"usp.usspjc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjc\.top$/i"; classtype:trojan-activity; sid:36922431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjd.top"; dns.query; content:"usp.usspjd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjd\.top$/i"; classtype:trojan-activity; sid:36922461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspjb.top"; dns.query; content:"usp.usspjb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjb\.top$/i"; classtype:trojan-activity; sid:36922491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspjb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspja.top"; dns.query; content:"usp.usspja.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspja\.top$/i"; classtype:trojan-activity; sid:36922521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspja.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspja.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspja\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspij.top"; dns.query; content:"usp.usspij.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspij\.top$/i"; classtype:trojan-activity; sid:36922551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspij.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspij.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspij\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usp.usspeu.top"; dns.query; content:"usp.usspeu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspeu\.top$/i"; classtype:trojan-activity; sid:36922581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usp.usspeu.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspeu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspeu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usps.usspavs.top"; dns.query; content:"usps.usspavs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.usspavs\.top$/i"; classtype:trojan-activity; sid:36922611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usps.usspavs.top"; flow:to_server,established; http.header; content: "Host|3a| usps.usspavs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.usspavs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usps.postheeonn.com"; dns.query; content:"usps.postheeonn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.postheeonn\.com$/i"; classtype:trojan-activity; sid:36922641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usps.postheeonn.com"; flow:to_server,established; http.header; content: "Host|3a| usps.postheeonn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.postheeonn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspo.usspug.top"; dns.query; content:"uspo.usspug.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspug\.top$/i"; classtype:trojan-activity; sid:36922671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspo.usspug.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspug.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspug\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspo.ussptm.top"; dns.query; content:"uspo.ussptm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptm\.top$/i"; classtype:trojan-activity; sid:36922701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspo.ussptm.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussptm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.usspup.top"; dns.query; content:"uspe.usspup.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspup\.top$/i"; classtype:trojan-activity; sid:36922731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.usspup.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspup.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspup\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.usspqa.top"; dns.query; content:"uspe.usspqa.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqa\.top$/i"; classtype:trojan-activity; sid:36922761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.usspqa.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspqa.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqa\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.ussppw.top"; dns.query; content:"uspe.ussppw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppw\.top$/i"; classtype:trojan-activity; sid:36922791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.ussppw.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.ussppw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.usspph.top"; dns.query; content:"uspe.usspph.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspph\.top$/i"; classtype:trojan-activity; sid:36922821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.usspph.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspph.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspph\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.ussppr.top"; dns.query; content:"uspe.ussppr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppr\.top$/i"; classtype:trojan-activity; sid:36922851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.ussppr.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.ussppr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.ussppg.top"; dns.query; content:"uspe.ussppg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppg\.top$/i"; classtype:trojan-activity; sid:36922881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.ussppg.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.ussppg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.usspld.top"; dns.query; content:"uspe.usspld.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspld\.top$/i"; classtype:trojan-activity; sid:36922911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.usspld.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspld.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspld\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.usspio.top"; dns.query; content:"uspe.usspio.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspio\.top$/i"; classtype:trojan-activity; sid:36922941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.usspio.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspio.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspio\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspe.usspin.top"; dns.query; content:"uspe.usspin.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspin\.top$/i"; classtype:trojan-activity; sid:36922971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspe.usspin.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspin.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspin\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36922972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspd.usspwf.top"; dns.query; content:"uspd.usspwf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspwf\.top$/i"; classtype:trojan-activity; sid:36923001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspd.usspwf.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspwf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspwf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname txt.bicomm.app"; dns.query; content:"txt.bicomm.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])txt\.bicomm\.app$/i"; classtype:trojan-activity; sid:36923031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname txt.bicomm.app"; flow:to_server,established; http.header; content: "Host|3a| txt.bicomm.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])txt\.bicomm\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname uspd.usspoj.top"; dns.query; content:"uspd.usspoj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspoj\.top$/i"; classtype:trojan-activity; sid:36923061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname uspd.usspoj.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspoj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspoj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:36923091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:36923121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:36923151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:36923181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname sgafew.pages.dev"; dns.query; content:"sgafew.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sgafew\.pages\.dev$/i"; classtype:trojan-activity; sid:36923211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname sgafew.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sgafew.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sgafew\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname pub-f1c6316701434f26b978a8598e3e37f2.r2.dev"; dns.query; content:"pub-f1c6316701434f26b978a8598e3e37f2.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f1c6316701434f26b978a8598e3e37f2\.r2\.dev$/i"; classtype:trojan-activity; sid:36923241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname pub-f1c6316701434f26b978a8598e3e37f2.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-f1c6316701434f26b978a8598e3e37f2.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f1c6316701434f26b978a8598e3e37f2\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname myanmargp.eu.org"; dns.query; content:"myanmargp.eu.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myanmargp\.eu\.org$/i"; classtype:trojan-activity; sid:36923271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname myanmargp.eu.org"; flow:to_server,established; http.header; content: "Host|3a| myanmargp.eu.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myanmargp\.eu\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 135538.vip"; dns.query; content:"135538.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])135538\.vip$/i"; classtype:trojan-activity; sid:36923301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 135538.vip"; flow:to_server,established; http.header; content: "Host|3a| 135538.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])135538\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//135538.vip/"; flow:to_server,established; http.header; content:"135538.vip"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36923311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname klxizim.000webhostapp.com"; dns.query; content:"klxizim.000webhostapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klxizim\.000webhostapp\.com$/i"; classtype:trojan-activity; sid:36923331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname klxizim.000webhostapp.com"; flow:to_server,established; http.header; content: "Host|3a| klxizim.000webhostapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klxizim\.000webhostapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname ioa.pages.dev"; dns.query; content:"ioa.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ioa\.pages\.dev$/i"; classtype:trojan-activity; sid:36923361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname ioa.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ioa.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ioa\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname jnkihihiohighi8g.weebly.com"; dns.query; content:"jnkihihiohighi8g.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jnkihihiohighi8g\.weebly\.com$/i"; classtype:trojan-activity; sid:36923391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname jnkihihiohighi8g.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| jnkihihiohighi8g.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jnkihihiohighi8g\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname infos-service.hubside.fr"; dns.query; content:"infos-service.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])infos\-service\.hubside\.fr$/i"; classtype:trojan-activity; sid:36923421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname infos-service.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| infos-service.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])infos\-service\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname gl3esirdmuj2gzhce6ei.manxttrider.com"; dns.query; content:"gl3esirdmuj2gzhce6ei.manxttrider.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gl3esirdmuj2gzhce6ei\.manxttrider\.com$/i"; classtype:trojan-activity; sid:36923451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname gl3esirdmuj2gzhce6ei.manxttrider.com"; flow:to_server,established; http.header; content: "Host|3a| gl3esirdmuj2gzhce6ei.manxttrider.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gl3esirdmuj2gzhce6ei\.manxttrider\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname dooc-dar-b916.slrheeibtuebsid.workers.dev"; dns.query; content:"dooc-dar-b916.slrheeibtuebsid.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dooc\-dar\-b916\.slrheeibtuebsid\.workers\.dev$/i"; classtype:trojan-activity; sid:36923481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname dooc-dar-b916.slrheeibtuebsid.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| dooc-dar-b916.slrheeibtuebsid.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dooc\-dar\-b916\.slrheeibtuebsid\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname dharma-raju.github.io"; dns.query; content:"dharma-raju.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dharma\-raju\.github\.io$/i"; classtype:trojan-activity; sid:36923511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname dharma-raju.github.io"; flow:to_server,established; http.header; content: "Host|3a| dharma-raju.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dharma\-raju\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname clouds-scene-ad2d.alessandraquinn.workers.dev"; dns.query; content:"clouds-scene-ad2d.alessandraquinn.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clouds\-scene\-ad2d\.alessandraquinn\.workers\.dev$/i"; classtype:trojan-activity; sid:36923541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname clouds-scene-ad2d.alessandraquinn.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| clouds-scene-ad2d.alessandraquinn.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clouds\-scene\-ad2d\.alessandraquinn\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname clouds-scene-ad2d.alessandraquinn.workers.dev"; dns.query; content:"clouds-scene-ad2d.alessandraquinn.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clouds\-scene\-ad2d\.alessandraquinn\.workers\.dev$/i"; classtype:trojan-activity; sid:36923571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname clouds-scene-ad2d.alessandraquinn.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| clouds-scene-ad2d.alessandraquinn.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clouds\-scene\-ad2d\.alessandraquinn\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname att-100405.weeblysite.com"; dns.query; content:"att-100405.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-100405\.weeblysite\.com$/i"; classtype:trojan-activity; sid:36923661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname att-100405.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-100405.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-100405\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 1vt.pages.dev"; dns.query; content:"1vt.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1vt\.pages\.dev$/i"; classtype:trojan-activity; sid:36923691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 1vt.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 1vt.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1vt\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname partial-mega-nickel-arrivals.trycloudflare.com"; dns.query; content:"partial-mega-nickel-arrivals.trycloudflare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])partial\-mega\-nickel\-arrivals\.trycloudflare\.com$/i"; classtype:trojan-activity; sid:36923721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname partial-mega-nickel-arrivals.trycloudflare.com"; flow:to_server,established; http.header; content: "Host|3a| partial-mega-nickel-arrivals.trycloudflare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])partial\-mega\-nickel\-arrivals\.trycloudflare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//partial-mega-nickel-arrivals.trycloudflare.com/login2.html"; flow:to_server,established; http.header; content:"partial-mega-nickel-arrivals.trycloudflare.com"; fast_pattern; nocase; http.uri; content:"/login2.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36923731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname partial-mega-nickel-arrivals.trycloudflare.com"; dns.query; content:"partial-mega-nickel-arrivals.trycloudflare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])partial\-mega\-nickel\-arrivals\.trycloudflare\.com$/i"; classtype:trojan-activity; sid:36923751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname partial-mega-nickel-arrivals.trycloudflare.com"; flow:to_server,established; http.header; content: "Host|3a| partial-mega-nickel-arrivals.trycloudflare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])partial\-mega\-nickel\-arrivals\.trycloudflare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//partial-mega-nickel-arrivals.trycloudflare.com"; flow:to_server,established; http.header; content:"partial-mega-nickel-arrivals.trycloudflare.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36923761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname iso-therm.anewpoolnow.com"; dns.query; content:"iso-therm.anewpoolnow.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iso\-therm\.anewpoolnow\.com$/i"; classtype:trojan-activity; sid:36923781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname iso-therm.anewpoolnow.com"; flow:to_server,established; http.header; content: "Host|3a| iso-therm.anewpoolnow.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iso\-therm\.anewpoolnow\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//iso-therm.anewpoolnow.com"; flow:to_server,established; http.header; content:"iso-therm.anewpoolnow.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36923791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname holing.net"; dns.query; content:"holing.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])holing\.net$/i"; classtype:trojan-activity; sid:36923811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname holing.net"; flow:to_server,established; http.header; content: "Host|3a| holing.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])holing\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//holing.net/wp-content/plugins/edkkmd/GlobalSources?naps"; flow:to_server,established; http.header; content:"holing.net"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/edkkmd/GlobalSources"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36923821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname harmonious-naiad-131d9avwawde.netlify.app"; dns.query; content:"harmonious-naiad-131d9avwawde.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])harmonious\-naiad\-131d9avwawde\.netlify\.app$/i"; classtype:trojan-activity; sid:36923841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname harmonious-naiad-131d9avwawde.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| harmonious-naiad-131d9avwawde.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])harmonious\-naiad\-131d9avwawde\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//harmonious-naiad-131d9avwawde.netlify.app"; flow:to_server,established; http.header; content:"harmonious-naiad-131d9avwawde.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36923851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname genuined-marshmallowd-2b686cds.netlify.app"; dns.query; content:"genuined-marshmallowd-2b686cds.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])genuined\-marshmallowd\-2b686cds\.netlify\.app$/i"; classtype:trojan-activity; sid:36923871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname genuined-marshmallowd-2b686cds.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| genuined-marshmallowd-2b686cds.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])genuined\-marshmallowd\-2b686cds\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//genuined-marshmallowd-2b686cds.netlify.app"; flow:to_server,established; http.header; content:"genuined-marshmallowd-2b686cds.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36923881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname dqkkux.com"; dns.query; content:"dqkkux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dqkkux\.com$/i"; classtype:trojan-activity; sid:36923901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname dqkkux.com"; flow:to_server,established; http.header; content: "Host|3a| dqkkux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dqkkux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname clinicaroua.ro"; dns.query; content:"clinicaroua.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clinicaroua\.ro$/i"; classtype:trojan-activity; sid:36923931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname clinicaroua.ro"; flow:to_server,established; http.header; content: "Host|3a| clinicaroua.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clinicaroua\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//clinicaroua.ro/zip/GlobalSources?email=3mail@b.c"; flow:to_server,established; http.header; content:"clinicaroua.ro"; fast_pattern; nocase; http.uri; content:"/zip/GlobalSources"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36923941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname avenue.pages.dev"; dns.query; content:"avenue.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])avenue\.pages\.dev$/i"; classtype:trojan-activity; sid:36923961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname avenue.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| avenue.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])avenue\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//avenue.pages.dev/favicon.ico"; flow:to_server,established; http.header; content:"avenue.pages.dev"; fast_pattern; nocase; http.uri; content:"/favicon.ico"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36923971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname avenue.pages.dev"; dns.query; content:"avenue.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])avenue\.pages\.dev$/i"; classtype:trojan-activity; sid:36923991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname avenue.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| avenue.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])avenue\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36923992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev/6b60b846-bf3f-46e1-95ac-4831d8b3d103"; flow:to_server,established; http.header; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; http.uri; content:"/6b60b846-bf3f-46e1-95ac-4831d8b3d103"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36924331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:36924561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:36924591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:36924621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname pub-8a9cc35a5303489d8d9b78fd89ba0b6f.r2.dev"; dns.query; content:"pub-8a9cc35a5303489d8d9b78fd89ba0b6f.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8a9cc35a5303489d8d9b78fd89ba0b6f\.r2\.dev$/i"; classtype:trojan-activity; sid:36924651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname pub-8a9cc35a5303489d8d9b78fd89ba0b6f.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-8a9cc35a5303489d8d9b78fd89ba0b6f.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8a9cc35a5303489d8d9b78fd89ba0b6f\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//pub-8a9cc35a5303489d8d9b78fd89ba0b6f.r2.dev/Alldomain-index.html"; flow:to_server,established; http.header; content:"pub-8a9cc35a5303489d8d9b78fd89ba0b6f.r2.dev"; fast_pattern; nocase; http.uri; content:"/Alldomain-index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36924661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:36924681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:36924711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname dqkkux.com"; dns.query; content:"dqkkux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dqkkux\.com$/i"; classtype:trojan-activity; sid:36924741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname dqkkux.com"; flow:to_server,established; http.header; content: "Host|3a| dqkkux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dqkkux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname openliveroomvcs.melayu-viral-vvip.my.id"; dns.query; content:"openliveroomvcs.melayu-viral-vvip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])openliveroomvcs\.melayu\-viral\-vvip\.my\.id$/i"; classtype:trojan-activity; sid:36924771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname openliveroomvcs.melayu-viral-vvip.my.id"; flow:to_server,established; http.header; content: "Host|3a| openliveroomvcs.melayu-viral-vvip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])openliveroomvcs\.melayu\-viral\-vvip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname telegreim.cc"; dns.query; content:"telegreim.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegreim\.cc$/i"; classtype:trojan-activity; sid:36924801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname telegreim.cc"; flow:to_server,established; http.header; content: "Host|3a| telegreim.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegreim\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//telegreim.cc/"; flow:to_server,established; http.header; content:"telegreim.cc"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36924811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname a0tuh-do.uhirrc.workers.dev"; dns.query; content:"a0tuh-do.uhirrc.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])a0tuh\-do\.uhirrc\.workers\.dev$/i"; classtype:trojan-activity; sid:36924831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname a0tuh-do.uhirrc.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| a0tuh-do.uhirrc.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])a0tuh\-do\.uhirrc\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//a0tuh-do.uhirrc.workers.dev"; flow:to_server,established; http.header; content:"a0tuh-do.uhirrc.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36924841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname tokenpocket-tptme.org"; dns.query; content:"tokenpocket-tptme.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tptme\.org$/i"; classtype:trojan-activity; sid:36924861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname tokenpocket-tptme.org"; flow:to_server,established; http.header; content: "Host|3a| tokenpocket-tptme.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tptme\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//tokenpocket-tptme.org"; flow:to_server,established; http.header; content:"tokenpocket-tptme.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36924871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname jhd.pages.dev"; dns.query; content:"jhd.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhd\.pages\.dev$/i"; classtype:trojan-activity; sid:36924891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname jhd.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jhd.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhd\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//jhd.pages.dev"; flow:to_server,established; http.header; content:"jhd.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36924901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usps.bbbeenncd.cc"; dns.query; content:"usps.bbbeenncd.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.bbbeenncd\.cc$/i"; classtype:trojan-activity; sid:36924921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usps.bbbeenncd.cc"; flow:to_server,established; http.header; content: "Host|3a| usps.bbbeenncd.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.bbbeenncd\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//usps.bbbeenncd.cc"; flow:to_server,established; http.header; content:"usps.bbbeenncd.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36924931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usps.bbbccaakk.cc"; dns.query; content:"usps.bbbccaakk.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.bbbccaakk\.cc$/i"; classtype:trojan-activity; sid:36924951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usps.bbbccaakk.cc"; flow:to_server,established; http.header; content: "Host|3a| usps.bbbccaakk.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.bbbccaakk\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//usps.bbbccaakk.cc"; flow:to_server,established; http.header; content:"usps.bbbccaakk.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36924961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert ip $HOME_NET any -> 88.210.9.117 50500 (msg: "MISP e25649 [RiseProStealer] Outgoing To IP: 88.210.9.117|50500"; classtype:trojan-activity; sid:36898631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 85.239.34.70 $HTTP_PORTS (msg: "MISP e25717 [] Outgoing URL http|3a|//85.239.34.70/tQS2dTpCs3Fw4/hcDwwc3PmZu.x86"; flow:to_server,established; http.header; content:"85.239.34.70"; fast_pattern; nocase; http.uri; content:"/tQS2dTpCs3Fw4/hcDwwc3PmZu.x86"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 85.239.34.70 $HTTP_PORTS (msg: "MISP e25717 [] Outgoing URL http|3a|//85.239.34.70/tQS2dTpCs3Fw4/hcDwwc3PmZu.mips"; flow:to_server,established; http.header; content:"85.239.34.70"; fast_pattern; nocase; http.uri; content:"/tQS2dTpCs3Fw4/hcDwwc3PmZu.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 85.239.34.70 $HTTP_PORTS (msg: "MISP e25717 [] Outgoing URL http|3a|//85.239.34.70/tQS2dTpCs3Fw4/hcDwwc3PmZu.arm6"; flow:to_server,established; http.header; content:"85.239.34.70"; fast_pattern; nocase; http.uri; content:"/tQS2dTpCs3Fw4/hcDwwc3PmZu.arm6"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 85.239.34.70 $HTTP_PORTS (msg: "MISP e25717 [] Outgoing URL http|3a|//85.239.34.70/tQS2dTpCs3Fw4/hcDwwc3PmZu.arm5"; flow:to_server,established; http.header; content:"85.239.34.70"; fast_pattern; nocase; http.uri; content:"/tQS2dTpCs3Fw4/hcDwwc3PmZu.arm5"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 61.53.118.203 41324 (msg: "MISP e25717 [] Outgoing URL http|3a|//61.53.118.203|3a|41324/Mozi.m"; flow:to_server,established; http.header; content:"61.53.118.203"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 42.231.44.22 57225 (msg: "MISP e25717 [] Outgoing URL http|3a|//42.231.44.22|3a|57225/i"; flow:to_server,established; http.header; content:"42.231.44.22"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 42.231.44.22 57225 (msg: "MISP e25717 [] Outgoing URL http|3a|//42.231.44.22|3a|57225/bin.sh"; flow:to_server,established; http.header; content:"42.231.44.22"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.119.182.155 49697 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.119.182.155|3a|49697/"; flow:to_server,established; http.header; content:"182.119.182.155"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.117.40.23 36132 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.117.40.23|3a|36132/"; flow:to_server,established; http.header; content:"182.117.40.23"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 125.40.150.8 50441 (msg: "MISP e25717 [] Outgoing URL http|3a|//125.40.150.8|3a|50441/bin.sh"; flow:to_server,established; http.header; content:"125.40.150.8"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 120.86.247.192 33364 (msg: "MISP e25717 [] Outgoing URL http|3a|//120.86.247.192|3a|33364/mozi.a"; flow:to_server,established; http.header; content:"120.86.247.192"; fast_pattern; nocase; http.uri; content:"/mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 119.179.216.94 42342 (msg: "MISP e25717 [] Outgoing URL http|3a|//119.179.216.94|3a|42342/i"; flow:to_server,established; http.header; content:"119.179.216.94"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 119.179.216.94 42342 (msg: "MISP e25717 [] Outgoing URL http|3a|//119.179.216.94|3a|42342/bin.sh"; flow:to_server,established; http.header; content:"119.179.216.94"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.202.77.6 51579 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.202.77.6|3a|51579/i"; flow:to_server,established; http.header; content:"117.202.77.6"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.192.127.55 57272 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.192.127.55|3a|57272/i"; flow:to_server,established; http.header; content:"117.192.127.55"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.56.167.84 46738 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.56.167.84|3a|46738/i"; flow:to_server,established; http.header; content:"115.56.167.84"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 61.53.91.54 54779 (msg: "MISP e25717 [] Outgoing URL http|3a|//61.53.91.54|3a|54779/"; flow:to_server,established; http.header; content:"61.53.91.54"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 222.137.209.196 57679 (msg: "MISP e25717 [] Outgoing URL http|3a|//222.137.209.196|3a|57679/i"; flow:to_server,established; http.header; content:"222.137.209.196"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.113.32.55 42768 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.113.32.55|3a|42768/i"; flow:to_server,established; http.header; content:"182.113.32.55"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.192.123.250 59174 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.192.123.250|3a|59174/i"; flow:to_server,established; http.header; content:"117.192.123.250"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.48.40.149 52753 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.48.40.149|3a|52753/i"; flow:to_server,established; http.header; content:"115.48.40.149"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 61.53.91.54 54779 (msg: "MISP e25717 [] Outgoing URL http|3a|//61.53.91.54|3a|54779/i"; flow:to_server,established; http.header; content:"61.53.91.54"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 61.53.91.54 54779 (msg: "MISP e25717 [] Outgoing URL http|3a|//61.53.91.54|3a|54779/bin.sh"; flow:to_server,established; http.header; content:"61.53.91.54"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.55.93.209 52566 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.55.93.209|3a|52566/bin.sh"; flow:to_server,established; http.header; content:"115.55.93.209"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 113.221.27.83 40660 (msg: "MISP e25717 [] Outgoing URL http|3a|//113.221.27.83|3a|40660/.i"; flow:to_server,established; http.header; content:"113.221.27.83"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 112.248.109.177 52988 (msg: "MISP e25717 [] Outgoing URL http|3a|//112.248.109.177|3a|52988/Mozi.m"; flow:to_server,established; http.header; content:"112.248.109.177"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 46.200.235.101 53649 (msg: "MISP e25717 [] Outgoing URL http|3a|//46.200.235.101|3a|53649/i"; flow:to_server,established; http.header; content:"46.200.235.101"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 46.200.235.101 53649 (msg: "MISP e25717 [] Outgoing URL http|3a|//46.200.235.101|3a|53649/bin.sh"; flow:to_server,established; http.header; content:"46.200.235.101"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 222.138.23.93 38372 (msg: "MISP e25717 [] Outgoing URL http|3a|//222.138.23.93|3a|38372/"; flow:to_server,established; http.header; content:"222.138.23.93"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.113.32.55 42768 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.113.32.55|3a|42768/bin.sh"; flow:to_server,established; http.header; content:"182.113.32.55"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.199.11.15 60293 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.199.11.15|3a|60293/bin.sh"; flow:to_server,established; http.header; content:"117.199.11.15"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.194.163.165 41707 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.194.163.165|3a|41707/bin.sh"; flow:to_server,established; http.header; content:"117.194.163.165"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 1.70.10.165 40326 (msg: "MISP e25717 [] Outgoing URL http|3a|//1.70.10.165|3a|40326/.i"; flow:to_server,established; http.header; content:"1.70.10.165"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 73.85.168.88 40625 (msg: "MISP e25717 [] Outgoing URL http|3a|//73.85.168.88|3a|40625/.i"; flow:to_server,established; http.header; content:"73.85.168.88"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 221.15.22.80 58860 (msg: "MISP e25717 [] Outgoing URL http|3a|//221.15.22.80|3a|58860/Mozi.m"; flow:to_server,established; http.header; content:"221.15.22.80"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.124.116.215 33703 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.124.116.215|3a|33703/bin.sh"; flow:to_server,established; http.header; content:"182.124.116.215"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.122.176.146 48380 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.122.176.146|3a|48380/i"; flow:to_server,established; http.header; content:"182.122.176.146"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.116.71.40 57241 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.116.71.40|3a|57241/i"; flow:to_server,established; http.header; content:"182.116.71.40"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.116.71.40 57241 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.116.71.40|3a|57241/bin.sh"; flow:to_server,established; http.header; content:"182.116.71.40"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 123.10.179.174 53513 (msg: "MISP e25717 [] Outgoing URL http|3a|//123.10.179.174|3a|53513/i"; flow:to_server,established; http.header; content:"123.10.179.174"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 123.10.179.174 53513 (msg: "MISP e25717 [] Outgoing URL http|3a|//123.10.179.174|3a|53513/"; flow:to_server,established; http.header; content:"123.10.179.174"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.217.40.221 42369 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.217.40.221|3a|42369/Mozi.m"; flow:to_server,established; http.header; content:"117.217.40.221"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.213.89.35 52900 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.213.89.35|3a|52900/Mozi.m"; flow:to_server,established; http.header; content:"117.213.89.35"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36914991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.56.123.98 53670 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.56.123.98|3a|53670/i"; flow:to_server,established; http.header; content:"115.56.123.98"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 42.233.106.142 43036 (msg: "MISP e25717 [] Outgoing URL http|3a|//42.233.106.142|3a|43036/bin.sh"; flow:to_server,established; http.header; content:"42.233.106.142"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 41.142.74.153 56005 (msg: "MISP e25717 [] Outgoing URL http|3a|//41.142.74.153|3a|56005/Mozi.m"; flow:to_server,established; http.header; content:"41.142.74.153"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.124.116.215 33703 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.124.116.215|3a|33703/i"; flow:to_server,established; http.header; content:"182.124.116.215"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.124.116.215 33703 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.124.116.215|3a|33703/"; flow:to_server,established; http.header; content:"182.124.116.215"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.57.81.113 38010 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.57.81.113|3a|38010/Mozi.m"; flow:to_server,established; http.header; content:"115.57.81.113"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.55.239.46 54614 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.55.239.46|3a|54614/bin.sh"; flow:to_server,established; http.header; content:"115.55.239.46"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 203.217.100.150 34020 (msg: "MISP e25717 [] Outgoing URL http|3a|//203.217.100.150|3a|34020/.i"; flow:to_server,established; http.header; content:"203.217.100.150"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 123.7.220.56 39442 (msg: "MISP e25717 [] Outgoing URL http|3a|//123.7.220.56|3a|39442/bin.sh"; flow:to_server,established; http.header; content:"123.7.220.56"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 119.179.236.29 44101 (msg: "MISP e25717 [] Outgoing URL http|3a|//119.179.236.29|3a|44101/Mozi.m"; flow:to_server,established; http.header; content:"119.179.236.29"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.55.239.46 54614 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.55.239.46|3a|54614/i"; flow:to_server,established; http.header; content:"115.55.239.46"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 42.233.106.142 43036 (msg: "MISP e25717 [] Outgoing URL http|3a|//42.233.106.142|3a|43036/i"; flow:to_server,established; http.header; content:"42.233.106.142"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 27.215.213.69 42962 (msg: "MISP e25717 [] Outgoing URL http|3a|//27.215.213.69|3a|42962/Mozi.m"; flow:to_server,established; http.header; content:"27.215.213.69"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 119.179.216.94 42342 (msg: "MISP e25717 [] Outgoing URL http|3a|//119.179.216.94|3a|42342/Mozi.m"; flow:to_server,established; http.header; content:"119.179.216.94"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.59.91.177 55436 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.59.91.177|3a|55436/Mozi.m"; flow:to_server,established; http.header; content:"115.59.91.177"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert ip $HOME_NET any -> 88.210.9.117 50500 (msg: "MISP e25810 [] Outgoing To IP: 88.210.9.117|50500"; classtype:trojan-activity; sid:36989481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25731 [] Hostname bhakarwadimakingmachine.com"; dns.query; content:"bhakarwadimakingmachine.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bhakarwadimakingmachine\.com$/i"; classtype:trojan-activity; sid:36960591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25731;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25731 [] Outgoing HTTP Hostname bhakarwadimakingmachine.com"; flow:to_server,established; http.header; content: "Host|3a| bhakarwadimakingmachine.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bhakarwadimakingmachine\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36960592; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25731;) alert dns any any -> any any (msg: "MISP e25731 [] Domain bhakarwadimakingmachine.com"; dns.query; content:"bhakarwadimakingmachine.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bhakarwadimakingmachine\.com$/i"; classtype:trojan-activity; sid:36960711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25731;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25731 [] Outgoing HTTP Domain bhakarwadimakingmachine.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bhakarwadimakingmachine.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bhakarwadimakingmachine\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36960712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25731;) alert dns any any -> any any (msg: "MISP e25810 [] Domain pjnbadfjandkadm3kd.com"; dns.query; content:"pjnbadfjandkadm3kd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pjnbadfjandkadm3kd\.com$/i"; classtype:trojan-activity; sid:36989491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain pjnbadfjandkadm3kd.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pjnbadfjandkadm3kd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pjnbadfjandkadm3kd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg: "MISP e25810 [] Outgoing URL http|3a|//pjnbadfjandkadm3kd.com|3a|80"; flow:to_server,established; http.header; content:"pjnbadfjandkadm3kd.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 103.86.131.106 443 (msg: "MISP e25649 [] Outgoing To IP: 103.86.131.106|443"; classtype:trojan-activity; sid:36898711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 103.86.131.106 443 (msg: "MISP e25810 [] Outgoing To IP: 103.86.131.106|443"; classtype:trojan-activity; sid:36989511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 18.157.68.73 13538 (msg: "MISP e25810 [] Outgoing To IP: 18.157.68.73|13538"; classtype:trojan-activity; sid:36989521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 3.22.30.40 13747 (msg: "MISP e25810 [] Outgoing To IP: 3.22.30.40|13747"; classtype:trojan-activity; sid:36989531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 3.127.138.57 13538 (msg: "MISP e25810 [] Outgoing To IP: 3.127.138.57|13538"; classtype:trojan-activity; sid:36989541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 3.141.210.37 17366 (msg: "MISP e25810 [] Outgoing To IP: 3.141.210.37|17366"; classtype:trojan-activity; sid:36989551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 3.141.177.1 17366 (msg: "MISP e25810 [] Outgoing To IP: 3.141.177.1|17366"; classtype:trojan-activity; sid:36989561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 3.140.223.7 17366 (msg: "MISP e25810 [] Outgoing To IP: 3.140.223.7|17366"; classtype:trojan-activity; sid:36989571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 3.132.159.158 17366 (msg: "MISP e25810 [] Outgoing To IP: 3.132.159.158|17366"; classtype:trojan-activity; sid:36989581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain qcpanel.hackcrack.io"; dns.query; content:"qcpanel.hackcrack.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])qcpanel\.hackcrack\.io$/i"; classtype:trojan-activity; sid:36989591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain qcpanel.hackcrack.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qcpanel.hackcrack.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qcpanel\.hackcrack\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 3.127.138.57 13538 (msg: "MISP e25649 [njrat,RAT] Outgoing To IP: 3.127.138.57|13538"; classtype:trojan-activity; sid:36898681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 3.22.30.40 13747 (msg: "MISP e25649 [njrat,RAT] Outgoing To IP: 3.22.30.40|13747"; classtype:trojan-activity; sid:36898691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 18.157.68.73 13538 (msg: "MISP e25649 [njrat,RAT] Outgoing To IP: 18.157.68.73|13538"; classtype:trojan-activity; sid:36898701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 3.141.177.1 17366 (msg: "MISP e25649 [NanoCore,RAT] Outgoing To IP: 3.141.177.1|17366"; classtype:trojan-activity; sid:36898661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 3.141.210.37 17366 (msg: "MISP e25649 [NanoCore,RAT] Outgoing To IP: 3.141.210.37|17366"; classtype:trojan-activity; sid:36898671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 3.132.159.158 17366 (msg: "MISP e25649 [NanoCore,RAT] Outgoing To IP: 3.132.159.158|17366"; classtype:trojan-activity; sid:36898641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 3.140.223.7 17366 (msg: "MISP e25649 [NanoCore,RAT] Outgoing To IP: 3.140.223.7|17366"; classtype:trojan-activity; sid:36898651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e25649 [Stealc] Outgoing URL http|3a|//194.120.116.120/7a957ef6cc168ff6.php"; flow:to_server,established; http.header; content:"194.120.116.120"; fast_pattern; nocase; http.uri; content:"/7a957ef6cc168ff6.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//194.120.116.120/7a957ef6cc168ff6.php"; flow:to_server,established; http.header; content:"194.120.116.120"; fast_pattern; nocase; http.uri; content:"/7a957ef6cc168ff6.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 46.246.86.4 101 (msg: "MISP e25649 [njrat] Outgoing To IP: 46.246.86.4|101"; classtype:trojan-activity; sid:36898731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 3.141.142.211 17366 (msg: "MISP e25649 [NanoCore,RAT] Outgoing To IP: 3.141.142.211|17366"; classtype:trojan-activity; sid:36898741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [njrat,RAT] Domain vbatallafinal23.duckdns.org"; dns.query; content:"vbatallafinal23.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])vbatallafinal23\.duckdns\.org$/i"; classtype:trojan-activity; sid:36898751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [njrat,RAT] Outgoing HTTP Domain vbatallafinal23.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vbatallafinal23.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vbatallafinal23\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36898752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 3.141.142.211 17366 (msg: "MISP e25810 [] Outgoing To IP: 3.141.142.211|17366"; classtype:trojan-activity; sid:36989611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain vbatallafinal23.duckdns.org"; dns.query; content:"vbatallafinal23.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])vbatallafinal23\.duckdns\.org$/i"; classtype:trojan-activity; sid:36989621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain vbatallafinal23.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vbatallafinal23.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vbatallafinal23\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 46.246.86.4 101 (msg: "MISP e25810 [] Outgoing To IP: 46.246.86.4|101"; classtype:trojan-activity; sid:36989631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 216.98.13.172 26604 (msg: "MISP e25649 [RedLineStealer] Outgoing To IP: 216.98.13.172|26604"; classtype:trojan-activity; sid:36898761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 216.98.13.172 26604 (msg: "MISP e25810 [] Outgoing To IP: 216.98.13.172|26604"; classtype:trojan-activity; sid:36989641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 212.224.86.54 58003 (msg: "MISP e25649 [N-W0rm] Outgoing To IP: 212.224.86.54|58003"; classtype:trojan-activity; sid:36898771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 212.224.86.54 58003 (msg: "MISP e25810 [] Outgoing To IP: 212.224.86.54|58003"; classtype:trojan-activity; sid:36989651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25647 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:36897851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25647;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25647 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36897852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25647;) alert http $HOME_NET any -> 38.181.2.11 $HTTP_PORTS (msg: "MISP e25649 [CobaltStrike,cs-watermark-100000,HKCICL-AS-AP Hong Kong Communications International Co. Limited] Outgoing URL http|3a|//38.181.2.11/ga.js"; flow:to_server,established; http.header; content:"38.181.2.11"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 38.181.2.11 $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//38.181.2.11/ga.js"; flow:to_server,established; http.header; content:"38.181.2.11"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 92.222.212.74 1450 (msg: "MISP e25649 [RedLineStealer] Outgoing To IP: 92.222.212.74|1450"; classtype:trojan-activity; sid:36898791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 193.161.193.99 30520 (msg: "MISP e25810 [] Outgoing To IP: 193.161.193.99|30520"; classtype:trojan-activity; sid:36989671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain jd03-30520.portmap.io"; dns.query; content:"jd03-30520.portmap.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])jd03\-30520\.portmap\.io$/i"; classtype:trojan-activity; sid:36989681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain jd03-30520.portmap.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jd03-30520.portmap.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jd03\-30520\.portmap\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 92.222.212.74 1450 (msg: "MISP e25810 [] Outgoing To IP: 92.222.212.74|1450"; classtype:trojan-activity; sid:36989691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 147.45.45.81 30063 (msg: "MISP e25810 [] Outgoing To IP: 147.45.45.81|30063"; classtype:trojan-activity; sid:36989701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25649 [dcrat] Outgoing URL http|3a|//076902cm.nyashtech.top/lowuniversal.php"; flow:to_server,established; http.header; content:"076902cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/lowuniversal.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36898801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//076902cm.nyashtech.top/Lowuniversal.php"; flow:to_server,established; http.header; content:"076902cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/Lowuniversal.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36989711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 193.222.96.161 53535 (msg: "MISP e25649 [sliver,UNKNOW] Outgoing To IP: 193.222.96.161|53535"; classtype:trojan-activity; sid:36898811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 20.61.4.19 4007 (msg: "MISP e25649 [MICROSOFT-CORP-MSN-AS-BLOCK,sliver] Outgoing To IP: 20.61.4.19|4007"; classtype:trojan-activity; sid:36898821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 91.132.196.39 9090 (msg: "MISP e25649 [Deimos,MGNHOST-AS] Outgoing To IP: 91.132.196.39|9090"; classtype:trojan-activity; sid:36898831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 124.222.63.238 8029 (msg: "MISP e25649 [Havoc,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 124.222.63.238|8029"; classtype:trojan-activity; sid:36898841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 20.38.38.37 80 (msg: "MISP e25649 [Havoc,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.38.38.37|80"; classtype:trojan-activity; sid:36898851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 148.135.11.253 445 (msg: "MISP e25649 [MULTA-ASN1,Responder] Outgoing To IP: 148.135.11.253|445"; classtype:trojan-activity; sid:36898861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 77.8.150.104 443 (msg: "MISP e25649 [QakBot,TDDE-ASN1] Outgoing To IP: 77.8.150.104|443"; classtype:trojan-activity; sid:36898871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 41.99.50.6 443 (msg: "MISP e25649 [ALGTEL-AS,QakBot] Outgoing To IP: 41.99.50.6|443"; classtype:trojan-activity; sid:36898881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 96.87.28.171 2222 (msg: "MISP e25649 [COMCAST-7725,QakBot] Outgoing To IP: 96.87.28.171|2222"; classtype:trojan-activity; sid:36898891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 78.16.61.94 443 (msg: "MISP e25649 [AS-BTIRE BT Ireland was previously known as Esat Net EUnet Ireland & IEUnet.,QakBot] Outgoing To IP: 78.16.61.94|443"; classtype:trojan-activity; sid:36898901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 43.143.236.67 8080 (msg: "MISP e25649 [dcrat,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 43.143.236.67|8080"; classtype:trojan-activity; sid:36898911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 43.228.125.144 8888 (msg: "MISP e25649 [Supershell,XIM-HK Room 704 ChinaChen Leighton Plaza] Outgoing To IP: 43.228.125.144|8888"; classtype:trojan-activity; sid:36898921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 5.42.73.251 80 (msg: "MISP e25649 [AEZA-AS,Meduza Stealer] Outgoing To IP: 5.42.73.251|80"; classtype:trojan-activity; sid:36898931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 43.228.125.144 8888 (msg: "MISP e25810 [] Outgoing To IP: 43.228.125.144|8888"; classtype:trojan-activity; sid:36989721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 43.143.236.67 8080 (msg: "MISP e25810 [] Outgoing To IP: 43.143.236.67|8080"; classtype:trojan-activity; sid:36989731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 78.16.61.94 443 (msg: "MISP e25810 [] Outgoing To IP: 78.16.61.94|443"; classtype:trojan-activity; sid:36989741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 96.87.28.171 2222 (msg: "MISP e25810 [] Outgoing To IP: 96.87.28.171|2222"; classtype:trojan-activity; sid:36989751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 41.99.50.6 443 (msg: "MISP e25810 [] Outgoing To IP: 41.99.50.6|443"; classtype:trojan-activity; sid:36989761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 77.8.150.104 443 (msg: "MISP e25810 [] Outgoing To IP: 77.8.150.104|443"; classtype:trojan-activity; sid:36989771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 148.135.11.253 445 (msg: "MISP e25810 [] Outgoing To IP: 148.135.11.253|445"; classtype:trojan-activity; sid:36989781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 20.38.38.37 80 (msg: "MISP e25810 [] Outgoing To IP: 20.38.38.37|80"; classtype:trojan-activity; sid:36989791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 124.222.63.238 8029 (msg: "MISP e25810 [] Outgoing To IP: 124.222.63.238|8029"; classtype:trojan-activity; sid:36989801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 91.132.196.39 9090 (msg: "MISP e25810 [] Outgoing To IP: 91.132.196.39|9090"; classtype:trojan-activity; sid:36989811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 20.61.4.19 4007 (msg: "MISP e25810 [] Outgoing To IP: 20.61.4.19|4007"; classtype:trojan-activity; sid:36989821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 193.222.96.161 53535 (msg: "MISP e25810 [] Outgoing To IP: 193.222.96.161|53535"; classtype:trojan-activity; sid:36989831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 5.42.73.251 80 (msg: "MISP e25810 [] Outgoing To IP: 5.42.73.251|80"; classtype:trojan-activity; sid:36989841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain auto-benjamin.gl.at.ply.gg"; dns.query; content:"auto-benjamin.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])auto\-benjamin\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:36989851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain auto-benjamin.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auto-benjamin.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auto\-benjamin\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36989852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 147.185.221.18 14881 (msg: "MISP e25810 [] Outgoing To IP: 147.185.221.18|14881"; classtype:trojan-activity; sid:36989861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 176.122.189.30 8088 (msg: "MISP e25649 [AS25820,c2,censys,IT7NET] Outgoing To IP: 176.122.189.30|8088"; classtype:trojan-activity; sid:36898941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AMAZON-02,AS16509,c2,censys] Domain ec2-3-22-66-152.us-east-2.compute.amazonaws.com"; dns.query; content:"ec2-3-22-66-152.us-east-2.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-22\-66\-152\.us\-east\-2\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:36898951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-3-22-66-152.us-east-2.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-22-66-152.us-east-2.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-22\-66\-152\.us\-east\-2\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36898952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 185.216.70.81 443 (msg: "MISP e25649 [AS216289,c2,censys,SIRCROSAR-NET] Outgoing To IP: 185.216.70.81|443"; classtype:trojan-activity; sid:36898961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS55990,c2,censys] Domain ecs-116-205-190-164.compute.hwclouds-dns.com"; dns.query; content:"ecs-116-205-190-164.compute.hwclouds-dns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-116\-205\-190\-164\.compute\.hwclouds\-dns\.com$/i"; classtype:trojan-activity; sid:36898971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS55990,c2,censys] Outgoing HTTP Domain ecs-116-205-190-164.compute.hwclouds-dns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecs-116-205-190-164.compute.hwclouds-dns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-116\-205\-190\-164\.compute\.hwclouds\-dns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36898972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 110.42.209.75 812 (msg: "MISP e25649 [AS45090,c2,censys] Outgoing To IP: 110.42.209.75|812"; classtype:trojan-activity; sid:36898981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 107.172.201.247 19211 (msg: "MISP e25649 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 107.172.201.247|19211"; classtype:trojan-activity; sid:36898991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 47.120.54.55 80 (msg: "MISP e25649 [AS37963,c2,censys] Outgoing To IP: 47.120.54.55|80"; classtype:trojan-activity; sid:36899001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 43.138.156.178 80 (msg: "MISP e25649 [AS45090,c2,censys] Outgoing To IP: 43.138.156.178|80"; classtype:trojan-activity; sid:36899011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 107.189.14.144 443 (msg: "MISP e25649 [AS53667,c2,censys,PONYNET] Outgoing To IP: 107.189.14.144|443"; classtype:trojan-activity; sid:36899021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 192.3.235.87 5555 (msg: "MISP e25649 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 192.3.235.87|5555"; classtype:trojan-activity; sid:36899031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 154.9.252.97 8080 (msg: "MISP e25649 [AS63916,c2,censys] Outgoing To IP: 154.9.252.97|8080"; classtype:trojan-activity; sid:36899041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 43.136.71.208 2053 (msg: "MISP e25649 [AS45090,c2,censys] Outgoing To IP: 43.136.71.208|2053"; classtype:trojan-activity; sid:36899051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 107.174.243.15 554 (msg: "MISP e25649 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 107.174.243.15|554"; classtype:trojan-activity; sid:36899061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 45.148.244.206 80 (msg: "MISP e25649 [ALEXHOST,AS200019,c2,censys] Outgoing To IP: 45.148.244.206|80"; classtype:trojan-activity; sid:36899071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 162.14.125.5 5555 (msg: "MISP e25649 [AS45090,c2,censys] Outgoing To IP: 162.14.125.5|5555"; classtype:trojan-activity; sid:36899081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 43.154.190.128 4433 (msg: "MISP e25649 [AS132203,c2,censys] Outgoing To IP: 43.154.190.128|4433"; classtype:trojan-activity; sid:36899091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 91.92.242.143 8083 (msg: "MISP e25649 [AS394711,c2,censys,LIMENET] Outgoing To IP: 91.92.242.143|8083"; classtype:trojan-activity; sid:36899101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 154.3.0.131 8080 (msg: "MISP e25649 [AS63916,c2,censys] Outgoing To IP: 154.3.0.131|8080"; classtype:trojan-activity; sid:36899111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 88.214.26.54 52047 (msg: "MISP e25649 [AS209132,c2,censys] Outgoing To IP: 88.214.26.54|52047"; classtype:trojan-activity; sid:36899121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 187.135.240.152 1723 (msg: "MISP e25649 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.240.152|1723"; classtype:trojan-activity; sid:36899131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 187.135.240.152 1896 (msg: "MISP e25649 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.240.152|1896"; classtype:trojan-activity; sid:36899141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 185.82.219.87 2351 (msg: "MISP e25649 [AS59729,c2,censys,ITL-BG] Outgoing To IP: 185.82.219.87|2351"; classtype:trojan-activity; sid:36899151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 172.96.137.224 13975 (msg: "MISP e25649 [AS395092,c2,censys,SHOCK-1] Outgoing To IP: 172.96.137.224|13975"; classtype:trojan-activity; sid:36899161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 47.111.31.7 43365 (msg: "MISP e25649 [AS37963,c2,censys] Outgoing To IP: 47.111.31.7|43365"; classtype:trojan-activity; sid:36899171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 190.123.44.228 31337 (msg: "MISP e25649 [AS52284,c2,censys,Panamaserver.com] Outgoing To IP: 190.123.44.228|31337"; classtype:trojan-activity; sid:36899181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 34.162.154.209 443 (msg: "MISP e25649 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.162.154.209|443"; classtype:trojan-activity; sid:36899191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 45.154.98.34 8808 (msg: "MISP e25649 [AS210558,c2,censys,RAT] Outgoing To IP: 45.154.98.34|8808"; classtype:trojan-activity; sid:36899201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 91.92.252.126 6606 (msg: "MISP e25649 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.252.126|6606"; classtype:trojan-activity; sid:36899211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 216.250.254.227 7707 (msg: "MISP e25649 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 216.250.254.227|7707"; classtype:trojan-activity; sid:36899221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 20.106.168.188 8808 (msg: "MISP e25649 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT] Outgoing To IP: 20.106.168.188|8808"; classtype:trojan-activity; sid:36899231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 151.67.33.99 8080 (msg: "MISP e25649 [AS1267,c2,censys,RAT] Outgoing To IP: 151.67.33.99|8080"; classtype:trojan-activity; sid:36899241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 186.112.194.124 8888 (msg: "MISP e25649 [AS3816,c2,censys,RAT] Outgoing To IP: 186.112.194.124|8888"; classtype:trojan-activity; sid:36899251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 45.145.55.81 6606 (msg: "MISP e25649 [AS8100,ASN-QUADRANET-GLOBAL,c2,censys,RAT] Outgoing To IP: 45.145.55.81|6606"; classtype:trojan-activity; sid:36899261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 154.12.30.64 80 (msg: "MISP e25649 [AS142032,c2,censys,HookBot] Outgoing To IP: 154.12.30.64|80"; classtype:trojan-activity; sid:36899271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 178.236.247.158 80 (msg: "MISP e25649 [AEZA-AS,AS210644,c2,censys,HookBot] Outgoing To IP: 178.236.247.158|80"; classtype:trojan-activity; sid:36899281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 3.1.206.216 8001 (msg: "MISP e25649 [AMAZON-02,AS16509,c2,censys,HookBot] Outgoing To IP: 3.1.206.216|8001"; classtype:trojan-activity; sid:36899291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS141995,c2,censys,HookBot] Domain mail.194-233-74-255.cprapid.com"; dns.query; content:"mail.194-233-74-255.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.194\-233\-74\-255\.cprapid\.com$/i"; classtype:trojan-activity; sid:36899301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS141995,c2,censys,HookBot] Outgoing HTTP Domain mail.194-233-74-255.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.194-233-74-255.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.194\-233\-74\-255\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS142032,c2,censys,HookBot] Domain tsola256.com"; dns.query; content:"tsola256.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tsola256\.com$/i"; classtype:trojan-activity; sid:36899311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS142032,c2,censys,HookBot] Outgoing HTTP Domain tsola256.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tsola256.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tsola256\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS142032,c2,censys,HookBot] Domain 356142.fun"; dns.query; content:"356142.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])356142\.fun$/i"; classtype:trojan-activity; sid:36899321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS142032,c2,censys,HookBot] Outgoing HTTP Domain 356142.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"356142.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])356142\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 3.72.85.14 8001 (msg: "MISP e25649 [AMAZON-02,AS16509,c2,censys,HookBot] Outgoing To IP: 3.72.85.14|8001"; classtype:trojan-activity; sid:36899331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 185.172.128.131 80 (msg: "MISP e25649 [AS216309,c2,censys,EVILEMPIRE-AS,HookBot] Outgoing To IP: 185.172.128.131|80"; classtype:trojan-activity; sid:36899341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 194.233.74.255 80 (msg: "MISP e25649 [AS141995,c2,censys,HookBot] Outgoing To IP: 194.233.74.255|80"; classtype:trojan-activity; sid:36899351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 193.163.7.139 8081 (msg: "MISP e25649 [AS204601,c2,censys] Outgoing To IP: 193.163.7.139|8081"; classtype:trojan-activity; sid:36899361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 94.156.69.28 8081 (msg: "MISP e25649 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.69.28|8081"; classtype:trojan-activity; sid:36899371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS33654,c2,censys,CMCS] Domain www-12.eekal.com"; dns.query; content:"www-12.eekal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-12\.eekal\.com$/i"; classtype:trojan-activity; sid:36899381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS33654,c2,censys,CMCS] Outgoing HTTP Domain www-12.eekal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www-12.eekal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-12\.eekal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS9930,c2,censys] Domain ambankgruop.store"; dns.query; content:"ambankgruop.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ambankgruop\.store$/i"; classtype:trojan-activity; sid:36899391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS9930,c2,censys] Outgoing HTTP Domain ambankgruop.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ambankgruop.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ambankgruop\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AMAZON-02,AS16509,c2,censys] Domain ec2-13-235-8-98.ap-south-1.compute.amazonaws.com"; dns.query; content:"ec2-13-235-8-98.ap-south-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-235\-8\-98\.ap\-south\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:36899401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-13-235-8-98.ap-south-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-235-8-98.ap-south-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-235\-8\-98\.ap\-south\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain www.premier-stream.co.uk"; dns.query; content:"www.premier-stream.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.premier\-stream\.co\.uk$/i"; classtype:trojan-activity; sid:36899411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain www.premier-stream.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.premier-stream.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.premier\-stream\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain premier-stream.co.uk"; dns.query; content:"premier-stream.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])premier\-stream\.co\.uk$/i"; classtype:trojan-activity; sid:36899421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain premier-stream.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"premier-stream.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])premier\-stream\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 91.92.248.121 5902 (msg: "MISP e25649 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.248.121|5902"; classtype:trojan-activity; sid:36899431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 91.92.248.152 6606 (msg: "MISP e25649 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.248.152|6606"; classtype:trojan-activity; sid:36899441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS51167,c2,censys,CONTABO,L3MON] Domain srv001e.feja111.de"; dns.query; content:"srv001e.feja111.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])srv001e\.feja111\.de$/i"; classtype:trojan-activity; sid:36899451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS51167,c2,censys,CONTABO,L3MON] Outgoing HTTP Domain srv001e.feja111.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"srv001e.feja111.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])srv001e\.feja111\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 188.26.86.131 8080 (msg: "MISP e25649 [AS8708,c2,censys,RAT] Outgoing To IP: 188.26.86.131|8080"; classtype:trojan-activity; sid:36899461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 18.139.243.205 80 (msg: "MISP e25649 [AMAZON-02,AS16509,c2,censys] Outgoing To IP: 18.139.243.205|80"; classtype:trojan-activity; sid:36899471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 95.111.238.79 80 (msg: "MISP e25649 [AS51167,c2,censys,CONTABO] Outgoing To IP: 95.111.238.79|80"; classtype:trojan-activity; sid:36899481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS13335,c2,censys,CLOUDFLARENET,stealer] Domain node1.abcd2.monster"; dns.query; content:"node1.abcd2.monster"; nocase; pcre: "/(^|[^A-Za-z0-9-])node1\.abcd2\.monster$/i"; classtype:trojan-activity; sid:36899491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS13335,c2,censys,CLOUDFLARENET,stealer] Outgoing HTTP Domain node1.abcd2.monster"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"node1.abcd2.monster"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])node1\.abcd2\.monster[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS210558,c2,censys,stealer] Domain jolly-ganguly.45-141-215-173.plesk.page"; dns.query; content:"jolly-ganguly.45-141-215-173.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])jolly\-ganguly\.45\-141\-215\-173\.plesk\.page$/i"; classtype:trojan-activity; sid:36899501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS210558,c2,censys,stealer] Outgoing HTTP Domain jolly-ganguly.45-141-215-173.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jolly-ganguly.45-141-215-173.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jolly\-ganguly\.45\-141\-215\-173\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 123.99.201.37 808 (msg: "MISP e25649 [AS58461,c2,censys] Outgoing To IP: 123.99.201.37|808"; classtype:trojan-activity; sid:36899511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS36007,c2,censys,KAMATERA,UNAM] Domain 103.54.57.251.sslip.io"; dns.query; content:"103.54.57.251.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])103\.54\.57\.251\.sslip\.io$/i"; classtype:trojan-activity; sid:36899521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS36007,c2,censys,KAMATERA,UNAM] Outgoing HTTP Domain 103.54.57.251.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"103.54.57.251.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])103\.54\.57\.251\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS13335,Atlantida,c2,censys,CLOUDFLARENET] Domain www.mywestpac.com"; dns.query; content:"www.mywestpac.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mywestpac\.com$/i"; classtype:trojan-activity; sid:36899531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS13335,Atlantida,c2,censys,CLOUDFLARENET] Outgoing HTTP Domain www.mywestpac.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.mywestpac.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mywestpac\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 176.124.32.23 443 (msg: "MISP e25649 [AS62005,BV-EU-AS,c2,censys,RedWarden] Outgoing To IP: 176.124.32.23|443"; classtype:trojan-activity; sid:36899541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 143.92.58.61 60000 (msg: "MISP e25649 [AS64050,censys,Viper] Outgoing To IP: 143.92.58.61|60000"; classtype:trojan-activity; sid:36899551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 110.40.36.67 60000 (msg: "MISP e25649 [AS38283,censys,Viper] Outgoing To IP: 110.40.36.67|60000"; classtype:trojan-activity; sid:36899561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 60.204.203.14 60000 (msg: "MISP e25649 [AS55990,censys,Viper] Outgoing To IP: 60.204.203.14|60000"; classtype:trojan-activity; sid:36899571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain outlook.vitamedicajobccb.com"; dns.query; content:"outlook.vitamedicajobccb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])outlook\.vitamedicajobccb\.com$/i"; classtype:trojan-activity; sid:36899581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain outlook.vitamedicajobccb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"outlook.vitamedicajobccb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])outlook\.vitamedicajobccb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 142.11.199.59 80 (msg: "MISP e25649 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing To IP: 142.11.199.59|80"; classtype:trojan-activity; sid:36899591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25649 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain account.vitamedicajobccb.com"; dns.query; content:"account.vitamedicajobccb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])account\.vitamedicajobccb\.com$/i"; classtype:trojan-activity; sid:36899601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain account.vitamedicajobccb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"account.vitamedicajobccb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])account\.vitamedicajobccb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 104.238.214.47 4444 (msg: "MISP e25649 [AS36007,censys,GoPhish,KAMATERA,phishing] Outgoing To IP: 104.238.214.47|4444"; classtype:trojan-activity; sid:36899611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 49.234.190.91 8083 (msg: "MISP e25649 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 49.234.190.91|8083"; classtype:trojan-activity; sid:36899621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 18.194.227.164 80 (msg: "MISP e25649 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 18.194.227.164|80"; classtype:trojan-activity; sid:36899631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 37.60.239.239 443 (msg: "MISP e25649 [AS51167,censys,CONTABO,GoPhish,phishing] Outgoing To IP: 37.60.239.239|443"; classtype:trojan-activity; sid:36899641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 47.100.81.121 3333 (msg: "MISP e25649 [AS37963,censys,GoPhish,phishing] Outgoing To IP: 47.100.81.121|3333"; classtype:trojan-activity; sid:36899651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 34.237.150.77 3333 (msg: "MISP e25649 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 34.237.150.77|3333"; classtype:trojan-activity; sid:36899661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 18.157.139.50 80 (msg: "MISP e25649 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 18.157.139.50|80"; classtype:trojan-activity; sid:36899671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 35.199.114.125 3333 (msg: "MISP e25649 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 35.199.114.125|3333"; classtype:trojan-activity; sid:36899681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 3.25.226.216 3333 (msg: "MISP e25649 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.25.226.216|3333"; classtype:trojan-activity; sid:36899691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 52.146.15.133 3333 (msg: "MISP e25649 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 52.146.15.133|3333"; classtype:trojan-activity; sid:36899701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 34.128.110.49 9443 (msg: "MISP e25649 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.128.110.49|9443"; classtype:trojan-activity; sid:36899711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 34.198.81.115 443 (msg: "MISP e25649 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 34.198.81.115|443"; classtype:trojan-activity; sid:36899721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 85.10.133.189 3333 (msg: "MISP e25649 [AS20857,censys,GoPhish,phishing] Outgoing To IP: 85.10.133.189|3333"; classtype:trojan-activity; sid:36899731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 138.201.19.103 3336 (msg: "MISP e25649 [AS24940,censys,GoPhish,HETZNER-AS,phishing] Outgoing To IP: 138.201.19.103|3336"; classtype:trojan-activity; sid:36899741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 138.201.19.103 3336 (msg: "MISP e25810 [] Outgoing To IP: 138.201.19.103|3336"; classtype:trojan-activity; sid:36989871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 85.10.133.189 3333 (msg: "MISP e25810 [] Outgoing To IP: 85.10.133.189|3333"; classtype:trojan-activity; sid:36989881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 34.198.81.115 443 (msg: "MISP e25810 [] Outgoing To IP: 34.198.81.115|443"; classtype:trojan-activity; sid:36989891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 34.128.110.49 9443 (msg: "MISP e25810 [] Outgoing To IP: 34.128.110.49|9443"; classtype:trojan-activity; sid:36989901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 52.146.15.133 3333 (msg: "MISP e25810 [] Outgoing To IP: 52.146.15.133|3333"; classtype:trojan-activity; sid:36989911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 3.25.226.216 3333 (msg: "MISP e25810 [] Outgoing To IP: 3.25.226.216|3333"; classtype:trojan-activity; sid:36989921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 35.199.114.125 3333 (msg: "MISP e25810 [] Outgoing To IP: 35.199.114.125|3333"; classtype:trojan-activity; sid:36989931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 18.157.139.50 80 (msg: "MISP e25810 [] Outgoing To IP: 18.157.139.50|80"; classtype:trojan-activity; sid:36989941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 34.237.150.77 3333 (msg: "MISP e25810 [] Outgoing To IP: 34.237.150.77|3333"; classtype:trojan-activity; sid:36989951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 47.100.81.121 3333 (msg: "MISP e25810 [] Outgoing To IP: 47.100.81.121|3333"; classtype:trojan-activity; sid:36989961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 37.60.239.239 443 (msg: "MISP e25810 [] Outgoing To IP: 37.60.239.239|443"; classtype:trojan-activity; sid:36989971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 18.194.227.164 80 (msg: "MISP e25810 [] Outgoing To IP: 18.194.227.164|80"; classtype:trojan-activity; sid:36989981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 49.234.190.91 8083 (msg: "MISP e25810 [] Outgoing To IP: 49.234.190.91|8083"; classtype:trojan-activity; sid:36989991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 104.238.214.47 4444 (msg: "MISP e25810 [] Outgoing To IP: 104.238.214.47|4444"; classtype:trojan-activity; sid:36990001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain account.vitamedicajobccb.com"; dns.query; content:"account.vitamedicajobccb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])account\.vitamedicajobccb\.com$/i"; classtype:trojan-activity; sid:36990011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain account.vitamedicajobccb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"account.vitamedicajobccb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])account\.vitamedicajobccb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 142.11.199.59 80 (msg: "MISP e25810 [] Outgoing To IP: 142.11.199.59|80"; classtype:trojan-activity; sid:36990021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain outlook.vitamedicajobccb.com"; dns.query; content:"outlook.vitamedicajobccb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])outlook\.vitamedicajobccb\.com$/i"; classtype:trojan-activity; sid:36990031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain outlook.vitamedicajobccb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"outlook.vitamedicajobccb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])outlook\.vitamedicajobccb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 60.204.203.14 60000 (msg: "MISP e25810 [] Outgoing To IP: 60.204.203.14|60000"; classtype:trojan-activity; sid:36990041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 110.40.36.67 60000 (msg: "MISP e25810 [] Outgoing To IP: 110.40.36.67|60000"; classtype:trojan-activity; sid:36990051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 143.92.58.61 60000 (msg: "MISP e25810 [] Outgoing To IP: 143.92.58.61|60000"; classtype:trojan-activity; sid:36990061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 176.124.32.23 443 (msg: "MISP e25810 [] Outgoing To IP: 176.124.32.23|443"; classtype:trojan-activity; sid:36990071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain www.mywestpac.com"; dns.query; content:"www.mywestpac.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mywestpac\.com$/i"; classtype:trojan-activity; sid:36990081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain www.mywestpac.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.mywestpac.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mywestpac\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain 103.54.57.251.sslip.io"; dns.query; content:"103.54.57.251.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])103\.54\.57\.251\.sslip\.io$/i"; classtype:trojan-activity; sid:36990091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain 103.54.57.251.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"103.54.57.251.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])103\.54\.57\.251\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 123.99.201.37 808 (msg: "MISP e25810 [] Outgoing To IP: 123.99.201.37|808"; classtype:trojan-activity; sid:36990101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain jolly-ganguly.45-141-215-173.plesk.page"; dns.query; content:"jolly-ganguly.45-141-215-173.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])jolly\-ganguly\.45\-141\-215\-173\.plesk\.page$/i"; classtype:trojan-activity; sid:36990111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain jolly-ganguly.45-141-215-173.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jolly-ganguly.45-141-215-173.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jolly\-ganguly\.45\-141\-215\-173\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain node1.abcd2.monster"; dns.query; content:"node1.abcd2.monster"; nocase; pcre: "/(^|[^A-Za-z0-9-])node1\.abcd2\.monster$/i"; classtype:trojan-activity; sid:36990121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain node1.abcd2.monster"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"node1.abcd2.monster"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])node1\.abcd2\.monster[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 95.111.238.79 80 (msg: "MISP e25810 [] Outgoing To IP: 95.111.238.79|80"; classtype:trojan-activity; sid:36990131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 18.139.243.205 80 (msg: "MISP e25810 [] Outgoing To IP: 18.139.243.205|80"; classtype:trojan-activity; sid:36990141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 188.26.86.131 8080 (msg: "MISP e25810 [] Outgoing To IP: 188.26.86.131|8080"; classtype:trojan-activity; sid:36990151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain srv001e.feja111.de"; dns.query; content:"srv001e.feja111.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])srv001e\.feja111\.de$/i"; classtype:trojan-activity; sid:36990161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain srv001e.feja111.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"srv001e.feja111.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])srv001e\.feja111\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 91.92.248.152 6606 (msg: "MISP e25810 [] Outgoing To IP: 91.92.248.152|6606"; classtype:trojan-activity; sid:36990171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 91.92.248.121 5902 (msg: "MISP e25810 [] Outgoing To IP: 91.92.248.121|5902"; classtype:trojan-activity; sid:36990181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain premier-stream.co.uk"; dns.query; content:"premier-stream.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])premier\-stream\.co\.uk$/i"; classtype:trojan-activity; sid:36990191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain premier-stream.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"premier-stream.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])premier\-stream\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain ec2-13-235-8-98.ap-south-1.compute.amazonaws.com"; dns.query; content:"ec2-13-235-8-98.ap-south-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-235\-8\-98\.ap\-south\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:36990201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain ec2-13-235-8-98.ap-south-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-235-8-98.ap-south-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-235\-8\-98\.ap\-south\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain www.premier-stream.co.uk"; dns.query; content:"www.premier-stream.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.premier\-stream\.co\.uk$/i"; classtype:trojan-activity; sid:36990211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain www.premier-stream.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.premier-stream.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.premier\-stream\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain ambankgruop.store"; dns.query; content:"ambankgruop.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ambankgruop\.store$/i"; classtype:trojan-activity; sid:36990221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain ambankgruop.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ambankgruop.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ambankgruop\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain www-12.eekal.com"; dns.query; content:"www-12.eekal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-12\.eekal\.com$/i"; classtype:trojan-activity; sid:36990231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain www-12.eekal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www-12.eekal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-12\.eekal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 94.156.69.28 8081 (msg: "MISP e25810 [] Outgoing To IP: 94.156.69.28|8081"; classtype:trojan-activity; sid:36990241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 193.163.7.139 8081 (msg: "MISP e25810 [] Outgoing To IP: 193.163.7.139|8081"; classtype:trojan-activity; sid:36990251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 194.233.74.255 80 (msg: "MISP e25810 [] Outgoing To IP: 194.233.74.255|80"; classtype:trojan-activity; sid:36990261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 185.172.128.131 80 (msg: "MISP e25810 [] Outgoing To IP: 185.172.128.131|80"; classtype:trojan-activity; sid:36990271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain 356142.fun"; dns.query; content:"356142.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])356142\.fun$/i"; classtype:trojan-activity; sid:36990281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain 356142.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"356142.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])356142\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 3.72.85.14 8001 (msg: "MISP e25810 [] Outgoing To IP: 3.72.85.14|8001"; classtype:trojan-activity; sid:36990291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain mail.194-233-74-255.cprapid.com"; dns.query; content:"mail.194-233-74-255.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.194\-233\-74\-255\.cprapid\.com$/i"; classtype:trojan-activity; sid:36990301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain mail.194-233-74-255.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.194-233-74-255.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.194\-233\-74\-255\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain tsola256.com"; dns.query; content:"tsola256.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tsola256\.com$/i"; classtype:trojan-activity; sid:36990311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain tsola256.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tsola256.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tsola256\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 3.1.206.216 8001 (msg: "MISP e25810 [] Outgoing To IP: 3.1.206.216|8001"; classtype:trojan-activity; sid:36990321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 178.236.247.158 80 (msg: "MISP e25810 [] Outgoing To IP: 178.236.247.158|80"; classtype:trojan-activity; sid:36990331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 154.12.30.64 80 (msg: "MISP e25810 [] Outgoing To IP: 154.12.30.64|80"; classtype:trojan-activity; sid:36990341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 45.145.55.81 6606 (msg: "MISP e25810 [] Outgoing To IP: 45.145.55.81|6606"; classtype:trojan-activity; sid:36990351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 186.112.194.124 8888 (msg: "MISP e25810 [] Outgoing To IP: 186.112.194.124|8888"; classtype:trojan-activity; sid:36990361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 20.106.168.188 8808 (msg: "MISP e25810 [] Outgoing To IP: 20.106.168.188|8808"; classtype:trojan-activity; sid:36990371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 151.67.33.99 8080 (msg: "MISP e25810 [] Outgoing To IP: 151.67.33.99|8080"; classtype:trojan-activity; sid:36990381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 216.250.254.227 7707 (msg: "MISP e25810 [] Outgoing To IP: 216.250.254.227|7707"; classtype:trojan-activity; sid:36990391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 91.92.252.126 6606 (msg: "MISP e25810 [] Outgoing To IP: 91.92.252.126|6606"; classtype:trojan-activity; sid:36990401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 45.154.98.34 8808 (msg: "MISP e25810 [] Outgoing To IP: 45.154.98.34|8808"; classtype:trojan-activity; sid:36990411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 190.123.44.228 31337 (msg: "MISP e25810 [] Outgoing To IP: 190.123.44.228|31337"; classtype:trojan-activity; sid:36990421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 34.162.154.209 443 (msg: "MISP e25810 [] Outgoing To IP: 34.162.154.209|443"; classtype:trojan-activity; sid:36990431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 47.111.31.7 43365 (msg: "MISP e25810 [] Outgoing To IP: 47.111.31.7|43365"; classtype:trojan-activity; sid:36990441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 172.96.137.224 13975 (msg: "MISP e25810 [] Outgoing To IP: 172.96.137.224|13975"; classtype:trojan-activity; sid:36990451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 185.82.219.87 2351 (msg: "MISP e25810 [] Outgoing To IP: 185.82.219.87|2351"; classtype:trojan-activity; sid:36990461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 187.135.240.152 1723 (msg: "MISP e25810 [] Outgoing To IP: 187.135.240.152|1723"; classtype:trojan-activity; sid:36990471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 187.135.240.152 1896 (msg: "MISP e25810 [] Outgoing To IP: 187.135.240.152|1896"; classtype:trojan-activity; sid:36990481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 88.214.26.54 52047 (msg: "MISP e25810 [] Outgoing To IP: 88.214.26.54|52047"; classtype:trojan-activity; sid:36990491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 154.3.0.131 8080 (msg: "MISP e25810 [] Outgoing To IP: 154.3.0.131|8080"; classtype:trojan-activity; sid:36990501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 91.92.242.143 8083 (msg: "MISP e25810 [] Outgoing To IP: 91.92.242.143|8083"; classtype:trojan-activity; sid:36990511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 43.154.190.128 4433 (msg: "MISP e25810 [] Outgoing To IP: 43.154.190.128|4433"; classtype:trojan-activity; sid:36990521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 162.14.125.5 5555 (msg: "MISP e25810 [] Outgoing To IP: 162.14.125.5|5555"; classtype:trojan-activity; sid:36990531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 45.148.244.206 80 (msg: "MISP e25810 [] Outgoing To IP: 45.148.244.206|80"; classtype:trojan-activity; sid:36990541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 43.136.71.208 2053 (msg: "MISP e25810 [] Outgoing To IP: 43.136.71.208|2053"; classtype:trojan-activity; sid:36990551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 107.174.243.15 554 (msg: "MISP e25810 [] Outgoing To IP: 107.174.243.15|554"; classtype:trojan-activity; sid:36990561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 154.9.252.97 8080 (msg: "MISP e25810 [] Outgoing To IP: 154.9.252.97|8080"; classtype:trojan-activity; sid:36990571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 192.3.235.87 5555 (msg: "MISP e25810 [] Outgoing To IP: 192.3.235.87|5555"; classtype:trojan-activity; sid:36990581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 107.189.14.144 443 (msg: "MISP e25810 [] Outgoing To IP: 107.189.14.144|443"; classtype:trojan-activity; sid:36990591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 47.120.54.55 80 (msg: "MISP e25810 [] Outgoing To IP: 47.120.54.55|80"; classtype:trojan-activity; sid:36990601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 43.138.156.178 80 (msg: "MISP e25810 [] Outgoing To IP: 43.138.156.178|80"; classtype:trojan-activity; sid:36990611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 107.172.201.247 19211 (msg: "MISP e25810 [] Outgoing To IP: 107.172.201.247|19211"; classtype:trojan-activity; sid:36990621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 110.42.209.75 812 (msg: "MISP e25810 [] Outgoing To IP: 110.42.209.75|812"; classtype:trojan-activity; sid:36990631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain ecs-116-205-190-164.compute.hwclouds-dns.com"; dns.query; content:"ecs-116-205-190-164.compute.hwclouds-dns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-116\-205\-190\-164\.compute\.hwclouds\-dns\.com$/i"; classtype:trojan-activity; sid:36990641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain ecs-116-205-190-164.compute.hwclouds-dns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecs-116-205-190-164.compute.hwclouds-dns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-116\-205\-190\-164\.compute\.hwclouds\-dns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 185.216.70.81 443 (msg: "MISP e25810 [] Outgoing To IP: 185.216.70.81|443"; classtype:trojan-activity; sid:36990651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain ec2-3-22-66-152.us-east-2.compute.amazonaws.com"; dns.query; content:"ec2-3-22-66-152.us-east-2.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-22\-66\-152\.us\-east\-2\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:36990661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain ec2-3-22-66-152.us-east-2.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-22-66-152.us-east-2.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-22\-66\-152\.us\-east\-2\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 176.122.189.30 8088 (msg: "MISP e25810 [] Outgoing To IP: 176.122.189.30|8088"; classtype:trojan-activity; sid:36990671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 178.73.218.3 101 (msg: "MISP e25649 [njrat] Outgoing To IP: 178.73.218.3|101"; classtype:trojan-activity; sid:36899751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 13.56.214.28 3790 (msg: "MISP e25649 [] Outgoing To IP: 13.56.214.28|3790"; classtype:trojan-activity; sid:36899761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 13.56.214.28 3790 (msg: "MISP e25810 [] Outgoing To IP: 13.56.214.28|3790"; classtype:trojan-activity; sid:36990681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 178.73.218.3 101 (msg: "MISP e25810 [] Outgoing To IP: 178.73.218.3|101"; classtype:trojan-activity; sid:36990691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 173.44.141.146 50050 (msg: "MISP e25649 [] Outgoing To IP: 173.44.141.146|50050"; classtype:trojan-activity; sid:36899771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 185.196.8.89 4443 (msg: "MISP e25649 [] Outgoing To IP: 185.196.8.89|4443"; classtype:trojan-activity; sid:36899781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 185.196.8.89 4443 (msg: "MISP e25810 [] Outgoing To IP: 185.196.8.89|4443"; classtype:trojan-activity; sid:36990701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 173.44.141.146 50050 (msg: "MISP e25810 [] Outgoing To IP: 173.44.141.146|50050"; classtype:trojan-activity; sid:36990711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 46.246.4.20 3030 (msg: "MISP e25649 [njrat] Outgoing To IP: 46.246.4.20|3030"; classtype:trojan-activity; sid:36899791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//148.163.93.51@9090/DavWWWRoot/new.ps1"; flow:to_server,established; http.header; content:"9090"; fast_pattern; nocase; http.uri; content:"/DavWWWRoot/new.ps1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 148.163.93.51 9090 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//148.163.93.51|3a|9090/brown.pdf"; flow:to_server,established; http.header; content:"148.163.93.51"; fast_pattern; nocase; http.uri; content:"/brown.pdf"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> $EXTERNAL_NET 8000 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//drakesoftware.serveftp.com|3a|8000/invoice.PNG"; flow:to_server,established; http.header; content:"drakesoftware.serveftp.com"; fast_pattern; nocase; http.uri; content:"/invoice.PNG"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 101.99.94.234 8090 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//101.99.94.234|3a|8090/w.exe"; flow:to_server,established; http.header; content:"101.99.94.234"; fast_pattern; nocase; http.uri; content:"/w.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 101.99.94.234 8090 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//101.99.94.234|3a|8090/x.exe"; flow:to_server,established; http.header; content:"101.99.94.234"; fast_pattern; nocase; http.uri; content:"/x.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 101.99.94.234 8000 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//101.99.94.234|3a|8000/new1.ps1"; flow:to_server,established; http.header; content:"101.99.94.234"; fast_pattern; nocase; http.uri; content:"/new1.ps1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 101.99.94.234 8000 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//101.99.94.234|3a|8000/$6"; flow:to_server,established; http.header; content:"101.99.94.234"; fast_pattern; nocase; http.uri; content:"/$6"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 101.99.94.234 8000 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//101.99.94.234|3a|8000/fres1.ps1"; flow:to_server,established; http.header; content:"101.99.94.234"; fast_pattern; nocase; http.uri; content:"/fres1.ps1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 101.99.94.234 8000 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//101.99.94.234|3a|8000/KdsCli.dll"; flow:to_server,established; http.header; content:"101.99.94.234"; fast_pattern; nocase; http.uri; content:"/KdsCli.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 101.99.94.234 8000 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//101.99.94.234|3a|8000/file.ps1"; flow:to_server,established; http.header; content:"101.99.94.234"; fast_pattern; nocase; http.uri; content:"/file.ps1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 101.99.94.234 8000 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//101.99.94.234|3a|8000/hey.pdf2"; flow:to_server,established; http.header; content:"101.99.94.234"; fast_pattern; nocase; http.uri; content:"/hey.pdf2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 101.99.94.234 8000 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//101.99.94.234|3a|8000/cas.ps1"; flow:to_server,established; http.header; content:"101.99.94.234"; fast_pattern; nocase; http.uri; content:"/cas.ps1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 101.99.94.234 8090 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//101.99.94.234|3a|8090/a.exe"; flow:to_server,established; http.header; content:"101.99.94.234"; fast_pattern; nocase; http.uri; content:"/a.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//148.163.93.51|7c|9090"; flow:to_server,established; http.header; content:"148.163.93.51|7c|9090"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> 101.99.94.234 9900 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//101.99.94.234|3a|9900"; flow:to_server,established; http.header; content:"101.99.94.234"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert ip $HOME_NET any -> 91.92.252.116 2222 (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing To IP: 91.92.252.116|2222"; classtype:trojan-activity; sid:37018841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert dns any any -> any any (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Hostname server1.kamon.la"; dns.query; content:"server1.kamon.la"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1\.kamon\.la$/i"; classtype:trojan-activity; sid:37018851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25832 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing HTTP Hostname server1.kamon.la"; flow:to_server,established; http.header; content: "Host|3a| server1.kamon.la"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1\.kamon\.la[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37018852; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25832;) alert dns any any -> any any (msg: "MISP e25810 [] Domain noiphabibi.ddns.net"; dns.query; content:"noiphabibi.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])noiphabibi\.ddns\.net$/i"; classtype:trojan-activity; sid:36990721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain noiphabibi.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"noiphabibi.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])noiphabibi\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 213.159.61.169 1177 (msg: "MISP e25810 [] Outgoing To IP: 213.159.61.169|1177"; classtype:trojan-activity; sid:36990731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain vinijr27.duckdns.org"; dns.query; content:"vinijr27.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])vinijr27\.duckdns\.org$/i"; classtype:trojan-activity; sid:36990741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain vinijr27.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vinijr27.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vinijr27\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 46.246.4.20 3030 (msg: "MISP e25810 [] Outgoing To IP: 46.246.4.20|3030"; classtype:trojan-activity; sid:36990751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 194.147.140.138 3320 (msg: "MISP e25649 [QuasarRAT,RAT] Outgoing To IP: 194.147.140.138|3320"; classtype:trojan-activity; sid:36899801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert dns any any -> any any (msg: "MISP e25648 [] Domain home-bancoitau-cl-bancoitau-cl.home-it.cfd"; dns.query; content:"home-bancoitau-cl-bancoitau-cl.home-it.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])home\-bancoitau\-cl\-bancoitau\-cl\.home\-it\.cfd$/i"; classtype:trojan-activity; sid:36897941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25648;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25648 [] Outgoing HTTP Domain home-bancoitau-cl-bancoitau-cl.home-it.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"home-bancoitau-cl-bancoitau-cl.home-it.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])home\-bancoitau\-cl\-bancoitau\-cl\.home\-it\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36897942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25648;) alert ip $HOME_NET any -> 194.147.140.138 3320 (msg: "MISP e25810 [] Outgoing To IP: 194.147.140.138|3320"; classtype:trojan-activity; sid:36990761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname tgadminuser.web-cs.top"; dns.query; content:"tgadminuser.web-cs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-cs\.top$/i"; classtype:trojan-activity; sid:36924981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname tgadminuser.web-cs.top"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.web-cs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-cs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36924982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname tgadminuser.web-cs.vip"; dns.query; content:"tgadminuser.web-cs.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-cs\.vip$/i"; classtype:trojan-activity; sid:36925011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname tgadminuser.web-cs.vip"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.web-cs.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-cs\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname teleptrcm.fit"; dns.query; content:"teleptrcm.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrcm\.fit$/i"; classtype:trojan-activity; sid:36925041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname teleptrcm.fit"; flow:to_server,established; http.header; content: "Host|3a| teleptrcm.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrcm\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//teleptrcm.fit/"; flow:to_server,established; http.header; content:"teleptrcm.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36925051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname telegbram.org"; dns.query; content:"telegbram.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegbram\.org$/i"; classtype:trojan-activity; sid:36925071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname telegbram.org"; flow:to_server,established; http.header; content: "Host|3a| telegbram.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegbram\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//telegbram.org/"; flow:to_server,established; http.header; content:"telegbram.org"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36925081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname telegrems.com"; dns.query; content:"telegrems.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrems\.com$/i"; classtype:trojan-activity; sid:36925101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname telegrems.com"; flow:to_server,established; http.header; content: "Host|3a| telegrems.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrems\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//telegrems.com/"; flow:to_server,established; http.header; content:"telegrems.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36925111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname telegdram.org"; dns.query; content:"telegdram.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegdram\.org$/i"; classtype:trojan-activity; sid:36925131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname telegdram.org"; flow:to_server,established; http.header; content: "Host|3a| telegdram.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegdram\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//telegdram.org/"; flow:to_server,established; http.header; content:"telegdram.org"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36925141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname telegoram.org"; dns.query; content:"telegoram.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegoram\.org$/i"; classtype:trojan-activity; sid:36925161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname telegoram.org"; flow:to_server,established; http.header; content: "Host|3a| telegoram.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegoram\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//telegoram.org/"; flow:to_server,established; http.header; content:"telegoram.org"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36925171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname teleptrcm.club"; dns.query; content:"teleptrcm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrcm\.club$/i"; classtype:trojan-activity; sid:36925191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname teleptrcm.club"; flow:to_server,established; http.header; content: "Host|3a| teleptrcm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrcm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//teleptrcm.club/"; flow:to_server,established; http.header; content:"teleptrcm.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36925201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname telegwram.org"; dns.query; content:"telegwram.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegwram\.org$/i"; classtype:trojan-activity; sid:36925221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname telegwram.org"; flow:to_server,established; http.header; content: "Host|3a| telegwram.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegwram\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//telegwram.org/"; flow:to_server,established; http.header; content:"telegwram.org"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36925231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname telegzram.org"; dns.query; content:"telegzram.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegzram\.org$/i"; classtype:trojan-activity; sid:36925251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname telegzram.org"; flow:to_server,established; http.header; content: "Host|3a| telegzram.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegzram\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//telegzram.org/"; flow:to_server,established; http.header; content:"telegzram.org"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36925261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname server-104246.square.site"; dns.query; content:"server-104246.square.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server\-104246\.square\.site$/i"; classtype:trojan-activity; sid:36925281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname server-104246.square.site"; flow:to_server,established; http.header; content: "Host|3a| server-104246.square.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server\-104246\.square\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname tapk.it"; dns.query; content:"tapk.it"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tapk\.it$/i"; classtype:trojan-activity; sid:36925311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname tapk.it"; flow:to_server,established; http.header; content: "Host|3a| tapk.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tapk\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname lucky-voice-c257.zhupeiqi.workers.dev"; dns.query; content:"lucky-voice-c257.zhupeiqi.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucky\-voice\-c257\.zhupeiqi\.workers\.dev$/i"; classtype:trojan-activity; sid:36925341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname lucky-voice-c257.zhupeiqi.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| lucky-voice-c257.zhupeiqi.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucky\-voice\-c257\.zhupeiqi\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:36925371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//telegram.dog/+x_LWdVtq_Wo1ZmQ1"; flow:to_server,established; http.header; content:"telegram.dog"; fast_pattern; nocase; http.uri; content:"/+x_LWdVtq_Wo1ZmQ1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36925381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname deanstojic.org"; dns.query; content:"deanstojic.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deanstojic\.org$/i"; classtype:trojan-activity; sid:36925401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname deanstojic.org"; flow:to_server,established; http.header; content: "Host|3a| deanstojic.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deanstojic\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname olpl.org"; dns.query; content:"olpl.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])olpl\.org$/i"; classtype:trojan-activity; sid:36925431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname olpl.org"; flow:to_server,established; http.header; content: "Host|3a| olpl.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])olpl\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname gci.oco.mybluehost.me"; dns.query; content:"gci.oco.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gci\.oco\.mybluehost\.me$/i"; classtype:trojan-activity; sid:36925461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname gci.oco.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| gci.oco.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gci\.oco\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname kythira.net.au"; dns.query; content:"kythira.net.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kythira\.net\.au$/i"; classtype:trojan-activity; sid:36925491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname kythira.net.au"; flow:to_server,established; http.header; content: "Host|3a| kythira.net.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kythira\.net\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//kythira.net.au/"; flow:to_server,established; http.header; content:"kythira.net.au"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36925501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname aparajitausa.org"; dns.query; content:"aparajitausa.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aparajitausa\.org$/i"; classtype:trojan-activity; sid:36925521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname aparajitausa.org"; flow:to_server,established; http.header; content: "Host|3a| aparajitausa.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aparajitausa\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname www-login-swisspass-ch-wissra-swisspassch.codeanyapp.com"; dns.query; content:"www-login-swisspass-ch-wissra-swisspassch.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-login\-swisspass\-ch\-wissra\-swisspassch\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:36925551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname www-login-swisspass-ch-wissra-swisspassch.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| www-login-swisspass-ch-wissra-swisspassch.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-login\-swisspass\-ch\-wissra\-swisspassch\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname d2hr8xk55.urest.org"; dns.query; content:"d2hr8xk55.urest.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d2hr8xk55\.urest\.org$/i"; classtype:trojan-activity; sid:36925581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname d2hr8xk55.urest.org"; flow:to_server,established; http.header; content: "Host|3a| d2hr8xk55.urest.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d2hr8xk55\.urest\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname ifoundstudio.com"; dns.query; content:"ifoundstudio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ifoundstudio\.com$/i"; classtype:trojan-activity; sid:36925611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname ifoundstudio.com"; flow:to_server,established; http.header; content: "Host|3a| ifoundstudio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ifoundstudio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname holycityentebbe.org"; dns.query; content:"holycityentebbe.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])holycityentebbe\.org$/i"; classtype:trojan-activity; sid:36925641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname holycityentebbe.org"; flow:to_server,established; http.header; content: "Host|3a| holycityentebbe.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])holycityentebbe\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> 27.215.79.126 52901 (msg: "MISP e25717 [] Outgoing URL http|3a|//27.215.79.126|3a|52901/Mozi.m"; flow:to_server,established; http.header; content:"27.215.79.126"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.121.166.6 58355 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.121.166.6|3a|58355/bin.sh"; flow:to_server,established; http.header; content:"182.121.166.6"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.121.166.6 58355 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.121.166.6|3a|58355/"; flow:to_server,established; http.header; content:"182.121.166.6"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.119.182.155 49697 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.119.182.155|3a|49697/i"; flow:to_server,established; http.header; content:"182.119.182.155"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.117.40.23 36132 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.117.40.23|3a|36132/Mozi.m"; flow:to_server,established; http.header; content:"182.117.40.23"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.112.57.157 44068 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.112.57.157|3a|44068/"; flow:to_server,established; http.header; content:"182.112.57.157"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 125.40.150.8 50441 (msg: "MISP e25717 [] Outgoing URL http|3a|//125.40.150.8|3a|50441/i"; flow:to_server,established; http.header; content:"125.40.150.8"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.217.39.144 33831 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.217.39.144|3a|33831/i"; flow:to_server,established; http.header; content:"117.217.39.144"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.217.39.144 33831 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.217.39.144|3a|33831/bin.sh"; flow:to_server,established; http.header; content:"117.217.39.144"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.211.74.20 48882 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.211.74.20|3a|48882/bin.sh"; flow:to_server,established; http.header; content:"117.211.74.20"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.55.241.31 36250 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.55.241.31|3a|36250/i"; flow:to_server,established; http.header; content:"115.55.241.31"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.55.241.31 36250 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.55.241.31|3a|36250/bin.sh"; flow:to_server,established; http.header; content:"115.55.241.31"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.55.241.31 36250 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.55.241.31|3a|36250/"; flow:to_server,established; http.header; content:"115.55.241.31"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 113.245.218.88 45658 (msg: "MISP e25717 [] Outgoing URL http|3a|//113.245.218.88|3a|45658/Mozi.a"; flow:to_server,established; http.header; content:"113.245.218.88"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 112.248.249.39 34084 (msg: "MISP e25717 [] Outgoing URL http|3a|//112.248.249.39|3a|34084/Mozi.m"; flow:to_server,established; http.header; content:"112.248.249.39"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 222.138.182.152 33190 (msg: "MISP e25717 [] Outgoing URL http|3a|//222.138.182.152|3a|33190/bin.sh"; flow:to_server,established; http.header; content:"222.138.182.152"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.119.182.155 49697 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.119.182.155|3a|49697/bin.sh"; flow:to_server,established; http.header; content:"182.119.182.155"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.55.93.48 53179 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.55.93.48|3a|53179/"; flow:to_server,established; http.header; content:"115.55.93.48"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 42.239.178.48 36870 (msg: "MISP e25717 [] Outgoing URL http|3a|//42.239.178.48|3a|36870/i"; flow:to_server,established; http.header; content:"42.239.178.48"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 39.187.73.86 44651 (msg: "MISP e25717 [] Outgoing URL http|3a|//39.187.73.86|3a|44651/bin.sh"; flow:to_server,established; http.header; content:"39.187.73.86"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.116.122.148 33209 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.116.122.148|3a|33209/Mozi.m"; flow:to_server,established; http.header; content:"182.116.122.148"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 125.46.244.9 55559 (msg: "MISP e25717 [] Outgoing URL http|3a|//125.46.244.9|3a|55559/Mozi.m"; flow:to_server,established; http.header; content:"125.46.244.9"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 125.46.244.9 55559 (msg: "MISP e25717 [] Outgoing URL http|3a|//125.46.244.9|3a|55559/bin.sh"; flow:to_server,established; http.header; content:"125.46.244.9"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 125.46.244.9 55559 (msg: "MISP e25717 [] Outgoing URL http|3a|//125.46.244.9|3a|55559/"; flow:to_server,established; http.header; content:"125.46.244.9"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.202.77.6 51579 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.202.77.6|3a|51579/bin.sh"; flow:to_server,established; http.header; content:"117.202.77.6"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.56.167.84 46738 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.56.167.84|3a|46738/bin.sh"; flow:to_server,established; http.header; content:"115.56.167.84"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.55.93.209 52566 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.55.93.209|3a|52566/i"; flow:to_server,established; http.header; content:"115.55.93.209"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 110.182.241.227 61621 (msg: "MISP e25717 [] Outgoing URL http|3a|//110.182.241.227|3a|61621/.i"; flow:to_server,established; http.header; content:"110.182.241.227"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25813 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL httpS|3a|//FLETAUREM.COM/518"; flow:to_server,established; http.uri; content:"httpS|3a|//FLETAUREM.COM/518"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36991221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25813;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25813 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//HHPLAYTOM.COM/LICENSE.TXT"; flow:to_server,established; http.header; content:"HHPLAYTOM.COM"; fast_pattern; nocase; http.uri; content:"/LICENSE.TXT"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36991231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25813;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25813 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//HHPLAYTOM.COM/LICENSE2.TXT"; flow:to_server,established; http.header; content:"HHPLAYTOM.COM"; fast_pattern; nocase; http.uri; content:"/LICENSE2.TXT"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36991241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25813;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25813 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL httpS|3a|//IRINEU.COM.MX/UPDATER.EXE"; flow:to_server,established; http.uri; content:"httpS|3a|//IRINEU.COM.MX/UPDATER.EXE"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36991251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25813;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25813 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//HHPLAYTOM.COM/REGISTRAUSER.PHP"; flow:to_server,established; http.header; content:"HHPLAYTOM.COM"; fast_pattern; nocase; http.uri; content:"/REGISTRAUSER.PHP"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36991261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25813;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname themiraclehut.com"; dns.query; content:"themiraclehut.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])themiraclehut\.com$/i"; classtype:trojan-activity; sid:36925671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname themiraclehut.com"; flow:to_server,established; http.header; content: "Host|3a| themiraclehut.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])themiraclehut\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname gci.oco.mybluehost.me"; dns.query; content:"gci.oco.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gci\.oco\.mybluehost\.me$/i"; classtype:trojan-activity; sid:36925701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname gci.oco.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| gci.oco.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gci\.oco\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname swisspassfinalprojectx.web.app"; dns.query; content:"swisspassfinalprojectx.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspassfinalprojectx\.web\.app$/i"; classtype:trojan-activity; sid:36925731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname swisspassfinalprojectx.web.app"; flow:to_server,established; http.header; content: "Host|3a| swisspassfinalprojectx.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspassfinalprojectx\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname fleek.ipfs.io"; dns.query; content:"fleek.ipfs.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fleek\.ipfs\.io$/i"; classtype:trojan-activity; sid:36925761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname fleek.ipfs.io"; flow:to_server,established; http.header; content: "Host|3a| fleek.ipfs.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fleek\.ipfs\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname www.cosecasrl.it"; dns.query; content:"www.cosecasrl.it"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.cosecasrl\.it$/i"; classtype:trojan-activity; sid:36925791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname www.cosecasrl.it"; flow:to_server,established; http.header; content: "Host|3a| www.cosecasrl.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.cosecasrl\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25718 [] Outgoing URL http|3a|//www.cosecasrl.it/cgi-bin/app/swiss/"; flow:to_server,established; http.header; content:"www.cosecasrl.it"; fast_pattern; nocase; http.uri; content:"/cgi-bin/app/swiss/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36925801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname usdtairdrop.com"; dns.query; content:"usdtairdrop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usdtairdrop\.com$/i"; classtype:trojan-activity; sid:36925821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname usdtairdrop.com"; flow:to_server,established; http.header; content: "Host|3a| usdtairdrop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usdtairdrop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert dns any any -> any any (msg: "MISP e25649 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Domain invoce-social.com"; dns.query; content:"invoce-social.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])invoce\-social\.com$/i"; classtype:trojan-activity; sid:36899821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25649 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing HTTP Domain invoce-social.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"invoce-social.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])invoce\-social\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 88.214.25.253 443 (msg: "MISP e25649 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing To IP: 88.214.25.253|443"; classtype:trojan-activity; sid:36899841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25649 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing URL http|3a|//invoce-social.com/latest/v2.36/mz6phzvyk"; flow:to_server,established; http.header; content:"invoce-social.com"; fast_pattern; nocase; http.uri; content:"/latest/v2.36/mz6phzvyk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36899851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert http $HOME_NET any -> 88.214.25.253 $HTTP_PORTS (msg: "MISP e25649 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing URL http|3a|//88.214.25.253/latest/v2.36/mz6phzvyk"; flow:to_server,established; http.header; content:"88.214.25.253"; fast_pattern; nocase; http.uri; content:"/latest/v2.36/mz6phzvyk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36899861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 88.214.25.253 80 (msg: "MISP e25649 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing To IP: 88.214.25.253|80"; classtype:trojan-activity; sid:36899871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 88.214.25.253 80 (msg: "MISP e25810 [] Outgoing To IP: 88.214.25.253|80"; classtype:trojan-activity; sid:36990771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> 88.214.25.253 $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//88.214.25.253/Latest/v2.36/MZ6PHZVYK"; flow:to_server,established; http.header; content:"88.214.25.253"; fast_pattern; nocase; http.uri; content:"/Latest/v2.36/MZ6PHZVYK"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36990781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25810 [] Outgoing URL http|3a|//invoce-social.com/Latest/v2.36/MZ6PHZVYK"; flow:to_server,established; http.header; content:"invoce-social.com"; fast_pattern; nocase; http.uri; content:"/Latest/v2.36/MZ6PHZVYK"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36990791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert ip $HOME_NET any -> 88.214.25.253 443 (msg: "MISP e25810 [] Outgoing To IP: 88.214.25.253|443"; classtype:trojan-activity; sid:36990801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25810 [] Domain invoce-social.com"; dns.query; content:"invoce-social.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])invoce\-social\.com$/i"; classtype:trojan-activity; sid:36990821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25810 [] Outgoing HTTP Domain invoce-social.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"invoce-social.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])invoce\-social\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36990822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25810;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname isma.dreamhosters.com"; dns.query; content:"isma.dreamhosters.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isma\.dreamhosters\.com$/i"; classtype:trojan-activity; sid:36925851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname isma.dreamhosters.com"; flow:to_server,established; http.header; content: "Host|3a| isma.dreamhosters.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isma\.dreamhosters\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> 61.53.37.236 39983 (msg: "MISP e25717 [] Outgoing URL http|3a|//61.53.37.236|3a|39983/Mozi.m"; flow:to_server,established; http.header; content:"61.53.37.236"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 27.207.228.142 37063 (msg: "MISP e25717 [] Outgoing URL http|3a|//27.207.228.142|3a|37063/mozi.m"; flow:to_server,established; http.header; content:"27.207.228.142"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e25717 [] Outgoing URL http|3a|//193.233.132.167/lend/1234daisaaaaa.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/lend/1234daisaaaaa.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 182.112.57.157 44068 (msg: "MISP e25717 [] Outgoing URL http|3a|//182.112.57.157|3a|44068/i"; flow:to_server,established; http.header; content:"182.112.57.157"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 125.46.244.9 55559 (msg: "MISP e25717 [] Outgoing URL http|3a|//125.46.244.9|3a|55559/i"; flow:to_server,established; http.header; content:"125.46.244.9"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 125.40.150.8 50441 (msg: "MISP e25717 [] Outgoing URL http|3a|//125.40.150.8|3a|50441/Mozi.m"; flow:to_server,established; http.header; content:"125.40.150.8"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 120.211.70.84 39911 (msg: "MISP e25717 [] Outgoing URL http|3a|//120.211.70.84|3a|39911/bin.sh"; flow:to_server,established; http.header; content:"120.211.70.84"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 119.179.236.29 44101 (msg: "MISP e25717 [] Outgoing URL http|3a|//119.179.236.29|3a|44101/bin.sh"; flow:to_server,established; http.header; content:"119.179.236.29"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.201.53.97 35088 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.201.53.97|3a|35088/Mozi.m"; flow:to_server,established; http.header; content:"117.201.53.97"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 117.196.11.240 52788 (msg: "MISP e25717 [] Outgoing URL http|3a|//117.196.11.240|3a|52788/Mozi.m"; flow:to_server,established; http.header; content:"117.196.11.240"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.55.93.48 53179 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.55.93.48|3a|53179/mozi.m"; flow:to_server,established; http.header; content:"115.55.93.48"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.55.93.48 53179 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.55.93.48|3a|53179/i"; flow:to_server,established; http.header; content:"115.55.93.48"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert http $HOME_NET any -> 115.55.93.48 53179 (msg: "MISP e25717 [] Outgoing URL http|3a|//115.55.93.48|3a|53179/bin.sh"; flow:to_server,established; http.header; content:"115.55.93.48"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36915551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25717;) alert dns any any -> any any (msg: "MISP e25718 [] Hostname l.wl.co"; dns.query; content:"l.wl.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])l\.wl\.co$/i"; classtype:trojan-activity; sid:36925881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25718 [] Outgoing HTTP Hostname l.wl.co"; flow:to_server,established; http.header; content: "Host|3a| l.wl.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])l\.wl\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36925882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25718;) alert ip $HOME_NET any -> 23.94.255.161 8001 (msg: "MISP e25649 [] Outgoing To IP: 23.94.255.161|8001"; classtype:trojan-activity; sid:36899881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 154.8.157.205 8999 (msg: "MISP e25649 [] Outgoing To IP: 154.8.157.205|8999"; classtype:trojan-activity; sid:36899891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 13.36.225.33 443 (msg: "MISP e25649 [] Outgoing To IP: 13.36.225.33|443"; classtype:trojan-activity; sid:36899901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 101.43.161.148 4443 (msg: "MISP e25649 [] Outgoing To IP: 101.43.161.148|4443"; classtype:trojan-activity; sid:36899911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 101.43.161.148 4443 (msg: "MISP e25812 [misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 101.43.161.148|4443"; classtype:trojan-activity; sid:36990851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25812;) alert ip $HOME_NET any -> 13.36.225.33 443 (msg: "MISP e25812 [misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 13.36.225.33|443"; classtype:trojan-activity; sid:36990861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25812;) alert ip $HOME_NET any -> 154.8.157.205 8999 (msg: "MISP e25812 [misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 154.8.157.205|8999"; classtype:trojan-activity; sid:36990871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25812;) alert ip $HOME_NET any -> 23.94.255.161 8001 (msg: "MISP e25812 [misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 23.94.255.161|8001"; classtype:trojan-activity; sid:36990881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25812;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25649 [dcrat] Outgoing URL http|3a|//907916cm.nyashtech.top/eternalsecurehttppacketbigloadsqltest.php"; flow:to_server,established; http.header; content:"907916cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/eternalsecurehttppacketbigloadsqltest.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36899921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25649;) alert ip $HOME_NET any -> 147.78.103.18 80 (msg: "MISP e25652 [] Outgoing To IP: 147.78.103.18|80"; classtype:trojan-activity; sid:36900181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 154.8.157.205 8099 (msg: "MISP e25652 [] Outgoing To IP: 154.8.157.205|8099"; classtype:trojan-activity; sid:36900191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 94.228.123.188 3790 (msg: "MISP e25652 [] Outgoing To IP: 94.228.123.188|3790"; classtype:trojan-activity; sid:36900201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 103.86.130.35 443 (msg: "MISP e25652 [] Outgoing To IP: 103.86.130.35|443"; classtype:trojan-activity; sid:36900211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 188.127.24.220 80 (msg: "MISP e25652 [] Outgoing To IP: 188.127.24.220|80"; classtype:trojan-activity; sid:36900221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 164.155.203.165 80 (msg: "MISP e25652 [] Outgoing To IP: 164.155.203.165|80"; classtype:trojan-activity; sid:36900331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 85.209.9.184 $HTTP_PORTS (msg: "MISP e25652 [dcrat] Outgoing URL http|3a|//85.209.9.184/game/3/securetestuniversal/phpjshttpprocessorauthsqlwp.php"; flow:to_server,established; http.header; content:"85.209.9.184"; fast_pattern; nocase; http.uri; content:"/game/3/securetestuniversal/phpjshttpprocessorauthsqlwp.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 185.39.204.47 3790 (msg: "MISP e25652 [] Outgoing To IP: 185.39.204.47|3790"; classtype:trojan-activity; sid:36900951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 119.91.89.203 8888 (msg: "MISP e25652 [] Outgoing To IP: 119.91.89.203|8888"; classtype:trojan-activity; sid:36900961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 13.245.184.253 80 (msg: "MISP e25652 [] Outgoing To IP: 13.245.184.253|80"; classtype:trojan-activity; sid:36900971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25652 [dcrat] Outgoing URL http|3a|//cm56126.tw1.ru/_defaultwindows.php"; flow:to_server,established; http.header; content:"cm56126.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 178.141.170.135 55729 (msg: "MISP e25652 [] Outgoing URL http|3a|//178.141.170.135|3a|55729/mozi.m"; flow:to_server,established; http.header; content:"178.141.170.135"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 204.28.111.10 8843 (msg: "MISP e25652 [Deimos,FIBERNET-DIRECT] Outgoing To IP: 204.28.111.10|8843"; classtype:trojan-activity; sid:36901001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 94.103.87.88 8080 (msg: "MISP e25652 [Bianlian Go Trojan,VDSINA-AS] Outgoing To IP: 94.103.87.88|8080"; classtype:trojan-activity; sid:36901011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 91.92.253.160 6075 (msg: "MISP e25652 [Havoc,LIMENET] Outgoing To IP: 91.92.253.160|6075"; classtype:trojan-activity; sid:36901021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 79.107.138.79 995 (msg: "MISP e25652 [QakBot,WIND-AS] Outgoing To IP: 79.107.138.79|995"; classtype:trojan-activity; sid:36901031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 151.30.51.238 443 (msg: "MISP e25652 [ASN-WINDTRE IUNET,QakBot] Outgoing To IP: 151.30.51.238|443"; classtype:trojan-activity; sid:36901041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 45.243.218.9 995 (msg: "MISP e25652 [LINKdotNET-AS,QakBot] Outgoing To IP: 45.243.218.9|995"; classtype:trojan-activity; sid:36901051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 74.12.144.248 2078 (msg: "MISP e25652 [BACOM,QakBot] Outgoing To IP: 74.12.144.248|2078"; classtype:trojan-activity; sid:36901061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 159.235.5.173 443 (msg: "MISP e25652 [CHARTER-20115,QakBot] Outgoing To IP: 159.235.5.173|443"; classtype:trojan-activity; sid:36901071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 189.140.50.67 443 (msg: "MISP e25652 [QakBot,UNINET] Outgoing To IP: 189.140.50.67|443"; classtype:trojan-activity; sid:36901081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname pub-9d425aa9335c4307a502c0721d499bdd.r2.dev"; dns.query; content:"pub-9d425aa9335c4307a502c0721d499bdd.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-9d425aa9335c4307a502c0721d499bdd\.r2\.dev$/i"; classtype:trojan-activity; sid:37348401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname pub-9d425aa9335c4307a502c0721d499bdd.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-9d425aa9335c4307a502c0721d499bdd.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-9d425aa9335c4307a502c0721d499bdd\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//pub-9d425aa9335c4307a502c0721d499bdd.r2.dev/officemm.html"; flow:to_server,established; http.header; content:"pub-9d425aa9335c4307a502c0721d499bdd.r2.dev"; fast_pattern; nocase; http.uri; content:"/officemm.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegrzm.cn"; dns.query; content:"telegrzm.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrzm\.cn$/i"; classtype:trojan-activity; sid:37348431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegrzm.cn"; flow:to_server,established; http.header; content: "Host|3a| telegrzm.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrzm\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//telegrzm.cn/"; flow:to_server,established; http.header; content:"telegrzm.cn"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspvy.top"; dns.query; content:"usp.usspvy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvy\.top$/i"; classtype:trojan-activity; sid:37348461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspvy.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspvy.top"; flow:to_server,established; http.header; content:"usp.usspvy.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspvq.top"; dns.query; content:"usp.usspvq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvq\.top$/i"; classtype:trojan-activity; sid:37348491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspvq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspvq.top"; flow:to_server,established; http.header; content:"usp.usspvq.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspnr.top"; dns.query; content:"usp.usspnr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnr\.top$/i"; classtype:trojan-activity; sid:37348521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspnr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspnr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspnr.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.usspnr.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspo.usspqi.top"; dns.query; content:"uspo.usspqi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspqi\.top$/i"; classtype:trojan-activity; sid:37348551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspo.usspqi.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspqi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspqi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//uspo.usspqi.top"; flow:to_server,established; http.header; content:"uspo.usspqi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspo.ussphi.top"; dns.query; content:"uspo.ussphi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphi\.top$/i"; classtype:trojan-activity; sid:37348581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspo.ussphi.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//uspo.ussphi.top"; flow:to_server,established; http.header; content:"uspo.ussphi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspd.usspkw.top"; dns.query; content:"uspd.usspkw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspkw\.top$/i"; classtype:trojan-activity; sid:37348611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspd.usspkw.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspkw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspkw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//uspd.usspkw.top"; flow:to_server,established; http.header; content:"uspd.usspkw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspd.usspur.top"; dns.query; content:"uspd.usspur.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspur\.top$/i"; classtype:trojan-activity; sid:37348641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspd.usspur.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspur.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspur\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//uspd.usspur.top"; flow:to_server,established; http.header; content:"uspd.usspur.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname vodanewwaveho.com"; dns.query; content:"vodanewwaveho.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vodanewwaveho\.com$/i"; classtype:trojan-activity; sid:37348671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname vodanewwaveho.com"; flow:to_server,established; http.header; content: "Host|3a| vodanewwaveho.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vodanewwaveho\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname whass.cc"; dns.query; content:"whass.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whass\.cc$/i"; classtype:trojan-activity; sid:37348701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname whass.cc"; flow:to_server,established; http.header; content: "Host|3a| whass.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whass\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname webmail-103982.weeblysite.com"; dns.query; content:"webmail-103982.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\-103982\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37348731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname webmail-103982.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| webmail-103982.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\-103982\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname vodanewwaveho.com"; dns.query; content:"vodanewwaveho.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vodanewwaveho\.com$/i"; classtype:trojan-activity; sid:37348761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname vodanewwaveho.com"; flow:to_server,established; http.header; content: "Host|3a| vodanewwaveho.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vodanewwaveho\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspzv.top"; dns.query; content:"usp.usspzv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzv\.top$/i"; classtype:trojan-activity; sid:37348791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspzv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspzu.top"; dns.query; content:"usp.usspzu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzu\.top$/i"; classtype:trojan-activity; sid:37348821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspzu.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspzt.top"; dns.query; content:"usp.usspzt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzt\.top$/i"; classtype:trojan-activity; sid:37348851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspzt.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspzp.top"; dns.query; content:"usp.usspzp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzp\.top$/i"; classtype:trojan-activity; sid:37348881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspzp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspzn.top"; dns.query; content:"usp.usspzn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzn\.top$/i"; classtype:trojan-activity; sid:37348911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspzn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspzm.top"; dns.query; content:"usp.usspzm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzm\.top$/i"; classtype:trojan-activity; sid:37348941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspzm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspzi.top"; dns.query; content:"usp.usspzi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzi\.top$/i"; classtype:trojan-activity; sid:37348971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspzi.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspzk.top"; dns.query; content:"usp.usspzk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzk\.top$/i"; classtype:trojan-activity; sid:37349001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspzk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspzc.top"; dns.query; content:"usp.usspzc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzc\.top$/i"; classtype:trojan-activity; sid:37349031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspzc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspzd.top"; dns.query; content:"usp.usspzd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzd\.top$/i"; classtype:trojan-activity; sid:37349061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspzd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspza.top"; dns.query; content:"usp.usspza.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspza\.top$/i"; classtype:trojan-activity; sid:37349091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspza.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspza.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspza\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyz.top"; dns.query; content:"usp.usspyz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyz\.top$/i"; classtype:trojan-activity; sid:37349121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyv.top"; dns.query; content:"usp.usspyv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyv\.top$/i"; classtype:trojan-activity; sid:37349151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyr.top"; dns.query; content:"usp.usspyr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyr\.top$/i"; classtype:trojan-activity; sid:37349181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyq.top"; dns.query; content:"usp.usspyq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyq\.top$/i"; classtype:trojan-activity; sid:37349211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyo.top"; dns.query; content:"usp.usspyo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyo\.top$/i"; classtype:trojan-activity; sid:37349241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyo.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyp.top"; dns.query; content:"usp.usspyp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyp\.top$/i"; classtype:trojan-activity; sid:37349271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspym.top"; dns.query; content:"usp.usspym.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspym\.top$/i"; classtype:trojan-activity; sid:37349301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspym.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspym.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspym\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyl.top"; dns.query; content:"usp.usspyl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyl\.top$/i"; classtype:trojan-activity; sid:37349331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyl.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyk.top"; dns.query; content:"usp.usspyk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyk\.top$/i"; classtype:trojan-activity; sid:37349361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyj.top"; dns.query; content:"usp.usspyj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyj\.top$/i"; classtype:trojan-activity; sid:37349391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspye.top"; dns.query; content:"usp.usspye.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspye\.top$/i"; classtype:trojan-activity; sid:37349421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspye.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspye.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspye\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyd.top"; dns.query; content:"usp.usspyd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyd\.top$/i"; classtype:trojan-activity; sid:37349451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyc.top"; dns.query; content:"usp.usspyc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyc\.top$/i"; classtype:trojan-activity; sid:37349481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwz.top"; dns.query; content:"usp.usspwz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwz\.top$/i"; classtype:trojan-activity; sid:37349511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspyb.top"; dns.query; content:"usp.usspyb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyb\.top$/i"; classtype:trojan-activity; sid:37349541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspyb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwv.top"; dns.query; content:"usp.usspwv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwv\.top$/i"; classtype:trojan-activity; sid:37349571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwy.top"; dns.query; content:"usp.usspwy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwy\.top$/i"; classtype:trojan-activity; sid:37349601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwy.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspws.top"; dns.query; content:"usp.usspws.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspws\.top$/i"; classtype:trojan-activity; sid:37349631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspws.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspws.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspws\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwq.top"; dns.query; content:"usp.usspwq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwq\.top$/i"; classtype:trojan-activity; sid:37349661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwp.top"; dns.query; content:"usp.usspwp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwp\.top$/i"; classtype:trojan-activity; sid:37349691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwo.top"; dns.query; content:"usp.usspwo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwo\.top$/i"; classtype:trojan-activity; sid:37349721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwo.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwn.top"; dns.query; content:"usp.usspwn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwn\.top$/i"; classtype:trojan-activity; sid:37349751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwm.top"; dns.query; content:"usp.usspwm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwm\.top$/i"; classtype:trojan-activity; sid:37349781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwj.top"; dns.query; content:"usp.usspwj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwj\.top$/i"; classtype:trojan-activity; sid:37349811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwh.top"; dns.query; content:"usp.usspwh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwh\.top$/i"; classtype:trojan-activity; sid:37349841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwh.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwb.top"; dns.query; content:"usp.usspwb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwb\.top$/i"; classtype:trojan-activity; sid:37349871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwe.top"; dns.query; content:"usp.usspwe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwe\.top$/i"; classtype:trojan-activity; sid:37349901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwe.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwc.top"; dns.query; content:"usp.usspwc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwc\.top$/i"; classtype:trojan-activity; sid:37349931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspwa.top"; dns.query; content:"usp.usspwa.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwa\.top$/i"; classtype:trojan-activity; sid:37349961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspwa.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwa.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwa\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspvq.top"; dns.query; content:"usp.usspvq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvq\.top$/i"; classtype:trojan-activity; sid:37349991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspvq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37349992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspva.top"; dns.query; content:"usp.usspva.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspva\.top$/i"; classtype:trojan-activity; sid:37350021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspva.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspva.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspva\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspuz.top"; dns.query; content:"usp.usspuz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuz\.top$/i"; classtype:trojan-activity; sid:37350051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspuz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspuz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspuw.top"; dns.query; content:"usp.usspuw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuw\.top$/i"; classtype:trojan-activity; sid:37350081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspuw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspuw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussput.top"; dns.query; content:"usp.ussput.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussput\.top$/i"; classtype:trojan-activity; sid:37350111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussput.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussput.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussput\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspul.top"; dns.query; content:"usp.usspul.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspul\.top$/i"; classtype:trojan-activity; sid:37350141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspul.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspul.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspul\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussptv.top"; dns.query; content:"usp.ussptv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptv\.top$/i"; classtype:trojan-activity; sid:37350171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussptv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspta.top"; dns.query; content:"usp.usspta.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspta\.top$/i"; classtype:trojan-activity; sid:37350201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspta.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspta.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspta\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspti.top"; dns.query; content:"usp.usspti.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspti\.top$/i"; classtype:trojan-activity; sid:37350231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspti.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspti.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspti\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspsq.top"; dns.query; content:"usp.usspsq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsq\.top$/i"; classtype:trojan-activity; sid:37350261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspsq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspsq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspqr.top"; dns.query; content:"usp.usspqr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqr\.top$/i"; classtype:trojan-activity; sid:37350291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspqr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspsp.top"; dns.query; content:"usp.usspsp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsp\.top$/i"; classtype:trojan-activity; sid:37350321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspsp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspsp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspqp.top"; dns.query; content:"usp.usspqp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqp\.top$/i"; classtype:trojan-activity; sid:37350351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspqp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussppe.top"; dns.query; content:"usp.ussppe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppe\.top$/i"; classtype:trojan-activity; sid:37350381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussppe.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usps.orderpostctrl.com"; dns.query; content:"usps.orderpostctrl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.orderpostctrl\.com$/i"; classtype:trojan-activity; sid:37350411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usps.orderpostctrl.com"; flow:to_server,established; http.header; content: "Host|3a| usps.orderpostctrl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.orderpostctrl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usps.usspaks.top"; dns.query; content:"usps.usspaks.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.usspaks\.top$/i"; classtype:trojan-activity; sid:37350441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usps.usspaks.top"; flow:to_server,established; http.header; content: "Host|3a| usps.usspaks.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.usspaks\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usps.mytrackingeb.top"; dns.query; content:"usps.mytrackingeb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingeb\.top$/i"; classtype:trojan-activity; sid:37350471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usps.mytrackingeb.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingeb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingeb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usps.bbbddeecc.cc"; dns.query; content:"usps.bbbddeecc.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.bbbddeecc\.cc$/i"; classtype:trojan-activity; sid:37350501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usps.bbbddeecc.cc"; flow:to_server,established; http.header; content: "Host|3a| usps.bbbddeecc.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.bbbddeecc\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspo.usspwn.top"; dns.query; content:"uspo.usspwn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwn\.top$/i"; classtype:trojan-activity; sid:37350531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspo.usspwn.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspwn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspo.usspwh.top"; dns.query; content:"uspo.usspwh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwh\.top$/i"; classtype:trojan-activity; sid:37350561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspo.usspwh.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspwh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspo.ussput.top"; dns.query; content:"uspo.ussput.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussput\.top$/i"; classtype:trojan-activity; sid:37350591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspo.ussput.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussput.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussput\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspo.ussptc.top"; dns.query; content:"uspo.ussptc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptc\.top$/i"; classtype:trojan-activity; sid:37350621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspo.ussptc.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussptc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspo.ussphc.top"; dns.query; content:"uspo.ussphc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphc\.top$/i"; classtype:trojan-activity; sid:37350651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspo.ussphc.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspe.usspqe.top"; dns.query; content:"uspe.usspqe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqe\.top$/i"; classtype:trojan-activity; sid:37350681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspe.usspqe.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspqe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspost.comtpost.top"; dns.query; content:"uspost.comtpost.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspost\.comtpost\.top$/i"; classtype:trojan-activity; sid:37350711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspost.comtpost.top"; flow:to_server,established; http.header; content: "Host|3a| uspost.comtpost.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspost\.comtpost\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspe.usspqc.top"; dns.query; content:"uspe.usspqc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqc\.top$/i"; classtype:trojan-activity; sid:37350741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspe.usspqc.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspqc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspe.ussppy.top"; dns.query; content:"uspe.ussppy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppy\.top$/i"; classtype:trojan-activity; sid:37350771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspe.ussppy.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.ussppy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspd.usspbv.top"; dns.query; content:"uspd.usspbv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspbv\.top$/i"; classtype:trojan-activity; sid:37350801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspd.usspbv.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspbv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspbv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspd.usspag.top"; dns.query; content:"uspd.usspag.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspag\.top$/i"; classtype:trojan-activity; sid:37350831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspd.usspag.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspag.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspag\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname suod.pages.dev"; dns.query; content:"suod.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])suod\.pages\.dev$/i"; classtype:trojan-activity; sid:37350861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname suod.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| suod.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])suod\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//suod.pages.dev"; flow:to_server,established; http.header; content:"suod.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37350871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usgmps.com"; dns.query; content:"usgmps.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usgmps\.com$/i"; classtype:trojan-activity; sid:37350891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usgmps.com"; flow:to_server,established; http.header; content: "Host|3a| usgmps.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usgmps\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tracking-uspso-ky.com"; dns.query; content:"tracking-uspso-ky.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-uspso\-ky\.com$/i"; classtype:trojan-activity; sid:37350921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tracking-uspso-ky.com"; flow:to_server,established; http.header; content: "Host|3a| tracking-uspso-ky.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-uspso\-ky\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tcc-29j.pages.dev"; dns.query; content:"tcc-29j.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tcc\-29j\.pages\.dev$/i"; classtype:trojan-activity; sid:37350951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tcc-29j.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| tcc-29j.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tcc\-29j\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname super-cell-0084.memlelerki1060.workers.dev"; dns.query; content:"super-cell-0084.memlelerki1060.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])super\-cell\-0084\.memlelerki1060\.workers\.dev$/i"; classtype:trojan-activity; sid:37350981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname super-cell-0084.memlelerki1060.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| super-cell-0084.memlelerki1060.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])super\-cell\-0084\.memlelerki1060\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37350982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37351011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37351041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37351071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37351101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname servec.template-radio.getonnet.dev"; dns.query; content:"servec.template-radio.getonnet.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev$/i"; classtype:trojan-activity; sid:37351131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname servec.template-radio.getonnet.dev"; flow:to_server,established; http.header; content: "Host|3a| servec.template-radio.getonnet.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37351161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname royal-tooth-6db4.gojaces681ese.workers.dev"; dns.query; content:"royal-tooth-6db4.gojaces681ese.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])royal\-tooth\-6db4\.gojaces681ese\.workers\.dev$/i"; classtype:trojan-activity; sid:37351191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname royal-tooth-6db4.gojaces681ese.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| royal-tooth-6db4.gojaces681ese.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])royal\-tooth\-6db4\.gojaces681ese\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname sprawa-konto-powiadomianie794.netlify.app"; dns.query; content:"sprawa-konto-powiadomianie794.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sprawa\-konto\-powiadomianie794\.netlify\.app$/i"; classtype:trojan-activity; sid:37351221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname sprawa-konto-powiadomianie794.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| sprawa-konto-powiadomianie794.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sprawa\-konto\-powiadomianie794\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//sprawa-konto-powiadomianie794.netlify.app"; flow:to_server,established; http.header; content:"sprawa-konto-powiadomianie794.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37351231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname pemulihanfacebokk2828.from36.biz.id"; dns.query; content:"pemulihanfacebokk2828.from36.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pemulihanfacebokk2828\.from36\.biz\.id$/i"; classtype:trojan-activity; sid:37351251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname pemulihanfacebokk2828.from36.biz.id"; flow:to_server,established; http.header; content: "Host|3a| pemulihanfacebokk2828.from36.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pemulihanfacebokk2828\.from36\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname ipfs.eth.aragon.network"; dns.query; content:"ipfs.eth.aragon.network"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ipfs\.eth\.aragon\.network$/i"; classtype:trojan-activity; sid:37351281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname ipfs.eth.aragon.network"; flow:to_server,established; http.header; content: "Host|3a| ipfs.eth.aragon.network"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ipfs\.eth\.aragon\.network[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname ipfs.eth.aragon.network"; dns.query; content:"ipfs.eth.aragon.network"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ipfs\.eth\.aragon\.network$/i"; classtype:trojan-activity; sid:37351311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname ipfs.eth.aragon.network"; flow:to_server,established; http.header; content: "Host|3a| ipfs.eth.aragon.network"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ipfs\.eth\.aragon\.network[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname grupwahatsapp.asdxx.me"; dns.query; content:"grupwahatsapp.asdxx.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwahatsapp\.asdxx\.me$/i"; classtype:trojan-activity; sid:37351341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname grupwahatsapp.asdxx.me"; flow:to_server,established; http.header; content: "Host|3a| grupwahatsapp.asdxx.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwahatsapp\.asdxx\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname efyuefyyurwdhwdfjhjhefjwdjwdjkwdjwd.weebly.com"; dns.query; content:"efyuefyyurwdhwdfjhjhefjwdjwdjkwdjwd.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])efyuefyyurwdhwdfjhjhefjwdjwdjkwdjwd\.weebly\.com$/i"; classtype:trojan-activity; sid:37351371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname efyuefyyurwdhwdfjhjhefjwdjwdjkwdjwd.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| efyuefyyurwdhwdfjhjhefjwdjwdjkwdjwd.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])efyuefyyurwdhwdfjhjhefjwdjwdjkwdjwd\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname djr.pages.dev"; dns.query; content:"djr.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djr\.pages\.dev$/i"; classtype:trojan-activity; sid:37351401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname djr.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| djr.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djr\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname zpgkqg.com"; dns.query; content:"zpgkqg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zpgkqg\.com$/i"; classtype:trojan-activity; sid:37351431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname zpgkqg.com"; flow:to_server,established; http.header; content: "Host|3a| zpgkqg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zpgkqg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname dcv.pages.dev"; dns.query; content:"dcv.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dcv\.pages\.dev$/i"; classtype:trojan-activity; sid:37351461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname dcv.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dcv.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dcv\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname bygc-4fu.pages.dev"; dns.query; content:"bygc-4fu.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bygc\-4fu\.pages\.dev$/i"; classtype:trojan-activity; sid:37351551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname bygc-4fu.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bygc-4fu.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bygc\-4fu\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname bygc-4fu.pages.dev"; dns.query; content:"bygc-4fu.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bygc\-4fu\.pages\.dev$/i"; classtype:trojan-activity; sid:37351581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname bygc-4fu.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bygc-4fu.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bygc\-4fu\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname autogielda-nowakiewicz.pl"; dns.query; content:"autogielda-nowakiewicz.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-nowakiewicz\.pl$/i"; classtype:trojan-activity; sid:37351641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname autogielda-nowakiewicz.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-nowakiewicz.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-nowakiewicz\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname auto-garczynski.pl"; dns.query; content:"auto-garczynski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-garczynski\.pl$/i"; classtype:trojan-activity; sid:37351671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname auto-garczynski.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-garczynski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-garczynski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname auta-sowinski.pl"; dns.query; content:"auta-sowinski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-sowinski\.pl$/i"; classtype:trojan-activity; sid:37351701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname auta-sowinski.pl"; flow:to_server,established; http.header; content: "Host|3a| auta-sowinski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-sowinski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname africplans.com"; dns.query; content:"africplans.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])africplans\.com$/i"; classtype:trojan-activity; sid:37351731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname africplans.com"; flow:to_server,established; http.header; content: "Host|3a| africplans.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])africplans\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname instagramloqin.blogspot.com"; dns.query; content:"instagramloqin.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramloqin\.blogspot\.com$/i"; classtype:trojan-activity; sid:37351761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname instagramloqin.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| instagramloqin.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramloqin\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 827281-fc4b.palmidhis.workers.dev"; dns.query; content:"827281-fc4b.palmidhis.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])827281\-fc4b\.palmidhis\.workers\.dev$/i"; classtype:trojan-activity; sid:37351791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 827281-fc4b.palmidhis.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 827281-fc4b.palmidhis.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])827281\-fc4b\.palmidhis\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 595ed0a3ac89d897a429ce28c81ac3.pages.dev"; dns.query; content:"595ed0a3ac89d897a429ce28c81ac3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])595ed0a3ac89d897a429ce28c81ac3\.pages\.dev$/i"; classtype:trojan-activity; sid:37351821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 595ed0a3ac89d897a429ce28c81ac3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 595ed0a3ac89d897a429ce28c81ac3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])595ed0a3ac89d897a429ce28c81ac3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname restaurar-singnew.liveblog365.com"; dns.query; content:"restaurar-singnew.liveblog365.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])restaurar\-singnew\.liveblog365\.com$/i"; classtype:trojan-activity; sid:37351851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname restaurar-singnew.liveblog365.com"; flow:to_server,established; http.header; content: "Host|3a| restaurar-singnew.liveblog365.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])restaurar\-singnew\.liveblog365\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//restaurar-singnew.liveblog365.com/?i=1"; flow:to_server,established; http.header; content:"restaurar-singnew.liveblog365.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37351861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname plhfdte.weebly.com"; dns.query; content:"plhfdte.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])plhfdte\.weebly\.com$/i"; classtype:trojan-activity; sid:37351881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname plhfdte.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| plhfdte.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])plhfdte\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//plhfdte.weebly.com"; flow:to_server,established; http.header; content:"plhfdte.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37351891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname instagramloqin.blogspot.ba"; dns.query; content:"instagramloqin.blogspot.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramloqin\.blogspot\.ba$/i"; classtype:trojan-activity; sid:37351911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname instagramloqin.blogspot.ba"; flow:to_server,established; http.header; content: "Host|3a| instagramloqin.blogspot.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramloqin\.blogspot\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//instagramloqin.blogspot.ba"; flow:to_server,established; http.header; content:"instagramloqin.blogspot.ba"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37351921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname instagramloqin.blogspot.mk"; dns.query; content:"instagramloqin.blogspot.mk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramloqin\.blogspot\.mk$/i"; classtype:trojan-activity; sid:37351941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname instagramloqin.blogspot.mk"; flow:to_server,established; http.header; content: "Host|3a| instagramloqin.blogspot.mk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramloqin\.blogspot\.mk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//instagramloqin.blogspot.mk"; flow:to_server,established; http.header; content:"instagramloqin.blogspot.mk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37351951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname hello-world-silent-math-7ff0.dilmakamla.workers.dev"; dns.query; content:"hello-world-silent-math-7ff0.dilmakamla.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-silent\-math\-7ff0\.dilmakamla\.workers\.dev$/i"; classtype:trojan-activity; sid:37351971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname hello-world-silent-math-7ff0.dilmakamla.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-silent-math-7ff0.dilmakamla.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-silent\-math\-7ff0\.dilmakamla\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37351972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//hello-world-silent-math-7ff0.dilmakamla.workers.dev"; flow:to_server,established; http.header; content:"hello-world-silent-math-7ff0.dilmakamla.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37351981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname freefire11115874.gettlinkku.my.id"; dns.query; content:"freefire11115874.gettlinkku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freefire11115874\.gettlinkku\.my\.id$/i"; classtype:trojan-activity; sid:37352001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname freefire11115874.gettlinkku.my.id"; flow:to_server,established; http.header; content: "Host|3a| freefire11115874.gettlinkku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freefire11115874\.gettlinkku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//freefire11115874.gettlinkku.my.id"; flow:to_server,established; http.header; content:"freefire11115874.gettlinkku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37352011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname bafybeickiko6pyo2enm4dgqybdzk4pgggml6aufp6mo5kix76wpk6wq7mm.ipfs.w3s.link"; dns.query; content:"bafybeickiko6pyo2enm4dgqybdzk4pgggml6aufp6mo5kix76wpk6wq7mm.ipfs.w3s.link"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeickiko6pyo2enm4dgqybdzk4pgggml6aufp6mo5kix76wpk6wq7mm\.ipfs\.w3s\.link$/i"; classtype:trojan-activity; sid:37352031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname bafybeickiko6pyo2enm4dgqybdzk4pgggml6aufp6mo5kix76wpk6wq7mm.ipfs.w3s.link"; flow:to_server,established; http.header; content: "Host|3a| bafybeickiko6pyo2enm4dgqybdzk4pgggml6aufp6mo5kix76wpk6wq7mm.ipfs.w3s.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeickiko6pyo2enm4dgqybdzk4pgggml6aufp6mo5kix76wpk6wq7mm\.ipfs\.w3s\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//bafybeickiko6pyo2enm4dgqybdzk4pgggml6aufp6mo5kix76wpk6wq7mm.ipfs.w3s.link/index%20%281gyigiy9%29.html/"; flow:to_server,established; http.header; content:"bafybeickiko6pyo2enm4dgqybdzk4pgggml6aufp6mo5kix76wpk6wq7mm.ipfs.w3s.link"; fast_pattern; nocase; http.uri; content:"/index%20%281gyigiy9%29.html/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37352041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37352061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev/46c75147-864e-44eb-b45d-b91cac48f907"; flow:to_server,established; http.header; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; http.uri; content:"/46c75147-864e-44eb-b45d-b91cac48f907"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37352071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37352091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev/c05ce4e8-e84a-4afd-b044-1cfbef82fc02"; flow:to_server,established; http.header; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; http.uri; content:"/c05ce4e8-e84a-4afd-b044-1cfbef82fc02"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37352101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37352121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname pub-69a9a2d95edf40919ba4345b4a0fe4cc.r2.dev"; dns.query; content:"pub-69a9a2d95edf40919ba4345b4a0fe4cc.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-69a9a2d95edf40919ba4345b4a0fe4cc\.r2\.dev$/i"; classtype:trojan-activity; sid:37352151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname pub-69a9a2d95edf40919ba4345b4a0fe4cc.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-69a9a2d95edf40919ba4345b4a0fe4cc.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-69a9a2d95edf40919ba4345b4a0fe4cc\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37352181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37352211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37352241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37352271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37352301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37352331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37352361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37352391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname pub-481952cd52794b83847f56c94c3dcfae.r2.dev"; dns.query; content:"pub-481952cd52794b83847f56c94c3dcfae.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-481952cd52794b83847f56c94c3dcfae\.r2\.dev$/i"; classtype:trojan-activity; sid:37352421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname pub-481952cd52794b83847f56c94c3dcfae.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-481952cd52794b83847f56c94c3dcfae.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-481952cd52794b83847f56c94c3dcfae\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//pub-481952cd52794b83847f56c94c3dcfae.r2.dev/ondo7.html"; flow:to_server,established; http.header; content:"pub-481952cd52794b83847f56c94c3dcfae.r2.dev"; fast_pattern; nocase; http.uri; content:"/ondo7.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37352431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname pub-29b91ee49c284e5ab882b8585647e8f8.r2.dev"; dns.query; content:"pub-29b91ee49c284e5ab882b8585647e8f8.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-29b91ee49c284e5ab882b8585647e8f8\.r2\.dev$/i"; classtype:trojan-activity; sid:37352451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname pub-29b91ee49c284e5ab882b8585647e8f8.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-29b91ee49c284e5ab882b8585647e8f8.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-29b91ee49c284e5ab882b8585647e8f8\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//pub-29b91ee49c284e5ab882b8585647e8f8.r2.dev/index2.html"; flow:to_server,established; http.header; content:"pub-29b91ee49c284e5ab882b8585647e8f8.r2.dev"; fast_pattern; nocase; http.uri; content:"/index2.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37352461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname https-login--microsoftonline--com.httpsproxy.net"; dns.query; content:"https-login--microsoftonline--com.httpsproxy.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])https\-login\-\-microsoftonline\-\-com\.httpsproxy\.net$/i"; classtype:trojan-activity; sid:37352481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname https-login--microsoftonline--com.httpsproxy.net"; flow:to_server,established; http.header; content: "Host|3a| https-login--microsoftonline--com.httpsproxy.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])https\-login\-\-microsoftonline\-\-com\.httpsproxy\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//https-login--microsoftonline--com.httpsproxy.net/%7B0%7D/oauth2/v2.0/authorize"; flow:to_server,established; http.header; content:"https-login--microsoftonline--com.httpsproxy.net"; fast_pattern; nocase; http.uri; content:"/%7B0%7D/oauth2/v2.0/authorize"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37352491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 143967328.hs-sites-eu1.com"; dns.query; content:"143967328.hs-sites-eu1.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])143967328\.hs\-sites\-eu1\.com$/i"; classtype:trojan-activity; sid:37352511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 143967328.hs-sites-eu1.com"; flow:to_server,established; http.header; content: "Host|3a| 143967328.hs-sites-eu1.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])143967328\.hs\-sites\-eu1\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tgadminuser.wihor.com"; dns.query; content:"tgadminuser.wihor.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.wihor\.com$/i"; classtype:trojan-activity; sid:37352541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tgadminuser.wihor.com"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.wihor.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.wihor\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegram.webapt.pw"; dns.query; content:"telegram.webapt.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.webapt\.pw$/i"; classtype:trojan-activity; sid:37352571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegram.webapt.pw"; flow:to_server,established; http.header; content: "Host|3a| telegram.webapt.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.webapt\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname umfrzn.com"; dns.query; content:"umfrzn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])umfrzn\.com$/i"; classtype:trojan-activity; sid:37352601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname umfrzn.com"; flow:to_server,established; http.header; content: "Host|3a| umfrzn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])umfrzn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname zpgkqg.com"; dns.query; content:"zpgkqg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zpgkqg\.com$/i"; classtype:trojan-activity; sid:37352631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname zpgkqg.com"; flow:to_server,established; http.header; content: "Host|3a| zpgkqg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zpgkqg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; dns.query; content:"login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.microsoftonline\.us\.office\.rp1\.abangaritest\.govshn\.net$/i"; classtype:trojan-activity; sid:37352661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; flow:to_server,established; http.header; content: "Host|3a| login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.microsoftonline\.us\.office\.rp1\.abangaritest\.govshn\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname pub-a7aa109e9db04b97ba2fc89747a05209.r2.dev"; dns.query; content:"pub-a7aa109e9db04b97ba2fc89747a05209.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a7aa109e9db04b97ba2fc89747a05209\.r2\.dev$/i"; classtype:trojan-activity; sid:37352691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname pub-a7aa109e9db04b97ba2fc89747a05209.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-a7aa109e9db04b97ba2fc89747a05209.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a7aa109e9db04b97ba2fc89747a05209\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname admin.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; dns.query; content:"admin.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])admin\.gov\.teams\.microsoft\.us\.office\.rp1\.abangaritest\.govshn\.net$/i"; classtype:trojan-activity; sid:37352721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname admin.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; flow:to_server,established; http.header; content: "Host|3a| admin.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])admin\.gov\.teams\.microsoft\.us\.office\.rp1\.abangaritest\.govshn\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname worker-late-math-e562.aldenker.workers.dev"; dns.query; content:"worker-late-math-e562.aldenker.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-late\-math\-e562\.aldenker\.workers\.dev$/i"; classtype:trojan-activity; sid:37352751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname worker-late-math-e562.aldenker.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-late-math-e562.aldenker.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-late\-math\-e562\.aldenker\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//worker-late-math-e562.aldenker.workers.dev/"; flow:to_server,established; http.header; content:"worker-late-math-e562.aldenker.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37352761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname pub-8900102e86d14baa8aa72ab424da2634.r2.dev"; dns.query; content:"pub-8900102e86d14baa8aa72ab424da2634.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8900102e86d14baa8aa72ab424da2634\.r2\.dev$/i"; classtype:trojan-activity; sid:37352781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname pub-8900102e86d14baa8aa72ab424da2634.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-8900102e86d14baa8aa72ab424da2634.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8900102e86d14baa8aa72ab424da2634\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegram.webapt.xyz"; dns.query; content:"telegram.webapt.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.webapt\.xyz$/i"; classtype:trojan-activity; sid:37352811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegram.webapt.xyz"; flow:to_server,established; http.header; content: "Host|3a| telegram.webapt.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.webapt\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname shina-viral.live-vip.my.id"; dns.query; content:"shina-viral.live-vip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shina\-viral\.live\-vip\.my\.id$/i"; classtype:trojan-activity; sid:37352841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname shina-viral.live-vip.my.id"; flow:to_server,established; http.header; content: "Host|3a| shina-viral.live-vip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shina\-viral\.live\-vip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tgadminuser.web-tel.vip"; dns.query; content:"tgadminuser.web-tel.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-tel\.vip$/i"; classtype:trojan-activity; sid:37352871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tgadminuser.web-tel.vip"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.web-tel.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-tel\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> 27.207.244.130 46664 (msg: "MISP e25715 [] Outgoing URL http|3a|//27.207.244.130|3a|46664/Mozi.m"; flow:to_server,established; http.header; content:"27.207.244.130"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 123.241.57.252 65057 (msg: "MISP e25715 [] Outgoing URL http|3a|//123.241.57.252|3a|65057/.i"; flow:to_server,established; http.header; content:"123.241.57.252"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 119.189.138.145 50576 (msg: "MISP e25715 [] Outgoing URL http|3a|//119.189.138.145|3a|50576/i"; flow:to_server,established; http.header; content:"119.189.138.145"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 117.207.245.143 59040 (msg: "MISP e25715 [] Outgoing URL http|3a|//117.207.245.143|3a|59040/Mozi.m"; flow:to_server,established; http.header; content:"117.207.245.143"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 115.59.91.110 55436 (msg: "MISP e25715 [] Outgoing URL http|3a|//115.59.91.110|3a|55436/bin.sh"; flow:to_server,established; http.header; content:"115.59.91.110"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 42.239.22.136 43772 (msg: "MISP e25715 [] Outgoing URL http|3a|//42.239.22.136|3a|43772/bin.sh"; flow:to_server,established; http.header; content:"42.239.22.136"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 39.77.90.229 36684 (msg: "MISP e25715 [] Outgoing URL http|3a|//39.77.90.229|3a|36684/bin.sh"; flow:to_server,established; http.header; content:"39.77.90.229"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e25715 [] Outgoing URL http|3a|//193.233.132.167/lend/art33.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/lend/art33.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 117.211.223.26 39269 (msg: "MISP e25715 [] Outgoing URL http|3a|//117.211.223.26|3a|39269/i"; flow:to_server,established; http.header; content:"117.211.223.26"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 115.55.226.36 42294 (msg: "MISP e25715 [] Outgoing URL http|3a|//115.55.226.36|3a|42294/Mozi.m"; flow:to_server,established; http.header; content:"115.55.226.36"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 112.248.109.245 49849 (msg: "MISP e25715 [] Outgoing URL http|3a|//112.248.109.245|3a|49849/i"; flow:to_server,established; http.header; content:"112.248.109.245"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 42.235.43.77 35240 (msg: "MISP e25715 [] Outgoing URL http|3a|//42.235.43.77|3a|35240/i"; flow:to_server,established; http.header; content:"42.235.43.77"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e25715 [] Outgoing URL http|3a|//193.233.132.167/lend/X1.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/lend/X1.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e25715 [] Outgoing URL http|3a|//193.233.132.167/lend/art1.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/lend/art1.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 182.113.23.63 37108 (msg: "MISP e25715 [] Outgoing URL http|3a|//182.113.23.63|3a|37108/Mozi.m"; flow:to_server,established; http.header; content:"182.113.23.63"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 117.203.177.224 37428 (msg: "MISP e25715 [] Outgoing URL http|3a|//117.203.177.224|3a|37428/i"; flow:to_server,established; http.header; content:"117.203.177.224"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 115.63.55.243 59466 (msg: "MISP e25715 [] Outgoing URL http|3a|//115.63.55.243|3a|59466/Mozi.m"; flow:to_server,established; http.header; content:"115.63.55.243"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 115.59.91.110 55436 (msg: "MISP e25715 [] Outgoing URL http|3a|//115.59.91.110|3a|55436/i"; flow:to_server,established; http.header; content:"115.59.91.110"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 113.99.201.163 35289 (msg: "MISP e25715 [] Outgoing URL http|3a|//113.99.201.163|3a|35289/i"; flow:to_server,established; http.header; content:"113.99.201.163"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 113.245.218.88 45658 (msg: "MISP e25715 [] Outgoing URL http|3a|//113.245.218.88|3a|45658/Mozi.m"; flow:to_server,established; http.header; content:"113.245.218.88"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 1.175.48.2 4660 (msg: "MISP e25715 [] Outgoing URL http|3a|//1.175.48.2|3a|4660/.i"; flow:to_server,established; http.header; content:"1.175.48.2"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 59.93.190.133 59265 (msg: "MISP e25715 [] Outgoing URL http|3a|//59.93.190.133|3a|59265/i"; flow:to_server,established; http.header; content:"59.93.190.133"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 59.93.190.106 59797 (msg: "MISP e25715 [] Outgoing URL http|3a|//59.93.190.106|3a|59797/Mozi.m"; flow:to_server,established; http.header; content:"59.93.190.106"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 42.239.22.136 43772 (msg: "MISP e25715 [] Outgoing URL http|3a|//42.239.22.136|3a|43772/Mozi.m"; flow:to_server,established; http.header; content:"42.239.22.136"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 42.235.43.77 35240 (msg: "MISP e25715 [] Outgoing URL http|3a|//42.235.43.77|3a|35240/bin.sh"; flow:to_server,established; http.header; content:"42.235.43.77"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 36.104.220.178 50226 (msg: "MISP e25715 [] Outgoing URL http|3a|//36.104.220.178|3a|50226/i"; flow:to_server,established; http.header; content:"36.104.220.178"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 27.206.255.66 56391 (msg: "MISP e25715 [] Outgoing URL http|3a|//27.206.255.66|3a|56391/Mozi.a"; flow:to_server,established; http.header; content:"27.206.255.66"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e25715 [] Outgoing URL http|3a|//193.233.132.167/lend/daissss.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/lend/daissss.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 120.211.70.84 39911 (msg: "MISP e25715 [] Outgoing URL http|3a|//120.211.70.84|3a|39911/i"; flow:to_server,established; http.header; content:"120.211.70.84"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 120.211.131.10 56920 (msg: "MISP e25715 [] Outgoing URL http|3a|//120.211.131.10|3a|56920/i"; flow:to_server,established; http.header; content:"120.211.131.10"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 120.211.131.10 56920 (msg: "MISP e25715 [] Outgoing URL http|3a|//120.211.131.10|3a|56920/bin.sh"; flow:to_server,established; http.header; content:"120.211.131.10"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 119.189.185.141 42359 (msg: "MISP e25715 [] Outgoing URL http|3a|//119.189.185.141|3a|42359/i"; flow:to_server,established; http.header; content:"119.189.185.141"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 119.189.185.141 42359 (msg: "MISP e25715 [] Outgoing URL http|3a|//119.189.185.141|3a|42359/bin.sh"; flow:to_server,established; http.header; content:"119.189.185.141"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 119.179.236.29 44101 (msg: "MISP e25715 [] Outgoing URL http|3a|//119.179.236.29|3a|44101/i"; flow:to_server,established; http.header; content:"119.179.236.29"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 115.57.81.113 38010 (msg: "MISP e25715 [] Outgoing URL http|3a|//115.57.81.113|3a|38010/i"; flow:to_server,established; http.header; content:"115.57.81.113"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 110.181.239.189 38106 (msg: "MISP e25715 [] Outgoing URL http|3a|//110.181.239.189|3a|38106/i"; flow:to_server,established; http.header; content:"110.181.239.189"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspnr.top"; dns.query; content:"usspnr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspnr\.top$/i"; classtype:trojan-activity; sid:36912651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspnr.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspnr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspnr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspzv.top"; dns.query; content:"usspzv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzv\.top$/i"; classtype:trojan-activity; sid:36912661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspzv.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspzv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspzu.top"; dns.query; content:"usspzu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzu\.top$/i"; classtype:trojan-activity; sid:36912671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspzu.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspzu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912672; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspzt.top"; dns.query; content:"usspzt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzt\.top$/i"; classtype:trojan-activity; sid:36912681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspzt.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspzt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912682; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspzp.top"; dns.query; content:"usspzp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzp\.top$/i"; classtype:trojan-activity; sid:36912691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspzp.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspzp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912692; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspzn.top"; dns.query; content:"usspzn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzn\.top$/i"; classtype:trojan-activity; sid:36912701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspzn.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspzn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspzm.top"; dns.query; content:"usspzm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzm\.top$/i"; classtype:trojan-activity; sid:36912711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspzm.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspzm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspzi.top"; dns.query; content:"usspzi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzi\.top$/i"; classtype:trojan-activity; sid:36912721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspzi.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspzi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912722; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspzk.top"; dns.query; content:"usspzk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzk\.top$/i"; classtype:trojan-activity; sid:36912731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspzk.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspzk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912732; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspzc.top"; dns.query; content:"usspzc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzc\.top$/i"; classtype:trojan-activity; sid:36912741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspzc.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspzc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspzd.top"; dns.query; content:"usspzd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzd\.top$/i"; classtype:trojan-activity; sid:36912751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspzd.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspzd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspzd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspza.top"; dns.query; content:"usspza.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspza\.top$/i"; classtype:trojan-activity; sid:36912761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspza.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspza.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspza\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyz.top"; dns.query; content:"usspyz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyz\.top$/i"; classtype:trojan-activity; sid:36912771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyz.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyv.top"; dns.query; content:"usspyv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyv\.top$/i"; classtype:trojan-activity; sid:36912781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyv.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912782; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyr.top"; dns.query; content:"usspyr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyr\.top$/i"; classtype:trojan-activity; sid:36912791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyr.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyq.top"; dns.query; content:"usspyq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyq\.top$/i"; classtype:trojan-activity; sid:36912801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyq.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912802; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyo.top"; dns.query; content:"usspyo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyo\.top$/i"; classtype:trojan-activity; sid:36912811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyo.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912812; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyp.top"; dns.query; content:"usspyp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyp\.top$/i"; classtype:trojan-activity; sid:36912821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyp.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912822; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspym.top"; dns.query; content:"usspym.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspym\.top$/i"; classtype:trojan-activity; sid:36912831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspym.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspym.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspym\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912832; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyl.top"; dns.query; content:"usspyl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyl\.top$/i"; classtype:trojan-activity; sid:36912841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyl.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912842; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyk.top"; dns.query; content:"usspyk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyk\.top$/i"; classtype:trojan-activity; sid:36912851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyk.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912852; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyj.top"; dns.query; content:"usspyj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyj\.top$/i"; classtype:trojan-activity; sid:36912861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyj.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912862; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspye.top"; dns.query; content:"usspye.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspye\.top$/i"; classtype:trojan-activity; sid:36912871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspye.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspye.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspye\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912872; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyd.top"; dns.query; content:"usspyd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyd\.top$/i"; classtype:trojan-activity; sid:36912881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyd.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyc.top"; dns.query; content:"usspyc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyc\.top$/i"; classtype:trojan-activity; sid:36912891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyc.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912892; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwz.top"; dns.query; content:"usspwz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwz\.top$/i"; classtype:trojan-activity; sid:36912901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwz.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912902; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspyb.top"; dns.query; content:"usspyb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyb\.top$/i"; classtype:trojan-activity; sid:36912911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspyb.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspyb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspyb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912912; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwv.top"; dns.query; content:"usspwv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwv\.top$/i"; classtype:trojan-activity; sid:36912921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwv.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912922; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwy.top"; dns.query; content:"usspwy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwy\.top$/i"; classtype:trojan-activity; sid:36912931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwy.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912932; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspws.top"; dns.query; content:"usspws.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspws\.top$/i"; classtype:trojan-activity; sid:36912941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspws.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspws.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspws\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912942; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwq.top"; dns.query; content:"usspwq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwq\.top$/i"; classtype:trojan-activity; sid:36912951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwq.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912952; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwp.top"; dns.query; content:"usspwp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwp\.top$/i"; classtype:trojan-activity; sid:36912961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwp.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912962; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwo.top"; dns.query; content:"usspwo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwo\.top$/i"; classtype:trojan-activity; sid:36912971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwo.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912972; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwn.top"; dns.query; content:"usspwn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwn\.top$/i"; classtype:trojan-activity; sid:36912981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwn.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwm.top"; dns.query; content:"usspwm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwm\.top$/i"; classtype:trojan-activity; sid:36912991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwm.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwj.top"; dns.query; content:"usspwj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwj\.top$/i"; classtype:trojan-activity; sid:36913001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwj.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwh.top"; dns.query; content:"usspwh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwh\.top$/i"; classtype:trojan-activity; sid:36913011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwh.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwb.top"; dns.query; content:"usspwb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwb\.top$/i"; classtype:trojan-activity; sid:36913021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwb.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwe.top"; dns.query; content:"usspwe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwe\.top$/i"; classtype:trojan-activity; sid:36913031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwe.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913032; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwc.top"; dns.query; content:"usspwc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwc\.top$/i"; classtype:trojan-activity; sid:36913041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwc.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913042; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspwa.top"; dns.query; content:"usspwa.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwa\.top$/i"; classtype:trojan-activity; sid:36913051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspwa.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspwa.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspwa\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913052; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspvq.top"; dns.query; content:"usspvq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspvq\.top$/i"; classtype:trojan-activity; sid:36913061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspvq.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspvq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspvq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913062; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspva.top"; dns.query; content:"usspva.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspva\.top$/i"; classtype:trojan-activity; sid:36913071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspva.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspva.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspva\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspuz.top"; dns.query; content:"usspuz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspuz\.top$/i"; classtype:trojan-activity; sid:36913081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspuz.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspuz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspuz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913082; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspuw.top"; dns.query; content:"usspuw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspuw\.top$/i"; classtype:trojan-activity; sid:36913091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspuw.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspuw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspuw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913092; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain ussput.top"; dns.query; content:"ussput.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ussput\.top$/i"; classtype:trojan-activity; sid:36913101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain ussput.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ussput.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ussput\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913102; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspul.top"; dns.query; content:"usspul.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspul\.top$/i"; classtype:trojan-activity; sid:36913111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspul.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspul.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspul\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913112; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain ussptv.top"; dns.query; content:"ussptv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ussptv\.top$/i"; classtype:trojan-activity; sid:36913121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain ussptv.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ussptv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ussptv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913122; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspta.top"; dns.query; content:"usspta.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspta\.top$/i"; classtype:trojan-activity; sid:36913131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspta.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspta.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspta\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913132; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspti.top"; dns.query; content:"usspti.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspti\.top$/i"; classtype:trojan-activity; sid:36913141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspti.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspti.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspti\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913142; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspsq.top"; dns.query; content:"usspsq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspsq\.top$/i"; classtype:trojan-activity; sid:36913151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspsq.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspsq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspsq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913152; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspqr.top"; dns.query; content:"usspqr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspqr\.top$/i"; classtype:trojan-activity; sid:36913161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspqr.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspqr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspqr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913162; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspsp.top"; dns.query; content:"usspsp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspsp\.top$/i"; classtype:trojan-activity; sid:36913171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspsp.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspsp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspsp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913172; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspqp.top"; dns.query; content:"usspqp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspqp\.top$/i"; classtype:trojan-activity; sid:36913181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspqp.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspqp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspqp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain ussppe.top"; dns.query; content:"ussppe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ussppe\.top$/i"; classtype:trojan-activity; sid:36913191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain ussppe.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ussppe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ussppe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913192; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain ussptc.top"; dns.query; content:"ussptc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ussptc\.top$/i"; classtype:trojan-activity; sid:36913201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain ussptc.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ussptc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ussptc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913202; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain ussphc.top"; dns.query; content:"ussphc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ussphc\.top$/i"; classtype:trojan-activity; sid:36913211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain ussphc.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ussphc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ussphc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspqe.top"; dns.query; content:"usspqe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspqe\.top$/i"; classtype:trojan-activity; sid:36913221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspqe.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspqe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspqe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913222; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspqc.top"; dns.query; content:"usspqc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspqc\.top$/i"; classtype:trojan-activity; sid:36913231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspqc.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspqc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspqc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913232; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain ussppy.top"; dns.query; content:"ussppy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ussppy\.top$/i"; classtype:trojan-activity; sid:36913241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain ussppy.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ussppy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ussppy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913242; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspbv.top"; dns.query; content:"usspbv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspbv\.top$/i"; classtype:trojan-activity; sid:36913251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspbv.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspbv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspbv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913252; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Domain usspag.top"; dns.query; content:"usspag.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usspag\.top$/i"; classtype:trojan-activity; sid:36913261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Domain usspag.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usspag.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usspag\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913262; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspnr.top"; dns.query; content:"usp.usspnr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnr\.top$/i"; classtype:trojan-activity; sid:36913271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspnr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspnr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913272; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspzv.top"; dns.query; content:"usp.usspzv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzv\.top$/i"; classtype:trojan-activity; sid:36913281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspzv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913282; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspzu.top"; dns.query; content:"usp.usspzu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzu\.top$/i"; classtype:trojan-activity; sid:36913291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspzu.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913292; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspzt.top"; dns.query; content:"usp.usspzt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzt\.top$/i"; classtype:trojan-activity; sid:36913301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspzt.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913302; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspzp.top"; dns.query; content:"usp.usspzp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzp\.top$/i"; classtype:trojan-activity; sid:36913311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspzp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913312; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspzn.top"; dns.query; content:"usp.usspzn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzn\.top$/i"; classtype:trojan-activity; sid:36913321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspzn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913322; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspzm.top"; dns.query; content:"usp.usspzm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzm\.top$/i"; classtype:trojan-activity; sid:36913331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspzm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913332; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspzi.top"; dns.query; content:"usp.usspzi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzi\.top$/i"; classtype:trojan-activity; sid:36913341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspzi.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913342; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspzk.top"; dns.query; content:"usp.usspzk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzk\.top$/i"; classtype:trojan-activity; sid:36913351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspzk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913352; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspzc.top"; dns.query; content:"usp.usspzc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzc\.top$/i"; classtype:trojan-activity; sid:36913361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspzc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913362; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspzd.top"; dns.query; content:"usp.usspzd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzd\.top$/i"; classtype:trojan-activity; sid:36913371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspzd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913372; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspza.top"; dns.query; content:"usp.usspza.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspza\.top$/i"; classtype:trojan-activity; sid:36913381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspza.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspza.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspza\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913382; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyz.top"; dns.query; content:"usp.usspyz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyz\.top$/i"; classtype:trojan-activity; sid:36913391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913392; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyv.top"; dns.query; content:"usp.usspyv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyv\.top$/i"; classtype:trojan-activity; sid:36913401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913402; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyr.top"; dns.query; content:"usp.usspyr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyr\.top$/i"; classtype:trojan-activity; sid:36913411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913412; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyq.top"; dns.query; content:"usp.usspyq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyq\.top$/i"; classtype:trojan-activity; sid:36913421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913422; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyo.top"; dns.query; content:"usp.usspyo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyo\.top$/i"; classtype:trojan-activity; sid:36913431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyo.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913432; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyp.top"; dns.query; content:"usp.usspyp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyp\.top$/i"; classtype:trojan-activity; sid:36913441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspym.top"; dns.query; content:"usp.usspym.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspym\.top$/i"; classtype:trojan-activity; sid:36913451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspym.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspym.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspym\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913452; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyl.top"; dns.query; content:"usp.usspyl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyl\.top$/i"; classtype:trojan-activity; sid:36913461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyl.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913462; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyk.top"; dns.query; content:"usp.usspyk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyk\.top$/i"; classtype:trojan-activity; sid:36913471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyj.top"; dns.query; content:"usp.usspyj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyj\.top$/i"; classtype:trojan-activity; sid:36913481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913482; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspye.top"; dns.query; content:"usp.usspye.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspye\.top$/i"; classtype:trojan-activity; sid:36913491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspye.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspye.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspye\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913492; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyd.top"; dns.query; content:"usp.usspyd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyd\.top$/i"; classtype:trojan-activity; sid:36913501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913502; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyc.top"; dns.query; content:"usp.usspyc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyc\.top$/i"; classtype:trojan-activity; sid:36913511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwz.top"; dns.query; content:"usp.usspwz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwz\.top$/i"; classtype:trojan-activity; sid:36913521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913522; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspyb.top"; dns.query; content:"usp.usspyb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyb\.top$/i"; classtype:trojan-activity; sid:36913531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspyb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913532; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwv.top"; dns.query; content:"usp.usspwv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwv\.top$/i"; classtype:trojan-activity; sid:36913541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913542; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwy.top"; dns.query; content:"usp.usspwy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwy\.top$/i"; classtype:trojan-activity; sid:36913551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwy.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913552; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspws.top"; dns.query; content:"usp.usspws.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspws\.top$/i"; classtype:trojan-activity; sid:36913561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspws.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspws.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspws\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913562; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwq.top"; dns.query; content:"usp.usspwq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwq\.top$/i"; classtype:trojan-activity; sid:36913571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913572; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwp.top"; dns.query; content:"usp.usspwp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwp\.top$/i"; classtype:trojan-activity; sid:36913581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913582; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwo.top"; dns.query; content:"usp.usspwo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwo\.top$/i"; classtype:trojan-activity; sid:36913591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwo.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913592; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwn.top"; dns.query; content:"usp.usspwn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwn\.top$/i"; classtype:trojan-activity; sid:36913601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913602; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwm.top"; dns.query; content:"usp.usspwm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwm\.top$/i"; classtype:trojan-activity; sid:36913611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913612; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwj.top"; dns.query; content:"usp.usspwj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwj\.top$/i"; classtype:trojan-activity; sid:36913621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913622; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwh.top"; dns.query; content:"usp.usspwh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwh\.top$/i"; classtype:trojan-activity; sid:36913631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwh.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913632; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwb.top"; dns.query; content:"usp.usspwb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwb\.top$/i"; classtype:trojan-activity; sid:36913641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913642; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwe.top"; dns.query; content:"usp.usspwe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwe\.top$/i"; classtype:trojan-activity; sid:36913651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwe.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwc.top"; dns.query; content:"usp.usspwc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwc\.top$/i"; classtype:trojan-activity; sid:36913661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspwa.top"; dns.query; content:"usp.usspwa.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwa\.top$/i"; classtype:trojan-activity; sid:36913671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspwa.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwa.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwa\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913672; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspvq.top"; dns.query; content:"usp.usspvq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvq\.top$/i"; classtype:trojan-activity; sid:36913681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspvq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913682; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspva.top"; dns.query; content:"usp.usspva.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspva\.top$/i"; classtype:trojan-activity; sid:36913691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspva.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspva.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspva\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913692; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspuz.top"; dns.query; content:"usp.usspuz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuz\.top$/i"; classtype:trojan-activity; sid:36913701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspuz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspuz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspuw.top"; dns.query; content:"usp.usspuw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuw\.top$/i"; classtype:trojan-activity; sid:36913711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspuw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspuw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.ussput.top"; dns.query; content:"usp.ussput.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussput\.top$/i"; classtype:trojan-activity; sid:36913721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.ussput.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussput.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussput\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913722; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspul.top"; dns.query; content:"usp.usspul.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspul\.top$/i"; classtype:trojan-activity; sid:36913731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspul.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspul.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspul\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913732; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.ussptv.top"; dns.query; content:"usp.ussptv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptv\.top$/i"; classtype:trojan-activity; sid:36913741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.ussptv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspta.top"; dns.query; content:"usp.usspta.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspta\.top$/i"; classtype:trojan-activity; sid:36913751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspta.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspta.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspta\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspti.top"; dns.query; content:"usp.usspti.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspti\.top$/i"; classtype:trojan-activity; sid:36913761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspti.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspti.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspti\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspsq.top"; dns.query; content:"usp.usspsq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsq\.top$/i"; classtype:trojan-activity; sid:36913771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspsq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspsq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspqr.top"; dns.query; content:"usp.usspqr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqr\.top$/i"; classtype:trojan-activity; sid:36913781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspqr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913782; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspsp.top"; dns.query; content:"usp.usspsp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsp\.top$/i"; classtype:trojan-activity; sid:36913791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspsp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspsp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.usspqp.top"; dns.query; content:"usp.usspqp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqp\.top$/i"; classtype:trojan-activity; sid:36913801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.usspqp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspqp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspqp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913802; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname usp.ussppe.top"; dns.query; content:"usp.ussppe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppe\.top$/i"; classtype:trojan-activity; sid:36913811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname usp.ussppe.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913812; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname uspo.usspwn.top"; dns.query; content:"uspo.usspwn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwn\.top$/i"; classtype:trojan-activity; sid:36913821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname uspo.usspwn.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspwn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913822; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname uspo.usspwh.top"; dns.query; content:"uspo.usspwh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwh\.top$/i"; classtype:trojan-activity; sid:36913831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname uspo.usspwh.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspwh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913832; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname uspo.ussput.top"; dns.query; content:"uspo.ussput.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussput\.top$/i"; classtype:trojan-activity; sid:36913841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname uspo.ussput.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussput.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussput\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913842; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname uspo.ussptc.top"; dns.query; content:"uspo.ussptc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptc\.top$/i"; classtype:trojan-activity; sid:36913851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname uspo.ussptc.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussptc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913852; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname uspo.ussphc.top"; dns.query; content:"uspo.ussphc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphc\.top$/i"; classtype:trojan-activity; sid:36913861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname uspo.ussphc.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913862; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname uspe.usspqe.top"; dns.query; content:"uspe.usspqe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqe\.top$/i"; classtype:trojan-activity; sid:36913871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname uspe.usspqe.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspqe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913872; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname uspe.usspqc.top"; dns.query; content:"uspe.usspqc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqc\.top$/i"; classtype:trojan-activity; sid:36913881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname uspe.usspqc.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspqc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname uspe.ussppy.top"; dns.query; content:"uspe.ussppy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppy\.top$/i"; classtype:trojan-activity; sid:36913891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname uspe.ussppy.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.ussppy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913892; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname uspd.usspbv.top"; dns.query; content:"uspd.usspbv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspbv\.top$/i"; classtype:trojan-activity; sid:36913901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname uspd.usspbv.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspbv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspbv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913902; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert dns any any -> any any (msg: "MISP e25716 [] Hostname uspd.usspag.top"; dns.query; content:"uspd.usspag.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspag\.top$/i"; classtype:trojan-activity; sid:36913911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25716 [] Outgoing HTTP Hostname uspd.usspag.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspag.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspag\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36913912; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25716 [] Outgoing URL http|3a|//usp.usspnr.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.usspnr.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36913921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25716;) alert ip $HOME_NET any -> 103.86.130.72 443 (msg: "MISP e25652 [] Outgoing To IP: 103.86.130.72|443"; classtype:trojan-activity; sid:36901101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [CobaltStrike,Constant MOULIN,cs-watermark-987654321] Domain copper-king.com"; dns.query; content:"copper-king.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])copper\-king\.com$/i"; classtype:trojan-activity; sid:36901111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [CobaltStrike,Constant MOULIN,cs-watermark-987654321] Outgoing HTTP Domain copper-king.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"copper-king.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])copper\-king\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 193.222.96.25 53 (msg: "MISP e25652 [CobaltStrike,Constant MOULIN,cs-watermark-987654321] Outgoing To IP: 193.222.96.25|53"; classtype:trojan-activity; sid:36901121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [C4L-AS,CobaltStrike,cs-watermark-1790633444] Domain can.comewithme.info"; dns.query; content:"can.comewithme.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])can\.comewithme\.info$/i"; classtype:trojan-activity; sid:36901131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [C4L-AS,CobaltStrike,cs-watermark-1790633444] Outgoing HTTP Domain can.comewithme.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"can.comewithme.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])can\.comewithme\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 84.45.122.150 53 (msg: "MISP e25652 [C4L-AS,CobaltStrike,cs-watermark-1790633444] Outgoing To IP: 84.45.122.150|53"; classtype:trojan-activity; sid:36901141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 39.106.74.90 $HTTP_PORTS (msg: "MISP e25652 [CobaltStrike,cs-watermark-305419896,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//39.106.74.90/cx"; flow:to_server,established; http.header; content:"39.106.74.90"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36901161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 47.116.198.16 3333 (msg: "MISP e25652 [CobaltStrike,cs-watermark-305419896,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.116.198.16|3a|3333/j.ad"; flow:to_server,established; http.header; content:"47.116.198.16"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36901171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 84.2.81.135 6923 (msg: "MISP e25652 [NanoCore,RAT] Outgoing To IP: 84.2.81.135|6923"; classtype:trojan-activity; sid:36901181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 185.195.27.26 $HTTP_PORTS (msg: "MISP e25652 [dcrat] Outgoing URL http|3a|//185.195.27.26/windowstestjavascript/provider3/dletopython8/voiddblowprovider/bigloadasync0temp/packetgametemporary.php"; flow:to_server,established; http.header; content:"185.195.27.26"; fast_pattern; nocase; http.uri; content:"/windowstestjavascript/provider3/dletopython8/voiddblowprovider/bigloadasync0temp/packetgametemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36901361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname resellereskimo.com"; dns.query; content:"resellereskimo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])resellereskimo\.com$/i"; classtype:trojan-activity; sid:37352901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname resellereskimo.com"; flow:to_server,established; http.header; content: "Host|3a| resellereskimo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])resellereskimo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//resellereskimo.com"; flow:to_server,established; http.header; content:"resellereskimo.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37352911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:37352931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname worker-shrill-wood-50f3.jln95cha.workers.dev"; dns.query; content:"worker-shrill-wood-50f3.jln95cha.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-shrill\-wood\-50f3\.jln95cha\.workers\.dev$/i"; classtype:trojan-activity; sid:37352961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname worker-shrill-wood-50f3.jln95cha.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-shrill-wood-50f3.jln95cha.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-shrill\-wood\-50f3\.jln95cha\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//worker-shrill-wood-50f3.jln95cha.workers.dev/%22%22%22%22%22%22%22%22,%22%22%22%22%22%22%22%222606|3a|4700|3a|3037|3a||3a|ac43|3a|8f0f%22%22%22%22%22%22%22"; flow:to_server,established; http.header; content:"worker-shrill-wood-50f3.jln95cha.workers.dev"; fast_pattern; nocase; http.uri; content:"/%22%22%22%22%22%22%22%22,%22%22%22%22%22%22%22%222606:4700:3037::ac43:8f0f%22%22%22%22%22%22%22"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37352971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:37352991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37352992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname vikash.need24.in"; dns.query; content:"vikash.need24.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vikash\.need24\.in$/i"; classtype:trojan-activity; sid:37353021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname vikash.need24.in"; flow:to_server,established; http.header; content: "Host|3a| vikash.need24.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vikash\.need24\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegrem-d.com"; dns.query; content:"telegrem-d.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-d\.com$/i"; classtype:trojan-activity; sid:37353051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegrem-d.com"; flow:to_server,established; http.header; content: "Host|3a| telegrem-d.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-d\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegrem-c.com"; dns.query; content:"telegrem-c.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-c\.com$/i"; classtype:trojan-activity; sid:37353081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegrem-c.com"; flow:to_server,established; http.header; content: "Host|3a| telegrem-c.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-c\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegrem-k.com"; dns.query; content:"telegrem-k.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-k\.com$/i"; classtype:trojan-activity; sid:37353111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegrem-k.com"; flow:to_server,established; http.header; content: "Host|3a| telegrem-k.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-k\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname iwebnodeintegrate.com"; dns.query; content:"iwebnodeintegrate.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iwebnodeintegrate\.com$/i"; classtype:trojan-activity; sid:37353141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname iwebnodeintegrate.com"; flow:to_server,established; http.header; content: "Host|3a| iwebnodeintegrate.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iwebnodeintegrate\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//iwebnodeintegrate.com"; flow:to_server,established; http.header; content:"iwebnodeintegrate.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname imtoken-cb.com"; dns.query; content:"imtoken-cb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.com$/i"; classtype:trojan-activity; sid:37353171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname imtoken-cb.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-cb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//imtoken-cb.com"; flow:to_server,established; http.header; content:"imtoken-cb.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname flow.page"; dns.query; content:"flow.page"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flow\.page$/i"; classtype:trojan-activity; sid:37353201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname flow.page"; flow:to_server,established; http.header; content: "Host|3a| flow.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flow\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname gatingvehicular.com"; dns.query; content:"gatingvehicular.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gatingvehicular\.com$/i"; classtype:trojan-activity; sid:37353231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname gatingvehicular.com"; flow:to_server,established; http.header; content: "Host|3a| gatingvehicular.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gatingvehicular\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//gatingvehicular.com"; flow:to_server,established; http.header; content:"gatingvehicular.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname mail.maliyeistrgov-tr917.com"; dns.query; content:"mail.maliyeistrgov-tr917.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.maliyeistrgov\-tr917\.com$/i"; classtype:trojan-activity; sid:37353261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname mail.maliyeistrgov-tr917.com"; flow:to_server,established; http.header; content: "Host|3a| mail.maliyeistrgov-tr917.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.maliyeistrgov\-tr917\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//mail.maliyeistrgov-tr917.com"; flow:to_server,established; http.header; content:"mail.maliyeistrgov-tr917.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname cjyf.pages.dev"; dns.query; content:"cjyf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cjyf\.pages\.dev$/i"; classtype:trojan-activity; sid:37353291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname cjyf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| cjyf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cjyf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//cjyf.pages.dev"; flow:to_server,established; http.header; content:"cjyf.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname protec-35110211.biz.id"; dns.query; content:"protec-35110211.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])protec\-35110211\.biz\.id$/i"; classtype:trojan-activity; sid:37353321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname protec-35110211.biz.id"; flow:to_server,established; http.header; content: "Host|3a| protec-35110211.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])protec\-35110211\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//protec-35110211.biz.id"; flow:to_server,established; http.header; content:"protec-35110211.biz.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname edala-tmi.nitro-cp.xyz"; dns.query; content:"edala-tmi.nitro-cp.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edala\-tmi\.nitro\-cp\.xyz$/i"; classtype:trojan-activity; sid:37353351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname edala-tmi.nitro-cp.xyz"; flow:to_server,established; http.header; content: "Host|3a| edala-tmi.nitro-cp.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edala\-tmi\.nitro\-cp\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname worker-shrill-wood-50f3.jln95cha.workers.dev"; dns.query; content:"worker-shrill-wood-50f3.jln95cha.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-shrill\-wood\-50f3\.jln95cha\.workers\.dev$/i"; classtype:trojan-activity; sid:37353381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname worker-shrill-wood-50f3.jln95cha.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-shrill-wood-50f3.jln95cha.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-shrill\-wood\-50f3\.jln95cha\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//worker-shrill-wood-50f3.jln95cha.workers.dev/"; flow:to_server,established; http.header; content:"worker-shrill-wood-50f3.jln95cha.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tgadminuser.webapt.club"; dns.query; content:"tgadminuser.webapt.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webapt\.club$/i"; classtype:trojan-activity; sid:37353411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tgadminuser.webapt.club"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.webapt.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webapt\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegpm.fit"; dns.query; content:"telegpm.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegpm\.fit$/i"; classtype:trojan-activity; sid:37353441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegpm.fit"; flow:to_server,established; http.header; content: "Host|3a| telegpm.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegpm\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//telegpm.fit/"; flow:to_server,established; http.header; content:"telegpm.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname free-port-mys.mythicmys.shop"; dns.query; content:"free-port-mys.mythicmys.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])free\-port\-mys\.mythicmys\.shop$/i"; classtype:trojan-activity; sid:37353471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname free-port-mys.mythicmys.shop"; flow:to_server,established; http.header; content: "Host|3a| free-port-mys.mythicmys.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])free\-port\-mys\.mythicmys\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname bekahelp.kz"; dns.query; content:"bekahelp.kz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bekahelp\.kz$/i"; classtype:trojan-activity; sid:37353501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname bekahelp.kz"; flow:to_server,established; http.header; content: "Host|3a| bekahelp.kz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bekahelp\.kz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname webtg.github.io"; dns.query; content:"webtg.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webtg\.github\.io$/i"; classtype:trojan-activity; sid:37353531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname webtg.github.io"; flow:to_server,established; http.header; content: "Host|3a| webtg.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webtg\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//webtg.github.io/"; flow:to_server,established; http.header; content:"webtg.github.io"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tokznp02kkt.pro"; dns.query; content:"tokznp02kkt.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokznp02kkt\.pro$/i"; classtype:trojan-activity; sid:37353561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tokznp02kkt.pro"; flow:to_server,established; http.header; content: "Host|3a| tokznp02kkt.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokznp02kkt\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tokznp02kkt.pro"; flow:to_server,established; http.header; content:"tokznp02kkt.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname docs-5kq.pages.dev"; dns.query; content:"docs-5kq.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])docs\-5kq\.pages\.dev$/i"; classtype:trojan-activity; sid:37353591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname docs-5kq.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| docs-5kq.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])docs\-5kq\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//docs-5kq.pages.dev"; flow:to_server,established; http.header; content:"docs-5kq.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> 42.239.22.136 43772 (msg: "MISP e25715 [] Outgoing URL http|3a|//42.239.22.136|3a|43772/i"; flow:to_server,established; http.header; content:"42.239.22.136"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 27.4.76.171 33674 (msg: "MISP e25715 [] Outgoing URL http|3a|//27.4.76.171|3a|33674/bin.sh"; flow:to_server,established; http.header; content:"27.4.76.171"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 125.41.5.183 41318 (msg: "MISP e25715 [] Outgoing URL http|3a|//125.41.5.183|3a|41318/i"; flow:to_server,established; http.header; content:"125.41.5.183"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 125.41.5.183 41318 (msg: "MISP e25715 [] Outgoing URL http|3a|//125.41.5.183|3a|41318/bin.sh"; flow:to_server,established; http.header; content:"125.41.5.183"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 123.193.144.46 19526 (msg: "MISP e25715 [] Outgoing URL http|3a|//123.193.144.46|3a|19526/.i"; flow:to_server,established; http.header; content:"123.193.144.46"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 114.239.247.173 23351 (msg: "MISP e25715 [] Outgoing URL http|3a|//114.239.247.173|3a|23351/.i"; flow:to_server,established; http.header; content:"114.239.247.173"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 49.82.183.219 60584 (msg: "MISP e25715 [] Outgoing URL http|3a|//49.82.183.219|3a|60584/.i"; flow:to_server,established; http.header; content:"49.82.183.219"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 39.77.90.229 36684 (msg: "MISP e25715 [] Outgoing URL http|3a|//39.77.90.229|3a|36684/i"; flow:to_server,established; http.header; content:"39.77.90.229"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 27.215.240.171 35415 (msg: "MISP e25715 [] Outgoing URL http|3a|//27.215.240.171|3a|35415/bin.sh"; flow:to_server,established; http.header; content:"27.215.240.171"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e25715 [] Outgoing URL http|3a|//193.233.132.167/lend/crpta.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/lend/crpta.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 182.122.245.22 36614 (msg: "MISP e25715 [] Outgoing URL http|3a|//182.122.245.22|3a|36614/Mozi.m"; flow:to_server,established; http.header; content:"182.122.245.22"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 182.113.201.157 45192 (msg: "MISP e25715 [] Outgoing URL http|3a|//182.113.201.157|3a|45192/Mozi.m"; flow:to_server,established; http.header; content:"182.113.201.157"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 124.234.180.125 34311 (msg: "MISP e25715 [] Outgoing URL http|3a|//124.234.180.125|3a|34311/.i"; flow:to_server,established; http.header; content:"124.234.180.125"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 117.252.164.109 55041 (msg: "MISP e25715 [] Outgoing URL http|3a|//117.252.164.109|3a|55041/i"; flow:to_server,established; http.header; content:"117.252.164.109"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 116.31.153.221 34269 (msg: "MISP e25715 [] Outgoing URL http|3a|//116.31.153.221|3a|34269/Mozi.m"; flow:to_server,established; http.header; content:"116.31.153.221"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 109.92.126.130 11679 (msg: "MISP e25715 [] Outgoing URL http|3a|//109.92.126.130|3a|11679/"; flow:to_server,established; http.header; content:"109.92.126.130"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert dns any any -> any any (msg: "MISP e25714 [] Hostname dlu-quekabutiyee.com"; dns.query; content:"dlu-quekabutiyee.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dlu\-quekabutiyee\.com$/i"; classtype:trojan-activity; sid:36912071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25714 [] Outgoing HTTP Hostname dlu-quekabutiyee.com"; flow:to_server,established; http.header; content: "Host|3a| dlu-quekabutiyee.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dlu\-quekabutiyee\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25714;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25714 [] Outgoing URL http|3a|//dlu-quekabutiyee.com"; flow:to_server,established; http.header; content:"dlu-quekabutiyee.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36912091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25714;) alert dns any any -> any any (msg: "MISP e25714 [] Domain dlu-quekabutiyee.com"; dns.query; content:"dlu-quekabutiyee.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dlu\-quekabutiyee\.com$/i"; classtype:trojan-activity; sid:36912191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25714 [] Outgoing HTTP Domain dlu-quekabutiyee.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dlu-quekabutiyee.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dlu\-quekabutiyee\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36912192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25714;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tokenpbqket.com"; dns.query; content:"tokenpbqket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.com$/i"; classtype:trojan-activity; sid:37353621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tokenpbqket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpbqket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tokenpbqket.com"; flow:to_server,established; http.header; content:"tokenpbqket.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname ups-get-your-package.com"; dns.query; content:"ups-get-your-package.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ups\-get\-your\-package\.com$/i"; classtype:trojan-activity; sid:37353651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname ups-get-your-package.com"; flow:to_server,established; http.header; content: "Host|3a| ups-get-your-package.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ups\-get\-your\-package\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//ups-get-your-package.com"; flow:to_server,established; http.header; content:"ups-get-your-package.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname vosdemarches-cpam.com"; dns.query; content:"vosdemarches-cpam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vosdemarches\-cpam\.com$/i"; classtype:trojan-activity; sid:37353681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname vosdemarches-cpam.com"; flow:to_server,established; http.header; content: "Host|3a| vosdemarches-cpam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vosdemarches\-cpam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//vosdemarches-cpam.com"; flow:to_server,established; http.header; content:"vosdemarches-cpam.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname web3defibrowser.com"; dns.query; content:"web3defibrowser.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web3defibrowser\.com$/i"; classtype:trojan-activity; sid:37353711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname web3defibrowser.com"; flow:to_server,established; http.header; content: "Host|3a| web3defibrowser.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web3defibrowser\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//web3defibrowser.com"; flow:to_server,established; http.header; content:"web3defibrowser.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname whasstapp.com"; dns.query; content:"whasstapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whasstapp\.com$/i"; classtype:trojan-activity; sid:37353741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname whasstapp.com"; flow:to_server,established; http.header; content: "Host|3a| whasstapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whasstapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//whasstapp.com"; flow:to_server,established; http.header; content:"whasstapp.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tele-gram.lol"; dns.query; content:"tele-gram.lol"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tele\-gram\.lol$/i"; classtype:trojan-activity; sid:37353801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tele-gram.lol"; flow:to_server,established; http.header; content: "Host|3a| tele-gram.lol"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tele\-gram\.lol[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tele-gram.lol"; flow:to_server,established; http.header; content:"tele-gram.lol"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tele-gramin.xyz"; dns.query; content:"tele-gramin.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tele\-gramin\.xyz$/i"; classtype:trojan-activity; sid:37353831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tele-gramin.xyz"; flow:to_server,established; http.header; content: "Host|3a| tele-gramin.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tele\-gramin\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname nfbxg.pages.dev"; dns.query; content:"nfbxg.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nfbxg\.pages\.dev$/i"; classtype:trojan-activity; sid:37353861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname nfbxg.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nfbxg.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nfbxg\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//nfbxg.pages.dev"; flow:to_server,established; http.header; content:"nfbxg.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e25652 [] Domain ytytyfghhjhyt77865.cfd"; dns.query; content:"ytytyfghhjhyt77865.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])ytytyfghhjhyt77865\.cfd$/i"; classtype:trojan-activity; sid:36901511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain ytytyfghhjhyt77865.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ytytyfghhjhyt77865.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ytytyfghhjhyt77865\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain ygyjgjygjyfjyfftt6654433.cfd"; dns.query; content:"ygyjgjygjyfjyfftt6654433.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])ygyjgjygjyfjyfftt6654433\.cfd$/i"; classtype:trojan-activity; sid:36901501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain ygyjgjygjyfjyfftt6654433.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ygyjgjygjyfjyfftt6654433.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ygyjgjygjyfjyfftt6654433\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 5.42.65.107 80 (msg: "MISP e25652 [Amos,Atomic Stealer,c2,macOS Stealer] Outgoing To IP: 5.42.65.107|80"; classtype:trojan-activity; sid:36901351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 206.237.15.161 8096 (msg: "MISP e25652 [CobaltStrike,cs-watermark-100000] Outgoing To IP: 206.237.15.161|8096"; classtype:trojan-activity; sid:36901371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain dfjfglklihilughgf434wdfg.cfd"; dns.query; content:"dfjfglklihilughgf434wdfg.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])dfjfglklihilughgf434wdfg\.cfd$/i"; classtype:trojan-activity; sid:36901381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain dfjfglklihilughgf434wdfg.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dfjfglklihilughgf434wdfg.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dfjfglklihilughgf434wdfg\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain ewuhruewhrhurw7837.cfd"; dns.query; content:"ewuhruewhrhurw7837.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewuhruewhrhurw7837\.cfd$/i"; classtype:trojan-activity; sid:36901391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain ewuhruewhrhurw7837.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewuhruewhrhurw7837.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewuhruewhrhurw7837\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain fffsddhddd3.cfd"; dns.query; content:"fffsddhddd3.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])fffsddhddd3\.cfd$/i"; classtype:trojan-activity; sid:36901401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain fffsddhddd3.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fffsddhddd3.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fffsddhddd3\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain ghgfjfgfgfty6765433.cfd"; dns.query; content:"ghgfjfgfgfty6765433.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])ghgfjfgfgfty6765433\.cfd$/i"; classtype:trojan-activity; sid:36901421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain ghgfjfgfgfty6765433.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ghgfjfgfgfty6765433.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ghgfjfgfgfty6765433\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain ghgfttyuujg87654.cfd"; dns.query; content:"ghgfttyuujg87654.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])ghgfttyuujg87654\.cfd$/i"; classtype:trojan-activity; sid:36901431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain ghgfttyuujg87654.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ghgfttyuujg87654.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ghgfttyuujg87654\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain gfffhtdrtggdd654346.cfd"; dns.query; content:"gfffhtdrtggdd654346.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])gfffhtdrtggdd654346\.cfd$/i"; classtype:trojan-activity; sid:36901411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain gfffhtdrtggdd654346.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gfffhtdrtggdd654346.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gfffhtdrtggdd654346\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain hghgfttcdsstyytff655cvhf.cfd"; dns.query; content:"hghgfttcdsstyytff655cvhf.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])hghgfttcdsstyytff655cvhf\.cfd$/i"; classtype:trojan-activity; sid:36901441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain hghgfttcdsstyytff655cvhf.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hghgfttcdsstyytff655cvhf.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hghgfttcdsstyytff655cvhf\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain hjfhwefhuuuuf8383992.cfd"; dns.query; content:"hjfhwefhuuuuf8383992.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])hjfhwefhuuuuf8383992\.cfd$/i"; classtype:trojan-activity; sid:36901451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain hjfhwefhuuuuf8383992.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hjfhwefhuuuuf8383992.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hjfhwefhuuuuf8383992\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain hjghgfgftdrdssst7654345.cfd"; dns.query; content:"hjghgfgftdrdssst7654345.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])hjghgfgftdrdssst7654345\.cfd$/i"; classtype:trojan-activity; sid:36901461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain hjghgfgftdrdssst7654345.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hjghgfgftdrdssst7654345.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hjghgfgftdrdssst7654345\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain hjgjghfgfhgdhfgsed56.cfd"; dns.query; content:"hjgjghfgfhgdhfgsed56.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])hjgjghfgfhgdhfgsed56\.cfd$/i"; classtype:trojan-activity; sid:36901471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain hjgjghfgfhgdhfgsed56.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hjgjghfgfhgdhfgsed56.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hjgjghfgfhgdhfgsed56\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain hjhghyfgtttyuuugfd7654332.cfd"; dns.query; content:"hjhghyfgtttyuuugfd7654332.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])hjhghyfgtttyuuugfd7654332\.cfd$/i"; classtype:trojan-activity; sid:36901481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain hjhghyfgtttyuuugfd7654332.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hjhghyfgtttyuuugfd7654332.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hjhghyfgtttyuuugfd7654332\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [] Domain qweuurgr86765.cfd"; dns.query; content:"qweuurgr86765.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])qweuurgr86765\.cfd$/i"; classtype:trojan-activity; sid:36901491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [] Outgoing HTTP Domain qweuurgr86765.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qweuurgr86765.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qweuurgr86765\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Domain twjdy.freemyip.com"; dns.query; content:"twjdy.freemyip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])twjdy\.freemyip\.com$/i"; classtype:trojan-activity; sid:36901331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain twjdy.freemyip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"twjdy.freemyip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])twjdy\.freemyip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Domain moveleiros-projeto.ddns.net"; dns.query; content:"moveleiros-projeto.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])moveleiros\-projeto\.ddns\.net$/i"; classtype:trojan-activity; sid:36901341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain moveleiros-projeto.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moveleiros-projeto.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moveleiros\-projeto\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 3.140.223.7 15696 (msg: "MISP e25652 [njrat,RAT] Outgoing To IP: 3.140.223.7|15696"; classtype:trojan-activity; sid:36901091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [NanoCore,RAT] Domain tuxy.ddns.net"; dns.query; content:"tuxy.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tuxy\.ddns\.net$/i"; classtype:trojan-activity; sid:36901191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [NanoCore,RAT] Outgoing HTTP Domain tuxy.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tuxy.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tuxy\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 52.8.87.87 17240 (msg: "MISP e25652 [NanoCore,RAT] Outgoing To IP: 52.8.87.87|17240"; classtype:trojan-activity; sid:36901201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 184.72.44.51 17240 (msg: "MISP e25652 [NanoCore,RAT] Outgoing To IP: 184.72.44.51|17240"; classtype:trojan-activity; sid:36901211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 54.193.184.75 17240 (msg: "MISP e25652 [NanoCore,RAT] Outgoing To IP: 54.193.184.75|17240"; classtype:trojan-activity; sid:36901221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 50.18.8.146 17240 (msg: "MISP e25652 [NanoCore,RAT] Outgoing To IP: 50.18.8.146|17240"; classtype:trojan-activity; sid:36901231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [NanoCore,RAT] Domain 0.tcp.us-cal-1.ngrok.io"; dns.query; content:"0.tcp.us-cal-1.ngrok.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])0\.tcp\.us\-cal\-1\.ngrok\.io$/i"; classtype:trojan-activity; sid:36901241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [NanoCore,RAT] Outgoing HTTP Domain 0.tcp.us-cal-1.ngrok.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"0.tcp.us-cal-1.ngrok.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])0\.tcp\.us\-cal\-1\.ngrok\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Domain mail.aist.world"; dns.query; content:"mail.aist.world"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.aist\.world$/i"; classtype:trojan-activity; sid:36901251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain mail.aist.world"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.aist.world"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.aist\.world[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Domain mta4.theaerie.ca"; dns.query; content:"mta4.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])mta4\.theaerie\.ca$/i"; classtype:trojan-activity; sid:36901261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain mta4.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mta4.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mta4\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Domain mta4.sharenscookbook.com"; dns.query; content:"mta4.sharenscookbook.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mta4\.sharenscookbook\.com$/i"; classtype:trojan-activity; sid:36901271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain mta4.sharenscookbook.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mta4.sharenscookbook.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mta4\.sharenscookbook\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Domain mta4.aerostatus.net"; dns.query; content:"mta4.aerostatus.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mta4\.aerostatus\.net$/i"; classtype:trojan-activity; sid:36901281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain mta4.aerostatus.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mta4.aerostatus.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mta4\.aerostatus\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Domain mail4.the-kup-key.com"; dns.query; content:"mail4.the-kup-key.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail4\.the\-kup\-key\.com$/i"; classtype:trojan-activity; sid:36901291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain mail4.the-kup-key.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail4.the-kup-key.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail4\.the\-kup\-key\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Domain ns.go2tr.ir"; dns.query; content:"ns.go2tr.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns\.go2tr\.ir$/i"; classtype:trojan-activity; sid:36901301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain ns.go2tr.ir"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns.go2tr.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns\.go2tr\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 123.207.50.70 8080 (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Outgoing To IP: 123.207.50.70|8080"; classtype:trojan-activity; sid:36901311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 74.48.84.59 23 (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321] Outgoing To IP: 74.48.84.59|23"; classtype:trojan-activity; sid:36901321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [njrat,RAT] Domain vinijr27.duckdns.org"; dns.query; content:"vinijr27.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])vinijr27\.duckdns\.org$/i"; classtype:trojan-activity; sid:36900151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [njrat,RAT] Outgoing HTTP Domain vinijr27.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vinijr27.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vinijr27\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36900152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [njrat,RAT] Domain noiphabibi.ddns.net"; dns.query; content:"noiphabibi.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])noiphabibi\.ddns\.net$/i"; classtype:trojan-activity; sid:36900171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [njrat,RAT] Outgoing HTTP Domain noiphabibi.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"noiphabibi.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])noiphabibi\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36900172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [njrat,RAT] Domain auto-benjamin.gl.at.ply.gg"; dns.query; content:"auto-benjamin.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])auto\-benjamin\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:36900141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [njrat,RAT] Outgoing HTTP Domain auto-benjamin.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auto-benjamin.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auto\-benjamin\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36900142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 213.159.61.169 1177 (msg: "MISP e25652 [njrat,RAT] Outgoing To IP: 213.159.61.169|1177"; classtype:trojan-activity; sid:36900161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 193.161.193.99 30520 (msg: "MISP e25652 [njrat,RAT] Outgoing To IP: 193.161.193.99|30520"; classtype:trojan-activity; sid:36900111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [njrat,RAT] Domain jd03-30520.portmap.io"; dns.query; content:"jd03-30520.portmap.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])jd03\-30520\.portmap\.io$/i"; classtype:trojan-activity; sid:36900121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [njrat,RAT] Outgoing HTTP Domain jd03-30520.portmap.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jd03-30520.portmap.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jd03\-30520\.portmap\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36900122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 147.185.221.18 14881 (msg: "MISP e25652 [njrat,RAT] Outgoing To IP: 147.185.221.18|14881"; classtype:trojan-activity; sid:36900131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 77.105.146.152 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//77.105.146.152/auth/login"; flow:to_server,established; http.header; content:"77.105.146.152"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 185.225.200.120 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//185.225.200.120/auth/login"; flow:to_server,established; http.header; content:"185.225.200.120"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 79.137.194.188 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//79.137.194.188/auth/login"; flow:to_server,established; http.header; content:"79.137.194.188"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 89.208.103.72 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//89.208.103.72/auth/login"; flow:to_server,established; http.header; content:"89.208.103.72"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 193.233.133.97 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//193.233.133.97/auth/login"; flow:to_server,established; http.header; content:"193.233.133.97"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 79.137.202.24 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//79.137.202.24/auth/login"; flow:to_server,established; http.header; content:"79.137.202.24"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 79.137.207.226 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//79.137.207.226/auth/login"; flow:to_server,established; http.header; content:"79.137.207.226"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 64.52.80.13 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//64.52.80.13/auth/login"; flow:to_server,established; http.header; content:"64.52.80.13"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 5.42.78.61 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//5.42.78.61/auth/login"; flow:to_server,established; http.header; content:"5.42.78.61"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 79.137.199.199 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//79.137.199.199/auth/login"; flow:to_server,established; http.header; content:"79.137.199.199"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 77.105.147.196 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//77.105.147.196/auth/login"; flow:to_server,established; http.header; content:"77.105.147.196"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 95.181.173.235 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//95.181.173.235/auth/login"; flow:to_server,established; http.header; content:"95.181.173.235"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 95.181.173.8 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//95.181.173.8/auth/login"; flow:to_server,established; http.header; content:"95.181.173.8"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 79.137.203.233 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//79.137.203.233/auth/login"; flow:to_server,established; http.header; content:"79.137.203.233"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 94.228.170.86 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//94.228.170.86/auth/login"; flow:to_server,established; http.header; content:"94.228.170.86"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 194.87.71.159 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//194.87.71.159/auth/login"; flow:to_server,established; http.header; content:"194.87.71.159"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 178.236.246.253 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//178.236.246.253/auth/login"; flow:to_server,established; http.header; content:"178.236.246.253"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 79.137.203.80 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//79.137.203.80/auth/login"; flow:to_server,established; http.header; content:"79.137.203.80"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 185.106.94.70 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//185.106.94.70/auth/login"; flow:to_server,established; http.header; content:"185.106.94.70"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 185.17.0.222 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//185.17.0.222/auth/login"; flow:to_server,established; http.header; content:"185.17.0.222"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 45.74.19.107 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//45.74.19.107/auth/login"; flow:to_server,established; http.header; content:"45.74.19.107"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 5.42.72.48 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//5.42.72.48/auth/login"; flow:to_server,established; http.header; content:"5.42.72.48"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 51.81.243.237 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//51.81.243.237/auth/login"; flow:to_server,established; http.header; content:"51.81.243.237"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 74.50.93.136 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//74.50.93.136/auth/login"; flow:to_server,established; http.header; content:"74.50.93.136"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 178.20.43.135 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//178.20.43.135/auth/login"; flow:to_server,established; http.header; content:"178.20.43.135"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 109.107.173.48 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//109.107.173.48/auth/login"; flow:to_server,established; http.header; content:"109.107.173.48"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 78.141.239.24 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//78.141.239.24/auth/login"; flow:to_server,established; http.header; content:"78.141.239.24"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 5.42.72.7 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//5.42.72.7/auth/login"; flow:to_server,established; http.header; content:"5.42.72.7"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 178.20.46.217 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//178.20.46.217/auth/login"; flow:to_server,established; http.header; content:"178.20.46.217"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 95.181.173.233 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//95.181.173.233/auth/login"; flow:to_server,established; http.header; content:"95.181.173.233"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 79.137.207.44 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//79.137.207.44/auth/login"; flow:to_server,established; http.header; content:"79.137.207.44"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 109.107.181.169 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//109.107.181.169/auth/login"; flow:to_server,established; http.header; content:"109.107.181.169"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 89.185.85.132 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//89.185.85.132/auth/login"; flow:to_server,established; http.header; content:"89.185.85.132"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 178.236.246.39 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//178.236.246.39/auth/login"; flow:to_server,established; http.header; content:"178.236.246.39"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 212.113.116.56 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//212.113.116.56/auth/login"; flow:to_server,established; http.header; content:"212.113.116.56"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 20.0.25.177 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//20.0.25.177/auth/login"; flow:to_server,established; http.header; content:"20.0.25.177"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 8.217.23.144 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//8.217.23.144/auth/login"; flow:to_server,established; http.header; content:"8.217.23.144"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 45.150.65.121 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//45.150.65.121/auth/login"; flow:to_server,established; http.header; content:"45.150.65.121"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 185.106.94.31 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//185.106.94.31/auth/login"; flow:to_server,established; http.header; content:"185.106.94.31"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 212.118.52.90 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//212.118.52.90/auth/login"; flow:to_server,established; http.header; content:"212.118.52.90"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 178.236.247.9 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//178.236.247.9/auth/login"; flow:to_server,established; http.header; content:"178.236.247.9"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 185.26.239.246 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//185.26.239.246/auth/login"; flow:to_server,established; http.header; content:"185.26.239.246"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 193.233.133.81 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//193.233.133.81/auth/login"; flow:to_server,established; http.header; content:"193.233.133.81"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 95.181.173.181 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//95.181.173.181/auth/login"; flow:to_server,established; http.header; content:"95.181.173.181"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 185.149.146.159 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//185.149.146.159/auth/login"; flow:to_server,established; http.header; content:"185.149.146.159"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 146.70.161.13 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//146.70.161.13/auth/login"; flow:to_server,established; http.header; content:"146.70.161.13"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 5.42.77.121 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//5.42.77.121/auth/login"; flow:to_server,established; http.header; content:"5.42.77.121"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 79.137.202.225 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//79.137.202.225/auth/login"; flow:to_server,established; http.header; content:"79.137.202.225"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 20.90.160.195 8082 (msg: "MISP e25652 [hook,HookBot] Outgoing To IP: 20.90.160.195|8082"; classtype:trojan-activity; sid:36900321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 207.180.224.118 8082 (msg: "MISP e25652 [hook,HookBot] Outgoing To IP: 207.180.224.118|8082"; classtype:trojan-activity; sid:36900301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 91.92.249.240 8082 (msg: "MISP e25652 [hook,HookBot] Outgoing To IP: 91.92.249.240|8082"; classtype:trojan-activity; sid:36900311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 195.10.205.18 8082 (msg: "MISP e25652 [hook,HookBot] Outgoing To IP: 195.10.205.18|8082"; classtype:trojan-activity; sid:36900281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 154.198.245.50 8082 (msg: "MISP e25652 [hook,HookBot] Outgoing To IP: 154.198.245.50|8082"; classtype:trojan-activity; sid:36900261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 194.195.245.97 8082 (msg: "MISP e25652 [hook,HookBot] Outgoing To IP: 194.195.245.97|8082"; classtype:trojan-activity; sid:36900291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 94.131.113.192 8082 (msg: "MISP e25652 [hook,HookBot] Outgoing To IP: 94.131.113.192|8082"; classtype:trojan-activity; sid:36900251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 31.42.190.137 8082 (msg: "MISP e25652 [hook,HookBot] Outgoing To IP: 31.42.190.137|8082"; classtype:trojan-activity; sid:36900271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 195.85.207.219 8082 (msg: "MISP e25652 [hook,HookBot] Outgoing To IP: 195.85.207.219|8082"; classtype:trojan-activity; sid:36900231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 31.210.50.162 8082 (msg: "MISP e25652 [hook,HookBot] Outgoing To IP: 31.210.50.162|8082"; classtype:trojan-activity; sid:36900241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 77.105.147.136 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//77.105.147.136/auth/login"; flow:to_server,established; http.header; content:"77.105.147.136"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 5.182.87.27 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//5.182.87.27/auth/login"; flow:to_server,established; http.header; content:"5.182.87.27"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 95.181.173.28 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//95.181.173.28/auth/login"; flow:to_server,established; http.header; content:"95.181.173.28"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 5.182.87.160 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//5.182.87.160/auth/login"; flow:to_server,established; http.header; content:"5.182.87.160"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 85.192.63.35 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//85.192.63.35/auth/login"; flow:to_server,established; http.header; content:"85.192.63.35"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 89.185.85.34 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//89.185.85.34/auth/login"; flow:to_server,established; http.header; content:"89.185.85.34"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 79.137.205.201 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//79.137.205.201/auth/login"; flow:to_server,established; http.header; content:"79.137.205.201"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 85.192.63.65 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//85.192.63.65/auth/login"; flow:to_server,established; http.header; content:"85.192.63.65"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 79.137.205.179 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//79.137.205.179/auth/login"; flow:to_server,established; http.header; content:"79.137.205.179"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 194.87.31.20 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//194.87.31.20/auth/login"; flow:to_server,established; http.header; content:"194.87.31.20"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 95.216.100.78 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//95.216.100.78/auth/login"; flow:to_server,established; http.header; content:"95.216.100.78"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 77.105.147.90 $HTTP_PORTS (msg: "MISP e25652 [Medusa,MedusaStealer,Meduza] Outgoing URL http|3a|//77.105.147.90/auth/login"; flow:to_server,established; http.header; content:"77.105.147.90"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 172.187.200.225 443 (msg: "MISP e25652 [] Outgoing To IP: 172.187.200.225|443"; classtype:trojan-activity; sid:36901521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 101.37.14.112 8899 (msg: "MISP e25652 [] Outgoing To IP: 101.37.14.112|8899"; classtype:trojan-activity; sid:36901531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 3.127.138.57 17960 (msg: "MISP e25652 [njrat,RAT] Outgoing To IP: 3.127.138.57|17960"; classtype:trojan-activity; sid:36901541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [CobaltStrike,cs-watermark-1551089073,DIGITALOCEAN-ASN] Domain adibh.azureedge.net"; dns.query; content:"adibh.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])adibh\.azureedge\.net$/i"; classtype:trojan-activity; sid:36901561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [CobaltStrike,cs-watermark-1551089073,DIGITALOCEAN-ASN] Outgoing HTTP Domain adibh.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adibh.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adibh\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 104.131.9.172 443 (msg: "MISP e25652 [CobaltStrike,cs-watermark-1551089073,DIGITALOCEAN-ASN] Outgoing To IP: 104.131.9.172|443"; classtype:trojan-activity; sid:36901571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 47.119.19.34 9999 (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing To IP: 47.119.19.34|9999"; classtype:trojan-activity; sid:36901581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [CobaltStrike,cs-watermark-1032681566,DigitalOcean LLC] Domain k-hbgsakedfme8azej.a03.azurefd.net"; dns.query; content:"k-hbgsakedfme8azej.a03.azurefd.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-hbgsakedfme8azej\.a03\.azurefd\.net$/i"; classtype:trojan-activity; sid:36901601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [CobaltStrike,cs-watermark-1032681566,DigitalOcean LLC] Outgoing HTTP Domain k-hbgsakedfme8azej.a03.azurefd.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-hbgsakedfme8azej.a03.azurefd.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-hbgsakedfme8azej\.a03\.azurefd\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 107.189.14.144 8080 (msg: "MISP e25652 [CobaltStrike,cs-watermark-987654321,PONYNET] Outgoing URL http|3a|//107.189.14.144|3a|8080/ca"; flow:to_server,established; http.header; content:"107.189.14.144"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36901621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [Amazon.com Inc.,CobaltStrike,cs-watermark-589039153] Domain d2zp39t2eezbsc.cloudfront.net"; dns.query; content:"d2zp39t2eezbsc.cloudfront.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])d2zp39t2eezbsc\.cloudfront\.net$/i"; classtype:trojan-activity; sid:36901641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [Amazon.com Inc.,CobaltStrike,cs-watermark-589039153] Outgoing HTTP Domain d2zp39t2eezbsc.cloudfront.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"d2zp39t2eezbsc.cloudfront.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])d2zp39t2eezbsc\.cloudfront\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [Amazon.com Inc.,CobaltStrike,cs-watermark-589039153] Domain dmobd90auod5w.cloudfront.net"; dns.query; content:"dmobd90auod5w.cloudfront.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])dmobd90auod5w\.cloudfront\.net$/i"; classtype:trojan-activity; sid:36901661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [Amazon.com Inc.,CobaltStrike,cs-watermark-589039153] Outgoing HTTP Domain dmobd90auod5w.cloudfront.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dmobd90auod5w.cloudfront.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dmobd90auod5w\.cloudfront\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 107.23.38.171 443 (msg: "MISP e25652 [Amazon.com Inc.,CobaltStrike,cs-watermark-589039153] Outgoing To IP: 107.23.38.171|443"; classtype:trojan-activity; sid:36901671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 101.33.221.102 8888 (msg: "MISP e25652 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//101.33.221.102|3a|8888/dpixel"; flow:to_server,established; http.header; content:"101.33.221.102"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36901681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 185.172.128.79 $HTTP_PORTS (msg: "MISP e25652 [Stealc] Outgoing URL http|3a|//185.172.128.79/3cd2b41cbde8fc9c.php"; flow:to_server,established; http.header; content:"185.172.128.79"; fast_pattern; nocase; http.uri; content:"/3cd2b41cbde8fc9c.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36901711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 175.41.143.87 443 (msg: "MISP e25652 [c2,win.havoc] Outgoing To IP: 175.41.143.87|443"; classtype:trojan-activity; sid:36901721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 3.83.182.180 443 (msg: "MISP e25652 [c2,win.havoc] Outgoing To IP: 3.83.182.180|443"; classtype:trojan-activity; sid:36901731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 13.235.8.98 443 (msg: "MISP e25652 [c2,win.havoc] Outgoing To IP: 13.235.8.98|443"; classtype:trojan-activity; sid:36901741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 44.200.32.105 443 (msg: "MISP e25652 [c2,win.havoc] Outgoing To IP: 44.200.32.105|443"; classtype:trojan-activity; sid:36901751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 104.248.249.135 80 (msg: "MISP e25652 [c2,win.havoc] Outgoing To IP: 104.248.249.135|80"; classtype:trojan-activity; sid:36901761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 88.99.150.167 8080 (msg: "MISP e25652 [c2,win.havoc] Outgoing To IP: 88.99.150.167|8080"; classtype:trojan-activity; sid:36901771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 88.99.150.149 4444 (msg: "MISP e25652 [c2,win.havoc] Outgoing To IP: 88.99.150.149|4444"; classtype:trojan-activity; sid:36901781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 88.99.150.167 4444 (msg: "MISP e25652 [c2,win.havoc] Outgoing To IP: 88.99.150.167|4444"; classtype:trojan-activity; sid:36901791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 91.92.253.204 8080 (msg: "MISP e25652 [c2,win.havoc] Outgoing To IP: 91.92.253.204|8080"; classtype:trojan-activity; sid:36901801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 148.135.34.21 443 (msg: "MISP e25652 [c2,win.havoc] Outgoing To IP: 148.135.34.21|443"; classtype:trojan-activity; sid:36901811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 210.56.49.4 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 210.56.49.4|8848"; classtype:trojan-activity; sid:36901821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 171.80.234.90 25565 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 171.80.234.90|25565"; classtype:trojan-activity; sid:36901831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 85.209.176.79 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 85.209.176.79|8848"; classtype:trojan-activity; sid:36901841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 171.80.235.135 25565 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 171.80.235.135|25565"; classtype:trojan-activity; sid:36901851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 154.204.178.170 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 154.204.178.170|8848"; classtype:trojan-activity; sid:36901861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 183.105.191.36 80 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 183.105.191.36|80"; classtype:trojan-activity; sid:36901871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 64.176.217.187 6666 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 64.176.217.187|6666"; classtype:trojan-activity; sid:36901881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 171.80.251.240 25565 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 171.80.251.240|25565"; classtype:trojan-activity; sid:36901891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 95.72.172.97 9080 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 95.72.172.97|9080"; classtype:trojan-activity; sid:36901901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 213.226.117.48 1337 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 213.226.117.48|1337"; classtype:trojan-activity; sid:36901911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 91.92.255.107 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 91.92.255.107|8848"; classtype:trojan-activity; sid:36901921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 166.88.61.138 9898 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 166.88.61.138|9898"; classtype:trojan-activity; sid:36901931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 91.92.249.225 2023 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 91.92.249.225|2023"; classtype:trojan-activity; sid:36901941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 171.41.199.216 25565 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 171.41.199.216|25565"; classtype:trojan-activity; sid:36901951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 94.156.69.93 4444 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 94.156.69.93|4444"; classtype:trojan-activity; sid:36901961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 141.255.146.46 80 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 141.255.146.46|80"; classtype:trojan-activity; sid:36901971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 154.247.197.111 80 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 154.247.197.111|80"; classtype:trojan-activity; sid:36901981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 154.246.107.125 80 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 154.246.107.125|80"; classtype:trojan-activity; sid:36901991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 171.80.235.121 25565 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 171.80.235.121|25565"; classtype:trojan-activity; sid:36902001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 154.247.243.232 80 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 154.247.243.232|80"; classtype:trojan-activity; sid:36902011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 139.99.186.184 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 139.99.186.184|8848"; classtype:trojan-activity; sid:36902021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 198.13.49.217 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 198.13.49.217|8848"; classtype:trojan-activity; sid:36902031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 154.246.204.6 80 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 154.246.204.6|80"; classtype:trojan-activity; sid:36902041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 141.255.159.135 80 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 141.255.159.135|80"; classtype:trojan-activity; sid:36902051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 38.181.35.232 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 38.181.35.232|8848"; classtype:trojan-activity; sid:36902061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 141.255.159.87 80 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 141.255.159.87|80"; classtype:trojan-activity; sid:36902071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 47.242.73.99 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 47.242.73.99|8848"; classtype:trojan-activity; sid:36902081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 45.76.196.96 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 45.76.196.96|8848"; classtype:trojan-activity; sid:36902091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 91.92.242.235 9898 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 91.92.242.235|9898"; classtype:trojan-activity; sid:36902101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 111.92.243.131 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 111.92.243.131|8848"; classtype:trojan-activity; sid:36902111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 178.236.247.250 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 178.236.247.250|8848"; classtype:trojan-activity; sid:36902121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 45.76.12.238 5555 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 45.76.12.238|5555"; classtype:trojan-activity; sid:36902131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 186.169.69.242 8523 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 186.169.69.242|8523"; classtype:trojan-activity; sid:36902141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 192.253.251.98 8848 (msg: "MISP e25652 [c2,win.dcrat] Outgoing To IP: 192.253.251.98|8848"; classtype:trojan-activity; sid:36902151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25652 [NanoCore,RAT] Domain updacon.hopto.org"; dns.query; content:"updacon.hopto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])updacon\.hopto\.org$/i"; classtype:trojan-activity; sid:36901701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25652 [NanoCore,RAT] Outgoing HTTP Domain updacon.hopto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"updacon.hopto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])updacon\.hopto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36901702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 94.156.69.37 54984 (msg: "MISP e25652 [NanoCore,RAT] Outgoing To IP: 94.156.69.37|54984"; classtype:trojan-activity; sid:36901691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 159.65.156.37 9990 (msg: "MISP e25652 [c2,win.meterpreter] Outgoing To IP: 159.65.156.37|9990"; classtype:trojan-activity; sid:36902161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 94.188.60.245 3333 (msg: "MISP e25652 [c2,win.meterpreter] Outgoing To IP: 94.188.60.245|3333"; classtype:trojan-activity; sid:36902171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 178.63.172.20 443 (msg: "MISP e25652 [c2,win.meterpreter] Outgoing To IP: 178.63.172.20|443"; classtype:trojan-activity; sid:36902181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 103.223.12.163 3790 (msg: "MISP e25652 [c2,win.meterpreter] Outgoing To IP: 103.223.12.163|3790"; classtype:trojan-activity; sid:36902191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 141.255.167.250 4760 (msg: "MISP e25652 [c2,win.meterpreter] Outgoing To IP: 141.255.167.250|4760"; classtype:trojan-activity; sid:36902201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 147.229.148.205 5000 (msg: "MISP e25652 [c2,win.meterpreter] Outgoing To IP: 147.229.148.205|5000"; classtype:trojan-activity; sid:36902211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 109.205.61.95 3777 (msg: "MISP e25652 [c2,win.meterpreter] Outgoing To IP: 109.205.61.95|3777"; classtype:trojan-activity; sid:36902221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 171.5.180.138 3790 (msg: "MISP e25652 [c2,win.meterpreter] Outgoing To IP: 171.5.180.138|3790"; classtype:trojan-activity; sid:36902231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 218.161.70.146 80 (msg: "MISP e25652 [c2,win.empire_downloader] Outgoing To IP: 218.161.70.146|80"; classtype:trojan-activity; sid:36902241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 194.9.172.238 1443 (msg: "MISP e25652 [c2,win.empire_downloader] Outgoing To IP: 194.9.172.238|1443"; classtype:trojan-activity; sid:36902251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 91.92.244.240 1234 (msg: "MISP e25652 [c2,win.bit_rat] Outgoing To IP: 91.92.244.240|1234"; classtype:trojan-activity; sid:36902261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 123.206.29.183 1234 (msg: "MISP e25652 [c2,win.bit_rat] Outgoing To IP: 123.206.29.183|1234"; classtype:trojan-activity; sid:36902271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 195.201.242.216 443 (msg: "MISP e25652 [c2,win.bit_rat] Outgoing To IP: 195.201.242.216|443"; classtype:trojan-activity; sid:36902281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 167.235.26.247 9300 (msg: "MISP e25652 [c2,win.bit_rat] Outgoing To IP: 167.235.26.247|9300"; classtype:trojan-activity; sid:36902291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 91.206.178.118 $HTTP_PORTS (msg: "MISP e25652 [Stealc] Outgoing URL http|3a|//91.206.178.118/31b57f88e9b186cd.php"; flow:to_server,established; http.header; content:"91.206.178.118"; fast_pattern; nocase; http.uri; content:"/31b57f88e9b186cd.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36902301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 185.172.128.24 $HTTP_PORTS (msg: "MISP e25652 [Stealc] Outgoing URL http|3a|//185.172.128.24/f993692117a3fda2.php"; flow:to_server,established; http.header; content:"185.172.128.24"; fast_pattern; nocase; http.uri; content:"/f993692117a3fda2.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36902311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 175.24.197.196 53576 (msg: "MISP e25652 [asyncrat] Outgoing To IP: 175.24.197.196|53576"; classtype:trojan-activity; sid:36902321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 51.158.96.140 443 (msg: "MISP e25652 [Bianlian Go Trojan,Online SAS] Outgoing To IP: 51.158.96.140|443"; classtype:trojan-activity; sid:36902331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 38.62.236.182 34712 (msg: "MISP e25652 [Bianlian Go Trojan,SERVER-MANIA] Outgoing To IP: 38.62.236.182|34712"; classtype:trojan-activity; sid:36902341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 143.198.78.107 443 (msg: "MISP e25652 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 143.198.78.107|443"; classtype:trojan-activity; sid:36902351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 193.178.147.164 8010 (msg: "MISP e25652 [Havoc,MIROHOST Web hosting datacenter and domain names registration in Ukraine] Outgoing To IP: 193.178.147.164|8010"; classtype:trojan-activity; sid:36902361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 86.222.181.33 2222 (msg: "MISP e25652 [France Telecom - Orange,QakBot] Outgoing To IP: 86.222.181.33|2222"; classtype:trojan-activity; sid:36902371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 94.98.76.163 443 (msg: "MISP e25652 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 94.98.76.163|443"; classtype:trojan-activity; sid:36902381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 31.190.194.12 443 (msg: "MISP e25652 [ASN-WINDTRE IUNET,QakBot] Outgoing To IP: 31.190.194.12|443"; classtype:trojan-activity; sid:36902391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 74.12.144.248 2222 (msg: "MISP e25652 [BACOM,QakBot] Outgoing To IP: 74.12.144.248|2222"; classtype:trojan-activity; sid:36902401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 154.246.150.122 2078 (msg: "MISP e25652 [ALGTEL-AS,QakBot] Outgoing To IP: 154.246.150.122|2078"; classtype:trojan-activity; sid:36902411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 142.154.101.77 443 (msg: "MISP e25652 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 142.154.101.77|443"; classtype:trojan-activity; sid:36902421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 74.48.220.31 8888 (msg: "MISP e25652 [MULTA-ASN1,Supershell] Outgoing To IP: 74.48.220.31|8888"; classtype:trojan-activity; sid:36902431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 103.66.59.68 8888 (msg: "MISP e25652 [IDCCLOUD,Supershell] Outgoing To IP: 103.66.59.68|8888"; classtype:trojan-activity; sid:36902441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 94.156.69.136 1337 (msg: "MISP e25652 [asyncrat,c2] Outgoing To IP: 94.156.69.136|1337"; classtype:trojan-activity; sid:36902451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 3.127.253.86 16322 (msg: "MISP e25652 [njrat] Outgoing To IP: 3.127.253.86|16322"; classtype:trojan-activity; sid:36902461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 3.121.139.82 16322 (msg: "MISP e25652 [njrat] Outgoing To IP: 3.121.139.82|16322"; classtype:trojan-activity; sid:36902471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 91.230.110.126 4321 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 91.230.110.126|4321"; classtype:trojan-activity; sid:36902481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 103.13.210.210 8080 (msg: "MISP e25652 [OrcusRAT] Outgoing To IP: 103.13.210.210|8080"; classtype:trojan-activity; sid:36902491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert dns any any -> any any (msg: "MISP e25650 [] Domain itavbancaempresas.online"; dns.query; content:"itavbancaempresas.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])itavbancaempresas\.online$/i"; classtype:trojan-activity; sid:36899951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25650;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25650 [] Outgoing HTTP Domain itavbancaempresas.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"itavbancaempresas.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])itavbancaempresas\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36899952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25650;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname apps.telegramdown.com"; dns.query; content:"apps.telegramdown.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apps\.telegramdown\.com$/i"; classtype:trojan-activity; sid:37353891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname apps.telegramdown.com"; flow:to_server,established; http.header; content: "Host|3a| apps.telegramdown.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apps\.telegramdown\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname learningcoursesfree.com"; dns.query; content:"learningcoursesfree.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])learningcoursesfree\.com$/i"; classtype:trojan-activity; sid:37353921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname learningcoursesfree.com"; flow:to_server,established; http.header; content: "Host|3a| learningcoursesfree.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])learningcoursesfree\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//learningcoursesfree.com/"; flow:to_server,established; http.header; content:"learningcoursesfree.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telergraml.org"; dns.query; content:"telergraml.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telergraml\.org$/i"; classtype:trojan-activity; sid:37353951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telergraml.org"; flow:to_server,established; http.header; content: "Host|3a| telergraml.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telergraml\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//telergraml.org/"; flow:to_server,established; http.header; content:"telergraml.org"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegraml.wang"; dns.query; content:"telegraml.wang"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegraml\.wang$/i"; classtype:trojan-activity; sid:37353981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegraml.wang"; flow:to_server,established; http.header; content: "Host|3a| telegraml.wang"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegraml\.wang[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37353982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//telegraml.wang/"; flow:to_server,established; http.header; content:"telegraml.wang"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37353991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegreman.fit"; dns.query; content:"telegreman.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegreman\.fit$/i"; classtype:trojan-activity; sid:37354011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegreman.fit"; flow:to_server,established; http.header; content: "Host|3a| telegreman.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegreman\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//telegreman.fit/"; flow:to_server,established; http.header; content:"telegreman.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telepczam.club"; dns.query; content:"telepczam.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telepczam\.club$/i"; classtype:trojan-activity; sid:37354041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telepczam.club"; flow:to_server,established; http.header; content: "Host|3a| telepczam.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telepczam\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//telepczam.club/"; flow:to_server,established; http.header; content:"telepczam.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname trustwallet-restoresweb-restore.webflow.io"; dns.query; content:"trustwallet-restoresweb-restore.webflow.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trustwallet\-restoresweb\-restore\.webflow\.io$/i"; classtype:trojan-activity; sid:37354071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname trustwallet-restoresweb-restore.webflow.io"; flow:to_server,established; http.header; content: "Host|3a| trustwallet-restoresweb-restore.webflow.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trustwallet\-restoresweb\-restore\.webflow\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname snapchatedating.pages.dev"; dns.query; content:"snapchatedating.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snapchatedating\.pages\.dev$/i"; classtype:trojan-activity; sid:37354101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname snapchatedating.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| snapchatedating.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snapchatedating\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//snapchatedating.pages.dev"; flow:to_server,established; http.header; content:"snapchatedating.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname granulitize.info"; dns.query; content:"granulitize.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])granulitize\.info$/i"; classtype:trojan-activity; sid:37354191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname granulitize.info"; flow:to_server,established; http.header; content: "Host|3a| granulitize.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])granulitize\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname blockchainsdapps.pages.dev"; dns.query; content:"blockchainsdapps.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsdapps\.pages\.dev$/i"; classtype:trojan-activity; sid:37354221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname blockchainsdapps.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchainsdapps.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsdapps\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//blockchainsdapps.pages.dev"; flow:to_server,established; http.header; content:"blockchainsdapps.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname pixelartfcontests.pages.dev"; dns.query; content:"pixelartfcontests.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelartfcontests\.pages\.dev$/i"; classtype:trojan-activity; sid:37354251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname pixelartfcontests.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pixelartfcontests.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelartfcontests\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//pixelartfcontests.pages.dev"; flow:to_server,established; http.header; content:"pixelartfcontests.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname oreau.pages.dev"; dns.query; content:"oreau.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oreau\.pages\.dev$/i"; classtype:trojan-activity; sid:37354281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname oreau.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| oreau.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oreau\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//oreau.pages.dev"; flow:to_server,established; http.header; content:"oreau.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname zzdxy.pages.dev"; dns.query; content:"zzdxy.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zzdxy\.pages\.dev$/i"; classtype:trojan-activity; sid:37354311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname zzdxy.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| zzdxy.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zzdxy\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//zzdxy.pages.dev"; flow:to_server,established; http.header; content:"zzdxy.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname sjdfoeusoednhskiuovescenisu03.pages.dev"; dns.query; content:"sjdfoeusoednhskiuovescenisu03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjdfoeusoednhskiuovescenisu03\.pages\.dev$/i"; classtype:trojan-activity; sid:37354341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname sjdfoeusoednhskiuovescenisu03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sjdfoeusoednhskiuovescenisu03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjdfoeusoednhskiuovescenisu03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//sjdfoeusoednhskiuovescenisu03.pages.dev"; flow:to_server,established; http.header; content:"sjdfoeusoednhskiuovescenisu03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname sexmexfree.pages.dev"; dns.query; content:"sexmexfree.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sexmexfree\.pages\.dev$/i"; classtype:trojan-activity; sid:37354371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname sexmexfree.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sexmexfree.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sexmexfree\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//sexmexfree.pages.dev"; flow:to_server,established; http.header; content:"sexmexfree.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname crcovid.mtsi-test.com"; dns.query; content:"crcovid.mtsi-test.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crcovid\.mtsi\-test\.com$/i"; classtype:trojan-activity; sid:37354401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname crcovid.mtsi-test.com"; flow:to_server,established; http.header; content: "Host|3a| crcovid.mtsi-test.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crcovid\.mtsi\-test\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname booking-eu.selverlf-6532.com"; dns.query; content:"booking-eu.selverlf-6532.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])booking\-eu\.selverlf\-6532\.com$/i"; classtype:trojan-activity; sid:37354431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname booking-eu.selverlf-6532.com"; flow:to_server,established; http.header; content: "Host|3a| booking-eu.selverlf-6532.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])booking\-eu\.selverlf\-6532\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname newtonglenwood90.wixsite.com"; dns.query; content:"newtonglenwood90.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newtonglenwood90\.wixsite\.com$/i"; classtype:trojan-activity; sid:37354461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname newtonglenwood90.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| newtonglenwood90.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newtonglenwood90\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname bt-103513.weeblysite.com"; dns.query; content:"bt-103513.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-103513\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37354491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname bt-103513.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-103513.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-103513\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname dreal123.wixsite.com"; dns.query; content:"dreal123.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dreal123\.wixsite\.com$/i"; classtype:trojan-activity; sid:37354521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname dreal123.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| dreal123.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dreal123\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname ehazinemaliye418.com"; dns.query; content:"ehazinemaliye418.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehazinemaliye418\.com$/i"; classtype:trojan-activity; sid:37354551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname ehazinemaliye418.com"; flow:to_server,established; http.header; content: "Host|3a| ehazinemaliye418.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehazinemaliye418\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//ehazinemaliye418.com"; flow:to_server,established; http.header; content:"ehazinemaliye418.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname cisamauc.sc.gov.br"; dns.query; content:"cisamauc.sc.gov.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cisamauc\.sc\.gov\.br$/i"; classtype:trojan-activity; sid:37354581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname cisamauc.sc.gov.br"; flow:to_server,established; http.header; content: "Host|3a| cisamauc.sc.gov.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cisamauc\.sc\.gov\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 365e99.top"; dns.query; content:"365e99.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365e99\.top$/i"; classtype:trojan-activity; sid:37354611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 365e99.top"; flow:to_server,established; http.header; content: "Host|3a| 365e99.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365e99\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname managementdomaildevolopmentservicesdomailname3.pages.dev"; dns.query; content:"managementdomaildevolopmentservicesdomailname3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])managementdomaildevolopmentservicesdomailname3\.pages\.dev$/i"; classtype:trojan-activity; sid:37354641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname managementdomaildevolopmentservicesdomailname3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| managementdomaildevolopmentservicesdomailname3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])managementdomaildevolopmentservicesdomailname3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//managementdomaildevolopmentservicesdomailname3.pages.dev"; flow:to_server,established; http.header; content:"managementdomaildevolopmentservicesdomailname3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegram69.pages.dev"; dns.query; content:"telegram69.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram69\.pages\.dev$/i"; classtype:trojan-activity; sid:37354671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegram69.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegram69.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram69\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname aipaddapps.pages.dev"; dns.query; content:"aipaddapps.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aipaddapps\.pages\.dev$/i"; classtype:trojan-activity; sid:37354701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname aipaddapps.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| aipaddapps.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aipaddapps\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//aipaddapps.pages.dev"; flow:to_server,established; http.header; content:"aipaddapps.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tgadminuser.webpp.club"; dns.query; content:"tgadminuser.webpp.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webpp\.club$/i"; classtype:trojan-activity; sid:37354731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tgadminuser.webpp.club"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.webpp.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webpp\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tp6.app"; dns.query; content:"tp6.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp6\.app$/i"; classtype:trojan-activity; sid:37354761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tp6.app"; flow:to_server,established; http.header; content: "Host|3a| tp6.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp6\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tp6.app"; flow:to_server,established; http.header; content:"tp6.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname hello-world-billowing-cherry-c3ef.dollarjar.workers.dev"; dns.query; content:"hello-world-billowing-cherry-c3ef.dollarjar.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-billowing\-cherry\-c3ef\.dollarjar\.workers\.dev$/i"; classtype:trojan-activity; sid:37354791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname hello-world-billowing-cherry-c3ef.dollarjar.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-billowing-cherry-c3ef.dollarjar.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-billowing\-cherry\-c3ef\.dollarjar\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//hello-world-billowing-cherry-c3ef.dollarjar.workers.dev"; flow:to_server,established; http.header; content:"hello-world-billowing-cherry-c3ef.dollarjar.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tokenn.me"; dns.query; content:"tokenn.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenn\.me$/i"; classtype:trojan-activity; sid:37354821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tokenn.me"; flow:to_server,established; http.header; content: "Host|3a| tokenn.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenn\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tokenn.me"; flow:to_server,established; http.header; content:"tokenn.me"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tpwallet.run"; dns.query; content:"tpwallet.run"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tpwallet\.run$/i"; classtype:trojan-activity; sid:37354851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tpwallet.run"; flow:to_server,established; http.header; content: "Host|3a| tpwallet.run"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tpwallet\.run[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tpwallet.run"; flow:to_server,established; http.header; content:"tpwallet.run"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tpwall.app"; dns.query; content:"tpwall.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tpwall\.app$/i"; classtype:trojan-activity; sid:37354881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tpwall.app"; flow:to_server,established; http.header; content: "Host|3a| tpwall.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tpwall\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tpwall.app"; flow:to_server,established; http.header; content:"tpwall.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tpvip.app"; dns.query; content:"tpvip.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tpvip\.app$/i"; classtype:trojan-activity; sid:37354911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tpvip.app"; flow:to_server,established; http.header; content: "Host|3a| tpvip.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tpvip\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tpvip.app"; flow:to_server,established; http.header; content:"tpvip.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname microsoft-login-proxy-xcxvx.hlwdy.workers.dev"; dns.query; content:"microsoft-login-proxy-xcxvx.hlwdy.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsoft\-login\-proxy\-xcxvx\.hlwdy\.workers\.dev$/i"; classtype:trojan-activity; sid:37354941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname microsoft-login-proxy-xcxvx.hlwdy.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| microsoft-login-proxy-xcxvx.hlwdy.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsoft\-login\-proxy\-xcxvx\.hlwdy\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//microsoft-login-proxy-xcxvx.hlwdy.workers.dev"; flow:to_server,established; http.header; content:"microsoft-login-proxy-xcxvx.hlwdy.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tokznp02kpt.pro"; dns.query; content:"tokznp02kpt.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokznp02kpt\.pro$/i"; classtype:trojan-activity; sid:37354971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tokznp02kpt.pro"; flow:to_server,established; http.header; content: "Host|3a| tokznp02kpt.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokznp02kpt\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37354972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tokznp02kpt.pro"; flow:to_server,established; http.header; content:"tokznp02kpt.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37354981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname service-106938.weeblysite.com"; dns.query; content:"service-106938.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])service\-106938\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37355001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname service-106938.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| service-106938.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])service\-106938\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname sjhw.weeblysite.com"; dns.query; content:"sjhw.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjhw\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37355031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname sjhw.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| sjhw.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjhw\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uatomaticdomainnameservergrephicesdesigns03.pages.dev"; dns.query; content:"uatomaticdomainnameservergrephicesdesigns03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uatomaticdomainnameservergrephicesdesigns03\.pages\.dev$/i"; classtype:trojan-activity; sid:37355061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uatomaticdomainnameservergrephicesdesigns03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| uatomaticdomainnameservergrephicesdesigns03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uatomaticdomainnameservergrephicesdesigns03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//uatomaticdomainnameservergrephicesdesigns03.pages.dev"; flow:to_server,established; http.header; content:"uatomaticdomainnameservergrephicesdesigns03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname bransh.weeblysite.com"; dns.query; content:"bransh.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bransh\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37355091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname bransh.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bransh.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bransh\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname jkghjkhjkhjk.pages.dev"; dns.query; content:"jkghjkhjkhjk.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jkghjkhjkhjk\.pages\.dev$/i"; classtype:trojan-activity; sid:37355151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname jkghjkhjkhjk.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jkghjkhjkhjk.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jkghjkhjkhjk\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//jkghjkhjkhjk.pages.dev"; flow:to_server,established; http.header; content:"jkghjkhjkhjk.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname h3h8g78yiweh83mailsonline6t54fg77b.pages.dev"; dns.query; content:"h3h8g78yiweh83mailsonline6t54fg77b.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h3h8g78yiweh83mailsonline6t54fg77b\.pages\.dev$/i"; classtype:trojan-activity; sid:37355241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname h3h8g78yiweh83mailsonline6t54fg77b.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| h3h8g78yiweh83mailsonline6t54fg77b.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h3h8g78yiweh83mailsonline6t54fg77b\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//h3h8g78yiweh83mailsonline6t54fg77b.pages.dev"; flow:to_server,established; http.header; content:"h3h8g78yiweh83mailsonline6t54fg77b.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname btinterner92.ukit.me"; dns.query; content:"btinterner92.ukit.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinterner92\.ukit\.me$/i"; classtype:trojan-activity; sid:37355271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname btinterner92.ukit.me"; flow:to_server,established; http.header; content: "Host|3a| btinterner92.ukit.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinterner92\.ukit\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname serviceswebmaildomailnaturazetioncompititions2.pages.dev"; dns.query; content:"serviceswebmaildomailnaturazetioncompititions2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])serviceswebmaildomailnaturazetioncompititions2\.pages\.dev$/i"; classtype:trojan-activity; sid:37355301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname serviceswebmaildomailnaturazetioncompititions2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| serviceswebmaildomailnaturazetioncompititions2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])serviceswebmaildomailnaturazetioncompititions2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//serviceswebmaildomailnaturazetioncompititions2.pages.dev"; flow:to_server,established; http.header; content:"serviceswebmaildomailnaturazetioncompititions2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname vghtrtrgr.weebly.com"; dns.query; content:"vghtrtrgr.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vghtrtrgr\.weebly\.com$/i"; classtype:trojan-activity; sid:37355331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname vghtrtrgr.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| vghtrtrgr.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vghtrtrgr\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//vghtrtrgr.weebly.com"; flow:to_server,established; http.header; content:"vghtrtrgr.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usreant.com"; dns.query; content:"usreant.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usreant\.com$/i"; classtype:trojan-activity; sid:37355361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usreant.com"; flow:to_server,established; http.header; content: "Host|3a| usreant.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usreant\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usreant.com"; flow:to_server,established; http.header; content:"usreant.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspvr.top"; dns.query; content:"usp.usspvr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvr\.top$/i"; classtype:trojan-activity; sid:37355391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspvr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspvr.top"; flow:to_server,established; http.header; content:"usp.usspvr.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspsc.top"; dns.query; content:"usp.usspsc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsc\.top$/i"; classtype:trojan-activity; sid:37355421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspsc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspsc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspsc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspsc.top"; flow:to_server,established; http.header; content:"usp.usspsc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussprv.top"; dns.query; content:"usp.ussprv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprv\.top$/i"; classtype:trojan-activity; sid:37355451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussprv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussprv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.ussprv.top"; flow:to_server,established; http.header; content:"usp.ussprv.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspra.top"; dns.query; content:"usp.usspra.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspra\.top$/i"; classtype:trojan-activity; sid:37355481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspra.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspra.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspra\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspra.top"; flow:to_server,established; http.header; content:"usp.usspra.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussppl.top"; dns.query; content:"usp.ussppl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppl\.top$/i"; classtype:trojan-activity; sid:37355511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussppl.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.ussppl.top"; flow:to_server,established; http.header; content:"usp.ussppl.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussppk.top"; dns.query; content:"usp.ussppk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppk\.top$/i"; classtype:trojan-activity; sid:37355541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussppk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.ussppk.top"; flow:to_server,established; http.header; content:"usp.ussppk.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussppj.top"; dns.query; content:"usp.ussppj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppj\.top$/i"; classtype:trojan-activity; sid:37355571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussppj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.ussppj.top"; flow:to_server,established; http.header; content:"usp.ussppj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussppg.top"; dns.query; content:"usp.ussppg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppg\.top$/i"; classtype:trojan-activity; sid:37355601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussppg.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.ussppg.top"; flow:to_server,established; http.header; content:"usp.ussppg.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussppc.top"; dns.query; content:"usp.ussppc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppc\.top$/i"; classtype:trojan-activity; sid:37355631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussppc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.ussppc.top"; flow:to_server,established; http.header; content:"usp.ussppc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussppb.top"; dns.query; content:"usp.ussppb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppb\.top$/i"; classtype:trojan-activity; sid:37355661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussppb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.ussppb.top"; flow:to_server,established; http.header; content:"usp.ussppb.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspol.top"; dns.query; content:"usp.usspol.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspol\.top$/i"; classtype:trojan-activity; sid:37355691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspol.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspol.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspol\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspol.top"; flow:to_server,established; http.header; content:"usp.usspol.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspnj.top"; dns.query; content:"usp.usspnj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnj\.top$/i"; classtype:trojan-activity; sid:37355721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspnj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspnj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspnj.top"; flow:to_server,established; http.header; content:"usp.usspnj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspmu.top"; dns.query; content:"usp.usspmu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspmu\.top$/i"; classtype:trojan-activity; sid:37355751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspmu.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspmu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspmu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspmu.top"; flow:to_server,established; http.header; content:"usp.usspmu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspmp.top"; dns.query; content:"usp.usspmp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspmp\.top$/i"; classtype:trojan-activity; sid:37355781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspmp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspmp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspmp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspmp.top"; flow:to_server,established; http.header; content:"usp.usspmp.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspln.top"; dns.query; content:"usp.usspln.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspln\.top$/i"; classtype:trojan-activity; sid:37355811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspln.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspln.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspln\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspln.top"; flow:to_server,established; http.header; content:"usp.usspln.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspld.top"; dns.query; content:"usp.usspld.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspld\.top$/i"; classtype:trojan-activity; sid:37355841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspld.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspld.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspld\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspld.top"; flow:to_server,established; http.header; content:"usp.usspld.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspit.top"; dns.query; content:"usp.usspit.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspit\.top$/i"; classtype:trojan-activity; sid:37355871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspit.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspit.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspit\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspit.top"; flow:to_server,established; http.header; content:"usp.usspit.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspin.top"; dns.query; content:"usp.usspin.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspin\.top$/i"; classtype:trojan-activity; sid:37355901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspin.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspin.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspin\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspin.top"; flow:to_server,established; http.header; content:"usp.usspin.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussphy.top"; dns.query; content:"usp.ussphy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussphy\.top$/i"; classtype:trojan-activity; sid:37355931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussphy.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussphy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussphy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.ussphy.top"; flow:to_server,established; http.header; content:"usp.ussphy.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.ussphr.top"; dns.query; content:"usp.ussphr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussphr\.top$/i"; classtype:trojan-activity; sid:37355961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.ussphr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussphr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussphr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.ussphr.top"; flow:to_server,established; http.header; content:"usp.ussphr.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37355971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspek.top"; dns.query; content:"usp.usspek.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspek\.top$/i"; classtype:trojan-activity; sid:37355991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspek.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspek.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspek\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37355992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspek.top"; flow:to_server,established; http.header; content:"usp.usspek.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37356001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspeb.top"; dns.query; content:"usp.usspeb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspeb\.top$/i"; classtype:trojan-activity; sid:37356021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspeb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspeb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspeb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspeb.top"; flow:to_server,established; http.header; content:"usp.usspeb.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37356031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp-sv.top"; dns.query; content:"usp-sv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\-sv\.top$/i"; classtype:trojan-activity; sid:37356051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp-sv.top"; flow:to_server,established; http.header; content: "Host|3a| usp-sv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\-sv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp-sv.top/update"; flow:to_server,established; http.header; content:"usp-sv.top"; fast_pattern; nocase; http.uri; content:"/update"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37356061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspcd.top"; dns.query; content:"usp.usspcd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspcd\.top$/i"; classtype:trojan-activity; sid:37356081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspcd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspcd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspcd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usp.usspcd.top"; flow:to_server,established; http.header; content:"usp.usspcd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37356091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usps.posthelpsz.com"; dns.query; content:"usps.posthelpsz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.posthelpsz\.com$/i"; classtype:trojan-activity; sid:37356111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usps.posthelpsz.com"; flow:to_server,established; http.header; content: "Host|3a| usps.posthelpsz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.posthelpsz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//usps.posthelpsz.com"; flow:to_server,established; http.header; content:"usps.posthelpsz.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37356121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspo.usspms.top"; dns.query; content:"uspo.usspms.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspms\.top$/i"; classtype:trojan-activity; sid:37356141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspo.usspms.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspms.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspms\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//uspo.usspms.top/pg?do=index"; flow:to_server,established; http.header; content:"uspo.usspms.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37356151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname worker-rapid-mountain-ed9d.llundy.workers.dev"; dns.query; content:"worker-rapid-mountain-ed9d.llundy.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-rapid\-mountain\-ed9d\.llundy\.workers\.dev$/i"; classtype:trojan-activity; sid:37356171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname worker-rapid-mountain-ed9d.llundy.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-rapid-mountain-ed9d.llundy.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-rapid\-mountain\-ed9d\.llundy\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname worker-round-rice-9b00.jeffkashmier.workers.dev"; dns.query; content:"worker-round-rice-9b00.jeffkashmier.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-round\-rice\-9b00\.jeffkashmier\.workers\.dev$/i"; classtype:trojan-activity; sid:37356201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname worker-round-rice-9b00.jeffkashmier.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-round-rice-9b00.jeffkashmier.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-round\-rice\-9b00\.jeffkashmier\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname wah-bn5.pages.dev"; dns.query; content:"wah-bn5.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wah\-bn5\.pages\.dev$/i"; classtype:trojan-activity; sid:37356231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname wah-bn5.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| wah-bn5.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wah\-bn5\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname fhhhj.cyou"; dns.query; content:"fhhhj.cyou"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fhhhj\.cyou$/i"; classtype:trojan-activity; sid:37356261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname fhhhj.cyou"; flow:to_server,established; http.header; content: "Host|3a| fhhhj.cyou"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fhhhj\.cyou[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//fhhhj.cyou"; flow:to_server,established; http.header; content:"fhhhj.cyou"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37356271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspvr.top"; dns.query; content:"usp.usspvr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvr\.top$/i"; classtype:trojan-activity; sid:37356291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspvr.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.uspsck.top"; dns.query; content:"usp.uspsck.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsck\.top$/i"; classtype:trojan-activity; sid:37356321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.uspsck.top"; flow:to_server,established; http.header; content: "Host|3a| usp.uspsck.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsck\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usp.usspvm.top"; dns.query; content:"usp.usspvm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvm\.top$/i"; classtype:trojan-activity; sid:37356351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usp.usspvm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usps.uspsxt.com"; dns.query; content:"usps.uspsxt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.uspsxt\.com$/i"; classtype:trojan-activity; sid:37356381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usps.uspsxt.com"; flow:to_server,established; http.header; content: "Host|3a| usps.uspsxt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.uspsxt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspo.usspqk.top"; dns.query; content:"uspo.usspqk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspqk\.top$/i"; classtype:trojan-activity; sid:37356411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspo.usspqk.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspqk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspqk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspo.ussphs.top"; dns.query; content:"uspo.ussphs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphs\.top$/i"; classtype:trojan-activity; sid:37356441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspo.ussphs.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspo.ussphd.top"; dns.query; content:"uspo.ussphd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphd\.top$/i"; classtype:trojan-activity; sid:37356471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspo.ussphd.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname sukumaransgroup.com"; dns.query; content:"sukumaransgroup.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sukumaransgroup\.com$/i"; classtype:trojan-activity; sid:37356501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname sukumaransgroup.com"; flow:to_server,established; http.header; content: "Host|3a| sukumaransgroup.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sukumaransgroup\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//sukumaransgroup.com/wp-admin/js/widgets/media-widgets/index.html"; flow:to_server,established; http.header; content:"sukumaransgroup.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/js/widgets/media-widgets/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37356511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname trustwalletrestore.alpha-tti.org"; dns.query; content:"trustwalletrestore.alpha-tti.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trustwalletrestore\.alpha\-tti\.org$/i"; classtype:trojan-activity; sid:37356531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname trustwalletrestore.alpha-tti.org"; flow:to_server,established; http.header; content: "Host|3a| trustwalletrestore.alpha-tti.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trustwalletrestore\.alpha\-tti\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname trhj.pages.dev"; dns.query; content:"trhj.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trhj\.pages\.dev$/i"; classtype:trojan-activity; sid:37356561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname trhj.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| trhj.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trhj\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname shijigroup.com-ymyykhurmrt80ozvr5by.ymyykhurmrt80ozvr5by.manxttrider.com"; dns.query; content:"shijigroup.com-ymyykhurmrt80ozvr5by.ymyykhurmrt80ozvr5by.manxttrider.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shijigroup\.com\-ymyykhurmrt80ozvr5by\.ymyykhurmrt80ozvr5by\.manxttrider\.com$/i"; classtype:trojan-activity; sid:37356591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname shijigroup.com-ymyykhurmrt80ozvr5by.ymyykhurmrt80ozvr5by.manxttrider.com"; flow:to_server,established; http.header; content: "Host|3a| shijigroup.com-ymyykhurmrt80ozvr5by.ymyykhurmrt80ozvr5by.manxttrider.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shijigroup\.com\-ymyykhurmrt80ozvr5by\.ymyykhurmrt80ozvr5by\.manxttrider\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37356621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37356651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37356681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37356711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37356741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname scandal-awek-hijab.viral-telegram.com"; dns.query; content:"scandal-awek-hijab.viral-telegram.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scandal\-awek\-hijab\.viral\-telegram\.com$/i"; classtype:trojan-activity; sid:37356771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname scandal-awek-hijab.viral-telegram.com"; flow:to_server,established; http.header; content: "Host|3a| scandal-awek-hijab.viral-telegram.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scandal\-awek\-hijab\.viral\-telegram\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname redirectblacknguwelittss.pages.dev"; dns.query; content:"redirectblacknguwelittss.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redirectblacknguwelittss\.pages\.dev$/i"; classtype:trojan-activity; sid:37356801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname redirectblacknguwelittss.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| redirectblacknguwelittss.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redirectblacknguwelittss\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname pemulihanfacebook2342.from36.biz.id"; dns.query; content:"pemulihanfacebook2342.from36.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pemulihanfacebook2342\.from36\.biz\.id$/i"; classtype:trojan-activity; sid:37356831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname pemulihanfacebook2342.from36.biz.id"; flow:to_server,established; http.header; content: "Host|3a| pemulihanfacebook2342.from36.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pemulihanfacebook2342\.from36\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname paulnemlin.com"; dns.query; content:"paulnemlin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])paulnemlin\.com$/i"; classtype:trojan-activity; sid:37356861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname paulnemlin.com"; flow:to_server,established; http.header; content: "Host|3a| paulnemlin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])paulnemlin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname offpant.pages.dev"; dns.query; content:"offpant.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])offpant\.pages\.dev$/i"; classtype:trojan-activity; sid:37356891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname offpant.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| offpant.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])offpant\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname offpant.pages.dev"; dns.query; content:"offpant.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])offpant\.pages\.dev$/i"; classtype:trojan-activity; sid:37356921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname offpant.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| offpant.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])offpant\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname notify-disposal-ads-0945.netlify.app"; dns.query; content:"notify-disposal-ads-0945.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])notify\-disposal\-ads\-0945\.netlify\.app$/i"; classtype:trojan-activity; sid:37356951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname notify-disposal-ads-0945.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| notify-disposal-ads-0945.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])notify\-disposal\-ads\-0945\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname nhv5.pages.dev"; dns.query; content:"nhv5.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nhv5\.pages\.dev$/i"; classtype:trojan-activity; sid:37356981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname nhv5.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nhv5.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nhv5\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37356982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname news.trcmaine.org"; dns.query; content:"news.trcmaine.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])news\.trcmaine\.org$/i"; classtype:trojan-activity; sid:37357011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname news.trcmaine.org"; flow:to_server,established; http.header; content: "Host|3a| news.trcmaine.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])news\.trcmaine\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname netflixx.xyz"; dns.query; content:"netflixx.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netflixx\.xyz$/i"; classtype:trojan-activity; sid:37357041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname netflixx.xyz"; flow:to_server,established; http.header; content: "Host|3a| netflixx.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netflixx\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname mungtgsndj.weebly.com"; dns.query; content:"mungtgsndj.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mungtgsndj\.weebly\.com$/i"; classtype:trojan-activity; sid:37357071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname mungtgsndj.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| mungtgsndj.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mungtgsndj\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname mikea.pages.dev"; dns.query; content:"mikea.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mikea\.pages\.dev$/i"; classtype:trojan-activity; sid:37357101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname mikea.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| mikea.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mikea\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname melodious-melba-ab4ed9.netlify.app"; dns.query; content:"melodious-melba-ab4ed9.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])melodious\-melba\-ab4ed9\.netlify\.app$/i"; classtype:trojan-activity; sid:37357131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname melodious-melba-ab4ed9.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| melodious-melba-ab4ed9.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])melodious\-melba\-ab4ed9\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname smgases.com"; dns.query; content:"smgases.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smgases\.com$/i"; classtype:trojan-activity; sid:37357161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname smgases.com"; flow:to_server,established; http.header; content: "Host|3a| smgases.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smgases\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//smgases.com/off/indexnew.html"; flow:to_server,established; http.header; content:"smgases.com"; fast_pattern; nocase; http.uri; content:"/off/indexnew.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname memeksalto.com"; dns.query; content:"memeksalto.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])memeksalto\.com$/i"; classtype:trojan-activity; sid:37357191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname memeksalto.com"; flow:to_server,established; http.header; content: "Host|3a| memeksalto.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])memeksalto\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname mcshort.link"; dns.query; content:"mcshort.link"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mcshort\.link$/i"; classtype:trojan-activity; sid:37357221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname mcshort.link"; flow:to_server,established; http.header; content: "Host|3a| mcshort.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mcshort\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname live-loan-syariah.bizneet.my.id"; dns.query; content:"live-loan-syariah.bizneet.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-loan\-syariah\.bizneet\.my\.id$/i"; classtype:trojan-activity; sid:37357251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname live-loan-syariah.bizneet.my.id"; flow:to_server,established; http.header; content: "Host|3a| live-loan-syariah.bizneet.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-loan\-syariah\.bizneet\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname juliamex.com"; dns.query; content:"juliamex.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])juliamex\.com$/i"; classtype:trojan-activity; sid:37357281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname juliamex.com"; flow:to_server,established; http.header; content: "Host|3a| juliamex.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])juliamex\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname informacja-reklamacja.netlify.app"; dns.query; content:"informacja-reklamacja.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informacja\-reklamacja\.netlify\.app$/i"; classtype:trojan-activity; sid:37357311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname informacja-reklamacja.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| informacja-reklamacja.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informacja\-reklamacja\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname dlu-quekabutiiiyee.com"; dns.query; content:"dlu-quekabutiiiyee.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dlu\-quekabutiiiyee\.com$/i"; classtype:trojan-activity; sid:37357341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname dlu-quekabutiiiyee.com"; flow:to_server,established; http.header; content: "Host|3a| dlu-quekabutiiiyee.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dlu\-quekabutiiiyee\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//dlu-quekabutiiiyee.com"; flow:to_server,established; http.header; content:"dlu-quekabutiiiyee.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname frosty-document-5022.dscgs8xo.workers.dev"; dns.query; content:"frosty-document-5022.dscgs8xo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev$/i"; classtype:trojan-activity; sid:37357371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname frosty-document-5022.dscgs8xo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| frosty-document-5022.dscgs8xo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname frosty-document-5022.dscgs8xo.workers.dev"; dns.query; content:"frosty-document-5022.dscgs8xo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev$/i"; classtype:trojan-activity; sid:37357401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname frosty-document-5022.dscgs8xo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| frosty-document-5022.dscgs8xo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname fix-advertisement-errors-cebab6.netlify.app"; dns.query; content:"fix-advertisement-errors-cebab6.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fix\-advertisement\-errors\-cebab6\.netlify\.app$/i"; classtype:trojan-activity; sid:37357431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname fix-advertisement-errors-cebab6.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| fix-advertisement-errors-cebab6.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fix\-advertisement\-errors\-cebab6\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname d0ocs-ow-9c42.nganarxnksoroo.workers.dev"; dns.query; content:"d0ocs-ow-9c42.nganarxnksoroo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d0ocs\-ow\-9c42\.nganarxnksoroo\.workers\.dev$/i"; classtype:trojan-activity; sid:37357461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname d0ocs-ow-9c42.nganarxnksoroo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| d0ocs-ow-9c42.nganarxnksoroo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d0ocs\-ow\-9c42\.nganarxnksoroo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37357491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname breezy-glorious-mulberry.glitch.me"; dns.query; content:"breezy-glorious-mulberry.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])breezy\-glorious\-mulberry\.glitch\.me$/i"; classtype:trojan-activity; sid:37357521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname breezy-glorious-mulberry.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| breezy-glorious-mulberry.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])breezy\-glorious\-mulberry\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname scandal-melayu.viral-telegram.com"; dns.query; content:"scandal-melayu.viral-telegram.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scandal\-melayu\.viral\-telegram\.com$/i"; classtype:trojan-activity; sid:37357551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname scandal-melayu.viral-telegram.com"; flow:to_server,established; http.header; content: "Host|3a| scandal-melayu.viral-telegram.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scandal\-melayu\.viral\-telegram\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//scandal-melayu.viral-telegram.com"; flow:to_server,established; http.header; content:"scandal-melayu.viral-telegram.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegram-sites.com"; dns.query; content:"telegram-sites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sites\.com$/i"; classtype:trojan-activity; sid:37357581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegram-sites.com"; flow:to_server,established; http.header; content: "Host|3a| telegram-sites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname assistance-for-ad-content-optimiza-s9.netlify.app"; dns.query; content:"assistance-for-ad-content-optimiza-s9.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])assistance\-for\-ad\-content\-optimiza\-s9\.netlify\.app$/i"; classtype:trojan-activity; sid:37357611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname assistance-for-ad-content-optimiza-s9.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| assistance-for-ad-content-optimiza-s9.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])assistance\-for\-ad\-content\-optimiza\-s9\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 420tripping.com"; dns.query; content:"420tripping.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])420tripping\.com$/i"; classtype:trojan-activity; sid:37357641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 420tripping.com"; flow:to_server,established; http.header; content: "Host|3a| 420tripping.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])420tripping\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname redirect.jscript.workers.dev"; dns.query; content:"redirect.jscript.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redirect\.jscript\.workers\.dev$/i"; classtype:trojan-activity; sid:37357671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname redirect.jscript.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| redirect.jscript.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redirect\.jscript\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//redirect.jscript.workers.dev"; flow:to_server,established; http.header; content:"redirect.jscript.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname postesaa.com"; dns.query; content:"postesaa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])postesaa\.com$/i"; classtype:trojan-activity; sid:37357701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname postesaa.com"; flow:to_server,established; http.header; content: "Host|3a| postesaa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])postesaa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//postesaa.com/update"; flow:to_server,established; http.header; content:"postesaa.com"; fast_pattern; nocase; http.uri; content:"/update"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname nathanandcandy.com"; dns.query; content:"nathanandcandy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nathanandcandy\.com$/i"; classtype:trojan-activity; sid:37357731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname nathanandcandy.com"; flow:to_server,established; http.header; content: "Host|3a| nathanandcandy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nathanandcandy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//nathanandcandy.com/broad"; flow:to_server,established; http.header; content:"nathanandcandy.com"; fast_pattern; nocase; http.uri; content:"/broad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname mzt.xjy.mybluehost.me"; dns.query; content:"mzt.xjy.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mzt\.xjy\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37357761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname mzt.xjy.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| mzt.xjy.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mzt\.xjy\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//mzt.xjy.mybluehost.me/vdq/L"; flow:to_server,established; http.header; content:"mzt.xjy.mybluehost.me"; fast_pattern; nocase; http.uri; content:"/vdq/L"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname guidance-for-effective-ad-budgetin-u6.netlify.app"; dns.query; content:"guidance-for-effective-ad-budgetin-u6.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])guidance\-for\-effective\-ad\-budgetin\-u6\.netlify\.app$/i"; classtype:trojan-activity; sid:37357791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname guidance-for-effective-ad-budgetin-u6.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| guidance-for-effective-ad-budgetin-u6.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])guidance\-for\-effective\-ad\-budgetin\-u6\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//guidance-for-effective-ad-budgetin-u6.netlify.app"; flow:to_server,established; http.header; content:"guidance-for-effective-ad-budgetin-u6.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname ff-menmber-garena.vn"; dns.query; content:"ff-menmber-garena.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\-menmber\-garena\.vn$/i"; classtype:trojan-activity; sid:37357821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname ff-menmber-garena.vn"; flow:to_server,established; http.header; content: "Host|3a| ff-menmber-garena.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\-menmber\-garena\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//ff-menmber-garena.vn/JMkgMMFfTxTl2sasQzQY7KZgqsIq3wunMEfExlL8l30uXRBRIlXi0F797d9EDy4F981xmeIpz7AtaXfBjWpm7zILFXQilWIM0u0T_index"; flow:to_server,established; http.header; content:"ff-menmber-garena.vn"; fast_pattern; nocase; http.uri; content:"/JMkgMMFfTxTl2sasQzQY7KZgqsIq3wunMEfExlL8l30uXRBRIlXi0F797d9EDy4F981xmeIpz7AtaXfBjWpm7zILFXQilWIM0u0T_index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname dandcing-sunddae-63dac4d.netlify.app"; dns.query; content:"dandcing-sunddae-63dac4d.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dandcing\-sunddae\-63dac4d\.netlify\.app$/i"; classtype:trojan-activity; sid:37357851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname dandcing-sunddae-63dac4d.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| dandcing-sunddae-63dac4d.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dandcing\-sunddae\-63dac4d\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//dandcing-sunddae-63dac4d.netlify.app"; flow:to_server,established; http.header; content:"dandcing-sunddae-63dac4d.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeifgkpsuhq4sbwcpc2dniethatdbtv4wm2ijmgq3ccld5nehlsy4va"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeifgkpsuhq4sbwcpc2dniethatdbtv4wm2ijmgq3ccld5nehlsy4va"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname saham.www1.biz"; dns.query; content:"saham.www1.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])saham\.www1\.biz$/i"; classtype:trojan-activity; sid:37357911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname saham.www1.biz"; flow:to_server,established; http.header; content: "Host|3a| saham.www1.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])saham\.www1\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeibsfi5bwpxqqukgwrn7kfbdktwjlswcvghhnrsldycpura2w3vrd4"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeibsfi5bwpxqqukgwrn7kfbdktwjlswcvghhnrsldycpura2w3vrd4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname jhhxs.icu"; dns.query; content:"jhhxs.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhhxs\.icu$/i"; classtype:trojan-activity; sid:37357971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname jhhxs.icu"; flow:to_server,established; http.header; content: "Host|3a| jhhxs.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhhxs\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37357972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//jhhxs.icu"; flow:to_server,established; http.header; content:"jhhxs.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37357981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tstmm.pages.dev"; dns.query; content:"tstmm.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tstmm\.pages\.dev$/i"; classtype:trojan-activity; sid:37358001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tstmm.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| tstmm.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tstmm\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tstmm.pages.dev"; flow:to_server,established; http.header; content:"tstmm.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname weqpo.cyou"; dns.query; content:"weqpo.cyou"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])weqpo\.cyou$/i"; classtype:trojan-activity; sid:37358031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname weqpo.cyou"; flow:to_server,established; http.header; content: "Host|3a| weqpo.cyou"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])weqpo\.cyou[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//weqpo.cyou"; flow:to_server,established; http.header; content:"weqpo.cyou"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tgadminuser.webapt.vip"; dns.query; content:"tgadminuser.webapt.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webapt\.vip$/i"; classtype:trojan-activity; sid:37358061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tgadminuser.webapt.vip"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.webapt.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webapt\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname cars4.ru"; dns.query; content:"cars4.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cars4\.ru$/i"; classtype:trojan-activity; sid:37358091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname cars4.ru"; flow:to_server,established; http.header; content: "Host|3a| cars4.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cars4\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//cars4.ru/tme"; flow:to_server,established; http.header; content:"cars4.ru"; fast_pattern; nocase; http.uri; content:"/tme"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname selectorpreoccupy.info"; dns.query; content:"selectorpreoccupy.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])selectorpreoccupy\.info$/i"; classtype:trojan-activity; sid:37358121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname selectorpreoccupy.info"; flow:to_server,established; http.header; content: "Host|3a| selectorpreoccupy.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])selectorpreoccupy\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//selectorpreoccupy.info"; flow:to_server,established; http.header; content:"selectorpreoccupy.info"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telesexdatingfree.pages.dev"; dns.query; content:"telesexdatingfree.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telesexdatingfree\.pages\.dev$/i"; classtype:trojan-activity; sid:37358151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telesexdatingfree.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telesexdatingfree.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telesexdatingfree\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//telesexdatingfree.pages.dev"; flow:to_server,established; http.header; content:"telesexdatingfree.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname inuouo.com"; dns.query; content:"inuouo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inuouo\.com$/i"; classtype:trojan-activity; sid:37358181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname inuouo.com"; flow:to_server,established; http.header; content: "Host|3a| inuouo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inuouo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//inuouo.com"; flow:to_server,established; http.header; content:"inuouo.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname blockchaindappserver.pages.dev"; dns.query; content:"blockchaindappserver.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchaindappserver\.pages\.dev$/i"; classtype:trojan-activity; sid:37358241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname blockchaindappserver.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchaindappserver.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchaindappserver\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//blockchaindappserver.pages.dev"; flow:to_server,established; http.header; content:"blockchaindappserver.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uyuyuy-105758.weeblysite.com"; dns.query; content:"uyuyuy-105758.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uyuyuy\-105758\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37358271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uyuyuy-105758.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| uyuyuy-105758.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uyuyuy\-105758\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname cchjk.pages.dev"; dns.query; content:"cchjk.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cchjk\.pages\.dev$/i"; classtype:trojan-activity; sid:37358301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname cchjk.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| cchjk.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cchjk\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//cchjk.pages.dev"; flow:to_server,established; http.header; content:"cchjk.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname webmail-107911-108015.weeblysite.com"; dns.query; content:"webmail-107911-108015.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\-107911\-108015\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37358331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname webmail-107911-108015.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| webmail-107911-108015.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\-107911\-108015\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname cakeresume.com"; dns.query; content:"cakeresume.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cakeresume\.com$/i"; classtype:trojan-activity; sid:37358361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname cakeresume.com"; flow:to_server,established; http.header; content: "Host|3a| cakeresume.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cakeresume\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname oujvx.pages.dev"; dns.query; content:"oujvx.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oujvx\.pages\.dev$/i"; classtype:trojan-activity; sid:37358391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname oujvx.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| oujvx.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oujvx\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//oujvx.pages.dev"; flow:to_server,established; http.header; content:"oujvx.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname dlu-quekabutiiyee.com"; dns.query; content:"dlu-quekabutiiyee.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dlu\-quekabutiiyee\.com$/i"; classtype:trojan-activity; sid:37358421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname dlu-quekabutiiyee.com"; flow:to_server,established; http.header; content: "Host|3a| dlu-quekabutiiyee.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dlu\-quekabutiiyee\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//dlu-quekabutiiyee.com"; flow:to_server,established; http.header; content:"dlu-quekabutiiyee.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname lnk.to"; dns.query; content:"lnk.to"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnk\.to$/i"; classtype:trojan-activity; sid:37358451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname lnk.to"; flow:to_server,established; http.header; content: "Host|3a| lnk.to"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnk\.to[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uprc02.pages.dev"; dns.query; content:"uprc02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uprc02\.pages\.dev$/i"; classtype:trojan-activity; sid:37358481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uprc02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| uprc02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uprc02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//uprc02.pages.dev"; flow:to_server,established; http.header; content:"uprc02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname votearabasiastariz.pages.dev"; dns.query; content:"votearabasiastariz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])votearabasiastariz\.pages\.dev$/i"; classtype:trojan-activity; sid:37358511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname votearabasiastariz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| votearabasiastariz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])votearabasiastariz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//votearabasiastariz.pages.dev"; flow:to_server,established; http.header; content:"votearabasiastariz.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tp17.net"; dns.query; content:"tp17.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp17\.net$/i"; classtype:trojan-activity; sid:37358541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tp17.net"; flow:to_server,established; http.header; content: "Host|3a| tp17.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp17\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tokajp.app"; dns.query; content:"tokajp.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokajp\.app$/i"; classtype:trojan-activity; sid:37358571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tokajp.app"; flow:to_server,established; http.header; content: "Host|3a| tokajp.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokajp\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tokajp.app"; flow:to_server,established; http.header; content:"tokajp.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname zlf.pages.dev"; dns.query; content:"zlf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zlf\.pages\.dev$/i"; classtype:trojan-activity; sid:37358601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname zlf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| zlf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zlf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//zlf.pages.dev"; flow:to_server,established; http.header; content:"zlf.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname yeniy25.top"; dns.query; content:"yeniy25.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy25\.top$/i"; classtype:trojan-activity; sid:37358631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname yeniy25.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy25.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy25\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//yeniy25.top"; flow:to_server,established; http.header; content:"yeniy25.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname yeniy24.top"; dns.query; content:"yeniy24.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy24\.top$/i"; classtype:trojan-activity; sid:37358661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname yeniy24.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy24.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy24\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//yeniy24.top"; flow:to_server,established; http.header; content:"yeniy24.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspsdei.top"; dns.query; content:"uspsdei.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsdei\.top$/i"; classtype:trojan-activity; sid:37358691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspsdei.top"; flow:to_server,established; http.header; content: "Host|3a| uspsdei.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsdei\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//uspsdei.top"; flow:to_server,established; http.header; content:"uspsdei.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspsdha.top"; dns.query; content:"uspsdha.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsdha\.top$/i"; classtype:trojan-activity; sid:37358721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspsdha.top"; flow:to_server,established; http.header; content: "Host|3a| uspsdha.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsdha\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//uspsdha.top"; flow:to_server,established; http.header; content:"uspsdha.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspsdea.top"; dns.query; content:"uspsdea.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsdea\.top$/i"; classtype:trojan-activity; sid:37358751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspsdea.top"; flow:to_server,established; http.header; content: "Host|3a| uspsdea.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsdea\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//uspsdea.top"; flow:to_server,established; http.header; content:"uspsdea.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname uspsdet.top"; dns.query; content:"uspsdet.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsdet\.top$/i"; classtype:trojan-activity; sid:37358781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname uspsdet.top"; flow:to_server,established; http.header; content: "Host|3a| uspsdet.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsdet\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//uspsdet.top"; flow:to_server,established; http.header; content:"uspsdet.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname violationjunction.net"; dns.query; content:"violationjunction.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])violationjunction\.net$/i"; classtype:trojan-activity; sid:37358841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname violationjunction.net"; flow:to_server,established; http.header; content: "Host|3a| violationjunction.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])violationjunction\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//violationjunction.net"; flow:to_server,established; http.header; content:"violationjunction.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname appdefi.net"; dns.query; content:"appdefi.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appdefi\.net$/i"; classtype:trojan-activity; sid:37358871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname appdefi.net"; flow:to_server,established; http.header; content: "Host|3a| appdefi.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appdefi\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//appdefi.net"; flow:to_server,established; http.header; content:"appdefi.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tokenpocket-tpmoe.com"; dns.query; content:"tokenpocket-tpmoe.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpmoe\.com$/i"; classtype:trojan-activity; sid:37358901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tokenpocket-tpmoe.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpocket-tpmoe.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpmoe\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tokenpocket-tpmoe.com"; flow:to_server,established; http.header; content:"tokenpocket-tpmoe.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37358911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname web.telegrann-bt.com"; dns.query; content:"web.telegrann-bt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrann\-bt\.com$/i"; classtype:trojan-activity; sid:37358961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname web.telegrann-bt.com"; flow:to_server,established; http.header; content: "Host|3a| web.telegrann-bt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrann\-bt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegrem-s.com"; dns.query; content:"telegrem-s.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-s\.com$/i"; classtype:trojan-activity; sid:37358991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegrem-s.com"; flow:to_server,established; http.header; content: "Host|3a| telegrem-s.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-s\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37358992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//telegrem-s.com"; flow:to_server,established; http.header; content:"telegrem-s.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37359001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname telegrann-bt.com"; dns.query; content:"telegrann-bt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrann\-bt\.com$/i"; classtype:trojan-activity; sid:37359021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname telegrann-bt.com"; flow:to_server,established; http.header; content: "Host|3a| telegrann-bt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrann\-bt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//telegrann-bt.com"; flow:to_server,established; http.header; content:"telegrann-bt.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37359031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname poost.com.mx"; dns.query; content:"poost.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])poost\.com\.mx$/i"; classtype:trojan-activity; sid:37359051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname poost.com.mx"; flow:to_server,established; http.header; content: "Host|3a| poost.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])poost\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname crcovid.mtsi-test.com"; dns.query; content:"crcovid.mtsi-test.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crcovid\.mtsi\-test\.com$/i"; classtype:trojan-activity; sid:37359081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname crcovid.mtsi-test.com"; flow:to_server,established; http.header; content: "Host|3a| crcovid.mtsi-test.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crcovid\.mtsi\-test\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname nezproswiisepass.web.app"; dns.query; content:"nezproswiisepass.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nezproswiisepass\.web\.app$/i"; classtype:trojan-activity; sid:37359111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname nezproswiisepass.web.app"; flow:to_server,established; http.header; content: "Host|3a| nezproswiisepass.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nezproswiisepass\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname tokznp02kot.pro"; dns.query; content:"tokznp02kot.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokznp02kot\.pro$/i"; classtype:trojan-activity; sid:37359141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname tokznp02kot.pro"; flow:to_server,established; http.header; content: "Host|3a| tokznp02kot.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokznp02kot\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//tokznp02kot.pro"; flow:to_server,established; http.header; content:"tokznp02kot.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37359151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname yeniy22.top"; dns.query; content:"yeniy22.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy22\.top$/i"; classtype:trojan-activity; sid:37359201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname yeniy22.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy22.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy22\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//yeniy22.top"; flow:to_server,established; http.header; content:"yeniy22.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37359211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname yeniy23.top"; dns.query; content:"yeniy23.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy23\.top$/i"; classtype:trojan-activity; sid:37359231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname yeniy23.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy23.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy23\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//yeniy23.top"; flow:to_server,established; http.header; content:"yeniy23.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37359241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname ustop-customerservice.top"; dns.query; content:"ustop-customerservice.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ustop\-customerservice\.top$/i"; classtype:trojan-activity; sid:37359261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname ustop-customerservice.top"; flow:to_server,established; http.header; content: "Host|3a| ustop-customerservice.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ustop\-customerservice\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//ustop-customerservice.top"; flow:to_server,established; http.header; content:"ustop-customerservice.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37359271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> 58.178.254.226 59855 (msg: "MISP e25715 [] Outgoing URL http|3a|//58.178.254.226|3a|59855/i"; flow:to_server,established; http.header; content:"58.178.254.226"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 58.178.254.226 59855 (msg: "MISP e25715 [] Outgoing URL http|3a|//58.178.254.226|3a|59855/bin.sh"; flow:to_server,established; http.header; content:"58.178.254.226"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 42.239.228.233 34085 (msg: "MISP e25715 [] Outgoing URL http|3a|//42.239.228.233|3a|34085/bin.sh"; flow:to_server,established; http.header; content:"42.239.228.233"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36987991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 117.217.38.170 40272 (msg: "MISP e25715 [] Outgoing URL http|3a|//117.217.38.170|3a|40272/Mozi.m"; flow:to_server,established; http.header; content:"117.217.38.170"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 117.196.8.195 34496 (msg: "MISP e25715 [] Outgoing URL http|3a|//117.196.8.195|3a|34496/bin.sh"; flow:to_server,established; http.header; content:"117.196.8.195"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 115.50.209.250 54484 (msg: "MISP e25715 [] Outgoing URL http|3a|//115.50.209.250|3a|54484/bin.sh"; flow:to_server,established; http.header; content:"115.50.209.250"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 115.201.136.175 36694 (msg: "MISP e25715 [] Outgoing URL http|3a|//115.201.136.175|3a|36694/Mozi.m"; flow:to_server,established; http.header; content:"115.201.136.175"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 219.157.61.86 49654 (msg: "MISP e25715 [] Outgoing URL http|3a|//219.157.61.86|3a|49654/bin.sh"; flow:to_server,established; http.header; content:"219.157.61.86"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 219.157.61.86 49654 (msg: "MISP e25715 [] Outgoing URL http|3a|//219.157.61.86|3a|49654/"; flow:to_server,established; http.header; content:"219.157.61.86"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 182.127.128.71 38783 (msg: "MISP e25715 [] Outgoing URL http|3a|//182.127.128.71|3a|38783/Mozi.m"; flow:to_server,established; http.header; content:"182.127.128.71"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 117.211.210.70 44708 (msg: "MISP e25715 [] Outgoing URL http|3a|//117.211.210.70|3a|44708/Mozi.m"; flow:to_server,established; http.header; content:"117.211.210.70"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 221.15.213.69 53813 (msg: "MISP e25715 [] Outgoing URL http|3a|//221.15.213.69|3a|53813/Mozi.m"; flow:to_server,established; http.header; content:"221.15.213.69"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 182.113.23.63 37108 (msg: "MISP e25715 [] Outgoing URL http|3a|//182.113.23.63|3a|37108/i"; flow:to_server,established; http.header; content:"182.113.23.63"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 118.174.107.61 35797 (msg: "MISP e25715 [] Outgoing URL http|3a|//118.174.107.61|3a|35797/Mozi.m"; flow:to_server,established; http.header; content:"118.174.107.61"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 117.248.18.79 38889 (msg: "MISP e25715 [] Outgoing URL http|3a|//117.248.18.79|3a|38889/Mozi.m"; flow:to_server,established; http.header; content:"117.248.18.79"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 115.55.98.54 46671 (msg: "MISP e25715 [] Outgoing URL http|3a|//115.55.98.54|3a|46671/i"; flow:to_server,established; http.header; content:"115.55.98.54"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 109.107.182.3 $HTTP_PORTS (msg: "MISP e25715 [] Outgoing URL http|3a|//109.107.182.3/cost/fu.exe"; flow:to_server,established; http.header; content:"109.107.182.3"; fast_pattern; nocase; http.uri; content:"/cost/fu.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 27.206.255.66 56391 (msg: "MISP e25715 [] Outgoing URL http|3a|//27.206.255.66|3a|56391/Mozi.m"; flow:to_server,established; http.header; content:"27.206.255.66"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 152.160.191.186 43161 (msg: "MISP e25715 [] Outgoing URL http|3a|//152.160.191.186|3a|43161/Mozi.m"; flow:to_server,established; http.header; content:"152.160.191.186"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 120.211.137.176 37880 (msg: "MISP e25715 [] Outgoing URL http|3a|//120.211.137.176|3a|37880/bin.sh"; flow:to_server,established; http.header; content:"120.211.137.176"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 117.248.59.26 50285 (msg: "MISP e25715 [] Outgoing URL http|3a|//117.248.59.26|3a|50285/bin.sh"; flow:to_server,established; http.header; content:"117.248.59.26"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 117.199.72.73 57016 (msg: "MISP e25715 [] Outgoing URL http|3a|//117.199.72.73|3a|57016/bin.sh"; flow:to_server,established; http.header; content:"117.199.72.73"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 83.182.47.217 19192 (msg: "MISP e25715 [] Outgoing URL http|3a|//83.182.47.217|3a|19192/"; flow:to_server,established; http.header; content:"83.182.47.217"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 78.71.243.96 37056 (msg: "MISP e25715 [] Outgoing URL http|3a|//78.71.243.96|3a|37056/"; flow:to_server,established; http.header; content:"78.71.243.96"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 59.89.198.16 44925 (msg: "MISP e25715 [] Outgoing URL http|3a|//59.89.198.16|3a|44925/bin.sh"; flow:to_server,established; http.header; content:"59.89.198.16"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 27.215.240.171 35415 (msg: "MISP e25715 [] Outgoing URL http|3a|//27.215.240.171|3a|35415/i"; flow:to_server,established; http.header; content:"27.215.240.171"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 222.141.122.206 42789 (msg: "MISP e25715 [] Outgoing URL http|3a|//222.141.122.206|3a|42789/Mozi.m"; flow:to_server,established; http.header; content:"222.141.122.206"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 219.156.99.241 44091 (msg: "MISP e25715 [] Outgoing URL http|3a|//219.156.99.241|3a|44091/Mozi.m"; flow:to_server,established; http.header; content:"219.156.99.241"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 182.113.23.63 37108 (msg: "MISP e25715 [] Outgoing URL http|3a|//182.113.23.63|3a|37108/bin.sh"; flow:to_server,established; http.header; content:"182.113.23.63"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 152.160.191.186 43161 (msg: "MISP e25715 [] Outgoing URL http|3a|//152.160.191.186|3a|43161/"; flow:to_server,established; http.header; content:"152.160.191.186"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 120.86.247.192 33364 (msg: "MISP e25715 [] Outgoing URL http|3a|//120.86.247.192|3a|33364/Mozi.m"; flow:to_server,established; http.header; content:"120.86.247.192"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 109.92.126.130 11679 (msg: "MISP e25715 [] Outgoing URL http|3a|//109.92.126.130|3a|11679/.i"; flow:to_server,established; http.header; content:"109.92.126.130"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname dash-5r0.pages.dev"; dns.query; content:"dash-5r0.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dash\-5r0\.pages\.dev$/i"; classtype:trojan-activity; sid:37359291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname dash-5r0.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dash-5r0.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dash\-5r0\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//dash-5r0.pages.dev"; flow:to_server,established; http.header; content:"dash-5r0.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37359301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25651 [] Outgoing URL http|3a|//mitarjetacencoenlinea.online/"; flow:to_server,established; http.header; content:"mitarjetacencoenlinea.online"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25651;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25651 [] Outgoing URL http|3a|//mitarjetacencoenlinea.online/1707082150/login/index.html"; flow:to_server,established; http.header; content:"mitarjetacencoenlinea.online"; fast_pattern; nocase; http.uri; content:"/1707082150/login/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36900031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25651;) alert dns any any -> any any (msg: "MISP e25651 [] Domain mitarjetacencoenlinea.online"; dns.query; content:"mitarjetacencoenlinea.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencoenlinea\.online$/i"; classtype:trojan-activity; sid:36900041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25651;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25651 [] Outgoing HTTP Domain mitarjetacencoenlinea.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mitarjetacencoenlinea.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencoenlinea\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36900042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25651;) alert ip $HOME_NET any -> 45.93.20.242 50050 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 45.93.20.242|50050"; classtype:trojan-activity; sid:36902501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 45.195.76.82 50050 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 45.195.76.82|50050"; classtype:trojan-activity; sid:36902511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 20.56.70.245 50050 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 20.56.70.245|50050"; classtype:trojan-activity; sid:36902521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 47.115.225.184 50050 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 47.115.225.184|50050"; classtype:trojan-activity; sid:36902531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 43.143.130.124 50050 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 43.143.130.124|50050"; classtype:trojan-activity; sid:36902541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 47.115.230.159 50050 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 47.115.230.159|50050"; classtype:trojan-activity; sid:36902551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 20.2.223.43 50050 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 20.2.223.43|50050"; classtype:trojan-activity; sid:36902561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 101.35.141.80 50050 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 101.35.141.80|50050"; classtype:trojan-activity; sid:36902571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 118.24.128.204 50050 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 118.24.128.204|50050"; classtype:trojan-activity; sid:36902581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 165.22.116.84 50050 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 165.22.116.84|50050"; classtype:trojan-activity; sid:36902591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 5.149.249.74 47987 (msg: "MISP e25652 [RedLineStealer] Outgoing To IP: 5.149.249.74|47987"; classtype:trojan-activity; sid:36902601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 124.220.49.74 50050 (msg: "MISP e25652 [c2,cobalt_strike] Outgoing To IP: 124.220.49.74|50050"; classtype:trojan-activity; sid:36902611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert ip $HOME_NET any -> 124.220.49.74 50050 (msg: "MISP e25873 [c2,misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 124.220.49.74|50050"; classtype:trojan-activity; sid:37031621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname le-docs-638a.formnimsska.workers.dev"; dns.query; content:"le-docs-638a.formnimsska.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])le\-docs\-638a\.formnimsska\.workers\.dev$/i"; classtype:trojan-activity; sid:37359321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname le-docs-638a.formnimsska.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| le-docs-638a.formnimsska.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])le\-docs\-638a\.formnimsska\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//le-docs-638a.formnimsska.workers.dev"; flow:to_server,established; http.header; content:"le-docs-638a.formnimsska.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37359331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname vwt.pfg.mybluehost.me"; dns.query; content:"vwt.pfg.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwt\.pfg\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37359351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname vwt.pfg.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| vwt.pfg.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwt\.pfg\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname ageotattoo.com"; dns.query; content:"ageotattoo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ageotattoo\.com$/i"; classtype:trojan-activity; sid:37359381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname ageotattoo.com"; flow:to_server,established; http.header; content: "Host|3a| ageotattoo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ageotattoo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname usdt.web3adrp.net"; dns.query; content:"usdt.web3adrp.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usdt\.web3adrp\.net$/i"; classtype:trojan-activity; sid:37359411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname usdt.web3adrp.net"; flow:to_server,established; http.header; content: "Host|3a| usdt.web3adrp.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usdt\.web3adrp\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 3000usdt.cc"; dns.query; content:"3000usdt.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3000usdt\.cc$/i"; classtype:trojan-activity; sid:37359441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 3000usdt.cc"; flow:to_server,established; http.header; content: "Host|3a| 3000usdt.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3000usdt\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname blurverse.pages.dev"; dns.query; content:"blurverse.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blurverse\.pages\.dev$/i"; classtype:trojan-activity; sid:37359471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname blurverse.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blurverse.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blurverse\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname marketplacestatus.com"; dns.query; content:"marketplacestatus.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marketplacestatus\.com$/i"; classtype:trojan-activity; sid:37359501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname marketplacestatus.com"; flow:to_server,established; http.header; content: "Host|3a| marketplacestatus.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marketplacestatus\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname rpc-metafix.pages.dev"; dns.query; content:"rpc-metafix.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rpc\-metafix\.pages\.dev$/i"; classtype:trojan-activity; sid:37359531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname rpc-metafix.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| rpc-metafix.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rpc\-metafix\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname anarchycoins.pages.dev"; dns.query; content:"anarchycoins.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anarchycoins\.pages\.dev$/i"; classtype:trojan-activity; sid:37359561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname anarchycoins.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| anarchycoins.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anarchycoins\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname stargate-app.pages.dev"; dns.query; content:"stargate-app.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stargate\-app\.pages\.dev$/i"; classtype:trojan-activity; sid:37359591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname stargate-app.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| stargate-app.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stargate\-app\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname lido-rewards.pages.dev"; dns.query; content:"lido-rewards.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lido\-rewards\.pages\.dev$/i"; classtype:trojan-activity; sid:37359621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname lido-rewards.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| lido-rewards.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lido\-rewards\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname nft-g-opensea.vercel.app"; dns.query; content:"nft-g-opensea.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nft\-g\-opensea\.vercel\.app$/i"; classtype:trojan-activity; sid:37359651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname nft-g-opensea.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| nft-g-opensea.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nft\-g\-opensea\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname lido-g8o.pages.dev"; dns.query; content:"lido-g8o.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lido\-g8o\.pages\.dev$/i"; classtype:trojan-activity; sid:37359681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname lido-g8o.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| lido-g8o.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lido\-g8o\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname 17954-coinbase.com"; dns.query; content:"17954-coinbase.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])17954\-coinbase\.com$/i"; classtype:trojan-activity; sid:37359711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname 17954-coinbase.com"; flow:to_server,established; http.header; content: "Host|3a| 17954-coinbase.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])17954\-coinbase\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname coinbase-walletconnectv4.vercel.app"; dns.query; content:"coinbase-walletconnectv4.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbase\-walletconnectv4\.vercel\.app$/i"; classtype:trojan-activity; sid:37359741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname coinbase-walletconnectv4.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| coinbase-walletconnectv4.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbase\-walletconnectv4\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname nftopenseas.vercel.app"; dns.query; content:"nftopenseas.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nftopenseas\.vercel\.app$/i"; classtype:trojan-activity; sid:37359771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname nftopenseas.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| nftopenseas.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nftopenseas\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname opensea-collab.vercel.app"; dns.query; content:"opensea-collab.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])opensea\-collab\.vercel\.app$/i"; classtype:trojan-activity; sid:37359801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname opensea-collab.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| opensea-collab.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])opensea\-collab\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname openseaio|30 78|95724798d703e87196375be5f8fhf136d862f033collect.pages.dev"; dns.query; content:"openseaio|30 78|95724798d703e87196375be5f8fhf136d862f033collect.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])openseaio\|30 78\|95724798d703e87196375be5f8fhf136d862f033collect\.pages\.dev$/i"; classtype:trojan-activity; sid:37359831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname openseaio|30 78|95724798d703e87196375be5f8fhf136d862f033collect.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| openseaio|30 78|95724798d703e87196375be5f8fhf136d862f033collect.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])openseaio\|30 78\|95724798d703e87196375be5f8fhf136d862f033collect\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname metisdao.fi"; dns.query; content:"metisdao.fi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metisdao\.fi$/i"; classtype:trojan-activity; sid:37359861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname metisdao.fi"; flow:to_server,established; http.header; content: "Host|3a| metisdao.fi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metisdao\.fi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname airbnplus.com"; dns.query; content:"airbnplus.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airbnplus\.com$/i"; classtype:trojan-activity; sid:37359891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname airbnplus.com"; flow:to_server,established; http.header; content: "Host|3a| airbnplus.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airbnplus\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname zetachain.pages.dev"; dns.query; content:"zetachain.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zetachain\.pages\.dev$/i"; classtype:trojan-activity; sid:37359921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname zetachain.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| zetachain.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zetachain\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname pixelartrfcontests.pages.dev"; dns.query; content:"pixelartrfcontests.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelartrfcontests\.pages\.dev$/i"; classtype:trojan-activity; sid:37359951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname pixelartrfcontests.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pixelartrfcontests.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelartrfcontests\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//pixelartrfcontests.pages.dev"; flow:to_server,established; http.header; content:"pixelartrfcontests.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37359961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname xvserty.me"; dns.query; content:"xvserty.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xvserty\.me$/i"; classtype:trojan-activity; sid:37359981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname xvserty.me"; flow:to_server,established; http.header; content: "Host|3a| xvserty.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xvserty\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37359982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//xvserty.me"; flow:to_server,established; http.header; content:"xvserty.me"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37359991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> 59.92.44.237 35056 (msg: "MISP e25715 [] Outgoing URL http|3a|//59.92.44.237|3a|35056/Mozi.m"; flow:to_server,established; http.header; content:"59.92.44.237"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 222.140.195.55 55720 (msg: "MISP e25715 [] Outgoing URL http|3a|//222.140.195.55|3a|55720/i"; flow:to_server,established; http.header; content:"222.140.195.55"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 222.140.195.55 55720 (msg: "MISP e25715 [] Outgoing URL http|3a|//222.140.195.55|3a|55720/bin.sh"; flow:to_server,established; http.header; content:"222.140.195.55"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 222.140.195.55 55720 (msg: "MISP e25715 [] Outgoing URL http|3a|//222.140.195.55|3a|55720/"; flow:to_server,established; http.header; content:"222.140.195.55"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 117.199.74.146 47897 (msg: "MISP e25715 [] Outgoing URL http|3a|//117.199.74.146|3a|47897/Mozi.m"; flow:to_server,established; http.header; content:"117.199.74.146"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert http $HOME_NET any -> 115.50.209.250 54484 (msg: "MISP e25715 [] Outgoing URL http|3a|//115.50.209.250|3a|54484/"; flow:to_server,established; http.header; content:"115.50.209.250"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36988351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25715;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname zpgkqg.com"; dns.query; content:"zpgkqg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zpgkqg\.com$/i"; classtype:trojan-activity; sid:37360011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname zpgkqg.com"; flow:to_server,established; http.header; content: "Host|3a| zpgkqg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zpgkqg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37360012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//zpgkqg.com/gg/index.html"; flow:to_server,established; http.header; content:"zpgkqg.com"; fast_pattern; nocase; http.uri; content:"/gg/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37360021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname ilg2021.github.io"; dns.query; content:"ilg2021.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ilg2021\.github\.io$/i"; classtype:trojan-activity; sid:37360041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname ilg2021.github.io"; flow:to_server,established; http.header; content: "Host|3a| ilg2021.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ilg2021\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37360042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//ilg2021.github.io/telegram-webk/"; flow:to_server,established; http.header; content:"ilg2021.github.io"; fast_pattern; nocase; http.uri; content:"/telegram-webk/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37360051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname freelearningtre.com"; dns.query; content:"freelearningtre.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freelearningtre\.com$/i"; classtype:trojan-activity; sid:37360071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname freelearningtre.com"; flow:to_server,established; http.header; content: "Host|3a| freelearningtre.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freelearningtre\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37360072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//freelearningtre.com/"; flow:to_server,established; http.header; content:"freelearningtre.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37360081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname lucah-malay-virall.live-vip.my.id"; dns.query; content:"lucah-malay-virall.live-vip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucah\-malay\-virall\.live\-vip\.my\.id$/i"; classtype:trojan-activity; sid:37360101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname lucah-malay-virall.live-vip.my.id"; flow:to_server,established; http.header; content: "Host|3a| lucah-malay-virall.live-vip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucah\-malay\-virall\.live\-vip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37360102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert dns any any -> any any (msg: "MISP e26514 [] Hostname bafybeicwzepw3lu6sogrflfewoiz3wkxx6jiossqnlztadvmj274q47zzu.ipfs.dweb.link"; dns.query; content:"bafybeicwzepw3lu6sogrflfewoiz3wkxx6jiossqnlztadvmj274q47zzu.ipfs.dweb.link"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeicwzepw3lu6sogrflfewoiz3wkxx6jiossqnlztadvmj274q47zzu\.ipfs\.dweb\.link$/i"; classtype:trojan-activity; sid:37360131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26514 [] Outgoing HTTP Hostname bafybeicwzepw3lu6sogrflfewoiz3wkxx6jiossqnlztadvmj274q47zzu.ipfs.dweb.link"; flow:to_server,established; http.header; content: "Host|3a| bafybeicwzepw3lu6sogrflfewoiz3wkxx6jiossqnlztadvmj274q47zzu.ipfs.dweb.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeicwzepw3lu6sogrflfewoiz3wkxx6jiossqnlztadvmj274q47zzu\.ipfs\.dweb\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37360132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26514 [] Outgoing URL http|3a|//bafybeicwzepw3lu6sogrflfewoiz3wkxx6jiossqnlztadvmj274q47zzu.ipfs.dweb.link/onedrive.html"; flow:to_server,established; http.header; content:"bafybeicwzepw3lu6sogrflfewoiz3wkxx6jiossqnlztadvmj274q47zzu.ipfs.dweb.link"; fast_pattern; nocase; http.uri; content:"/onedrive.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37360141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26514;) alert http $HOME_NET any -> 193.222.96.25 $HTTP_PORTS (msg: "MISP e25652 [CobaltStrike,Constant MOULIN,cs-watermark-987654321] Outgoing URL http|3a|//193.222.96.25/updates"; flow:to_server,established; http.header; content:"193.222.96.25"; fast_pattern; nocase; http.uri; content:"/updates"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36902621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25652;) alert http $HOME_NET any -> 193.222.96.25 $HTTP_PORTS (msg: "MISP e25873 [CobaltStrike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing URL http|3a|//193.222.96.25/updates"; flow:to_server,established; http.header; content:"193.222.96.25"; fast_pattern; nocase; http.uri; content:"/updates"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 59.178.76.117 40399 (msg: "MISP e25851 [] Outgoing URL http|3a|//59.178.76.117|3a|40399/mozi.m"; flow:to_server,established; http.header; content:"59.178.76.117"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37020581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 59.178.76.117 40399 (msg: "MISP e25873 [misp:confidence-level="fairly-confident"] Outgoing URL http|3a|//59.178.76.117|3a|40399/Mozi.m"; flow:to_server,established; http.header; content:"59.178.76.117"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 192.236.162.234 80 (msg: "MISP e25873 [infostealer,LokiBot,stealer,misp-galaxy:malpedia="Loki",misp-galaxy:malpedia="LokiBot",misp-galaxy:malpedia="Loki Password Stealer (PWS)",misp:confidence-level="usually-confident"] Outgoing To IP: 192.236.162.234|80"; classtype:trojan-activity; sid:37031651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 103.86.130.85 443 (msg: "MISP e25851 [c2,Get2] Outgoing To IP: 103.86.130.85|443"; classtype:trojan-activity; sid:37020601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 103.86.130.85 443 (msg: "MISP e25873 [c2,Get2,misp:confidence-level="usually-confident"] Outgoing To IP: 103.86.130.85|443"; classtype:trojan-activity; sid:37031661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25851 [dcrat] Outgoing URL http|3a|//hammiest-dependents.000webhostapp.com/667f720d.php"; flow:to_server,established; http.header; content:"hammiest-dependents.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/667f720d.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37020611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25873 [dcrat] Outgoing URL http|3a|//hammiest-dependents.000webhostapp.com/667f720d.php"; flow:to_server,established; http.header; content:"hammiest-dependents.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/667f720d.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25675 [] Domain mitarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"mitarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:36906321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25675;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25675 [] Outgoing HTTP Domain mitarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mitarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36906322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25675;) alert ip $HOME_NET any -> 91.92.247.108 1986 (msg: "MISP e25851 [AveMariaRAT,RAT] Outgoing To IP: 91.92.247.108|1986"; classtype:trojan-activity; sid:37020621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 91.92.247.108 1986 (msg: "MISP e25873 [] Outgoing To IP: 91.92.247.108|1986"; classtype:trojan-activity; sid:37031681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25851 [] Domain telergraml.org"; dns.query; content:"telergraml.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])telergraml\.org$/i"; classtype:trojan-activity; sid:37020571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [] Outgoing HTTP Domain telergraml.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"telergraml.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])telergraml\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37020572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 192.236.162.234 80 (msg: "MISP e25851 [infostealer,LokiBot,stealer] Outgoing To IP: 192.236.162.234|80"; classtype:trojan-activity; sid:37020591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25851 [] Outgoing URL http|3a|//telergraml.org/"; flow:to_server,established; http.header; content:"telergraml.org"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37020561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 37.48.88.177 $HTTP_PORTS (msg: "MISP e25821 [] Outgoing URL http|3a|//37.48.88.177/bCdIkBUlEyeS175.bin"; flow:to_server,established; http.header; content:"37.48.88.177"; fast_pattern; nocase; http.uri; content:"/bCdIkBUlEyeS175.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37006061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25821;) alert ip $HOME_NET any -> 46.183.223.29 2404 (msg: "MISP e25821 [] Outgoing To IP: 46.183.223.29|2404"; classtype:trojan-activity; sid:37006071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25821;) alert ip $HOME_NET any -> 193.222.96.162 8443 (msg: "MISP e25851 [sliver,UNKNOW] Outgoing To IP: 193.222.96.162|8443"; classtype:trojan-activity; sid:37020631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 193.222.96.162 53535 (msg: "MISP e25851 [sliver,UNKNOW] Outgoing To IP: 193.222.96.162|53535"; classtype:trojan-activity; sid:37020641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 20.61.4.19 4005 (msg: "MISP e25851 [MICROSOFT-CORP-MSN-AS-BLOCK,sliver] Outgoing To IP: 20.61.4.19|4005"; classtype:trojan-activity; sid:37020651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 20.61.4.19 4006 (msg: "MISP e25851 [MICROSOFT-CORP-MSN-AS-BLOCK,sliver] Outgoing To IP: 20.61.4.19|4006"; classtype:trojan-activity; sid:37020661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 35.73.145.106 80 (msg: "MISP e25851 [AMAZON-02,Brute Ratel C4] Outgoing To IP: 35.73.145.106|80"; classtype:trojan-activity; sid:37020671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.78.32.214 443 (msg: "MISP e25851 [Havoc,XTOM xTom] Outgoing To IP: 45.78.32.214|443"; classtype:trojan-activity; sid:37020681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 141.98.168.243 443 (msg: "MISP e25851 [Havoc,STARK-INDUSTRIES] Outgoing To IP: 141.98.168.243|443"; classtype:trojan-activity; sid:37020691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 141.98.168.243 80 (msg: "MISP e25851 [Havoc,STARK-INDUSTRIES] Outgoing To IP: 141.98.168.243|80"; classtype:trojan-activity; sid:37020701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.137.10.34 3333 (msg: "MISP e25851 [Havoc,XNNET] Outgoing To IP: 45.137.10.34|3333"; classtype:trojan-activity; sid:37020711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 84.237.209.170 995 (msg: "MISP e25851 [APOLLO-AS Latvia,QakBot] Outgoing To IP: 84.237.209.170|995"; classtype:trojan-activity; sid:37020721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 41.97.152.52 443 (msg: "MISP e25851 [ALGTEL-AS,QakBot] Outgoing To IP: 41.97.152.52|443"; classtype:trojan-activity; sid:37020731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 41.98.253.127 443 (msg: "MISP e25851 [ALGTEL-AS,QakBot] Outgoing To IP: 41.98.253.127|443"; classtype:trojan-activity; sid:37020741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 41.251.199.21 995 (msg: "MISP e25851 [MT-MPLS,QakBot] Outgoing To IP: 41.251.199.21|995"; classtype:trojan-activity; sid:37020751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 41.99.71.216 443 (msg: "MISP e25851 [ALGTEL-AS,QakBot] Outgoing To IP: 41.99.71.216|443"; classtype:trojan-activity; sid:37020761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 123.57.3.221 8888 (msg: "MISP e25851 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Supershell] Outgoing To IP: 123.57.3.221|8888"; classtype:trojan-activity; sid:37020771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 116.204.123.237 8888 (msg: "MISP e25851 [HWCSNET Huawei Cloud Service data center,Supershell] Outgoing To IP: 116.204.123.237|8888"; classtype:trojan-activity; sid:37020781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 103.145.107.109 8888 (msg: "MISP e25851 [CLOUDIE-AS-AP Cloudie Limited,Supershell] Outgoing To IP: 103.145.107.109|8888"; classtype:trojan-activity; sid:37020791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.15.159.130 80 (msg: "MISP e25851 [AEZA-AS,Meduza Stealer] Outgoing To IP: 45.15.159.130|80"; classtype:trojan-activity; sid:37020801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 91.92.245.248 1985 (msg: "MISP e25851 [AveMariaRAT,RAT] Outgoing To IP: 91.92.245.248|1985"; classtype:trojan-activity; sid:37020811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.15.159.130 80 (msg: "MISP e25873 [] Outgoing To IP: 45.15.159.130|80"; classtype:trojan-activity; sid:37031691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 103.145.107.109 8888 (msg: "MISP e25873 [] Outgoing To IP: 103.145.107.109|8888"; classtype:trojan-activity; sid:37031701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 116.204.123.237 8888 (msg: "MISP e25873 [] Outgoing To IP: 116.204.123.237|8888"; classtype:trojan-activity; sid:37031711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 123.57.3.221 8888 (msg: "MISP e25873 [] Outgoing To IP: 123.57.3.221|8888"; classtype:trojan-activity; sid:37031721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 41.99.71.216 443 (msg: "MISP e25873 [] Outgoing To IP: 41.99.71.216|443"; classtype:trojan-activity; sid:37031731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 41.251.199.21 995 (msg: "MISP e25873 [] Outgoing To IP: 41.251.199.21|995"; classtype:trojan-activity; sid:37031741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 41.98.253.127 443 (msg: "MISP e25873 [] Outgoing To IP: 41.98.253.127|443"; classtype:trojan-activity; sid:37031751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 41.97.152.52 443 (msg: "MISP e25873 [] Outgoing To IP: 41.97.152.52|443"; classtype:trojan-activity; sid:37031761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 84.237.209.170 995 (msg: "MISP e25873 [] Outgoing To IP: 84.237.209.170|995"; classtype:trojan-activity; sid:37031771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 45.137.10.34 3333 (msg: "MISP e25873 [] Outgoing To IP: 45.137.10.34|3333"; classtype:trojan-activity; sid:37031781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 141.98.168.243 80 (msg: "MISP e25873 [] Outgoing To IP: 141.98.168.243|80"; classtype:trojan-activity; sid:37031791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 141.98.168.243 443 (msg: "MISP e25873 [] Outgoing To IP: 141.98.168.243|443"; classtype:trojan-activity; sid:37031801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 45.78.32.214 443 (msg: "MISP e25873 [] Outgoing To IP: 45.78.32.214|443"; classtype:trojan-activity; sid:37031811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 35.73.145.106 80 (msg: "MISP e25873 [] Outgoing To IP: 35.73.145.106|80"; classtype:trojan-activity; sid:37031821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 20.61.4.19 4005 (msg: "MISP e25873 [] Outgoing To IP: 20.61.4.19|4005"; classtype:trojan-activity; sid:37031831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 20.61.4.19 4006 (msg: "MISP e25873 [] Outgoing To IP: 20.61.4.19|4006"; classtype:trojan-activity; sid:37031841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 193.222.96.162 53535 (msg: "MISP e25873 [] Outgoing To IP: 193.222.96.162|53535"; classtype:trojan-activity; sid:37031851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 193.222.96.162 8443 (msg: "MISP e25873 [] Outgoing To IP: 193.222.96.162|8443"; classtype:trojan-activity; sid:37031861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 91.92.245.248 1985 (msg: "MISP e25873 [] Outgoing To IP: 91.92.245.248|1985"; classtype:trojan-activity; sid:37031871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 18.229.146.63 18785 (msg: "MISP e25873 [] Outgoing To IP: 18.229.146.63|18785"; classtype:trojan-activity; sid:37031881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 18.228.115.60 18785 (msg: "MISP e25873 [] Outgoing To IP: 18.228.115.60|18785"; classtype:trojan-activity; sid:37031891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 18.229.248.167 18785 (msg: "MISP e25873 [] Outgoing To IP: 18.229.248.167|18785"; classtype:trojan-activity; sid:37031901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 88.99.38.67 443 (msg: "MISP e25851 [Vidar] Outgoing To IP: 88.99.38.67|443"; classtype:trojan-activity; sid:37020821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 95.217.28.5 443 (msg: "MISP e25851 [Vidar] Outgoing To IP: 95.217.28.5|443"; classtype:trojan-activity; sid:37020831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 95.217.28.5 443 (msg: "MISP e25873 [] Outgoing To IP: 95.217.28.5|443"; classtype:trojan-activity; sid:37031931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 88.99.38.67 443 (msg: "MISP e25873 [] Outgoing To IP: 88.99.38.67|443"; classtype:trojan-activity; sid:37031941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing URL cnscard-lu.com"; flow:to_server,established; http.uri; content:"cnscard-lu.com"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 147.124.221.85 8086 (msg: "MISP e25851 [c2,cobalt_strike] Outgoing To IP: 147.124.221.85|8086"; classtype:trojan-activity; sid:37020861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 91.230.110.126 80 (msg: "MISP e25851 [c2,cobalt_strike] Outgoing To IP: 91.230.110.126|80"; classtype:trojan-activity; sid:37020871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 91.230.110.126 80 (msg: "MISP e25873 [] Outgoing To IP: 91.230.110.126|80"; classtype:trojan-activity; sid:37031961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 147.124.221.85 8086 (msg: "MISP e25873 [] Outgoing To IP: 147.124.221.85|8086"; classtype:trojan-activity; sid:37031971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e24600 [] Domain solarhomeph.com"; dns.query; content:"solarhomeph.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])solarhomeph\.com$/i"; classtype:trojan-activity; sid:37018361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain solarhomeph.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"solarhomeph.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])solarhomeph\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37018362; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain sante-lu.com"; dns.query; content:"sante-lu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sante\-lu\.com$/i"; classtype:trojan-activity; sid:37018391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain sante-lu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sante-lu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sante\-lu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37018392; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain fireaq.com"; dns.query; content:"fireaq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fireaq\.com$/i"; classtype:trojan-activity; sid:37018441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain fireaq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fireaq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fireaq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37018442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 130.61.130.111 2087 (msg: "MISP e25851 [c2,sliver] Outgoing To IP: 130.61.130.111|2087"; classtype:trojan-activity; sid:37020891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 130.61.130.111 2087 (msg: "MISP e25873 [] Outgoing To IP: 130.61.130.111|2087"; classtype:trojan-activity; sid:37031981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 45.142.182.104 4568 (msg: "MISP e25873 [] Outgoing To IP: 45.142.182.104|4568"; classtype:trojan-activity; sid:37031991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e24599 [] Outgoing URL http|3a|//5-102-149-118.cust.cloudscale.ch/iwb12-paravoce-com-br/?convite=ZXhhbXBsZUBlbWFpbC5jb20="; flow:to_server,established; http.header; content:"5-102-149-118.cust.cloudscale.ch"; fast_pattern; nocase; http.uri; content:"/iwb12-paravoce-com-br/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37007141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert ip $HOME_NET any -> 45.142.182.104 4568 (msg: "MISP e25851 [njrat,RAT] Outgoing To IP: 45.142.182.104|4568"; classtype:trojan-activity; sid:37020881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 39.105.101.138 80 (msg: "MISP e25851 [c2,cobalt_strike] Outgoing To IP: 39.105.101.138|80"; classtype:trojan-activity; sid:37020901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25822 [] Domain venitro.com"; dns.query; content:"venitro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])venitro\.com$/i"; classtype:trojan-activity; sid:37006261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain venitro.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"venitro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])venitro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain 0854n5.shop"; dns.query; content:"0854n5.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])0854n5\.shop$/i"; classtype:trojan-activity; sid:37006271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain 0854n5.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"0854n5.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])0854n5\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain 123bu6.shop"; dns.query; content:"123bu6.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])123bu6\.shop$/i"; classtype:trojan-activity; sid:37006281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain 123bu6.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"123bu6.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])123bu6\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain 169cc.xyz"; dns.query; content:"169cc.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])169cc\.xyz$/i"; classtype:trojan-activity; sid:37006291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain 169cc.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"169cc.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])169cc\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain 247fracing.com"; dns.query; content:"247fracing.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])247fracing\.com$/i"; classtype:trojan-activity; sid:37006301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain 247fracing.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"247fracing.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])247fracing\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain 2660348.top"; dns.query; content:"2660348.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])2660348\.top$/i"; classtype:trojan-activity; sid:37006311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain 2660348.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"2660348.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])2660348\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain 6733633.com"; dns.query; content:"6733633.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])6733633\.com$/i"; classtype:trojan-activity; sid:37006321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain 6733633.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"6733633.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])6733633\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain 883831.com"; dns.query; content:"883831.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])883831\.com$/i"; classtype:trojan-activity; sid:37006331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain 883831.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"883831.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])883831\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain 8x101n.xyz"; dns.query; content:"8x101n.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])8x101n\.xyz$/i"; classtype:trojan-activity; sid:37006341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain 8x101n.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"8x101n.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])8x101n\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain accepted6.com"; dns.query; content:"accepted6.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])accepted6\.com$/i"; classtype:trojan-activity; sid:37006351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain accepted6.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"accepted6.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])accepted6\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain aicashu.com"; dns.query; content:"aicashu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aicashu\.com$/i"; classtype:trojan-activity; sid:37006361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain aicashu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aicashu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aicashu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain alqamarhotel.com"; dns.query; content:"alqamarhotel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])alqamarhotel\.com$/i"; classtype:trojan-activity; sid:37006371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain alqamarhotel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"alqamarhotel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])alqamarhotel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain alterdpxlmarketing.com"; dns.query; content:"alterdpxlmarketing.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])alterdpxlmarketing\.com$/i"; classtype:trojan-activity; sid:37006381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain alterdpxlmarketing.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"alterdpxlmarketing.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])alterdpxlmarketing\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain amiciperlacoda.com"; dns.query; content:"amiciperlacoda.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])amiciperlacoda\.com$/i"; classtype:trojan-activity; sid:37006391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain amiciperlacoda.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"amiciperlacoda.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])amiciperlacoda\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain ampsportss.com"; dns.query; content:"ampsportss.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ampsportss\.com$/i"; classtype:trojan-activity; sid:37006401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain ampsportss.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ampsportss.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ampsportss\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain artbydianayorktownva.com"; dns.query; content:"artbydianayorktownva.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])artbydianayorktownva\.com$/i"; classtype:trojan-activity; sid:37006411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain artbydianayorktownva.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"artbydianayorktownva.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])artbydianayorktownva\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain batuoe.com"; dns.query; content:"batuoe.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])batuoe\.com$/i"; classtype:trojan-activity; sid:37006421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain batuoe.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"batuoe.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])batuoe\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain beautyloungebydede.online"; dns.query; content:"beautyloungebydede.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])beautyloungebydede\.online$/i"; classtype:trojan-activity; sid:37006431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain beautyloungebydede.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beautyloungebydede.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beautyloungebydede\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain biosif.com"; dns.query; content:"biosif.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])biosif\.com$/i"; classtype:trojan-activity; sid:37006441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain biosif.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"biosif.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])biosif\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain budgetnurseries.com"; dns.query; content:"budgetnurseries.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])budgetnurseries\.com$/i"; classtype:trojan-activity; sid:37006451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain budgetnurseries.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"budgetnurseries.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])budgetnurseries\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain buflitr.com"; dns.query; content:"buflitr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])buflitr\.com$/i"; classtype:trojan-activity; sid:37006461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain buflitr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"buflitr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])buflitr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain camelpmkrf.com"; dns.query; content:"camelpmkrf.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])camelpmkrf\.com$/i"; classtype:trojan-activity; sid:37006471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain camelpmkrf.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"camelpmkrf.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])camelpmkrf\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain collline.com"; dns.query; content:"collline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])collline\.com$/i"; classtype:trojan-activity; sid:37006481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain collline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"collline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])collline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain creditspisatylegko.site"; dns.query; content:"creditspisatylegko.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])creditspisatylegko\.site$/i"; classtype:trojan-activity; sid:37006491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain creditspisatylegko.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"creditspisatylegko.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])creditspisatylegko\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain dianetion.com"; dns.query; content:"dianetion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dianetion\.com$/i"; classtype:trojan-activity; sid:37006501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain dianetion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dianetion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dianetion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain elbt-ag.com"; dns.query; content:"elbt-ag.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])elbt\-ag\.com$/i"; classtype:trojan-activity; sid:37006511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain elbt-ag.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elbt-ag.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elbt\-ag\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain elenorbet327.com"; dns.query; content:"elenorbet327.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])elenorbet327\.com$/i"; classtype:trojan-activity; sid:37006521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain elenorbet327.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elenorbet327.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elenorbet327\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain functional-yarns.com"; dns.query; content:"functional-yarns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])functional\-yarns\.com$/i"; classtype:trojan-activity; sid:37006531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain functional-yarns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"functional-yarns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])functional\-yarns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain harborspringsfire.com"; dns.query; content:"harborspringsfire.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])harborspringsfire\.com$/i"; classtype:trojan-activity; sid:37006541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain harborspringsfire.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"harborspringsfire.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])harborspringsfire\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain inovarevending.com"; dns.query; content:"inovarevending.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])inovarevending\.com$/i"; classtype:trojan-activity; sid:37006551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain inovarevending.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"inovarevending.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])inovarevending\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain ioherstrulybeauty.com"; dns.query; content:"ioherstrulybeauty.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ioherstrulybeauty\.com$/i"; classtype:trojan-activity; sid:37006561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain ioherstrulybeauty.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ioherstrulybeauty.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ioherstrulybeauty\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain jokergiftcard.buzz"; dns.query; content:"jokergiftcard.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])jokergiftcard\.buzz$/i"; classtype:trojan-activity; sid:37006571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain jokergiftcard.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jokergiftcard.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jokergiftcard\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain jxscols.top"; dns.query; content:"jxscols.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])jxscols\.top$/i"; classtype:trojan-activity; sid:37006581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain jxscols.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jxscols.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jxscols\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain loading-231412.info"; dns.query; content:"loading-231412.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])loading\-231412\.info$/i"; classtype:trojan-activity; sid:37006591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain loading-231412.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loading-231412.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loading\-231412\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain loscaseros.com"; dns.query; content:"loscaseros.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loscaseros\.com$/i"; classtype:trojan-activity; sid:37006601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain loscaseros.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loscaseros.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loscaseros\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain mavbam.com"; dns.query; content:"mavbam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mavbam\.com$/i"; classtype:trojan-activity; sid:37006611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain mavbam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mavbam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mavbam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain mediayoki.site"; dns.query; content:"mediayoki.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])mediayoki\.site$/i"; classtype:trojan-activity; sid:37006621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain mediayoki.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mediayoki.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mediayoki\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain mosaica.online"; dns.query; content:"mosaica.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])mosaica\.online$/i"; classtype:trojan-activity; sid:37006631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain mosaica.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mosaica.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mosaica\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain mrbmed.com"; dns.query; content:"mrbmed.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mrbmed\.com$/i"; classtype:trojan-activity; sid:37006641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain mrbmed.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mrbmed.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mrbmed\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain mtdiyx.xyz"; dns.query; content:"mtdiyx.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])mtdiyx\.xyz$/i"; classtype:trojan-activity; sid:37006651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain mtdiyx.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mtdiyx.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mtdiyx\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain myxtremecleanshq.services"; dns.query; content:"myxtremecleanshq.services"; nocase; pcre: "/(^|[^A-Za-z0-9-])myxtremecleanshq\.services$/i"; classtype:trojan-activity; sid:37006661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain myxtremecleanshq.services"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"myxtremecleanshq.services"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])myxtremecleanshq\.services[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain naples.beauty"; dns.query; content:"naples.beauty"; nocase; pcre: "/(^|[^A-Za-z0-9-])naples\.beauty$/i"; classtype:trojan-activity; sid:37006671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain naples.beauty"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naples.beauty"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naples\.beauty[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain qieqyt.xyz"; dns.query; content:"qieqyt.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])qieqyt\.xyz$/i"; classtype:trojan-activity; sid:37006681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain qieqyt.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qieqyt.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qieqyt\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain roelofsen.online"; dns.query; content:"roelofsen.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])roelofsen\.online$/i"; classtype:trojan-activity; sid:37006691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain roelofsen.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"roelofsen.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])roelofsen\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain sciencemediainstitute.com"; dns.query; content:"sciencemediainstitute.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sciencemediainstitute\.com$/i"; classtype:trojan-activity; sid:37006701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain sciencemediainstitute.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sciencemediainstitute.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sciencemediainstitute\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain sgyy3ej2dgwesb5.com"; dns.query; content:"sgyy3ej2dgwesb5.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sgyy3ej2dgwesb5\.com$/i"; classtype:trojan-activity; sid:37006711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain sgyy3ej2dgwesb5.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sgyy3ej2dgwesb5.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sgyy3ej2dgwesb5\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain smnyg.com"; dns.query; content:"smnyg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])smnyg\.com$/i"; classtype:trojan-activity; sid:37006721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain smnyg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smnyg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smnyg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain soulheroes.online"; dns.query; content:"soulheroes.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])soulheroes\.online$/i"; classtype:trojan-activity; sid:37006731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain soulheroes.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"soulheroes.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])soulheroes\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain stadtliche-arbeit.info"; dns.query; content:"stadtliche-arbeit.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])stadtliche\-arbeit\.info$/i"; classtype:trojan-activity; sid:37006741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain stadtliche-arbeit.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stadtliche-arbeit.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stadtliche\-arbeit\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain survivordental.com"; dns.query; content:"survivordental.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])survivordental\.com$/i"; classtype:trojan-activity; sid:37006751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain survivordental.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"survivordental.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])survivordental\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain techn9nehollywoodundead.com"; dns.query; content:"techn9nehollywoodundead.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])techn9nehollywoodundead\.com$/i"; classtype:trojan-activity; sid:37006761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain techn9nehollywoodundead.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"techn9nehollywoodundead.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])techn9nehollywoodundead\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain theanhedonia.com"; dns.query; content:"theanhedonia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])theanhedonia\.com$/i"; classtype:trojan-activity; sid:37006771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain theanhedonia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"theanhedonia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])theanhedonia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain thelectricandsolar.com"; dns.query; content:"thelectricandsolar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thelectricandsolar\.com$/i"; classtype:trojan-activity; sid:37006781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain thelectricandsolar.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thelectricandsolar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thelectricandsolar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain truedatalab.com"; dns.query; content:"truedatalab.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truedatalab\.com$/i"; classtype:trojan-activity; sid:37006791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain truedatalab.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truedatalab.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truedatalab\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain tryscriptify.com"; dns.query; content:"tryscriptify.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tryscriptify\.com$/i"; classtype:trojan-activity; sid:37006801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain tryscriptify.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tryscriptify.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tryscriptify\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain tulisanemas.com"; dns.query; content:"tulisanemas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tulisanemas\.com$/i"; classtype:trojan-activity; sid:37006811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain tulisanemas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tulisanemas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tulisanemas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain twinklethrive.com"; dns.query; content:"twinklethrive.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])twinklethrive\.com$/i"; classtype:trojan-activity; sid:37006821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain twinklethrive.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"twinklethrive.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])twinklethrive\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain ufocafe.net"; dns.query; content:"ufocafe.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ufocafe\.net$/i"; classtype:trojan-activity; sid:37006831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain ufocafe.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ufocafe.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ufocafe\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain ug19bklo.com"; dns.query; content:"ug19bklo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ug19bklo\.com$/i"; classtype:trojan-activity; sid:37006841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain ug19bklo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ug19bklo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ug19bklo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain v72999.com"; dns.query; content:"v72999.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])v72999\.com$/i"; classtype:trojan-activity; sid:37006851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain v72999.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"v72999.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])v72999\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain vendorato.online"; dns.query; content:"vendorato.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])vendorato\.online$/i"; classtype:trojan-activity; sid:37006861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain vendorato.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vendorato.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vendorato\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain whatsapp1.autos"; dns.query; content:"whatsapp1.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])whatsapp1\.autos$/i"; classtype:trojan-activity; sid:37006871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain whatsapp1.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"whatsapp1.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])whatsapp1\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain yzyz841.xyz"; dns.query; content:"yzyz841.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])yzyz841\.xyz$/i"; classtype:trojan-activity; sid:37006881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain yzyz841.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yzyz841.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yzyz841\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain zezfhys.com"; dns.query; content:"zezfhys.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zezfhys\.com$/i"; classtype:trojan-activity; sid:37006891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain zezfhys.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zezfhys.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zezfhys\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert dns any any -> any any (msg: "MISP e25822 [] Domain zom11.com"; dns.query; content:"zom11.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zom11\.com$/i"; classtype:trojan-activity; sid:37006901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25822 [] Outgoing HTTP Domain zom11.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zom11.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zom11\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25822;) alert ip $HOME_NET any -> 156.251.19.27 20399 (msg: "MISP e25873 [] Outgoing To IP: 156.251.19.27|20399"; classtype:trojan-activity; sid:37032001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 39.105.101.138 80 (msg: "MISP e25873 [] Outgoing To IP: 39.105.101.138|80"; classtype:trojan-activity; sid:37032011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 191.101.209.29 20427 (msg: "MISP e25873 [] Outgoing To IP: 191.101.209.29|20427"; classtype:trojan-activity; sid:37032021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 156.251.19.27 20399 (msg: "MISP e25851 [infostealer,RedLine,stealer] Outgoing To IP: 156.251.19.27|20399"; classtype:trojan-activity; sid:37020911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25728 [] Source Email Address: ezequielmartines@cncmas.com.ar"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"ezequielmartines@cncmas.com.ar"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:36949561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25728;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25728 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"AS_CNCMARS01031024.gz|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:36949581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25728;) alert ip 206.189.207.165 any -> $HOME_NET any (msg: "MISP e25728 [] Incoming From IP: 206.189.207.165"; classtype:trojan-activity; sid:36949591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25728;) alert dns any any -> any any (msg: "MISP e25728 [] Domain cengiztopelyildirim.com"; dns.query; content:"cengiztopelyildirim.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cengiztopelyildirim\.com$/i"; classtype:trojan-activity; sid:36949601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25728;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25728 [] Outgoing HTTP Domain cengiztopelyildirim.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cengiztopelyildirim.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cengiztopelyildirim\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36949602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25728;) alert ip $HOME_NET any -> 101.201.46.105 7777 (msg: "MISP e25851 [c2,cobalt_strike] Outgoing To IP: 101.201.46.105|7777"; classtype:trojan-activity; sid:37020921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 104.21.73.201 80 (msg: "MISP e25873 [] Outgoing To IP: 104.21.73.201|80"; classtype:trojan-activity; sid:37032031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 172.67.165.208 80 (msg: "MISP e25873 [] Outgoing To IP: 172.67.165.208|80"; classtype:trojan-activity; sid:37032041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 101.201.46.105 7777 (msg: "MISP e25873 [] Outgoing To IP: 101.201.46.105|7777"; classtype:trojan-activity; sid:37032051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 104.21.73.201 80 (msg: "MISP e25851 [infostealer,LokiBot,stealer] Outgoing To IP: 104.21.73.201|80"; classtype:trojan-activity; sid:37020941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 172.67.165.208 80 (msg: "MISP e25851 [infostealer,LokiBot,stealer] Outgoing To IP: 172.67.165.208|80"; classtype:trojan-activity; sid:37020931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25845 [] Domain asddddd.com"; dns.query; content:"asddddd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asddddd\.com$/i"; classtype:trojan-activity; sid:37019501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25845;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25845 [] Outgoing HTTP Domain asddddd.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asddddd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asddddd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37019502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25845;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25831 [] Outgoing URL http|3a|//project8493881.tilda.ws/"; flow:to_server,established; http.header; content:"project8493881.tilda.ws"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37018651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25831;) alert ip $HOME_NET any -> 43.136.71.208 443 (msg: "MISP e25851 [CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 43.136.71.208|443"; classtype:trojan-activity; sid:37020961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25846 [] Hostname vid.gov-nodokli.net"; dns.query; content:"vid.gov-nodokli.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vid\.gov\-nodokli\.net$/i"; classtype:trojan-activity; sid:37019511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25846 [] Outgoing HTTP Hostname vid.gov-nodokli.net"; flow:to_server,established; http.header; content: "Host|3a| vid.gov-nodokli.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vid\.gov\-nodokli\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37019512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert ip $HOME_NET any -> 43.136.71.208 443 (msg: "MISP e25873 [] Outgoing To IP: 43.136.71.208|443"; classtype:trojan-activity; sid:37032061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 193.233.132.95 50500 (msg: "MISP e25851 [RiseProStealer] Outgoing To IP: 193.233.132.95|50500"; classtype:trojan-activity; sid:37020971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.141.215.56 any (msg: "MISP e26411 [] Outgoing To IP: 45.141.215.56"; classtype:trojan-activity; sid:37283971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 37.19.205.154 any (msg: "MISP e26411 [] Outgoing To IP: 37.19.205.154"; classtype:trojan-activity; sid:37283981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 212.102.51.243 any (msg: "MISP e26411 [] Outgoing To IP: 212.102.51.243"; classtype:trojan-activity; sid:37283991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 212.102.51.242 any (msg: "MISP e26411 [] Outgoing To IP: 212.102.51.242"; classtype:trojan-activity; sid:37284001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 172.86.96.166 any (msg: "MISP e26411 [] Outgoing To IP: 172.86.96.166"; classtype:trojan-activity; sid:37284011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.52.30 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.52.30"; classtype:trojan-activity; sid:37284021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.51.83 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.51.83"; classtype:trojan-activity; sid:37284031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.49.11 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.49.11"; classtype:trojan-activity; sid:37284041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.47.147 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.47.147"; classtype:trojan-activity; sid:37284051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.45.145 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.45.145"; classtype:trojan-activity; sid:37284061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.22.46 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.22.46"; classtype:trojan-activity; sid:37284071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.22.245 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.22.245"; classtype:trojan-activity; sid:37284081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.105.43 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.105.43"; classtype:trojan-activity; sid:37284091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.104.41 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.104.41"; classtype:trojan-activity; sid:37284101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.104.172 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.104.172"; classtype:trojan-activity; sid:37284111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.104.12 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.104.12"; classtype:trojan-activity; sid:37284121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.103.218 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.103.218"; classtype:trojan-activity; sid:37284131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.103.106 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.103.106"; classtype:trojan-activity; sid:37284141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.102.80 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.102.80"; classtype:trojan-activity; sid:37284151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.102.107 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.102.107"; classtype:trojan-activity; sid:37284161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.101.161 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.101.161"; classtype:trojan-activity; sid:37284171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.100.197 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.100.197"; classtype:trojan-activity; sid:37284181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.100.13 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.100.13"; classtype:trojan-activity; sid:37284191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 138.199.53.239 any (msg: "MISP e26411 [] Outgoing To IP: 138.199.53.239"; classtype:trojan-activity; sid:37284201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 138.199.22.105 any (msg: "MISP e26411 [] Outgoing To IP: 138.199.22.105"; classtype:trojan-activity; sid:37284211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 114.122.132.171 any (msg: "MISP e26411 [] Outgoing To IP: 114.122.132.171"; classtype:trojan-activity; sid:37284221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 112.215.253.179 any (msg: "MISP e26411 [] Outgoing To IP: 112.215.253.179"; classtype:trojan-activity; sid:37284231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 112.215.208.219 any (msg: "MISP e26411 [] Outgoing To IP: 112.215.208.219"; classtype:trojan-activity; sid:37284241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 108.181.27.205 any (msg: "MISP e26411 [] Outgoing To IP: 108.181.27.205"; classtype:trojan-activity; sid:37284251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 107.151.188.91 any (msg: "MISP e26411 [] Outgoing To IP: 107.151.188.91"; classtype:trojan-activity; sid:37284261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 104.28.250.136 any (msg: "MISP e26411 [] Outgoing To IP: 104.28.250.136"; classtype:trojan-activity; sid:37284271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 104.28.250.135 any (msg: "MISP e26411 [] Outgoing To IP: 104.28.250.135"; classtype:trojan-activity; sid:37284281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 104.28.218.136 any (msg: "MISP e26411 [] Outgoing To IP: 104.28.218.136"; classtype:trojan-activity; sid:37284291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.99.249 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.99.249"; classtype:trojan-activity; sid:37284301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.98.193 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.98.193"; classtype:trojan-activity; sid:37284311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.98.125 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.98.125"; classtype:trojan-activity; sid:37284321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.51.240 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.51.240"; classtype:trojan-activity; sid:37284331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.49.33 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.49.33"; classtype:trojan-activity; sid:37284341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.49.247 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.49.247"; classtype:trojan-activity; sid:37284351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.47.253 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.47.253"; classtype:trojan-activity; sid:37284361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.47.116 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.47.116"; classtype:trojan-activity; sid:37284371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.45.86 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.45.86"; classtype:trojan-activity; sid:37284381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.45.43 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.45.43"; classtype:trojan-activity; sid:37284391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.45.223 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.45.223"; classtype:trojan-activity; sid:37284401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.45.192 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.45.192"; classtype:trojan-activity; sid:37284411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.45.148 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.45.148"; classtype:trojan-activity; sid:37284421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.43.96 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.43.96"; classtype:trojan-activity; sid:37284431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.43.91 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.43.91"; classtype:trojan-activity; sid:37284441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.43.75 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.43.75"; classtype:trojan-activity; sid:37284451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.43.62 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.43.62"; classtype:trojan-activity; sid:37284461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.43.30 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.43.30"; classtype:trojan-activity; sid:37284471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.43.213 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.43.213"; classtype:trojan-activity; sid:37284481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.41.83 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.41.83"; classtype:trojan-activity; sid:37284491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.39.93 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.39.93"; classtype:trojan-activity; sid:37284501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.39.220 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.39.220"; classtype:trojan-activity; sid:37284511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.37.94 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.37.94"; classtype:trojan-activity; sid:37284521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.37.56 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.37.56"; classtype:trojan-activity; sid:37284531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.37.52 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.37.52"; classtype:trojan-activity; sid:37284541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.37.206 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.37.206"; classtype:trojan-activity; sid:37284551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.37.190 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.37.190"; classtype:trojan-activity; sid:37284561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.24.82 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.24.82"; classtype:trojan-activity; sid:37284571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.24.101 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.24.101"; classtype:trojan-activity; sid:37284581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.22.36 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.22.36"; classtype:trojan-activity; sid:37284591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.22.201 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.22.201"; classtype:trojan-activity; sid:37284601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.22.16 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.22.16"; classtype:trojan-activity; sid:37284611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.22.143 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.22.143"; classtype:trojan-activity; sid:37284621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.18.44 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.18.44"; classtype:trojan-activity; sid:37284631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.18.249 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.18.249"; classtype:trojan-activity; sid:37284641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.18.201 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.18.201"; classtype:trojan-activity; sid:37284651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.18.169 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.18.169"; classtype:trojan-activity; sid:37284661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.18.150 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.18.150"; classtype:trojan-activity; sid:37284671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.18.137 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.18.137"; classtype:trojan-activity; sid:37284681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.18.112 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.18.112"; classtype:trojan-activity; sid:37284691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.16.70 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.16.70"; classtype:trojan-activity; sid:37284701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.16.17 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.16.17"; classtype:trojan-activity; sid:37284711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.16.130 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.16.130"; classtype:trojan-activity; sid:37284721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.105.30 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.105.30"; classtype:trojan-activity; sid:37284731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.105.3 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.105.3"; classtype:trojan-activity; sid:37284741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.105.223 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.105.223"; classtype:trojan-activity; sid:37284751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.105.188 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.105.188"; classtype:trojan-activity; sid:37284761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.105.137 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.105.137"; classtype:trojan-activity; sid:37284771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.105.118 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.105.118"; classtype:trojan-activity; sid:37284781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.104.222 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.104.222"; classtype:trojan-activity; sid:37284791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.104.217 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.104.217"; classtype:trojan-activity; sid:37284801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.104.203 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.104.203"; classtype:trojan-activity; sid:37284811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.104.162 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.104.162"; classtype:trojan-activity; sid:37284821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.103.222 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.103.222"; classtype:trojan-activity; sid:37284831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.103.210 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.103.210"; classtype:trojan-activity; sid:37284841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.103.17 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.103.17"; classtype:trojan-activity; sid:37284851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.102.5 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.102.5"; classtype:trojan-activity; sid:37284861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.102.224 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.102.224"; classtype:trojan-activity; sid:37284871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.102.193 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.102.193"; classtype:trojan-activity; sid:37284881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.102.172 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.102.172"; classtype:trojan-activity; sid:37284891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.101.86 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.101.86"; classtype:trojan-activity; sid:37284901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.101.227 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.101.227"; classtype:trojan-activity; sid:37284911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.101.20 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.101.20"; classtype:trojan-activity; sid:37284921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.101.179 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.101.179"; classtype:trojan-activity; sid:37284931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.101.17 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.101.17"; classtype:trojan-activity; sid:37284941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.101.128 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.101.128"; classtype:trojan-activity; sid:37284951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.100.76 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.100.76"; classtype:trojan-activity; sid:37284961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.100.44 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.100.44"; classtype:trojan-activity; sid:37284971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.100.152 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.100.152"; classtype:trojan-activity; sid:37284981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.100.136 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.100.136"; classtype:trojan-activity; sid:37284991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.100.131 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.100.131"; classtype:trojan-activity; sid:37285001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 140.213.100.127 any (msg: "MISP e26411 [] Outgoing To IP: 140.213.100.127"; classtype:trojan-activity; sid:37285011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 112.215.210.73 any (msg: "MISP e26411 [] Outgoing To IP: 112.215.210.73"; classtype:trojan-activity; sid:37285021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 112.215.210.187 any (msg: "MISP e26411 [] Outgoing To IP: 112.215.210.187"; classtype:trojan-activity; sid:37285031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 112.215.210.145 any (msg: "MISP e26411 [] Outgoing To IP: 112.215.210.145"; classtype:trojan-activity; sid:37285041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 112.215.209.144 any (msg: "MISP e26411 [] Outgoing To IP: 112.215.209.144"; classtype:trojan-activity; sid:37285051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 112.215.209.131 any (msg: "MISP e26411 [] Outgoing To IP: 112.215.209.131"; classtype:trojan-activity; sid:37285061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 112.215.208.204 any (msg: "MISP e26411 [] Outgoing To IP: 112.215.208.204"; classtype:trojan-activity; sid:37285071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 112.215.208.135 any (msg: "MISP e26411 [] Outgoing To IP: 112.215.208.135"; classtype:trojan-activity; sid:37285081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 104.28.218.135 any (msg: "MISP e26411 [] Outgoing To IP: 104.28.218.135"; classtype:trojan-activity; sid:37285091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert dns any any -> any any (msg: "MISP e26411 [] Domain congtyxaydungvuhiep.com"; dns.query; content:"congtyxaydungvuhiep.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])congtyxaydungvuhiep\.com$/i"; classtype:trojan-activity; sid:37285101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26411 [] Outgoing HTTP Domain congtyxaydungvuhiep.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"congtyxaydungvuhiep.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])congtyxaydungvuhiep\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert dns any any -> any any (msg: "MISP e26411 [] Domain 3dlntl-paypal.com"; dns.query; content:"3dlntl-paypal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])3dlntl\-paypal\.com$/i"; classtype:trojan-activity; sid:37285111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26411 [] Outgoing HTTP Domain 3dlntl-paypal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"3dlntl-paypal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])3dlntl\-paypal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert dns any any -> any any (msg: "MISP e26411 [] Domain 3dlntlpaypalcard.com"; dns.query; content:"3dlntlpaypalcard.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])3dlntlpaypalcard\.com$/i"; classtype:trojan-activity; sid:37285121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26411 [] Outgoing HTTP Domain 3dlntlpaypalcard.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"3dlntlpaypalcard.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])3dlntlpaypalcard\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert dns any any -> any any (msg: "MISP e26411 [] Domain lntl-paypal.com"; dns.query; content:"lntl-paypal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lntl\-paypal\.com$/i"; classtype:trojan-activity; sid:37285131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26411 [] Outgoing HTTP Domain lntl-paypal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lntl-paypal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lntl\-paypal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert dns any any -> any any (msg: "MISP e26411 [] Hostname login.3dlntl-paypal.com"; dns.query; content:"login.3dlntl-paypal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.3dlntl\-paypal\.com$/i"; classtype:trojan-activity; sid:37285221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26411 [] Outgoing HTTP Hostname login.3dlntl-paypal.com"; flow:to_server,established; http.header; content: "Host|3a| login.3dlntl-paypal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.3dlntl\-paypal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert dns any any -> any any (msg: "MISP e26411 [] Domain 3dlntlverify.com"; dns.query; content:"3dlntlverify.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])3dlntlverify\.com$/i"; classtype:trojan-activity; sid:37285231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26411 [] Outgoing HTTP Domain 3dlntlverify.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"3dlntlverify.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])3dlntlverify\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert dns any any -> any any (msg: "MISP e25873 [] Domain i.wanna.see.20242525.xyz"; dns.query; content:"i.wanna.see.20242525.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])i\.wanna\.see\.20242525\.xyz$/i"; classtype:trojan-activity; sid:37032081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain i.wanna.see.20242525.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"i.wanna.see.20242525.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])i\.wanna\.see\.20242525\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 175.24.197.196 8001 (msg: "MISP e25873 [] Outgoing To IP: 175.24.197.196|8001"; classtype:trojan-activity; sid:37032091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 193.233.132.95 50500 (msg: "MISP e25873 [] Outgoing To IP: 193.233.132.95|50500"; classtype:trojan-activity; sid:37032101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e26411 [] Domain paypal-lntl.com"; dns.query; content:"paypal-lntl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paypal\-lntl\.com$/i"; classtype:trojan-activity; sid:37285241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26411 [] Outgoing HTTP Domain paypal-lntl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paypal-lntl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paypal\-lntl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert dns any any -> any any (msg: "MISP e26411 [] Hostname login.paypal-lntl.com"; dns.query; content:"login.paypal-lntl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.paypal\-lntl\.com$/i"; classtype:trojan-activity; sid:37285251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26411 [] Outgoing HTTP Hostname login.paypal-lntl.com"; flow:to_server,established; http.header; content: "Host|3a| login.paypal-lntl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.paypal\-lntl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26411;) alert ip $HOME_NET any -> 175.24.197.196 8001 (msg: "MISP e25851 [] Outgoing To IP: 175.24.197.196|8001"; classtype:trojan-activity; sid:37020981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [] Domain i.wanna.see.20242525.xyz"; dns.query; content:"i.wanna.see.20242525.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])i\.wanna\.see\.20242525\.xyz$/i"; classtype:trojan-activity; sid:37020991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [] Outgoing HTTP Domain i.wanna.see.20242525.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"i.wanna.see.20242525.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])i\.wanna\.see\.20242525\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37020992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname s2.asphaltmalep.com"; dns.query; content:"s2.asphaltmalep.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s2\.asphaltmalep\.com$/i"; classtype:trojan-activity; sid:36998981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname s2.asphaltmalep.com"; flow:to_server,established; http.header; content: "Host|3a| s2.asphaltmalep.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s2\.asphaltmalep\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36998982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname demarche-santefr.ddns.net"; dns.query; content:"demarche-santefr.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])demarche\-santefr\.ddns\.net$/i"; classtype:trojan-activity; sid:36999011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname demarche-santefr.ddns.net"; flow:to_server,established; http.header; content: "Host|3a| demarche-santefr.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])demarche\-santefr\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//demarche-santefr.ddns.net"; flow:to_server,established; http.header; content:"demarche-santefr.ddns.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname novaschool.com.br"; dns.query; content:"novaschool.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])novaschool\.com\.br$/i"; classtype:trojan-activity; sid:36999041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname novaschool.com.br"; flow:to_server,established; http.header; content: "Host|3a| novaschool.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])novaschool\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname koned5018.wixsite.com"; dns.query; content:"koned5018.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])koned5018\.wixsite\.com$/i"; classtype:trojan-activity; sid:36999131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname koned5018.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| koned5018.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])koned5018\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname bsu.buap.mx"; dns.query; content:"bsu.buap.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bsu\.buap\.mx$/i"; classtype:trojan-activity; sid:36999161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname bsu.buap.mx"; flow:to_server,established; http.header; content: "Host|3a| bsu.buap.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bsu\.buap\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsuee.top"; dns.query; content:"uspsuee.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuee\.top$/i"; classtype:trojan-activity; sid:36999191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsuee.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuee.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuee\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsuee.top"; flow:to_server,established; http.header; content:"uspsuee.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname auto-faster.pl"; dns.query; content:"auto-faster.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-faster\.pl$/i"; classtype:trojan-activity; sid:36999221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname auto-faster.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-faster.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-faster\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//auto-faster.pl"; flow:to_server,established; http.header; content:"auto-faster.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname autko-wtorne.pl"; dns.query; content:"autko-wtorne.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autko\-wtorne\.pl$/i"; classtype:trojan-activity; sid:36999251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname autko-wtorne.pl"; flow:to_server,established; http.header; content: "Host|3a| autko-wtorne.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autko\-wtorne\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//autko-wtorne.pl"; flow:to_server,established; http.header; content:"autko-wtorne.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsupc.top"; dns.query; content:"uspsupc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsupc\.top$/i"; classtype:trojan-activity; sid:36999281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsupc.top"; flow:to_server,established; http.header; content: "Host|3a| uspsupc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsupc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsupc.top"; flow:to_server,established; http.header; content:"uspsupc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsuxy.top"; dns.query; content:"uspsuxy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxy\.top$/i"; classtype:trojan-activity; sid:36999311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsuxy.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuxy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsuxy.top"; flow:to_server,established; http.header; content:"uspsuxy.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsupx.top"; dns.query; content:"uspsupx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsupx\.top$/i"; classtype:trojan-activity; sid:36999341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsupx.top"; flow:to_server,established; http.header; content: "Host|3a| uspsupx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsupx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsupx.top"; flow:to_server,established; http.header; content:"uspsupx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsueu.top"; dns.query; content:"uspsueu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsueu\.top$/i"; classtype:trojan-activity; sid:36999371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsueu.top"; flow:to_server,established; http.header; content: "Host|3a| uspsueu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsueu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsueu.top"; flow:to_server,established; http.header; content:"uspsueu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsuyy.top"; dns.query; content:"uspsuyy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuyy\.top$/i"; classtype:trojan-activity; sid:36999401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsuyy.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuyy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuyy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsuyy.top"; flow:to_server,established; http.header; content:"uspsuyy.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsekt.top"; dns.query; content:"uspsekt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsekt\.top$/i"; classtype:trojan-activity; sid:36999431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsekt.top"; flow:to_server,established; http.header; content: "Host|3a| uspsekt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsekt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsekt.top"; flow:to_server,established; http.header; content:"uspsekt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsuyo.top"; dns.query; content:"uspsuyo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuyo\.top$/i"; classtype:trojan-activity; sid:36999461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsuyo.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuyo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuyo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsuyo.top"; flow:to_server,established; http.header; content:"uspsuyo.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsuxc.top"; dns.query; content:"uspsuxc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxc\.top$/i"; classtype:trojan-activity; sid:36999491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsuxc.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuxc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsuxc.top"; flow:to_server,established; http.header; content:"uspsuxc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsuyw.top"; dns.query; content:"uspsuyw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuyw\.top$/i"; classtype:trojan-activity; sid:36999521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsuyw.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuyw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuyw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsuyw.top"; flow:to_server,established; http.header; content:"uspsuyw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsuxk.top"; dns.query; content:"uspsuxk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxk\.top$/i"; classtype:trojan-activity; sid:36999551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsuxk.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuxk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsuxk.top"; flow:to_server,established; http.header; content:"uspsuxk.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsuxe.top"; dns.query; content:"uspsuxe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxe\.top$/i"; classtype:trojan-activity; sid:36999581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsuxe.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuxe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsuxe.top"; flow:to_server,established; http.header; content:"uspsuxe.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspseol.top"; dns.query; content:"uspseol.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspseol\.top$/i"; classtype:trojan-activity; sid:36999611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspseol.top"; flow:to_server,established; http.header; content: "Host|3a| uspseol.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspseol\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspseol.top"; flow:to_server,established; http.header; content:"uspseol.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsdht.com"; dns.query; content:"uspsdht.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsdht\.com$/i"; classtype:trojan-activity; sid:36999641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsdht.com"; flow:to_server,established; http.header; content: "Host|3a| uspsdht.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsdht\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsdht.com"; flow:to_server,established; http.header; content:"uspsdht.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsupz.top"; dns.query; content:"uspsupz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsupz\.top$/i"; classtype:trojan-activity; sid:36999671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsupz.top"; flow:to_server,established; http.header; content: "Host|3a| uspsupz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsupz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsupz.top"; flow:to_server,established; http.header; content:"uspsupz.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspseyo.top"; dns.query; content:"uspseyo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspseyo\.top$/i"; classtype:trojan-activity; sid:36999701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspseyo.top"; flow:to_server,established; http.header; content: "Host|3a| uspseyo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspseyo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspseyo.top"; flow:to_server,established; http.header; content:"uspseyo.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsuxf.top"; dns.query; content:"uspsuxf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxf\.top$/i"; classtype:trojan-activity; sid:36999731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsuxf.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuxf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsuxf.top"; flow:to_server,established; http.header; content:"uspsuxf.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname login-0range.hubside.fr"; dns.query; content:"login-0range.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\-0range\.hubside\.fr$/i"; classtype:trojan-activity; sid:36999761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname login-0range.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| login-0range.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\-0range\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname multiweb.pages.dev"; dns.query; content:"multiweb.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])multiweb\.pages\.dev$/i"; classtype:trojan-activity; sid:36999791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname multiweb.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| multiweb.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])multiweb\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//multiweb.pages.dev"; flow:to_server,established; http.header; content:"multiweb.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36999801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname orang55.hubside.fr"; dns.query; content:"orang55.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])orang55\.hubside\.fr$/i"; classtype:trojan-activity; sid:36999821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname orang55.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| orang55.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])orang55\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname identifiez-vous-courrier.hubside.fr"; dns.query; content:"identifiez-vous-courrier.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifiez\-vous\-courrier\.hubside\.fr$/i"; classtype:trojan-activity; sid:36999851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname identifiez-vous-courrier.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| identifiez-vous-courrier.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifiez\-vous\-courrier\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname login-orang.hubside.fr"; dns.query; content:"login-orang.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\-orang\.hubside\.fr$/i"; classtype:trojan-activity; sid:36999881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname login-orang.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| login-orang.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\-orang\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname mikelatta268.wixsite.com"; dns.query; content:"mikelatta268.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mikelatta268\.wixsite\.com$/i"; classtype:trojan-activity; sid:36999911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname mikelatta268.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| mikelatta268.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mikelatta268\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname loginpro.hubside.fr"; dns.query; content:"loginpro.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])loginpro\.hubside\.fr$/i"; classtype:trojan-activity; sid:36999941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname loginpro.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| loginpro.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])loginpro\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname identifier23.hubside.fr"; dns.query; content:"identifier23.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifier23\.hubside\.fr$/i"; classtype:trojan-activity; sid:36999971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname identifier23.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| identifier23.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifier23\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36999972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname lnkz.at"; dns.query; content:"lnkz.at"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnkz\.at$/i"; classtype:trojan-activity; sid:37000001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname lnkz.at"; flow:to_server,established; http.header; content: "Host|3a| lnkz.at"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnkz\.at[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname thesourceespresso.com.au"; dns.query; content:"thesourceespresso.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thesourceespresso\.com\.au$/i"; classtype:trojan-activity; sid:37000031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname thesourceespresso.com.au"; flow:to_server,established; http.header; content: "Host|3a| thesourceespresso.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thesourceespresso\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname mise-a-jour-plus.hubside.fr"; dns.query; content:"mise-a-jour-plus.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mise\-a\-jour\-plus\.hubside\.fr$/i"; classtype:trojan-activity; sid:37000061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname mise-a-jour-plus.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| mise-a-jour-plus.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mise\-a\-jour\-plus\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname pixelphotosfcontest.pages.dev"; dns.query; content:"pixelphotosfcontest.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelphotosfcontest\.pages\.dev$/i"; classtype:trojan-activity; sid:37000091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname pixelphotosfcontest.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pixelphotosfcontest.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelphotosfcontest\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//pixelphotosfcontest.pages.dev"; flow:to_server,established; http.header; content:"pixelphotosfcontest.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37000101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname bi.ls"; dns.query; content:"bi.ls"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bi\.ls$/i"; classtype:trojan-activity; sid:37000121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname bi.ls"; flow:to_server,established; http.header; content: "Host|3a| bi.ls"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bi\.ls[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname login-google.hubside.fr"; dns.query; content:"login-google.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\-google\.hubside\.fr$/i"; classtype:trojan-activity; sid:37000151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname login-google.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| login-google.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\-google\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usps.post-servea.com"; dns.query; content:"usps.post-servea.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.post\-servea\.com$/i"; classtype:trojan-activity; sid:37000181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usps.post-servea.com"; flow:to_server,established; http.header; content: "Host|3a| usps.post-servea.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.post\-servea\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//usps.post-servea.com"; flow:to_server,established; http.header; content:"usps.post-servea.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37000191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usps.posts-usp.com"; dns.query; content:"usps.posts-usp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.posts\-usp\.com$/i"; classtype:trojan-activity; sid:37000211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usps.posts-usp.com"; flow:to_server,established; http.header; content: "Host|3a| usps.posts-usp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.posts\-usp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//usps.posts-usp.com"; flow:to_server,established; http.header; content:"usps.posts-usp.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37000221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname imtoken-cb.one"; dns.query; content:"imtoken-cb.one"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.one$/i"; classtype:trojan-activity; sid:37000241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname imtoken-cb.one"; flow:to_server,established; http.header; content: "Host|3a| imtoken-cb.one"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.one[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname jiujiangfang.cn"; dns.query; content:"jiujiangfang.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jiujiangfang\.cn$/i"; classtype:trojan-activity; sid:37000271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname jiujiangfang.cn"; flow:to_server,established; http.header; content: "Host|3a| jiujiangfang.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jiujiangfang\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//jiujiangfang.cn"; flow:to_server,established; http.header; content:"jiujiangfang.cn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37000281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname qtyyus.wueeses-s654.cyou"; dns.query; content:"qtyyus.wueeses-s654.cyou"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qtyyus\.wueeses\-s654\.cyou$/i"; classtype:trojan-activity; sid:37000301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname qtyyus.wueeses-s654.cyou"; flow:to_server,established; http.header; content: "Host|3a| qtyyus.wueeses-s654.cyou"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qtyyus\.wueeses\-s654\.cyou[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//qtyyus.wueeses-s654.cyou"; flow:to_server,established; http.header; content:"qtyyus.wueeses-s654.cyou"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37000311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname identificmms.hubside.fr"; dns.query; content:"identificmms.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identificmms\.hubside\.fr$/i"; classtype:trojan-activity; sid:37000331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname identificmms.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| identificmms.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identificmms\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname adestella.com"; dns.query; content:"adestella.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adestella\.com$/i"; classtype:trojan-activity; sid:37000361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname adestella.com"; flow:to_server,established; http.header; content: "Host|3a| adestella.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adestella\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname stylistaz.com"; dns.query; content:"stylistaz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stylistaz\.com$/i"; classtype:trojan-activity; sid:37000391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname stylistaz.com"; flow:to_server,established; http.header; content: "Host|3a| stylistaz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stylistaz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname mikelatta268.systeme.io"; dns.query; content:"mikelatta268.systeme.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mikelatta268\.systeme\.io$/i"; classtype:trojan-activity; sid:37000421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname mikelatta268.systeme.io"; flow:to_server,established; http.header; content: "Host|3a| mikelatta268.systeme.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mikelatta268\.systeme\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//mikelatta268.systeme.io/bd3f67c9"; flow:to_server,established; http.header; content:"mikelatta268.systeme.io"; fast_pattern; nocase; http.uri; content:"/bd3f67c9"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37000431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname fjkjkfjk787.weebly.com"; dns.query; content:"fjkjkfjk787.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fjkjkfjk787\.weebly\.com$/i"; classtype:trojan-activity; sid:37000451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname fjkjkfjk787.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| fjkjkfjk787.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fjkjkfjk787\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname rentrebox.wixsite.com"; dns.query; content:"rentrebox.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rentrebox\.wixsite\.com$/i"; classtype:trojan-activity; sid:37000481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname rentrebox.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| rentrebox.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rentrebox\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname kfjkfjkf378.weebly.com"; dns.query; content:"kfjkfjkf378.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kfjkfjkf378\.weebly\.com$/i"; classtype:trojan-activity; sid:37000511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname kfjkfjkf378.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| kfjkfjkf378.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kfjkfjkf378\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname dev-glg6kpf.pantheonsite.io"; dns.query; content:"dev-glg6kpf.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\-glg6kpf\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37000571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname dev-glg6kpf.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a| dev-glg6kpf.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\-glg6kpf\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname emt-714autagr.sendserver.email"; dns.query; content:"emt-714autagr.sendserver.email"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emt\-714autagr\.sendserver\.email$/i"; classtype:trojan-activity; sid:37000601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname emt-714autagr.sendserver.email"; flow:to_server,established; http.header; content: "Host|3a| emt-714autagr.sendserver.email"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emt\-714autagr\.sendserver\.email[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname g06668706.wixsite.com"; dns.query; content:"g06668706.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g06668706\.wixsite\.com$/i"; classtype:trojan-activity; sid:37000631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname g06668706.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| g06668706.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g06668706\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname help-center-ads-th-brn83.netlify.app"; dns.query; content:"help-center-ads-th-brn83.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])help\-center\-ads\-th\-brn83\.netlify\.app$/i"; classtype:trojan-activity; sid:37000661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname help-center-ads-th-brn83.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| help-center-ads-th-brn83.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])help\-center\-ads\-th\-brn83\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname mslornage.hubside.fr"; dns.query; content:"mslornage.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mslornage\.hubside\.fr$/i"; classtype:trojan-activity; sid:37000721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname mslornage.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| mslornage.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mslornage\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname inboxidentificationmail.hubside.fr"; dns.query; content:"inboxidentificationmail.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inboxidentificationmail\.hubside\.fr$/i"; classtype:trojan-activity; sid:37000751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname inboxidentificationmail.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| inboxidentificationmail.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inboxidentificationmail\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname wxlbr.pages.dev"; dns.query; content:"wxlbr.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wxlbr\.pages\.dev$/i"; classtype:trojan-activity; sid:37000781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname wxlbr.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| wxlbr.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wxlbr\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//wxlbr.pages.dev"; flow:to_server,established; http.header; content:"wxlbr.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37000791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 8978.pages.dev"; dns.query; content:"8978.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])8978\.pages\.dev$/i"; classtype:trojan-activity; sid:37000811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 8978.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 8978.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])8978\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//8978.pages.dev"; flow:to_server,established; http.header; content:"8978.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37000821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname devis.depagaz.fr"; dns.query; content:"devis.depagaz.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])devis\.depagaz\.fr$/i"; classtype:trojan-activity; sid:37000841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname devis.depagaz.fr"; flow:to_server,established; http.header; content: "Host|3a| devis.depagaz.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])devis\.depagaz\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 946541.pages.dev"; dns.query; content:"946541.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])946541\.pages\.dev$/i"; classtype:trojan-activity; sid:37000871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 946541.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 946541.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])946541\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//946541.pages.dev"; flow:to_server,established; http.header; content:"946541.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37000881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname budapartners.com"; dns.query; content:"budapartners.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])budapartners\.com$/i"; classtype:trojan-activity; sid:37000901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname budapartners.com"; flow:to_server,established; http.header; content: "Host|3a| budapartners.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])budapartners\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//budapartners.com/CHS/book.php"; flow:to_server,established; http.header; content:"budapartners.com"; fast_pattern; nocase; http.uri; content:"/CHS/book.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37000911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname bcn-action.cfd"; dns.query; content:"bcn-action.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bcn\-action\.cfd$/i"; classtype:trojan-activity; sid:37000931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname bcn-action.cfd"; flow:to_server,established; http.header; content: "Host|3a| bcn-action.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bcn\-action\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname hgrurbnc74fh.pages.dev"; dns.query; content:"hgrurbnc74fh.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hgrurbnc74fh\.pages\.dev$/i"; classtype:trojan-activity; sid:37000961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname hgrurbnc74fh.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hgrurbnc74fh.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hgrurbnc74fh\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//hgrurbnc74fh.pages.dev/"; flow:to_server,established; http.header; content:"hgrurbnc74fh.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37000971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telepgrlm.club"; dns.query; content:"telepgrlm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telepgrlm\.club$/i"; classtype:trojan-activity; sid:37000991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telepgrlm.club"; flow:to_server,established; http.header; content: "Host|3a| telepgrlm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telepgrlm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37000992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telepgrlm.club/"; flow:to_server,established; http.header; content:"telepgrlm.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegrom-a.top"; dns.query; content:"telegrom-a.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-a\.top$/i"; classtype:trojan-activity; sid:37001021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegrom-a.top"; flow:to_server,established; http.header; content: "Host|3a| telegrom-a.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-a\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegrom-a.top/"; flow:to_server,established; http.header; content:"telegrom-a.top"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegrpme.fit"; dns.query; content:"telegrpme.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpme\.fit$/i"; classtype:trojan-activity; sid:37001051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegrpme.fit"; flow:to_server,established; http.header; content: "Host|3a| telegrpme.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpme\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegrpme.fit/"; flow:to_server,established; http.header; content:"telegrpme.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegsrem.club"; dns.query; content:"telegsrem.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegsrem\.club$/i"; classtype:trojan-activity; sid:37001081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegsrem.club"; flow:to_server,established; http.header; content: "Host|3a| telegsrem.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegsrem\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegsrem.club/"; flow:to_server,established; http.header; content:"telegsrem.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegramfree.ru"; dns.query; content:"telegramfree.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramfree\.ru$/i"; classtype:trojan-activity; sid:37001111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegramfree.ru"; flow:to_server,established; http.header; content: "Host|3a| telegramfree.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramfree\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegramfree.ru/"; flow:to_server,established; http.header; content:"telegramfree.ru"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegrom-wk.com"; dns.query; content:"telegrom-wk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-wk\.com$/i"; classtype:trojan-activity; sid:37001141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegrom-wk.com"; flow:to_server,established; http.header; content: "Host|3a| telegrom-wk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-wk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegrom-wk.com/"; flow:to_server,established; http.header; content:"telegrom-wk.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegrom-r.com"; dns.query; content:"telegrom-r.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-r\.com$/i"; classtype:trojan-activity; sid:37001171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegrom-r.com"; flow:to_server,established; http.header; content: "Host|3a| telegrom-r.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-r\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname teleptrcm.work"; dns.query; content:"teleptrcm.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrcm\.work$/i"; classtype:trojan-activity; sid:37001201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname teleptrcm.work"; flow:to_server,established; http.header; content: "Host|3a| teleptrcm.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrcm\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//teleptrcm.work/"; flow:to_server,established; http.header; content:"teleptrcm.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegsrem.fit"; dns.query; content:"telegsrem.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegsrem\.fit$/i"; classtype:trojan-activity; sid:37001231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegsrem.fit"; flow:to_server,established; http.header; content: "Host|3a| telegsrem.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegsrem\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegsrem.fit/"; flow:to_server,established; http.header; content:"telegsrem.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cbv.pages.dev"; dns.query; content:"cbv.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cbv\.pages\.dev$/i"; classtype:trojan-activity; sid:37001261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cbv.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| cbv.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cbv\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//cbv.pages.dev"; flow:to_server,established; http.header; content:"cbv.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 9748.pages.dev"; dns.query; content:"9748.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9748\.pages\.dev$/i"; classtype:trojan-activity; sid:37001291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 9748.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 9748.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9748\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//9748.pages.dev"; flow:to_server,established; http.header; content:"9748.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname web3connectfix.pages.dev"; dns.query; content:"web3connectfix.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web3connectfix\.pages\.dev$/i"; classtype:trojan-activity; sid:37001321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname web3connectfix.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| web3connectfix.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web3connectfix\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//web3connectfix.pages.dev"; flow:to_server,established; http.header; content:"web3connectfix.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname emt-714autagr.sendserver.email"; dns.query; content:"emt-714autagr.sendserver.email"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emt\-714autagr\.sendserver\.email$/i"; classtype:trojan-activity; sid:37001351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname emt-714autagr.sendserver.email"; flow:to_server,established; http.header; content: "Host|3a| emt-714autagr.sendserver.email"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emt\-714autagr\.sendserver\.email[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname chain-list.life"; dns.query; content:"chain-list.life"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chain\-list\.life$/i"; classtype:trojan-activity; sid:37001381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname chain-list.life"; flow:to_server,established; http.header; content: "Host|3a| chain-list.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chain\-list\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname games-maviacom.pages.dev"; dns.query; content:"games-maviacom.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])games\-maviacom\.pages\.dev$/i"; classtype:trojan-activity; sid:37001411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname games-maviacom.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| games-maviacom.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])games\-maviacom\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 1-88y.pages.dev"; dns.query; content:"1-88y.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1\-88y\.pages\.dev$/i"; classtype:trojan-activity; sid:37001441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 1-88y.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 1-88y.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1\-88y\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname rserdtfyguytr.pages.dev"; dns.query; content:"rserdtfyguytr.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rserdtfyguytr\.pages\.dev$/i"; classtype:trojan-activity; sid:37001471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname rserdtfyguytr.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| rserdtfyguytr.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rserdtfyguytr\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//rserdtfyguytr.pages.dev"; flow:to_server,established; http.header; content:"rserdtfyguytr.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname httpsupdatingserverdomainswwqqhkshdjajdhnsxxzz.pages.dev"; dns.query; content:"httpsupdatingserverdomainswwqqhkshdjajdhnsxxzz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])httpsupdatingserverdomainswwqqhkshdjajdhnsxxzz\.pages\.dev$/i"; classtype:trojan-activity; sid:37001501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname httpsupdatingserverdomainswwqqhkshdjajdhnsxxzz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| httpsupdatingserverdomainswwqqhkshdjajdhnsxxzz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])httpsupdatingserverdomainswwqqhkshdjajdhnsxxzz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//httpsupdatingserverdomainswwqqhkshdjajdhnsxxzz.pages.dev"; flow:to_server,established; http.header; content:"httpsupdatingserverdomainswwqqhkshdjajdhnsxxzz.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cloud.iss-shipping.workers.dev"; dns.query; content:"cloud.iss-shipping.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloud\.iss\-shipping\.workers\.dev$/i"; classtype:trojan-activity; sid:37001531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cloud.iss-shipping.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cloud.iss-shipping.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloud\.iss\-shipping\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//cloud.iss-shipping.workers.dev"; flow:to_server,established; http.header; content:"cloud.iss-shipping.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname imtoken-cb.org"; dns.query; content:"imtoken-cb.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.org$/i"; classtype:trojan-activity; sid:37001561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname imtoken-cb.org"; flow:to_server,established; http.header; content: "Host|3a| imtoken-cb.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//imtoken-cb.org"; flow:to_server,established; http.header; content:"imtoken-cb.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname znic-my.jfu.workers.dev"; dns.query; content:"znic-my.jfu.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])znic\-my\.jfu\.workers\.dev$/i"; classtype:trojan-activity; sid:37001591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname znic-my.jfu.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| znic-my.jfu.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])znic\-my\.jfu\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//znic-my.jfu.workers.dev"; flow:to_server,established; http.header; content:"znic-my.jfu.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tokenpbqket.moe"; dns.query; content:"tokenpbqket.moe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.moe$/i"; classtype:trojan-activity; sid:37001621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tokenpbqket.moe"; flow:to_server,established; http.header; content: "Host|3a| tokenpbqket.moe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.moe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tokenpbqket.moe"; flow:to_server,established; http.header; content:"tokenpbqket.moe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname imtoken-cb.net"; dns.query; content:"imtoken-cb.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.net$/i"; classtype:trojan-activity; sid:37001651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname imtoken-cb.net"; flow:to_server,established; http.header; content: "Host|3a| imtoken-cb.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//imtoken-cb.net"; flow:to_server,established; http.header; content:"imtoken-cb.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tokenpbqket.net"; dns.query; content:"tokenpbqket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.net$/i"; classtype:trojan-activity; sid:37001681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tokenpbqket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpbqket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tokenpbqket.net"; flow:to_server,established; http.header; content:"tokenpbqket.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname imtoken-cb.pro"; dns.query; content:"imtoken-cb.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.pro$/i"; classtype:trojan-activity; sid:37001711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname imtoken-cb.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-cb.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//imtoken-cb.pro"; flow:to_server,established; http.header; content:"imtoken-cb.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegramnonal.pages.dev"; dns.query; content:"telegramnonal.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramnonal\.pages\.dev$/i"; classtype:trojan-activity; sid:37001741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegramnonal.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramnonal.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramnonal\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegramnonal.pages.dev"; flow:to_server,established; http.header; content:"telegramnonal.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname destination-my-group.pages.dev"; dns.query; content:"destination-my-group.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])destination\-my\-group\.pages\.dev$/i"; classtype:trojan-activity; sid:37001771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname destination-my-group.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| destination-my-group.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])destination\-my\-group\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//destination-my-group.pages.dev"; flow:to_server,established; http.header; content:"destination-my-group.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname swisspass.b-cdn.net"; dns.query; content:"swisspass.b-cdn.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspass\.b\-cdn\.net$/i"; classtype:trojan-activity; sid:37001801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname swisspass.b-cdn.net"; flow:to_server,established; http.header; content: "Host|3a| swisspass.b-cdn.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspass\.b\-cdn\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname shopiabeauty.pages.dev"; dns.query; content:"shopiabeauty.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shopiabeauty\.pages\.dev$/i"; classtype:trojan-activity; sid:37001831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname shopiabeauty.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| shopiabeauty.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shopiabeauty\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//shopiabeauty.pages.dev"; flow:to_server,established; http.header; content:"shopiabeauty.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tokenpaiket.net"; dns.query; content:"tokenpaiket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaiket\.net$/i"; classtype:trojan-activity; sid:37001861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tokenpaiket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpaiket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaiket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tokenpaiket.net"; flow:to_server,established; http.header; content:"tokenpaiket.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname icy-mud-510b.joyoung3248.workers.dev"; dns.query; content:"icy-mud-510b.joyoung3248.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icy\-mud\-510b\.joyoung3248\.workers\.dev$/i"; classtype:trojan-activity; sid:37001891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname icy-mud-510b.joyoung3248.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| icy-mud-510b.joyoung3248.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icy\-mud\-510b\.joyoung3248\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//icy-mud-510b.joyoung3248.workers.dev"; flow:to_server,established; http.header; content:"icy-mud-510b.joyoung3248.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tp1122.app"; dns.query; content:"tp1122.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp1122\.app$/i"; classtype:trojan-activity; sid:37001921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tp1122.app"; flow:to_server,established; http.header; content: "Host|3a| tp1122.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp1122\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tp1122.app"; flow:to_server,established; http.header; content:"tp1122.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37001931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname xwbred.com"; dns.query; content:"xwbred.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xwbred\.com$/i"; classtype:trojan-activity; sid:37001951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname xwbred.com"; flow:to_server,established; http.header; content: "Host|3a| xwbred.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xwbred\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37001981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37001982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37002011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37002041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37002071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37002101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37002131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37002161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37002191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37002221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37002251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37002281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37002311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37002341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname zapper.pages.dev"; dns.query; content:"zapper.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zapper\.pages\.dev$/i"; classtype:trojan-activity; sid:37002371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname zapper.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| zapper.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zapper\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname mute-dew-6d9d.gvaughan7496.workers.dev"; dns.query; content:"mute-dew-6d9d.gvaughan7496.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mute\-dew\-6d9d\.gvaughan7496\.workers\.dev$/i"; classtype:trojan-activity; sid:37002401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname mute-dew-6d9d.gvaughan7496.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| mute-dew-6d9d.gvaughan7496.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mute\-dew\-6d9d\.gvaughan7496\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//mute-dew-6d9d.gvaughan7496.workers.dev/"; flow:to_server,established; http.header; content:"mute-dew-6d9d.gvaughan7496.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname liveprivatebogel.melayu-viral-vvip.my.id"; dns.query; content:"liveprivatebogel.melayu-viral-vvip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatebogel\.melayu\-viral\-vvip\.my\.id$/i"; classtype:trojan-activity; sid:37002431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname liveprivatebogel.melayu-viral-vvip.my.id"; flow:to_server,established; http.header; content: "Host|3a| liveprivatebogel.melayu-viral-vvip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatebogel\.melayu\-viral\-vvip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname xhyz|30 78|.com"; dns.query; content:"xhyz|30 78|.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xhyz\|30 78\|\.com$/i"; classtype:trojan-activity; sid:37002461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname xhyz|30 78|.com"; flow:to_server,established; http.header; content: "Host|3a| xhyz|30 78|.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xhyz\|30 78\|\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//www.xhyz|30 78|.com/recruit/35924/"; flow:to_server,established; http.header; content:"www.xhyz|30 78|.com"; fast_pattern; nocase; http.uri; content:"/recruit/35924/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname gayhott-horny.live-vip.my.id"; dns.query; content:"gayhott-horny.live-vip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gayhott\-horny\.live\-vip\.my\.id$/i"; classtype:trojan-activity; sid:37002491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname gayhott-horny.live-vip.my.id"; flow:to_server,established; http.header; content: "Host|3a| gayhott-horny.live-vip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gayhott\-horny\.live\-vip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname baphometuniversity.rahastracu.com"; dns.query; content:"baphometuniversity.rahastracu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])baphometuniversity\.rahastracu\.com$/i"; classtype:trojan-activity; sid:37002521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname baphometuniversity.rahastracu.com"; flow:to_server,established; http.header; content: "Host|3a| baphometuniversity.rahastracu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])baphometuniversity\.rahastracu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname xwbred.com"; dns.query; content:"xwbred.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xwbred\.com$/i"; classtype:trojan-activity; sid:37002551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname xwbred.com"; flow:to_server,established; http.header; content: "Host|3a| xwbred.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xwbred\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname newmailwedomailautomatedsupportedservicesmails2.pages.dev"; dns.query; content:"newmailwedomailautomatedsupportedservicesmails2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newmailwedomailautomatedsupportedservicesmails2\.pages\.dev$/i"; classtype:trojan-activity; sid:37002581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname newmailwedomailautomatedsupportedservicesmails2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| newmailwedomailautomatedsupportedservicesmails2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newmailwedomailautomatedsupportedservicesmails2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//newmailwedomailautomatedsupportedservicesmails2.pages.dev"; flow:to_server,established; http.header; content:"newmailwedomailautomatedsupportedservicesmails2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegramsexdating.pages.dev"; dns.query; content:"telegramsexdating.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsexdating\.pages\.dev$/i"; classtype:trojan-activity; sid:37002611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegramsexdating.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramsexdating.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsexdating\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegramsexdating.pages.dev"; flow:to_server,established; http.header; content:"telegramsexdating.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname klc.pages.dev"; dns.query; content:"klc.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klc\.pages\.dev$/i"; classtype:trojan-activity; sid:37002641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname klc.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| klc.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klc\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//klc.pages.dev"; flow:to_server,established; http.header; content:"klc.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname web.telegrlm.org"; dns.query; content:"web.telegrlm.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrlm\.org$/i"; classtype:trojan-activity; sid:37002671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname web.telegrlm.org"; flow:to_server,established; http.header; content: "Host|3a| web.telegrlm.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrlm\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//web.telegrlm.org"; flow:to_server,established; http.header; content:"web.telegrlm.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname web.telegrkm.org"; dns.query; content:"web.telegrkm.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrkm\.org$/i"; classtype:trojan-activity; sid:37002701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname web.telegrkm.org"; flow:to_server,established; http.header; content: "Host|3a| web.telegrkm.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrkm\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//web.telegrkm.org"; flow:to_server,established; http.header; content:"web.telegrkm.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegrvm.org"; dns.query; content:"telegrvm.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrvm\.org$/i"; classtype:trojan-activity; sid:37002731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegrvm.org"; flow:to_server,established; http.header; content: "Host|3a| telegrvm.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrvm\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegrvm.org"; flow:to_server,established; http.header; content:"telegrvm.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegrkm.org"; dns.query; content:"telegrkm.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrkm\.org$/i"; classtype:trojan-activity; sid:37002761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegrkm.org"; flow:to_server,established; http.header; content: "Host|3a| telegrkm.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrkm\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegrkm.org"; flow:to_server,established; http.header; content:"telegrkm.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 3.skysky.workers.dev"; dns.query; content:"3.skysky.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3\.skysky\.workers\.dev$/i"; classtype:trojan-activity; sid:37002791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 3.skysky.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 3.skysky.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3\.skysky\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//3.skysky.workers.dev"; flow:to_server,established; http.header; content:"3.skysky.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t0kenp0cklt.pro"; dns.query; content:"t0kenp0cklt.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kenp0cklt\.pro$/i"; classtype:trojan-activity; sid:37002821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t0kenp0cklt.pro"; flow:to_server,established; http.header; content: "Host|3a| t0kenp0cklt.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kenp0cklt\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//t0kenp0cklt.pro"; flow:to_server,established; http.header; content:"t0kenp0cklt.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname web.telegrvm.org"; dns.query; content:"web.telegrvm.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrvm\.org$/i"; classtype:trojan-activity; sid:37002851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname web.telegrvm.org"; flow:to_server,established; http.header; content: "Host|3a| web.telegrvm.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrvm\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//web.telegrvm.org"; flow:to_server,established; http.header; content:"web.telegrvm.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tokenqocket.fyi"; dns.query; content:"tokenqocket.fyi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenqocket\.fyi$/i"; classtype:trojan-activity; sid:37002881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tokenqocket.fyi"; flow:to_server,established; http.header; content: "Host|3a| tokenqocket.fyi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenqocket\.fyi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tokenqocket.fyi"; flow:to_server,established; http.header; content:"tokenqocket.fyi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname fixdefinetwork.pages.dev"; dns.query; content:"fixdefinetwork.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fixdefinetwork\.pages\.dev$/i"; classtype:trojan-activity; sid:37002911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname fixdefinetwork.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fixdefinetwork.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fixdefinetwork\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//fixdefinetwork.pages.dev"; flow:to_server,established; http.header; content:"fixdefinetwork.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname whatspapw.from36.biz.id"; dns.query; content:"whatspapw.from36.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatspapw\.from36\.biz\.id$/i"; classtype:trojan-activity; sid:37002941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname whatspapw.from36.biz.id"; flow:to_server,established; http.header; content: "Host|3a| whatspapw.from36.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatspapw\.from36\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//whatspapw.from36.biz.id"; flow:to_server,established; http.header; content:"whatspapw.from36.biz.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname worker-aged-shadow-4c4c.pillarbialexi.workers.dev"; dns.query; content:"worker-aged-shadow-4c4c.pillarbialexi.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-aged\-shadow\-4c4c\.pillarbialexi\.workers\.dev$/i"; classtype:trojan-activity; sid:37002971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname worker-aged-shadow-4c4c.pillarbialexi.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-aged-shadow-4c4c.pillarbialexi.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-aged\-shadow\-4c4c\.pillarbialexi\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37002972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//worker-aged-shadow-4c4c.pillarbialexi.workers.dev/?sso_reload=true"; flow:to_server,established; http.header; content:"worker-aged-shadow-4c4c.pillarbialexi.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37002981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname ussps.usspek.top"; dns.query; content:"ussps.usspek.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussps\.usspek\.top$/i"; classtype:trojan-activity; sid:37003001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname ussps.usspek.top"; flow:to_server,established; http.header; content: "Host|3a| ussps.usspek.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussps\.usspek\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//ussps.usspek.top"; flow:to_server,established; http.header; content:"ussps.usspek.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37003011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspz.uspsgd.top"; dns.query; content:"uspz.uspsgd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsgd\.top$/i"; classtype:trojan-activity; sid:37003031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspz.uspsgd.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsgd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsgd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspz.uspsgd.top"; flow:to_server,established; http.header; content:"uspz.uspsgd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37003041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspz.uspsge.top"; dns.query; content:"uspz.uspsge.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsge\.top$/i"; classtype:trojan-activity; sid:37003061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspz.uspsge.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsge.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsge\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspz.uspsge.top"; flow:to_server,established; http.header; content:"uspz.uspsge.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37003071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspz.uspsfu.top"; dns.query; content:"uspz.uspsfu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfu\.top$/i"; classtype:trojan-activity; sid:37003091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspz.uspsfu.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsfu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspz.uspsfu.top"; flow:to_server,established; http.header; content:"uspz.uspsfu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37003101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.usspvw.top"; dns.query; content:"usp.usspvw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvw\.top$/i"; classtype:trojan-activity; sid:37003121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.usspvw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//usp.usspvw.top"; flow:to_server,established; http.header; content:"usp.usspvw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37003131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.ussppj.top"; dns.query; content:"usp.ussppj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppj\.top$/i"; classtype:trojan-activity; sid:37003151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.ussppj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//usp.ussppj.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.ussppj.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37003161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.usspry.top"; dns.query; content:"usp.usspry.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspry\.top$/i"; classtype:trojan-activity; sid:37003181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.usspry.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspry.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspry\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//usp.usspry.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.usspry.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37003191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.usspnj.top"; dns.query; content:"usp.usspnj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnj\.top$/i"; classtype:trojan-activity; sid:37003211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.usspnj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspnj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspnj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//usp.usspnj.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.usspnj.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37003221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.usspek.top"; dns.query; content:"usp.usspek.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspek\.top$/i"; classtype:trojan-activity; sid:37003241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.usspek.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspek.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspek\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//usp.usspek.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.usspek.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37003251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname zlf.pages.dev"; dns.query; content:"zlf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zlf\.pages\.dev$/i"; classtype:trojan-activity; sid:37003271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname zlf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| zlf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zlf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname achenfruit.tw"; dns.query; content:"achenfruit.tw"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])achenfruit\.tw$/i"; classtype:trojan-activity; sid:37003301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname achenfruit.tw"; flow:to_server,established; http.header; content: "Host|3a| achenfruit.tw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])achenfruit\.tw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname whastpapp.top"; dns.query; content:"whastpapp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whastpapp\.top$/i"; classtype:trojan-activity; sid:37003331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname whastpapp.top"; flow:to_server,established; http.header; content: "Host|3a| whastpapp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whastpapp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname vinayakdev06.github.io"; dns.query; content:"vinayakdev06.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vinayakdev06\.github\.io$/i"; classtype:trojan-activity; sid:37003361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname vinayakdev06.github.io"; flow:to_server,established; http.header; content: "Host|3a| vinayakdev06.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vinayakdev06\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspz.uspsge.top"; dns.query; content:"uspz.uspsge.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsge\.top$/i"; classtype:trojan-activity; sid:37003391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspz.uspsge.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsge.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsge\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspz.uspsfi.top"; dns.query; content:"uspz.uspsfi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfi\.top$/i"; classtype:trojan-activity; sid:37003421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspz.uspsfi.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsfi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspz.uspsen.top"; dns.query; content:"uspz.uspsen.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsen\.top$/i"; classtype:trojan-activity; sid:37003451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspz.uspsen.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsen.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsen\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspz.uspsed.top"; dns.query; content:"uspz.uspsed.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsed\.top$/i"; classtype:trojan-activity; sid:37003481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspz.uspsed.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsed.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsed\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.usspwk.top"; dns.query; content:"usp.usspwk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwk\.top$/i"; classtype:trojan-activity; sid:37003511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.usspwk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.usspzv.top"; dns.query; content:"usp.usspzv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzv\.top$/i"; classtype:trojan-activity; sid:37003541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.usspzv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.usspvw.top"; dns.query; content:"usp.usspvw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvw\.top$/i"; classtype:trojan-activity; sid:37003571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.usspvw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.usspvm.top"; dns.query; content:"usp.usspvm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvm\.top$/i"; classtype:trojan-activity; sid:37003601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.usspvm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.ussppl.top"; dns.query; content:"usp.ussppl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppl\.top$/i"; classtype:trojan-activity; sid:37003631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.ussppl.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.usspuo.top"; dns.query; content:"usp.usspuo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuo\.top$/i"; classtype:trojan-activity; sid:37003661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.usspuo.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspuo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspuo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.usspin.top"; dns.query; content:"usp.usspin.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspin\.top$/i"; classtype:trojan-activity; sid:37003691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.usspin.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspin.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspin\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.uspsck.top"; dns.query; content:"usp.uspsck.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsck\.top$/i"; classtype:trojan-activity; sid:37003721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.uspsck.top"; flow:to_server,established; http.header; content: "Host|3a| usp.uspsck.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsck\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usps.teamepei.top"; dns.query; content:"usps.teamepei.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.teamepei\.top$/i"; classtype:trojan-activity; sid:37003751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usps.teamepei.top"; flow:to_server,established; http.header; content: "Host|3a| usps.teamepei.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.teamepei\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.uspsas.top"; dns.query; content:"usp.uspsas.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsas\.top$/i"; classtype:trojan-activity; sid:37003781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.uspsas.top"; flow:to_server,established; http.header; content: "Host|3a| usp.uspsas.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsas\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usps.ctrlposthub.com"; dns.query; content:"usps.ctrlposthub.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.ctrlposthub\.com$/i"; classtype:trojan-activity; sid:37003811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usps.ctrlposthub.com"; flow:to_server,established; http.header; content: "Host|3a| usps.ctrlposthub.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.ctrlposthub\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspo.usspwh.top"; dns.query; content:"uspo.usspwh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwh\.top$/i"; classtype:trojan-activity; sid:37003841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspo.usspwh.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspwh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspo.ussptc.top"; dns.query; content:"uspo.ussptc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptc\.top$/i"; classtype:trojan-activity; sid:37003871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspo.ussptc.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussptc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspo.usspqi.top"; dns.query; content:"uspo.usspqi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspqi\.top$/i"; classtype:trojan-activity; sid:37003901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspo.usspqi.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspqi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspqi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspo.ussphd.top"; dns.query; content:"uspo.ussphd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphd\.top$/i"; classtype:trojan-activity; sid:37003931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspo.ussphd.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspo.usspha.top"; dns.query; content:"uspo.usspha.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspha\.top$/i"; classtype:trojan-activity; sid:37003961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspo.usspha.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspha.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspha\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspe.usspqb.top"; dns.query; content:"uspe.usspqb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqb\.top$/i"; classtype:trojan-activity; sid:37003991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspe.usspqb.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspqb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37003992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspd.usspkw.top"; dns.query; content:"uspd.usspkw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspkw\.top$/i"; classtype:trojan-activity; sid:37004021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspd.usspkw.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspkw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspkw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspd.usspoi.top"; dns.query; content:"uspd.usspoi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspoi\.top$/i"; classtype:trojan-activity; sid:37004051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspd.usspoi.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspoi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspoi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspd.usspez.top"; dns.query; content:"uspd.usspez.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspez\.top$/i"; classtype:trojan-activity; sid:37004081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspd.usspez.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspez.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspez\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname sprawa-konto-powiadomianie.netlify.app"; dns.query; content:"sprawa-konto-powiadomianie.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sprawa\-konto\-powiadomianie\.netlify\.app$/i"; classtype:trojan-activity; sid:37004111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname sprawa-konto-powiadomianie.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| sprawa-konto-powiadomianie.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sprawa\-konto\-powiadomianie\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname shary.io"; dns.query; content:"shary.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shary\.io$/i"; classtype:trojan-activity; sid:37004141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname shary.io"; flow:to_server,established; http.header; content: "Host|3a| shary.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shary\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37004171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37004201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37004231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37004261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname sgprivategroup.msge1.my.id"; dns.query; content:"sgprivategroup.msge1.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sgprivategroup\.msge1\.my\.id$/i"; classtype:trojan-activity; sid:37004291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname sgprivategroup.msge1.my.id"; flow:to_server,established; http.header; content: "Host|3a| sgprivategroup.msge1.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sgprivategroup\.msge1\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname service-regularisations.info"; dns.query; content:"service-regularisations.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])service\-regularisations\.info$/i"; classtype:trojan-activity; sid:37004321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname service-regularisations.info"; flow:to_server,established; http.header; content: "Host|3a| service-regularisations.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])service\-regularisations\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname servec.template-radio.getonnet.dev"; dns.query; content:"servec.template-radio.getonnet.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev$/i"; classtype:trojan-activity; sid:37004351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname servec.template-radio.getonnet.dev"; flow:to_server,established; http.header; content: "Host|3a| servec.template-radio.getonnet.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname servec.template-radio.getonnet.dev"; dns.query; content:"servec.template-radio.getonnet.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev$/i"; classtype:trojan-activity; sid:37004381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname servec.template-radio.getonnet.dev"; flow:to_server,established; http.header; content: "Host|3a| servec.template-radio.getonnet.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname servec.template-radio.getonnet.dev"; dns.query; content:"servec.template-radio.getonnet.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev$/i"; classtype:trojan-activity; sid:37004411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname servec.template-radio.getonnet.dev"; flow:to_server,established; http.header; content: "Host|3a| servec.template-radio.getonnet.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname rosos.mujxk.com"; dns.query; content:"rosos.mujxk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rosos\.mujxk\.com$/i"; classtype:trojan-activity; sid:37004441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname rosos.mujxk.com"; flow:to_server,established; http.header; content: "Host|3a| rosos.mujxk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rosos\.mujxk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname redocs-heart-0a6b.cacyiklrln.workers.dev"; dns.query; content:"redocs-heart-0a6b.cacyiklrln.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redocs\-heart\-0a6b\.cacyiklrln\.workers\.dev$/i"; classtype:trojan-activity; sid:37004471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname redocs-heart-0a6b.cacyiklrln.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| redocs-heart-0a6b.cacyiklrln.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redocs\-heart\-0a6b\.cacyiklrln\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname pub-b55f8b62eb1e4d519f6e5f74590dfc58.r2.dev"; dns.query; content:"pub-b55f8b62eb1e4d519f6e5f74590dfc58.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b55f8b62eb1e4d519f6e5f74590dfc58\.r2\.dev$/i"; classtype:trojan-activity; sid:37004501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname pub-b55f8b62eb1e4d519f6e5f74590dfc58.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-b55f8b62eb1e4d519f6e5f74590dfc58.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b55f8b62eb1e4d519f6e5f74590dfc58\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname praveenpanth786.github.io"; dns.query; content:"praveenpanth786.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])praveenpanth786\.github\.io$/i"; classtype:trojan-activity; sid:37004531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname praveenpanth786.github.io"; flow:to_server,established; http.header; content: "Host|3a| praveenpanth786.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])praveenpanth786\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname paidpromtioninstgram.blogspot.com"; dns.query; content:"paidpromtioninstgram.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])paidpromtioninstgram\.blogspot\.com$/i"; classtype:trojan-activity; sid:37004561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname paidpromtioninstgram.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| paidpromtioninstgram.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])paidpromtioninstgram\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname nezproswiisepass.firebaseapp.com"; dns.query; content:"nezproswiisepass.firebaseapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nezproswiisepass\.firebaseapp\.com$/i"; classtype:trojan-activity; sid:37004591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname nezproswiisepass.firebaseapp.com"; flow:to_server,established; http.header; content: "Host|3a| nezproswiisepass.firebaseapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nezproswiisepass\.firebaseapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname lklurgqukf.cfolks.pl"; dns.query; content:"lklurgqukf.cfolks.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lklurgqukf\.cfolks\.pl$/i"; classtype:trojan-activity; sid:37004621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname lklurgqukf.cfolks.pl"; flow:to_server,established; http.header; content: "Host|3a| lklurgqukf.cfolks.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lklurgqukf\.cfolks\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname lekfekev.weebly.com"; dns.query; content:"lekfekev.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lekfekev\.weebly\.com$/i"; classtype:trojan-activity; sid:37004651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname lekfekev.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| lekfekev.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lekfekev\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname jumsedfj.weebly.com"; dns.query; content:"jumsedfj.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jumsedfj\.weebly\.com$/i"; classtype:trojan-activity; sid:37004681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname jumsedfj.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| jumsedfj.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jumsedfj\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname jd7e.pages.dev"; dns.query; content:"jd7e.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jd7e\.pages\.dev$/i"; classtype:trojan-activity; sid:37004711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname jd7e.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jd7e.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jd7e\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname jd7e.pages.dev"; dns.query; content:"jd7e.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jd7e\.pages\.dev$/i"; classtype:trojan-activity; sid:37004741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname jd7e.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jd7e.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jd7e\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname intooxm.com"; dns.query; content:"intooxm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intooxm\.com$/i"; classtype:trojan-activity; sid:37004771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname intooxm.com"; flow:to_server,established; http.header; content: "Host|3a| intooxm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intooxm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname instagramlonggingkk.blogspot.com"; dns.query; content:"instagramlonggingkk.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramlonggingkk\.blogspot\.com$/i"; classtype:trojan-activity; sid:37004801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname instagramlonggingkk.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| instagramlonggingkk.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramlonggingkk\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname hootroom-melayu.mt-me.com"; dns.query; content:"hootroom-melayu.mt-me.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hootroom\-melayu\.mt\-me\.com$/i"; classtype:trojan-activity; sid:37004831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname hootroom-melayu.mt-me.com"; flow:to_server,established; http.header; content: "Host|3a| hootroom-melayu.mt-me.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hootroom\-melayu\.mt\-me\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname grupwaczjk.terbaru-2023.com"; dns.query; content:"grupwaczjk.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwaczjk\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37004861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname grupwaczjk.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| grupwaczjk.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwaczjk\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname gruff.cyou"; dns.query; content:"gruff.cyou"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gruff\.cyou$/i"; classtype:trojan-activity; sid:37004891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname gruff.cyou"; flow:to_server,established; http.header; content: "Host|3a| gruff.cyou"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gruff\.cyou[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname ghwbebehevcrh.1i1.my.id"; dns.query; content:"ghwbebehevcrh.1i1.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghwbebehevcrh\.1i1\.my\.id$/i"; classtype:trojan-activity; sid:37004921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname ghwbebehevcrh.1i1.my.id"; flow:to_server,established; http.header; content: "Host|3a| ghwbebehevcrh.1i1.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghwbebehevcrh\.1i1\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname dfsdcsfdgf.blogspot.com"; dns.query; content:"dfsdcsfdgf.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dfsdcsfdgf\.blogspot\.com$/i"; classtype:trojan-activity; sid:37004951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname dfsdcsfdgf.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| dfsdcsfdgf.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dfsdcsfdgf\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname ekr-store.top"; dns.query; content:"ekr-store.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ekr\-store\.top$/i"; classtype:trojan-activity; sid:37004981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname ekr-store.top"; flow:to_server,established; http.header; content: "Host|3a| ekr-store.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ekr\-store\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37004982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname djr.pages.dev"; dns.query; content:"djr.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djr\.pages\.dev$/i"; classtype:trojan-activity; sid:37005011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname djr.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| djr.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djr\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname dfsdcsfdgf.blogspot.be"; dns.query; content:"dfsdcsfdgf.blogspot.be"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dfsdcsfdgf\.blogspot\.be$/i"; classtype:trojan-activity; sid:37005041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname dfsdcsfdgf.blogspot.be"; flow:to_server,established; http.header; content: "Host|3a| dfsdcsfdgf.blogspot.be"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dfsdcsfdgf\.blogspot\.be[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname dcvmlz267pqlsf.1i1.my.id"; dns.query; content:"dcvmlz267pqlsf.1i1.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dcvmlz267pqlsf\.1i1\.my\.id$/i"; classtype:trojan-activity; sid:37005071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname dcvmlz267pqlsf.1i1.my.id"; flow:to_server,established; http.header; content: "Host|3a| dcvmlz267pqlsf.1i1.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dcvmlz267pqlsf\.1i1\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cz62684.tw1.ru"; dns.query; content:"cz62684.tw1.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cz62684\.tw1\.ru$/i"; classtype:trojan-activity; sid:37005101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cz62684.tw1.ru"; flow:to_server,established; http.header; content: "Host|3a| cz62684.tw1.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cz62684\.tw1\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname brandnewpromtion.blogspot.com"; dns.query; content:"brandnewpromtion.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brandnewpromtion\.blogspot\.com$/i"; classtype:trojan-activity; sid:37005191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname brandnewpromtion.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| brandnewpromtion.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brandnewpromtion\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname auto-wtorne.pl"; dns.query; content:"auto-wtorne.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-wtorne\.pl$/i"; classtype:trojan-activity; sid:37005221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname auto-wtorne.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-wtorne.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-wtorne\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname auta-bielicki.pl"; dns.query; content:"auta-bielicki.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-bielicki\.pl$/i"; classtype:trojan-activity; sid:37005251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname auta-bielicki.pl"; flow:to_server,established; http.header; content: "Host|3a| auta-bielicki.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-bielicki\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname auta-bielicki.pl"; dns.query; content:"auta-bielicki.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-bielicki\.pl$/i"; classtype:trojan-activity; sid:37005281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname auta-bielicki.pl"; flow:to_server,established; http.header; content: "Host|3a| auta-bielicki.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-bielicki\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname admissioninnishter.blogspot.com"; dns.query; content:"admissioninnishter.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])admissioninnishter\.blogspot\.com$/i"; classtype:trojan-activity; sid:37005311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname admissioninnishter.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| admissioninnishter.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])admissioninnishter\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2u2u.from36.biz.id"; dns.query; content:"2u2u.from36.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2u2u\.from36\.biz\.id$/i"; classtype:trojan-activity; sid:37005341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2u2u.from36.biz.id"; flow:to_server,established; http.header; content: "Host|3a| 2u2u.from36.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2u2u\.from36\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2836db27.index-asv.pages.dev"; dns.query; content:"2836db27.index-asv.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2836db27\.index\-asv\.pages\.dev$/i"; classtype:trojan-activity; sid:37005371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2836db27.index-asv.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 2836db27.index-asv.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2836db27\.index\-asv\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname newlinkpj84ykm.bestpanelku.com"; dns.query; content:"newlinkpj84ykm.bestpanelku.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newlinkpj84ykm\.bestpanelku\.com$/i"; classtype:trojan-activity; sid:37005401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname newlinkpj84ykm.bestpanelku.com"; flow:to_server,established; http.header; content: "Host|3a| newlinkpj84ykm.bestpanelku.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newlinkpj84ykm\.bestpanelku\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//newlinkpj84ykm.bestpanelku.com"; flow:to_server,established; http.header; content:"newlinkpj84ykm.bestpanelku.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname juewei1.dreamhosters.com"; dns.query; content:"juewei1.dreamhosters.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])juewei1\.dreamhosters\.com$/i"; classtype:trojan-activity; sid:37005431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname juewei1.dreamhosters.com"; flow:to_server,established; http.header; content: "Host|3a| juewei1.dreamhosters.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])juewei1\.dreamhosters\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname imtoken-bl.ist"; dns.query; content:"imtoken-bl.ist"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bl\.ist$/i"; classtype:trojan-activity; sid:37005461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname imtoken-bl.ist"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bl.ist"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bl\.ist[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//imtoken-bl.ist"; flow:to_server,established; http.header; content:"imtoken-bl.ist"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname fnf.com-dr3ebyxqfkaclifzk2qp.dr3ebyxqfkaclifzk2qp.manxttrider.com"; dns.query; content:"fnf.com-dr3ebyxqfkaclifzk2qp.dr3ebyxqfkaclifzk2qp.manxttrider.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fnf\.com\-dr3ebyxqfkaclifzk2qp\.dr3ebyxqfkaclifzk2qp\.manxttrider\.com$/i"; classtype:trojan-activity; sid:37005491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname fnf.com-dr3ebyxqfkaclifzk2qp.dr3ebyxqfkaclifzk2qp.manxttrider.com"; flow:to_server,established; http.header; content: "Host|3a| fnf.com-dr3ebyxqfkaclifzk2qp.dr3ebyxqfkaclifzk2qp.manxttrider.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fnf\.com\-dr3ebyxqfkaclifzk2qp\.dr3ebyxqfkaclifzk2qp\.manxttrider\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//fnf.com-dr3ebyxqfkaclifzk2qp.dr3ebyxqfkaclifzk2qp.manxttrider.com"; flow:to_server,established; http.header; content:"fnf.com-dr3ebyxqfkaclifzk2qp.dr3ebyxqfkaclifzk2qp.manxttrider.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cherry-609d.hakeem1115.workers.dev"; dns.query; content:"cherry-609d.hakeem1115.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cherry\-609d\.hakeem1115\.workers\.dev$/i"; classtype:trojan-activity; sid:37005521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cherry-609d.hakeem1115.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cherry-609d.hakeem1115.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cherry\-609d\.hakeem1115\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//cherry-609d.hakeem1115.workers.dev/e46c7398-cedf-473e-a08d-d5a0da9e5d4d"; flow:to_server,established; http.header; content:"cherry-609d.hakeem1115.workers.dev"; fast_pattern; nocase; http.uri; content:"/e46c7398-cedf-473e-a08d-d5a0da9e5d4d"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cavaps.blogspot.com"; dns.query; content:"cavaps.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cavaps\.blogspot\.com$/i"; classtype:trojan-activity; sid:37005551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cavaps.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| cavaps.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cavaps\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//cavaps.blogspot.com"; flow:to_server,established; http.header; content:"cavaps.blogspot.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname auto-wtorne.pl"; dns.query; content:"auto-wtorne.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-wtorne\.pl$/i"; classtype:trojan-activity; sid:37005581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname auto-wtorne.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-wtorne.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-wtorne\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//auto-wtorne.pl"; flow:to_server,established; http.header; content:"auto-wtorne.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname advertising-problem-solving.netlify.app"; dns.query; content:"advertising-problem-solving.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])advertising\-problem\-solving\.netlify\.app$/i"; classtype:trojan-activity; sid:37005611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname advertising-problem-solving.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| advertising-problem-solving.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])advertising\-problem\-solving\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//advertising-problem-solving.netlify.app"; flow:to_server,established; http.header; content:"advertising-problem-solving.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 5fgffgfg4g4gh4gffg.blogspot.com"; dns.query; content:"5fgffgfg4g4gh4gffg.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4gh4gffg\.blogspot\.com$/i"; classtype:trojan-activity; sid:37005641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 5fgffgfg4g4gh4gffg.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgffgfg4g4gh4gffg.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4gh4gffg\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 5ghfhjreg3g33gh.blogspot.com"; dns.query; content:"5ghfhjreg3g33gh.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghfhjreg3g33gh\.blogspot\.com$/i"; classtype:trojan-activity; sid:37005671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 5ghfhjreg3g33gh.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghfhjreg3g33gh.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghfhjreg3g33gh\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 5fhtthrgrrgrg434g.blogspot.com"; dns.query; content:"5fhtthrgrrgrg434g.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fhtthrgrrgrg434g\.blogspot\.com$/i"; classtype:trojan-activity; sid:37005701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 5fhtthrgrrgrg434g.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fhtthrgrrgrg434g.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fhtthrgrrgrg434g\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 5thgjtrh4g3g3g3g3.blogspot.com"; dns.query; content:"5thgjtrh4g3g3g3g3.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5thgjtrh4g3g3g3g3\.blogspot\.com$/i"; classtype:trojan-activity; sid:37005731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 5thgjtrh4g3g3g3g3.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5thgjtrh4g3g3g3g3.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5thgjtrh4g3g3g3g3\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tg.telegarm-pn.top"; dns.query; content:"tg.telegarm-pn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-pn\.top$/i"; classtype:trojan-activity; sid:37005761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tg.telegarm-pn.top"; flow:to_server,established; http.header; content: "Host|3a| tg.telegarm-pn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-pn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tg.telegarm-ph.top"; dns.query; content:"tg.telegarm-ph.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-ph\.top$/i"; classtype:trojan-activity; sid:37005791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tg.telegarm-ph.top"; flow:to_server,established; http.header; content: "Host|3a| tg.telegarm-ph.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-ph\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname baphometuniversity.rahastracu.com"; dns.query; content:"baphometuniversity.rahastracu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])baphometuniversity\.rahastracu\.com$/i"; classtype:trojan-activity; sid:37005821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname baphometuniversity.rahastracu.com"; flow:to_server,established; http.header; content: "Host|3a| baphometuniversity.rahastracu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])baphometuniversity\.rahastracu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//www.baphometuniversity.rahastracu.com/"; flow:to_server,established; http.header; content:"www.baphometuniversity.rahastracu.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 5ghfhjreg3g33gh.blogspot.lt"; dns.query; content:"5ghfhjreg3g33gh.blogspot.lt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghfhjreg3g33gh\.blogspot\.lt$/i"; classtype:trojan-activity; sid:37005851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 5ghfhjreg3g33gh.blogspot.lt"; flow:to_server,established; http.header; content: "Host|3a| 5ghfhjreg3g33gh.blogspot.lt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghfhjreg3g33gh\.blogspot\.lt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//5ghfhjreg3g33gh.blogspot.lt"; flow:to_server,established; http.header; content:"5ghfhjreg3g33gh.blogspot.lt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 5fgffgfg4g4gh4gffg.blogspot.in"; dns.query; content:"5fgffgfg4g4gh4gffg.blogspot.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4gh4gffg\.blogspot\.in$/i"; classtype:trojan-activity; sid:37005881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 5fgffgfg4g4gh4gffg.blogspot.in"; flow:to_server,established; http.header; content: "Host|3a| 5fgffgfg4g4gh4gffg.blogspot.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4gh4gffg\.blogspot\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//5fgffgfg4g4gh4gffg.blogspot.in"; flow:to_server,established; http.header; content:"5fgffgfg4g4gh4gffg.blogspot.in"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 5thgjtrh4g3g3g3g3.blogspot.cl"; dns.query; content:"5thgjtrh4g3g3g3g3.blogspot.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5thgjtrh4g3g3g3g3\.blogspot\.cl$/i"; classtype:trojan-activity; sid:37005911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 5thgjtrh4g3g3g3g3.blogspot.cl"; flow:to_server,established; http.header; content: "Host|3a| 5thgjtrh4g3g3g3g3.blogspot.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5thgjtrh4g3g3g3g3\.blogspot\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//5thgjtrh4g3g3g3g3.blogspot.cl"; flow:to_server,established; http.header; content:"5thgjtrh4g3g3g3g3.blogspot.cl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 5fhtthrgrrgrg434g.blogspot.be"; dns.query; content:"5fhtthrgrrgrg434g.blogspot.be"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fhtthrgrrgrg434g\.blogspot\.be$/i"; classtype:trojan-activity; sid:37005941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 5fhtthrgrrgrg434g.blogspot.be"; flow:to_server,established; http.header; content: "Host|3a| 5fhtthrgrrgrg434g.blogspot.be"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fhtthrgrrgrg434g\.blogspot\.be[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//5fhtthrgrrgrg434g.blogspot.be"; flow:to_server,established; http.header; content:"5fhtthrgrrgrg434g.blogspot.be"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname node-app.pages.dev"; dns.query; content:"node-app.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])node\-app\.pages\.dev$/i"; classtype:trojan-activity; sid:37005971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname node-app.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| node-app.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])node\-app\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37005972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//node-app.pages.dev"; flow:to_server,established; http.header; content:"node-app.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37005981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname jkhgfytdsragtfwjhgfytrertyuiojnbvgdfsaetrtyyuijkhghfgphp.pages.dev"; dns.query; content:"jkhgfytdsragtfwjhgfytrertyuiojnbvgdfsaetrtyyuijkhghfgphp.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jkhgfytdsragtfwjhgfytrertyuiojnbvgdfsaetrtyyuijkhghfgphp\.pages\.dev$/i"; classtype:trojan-activity; sid:37006001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname jkhgfytdsragtfwjhgfytrertyuiojnbvgdfsaetrtyyuijkhghfgphp.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jkhgfytdsragtfwjhgfytrertyuiojnbvgdfsaetrtyyuijkhghfgphp.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jkhgfytdsragtfwjhgfytrertyuiojnbvgdfsaetrtyyuijkhghfgphp\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//jkhgfytdsragtfwjhgfytrertyuiojnbvgdfsaetrtyyuijkhghfgphp.pages.dev"; flow:to_server,established; http.header; content:"jkhgfytdsragtfwjhgfytrertyuiojnbvgdfsaetrtyyuijkhghfgphp.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37006011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> 27.7.13.24 40616 (msg: "MISP e25819 [] Outgoing URL http|3a|//27.7.13.24|3a|40616/bin.sh"; flow:to_server,established; http.header; content:"27.7.13.24"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 222.140.180.135 55860 (msg: "MISP e25819 [] Outgoing URL http|3a|//222.140.180.135|3a|55860/i"; flow:to_server,established; http.header; content:"222.140.180.135"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 222.137.215.155 57679 (msg: "MISP e25819 [] Outgoing URL http|3a|//222.137.215.155|3a|57679/Mozi.m"; flow:to_server,established; http.header; content:"222.137.215.155"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 185.32.4.69 59030 (msg: "MISP e25819 [] Outgoing URL http|3a|//185.32.4.69|3a|59030/Mozi.m"; flow:to_server,established; http.header; content:"185.32.4.69"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 182.116.70.2 58625 (msg: "MISP e25819 [] Outgoing URL http|3a|//182.116.70.2|3a|58625/bin.sh"; flow:to_server,established; http.header; content:"182.116.70.2"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 91.206.178.118 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//91.206.178.118/a9d06ea3fe859ab7/sqlite3.dll"; flow:to_server,established; http.header; content:"91.206.178.118"; fast_pattern; nocase; http.uri; content:"/a9d06ea3fe859ab7/sqlite3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 91.206.178.118 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//91.206.178.118/a9d06ea3fe859ab7/msvcp140.dll"; flow:to_server,established; http.header; content:"91.206.178.118"; fast_pattern; nocase; http.uri; content:"/a9d06ea3fe859ab7/msvcp140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 59.89.0.121 37466 (msg: "MISP e25819 [] Outgoing URL http|3a|//59.89.0.121|3a|37466/Mozi.m"; flow:to_server,established; http.header; content:"59.89.0.121"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 222.137.4.113 55559 (msg: "MISP e25819 [] Outgoing URL http|3a|//222.137.4.113|3a|55559/bin.sh"; flow:to_server,established; http.header; content:"222.137.4.113"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 222.137.4.113 55559 (msg: "MISP e25819 [] Outgoing URL http|3a|//222.137.4.113|3a|55559/"; flow:to_server,established; http.header; content:"222.137.4.113"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 185.172.128.79 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//185.172.128.79/15f649199f40275b/vcruntime140.dll"; flow:to_server,established; http.header; content:"185.172.128.79"; fast_pattern; nocase; http.uri; content:"/15f649199f40275b/vcruntime140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 185.172.128.79 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//185.172.128.79/15f649199f40275b/sqlite3.dll"; flow:to_server,established; http.header; content:"185.172.128.79"; fast_pattern; nocase; http.uri; content:"/15f649199f40275b/sqlite3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 185.172.128.79 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//185.172.128.79/15f649199f40275b/msvcp140.dll"; flow:to_server,established; http.header; content:"185.172.128.79"; fast_pattern; nocase; http.uri; content:"/15f649199f40275b/msvcp140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 185.172.128.24 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//185.172.128.24/8e6d9db21fb63946/vcruntime140.dll"; flow:to_server,established; http.header; content:"185.172.128.24"; fast_pattern; nocase; http.uri; content:"/8e6d9db21fb63946/vcruntime140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 185.172.128.24 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//185.172.128.24/8e6d9db21fb63946/sqlite3.dll"; flow:to_server,established; http.header; content:"185.172.128.24"; fast_pattern; nocase; http.uri; content:"/8e6d9db21fb63946/sqlite3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 185.172.128.24 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//185.172.128.24/8e6d9db21fb63946/msvcp140.dll"; flow:to_server,established; http.header; content:"185.172.128.24"; fast_pattern; nocase; http.uri; content:"/8e6d9db21fb63946/msvcp140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 125.46.226.164 40135 (msg: "MISP e25819 [] Outgoing URL http|3a|//125.46.226.164|3a|40135/Mozi.m"; flow:to_server,established; http.header; content:"125.46.226.164"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 119.179.255.78 42543 (msg: "MISP e25819 [] Outgoing URL http|3a|//119.179.255.78|3a|42543/bin.sh"; flow:to_server,established; http.header; content:"119.179.255.78"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 117.215.221.219 36147 (msg: "MISP e25819 [] Outgoing URL http|3a|//117.215.221.219|3a|36147/i"; flow:to_server,established; http.header; content:"117.215.221.219"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 117.215.221.219 36147 (msg: "MISP e25819 [] Outgoing URL http|3a|//117.215.221.219|3a|36147/bin.sh"; flow:to_server,established; http.header; content:"117.215.221.219"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 115.49.196.41 56989 (msg: "MISP e25819 [] Outgoing URL http|3a|//115.49.196.41|3a|56989/"; flow:to_server,established; http.header; content:"115.49.196.41"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//cdn.dinellas.cfd/static/s3/wacky/Psoriasis.tgz"; flow:to_server,established; http.header; content:"cdn.dinellas.cfd"; fast_pattern; nocase; http.uri; content:"/static/s3/wacky/Psoriasis.tgz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//193.233.132.167/lend/pixxxxx.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/lend/pixxxxx.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 182.126.122.13 56532 (msg: "MISP e25819 [] Outgoing URL http|3a|//182.126.122.13|3a|56532/Mozi.m"; flow:to_server,established; http.header; content:"182.126.122.13"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 182.122.237.207 56739 (msg: "MISP e25819 [] Outgoing URL http|3a|//182.122.237.207|3a|56739/Mozi.m"; flow:to_server,established; http.header; content:"182.122.237.207"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 182.116.70.2 58625 (msg: "MISP e25819 [] Outgoing URL http|3a|//182.116.70.2|3a|58625/i"; flow:to_server,established; http.header; content:"182.116.70.2"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 103.114.220.44 52707 (msg: "MISP e25819 [] Outgoing URL http|3a|//103.114.220.44|3a|52707/i"; flow:to_server,established; http.header; content:"103.114.220.44"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 42.235.83.122 48996 (msg: "MISP e25819 [] Outgoing URL http|3a|//42.235.83.122|3a|48996/Mozi.m"; flow:to_server,established; http.header; content:"42.235.83.122"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 39.87.73.250 60058 (msg: "MISP e25819 [] Outgoing URL http|3a|//39.87.73.250|3a|60058/bin.sh"; flow:to_server,established; http.header; content:"39.87.73.250"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 222.138.182.152 33190 (msg: "MISP e25819 [] Outgoing URL http|3a|//222.138.182.152|3a|33190/i"; flow:to_server,established; http.header; content:"222.138.182.152"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 119.179.255.78 42543 (msg: "MISP e25819 [] Outgoing URL http|3a|//119.179.255.78|3a|42543/i"; flow:to_server,established; http.header; content:"119.179.255.78"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 115.56.153.195 51980 (msg: "MISP e25819 [] Outgoing URL http|3a|//115.56.153.195|3a|51980/bin.sh"; flow:to_server,established; http.header; content:"115.56.153.195"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 59.89.207.201 50717 (msg: "MISP e25819 [] Outgoing URL http|3a|//59.89.207.201|3a|50717/Mozi.m"; flow:to_server,established; http.header; content:"59.89.207.201"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 42.235.83.122 48996 (msg: "MISP e25819 [] Outgoing URL http|3a|//42.235.83.122|3a|48996/"; flow:to_server,established; http.header; content:"42.235.83.122"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 27.207.204.83 52458 (msg: "MISP e25819 [] Outgoing URL http|3a|//27.207.204.83|3a|52458/Mozi.m"; flow:to_server,established; http.header; content:"27.207.204.83"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 117.211.213.215 53512 (msg: "MISP e25819 [] Outgoing URL http|3a|//117.211.213.215|3a|53512/Mozi.m"; flow:to_server,established; http.header; content:"117.211.213.215"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 117.211.212.151 35589 (msg: "MISP e25819 [] Outgoing URL http|3a|//117.211.212.151|3a|35589/bin.sh"; flow:to_server,established; http.header; content:"117.211.212.151"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 117.199.14.66 48413 (msg: "MISP e25819 [] Outgoing URL http|3a|//117.199.14.66|3a|48413/bin.sh"; flow:to_server,established; http.header; content:"117.199.14.66"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 39.87.73.250 60058 (msg: "MISP e25819 [] Outgoing URL http|3a|//39.87.73.250|3a|60058/i"; flow:to_server,established; http.header; content:"39.87.73.250"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 115.56.121.64 53670 (msg: "MISP e25819 [] Outgoing URL http|3a|//115.56.121.64|3a|53670/bin.sh"; flow:to_server,established; http.header; content:"115.56.121.64"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 115.55.95.42 52566 (msg: "MISP e25819 [] Outgoing URL http|3a|//115.55.95.42|3a|52566/Mozi.m"; flow:to_server,established; http.header; content:"115.55.95.42"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 115.50.209.250 54484 (msg: "MISP e25819 [] Outgoing URL http|3a|//115.50.209.250|3a|54484/i"; flow:to_server,established; http.header; content:"115.50.209.250"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert ip $HOME_NET any -> 88.119.169.207 443 (msg: "MISP e25851 [SocGholish] Outgoing To IP: 88.119.169.207|443"; classtype:trojan-activity; sid:37021011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [SocGholish] Domain our.openarmscv.org"; dns.query; content:"our.openarmscv.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])our\.openarmscv\.org$/i"; classtype:trojan-activity; sid:37021001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [SocGholish] Outgoing HTTP Domain our.openarmscv.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"our.openarmscv.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])our\.openarmscv\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 42.227.172.211 58232 (msg: "MISP e25819 [] Outgoing URL http|3a|//42.227.172.211|3a|58232/i"; flow:to_server,established; http.header; content:"42.227.172.211"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 42.227.172.211 58232 (msg: "MISP e25819 [] Outgoing URL http|3a|//42.227.172.211|3a|58232/bin.sh"; flow:to_server,established; http.header; content:"42.227.172.211"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 37.48.88.177 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//37.48.88.177/bCdIkBUlEyeS175.bin"; flow:to_server,established; http.header; content:"37.48.88.177"; fast_pattern; nocase; http.uri; content:"/bCdIkBUlEyeS175.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 222.92.82.90 23576 (msg: "MISP e25819 [] Outgoing URL http|3a|//222.92.82.90|3a|23576/.i"; flow:to_server,established; http.header; content:"222.92.82.90"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 185.202.175.135 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//185.202.175.135/ZwtIJynvCWf11.bin"; flow:to_server,established; http.header; content:"185.202.175.135"; fast_pattern; nocase; http.uri; content:"/ZwtIJynvCWf11.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 185.202.175.135 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//185.202.175.135/nYyueIfF99.bin"; flow:to_server,established; http.header; content:"185.202.175.135"; fast_pattern; nocase; http.uri; content:"/nYyueIfF99.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 185.202.175.135 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//185.202.175.135/jnLGO92.bin"; flow:to_server,established; http.header; content:"185.202.175.135"; fast_pattern; nocase; http.uri; content:"/jnLGO92.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 182.124.219.109 33703 (msg: "MISP e25819 [] Outgoing URL http|3a|//182.124.219.109|3a|33703/bin.sh"; flow:to_server,established; http.header; content:"182.124.219.109"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 115.49.196.41 56989 (msg: "MISP e25819 [] Outgoing URL http|3a|//115.49.196.41|3a|56989/Mozi.m"; flow:to_server,established; http.header; content:"115.49.196.41"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36998941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname auto-okazia.pl"; dns.query; content:"auto-okazia.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-okazia\.pl$/i"; classtype:trojan-activity; sid:37006031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname auto-okazia.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-okazia.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-okazia\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37006032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//auto-okazia.pl"; flow:to_server,established; http.header; content:"auto-okazia.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37006041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain modest-colden.104-168-102-175.plesk.page"; dns.query; content:"modest-colden.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])modest\-colden\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain modest-colden.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"modest-colden.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])modest\-colden\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.hardcore-wescoff.104-168-102-175.plesk.page"; dns.query; content:"www.hardcore-wescoff.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hardcore\-wescoff\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.hardcore-wescoff.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.hardcore-wescoff.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hardcore\-wescoff\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain vibrant-fermat.104-168-102-175.plesk.page"; dns.query; content:"vibrant-fermat.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])vibrant\-fermat\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain vibrant-fermat.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vibrant-fermat.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vibrant\-fermat\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain fervent-gates.104-168-102-175.plesk.page"; dns.query; content:"fervent-gates.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])fervent\-gates\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain fervent-gates.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fervent-gates.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fervent\-gates\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.happy-burnell.104-168-102-175.plesk.page"; dns.query; content:"www.happy-burnell.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.happy\-burnell\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.happy-burnell.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.happy-burnell.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.happy\-burnell\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AMAZON-02,AS16509,c2,censys] Domain ec2-13-36-225-33.eu-west-3.compute.amazonaws.com"; dns.query; content:"ec2-13-36-225-33.eu-west-3.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-36\-225\-33\.eu\-west\-3\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37021071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-13-36-225-33.eu-west-3.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-36-225-33.eu-west-3.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-36\-225\-33\.eu\-west\-3\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.optimistic-almeida.104-168-102-175.plesk.page"; dns.query; content:"www.optimistic-almeida.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.optimistic\-almeida\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.optimistic-almeida.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.optimistic-almeida.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.optimistic\-almeida\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS29182,c2,censys,RU-JSCIOT] Domain sync.maksonsab.ru"; dns.query; content:"sync.maksonsab.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])sync\.maksonsab\.ru$/i"; classtype:trojan-activity; sid:37021091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS29182,c2,censys,RU-JSCIOT] Outgoing HTTP Domain sync.maksonsab.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sync.maksonsab.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sync\.maksonsab\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.brave-herschel.104-168-102-175.plesk.page"; dns.query; content:"www.brave-herschel.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.brave\-herschel\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.brave-herschel.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.brave-herschel.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.brave\-herschel\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.modest-colden.104-168-102-175.plesk.page"; dns.query; content:"www.modest-colden.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.modest\-colden\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.modest-colden.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.modest-colden.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.modest\-colden\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.134.225.247 80 (msg: "MISP e25851 [AS208046,c2,censys] Outgoing To IP: 45.134.225.247|80"; classtype:trojan-activity; sid:37021121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain kind-villani.104-168-102-175.plesk.page"; dns.query; content:"kind-villani.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])kind\-villani\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain kind-villani.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kind-villani.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kind\-villani\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain confident-bouman.104-168-102-175.plesk.page"; dns.query; content:"confident-bouman.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])confident\-bouman\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain confident-bouman.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"confident-bouman.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])confident\-bouman\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain quirky-williamson.104-168-102-175.plesk.page"; dns.query; content:"quirky-williamson.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])quirky\-williamson\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain quirky-williamson.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"quirky-williamson.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])quirky\-williamson\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 202.79.168.65 5511 (msg: "MISP e25851 [AS64050,c2,censys] Outgoing To IP: 202.79.168.65|5511"; classtype:trojan-activity; sid:37021161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 120.27.132.223 80 (msg: "MISP e25851 [AS37963,c2,censys] Outgoing To IP: 120.27.132.223|80"; classtype:trojan-activity; sid:37021171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 175.24.130.231 9000 (msg: "MISP e25851 [AS45090,c2,censys] Outgoing To IP: 175.24.130.231|9000"; classtype:trojan-activity; sid:37021181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 122.51.243.31 39689 (msg: "MISP e25851 [AS45090,c2,censys] Outgoing To IP: 122.51.243.31|39689"; classtype:trojan-activity; sid:37021191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 134.122.164.214 5566 (msg: "MISP e25851 [AS64050,c2,censys] Outgoing To IP: 134.122.164.214|5566"; classtype:trojan-activity; sid:37021201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.optimistic-rubin.104-168-102-175.plesk.page"; dns.query; content:"www.optimistic-rubin.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.optimistic\-rubin\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.optimistic-rubin.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.optimistic-rubin.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.optimistic\-rubin\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.gifted-khayyam.104-168-102-175.plesk.page"; dns.query; content:"www.gifted-khayyam.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gifted\-khayyam\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37021221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.gifted-khayyam.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.gifted-khayyam.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gifted\-khayyam\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 104.168.102.175 443 (msg: "MISP e25851 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 104.168.102.175|443"; classtype:trojan-activity; sid:37021231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 5.135.224.155 8080 (msg: "MISP e25851 [AS16276,c2,censys,OVH] Outgoing To IP: 5.135.224.155|8080"; classtype:trojan-activity; sid:37021241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 188.166.22.203 4433 (msg: "MISP e25851 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 188.166.22.203|4433"; classtype:trojan-activity; sid:37021251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 185.154.14.215 443 (msg: "MISP e25851 [AS204601,c2,censys] Outgoing To IP: 185.154.14.215|443"; classtype:trojan-activity; sid:37021261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 8.130.80.79 8089 (msg: "MISP e25851 [AS37963,c2,censys] Outgoing To IP: 8.130.80.79|8089"; classtype:trojan-activity; sid:37021271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 74.48.125.18 2086 (msg: "MISP e25851 [AS35916,c2,censys,MULTA-ASN1] Outgoing To IP: 74.48.125.18|2086"; classtype:trojan-activity; sid:37021281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 43.143.168.186 9000 (msg: "MISP e25851 [AS45090,c2,censys] Outgoing To IP: 43.143.168.186|9000"; classtype:trojan-activity; sid:37021291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 124.222.173.133 9443 (msg: "MISP e25851 [AS45090,c2,censys] Outgoing To IP: 124.222.173.133|9443"; classtype:trojan-activity; sid:37021301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 49.235.144.122 9000 (msg: "MISP e25851 [AS45090,c2,censys] Outgoing To IP: 49.235.144.122|9000"; classtype:trojan-activity; sid:37021311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 222.187.224.70 8443 (msg: "MISP e25851 [AS4134,c2,censys] Outgoing To IP: 222.187.224.70|8443"; classtype:trojan-activity; sid:37021321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 101.201.46.105 80 (msg: "MISP e25851 [AS37963,c2,censys] Outgoing To IP: 101.201.46.105|80"; classtype:trojan-activity; sid:37021331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 129.204.245.247 10080 (msg: "MISP e25851 [AS45090,c2,censys] Outgoing To IP: 129.204.245.247|10080"; classtype:trojan-activity; sid:37021341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 129.204.245.247 10443 (msg: "MISP e25851 [AS45090,c2,censys] Outgoing To IP: 129.204.245.247|10443"; classtype:trojan-activity; sid:37021351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 34.31.210.30 443 (msg: "MISP e25851 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.31.210.30|443"; classtype:trojan-activity; sid:37021361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 141.98.81.97 81 (msg: "MISP e25851 [AS209588,c2,censys,FLYSERVERS-ASN] Outgoing To IP: 141.98.81.97|81"; classtype:trojan-activity; sid:37021371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 104.236.196.5 443 (msg: "MISP e25851 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 104.236.196.5|443"; classtype:trojan-activity; sid:37021381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 124.221.248.167 8443 (msg: "MISP e25851 [AS45090,c2,censys] Outgoing To IP: 124.221.248.167|8443"; classtype:trojan-activity; sid:37021391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 123.56.81.44 80 (msg: "MISP e25851 [AS37963,c2,censys] Outgoing To IP: 123.56.81.44|80"; classtype:trojan-activity; sid:37021401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 117.50.196.59 3255 (msg: "MISP e25851 [AS4808,c2,censys] Outgoing To IP: 117.50.196.59|3255"; classtype:trojan-activity; sid:37021411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 43.143.241.241 5555 (msg: "MISP e25851 [AS45090,c2,censys] Outgoing To IP: 43.143.241.241|5555"; classtype:trojan-activity; sid:37021421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 93.179.124.200 2053 (msg: "MISP e25851 [AS25820,c2,censys,IT7NET] Outgoing To IP: 93.179.124.200|2053"; classtype:trojan-activity; sid:37021431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 82.147.85.148 443 (msg: "MISP e25851 [ADMAN-AS,AS57494,c2,censys] Outgoing To IP: 82.147.85.148|443"; classtype:trojan-activity; sid:37021441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 4.228.218.10 80 (msg: "MISP e25851 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 4.228.218.10|80"; classtype:trojan-activity; sid:37021451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 4.228.218.10 443 (msg: "MISP e25851 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 4.228.218.10|443"; classtype:trojan-activity; sid:37021461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 68.183.213.199 80 (msg: "MISP e25851 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 68.183.213.199|80"; classtype:trojan-activity; sid:37021471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 140.143.223.55 80 (msg: "MISP e25851 [AS45090,c2,censys] Outgoing To IP: 140.143.223.55|80"; classtype:trojan-activity; sid:37021481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 167.179.86.31 443 (msg: "MISP e25851 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 167.179.86.31|443"; classtype:trojan-activity; sid:37021491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 123.60.10.196 5555 (msg: "MISP e25851 [AS55990,c2,censys] Outgoing To IP: 123.60.10.196|5555"; classtype:trojan-activity; sid:37021501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 78.24.223.222 80 (msg: "MISP e25851 [AS29182,c2,censys,RU-JSCIOT] Outgoing To IP: 78.24.223.222|80"; classtype:trojan-activity; sid:37021511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 91.92.242.62 83 (msg: "MISP e25851 [AS394711,c2,censys,LIMENET] Outgoing To IP: 91.92.242.62|83"; classtype:trojan-activity; sid:37021521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 91.92.242.62 81 (msg: "MISP e25851 [AS394711,c2,censys,LIMENET] Outgoing To IP: 91.92.242.62|81"; classtype:trojan-activity; sid:37021531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 91.92.242.62 82 (msg: "MISP e25851 [AS394711,c2,censys,LIMENET] Outgoing To IP: 91.92.242.62|82"; classtype:trojan-activity; sid:37021541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 187.135.83.117 1911 (msg: "MISP e25851 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|1911"; classtype:trojan-activity; sid:37021551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 187.135.83.117 2052 (msg: "MISP e25851 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2052"; classtype:trojan-activity; sid:37021561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 187.135.83.117 2082 (msg: "MISP e25851 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2082"; classtype:trojan-activity; sid:37021571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 187.135.83.117 2083 (msg: "MISP e25851 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2083"; classtype:trojan-activity; sid:37021581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 187.135.83.117 2095 (msg: "MISP e25851 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2095"; classtype:trojan-activity; sid:37021591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 187.135.91.246 2095 (msg: "MISP e25851 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.91.246|2095"; classtype:trojan-activity; sid:37021601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 187.135.91.246 1718 (msg: "MISP e25851 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.91.246|1718"; classtype:trojan-activity; sid:37021611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 187.135.91.246 2003 (msg: "MISP e25851 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.91.246|2003"; classtype:trojan-activity; sid:37021621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 187.135.91.246 2077 (msg: "MISP e25851 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.91.246|2077"; classtype:trojan-activity; sid:37021631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 187.135.91.246 2080 (msg: "MISP e25851 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.91.246|2080"; classtype:trojan-activity; sid:37021641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 44.219.14.139 31337 (msg: "MISP e25851 [AMAZON-AES,AS14618,c2,censys] Outgoing To IP: 44.219.14.139|31337"; classtype:trojan-activity; sid:37021651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 38.6.177.120 8888 (msg: "MISP e25851 [AS40065,c2,censys,CNSERVERS,Supershell] Outgoing To IP: 38.6.177.120|8888"; classtype:trojan-activity; sid:37021661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 194.26.229.212 8080 (msg: "MISP e25851 [AS216246,c2,censys,RAT,RU-AEZA-AS] Outgoing To IP: 194.26.229.212|8080"; classtype:trojan-activity; sid:37021671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AMAZON-02,AS16509,c2,censys,RAT] Domain ec2-18-134-234-207.eu-west-2.compute.amazonaws.com"; dns.query; content:"ec2-18-134-234-207.eu-west-2.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-134\-234\-207\.eu\-west\-2\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37021681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AMAZON-02,AS16509,c2,censys,RAT] Outgoing HTTP Domain ec2-18-134-234-207.eu-west-2.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-18-134-234-207.eu-west-2.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-134\-234\-207\.eu\-west\-2\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 206.123.132.163 2000 (msg: "MISP e25851 [AS212238,c2,CDNEXT,censys,RAT] Outgoing To IP: 206.123.132.163|2000"; classtype:trojan-activity; sid:37021691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 68.67.203.245 80 (msg: "MISP e25851 [1GSERVERS,AS14315,c2,censys,RAT] Outgoing To IP: 68.67.203.245|80"; classtype:trojan-activity; sid:37021701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.154.98.34 6606 (msg: "MISP e25851 [AS210558,c2,censys,RAT] Outgoing To IP: 45.154.98.34|6606"; classtype:trojan-activity; sid:37021711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.154.98.34 7707 (msg: "MISP e25851 [AS210558,c2,censys,RAT] Outgoing To IP: 45.154.98.34|7707"; classtype:trojan-activity; sid:37021721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 107.161.81.150 8808 (msg: "MISP e25851 [AS8100,ASN-QUADRANET-GLOBAL,c2,censys,RAT] Outgoing To IP: 107.161.81.150|8808"; classtype:trojan-activity; sid:37021731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 190.28.167.19 2000 (msg: "MISP e25851 [AS13489,c2,censys,RAT] Outgoing To IP: 190.28.167.19|2000"; classtype:trojan-activity; sid:37021741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.154.98.190 8808 (msg: "MISP e25851 [AS210558,c2,censys,RAT] Outgoing To IP: 45.154.98.190|8808"; classtype:trojan-activity; sid:37021751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.141.215.222 7707 (msg: "MISP e25851 [AS210558,c2,censys,RAT] Outgoing To IP: 45.141.215.222|7707"; classtype:trojan-activity; sid:37021761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 20.106.168.188 6606 (msg: "MISP e25851 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT] Outgoing To IP: 20.106.168.188|6606"; classtype:trojan-activity; sid:37021771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 20.106.168.188 7707 (msg: "MISP e25851 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT] Outgoing To IP: 20.106.168.188|7707"; classtype:trojan-activity; sid:37021781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 172.96.172.69 7707 (msg: "MISP e25851 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 172.96.172.69|7707"; classtype:trojan-activity; sid:37021791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 172.96.172.69 8808 (msg: "MISP e25851 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 172.96.172.69|8808"; classtype:trojan-activity; sid:37021801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 137.184.43.170 443 (msg: "MISP e25851 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 137.184.43.170|443"; classtype:trojan-activity; sid:37021811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Domain www.64-225-100-2.cprapid.com"; dns.query; content:"www.64-225-100-2.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.64\-225\-100\-2\.cprapid\.com$/i"; classtype:trojan-activity; sid:37021821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing HTTP Domain www.64-225-100-2.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.64-225-100-2.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.64\-225\-100\-2\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 93.123.39.215 80 (msg: "MISP e25851 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 93.123.39.215|80"; classtype:trojan-activity; sid:37021831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 193.233.254.64 50555 (msg: "MISP e25851 [AS210281,c2,censys,HookBot,WAICORE] Outgoing To IP: 193.233.254.64|50555"; classtype:trojan-activity; sid:37021841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS141995,c2,censys,HookBot] Domain 194-233-74-255.cprapid.com"; dns.query; content:"194-233-74-255.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])194\-233\-74\-255\.cprapid\.com$/i"; classtype:trojan-activity; sid:37021851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS141995,c2,censys,HookBot] Outgoing HTTP Domain 194-233-74-255.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"194-233-74-255.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])194\-233\-74\-255\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain karasergkaravaev.fvds.ru"; dns.query; content:"karasergkaravaev.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])karasergkaravaev\.fvds\.ru$/i"; classtype:trojan-activity; sid:37021861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain karasergkaravaev.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karasergkaravaev.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karasergkaravaev\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain nickbaseev6.fvds.ru"; dns.query; content:"nickbaseev6.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])nickbaseev6\.fvds\.ru$/i"; classtype:trojan-activity; sid:37021871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain nickbaseev6.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nickbaseev6.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nickbaseev6\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain evgenytchurakin2.fvds.ru"; dns.query; content:"evgenytchurakin2.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin2\.fvds\.ru$/i"; classtype:trojan-activity; sid:37021881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain evgenytchurakin2.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"evgenytchurakin2.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin2\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS142032,c2,censys,HookBot] Domain www.356142.fun"; dns.query; content:"www.356142.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.356142\.fun$/i"; classtype:trojan-activity; sid:37021891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS142032,c2,censys,HookBot] Outgoing HTTP Domain www.356142.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.356142.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.356142\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS141995,c2,censys,HookBot] Domain www.194-233-74-255.cprapid.com"; dns.query; content:"www.194-233-74-255.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.194\-233\-74\-255\.cprapid\.com$/i"; classtype:trojan-activity; sid:37021901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS141995,c2,censys,HookBot] Outgoing HTTP Domain www.194-233-74-255.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.194-233-74-255.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.194\-233\-74\-255\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 104.234.240.231 80 (msg: "MISP e25851 [AS212238,c2,CDNEXT,censys,HookBot] Outgoing To IP: 104.234.240.231|80"; classtype:trojan-activity; sid:37021911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 206.189.130.11 80 (msg: "MISP e25851 [AS14061,c2,censys,DIGITALOCEAN-ASN,HookBot] Outgoing To IP: 206.189.130.11|80"; classtype:trojan-activity; sid:37021921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 62.72.32.226 80 (msg: "MISP e25851 [AS-HOSTINGER,AS47583,c2,censys,HookBot] Outgoing To IP: 62.72.32.226|80"; classtype:trojan-activity; sid:37021931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.61.166.149 80 (msg: "MISP e25851 [AS14956,c2,censys,HookBot,ROUTERHOSTING] Outgoing To IP: 45.61.166.149|80"; classtype:trojan-activity; sid:37021941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 31.44.2.39 80 (msg: "MISP e25851 [AS208951,c2,censys,HookBot] Outgoing To IP: 31.44.2.39|80"; classtype:trojan-activity; sid:37021951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 34.107.114.24 80 (msg: "MISP e25851 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,HookBot] Outgoing To IP: 34.107.114.24|80"; classtype:trojan-activity; sid:37021961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 85.202.160.192 80 (msg: "MISP e25851 [AMBYRE,AS13627,c2,censys,HookBot] Outgoing To IP: 85.202.160.192|80"; classtype:trojan-activity; sid:37021971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 79.137.207.154 50555 (msg: "MISP e25851 [AEZA-AS,AS210644,c2,censys,HookBot] Outgoing To IP: 79.137.207.154|50555"; classtype:trojan-activity; sid:37021981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS142032,c2,censys,HookBot] Domain taojszxz.com"; dns.query; content:"taojszxz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])taojszxz\.com$/i"; classtype:trojan-activity; sid:37021991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS142032,c2,censys,HookBot] Outgoing HTTP Domain taojszxz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"taojszxz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])taojszxz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37021992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS142032,c2,censys,HookBot] Domain tsaojzuv455.com"; dns.query; content:"tsaojzuv455.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tsaojzuv455\.com$/i"; classtype:trojan-activity; sid:37022001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS142032,c2,censys,HookBot] Outgoing HTTP Domain tsaojzuv455.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tsaojzuv455.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tsaojzuv455\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS142032,c2,censys,HookBot] Domain tsaojzhn885.com"; dns.query; content:"tsaojzhn885.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tsaojzhn885\.com$/i"; classtype:trojan-activity; sid:37022011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS142032,c2,censys,HookBot] Outgoing HTTP Domain tsaojzhn885.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tsaojzhn885.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tsaojzhn885\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Domain ok.chicecon.com"; dns.query; content:"ok.chicecon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.chicecon\.com$/i"; classtype:trojan-activity; sid:37022021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Outgoing HTTP Domain ok.chicecon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ok.chicecon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.chicecon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 194.48.251.140 80 (msg: "MISP e25851 [AS203168,c2,censys,HookBot,UNKNOW] Outgoing To IP: 194.48.251.140|80"; classtype:trojan-activity; sid:37022031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Domain pegasus.chicecon.com"; dns.query; content:"pegasus.chicecon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pegasus\.chicecon\.com$/i"; classtype:trojan-activity; sid:37022041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Outgoing HTTP Domain pegasus.chicecon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pegasus.chicecon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pegasus\.chicecon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS141995,c2,censys,HookBot] Domain dev.racun.app"; dns.query; content:"dev.racun.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\.racun\.app$/i"; classtype:trojan-activity; sid:37022051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS141995,c2,censys,HookBot] Outgoing HTTP Domain dev.racun.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev.racun.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\.racun\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain reksiaeksinov4.fvds.ru"; dns.query; content:"reksiaeksinov4.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])reksiaeksinov4\.fvds\.ru$/i"; classtype:trojan-activity; sid:37022061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain reksiaeksinov4.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reksiaeksinov4.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reksiaeksinov4\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS141995,c2,censys,HookBot] Domain erp.topixtechnology.com"; dns.query; content:"erp.topixtechnology.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])erp\.topixtechnology\.com$/i"; classtype:trojan-activity; sid:37022071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS141995,c2,censys,HookBot] Outgoing HTTP Domain erp.topixtechnology.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"erp.topixtechnology.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])erp\.topixtechnology\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 13.212.79.65 443 (msg: "MISP e25851 [AMAZON-02,AS16509,c2,censys,HookBot] Outgoing To IP: 13.212.79.65|443"; classtype:trojan-activity; sid:37022081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 191.82.252.2 2000 (msg: "MISP e25851 [AS22927,c2,censys,RAT] Outgoing To IP: 191.82.252.2|2000"; classtype:trojan-activity; sid:37022091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 41.216.183.126 3741 (msg: "MISP e25851 [AS211138,c2,censys,PRIVATEHOSTING-NET,RAT] Outgoing To IP: 41.216.183.126|3741"; classtype:trojan-activity; sid:37022101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 4781 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|4781"; classtype:trojan-activity; sid:37022111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 64741 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|64741"; classtype:trojan-activity; sid:37022121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 2375 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|2375"; classtype:trojan-activity; sid:37022131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 4444 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|4444"; classtype:trojan-activity; sid:37022141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 12920 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|12920"; classtype:trojan-activity; sid:37022151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 28015 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|28015"; classtype:trojan-activity; sid:37022161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 2376 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|2376"; classtype:trojan-activity; sid:37022171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 6009 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|6009"; classtype:trojan-activity; sid:37022181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 18925 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|18925"; classtype:trojan-activity; sid:37022191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 24828 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|24828"; classtype:trojan-activity; sid:37022201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 222 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|222"; classtype:trojan-activity; sid:37022211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 832 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|832"; classtype:trojan-activity; sid:37022221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 4242 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|4242"; classtype:trojan-activity; sid:37022231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 5671 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|5671"; classtype:trojan-activity; sid:37022241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 5903 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|5903"; classtype:trojan-activity; sid:37022251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 9036 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|9036"; classtype:trojan-activity; sid:37022261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 57963 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|57963"; classtype:trojan-activity; sid:37022271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 102.117.152.61 104 (msg: "MISP e25851 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.152.61|104"; classtype:trojan-activity; sid:37022281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 104.234.240.231 80 (msg: "MISP e25873 [] Outgoing To IP: 104.234.240.231|80"; classtype:trojan-activity; sid:37032111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 206.189.130.11 80 (msg: "MISP e25873 [] Outgoing To IP: 206.189.130.11|80"; classtype:trojan-activity; sid:37032121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.194-233-74-255.cprapid.com"; dns.query; content:"www.194-233-74-255.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.194\-233\-74\-255\.cprapid\.com$/i"; classtype:trojan-activity; sid:37032131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.194-233-74-255.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.194-233-74-255.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.194\-233\-74\-255\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain evgenytchurakin2.fvds.ru"; dns.query; content:"evgenytchurakin2.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin2\.fvds\.ru$/i"; classtype:trojan-activity; sid:37032141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain evgenytchurakin2.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"evgenytchurakin2.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin2\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.356142.fun"; dns.query; content:"www.356142.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.356142\.fun$/i"; classtype:trojan-activity; sid:37032151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.356142.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.356142.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.356142\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain karasergkaravaev.fvds.ru"; dns.query; content:"karasergkaravaev.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])karasergkaravaev\.fvds\.ru$/i"; classtype:trojan-activity; sid:37032161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain karasergkaravaev.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karasergkaravaev.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karasergkaravaev\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain nickbaseev6.fvds.ru"; dns.query; content:"nickbaseev6.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])nickbaseev6\.fvds\.ru$/i"; classtype:trojan-activity; sid:37032171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain nickbaseev6.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nickbaseev6.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nickbaseev6\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain 194-233-74-255.cprapid.com"; dns.query; content:"194-233-74-255.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])194\-233\-74\-255\.cprapid\.com$/i"; classtype:trojan-activity; sid:37032181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain 194-233-74-255.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"194-233-74-255.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])194\-233\-74\-255\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 93.123.39.215 80 (msg: "MISP e25873 [] Outgoing To IP: 93.123.39.215|80"; classtype:trojan-activity; sid:37032191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 193.233.254.64 50555 (msg: "MISP e25873 [] Outgoing To IP: 193.233.254.64|50555"; classtype:trojan-activity; sid:37032201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 137.184.43.170 443 (msg: "MISP e25873 [] Outgoing To IP: 137.184.43.170|443"; classtype:trojan-activity; sid:37032211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.64-225-100-2.cprapid.com"; dns.query; content:"www.64-225-100-2.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.64\-225\-100\-2\.cprapid\.com$/i"; classtype:trojan-activity; sid:37032221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.64-225-100-2.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.64-225-100-2.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.64\-225\-100\-2\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 172.96.172.69 7707 (msg: "MISP e25873 [] Outgoing To IP: 172.96.172.69|7707"; classtype:trojan-activity; sid:37032231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 172.96.172.69 8808 (msg: "MISP e25873 [] Outgoing To IP: 172.96.172.69|8808"; classtype:trojan-activity; sid:37032241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 20.106.168.188 7707 (msg: "MISP e25873 [] Outgoing To IP: 20.106.168.188|7707"; classtype:trojan-activity; sid:37032251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 20.106.168.188 6606 (msg: "MISP e25873 [] Outgoing To IP: 20.106.168.188|6606"; classtype:trojan-activity; sid:37032261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 45.141.215.222 7707 (msg: "MISP e25873 [] Outgoing To IP: 45.141.215.222|7707"; classtype:trojan-activity; sid:37032271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 190.28.167.19 2000 (msg: "MISP e25873 [] Outgoing To IP: 190.28.167.19|2000"; classtype:trojan-activity; sid:37032281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 45.154.98.190 8808 (msg: "MISP e25873 [] Outgoing To IP: 45.154.98.190|8808"; classtype:trojan-activity; sid:37032291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 107.161.81.150 8808 (msg: "MISP e25873 [] Outgoing To IP: 107.161.81.150|8808"; classtype:trojan-activity; sid:37032301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 45.154.98.34 7707 (msg: "MISP e25873 [] Outgoing To IP: 45.154.98.34|7707"; classtype:trojan-activity; sid:37032311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 68.67.203.245 80 (msg: "MISP e25873 [] Outgoing To IP: 68.67.203.245|80"; classtype:trojan-activity; sid:37032321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 45.154.98.34 6606 (msg: "MISP e25873 [] Outgoing To IP: 45.154.98.34|6606"; classtype:trojan-activity; sid:37032331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 206.123.132.163 2000 (msg: "MISP e25873 [] Outgoing To IP: 206.123.132.163|2000"; classtype:trojan-activity; sid:37032341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 194.26.229.212 8080 (msg: "MISP e25873 [] Outgoing To IP: 194.26.229.212|8080"; classtype:trojan-activity; sid:37032351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain ec2-18-134-234-207.eu-west-2.compute.amazonaws.com"; dns.query; content:"ec2-18-134-234-207.eu-west-2.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-134\-234\-207\.eu\-west\-2\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37032361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain ec2-18-134-234-207.eu-west-2.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-18-134-234-207.eu-west-2.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-134\-234\-207\.eu\-west\-2\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 38.6.177.120 8888 (msg: "MISP e25873 [] Outgoing To IP: 38.6.177.120|8888"; classtype:trojan-activity; sid:37032371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 44.219.14.139 31337 (msg: "MISP e25873 [] Outgoing To IP: 44.219.14.139|31337"; classtype:trojan-activity; sid:37032381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 187.135.91.246 2080 (msg: "MISP e25873 [] Outgoing To IP: 187.135.91.246|2080"; classtype:trojan-activity; sid:37032391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 187.135.91.246 2077 (msg: "MISP e25873 [] Outgoing To IP: 187.135.91.246|2077"; classtype:trojan-activity; sid:37032401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 187.135.91.246 1718 (msg: "MISP e25873 [] Outgoing To IP: 187.135.91.246|1718"; classtype:trojan-activity; sid:37032411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 187.135.91.246 2003 (msg: "MISP e25873 [] Outgoing To IP: 187.135.91.246|2003"; classtype:trojan-activity; sid:37032421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 187.135.91.246 2095 (msg: "MISP e25873 [] Outgoing To IP: 187.135.91.246|2095"; classtype:trojan-activity; sid:37032431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 187.135.83.117 2083 (msg: "MISP e25873 [] Outgoing To IP: 187.135.83.117|2083"; classtype:trojan-activity; sid:37032441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 187.135.83.117 2095 (msg: "MISP e25873 [] Outgoing To IP: 187.135.83.117|2095"; classtype:trojan-activity; sid:37032451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 187.135.83.117 2082 (msg: "MISP e25873 [] Outgoing To IP: 187.135.83.117|2082"; classtype:trojan-activity; sid:37032461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 187.135.83.117 1911 (msg: "MISP e25873 [] Outgoing To IP: 187.135.83.117|1911"; classtype:trojan-activity; sid:37032471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 187.135.83.117 2052 (msg: "MISP e25873 [] Outgoing To IP: 187.135.83.117|2052"; classtype:trojan-activity; sid:37032481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 91.92.242.62 82 (msg: "MISP e25873 [] Outgoing To IP: 91.92.242.62|82"; classtype:trojan-activity; sid:37032491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 91.92.242.62 81 (msg: "MISP e25873 [] Outgoing To IP: 91.92.242.62|81"; classtype:trojan-activity; sid:37032501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 78.24.223.222 80 (msg: "MISP e25873 [] Outgoing To IP: 78.24.223.222|80"; classtype:trojan-activity; sid:37032511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 91.92.242.62 83 (msg: "MISP e25873 [] Outgoing To IP: 91.92.242.62|83"; classtype:trojan-activity; sid:37032521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 123.60.10.196 5555 (msg: "MISP e25873 [] Outgoing To IP: 123.60.10.196|5555"; classtype:trojan-activity; sid:37032531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 167.179.86.31 443 (msg: "MISP e25873 [] Outgoing To IP: 167.179.86.31|443"; classtype:trojan-activity; sid:37032541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 68.183.213.199 80 (msg: "MISP e25873 [] Outgoing To IP: 68.183.213.199|80"; classtype:trojan-activity; sid:37032551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 140.143.223.55 80 (msg: "MISP e25873 [] Outgoing To IP: 140.143.223.55|80"; classtype:trojan-activity; sid:37032561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 4.228.218.10 443 (msg: "MISP e25873 [] Outgoing To IP: 4.228.218.10|443"; classtype:trojan-activity; sid:37032571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 4.228.218.10 80 (msg: "MISP e25873 [] Outgoing To IP: 4.228.218.10|80"; classtype:trojan-activity; sid:37032581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 93.179.124.200 2053 (msg: "MISP e25873 [] Outgoing To IP: 93.179.124.200|2053"; classtype:trojan-activity; sid:37032591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 82.147.85.148 443 (msg: "MISP e25873 [] Outgoing To IP: 82.147.85.148|443"; classtype:trojan-activity; sid:37032601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 43.143.241.241 5555 (msg: "MISP e25873 [] Outgoing To IP: 43.143.241.241|5555"; classtype:trojan-activity; sid:37032611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 117.50.196.59 3255 (msg: "MISP e25873 [] Outgoing To IP: 117.50.196.59|3255"; classtype:trojan-activity; sid:37032621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 123.56.81.44 80 (msg: "MISP e25873 [] Outgoing To IP: 123.56.81.44|80"; classtype:trojan-activity; sid:37032631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 124.221.248.167 8443 (msg: "MISP e25873 [] Outgoing To IP: 124.221.248.167|8443"; classtype:trojan-activity; sid:37032641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 104.236.196.5 443 (msg: "MISP e25873 [] Outgoing To IP: 104.236.196.5|443"; classtype:trojan-activity; sid:37032651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 141.98.81.97 81 (msg: "MISP e25873 [] Outgoing To IP: 141.98.81.97|81"; classtype:trojan-activity; sid:37032661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 34.31.210.30 443 (msg: "MISP e25873 [] Outgoing To IP: 34.31.210.30|443"; classtype:trojan-activity; sid:37032671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 129.204.245.247 10080 (msg: "MISP e25873 [] Outgoing To IP: 129.204.245.247|10080"; classtype:trojan-activity; sid:37032681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 129.204.245.247 10443 (msg: "MISP e25873 [] Outgoing To IP: 129.204.245.247|10443"; classtype:trojan-activity; sid:37032691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 101.201.46.105 80 (msg: "MISP e25873 [] Outgoing To IP: 101.201.46.105|80"; classtype:trojan-activity; sid:37032701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 222.187.224.70 8443 (msg: "MISP e25873 [] Outgoing To IP: 222.187.224.70|8443"; classtype:trojan-activity; sid:37032711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 124.222.173.133 9443 (msg: "MISP e25873 [] Outgoing To IP: 124.222.173.133|9443"; classtype:trojan-activity; sid:37032721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 49.235.144.122 9000 (msg: "MISP e25873 [] Outgoing To IP: 49.235.144.122|9000"; classtype:trojan-activity; sid:37032731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 43.143.168.186 9000 (msg: "MISP e25873 [] Outgoing To IP: 43.143.168.186|9000"; classtype:trojan-activity; sid:37032741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 8.130.80.79 8089 (msg: "MISP e25873 [] Outgoing To IP: 8.130.80.79|8089"; classtype:trojan-activity; sid:37032751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 74.48.125.18 2086 (msg: "MISP e25873 [] Outgoing To IP: 74.48.125.18|2086"; classtype:trojan-activity; sid:37032761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 185.154.14.215 443 (msg: "MISP e25873 [] Outgoing To IP: 185.154.14.215|443"; classtype:trojan-activity; sid:37032771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 5.135.224.155 8080 (msg: "MISP e25873 [] Outgoing To IP: 5.135.224.155|8080"; classtype:trojan-activity; sid:37032781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 188.166.22.203 4433 (msg: "MISP e25873 [] Outgoing To IP: 188.166.22.203|4433"; classtype:trojan-activity; sid:37032791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 104.168.102.175 443 (msg: "MISP e25873 [] Outgoing To IP: 104.168.102.175|443"; classtype:trojan-activity; sid:37032801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.gifted-khayyam.104-168-102-175.plesk.page"; dns.query; content:"www.gifted-khayyam.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gifted\-khayyam\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37032811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.gifted-khayyam.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.gifted-khayyam.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gifted\-khayyam\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 134.122.164.214 5566 (msg: "MISP e25873 [] Outgoing To IP: 134.122.164.214|5566"; classtype:trojan-activity; sid:37032821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.optimistic-rubin.104-168-102-175.plesk.page"; dns.query; content:"www.optimistic-rubin.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.optimistic\-rubin\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37032831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.optimistic-rubin.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.optimistic-rubin.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.optimistic\-rubin\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 122.51.243.31 39689 (msg: "MISP e25873 [] Outgoing To IP: 122.51.243.31|39689"; classtype:trojan-activity; sid:37032841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 175.24.130.231 9000 (msg: "MISP e25873 [] Outgoing To IP: 175.24.130.231|9000"; classtype:trojan-activity; sid:37032851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 202.79.168.65 5511 (msg: "MISP e25873 [] Outgoing To IP: 202.79.168.65|5511"; classtype:trojan-activity; sid:37032861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 120.27.132.223 80 (msg: "MISP e25873 [] Outgoing To IP: 120.27.132.223|80"; classtype:trojan-activity; sid:37032871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain confident-bouman.104-168-102-175.plesk.page"; dns.query; content:"confident-bouman.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])confident\-bouman\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37032881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain confident-bouman.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"confident-bouman.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])confident\-bouman\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain quirky-williamson.104-168-102-175.plesk.page"; dns.query; content:"quirky-williamson.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])quirky\-williamson\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37032891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain quirky-williamson.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"quirky-williamson.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])quirky\-williamson\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain kind-villani.104-168-102-175.plesk.page"; dns.query; content:"kind-villani.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])kind\-villani\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37032901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain kind-villani.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kind-villani.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kind\-villani\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 45.134.225.247 80 (msg: "MISP e25873 [] Outgoing To IP: 45.134.225.247|80"; classtype:trojan-activity; sid:37032911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.modest-colden.104-168-102-175.plesk.page"; dns.query; content:"www.modest-colden.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.modest\-colden\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37032921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.modest-colden.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.modest-colden.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.modest\-colden\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain sync.maksonsab.ru"; dns.query; content:"sync.maksonsab.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])sync\.maksonsab\.ru$/i"; classtype:trojan-activity; sid:37032931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain sync.maksonsab.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sync.maksonsab.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sync\.maksonsab\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.brave-herschel.104-168-102-175.plesk.page"; dns.query; content:"www.brave-herschel.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.brave\-herschel\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37032941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.brave-herschel.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.brave-herschel.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.brave\-herschel\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.optimistic-almeida.104-168-102-175.plesk.page"; dns.query; content:"www.optimistic-almeida.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.optimistic\-almeida\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37032951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.optimistic-almeida.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.optimistic-almeida.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.optimistic\-almeida\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.happy-burnell.104-168-102-175.plesk.page"; dns.query; content:"www.happy-burnell.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.happy\-burnell\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37032961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.happy-burnell.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.happy-burnell.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.happy\-burnell\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain ec2-13-36-225-33.eu-west-3.compute.amazonaws.com"; dns.query; content:"ec2-13-36-225-33.eu-west-3.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-36\-225\-33\.eu\-west\-3\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37032971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain ec2-13-36-225-33.eu-west-3.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-36-225-33.eu-west-3.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-36\-225\-33\.eu\-west\-3\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain vibrant-fermat.104-168-102-175.plesk.page"; dns.query; content:"vibrant-fermat.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])vibrant\-fermat\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37032981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain vibrant-fermat.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vibrant-fermat.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vibrant\-fermat\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain fervent-gates.104-168-102-175.plesk.page"; dns.query; content:"fervent-gates.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])fervent\-gates\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37032991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain fervent-gates.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fervent-gates.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fervent\-gates\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37032992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.hardcore-wescoff.104-168-102-175.plesk.page"; dns.query; content:"www.hardcore-wescoff.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hardcore\-wescoff\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37033001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.hardcore-wescoff.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.hardcore-wescoff.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hardcore\-wescoff\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain modest-colden.104-168-102-175.plesk.page"; dns.query; content:"modest-colden.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])modest\-colden\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37033011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain modest-colden.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"modest-colden.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])modest\-colden\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain our.openarmscv.org"; dns.query; content:"our.openarmscv.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])our\.openarmscv\.org$/i"; classtype:trojan-activity; sid:37033021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain our.openarmscv.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"our.openarmscv.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])our\.openarmscv\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 88.119.169.207 443 (msg: "MISP e25873 [] Outgoing To IP: 88.119.169.207|443"; classtype:trojan-activity; sid:37033031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25851 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain files.paronibarry.net"; dns.query; content:"files.paronibarry.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])files\.paronibarry\.net$/i"; classtype:trojan-activity; sid:37022291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain files.paronibarry.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"files.paronibarry.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])files\.paronibarry\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS63949,c2,censys] Domain 192-46-228-106.ip.linodeusercontent.com"; dns.query; content:"192-46-228-106.ip.linodeusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])192\-46\-228\-106\.ip\.linodeusercontent\.com$/i"; classtype:trojan-activity; sid:37022301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS63949,c2,censys] Outgoing HTTP Domain 192-46-228-106.ip.linodeusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"192-46-228-106.ip.linodeusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])192\-46\-228\-106\.ip\.linodeusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS30823,c2,censys] Domain vps-zap1065782-2.zap-srv.com"; dns.query; content:"vps-zap1065782-2.zap-srv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap1065782\-2\.zap\-srv\.com$/i"; classtype:trojan-activity; sid:37022311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS30823,c2,censys] Outgoing HTTP Domain vps-zap1065782-2.zap-srv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vps-zap1065782-2.zap-srv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap1065782\-2\.zap\-srv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AMAZON-02,AS16509,c2,censys] Domain ec2-13-235-248-157.ap-south-1.compute.amazonaws.com"; dns.query; content:"ec2-13-235-248-157.ap-south-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-235\-248\-157\.ap\-south\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37022321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-13-235-248-157.ap-south-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-235-248-157.ap-south-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-235\-248\-157\.ap\-south\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AMAZON-02,AS16509,c2,censys] Domain ec2-175-41-143-87.ap-southeast-1.compute.amazonaws.com"; dns.query; content:"ec2-175-41-143-87.ap-southeast-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-175\-41\-143\-87\.ap\-southeast\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37022331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-175-41-143-87.ap-southeast-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-175-41-143-87.ap-southeast-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-175\-41\-143\-87\.ap\-southeast\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 103.243.180.11 5588 (msg: "MISP e25851 [AS133115,c2,censys,RAT] Outgoing To IP: 103.243.180.11|5588"; classtype:trojan-activity; sid:37022341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 194.33.191.239 4449 (msg: "MISP e25851 [AS203168,c2,censys,RAT,UNKNOW] Outgoing To IP: 194.33.191.239|4449"; classtype:trojan-activity; sid:37022351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 109.107.182.205 25 (msg: "MISP e25851 [ALTAWK,AS203727,c2,censys,RAT] Outgoing To IP: 109.107.182.205|25"; classtype:trojan-activity; sid:37022361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 188.27.175.18 8080 (msg: "MISP e25851 [AS8708,c2,censys,RAT] Outgoing To IP: 188.27.175.18|8080"; classtype:trojan-activity; sid:37022371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 89.23.97.83 80 (msg: "MISP e25851 [AS56694,c2,censys,SMARTAPE] Outgoing To IP: 89.23.97.83|80"; classtype:trojan-activity; sid:37022381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 98.66.153.174 80 (msg: "MISP e25851 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 98.66.153.174|80"; classtype:trojan-activity; sid:37022391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 41.216.183.64 80 (msg: "MISP e25851 [AS211138,c2,censys,Loader,NeptuneLoader,PRIVATEHOSTING-NET] Outgoing To IP: 41.216.183.64|80"; classtype:trojan-activity; sid:37022401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 35.199.67.241 5000 (msg: "MISP e25851 [AS396982,botnet,byob,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 35.199.67.241|5000"; classtype:trojan-activity; sid:37022411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 34.118.118.118 5000 (msg: "MISP e25851 [AS396982,botnet,byob,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.118.118.118|5000"; classtype:trojan-activity; sid:37022421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 66.135.13.235 9075 (msg: "MISP e25851 [AS-CHOOPA,AS20473,c2,censys,Vshell] Outgoing To IP: 66.135.13.235|9075"; classtype:trojan-activity; sid:37022431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AEZA-AS,AS210644,c2,censys,stealer] Domain sw.sono.pw"; dns.query; content:"sw.sono.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])sw\.sono\.pw$/i"; classtype:trojan-activity; sid:37022441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AEZA-AS,AS210644,c2,censys,stealer] Outgoing HTTP Domain sw.sono.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sw.sono.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sw\.sono\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 52.200.22.116 443 (msg: "MISP e25851 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 52.200.22.116|443"; classtype:trojan-activity; sid:37022451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Domain epsilonapi.fr"; dns.query; content:"epsilonapi.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilonapi\.fr$/i"; classtype:trojan-activity; sid:37022461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Outgoing HTTP Domain epsilonapi.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"epsilonapi.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilonapi\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 93.123.85.14 80 (msg: "MISP e25851 [AS216240,c2,censys,MORTALSOFT] Outgoing To IP: 93.123.85.14|80"; classtype:trojan-activity; sid:37022471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS22612,c2,censys,NAMECHEAP-NET,UNAM] Domain www.akunet.host"; dns.query; content:"www.akunet.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.akunet\.host$/i"; classtype:trojan-activity; sid:37022481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS22612,c2,censys,NAMECHEAP-NET,UNAM] Outgoing HTTP Domain www.akunet.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.akunet.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.akunet\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 124.223.201.58 60000 (msg: "MISP e25851 [AS45090,censys,Viper] Outgoing To IP: 124.223.201.58|60000"; classtype:trojan-activity; sid:37022491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 103.108.43.24 60000 (msg: "MISP e25851 [AS135581,censys,Viper] Outgoing To IP: 103.108.43.24|60000"; classtype:trojan-activity; sid:37022501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 182.16.35.149 60000 (msg: "MISP e25851 [AS45753,censys,Viper] Outgoing To IP: 182.16.35.149|60000"; classtype:trojan-activity; sid:37022511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 103.108.42.171 60000 (msg: "MISP e25851 [AS135581,censys,Viper] Outgoing To IP: 103.108.42.171|60000"; classtype:trojan-activity; sid:37022521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 103.108.43.25 60000 (msg: "MISP e25851 [AS135581,censys,Viper] Outgoing To IP: 103.108.43.25|60000"; classtype:trojan-activity; sid:37022531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 103.108.43.23 60000 (msg: "MISP e25851 [AS135581,censys,Viper] Outgoing To IP: 103.108.43.23|60000"; classtype:trojan-activity; sid:37022541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 103.108.42.172 60000 (msg: "MISP e25851 [AS135581,censys,Viper] Outgoing To IP: 103.108.42.172|60000"; classtype:trojan-activity; sid:37022551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 49.232.149.43 60000 (msg: "MISP e25851 [AS45090,censys,Viper] Outgoing To IP: 49.232.149.43|60000"; classtype:trojan-activity; sid:37022561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain fonts.deenpel.com"; dns.query; content:"fonts.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fonts\.deenpel\.com$/i"; classtype:trojan-activity; sid:37022571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain fonts.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fonts.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fonts\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain www.charming-wright.142-11-199-59.plesk.page"; dns.query; content:"www.charming-wright.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.charming\-wright\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37022581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain www.charming-wright.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.charming-wright.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.charming\-wright\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain www.deenpel.com"; dns.query; content:"www.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.deenpel\.com$/i"; classtype:trojan-activity; sid:37022591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain www.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain mail.dnl-l.ooguy.com"; dns.query; content:"mail.dnl-l.ooguy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.dnl\-l\.ooguy\.com$/i"; classtype:trojan-activity; sid:37022601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain mail.dnl-l.ooguy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.dnl-l.ooguy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.dnl\-l\.ooguy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain admiring-pascal.142-11-199-59.plesk.page"; dns.query; content:"admiring-pascal.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])admiring\-pascal\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37022611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain admiring-pascal.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"admiring-pascal.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])admiring\-pascal\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain drive.deenpel.com"; dns.query; content:"drive.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drive\.deenpel\.com$/i"; classtype:trojan-activity; sid:37022621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain drive.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drive.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drive\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain login.vitamedicajobccb.com"; dns.query; content:"login.vitamedicajobccb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])login\.vitamedicajobccb\.com$/i"; classtype:trojan-activity; sid:37022631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain login.vitamedicajobccb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"login.vitamedicajobccb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])login\.vitamedicajobccb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 212.39.153.66 3333 (msg: "MISP e25851 [AS15557,censys,GoPhish,LDCOMNET,phishing] Outgoing To IP: 212.39.153.66|3333"; classtype:trojan-activity; sid:37022641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 172.205.168.27 3333 (msg: "MISP e25851 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 172.205.168.27|3333"; classtype:trojan-activity; sid:37022651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 18.157.139.50 443 (msg: "MISP e25851 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 18.157.139.50|443"; classtype:trojan-activity; sid:37022661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 18.194.227.164 443 (msg: "MISP e25851 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 18.194.227.164|443"; classtype:trojan-activity; sid:37022671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 4.156.181.32 3333 (msg: "MISP e25851 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 4.156.181.32|3333"; classtype:trojan-activity; sid:37022681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 137.74.7.196 8001 (msg: "MISP e25851 [AS16276,censys,GoPhish,OVH,phishing] Outgoing To IP: 137.74.7.196|8001"; classtype:trojan-activity; sid:37022691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 175.24.130.231 443 (msg: "MISP e25851 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 175.24.130.231|443"; classtype:trojan-activity; sid:37022701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 3.109.228.183 3333 (msg: "MISP e25851 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.109.228.183|3333"; classtype:trojan-activity; sid:37022711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 180.139.173.232 9999 (msg: "MISP e25851 [AS4134,censys,GoPhish,phishing] Outgoing To IP: 180.139.173.232|9999"; classtype:trojan-activity; sid:37022721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 167.172.47.15 36936 (msg: "MISP e25851 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 167.172.47.15|36936"; classtype:trojan-activity; sid:37022731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 141.145.196.196 3333 (msg: "MISP e25851 [AS31898,censys,GoPhish,ORACLE-BMC-31898,phishing] Outgoing To IP: 141.145.196.196|3333"; classtype:trojan-activity; sid:37022741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 3.143.139.73 8443 (msg: "MISP e25851 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.143.139.73|8443"; classtype:trojan-activity; sid:37022751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 3.142.70.21 3333 (msg: "MISP e25851 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.142.70.21|3333"; classtype:trojan-activity; sid:37022761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 51.38.178.159 4444 (msg: "MISP e25851 [AS16276,c2,censys,EggShell,OVH] Outgoing To IP: 51.38.178.159|4444"; classtype:trojan-activity; sid:37022771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.66.248.135 5833 (msg: "MISP e25851 [AS62005,BV-EU-AS,c2,censys] Outgoing To IP: 45.66.248.135|5833"; classtype:trojan-activity; sid:37022781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 45.66.248.135 5833 (msg: "MISP e25873 [] Outgoing To IP: 45.66.248.135|5833"; classtype:trojan-activity; sid:37033041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 51.38.178.159 4444 (msg: "MISP e25873 [] Outgoing To IP: 51.38.178.159|4444"; classtype:trojan-activity; sid:37033051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 3.142.70.21 3333 (msg: "MISP e25873 [] Outgoing To IP: 3.142.70.21|3333"; classtype:trojan-activity; sid:37033061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 3.143.139.73 8443 (msg: "MISP e25873 [] Outgoing To IP: 3.143.139.73|8443"; classtype:trojan-activity; sid:37033071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 141.145.196.196 3333 (msg: "MISP e25873 [] Outgoing To IP: 141.145.196.196|3333"; classtype:trojan-activity; sid:37033081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 167.172.47.15 36936 (msg: "MISP e25873 [] Outgoing To IP: 167.172.47.15|36936"; classtype:trojan-activity; sid:37033091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 180.139.173.232 9999 (msg: "MISP e25873 [] Outgoing To IP: 180.139.173.232|9999"; classtype:trojan-activity; sid:37033101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 3.109.228.183 3333 (msg: "MISP e25873 [] Outgoing To IP: 3.109.228.183|3333"; classtype:trojan-activity; sid:37033111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 175.24.130.231 443 (msg: "MISP e25873 [] Outgoing To IP: 175.24.130.231|443"; classtype:trojan-activity; sid:37033121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 137.74.7.196 8001 (msg: "MISP e25873 [] Outgoing To IP: 137.74.7.196|8001"; classtype:trojan-activity; sid:37033131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 4.156.181.32 3333 (msg: "MISP e25873 [] Outgoing To IP: 4.156.181.32|3333"; classtype:trojan-activity; sid:37033141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 18.194.227.164 443 (msg: "MISP e25873 [] Outgoing To IP: 18.194.227.164|443"; classtype:trojan-activity; sid:37033151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 18.157.139.50 443 (msg: "MISP e25873 [] Outgoing To IP: 18.157.139.50|443"; classtype:trojan-activity; sid:37033161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 172.205.168.27 3333 (msg: "MISP e25873 [] Outgoing To IP: 172.205.168.27|3333"; classtype:trojan-activity; sid:37033171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 212.39.153.66 3333 (msg: "MISP e25873 [] Outgoing To IP: 212.39.153.66|3333"; classtype:trojan-activity; sid:37033181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain login.vitamedicajobccb.com"; dns.query; content:"login.vitamedicajobccb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])login\.vitamedicajobccb\.com$/i"; classtype:trojan-activity; sid:37033191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain login.vitamedicajobccb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"login.vitamedicajobccb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])login\.vitamedicajobccb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain admiring-pascal.142-11-199-59.plesk.page"; dns.query; content:"admiring-pascal.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])admiring\-pascal\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37033201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain admiring-pascal.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"admiring-pascal.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])admiring\-pascal\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain drive.deenpel.com"; dns.query; content:"drive.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drive\.deenpel\.com$/i"; classtype:trojan-activity; sid:37033211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain drive.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drive.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drive\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain mail.dnl-l.ooguy.com"; dns.query; content:"mail.dnl-l.ooguy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.dnl\-l\.ooguy\.com$/i"; classtype:trojan-activity; sid:37033221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain mail.dnl-l.ooguy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.dnl-l.ooguy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.dnl\-l\.ooguy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.charming-wright.142-11-199-59.plesk.page"; dns.query; content:"www.charming-wright.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.charming\-wright\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37033231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.charming-wright.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.charming-wright.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.charming\-wright\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.deenpel.com"; dns.query; content:"www.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.deenpel\.com$/i"; classtype:trojan-activity; sid:37033241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain fonts.deenpel.com"; dns.query; content:"fonts.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fonts\.deenpel\.com$/i"; classtype:trojan-activity; sid:37033251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain fonts.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fonts.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fonts\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 49.232.149.43 60000 (msg: "MISP e25873 [] Outgoing To IP: 49.232.149.43|60000"; classtype:trojan-activity; sid:37033261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 103.108.42.172 60000 (msg: "MISP e25873 [] Outgoing To IP: 103.108.42.172|60000"; classtype:trojan-activity; sid:37033271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 103.108.43.23 60000 (msg: "MISP e25873 [] Outgoing To IP: 103.108.43.23|60000"; classtype:trojan-activity; sid:37033281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 103.108.42.171 60000 (msg: "MISP e25873 [] Outgoing To IP: 103.108.42.171|60000"; classtype:trojan-activity; sid:37033291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 103.108.43.25 60000 (msg: "MISP e25873 [] Outgoing To IP: 103.108.43.25|60000"; classtype:trojan-activity; sid:37033301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 182.16.35.149 60000 (msg: "MISP e25873 [] Outgoing To IP: 182.16.35.149|60000"; classtype:trojan-activity; sid:37033311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 103.108.43.24 60000 (msg: "MISP e25873 [] Outgoing To IP: 103.108.43.24|60000"; classtype:trojan-activity; sid:37033321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 124.223.201.58 60000 (msg: "MISP e25873 [] Outgoing To IP: 124.223.201.58|60000"; classtype:trojan-activity; sid:37033331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.akunet.host"; dns.query; content:"www.akunet.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.akunet\.host$/i"; classtype:trojan-activity; sid:37033341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.akunet.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.akunet.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.akunet\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 93.123.85.14 80 (msg: "MISP e25873 [] Outgoing To IP: 93.123.85.14|80"; classtype:trojan-activity; sid:37033351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain epsilonapi.fr"; dns.query; content:"epsilonapi.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilonapi\.fr$/i"; classtype:trojan-activity; sid:37033361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain epsilonapi.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"epsilonapi.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilonapi\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 52.200.22.116 443 (msg: "MISP e25873 [] Outgoing To IP: 52.200.22.116|443"; classtype:trojan-activity; sid:37033371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain sw.sono.pw"; dns.query; content:"sw.sono.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])sw\.sono\.pw$/i"; classtype:trojan-activity; sid:37033381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain sw.sono.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sw.sono.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sw\.sono\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 66.135.13.235 9075 (msg: "MISP e25873 [] Outgoing To IP: 66.135.13.235|9075"; classtype:trojan-activity; sid:37033391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 34.118.118.118 5000 (msg: "MISP e25873 [] Outgoing To IP: 34.118.118.118|5000"; classtype:trojan-activity; sid:37033401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 35.199.67.241 5000 (msg: "MISP e25873 [] Outgoing To IP: 35.199.67.241|5000"; classtype:trojan-activity; sid:37033411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 41.216.183.64 80 (msg: "MISP e25873 [] Outgoing To IP: 41.216.183.64|80"; classtype:trojan-activity; sid:37033421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 98.66.153.174 80 (msg: "MISP e25873 [] Outgoing To IP: 98.66.153.174|80"; classtype:trojan-activity; sid:37033431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 89.23.97.83 80 (msg: "MISP e25873 [] Outgoing To IP: 89.23.97.83|80"; classtype:trojan-activity; sid:37033441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 188.27.175.18 8080 (msg: "MISP e25873 [] Outgoing To IP: 188.27.175.18|8080"; classtype:trojan-activity; sid:37033451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 109.107.182.205 25 (msg: "MISP e25873 [] Outgoing To IP: 109.107.182.205|25"; classtype:trojan-activity; sid:37033461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 194.33.191.239 4449 (msg: "MISP e25873 [] Outgoing To IP: 194.33.191.239|4449"; classtype:trojan-activity; sid:37033471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 103.243.180.11 5588 (msg: "MISP e25873 [] Outgoing To IP: 103.243.180.11|5588"; classtype:trojan-activity; sid:37033481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain ec2-175-41-143-87.ap-southeast-1.compute.amazonaws.com"; dns.query; content:"ec2-175-41-143-87.ap-southeast-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-175\-41\-143\-87\.ap\-southeast\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37033491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain ec2-175-41-143-87.ap-southeast-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-175-41-143-87.ap-southeast-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-175\-41\-143\-87\.ap\-southeast\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain ec2-13-235-248-157.ap-south-1.compute.amazonaws.com"; dns.query; content:"ec2-13-235-248-157.ap-south-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-235\-248\-157\.ap\-south\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37033501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain ec2-13-235-248-157.ap-south-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-235-248-157.ap-south-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-235\-248\-157\.ap\-south\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain 192-46-228-106.ip.linodeusercontent.com"; dns.query; content:"192-46-228-106.ip.linodeusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])192\-46\-228\-106\.ip\.linodeusercontent\.com$/i"; classtype:trojan-activity; sid:37033511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain 192-46-228-106.ip.linodeusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"192-46-228-106.ip.linodeusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])192\-46\-228\-106\.ip\.linodeusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain vps-zap1065782-2.zap-srv.com"; dns.query; content:"vps-zap1065782-2.zap-srv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap1065782\-2\.zap\-srv\.com$/i"; classtype:trojan-activity; sid:37033521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain vps-zap1065782-2.zap-srv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vps-zap1065782-2.zap-srv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap1065782\-2\.zap\-srv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain files.paronibarry.net"; dns.query; content:"files.paronibarry.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])files\.paronibarry\.net$/i"; classtype:trojan-activity; sid:37033531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain files.paronibarry.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"files.paronibarry.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])files\.paronibarry\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 104 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|104"; classtype:trojan-activity; sid:37033541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 57963 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|57963"; classtype:trojan-activity; sid:37033551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 5903 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|5903"; classtype:trojan-activity; sid:37033561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 9036 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|9036"; classtype:trojan-activity; sid:37033571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 5671 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|5671"; classtype:trojan-activity; sid:37033581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 4242 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|4242"; classtype:trojan-activity; sid:37033591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 222 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|222"; classtype:trojan-activity; sid:37033601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 832 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|832"; classtype:trojan-activity; sid:37033611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 24828 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|24828"; classtype:trojan-activity; sid:37033621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 6009 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|6009"; classtype:trojan-activity; sid:37033631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 18925 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|18925"; classtype:trojan-activity; sid:37033641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 2376 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|2376"; classtype:trojan-activity; sid:37033651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 28015 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|28015"; classtype:trojan-activity; sid:37033661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 4444 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|4444"; classtype:trojan-activity; sid:37033671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 12920 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|12920"; classtype:trojan-activity; sid:37033681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 2375 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|2375"; classtype:trojan-activity; sid:37033691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 4781 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|4781"; classtype:trojan-activity; sid:37033701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 102.117.152.61 64741 (msg: "MISP e25873 [] Outgoing To IP: 102.117.152.61|64741"; classtype:trojan-activity; sid:37033711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 41.216.183.126 3741 (msg: "MISP e25873 [] Outgoing To IP: 41.216.183.126|3741"; classtype:trojan-activity; sid:37033721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 191.82.252.2 2000 (msg: "MISP e25873 [] Outgoing To IP: 191.82.252.2|2000"; classtype:trojan-activity; sid:37033731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain erp.topixtechnology.com"; dns.query; content:"erp.topixtechnology.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])erp\.topixtechnology\.com$/i"; classtype:trojan-activity; sid:37033741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain erp.topixtechnology.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"erp.topixtechnology.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])erp\.topixtechnology\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 13.212.79.65 443 (msg: "MISP e25873 [] Outgoing To IP: 13.212.79.65|443"; classtype:trojan-activity; sid:37033751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain reksiaeksinov4.fvds.ru"; dns.query; content:"reksiaeksinov4.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])reksiaeksinov4\.fvds\.ru$/i"; classtype:trojan-activity; sid:37033761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain reksiaeksinov4.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reksiaeksinov4.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reksiaeksinov4\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain pegasus.chicecon.com"; dns.query; content:"pegasus.chicecon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pegasus\.chicecon\.com$/i"; classtype:trojan-activity; sid:37033771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain pegasus.chicecon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pegasus.chicecon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pegasus\.chicecon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain dev.racun.app"; dns.query; content:"dev.racun.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\.racun\.app$/i"; classtype:trojan-activity; sid:37033781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain dev.racun.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev.racun.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\.racun\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 194.48.251.140 80 (msg: "MISP e25873 [] Outgoing To IP: 194.48.251.140|80"; classtype:trojan-activity; sid:37033791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain tsaojzhn885.com"; dns.query; content:"tsaojzhn885.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tsaojzhn885\.com$/i"; classtype:trojan-activity; sid:37033801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain tsaojzhn885.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tsaojzhn885.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tsaojzhn885\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain ok.chicecon.com"; dns.query; content:"ok.chicecon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.chicecon\.com$/i"; classtype:trojan-activity; sid:37033811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain ok.chicecon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ok.chicecon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.chicecon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain taojszxz.com"; dns.query; content:"taojszxz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])taojszxz\.com$/i"; classtype:trojan-activity; sid:37033821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain taojszxz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"taojszxz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])taojszxz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain tsaojzuv455.com"; dns.query; content:"tsaojzuv455.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tsaojzuv455\.com$/i"; classtype:trojan-activity; sid:37033831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain tsaojzuv455.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tsaojzuv455.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tsaojzuv455\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 79.137.207.154 50555 (msg: "MISP e25873 [] Outgoing To IP: 79.137.207.154|50555"; classtype:trojan-activity; sid:37033841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 34.107.114.24 80 (msg: "MISP e25873 [] Outgoing To IP: 34.107.114.24|80"; classtype:trojan-activity; sid:37033851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 85.202.160.192 80 (msg: "MISP e25873 [] Outgoing To IP: 85.202.160.192|80"; classtype:trojan-activity; sid:37033861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 31.44.2.39 80 (msg: "MISP e25873 [] Outgoing To IP: 31.44.2.39|80"; classtype:trojan-activity; sid:37033871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 45.61.166.149 80 (msg: "MISP e25873 [] Outgoing To IP: 45.61.166.149|80"; classtype:trojan-activity; sid:37033881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 62.72.32.226 80 (msg: "MISP e25873 [] Outgoing To IP: 62.72.32.226|80"; classtype:trojan-activity; sid:37033891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25846 [] Hostname dpd.lv.delivery-package3.shop"; dns.query; content:"dpd.lv.delivery-package3.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dpd\.lv\.delivery\-package3\.shop$/i"; classtype:trojan-activity; sid:37019521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25846 [] Outgoing HTTP Hostname dpd.lv.delivery-package3.shop"; flow:to_server,established; http.header; content: "Host|3a| dpd.lv.delivery-package3.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dpd\.lv\.delivery\-package3\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37019522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert dns any any -> any any (msg: "MISP e24703 [] Hostname globetextilemills.com"; dns.query; content:"globetextilemills.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])globetextilemills\.com$/i"; classtype:trojan-activity; sid:37256581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/24703;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24703 [] Outgoing HTTP Hostname globetextilemills.com"; flow:to_server,established; http.header; content: "Host|3a| globetextilemills.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])globetextilemills\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37256582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/24703;) alert dns any any -> any any (msg: "MISP e24703 [] Domain globetextilemills.com"; dns.query; content:"globetextilemills.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])globetextilemills\.com$/i"; classtype:trojan-activity; sid:37256591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/24703;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24703 [] Outgoing HTTP Domain globetextilemills.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"globetextilemills.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])globetextilemills\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37256592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/24703;) alert dns any any -> any any (msg: "MISP e24703 [] Hostname solarhomeph.com"; dns.query; content:"solarhomeph.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])solarhomeph\.com$/i"; classtype:trojan-activity; sid:37256691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/24703;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24703 [] Outgoing HTTP Hostname solarhomeph.com"; flow:to_server,established; http.header; content: "Host|3a| solarhomeph.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])solarhomeph\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37256692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/24703;) alert dns any any -> any any (msg: "MISP e24703 [] Domain solarhomeph.com"; dns.query; content:"solarhomeph.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])solarhomeph\.com$/i"; classtype:trojan-activity; sid:37256701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/24703;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24703 [] Outgoing HTTP Domain solarhomeph.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"solarhomeph.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])solarhomeph\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37256702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/24703;) alert http $HOME_NET any -> $EXTERNAL_NET 8094 (msg: "MISP e25851 [6.1.7,DarkGate,xiputin1] Outgoing URL http|3a|//bizabiza.mywire.org|3a|8094"; flow:to_server,established; http.header; content:"bizabiza.mywire.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37022821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [6.1.7,DarkGate,xiputin1] Domain bizabiza.mywire.org"; dns.query; content:"bizabiza.mywire.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])bizabiza\.mywire\.org$/i"; classtype:trojan-activity; sid:37022811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [6.1.7,DarkGate,xiputin1] Outgoing HTTP Domain bizabiza.mywire.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bizabiza.mywire.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bizabiza\.mywire\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37022812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25873 [] Domain bizabiza.mywire.org"; dns.query; content:"bizabiza.mywire.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])bizabiza\.mywire\.org$/i"; classtype:trojan-activity; sid:37033921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain bizabiza.mywire.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bizabiza.mywire.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bizabiza\.mywire\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37033922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET 8094 (msg: "MISP e25873 [] Outgoing URL http|3a|//bizabiza.mywire.org|3a|8094"; flow:to_server,established; http.header; content:"bizabiza.mywire.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37033931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 54.39.179.157 3790 (msg: "MISP e25851 [c2,Meterpreter] Outgoing To IP: 54.39.179.157|3790"; classtype:trojan-activity; sid:37022831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 54.39.179.157 3790 (msg: "MISP e25873 [] Outgoing To IP: 54.39.179.157|3790"; classtype:trojan-activity; sid:37033941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 88.214.26.31 any (msg: "MISP e25877 [ C2] Outgoing To IP: 88.214.26.31"; classtype:trojan-activity; sid:37035691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25877;) alert dns any any -> any any (msg: "MISP e25877 [ C2] Domain tsvsnjv.com"; dns.query; content:"tsvsnjv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tsvsnjv\.com$/i"; classtype:trojan-activity; sid:37035701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25877;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25877 [ C2] Outgoing HTTP Domain tsvsnjv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tsvsnjv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tsvsnjv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37035702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25877;) alert dns any any -> any any (msg: "MISP e25877 [ C2] Domain freedomsepter.com"; dns.query; content:"freedomsepter.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])freedomsepter\.com$/i"; classtype:trojan-activity; sid:37035711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25877;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25877 [ C2] Outgoing HTTP Domain freedomsepter.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"freedomsepter.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])freedomsepter\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37035712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25877;) alert dns any any -> any any (msg: "MISP e25877 [ C2] Domain wilenters.com"; dns.query; content:"wilenters.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wilenters\.com$/i"; classtype:trojan-activity; sid:37035721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25877;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25877 [ C2] Outgoing HTTP Domain wilenters.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wilenters.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wilenters\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37035722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25877;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25877 [ C2] Outgoing URL http|3a|//prestige-castom.com"; flow:to_server,established; http.header; content:"prestige-castom.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37035731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25877;) alert ip $HOME_NET any -> 162.33.179.65 any (msg: "MISP e25877 [ C2] Outgoing To IP: 162.33.179.65"; classtype:trojan-activity; sid:37035741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25877;) alert ip $HOME_NET any -> 192.185.155.6 any (msg: "MISP e25877 [ C2] Outgoing To IP: 192.185.155.6"; classtype:trojan-activity; sid:37035751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25877;) alert dns any any -> any any (msg: "MISP e25762 [] Domain mi-tarjetacencosud.cl.aeroupholsterycleaningmelbourne.com.au"; dns.query; content:"mi-tarjetacencosud.cl.aeroupholsterycleaningmelbourne.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\.cl\.aeroupholsterycleaningmelbourne\.com\.au$/i"; classtype:trojan-activity; sid:36970581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25762;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25762 [] Outgoing HTTP Domain mi-tarjetacencosud.cl.aeroupholsterycleaningmelbourne.com.au"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud.cl.aeroupholsterycleaningmelbourne.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\.cl\.aeroupholsterycleaningmelbourne\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36970582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25762;) alert dns any any -> any any (msg: "MISP e25847 [] Hostname load.365analytics.xyz"; dns.query; content:"load.365analytics.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])load\.365analytics\.xyz$/i"; classtype:trojan-activity; sid:37019551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25847 [] Outgoing HTTP Hostname load.365analytics.xyz"; flow:to_server,established; http.header; content: "Host|3a| load.365analytics.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])load\.365analytics\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37019552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert dns any any -> any any (msg: "MISP e25846 [] Hostname vid.gov-izmaksa.net"; dns.query; content:"vid.gov-izmaksa.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vid\.gov\-izmaksa\.net$/i"; classtype:trojan-activity; sid:37019531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25846 [] Outgoing HTTP Hostname vid.gov-izmaksa.net"; flow:to_server,established; http.header; content: "Host|3a| vid.gov-izmaksa.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vid\.gov\-izmaksa\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37019532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert dns any any -> any any (msg: "MISP e25846 [] Hostname elieta.iesniegums.net"; dns.query; content:"elieta.iesniegums.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])elieta\.iesniegums\.net$/i"; classtype:trojan-activity; sid:37019541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25846 [] Outgoing HTTP Hostname elieta.iesniegums.net"; flow:to_server,established; http.header; content: "Host|3a| elieta.iesniegums.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])elieta\.iesniegums\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37019542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert http $HOME_NET any -> 5.230.229.207 $HTTP_PORTS (msg: "MISP e25851 [dcrat] Outgoing URL http|3a|//5.230.229.207/l1nc0in.php"; flow:to_server,established; http.header; content:"5.230.229.207"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37022841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 3.6.30.85 19208 (msg: "MISP e25851 [njrat] Outgoing To IP: 3.6.30.85|19208"; classtype:trojan-activity; sid:37022851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 3.6.98.232 19208 (msg: "MISP e25851 [njrat] Outgoing To IP: 3.6.98.232|19208"; classtype:trojan-activity; sid:37022861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 3.6.115.64 19208 (msg: "MISP e25851 [njrat] Outgoing To IP: 3.6.115.64|19208"; classtype:trojan-activity; sid:37022871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 3.6.115.182 19208 (msg: "MISP e25851 [njrat] Outgoing To IP: 3.6.115.182|19208"; classtype:trojan-activity; sid:37022881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 3.6.115.182 19208 (msg: "MISP e25873 [] Outgoing To IP: 3.6.115.182|19208"; classtype:trojan-activity; sid:37033951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 3.6.115.64 19208 (msg: "MISP e25873 [] Outgoing To IP: 3.6.115.64|19208"; classtype:trojan-activity; sid:37033961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 3.6.98.232 19208 (msg: "MISP e25873 [] Outgoing To IP: 3.6.98.232|19208"; classtype:trojan-activity; sid:37033971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 3.6.30.85 19208 (msg: "MISP e25873 [] Outgoing To IP: 3.6.30.85|19208"; classtype:trojan-activity; sid:37033981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 5.230.229.207 $HTTP_PORTS (msg: "MISP e25873 [] Outgoing URL http|3a|//5.230.229.207/L1nc0In.php"; flow:to_server,established; http.header; content:"5.230.229.207"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37033991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 185.91.127.221 8089 (msg: "MISP e25851 [CobaltStrike,cs-watermark-987654321,FERDINANDZINK] Outgoing URL http|3a|//185.91.127.221|3a|8089/ca"; flow:to_server,established; http.header; content:"185.91.127.221"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37022891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 185.91.127.221 8089 (msg: "MISP e25873 [] Outgoing URL http|3a|//185.91.127.221|3a|8089/ca"; flow:to_server,established; http.header; content:"185.91.127.221"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25763 [] Outgoing URL http|3a|//dev-provinciabip-acceder.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-provinciabip-acceder.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:36970651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25763;) alert dns any any -> any any (msg: "MISP e25763 [] Domain dev-provinciabip-acceder.pantheonsite.io"; dns.query; content:"dev-provinciabip-acceder.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-provinciabip\-acceder\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:36970671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25763;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25763 [] Outgoing HTTP Domain dev-provinciabip-acceder.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-provinciabip-acceder.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-provinciabip\-acceder\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36970672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25763;) alert dns any any -> any any (msg: "MISP e25858 [] Hostname iranian-market.cfd"; dns.query; content:"iranian-market.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iranian\-market\.cfd$/i"; classtype:trojan-activity; sid:37023941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25858;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25858 [] Outgoing HTTP Hostname iranian-market.cfd"; flow:to_server,established; http.header; content: "Host|3a| iranian-market.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iranian\-market\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37023942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25858;) alert ip $HOME_NET any -> 149.248.17.69 3790 (msg: "MISP e25851 [c2,Meterpreter] Outgoing To IP: 149.248.17.69|3790"; classtype:trojan-activity; sid:37022951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 3.6.122.107 19208 (msg: "MISP e25851 [njrat,RAT] Outgoing To IP: 3.6.122.107|19208"; classtype:trojan-activity; sid:37022941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 3.6.122.107 19208 (msg: "MISP e25873 [] Outgoing To IP: 3.6.122.107|19208"; classtype:trojan-activity; sid:37034031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 149.248.17.69 3790 (msg: "MISP e25873 [] Outgoing To IP: 149.248.17.69|3790"; classtype:trojan-activity; sid:37034041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25874 [] Outgoing URL http|3a|//cutt.ly/lwD7B7lp"; flow:to_server,established; http.header; content:"cutt.ly"; fast_pattern; nocase; http.uri; content:"/lwD7B7lp"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25874;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname btkkn.pages.dev"; dns.query; content:"btkkn.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btkkn\.pages\.dev$/i"; classtype:trojan-activity; sid:37024471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname btkkn.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| btkkn.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btkkn\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//btkkn.pages.dev"; flow:to_server,established; http.header; content:"btkkn.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tacking-uspost-mi.top"; dns.query; content:"tacking-uspost-mi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspost\-mi\.top$/i"; classtype:trojan-activity; sid:37024501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tacking-uspost-mi.top"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspost-mi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspost\-mi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tacking-uspost-mi.top"; flow:to_server,established; http.header; content:"tacking-uspost-mi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname unstoppabledomains.mobi"; dns.query; content:"unstoppabledomains.mobi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unstoppabledomains\.mobi$/i"; classtype:trojan-activity; sid:37024531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname unstoppabledomains.mobi"; flow:to_server,established; http.header; content: "Host|3a| unstoppabledomains.mobi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unstoppabledomains\.mobi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tokenpbqket.pro"; dns.query; content:"tokenpbqket.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.pro$/i"; classtype:trojan-activity; sid:37024561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tokenpbqket.pro"; flow:to_server,established; http.header; content: "Host|3a| tokenpbqket.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tokenpbqket.pro"; flow:to_server,established; http.header; content:"tokenpbqket.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname unstoppabledomains.best"; dns.query; content:"unstoppabledomains.best"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unstoppabledomains\.best$/i"; classtype:trojan-activity; sid:37024591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname unstoppabledomains.best"; flow:to_server,established; http.header; content: "Host|3a| unstoppabledomains.best"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unstoppabledomains\.best[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname sso-maiwebsrvr-4334ew34.pages.dev"; dns.query; content:"sso-maiwebsrvr-4334ew34.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sso\-maiwebsrvr\-4334ew34\.pages\.dev$/i"; classtype:trojan-activity; sid:37024621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname sso-maiwebsrvr-4334ew34.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sso-maiwebsrvr-4334ew34.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sso\-maiwebsrvr\-4334ew34\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//sso-maiwebsrvr-4334ew34.pages.dev"; flow:to_server,established; http.header; content:"sso-maiwebsrvr-4334ew34.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tracking-uspostt.top"; dns.query; content:"tracking-uspostt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-uspostt\.top$/i"; classtype:trojan-activity; sid:37024651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tracking-uspostt.top"; flow:to_server,established; http.header; content: "Host|3a| tracking-uspostt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-uspostt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tracking-uspostt.top"; flow:to_server,established; http.header; content:"tracking-uspostt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t0komp2cket.top"; dns.query; content:"t0komp2cket.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0komp2cket\.top$/i"; classtype:trojan-activity; sid:37024681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t0komp2cket.top"; flow:to_server,established; http.header; content: "Host|3a| t0komp2cket.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0komp2cket\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//t0komp2cket.top"; flow:to_server,established; http.header; content:"t0komp2cket.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t0koup2cket.top"; dns.query; content:"t0koup2cket.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0koup2cket\.top$/i"; classtype:trojan-activity; sid:37024711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t0koup2cket.top"; flow:to_server,established; http.header; content: "Host|3a| t0koup2cket.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0koup2cket\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//t0koup2cket.top"; flow:to_server,established; http.header; content:"t0koup2cket.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 3659h.cc"; dns.query; content:"3659h.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3659h\.cc$/i"; classtype:trojan-activity; sid:37024741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 3659h.cc"; flow:to_server,established; http.header; content: "Host|3a| 3659h.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3659h\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//3659h.cc"; flow:to_server,established; http.header; content:"3659h.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 3659g.cc"; dns.query; content:"3659g.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3659g\.cc$/i"; classtype:trojan-activity; sid:37024771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 3659g.cc"; flow:to_server,established; http.header; content: "Host|3a| 3659g.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3659g\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//3659g.cc"; flow:to_server,established; http.header; content:"3659g.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname srvr-ssomailcloud-r04t34.pages.dev"; dns.query; content:"srvr-ssomailcloud-r04t34.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvr\-ssomailcloud\-r04t34\.pages\.dev$/i"; classtype:trojan-activity; sid:37024801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname srvr-ssomailcloud-r04t34.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| srvr-ssomailcloud-r04t34.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvr\-ssomailcloud\-r04t34\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//srvr-ssomailcloud-r04t34.pages.dev"; flow:to_server,established; http.header; content:"srvr-ssomailcloud-r04t34.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tidinessradar.pro"; dns.query; content:"tidinessradar.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tidinessradar\.pro$/i"; classtype:trojan-activity; sid:37024831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tidinessradar.pro"; flow:to_server,established; http.header; content: "Host|3a| tidinessradar.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tidinessradar\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tidinessradar.pro"; flow:to_server,established; http.header; content:"tidinessradar.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t0koop2cket.top"; dns.query; content:"t0koop2cket.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0koop2cket\.top$/i"; classtype:trojan-activity; sid:37024891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t0koop2cket.top"; flow:to_server,established; http.header; content: "Host|3a| t0koop2cket.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0koop2cket\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//t0koop2cket.top"; flow:to_server,established; http.header; content:"t0koop2cket.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usps-aindqer.top"; dns.query; content:"usps-aindqer.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-aindqer\.top$/i"; classtype:trojan-activity; sid:37024921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usps-aindqer.top"; flow:to_server,established; http.header; content: "Host|3a| usps-aindqer.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-aindqer\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//usps-aindqer.top"; flow:to_server,established; http.header; content:"usps-aindqer.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cgcsh.com.cn"; dns.query; content:"cgcsh.com.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cgcsh\.com\.cn$/i"; classtype:trojan-activity; sid:37024951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cgcsh.com.cn"; flow:to_server,established; http.header; content: "Host|3a| cgcsh.com.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cgcsh\.com\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//cgcsh.com.cn"; flow:to_server,established; http.header; content:"cgcsh.com.cn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname stapsexmilf.pages.dev"; dns.query; content:"stapsexmilf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stapsexmilf\.pages\.dev$/i"; classtype:trojan-activity; sid:37024981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname stapsexmilf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| stapsexmilf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stapsexmilf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//stapsexmilf.pages.dev"; flow:to_server,established; http.header; content:"stapsexmilf.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname syfa.org.cn"; dns.query; content:"syfa.org.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])syfa\.org\.cn$/i"; classtype:trojan-activity; sid:37025011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname syfa.org.cn"; flow:to_server,established; http.header; content: "Host|3a| syfa.org.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])syfa\.org\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//syfa.org.cn"; flow:to_server,established; http.header; content:"syfa.org.cn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname imtoken-ha.top"; dns.query; content:"imtoken-ha.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ha\.top$/i"; classtype:trojan-activity; sid:37025041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname imtoken-ha.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ha.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ha\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//imtoken-ha.top"; flow:to_server,established; http.header; content:"imtoken-ha.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname ehtll.pages.dev"; dns.query; content:"ehtll.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehtll\.pages\.dev$/i"; classtype:trojan-activity; sid:37025101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname ehtll.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ehtll.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehtll\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//ehtll.pages.dev"; flow:to_server,established; http.header; content:"ehtll.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname imtoken-lt.top"; dns.query; content:"imtoken-lt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-lt\.top$/i"; classtype:trojan-activity; sid:37025131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname imtoken-lt.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-lt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-lt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//imtoken-lt.top"; flow:to_server,established; http.header; content:"imtoken-lt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname legroomrogue.pro"; dns.query; content:"legroomrogue.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])legroomrogue\.pro$/i"; classtype:trojan-activity; sid:37025161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname legroomrogue.pro"; flow:to_server,established; http.header; content: "Host|3a| legroomrogue.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])legroomrogue\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//legroomrogue.pro"; flow:to_server,established; http.header; content:"legroomrogue.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsukj.top"; dns.query; content:"uspsukj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsukj\.top$/i"; classtype:trojan-activity; sid:37025191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsukj.top"; flow:to_server,established; http.header; content: "Host|3a| uspsukj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsukj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsukj.top"; flow:to_server,established; http.header; content:"uspsukj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname ustop-centre.top"; dns.query; content:"ustop-centre.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ustop\-centre\.top$/i"; classtype:trojan-activity; sid:37025221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname ustop-centre.top"; flow:to_server,established; http.header; content: "Host|3a| ustop-centre.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ustop\-centre\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//ustop-centre.top"; flow:to_server,established; http.header; content:"ustop-centre.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname espacesoocu.ledt.shop"; dns.query; content:"espacesoocu.ledt.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])espacesoocu\.ledt\.shop$/i"; classtype:trojan-activity; sid:37025251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname espacesoocu.ledt.shop"; flow:to_server,established; http.header; content: "Host|3a| espacesoocu.ledt.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])espacesoocu\.ledt\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsuxd.top"; dns.query; content:"uspsuxd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxd\.top$/i"; classtype:trojan-activity; sid:37025281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsuxd.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuxd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsuxd.top"; flow:to_server,established; http.header; content:"uspsuxd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usps-aincdw.top"; dns.query; content:"usps-aincdw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-aincdw\.top$/i"; classtype:trojan-activity; sid:37025311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usps-aincdw.top"; flow:to_server,established; http.header; content: "Host|3a| usps-aincdw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-aincdw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//usps-aincdw.top"; flow:to_server,established; http.header; content:"usps-aincdw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t0koxp2cket.top"; dns.query; content:"t0koxp2cket.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0koxp2cket\.top$/i"; classtype:trojan-activity; sid:37025341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t0koxp2cket.top"; flow:to_server,established; http.header; content: "Host|3a| t0koxp2cket.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0koxp2cket\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//t0koxp2cket.top"; flow:to_server,established; http.header; content:"t0koxp2cket.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname hansfamilydental.pages.dev"; dns.query; content:"hansfamilydental.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hansfamilydental\.pages\.dev$/i"; classtype:trojan-activity; sid:37025371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname hansfamilydental.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hansfamilydental.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hansfamilydental\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//hansfamilydental.pages.dev"; flow:to_server,established; http.header; content:"hansfamilydental.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname washingended.pro"; dns.query; content:"washingended.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])washingended\.pro$/i"; classtype:trojan-activity; sid:37025401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname washingended.pro"; flow:to_server,established; http.header; content: "Host|3a| washingended.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])washingended\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//washingended.pro"; flow:to_server,established; http.header; content:"washingended.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname revivablepayday.pro"; dns.query; content:"revivablepayday.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])revivablepayday\.pro$/i"; classtype:trojan-activity; sid:37025431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname revivablepayday.pro"; flow:to_server,established; http.header; content: "Host|3a| revivablepayday.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])revivablepayday\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname virtualsalad.pro"; dns.query; content:"virtualsalad.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])virtualsalad\.pro$/i"; classtype:trojan-activity; sid:37025461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname virtualsalad.pro"; flow:to_server,established; http.header; content: "Host|3a| virtualsalad.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])virtualsalad\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//virtualsalad.pro"; flow:to_server,established; http.header; content:"virtualsalad.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname auto-skupik.pl"; dns.query; content:"auto-skupik.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-skupik\.pl$/i"; classtype:trojan-activity; sid:37025491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname auto-skupik.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-skupik.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-skupik\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//auto-skupik.pl"; flow:to_server,established; http.header; content:"auto-skupik.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tacking-uspst-uz.top"; dns.query; content:"tacking-uspst-uz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-uz\.top$/i"; classtype:trojan-activity; sid:37025521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tacking-uspst-uz.top"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspst-uz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-uz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tacking-uspst-uz.top"; flow:to_server,established; http.header; content:"tacking-uspst-uz.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t0kokp2cket.top"; dns.query; content:"t0kokp2cket.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kokp2cket\.top$/i"; classtype:trojan-activity; sid:37025551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t0kokp2cket.top"; flow:to_server,established; http.header; content: "Host|3a| t0kokp2cket.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kokp2cket\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//t0kokp2cket.top"; flow:to_server,established; http.header; content:"t0kokp2cket.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t0koqp2cket.top"; dns.query; content:"t0koqp2cket.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0koqp2cket\.top$/i"; classtype:trojan-activity; sid:37025581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t0koqp2cket.top"; flow:to_server,established; http.header; content: "Host|3a| t0koqp2cket.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0koqp2cket\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//t0koqp2cket.top"; flow:to_server,established; http.header; content:"t0koqp2cket.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegcmnn.club"; dns.query; content:"telegcmnn.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegcmnn\.club$/i"; classtype:trojan-activity; sid:37025611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegcmnn.club"; flow:to_server,established; http.header; content: "Host|3a| telegcmnn.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegcmnn\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegcmnn.club"; flow:to_server,established; http.header; content:"telegcmnn.club"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tacking-uspost-me.top"; dns.query; content:"tacking-uspost-me.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspost\-me\.top$/i"; classtype:trojan-activity; sid:37025641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tacking-uspost-me.top"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspost-me.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspost\-me\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tacking-uspost-me.top"; flow:to_server,established; http.header; content:"tacking-uspost-me.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname hello-zfile-download.kayyiny.workers.dev"; dns.query; content:"hello-zfile-download.kayyiny.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-zfile\-download\.kayyiny\.workers\.dev$/i"; classtype:trojan-activity; sid:37025671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname hello-zfile-download.kayyiny.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-zfile-download.kayyiny.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-zfile\-download\.kayyiny\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//hello-zfile-download.kayyiny.workers.dev"; flow:to_server,established; http.header; content:"hello-zfile-download.kayyiny.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspps-us.top"; dns.query; content:"uspps-us.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspps\-us\.top$/i"; classtype:trojan-activity; sid:37025701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspps-us.top"; flow:to_server,established; http.header; content: "Host|3a| uspps-us.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspps\-us\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspps-us.top"; flow:to_server,established; http.header; content:"uspps-us.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname yeniy21.top"; dns.query; content:"yeniy21.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy21\.top$/i"; classtype:trojan-activity; sid:37025731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname yeniy21.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy21.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy21\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//yeniy21.top"; flow:to_server,established; http.header; content:"yeniy21.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname imtoken-hc.top"; dns.query; content:"imtoken-hc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-hc\.top$/i"; classtype:trojan-activity; sid:37025761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname imtoken-hc.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-hc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-hc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//imtoken-hc.top"; flow:to_server,established; http.header; content:"imtoken-hc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t0kolp2cket.top"; dns.query; content:"t0kolp2cket.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kolp2cket\.top$/i"; classtype:trojan-activity; sid:37025791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t0kolp2cket.top"; flow:to_server,established; http.header; content: "Host|3a| t0kolp2cket.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kolp2cket\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//t0kolp2cket.top"; flow:to_server,established; http.header; content:"t0kolp2cket.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tacking-uspst-kz.top"; dns.query; content:"tacking-uspst-kz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-kz\.top$/i"; classtype:trojan-activity; sid:37025821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tacking-uspst-kz.top"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspst-kz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-kz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tacking-uspst-kz.top"; flow:to_server,established; http.header; content:"tacking-uspst-kz.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tracking-uspostt-ca.top"; dns.query; content:"tracking-uspostt-ca.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-uspostt\-ca\.top$/i"; classtype:trojan-activity; sid:37025851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tracking-uspostt-ca.top"; flow:to_server,established; http.header; content: "Host|3a| tracking-uspostt-ca.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-uspostt\-ca\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tracking-uspostt-ca.top"; flow:to_server,established; http.header; content:"tracking-uspostt-ca.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname imtoken-lu.top"; dns.query; content:"imtoken-lu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-lu\.top$/i"; classtype:trojan-activity; sid:37025881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname imtoken-lu.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-lu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-lu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//imtoken-lu.top"; flow:to_server,established; http.header; content:"imtoken-lu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname login.lunestream.com"; dns.query; content:"login.lunestream.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.lunestream\.com$/i"; classtype:trojan-activity; sid:37025911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname login.lunestream.com"; flow:to_server,established; http.header; content: "Host|3a| login.lunestream.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.lunestream\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname e412758d79256126a78df79ce0a18ad.pages.dev"; dns.query; content:"e412758d79256126a78df79ce0a18ad.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e412758d79256126a78df79ce0a18ad\.pages\.dev$/i"; classtype:trojan-activity; sid:37025941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname e412758d79256126a78df79ce0a18ad.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| e412758d79256126a78df79ce0a18ad.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e412758d79256126a78df79ce0a18ad\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//e412758d79256126a78df79ce0a18ad.pages.dev"; flow:to_server,established; http.header; content:"e412758d79256126a78df79ce0a18ad.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37025951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname pub-8d8bd52e82f647918b3ead7e091b3777.r2.dev"; dns.query; content:"pub-8d8bd52e82f647918b3ead7e091b3777.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8d8bd52e82f647918b3ead7e091b3777\.r2\.dev$/i"; classtype:trojan-activity; sid:37025971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname pub-8d8bd52e82f647918b3ead7e091b3777.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-8d8bd52e82f647918b3ead7e091b3777.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8d8bd52e82f647918b3ead7e091b3777\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37025972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegramfree.ru"; dns.query; content:"telegramfree.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramfree\.ru$/i"; classtype:trojan-activity; sid:37026001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegramfree.ru"; flow:to_server,established; http.header; content: "Host|3a| telegramfree.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramfree\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//www.telegramfree.ru"; flow:to_server,established; http.header; content:"www.telegramfree.ru"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37026011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname verifikasipemulihanakunfb.gnius.my.id"; dns.query; content:"verifikasipemulihanakunfb.gnius.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifikasipemulihanakunfb\.gnius\.my\.id$/i"; classtype:trojan-activity; sid:37026031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname verifikasipemulihanakunfb.gnius.my.id"; flow:to_server,established; http.header; content: "Host|3a| verifikasipemulihanakunfb.gnius.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifikasipemulihanakunfb\.gnius\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//verifikasipemulihanakunfb.gnius.my.id"; flow:to_server,established; http.header; content:"verifikasipemulihanakunfb.gnius.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37026041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname upok.pages.dev"; dns.query; content:"upok.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upok\.pages\.dev$/i"; classtype:trojan-activity; sid:37026061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname upok.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| upok.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upok\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//upok.pages.dev/%5C%5C%5C%22https|3a|%5C/%5C/t.myvisualiq.net%5C/impression_pixel"; flow:to_server,established; http.header; content:"upok.pages.dev"; fast_pattern; nocase; http.uri; content:"/%5C%5C%5C%22https:%5C/%5C/t.myvisualiq.net%5C/impression_pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37026071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.usspon.top"; dns.query; content:"usp.usspon.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspon\.top$/i"; classtype:trojan-activity; sid:37026091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.usspon.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspon.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspon\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//usp.usspon.top"; flow:to_server,established; http.header; content:"usp.usspon.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37026101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname yws.lgu.mybluehost.me"; dns.query; content:"yws.lgu.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yws\.lgu\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37026121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname yws.lgu.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| yws.lgu.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yws\.lgu\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname wood-82c2.jayden1077.workers.dev"; dns.query; content:"wood-82c2.jayden1077.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev$/i"; classtype:trojan-activity; sid:37026151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname wood-82c2.jayden1077.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wood-82c2.jayden1077.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname wild-e8c7.lolmiyupsu.workers.dev"; dns.query; content:"wild-e8c7.lolmiyupsu.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wild\-e8c7\.lolmiyupsu\.workers\.dev$/i"; classtype:trojan-activity; sid:37026181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname wild-e8c7.lolmiyupsu.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wild-e8c7.lolmiyupsu.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wild\-e8c7\.lolmiyupsu\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname wgtm5.vellyad.my.id"; dns.query; content:"wgtm5.vellyad.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wgtm5\.vellyad\.my\.id$/i"; classtype:trojan-activity; sid:37026211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname wgtm5.vellyad.my.id"; flow:to_server,established; http.header; content: "Host|3a| wgtm5.vellyad.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wgtm5\.vellyad\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname webreel.com"; dns.query; content:"webreel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webreel\.com$/i"; classtype:trojan-activity; sid:37026241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname webreel.com"; flow:to_server,established; http.header; content: "Host|3a| webreel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webreel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspz.uspaib.top"; dns.query; content:"uspz.uspaib.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaib\.top$/i"; classtype:trojan-activity; sid:37026271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspz.uspaib.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspaib.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaib\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname verifier-61n.pages.dev"; dns.query; content:"verifier-61n.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifier\-61n\.pages\.dev$/i"; classtype:trojan-activity; sid:37026301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname verifier-61n.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| verifier-61n.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifier\-61n\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usp.uspscc.top"; dns.query; content:"usp.uspscc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspscc\.top$/i"; classtype:trojan-activity; sid:37026331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usp.uspscc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.uspscc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspscc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usps.usspans.top"; dns.query; content:"usps.usspans.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.usspans\.top$/i"; classtype:trojan-activity; sid:37026361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usps.usspans.top"; flow:to_server,established; http.header; content: "Host|3a| usps.usspans.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.usspans\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usps.usspams.top"; dns.query; content:"usps.usspams.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.usspams\.top$/i"; classtype:trojan-activity; sid:37026391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usps.usspams.top"; flow:to_server,established; http.header; content: "Host|3a| usps.usspams.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.usspams\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usps.mytrack-ut.com"; dns.query; content:"usps.mytrack-ut.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-ut\.com$/i"; classtype:trojan-activity; sid:37026421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usps.mytrack-ut.com"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrack-ut.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-ut\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37026451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37026481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37026511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37026541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname portfolioweb-metamask.ddnss.eu"; dns.query; content:"portfolioweb-metamask.ddnss.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portfolioweb\-metamask\.ddnss\.eu$/i"; classtype:trojan-activity; sid:37026571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname portfolioweb-metamask.ddnss.eu"; flow:to_server,established; http.header; content: "Host|3a| portfolioweb-metamask.ddnss.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portfolioweb\-metamask\.ddnss\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname pub-30cc7b882cd84be187266469e2449f33.r2.dev"; dns.query; content:"pub-30cc7b882cd84be187266469e2449f33.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-30cc7b882cd84be187266469e2449f33\.r2\.dev$/i"; classtype:trojan-activity; sid:37026601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname pub-30cc7b882cd84be187266469e2449f33.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-30cc7b882cd84be187266469e2449f33.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-30cc7b882cd84be187266469e2449f33\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname pub-11ad37ea29184ea3a36927777b3ce7b3.r2.dev"; dns.query; content:"pub-11ad37ea29184ea3a36927777b3ce7b3.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-11ad37ea29184ea3a36927777b3ce7b3\.r2\.dev$/i"; classtype:trojan-activity; sid:37026631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname pub-11ad37ea29184ea3a36927777b3ce7b3.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-11ad37ea29184ea3a36927777b3ce7b3.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-11ad37ea29184ea3a36927777b3ce7b3\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname portfolioweb-metamask.ddnss.eu"; dns.query; content:"portfolioweb-metamask.ddnss.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portfolioweb\-metamask\.ddnss\.eu$/i"; classtype:trojan-activity; sid:37026661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname portfolioweb-metamask.ddnss.eu"; flow:to_server,established; http.header; content: "Host|3a| portfolioweb-metamask.ddnss.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portfolioweb\-metamask\.ddnss\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname portfolioweb-metamask.ddnss.eu"; dns.query; content:"portfolioweb-metamask.ddnss.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portfolioweb\-metamask\.ddnss\.eu$/i"; classtype:trojan-activity; sid:37026691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname portfolioweb-metamask.ddnss.eu"; flow:to_server,established; http.header; content: "Host|3a| portfolioweb-metamask.ddnss.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portfolioweb\-metamask\.ddnss\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname payhub.memphistours.com"; dns.query; content:"payhub.memphistours.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])payhub\.memphistours\.com$/i"; classtype:trojan-activity; sid:37026721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname payhub.memphistours.com"; flow:to_server,established; http.header; content: "Host|3a| payhub.memphistours.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])payhub\.memphistours\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname msservice-143601145.hubspotpagebuilder.eu"; dns.query; content:"msservice-143601145.hubspotpagebuilder.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])msservice\-143601145\.hubspotpagebuilder\.eu$/i"; classtype:trojan-activity; sid:37026751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname msservice-143601145.hubspotpagebuilder.eu"; flow:to_server,established; http.header; content: "Host|3a| msservice-143601145.hubspotpagebuilder.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])msservice\-143601145\.hubspotpagebuilder\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname metamaskwallet.pages.dev"; dns.query; content:"metamaskwallet.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamaskwallet\.pages\.dev$/i"; classtype:trojan-activity; sid:37026781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname metamaskwallet.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| metamaskwallet.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamaskwallet\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname lvnutrition.co.za"; dns.query; content:"lvnutrition.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lvnutrition\.co\.za$/i"; classtype:trojan-activity; sid:37026811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname lvnutrition.co.za"; flow:to_server,established; http.header; content: "Host|3a| lvnutrition.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lvnutrition\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname lvnutrition.co.za"; dns.query; content:"lvnutrition.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lvnutrition\.co\.za$/i"; classtype:trojan-activity; sid:37026841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname lvnutrition.co.za"; flow:to_server,established; http.header; content: "Host|3a| lvnutrition.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lvnutrition\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname ksdjrnfgfikijf.weebly.com"; dns.query; content:"ksdjrnfgfikijf.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksdjrnfgfikijf\.weebly\.com$/i"; classtype:trojan-activity; sid:37026871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname ksdjrnfgfikijf.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| ksdjrnfgfikijf.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksdjrnfgfikijf\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname klc.pages.dev"; dns.query; content:"klc.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klc\.pages\.dev$/i"; classtype:trojan-activity; sid:37026901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname klc.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| klc.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klc\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname kdn.pages.dev"; dns.query; content:"kdn.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kdn\.pages\.dev$/i"; classtype:trojan-activity; sid:37026931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname kdn.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| kdn.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kdn\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname instagram-like-follower-10k-s.blogspot.com"; dns.query; content:"instagram-like-follower-10k-s.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-like\-follower\-10k\-s\.blogspot\.com$/i"; classtype:trojan-activity; sid:37026961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname instagram-like-follower-10k-s.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| instagram-like-follower-10k-s.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-like\-follower\-10k\-s\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname frosty-document-5022.dscgs8xo.workers.dev"; dns.query; content:"frosty-document-5022.dscgs8xo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev$/i"; classtype:trojan-activity; sid:37026991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname frosty-document-5022.dscgs8xo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| frosty-document-5022.dscgs8xo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37026992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37027021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname sec-authsec.com.hgdtk-sec.com"; dns.query; content:"sec-authsec.com.hgdtk-sec.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sec\-authsec\.com\.hgdtk\-sec\.com$/i"; classtype:trojan-activity; sid:37027051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname sec-authsec.com.hgdtk-sec.com"; flow:to_server,established; http.header; content: "Host|3a| sec-authsec.com.hgdtk-sec.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sec\-authsec\.com\.hgdtk\-sec\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//sec-authsec.com.hgdtk-sec.com"; flow:to_server,established; http.header; content:"sec-authsec.com.hgdtk-sec.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname gyvaz.pages.dev"; dns.query; content:"gyvaz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gyvaz\.pages\.dev$/i"; classtype:trojan-activity; sid:37027081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname gyvaz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gyvaz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gyvaz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//gyvaz.pages.dev"; flow:to_server,established; http.header; content:"gyvaz.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37027111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname bt-101029.weeblysite.com"; dns.query; content:"bt-101029.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-101029\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37027141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname bt-101029.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-101029.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-101029\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname bgj.pages.dev"; dns.query; content:"bgj.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bgj\.pages\.dev$/i"; classtype:trojan-activity; sid:37027171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname bgj.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bgj.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bgj\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname bafybeigssdsdn6bhru6ansdvjt5kqwue7abixjwy4arh3dcfpe4pzq6yxi.ipfs.cf-ipfs.com"; dns.query; content:"bafybeigssdsdn6bhru6ansdvjt5kqwue7abixjwy4arh3dcfpe4pzq6yxi.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeigssdsdn6bhru6ansdvjt5kqwue7abixjwy4arh3dcfpe4pzq6yxi\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37027201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname bafybeigssdsdn6bhru6ansdvjt5kqwue7abixjwy4arh3dcfpe4pzq6yxi.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeigssdsdn6bhru6ansdvjt5kqwue7abixjwy4arh3dcfpe4pzq6yxi.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeigssdsdn6bhru6ansdvjt5kqwue7abixjwy4arh3dcfpe4pzq6yxi\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname bafybeif6xcoikzkyq3zcqab6xxiz2optwbx6p6phbchkawslihm6knsve4.ipfs.cf-ipfs.com"; dns.query; content:"bafybeif6xcoikzkyq3zcqab6xxiz2optwbx6p6phbchkawslihm6knsve4.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeif6xcoikzkyq3zcqab6xxiz2optwbx6p6phbchkawslihm6knsve4\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37027231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname bafybeif6xcoikzkyq3zcqab6xxiz2optwbx6p6phbchkawslihm6knsve4.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeif6xcoikzkyq3zcqab6xxiz2optwbx6p6phbchkawslihm6knsve4.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeif6xcoikzkyq3zcqab6xxiz2optwbx6p6phbchkawslihm6knsve4\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname amang0.xcx.my.id"; dns.query; content:"amang0.xcx.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])amang0\.xcx\.my\.id$/i"; classtype:trojan-activity; sid:37027261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname amang0.xcx.my.id"; flow:to_server,established; http.header; content: "Host|3a| amang0.xcx.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])amang0\.xcx\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37027291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37027321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname pub-21e79dfd145840ee9b26f00bf1350c48.r2.dev"; dns.query; content:"pub-21e79dfd145840ee9b26f00bf1350c48.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-21e79dfd145840ee9b26f00bf1350c48\.r2\.dev$/i"; classtype:trojan-activity; sid:37027351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname pub-21e79dfd145840ee9b26f00bf1350c48.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-21e79dfd145840ee9b26f00bf1350c48.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-21e79dfd145840ee9b26f00bf1350c48\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//pub-21e79dfd145840ee9b26f00bf1350c48.r2.dev/share.html"; flow:to_server,established; http.header; content:"pub-21e79dfd145840ee9b26f00bf1350c48.r2.dev"; fast_pattern; nocase; http.uri; content:"/share.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname pub-2598caa00dcf4c658bf8753f6761f962.r2.dev"; dns.query; content:"pub-2598caa00dcf4c658bf8753f6761f962.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-2598caa00dcf4c658bf8753f6761f962\.r2\.dev$/i"; classtype:trojan-activity; sid:37027381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname pub-2598caa00dcf4c658bf8753f6761f962.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-2598caa00dcf4c658bf8753f6761f962.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-2598caa00dcf4c658bf8753f6761f962\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//pub-2598caa00dcf4c658bf8753f6761f962.r2.dev/compki.html"; flow:to_server,established; http.header; content:"pub-2598caa00dcf4c658bf8753f6761f962.r2.dev"; fast_pattern; nocase; http.uri; content:"/compki.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname nice-cwz.pages.dev"; dns.query; content:"nice-cwz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nice\-cwz\.pages\.dev$/i"; classtype:trojan-activity; sid:37027411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname nice-cwz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nice-cwz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nice\-cwz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//nice-cwz.pages.dev/https|3a|/tapestry.tapad.com/tapestry/1?ao=0"; flow:to_server,established; http.header; content:"nice-cwz.pages.dev"; fast_pattern; nocase; http.uri; content:"/https:/tapestry.tapad.com/tapestry/1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname nice-cwz.pages.dev"; dns.query; content:"nice-cwz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nice\-cwz\.pages\.dev$/i"; classtype:trojan-activity; sid:37027441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname nice-cwz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nice-cwz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nice\-cwz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//nice-cwz.pages.dev/https/tapestry.tapad.com/tapestry/1?ao=0"; flow:to_server,established; http.header; content:"nice-cwz.pages.dev"; fast_pattern; nocase; http.uri; content:"/https/tapestry.tapad.com/tapestry/1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname klc.pages.dev"; dns.query; content:"klc.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klc\.pages\.dev$/i"; classtype:trojan-activity; sid:37027471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname klc.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| klc.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klc\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//klc.pages.dev/account/js-reporting"; flow:to_server,established; http.header; content:"klc.pages.dev"; fast_pattern; nocase; http.uri; content:"/account/js-reporting"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname eventffgratisan.cloud-nesia.my.id"; dns.query; content:"eventffgratisan.cloud-nesia.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eventffgratisan\.cloud\-nesia\.my\.id$/i"; classtype:trojan-activity; sid:37027501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname eventffgratisan.cloud-nesia.my.id"; flow:to_server,established; http.header; content: "Host|3a| eventffgratisan.cloud-nesia.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eventffgratisan\.cloud\-nesia\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//eventffgratisan.cloud-nesia.my.id"; flow:to_server,established; http.header; content:"eventffgratisan.cloud-nesia.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipns/k51qzi5uqu5dhg7x6bzwg4i4k822la701pwj0sl8njk53u5zp7vzad2kpyi4yh?email=parcerias@noticiasmaia.com"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipns/k51qzi5uqu5dhg7x6bzwg4i4k822la701pwj0sl8njk53u5zp7vzad2kpyi4yh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37027561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev/c307077e-f855-4045-b8d6-add9b829d027"; flow:to_server,established; http.header; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; http.uri; content:"/c307077e-f855-4045-b8d6-add9b829d027"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname a.3656240201.top"; dns.query; content:"a.3656240201.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])a\.3656240201\.top$/i"; classtype:trojan-activity; sid:37027591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname a.3656240201.top"; flow:to_server,established; http.header; content: "Host|3a| a.3656240201.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])a\.3656240201\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//a.3656240201.top"; flow:to_server,established; http.header; content:"a.3656240201.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname pub-3bcd3ba7dacc49ae98a52a94ece68222.r2.dev"; dns.query; content:"pub-3bcd3ba7dacc49ae98a52a94ece68222.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-3bcd3ba7dacc49ae98a52a94ece68222\.r2\.dev$/i"; classtype:trojan-activity; sid:37027621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname pub-3bcd3ba7dacc49ae98a52a94ece68222.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-3bcd3ba7dacc49ae98a52a94ece68222.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-3bcd3ba7dacc49ae98a52a94ece68222\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//pub-3bcd3ba7dacc49ae98a52a94ece68222.r2.dev/index2.html"; flow:to_server,established; http.header; content:"pub-3bcd3ba7dacc49ae98a52a94ece68222.r2.dev"; fast_pattern; nocase; http.uri; content:"/index2.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname mail.kom-tech.ru"; dns.query; content:"mail.kom-tech.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.kom\-tech\.ru$/i"; classtype:trojan-activity; sid:37027681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname mail.kom-tech.ru"; flow:to_server,established; http.header; content: "Host|3a| mail.kom-tech.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.kom\-tech\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//mail.kom-tech.ru"; flow:to_server,established; http.header; content:"mail.kom-tech.ru"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uzywane-auto24.pl"; dns.query; content:"uzywane-auto24.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uzywane\-auto24\.pl$/i"; classtype:trojan-activity; sid:37027711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uzywane-auto24.pl"; flow:to_server,established; http.header; content: "Host|3a| uzywane-auto24.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uzywane\-auto24\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uzywane-auto24.pl"; flow:to_server,established; http.header; content:"uzywane-auto24.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname helium-dapps.pages.dev"; dns.query; content:"helium-dapps.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helium\-dapps\.pages\.dev$/i"; classtype:trojan-activity; sid:37027741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname helium-dapps.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| helium-dapps.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helium\-dapps\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//helium-dapps.pages.dev"; flow:to_server,established; http.header; content:"helium-dapps.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t6720e56d.emailsys2a.net"; dns.query; content:"t6720e56d.emailsys2a.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t6720e56d\.emailsys2a\.net$/i"; classtype:trojan-activity; sid:37027771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t6720e56d.emailsys2a.net"; flow:to_server,established; http.header; content: "Host|3a| t6720e56d.emailsys2a.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t6720e56d\.emailsys2a\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> 80.202.217.118 44091 (msg: "MISP e25819 [] Outgoing URL http|3a|//80.202.217.118|3a|44091/i"; flow:to_server,established; http.header; content:"80.202.217.118"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 222.168.236.20 42231 (msg: "MISP e25819 [] Outgoing URL http|3a|//222.168.236.20|3a|42231/mozi.m"; flow:to_server,established; http.header; content:"222.168.236.20"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 195.20.16.46 $HTTP_PORTS (msg: "MISP e25819 [] Outgoing URL http|3a|//195.20.16.46/download/RetailerRise.exe"; flow:to_server,established; http.header; content:"195.20.16.46"; fast_pattern; nocase; http.uri; content:"/download/RetailerRise.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 115.54.75.57 34520 (msg: "MISP e25819 [] Outgoing URL http|3a|//115.54.75.57|3a|34520/i"; flow:to_server,established; http.header; content:"115.54.75.57"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert http $HOME_NET any -> 115.54.75.57 34520 (msg: "MISP e25819 [] Outgoing URL http|3a|//115.54.75.57|3a|34520/"; flow:to_server,established; http.header; content:"115.54.75.57"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37024461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25819;) alert ip $HOME_NET any -> 85.215.237.245 4483 (msg: "MISP e25851 [RedLineStealer] Outgoing To IP: 85.215.237.245|4483"; classtype:trojan-activity; sid:37022961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 174.138.56.147 3790 (msg: "MISP e25851 [c2,Meterpreter] Outgoing To IP: 174.138.56.147|3790"; classtype:trojan-activity; sid:37022971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 174.138.56.147 3790 (msg: "MISP e25873 [] Outgoing To IP: 174.138.56.147|3790"; classtype:trojan-activity; sid:37034071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 85.215.237.245 4483 (msg: "MISP e25873 [] Outgoing To IP: 85.215.237.245|4483"; classtype:trojan-activity; sid:37034081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25858 [] Domain iranian-market.cfd"; dns.query; content:"iranian-market.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])iranian\-market\.cfd$/i"; classtype:trojan-activity; sid:37024061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25858;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25858 [] Outgoing HTTP Domain iranian-market.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"iranian-market.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])iranian\-market\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37024062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25858;) alert http $HOME_NET any -> 95.216.181.87 $HTTP_PORTS (msg: "MISP e25851 [Vidar] Outgoing URL http|3a|//95.216.181.87/"; flow:to_server,established; http.header; content:"95.216.181.87"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37022991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 95.216.181.87 80 (msg: "MISP e25851 [Vidar] Outgoing To IP: 95.216.181.87|80"; classtype:trojan-activity; sid:37023031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 78.47.233.159 9000 (msg: "MISP e25851 [Vidar] Outgoing To IP: 78.47.233.159|9000"; classtype:trojan-activity; sid:37023041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 95.217.215.24 443 (msg: "MISP e25851 [Vidar] Outgoing To IP: 95.217.215.24|443"; classtype:trojan-activity; sid:37023051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 95.217.215.24 443 (msg: "MISP e25873 [] Outgoing To IP: 95.217.215.24|443"; classtype:trojan-activity; sid:37034091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 95.216.181.87 80 (msg: "MISP e25873 [] Outgoing To IP: 95.216.181.87|80"; classtype:trojan-activity; sid:37034111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 78.47.233.159 9000 (msg: "MISP e25873 [] Outgoing To IP: 78.47.233.159|9000"; classtype:trojan-activity; sid:37034121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 95.216.181.87 $HTTP_PORTS (msg: "MISP e25873 [] Outgoing URL http|3a|//95.216.181.87/"; flow:to_server,established; http.header; content:"95.216.181.87"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 103.69.96.162 4502 (msg: "MISP e25851 [remcos] Outgoing To IP: 103.69.96.162|4502"; classtype:trojan-activity; sid:37023061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 103.69.96.162 4502 (msg: "MISP e25873 [] Outgoing To IP: 103.69.96.162|4502"; classtype:trojan-activity; sid:37034171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25851 [KjGtqi,Lumma,stealer,ViaCrackSite,WHISKEY] Outgoing URL http|3a|//peasanthovecapspll.shop/api"; flow:to_server,established; http.header; content:"peasanthovecapspll.shop"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 23.94.255.161 8001 (msg: "MISP e25851 [CobaltStrike,cs-watermark-100000,HostPapa] Outgoing URL http|3a|//23.94.255.161|3a|8001/__utm.gif"; flow:to_server,established; http.header; content:"23.94.255.161"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25851 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//solar.huawei.com/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"solar.huawei.com"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 47.92.146.233 80 (msg: "MISP e25851 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing To IP: 47.92.146.233|80"; classtype:trojan-activity; sid:37023111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 39.105.101.138 $HTTP_PORTS (msg: "MISP e25851 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//39.105.101.138/ca"; flow:to_server,established; http.header; content:"39.105.101.138"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [Amazon.com Inc.,CobaltStrike,cs-watermark-1612812790] Domain traincaster.net"; dns.query; content:"traincaster.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])traincaster\.net$/i"; classtype:trojan-activity; sid:37023141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [Amazon.com Inc.,CobaltStrike,cs-watermark-1612812790] Outgoing HTTP Domain traincaster.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"traincaster.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])traincaster\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37023142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 3.216.239.218 443 (msg: "MISP e25851 [Amazon.com Inc.,CobaltStrike,cs-watermark-1612812790] Outgoing To IP: 3.216.239.218|443"; classtype:trojan-activity; sid:37023151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 91.230.110.126 4321 (msg: "MISP e25851 [CobaltStrike,Contabo GmbH,cs-watermark-391144938] Outgoing URL http|3a|//91.230.110.126|3a|4321/g.pixel"; flow:to_server,established; http.header; content:"91.230.110.126"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 154.8.157.205 8099 (msg: "MISP e25851 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//154.8.157.205|3a|8099/dpixel"; flow:to_server,established; http.header; content:"154.8.157.205"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 91.230.110.126 $HTTP_PORTS (msg: "MISP e25851 [CobaltStrike,Contabo GmbH,cs-watermark-391144938] Outgoing URL http|3a|//91.230.110.126/visit.js"; flow:to_server,established; http.header; content:"91.230.110.126"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25851 [CobaltStrike,cs-watermark-987654321,TAMATIYA-AS] Domain anotherpalece.sytes.net"; dns.query; content:"anotherpalece.sytes.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])anotherpalece\.sytes\.net$/i"; classtype:trojan-activity; sid:37023211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25851 [CobaltStrike,cs-watermark-987654321,TAMATIYA-AS] Outgoing HTTP Domain anotherpalece.sytes.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"anotherpalece.sytes.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])anotherpalece\.sytes\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37023212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 147.124.221.85 8086 (msg: "MISP e25851 [CobaltStrike,cs-watermark-1234567890,Majestic Hosting Solutions LLC] Outgoing URL http|3a|//147.124.221.85|3a|8086/match"; flow:to_server,established; http.header; content:"147.124.221.85"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 43.138.156.178 $HTTP_PORTS (msg: "MISP e25851 [CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//43.138.156.178/dot.gif"; flow:to_server,established; http.header; content:"43.138.156.178"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 101.43.161.148 8081 (msg: "MISP e25851 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//101.43.161.148|3a|8081/en_us/all.js"; flow:to_server,established; http.header; content:"101.43.161.148"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 154.8.157.205 8999 (msg: "MISP e25851 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//154.8.157.205|3a|8999/dot.gif"; flow:to_server,established; http.header; content:"154.8.157.205"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 91.230.110.126 6666 (msg: "MISP e25851 [CobaltStrike,Contabo GmbH,cs-watermark-391144938] Outgoing URL http|3a|//91.230.110.126|3a|6666/pixel"; flow:to_server,established; http.header; content:"91.230.110.126"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 101.37.14.112 8899 (msg: "MISP e25851 [CobaltStrike,cs-watermark-1234567890,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//101.37.14.112|3a|8899/en_us/all.js"; flow:to_server,established; http.header; content:"101.37.14.112"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 101.37.14.112 8899 (msg: "MISP e25873 [] Outgoing URL http|3a|//101.37.14.112|3a|8899/en_US/all.js"; flow:to_server,established; http.header; content:"101.37.14.112"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 91.230.110.126 6666 (msg: "MISP e25873 [] Outgoing URL http|3a|//91.230.110.126|3a|6666/pixel"; flow:to_server,established; http.header; content:"91.230.110.126"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 154.8.157.205 8999 (msg: "MISP e25873 [] Outgoing URL http|3a|//154.8.157.205|3a|8999/dot.gif"; flow:to_server,established; http.header; content:"154.8.157.205"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 101.43.161.148 8081 (msg: "MISP e25873 [] Outgoing URL http|3a|//101.43.161.148|3a|8081/en_US/all.js"; flow:to_server,established; http.header; content:"101.43.161.148"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 43.138.156.178 $HTTP_PORTS (msg: "MISP e25873 [] Outgoing URL http|3a|//43.138.156.178/dot.gif"; flow:to_server,established; http.header; content:"43.138.156.178"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 147.124.221.85 8086 (msg: "MISP e25873 [] Outgoing URL http|3a|//147.124.221.85|3a|8086/match"; flow:to_server,established; http.header; content:"147.124.221.85"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain anotherpalece.sytes.net"; dns.query; content:"anotherpalece.sytes.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])anotherpalece\.sytes\.net$/i"; classtype:trojan-activity; sid:37034251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain anotherpalece.sytes.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"anotherpalece.sytes.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])anotherpalece\.sytes\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 91.230.110.126 $HTTP_PORTS (msg: "MISP e25873 [] Outgoing URL http|3a|//91.230.110.126/visit.js"; flow:to_server,established; http.header; content:"91.230.110.126"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 154.8.157.205 8099 (msg: "MISP e25873 [] Outgoing URL http|3a|//154.8.157.205|3a|8099/dpixel"; flow:to_server,established; http.header; content:"154.8.157.205"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 91.230.110.126 4321 (msg: "MISP e25873 [] Outgoing URL http|3a|//91.230.110.126|3a|4321/g.pixel"; flow:to_server,established; http.header; content:"91.230.110.126"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 3.216.239.218 443 (msg: "MISP e25873 [] Outgoing To IP: 3.216.239.218|443"; classtype:trojan-activity; sid:37034301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain traincaster.net"; dns.query; content:"traincaster.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])traincaster\.net$/i"; classtype:trojan-activity; sid:37034321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain traincaster.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"traincaster.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])traincaster\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 39.105.101.138 $HTTP_PORTS (msg: "MISP e25873 [] Outgoing URL http|3a|//39.105.101.138/ca"; flow:to_server,established; http.header; content:"39.105.101.138"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 47.92.146.233 80 (msg: "MISP e25873 [] Outgoing To IP: 47.92.146.233|80"; classtype:trojan-activity; sid:37034341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25873 [] Outgoing URL http|3a|//solar.huawei.com/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"solar.huawei.com"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 23.94.255.161 8001 (msg: "MISP e25873 [] Outgoing URL http|3a|//23.94.255.161|3a|8001/__utm.gif"; flow:to_server,established; http.header; content:"23.94.255.161"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25873 [] Outgoing URL http|3a|//peasanthovecapspll.shop/api"; flow:to_server,established; http.header; content:"peasanthovecapspll.shop"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25862 [] Domain cssf.digital"; dns.query; content:"cssf.digital"; nocase; pcre: "/(^|[^A-Za-z0-9-])cssf\.digital$/i"; classtype:trojan-activity; sid:37030541; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/25862;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25862 [] Outgoing HTTP Domain cssf.digital"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cssf.digital"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cssf\.digital[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37030542; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/25862;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25793 [] Source Email Address: fernanda_hermosilla@hotmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"fernanda_hermosilla@hotmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:36982841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25793;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25793 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"Prueba 48, Solicitud de Reintegro Teodoro Huerta (2).html|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:36982861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25793;) alert dns any any -> any any (msg: "MISP e25793 [] Domain mail-co1nam11olkn2043.outbound.protection.outlook.com"; dns.query; content:"mail-co1nam11olkn2043.outbound.protection.outlook.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-co1nam11olkn2043\.outbound\.protection\.outlook\.com$/i"; classtype:trojan-activity; sid:36982881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25793;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25793 [] Outgoing HTTP Domain mail-co1nam11olkn2043.outbound.protection.outlook.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-co1nam11olkn2043.outbound.protection.outlook.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-co1nam11olkn2043\.outbound\.protection\.outlook\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36982882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25793;) alert ip $HOME_NET any -> 193.161.193.99 30520 (msg: "MISP e25873 [] Outgoing To IP: 193.161.193.99|30520"; classtype:trojan-activity; sid:37034391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain jd03-30520.portmap.io"; dns.query; content:"jd03-30520.portmap.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])jd03\-30520\.portmap\.io$/i"; classtype:trojan-activity; sid:37034401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain jd03-30520.portmap.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jd03-30520.portmap.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jd03\-30520\.portmap\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain maksonsab.ru"; dns.query; content:"maksonsab.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])maksonsab\.ru$/i"; classtype:trojan-activity; sid:37034411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain maksonsab.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maksonsab.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maksonsab\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.maksonsab.ru"; dns.query; content:"www.maksonsab.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maksonsab\.ru$/i"; classtype:trojan-activity; sid:37034421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.maksonsab.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.maksonsab.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maksonsab\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain vmi1357229.contaboserver.net"; dns.query; content:"vmi1357229.contaboserver.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1357229\.contaboserver\.net$/i"; classtype:trojan-activity; sid:37034431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain vmi1357229.contaboserver.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi1357229.contaboserver.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1357229\.contaboserver\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain frozenk.fr"; dns.query; content:"frozenk.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])frozenk\.fr$/i"; classtype:trojan-activity; sid:37034441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain frozenk.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frozenk.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frozenk\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain ftp.frozenk.fr"; dns.query; content:"ftp.frozenk.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.frozenk\.fr$/i"; classtype:trojan-activity; sid:37034451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain ftp.frozenk.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ftp.frozenk.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.frozenk\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain www.frozenk.fr"; dns.query; content:"www.frozenk.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.frozenk\.fr$/i"; classtype:trojan-activity; sid:37034461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain www.frozenk.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.frozenk.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.frozenk\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 154.195.152.232 63641 (msg: "MISP e25851 [NanoCore,RAT] Outgoing To IP: 154.195.152.232|63641"; classtype:trojan-activity; sid:37023281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25873 [] Domain dns.nateeka.com"; dns.query; content:"dns.nateeka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.nateeka\.com$/i"; classtype:trojan-activity; sid:37034471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain dns.nateeka.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.nateeka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.nateeka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain nateeka.com"; dns.query; content:"nateeka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nateeka\.com$/i"; classtype:trojan-activity; sid:37034481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain nateeka.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nateeka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nateeka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain ec2-107-23-38-171.compute-1.amazonaws.com"; dns.query; content:"ec2-107-23-38-171.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-107\-23\-38\-171\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37034491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain ec2-107-23-38-171.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-107-23-38-171.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-107\-23\-38\-171\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain farkhunda.3cx.us"; dns.query; content:"farkhunda.3cx.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])farkhunda\.3cx\.us$/i"; classtype:trojan-activity; sid:37034501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain farkhunda.3cx.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"farkhunda.3cx.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])farkhunda\.3cx\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 154.195.152.232 63641 (msg: "MISP e25873 [] Outgoing To IP: 154.195.152.232|63641"; classtype:trojan-activity; sid:37034511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 45.152.85.10 443 (msg: "MISP e25851 [Bianlian Go Trojan,DATA-CHEAP-AS] Outgoing To IP: 45.152.85.10|443"; classtype:trojan-activity; sid:37023291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 134.209.244.69 443 (msg: "MISP e25851 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 134.209.244.69|443"; classtype:trojan-activity; sid:37023301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 94.23.155.217 445 (msg: "MISP e25851 [OVH,Responder] Outgoing To IP: 94.23.155.217|445"; classtype:trojan-activity; sid:37023311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 85.107.13.154 443 (msg: "MISP e25851 [QakBot,TTNET] Outgoing To IP: 85.107.13.154|443"; classtype:trojan-activity; sid:37023321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 41.98.4.60 443 (msg: "MISP e25851 [ALGTEL-AS,QakBot] Outgoing To IP: 41.98.4.60|443"; classtype:trojan-activity; sid:37023331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 109.255.66.174 995 (msg: "MISP e25851 [LIBERTYGLOBAL Liberty Global formerly UPC Broadband Holding aka AORTA,QakBot] Outgoing To IP: 109.255.66.174|995"; classtype:trojan-activity; sid:37023341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 41.201.100.168 2078 (msg: "MISP e25851 [ALGTEL-AS,QakBot] Outgoing To IP: 41.201.100.168|2078"; classtype:trojan-activity; sid:37023351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 41.201.100.168 2078 (msg: "MISP e25873 [] Outgoing To IP: 41.201.100.168|2078"; classtype:trojan-activity; sid:37034521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 109.255.66.174 995 (msg: "MISP e25873 [] Outgoing To IP: 109.255.66.174|995"; classtype:trojan-activity; sid:37034531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 41.98.4.60 443 (msg: "MISP e25873 [] Outgoing To IP: 41.98.4.60|443"; classtype:trojan-activity; sid:37034541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 85.107.13.154 443 (msg: "MISP e25873 [] Outgoing To IP: 85.107.13.154|443"; classtype:trojan-activity; sid:37034551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 94.23.155.217 445 (msg: "MISP e25873 [] Outgoing To IP: 94.23.155.217|445"; classtype:trojan-activity; sid:37034561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 134.209.244.69 443 (msg: "MISP e25873 [] Outgoing To IP: 134.209.244.69|443"; classtype:trojan-activity; sid:37034571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 45.152.85.10 443 (msg: "MISP e25873 [] Outgoing To IP: 45.152.85.10|443"; classtype:trojan-activity; sid:37034581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 47.76.34.199 8001 (msg: "MISP e25851 [c2,cobalt_strike] Outgoing To IP: 47.76.34.199|8001"; classtype:trojan-activity; sid:37023361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert dns any any -> any any (msg: "MISP e25873 [] Domain c0mmit.top"; dns.query; content:"c0mmit.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])c0mmit\.top$/i"; classtype:trojan-activity; sid:37034591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain c0mmit.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c0mmit.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c0mmit\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e25851 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//122.51.220.170/__utm.gif"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 107.189.14.144 8080 (msg: "MISP e25851 [CobaltStrike,cs-watermark-987654321,PONYNET] Outgoing URL http|3a|//107.189.14.144|3a|8080/activity"; flow:to_server,established; http.header; content:"107.189.14.144"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37023381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert http $HOME_NET any -> 107.189.14.144 8080 (msg: "MISP e25873 [] Outgoing URL http|3a|//107.189.14.144|3a|8080/activity"; flow:to_server,established; http.header; content:"107.189.14.144"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e25873 [] Outgoing URL http|3a|//122.51.220.170/__utm.gif"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37034631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 47.76.34.199 8001 (msg: "MISP e25873 [] Outgoing To IP: 47.76.34.199|8001"; classtype:trojan-activity; sid:37034641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 147.185.221.18 14881 (msg: "MISP e25873 [] Outgoing To IP: 147.185.221.18|14881"; classtype:trojan-activity; sid:37034651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain auto-benjamin.gl.at.ply.gg"; dns.query; content:"auto-benjamin.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])auto\-benjamin\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37034661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain auto-benjamin.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auto-benjamin.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auto\-benjamin\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25816 [] Source Email Address: support-sii@mail46222772.info"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"support-sii@mail46222772.info"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:36998251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25816;) alert dns any any -> any any (msg: "MISP e25817 [] Domain unamenpaito.com"; dns.query; content:"unamenpaito.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])unamenpaito\.com$/i"; classtype:trojan-activity; sid:36998361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25817;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25817 [] Outgoing HTTP Domain unamenpaito.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"unamenpaito.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])unamenpaito\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:36998362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25817;) alert ip $HOME_NET any -> 213.159.61.169 1177 (msg: "MISP e25873 [] Outgoing To IP: 213.159.61.169|1177"; classtype:trojan-activity; sid:37034671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain vinijr27.duckdns.org"; dns.query; content:"vinijr27.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])vinijr27\.duckdns\.org$/i"; classtype:trojan-activity; sid:37034681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain vinijr27.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vinijr27.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vinijr27\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25873 [] Domain noiphabibi.ddns.net"; dns.query; content:"noiphabibi.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])noiphabibi\.ddns\.net$/i"; classtype:trojan-activity; sid:37034691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25873 [] Outgoing HTTP Domain noiphabibi.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"noiphabibi.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])noiphabibi\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37034692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert ip $HOME_NET any -> 159.223.72.29 3790 (msg: "MISP e25851 [c2,Meterpreter] Outgoing To IP: 159.223.72.29|3790"; classtype:trojan-activity; sid:37023411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25851;) alert ip $HOME_NET any -> 159.223.72.29 3790 (msg: "MISP e25873 [] Outgoing To IP: 159.223.72.29|3790"; classtype:trojan-activity; sid:37034701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25873;) alert dns any any -> any any (msg: "MISP e25825 [] Domain mayorsplace.com.ng"; dns.query; content:"mayorsplace.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-])mayorsplace\.com\.ng$/i"; classtype:trojan-activity; sid:37016911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25825;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25825 [] Outgoing HTTP Domain mayorsplace.com.ng"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mayorsplace.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mayorsplace\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37016912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25825;) alert dns any any -> any any (msg: "MISP e25829 [] Domain mitarjetacencosudcl.bhojpuriacademy.org"; dns.query; content:"mitarjetacencosudcl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencosudcl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37018551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25829;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25829 [] Outgoing HTTP Domain mitarjetacencosudcl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mitarjetacencosudcl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencosudcl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37018552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25829;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname dce.pages.dev"; dns.query; content:"dce.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dce\.pages\.dev$/i"; classtype:trojan-activity; sid:37027801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname dce.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dce.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dce\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//dce.pages.dev"; flow:to_server,established; http.header; content:"dce.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname customerhelp1-hmz2.codeanyapp.com"; dns.query; content:"customerhelp1-hmz2.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])customerhelp1\-hmz2\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37027831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname customerhelp1-hmz2.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| customerhelp1-hmz2.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])customerhelp1\-hmz2\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname sbbschswissagns.com"; dns.query; content:"sbbschswissagns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbbschswissagns\.com$/i"; classtype:trojan-activity; sid:37027861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname sbbschswissagns.com"; flow:to_server,established; http.header; content: "Host|3a| sbbschswissagns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbbschswissagns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname xzc.cra.mybluehost.me"; dns.query; content:"xzc.cra.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xzc\.cra\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37027891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname xzc.cra.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| xzc.cra.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xzc\.cra\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname vuoloci.cfd"; dns.query; content:"vuoloci.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vuoloci\.cfd$/i"; classtype:trojan-activity; sid:37027921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname vuoloci.cfd"; flow:to_server,established; http.header; content: "Host|3a| vuoloci.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vuoloci\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname eiadelerinizialinseri.mooo.com"; dns.query; content:"eiadelerinizialinseri.mooo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eiadelerinizialinseri\.mooo\.com$/i"; classtype:trojan-activity; sid:37027951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname eiadelerinizialinseri.mooo.com"; flow:to_server,established; http.header; content: "Host|3a| eiadelerinizialinseri.mooo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eiadelerinizialinseri\.mooo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//eiadelerinizialinseri.mooo.com"; flow:to_server,established; http.header; content:"eiadelerinizialinseri.mooo.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname atsdata-7g9.pages.dev"; dns.query; content:"atsdata-7g9.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])atsdata\-7g9\.pages\.dev$/i"; classtype:trojan-activity; sid:37027981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname atsdata-7g9.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| atsdata-7g9.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])atsdata\-7g9\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37027982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//atsdata-7g9.pages.dev"; flow:to_server,established; http.header; content:"atsdata-7g9.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37027991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname sarlahiexpress.com"; dns.query; content:"sarlahiexpress.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sarlahiexpress\.com$/i"; classtype:trojan-activity; sid:37028011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname sarlahiexpress.com"; flow:to_server,established; http.header; content: "Host|3a| sarlahiexpress.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sarlahiexpress\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//sarlahiexpress.com"; flow:to_server,established; http.header; content:"sarlahiexpress.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname bvn.pages.dev"; dns.query; content:"bvn.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bvn\.pages\.dev$/i"; classtype:trojan-activity; sid:37028041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname bvn.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bvn.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bvn\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//bvn.pages.dev"; flow:to_server,established; http.header; content:"bvn.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname xzc.cra.mybluehost.me"; dns.query; content:"xzc.cra.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xzc\.cra\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37028071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname xzc.cra.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| xzc.cra.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xzc\.cra\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname divinedownload.com"; dns.query; content:"divinedownload.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])divinedownload\.com$/i"; classtype:trojan-activity; sid:37028101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname divinedownload.com"; flow:to_server,established; http.header; content: "Host|3a| divinedownload.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])divinedownload\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname shorturl.at"; dns.query; content:"shorturl.at"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shorturl\.at$/i"; classtype:trojan-activity; sid:37028131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname shorturl.at"; flow:to_server,established; http.header; content: "Host|3a| shorturl.at"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shorturl\.at[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname anthonyvitarellidds-c4h.pages.dev"; dns.query; content:"anthonyvitarellidds-c4h.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anthonyvitarellidds\-c4h\.pages\.dev$/i"; classtype:trojan-activity; sid:37028161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname anthonyvitarellidds-c4h.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| anthonyvitarellidds-c4h.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anthonyvitarellidds\-c4h\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//anthonyvitarellidds-c4h.pages.dev"; flow:to_server,established; http.header; content:"anthonyvitarellidds-c4h.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname beverlyhillsceramicimplants.com"; dns.query; content:"beverlyhillsceramicimplants.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beverlyhillsceramicimplants\.com$/i"; classtype:trojan-activity; sid:37028191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname beverlyhillsceramicimplants.com"; flow:to_server,established; http.header; content: "Host|3a| beverlyhillsceramicimplants.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beverlyhillsceramicimplants\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname dbet3658.com"; dns.query; content:"dbet3658.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dbet3658\.com$/i"; classtype:trojan-activity; sid:37028221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname dbet3658.com"; flow:to_server,established; http.header; content: "Host|3a| dbet3658.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dbet3658\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname pub-9f9f409dc5b24db59c601399ae066056.r2.dev"; dns.query; content:"pub-9f9f409dc5b24db59c601399ae066056.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-9f9f409dc5b24db59c601399ae066056\.r2\.dev$/i"; classtype:trojan-activity; sid:37028251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname pub-9f9f409dc5b24db59c601399ae066056.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-9f9f409dc5b24db59c601399ae066056.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-9f9f409dc5b24db59c601399ae066056\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tgis.teleg.men"; dns.query; content:"tgis.teleg.men"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgis\.teleg\.men$/i"; classtype:trojan-activity; sid:37028281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tgis.teleg.men"; flow:to_server,established; http.header; content: "Host|3a| tgis.teleg.men"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgis\.teleg\.men[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname northellc.pages.dev"; dns.query; content:"northellc.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])northellc\.pages\.dev$/i"; classtype:trojan-activity; sid:37028311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname northellc.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| northellc.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])northellc\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//northellc.pages.dev"; flow:to_server,established; http.header; content:"northellc.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname autogielda-owczarek.pl"; dns.query; content:"autogielda-owczarek.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-owczarek\.pl$/i"; classtype:trojan-activity; sid:37028371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname autogielda-owczarek.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-owczarek.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-owczarek\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//autogielda-owczarek.pl"; flow:to_server,established; http.header; content:"autogielda-owczarek.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname yuemi.pages.dev"; dns.query; content:"yuemi.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yuemi\.pages\.dev$/i"; classtype:trojan-activity; sid:37028401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname yuemi.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yuemi.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yuemi\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//yuemi.pages.dev"; flow:to_server,established; http.header; content:"yuemi.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname kusama-rpcextension.pages.dev"; dns.query; content:"kusama-rpcextension.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kusama\-rpcextension\.pages\.dev$/i"; classtype:trojan-activity; sid:37028461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname kusama-rpcextension.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| kusama-rpcextension.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kusama\-rpcextension\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//kusama-rpcextension.pages.dev"; flow:to_server,established; http.header; content:"kusama-rpcextension.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname gielda-motofan.pl"; dns.query; content:"gielda-motofan.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gielda\-motofan\.pl$/i"; classtype:trojan-activity; sid:37028491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname gielda-motofan.pl"; flow:to_server,established; http.header; content: "Host|3a| gielda-motofan.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gielda\-motofan\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//gielda-motofan.pl"; flow:to_server,established; http.header; content:"gielda-motofan.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname metawebfix-4.pages.dev"; dns.query; content:"metawebfix-4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metawebfix\-4\.pages\.dev$/i"; classtype:trojan-activity; sid:37028521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname metawebfix-4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| metawebfix-4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metawebfix\-4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//metawebfix-4.pages.dev"; flow:to_server,established; http.header; content:"metawebfix-4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname server-101011.square.site"; dns.query; content:"server-101011.square.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server\-101011\.square\.site$/i"; classtype:trojan-activity; sid:37028551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname server-101011.square.site"; flow:to_server,established; http.header; content: "Host|3a| server-101011.square.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server\-101011\.square\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tapk.it"; dns.query; content:"tapk.it"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tapk\.it$/i"; classtype:trojan-activity; sid:37028581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tapk.it"; flow:to_server,established; http.header; content: "Host|3a| tapk.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tapk\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname mailsupport345.wixsite.com"; dns.query; content:"mailsupport345.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailsupport345\.wixsite\.com$/i"; classtype:trojan-activity; sid:37028611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname mailsupport345.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| mailsupport345.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailsupport345\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname pamartmjw.wixsite.com"; dns.query; content:"pamartmjw.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pamartmjw\.wixsite\.com$/i"; classtype:trojan-activity; sid:37028641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname pamartmjw.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| pamartmjw.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pamartmjw\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname restoremetaweb.pages.dev"; dns.query; content:"restoremetaweb.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])restoremetaweb\.pages\.dev$/i"; classtype:trojan-activity; sid:37028701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname restoremetaweb.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| restoremetaweb.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])restoremetaweb\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//restoremetaweb.pages.dev"; flow:to_server,established; http.header; content:"restoremetaweb.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname edjcfjnddksndsknk.pages.dev"; dns.query; content:"edjcfjnddksndsknk.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edjcfjnddksndsknk\.pages\.dev$/i"; classtype:trojan-activity; sid:37028731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname edjcfjnddksndsknk.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| edjcfjnddksndsknk.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edjcfjnddksndsknk\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//edjcfjnddksndsknk.pages.dev"; flow:to_server,established; http.header; content:"edjcfjnddksndsknk.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname qrco.de"; dns.query; content:"qrco.de"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qrco\.de$/i"; classtype:trojan-activity; sid:37028761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname qrco.de"; flow:to_server,established; http.header; content: "Host|3a| qrco.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qrco\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname duw.dfv.mybluehost.me"; dns.query; content:"duw.dfv.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])duw\.dfv\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37028791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname duw.dfv.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| duw.dfv.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])duw\.dfv\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname crm.eisbachwatches.com"; dns.query; content:"crm.eisbachwatches.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crm\.eisbachwatches\.com$/i"; classtype:trojan-activity; sid:37028881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname crm.eisbachwatches.com"; flow:to_server,established; http.header; content: "Host|3a| crm.eisbachwatches.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crm\.eisbachwatches\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname customairva-22x.pages.dev"; dns.query; content:"customairva-22x.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])customairva\-22x\.pages\.dev$/i"; classtype:trojan-activity; sid:37028911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname customairva-22x.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| customairva-22x.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])customairva\-22x\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//customairva-22x.pages.dev"; flow:to_server,established; http.header; content:"customairva-22x.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname auto-mazowiecki.pl"; dns.query; content:"auto-mazowiecki.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-mazowiecki\.pl$/i"; classtype:trojan-activity; sid:37028941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname auto-mazowiecki.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-mazowiecki.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-mazowiecki\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//auto-mazowiecki.pl"; flow:to_server,established; http.header; content:"auto-mazowiecki.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37028951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname swisspassch-com457.web.app"; dns.query; content:"swisspassch-com457.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspassch\-com457\.web\.app$/i"; classtype:trojan-activity; sid:37028971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname swisspassch-com457.web.app"; flow:to_server,established; http.header; content: "Host|3a| swisspassch-com457.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspassch\-com457\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37028972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname debixuserserviceapp.sviluppo.host"; dns.query; content:"debixuserserviceapp.sviluppo.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])debixuserserviceapp\.sviluppo\.host$/i"; classtype:trojan-activity; sid:37029001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname debixuserserviceapp.sviluppo.host"; flow:to_server,established; http.header; content: "Host|3a| debixuserserviceapp.sviluppo.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])debixuserserviceapp\.sviluppo\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname gaarene.vn"; dns.query; content:"gaarene.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gaarene\.vn$/i"; classtype:trojan-activity; sid:37029031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname gaarene.vn"; flow:to_server,established; http.header; content: "Host|3a| gaarene.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gaarene\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//gaarene.vn"; flow:to_server,established; http.header; content:"gaarene.vn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspsuxw.top"; dns.query; content:"uspsuxw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxw\.top$/i"; classtype:trojan-activity; sid:37029061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspsuxw.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuxw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspsuxw.top"; flow:to_server,established; http.header; content:"uspsuxw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname bankmenia.it"; dns.query; content:"bankmenia.it"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bankmenia\.it$/i"; classtype:trojan-activity; sid:37029091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname bankmenia.it"; flow:to_server,established; http.header; content: "Host|3a| bankmenia.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bankmenia\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname s3n2u54bknspo-1324239560.cos.ap-singapore.myqcloud.com"; dns.query; content:"s3n2u54bknspo-1324239560.cos.ap-singapore.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s3n2u54bknspo\-1324239560\.cos\.ap\-singapore\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37029121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname s3n2u54bknspo-1324239560.cos.ap-singapore.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| s3n2u54bknspo-1324239560.cos.ap-singapore.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s3n2u54bknspo\-1324239560\.cos\.ap\-singapore\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//s3n2u54bknspo-1324239560.cos.ap-singapore.myqcloud.com/s3n2u54bknspo.html"; flow:to_server,established; http.header; content:"s3n2u54bknspo-1324239560.cos.ap-singapore.myqcloud.com"; fast_pattern; nocase; http.uri; content:"/s3n2u54bknspo.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname mesharepoint.com"; dns.query; content:"mesharepoint.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mesharepoint\.com$/i"; classtype:trojan-activity; sid:37029151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname mesharepoint.com"; flow:to_server,established; http.header; content: "Host|3a| mesharepoint.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mesharepoint\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tlgauth.ru"; dns.query; content:"tlgauth.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tlgauth\.ru$/i"; classtype:trojan-activity; sid:37029181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tlgauth.ru"; flow:to_server,established; http.header; content: "Host|3a| tlgauth.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tlgauth\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tlgauth.ru/"; flow:to_server,established; http.header; content:"tlgauth.ru"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tgadminuser.teleg.men"; dns.query; content:"tgadminuser.teleg.men"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.teleg\.men$/i"; classtype:trojan-activity; sid:37029211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tgadminuser.teleg.men"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.teleg.men"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.teleg\.men[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tacking-uspst-uo.top"; dns.query; content:"tacking-uspst-uo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-uo\.top$/i"; classtype:trojan-activity; sid:37029241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tacking-uspst-uo.top"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspst-uo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-uo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tacking-uspst-uo.top"; flow:to_server,established; http.header; content:"tacking-uspst-uo.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname uspostus.top"; dns.query; content:"uspostus.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspostus\.top$/i"; classtype:trojan-activity; sid:37029271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname uspostus.top"; flow:to_server,established; http.header; content: "Host|3a| uspostus.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspostus\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//uspostus.top"; flow:to_server,established; http.header; content:"uspostus.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname imtoken-lr.top"; dns.query; content:"imtoken-lr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-lr\.top$/i"; classtype:trojan-activity; sid:37029301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname imtoken-lr.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-lr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-lr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//imtoken-lr.top"; flow:to_server,established; http.header; content:"imtoken-lr.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname tokenpocknt.pro"; dns.query; content:"tokenpocknt.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocknt\.pro$/i"; classtype:trojan-activity; sid:37029331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname tokenpocknt.pro"; flow:to_server,established; http.header; content: "Host|3a| tokenpocknt.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocknt\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//tokenpocknt.pro"; flow:to_server,established; http.header; content:"tokenpocknt.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname identechinc-7mc.pages.dev"; dns.query; content:"identechinc-7mc.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identechinc\-7mc\.pages\.dev$/i"; classtype:trojan-activity; sid:37029361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname identechinc-7mc.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| identechinc-7mc.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identechinc\-7mc\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//identechinc-7mc.pages.dev"; flow:to_server,established; http.header; content:"identechinc-7mc.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t0kosp2cket.top"; dns.query; content:"t0kosp2cket.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kosp2cket\.top$/i"; classtype:trojan-activity; sid:37029391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t0kosp2cket.top"; flow:to_server,established; http.header; content: "Host|3a| t0kosp2cket.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kosp2cket\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//t0kosp2cket.top"; flow:to_server,established; http.header; content:"t0kosp2cket.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname imtoken-ls.top"; dns.query; content:"imtoken-ls.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ls\.top$/i"; classtype:trojan-activity; sid:37029421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname imtoken-ls.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ls.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ls\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//imtoken-ls.top"; flow:to_server,established; http.header; content:"imtoken-ls.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t0kovp2cket.top"; dns.query; content:"t0kovp2cket.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kovp2cket\.top$/i"; classtype:trojan-activity; sid:37029451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t0kovp2cket.top"; flow:to_server,established; http.header; content: "Host|3a| t0kovp2cket.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kovp2cket\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//t0kovp2cket.top"; flow:to_server,established; http.header; content:"t0kovp2cket.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname myfahai.com"; dns.query; content:"myfahai.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myfahai\.com$/i"; classtype:trojan-activity; sid:37029481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname myfahai.com"; flow:to_server,established; http.header; content: "Host|3a| myfahai.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myfahai\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//myfahai.com"; flow:to_server,established; http.header; content:"myfahai.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname usepy.top"; dns.query; content:"usepy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usepy\.top$/i"; classtype:trojan-activity; sid:37029511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname usepy.top"; flow:to_server,established; http.header; content: "Host|3a| usepy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usepy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//usepy.top"; flow:to_server,established; http.header; content:"usepy.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname t0kotp2cket.top"; dns.query; content:"t0kotp2cket.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kotp2cket\.top$/i"; classtype:trojan-activity; sid:37029541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname t0kotp2cket.top"; flow:to_server,established; http.header; content: "Host|3a| t0kotp2cket.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kotp2cket\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//t0kotp2cket.top"; flow:to_server,established; http.header; content:"t0kotp2cket.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname telegram-sexxgroup4.privatemessage25.com"; dns.query; content:"telegram-sexxgroup4.privatemessage25.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sexxgroup4\.privatemessage25\.com$/i"; classtype:trojan-activity; sid:37029571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname telegram-sexxgroup4.privatemessage25.com"; flow:to_server,established; http.header; content: "Host|3a| telegram-sexxgroup4.privatemessage25.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sexxgroup4\.privatemessage25\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//telegram-sexxgroup4.privatemessage25.com"; flow:to_server,established; http.header; content:"telegram-sexxgroup4.privatemessage25.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname swsspassch-com007.web.app"; dns.query; content:"swsspassch-com007.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swsspassch\-com007\.web\.app$/i"; classtype:trojan-activity; sid:37029601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname swsspassch-com007.web.app"; flow:to_server,established; http.header; content: "Host|3a| swsspassch-com007.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swsspassch\-com007\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname inr.s3.robotapi.xyz"; dns.query; content:"inr.s3.robotapi.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inr\.s3\.robotapi\.xyz$/i"; classtype:trojan-activity; sid:37029631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname inr.s3.robotapi.xyz"; flow:to_server,established; http.header; content: "Host|3a| inr.s3.robotapi.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inr\.s3\.robotapi\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname cornercardlogin.sviluppo.host"; dns.query; content:"cornercardlogin.sviluppo.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cornercardlogin\.sviluppo\.host$/i"; classtype:trojan-activity; sid:37029661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname cornercardlogin.sviluppo.host"; flow:to_server,established; http.header; content: "Host|3a| cornercardlogin.sviluppo.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cornercardlogin\.sviluppo\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname ballysnr.wixsite.com"; dns.query; content:"ballysnr.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ballysnr\.wixsite\.com$/i"; classtype:trojan-activity; sid:37029691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname ballysnr.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| ballysnr.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ballysnr\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname docu-streamauthentic.com"; dns.query; content:"docu-streamauthentic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])docu\-streamauthentic\.com$/i"; classtype:trojan-activity; sid:37029721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname docu-streamauthentic.com"; flow:to_server,established; http.header; content: "Host|3a| docu-streamauthentic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])docu\-streamauthentic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname vuoloci.cfd"; dns.query; content:"vuoloci.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vuoloci\.cfd$/i"; classtype:trojan-activity; sid:37029751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname vuoloci.cfd"; flow:to_server,established; http.header; content: "Host|3a| vuoloci.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vuoloci\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37029781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev/2ea14460-6fb9-4414-88e1-4220bcee9e8d"; flow:to_server,established; http.header; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; http.uri; content:"/2ea14460-6fb9-4414-88e1-4220bcee9e8d"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37029811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev/413af8d6-670b-435d-bd6b-c1ad40f97768"; flow:to_server,established; http.header; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; http.uri; content:"/413af8d6-670b-435d-bd6b-c1ad40f97768"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname pub-b5f86f2db0ac4b19a630a4b0fd4cb498.r2.dev"; dns.query; content:"pub-b5f86f2db0ac4b19a630a4b0fd4cb498.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b5f86f2db0ac4b19a630a4b0fd4cb498\.r2\.dev$/i"; classtype:trojan-activity; sid:37029841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname pub-b5f86f2db0ac4b19a630a4b0fd4cb498.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-b5f86f2db0ac4b19a630a4b0fd4cb498.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b5f86f2db0ac4b19a630a4b0fd4cb498\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//pub-b5f86f2db0ac4b19a630a4b0fd4cb498.r2.dev/mot7.html"; flow:to_server,established; http.header; content:"pub-b5f86f2db0ac4b19a630a4b0fd4cb498.r2.dev"; fast_pattern; nocase; http.uri; content:"/mot7.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname 26357.pages.dev"; dns.query; content:"26357.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])26357\.pages\.dev$/i"; classtype:trojan-activity; sid:37029871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname 26357.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 26357.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])26357\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//26357.pages.dev/"; flow:to_server,established; http.header; content:"26357.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname dqkkux.com"; dns.query; content:"dqkkux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dqkkux\.com$/i"; classtype:trojan-activity; sid:37029901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname dqkkux.com"; flow:to_server,established; http.header; content: "Host|3a| dqkkux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dqkkux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//dqkkux.com/gg/index.html"; flow:to_server,established; http.header; content:"dqkkux.com"; fast_pattern; nocase; http.uri; content:"/gg/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname scandal-melayu.viral-telegram.com"; dns.query; content:"scandal-melayu.viral-telegram.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scandal\-melayu\.viral\-telegram\.com$/i"; classtype:trojan-activity; sid:37029931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname scandal-melayu.viral-telegram.com"; flow:to_server,established; http.header; content: "Host|3a| scandal-melayu.viral-telegram.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scandal\-melayu\.viral\-telegram\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//scandal-melayu.viral-telegram.com/main.php"; flow:to_server,established; http.header; content:"scandal-melayu.viral-telegram.com"; fast_pattern; nocase; http.uri; content:"/main.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname daoprotocol.pages.dev"; dns.query; content:"daoprotocol.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])daoprotocol\.pages\.dev$/i"; classtype:trojan-activity; sid:37029961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname daoprotocol.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| daoprotocol.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])daoprotocol\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//daoprotocol.pages.dev"; flow:to_server,established; http.header; content:"daoprotocol.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37029971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname bcn.pages.dev"; dns.query; content:"bcn.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bcn\.pages\.dev$/i"; classtype:trojan-activity; sid:37029991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname bcn.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bcn.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bcn\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37029992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//bcn.pages.dev"; flow:to_server,established; http.header; content:"bcn.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert ip $HOME_NET any -> 45.148.244.206 443 (msg: "MISP e25895 [c2,cobalt_strike] Outgoing To IP: 45.148.244.206|443"; classtype:trojan-activity; sid:37039261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname jskyyzhikqvwxrwubsb.eduexpress.com.bd"; dns.query; content:"jskyyzhikqvwxrwubsb.eduexpress.com.bd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jskyyzhikqvwxrwubsb\.eduexpress\.com\.bd$/i"; classtype:trojan-activity; sid:37030021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname jskyyzhikqvwxrwubsb.eduexpress.com.bd"; flow:to_server,established; http.header; content: "Host|3a| jskyyzhikqvwxrwubsb.eduexpress.com.bd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jskyyzhikqvwxrwubsb\.eduexpress\.com\.bd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37030022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//jskyyzhikqvwxrwubsb.eduexpress.com.bd/"; flow:to_server,established; http.header; content:"jskyyzhikqvwxrwubsb.eduexpress.com.bd"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname posttfiinancelusi.me"; dns.query; content:"posttfiinancelusi.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])posttfiinancelusi\.me$/i"; classtype:trojan-activity; sid:37030081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname posttfiinancelusi.me"; flow:to_server,established; http.header; content: "Host|3a| posttfiinancelusi.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])posttfiinancelusi\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37030082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25820 [] Outgoing URL http|3a|//posttfiinancelusi.me/finance/"; flow:to_server,established; http.header; content:"posttfiinancelusi.me"; fast_pattern; nocase; http.uri; content:"/finance/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert dns any any -> any any (msg: "MISP e25820 [] Hostname oam.org.br"; dns.query; content:"oam.org.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oam\.org\.br$/i"; classtype:trojan-activity; sid:37030111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25820 [] Outgoing HTTP Hostname oam.org.br"; flow:to_server,established; http.header; content: "Host|3a| oam.org.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oam\.org\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37030112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25820;) alert ip $HOME_NET any -> 45.148.244.206 443 (msg: "MISP e25872 [c2,misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 45.148.244.206|443"; classtype:trojan-activity; sid:37030701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert dns any any -> any any (msg: "MISP e25850 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:37020491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25850;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25850 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37020492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25850;) alert ip $HOME_NET any -> 94.156.66.178 8080 (msg: "MISP e25895 [RedLineStealer] Outgoing To IP: 94.156.66.178|8080"; classtype:trojan-activity; sid:37039271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 94.156.66.178 8080 (msg: "MISP e25872 [RedLineStealer] Outgoing To IP: 94.156.66.178|8080"; classtype:trojan-activity; sid:37030711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert dns any any -> any any (msg: "MISP e25860 [] Hostname sm2.ponderarlo.com"; dns.query; content:"sm2.ponderarlo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sm2\.ponderarlo\.com$/i"; classtype:trojan-activity; sid:37030351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25860;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25860 [] Outgoing HTTP Hostname sm2.ponderarlo.com"; flow:to_server,established; http.header; content: "Host|3a| sm2.ponderarlo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sm2\.ponderarlo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37030352; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25860;) alert ip $HOME_NET any -> 104.248.169.220 any (msg: "MISP e25860 [] Outgoing To IP: 104.248.169.220"; classtype:trojan-activity; sid:37030361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25860;) alert ip $HOME_NET any -> 104.248.169.220 any (msg: "MISP e25860 [] Outgoing To IP: 104.248.169.220"; classtype:trojan-activity; sid:37030171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25860;) alert dns any any -> any any (msg: "MISP e25860 [] Domain rubic-dev.xyz"; dns.query; content:"rubic-dev.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])rubic\-dev\.xyz$/i"; classtype:trojan-activity; sid:37030161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25860;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25860 [] Outgoing HTTP Domain rubic-dev.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rubic-dev.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rubic\-dev\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37030162; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25860;) alert dns any any -> any any (msg: "MISP e25872 [Mirai,misp:confidence-level="usually-confident"] Domain bot.elite-likes.de"; dns.query; content:"bot.elite-likes.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.elite\-likes\.de$/i"; classtype:trojan-activity; sid:37030721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25872 [Mirai,misp:confidence-level="usually-confident"] Outgoing HTTP Domain bot.elite-likes.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bot.elite-likes.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.elite\-likes\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37030722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert dns any any -> any any (msg: "MISP e25872 [Mirai,misp:confidence-level="usually-confident"] Domain bot.shop4youv2.de"; dns.query; content:"bot.shop4youv2.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.shop4youv2\.de$/i"; classtype:trojan-activity; sid:37030731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25872 [Mirai,misp:confidence-level="usually-confident"] Outgoing HTTP Domain bot.shop4youv2.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bot.shop4youv2.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.shop4youv2\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37030732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 93.123.85.149 38245 (msg: "MISP e25872 [Mirai,misp:confidence-level="usually-confident"] Outgoing To IP: 93.123.85.149|38245"; classtype:trojan-activity; sid:37030741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 109.248.151.213 45682 (msg: "MISP e25895 [AveMariaRAT,RAT] Outgoing To IP: 109.248.151.213|45682"; classtype:trojan-activity; sid:37039311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 109.248.151.213 45682 (msg: "MISP e25872 [] Outgoing To IP: 109.248.151.213|45682"; classtype:trojan-activity; sid:37030751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert dns any any -> any any (msg: "MISP e25852 [] Domain mayorsplace.com.ng"; dns.query; content:"mayorsplace.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-])mayorsplace\.com\.ng$/i"; classtype:trojan-activity; sid:37023441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25852;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25852 [] Outgoing HTTP Domain mayorsplace.com.ng"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mayorsplace.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mayorsplace\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37023442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25852;) alert ip $HOME_NET any -> 190.232.148.118 3790 (msg: "MISP e25895 [c2,Meterpreter] Outgoing To IP: 190.232.148.118|3790"; classtype:trojan-activity; sid:37039321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 190.232.148.118 3790 (msg: "MISP e25872 [] Outgoing To IP: 190.232.148.118|3790"; classtype:trojan-activity; sid:37030761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 195.85.207.219 8082 (msg: "MISP e25872 [] Outgoing To IP: 195.85.207.219|8082"; classtype:trojan-activity; sid:37030771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 31.210.50.162 8082 (msg: "MISP e25872 [] Outgoing To IP: 31.210.50.162|8082"; classtype:trojan-activity; sid:37030781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 94.131.113.192 8082 (msg: "MISP e25872 [] Outgoing To IP: 94.131.113.192|8082"; classtype:trojan-activity; sid:37030791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 31.42.190.137 8082 (msg: "MISP e25872 [] Outgoing To IP: 31.42.190.137|8082"; classtype:trojan-activity; sid:37030801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 154.198.245.50 8082 (msg: "MISP e25872 [] Outgoing To IP: 154.198.245.50|8082"; classtype:trojan-activity; sid:37030811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 194.195.245.97 8082 (msg: "MISP e25872 [] Outgoing To IP: 194.195.245.97|8082"; classtype:trojan-activity; sid:37030821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 195.10.205.18 8082 (msg: "MISP e25872 [] Outgoing To IP: 195.10.205.18|8082"; classtype:trojan-activity; sid:37030831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 207.180.224.118 8082 (msg: "MISP e25872 [] Outgoing To IP: 207.180.224.118|8082"; classtype:trojan-activity; sid:37030841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 91.92.249.240 8082 (msg: "MISP e25872 [] Outgoing To IP: 91.92.249.240|8082"; classtype:trojan-activity; sid:37030851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 20.90.160.195 8082 (msg: "MISP e25872 [] Outgoing To IP: 20.90.160.195|8082"; classtype:trojan-activity; sid:37030861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 77.105.147.90 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//77.105.147.90/auth/login"; flow:to_server,established; http.header; content:"77.105.147.90"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 194.87.31.20 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//194.87.31.20/auth/login"; flow:to_server,established; http.header; content:"194.87.31.20"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 95.216.100.78 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//95.216.100.78/auth/login"; flow:to_server,established; http.header; content:"95.216.100.78"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 79.137.205.179 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//79.137.205.179/auth/login"; flow:to_server,established; http.header; content:"79.137.205.179"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 89.185.85.34 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//89.185.85.34/auth/login"; flow:to_server,established; http.header; content:"89.185.85.34"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 79.137.205.201 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//79.137.205.201/auth/login"; flow:to_server,established; http.header; content:"79.137.205.201"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 85.192.63.65 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//85.192.63.65/auth/login"; flow:to_server,established; http.header; content:"85.192.63.65"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 5.182.87.160 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//5.182.87.160/auth/login"; flow:to_server,established; http.header; content:"5.182.87.160"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 85.192.63.35 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//85.192.63.35/auth/login"; flow:to_server,established; http.header; content:"85.192.63.35"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 5.182.87.27 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//5.182.87.27/auth/login"; flow:to_server,established; http.header; content:"5.182.87.27"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 95.181.173.28 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//95.181.173.28/auth/login"; flow:to_server,established; http.header; content:"95.181.173.28"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 77.105.147.136 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//77.105.147.136/auth/login"; flow:to_server,established; http.header; content:"77.105.147.136"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 79.137.202.225 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//79.137.202.225/auth/login"; flow:to_server,established; http.header; content:"79.137.202.225"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 5.42.77.121 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//5.42.77.121/auth/login"; flow:to_server,established; http.header; content:"5.42.77.121"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 146.70.161.13 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//146.70.161.13/auth/login"; flow:to_server,established; http.header; content:"146.70.161.13"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 185.149.146.159 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//185.149.146.159/auth/login"; flow:to_server,established; http.header; content:"185.149.146.159"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 193.233.133.81 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//193.233.133.81/auth/login"; flow:to_server,established; http.header; content:"193.233.133.81"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 95.181.173.181 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//95.181.173.181/auth/login"; flow:to_server,established; http.header; content:"95.181.173.181"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 178.236.247.9 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//178.236.247.9/auth/login"; flow:to_server,established; http.header; content:"178.236.247.9"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 185.26.239.246 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//185.26.239.246/auth/login"; flow:to_server,established; http.header; content:"185.26.239.246"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 185.106.94.31 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//185.106.94.31/auth/login"; flow:to_server,established; http.header; content:"185.106.94.31"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 212.118.52.90 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//212.118.52.90/auth/login"; flow:to_server,established; http.header; content:"212.118.52.90"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 8.217.23.144 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//8.217.23.144/auth/login"; flow:to_server,established; http.header; content:"8.217.23.144"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 45.150.65.121 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//45.150.65.121/auth/login"; flow:to_server,established; http.header; content:"45.150.65.121"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 212.113.116.56 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//212.113.116.56/auth/login"; flow:to_server,established; http.header; content:"212.113.116.56"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 20.0.25.177 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//20.0.25.177/auth/login"; flow:to_server,established; http.header; content:"20.0.25.177"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 178.236.246.39 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//178.236.246.39/auth/login"; flow:to_server,established; http.header; content:"178.236.246.39"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 109.107.181.169 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//109.107.181.169/auth/login"; flow:to_server,established; http.header; content:"109.107.181.169"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 89.185.85.132 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//89.185.85.132/auth/login"; flow:to_server,established; http.header; content:"89.185.85.132"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 95.181.173.233 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//95.181.173.233/auth/login"; flow:to_server,established; http.header; content:"95.181.173.233"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 79.137.207.44 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//79.137.207.44/auth/login"; flow:to_server,established; http.header; content:"79.137.207.44"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 78.141.239.24 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//78.141.239.24/auth/login"; flow:to_server,established; http.header; content:"78.141.239.24"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 5.42.72.7 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//5.42.72.7/auth/login"; flow:to_server,established; http.header; content:"5.42.72.7"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 178.20.46.217 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//178.20.46.217/auth/login"; flow:to_server,established; http.header; content:"178.20.46.217"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 178.20.43.135 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//178.20.43.135/auth/login"; flow:to_server,established; http.header; content:"178.20.43.135"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 109.107.173.48 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//109.107.173.48/auth/login"; flow:to_server,established; http.header; content:"109.107.173.48"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 74.50.93.136 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//74.50.93.136/auth/login"; flow:to_server,established; http.header; content:"74.50.93.136"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 51.81.243.237 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//51.81.243.237/auth/login"; flow:to_server,established; http.header; content:"51.81.243.237"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 5.42.72.48 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//5.42.72.48/auth/login"; flow:to_server,established; http.header; content:"5.42.72.48"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 45.74.19.107 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//45.74.19.107/auth/login"; flow:to_server,established; http.header; content:"45.74.19.107"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 185.106.94.70 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//185.106.94.70/auth/login"; flow:to_server,established; http.header; content:"185.106.94.70"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 185.17.0.222 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//185.17.0.222/auth/login"; flow:to_server,established; http.header; content:"185.17.0.222"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 178.236.246.253 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//178.236.246.253/auth/login"; flow:to_server,established; http.header; content:"178.236.246.253"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 79.137.203.80 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//79.137.203.80/auth/login"; flow:to_server,established; http.header; content:"79.137.203.80"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 94.228.170.86 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//94.228.170.86/auth/login"; flow:to_server,established; http.header; content:"94.228.170.86"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 194.87.71.159 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//194.87.71.159/auth/login"; flow:to_server,established; http.header; content:"194.87.71.159"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 79.137.203.233 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//79.137.203.233/auth/login"; flow:to_server,established; http.header; content:"79.137.203.233"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 95.181.173.235 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//95.181.173.235/auth/login"; flow:to_server,established; http.header; content:"95.181.173.235"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 95.181.173.8 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//95.181.173.8/auth/login"; flow:to_server,established; http.header; content:"95.181.173.8"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 77.105.147.196 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//77.105.147.196/auth/login"; flow:to_server,established; http.header; content:"77.105.147.196"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 5.42.78.61 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//5.42.78.61/auth/login"; flow:to_server,established; http.header; content:"5.42.78.61"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 79.137.199.199 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//79.137.199.199/auth/login"; flow:to_server,established; http.header; content:"79.137.199.199"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 79.137.207.226 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//79.137.207.226/auth/login"; flow:to_server,established; http.header; content:"79.137.207.226"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 64.52.80.13 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//64.52.80.13/auth/login"; flow:to_server,established; http.header; content:"64.52.80.13"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 193.233.133.97 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//193.233.133.97/auth/login"; flow:to_server,established; http.header; content:"193.233.133.97"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 79.137.202.24 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//79.137.202.24/auth/login"; flow:to_server,established; http.header; content:"79.137.202.24"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 89.208.103.72 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//89.208.103.72/auth/login"; flow:to_server,established; http.header; content:"89.208.103.72"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 77.105.146.152 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//77.105.146.152/auth/login"; flow:to_server,established; http.header; content:"77.105.146.152"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 185.225.200.120 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//185.225.200.120/auth/login"; flow:to_server,established; http.header; content:"185.225.200.120"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> 79.137.194.188 $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//79.137.194.188/auth/login"; flow:to_server,established; http.header; content:"79.137.194.188"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 119.3.220.200 9080 (msg: "MISP e25895 [c2,cobalt_strike] Outgoing To IP: 119.3.220.200|9080"; classtype:trojan-activity; sid:37039331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 119.3.220.200 9080 (msg: "MISP e25872 [] Outgoing To IP: 119.3.220.200|9080"; classtype:trojan-activity; sid:37031471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 52.66.148.83 10001 (msg: "MISP e25895 [c2,extreme_rat] Outgoing To IP: 52.66.148.83|10001"; classtype:trojan-activity; sid:37039341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25895 [dcrat] Outgoing URL http|3a|//a0915620.xsph.ru/26048ad8.php"; flow:to_server,established; http.header; content:"a0915620.xsph.ru"; fast_pattern; nocase; http.uri; content:"/26048ad8.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37039351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//a0915620.xsph.ru/26048ad8.php"; flow:to_server,established; http.header; content:"a0915620.xsph.ru"; fast_pattern; nocase; http.uri; content:"/26048ad8.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 52.66.148.83 10001 (msg: "MISP e25872 [] Outgoing To IP: 52.66.148.83|10001"; classtype:trojan-activity; sid:37031491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 94.156.64.228 65517 (msg: "MISP e25895 [NanoCore,RAT] Outgoing To IP: 94.156.64.228|65517"; classtype:trojan-activity; sid:37039361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 94.156.64.228 65517 (msg: "MISP e25872 [] Outgoing To IP: 94.156.64.228|65517"; classtype:trojan-activity; sid:37031501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25895 [Loki] Outgoing URL http|3a|//sempersim.su/c6/fre.php"; flow:to_server,established; http.header; content:"sempersim.su"; fast_pattern; nocase; http.uri; content:"/c6/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37039371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25872 [] Outgoing URL http|3a|//sempersim.su/c6/fre.php"; flow:to_server,established; http.header; content:"sempersim.su"; fast_pattern; nocase; http.uri; content:"/c6/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37031511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert dns any any -> any any (msg: "MISP e25853 [] Domain mayorsplace.com.ng"; dns.query; content:"mayorsplace.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-])mayorsplace\.com\.ng$/i"; classtype:trojan-activity; sid:37023521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25853;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25853 [] Outgoing HTTP Domain mayorsplace.com.ng"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mayorsplace.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mayorsplace\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37023522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25853;) alert ip $HOME_NET any -> 93.123.85.4 9931 (msg: "MISP e25872 [] Outgoing To IP: 93.123.85.4|9931"; classtype:trojan-activity; sid:37031521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 91.92.254.111 1977 (msg: "MISP e25895 [AveMariaRAT,RAT] Outgoing To IP: 91.92.254.111|1977"; classtype:trojan-activity; sid:37039391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 91.92.254.111 1977 (msg: "MISP e25872 [] Outgoing To IP: 91.92.254.111|1977"; classtype:trojan-activity; sid:37031531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 152.69.220.235 1443 (msg: "MISP e25895 [Deimos,ORACLE-BMC-31898] Outgoing To IP: 152.69.220.235|1443"; classtype:trojan-activity; sid:37039401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 216.189.159.197 53 (msg: "MISP e25895 [Bianlian Go Trojan,HOSTUS-GLOBAL-AS HostUS] Outgoing To IP: 216.189.159.197|53"; classtype:trojan-activity; sid:37039411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 20.224.11.48 443 (msg: "MISP e25895 [Havoc,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.224.11.48|443"; classtype:trojan-activity; sid:37039421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 168.119.96.5 443 (msg: "MISP e25895 [Havoc,HETZNER-AS] Outgoing To IP: 168.119.96.5|443"; classtype:trojan-activity; sid:37039431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 45.9.191.183 443 (msg: "MISP e25895 [AS-HOSTINGER,Havoc] Outgoing To IP: 45.9.191.183|443"; classtype:trojan-activity; sid:37039441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 3.143.234.125 443 (msg: "MISP e25895 [AMAZON-02,Havoc] Outgoing To IP: 3.143.234.125|443"; classtype:trojan-activity; sid:37039451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 124.220.235.28 1002 (msg: "MISP e25895 [Havoc,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 124.220.235.28|1002"; classtype:trojan-activity; sid:37039461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 167.56.197.73 995 (msg: "MISP e25895 [Administracion Nacional de Telecomunicaciones,QakBot] Outgoing To IP: 167.56.197.73|995"; classtype:trojan-activity; sid:37039471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 167.56.197.73 995 (msg: "MISP e25872 [] Outgoing To IP: 167.56.197.73|995"; classtype:trojan-activity; sid:37031541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 124.220.235.28 1002 (msg: "MISP e25872 [] Outgoing To IP: 124.220.235.28|1002"; classtype:trojan-activity; sid:37031551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 3.143.234.125 443 (msg: "MISP e25872 [] Outgoing To IP: 3.143.234.125|443"; classtype:trojan-activity; sid:37031561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 45.9.191.183 443 (msg: "MISP e25872 [] Outgoing To IP: 45.9.191.183|443"; classtype:trojan-activity; sid:37031571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 168.119.96.5 443 (msg: "MISP e25872 [] Outgoing To IP: 168.119.96.5|443"; classtype:trojan-activity; sid:37031581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 20.224.11.48 443 (msg: "MISP e25872 [] Outgoing To IP: 20.224.11.48|443"; classtype:trojan-activity; sid:37031591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 216.189.159.197 53 (msg: "MISP e25872 [] Outgoing To IP: 216.189.159.197|53"; classtype:trojan-activity; sid:37031601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 152.69.220.235 1443 (msg: "MISP e25872 [] Outgoing To IP: 152.69.220.235|1443"; classtype:trojan-activity; sid:37031611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25872;) alert ip $HOME_NET any -> 93.123.85.4 9931 (msg: "MISP e25895 [Mirai] Outgoing To IP: 93.123.85.4|9931"; classtype:trojan-activity; sid:37039381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [Mirai] Domain bot.elite-likes.de"; dns.query; content:"bot.elite-likes.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.elite\-likes\.de$/i"; classtype:trojan-activity; sid:37039301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [Mirai] Outgoing HTTP Domain bot.elite-likes.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bot.elite-likes.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.elite\-likes\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 93.123.85.149 38245 (msg: "MISP e25895 [Mirai] Outgoing To IP: 93.123.85.149|38245"; classtype:trojan-activity; sid:37039281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [Mirai] Domain bot.shop4youv2.de"; dns.query; content:"bot.shop4youv2.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.shop4youv2\.de$/i"; classtype:trojan-activity; sid:37039291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [Mirai] Outgoing HTTP Domain bot.shop4youv2.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bot.shop4youv2.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.shop4youv2\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-666666] Domain c0mmit.top"; dns.query; content:"c0mmit.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])c0mmit\.top$/i"; classtype:trojan-activity; sid:37039251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-666666] Outgoing HTTP Domain c0mmit.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c0mmit.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c0mmit\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-1551089073] Domain farkhunda.3cx.us"; dns.query; content:"farkhunda.3cx.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])farkhunda\.3cx\.us$/i"; classtype:trojan-activity; sid:37039241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-1551089073] Outgoing HTTP Domain farkhunda.3cx.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"farkhunda.3cx.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])farkhunda\.3cx\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-589039153] Domain ec2-107-23-38-171.compute-1.amazonaws.com"; dns.query; content:"ec2-107-23-38-171.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-107\-23\-38\-171\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37039231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-589039153] Outgoing HTTP Domain ec2-107-23-38-171.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-107-23-38-171.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-107\-23\-38\-171\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-589039153] Domain nateeka.com"; dns.query; content:"nateeka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nateeka\.com$/i"; classtype:trojan-activity; sid:37039221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-589039153] Outgoing HTTP Domain nateeka.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nateeka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nateeka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-589039153] Domain dns.nateeka.com"; dns.query; content:"dns.nateeka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.nateeka\.com$/i"; classtype:trojan-activity; sid:37039211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-589039153] Outgoing HTTP Domain dns.nateeka.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.nateeka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.nateeka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-987654321] Domain www.maksonsab.ru"; dns.query; content:"www.maksonsab.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maksonsab\.ru$/i"; classtype:trojan-activity; sid:37039201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain www.maksonsab.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.maksonsab.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maksonsab\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-987654321] Domain maksonsab.ru"; dns.query; content:"maksonsab.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])maksonsab\.ru$/i"; classtype:trojan-activity; sid:37039191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain maksonsab.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maksonsab.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maksonsab\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-391144938] Domain www.frozenk.fr"; dns.query; content:"www.frozenk.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.frozenk\.fr$/i"; classtype:trojan-activity; sid:37039171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-391144938] Outgoing HTTP Domain www.frozenk.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.frozenk.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.frozenk\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-391144938] Domain vmi1357229.contaboserver.net"; dns.query; content:"vmi1357229.contaboserver.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1357229\.contaboserver\.net$/i"; classtype:trojan-activity; sid:37039181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-391144938] Outgoing HTTP Domain vmi1357229.contaboserver.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi1357229.contaboserver.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1357229\.contaboserver\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-391144938] Domain ftp.frozenk.fr"; dns.query; content:"ftp.frozenk.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.frozenk\.fr$/i"; classtype:trojan-activity; sid:37039161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-391144938] Outgoing HTTP Domain ftp.frozenk.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ftp.frozenk.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.frozenk\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-391144938] Domain frozenk.fr"; dns.query; content:"frozenk.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])frozenk\.fr$/i"; classtype:trojan-activity; sid:37039151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-391144938] Outgoing HTTP Domain frozenk.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frozenk.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frozenk\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> 42.87.151.164 58719 (msg: "MISP e25861 [] Outgoing URL http|3a|//42.87.151.164|3a|58719/.i"; flow:to_server,established; http.header; content:"42.87.151.164"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37030521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25861;) alert ip $HOME_NET any -> 42.87.151.164 any (msg: "MISP e25861 [] Outgoing To IP: 42.87.151.164"; classtype:trojan-activity; sid:37030531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25861;) alert dns any any -> any any (msg: "MISP e25847 [] Hostname near.flyspecialline.com"; dns.query; content:"near.flyspecialline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])near\.flyspecialline\.com$/i"; classtype:trojan-activity; sid:37057701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25847 [] Outgoing HTTP Hostname near.flyspecialline.com"; flow:to_server,established; http.header; content: "Host|3a| near.flyspecialline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])near\.flyspecialline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37057702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert dns any any -> any any (msg: "MISP e25847 [] Hostname post.plastformspecial.com"; dns.query; content:"post.plastformspecial.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])post\.plastformspecial\.com$/i"; classtype:trojan-activity; sid:37057711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25847 [] Outgoing HTTP Hostname post.plastformspecial.com"; flow:to_server,established; http.header; content: "Host|3a| post.plastformspecial.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])post\.plastformspecial\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37057712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert ip $HOME_NET any -> 88.198.107.6 443 (msg: "MISP e25895 [Vidar] Outgoing To IP: 88.198.107.6|443"; classtype:trojan-activity; sid:37039491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 212.113.106.100 8888 (msg: "MISP e25895 [apt28,Ivanti,sliver] Outgoing To IP: 212.113.106.100|8888"; classtype:trojan-activity; sid:37039501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 103.186.117.105 1970 (msg: "MISP e25895 [RAT,RemcosRAT] Outgoing To IP: 103.186.117.105|1970"; classtype:trojan-activity; sid:37039511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [CobaltStrike,cs-watermark-223578096,GOOGLE-CLOUD-PLATFORM] Domain ogind.drobpox.us"; dns.query; content:"ogind.drobpox.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])ogind\.drobpox\.us$/i"; classtype:trojan-activity; sid:37039531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [CobaltStrike,cs-watermark-223578096,GOOGLE-CLOUD-PLATFORM] Outgoing HTTP Domain ogind.drobpox.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ogind.drobpox.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ogind\.drobpox\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25923 [] Domain mail.dreuokma.info"; dns.query; content:"mail.dreuokma.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.dreuokma\.info$/i"; classtype:trojan-activity; sid:37056021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25923;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25923 [] Outgoing HTTP Domain mail.dreuokma.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.dreuokma.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.dreuokma\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37056022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25923;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25923 [] Source Email Address: mezzynow@dreuokma.info"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"mezzynow@dreuokma.info"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37056031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25923;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25923 [] Destination Email Address: mezzynow@dreuokma.info"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"mezzynow@dreuokma.info"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37056032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25923;) alert dns any any -> any any (msg: "MISP e25854 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37023601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25854;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25854 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37023602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25854;) alert tls any any -> any any (msg: "MISP e26235 [] JA3 Hash: 339f6adf54e6076d069dcaac54fddc25"; ja3.hash; content:"339f6adf54e6076d069dcaac54fddc25"; fast_pattern; tag:session,600,seconds; classtype:trojan-activity; sid:37228211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26235;) alert dns any any -> any any (msg: "MISP e25855 [] Domain patito.theaerie.ca"; dns.query; content:"patito.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37023681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25855;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25855 [] Outgoing HTTP Domain patito.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patito.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37023682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25855;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL 191.101.2.27/ar/digital.html"; flow:to_server,established; http.uri; content:"191.101.2.27/ar/digital.html"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL facturacions.northeurope.cloudapp.azure.com/arvbs/index.php?va"; flow:to_server,established; http.uri; content:"facturacions.northeurope.cloudapp.azure.com/arvbs/index.php?va"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//eurotrip.canadacentral.cloudapp.azure.com/a/index.php?va"; flow:to_server,established; http.header; content:"eurotrip.canadacentral.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/a/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//facturacions.northeurope.cloudapp.azure.com/you/index.php?va"; flow:to_server,established; http.header; content:"facturacions.northeurope.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/you/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL facturas.co.in/a12/"; flow:to_server,established; http.uri; content:"facturas.co.in/a12/"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//deliverhq.org/a12"; flow:to_server,established; http.header; content:"deliverhq.org"; fast_pattern; nocase; http.uri; content:"/a12"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL 149.100.157.218/ar/digital.html"; flow:to_server,established; http.uri; content:"149.100.157.218/ar/digital.html"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> 154.223.16.114 $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//154.223.16.114/nv/index.php"; flow:to_server,established; http.header; content:"154.223.16.114"; fast_pattern; nocase; http.uri; content:"/nv/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//facturacionmovistar.tech/yu"; flow:to_server,established; http.header; content:"facturacionmovistar.tech"; fast_pattern; nocase; http.uri; content:"/yu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> 149.100.157.218 $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//149.100.157.218/you/digital.html"; flow:to_server,established; http.header; content:"149.100.157.218"; fast_pattern; nocase; http.uri; content:"/you/digital.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//fabulasnats.ddnsking.com/25/25"; flow:to_server,established; http.header; content:"fabulasnats.ddnsking.com"; fast_pattern; nocase; http.uri; content:"/25/25"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> 154.223.16.114 $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//154.223.16.114/bt/index.php"; flow:to_server,established; http.header; content:"154.223.16.114"; fast_pattern; nocase; http.uri; content:"/bt/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//contas.store/ps1/index.php"; flow:to_server,established; http.header; content:"contas.store"; fast_pattern; nocase; http.uri; content:"/ps1/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//avs.myftp.biz/29/"; flow:to_server,established; http.header; content:"avs.myftp.biz"; fast_pattern; nocase; http.uri; content:"/29/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> 38.54.20.37 $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//38.54.20.37/OT"; flow:to_server,established; http.header; content:"38.54.20.37"; fast_pattern; nocase; http.uri; content:"/OT"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//avs.myftp.biz/29/?=-=J0"; flow:to_server,established; http.header; content:"avs.myftp.biz"; fast_pattern; nocase; http.uri; content:"/29/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> 38.54.20.37 $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//38.54.20.37/29/index.php?d=29"; flow:to_server,established; http.header; content:"38.54.20.37"; fast_pattern; nocase; http.uri; content:"/29/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> 38.54.20.37 $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//38.54.20.37/29/29"; flow:to_server,established; http.header; content:"38.54.20.37"; fast_pattern; nocase; http.uri; content:"/29/29"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//abc1.myftp.biz/nv/index.php"; flow:to_server,established; http.header; content:"abc1.myftp.biz"; fast_pattern; nocase; http.uri; content:"/nv/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//mxq.zapto.org/ps1/index.php"; flow:to_server,established; http.header; content:"mxq.zapto.org"; fast_pattern; nocase; http.uri; content:"/ps1/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//sva.gotdns.ch/nv/index.php"; flow:to_server,established; http.header; content:"sva.gotdns.ch"; fast_pattern; nocase; http.uri; content:"/nv/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//dz1.sytes.net/ps1/index.php"; flow:to_server,established; http.header; content:"dz1.sytes.net"; fast_pattern; nocase; http.uri; content:"/ps1/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//fabulasnats.ddnsking.com/nv/index.php"; flow:to_server,established; http.header; content:"fabulasnats.ddnsking.com"; fast_pattern; nocase; http.uri; content:"/nv/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//dftssa.3utilities.com/nv/index.php"; flow:to_server,established; http.header; content:"dftssa.3utilities.com"; fast_pattern; nocase; http.uri; content:"/nv/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert http $HOME_NET any -> 89.116.236.122 $HTTP_PORTS (msg: "MISP e25931 [diamond-model:Infrastructure,kill-chain:Weaponization] Outgoing URL http|3a|//89.116.236.122/a/08/150822/au/slvimt/list.txt"; flow:to_server,established; http.header; content:"89.116.236.122"; fast_pattern; nocase; http.uri; content:"/a/08/150822/au/slvimt/list.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25931;) alert ip $HOME_NET any -> 47.100.170.9 50050 (msg: "MISP e25895 [c2,cobalt_strike] Outgoing To IP: 47.100.170.9|50050"; classtype:trojan-activity; sid:37039541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25930 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"24e5bfd53db476e726d975440d5b8669bda2886be2216652b8e77223a967388e|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37056501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25930;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25930 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"1745581b19ab853f4fa4638ceb04ce63e8207e2eae7f91d240a1a143b6c5640d|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37056511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25930;) alert dns any any -> any any (msg: "MISP e25856 [] Domain mi-tarjetacencosud.cl.aeroupholsterycleaningmelbourne.com.au"; dns.query; content:"mi-tarjetacencosud.cl.aeroupholsterycleaningmelbourne.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\.cl\.aeroupholsterycleaningmelbourne\.com\.au$/i"; classtype:trojan-activity; sid:37023771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25856;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25856 [] Outgoing HTTP Domain mi-tarjetacencosud.cl.aeroupholsterycleaningmelbourne.com.au"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud.cl.aeroupholsterycleaningmelbourne.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\.cl\.aeroupholsterycleaningmelbourne\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37023772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25856;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37043631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname dawnwise.co.zw"; dns.query; content:"dawnwise.co.zw"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dawnwise\.co\.zw$/i"; classtype:trojan-activity; sid:37043661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname dawnwise.co.zw"; flow:to_server,established; http.header; content: "Host|3a| dawnwise.co.zw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dawnwise\.co\.zw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname purplepixie.com.au"; dns.query; content:"purplepixie.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])purplepixie\.com\.au$/i"; classtype:trojan-activity; sid:37043691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname purplepixie.com.au"; flow:to_server,established; http.header; content: "Host|3a| purplepixie.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])purplepixie\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname bankmenia.org"; dns.query; content:"bankmenia.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bankmenia\.org$/i"; classtype:trojan-activity; sid:37043721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname bankmenia.org"; flow:to_server,established; http.header; content: "Host|3a| bankmenia.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bankmenia\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegarmlem.cc"; dns.query; content:"telegarmlem.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarmlem\.cc$/i"; classtype:trojan-activity; sid:37043751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegarmlem.cc"; flow:to_server,established; http.header; content: "Host|3a| telegarmlem.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarmlem\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname join18privategroup.my.id"; dns.query; content:"join18privategroup.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join18privategroup\.my\.id$/i"; classtype:trojan-activity; sid:37043781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname join18privategroup.my.id"; flow:to_server,established; http.header; content: "Host|3a| join18privategroup.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join18privategroup\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname cek-selengkapnya.biz.id"; dns.query; content:"cek-selengkapnya.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cek\-selengkapnya\.biz\.id$/i"; classtype:trojan-activity; sid:37043811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname cek-selengkapnya.biz.id"; flow:to_server,established; http.header; content: "Host|3a| cek-selengkapnya.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cek\-selengkapnya\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegreman.work"; dns.query; content:"telegreman.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegreman\.work$/i"; classtype:trojan-activity; sid:37043841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegreman.work"; flow:to_server,established; http.header; content: "Host|3a| telegreman.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegreman\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegreman.work/"; flow:to_server,established; http.header; content:"telegreman.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname teleprlem.fit"; dns.query; content:"teleprlem.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleprlem\.fit$/i"; classtype:trojan-activity; sid:37043871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname teleprlem.fit"; flow:to_server,established; http.header; content: "Host|3a| teleprlem.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleprlem\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//teleprlem.fit/"; flow:to_server,established; http.header; content:"teleprlem.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegrpme.work"; dns.query; content:"telegrpme.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpme\.work$/i"; classtype:trojan-activity; sid:37043901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegrpme.work"; flow:to_server,established; http.header; content: "Host|3a| telegrpme.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpme\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegrpme.work/"; flow:to_server,established; http.header; content:"telegrpme.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telepgrlm.work"; dns.query; content:"telepgrlm.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telepgrlm\.work$/i"; classtype:trojan-activity; sid:37043931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telepgrlm.work"; flow:to_server,established; http.header; content: "Host|3a| telepgrlm.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telepgrlm\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telepgrlm.work/"; flow:to_server,established; http.header; content:"telepgrlm.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegrlm.work"; dns.query; content:"telegrlm.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.work$/i"; classtype:trojan-activity; sid:37043961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegrlm.work"; flow:to_server,established; http.header; content: "Host|3a| telegrlm.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegrlm.work/"; flow:to_server,established; http.header; content:"telegrlm.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname teleprlem.work"; dns.query; content:"teleprlem.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleprlem\.work$/i"; classtype:trojan-activity; sid:37043991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname teleprlem.work"; flow:to_server,established; http.header; content: "Host|3a| teleprlem.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleprlem\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37043992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//teleprlem.work/"; flow:to_server,established; http.header; content:"teleprlem.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegsrem.work"; dns.query; content:"telegsrem.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegsrem\.work$/i"; classtype:trojan-activity; sid:37044021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegsrem.work"; flow:to_server,established; http.header; content: "Host|3a| telegsrem.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegsrem\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegsrem.work/"; flow:to_server,established; http.header; content:"telegsrem.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegrlm.club"; dns.query; content:"telegrlm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.club$/i"; classtype:trojan-activity; sid:37044051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegrlm.club"; flow:to_server,established; http.header; content: "Host|3a| telegrlm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegrlm.club/"; flow:to_server,established; http.header; content:"telegrlm.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegrlm.fit"; dns.query; content:"telegrlm.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.fit$/i"; classtype:trojan-activity; sid:37044081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegrlm.fit"; flow:to_server,established; http.header; content: "Host|3a| telegrlm.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegrlm.fit/"; flow:to_server,established; http.header; content:"telegrlm.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname teleprlem.club"; dns.query; content:"teleprlem.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleprlem\.club$/i"; classtype:trojan-activity; sid:37044111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname teleprlem.club"; flow:to_server,established; http.header; content: "Host|3a| teleprlem.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleprlem\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//teleprlem.club/"; flow:to_server,established; http.header; content:"teleprlem.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname teleqream.fit"; dns.query; content:"teleqream.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleqream\.fit$/i"; classtype:trojan-activity; sid:37044141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname teleqream.fit"; flow:to_server,established; http.header; content: "Host|3a| teleqream.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleqream\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//teleqream.fit/"; flow:to_server,established; http.header; content:"teleqream.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegrpnm.work"; dns.query; content:"telegrpnm.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.work$/i"; classtype:trojan-activity; sid:37044171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegrpnm.work"; flow:to_server,established; http.header; content: "Host|3a| telegrpnm.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegrpnm.work/"; flow:to_server,established; http.header; content:"telegrpnm.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname teleqream.work"; dns.query; content:"teleqream.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleqream\.work$/i"; classtype:trojan-activity; sid:37044201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname teleqream.work"; flow:to_server,established; http.header; content: "Host|3a| teleqream.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleqream\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//teleqream.work/"; flow:to_server,established; http.header; content:"teleqream.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegrpsm.fit"; dns.query; content:"telegrpsm.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpsm\.fit$/i"; classtype:trojan-activity; sid:37044231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegrpsm.fit"; flow:to_server,established; http.header; content: "Host|3a| telegrpsm.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpsm\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegrpsm.fit/"; flow:to_server,established; http.header; content:"telegrpsm.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegrpnm.fit"; dns.query; content:"telegrpnm.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.fit$/i"; classtype:trojan-activity; sid:37044261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegrpnm.fit"; flow:to_server,established; http.header; content: "Host|3a| telegrpnm.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegrpnm.fit/"; flow:to_server,established; http.header; content:"telegrpnm.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegrpnm.club"; dns.query; content:"telegrpnm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.club$/i"; classtype:trojan-activity; sid:37044291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegrpnm.club"; flow:to_server,established; http.header; content: "Host|3a| telegrpnm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegrpnm.club/"; flow:to_server,established; http.header; content:"telegrpnm.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tinyurl.com/3j5f7tdu"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/3j5f7tdu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 9874.pages.dev"; dns.query; content:"9874.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9874\.pages\.dev$/i"; classtype:trojan-activity; sid:37044381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 9874.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 9874.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9874\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//9874.pages.dev"; flow:to_server,established; http.header; content:"9874.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname vcfpiopio.weebly.com"; dns.query; content:"vcfpiopio.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vcfpiopio\.weebly\.com$/i"; classtype:trojan-activity; sid:37044411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname vcfpiopio.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| vcfpiopio.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vcfpiopio\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tinyurl.com/7zup96x7"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/7zup96x7"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname mjkioploipio.weebly.com"; dns.query; content:"mjkioploipio.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mjkioploipio\.weebly\.com$/i"; classtype:trojan-activity; sid:37044501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname mjkioploipio.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| mjkioploipio.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mjkioploipio\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname ehmizmtler2024.com"; dns.query; content:"ehmizmtler2024.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehmizmtler2024\.com$/i"; classtype:trojan-activity; sid:37044531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname ehmizmtler2024.com"; flow:to_server,established; http.header; content: "Host|3a| ehmizmtler2024.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehmizmtler2024\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//ehmizmtler2024.com"; flow:to_server,established; http.header; content:"ehmizmtler2024.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname u051373.stepform.io"; dns.query; content:"u051373.stepform.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])u051373\.stepform\.io$/i"; classtype:trojan-activity; sid:37044561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname u051373.stepform.io"; flow:to_server,established; http.header; content: "Host|3a| u051373.stepform.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])u051373\.stepform\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname linke.to"; dns.query; content:"linke.to"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])linke\.to$/i"; classtype:trojan-activity; sid:37044591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname linke.to"; flow:to_server,established; http.header; content: "Host|3a| linke.to"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])linke\.to[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname dev-kld6dsw.pantheonsite.io"; dns.query; content:"dev-kld6dsw.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\-kld6dsw\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37044651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname dev-kld6dsw.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a| dev-kld6dsw.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\-kld6dsw\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname prtnma-pgpv-zstor.vercel.app"; dns.query; content:"prtnma-pgpv-zstor.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prtnma\-pgpv\-zstor\.vercel\.app$/i"; classtype:trojan-activity; sid:37044681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname prtnma-pgpv-zstor.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| prtnma-pgpv-zstor.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prtnma\-pgpv\-zstor\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname acheter-sans-ordonnance.fr"; dns.query; content:"acheter-sans-ordonnance.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])acheter\-sans\-ordonnance\.fr$/i"; classtype:trojan-activity; sid:37044711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname acheter-sans-ordonnance.fr"; flow:to_server,established; http.header; content: "Host|3a| acheter-sans-ordonnance.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])acheter\-sans\-ordonnance\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usps.address-correction-science.top"; dns.query; content:"usps.address-correction-science.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.address\-correction\-science\.top$/i"; classtype:trojan-activity; sid:37044741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usps.address-correction-science.top"; flow:to_server,established; http.header; content: "Host|3a| usps.address-correction-science.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.address\-correction\-science\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//usps.address-correction-science.top"; flow:to_server,established; http.header; content:"usps.address-correction-science.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tinyurl.com/5cvmnf64"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/5cvmnf64"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wdh0odh281p.tulisku.my.id"; dns.query; content:"wdh0odh281p.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wdh0odh281p\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37044831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wdh0odh281p.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| wdh0odh281p.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wdh0odh281p\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//wdh0odh281p.tulisku.my.id"; flow:to_server,established; http.header; content:"wdh0odh281p.tulisku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname webmail-106387.weeblysite.com"; dns.query; content:"webmail-106387.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\-106387\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37044861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname webmail-106387.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| webmail-106387.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\-106387\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname tokenpocket-tpmuo.net"; dns.query; content:"tokenpocket-tpmuo.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpmuo\.net$/i"; classtype:trojan-activity; sid:37044891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname tokenpocket-tpmuo.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpocket-tpmuo.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpmuo\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tokenpocket-tpmuo.net"; flow:to_server,established; http.header; content:"tokenpocket-tpmuo.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tinyurl.com/375jn43z"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/375jn43z"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37044931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname btvalidationsupport.w3spaces.com"; dns.query; content:"btvalidationsupport.w3spaces.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btvalidationsupport\.w3spaces\.com$/i"; classtype:trojan-activity; sid:37044951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname btvalidationsupport.w3spaces.com"; flow:to_server,established; http.header; content: "Host|3a| btvalidationsupport.w3spaces.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btvalidationsupport\.w3spaces\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37044952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname webmailserverservicesactionrequiredautneticatie02.pages.dev"; dns.query; content:"webmailserverservicesactionrequiredautneticatie02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmailserverservicesactionrequiredautneticatie02\.pages\.dev$/i"; classtype:trojan-activity; sid:37045011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname webmailserverservicesactionrequiredautneticatie02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| webmailserverservicesactionrequiredautneticatie02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmailserverservicesactionrequiredautneticatie02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//webmailserverservicesactionrequiredautneticatie02.pages.dev"; flow:to_server,established; http.header; content:"webmailserverservicesactionrequiredautneticatie02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname essageriepro3-pro-login.tempurl.host"; dns.query; content:"essageriepro3-pro-login.tempurl.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])essageriepro3\-pro\-login\.tempurl\.host$/i"; classtype:trojan-activity; sid:37045041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname essageriepro3-pro-login.tempurl.host"; flow:to_server,established; http.header; content: "Host|3a| essageriepro3-pro-login.tempurl.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])essageriepro3\-pro\-login\.tempurl\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname swissistpass.web.app"; dns.query; content:"swissistpass.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swissistpass\.web\.app$/i"; classtype:trojan-activity; sid:37045071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname swissistpass.web.app"; flow:to_server,established; http.header; content: "Host|3a| swissistpass.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swissistpass\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname fhaos0wo20s0.tulisku.my.id"; dns.query; content:"fhaos0wo20s0.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fhaos0wo20s0\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37045101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname fhaos0wo20s0.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| fhaos0wo20s0.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fhaos0wo20s0\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//fhaos0wo20s0.tulisku.my.id"; flow:to_server,established; http.header; content:"fhaos0wo20s0.tulisku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname srv208008.hoster-test.ru"; dns.query; content:"srv208008.hoster-test.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srv208008\.hoster\-test\.ru$/i"; classtype:trojan-activity; sid:37045131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname srv208008.hoster-test.ru"; flow:to_server,established; http.header; content: "Host|3a| srv208008.hoster-test.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srv208008\.hoster\-test\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//srv208008.hoster-test.ru/fr/nw/fr/infos.php"; flow:to_server,established; http.header; content:"srv208008.hoster-test.ru"; fast_pattern; nocase; http.uri; content:"/fr/nw/fr/infos.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telepgrlm.fit"; dns.query; content:"telepgrlm.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telepgrlm\.fit$/i"; classtype:trojan-activity; sid:37045161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telepgrlm.fit"; flow:to_server,established; http.header; content: "Host|3a| telepgrlm.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telepgrlm\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telepgrlm.fit/"; flow:to_server,established; http.header; content:"telepgrlm.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname j-natural.com"; dns.query; content:"j-natural.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j\-natural\.com$/i"; classtype:trojan-activity; sid:37045191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname j-natural.com"; flow:to_server,established; http.header; content: "Host|3a| j-natural.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j\-natural\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname vwt.pfg.mybluehost.me"; dns.query; content:"vwt.pfg.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwt\.pfg\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37045221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname vwt.pfg.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| vwt.pfg.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwt\.pfg\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname vwt.pfg.mybluehost.me"; dns.query; content:"vwt.pfg.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwt\.pfg\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37045251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname vwt.pfg.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| vwt.pfg.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwt\.pfg\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname vwt.pfg.mybluehost.me"; dns.query; content:"vwt.pfg.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwt\.pfg\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37045281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname vwt.pfg.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| vwt.pfg.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwt\.pfg\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname nccollege.org"; dns.query; content:"nccollege.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nccollege\.org$/i"; classtype:trojan-activity; sid:37045311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname nccollege.org"; flow:to_server,established; http.header; content: "Host|3a| nccollege.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nccollege\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname stargrowth.com.br"; dns.query; content:"stargrowth.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stargrowth\.com\.br$/i"; classtype:trojan-activity; sid:37045341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname stargrowth.com.br"; flow:to_server,established; http.header; content: "Host|3a| stargrowth.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stargrowth\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname sp-track.nomosmarket.com.ua"; dns.query; content:"sp-track.nomosmarket.com.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sp\-track\.nomosmarket\.com\.ua$/i"; classtype:trojan-activity; sid:37045371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname sp-track.nomosmarket.com.ua"; flow:to_server,established; http.header; content: "Host|3a| sp-track.nomosmarket.com.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sp\-track\.nomosmarket\.com\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname j-natural.com"; dns.query; content:"j-natural.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j\-natural\.com$/i"; classtype:trojan-activity; sid:37045401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname j-natural.com"; flow:to_server,established; http.header; content: "Host|3a| j-natural.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j\-natural\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname stargrowth.com.br"; dns.query; content:"stargrowth.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stargrowth\.com\.br$/i"; classtype:trojan-activity; sid:37045431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname stargrowth.com.br"; flow:to_server,established; http.header; content: "Host|3a| stargrowth.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stargrowth\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname codes.jekar.my.id"; dns.query; content:"codes.jekar.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])codes\.jekar\.my\.id$/i"; classtype:trojan-activity; sid:37045461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname codes.jekar.my.id"; flow:to_server,established; http.header; content: "Host|3a| codes.jekar.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])codes\.jekar\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//codes.jekar.my.id"; flow:to_server,established; http.header; content:"codes.jekar.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname giveawayhp.cpanel-vip.my.id"; dns.query; content:"giveawayhp.cpanel-vip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])giveawayhp\.cpanel\-vip\.my\.id$/i"; classtype:trojan-activity; sid:37045491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname giveawayhp.cpanel-vip.my.id"; flow:to_server,established; http.header; content: "Host|3a| giveawayhp.cpanel-vip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])giveawayhp\.cpanel\-vip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//giveawayhp.cpanel-vip.my.id"; flow:to_server,established; http.header; content:"giveawayhp.cpanel-vip.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 9doollaarrrrrr.pages.dev"; dns.query; content:"9doollaarrrrrr.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9doollaarrrrrr\.pages\.dev$/i"; classtype:trojan-activity; sid:37045521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 9doollaarrrrrr.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 9doollaarrrrrr.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9doollaarrrrrr\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//9doollaarrrrrr.pages.dev"; flow:to_server,established; http.header; content:"9doollaarrrrrr.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname xpsky.pages.dev"; dns.query; content:"xpsky.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xpsky\.pages\.dev$/i"; classtype:trojan-activity; sid:37045551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname xpsky.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| xpsky.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xpsky\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//xpsky.pages.dev"; flow:to_server,established; http.header; content:"xpsky.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname djwoshq8sh10.tulisku.my.id"; dns.query; content:"djwoshq8sh10.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djwoshq8sh10\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37045581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname djwoshq8sh10.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| djwoshq8sh10.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djwoshq8sh10\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//djwoshq8sh10.tulisku.my.id"; flow:to_server,established; http.header; content:"djwoshq8sh10.tulisku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname tqdhwosj29p.tulisku.my.id"; dns.query; content:"tqdhwosj29p.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tqdhwosj29p\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37045611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname tqdhwosj29p.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| tqdhwosj29p.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tqdhwosj29p\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tqdhwosj29p.tulisku.my.id"; flow:to_server,established; http.header; content:"tqdhwosj29p.tulisku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname owhdiwhzup1p.tulisku.my.id"; dns.query; content:"owhdiwhzup1p.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])owhdiwhzup1p\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37045641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname owhdiwhzup1p.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| owhdiwhzup1p.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])owhdiwhzup1p\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//owhdiwhzup1p.tulisku.my.id"; flow:to_server,established; http.header; content:"owhdiwhzup1p.tulisku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 365e333.com"; dns.query; content:"365e333.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365e333\.com$/i"; classtype:trojan-activity; sid:37045671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 365e333.com"; flow:to_server,established; http.header; content: "Host|3a| 365e333.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365e333\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37045701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37045731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37045761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37045791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37045821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37045851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37045881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname pub-8d84562919e54131a7c066684c45ffb8.r2.dev"; dns.query; content:"pub-8d84562919e54131a7c066684c45ffb8.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8d84562919e54131a7c066684c45ffb8\.r2\.dev$/i"; classtype:trojan-activity; sid:37045911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname pub-8d84562919e54131a7c066684c45ffb8.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-8d84562919e54131a7c066684c45ffb8.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8d84562919e54131a7c066684c45ffb8\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname dhdowhdiw19.tulisku.my.id"; dns.query; content:"dhdowhdiw19.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhdowhdiw19\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37045941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname dhdowhdiw19.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| dhdowhdiw19.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhdowhdiw19\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//dhdowhdiw19.tulisku.my.id"; flow:to_server,established; http.header; content:"dhdowhdiw19.tulisku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname adobe-7c1.pages.dev"; dns.query; content:"adobe-7c1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adobe\-7c1\.pages\.dev$/i"; classtype:trojan-activity; sid:37045971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname adobe-7c1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| adobe-7c1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adobe\-7c1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37045972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//adobe-7c1.pages.dev"; flow:to_server,established; http.header; content:"adobe-7c1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37045981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname bsdk-islemler.com"; dns.query; content:"bsdk-islemler.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bsdk\-islemler\.com$/i"; classtype:trojan-activity; sid:37046001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname bsdk-islemler.com"; flow:to_server,established; http.header; content: "Host|3a| bsdk-islemler.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bsdk\-islemler\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//bsdk-islemler.com"; flow:to_server,established; http.header; content:"bsdk-islemler.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname yuiouo.pages.dev"; dns.query; content:"yuiouo.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yuiouo\.pages\.dev$/i"; classtype:trojan-activity; sid:37046031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname yuiouo.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yuiouo.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yuiouo\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//yuiouo.pages.dev"; flow:to_server,established; http.header; content:"yuiouo.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname khgsgdsuyteyemghj.pages.dev"; dns.query; content:"khgsgdsuyteyemghj.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])khgsgdsuyteyemghj\.pages\.dev$/i"; classtype:trojan-activity; sid:37046061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname khgsgdsuyteyemghj.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| khgsgdsuyteyemghj.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])khgsgdsuyteyemghj\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//khgsgdsuyteyemghj.pages.dev"; flow:to_server,established; http.header; content:"khgsgdsuyteyemghj.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname sukientetfreefire.shop"; dns.query; content:"sukientetfreefire.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sukientetfreefire\.shop$/i"; classtype:trojan-activity; sid:37046091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname sukientetfreefire.shop"; flow:to_server,established; http.header; content: "Host|3a| sukientetfreefire.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sukientetfreefire\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//sukientetfreefire.shop"; flow:to_server,established; http.header; content:"sukientetfreefire.shop"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname yjlix.pages.dev"; dns.query; content:"yjlix.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yjlix\.pages\.dev$/i"; classtype:trojan-activity; sid:37046121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname yjlix.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yjlix.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yjlix\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//yjlix.pages.dev"; flow:to_server,established; http.header; content:"yjlix.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname developmentueksecurityservermanagerjkshekhjdgsfsgdh.pages.dev"; dns.query; content:"developmentueksecurityservermanagerjkshekhjdgsfsgdh.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])developmentueksecurityservermanagerjkshekhjdgsfsgdh\.pages\.dev$/i"; classtype:trojan-activity; sid:37046151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname developmentueksecurityservermanagerjkshekhjdgsfsgdh.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| developmentueksecurityservermanagerjkshekhjdgsfsgdh.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])developmentueksecurityservermanagerjkshekhjdgsfsgdh\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//developmentueksecurityservermanagerjkshekhjdgsfsgdh.pages.dev"; flow:to_server,established; http.header; content:"developmentueksecurityservermanagerjkshekhjdgsfsgdh.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname sh1wodhiws171.tulisku.my.id"; dns.query; content:"sh1wodhiws171.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sh1wodhiws171\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37046181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname sh1wodhiws171.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| sh1wodhiws171.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sh1wodhiws171\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//sh1wodhiws171.tulisku.my.id"; flow:to_server,established; http.header; content:"sh1wodhiws171.tulisku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.uspcd.top"; dns.query; content:"uspz.uspcd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcd\.top$/i"; classtype:trojan-activity; sid:37046211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.uspcd.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//uspz.uspcd.top"; flow:to_server,established; http.header; content:"uspz.uspcd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspsmessges.world"; dns.query; content:"uspsmessges.world"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsmessges\.world$/i"; classtype:trojan-activity; sid:37046241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspsmessges.world"; flow:to_server,established; http.header; content: "Host|3a| uspsmessges.world"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsmessges\.world[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//uspsmessges.world"; flow:to_server,established; http.header; content:"uspsmessges.world"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usps.omnivae.ltd"; dns.query; content:"usps.omnivae.ltd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.omnivae\.ltd$/i"; classtype:trojan-activity; sid:37046271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usps.omnivae.ltd"; flow:to_server,established; http.header; content: "Host|3a| usps.omnivae.ltd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.omnivae\.ltd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//usps.omnivae.ltd"; flow:to_server,established; http.header; content:"usps.omnivae.ltd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspo.usspne.top"; dns.query; content:"uspo.usspne.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspne\.top$/i"; classtype:trojan-activity; sid:37046301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspo.usspne.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspne.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspne\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//uspo.usspne.top"; flow:to_server,established; http.header; content:"uspo.usspne.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspo.usspnd.top"; dns.query; content:"uspo.usspnd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspnd\.top$/i"; classtype:trojan-activity; sid:37046331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspo.usspnd.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspnd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspnd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//uspo.usspnd.top/pg?do=index"; flow:to_server,established; http.header; content:"uspo.usspnd.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspc.usspsq.top"; dns.query; content:"uspc.usspsq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspsq\.top$/i"; classtype:trojan-activity; sid:37046361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspc.usspsq.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspsq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspsq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//uspc.usspsq.top"; flow:to_server,established; http.header; content:"uspc.usspsq.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37046371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname youtubeiuntskf.terbaru-2023.com"; dns.query; content:"youtubeiuntskf.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])youtubeiuntskf\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37046391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname youtubeiuntskf.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| youtubeiuntskf.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])youtubeiuntskf\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname x04327.com"; dns.query; content:"x04327.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])x04327\.com$/i"; classtype:trojan-activity; sid:37046421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname x04327.com"; flow:to_server,established; http.header; content: "Host|3a| x04327.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])x04327\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname worker-jolly-haze-c83e.snoker18.workers.dev"; dns.query; content:"worker-jolly-haze-c83e.snoker18.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-jolly\-haze\-c83e\.snoker18\.workers\.dev$/i"; classtype:trojan-activity; sid:37046451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname worker-jolly-haze-c83e.snoker18.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-jolly-haze-c83e.snoker18.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-jolly\-haze\-c83e\.snoker18\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname whatp-cvnvaeyue.terbaru-2023.com"; dns.query; content:"whatp-cvnvaeyue.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatp\-cvnvaeyue\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37046481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname whatp-cvnvaeyue.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| whatp-cvnvaeyue.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatp\-cvnvaeyue\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname ussps.usspcp.top"; dns.query; content:"ussps.usspcp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussps\.usspcp\.top$/i"; classtype:trojan-activity; sid:37046511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname ussps.usspcp.top"; flow:to_server,established; http.header; content: "Host|3a| ussps.usspcp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussps\.usspcp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.usspka.top"; dns.query; content:"uspz.usspka.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspka\.top$/i"; classtype:trojan-activity; sid:37046541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.usspka.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspka.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspka\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.usspji.top"; dns.query; content:"uspz.usspji.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspji\.top$/i"; classtype:trojan-activity; sid:37046571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.usspji.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspji.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspji\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.usspjc.top"; dns.query; content:"uspz.usspjc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjc\.top$/i"; classtype:trojan-activity; sid:37046601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.usspjc.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspjc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.uspsgk.top"; dns.query; content:"uspz.uspsgk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsgk\.top$/i"; classtype:trojan-activity; sid:37046631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.uspsgk.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsgk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsgk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.uspsgd.top"; dns.query; content:"uspz.uspsgd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsgd\.top$/i"; classtype:trojan-activity; sid:37046661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.uspsgd.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsgd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsgd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.uspsfu.top"; dns.query; content:"uspz.uspsfu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfu\.top$/i"; classtype:trojan-activity; sid:37046691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.uspsfu.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsfu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.uspmt.top"; dns.query; content:"uspz.uspmt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmt\.top$/i"; classtype:trojan-activity; sid:37046721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.uspmt.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.uspii.top"; dns.query; content:"uspz.uspii.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspii\.top$/i"; classtype:trojan-activity; sid:37046751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.uspii.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspii.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspii\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.uspig.top"; dns.query; content:"uspz.uspig.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspig\.top$/i"; classtype:trojan-activity; sid:37046781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.uspig.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspig.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspig\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.uspfi.top"; dns.query; content:"uspz.uspfi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfi\.top$/i"; classtype:trojan-activity; sid:37046811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.uspfi.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.usspyg.top"; dns.query; content:"usp.usspyg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyg\.top$/i"; classtype:trojan-activity; sid:37046841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.usspyg.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspz.uspaib.top"; dns.query; content:"uspz.uspaib.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaib\.top$/i"; classtype:trojan-activity; sid:37046871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspz.uspaib.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspaib.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaib\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.ussptz.top"; dns.query; content:"usp.ussptz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptz\.top$/i"; classtype:trojan-activity; sid:37046901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.ussptz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.ussptw.top"; dns.query; content:"usp.ussptw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptw\.top$/i"; classtype:trojan-activity; sid:37046931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.ussptw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.usspou.top"; dns.query; content:"usp.usspou.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspou\.top$/i"; classtype:trojan-activity; sid:37046961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.usspou.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspou.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspou\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.usspon.top"; dns.query; content:"usp.usspon.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspon\.top$/i"; classtype:trojan-activity; sid:37046991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.usspon.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspon.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspon\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37046992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.usspna.top"; dns.query; content:"usp.usspna.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspna\.top$/i"; classtype:trojan-activity; sid:37047021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.usspna.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspna.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspna\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.usspmy.top"; dns.query; content:"usp.usspmy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspmy\.top$/i"; classtype:trojan-activity; sid:37047051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.usspmy.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspmy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspmy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.usspmw.top"; dns.query; content:"usp.usspmw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspmw\.top$/i"; classtype:trojan-activity; sid:37047081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.usspmw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspmw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspmw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.usspgh.top"; dns.query; content:"usp.usspgh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspgh\.top$/i"; classtype:trojan-activity; sid:37047111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.usspgh.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspgh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspgh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.ussplk.top"; dns.query; content:"usp.ussplk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussplk\.top$/i"; classtype:trojan-activity; sid:37047141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.ussplk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussplk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussplk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.usspeq.top"; dns.query; content:"usp.usspeq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspeq\.top$/i"; classtype:trojan-activity; sid:37047171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.usspeq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspeq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspeq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.usspem.top"; dns.query; content:"usp.usspem.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspem\.top$/i"; classtype:trojan-activity; sid:37047201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.usspem.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspem.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspem\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usp.uspscc.top"; dns.query; content:"usp.uspscc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspscc\.top$/i"; classtype:trojan-activity; sid:37047231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usp.uspscc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.uspscc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspscc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usps.usspabs.top"; dns.query; content:"usps.usspabs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.usspabs\.top$/i"; classtype:trojan-activity; sid:37047261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usps.usspabs.top"; flow:to_server,established; http.header; content: "Host|3a| usps.usspabs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.usspabs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usps.mytrack-nc.com"; dns.query; content:"usps.mytrack-nc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-nc\.com$/i"; classtype:trojan-activity; sid:37047291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usps.mytrack-nc.com"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrack-nc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-nc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usps.mytrackingtq.com"; dns.query; content:"usps.mytrackingtq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingtq\.com$/i"; classtype:trojan-activity; sid:37047321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usps.mytrackingtq.com"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingtq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingtq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usps.mytrackingrr.top"; dns.query; content:"usps.mytrackingrr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingrr\.top$/i"; classtype:trojan-activity; sid:37047351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usps.mytrackingrr.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingrr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingrr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usps.mytrack-id.com"; dns.query; content:"usps.mytrack-id.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-id\.com$/i"; classtype:trojan-activity; sid:37047381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usps.mytrack-id.com"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrack-id.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-id\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspscity.com"; dns.query; content:"uspscity.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspscity\.com$/i"; classtype:trojan-activity; sid:37047411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspscity.com"; flow:to_server,established; http.header; content: "Host|3a| uspscity.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspscity\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspo.ussptj.top"; dns.query; content:"uspo.ussptj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptj\.top$/i"; classtype:trojan-activity; sid:37047441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspo.ussptj.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussptj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspo.ussptg.top"; dns.query; content:"uspo.ussptg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptg\.top$/i"; classtype:trojan-activity; sid:37047471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspo.ussptg.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussptg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspo.usspmv.top"; dns.query; content:"uspo.usspmv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspmv\.top$/i"; classtype:trojan-activity; sid:37047501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspo.usspmv.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspmv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspmv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspo.usspht.top"; dns.query; content:"uspo.usspht.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspht\.top$/i"; classtype:trojan-activity; sid:37047531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspo.usspht.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspht.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspht\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspo.ussphp.top"; dns.query; content:"uspo.ussphp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphp\.top$/i"; classtype:trojan-activity; sid:37047561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspo.ussphp.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspd.usspvc.top"; dns.query; content:"uspd.usspvc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspvc\.top$/i"; classtype:trojan-activity; sid:37047591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspd.usspvc.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspvc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspvc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspe.usspqb.top"; dns.query; content:"uspe.usspqb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqb\.top$/i"; classtype:trojan-activity; sid:37047621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspe.usspqb.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspqb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspd.usspur.top"; dns.query; content:"uspd.usspur.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspur\.top$/i"; classtype:trojan-activity; sid:37047651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspd.usspur.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspur.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspur\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspd.usspga.top"; dns.query; content:"uspd.usspga.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspga\.top$/i"; classtype:trojan-activity; sid:37047681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspd.usspga.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspga.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspga\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspd.usspez.top"; dns.query; content:"uspd.usspez.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspez\.top$/i"; classtype:trojan-activity; sid:37047711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspd.usspez.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspez.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspez\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspc.usspyd.top"; dns.query; content:"uspc.usspyd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspyd\.top$/i"; classtype:trojan-activity; sid:37047741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspc.usspyd.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspyd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspyd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspc.usspyc.top"; dns.query; content:"uspc.usspyc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspyc\.top$/i"; classtype:trojan-activity; sid:37047771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspc.usspyc.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspyc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspyc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspc.usspyb.top"; dns.query; content:"uspc.usspyb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspyb\.top$/i"; classtype:trojan-activity; sid:37047801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspc.usspyb.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspyb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspyb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspc.usspyb.top"; dns.query; content:"uspc.usspyb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspyb\.top$/i"; classtype:trojan-activity; sid:37047831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspc.usspyb.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspyb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspyb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspc.usspwy.top"; dns.query; content:"uspc.usspwy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspwy\.top$/i"; classtype:trojan-activity; sid:37047861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspc.usspwy.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspwy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspwy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspc.usspwv.top"; dns.query; content:"uspc.usspwv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspwv\.top$/i"; classtype:trojan-activity; sid:37047891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspc.usspwv.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspwv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspwv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspc.usspwu.top"; dns.query; content:"uspc.usspwu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspwu\.top$/i"; classtype:trojan-activity; sid:37047921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspc.usspwu.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspwu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspwu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspc.usspsq.top"; dns.query; content:"uspc.usspsq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspsq\.top$/i"; classtype:trojan-activity; sid:37047951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspc.usspsq.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspsq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspsq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspc.ussppe.top"; dns.query; content:"uspc.ussppe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.ussppe\.top$/i"; classtype:trojan-activity; sid:37047981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspc.ussppe.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.ussppe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.ussppe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37047982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname upok.pages.dev"; dns.query; content:"upok.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upok\.pages\.dev$/i"; classtype:trojan-activity; sid:37048011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname upok.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| upok.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upok\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegram-zw.top"; dns.query; content:"telegram-zw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-zw\.top$/i"; classtype:trojan-activity; sid:37048041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegram-zw.top"; flow:to_server,established; http.header; content: "Host|3a| telegram-zw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-zw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname swsspassch-com007.firebaseapp.com"; dns.query; content:"swsspassch-com007.firebaseapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swsspassch\-com007\.firebaseapp\.com$/i"; classtype:trojan-activity; sid:37048071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname swsspassch-com007.firebaseapp.com"; flow:to_server,established; http.header; content: "Host|3a| swsspassch-com007.firebaseapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swsspassch\-com007\.firebaseapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegram-sexxgroup2.privatemessage25.com"; dns.query; content:"telegram-sexxgroup2.privatemessage25.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sexxgroup2\.privatemessage25\.com$/i"; classtype:trojan-activity; sid:37048101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegram-sexxgroup2.privatemessage25.com"; flow:to_server,established; http.header; content: "Host|3a| telegram-sexxgroup2.privatemessage25.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sexxgroup2\.privatemessage25\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname swisspassch-com457.firebaseapp.com"; dns.query; content:"swisspassch-com457.firebaseapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspassch\-com457\.firebaseapp\.com$/i"; classtype:trojan-activity; sid:37048131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname swisspassch-com457.firebaseapp.com"; flow:to_server,established; http.header; content: "Host|3a| swisspassch-com457.firebaseapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspassch\-com457\.firebaseapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname solucioneswebdigital.com"; dns.query; content:"solucioneswebdigital.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])solucioneswebdigital\.com$/i"; classtype:trojan-activity; sid:37048161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname solucioneswebdigital.com"; flow:to_server,established; http.header; content: "Host|3a| solucioneswebdigital.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])solucioneswebdigital\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37048191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37048221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37048251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37048281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37048311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37048341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname sanchitgangwar01.github.io"; dns.query; content:"sanchitgangwar01.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sanchitgangwar01\.github\.io$/i"; classtype:trojan-activity; sid:37048371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname sanchitgangwar01.github.io"; flow:to_server,established; http.header; content: "Host|3a| sanchitgangwar01.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sanchitgangwar01\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname reactionsecurity.nl"; dns.query; content:"reactionsecurity.nl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])reactionsecurity\.nl$/i"; classtype:trojan-activity; sid:37048401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname reactionsecurity.nl"; flow:to_server,established; http.header; content: "Host|3a| reactionsecurity.nl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])reactionsecurity\.nl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname pub-d39d1282ab5d4f6291630ac488f20755.r2.dev"; dns.query; content:"pub-d39d1282ab5d4f6291630ac488f20755.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d39d1282ab5d4f6291630ac488f20755\.r2\.dev$/i"; classtype:trojan-activity; sid:37048431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname pub-d39d1282ab5d4f6291630ac488f20755.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-d39d1282ab5d4f6291630ac488f20755.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d39d1282ab5d4f6291630ac488f20755\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname sprout-confusion-peridot.glitch.me"; dns.query; content:"sprout-confusion-peridot.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sprout\-confusion\-peridot\.glitch\.me$/i"; classtype:trojan-activity; sid:37048461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname sprout-confusion-peridot.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| sprout-confusion-peridot.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sprout\-confusion\-peridot\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//sprout-confusion-peridot.glitch.me/cone.html"; flow:to_server,established; http.header; content:"sprout-confusion-peridot.glitch.me"; fast_pattern; nocase; http.uri; content:"/cone.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37048471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname netflixx.xyz"; dns.query; content:"netflixx.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netflixx\.xyz$/i"; classtype:trojan-activity; sid:37048491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname netflixx.xyz"; flow:to_server,established; http.header; content: "Host|3a| netflixx.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netflixx\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname metamask-wallvt.weebly.com"; dns.query; content:"metamask-wallvt.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamask\-wallvt\.weebly\.com$/i"; classtype:trojan-activity; sid:37048521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname metamask-wallvt.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| metamask-wallvt.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamask\-wallvt\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname metamaiikwallet.weebly.com"; dns.query; content:"metamaiikwallet.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamaiikwallet\.weebly\.com$/i"; classtype:trojan-activity; sid:37048551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname metamaiikwallet.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| metamaiikwallet.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamaiikwallet\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname login.sharepoints-outlooks.com.pl"; dns.query; content:"login.sharepoints-outlooks.com.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.sharepoints\-outlooks\.com\.pl$/i"; classtype:trojan-activity; sid:37048581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname login.sharepoints-outlooks.com.pl"; flow:to_server,established; http.header; content: "Host|3a| login.sharepoints-outlooks.com.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.sharepoints\-outlooks\.com\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname imhtoken.xyz"; dns.query; content:"imhtoken.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imhtoken\.xyz$/i"; classtype:trojan-activity; sid:37048611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname imhtoken.xyz"; flow:to_server,established; http.header; content: "Host|3a| imhtoken.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imhtoken\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname gtf75.mujxk.com"; dns.query; content:"gtf75.mujxk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gtf75\.mujxk\.com$/i"; classtype:trojan-activity; sid:37048641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname gtf75.mujxk.com"; flow:to_server,established; http.header; content: "Host|3a| gtf75.mujxk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gtf75\.mujxk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname grupwaqwbd.terbaru-2023.com"; dns.query; content:"grupwaqwbd.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwaqwbd\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37048671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname grupwaqwbd.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| grupwaqwbd.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwaqwbd\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname gea.pages.dev"; dns.query; content:"gea.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gea\.pages\.dev$/i"; classtype:trojan-activity; sid:37048701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname gea.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gea.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gea\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname gea.pages.dev"; dns.query; content:"gea.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gea\.pages\.dev$/i"; classtype:trojan-activity; sid:37048731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname gea.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gea.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gea\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname gielda-motofan.pl"; dns.query; content:"gielda-motofan.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gielda\-motofan\.pl$/i"; classtype:trojan-activity; sid:37048761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname gielda-motofan.pl"; flow:to_server,established; http.header; content: "Host|3a| gielda-motofan.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gielda\-motofan\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname foqryz814jolx.1i1.my.id"; dns.query; content:"foqryz814jolx.1i1.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])foqryz814jolx\.1i1\.my\.id$/i"; classtype:trojan-activity; sid:37048791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname foqryz814jolx.1i1.my.id"; flow:to_server,established; http.header; content: "Host|3a| foqryz814jolx.1i1.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])foqryz814jolx\.1i1\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname filem-livelaix3a1.terbaru-2023.com"; dns.query; content:"filem-livelaix3a1.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filem\-livelaix3a1\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37048821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname filem-livelaix3a1.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| filem-livelaix3a1.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filem\-livelaix3a1\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname extension-portfolio.serveirc.com"; dns.query; content:"extension-portfolio.serveirc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])extension\-portfolio\.serveirc\.com$/i"; classtype:trojan-activity; sid:37048851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname extension-portfolio.serveirc.com"; flow:to_server,established; http.header; content: "Host|3a| extension-portfolio.serveirc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])extension\-portfolio\.serveirc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname express.delivery.0-2k.com"; dns.query; content:"express.delivery.0-2k.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])express\.delivery\.0\-2k\.com$/i"; classtype:trojan-activity; sid:37048881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname express.delivery.0-2k.com"; flow:to_server,established; http.header; content: "Host|3a| express.delivery.0-2k.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])express\.delivery\.0\-2k\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname extension-portfolio.serveirc.com"; dns.query; content:"extension-portfolio.serveirc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])extension\-portfolio\.serveirc\.com$/i"; classtype:trojan-activity; sid:37048911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname extension-portfolio.serveirc.com"; flow:to_server,established; http.header; content: "Host|3a| extension-portfolio.serveirc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])extension\-portfolio\.serveirc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname eventfreefire.cloud-nesia.my.id"; dns.query; content:"eventfreefire.cloud-nesia.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eventfreefire\.cloud\-nesia\.my\.id$/i"; classtype:trojan-activity; sid:37048941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname eventfreefire.cloud-nesia.my.id"; flow:to_server,established; http.header; content: "Host|3a| eventfreefire.cloud-nesia.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eventfreefire\.cloud\-nesia\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname delicate-dream-b2e1.awaitla446.workers.dev"; dns.query; content:"delicate-dream-b2e1.awaitla446.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])delicate\-dream\-b2e1\.awaitla446\.workers\.dev$/i"; classtype:trojan-activity; sid:37048971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname delicate-dream-b2e1.awaitla446.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| delicate-dream-b2e1.awaitla446.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])delicate\-dream\-b2e1\.awaitla446\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37048972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname dapps-trustline.com"; dns.query; content:"dapps-trustline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dapps\-trustline\.com$/i"; classtype:trojan-activity; sid:37049001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname dapps-trustline.com"; flow:to_server,established; http.header; content: "Host|3a| dapps-trustline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dapps\-trustline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname pub-712e353a979b4867b3905d5b06ad3ce4.r2.dev"; dns.query; content:"pub-712e353a979b4867b3905d5b06ad3ce4.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-712e353a979b4867b3905d5b06ad3ce4\.r2\.dev$/i"; classtype:trojan-activity; sid:37049031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname pub-712e353a979b4867b3905d5b06ad3ce4.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-712e353a979b4867b3905d5b06ad3ce4.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-712e353a979b4867b3905d5b06ad3ce4\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname clt1655093.benchurl.com"; dns.query; content:"clt1655093.benchurl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clt1655093\.benchurl\.com$/i"; classtype:trojan-activity; sid:37049061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname clt1655093.benchurl.com"; flow:to_server,established; http.header; content: "Host|3a| clt1655093.benchurl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clt1655093\.benchurl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname cherry-609d.hakeem1115.workers.dev"; dns.query; content:"cherry-609d.hakeem1115.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cherry\-609d\.hakeem1115\.workers\.dev$/i"; classtype:trojan-activity; sid:37049121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname cherry-609d.hakeem1115.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cherry-609d.hakeem1115.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cherry\-609d\.hakeem1115\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname bafybeihmwp45earyqmevp3kfmgi4dcc5qr4y33g76cvmnoe5tlgvw46pnm.ipfs.cf-ipfs.com"; dns.query; content:"bafybeihmwp45earyqmevp3kfmgi4dcc5qr4y33g76cvmnoe5tlgvw46pnm.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeihmwp45earyqmevp3kfmgi4dcc5qr4y33g76cvmnoe5tlgvw46pnm\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37049151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname bafybeihmwp45earyqmevp3kfmgi4dcc5qr4y33g76cvmnoe5tlgvw46pnm.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeihmwp45earyqmevp3kfmgi4dcc5qr4y33g76cvmnoe5tlgvw46pnm.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeihmwp45earyqmevp3kfmgi4dcc5qr4y33g76cvmnoe5tlgvw46pnm\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname bafybeiaejdz6bqe5ewgybshuwrfyfvi2l2iqn7fjuwwy636wezcrgu7ipu.ipfs.cf-ipfs.com"; dns.query; content:"bafybeiaejdz6bqe5ewgybshuwrfyfvi2l2iqn7fjuwwy636wezcrgu7ipu.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeiaejdz6bqe5ewgybshuwrfyfvi2l2iqn7fjuwwy636wezcrgu7ipu\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37049181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname bafybeiaejdz6bqe5ewgybshuwrfyfvi2l2iqn7fjuwwy636wezcrgu7ipu.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeiaejdz6bqe5ewgybshuwrfyfvi2l2iqn7fjuwwy636wezcrgu7ipu.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeiaejdz6bqe5ewgybshuwrfyfvi2l2iqn7fjuwwy636wezcrgu7ipu\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname b2988.top"; dns.query; content:"b2988.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b2988\.top$/i"; classtype:trojan-activity; sid:37049211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname b2988.top"; flow:to_server,established; http.header; content: "Host|3a| b2988.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b2988\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname auto-skupik.pl"; dns.query; content:"auto-skupik.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-skupik\.pl$/i"; classtype:trojan-activity; sid:37049241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname auto-skupik.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-skupik.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-skupik\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname auto-skupik.pl"; dns.query; content:"auto-skupik.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-skupik\.pl$/i"; classtype:trojan-activity; sid:37049271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname auto-skupik.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-skupik.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-skupik\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname auto-skupik.pl"; dns.query; content:"auto-skupik.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-skupik\.pl$/i"; classtype:trojan-activity; sid:37049301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname auto-skupik.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-skupik.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-skupik\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname auto-okazia.pl"; dns.query; content:"auto-okazia.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-okazia\.pl$/i"; classtype:trojan-activity; sid:37049331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname auto-okazia.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-okazia.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-okazia\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname auto-mazowiecki.pl"; dns.query; content:"auto-mazowiecki.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-mazowiecki\.pl$/i"; classtype:trojan-activity; sid:37049361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname auto-mazowiecki.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-mazowiecki.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-mazowiecki\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname auta-bura.pl"; dns.query; content:"auta-bura.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-bura\.pl$/i"; classtype:trojan-activity; sid:37049391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname auta-bura.pl"; flow:to_server,established; http.header; content: "Host|3a| auta-bura.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-bura\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname aiks888.top"; dns.query; content:"aiks888.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aiks888\.top$/i"; classtype:trojan-activity; sid:37049421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname aiks888.top"; flow:to_server,established; http.header; content: "Host|3a| aiks888.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aiks888\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg4g4gh4fd.blogspot.com"; dns.query; content:"5fgfgfgfg4g4gh4fd.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fd\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fd.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fd.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fd\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgffgfg4g4g4fg.blogspot.com"; dns.query; content:"5fgffgfg4g4g4fg.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4g4fg\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgffgfg4g4g4fg.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgffgfg4g4g4fg.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4g4fg\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg44ggh.blogspot.com"; dns.query; content:"5fgfgfgfg44ggh.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg44ggh\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg44ggh.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg44ggh.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg44ggh\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgffgffgg4g4gh4.blogspot.com"; dns.query; content:"5fgffgffgg4g4gh4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgffgg4g4gh4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgffgffgg4g4gh4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgffgffgg4g4gh4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgffgg4g4gh4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgffgfg4g4g4fg.blogspot.com"; dns.query; content:"5fgffgfg4g4g4fg.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4g4fg\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgffgfg4g4g4fg.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgffgfg4g4g4fg.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4g4fg\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgffgffgg4g4gh4.blogspot.com"; dns.query; content:"5fgffgffgg4g4gh4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgffgg4g4gh4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgffgffgg4g4gh4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgffgffgg4g4gh4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgffgg4g4gh4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgffggfgrfeg44g.blogspot.com"; dns.query; content:"5fgffggfgrfeg44g.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffggfgrfeg44g\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgffggfgrfeg44g.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgffggfgrfeg44g.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffggfgrfeg44g\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname rich-gainful-badge.glitch.me"; dns.query; content:"rich-gainful-badge.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rich\-gainful\-badge\.glitch\.me$/i"; classtype:trojan-activity; sid:37049661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname rich-gainful-badge.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| rich-gainful-badge.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rich\-gainful\-badge\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//rich-gainful-badge.glitch.me/adage.html"; flow:to_server,established; http.header; content:"rich-gainful-badge.glitch.me"; fast_pattern; nocase; http.uri; content:"/adage.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37049671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fggffg4g4g4gfg4.blogspot.com"; dns.query; content:"5fggffg4g4g4gfg4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggffg4g4g4gfg4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fggffg4g4g4gfg4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fggffg4g4g4gfg4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggffg4g4g4gfg4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgggfgfgg4g4gh.blogspot.com"; dns.query; content:"5fgggfgfgg4g4gh.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgggfgfgg4g4gh\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgggfgfgg4g4gh.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgggfgfgg4g4gh.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgggfgfgg4g4gh\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fggfgrg4g4gh4fg.blogspot.com"; dns.query; content:"5fggfgrg4g4gh4fg.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggfgrg4g4gh4fg\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fggfgrg4g4gh4fg.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fggfgrg4g4gh4fg.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggfgrg4g4gh4fg\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgrg4g4g4ghfg4.blogspot.com"; dns.query; content:"5fgfgrg4g4g4ghfg4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgrg4g4g4ghfg4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgrg4g4g4ghfg4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgrg4g4g4ghfg4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgrg4g4g4ghfg4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfgrfg4g4hh.blogspot.com"; dns.query; content:"5fgfgfgfgrfg4g4hh.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfg4g4hh\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfgrfg4g4hh.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrfg4g4hh.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfg4g4hh\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfgrg4g4ggh.blogspot.com"; dns.query; content:"5fgfgfgfgrg4g4ggh.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4ggh\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfgrg4g4ggh.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrg4g4ggh.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4ggh\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname malaysia17-lucah.vvip1.my.id"; dns.query; content:"malaysia17-lucah.vvip1.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])malaysia17\-lucah\.vvip1\.my\.id$/i"; classtype:trojan-activity; sid:37049871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname malaysia17-lucah.vvip1.my.id"; flow:to_server,established; http.header; content: "Host|3a| malaysia17-lucah.vvip1.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])malaysia17\-lucah\.vvip1\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//malaysia17-lucah.vvip1.my.id"; flow:to_server,established; http.header; content:"malaysia17-lucah.vvip1.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37049881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgg4g4hfg.blogspot.com"; dns.query; content:"5fgfgfgg4g4hfg.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgg4g4hfg\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgg4g4hfg.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgg4g4hfg.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgg4g4hfg\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgrfgfrg4g4gh4.blogspot.com"; dns.query; content:"5fgfgrfgfrg4g4gh4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgrfgfrg4g4gh4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37049931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgrfgfrg4g4gh4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgrfgfrg4g4gh4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgrfgfrg4g4gh4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname join-grup-chat-terbaru.antreas.biz.id"; dns.query; content:"join-grup-chat-terbaru.antreas.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join\-grup\-chat\-terbaru\.antreas\.biz\.id$/i"; classtype:trojan-activity; sid:37049961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname join-grup-chat-terbaru.antreas.biz.id"; flow:to_server,established; http.header; content: "Host|3a| join-grup-chat-terbaru.antreas.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join\-grup\-chat\-terbaru\.antreas\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//join-grup-chat-terbaru.antreas.biz.id"; flow:to_server,established; http.header; content:"join-grup-chat-terbaru.antreas.biz.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37049971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname imhtoken.xyz"; dns.query; content:"imhtoken.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imhtoken\.xyz$/i"; classtype:trojan-activity; sid:37049991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname imhtoken.xyz"; flow:to_server,established; http.header; content: "Host|3a| imhtoken.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imhtoken\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37049992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//imhtoken.xyz"; flow:to_server,established; http.header; content:"imhtoken.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname extension-portfolio.serveirc.com"; dns.query; content:"extension-portfolio.serveirc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])extension\-portfolio\.serveirc\.com$/i"; classtype:trojan-activity; sid:37050021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname extension-portfolio.serveirc.com"; flow:to_server,established; http.header; content: "Host|3a| extension-portfolio.serveirc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])extension\-portfolio\.serveirc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//extension-portfolio.serveirc.com/nkbihfbeogaeaoehlefnkodbefgpgkmse/69i57j0i22i30ladz/adc8f"; flow:to_server,established; http.header; content:"extension-portfolio.serveirc.com"; fast_pattern; nocase; http.uri; content:"/nkbihfbeogaeaoehlefnkodbefgpgkmse/69i57j0i22i30ladz/adc8f"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname extension-portfolio.serveirc.com"; dns.query; content:"extension-portfolio.serveirc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])extension\-portfolio\.serveirc\.com$/i"; classtype:trojan-activity; sid:37050051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname extension-portfolio.serveirc.com"; flow:to_server,established; http.header; content: "Host|3a| extension-portfolio.serveirc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])extension\-portfolio\.serveirc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//extension-portfolio.serveirc.com/nkbihfbeogaeaoehlefnkodbefgpgkmse/69i57j0i22i30ladz"; flow:to_server,established; http.header; content:"extension-portfolio.serveirc.com"; fast_pattern; nocase; http.uri; content:"/nkbihfbeogaeaoehlefnkodbefgpgkmse/69i57j0i22i30ladz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname evergreen-nine-visitor.glitch.me"; dns.query; content:"evergreen-nine-visitor.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])evergreen\-nine\-visitor\.glitch\.me$/i"; classtype:trojan-activity; sid:37050081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname evergreen-nine-visitor.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| evergreen-nine-visitor.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])evergreen\-nine\-visitor\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//evergreen-nine-visitor.glitch.me/alte.html"; flow:to_server,established; http.header; content:"evergreen-nine-visitor.glitch.me"; fast_pattern; nocase; http.uri; content:"/alte.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname decorous-sphenoid-olivine.glitch.me"; dns.query; content:"decorous-sphenoid-olivine.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])decorous\-sphenoid\-olivine\.glitch\.me$/i"; classtype:trojan-activity; sid:37050111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname decorous-sphenoid-olivine.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| decorous-sphenoid-olivine.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])decorous\-sphenoid\-olivine\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//decorous-sphenoid-olivine.glitch.me/bat.html"; flow:to_server,established; http.header; content:"decorous-sphenoid-olivine.glitch.me"; fast_pattern; nocase; http.uri; content:"/bat.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname brandnewpromtion.blogspot.com.cy"; dns.query; content:"brandnewpromtion.blogspot.com.cy"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brandnewpromtion\.blogspot\.com\.cy$/i"; classtype:trojan-activity; sid:37050141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname brandnewpromtion.blogspot.com.cy"; flow:to_server,established; http.header; content: "Host|3a| brandnewpromtion.blogspot.com.cy"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brandnewpromtion\.blogspot\.com\.cy[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//brandnewpromtion.blogspot.com.cy"; flow:to_server,established; http.header; content:"brandnewpromtion.blogspot.com.cy"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname auto-skupik.info.pl"; dns.query; content:"auto-skupik.info.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-skupik\.info\.pl$/i"; classtype:trojan-activity; sid:37050171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname auto-skupik.info.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-skupik.info.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-skupik\.info\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//auto-skupik.info.pl/authorize.php?lzpjl4uieept8duxu9ts3tex8xuyskegve9xyyejpogjqbiqffbtsdax3px69bbzepypq7lxhq9xna5vthlywgqa2st1nldeyn5mbg0r3hb4gsoezydvgpza7ozjryvjlr3ji2nlm1hjhok2ouvngykfphiibwhqgbc397nggx37usg1lckg1rxkrdmuuofyn2rulejjc1xrkfbgtvvhdldmyb706yfjyfrhk1libsnij4kyjhzwhndikulkg4k2="; flow:to_server,established; http.header; content:"auto-skupik.info.pl"; fast_pattern; nocase; http.uri; content:"/authorize.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 85s.a19.mywebsitetransfer.com"; dns.query; content:"85s.a19.mywebsitetransfer.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])85s\.a19\.mywebsitetransfer\.com$/i"; classtype:trojan-activity; sid:37050201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 85s.a19.mywebsitetransfer.com"; flow:to_server,established; http.header; content: "Host|3a| 85s.a19.mywebsitetransfer.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])85s\.a19\.mywebsitetransfer\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//85s.a19.mywebsitetransfer.com/home/packet/home.php?newtoken="; flow:to_server,established; http.header; content:"85s.a19.mywebsitetransfer.com"; fast_pattern; nocase; http.uri; content:"/home/packet/home.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg4g4gh4fgfdg.blogspot.com"; dns.query; content:"5fgfgfgfg4g4gh4fgfdg.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgfdg\.blogspot\.com$/i"; classtype:trojan-activity; sid:37050231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fgfdg.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fgfdg.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgfdg\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfgrfg4g4g4.blogspot.com"; dns.query; content:"5fgfgfgfgrfg4g4g4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfg4g4g4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37050261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfgrfg4g4g4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrfg4g4g4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfg4g4g4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfgfg4g4gg4g4.blogspot.com"; dns.query; content:"5fgfgfgfgfg4g4gg4g4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfg4g4gg4g4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37050291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfgfg4g4gg4g4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgfg4g4gg4g4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfg4g4gg4g4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgggfgfgg4g4gh.blogspot.co.id"; dns.query; content:"5fgggfgfgg4g4gh.blogspot.co.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgggfgfgg4g4gh\.blogspot\.co\.id$/i"; classtype:trojan-activity; sid:37050321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgggfgfgg4g4gh.blogspot.co.id"; flow:to_server,established; http.header; content: "Host|3a| 5fgggfgfgg4g4gh.blogspot.co.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgggfgfgg4g4gh\.blogspot\.co\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgggfgfgg4g4gh.blogspot.co.id"; flow:to_server,established; http.header; content:"5fgggfgfgg4g4gh.blogspot.co.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fggfgrg4g4gh4fg.blogspot.co.za"; dns.query; content:"5fggfgrg4g4gh4fg.blogspot.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggfgrg4g4gh4fg\.blogspot\.co\.za$/i"; classtype:trojan-activity; sid:37050351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fggfgrg4g4gh4fg.blogspot.co.za"; flow:to_server,established; http.header; content: "Host|3a| 5fggfgrg4g4gh4fg.blogspot.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggfgrg4g4gh4fg\.blogspot\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fggfgrg4g4gh4fg.blogspot.co.za"; flow:to_server,established; http.header; content:"5fggfgrg4g4gh4fg.blogspot.co.za"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fggffg4g4g4gfg4.blogspot.mk"; dns.query; content:"5fggffg4g4g4gfg4.blogspot.mk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggffg4g4g4gfg4\.blogspot\.mk$/i"; classtype:trojan-activity; sid:37050381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fggffg4g4g4gfg4.blogspot.mk"; flow:to_server,established; http.header; content: "Host|3a| 5fggffg4g4g4gfg4.blogspot.mk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggffg4g4g4gfg4\.blogspot\.mk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fggffg4g4g4gfg4.blogspot.mk"; flow:to_server,established; http.header; content:"5fggffg4g4g4gfg4.blogspot.mk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg4g4gh4fgdf.blogspot.com"; dns.query; content:"5fgfgfgfg4g4gh4fgdf.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgdf\.blogspot\.com$/i"; classtype:trojan-activity; sid:37050411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fgdf.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fgdf.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgdf\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg4g4gh4fg4fgv.blogspot.com"; dns.query; content:"5fgfgfgfg4g4gh4fg4fgv.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fg4fgv\.blogspot\.com$/i"; classtype:trojan-activity; sid:37050441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fg4fgv.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fg4fgv.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fg4fgv\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uhtrwrw.com"; dns.query; content:"uhtrwrw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uhtrwrw\.com$/i"; classtype:trojan-activity; sid:37050471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uhtrwrw.com"; flow:to_server,established; http.header; content: "Host|3a| uhtrwrw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uhtrwrw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgrg4g4g4ghfg4.blogspot.com.ee"; dns.query; content:"5fgfgrg4g4g4ghfg4.blogspot.com.ee"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgrg4g4g4ghfg4\.blogspot\.com\.ee$/i"; classtype:trojan-activity; sid:37050501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgrg4g4g4ghfg4.blogspot.com.ee"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgrg4g4g4ghfg4.blogspot.com.ee"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgrg4g4g4ghfg4\.blogspot\.com\.ee[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgrg4g4g4ghfg4.blogspot.com.ee"; flow:to_server,established; http.header; content:"5fgfgrg4g4g4ghfg4.blogspot.com.ee"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgrfgfrg4g4gh4.blogspot.com.ar"; dns.query; content:"5fgfgrfgfrg4g4gh4.blogspot.com.ar"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgrfgfrg4g4gh4\.blogspot\.com\.ar$/i"; classtype:trojan-activity; sid:37050531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgrfgfrg4g4gh4.blogspot.com.ar"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgrfgfrg4g4gh4.blogspot.com.ar"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgrfgfrg4g4gh4\.blogspot\.com\.ar[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgrfgfrg4g4gh4.blogspot.com.ar"; flow:to_server,established; http.header; content:"5fgfgrfgfrg4g4gh4.blogspot.com.ar"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfgrg4g4ggh.blogspot.li"; dns.query; content:"5fgfgfgfgrg4g4ggh.blogspot.li"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4ggh\.blogspot\.li$/i"; classtype:trojan-activity; sid:37050561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfgrg4g4ggh.blogspot.li"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrg4g4ggh.blogspot.li"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4ggh\.blogspot\.li[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgfgrg4g4ggh.blogspot.li"; flow:to_server,established; http.header; content:"5fgfgfgfgrg4g4ggh.blogspot.li"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgg4g4hfg.blogspot.lu"; dns.query; content:"5fgfgfgg4g4hfg.blogspot.lu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgg4g4hfg\.blogspot\.lu$/i"; classtype:trojan-activity; sid:37050591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgg4g4hfg.blogspot.lu"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgg4g4hfg.blogspot.lu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgg4g4hfg\.blogspot\.lu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgg4g4hfg.blogspot.lu"; flow:to_server,established; http.header; content:"5fgfgfgg4g4hfg.blogspot.lu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfgrfg4g4hh.blogspot.com.co"; dns.query; content:"5fgfgfgfgrfg4g4hh.blogspot.com.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfg4g4hh\.blogspot\.com\.co$/i"; classtype:trojan-activity; sid:37050621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfgrfg4g4hh.blogspot.com.co"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrfg4g4hh.blogspot.com.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfg4g4hh\.blogspot\.com\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgfgrfg4g4hh.blogspot.com.co"; flow:to_server,established; http.header; content:"5fgfgfgfgrfg4g4hh.blogspot.com.co"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfgrfg4g4g4.blogspot.ug"; dns.query; content:"5fgfgfgfgrfg4g4g4.blogspot.ug"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfg4g4g4\.blogspot\.ug$/i"; classtype:trojan-activity; sid:37050651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfgrfg4g4g4.blogspot.ug"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrfg4g4g4.blogspot.ug"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfg4g4g4\.blogspot\.ug[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgfgrfg4g4g4.blogspot.ug"; flow:to_server,established; http.header; content:"5fgfgfgfgrfg4g4g4.blogspot.ug"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname dbet3658.com"; dns.query; content:"dbet3658.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dbet3658\.com$/i"; classtype:trojan-activity; sid:37050681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname dbet3658.com"; flow:to_server,established; http.header; content: "Host|3a| dbet3658.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dbet3658\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfgfg4g4gg4g4.blogspot.co.id"; dns.query; content:"5fgfgfgfgfg4g4gg4g4.blogspot.co.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfg4g4gg4g4\.blogspot\.co\.id$/i"; classtype:trojan-activity; sid:37050711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfgfg4g4gg4g4.blogspot.co.id"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgfg4g4gg4g4.blogspot.co.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfg4g4gg4g4\.blogspot\.co\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgfgfg4g4gg4g4.blogspot.co.id"; flow:to_server,established; http.header; content:"5fgfgfgfgfg4g4gg4g4.blogspot.co.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg4g4gh4fgfdg.blogspot.rs"; dns.query; content:"5fgfgfgfg4g4gh4fgfdg.blogspot.rs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgfdg\.blogspot\.rs$/i"; classtype:trojan-activity; sid:37050741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fgfdg.blogspot.rs"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fgfdg.blogspot.rs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgfdg\.blogspot\.rs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgfg4g4gh4fgfdg.blogspot.rs"; flow:to_server,established; http.header; content:"5fgfgfgfg4g4gh4fgfdg.blogspot.rs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37050771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37050801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37050831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname igiowo1.pages.dev"; dns.query; content:"igiowo1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])igiowo1\.pages\.dev$/i"; classtype:trojan-activity; sid:37050861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname igiowo1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| igiowo1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])igiowo1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//igiowo1.pages.dev/?user-agent=mozilla/5.0%20(windows%20nt%2010.0|3b|%20win64|3b|%2|30 78|64)%20applewebkit/537.36%20(khtml,%20like%20gecko)%20chrome/86.0.4240.75%20safari/537.36%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%2...~311~...%22%22%22%22%22%22%22%22%22%22"; flow:to_server,established; http.header; content:"igiowo1.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg4g4gh4fgdf.blogspot.rs"; dns.query; content:"5fgfgfgfg4g4gh4fgdf.blogspot.rs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgdf\.blogspot\.rs$/i"; classtype:trojan-activity; sid:37050891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fgdf.blogspot.rs"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fgdf.blogspot.rs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgdf\.blogspot\.rs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgfg4g4gh4fgdf.blogspot.rs"; flow:to_server,established; http.header; content:"5fgfgfgfg4g4gh4fgdf.blogspot.rs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uhtrwrw.com"; dns.query; content:"uhtrwrw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uhtrwrw\.com$/i"; classtype:trojan-activity; sid:37050921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uhtrwrw.com"; flow:to_server,established; http.header; content: "Host|3a| uhtrwrw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uhtrwrw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg4g4gh4fg4fgv.blogspot.qa"; dns.query; content:"5fgfgfgfg4g4gh4fg4fgv.blogspot.qa"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fg4fgv\.blogspot\.qa$/i"; classtype:trojan-activity; sid:37050951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fg4fgv.blogspot.qa"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fg4fgv.blogspot.qa"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fg4fgv\.blogspot\.qa[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgfg4g4gh4fg4fgv.blogspot.qa"; flow:to_server,established; http.header; content:"5fgfgfgfg4g4gh4fg4fgv.blogspot.qa"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg4g4gh4fgdf.blogspot.lt"; dns.query; content:"5fgfgfgfg4g4gh4fgdf.blogspot.lt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgdf\.blogspot\.lt$/i"; classtype:trojan-activity; sid:37050981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fgdf.blogspot.lt"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fgdf.blogspot.lt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgdf\.blogspot\.lt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37050982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgfg4g4gh4fgdf.blogspot.lt"; flow:to_server,established; http.header; content:"5fgfgfgfg4g4gh4fgdf.blogspot.lt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37050991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg4g4gh4fgdf.blogspot.hr"; dns.query; content:"5fgfgfgfg4g4gh4fgdf.blogspot.hr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgdf\.blogspot\.hr$/i"; classtype:trojan-activity; sid:37051011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fgdf.blogspot.hr"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fgdf.blogspot.hr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fgdf\.blogspot\.hr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgfg4g4gh4fgdf.blogspot.hr"; flow:to_server,established; http.header; content:"5fgfgfgfg4g4gh4fgdf.blogspot.hr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg4g4gh4fd.blogspot.li"; dns.query; content:"5fgfgfgfg4g4gh4fd.blogspot.li"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fd\.blogspot\.li$/i"; classtype:trojan-activity; sid:37051041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fd.blogspot.li"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fd.blogspot.li"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fd\.blogspot\.li[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgfg4g4gh4fd.blogspot.li"; flow:to_server,established; http.header; content:"5fgfgfgfg4g4gh4fd.blogspot.li"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgfgfgfg44ggh.blogspot.bg"; dns.query; content:"5fgfgfgfg44ggh.blogspot.bg"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg44ggh\.blogspot\.bg$/i"; classtype:trojan-activity; sid:37051071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgfgfgfg44ggh.blogspot.bg"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg44ggh.blogspot.bg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg44ggh\.blogspot\.bg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgfgfgfg44ggh.blogspot.bg"; flow:to_server,established; http.header; content:"5fgfgfgfg44ggh.blogspot.bg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgffgfg4g4g4fg.blogspot.si"; dns.query; content:"5fgffgfg4g4g4fg.blogspot.si"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4g4fg\.blogspot\.si$/i"; classtype:trojan-activity; sid:37051101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgffgfg4g4g4fg.blogspot.si"; flow:to_server,established; http.header; content: "Host|3a| 5fgffgfg4g4g4fg.blogspot.si"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4g4fg\.blogspot\.si[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgffgfg4g4g4fg.blogspot.si"; flow:to_server,established; http.header; content:"5fgffgfg4g4g4fg.blogspot.si"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgffggfgrfeg44g.blogspot.hr"; dns.query; content:"5fgffggfgrfeg44g.blogspot.hr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffggfgrfeg44g\.blogspot\.hr$/i"; classtype:trojan-activity; sid:37051131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgffggfgrfeg44g.blogspot.hr"; flow:to_server,established; http.header; content: "Host|3a| 5fgffggfgrfeg44g.blogspot.hr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffggfgrfeg44g\.blogspot\.hr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgffggfgrfeg44g.blogspot.hr"; flow:to_server,established; http.header; content:"5fgffggfgrfeg44g.blogspot.hr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgffgfg4g4g4fg.blogspot.qa"; dns.query; content:"5fgffgfg4g4g4fg.blogspot.qa"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4g4fg\.blogspot\.qa$/i"; classtype:trojan-activity; sid:37051161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgffgfg4g4g4fg.blogspot.qa"; flow:to_server,established; http.header; content: "Host|3a| 5fgffgfg4g4g4fg.blogspot.qa"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfg4g4g4fg\.blogspot\.qa[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgffgfg4g4g4fg.blogspot.qa"; flow:to_server,established; http.header; content:"5fgffgfg4g4g4fg.blogspot.qa"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 5fgffgffgg4g4gh4.blogspot.co.ke"; dns.query; content:"5fgffgffgg4g4gh4.blogspot.co.ke"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgffgg4g4gh4\.blogspot\.co\.ke$/i"; classtype:trojan-activity; sid:37051191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 5fgffgffgg4g4gh4.blogspot.co.ke"; flow:to_server,established; http.header; content: "Host|3a| 5fgffgffgg4g4gh4.blogspot.co.ke"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgffgg4g4gh4\.blogspot\.co\.ke[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//5fgffgffgg4g4gh4.blogspot.co.ke"; flow:to_server,established; http.header; content:"5fgffgffgg4g4gh4.blogspot.co.ke"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname desservermabagecloudsergeneratorjsjherjrsjgyxz.pages.dev"; dns.query; content:"desservermabagecloudsergeneratorjsjherjrsjgyxz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])desservermabagecloudsergeneratorjsjherjrsjgyxz\.pages\.dev$/i"; classtype:trojan-activity; sid:37051221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname desservermabagecloudsergeneratorjsjherjrsjgyxz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| desservermabagecloudsergeneratorjsjherjrsjgyxz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])desservermabagecloudsergeneratorjsjherjrsjgyxz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//desservermabagecloudsergeneratorjsjherjrsjgyxz.pages.dev"; flow:to_server,established; http.header; content:"desservermabagecloudsergeneratorjsjherjrsjgyxz.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname brh-5af.pages.dev"; dns.query; content:"brh-5af.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brh\-5af\.pages\.dev$/i"; classtype:trojan-activity; sid:37051251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname brh-5af.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| brh-5af.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brh\-5af\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//brh-5af.pages.dev"; flow:to_server,established; http.header; content:"brh-5af.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname y67telegrm21senju33.pages.dev"; dns.query; content:"y67telegrm21senju33.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])y67telegrm21senju33\.pages\.dev$/i"; classtype:trojan-activity; sid:37051281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname y67telegrm21senju33.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| y67telegrm21senju33.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])y67telegrm21senju33\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//y67telegrm21senju33.pages.dev"; flow:to_server,established; http.header; content:"y67telegrm21senju33.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegram-sexxgroup5.privatemessage25.com"; dns.query; content:"telegram-sexxgroup5.privatemessage25.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sexxgroup5\.privatemessage25\.com$/i"; classtype:trojan-activity; sid:37051311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegram-sexxgroup5.privatemessage25.com"; flow:to_server,established; http.header; content: "Host|3a| telegram-sexxgroup5.privatemessage25.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sexxgroup5\.privatemessage25\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegram-sexxgroup5.privatemessage25.com"; flow:to_server,established; http.header; content:"telegram-sexxgroup5.privatemessage25.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname acraven.rowellcravenshort.workers.dev"; dns.query; content:"acraven.rowellcravenshort.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])acraven\.rowellcravenshort\.workers\.dev$/i"; classtype:trojan-activity; sid:37051341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname acraven.rowellcravenshort.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| acraven.rowellcravenshort.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])acraven\.rowellcravenshort\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//acraven.rowellcravenshort.workers.dev"; flow:to_server,established; http.header; content:"acraven.rowellcravenshort.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname ouverturespace.gotdns.ch"; dns.query; content:"ouverturespace.gotdns.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ouverturespace\.gotdns\.ch$/i"; classtype:trojan-activity; sid:37051371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname ouverturespace.gotdns.ch"; flow:to_server,established; http.header; content: "Host|3a| ouverturespace.gotdns.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ouverturespace\.gotdns\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname ouverturespace.gotdns.ch"; dns.query; content:"ouverturespace.gotdns.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ouverturespace\.gotdns\.ch$/i"; classtype:trojan-activity; sid:37051401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname ouverturespace.gotdns.ch"; flow:to_server,established; http.header; content: "Host|3a| ouverturespace.gotdns.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ouverturespace\.gotdns\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname partyheadphones.com"; dns.query; content:"partyheadphones.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])partyheadphones\.com$/i"; classtype:trojan-activity; sid:37051431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname partyheadphones.com"; flow:to_server,established; http.header; content: "Host|3a| partyheadphones.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])partyheadphones\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname nnt.okl.mybluehost.me"; dns.query; content:"nnt.okl.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nnt\.okl\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37051461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname nnt.okl.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| nnt.okl.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nnt\.okl\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname golstanbagh.com"; dns.query; content:"golstanbagh.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])golstanbagh\.com$/i"; classtype:trojan-activity; sid:37051491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname golstanbagh.com"; flow:to_server,established; http.header; content: "Host|3a| golstanbagh.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])golstanbagh\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname msgr.com"; dns.query; content:"msgr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])msgr\.com$/i"; classtype:trojan-activity; sid:37051521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname msgr.com"; flow:to_server,established; http.header; content: "Host|3a| msgr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])msgr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//msgr.com"; flow:to_server,established; http.header; content:"msgr.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegram-sexxgroup.privatemessage25.com"; dns.query; content:"telegram-sexxgroup.privatemessage25.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sexxgroup\.privatemessage25\.com$/i"; classtype:trojan-activity; sid:37051551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegram-sexxgroup.privatemessage25.com"; flow:to_server,established; http.header; content: "Host|3a| telegram-sexxgroup.privatemessage25.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sexxgroup\.privatemessage25\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegram-sexxgroup.privatemessage25.com"; flow:to_server,established; http.header; content:"telegram-sexxgroup.privatemessage25.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> 61.53.124.16 54025 (msg: "MISP e25919 [] Outgoing URL http|3a|//61.53.124.16|3a|54025/bin.sh"; flow:to_server,established; http.header; content:"61.53.124.16"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37042981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 59.93.19.252 34476 (msg: "MISP e25919 [] Outgoing URL http|3a|//59.93.19.252|3a|34476/bin.sh"; flow:to_server,established; http.header; content:"59.93.19.252"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37042991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 219.157.27.171 37360 (msg: "MISP e25919 [] Outgoing URL http|3a|//219.157.27.171|3a|37360/i"; flow:to_server,established; http.header; content:"219.157.27.171"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 219.157.27.171 37360 (msg: "MISP e25919 [] Outgoing URL http|3a|//219.157.27.171|3a|37360/bin.sh"; flow:to_server,established; http.header; content:"219.157.27.171"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 115.55.246.132 50840 (msg: "MISP e25919 [] Outgoing URL http|3a|//115.55.246.132|3a|50840/bin.sh"; flow:to_server,established; http.header; content:"115.55.246.132"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 115.54.75.57 34520 (msg: "MISP e25919 [] Outgoing URL http|3a|//115.54.75.57|3a|34520/bin.sh"; flow:to_server,established; http.header; content:"115.54.75.57"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 115.50.68.140 49654 (msg: "MISP e25919 [] Outgoing URL http|3a|//115.50.68.140|3a|49654/i"; flow:to_server,established; http.header; content:"115.50.68.140"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 115.50.68.140 49654 (msg: "MISP e25919 [] Outgoing URL http|3a|//115.50.68.140|3a|49654/"; flow:to_server,established; http.header; content:"115.50.68.140"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 115.48.10.15 44527 (msg: "MISP e25919 [] Outgoing URL http|3a|//115.48.10.15|3a|44527/bin.sh"; flow:to_server,established; http.header; content:"115.48.10.15"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 112.248.188.129 45925 (msg: "MISP e25919 [] Outgoing URL http|3a|//112.248.188.129|3a|45925/i"; flow:to_server,established; http.header; content:"112.248.188.129"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 93.123.85.4 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//93.123.85.4/bins/jew.spc"; flow:to_server,established; http.header; content:"93.123.85.4"; fast_pattern; nocase; http.uri; content:"/bins/jew.spc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 93.123.85.4 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//93.123.85.4/bins/jew.sh4"; flow:to_server,established; http.header; content:"93.123.85.4"; fast_pattern; nocase; http.uri; content:"/bins/jew.sh4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 93.123.85.4 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//93.123.85.4/bins/jew.ppc"; flow:to_server,established; http.header; content:"93.123.85.4"; fast_pattern; nocase; http.uri; content:"/bins/jew.ppc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 93.123.85.4 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//93.123.85.4/bins/jew.mpsl"; flow:to_server,established; http.header; content:"93.123.85.4"; fast_pattern; nocase; http.uri; content:"/bins/jew.mpsl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 93.123.85.4 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//93.123.85.4/bins/jew.mips"; flow:to_server,established; http.header; content:"93.123.85.4"; fast_pattern; nocase; http.uri; content:"/bins/jew.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 93.123.85.4 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//93.123.85.4/bins/jew.m68k"; flow:to_server,established; http.header; content:"93.123.85.4"; fast_pattern; nocase; http.uri; content:"/bins/jew.m68k"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 93.123.85.4 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//93.123.85.4/bins/jew.arm7"; flow:to_server,established; http.header; content:"93.123.85.4"; fast_pattern; nocase; http.uri; content:"/bins/jew.arm7"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 93.123.85.4 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//93.123.85.4/bins/jew.arm6"; flow:to_server,established; http.header; content:"93.123.85.4"; fast_pattern; nocase; http.uri; content:"/bins/jew.arm6"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 93.123.85.4 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//93.123.85.4/bins/jew.arm5"; flow:to_server,established; http.header; content:"93.123.85.4"; fast_pattern; nocase; http.uri; content:"/bins/jew.arm5"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 93.123.85.4 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//93.123.85.4/bins/jew.arm"; flow:to_server,established; http.header; content:"93.123.85.4"; fast_pattern; nocase; http.uri; content:"/bins/jew.arm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 61.53.127.36 33209 (msg: "MISP e25919 [] Outgoing URL http|3a|//61.53.127.36|3a|33209/"; flow:to_server,established; http.header; content:"61.53.127.36"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 59.93.19.252 34476 (msg: "MISP e25919 [] Outgoing URL http|3a|//59.93.19.252|3a|34476/Mozi.m"; flow:to_server,established; http.header; content:"59.93.19.252"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 42.232.215.216 56994 (msg: "MISP e25919 [] Outgoing URL http|3a|//42.232.215.216|3a|56994/i"; flow:to_server,established; http.header; content:"42.232.215.216"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 42.232.215.216 56994 (msg: "MISP e25919 [] Outgoing URL http|3a|//42.232.215.216|3a|56994/bin.sh"; flow:to_server,established; http.header; content:"42.232.215.216"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 39.90.144.203 43624 (msg: "MISP e25919 [] Outgoing URL http|3a|//39.90.144.203|3a|43624/bin.sh"; flow:to_server,established; http.header; content:"39.90.144.203"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 27.215.176.7 56569 (msg: "MISP e25919 [] Outgoing URL http|3a|//27.215.176.7|3a|56569/Mozi.m"; flow:to_server,established; http.header; content:"27.215.176.7"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//193.233.132.167/retro/dota.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/retro/dota.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//193.233.132.167/mine/amert.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/mine/amert.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 182.117.125.109 46152 (msg: "MISP e25919 [] Outgoing URL http|3a|//182.117.125.109|3a|46152/bin.sh"; flow:to_server,established; http.header; content:"182.117.125.109"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 123.130.171.117 54377 (msg: "MISP e25919 [] Outgoing URL http|3a|//123.130.171.117|3a|54377/bin.sh"; flow:to_server,established; http.header; content:"123.130.171.117"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 120.211.131.10 56920 (msg: "MISP e25919 [] Outgoing URL http|3a|//120.211.131.10|3a|56920/Mozi.m"; flow:to_server,established; http.header; content:"120.211.131.10"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.252.166.86 45719 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.252.166.86|3a|45719/Mozi.m"; flow:to_server,established; http.header; content:"117.252.166.86"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 115.55.246.132 50840 (msg: "MISP e25919 [] Outgoing URL http|3a|//115.55.246.132|3a|50840/i"; flow:to_server,established; http.header; content:"115.55.246.132"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 115.48.10.15 44527 (msg: "MISP e25919 [] Outgoing URL http|3a|//115.48.10.15|3a|44527/i"; flow:to_server,established; http.header; content:"115.48.10.15"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 182.114.33.134 56445 (msg: "MISP e25919 [] Outgoing URL http|3a|//182.114.33.134|3a|56445/bin.sh"; flow:to_server,established; http.header; content:"182.114.33.134"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 123.130.171.117 54377 (msg: "MISP e25919 [] Outgoing URL http|3a|//123.130.171.117|3a|54377/i"; flow:to_server,established; http.header; content:"123.130.171.117"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.211.210.245 39998 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.211.210.245|3a|39998/Mozi.m"; flow:to_server,established; http.header; content:"117.211.210.245"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.194.167.61 35297 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.194.167.61|3a|35297/bin.sh"; flow:to_server,established; http.header; content:"117.194.167.61"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.192.124.28 52737 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.192.124.28|3a|52737/bin.sh"; flow:to_server,established; http.header; content:"117.192.124.28"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 115.56.153.195 51980 (msg: "MISP e25919 [] Outgoing URL http|3a|//115.56.153.195|3a|51980/i"; flow:to_server,established; http.header; content:"115.56.153.195"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 103.183.115.241 $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//103.183.115.241/aXejhuwyCK133.bin"; flow:to_server,established; http.header; content:"103.183.115.241"; fast_pattern; nocase; http.uri; content:"/aXejhuwyCK133.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//inox.sunaviat.com/data/pdf/may.exe"; flow:to_server,established; http.header; content:"inox.sunaviat.com"; fast_pattern; nocase; http.uri; content:"/data/pdf/may.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//clean.sunaviat.com/data/pdf/june.exe"; flow:to_server,established; http.header; content:"clean.sunaviat.com"; fast_pattern; nocase; http.uri; content:"/data/pdf/june.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 182.117.125.109 46152 (msg: "MISP e25919 [] Outgoing URL http|3a|//182.117.125.109|3a|46152/i"; flow:to_server,established; http.header; content:"182.117.125.109"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.248.16.131 45828 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.248.16.131|3a|45828/i"; flow:to_server,established; http.header; content:"117.248.16.131"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.217.44.122 39168 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.217.44.122|3a|39168/i"; flow:to_server,established; http.header; content:"117.217.44.122"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.215.221.107 58728 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.215.221.107|3a|58728/Mozi.m"; flow:to_server,established; http.header; content:"117.215.221.107"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 42.239.242.16 52271 (msg: "MISP e25919 [] Outgoing URL http|3a|//42.239.242.16|3a|52271/bin.sh"; flow:to_server,established; http.header; content:"42.239.242.16"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 27.215.176.7 56569 (msg: "MISP e25919 [] Outgoing URL http|3a|//27.215.176.7|3a|56569/bin.sh"; flow:to_server,established; http.header; content:"27.215.176.7"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 221.14.38.9 38010 (msg: "MISP e25919 [] Outgoing URL http|3a|//221.14.38.9|3a|38010/i"; flow:to_server,established; http.header; content:"221.14.38.9"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 219.156.99.241 44091 (msg: "MISP e25919 [] Outgoing URL http|3a|//219.156.99.241|3a|44091/i"; flow:to_server,established; http.header; content:"219.156.99.241"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.248.16.131 45828 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.248.16.131|3a|45828/bin.sh"; flow:to_server,established; http.header; content:"117.248.16.131"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.199.77.97 54993 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.199.77.97|3a|54993/i"; flow:to_server,established; http.header; content:"117.199.77.97"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.199.77.97 54993 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.199.77.97|3a|54993/bin.sh"; flow:to_server,established; http.header; content:"117.199.77.97"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.199.72.202 39777 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.199.72.202|3a|39777/bin.sh"; flow:to_server,established; http.header; content:"117.199.72.202"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 1.70.140.217 20957 (msg: "MISP e25919 [] Outgoing URL http|3a|//1.70.140.217|3a|20957/.i"; flow:to_server,established; http.header; content:"1.70.140.217"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25919 [] Outgoing URL http|3a|//sl.avalmag.com/data/pdf/may.exe"; flow:to_server,established; http.header; content:"sl.avalmag.com"; fast_pattern; nocase; http.uri; content:"/data/pdf/may.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 59.93.194.127 57675 (msg: "MISP e25919 [] Outgoing URL http|3a|//59.93.194.127|3a|57675/i"; flow:to_server,established; http.header; content:"59.93.194.127"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 42.239.242.16 52271 (msg: "MISP e25919 [] Outgoing URL http|3a|//42.239.242.16|3a|52271/i"; flow:to_server,established; http.header; content:"42.239.242.16"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 42.230.34.194 35086 (msg: "MISP e25919 [] Outgoing URL http|3a|//42.230.34.194|3a|35086/i"; flow:to_server,established; http.header; content:"42.230.34.194"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 221.15.195.241 49697 (msg: "MISP e25919 [] Outgoing URL http|3a|//221.15.195.241|3a|49697/Mozi.m"; flow:to_server,established; http.header; content:"221.15.195.241"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 221.15.195.241 49697 (msg: "MISP e25919 [] Outgoing URL http|3a|//221.15.195.241|3a|49697/bin.sh"; flow:to_server,established; http.header; content:"221.15.195.241"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 125.41.227.64 37007 (msg: "MISP e25919 [] Outgoing URL http|3a|//125.41.227.64|3a|37007/bin.sh"; flow:to_server,established; http.header; content:"125.41.227.64"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert http $HOME_NET any -> 117.199.79.27 60697 (msg: "MISP e25919 [] Outgoing URL http|3a|//117.199.79.27|3a|60697/Mozi.m"; flow:to_server,established; http.header; content:"117.199.79.27"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37043621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25919;) alert dns any any -> any any (msg: "MISP e25857 [] Domain cl-banco.estado-inicio.info"; dns.query; content:"cl-banco.estado-inicio.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\-banco\.estado\-inicio\.info$/i"; classtype:trojan-activity; sid:37023861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25857 [] Outgoing HTTP Domain cl-banco.estado-inicio.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cl-banco.estado-inicio.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\-banco\.estado\-inicio\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37023862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25857;) alert ip $HOME_NET any -> 43.143.228.239 7766 (msg: "MISP e25895 [NanoCore] Outgoing To IP: 43.143.228.239|7766"; classtype:trojan-activity; sid:37039551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25924 [] Domain mail.taravatco.com"; dns.query; content:"mail.taravatco.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.taravatco\.com$/i"; classtype:trojan-activity; sid:37056161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25924 [] Outgoing HTTP Domain mail.taravatco.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.taravatco.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.taravatco\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37056162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25924;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25924 [] Source Email Address: info@taravatco.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"info@taravatco.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37056171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25924;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25924 [] Destination Email Address: lightfireoku@protonmail.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"lightfireoku@protonmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37056181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25924;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25895 [Stealc] Outgoing URL http|3a|//gsggaoo.top/31b57f88e9b186cd.php"; flow:to_server,established; http.header; content:"gsggaoo.top"; fast_pattern; nocase; http.uri; content:"/31b57f88e9b186cd.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37039571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> 77.105.147.130 $HTTP_PORTS (msg: "MISP e25895 [] Outgoing URL http|3a|//77.105.147.130/api/firecom.php"; flow:to_server,established; http.header; content:"77.105.147.130"; fast_pattern; nocase; http.uri; content:"/api/firecom.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37039561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain modestessayevenmilwek.shop"; dns.query; content:"modestessayevenmilwek.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])modestessayevenmilwek\.shop$/i"; classtype:trojan-activity; sid:37039581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain modestessayevenmilwek.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"modestessayevenmilwek.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])modestessayevenmilwek\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain triangleseasonbenchwj.shop"; dns.query; content:"triangleseasonbenchwj.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])triangleseasonbenchwj\.shop$/i"; classtype:trojan-activity; sid:37039591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain triangleseasonbenchwj.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"triangleseasonbenchwj.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])triangleseasonbenchwj\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain secretionsuitcasenioise.shop"; dns.query; content:"secretionsuitcasenioise.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])secretionsuitcasenioise\.shop$/i"; classtype:trojan-activity; sid:37039601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain secretionsuitcasenioise.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"secretionsuitcasenioise.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])secretionsuitcasenioise\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain circulatejobspontane.shop"; dns.query; content:"circulatejobspontane.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])circulatejobspontane\.shop$/i"; classtype:trojan-activity; sid:37039611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain circulatejobspontane.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"circulatejobspontane.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])circulatejobspontane\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain tonguehypnothesislan.shop"; dns.query; content:"tonguehypnothesislan.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])tonguehypnothesislan\.shop$/i"; classtype:trojan-activity; sid:37039621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain tonguehypnothesislan.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tonguehypnothesislan.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tonguehypnothesislan\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain nationalistvetecanve.shop"; dns.query; content:"nationalistvetecanve.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])nationalistvetecanve\.shop$/i"; classtype:trojan-activity; sid:37039631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain nationalistvetecanve.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nationalistvetecanve.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nationalistvetecanve\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain inviteaccessiblesaltw.shop"; dns.query; content:"inviteaccessiblesaltw.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])inviteaccessiblesaltw\.shop$/i"; classtype:trojan-activity; sid:37039641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain inviteaccessiblesaltw.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"inviteaccessiblesaltw.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])inviteaccessiblesaltw\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain stamprollabbeymemberw.site"; dns.query; content:"stamprollabbeymemberw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])stamprollabbeymemberw\.site$/i"; classtype:trojan-activity; sid:37039651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain stamprollabbeymemberw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stamprollabbeymemberw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stamprollabbeymemberw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain donorwifeconfusionstronko.site"; dns.query; content:"donorwifeconfusionstronko.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])donorwifeconfusionstronko\.site$/i"; classtype:trojan-activity; sid:37039661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain donorwifeconfusionstronko.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"donorwifeconfusionstronko.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])donorwifeconfusionstronko\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain essayinterventiondepof.site"; dns.query; content:"essayinterventiondepof.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])essayinterventiondepof\.site$/i"; classtype:trojan-activity; sid:37039671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain essayinterventiondepof.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"essayinterventiondepof.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])essayinterventiondepof\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain smilesnugglemonstouseo.site"; dns.query; content:"smilesnugglemonstouseo.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])smilesnugglemonstouseo\.site$/i"; classtype:trojan-activity; sid:37039681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain smilesnugglemonstouseo.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smilesnugglemonstouseo.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smilesnugglemonstouseo\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain offsetundressdriveryjow.site"; dns.query; content:"offsetundressdriveryjow.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])offsetundressdriveryjow\.site$/i"; classtype:trojan-activity; sid:37039691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain offsetundressdriveryjow.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offsetundressdriveryjow.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offsetundressdriveryjow\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain publishfavorharbouroe.site"; dns.query; content:"publishfavorharbouroe.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])publishfavorharbouroe\.site$/i"; classtype:trojan-activity; sid:37039701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain publishfavorharbouroe.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"publishfavorharbouroe.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])publishfavorharbouroe\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain banquetmasteryfailurw.site"; dns.query; content:"banquetmasteryfailurw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])banquetmasteryfailurw\.site$/i"; classtype:trojan-activity; sid:37039711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain banquetmasteryfailurw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banquetmasteryfailurw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banquetmasteryfailurw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain exemptatmospherestingw.site"; dns.query; content:"exemptatmospherestingw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])exemptatmospherestingw\.site$/i"; classtype:trojan-activity; sid:37039721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain exemptatmospherestingw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"exemptatmospherestingw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])exemptatmospherestingw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain pavementpreferencewjiao.site"; dns.query; content:"pavementpreferencewjiao.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])pavementpreferencewjiao\.site$/i"; classtype:trojan-activity; sid:37039731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain pavementpreferencewjiao.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pavementpreferencewjiao.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pavementpreferencewjiao\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain benddiscoleideasbridrew.site"; dns.query; content:"benddiscoleideasbridrew.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])benddiscoleideasbridrew\.site$/i"; classtype:trojan-activity; sid:37039741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain benddiscoleideasbridrew.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"benddiscoleideasbridrew.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])benddiscoleideasbridrew\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain hovermeatglacierrjuw.site"; dns.query; content:"hovermeatglacierrjuw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])hovermeatglacierrjuw\.site$/i"; classtype:trojan-activity; sid:37039751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain hovermeatglacierrjuw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hovermeatglacierrjuw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hovermeatglacierrjuw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain mosaicyoungoccasionnyej.site"; dns.query; content:"mosaicyoungoccasionnyej.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])mosaicyoungoccasionnyej\.site$/i"; classtype:trojan-activity; sid:37039761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain mosaicyoungoccasionnyej.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mosaicyoungoccasionnyej.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mosaicyoungoccasionnyej\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [] Domain updaterootapplederjuios.site"; dns.query; content:"updaterootapplederjuios.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])updaterootapplederjuios\.site$/i"; classtype:trojan-activity; sid:37039771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [] Outgoing HTTP Domain updaterootapplederjuios.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"updaterootapplederjuios.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])updaterootapplederjuios\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 103.86.130.120 443 (msg: "MISP e25895 [c2,Get2] Outgoing To IP: 103.86.130.120|443"; classtype:trojan-activity; sid:37039781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 109.107.181.228 666 (msg: "MISP e25895 [Mirai] Outgoing To IP: 109.107.181.228|666"; classtype:trojan-activity; sid:37039791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 109.107.181.228 1676 (msg: "MISP e25895 [Mirai] Outgoing To IP: 109.107.181.228|1676"; classtype:trojan-activity; sid:37039801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 91.92.247.252 8276 (msg: "MISP e25895 [Mirai] Outgoing To IP: 91.92.247.252|8276"; classtype:trojan-activity; sid:37039811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 91.92.247.252 1312 (msg: "MISP e25895 [Mirai] Outgoing To IP: 91.92.247.252|1312"; classtype:trojan-activity; sid:37039821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 157.90.20.51 47753 (msg: "MISP e25895 [RedLineStealer] Outgoing To IP: 157.90.20.51|47753"; classtype:trojan-activity; sid:37039841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25895 [Loki] Outgoing URL http|3a|//xmail.cfd/pws/fre.php"; flow:to_server,established; http.header; content:"xmail.cfd"; fast_pattern; nocase; http.uri; content:"/pws/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37039851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25876 [] Domain personas.milab.digital"; dns.query; content:"personas.milab.digital"; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital$/i"; classtype:trojan-activity; sid:37035381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25876;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25876 [] Outgoing HTTP Domain personas.milab.digital"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"personas.milab.digital"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37035382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25876;) alert ip $HOME_NET any -> 78.46.251.181 443 (msg: "MISP e25895 [Vidar] Outgoing To IP: 78.46.251.181|443"; classtype:trojan-activity; sid:37039871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 74.91.116.12 5552 (msg: "MISP e25895 [njrat] Outgoing To IP: 74.91.116.12|5552"; classtype:trojan-activity; sid:37039891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25880 [] Domain cl-banco.estado-inicio.info"; dns.query; content:"cl-banco.estado-inicio.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\-banco\.estado\-inicio\.info$/i"; classtype:trojan-activity; sid:37037331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25880;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25880 [] Outgoing HTTP Domain cl-banco.estado-inicio.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cl-banco.estado-inicio.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\-banco\.estado\-inicio\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37037332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25880;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25895 [dcrat] Outgoing URL http|3a|//a0913447.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0913447.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37039901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25943 [] Domain railway.supply"; dns.query; content:"railway.supply"; nocase; pcre: "/(^|[^A-Za-z0-9-])railway\.supply$/i"; classtype:trojan-activity; sid:37057691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25943;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25943 [] Outgoing HTTP Domain railway.supply"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"railway.supply"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])railway\.supply[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37057692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25943;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e24600 [] Outgoing URL http|3a|//my-cnscard-lu.com/"; flow:to_server,established; http.header; content:"my-cnscard-lu.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain my-cnscard-lu.com"; dns.query; content:"my-cnscard-lu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-cnscard\-lu\.com$/i"; classtype:trojan-activity; sid:37056381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain my-cnscard-lu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"my-cnscard-lu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-cnscard\-lu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37056382; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e25895 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Domain 30.210.31.34.bc.googleusercontent.com"; dns.query; content:"30.210.31.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])30\.210\.31\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37039911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing HTTP Domain 30.210.31.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"30.210.31.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])30\.210\.31\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 20.163.176.140 80 (msg: "MISP e25895 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.163.176.140|80"; classtype:trojan-activity; sid:37039921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 129.226.154.245 888 (msg: "MISP e25895 [AS132203,c2,censys] Outgoing To IP: 129.226.154.245|888"; classtype:trojan-activity; sid:37039931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 129.226.154.245 8888 (msg: "MISP e25895 [AS132203,c2,censys] Outgoing To IP: 129.226.154.245|8888"; classtype:trojan-activity; sid:37039941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 47.99.66.200 8001 (msg: "MISP e25895 [AS37963,c2,censys] Outgoing To IP: 47.99.66.200|8001"; classtype:trojan-activity; sid:37039951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain www.164-90-169-184.cprapid.com"; dns.query; content:"www.164-90-169-184.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.164\-90\-169\-184\.cprapid\.com$/i"; classtype:trojan-activity; sid:37039961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain www.164-90-169-184.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.164-90-169-184.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.164\-90\-169\-184\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 64.226.76.0 443 (msg: "MISP e25895 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 64.226.76.0|443"; classtype:trojan-activity; sid:37039971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 137.175.97.93 80 (msg: "MISP e25895 [AS54600,c2,censys,PEG-SV] Outgoing To IP: 137.175.97.93|80"; classtype:trojan-activity; sid:37039981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 103.42.30.219 8088 (msg: "MISP e25895 [AS142032,c2,censys] Outgoing To IP: 103.42.30.219|8088"; classtype:trojan-activity; sid:37039991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 104.234.240.6 443 (msg: "MISP e25895 [AS212238,c2,CDNEXT,censys] Outgoing To IP: 104.234.240.6|443"; classtype:trojan-activity; sid:37040001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 192.3.101.133 88 (msg: "MISP e25895 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 192.3.101.133|88"; classtype:trojan-activity; sid:37040011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 192.3.101.133 4433 (msg: "MISP e25895 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 192.3.101.133|4433"; classtype:trojan-activity; sid:37040021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 101.43.161.148 8081 (msg: "MISP e25895 [AS45090,c2,censys] Outgoing To IP: 101.43.161.148|8081"; classtype:trojan-activity; sid:37040031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 43.249.9.224 2053 (msg: "MISP e25895 [AS142032,c2,censys] Outgoing To IP: 43.249.9.224|2053"; classtype:trojan-activity; sid:37040041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 3.133.3.35 443 (msg: "MISP e25895 [AMAZON-02,AS16509,c2,censys] Outgoing To IP: 3.133.3.35|443"; classtype:trojan-activity; sid:37040051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 20.215.41.119 31337 (msg: "MISP e25895 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.215.41.119|31337"; classtype:trojan-activity; sid:37040061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 172.96.172.203 8808 (msg: "MISP e25895 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 172.96.172.203|8808"; classtype:trojan-activity; sid:37040071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 172.96.172.203 7707 (msg: "MISP e25895 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 172.96.172.203|7707"; classtype:trojan-activity; sid:37040081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 46.246.82.4 2000 (msg: "MISP e25895 [AS42708,c2,censys,RAT] Outgoing To IP: 46.246.82.4|2000"; classtype:trojan-activity; sid:37040091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 216.250.254.227 6606 (msg: "MISP e25895 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 216.250.254.227|6606"; classtype:trojan-activity; sid:37040101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 216.250.254.227 8808 (msg: "MISP e25895 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 216.250.254.227|8808"; classtype:trojan-activity; sid:37040111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 45.154.98.190 7707 (msg: "MISP e25895 [AS210558,c2,censys,RAT] Outgoing To IP: 45.154.98.190|7707"; classtype:trojan-activity; sid:37040121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 45.154.98.190 6606 (msg: "MISP e25895 [AS210558,c2,censys,RAT] Outgoing To IP: 45.154.98.190|6606"; classtype:trojan-activity; sid:37040131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 45.145.55.81 8808 (msg: "MISP e25895 [AS8100,ASN-QUADRANET-GLOBAL,c2,censys,RAT] Outgoing To IP: 45.145.55.81|8808"; classtype:trojan-activity; sid:37040141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 172.96.172.69 6606 (msg: "MISP e25895 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 172.96.172.69|6606"; classtype:trojan-activity; sid:37040151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 27.79.88.176 8007 (msg: "MISP e25895 [AS7552,c2,censys,RAT] Outgoing To IP: 27.79.88.176|8007"; classtype:trojan-activity; sid:37040161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 62.109.15.32 80 (msg: "MISP e25895 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 62.109.15.32|80"; classtype:trojan-activity; sid:37040171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain evgenytchurakin4.fvds.ru"; dns.query; content:"evgenytchurakin4.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin4\.fvds\.ru$/i"; classtype:trojan-activity; sid:37040181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain evgenytchurakin4.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"evgenytchurakin4.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin4\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AS51167,c2,censys,CONTABO,HookBot] Domain webmail.jettresponse.com"; dns.query; content:"webmail.jettresponse.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\.jettresponse\.com$/i"; classtype:trojan-activity; sid:37040191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS51167,c2,censys,CONTABO,HookBot] Outgoing HTTP Domain webmail.jettresponse.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webmail.jettresponse.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\.jettresponse\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AS142032,c2,censys,HookBot] Domain tsaojzuv225.com"; dns.query; content:"tsaojzuv225.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tsaojzuv225\.com$/i"; classtype:trojan-activity; sid:37040201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS142032,c2,censys,HookBot] Outgoing HTTP Domain tsaojzuv225.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tsaojzuv225.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tsaojzuv225\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 185.216.70.117 80 (msg: "MISP e25895 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 185.216.70.117|80"; classtype:trojan-activity; sid:37040211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 20.6.81.237 80 (msg: "MISP e25895 [AS8075,c2,censys,HookBot,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.6.81.237|80"; classtype:trojan-activity; sid:37040221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 93.123.39.249 80 (msg: "MISP e25895 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 93.123.39.249|80"; classtype:trojan-activity; sid:37040231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 185.216.70.119 80 (msg: "MISP e25895 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 185.216.70.119|80"; classtype:trojan-activity; sid:37040241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 77.73.131.54 50555 (msg: "MISP e25895 [AEZA-AS,AS210644,c2,censys,HookBot] Outgoing To IP: 77.73.131.54|50555"; classtype:trojan-activity; sid:37040251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AS150452,c2,censys,HookBot] Domain hookqd.tttseo.com"; dns.query; content:"hookqd.tttseo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hookqd\.tttseo\.com$/i"; classtype:trojan-activity; sid:37040261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS150452,c2,censys,HookBot] Outgoing HTTP Domain hookqd.tttseo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hookqd.tttseo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hookqd\.tttseo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AS198953,c2,censys,HookBot,PROTON66] Domain pensive-shamir.45-134-26-33.plesk.page"; dns.query; content:"pensive-shamir.45-134-26-33.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])pensive\-shamir\.45\-134\-26\-33\.plesk\.page$/i"; classtype:trojan-activity; sid:37040271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS198953,c2,censys,HookBot,PROTON66] Outgoing HTTP Domain pensive-shamir.45-134-26-33.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pensive-shamir.45-134-26-33.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pensive\-shamir\.45\-134\-26\-33\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 149.28.148.246 80 (msg: "MISP e25895 [AS-CHOOPA,AS20473,c2,censys,HookBot] Outgoing To IP: 149.28.148.246|80"; classtype:trojan-activity; sid:37040281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 181.161.6.87 8080 (msg: "MISP e25895 [AS7418,c2,censys,RAT] Outgoing To IP: 181.161.6.87|8080"; classtype:trojan-activity; sid:37040291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 94.156.69.73 8080 (msg: "MISP e25895 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 94.156.69.73|8080"; classtype:trojan-activity; sid:37040301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 140.82.48.210 2404 (msg: "MISP e25895 [AS-CHOOPA,AS20473,c2,censys,RAT] Outgoing To IP: 140.82.48.210|2404"; classtype:trojan-activity; sid:37040311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 4.255.104.31 443 (msg: "MISP e25895 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 4.255.104.31|443"; classtype:trojan-activity; sid:37040321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AS24940,c2,censys,HETZNER-AS] Domain static.5.96.119.168.clients.your-server.de"; dns.query; content:"static.5.96.119.168.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.5\.96\.119\.168\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37040331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS24940,c2,censys,HETZNER-AS] Outgoing HTTP Domain static.5.96.119.168.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.5.96.119.168.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.5\.96\.119\.168\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AS30823,c2,censys] Domain vps-zap1095765-1.zap-srv.com"; dns.query; content:"vps-zap1095765-1.zap-srv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap1095765\-1\.zap\-srv\.com$/i"; classtype:trojan-activity; sid:37040341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS30823,c2,censys] Outgoing HTTP Domain vps-zap1095765-1.zap-srv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vps-zap1095765-1.zap-srv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap1095765\-1\.zap\-srv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AMAZON-02,AS16509,c2,censys] Domain ec2-52-76-234-184.ap-southeast-1.compute.amazonaws.com"; dns.query; content:"ec2-52-76-234-184.ap-southeast-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-76\-234\-184\.ap\-southeast\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37040351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-52-76-234-184.ap-southeast-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-52-76-234-184.ap-southeast-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-76\-234\-184\.ap\-southeast\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AMAZON-02,AS16509,c2,censys] Domain microsft-security.com"; dns.query; content:"microsft-security.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])microsft\-security\.com$/i"; classtype:trojan-activity; sid:37040361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain microsft-security.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"microsft-security.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])microsft\-security\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 185.238.171.42 4449 (msg: "MISP e25895 [AS58061,c2,censys,RAT,SCALAXY-AS] Outgoing To IP: 185.238.171.42|4449"; classtype:trojan-activity; sid:37040371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 195.62.47.154 8890 (msg: "MISP e25895 [AS397423,c2,censys,RAT,TIER-NET] Outgoing To IP: 195.62.47.154|8890"; classtype:trojan-activity; sid:37040381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 157.254.165.110 8888 (msg: "MISP e25895 [AS399486,c2,censys,RAT,VIRTUO] Outgoing To IP: 157.254.165.110|8888"; classtype:trojan-activity; sid:37040391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 103.243.180.7 5588 (msg: "MISP e25895 [AS133115,c2,censys,RAT] Outgoing To IP: 103.243.180.7|5588"; classtype:trojan-activity; sid:37040401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 103.243.180.16 5588 (msg: "MISP e25895 [AS133115,c2,censys,RAT] Outgoing To IP: 103.243.180.16|5588"; classtype:trojan-activity; sid:37040411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 172.233.240.86 8080 (msg: "MISP e25895 [AS63949,c2,censys,RAT] Outgoing To IP: 172.233.240.86|8080"; classtype:trojan-activity; sid:37040421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 194.48.251.11 4449 (msg: "MISP e25895 [AS203168,c2,censys,RAT,UNKNOW] Outgoing To IP: 194.48.251.11|4449"; classtype:trojan-activity; sid:37040431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 45.86.163.142 22533 (msg: "MISP e25895 [ACCELERATED-IT,AS31400,c2,censys,L3MON] Outgoing To IP: 45.86.163.142|22533"; classtype:trojan-activity; sid:37040441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 193.163.7.156 8008 (msg: "MISP e25895 [AS204601,c2,censys,RAT] Outgoing To IP: 193.163.7.156|8008"; classtype:trojan-activity; sid:37040451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 108.62.49.215 88 (msg: "MISP e25895 [AS396362,c2,censys,LEASEWEB-USA-NYC] Outgoing To IP: 108.62.49.215|88"; classtype:trojan-activity; sid:37040461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 5.42.67.10 80 (msg: "MISP e25895 [AS210352,c2,censys,SERVER4-AS] Outgoing To IP: 5.42.67.10|80"; classtype:trojan-activity; sid:37040471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 185.172.128.88 80 (msg: "MISP e25895 [AS216309,c2,censys,EVILEMPIRE-AS] Outgoing To IP: 185.172.128.88|80"; classtype:trojan-activity; sid:37040481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 94.156.68.254 80 (msg: "MISP e25895 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.68.254|80"; classtype:trojan-activity; sid:37040491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 94.156.68.253 80 (msg: "MISP e25895 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.68.253|80"; classtype:trojan-activity; sid:37040501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 142.93.191.198 7443 (msg: "MISP e25895 [AS14061,c2,censys,Covenant,DIGITALOCEAN-ASN] Outgoing To IP: 142.93.191.198|7443"; classtype:trojan-activity; sid:37040511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 41.216.183.64 443 (msg: "MISP e25895 [AS211138,c2,censys,Loader,NeptuneLoader,PRIVATEHOSTING-NET] Outgoing To IP: 41.216.183.64|443"; classtype:trojan-activity; sid:37040521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AEZA-AS,AS210644,c2,censys,stealer] Domain enter.showconfig.ru"; dns.query; content:"enter.showconfig.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])enter\.showconfig\.ru$/i"; classtype:trojan-activity; sid:37040531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AEZA-AS,AS210644,c2,censys,stealer] Outgoing HTTP Domain enter.showconfig.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"enter.showconfig.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])enter\.showconfig\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 54.237.138.159 443 (msg: "MISP e25895 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 54.237.138.159|443"; classtype:trojan-activity; sid:37040541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-44-196-101-127.compute-1.amazonaws.com"; dns.query; content:"ec2-44-196-101-127.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-44\-196\-101\-127\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37040551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-44-196-101-127.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-44-196-101-127.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-44\-196\-101\-127\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-3-208-95-157.compute-1.amazonaws.com"; dns.query; content:"ec2-3-208-95-157.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-208\-95\-157\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37040561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-3-208-95-157.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-208-95-157.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-208\-95\-157\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 212.193.11.40 80 (msg: "MISP e25895 [AS203394,c2,censys,MDCLOUD,UNAM] Outgoing To IP: 212.193.11.40|80"; classtype:trojan-activity; sid:37040571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 212.193.11.40 443 (msg: "MISP e25895 [AS203394,c2,censys,MDCLOUD,UNAM] Outgoing To IP: 212.193.11.40|443"; classtype:trojan-activity; sid:37040581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AS-REG,AS197695,c2,censys,UNAM] Domain mine-panel.space"; dns.query; content:"mine-panel.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])mine\-panel\.space$/i"; classtype:trojan-activity; sid:37040591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS-REG,AS197695,c2,censys,UNAM] Outgoing HTTP Domain mine-panel.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mine-panel.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mine\-panel\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AS-REG,AS197695,c2,censys,UNAM] Domain www.mine-panel.space"; dns.query; content:"www.mine-panel.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mine\-panel\.space$/i"; classtype:trojan-activity; sid:37040601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS-REG,AS197695,c2,censys,UNAM] Outgoing HTTP Domain www.mine-panel.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.mine-panel.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mine\-panel\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 114.115.145.188 8443 (msg: "MISP e25895 [AS23724,c2,censys,RedGuard] Outgoing To IP: 114.115.145.188|8443"; classtype:trojan-activity; sid:37040611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 142.171.229.85 2096 (msg: "MISP e25895 [AS35916,c2,censys,MULTA-ASN1,RedGuard] Outgoing To IP: 142.171.229.85|2096"; classtype:trojan-activity; sid:37040621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 182.16.35.147 60000 (msg: "MISP e25895 [AS45753,censys,Viper] Outgoing To IP: 182.16.35.147|60000"; classtype:trojan-activity; sid:37040631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 182.16.35.148 60000 (msg: "MISP e25895 [AS45753,censys,Viper] Outgoing To IP: 182.16.35.148|60000"; classtype:trojan-activity; sid:37040641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 182.16.35.150 60000 (msg: "MISP e25895 [AS45753,censys,Viper] Outgoing To IP: 182.16.35.150|60000"; classtype:trojan-activity; sid:37040651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 182.16.35.146 60000 (msg: "MISP e25895 [AS45753,censys,Viper] Outgoing To IP: 182.16.35.146|60000"; classtype:trojan-activity; sid:37040661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 107.172.144.7 60000 (msg: "MISP e25895 [AS-COLOCROSSING,AS36352,censys,Viper] Outgoing To IP: 107.172.144.7|60000"; classtype:trojan-activity; sid:37040671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 103.52.154.243 60000 (msg: "MISP e25895 [AS55020,censys,IDCCLOUD,Viper] Outgoing To IP: 103.52.154.243|60000"; classtype:trojan-activity; sid:37040681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 154.12.25.252 60000 (msg: "MISP e25895 [AS142032,censys,Viper] Outgoing To IP: 154.12.25.252|60000"; classtype:trojan-activity; sid:37040691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain apis.deenpel.com"; dns.query; content:"apis.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])apis\.deenpel\.com$/i"; classtype:trojan-activity; sid:37040701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain apis.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"apis.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])apis\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 3.18.169.79 8443 (msg: "MISP e25895 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.18.169.79|8443"; classtype:trojan-activity; sid:37040711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 20.73.188.143 3000 (msg: "MISP e25895 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.73.188.143|3000"; classtype:trojan-activity; sid:37040721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 40.68.94.216 3333 (msg: "MISP e25895 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 40.68.94.216|3333"; classtype:trojan-activity; sid:37040731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 54.252.170.245 3333 (msg: "MISP e25895 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 54.252.170.245|3333"; classtype:trojan-activity; sid:37040741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 13.244.70.207 443 (msg: "MISP e25895 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 13.244.70.207|443"; classtype:trojan-activity; sid:37040751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 20.126.32.228 3333 (msg: "MISP e25895 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.126.32.228|3333"; classtype:trojan-activity; sid:37040761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 161.97.89.128 3000 (msg: "MISP e25895 [AS51167,censys,CONTABO,GoPhish,phishing] Outgoing To IP: 161.97.89.128|3000"; classtype:trojan-activity; sid:37040771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 46.151.214.196 9090 (msg: "MISP e25895 [AS51975,censys,GoPhish,phishing] Outgoing To IP: 46.151.214.196|9090"; classtype:trojan-activity; sid:37040781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 152.32.131.171 3333 (msg: "MISP e25895 [AS135377,censys,GoPhish,phishing] Outgoing To IP: 152.32.131.171|3333"; classtype:trojan-activity; sid:37040791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 20.234.140.27 443 (msg: "MISP e25895 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.234.140.27|443"; classtype:trojan-activity; sid:37040801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 174.138.56.147 8080 (msg: "MISP e25895 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 174.138.56.147|8080"; classtype:trojan-activity; sid:37040811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 185.236.203.102 54600 (msg: "MISP e25895 [AS9009,AveMariaRAT,c2,censys,M247,RAT] Outgoing To IP: 185.236.203.102|54600"; classtype:trojan-activity; sid:37040821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 185.202.175.208 54600 (msg: "MISP e25895 [AS64236,AveMariaRAT,c2,censys,RAT,UNREAL-SERVERS] Outgoing To IP: 185.202.175.208|54600"; classtype:trojan-activity; sid:37040831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 45.128.133.21 443 (msg: "MISP e25895 [AS206804,c2,censys,ESTNOC-GLOBAL] Outgoing To IP: 45.128.133.21|443"; classtype:trojan-activity; sid:37040841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 157.230.175.190 7754 (msg: "MISP e25895 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 157.230.175.190|7754"; classtype:trojan-activity; sid:37040851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 103.186.117.186 2404 (msg: "MISP e25895 [RAT,RemcosRAT] Outgoing To IP: 103.186.117.186|2404"; classtype:trojan-activity; sid:37040861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [infostealer,LokiBot,stealer] Domain xmail.cfd"; dns.query; content:"xmail.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])xmail\.cfd$/i"; classtype:trojan-activity; sid:37039861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [infostealer,LokiBot,stealer] Outgoing HTTP Domain xmail.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xmail.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xmail\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 62.204.41.234 2222 (msg: "MISP e25895 [] Outgoing To IP: 62.204.41.234|2222"; classtype:trojan-activity; sid:37040871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [njrat,RAT] Domain yaniqueque.sytes.net"; dns.query; content:"yaniqueque.sytes.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])yaniqueque\.sytes\.net$/i"; classtype:trojan-activity; sid:37040881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [njrat,RAT] Outgoing HTTP Domain yaniqueque.sytes.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yaniqueque.sytes.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yaniqueque\.sytes\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25922 [] Source Email Address: secretary@z-abi.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"secretary@z-abi.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37055961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25922;) alert ip $HOME_NET any -> 157.90.2.31 any (msg: "MISP e25922 [] Outgoing To IP: 157.90.2.31"; classtype:trojan-activity; sid:37055971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25922;) alert dns any any -> any any (msg: "MISP e25881 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37038001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25881;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25881 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25881;) alert dns any any -> any any (msg: "MISP e25882 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37038081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25882;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25882 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25882;) alert dns any any -> any any (msg: "MISP e25883 [] Domain bepass-bestado.pages.dev"; dns.query; content:"bepass-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37038161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25883;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25883 [] Outgoing HTTP Domain bepass-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bepass-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25883;) alert http $HOME_NET any -> 45.15.156.229 $HTTP_PORTS (msg: "MISP e25895 [] Outgoing URL http|3a|//45.15.156.229/api/flash.php"; flow:to_server,established; http.header; content:"45.15.156.229"; fast_pattern; nocase; http.uri; content:"/api/flash.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37040891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> 77.105.147.130 $HTTP_PORTS (msg: "MISP e25895 [] Outgoing URL http|3a|//77.105.147.130/api/flash.php"; flow:to_server,established; http.header; content:"77.105.147.130"; fast_pattern; nocase; http.uri; content:"/api/flash.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37040901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25884 [] Domain portal-estado.pages.dev"; dns.query; content:"portal-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37038241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25884;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25884 [] Outgoing HTTP Domain portal-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25884;) alert dns any any -> any any (msg: "MISP e25885 [] Domain bepass-bestado.pages.dev"; dns.query; content:"bepass-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37038321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25885;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25885 [] Outgoing HTTP Domain bepass-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bepass-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25885;) alert dns any any -> any any (msg: "MISP e25886 [] Domain portal-banestado.pages.dev"; dns.query; content:"portal-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37038401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25886;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25886 [] Outgoing HTTP Domain portal-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25886;) alert dns any any -> any any (msg: "MISP e25887 [] Domain simula-banestado.pages.dev"; dns.query; content:"simula-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])simula\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37038481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25887;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25887 [] Outgoing HTTP Domain simula-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"simula-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])simula\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25887;) alert dns any any -> any any (msg: "MISP e25888 [] Domain micro-bancaestado.pages.dev"; dns.query; content:"micro-bancaestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37038561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25888;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25888 [] Outgoing HTTP Domain micro-bancaestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"micro-bancaestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25888;) alert dns any any -> any any (msg: "MISP e25889 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:37038641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25889;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25889 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25889;) alert dns any any -> any any (msg: "MISP e25890 [] Domain ingreso-banestado.pages.dev"; dns.query; content:"ingreso-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])ingreso\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37038721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25890;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25890 [] Outgoing HTTP Domain ingreso-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ingreso-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ingreso\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25890;) alert dns any any -> any any (msg: "MISP e25891 [] Domain itavbancaempresas.online"; dns.query; content:"itavbancaempresas.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])itavbancaempresas\.online$/i"; classtype:trojan-activity; sid:37038811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25891;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25891 [] Outgoing HTTP Domain itavbancaempresas.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"itavbancaempresas.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])itavbancaempresas\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25891;) alert dns any any -> any any (msg: "MISP e25921 [] Domain kitfishstore.ru"; dns.query; content:"kitfishstore.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])kitfishstore\.ru$/i"; classtype:trojan-activity; sid:37055861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25921;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25921 [] Outgoing HTTP Domain kitfishstore.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kitfishstore.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kitfishstore\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25921;) alert ip $HOME_NET any -> 92.246.130.99 any (msg: "MISP e25921 [] Outgoing To IP: 92.246.130.99"; classtype:trojan-activity; sid:37055841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25921;) alert dns any any -> any any (msg: "MISP e25921 [] Domain homemademagazine.ru"; dns.query; content:"homemademagazine.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])homemademagazine\.ru$/i"; classtype:trojan-activity; sid:37055851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25921;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25921 [] Outgoing HTTP Domain homemademagazine.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"homemademagazine.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])homemademagazine\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25921;) alert ip $HOME_NET any -> 46.246.14.16 2552 (msg: "MISP e25895 [njrat] Outgoing To IP: 46.246.14.16|2552"; classtype:trojan-activity; sid:37040911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 46.246.80.14 2054 (msg: "MISP e25895 [njrat] Outgoing To IP: 46.246.80.14|2054"; classtype:trojan-activity; sid:37040921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 185.202.239.171 80 (msg: "MISP e25895 [c2,cobalt_strike] Outgoing To IP: 185.202.239.171|80"; classtype:trojan-activity; sid:37040931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25892 [] Outgoing URL http|3a|//bancochile-cl-login-bancochile-cl-login.home-it.cfd"; flow:to_server,established; http.header; content:"bancochile-cl-login-bancochile-cl-login.home-it.cfd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37038881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25892;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25892 [] Outgoing URL http|3a|//bancochile-cl-login-bancochile-cl-login.home-it.cfd/1707244269/bancochile-web/persona/login/index.html/login"; flow:to_server,established; http.header; content:"bancochile-cl-login-bancochile-cl-login.home-it.cfd"; fast_pattern; nocase; http.uri; content:"/1707244269/bancochile-web/persona/login/index.html/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37038891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25892;) alert dns any any -> any any (msg: "MISP e25892 [] Domain bancochile-cl-login-bancochile-cl-login.home-it.cfd"; dns.query; content:"bancochile-cl-login-bancochile-cl-login.home-it.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancochile\-cl\-login\-bancochile\-cl\-login\.home\-it\.cfd$/i"; classtype:trojan-activity; sid:37038901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25892;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25892 [] Outgoing HTTP Domain bancochile-cl-login-bancochile-cl-login.home-it.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancochile-cl-login-bancochile-cl-login.home-it.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancochile\-cl\-login\-bancochile\-cl\-login\.home\-it\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25892;) alert http $HOME_NET any -> 80.66.75.53 $HTTP_PORTS (msg: "MISP e25895 [CobaltStrike,cs-watermark-987654321,Kakharov Orinbassar Maratuly] Outgoing URL http|3a|//80.66.75.53/functionalstatus/nprgttmfrtmijp7xaraq7p87jp9"; flow:to_server,established; http.header; content:"80.66.75.53"; fast_pattern; nocase; http.uri; content:"/functionalstatus/nprgttmfrtmijp7xaraq7p87jp9"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37040971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> 5.101.0.245 $HTTP_PORTS (msg: "MISP e25895 [CobaltStrike,cs-watermark-1580103824,Petersburg Internet Network ltd.] Outgoing URL http|3a|//5.101.0.245/updates.rss"; flow:to_server,established; http.header; content:"5.101.0.245"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37040981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 143.198.131.4 7443 (msg: "MISP e25895 [DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 143.198.131.4|7443"; classtype:trojan-activity; sid:37040991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 217.114.43.93 7443 (msg: "MISP e25895 [CHSN-AS,Mythic] Outgoing To IP: 217.114.43.93|7443"; classtype:trojan-activity; sid:37041001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 103.152.221.43 6607 (msg: "MISP e25895 [Deimos,EDCL-AS-AP Eons Data Communications Limited] Outgoing To IP: 103.152.221.43|6607"; classtype:trojan-activity; sid:37041011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 190.28.91.39 443 (msg: "MISP e25895 [EPM Telecomunicaciones S.A. E.S.P.,QakBot] Outgoing To IP: 190.28.91.39|443"; classtype:trojan-activity; sid:37041021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 188.54.98.85 995 (msg: "MISP e25895 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 188.54.98.85|995"; classtype:trojan-activity; sid:37041031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 139.59.10.184 8888 (msg: "MISP e25895 [DIGITALOCEAN-ASN,Supershell] Outgoing To IP: 139.59.10.184|8888"; classtype:trojan-activity; sid:37041041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25895 [njrat,RAT] Domain alma27.duckdns.org"; dns.query; content:"alma27.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])alma27\.duckdns\.org$/i"; classtype:trojan-activity; sid:37040941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25895 [njrat,RAT] Outgoing HTTP Domain alma27.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"alma27.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])alma27\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37040942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 79.137.203.183 36235 (msg: "MISP e25895 [infostealer,RedLine,stealer] Outgoing To IP: 79.137.203.183|36235"; classtype:trojan-activity; sid:37040951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 39.105.101.138 9999 (msg: "MISP e25895 [c2,cobalt_strike] Outgoing To IP: 39.105.101.138|9999"; classtype:trojan-activity; sid:37041051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 94.156.65.204 443 (msg: "MISP e25895 [c2,cobalt_strike] Outgoing To IP: 94.156.65.204|443"; classtype:trojan-activity; sid:37041061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25937 [] Domain e-teismai.lt-paslaugos.net"; dns.query; content:"e-teismai.lt-paslaugos.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslaugos\.net$/i"; classtype:trojan-activity; sid:37057531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25937;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25937 [] Outgoing HTTP Domain e-teismai.lt-paslaugos.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslaugos.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslaugos\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37057532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25937;) alert ip $HOME_NET any -> 82.102.19.88 any (msg: "MISP e26087 [] Outgoing To IP: 82.102.19.88"; classtype:trojan-activity; sid:37129051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26087;) alert ip $HOME_NET any -> 62.115.255.163 any (msg: "MISP e26087 [] Outgoing To IP: 62.115.255.163"; classtype:trojan-activity; sid:37129061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26087;) alert ip $HOME_NET any -> 193.34.167.245 any (msg: "MISP e26087 [] Outgoing To IP: 193.34.167.245"; classtype:trojan-activity; sid:37129071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26087;) alert dns any any -> any any (msg: "MISP e25936 [] Domain teismai.e-lt-paslaugos.net"; dns.query; content:"teismai.e-lt-paslaugos.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])teismai\.e\-lt\-paslaugos\.net$/i"; classtype:trojan-activity; sid:37057501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25936;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25936 [] Outgoing HTTP Domain teismai.e-lt-paslaugos.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"teismai.e-lt-paslaugos.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])teismai\.e\-lt\-paslaugos\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37057502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25936;) alert dns any any -> any any (msg: "MISP e25935 [] Domain e-teismai.lt-paslaugos.net"; dns.query; content:"e-teismai.lt-paslaugos.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslaugos\.net$/i"; classtype:trojan-activity; sid:37057471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25935;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25935 [] Outgoing HTTP Domain e-teismai.lt-paslaugos.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslaugos.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslaugos\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37057472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25935;) alert ip $HOME_NET any -> 93.115.22.212 any (msg: "MISP e26087 [] Outgoing To IP: 93.115.22.212"; classtype:trojan-activity; sid:37129081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26087;) alert ip $HOME_NET any -> 95.179.176.250 any (msg: "MISP e26087 [] Outgoing To IP: 95.179.176.250"; classtype:trojan-activity; sid:37129091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26087;) alert dns any any -> any any (msg: "MISP e26087 [] Hostname lo0.systemctl.network"; dns.query; content:"lo0.systemctl.network"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lo0\.systemctl\.network$/i"; classtype:trojan-activity; sid:37129101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26087;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26087 [] Outgoing HTTP Hostname lo0.systemctl.network"; flow:to_server,established; http.header; content: "Host|3a| lo0.systemctl.network"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lo0\.systemctl\.network[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26087;) alert dns any any -> any any (msg: "MISP e26087 [] Hostname forward.boord.info"; dns.query; content:"forward.boord.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])forward\.boord\.info$/i"; classtype:trojan-activity; sid:37129111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26087;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26087 [] Outgoing HTTP Hostname forward.boord.info"; flow:to_server,established; http.header; content: "Host|3a| forward.boord.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])forward\.boord\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26087;) alert dns any any -> any any (msg: "MISP e25918 [] Hostname edgchizmetler2024.tech"; dns.query; content:"edgchizmetler2024.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edgchizmetler2024\.tech$/i"; classtype:trojan-activity; sid:37042761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25918;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25918 [] Outgoing HTTP Hostname edgchizmetler2024.tech"; flow:to_server,established; http.header; content: "Host|3a| edgchizmetler2024.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edgchizmetler2024\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37042762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25918;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25918 [] Outgoing URL http|3a|//edgchizmetler2024.tech"; flow:to_server,established; http.header; content:"edgchizmetler2024.tech"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37042781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25918;) alert dns any any -> any any (msg: "MISP e25938 [] Domain teismai.e-lt-paslaugos.net"; dns.query; content:"teismai.e-lt-paslaugos.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])teismai\.e\-lt\-paslaugos\.net$/i"; classtype:trojan-activity; sid:37057561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25938;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25938 [] Outgoing HTTP Domain teismai.e-lt-paslaugos.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"teismai.e-lt-paslaugos.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])teismai\.e\-lt\-paslaugos\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37057562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25938;) alert dns any any -> any any (msg: "MISP e25940 [] Domain teismai.e-lt-paslaugos.net"; dns.query; content:"teismai.e-lt-paslaugos.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])teismai\.e\-lt\-paslaugos\.net$/i"; classtype:trojan-activity; sid:37057621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25940;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25940 [] Outgoing HTTP Domain teismai.e-lt-paslaugos.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"teismai.e-lt-paslaugos.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])teismai\.e\-lt\-paslaugos\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37057622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25940;) alert dns any any -> any any (msg: "MISP e25939 [] Domain pub-ae79eb6fb4ed4fa18e0a130a68483769.r2.dev"; dns.query; content:"pub-ae79eb6fb4ed4fa18e0a130a68483769.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-ae79eb6fb4ed4fa18e0a130a68483769\.r2\.dev$/i"; classtype:trojan-activity; sid:37057591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25939;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25939 [] Outgoing HTTP Domain pub-ae79eb6fb4ed4fa18e0a130a68483769.r2.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pub-ae79eb6fb4ed4fa18e0a130a68483769.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-ae79eb6fb4ed4fa18e0a130a68483769\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37057592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25939;) alert dns any any -> any any (msg: "MISP e26086 [] Domain imohub.net"; dns.query; content:"imohub.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])imohub\.net$/i"; classtype:trojan-activity; sid:37129001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26086;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26086 [] Outgoing HTTP Domain imohub.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"imohub.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])imohub\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26086;) alert dns any any -> any any (msg: "MISP e26086 [] Hostname 22.imohub.workers.dev"; dns.query; content:"22.imohub.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])22\.imohub\.workers\.dev$/i"; classtype:trojan-activity; sid:37129011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26086;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26086 [] Outgoing HTTP Hostname 22.imohub.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 22.imohub.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])22\.imohub\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26086;) alert dns any any -> any any (msg: "MISP e26086 [] Domain apple-analyser.com"; dns.query; content:"apple-analyser.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])apple\-analyser\.com$/i"; classtype:trojan-activity; sid:37129021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26086;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26086 [] Outgoing HTTP Domain apple-analyser.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"apple-analyser.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])apple\-analyser\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26086;) alert dns any any -> any any (msg: "MISP e26086 [] Domain apple-health.org"; dns.query; content:"apple-health.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])apple\-health\.org$/i"; classtype:trojan-activity; sid:37129031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26086;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26086 [] Outgoing HTTP Domain apple-health.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"apple-health.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])apple\-health\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26086;) alert ip $HOME_NET any -> 45.9.148.193 any (msg: "MISP e26085 [] Outgoing To IP: 45.9.148.193"; classtype:trojan-activity; sid:37127721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26085;) alert ip $HOME_NET any -> 103.127.43.208 any (msg: "MISP e26085 [] Outgoing To IP: 103.127.43.208"; classtype:trojan-activity; sid:37127731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26085;) alert ip $HOME_NET any -> 92.246.138.88 3790 (msg: "MISP e25895 [c2,Meterpreter] Outgoing To IP: 92.246.138.88|3790"; classtype:trojan-activity; sid:37041071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 91.92.255.145 443 (msg: "MISP e25895 [c2,cobalt_strike] Outgoing To IP: 91.92.255.145|443"; classtype:trojan-activity; sid:37041081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 109.234.38.247 443 (msg: "MISP e25895 [danabot] Outgoing To IP: 109.234.38.247|443"; classtype:trojan-activity; sid:37041091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 46.149.77.41 443 (msg: "MISP e25895 [danabot] Outgoing To IP: 46.149.77.41|443"; classtype:trojan-activity; sid:37041101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 187.135.83.117 2259 (msg: "MISP e25895 [c2,darkcomet] Outgoing To IP: 187.135.83.117|2259"; classtype:trojan-activity; sid:37041111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 41.96.128.248 1177 (msg: "MISP e25895 [c2,njrat] Outgoing To IP: 41.96.128.248|1177"; classtype:trojan-activity; sid:37041121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 187.135.83.117 1800 (msg: "MISP e25895 [c2,darkcomet] Outgoing To IP: 187.135.83.117|1800"; classtype:trojan-activity; sid:37041131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert ip $HOME_NET any -> 117.72.15.82 443 (msg: "MISP e25895 [CobaltStrike] Outgoing To IP: 117.72.15.82|443"; classtype:trojan-activity; sid:37041151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> 194.87.93.199 $HTTP_PORTS (msg: "MISP e25895 [dcrat] Outgoing URL http|3a|//194.87.93.199/6provider/_cdn/baseupdatelinux/trafficasyncwprequest/imagevmdefaultbaselinuxasyncuniversaltemporary.php"; flow:to_server,established; http.header; content:"194.87.93.199"; fast_pattern; nocase; http.uri; content:"/6provider/_cdn/baseupdatelinux/trafficasyncwprequest/imagevmdefaultbaselinuxasyncuniversaltemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37041161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25893 [] Domain www-mitarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"www-mitarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-mitarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37038991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25893;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25893 [] Outgoing HTTP Domain www-mitarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www-mitarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-mitarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37038992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25893;) alert dns any any -> any any (msg: "MISP e25894 [] Domain home-bancoitau-cl-bancoitau-cl-home-bancoitau-cl-bancoitau-cl.banestado-cl.sbs"; dns.query; content:"home-bancoitau-cl-bancoitau-cl-home-bancoitau-cl-bancoitau-cl.banestado-cl.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])home\-bancoitau\-cl\-bancoitau\-cl\-home\-bancoitau\-cl\-bancoitau\-cl\.banestado\-cl\.sbs$/i"; classtype:trojan-activity; sid:37039081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25894;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25894 [] Outgoing HTTP Domain home-bancoitau-cl-bancoitau-cl-home-bancoitau-cl-bancoitau-cl.banestado-cl.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"home-bancoitau-cl-bancoitau-cl-home-bancoitau-cl-bancoitau-cl.banestado-cl.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])home\-bancoitau\-cl\-bancoitau\-cl\-home\-bancoitau\-cl\-bancoitau\-cl\.banestado\-cl\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37039082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25894;) alert http $HOME_NET any -> 119.3.220.200 9080 (msg: "MISP e25895 [CobaltStrike,cs-watermark-391144938,Huawei Cloud Service data center] Outgoing URL http|3a|//119.3.220.200|3a|9080/ca"; flow:to_server,established; http.header; content:"119.3.220.200"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37041171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> 101.201.46.105 7777 (msg: "MISP e25895 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938] Outgoing URL http|3a|//101.201.46.105|3a|7777/cx"; flow:to_server,established; http.header; content:"101.201.46.105"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37041181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert http $HOME_NET any -> 101.201.46.105 1234 (msg: "MISP e25895 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938] Outgoing URL http|3a|//101.201.46.105|3a|1234/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"101.201.46.105"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37041201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25895;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wallet-resolve.pages.dev"; dns.query; content:"wallet-resolve.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wallet\-resolve\.pages\.dev$/i"; classtype:trojan-activity; sid:37051581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wallet-resolve.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| wallet-resolve.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wallet\-resolve\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//wallet-resolve.pages.dev"; flow:to_server,established; http.header; content:"wallet-resolve.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname jeary1.dreamhosters.com"; dns.query; content:"jeary1.dreamhosters.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jeary1\.dreamhosters\.com$/i"; classtype:trojan-activity; sid:37051611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname jeary1.dreamhosters.com"; flow:to_server,established; http.header; content: "Host|3a| jeary1.dreamhosters.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jeary1\.dreamhosters\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname meine-ruckerstattung.swisskomm.ch"; dns.query; content:"meine-ruckerstattung.swisskomm.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meine\-ruckerstattung\.swisskomm\.ch$/i"; classtype:trojan-activity; sid:37051641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname meine-ruckerstattung.swisskomm.ch"; flow:to_server,established; http.header; content: "Host|3a| meine-ruckerstattung.swisskomm.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meine\-ruckerstattung\.swisskomm\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname cashouteen.blogspot.com"; dns.query; content:"cashouteen.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cashouteen\.blogspot\.com$/i"; classtype:trojan-activity; sid:37051671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname cashouteen.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| cashouteen.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cashouteen\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname s.ecu.edu.au"; dns.query; content:"s.ecu.edu.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s\.ecu\.edu\.au$/i"; classtype:trojan-activity; sid:37051701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname s.ecu.edu.au"; flow:to_server,established; http.header; content: "Host|3a| s.ecu.edu.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s\.ecu\.edu\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname manmal15.dream.press"; dns.query; content:"manmal15.dream.press"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])manmal15\.dream\.press$/i"; classtype:trojan-activity; sid:37051731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname manmal15.dream.press"; flow:to_server,established; http.header; content: "Host|3a| manmal15.dream.press"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])manmal15\.dream\.press[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname knm.zsr.mybluehost.me"; dns.query; content:"knm.zsr.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])knm\.zsr\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37051761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname knm.zsr.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| knm.zsr.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])knm\.zsr\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname tecmec.org.br"; dns.query; content:"tecmec.org.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tecmec\.org\.br$/i"; classtype:trojan-activity; sid:37051791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname tecmec.org.br"; flow:to_server,established; http.header; content: "Host|3a| tecmec.org.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tecmec\.org\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname knm.zsr.mybluehost.me"; dns.query; content:"knm.zsr.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])knm\.zsr\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37051821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname knm.zsr.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| knm.zsr.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])knm\.zsr\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname dreamcsking.com"; dns.query; content:"dreamcsking.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dreamcsking\.com$/i"; classtype:trojan-activity; sid:37051851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname dreamcsking.com"; flow:to_server,established; http.header; content: "Host|3a| dreamcsking.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dreamcsking\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37051881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37051911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev/ac56ca32-2e3c-4f3f-bf1a-3d5f284091f4"; flow:to_server,established; http.header; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; http.uri; content:"/ac56ca32-2e3c-4f3f-bf1a-3d5f284091f4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname pdf.officelive365.workers.dev"; dns.query; content:"pdf.officelive365.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pdf\.officelive365\.workers\.dev$/i"; classtype:trojan-activity; sid:37051941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname pdf.officelive365.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| pdf.officelive365.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pdf\.officelive365\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//pdf.officelive365.workers.dev/"; flow:to_server,established; http.header; content:"pdf.officelive365.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37051951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37051971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37051972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37052001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37052031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37052061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev/b67d2690-cc7b-4488-a8e4-97f9739d4c75"; flow:to_server,established; http.header; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; http.uri; content:"/b67d2690-cc7b-4488-a8e4-97f9739d4c75"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37052071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname pub-c81549f289e6437f8e37f760b609c45b.r2.dev"; dns.query; content:"pub-c81549f289e6437f8e37f760b609c45b.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-c81549f289e6437f8e37f760b609c45b\.r2\.dev$/i"; classtype:trojan-activity; sid:37052091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname pub-c81549f289e6437f8e37f760b609c45b.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-c81549f289e6437f8e37f760b609c45b.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-c81549f289e6437f8e37f760b609c45b\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wap.king888.top"; dns.query; content:"wap.king888.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wap\.king888\.top$/i"; classtype:trojan-activity; sid:37052121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wap.king888.top"; flow:to_server,established; http.header; content: "Host|3a| wap.king888.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wap\.king888\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegramsites.com"; dns.query; content:"telegramsites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsites\.com$/i"; classtype:trojan-activity; sid:37052151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegramsites.com"; flow:to_server,established; http.header; content: "Host|3a| telegramsites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegramsites.com/assets/img/t_main_android_demo.mp4"; flow:to_server,established; http.header; content:"telegramsites.com"; fast_pattern; nocase; http.uri; content:"/assets/img/t_main_android_demo.mp4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37052161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname tgadminuser.ailifecenter.com"; dns.query; content:"tgadminuser.ailifecenter.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.ailifecenter\.com$/i"; classtype:trojan-activity; sid:37052181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname tgadminuser.ailifecenter.com"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.ailifecenter.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.ailifecenter\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname tg-telegram.club"; dns.query; content:"tg-telegram.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\-telegram\.club$/i"; classtype:trojan-activity; sid:37052211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname tg-telegram.club"; flow:to_server,established; http.header; content: "Host|3a| tg-telegram.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\-telegram\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telejrem.cn"; dns.query; content:"telejrem.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telejrem\.cn$/i"; classtype:trojan-activity; sid:37052241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telejrem.cn"; flow:to_server,established; http.header; content: "Host|3a| telejrem.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telejrem\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telejrem.cn/web"; flow:to_server,established; http.header; content:"telejrem.cn"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37052251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname jawatan-kosong.sumber-media.my.id"; dns.query; content:"jawatan-kosong.sumber-media.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jawatan\-kosong\.sumber\-media\.my\.id$/i"; classtype:trojan-activity; sid:37052271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname jawatan-kosong.sumber-media.my.id"; flow:to_server,established; http.header; content: "Host|3a| jawatan-kosong.sumber-media.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jawatan\-kosong\.sumber\-media\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname teleqrcm.cc"; dns.query; content:"teleqrcm.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleqrcm\.cc$/i"; classtype:trojan-activity; sid:37052301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname teleqrcm.cc"; flow:to_server,established; http.header; content: "Host|3a| teleqrcm.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleqrcm\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//teleqrcm.cc/"; flow:to_server,established; http.header; content:"teleqrcm.cc"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37052311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegram.virtupaper.co.in"; dns.query; content:"telegram.virtupaper.co.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.virtupaper\.co\.in$/i"; classtype:trojan-activity; sid:37052331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegram.virtupaper.co.in"; flow:to_server,established; http.header; content: "Host|3a| telegram.virtupaper.co.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.virtupaper\.co\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname informasiterbaruklik.my.id"; dns.query; content:"informasiterbaruklik.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasiterbaruklik\.my\.id$/i"; classtype:trojan-activity; sid:37052361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname informasiterbaruklik.my.id"; flow:to_server,established; http.header; content: "Host|3a| informasiterbaruklik.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasiterbaruklik\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname swisspasschauthanticat564.web.app"; dns.query; content:"swisspasschauthanticat564.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspasschauthanticat564\.web\.app$/i"; classtype:trojan-activity; sid:37052391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname swisspasschauthanticat564.web.app"; flow:to_server,established; http.header; content: "Host|3a| swisspasschauthanticat564.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspasschauthanticat564\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname knm.zsr.mybluehost.me"; dns.query; content:"knm.zsr.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])knm\.zsr\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37052421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname knm.zsr.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| knm.zsr.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])knm\.zsr\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname ycq.wog.mybluehost.me"; dns.query; content:"ycq.wog.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ycq\.wog\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37052451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname ycq.wog.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| ycq.wog.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ycq\.wog\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname sp-track.nomosmarket.com.ua"; dns.query; content:"sp-track.nomosmarket.com.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sp\-track\.nomosmarket\.com\.ua$/i"; classtype:trojan-activity; sid:37052481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname sp-track.nomosmarket.com.ua"; flow:to_server,established; http.header; content: "Host|3a| sp-track.nomosmarket.com.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sp\-track\.nomosmarket\.com\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname unstintoseoutrostantos.com.br"; dns.query; content:"unstintoseoutrostantos.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unstintoseoutrostantos\.com\.br$/i"; classtype:trojan-activity; sid:37052511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname unstintoseoutrostantos.com.br"; flow:to_server,established; http.header; content: "Host|3a| unstintoseoutrostantos.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unstintoseoutrostantos\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname cs-securesign.s-host.net"; dns.query; content:"cs-securesign.s-host.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cs\-securesign\.s\-host\.net$/i"; classtype:trojan-activity; sid:37052541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname cs-securesign.s-host.net"; flow:to_server,established; http.header; content: "Host|3a| cs-securesign.s-host.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cs\-securesign\.s\-host\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tinyurl.com/bttdhw723"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/bttdhw723"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37052611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tinyurl.com/5fkuvpju"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/5fkuvpju"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37052671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname tfda12145.emailsys2a.net"; dns.query; content:"tfda12145.emailsys2a.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tfda12145\.emailsys2a\.net$/i"; classtype:trojan-activity; sid:37052691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname tfda12145.emailsys2a.net"; flow:to_server,established; http.header; content: "Host|3a| tfda12145.emailsys2a.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tfda12145\.emailsys2a\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname terraqotta.com"; dns.query; content:"terraqotta.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])terraqotta\.com$/i"; classtype:trojan-activity; sid:37052721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname terraqotta.com"; flow:to_server,established; http.header; content: "Host|3a| terraqotta.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])terraqotta\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname magicsquareaff.com"; dns.query; content:"magicsquareaff.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])magicsquareaff\.com$/i"; classtype:trojan-activity; sid:37052751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname magicsquareaff.com"; flow:to_server,established; http.header; content: "Host|3a| magicsquareaff.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])magicsquareaff\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname terraqotta.com"; dns.query; content:"terraqotta.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])terraqotta\.com$/i"; classtype:trojan-activity; sid:37052781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname terraqotta.com"; flow:to_server,established; http.header; content: "Host|3a| terraqotta.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])terraqotta\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname jsps0809089.hubside.fr"; dns.query; content:"jsps0809089.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jsps0809089\.hubside\.fr$/i"; classtype:trojan-activity; sid:37052811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname jsps0809089.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| jsps0809089.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jsps0809089\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname elitecareerschools.pages.dev"; dns.query; content:"elitecareerschools.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])elitecareerschools\.pages\.dev$/i"; classtype:trojan-activity; sid:37052841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname elitecareerschools.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| elitecareerschools.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])elitecareerschools\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//elitecareerschools.pages.dev"; flow:to_server,established; http.header; content:"elitecareerschools.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37052851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname s1.inadobsardil.com"; dns.query; content:"s1.inadobsardil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.inadobsardil\.com$/i"; classtype:trojan-activity; sid:37052871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname s1.inadobsardil.com"; flow:to_server,established; http.header; content: "Host|3a| s1.inadobsardil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.inadobsardil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 0lcf8crid765y-1324239560.cos.ap-mumbai.myqcloud.com"; dns.query; content:"0lcf8crid765y-1324239560.cos.ap-mumbai.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0lcf8crid765y\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37052931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 0lcf8crid765y-1324239560.cos.ap-mumbai.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| 0lcf8crid765y-1324239560.cos.ap-mumbai.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0lcf8crid765y\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname spacefile.github.io"; dns.query; content:"spacefile.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])spacefile\.github\.io$/i"; classtype:trojan-activity; sid:37052961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname spacefile.github.io"; flow:to_server,established; http.header; content: "Host|3a| spacefile.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])spacefile\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname zapper.pages.dev"; dns.query; content:"zapper.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zapper\.pages\.dev$/i"; classtype:trojan-activity; sid:37052991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname zapper.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| zapper.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zapper\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37052992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 0u5ah5vo6d26u-1324239560.cos.na-siliconvalley.myqcloud.com"; dns.query; content:"0u5ah5vo6d26u-1324239560.cos.na-siliconvalley.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0u5ah5vo6d26u\-1324239560\.cos\.na\-siliconvalley\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37053021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 0u5ah5vo6d26u-1324239560.cos.na-siliconvalley.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| 0u5ah5vo6d26u-1324239560.cos.na-siliconvalley.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0u5ah5vo6d26u\-1324239560\.cos\.na\-siliconvalley\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname esiuedhobrveosguarogdjboines04.pages.dev"; dns.query; content:"esiuedhobrveosguarogdjboines04.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])esiuedhobrveosguarogdjboines04\.pages\.dev$/i"; classtype:trojan-activity; sid:37053051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname esiuedhobrveosguarogdjboines04.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| esiuedhobrveosguarogdjboines04.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])esiuedhobrveosguarogdjboines04\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//esiuedhobrveosguarogdjboines04.pages.dev"; flow:to_server,established; http.header; content:"esiuedhobrveosguarogdjboines04.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegramsexmellany.pages.dev"; dns.query; content:"telegramsexmellany.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsexmellany\.pages\.dev$/i"; classtype:trojan-activity; sid:37053081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegramsexmellany.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramsexmellany.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsexmellany\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegramsexmellany.pages.dev"; flow:to_server,established; http.header; content:"telegramsexmellany.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname imtoken-ax.net"; dns.query; content:"imtoken-ax.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ax\.net$/i"; classtype:trojan-activity; sid:37053141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname imtoken-ax.net"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ax.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ax\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//imtoken-ax.net"; flow:to_server,established; http.header; content:"imtoken-ax.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname connectwebio.pages.dev"; dns.query; content:"connectwebio.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])connectwebio\.pages\.dev$/i"; classtype:trojan-activity; sid:37053171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname connectwebio.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| connectwebio.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])connectwebio\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//connectwebio.pages.dev"; flow:to_server,established; http.header; content:"connectwebio.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname dffd.pages.dev"; dns.query; content:"dffd.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dffd\.pages\.dev$/i"; classtype:trojan-activity; sid:37053201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname dffd.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dffd.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dffd\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//dffd.pages.dev"; flow:to_server,established; http.header; content:"dffd.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wasexxnew.pages.dev"; dns.query; content:"wasexxnew.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wasexxnew\.pages\.dev$/i"; classtype:trojan-activity; sid:37053231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wasexxnew.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| wasexxnew.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wasexxnew\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//wasexxnew.pages.dev"; flow:to_server,established; http.header; content:"wasexxnew.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname prmainchains.pages.dev"; dns.query; content:"prmainchains.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prmainchains\.pages\.dev$/i"; classtype:trojan-activity; sid:37053261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname prmainchains.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| prmainchains.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prmainchains\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//prmainchains.pages.dev"; flow:to_server,established; http.header; content:"prmainchains.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname dl.immtooken.cc"; dns.query; content:"dl.immtooken.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dl\.immtooken\.cc$/i"; classtype:trojan-activity; sid:37053321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname dl.immtooken.cc"; flow:to_server,established; http.header; content: "Host|3a| dl.immtooken.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dl\.immtooken\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//dl.immtooken.cc"; flow:to_server,established; http.header; content:"dl.immtooken.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname immtooken.cc"; dns.query; content:"immtooken.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])immtooken\.cc$/i"; classtype:trojan-activity; sid:37053351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname immtooken.cc"; flow:to_server,established; http.header; content: "Host|3a| immtooken.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])immtooken\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//immtooken.cc"; flow:to_server,established; http.header; content:"immtooken.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname empireglasscompany-cro.pages.dev"; dns.query; content:"empireglasscompany-cro.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])empireglasscompany\-cro\.pages\.dev$/i"; classtype:trojan-activity; sid:37053381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname empireglasscompany-cro.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| empireglasscompany-cro.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])empireglasscompany\-cro\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//empireglasscompany-cro.pages.dev"; flow:to_server,established; http.header; content:"empireglasscompany-cro.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname yxu.pages.dev"; dns.query; content:"yxu.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yxu\.pages\.dev$/i"; classtype:trojan-activity; sid:37053411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname yxu.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yxu.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yxu\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//yxu.pages.dev"; flow:to_server,established; http.header; content:"yxu.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname nbz.pages.dev"; dns.query; content:"nbz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nbz\.pages\.dev$/i"; classtype:trojan-activity; sid:37053441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname nbz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nbz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nbz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//nbz.pages.dev"; flow:to_server,established; http.header; content:"nbz.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usps.shipcheck-servemu.top"; dns.query; content:"usps.shipcheck-servemu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.shipcheck\-servemu\.top$/i"; classtype:trojan-activity; sid:37053471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usps.shipcheck-servemu.top"; flow:to_server,established; http.header; content: "Host|3a| usps.shipcheck-servemu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.shipcheck\-servemu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//usps.shipcheck-servemu.top"; flow:to_server,established; http.header; content:"usps.shipcheck-servemu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname aaasss11qian.top"; dns.query; content:"aaasss11qian.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aaasss11qian\.top$/i"; classtype:trojan-activity; sid:37053501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname aaasss11qian.top"; flow:to_server,established; http.header; content: "Host|3a| aaasss11qian.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aaasss11qian\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//aaasss11qian.top"; flow:to_server,established; http.header; content:"aaasss11qian.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname lukamodricedomaingantedcongratulations3.pages.dev"; dns.query; content:"lukamodricedomaingantedcongratulations3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lukamodricedomaingantedcongratulations3\.pages\.dev$/i"; classtype:trojan-activity; sid:37053531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname lukamodricedomaingantedcongratulations3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| lukamodricedomaingantedcongratulations3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lukamodricedomaingantedcongratulations3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//lukamodricedomaingantedcongratulations3.pages.dev"; flow:to_server,established; http.header; content:"lukamodricedomaingantedcongratulations3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname lifestyleprecautionscorrectionsandreshapement.pages.dev"; dns.query; content:"lifestyleprecautionscorrectionsandreshapement.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lifestyleprecautionscorrectionsandreshapement\.pages\.dev$/i"; classtype:trojan-activity; sid:37053561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname lifestyleprecautionscorrectionsandreshapement.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| lifestyleprecautionscorrectionsandreshapement.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lifestyleprecautionscorrectionsandreshapement\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//lifestyleprecautionscorrectionsandreshapement.pages.dev"; flow:to_server,established; http.header; content:"lifestyleprecautionscorrectionsandreshapement.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usps.address-cargocheck.top"; dns.query; content:"usps.address-cargocheck.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.address\-cargocheck\.top$/i"; classtype:trojan-activity; sid:37053621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usps.address-cargocheck.top"; flow:to_server,established; http.header; content: "Host|3a| usps.address-cargocheck.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.address\-cargocheck\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//usps.address-cargocheck.top"; flow:to_server,established; http.header; content:"usps.address-cargocheck.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname domainbroadcastrealizationinternationalservice4.pages.dev"; dns.query; content:"domainbroadcastrealizationinternationalservice4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])domainbroadcastrealizationinternationalservice4\.pages\.dev$/i"; classtype:trojan-activity; sid:37053651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname domainbroadcastrealizationinternationalservice4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| domainbroadcastrealizationinternationalservice4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])domainbroadcastrealizationinternationalservice4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//domainbroadcastrealizationinternationalservice4.pages.dev"; flow:to_server,established; http.header; content:"domainbroadcastrealizationinternationalservice4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tinyurl.com/yc5aw5m3"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/yc5aw5m3"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname s67s83sfa5262t72er2ww2562a0029aldag338sh.pages.dev"; dns.query; content:"s67s83sfa5262t72er2ww2562a0029aldag338sh.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s67s83sfa5262t72er2ww2562a0029aldag338sh\.pages\.dev$/i"; classtype:trojan-activity; sid:37053711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname s67s83sfa5262t72er2ww2562a0029aldag338sh.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| s67s83sfa5262t72er2ww2562a0029aldag338sh.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s67s83sfa5262t72er2ww2562a0029aldag338sh\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//s67s83sfa5262t72er2ww2562a0029aldag338sh.pages.dev"; flow:to_server,established; http.header; content:"s67s83sfa5262t72er2ww2562a0029aldag338sh.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname smmj0.mjt.lu"; dns.query; content:"smmj0.mjt.lu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smmj0\.mjt\.lu$/i"; classtype:trojan-activity; sid:37053771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname smmj0.mjt.lu"; flow:to_server,established; http.header; content: "Host|3a| smmj0.mjt.lu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smmj0\.mjt\.lu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tinyurl.com/evw8t8vd"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/evw8t8vd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname sec.dv-tube.com"; dns.query; content:"sec.dv-tube.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sec\.dv\-tube\.com$/i"; classtype:trojan-activity; sid:37053861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname sec.dv-tube.com"; flow:to_server,established; http.header; content: "Host|3a| sec.dv-tube.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sec\.dv\-tube\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//sec.dv-tube.com"; flow:to_server,established; http.header; content:"sec.dv-tube.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname asvall.fr"; dns.query; content:"asvall.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asvall\.fr$/i"; classtype:trojan-activity; sid:37053891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname asvall.fr"; flow:to_server,established; http.header; content: "Host|3a| asvall.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asvall\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname plain-dust-3b66.wkeech.workers.dev"; dns.query; content:"plain-dust-3b66.wkeech.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])plain\-dust\-3b66\.wkeech\.workers\.dev$/i"; classtype:trojan-activity; sid:37053951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname plain-dust-3b66.wkeech.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| plain-dust-3b66.wkeech.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])plain\-dust\-3b66\.wkeech\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//plain-dust-3b66.wkeech.workers.dev/"; flow:to_server,established; http.header; content:"plain-dust-3b66.wkeech.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37053961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname ssolutionmartin.com"; dns.query; content:"ssolutionmartin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ssolutionmartin\.com$/i"; classtype:trojan-activity; sid:37053981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname ssolutionmartin.com"; flow:to_server,established; http.header; content: "Host|3a| ssolutionmartin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ssolutionmartin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37053982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname tokenpbqket.ist"; dns.query; content:"tokenpbqket.ist"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.ist$/i"; classtype:trojan-activity; sid:37054011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname tokenpbqket.ist"; flow:to_server,established; http.header; content: "Host|3a| tokenpbqket.ist"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.ist[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname scazzx.cn"; dns.query; content:"scazzx.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scazzx\.cn$/i"; classtype:trojan-activity; sid:37054041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname scazzx.cn"; flow:to_server,established; http.header; content: "Host|3a| scazzx.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scazzx\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//scazzx.cn"; flow:to_server,established; http.header; content:"scazzx.cn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37054051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname pc.tokenpokce.com"; dns.query; content:"pc.tokenpokce.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pc\.tokenpokce\.com$/i"; classtype:trojan-activity; sid:37054071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname pc.tokenpokce.com"; flow:to_server,established; http.header; content: "Host|3a| pc.tokenpokce.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pc\.tokenpokce\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname imtoken.support"; dns.query; content:"imtoken.support"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\.support$/i"; classtype:trojan-activity; sid:37054101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname imtoken.support"; flow:to_server,established; http.header; content: "Host|3a| imtoken.support"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\.support[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//imtoken.support"; flow:to_server,established; http.header; content:"imtoken.support"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37054111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname tokenpokcn.com"; dns.query; content:"tokenpokcn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpokcn\.com$/i"; classtype:trojan-activity; sid:37054131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname tokenpokcn.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpokcn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpokcn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tokenpokcn.com"; flow:to_server,established; http.header; content:"tokenpokcn.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37054141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname nvk.pages.dev"; dns.query; content:"nvk.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nvk\.pages\.dev$/i"; classtype:trojan-activity; sid:37054161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname nvk.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nvk.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nvk\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//nvk.pages.dev"; flow:to_server,established; http.header; content:"nvk.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37054171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname privat.moon-offc.biz.id"; dns.query; content:"privat.moon-offc.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])privat\.moon\-offc\.biz\.id$/i"; classtype:trojan-activity; sid:37054191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname privat.moon-offc.biz.id"; flow:to_server,established; http.header; content: "Host|3a| privat.moon-offc.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])privat\.moon\-offc\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//privat.moon-offc.biz.id"; flow:to_server,established; http.header; content:"privat.moon-offc.biz.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37054201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname barbarabakerrealty.pages.dev"; dns.query; content:"barbarabakerrealty.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])barbarabakerrealty\.pages\.dev$/i"; classtype:trojan-activity; sid:37054221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname barbarabakerrealty.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| barbarabakerrealty.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])barbarabakerrealty\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//barbarabakerrealty.pages.dev"; flow:to_server,established; http.header; content:"barbarabakerrealty.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37054231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname tokenpbeket.run"; dns.query; content:"tokenpbeket.run"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbeket\.run$/i"; classtype:trojan-activity; sid:37054251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname tokenpbeket.run"; flow:to_server,established; http.header; content: "Host|3a| tokenpbeket.run"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbeket\.run[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tokenpbeket.run"; flow:to_server,established; http.header; content:"tokenpbeket.run"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37054261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname yashkainth.github.io"; dns.query; content:"yashkainth.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yashkainth\.github\.io$/i"; classtype:trojan-activity; sid:37054281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname yashkainth.github.io"; flow:to_server,established; http.header; content: "Host|3a| yashkainth.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yashkainth\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname olpl.org"; dns.query; content:"olpl.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])olpl\.org$/i"; classtype:trojan-activity; sid:37054311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname olpl.org"; flow:to_server,established; http.header; content: "Host|3a| olpl.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])olpl\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wood-82c2.jayden1077.workers.dev"; dns.query; content:"wood-82c2.jayden1077.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev$/i"; classtype:trojan-activity; sid:37054341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wood-82c2.jayden1077.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wood-82c2.jayden1077.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wood-82c2.jayden1077.workers.dev"; dns.query; content:"wood-82c2.jayden1077.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev$/i"; classtype:trojan-activity; sid:37054371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wood-82c2.jayden1077.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wood-82c2.jayden1077.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wood-82c2.jayden1077.workers.dev"; dns.query; content:"wood-82c2.jayden1077.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev$/i"; classtype:trojan-activity; sid:37054401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wood-82c2.jayden1077.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wood-82c2.jayden1077.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wood-82c2.jayden1077.workers.dev"; dns.query; content:"wood-82c2.jayden1077.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev$/i"; classtype:trojan-activity; sid:37054431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wood-82c2.jayden1077.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wood-82c2.jayden1077.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wood-82c2.jayden1077.workers.dev"; dns.query; content:"wood-82c2.jayden1077.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev$/i"; classtype:trojan-activity; sid:37054461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wood-82c2.jayden1077.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wood-82c2.jayden1077.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wood-82c2.jayden1077.workers.dev"; dns.query; content:"wood-82c2.jayden1077.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev$/i"; classtype:trojan-activity; sid:37054491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wood-82c2.jayden1077.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wood-82c2.jayden1077.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wood-82c2.jayden1077.workers.dev"; dns.query; content:"wood-82c2.jayden1077.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev$/i"; classtype:trojan-activity; sid:37054521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wood-82c2.jayden1077.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wood-82c2.jayden1077.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wood-82c2.jayden1077.workers.dev"; dns.query; content:"wood-82c2.jayden1077.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev$/i"; classtype:trojan-activity; sid:37054551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wood-82c2.jayden1077.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wood-82c2.jayden1077.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname wood-82c2.jayden1077.workers.dev"; dns.query; content:"wood-82c2.jayden1077.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev$/i"; classtype:trojan-activity; sid:37054581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname wood-82c2.jayden1077.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wood-82c2.jayden1077.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wood\-82c2\.jayden1077\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname webde-100241.weeblysite.com"; dns.query; content:"webde-100241.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webde\-100241\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37054611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname webde-100241.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| webde-100241.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webde\-100241\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uspc.usspnn.top"; dns.query; content:"uspc.usspnn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspnn\.top$/i"; classtype:trojan-activity; sid:37054641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uspc.usspnn.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspnn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspnn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegram.telepool.link"; dns.query; content:"telegram.telepool.link"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.telepool\.link$/i"; classtype:trojan-activity; sid:37054671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegram.telepool.link"; flow:to_server,established; http.header; content: "Host|3a| telegram.telepool.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.telepool\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname klc.pages.dev"; dns.query; content:"klc.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klc\.pages\.dev$/i"; classtype:trojan-activity; sid:37054701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname klc.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| klc.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klc\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname klc.pages.dev"; dns.query; content:"klc.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klc\.pages\.dev$/i"; classtype:trojan-activity; sid:37054731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname klc.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| klc.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klc\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname kampanjasuomi.com"; dns.query; content:"kampanjasuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kampanjasuomi\.com$/i"; classtype:trojan-activity; sid:37054761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname kampanjasuomi.com"; flow:to_server,established; http.header; content: "Host|3a| kampanjasuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kampanjasuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname grupwasayj.terbaru-2023.com"; dns.query; content:"grupwasayj.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwasayj\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37054791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname grupwasayj.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| grupwasayj.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwasayj\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname frosty-document-5022.dscgs8xo.workers.dev"; dns.query; content:"frosty-document-5022.dscgs8xo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev$/i"; classtype:trojan-activity; sid:37054821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname frosty-document-5022.dscgs8xo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| frosty-document-5022.dscgs8xo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname frosty-document-5022.dscgs8xo.workers.dev"; dns.query; content:"frosty-document-5022.dscgs8xo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev$/i"; classtype:trojan-activity; sid:37054851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname frosty-document-5022.dscgs8xo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| frosty-document-5022.dscgs8xo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname frosty-document-5022.dscgs8xo.workers.dev"; dns.query; content:"frosty-document-5022.dscgs8xo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev$/i"; classtype:trojan-activity; sid:37054881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname frosty-document-5022.dscgs8xo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| frosty-document-5022.dscgs8xo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname sekue.jekar.my.id"; dns.query; content:"sekue.jekar.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sekue\.jekar\.my\.id$/i"; classtype:trojan-activity; sid:37054911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname sekue.jekar.my.id"; flow:to_server,established; http.header; content: "Host|3a| sekue.jekar.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sekue\.jekar\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//sekue.jekar.my.id"; flow:to_server,established; http.header; content:"sekue.jekar.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37054921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname rnconsulting.pages.dev"; dns.query; content:"rnconsulting.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rnconsulting\.pages\.dev$/i"; classtype:trojan-activity; sid:37054941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname rnconsulting.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| rnconsulting.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rnconsulting\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//rnconsulting.pages.dev"; flow:to_server,established; http.header; content:"rnconsulting.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37054951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname cose.pages.dev"; dns.query; content:"cose.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cose\.pages\.dev$/i"; classtype:trojan-activity; sid:37054971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname cose.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| cose.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cose\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37054972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname instagramaccounterrorakaashar.blogspot.com"; dns.query; content:"instagramaccounterrorakaashar.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramaccounterrorakaashar\.blogspot\.com$/i"; classtype:trojan-activity; sid:37055001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname instagramaccounterrorakaashar.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| instagramaccounterrorakaashar.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramaccounterrorakaashar\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname pub-31a533598f5544fbb23b48d41101e33d.r2.dev"; dns.query; content:"pub-31a533598f5544fbb23b48d41101e33d.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-31a533598f5544fbb23b48d41101e33d\.r2\.dev$/i"; classtype:trojan-activity; sid:37055031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname pub-31a533598f5544fbb23b48d41101e33d.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-31a533598f5544fbb23b48d41101e33d.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-31a533598f5544fbb23b48d41101e33d\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//pub-31a533598f5544fbb23b48d41101e33d.r2.dev/accepting.html"; flow:to_server,established; http.header; content:"pub-31a533598f5544fbb23b48d41101e33d.r2.dev"; fast_pattern; nocase; http.uri; content:"/accepting.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname pancakeeswap.com"; dns.query; content:"pancakeeswap.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pancakeeswap\.com$/i"; classtype:trojan-activity; sid:37055061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname pancakeeswap.com"; flow:to_server,established; http.header; content: "Host|3a| pancakeeswap.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pancakeeswap\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//pancakeeswap.com"; flow:to_server,established; http.header; content:"pancakeeswap.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname instagramaccounterrorakaashar.blogspot.com.uy"; dns.query; content:"instagramaccounterrorakaashar.blogspot.com.uy"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramaccounterrorakaashar\.blogspot\.com\.uy$/i"; classtype:trojan-activity; sid:37055091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname instagramaccounterrorakaashar.blogspot.com.uy"; flow:to_server,established; http.header; content: "Host|3a| instagramaccounterrorakaashar.blogspot.com.uy"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramaccounterrorakaashar\.blogspot\.com\.uy[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//instagramaccounterrorakaashar.blogspot.com.uy"; flow:to_server,established; http.header; content:"instagramaccounterrorakaashar.blogspot.com.uy"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname erudicaoinvestimentos.com.br"; dns.query; content:"erudicaoinvestimentos.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])erudicaoinvestimentos\.com\.br$/i"; classtype:trojan-activity; sid:37055121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname erudicaoinvestimentos.com.br"; flow:to_server,established; http.header; content: "Host|3a| erudicaoinvestimentos.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])erudicaoinvestimentos\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37055151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname pub-1e4f523fe3cb46e987453e942dc4ddc7.r2.dev"; dns.query; content:"pub-1e4f523fe3cb46e987453e942dc4ddc7.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-1e4f523fe3cb46e987453e942dc4ddc7\.r2\.dev$/i"; classtype:trojan-activity; sid:37055181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname pub-1e4f523fe3cb46e987453e942dc4ddc7.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-1e4f523fe3cb46e987453e942dc4ddc7.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-1e4f523fe3cb46e987453e942dc4ddc7\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname pub-dc250bebd543436e98813f391cf7aaa0.r2.dev"; dns.query; content:"pub-dc250bebd543436e98813f391cf7aaa0.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-dc250bebd543436e98813f391cf7aaa0\.r2\.dev$/i"; classtype:trojan-activity; sid:37055211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname pub-dc250bebd543436e98813f391cf7aaa0.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-dc250bebd543436e98813f391cf7aaa0.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-dc250bebd543436e98813f391cf7aaa0\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//pub-dc250bebd543436e98813f391cf7aaa0.r2.dev/networt.html"; flow:to_server,established; http.header; content:"pub-dc250bebd543436e98813f391cf7aaa0.r2.dev"; fast_pattern; nocase; http.uri; content:"/networt.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname adminuser.telegamkf.icu"; dns.query; content:"adminuser.telegamkf.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.telegamkf\.icu$/i"; classtype:trojan-activity; sid:37055241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname adminuser.telegamkf.icu"; flow:to_server,established; http.header; content: "Host|3a| adminuser.telegamkf.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.telegamkf\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname a.365k240202.xyz"; dns.query; content:"a.365k240202.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])a\.365k240202\.xyz$/i"; classtype:trojan-activity; sid:37055271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname a.365k240202.xyz"; flow:to_server,established; http.header; content: "Host|3a| a.365k240202.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])a\.365k240202\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//a.365k240202.xyz"; flow:to_server,established; http.header; content:"a.365k240202.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname bitter-pond-1c3e.setupmails.workers.dev"; dns.query; content:"bitter-pond-1c3e.setupmails.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bitter\-pond\-1c3e\.setupmails\.workers\.dev$/i"; classtype:trojan-activity; sid:37055301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname bitter-pond-1c3e.setupmails.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| bitter-pond-1c3e.setupmails.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bitter\-pond\-1c3e\.setupmails\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//bitter-pond-1c3e.setupmails.workers.dev"; flow:to_server,established; http.header; content:"bitter-pond-1c3e.setupmails.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname tzcdn.pages.dev"; dns.query; content:"tzcdn.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tzcdn\.pages\.dev$/i"; classtype:trojan-activity; sid:37055331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname tzcdn.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| tzcdn.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tzcdn\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//tzcdn.pages.dev"; flow:to_server,established; http.header; content:"tzcdn.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname uispsa.com"; dns.query; content:"uispsa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uispsa\.com$/i"; classtype:trojan-activity; sid:37055361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname uispsa.com"; flow:to_server,established; http.header; content: "Host|3a| uispsa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uispsa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//uispsa.com"; flow:to_server,established; http.header; content:"uispsa.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname voo.pages.dev"; dns.query; content:"voo.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])voo\.pages\.dev$/i"; classtype:trojan-activity; sid:37055391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname voo.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| voo.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])voo\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//voo.pages.dev"; flow:to_server,established; http.header; content:"voo.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname pahdi2hd829.tulisku.my.id"; dns.query; content:"pahdi2hd829.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pahdi2hd829\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37055421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname pahdi2hd829.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| pahdi2hd829.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pahdi2hd829\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//pahdi2hd829.tulisku.my.id"; flow:to_server,established; http.header; content:"pahdi2hd829.tulisku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname dbw69db8w10.tulisku.my.id"; dns.query; content:"dbw69db8w10.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dbw69db8w10\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37055451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname dbw69db8w10.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| dbw69db8w10.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dbw69db8w10\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//dbw69db8w10.tulisku.my.id"; flow:to_server,established; http.header; content:"dbw69db8w10.tulisku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname sp129990.sitebeat.crazydomains.com"; dns.query; content:"sp129990.sitebeat.crazydomains.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sp129990\.sitebeat\.crazydomains\.com$/i"; classtype:trojan-activity; sid:37055481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname sp129990.sitebeat.crazydomains.com"; flow:to_server,established; http.header; content: "Host|3a| sp129990.sitebeat.crazydomains.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sp129990\.sitebeat\.crazydomains\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname identifiez-vousf.hubside.fr"; dns.query; content:"identifiez-vousf.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifiez\-vousf\.hubside\.fr$/i"; classtype:trojan-activity; sid:37055541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname identifiez-vousf.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| identifiez-vousf.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifiez\-vousf\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usps-vip.top"; dns.query; content:"usps-vip.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-vip\.top$/i"; classtype:trojan-activity; sid:37055571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usps-vip.top"; flow:to_server,established; http.header; content: "Host|3a| usps-vip.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-vip\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//usps-vip.top"; flow:to_server,established; http.header; content:"usps-vip.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname nodechains-sponge.pages.dev"; dns.query; content:"nodechains-sponge.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechains\-sponge\.pages\.dev$/i"; classtype:trojan-activity; sid:37055601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname nodechains-sponge.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nodechains-sponge.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechains\-sponge\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//nodechains-sponge.pages.dev"; flow:to_server,established; http.header; content:"nodechains-sponge.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname usps.aaaddyy.cc"; dns.query; content:"usps.aaaddyy.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.aaaddyy\.cc$/i"; classtype:trojan-activity; sid:37055631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname usps.aaaddyy.cc"; flow:to_server,established; http.header; content: "Host|3a| usps.aaaddyy.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.aaaddyy\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//usps.aaaddyy.cc"; flow:to_server,established; http.header; content:"usps.aaaddyy.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname infos-mail.hubside.fr"; dns.query; content:"infos-mail.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])infos\-mail\.hubside\.fr$/i"; classtype:trojan-activity; sid:37055661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname infos-mail.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| infos-mail.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])infos\-mail\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname messagerie4.weebly.com"; dns.query; content:"messagerie4.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])messagerie4\.weebly\.com$/i"; classtype:trojan-activity; sid:37055691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname messagerie4.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| messagerie4.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])messagerie4\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname identifiez-vous69.hubside.fr"; dns.query; content:"identifiez-vous69.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifiez\-vous69\.hubside\.fr$/i"; classtype:trojan-activity; sid:37055721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname identifiez-vous69.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| identifiez-vous69.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifiez\-vous69\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname swap-bsc.tokentool.club"; dns.query; content:"swap-bsc.tokentool.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swap\-bsc\.tokentool\.club$/i"; classtype:trojan-activity; sid:37055751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname swap-bsc.tokentool.club"; flow:to_server,established; http.header; content: "Host|3a| swap-bsc.tokentool.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swap\-bsc\.tokentool\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//swap-bsc.tokentool.club"; flow:to_server,established; http.header; content:"swap-bsc.tokentool.club"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname rpcrepair.pages.dev"; dns.query; content:"rpcrepair.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rpcrepair\.pages\.dev$/i"; classtype:trojan-activity; sid:37055781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname rpcrepair.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| rpcrepair.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rpcrepair\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//rpcrepair.pages.dev"; flow:to_server,established; http.header; content:"rpcrepair.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert dns any any -> any any (msg: "MISP e25918 [] Domain edgchizmetler2024.tech"; dns.query; content:"edgchizmetler2024.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-])edgchizmetler2024\.tech$/i"; classtype:trojan-activity; sid:37042881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25918;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25918 [] Outgoing HTTP Domain edgchizmetler2024.tech"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edgchizmetler2024.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edgchizmetler2024\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37042882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25918;) alert dns any any -> any any (msg: "MISP e25920 [] Hostname telegramsexmiranda.pages.dev"; dns.query; content:"telegramsexmiranda.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsexmiranda\.pages\.dev$/i"; classtype:trojan-activity; sid:37055811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25920 [] Outgoing HTTP Hostname telegramsexmiranda.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramsexmiranda.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsexmiranda\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37055812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25920 [] Outgoing URL http|3a|//telegramsexmiranda.pages.dev"; flow:to_server,established; http.header; content:"telegramsexmiranda.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37055821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25920;) alert ip $HOME_NET any -> 104.225.142.194 3790 (msg: "MISP e25952 [c2,Meterpreter] Outgoing To IP: 104.225.142.194|3790"; classtype:trojan-activity; sid:37058831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 103.86.130.83 443 (msg: "MISP e25952 [c2,Get2] Outgoing To IP: 103.86.130.83|443"; classtype:trojan-activity; sid:37058841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 103.86.130.83 443 (msg: "MISP e25944 [c2,Get2,misp:confidence-level="usually-confident"] Outgoing To IP: 103.86.130.83|443"; classtype:trojan-activity; sid:37057721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 104.225.142.194 3790 (msg: "MISP e25944 [c2,Meterpreter,misp:confidence-level="usually-confident"] Outgoing To IP: 104.225.142.194|3790"; classtype:trojan-activity; sid:37057731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 18.157.68.73 10445 (msg: "MISP e25952 [njrat] Outgoing To IP: 18.157.68.73|10445"; classtype:trojan-activity; sid:37058851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 18.197.239.5 10445 (msg: "MISP e25952 [njrat] Outgoing To IP: 18.197.239.5|10445"; classtype:trojan-activity; sid:37058861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 3.126.37.18 10445 (msg: "MISP e25952 [njrat] Outgoing To IP: 3.126.37.18|10445"; classtype:trojan-activity; sid:37058871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 18.156.13.209 10445 (msg: "MISP e25952 [njrat] Outgoing To IP: 18.156.13.209|10445"; classtype:trojan-activity; sid:37058881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 18.192.93.86 10445 (msg: "MISP e25952 [njrat] Outgoing To IP: 18.192.93.86|10445"; classtype:trojan-activity; sid:37058891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 3.127.138.57 10445 (msg: "MISP e25952 [njrat] Outgoing To IP: 3.127.138.57|10445"; classtype:trojan-activity; sid:37058901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 3.127.138.57 10445 (msg: "MISP e25944 [njrat,misp-galaxy:malpedia="NjRAT"] Outgoing To IP: 3.127.138.57|10445"; classtype:trojan-activity; sid:37057741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 18.192.93.86 10445 (msg: "MISP e25944 [njrat,misp-galaxy:malpedia="NjRAT"] Outgoing To IP: 18.192.93.86|10445"; classtype:trojan-activity; sid:37057751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 18.156.13.209 10445 (msg: "MISP e25944 [njrat,misp-galaxy:malpedia="NjRAT"] Outgoing To IP: 18.156.13.209|10445"; classtype:trojan-activity; sid:37057761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 3.126.37.18 10445 (msg: "MISP e25944 [njrat,misp-galaxy:malpedia="NjRAT"] Outgoing To IP: 3.126.37.18|10445"; classtype:trojan-activity; sid:37057771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 18.197.239.5 10445 (msg: "MISP e25944 [njrat,misp-galaxy:malpedia="NjRAT"] Outgoing To IP: 18.197.239.5|10445"; classtype:trojan-activity; sid:37057781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 18.157.68.73 10445 (msg: "MISP e25944 [njrat,misp-galaxy:malpedia="NjRAT"] Outgoing To IP: 18.157.68.73|10445"; classtype:trojan-activity; sid:37057791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> 213.109.202.161 $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//213.109.202.161"; flow:to_server,established; http.header; content:"213.109.202.161"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37057801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//basicincomeonline.com/api/connect"; flow:to_server,established; http.header; content:"basicincomeonline.com"; fast_pattern; nocase; http.uri; content:"/api/connect"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37057811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//basicincomeonline.com"; flow:to_server,established; http.header; content:"basicincomeonline.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37057821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//pngairservices.com"; flow:to_server,established; http.header; content:"pngairservices.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37057831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//gigeconomycase.com"; flow:to_server,established; http.header; content:"gigeconomycase.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37057841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.232.47.185 3790 (msg: "MISP e25952 [c2,Meterpreter] Outgoing To IP: 94.232.47.185|3790"; classtype:trojan-activity; sid:37058961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 1604 (msg: "MISP e25952 [c2,darkcomet] Outgoing To IP: 187.135.83.117|1604"; classtype:trojan-activity; sid:37058971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 1604 (msg: "MISP e25944 [c2,darkcomet,misp-galaxy:malpedia="DarkComet",misp:confidence-level="usually-confident"] Outgoing To IP: 187.135.83.117|1604"; classtype:trojan-activity; sid:37057851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.232.47.185 3790 (msg: "MISP e25944 [c2,Meterpreter,misp:confidence-level="usually-confident"] Outgoing To IP: 94.232.47.185|3790"; classtype:trojan-activity; sid:37057861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 192.236.162.234 80 (msg: "MISP e25944 [infostealer,LokiBot,stealer,misp-galaxy:malpedia="Loki",misp-galaxy:malpedia="LokiBot",misp-galaxy:malpedia="Loki Password Stealer (PWS)",misp:confidence-level="usually-confident"] Outgoing To IP: 192.236.162.234|80"; classtype:trojan-activity; sid:37057871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25896 [] Domain home-bancoitau-cl-bancoitau-cl-home-bancoitau-cl-bancoitau-cl.banestado-cl.sbs"; dns.query; content:"home-bancoitau-cl-bancoitau-cl-home-bancoitau-cl-bancoitau-cl.banestado-cl.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])home\-bancoitau\-cl\-bancoitau\-cl\-home\-bancoitau\-cl\-bancoitau\-cl\.banestado\-cl\.sbs$/i"; classtype:trojan-activity; sid:37041231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25896;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25896 [] Outgoing HTTP Domain home-bancoitau-cl-bancoitau-cl-home-bancoitau-cl-bancoitau-cl.banestado-cl.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"home-bancoitau-cl-bancoitau-cl-home-bancoitau-cl-bancoitau-cl.banestado-cl.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])home\-bancoitau\-cl\-bancoitau\-cl\-home\-bancoitau\-cl\-bancoitau\-cl\.banestado\-cl\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37041232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25896;) alert dns any any -> any any (msg: "MISP e25897 [] Domain looksoportelinea.com"; dns.query; content:"looksoportelinea.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])looksoportelinea\.com$/i"; classtype:trojan-activity; sid:37041331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25897;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25897 [] Outgoing HTTP Domain looksoportelinea.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"looksoportelinea.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])looksoportelinea\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37041332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25897;) alert ip $HOME_NET any -> 187.135.83.117 1741 (msg: "MISP e25952 [c2,darkcomet] Outgoing To IP: 187.135.83.117|1741"; classtype:trojan-activity; sid:37058981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 1741 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|1741"; classtype:trojan-activity; sid:37057881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 65.0.50.125 22220 (msg: "MISP e25952 [njrat] Outgoing To IP: 65.0.50.125|22220"; classtype:trojan-activity; sid:37058991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 65.0.50.125 22220 (msg: "MISP e25944 [] Outgoing To IP: 65.0.50.125|22220"; classtype:trojan-activity; sid:37057891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 37.120.247.104 443 (msg: "MISP e25952 [Backconnect] Outgoing To IP: 37.120.247.104|443"; classtype:trojan-activity; sid:37059001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.255.119.56 443 (msg: "MISP e25952 [Backconnect] Outgoing To IP: 5.255.119.56|443"; classtype:trojan-activity; sid:37059011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.232.45.52 443 (msg: "MISP e25952 [Backconnect] Outgoing To IP: 94.232.45.52|443"; classtype:trojan-activity; sid:37059021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 46.105.141.60 443 (msg: "MISP e25952 [Backconnect] Outgoing To IP: 46.105.141.60|443"; classtype:trojan-activity; sid:37059031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.232.45.52 443 (msg: "MISP e25944 [] Outgoing To IP: 94.232.45.52|443"; classtype:trojan-activity; sid:37057901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 46.105.141.60 443 (msg: "MISP e25944 [] Outgoing To IP: 46.105.141.60|443"; classtype:trojan-activity; sid:37057911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 37.120.247.104 443 (msg: "MISP e25944 [] Outgoing To IP: 37.120.247.104|443"; classtype:trojan-activity; sid:37057921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.255.119.56 443 (msg: "MISP e25944 [] Outgoing To IP: 5.255.119.56|443"; classtype:trojan-activity; sid:37057931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.196.8.220 80 (msg: "MISP e25952 [c2,cobalt_strike] Outgoing To IP: 185.196.8.220|80"; classtype:trojan-activity; sid:37059041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 185.196.8.220 80 (msg: "MISP e25944 [] Outgoing To IP: 185.196.8.220|80"; classtype:trojan-activity; sid:37057941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [AZORult] Outgoing URL http|3a|//bmld.shop/bm341/index.php"; flow:to_server,established; http.header; content:"bmld.shop"; fast_pattern; nocase; http.uri; content:"/bm341/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37059051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [] Outgoing URL http|3a|//basicincomeonline.com/api/connect"; flow:to_server,established; http.header; content:"basicincomeonline.com"; fast_pattern; nocase; http.uri; content:"/api/connect"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37058941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> 213.109.202.161 $HTTP_PORTS (msg: "MISP e25952 [] Outgoing URL http|3a|//213.109.202.161"; flow:to_server,established; http.header; content:"213.109.202.161"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37058951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [SmartApeSG] Outgoing URL http|3a|//gigeconomycase.com"; flow:to_server,established; http.header; content:"gigeconomycase.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37058911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [SmartApeSG] Outgoing URL http|3a|//pngairservices.com"; flow:to_server,established; http.header; content:"pngairservices.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37058921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [] Outgoing URL http|3a|//basicincomeonline.com"; flow:to_server,established; http.header; content:"basicincomeonline.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37058931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 91.92.246.148 3362 (msg: "MISP e25952 [infostealer,RedLine,stealer] Outgoing To IP: 91.92.246.148|3362"; classtype:trojan-activity; sid:37058801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 216.218.135.118 9583 (msg: "MISP e25952 [NanoCore,RAT] Outgoing To IP: 216.218.135.118|9583"; classtype:trojan-activity; sid:37058821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> 193.233.132.73 $HTTP_PORTS (msg: "MISP e25952 [opendir] Outgoing URL http|3a|//193.233.132.73/gjvjls3jd2v/login.php"; flow:to_server,established; http.header; content:"193.233.132.73"; fast_pattern; nocase; http.uri; content:"/gjvjls3jd2v/login.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37058791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 37.60.227.156 7 (msg: "MISP e25952 [Gafgyt] Outgoing To IP: 37.60.227.156|7"; classtype:trojan-activity; sid:37058811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//bmld.shop/BM341/index.php"; flow:to_server,established; http.header; content:"bmld.shop"; fast_pattern; nocase; http.uri; content:"/BM341/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37057951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 191.252.214.5 7443 (msg: "MISP e25952 [Covenant,Locaweb Servicos de Internet SA] Outgoing To IP: 191.252.214.5|7443"; classtype:trojan-activity; sid:37059061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e24599 [] Outgoing URL http|3a|//srv207812.hoster-test.ru/js/an/spc"; flow:to_server,established; http.header; content:"srv207812.hoster-test.ru"; fast_pattern; nocase; http.uri; content:"/js/an/spc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37086291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e24599 [] Outgoing URL http|3a|//srv207812.hoster-test.ru/js/an/spc/trap.php"; flow:to_server,established; http.header; content:"srv207812.hoster-test.ru"; fast_pattern; nocase; http.uri; content:"/js/an/spc/trap.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37086301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert ip $HOME_NET any -> 45.33.59.99 10724 (msg: "MISP e25952 [AKAMAI-LINODE-AP Akamai Connected Cloud,Deimos] Outgoing To IP: 45.33.59.99|10724"; classtype:trojan-activity; sid:37059071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 65.153.151.175 10010 (msg: "MISP e25952 [CENTURYLINK-US-LEGACY-QWEST,Deimos] Outgoing To IP: 65.153.151.175|10010"; classtype:trojan-activity; sid:37059081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 119.190.136.165 9000 (msg: "MISP e25952 [CHINA169-BACKBONE CHINA UNICOM China169 Backbone,Deimos] Outgoing To IP: 119.190.136.165|9000"; classtype:trojan-activity; sid:37059091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 220.77.118.115 53 (msg: "MISP e25952 [Bianlian Go Trojan,KIXS-AS-KR Korea Telecom] Outgoing To IP: 220.77.118.115|53"; classtype:trojan-activity; sid:37059101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 23.229.31.21 25623 (msg: "MISP e25952 [Bianlian Go Trojan,SERVER-MANIA] Outgoing To IP: 23.229.31.21|25623"; classtype:trojan-activity; sid:37059111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 164.90.233.164 443 (msg: "MISP e25952 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 164.90.233.164|443"; classtype:trojan-activity; sid:37059121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 172.105.14.104 443 (msg: "MISP e25952 [AKAMAI-LINODE-AP Akamai Connected Cloud,Havoc] Outgoing To IP: 172.105.14.104|443"; classtype:trojan-activity; sid:37059131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 138.68.169.56 445 (msg: "MISP e25952 [DIGITALOCEAN-ASN,Responder] Outgoing To IP: 138.68.169.56|445"; classtype:trojan-activity; sid:37059141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 71.187.88.67 445 (msg: "MISP e25952 [Responder,UUNET] Outgoing To IP: 71.187.88.67|445"; classtype:trojan-activity; sid:37059151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 149.28.94.80 445 (msg: "MISP e25952 [AS-CHOOPA,Responder] Outgoing To IP: 149.28.94.80|445"; classtype:trojan-activity; sid:37059161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 86.98.222.105 443 (msg: "MISP e25952 [EMIRATES-INTERNET Emirates Internet,QakBot] Outgoing To IP: 86.98.222.105|443"; classtype:trojan-activity; sid:37059171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 67.71.30.49 2078 (msg: "MISP e25952 [BACOM,QakBot] Outgoing To IP: 67.71.30.49|2078"; classtype:trojan-activity; sid:37059181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 178.73.218.6 2222 (msg: "MISP e25952 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 178.73.218.6|2222"; classtype:trojan-activity; sid:37059191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 46.246.84.13 2222 (msg: "MISP e25952 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.84.13|2222"; classtype:trojan-activity; sid:37059201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 194.156.98.232 8888 (msg: "MISP e25952 [STARK-INDUSTRIES,Supershell] Outgoing To IP: 194.156.98.232|8888"; classtype:trojan-activity; sid:37059211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 194.156.98.232 8888 (msg: "MISP e25944 [] Outgoing To IP: 194.156.98.232|8888"; classtype:trojan-activity; sid:37057961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 46.246.84.13 2222 (msg: "MISP e25944 [] Outgoing To IP: 46.246.84.13|2222"; classtype:trojan-activity; sid:37057971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 178.73.218.6 2222 (msg: "MISP e25944 [] Outgoing To IP: 178.73.218.6|2222"; classtype:trojan-activity; sid:37057981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 67.71.30.49 2078 (msg: "MISP e25944 [] Outgoing To IP: 67.71.30.49|2078"; classtype:trojan-activity; sid:37057991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 86.98.222.105 443 (msg: "MISP e25944 [] Outgoing To IP: 86.98.222.105|443"; classtype:trojan-activity; sid:37058001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 149.28.94.80 445 (msg: "MISP e25944 [] Outgoing To IP: 149.28.94.80|445"; classtype:trojan-activity; sid:37058011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 71.187.88.67 445 (msg: "MISP e25944 [] Outgoing To IP: 71.187.88.67|445"; classtype:trojan-activity; sid:37058021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 138.68.169.56 445 (msg: "MISP e25944 [] Outgoing To IP: 138.68.169.56|445"; classtype:trojan-activity; sid:37058031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 172.105.14.104 443 (msg: "MISP e25944 [] Outgoing To IP: 172.105.14.104|443"; classtype:trojan-activity; sid:37058041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 164.90.233.164 443 (msg: "MISP e25944 [] Outgoing To IP: 164.90.233.164|443"; classtype:trojan-activity; sid:37058051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 23.229.31.21 25623 (msg: "MISP e25944 [] Outgoing To IP: 23.229.31.21|25623"; classtype:trojan-activity; sid:37058061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 220.77.118.115 53 (msg: "MISP e25944 [] Outgoing To IP: 220.77.118.115|53"; classtype:trojan-activity; sid:37058071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 119.190.136.165 9000 (msg: "MISP e25944 [] Outgoing To IP: 119.190.136.165|9000"; classtype:trojan-activity; sid:37058081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 65.153.151.175 10010 (msg: "MISP e25944 [] Outgoing To IP: 65.153.151.175|10010"; classtype:trojan-activity; sid:37058091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.33.59.99 10724 (msg: "MISP e25944 [] Outgoing To IP: 45.33.59.99|10724"; classtype:trojan-activity; sid:37058101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 191.252.214.5 7443 (msg: "MISP e25944 [] Outgoing To IP: 191.252.214.5|7443"; classtype:trojan-activity; sid:37058111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 89.249.73.162 2479 (msg: "MISP e25952 [remcos] Outgoing To IP: 89.249.73.162|2479"; classtype:trojan-activity; sid:37059221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> 103.183.115.241 $HTTP_PORTS (msg: "MISP e25991 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//103.183.115.241/mrjLCDj56.bin"; flow:to_server,established; http.header; content:"103.183.115.241"; fast_pattern; nocase; http.uri; content:"/mrjLCDj56.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37069181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25991;) alert ip $HOME_NET any -> 89.249.73.162 2479 (msg: "MISP e25944 [] Outgoing To IP: 89.249.73.162|2479"; classtype:trojan-activity; sid:37058121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25991 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//vitalikcreatedethereumtobethenewworldorderscurrency.shop/get/65c135ea46010d3a322091da"; flow:to_server,established; http.header; content:"vitalikcreatedethereumtobethenewworldorderscurrency.shop"; fast_pattern; nocase; http.uri; content:"/get/65c135ea46010d3a322091da"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37069191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25991;) alert http $HOME_NET any -> 192.3.176.142 $HTTP_PORTS (msg: "MISP e25989 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//192.3.176.142/ugcu/Microsoftaianterioerdesigntrackingnewproteocoltoentireprocessupdationcompletewithnewofficeup.doC"; flow:to_server,established; http.header; content:"192.3.176.142"; fast_pattern; nocase; http.uri; content:"/ugcu/Microsoftaianterioerdesigntrackingnewproteocoltoentireprocessupdationcompletewithnewofficeup.doC"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37069031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25989;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25925 [] Outgoing URL http|3a|//nlbklik.06-02-si.is-certified.com/"; flow:to_server,established; http.header; content:"nlbklik.06-02-si.is-certified.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37056411; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/25925;) alert ip $HOME_NET any -> 18.198.77.177 19762 (msg: "MISP e25952 [njrat] Outgoing To IP: 18.198.77.177|19762"; classtype:trojan-activity; sid:37059231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 35.158.159.254 19762 (msg: "MISP e25952 [njrat] Outgoing To IP: 35.158.159.254|19762"; classtype:trojan-activity; sid:37059241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 3.127.59.75 19762 (msg: "MISP e25952 [njrat] Outgoing To IP: 3.127.59.75|19762"; classtype:trojan-activity; sid:37059251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 35.158.159.254 19762 (msg: "MISP e25944 [] Outgoing To IP: 35.158.159.254|19762"; classtype:trojan-activity; sid:37224651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 3.127.59.75 19762 (msg: "MISP e25944 [] Outgoing To IP: 3.127.59.75|19762"; classtype:trojan-activity; sid:37224661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 18.198.77.177 19762 (msg: "MISP e25944 [] Outgoing To IP: 18.198.77.177|19762"; classtype:trojan-activity; sid:37224671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> 172.245.214.91 $HTTP_PORTS (msg: "MISP e25989 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//172.245.214.91/vbsmicrosoftdesignballonprocesstoupdatenewprojectthroughentireplatformwhattheyhave.doC"; flow:to_server,established; http.header; content:"172.245.214.91"; fast_pattern; nocase; http.uri; content:"/vbsmicrosoftdesignballonprocesstoupdatenewprojectthroughentireplatformwhattheyhave.doC"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37069041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25989;) alert http $HOME_NET any -> 172.245.214.91 $HTTP_PORTS (msg: "MISP e25989 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//172.245.214.91/mangero.vbs"; flow:to_server,established; http.header; content:"172.245.214.91"; fast_pattern; nocase; http.uri; content:"/mangero.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37069051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25989;) alert http $HOME_NET any -> 117.50.162.183 $HTTP_PORTS (msg: "MISP e25952 [China Mobile Communications Group Co. Ltd.,CobaltStrike,cs-watermark-1234567890] Outgoing URL http|3a|//117.50.162.183/cm"; flow:to_server,established; http.header; content:"117.50.162.183"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37059261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 117.50.162.183 80 (msg: "MISP e25952 [China Mobile Communications Group Co. Ltd.,CobaltStrike,cs-watermark-1234567890] Outgoing To IP: 117.50.162.183|80"; classtype:trojan-activity; sid:37059271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> 117.50.162.183 $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//117.50.162.183/cm"; flow:to_server,established; http.header; content:"117.50.162.183"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37224681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 117.50.162.183 80 (msg: "MISP e25944 [] Outgoing To IP: 117.50.162.183|80"; classtype:trojan-activity; sid:37224691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.236.228.203 2024 (msg: "MISP e25952 [remcos] Outgoing To IP: 185.236.228.203|2024"; classtype:trojan-activity; sid:37059281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> 161.97.132.85 7080 (msg: "MISP e25944 [] Outgoing URL http|3a|//161.97.132.85|3a|7080"; flow:to_server,established; http.header; content:"161.97.132.85"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37224721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//masjidalfurqon.id"; flow:to_server,established; http.header; content:"masjidalfurqon.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37224731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.236.228.203 2024 (msg: "MISP e25944 [] Outgoing To IP: 185.236.228.203|2024"; classtype:trojan-activity; sid:37224761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> 161.97.132.85 7080 (msg: "MISP e25952 [FakeMcafee,fakeupdates] Outgoing URL http|3a|//161.97.132.85|3a|7080"; flow:to_server,established; http.header; content:"161.97.132.85"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37059321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [FakeMcafee,fakeupdates] Outgoing URL http|3a|//masjidalfurqon.id"; flow:to_server,established; http.header; content:"masjidalfurqon.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37059311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert tls any any -> any any (msg: "MISP e26084 [] JA3 Hash: 339f6adf54e6076d069dcaac54fddc25"; ja3.hash; content:"339f6adf54e6076d069dcaac54fddc25"; fast_pattern; tag:session,600,seconds; classtype:trojan-activity; sid:37126891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26084;) alert http $HOME_NET any -> 159.89.175.38 $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//159.89.175.38/"; flow:to_server,established; http.header; content:"159.89.175.38"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37224771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.47 61616 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.47|61616"; classtype:trojan-activity; sid:37224781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.19 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.19|61616"; classtype:trojan-activity; sid:37224791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.42 1332 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.42|1332"; classtype:trojan-activity; sid:37224801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.26 1303 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.26|1303"; classtype:trojan-activity; sid:37224811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.28 1291 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.28|1291"; classtype:trojan-activity; sid:37224821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.43 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.43|61616"; classtype:trojan-activity; sid:37224831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.36 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.36|61616"; classtype:trojan-activity; sid:37224841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.45 1433 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.45|1433"; classtype:trojan-activity; sid:37224851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.50 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.50|61616"; classtype:trojan-activity; sid:37224861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.60 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.60|61616"; classtype:trojan-activity; sid:37224871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.230 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.230|61616"; classtype:trojan-activity; sid:37224881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.53 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.53|61616"; classtype:trojan-activity; sid:37224891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.55 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.55|61616"; classtype:trojan-activity; sid:37224901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.50 61616 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.50|61616"; classtype:trojan-activity; sid:37224911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.20 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.20|61616"; classtype:trojan-activity; sid:37224921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.48 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.48|61616"; classtype:trojan-activity; sid:37224931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.30 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.30|61616"; classtype:trojan-activity; sid:37224941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.156 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.156|61616"; classtype:trojan-activity; sid:37224951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.57 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.57|61616"; classtype:trojan-activity; sid:37224961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.58 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.58|61616"; classtype:trojan-activity; sid:37224971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.31 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.31|61616"; classtype:trojan-activity; sid:37224981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.21 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.21|61616"; classtype:trojan-activity; sid:37224991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.27 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.27|1311"; classtype:trojan-activity; sid:37225001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.12 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.12|1311"; classtype:trojan-activity; sid:37225011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.51 1307 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.51|1307"; classtype:trojan-activity; sid:37225021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.49 1311 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.49|1311"; classtype:trojan-activity; sid:37225031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.56 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.56|61616"; classtype:trojan-activity; sid:37225041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.49 61616 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.49|61616"; classtype:trojan-activity; sid:37225051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.46 61616 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.46|61616"; classtype:trojan-activity; sid:37225061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.54 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.54|61616"; classtype:trojan-activity; sid:37225071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.32 61616 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.32|61616"; classtype:trojan-activity; sid:37225081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.40 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.40|1311"; classtype:trojan-activity; sid:37225091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.31 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.31|1311"; classtype:trojan-activity; sid:37225101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.35 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.35|1311"; classtype:trojan-activity; sid:37225111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.24 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.24|1311"; classtype:trojan-activity; sid:37225121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.37 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.37|1311"; classtype:trojan-activity; sid:37225131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.25 1299 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.25|1299"; classtype:trojan-activity; sid:37225141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.52 1310 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.52|1310"; classtype:trojan-activity; sid:37225151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.44 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.44|1311"; classtype:trojan-activity; sid:37225161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.65 1302 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.65|1302"; classtype:trojan-activity; sid:37225171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.6 1298 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.6|1298"; classtype:trojan-activity; sid:37225181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.20 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.20|1311"; classtype:trojan-activity; sid:37225191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.68 1311 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.68|1311"; classtype:trojan-activity; sid:37225201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.36 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.36|1311"; classtype:trojan-activity; sid:37225211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.39 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.39|1311"; classtype:trojan-activity; sid:37225221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.23 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.23|1311"; classtype:trojan-activity; sid:37225231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.4 1375 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.4|1375"; classtype:trojan-activity; sid:37225241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.17 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.17|1311"; classtype:trojan-activity; sid:37225251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.16 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.16|1311"; classtype:trojan-activity; sid:37225261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.72 1311 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.72|1311"; classtype:trojan-activity; sid:37225271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.71 1311 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.71|1311"; classtype:trojan-activity; sid:37225281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.61 1291 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.61|1291"; classtype:trojan-activity; sid:37225291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.5 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.5|1311"; classtype:trojan-activity; sid:37225301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.14 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.14|1311"; classtype:trojan-activity; sid:37225311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.3 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.3|1311"; classtype:trojan-activity; sid:37225321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.69 1311 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.69|1311"; classtype:trojan-activity; sid:37225331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.41 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.41|1311"; classtype:trojan-activity; sid:37225341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.9 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.9|1311"; classtype:trojan-activity; sid:37225351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.2 1311 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.2|1311"; classtype:trojan-activity; sid:37225361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.7 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.7|1311"; classtype:trojan-activity; sid:37225371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.21 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.21|1311"; classtype:trojan-activity; sid:37225381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.32 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.32|1311"; classtype:trojan-activity; sid:37225391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.41 1311 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.41|1311"; classtype:trojan-activity; sid:37225401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.44 1311 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.44|1311"; classtype:trojan-activity; sid:37225411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.38 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.38|1311"; classtype:trojan-activity; sid:37225421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.66 1311 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.66|1311"; classtype:trojan-activity; sid:37225431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.45 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.45|1311"; classtype:trojan-activity; sid:37225441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.43 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.43|1311"; classtype:trojan-activity; sid:37225451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.22 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.22|1311"; classtype:trojan-activity; sid:37225461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.18 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.18|1311"; classtype:trojan-activity; sid:37225471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.42 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.42|1311"; classtype:trojan-activity; sid:37225481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 204.76.203.70 1311 (msg: "MISP e25944 [] Outgoing To IP: 204.76.203.70|1311"; classtype:trojan-activity; sid:37225491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.34 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.34|1311"; classtype:trojan-activity; sid:37225501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.30 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.30|1311"; classtype:trojan-activity; sid:37225511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.33 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.33|1311"; classtype:trojan-activity; sid:37225521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.11 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.11|1311"; classtype:trojan-activity; sid:37225531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.72.185.13 1311 (msg: "MISP e25944 [] Outgoing To IP: 62.72.185.13|1311"; classtype:trojan-activity; sid:37225541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 3.121.139.82 19762 (msg: "MISP e25944 [] Outgoing To IP: 3.121.139.82|19762"; classtype:trojan-activity; sid:37225551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.152 61616 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.152|61616"; classtype:trojan-activity; sid:37225561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.153 61616 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.153|61616"; classtype:trojan-activity; sid:37225571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.231 1288 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.231|1288"; classtype:trojan-activity; sid:37225581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.100 1311 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.100|1311"; classtype:trojan-activity; sid:37225591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.221 1311 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.221|1311"; classtype:trojan-activity; sid:37225601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.103 1311 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.103|1311"; classtype:trojan-activity; sid:37225611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.38 61616 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.38|61616"; classtype:trojan-activity; sid:37225621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.39 61616 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.39|61616"; classtype:trojan-activity; sid:37225631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.40 61616 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.40|61616"; classtype:trojan-activity; sid:37225641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.41 61616 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.41|61616"; classtype:trojan-activity; sid:37225651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.43 61616 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.43|61616"; classtype:trojan-activity; sid:37225661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.53 61616 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.53|61616"; classtype:trojan-activity; sid:37225671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.54 61616 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.54|61616"; classtype:trojan-activity; sid:37225681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.150 61616 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.150|61616"; classtype:trojan-activity; sid:37225691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.151 61616 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.151|61616"; classtype:trojan-activity; sid:37225701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.111 1289 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.111|1289"; classtype:trojan-activity; sid:37225711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 5.181.80.223 1288 (msg: "MISP e25944 [] Outgoing To IP: 5.181.80.223|1288"; classtype:trojan-activity; sid:37225721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e24600 [] Domain ccss-sante-lu.com"; dns.query; content:"ccss-sante-lu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ccss\-sante\-lu\.com$/i"; classtype:trojan-activity; sid:37086341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain ccss-sante-lu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ccss-sante-lu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ccss\-sante\-lu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37086342; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 159.89.175.38 $HTTP_PORTS (msg: "MISP e25952 [FakeUpdateRU] Outgoing URL http|3a|//159.89.175.38/"; flow:to_server,established; http.header; content:"159.89.175.38"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37059351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.71.53 61616 (msg: "MISP e25952 [AS394711,LIMENET-AS,TBOTNET] Outgoing To IP: 94.156.71.53|61616"; classtype:trojan-activity; sid:37060531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.67.14 61616 (msg: "MISP e25952 [AS394711,LIMENET-AS,TBOTNET] Outgoing To IP: 94.156.67.14|61616"; classtype:trojan-activity; sid:37060501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.71.50 61616 (msg: "MISP e25952 [AS394711,LIMENET-AS,TBOTNET] Outgoing To IP: 94.156.71.50|61616"; classtype:trojan-activity; sid:37060511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.71.52 61616 (msg: "MISP e25952 [AS394711,LIMENET-AS,TBOTNET] Outgoing To IP: 94.156.71.52|61616"; classtype:trojan-activity; sid:37060521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 91.92.251.113 61616 (msg: "MISP e25952 [AS394711,LIMENET-AS,TBOTNET] Outgoing To IP: 91.92.251.113|61616"; classtype:trojan-activity; sid:37060481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.67.13 61616 (msg: "MISP e25952 [AS394711,LIMENET-AS,TBOTNET] Outgoing To IP: 94.156.67.13|61616"; classtype:trojan-activity; sid:37060491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 3.121.139.82 19762 (msg: "MISP e25952 [njrat,RAT] Outgoing To IP: 3.121.139.82|19762"; classtype:trojan-activity; sid:37060301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 159.223.90.237 1311 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 159.223.90.237|1311"; classtype:trojan-activity; sid:37060311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 104.248.129.146 1311 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 104.248.129.146|1311"; classtype:trojan-activity; sid:37060321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 165.22.96.144 1311 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 165.22.96.144|1311"; classtype:trojan-activity; sid:37060331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 159.223.89.252 1311 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 159.223.89.252|1311"; classtype:trojan-activity; sid:37060341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 157.230.242.17 1311 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 157.230.242.17|1311"; classtype:trojan-activity; sid:37060351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 68.183.183.68 1311 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 68.183.183.68|1311"; classtype:trojan-activity; sid:37060361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 165.22.101.63 1311 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 165.22.101.63|1311"; classtype:trojan-activity; sid:37060371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 68.183.187.38 1311 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 68.183.187.38|1311"; classtype:trojan-activity; sid:37060381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 159.223.89.203 1311 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 159.223.89.203|1311"; classtype:trojan-activity; sid:37060391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 157.230.244.224 1311 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 157.230.244.224|1311"; classtype:trojan-activity; sid:37060401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 170.64.202.30 1311 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 170.64.202.30|1311"; classtype:trojan-activity; sid:37060411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 64.227.106.194 1288 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 64.227.106.194|1288"; classtype:trojan-activity; sid:37060421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 134.209.94.234 1310 (msg: "MISP e25952 [AS14061,DIGITALOCEAN-ASN,TBOTNET] Outgoing To IP: 134.209.94.234|1310"; classtype:trojan-activity; sid:37060431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.71.219 1290 (msg: "MISP e25952 [AS394711,LIMENET-AS,TBOTNET] Outgoing To IP: 94.156.71.219|1290"; classtype:trojan-activity; sid:37060441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.71.222 1310 (msg: "MISP e25952 [AS394711,LIMENET-AS,TBOTNET] Outgoing To IP: 94.156.71.222|1310"; classtype:trojan-activity; sid:37060451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.71.218 1294 (msg: "MISP e25952 [AS394711,LIMENET-AS,TBOTNET] Outgoing To IP: 94.156.71.218|1294"; classtype:trojan-activity; sid:37060461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.71.216 1311 (msg: "MISP e25952 [AS394711,LIMENET-AS,TBOTNET] Outgoing To IP: 94.156.71.216|1311"; classtype:trojan-activity; sid:37060471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.152 61616 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.152|61616"; classtype:trojan-activity; sid:37060281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.153 61616 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.153|61616"; classtype:trojan-activity; sid:37060291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.150 61616 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.150|61616"; classtype:trojan-activity; sid:37060261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.151 61616 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.151|61616"; classtype:trojan-activity; sid:37060271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.53 61616 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.53|61616"; classtype:trojan-activity; sid:37060241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.54 61616 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.54|61616"; classtype:trojan-activity; sid:37060251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.40 61616 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.40|61616"; classtype:trojan-activity; sid:37060211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.43 61616 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.43|61616"; classtype:trojan-activity; sid:37060231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.41 61616 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.41|61616"; classtype:trojan-activity; sid:37060221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.38 61616 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.38|61616"; classtype:trojan-activity; sid:37060191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.39 61616 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.39|61616"; classtype:trojan-activity; sid:37060201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.221 1311 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.221|1311"; classtype:trojan-activity; sid:37060171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.103 1311 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.103|1311"; classtype:trojan-activity; sid:37060181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.42 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.42|1311"; classtype:trojan-activity; sid:37059361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.70 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.70|1311"; classtype:trojan-activity; sid:37059371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.34 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.34|1311"; classtype:trojan-activity; sid:37059381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.30 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.30|1311"; classtype:trojan-activity; sid:37059391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.33 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.33|1311"; classtype:trojan-activity; sid:37059401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.11 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.11|1311"; classtype:trojan-activity; sid:37059411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.13 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.13|1311"; classtype:trojan-activity; sid:37059421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.41 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.41|1311"; classtype:trojan-activity; sid:37059431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.44 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.44|1311"; classtype:trojan-activity; sid:37059441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.38 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.38|1311"; classtype:trojan-activity; sid:37059451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.66 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.66|1311"; classtype:trojan-activity; sid:37059461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.45 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.45|1311"; classtype:trojan-activity; sid:37059471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.43 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.43|1311"; classtype:trojan-activity; sid:37059481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.22 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.22|1311"; classtype:trojan-activity; sid:37059491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.18 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.18|1311"; classtype:trojan-activity; sid:37059501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.3 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.3|1311"; classtype:trojan-activity; sid:37059511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.69 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.69|1311"; classtype:trojan-activity; sid:37059521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.41 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.41|1311"; classtype:trojan-activity; sid:37059531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.9 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.9|1311"; classtype:trojan-activity; sid:37059541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.2 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.2|1311"; classtype:trojan-activity; sid:37059551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.21 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.21|1311"; classtype:trojan-activity; sid:37059571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.7 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.7|1311"; classtype:trojan-activity; sid:37059561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.32 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.32|1311"; classtype:trojan-activity; sid:37059581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.4 1375 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.4|1375"; classtype:trojan-activity; sid:37059591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.17 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.17|1311"; classtype:trojan-activity; sid:37059601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.16 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.16|1311"; classtype:trojan-activity; sid:37059611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.72 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.72|1311"; classtype:trojan-activity; sid:37059621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.71 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.71|1311"; classtype:trojan-activity; sid:37059631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.61 1291 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.61|1291"; classtype:trojan-activity; sid:37059641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.5 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.5|1311"; classtype:trojan-activity; sid:37059651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.14 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.14|1311"; classtype:trojan-activity; sid:37059661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.65 1302 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.65|1302"; classtype:trojan-activity; sid:37059681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.44 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.44|1311"; classtype:trojan-activity; sid:37059671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.6 1298 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.6|1298"; classtype:trojan-activity; sid:37059691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.20 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.20|1311"; classtype:trojan-activity; sid:37059701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.24 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.24|1311"; classtype:trojan-activity; sid:37059781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.37 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.37|1311"; classtype:trojan-activity; sid:37059791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.31 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.31|1311"; classtype:trojan-activity; sid:37059761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.23 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.23|1311"; classtype:trojan-activity; sid:37059741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.71.216 1311 (msg: "MISP e25944 [] Outgoing To IP: 94.156.71.216|1311"; classtype:trojan-activity; sid:37225731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.156.71.219 1290 (msg: "MISP e25944 [] Outgoing To IP: 94.156.71.219|1290"; classtype:trojan-activity; sid:37225741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.156.71.222 1310 (msg: "MISP e25944 [] Outgoing To IP: 94.156.71.222|1310"; classtype:trojan-activity; sid:37225751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.156.71.218 1294 (msg: "MISP e25944 [] Outgoing To IP: 94.156.71.218|1294"; classtype:trojan-activity; sid:37225761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 64.227.106.194 1288 (msg: "MISP e25944 [] Outgoing To IP: 64.227.106.194|1288"; classtype:trojan-activity; sid:37225771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 134.209.94.234 1310 (msg: "MISP e25944 [] Outgoing To IP: 134.209.94.234|1310"; classtype:trojan-activity; sid:37225781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 157.230.244.224 1311 (msg: "MISP e25944 [] Outgoing To IP: 157.230.244.224|1311"; classtype:trojan-activity; sid:37225791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 170.64.202.30 1311 (msg: "MISP e25944 [] Outgoing To IP: 170.64.202.30|1311"; classtype:trojan-activity; sid:37225801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 165.22.101.63 1311 (msg: "MISP e25944 [] Outgoing To IP: 165.22.101.63|1311"; classtype:trojan-activity; sid:37225811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 68.183.187.38 1311 (msg: "MISP e25944 [] Outgoing To IP: 68.183.187.38|1311"; classtype:trojan-activity; sid:37225821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 159.223.89.203 1311 (msg: "MISP e25944 [] Outgoing To IP: 159.223.89.203|1311"; classtype:trojan-activity; sid:37225831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 157.230.242.17 1311 (msg: "MISP e25944 [] Outgoing To IP: 157.230.242.17|1311"; classtype:trojan-activity; sid:37225841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 68.183.183.68 1311 (msg: "MISP e25944 [] Outgoing To IP: 68.183.183.68|1311"; classtype:trojan-activity; sid:37225851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 165.22.96.144 1311 (msg: "MISP e25944 [] Outgoing To IP: 165.22.96.144|1311"; classtype:trojan-activity; sid:37225861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 159.223.89.252 1311 (msg: "MISP e25944 [] Outgoing To IP: 159.223.89.252|1311"; classtype:trojan-activity; sid:37225871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 104.248.129.146 1311 (msg: "MISP e25944 [] Outgoing To IP: 104.248.129.146|1311"; classtype:trojan-activity; sid:37225881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 159.223.90.237 1311 (msg: "MISP e25944 [] Outgoing To IP: 159.223.90.237|1311"; classtype:trojan-activity; sid:37225891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 91.92.251.113 61616 (msg: "MISP e25944 [] Outgoing To IP: 91.92.251.113|61616"; classtype:trojan-activity; sid:37225901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.156.67.13 61616 (msg: "MISP e25944 [] Outgoing To IP: 94.156.67.13|61616"; classtype:trojan-activity; sid:37225911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.156.67.14 61616 (msg: "MISP e25944 [] Outgoing To IP: 94.156.67.14|61616"; classtype:trojan-activity; sid:37225921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.156.71.50 61616 (msg: "MISP e25944 [] Outgoing To IP: 94.156.71.50|61616"; classtype:trojan-activity; sid:37225931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.156.71.52 61616 (msg: "MISP e25944 [] Outgoing To IP: 94.156.71.52|61616"; classtype:trojan-activity; sid:37225941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.156.71.53 61616 (msg: "MISP e25944 [] Outgoing To IP: 94.156.71.53|61616"; classtype:trojan-activity; sid:37225951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.93.9.100 1311 (msg: "MISP e25952 [ALEXHOST,AS200019,TBOTNET] Outgoing To IP: 45.93.9.100|1311"; classtype:trojan-activity; sid:37060581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.93.9.98 1285 (msg: "MISP e25952 [ALEXHOST,AS200019,TBOTNET] Outgoing To IP: 45.93.9.98|1285"; classtype:trojan-activity; sid:37060591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.93.9.107 1311 (msg: "MISP e25952 [ALEXHOST,AS200019,TBOTNET] Outgoing To IP: 45.93.9.107|1311"; classtype:trojan-activity; sid:37060561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.93.9.108 1299 (msg: "MISP e25952 [ALEXHOST,AS200019,TBOTNET] Outgoing To IP: 45.93.9.108|1299"; classtype:trojan-activity; sid:37060571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.100 1311 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.100|1311"; classtype:trojan-activity; sid:37060161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.93.9.113 1311 (msg: "MISP e25952 [ALEXHOST,AS200019,TBOTNET] Outgoing To IP: 45.93.9.113|1311"; classtype:trojan-activity; sid:37060541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.93.9.116 1311 (msg: "MISP e25952 [ALEXHOST,AS200019,TBOTNET] Outgoing To IP: 45.93.9.116|1311"; classtype:trojan-activity; sid:37060551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.111 1289 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.111|1289"; classtype:trojan-activity; sid:37060131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.223 1288 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.223|1288"; classtype:trojan-activity; sid:37060141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 5.181.80.231 1288 (msg: "MISP e25952 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.231|1288"; classtype:trojan-activity; sid:37060151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.19 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.19|61616"; classtype:trojan-activity; sid:37060121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.53 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.53|61616"; classtype:trojan-activity; sid:37060101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.47 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.47|61616"; classtype:trojan-activity; sid:37060111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.230 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.230|61616"; classtype:trojan-activity; sid:37060091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.50 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.50|61616"; classtype:trojan-activity; sid:37060071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.60 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.60|61616"; classtype:trojan-activity; sid:37060081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.43 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.43|61616"; classtype:trojan-activity; sid:37060041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.36 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.36|61616"; classtype:trojan-activity; sid:37060051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.45 1433 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.45|1433"; classtype:trojan-activity; sid:37060061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.26 1303 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.26|1303"; classtype:trojan-activity; sid:37060021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.28 1291 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.28|1291"; classtype:trojan-activity; sid:37060031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.58 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.58|61616"; classtype:trojan-activity; sid:37059981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.31 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.31|61616"; classtype:trojan-activity; sid:37059991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.42 1332 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.42|1332"; classtype:trojan-activity; sid:37060011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.21 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.21|61616"; classtype:trojan-activity; sid:37060001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.30 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.30|61616"; classtype:trojan-activity; sid:37059951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.57 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.57|61616"; classtype:trojan-activity; sid:37059971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.48 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.48|61616"; classtype:trojan-activity; sid:37059941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.156 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.156|61616"; classtype:trojan-activity; sid:37059961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.20 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.20|61616"; classtype:trojan-activity; sid:37059931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.55 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.55|61616"; classtype:trojan-activity; sid:37059911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.50 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.50|61616"; classtype:trojan-activity; sid:37059921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 85.204.116.230 1287 (msg: "MISP e25952 [AS48874,HOSTMAZE,TBOTNET] Outgoing To IP: 85.204.116.230|1287"; classtype:trojan-activity; sid:37060611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 85.204.116.237 1284 (msg: "MISP e25952 [AS48874,HOSTMAZE,TBOTNET] Outgoing To IP: 85.204.116.237|1284"; classtype:trojan-activity; sid:37060621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 85.204.116.247 1295 (msg: "MISP e25952 [AS48874,HOSTMAZE,TBOTNET] Outgoing To IP: 85.204.116.247|1295"; classtype:trojan-activity; sid:37060631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 85.204.116.24 1293 (msg: "MISP e25952 [AS48874,HOSTMAZE,TBOTNET] Outgoing To IP: 85.204.116.24|1293"; classtype:trojan-activity; sid:37060641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.32 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.32|61616"; classtype:trojan-activity; sid:37059901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.54 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.54|61616"; classtype:trojan-activity; sid:37059891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 85.204.116.128 1294 (msg: "MISP e25952 [AS48874,HOSTMAZE,TBOTNET] Outgoing To IP: 85.204.116.128|1294"; classtype:trojan-activity; sid:37060601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.49 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.49|61616"; classtype:trojan-activity; sid:37059871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.46 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.46|61616"; classtype:trojan-activity; sid:37059881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.49 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.49|1311"; classtype:trojan-activity; sid:37059851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.56 61616 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.56|61616"; classtype:trojan-activity; sid:37059861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.12 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.12|1311"; classtype:trojan-activity; sid:37059831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.51 1307 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.51|1307"; classtype:trojan-activity; sid:37059841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.52 1310 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.52|1310"; classtype:trojan-activity; sid:37059811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.27 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.27|1311"; classtype:trojan-activity; sid:37059821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.25 1299 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.25|1299"; classtype:trojan-activity; sid:37059801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.35 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.35|1311"; classtype:trojan-activity; sid:37059771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.36 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.36|1311"; classtype:trojan-activity; sid:37059721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.39 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.39|1311"; classtype:trojan-activity; sid:37059731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.72.185.40 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 62.72.185.40|1311"; classtype:trojan-activity; sid:37059751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 204.76.203.68 1311 (msg: "MISP e25952 [400328,INTEL-HOSTING,TBOTNET] Outgoing To IP: 204.76.203.68|1311"; classtype:trojan-activity; sid:37059711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.131.13.80 1288 (msg: "MISP e25952 [AS44477,STARK-INDUSTRIES,TBOTNET] Outgoing To IP: 94.131.13.80|1288"; classtype:trojan-activity; sid:37060681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 80.92.206.176 1311 (msg: "MISP e25952 [AS44477,STARK-INDUSTRIES,TBOTNET] Outgoing To IP: 80.92.206.176|1311"; classtype:trojan-activity; sid:37060661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 74.119.193.126 1297 (msg: "MISP e25952 [AS44477,STARK-INDUSTRIES,TBOTNET] Outgoing To IP: 74.119.193.126|1297"; classtype:trojan-activity; sid:37060671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 185.74.222.151 1295 (msg: "MISP e25952 [AS44477,STARK-INDUSTRIES,TBOTNET] Outgoing To IP: 185.74.222.151|1295"; classtype:trojan-activity; sid:37060651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 193.233.132.169 2880 (msg: "MISP e25952 [RedLineStealer] Outgoing To IP: 193.233.132.169|2880"; classtype:trojan-activity; sid:37060691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 194.143.146.147 1311 (msg: "MISP e25944 [] Outgoing To IP: 194.143.146.147|1311"; classtype:trojan-activity; sid:37225961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 194.143.146.141 1521 (msg: "MISP e25944 [] Outgoing To IP: 194.143.146.141|1521"; classtype:trojan-activity; sid:37225971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 194.143.146.152 1433 (msg: "MISP e25944 [] Outgoing To IP: 194.143.146.152|1433"; classtype:trojan-activity; sid:37225981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 87.121.112.29 1294 (msg: "MISP e25944 [] Outgoing To IP: 87.121.112.29|1294"; classtype:trojan-activity; sid:37225991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 87.121.112.41 1299 (msg: "MISP e25944 [] Outgoing To IP: 87.121.112.41|1299"; classtype:trojan-activity; sid:37226001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 195.14.123.125 1311 (msg: "MISP e25944 [] Outgoing To IP: 195.14.123.125|1311"; classtype:trojan-activity; sid:37226011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 195.14.123.126 1311 (msg: "MISP e25944 [] Outgoing To IP: 195.14.123.126|1311"; classtype:trojan-activity; sid:37226021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 51.195.61.8 65535 (msg: "MISP e25944 [] Outgoing To IP: 51.195.61.8|65535"; classtype:trojan-activity; sid:37226031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 195.85.114.141 65535 (msg: "MISP e25944 [] Outgoing To IP: 195.85.114.141|65535"; classtype:trojan-activity; sid:37226041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.196.10.27 1311 (msg: "MISP e25944 [] Outgoing To IP: 185.196.10.27|1311"; classtype:trojan-activity; sid:37226051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 193.233.132.169 2880 (msg: "MISP e25944 [] Outgoing To IP: 193.233.132.169|2880"; classtype:trojan-activity; sid:37226061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.74.222.151 1295 (msg: "MISP e25944 [] Outgoing To IP: 185.74.222.151|1295"; classtype:trojan-activity; sid:37226071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 80.92.206.176 1311 (msg: "MISP e25944 [] Outgoing To IP: 80.92.206.176|1311"; classtype:trojan-activity; sid:37226081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 74.119.193.126 1297 (msg: "MISP e25944 [] Outgoing To IP: 74.119.193.126|1297"; classtype:trojan-activity; sid:37226091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.131.13.80 1288 (msg: "MISP e25944 [] Outgoing To IP: 94.131.13.80|1288"; classtype:trojan-activity; sid:37226101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 85.204.116.128 1294 (msg: "MISP e25944 [] Outgoing To IP: 85.204.116.128|1294"; classtype:trojan-activity; sid:37226111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 85.204.116.230 1287 (msg: "MISP e25944 [] Outgoing To IP: 85.204.116.230|1287"; classtype:trojan-activity; sid:37226121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 85.204.116.237 1284 (msg: "MISP e25944 [] Outgoing To IP: 85.204.116.237|1284"; classtype:trojan-activity; sid:37226131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 85.204.116.247 1295 (msg: "MISP e25944 [] Outgoing To IP: 85.204.116.247|1295"; classtype:trojan-activity; sid:37226141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 85.204.116.24 1293 (msg: "MISP e25944 [] Outgoing To IP: 85.204.116.24|1293"; classtype:trojan-activity; sid:37226151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.93.9.113 1311 (msg: "MISP e25944 [] Outgoing To IP: 45.93.9.113|1311"; classtype:trojan-activity; sid:37226161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.93.9.116 1311 (msg: "MISP e25944 [] Outgoing To IP: 45.93.9.116|1311"; classtype:trojan-activity; sid:37226171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.93.9.107 1311 (msg: "MISP e25944 [] Outgoing To IP: 45.93.9.107|1311"; classtype:trojan-activity; sid:37226181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.93.9.108 1299 (msg: "MISP e25944 [] Outgoing To IP: 45.93.9.108|1299"; classtype:trojan-activity; sid:37226191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.93.9.100 1311 (msg: "MISP e25944 [] Outgoing To IP: 45.93.9.100|1311"; classtype:trojan-activity; sid:37226201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.93.9.98 1285 (msg: "MISP e25944 [] Outgoing To IP: 45.93.9.98|1285"; classtype:trojan-activity; sid:37226211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25846 [] Domain sonofits-usa.com"; dns.query; content:"sonofits-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sonofits\-usa\.com$/i"; classtype:trojan-activity; sid:37253141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25846 [] Outgoing HTTP Domain sonofits-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sonofits-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sonofits\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 728674872097625b90092.from-az.net"; dns.query; content:"728674872097625b90092.from-az.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])728674872097625b90092\.from\-az\.net$/i"; classtype:trojan-activity; sid:37086401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 728674872097625b90092.from-az.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"728674872097625b90092.from-az.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])728674872097625b90092\.from\-az\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37086402; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e25898 [] Domain app-estado.pages.dev"; dns.query; content:"app-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37041411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25898;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25898 [] Outgoing HTTP Domain app-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37041412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25898;) alert dns any any -> any any (msg: "MISP e24600 [] Domain post.black"; dns.query; content:"post.black"; nocase; pcre: "/(^|[^A-Za-z0-9-])post\.black$/i"; classtype:trojan-activity; sid:37086441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain post.black"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"post.black"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])post\.black[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37086442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 185.196.10.27 1311 (msg: "MISP e25952 [TBOTNET] Outgoing To IP: 185.196.10.27|1311"; classtype:trojan-activity; sid:37060791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 195.85.114.141 65535 (msg: "MISP e25952 [TBOTNET] Outgoing To IP: 195.85.114.141|65535"; classtype:trojan-activity; sid:37060781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 195.14.123.125 1311 (msg: "MISP e25952 [TBOTNET] Outgoing To IP: 195.14.123.125|1311"; classtype:trojan-activity; sid:37060751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 195.14.123.126 1311 (msg: "MISP e25952 [TBOTNET] Outgoing To IP: 195.14.123.126|1311"; classtype:trojan-activity; sid:37060761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 51.195.61.8 65535 (msg: "MISP e25952 [TBOTNET] Outgoing To IP: 51.195.61.8|65535"; classtype:trojan-activity; sid:37060771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 87.121.112.29 1294 (msg: "MISP e25952 [TBOTNET] Outgoing To IP: 87.121.112.29|1294"; classtype:trojan-activity; sid:37060731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 87.121.112.41 1299 (msg: "MISP e25952 [TBOTNET] Outgoing To IP: 87.121.112.41|1299"; classtype:trojan-activity; sid:37060741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 194.143.146.141 1521 (msg: "MISP e25952 [TBOTNET] Outgoing To IP: 194.143.146.141|1521"; classtype:trojan-activity; sid:37060711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 194.143.146.152 1433 (msg: "MISP e25952 [TBOTNET] Outgoing To IP: 194.143.146.152|1433"; classtype:trojan-activity; sid:37060721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 194.143.146.147 1311 (msg: "MISP e25952 [TBOTNET] Outgoing To IP: 194.143.146.147|1311"; classtype:trojan-activity; sid:37060701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 193.142.58.126 any (msg: "MISP e26083 [] Outgoing To IP: 193.142.58.126"; classtype:trojan-activity; sid:37126801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26083;) alert ip $HOME_NET any -> 198.244.174.214 any (msg: "MISP e26083 [] Outgoing To IP: 198.244.174.214"; classtype:trojan-activity; sid:37126811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26083;) alert dns any any -> any any (msg: "MISP e26083 [] Domain idowall.com"; dns.query; content:"idowall.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])idowall\.com$/i"; classtype:trojan-activity; sid:37126821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26083;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26083 [] Outgoing HTTP Domain idowall.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"idowall.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])idowall\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37126822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26083;) alert http $HOME_NET any -> 194.87.14.130 $HTTP_PORTS (msg: "MISP e25989 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//194.87.14.130/ngownx.vbs"; flow:to_server,established; http.header; content:"194.87.14.130"; fast_pattern; nocase; http.uri; content:"/ngownx.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37069071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25989;) alert dns any any -> any any (msg: "MISP e25899 [] Domain app-estado.pages.dev"; dns.query; content:"app-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37041491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25899;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25899 [] Outgoing HTTP Domain app-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37041492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25899;) alert dns any any -> any any (msg: "MISP e25900 [] Domain estado-express.pages.dev"; dns.query; content:"estado-express.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-express\.pages\.dev$/i"; classtype:trojan-activity; sid:37041571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25900;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25900 [] Outgoing HTTP Domain estado-express.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado-express.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-express\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37041572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25900;) alert ip $HOME_NET any -> 103.186.117.232 1985 (msg: "MISP e25952 [RAT,RemcosRAT] Outgoing To IP: 103.186.117.232|1985"; classtype:trojan-activity; sid:37060801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 103.186.117.232 1985 (msg: "MISP e25944 [] Outgoing To IP: 103.186.117.232|1985"; classtype:trojan-activity; sid:37226221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 103.86.131.70 443 (msg: "MISP e25952 [c2,Get2] Outgoing To IP: 103.86.131.70|443"; classtype:trojan-activity; sid:37060811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25901 [] Domain fogape.theaerie.ca"; dns.query; content:"fogape.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37041661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25901;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25901 [] Outgoing HTTP Domain fogape.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fogape.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37041662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25901;) alert dns any any -> any any (msg: "MISP e25952 [CobaltStrike,cs-watermark-1580103824,FLYSERVERS-ASN] Domain qw.regcssv.com"; dns.query; content:"qw.regcssv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qw\.regcssv\.com$/i"; classtype:trojan-activity; sid:37060831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [CobaltStrike,cs-watermark-1580103824,FLYSERVERS-ASN] Outgoing HTTP Domain qw.regcssv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qw.regcssv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qw\.regcssv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37060832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [CobaltStrike,cs-watermark-1580103824,FLYSERVERS-ASN] Domain as.regcssv.com"; dns.query; content:"as.regcssv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])as\.regcssv\.com$/i"; classtype:trojan-activity; sid:37060851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [CobaltStrike,cs-watermark-1580103824,FLYSERVERS-ASN] Outgoing HTTP Domain as.regcssv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"as.regcssv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])as\.regcssv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37060852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [CobaltStrike,cs-watermark-1580103824,FLYSERVERS-ASN] Domain zx.regcssv.com"; dns.query; content:"zx.regcssv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zx\.regcssv\.com$/i"; classtype:trojan-activity; sid:37060871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [CobaltStrike,cs-watermark-1580103824,FLYSERVERS-ASN] Outgoing HTTP Domain zx.regcssv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zx.regcssv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zx\.regcssv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37060872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 179.60.147.175 443 (msg: "MISP e25952 [CobaltStrike,cs-watermark-1580103824,FLYSERVERS-ASN] Outgoing To IP: 179.60.147.175|443"; classtype:trojan-activity; sid:37060881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 42.3.134.97 443 (msg: "MISP e25952 [CobaltStrike,cs-watermark-987654321,HKTIMS-AP HKT Limited] Outgoing To IP: 42.3.134.97|443"; classtype:trojan-activity; sid:37060901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 42.3.134.97 443 (msg: "MISP e25944 [] Outgoing To IP: 42.3.134.97|443"; classtype:trojan-activity; sid:37226231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 179.60.147.175 443 (msg: "MISP e25944 [] Outgoing To IP: 179.60.147.175|443"; classtype:trojan-activity; sid:37226251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain zx.regcssv.com"; dns.query; content:"zx.regcssv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zx\.regcssv\.com$/i"; classtype:trojan-activity; sid:37226271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain zx.regcssv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zx.regcssv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zx\.regcssv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain as.regcssv.com"; dns.query; content:"as.regcssv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])as\.regcssv\.com$/i"; classtype:trojan-activity; sid:37226291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain as.regcssv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"as.regcssv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])as\.regcssv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain qw.regcssv.com"; dns.query; content:"qw.regcssv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qw\.regcssv\.com$/i"; classtype:trojan-activity; sid:37226301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain qw.regcssv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qw.regcssv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qw\.regcssv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 103.86.131.70 443 (msg: "MISP e25944 [] Outgoing To IP: 103.86.131.70|443"; classtype:trojan-activity; sid:37226321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.142.182.104 4568 (msg: "MISP e25944 [] Outgoing To IP: 45.142.182.104|4568"; classtype:trojan-activity; sid:37226331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing URL cns-card-lu.com"; flow:to_server,established; http.uri; content:"cns-card-lu.com"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37086461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e25902 [] Domain app-estado.pages.dev"; dns.query; content:"app-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37041741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25902;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25902 [] Outgoing HTTP Domain app-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37041742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25902;) alert dns any any -> any any (msg: "MISP e25903 [] Domain fogape.theaerie.ca"; dns.query; content:"fogape.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37041821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25903 [] Outgoing HTTP Domain fogape.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fogape.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37041822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25903;) alert dns any any -> any any (msg: "MISP e25904 [] Domain app-estado.pages.dev"; dns.query; content:"app-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37041901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25904;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25904 [] Outgoing HTTP Domain app-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37041902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25904;) alert dns any any -> any any (msg: "MISP e25905 [] Domain app-estado.pages.dev"; dns.query; content:"app-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37041981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25905;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25905 [] Outgoing HTTP Domain app-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37041982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25905;) alert ip $HOME_NET any -> 156.251.19.27 20399 (msg: "MISP e25944 [] Outgoing To IP: 156.251.19.27|20399"; classtype:trojan-activity; sid:37226341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25906 [] Domain solicita-estado.pages.dev"; dns.query; content:"solicita-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37042061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25906;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25906 [] Outgoing HTTP Domain solicita-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"solicita-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37042062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25906;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25907 [] Outgoing URL http|3a|//solicita-estado.pages.dev"; flow:to_server,established; http.header; content:"solicita-estado.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37042131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25907;) alert dns any any -> any any (msg: "MISP e25907 [] Domain solicita-estado.pages.dev"; dns.query; content:"solicita-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37042151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25907;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25907 [] Outgoing HTTP Domain solicita-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"solicita-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37042152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25907;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25908 [] Outgoing URL http|3a|//solicita-estado.pages.dev"; flow:to_server,established; http.header; content:"solicita-estado.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37042221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25908;) alert dns any any -> any any (msg: "MISP e25908 [] Domain solicita-estado.pages.dev"; dns.query; content:"solicita-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37042241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25908;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25908 [] Outgoing HTTP Domain solicita-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"solicita-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37042242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25908;) alert ip $HOME_NET any -> 82.147.85.148 80 (msg: "MISP e25952 [c2,cobalt_strike] Outgoing To IP: 82.147.85.148|80"; classtype:trojan-activity; sid:37060911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 165.232.113.85 443 (msg: "MISP e25952 [c2,sliver] Outgoing To IP: 165.232.113.85|443"; classtype:trojan-activity; sid:37060921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 165.232.113.85 443 (msg: "MISP e25944 [] Outgoing To IP: 165.232.113.85|443"; classtype:trojan-activity; sid:37226351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 82.147.85.148 80 (msg: "MISP e25944 [] Outgoing To IP: 82.147.85.148|80"; classtype:trojan-activity; sid:37226361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25952 [Rhadamanthys] Domain pastratas.ac.ug"; dns.query; content:"pastratas.ac.ug"; nocase; pcre: "/(^|[^A-Za-z0-9-])pastratas\.ac\.ug$/i"; classtype:trojan-activity; sid:37060931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [Rhadamanthys] Outgoing HTTP Domain pastratas.ac.ug"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pastratas.ac.ug"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pastratas\.ac\.ug[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37060932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25909 [] Domain bancoestado-solicita.pages.dev"; dns.query; content:"bancoestado-solicita.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-solicita\.pages\.dev$/i"; classtype:trojan-activity; sid:37042321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25909;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25909 [] Outgoing HTTP Domain bancoestado-solicita.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancoestado-solicita.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-solicita\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37042322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25909;) alert dns any any -> any any (msg: "MISP e25910 [] Domain banestado-solicita.pages.dev"; dns.query; content:"banestado-solicita.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-solicita\.pages\.dev$/i"; classtype:trojan-activity; sid:37042401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25910;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25910 [] Outgoing HTTP Domain banestado-solicita.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-solicita.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-solicita\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37042402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25910;) alert dns any any -> any any (msg: "MISP e25944 [] Domain pastratas.ac.ug"; dns.query; content:"pastratas.ac.ug"; nocase; pcre: "/(^|[^A-Za-z0-9-])pastratas\.ac\.ug$/i"; classtype:trojan-activity; sid:37226371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain pastratas.ac.ug"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pastratas.ac.ug"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pastratas\.ac\.ug[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25911 [] Domain solicita-estado.pages.dev"; dns.query; content:"solicita-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37042481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25911;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25911 [] Outgoing HTTP Domain solicita-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"solicita-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37042482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25911;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: 1planet1state@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"1planet1state@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086831; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: 2d6462d0.amyaadtwvkaaaaaaaaaaakw1mf8aaaabecyaaaaaabjzoabltjq4@a1635232.bnc3.mailjet.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"2d6462d0.amyaadtwvkaaaaaaaaaaakw1mf8aaaabecyaaaaaabjzoabltjq4@a1635232.bnc3.mailjet.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086821; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: securedmbh@everylinesbeds.co"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"securedmbh@everylinesbeds.co"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086641; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: regionblacksea@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"regionblacksea@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086651; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: newjobs@ztepluscontext.co"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"newjobs@ztepluscontext.co"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086661; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: masumi@foomac.jp"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"masumi@foomac.jp"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086671; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: le.be@chello.at"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"le.be@chello.at"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086681; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: info@torox.kyiv.ua"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"info@torox.kyiv.ua"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086691; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: info@dutel.kyiv.ua"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"info@dutel.kyiv.ua"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086701; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: heiltec@caddickdevelopments.uk"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"heiltec@caddickdevelopments.uk"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086711; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: hcradv@server1.hospedagemeregistrodesite.com.br"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"hcradv@server1.hospedagemeregistrodesite.com.br"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086721; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: hassanmamman3423@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"hassanmamman3423@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086731; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: gilicze.zoltan@patrona.hu"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"gilicze.zoltan@patrona.hu"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086741; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: evelyne@muad.intesaspaolo.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"evelyne@muad.intesaspaolo.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086751; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: entabill2021@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"entabill2021@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086761; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: denese725@c.kont.sbs"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"denese725@c.kont.sbs"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086771; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: carlos.bailon@fedeguayas.com.ec"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"carlos.bailon@fedeguayas.com.ec"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086781; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: benjamincaslas23@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"benjamincaslas23@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086791; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: bbheilala1@comcast.net"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"bbheilala1@comcast.net"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086801; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: amunia@everylinesbeds.co"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"amunia@everylinesbeds.co"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086811; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: serviseclieo1@trade3gmobb.jp"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"serviseclieo1@trade3gmobb.jp"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086841; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: sharponwards@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"sharponwards@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086851; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: surnitsyna@vniif.ru"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"surnitsyna@vniif.ru"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086861; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: wilsherj63@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"wilsherj63@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086871; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26004 [] Source Email Address: yara@gizzydesigns.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"yara@gizzydesigns.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37086881; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> 39.174.238.52 58473 (msg: "MISP e25952 [] Outgoing URL http|3a|//39.174.238.52|3a|58473/mozi.m"; flow:to_server,established; http.header; content:"39.174.238.52"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37060941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip 102.64.213.186 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 102.64.213.186"; classtype:trojan-activity; sid:37086891; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 13.107.21.200 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 13.107.21.200"; classtype:trojan-activity; sid:37086901; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 15.235.48.18 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 15.235.48.18"; classtype:trojan-activity; sid:37086911; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 15.235.49.253 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 15.235.49.253"; classtype:trojan-activity; sid:37086921; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 153.123.7.49 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 153.123.7.49"; classtype:trojan-activity; sid:37086931; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 157.245.62.108 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 157.245.62.108"; classtype:trojan-activity; sid:37086941; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 160.251.151.90 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 160.251.151.90"; classtype:trojan-activity; sid:37086951; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 162.255.119.161 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 162.255.119.161"; classtype:trojan-activity; sid:37086961; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 18.27.95.85 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 18.27.95.85"; classtype:trojan-activity; sid:37086971; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 180.235.135.139 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 180.235.135.139"; classtype:trojan-activity; sid:37086981; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 185.189.236.34 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 185.189.236.34"; classtype:trojan-activity; sid:37086991; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 185.196.10.232 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 185.196.10.232"; classtype:trojan-activity; sid:37087001; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 185.222.163.124 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 185.222.163.124"; classtype:trojan-activity; sid:37087011; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 185.94.190.202 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 185.94.190.202"; classtype:trojan-activity; sid:37087021; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 192.185.5.39 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 192.185.5.39"; classtype:trojan-activity; sid:37087031; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 202.53.148.5 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 202.53.148.5"; classtype:trojan-activity; sid:37087041; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 203.161.44.13 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 203.161.44.13"; classtype:trojan-activity; sid:37087051; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 72.29.71.71 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 72.29.71.71"; classtype:trojan-activity; sid:37087071; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 80.109.253.246 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 80.109.253.246"; classtype:trojan-activity; sid:37087081; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 81.183.227.213 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 81.183.227.213"; classtype:trojan-activity; sid:37087091; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 91.218.65.6 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 91.218.65.6"; classtype:trojan-activity; sid:37087101; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert ip 92.42.44.113 any -> $HOME_NET any (msg: "MISP e26004 [] Incoming From IP: 92.42.44.113"; classtype:trojan-activity; sid:37087111; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25945 [] Source Email Address: export01@tancechem.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"export01@tancechem.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37058131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25945;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25945 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"T-File 8.7z|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37058151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25945;) alert ip 198.54.125.234 any -> $HOME_NET any (msg: "MISP e25945 [] Incoming From IP: 198.54.125.234"; classtype:trojan-activity; sid:37058161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25945;) alert dns any any -> any any (msg: "MISP e25945 [] Domain business39-1.web-hosting.com"; dns.query; content:"business39-1.web-hosting.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])business39\-1\.web\-hosting\.com$/i"; classtype:trojan-activity; sid:37058171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25945;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25945 [] Outgoing HTTP Domain business39-1.web-hosting.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"business39-1.web-hosting.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])business39\-1\.web\-hosting\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37058172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25945;) alert dns any any -> any any (msg: "MISP e26004 [] Domain 888396ss.com"; dns.query; content:"888396ss.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])888396ss\.com$/i"; classtype:trojan-activity; sid:37087121; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain 888396ss.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"888396ss.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])888396ss\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087122; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain babydemands.com"; dns.query; content:"babydemands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])babydemands\.com$/i"; classtype:trojan-activity; sid:37087131; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain babydemands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"babydemands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])babydemands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087132; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain br408-ip03.hostgator.com.br"; dns.query; content:"br408-ip03.hostgator.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])br408\-ip03\.hostgator\.com\.br$/i"; classtype:trojan-activity; sid:37087141; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain br408-ip03.hostgator.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"br408-ip03.hostgator.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])br408\-ip03\.hostgator\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087142; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain crm.clubpronanza.com"; dns.query; content:"crm.clubpronanza.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])crm\.clubpronanza\.com$/i"; classtype:trojan-activity; sid:37087151; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain crm.clubpronanza.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crm.clubpronanza.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crm\.clubpronanza\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087152; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain everylinesbeds.co"; dns.query; content:"everylinesbeds.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])everylinesbeds\.co$/i"; classtype:trojan-activity; sid:37087161; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain everylinesbeds.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"everylinesbeds.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])everylinesbeds\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087162; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain forms.onepagecrm.com"; dns.query; content:"forms.onepagecrm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])forms\.onepagecrm\.com$/i"; classtype:trojan-activity; sid:37087171; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain forms.onepagecrm.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"forms.onepagecrm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])forms\.onepagecrm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087172; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain fvasxabnui.us"; dns.query; content:"fvasxabnui.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])fvasxabnui\.us$/i"; classtype:trojan-activity; sid:37087181; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain fvasxabnui.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fvasxabnui.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fvasxabnui\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087182; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain imfgrantunit.org"; dns.query; content:"imfgrantunit.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])imfgrantunit\.org$/i"; classtype:trojan-activity; sid:37087191; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain imfgrantunit.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"imfgrantunit.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])imfgrantunit\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087192; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain ligaprava.kyiv.ua"; dns.query; content:"ligaprava.kyiv.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])ligaprava\.kyiv\.ua$/i"; classtype:trojan-activity; sid:37087201; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain ligaprava.kyiv.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ligaprava.kyiv.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ligaprava\.kyiv\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087202; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain movesasbhbfast.co"; dns.query; content:"movesasbhbfast.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])movesasbhbfast\.co$/i"; classtype:trojan-activity; sid:37087211; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain movesasbhbfast.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"movesasbhbfast.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])movesasbhbfast\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087212; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain mx.c.kont.sbs"; dns.query; content:"mx.c.kont.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])mx\.c\.kont\.sbs$/i"; classtype:trojan-activity; sid:37087221; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain mx.c.kont.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mx.c.kont.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mx\.c\.kont\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087222; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain mx.e.kont.sbs"; dns.query; content:"mx.e.kont.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])mx\.e\.kont\.sbs$/i"; classtype:trojan-activity; sid:37087231; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain mx.e.kont.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mx.e.kont.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mx\.e\.kont\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087232; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain paco.systeme.io"; dns.query; content:"paco.systeme.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])paco\.systeme\.io$/i"; classtype:trojan-activity; sid:37087241; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain paco.systeme.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paco.systeme.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paco\.systeme\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087242; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain paper.gizzydesigns.com"; dns.query; content:"paper.gizzydesigns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paper\.gizzydesigns\.com$/i"; classtype:trojan-activity; sid:37087251; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain paper.gizzydesigns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paper.gizzydesigns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paper\.gizzydesigns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087252; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain pujaguha.com"; dns.query; content:"pujaguha.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pujaguha\.com$/i"; classtype:trojan-activity; sid:37087261; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain pujaguha.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pujaguha.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pujaguha\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087262; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain renew-now.linkpc.net"; dns.query; content:"renew-now.linkpc.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])renew\-now\.linkpc\.net$/i"; classtype:trojan-activity; sid:37087271; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain renew-now.linkpc.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"renew-now.linkpc.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])renew\-now\.linkpc\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087272; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain server1.hospedagemeregistrodesite.com.br"; dns.query; content:"server1.hospedagemeregistrodesite.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])server1\.hospedagemeregistrodesite\.com\.br$/i"; classtype:trojan-activity; sid:37087281; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain server1.hospedagemeregistrodesite.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"server1.hospedagemeregistrodesite.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])server1\.hospedagemeregistrodesite\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087282; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain soupload.tareeqalghaith.com"; dns.query; content:"soupload.tareeqalghaith.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])soupload\.tareeqalghaith\.com$/i"; classtype:trojan-activity; sid:37087291; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain soupload.tareeqalghaith.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"soupload.tareeqalghaith.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])soupload\.tareeqalghaith\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087292; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain steelmate.ir"; dns.query; content:"steelmate.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-])steelmate\.ir$/i"; classtype:trojan-activity; sid:37087301; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain steelmate.ir"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"steelmate.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])steelmate\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087302; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain t9iba.net"; dns.query; content:"t9iba.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])t9iba\.net$/i"; classtype:trojan-activity; sid:37087311; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain t9iba.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"t9iba.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])t9iba\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087312; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain www81.conoha.ne.jp"; dns.query; content:"www81.conoha.ne.jp"; nocase; pcre: "/(^|[^A-Za-z0-9-])www81\.conoha\.ne\.jp$/i"; classtype:trojan-activity; sid:37087321; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain www81.conoha.ne.jp"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www81.conoha.ne.jp"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www81\.conoha\.ne\.jp[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087322; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert dns any any -> any any (msg: "MISP e26004 [] Domain ztepluscontext.co"; dns.query; content:"ztepluscontext.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])ztepluscontext\.co$/i"; classtype:trojan-activity; sid:37087331; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26004 [] Outgoing HTTP Domain ztepluscontext.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ztepluscontext.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ztepluscontext\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087332; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26004;) alert http $HOME_NET any -> 39.174.238.52 58473 (msg: "MISP e25944 [] Outgoing URL http|3a|//39.174.238.52|3a|58473/Mozi.m"; flow:to_server,established; http.header; content:"39.174.238.52"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37226381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25913 [] Domain bancoestado-solicita.pages.dev"; dns.query; content:"bancoestado-solicita.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-solicita\.pages\.dev$/i"; classtype:trojan-activity; sid:37042571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25913;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25913 [] Outgoing HTTP Domain bancoestado-solicita.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancoestado-solicita.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-solicita\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37042572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25913;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25914 [] Outgoing URL http|3a|//webofficebainfo.com"; flow:to_server,established; http.header; content:"webofficebainfo.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37042641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25914;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25914 [] Outgoing URL http|3a|//webofficebainfo.com/1707310569/default.htm"; flow:to_server,established; http.header; content:"webofficebainfo.com"; fast_pattern; nocase; http.uri; content:"/1707310569/default.htm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37042651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25914;) alert dns any any -> any any (msg: "MISP e25914 [] Domain webofficebainfo.com"; dns.query; content:"webofficebainfo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])webofficebainfo\.com$/i"; classtype:trojan-activity; sid:37042661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25914;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25914 [] Outgoing HTTP Domain webofficebainfo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webofficebainfo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webofficebainfo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37042662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25914;) alert ip $HOME_NET any -> 34.32.44.11 3790 (msg: "MISP e25952 [c2,Meterpreter] Outgoing To IP: 34.32.44.11|3790"; classtype:trojan-activity; sid:37060951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 34.32.44.11 3790 (msg: "MISP e25944 [] Outgoing To IP: 34.32.44.11|3790"; classtype:trojan-activity; sid:37226391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 103.86.130.61 443 (msg: "MISP e25952 [c2,Get2] Outgoing To IP: 103.86.130.61|443"; classtype:trojan-activity; sid:37060961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26081 [] Outgoing URL http|3a|//on-global.xyz/Ov56cYsfVV8/OJITWH2WFx/Jy5S7hSx0K/fP7saoiPBc/A=="; flow:to_server,established; http.header; content:"on-global.xyz"; fast_pattern; nocase; http.uri; content:"/Ov56cYsfVV8/OJITWH2WFx/Jy5S7hSx0K/fP7saoiPBc/A=="; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37126721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26081;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26081 [] Outgoing URL http|3a|//on-global.xyz/Of56cYsfVV8/OJITWH2WFx/Jy5S7hSx0K/fP7saoiPBc/A=="; flow:to_server,established; http.header; content:"on-global.xyz"; fast_pattern; nocase; http.uri; content:"/Of56cYsfVV8/OJITWH2WFx/Jy5S7hSx0K/fP7saoiPBc/A=="; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37126731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26081;) alert ip $HOME_NET any -> 103.86.130.61 443 (msg: "MISP e25944 [] Outgoing To IP: 103.86.130.61|443"; classtype:trojan-activity; sid:37226401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip 50.173.136.70 any -> $HOME_NET any (msg: "MISP e26407 [ C2] Incoming From IP: 50.173.136.70"; classtype:trojan-activity; sid:37282171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip 61.14.68.33 any -> $HOME_NET any (msg: "MISP e26407 [ C2] Incoming From IP: 61.14.68.33"; classtype:trojan-activity; sid:37282181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip 69.162.253.21 any -> $HOME_NET any (msg: "MISP e26407 [ C2] Incoming From IP: 69.162.253.21"; classtype:trojan-activity; sid:37282191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip 89.96.196.150 any -> $HOME_NET any (msg: "MISP e26407 [ C2] Incoming From IP: 89.96.196.150"; classtype:trojan-activity; sid:37282201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip 24.142.165.2 any -> $HOME_NET any (msg: "MISP e26407 [ C2] Incoming From IP: 24.142.165.2"; classtype:trojan-activity; sid:37282131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip 181.209.99.204 any -> $HOME_NET any (msg: "MISP e26407 [ C2] Incoming From IP: 181.209.99.204"; classtype:trojan-activity; sid:37282161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 202.175.177.238 any (msg: "MISP e26407 [] Outgoing To IP: 202.175.177.238"; classtype:trojan-activity; sid:37282441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 183.178.180.158 any (msg: "MISP e26407 [] Outgoing To IP: 183.178.180.158"; classtype:trojan-activity; sid:37282451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 73.80.9.137 any (msg: "MISP e26407 [] Outgoing To IP: 73.80.9.137"; classtype:trojan-activity; sid:37282461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 194.14.208.15 any (msg: "MISP e26407 [] Outgoing To IP: 194.14.208.15"; classtype:trojan-activity; sid:37282471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 166.0.24.2 any (msg: "MISP e26407 [] Outgoing To IP: 166.0.24.2"; classtype:trojan-activity; sid:37282481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 168.205.200.55 any (msg: "MISP e26407 [] Outgoing To IP: 168.205.200.55"; classtype:trojan-activity; sid:37282491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 174.53.242.108 any (msg: "MISP e26407 [] Outgoing To IP: 174.53.242.108"; classtype:trojan-activity; sid:37282501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 194.14.217.63 any (msg: "MISP e26407 [] Outgoing To IP: 194.14.217.63"; classtype:trojan-activity; sid:37282511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 185.147.214.177 any (msg: "MISP e26407 [] Outgoing To IP: 185.147.214.177"; classtype:trojan-activity; sid:37282521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 195.231.67.193 any (msg: "MISP e26407 [] Outgoing To IP: 195.231.67.193"; classtype:trojan-activity; sid:37282531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 216.131.111.138 any (msg: "MISP e26407 [] Outgoing To IP: 216.131.111.138"; classtype:trojan-activity; sid:37282541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 213.32.252.221 any (msg: "MISP e26407 [] Outgoing To IP: 213.32.252.221"; classtype:trojan-activity; sid:37282551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 203.149.168.34 any (msg: "MISP e26407 [] Outgoing To IP: 203.149.168.34"; classtype:trojan-activity; sid:37282561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 185.132.17.160 any (msg: "MISP e26407 [] Outgoing To IP: 185.132.17.160"; classtype:trojan-activity; sid:37282571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 176.67.83.7 any (msg: "MISP e26407 [] Outgoing To IP: 176.67.83.7"; classtype:trojan-activity; sid:37282581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 89.117.88.2 any (msg: "MISP e26407 [] Outgoing To IP: 89.117.88.2"; classtype:trojan-activity; sid:37282591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 95.85.72.160 any (msg: "MISP e26407 [] Outgoing To IP: 95.85.72.160"; classtype:trojan-activity; sid:37282601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 149.50.208.22 any (msg: "MISP e26407 [] Outgoing To IP: 149.50.208.22"; classtype:trojan-activity; sid:37282611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 101.255.119.42 any (msg: "MISP e26407 [] Outgoing To IP: 101.255.119.42"; classtype:trojan-activity; sid:37282621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 108.165.249.2 any (msg: "MISP e26407 [] Outgoing To IP: 108.165.249.2"; classtype:trojan-activity; sid:37282631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 113.160.234.229 any (msg: "MISP e26407 [] Outgoing To IP: 113.160.234.229"; classtype:trojan-activity; sid:37282641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 149.102.246.51 any (msg: "MISP e26407 [] Outgoing To IP: 149.102.246.51"; classtype:trojan-activity; sid:37282651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 87.249.139.243 any (msg: "MISP e26407 [] Outgoing To IP: 87.249.139.243"; classtype:trojan-activity; sid:37282661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 87.249.139.239 any (msg: "MISP e26407 [] Outgoing To IP: 87.249.139.239"; classtype:trojan-activity; sid:37282671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 45.91.95.181 any (msg: "MISP e26407 [] Outgoing To IP: 45.91.95.181"; classtype:trojan-activity; sid:37282681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 42.98.5.225 any (msg: "MISP e26407 [] Outgoing To IP: 42.98.5.225"; classtype:trojan-activity; sid:37282701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 202.55.80.225 any (msg: "MISP e26407 [] Outgoing To IP: 202.55.80.225"; classtype:trojan-activity; sid:37282711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 202.73.49.182 any (msg: "MISP e26407 [] Outgoing To IP: 202.73.49.182"; classtype:trojan-activity; sid:37282721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 24.11.70.85 any (msg: "MISP e26407 [] Outgoing To IP: 24.11.70.85"; classtype:trojan-activity; sid:37282731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 103.35.191.158 5344 (msg: "MISP e25952 [XpertRAT] Outgoing To IP: 103.35.191.158|5344"; classtype:trojan-activity; sid:37060971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 103.35.191.158 5344 (msg: "MISP e25944 [] Outgoing To IP: 103.35.191.158|5344"; classtype:trojan-activity; sid:37226411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25952 [AS-COLOCROSSING,AS36352,c2,censys] Domain priceless-bose.104-168-102-175.plesk.page"; dns.query; content:"priceless-bose.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])priceless\-bose\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37060981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain priceless-bose.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"priceless-bose.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])priceless\-bose\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37060982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 121.40.185.132 80 (msg: "MISP e25952 [AS37963,c2,censys] Outgoing To IP: 121.40.185.132|80"; classtype:trojan-activity; sid:37060991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.131.132.55 443 (msg: "MISP e25952 [AS41378,c2,censys,KIRINONET] Outgoing To IP: 45.131.132.55|443"; classtype:trojan-activity; sid:37061001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 114.116.18.42 82 (msg: "MISP e25952 [AS4808,c2,censys] Outgoing To IP: 114.116.18.42|82"; classtype:trojan-activity; sid:37061011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.65.98 80 (msg: "MISP e25952 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.65.98|80"; classtype:trojan-activity; sid:37061021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 94.156.65.98 443 (msg: "MISP e25952 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.65.98|443"; classtype:trojan-activity; sid:37061031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AS394711,c2,censys,LIMENET] Domain 98.lan-za2-1.static.rozabg.com"; dns.query; content:"98.lan-za2-1.static.rozabg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])98\.lan\-za2\-1\.static\.rozabg\.com$/i"; classtype:trojan-activity; sid:37061041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AS394711,c2,censys,LIMENET] Outgoing HTTP Domain 98.lan-za2-1.static.rozabg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"98.lan-za2-1.static.rozabg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])98\.lan\-za2\-1\.static\.rozabg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 175.178.175.168 9100 (msg: "MISP e25952 [AS45090,c2,censys] Outgoing To IP: 175.178.175.168|9100"; classtype:trojan-activity; sid:37061051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 205.234.233.180 8080 (msg: "MISP e25952 [AS142036,c2,censys] Outgoing To IP: 205.234.233.180|8080"; classtype:trojan-activity; sid:37061061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 117.72.36.211 8888 (msg: "MISP e25952 [AS141679,c2,censys] Outgoing To IP: 117.72.36.211|8888"; classtype:trojan-activity; sid:37061071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 173.212.224.123 80 (msg: "MISP e25952 [AS51167,c2,censys,CONTABO] Outgoing To IP: 173.212.224.123|80"; classtype:trojan-activity; sid:37061081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 34.149.60.199 80 (msg: "MISP e25952 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.149.60.199|80"; classtype:trojan-activity; sid:37061091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 154.223.17.64 443 (msg: "MISP e25952 [AS138915,c2,censys] Outgoing To IP: 154.223.17.64|443"; classtype:trojan-activity; sid:37061101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 1718 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|1718"; classtype:trojan-activity; sid:37061111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 2003 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2003"; classtype:trojan-activity; sid:37061121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 2086 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2086"; classtype:trojan-activity; sid:37061131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 2181 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2181"; classtype:trojan-activity; sid:37061141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 1901 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|1901"; classtype:trojan-activity; sid:37061151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 1883 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|1883"; classtype:trojan-activity; sid:37061161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 2000 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2000"; classtype:trojan-activity; sid:37061171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 2077 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2077"; classtype:trojan-activity; sid:37061181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 1723 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|1723"; classtype:trojan-activity; sid:37061191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 1962 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|1962"; classtype:trojan-activity; sid:37061201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 2078 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2078"; classtype:trojan-activity; sid:37061211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 2079 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2079"; classtype:trojan-activity; sid:37061221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 2087 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2087"; classtype:trojan-activity; sid:37061231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 187.135.83.117 2177 (msg: "MISP e25952 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.117|2177"; classtype:trojan-activity; sid:37061241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 67.217.228.4 443 (msg: "MISP e25952 [AS399629,BLNWX,c2,censys] Outgoing To IP: 67.217.228.4|443"; classtype:trojan-activity; sid:37061251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 62.113.115.249 31337 (msg: "MISP e25952 [AS48282,c2,censys,VDSINA-AS] Outgoing To IP: 62.113.115.249|31337"; classtype:trojan-activity; sid:37061261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 34.162.154.209 31337 (msg: "MISP e25952 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.162.154.209|31337"; classtype:trojan-activity; sid:37061271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 20.253.24.99 8444 (msg: "MISP e25952 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.253.24.99|8444"; classtype:trojan-activity; sid:37061281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 78.161.49.74 20000 (msg: "MISP e25952 [AS9121,c2,censys,RAT,TTNET] Outgoing To IP: 78.161.49.74|20000"; classtype:trojan-activity; sid:37061291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 107.161.81.150 6606 (msg: "MISP e25952 [AS8100,ASN-QUADRANET-GLOBAL,c2,censys,RAT] Outgoing To IP: 107.161.81.150|6606"; classtype:trojan-activity; sid:37061301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 107.161.81.150 7707 (msg: "MISP e25952 [AS8100,ASN-QUADRANET-GLOBAL,c2,censys,RAT] Outgoing To IP: 107.161.81.150|7707"; classtype:trojan-activity; sid:37061311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.141.215.222 6606 (msg: "MISP e25952 [AS210558,c2,censys,RAT] Outgoing To IP: 45.141.215.222|6606"; classtype:trojan-activity; sid:37061321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 161.97.151.222 2011 (msg: "MISP e25952 [AS51167,c2,censys,CONTABO,RAT] Outgoing To IP: 161.97.151.222|2011"; classtype:trojan-activity; sid:37061331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 185.81.157.104 6606 (msg: "MISP e25952 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.104|6606"; classtype:trojan-activity; sid:37061341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 185.81.157.104 7707 (msg: "MISP e25952 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.104|7707"; classtype:trojan-activity; sid:37061351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 185.81.157.104 8808 (msg: "MISP e25952 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.104|8808"; classtype:trojan-activity; sid:37061361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 172.96.172.203 6606 (msg: "MISP e25952 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 172.96.172.203|6606"; classtype:trojan-activity; sid:37061371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.145.55.81 7707 (msg: "MISP e25952 [AS8100,ASN-QUADRANET-GLOBAL,c2,censys,RAT] Outgoing To IP: 45.145.55.81|7707"; classtype:trojan-activity; sid:37061381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 185.81.157.179 6606 (msg: "MISP e25952 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.179|6606"; classtype:trojan-activity; sid:37061391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 185.81.157.179 7707 (msg: "MISP e25952 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.179|7707"; classtype:trojan-activity; sid:37061401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 185.216.70.118 80 (msg: "MISP e25952 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 185.216.70.118|80"; classtype:trojan-activity; sid:37061411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 154.91.83.247 80 (msg: "MISP e25952 [AS399077,c2,censys,HookBot,TERAEXCH] Outgoing To IP: 154.91.83.247|80"; classtype:trojan-activity; sid:37061421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 35.246.175.130 80 (msg: "MISP e25952 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,HookBot] Outgoing To IP: 35.246.175.130|80"; classtype:trojan-activity; sid:37061431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 93.123.39.225 50555 (msg: "MISP e25952 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 93.123.39.225|50555"; classtype:trojan-activity; sid:37061441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AS142032,c2,censys,HookBot] Domain d.kfaaa.top"; dns.query; content:"d.kfaaa.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])d\.kfaaa\.top$/i"; classtype:trojan-activity; sid:37061451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AS142032,c2,censys,HookBot] Outgoing HTTP Domain d.kfaaa.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"d.kfaaa.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])d\.kfaaa\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 193.233.132.135 8081 (msg: "MISP e25952 [AS216319,c2,censys,SUNHOST-AS] Outgoing To IP: 193.233.132.135|8081"; classtype:trojan-activity; sid:37061461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.134.26.17 8081 (msg: "MISP e25952 [AS198953,c2,censys,PROTON66] Outgoing To IP: 45.134.26.17|8081"; classtype:trojan-activity; sid:37061471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 14.225.210.222 12024 (msg: "MISP e25952 [AS135905,c2,censys,RAT] Outgoing To IP: 14.225.210.222|12024"; classtype:trojan-activity; sid:37061481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 8.222.144.134 443 (msg: "MISP e25952 [AS45102,c2,censys,RAT] Outgoing To IP: 8.222.144.134|443"; classtype:trojan-activity; sid:37061491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 167.86.86.15 1010 (msg: "MISP e25952 [AS51167,c2,censys,CONTABO,RAT] Outgoing To IP: 167.86.86.15|1010"; classtype:trojan-activity; sid:37061501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.195.198.204 443 (msg: "MISP e25952 [AS137443,c2,censys,RAT] Outgoing To IP: 45.195.198.204|443"; classtype:trojan-activity; sid:37061511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 79.109.104.58 2222 (msg: "MISP e25952 [AS6739,c2,censys,RAT] Outgoing To IP: 79.109.104.58|2222"; classtype:trojan-activity; sid:37061521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 142.202.191.144 443 (msg: "MISP e25952 [AS398019,c2,censys,DYNU,RAT] Outgoing To IP: 142.202.191.144|443"; classtype:trojan-activity; sid:37061531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AS398019,c2,censys,DYNU,RAT] Domain goofy-satoshi.142-202-191-144.plesk.page"; dns.query; content:"goofy-satoshi.142-202-191-144.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])goofy\-satoshi\.142\-202\-191\-144\.plesk\.page$/i"; classtype:trojan-activity; sid:37061541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AS398019,c2,censys,DYNU,RAT] Outgoing HTTP Domain goofy-satoshi.142-202-191-144.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"goofy-satoshi.142-202-191-144.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])goofy\-satoshi\.142\-202\-191\-144\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 40.90.255.165 443 (msg: "MISP e25952 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 40.90.255.165|443"; classtype:trojan-activity; sid:37061551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 122.114.156.104 80 (msg: "MISP e25952 [AS4837,c2,censys] Outgoing To IP: 122.114.156.104|80"; classtype:trojan-activity; sid:37061561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain great-mcnulty.164-92-180-123.plesk.page"; dns.query; content:"great-mcnulty.164-92-180-123.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])great\-mcnulty\.164\-92\-180\-123\.plesk\.page$/i"; classtype:trojan-activity; sid:37061571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain great-mcnulty.164-92-180-123.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"great-mcnulty.164-92-180-123.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])great\-mcnulty\.164\-92\-180\-123\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AS20068,c2,censys,HAWKHOST] Domain mail.23-26-55-9.cprapid.com"; dns.query; content:"mail.23-26-55-9.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.23\-26\-55\-9\.cprapid\.com$/i"; classtype:trojan-activity; sid:37061581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AS20068,c2,censys,HAWKHOST] Outgoing HTTP Domain mail.23-26-55-9.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.23-26-55-9.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.23\-26\-55\-9\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 47.92.123.66 1311 (msg: "MISP e25952 [AS37963,c2,censys,RAT] Outgoing To IP: 47.92.123.66|1311"; classtype:trojan-activity; sid:37061591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.112.205.126 5588 (msg: "MISP e25952 [AS133115,c2,censys,RAT] Outgoing To IP: 45.112.205.126|5588"; classtype:trojan-activity; sid:37061601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 147.50.240.224 4444 (msg: "MISP e25952 [AS142299,c2,censys,RAT] Outgoing To IP: 147.50.240.224|4444"; classtype:trojan-activity; sid:37061611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 85.105.91.170 4449 (msg: "MISP e25952 [AS9121,c2,censys,RAT,TTNET] Outgoing To IP: 85.105.91.170|4449"; classtype:trojan-activity; sid:37061621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 185.221.198.84 80 (msg: "MISP e25952 [AS-NUXTCLOUD,AS216127,c2,censys] Outgoing To IP: 185.221.198.84|80"; classtype:trojan-activity; sid:37061631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 54.86.17.63 443 (msg: "MISP e25952 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 54.86.17.63|443"; classtype:trojan-activity; sid:37061641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-54-237-138-159.compute-1.amazonaws.com"; dns.query; content:"ec2-54-237-138-159.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-237\-138\-159\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37061651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-54-237-138-159.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-237-138-159.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-237\-138\-159\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-3-210-242-78.compute-1.amazonaws.com"; dns.query; content:"ec2-3-210-242-78.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-210\-242\-78\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37061661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-3-210-242-78.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-210-242-78.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-210\-242\-78\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Domain 3psilonapi.com"; dns.query; content:"3psilonapi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])3psilonapi\.com$/i"; classtype:trojan-activity; sid:37061671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Outgoing HTTP Domain 3psilonapi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"3psilonapi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])3psilonapi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 45.77.240.70 80 (msg: "MISP e25952 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 45.77.240.70|80"; classtype:trojan-activity; sid:37061681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 23.26.247.122 80 (msg: "MISP e25952 [AARONSMITH-AS,AS203758,c2,censys,UNAM] Outgoing To IP: 23.26.247.122|80"; classtype:trojan-activity; sid:37061691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 51.77.121.144 80 (msg: "MISP e25952 [AS16276,c2,censys,OVH,UNAM] Outgoing To IP: 51.77.121.144|80"; classtype:trojan-activity; sid:37061701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AEZA-AS,AS210644,c2,censys,UNAM] Domain web-panel.su"; dns.query; content:"web-panel.su"; nocase; pcre: "/(^|[^A-Za-z0-9-])web\-panel\.su$/i"; classtype:trojan-activity; sid:37061711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AEZA-AS,AS210644,c2,censys,UNAM] Outgoing HTTP Domain web-panel.su"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"web-panel.su"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])web\-panel\.su[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 164.90.246.103 80 (msg: "MISP e25952 [AS14061,c2,censys,DIGITALOCEAN-ASN,UNAM] Outgoing To IP: 164.90.246.103|80"; classtype:trojan-activity; sid:37061721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 167.172.131.98 443 (msg: "MISP e25952 [AS14061,c2,censys,DIGITALOCEAN-ASN,RedWarden] Outgoing To IP: 167.172.131.98|443"; classtype:trojan-activity; sid:37061731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 172.206.26.225 80 (msg: "MISP e25952 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT] Outgoing To IP: 172.206.26.225|80"; classtype:trojan-activity; sid:37061741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 156.227.6.70 60000 (msg: "MISP e25952 [AS135330,censys,Viper] Outgoing To IP: 156.227.6.70|60000"; classtype:trojan-activity; sid:37061751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET 2083 (msg: "MISP e25952 [CobaltStrike] Outgoing URL http|3a|//0.|30 78|o.lat|3a|2083/massaction.html"; flow:to_server,established; http.header; content:"0.|30 78|o.lat"; fast_pattern; nocase; http.uri; content:"/massaction.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37061761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 121.40.146.236 60000 (msg: "MISP e25952 [AS37963,censys,Viper] Outgoing To IP: 121.40.146.236|60000"; classtype:trojan-activity; sid:37061771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 43.139.175.28 60000 (msg: "MISP e25952 [AS45090,censys,Viper] Outgoing To IP: 43.139.175.28|60000"; classtype:trojan-activity; sid:37061781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 64.226.76.0 80 (msg: "MISP e25952 [c2,cobalt_strike] Outgoing To IP: 64.226.76.0|80"; classtype:trojan-activity; sid:37061791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain www.admiring-pascal.142-11-199-59.plesk.page"; dns.query; content:"www.admiring-pascal.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.admiring\-pascal\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37061801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain www.admiring-pascal.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.admiring-pascal.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.admiring\-pascal\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain awesome-villani.142-11-199-59.plesk.page"; dns.query; content:"awesome-villani.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])awesome\-villani\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37061811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain awesome-villani.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"awesome-villani.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])awesome\-villani\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain deenpel.com"; dns.query; content:"deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])deenpel\.com$/i"; classtype:trojan-activity; sid:37061821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain cranky-easley.142-11-199-59.plesk.page"; dns.query; content:"cranky-easley.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])cranky\-easley\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37061831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain cranky-easley.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cranky-easley.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cranky\-easley\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37061832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 34.202.144.74 443 (msg: "MISP e25952 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 34.202.144.74|443"; classtype:trojan-activity; sid:37061841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 3.82.152.9 3333 (msg: "MISP e25952 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 3.82.152.9|3333"; classtype:trojan-activity; sid:37061851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 20.53.247.128 3333 (msg: "MISP e25952 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.53.247.128|3333"; classtype:trojan-activity; sid:37061861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 138.197.47.129 4444 (msg: "MISP e25952 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 138.197.47.129|4444"; classtype:trojan-activity; sid:37061871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 35.158.74.188 443 (msg: "MISP e25952 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 35.158.74.188|443"; classtype:trojan-activity; sid:37061881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 34.176.172.223 3333 (msg: "MISP e25952 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.176.172.223|3333"; classtype:trojan-activity; sid:37061891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 16.171.24.155 3333 (msg: "MISP e25952 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 16.171.24.155|3333"; classtype:trojan-activity; sid:37061901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 51.144.174.31 3333 (msg: "MISP e25952 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 51.144.174.31|3333"; classtype:trojan-activity; sid:37061911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 64.226.125.104 3333 (msg: "MISP e25952 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 64.226.125.104|3333"; classtype:trojan-activity; sid:37061921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 146.235.47.45 3333 (msg: "MISP e25952 [AS31898,censys,GoPhish,ORACLE-BMC-31898,phishing] Outgoing To IP: 146.235.47.45|3333"; classtype:trojan-activity; sid:37061931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 52.77.99.94 3333 (msg: "MISP e25952 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 52.77.99.94|3333"; classtype:trojan-activity; sid:37061941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 18.197.24.167 4444 (msg: "MISP e25952 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 18.197.24.167|4444"; classtype:trojan-activity; sid:37061951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 142.93.31.17 443 (msg: "MISP e25952 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 142.93.31.17|443"; classtype:trojan-activity; sid:37061961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 13.126.10.251 443 (msg: "MISP e25952 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 13.126.10.251|443"; classtype:trojan-activity; sid:37061971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 64.227.96.80 3333 (msg: "MISP e25952 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 64.227.96.80|3333"; classtype:trojan-activity; sid:37061981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 162.19.246.26 3333 (msg: "MISP e25952 [AS16276,censys,GoPhish,OVH,phishing] Outgoing To IP: 162.19.246.26|3333"; classtype:trojan-activity; sid:37061991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 125.16.112.10 33333 (msg: "MISP e25952 [AS9498,censys,GoPhish,phishing] Outgoing To IP: 125.16.112.10|33333"; classtype:trojan-activity; sid:37062001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 155.254.24.167 5400 (msg: "MISP e25952 [AS397373,AveMariaRAT,c2,censys,H4Y-TECHNOLOGIES,RAT] Outgoing To IP: 155.254.24.167|5400"; classtype:trojan-activity; sid:37062021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 155.254.24.167 5400 (msg: "MISP e25944 [] Outgoing To IP: 155.254.24.167|5400"; classtype:trojan-activity; sid:37226421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 192.169.69.26 64418 (msg: "MISP e25944 [] Outgoing To IP: 192.169.69.26|64418"; classtype:trojan-activity; sid:37226431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 125.16.112.10 33333 (msg: "MISP e25944 [] Outgoing To IP: 125.16.112.10|33333"; classtype:trojan-activity; sid:37226441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 162.19.246.26 3333 (msg: "MISP e25944 [] Outgoing To IP: 162.19.246.26|3333"; classtype:trojan-activity; sid:37226451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 64.227.96.80 3333 (msg: "MISP e25944 [] Outgoing To IP: 64.227.96.80|3333"; classtype:trojan-activity; sid:37226461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 13.126.10.251 443 (msg: "MISP e25944 [] Outgoing To IP: 13.126.10.251|443"; classtype:trojan-activity; sid:37226471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 142.93.31.17 443 (msg: "MISP e25944 [] Outgoing To IP: 142.93.31.17|443"; classtype:trojan-activity; sid:37226481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 18.197.24.167 4444 (msg: "MISP e25944 [] Outgoing To IP: 18.197.24.167|4444"; classtype:trojan-activity; sid:37226491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 52.77.99.94 3333 (msg: "MISP e25944 [] Outgoing To IP: 52.77.99.94|3333"; classtype:trojan-activity; sid:37226501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 146.235.47.45 3333 (msg: "MISP e25944 [] Outgoing To IP: 146.235.47.45|3333"; classtype:trojan-activity; sid:37226511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 64.226.125.104 3333 (msg: "MISP e25944 [] Outgoing To IP: 64.226.125.104|3333"; classtype:trojan-activity; sid:37226521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 51.144.174.31 3333 (msg: "MISP e25944 [] Outgoing To IP: 51.144.174.31|3333"; classtype:trojan-activity; sid:37226531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 16.171.24.155 3333 (msg: "MISP e25944 [] Outgoing To IP: 16.171.24.155|3333"; classtype:trojan-activity; sid:37226541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 34.176.172.223 3333 (msg: "MISP e25944 [] Outgoing To IP: 34.176.172.223|3333"; classtype:trojan-activity; sid:37226551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 35.158.74.188 443 (msg: "MISP e25944 [] Outgoing To IP: 35.158.74.188|443"; classtype:trojan-activity; sid:37226561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 138.197.47.129 4444 (msg: "MISP e25944 [] Outgoing To IP: 138.197.47.129|4444"; classtype:trojan-activity; sid:37226571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 20.53.247.128 3333 (msg: "MISP e25944 [] Outgoing To IP: 20.53.247.128|3333"; classtype:trojan-activity; sid:37226581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 3.82.152.9 3333 (msg: "MISP e25944 [] Outgoing To IP: 3.82.152.9|3333"; classtype:trojan-activity; sid:37226591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 34.202.144.74 443 (msg: "MISP e25944 [] Outgoing To IP: 34.202.144.74|443"; classtype:trojan-activity; sid:37226601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain cranky-easley.142-11-199-59.plesk.page"; dns.query; content:"cranky-easley.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])cranky\-easley\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37226611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain cranky-easley.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cranky-easley.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cranky\-easley\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain deenpel.com"; dns.query; content:"deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])deenpel\.com$/i"; classtype:trojan-activity; sid:37226621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain awesome-villani.142-11-199-59.plesk.page"; dns.query; content:"awesome-villani.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])awesome\-villani\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37226631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain awesome-villani.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"awesome-villani.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])awesome\-villani\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 64.226.76.0 80 (msg: "MISP e25944 [] Outgoing To IP: 64.226.76.0|80"; classtype:trojan-activity; sid:37226641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain www.admiring-pascal.142-11-199-59.plesk.page"; dns.query; content:"www.admiring-pascal.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.admiring\-pascal\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37226651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain www.admiring-pascal.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.admiring-pascal.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.admiring\-pascal\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 43.139.175.28 60000 (msg: "MISP e25944 [] Outgoing To IP: 43.139.175.28|60000"; classtype:trojan-activity; sid:37226661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 121.40.146.236 60000 (msg: "MISP e25944 [] Outgoing To IP: 121.40.146.236|60000"; classtype:trojan-activity; sid:37226671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET 2083 (msg: "MISP e25944 [] Outgoing URL http|3a|//0.|30 78|o.lat|3a|2083/massaction.html"; flow:to_server,established; http.header; content:"0.|30 78|o.lat"; fast_pattern; nocase; http.uri; content:"/massaction.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37226681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 156.227.6.70 60000 (msg: "MISP e25944 [] Outgoing To IP: 156.227.6.70|60000"; classtype:trojan-activity; sid:37226691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 172.206.26.225 80 (msg: "MISP e25944 [] Outgoing To IP: 172.206.26.225|80"; classtype:trojan-activity; sid:37226701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 167.172.131.98 443 (msg: "MISP e25944 [] Outgoing To IP: 167.172.131.98|443"; classtype:trojan-activity; sid:37226711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 164.90.246.103 80 (msg: "MISP e25944 [] Outgoing To IP: 164.90.246.103|80"; classtype:trojan-activity; sid:37226721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain web-panel.su"; dns.query; content:"web-panel.su"; nocase; pcre: "/(^|[^A-Za-z0-9-])web\-panel\.su$/i"; classtype:trojan-activity; sid:37226731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain web-panel.su"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"web-panel.su"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])web\-panel\.su[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 51.77.121.144 80 (msg: "MISP e25944 [] Outgoing To IP: 51.77.121.144|80"; classtype:trojan-activity; sid:37226741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 23.26.247.122 80 (msg: "MISP e25944 [] Outgoing To IP: 23.26.247.122|80"; classtype:trojan-activity; sid:37226751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.77.240.70 80 (msg: "MISP e25944 [] Outgoing To IP: 45.77.240.70|80"; classtype:trojan-activity; sid:37226761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain 3psilonapi.com"; dns.query; content:"3psilonapi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])3psilonapi\.com$/i"; classtype:trojan-activity; sid:37226771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain 3psilonapi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"3psilonapi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])3psilonapi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain ec2-3-210-242-78.compute-1.amazonaws.com"; dns.query; content:"ec2-3-210-242-78.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-210\-242\-78\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37226781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain ec2-3-210-242-78.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-210-242-78.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-210\-242\-78\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 54.86.17.63 443 (msg: "MISP e25944 [] Outgoing To IP: 54.86.17.63|443"; classtype:trojan-activity; sid:37226791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain ec2-54-237-138-159.compute-1.amazonaws.com"; dns.query; content:"ec2-54-237-138-159.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-237\-138\-159\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37226801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain ec2-54-237-138-159.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-237-138-159.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-237\-138\-159\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.221.198.84 80 (msg: "MISP e25944 [] Outgoing To IP: 185.221.198.84|80"; classtype:trojan-activity; sid:37226811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 85.105.91.170 4449 (msg: "MISP e25944 [] Outgoing To IP: 85.105.91.170|4449"; classtype:trojan-activity; sid:37226821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 147.50.240.224 4444 (msg: "MISP e25944 [] Outgoing To IP: 147.50.240.224|4444"; classtype:trojan-activity; sid:37226831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 47.92.123.66 1311 (msg: "MISP e25944 [] Outgoing To IP: 47.92.123.66|1311"; classtype:trojan-activity; sid:37226841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.112.205.126 5588 (msg: "MISP e25944 [] Outgoing To IP: 45.112.205.126|5588"; classtype:trojan-activity; sid:37226851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain great-mcnulty.164-92-180-123.plesk.page"; dns.query; content:"great-mcnulty.164-92-180-123.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])great\-mcnulty\.164\-92\-180\-123\.plesk\.page$/i"; classtype:trojan-activity; sid:37226861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain great-mcnulty.164-92-180-123.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"great-mcnulty.164-92-180-123.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])great\-mcnulty\.164\-92\-180\-123\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain mail.23-26-55-9.cprapid.com"; dns.query; content:"mail.23-26-55-9.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.23\-26\-55\-9\.cprapid\.com$/i"; classtype:trojan-activity; sid:37226871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain mail.23-26-55-9.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.23-26-55-9.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.23\-26\-55\-9\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 122.114.156.104 80 (msg: "MISP e25944 [] Outgoing To IP: 122.114.156.104|80"; classtype:trojan-activity; sid:37226881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 40.90.255.165 443 (msg: "MISP e25944 [] Outgoing To IP: 40.90.255.165|443"; classtype:trojan-activity; sid:37226891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain goofy-satoshi.142-202-191-144.plesk.page"; dns.query; content:"goofy-satoshi.142-202-191-144.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])goofy\-satoshi\.142\-202\-191\-144\.plesk\.page$/i"; classtype:trojan-activity; sid:37226901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain goofy-satoshi.142-202-191-144.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"goofy-satoshi.142-202-191-144.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])goofy\-satoshi\.142\-202\-191\-144\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 142.202.191.144 443 (msg: "MISP e25944 [] Outgoing To IP: 142.202.191.144|443"; classtype:trojan-activity; sid:37226911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.195.198.204 443 (msg: "MISP e25944 [] Outgoing To IP: 45.195.198.204|443"; classtype:trojan-activity; sid:37226921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 79.109.104.58 2222 (msg: "MISP e25944 [] Outgoing To IP: 79.109.104.58|2222"; classtype:trojan-activity; sid:37226931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 167.86.86.15 1010 (msg: "MISP e25944 [] Outgoing To IP: 167.86.86.15|1010"; classtype:trojan-activity; sid:37226941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 8.222.144.134 443 (msg: "MISP e25944 [] Outgoing To IP: 8.222.144.134|443"; classtype:trojan-activity; sid:37226951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 14.225.210.222 12024 (msg: "MISP e25944 [] Outgoing To IP: 14.225.210.222|12024"; classtype:trojan-activity; sid:37226961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 193.233.132.135 8081 (msg: "MISP e25944 [] Outgoing To IP: 193.233.132.135|8081"; classtype:trojan-activity; sid:37226971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.134.26.17 8081 (msg: "MISP e25944 [] Outgoing To IP: 45.134.26.17|8081"; classtype:trojan-activity; sid:37226981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain d.kfaaa.top"; dns.query; content:"d.kfaaa.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])d\.kfaaa\.top$/i"; classtype:trojan-activity; sid:37226991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain d.kfaaa.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"d.kfaaa.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])d\.kfaaa\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37226992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 93.123.39.225 50555 (msg: "MISP e25944 [] Outgoing To IP: 93.123.39.225|50555"; classtype:trojan-activity; sid:37227001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 35.246.175.130 80 (msg: "MISP e25944 [] Outgoing To IP: 35.246.175.130|80"; classtype:trojan-activity; sid:37227011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 154.91.83.247 80 (msg: "MISP e25944 [] Outgoing To IP: 154.91.83.247|80"; classtype:trojan-activity; sid:37227021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.216.70.118 80 (msg: "MISP e25944 [] Outgoing To IP: 185.216.70.118|80"; classtype:trojan-activity; sid:37227031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.81.157.179 7707 (msg: "MISP e25944 [] Outgoing To IP: 185.81.157.179|7707"; classtype:trojan-activity; sid:37227041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.81.157.179 6606 (msg: "MISP e25944 [] Outgoing To IP: 185.81.157.179|6606"; classtype:trojan-activity; sid:37227051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.145.55.81 7707 (msg: "MISP e25944 [] Outgoing To IP: 45.145.55.81|7707"; classtype:trojan-activity; sid:37227061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 172.96.172.203 6606 (msg: "MISP e25944 [] Outgoing To IP: 172.96.172.203|6606"; classtype:trojan-activity; sid:37227071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.81.157.104 7707 (msg: "MISP e25944 [] Outgoing To IP: 185.81.157.104|7707"; classtype:trojan-activity; sid:37227081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.81.157.104 8808 (msg: "MISP e25944 [] Outgoing To IP: 185.81.157.104|8808"; classtype:trojan-activity; sid:37227091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.81.157.104 6606 (msg: "MISP e25944 [] Outgoing To IP: 185.81.157.104|6606"; classtype:trojan-activity; sid:37227101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 161.97.151.222 2011 (msg: "MISP e25944 [] Outgoing To IP: 161.97.151.222|2011"; classtype:trojan-activity; sid:37227111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.141.215.222 6606 (msg: "MISP e25944 [] Outgoing To IP: 45.141.215.222|6606"; classtype:trojan-activity; sid:37227121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 107.161.81.150 7707 (msg: "MISP e25944 [] Outgoing To IP: 107.161.81.150|7707"; classtype:trojan-activity; sid:37227131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 107.161.81.150 6606 (msg: "MISP e25944 [] Outgoing To IP: 107.161.81.150|6606"; classtype:trojan-activity; sid:37227141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 78.161.49.74 20000 (msg: "MISP e25944 [] Outgoing To IP: 78.161.49.74|20000"; classtype:trojan-activity; sid:37227151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 20.253.24.99 8444 (msg: "MISP e25944 [] Outgoing To IP: 20.253.24.99|8444"; classtype:trojan-activity; sid:37227161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 34.162.154.209 31337 (msg: "MISP e25944 [] Outgoing To IP: 34.162.154.209|31337"; classtype:trojan-activity; sid:37227171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 62.113.115.249 31337 (msg: "MISP e25944 [] Outgoing To IP: 62.113.115.249|31337"; classtype:trojan-activity; sid:37227181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 67.217.228.4 443 (msg: "MISP e25944 [] Outgoing To IP: 67.217.228.4|443"; classtype:trojan-activity; sid:37227191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 2177 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|2177"; classtype:trojan-activity; sid:37227201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 2087 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|2087"; classtype:trojan-activity; sid:37227211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 2078 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|2078"; classtype:trojan-activity; sid:37227221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 2079 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|2079"; classtype:trojan-activity; sid:37227231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 1962 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|1962"; classtype:trojan-activity; sid:37227241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 1723 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|1723"; classtype:trojan-activity; sid:37227251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 2000 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|2000"; classtype:trojan-activity; sid:37227261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 2077 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|2077"; classtype:trojan-activity; sid:37227271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 1883 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|1883"; classtype:trojan-activity; sid:37227281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 1901 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|1901"; classtype:trojan-activity; sid:37227291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 2181 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|2181"; classtype:trojan-activity; sid:37227301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 2003 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|2003"; classtype:trojan-activity; sid:37227311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 2086 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|2086"; classtype:trojan-activity; sid:37227321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 187.135.83.117 1718 (msg: "MISP e25944 [] Outgoing To IP: 187.135.83.117|1718"; classtype:trojan-activity; sid:37227331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 154.223.17.64 443 (msg: "MISP e25944 [] Outgoing To IP: 154.223.17.64|443"; classtype:trojan-activity; sid:37227341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 34.149.60.199 80 (msg: "MISP e25944 [] Outgoing To IP: 34.149.60.199|80"; classtype:trojan-activity; sid:37227351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 173.212.224.123 80 (msg: "MISP e25944 [] Outgoing To IP: 173.212.224.123|80"; classtype:trojan-activity; sid:37227361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 117.72.36.211 8888 (msg: "MISP e25944 [] Outgoing To IP: 117.72.36.211|8888"; classtype:trojan-activity; sid:37227371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 205.234.233.180 8080 (msg: "MISP e25944 [] Outgoing To IP: 205.234.233.180|8080"; classtype:trojan-activity; sid:37227381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 175.178.175.168 9100 (msg: "MISP e25944 [] Outgoing To IP: 175.178.175.168|9100"; classtype:trojan-activity; sid:37227391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain 98.lan-za2-1.static.rozabg.com"; dns.query; content:"98.lan-za2-1.static.rozabg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])98\.lan\-za2\-1\.static\.rozabg\.com$/i"; classtype:trojan-activity; sid:37227401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain 98.lan-za2-1.static.rozabg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"98.lan-za2-1.static.rozabg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])98\.lan\-za2\-1\.static\.rozabg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.156.65.98 443 (msg: "MISP e25944 [] Outgoing To IP: 94.156.65.98|443"; classtype:trojan-activity; sid:37227411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.156.65.98 80 (msg: "MISP e25944 [] Outgoing To IP: 94.156.65.98|80"; classtype:trojan-activity; sid:37227421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 114.116.18.42 82 (msg: "MISP e25944 [] Outgoing To IP: 114.116.18.42|82"; classtype:trojan-activity; sid:37227431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.131.132.55 443 (msg: "MISP e25944 [] Outgoing To IP: 45.131.132.55|443"; classtype:trojan-activity; sid:37227441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 121.40.185.132 80 (msg: "MISP e25944 [] Outgoing To IP: 121.40.185.132|80"; classtype:trojan-activity; sid:37227451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain priceless-bose.104-168-102-175.plesk.page"; dns.query; content:"priceless-bose.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])priceless\-bose\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37227461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain priceless-bose.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"priceless-bose.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])priceless\-bose\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 91.92.252.26 7766 (msg: "MISP e25952 [remcos] Outgoing To IP: 91.92.252.26|7766"; classtype:trojan-activity; sid:37062031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 84.17.61.179 54984 (msg: "MISP e25952 [c2,NanoCore] Outgoing To IP: 84.17.61.179|54984"; classtype:trojan-activity; sid:37062041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 84.17.61.179 54984 (msg: "MISP e25944 [] Outgoing To IP: 84.17.61.179|54984"; classtype:trojan-activity; sid:37227471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 91.92.252.26 7766 (msg: "MISP e25944 [] Outgoing To IP: 91.92.252.26|7766"; classtype:trojan-activity; sid:37227481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 193.233.132.32 36599 (msg: "MISP e25952 [RedLineStealer] Outgoing To IP: 193.233.132.32|36599"; classtype:trojan-activity; sid:37062051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 107.174.138.159 1900 (msg: "MISP e25952 [remcos] Outgoing To IP: 107.174.138.159|1900"; classtype:trojan-activity; sid:37062061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname radkaulmanova.github.io"; dns.query; content:"radkaulmanova.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])radkaulmanova\.github\.io$/i"; classtype:trojan-activity; sid:37282921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname radkaulmanova.github.io"; flow:to_server,established; http.header; content: "Host|3a| radkaulmanova.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])radkaulmanova\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282922; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname rosaharvey1985.github.io"; dns.query; content:"rosaharvey1985.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rosaharvey1985\.github\.io$/i"; classtype:trojan-activity; sid:37282891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname rosaharvey1985.github.io"; flow:to_server,established; http.header; content: "Host|3a| rosaharvey1985.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rosaharvey1985\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282892; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname microsoft-update-com.github.io"; dns.query; content:"microsoft-update-com.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsoft\-update\-com\.github\.io$/i"; classtype:trojan-activity; sid:37282821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname microsoft-update-com.github.io"; flow:to_server,established; http.header; content: "Host|3a| microsoft-update-com.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsoft\-update\-com\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282822; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname dsfhdjhgkjhllgdhsh.000webhostapp.com"; dns.query; content:"dsfhdjhgkjhllgdhsh.000webhostapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dsfhdjhgkjhllgdhsh\.000webhostapp\.com$/i"; classtype:trojan-activity; sid:37282781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname dsfhdjhgkjhllgdhsh.000webhostapp.com"; flow:to_server,established; http.header; content: "Host|3a| dsfhdjhgkjhllgdhsh.000webhostapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dsfhdjhgkjhllgdhsh\.000webhostapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282782; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert ip $HOME_NET any -> 107.174.138.159 1900 (msg: "MISP e25944 [] Outgoing To IP: 107.174.138.159|1900"; classtype:trojan-activity; sid:37227491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 193.233.132.32 36599 (msg: "MISP e25944 [] Outgoing To IP: 193.233.132.32|36599"; classtype:trojan-activity; sid:37227501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25823 [] Domain ocuaawww.erenzy1337.duckdns.org"; dns.query; content:"ocuaawww.erenzy1337.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])ocuaawww\.erenzy1337\.duckdns\.org$/i"; classtype:trojan-activity; sid:38863331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain ocuaawww.erenzy1337.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ocuaawww.erenzy1337.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ocuaawww\.erenzy1337\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863333; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863334; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain www.ben1234.duckdns.org"; dns.query; content:"www.ben1234.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ben1234\.duckdns\.org$/i"; classtype:trojan-activity; sid:38863341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain www.ben1234.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.ben1234.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ben1234\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863343; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863344; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain kiftpuseridsfryiri.ddns.net"; dns.query; content:"kiftpuseridsfryiri.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kiftpuseridsfryiri\.ddns\.net$/i"; classtype:trojan-activity; sid:38863351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain kiftpuseridsfryiri.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kiftpuseridsfryiri.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kiftpuseridsfryiri\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863353; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863354; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain mdytreudsgurifedei.ddns.net"; dns.query; content:"mdytreudsgurifedei.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mdytreudsgurifedei\.ddns\.net$/i"; classtype:trojan-activity; sid:38863361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain mdytreudsgurifedei.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mdytreudsgurifedei.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mdytreudsgurifedei\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863363; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863364; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain pubiftdssarenittit.ddns.net"; dns.query; content:"pubiftdssarenittit.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])pubiftdssarenittit\.ddns\.net$/i"; classtype:trojan-activity; sid:38863371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain pubiftdssarenittit.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pubiftdssarenittit.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pubiftdssarenittit\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863373; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863374; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain byrtftwjiopidyrers.ddns.net"; dns.query; content:"byrtftwjiopidyrers.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])byrtftwjiopidyrers\.ddns\.net$/i"; classtype:trojan-activity; sid:38863381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain byrtftwjiopidyrers.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"byrtftwjiopidyrers.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])byrtftwjiopidyrers\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863383; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863384; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain xazkib.camdvr.org"; dns.query; content:"xazkib.camdvr.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])xazkib\.camdvr\.org$/i"; classtype:trojan-activity; sid:38863391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain xazkib.camdvr.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xazkib.camdvr.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xazkib\.camdvr\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863393; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863394; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain resulthostsockinc.duckdns.org"; dns.query; content:"resulthostsockinc.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])resulthostsockinc\.duckdns\.org$/i"; classtype:trojan-activity; sid:38863401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain resulthostsockinc.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"resulthostsockinc.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])resulthostsockinc\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863403; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863404; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain erenzy1337.duckdns.org"; dns.query; content:"erenzy1337.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])erenzy1337\.duckdns\.org$/i"; classtype:trojan-activity; sid:38863411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain erenzy1337.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"erenzy1337.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])erenzy1337\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863413; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863414; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain cashout2018.ddnss.de"; dns.query; content:"cashout2018.ddnss.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])cashout2018\.ddnss\.de$/i"; classtype:trojan-activity; sid:38863421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain cashout2018.ddnss.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cashout2018.ddnss.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cashout2018\.ddnss\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863423; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863424; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain grace2020.home-webserver.de"; dns.query; content:"grace2020.home-webserver.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])grace2020\.home\-webserver\.de$/i"; classtype:trojan-activity; sid:38863431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain grace2020.home-webserver.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grace2020.home-webserver.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grace2020\.home\-webserver\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863433; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863434; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain tergat752.duckdns.org"; dns.query; content:"tergat752.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])tergat752\.duckdns\.org$/i"; classtype:trojan-activity; sid:38863441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain tergat752.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tergat752.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tergat752\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863443; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863444; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain ytuna7307.duckdns.org"; dns.query; content:"ytuna7307.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])ytuna7307\.duckdns\.org$/i"; classtype:trojan-activity; sid:38863451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain ytuna7307.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ytuna7307.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ytuna7307\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863453; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863454; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain edonbe2189.ddns.net"; dns.query; content:"edonbe2189.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])edonbe2189\.ddns\.net$/i"; classtype:trojan-activity; sid:38863461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain edonbe2189.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edonbe2189.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edonbe2189\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863463; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863464; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain ch3.wikidex.ru"; dns.query; content:"ch3.wikidex.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])ch3\.wikidex\.ru$/i"; classtype:trojan-activity; sid:38863471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain ch3.wikidex.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ch3.wikidex.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ch3\.wikidex\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863473; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863474; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain poker.whizwhener.ru"; dns.query; content:"poker.whizwhener.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])poker\.whizwhener\.ru$/i"; classtype:trojan-activity; sid:38863481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain poker.whizwhener.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"poker.whizwhener.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])poker\.whizwhener\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863483; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863484; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain ch2.meinland.su"; dns.query; content:"ch2.meinland.su"; nocase; pcre: "/(^|[^A-Za-z0-9-])ch2\.meinland\.su$/i"; classtype:trojan-activity; sid:38863491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain ch2.meinland.su"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ch2.meinland.su"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ch2\.meinland\.su[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863493; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863494; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain ch3-pool-1194.nvpn.to"; dns.query; content:"ch3-pool-1194.nvpn.to"; nocase; pcre: "/(^|[^A-Za-z0-9-])ch3\-pool\-1194\.nvpn\.to$/i"; classtype:trojan-activity; sid:38863501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain ch3-pool-1194.nvpn.to"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ch3-pool-1194.nvpn.to"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ch3\-pool\-1194\.nvpn\.to[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863503; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863504; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain blessedlogins101.duckdns.org"; dns.query; content:"blessedlogins101.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])blessedlogins101\.duckdns\.org$/i"; classtype:trojan-activity; sid:38863511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain blessedlogins101.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blessedlogins101.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blessedlogins101\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863513; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863514; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain servr.killifabuse1.xyz"; dns.query; content:"servr.killifabuse1.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])servr\.killifabuse1\.xyz$/i"; classtype:trojan-activity; sid:38863521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain servr.killifabuse1.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"servr.killifabuse1.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])servr\.killifabuse1\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863523; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863524; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain ben1234.duckdns.org"; dns.query; content:"ben1234.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])ben1234\.duckdns\.org$/i"; classtype:trojan-activity; sid:38863531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain ben1234.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ben1234.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ben1234\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863533; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863534; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain timnoip.ddns.net"; dns.query; content:"timnoip.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])timnoip\.ddns\.net$/i"; classtype:trojan-activity; sid:38863541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain timnoip.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timnoip.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timnoip\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863543; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863544; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain darkaoui95.ddns.net"; dns.query; content:"darkaoui95.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])darkaoui95\.ddns\.net$/i"; classtype:trojan-activity; sid:38863551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain darkaoui95.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"darkaoui95.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])darkaoui95\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863553; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863554; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e25823 [] Domain top.citycentrejo.waw.pl"; dns.query; content:"top.citycentrejo.waw.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-])top\.citycentrejo\.waw\.pl$/i"; classtype:trojan-activity; sid:38863561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25823 [] Outgoing HTTP Domain top.citycentrejo.waw.pl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"top.citycentrejo.waw.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])top\.citycentrejo\.waw\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38863562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip $HOME_NET any -> 79.134.225.17 any (msg: "MISP e25823 [] Outgoing To IP: 79.134.225.17"; classtype:trojan-activity; sid:38863563; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert ip 79.134.225.17 any -> $HOME_NET any (msg: "MISP e25823 [] Incoming From IP: 79.134.225.17"; classtype:trojan-activity; sid:38863564; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname filedwn.infinityfreeapp.com"; dns.query; content:"filedwn.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filedwn\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname filedwn.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| filedwn.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filedwn\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282802; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname filehosting.infinityfreeapp.com"; dns.query; content:"filehosting.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filehosting\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname filehosting.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| filehosting.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filehosting\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282812; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname online-shopping.infinityfreeapp.com"; dns.query; content:"online-shopping.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])online\-shopping\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname online-shopping.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| online-shopping.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])online\-shopping\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282832; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname opendoc.infinityfreeapp.com"; dns.query; content:"opendoc.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])opendoc\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname opendoc.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| opendoc.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])opendoc\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282842; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname filedownload.infinityfreeapp.com"; dns.query; content:"filedownload.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filedownload\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname filedownload.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| filedownload.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filedownload\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282852; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname filihosting.infinityfreeapp.com"; dns.query; content:"filihosting.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filihosting\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname filihosting.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| filihosting.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filihosting\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282862; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname driveonline.rf.gd"; dns.query; content:"driveonline.rf.gd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])driveonline\.rf\.gd$/i"; classtype:trojan-activity; sid:37282871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname driveonline.rf.gd"; flow:to_server,established; http.header; content: "Host|3a| driveonline.rf.gd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])driveonline\.rf\.gd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282872; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname file-download.infinityfreeapp.com"; dns.query; content:"file-download.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])file\-download\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname file-download.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| file-download.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])file\-download\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname shared-files.rf.gd"; dns.query; content:"shared-files.rf.gd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shared\-files\.rf\.gd$/i"; classtype:trojan-activity; sid:37282901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname shared-files.rf.gd"; flow:to_server,established; http.header; content: "Host|3a| shared-files.rf.gd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shared\-files\.rf\.gd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282902; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname opendocument.infinityfreeapp.com"; dns.query; content:"opendocument.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])opendocument\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname opendocument.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| opendocument.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])opendocument\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282912; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname microsoft-files.infinityfreeapp.com"; dns.query; content:"microsoft-files.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsoft\-files\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname microsoft-files.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| microsoft-files.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsoft\-files\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282932; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname microsoftcloud.rf.gd"; dns.query; content:"microsoftcloud.rf.gd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsoftcloud\.rf\.gd$/i"; classtype:trojan-activity; sid:37282941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname microsoftcloud.rf.gd"; flow:to_server,established; http.header; content: "Host|3a| microsoftcloud.rf.gd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsoftcloud\.rf\.gd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282942; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname downloadinge.infinityfreeapp.com"; dns.query; content:"downloadinge.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadinge\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname downloadinge.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| downloadinge.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadinge\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282952; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname document-d.infinityfreeapp.com"; dns.query; content:"document-d.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])document\-d\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname document-d.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| document-d.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])document\-d\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282962; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname downloadc.infinityfreeapp.com"; dns.query; content:"downloadc.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadc\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname downloadc.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| downloadc.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadc\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282972; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname downloadingq.infinityfreeapp.com"; dns.query; content:"downloadingq.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadingq\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname downloadingq.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| downloadingq.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadingq\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname downloadingf.infinityfreeapp.com"; dns.query; content:"downloadingf.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadingf\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37282991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname downloadingf.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| downloadingf.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadingf\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname downloadingdoc.infinityfreeapp.com"; dns.query; content:"downloadingdoc.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadingdoc\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37283001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname downloadingdoc.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| downloadingdoc.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadingdoc\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname downloadingw.infinityfreeapp.com"; dns.query; content:"downloadingw.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadingw\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37283011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname downloadingw.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| downloadingw.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadingw\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname downloadx.infinityfreeapp.com"; dns.query; content:"downloadx.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadx\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37283021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname downloadx.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| downloadx.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadx\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname downloadz.infinityfreeapp.com"; dns.query; content:"downloadz.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadz\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37283031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname downloadz.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| downloadz.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadz\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283032; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname downloading.infinityfreeapp.com"; dns.query; content:"downloading.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloading\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37283041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname downloading.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| downloading.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloading\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283042; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname downloadfile.infinityfreeapp.com"; dns.query; content:"downloadfile.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadfile\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37283051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname downloadfile.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| downloadfile.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloadfile\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283052; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname downloaddoc.infinityfreeapp.com"; dns.query; content:"downloaddoc.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloaddoc\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37283061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname downloaddoc.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| downloaddoc.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downloaddoc\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283062; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname cloud-for-files.rf.gd"; dns.query; content:"cloud-for-files.rf.gd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloud\-for\-files\.rf\.gd$/i"; classtype:trojan-activity; sid:37283071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname cloud-for-files.rf.gd"; flow:to_server,established; http.header; content: "Host|3a| cloud-for-files.rf.gd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloud\-for\-files\.rf\.gd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname document-c.infinityfreeapp.com"; dns.query; content:"document-c.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])document\-c\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37283081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname document-c.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| document-c.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])document\-c\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283082; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname clouddrive.infinityfreeapp.com"; dns.query; content:"clouddrive.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clouddrive\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37283091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname clouddrive.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| clouddrive.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clouddrive\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283092; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname calc-dwn.infinityfreeapp.com"; dns.query; content:"calc-dwn.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calc\-dwn\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37283101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname calc-dwn.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a| calc-dwn.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calc\-dwn\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283102; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname consumerapp.frge.io"; dns.query; content:"consumerapp.frge.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])consumerapp\.frge\.io$/i"; classtype:trojan-activity; sid:37282791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname consumerapp.frge.io"; flow:to_server,established; http.header; content: "Host|3a| consumerapp.frge.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])consumerapp\.frge\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname hamster-795.frge.io"; dns.query; content:"hamster-795.frge.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamster\-795\.frge\.io$/i"; classtype:trojan-activity; sid:37282771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname hamster-795.frge.io"; flow:to_server,established; http.header; content: "Host|3a| hamster-795.frge.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamster\-795\.frge\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname sdrhsrthytr.wuaze.com"; dns.query; content:"sdrhsrthytr.wuaze.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sdrhsrthytr\.wuaze\.com$/i"; classtype:trojan-activity; sid:37282761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname sdrhsrthytr.wuaze.com"; flow:to_server,established; http.header; content: "Host|3a| sdrhsrthytr.wuaze.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sdrhsrthytr\.wuaze\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname settings-panel.frge.io"; dns.query; content:"settings-panel.frge.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])settings\-panel\.frge\.io$/i"; classtype:trojan-activity; sid:37282751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname settings-panel.frge.io"; flow:to_server,established; http.header; content: "Host|3a| settings-panel.frge.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])settings\-panel\.frge\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert dns any any -> any any (msg: "MISP e26407 [] Hostname settings-inform.rf.gd"; dns.query; content:"settings-inform.rf.gd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])settings\-inform\.rf\.gd$/i"; classtype:trojan-activity; sid:37282741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26407 [] Outgoing HTTP Hostname settings-inform.rf.gd"; flow:to_server,established; http.header; content: "Host|3a| settings-inform.rf.gd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])settings\-inform\.rf\.gd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37282742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26407;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [smokeloader] Outgoing URL http|3a|//autogrant.pw/tprobuzixc8/index.php"; flow:to_server,established; http.header; content:"autogrant.pw"; fast_pattern; nocase; http.uri; content:"/tprobuzixc8/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [smokeloader] Outgoing URL http|3a|//bytehom.online/tprobuzixc8/index.php"; flow:to_server,established; http.header; content:"bytehom.online"; fast_pattern; nocase; http.uri; content:"/tprobuzixc8/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//bytehom.online/tprobuzixc8/index.php"; flow:to_server,established; http.header; content:"bytehom.online"; fast_pattern; nocase; http.uri; content:"/tprobuzixc8/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//autogrant.pw/tprobuzixc8/index.php"; flow:to_server,established; http.header; content:"autogrant.pw"; fast_pattern; nocase; http.uri; content:"/tprobuzixc8/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 202.182.116.25 any (msg: "MISP e26408 [] Outgoing To IP: 202.182.116.25"; classtype:trojan-activity; sid:37283521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26408;) alert dns any any -> any any (msg: "MISP e26409 [] Hostname cloud-document-edit.onrender.com"; dns.query; content:"cloud-document-edit.onrender.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloud\-document\-edit\.onrender\.com$/i"; classtype:trojan-activity; sid:37283711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26409 [] Outgoing HTTP Hostname cloud-document-edit.onrender.com"; flow:to_server,established; http.header; content: "Host|3a| cloud-document-edit.onrender.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloud\-document\-edit\.onrender\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert dns any any -> any any (msg: "MISP e26409 [] Hostname east-healthy-dress.glitch.me"; dns.query; content:"east-healthy-dress.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])east\-healthy\-dress\.glitch\.me$/i"; classtype:trojan-activity; sid:37283721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26409 [] Outgoing HTTP Hostname east-healthy-dress.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| east-healthy-dress.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])east\-healthy\-dress\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert dns any any -> any any (msg: "MISP e26409 [] Hostname ndrrftqrlblfecpupppp.supabase.co"; dns.query; content:"ndrrftqrlblfecpupppp.supabase.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ndrrftqrlblfecpupppp\.supabase\.co$/i"; classtype:trojan-activity; sid:37283701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26409 [] Outgoing HTTP Hostname ndrrftqrlblfecpupppp.supabase.co"; flow:to_server,established; http.header; content: "Host|3a| ndrrftqrlblfecpupppp.supabase.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ndrrftqrlblfecpupppp\.supabase\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert dns any any -> any any (msg: "MISP e26409 [] Hostname epibvgvoszemkwjnplyc.supabase.co"; dns.query; content:"epibvgvoszemkwjnplyc.supabase.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])epibvgvoszemkwjnplyc\.supabase\.co$/i"; classtype:trojan-activity; sid:37283691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26409 [] Outgoing HTTP Hostname epibvgvoszemkwjnplyc.supabase.co"; flow:to_server,established; http.header; content: "Host|3a| epibvgvoszemkwjnplyc.supabase.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])epibvgvoszemkwjnplyc\.supabase\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert dns any any -> any any (msg: "MISP e26409 [] Hostname kwhfibejjyxregxmnpcs.supabase.co"; dns.query; content:"kwhfibejjyxregxmnpcs.supabase.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kwhfibejjyxregxmnpcs\.supabase\.co$/i"; classtype:trojan-activity; sid:37283681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26409 [] Outgoing HTTP Hostname kwhfibejjyxregxmnpcs.supabase.co"; flow:to_server,established; http.header; content: "Host|3a| kwhfibejjyxregxmnpcs.supabase.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kwhfibejjyxregxmnpcs\.supabase\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert dns any any -> any any (msg: "MISP e26409 [] Hostname coral-polydactyl-dragonfruit.glitch.me"; dns.query; content:"coral-polydactyl-dragonfruit.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coral\-polydactyl\-dragonfruit\.glitch\.me$/i"; classtype:trojan-activity; sid:37283671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26409 [] Outgoing HTTP Hostname coral-polydactyl-dragonfruit.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| coral-polydactyl-dragonfruit.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coral\-polydactyl\-dragonfruit\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37283672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26409;) alert ip $HOME_NET any -> 192.169.69.26 64418 (msg: "MISP e25952 [NanoCore,RAT] Outgoing To IP: 192.169.69.26|64418"; classtype:trojan-activity; sid:37062011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25947 [] Source Email Address: contabilidad@toyomar.com.ar"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"contabilidad@toyomar.com.ar"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37058341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25947;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e25947 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"06-02-24 INV_pdf.img|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37058361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25947;) alert ip 181.119.146.177 any -> $HOME_NET any (msg: "MISP e25947 [] Incoming From IP: 181.119.146.177"; classtype:trojan-activity; sid:37058371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25947;) alert dns any any -> any any (msg: "MISP e25947 [] Domain vxsct21005.avnam.net"; dns.query; content:"vxsct21005.avnam.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vxsct21005\.avnam\.net$/i"; classtype:trojan-activity; sid:37058381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25947;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25947 [] Outgoing HTTP Domain vxsct21005.avnam.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vxsct21005.avnam.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vxsct21005\.avnam\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37058382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25947;) alert ip $HOME_NET any -> 47.103.63.1 any (msg: "MISP e26410 [] Outgoing To IP: 47.103.63.1"; classtype:trojan-activity; sid:37283881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26410;) alert ip $HOME_NET any -> 117.50.187.121 any (msg: "MISP e26410 [] Outgoing To IP: 117.50.187.121"; classtype:trojan-activity; sid:37283891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26410;) alert ip $HOME_NET any -> 175.178.80.251 any (msg: "MISP e26410 [] Outgoing To IP: 175.178.80.251"; classtype:trojan-activity; sid:37283901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26410;) alert ip $HOME_NET any -> 106.13.198.93 any (msg: "MISP e26410 [] Outgoing To IP: 106.13.198.93"; classtype:trojan-activity; sid:37283911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26410;) alert ip $HOME_NET any -> 115.219.2.97 any (msg: "MISP e26410 [] Outgoing To IP: 115.219.2.97"; classtype:trojan-activity; sid:37283921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26410;) alert ip $HOME_NET any -> 106.55.28.159 any (msg: "MISP e26410 [] Outgoing To IP: 106.55.28.159"; classtype:trojan-activity; sid:37283931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26410;) alert ip $HOME_NET any -> 218.75.72.82 any (msg: "MISP e26410 [] Outgoing To IP: 218.75.72.82"; classtype:trojan-activity; sid:37283941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26410;) alert ip $HOME_NET any -> 124.221.81.81 any (msg: "MISP e26410 [] Outgoing To IP: 124.221.81.81"; classtype:trojan-activity; sid:37283951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26410;) alert ip $HOME_NET any -> 180.151.19.85 any (msg: "MISP e26410 [] Outgoing To IP: 180.151.19.85"; classtype:trojan-activity; sid:37283961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26410;) alert dns any any -> any any (msg: "MISP e25946 [] Domain bancoestado-solicita.pages.dev"; dns.query; content:"bancoestado-solicita.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-solicita\.pages\.dev$/i"; classtype:trojan-activity; sid:37058251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25946;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25946 [] Outgoing HTTP Domain bancoestado-solicita.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancoestado-solicita.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-solicita\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37058252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25946;) alert ip 101.36.105.7 any -> $HOME_NET any (msg: "MISP e25987 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.36.105.7"; classtype:trojan-activity; sid:37068271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25987;) alert ip 112.170.46.140 any -> $HOME_NET any (msg: "MISP e25987 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.170.46.140"; classtype:trojan-activity; sid:37068281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25987;) alert ip 1.164.96.157 any -> $HOME_NET any (msg: "MISP e25987 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.164.96.157"; classtype:trojan-activity; sid:37068291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25987;) alert ip 117.147.213.162 any -> $HOME_NET any (msg: "MISP e25987 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.147.213.162"; classtype:trojan-activity; sid:37068301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25987;) alert ip 103.231.46.66 any -> $HOME_NET any (msg: "MISP e25987 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.231.46.66"; classtype:trojan-activity; sid:37068311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25987;) alert ip 117.89.250.248 any -> $HOME_NET any (msg: "MISP e25987 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.89.250.248"; classtype:trojan-activity; sid:37068321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25987;) alert ip $HOME_NET any -> 74.81.37.165 666 (msg: "MISP e25952 [c2,cobalt_strike] Outgoing To IP: 74.81.37.165|666"; classtype:trojan-activity; sid:37062111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26405 [] snort-rule | ET TROJAN Win32/Common RAT Host Checkin (GET)"; flow:established,to_server; content:"GET"; http_method; content:".php?id="; http_uri; content:"&key="; http_uri; pcre:"/^(?:[0-9]{10,12})$/UR"; content:"Mozilla|2f|5|2e|0|20 28|Windows|20|NT|3b 20|Windows|20|NT|20|"; http_user_agent; depth:36; conten%WINDIR%\owerShell/"; http_user_agent; fast_pattern; http_header_names; content:"|0d 0a|User-Agent|0d 0a|Host|0d 0a|"; depth:20; isdataat:!35,relative; content:!"Referer"; reference:url,https://misp.finsin.cl/events/view/26405; reference:url,https://misp.finsin.cl/events/view/26405; classtype:trojan-activity; sid:37279661; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2023_10_19, deployment Perimeter, former_category MALWARE, malware_family RAT, confidence High, signature_severity Critical, updated_at 2023_10_19, reviewed_at 2023_10_19; ) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26405 [] snort-rule | ET INFO HTTP Request to a *.top domain"; flow:established,to_server; content:".top"; fast_pattern; http_host; pcre:"/^(\x3a\d{1,5})?$/WR"; threshold:type limit, track by_src, count 1, seconds 30; reference:url,https://misp.finsin.cl/events/view/26405; reference:url,https://misp.finsin.cl/events/view/26405; classtype:trojan-activity; sid:37279671; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2017_02_07, deployment Perimeter, former_category INFO, signature_severity Informational, updated_at 2020_08_20; ) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26405 [] snort-rule | ET INFO Request to .TOP Domain with Minimal Headers"; flow:established,to_server; content:".top"; http_host; isdataat:!1,relative; fast_pattern; http_header_names; content:"|0d 0a|Host|0d 0a|Connection|0d 0a 0d 0a|"; depth:22; isdataat:!1,relative; classtype:trojan-activity; sid:37279681; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2020_10_23, deployment Perimeter, signature_severity Major, updated_at 2020_10_23; reference:url,https://misp.finsin.cl/events/view/26405;) alert dns $HOME_NET any -> any any (msg: "MISP e26405 [] snort-rule | ET DNS Query to a *.top domain - Likely Hostile"; dns_query; content:".top"; nocase; isdataat:!1,relative; threshold:type limit, track by_src, count 1, seconds 30; reference:url,https://misp.finsin.cl/events/view/26405; reference:url,https://misp.finsin.cl/events/view/26405; classtype:trojan-activity; sid:37279691; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2017_02_07, deployment Perimeter, signature_severity Major, updated_at 2020_09_15; ) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26405 [] snort-rule | AV TROJAN AsyncRAT Loader CnC Request"; flow:to_server,established; content:"GET"; http_method; content:"id="; http_uri; content:"&key="; distance:0; http_uri; content:"&s="; http_uri; pcre:/&key=\d{10,}&s=\d{3}/U; conten%WINDIR%\owerShell"; http_user_agent; reference:url,https://misp.finsin.cl/events/view/26405; classtype:trojan-activity; sid:37279701; rev:1; metadata:created_at 2023_12_18, updated_at 2023_12_18; ) alert dns any any -> any any (msg: "MISP e26405 [ C2] Domain sduyvzep.top"; dns.query; content:"sduyvzep.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])sduyvzep\.top$/i"; classtype:trojan-activity; sid:37279711; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26405;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26405 [ C2] Outgoing HTTP Domain sduyvzep.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sduyvzep.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sduyvzep\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37279712; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26405;) alert ip $HOME_NET any -> 74.81.37.165 666 (msg: "MISP e25944 [] Outgoing To IP: 74.81.37.165|666"; classtype:trojan-activity; sid:37227551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 218.156.253.232 80 (msg: "MISP e25952 [c2,NanoCore] Outgoing To IP: 218.156.253.232|80"; classtype:trojan-activity; sid:37062121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e26405 [ C2] Domain orivzije.top"; dns.query; content:"orivzije.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])orivzije\.top$/i"; classtype:trojan-activity; sid:37279721; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26405;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26405 [ C2] Outgoing HTTP Domain orivzije.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"orivzije.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])orivzije\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37279722; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26405;) alert dns any any -> any any (msg: "MISP e26405 [ C2] Domain zpeifujz.top"; dns.query; content:"zpeifujz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])zpeifujz\.top$/i"; classtype:trojan-activity; sid:37279731; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26405;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26405 [ C2] Outgoing HTTP Domain zpeifujz.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zpeifujz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zpeifujz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37279732; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26405;) alert http $HOME_NET any -> 172.234.217.97 $HTTP_PORTS (msg: "MISP e25991 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//172.234.217.97/svcv/carbonballonmicrosoftsecretprotectionprotocolreleasingsoonforinstantupdateandupgradeentireproducttoeasyuseagethepcfast.doc"; flow:to_server,established; http.header; content:"172.234.217.97"; fast_pattern; nocase; http.uri; content:"/svcv/carbonballonmicrosoftsecretprotectionprotocolreleasingsoonforinstantupdateandupgradeentireproducttoeasyuseagethepcfast.doc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37069241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25991;) alert ip $HOME_NET any -> 218.156.253.232 80 (msg: "MISP e25944 [] Outgoing To IP: 218.156.253.232|80"; classtype:trojan-activity; sid:37227561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 193.161.193.99 30650 (msg: "MISP e25952 [QuasarRAT,RAT] Outgoing To IP: 193.161.193.99|30650"; classtype:trojan-activity; sid:37062131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip 101.37.117.39 any -> $HOME_NET any (msg: "MISP e26406 [] Incoming From IP: 101.37.117.39"; classtype:trojan-activity; sid:37280391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26406;) alert dns any any -> any any (msg: "MISP e25973 [] Domain w3ll.ws"; dns.query; content:"w3ll.ws"; nocase; pcre: "/(^|[^A-Za-z0-9-])w3ll\.ws$/i"; classtype:trojan-activity; sid:37065071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25973;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25973 [] Outgoing HTTP Domain w3ll.ws"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"w3ll.ws"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])w3ll\.ws[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37065072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25973;) alert dns any any -> any any (msg: "MISP e26406 [] Domain melovingsangria.online"; dns.query; content:"melovingsangria.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])melovingsangria\.online$/i"; classtype:trojan-activity; sid:37280401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26406;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26406 [] Outgoing HTTP Domain melovingsangria.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melovingsangria.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melovingsangria\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37280402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26406;) alert dns any any -> any any (msg: "MISP e26406 [] Domain mimicer.online"; dns.query; content:"mimicer.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])mimicer\.online$/i"; classtype:trojan-activity; sid:37280411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26406;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26406 [] Outgoing HTTP Domain mimicer.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mimicer.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mimicer\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37280412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26406;) alert dns any any -> any any (msg: "MISP e26406 [] Domain mimicmaster.online"; dns.query; content:"mimicmaster.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])mimicmaster\.online$/i"; classtype:trojan-activity; sid:37280421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26406;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26406 [] Outgoing HTTP Domain mimicmaster.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mimicmaster.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mimicmaster\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37280422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26406;) alert ip $HOME_NET any -> 193.161.193.99 30650 (msg: "MISP e25944 [] Outgoing To IP: 193.161.193.99|30650"; classtype:trojan-activity; sid:37227571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL bitbucket.org/JulieHeilman/m100-firmware-mirror/downloads/"; flow:to_server,established; http.uri; content:"bitbucket.org/JulieHeilman/m100-firmware-mirror/downloads/"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL bitbucket.org/upgrades/um/downloads/"; flow:to_server,established; http.uri; content:"bitbucket.org/upgrades/um/downloads/"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL bitbucket.org/legit-updates/flash-player/downloads"; flow:to_server,established; http.uri; content:"bitbucket.org/legit-updates/flash-player/downloads"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL gitlab.com/JulieHeilman/m100-firmware-mirror/raw/master/"; flow:to_server,established; http.uri; content:"gitlab.com/JulieHeilman/m100-firmware-mirror/raw/master/"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL gitlab.com/saev3aeg/ugee8zee/raw/master/"; flow:to_server,established; http.uri; content:"gitlab.com/saev3aeg/ugee8zee/raw/master/"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL github.com/amf9esiabnb/documents/releases/download/"; flow:to_server,established; http.uri; content:"github.com/amf9esiabnb/documents/releases/download/"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL tcp|3a|//pool.minexmr.com"; flow:to_server,established; http.uri; content:"tcp|3a|//pool.minexmr.com"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL tcp|3a|//mine.aeon-pool.com"; flow:to_server,established; http.uri; content:"tcp|3a|//mine.aeon-pool.com"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL tcp|3a|//5.255.86.125"; flow:to_server,established; http.uri; content:"tcp|3a|//5.255.86.125"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL tcp|3a|//45.9.148.21"; flow:to_server,established; http.uri; content:"tcp|3a|//45.9.148.21"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL tcp|3a|//45.9.148.36"; flow:to_server,established; http.uri; content:"tcp|3a|//45.9.148.36"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing URL tcp|3a|//45.9.148.132"; flow:to_server,established; http.uri; content:"tcp|3a|//45.9.148.132"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37289341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert dns any any -> any any (msg: "MISP e26418 [] Domain gpiekd65jgshwp2p53igifv43aug2adacdebmuuri34hduvijr5pfjad.onion"; dns.query; content:"gpiekd65jgshwp2p53igifv43aug2adacdebmuuri34hduvijr5pfjad.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])gpiekd65jgshwp2p53igifv43aug2adacdebmuuri34hduvijr5pfjad\.onion$/i"; classtype:trojan-activity; sid:37289351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing HTTP Domain gpiekd65jgshwp2p53igifv43aug2adacdebmuuri34hduvijr5pfjad.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gpiekd65jgshwp2p53igifv43aug2adacdebmuuri34hduvijr5pfjad.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gpiekd65jgshwp2p53igifv43aug2adacdebmuuri34hduvijr5pfjad\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37289352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert dns any any -> any any (msg: "MISP e26418 [] Domain ghtyqipha6mcwxiz.onion"; dns.query; content:"ghtyqipha6mcwxiz.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])ghtyqipha6mcwxiz\.onion$/i"; classtype:trojan-activity; sid:37289361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing HTTP Domain ghtyqipha6mcwxiz.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ghtyqipha6mcwxiz.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ghtyqipha6mcwxiz\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37289362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert dns any any -> any any (msg: "MISP e26418 [] Domain ajiumbl2p2mjzx3l.onion"; dns.query; content:"ajiumbl2p2mjzx3l.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])ajiumbl2p2mjzx3l\.onion$/i"; classtype:trojan-activity; sid:37289371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26418 [] Outgoing HTTP Domain ajiumbl2p2mjzx3l.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ajiumbl2p2mjzx3l.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ajiumbl2p2mjzx3l\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37289372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26418;) alert dns any any -> any any (msg: "MISP e25952 [] Domain 1oneventos.com"; dns.query; content:"1oneventos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])1oneventos\.com$/i"; classtype:trojan-activity; sid:37062201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [] Outgoing HTTP Domain 1oneventos.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"1oneventos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])1oneventos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [] Domain emprendi2.com"; dns.query; content:"emprendi2.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])emprendi2\.com$/i"; classtype:trojan-activity; sid:37062211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [] Outgoing HTTP Domain emprendi2.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"emprendi2.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])emprendi2\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [] Domain helpforhypnotherapists.com"; dns.query; content:"helpforhypnotherapists.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])helpforhypnotherapists\.com$/i"; classtype:trojan-activity; sid:37062221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [] Outgoing HTTP Domain helpforhypnotherapists.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"helpforhypnotherapists.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])helpforhypnotherapists\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [] Domain jubileemovement.org"; dns.query; content:"jubileemovement.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])jubileemovement\.org$/i"; classtype:trojan-activity; sid:37062231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [] Outgoing HTTP Domain jubileemovement.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jubileemovement.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jubileemovement\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [] Domain dicatindustrial.com"; dns.query; content:"dicatindustrial.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dicatindustrial\.com$/i"; classtype:trojan-activity; sid:37062241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [] Outgoing HTTP Domain dicatindustrial.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dicatindustrial.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dicatindustrial\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25944 [] Domain 1oneventos.com"; dns.query; content:"1oneventos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])1oneventos\.com$/i"; classtype:trojan-activity; sid:37227631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain 1oneventos.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"1oneventos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])1oneventos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain emprendi2.com"; dns.query; content:"emprendi2.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])emprendi2\.com$/i"; classtype:trojan-activity; sid:37227641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain emprendi2.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"emprendi2.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])emprendi2\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain helpforhypnotherapists.com"; dns.query; content:"helpforhypnotherapists.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])helpforhypnotherapists\.com$/i"; classtype:trojan-activity; sid:37227651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain helpforhypnotherapists.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"helpforhypnotherapists.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])helpforhypnotherapists\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain jubileemovement.org"; dns.query; content:"jubileemovement.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])jubileemovement\.org$/i"; classtype:trojan-activity; sid:37227661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain jubileemovement.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jubileemovement.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jubileemovement\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain dicatindustrial.com"; dns.query; content:"dicatindustrial.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dicatindustrial\.com$/i"; classtype:trojan-activity; sid:37227671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain dicatindustrial.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dicatindustrial.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dicatindustrial\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//re-captha-version-3-21.icu"; flow:to_server,established; http.header; content:"re-captha-version-3-21.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//webdatatrace.com"; flow:to_server,established; http.header; content:"webdatatrace.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//qltuh.shadowflameartisan.top"; flow:to_server,established; http.header; content:"qltuh.shadowflameartisan.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//new-bestfortunes.life"; flow:to_server,established; http.header; content:"new-bestfortunes.life"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//lookup-domain.com"; flow:to_server,established; http.header; content:"lookup-domain.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//qltuh.canopusacrux.top"; flow:to_server,established; http.header; content:"qltuh.canopusacrux.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [VexTrio] Outgoing URL http|3a|//new-bestfortunes.life"; flow:to_server,established; http.header; content:"new-bestfortunes.life"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [VexTrio] Outgoing URL http|3a|//re-captha-version-3-21.icu"; flow:to_server,established; http.header; content:"re-captha-version-3-21.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [VexTrio] Outgoing URL http|3a|//webdatatrace.com"; flow:to_server,established; http.header; content:"webdatatrace.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [VexTrio] Outgoing URL http|3a|//qltuh.canopusacrux.top"; flow:to_server,established; http.header; content:"qltuh.canopusacrux.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [VexTrio] Outgoing URL http|3a|//qltuh.shadowflameartisan.top"; flow:to_server,established; http.header; content:"qltuh.shadowflameartisan.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [VexTrio] Outgoing URL http|3a|//lookup-domain.com"; flow:to_server,established; http.header; content:"lookup-domain.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 3.68.56.232 12555 (msg: "MISP e25944 [] Outgoing To IP: 3.68.56.232|12555"; classtype:trojan-activity; sid:37227741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain mythic-slender.online"; dns.query; content:"mythic-slender.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])mythic\-slender\.online$/i"; classtype:trojan-activity; sid:37227751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain mythic-slender.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mythic-slender.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mythic\-slender\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25952 [SrryStealer] Domain mythic-slender.online"; dns.query; content:"mythic-slender.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])mythic\-slender\.online$/i"; classtype:trojan-activity; sid:37062301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [SrryStealer] Outgoing HTTP Domain mythic-slender.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mythic-slender.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mythic\-slender\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 3.68.56.232 12555 (msg: "MISP e25952 [njrat,RAT] Outgoing To IP: 3.68.56.232|12555"; classtype:trojan-activity; sid:37062311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> 39.105.101.138 9999 (msg: "MISP e25952 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//39.105.101.138|3a|9999/pixel"; flow:to_server,established; http.header; content:"39.105.101.138"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> 64.226.76.0 $HTTP_PORTS (msg: "MISP e25952 [CobaltStrike,cs-watermark-230717493,DigitalOcean LLC] Outgoing URL http|3a|//64.226.76.0/zc"; flow:to_server,established; http.header; content:"64.226.76.0"; fast_pattern; nocase; http.uri; content:"/zc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25952 [Amazon.com Inc.,CobaltStrike,cs-watermark-984639906] Domain du7wh8bicca0t.cloudfront.net"; dns.query; content:"du7wh8bicca0t.cloudfront.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])du7wh8bicca0t\.cloudfront\.net$/i"; classtype:trojan-activity; sid:37062361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25952 [Amazon.com Inc.,CobaltStrike,cs-watermark-984639906] Outgoing HTTP Domain du7wh8bicca0t.cloudfront.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"du7wh8bicca0t.cloudfront.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])du7wh8bicca0t\.cloudfront\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 3.208.85.37 443 (msg: "MISP e25952 [Amazon.com Inc.,CobaltStrike,cs-watermark-984639906] Outgoing To IP: 3.208.85.37|443"; classtype:trojan-activity; sid:37062371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25944 [] Domain du7wh8bicca0t.cloudfront.net"; dns.query; content:"du7wh8bicca0t.cloudfront.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])du7wh8bicca0t\.cloudfront\.net$/i"; classtype:trojan-activity; sid:37227771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain du7wh8bicca0t.cloudfront.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"du7wh8bicca0t.cloudfront.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])du7wh8bicca0t\.cloudfront\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 3.208.85.37 443 (msg: "MISP e25944 [] Outgoing To IP: 3.208.85.37|443"; classtype:trojan-activity; sid:37227781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> 64.226.76.0 $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//64.226.76.0/zC"; flow:to_server,established; http.header; content:"64.226.76.0"; fast_pattern; nocase; http.uri; content:"/zC"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> 39.105.101.138 9999 (msg: "MISP e25944 [] Outgoing URL http|3a|//39.105.101.138|3a|9999/pixel"; flow:to_server,established; http.header; content:"39.105.101.138"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25971 [] Domain pricewatercooqer-se.com"; dns.query; content:"pricewatercooqer-se.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pricewatercooqer\-se\.com$/i"; classtype:trojan-activity; sid:37064471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25971;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25971 [] Outgoing HTTP Domain pricewatercooqer-se.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pricewatercooqer-se.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pricewatercooqer\-se\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37064472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25971;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname chrrismid.wixsite.com"; dns.query; content:"chrrismid.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chrrismid\.wixsite\.com$/i"; classtype:trojan-activity; sid:37092621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname chrrismid.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| chrrismid.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chrrismid\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname radical-azimuth-70b.notion.site"; dns.query; content:"radical-azimuth-70b.notion.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])radical\-azimuth\-70b\.notion\.site$/i"; classtype:trojan-activity; sid:37092651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname radical-azimuth-70b.notion.site"; flow:to_server,established; http.header; content: "Host|3a| radical-azimuth-70b.notion.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])radical\-azimuth\-70b\.notion\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname nodechains-spongev2.pages.dev"; dns.query; content:"nodechains-spongev2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechains\-spongev2\.pages\.dev$/i"; classtype:trojan-activity; sid:37092681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname nodechains-spongev2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nodechains-spongev2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechains\-spongev2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//nodechains-spongev2.pages.dev"; flow:to_server,established; http.header; content:"nodechains-spongev2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37092691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname nodechain-pandoshi.pages.dev"; dns.query; content:"nodechain-pandoshi.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechain\-pandoshi\.pages\.dev$/i"; classtype:trojan-activity; sid:37092711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname nodechain-pandoshi.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nodechain-pandoshi.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechain\-pandoshi\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//nodechain-pandoshi.pages.dev"; flow:to_server,established; http.header; content:"nodechain-pandoshi.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37092721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname nodechain-apemax.pages.dev"; dns.query; content:"nodechain-apemax.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechain\-apemax\.pages\.dev$/i"; classtype:trojan-activity; sid:37092741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname nodechain-apemax.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nodechain-apemax.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechain\-apemax\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//nodechain-apemax.pages.dev"; flow:to_server,established; http.header; content:"nodechain-apemax.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37092751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname nodechain-launchpadlpx.pages.dev"; dns.query; content:"nodechain-launchpadlpx.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechain\-launchpadlpx\.pages\.dev$/i"; classtype:trojan-activity; sid:37092771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname nodechain-launchpadlpx.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nodechain-launchpadlpx.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechain\-launchpadlpx\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//nodechain-launchpadlpx.pages.dev"; flow:to_server,established; http.header; content:"nodechain-launchpadlpx.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37092781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname nodechain-spongev2.pages.dev"; dns.query; content:"nodechain-spongev2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechain\-spongev2\.pages\.dev$/i"; classtype:trojan-activity; sid:37092801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname nodechain-spongev2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nodechain-spongev2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechain\-spongev2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//nodechain-spongev2.pages.dev"; flow:to_server,established; http.header; content:"nodechain-spongev2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37092811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pedf.pages.dev"; dns.query; content:"pedf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pedf\.pages\.dev$/i"; classtype:trojan-activity; sid:37092831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pedf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pedf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pedf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//pedf.pages.dev"; flow:to_server,established; http.header; content:"pedf.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37092841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ir.czcwu.sbs"; dns.query; content:"ir.czcwu.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ir\.czcwu\.sbs$/i"; classtype:trojan-activity; sid:37092861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ir.czcwu.sbs"; flow:to_server,established; http.header; content: "Host|3a| ir.czcwu.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ir\.czcwu\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//ir.czcwu.sbs/C/payment.php?RefId=2AA97EF3956F3331"; flow:to_server,established; http.header; content:"ir.czcwu.sbs"; fast_pattern; nocase; http.uri; content:"/C/payment.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37092871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname login.microsoftonline.us.office.m365.leidos.govshn.net"; dns.query; content:"login.microsoftonline.us.office.m365.leidos.govshn.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.microsoftonline\.us\.office\.m365\.leidos\.govshn\.net$/i"; classtype:trojan-activity; sid:37092891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname login.microsoftonline.us.office.m365.leidos.govshn.net"; flow:to_server,established; http.header; content: "Host|3a| login.microsoftonline.us.office.m365.leidos.govshn.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.microsoftonline\.us\.office\.m365\.leidos\.govshn\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname v886c8u164xfs-1324239560.cos.na-ashburn.myqcloud.com"; dns.query; content:"v886c8u164xfs-1324239560.cos.na-ashburn.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])v886c8u164xfs\-1324239560\.cos\.na\-ashburn\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37092921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname v886c8u164xfs-1324239560.cos.na-ashburn.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| v886c8u164xfs-1324239560.cos.na-ashburn.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])v886c8u164xfs\-1324239560\.cos\.na\-ashburn\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-fc51d290db584b328d6feb3913c634a1.r2.dev"; dns.query; content:"pub-fc51d290db584b328d6feb3913c634a1.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-fc51d290db584b328d6feb3913c634a1\.r2\.dev$/i"; classtype:trojan-activity; sid:37092951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-fc51d290db584b328d6feb3913c634a1.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-fc51d290db584b328d6feb3913c634a1.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-fc51d290db584b328d6feb3913c634a1\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//pub-fc51d290db584b328d6feb3913c634a1.r2.dev/office365webb.html"; flow:to_server,established; http.header; content:"pub-fc51d290db584b328d6feb3913c634a1.r2.dev"; fast_pattern; nocase; http.uri; content:"/office365webb.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37092961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname leidoscorpus.sharepoint.us.office.m365.leidos.govshn.net"; dns.query; content:"leidoscorpus.sharepoint.us.office.m365.leidos.govshn.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])leidoscorpus\.sharepoint\.us\.office\.m365\.leidos\.govshn\.net$/i"; classtype:trojan-activity; sid:37092981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname leidoscorpus.sharepoint.us.office.m365.leidos.govshn.net"; flow:to_server,established; http.header; content: "Host|3a| leidoscorpus.sharepoint.us.office.m365.leidos.govshn.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])leidoscorpus\.sharepoint\.us\.office\.m365\.leidos\.govshn\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 9s865rmybso.sgp1.digitaloceanspaces.com"; dns.query; content:"9s865rmybso.sgp1.digitaloceanspaces.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9s865rmybso\.sgp1\.digitaloceanspaces\.com$/i"; classtype:trojan-activity; sid:37093011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 9s865rmybso.sgp1.digitaloceanspaces.com"; flow:to_server,established; http.header; content: "Host|3a| 9s865rmybso.sgp1.digitaloceanspaces.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9s865rmybso\.sgp1\.digitaloceanspaces\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ng0dfi7ijltt2-1324239560.cos.ap-mumbai.myqcloud.com"; dns.query; content:"ng0dfi7ijltt2-1324239560.cos.ap-mumbai.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ng0dfi7ijltt2\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37093041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ng0dfi7ijltt2-1324239560.cos.ap-mumbai.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| ng0dfi7ijltt2-1324239560.cos.ap-mumbai.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ng0dfi7ijltt2\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname haoqi7.github.io"; dns.query; content:"haoqi7.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])haoqi7\.github\.io$/i"; classtype:trojan-activity; sid:37093071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname haoqi7.github.io"; flow:to_server,established; http.header; content: "Host|3a| haoqi7.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])haoqi7\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 17bbq.pages.dev"; dns.query; content:"17bbq.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])17bbq\.pages\.dev$/i"; classtype:trojan-activity; sid:37093131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 17bbq.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 17bbq.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])17bbq\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//17bbq.pages.dev"; flow:to_server,established; http.header; content:"17bbq.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname imtoken.wallet-app.com"; dns.query; content:"imtoken.wallet-app.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\.wallet\-app\.com$/i"; classtype:trojan-activity; sid:37093191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname imtoken.wallet-app.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken.wallet-app.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\.wallet\-app\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//imtoken.wallet-app.com"; flow:to_server,established; http.header; content:"imtoken.wallet-app.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname auto24-leas.pl"; dns.query; content:"auto24-leas.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto24\-leas\.pl$/i"; classtype:trojan-activity; sid:37093221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname auto24-leas.pl"; flow:to_server,established; http.header; content: "Host|3a| auto24-leas.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto24\-leas\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//auto24-leas.pl"; flow:to_server,established; http.header; content:"auto24-leas.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname lnk.pw"; dns.query; content:"lnk.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnk\.pw$/i"; classtype:trojan-activity; sid:37093251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname lnk.pw"; flow:to_server,established; http.header; content: "Host|3a| lnk.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnk\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname identifiez-vous-3no0.hubside.fr"; dns.query; content:"identifiez-vous-3no0.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifiez\-vous\-3no0\.hubside\.fr$/i"; classtype:trojan-activity; sid:37093281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname identifiez-vous-3no0.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| identifiez-vous-3no0.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifiez\-vous\-3no0\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname zhuolu.vip"; dns.query; content:"zhuolu.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zhuolu\.vip$/i"; classtype:trojan-activity; sid:37093311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname zhuolu.vip"; flow:to_server,established; http.header; content: "Host|3a| zhuolu.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zhuolu\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//zhuolu.vip"; flow:to_server,established; http.header; content:"zhuolu.vip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname oorang.hubside.fr"; dns.query; content:"oorang.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oorang\.hubside\.fr$/i"; classtype:trojan-activity; sid:37093341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname oorang.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| oorang.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oorang\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegrcsm.fit"; dns.query; content:"telegrcsm.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrcsm\.fit$/i"; classtype:trojan-activity; sid:37093371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegrcsm.fit"; flow:to_server,established; http.header; content: "Host|3a| telegrcsm.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrcsm\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//www.telegrcsm.fit"; flow:to_server,established; http.header; content:"www.telegrcsm.fit"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname yahooconnectatt.weebly.com"; dns.query; content:"yahooconnectatt.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yahooconnectatt\.weebly\.com$/i"; classtype:trojan-activity; sid:37093401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname yahooconnectatt.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| yahooconnectatt.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yahooconnectatt\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//yahooconnectatt.weebly.com"; flow:to_server,established; http.header; content:"yahooconnectatt.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.ussptm.top"; dns.query; content:"usp.ussptm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptm\.top$/i"; classtype:trojan-activity; sid:37093431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.ussptm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//usp.ussptm.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.ussptm.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.usspgs.top"; dns.query; content:"usp.usspgs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspgs\.top$/i"; classtype:trojan-activity; sid:37093461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.usspgs.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspgs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspgs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//usp.usspgs.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.usspgs.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.usspis.top"; dns.query; content:"usp.usspis.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspis\.top$/i"; classtype:trojan-activity; sid:37093491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.usspis.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspis.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspis\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//usp.usspis.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.usspis.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.ussptd.top"; dns.query; content:"usp.ussptd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptd\.top$/i"; classtype:trojan-activity; sid:37093521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.ussptd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//usp.ussptd.top"; flow:to_server,established; http.header; content:"usp.ussptd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.usspga.top"; dns.query; content:"usp.usspga.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspga\.top$/i"; classtype:trojan-activity; sid:37093551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.usspga.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspga.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspga\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//usp.usspga.top"; flow:to_server,established; http.header; content:"usp.usspga.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usps.uspsmng.com"; dns.query; content:"usps.uspsmng.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.uspsmng\.com$/i"; classtype:trojan-activity; sid:37093581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usps.uspsmng.com"; flow:to_server,established; http.header; content: "Host|3a| usps.uspsmng.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.uspsmng\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//usps.uspsmng.com/update"; flow:to_server,established; http.header; content:"usps.uspsmng.com"; fast_pattern; nocase; http.uri; content:"/update"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp-sm.com"; dns.query; content:"usp-sm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\-sm\.com$/i"; classtype:trojan-activity; sid:37093611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp-sm.com"; flow:to_server,established; http.header; content: "Host|3a| usp-sm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\-sm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//usp-sm.com/update"; flow:to_server,established; http.header; content:"usp-sm.com"; fast_pattern; nocase; http.uri; content:"/update"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspgtr.com"; dns.query; content:"uspgtr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspgtr\.com$/i"; classtype:trojan-activity; sid:37093641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspgtr.com"; flow:to_server,established; http.header; content: "Host|3a| uspgtr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspgtr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//uspgtr.com/update"; flow:to_server,established; http.header; content:"uspgtr.com"; fast_pattern; nocase; http.uri; content:"/update"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspost.ipostki.top"; dns.query; content:"uspost.ipostki.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspost\.ipostki\.top$/i"; classtype:trojan-activity; sid:37093671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspost.ipostki.top"; flow:to_server,established; http.header; content: "Host|3a| uspost.ipostki.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspost\.ipostki\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//uspost.ipostki.top/update"; flow:to_server,established; http.header; content:"uspost.ipostki.top"; fast_pattern; nocase; http.uri; content:"/update"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname theatt.weebly.com"; dns.query; content:"theatt.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])theatt\.weebly\.com$/i"; classtype:trojan-activity; sid:37093701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname theatt.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| theatt.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])theatt\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//theatt.weebly.com"; flow:to_server,established; http.header; content:"theatt.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37093711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspz.usspjo.top"; dns.query; content:"uspz.usspjo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjo\.top$/i"; classtype:trojan-activity; sid:37093731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspz.usspjo.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspjo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.usspvt.top"; dns.query; content:"usp.usspvt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvt\.top$/i"; classtype:trojan-activity; sid:37093761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.usspvt.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.usspvg.top"; dns.query; content:"usp.usspvg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvg\.top$/i"; classtype:trojan-activity; sid:37093791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.usspvg.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.usspty.top"; dns.query; content:"usp.usspty.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspty\.top$/i"; classtype:trojan-activity; sid:37093821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.usspty.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspty.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspty\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.ussprn.top"; dns.query; content:"usp.ussprn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprn\.top$/i"; classtype:trojan-activity; sid:37093851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.ussprn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussprn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.usspri.top"; dns.query; content:"usp.usspri.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspri\.top$/i"; classtype:trojan-activity; sid:37093881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.usspri.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspri.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspri\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.usspng.top"; dns.query; content:"usp.usspng.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspng\.top$/i"; classtype:trojan-activity; sid:37093911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.usspng.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspng.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspng\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.usspec.top"; dns.query; content:"usp.usspec.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspec\.top$/i"; classtype:trojan-activity; sid:37093941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.usspec.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspec.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspec\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspe.ussppb.top"; dns.query; content:"uspe.ussppb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppb\.top$/i"; classtype:trojan-activity; sid:37093971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspe.ussppb.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.ussppb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37093972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspo.usspqm.top"; dns.query; content:"uspo.usspqm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspqm\.top$/i"; classtype:trojan-activity; sid:37094001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspo.usspqm.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspqm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspqm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspe.usspnw.top"; dns.query; content:"uspe.usspnw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspnw\.top$/i"; classtype:trojan-activity; sid:37094031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspe.usspnw.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspnw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspnw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname upod.pages.dev"; dns.query; content:"upod.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upod\.pages\.dev$/i"; classtype:trojan-activity; sid:37094061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname upod.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| upod.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upod\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname styatt.weebly.com"; dns.query; content:"styatt.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])styatt\.weebly\.com$/i"; classtype:trojan-activity; sid:37094091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname styatt.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| styatt.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])styatt\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//styatt.weebly.com"; flow:to_server,established; http.header; content:"styatt.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37094101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname tomasslobodnik.blogspot.com"; dns.query; content:"tomasslobodnik.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tomasslobodnik\.blogspot\.com$/i"; classtype:trojan-activity; sid:37094121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname tomasslobodnik.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| tomasslobodnik.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tomasslobodnik\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname sukientet.gaarene.vn"; dns.query; content:"sukientet.gaarene.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sukientet\.gaarene\.vn$/i"; classtype:trojan-activity; sid:37094151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname sukientet.gaarene.vn"; flow:to_server,established; http.header; content: "Host|3a| sukientet.gaarene.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sukientet\.gaarene\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname tokenpabket.com"; dns.query; content:"tokenpabket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpabket\.com$/i"; classtype:trojan-activity; sid:37094181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname tokenpabket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpabket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpabket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//tokenpabket.com"; flow:to_server,established; http.header; content:"tokenpabket.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37094191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37094691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname safety-3930543708.duckdns.org"; dns.query; content:"safety-3930543708.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])safety\-3930543708\.duckdns\.org$/i"; classtype:trojan-activity; sid:37094721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname safety-3930543708.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a| safety-3930543708.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])safety\-3930543708\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname report-authentic-account.netlify.app"; dns.query; content:"report-authentic-account.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])report\-authentic\-account\.netlify\.app$/i"; classtype:trojan-activity; sid:37094811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname report-authentic-account.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| report-authentic-account.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])report\-authentic\-account\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-ddec5a680d754c299db2c674dc0f42b4.r2.dev"; dns.query; content:"pub-ddec5a680d754c299db2c674dc0f42b4.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ddec5a680d754c299db2c674dc0f42b4\.r2\.dev$/i"; classtype:trojan-activity; sid:37094841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-ddec5a680d754c299db2c674dc0f42b4.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-ddec5a680d754c299db2c674dc0f42b4.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ddec5a680d754c299db2c674dc0f42b4\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-8e9f7995a5c749f09e0fd93576303c1c.r2.dev"; dns.query; content:"pub-8e9f7995a5c749f09e0fd93576303c1c.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8e9f7995a5c749f09e0fd93576303c1c\.r2\.dev$/i"; classtype:trojan-activity; sid:37094871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-8e9f7995a5c749f09e0fd93576303c1c.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-8e9f7995a5c749f09e0fd93576303c1c.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8e9f7995a5c749f09e0fd93576303c1c\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-68da61b09d6e4d65a1317a59afd5f97c.r2.dev"; dns.query; content:"pub-68da61b09d6e4d65a1317a59afd5f97c.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-68da61b09d6e4d65a1317a59afd5f97c\.r2\.dev$/i"; classtype:trojan-activity; sid:37094901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-68da61b09d6e4d65a1317a59afd5f97c.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-68da61b09d6e4d65a1317a59afd5f97c.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-68da61b09d6e4d65a1317a59afd5f97c\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname protection-0990361308.duckdns.org"; dns.query; content:"protection-0990361308.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])protection\-0990361308\.duckdns\.org$/i"; classtype:trojan-activity; sid:37094931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname protection-0990361308.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a| protection-0990361308.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])protection\-0990361308\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ornate-bonbon-d360d9sd.netlify.app"; dns.query; content:"ornate-bonbon-d360d9sd.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ornate\-bonbon\-d360d9sd\.netlify\.app$/i"; classtype:trojan-activity; sid:37094961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ornate-bonbon-d360d9sd.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| ornate-bonbon-d360d9sd.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ornate\-bonbon\-d360d9sd\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname nvk.pages.dev"; dns.query; content:"nvk.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nvk\.pages\.dev$/i"; classtype:trojan-activity; sid:37094991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname nvk.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nvk.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nvk\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37094992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname mail.autoz.com.au"; dns.query; content:"mail.autoz.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.autoz\.com\.au$/i"; classtype:trojan-activity; sid:37095021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname mail.autoz.com.au"; flow:to_server,established; http.header; content: "Host|3a| mail.autoz.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.autoz\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname liok.pages.dev"; dns.query; content:"liok.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liok\.pages\.dev$/i"; classtype:trojan-activity; sid:37095051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname liok.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| liok.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liok\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname jmf.pages.dev"; dns.query; content:"jmf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jmf\.pages\.dev$/i"; classtype:trojan-activity; sid:37095081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname jmf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jmf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jmf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname jmf.pages.dev"; dns.query; content:"jmf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jmf\.pages\.dev$/i"; classtype:trojan-activity; sid:37095111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname jmf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jmf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jmf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname signin-att--dynamic-verification-login-secure.weebly.com"; dns.query; content:"signin-att--dynamic-verification-login-secure.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])signin\-att\-\-dynamic\-verification\-login\-secure\.weebly\.com$/i"; classtype:trojan-activity; sid:37095141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname signin-att--dynamic-verification-login-secure.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| signin-att--dynamic-verification-login-secure.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])signin\-att\-\-dynamic\-verification\-login\-secure\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//signin-att--dynamic-verification-login-secure.weebly.com"; flow:to_server,established; http.header; content:"signin-att--dynamic-verification-login-secure.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname gtm.steamproxy.cc"; dns.query; content:"gtm.steamproxy.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gtm\.steamproxy\.cc$/i"; classtype:trojan-activity; sid:37095171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname gtm.steamproxy.cc"; flow:to_server,established; http.header; content: "Host|3a| gtm.steamproxy.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gtm\.steamproxy\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname frosty-document-5022.dscgs8xo.workers.dev"; dns.query; content:"frosty-document-5022.dscgs8xo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev$/i"; classtype:trojan-activity; sid:37095201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname frosty-document-5022.dscgs8xo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| frosty-document-5022.dscgs8xo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname f.365k240202.top"; dns.query; content:"f.365k240202.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f\.365k240202\.top$/i"; classtype:trojan-activity; sid:37095231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname f.365k240202.top"; flow:to_server,established; http.header; content: "Host|3a| f.365k240202.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f\.365k240202\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname dhw0dh2os19.tulisku.my.id"; dns.query; content:"dhw0dh2os19.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhw0dh2os19\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37095261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname dhw0dh2os19.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| dhw0dh2os19.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhw0dh2os19\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname accounts-google-com.google.research.skyfencenet.com"; dns.query; content:"accounts-google-com.google.research.skyfencenet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])accounts\-google\-com\.google\.research\.skyfencenet\.com$/i"; classtype:trojan-activity; sid:37095291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname accounts-google-com.google.research.skyfencenet.com"; flow:to_server,established; http.header; content: "Host|3a| accounts-google-com.google.research.skyfencenet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])accounts\-google\-com\.google\.research\.skyfencenet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu.ipfs.cf-ipfs.com"; dns.query; content:"bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37095321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname index-1el.pages.dev"; dns.query; content:"index-1el.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])index\-1el\.pages\.dev$/i"; classtype:trojan-activity; sid:37095351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname index-1el.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| index-1el.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])index\-1el\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37095381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname erudicaoinvestimentos.com.br"; dns.query; content:"erudicaoinvestimentos.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])erudicaoinvestimentos\.com\.br$/i"; classtype:trojan-activity; sid:37095411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname erudicaoinvestimentos.com.br"; flow:to_server,established; http.header; content: "Host|3a| erudicaoinvestimentos.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])erudicaoinvestimentos\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname melaniinn.weebly.com"; dns.query; content:"melaniinn.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])melaniinn\.weebly\.com$/i"; classtype:trojan-activity; sid:37095441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname melaniinn.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| melaniinn.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])melaniinn\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//melaniinn.weebly.com"; flow:to_server,established; http.header; content:"melaniinn.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname mailcentredepartment001.weebly.com"; dns.query; content:"mailcentredepartment001.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailcentredepartment001\.weebly\.com$/i"; classtype:trojan-activity; sid:37095471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname mailcentredepartment001.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| mailcentredepartment001.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailcentredepartment001\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//mailcentredepartment001.weebly.com"; flow:to_server,established; http.header; content:"mailcentredepartment001.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname iq8lyhiz9lewh-1324239560.cos.sa-saopaulo.myqcloud.com"; dns.query; content:"iq8lyhiz9lewh-1324239560.cos.sa-saopaulo.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iq8lyhiz9lewh\-1324239560\.cos\.sa\-saopaulo\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37095501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname iq8lyhiz9lewh-1324239560.cos.sa-saopaulo.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| iq8lyhiz9lewh-1324239560.cos.sa-saopaulo.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iq8lyhiz9lewh\-1324239560\.cos\.sa\-saopaulo\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//iq8lyhiz9lewh-1324239560.cos.sa-saopaulo.myqcloud.com/iq8lyhiz9lewh.html"; flow:to_server,established; http.header; content:"iq8lyhiz9lewh-1324239560.cos.sa-saopaulo.myqcloud.com"; fast_pattern; nocase; http.uri; content:"/iq8lyhiz9lewh.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname facebookvcnrtl9.bestpanelku.com"; dns.query; content:"facebookvcnrtl9.bestpanelku.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebookvcnrtl9\.bestpanelku\.com$/i"; classtype:trojan-activity; sid:37095531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname facebookvcnrtl9.bestpanelku.com"; flow:to_server,established; http.header; content: "Host|3a| facebookvcnrtl9.bestpanelku.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebookvcnrtl9\.bestpanelku\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//facebookvcnrtl9.bestpanelku.com/vhsfhqpdhdsih6"; flow:to_server,established; http.header; content:"facebookvcnrtl9.bestpanelku.com"; fast_pattern; nocase; http.uri; content:"/vhsfhqpdhdsih6"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname b-580.pages.dev"; dns.query; content:"b-580.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b\-580\.pages\.dev$/i"; classtype:trojan-activity; sid:37095561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname b-580.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| b-580.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b\-580\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//b-580.pages.dev"; flow:to_server,established; http.header; content:"b-580.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmYtSYPUCQRWcp3KnG8TW8gs2naQ5qPpTvXv6tgJ4a5iH2"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmYtSYPUCQRWcp3KnG8TW8gs2naQ5qPpTvXv6tgJ4a5iH2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname bankmenia.org"; dns.query; content:"bankmenia.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bankmenia\.org$/i"; classtype:trojan-activity; sid:37095621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname bankmenia.org"; flow:to_server,established; http.header; content: "Host|3a| bankmenia.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bankmenia\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname auth-login.hubside.fr"; dns.query; content:"auth-login.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auth\-login\.hubside\.fr$/i"; classtype:trojan-activity; sid:37095651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname auth-login.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| auth-login.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auth\-login\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//auth-login.hubside.fr"; flow:to_server,established; http.header; content:"auth-login.hubside.fr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname accountservicesetting.weebly.com"; dns.query; content:"accountservicesetting.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])accountservicesetting\.weebly\.com$/i"; classtype:trojan-activity; sid:37095681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname accountservicesetting.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| accountservicesetting.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])accountservicesetting\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//accountservicesetting.weebly.com"; flow:to_server,established; http.header; content:"accountservicesetting.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname aol.xvhjklfwgh.workers.dev"; dns.query; content:"aol.xvhjklfwgh.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aol\.xvhjklfwgh\.workers\.dev$/i"; classtype:trojan-activity; sid:37095711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname aol.xvhjklfwgh.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| aol.xvhjklfwgh.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aol\.xvhjklfwgh\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//aol.xvhjklfwgh.workers.dev"; flow:to_server,established; http.header; content:"aol.xvhjklfwgh.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 8fgh-jg9.syd1.digitaloceanspaces.com"; dns.query; content:"8fgh-jg9.syd1.digitaloceanspaces.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])8fgh\-jg9\.syd1\.digitaloceanspaces\.com$/i"; classtype:trojan-activity; sid:37095741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 8fgh-jg9.syd1.digitaloceanspaces.com"; flow:to_server,established; http.header; content: "Host|3a| 8fgh-jg9.syd1.digitaloceanspaces.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])8fgh\-jg9\.syd1\.digitaloceanspaces\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegrmna.club"; dns.query; content:"telegrmna.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmna\.club$/i"; classtype:trojan-activity; sid:37095771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegrmna.club"; flow:to_server,established; http.header; content: "Host|3a| telegrmna.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmna\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//www.telegrmna.club/"; flow:to_server,established; http.header; content:"www.telegrmna.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:37095801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//telegram.dog/+WVmCknSL8xthNDhk"; flow:to_server,established; http.header; content:"telegram.dog"; fast_pattern; nocase; http.uri; content:"/+WVmCknSL8xthNDhk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:37095831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//telegram.dog/+MF2EXeitLjMxY2Ux"; flow:to_server,established; http.header; content:"telegram.dog"; fast_pattern; nocase; http.uri; content:"/+MF2EXeitLjMxY2Ux"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 365ccr.com"; dns.query; content:"365ccr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365ccr\.com$/i"; classtype:trojan-activity; sid:37095861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 365ccr.com"; flow:to_server,established; http.header; content: "Host|3a| 365ccr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365ccr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//365ccr.com/index.php"; flow:to_server,established; http.header; content:"365ccr.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 365ccv.com"; dns.query; content:"365ccv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365ccv\.com$/i"; classtype:trojan-activity; sid:37095891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 365ccv.com"; flow:to_server,established; http.header; content: "Host|3a| 365ccv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365ccv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//365ccv.com/index.php"; flow:to_server,established; http.header; content:"365ccv.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 365bbv.com"; dns.query; content:"365bbv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365bbv\.com$/i"; classtype:trojan-activity; sid:37095921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 365bbv.com"; flow:to_server,established; http.header; content: "Host|3a| 365bbv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365bbv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//365bbv.com/index.php"; flow:to_server,established; http.header; content:"365bbv.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-43a07e0c3a4644d9a56fcd8bab895680.r2.dev"; dns.query; content:"pub-43a07e0c3a4644d9a56fcd8bab895680.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-43a07e0c3a4644d9a56fcd8bab895680\.r2\.dev$/i"; classtype:trojan-activity; sid:37095951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-43a07e0c3a4644d9a56fcd8bab895680.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-43a07e0c3a4644d9a56fcd8bab895680.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-43a07e0c3a4644d9a56fcd8bab895680\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname sonarhomebfe.eu"; dns.query; content:"sonarhomebfe.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sonarhomebfe\.eu$/i"; classtype:trojan-activity; sid:37095981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname sonarhomebfe.eu"; flow:to_server,established; http.header; content: "Host|3a| sonarhomebfe.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sonarhomebfe\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37095982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//sonarhomebfe.eu"; flow:to_server,established; http.header; content:"sonarhomebfe.eu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37095991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 1drv.sunbangyan.cn"; dns.query; content:"1drv.sunbangyan.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1drv\.sunbangyan\.cn$/i"; classtype:trojan-activity; sid:37096011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 1drv.sunbangyan.cn"; flow:to_server,established; http.header; content: "Host|3a| 1drv.sunbangyan.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1drv\.sunbangyan\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//1drv.sunbangyan.cn"; flow:to_server,established; http.header; content:"1drv.sunbangyan.cn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname imtoken-ap.fyi"; dns.query; content:"imtoken-ap.fyi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ap\.fyi$/i"; classtype:trojan-activity; sid:37096041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname imtoken-ap.fyi"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ap.fyi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ap\.fyi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//imtoken-ap.fyi"; flow:to_server,established; http.header; content:"imtoken-ap.fyi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname imtoken-ao.pro"; dns.query; content:"imtoken-ao.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ao\.pro$/i"; classtype:trojan-activity; sid:37096071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname imtoken-ao.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ao.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ao\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//imtoken-ao.pro"; flow:to_server,established; http.header; content:"imtoken-ao.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pixelsphotorfcontest.pages.dev"; dns.query; content:"pixelsphotorfcontest.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelsphotorfcontest\.pages\.dev$/i"; classtype:trojan-activity; sid:37096101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pixelsphotorfcontest.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pixelsphotorfcontest.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelsphotorfcontest\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//pixelsphotorfcontest.pages.dev"; flow:to_server,established; http.header; content:"pixelsphotorfcontest.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ameli-sante.co"; dns.query; content:"ameli-sante.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ameli\-sante\.co$/i"; classtype:trojan-activity; sid:37096131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ameli-sante.co"; flow:to_server,established; http.header; content: "Host|3a| ameli-sante.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ameli\-sante\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ameli-assure.fr"; dns.query; content:"ameli-assure.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ameli\-assure\.fr$/i"; classtype:trojan-activity; sid:37096161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ameli-assure.fr"; flow:to_server,established; http.header; content: "Host|3a| ameli-assure.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ameli\-assure\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ameli-client.fr"; dns.query; content:"ameli-client.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ameli\-client\.fr$/i"; classtype:trojan-activity; sid:37096191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ameli-client.fr"; flow:to_server,established; http.header; content: "Host|3a| ameli-client.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ameli\-client\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname xniidor.com"; dns.query; content:"xniidor.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xniidor\.com$/i"; classtype:trojan-activity; sid:37096221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname xniidor.com"; flow:to_server,established; http.header; content: "Host|3a| xniidor.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xniidor\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ramexpress.tempurl.host"; dns.query; content:"ramexpress.tempurl.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ramexpress\.tempurl\.host$/i"; classtype:trojan-activity; sid:37096251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ramexpress.tempurl.host"; flow:to_server,established; http.header; content: "Host|3a| ramexpress.tempurl.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ramexpress\.tempurl\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ramexpress.tempurl.host"; dns.query; content:"ramexpress.tempurl.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ramexpress\.tempurl\.host$/i"; classtype:trojan-activity; sid:37096281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ramexpress.tempurl.host"; flow:to_server,established; http.header; content: "Host|3a| ramexpress.tempurl.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ramexpress\.tempurl\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname dvisdorfac.duckdns.org"; dns.query; content:"dvisdorfac.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dvisdorfac\.duckdns\.org$/i"; classtype:trojan-activity; sid:37096311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname dvisdorfac.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a| dvisdorfac.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dvisdorfac\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//dvisdorfac.duckdns.org"; flow:to_server,established; http.header; content:"dvisdorfac.duckdns.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname asdafa.cc"; dns.query; content:"asdafa.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asdafa\.cc$/i"; classtype:trojan-activity; sid:37096341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname asdafa.cc"; flow:to_server,established; http.header; content: "Host|3a| asdafa.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asdafa\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//asdafa.cc"; flow:to_server,established; http.header; content:"asdafa.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname redirected-fix.pages.dev"; dns.query; content:"redirected-fix.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redirected\-fix\.pages\.dev$/i"; classtype:trojan-activity; sid:37096371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname redirected-fix.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| redirected-fix.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redirected\-fix\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//redirected-fix.pages.dev"; flow:to_server,established; http.header; content:"redirected-fix.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname lnk.to"; dns.query; content:"lnk.to"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnk\.to$/i"; classtype:trojan-activity; sid:37096401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname lnk.to"; flow:to_server,established; http.header; content: "Host|3a| lnk.to"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnk\.to[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegramsites.com"; dns.query; content:"telegramsites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsites\.com$/i"; classtype:trojan-activity; sid:37096431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegramsites.com"; flow:to_server,established; http.header; content: "Host|3a| telegramsites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname prolo.vercel.app"; dns.query; content:"prolo.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prolo\.vercel\.app$/i"; classtype:trojan-activity; sid:37096461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname prolo.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| prolo.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prolo\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-837c3105ad644629ba0e67f066db8bfb.r2.dev"; dns.query; content:"pub-837c3105ad644629ba0e67f066db8bfb.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-837c3105ad644629ba0e67f066db8bfb\.r2\.dev$/i"; classtype:trojan-activity; sid:37096491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-837c3105ad644629ba0e67f066db8bfb.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-837c3105ad644629ba0e67f066db8bfb.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-837c3105ad644629ba0e67f066db8bfb\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//pub-837c3105ad644629ba0e67f066db8bfb.r2.dev/go.html"; flow:to_server,established; http.header; content:"pub-837c3105ad644629ba0e67f066db8bfb.r2.dev"; fast_pattern; nocase; http.uri; content:"/go.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname resetts.es"; dns.query; content:"resetts.es"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])resetts\.es$/i"; classtype:trojan-activity; sid:37096521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname resetts.es"; flow:to_server,established; http.header; content: "Host|3a| resetts.es"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])resetts\.es[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname prolo.now.sh"; dns.query; content:"prolo.now.sh"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prolo\.now\.sh$/i"; classtype:trojan-activity; sid:37096551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname prolo.now.sh"; flow:to_server,established; http.header; content: "Host|3a| prolo.now.sh"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prolo\.now\.sh[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname tlgram.top"; dns.query; content:"tlgram.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tlgram\.top$/i"; classtype:trojan-activity; sid:37096581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname tlgram.top"; flow:to_server,established; http.header; content: "Host|3a| tlgram.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tlgram\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//tlgram.top/"; flow:to_server,established; http.header; content:"tlgram.top"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname dadwhale.shop"; dns.query; content:"dadwhale.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dadwhale\.shop$/i"; classtype:trojan-activity; sid:37096611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname dadwhale.shop"; flow:to_server,established; http.header; content: "Host|3a| dadwhale.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dadwhale\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 874984.pages.dev"; dns.query; content:"874984.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])874984\.pages\.dev$/i"; classtype:trojan-activity; sid:37096641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 874984.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 874984.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])874984\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//874984.pages.dev"; flow:to_server,established; http.header; content:"874984.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname roninchat.pages.dev"; dns.query; content:"roninchat.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])roninchat\.pages\.dev$/i"; classtype:trojan-activity; sid:37096671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname roninchat.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| roninchat.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])roninchat\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//roninchat.pages.dev"; flow:to_server,established; http.header; content:"roninchat.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname snapsexfreeonly.pages.dev"; dns.query; content:"snapsexfreeonly.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snapsexfreeonly\.pages\.dev$/i"; classtype:trojan-activity; sid:37096701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname snapsexfreeonly.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| snapsexfreeonly.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snapsexfreeonly\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//snapsexfreeonly.pages.dev"; flow:to_server,established; http.header; content:"snapsexfreeonly.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname averfyt-esssein01123.sa.com"; dns.query; content:"averfyt-esssein01123.sa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])averfyt\-esssein01123\.sa\.com$/i"; classtype:trojan-activity; sid:37096731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname averfyt-esssein01123.sa.com"; flow:to_server,established; http.header; content: "Host|3a| averfyt-esssein01123.sa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])averfyt\-esssein01123\.sa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//averfyt-esssein01123.sa.com"; flow:to_server,established; http.header; content:"averfyt-esssein01123.sa.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usps.aaarrttc.cc"; dns.query; content:"usps.aaarrttc.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.aaarrttc\.cc$/i"; classtype:trojan-activity; sid:37096761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usps.aaarrttc.cc"; flow:to_server,established; http.header; content: "Host|3a| usps.aaarrttc.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.aaarrttc\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//usps.aaarrttc.cc"; flow:to_server,established; http.header; content:"usps.aaarrttc.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname s5.contacflsaro.com"; dns.query; content:"s5.contacflsaro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s5\.contacflsaro\.com$/i"; classtype:trojan-activity; sid:37096791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname s5.contacflsaro.com"; flow:to_server,established; http.header; content: "Host|3a| s5.contacflsaro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s5\.contacflsaro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ydgdhfhwigp2.tulisku.my.id"; dns.query; content:"ydgdhfhwigp2.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ydgdhfhwigp2\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37096821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ydgdhfhwigp2.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| ydgdhfhwigp2.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ydgdhfhwigp2\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//ydgdhfhwigp2.tulisku.my.id"; flow:to_server,established; http.header; content:"ydgdhfhwigp2.tulisku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cp54422.tw1.ru"; dns.query; content:"cp54422.tw1.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cp54422\.tw1\.ru$/i"; classtype:trojan-activity; sid:37096851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cp54422.tw1.ru"; flow:to_server,established; http.header; content: "Host|3a| cp54422.tw1.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cp54422\.tw1\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//cp54422.tw1.ru/login/ologin.php"; flow:to_server,established; http.header; content:"cp54422.tw1.ru"; fast_pattern; nocase; http.uri; content:"/login/ologin.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pixelsphotoricontest.pages.dev"; dns.query; content:"pixelsphotoricontest.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelsphotoricontest\.pages\.dev$/i"; classtype:trojan-activity; sid:37096881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pixelsphotoricontest.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pixelsphotoricontest.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelsphotoricontest\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//pixelsphotoricontest.pages.dev"; flow:to_server,established; http.header; content:"pixelsphotoricontest.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37096891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname authic-secured.webflow.io"; dns.query; content:"authic-secured.webflow.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])authic\-secured\.webflow\.io$/i"; classtype:trojan-activity; sid:37096941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname authic-secured.webflow.io"; flow:to_server,established; http.header; content: "Host|3a| authic-secured.webflow.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])authic\-secured\.webflow\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pannel-mother.com"; dns.query; content:"pannel-mother.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pannel\-mother\.com$/i"; classtype:trojan-activity; sid:37096971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pannel-mother.com"; flow:to_server,established; http.header; content: "Host|3a| pannel-mother.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pannel\-mother\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37096972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname edalatousaham.sbs"; dns.query; content:"edalatousaham.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edalatousaham\.sbs$/i"; classtype:trojan-activity; sid:37097001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname edalatousaham.sbs"; flow:to_server,established; http.header; content: "Host|3a| edalatousaham.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edalatousaham\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname iranbymsaham.sbs"; dns.query; content:"iranbymsaham.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iranbymsaham\.sbs$/i"; classtype:trojan-activity; sid:37097031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname iranbymsaham.sbs"; flow:to_server,established; http.header; content: "Host|3a| iranbymsaham.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iranbymsaham\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname efasahde.rest"; dns.query; content:"efasahde.rest"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])efasahde\.rest$/i"; classtype:trojan-activity; sid:37097061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname efasahde.rest"; flow:to_server,established; http.header; content: "Host|3a| efasahde.rest"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])efasahde\.rest[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname iranivbesham.sbs"; dns.query; content:"iranivbesham.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iranivbesham\.sbs$/i"; classtype:trojan-activity; sid:37097091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname iranivbesham.sbs"; flow:to_server,established; http.header; content: "Host|3a| iranivbesham.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iranivbesham\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ersahmcriran.sbs"; dns.query; content:"ersahmcriran.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ersahmcriran\.sbs$/i"; classtype:trojan-activity; sid:37097121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ersahmcriran.sbs"; flow:to_server,established; http.header; content: "Host|3a| ersahmcriran.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ersahmcriran\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname irantausahm.hair"; dns.query; content:"irantausahm.hair"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])irantausahm\.hair$/i"; classtype:trojan-activity; sid:37097151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname irantausahm.hair"; flow:to_server,established; http.header; content: "Host|3a| irantausahm.hair"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])irantausahm\.hair[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname myirnasaham.sbs"; dns.query; content:"myirnasaham.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myirnasaham\.sbs$/i"; classtype:trojan-activity; sid:37097181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname myirnasaham.sbs"; flow:to_server,established; http.header; content: "Host|3a| myirnasaham.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myirnasaham\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname sahmiubziran.sbs"; dns.query; content:"sahmiubziran.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sahmiubziran\.sbs$/i"; classtype:trojan-activity; sid:37097211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname sahmiubziran.sbs"; flow:to_server,established; http.header; content: "Host|3a| sahmiubziran.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sahmiubziran\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname sahmuenxirn.sbs"; dns.query; content:"sahmuenxirn.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sahmuenxirn\.sbs$/i"; classtype:trojan-activity; sid:37097241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname sahmuenxirn.sbs"; flow:to_server,established; http.header; content: "Host|3a| sahmuenxirn.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sahmuenxirn\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname sham-1402edalat.sbs"; dns.query; content:"sham-1402edalat.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sham\-1402edalat\.sbs$/i"; classtype:trojan-activity; sid:37097271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname sham-1402edalat.sbs"; flow:to_server,established; http.header; content: "Host|3a| sham-1402edalat.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sham\-1402edalat\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-fc7862a83ca94b99bd287a1a7b9d59a7.r2.dev"; dns.query; content:"pub-fc7862a83ca94b99bd287a1a7b9d59a7.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-fc7862a83ca94b99bd287a1a7b9d59a7\.r2\.dev$/i"; classtype:trojan-activity; sid:37097301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-fc7862a83ca94b99bd287a1a7b9d59a7.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-fc7862a83ca94b99bd287a1a7b9d59a7.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-fc7862a83ca94b99bd287a1a7b9d59a7\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname anonbyte.pages.dev"; dns.query; content:"anonbyte.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anonbyte\.pages\.dev$/i"; classtype:trojan-activity; sid:37097331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname anonbyte.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| anonbyte.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anonbyte\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//anonbyte.pages.dev/"; flow:to_server,established; http.header; content:"anonbyte.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37097341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-98de28bc764c4006b54997917c3d7dd9.r2.dev"; dns.query; content:"pub-98de28bc764c4006b54997917c3d7dd9.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-98de28bc764c4006b54997917c3d7dd9\.r2\.dev$/i"; classtype:trojan-activity; sid:37097361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-98de28bc764c4006b54997917c3d7dd9.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-98de28bc764c4006b54997917c3d7dd9.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-98de28bc764c4006b54997917c3d7dd9\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname hello-world-billowing-grass-d41e.pamelathakurlawfirm-com.workers.dev"; dns.query; content:"hello-world-billowing-grass-d41e.pamelathakurlawfirm-com.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-billowing\-grass\-d41e\.pamelathakurlawfirm\-com\.workers\.dev$/i"; classtype:trojan-activity; sid:37097391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname hello-world-billowing-grass-d41e.pamelathakurlawfirm-com.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-billowing-grass-d41e.pamelathakurlawfirm-com.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-billowing\-grass\-d41e\.pamelathakurlawfirm\-com\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//hello-world-billowing-grass-d41e.pamelathakurlawfirm-com.workers.dev/"; flow:to_server,established; http.header; content:"hello-world-billowing-grass-d41e.pamelathakurlawfirm-com.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37097401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-c5e2dbb58028490685ab5f7a51d147da.r2.dev"; dns.query; content:"pub-c5e2dbb58028490685ab5f7a51d147da.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-c5e2dbb58028490685ab5f7a51d147da\.r2\.dev$/i"; classtype:trojan-activity; sid:37097421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-c5e2dbb58028490685ab5f7a51d147da.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-c5e2dbb58028490685ab5f7a51d147da.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-c5e2dbb58028490685ab5f7a51d147da\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname openroomprivate.melayu-viral-vvip.my.id"; dns.query; content:"openroomprivate.melayu-viral-vvip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])openroomprivate\.melayu\-viral\-vvip\.my\.id$/i"; classtype:trojan-activity; sid:37097451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname openroomprivate.melayu-viral-vvip.my.id"; flow:to_server,established; http.header; content: "Host|3a| openroomprivate.melayu-viral-vvip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])openroomprivate\.melayu\-viral\-vvip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname gatheringallhere.com"; dns.query; content:"gatheringallhere.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gatheringallhere\.com$/i"; classtype:trojan-activity; sid:37097481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname gatheringallhere.com"; flow:to_server,established; http.header; content: "Host|3a| gatheringallhere.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gatheringallhere\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname informasi-terupdate.my.id"; dns.query; content:"informasi-terupdate.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasi\-terupdate\.my\.id$/i"; classtype:trojan-activity; sid:37097511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname informasi-terupdate.my.id"; flow:to_server,established; http.header; content: "Host|3a| informasi-terupdate.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasi\-terupdate\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname auth.telegzim.cn"; dns.query; content:"auth.telegzim.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auth\.telegzim\.cn$/i"; classtype:trojan-activity; sid:37097541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname auth.telegzim.cn"; flow:to_server,established; http.header; content: "Host|3a| auth.telegzim.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auth\.telegzim\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//auth.telegzim.cn/"; flow:to_server,established; http.header; content:"auth.telegzim.cn"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37097551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cekinffojawattankosong.bankk.biz.id"; dns.query; content:"cekinffojawattankosong.bankk.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cekinffojawattankosong\.bankk\.biz\.id$/i"; classtype:trojan-activity; sid:37097571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cekinffojawattankosong.bankk.biz.id"; flow:to_server,established; http.header; content: "Host|3a| cekinffojawattankosong.bankk.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cekinffojawattankosong\.bankk\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegrmna.club"; dns.query; content:"telegrmna.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmna\.club$/i"; classtype:trojan-activity; sid:37097601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegrmna.club"; flow:to_server,established; http.header; content: "Host|3a| telegrmna.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmna\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//telegrmna.club/"; flow:to_server,established; http.header; content:"telegrmna.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37097611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegyram.org"; dns.query; content:"telegyram.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegyram\.org$/i"; classtype:trojan-activity; sid:37097631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegyram.org"; flow:to_server,established; http.header; content: "Host|3a| telegyram.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegyram\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//telegyram.org/"; flow:to_server,established; http.header; content:"telegyram.org"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37097641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname sctele.my.id"; dns.query; content:"sctele.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sctele\.my\.id$/i"; classtype:trojan-activity; sid:37097661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname sctele.my.id"; flow:to_server,established; http.header; content: "Host|3a| sctele.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sctele\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname web.telegrann-yz.vip"; dns.query; content:"web.telegrann-yz.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrann\-yz\.vip$/i"; classtype:trojan-activity; sid:37097691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname web.telegrann-yz.vip"; flow:to_server,established; http.header; content: "Host|3a| web.telegrann-yz.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrann\-yz\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname tgadminuser.dsdfhgb.top"; dns.query; content:"tgadminuser.dsdfhgb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.dsdfhgb\.top$/i"; classtype:trojan-activity; sid:37097721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname tgadminuser.dsdfhgb.top"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.dsdfhgb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.dsdfhgb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname tg.telegarm-mt.top"; dns.query; content:"tg.telegarm-mt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-mt\.top$/i"; classtype:trojan-activity; sid:37097751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname tg.telegarm-mt.top"; flow:to_server,established; http.header; content: "Host|3a| tg.telegarm-mt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-mt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname web.telegrann-or.com"; dns.query; content:"web.telegrann-or.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrann\-or\.com$/i"; classtype:trojan-activity; sid:37097781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname web.telegrann-or.com"; flow:to_server,established; http.header; content: "Host|3a| web.telegrann-or.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrann\-or\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname kedailelong.ceo10-sumber.my.id"; dns.query; content:"kedailelong.ceo10-sumber.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kedailelong\.ceo10\-sumber\.my\.id$/i"; classtype:trojan-activity; sid:37097811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname kedailelong.ceo10-sumber.my.id"; flow:to_server,established; http.header; content: "Host|3a| kedailelong.ceo10-sumber.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kedailelong\.ceo10\-sumber\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname gufl3233.odns.fr"; dns.query; content:"gufl3233.odns.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gufl3233\.odns\.fr$/i"; classtype:trojan-activity; sid:37097841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname gufl3233.odns.fr"; flow:to_server,established; http.header; content: "Host|3a| gufl3233.odns.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gufl3233\.odns\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname xcvbnv.pages.dev"; dns.query; content:"xcvbnv.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xcvbnv\.pages\.dev$/i"; classtype:trojan-activity; sid:37097871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname xcvbnv.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| xcvbnv.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xcvbnv\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//xcvbnv.pages.dev"; flow:to_server,established; http.header; content:"xcvbnv.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37097881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 9847.pages.dev"; dns.query; content:"9847.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9847\.pages\.dev$/i"; classtype:trojan-activity; sid:37097901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 9847.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 9847.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9847\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//9847.pages.dev"; flow:to_server,established; http.header; content:"9847.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37097911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname wygdyk.com"; dns.query; content:"wygdyk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wygdyk\.com$/i"; classtype:trojan-activity; sid:37097931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname wygdyk.com"; flow:to_server,established; http.header; content: "Host|3a| wygdyk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wygdyk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname tokenpbrket.biz"; dns.query; content:"tokenpbrket.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbrket\.biz$/i"; classtype:trojan-activity; sid:37097961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname tokenpbrket.biz"; flow:to_server,established; http.header; content: "Host|3a| tokenpbrket.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbrket\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//tokenpbrket.biz"; flow:to_server,established; http.header; content:"tokenpbrket.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37097971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname wygdyk.com"; dns.query; content:"wygdyk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wygdyk\.com$/i"; classtype:trojan-activity; sid:37097991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname wygdyk.com"; flow:to_server,established; http.header; content: "Host|3a| wygdyk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wygdyk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37097992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//wygdyk.com"; flow:to_server,established; http.header; content:"wygdyk.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname tp19.net"; dns.query; content:"tp19.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp19\.net$/i"; classtype:trojan-activity; sid:37098021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname tp19.net"; flow:to_server,established; http.header; content: "Host|3a| tp19.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp19\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//tp19.net"; flow:to_server,established; http.header; content:"tp19.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname imtoken-cc.biz"; dns.query; content:"imtoken-cc.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cc\.biz$/i"; classtype:trojan-activity; sid:37098051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname imtoken-cc.biz"; flow:to_server,established; http.header; content: "Host|3a| imtoken-cc.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cc\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//imtoken-cc.biz"; flow:to_server,established; http.header; content:"imtoken-cc.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname imtoken-cb.tel"; dns.query; content:"imtoken-cb.tel"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.tel$/i"; classtype:trojan-activity; sid:37098081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname imtoken-cb.tel"; flow:to_server,established; http.header; content: "Host|3a| imtoken-cb.tel"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cb\.tel[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//imtoken-cb.tel"; flow:to_server,established; http.header; content:"imtoken-cb.tel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname tokenpbrket.fyi"; dns.query; content:"tokenpbrket.fyi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbrket\.fyi$/i"; classtype:trojan-activity; sid:37098111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname tokenpbrket.fyi"; flow:to_server,established; http.header; content: "Host|3a| tokenpbrket.fyi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbrket\.fyi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//tokenpbrket.fyi"; flow:to_server,established; http.header; content:"tokenpbrket.fyi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname tokenpbqket.tel"; dns.query; content:"tokenpbqket.tel"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.tel$/i"; classtype:trojan-activity; sid:37098141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname tokenpbqket.tel"; flow:to_server,established; http.header; content: "Host|3a| tokenpbqket.tel"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.tel[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//tokenpbqket.tel"; flow:to_server,established; http.header; content:"tokenpbqket.tel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname whatsapp-milf.pages.dev"; dns.query; content:"whatsapp-milf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsapp\-milf\.pages\.dev$/i"; classtype:trojan-activity; sid:37098171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname whatsapp-milf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| whatsapp-milf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsapp\-milf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//whatsapp-milf.pages.dev"; flow:to_server,established; http.header; content:"whatsapp-milf.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ovvcsalem.pages.dev"; dns.query; content:"ovvcsalem.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ovvcsalem\.pages\.dev$/i"; classtype:trojan-activity; sid:37098201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ovvcsalem.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ovvcsalem.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ovvcsalem\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//ovvcsalem.pages.dev"; flow:to_server,established; http.header; content:"ovvcsalem.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname letg.pages.dev"; dns.query; content:"letg.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])letg\.pages\.dev$/i"; classtype:trojan-activity; sid:37098231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname letg.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| letg.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])letg\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//letg.pages.dev"; flow:to_server,established; http.header; content:"letg.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname mute-sun-1abb.uqgeg0c7.workers.dev"; dns.query; content:"mute-sun-1abb.uqgeg0c7.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mute\-sun\-1abb\.uqgeg0c7\.workers\.dev$/i"; classtype:trojan-activity; sid:37098261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname mute-sun-1abb.uqgeg0c7.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| mute-sun-1abb.uqgeg0c7.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mute\-sun\-1abb\.uqgeg0c7\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//mute-sun-1abb.uqgeg0c7.workers.dev"; flow:to_server,established; http.header; content:"mute-sun-1abb.uqgeg0c7.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 349848.pages.dev"; dns.query; content:"349848.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])349848\.pages\.dev$/i"; classtype:trojan-activity; sid:37098291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 349848.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 349848.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])349848\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//349848.pages.dev"; flow:to_server,established; http.header; content:"349848.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname d12odh18sh7.tulisku.my.id"; dns.query; content:"d12odh18sh7.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d12odh18sh7\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37098321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname d12odh18sh7.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| d12odh18sh7.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d12odh18sh7\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//d12odh18sh7.tulisku.my.id"; flow:to_server,established; http.header; content:"d12odh18sh7.tulisku.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37098351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-d603c924b2094d6883f06a98fe26ea5c.r2.dev"; dns.query; content:"pub-d603c924b2094d6883f06a98fe26ea5c.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d603c924b2094d6883f06a98fe26ea5c\.r2\.dev$/i"; classtype:trojan-activity; sid:37098381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-d603c924b2094d6883f06a98fe26ea5c.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-d603c924b2094d6883f06a98fe26ea5c.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d603c924b2094d6883f06a98fe26ea5c\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname worker-solitary-sound-4939.kbeyer71.workers.dev"; dns.query; content:"worker-solitary-sound-4939.kbeyer71.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-solitary\-sound\-4939\.kbeyer71\.workers\.dev$/i"; classtype:trojan-activity; sid:37098411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname worker-solitary-sound-4939.kbeyer71.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-solitary-sound-4939.kbeyer71.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-solitary\-sound\-4939\.kbeyer71\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname worker-hidden-frost-435b.kencothren.workers.dev"; dns.query; content:"worker-hidden-frost-435b.kencothren.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-hidden\-frost\-435b\.kencothren\.workers\.dev$/i"; classtype:trojan-activity; sid:37098441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname worker-hidden-frost-435b.kencothren.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-hidden-frost-435b.kencothren.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-hidden\-frost\-435b\.kencothren\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//worker-hidden-frost-435b.kencothren.workers.dev/"; flow:to_server,established; http.header; content:"worker-hidden-frost-435b.kencothren.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegramd4tingggxxx212.pages.dev"; dns.query; content:"telegramd4tingggxxx212.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramd4tingggxxx212\.pages\.dev$/i"; classtype:trojan-activity; sid:37098471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegramd4tingggxxx212.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramd4tingggxxx212.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramd4tingggxxx212\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//telegramd4tingggxxx212.pages.dev"; flow:to_server,established; http.header; content:"telegramd4tingggxxx212.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegramdating212.pages.dev"; dns.query; content:"telegramdating212.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramdating212\.pages\.dev$/i"; classtype:trojan-activity; sid:37098501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegramdating212.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramdating212.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramdating212\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//telegramdating212.pages.dev"; flow:to_server,established; http.header; content:"telegramdating212.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname eeurz.pages.dev"; dns.query; content:"eeurz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eeurz\.pages\.dev$/i"; classtype:trojan-activity; sid:37098531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname eeurz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| eeurz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eeurz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//eeurz.pages.dev"; flow:to_server,established; http.header; content:"eeurz.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegram-group.pages.dev"; dns.query; content:"telegram-group.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-group\.pages\.dev$/i"; classtype:trojan-activity; sid:37098561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegram-group.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegram-group.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-group\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//telegram-group.pages.dev"; flow:to_server,established; http.header; content:"telegram-group.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname edevletiadebasladi2024.pt"; dns.query; content:"edevletiadebasladi2024.pt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevletiadebasladi2024\.pt$/i"; classtype:trojan-activity; sid:37098591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname edevletiadebasladi2024.pt"; flow:to_server,established; http.header; content: "Host|3a| edevletiadebasladi2024.pt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevletiadebasladi2024\.pt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//edevletiadebasladi2024.pt"; flow:to_server,established; http.header; content:"edevletiadebasladi2024.pt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ckt.nmy.mybluehost.me"; dns.query; content:"ckt.nmy.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ckt\.nmy\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37098621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ckt.nmy.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| ckt.nmy.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ckt\.nmy\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ckt.nmy.mybluehost.me"; dns.query; content:"ckt.nmy.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ckt\.nmy\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37098651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ckt.nmy.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| ckt.nmy.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ckt\.nmy\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname ckt.nmy.mybluehost.me"; dns.query; content:"ckt.nmy.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ckt\.nmy\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37098681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname ckt.nmy.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| ckt.nmy.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ckt\.nmy\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname wilmse-d767.eoethehorbmnlkntua.workers.dev"; dns.query; content:"wilmse-d767.eoethehorbmnlkntua.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wilmse\-d767\.eoethehorbmnlkntua\.workers\.dev$/i"; classtype:trojan-activity; sid:37098711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname wilmse-d767.eoethehorbmnlkntua.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wilmse-d767.eoethehorbmnlkntua.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wilmse\-d767\.eoethehorbmnlkntua\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//wilmse-d767.eoethehorbmnlkntua.workers.dev"; flow:to_server,established; http.header; content:"wilmse-d767.eoethehorbmnlkntua.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname wonderfdul-sopapillas-70s.netlify.app"; dns.query; content:"wonderfdul-sopapillas-70s.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wonderfdul\-sopapillas\-70s\.netlify\.app$/i"; classtype:trojan-activity; sid:37098741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname wonderfdul-sopapillas-70s.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| wonderfdul-sopapillas-70s.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wonderfdul\-sopapillas\-70s\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//wonderfdul-sopapillas-70s.netlify.app"; flow:to_server,established; http.header; content:"wonderfdul-sopapillas-70s.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname warrant-complaints-reports-case.netlify.app"; dns.query; content:"warrant-complaints-reports-case.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])warrant\-complaints\-reports\-case\.netlify\.app$/i"; classtype:trojan-activity; sid:37098771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname warrant-complaints-reports-case.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| warrant-complaints-reports-case.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])warrant\-complaints\-reports\-case\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//warrant-complaints-reports-case.netlify.app"; flow:to_server,established; http.header; content:"warrant-complaints-reports-case.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspz.usspja.top"; dns.query; content:"uspz.usspja.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspja\.top$/i"; classtype:trojan-activity; sid:37098801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspz.usspja.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspja.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspja\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//uspz.usspja.top/pg?do=index"; flow:to_server,established; http.header; content:"uspz.usspja.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspz.uspsen.top"; dns.query; content:"uspz.uspsen.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsen\.top$/i"; classtype:trojan-activity; sid:37098831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspz.uspsen.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsen.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsen\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//uspz.uspsen.top/pg?do=index"; flow:to_server,established; http.header; content:"uspz.uspsen.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usp.ussppn.top"; dns.query; content:"usp.ussppn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppn\.top$/i"; classtype:trojan-activity; sid:37098861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usp.ussppn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//usp.ussppn.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.ussppn.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspz.uspnn.top"; dns.query; content:"uspz.uspnn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnn\.top$/i"; classtype:trojan-activity; sid:37098891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspz.uspnn.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspnn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//uspz.uspnn.top"; flow:to_server,established; http.header; content:"uspz.uspnn.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspz.uspmv.top"; dns.query; content:"uspz.uspmv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmv\.top$/i"; classtype:trojan-activity; sid:37098921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspz.uspmv.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//uspz.uspmv.top/pg?do=index"; flow:to_server,established; http.header; content:"uspz.uspmv.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspsmail.top"; dns.query; content:"uspsmail.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsmail\.top$/i"; classtype:trojan-activity; sid:37098951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspsmail.top"; flow:to_server,established; http.header; content: "Host|3a| uspsmail.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsmail\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//uspsmail.top"; flow:to_server,established; http.header; content:"uspsmail.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspe.usspsc.top"; dns.query; content:"uspe.usspsc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspsc\.top$/i"; classtype:trojan-activity; sid:37098981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspe.usspsc.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspsc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspsc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37098982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//uspe.usspsc.top/pg?do=index"; flow:to_server,established; http.header; content:"uspe.usspsc.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37098991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname zegsu.com"; dns.query; content:"zegsu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zegsu\.com$/i"; classtype:trojan-activity; sid:37099011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname zegsu.com"; flow:to_server,established; http.header; content: "Host|3a| zegsu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zegsu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname zegsu.com"; dns.query; content:"zegsu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zegsu\.com$/i"; classtype:trojan-activity; sid:37099041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname zegsu.com"; flow:to_server,established; http.header; content: "Host|3a| zegsu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zegsu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname zegsu.com"; dns.query; content:"zegsu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zegsu\.com$/i"; classtype:trojan-activity; sid:37099071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname zegsu.com"; flow:to_server,established; http.header; content: "Host|3a| zegsu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zegsu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname yondasatt.weebly.com"; dns.query; content:"yondasatt.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yondasatt\.weebly\.com$/i"; classtype:trojan-activity; sid:37099101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname yondasatt.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| yondasatt.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yondasatt\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname xzc.cra.mybluehost.me"; dns.query; content:"xzc.cra.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xzc\.cra\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37099131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname xzc.cra.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| xzc.cra.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xzc\.cra\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname informasibansos2024.chek11.my.id"; dns.query; content:"informasibansos2024.chek11.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasibansos2024\.chek11\.my\.id$/i"; classtype:trojan-activity; sid:37099161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname informasibansos2024.chek11.my.id"; flow:to_server,established; http.header; content: "Host|3a| informasibansos2024.chek11.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasibansos2024\.chek11\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usq.usspix.top"; dns.query; content:"usq.usspix.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usq\.usspix\.top$/i"; classtype:trojan-activity; sid:37099191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usq.usspix.top"; flow:to_server,established; http.header; content: "Host|3a| usq.usspix.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usq\.usspix\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspz.usspkd.top"; dns.query; content:"uspz.usspkd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspkd\.top$/i"; classtype:trojan-activity; sid:37099221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspz.usspkd.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspkd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspkd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname usps-ins.com"; dns.query; content:"usps-ins.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-ins\.com$/i"; classtype:trojan-activity; sid:37099251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname usps-ins.com"; flow:to_server,established; http.header; content: "Host|3a| usps-ins.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-ins\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspo.ussptn.top"; dns.query; content:"uspo.ussptn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptn\.top$/i"; classtype:trojan-activity; sid:37099281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspo.ussptn.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussptn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussptn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspo.usspth.top"; dns.query; content:"uspo.usspth.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspth\.top$/i"; classtype:trojan-activity; sid:37099311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspo.usspth.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspth.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspth\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspd.usspgn.top"; dns.query; content:"uspd.usspgn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspgn\.top$/i"; classtype:trojan-activity; sid:37099341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspd.usspgn.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspgn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspgn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname uspc.usspti.top"; dns.query; content:"uspc.usspti.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspti\.top$/i"; classtype:trojan-activity; sid:37099371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname uspc.usspti.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspti.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspti\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegramgroupinvitexxxx.pages.dev"; dns.query; content:"telegramgroupinvitexxxx.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramgroupinvitexxxx\.pages\.dev$/i"; classtype:trojan-activity; sid:37099401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegramgroupinvitexxxx.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramgroupinvitexxxx.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramgroupinvitexxxx\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname shivam-writes.github.io"; dns.query; content:"shivam-writes.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shivam\-writes\.github\.io$/i"; classtype:trojan-activity; sid:37099431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname shivam-writes.github.io"; flow:to_server,established; http.header; content: "Host|3a| shivam-writes.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shivam\-writes\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname shary.io"; dns.query; content:"shary.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shary\.io$/i"; classtype:trojan-activity; sid:37099461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname shary.io"; flow:to_server,established; http.header; content: "Host|3a| shary.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shary\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname sgocbc-bankiing-siingapore.com"; dns.query; content:"sgocbc-bankiing-siingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sgocbc\-bankiing\-siingapore\.com$/i"; classtype:trojan-activity; sid:37099491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname sgocbc-bankiing-siingapore.com"; flow:to_server,established; http.header; content: "Host|3a| sgocbc-bankiing-siingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sgocbc\-bankiing\-siingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-87370549686248abaf668cfffcf181c1.r2.dev"; dns.query; content:"pub-87370549686248abaf668cfffcf181c1.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-87370549686248abaf668cfffcf181c1\.r2\.dev$/i"; classtype:trojan-activity; sid:37099521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-87370549686248abaf668cfffcf181c1.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-87370549686248abaf668cfffcf181c1.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-87370549686248abaf668cfffcf181c1\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-2bd1a9d456724e738dd84982d3a21563.r2.dev"; dns.query; content:"pub-2bd1a9d456724e738dd84982d3a21563.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-2bd1a9d456724e738dd84982d3a21563\.r2\.dev$/i"; classtype:trojan-activity; sid:37099551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-2bd1a9d456724e738dd84982d3a21563.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-2bd1a9d456724e738dd84982d3a21563.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-2bd1a9d456724e738dd84982d3a21563\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-0bfbdcd725924ae4abab04354a5e026f.r2.dev"; dns.query; content:"pub-0bfbdcd725924ae4abab04354a5e026f.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-0bfbdcd725924ae4abab04354a5e026f\.r2\.dev$/i"; classtype:trojan-activity; sid:37099581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-0bfbdcd725924ae4abab04354a5e026f.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-0bfbdcd725924ae4abab04354a5e026f.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-0bfbdcd725924ae4abab04354a5e026f\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname lnstacyram.blogspot.com"; dns.query; content:"lnstacyram.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnstacyram\.blogspot\.com$/i"; classtype:trojan-activity; sid:37099611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname lnstacyram.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| lnstacyram.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnstacyram\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname noreplyattbellsbc.weebly.com"; dns.query; content:"noreplyattbellsbc.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])noreplyattbellsbc\.weebly\.com$/i"; classtype:trojan-activity; sid:37099641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname noreplyattbellsbc.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| noreplyattbellsbc.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])noreplyattbellsbc\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname nodepanelauths.pages.dev"; dns.query; content:"nodepanelauths.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodepanelauths\.pages\.dev$/i"; classtype:trojan-activity; sid:37099671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname nodepanelauths.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nodepanelauths.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodepanelauths\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname mute-voice-f54e.nocycaqi8656.workers.dev"; dns.query; content:"mute-voice-f54e.nocycaqi8656.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mute\-voice\-f54e\.nocycaqi8656\.workers\.dev$/i"; classtype:trojan-activity; sid:37099701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname mute-voice-f54e.nocycaqi8656.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| mute-voice-f54e.nocycaqi8656.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mute\-voice\-f54e\.nocycaqi8656\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname mediafireqwrcpkx.terbaru-2023.com"; dns.query; content:"mediafireqwrcpkx.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafireqwrcpkx\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37099731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname mediafireqwrcpkx.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| mediafireqwrcpkx.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafireqwrcpkx\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname mediafireoswvbsz.terbaru-2023.com"; dns.query; content:"mediafireoswvbsz.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafireoswvbsz\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37099761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname mediafireoswvbsz.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| mediafireoswvbsz.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafireoswvbsz\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname mediafirebjmgszj.terbaru-2023.com"; dns.query; content:"mediafirebjmgszj.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafirebjmgszj\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37099791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname mediafirebjmgszj.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| mediafirebjmgszj.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafirebjmgszj\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname mediafireqwrcpkx.terbaru-2023.com"; dns.query; content:"mediafireqwrcpkx.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafireqwrcpkx\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37099821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname mediafireqwrcpkx.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| mediafireqwrcpkx.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafireqwrcpkx\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname mediafirebjmgszj.terbaru-2023.com"; dns.query; content:"mediafirebjmgszj.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafirebjmgszj\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37099851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname mediafirebjmgszj.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| mediafirebjmgszj.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafirebjmgszj\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname mediafireazkhmoe.terbaru-2023.com"; dns.query; content:"mediafireazkhmoe.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafireazkhmoe\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37099881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname mediafireazkhmoe.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| mediafireazkhmoe.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafireazkhmoe\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname lnstacyram.blogspot.ca"; dns.query; content:"lnstacyram.blogspot.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnstacyram\.blogspot\.ca$/i"; classtype:trojan-activity; sid:37099911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname lnstacyram.blogspot.ca"; flow:to_server,established; http.header; content: "Host|3a| lnstacyram.blogspot.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnstacyram\.blogspot\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname lnstacyram.blogspot.de"; dns.query; content:"lnstacyram.blogspot.de"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnstacyram\.blogspot\.de$/i"; classtype:trojan-activity; sid:37099941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname lnstacyram.blogspot.de"; flow:to_server,established; http.header; content: "Host|3a| lnstacyram.blogspot.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnstacyram\.blogspot\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname kmo.pages.dev"; dns.query; content:"kmo.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kmo\.pages\.dev$/i"; classtype:trojan-activity; sid:37099971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname kmo.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| kmo.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kmo\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37099972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname kmo.pages.dev"; dns.query; content:"kmo.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kmo\.pages\.dev$/i"; classtype:trojan-activity; sid:37100001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname kmo.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| kmo.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kmo\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname keepo.io"; dns.query; content:"keepo.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])keepo\.io$/i"; classtype:trojan-activity; sid:37100031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname keepo.io"; flow:to_server,established; http.header; content: "Host|3a| keepo.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])keepo\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname jddmowlserfg.weebly.com"; dns.query; content:"jddmowlserfg.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jddmowlserfg\.weebly\.com$/i"; classtype:trojan-activity; sid:37100061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname jddmowlserfg.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| jddmowlserfg.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jddmowlserfg\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname informasibansos2024.chek11.my.id"; dns.query; content:"informasibansos2024.chek11.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasibansos2024\.chek11\.my\.id$/i"; classtype:trojan-activity; sid:37100091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname informasibansos2024.chek11.my.id"; flow:to_server,established; http.header; content: "Host|3a| informasibansos2024.chek11.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasibansos2024\.chek11\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname hsj.pages.dev"; dns.query; content:"hsj.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hsj\.pages\.dev$/i"; classtype:trojan-activity; sid:37100121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname hsj.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hsj.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hsj\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname grup-wajcaj.terbaru-2023.com"; dns.query; content:"grup-wajcaj.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup\-wajcaj\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37100151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname grup-wajcaj.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| grup-wajcaj.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup\-wajcaj\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname growth34carolinastonesettingcofloratine.weebly.com"; dns.query; content:"growth34carolinastonesettingcofloratine.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])growth34carolinastonesettingcofloratine\.weebly\.com$/i"; classtype:trojan-activity; sid:37100181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname growth34carolinastonesettingcofloratine.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| growth34carolinastonesettingcofloratine.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])growth34carolinastonesettingcofloratine\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname groupviralprivate2024.com"; dns.query; content:"groupviralprivate2024.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])groupviralprivate2024\.com$/i"; classtype:trojan-activity; sid:37100211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname groupviralprivate2024.com"; flow:to_server,established; http.header; content: "Host|3a| groupviralprivate2024.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])groupviralprivate2024\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname sgocbc-bankiing-siingapore.com"; dns.query; content:"sgocbc-bankiing-siingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sgocbc\-bankiing\-siingapore\.com$/i"; classtype:trojan-activity; sid:37100241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname sgocbc-bankiing-siingapore.com"; flow:to_server,established; http.header; content: "Host|3a| sgocbc-bankiing-siingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sgocbc\-bankiing\-siingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//sgocbc-bankiing-siingapore.com/x"; flow:to_server,established; http.header; content:"sgocbc-bankiing-siingapore.com"; fast_pattern; nocase; http.uri; content:"/x"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname gbp.pages.dev"; dns.query; content:"gbp.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gbp\.pages\.dev$/i"; classtype:trojan-activity; sid:37100271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname gbp.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gbp.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gbp\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname gbp.pages.dev"; dns.query; content:"gbp.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gbp\.pages\.dev$/i"; classtype:trojan-activity; sid:37100301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname gbp.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gbp.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gbp\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname servec.template-radio.getonnet.dev"; dns.query; content:"servec.template-radio.getonnet.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev$/i"; classtype:trojan-activity; sid:37100331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname servec.template-radio.getonnet.dev"; flow:to_server,established; http.header; content: "Host|3a| servec.template-radio.getonnet.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//servec.template-radio.getonnet.dev/public/GsWhMa16tLcij7AWdwEZumJObICDgW07"; flow:to_server,established; http.header; content:"servec.template-radio.getonnet.dev"; fast_pattern; nocase; http.uri; content:"/public/GsWhMa16tLcij7AWdwEZumJObICDgW07"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname disk.vwwv.workers.dev"; dns.query; content:"disk.vwwv.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])disk\.vwwv\.workers\.dev$/i"; classtype:trojan-activity; sid:37100361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname disk.vwwv.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| disk.vwwv.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])disk\.vwwv\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cdonoug12onstruction23entalsequipmentnc.weebly.com"; dns.query; content:"cdonoug12onstruction23entalsequipmentnc.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cdonoug12onstruction23entalsequipmentnc\.weebly\.com$/i"; classtype:trojan-activity; sid:37100391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cdonoug12onstruction23entalsequipmentnc.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| cdonoug12onstruction23entalsequipmentnc.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cdonoug12onstruction23entalsequipmentnc\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname bellnet-105679.weeblysite.com"; dns.query; content:"bellnet-105679.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bellnet\-105679\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37100421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname bellnet-105679.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bellnet-105679.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bellnet\-105679\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname azinternet.cl"; dns.query; content:"azinternet.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])azinternet\.cl$/i"; classtype:trojan-activity; sid:37100451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname azinternet.cl"; flow:to_server,established; http.header; content: "Host|3a| azinternet.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])azinternet\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname attadmiin.weebly.com"; dns.query; content:"attadmiin.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attadmiin\.weebly\.com$/i"; classtype:trojan-activity; sid:37100481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname attadmiin.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| attadmiin.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attadmiin\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname a.3656240202.xyz"; dns.query; content:"a.3656240202.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])a\.3656240202\.xyz$/i"; classtype:trojan-activity; sid:37100511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname a.3656240202.xyz"; flow:to_server,established; http.header; content: "Host|3a| a.3656240202.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])a\.3656240202\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname account-complaint-guide-a49.netlify.app"; dns.query; content:"account-complaint-guide-a49.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])account\-complaint\-guide\-a49\.netlify\.app$/i"; classtype:trojan-activity; sid:37100541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname account-complaint-guide-a49.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| account-complaint-guide-a49.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])account\-complaint\-guide\-a49\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 134-209-108-249.cprapid.com"; dns.query; content:"134-209-108-249.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])134\-209\-108\-249\.cprapid\.com$/i"; classtype:trojan-activity; sid:37100571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 134-209-108-249.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a| 134-209-108-249.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])134\-209\-108\-249\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 365k04.365k2024.cc"; dns.query; content:"365k04.365k2024.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365k04\.365k2024\.cc$/i"; classtype:trojan-activity; sid:37100601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 365k04.365k2024.cc"; flow:to_server,established; http.header; content: "Host|3a| 365k04.365k2024.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365k04\.365k2024\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 134-209-108-249.cprapid.com"; dns.query; content:"134-209-108-249.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])134\-209\-108\-249\.cprapid\.com$/i"; classtype:trojan-activity; sid:37100631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 134-209-108-249.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a| 134-209-108-249.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])134\-209\-108\-249\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 107686-webmail-bell-index-csi.weebly.com"; dns.query; content:"107686-webmail-bell-index-csi.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])107686\-webmail\-bell\-index\-csi\.weebly\.com$/i"; classtype:trojan-activity; sid:37100661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 107686-webmail-bell-index-csi.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| 107686-webmail-bell-index-csi.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])107686\-webmail\-bell\-index\-csi\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-53a1c614db634fb28f6bae0b22155810.r2.dev"; dns.query; content:"pub-53a1c614db634fb28f6bae0b22155810.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-53a1c614db634fb28f6bae0b22155810\.r2\.dev$/i"; classtype:trojan-activity; sid:37100691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-53a1c614db634fb28f6bae0b22155810.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-53a1c614db634fb28f6bae0b22155810.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-53a1c614db634fb28f6bae0b22155810\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//pub-53a1c614db634fb28f6bae0b22155810.r2.dev/oowa.html"; flow:to_server,established; http.header; content:"pub-53a1c614db634fb28f6bae0b22155810.r2.dev"; fast_pattern; nocase; http.uri; content:"/oowa.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname louuytfui.com"; dns.query; content:"louuytfui.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])louuytfui\.com$/i"; classtype:trojan-activity; sid:37100721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname louuytfui.com"; flow:to_server,established; http.header; content: "Host|3a| louuytfui.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])louuytfui\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//louuytfui.com/AXQ/USIOZ/GO/ice/user/check"; flow:to_server,established; http.header; content:"louuytfui.com"; fast_pattern; nocase; http.uri; content:"/AXQ/USIOZ/GO/ice/user/check"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname guarantee-consulting-advertising-za7.netlify.app"; dns.query; content:"guarantee-consulting-advertising-za7.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])guarantee\-consulting\-advertising\-za7\.netlify\.app$/i"; classtype:trojan-activity; sid:37100751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname guarantee-consulting-advertising-za7.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| guarantee-consulting-advertising-za7.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])guarantee\-consulting\-advertising\-za7\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//guarantee-consulting-advertising-za7.netlify.app"; flow:to_server,established; http.header; content:"guarantee-consulting-advertising-za7.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname freespiinetreela7zj.bpdy.biz.id"; dns.query; content:"freespiinetreela7zj.bpdy.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freespiinetreela7zj\.bpdy\.biz\.id$/i"; classtype:trojan-activity; sid:37100781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname freespiinetreela7zj.bpdy.biz.id"; flow:to_server,established; http.header; content: "Host|3a| freespiinetreela7zj.bpdy.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freespiinetreela7zj\.bpdy\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//freespiinetreela7zj.bpdy.biz.id/spin2024"; flow:to_server,established; http.header; content:"freespiinetreela7zj.bpdy.biz.id"; fast_pattern; nocase; http.uri; content:"/spin2024"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname fffreespiinetr6arsskc.bpdy.biz.id"; dns.query; content:"fffreespiinetr6arsskc.bpdy.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fffreespiinetr6arsskc\.bpdy\.biz\.id$/i"; classtype:trojan-activity; sid:37100811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname fffreespiinetr6arsskc.bpdy.biz.id"; flow:to_server,established; http.header; content: "Host|3a| fffreespiinetr6arsskc.bpdy.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fffreespiinetr6arsskc\.bpdy\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//fffreespiinetr6arsskc.bpdy.biz.id/spin2024"; flow:to_server,established; http.header; content:"fffreespiinetr6arsskc.bpdy.biz.id"; fast_pattern; nocase; http.uri; content:"/spin2024"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname fffreespiinetr6arsskc.bpdy.biz.id"; dns.query; content:"fffreespiinetr6arsskc.bpdy.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fffreespiinetr6arsskc\.bpdy\.biz\.id$/i"; classtype:trojan-activity; sid:37100841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname fffreespiinetr6arsskc.bpdy.biz.id"; flow:to_server,established; http.header; content: "Host|3a| fffreespiinetr6arsskc.bpdy.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fffreespiinetr6arsskc\.bpdy\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//fffreespiinetr6arsskc.bpdy.biz.id"; flow:to_server,established; http.header; content:"fffreespiinetr6arsskc.bpdy.biz.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname exodus-bit.com"; dns.query; content:"exodus-bit.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exodus\-bit\.com$/i"; classtype:trojan-activity; sid:37100871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname exodus-bit.com"; flow:to_server,established; http.header; content: "Host|3a| exodus-bit.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exodus\-bit\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//exodus-bit.com"; flow:to_server,established; http.header; content:"exodus-bit.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipns/k51qzi5uqu5dhznakxxzxc9ia56p13uhzu55u5oqzpteapnfnw3ywhwzvbsw7s?email=3mail@b.c"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipns/k51qzi5uqu5dhznakxxzxc9ia56p13uhzu55u5oqzpteapnfnw3ywhwzvbsw7s"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cfsgdppdumuu7i.works2024.my.id"; dns.query; content:"cfsgdppdumuu7i.works2024.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cfsgdppdumuu7i\.works2024\.my\.id$/i"; classtype:trojan-activity; sid:37100931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cfsgdppdumuu7i.works2024.my.id"; flow:to_server,established; http.header; content: "Host|3a| cfsgdppdumuu7i.works2024.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cfsgdppdumuu7i\.works2024\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//cfsgdppdumuu7i.works2024.my.id"; flow:to_server,established; http.header; content:"cfsgdppdumuu7i.works2024.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname b.3656240206.xyz"; dns.query; content:"b.3656240206.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b\.3656240206\.xyz$/i"; classtype:trojan-activity; sid:37100961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname b.3656240206.xyz"; flow:to_server,established; http.header; content: "Host|3a| b.3656240206.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b\.3656240206\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//b.3656240206.xyz"; flow:to_server,established; http.header; content:"b.3656240206.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37100971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname autogielda-klepowski.pl"; dns.query; content:"autogielda-klepowski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-klepowski\.pl$/i"; classtype:trojan-activity; sid:37100991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname autogielda-klepowski.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-klepowski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-klepowski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37100992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//autogielda-klepowski.pl"; flow:to_server,established; http.header; content:"autogielda-klepowski.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37101001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname attcom-103951.weeblysite.com"; dns.query; content:"attcom-103951.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attcom\-103951\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37101021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname attcom-103951.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| attcom-103951.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attcom\-103951\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//attcom-103951.weeblysite.com"; flow:to_server,established; http.header; content:"attcom-103951.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37101031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname auta-fikus.pl"; dns.query; content:"auta-fikus.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-fikus\.pl$/i"; classtype:trojan-activity; sid:37101051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname auta-fikus.pl"; flow:to_server,established; http.header; content: "Host|3a| auta-fikus.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-fikus\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//auta-fikus.pl"; flow:to_server,established; http.header; content:"auta-fikus.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37101061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname yellow-recipe-c615.wl5n4b9b.workers.dev"; dns.query; content:"yellow-recipe-c615.wl5n4b9b.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yellow\-recipe\-c615\.wl5n4b9b\.workers\.dev$/i"; classtype:trojan-activity; sid:37101081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname yellow-recipe-c615.wl5n4b9b.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| yellow-recipe-c615.wl5n4b9b.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yellow\-recipe\-c615\.wl5n4b9b\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//yellow-recipe-c615.wl5n4b9b.workers.dev/"; flow:to_server,established; http.header; content:"yellow-recipe-c615.wl5n4b9b.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37101091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37101111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37101141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev/cc04dfa8-c966-4ba6-a540-e66d72813276"; flow:to_server,established; http.header; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; http.uri; content:"/cc04dfa8-c966-4ba6-a540-e66d72813276"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37101151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37101171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37101201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37101231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37101261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37101291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37101321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37101351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37101381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37101411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 5fgfgfgrfg4g4gh4fg4f.blogspot.com"; dns.query; content:"5fgfgfgrfg4g4gh4fg4f.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfg4g4gh4fg4f\.blogspot\.com$/i"; classtype:trojan-activity; sid:37101441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 5fgfgfgrfg4g4gh4fg4f.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgrfg4g4gh4fg4f.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfg4g4gh4fg4f\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 5fgfgfgfrg4g4gh4f.blogspot.com"; dns.query; content:"5fgfgfgfrg4g4gh4f.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfrg4g4gh4f\.blogspot\.com$/i"; classtype:trojan-activity; sid:37101471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 5fgfgfgfrg4g4gh4f.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfrg4g4gh4f.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfrg4g4gh4f\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 5ghhrhrf3f3g4g4.blogspot.com"; dns.query; content:"5ghhrhrf3f3g4g4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghhrhrf3f3g4g4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37101501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 5ghhrhrf3f3g4g4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghhrhrf3f3g4g4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghhrhrf3f3g4g4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37101531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37101561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37101591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37101621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37101651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; dns.query; content:"2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev$/i"; classtype:trojan-activity; sid:37101681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 2e4g42hg54-crimson-lab-c5a8.srraufehxkvt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2e4g42hg54\-crimson\-lab\-c5a8\.srraufehxkvt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname haswellholden.com"; dns.query; content:"haswellholden.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])haswellholden\.com$/i"; classtype:trojan-activity; sid:37101711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname haswellholden.com"; flow:to_server,established; http.header; content: "Host|3a| haswellholden.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])haswellholden\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname home-stayawek.newsmy.id"; dns.query; content:"home-stayawek.newsmy.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-stayawek\.newsmy\.id$/i"; classtype:trojan-activity; sid:37101741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname home-stayawek.newsmy.id"; flow:to_server,established; http.header; content: "Host|3a| home-stayawek.newsmy.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-stayawek\.newsmy\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname privat-home.goodnewsmy.click"; dns.query; content:"privat-home.goodnewsmy.click"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])privat\-home\.goodnewsmy\.click$/i"; classtype:trojan-activity; sid:37101771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname privat-home.goodnewsmy.click"; flow:to_server,established; http.header; content: "Host|3a| privat-home.goodnewsmy.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])privat\-home\.goodnewsmy\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//privat-home.goodnewsmy.click/"; flow:to_server,established; http.header; content:"privat-home.goodnewsmy.click"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37101781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname home-awek-mys.newsmy.id"; dns.query; content:"home-awek-mys.newsmy.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-awek\-mys\.newsmy\.id$/i"; classtype:trojan-activity; sid:37101801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname home-awek-mys.newsmy.id"; flow:to_server,established; http.header; content: "Host|3a| home-awek-mys.newsmy.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-awek\-mys\.newsmy\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname awek-vip-home.newsmy.id"; dns.query; content:"awek-vip-home.newsmy.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])awek\-vip\-home\.newsmy\.id$/i"; classtype:trojan-activity; sid:37101831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname awek-vip-home.newsmy.id"; flow:to_server,established; http.header; content: "Host|3a| awek-vip-home.newsmy.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])awek\-vip\-home\.newsmy\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegamkf.icu"; dns.query; content:"telegamkf.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegamkf\.icu$/i"; classtype:trojan-activity; sid:37101861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegamkf.icu"; flow:to_server,established; http.header; content: "Host|3a| telegamkf.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegamkf\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 5ghhrhrf3f3g4g4.blogspot.com.mt"; dns.query; content:"5ghhrhrf3f3g4g4.blogspot.com.mt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghhrhrf3f3g4g4\.blogspot\.com\.mt$/i"; classtype:trojan-activity; sid:37101891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 5ghhrhrf3f3g4g4.blogspot.com.mt"; flow:to_server,established; http.header; content: "Host|3a| 5ghhrhrf3f3g4g4.blogspot.com.mt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghhrhrf3f3g4g4\.blogspot\.com\.mt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//5ghhrhrf3f3g4g4.blogspot.com.mt"; flow:to_server,established; http.header; content:"5ghhrhrf3f3g4g4.blogspot.com.mt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37101901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 5fgfgfgfrg4g4gh4f.blogspot.co.za"; dns.query; content:"5fgfgfgfrg4g4gh4f.blogspot.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfrg4g4gh4f\.blogspot\.co\.za$/i"; classtype:trojan-activity; sid:37101921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 5fgfgfgfrg4g4gh4f.blogspot.co.za"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfrg4g4gh4f.blogspot.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfrg4g4gh4f\.blogspot\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//5fgfgfgfrg4g4gh4f.blogspot.co.za"; flow:to_server,established; http.header; content:"5fgfgfgfrg4g4gh4f.blogspot.co.za"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37101931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 5fgfgfgrfg4g4gh4fg4f.blogspot.com.ee"; dns.query; content:"5fgfgfgrfg4g4gh4fg4f.blogspot.com.ee"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfg4g4gh4fg4f\.blogspot\.com\.ee$/i"; classtype:trojan-activity; sid:37101951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 5fgfgfgrfg4g4gh4fg4f.blogspot.com.ee"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgrfg4g4gh4fg4f.blogspot.com.ee"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfg4g4gh4fg4f\.blogspot\.com\.ee[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//5fgfgfgrfg4g4gh4fg4f.blogspot.com.ee"; flow:to_server,established; http.header; content:"5fgfgfgrfg4g4gh4fg4f.blogspot.com.ee"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37101961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 5fgfgfgg4g4gh4fg4fg.blogspot.com"; dns.query; content:"5fgfgfgg4g4gh4fg4fg.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgg4g4gh4fg4fg\.blogspot\.com$/i"; classtype:trojan-activity; sid:37101981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 5fgfgfgg4g4gh4fg4fg.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgg4g4gh4fg4fg.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgg4g4gh4fg4fg\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37101982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//5fgfgfgg4g4gh4fg4fg.blogspot.com/?m=1"; flow:to_server,established; http.header; content:"5fgfgfgg4g4gh4fg4fg.blogspot.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37101991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 5fgfgfgfgrg4g4h4.blogspot.com"; dns.query; content:"5fgfgfgfgrg4g4h4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4h4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37102011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 5fgfgfgfgrg4g4h4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrg4g4h4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4h4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//5fgfgfgfgrg4g4h4.blogspot.com/?m=1"; flow:to_server,established; http.header; content:"5fgfgfgfgrg4g4h4.blogspot.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 5fgfgfgfg4g4gh4fd.blogspot.com.by"; dns.query; content:"5fgfgfgfg4g4gh4fd.blogspot.com.by"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fd\.blogspot\.com\.by$/i"; classtype:trojan-activity; sid:37102041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fd.blogspot.com.by"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fd.blogspot.com.by"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fd\.blogspot\.com\.by[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//5fgfgfgfg4g4gh4fd.blogspot.com.by"; flow:to_server,established; http.header; content:"5fgfgfgfg4g4gh4fd.blogspot.com.by"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 5fgfgfgfgrg4g4h4.blogspot.com.by"; dns.query; content:"5fgfgfgfgrg4g4h4.blogspot.com.by"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4h4\.blogspot\.com\.by$/i"; classtype:trojan-activity; sid:37102071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 5fgfgfgfgrg4g4h4.blogspot.com.by"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrg4g4h4.blogspot.com.by"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4h4\.blogspot\.com\.by[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//5fgfgfgfgrg4g4h4.blogspot.com.by"; flow:to_server,established; http.header; content:"5fgfgfgfgrg4g4h4.blogspot.com.by"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname new-group-telegramx.pages.dev"; dns.query; content:"new-group-telegramx.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])new\-group\-telegramx\.pages\.dev$/i"; classtype:trojan-activity; sid:37102101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname new-group-telegramx.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| new-group-telegramx.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])new\-group\-telegramx\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//new-group-telegramx.pages.dev"; flow:to_server,established; http.header; content:"new-group-telegramx.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname iwxvd.pages.dev"; dns.query; content:"iwxvd.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iwxvd\.pages\.dev$/i"; classtype:trojan-activity; sid:37102131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname iwxvd.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| iwxvd.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iwxvd\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//iwxvd.pages.dev"; flow:to_server,established; http.header; content:"iwxvd.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname xvserdy.me"; dns.query; content:"xvserdy.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xvserdy\.me$/i"; classtype:trojan-activity; sid:37102161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname xvserdy.me"; flow:to_server,established; http.header; content: "Host|3a| xvserdy.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xvserdy\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//xvserdy.me"; flow:to_server,established; http.header; content:"xvserdy.me"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname imtoken-aa.fyi"; dns.query; content:"imtoken-aa.fyi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-aa\.fyi$/i"; classtype:trojan-activity; sid:37102191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname imtoken-aa.fyi"; flow:to_server,established; http.header; content: "Host|3a| imtoken-aa.fyi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-aa\.fyi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//imtoken-aa.fyi"; flow:to_server,established; http.header; content:"imtoken-aa.fyi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname iyyiuy.pages.dev"; dns.query; content:"iyyiuy.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iyyiuy\.pages\.dev$/i"; classtype:trojan-activity; sid:37102221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname iyyiuy.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| iyyiuy.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iyyiuy\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//iyyiuy.pages.dev"; flow:to_server,established; http.header; content:"iyyiuy.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname aidatdevlet.twilightparadox.com"; dns.query; content:"aidatdevlet.twilightparadox.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aidatdevlet\.twilightparadox\.com$/i"; classtype:trojan-activity; sid:37102251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname aidatdevlet.twilightparadox.com"; flow:to_server,established; http.header; content: "Host|3a| aidatdevlet.twilightparadox.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aidatdevlet\.twilightparadox\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//aidatdevlet.twilightparadox.com"; flow:to_server,established; http.header; content:"aidatdevlet.twilightparadox.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname crm.colegcymraeg.ac.uk"; dns.query; content:"crm.colegcymraeg.ac.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crm\.colegcymraeg\.ac\.uk$/i"; classtype:trojan-activity; sid:37102281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname crm.colegcymraeg.ac.uk"; flow:to_server,established; http.header; content: "Host|3a| crm.colegcymraeg.ac.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crm\.colegcymraeg\.ac\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//crm.colegcymraeg.ac.uk"; flow:to_server,established; http.header; content:"crm.colegcymraeg.ac.uk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname formulaire-aide-carburant.com"; dns.query; content:"formulaire-aide-carburant.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])formulaire\-aide\-carburant\.com$/i"; classtype:trojan-activity; sid:37102311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname formulaire-aide-carburant.com"; flow:to_server,established; http.header; content: "Host|3a| formulaire-aide-carburant.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])formulaire\-aide\-carburant\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//formulaire-aide-carburant.com"; flow:to_server,established; http.header; content:"formulaire-aide-carburant.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname piblog.me"; dns.query; content:"piblog.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])piblog\.me$/i"; classtype:trojan-activity; sid:37102341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname piblog.me"; flow:to_server,established; http.header; content: "Host|3a| piblog.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])piblog\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//piblog.me/wp-includes/ID3/sunrise.ch/index.html"; flow:to_server,established; http.header; content:"piblog.me"; fast_pattern; nocase; http.uri; content:"/wp-includes/ID3/sunrise.ch/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname posttfiinancelusi.com"; dns.query; content:"posttfiinancelusi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])posttfiinancelusi\.com$/i"; classtype:trojan-activity; sid:37102371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname posttfiinancelusi.com"; flow:to_server,established; http.header; content: "Host|3a| posttfiinancelusi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])posttfiinancelusi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname edabhome.com"; dns.query; content:"edabhome.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edabhome\.com$/i"; classtype:trojan-activity; sid:37102401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname edabhome.com"; flow:to_server,established; http.header; content: "Host|3a| edabhome.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edabhome\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname xzc.cra.mybluehost.me"; dns.query; content:"xzc.cra.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xzc\.cra\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37102431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname xzc.cra.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| xzc.cra.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xzc\.cra\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname sbsuisse.com"; dns.query; content:"sbsuisse.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbsuisse\.com$/i"; classtype:trojan-activity; sid:37102461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname sbsuisse.com"; flow:to_server,established; http.header; content: "Host|3a| sbsuisse.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbsuisse\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> 117.214.8.230 33411 (msg: "MISP e25970 [] Outgoing URL http|3a|//117.214.8.230|3a|33411/Mozi.a"; flow:to_server,established; http.header; content:"117.214.8.230"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37063951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 112.248.110.14 59959 (msg: "MISP e25970 [] Outgoing URL http|3a|//112.248.110.14|3a|59959/Mozi.m"; flow:to_server,established; http.header; content:"112.248.110.14"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37063961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 39.79.235.71 54511 (msg: "MISP e25970 [] Outgoing URL http|3a|//39.79.235.71|3a|54511/i"; flow:to_server,established; http.header; content:"39.79.235.71"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37063971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 39.79.235.71 54511 (msg: "MISP e25970 [] Outgoing URL http|3a|//39.79.235.71|3a|54511/bin.sh"; flow:to_server,established; http.header; content:"39.79.235.71"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37063981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 117.211.208.14 40564 (msg: "MISP e25970 [] Outgoing URL http|3a|//117.211.208.14|3a|40564/i"; flow:to_server,established; http.header; content:"117.211.208.14"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37063991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 117.211.208.14 40564 (msg: "MISP e25970 [] Outgoing URL http|3a|//117.211.208.14|3a|40564/bin.sh"; flow:to_server,established; http.header; content:"117.211.208.14"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 103.183.115.241 $HTTP_PORTS (msg: "MISP e25970 [] Outgoing URL http|3a|//103.183.115.241/YjKvqITk55.bin"; flow:to_server,established; http.header; content:"103.183.115.241"; fast_pattern; nocase; http.uri; content:"/YjKvqITk55.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25970 [] Outgoing URL http|3a|//www.ilfeudoresort.it/wp-includes/kACVfADgV186.bin"; flow:to_server,established; http.header; content:"www.ilfeudoresort.it"; fast_pattern; nocase; http.uri; content:"/wp-includes/kACVfADgV186.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 222.140.193.135 55720 (msg: "MISP e25970 [] Outgoing URL http|3a|//222.140.193.135|3a|55720/i"; flow:to_server,established; http.header; content:"222.140.193.135"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 115.55.142.102 52633 (msg: "MISP e25970 [] Outgoing URL http|3a|//115.55.142.102|3a|52633/Mozi.m"; flow:to_server,established; http.header; content:"115.55.142.102"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 112.239.122.19 54108 (msg: "MISP e25970 [] Outgoing URL http|3a|//112.239.122.19|3a|54108/bin.sh"; flow:to_server,established; http.header; content:"112.239.122.19"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 59.89.41.28 49256 (msg: "MISP e25970 [] Outgoing URL http|3a|//59.89.41.28|3a|49256/Mozi.m"; flow:to_server,established; http.header; content:"59.89.41.28"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 222.140.193.135 55720 (msg: "MISP e25970 [] Outgoing URL http|3a|//222.140.193.135|3a|55720/bin.sh"; flow:to_server,established; http.header; content:"222.140.193.135"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 171.35.163.75 33630 (msg: "MISP e25970 [] Outgoing URL http|3a|//171.35.163.75|3a|33630/Mozi.m"; flow:to_server,established; http.header; content:"171.35.163.75"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 115.55.57.105 34878 (msg: "MISP e25970 [] Outgoing URL http|3a|//115.55.57.105|3a|34878/bin.sh"; flow:to_server,established; http.header; content:"115.55.57.105"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 115.55.142.102 52633 (msg: "MISP e25970 [] Outgoing URL http|3a|//115.55.142.102|3a|52633/"; flow:to_server,established; http.header; content:"115.55.142.102"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 115.48.155.139 49126 (msg: "MISP e25970 [] Outgoing URL http|3a|//115.48.155.139|3a|49126/bin.sh"; flow:to_server,established; http.header; content:"115.48.155.139"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 112.248.246.71 55915 (msg: "MISP e25970 [] Outgoing URL http|3a|//112.248.246.71|3a|55915/i"; flow:to_server,established; http.header; content:"112.248.246.71"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 112.248.246.71 55915 (msg: "MISP e25970 [] Outgoing URL http|3a|//112.248.246.71|3a|55915/bin.sh"; flow:to_server,established; http.header; content:"112.248.246.71"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 221.14.11.181 58632 (msg: "MISP e25970 [] Outgoing URL http|3a|//221.14.11.181|3a|58632/i"; flow:to_server,established; http.header; content:"221.14.11.181"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 185.202.175.135 $HTTP_PORTS (msg: "MISP e25970 [] Outgoing URL http|3a|//185.202.175.135/iSPVbLeDFyJJX103.bin"; flow:to_server,established; http.header; content:"185.202.175.135"; fast_pattern; nocase; http.uri; content:"/iSPVbLeDFyJJX103.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 185.202.175.135 $HTTP_PORTS (msg: "MISP e25970 [] Outgoing URL http|3a|//185.202.175.135/fJhpKGyjLQnWv141.bin"; flow:to_server,established; http.header; content:"185.202.175.135"; fast_pattern; nocase; http.uri; content:"/fJhpKGyjLQnWv141.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 185.202.175.135 $HTTP_PORTS (msg: "MISP e25970 [] Outgoing URL http|3a|//185.202.175.135/CMdAuS19.bin"; flow:to_server,established; http.header; content:"185.202.175.135"; fast_pattern; nocase; http.uri; content:"/CMdAuS19.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 182.113.26.15 41838 (msg: "MISP e25970 [] Outgoing URL http|3a|//182.113.26.15|3a|41838/i"; flow:to_server,established; http.header; content:"182.113.26.15"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 117.235.159.147 52042 (msg: "MISP e25970 [] Outgoing URL http|3a|//117.235.159.147|3a|52042/Mozi.m"; flow:to_server,established; http.header; content:"117.235.159.147"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 112.239.122.19 54108 (msg: "MISP e25970 [] Outgoing URL http|3a|//112.239.122.19|3a|54108/i"; flow:to_server,established; http.header; content:"112.239.122.19"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 103.183.115.241 $HTTP_PORTS (msg: "MISP e25970 [] Outgoing URL http|3a|//103.183.115.241/uxrdJ94.bin"; flow:to_server,established; http.header; content:"103.183.115.241"; fast_pattern; nocase; http.uri; content:"/uxrdJ94.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 103.183.115.241 $HTTP_PORTS (msg: "MISP e25970 [] Outgoing URL http|3a|//103.183.115.241/mrjLCDj56.bin"; flow:to_server,established; http.header; content:"103.183.115.241"; fast_pattern; nocase; http.uri; content:"/mrjLCDj56.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 221.14.11.181 58632 (msg: "MISP e25970 [] Outgoing URL http|3a|//221.14.11.181|3a|58632/bin.sh"; flow:to_server,established; http.header; content:"221.14.11.181"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 190.38.146.171 47034 (msg: "MISP e25970 [] Outgoing URL http|3a|//190.38.146.171|3a|47034/bin.sh"; flow:to_server,established; http.header; content:"190.38.146.171"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 115.55.238.222 34456 (msg: "MISP e25970 [] Outgoing URL http|3a|//115.55.238.222|3a|34456/Mozi.m"; flow:to_server,established; http.header; content:"115.55.238.222"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 113.26.231.58 13199 (msg: "MISP e25970 [] Outgoing URL http|3a|//113.26.231.58|3a|13199/.i"; flow:to_server,established; http.header; content:"113.26.231.58"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 42.231.206.182 35241 (msg: "MISP e25970 [] Outgoing URL http|3a|//42.231.206.182|3a|35241/i"; flow:to_server,established; http.header; content:"42.231.206.182"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 222.140.184.57 56214 (msg: "MISP e25970 [] Outgoing URL http|3a|//222.140.184.57|3a|56214/Mozi.m"; flow:to_server,established; http.header; content:"222.140.184.57"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 194.87.93.199 $HTTP_PORTS (msg: "MISP e25970 [] Outgoing URL http|3a|//194.87.93.199/booking.exe"; flow:to_server,established; http.header; content:"194.87.93.199"; fast_pattern; nocase; http.uri; content:"/booking.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 182.116.112.8 46008 (msg: "MISP e25970 [] Outgoing URL http|3a|//182.116.112.8|3a|46008/i"; flow:to_server,established; http.header; content:"182.116.112.8"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 182.116.112.8 46008 (msg: "MISP e25970 [] Outgoing URL http|3a|//182.116.112.8|3a|46008/bin.sh"; flow:to_server,established; http.header; content:"182.116.112.8"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 117.199.7.216 57410 (msg: "MISP e25970 [] Outgoing URL http|3a|//117.199.7.216|3a|57410/bin.sh"; flow:to_server,established; http.header; content:"117.199.7.216"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 115.55.238.222 34456 (msg: "MISP e25970 [] Outgoing URL http|3a|//115.55.238.222|3a|34456/"; flow:to_server,established; http.header; content:"115.55.238.222"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 42.231.206.182 35241 (msg: "MISP e25970 [] Outgoing URL http|3a|//42.231.206.182|3a|35241/bin.sh"; flow:to_server,established; http.header; content:"42.231.206.182"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 27.206.255.173 56391 (msg: "MISP e25970 [] Outgoing URL http|3a|//27.206.255.173|3a|56391/Mozi.m"; flow:to_server,established; http.header; content:"27.206.255.173"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 182.116.118.76 38834 (msg: "MISP e25970 [] Outgoing URL http|3a|//182.116.118.76|3a|38834/bin.sh"; flow:to_server,established; http.header; content:"182.116.118.76"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 123.133.217.103 35918 (msg: "MISP e25970 [] Outgoing URL http|3a|//123.133.217.103|3a|35918/i"; flow:to_server,established; http.header; content:"123.133.217.103"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 123.133.217.103 35918 (msg: "MISP e25970 [] Outgoing URL http|3a|//123.133.217.103|3a|35918/bin.sh"; flow:to_server,established; http.header; content:"123.133.217.103"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 112.238.236.19 53766 (msg: "MISP e25970 [] Outgoing URL http|3a|//112.238.236.19|3a|53766/Mozi.m"; flow:to_server,established; http.header; content:"112.238.236.19"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert dns any any -> any any (msg: "MISP e25944 [] Domain frozenk.fr"; dns.query; content:"frozenk.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])frozenk\.fr$/i"; classtype:trojan-activity; sid:37227831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain frozenk.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frozenk.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frozenk\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain ftp.frozenk.fr"; dns.query; content:"ftp.frozenk.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.frozenk\.fr$/i"; classtype:trojan-activity; sid:37227841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain ftp.frozenk.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ftp.frozenk.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.frozenk\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain www.frozenk.fr"; dns.query; content:"www.frozenk.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.frozenk\.fr$/i"; classtype:trojan-activity; sid:37227851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain www.frozenk.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.frozenk.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.frozenk\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain vmi1357229.contaboserver.net"; dns.query; content:"vmi1357229.contaboserver.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1357229\.contaboserver\.net$/i"; classtype:trojan-activity; sid:37227861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain vmi1357229.contaboserver.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi1357229.contaboserver.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1357229\.contaboserver\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain maksonsab.ru"; dns.query; content:"maksonsab.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])maksonsab\.ru$/i"; classtype:trojan-activity; sid:37227871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain maksonsab.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maksonsab.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maksonsab\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain www.maksonsab.ru"; dns.query; content:"www.maksonsab.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maksonsab\.ru$/i"; classtype:trojan-activity; sid:37227881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain www.maksonsab.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.maksonsab.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maksonsab\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain dns.nateeka.com"; dns.query; content:"dns.nateeka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.nateeka\.com$/i"; classtype:trojan-activity; sid:37227891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain dns.nateeka.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.nateeka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.nateeka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain nateeka.com"; dns.query; content:"nateeka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nateeka\.com$/i"; classtype:trojan-activity; sid:37227901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain nateeka.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nateeka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nateeka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain ec2-107-23-38-171.compute-1.amazonaws.com"; dns.query; content:"ec2-107-23-38-171.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-107\-23\-38\-171\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37227911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain ec2-107-23-38-171.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-107-23-38-171.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-107\-23\-38\-171\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 172.245.156.157 7443 (msg: "MISP e25952 [AS-COLOCROSSING,Mythic] Outgoing To IP: 172.245.156.157|7443"; classtype:trojan-activity; sid:37062391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//mwasro.com/25012024.js"; flow:to_server,established; http.header; content:"mwasro.com"; fast_pattern; nocase; http.uri; content:"/25012024.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//mwasro.com"; flow:to_server,established; http.header; content:"mwasro.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//aitcaid.com"; flow:to_server,established; http.header; content:"aitcaid.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//pluralism.themancav.com"; flow:to_server,established; http.header; content:"pluralism.themancav.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//aitcaid.com/9659650c81ce1b984c58.js"; flow:to_server,established; http.header; content:"aitcaid.com"; fast_pattern; nocase; http.uri; content:"/9659650c81ce1b984c58.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//pluralism.themancav.com/lbK9kO6Q3vnxkIeio4aRsueQh7L82d/o+dXbsug="; flow:to_server,established; http.header; content:"pluralism.themancav.com"; fast_pattern; nocase; http.uri; content:"/lbK9kO6Q3vnxkIeio4aRsueQh7L82d/o+dXbsug="; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37227971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain farkhunda.3cx.us"; dns.query; content:"farkhunda.3cx.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])farkhunda\.3cx\.us$/i"; classtype:trojan-activity; sid:37227981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain farkhunda.3cx.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"farkhunda.3cx.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])farkhunda\.3cx\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37227982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 99.83.220.181 443 (msg: "MISP e25952 [AMAZON-02,Deimos] Outgoing To IP: 99.83.220.181|443"; classtype:trojan-activity; sid:37062401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 154.247.41.221 2078 (msg: "MISP e25952 [ALGTEL-AS,QakBot] Outgoing To IP: 154.247.41.221|2078"; classtype:trojan-activity; sid:37062411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 149.109.109.136 443 (msg: "MISP e25952 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 149.109.109.136|443"; classtype:trojan-activity; sid:37062421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 188.25.142.172 443 (msg: "MISP e25952 [QakBot,RCS-RDS 73-75 Dr. Staicovici] Outgoing To IP: 188.25.142.172|443"; classtype:trojan-activity; sid:37062431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 60.241.11.63 443 (msg: "MISP e25952 [QakBot,TPG-INTERNET-AP TPG Telecom Limited] Outgoing To IP: 60.241.11.63|443"; classtype:trojan-activity; sid:37062441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 181.141.40.28 4433 (msg: "MISP e25952 [dcrat,EPM Telecomunicaciones S.A. E.S.P.] Outgoing To IP: 181.141.40.28|4433"; classtype:trojan-activity; sid:37062451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 178.73.218.9 2222 (msg: "MISP e25952 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 178.73.218.9|2222"; classtype:trojan-activity; sid:37062461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25948 [] Domain looksoportelinea.com"; dns.query; content:"looksoportelinea.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])looksoportelinea\.com$/i"; classtype:trojan-activity; sid:37058461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25948;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25948 [] Outgoing HTTP Domain looksoportelinea.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"looksoportelinea.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])looksoportelinea\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37058462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25948;) alert ip $HOME_NET any -> 178.73.218.9 2222 (msg: "MISP e25944 [] Outgoing To IP: 178.73.218.9|2222"; classtype:trojan-activity; sid:37227991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 181.141.40.28 4433 (msg: "MISP e25944 [] Outgoing To IP: 181.141.40.28|4433"; classtype:trojan-activity; sid:37228001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 60.241.11.63 443 (msg: "MISP e25944 [] Outgoing To IP: 60.241.11.63|443"; classtype:trojan-activity; sid:37228011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 188.25.142.172 443 (msg: "MISP e25944 [] Outgoing To IP: 188.25.142.172|443"; classtype:trojan-activity; sid:37228021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 149.109.109.136 443 (msg: "MISP e25944 [] Outgoing To IP: 149.109.109.136|443"; classtype:trojan-activity; sid:37228031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 154.247.41.221 2078 (msg: "MISP e25944 [] Outgoing To IP: 154.247.41.221|2078"; classtype:trojan-activity; sid:37228041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 99.83.220.181 443 (msg: "MISP e25944 [] Outgoing To IP: 99.83.220.181|443"; classtype:trojan-activity; sid:37228051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 172.245.156.157 7443 (msg: "MISP e25944 [] Outgoing To IP: 172.245.156.157|7443"; classtype:trojan-activity; sid:37228061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 103.86.130.84 443 (msg: "MISP e25952 [c2,Get2] Outgoing To IP: 103.86.130.84|443"; classtype:trojan-activity; sid:37062471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e25949 [] Domain looksoportelinea.com"; dns.query; content:"looksoportelinea.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])looksoportelinea\.com$/i"; classtype:trojan-activity; sid:37058541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25949;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25949 [] Outgoing HTTP Domain looksoportelinea.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"looksoportelinea.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])looksoportelinea\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37058542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25949;) alert ip $HOME_NET any -> 103.86.130.84 443 (msg: "MISP e25944 [] Outgoing To IP: 103.86.130.84|443"; classtype:trojan-activity; sid:37228071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 193.233.132.64 50500 (msg: "MISP e25944 [] Outgoing To IP: 193.233.132.64|50500"; classtype:trojan-activity; sid:37228081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 45.134.26.17 50500 (msg: "MISP e25944 [] Outgoing To IP: 45.134.26.17|50500"; classtype:trojan-activity; sid:37228091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 193.233.132.135 50500 (msg: "MISP e25944 [] Outgoing To IP: 193.233.132.135|50500"; classtype:trojan-activity; sid:37228101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.172.128.103 50500 (msg: "MISP e25944 [] Outgoing To IP: 185.172.128.103|50500"; classtype:trojan-activity; sid:37228111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 94.156.69.28 50500 (msg: "MISP e25944 [] Outgoing To IP: 94.156.69.28|50500"; classtype:trojan-activity; sid:37228121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e25944 [] Domain c0mmit.top"; dns.query; content:"c0mmit.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])c0mmit\.top$/i"; classtype:trojan-activity; sid:37228131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25944 [] Outgoing HTTP Domain c0mmit.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c0mmit.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c0mmit\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37228132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e26415 [] Domain xalticainvest.com"; dns.query; content:"xalticainvest.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])xalticainvest\.com$/i"; classtype:trojan-activity; sid:37288561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26415 [] Outgoing HTTP Domain xalticainvest.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xalticainvest.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xalticainvest\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26415 [] Outgoing URL 24.199.98.128/expediente38/8869881268/8594605066.exe"; flow:to_server,established; http.uri; content:"24.199.98.128/expediente38/8869881268/8594605066.exe"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37288601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26415 [] Outgoing URL 24.199.98.128/verificacion58/6504926283/3072491614.exe"; flow:to_server,established; http.uri; content:"24.199.98.128/verificacion58/6504926283/3072491614.exe"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37288611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26415 [] Outgoing URL 24.199.98.128/impresion73/5464893028/8024251449.exe"; flow:to_server,established; http.uri; content:"24.199.98.128/impresion73/5464893028/8024251449.exe"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37288621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26415 [] Outgoing URL http|3a|//trilivok.com/4g3031ar0/cb6y1dh/it.php"; flow:to_server,established; http.header; content:"trilivok.com"; fast_pattern; nocase; http.uri; content:"/4g3031ar0/cb6y1dh/it.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37288581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert dns any any -> any any (msg: "MISP e26415 [] Domain trilivok.com"; dns.query; content:"trilivok.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])trilivok\.com$/i"; classtype:trojan-activity; sid:37288551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26415 [] Outgoing HTTP Domain trilivok.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trilivok.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trilivok\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert dns any any -> any any (msg: "MISP e26415 [] Domain moscovatech.com"; dns.query; content:"moscovatech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])moscovatech\.com$/i"; classtype:trojan-activity; sid:37288571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26415 [] Outgoing HTTP Domain moscovatech.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moscovatech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moscovatech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert dns any any -> any any (msg: "MISP e26415 [] Domain plinqok.com"; dns.query; content:"plinqok.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])plinqok\.com$/i"; classtype:trojan-activity; sid:37288541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26415 [] Outgoing HTTP Domain plinqok.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"plinqok.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])plinqok\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26415;) alert dns any any -> any any (msg: "MISP e26416 [] Domain featuresscanner.com"; dns.query; content:"featuresscanner.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])featuresscanner\.com$/i"; classtype:trojan-activity; sid:37288691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain featuresscanner.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"featuresscanner.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])featuresscanner\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert dns any any -> any any (msg: "MISP e26416 [] Domain professionalswebcheck.com"; dns.query; content:"professionalswebcheck.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])professionalswebcheck\.com$/i"; classtype:trojan-activity; sid:37288701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain professionalswebcheck.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"professionalswebcheck.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])professionalswebcheck\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert dns any any -> any any (msg: "MISP e26416 [] Domain hightrafficcounter.com"; dns.query; content:"hightrafficcounter.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hightrafficcounter\.com$/i"; classtype:trojan-activity; sid:37288711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain hightrafficcounter.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hightrafficcounter.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hightrafficcounter\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert dns any any -> any any (msg: "MISP e26416 [] Domain proftrafficcounter.com"; dns.query; content:"proftrafficcounter.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])proftrafficcounter\.com$/i"; classtype:trojan-activity; sid:37288721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain proftrafficcounter.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"proftrafficcounter.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])proftrafficcounter\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert dns any any -> any any (msg: "MISP e26416 [] Domain experttrafficmonitor.com"; dns.query; content:"experttrafficmonitor.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])experttrafficmonitor\.com$/i"; classtype:trojan-activity; sid:37288731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain experttrafficmonitor.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"experttrafficmonitor.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])experttrafficmonitor\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert ip $HOME_NET any -> 192.243.59.20 any (msg: "MISP e26416 [] Outgoing To IP: 192.243.59.20"; classtype:trojan-activity; sid:37288741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert ip $HOME_NET any -> 192.243.59.13 any (msg: "MISP e26416 [] Outgoing To IP: 192.243.59.13"; classtype:trojan-activity; sid:37288751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert ip $HOME_NET any -> 192.243.59.12 any (msg: "MISP e26416 [] Outgoing To IP: 192.243.59.12"; classtype:trojan-activity; sid:37288761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert ip $HOME_NET any -> 192.243.61.227 any (msg: "MISP e26416 [] Outgoing To IP: 192.243.61.227"; classtype:trojan-activity; sid:37288771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert ip $HOME_NET any -> 192.243.61.225 any (msg: "MISP e26416 [] Outgoing To IP: 192.243.61.225"; classtype:trojan-activity; sid:37288781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert ip $HOME_NET any -> 173.233.139.164 any (msg: "MISP e26416 [] Outgoing To IP: 173.233.139.164"; classtype:trojan-activity; sid:37288791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert ip $HOME_NET any -> 173.233.137.60 any (msg: "MISP e26416 [] Outgoing To IP: 173.233.137.60"; classtype:trojan-activity; sid:37288801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert ip $HOME_NET any -> 173.233.137.52 any (msg: "MISP e26416 [] Outgoing To IP: 173.233.137.52"; classtype:trojan-activity; sid:37288811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert ip $HOME_NET any -> 173.233.137.44 any (msg: "MISP e26416 [] Outgoing To IP: 173.233.137.44"; classtype:trojan-activity; sid:37288821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert ip $HOME_NET any -> 173.233.137.36 any (msg: "MISP e26416 [] Outgoing To IP: 173.233.137.36"; classtype:trojan-activity; sid:37288831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert dns any any -> any any (msg: "MISP e26416 [] Domain tracker-tds.info"; dns.query; content:"tracker-tds.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])tracker\-tds\.info$/i"; classtype:trojan-activity; sid:37288841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain tracker-tds.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tracker-tds.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tracker\-tds\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert dns any any -> any any (msg: "MISP e26416 [] Domain jpadsnow.com"; dns.query; content:"jpadsnow.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jpadsnow\.com$/i"; classtype:trojan-activity; sid:37288851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain jpadsnow.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jpadsnow.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jpadsnow\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert dns any any -> any any (msg: "MISP e26416 [] Domain ad-blocking24.net"; dns.query; content:"ad-blocking24.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ad\-blocking24\.net$/i"; classtype:trojan-activity; sid:37288861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain ad-blocking24.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ad-blocking24.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ad\-blocking24\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert dns any any -> any any (msg: "MISP e26416 [] Domain myqenad24.com"; dns.query; content:"myqenad24.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])myqenad24\.com$/i"; classtype:trojan-activity; sid:37288871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain myqenad24.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"myqenad24.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])myqenad24\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert dns any any -> any any (msg: "MISP e26416 [] Domain artificius.com"; dns.query; content:"artificius.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])artificius\.com$/i"; classtype:trojan-activity; sid:37288891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain artificius.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"artificius.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])artificius\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert dns any any -> any any (msg: "MISP e26416 [] Domain hoanoola.net"; dns.query; content:"hoanoola.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])hoanoola\.net$/i"; classtype:trojan-activity; sid:37288901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain hoanoola.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hoanoola.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hoanoola\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert dns any any -> any any (msg: "MISP e26416 [] Domain allureoutlayterrific.com"; dns.query; content:"allureoutlayterrific.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])allureoutlayterrific\.com$/i"; classtype:trojan-activity; sid:37288911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26416 [] Outgoing HTTP Domain allureoutlayterrific.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"allureoutlayterrific.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])allureoutlayterrific\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37288912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26416;) alert http $HOME_NET any -> 173.212.224.123 $HTTP_PORTS (msg: "MISP e25952 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//173.212.224.123/download/"; flow:to_server,established; http.header; content:"173.212.224.123"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 23.101.122.219 80 (msg: "MISP e25952 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 23.101.122.219|80"; classtype:trojan-activity; sid:37062491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 23.101.122.219 80 (msg: "MISP e25944 [] Outgoing To IP: 23.101.122.219|80"; classtype:trojan-activity; sid:37228141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> 173.212.224.123 $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//173.212.224.123/download/"; flow:to_server,established; http.header; content:"173.212.224.123"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37228151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert http $HOME_NET any -> 193.187.174.182 $HTTP_PORTS (msg: "MISP e25952 [Stealc] Outgoing URL http|3a|//193.187.174.182/7b7c07c1b3625773.php"; flow:to_server,established; http.header; content:"193.187.174.182"; fast_pattern; nocase; http.uri; content:"/7b7c07c1b3625773.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e26093 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37129271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26093;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26093 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26093;) alert http $HOME_NET any -> 193.187.174.182 $HTTP_PORTS (msg: "MISP e25944 [] Outgoing URL http|3a|//193.187.174.182/7b7c07c1b3625773.php"; flow:to_server,established; http.header; content:"193.187.174.182"; fast_pattern; nocase; http.uri; content:"/7b7c07c1b3625773.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37228161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip 147.78.47.57 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.78.47.57"; classtype:trojan-activity; sid:37083841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 108.170.148.48 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.170.148.48"; classtype:trojan-activity; sid:37083851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 162.142.125.13 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.13"; classtype:trojan-activity; sid:37083861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert dns any any -> any any (msg: "MISP e26092 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37129241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26092;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26092 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26092;) alert ip 185.234.216.125 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.234.216.125"; classtype:trojan-activity; sid:37083871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 193.201.9.48 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.201.9.48"; classtype:trojan-activity; sid:37083881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 194.187.176.114 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.114"; classtype:trojan-activity; sid:37083891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 194.187.176.116 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.116"; classtype:trojan-activity; sid:37083901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 194.187.176.135 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.135"; classtype:trojan-activity; sid:37083911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 194.187.176.42 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.42"; classtype:trojan-activity; sid:37083921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 194.187.176.44 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.44"; classtype:trojan-activity; sid:37243171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 194.187.176.62 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.62"; classtype:trojan-activity; sid:37243181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 20.24.187.182 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.24.187.182"; classtype:trojan-activity; sid:37243191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 203.33.207.66 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.33.207.66"; classtype:trojan-activity; sid:37243201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 205.210.31.226 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.226"; classtype:trojan-activity; sid:37243211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert ip 45.140.17.52 any -> $HOME_NET any (msg: "MISP e26001 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.140.17.52"; classtype:trojan-activity; sid:37243221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26001;) alert dns any any -> any any (msg: "MISP e26091 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37129211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26091;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26091 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26091;) alert dns any any -> any any (msg: "MISP e26089 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37129151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26089;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26089 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26089;) alert dns any any -> any any (msg: "MISP e26090 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37129181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26090;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26090 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26090;) alert dns any any -> any any (msg: "MISP e26088 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37129121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26088;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26088 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26088;) alert ip $HOME_NET any -> 90.15.154.112 4789 (msg: "MISP e25952 [QuasarRAT,RAT] Outgoing To IP: 90.15.154.112|4789"; classtype:trojan-activity; sid:37062511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert ip $HOME_NET any -> 90.15.154.112 4789 (msg: "MISP e25944 [] Outgoing To IP: 90.15.154.112|4789"; classtype:trojan-activity; sid:37228171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert ip $HOME_NET any -> 185.215.113.67 26260 (msg: "MISP e25944 [] Outgoing To IP: 185.215.113.67|26260"; classtype:trojan-activity; sid:37228181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25944;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname identification-210478.hubside.fr"; dns.query; content:"identification-210478.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identification\-210478\.hubside\.fr$/i"; classtype:trojan-activity; sid:37102491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname identification-210478.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| identification-210478.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identification\-210478\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname t1e741d20.emailsys2a.net"; dns.query; content:"t1e741d20.emailsys2a.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t1e741d20\.emailsys2a\.net$/i"; classtype:trojan-activity; sid:37102521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname t1e741d20.emailsys2a.net"; flow:to_server,established; http.header; content: "Host|3a| t1e741d20.emailsys2a.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t1e741d20\.emailsys2a\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname s3.mordalkofsd.com"; dns.query; content:"s3.mordalkofsd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s3\.mordalkofsd\.com$/i"; classtype:trojan-activity; sid:37102551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname s3.mordalkofsd.com"; flow:to_server,established; http.header; content: "Host|3a| s3.mordalkofsd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s3\.mordalkofsd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname s4.lamprofasdi.com"; dns.query; content:"s4.lamprofasdi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s4\.lamprofasdi\.com$/i"; classtype:trojan-activity; sid:37102641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname s4.lamprofasdi.com"; flow:to_server,established; http.header; content: "Host|3a| s4.lamprofasdi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s4\.lamprofasdi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname s1.zigolmalchifi.com"; dns.query; content:"s1.zigolmalchifi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.zigolmalchifi\.com$/i"; classtype:trojan-activity; sid:37102671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname s1.zigolmalchifi.com"; flow:to_server,established; http.header; content: "Host|3a| s1.zigolmalchifi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.zigolmalchifi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname wrongdoeruncover.xyz"; dns.query; content:"wrongdoeruncover.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wrongdoeruncover\.xyz$/i"; classtype:trojan-activity; sid:37102701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname wrongdoeruncover.xyz"; flow:to_server,established; http.header; content: "Host|3a| wrongdoeruncover.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wrongdoeruncover\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname easingsettling.pro"; dns.query; content:"easingsettling.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])easingsettling\.pro$/i"; classtype:trojan-activity; sid:37102731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname easingsettling.pro"; flow:to_server,established; http.header; content: "Host|3a| easingsettling.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])easingsettling\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//easingsettling.pro"; flow:to_server,established; http.header; content:"easingsettling.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname imtoken-ae.moe"; dns.query; content:"imtoken-ae.moe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ae\.moe$/i"; classtype:trojan-activity; sid:37102761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname imtoken-ae.moe"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ae.moe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ae\.moe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//imtoken-ae.moe"; flow:to_server,established; http.header; content:"imtoken-ae.moe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname applezer.ydns.eu"; dns.query; content:"applezer.ydns.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])applezer\.ydns\.eu$/i"; classtype:trojan-activity; sid:37102791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname applezer.ydns.eu"; flow:to_server,established; http.header; content: "Host|3a| applezer.ydns.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])applezer\.ydns\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//applezer.ydns.eu"; flow:to_server,established; http.header; content:"applezer.ydns.eu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname greenforwin.info"; dns.query; content:"greenforwin.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])greenforwin\.info$/i"; classtype:trojan-activity; sid:37102821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname greenforwin.info"; flow:to_server,established; http.header; content: "Host|3a| greenforwin.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])greenforwin\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//greenforwin.info"; flow:to_server,established; http.header; content:"greenforwin.info"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname nodechains-launchpadlpx.pages.dev"; dns.query; content:"nodechains-launchpadlpx.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechains\-launchpadlpx\.pages\.dev$/i"; classtype:trojan-activity; sid:37102851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname nodechains-launchpadlpx.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nodechains-launchpadlpx.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechains\-launchpadlpx\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//nodechains-launchpadlpx.pages.dev"; flow:to_server,established; http.header; content:"nodechains-launchpadlpx.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37102861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname qrxf5upf1y93b-1324239560.cos.ap-mumbai.myqcloud.com"; dns.query; content:"qrxf5upf1y93b-1324239560.cos.ap-mumbai.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qrxf5upf1y93b\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37102881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname qrxf5upf1y93b-1324239560.cos.ap-mumbai.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| qrxf5upf1y93b-1324239560.cos.ap-mumbai.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qrxf5upf1y93b\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname vi5hb36i24o9p-1324239560.cos.ap-jakarta.myqcloud.com"; dns.query; content:"vi5hb36i24o9p-1324239560.cos.ap-jakarta.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vi5hb36i24o9p\-1324239560\.cos\.ap\-jakarta\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37102911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname vi5hb36i24o9p-1324239560.cos.ap-jakarta.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| vi5hb36i24o9p-1324239560.cos.ap-jakarta.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vi5hb36i24o9p\-1324239560\.cos\.ap\-jakarta\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname tgadminuser.webpp.xyz"; dns.query; content:"tgadminuser.webpp.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webpp\.xyz$/i"; classtype:trojan-activity; sid:37102941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname tgadminuser.webpp.xyz"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.webpp.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webpp\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname tgadminuser.web-cs.wang"; dns.query; content:"tgadminuser.web-cs.wang"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-cs\.wang$/i"; classtype:trojan-activity; sid:37102971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname tgadminuser.web-cs.wang"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.web-cs.wang"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-cs\.wang[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37102972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegram.web-cs.wang"; dns.query; content:"telegram.web-cs.wang"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.web\-cs\.wang$/i"; classtype:trojan-activity; sid:37103001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegram.web-cs.wang"; flow:to_server,established; http.header; content: "Host|3a| telegram.web-cs.wang"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.web\-cs\.wang[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37103002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname apps1-claim-bantuan.kelayakan.biz.id"; dns.query; content:"apps1-claim-bantuan.kelayakan.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apps1\-claim\-bantuan\.kelayakan\.biz\.id$/i"; classtype:trojan-activity; sid:37103031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname apps1-claim-bantuan.kelayakan.biz.id"; flow:to_server,established; http.header; content: "Host|3a| apps1-claim-bantuan.kelayakan.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apps1\-claim\-bantuan\.kelayakan\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37103032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname translationmainpotencialdomainsaverwindows1.pages.dev"; dns.query; content:"translationmainpotencialdomainsaverwindows1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])translationmainpotencialdomainsaverwindows1\.pages\.dev$/i"; classtype:trojan-activity; sid:37103061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname translationmainpotencialdomainsaverwindows1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| translationmainpotencialdomainsaverwindows1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])translationmainpotencialdomainsaverwindows1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37103062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//translationmainpotencialdomainsaverwindows1.pages.dev"; flow:to_server,established; http.header; content:"translationmainpotencialdomainsaverwindows1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37103071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname autogielda-laszkowski.pl"; dns.query; content:"autogielda-laszkowski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-laszkowski\.pl$/i"; classtype:trojan-activity; sid:37103091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname autogielda-laszkowski.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-laszkowski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-laszkowski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37103092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//autogielda-laszkowski.pl"; flow:to_server,established; http.header; content:"autogielda-laszkowski.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37103101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname restless-water-f17b.egtzv7vgjhvg8n4.workers.dev"; dns.query; content:"restless-water-f17b.egtzv7vgjhvg8n4.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])restless\-water\-f17b\.egtzv7vgjhvg8n4\.workers\.dev$/i"; classtype:trojan-activity; sid:37103121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname restless-water-f17b.egtzv7vgjhvg8n4.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| restless-water-f17b.egtzv7vgjhvg8n4.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])restless\-water\-f17b\.egtzv7vgjhvg8n4\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37103122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//restless-water-f17b.egtzv7vgjhvg8n4.workers.dev"; flow:to_server,established; http.header; content:"restless-water-f17b.egtzv7vgjhvg8n4.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37103131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname telegram18sexxx-88h.pages.dev"; dns.query; content:"telegram18sexxx-88h.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram18sexxx\-88h\.pages\.dev$/i"; classtype:trojan-activity; sid:37103151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname telegram18sexxx-88h.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegram18sexxx-88h.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram18sexxx\-88h\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37103152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//telegram18sexxx-88h.pages.dev"; flow:to_server,established; http.header; content:"telegram18sexxx-88h.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37103161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> 61.54.232.35 36493 (msg: "MISP e25970 [] Outgoing URL http|3a|//61.54.232.35|3a|36493/Mozi.m"; flow:to_server,established; http.header; content:"61.54.232.35"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 221.1.157.112 59630 (msg: "MISP e25970 [] Outgoing URL http|3a|//221.1.157.112|3a|59630/Mozi.m"; flow:to_server,established; http.header; content:"221.1.157.112"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 115.61.1.161 44231 (msg: "MISP e25970 [] Outgoing URL http|3a|//115.61.1.161|3a|44231/Mozi.m"; flow:to_server,established; http.header; content:"115.61.1.161"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert http $HOME_NET any -> 125.46.206.90 39644 (msg: "MISP e25970 [] Outgoing URL http|3a|//125.46.206.90|3a|39644/Mozi.m"; flow:to_server,established; http.header; content:"125.46.206.90"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37064461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/25970;) alert ip $HOME_NET any -> 193.168.143.133 443 (msg: "MISP e26223 [misp:confidence-level="usually-confident"] Outgoing To IP: 193.168.143.133|443"; classtype:trojan-activity; sid:37217011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 5.255.113.36 443 (msg: "MISP e26223 [misp:confidence-level="usually-confident"] Outgoing To IP: 5.255.113.36|443"; classtype:trojan-activity; sid:37217021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.106.102.82 443 (msg: "MISP e26223 [] Outgoing To IP: 185.106.102.82|443"; classtype:trojan-activity; sid:37217031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 146.19.143.113 443 (msg: "MISP e26223 [] Outgoing To IP: 146.19.143.113|443"; classtype:trojan-activity; sid:37217041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.99.133.228 443 (msg: "MISP e26223 [] Outgoing To IP: 185.99.133.228|443"; classtype:trojan-activity; sid:37217051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 45.59.118.118 443 (msg: "MISP e26223 [] Outgoing To IP: 45.59.118.118|443"; classtype:trojan-activity; sid:37217061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 5.255.113.34 443 (msg: "MISP e26223 [] Outgoing To IP: 5.255.113.34|443"; classtype:trojan-activity; sid:37217071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 5.255.126.243 443 (msg: "MISP e26223 [] Outgoing To IP: 5.255.126.243|443"; classtype:trojan-activity; sid:37217081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 5.230.74.51 443 (msg: "MISP e26223 [] Outgoing To IP: 5.230.74.51|443"; classtype:trojan-activity; sid:37217091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 5.101.44.49 443 (msg: "MISP e26223 [] Outgoing To IP: 5.101.44.49|443"; classtype:trojan-activity; sid:37217101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 5.230.68.180 443 (msg: "MISP e26223 [] Outgoing To IP: 5.230.68.180|443"; classtype:trojan-activity; sid:37217111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e25950 [] Domain itau.soportecancelaciones.info"; dns.query; content:"itau.soportecancelaciones.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])itau\.soportecancelaciones\.info$/i"; classtype:trojan-activity; sid:37058621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25950;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25950 [] Outgoing HTTP Domain itau.soportecancelaciones.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"itau.soportecancelaciones.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])itau\.soportecancelaciones\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37058622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25950;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25952 [dcrat] Outgoing URL http|3a|//f0915140.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"f0915140.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25952;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname pub-b38019cf99cf483584c83eb508d6ab62.r2.dev"; dns.query; content:"pub-b38019cf99cf483584c83eb508d6ab62.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b38019cf99cf483584c83eb508d6ab62\.r2\.dev$/i"; classtype:trojan-activity; sid:37103181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname pub-b38019cf99cf483584c83eb508d6ab62.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-b38019cf99cf483584c83eb508d6ab62.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b38019cf99cf483584c83eb508d6ab62\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37103182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname erudicaoinvestimentos.com.br"; dns.query; content:"erudicaoinvestimentos.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])erudicaoinvestimentos\.com\.br$/i"; classtype:trojan-activity; sid:37103211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname erudicaoinvestimentos.com.br"; flow:to_server,established; http.header; content: "Host|3a| erudicaoinvestimentos.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])erudicaoinvestimentos\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37103212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname 2createarchitecture.com.au"; dns.query; content:"2createarchitecture.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2createarchitecture\.com\.au$/i"; classtype:trojan-activity; sid:37103241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname 2createarchitecture.com.au"; flow:to_server,established; http.header; content: "Host|3a| 2createarchitecture.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2createarchitecture\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37103242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//2createarchitecture.com.au/xxv.html/"; flow:to_server,established; http.header; content:"2createarchitecture.com.au"; fast_pattern; nocase; http.uri; content:"/xxv.html/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37103251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [dcrat] Outgoing URL http|3a|//f0915140.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"f0915140.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37217121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26035 [] Hostname owlto-finance-xpubfixdapps.pages.dev"; dns.query; content:"owlto-finance-xpubfixdapps.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])owlto\-finance\-xpubfixdapps\.pages\.dev$/i"; classtype:trojan-activity; sid:37103271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26035 [] Outgoing HTTP Hostname owlto-finance-xpubfixdapps.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| owlto-finance-xpubfixdapps.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])owlto\-finance\-xpubfixdapps\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37103272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26035 [] Outgoing URL http|3a|//owlto-finance-xpubfixdapps.pages.dev"; flow:to_server,established; http.header; content:"owlto-finance-xpubfixdapps.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37103281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26035;) alert ip $HOME_NET any -> 111.230.12.198 8071 (msg: "MISP e26018 [c2,cobalt_strike] Outgoing To IP: 111.230.12.198|8071"; classtype:trojan-activity; sid:37088791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 111.230.12.198 8071 (msg: "MISP e26223 [c2,misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 111.230.12.198|8071"; classtype:trojan-activity; sid:37217131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e25951 [] Domain looksoportelinea.com"; dns.query; content:"looksoportelinea.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])looksoportelinea\.com$/i"; classtype:trojan-activity; sid:37058721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25951;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25951 [] Outgoing HTTP Domain looksoportelinea.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"looksoportelinea.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])looksoportelinea\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37058722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25951;) alert http $HOME_NET any -> 27.215.214.58 44818 (msg: "MISP e26018 [] Outgoing URL http|3a|//27.215.214.58|3a|44818/mozi.m"; flow:to_server,established; http.header; content:"27.215.214.58"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37088801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 27.215.214.58 44818 (msg: "MISP e26223 [misp:confidence-level="fairly-confident"] Outgoing URL http|3a|//27.215.214.58|3a|44818/Mozi.m"; flow:to_server,established; http.header; content:"27.215.214.58"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37217141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 93.123.85.149 38245 (msg: "MISP e26223 [Mirai,misp:confidence-level="usually-confident"] Outgoing To IP: 93.123.85.149|38245"; classtype:trojan-activity; sid:37217151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [Mirai,misp:confidence-level="usually-confident"] Domain bot.shop4youv2.de"; dns.query; content:"bot.shop4youv2.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.shop4youv2\.de$/i"; classtype:trojan-activity; sid:37217161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [Mirai,misp:confidence-level="usually-confident"] Outgoing HTTP Domain bot.shop4youv2.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bot.shop4youv2.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.shop4youv2\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37217162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [Mirai,misp:confidence-level="usually-confident"] Domain bot.elite-likes.de"; dns.query; content:"bot.elite-likes.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.elite\-likes\.de$/i"; classtype:trojan-activity; sid:37217171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [Mirai,misp:confidence-level="usually-confident"] Outgoing HTTP Domain bot.elite-likes.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bot.elite-likes.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.elite\-likes\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37217172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 15.204.245.61 23 (msg: "MISP e26223 [Gafgyt,misp-galaxy:malpedia="Bashlite",misp:confidence-level="usually-confident"] Outgoing To IP: 15.204.245.61|23"; classtype:trojan-activity; sid:37217181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [dcrat] Outgoing URL http|3a|//cd43986.tw1.ru/_defaultwindows.php"; flow:to_server,established; http.header; content:"cd43986.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37088821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [dcrat] Outgoing URL http|3a|//cd43986.tw1.ru/_Defaultwindows.php"; flow:to_server,established; http.header; content:"cd43986.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_Defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37217191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25953 [] Outgoing URL http|3a|//solicita-banestado.pages.dev"; flow:to_server,established; http.header; content:"solicita-banestado.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25953;) alert dns any any -> any any (msg: "MISP e25953 [] Domain solicita-banestado.pages.dev"; dns.query; content:"solicita-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37062551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25953;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25953 [] Outgoing HTTP Domain solicita-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"solicita-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25953;) alert ip $HOME_NET any -> 121.36.226.214 50050 (msg: "MISP e26018 [c2,cobalt_strike] Outgoing To IP: 121.36.226.214|50050"; classtype:trojan-activity; sid:37088831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 47.104.232.113 50050 (msg: "MISP e26018 [c2,cobalt_strike] Outgoing To IP: 47.104.232.113|50050"; classtype:trojan-activity; sid:37088841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 39.106.74.90 50050 (msg: "MISP e26018 [c2,cobalt_strike] Outgoing To IP: 39.106.74.90|50050"; classtype:trojan-activity; sid:37088851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 39.106.74.90 50050 (msg: "MISP e26223 [] Outgoing To IP: 39.106.74.90|50050"; classtype:trojan-activity; sid:37217201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 47.104.232.113 50050 (msg: "MISP e26223 [] Outgoing To IP: 47.104.232.113|50050"; classtype:trojan-activity; sid:37217211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 121.36.226.214 50050 (msg: "MISP e26223 [] Outgoing To IP: 121.36.226.214|50050"; classtype:trojan-activity; sid:37217221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e25954 [] Domain solicita-estado.pages.dev"; dns.query; content:"solicita-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37062631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25954;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25954 [] Outgoing HTTP Domain solicita-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"solicita-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])solicita\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25954;) alert ip $HOME_NET any -> 52.144.124.61 3790 (msg: "MISP e26018 [c2,Meterpreter] Outgoing To IP: 52.144.124.61|3790"; classtype:trojan-activity; sid:37088861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 52.144.124.61 3790 (msg: "MISP e26223 [] Outgoing To IP: 52.144.124.61|3790"; classtype:trojan-activity; sid:37217231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 47.115.203.204 50050 (msg: "MISP e26018 [c2,cobalt_strike] Outgoing To IP: 47.115.203.204|50050"; classtype:trojan-activity; sid:37088871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 47.115.203.204 50050 (msg: "MISP e26223 [] Outgoing To IP: 47.115.203.204|50050"; classtype:trojan-activity; sid:37217241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 195.20.16.45 $HTTP_PORTS (msg: "MISP e26018 [] Outgoing URL http|3a|//195.20.16.45/api/firecom.php"; flow:to_server,established; http.header; content:"195.20.16.45"; fast_pattern; nocase; http.uri; content:"/api/firecom.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37088881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 193.168.143.133 443 (msg: "MISP e26018 [Latrodectus] Outgoing To IP: 193.168.143.133|443"; classtype:trojan-activity; sid:37088781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 15.204.245.61 23 (msg: "MISP e26018 [Gafgyt] Outgoing To IP: 15.204.245.61|23"; classtype:trojan-activity; sid:37088811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.106.102.82 443 (msg: "MISP e26018 [Latrodectus] Outgoing To IP: 185.106.102.82|443"; classtype:trojan-activity; sid:37088761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.255.113.36 443 (msg: "MISP e26018 [Latrodectus] Outgoing To IP: 5.255.113.36|443"; classtype:trojan-activity; sid:37088771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.215.113.67 26260 (msg: "MISP e26018 [infostealer,RedLine,stealer] Outgoing To IP: 185.215.113.67|26260"; classtype:trojan-activity; sid:37088671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 193.233.132.135 50500 (msg: "MISP e26018 [RiseProStealer] Outgoing To IP: 193.233.132.135|50500"; classtype:trojan-activity; sid:37088641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 94.156.69.28 50500 (msg: "MISP e26018 [RiseProStealer] Outgoing To IP: 94.156.69.28|50500"; classtype:trojan-activity; sid:37088661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 193.233.132.64 50500 (msg: "MISP e26018 [RiseProStealer] Outgoing To IP: 193.233.132.64|50500"; classtype:trojan-activity; sid:37088621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 45.134.26.17 50500 (msg: "MISP e26018 [RiseProStealer] Outgoing To IP: 45.134.26.17|50500"; classtype:trojan-activity; sid:37088631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.172.128.103 50500 (msg: "MISP e26018 [RiseProStealer] Outgoing To IP: 185.172.128.103|50500"; classtype:trojan-activity; sid:37088651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [SocGholish] Outgoing URL http|3a|//pluralism.themancav.com"; flow:to_server,established; http.header; content:"pluralism.themancav.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37088601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [SocGholish] Outgoing URL http|3a|//mwasro.com/25012024.js"; flow:to_server,established; http.header; content:"mwasro.com"; fast_pattern; nocase; http.uri; content:"/25012024.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37088611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [SocGholish] Outgoing URL http|3a|//aitcaid.com/9659650c81ce1b984c58.js"; flow:to_server,established; http.header; content:"aitcaid.com"; fast_pattern; nocase; http.uri; content:"/9659650c81ce1b984c58.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37088571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [SocGholish] Outgoing URL http|3a|//pluralism.themancav.com/lbk9ko6q3vnxkieio4arsueqh7l82d/o+dxbsug="; flow:to_server,established; http.header; content:"pluralism.themancav.com"; fast_pattern; nocase; http.uri; content:"/lbk9ko6q3vnxkieio4arsueqh7l82d/o+dxbsug="; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37088581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [SocGholish] Outgoing URL http|3a|//aitcaid.com"; flow:to_server,established; http.header; content:"aitcaid.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37088591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.101.44.49 443 (msg: "MISP e26018 [Latrodectus] Outgoing To IP: 5.101.44.49|443"; classtype:trojan-activity; sid:37088681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.230.68.180 443 (msg: "MISP e26018 [Latrodectus] Outgoing To IP: 5.230.68.180|443"; classtype:trojan-activity; sid:37088691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.230.74.51 443 (msg: "MISP e26018 [Latrodectus] Outgoing To IP: 5.230.74.51|443"; classtype:trojan-activity; sid:37088701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 146.19.143.113 443 (msg: "MISP e26018 [Latrodectus] Outgoing To IP: 146.19.143.113|443"; classtype:trojan-activity; sid:37088741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.99.133.228 443 (msg: "MISP e26018 [Latrodectus] Outgoing To IP: 185.99.133.228|443"; classtype:trojan-activity; sid:37088751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.255.113.34 443 (msg: "MISP e26018 [Latrodectus] Outgoing To IP: 5.255.113.34|443"; classtype:trojan-activity; sid:37088711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.255.126.243 443 (msg: "MISP e26018 [Latrodectus] Outgoing To IP: 5.255.126.243|443"; classtype:trojan-activity; sid:37088721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 45.59.118.118 443 (msg: "MISP e26018 [Latrodectus] Outgoing To IP: 45.59.118.118|443"; classtype:trojan-activity; sid:37088731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 5.42.67.14 $HTTP_PORTS (msg: "MISP e26018 [Amadey] Outgoing URL http|3a|//5.42.67.14/doctr8fb7z9/index.php"; flow:to_server,established; http.header; content:"5.42.67.14"; fast_pattern; nocase; http.uri; content:"/doctr8fb7z9/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37088901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 195.20.16.45 $HTTP_PORTS (msg: "MISP e26018 [] Outgoing URL http|3a|//195.20.16.45/api/flash.php"; flow:to_server,established; http.header; content:"195.20.16.45"; fast_pattern; nocase; http.uri; content:"/api/flash.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37088891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 195.20.16.45 $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//195.20.16.45/api/flash.php"; flow:to_server,established; http.header; content:"195.20.16.45"; fast_pattern; nocase; http.uri; content:"/api/flash.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37217251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 5.42.67.14 $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//5.42.67.14/doctr8fb7z9/index.php"; flow:to_server,established; http.header; content:"5.42.67.14"; fast_pattern; nocase; http.uri; content:"/doctr8fb7z9/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37217261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 195.20.16.45 $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//195.20.16.45/api/firecom.php"; flow:to_server,established; http.header; content:"195.20.16.45"; fast_pattern; nocase; http.uri; content:"/api/firecom.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37217271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 103.67.196.125 4505 (msg: "MISP e26018 [remcos] Outgoing To IP: 103.67.196.125|4505"; classtype:trojan-activity; sid:37088911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 103.67.196.125 4505 (msg: "MISP e26223 [] Outgoing To IP: 103.67.196.125|4505"; classtype:trojan-activity; sid:37217281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 93.123.85.4 9931 (msg: "MISP e26223 [] Outgoing To IP: 93.123.85.4|9931"; classtype:trojan-activity; sid:37217291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 5.42.67.14 80 (msg: "MISP e26018 [Amadey,ViriBack] Outgoing To IP: 5.42.67.14|80"; classtype:trojan-activity; sid:37088921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 46.183.220.203 40935 (msg: "MISP e26018 [NanoCore,RAT] Outgoing To IP: 46.183.220.203|40935"; classtype:trojan-activity; sid:37088931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 103.183.115.241 $HTTP_PORTS (msg: "MISP e25986 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//103.183.115.241/XbSEyByLtjGfXxfjB139.bin"; flow:to_server,established; http.header; content:"103.183.115.241"; fast_pattern; nocase; http.uri; content:"/XbSEyByLtjGfXxfjB139.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37068241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25986;) alert ip $HOME_NET any -> 46.183.220.203 40935 (msg: "MISP e26223 [] Outgoing To IP: 46.183.220.203|40935"; classtype:trojan-activity; sid:37217301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 5.42.67.14 80 (msg: "MISP e26223 [] Outgoing To IP: 5.42.67.14|80"; classtype:trojan-activity; sid:37217311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 82.146.39.80 7443 (msg: "MISP e26018 [Covenant,RU-JSCIOT] Outgoing To IP: 82.146.39.80|7443"; classtype:trojan-activity; sid:37088941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 43.198.240.228 443 (msg: "MISP e26018 [AMAZON-02,Deimos] Outgoing To IP: 43.198.240.228|443"; classtype:trojan-activity; sid:37088951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 209.127.186.234 64242 (msg: "MISP e26018 [Bianlian Go Trojan,SERVER-MANIA] Outgoing To IP: 209.127.186.234|64242"; classtype:trojan-activity; sid:37088961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 31.220.80.82 53 (msg: "MISP e26018 [Bianlian Go Trojan,CONTABO] Outgoing To IP: 31.220.80.82|53"; classtype:trojan-activity; sid:37088971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 51.15.235.86 53 (msg: "MISP e26018 [Bianlian Go Trojan,Online SAS] Outgoing To IP: 51.15.235.86|53"; classtype:trojan-activity; sid:37088981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 172.105.14.104 4444 (msg: "MISP e26018 [AKAMAI-LINODE-AP Akamai Connected Cloud,Havoc] Outgoing To IP: 172.105.14.104|4444"; classtype:trojan-activity; sid:37088991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 49.12.7.88 443 (msg: "MISP e26018 [Havoc,HETZNER-AS] Outgoing To IP: 49.12.7.88|443"; classtype:trojan-activity; sid:37089001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 145.82.129.126 443 (msg: "MISP e26018 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 145.82.129.126|443"; classtype:trojan-activity; sid:37089011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 201.124.86.37 995 (msg: "MISP e26018 [QakBot,UNINET] Outgoing To IP: 201.124.86.37|995"; classtype:trojan-activity; sid:37089021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 176.44.89.132 995 (msg: "MISP e26018 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 176.44.89.132|995"; classtype:trojan-activity; sid:37089031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 189.140.16.135 443 (msg: "MISP e26018 [QakBot,UNINET] Outgoing To IP: 189.140.16.135|443"; classtype:trojan-activity; sid:37089041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 193.111.248.167 2003 (msg: "MISP e26018 [dcrat,FERDINANDZINK] Outgoing To IP: 193.111.248.167|2003"; classtype:trojan-activity; sid:37089051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 5.42.66.32 $HTTP_PORTS (msg: "MISP e26018 [Amadey] Outgoing URL http|3a|//5.42.66.32/g8samsa2/index.php"; flow:to_server,established; http.header; content:"5.42.66.32"; fast_pattern; nocase; http.uri; content:"/g8samsa2/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37089061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e24600 [] Outgoing URL http|3a|//post-lu-acc.com/wc/suivre.php?user=true"; flow:to_server,established; http.header; content:"post-lu-acc.com"; fast_pattern; nocase; http.uri; content:"/wc/suivre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37086491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain post-lu-acc.com"; dns.query; content:"post-lu-acc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\-acc\.com$/i"; classtype:trojan-activity; sid:37086531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain post-lu-acc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"post-lu-acc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\-acc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37086532; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 5.42.66.32 $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//5.42.66.32/g8samsA2/index.php"; flow:to_server,established; http.header; content:"5.42.66.32"; fast_pattern; nocase; http.uri; content:"/g8samsA2/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37217321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 193.111.248.167 2003 (msg: "MISP e26223 [] Outgoing To IP: 193.111.248.167|2003"; classtype:trojan-activity; sid:37217331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 189.140.16.135 443 (msg: "MISP e26223 [] Outgoing To IP: 189.140.16.135|443"; classtype:trojan-activity; sid:37217341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 176.44.89.132 995 (msg: "MISP e26223 [] Outgoing To IP: 176.44.89.132|995"; classtype:trojan-activity; sid:37217351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 201.124.86.37 995 (msg: "MISP e26223 [] Outgoing To IP: 201.124.86.37|995"; classtype:trojan-activity; sid:37217361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 145.82.129.126 443 (msg: "MISP e26223 [] Outgoing To IP: 145.82.129.126|443"; classtype:trojan-activity; sid:37217371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 49.12.7.88 443 (msg: "MISP e26223 [] Outgoing To IP: 49.12.7.88|443"; classtype:trojan-activity; sid:37217381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 172.105.14.104 4444 (msg: "MISP e26223 [] Outgoing To IP: 172.105.14.104|4444"; classtype:trojan-activity; sid:37217391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 51.15.235.86 53 (msg: "MISP e26223 [] Outgoing To IP: 51.15.235.86|53"; classtype:trojan-activity; sid:37217401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 31.220.80.82 53 (msg: "MISP e26223 [] Outgoing To IP: 31.220.80.82|53"; classtype:trojan-activity; sid:37217411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 209.127.186.234 64242 (msg: "MISP e26223 [] Outgoing To IP: 209.127.186.234|64242"; classtype:trojan-activity; sid:37217421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 43.198.240.228 443 (msg: "MISP e26223 [] Outgoing To IP: 43.198.240.228|443"; classtype:trojan-activity; sid:37217431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 82.146.39.80 7443 (msg: "MISP e26223 [] Outgoing To IP: 82.146.39.80|7443"; classtype:trojan-activity; sid:37217441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.81.157.14 8181 (msg: "MISP e26018 [asyncrat,c2] Outgoing To IP: 185.81.157.14|8181"; classtype:trojan-activity; sid:37089081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.180.155.218 1337 (msg: "MISP e26018 [c2,dcrat] Outgoing To IP: 5.180.155.218|1337"; classtype:trojan-activity; sid:37089091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [NanoCore,RAT] Domain kiwtreyy456rwty.duckdns.org"; dns.query; content:"kiwtreyy456rwty.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])kiwtreyy456rwty\.duckdns\.org$/i"; classtype:trojan-activity; sid:37089071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [NanoCore,RAT] Outgoing HTTP Domain kiwtreyy456rwty.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kiwtreyy456rwty.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kiwtreyy456rwty\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37089072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.180.155.218 1337 (msg: "MISP e26223 [] Outgoing To IP: 5.180.155.218|1337"; classtype:trojan-activity; sid:37217451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.81.157.14 8181 (msg: "MISP e26223 [] Outgoing To IP: 185.81.157.14|8181"; classtype:trojan-activity; sid:37217461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain kiwtreyy456rwty.duckdns.org"; dns.query; content:"kiwtreyy456rwty.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])kiwtreyy456rwty\.duckdns\.org$/i"; classtype:trojan-activity; sid:37217471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain kiwtreyy456rwty.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kiwtreyy456rwty.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kiwtreyy456rwty\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37217472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [dcrat] Outgoing URL http|3a|//553689cm.nyashsens.top/tosecurepacketgeocpuauthsqlwindowspublictemp.php"; flow:to_server,established; http.header; content:"553689cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/tosecurepacketgeocpuauthsqlwindowspublictemp.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37089101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//553689cm.nyashsens.top/TosecurepacketgeocpuauthSqlWindowspublictemp.php"; flow:to_server,established; http.header; content:"553689cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/TosecurepacketgeocpuauthSqlWindowspublictemp.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37217481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 9862668902dct7720.space-to-rent.com"; dns.query; content:"9862668902dct7720.space-to-rent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])9862668902dct7720\.space\-to\-rent\.com$/i"; classtype:trojan-activity; sid:37086581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 9862668902dct7720.space-to-rent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"9862668902dct7720.space-to-rent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])9862668902dct7720\.space\-to\-rent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37086582; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 782599872b98829972.groks-this.info"; dns.query; content:"782599872b98829972.groks-this.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])782599872b98829972\.groks\-this\.info$/i"; classtype:trojan-activity; sid:37086631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 782599872b98829972.groks-this.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"782599872b98829972.groks-this.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])782599872b98829972\.groks\-this\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37086632; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 45.11.180.127 3120 (msg: "MISP e26018 [NetSupport] Outgoing To IP: 45.11.180.127|3120"; classtype:trojan-activity; sid:37089111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 45.11.180.127 3120 (msg: "MISP e26223 [] Outgoing To IP: 45.11.180.127|3120"; classtype:trojan-activity; sid:37217491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e25955 [] Domain fogape.theaerie.ca"; dns.query; content:"fogape.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37062711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25955;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25955 [] Outgoing HTTP Domain fogape.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fogape.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25955;) alert dns any any -> any any (msg: "MISP e25956 [] Domain patito.theaerie.ca"; dns.query; content:"patito.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37062791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25956;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25956 [] Outgoing HTTP Domain patito.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patito.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25956;) alert dns any any -> any any (msg: "MISP e25846 [] Hostname pub-475f9b179ded450c9269051514bb473f.r2.dev"; dns.query; content:"pub-475f9b179ded450c9269051514bb473f.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-475f9b179ded450c9269051514bb473f\.r2\.dev$/i"; classtype:trojan-activity; sid:37253151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25846 [] Outgoing HTTP Hostname pub-475f9b179ded450c9269051514bb473f.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-475f9b179ded450c9269051514bb473f.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-475f9b179ded450c9269051514bb473f\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25846;) alert ip $HOME_NET any -> 116.202.184.165 9000 (msg: "MISP e26018 [Vidar] Outgoing To IP: 116.202.184.165|9000"; classtype:trojan-activity; sid:37089121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 49.13.33.99 443 (msg: "MISP e26018 [Vidar] Outgoing To IP: 49.13.33.99|443"; classtype:trojan-activity; sid:37089131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.75.211.127 443 (msg: "MISP e26018 [Vidar] Outgoing To IP: 5.75.211.127|443"; classtype:trojan-activity; sid:37089141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 88.198.108.242 9000 (msg: "MISP e26018 [Vidar] Outgoing To IP: 88.198.108.242|9000"; classtype:trojan-activity; sid:37089151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.75.209.125 443 (msg: "MISP e26018 [Vidar] Outgoing To IP: 5.75.209.125|443"; classtype:trojan-activity; sid:37089161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 116.202.0.229 443 (msg: "MISP e26018 [Vidar] Outgoing To IP: 116.202.0.229|443"; classtype:trojan-activity; sid:37089171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 95.217.243.137 $HTTP_PORTS (msg: "MISP e26018 [Vidar] Outgoing URL http|3a|//95.217.243.137/"; flow:to_server,established; http.header; content:"95.217.243.137"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37089241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 95.217.243.137 80 (msg: "MISP e26018 [Vidar] Outgoing To IP: 95.217.243.137|80"; classtype:trojan-activity; sid:37089251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 95.217.243.137 80 (msg: "MISP e26223 [] Outgoing To IP: 95.217.243.137|80"; classtype:trojan-activity; sid:37217501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 95.217.243.137 $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//95.217.243.137/"; flow:to_server,established; http.header; content:"95.217.243.137"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37217511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 49.13.33.99 443 (msg: "MISP e26223 [] Outgoing To IP: 49.13.33.99|443"; classtype:trojan-activity; sid:37217581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 5.75.211.127 443 (msg: "MISP e26223 [] Outgoing To IP: 5.75.211.127|443"; classtype:trojan-activity; sid:37217591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 88.198.108.242 9000 (msg: "MISP e26223 [] Outgoing To IP: 88.198.108.242|9000"; classtype:trojan-activity; sid:37217601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 5.75.209.125 443 (msg: "MISP e26223 [] Outgoing To IP: 5.75.209.125|443"; classtype:trojan-activity; sid:37217611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 116.202.0.229 443 (msg: "MISP e26223 [] Outgoing To IP: 116.202.0.229|443"; classtype:trojan-activity; sid:37217621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 116.202.184.165 9000 (msg: "MISP e26223 [] Outgoing To IP: 116.202.184.165|9000"; classtype:trojan-activity; sid:37217631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 172.245.214.91 $HTTP_PORTS (msg: "MISP e26047 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//172.245.214.91/comprobante%20de%20transferencia987586.hta"; flow:to_server,established; http.header; content:"172.245.214.91"; fast_pattern; nocase; http.uri; content:"/comprobante%20de%20transferencia987586.hta"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37106141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26047;) alert ip $HOME_NET any -> 185.172.128.136 32260 (msg: "MISP e26018 [RedLineStealer] Outgoing To IP: 185.172.128.136|32260"; classtype:trojan-activity; sid:37089261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.172.128.136 32260 (msg: "MISP e26223 [] Outgoing To IP: 185.172.128.136|32260"; classtype:trojan-activity; sid:37217641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26231 [] Domain aircanadaref0.com"; dns.query; content:"aircanadaref0.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aircanadaref0\.com$/i"; classtype:trojan-activity; sid:37224441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26231;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26231 [] Outgoing HTTP Domain aircanadaref0.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aircanadaref0.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aircanadaref0\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37224442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26231;) alert dns any any -> any any (msg: "MISP e26231 [] Domain samnovosti2023.ru"; dns.query; content:"samnovosti2023.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])samnovosti2023\.ru$/i"; classtype:trojan-activity; sid:37224451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26231;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26231 [] Outgoing HTTP Domain samnovosti2023.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"samnovosti2023.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])samnovosti2023\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37224452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26231;) alert dns any any -> any any (msg: "MISP e24665 [] Domain luxtrust-unlock.com"; dns.query; content:"luxtrust-unlock.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])luxtrust\-unlock\.com$/i"; classtype:trojan-activity; sid:37289421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/24665;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24665 [] Outgoing HTTP Domain luxtrust-unlock.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luxtrust-unlock.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luxtrust\-unlock\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37289422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/24665;) alert dns any any -> any any (msg: "MISP e24665 [] Domain ccss-sante-lu.com"; dns.query; content:"ccss-sante-lu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ccss\-sante\-lu\.com$/i"; classtype:trojan-activity; sid:37289431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/24665;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24665 [] Outgoing HTTP Domain ccss-sante-lu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ccss-sante-lu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ccss\-sante\-lu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37289432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/24665;) alert dns any any -> any any (msg: "MISP e26232 [] Domain cbrlandscapers.com.au"; dns.query; content:"cbrlandscapers.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-])cbrlandscapers\.com\.au$/i"; classtype:trojan-activity; sid:37224511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26232;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26232 [] Outgoing HTTP Domain cbrlandscapers.com.au"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cbrlandscapers.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cbrlandscapers\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37224512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26232;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26232 [] Destination Email Address: sales@cbrlandscapers.com.au"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"sales@cbrlandscapers.com.au"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37224601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26232;) alert ip $HOME_NET any -> 185.224.128.52 2053 (msg: "MISP e26223 [] Outgoing To IP: 185.224.128.52|2053"; classtype:trojan-activity; sid:37217651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.224.128.53 2079 (msg: "MISP e26223 [] Outgoing To IP: 185.224.128.53|2079"; classtype:trojan-activity; sid:37217661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.224.128.54 1629 (msg: "MISP e26223 [] Outgoing To IP: 185.224.128.54|1629"; classtype:trojan-activity; sid:37217671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.224.128.55 1713 (msg: "MISP e26223 [] Outgoing To IP: 185.224.128.55|1713"; classtype:trojan-activity; sid:37217681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 89.190.156.176 1311 (msg: "MISP e26223 [] Outgoing To IP: 89.190.156.176|1311"; classtype:trojan-activity; sid:37217691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 89.190.156.182 1725 (msg: "MISP e26223 [] Outgoing To IP: 89.190.156.182|1725"; classtype:trojan-activity; sid:37217701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 89.190.156.211 1311 (msg: "MISP e26223 [] Outgoing To IP: 89.190.156.211|1311"; classtype:trojan-activity; sid:37217711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 89.190.156.253 61616 (msg: "MISP e26223 [] Outgoing To IP: 89.190.156.253|61616"; classtype:trojan-activity; sid:37217721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.224.128.49 1311 (msg: "MISP e26223 [] Outgoing To IP: 185.224.128.49|1311"; classtype:trojan-activity; sid:37217731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.224.128.50 1311 (msg: "MISP e26223 [] Outgoing To IP: 185.224.128.50|1311"; classtype:trojan-activity; sid:37217741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.224.128.51 1435 (msg: "MISP e26223 [] Outgoing To IP: 185.224.128.51|1435"; classtype:trojan-activity; sid:37217751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 45.81.23.13 1433 (msg: "MISP e26223 [] Outgoing To IP: 45.81.23.13|1433"; classtype:trojan-activity; sid:37217761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 45.95.146.13 61616 (msg: "MISP e26223 [] Outgoing To IP: 45.95.146.13|61616"; classtype:trojan-activity; sid:37217771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 89.190.156.172 1311 (msg: "MISP e26223 [] Outgoing To IP: 89.190.156.172|1311"; classtype:trojan-activity; sid:37217781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 89.190.156.173 1306 (msg: "MISP e26223 [] Outgoing To IP: 89.190.156.173|1306"; classtype:trojan-activity; sid:37217791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 89.190.156.174 1311 (msg: "MISP e26223 [] Outgoing To IP: 89.190.156.174|1311"; classtype:trojan-activity; sid:37217801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 89.190.156.175 1517 (msg: "MISP e26223 [] Outgoing To IP: 89.190.156.175|1517"; classtype:trojan-activity; sid:37217811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 203.95.8.98 any (msg: "MISP e26321 [] Outgoing To IP: 203.95.8.98"; classtype:trojan-activity; sid:37248911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26321;) alert ip $HOME_NET any -> 203.95.9.54 any (msg: "MISP e26321 [] Outgoing To IP: 203.95.9.54"; classtype:trojan-activity; sid:37248921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26321;) alert ip $HOME_NET any -> 34.147.242.231 2376 (msg: "MISP e26018 [c2,sliver] Outgoing To IP: 34.147.242.231|2376"; classtype:trojan-activity; sid:37089541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e24600 [] Domain comptoir-electronique.fr"; dns.query; content:"comptoir-electronique.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])comptoir\-electronique\.fr$/i"; classtype:trojan-activity; sid:37115281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain comptoir-electronique.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comptoir-electronique.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comptoir\-electronique\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115282; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain cns-lu.web.app"; dns.query; content:"cns-lu.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])cns\-lu\.web\.app$/i"; classtype:trojan-activity; sid:37115311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain cns-lu.web.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cns-lu.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cns\-lu\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115312; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain eu-central-1.fybeobjects.com"; dns.query; content:"eu-central-1.fybeobjects.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eu\-central\-1\.fybeobjects\.com$/i"; classtype:trojan-activity; sid:37115351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain eu-central-1.fybeobjects.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eu-central-1.fybeobjects.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eu\-central\-1\.fybeobjects\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115352; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 34.147.242.231 2376 (msg: "MISP e26223 [] Outgoing To IP: 34.147.242.231|2376"; classtype:trojan-activity; sid:37217821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 172.200.160.7 443 (msg: "MISP e26018 [CobaltStrike,cs-watermark-2005868699,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 172.200.160.7|443"; classtype:trojan-activity; sid:37089561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 172.200.160.7 443 (msg: "MISP e26223 [] Outgoing To IP: 172.200.160.7|443"; classtype:trojan-activity; sid:37217941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 5.42.65.38 2642 (msg: "MISP e26018 [RedLineStealer] Outgoing To IP: 5.42.65.38|2642"; classtype:trojan-activity; sid:37089571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.42.65.38 2642 (msg: "MISP e26223 [] Outgoing To IP: 5.42.65.38|2642"; classtype:trojan-activity; sid:37217951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 172.232.172.123 $HTTP_PORTS (msg: "MISP e26379 [] Outgoing URL http|3a|//172.232.172.123/400/ISIcentos.vbs"; flow:to_server,established; http.header; content:"172.232.172.123"; fast_pattern; nocase; http.uri; content:"/400/ISIcentos.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37253791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26379;) alert http $HOME_NET any -> 172.232.172.123 $HTTP_PORTS (msg: "MISP e26379 [] Outgoing URL http|3a|//172.232.172.123/400/RMC.txt"; flow:to_server,established; http.header; content:"172.232.172.123"; fast_pattern; nocase; http.uri; content:"/400/RMC.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37253801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26379;) alert http $HOME_NET any -> 172.232.172.123 $HTTP_PORTS (msg: "MISP e26379 [] Outgoing URL http|3a|//172.232.172.123/svd/mcirosystemcontainercleanerbyconfiuraitonproteocolstartedfrotheindustyrmostsucessfulpersondesignedthisnew.doC"; flow:to_server,established; http.header; content:"172.232.172.123"; fast_pattern; nocase; http.uri; content:"/svd/mcirosystemcontainercleanerbyconfiuraitonproteocolstartedfrotheindustyrmostsucessfulpersondesignedthisnew.doC"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37253811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26379;) alert ip $HOME_NET any -> 80.66.66.97 3790 (msg: "MISP e26018 [c2,Meterpreter] Outgoing To IP: 80.66.66.97|3790"; classtype:trojan-activity; sid:37089581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.124.67.191 12609 (msg: "MISP e26223 [] Outgoing To IP: 3.124.67.191|12609"; classtype:trojan-activity; sid:37217961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 3.125.188.168 12609 (msg: "MISP e26223 [] Outgoing To IP: 3.125.188.168|12609"; classtype:trojan-activity; sid:37217971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 80.66.66.97 3790 (msg: "MISP e26223 [] Outgoing To IP: 80.66.66.97|3790"; classtype:trojan-activity; sid:37217981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26381 [] Destination Email Address: dynex@dynex-kr.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"dynex@dynex-kr.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37254591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26381;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [dcrat] Outgoing URL http|3a|//103761cm.nyashsens.top/eternalgameserveruniversal.php"; flow:to_server,established; http.header; content:"103761cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/eternalgameserveruniversal.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37089611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26382 [] Domain gator3220.hostgator.com"; dns.query; content:"gator3220.hostgator.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gator3220\.hostgator\.com$/i"; classtype:trojan-activity; sid:37254751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26382;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26382 [] Outgoing HTTP Domain gator3220.hostgator.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gator3220.hostgator.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gator3220\.hostgator\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37254752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26382;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26382 [] Destination Email Address: rep3get@aoqiinflatables.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"rep3get@aoqiinflatables.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37254771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26382;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26382 [] Destination Email Address: rep3send@aoqiinflatables.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"rep3send@aoqiinflatables.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37254781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26382;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//103761cm.nyashsens.top/EternalGameServeruniversal.php"; flow:to_server,established; http.header; content:"103761cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/EternalGameServeruniversal.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37217991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25957 [] Outgoing URL http|3a|//estado-express.pages.dev"; flow:to_server,established; http.header; content:"estado-express.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25957;) alert dns any any -> any any (msg: "MISP e25957 [] Domain estado-express.pages.dev"; dns.query; content:"estado-express.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-express\.pages\.dev$/i"; classtype:trojan-activity; sid:37062881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25957;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25957 [] Outgoing HTTP Domain estado-express.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado-express.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-express\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25957;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25958 [] Outgoing URL http|3a|//estado-express.pages.dev"; flow:to_server,established; http.header; content:"estado-express.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37062951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25958;) alert dns any any -> any any (msg: "MISP e25958 [] Domain estado-express.pages.dev"; dns.query; content:"estado-express.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-express\.pages\.dev$/i"; classtype:trojan-activity; sid:37062971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25958;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25958 [] Outgoing HTTP Domain estado-express.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado-express.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-express\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37062972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25958;) alert dns any any -> any any (msg: "MISP e25959 [] Domain estado-express.pages.dev"; dns.query; content:"estado-express.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-express\.pages\.dev$/i"; classtype:trojan-activity; sid:37063051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25959;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25959 [] Outgoing HTTP Domain estado-express.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado-express.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-express\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37063052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25959;) alert ip $HOME_NET any -> 3.138.180.119 16825 (msg: "MISP e26018 [NanoCore,RAT] Outgoing To IP: 3.138.180.119|16825"; classtype:trojan-activity; sid:37089621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.131.147.49 16825 (msg: "MISP e26018 [NanoCore,RAT] Outgoing To IP: 3.131.147.49|16825"; classtype:trojan-activity; sid:37089631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.136.65.236 16825 (msg: "MISP e26018 [NanoCore,RAT] Outgoing To IP: 3.136.65.236|16825"; classtype:trojan-activity; sid:37089641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.136.65.236 16825 (msg: "MISP e26223 [] Outgoing To IP: 3.136.65.236|16825"; classtype:trojan-activity; sid:37218001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 3.131.147.49 16825 (msg: "MISP e26223 [] Outgoing To IP: 3.131.147.49|16825"; classtype:trojan-activity; sid:37218011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 3.138.180.119 16825 (msg: "MISP e26223 [] Outgoing To IP: 3.138.180.119|16825"; classtype:trojan-activity; sid:37218021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25960 [] Outgoing URL http|3a|//dev-wmbcr.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-wmbcr.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37063121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25960;) alert dns any any -> any any (msg: "MISP e25960 [] Domain dev-wmbcr.pantheonsite.io"; dns.query; content:"dev-wmbcr.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-wmbcr\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37063161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25960;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25960 [] Outgoing HTTP Domain dev-wmbcr.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-wmbcr.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-wmbcr\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37063162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25960;) alert dns any any -> any any (msg: "MISP e26231 [] Hostname homa.co.kr"; dns.query; content:"homa.co.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])homa\.co\.kr$/i"; classtype:trojan-activity; sid:37224461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26231;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26231 [] Outgoing HTTP Hostname homa.co.kr"; flow:to_server,established; http.header; content: "Host|3a| homa.co.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])homa\.co\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37224462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26231;) alert ip $HOME_NET any -> 103.186.117.181 1775 (msg: "MISP e26018 [RAT,RemcosRAT] Outgoing To IP: 103.186.117.181|1775"; classtype:trojan-activity; sid:37089651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 94.156.64.202 4036 (msg: "MISP e26018 [AveMariaRAT,RAT] Outgoing To IP: 94.156.64.202|4036"; classtype:trojan-activity; sid:37089661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.133.207.110 16825 (msg: "MISP e26018 [NanoCore,RAT] Outgoing To IP: 3.133.207.110|16825"; classtype:trojan-activity; sid:37089671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.124.67.191 12609 (msg: "MISP e26018 [njrat,RAT] Outgoing To IP: 3.124.67.191|12609"; classtype:trojan-activity; sid:37089591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.125.188.168 12609 (msg: "MISP e26018 [njrat,RAT] Outgoing To IP: 3.125.188.168|12609"; classtype:trojan-activity; sid:37089601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.224.128.54 1629 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 185.224.128.54|1629"; classtype:trojan-activity; sid:37089421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.224.128.55 1713 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 185.224.128.55|1713"; classtype:trojan-activity; sid:37089431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.224.128.51 1435 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 185.224.128.51|1435"; classtype:trojan-activity; sid:37089391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.224.128.52 2053 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 185.224.128.52|2053"; classtype:trojan-activity; sid:37089401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.224.128.53 2079 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 185.224.128.53|2079"; classtype:trojan-activity; sid:37089411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.224.128.50 1311 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 185.224.128.50|1311"; classtype:trojan-activity; sid:37089381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 89.190.156.211 1311 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 89.190.156.211|1311"; classtype:trojan-activity; sid:37089351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.224.128.49 1311 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 185.224.128.49|1311"; classtype:trojan-activity; sid:37089371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 89.190.156.176 1311 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 89.190.156.176|1311"; classtype:trojan-activity; sid:37089331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 89.190.156.182 1725 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 89.190.156.182|1725"; classtype:trojan-activity; sid:37089341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 89.190.156.253 61616 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 89.190.156.253|61616"; classtype:trojan-activity; sid:37089361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 89.190.156.175 1517 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 89.190.156.175|1517"; classtype:trojan-activity; sid:37089321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 89.190.156.174 1311 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 89.190.156.174|1311"; classtype:trojan-activity; sid:37089311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 45.95.146.13 61616 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 45.95.146.13|61616"; classtype:trojan-activity; sid:37089281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 89.190.156.172 1311 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 89.190.156.172|1311"; classtype:trojan-activity; sid:37089291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 89.190.156.173 1306 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 89.190.156.173|1306"; classtype:trojan-activity; sid:37089301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 45.81.23.13 1433 (msg: "MISP e26018 [Alsycon,AS49870,TBOTNET] Outgoing To IP: 45.81.23.13|1433"; classtype:trojan-activity; sid:37089271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.133.207.110 16825 (msg: "MISP e26223 [] Outgoing To IP: 3.133.207.110|16825"; classtype:trojan-activity; sid:37218031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 94.156.64.202 4036 (msg: "MISP e26223 [] Outgoing To IP: 94.156.64.202|4036"; classtype:trojan-activity; sid:37218041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 103.186.117.181 1775 (msg: "MISP e26223 [] Outgoing To IP: 103.186.117.181|1775"; classtype:trojan-activity; sid:37218051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 77.105.147.130 $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//77.105.147.130/api/firecom.php"; flow:to_server,established; http.header; content:"77.105.147.130"; fast_pattern; nocase; http.uri; content:"/api/firecom.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37218061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e25961 [] Domain consuecsmfuir.com"; dns.query; content:"consuecsmfuir.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])consuecsmfuir\.com$/i"; classtype:trojan-activity; sid:37063261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25961;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25961 [] Outgoing HTTP Domain consuecsmfuir.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consuecsmfuir.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consuecsmfuir\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37063262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25961;) alert dns any any -> any any (msg: "MISP e25962 [] Domain cuentarut-estado.pages.dev"; dns.query; content:"cuentarut-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37063341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25962;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25962 [] Outgoing HTTP Domain cuentarut-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cuentarut-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37063342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25962;) alert ip $HOME_NET any -> 103.186.117.77 1760 (msg: "MISP e26018 [RAT,RemcosRAT] Outgoing To IP: 103.186.117.77|1760"; classtype:trojan-activity; sid:37089681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25963 [] Outgoing URL http|3a|//cuentarut-estado.pages.dev"; flow:to_server,established; http.header; content:"cuentarut-estado.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37063411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25963;) alert dns any any -> any any (msg: "MISP e25963 [] Domain cuentarut-estado.pages.dev"; dns.query; content:"cuentarut-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37063431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25963;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25963 [] Outgoing HTTP Domain cuentarut-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cuentarut-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37063432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25963;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26385 [] Outgoing URL http|3a|//www.kamensky.rt3d.ru/wp-includes/ojpo/newx.php"; flow:to_server,established; http.header; content:"www.kamensky.rt3d.ru"; fast_pattern; nocase; http.uri; content:"/wp-includes/ojpo/newx.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37255221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26385;) alert dns any any -> any any (msg: "MISP e25964 [] Domain cuentarut-estado.pages.dev"; dns.query; content:"cuentarut-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37063511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25964;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25964 [] Outgoing HTTP Domain cuentarut-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cuentarut-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37063512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25964;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25965 [] Outgoing URL http|3a|//express-estado.pages.dev"; flow:to_server,established; http.header; content:"express-estado.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37063581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25965;) alert dns any any -> any any (msg: "MISP e25965 [] Domain express-estado.pages.dev"; dns.query; content:"express-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])express\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37063601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25965;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25965 [] Outgoing HTTP Domain express-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"express-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])express\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37063602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25965;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25966 [] Outgoing URL http|3a|//estado-cuentarut.pages.dev"; flow:to_server,established; http.header; content:"estado-cuentarut.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37063671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25966;) alert dns any any -> any any (msg: "MISP e25966 [] Domain estado-cuentarut.pages.dev"; dns.query; content:"estado-cuentarut.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-cuentarut\.pages\.dev$/i"; classtype:trojan-activity; sid:37063691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25966;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25966 [] Outgoing HTTP Domain estado-cuentarut.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado-cuentarut.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-cuentarut\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37063692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25966;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25967 [] Outgoing URL http|3a|//estado-app.pages.dev"; flow:to_server,established; http.header; content:"estado-app.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37063761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25967;) alert dns any any -> any any (msg: "MISP e25967 [] Domain estado-app.pages.dev"; dns.query; content:"estado-app.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-app\.pages\.dev$/i"; classtype:trojan-activity; sid:37063781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25967;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25967 [] Outgoing HTTP Domain estado-app.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado-app.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-app\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37063782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25967;) alert ip $HOME_NET any -> 103.186.117.77 1760 (msg: "MISP e26223 [] Outgoing To IP: 103.186.117.77|1760"; classtype:trojan-activity; sid:37218071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e25847 [] Hostname 212.ip.ply.gg"; dns.query; content:"212.ip.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])212\.ip\.ply\.gg$/i"; classtype:trojan-activity; sid:37253161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25847 [] Outgoing HTTP Hostname 212.ip.ply.gg"; flow:to_server,established; http.header; content: "Host|3a| 212.ip.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])212\.ip\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert dns any any -> any any (msg: "MISP e25847 [] Domain uerzasmilitares.es"; dns.query; content:"uerzasmilitares.es"; nocase; pcre: "/(^|[^A-Za-z0-9-])uerzasmilitares\.es$/i"; classtype:trojan-activity; sid:37253171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25847 [] Outgoing HTTP Domain uerzasmilitares.es"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uerzasmilitares.es"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uerzasmilitares\.es[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert dns any any -> any any (msg: "MISP e25968 [] Domain www-tarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"www-tarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-tarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37063871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25968;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25968 [] Outgoing HTTP Domain www-tarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www-tarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-tarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37063872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25968;) alert dns any any -> any any (msg: "MISP e24600 [] Domain ecreateluxxmillsellingship-1542298.mybigcommerce.com"; dns.query; content:"ecreateluxxmillsellingship-1542298.mybigcommerce.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecreateluxxmillsellingship\-1542298\.mybigcommerce\.com$/i"; classtype:trojan-activity; sid:37115401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain ecreateluxxmillsellingship-1542298.mybigcommerce.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecreateluxxmillsellingship-1542298.mybigcommerce.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecreateluxxmillsellingship\-1542298\.mybigcommerce\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115402; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 23.155.8.220 2404 (msg: "MISP e26018 [c2,remcos] Outgoing To IP: 23.155.8.220|2404"; classtype:trojan-activity; sid:37089691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 23.155.8.220 2404 (msg: "MISP e26223 [] Outgoing To IP: 23.155.8.220|2404"; classtype:trojan-activity; sid:37218081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26103 [] Domain omniva.turvalinetehing.site"; dns.query; content:"omniva.turvalinetehing.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.turvalinetehing\.site$/i"; classtype:trojan-activity; sid:37129551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26103;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26103 [] Outgoing HTTP Domain omniva.turvalinetehing.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omniva.turvalinetehing.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.turvalinetehing\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26103;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26103 [] Outgoing URL http|3a|//omniva.turvalinetehing.site"; flow:to_server,established; http.header; content:"omniva.turvalinetehing.site"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37129561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26103;) alert ip $HOME_NET any -> 5.42.65.38 46185 (msg: "MISP e26018 [RedLineStealer] Outgoing To IP: 5.42.65.38|46185"; classtype:trojan-activity; sid:37089701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.42.65.38 46185 (msg: "MISP e26223 [] Outgoing To IP: 5.42.65.38|46185"; classtype:trojan-activity; sid:37218091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e25990 [] Outgoing URL http|3a|//dev-reclamosbippersonas.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-reclamosbippersonas.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37069091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25990;) alert dns any any -> any any (msg: "MISP e25990 [] Domain dev-reclamosbippersonas.pantheonsite.io"; dns.query; content:"dev-reclamosbippersonas.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-reclamosbippersonas\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37069111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25990;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25990 [] Outgoing HTTP Domain dev-reclamosbippersonas.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-reclamosbippersonas.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-reclamosbippersonas\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37069112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25990;) alert dns any any -> any any (msg: "MISP e26388 [] Domain doonwload.fun"; dns.query; content:"doonwload.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])doonwload\.fun$/i"; classtype:trojan-activity; sid:37255551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26388 [] Outgoing HTTP Domain doonwload.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doonwload.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doonwload\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37255552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert dns any any -> any any (msg: "MISP e26388 [] Domain inosthome.fun"; dns.query; content:"inosthome.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])inosthome\.fun$/i"; classtype:trojan-activity; sid:37255561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26388 [] Outgoing HTTP Domain inosthome.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"inosthome.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])inosthome\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37255562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26388 [c2] Outgoing URL http|3a|//doonwload.fun/"; flow:to_server,established; http.header; content:"doonwload.fun"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37255571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert dns any any -> any any (msg: "MISP e26018 [AS-COLOCROSSING,AS36352,c2,censys] Domain bold-clarke.104-168-102-175.plesk.page"; dns.query; content:"bold-clarke.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])bold\-clarke\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37089711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain bold-clarke.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bold-clarke.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bold\-clarke\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37089712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.priceless-bose.104-168-102-175.plesk.page"; dns.query; content:"www.priceless-bose.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.priceless\-bose\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37089721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.priceless-bose.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.priceless-bose.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.priceless\-bose\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37089722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AS-COLOCROSSING,AS36352,c2,censys] Domain lucid-albattani.104-168-102-175.plesk.page"; dns.query; content:"lucid-albattani.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])lucid\-albattani\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37089731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain lucid-albattani.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lucid-albattani.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lucid\-albattani\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37089732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 49.232.220.17 7000 (msg: "MISP e26018 [AS45090,c2,censys] Outgoing To IP: 49.232.220.17|7000"; classtype:trojan-activity; sid:37089741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AS-COLOCROSSING,AS36352,c2,censys] Domain gifted-khayyam.104-168-102-175.plesk.page"; dns.query; content:"gifted-khayyam.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])gifted\-khayyam\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37089751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain gifted-khayyam.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gifted-khayyam.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gifted\-khayyam\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37089752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AS-COLOCROSSING,AS36352,c2,censys] Domain pensive-brattain.104-168-102-175.plesk.page"; dns.query; content:"pensive-brattain.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])pensive\-brattain\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37089761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain pensive-brattain.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pensive-brattain.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pensive\-brattain\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37089762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 213.109.202.222 80 (msg: "MISP e26018 [AS208312,c2,censys,REDBYTES] Outgoing To IP: 213.109.202.222|80"; classtype:trojan-activity; sid:37089771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 163.53.216.157 80 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 163.53.216.157|80"; classtype:trojan-activity; sid:37089781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 163.53.216.157 443 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 163.53.216.157|443"; classtype:trojan-activity; sid:37089791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 47.98.178.246 4567 (msg: "MISP e26018 [AS37963,c2,censys] Outgoing To IP: 47.98.178.246|4567"; classtype:trojan-activity; sid:37089801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 103.228.108.247 80 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 103.228.108.247|80"; classtype:trojan-activity; sid:37089811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 103.228.108.247 443 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 103.228.108.247|443"; classtype:trojan-activity; sid:37089821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 81.56.212.102 49443 (msg: "MISP e26018 [AS29447,c2,censys] Outgoing To IP: 81.56.212.102|49443"; classtype:trojan-activity; sid:37089831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 8.137.50.92 443 (msg: "MISP e26018 [AS37963,c2,censys] Outgoing To IP: 8.137.50.92|443"; classtype:trojan-activity; sid:37089841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 79.132.140.216 80 (msg: "MISP e26018 [AS44066,c2,censys] Outgoing To IP: 79.132.140.216|80"; classtype:trojan-activity; sid:37089851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 43.228.89.245 80 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 43.228.89.245|80"; classtype:trojan-activity; sid:37089861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 43.228.89.245 443 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 43.228.89.245|443"; classtype:trojan-activity; sid:37089871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 101.201.46.105 1234 (msg: "MISP e26018 [AS37963,c2,censys] Outgoing To IP: 101.201.46.105|1234"; classtype:trojan-activity; sid:37089881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 115.126.107.244 80 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 115.126.107.244|80"; classtype:trojan-activity; sid:37089891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 115.126.107.244 443 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 115.126.107.244|443"; classtype:trojan-activity; sid:37089901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 65.20.81.7 8080 (msg: "MISP e26018 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 65.20.81.7|8080"; classtype:trojan-activity; sid:37089911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 94.156.69.169 2000 (msg: "MISP e26018 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.69.169|2000"; classtype:trojan-activity; sid:37089921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 120.48.96.69 9001 (msg: "MISP e26018 [AS38365,c2,censys] Outgoing To IP: 120.48.96.69|9001"; classtype:trojan-activity; sid:37089931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 43.228.89.248 80 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 43.228.89.248|80"; classtype:trojan-activity; sid:37089941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 43.228.89.248 443 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 43.228.89.248|443"; classtype:trojan-activity; sid:37089951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 43.228.89.246 80 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 43.228.89.246|80"; classtype:trojan-activity; sid:37089961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 43.228.89.246 443 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 43.228.89.246|443"; classtype:trojan-activity; sid:37089971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 205.234.233.180 2082 (msg: "MISP e26018 [AS142036,c2,censys] Outgoing To IP: 205.234.233.180|2082"; classtype:trojan-activity; sid:37089981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 43.228.89.247 80 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 43.228.89.247|80"; classtype:trojan-activity; sid:37089991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 43.228.89.247 443 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 43.228.89.247|443"; classtype:trojan-activity; sid:37090001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 196.235.104.22 8080 (msg: "MISP e26018 [AS37492,c2,censys,ORANGE-] Outgoing To IP: 196.235.104.22|8080"; classtype:trojan-activity; sid:37090011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 43.128.85.89 8011 (msg: "MISP e26018 [AS132203,c2,censys] Outgoing To IP: 43.128.85.89|8011"; classtype:trojan-activity; sid:37090021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 116.212.120.32 443 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 116.212.120.32|443"; classtype:trojan-activity; sid:37090031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 116.212.120.32 80 (msg: "MISP e26018 [AS38186,c2,censys] Outgoing To IP: 116.212.120.32|80"; classtype:trojan-activity; sid:37090041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 1911 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|1911"; classtype:trojan-activity; sid:37090051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 2077 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2077"; classtype:trojan-activity; sid:37090061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 2080 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2080"; classtype:trojan-activity; sid:37090071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 2086 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2086"; classtype:trojan-activity; sid:37090081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 1756 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|1756"; classtype:trojan-activity; sid:37090091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 1801 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|1801"; classtype:trojan-activity; sid:37090101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 2053 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2053"; classtype:trojan-activity; sid:37090111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 2082 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2082"; classtype:trojan-activity; sid:37090121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 2083 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2083"; classtype:trojan-activity; sid:37090131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 2181 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2181"; classtype:trojan-activity; sid:37090141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 2281 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2281"; classtype:trojan-activity; sid:37090151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 1723 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|1723"; classtype:trojan-activity; sid:37090161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 1883 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|1883"; classtype:trojan-activity; sid:37090171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 2000 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2000"; classtype:trojan-activity; sid:37090181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 2004 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2004"; classtype:trojan-activity; sid:37090191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.135.146.194 2052 (msg: "MISP e26018 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2052"; classtype:trojan-activity; sid:37090201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 154.212.145.72 8008 (msg: "MISP e26018 [AS136778,c2,censys,RAT] Outgoing To IP: 154.212.145.72|8008"; classtype:trojan-activity; sid:37090211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 93.242.137.1 51124 (msg: "MISP e26018 [AS3320,c2,censys,RAT] Outgoing To IP: 93.242.137.1|51124"; classtype:trojan-activity; sid:37090221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 154.16.67.94 8088 (msg: "MISP e26018 [AS397423,c2,censys,RAT,TIER-NET] Outgoing To IP: 154.16.67.94|8088"; classtype:trojan-activity; sid:37090231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 46.246.82.3 2000 (msg: "MISP e26018 [AS42708,c2,censys,RAT] Outgoing To IP: 46.246.82.3|2000"; classtype:trojan-activity; sid:37090241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 181.235.80.187 2404 (msg: "MISP e26018 [AS3816,c2,censys,RAT] Outgoing To IP: 181.235.80.187|2404"; classtype:trojan-activity; sid:37090251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 181.235.80.187 8888 (msg: "MISP e26018 [AS3816,c2,censys,RAT] Outgoing To IP: 181.235.80.187|8888"; classtype:trojan-activity; sid:37090261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 187.24.66.48 9999 (msg: "MISP e26018 [AS22085,c2,censys,RAT] Outgoing To IP: 187.24.66.48|9999"; classtype:trojan-activity; sid:37090271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.81.157.179 8808 (msg: "MISP e26018 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.179|8808"; classtype:trojan-activity; sid:37090281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 80.90.179.251 7443 (msg: "MISP e26018 [AS9123,c2,censys,Mythic,TIMEWEB-AS] Outgoing To IP: 80.90.179.251|7443"; classtype:trojan-activity; sid:37090291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 164.92.189.59 443 (msg: "MISP e26018 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 164.92.189.59|443"; classtype:trojan-activity; sid:37090301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 94.177.106.44 80 (msg: "MISP e26018 [AS9050,c2,censys,HookBot] Outgoing To IP: 94.177.106.44|80"; classtype:trojan-activity; sid:37090311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 94.156.69.93 80 (msg: "MISP e26018 [AS394711,c2,censys,HookBot,LIMENET] Outgoing To IP: 94.156.69.93|80"; classtype:trojan-activity; sid:37090321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 194.26.192.66 80 (msg: "MISP e26018 [AS210558,c2,censys,HookBot] Outgoing To IP: 194.26.192.66|80"; classtype:trojan-activity; sid:37090331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 93.123.39.192 50555 (msg: "MISP e26018 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 93.123.39.192|50555"; classtype:trojan-activity; sid:37090341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 191.7.32.19 80 (msg: "MISP e26018 [AS263309,c2,censys,HookBot] Outgoing To IP: 191.7.32.19|80"; classtype:trojan-activity; sid:37090351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.79.194.172 443 (msg: "MISP e26018 [AMAZON-02,AS16509,c2,censys,HookBot] Outgoing To IP: 3.79.194.172|443"; classtype:trojan-activity; sid:37090361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Domain photopoiskvk.pro"; dns.query; content:"photopoiskvk.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-])photopoiskvk\.pro$/i"; classtype:trojan-activity; sid:37090371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Outgoing HTTP Domain photopoiskvk.pro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"photopoiskvk.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])photopoiskvk\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.78.76.85 443 (msg: "MISP e26018 [AS-NUXTCLOUD,AS216127,c2,censys,HookBot] Outgoing To IP: 185.78.76.85|443"; classtype:trojan-activity; sid:37090381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 62.109.6.164 80 (msg: "MISP e26018 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 62.109.6.164|80"; classtype:trojan-activity; sid:37090391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 194.147.140.234 82 (msg: "MISP e26018 [AS208476,c2,censys,PRIVACYFIRST,RAT] Outgoing To IP: 194.147.140.234|82"; classtype:trojan-activity; sid:37090401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 181.161.3.29 8080 (msg: "MISP e26018 [AS7418,c2,censys,RAT] Outgoing To IP: 181.161.3.29|8080"; classtype:trojan-activity; sid:37090411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 114.104.183.54 4782 (msg: "MISP e26018 [AS4134,c2,censys,RAT] Outgoing To IP: 114.104.183.54|4782"; classtype:trojan-activity; sid:37090421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 154.61.74.84 4782 (msg: "MISP e26018 [AS135175,c2,censys,RAT] Outgoing To IP: 154.61.74.84|4782"; classtype:trojan-activity; sid:37090431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AS30823,c2,censys] Domain vps-zap449572-1.zap-srv.com"; dns.query; content:"vps-zap449572-1.zap-srv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap449572\-1\.zap\-srv\.com$/i"; classtype:trojan-activity; sid:37090441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AS30823,c2,censys] Outgoing HTTP Domain vps-zap449572-1.zap-srv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vps-zap449572-1.zap-srv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap449572\-1\.zap\-srv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 194.48.251.120 4449 (msg: "MISP e26018 [AS203168,c2,censys,RAT,UNKNOW] Outgoing To IP: 194.48.251.120|4449"; classtype:trojan-activity; sid:37090451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 194.48.251.189 4449 (msg: "MISP e26018 [AS203168,c2,censys,RAT,UNKNOW] Outgoing To IP: 194.48.251.189|4449"; classtype:trojan-activity; sid:37090461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 194.48.251.10 4449 (msg: "MISP e26018 [AS203168,c2,censys,RAT,UNKNOW] Outgoing To IP: 194.48.251.10|4449"; classtype:trojan-activity; sid:37090471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 134.255.254.225 5051 (msg: "MISP e26018 [AS213250,c2,censys,ITP-SOLUTIONS,RAT] Outgoing To IP: 134.255.254.225|5051"; classtype:trojan-activity; sid:37090481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 164.215.103.171 80 (msg: "MISP e26018 [AS213373,c2,censys,IPCONNECT] Outgoing To IP: 164.215.103.171|80"; classtype:trojan-activity; sid:37090491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 20.151.153.84 80 (msg: "MISP e26018 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.151.153.84|80"; classtype:trojan-activity; sid:37090501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 146.19.191.178 80 (msg: "MISP e26018 [AS49581,c2,censys,FERDINANDZINK] Outgoing To IP: 146.19.191.178|80"; classtype:trojan-activity; sid:37090511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 37.221.92.58 80 (msg: "MISP e26018 [AS49581,c2,censys,FERDINANDZINK,UNAM] Outgoing To IP: 37.221.92.58|80"; classtype:trojan-activity; sid:37090521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 51.77.121.144 443 (msg: "MISP e26018 [AS16276,c2,censys,OVH,UNAM] Outgoing To IP: 51.77.121.144|443"; classtype:trojan-activity; sid:37090531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 103.16.224.239 443 (msg: "MISP e26018 [AS140815,banking,c2,censys,KrakenRAT,RAT] Outgoing To IP: 103.16.224.239|443"; classtype:trojan-activity; sid:37090541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 149.104.27.224 60000 (msg: "MISP e26018 [AS139659,censys,Viper] Outgoing To IP: 149.104.27.224|60000"; classtype:trojan-activity; sid:37090551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 121.127.252.248 60000 (msg: "MISP e26018 [AS64050,censys,Viper] Outgoing To IP: 121.127.252.248|60000"; classtype:trojan-activity; sid:37090561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 178.79.138.91 443 (msg: "MISP e26018 [AS63949,censys,EvilGinx,phishing] Outgoing To IP: 178.79.138.91|443"; classtype:trojan-activity; sid:37090571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain xenodochial-austin.142-11-199-59.plesk.page"; dns.query; content:"xenodochial-austin.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])xenodochial\-austin\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37090581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain xenodochial-austin.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xenodochial-austin.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xenodochial\-austin\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AMAZON-AES,AS14618,censys,EvilGinx,phishing] Domain content.g-a.fun"; dns.query; content:"content.g-a.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])content\.g\-a\.fun$/i"; classtype:trojan-activity; sid:37090591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AMAZON-AES,AS14618,censys,EvilGinx,phishing] Outgoing HTTP Domain content.g-a.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"content.g-a.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])content\.g\-a\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AMAZON-AES,AS14618,censys,EvilGinx,phishing] Domain clients5.g-a.fun"; dns.query; content:"clients5.g-a.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])clients5\.g\-a\.fun$/i"; classtype:trojan-activity; sid:37090601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AMAZON-AES,AS14618,censys,EvilGinx,phishing] Outgoing HTTP Domain clients5.g-a.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clients5.g-a.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clients5\.g\-a\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AMAZON-AES,AS14618,censys,EvilGinx,phishing] Domain ssl.g-a.fun"; dns.query; content:"ssl.g-a.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])ssl\.g\-a\.fun$/i"; classtype:trojan-activity; sid:37090611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AMAZON-AES,AS14618,censys,EvilGinx,phishing] Outgoing HTTP Domain ssl.g-a.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ssl.g-a.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ssl\.g\-a\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,phishing] Domain findajobforme.linkedin.loginfor.me"; dns.query; content:"findajobforme.linkedin.loginfor.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])findajobforme\.linkedin\.loginfor\.me$/i"; classtype:trojan-activity; sid:37090621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,phishing] Outgoing HTTP Domain findajobforme.linkedin.loginfor.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"findajobforme.linkedin.loginfor.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])findajobforme\.linkedin\.loginfor\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [AMAZON-AES,AS14618,censys,EvilGinx,phishing] Domain fonts.g-a.fun"; dns.query; content:"fonts.g-a.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])fonts\.g\-a\.fun$/i"; classtype:trojan-activity; sid:37090631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [AMAZON-AES,AS14618,censys,EvilGinx,phishing] Outgoing HTTP Domain fonts.g-a.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fonts.g-a.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fonts\.g\-a\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 35.158.74.188 80 (msg: "MISP e26018 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 35.158.74.188|80"; classtype:trojan-activity; sid:37090641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 171.35.43.158 3333 (msg: "MISP e26018 [AS4837,censys,GoPhish,phishing] Outgoing To IP: 171.35.43.158|3333"; classtype:trojan-activity; sid:37090651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 51.75.194.165 3333 (msg: "MISP e26018 [AS16276,censys,GoPhish,OVH,phishing] Outgoing To IP: 51.75.194.165|3333"; classtype:trojan-activity; sid:37090661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 159.203.160.168 3333 (msg: "MISP e26018 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 159.203.160.168|3333"; classtype:trojan-activity; sid:37090671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 118.193.38.211 54322 (msg: "MISP e26018 [AS135377,censys,GoPhish,phishing] Outgoing To IP: 118.193.38.211|54322"; classtype:trojan-activity; sid:37090681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.65.82.134 443 (msg: "MISP e26018 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.65.82.134|443"; classtype:trojan-activity; sid:37090691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 138.68.141.212 10443 (msg: "MISP e26018 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 138.68.141.212|10443"; classtype:trojan-activity; sid:37090701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 170.64.155.70 3333 (msg: "MISP e26018 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 170.64.155.70|3333"; classtype:trojan-activity; sid:37090711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 2.50.137.183 995 (msg: "MISP e26018 [AS5384,c2,censys] Outgoing To IP: 2.50.137.183|995"; classtype:trojan-activity; sid:37090721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 109.234.35.82 $HTTP_PORTS (msg: "MISP e26388 [] Outgoing URL http|3a|//109.234.35.82/collector.php"; flow:to_server,established; http.header; content:"109.234.35.82"; fast_pattern; nocase; http.uri; content:"/collector.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37255701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert ip $HOME_NET any -> 2.50.137.183 995 (msg: "MISP e26223 [] Outgoing To IP: 2.50.137.183|995"; classtype:trojan-activity; sid:37218101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 170.64.155.70 3333 (msg: "MISP e26223 [] Outgoing To IP: 170.64.155.70|3333"; classtype:trojan-activity; sid:37218111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 138.68.141.212 10443 (msg: "MISP e26223 [] Outgoing To IP: 138.68.141.212|10443"; classtype:trojan-activity; sid:37218121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 3.65.82.134 443 (msg: "MISP e26223 [] Outgoing To IP: 3.65.82.134|443"; classtype:trojan-activity; sid:37218131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 118.193.38.211 54322 (msg: "MISP e26223 [] Outgoing To IP: 118.193.38.211|54322"; classtype:trojan-activity; sid:37218141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 159.203.160.168 3333 (msg: "MISP e26223 [] Outgoing To IP: 159.203.160.168|3333"; classtype:trojan-activity; sid:37218151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 51.75.194.165 3333 (msg: "MISP e26223 [] Outgoing To IP: 51.75.194.165|3333"; classtype:trojan-activity; sid:37218161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 171.35.43.158 3333 (msg: "MISP e26223 [] Outgoing To IP: 171.35.43.158|3333"; classtype:trojan-activity; sid:37218171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 35.158.74.188 80 (msg: "MISP e26223 [] Outgoing To IP: 35.158.74.188|80"; classtype:trojan-activity; sid:37218181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain fonts.g-a.fun"; dns.query; content:"fonts.g-a.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])fonts\.g\-a\.fun$/i"; classtype:trojan-activity; sid:37218191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain fonts.g-a.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fonts.g-a.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fonts\.g\-a\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37218192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain findajobforme.linkedin.loginfor.me"; dns.query; content:"findajobforme.linkedin.loginfor.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])findajobforme\.linkedin\.loginfor\.me$/i"; classtype:trojan-activity; sid:37218201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain findajobforme.linkedin.loginfor.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"findajobforme.linkedin.loginfor.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])findajobforme\.linkedin\.loginfor\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37218202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain ssl.g-a.fun"; dns.query; content:"ssl.g-a.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])ssl\.g\-a\.fun$/i"; classtype:trojan-activity; sid:37218211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain ssl.g-a.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ssl.g-a.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ssl\.g\-a\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37218212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain content.g-a.fun"; dns.query; content:"content.g-a.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])content\.g\-a\.fun$/i"; classtype:trojan-activity; sid:37218221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain content.g-a.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"content.g-a.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])content\.g\-a\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37218222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain clients5.g-a.fun"; dns.query; content:"clients5.g-a.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])clients5\.g\-a\.fun$/i"; classtype:trojan-activity; sid:37218231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain clients5.g-a.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clients5.g-a.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clients5\.g\-a\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37218232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain xenodochial-austin.142-11-199-59.plesk.page"; dns.query; content:"xenodochial-austin.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])xenodochial\-austin\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37218241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain xenodochial-austin.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xenodochial-austin.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xenodochial\-austin\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37218242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 178.79.138.91 443 (msg: "MISP e26223 [] Outgoing To IP: 178.79.138.91|443"; classtype:trojan-activity; sid:37218251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 121.127.252.248 60000 (msg: "MISP e26223 [] Outgoing To IP: 121.127.252.248|60000"; classtype:trojan-activity; sid:37218261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 149.104.27.224 60000 (msg: "MISP e26223 [] Outgoing To IP: 149.104.27.224|60000"; classtype:trojan-activity; sid:37218271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 103.16.224.239 443 (msg: "MISP e26223 [] Outgoing To IP: 103.16.224.239|443"; classtype:trojan-activity; sid:37218281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 51.77.121.144 443 (msg: "MISP e26223 [] Outgoing To IP: 51.77.121.144|443"; classtype:trojan-activity; sid:37218291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 37.221.92.58 80 (msg: "MISP e26223 [] Outgoing To IP: 37.221.92.58|80"; classtype:trojan-activity; sid:37218301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 146.19.191.178 80 (msg: "MISP e26223 [] Outgoing To IP: 146.19.191.178|80"; classtype:trojan-activity; sid:37218311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 20.151.153.84 80 (msg: "MISP e26223 [] Outgoing To IP: 20.151.153.84|80"; classtype:trojan-activity; sid:37218321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 164.215.103.171 80 (msg: "MISP e26223 [] Outgoing To IP: 164.215.103.171|80"; classtype:trojan-activity; sid:37218331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 134.255.254.225 5051 (msg: "MISP e26223 [] Outgoing To IP: 134.255.254.225|5051"; classtype:trojan-activity; sid:37218341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 194.48.251.10 4449 (msg: "MISP e26223 [] Outgoing To IP: 194.48.251.10|4449"; classtype:trojan-activity; sid:37218351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 194.48.251.120 4449 (msg: "MISP e26223 [] Outgoing To IP: 194.48.251.120|4449"; classtype:trojan-activity; sid:37218361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 194.48.251.189 4449 (msg: "MISP e26223 [] Outgoing To IP: 194.48.251.189|4449"; classtype:trojan-activity; sid:37218371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain vps-zap449572-1.zap-srv.com"; dns.query; content:"vps-zap449572-1.zap-srv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap449572\-1\.zap\-srv\.com$/i"; classtype:trojan-activity; sid:37218381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain vps-zap449572-1.zap-srv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vps-zap449572-1.zap-srv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap449572\-1\.zap\-srv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37218382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 154.61.74.84 4782 (msg: "MISP e26223 [] Outgoing To IP: 154.61.74.84|4782"; classtype:trojan-activity; sid:37218391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 181.161.3.29 8080 (msg: "MISP e26223 [] Outgoing To IP: 181.161.3.29|8080"; classtype:trojan-activity; sid:37218401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 114.104.183.54 4782 (msg: "MISP e26223 [] Outgoing To IP: 114.104.183.54|4782"; classtype:trojan-activity; sid:37218411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 194.147.140.234 82 (msg: "MISP e26223 [] Outgoing To IP: 194.147.140.234|82"; classtype:trojan-activity; sid:37218421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.78.76.85 443 (msg: "MISP e26223 [] Outgoing To IP: 185.78.76.85|443"; classtype:trojan-activity; sid:37218431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 62.109.6.164 80 (msg: "MISP e26223 [] Outgoing To IP: 62.109.6.164|80"; classtype:trojan-activity; sid:37218441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain photopoiskvk.pro"; dns.query; content:"photopoiskvk.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-])photopoiskvk\.pro$/i"; classtype:trojan-activity; sid:37218451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain photopoiskvk.pro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"photopoiskvk.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])photopoiskvk\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37218452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 3.79.194.172 443 (msg: "MISP e26223 [] Outgoing To IP: 3.79.194.172|443"; classtype:trojan-activity; sid:37218461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 191.7.32.19 80 (msg: "MISP e26223 [] Outgoing To IP: 191.7.32.19|80"; classtype:trojan-activity; sid:37218471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 93.123.39.192 50555 (msg: "MISP e26223 [] Outgoing To IP: 93.123.39.192|50555"; classtype:trojan-activity; sid:37218481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 94.156.69.93 80 (msg: "MISP e26223 [] Outgoing To IP: 94.156.69.93|80"; classtype:trojan-activity; sid:37218491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 194.26.192.66 80 (msg: "MISP e26223 [] Outgoing To IP: 194.26.192.66|80"; classtype:trojan-activity; sid:37218501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 94.177.106.44 80 (msg: "MISP e26223 [] Outgoing To IP: 94.177.106.44|80"; classtype:trojan-activity; sid:37218511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 164.92.189.59 443 (msg: "MISP e26223 [] Outgoing To IP: 164.92.189.59|443"; classtype:trojan-activity; sid:37218521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 80.90.179.251 7443 (msg: "MISP e26223 [] Outgoing To IP: 80.90.179.251|7443"; classtype:trojan-activity; sid:37218531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.81.157.179 8808 (msg: "MISP e26223 [] Outgoing To IP: 185.81.157.179|8808"; classtype:trojan-activity; sid:37218541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.24.66.48 9999 (msg: "MISP e26223 [] Outgoing To IP: 187.24.66.48|9999"; classtype:trojan-activity; sid:37218551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 181.235.80.187 2404 (msg: "MISP e26223 [] Outgoing To IP: 181.235.80.187|2404"; classtype:trojan-activity; sid:37218561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 181.235.80.187 8888 (msg: "MISP e26223 [] Outgoing To IP: 181.235.80.187|8888"; classtype:trojan-activity; sid:37218571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 154.16.67.94 8088 (msg: "MISP e26223 [] Outgoing To IP: 154.16.67.94|8088"; classtype:trojan-activity; sid:37218581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 46.246.82.3 2000 (msg: "MISP e26223 [] Outgoing To IP: 46.246.82.3|2000"; classtype:trojan-activity; sid:37218591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 93.242.137.1 51124 (msg: "MISP e26223 [] Outgoing To IP: 93.242.137.1|51124"; classtype:trojan-activity; sid:37218601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 154.212.145.72 8008 (msg: "MISP e26223 [] Outgoing To IP: 154.212.145.72|8008"; classtype:trojan-activity; sid:37218611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 2004 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|2004"; classtype:trojan-activity; sid:37218621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 2052 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|2052"; classtype:trojan-activity; sid:37218631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 2000 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|2000"; classtype:trojan-activity; sid:37218641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 1723 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|1723"; classtype:trojan-activity; sid:37218651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 1883 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|1883"; classtype:trojan-activity; sid:37218661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 2281 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|2281"; classtype:trojan-activity; sid:37218671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 2083 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|2083"; classtype:trojan-activity; sid:37218681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 2181 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|2181"; classtype:trojan-activity; sid:37218691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 2082 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|2082"; classtype:trojan-activity; sid:37218701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 1801 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|1801"; classtype:trojan-activity; sid:37218711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 2053 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|2053"; classtype:trojan-activity; sid:37218721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 1756 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|1756"; classtype:trojan-activity; sid:37218731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 2086 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|2086"; classtype:trojan-activity; sid:37218741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 2077 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|2077"; classtype:trojan-activity; sid:37218751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 2080 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|2080"; classtype:trojan-activity; sid:37218761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 187.135.146.194 1911 (msg: "MISP e26223 [] Outgoing To IP: 187.135.146.194|1911"; classtype:trojan-activity; sid:37218771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 116.212.120.32 80 (msg: "MISP e26223 [] Outgoing To IP: 116.212.120.32|80"; classtype:trojan-activity; sid:37218781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 116.212.120.32 443 (msg: "MISP e26223 [] Outgoing To IP: 116.212.120.32|443"; classtype:trojan-activity; sid:37218791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 196.235.104.22 8080 (msg: "MISP e26223 [] Outgoing To IP: 196.235.104.22|8080"; classtype:trojan-activity; sid:37218801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 43.128.85.89 8011 (msg: "MISP e26223 [] Outgoing To IP: 43.128.85.89|8011"; classtype:trojan-activity; sid:37218811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 43.228.89.247 443 (msg: "MISP e26223 [] Outgoing To IP: 43.228.89.247|443"; classtype:trojan-activity; sid:37218821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 43.228.89.247 80 (msg: "MISP e26223 [] Outgoing To IP: 43.228.89.247|80"; classtype:trojan-activity; sid:37218831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 205.234.233.180 2082 (msg: "MISP e26223 [] Outgoing To IP: 205.234.233.180|2082"; classtype:trojan-activity; sid:37218841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 43.228.89.246 80 (msg: "MISP e26223 [] Outgoing To IP: 43.228.89.246|80"; classtype:trojan-activity; sid:37218851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 43.228.89.246 443 (msg: "MISP e26223 [] Outgoing To IP: 43.228.89.246|443"; classtype:trojan-activity; sid:37218861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 43.228.89.248 443 (msg: "MISP e26223 [] Outgoing To IP: 43.228.89.248|443"; classtype:trojan-activity; sid:37218871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 43.228.89.248 80 (msg: "MISP e26223 [] Outgoing To IP: 43.228.89.248|80"; classtype:trojan-activity; sid:37218881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 120.48.96.69 9001 (msg: "MISP e26223 [] Outgoing To IP: 120.48.96.69|9001"; classtype:trojan-activity; sid:37218891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 65.20.81.7 8080 (msg: "MISP e26223 [] Outgoing To IP: 65.20.81.7|8080"; classtype:trojan-activity; sid:37218901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 94.156.69.169 2000 (msg: "MISP e26223 [] Outgoing To IP: 94.156.69.169|2000"; classtype:trojan-activity; sid:37218911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 115.126.107.244 443 (msg: "MISP e26223 [] Outgoing To IP: 115.126.107.244|443"; classtype:trojan-activity; sid:37218921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 101.201.46.105 1234 (msg: "MISP e26223 [] Outgoing To IP: 101.201.46.105|1234"; classtype:trojan-activity; sid:37218931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 115.126.107.244 80 (msg: "MISP e26223 [] Outgoing To IP: 115.126.107.244|80"; classtype:trojan-activity; sid:37218941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 43.228.89.245 443 (msg: "MISP e26223 [] Outgoing To IP: 43.228.89.245|443"; classtype:trojan-activity; sid:37218951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 43.228.89.245 80 (msg: "MISP e26223 [] Outgoing To IP: 43.228.89.245|80"; classtype:trojan-activity; sid:37218961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 8.137.50.92 443 (msg: "MISP e26223 [] Outgoing To IP: 8.137.50.92|443"; classtype:trojan-activity; sid:37218971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 79.132.140.216 80 (msg: "MISP e26223 [] Outgoing To IP: 79.132.140.216|80"; classtype:trojan-activity; sid:37218981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 81.56.212.102 49443 (msg: "MISP e26223 [] Outgoing To IP: 81.56.212.102|49443"; classtype:trojan-activity; sid:37218991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 103.228.108.247 443 (msg: "MISP e26223 [] Outgoing To IP: 103.228.108.247|443"; classtype:trojan-activity; sid:37219001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 47.98.178.246 4567 (msg: "MISP e26223 [] Outgoing To IP: 47.98.178.246|4567"; classtype:trojan-activity; sid:37219011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 103.228.108.247 80 (msg: "MISP e26223 [] Outgoing To IP: 103.228.108.247|80"; classtype:trojan-activity; sid:37219021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 163.53.216.157 443 (msg: "MISP e26223 [] Outgoing To IP: 163.53.216.157|443"; classtype:trojan-activity; sid:37219031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 163.53.216.157 80 (msg: "MISP e26223 [] Outgoing To IP: 163.53.216.157|80"; classtype:trojan-activity; sid:37219041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 213.109.202.222 80 (msg: "MISP e26223 [] Outgoing To IP: 213.109.202.222|80"; classtype:trojan-activity; sid:37219051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain gifted-khayyam.104-168-102-175.plesk.page"; dns.query; content:"gifted-khayyam.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])gifted\-khayyam\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37219061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain gifted-khayyam.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gifted-khayyam.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gifted\-khayyam\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain pensive-brattain.104-168-102-175.plesk.page"; dns.query; content:"pensive-brattain.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])pensive\-brattain\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37219071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain pensive-brattain.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pensive-brattain.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pensive\-brattain\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 49.232.220.17 7000 (msg: "MISP e26223 [] Outgoing To IP: 49.232.220.17|7000"; classtype:trojan-activity; sid:37219081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain lucid-albattani.104-168-102-175.plesk.page"; dns.query; content:"lucid-albattani.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])lucid\-albattani\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37219091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain lucid-albattani.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lucid-albattani.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lucid\-albattani\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain bold-clarke.104-168-102-175.plesk.page"; dns.query; content:"bold-clarke.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])bold\-clarke\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37219101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain bold-clarke.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bold-clarke.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bold\-clarke\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain www.priceless-bose.104-168-102-175.plesk.page"; dns.query; content:"www.priceless-bose.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.priceless\-bose\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37219111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain www.priceless-bose.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.priceless-bose.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.priceless\-bose\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 8.130.79.120 8003 (msg: "MISP e26018 [c2,cobalt_strike] Outgoing To IP: 8.130.79.120|8003"; classtype:trojan-activity; sid:37090731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e25997 [] Domain estado-app.pages.dev"; dns.query; content:"estado-app.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-app\.pages\.dev$/i"; classtype:trojan-activity; sid:37079641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25997;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25997 [] Outgoing HTTP Domain estado-app.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado-app.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-app\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37079642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25997;) alert dns any any -> any any (msg: "MISP e25847 [] Domain gsmedi.com"; dns.query; content:"gsmedi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gsmedi\.com$/i"; classtype:trojan-activity; sid:37253181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25847 [] Outgoing HTTP Domain gsmedi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gsmedi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gsmedi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert ip $HOME_NET any -> 8.130.79.120 8003 (msg: "MISP e26223 [] Outgoing To IP: 8.130.79.120|8003"; classtype:trojan-activity; sid:37219121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 45.142.182.104 15352 (msg: "MISP e26018 [RedLineStealer] Outgoing To IP: 45.142.182.104|15352"; classtype:trojan-activity; sid:37090741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 116.203.180.34 $HTTP_PORTS (msg: "MISP e26388 [] Outgoing URL http|3a|//116.203.180.34/"; flow:to_server,established; http.header; content:"116.203.180.34"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37255781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert ip $HOME_NET any -> 45.142.182.104 15352 (msg: "MISP e26223 [] Outgoing To IP: 45.142.182.104|15352"; classtype:trojan-activity; sid:37219131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain xmail.cfd"; dns.query; content:"xmail.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])xmail\.cfd$/i"; classtype:trojan-activity; sid:37219141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain xmail.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xmail.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xmail\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 8675345687776b987779.from-al.com"; dns.query; content:"8675345687776b987779.from-al.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])8675345687776b987779\.from\-al\.com$/i"; classtype:trojan-activity; sid:37115461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 8675345687776b987779.from-al.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"8675345687776b987779.from-al.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])8675345687776b987779\.from\-al\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115462; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 193.42.32.99 $HTTP_PORTS (msg: "MISP e26388 [] Outgoing URL http|3a|//193.42.32.99/"; flow:to_server,established; http.header; content:"193.42.32.99"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37255941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert dns any any -> any any (msg: "MISP e24600 [] Domain luxtrust-unlock.com"; dns.query; content:"luxtrust-unlock.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])luxtrust\-unlock\.com$/i"; classtype:trojan-activity; sid:37115501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain luxtrust-unlock.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luxtrust-unlock.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luxtrust\-unlock\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115502; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 5.75.177.20 $HTTP_PORTS (msg: "MISP e26388 [] Outgoing URL http|3a|//5.75.177.20/"; flow:to_server,established; http.header; content:"5.75.177.20"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37256021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert ip $HOME_NET any -> 69.46.15.167 2220 (msg: "MISP e26388 [c2] Outgoing To IP: 69.46.15.167|2220"; classtype:trojan-activity; sid:37256251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert ip $HOME_NET any -> 46.149.79.55 24264 (msg: "MISP e26388 [] Outgoing To IP: 46.149.79.55|24264"; classtype:trojan-activity; sid:37256401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert dns any any -> any any (msg: "MISP e25847 [] Domain diplomatie.ht"; dns.query; content:"diplomatie.ht"; nocase; pcre: "/(^|[^A-Za-z0-9-])diplomatie\.ht$/i"; classtype:trojan-activity; sid:37253191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e25847 [] Outgoing HTTP Domain diplomatie.ht"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"diplomatie.ht"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])diplomatie\.ht[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/25847;) alert http $HOME_NET any -> 91.212.166.95 $HTTP_PORTS (msg: "MISP e26388 [] Outgoing URL http|3a|//91.212.166.95/"; flow:to_server,established; http.header; content:"91.212.166.95"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37256101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26388;) alert ip $HOME_NET any -> 116.202.3.242 443 (msg: "MISP e26018 [Vidar] Outgoing To IP: 116.202.3.242|443"; classtype:trojan-activity; sid:37090751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 116.202.3.242 443 (msg: "MISP e26223 [] Outgoing To IP: 116.202.3.242|443"; classtype:trojan-activity; sid:37219161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26007 [] Outgoing URL http|3a|//dev-bcram.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-bcram.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37087531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26007;) alert dns any any -> any any (msg: "MISP e26007 [] Domain dev-bcram.pantheonsite.io"; dns.query; content:"dev-bcram.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-bcram\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37087571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26007 [] Outgoing HTTP Domain dev-bcram.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-bcram.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-bcram\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26007;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [Pony] Outgoing URL http|3a|//6.magicalomaha.co/ponyd/gate.php"; flow:to_server,established; http.header; content:"6.magicalomaha.co"; fast_pattern; nocase; http.uri; content:"/ponyd/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37090771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//6.magicalomaha.co/ponyd/gate.php"; flow:to_server,established; http.header; content:"6.magicalomaha.co"; fast_pattern; nocase; http.uri; content:"/ponyd/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 185.16.39.248 $HTTP_PORTS (msg: "MISP e26018 [dcrat] Outgoing URL http|3a|//185.16.39.248/better/multi2eternalrequest/6/mariadbuniversalmariadbexternal/tempdatalife/024update/auth/downloadsflower5downloads/dle/4temporarysql/apicpu53/wordpressdownloads.php"; flow:to_server,established; http.header; content:"185.16.39.248"; fast_pattern; nocase; http.uri; content:"/better/multi2eternalrequest/6/mariadbuniversalmariadbexternal/tempdatalife/024update/auth/downloadsflower5downloads/dle/4temporarysql/apicpu53/wordpressdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37090781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 185.16.39.248 $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//185.16.39.248/Better/Multi2eternalRequest/6/MariadbUniversalMariadbExternal/TempDatalife/024update/Auth/DownloadsFlower5Downloads/dle/4Temporarysql/ApiCpu53/wordpressdownloads.php"; flow:to_server,established; http.header; content:"185.16.39.248"; fast_pattern; nocase; http.uri; content:"/Better/Multi2eternalRequest/6/MariadbUniversalMariadbExternal/TempDatalife/024update/Auth/DownloadsFlower5Downloads/dle/4Temporarysql/ApiCpu53/wordpressdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26109 [] Domain vmi.lt-dekleracija-e.net"; dns.query; content:"vmi.lt-dekleracija-e.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net$/i"; classtype:trojan-activity; sid:37129691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26109;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26109 [] Outgoing HTTP Domain vmi.lt-dekleracija-e.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija-e.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26109;) alert dns any any -> any any (msg: "MISP e26108 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37129661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26108;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26108 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26108;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [Pony] Outgoing URL http|3a|//siteseoguide.com/ponyb/gate.php"; flow:to_server,established; http.header; content:"siteseoguide.com"; fast_pattern; nocase; http.uri; content:"/ponyb/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37090791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26112 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37129781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26112;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26112 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26112;) alert dns any any -> any any (msg: "MISP e26113 [] Domain vmi.lt-dekleracija-e.net"; dns.query; content:"vmi.lt-dekleracija-e.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net$/i"; classtype:trojan-activity; sid:37129811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26113;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26113 [] Outgoing HTTP Domain vmi.lt-dekleracija-e.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija-e.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26113;) alert dns any any -> any any (msg: "MISP e26114 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37129841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26114;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26114 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26114;) alert dns any any -> any any (msg: "MISP e26111 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37129751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26111;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26111 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26111;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//siteseoguide.com/ponyb/gate.php"; flow:to_server,established; http.header; content:"siteseoguide.com"; fast_pattern; nocase; http.uri; content:"/ponyb/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26110 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37129721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26110;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26110 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26110;) alert dns any any -> any any (msg: "MISP e26008 [] Domain express-estado.pages.dev"; dns.query; content:"express-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])express\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37087651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26008;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26008 [] Outgoing HTTP Domain express-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"express-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])express\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26008;) alert dns any any -> any any (msg: "MISP e26018 [CobaltStrike,ColoCrossing,cs-watermark-987654321] Domain www.fucksec.buzz"; dns.query; content:"www.fucksec.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fucksec\.buzz$/i"; classtype:trojan-activity; sid:37090811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [CobaltStrike,ColoCrossing,cs-watermark-987654321] Outgoing HTTP Domain www.fucksec.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.fucksec.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fucksec\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 107.174.253.49 8443 (msg: "MISP e26018 [CobaltStrike,ColoCrossing,cs-watermark-987654321] Outgoing To IP: 107.174.253.49|8443"; classtype:trojan-activity; sid:37090821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 107.174.253.49 $HTTP_PORTS (msg: "MISP e26018 [CobaltStrike,ColoCrossing,cs-watermark-987654321] Outgoing URL http|3a|//107.174.253.49/api/3"; flow:to_server,established; http.header; content:"107.174.253.49"; fast_pattern; nocase; http.uri; content:"/api/3"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37090831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 158.220.80.167 2967 (msg: "MISP e26018 [] Outgoing To IP: 158.220.80.167|2967"; classtype:trojan-activity; sid:37090841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 158.220.80.167 2967 (msg: "MISP e26223 [] Outgoing To IP: 158.220.80.167|2967"; classtype:trojan-activity; sid:37219201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 107.174.253.49 $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//107.174.253.49/api/3"; flow:to_server,established; http.header; content:"107.174.253.49"; fast_pattern; nocase; http.uri; content:"/api/3"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 107.174.253.49 8443 (msg: "MISP e26223 [] Outgoing To IP: 107.174.253.49|8443"; classtype:trojan-activity; sid:37219221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain www.fucksec.buzz"; dns.query; content:"www.fucksec.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fucksec\.buzz$/i"; classtype:trojan-activity; sid:37219241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain www.fucksec.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.fucksec.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fucksec\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain alma27.duckdns.org"; dns.query; content:"alma27.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])alma27\.duckdns\.org$/i"; classtype:trojan-activity; sid:37219251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain alma27.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"alma27.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])alma27\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 54.224.134.117 443 (msg: "MISP e26018 [c2,cobalt_strike] Outgoing To IP: 54.224.134.117|443"; classtype:trojan-activity; sid:37090851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 192.3.179.145 $HTTP_PORTS (msg: "MISP e26047 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//192.3.179.145/T0802F/wininit.exe"; flow:to_server,established; http.header; content:"192.3.179.145"; fast_pattern; nocase; http.uri; content:"/T0802F/wininit.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37106151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26047;) alert ip $HOME_NET any -> 54.224.134.117 443 (msg: "MISP e26223 [] Outgoing To IP: 54.224.134.117|443"; classtype:trojan-activity; sid:37219261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 79.137.203.183 36235 (msg: "MISP e26223 [] Outgoing To IP: 79.137.203.183|36235"; classtype:trojan-activity; sid:37219271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 45.95.146.22 42421 (msg: "MISP e26018 [Mirai] Outgoing To IP: 45.95.146.22|42421"; classtype:trojan-activity; sid:37090871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 45.95.146.22 9931 (msg: "MISP e26018 [Mirai] Outgoing To IP: 45.95.146.22|9931"; classtype:trojan-activity; sid:37090881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26218 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37216861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26218;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26218 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26218;) alert dns any any -> any any (msg: "MISP e26224 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37220041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26224;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26224 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37220042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26224;) alert ip $HOME_NET any -> 45.95.146.22 9931 (msg: "MISP e26223 [] Outgoing To IP: 45.95.146.22|9931"; classtype:trojan-activity; sid:37219291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 45.95.146.22 42421 (msg: "MISP e26223 [] Outgoing To IP: 45.95.146.22|42421"; classtype:trojan-activity; sid:37219301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26229 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37224381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26229;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26229 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37224382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26229;) alert dns any any -> any any (msg: "MISP e26220 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37216921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26220;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26220 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26220;) alert dns any any -> any any (msg: "MISP e26009 [] Domain looksoportelinea.com"; dns.query; content:"looksoportelinea.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])looksoportelinea\.com$/i"; classtype:trojan-activity; sid:37087751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26009;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26009 [] Outgoing HTTP Domain looksoportelinea.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"looksoportelinea.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])looksoportelinea\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26009;) alert dns any any -> any any (msg: "MISP e26219 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37216891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26219;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26219 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26219;) alert dns any any -> any any (msg: "MISP e26215 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37216771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26215;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26215 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26215;) alert dns any any -> any any (msg: "MISP e26221 [] Domain vmi.lt-dekleracija.net"; dns.query; content:"vmi.lt-dekleracija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net$/i"; classtype:trojan-activity; sid:37216951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26221;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26221 [] Outgoing HTTP Domain vmi.lt-dekleracija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26221;) alert ip $HOME_NET any -> 45.93.20.76 7443 (msg: "MISP e26018 [CHANGWAY-AS,Covenant] Outgoing To IP: 45.93.20.76|7443"; classtype:trojan-activity; sid:37090891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 37.152.191.55 7777 (msg: "MISP e26018 [ABRARVAN-AS AbrArvan CDN and IaaS,Deimos] Outgoing To IP: 37.152.191.55|7777"; classtype:trojan-activity; sid:37090961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 49.13.149.129 80 (msg: "MISP e26018 [Havoc,HETZNER-AS] Outgoing To IP: 49.13.149.129|80"; classtype:trojan-activity; sid:37090971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.62.57.11 443 (msg: "MISP e26018 [Responder,SNEL] Outgoing To IP: 185.62.57.11|443"; classtype:trojan-activity; sid:37090981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 32.143.50.222 445 (msg: "MISP e26018 [ATT-INTERNET4,Responder] Outgoing To IP: 32.143.50.222|445"; classtype:trojan-activity; sid:37090991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 78.45.49.197 445 (msg: "MISP e26018 [Responder,VODAFONE-CZ-AS] Outgoing To IP: 78.45.49.197|445"; classtype:trojan-activity; sid:37091001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 40.113.39.99 445 (msg: "MISP e26018 [MICROSOFT-CORP-MSN-AS-BLOCK,Responder] Outgoing To IP: 40.113.39.99|445"; classtype:trojan-activity; sid:37091011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 46.19.67.107 445 (msg: "MISP e26018 [Responder,TIMEWEB-AS] Outgoing To IP: 46.19.67.107|445"; classtype:trojan-activity; sid:37091021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 86.194.132.111 2222 (msg: "MISP e26018 [France Telecom - Orange,QakBot] Outgoing To IP: 86.194.132.111|2222"; classtype:trojan-activity; sid:37091031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 45.243.131.12 995 (msg: "MISP e26018 [LINKdotNET-AS,QakBot] Outgoing To IP: 45.243.131.12|995"; classtype:trojan-activity; sid:37091041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 69.58.144.52 2078 (msg: "MISP e26018 [BEC-FIBER,QakBot] Outgoing To IP: 69.58.144.52|2078"; classtype:trojan-activity; sid:37091051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 121.121.101.33 995 (msg: "MISP e26018 [MAXIS-AS1-AP Binariang Berhad,QakBot] Outgoing To IP: 121.121.101.33|995"; classtype:trojan-activity; sid:37091061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 41.99.49.71 443 (msg: "MISP e26018 [ALGTEL-AS,QakBot] Outgoing To IP: 41.99.49.71|443"; classtype:trojan-activity; sid:37091071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 85.239.243.155 5000 (msg: "MISP e26018 [NL-811-40021,Pikabot] Outgoing To IP: 85.239.243.155|5000"; classtype:trojan-activity; sid:37091081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 85.239.243.155 5000 (msg: "MISP e26223 [] Outgoing To IP: 85.239.243.155|5000"; classtype:trojan-activity; sid:37219311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 41.99.49.71 443 (msg: "MISP e26223 [] Outgoing To IP: 41.99.49.71|443"; classtype:trojan-activity; sid:37219321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 121.121.101.33 995 (msg: "MISP e26223 [] Outgoing To IP: 121.121.101.33|995"; classtype:trojan-activity; sid:37219331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 69.58.144.52 2078 (msg: "MISP e26223 [] Outgoing To IP: 69.58.144.52|2078"; classtype:trojan-activity; sid:37219341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 45.243.131.12 995 (msg: "MISP e26223 [] Outgoing To IP: 45.243.131.12|995"; classtype:trojan-activity; sid:37219351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 86.194.132.111 2222 (msg: "MISP e26223 [] Outgoing To IP: 86.194.132.111|2222"; classtype:trojan-activity; sid:37219361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 46.19.67.107 445 (msg: "MISP e26223 [] Outgoing To IP: 46.19.67.107|445"; classtype:trojan-activity; sid:37219371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 40.113.39.99 445 (msg: "MISP e26223 [] Outgoing To IP: 40.113.39.99|445"; classtype:trojan-activity; sid:37219381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 78.45.49.197 445 (msg: "MISP e26223 [] Outgoing To IP: 78.45.49.197|445"; classtype:trojan-activity; sid:37219391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 32.143.50.222 445 (msg: "MISP e26223 [] Outgoing To IP: 32.143.50.222|445"; classtype:trojan-activity; sid:37219401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.62.57.11 443 (msg: "MISP e26223 [] Outgoing To IP: 185.62.57.11|443"; classtype:trojan-activity; sid:37219411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 49.13.149.129 80 (msg: "MISP e26223 [] Outgoing To IP: 49.13.149.129|80"; classtype:trojan-activity; sid:37219421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 37.152.191.55 7777 (msg: "MISP e26223 [] Outgoing To IP: 37.152.191.55|7777"; classtype:trojan-activity; sid:37219431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain keywordslive.com"; dns.query; content:"keywordslive.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])keywordslive\.com$/i"; classtype:trojan-activity; sid:37219441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain keywordslive.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"keywordslive.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])keywordslive\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain gardenplaid.com"; dns.query; content:"gardenplaid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gardenplaid\.com$/i"; classtype:trojan-activity; sid:37219451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain gardenplaid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gardenplaid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gardenplaid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain gibbselectrics.com"; dns.query; content:"gibbselectrics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gibbselectrics\.com$/i"; classtype:trojan-activity; sid:37219461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain gibbselectrics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gibbselectrics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gibbselectrics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain gloverstech.com"; dns.query; content:"gloverstech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gloverstech\.com$/i"; classtype:trojan-activity; sid:37219471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain gloverstech.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gloverstech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gloverstech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain investechnical.com"; dns.query; content:"investechnical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])investechnical\.com$/i"; classtype:trojan-activity; sid:37219481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain investechnical.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"investechnical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])investechnical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain brookselectrics.com"; dns.query; content:"brookselectrics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])brookselectrics\.com$/i"; classtype:trojan-activity; sid:37219491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain brookselectrics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brookselectrics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brookselectrics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 45.93.20.76 7443 (msg: "MISP e26223 [] Outgoing To IP: 45.93.20.76|7443"; classtype:trojan-activity; sid:37219501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26018 [] Domain brookselectrics.com"; dns.query; content:"brookselectrics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])brookselectrics\.com$/i"; classtype:trojan-activity; sid:37090951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [] Outgoing HTTP Domain brookselectrics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brookselectrics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brookselectrics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [] Domain investechnical.com"; dns.query; content:"investechnical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])investechnical\.com$/i"; classtype:trojan-activity; sid:37090941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [] Outgoing HTTP Domain investechnical.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"investechnical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])investechnical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [] Domain gibbselectrics.com"; dns.query; content:"gibbselectrics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gibbselectrics\.com$/i"; classtype:trojan-activity; sid:37090921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [] Outgoing HTTP Domain gibbselectrics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gibbselectrics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gibbselectrics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [] Domain gloverstech.com"; dns.query; content:"gloverstech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gloverstech\.com$/i"; classtype:trojan-activity; sid:37090931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [] Outgoing HTTP Domain gloverstech.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gloverstech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gloverstech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [] Domain keywordslive.com"; dns.query; content:"keywordslive.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])keywordslive\.com$/i"; classtype:trojan-activity; sid:37090901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [] Outgoing HTTP Domain keywordslive.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"keywordslive.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])keywordslive\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [] Domain gardenplaid.com"; dns.query; content:"gardenplaid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gardenplaid\.com$/i"; classtype:trojan-activity; sid:37090911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [] Outgoing HTTP Domain gardenplaid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gardenplaid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gardenplaid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37090912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//go-piratia.ru/tmp/index.php"; flow:to_server,established; http.header; content:"go-piratia.ru"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//tradein-myus.com/index.php"; flow:to_server,established; http.header; content:"tradein-myus.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//trade-inmyus.com/index.php"; flow:to_server,established; http.header; content:"trade-inmyus.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//trad-einmyus.com/index.php"; flow:to_server,established; http.header; content:"trad-einmyus.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//piratia.pw/tmp/index.php"; flow:to_server,established; http.header; content:"piratia.pw"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//mth.com.ua/tmp/index.php"; flow:to_server,established; http.header; content:"mth.com.ua"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//sjyey.com/tmp/index.php"; flow:to_server,established; http.header; content:"sjyey.com"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//babonwo.ru/tmp/index.php"; flow:to_server,established; http.header; content:"babonwo.ru"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//goodfooggooftool.net/index.php"; flow:to_server,established; http.header; content:"goodfooggooftool.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//sulugilioiu19.net/index.php"; flow:to_server,established; http.header; content:"sulugilioiu19.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//cassiosssionunu.me/index.php"; flow:to_server,established; http.header; content:"cassiosssionunu.me"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//buriatiarutuhuob.net/index.php"; flow:to_server,established; http.header; content:"buriatiarutuhuob.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//vacantion18ffeu.cc/index.php"; flow:to_server,established; http.header; content:"vacantion18ffeu.cc"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//valarioulinity1.net/index.php"; flow:to_server,established; http.header; content:"valarioulinity1.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//selebration17io.io/index.php"; flow:to_server,established; http.header; content:"selebration17io.io"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 193.233.132.73 $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//193.233.132.73/gjvjlS3jd2V/Login.php"; flow:to_server,established; http.header; content:"193.233.132.73"; fast_pattern; nocase; http.uri; content:"/gjvjlS3jd2V/Login.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [ArkeiStealer] Outgoing URL http|3a|//couriercare.in/9/gate.php"; flow:to_server,established; http.header; content:"couriercare.in"; fast_pattern; nocase; http.uri; content:"/9/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37091091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26010 [] Domain express-estado.pages.dev"; dns.query; content:"express-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])express\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37087831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26010 [] Outgoing HTTP Domain express-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"express-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])express\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26010;) alert dns any any -> any any (msg: "MISP e26223 [] Domain microbanafler.com"; dns.query; content:"microbanafler.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])microbanafler\.com$/i"; classtype:trojan-activity; sid:37219671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain microbanafler.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"microbanafler.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])microbanafler\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//couriercare.in/9/gate.php"; flow:to_server,established; http.header; content:"couriercare.in"; fast_pattern; nocase; http.uri; content:"/9/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 139.84.237.229 2967 (msg: "MISP e26018 [] Outgoing To IP: 139.84.237.229|2967"; classtype:trojan-activity; sid:37091101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 104.129.55.104 2223 (msg: "MISP e26018 [] Outgoing To IP: 104.129.55.104|2223"; classtype:trojan-activity; sid:37091111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 37.60.242.85 9785 (msg: "MISP e26018 [] Outgoing To IP: 37.60.242.85|9785"; classtype:trojan-activity; sid:37091121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 95.179.191.137 5938 (msg: "MISP e26018 [] Outgoing To IP: 95.179.191.137|5938"; classtype:trojan-activity; sid:37091131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 65.20.66.218 5938 (msg: "MISP e26018 [] Outgoing To IP: 65.20.66.218|5938"; classtype:trojan-activity; sid:37091141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 158.220.80.157 9785 (msg: "MISP e26018 [] Outgoing To IP: 158.220.80.157|9785"; classtype:trojan-activity; sid:37091151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 104.129.55.103 2224 (msg: "MISP e26018 [] Outgoing To IP: 104.129.55.103|2224"; classtype:trojan-activity; sid:37091161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26011 [] Domain estado-cuentarut.pages.dev"; dns.query; content:"estado-cuentarut.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-cuentarut\.pages\.dev$/i"; classtype:trojan-activity; sid:37087911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26011;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26011 [] Outgoing HTTP Domain estado-cuentarut.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado-cuentarut.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\-cuentarut\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37087912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26011;) alert ip $HOME_NET any -> 139.84.237.229 2967 (msg: "MISP e26223 [] Outgoing To IP: 139.84.237.229|2967"; classtype:trojan-activity; sid:37219691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 104.129.55.104 2223 (msg: "MISP e26223 [] Outgoing To IP: 104.129.55.104|2223"; classtype:trojan-activity; sid:37219701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 37.60.242.85 9785 (msg: "MISP e26223 [] Outgoing To IP: 37.60.242.85|9785"; classtype:trojan-activity; sid:37219711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 95.179.191.137 5938 (msg: "MISP e26223 [] Outgoing To IP: 95.179.191.137|5938"; classtype:trojan-activity; sid:37219721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 65.20.66.218 5938 (msg: "MISP e26223 [] Outgoing To IP: 65.20.66.218|5938"; classtype:trojan-activity; sid:37219731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 158.220.80.157 9785 (msg: "MISP e26223 [] Outgoing To IP: 158.220.80.157|9785"; classtype:trojan-activity; sid:37219741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 104.129.55.103 2224 (msg: "MISP e26223 [] Outgoing To IP: 104.129.55.103|2224"; classtype:trojan-activity; sid:37219751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 18.118.35.133 80 (msg: "MISP e26018 [c2,cobalt_strike] Outgoing To IP: 18.118.35.133|80"; classtype:trojan-activity; sid:37091171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 185.196.9.234 8443 (msg: "MISP e26018 [c2,cobalt_strike] Outgoing To IP: 185.196.9.234|8443"; classtype:trojan-activity; sid:37091181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 147.185.221.18 5204 (msg: "MISP e26223 [] Outgoing To IP: 147.185.221.18|5204"; classtype:trojan-activity; sid:37219761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain 18.ip.gl.ply.gg"; dns.query; content:"18.ip.gl.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])18\.ip\.gl\.ply\.gg$/i"; classtype:trojan-activity; sid:37219771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain 18.ip.gl.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"18.ip.gl.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])18\.ip\.gl\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 18.118.35.133 80 (msg: "MISP e26223 [] Outgoing To IP: 18.118.35.133|80"; classtype:trojan-activity; sid:37219781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 91.92.246.148 3362 (msg: "MISP e26223 [] Outgoing To IP: 91.92.246.148|3362"; classtype:trojan-activity; sid:37219791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 185.196.9.234 8443 (msg: "MISP e26223 [] Outgoing To IP: 185.196.9.234|8443"; classtype:trojan-activity; sid:37219801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//msupdate.brazilsouth.cloudapp.azure.com/download/"; flow:to_server,established; http.header; content:"msupdate.brazilsouth.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37091191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Domain msupdate.brazilsouth.cloudapp.azure.com"; dns.query; content:"msupdate.brazilsouth.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])msupdate\.brazilsouth\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37091201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain msupdate.brazilsouth.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"msupdate.brazilsouth.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])msupdate\.brazilsouth\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37091202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//msdn1357.centralus.cloudapp.azure.com/download/"; flow:to_server,established; http.header; content:"msdn1357.centralus.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37091211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Domain msdn1357.centralus.cloudapp.azure.com"; dns.query; content:"msdn1357.centralus.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])msdn1357\.centralus\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37091221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain msdn1357.centralus.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"msdn1357.centralus.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])msdn1357\.centralus\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37091222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//update37.eastus.cloudapp.azure.com/download/"; flow:to_server,established; http.header; content:"update37.eastus.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37091231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Domain update37.eastus.cloudapp.azure.com"; dns.query; content:"update37.eastus.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])update37\.eastus\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37091241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain update37.eastus.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"update37.eastus.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])update37\.eastus\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37091242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//update.westus.cloudapp.azure.com/download/"; flow:to_server,established; http.header; content:"update.westus.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37091251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Domain update.westus.cloudapp.azure.com"; dns.query; content:"update.westus.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])update\.westus\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37091261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain update.westus.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"update.westus.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])update\.westus\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37091262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 146.235.52.69 $HTTP_PORTS (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//146.235.52.69/download/"; flow:to_server,established; http.header; content:"146.235.52.69"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37091271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> 159.112.177.137 $HTTP_PORTS (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//159.112.177.137/download/"; flow:to_server,established; http.header; content:"159.112.177.137"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37091281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 40.86.174.181 80 (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 40.86.174.181|80"; classtype:trojan-activity; sid:37091291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 88.214.25.254 443 (msg: "MISP e26018 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing To IP: 88.214.25.254|443"; classtype:trojan-activity; sid:37091311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 159.112.177.137 80 (msg: "MISP e26018 [CobaltStrike,cs-watermark-410617911,ORACLE-BMC-31898] Outgoing To IP: 159.112.177.137|80"; classtype:trojan-activity; sid:37091321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 159.112.177.137 80 (msg: "MISP e26223 [] Outgoing To IP: 159.112.177.137|80"; classtype:trojan-activity; sid:37219811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 88.214.25.254 443 (msg: "MISP e26223 [] Outgoing To IP: 88.214.25.254|443"; classtype:trojan-activity; sid:37219821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 40.86.174.181 80 (msg: "MISP e26223 [] Outgoing To IP: 40.86.174.181|80"; classtype:trojan-activity; sid:37219841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 159.112.177.137 $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//159.112.177.137/download/"; flow:to_server,established; http.header; content:"159.112.177.137"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 146.235.52.69 $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//146.235.52.69/download/"; flow:to_server,established; http.header; content:"146.235.52.69"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//update.westus.cloudapp.azure.com/download/"; flow:to_server,established; http.header; content:"update.westus.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain update.westus.cloudapp.azure.com"; dns.query; content:"update.westus.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])update\.westus\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37219881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain update.westus.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"update.westus.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])update\.westus\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain update37.eastus.cloudapp.azure.com"; dns.query; content:"update37.eastus.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])update37\.eastus\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37219891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain update37.eastus.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"update37.eastus.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])update37\.eastus\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain msdn1357.centralus.cloudapp.azure.com"; dns.query; content:"msdn1357.centralus.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])msdn1357\.centralus\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37219901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain msdn1357.centralus.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"msdn1357.centralus.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])msdn1357\.centralus\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//update37.eastus.cloudapp.azure.com/download/"; flow:to_server,established; http.header; content:"update37.eastus.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//msdn1357.centralus.cloudapp.azure.com/download/"; flow:to_server,established; http.header; content:"msdn1357.centralus.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26223 [] Domain msupdate.brazilsouth.cloudapp.azure.com"; dns.query; content:"msupdate.brazilsouth.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])msupdate\.brazilsouth\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37219931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26223 [] Outgoing HTTP Domain msupdate.brazilsouth.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"msupdate.brazilsouth.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])msupdate\.brazilsouth\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37219932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26223 [] Outgoing URL http|3a|//msupdate.brazilsouth.cloudapp.azure.com/download/"; flow:to_server,established; http.header; content:"msupdate.brazilsouth.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/download/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37219941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 37.60.227.156 7 (msg: "MISP e26223 [] Outgoing To IP: 37.60.227.156|7"; classtype:trojan-activity; sid:37219951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 216.218.135.118 9583 (msg: "MISP e26223 [] Outgoing To IP: 216.218.135.118|9583"; classtype:trojan-activity; sid:37219961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 3.125.209.94 17888 (msg: "MISP e26018 [njrat] Outgoing To IP: 3.125.209.94|17888"; classtype:trojan-activity; sid:37091331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 18.192.31.165 17888 (msg: "MISP e26018 [njrat] Outgoing To IP: 18.192.31.165|17888"; classtype:trojan-activity; sid:37091341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.125.223.134 17888 (msg: "MISP e26018 [njrat] Outgoing To IP: 3.125.223.134|17888"; classtype:trojan-activity; sid:37091351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 18.158.249.75 17888 (msg: "MISP e26018 [njrat] Outgoing To IP: 18.158.249.75|17888"; classtype:trojan-activity; sid:37091361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.124.142.205 17888 (msg: "MISP e26018 [njrat] Outgoing To IP: 3.124.142.205|17888"; classtype:trojan-activity; sid:37091371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 3.124.142.205 17888 (msg: "MISP e26223 [] Outgoing To IP: 3.124.142.205|17888"; classtype:trojan-activity; sid:37219971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 18.158.249.75 17888 (msg: "MISP e26223 [] Outgoing To IP: 18.158.249.75|17888"; classtype:trojan-activity; sid:37219981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 3.125.223.134 17888 (msg: "MISP e26223 [] Outgoing To IP: 3.125.223.134|17888"; classtype:trojan-activity; sid:37219991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 18.192.31.165 17888 (msg: "MISP e26223 [] Outgoing To IP: 18.192.31.165|17888"; classtype:trojan-activity; sid:37220001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert ip $HOME_NET any -> 3.125.209.94 17888 (msg: "MISP e26223 [] Outgoing To IP: 3.125.209.94|17888"; classtype:trojan-activity; sid:37220011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert http $HOME_NET any -> 103.183.118.30 $HTTP_PORTS (msg: "MISP e26066 [] Outgoing URL http|3a|//103.183.118.30/NEWTECH/Pivgbgto.dat"; flow:to_server,established; http.header; content:"103.183.118.30"; fast_pattern; nocase; http.uri; content:"/NEWTECH/Pivgbgto.dat"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37114971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26066;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26033 [] Outgoing URL http|3a|//vinted.lol/"; flow:to_server,established; http.header; content:"vinted.lol"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37092601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26033;) alert ip $HOME_NET any -> 3.125.102.39 17888 (msg: "MISP e26223 [] Outgoing To IP: 3.125.102.39|17888"; classtype:trojan-activity; sid:37220021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26223;) alert dns any any -> any any (msg: "MISP e26225 [] Domain vmi.lt-dek.net"; dns.query; content:"vmi.lt-dek.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net$/i"; classtype:trojan-activity; sid:37220071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26225;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26225 [] Outgoing HTTP Domain vmi.lt-dek.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dek.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37220072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26225;) alert http $HOME_NET any -> 18.118.35.133 $HTTP_PORTS (msg: "MISP e26018 [CobaltStrike,cs-watermark-1234567890,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//18.118.35.133/fwlink"; flow:to_server,established; http.header; content:"18.118.35.133"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37091391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 101.37.14.112 80 (msg: "MISP e26018 [CobaltStrike,cs-watermark-1234567890,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing To IP: 101.37.14.112|80"; classtype:trojan-activity; sid:37091401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert dns any any -> any any (msg: "MISP e26217 [] Domain vmi.lt-dek.net"; dns.query; content:"vmi.lt-dek.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net$/i"; classtype:trojan-activity; sid:37216831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26217;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26217 [] Outgoing HTTP Domain vmi.lt-dek.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dek.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26217;) alert dns any any -> any any (msg: "MISP e26216 [] Domain vmi.lt-dek.net"; dns.query; content:"vmi.lt-dek.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net$/i"; classtype:trojan-activity; sid:37216801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26216;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26216 [] Outgoing HTTP Domain vmi.lt-dek.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dek.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26216;) alert dns any any -> any any (msg: "MISP e26226 [] Domain vmi.lt-dek.net"; dns.query; content:"vmi.lt-dek.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net$/i"; classtype:trojan-activity; sid:37220101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26226;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26226 [] Outgoing HTTP Domain vmi.lt-dek.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dek.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37220102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26226;) alert dns any any -> any any (msg: "MISP e26222 [] Domain vmi.lt-dek.net"; dns.query; content:"vmi.lt-dek.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net$/i"; classtype:trojan-activity; sid:37216981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26222;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26222 [] Outgoing HTTP Domain vmi.lt-dek.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dek.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26222;) alert dns any any -> any any (msg: "MISP e26230 [] Domain vmi.lt-dek.net"; dns.query; content:"vmi.lt-dek.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net$/i"; classtype:trojan-activity; sid:37224411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26230;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26230 [] Outgoing HTTP Domain vmi.lt-dek.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dek.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37224412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26230;) alert http $HOME_NET any -> 18.118.35.133 $HTTP_PORTS (msg: "MISP e26227 [CobaltStrike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing URL http|3a|//18.118.35.133/fwlink"; flow:to_server,established; http.header; content:"18.118.35.133"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37220131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 101.37.14.112 80 (msg: "MISP e26227 [CobaltStrike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing To IP: 101.37.14.112|80"; classtype:trojan-activity; sid:37220141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 116.196.106.249 50050 (msg: "MISP e26018 [c2,cobalt_strike] Outgoing To IP: 116.196.106.249|50050"; classtype:trojan-activity; sid:37091411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert ip $HOME_NET any -> 5.42.65.101 11084 (msg: "MISP e26018 [RedLineStealer] Outgoing To IP: 5.42.65.101|11084"; classtype:trojan-activity; sid:37091421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26018 [dcrat] Outgoing URL http|3a|//265003cm.nyashtech.top/gamebigloadwindowscdnuploadstemporary.php"; flow:to_server,established; http.header; content:"265003cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/gamebigloadwindowscdnuploadstemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37091431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26018;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//265003cm.nyashtech.top/GameBigloadwindowscdnUploadsTemporary.php"; flow:to_server,established; http.header; content:"265003cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/GameBigloadwindowscdnUploadsTemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.42.65.101 11084 (msg: "MISP e26227 [] Outgoing To IP: 5.42.65.101|11084"; classtype:trojan-activity; sid:37269161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 116.196.106.249 50050 (msg: "MISP e26227 [] Outgoing To IP: 116.196.106.249|50050"; classtype:trojan-activity; sid:37269171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 72.69.74.23 54984 (msg: "MISP e26070 [c2,NanoCore] Outgoing To IP: 72.69.74.23|54984"; classtype:trojan-activity; sid:37116061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 72.69.74.23 54984 (msg: "MISP e26227 [] Outgoing To IP: 72.69.74.23|54984"; classtype:trojan-activity; sid:37269181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 137.220.197.155 443 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 137.220.197.155|443"; classtype:trojan-activity; sid:37116071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 137.220.197.155 443 (msg: "MISP e26227 [] Outgoing To IP: 137.220.197.155|443"; classtype:trojan-activity; sid:37269201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 110.139.46.105 36969 (msg: "MISP e26070 [QuasarRAT,RAT] Outgoing To IP: 110.139.46.105|36969"; classtype:trojan-activity; sid:37116081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 110.139.46.105 36969 (msg: "MISP e26227 [] Outgoing To IP: 110.139.46.105|36969"; classtype:trojan-activity; sid:37269211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 192.210.236.218 3790 (msg: "MISP e26070 [c2,Meterpreter] Outgoing To IP: 192.210.236.218|3790"; classtype:trojan-activity; sid:37116091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 192.210.236.218 3790 (msg: "MISP e26227 [] Outgoing To IP: 192.210.236.218|3790"; classtype:trojan-activity; sid:37269221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//gigeconomycase.com"; flow:to_server,established; http.header; content:"gigeconomycase.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//pngairservices.com"; flow:to_server,established; http.header; content:"pngairservices.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//basicincomeonline.com"; flow:to_server,established; http.header; content:"basicincomeonline.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//basicincomeonline.com/api/connect"; flow:to_server,established; http.header; content:"basicincomeonline.com"; fast_pattern; nocase; http.uri; content:"/api/connect"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 213.109.202.161 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//213.109.202.161"; flow:to_server,established; http.header; content:"213.109.202.161"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.dewildepinchetti.com/blog/wp-content/plugins/iwp-client/lib/dropbox/oauth/consumer/consumer.php"; flow:to_server,established; http.header; content:"www.dewildepinchetti.com"; fast_pattern; nocase; http.uri; content:"/blog/wp-content/plugins/iwp-client/lib/dropbox/oauth/consumer/consumer.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//carolgraceserves.com/backup-1477507809-wp-includes/requests/exception/http/http.php"; flow:to_server,established; http.header; content:"carolgraceserves.com"; fast_pattern; nocase; http.uri; content:"/backup-1477507809-wp-includes/requests/exception/http/http.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 182.92.201.189 $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//182.92.201.189/wp-content/plugins/adthrive/components/static-files/partials/adcentric/adcentric.php"; flow:to_server,established; http.header; content:"182.92.201.189"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/adthrive/components/static-files/partials/adcentric/adcentric.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//soundculture.pl/wp-content/plugins/layerslider/assets/static/dashicons/dashicons.php"; flow:to_server,established; http.header; content:"soundculture.pl"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/layerslider/assets/static/dashicons/dashicons.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//calendar-pro.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"calendar-pro.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.itenas.ac.id/en/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"www.itenas.ac.id"; fast_pattern; nocase; http.uri; content:"/en/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//thzweb.freesite.host/wp-content/themes/twentytwentyfour/assets/fonts/cardo/cardo.php"; flow:to_server,established; http.header; content:"thzweb.freesite.host"; fast_pattern; nocase; http.uri; content:"/wp-content/themes/twentytwentyfour/assets/fonts/cardo/cardo.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.batondejoie.fr/wp-content/advanced-nocaptcha-recaptcha/freemius/templates/account/partials/partials.php"; flow:to_server,established; http.header; content:"www.batondejoie.fr"; fast_pattern; nocase; http.uri; content:"/wp-content/advanced-nocaptcha-recaptcha/freemius/templates/account/partials/partials.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//v.elegantchina.net/wp-content/plugins/admin-menu-editor-pro/modules/highlight-new-menus/assets/assets.php"; flow:to_server,established; http.header; content:"v.elegantchina.net"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/admin-menu-editor-pro/modules/highlight-new-menus/assets/assets.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//clear.community/administrator/components/com_admin/views/sysinfo/tmpl/tmpl.php"; flow:to_server,established; http.header; content:"clear.community"; fast_pattern; nocase; http.uri; content:"/administrator/components/com_admin/views/sysinfo/tmpl/tmpl.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//cleverthings.org/wp-content/plugins/ad-ace/includes/plugins/visual-composer/elements/elements.php"; flow:to_server,established; http.header; content:"cleverthings.org"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/ad-ace/includes/plugins/visual-composer/elements/elements.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//uranustechnepal.com/test/administrator/components/com_actionlogs/src/controller/controller.php"; flow:to_server,established; http.header; content:"uranustechnepal.com"; fast_pattern; nocase; http.uri; content:"/test/administrator/components/com_actionlogs/src/controller/controller.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//goldenringsoman.com/admin/controller/extension/module/waclient/waclient.php"; flow:to_server,established; http.header; content:"goldenringsoman.com"; fast_pattern; nocase; http.uri; content:"/admin/controller/extension/module/waclient/waclient.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 49.232.231.163 $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//49.232.231.163/wp-content/plugins/themeisle-companion/obfx_modules/beaver-widgets/custom-fields/number-field/number-field.php"; flow:to_server,established; http.header; content:"49.232.231.163"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/themeisle-companion/obfx_modules/beaver-widgets/custom-fields/number-field/number-field.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//starzbus.com/wp-content/plugins/all-in-one-wp-migration/lib/view/view.php"; flow:to_server,established; http.header; content:"starzbus.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/view/view.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//conectadosradio.com/wp-content/plugins/creame-whatsapp-me/public/css/css.php"; flow:to_server,established; http.header; content:"conectadosradio.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/creame-whatsapp-me/public/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//toyotamanilabay.com.ph/tsure/wp-content/themes/twentytwentyone/assets/sass/06-components/06-components.php"; flow:to_server,established; http.header; content:"toyotamanilabay.com.ph"; fast_pattern; nocase; http.uri; content:"/tsure/wp-content/themes/twentytwentyone/assets/sass/06-components/06-components.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//cc.fenxiang.xyz/wp-content/plugins/page-scroll-to-id/includes/blocks/blocks.php"; flow:to_server,established; http.header; content:"cc.fenxiang.xyz"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/page-scroll-to-id/includes/blocks/blocks.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//ajustsolutions.com/wp-content/cache/min/1/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-contact-form-7.php"; flow:to_server,established; http.header; content:"ajustsolutions.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/min/1/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-contact-form-7.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//neicweb.com/jspdf/docs/scripts/prettify/prettify.php"; flow:to_server,established; http.header; content:"neicweb.com"; fast_pattern; nocase; http.uri; content:"/jspdf/docs/scripts/prettify/prettify.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.buildingblocksacademy.net/wp-content/cache/min/1/wp-content/plugins/pressapps-login-access/includes/skelet/assets/assets.php"; flow:to_server,established; http.header; content:"www.buildingblocksacademy.net"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/min/1/wp-content/plugins/pressapps-login-access/includes/skelet/assets/assets.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.buildingblocksacademyalvin.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"www.buildingblocksacademyalvin.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.scatolificiosantanna.it/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"www.scatolificiosantanna.it"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//libarts.pnu.ac.th/wp-content/cache/libarts.pnu.ac.th/all/1649/feed/feed.js"; flow:to_server,established; http.header; content:"libarts.pnu.ac.th"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/libarts.pnu.ac.th/all/1649/feed/feed.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//mmoseronelink.com/360/sap/sap_3data/cafe_2_105/html5/html5.php"; flow:to_server,established; http.header; content:"mmoseronelink.com"; fast_pattern; nocase; http.uri; content:"/360/sap/sap_3data/cafe_2_105/html5/html5.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//idiomas2.8belts.com/wordpress/wp-content/cache/db/singletables/3e7/d91/d91.php"; flow:to_server,established; http.header; content:"idiomas2.8belts.com"; fast_pattern; nocase; http.uri; content:"/wordpress/wp-content/cache/db/singletables/3e7/d91/d91.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//futxtrm.com/backup29112022/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"futxtrm.com"; fast_pattern; nocase; http.uri; content:"/backup29112022/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.nseituat.com/nseit/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.js"; flow:to_server,established; http.header; content:"www.nseituat.com"; fast_pattern; nocase; http.uri; content:"/nseit/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//iustore.7uptheme.net/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"iustore.7uptheme.net"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//haustiere.7uptheme.net/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"haustiere.7uptheme.net"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//skillhut.com/naacmodules/jquery-ui-1.12.1.custom/images/images.php"; flow:to_server,established; http.header; content:"skillhut.com"; fast_pattern; nocase; http.uri; content:"/naacmodules/jquery-ui-1.12.1.custom/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//psiewdr.org/atlas/mobile/javascript/javascript.php"; flow:to_server,established; http.header; content:"psiewdr.org"; fast_pattern; nocase; http.uri; content:"/atlas/mobile/javascript/javascript.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//eliteelevators.in/home-elevators/images/authors/authors.php"; flow:to_server,established; http.header; content:"eliteelevators.in"; fast_pattern; nocase; http.uri; content:"/home-elevators/images/authors/authors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//brown1.ezmartech.com/backups/wp-content/plugins/acf-extended/includes/admin/views/views.php"; flow:to_server,established; http.header; content:"brown1.ezmartech.com"; fast_pattern; nocase; http.uri; content:"/backups/wp-content/plugins/acf-extended/includes/admin/views/views.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//iserveindia.com/wp-content/plugins/advanced-custom-fields/assets/inc/datepicker/images/images.php"; flow:to_server,established; http.header; content:"iserveindia.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/inc/datepicker/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//petdelicia.com.br/assinatura/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"petdelicia.com.br"; fast_pattern; nocase; http.uri; content:"/assinatura/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//handy.7uptheme.net/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"handy.7uptheme.net"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.cronoscapitalpartners.it/wp-content/cache/page_enhanced/www.cronoscapitalpartners.it/www.cronoscapitalpartners.it.php"; flow:to_server,established; http.header; content:"www.cronoscapitalpartners.it"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/page_enhanced/www.cronoscapitalpartners.it/www.cronoscapitalpartners.it.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37118991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//digitalepartner.com/impresistem/guzzlehttp/adapter/curl/curl.php"; flow:to_server,established; http.header; content:"digitalepartner.com"; fast_pattern; nocase; http.uri; content:"/impresistem/guzzlehttp/adapter/curl/curl.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//skincare.7uptheme.net/wp-includes/simplepie/content/type/type.js"; flow:to_server,established; http.header; content:"skincare.7uptheme.net"; fast_pattern; nocase; http.uri; content:"/wp-includes/simplepie/content/type/type.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//vidhionline.com/player-api-master/actionscript/deploy/assets/assets.php"; flow:to_server,established; http.header; content:"vidhionline.com"; fast_pattern; nocase; http.uri; content:"/player-api-master/actionscript/deploy/assets/assets.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.easisell.com/wp-content/cache/page_enhanced/www.easisell.com/best-way-to-use-colour-wheel-for-website-design-2/best-way-to-use-colour-wheel-for-website-design-2.php"; flow:to_server,established; http.header; content:"www.easisell.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/page_enhanced/www.easisell.com/best-way-to-use-colour-wheel-for-website-design-2/best-way-to-use-colour-wheel-for-website-design-2.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//juliem-ladeco.fr/wp-content/plugins/ag-custom-admin/images/images.php"; flow:to_server,established; http.header; content:"juliem-ladeco.fr"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/ag-custom-admin/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//burialinsurancepro.org/wp-includes/simplepie/content/type/type.php"; flow:to_server,established; http.header; content:"burialinsurancepro.org"; fast_pattern; nocase; http.uri; content:"/wp-includes/simplepie/content/type/type.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.indian-designs.com/wp-content/plugins/backup/all-in-one-seo-pack-pro/app/common/importexport/rankmath/rankmath.js"; flow:to_server,established; http.header; content:"www.indian-designs.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/backup/all-in-one-seo-pack-pro/app/common/importexport/rankmath/rankmath.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//wholesaletoys.pk/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"wholesaletoys.pk"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 3.110.136.110 $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//3.110.136.110/wp-content/plugins/all-in-one-seo-pack/app/common/schema/graphs/graphs.php"; flow:to_server,established; http.header; content:"3.110.136.110"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/common/schema/graphs/graphs.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//shop.ggarabia.com/wp-content/plugins/acf-quickedit-fields/include/acfquickedit/acfquickedit.php"; flow:to_server,established; http.header; content:"shop.ggarabia.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/acf-quickedit-fields/include/acfquickedit/acfquickedit.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//projects.njgraphica.com/aroma/dark/assets/plugins/datatable/css/css.js"; flow:to_server,established; http.header; content:"projects.njgraphica.com"; fast_pattern; nocase; http.uri; content:"/aroma/dark/assets/plugins/datatable/css/css.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//versitaopen.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"versitaopen.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//dsefaywhq.preview.infomaniak.website/wp-content/plugins/layerslider/assets/static/admin/img/slider/slider.php"; flow:to_server,established; http.header; content:"dsefaywhq.preview.infomaniak.website"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/layerslider/assets/static/admin/img/slider/slider.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//chatsky.club/sky/wp-content/plugins/apollo13-framework-extensions/design_importer/a13-wordpress-importer/a13-wordpress-importer.php"; flow:to_server,established; http.header; content:"chatsky.club"; fast_pattern; nocase; http.uri; content:"/sky/wp-content/plugins/apollo13-framework-extensions/design_importer/a13-wordpress-importer/a13-wordpress-importer.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 139.99.50.175 $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//139.99.50.175/configofr/configofr.php"; flow:to_server,established; http.header; content:"139.99.50.175"; fast_pattern; nocase; http.uri; content:"/configofr/configofr.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.atouchoflovechildrenscenter.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"www.atouchoflovechildrenscenter.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//stage.idandigitali.co.il/wp-content/plugins/advanced-custom-fields/assets/build/css/css.php"; flow:to_server,established; http.header; content:"stage.idandigitali.co.il"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/build/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//cruxbd.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"cruxbd.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//topsportsteams.com/prod_link/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"topsportsteams.com"; fast_pattern; nocase; http.uri; content:"/prod_link/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//fixituae.com/fgs/vendor/bmwfont/specimen_files/specimen_files.php"; flow:to_server,established; http.header; content:"fixituae.com"; fast_pattern; nocase; http.uri; content:"/fgs/vendor/bmwfont/specimen_files/specimen_files.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//mehryar.mazyar.org/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"mehryar.mazyar.org"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//api.algoyab.com/wp-content/plugins/admin-menu-editor/modules/access-editor/access-editor.php"; flow:to_server,established; http.header; content:"api.algoyab.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/admin-menu-editor/modules/access-editor/access-editor.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//devsite.scarlettslandscaping.com/wp-includes/simplepie/decode/html/html.php"; flow:to_server,established; http.header; content:"devsite.scarlettslandscaping.com"; fast_pattern; nocase; http.uri; content:"/wp-includes/simplepie/decode/html/html.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//elparian.com.mx/paginaviejita/fancybox/recursos/nova-multipurpose-site-template/nova/images/sample/sample.php"; flow:to_server,established; http.header; content:"elparian.com.mx"; fast_pattern; nocase; http.uri; content:"/paginaviejita/fancybox/recursos/nova-multipurpose-site-template/nova/images/sample/sample.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//shgl.chao1227.com/wp-content/languages/plugins/plugins.php"; flow:to_server,established; http.header; content:"shgl.chao1227.com"; fast_pattern; nocase; http.uri; content:"/wp-content/languages/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//erolsalcan.com/wp-content/cache/wp-rocket/erolsalcan.com/bilgilendirme-tesekkuru/bilgilendirme-tesekkuru.php"; flow:to_server,established; http.header; content:"erolsalcan.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/wp-rocket/erolsalcan.com/bilgilendirme-tesekkuru/bilgilendirme-tesekkuru.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//boomndeal.com/wp-content/plugins/all-in-one-seo-pack/app/common/schema/graphs/graphs.php"; flow:to_server,established; http.header; content:"boomndeal.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/common/schema/graphs/graphs.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//bmn-es.com/wp-content/plugins/advanced-custom-fields/assets/inc/color-picker-alpha/color-picker-alpha.php"; flow:to_server,established; http.header; content:"bmn-es.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/inc/color-picker-alpha/color-picker-alpha.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 39.99.63.187 $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//39.99.63.187/wp-includes/simplepie/content/type/type.php"; flow:to_server,established; http.header; content:"39.99.63.187"; fast_pattern; nocase; http.uri; content:"/wp-includes/simplepie/content/type/type.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//clanped2025.com.br/wp-content/plugins/advanced-custom-fields-pro/pro/admin/views/views.php"; flow:to_server,established; http.header; content:"clanped2025.com.br"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/pro/admin/views/views.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.kwik.tn/spero/vendor/automattic/woocommerce/tests/woocommerce/tests/tests.php"; flow:to_server,established; http.header; content:"www.kwik.tn"; fast_pattern; nocase; http.uri; content:"/spero/vendor/automattic/woocommerce/tests/woocommerce/tests/tests.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//jaimefoxmusic.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"jaimefoxmusic.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//wp.korinek.link/wp-content/languages/plugins/plugins.php"; flow:to_server,established; http.header; content:"wp.korinek.link"; fast_pattern; nocase; http.uri; content:"/wp-content/languages/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.chequeado.com/2015inreview/especial2015/images/prettyphoto/dark_rounded/dark_rounded.js"; flow:to_server,established; http.header; content:"www.chequeado.com"; fast_pattern; nocase; http.uri; content:"/2015inreview/especial2015/images/prettyphoto/dark_rounded/dark_rounded.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//version.urban-truth.com/storage/framework/cache/cache.php"; flow:to_server,established; http.header; content:"version.urban-truth.com"; fast_pattern; nocase; http.uri; content:"/storage/framework/cache/cache.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.asterism.co.nz/wp-admin/css/colors/modern/modern/modern/modern/modern/modern.php"; flow:to_server,established; http.header; content:"www.asterism.co.nz"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/modern/modern/modern/modern/modern/modern.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//nikesoccerbootoutletol.com/wp-content/plugins/all-in-one-seo-pack/app/common/integrations/integrations.php"; flow:to_server,established; http.header; content:"nikesoccerbootoutletol.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/common/integrations/integrations.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//swedenborgian-gangw.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.js"; flow:to_server,established; http.header; content:"swedenborgian-gangw.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//coccal-pocket.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"coccal-pocket.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//lonuestrogsm.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/img/whats-new/whats-new.js"; flow:to_server,established; http.header; content:"lonuestrogsm.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/img/whats-new/whats-new.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//paperbound-bulk.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.js"; flow:to_server,established; http.header; content:"paperbound-bulk.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//cartwheels.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"cartwheels.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//battological-envelo.000webhostapp.com/wp-content/plugins/all-in-one-seo-pack/app/common/searchstatistics/searchstatistics.js"; flow:to_server,established; http.header; content:"battological-envelo.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/common/searchstatistics/searchstatistics.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//gtaonlinestore.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"gtaonlinestore.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//0777arsy.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"0777arsy.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//firdesktop.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"firdesktop.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//congregacionkoinonia.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.js"; flow:to_server,established; http.header; content:"congregacionkoinonia.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//jenniferhallasi652005.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"jenniferhallasi652005.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//go4clinic.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"go4clinic.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//savemuch.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"savemuch.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//hamza738.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"hamza738.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//trialstaging.trialrun.us/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"trialstaging.trialrun.us"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//anfal.com.pk/wp-content/plugins/_ithemes-security-pro/core/lib/lockout/execute-lock/execute-lock.php"; flow:to_server,established; http.header; content:"anfal.com.pk"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/_ithemes-security-pro/core/lib/lockout/execute-lock/execute-lock.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//blog.qrstaff.in/wp-content/plugins/all-in-one-seo-pack/app/common/schema/graphs/traits/traits.php"; flow:to_server,established; http.header; content:"blog.qrstaff.in"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/common/schema/graphs/traits/traits.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//plazanorte.pe/wp-content/wp-content.php"; flow:to_server,established; http.header; content:"plazanorte.pe"; fast_pattern; nocase; http.uri; content:"/wp-content/wp-content.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//rossanalabs.com/wp/wp-content/plugins/attachments/deprecated/css/css.php"; flow:to_server,established; http.header; content:"rossanalabs.com"; fast_pattern; nocase; http.uri; content:"/wp/wp-content/plugins/attachments/deprecated/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.xinyizhou0310.com/well-known/acme-challenge/a/a/b/a/a.php"; flow:to_server,established; http.header; content:"www.xinyizhou0310.com"; fast_pattern; nocase; http.uri; content:"/well-known/acme-challenge/a/a/b/a/a.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//ade.tw/wordpress/wp-content/plugins/layerslider/static/codemirror/codemirror.php"; flow:to_server,established; http.header; content:"ade.tw"; fast_pattern; nocase; http.uri; content:"/wordpress/wp-content/plugins/layerslider/static/codemirror/codemirror.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//jkagri.com/financials/unaud30092007_files/sheet001_files/sheet001_files.php"; flow:to_server,established; http.header; content:"jkagri.com"; fast_pattern; nocase; http.uri; content:"/financials/unaud30092007_files/sheet001_files/sheet001_files.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//proxyknow.com/phpmyadmin/js/vendor/jqplot/plugins/plugins.php"; flow:to_server,established; http.header; content:"proxyknow.com"; fast_pattern; nocase; http.uri; content:"/phpmyadmin/js/vendor/jqplot/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//sosiologi.fisip.unpad.ac.id/wp-content/plugins/elementor/app/modules/kit-library/data/kits/endpoints/endpoints.php"; flow:to_server,established; http.header; content:"sosiologi.fisip.unpad.ac.id"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/elementor/app/modules/kit-library/data/kits/endpoints/endpoints.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//uat.zeroowatch.com/wp-content/cache/min/1/wp-content/plugins/social-feed-widgets-for-elementor-using-smash-balloon/assets/css/css.php"; flow:to_server,established; http.header; content:"uat.zeroowatch.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/min/1/wp-content/plugins/social-feed-widgets-for-elementor-using-smash-balloon/assets/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//dental.simptomi.rs/wp-content/endurance-page-cache/endurance-page-cache.php"; flow:to_server,established; http.header; content:"dental.simptomi.rs"; fast_pattern; nocase; http.uri; content:"/wp-content/endurance-page-cache/endurance-page-cache.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//garage.the-namers.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"garage.the-namers.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//ec2-175-41-161-53.ap-southeast-1.compute.amazonaws.com/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; flow:to_server,established; http.header; content:"ec2-175-41-161-53.ap-southeast-1.compute.amazonaws.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//cxosnextgen.com/demo/wp-content/plugins/elementor/assets/images/app/site-editor/site-editor.php"; flow:to_server,established; http.header; content:"cxosnextgen.com"; fast_pattern; nocase; http.uri; content:"/demo/wp-content/plugins/elementor/assets/images/app/site-editor/site-editor.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//hlcelms-new.herminahospitals.com/admin/tool/availabilityconditions/tests/behat/behat.php"; flow:to_server,established; http.header; content:"hlcelms-new.herminahospitals.com"; fast_pattern; nocase; http.uri; content:"/admin/tool/availabilityconditions/tests/behat/behat.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//insureafrica.co.za/wp-content/plugins/astra-sites/inc/classes/compatibility/astra-pro/astra-pro.php"; flow:to_server,established; http.header; content:"insureafrica.co.za"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/astra-sites/inc/classes/compatibility/astra-pro/astra-pro.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//cactusgroupwebtest.com/demos/1stbeauty/wp-content/plugins/better-search-replace/assets/img/img.php"; flow:to_server,established; http.header; content:"cactusgroupwebtest.com"; fast_pattern; nocase; http.uri; content:"/demos/1stbeauty/wp-content/plugins/better-search-replace/assets/img/img.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//a-onevacuums.com/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; flow:to_server,established; http.header; content:"a-onevacuums.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//legrainparis.fr/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"legrainparis.fr"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//teamvedika.com/admin/counter/change_images/logo/logo.php"; flow:to_server,established; http.header; content:"teamvedika.com"; fast_pattern; nocase; http.uri; content:"/admin/counter/change_images/logo/logo.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//noonanwaste.com/wp-content/plugins/admin-menu-editor/modules/access-editor/access-editor.php"; flow:to_server,established; http.header; content:"noonanwaste.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/admin-menu-editor/modules/access-editor/access-editor.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//abrito.wecreateyou.pt/wp-content/plugins/advanced-custom-fields/assets/inc/datepicker/images/images.php"; flow:to_server,established; http.header; content:"abrito.wecreateyou.pt"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/inc/datepicker/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//lisbonvinylcutters.com/__macosx/img/portfolio/fullsize/fullsize.php"; flow:to_server,established; http.header; content:"lisbonvinylcutters.com"; fast_pattern; nocase; http.uri; content:"/__macosx/img/portfolio/fullsize/fullsize.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//job-test.ifrigate.ru/wp-content/plugins/all-in-one-seo-pack/app/common/api/integrations/integrations.php"; flow:to_server,established; http.header; content:"job-test.ifrigate.ru"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/common/api/integrations/integrations.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//iscrizione.handmadecampania.it/wp-content/plugins/coming-soon/languages/languages.php"; flow:to_server,established; http.header; content:"iscrizione.handmadecampania.it"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/coming-soon/languages/languages.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//archiwummuzeumziemizbaszynskiej.zck.org.pl/wp-content/plugins/burst-statistics/assets/css/admin/modules/dashboard/dashboard.php"; flow:to_server,established; http.header; content:"archiwummuzeumziemizbaszynskiej.zck.org.pl"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/burst-statistics/assets/css/admin/modules/dashboard/dashboard.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//inno.obec.go.th/1tambon1school/schsurvey/core/core.php"; flow:to_server,established; http.header; content:"inno.obec.go.th"; fast_pattern; nocase; http.uri; content:"/1tambon1school/schsurvey/core/core.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.bericht.es/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"www.bericht.es"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//blog.learningpie.in/test/wordpress/wp-content/themes/twentynineteen/template-parts/content/content.js"; flow:to_server,established; http.header; content:"blog.learningpie.in"; fast_pattern; nocase; http.uri; content:"/test/wordpress/wp-content/themes/twentynineteen/template-parts/content/content.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//1storiginal.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"1storiginal.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//mobile.wisechoicesupplements.ph/wp-content/cache/object/010/449/449.php"; flow:to_server,established; http.header; content:"mobile.wisechoicesupplements.ph"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/object/010/449/449.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.jrun.com.hk/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/images/images.js"; flow:to_server,established; http.header; content:"www.jrun.com.hk"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/images/images.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//appercity.com/wp-content/plugins/advanced-iframe/css/css.php"; flow:to_server,established; http.header; content:"appercity.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-iframe/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//e-tirechains.com/wp-content/plugins/all-in-one-seo-pack/app/common/api/integrations/integrations.php"; flow:to_server,established; http.header; content:"e-tirechains.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/common/api/integrations/integrations.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//giraganaceuti.compradondevives.es/wp-content/plugins/duplicator-pro/assets/css/images/images.php"; flow:to_server,established; http.header; content:"giraganaceuti.compradondevives.es"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/duplicator-pro/assets/css/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//mercadochubut.gob.ar/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; flow:to_server,established; http.header; content:"mercadochubut.gob.ar"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//bp8k4k.serveravatartmp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"bp8k4k.serveravatartmp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//cvts.rut.digital/wp-content/plugins/classic-editor/classic-editor.js"; flow:to_server,established; http.header; content:"cvts.rut.digital"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/classic-editor/classic-editor.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//sanicorpec.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"sanicorpec.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.comunidadfit.com/wp-content/plugins/bodycenter-extra/lib/scssphp/compass/stylesheets/compass/utilities/color/color.php"; flow:to_server,established; http.header; content:"www.comunidadfit.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/bodycenter-extra/lib/scssphp/compass/stylesheets/compass/utilities/color/color.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//wheelsonthedanforth.ca/wp-content/endurance-page-cache/category/uncategorized/uncategorized.php"; flow:to_server,established; http.header; content:"wheelsonthedanforth.ca"; fast_pattern; nocase; http.uri; content:"/wp-content/endurance-page-cache/category/uncategorized/uncategorized.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//balangabriel.com/wp-content/plugins/advanced-custom-fields-pro/assets/css/css.php"; flow:to_server,established; http.header; content:"balangabriel.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//ssl.news/wp-content/plugins/blog-manager-wp/assets/images/arrow/arrow.php"; flow:to_server,established; http.header; content:"ssl.news"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/blog-manager-wp/assets/images/arrow/arrow.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//interplast.com/wp-content/plugins/ebor-framework-master/metaboxes/css/sass/partials/partials.php"; flow:to_server,established; http.header; content:"interplast.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/ebor-framework-master/metaboxes/css/sass/partials/partials.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//english.cabrerallamas.com/wp-content/cache/object/037/b5a/b5a.js"; flow:to_server,established; http.header; content:"english.cabrerallamas.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/object/037/b5a/b5a.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//pharmahome.ae/wp-content/cache/supercache/pharmahome.ae/ar/comments/feed/feed.php"; flow:to_server,established; http.header; content:"pharmahome.ae"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/supercache/pharmahome.ae/ar/comments/feed/feed.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//matesonthemove.org/wp-content/plugins/bluehost-wordpress-plugin/vendor/doctrine/inflector/lib/doctrine/common/common.php"; flow:to_server,established; http.header; content:"matesonthemove.org"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/bluehost-wordpress-plugin/vendor/doctrine/inflector/lib/doctrine/common/common.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.7-dots.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.php"; flow:to_server,established; http.header; content:"www.7-dots.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37119991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//relacion.traxxcp.com.au/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"relacion.traxxcp.com.au"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//xbaseweb.com/wp-content/languages/languages.php"; flow:to_server,established; http.header; content:"xbaseweb.com"; fast_pattern; nocase; http.uri; content:"/wp-content/languages/languages.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//femza.org.ar/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.js"; flow:to_server,established; http.header; content:"femza.org.ar"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//track.dioslogistics.com/wp-content/cache/page_enhanced/track.dioslogistics.com/category/uncategorized/uncategorized.php"; flow:to_server,established; http.header; content:"track.dioslogistics.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/page_enhanced/track.dioslogistics.com/category/uncategorized/uncategorized.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//roughdiamond.jp/wp/wp-content/themes/twentytwenty/assets/images/images.php"; flow:to_server,established; http.header; content:"roughdiamond.jp"; fast_pattern; nocase; http.uri; content:"/wp/wp-content/themes/twentytwenty/assets/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//emvision.com.my/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; flow:to_server,established; http.header; content:"emvision.com.my"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//rashidaljabrigroup.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"rashidaljabrigroup.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//shrachirealty.com/wp-admin/css/css.php"; flow:to_server,established; http.header; content:"shrachirealty.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//store.powermatic.co.th/wp-includes/simplepie/xml/declaration/declaration.php"; flow:to_server,established; http.header; content:"store.powermatic.co.th"; fast_pattern; nocase; http.uri; content:"/wp-includes/simplepie/xml/declaration/declaration.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//annybrenn.com/wp-content/plugins/ajax-search-lite/backend/settings/assets/icons/icons.php"; flow:to_server,established; http.header; content:"annybrenn.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/ajax-search-lite/backend/settings/assets/icons/icons.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.ccfg-conakry.org/img/distant/jpg/jpg.php"; flow:to_server,established; http.header; content:"www.ccfg-conakry.org"; fast_pattern; nocase; http.uri; content:"/img/distant/jpg/jpg.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//szerviz.microstore.hu/core/languages/plugins/plugins.php"; flow:to_server,established; http.header; content:"szerviz.microstore.hu"; fast_pattern; nocase; http.uri; content:"/core/languages/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//aclarilari.com/baystate/wp-content/plugins/cherry-plugin/lib/js/flexslider/fonts/fonts.php"; flow:to_server,established; http.header; content:"aclarilari.com"; fast_pattern; nocase; http.uri; content:"/baystate/wp-content/plugins/cherry-plugin/lib/js/flexslider/fonts/fonts.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//medisur-rgl.com.ar/wp-admin/wp-admin.php"; flow:to_server,established; http.header; content:"medisur-rgl.com.ar"; fast_pattern; nocase; http.uri; content:"/wp-admin/wp-admin.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//ygbrandmaker.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"ygbrandmaker.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//ybc77.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"ybc77.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//computerteknik.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"computerteknik.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//latinate-matters.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"latinate-matters.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//bhawpals.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/css/css.js"; flow:to_server,established; http.header; content:"bhawpals.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/css/css.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//moveterramogi.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"moveterramogi.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//merelio.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"merelio.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//florquedafulgor.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"florquedafulgor.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//alyamama78.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.js"; flow:to_server,established; http.header; content:"alyamama78.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/exceptions/exceptions.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//regaloscaos.es.ht/wp-content/plugins/wp-statistics/assets/dev/sass/component/placeholder/placeholder.php"; flow:to_server,established; http.header; content:"regaloscaos.es.ht"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/wp-statistics/assets/dev/sass/component/placeholder/placeholder.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//tsc.signalovernoise.co.uk/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.php"; flow:to_server,established; http.header; content:"tsc.signalovernoise.co.uk"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//progeturepublica.net/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"progeturepublica.net"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//sakarealestate.co.uk/wp-content/cache/object/042/9f1/9f1.php"; flow:to_server,established; http.header; content:"sakarealestate.co.uk"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/object/042/9f1/9f1.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//test.bigbeautifulbuys.com/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; flow:to_server,established; http.header; content:"test.bigbeautifulbuys.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//demo46.itaoda.com/wp-content/plugins/adminify-pro/inc/modules/admincolumns/assets/assets.php"; flow:to_server,established; http.header; content:"demo46.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/adminify-pro/inc/modules/admincolumns/assets/assets.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//demo5.itaoda.com/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; flow:to_server,established; http.header; content:"demo5.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//demo1.itaoda.com/wp-content/plugins/astra-addon/addons/advanced-headers/assets/js/minified/minified.php"; flow:to_server,established; http.header; content:"demo1.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/astra-addon/addons/advanced-headers/assets/js/minified/minified.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//demo21.itaoda.com/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; flow:to_server,established; http.header; content:"demo21.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//demo40.itaoda.com/wp-content/plugins/adminify-pro/inc/modules/admincolumns/assets/css/css.php"; flow:to_server,established; http.header; content:"demo40.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/adminify-pro/inc/modules/admincolumns/assets/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//demo3.itaoda.com/wp-content/plugins/advanced-custom-fields-pro/assets/images/field-states/field-states.php"; flow:to_server,established; http.header; content:"demo3.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/images/field-states/field-states.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//demo31.itaoda.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"demo31.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//demo56.itaoda.com/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; flow:to_server,established; http.header; content:"demo56.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//crossco.semseo3.beget.tech/wp-content/plugins/contact-form-7/includes/js/jquery-ui/jquery-ui.php"; flow:to_server,established; http.header; content:"crossco.semseo3.beget.tech"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/contact-form-7/includes/js/jquery-ui/jquery-ui.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//idt.builderallwppro.com/wp-content/plugins/builderall-cheetah-for-wp/extensions/ba-cheetah-cache-helper/classes/classes.php"; flow:to_server,established; http.header; content:"idt.builderallwppro.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/builderall-cheetah-for-wp/extensions/ba-cheetah-cache-helper/classes/classes.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.fbstapes.ru/wp-content/themes/twentyseventeen/assets/fonts/libre-franklin/libre-franklin.js"; flow:to_server,established; http.header; content:"www.fbstapes.ru"; fast_pattern; nocase; http.uri; content:"/wp-content/themes/twentyseventeen/assets/fonts/libre-franklin/libre-franklin.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//serwis-impacto.pl/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"serwis-impacto.pl"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//lawconsult.pe/wp-content/languages/plugins/plugins.php"; flow:to_server,established; http.header; content:"lawconsult.pe"; fast_pattern; nocase; http.uri; content:"/wp-content/languages/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//bellejamaica.com/wp-content/endurance-page-cache/2022/01/138-student-living-uwi-agree-new-concession-terms-business/138-student-living-uwi-agree-new-concession-terms-business.php"; flow:to_server,established; http.header; content:"bellejamaica.com"; fast_pattern; nocase; http.uri; content:"/wp-content/endurance-page-cache/2022/01/138-student-living-uwi-agree-new-concession-terms-business/138-student-living-uwi-agree-new-concession-terms-business.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//new.mullicatownship.org/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"new.mullicatownship.org"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//danieltravels.net/wp-content/newfold-page-cache/unpicturesquely9lbcy/2f56bactos463103/2f56bactos463103.php"; flow:to_server,established; http.header; content:"danieltravels.net"; fast_pattern; nocase; http.uri; content:"/wp-content/newfold-page-cache/unpicturesquely9lbcy/2f56bactos463103/2f56bactos463103.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//drsohrabi.net/ar/wp-content/plugins/dopts/libraries/gui/images/colorpicker/colorpicker.js"; flow:to_server,established; http.header; content:"drsohrabi.net"; fast_pattern; nocase; http.uri; content:"/ar/wp-content/plugins/dopts/libraries/gui/images/colorpicker/colorpicker.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//car.hapeye.net/wp-content/plugins/code-snippets/css/min/editor-themes/editor-themes.php"; flow:to_server,established; http.header; content:"car.hapeye.net"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/code-snippets/css/min/editor-themes/editor-themes.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//nidaagroup.net/iraq/wp-content/plugins/accesspress-social-counter/inc/backend/boards/boards.php"; flow:to_server,established; http.header; content:"nidaagroup.net"; fast_pattern; nocase; http.uri; content:"/iraq/wp-content/plugins/accesspress-social-counter/inc/backend/boards/boards.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//druck.7uptheme.net/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"druck.7uptheme.net"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//jac.b-a.group/old/wp-content/plugins/contact-form-7/includes/js/jquery-ui/jquery-ui.php"; flow:to_server,established; http.header; content:"jac.b-a.group"; fast_pattern; nocase; http.uri; content:"/old/wp-content/plugins/contact-form-7/includes/js/jquery-ui/jquery-ui.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//vselectrics.gr/wp-content/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-and-firewall.php"; flow:to_server,established; http.header; content:"vselectrics.gr"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-and-firewall.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//dev.edades-west.make.technology/app/mu-plugins/acf-medium-editor-field/assets/vendor/medium-editor/css/themes/themes.php"; flow:to_server,established; http.header; content:"dev.edades-west.make.technology"; fast_pattern; nocase; http.uri; content:"/app/mu-plugins/acf-medium-editor-field/assets/vendor/medium-editor/css/themes/themes.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//formulario1.frontec.cl/well-known/acme-challenge/a/a/a/a/a.php"; flow:to_server,established; http.header; content:"formulario1.frontec.cl"; fast_pattern; nocase; http.uri; content:"/well-known/acme-challenge/a/a/a/a/a.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//tcmtecnologia.com/wp-content/plugins/plugin_epayco_woocommerce/includes/admin/admin.php"; flow:to_server,established; http.header; content:"tcmtecnologia.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/plugin_epayco_woocommerce/includes/admin/admin.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//nimbroeducation.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"nimbroeducation.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//dreclass.com/cache/cache.php"; flow:to_server,established; http.header; content:"dreclass.com"; fast_pattern; nocase; http.uri; content:"/cache/cache.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.noels.be/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"www.noels.be"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.yourchoiceplumbers.com.au/bakup4_21_2021/wp-content/cache/page_enhanced/www.yourchoiceplumbers.com.au/2017/06/06.php"; flow:to_server,established; http.header; content:"www.yourchoiceplumbers.com.au"; fast_pattern; nocase; http.uri; content:"/bakup4_21_2021/wp-content/cache/page_enhanced/www.yourchoiceplumbers.com.au/2017/06/06.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//assuredtreecare.com.au/wp-content/plugins/cf7-conditional-fields/jsdoc-out/scripts/prettify/prettify.php"; flow:to_server,established; http.header; content:"assuredtreecare.com.au"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/cf7-conditional-fields/jsdoc-out/scripts/prettify/prettify.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//employee1.1ummah.org.au/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; flow:to_server,established; http.header; content:"employee1.1ummah.org.au"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//staging.aspectuw.com.au/wp-content/plugins/advanced-custom-fields-pro-master/assets/js/js.php"; flow:to_server,established; http.header; content:"staging.aspectuw.com.au"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro-master/assets/js/js.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//noticiaseh.com.ar/wp-content/plugins/amp/assets/images/reader-themes/reader-themes.php"; flow:to_server,established; http.header; content:"noticiaseh.com.ar"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/amp/assets/images/reader-themes/reader-themes.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//netzheft.frnrw.de/netzheft/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"netzheft.frnrw.de"; fast_pattern; nocase; http.uri; content:"/netzheft/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//student.simplelifestrategies.com/wp-content/plugins/affiliate-wp/includes/admin/payouts/payouts.js"; flow:to_server,established; http.header; content:"student.simplelifestrategies.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/affiliate-wp/includes/admin/payouts/payouts.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.darskhososy.com/wordpress/wp-content/themes/twentyfifteen/genericons/genericons/genericons.php"; flow:to_server,established; http.header; content:"www.darskhososy.com"; fast_pattern; nocase; http.uri; content:"/wordpress/wp-content/themes/twentyfifteen/genericons/genericons/genericons.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//staging.secuodsoft.com/bulksmspull/assets/plugins/datatables-fixedheader/css/css.php"; flow:to_server,established; http.header; content:"staging.secuodsoft.com"; fast_pattern; nocase; http.uri; content:"/bulksmspull/assets/plugins/datatables-fixedheader/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//lms.tonalismo.com/wp-content/languages/plugins/plugins.php"; flow:to_server,established; http.header; content:"lms.tonalismo.com"; fast_pattern; nocase; http.uri; content:"/wp-content/languages/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//awlandsafaris.com/awlandsafaris.com.php"; flow:to_server,established; http.header; content:"awlandsafaris.com"; fast_pattern; nocase; http.uri; content:"/awlandsafaris.com.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//zado-shoes.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"zado-shoes.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//youlovesports.com/backup/skyjumpertrampolinepark_20190301/skyjumpertrampolinepark_20190301.php"; flow:to_server,established; http.header; content:"youlovesports.com"; fast_pattern; nocase; http.uri; content:"/backup/skyjumpertrampolinepark_20190301/skyjumpertrampolinepark_20190301.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//aridient.com/guestregsystem/wp-content/plugins/all-in-one-wp-migration-with-import-master/lib/view/assets/css/css.php"; flow:to_server,established; http.header; content:"aridient.com"; fast_pattern; nocase; http.uri; content:"/guestregsystem/wp-content/plugins/all-in-one-wp-migration-with-import-master/lib/view/assets/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//www.autojaro.sk/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"www.autojaro.sk"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//wynton45.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin.php"; flow:to_server,established; http.header; content:"wynton45.com"; fast_pattern; nocase; http.uri; content:"/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//altcoin-cryptocurrency-trading-platform.what-todo.com/wp-content/plugins/ad-inserter/includes/google-api/vendor/firebase/php-jwt/php-jwt.php"; flow:to_server,established; http.header; content:"altcoin-cryptocurrency-trading-platform.what-todo.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/ad-inserter/includes/google-api/vendor/firebase/php-jwt/php-jwt.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//wanimation.com/app_templates/web/up_codelogin_old/documentation/assets/blueprint-css/plugins/buttons/buttons.php"; flow:to_server,established; http.header; content:"wanimation.com"; fast_pattern; nocase; http.uri; content:"/app_templates/web/up_codelogin_old/documentation/assets/blueprint-css/plugins/buttons/buttons.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//w3qualitytime.com/wp-content/plugins/elementor/app/assets/styles/styles.php"; flow:to_server,established; http.header; content:"w3qualitytime.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/elementor/app/assets/styles/styles.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//mytrucknow.volomoso.com/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.php"; flow:to_server,established; http.header; content:"mytrucknow.volomoso.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//v775136o.beget.tech/wp-admin/images/images.php"; flow:to_server,established; http.header; content:"v775136o.beget.tech"; fast_pattern; nocase; http.uri; content:"/wp-admin/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//ventasdetodoloqueseteocurra.com/wp-content/plugins/advanced-product-search-for-woo/lib/predic-widget/assets/sass/sass.php"; flow:to_server,established; http.header; content:"ventasdetodoloqueseteocurra.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-product-search-for-woo/lib/predic-widget/assets/sass/sass.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//new.usmortgage.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; flow:to_server,established; http.header; content:"new.usmortgage.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//uhappyevents.com/v2_backup/wp-content/plugins/all-in-one-wp-migration/lib/controller/controller.php"; flow:to_server,established; http.header; content:"uhappyevents.com"; fast_pattern; nocase; http.uri; content:"/v2_backup/wp-content/plugins/all-in-one-wp-migration/lib/controller/controller.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//tneacounseling.com/modules/9abb03e812/includes/functions/functions.php"; flow:to_server,established; http.header; content:"tneacounseling.com"; fast_pattern; nocase; http.uri; content:"/modules/9abb03e812/includes/functions/functions.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//thesantacon.com/wp-content/cache/wp-rocket/3d-development.com/santacon/santacon.php"; flow:to_server,established; http.header; content:"thesantacon.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/wp-rocket/3d-development.com/santacon/santacon.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//cafemocha.thehostmandu.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"cafemocha.thehostmandu.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//thegardengasteiz.com/wp-admin/css/colors/ectoplasm/ectoplasm/ectoplasm.php"; flow:to_server,established; http.header; content:"thegardengasteiz.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/ectoplasm/ectoplasm/ectoplasm.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//takartboutique.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/servmask.php"; flow:to_server,established; http.header; content:"takartboutique.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/servmask.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [ParrotTDS,SocGholish] Outgoing URL http|3a|//nctest.syndicatedcapitalgh.com/wp-content/plugins/litespeed-cache/lib/css-min/css-min.php"; flow:to_server,established; http.header; content:"nctest.syndicatedcapitalgh.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/litespeed-cache/lib/css-min/css-min.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//takartboutique.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/servmask.php"; flow:to_server,established; http.header; content:"takartboutique.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/servmask.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//nctest.syndicatedcapitalgh.com/wp-content/plugins/litespeed-cache/lib/css-min/css-min.php"; flow:to_server,established; http.header; content:"nctest.syndicatedcapitalgh.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/litespeed-cache/lib/css-min/css-min.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//cafemocha.thehostmandu.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"cafemocha.thehostmandu.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//thegardengasteiz.com/wp-admin/css/colors/ectoplasm/ectoplasm/ectoplasm.php"; flow:to_server,established; http.header; content:"thegardengasteiz.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/ectoplasm/ectoplasm/ectoplasm.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//tneacounseling.com/modules/9abb03e812/includes/functions/functions.php"; flow:to_server,established; http.header; content:"tneacounseling.com"; fast_pattern; nocase; http.uri; content:"/modules/9abb03e812/includes/functions/functions.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//thesantacon.com/wp-content/cache/wp-rocket/3d-development.com/Santacon/Santacon.php"; flow:to_server,established; http.header; content:"thesantacon.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/wp-rocket/3d-development.com/Santacon/Santacon.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//new.usmortgage.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; flow:to_server,established; http.header; content:"new.usmortgage.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//uhappyevents.com/v2_backup/wp-content/plugins/all-in-one-wp-migration/lib/controller/controller.php"; flow:to_server,established; http.header; content:"uhappyevents.com"; fast_pattern; nocase; http.uri; content:"/v2_backup/wp-content/plugins/all-in-one-wp-migration/lib/controller/controller.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//v775136o.beget.tech/wp-admin/images/images.php"; flow:to_server,established; http.header; content:"v775136o.beget.tech"; fast_pattern; nocase; http.uri; content:"/wp-admin/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//ventasdetodoloqueseteocurra.com/wp-content/plugins/advanced-product-search-for-woo/lib/predic-widget/assets/sass/sass.php"; flow:to_server,established; http.header; content:"ventasdetodoloqueseteocurra.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-product-search-for-woo/lib/predic-widget/assets/sass/sass.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//w3qualitytime.com/wp-content/plugins/elementor/app/assets/styles/styles.php"; flow:to_server,established; http.header; content:"w3qualitytime.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/elementor/app/assets/styles/styles.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//mytrucknow.volomoso.com/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.php"; flow:to_server,established; http.header; content:"mytrucknow.volomoso.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//altcoin-cryptocurrency-trading-platform.what-todo.com/wp-content/plugins/ad-inserter/includes/google-api/vendor/firebase/php-jwt/php-jwt.php"; flow:to_server,established; http.header; content:"altcoin-cryptocurrency-trading-platform.what-todo.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/ad-inserter/includes/google-api/vendor/firebase/php-jwt/php-jwt.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//wanimation.com/APP_Templates/WEB/UP_CodeLogin_OLD/Documentation/assets/blueprint-css/plugins/buttons/buttons.php"; flow:to_server,established; http.header; content:"wanimation.com"; fast_pattern; nocase; http.uri; content:"/APP_Templates/WEB/UP_CodeLogin_OLD/Documentation/assets/blueprint-css/plugins/buttons/buttons.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.autojaro.sk/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"www.autojaro.sk"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//wynton45.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin.php"; flow:to_server,established; http.header; content:"wynton45.com"; fast_pattern; nocase; http.uri; content:"/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//youlovesports.com/Backup/SkyjumperTrampolinePark_20190301/SkyjumperTrampolinePark_20190301.php"; flow:to_server,established; http.header; content:"youlovesports.com"; fast_pattern; nocase; http.uri; content:"/Backup/SkyjumperTrampolinePark_20190301/SkyjumperTrampolinePark_20190301.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//aridient.com/GuestRegSystem/wp-content/plugins/All-In-One-WP-Migration-With-Import-master/lib/view/assets/css/css.php"; flow:to_server,established; http.header; content:"aridient.com"; fast_pattern; nocase; http.uri; content:"/GuestRegSystem/wp-content/plugins/All-In-One-WP-Migration-With-Import-master/lib/view/assets/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//awlandsafaris.com/awlandsafaris.com.php"; flow:to_server,established; http.header; content:"awlandsafaris.com"; fast_pattern; nocase; http.uri; content:"/awlandsafaris.com.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//zado-shoes.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"zado-shoes.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//staging.secuodsoft.com/bulksmspull/assets/plugins/datatables-fixedheader/css/css.php"; flow:to_server,established; http.header; content:"staging.secuodsoft.com"; fast_pattern; nocase; http.uri; content:"/bulksmspull/assets/plugins/datatables-fixedheader/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//lms.tonalismo.com/wp-content/languages/plugins/plugins.php"; flow:to_server,established; http.header; content:"lms.tonalismo.com"; fast_pattern; nocase; http.uri; content:"/wp-content/languages/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//student.simplelifestrategies.com/wp-content/plugins/affiliate-wp/includes/admin/payouts/payouts.js"; flow:to_server,established; http.header; content:"student.simplelifestrategies.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/affiliate-wp/includes/admin/payouts/payouts.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.darskhososy.com/wordpress/wp-content/themes/twentyfifteen/genericons/genericons/genericons.php"; flow:to_server,established; http.header; content:"www.darskhososy.com"; fast_pattern; nocase; http.uri; content:"/wordpress/wp-content/themes/twentyfifteen/genericons/genericons/genericons.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//noticiaseh.com.ar/wp-content/plugins/amp/assets/images/reader-themes/reader-themes.php"; flow:to_server,established; http.header; content:"noticiaseh.com.ar"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/amp/assets/images/reader-themes/reader-themes.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//netzheft.frnrw.de/netzheft/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"netzheft.frnrw.de"; fast_pattern; nocase; http.uri; content:"/netzheft/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//employee1.1ummah.org.au/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; flow:to_server,established; http.header; content:"employee1.1ummah.org.au"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//staging.aspectuw.com.au/wp-content/plugins/advanced-custom-fields-pro-master/assets/js/js.php"; flow:to_server,established; http.header; content:"staging.aspectuw.com.au"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro-master/assets/js/js.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.yourchoiceplumbers.com.au/bakup4_21_2021/wp-content/cache/page_enhanced/www.yourchoiceplumbers.com.au/2017/06/06.php"; flow:to_server,established; http.header; content:"www.yourchoiceplumbers.com.au"; fast_pattern; nocase; http.uri; content:"/bakup4_21_2021/wp-content/cache/page_enhanced/www.yourchoiceplumbers.com.au/2017/06/06.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//assuredtreecare.com.au/wp-content/plugins/cf7-conditional-fields/jsdoc-out/scripts/prettify/prettify.php"; flow:to_server,established; http.header; content:"assuredtreecare.com.au"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/cf7-conditional-fields/jsdoc-out/scripts/prettify/prettify.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//dreclass.com/cache/cache.php"; flow:to_server,established; http.header; content:"dreclass.com"; fast_pattern; nocase; http.uri; content:"/cache/cache.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.noels.be/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"www.noels.be"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//tcmtecnologia.com/wp-content/plugins/Plugin_ePayco_WooCommerce/includes/admin/admin.php"; flow:to_server,established; http.header; content:"tcmtecnologia.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/Plugin_ePayco_WooCommerce/includes/admin/admin.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//nimbroeducation.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"nimbroeducation.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//dev.edades-west.make.technology/app/mu-plugins/acf-medium-editor-field/assets/vendor/medium-editor/css/themes/themes.php"; flow:to_server,established; http.header; content:"dev.edades-west.make.technology"; fast_pattern; nocase; http.uri; content:"/app/mu-plugins/acf-medium-editor-field/assets/vendor/medium-editor/css/themes/themes.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//formulario1.frontec.cl/well-known/acme-challenge/a/a/a/a/a.php"; flow:to_server,established; http.header; content:"formulario1.frontec.cl"; fast_pattern; nocase; http.uri; content:"/well-known/acme-challenge/a/a/a/a/a.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//druck.7uptheme.net/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"druck.7uptheme.net"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//jac.b-a.group/old/wp-content/plugins/contact-form-7/includes/js/jquery-ui/jquery-ui.php"; flow:to_server,established; http.header; content:"jac.b-a.group"; fast_pattern; nocase; http.uri; content:"/old/wp-content/plugins/contact-form-7/includes/js/jquery-ui/jquery-ui.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//vselectrics.gr/wp-content/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-and-firewall.php"; flow:to_server,established; http.header; content:"vselectrics.gr"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-and-firewall.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//nidaagroup.net/iraq/wp-content/plugins/accesspress-social-counter/inc/backend/boards/boards.php"; flow:to_server,established; http.header; content:"nidaagroup.net"; fast_pattern; nocase; http.uri; content:"/iraq/wp-content/plugins/accesspress-social-counter/inc/backend/boards/boards.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//drsohrabi.net/ar/wp-content/plugins/dopts/libraries/gui/images/colorpicker/colorpicker.js"; flow:to_server,established; http.header; content:"drsohrabi.net"; fast_pattern; nocase; http.uri; content:"/ar/wp-content/plugins/dopts/libraries/gui/images/colorpicker/colorpicker.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//car.hapeye.net/wp-content/plugins/code-snippets/css/min/editor-themes/editor-themes.php"; flow:to_server,established; http.header; content:"car.hapeye.net"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/code-snippets/css/min/editor-themes/editor-themes.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//new.mullicatownship.org/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"new.mullicatownship.org"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//danieltravels.net/wp-content/newfold-page-cache/unpicturesquely9lbcy/2f56bactos463103/2f56bactos463103.php"; flow:to_server,established; http.header; content:"danieltravels.net"; fast_pattern; nocase; http.uri; content:"/wp-content/newfold-page-cache/unpicturesquely9lbcy/2f56bactos463103/2f56bactos463103.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//lawconsult.pe/wp-content/languages/plugins/plugins.php"; flow:to_server,established; http.header; content:"lawconsult.pe"; fast_pattern; nocase; http.uri; content:"/wp-content/languages/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//bellejamaica.com/wp-content/endurance-page-cache/2022/01/138-student-living-uwi-agree-new-concession-terms-business/138-student-living-uwi-agree-new-concession-terms-business.php"; flow:to_server,established; http.header; content:"bellejamaica.com"; fast_pattern; nocase; http.uri; content:"/wp-content/endurance-page-cache/2022/01/138-student-living-uwi-agree-new-concession-terms-business/138-student-living-uwi-agree-new-concession-terms-business.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.fbstapes.ru/wp-content/themes/twentyseventeen/assets/fonts/libre-franklin/libre-franklin.js"; flow:to_server,established; http.header; content:"www.fbstapes.ru"; fast_pattern; nocase; http.uri; content:"/wp-content/themes/twentyseventeen/assets/fonts/libre-franklin/libre-franklin.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//serwis-impacto.pl/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"serwis-impacto.pl"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//crossco.semseo3.beget.tech/wp-content/plugins/contact-form-7/includes/js/jquery-ui/jquery-ui.php"; flow:to_server,established; http.header; content:"crossco.semseo3.beget.tech"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/contact-form-7/includes/js/jquery-ui/jquery-ui.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//idt.builderallwppro.com/wp-content/plugins/builderall-cheetah-for-wp/extensions/ba-cheetah-cache-helper/classes/classes.php"; flow:to_server,established; http.header; content:"idt.builderallwppro.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/builderall-cheetah-for-wp/extensions/ba-cheetah-cache-helper/classes/classes.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//demo3.itaoda.com/wp-content/plugins/advanced-custom-fields-pro/assets/images/field-states/field-states.php"; flow:to_server,established; http.header; content:"demo3.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/images/field-states/field-states.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//demo31.itaoda.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"demo31.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//demo56.itaoda.com/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; flow:to_server,established; http.header; content:"demo56.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//demo21.itaoda.com/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; flow:to_server,established; http.header; content:"demo21.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//demo40.itaoda.com/wp-content/plugins/adminify-pro/Inc/Modules/AdminColumns/assets/css/css.php"; flow:to_server,established; http.header; content:"demo40.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/adminify-pro/Inc/Modules/AdminColumns/assets/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//demo5.itaoda.com/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; flow:to_server,established; http.header; content:"demo5.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//demo1.itaoda.com/wp-content/plugins/astra-addon/addons/advanced-headers/assets/js/minified/minified.php"; flow:to_server,established; http.header; content:"demo1.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/astra-addon/addons/advanced-headers/assets/js/minified/minified.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//test.bigbeautifulbuys.com/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; flow:to_server,established; http.header; content:"test.bigbeautifulbuys.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//demo46.itaoda.com/wp-content/plugins/adminify-pro/Inc/Modules/AdminColumns/assets/assets.php"; flow:to_server,established; http.header; content:"demo46.itaoda.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/adminify-pro/Inc/Modules/AdminColumns/assets/assets.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//progeturepublica.net/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"progeturepublica.net"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//sakarealestate.co.uk/wp-content/cache/object/042/9f1/9f1.php"; flow:to_server,established; http.header; content:"sakarealestate.co.uk"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/object/042/9f1/9f1.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//regaloscaos.es.ht/wp-content/plugins/wp-statistics/assets/dev/sass/component/placeholder/placeholder.php"; flow:to_server,established; http.header; content:"regaloscaos.es.ht"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/wp-statistics/assets/dev/sass/component/placeholder/placeholder.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//tsc.signalovernoise.co.uk/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.php"; flow:to_server,established; http.header; content:"tsc.signalovernoise.co.uk"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//florquedafulgor.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"florquedafulgor.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//alyamama78.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.js"; flow:to_server,established; http.header; content:"alyamama78.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//bhawpals.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/css/css.js"; flow:to_server,established; http.header; content:"bhawpals.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/css/css.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//moveterramogi.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"moveterramogi.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//merelio.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"merelio.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//computerteknik.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"computerteknik.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//latinate-matters.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"latinate-matters.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//ygbrandmaker.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"ygbrandmaker.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//ybc77.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"ybc77.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//aclarilari.com/baystate/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/fonts/fonts.php"; flow:to_server,established; http.header; content:"aclarilari.com"; fast_pattern; nocase; http.uri; content:"/baystate/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/fonts/fonts.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//medisur-rgl.com.ar/wp-admin/wp-admin.php"; flow:to_server,established; http.header; content:"medisur-rgl.com.ar"; fast_pattern; nocase; http.uri; content:"/wp-admin/wp-admin.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.ccfg-conakry.org/IMG/distant/jpg/jpg.php"; flow:to_server,established; http.header; content:"www.ccfg-conakry.org"; fast_pattern; nocase; http.uri; content:"/IMG/distant/jpg/jpg.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//szerviz.microstore.hu/core/languages/plugins/plugins.php"; flow:to_server,established; http.header; content:"szerviz.microstore.hu"; fast_pattern; nocase; http.uri; content:"/core/languages/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//store.powermatic.co.th/wp-includes/SimplePie/XML/Declaration/Declaration.php"; flow:to_server,established; http.header; content:"store.powermatic.co.th"; fast_pattern; nocase; http.uri; content:"/wp-includes/SimplePie/XML/Declaration/Declaration.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//annybrenn.com/wp-content/plugins/ajax-search-lite/backend/settings/assets/icons/icons.php"; flow:to_server,established; http.header; content:"annybrenn.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/ajax-search-lite/backend/settings/assets/icons/icons.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//rashidaljabrigroup.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"rashidaljabrigroup.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//shrachirealty.com/wp-admin/css/css.php"; flow:to_server,established; http.header; content:"shrachirealty.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//emvision.com.my/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; flow:to_server,established; http.header; content:"emvision.com.my"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//track.dioslogistics.com/wp-content/cache/page_enhanced/track.dioslogistics.com/category/uncategorized/uncategorized.php"; flow:to_server,established; http.header; content:"track.dioslogistics.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/page_enhanced/track.dioslogistics.com/category/uncategorized/uncategorized.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//roughdiamond.jp/wp/wp-content/themes/twentytwenty/assets/images/images.php"; flow:to_server,established; http.header; content:"roughdiamond.jp"; fast_pattern; nocase; http.uri; content:"/wp/wp-content/themes/twentytwenty/assets/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//xbaseweb.com/wp-content/languages/languages.php"; flow:to_server,established; http.header; content:"xbaseweb.com"; fast_pattern; nocase; http.uri; content:"/wp-content/languages/languages.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//femza.org.ar/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.js"; flow:to_server,established; http.header; content:"femza.org.ar"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.7-dots.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.php"; flow:to_server,established; http.header; content:"www.7-dots.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//relacion.traxxcp.com.au/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"relacion.traxxcp.com.au"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//pharmahome.ae/wp-content/cache/supercache/pharmahome.ae/ar/comments/feed/feed.php"; flow:to_server,established; http.header; content:"pharmahome.ae"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/supercache/pharmahome.ae/ar/comments/feed/feed.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//matesonthemove.org/wp-content/plugins/bluehost-wordpress-plugin/vendor/doctrine/inflector/lib/Doctrine/Common/Common.php"; flow:to_server,established; http.header; content:"matesonthemove.org"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/bluehost-wordpress-plugin/vendor/doctrine/inflector/lib/Doctrine/Common/Common.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//ssl.news/wp-content/plugins/blog-manager-wp/assets/images/arrow/arrow.php"; flow:to_server,established; http.header; content:"ssl.news"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/blog-manager-wp/assets/images/arrow/arrow.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//interplast.com/wp-content/plugins/Ebor-Framework-master/metaboxes/css/sass/partials/partials.php"; flow:to_server,established; http.header; content:"interplast.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/Ebor-Framework-master/metaboxes/css/sass/partials/partials.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//english.cabrerallamas.com/wp-content/cache/object/037/b5a/b5a.js"; flow:to_server,established; http.header; content:"english.cabrerallamas.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/object/037/b5a/b5a.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//wheelsonthedanforth.ca/wp-content/endurance-page-cache/category/uncategorized/uncategorized.php"; flow:to_server,established; http.header; content:"wheelsonthedanforth.ca"; fast_pattern; nocase; http.uri; content:"/wp-content/endurance-page-cache/category/uncategorized/uncategorized.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//balangabriel.com/wp-content/plugins/advanced-custom-fields-pro/assets/css/css.php"; flow:to_server,established; http.header; content:"balangabriel.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//sanicorpec.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"sanicorpec.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.comunidadfit.com/wp-content/plugins/bodycenter-extra/lib/scssphp/compass/stylesheets/compass/utilities/color/color.php"; flow:to_server,established; http.header; content:"www.comunidadfit.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/bodycenter-extra/lib/scssphp/compass/stylesheets/compass/utilities/color/color.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//bp8k4k.serveravatartmp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"bp8k4k.serveravatartmp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//cvts.rut.digital/wp-content/plugins/classic-editor/classic-editor.js"; flow:to_server,established; http.header; content:"cvts.rut.digital"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/classic-editor/classic-editor.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//giraganaceuti.compradondevives.es/wp-content/plugins/duplicator-pro/assets/css/images/images.php"; flow:to_server,established; http.header; content:"giraganaceuti.compradondevives.es"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/duplicator-pro/assets/css/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//mercadochubut.gob.ar/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; flow:to_server,established; http.header; content:"mercadochubut.gob.ar"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//appercity.com/wp-content/plugins/advanced-iframe/css/css.php"; flow:to_server,established; http.header; content:"appercity.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-iframe/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//e-tirechains.com/wp-content/plugins/all-in-one-seo-pack/app/Common/Api/Integrations/Integrations.php"; flow:to_server,established; http.header; content:"e-tirechains.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/Common/Api/Integrations/Integrations.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//mobile.wisechoicesupplements.ph/wp-content/cache/object/010/449/449.php"; flow:to_server,established; http.header; content:"mobile.wisechoicesupplements.ph"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/object/010/449/449.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.jrun.com.hk/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/images/images.js"; flow:to_server,established; http.header; content:"www.jrun.com.hk"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/images/images.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//blog.learningpie.in/test/wordpress/wp-content/themes/twentynineteen/template-parts/content/content.js"; flow:to_server,established; http.header; content:"blog.learningpie.in"; fast_pattern; nocase; http.uri; content:"/test/wordpress/wp-content/themes/twentynineteen/template-parts/content/content.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//1storiginal.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"1storiginal.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//inno.obec.go.th/1tambon1school/schsurvey/core/core.php"; flow:to_server,established; http.header; content:"inno.obec.go.th"; fast_pattern; nocase; http.uri; content:"/1tambon1school/schsurvey/core/core.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.bericht.es/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"www.bericht.es"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//iscrizione.handmadecampania.it/wp-content/plugins/coming-soon/languages/languages.php"; flow:to_server,established; http.header; content:"iscrizione.handmadecampania.it"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/coming-soon/languages/languages.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//archiwummuzeumziemizbaszynskiej.zck.org.pl/wp-content/plugins/burst-statistics/assets/css/admin/modules/dashboard/dashboard.php"; flow:to_server,established; http.header; content:"archiwummuzeumziemizbaszynskiej.zck.org.pl"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/burst-statistics/assets/css/admin/modules/dashboard/dashboard.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//lisbonvinylcutters.com/__MACOSX/img/portfolio/fullsize/fullsize.php"; flow:to_server,established; http.header; content:"lisbonvinylcutters.com"; fast_pattern; nocase; http.uri; content:"/__MACOSX/img/portfolio/fullsize/fullsize.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//job-test.ifrigate.ru/wp-content/plugins/all-in-one-seo-pack/app/Common/Api/Integrations/Integrations.php"; flow:to_server,established; http.header; content:"job-test.ifrigate.ru"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/Common/Api/Integrations/Integrations.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//noonanwaste.com/wp-content/plugins/admin-menu-editor/modules/access-editor/access-editor.php"; flow:to_server,established; http.header; content:"noonanwaste.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/admin-menu-editor/modules/access-editor/access-editor.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//abrito.wecreateyou.pt/wp-content/plugins/advanced-custom-fields/assets/inc/datepicker/images/images.php"; flow:to_server,established; http.header; content:"abrito.wecreateyou.pt"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/inc/datepicker/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//legrainparis.fr/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"legrainparis.fr"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//teamvedika.com/admin/counter/change_images/logo/logo.php"; flow:to_server,established; http.header; content:"teamvedika.com"; fast_pattern; nocase; http.uri; content:"/admin/counter/change_images/logo/logo.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//cactusgroupwebtest.com/demos/1stbeauty/wp-content/plugins/better-search-replace/assets/img/img.php"; flow:to_server,established; http.header; content:"cactusgroupwebtest.com"; fast_pattern; nocase; http.uri; content:"/demos/1stbeauty/wp-content/plugins/better-search-replace/assets/img/img.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//a-onevacuums.com/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; flow:to_server,established; http.header; content:"a-onevacuums.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/smoothness.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//hlcelms-new.herminahospitals.com/admin/tool/availabilityconditions/tests/behat/behat.php"; flow:to_server,established; http.header; content:"hlcelms-new.herminahospitals.com"; fast_pattern; nocase; http.uri; content:"/admin/tool/availabilityconditions/tests/behat/behat.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//insureafrica.co.za/wp-content/plugins/astra-sites/inc/classes/compatibility/astra-pro/astra-pro.php"; flow:to_server,established; http.header; content:"insureafrica.co.za"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/astra-sites/inc/classes/compatibility/astra-pro/astra-pro.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//ec2-175-41-161-53.ap-southeast-1.compute.amazonaws.com/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; flow:to_server,established; http.header; content:"ec2-175-41-161-53.ap-southeast-1.compute.amazonaws.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/assets/inc/timepicker/timepicker.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//cxosnextgen.com/demo/wp-content/plugins/elementor/assets/images/app/site-editor/site-editor.php"; flow:to_server,established; http.header; content:"cxosnextgen.com"; fast_pattern; nocase; http.uri; content:"/demo/wp-content/plugins/elementor/assets/images/app/site-editor/site-editor.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//dental.simptomi.rs/wp-content/endurance-page-cache/endurance-page-cache.php"; flow:to_server,established; http.header; content:"dental.simptomi.rs"; fast_pattern; nocase; http.uri; content:"/wp-content/endurance-page-cache/endurance-page-cache.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//garage.the-namers.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"garage.the-namers.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//sosiologi.fisip.unpad.ac.id/wp-content/plugins/elementor/app/modules/kit-library/data/kits/endpoints/endpoints.php"; flow:to_server,established; http.header; content:"sosiologi.fisip.unpad.ac.id"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/elementor/app/modules/kit-library/data/kits/endpoints/endpoints.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//uat.zeroowatch.com/wp-content/cache/min/1/wp-content/plugins/social-feed-widgets-for-elementor-using-smash-balloon/assets/css/css.php"; flow:to_server,established; http.header; content:"uat.zeroowatch.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/min/1/wp-content/plugins/social-feed-widgets-for-elementor-using-smash-balloon/assets/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//jkagri.com/financials/Unaud30092007_files/sheet001_files/sheet001_files.php"; flow:to_server,established; http.header; content:"jkagri.com"; fast_pattern; nocase; http.uri; content:"/financials/Unaud30092007_files/sheet001_files/sheet001_files.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//proxyknow.com/phpmyadmin/js/vendor/jqplot/plugins/plugins.php"; flow:to_server,established; http.header; content:"proxyknow.com"; fast_pattern; nocase; http.uri; content:"/phpmyadmin/js/vendor/jqplot/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.xinyizhou0310.com/well-known/acme-challenge/a/a/b/a/a.php"; flow:to_server,established; http.header; content:"www.xinyizhou0310.com"; fast_pattern; nocase; http.uri; content:"/well-known/acme-challenge/a/a/b/a/a.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//ade.tw/wordpress/wp-content/plugins/LayerSlider/static/codemirror/codemirror.php"; flow:to_server,established; http.header; content:"ade.tw"; fast_pattern; nocase; http.uri; content:"/wordpress/wp-content/plugins/LayerSlider/static/codemirror/codemirror.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//plazanorte.pe/wp-content/wp-content.php"; flow:to_server,established; http.header; content:"plazanorte.pe"; fast_pattern; nocase; http.uri; content:"/wp-content/wp-content.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//rossanalabs.com/wp/wp-content/plugins/attachments/deprecated/css/css.php"; flow:to_server,established; http.header; content:"rossanalabs.com"; fast_pattern; nocase; http.uri; content:"/wp/wp-content/plugins/attachments/deprecated/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//anfal.com.pk/wp-content/plugins/_ithemes-security-pro/core/lib/lockout/execute-lock/execute-lock.php"; flow:to_server,established; http.header; content:"anfal.com.pk"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/_ithemes-security-pro/core/lib/lockout/execute-lock/execute-lock.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//blog.qrstaff.in/wp-content/plugins/all-in-one-seo-pack/app/Common/Schema/Graphs/Traits/Traits.php"; flow:to_server,established; http.header; content:"blog.qrstaff.in"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/Common/Schema/Graphs/Traits/Traits.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//hamza738.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"hamza738.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//trialstaging.trialrun.us/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"trialstaging.trialrun.us"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//go4clinic.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"go4clinic.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//savemuch.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"savemuch.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//firdesktop.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"firdesktop.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//congregacionkoinonia.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.js"; flow:to_server,established; http.header; content:"congregacionkoinonia.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//jenniferhallasi652005.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; flow:to_server,established; http.header; content:"jenniferhallasi652005.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/lib.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//gtaonlinestore.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"gtaonlinestore.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//0777arsy.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"0777arsy.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//cartwheels.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"cartwheels.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//battological-envelo.000webhostapp.com/wp-content/plugins/all-in-one-seo-pack/app/Common/SearchStatistics/SearchStatistics.js"; flow:to_server,established; http.header; content:"battological-envelo.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/Common/SearchStatistics/SearchStatistics.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//lonuestrogsm.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/img/whats-new/whats-new.js"; flow:to_server,established; http.header; content:"lonuestrogsm.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/img/whats-new/whats-new.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//paperbound-bulk.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.js"; flow:to_server,established; http.header; content:"paperbound-bulk.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//swedenborgian-gangw.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.js"; flow:to_server,established; http.header; content:"swedenborgian-gangw.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions/Exceptions.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//coccal-pocket.000webhostapp.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; flow:to_server,established; http.header; content:"coccal-pocket.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.asterism.co.nz/wp-admin/css/colors/modern/modern/modern/modern/modern/modern.php"; flow:to_server,established; http.header; content:"www.asterism.co.nz"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/modern/modern/modern/modern/modern/modern.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//nikesoccerbootoutletol.com/wp-content/plugins/all-in-one-seo-pack/app/Common/Integrations/Integrations.php"; flow:to_server,established; http.header; content:"nikesoccerbootoutletol.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/Common/Integrations/Integrations.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//wp.korinek.link/wp-content/languages/plugins/plugins.php"; flow:to_server,established; http.header; content:"wp.korinek.link"; fast_pattern; nocase; http.uri; content:"/wp-content/languages/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.chequeado.com/2015inreview/especial2015/images/prettyPhoto/dark_rounded/dark_rounded.js"; flow:to_server,established; http.header; content:"www.chequeado.com"; fast_pattern; nocase; http.uri; content:"/2015inreview/especial2015/images/prettyPhoto/dark_rounded/dark_rounded.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//version.urban-truth.com/storage/framework/cache/cache.php"; flow:to_server,established; http.header; content:"version.urban-truth.com"; fast_pattern; nocase; http.uri; content:"/storage/framework/cache/cache.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.kwik.tn/SPERO/vendor/automattic/woocommerce/tests/WooCommerce/Tests/Tests.php"; flow:to_server,established; http.header; content:"www.kwik.tn"; fast_pattern; nocase; http.uri; content:"/SPERO/vendor/automattic/woocommerce/tests/WooCommerce/Tests/Tests.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//jaimefoxmusic.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"jaimefoxmusic.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//clanped2025.com.br/wp-content/plugins/advanced-custom-fields-pro/pro/admin/views/views.php"; flow:to_server,established; http.header; content:"clanped2025.com.br"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields-pro/pro/admin/views/views.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//boomndeal.com/wp-content/plugins/all-in-one-seo-pack/app/Common/Schema/Graphs/Graphs.php"; flow:to_server,established; http.header; content:"boomndeal.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/Common/Schema/Graphs/Graphs.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//bmn-es.com/wp-content/plugins/advanced-custom-fields/assets/inc/color-picker-alpha/color-picker-alpha.php"; flow:to_server,established; http.header; content:"bmn-es.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/inc/color-picker-alpha/color-picker-alpha.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 39.99.63.187 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//39.99.63.187/wp-includes/SimplePie/Content/Type/Type.php"; flow:to_server,established; http.header; content:"39.99.63.187"; fast_pattern; nocase; http.uri; content:"/wp-includes/SimplePie/Content/Type/Type.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//shgl.chao1227.com/wp-content/languages/plugins/plugins.php"; flow:to_server,established; http.header; content:"shgl.chao1227.com"; fast_pattern; nocase; http.uri; content:"/wp-content/languages/plugins/plugins.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//erolsalcan.com/wp-content/cache/wp-rocket/erolsalcan.com/bilgilendirme-tesekkuru/bilgilendirme-tesekkuru.php"; flow:to_server,established; http.header; content:"erolsalcan.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/wp-rocket/erolsalcan.com/bilgilendirme-tesekkuru/bilgilendirme-tesekkuru.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//devsite.scarlettslandscaping.com/wp-includes/SimplePie/Decode/HTML/HTML.php"; flow:to_server,established; http.header; content:"devsite.scarlettslandscaping.com"; fast_pattern; nocase; http.uri; content:"/wp-includes/SimplePie/Decode/HTML/HTML.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//elparian.com.mx/Paginaviejita/fancybox/recursos/nova-multipurpose-site-template/nova/images/sample/sample.php"; flow:to_server,established; http.header; content:"elparian.com.mx"; fast_pattern; nocase; http.uri; content:"/Paginaviejita/fancybox/recursos/nova-multipurpose-site-template/nova/images/sample/sample.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//mehryar.mazyar.org/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"mehryar.mazyar.org"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//api.algoyab.com/wp-content/plugins/admin-menu-editor/modules/access-editor/access-editor.php"; flow:to_server,established; http.header; content:"api.algoyab.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/admin-menu-editor/modules/access-editor/access-editor.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//topsportsteams.com/prod_link/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"topsportsteams.com"; fast_pattern; nocase; http.uri; content:"/prod_link/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//fixituae.com/FGS/vendor/bmwfont/specimen_files/specimen_files.php"; flow:to_server,established; http.header; content:"fixituae.com"; fast_pattern; nocase; http.uri; content:"/FGS/vendor/bmwfont/specimen_files/specimen_files.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//stage.idandigitali.co.il/wp-content/plugins/advanced-custom-fields/assets/build/css/css.php"; flow:to_server,established; http.header; content:"stage.idandigitali.co.il"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/build/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//cruxbd.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"cruxbd.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 139.99.50.175 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//139.99.50.175/configOFR/configOFR.php"; flow:to_server,established; http.header; content:"139.99.50.175"; fast_pattern; nocase; http.uri; content:"/configOFR/configOFR.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.atouchoflovechildrenscenter.com/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; flow:to_server,established; http.header; content:"www.atouchoflovechildrenscenter.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver/archiver.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37270991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//chatsky.club/sky/wp-content/plugins/apollo13-framework-extensions/design_importer/a13-wordpress-importer/a13-wordpress-importer.php"; flow:to_server,established; http.header; content:"chatsky.club"; fast_pattern; nocase; http.uri; content:"/sky/wp-content/plugins/apollo13-framework-extensions/design_importer/a13-wordpress-importer/a13-wordpress-importer.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//projects.njgraphica.com/Aroma/dark/assets/plugins/datatable/css/css.js"; flow:to_server,established; http.header; content:"projects.njgraphica.com"; fast_pattern; nocase; http.uri; content:"/Aroma/dark/assets/plugins/datatable/css/css.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//versitaopen.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"versitaopen.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//dsefaywhq.preview.infomaniak.website/wp-content/plugins/LayerSlider/assets/static/admin/img/slider/slider.php"; flow:to_server,established; http.header; content:"dsefaywhq.preview.infomaniak.website"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/LayerSlider/assets/static/admin/img/slider/slider.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 3.110.136.110 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//3.110.136.110/wp-content/plugins/all-in-one-seo-pack/app/Common/Schema/Graphs/Graphs.php"; flow:to_server,established; http.header; content:"3.110.136.110"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-seo-pack/app/Common/Schema/Graphs/Graphs.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//shop.ggarabia.com/wp-content/plugins/acf-quickedit-fields/include/ACFQuickEdit/ACFQuickEdit.php"; flow:to_server,established; http.header; content:"shop.ggarabia.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/acf-quickedit-fields/include/ACFQuickEdit/ACFQuickEdit.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.indian-designs.com/wp-content/plugins/backup/all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/RankMath.js"; flow:to_server,established; http.header; content:"www.indian-designs.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/backup/all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/RankMath.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//wholesaletoys.pk/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"wholesaletoys.pk"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//juliem-ladeco.fr/wp-content/plugins/ag-custom-admin/images/images.php"; flow:to_server,established; http.header; content:"juliem-ladeco.fr"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/ag-custom-admin/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//burialinsurancepro.org/wp-includes/SimplePie/Content/Type/Type.php"; flow:to_server,established; http.header; content:"burialinsurancepro.org"; fast_pattern; nocase; http.uri; content:"/wp-includes/SimplePie/Content/Type/Type.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//vidhionline.com/player-api-master/actionscript/deploy/assets/assets.php"; flow:to_server,established; http.header; content:"vidhionline.com"; fast_pattern; nocase; http.uri; content:"/player-api-master/actionscript/deploy/assets/assets.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.easisell.com/wp-content/cache/page_enhanced/www.easisell.com/best-way-to-use-colour-wheel-for-website-design-2/best-way-to-use-colour-wheel-for-website-design-2.php"; flow:to_server,established; http.header; content:"www.easisell.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/page_enhanced/www.easisell.com/best-way-to-use-colour-wheel-for-website-design-2/best-way-to-use-colour-wheel-for-website-design-2.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//digitalepartner.com/Impresistem/GuzzleHttp/Adapter/Curl/Curl.php"; flow:to_server,established; http.header; content:"digitalepartner.com"; fast_pattern; nocase; http.uri; content:"/Impresistem/GuzzleHttp/Adapter/Curl/Curl.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//skincare.7uptheme.net/wp-includes/SimplePie/Content/Type/Type.js"; flow:to_server,established; http.header; content:"skincare.7uptheme.net"; fast_pattern; nocase; http.uri; content:"/wp-includes/SimplePie/Content/Type/Type.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//handy.7uptheme.net/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"handy.7uptheme.net"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.cronoscapitalpartners.it/wp-content/cache/page_enhanced/www.cronoscapitalpartners.it/www.cronoscapitalpartners.it.php"; flow:to_server,established; http.header; content:"www.cronoscapitalpartners.it"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/page_enhanced/www.cronoscapitalpartners.it/www.cronoscapitalpartners.it.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//iserveindia.com/wp-content/plugins/advanced-custom-fields/assets/inc/datepicker/images/images.php"; flow:to_server,established; http.header; content:"iserveindia.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/advanced-custom-fields/assets/inc/datepicker/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//petdelicia.com.br/assinatura/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"petdelicia.com.br"; fast_pattern; nocase; http.uri; content:"/assinatura/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//eliteelevators.in/home-elevators/images/authors/authors.php"; flow:to_server,established; http.header; content:"eliteelevators.in"; fast_pattern; nocase; http.uri; content:"/home-elevators/images/authors/authors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//brown1.ezmartech.com/backups/wp-content/plugins/acf-extended/includes/admin/views/views.php"; flow:to_server,established; http.header; content:"brown1.ezmartech.com"; fast_pattern; nocase; http.uri; content:"/backups/wp-content/plugins/acf-extended/includes/admin/views/views.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//skillhut.com/naacmodules/jquery-ui-1.12.1.custom/images/images.php"; flow:to_server,established; http.header; content:"skillhut.com"; fast_pattern; nocase; http.uri; content:"/naacmodules/jquery-ui-1.12.1.custom/images/images.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//psiewdr.org/Atlas/mobile/javascript/javascript.php"; flow:to_server,established; http.header; content:"psiewdr.org"; fast_pattern; nocase; http.uri; content:"/Atlas/mobile/javascript/javascript.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//iustore.7uptheme.net/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"iustore.7uptheme.net"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//haustiere.7uptheme.net/wp-admin/css/colors/colors.php"; flow:to_server,established; http.header; content:"haustiere.7uptheme.net"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/colors.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//futxtrm.com/backup29112022/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"futxtrm.com"; fast_pattern; nocase; http.uri; content:"/backup29112022/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.nseituat.com/nseit/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.js"; flow:to_server,established; http.header; content:"www.nseituat.com"; fast_pattern; nocase; http.uri; content:"/nseit/wp-content/plugins/advanced-custom-fields/assets/images/field-states/field-states.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//mmoseronelink.com/360/sap/SAP_3data/cafe_2_105/html5/html5.php"; flow:to_server,established; http.header; content:"mmoseronelink.com"; fast_pattern; nocase; http.uri; content:"/360/sap/SAP_3data/cafe_2_105/html5/html5.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//idiomas2.8belts.com/wordpress/wp-content/cache/db/singletables/3e7/d91/d91.php"; flow:to_server,established; http.header; content:"idiomas2.8belts.com"; fast_pattern; nocase; http.uri; content:"/wordpress/wp-content/cache/db/singletables/3e7/d91/d91.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.scatolificiosantanna.it/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"www.scatolificiosantanna.it"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//libarts.pnu.ac.th/wp-content/cache/libarts.pnu.ac.th/all/1649/feed/feed.js"; flow:to_server,established; http.header; content:"libarts.pnu.ac.th"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/libarts.pnu.ac.th/all/1649/feed/feed.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.buildingblocksacademy.net/wp-content/cache/min/1/wp-content/plugins/pressapps-login-access/includes/skelet/assets/assets.php"; flow:to_server,established; http.header; content:"www.buildingblocksacademy.net"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/min/1/wp-content/plugins/pressapps-login-access/includes/skelet/assets/assets.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.buildingblocksacademyalvin.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"www.buildingblocksacademyalvin.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//neicweb.com/jspdf/docs/scripts/prettify/prettify.php"; flow:to_server,established; http.header; content:"neicweb.com"; fast_pattern; nocase; http.uri; content:"/jspdf/docs/scripts/prettify/prettify.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//cc.fenxiang.xyz/wp-content/plugins/page-scroll-to-id/includes/blocks/blocks.php"; flow:to_server,established; http.header; content:"cc.fenxiang.xyz"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/page-scroll-to-id/includes/blocks/blocks.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//ajustsolutions.com/wp-content/cache/min/1/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-contact-form-7.php"; flow:to_server,established; http.header; content:"ajustsolutions.com"; fast_pattern; nocase; http.uri; content:"/wp-content/cache/min/1/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-contact-form-7.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//conectadosradio.com/wp-content/plugins/creame-whatsapp-me/public/css/css.php"; flow:to_server,established; http.header; content:"conectadosradio.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/creame-whatsapp-me/public/css/css.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//toyotamanilabay.com.ph/tsure/wp-content/themes/twentytwentyone/assets/sass/06-components/06-components.php"; flow:to_server,established; http.header; content:"toyotamanilabay.com.ph"; fast_pattern; nocase; http.uri; content:"/tsure/wp-content/themes/twentytwentyone/assets/sass/06-components/06-components.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//goldenringsoman.com/admin/controller/extension/module/waclient/waclient.php"; flow:to_server,established; http.header; content:"goldenringsoman.com"; fast_pattern; nocase; http.uri; content:"/admin/controller/extension/module/waclient/waclient.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 49.232.231.163 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//49.232.231.163/wp-content/plugins/themeisle-companion/obfx_modules/beaver-widgets/custom-fields/number-field/number-field.php"; flow:to_server,established; http.header; content:"49.232.231.163"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/themeisle-companion/obfx_modules/beaver-widgets/custom-fields/number-field/number-field.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//starzbus.com/wp-content/plugins/all-in-one-wp-migration/lib/view/view.php"; flow:to_server,established; http.header; content:"starzbus.com"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/all-in-one-wp-migration/lib/view/view.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//uranustechnepal.com/test/administrator/components/com_actionlogs/src/Controller/Controller.php"; flow:to_server,established; http.header; content:"uranustechnepal.com"; fast_pattern; nocase; http.uri; content:"/test/administrator/components/com_actionlogs/src/Controller/Controller.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//cleverthings.org/wp-content/plugins/ad-ace/includes/plugins/visual-composer/elements/elements.php"; flow:to_server,established; http.header; content:"cleverthings.org"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/ad-ace/includes/plugins/visual-composer/elements/elements.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37271421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//clear.community/administrator/components/com_admin/views/sysinfo/tmpl/tmpl.php"; flow:to_server,established; http.header; content:"clear.community"; fast_pattern; nocase; http.uri; content:"/administrator/components/com_admin/views/sysinfo/tmpl/tmpl.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37273941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.batondejoie.fr/wp-content/advanced-nocaptcha-recaptcha/freemius/templates/account/partials/partials.php"; flow:to_server,established; http.header; content:"www.batondejoie.fr"; fast_pattern; nocase; http.uri; content:"/wp-content/advanced-nocaptcha-recaptcha/freemius/templates/account/partials/partials.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37273951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//v.elegantchina.net/wp-content/plugins/admin-menu-editor-pro/modules/highlight-new-menus/assets/assets.php"; flow:to_server,established; http.header; content:"v.elegantchina.net"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/admin-menu-editor-pro/modules/highlight-new-menus/assets/assets.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37273961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.itenas.ac.id/EN/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"www.itenas.ac.id"; fast_pattern; nocase; http.uri; content:"/EN/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37273971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//thzweb.freesite.host/wp-content/themes/twentytwentyfour/assets/fonts/cardo/cardo.php"; flow:to_server,established; http.header; content:"thzweb.freesite.host"; fast_pattern; nocase; http.uri; content:"/wp-content/themes/twentytwentyfour/assets/fonts/cardo/cardo.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37273981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//soundculture.pl/wp-content/plugins/LayerSlider/assets/static/dashicons/dashicons.php"; flow:to_server,established; http.header; content:"soundculture.pl"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/LayerSlider/assets/static/dashicons/dashicons.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37273991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//calendar-pro.com/wp-admin/css/colors/blue/blue.php"; flow:to_server,established; http.header; content:"calendar-pro.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/css/colors/blue/blue.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37274001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//carolgraceserves.com/backup-1477507809-wp-includes/Requests/Exception/HTTP/HTTP.php"; flow:to_server,established; http.header; content:"carolgraceserves.com"; fast_pattern; nocase; http.uri; content:"/backup-1477507809-wp-includes/Requests/Exception/HTTP/HTTP.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37274011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 182.92.201.189 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//182.92.201.189/wp-content/plugins/adthrive/components/static-files/partials/adcentric/adcentric.php"; flow:to_server,established; http.header; content:"182.92.201.189"; fast_pattern; nocase; http.uri; content:"/wp-content/plugins/adthrive/components/static-files/partials/adcentric/adcentric.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37274021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//www.dewildepinchetti.com/blog/wp-content/plugins/iwp-client/lib/Dropbox/OAuth/Consumer/Consumer.php"; flow:to_server,established; http.header; content:"www.dewildepinchetti.com"; fast_pattern; nocase; http.uri; content:"/blog/wp-content/plugins/iwp-client/lib/Dropbox/OAuth/Consumer/Consumer.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37274031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 101.201.46.105 8989 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 101.201.46.105|8989"; classtype:trojan-activity; sid:37120861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 101.201.46.105 8989 (msg: "MISP e26227 [] Outgoing To IP: 101.201.46.105|8989"; classtype:trojan-activity; sid:37274041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [dcrat] Outgoing URL http|3a|//exhaustless-bracket.000webhostapp.com/l1nc0in.php"; flow:to_server,established; http.header; content:"exhaustless-bracket.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//exhaustless-bracket.000webhostapp.com/L1nc0In.php"; flow:to_server,established; http.header; content:"exhaustless-bracket.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37274051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [dcrat] Outgoing URL http|3a|//837376cm.nyashsens.top/pythonlowdbtrafficpublic.php"; flow:to_server,established; http.header; content:"837376cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/pythonlowdbtrafficpublic.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37120881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//837376cm.nyashsens.top/pythonLowdbTrafficpublic.php"; flow:to_server,established; http.header; content:"837376cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/pythonLowdbTrafficpublic.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37274061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26070 [bokbot,IcedID] Domain microbanafler.com"; dns.query; content:"microbanafler.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])microbanafler\.com$/i"; classtype:trojan-activity; sid:37116021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [bokbot,IcedID] Outgoing HTTP Domain microbanafler.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"microbanafler.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])microbanafler\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37116022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 147.185.221.18 5204 (msg: "MISP e26070 [njrat,RAT] Outgoing To IP: 147.185.221.18|5204"; classtype:trojan-activity; sid:37116031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 3.125.102.39 17888 (msg: "MISP e26070 [njrat,RAT] Outgoing To IP: 3.125.102.39|17888"; classtype:trojan-activity; sid:37116041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//trade-inmyus.com/index.php"; flow:to_server,established; http.header; content:"trade-inmyus.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//trad-einmyus.com/index.php"; flow:to_server,established; http.header; content:"trad-einmyus.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//tradein-myus.com/index.php"; flow:to_server,established; http.header; content:"tradein-myus.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37116001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//piratia.pw/tmp/index.php"; flow:to_server,established; http.header; content:"piratia.pw"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//go-piratia.ru/tmp/index.php"; flow:to_server,established; http.header; content:"go-piratia.ru"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//mth.com.ua/tmp/index.php"; flow:to_server,established; http.header; content:"mth.com.ua"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//sjyey.com/tmp/index.php"; flow:to_server,established; http.header; content:"sjyey.com"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//babonwo.ru/tmp/index.php"; flow:to_server,established; http.header; content:"babonwo.ru"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//sulugilioiu19.net/index.php"; flow:to_server,established; http.header; content:"sulugilioiu19.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//goodfooggooftool.net/index.php"; flow:to_server,established; http.header; content:"goodfooggooftool.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//buriatiarutuhuob.net/index.php"; flow:to_server,established; http.header; content:"buriatiarutuhuob.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//cassiosssionunu.me/index.php"; flow:to_server,established; http.header; content:"cassiosssionunu.me"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//vacantion18ffeu.cc/index.php"; flow:to_server,established; http.header; content:"vacantion18ffeu.cc"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//valarioulinity1.net/index.php"; flow:to_server,established; http.header; content:"valarioulinity1.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [] Outgoing URL http|3a|//selebration17io.io/index.php"; flow:to_server,established; http.header; content:"selebration17io.io"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37115871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 15.235.167.60 7443 (msg: "MISP e26070 [Covenant,OVH] Outgoing To IP: 15.235.167.60|7443"; classtype:trojan-activity; sid:37120891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 91.107.200.181 443 (msg: "MISP e26070 [Havoc,HETZNER-AS] Outgoing To IP: 91.107.200.181|443"; classtype:trojan-activity; sid:37120901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 159.203.167.57 443 (msg: "MISP e26070 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 159.203.167.57|443"; classtype:trojan-activity; sid:37120911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 104.236.67.20 443 (msg: "MISP e26070 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 104.236.67.20|443"; classtype:trojan-activity; sid:37120921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 79.113.86.126 443 (msg: "MISP e26070 [Havoc,RCS-RDS 73-75 Dr. Staicovici] Outgoing To IP: 79.113.86.126|443"; classtype:trojan-activity; sid:37120931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 12.22.160.81 445 (msg: "MISP e26070 [ATT-INTERNET4,Responder] Outgoing To IP: 12.22.160.81|445"; classtype:trojan-activity; sid:37120941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 67.71.30.57 2222 (msg: "MISP e26070 [BACOM,QakBot] Outgoing To IP: 67.71.30.57|2222"; classtype:trojan-activity; sid:37120951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 97.118.34.90 993 (msg: "MISP e26070 [CENTURYLINK-US-LEGACY-QWEST,QakBot] Outgoing To IP: 97.118.34.90|993"; classtype:trojan-activity; sid:37120961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 20.117.106.245 80 (msg: "MISP e26070 [dcrat,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.117.106.245|80"; classtype:trojan-activity; sid:37120971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 40.66.42.165 1024 (msg: "MISP e26070 [dcrat,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 40.66.42.165|1024"; classtype:trojan-activity; sid:37120981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 178.18.246.136 2078 (msg: "MISP e26070 [CONTABO,Pikabot] Outgoing To IP: 178.18.246.136|2078"; classtype:trojan-activity; sid:37120991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 178.18.246.136 2078 (msg: "MISP e26227 [] Outgoing To IP: 178.18.246.136|2078"; classtype:trojan-activity; sid:37274071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 40.66.42.165 1024 (msg: "MISP e26227 [] Outgoing To IP: 40.66.42.165|1024"; classtype:trojan-activity; sid:37274081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 20.117.106.245 80 (msg: "MISP e26227 [] Outgoing To IP: 20.117.106.245|80"; classtype:trojan-activity; sid:37274091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 97.118.34.90 993 (msg: "MISP e26227 [] Outgoing To IP: 97.118.34.90|993"; classtype:trojan-activity; sid:37274101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 67.71.30.57 2222 (msg: "MISP e26227 [] Outgoing To IP: 67.71.30.57|2222"; classtype:trojan-activity; sid:37274111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 12.22.160.81 445 (msg: "MISP e26227 [] Outgoing To IP: 12.22.160.81|445"; classtype:trojan-activity; sid:37274121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 79.113.86.126 443 (msg: "MISP e26227 [] Outgoing To IP: 79.113.86.126|443"; classtype:trojan-activity; sid:37274131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 104.236.67.20 443 (msg: "MISP e26227 [] Outgoing To IP: 104.236.67.20|443"; classtype:trojan-activity; sid:37274141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 159.203.167.57 443 (msg: "MISP e26227 [] Outgoing To IP: 159.203.167.57|443"; classtype:trojan-activity; sid:37274151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 91.107.200.181 443 (msg: "MISP e26227 [] Outgoing To IP: 91.107.200.181|443"; classtype:trojan-activity; sid:37274161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 15.235.167.60 7443 (msg: "MISP e26227 [] Outgoing To IP: 15.235.167.60|7443"; classtype:trojan-activity; sid:37274171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26065 [] Domain mail.acryl.gr"; dns.query; content:"mail.acryl.gr"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.acryl\.gr$/i"; classtype:trojan-activity; sid:37114831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26065;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26065 [] Outgoing HTTP Domain mail.acryl.gr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.acryl.gr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.acryl\.gr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37114832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26065;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26065 [] Destination Email Address: logistirio1@acryl.gr"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"logistirio1@acryl.gr"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37114841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26065;) alert dns any any -> any any (msg: "MISP e26206 [] Domain vmi.lt-dek.net"; dns.query; content:"vmi.lt-dek.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net$/i"; classtype:trojan-activity; sid:37210351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26206;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26206 [] Outgoing HTTP Domain vmi.lt-dek.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dek.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dek\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37210352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26206;) alert dns any any -> any any (msg: "MISP e26175 [] Domain teamfavour111.ddns.net"; dns.query; content:"teamfavour111.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])teamfavour111\.ddns\.net$/i"; classtype:trojan-activity; sid:37206611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26175;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26175 [] Outgoing HTTP Domain teamfavour111.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"teamfavour111.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])teamfavour111\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37206612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26175;) alert dns any any -> any any (msg: "MISP e26175 [] Domain odogwuvisual123.duckdns.org"; dns.query; content:"odogwuvisual123.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])odogwuvisual123\.duckdns\.org$/i"; classtype:trojan-activity; sid:37206621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26175;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26175 [] Outgoing HTTP Domain odogwuvisual123.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"odogwuvisual123.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])odogwuvisual123\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37206622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26175;) alert ip $HOME_NET any -> 164.92.225.82 3790 (msg: "MISP e26070 [c2,Meterpreter] Outgoing To IP: 164.92.225.82|3790"; classtype:trojan-activity; sid:37121001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 62.102.148.158 62641 (msg: "MISP e26197 [] Outgoing To IP: 62.102.148.158|62641"; classtype:trojan-activity; sid:37209101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26197;) alert ip $HOME_NET any -> 62.102.148.158 any (msg: "MISP e26197 [] Outgoing To IP: 62.102.148.158"; classtype:trojan-activity; sid:37209091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26197;) alert ip $HOME_NET any -> 164.92.225.82 3790 (msg: "MISP e26227 [] Outgoing To IP: 164.92.225.82|3790"; classtype:trojan-activity; sid:37274181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26314 [] Domain navarcope.space"; dns.query; content:"navarcope.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])navarcope\.space$/i"; classtype:trojan-activity; sid:37243611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain navarcope.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"navarcope.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])navarcope\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain npscare.site"; dns.query; content:"npscare.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])npscare\.site$/i"; classtype:trojan-activity; sid:37243621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain npscare.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"npscare.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])npscare\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain npscmd.site"; dns.query; content:"npscmd.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])npscmd\.site$/i"; classtype:trojan-activity; sid:37243631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain npscmd.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"npscmd.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])npscmd\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain npsnote.site"; dns.query; content:"npsnote.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])npsnote\.site$/i"; classtype:trojan-activity; sid:37243641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain npsnote.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"npsnote.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])npsnote\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain npsnotice.site"; dns.query; content:"npsnotice.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])npsnotice\.site$/i"; classtype:trojan-activity; sid:37243651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain npsnotice.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"npsnotice.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])npsnotice\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain npsrule.site"; dns.query; content:"npsrule.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])npsrule\.site$/i"; classtype:trojan-activity; sid:37243661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain npsrule.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"npsrule.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])npsrule\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nts-post.homes"; dns.query; content:"nts-post.homes"; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-post\.homes$/i"; classtype:trojan-activity; sid:37243671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nts-post.homes"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nts-post.homes"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-post\.homes[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsadmin.site"; dns.query; content:"ntsadmin.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsadmin\.site$/i"; classtype:trojan-activity; sid:37243681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsadmin.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsadmin.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsadmin\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntscontact.site"; dns.query; content:"ntscontact.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntscontact\.site$/i"; classtype:trojan-activity; sid:37243691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntscontact.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntscontact.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntscontact\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntscorp.site"; dns.query; content:"ntscorp.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntscorp\.site$/i"; classtype:trojan-activity; sid:37243701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntscorp.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntscorp.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntscorp\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsnew.homes"; dns.query; content:"ntsnew.homes"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsnew\.homes$/i"; classtype:trojan-activity; sid:37243711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsnew.homes"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsnew.homes"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsnew\.homes[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsnew.store"; dns.query; content:"ntsnew.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsnew\.store$/i"; classtype:trojan-activity; sid:37243721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsnew.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsnew.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsnew\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsnews.homes"; dns.query; content:"ntsnews.homes"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsnews\.homes$/i"; classtype:trojan-activity; sid:37243731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsnews.homes"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsnews.homes"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsnews\.homes[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsnotice.site"; dns.query; content:"ntsnotice.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsnotice\.site$/i"; classtype:trojan-activity; sid:37243741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsnotice.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsnotice.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsnotice\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsposter.homes"; dns.query; content:"ntsposter.homes"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsposter\.homes$/i"; classtype:trojan-activity; sid:37243751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsposter.homes"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsposter.homes"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsposter\.homes[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsposting.store"; dns.query; content:"ntsposting.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsposting\.store$/i"; classtype:trojan-activity; sid:37243761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsposting.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsposting.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsposting\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsroom.site"; dns.query; content:"ntsroom.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsroom\.site$/i"; classtype:trojan-activity; sid:37243771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsroom.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsroom.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsroom\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsward.site"; dns.query; content:"ntsward.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsward\.site$/i"; classtype:trojan-activity; sid:37243781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsward.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsward.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsward\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> 159.89.175.38 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//159.89.175.38/"; flow:to_server,established; http.header; content:"159.89.175.38"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37274191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 103.110.33.155 6767 (msg: "MISP e26175 [] Outgoing To IP: 103.110.33.155|6767"; classtype:trojan-activity; sid:37206631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26175;) alert ip $HOME_NET any -> 122.155.191.33 80 (msg: "MISP e26314 [] Outgoing To IP: 122.155.191.33|80"; classtype:trojan-activity; sid:37243791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain meatalk.com"; dns.query; content:"meatalk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])meatalk\.com$/i"; classtype:trojan-activity; sid:37243801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain meatalk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"meatalk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])meatalk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain gbionet.com"; dns.query; content:"gbionet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gbionet\.com$/i"; classtype:trojan-activity; sid:37243811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain gbionet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gbionet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gbionet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain kyungdaek.com"; dns.query; content:"kyungdaek.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kyungdaek\.com$/i"; classtype:trojan-activity; sid:37243821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain kyungdaek.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kyungdaek.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kyungdaek\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain siloamclinic.com"; dns.query; content:"siloamclinic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])siloamclinic\.com$/i"; classtype:trojan-activity; sid:37243831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain siloamclinic.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"siloamclinic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])siloamclinic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//gbionet.com/"; flow:to_server,established; http.header; content:"gbionet.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//vwellpain.com/js/sub/up/down1/r_enc.bin"; flow:to_server,established; http.header; content:"vwellpain.com"; fast_pattern; nocase; http.uri; content:"/js/sub/up/down1/r_enc.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//ek.com/js/sub/aos/dull/down1/r_enc.bin"; flow:to_server,established; http.header; content:"ek.com"; fast_pattern; nocase; http.uri; content:"/js/sub/aos/dull/down1/r_enc.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//www.ek.com/js/sub/aos/dull/down1/r_enc.bin"; flow:to_server,established; http.header; content:"www.ek.com"; fast_pattern; nocase; http.uri; content:"/js/sub/aos/dull/down1/r_enc.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//siloamclinic.com/js/slick/up/down1/r_enc.bin"; flow:to_server,established; http.header; content:"siloamclinic.com"; fast_pattern; nocase; http.uri; content:"/js/slick/up/down1/r_enc.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//ek.com/js/sub/aos/dull/down1/show.php"; flow:to_server,established; http.header; content:"ek.com"; fast_pattern; nocase; http.uri; content:"/js/sub/aos/dull/down1/show.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//kyungdaek.com/js/sub/aos/dull/down1/lib.php"; flow:to_server,established; http.header; content:"kyungdaek.com"; fast_pattern; nocase; http.uri; content:"/js/sub/aos/dull/down1/lib.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//kyungdaek.com/js/sub/aos/dull/down1/list.php"; flow:to_server,established; http.header; content:"kyungdaek.com"; fast_pattern; nocase; http.uri; content:"/js/sub/aos/dull/down1/list.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//meatalk.com/pg/adm/tdr/upi/down0/lib.php"; flow:to_server,established; http.header; content:"meatalk.com"; fast_pattern; nocase; http.uri; content:"/pg/adm/tdr/upi/down0/lib.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//meatalk.com/pg/adm/tdr/upi/down0/list.php"; flow:to_server,established; http.header; content:"meatalk.com"; fast_pattern; nocase; http.uri; content:"/pg/adm/tdr/upi/down0/list.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//siloamclinic.com/js/slick/up/down0/lib.php"; flow:to_server,established; http.header; content:"siloamclinic.com"; fast_pattern; nocase; http.uri; content:"/js/slick/up/down0/lib.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//siloamclinic.com/js/slick/up/down0/list.php"; flow:to_server,established; http.header; content:"siloamclinic.com"; fast_pattern; nocase; http.uri; content:"/js/slick/up/down0/list.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> 122.155.191.33 $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//122.155.191.33/temp/down1/123.hwp"; flow:to_server,established; http.header; content:"122.155.191.33"; fast_pattern; nocase; http.uri; content:"/temp/down1/123.hwp"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> 122.155.191.33 $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//122.155.191.33/temp/clientx64.bin"; flow:to_server,established; http.header; content:"122.155.191.33"; fast_pattern; nocase; http.uri; content:"/temp/clientx64.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37243971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname ai.negapa.p-e.kr"; dns.query; content:"ai.negapa.p-e.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ai\.negapa\.p\-e\.kr$/i"; classtype:trojan-activity; sid:37244111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname ai.negapa.p-e.kr"; flow:to_server,established; http.header; content: "Host|3a| ai.negapa.p-e.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ai\.negapa\.p\-e\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//ar.kostin.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ar.kostin.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37244121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//ai.kostin.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.kostin.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37244131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//qi.limsjo.p-e.kr/index.php"; flow:to_server,established; http.header; content:"qi.limsjo.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37244141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//ai.limsjo.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.limsjo.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37244151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//ol.negapa.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ol.negapa.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37244161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//ai.negapa.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.negapa.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37244171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26314 [] Outgoing URL http|3a|//coolsystem.co.kr/admin/mail/index.php"; flow:to_server,established; http.header; content:"coolsystem.co.kr"; fast_pattern; nocase; http.uri; content:"/admin/mail/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37244181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26326 [] Hostname mail.wasstech.com"; dns.query; content:"mail.wasstech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.wasstech\.com$/i"; classtype:trojan-activity; sid:37251441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26326;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26326 [] Outgoing HTTP Hostname mail.wasstech.com"; flow:to_server,established; http.header; content: "Host|3a| mail.wasstech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.wasstech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26326;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26326 [] Source Email Address: wassteam@wasstech.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"wassteam@wasstech.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37251451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26326;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26326 [] Destination Email Address: tsirisep@gmail.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"tsirisep@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37251461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26326;) alert ip 146.185.214.63 any -> $HOME_NET any (msg: "MISP e28673 [] Incoming From IP: 146.185.214.63"; classtype:trojan-activity; sid:38627091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28673;) alert dns any any -> any any (msg: "MISP e28673 [] Domain libpe.so"; dns.query; content:"libpe.so"; nocase; pcre: "/(^|[^A-Za-z0-9-])libpe\.so$/i"; classtype:trojan-activity; sid:38627471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28673 [] Outgoing HTTP Domain libpe.so"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"libpe.so"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])libpe\.so[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38627472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28673;) alert dns any any -> any any (msg: "MISP e28673 [] Domain preload.so"; dns.query; content:"preload.so"; nocase; pcre: "/(^|[^A-Za-z0-9-])preload\.so$/i"; classtype:trojan-activity; sid:38627651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28673 [] Outgoing HTTP Domain preload.so"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"preload.so"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])preload\.so[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38627652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28673;) alert dns any any -> any any (msg: "MISP e28673 [] Domain liblog.so"; dns.query; content:"liblog.so"; nocase; pcre: "/(^|[^A-Za-z0-9-])liblog\.so$/i"; classtype:trojan-activity; sid:38628151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28673 [] Outgoing HTTP Domain liblog.so"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liblog.so"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liblog\.so[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38628152; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28673;) alert ip $HOME_NET any -> 204.76.203.68 1311 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.68|1311"; classtype:trojan-activity; sid:37274201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.36 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.36|1311"; classtype:trojan-activity; sid:37274211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.39 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.39|1311"; classtype:trojan-activity; sid:37274221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.40 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.40|1311"; classtype:trojan-activity; sid:37274231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.35 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.35|1311"; classtype:trojan-activity; sid:37274241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.25 1299 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.25|1299"; classtype:trojan-activity; sid:37274251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.52 1310 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.52|1310"; classtype:trojan-activity; sid:37274261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.27 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.27|1311"; classtype:trojan-activity; sid:37274271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.12 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.12|1311"; classtype:trojan-activity; sid:37274281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.51 1307 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.51|1307"; classtype:trojan-activity; sid:37274291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.49 1311 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.49|1311"; classtype:trojan-activity; sid:37274301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.56 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.56|61616"; classtype:trojan-activity; sid:37274311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.49 61616 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.49|61616"; classtype:trojan-activity; sid:37274321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.46 61616 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.46|61616"; classtype:trojan-activity; sid:37274331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.54 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.54|61616"; classtype:trojan-activity; sid:37274341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.32 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.32|61616"; classtype:trojan-activity; sid:37274351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.55 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.55|61616"; classtype:trojan-activity; sid:37274361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.50 61616 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.50|61616"; classtype:trojan-activity; sid:37274371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.20 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.20|61616"; classtype:trojan-activity; sid:37274381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.48 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.48|61616"; classtype:trojan-activity; sid:37274391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.156 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.156|61616"; classtype:trojan-activity; sid:37274401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.30 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.30|61616"; classtype:trojan-activity; sid:37274411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.57 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.57|61616"; classtype:trojan-activity; sid:37274421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.21 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.21|61616"; classtype:trojan-activity; sid:37274431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.58 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.58|61616"; classtype:trojan-activity; sid:37274441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.31 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.31|61616"; classtype:trojan-activity; sid:37274451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.42 1332 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.42|1332"; classtype:trojan-activity; sid:37274461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.26 1303 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.26|1303"; classtype:trojan-activity; sid:37274471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.28 1291 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.28|1291"; classtype:trojan-activity; sid:37274481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.43 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.43|61616"; classtype:trojan-activity; sid:37274491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.36 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.36|61616"; classtype:trojan-activity; sid:37274501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.45 1433 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.45|1433"; classtype:trojan-activity; sid:37274511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.50 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.50|61616"; classtype:trojan-activity; sid:37274521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.60 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.60|61616"; classtype:trojan-activity; sid:37274531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.230 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.230|61616"; classtype:trojan-activity; sid:37274541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.53 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.53|61616"; classtype:trojan-activity; sid:37274551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.47 61616 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.47|61616"; classtype:trojan-activity; sid:37274561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.19 61616 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.19|61616"; classtype:trojan-activity; sid:37274571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.23 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.23|1311"; classtype:trojan-activity; sid:37274581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.31 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.31|1311"; classtype:trojan-activity; sid:37274591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.24 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.24|1311"; classtype:trojan-activity; sid:37274601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.37 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.37|1311"; classtype:trojan-activity; sid:37274611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.20 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.20|1311"; classtype:trojan-activity; sid:37274621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.44 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.44|1311"; classtype:trojan-activity; sid:37274631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.6 1298 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.6|1298"; classtype:trojan-activity; sid:37274641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.65 1302 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.65|1302"; classtype:trojan-activity; sid:37274651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.14 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.14|1311"; classtype:trojan-activity; sid:37274661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.5 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.5|1311"; classtype:trojan-activity; sid:37274671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.61 1291 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.61|1291"; classtype:trojan-activity; sid:37274681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.72 1311 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.72|1311"; classtype:trojan-activity; sid:37274691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.71 1311 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.71|1311"; classtype:trojan-activity; sid:37274701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.4 1375 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.4|1375"; classtype:trojan-activity; sid:37274711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.17 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.17|1311"; classtype:trojan-activity; sid:37274721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.16 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.16|1311"; classtype:trojan-activity; sid:37274731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.7 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.7|1311"; classtype:trojan-activity; sid:37274741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.32 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.32|1311"; classtype:trojan-activity; sid:37274751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.21 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.21|1311"; classtype:trojan-activity; sid:37274761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.9 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.9|1311"; classtype:trojan-activity; sid:37274771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.2 1311 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.2|1311"; classtype:trojan-activity; sid:37274781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.69 1311 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.69|1311"; classtype:trojan-activity; sid:37274791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.41 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.41|1311"; classtype:trojan-activity; sid:37274801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.18 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.18|1311"; classtype:trojan-activity; sid:37274811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.3 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.3|1311"; classtype:trojan-activity; sid:37274821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.43 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.43|1311"; classtype:trojan-activity; sid:37274831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.22 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.22|1311"; classtype:trojan-activity; sid:37274841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.38 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.38|1311"; classtype:trojan-activity; sid:37274851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.66 1311 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.66|1311"; classtype:trojan-activity; sid:37274861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.45 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.45|1311"; classtype:trojan-activity; sid:37274871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.44 1311 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.44|1311"; classtype:trojan-activity; sid:37274881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.13 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.13|1311"; classtype:trojan-activity; sid:37274891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.41 1311 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.41|1311"; classtype:trojan-activity; sid:37274901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.33 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.33|1311"; classtype:trojan-activity; sid:37274911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.11 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.11|1311"; classtype:trojan-activity; sid:37274921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.34 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.34|1311"; classtype:trojan-activity; sid:37274931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.30 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.30|1311"; classtype:trojan-activity; sid:37274941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.72.185.42 1311 (msg: "MISP e26227 [] Outgoing To IP: 62.72.185.42|1311"; classtype:trojan-activity; sid:37274951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 204.76.203.70 1311 (msg: "MISP e26227 [] Outgoing To IP: 204.76.203.70|1311"; classtype:trojan-activity; sid:37274961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26312 [] Domain continue-meeting.site"; dns.query; content:"continue-meeting.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])continue\-meeting\.site$/i"; classtype:trojan-activity; sid:37243521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26312 [] Outgoing HTTP Domain continue-meeting.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"continue-meeting.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])continue\-meeting\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert dns any any -> any any (msg: "MISP e26312 [] Domain drive-access.site"; dns.query; content:"drive-access.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])drive\-access\.site$/i"; classtype:trojan-activity; sid:37243531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26312 [] Outgoing HTTP Domain drive-access.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drive-access.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drive\-access\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert dns any any -> any any (msg: "MISP e26312 [] Domain home-continue.online"; dns.query; content:"home-continue.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])home\-continue\.online$/i"; classtype:trojan-activity; sid:37243541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26312 [] Outgoing HTTP Domain home-continue.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"home-continue.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])home\-continue\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert dns any any -> any any (msg: "MISP e26312 [] Domain home-proceed.online"; dns.query; content:"home-proceed.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])home\-proceed\.online$/i"; classtype:trojan-activity; sid:37243551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26312 [] Outgoing HTTP Domain home-proceed.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"home-proceed.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])home\-proceed\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert dns any any -> any any (msg: "MISP e26312 [] Domain pannel-get-data.us"; dns.query; content:"pannel-get-data.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])pannel\-get\-data\.us$/i"; classtype:trojan-activity; sid:37243561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26312 [] Outgoing HTTP Domain pannel-get-data.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pannel-get-data.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pannel\-get\-data\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert dns any any -> any any (msg: "MISP e26312 [] Domain ushrt.us"; dns.query; content:"ushrt.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])ushrt\.us$/i"; classtype:trojan-activity; sid:37243571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26312 [] Outgoing HTTP Domain ushrt.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ushrt.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ushrt\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert dns any any -> any any (msg: "MISP e26312 [] Hostname join-room.meeting-online.site"; dns.query; content:"join-room.meeting-online.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join\-room\.meeting\-online\.site$/i"; classtype:trojan-activity; sid:37243581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26312 [] Outgoing HTTP Hostname join-room.meeting-online.site"; flow:to_server,established; http.header; content: "Host|3a| join-room.meeting-online.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join\-room\.meeting\-online\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26312;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname coolsystem.co.kr"; dns.query; content:"coolsystem.co.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coolsystem\.co\.kr$/i"; classtype:trojan-activity; sid:37244261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname coolsystem.co.kr"; flow:to_server,established; http.header; content: "Host|3a| coolsystem.co.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coolsystem\.co\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain acckr.online"; dns.query; content:"acckr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])acckr\.online$/i"; classtype:trojan-activity; sid:37244271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain acckr.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"acckr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])acckr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain acckr.store"; dns.query; content:"acckr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])acckr\.store$/i"; classtype:trojan-activity; sid:37244281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain acckr.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"acckr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])acckr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ackr.link"; dns.query; content:"ackr.link"; nocase; pcre: "/(^|[^A-Za-z0-9-])ackr\.link$/i"; classtype:trojan-activity; sid:37244291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ackr.link"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ackr.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ackr\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ackr.online"; dns.query; content:"ackr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])ackr\.online$/i"; classtype:trojan-activity; sid:37244301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ackr.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ackr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ackr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain belieview.com"; dns.query; content:"belieview.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])belieview\.com$/i"; classtype:trojan-activity; sid:37244311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain belieview.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"belieview.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])belieview\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain cenv.space"; dns.query; content:"cenv.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])cenv\.space$/i"; classtype:trojan-activity; sid:37244321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain cenv.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cenv.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cenv\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain cenv.store"; dns.query; content:"cenv.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])cenv\.store$/i"; classtype:trojan-activity; sid:37244331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain cenv.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cenv.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cenv\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain cnkr.online"; dns.query; content:"cnkr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])cnkr\.online$/i"; classtype:trojan-activity; sid:37244341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain cnkr.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cnkr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cnkr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain cnkr.store"; dns.query; content:"cnkr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])cnkr\.store$/i"; classtype:trojan-activity; sid:37244351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain cnkr.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cnkr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cnkr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ecnv.site"; dns.query; content:"ecnv.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecnv\.site$/i"; classtype:trojan-activity; sid:37244361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ecnv.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecnv.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecnv\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain edcloud.store"; dns.query; content:"edcloud.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])edcloud\.store$/i"; classtype:trojan-activity; sid:37244371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain edcloud.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edcloud.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edcloud\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain edkcloud.cloud"; dns.query; content:"edkcloud.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])edkcloud\.cloud$/i"; classtype:trojan-activity; sid:37244381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain edkcloud.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edkcloud.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edkcloud\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain edkcloud.online"; dns.query; content:"edkcloud.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])edkcloud\.online$/i"; classtype:trojan-activity; sid:37244391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain edkcloud.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edkcloud.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edkcloud\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain edoc-kr.online"; dns.query; content:"edoc-kr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])edoc\-kr\.online$/i"; classtype:trojan-activity; sid:37244401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain edoc-kr.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edoc-kr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edoc\-kr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain edocs-kr.cloud"; dns.query; content:"edocs-kr.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-kr\.cloud$/i"; classtype:trojan-activity; sid:37244411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain edocs-kr.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edocs-kr.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-kr\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain edocs-nv.online"; dns.query; content:"edocs-nv.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-nv\.online$/i"; classtype:trojan-activity; sid:37244421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain edocs-nv.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edocs-nv.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-nv\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain edocs-nv.space"; dns.query; content:"edocs-nv.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-nv\.space$/i"; classtype:trojan-activity; sid:37244431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain edocs-nv.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edocs-nv.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-nv\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain edocs-nv.store"; dns.query; content:"edocs-nv.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-nv\.store$/i"; classtype:trojan-activity; sid:37244441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain edocs-nv.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edocs-nv.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-nv\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain escnv.online"; dns.query; content:"escnv.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])escnv\.online$/i"; classtype:trojan-activity; sid:37244451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain escnv.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"escnv.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])escnv\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain estnv.online"; dns.query; content:"estnv.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])estnv\.online$/i"; classtype:trojan-activity; sid:37244461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain estnv.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estnv.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estnv\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain estnv.space"; dns.query; content:"estnv.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])estnv\.space$/i"; classtype:trojan-activity; sid:37244471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain estnv.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estnv.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estnv\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain estnv.store"; dns.query; content:"estnv.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])estnv\.store$/i"; classtype:trojan-activity; sid:37244481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain estnv.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estnv.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estnv\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain fscns.xyz"; dns.query; content:"fscns.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])fscns\.xyz$/i"; classtype:trojan-activity; sid:37244491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain fscns.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fscns.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fscns\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain gemnv.online"; dns.query; content:"gemnv.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])gemnv\.online$/i"; classtype:trojan-activity; sid:37244501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain gemnv.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gemnv.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gemnv\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain gemnv.space"; dns.query; content:"gemnv.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])gemnv\.space$/i"; classtype:trojan-activity; sid:37244511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain gemnv.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gemnv.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gemnv\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain hlnv.store"; dns.query; content:"hlnv.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])hlnv\.store$/i"; classtype:trojan-activity; sid:37244521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain hlnv.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hlnv.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hlnv\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain hnsc.space"; dns.query; content:"hnsc.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])hnsc\.space$/i"; classtype:trojan-activity; sid:37244531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain hnsc.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hnsc.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hnsc\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain krcp.online"; dns.query; content:"krcp.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])krcp\.online$/i"; classtype:trojan-activity; sid:37244541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain krcp.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"krcp.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])krcp\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain krcp.store"; dns.query; content:"krcp.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])krcp\.store$/i"; classtype:trojan-activity; sid:37244551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain krcp.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"krcp.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])krcp\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain maillive.click"; dns.query; content:"maillive.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])maillive\.click$/i"; classtype:trojan-activity; sid:37244561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain maillive.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maillive.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maillive\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain mailsvc.fun"; dns.query; content:"mailsvc.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])mailsvc\.fun$/i"; classtype:trojan-activity; sid:37244571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain mailsvc.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mailsvc.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mailsvc\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain mngkr.cloud"; dns.query; content:"mngkr.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])mngkr\.cloud$/i"; classtype:trojan-activity; sid:37244581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain mngkr.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mngkr.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mngkr\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain mngkr.fun"; dns.query; content:"mngkr.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])mngkr\.fun$/i"; classtype:trojan-activity; sid:37244591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain mngkr.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mngkr.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mngkr\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain mngkr.host"; dns.query; content:"mngkr.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])mngkr\.host$/i"; classtype:trojan-activity; sid:37244601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain mngkr.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mngkr.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mngkr\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain mnksc.cloud"; dns.query; content:"mnksc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])mnksc\.cloud$/i"; classtype:trojan-activity; sid:37244611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain mnksc.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mnksc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mnksc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain mnksc.host"; dns.query; content:"mnksc.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])mnksc\.host$/i"; classtype:trojan-activity; sid:37244621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain mnksc.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mnksc.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mnksc\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain mnsvc.icu"; dns.query; content:"mnsvc.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-])mnsvc\.icu$/i"; classtype:trojan-activity; sid:37244631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain mnsvc.icu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mnsvc.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mnsvc\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain mnsvc.tech"; dns.query; content:"mnsvc.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-])mnsvc\.tech$/i"; classtype:trojan-activity; sid:37244641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain mnsvc.tech"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mnsvc.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mnsvc\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain mnvsc.online"; dns.query; content:"mnvsc.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])mnvsc\.online$/i"; classtype:trojan-activity; sid:37244651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain mnvsc.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mnvsc.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mnvsc\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain mnvsc.store"; dns.query; content:"mnvsc.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])mnvsc\.store$/i"; classtype:trojan-activity; sid:37244661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain mnvsc.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mnvsc.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mnvsc\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nbkr.online"; dns.query; content:"nbkr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])nbkr\.online$/i"; classtype:trojan-activity; sid:37244671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nbkr.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nbkr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nbkr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nbkr.space"; dns.query; content:"nbkr.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])nbkr\.space$/i"; classtype:trojan-activity; sid:37244681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nbkr.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nbkr.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nbkr\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nckr.space"; dns.query; content:"nckr.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])nckr\.space$/i"; classtype:trojan-activity; sid:37244691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nckr.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nckr.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nckr\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ncloud.click"; dns.query; content:"ncloud.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])ncloud\.click$/i"; classtype:trojan-activity; sid:37244701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ncloud.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ncloud.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ncloud\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ncloud.host"; dns.query; content:"ncloud.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])ncloud\.host$/i"; classtype:trojan-activity; sid:37244711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ncloud.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ncloud.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ncloud\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ncloud.uno"; dns.query; content:"ncloud.uno"; nocase; pcre: "/(^|[^A-Za-z0-9-])ncloud\.uno$/i"; classtype:trojan-activity; sid:37244721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ncloud.uno"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ncloud.uno"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ncloud\.uno[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ncplus.click"; dns.query; content:"ncplus.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])ncplus\.click$/i"; classtype:trojan-activity; sid:37244731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ncplus.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ncplus.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ncplus\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ncplus.site"; dns.query; content:"ncplus.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ncplus\.site$/i"; classtype:trojan-activity; sid:37244741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ncplus.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ncplus.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ncplus\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ncvsr.tech"; dns.query; content:"ncvsr.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-])ncvsr\.tech$/i"; classtype:trojan-activity; sid:37244751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ncvsr.tech"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ncvsr.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ncvsr\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ncvts.online"; dns.query; content:"ncvts.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])ncvts\.online$/i"; classtype:trojan-activity; sid:37244761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ncvts.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ncvts.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ncvts\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ncvts.store"; dns.query; content:"ncvts.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ncvts\.store$/i"; classtype:trojan-activity; sid:37244771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ncvts.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ncvts.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ncvts\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ndoc-kr.host"; dns.query; content:"ndoc-kr.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\-kr\.host$/i"; classtype:trojan-activity; sid:37244781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ndoc-kr.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ndoc-kr.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\-kr\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ndoc-kr.info"; dns.query; content:"ndoc-kr.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\-kr\.info$/i"; classtype:trojan-activity; sid:37244791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ndoc-kr.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ndoc-kr.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\-kr\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ndoc-kr.site"; dns.query; content:"ndoc-kr.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\-kr\.site$/i"; classtype:trojan-activity; sid:37244801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ndoc-kr.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ndoc-kr.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\-kr\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ndoc-kr.space"; dns.query; content:"ndoc-kr.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\-kr\.space$/i"; classtype:trojan-activity; sid:37244811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ndoc-kr.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ndoc-kr.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\-kr\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ndoc-kr.store"; dns.query; content:"ndoc-kr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\-kr\.store$/i"; classtype:trojan-activity; sid:37244821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ndoc-kr.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ndoc-kr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\-kr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ndoc.digital"; dns.query; content:"ndoc.digital"; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\.digital$/i"; classtype:trojan-activity; sid:37244831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ndoc.digital"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ndoc.digital"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ndoc\.digital[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhis-cloud.online"; dns.query; content:"nhis-cloud.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhis\-cloud\.online$/i"; classtype:trojan-activity; sid:37244841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhis-cloud.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhis-cloud.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhis\-cloud\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhis-cloud.site"; dns.query; content:"nhis-cloud.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhis\-cloud\.site$/i"; classtype:trojan-activity; sid:37244851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhis-cloud.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhis-cloud.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhis\-cloud\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhis-doc.store"; dns.query; content:"nhis-doc.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhis\-doc\.store$/i"; classtype:trojan-activity; sid:37244861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhis-doc.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhis-doc.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhis\-doc\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhis-edoc.cloud"; dns.query; content:"nhis-edoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhis\-edoc\.cloud$/i"; classtype:trojan-activity; sid:37244871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhis-edoc.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhis-edoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhis\-edoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhiskr.cloud"; dns.query; content:"nhiskr.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.cloud$/i"; classtype:trojan-activity; sid:37244881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhiskr.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhiskr.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhiskr.fun"; dns.query; content:"nhiskr.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.fun$/i"; classtype:trojan-activity; sid:37244891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhiskr.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhiskr.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhiskr.online"; dns.query; content:"nhiskr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.online$/i"; classtype:trojan-activity; sid:37244901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhiskr.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhiskr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhiskr.site"; dns.query; content:"nhiskr.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.site$/i"; classtype:trojan-activity; sid:37244911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhiskr.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhiskr.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhiskr.space"; dns.query; content:"nhiskr.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.space$/i"; classtype:trojan-activity; sid:37244921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhiskr.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhiskr.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhiskr.tech"; dns.query; content:"nhiskr.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.tech$/i"; classtype:trojan-activity; sid:37244931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhiskr.tech"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhiskr.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhiskr\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhissvc.cloud"; dns.query; content:"nhissvc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhissvc\.cloud$/i"; classtype:trojan-activity; sid:37244941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhissvc.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhissvc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhissvc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhissvc.space"; dns.query; content:"nhissvc.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhissvc\.space$/i"; classtype:trojan-activity; sid:37244951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhissvc.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhissvc.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhissvc\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhskr.online"; dns.query; content:"nhskr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhskr\.online$/i"; classtype:trojan-activity; sid:37244961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhskr.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhskr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhskr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhskr.space"; dns.query; content:"nhskr.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhskr\.space$/i"; classtype:trojan-activity; sid:37244971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhskr.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhskr.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhskr\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nhskr.store"; dns.query; content:"nhskr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhskr\.store$/i"; classtype:trojan-activity; sid:37244981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nhskr.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhskr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhskr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nldoc-kr.cloud"; dns.query; content:"nldoc-kr.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])nldoc\-kr\.cloud$/i"; classtype:trojan-activity; sid:37244991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nldoc-kr.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nldoc-kr.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nldoc\-kr\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37244992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nmsvc.icu"; dns.query; content:"nmsvc.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-])nmsvc\.icu$/i"; classtype:trojan-activity; sid:37245001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nmsvc.icu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nmsvc.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nmsvc\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nmsvc.online"; dns.query; content:"nmsvc.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])nmsvc\.online$/i"; classtype:trojan-activity; sid:37245011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nmsvc.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nmsvc.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nmsvc\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nqcloud-edoc.site"; dns.query; content:"nqcloud-edoc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])nqcloud\-edoc\.site$/i"; classtype:trojan-activity; sid:37245021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nqcloud-edoc.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nqcloud-edoc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nqcloud\-edoc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nscentre.online"; dns.query; content:"nscentre.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])nscentre\.online$/i"; classtype:trojan-activity; sid:37245031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nscentre.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nscentre.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nscentre\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nskr.online"; dns.query; content:"nskr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])nskr\.online$/i"; classtype:trojan-activity; sid:37245041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nskr.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nskr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nskr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nskr.space"; dns.query; content:"nskr.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])nskr\.space$/i"; classtype:trojan-activity; sid:37245051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nskr.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nskr.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nskr\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nskr.store"; dns.query; content:"nskr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])nskr\.store$/i"; classtype:trojan-activity; sid:37245061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nskr.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nskr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nskr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nsrv.link"; dns.query; content:"nsrv.link"; nocase; pcre: "/(^|[^A-Za-z0-9-])nsrv\.link$/i"; classtype:trojan-activity; sid:37245071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nsrv.link"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nsrv.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nsrv\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nsrv.store"; dns.query; content:"nsrv.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])nsrv\.store$/i"; classtype:trojan-activity; sid:37245081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nsrv.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nsrv.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nsrv\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntskr.cloud"; dns.query; content:"ntskr.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntskr\.cloud$/i"; classtype:trojan-activity; sid:37245091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntskr.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntskr.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntskr\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntskr.online"; dns.query; content:"ntskr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntskr\.online$/i"; classtype:trojan-activity; sid:37245101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntskr.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntskr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntskr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvclup.link"; dns.query; content:"nvclup.link"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvclup\.link$/i"; classtype:trojan-activity; sid:37245111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvclup.link"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvclup.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvclup\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvclup.online"; dns.query; content:"nvclup.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvclup\.online$/i"; classtype:trojan-activity; sid:37245121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvclup.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvclup.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvclup\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvclup.space"; dns.query; content:"nvclup.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvclup\.space$/i"; classtype:trojan-activity; sid:37245131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvclup.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvclup.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvclup\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvclup.store"; dns.query; content:"nvclup.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvclup\.store$/i"; classtype:trojan-activity; sid:37245141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvclup.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvclup.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvclup\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvdocs.store"; dns.query; content:"nvdocs.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvdocs\.store$/i"; classtype:trojan-activity; sid:37245151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvdocs.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvdocs.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvdocs\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvkr.link"; dns.query; content:"nvkr.link"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvkr\.link$/i"; classtype:trojan-activity; sid:37245161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvkr.link"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvkr.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvkr\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvkr.space"; dns.query; content:"nvkr.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvkr\.space$/i"; classtype:trojan-activity; sid:37245171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvkr.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvkr.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvkr\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvkr.store"; dns.query; content:"nvkr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvkr\.store$/i"; classtype:trojan-activity; sid:37245181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvkr.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvkr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvkr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvpr.info"; dns.query; content:"nvpr.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvpr\.info$/i"; classtype:trojan-activity; sid:37245191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvpr.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvpr.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvpr\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvpro.art"; dns.query; content:"nvpro.art"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvpro\.art$/i"; classtype:trojan-activity; sid:37245201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvpro.art"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvpro.art"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvpro\.art[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvpro.host"; dns.query; content:"nvpro.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvpro\.host$/i"; classtype:trojan-activity; sid:37245211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvpro.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvpro.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvpro\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvpro.info"; dns.query; content:"nvpro.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvpro\.info$/i"; classtype:trojan-activity; sid:37245221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvpro.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvpro.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvpro\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvsc.cloud"; dns.query; content:"nvsc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvsc\.cloud$/i"; classtype:trojan-activity; sid:37245231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvsc.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvsc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvsc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nvsc.press"; dns.query; content:"nvsc.press"; nocase; pcre: "/(^|[^A-Za-z0-9-])nvsc\.press$/i"; classtype:trojan-activity; sid:37245241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nvsc.press"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nvsc.press"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nvsc\.press[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain prodocs.cloud"; dns.query; content:"prodocs.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])prodocs\.cloud$/i"; classtype:trojan-activity; sid:37245251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain prodocs.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"prodocs.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])prodocs\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain prodocs.tech"; dns.query; content:"prodocs.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-])prodocs\.tech$/i"; classtype:trojan-activity; sid:37245261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain prodocs.tech"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"prodocs.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])prodocs\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain psnv.store"; dns.query; content:"psnv.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])psnv\.store$/i"; classtype:trojan-activity; sid:37245271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain psnv.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"psnv.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])psnv\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain pvnr.online"; dns.query; content:"pvnr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])pvnr\.online$/i"; classtype:trojan-activity; sid:37245281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain pvnr.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pvnr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pvnr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain pvnr.store"; dns.query; content:"pvnr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])pvnr\.store$/i"; classtype:trojan-activity; sid:37245291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain pvnr.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pvnr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pvnr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain scenv.cloud"; dns.query; content:"scenv.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])scenv\.cloud$/i"; classtype:trojan-activity; sid:37245301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain scenv.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"scenv.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])scenv\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain scnr.store"; dns.query; content:"scnr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])scnr\.store$/i"; classtype:trojan-activity; sid:37245311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain scnr.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"scnr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])scnr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain sdoc-kr.cloud"; dns.query; content:"sdoc-kr.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])sdoc\-kr\.cloud$/i"; classtype:trojan-activity; sid:37245321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain sdoc-kr.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sdoc-kr.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sdoc\-kr\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain sdoc-kr.host"; dns.query; content:"sdoc-kr.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])sdoc\-kr\.host$/i"; classtype:trojan-activity; sid:37245331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain sdoc-kr.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sdoc-kr.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sdoc\-kr\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain sdoc.cloud"; dns.query; content:"sdoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])sdoc\.cloud$/i"; classtype:trojan-activity; sid:37245341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain sdoc.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sdoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sdoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain shnvr.store"; dns.query; content:"shnvr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])shnvr\.store$/i"; classtype:trojan-activity; sid:37245351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain shnvr.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"shnvr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])shnvr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain sknet.space"; dns.query; content:"sknet.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])sknet\.space$/i"; classtype:trojan-activity; sid:37245361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain sknet.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sknet.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sknet\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain sknet.store"; dns.query; content:"sknet.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])sknet\.store$/i"; classtype:trojan-activity; sid:37245371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain sknet.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sknet.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sknet\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain srcnv.icu"; dns.query; content:"srcnv.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-])srcnv\.icu$/i"; classtype:trojan-activity; sid:37245381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain srcnv.icu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"srcnv.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])srcnv\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ssnv.cloud"; dns.query; content:"ssnv.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])ssnv\.cloud$/i"; classtype:trojan-activity; sid:37245391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ssnv.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ssnv.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ssnv\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain stnv.online"; dns.query; content:"stnv.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])stnv\.online$/i"; classtype:trojan-activity; sid:37245401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain stnv.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stnv.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stnv\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain stnv.site"; dns.query; content:"stnv.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])stnv\.site$/i"; classtype:trojan-activity; sid:37245411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain stnv.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stnv.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stnv\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain xvideos-kr.com"; dns.query; content:"xvideos-kr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])xvideos\-kr\.com$/i"; classtype:trojan-activity; sid:37245421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain xvideos-kr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xvideos-kr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xvideos\-kr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname bakingschool.belieview.com"; dns.query; content:"bakingschool.belieview.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bakingschool\.belieview\.com$/i"; classtype:trojan-activity; sid:37245431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname bakingschool.belieview.com"; flow:to_server,established; http.header; content: "Host|3a| bakingschool.belieview.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bakingschool\.belieview\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname bobae.belieview.com"; dns.query; content:"bobae.belieview.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bobae\.belieview\.com$/i"; classtype:trojan-activity; sid:37245441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname bobae.belieview.com"; flow:to_server,established; http.header; content: "Host|3a| bobae.belieview.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bobae\.belieview\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname cpanel.ncloud.host"; dns.query; content:"cpanel.ncloud.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cpanel\.ncloud\.host$/i"; classtype:trojan-activity; sid:37245451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname cpanel.ncloud.host"; flow:to_server,established; http.header; content: "Host|3a| cpanel.ncloud.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cpanel\.ncloud\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname daum.belieview.com"; dns.query; content:"daum.belieview.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])daum\.belieview\.com$/i"; classtype:trojan-activity; sid:37245461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname daum.belieview.com"; flow:to_server,established; http.header; content: "Host|3a| daum.belieview.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])daum\.belieview\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname dev.ndoc-kr.space"; dns.query; content:"dev.ndoc-kr.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\.ndoc\-kr\.space$/i"; classtype:trojan-activity; sid:37245471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname dev.ndoc-kr.space"; flow:to_server,established; http.header; content: "Host|3a| dev.ndoc-kr.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\.ndoc\-kr\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname dmarc.edoc-kr.online"; dns.query; content:"dmarc.edoc-kr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dmarc\.edoc\-kr\.online$/i"; classtype:trojan-activity; sid:37245481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname dmarc.edoc-kr.online"; flow:to_server,established; http.header; content: "Host|3a| dmarc.edoc-kr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dmarc\.edoc\-kr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.acckr.online"; dns.query; content:"edocs.acckr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.acckr\.online$/i"; classtype:trojan-activity; sid:37245491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.acckr.online"; flow:to_server,established; http.header; content: "Host|3a| edocs.acckr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.acckr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.acckr.store"; dns.query; content:"edocs.acckr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.acckr\.store$/i"; classtype:trojan-activity; sid:37245501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.acckr.store"; flow:to_server,established; http.header; content: "Host|3a| edocs.acckr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.acckr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.cenv.store"; dns.query; content:"edocs.cenv.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.cenv\.store$/i"; classtype:trojan-activity; sid:37245511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.cenv.store"; flow:to_server,established; http.header; content: "Host|3a| edocs.cenv.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.cenv\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.cnkr.online"; dns.query; content:"edocs.cnkr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.cnkr\.online$/i"; classtype:trojan-activity; sid:37245521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.cnkr.online"; flow:to_server,established; http.header; content: "Host|3a| edocs.cnkr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.cnkr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.cnkr.store"; dns.query; content:"edocs.cnkr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.cnkr\.store$/i"; classtype:trojan-activity; sid:37245531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.cnkr.store"; flow:to_server,established; http.header; content: "Host|3a| edocs.cnkr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.cnkr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.ecnv.site"; dns.query; content:"edocs.ecnv.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.ecnv\.site$/i"; classtype:trojan-activity; sid:37245541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.ecnv.site"; flow:to_server,established; http.header; content: "Host|3a| edocs.ecnv.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.ecnv\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.krcp.online"; dns.query; content:"edocs.krcp.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.krcp\.online$/i"; classtype:trojan-activity; sid:37245551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.krcp.online"; flow:to_server,established; http.header; content: "Host|3a| edocs.krcp.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.krcp\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.krcp.store"; dns.query; content:"edocs.krcp.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.krcp\.store$/i"; classtype:trojan-activity; sid:37245561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.krcp.store"; flow:to_server,established; http.header; content: "Host|3a| edocs.krcp.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.krcp\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.nbkr.space"; dns.query; content:"edocs.nbkr.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nbkr\.space$/i"; classtype:trojan-activity; sid:37245571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.nbkr.space"; flow:to_server,established; http.header; content: "Host|3a| edocs.nbkr.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nbkr\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.nckr.space"; dns.query; content:"edocs.nckr.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nckr\.space$/i"; classtype:trojan-activity; sid:37245581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.nckr.space"; flow:to_server,established; http.header; content: "Host|3a| edocs.nckr.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nckr\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.nscentre.online"; dns.query; content:"edocs.nscentre.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nscentre\.online$/i"; classtype:trojan-activity; sid:37245591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.nscentre.online"; flow:to_server,established; http.header; content: "Host|3a| edocs.nscentre.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nscentre\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.nskr.space"; dns.query; content:"edocs.nskr.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nskr\.space$/i"; classtype:trojan-activity; sid:37245601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.nskr.space"; flow:to_server,established; http.header; content: "Host|3a| edocs.nskr.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nskr\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.nvclup.store"; dns.query; content:"edocs.nvclup.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvclup\.store$/i"; classtype:trojan-activity; sid:37245611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.nvclup.store"; flow:to_server,established; http.header; content: "Host|3a| edocs.nvclup.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvclup\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.nvkr.store"; dns.query; content:"edocs.nvkr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvkr\.store$/i"; classtype:trojan-activity; sid:37245621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.nvkr.store"; flow:to_server,established; http.header; content: "Host|3a| edocs.nvkr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvkr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.nvpr.info"; dns.query; content:"edocs.nvpr.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvpr\.info$/i"; classtype:trojan-activity; sid:37245631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.nvpr.info"; flow:to_server,established; http.header; content: "Host|3a| edocs.nvpr.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvpr\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.nvpro.art"; dns.query; content:"edocs.nvpro.art"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvpro\.art$/i"; classtype:trojan-activity; sid:37245641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.nvpro.art"; flow:to_server,established; http.header; content: "Host|3a| edocs.nvpro.art"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvpro\.art[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.nvpro.info"; dns.query; content:"edocs.nvpro.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvpro\.info$/i"; classtype:trojan-activity; sid:37245651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.nvpro.info"; flow:to_server,established; http.header; content: "Host|3a| edocs.nvpro.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvpro\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.nvsc.cloud"; dns.query; content:"edocs.nvsc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvsc\.cloud$/i"; classtype:trojan-activity; sid:37245661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.nvsc.cloud"; flow:to_server,established; http.header; content: "Host|3a| edocs.nvsc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvsc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.nvsc.press"; dns.query; content:"edocs.nvsc.press"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvsc\.press$/i"; classtype:trojan-activity; sid:37245671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.nvsc.press"; flow:to_server,established; http.header; content: "Host|3a| edocs.nvsc.press"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.nvsc\.press[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.sdoc.cloud"; dns.query; content:"edocs.sdoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.sdoc\.cloud$/i"; classtype:trojan-activity; sid:37245681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.sdoc.cloud"; flow:to_server,established; http.header; content: "Host|3a| edocs.sdoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.sdoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.shnvr.store"; dns.query; content:"edocs.shnvr.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.shnvr\.store$/i"; classtype:trojan-activity; sid:37245691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.shnvr.store"; flow:to_server,established; http.header; content: "Host|3a| edocs.shnvr.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.shnvr\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname edocs.stnv.online"; dns.query; content:"edocs.stnv.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.stnv\.online$/i"; classtype:trojan-activity; sid:37245701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname edocs.stnv.online"; flow:to_server,established; http.header; content: "Host|3a| edocs.stnv.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edocs\.stnv\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname emv1.prodocs.tech"; dns.query; content:"emv1.prodocs.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.prodocs\.tech$/i"; classtype:trojan-activity; sid:37245711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname emv1.prodocs.tech"; flow:to_server,established; http.header; content: "Host|3a| emv1.prodocs.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.prodocs\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname mta-sts.prodocs.tech"; dns.query; content:"mta-sts.prodocs.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.prodocs\.tech$/i"; classtype:trojan-activity; sid:37245721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname mta-sts.prodocs.tech"; flow:to_server,established; http.header; content: "Host|3a| mta-sts.prodocs.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.prodocs\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname naver.belieview.com"; dns.query; content:"naver.belieview.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.belieview\.com$/i"; classtype:trojan-activity; sid:37245731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname naver.belieview.com"; flow:to_server,established; http.header; content: "Host|3a| naver.belieview.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.belieview\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname ncentral.ncloud.host"; dns.query; content:"ncentral.ncloud.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ncentral\.ncloud\.host$/i"; classtype:trojan-activity; sid:37245741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname ncentral.ncloud.host"; flow:to_server,established; http.header; content: "Host|3a| ncentral.ncloud.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ncentral\.ncloud\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname noc.ncloud.host"; dns.query; content:"noc.ncloud.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])noc\.ncloud\.host$/i"; classtype:trojan-activity; sid:37245751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname noc.ncloud.host"; flow:to_server,established; http.header; content: "Host|3a| noc.ncloud.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])noc\.ncloud\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname ns1.ncloud.host"; dns.query; content:"ns1.ncloud.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ns1\.ncloud\.host$/i"; classtype:trojan-activity; sid:37245761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname ns1.ncloud.host"; flow:to_server,established; http.header; content: "Host|3a| ns1.ncloud.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ns1\.ncloud\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname ns2.ncloud.host"; dns.query; content:"ns2.ncloud.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ns2\.ncloud\.host$/i"; classtype:trojan-activity; sid:37245771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname ns2.ncloud.host"; flow:to_server,established; http.header; content: "Host|3a| ns2.ncloud.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ns2\.ncloud\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname owa.mngkr.fun"; dns.query; content:"owa.mngkr.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])owa\.mngkr\.fun$/i"; classtype:trojan-activity; sid:37245781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname owa.mngkr.fun"; flow:to_server,established; http.header; content: "Host|3a| owa.mngkr.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])owa\.mngkr\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname postgresql.edkcloud.cloud"; dns.query; content:"postgresql.edkcloud.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])postgresql\.edkcloud\.cloud$/i"; classtype:trojan-activity; sid:37245791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname postgresql.edkcloud.cloud"; flow:to_server,established; http.header; content: "Host|3a| postgresql.edkcloud.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])postgresql\.edkcloud\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname postmaster.edkcloud.cloud"; dns.query; content:"postmaster.edkcloud.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])postmaster\.edkcloud\.cloud$/i"; classtype:trojan-activity; sid:37245801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname postmaster.edkcloud.cloud"; flow:to_server,established; http.header; content: "Host|3a| postmaster.edkcloud.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])postmaster\.edkcloud\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname quasarzone.belieview.com"; dns.query; content:"quasarzone.belieview.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quasarzone\.belieview\.com$/i"; classtype:trojan-activity; sid:37245811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname quasarzone.belieview.com"; flow:to_server,established; http.header; content: "Host|3a| quasarzone.belieview.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quasarzone\.belieview\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname shop.sdoc-kr.host"; dns.query; content:"shop.sdoc-kr.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shop\.sdoc\-kr\.host$/i"; classtype:trojan-activity; sid:37245821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname shop.sdoc-kr.host"; flow:to_server,established; http.header; content: "Host|3a| shop.sdoc-kr.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shop\.sdoc\-kr\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname superset.mnksc.host"; dns.query; content:"superset.mnksc.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])superset\.mnksc\.host$/i"; classtype:trojan-activity; sid:37245831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname superset.mnksc.host"; flow:to_server,established; http.header; content: "Host|3a| superset.mnksc.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])superset\.mnksc\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname tsc.estnv.online"; dns.query; content:"tsc.estnv.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.estnv\.online$/i"; classtype:trojan-activity; sid:37245841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname tsc.estnv.online"; flow:to_server,established; http.header; content: "Host|3a| tsc.estnv.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.estnv\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname tsc.estnv.store"; dns.query; content:"tsc.estnv.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.estnv\.store$/i"; classtype:trojan-activity; sid:37245851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname tsc.estnv.store"; flow:to_server,established; http.header; content: "Host|3a| tsc.estnv.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.estnv\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname tsc.gemnv.online"; dns.query; content:"tsc.gemnv.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.gemnv\.online$/i"; classtype:trojan-activity; sid:37245861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname tsc.gemnv.online"; flow:to_server,established; http.header; content: "Host|3a| tsc.gemnv.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.gemnv\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname tsc.hnsc.space"; dns.query; content:"tsc.hnsc.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.hnsc\.space$/i"; classtype:trojan-activity; sid:37245871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname tsc.hnsc.space"; flow:to_server,established; http.header; content: "Host|3a| tsc.hnsc.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.hnsc\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname tsc.mnvsc.online"; dns.query; content:"tsc.mnvsc.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.mnvsc\.online$/i"; classtype:trojan-activity; sid:37245881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname tsc.mnvsc.online"; flow:to_server,established; http.header; content: "Host|3a| tsc.mnvsc.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.mnvsc\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname tsc.ncloud.host"; dns.query; content:"tsc.ncloud.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.ncloud\.host$/i"; classtype:trojan-activity; sid:37245891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname tsc.ncloud.host"; flow:to_server,established; http.header; content: "Host|3a| tsc.ncloud.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.ncloud\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname tsc.ncloud.uno"; dns.query; content:"tsc.ncloud.uno"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.ncloud\.uno$/i"; classtype:trojan-activity; sid:37245901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname tsc.ncloud.uno"; flow:to_server,established; http.header; content: "Host|3a| tsc.ncloud.uno"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.ncloud\.uno[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname tsc.ncvts.online"; dns.query; content:"tsc.ncvts.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.ncvts\.online$/i"; classtype:trojan-activity; sid:37245911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname tsc.ncvts.online"; flow:to_server,established; http.header; content: "Host|3a| tsc.ncvts.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.ncvts\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname tsc.ncvts.store"; dns.query; content:"tsc.ncvts.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.ncvts\.store$/i"; classtype:trojan-activity; sid:37245921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname tsc.ncvts.store"; flow:to_server,established; http.header; content: "Host|3a| tsc.ncvts.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tsc\.ncvts\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.edkcloud.cloud"; dns.query; content:"view.edkcloud.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.edkcloud\.cloud$/i"; classtype:trojan-activity; sid:37245931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.edkcloud.cloud"; flow:to_server,established; http.header; content: "Host|3a| view.edkcloud.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.edkcloud\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.edocs-nv.space"; dns.query; content:"view.edocs-nv.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.edocs\-nv\.space$/i"; classtype:trojan-activity; sid:37245941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.edocs-nv.space"; flow:to_server,established; http.header; content: "Host|3a| view.edocs-nv.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.edocs\-nv\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.mngkr.cloud"; dns.query; content:"view.mngkr.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mngkr\.cloud$/i"; classtype:trojan-activity; sid:37245951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.mngkr.cloud"; flow:to_server,established; http.header; content: "Host|3a| view.mngkr.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mngkr\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.mngkr.fun"; dns.query; content:"view.mngkr.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mngkr\.fun$/i"; classtype:trojan-activity; sid:37245961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.mngkr.fun"; flow:to_server,established; http.header; content: "Host|3a| view.mngkr.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mngkr\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.mngkr.host"; dns.query; content:"view.mngkr.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mngkr\.host$/i"; classtype:trojan-activity; sid:37245971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.mngkr.host"; flow:to_server,established; http.header; content: "Host|3a| view.mngkr.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mngkr\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.mnsvc.icu"; dns.query; content:"view.mnsvc.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mnsvc\.icu$/i"; classtype:trojan-activity; sid:37245981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.mnsvc.icu"; flow:to_server,established; http.header; content: "Host|3a| view.mnsvc.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mnsvc\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.mnsvc.tech"; dns.query; content:"view.mnsvc.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mnsvc\.tech$/i"; classtype:trojan-activity; sid:37245991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.mnsvc.tech"; flow:to_server,established; http.header; content: "Host|3a| view.mnsvc.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mnsvc\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37245992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nhis-cloud.online"; dns.query; content:"view.nhis-cloud.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhis\-cloud\.online$/i"; classtype:trojan-activity; sid:37246001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nhis-cloud.online"; flow:to_server,established; http.header; content: "Host|3a| view.nhis-cloud.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhis\-cloud\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nhis-cloud.site"; dns.query; content:"view.nhis-cloud.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhis\-cloud\.site$/i"; classtype:trojan-activity; sid:37246011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nhis-cloud.site"; flow:to_server,established; http.header; content: "Host|3a| view.nhis-cloud.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhis\-cloud\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nhis-doc.store"; dns.query; content:"view.nhis-doc.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhis\-doc\.store$/i"; classtype:trojan-activity; sid:37246021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nhis-doc.store"; flow:to_server,established; http.header; content: "Host|3a| view.nhis-doc.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhis\-doc\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nhis-edoc.cloud"; dns.query; content:"view.nhis-edoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhis\-edoc\.cloud$/i"; classtype:trojan-activity; sid:37246031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nhis-edoc.cloud"; flow:to_server,established; http.header; content: "Host|3a| view.nhis-edoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhis\-edoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nhiskr.cloud"; dns.query; content:"view.nhiskr.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhiskr\.cloud$/i"; classtype:trojan-activity; sid:37246041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nhiskr.cloud"; flow:to_server,established; http.header; content: "Host|3a| view.nhiskr.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhiskr\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nhiskr.online"; dns.query; content:"view.nhiskr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhiskr\.online$/i"; classtype:trojan-activity; sid:37246051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nhiskr.online"; flow:to_server,established; http.header; content: "Host|3a| view.nhiskr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhiskr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nhiskr.site"; dns.query; content:"view.nhiskr.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhiskr\.site$/i"; classtype:trojan-activity; sid:37246061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nhiskr.site"; flow:to_server,established; http.header; content: "Host|3a| view.nhiskr.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhiskr\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nhiskr.tech"; dns.query; content:"view.nhiskr.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhiskr\.tech$/i"; classtype:trojan-activity; sid:37246071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nhiskr.tech"; flow:to_server,established; http.header; content: "Host|3a| view.nhiskr.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhiskr\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nhissvc.space"; dns.query; content:"view.nhissvc.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhissvc\.space$/i"; classtype:trojan-activity; sid:37246081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nhissvc.space"; flow:to_server,established; http.header; content: "Host|3a| view.nhissvc.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhissvc\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nhskr.online"; dns.query; content:"view.nhskr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhskr\.online$/i"; classtype:trojan-activity; sid:37246091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nhskr.online"; flow:to_server,established; http.header; content: "Host|3a| view.nhskr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhskr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nldoc-kr.cloud"; dns.query; content:"view.nldoc-kr.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nldoc\-kr\.cloud$/i"; classtype:trojan-activity; sid:37246101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nldoc-kr.cloud"; flow:to_server,established; http.header; content: "Host|3a| view.nldoc-kr.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nldoc\-kr\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nmsvc.online"; dns.query; content:"view.nmsvc.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nmsvc\.online$/i"; classtype:trojan-activity; sid:37246111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nmsvc.online"; flow:to_server,established; http.header; content: "Host|3a| view.nmsvc.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nmsvc\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nqcloud-edoc.site"; dns.query; content:"view.nqcloud-edoc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nqcloud\-edoc\.site$/i"; classtype:trojan-activity; sid:37246121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nqcloud-edoc.site"; flow:to_server,established; http.header; content: "Host|3a| view.nqcloud-edoc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nqcloud\-edoc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nsrv.link"; dns.query; content:"view.nsrv.link"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nsrv\.link$/i"; classtype:trojan-activity; sid:37246131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nsrv.link"; flow:to_server,established; http.header; content: "Host|3a| view.nsrv.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nsrv\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nsrv.store"; dns.query; content:"view.nsrv.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nsrv\.store$/i"; classtype:trojan-activity; sid:37246141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nsrv.store"; flow:to_server,established; http.header; content: "Host|3a| view.nsrv.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nsrv\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.ntskr.online"; dns.query; content:"view.ntskr.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntskr\.online$/i"; classtype:trojan-activity; sid:37246151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.ntskr.online"; flow:to_server,established; http.header; content: "Host|3a| view.ntskr.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntskr\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nvclup.online"; dns.query; content:"view.nvclup.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nvclup\.online$/i"; classtype:trojan-activity; sid:37246161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nvclup.online"; flow:to_server,established; http.header; content: "Host|3a| view.nvclup.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nvclup\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nvclup.space"; dns.query; content:"view.nvclup.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nvclup\.space$/i"; classtype:trojan-activity; sid:37246171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nvclup.space"; flow:to_server,established; http.header; content: "Host|3a| view.nvclup.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nvclup\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nvclup.store"; dns.query; content:"view.nvclup.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nvclup\.store$/i"; classtype:trojan-activity; sid:37246181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nvclup.store"; flow:to_server,established; http.header; content: "Host|3a| view.nvclup.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nvclup\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname view.nvdocs.store"; dns.query; content:"view.nvdocs.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nvdocs\.store$/i"; classtype:trojan-activity; sid:37246191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname view.nvdocs.store"; flow:to_server,established; http.header; content: "Host|3a| view.nvdocs.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nvdocs\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname viewer.edkcloud.cloud"; dns.query; content:"viewer.edkcloud.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])viewer\.edkcloud\.cloud$/i"; classtype:trojan-activity; sid:37246201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname viewer.edkcloud.cloud"; flow:to_server,established; http.header; content: "Host|3a| viewer.edkcloud.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])viewer\.edkcloud\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname webdisk.ncloud.host"; dns.query; content:"webdisk.ncloud.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webdisk\.ncloud\.host$/i"; classtype:trojan-activity; sid:37246211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname webdisk.ncloud.host"; flow:to_server,established; http.header; content: "Host|3a| webdisk.ncloud.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webdisk\.ncloud\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL ek.com/js/sub/aos/dull/down1/r_enc.bin"; flow:to_server,established; http.uri; content:"ek.com/js/sub/aos/dull/down1/r_enc.bin"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL ek.com/js/sub/aos/dull/down1/show.php"; flow:to_server,established; http.uri; content:"ek.com/js/sub/aos/dull/down1/show.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL kyungdaek.com/js/sub/aos/dull/down1/123.hwp"; flow:to_server,established; http.uri; content:"kyungdaek.com/js/sub/aos/dull/down1/123.hwp"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL kyungdaek.com/js/sub/aos/dull/down1/lib.php"; flow:to_server,established; http.uri; content:"kyungdaek.com/js/sub/aos/dull/down1/lib.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL kyungdaek.com/js/sub/aos/dull/down1/list.php"; flow:to_server,established; http.uri; content:"kyungdaek.com/js/sub/aos/dull/down1/list.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL kyungdaek.com/js/sub/aos/dull/down1/r_enc.bin"; flow:to_server,established; http.uri; content:"kyungdaek.com/js/sub/aos/dull/down1/r_enc.bin"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL meatalk.com/pg/adm/tdr/upi/down0/lib.php"; flow:to_server,established; http.uri; content:"meatalk.com/pg/adm/tdr/upi/down0/lib.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL meatalk.com/pg/adm/tdr/upi/down0/list.php"; flow:to_server,established; http.uri; content:"meatalk.com/pg/adm/tdr/upi/down0/list.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL meatalk.com/pg/adm/tdr/upi/down0/r_enc.bin"; flow:to_server,established; http.uri; content:"meatalk.com/pg/adm/tdr/upi/down0/r_enc.bin"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL meatalk.com/pg/adm/tdr/upi/down0/show.php"; flow:to_server,established; http.uri; content:"meatalk.com/pg/adm/tdr/upi/down0/show.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL siloamclinic.com/js/slick/up/down0/lib.php"; flow:to_server,established; http.uri; content:"siloamclinic.com/js/slick/up/down0/lib.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL siloamclinic.com/js/slick/up/down0/list.php"; flow:to_server,established; http.uri; content:"siloamclinic.com/js/slick/up/down0/list.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL siloamclinic.com/js/slick/up/down0/show.php"; flow:to_server,established; http.uri; content:"siloamclinic.com/js/slick/up/down0/show.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL siloamclinic.com/js/slick/up/down1/r_enc.bin"; flow:to_server,established; http.uri; content:"siloamclinic.com/js/slick/up/down1/r_enc.bin"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing URL vwellpain.com/js/sub/up/down1/r_enc.bin"; flow:to_server,established; http.uri; content:"vwellpain.com/js/sub/up/down1/r_enc.bin"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37246361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain naaverascorp.com"; dns.query; content:"naaverascorp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naaverascorp\.com$/i"; classtype:trojan-activity; sid:37246371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain naaverascorp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naaverascorp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naaverascorp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain navearcorps.help"; dns.query; content:"navearcorps.help"; nocase; pcre: "/(^|[^A-Za-z0-9-])navearcorps\.help$/i"; classtype:trojan-activity; sid:37246381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain navearcorps.help"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"navearcorps.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])navearcorps\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidnaavers.com"; dns.query; content:"nidnaavers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidnaavers\.com$/i"; classtype:trojan-activity; sid:37246391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidnaavers.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidnaavers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidnaavers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidnaveasrv.help"; dns.query; content:"nidnaveasrv.help"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidnaveasrv\.help$/i"; classtype:trojan-activity; sid:37246401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidnaveasrv.help"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidnaveasrv.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidnaveasrv\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidnavesecorp.help"; dns.query; content:"nidnavesecorp.help"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidnavesecorp\.help$/i"; classtype:trojan-activity; sid:37246411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidnavesecorp.help"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidnavesecorp.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidnavesecorp\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ninavaracorp.site"; dns.query; content:"ninavaracorp.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ninavaracorp\.site$/i"; classtype:trojan-activity; sid:37246421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ninavaracorp.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ninavaracorp.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ninavaracorp\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nts-info.website"; dns.query; content:"nts-info.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-info\.website$/i"; classtype:trojan-activity; sid:37246431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nts-info.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nts-info.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-info\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nts-mailer.website"; dns.query; content:"nts-mailer.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-mailer\.website$/i"; classtype:trojan-activity; sid:37246441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nts-mailer.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nts-mailer.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-mailer\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nts-news.website"; dns.query; content:"nts-news.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-news\.website$/i"; classtype:trojan-activity; sid:37246451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nts-news.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nts-news.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-news\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nts-poster.website"; dns.query; content:"nts-poster.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-poster\.website$/i"; classtype:trojan-activity; sid:37246461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nts-poster.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nts-poster.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-poster\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nts-viewer.store"; dns.query; content:"nts-viewer.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-viewer\.store$/i"; classtype:trojan-activity; sid:37246471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nts-viewer.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nts-viewer.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-viewer\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsmailing.website"; dns.query; content:"ntsmailing.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmailing\.website$/i"; classtype:trojan-activity; sid:37246481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsmailing.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsmailing.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmailing\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsmails.store"; dns.query; content:"ntsmails.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmails\.store$/i"; classtype:trojan-activity; sid:37246491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsmails.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsmails.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmails\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsviews.store"; dns.query; content:"ntsviews.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsviews\.store$/i"; classtype:trojan-activity; sid:37246501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsviews.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsviews.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsviews\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname api.infonavera.com"; dns.query; content:"api.infonavera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])api\.infonavera\.com$/i"; classtype:trojan-activity; sid:37246511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname api.infonavera.com"; flow:to_server,established; http.header; content: "Host|3a| api.infonavera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])api\.infonavera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname cc.naversinfo.help"; dns.query; content:"cc.naversinfo.help"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cc\.naversinfo\.help$/i"; classtype:trojan-activity; sid:37246521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname cc.naversinfo.help"; flow:to_server,established; http.header; content: "Host|3a| cc.naversinfo.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cc\.naversinfo\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname cc.nidnavescorp.help"; dns.query; content:"cc.nidnavescorp.help"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cc\.nidnavescorp\.help$/i"; classtype:trojan-activity; sid:37246531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname cc.nidnavescorp.help"; flow:to_server,established; http.header; content: "Host|3a| cc.nidnavescorp.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cc\.nidnavescorp\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname cc.nidnavesecorp.help"; dns.query; content:"cc.nidnavesecorp.help"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cc\.nidnavesecorp\.help$/i"; classtype:trojan-activity; sid:37246541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname cc.nidnavesecorp.help"; flow:to_server,established; http.header; content: "Host|3a| cc.nidnavesecorp.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cc\.nidnavesecorp\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname ccid.infonavera.com"; dns.query; content:"ccid.infonavera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ccid\.infonavera\.com$/i"; classtype:trojan-activity; sid:37246551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname ccid.infonavera.com"; flow:to_server,established; http.header; content: "Host|3a| ccid.infonavera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ccid\.infonavera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname cs.kakaocop.eu"; dns.query; content:"cs.kakaocop.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cs\.kakaocop\.eu$/i"; classtype:trojan-activity; sid:37246561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname cs.kakaocop.eu"; flow:to_server,established; http.header; content: "Host|3a| cs.kakaocop.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cs\.kakaocop\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname dev.infonavera.com"; dns.query; content:"dev.infonavera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\.infonavera\.com$/i"; classtype:trojan-activity; sid:37246571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname dev.infonavera.com"; flow:to_server,established; http.header; content: "Host|3a| dev.infonavera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\.infonavera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname idv.kakaocop.eu"; dns.query; content:"idv.kakaocop.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])idv\.kakaocop\.eu$/i"; classtype:trojan-activity; sid:37246581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname idv.kakaocop.eu"; flow:to_server,established; http.header; content: "Host|3a| idv.kakaocop.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])idv\.kakaocop\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname lcs.navearcorps.help"; dns.query; content:"lcs.navearcorps.help"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.navearcorps\.help$/i"; classtype:trojan-activity; sid:37246591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname lcs.navearcorps.help"; flow:to_server,established; http.header; content: "Host|3a| lcs.navearcorps.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.navearcorps\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname lcs.naversinfo.help"; dns.query; content:"lcs.naversinfo.help"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.naversinfo\.help$/i"; classtype:trojan-activity; sid:37246601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname lcs.naversinfo.help"; flow:to_server,established; http.header; content: "Host|3a| lcs.naversinfo.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.naversinfo\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname lcs.nidnavesecorp.help"; dns.query; content:"lcs.nidnavesecorp.help"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.nidnavesecorp\.help$/i"; classtype:trojan-activity; sid:37246611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname lcs.nidnavesecorp.help"; flow:to_server,established; http.header; content: "Host|3a| lcs.nidnavesecorp.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.nidnavesecorp\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname lcsid.infonavera.com"; dns.query; content:"lcsid.infonavera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcsid\.infonavera\.com$/i"; classtype:trojan-activity; sid:37246621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname lcsid.infonavera.com"; flow:to_server,established; http.header; content: "Host|3a| lcsid.infonavera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcsid\.infonavera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname login.infonavera.com"; dns.query; content:"login.infonavera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.infonavera\.com$/i"; classtype:trojan-activity; sid:37246631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname login.infonavera.com"; flow:to_server,established; http.header; content: "Host|3a| login.infonavera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.infonavera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname m.infonavera.com"; dns.query; content:"m.infonavera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.infonavera\.com$/i"; classtype:trojan-activity; sid:37246641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname m.infonavera.com"; flow:to_server,established; http.header; content: "Host|3a| m.infonavera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.infonavera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname mailid.infonavera.com"; dns.query; content:"mailid.infonavera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailid\.infonavera\.com$/i"; classtype:trojan-activity; sid:37246651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname mailid.infonavera.com"; flow:to_server,established; http.header; content: "Host|3a| mailid.infonavera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailid\.infonavera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname mailid.nidnaavers.com"; dns.query; content:"mailid.nidnaavers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailid\.nidnaavers\.com$/i"; classtype:trojan-activity; sid:37246661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname mailid.nidnaavers.com"; flow:to_server,established; http.header; content: "Host|3a| mailid.nidnaavers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailid\.nidnaavers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname nid.infonavera.com"; dns.query; content:"nid.infonavera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.infonavera\.com$/i"; classtype:trojan-activity; sid:37246671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname nid.infonavera.com"; flow:to_server,established; http.header; content: "Host|3a| nid.infonavera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.infonavera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname nid.navearcorps.help"; dns.query; content:"nid.navearcorps.help"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.navearcorps\.help$/i"; classtype:trojan-activity; sid:37246681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname nid.navearcorps.help"; flow:to_server,established; http.header; content: "Host|3a| nid.navearcorps.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.navearcorps\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname nid.naversinfo.help"; dns.query; content:"nid.naversinfo.help"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.naversinfo\.help$/i"; classtype:trojan-activity; sid:37246691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname nid.naversinfo.help"; flow:to_server,established; http.header; content: "Host|3a| nid.naversinfo.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.naversinfo\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname nid.nidnaavers.com"; dns.query; content:"nid.nidnaavers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.nidnaavers\.com$/i"; classtype:trojan-activity; sid:37246701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname nid.nidnaavers.com"; flow:to_server,established; http.header; content: "Host|3a| nid.nidnaavers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.nidnaavers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname nid.nidnavesecorp.help"; dns.query; content:"nid.nidnavesecorp.help"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.nidnavesecorp\.help$/i"; classtype:trojan-activity; sid:37246711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname nid.nidnavesecorp.help"; flow:to_server,established; http.header; content: "Host|3a| nid.nidnavesecorp.help"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.nidnavesecorp\.help[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname nid.ninavaracorp.site"; dns.query; content:"nid.ninavaracorp.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.ninavaracorp\.site$/i"; classtype:trojan-activity; sid:37246721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname nid.ninavaracorp.site"; flow:to_server,established; http.header; content: "Host|3a| nid.ninavaracorp.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nid\.ninavaracorp\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname sslid.infonavera.com"; dns.query; content:"sslid.infonavera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sslid\.infonavera\.com$/i"; classtype:trojan-activity; sid:37246731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname sslid.infonavera.com"; flow:to_server,established; http.header; content: "Host|3a| sslid.infonavera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sslid\.infonavera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname stage.infonavera.com"; dns.query; content:"stage.infonavera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stage\.infonavera\.com$/i"; classtype:trojan-activity; sid:37246741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname stage.infonavera.com"; flow:to_server,established; http.header; content: "Host|3a| stage.infonavera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stage\.infonavera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname staticnidid.nidnaavers.com"; dns.query; content:"staticnidid.nidnaavers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])staticnidid\.nidnaavers\.com$/i"; classtype:trojan-activity; sid:37246751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname staticnidid.nidnaavers.com"; flow:to_server,established; http.header; content: "Host|3a| staticnidid.nidnaavers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])staticnidid\.nidnaavers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain memconfirm.info"; dns.query; content:"memconfirm.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])memconfirm\.info$/i"; classtype:trojan-activity; sid:37246761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain memconfirm.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"memconfirm.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])memconfirm\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidconfirms.info"; dns.query; content:"nidconfirms.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidconfirms\.info$/i"; classtype:trojan-activity; sid:37246771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidconfirms.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidconfirms.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidconfirms\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidcorp.info"; dns.query; content:"nidcorp.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidcorp\.info$/i"; classtype:trojan-activity; sid:37246781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidcorp.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidcorp.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidcorp\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidcorpmember.info"; dns.query; content:"nidcorpmember.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidcorpmember\.info$/i"; classtype:trojan-activity; sid:37246791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidcorpmember.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidcorpmember.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidcorpmember\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidmember.info"; dns.query; content:"nidmember.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidmember\.info$/i"; classtype:trojan-activity; sid:37246801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidmember.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidmember.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidmember\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidmemcorp.info"; dns.query; content:"nidmemcorp.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidmemcorp\.info$/i"; classtype:trojan-activity; sid:37246811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidmemcorp.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidmemcorp.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidmemcorp\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain niduserna.site"; dns.query; content:"niduserna.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])niduserna\.site$/i"; classtype:trojan-activity; sid:37246821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain niduserna.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"niduserna.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])niduserna\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidusersncorp.site"; dns.query; content:"nidusersncorp.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidusersncorp\.site$/i"; classtype:trojan-activity; sid:37246831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidusersncorp.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidusersncorp.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidusersncorp\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidusertn.site"; dns.query; content:"nidusertn.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidusertn\.site$/i"; classtype:trojan-activity; sid:37246841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidusertn.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidusertn.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidusertn\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidusrecorp.site"; dns.query; content:"nidusrecorp.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidusrecorp\.site$/i"; classtype:trojan-activity; sid:37246851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidusrecorp.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidusrecorp.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidusrecorp\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidusrnscorp.site"; dns.query; content:"nidusrnscorp.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidusrnscorp\.site$/i"; classtype:trojan-activity; sid:37246861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidusrnscorp.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidusrnscorp.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidusrnscorp\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain nidusrstecorp.site"; dns.query; content:"nidusrstecorp.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidusrstecorp\.site$/i"; classtype:trojan-activity; sid:37246871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain nidusrstecorp.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidusrstecorp.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidusrstecorp\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain shares-view.com"; dns.query; content:"shares-view.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])shares\-view\.com$/i"; classtype:trojan-activity; sid:37246881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain shares-view.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"shares-view.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])shares\-view\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain transfer-dosi.world"; dns.query; content:"transfer-dosi.world"; nocase; pcre: "/(^|[^A-Za-z0-9-])transfer\-dosi\.world$/i"; classtype:trojan-activity; sid:37246891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain transfer-dosi.world"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"transfer-dosi.world"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])transfer\-dosi\.world[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain userconfs.info"; dns.query; content:"userconfs.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])userconfs\.info$/i"; classtype:trojan-activity; sid:37246901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain userconfs.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"userconfs.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])userconfs\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname cc.userchecks.info"; dns.query; content:"cc.userchecks.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cc\.userchecks\.info$/i"; classtype:trojan-activity; sid:37246911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname cc.userchecks.info"; flow:to_server,established; http.header; content: "Host|3a| cc.userchecks.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cc\.userchecks\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname lcs.userchecks.info"; dns.query; content:"lcs.userchecks.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.userchecks\.info$/i"; classtype:trojan-activity; sid:37246921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname lcs.userchecks.info"; flow:to_server,established; http.header; content: "Host|3a| lcs.userchecks.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.userchecks\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname lcs.userconfs.info"; dns.query; content:"lcs.userconfs.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.userconfs\.info$/i"; classtype:trojan-activity; sid:37246931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname lcs.userconfs.info"; flow:to_server,established; http.header; content: "Host|3a| lcs.userconfs.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.userconfs\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname naver.nidcorp.info"; dns.query; content:"naver.nidcorp.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.nidcorp\.info$/i"; classtype:trojan-activity; sid:37246941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname naver.nidcorp.info"; flow:to_server,established; http.header; content: "Host|3a| naver.nidcorp.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.nidcorp\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname naver.nidusrecorp.site"; dns.query; content:"naver.nidusrecorp.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.nidusrecorp\.site$/i"; classtype:trojan-activity; sid:37246951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname naver.nidusrecorp.site"; flow:to_server,established; http.header; content: "Host|3a| naver.nidusrecorp.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.nidusrecorp\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname naver.userchecks.info"; dns.query; content:"naver.userchecks.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.userchecks\.info$/i"; classtype:trojan-activity; sid:37246961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname naver.userchecks.info"; flow:to_server,established; http.header; content: "Host|3a| naver.userchecks.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.userchecks\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname naver.userconfs.info"; dns.query; content:"naver.userconfs.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.userconfs\.info$/i"; classtype:trojan-activity; sid:37246971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname naver.userconfs.info"; flow:to_server,established; http.header; content: "Host|3a| naver.userconfs.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.userconfs\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Hostname wa11ets.transfer-dosi.world"; dns.query; content:"wa11ets.transfer-dosi.world"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wa11ets\.transfer\-dosi\.world$/i"; classtype:trojan-activity; sid:37246981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Hostname wa11ets.transfer-dosi.world"; flow:to_server,established; http.header; content: "Host|3a| wa11ets.transfer-dosi.world"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wa11ets\.transfer\-dosi\.world[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain myconferms.info"; dns.query; content:"myconferms.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])myconferms\.info$/i"; classtype:trojan-activity; sid:37246991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain myconferms.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"myconferms.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])myconferms\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37246992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain securitygooqles.com"; dns.query; content:"securitygooqles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])securitygooqles\.com$/i"; classtype:trojan-activity; sid:37247001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain securitygooqles.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"securitygooqles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])securitygooqles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain service-googlces.info"; dns.query; content:"service-googlces.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-googlces\.info$/i"; classtype:trojan-activity; sid:37247011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain service-googlces.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-googlces.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-googlces\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert ip $HOME_NET any -> 103.86.131.101 443 (msg: "MISP e26070 [c2,Get2] Outgoing To IP: 103.86.131.101|443"; classtype:trojan-activity; sid:37121011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsdocs.site"; dns.query; content:"ntsdocs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsdocs\.site$/i"; classtype:trojan-activity; sid:37247021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsdocs.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsdocs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsdocs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsdocs.space"; dns.query; content:"ntsdocs.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsdocs\.space$/i"; classtype:trojan-activity; sid:37247031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsdocs.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsdocs.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsdocs\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsdocs.store"; dns.query; content:"ntsdocs.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsdocs\.store$/i"; classtype:trojan-activity; sid:37247041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsdocs.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsdocs.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsdocs\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntspc.site"; dns.query; content:"ntspc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntspc\.site$/i"; classtype:trojan-activity; sid:37247051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntspc.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntspc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntspc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntstel.space"; dns.query; content:"ntstel.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntstel\.space$/i"; classtype:trojan-activity; sid:37247061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntstel.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntstel.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntstel\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert dns any any -> any any (msg: "MISP e26314 [] Domain ntsviews.space"; dns.query; content:"ntsviews.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsviews\.space$/i"; classtype:trojan-activity; sid:37247071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26314 [] Outgoing HTTP Domain ntsviews.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsviews.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsviews\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26314;) alert ip $HOME_NET any -> 66.204.14.174 4506 (msg: "MISP e26070 [c2,extreme_rat] Outgoing To IP: 66.204.14.174|4506"; classtype:trojan-activity; sid:37121021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 66.204.14.174 4506 (msg: "MISP e26227 [] Outgoing To IP: 66.204.14.174|4506"; classtype:trojan-activity; sid:37274971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 103.86.131.101 443 (msg: "MISP e26227 [] Outgoing To IP: 103.86.131.101|443"; classtype:trojan-activity; sid:37274981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.111 1289 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.111|1289"; classtype:trojan-activity; sid:37274991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.223 1288 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.223|1288"; classtype:trojan-activity; sid:37275001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.231 1288 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.231|1288"; classtype:trojan-activity; sid:37275011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.100 1311 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.100|1311"; classtype:trojan-activity; sid:37275021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.221 1311 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.221|1311"; classtype:trojan-activity; sid:37275031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.103 1311 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.103|1311"; classtype:trojan-activity; sid:37275041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.38 61616 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.38|61616"; classtype:trojan-activity; sid:37275051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.39 61616 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.39|61616"; classtype:trojan-activity; sid:37275061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.41 61616 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.41|61616"; classtype:trojan-activity; sid:37275071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.40 61616 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.40|61616"; classtype:trojan-activity; sid:37275081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.43 61616 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.43|61616"; classtype:trojan-activity; sid:37275091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.53 61616 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.53|61616"; classtype:trojan-activity; sid:37275101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.54 61616 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.54|61616"; classtype:trojan-activity; sid:37275111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.150 61616 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.150|61616"; classtype:trojan-activity; sid:37275121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.151 61616 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.151|61616"; classtype:trojan-activity; sid:37275131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.152 61616 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.152|61616"; classtype:trojan-activity; sid:37275141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.80.153 61616 (msg: "MISP e26227 [] Outgoing To IP: 5.181.80.153|61616"; classtype:trojan-activity; sid:37275151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 3.121.139.82 19762 (msg: "MISP e26227 [] Outgoing To IP: 3.121.139.82|19762"; classtype:trojan-activity; sid:37275161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26185 [] Hostname mail.acryl.gr"; dns.query; content:"mail.acryl.gr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.acryl\.gr$/i"; classtype:trojan-activity; sid:37207841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26185;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26185 [] Outgoing HTTP Hostname mail.acryl.gr"; flow:to_server,established; http.header; content: "Host|3a| mail.acryl.gr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.acryl\.gr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37207842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26185;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26185 [] Destination Email Address: logistirio1@acryl.gr"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"logistirio1@acryl.gr"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37207851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26185;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26185 [] Source Email Address: logistirio1@acryl.gr"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"logistirio1@acryl.gr"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37207861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26185;) alert ip $HOME_NET any -> 84.38.132.126 61445 (msg: "MISP e26070 [remcos] Outgoing To IP: 84.38.132.126|61445"; classtype:trojan-activity; sid:37121031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26313 [] Hostname mail.liblogin.com"; dns.query; content:"mail.liblogin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.liblogin\.com$/i"; classtype:trojan-activity; sid:37243591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26313 [] Outgoing HTTP Hostname mail.liblogin.com"; flow:to_server,established; http.header; content: "Host|3a| mail.liblogin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.liblogin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26313;) alert ip $HOME_NET any -> 84.38.132.126 61445 (msg: "MISP e26227 [] Outgoing To IP: 84.38.132.126|61445"; classtype:trojan-activity; sid:37275171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 194.143.146.147 1311 (msg: "MISP e26227 [] Outgoing To IP: 194.143.146.147|1311"; classtype:trojan-activity; sid:37275181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 194.143.146.141 1521 (msg: "MISP e26227 [] Outgoing To IP: 194.143.146.141|1521"; classtype:trojan-activity; sid:37275191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 194.143.146.152 1433 (msg: "MISP e26227 [] Outgoing To IP: 194.143.146.152|1433"; classtype:trojan-activity; sid:37275201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 87.121.112.29 1294 (msg: "MISP e26227 [] Outgoing To IP: 87.121.112.29|1294"; classtype:trojan-activity; sid:37275211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 87.121.112.41 1299 (msg: "MISP e26227 [] Outgoing To IP: 87.121.112.41|1299"; classtype:trojan-activity; sid:37275221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 195.14.123.125 1311 (msg: "MISP e26227 [] Outgoing To IP: 195.14.123.125|1311"; classtype:trojan-activity; sid:37275231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 195.14.123.126 1311 (msg: "MISP e26227 [] Outgoing To IP: 195.14.123.126|1311"; classtype:trojan-activity; sid:37275241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 51.195.61.8 65535 (msg: "MISP e26227 [] Outgoing To IP: 51.195.61.8|65535"; classtype:trojan-activity; sid:37275251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 195.85.114.141 65535 (msg: "MISP e26227 [] Outgoing To IP: 195.85.114.141|65535"; classtype:trojan-activity; sid:37275261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 185.196.10.27 1311 (msg: "MISP e26227 [] Outgoing To IP: 185.196.10.27|1311"; classtype:trojan-activity; sid:37275271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26313 [] Hostname mail.libinpro.xyz"; dns.query; content:"mail.libinpro.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.libinpro\.xyz$/i"; classtype:trojan-activity; sid:37243601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26313 [] Outgoing HTTP Hostname mail.libinpro.xyz"; flow:to_server,established; http.header; content: "Host|3a| mail.libinpro.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.libinpro\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26313;) alert ip $HOME_NET any -> 34.79.80.97 2376 (msg: "MISP e26070 [c2,sliver] Outgoing To IP: 34.79.80.97|2376"; classtype:trojan-activity; sid:37121041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 8209826b002861552.from-ut.com"; dns.query; content:"8209826b002861552.from-ut.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])8209826b002861552\.from\-ut\.com$/i"; classtype:trojan-activity; sid:37115551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 8209826b002861552.from-ut.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"8209826b002861552.from-ut.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])8209826b002861552\.from\-ut\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115552; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain pe3wpe-wiewp3owjei-ofipewjru4we980-432wdcsgin.docsofficesignqrportalway.top"; dns.query; content:"pe3wpe-wiewp3owjei-ofipewjru4we980-432wdcsgin.docsofficesignqrportalway.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])pe3wpe\-wiewp3owjei\-ofipewjru4we980\-432wdcsgin\.docsofficesignqrportalway\.top$/i"; classtype:trojan-activity; sid:37115601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain pe3wpe-wiewp3owjei-ofipewjru4we980-432wdcsgin.docsofficesignqrportalway.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pe3wpe-wiewp3owjei-ofipewjru4we980-432wdcsgin.docsofficesignqrportalway.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pe3wpe\-wiewp3owjei\-ofipewjru4we980\-432wdcsgin\.docsofficesignqrportalway\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115602; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 34.79.80.97 2376 (msg: "MISP e26227 [] Outgoing To IP: 34.79.80.97|2376"; classtype:trojan-activity; sid:37275281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 192.0.2.30 $HTTP_PORTS (msg: "MISP e26070 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing URL http|3a|//192.0.2.30/validate/v10.6/w2ge3sc8"; flow:to_server,established; http.header; content:"192.0.2.30"; fast_pattern; nocase; http.uri; content:"/validate/v10.6/w2ge3sc8"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37121051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 88.214.25.254 80 (msg: "MISP e26070 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing To IP: 88.214.25.254|80"; classtype:trojan-activity; sid:37121061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 88.214.25.254 80 (msg: "MISP e26227 [] Outgoing To IP: 88.214.25.254|80"; classtype:trojan-activity; sid:37275291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 192.0.2.30 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//192.0.2.30/Validate/v10.6/W2GE3SC8"; flow:to_server,established; http.header; content:"192.0.2.30"; fast_pattern; nocase; http.uri; content:"/Validate/v10.6/W2GE3SC8"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37275301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [dcrat] Outgoing URL http|3a|//a0905211.xsph.ru/ee48257d.php"; flow:to_server,established; http.header; content:"a0905211.xsph.ru"; fast_pattern; nocase; http.uri; content:"/ee48257d.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37121071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26019 [] Domain fogape.theaerie.ca"; dns.query; content:"fogape.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37091451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26019;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26019 [] Outgoing HTTP Domain fogape.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fogape.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37091452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26019;) alert dns any any -> any any (msg: "MISP e26020 [] Domain patito.abdulazizalsebail.com"; dns.query; content:"patito.abdulazizalsebail.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.abdulazizalsebail\.com$/i"; classtype:trojan-activity; sid:37091531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26020;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26020 [] Outgoing HTTP Domain patito.abdulazizalsebail.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patito.abdulazizalsebail.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.abdulazizalsebail\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37091532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26020;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//a0905211.xsph.ru/ee48257d.php"; flow:to_server,established; http.header; content:"a0905211.xsph.ru"; fast_pattern; nocase; http.uri; content:"/ee48257d.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37275311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26021 [] Domain cmunicasocialword.com"; dns.query; content:"cmunicasocialword.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cmunicasocialword\.com$/i"; classtype:trojan-activity; sid:37091631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26021;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26021 [] Outgoing HTTP Domain cmunicasocialword.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cmunicasocialword.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cmunicasocialword\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37091632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26021;) alert dns any any -> any any (msg: "MISP e26022 [] Domain patito.theaerie.ca"; dns.query; content:"patito.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37091711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26022;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26022 [] Outgoing HTTP Domain patito.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patito.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37091712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26022;) alert ip $HOME_NET any -> 47.88.53.49 10001 (msg: "MISP e26070 [c2,extreme_rat] Outgoing To IP: 47.88.53.49|10001"; classtype:trojan-activity; sid:37121081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 47.88.53.49 10001 (msg: "MISP e26227 [] Outgoing To IP: 47.88.53.49|10001"; classtype:trojan-activity; sid:37275321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 65.21.66.220 62520 (msg: "MISP e25823 [] Outgoing To IP: 65.21.66.220|62520"; classtype:trojan-activity; sid:38865171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/25823;) alert http $HOME_NET any -> 217.196.98.10 $HTTP_PORTS (msg: "MISP e26070 [Stealc] Outgoing URL http|3a|//217.196.98.10/11da1c02f1899731.php"; flow:to_server,established; http.header; content:"217.196.98.10"; fast_pattern; nocase; http.uri; content:"/11da1c02f1899731.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37121091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname deltaind.in"; dns.query; content:"deltaind.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in$/i"; classtype:trojan-activity; sid:37211041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname deltaind.in"; flow:to_server,established; http.header; content: "Host|3a| deltaind.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname taldartechconsultancy.com"; dns.query; content:"taldartechconsultancy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com$/i"; classtype:trojan-activity; sid:37211081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname taldartechconsultancy.com"; flow:to_server,established; http.header; content: "Host|3a| taldartechconsultancy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname adsnapshot.co.uk"; dns.query; content:"adsnapshot.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk$/i"; classtype:trojan-activity; sid:37211101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname adsnapshot.co.uk"; flow:to_server,established; http.header; content: "Host|3a| adsnapshot.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname adsnapshot.co.uk"; dns.query; content:"adsnapshot.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk$/i"; classtype:trojan-activity; sid:37211121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname adsnapshot.co.uk"; flow:to_server,established; http.header; content: "Host|3a| adsnapshot.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname brmasonry.com.au"; dns.query; content:"brmasonry.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au$/i"; classtype:trojan-activity; sid:37211141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname brmasonry.com.au"; flow:to_server,established; http.header; content: "Host|3a| brmasonry.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname music-city.ro"; dns.query; content:"music-city.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro$/i"; classtype:trojan-activity; sid:37211161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname music-city.ro"; flow:to_server,established; http.header; content: "Host|3a| music-city.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37211181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname latinasiaperu.com"; dns.query; content:"latinasiaperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com$/i"; classtype:trojan-activity; sid:37211201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname latinasiaperu.com"; flow:to_server,established; http.header; content: "Host|3a| latinasiaperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname isl-supply.com"; dns.query; content:"isl-supply.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com$/i"; classtype:trojan-activity; sid:37211221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname isl-supply.com"; flow:to_server,established; http.header; content: "Host|3a| isl-supply.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname carologyauctions.net"; dns.query; content:"carologyauctions.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net$/i"; classtype:trojan-activity; sid:37211241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname carologyauctions.net"; flow:to_server,established; http.header; content: "Host|3a| carologyauctions.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ashleycharles.com"; dns.query; content:"ashleycharles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com$/i"; classtype:trojan-activity; sid:37211261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ashleycharles.com"; flow:to_server,established; http.header; content: "Host|3a| ashleycharles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname zedacomunicacion.com.mx"; dns.query; content:"zedacomunicacion.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zedacomunicacion\.com\.mx$/i"; classtype:trojan-activity; sid:37211281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname zedacomunicacion.com.mx"; flow:to_server,established; http.header; content: "Host|3a| zedacomunicacion.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zedacomunicacion\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname estudiocontablevilcarromero.com"; dns.query; content:"estudiocontablevilcarromero.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])estudiocontablevilcarromero\.com$/i"; classtype:trojan-activity; sid:37211301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname estudiocontablevilcarromero.com"; flow:to_server,established; http.header; content: "Host|3a| estudiocontablevilcarromero.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])estudiocontablevilcarromero\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname cursosrdg.ccr.edu.pe"; dns.query; content:"cursosrdg.ccr.edu.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe$/i"; classtype:trojan-activity; sid:37211321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname cursosrdg.ccr.edu.pe"; flow:to_server,established; http.header; content: "Host|3a| cursosrdg.ccr.edu.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ciderfoods.com.pk"; dns.query; content:"ciderfoods.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk$/i"; classtype:trojan-activity; sid:37211341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ciderfoods.com.pk"; flow:to_server,established; http.header; content: "Host|3a| ciderfoods.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ashleycharles.com"; dns.query; content:"ashleycharles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com$/i"; classtype:trojan-activity; sid:37211361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ashleycharles.com"; flow:to_server,established; http.header; content: "Host|3a| ashleycharles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname latinasiaperu.com"; dns.query; content:"latinasiaperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com$/i"; classtype:trojan-activity; sid:37211381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname latinasiaperu.com"; flow:to_server,established; http.header; content: "Host|3a| latinasiaperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ciderfoods.com.pk"; dns.query; content:"ciderfoods.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk$/i"; classtype:trojan-activity; sid:37211401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ciderfoods.com.pk"; flow:to_server,established; http.header; content: "Host|3a| ciderfoods.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ashleycharles.com"; dns.query; content:"ashleycharles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com$/i"; classtype:trojan-activity; sid:37211421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ashleycharles.com"; flow:to_server,established; http.header; content: "Host|3a| ashleycharles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hariomji.com"; dns.query; content:"hariomji.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hariomji\.com$/i"; classtype:trojan-activity; sid:37211441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hariomji.com"; flow:to_server,established; http.header; content: "Host|3a| hariomji.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hariomji\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ciderfoods.com.pk"; dns.query; content:"ciderfoods.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk$/i"; classtype:trojan-activity; sid:37211461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ciderfoods.com.pk"; flow:to_server,established; http.header; content: "Host|3a| ciderfoods.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname smlwari.com"; dns.query; content:"smlwari.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com$/i"; classtype:trojan-activity; sid:37211481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname smlwari.com"; flow:to_server,established; http.header; content: "Host|3a| smlwari.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ghanadiscount.com"; dns.query; content:"ghanadiscount.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com$/i"; classtype:trojan-activity; sid:37211501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ghanadiscount.com"; flow:to_server,established; http.header; content: "Host|3a| ghanadiscount.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname pilsa.cat"; dns.query; content:"pilsa.cat"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat$/i"; classtype:trojan-activity; sid:37211521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname pilsa.cat"; flow:to_server,established; http.header; content: "Host|3a| pilsa.cat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname wolofmedical.com"; dns.query; content:"wolofmedical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com$/i"; classtype:trojan-activity; sid:37211541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname wolofmedical.com"; flow:to_server,established; http.header; content: "Host|3a| wolofmedical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname mijaljevic.com"; dns.query; content:"mijaljevic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com$/i"; classtype:trojan-activity; sid:37211561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname mijaljevic.com"; flow:to_server,established; http.header; content: "Host|3a| mijaljevic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname maxreal.vn"; dns.query; content:"maxreal.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maxreal\.vn$/i"; classtype:trojan-activity; sid:37211581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname maxreal.vn"; flow:to_server,established; http.header; content: "Host|3a| maxreal.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maxreal\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname asilpark.com.tr"; dns.query; content:"asilpark.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr$/i"; classtype:trojan-activity; sid:37211601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname asilpark.com.tr"; flow:to_server,established; http.header; content: "Host|3a| asilpark.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37211621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dovetales.co"; dns.query; content:"dovetales.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co$/i"; classtype:trojan-activity; sid:37211641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dovetales.co"; flow:to_server,established; http.header; content: "Host|3a| dovetales.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname gmaiil.com.mx"; dns.query; content:"gmaiil.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx$/i"; classtype:trojan-activity; sid:37211661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname gmaiil.com.mx"; flow:to_server,established; http.header; content: "Host|3a| gmaiil.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname global-convenience.com"; dns.query; content:"global-convenience.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com$/i"; classtype:trojan-activity; sid:37211681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname global-convenience.com"; flow:to_server,established; http.header; content: "Host|3a| global-convenience.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname emceehansa.com"; dns.query; content:"emceehansa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emceehansa\.com$/i"; classtype:trojan-activity; sid:37211701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname emceehansa.com"; flow:to_server,established; http.header; content: "Host|3a| emceehansa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emceehansa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname beatlesmontreal.com"; dns.query; content:"beatlesmontreal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com$/i"; classtype:trojan-activity; sid:37211721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname beatlesmontreal.com"; flow:to_server,established; http.header; content: "Host|3a| beatlesmontreal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname carologyauctions.net"; dns.query; content:"carologyauctions.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net$/i"; classtype:trojan-activity; sid:37211741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname carologyauctions.net"; flow:to_server,established; http.header; content: "Host|3a| carologyauctions.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname unuagbokhe.com.ng"; dns.query; content:"unuagbokhe.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unuagbokhe\.com\.ng$/i"; classtype:trojan-activity; sid:37211761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname unuagbokhe.com.ng"; flow:to_server,established; http.header; content: "Host|3a| unuagbokhe.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unuagbokhe\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37211781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname unuagbokhe.com.ng"; dns.query; content:"unuagbokhe.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unuagbokhe\.com\.ng$/i"; classtype:trojan-activity; sid:37211801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname unuagbokhe.com.ng"; flow:to_server,established; http.header; content: "Host|3a| unuagbokhe.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unuagbokhe\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname min4lampungtimur.sch.id"; dns.query; content:"min4lampungtimur.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id$/i"; classtype:trojan-activity; sid:37211821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname min4lampungtimur.sch.id"; flow:to_server,established; http.header; content: "Host|3a| min4lampungtimur.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dancesynergyworx.co.za"; dns.query; content:"dancesynergyworx.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za$/i"; classtype:trojan-activity; sid:37211841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dancesynergyworx.co.za"; flow:to_server,established; http.header; content: "Host|3a| dancesynergyworx.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname luckygroupindia.in"; dns.query; content:"luckygroupindia.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])luckygroupindia\.in$/i"; classtype:trojan-activity; sid:37211861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname luckygroupindia.in"; flow:to_server,established; http.header; content: "Host|3a| luckygroupindia.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])luckygroupindia\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37211881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname deltaind.in"; dns.query; content:"deltaind.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in$/i"; classtype:trojan-activity; sid:37211901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname deltaind.in"; flow:to_server,established; http.header; content: "Host|3a| deltaind.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname newfrenzy.in"; dns.query; content:"newfrenzy.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newfrenzy\.in$/i"; classtype:trojan-activity; sid:37211921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname newfrenzy.in"; flow:to_server,established; http.header; content: "Host|3a| newfrenzy.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newfrenzy\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname taldartechconsultancy.com"; dns.query; content:"taldartechconsultancy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com$/i"; classtype:trojan-activity; sid:37211941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname taldartechconsultancy.com"; flow:to_server,established; http.header; content: "Host|3a| taldartechconsultancy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname all-herbal-supplements.com"; dns.query; content:"all-herbal-supplements.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])all\-herbal\-supplements\.com$/i"; classtype:trojan-activity; sid:37211961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname all-herbal-supplements.com"; flow:to_server,established; http.header; content: "Host|3a| all-herbal-supplements.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])all\-herbal\-supplements\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37211981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37211982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname asilpark.com.tr"; dns.query; content:"asilpark.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr$/i"; classtype:trojan-activity; sid:37212001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname asilpark.com.tr"; flow:to_server,established; http.header; content: "Host|3a| asilpark.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname global-convenience.com"; dns.query; content:"global-convenience.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com$/i"; classtype:trojan-activity; sid:37212021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname global-convenience.com"; flow:to_server,established; http.header; content: "Host|3a| global-convenience.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname beatlesmontreal.com"; dns.query; content:"beatlesmontreal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com$/i"; classtype:trojan-activity; sid:37212041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname beatlesmontreal.com"; flow:to_server,established; http.header; content: "Host|3a| beatlesmontreal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname smakebangsaan.sch.id"; dns.query; content:"smakebangsaan.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id$/i"; classtype:trojan-activity; sid:37212061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname smakebangsaan.sch.id"; flow:to_server,established; http.header; content: "Host|3a| smakebangsaan.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname music-city.ro"; dns.query; content:"music-city.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro$/i"; classtype:trojan-activity; sid:37212081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname music-city.ro"; flow:to_server,established; http.header; content: "Host|3a| music-city.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname beatlesmontreal.com"; dns.query; content:"beatlesmontreal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com$/i"; classtype:trojan-activity; sid:37212101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname beatlesmontreal.com"; flow:to_server,established; http.header; content: "Host|3a| beatlesmontreal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname diresaapurimac.gob.pe"; dns.query; content:"diresaapurimac.gob.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe$/i"; classtype:trojan-activity; sid:37212121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname diresaapurimac.gob.pe"; flow:to_server,established; http.header; content: "Host|3a| diresaapurimac.gob.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname cipher-bd.org"; dns.query; content:"cipher-bd.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org$/i"; classtype:trojan-activity; sid:37212141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname cipher-bd.org"; flow:to_server,established; http.header; content: "Host|3a| cipher-bd.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname cipher-bd.org"; dns.query; content:"cipher-bd.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org$/i"; classtype:trojan-activity; sid:37212161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname cipher-bd.org"; flow:to_server,established; http.header; content: "Host|3a| cipher-bd.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname all-herbal-supplements.com"; dns.query; content:"all-herbal-supplements.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])all\-herbal\-supplements\.com$/i"; classtype:trojan-activity; sid:37212181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname all-herbal-supplements.com"; flow:to_server,established; http.header; content: "Host|3a| all-herbal-supplements.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])all\-herbal\-supplements\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dovetales.co"; dns.query; content:"dovetales.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co$/i"; classtype:trojan-activity; sid:37212201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dovetales.co"; flow:to_server,established; http.header; content: "Host|3a| dovetales.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname min4lampungtimur.sch.id"; dns.query; content:"min4lampungtimur.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id$/i"; classtype:trojan-activity; sid:37212221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname min4lampungtimur.sch.id"; flow:to_server,established; http.header; content: "Host|3a| min4lampungtimur.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname blazingstara.in"; dns.query; content:"blazingstara.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blazingstara\.in$/i"; classtype:trojan-activity; sid:37212241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname blazingstara.in"; flow:to_server,established; http.header; content: "Host|3a| blazingstara.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blazingstara\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname zedacomunicacion.com.mx"; dns.query; content:"zedacomunicacion.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zedacomunicacion\.com\.mx$/i"; classtype:trojan-activity; sid:37212261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname zedacomunicacion.com.mx"; flow:to_server,established; http.header; content: "Host|3a| zedacomunicacion.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zedacomunicacion\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname freshfarmnyc.com"; dns.query; content:"freshfarmnyc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freshfarmnyc\.com$/i"; classtype:trojan-activity; sid:37212281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname freshfarmnyc.com"; flow:to_server,established; http.header; content: "Host|3a| freshfarmnyc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freshfarmnyc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname supplycenter.cl"; dns.query; content:"supplycenter.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl$/i"; classtype:trojan-activity; sid:37212301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname supplycenter.cl"; flow:to_server,established; http.header; content: "Host|3a| supplycenter.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname beatlesmontreal.com"; dns.query; content:"beatlesmontreal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com$/i"; classtype:trojan-activity; sid:37212321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname beatlesmontreal.com"; flow:to_server,established; http.header; content: "Host|3a| beatlesmontreal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname zedacomunicacion.com.mx"; dns.query; content:"zedacomunicacion.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zedacomunicacion\.com\.mx$/i"; classtype:trojan-activity; sid:37212341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname zedacomunicacion.com.mx"; flow:to_server,established; http.header; content: "Host|3a| zedacomunicacion.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zedacomunicacion\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname cursosrdg.ccr.edu.pe"; dns.query; content:"cursosrdg.ccr.edu.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe$/i"; classtype:trojan-activity; sid:37212361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname cursosrdg.ccr.edu.pe"; flow:to_server,established; http.header; content: "Host|3a| cursosrdg.ccr.edu.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname luckygroupindia.in"; dns.query; content:"luckygroupindia.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])luckygroupindia\.in$/i"; classtype:trojan-activity; sid:37212381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname luckygroupindia.in"; flow:to_server,established; http.header; content: "Host|3a| luckygroupindia.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])luckygroupindia\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname rcihandicrafts.com"; dns.query; content:"rcihandicrafts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcihandicrafts\.com$/i"; classtype:trojan-activity; sid:37212401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname rcihandicrafts.com"; flow:to_server,established; http.header; content: "Host|3a| rcihandicrafts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcihandicrafts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname brmasonry.com.au"; dns.query; content:"brmasonry.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au$/i"; classtype:trojan-activity; sid:37212421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname brmasonry.com.au"; flow:to_server,established; http.header; content: "Host|3a| brmasonry.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname mlc.cl"; dns.query; content:"mlc.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlc\.cl$/i"; classtype:trojan-activity; sid:37212441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname mlc.cl"; flow:to_server,established; http.header; content: "Host|3a| mlc.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlc\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37212461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname zedacomunicacion.com.mx"; dns.query; content:"zedacomunicacion.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zedacomunicacion\.com\.mx$/i"; classtype:trojan-activity; sid:37212481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname zedacomunicacion.com.mx"; flow:to_server,established; http.header; content: "Host|3a| zedacomunicacion.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zedacomunicacion\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ashleycharles.com"; dns.query; content:"ashleycharles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com$/i"; classtype:trojan-activity; sid:37212501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ashleycharles.com"; flow:to_server,established; http.header; content: "Host|3a| ashleycharles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname mlmkings.in"; dns.query; content:"mlmkings.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlmkings\.in$/i"; classtype:trojan-activity; sid:37212521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname mlmkings.in"; flow:to_server,established; http.header; content: "Host|3a| mlmkings.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlmkings\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ghanadiscount.com"; dns.query; content:"ghanadiscount.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com$/i"; classtype:trojan-activity; sid:37212541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ghanadiscount.com"; flow:to_server,established; http.header; content: "Host|3a| ghanadiscount.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37212561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname inverex.org"; dns.query; content:"inverex.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org$/i"; classtype:trojan-activity; sid:37212581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname inverex.org"; flow:to_server,established; http.header; content: "Host|3a| inverex.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname pilsa.cat"; dns.query; content:"pilsa.cat"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat$/i"; classtype:trojan-activity; sid:37212601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname pilsa.cat"; flow:to_server,established; http.header; content: "Host|3a| pilsa.cat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hamfekrqom.ir"; dns.query; content:"hamfekrqom.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir$/i"; classtype:trojan-activity; sid:37212621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hamfekrqom.ir"; flow:to_server,established; http.header; content: "Host|3a| hamfekrqom.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname mijaljevic.com"; dns.query; content:"mijaljevic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com$/i"; classtype:trojan-activity; sid:37212641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname mijaljevic.com"; flow:to_server,established; http.header; content: "Host|3a| mijaljevic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ciderfoods.com.pk"; dns.query; content:"ciderfoods.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk$/i"; classtype:trojan-activity; sid:37212661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ciderfoods.com.pk"; flow:to_server,established; http.header; content: "Host|3a| ciderfoods.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ellebraude.com.br"; dns.query; content:"ellebraude.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br$/i"; classtype:trojan-activity; sid:37212681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ellebraude.com.br"; flow:to_server,established; http.header; content: "Host|3a| ellebraude.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname wolofmedical.com"; dns.query; content:"wolofmedical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com$/i"; classtype:trojan-activity; sid:37212701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname wolofmedical.com"; flow:to_server,established; http.header; content: "Host|3a| wolofmedical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname allthingsbreastfeeding.co.za"; dns.query; content:"allthingsbreastfeeding.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])allthingsbreastfeeding\.co\.za$/i"; classtype:trojan-activity; sid:37212721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname allthingsbreastfeeding.co.za"; flow:to_server,established; http.header; content: "Host|3a| allthingsbreastfeeding.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])allthingsbreastfeeding\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dancesynergyworx.co.za"; dns.query; content:"dancesynergyworx.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za$/i"; classtype:trojan-activity; sid:37212741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dancesynergyworx.co.za"; flow:to_server,established; http.header; content: "Host|3a| dancesynergyworx.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname carologyauctions.net"; dns.query; content:"carologyauctions.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net$/i"; classtype:trojan-activity; sid:37212761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname carologyauctions.net"; flow:to_server,established; http.header; content: "Host|3a| carologyauctions.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ghanadiscount.com"; dns.query; content:"ghanadiscount.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com$/i"; classtype:trojan-activity; sid:37212781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ghanadiscount.com"; flow:to_server,established; http.header; content: "Host|3a| ghanadiscount.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname rcihandicrafts.com"; dns.query; content:"rcihandicrafts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcihandicrafts\.com$/i"; classtype:trojan-activity; sid:37212801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname rcihandicrafts.com"; flow:to_server,established; http.header; content: "Host|3a| rcihandicrafts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcihandicrafts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname brmasonry.com.au"; dns.query; content:"brmasonry.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au$/i"; classtype:trojan-activity; sid:37212821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname brmasonry.com.au"; flow:to_server,established; http.header; content: "Host|3a| brmasonry.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname min4lampungtimur.sch.id"; dns.query; content:"min4lampungtimur.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id$/i"; classtype:trojan-activity; sid:37212841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname min4lampungtimur.sch.id"; flow:to_server,established; http.header; content: "Host|3a| min4lampungtimur.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ghanadiscount.com"; dns.query; content:"ghanadiscount.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com$/i"; classtype:trojan-activity; sid:37212861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ghanadiscount.com"; flow:to_server,established; http.header; content: "Host|3a| ghanadiscount.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37212881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ellebraude.com.br"; dns.query; content:"ellebraude.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br$/i"; classtype:trojan-activity; sid:37212901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ellebraude.com.br"; flow:to_server,established; http.header; content: "Host|3a| ellebraude.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname sunilvishwakarma.in"; dns.query; content:"sunilvishwakarma.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in$/i"; classtype:trojan-activity; sid:37212921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname sunilvishwakarma.in"; flow:to_server,established; http.header; content: "Host|3a| sunilvishwakarma.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname sunilvishwakarma.in"; dns.query; content:"sunilvishwakarma.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in$/i"; classtype:trojan-activity; sid:37212941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname sunilvishwakarma.in"; flow:to_server,established; http.header; content: "Host|3a| sunilvishwakarma.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname wolofmedical.com"; dns.query; content:"wolofmedical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com$/i"; classtype:trojan-activity; sid:37212961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname wolofmedical.com"; flow:to_server,established; http.header; content: "Host|3a| wolofmedical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname all-herbal-supplements.com"; dns.query; content:"all-herbal-supplements.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])all\-herbal\-supplements\.com$/i"; classtype:trojan-activity; sid:37212981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname all-herbal-supplements.com"; flow:to_server,established; http.header; content: "Host|3a| all-herbal-supplements.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])all\-herbal\-supplements\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37212982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname global-convenience.com"; dns.query; content:"global-convenience.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com$/i"; classtype:trojan-activity; sid:37213001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname global-convenience.com"; flow:to_server,established; http.header; content: "Host|3a| global-convenience.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname wolofmedical.com"; dns.query; content:"wolofmedical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com$/i"; classtype:trojan-activity; sid:37213021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname wolofmedical.com"; flow:to_server,established; http.header; content: "Host|3a| wolofmedical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname blazingstara.in"; dns.query; content:"blazingstara.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blazingstara\.in$/i"; classtype:trojan-activity; sid:37213041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname blazingstara.in"; flow:to_server,established; http.header; content: "Host|3a| blazingstara.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blazingstara\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname pratiscare.com"; dns.query; content:"pratiscare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com$/i"; classtype:trojan-activity; sid:37213061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname pratiscare.com"; flow:to_server,established; http.header; content: "Host|3a| pratiscare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname mijaljevic.com"; dns.query; content:"mijaljevic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com$/i"; classtype:trojan-activity; sid:37213081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname mijaljevic.com"; flow:to_server,established; http.header; content: "Host|3a| mijaljevic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname pratiscare.com"; dns.query; content:"pratiscare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com$/i"; classtype:trojan-activity; sid:37213101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname pratiscare.com"; flow:to_server,established; http.header; content: "Host|3a| pratiscare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname rosyramales.com"; dns.query; content:"rosyramales.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rosyramales\.com$/i"; classtype:trojan-activity; sid:37213121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname rosyramales.com"; flow:to_server,established; http.header; content: "Host|3a| rosyramales.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rosyramales\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname smlwari.com"; dns.query; content:"smlwari.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com$/i"; classtype:trojan-activity; sid:37213141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname smlwari.com"; flow:to_server,established; http.header; content: "Host|3a| smlwari.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname asilpark.com.tr"; dns.query; content:"asilpark.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr$/i"; classtype:trojan-activity; sid:37213161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname asilpark.com.tr"; flow:to_server,established; http.header; content: "Host|3a| asilpark.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ciderfoods.com.pk"; dns.query; content:"ciderfoods.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk$/i"; classtype:trojan-activity; sid:37213181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ciderfoods.com.pk"; flow:to_server,established; http.header; content: "Host|3a| ciderfoods.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname cipher-bd.org"; dns.query; content:"cipher-bd.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org$/i"; classtype:trojan-activity; sid:37213201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname cipher-bd.org"; flow:to_server,established; http.header; content: "Host|3a| cipher-bd.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dancesynergyworx.co.za"; dns.query; content:"dancesynergyworx.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za$/i"; classtype:trojan-activity; sid:37213221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dancesynergyworx.co.za"; flow:to_server,established; http.header; content: "Host|3a| dancesynergyworx.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname global-convenience.com"; dns.query; content:"global-convenience.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com$/i"; classtype:trojan-activity; sid:37213241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname global-convenience.com"; flow:to_server,established; http.header; content: "Host|3a| global-convenience.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname luckygroupindia.in"; dns.query; content:"luckygroupindia.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])luckygroupindia\.in$/i"; classtype:trojan-activity; sid:37213261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname luckygroupindia.in"; flow:to_server,established; http.header; content: "Host|3a| luckygroupindia.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])luckygroupindia\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dancesynergyworx.co.za"; dns.query; content:"dancesynergyworx.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za$/i"; classtype:trojan-activity; sid:37213281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dancesynergyworx.co.za"; flow:to_server,established; http.header; content: "Host|3a| dancesynergyworx.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hamfekrqom.ir"; dns.query; content:"hamfekrqom.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir$/i"; classtype:trojan-activity; sid:37213301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hamfekrqom.ir"; flow:to_server,established; http.header; content: "Host|3a| hamfekrqom.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname alzheimerencasa.org"; dns.query; content:"alzheimerencasa.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alzheimerencasa\.org$/i"; classtype:trojan-activity; sid:37213321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname alzheimerencasa.org"; flow:to_server,established; http.header; content: "Host|3a| alzheimerencasa.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alzheimerencasa\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname rcihandicrafts.com"; dns.query; content:"rcihandicrafts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcihandicrafts\.com$/i"; classtype:trojan-activity; sid:37213341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname rcihandicrafts.com"; flow:to_server,established; http.header; content: "Host|3a| rcihandicrafts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcihandicrafts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname smlwari.com"; dns.query; content:"smlwari.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com$/i"; classtype:trojan-activity; sid:37213361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname smlwari.com"; flow:to_server,established; http.header; content: "Host|3a| smlwari.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname estudiocontablevilcarromero.com"; dns.query; content:"estudiocontablevilcarromero.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])estudiocontablevilcarromero\.com$/i"; classtype:trojan-activity; sid:37213381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname estudiocontablevilcarromero.com"; flow:to_server,established; http.header; content: "Host|3a| estudiocontablevilcarromero.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])estudiocontablevilcarromero\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname omtglobal.com"; dns.query; content:"omtglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com$/i"; classtype:trojan-activity; sid:37213401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname omtglobal.com"; flow:to_server,established; http.header; content: "Host|3a| omtglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname mlmkings.in"; dns.query; content:"mlmkings.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlmkings\.in$/i"; classtype:trojan-activity; sid:37213421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname mlmkings.in"; flow:to_server,established; http.header; content: "Host|3a| mlmkings.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlmkings\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname inverex.org"; dns.query; content:"inverex.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org$/i"; classtype:trojan-activity; sid:37213441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname inverex.org"; flow:to_server,established; http.header; content: "Host|3a| inverex.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname yourspiritualhaven.ca"; dns.query; content:"yourspiritualhaven.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yourspiritualhaven\.ca$/i"; classtype:trojan-activity; sid:37213461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname yourspiritualhaven.ca"; flow:to_server,established; http.header; content: "Host|3a| yourspiritualhaven.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yourspiritualhaven\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname blazingstara.in"; dns.query; content:"blazingstara.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blazingstara\.in$/i"; classtype:trojan-activity; sid:37213481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname blazingstara.in"; flow:to_server,established; http.header; content: "Host|3a| blazingstara.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blazingstara\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ciderfoods.com.pk"; dns.query; content:"ciderfoods.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk$/i"; classtype:trojan-activity; sid:37213501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ciderfoods.com.pk"; flow:to_server,established; http.header; content: "Host|3a| ciderfoods.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname cipher-bd.org"; dns.query; content:"cipher-bd.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org$/i"; classtype:trojan-activity; sid:37213521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname cipher-bd.org"; flow:to_server,established; http.header; content: "Host|3a| cipher-bd.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname flexoz.com.au"; dns.query; content:"flexoz.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flexoz\.com\.au$/i"; classtype:trojan-activity; sid:37213541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname flexoz.com.au"; flow:to_server,established; http.header; content: "Host|3a| flexoz.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flexoz\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname all-herbal-supplements.com"; dns.query; content:"all-herbal-supplements.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])all\-herbal\-supplements\.com$/i"; classtype:trojan-activity; sid:37213561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname all-herbal-supplements.com"; flow:to_server,established; http.header; content: "Host|3a| all-herbal-supplements.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])all\-herbal\-supplements\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname eastridgepacific.com"; dns.query; content:"eastridgepacific.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eastridgepacific\.com$/i"; classtype:trojan-activity; sid:37213581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname eastridgepacific.com"; flow:to_server,established; http.header; content: "Host|3a| eastridgepacific.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eastridgepacific\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hamfekrqom.ir"; dns.query; content:"hamfekrqom.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir$/i"; classtype:trojan-activity; sid:37213601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hamfekrqom.ir"; flow:to_server,established; http.header; content: "Host|3a| hamfekrqom.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname cursosrdg.ccr.edu.pe"; dns.query; content:"cursosrdg.ccr.edu.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe$/i"; classtype:trojan-activity; sid:37213621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname cursosrdg.ccr.edu.pe"; flow:to_server,established; http.header; content: "Host|3a| cursosrdg.ccr.edu.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname newhorizoncanada.com"; dns.query; content:"newhorizoncanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newhorizoncanada\.com$/i"; classtype:trojan-activity; sid:37213641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname newhorizoncanada.com"; flow:to_server,established; http.header; content: "Host|3a| newhorizoncanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newhorizoncanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname oz.com.py"; dns.query; content:"oz.com.py"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oz\.com\.py$/i"; classtype:trojan-activity; sid:37213661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname oz.com.py"; flow:to_server,established; http.header; content: "Host|3a| oz.com.py"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oz\.com\.py[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname supplycenter.cl"; dns.query; content:"supplycenter.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl$/i"; classtype:trojan-activity; sid:37213681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname supplycenter.cl"; flow:to_server,established; http.header; content: "Host|3a| supplycenter.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname beatlesmontreal.com"; dns.query; content:"beatlesmontreal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com$/i"; classtype:trojan-activity; sid:37213701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname beatlesmontreal.com"; flow:to_server,established; http.header; content: "Host|3a| beatlesmontreal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname deltaind.in"; dns.query; content:"deltaind.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in$/i"; classtype:trojan-activity; sid:37213721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname deltaind.in"; flow:to_server,established; http.header; content: "Host|3a| deltaind.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname blazingstara.in"; dns.query; content:"blazingstara.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blazingstara\.in$/i"; classtype:trojan-activity; sid:37213741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname blazingstara.in"; flow:to_server,established; http.header; content: "Host|3a| blazingstara.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blazingstara\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname newfrenzy.in"; dns.query; content:"newfrenzy.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newfrenzy\.in$/i"; classtype:trojan-activity; sid:37213761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname newfrenzy.in"; flow:to_server,established; http.header; content: "Host|3a| newfrenzy.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newfrenzy\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname cipher-bd.org"; dns.query; content:"cipher-bd.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org$/i"; classtype:trojan-activity; sid:37213781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname cipher-bd.org"; flow:to_server,established; http.header; content: "Host|3a| cipher-bd.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname pratiscare.com"; dns.query; content:"pratiscare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com$/i"; classtype:trojan-activity; sid:37213801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname pratiscare.com"; flow:to_server,established; http.header; content: "Host|3a| pratiscare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname marianesagefemme.fr"; dns.query; content:"marianesagefemme.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marianesagefemme\.fr$/i"; classtype:trojan-activity; sid:37213821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname marianesagefemme.fr"; flow:to_server,established; http.header; content: "Host|3a| marianesagefemme.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marianesagefemme\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37213841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ashleycharles.com"; dns.query; content:"ashleycharles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com$/i"; classtype:trojan-activity; sid:37213861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ashleycharles.com"; flow:to_server,established; http.header; content: "Host|3a| ashleycharles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname flexoz.com.au"; dns.query; content:"flexoz.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flexoz\.com\.au$/i"; classtype:trojan-activity; sid:37213881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname flexoz.com.au"; flow:to_server,established; http.header; content: "Host|3a| flexoz.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flexoz\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname beatlesmontreal.com"; dns.query; content:"beatlesmontreal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com$/i"; classtype:trojan-activity; sid:37213901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname beatlesmontreal.com"; flow:to_server,established; http.header; content: "Host|3a| beatlesmontreal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37213921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname deltaind.in"; dns.query; content:"deltaind.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in$/i"; classtype:trojan-activity; sid:37213941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname deltaind.in"; flow:to_server,established; http.header; content: "Host|3a| deltaind.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname wolofmedical.com"; dns.query; content:"wolofmedical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com$/i"; classtype:trojan-activity; sid:37213961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname wolofmedical.com"; flow:to_server,established; http.header; content: "Host|3a| wolofmedical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname supplycenter.cl"; dns.query; content:"supplycenter.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl$/i"; classtype:trojan-activity; sid:37213981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname supplycenter.cl"; flow:to_server,established; http.header; content: "Host|3a| supplycenter.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37213982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname emceehansa.com"; dns.query; content:"emceehansa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emceehansa\.com$/i"; classtype:trojan-activity; sid:37214001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname emceehansa.com"; flow:to_server,established; http.header; content: "Host|3a| emceehansa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emceehansa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname wolofmedical.com"; dns.query; content:"wolofmedical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com$/i"; classtype:trojan-activity; sid:37214021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname wolofmedical.com"; flow:to_server,established; http.header; content: "Host|3a| wolofmedical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname rosyramales.com"; dns.query; content:"rosyramales.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rosyramales\.com$/i"; classtype:trojan-activity; sid:37214041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname rosyramales.com"; flow:to_server,established; http.header; content: "Host|3a| rosyramales.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rosyramales\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ashleycharles.com"; dns.query; content:"ashleycharles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com$/i"; classtype:trojan-activity; sid:37214061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ashleycharles.com"; flow:to_server,established; http.header; content: "Host|3a| ashleycharles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hariomji.com"; dns.query; content:"hariomji.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hariomji\.com$/i"; classtype:trojan-activity; sid:37214081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hariomji.com"; flow:to_server,established; http.header; content: "Host|3a| hariomji.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hariomji\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname newfrenzy.in"; dns.query; content:"newfrenzy.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newfrenzy\.in$/i"; classtype:trojan-activity; sid:37214101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname newfrenzy.in"; flow:to_server,established; http.header; content: "Host|3a| newfrenzy.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newfrenzy\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname marianesagefemme.fr"; dns.query; content:"marianesagefemme.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marianesagefemme\.fr$/i"; classtype:trojan-activity; sid:37214121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname marianesagefemme.fr"; flow:to_server,established; http.header; content: "Host|3a| marianesagefemme.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marianesagefemme\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname iamanivilladecharme.com.br"; dns.query; content:"iamanivilladecharme.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br$/i"; classtype:trojan-activity; sid:37214141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname iamanivilladecharme.com.br"; flow:to_server,established; http.header; content: "Host|3a| iamanivilladecharme.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hegram.ba"; dns.query; content:"hegram.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba$/i"; classtype:trojan-activity; sid:37214161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hegram.ba"; flow:to_server,established; http.header; content: "Host|3a| hegram.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname latinasiaperu.com"; dns.query; content:"latinasiaperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com$/i"; classtype:trojan-activity; sid:37214181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname latinasiaperu.com"; flow:to_server,established; http.header; content: "Host|3a| latinasiaperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname oz.com.py"; dns.query; content:"oz.com.py"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oz\.com\.py$/i"; classtype:trojan-activity; sid:37214201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname oz.com.py"; flow:to_server,established; http.header; content: "Host|3a| oz.com.py"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oz\.com\.py[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname pilsa.cat"; dns.query; content:"pilsa.cat"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat$/i"; classtype:trojan-activity; sid:37214221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname pilsa.cat"; flow:to_server,established; http.header; content: "Host|3a| pilsa.cat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ciderfoods.com.pk"; dns.query; content:"ciderfoods.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk$/i"; classtype:trojan-activity; sid:37214241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ciderfoods.com.pk"; flow:to_server,established; http.header; content: "Host|3a| ciderfoods.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname icvpartners.com"; dns.query; content:"icvpartners.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icvpartners\.com$/i"; classtype:trojan-activity; sid:37214261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname icvpartners.com"; flow:to_server,established; http.header; content: "Host|3a| icvpartners.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icvpartners\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname min4lampungtimur.sch.id"; dns.query; content:"min4lampungtimur.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id$/i"; classtype:trojan-activity; sid:37214281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname min4lampungtimur.sch.id"; flow:to_server,established; http.header; content: "Host|3a| min4lampungtimur.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname mlmkings.in"; dns.query; content:"mlmkings.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlmkings\.in$/i"; classtype:trojan-activity; sid:37214301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname mlmkings.in"; flow:to_server,established; http.header; content: "Host|3a| mlmkings.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlmkings\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37214321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname cursosrdg.ccr.edu.pe"; dns.query; content:"cursosrdg.ccr.edu.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe$/i"; classtype:trojan-activity; sid:37214341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname cursosrdg.ccr.edu.pe"; flow:to_server,established; http.header; content: "Host|3a| cursosrdg.ccr.edu.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname oz.com.py"; dns.query; content:"oz.com.py"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oz\.com\.py$/i"; classtype:trojan-activity; sid:37214361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname oz.com.py"; flow:to_server,established; http.header; content: "Host|3a| oz.com.py"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oz\.com\.py[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname mlc.cl"; dns.query; content:"mlc.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlc\.cl$/i"; classtype:trojan-activity; sid:37214381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname mlc.cl"; flow:to_server,established; http.header; content: "Host|3a| mlc.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlc\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hegram.ba"; dns.query; content:"hegram.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba$/i"; classtype:trojan-activity; sid:37214401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hegram.ba"; flow:to_server,established; http.header; content: "Host|3a| hegram.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname omtglobal.com"; dns.query; content:"omtglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com$/i"; classtype:trojan-activity; sid:37214421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname omtglobal.com"; flow:to_server,established; http.header; content: "Host|3a| omtglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dancesynergyworx.co.za"; dns.query; content:"dancesynergyworx.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za$/i"; classtype:trojan-activity; sid:37214441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dancesynergyworx.co.za"; flow:to_server,established; http.header; content: "Host|3a| dancesynergyworx.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname unuagbokhe.com.ng"; dns.query; content:"unuagbokhe.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unuagbokhe\.com\.ng$/i"; classtype:trojan-activity; sid:37214461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname unuagbokhe.com.ng"; flow:to_server,established; http.header; content: "Host|3a| unuagbokhe.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unuagbokhe\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname alzheimerencasa.org"; dns.query; content:"alzheimerencasa.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alzheimerencasa\.org$/i"; classtype:trojan-activity; sid:37214481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname alzheimerencasa.org"; flow:to_server,established; http.header; content: "Host|3a| alzheimerencasa.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alzheimerencasa\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hamfekrqom.ir"; dns.query; content:"hamfekrqom.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir$/i"; classtype:trojan-activity; sid:37214501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hamfekrqom.ir"; flow:to_server,established; http.header; content: "Host|3a| hamfekrqom.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname calistakitchenandbath.com"; dns.query; content:"calistakitchenandbath.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com$/i"; classtype:trojan-activity; sid:37214521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname calistakitchenandbath.com"; flow:to_server,established; http.header; content: "Host|3a| calistakitchenandbath.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname isl-supply.com"; dns.query; content:"isl-supply.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com$/i"; classtype:trojan-activity; sid:37214541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname isl-supply.com"; flow:to_server,established; http.header; content: "Host|3a| isl-supply.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname deviance.za.net"; dns.query; content:"deviance.za.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net$/i"; classtype:trojan-activity; sid:37214561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname deviance.za.net"; flow:to_server,established; http.header; content: "Host|3a| deviance.za.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname inverex.org"; dns.query; content:"inverex.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org$/i"; classtype:trojan-activity; sid:37214581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname inverex.org"; flow:to_server,established; http.header; content: "Host|3a| inverex.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname adbs.sch.id"; dns.query; content:"adbs.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id$/i"; classtype:trojan-activity; sid:37214601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname adbs.sch.id"; flow:to_server,established; http.header; content: "Host|3a| adbs.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname asilpark.com.tr"; dns.query; content:"asilpark.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr$/i"; classtype:trojan-activity; sid:37214621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname asilpark.com.tr"; flow:to_server,established; http.header; content: "Host|3a| asilpark.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname min4lampungtimur.sch.id"; dns.query; content:"min4lampungtimur.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id$/i"; classtype:trojan-activity; sid:37214641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname min4lampungtimur.sch.id"; flow:to_server,established; http.header; content: "Host|3a| min4lampungtimur.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname unuagbokhe.com.ng"; dns.query; content:"unuagbokhe.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unuagbokhe\.com\.ng$/i"; classtype:trojan-activity; sid:37214661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname unuagbokhe.com.ng"; flow:to_server,established; http.header; content: "Host|3a| unuagbokhe.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unuagbokhe\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname calistakitchenandbath.com"; dns.query; content:"calistakitchenandbath.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com$/i"; classtype:trojan-activity; sid:37214681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname calistakitchenandbath.com"; flow:to_server,established; http.header; content: "Host|3a| calistakitchenandbath.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname global-convenience.com"; dns.query; content:"global-convenience.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com$/i"; classtype:trojan-activity; sid:37214701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname global-convenience.com"; flow:to_server,established; http.header; content: "Host|3a| global-convenience.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dovetales.co"; dns.query; content:"dovetales.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co$/i"; classtype:trojan-activity; sid:37214721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dovetales.co"; flow:to_server,established; http.header; content: "Host|3a| dovetales.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dancesynergyworx.co.za"; dns.query; content:"dancesynergyworx.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za$/i"; classtype:trojan-activity; sid:37214741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dancesynergyworx.co.za"; flow:to_server,established; http.header; content: "Host|3a| dancesynergyworx.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname newfrenzy.in"; dns.query; content:"newfrenzy.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newfrenzy\.in$/i"; classtype:trojan-activity; sid:37214761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname newfrenzy.in"; flow:to_server,established; http.header; content: "Host|3a| newfrenzy.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newfrenzy\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname grandlieucouverture.fr"; dns.query; content:"grandlieucouverture.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr$/i"; classtype:trojan-activity; sid:37214781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname grandlieucouverture.fr"; flow:to_server,established; http.header; content: "Host|3a| grandlieucouverture.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname brmasonry.com.au"; dns.query; content:"brmasonry.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au$/i"; classtype:trojan-activity; sid:37214801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname brmasonry.com.au"; flow:to_server,established; http.header; content: "Host|3a| brmasonry.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dovetales.co"; dns.query; content:"dovetales.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co$/i"; classtype:trojan-activity; sid:37214821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dovetales.co"; flow:to_server,established; http.header; content: "Host|3a| dovetales.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname beatlesmontreal.com"; dns.query; content:"beatlesmontreal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com$/i"; classtype:trojan-activity; sid:37214841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname beatlesmontreal.com"; flow:to_server,established; http.header; content: "Host|3a| beatlesmontreal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname supplycenter.cl"; dns.query; content:"supplycenter.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl$/i"; classtype:trojan-activity; sid:37214861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname supplycenter.cl"; flow:to_server,established; http.header; content: "Host|3a| supplycenter.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname music-city.ro"; dns.query; content:"music-city.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro$/i"; classtype:trojan-activity; sid:37214881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname music-city.ro"; flow:to_server,established; http.header; content: "Host|3a| music-city.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname cipher-bd.org"; dns.query; content:"cipher-bd.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org$/i"; classtype:trojan-activity; sid:37214901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname cipher-bd.org"; flow:to_server,established; http.header; content: "Host|3a| cipher-bd.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname iamanivilladecharme.com.br"; dns.query; content:"iamanivilladecharme.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br$/i"; classtype:trojan-activity; sid:37214921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname iamanivilladecharme.com.br"; flow:to_server,established; http.header; content: "Host|3a| iamanivilladecharme.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37214941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dovetales.co"; dns.query; content:"dovetales.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co$/i"; classtype:trojan-activity; sid:37214961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dovetales.co"; flow:to_server,established; http.header; content: "Host|3a| dovetales.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname music-city.ro"; dns.query; content:"music-city.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro$/i"; classtype:trojan-activity; sid:37214981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname music-city.ro"; flow:to_server,established; http.header; content: "Host|3a| music-city.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37214982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname alzheimerencasa.org"; dns.query; content:"alzheimerencasa.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alzheimerencasa\.org$/i"; classtype:trojan-activity; sid:37215001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname alzheimerencasa.org"; flow:to_server,established; http.header; content: "Host|3a| alzheimerencasa.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alzheimerencasa\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname adbs.sch.id"; dns.query; content:"adbs.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id$/i"; classtype:trojan-activity; sid:37215021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname adbs.sch.id"; flow:to_server,established; http.header; content: "Host|3a| adbs.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname adbs.sch.id"; dns.query; content:"adbs.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id$/i"; classtype:trojan-activity; sid:37215041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname adbs.sch.id"; flow:to_server,established; http.header; content: "Host|3a| adbs.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname beatlesmontreal.com"; dns.query; content:"beatlesmontreal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com$/i"; classtype:trojan-activity; sid:37215061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname beatlesmontreal.com"; flow:to_server,established; http.header; content: "Host|3a| beatlesmontreal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname oz.com.py"; dns.query; content:"oz.com.py"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oz\.com\.py$/i"; classtype:trojan-activity; sid:37215081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname oz.com.py"; flow:to_server,established; http.header; content: "Host|3a| oz.com.py"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oz\.com\.py[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname sunilvishwakarma.in"; dns.query; content:"sunilvishwakarma.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in$/i"; classtype:trojan-activity; sid:37215101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname sunilvishwakarma.in"; flow:to_server,established; http.header; content: "Host|3a| sunilvishwakarma.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hamfekrqom.ir"; dns.query; content:"hamfekrqom.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir$/i"; classtype:trojan-activity; sid:37215121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hamfekrqom.ir"; flow:to_server,established; http.header; content: "Host|3a| hamfekrqom.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname emceehansa.com"; dns.query; content:"emceehansa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emceehansa\.com$/i"; classtype:trojan-activity; sid:37215141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname emceehansa.com"; flow:to_server,established; http.header; content: "Host|3a| emceehansa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emceehansa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname blazingstara.in"; dns.query; content:"blazingstara.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blazingstara\.in$/i"; classtype:trojan-activity; sid:37215161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname blazingstara.in"; flow:to_server,established; http.header; content: "Host|3a| blazingstara.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blazingstara\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname brmasonry.com.au"; dns.query; content:"brmasonry.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au$/i"; classtype:trojan-activity; sid:37215181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname brmasonry.com.au"; flow:to_server,established; http.header; content: "Host|3a| brmasonry.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dovetales.co"; dns.query; content:"dovetales.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co$/i"; classtype:trojan-activity; sid:37215201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dovetales.co"; flow:to_server,established; http.header; content: "Host|3a| dovetales.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hegram.ba"; dns.query; content:"hegram.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba$/i"; classtype:trojan-activity; sid:37215221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hegram.ba"; flow:to_server,established; http.header; content: "Host|3a| hegram.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hariomji.com"; dns.query; content:"hariomji.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hariomji\.com$/i"; classtype:trojan-activity; sid:37215241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hariomji.com"; flow:to_server,established; http.header; content: "Host|3a| hariomji.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hariomji\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname sneakerskampala.com"; dns.query; content:"sneakerskampala.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com$/i"; classtype:trojan-activity; sid:37215261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname sneakerskampala.com"; flow:to_server,established; http.header; content: "Host|3a| sneakerskampala.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ciderfoods.com.pk"; dns.query; content:"ciderfoods.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk$/i"; classtype:trojan-activity; sid:37215281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ciderfoods.com.pk"; flow:to_server,established; http.header; content: "Host|3a| ciderfoods.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname pratiscare.com"; dns.query; content:"pratiscare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com$/i"; classtype:trojan-activity; sid:37215301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname pratiscare.com"; flow:to_server,established; http.header; content: "Host|3a| pratiscare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname smakebangsaan.sch.id"; dns.query; content:"smakebangsaan.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id$/i"; classtype:trojan-activity; sid:37215321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname smakebangsaan.sch.id"; flow:to_server,established; http.header; content: "Host|3a| smakebangsaan.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37215341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname mlmkings.in"; dns.query; content:"mlmkings.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlmkings\.in$/i"; classtype:trojan-activity; sid:37215361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname mlmkings.in"; flow:to_server,established; http.header; content: "Host|3a| mlmkings.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlmkings\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname diresaapurimac.gob.pe"; dns.query; content:"diresaapurimac.gob.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe$/i"; classtype:trojan-activity; sid:37215381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname diresaapurimac.gob.pe"; flow:to_server,established; http.header; content: "Host|3a| diresaapurimac.gob.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname deviance.za.net"; dns.query; content:"deviance.za.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net$/i"; classtype:trojan-activity; sid:37215401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname deviance.za.net"; flow:to_server,established; http.header; content: "Host|3a| deviance.za.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname brmasonry.com.au"; dns.query; content:"brmasonry.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au$/i"; classtype:trojan-activity; sid:37215421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname brmasonry.com.au"; flow:to_server,established; http.header; content: "Host|3a| brmasonry.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname dancesynergyworx.co.za"; dns.query; content:"dancesynergyworx.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za$/i"; classtype:trojan-activity; sid:37215441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname dancesynergyworx.co.za"; flow:to_server,established; http.header; content: "Host|3a| dancesynergyworx.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37215461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname music-city.ro"; dns.query; content:"music-city.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro$/i"; classtype:trojan-activity; sid:37215481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname music-city.ro"; flow:to_server,established; http.header; content: "Host|3a| music-city.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ghanadiscount.com"; dns.query; content:"ghanadiscount.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com$/i"; classtype:trojan-activity; sid:37215501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ghanadiscount.com"; flow:to_server,established; http.header; content: "Host|3a| ghanadiscount.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ghanadiscount.com"; dns.query; content:"ghanadiscount.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com$/i"; classtype:trojan-activity; sid:37215521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ghanadiscount.com"; flow:to_server,established; http.header; content: "Host|3a| ghanadiscount.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname sneakerskampala.com"; dns.query; content:"sneakerskampala.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com$/i"; classtype:trojan-activity; sid:37215541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname sneakerskampala.com"; flow:to_server,established; http.header; content: "Host|3a| sneakerskampala.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname isl-supply.com"; dns.query; content:"isl-supply.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com$/i"; classtype:trojan-activity; sid:37215561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname isl-supply.com"; flow:to_server,established; http.header; content: "Host|3a| isl-supply.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ashleycharles.com"; dns.query; content:"ashleycharles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com$/i"; classtype:trojan-activity; sid:37215581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ashleycharles.com"; flow:to_server,established; http.header; content: "Host|3a| ashleycharles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname mijaljevic.com"; dns.query; content:"mijaljevic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com$/i"; classtype:trojan-activity; sid:37215601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname mijaljevic.com"; flow:to_server,established; http.header; content: "Host|3a| mijaljevic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37215621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname iamanivilladecharme.com.br"; dns.query; content:"iamanivilladecharme.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br$/i"; classtype:trojan-activity; sid:37215641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname iamanivilladecharme.com.br"; flow:to_server,established; http.header; content: "Host|3a| iamanivilladecharme.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hegram.ba"; dns.query; content:"hegram.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba$/i"; classtype:trojan-activity; sid:37215661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hegram.ba"; flow:to_server,established; http.header; content: "Host|3a| hegram.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname inverex.org"; dns.query; content:"inverex.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org$/i"; classtype:trojan-activity; sid:37215681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname inverex.org"; flow:to_server,established; http.header; content: "Host|3a| inverex.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname omtglobal.com"; dns.query; content:"omtglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com$/i"; classtype:trojan-activity; sid:37215701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname omtglobal.com"; flow:to_server,established; http.header; content: "Host|3a| omtglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname scmsgroup.org"; dns.query; content:"scmsgroup.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scmsgroup\.org$/i"; classtype:trojan-activity; sid:37215721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname scmsgroup.org"; flow:to_server,established; http.header; content: "Host|3a| scmsgroup.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scmsgroup\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ghanadiscount.com"; dns.query; content:"ghanadiscount.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com$/i"; classtype:trojan-activity; sid:37215741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ghanadiscount.com"; flow:to_server,established; http.header; content: "Host|3a| ghanadiscount.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname cipher-bd.org"; dns.query; content:"cipher-bd.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org$/i"; classtype:trojan-activity; sid:37215761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname cipher-bd.org"; flow:to_server,established; http.header; content: "Host|3a| cipher-bd.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cipher\-bd\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hegram.ba"; dns.query; content:"hegram.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba$/i"; classtype:trojan-activity; sid:37215781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hegram.ba"; flow:to_server,established; http.header; content: "Host|3a| hegram.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname pilsa.cat"; dns.query; content:"pilsa.cat"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat$/i"; classtype:trojan-activity; sid:37215801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname pilsa.cat"; flow:to_server,established; http.header; content: "Host|3a| pilsa.cat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname ciderfoods.com.pk"; dns.query; content:"ciderfoods.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk$/i"; classtype:trojan-activity; sid:37215821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname ciderfoods.com.pk"; flow:to_server,established; http.header; content: "Host|3a| ciderfoods.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ciderfoods\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname hamfekrqom.ir"; dns.query; content:"hamfekrqom.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir$/i"; classtype:trojan-activity; sid:37215841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname hamfekrqom.ir"; flow:to_server,established; http.header; content: "Host|3a| hamfekrqom.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname allthingsbreastfeeding.co.za"; dns.query; content:"allthingsbreastfeeding.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])allthingsbreastfeeding\.co\.za$/i"; classtype:trojan-activity; sid:37215861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname allthingsbreastfeeding.co.za"; flow:to_server,established; http.header; content: "Host|3a| allthingsbreastfeeding.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])allthingsbreastfeeding\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname allthingsbreastfeeding.co.za"; dns.query; content:"allthingsbreastfeeding.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])allthingsbreastfeeding\.co\.za$/i"; classtype:trojan-activity; sid:37215881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname allthingsbreastfeeding.co.za"; flow:to_server,established; http.header; content: "Host|3a| allthingsbreastfeeding.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])allthingsbreastfeeding\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname deltaind.in"; dns.query; content:"deltaind.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in$/i"; classtype:trojan-activity; sid:37215901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname deltaind.in"; flow:to_server,established; http.header; content: "Host|3a| deltaind.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname newfrenzy.in"; dns.query; content:"newfrenzy.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newfrenzy\.in$/i"; classtype:trojan-activity; sid:37215921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname newfrenzy.in"; flow:to_server,established; http.header; content: "Host|3a| newfrenzy.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newfrenzy\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37215941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname iamanivilladecharme.com.br"; dns.query; content:"iamanivilladecharme.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br$/i"; classtype:trojan-activity; sid:37215961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname iamanivilladecharme.com.br"; flow:to_server,established; http.header; content: "Host|3a| iamanivilladecharme.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname maxreal.vn"; dns.query; content:"maxreal.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maxreal\.vn$/i"; classtype:trojan-activity; sid:37215981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname maxreal.vn"; flow:to_server,established; http.header; content: "Host|3a| maxreal.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maxreal\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37215982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname flexoz.com.au"; dns.query; content:"flexoz.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flexoz\.com\.au$/i"; classtype:trojan-activity; sid:37216001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname flexoz.com.au"; flow:to_server,established; http.header; content: "Host|3a| flexoz.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flexoz\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname deltaind.in"; dns.query; content:"deltaind.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in$/i"; classtype:trojan-activity; sid:37216021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname deltaind.in"; flow:to_server,established; http.header; content: "Host|3a| deltaind.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname adbs.sch.id"; dns.query; content:"adbs.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id$/i"; classtype:trojan-activity; sid:37216041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname adbs.sch.id"; flow:to_server,established; http.header; content: "Host|3a| adbs.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname smlwari.com"; dns.query; content:"smlwari.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com$/i"; classtype:trojan-activity; sid:37216061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname smlwari.com"; flow:to_server,established; http.header; content: "Host|3a| smlwari.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname smakebangsaan.sch.id"; dns.query; content:"smakebangsaan.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id$/i"; classtype:trojan-activity; sid:37216081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname smakebangsaan.sch.id"; flow:to_server,established; http.header; content: "Host|3a| smakebangsaan.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37216101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname rcihandicrafts.com"; dns.query; content:"rcihandicrafts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcihandicrafts\.com$/i"; classtype:trojan-activity; sid:37216121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname rcihandicrafts.com"; flow:to_server,established; http.header; content: "Host|3a| rcihandicrafts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcihandicrafts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname min4lampungtimur.sch.id"; dns.query; content:"min4lampungtimur.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id$/i"; classtype:trojan-activity; sid:37216141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname min4lampungtimur.sch.id"; flow:to_server,established; http.header; content: "Host|3a| min4lampungtimur.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname mlc.cl"; dns.query; content:"mlc.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlc\.cl$/i"; classtype:trojan-activity; sid:37216161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname mlc.cl"; flow:to_server,established; http.header; content: "Host|3a| mlc.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlc\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname deviance.za.net"; dns.query; content:"deviance.za.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net$/i"; classtype:trojan-activity; sid:37216181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname deviance.za.net"; flow:to_server,established; http.header; content: "Host|3a| deviance.za.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname calistakitchenandbath.com"; dns.query; content:"calistakitchenandbath.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com$/i"; classtype:trojan-activity; sid:37216201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname calistakitchenandbath.com"; flow:to_server,established; http.header; content: "Host|3a| calistakitchenandbath.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37216221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname scmsgroup.org"; dns.query; content:"scmsgroup.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scmsgroup\.org$/i"; classtype:trojan-activity; sid:37216241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname scmsgroup.org"; flow:to_server,established; http.header; content: "Host|3a| scmsgroup.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scmsgroup\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname maxreal.vn"; dns.query; content:"maxreal.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maxreal\.vn$/i"; classtype:trojan-activity; sid:37216261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname maxreal.vn"; flow:to_server,established; http.header; content: "Host|3a| maxreal.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maxreal\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname allthingsbreastfeeding.co.za"; dns.query; content:"allthingsbreastfeeding.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])allthingsbreastfeeding\.co\.za$/i"; classtype:trojan-activity; sid:37216281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname allthingsbreastfeeding.co.za"; flow:to_server,established; http.header; content: "Host|3a| allthingsbreastfeeding.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])allthingsbreastfeeding\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname diresaapurimac.gob.pe"; dns.query; content:"diresaapurimac.gob.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe$/i"; classtype:trojan-activity; sid:37216301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname diresaapurimac.gob.pe"; flow:to_server,established; http.header; content: "Host|3a| diresaapurimac.gob.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname inverex.org"; dns.query; content:"inverex.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org$/i"; classtype:trojan-activity; sid:37216321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname inverex.org"; flow:to_server,established; http.header; content: "Host|3a| inverex.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37216341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname smakebangsaan.sch.id"; dns.query; content:"smakebangsaan.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id$/i"; classtype:trojan-activity; sid:37216361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname smakebangsaan.sch.id"; flow:to_server,established; http.header; content: "Host|3a| smakebangsaan.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname asilpark.com.tr"; dns.query; content:"asilpark.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr$/i"; classtype:trojan-activity; sid:37216381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname asilpark.com.tr"; flow:to_server,established; http.header; content: "Host|3a| asilpark.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname emceehansa.com"; dns.query; content:"emceehansa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emceehansa\.com$/i"; classtype:trojan-activity; sid:37216401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname emceehansa.com"; flow:to_server,established; http.header; content: "Host|3a| emceehansa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emceehansa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname sunilvishwakarma.in"; dns.query; content:"sunilvishwakarma.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in$/i"; classtype:trojan-activity; sid:37216421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname sunilvishwakarma.in"; flow:to_server,established; http.header; content: "Host|3a| sunilvishwakarma.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname pilsa.cat"; dns.query; content:"pilsa.cat"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat$/i"; classtype:trojan-activity; sid:37216441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname pilsa.cat"; flow:to_server,established; http.header; content: "Host|3a| pilsa.cat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37216461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26212 [] Hostname luckygroupindia.in"; dns.query; content:"luckygroupindia.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])luckygroupindia\.in$/i"; classtype:trojan-activity; sid:37216481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26212 [] Outgoing HTTP Hostname luckygroupindia.in"; flow:to_server,established; http.header; content: "Host|3a| luckygroupindia.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])luckygroupindia\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37216482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26212;) alert dns any any -> any any (msg: "MISP e26227 [] Domain merckllc.top"; dns.query; content:"merckllc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])merckllc\.top$/i"; classtype:trojan-activity; sid:37275331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain merckllc.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merckllc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merckllc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 172.245.208.5 2060 (msg: "MISP e26227 [] Outgoing To IP: 172.245.208.5|2060"; classtype:trojan-activity; sid:37275341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 217.196.98.10 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//217.196.98.10/11da1c02f1899731.php"; flow:to_server,established; http.header; content:"217.196.98.10"; fast_pattern; nocase; http.uri; content:"/11da1c02f1899731.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37275351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26023 [] Domain cl-banco.estado-inicio.info"; dns.query; content:"cl-banco.estado-inicio.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\-banco\.estado\-inicio\.info$/i"; classtype:trojan-activity; sid:37091801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26023;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26023 [] Outgoing HTTP Domain cl-banco.estado-inicio.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cl-banco.estado-inicio.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\-banco\.estado\-inicio\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37091802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26023;) alert dns any any -> any any (msg: "MISP e26024 [] Domain ingreso-banestado.pages.dev"; dns.query; content:"ingreso-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])ingreso\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37091881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26024;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26024 [] Outgoing HTTP Domain ingreso-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ingreso-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ingreso\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37091882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26024;) alert dns any any -> any any (msg: "MISP e26025 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:37091961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26025;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26025 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37091962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26025;) alert dns any any -> any any (msg: "MISP e26026 [] Domain micro-bancaestado.pages.dev"; dns.query; content:"micro-bancaestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37092041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26026;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26026 [] Outgoing HTTP Domain micro-bancaestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"micro-bancaestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26026;) alert dns any any -> any any (msg: "MISP e26027 [] Domain portal-banestado.pages.dev"; dns.query; content:"portal-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37092121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26027;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26027 [] Outgoing HTTP Domain portal-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26027;) alert dns any any -> any any (msg: "MISP e26028 [] Domain bepass-bestado.pages.dev"; dns.query; content:"bepass-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37092201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26028;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26028 [] Outgoing HTTP Domain bepass-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bepass-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26028;) alert dns any any -> any any (msg: "MISP e26029 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37092281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26029;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26029 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26029;) alert dns any any -> any any (msg: "MISP e26030 [] Domain web.soportecancelacion.info"; dns.query; content:"web.soportecancelacion.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])web\.soportecancelacion\.info$/i"; classtype:trojan-activity; sid:37092361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26030;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26030 [] Outgoing HTTP Domain web.soportecancelacion.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"web.soportecancelacion.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])web\.soportecancelacion\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26030;) alert ip $HOME_NET any -> 172.245.208.5 2060 (msg: "MISP e26070 [] Outgoing To IP: 172.245.208.5|2060"; classtype:trojan-activity; sid:37121101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [] Domain merckllc.top"; dns.query; content:"merckllc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])merckllc\.top$/i"; classtype:trojan-activity; sid:37121111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [] Outgoing HTTP Domain merckllc.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merckllc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merckllc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e24600 [] Domain rcihandicrafts.com"; dns.query; content:"rcihandicrafts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rcihandicrafts\.com$/i"; classtype:trojan-activity; sid:37115651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain rcihandicrafts.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rcihandicrafts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rcihandicrafts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e26070 [AS812,c2,censys,ROGERS-COMMUNICATIONS] Domain rw1.dbgblack.com"; dns.query; content:"rw1.dbgblack.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rw1\.dbgblack\.com$/i"; classtype:trojan-activity; sid:37121121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS812,c2,censys,ROGERS-COMMUNICATIONS] Outgoing HTTP Domain rw1.dbgblack.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rw1.dbgblack.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rw1\.dbgblack\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 141.98.81.98 81 (msg: "MISP e26070 [AS209588,c2,censys,FLYSERVERS-ASN] Outgoing To IP: 141.98.81.98|81"; classtype:trojan-activity; sid:37121131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 196.235.2.142 8080 (msg: "MISP e26070 [AS37492,c2,censys,ORANGE-] Outgoing To IP: 196.235.2.142|8080"; classtype:trojan-activity; sid:37121141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 192.3.98.165 80 (msg: "MISP e26070 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 192.3.98.165|80"; classtype:trojan-activity; sid:37121151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 93.33.203.219 443 (msg: "MISP e26070 [AS12874,c2,censys,FASTWEB] Outgoing To IP: 93.33.203.219|443"; classtype:trojan-activity; sid:37121161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 134.175.236.110 443 (msg: "MISP e26070 [AS45090,c2,censys] Outgoing To IP: 134.175.236.110|443"; classtype:trojan-activity; sid:37121171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 62.133.60.192 80 (msg: "MISP e26070 [AS207713,c2,censys,GIR-AS] Outgoing To IP: 62.133.60.192|80"; classtype:trojan-activity; sid:37121181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 47.97.37.19 4444 (msg: "MISP e26070 [AS37963,c2,censys] Outgoing To IP: 47.97.37.19|4444"; classtype:trojan-activity; sid:37121191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 187.135.146.194 2079 (msg: "MISP e26070 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2079"; classtype:trojan-activity; sid:37121201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 187.135.146.194 2078 (msg: "MISP e26070 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2078"; classtype:trojan-activity; sid:37121211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 187.135.146.194 2095 (msg: "MISP e26070 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2095"; classtype:trojan-activity; sid:37121221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 187.135.146.194 2143 (msg: "MISP e26070 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.146.194|2143"; classtype:trojan-activity; sid:37121231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 20.15.234.170 443 (msg: "MISP e26070 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.15.234.170|443"; classtype:trojan-activity; sid:37121241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 138.201.176.60 7707 (msg: "MISP e26070 [AS24940,c2,censys,HETZNER-AS,RAT] Outgoing To IP: 138.201.176.60|7707"; classtype:trojan-activity; sid:37121251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 206.123.132.240 2000 (msg: "MISP e26070 [AS212238,c2,CDNEXT,censys,RAT] Outgoing To IP: 206.123.132.240|2000"; classtype:trojan-activity; sid:37121261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 94.156.69.196 6000 (msg: "MISP e26070 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 94.156.69.196|6000"; classtype:trojan-activity; sid:37121271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 94.156.69.196 8000 (msg: "MISP e26070 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 94.156.69.196|8000"; classtype:trojan-activity; sid:37121281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,Mythic] Domain 21.157.72.34.bc.googleusercontent.com"; dns.query; content:"21.157.72.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])21\.157\.72\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37121291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,Mythic] Outgoing HTTP Domain 21.157.72.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"21.157.72.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])21\.157\.72\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Domain www.kitrknis.com"; dns.query; content:"www.kitrknis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kitrknis\.com$/i"; classtype:trojan-activity; sid:37121301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing HTTP Domain www.kitrknis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.kitrknis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kitrknis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 185.216.70.224 8082 (msg: "MISP e26070 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 185.216.70.224|8082"; classtype:trojan-activity; sid:37121311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 185.216.70.225 8082 (msg: "MISP e26070 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 185.216.70.225|8082"; classtype:trojan-activity; sid:37121321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS-NUXTCLOUD,AS216127,c2,censys,HookBot] Domain android.l3harris.pro"; dns.query; content:"android.l3harris.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-])android\.l3harris\.pro$/i"; classtype:trojan-activity; sid:37121331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS-NUXTCLOUD,AS216127,c2,censys,HookBot] Outgoing HTTP Domain android.l3harris.pro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"android.l3harris.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])android\.l3harris\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AMAZON-02,AS16509,c2,censys,HookBot] Domain ec2-3-79-194-172.eu-central-1.compute.amazonaws.com"; dns.query; content:"ec2-3-79-194-172.eu-central-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-79\-194\-172\.eu\-central\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37121341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AMAZON-02,AS16509,c2,censys,HookBot] Outgoing HTTP Domain ec2-3-79-194-172.eu-central-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-79-194-172.eu-central-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-79\-194\-172\.eu\-central\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 95.181.173.164 80 (msg: "MISP e26070 [AEZA-AS,AS210644,c2,censys,HookBot] Outgoing To IP: 95.181.173.164|80"; classtype:trojan-activity; sid:37121351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 150.107.201.68 80 (msg: "MISP e26070 [AS63473,c2,censys,HookBot,HOSTHATCH] Outgoing To IP: 150.107.201.68|80"; classtype:trojan-activity; sid:37121361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 91.92.254.225 80 (msg: "MISP e26070 [AS394711,c2,censys,HookBot,LIMENET] Outgoing To IP: 91.92.254.225|80"; classtype:trojan-activity; sid:37121371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 147.45.45.67 8081 (msg: "MISP e26070 [AS215826,c2,censys,PARTNER-HOSTING-LTD] Outgoing To IP: 147.45.45.67|8081"; classtype:trojan-activity; sid:37121381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 103.120.201.75 2222 (msg: "MISP e26070 [AS63526,c2,censys,RAT] Outgoing To IP: 103.120.201.75|2222"; classtype:trojan-activity; sid:37121391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 73.186.83.59 4782 (msg: "MISP e26070 [AS7015,c2,censys,COMCAST-7015,RAT] Outgoing To IP: 73.186.83.59|4782"; classtype:trojan-activity; sid:37121401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 162.55.40.203 443 (msg: "MISP e26070 [AS24940,c2,censys,HETZNER-AS] Outgoing To IP: 162.55.40.203|443"; classtype:trojan-activity; sid:37121411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS63949,c2,censys] Domain 172-105-14-104.ip.linodeusercontent.com"; dns.query; content:"172-105-14-104.ip.linodeusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])172\-105\-14\-104\.ip\.linodeusercontent\.com$/i"; classtype:trojan-activity; sid:37121421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS63949,c2,censys] Outgoing HTTP Domain 172-105-14-104.ip.linodeusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"172-105-14-104.ip.linodeusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])172\-105\-14\-104\.ip\.linodeusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain 159-203-167-57.ipv4.staticdns2.io"; dns.query; content:"159-203-167-57.ipv4.staticdns2.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])159\-203\-167\-57\.ipv4\.staticdns2\.io$/i"; classtype:trojan-activity; sid:37121431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain 159-203-167-57.ipv4.staticdns2.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"159-203-167-57.ipv4.staticdns2.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])159\-203\-167\-57\.ipv4\.staticdns2\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS39622,c2,censys,ZERGRUSH] Domain healthpips.com"; dns.query; content:"healthpips.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])healthpips\.com$/i"; classtype:trojan-activity; sid:37121441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS39622,c2,censys,ZERGRUSH] Outgoing HTTP Domain healthpips.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"healthpips.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])healthpips\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 51.103.213.14 443 (msg: "MISP e26070 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 51.103.213.14|443"; classtype:trojan-activity; sid:37121451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain qa-dhs.wavenet-solutions.com"; dns.query; content:"qa-dhs.wavenet-solutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qa\-dhs\.wavenet\-solutions\.com$/i"; classtype:trojan-activity; sid:37121461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain qa-dhs.wavenet-solutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qa-dhs.wavenet-solutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qa\-dhs\.wavenet\-solutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain mail.161-35-239-147.cprapid.com"; dns.query; content:"mail.161-35-239-147.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.161\-35\-239\-147\.cprapid\.com$/i"; classtype:trojan-activity; sid:37121471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain mail.161-35-239-147.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.161-35-239-147.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.161\-35\-239\-147\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AMAZON-02,AS16509,c2,censys] Domain ec2-18-153-179-54.eu-central-1.compute.amazonaws.com"; dns.query; content:"ec2-18-153-179-54.eu-central-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-153\-179\-54\.eu\-central\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37121481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-18-153-179-54.eu-central-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-18-153-179-54.eu-central-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-153\-179\-54\.eu\-central\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS24940,c2,censys,HETZNER-AS] Domain static.129.149.13.49.clients.your-server.de"; dns.query; content:"static.129.149.13.49.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.129\.149\.13\.49\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37121491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS24940,c2,censys,HETZNER-AS] Outgoing HTTP Domain static.129.149.13.49.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.129.149.13.49.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.129\.149\.13\.49\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 194.48.251.220 4449 (msg: "MISP e26070 [AS203168,c2,censys,RAT,UNKNOW] Outgoing To IP: 194.48.251.220|4449"; classtype:trojan-activity; sid:37121501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 93.177.100.138 8080 (msg: "MISP e26070 [AS42724,c2,censys,RAT,TALIDO] Outgoing To IP: 93.177.100.138|8080"; classtype:trojan-activity; sid:37121511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS51167,c2,censys,CONTABO,L3MON] Domain moodle1.feja111.de"; dns.query; content:"moodle1.feja111.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])moodle1\.feja111\.de$/i"; classtype:trojan-activity; sid:37121521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS51167,c2,censys,CONTABO,L3MON] Outgoing HTTP Domain moodle1.feja111.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moodle1.feja111.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moodle1\.feja111\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 94.156.64.66 8080 (msg: "MISP e26070 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 94.156.64.66|8080"; classtype:trojan-activity; sid:37121531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 5.42.92.165 80 (msg: "MISP e26070 [ALTAWK,AS203727,c2,censys] Outgoing To IP: 5.42.92.165|80"; classtype:trojan-activity; sid:37121541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 20.241.69.111 80 (msg: "MISP e26070 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.241.69.111|80"; classtype:trojan-activity; sid:37121551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 20.241.69.111 8080 (msg: "MISP e26070 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.241.69.111|8080"; classtype:trojan-activity; sid:37121561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 185.250.45.130 80 (msg: "MISP e26070 [AS49981,c2,censys,WORLDSTREAM] Outgoing To IP: 185.250.45.130|80"; classtype:trojan-activity; sid:37121571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 2.36.57.107 8000 (msg: "MISP e26070 [AS30722,c2,censys,Covenant,VODAFONE-IT-ASN] Outgoing To IP: 2.36.57.107|8000"; classtype:trojan-activity; sid:37121581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 73.186.83.59 4782 (msg: "MISP e26227 [] Outgoing To IP: 73.186.83.59|4782"; classtype:trojan-activity; sid:37275361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 103.120.201.75 2222 (msg: "MISP e26227 [] Outgoing To IP: 103.120.201.75|2222"; classtype:trojan-activity; sid:37275371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 147.45.45.67 8081 (msg: "MISP e26227 [] Outgoing To IP: 147.45.45.67|8081"; classtype:trojan-activity; sid:37275381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 91.92.254.225 80 (msg: "MISP e26227 [] Outgoing To IP: 91.92.254.225|80"; classtype:trojan-activity; sid:37275391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 150.107.201.68 80 (msg: "MISP e26227 [] Outgoing To IP: 150.107.201.68|80"; classtype:trojan-activity; sid:37275401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain ec2-3-79-194-172.eu-central-1.compute.amazonaws.com"; dns.query; content:"ec2-3-79-194-172.eu-central-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-79\-194\-172\.eu\-central\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37275411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain ec2-3-79-194-172.eu-central-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-79-194-172.eu-central-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-79\-194\-172\.eu\-central\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 95.181.173.164 80 (msg: "MISP e26227 [] Outgoing To IP: 95.181.173.164|80"; classtype:trojan-activity; sid:37275421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain android.l3harris.pro"; dns.query; content:"android.l3harris.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-])android\.l3harris\.pro$/i"; classtype:trojan-activity; sid:37275431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain android.l3harris.pro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"android.l3harris.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])android\.l3harris\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 185.216.70.225 8082 (msg: "MISP e26227 [] Outgoing To IP: 185.216.70.225|8082"; classtype:trojan-activity; sid:37275441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 185.216.70.224 8082 (msg: "MISP e26227 [] Outgoing To IP: 185.216.70.224|8082"; classtype:trojan-activity; sid:37275451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain www.kitrknis.com"; dns.query; content:"www.kitrknis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kitrknis\.com$/i"; classtype:trojan-activity; sid:37275461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain www.kitrknis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.kitrknis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kitrknis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain 21.157.72.34.bc.googleusercontent.com"; dns.query; content:"21.157.72.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])21\.157\.72\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37275471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain 21.157.72.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"21.157.72.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])21\.157\.72\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 94.156.69.196 8000 (msg: "MISP e26227 [] Outgoing To IP: 94.156.69.196|8000"; classtype:trojan-activity; sid:37275481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 94.156.69.196 6000 (msg: "MISP e26227 [] Outgoing To IP: 94.156.69.196|6000"; classtype:trojan-activity; sid:37275491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 206.123.132.240 2000 (msg: "MISP e26227 [] Outgoing To IP: 206.123.132.240|2000"; classtype:trojan-activity; sid:37275501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 138.201.176.60 7707 (msg: "MISP e26227 [] Outgoing To IP: 138.201.176.60|7707"; classtype:trojan-activity; sid:37275511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 20.15.234.170 443 (msg: "MISP e26227 [] Outgoing To IP: 20.15.234.170|443"; classtype:trojan-activity; sid:37275521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 187.135.146.194 2095 (msg: "MISP e26227 [] Outgoing To IP: 187.135.146.194|2095"; classtype:trojan-activity; sid:37275531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 187.135.146.194 2143 (msg: "MISP e26227 [] Outgoing To IP: 187.135.146.194|2143"; classtype:trojan-activity; sid:37275541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 187.135.146.194 2078 (msg: "MISP e26227 [] Outgoing To IP: 187.135.146.194|2078"; classtype:trojan-activity; sid:37275551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 187.135.146.194 2079 (msg: "MISP e26227 [] Outgoing To IP: 187.135.146.194|2079"; classtype:trojan-activity; sid:37275561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 47.97.37.19 4444 (msg: "MISP e26227 [] Outgoing To IP: 47.97.37.19|4444"; classtype:trojan-activity; sid:37275571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 62.133.60.192 80 (msg: "MISP e26227 [] Outgoing To IP: 62.133.60.192|80"; classtype:trojan-activity; sid:37275581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 134.175.236.110 443 (msg: "MISP e26227 [] Outgoing To IP: 134.175.236.110|443"; classtype:trojan-activity; sid:37275591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 93.33.203.219 443 (msg: "MISP e26227 [] Outgoing To IP: 93.33.203.219|443"; classtype:trojan-activity; sid:37275601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 192.3.98.165 80 (msg: "MISP e26227 [] Outgoing To IP: 192.3.98.165|80"; classtype:trojan-activity; sid:37275611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 196.235.2.142 8080 (msg: "MISP e26227 [] Outgoing To IP: 196.235.2.142|8080"; classtype:trojan-activity; sid:37275621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 141.98.81.98 81 (msg: "MISP e26227 [] Outgoing To IP: 141.98.81.98|81"; classtype:trojan-activity; sid:37275631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain rw1.dbgblack.com"; dns.query; content:"rw1.dbgblack.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rw1\.dbgblack\.com$/i"; classtype:trojan-activity; sid:37275641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain rw1.dbgblack.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rw1.dbgblack.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rw1\.dbgblack\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 54.175.203.218 443 (msg: "MISP e26070 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 54.175.203.218|443"; classtype:trojan-activity; sid:37121591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-52-200-22-116.compute-1.amazonaws.com"; dns.query; content:"ec2-52-200-22-116.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-200\-22\-116\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37121601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-52-200-22-116.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-52-200-22-116.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-200\-22\-116\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 147.45.45.131 80 (msg: "MISP e26070 [AS215826,c2,censys,PARTNER-HOSTING-LTD,UNAM] Outgoing To IP: 147.45.45.131|80"; classtype:trojan-activity; sid:37121611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS56971,c2,censys,CLOUDBACKBONE,UNAM] Domain x3qc.com"; dns.query; content:"x3qc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])x3qc\.com$/i"; classtype:trojan-activity; sid:37121621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS56971,c2,censys,CLOUDBACKBONE,UNAM] Outgoing HTTP Domain x3qc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"x3qc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])x3qc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 103.16.224.239 80 (msg: "MISP e26070 [AS140815,banking,c2,censys,KrakenRAT,RAT] Outgoing To IP: 103.16.224.239|80"; classtype:trojan-activity; sid:37121631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 124.222.21.138 60000 (msg: "MISP e26070 [AS45090,censys,Viper] Outgoing To IP: 124.222.21.138|60000"; classtype:trojan-activity; sid:37121641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 180.140.153.238 60000 (msg: "MISP e26070 [AS4134,censys,Viper] Outgoing To IP: 180.140.153.238|60000"; classtype:trojan-activity; sid:37121651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain webdisk.dnl-l.ooguy.com"; dns.query; content:"webdisk.dnl-l.ooguy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])webdisk\.dnl\-l\.ooguy\.com$/i"; classtype:trojan-activity; sid:37121661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain webdisk.dnl-l.ooguy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webdisk.dnl-l.ooguy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webdisk\.dnl\-l\.ooguy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain notifications.deenpel.com"; dns.query; content:"notifications.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])notifications\.deenpel\.com$/i"; classtype:trojan-activity; sid:37121671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain notifications.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"notifications.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])notifications\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37121672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 172.105.90.105 81 (msg: "MISP e26070 [AS63949,censys,GoPhish,phishing] Outgoing To IP: 172.105.90.105|81"; classtype:trojan-activity; sid:37121681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 34.255.233.122 443 (msg: "MISP e26070 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 34.255.233.122|443"; classtype:trojan-activity; sid:37121691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 159.69.179.190 3333 (msg: "MISP e26070 [AS24940,censys,GoPhish,HETZNER-AS,phishing] Outgoing To IP: 159.69.179.190|3333"; classtype:trojan-activity; sid:37121701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 157.245.104.17 443 (msg: "MISP e26070 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 157.245.104.17|443"; classtype:trojan-activity; sid:37121711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 128.199.20.195 5000 (msg: "MISP e26070 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 128.199.20.195|5000"; classtype:trojan-activity; sid:37121721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 47.99.188.195 3333 (msg: "MISP e26070 [AS37963,censys,GoPhish,phishing] Outgoing To IP: 47.99.188.195|3333"; classtype:trojan-activity; sid:37121731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 46.151.214.122 9090 (msg: "MISP e26070 [AS51975,censys,GoPhish,phishing] Outgoing To IP: 46.151.214.122|9090"; classtype:trojan-activity; sid:37121741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 23.226.138.143 2083 (msg: "MISP e26070 [AS8100,ASN-QUADRANET-GLOBAL,c2,censys] Outgoing To IP: 23.226.138.143|2083"; classtype:trojan-activity; sid:37121751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26031 [] Domain portal-estado.pages.dev"; dns.query; content:"portal-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37092441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26031;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26031 [] Outgoing HTTP Domain portal-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26031;) alert ip $HOME_NET any -> 23.226.138.143 2083 (msg: "MISP e26227 [] Outgoing To IP: 23.226.138.143|2083"; classtype:trojan-activity; sid:37275651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 46.151.214.122 9090 (msg: "MISP e26227 [] Outgoing To IP: 46.151.214.122|9090"; classtype:trojan-activity; sid:37275661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 47.99.188.195 3333 (msg: "MISP e26227 [] Outgoing To IP: 47.99.188.195|3333"; classtype:trojan-activity; sid:37275671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 128.199.20.195 5000 (msg: "MISP e26227 [] Outgoing To IP: 128.199.20.195|5000"; classtype:trojan-activity; sid:37275681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 157.245.104.17 443 (msg: "MISP e26227 [] Outgoing To IP: 157.245.104.17|443"; classtype:trojan-activity; sid:37275691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 159.69.179.190 3333 (msg: "MISP e26227 [] Outgoing To IP: 159.69.179.190|3333"; classtype:trojan-activity; sid:37275701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 34.255.233.122 443 (msg: "MISP e26227 [] Outgoing To IP: 34.255.233.122|443"; classtype:trojan-activity; sid:37275711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 172.105.90.105 81 (msg: "MISP e26227 [] Outgoing To IP: 172.105.90.105|81"; classtype:trojan-activity; sid:37275721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain webdisk.dnl-l.ooguy.com"; dns.query; content:"webdisk.dnl-l.ooguy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])webdisk\.dnl\-l\.ooguy\.com$/i"; classtype:trojan-activity; sid:37275731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain webdisk.dnl-l.ooguy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webdisk.dnl-l.ooguy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webdisk\.dnl\-l\.ooguy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain notifications.deenpel.com"; dns.query; content:"notifications.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])notifications\.deenpel\.com$/i"; classtype:trojan-activity; sid:37275741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain notifications.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"notifications.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])notifications\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 124.222.21.138 60000 (msg: "MISP e26227 [] Outgoing To IP: 124.222.21.138|60000"; classtype:trojan-activity; sid:37275751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 180.140.153.238 60000 (msg: "MISP e26227 [] Outgoing To IP: 180.140.153.238|60000"; classtype:trojan-activity; sid:37275761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 103.16.224.239 80 (msg: "MISP e26227 [] Outgoing To IP: 103.16.224.239|80"; classtype:trojan-activity; sid:37275771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 147.45.45.131 80 (msg: "MISP e26227 [] Outgoing To IP: 147.45.45.131|80"; classtype:trojan-activity; sid:37275781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain x3qc.com"; dns.query; content:"x3qc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])x3qc\.com$/i"; classtype:trojan-activity; sid:37275791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain x3qc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"x3qc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])x3qc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain ec2-52-200-22-116.compute-1.amazonaws.com"; dns.query; content:"ec2-52-200-22-116.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-200\-22\-116\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37275801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain ec2-52-200-22-116.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-52-200-22-116.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-200\-22\-116\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 54.175.203.218 443 (msg: "MISP e26227 [] Outgoing To IP: 54.175.203.218|443"; classtype:trojan-activity; sid:37275811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 2.36.57.107 8000 (msg: "MISP e26227 [] Outgoing To IP: 2.36.57.107|8000"; classtype:trojan-activity; sid:37275821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 185.250.45.130 80 (msg: "MISP e26227 [] Outgoing To IP: 185.250.45.130|80"; classtype:trojan-activity; sid:37275831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 20.241.69.111 8080 (msg: "MISP e26227 [] Outgoing To IP: 20.241.69.111|8080"; classtype:trojan-activity; sid:37275841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.42.92.165 80 (msg: "MISP e26227 [] Outgoing To IP: 5.42.92.165|80"; classtype:trojan-activity; sid:37275851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 20.241.69.111 80 (msg: "MISP e26227 [] Outgoing To IP: 20.241.69.111|80"; classtype:trojan-activity; sid:37275861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 94.156.64.66 8080 (msg: "MISP e26227 [] Outgoing To IP: 94.156.64.66|8080"; classtype:trojan-activity; sid:37275871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain moodle1.feja111.de"; dns.query; content:"moodle1.feja111.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])moodle1\.feja111\.de$/i"; classtype:trojan-activity; sid:37275881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain moodle1.feja111.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moodle1.feja111.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moodle1\.feja111\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 93.177.100.138 8080 (msg: "MISP e26227 [] Outgoing To IP: 93.177.100.138|8080"; classtype:trojan-activity; sid:37275891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 194.48.251.220 4449 (msg: "MISP e26227 [] Outgoing To IP: 194.48.251.220|4449"; classtype:trojan-activity; sid:37275901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain static.129.149.13.49.clients.your-server.de"; dns.query; content:"static.129.149.13.49.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.129\.149\.13\.49\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37275911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain static.129.149.13.49.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.129.149.13.49.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.129\.149\.13\.49\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain mail.161-35-239-147.cprapid.com"; dns.query; content:"mail.161-35-239-147.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.161\-35\-239\-147\.cprapid\.com$/i"; classtype:trojan-activity; sid:37275921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain mail.161-35-239-147.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.161-35-239-147.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.161\-35\-239\-147\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain ec2-18-153-179-54.eu-central-1.compute.amazonaws.com"; dns.query; content:"ec2-18-153-179-54.eu-central-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-153\-179\-54\.eu\-central\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37275931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain ec2-18-153-179-54.eu-central-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-18-153-179-54.eu-central-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-153\-179\-54\.eu\-central\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 51.103.213.14 443 (msg: "MISP e26227 [] Outgoing To IP: 51.103.213.14|443"; classtype:trojan-activity; sid:37275941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain qa-dhs.wavenet-solutions.com"; dns.query; content:"qa-dhs.wavenet-solutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qa\-dhs\.wavenet\-solutions\.com$/i"; classtype:trojan-activity; sid:37275951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain qa-dhs.wavenet-solutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qa-dhs.wavenet-solutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qa\-dhs\.wavenet\-solutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain 159-203-167-57.ipv4.staticdns2.io"; dns.query; content:"159-203-167-57.ipv4.staticdns2.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])159\-203\-167\-57\.ipv4\.staticdns2\.io$/i"; classtype:trojan-activity; sid:37275961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain 159-203-167-57.ipv4.staticdns2.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"159-203-167-57.ipv4.staticdns2.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])159\-203\-167\-57\.ipv4\.staticdns2\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain healthpips.com"; dns.query; content:"healthpips.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])healthpips\.com$/i"; classtype:trojan-activity; sid:37275971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain healthpips.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"healthpips.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])healthpips\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain 172-105-14-104.ip.linodeusercontent.com"; dns.query; content:"172-105-14-104.ip.linodeusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])172\-105\-14\-104\.ip\.linodeusercontent\.com$/i"; classtype:trojan-activity; sid:37275981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain 172-105-14-104.ip.linodeusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"172-105-14-104.ip.linodeusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])172\-105\-14\-104\.ip\.linodeusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37275982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 162.55.40.203 443 (msg: "MISP e26227 [] Outgoing To IP: 162.55.40.203|443"; classtype:trojan-activity; sid:37275991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 3.70.168.173 2376 (msg: "MISP e26070 [c2,sliver] Outgoing To IP: 3.70.168.173|2376"; classtype:trojan-activity; sid:37121761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26078 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"4a1623d874dff73fdeaba438c9ddf4e21537dcaf9995e78a7badda833922ff6b|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37126531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26078;) alert ip $HOME_NET any -> 3.70.168.173 2376 (msg: "MISP e26227 [] Outgoing To IP: 3.70.168.173|2376"; classtype:trojan-activity; sid:37276001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26032 [] Domain wwwtarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"wwwtarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwtarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37092531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26032;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26032 [] Outgoing HTTP Domain wwwtarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwtarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwtarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37092532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26032;) alert ip $HOME_NET any -> 18.197.239.5 13056 (msg: "MISP e26227 [] Outgoing To IP: 18.197.239.5|13056"; classtype:trojan-activity; sid:37276011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 18.192.93.86 13056 (msg: "MISP e26227 [] Outgoing To IP: 18.192.93.86|13056"; classtype:trojan-activity; sid:37276021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 192.169.69.26 64418 (msg: "MISP e26227 [] Outgoing To IP: 192.169.69.26|64418"; classtype:trojan-activity; sid:37276031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 18.192.93.86 13056 (msg: "MISP e26070 [njrat,RAT] Outgoing To IP: 18.192.93.86|13056"; classtype:trojan-activity; sid:37121771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 18.197.239.5 13056 (msg: "MISP e26070 [njrat,RAT] Outgoing To IP: 18.197.239.5|13056"; classtype:trojan-activity; sid:37121781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26079 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"d09246394740ef99b250c99bc232890fe22b2c301d518344c1799bfd0d67f44c|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37126571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26079;) alert dns any any -> any any (msg: "MISP e26181 [] Domain ads-analyze.top"; dns.query; content:"ads-analyze.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-analyze\.top$/i"; classtype:trojan-activity; sid:37207401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26181;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26181 [] Outgoing HTTP Domain ads-analyze.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ads-analyze.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-analyze\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37207402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26181;) alert ip $HOME_NET any -> 162.62.225.65 any (msg: "MISP e26417 [] Outgoing To IP: 162.62.225.65"; classtype:trojan-activity; sid:37288931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26417;) alert ip $HOME_NET any -> 43.163.221.160 any (msg: "MISP e26417 [] Outgoing To IP: 43.163.221.160"; classtype:trojan-activity; sid:37288941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26417;) alert ip $HOME_NET any -> 43.155.173.104 any (msg: "MISP e26417 [] Outgoing To IP: 43.155.173.104"; classtype:trojan-activity; sid:37288951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26417;) alert ip $HOME_NET any -> 43.153.75.48 any (msg: "MISP e26417 [] Outgoing To IP: 43.153.75.48"; classtype:trojan-activity; sid:37288961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26417;) alert ip $HOME_NET any -> 49.51.49.54 any (msg: "MISP e26417 [] Outgoing To IP: 49.51.49.54"; classtype:trojan-activity; sid:37288971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26417;) alert ip $HOME_NET any -> 43.157.63.199 any (msg: "MISP e26417 [] Outgoing To IP: 43.157.63.199"; classtype:trojan-activity; sid:37288981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26417;) alert ip $HOME_NET any -> 170.106.196.76 any (msg: "MISP e26417 [] Outgoing To IP: 170.106.196.76"; classtype:trojan-activity; sid:37288991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26417;) alert ip $HOME_NET any -> 43.157.58.203 any (msg: "MISP e26417 [] Outgoing To IP: 43.157.58.203"; classtype:trojan-activity; sid:37289001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26417;) alert http $HOME_NET any -> 107.189.14.144 8080 (msg: "MISP e26070 [CobaltStrike,cs-watermark-987654321,PONYNET] Outgoing URL http|3a|//107.189.14.144|3a|8080/visit.js"; flow:to_server,established; http.header; content:"107.189.14.144"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37121791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 43.153.106.236 any (msg: "MISP e26417 [] Outgoing To IP: 43.153.106.236"; classtype:trojan-activity; sid:37289011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26417;) alert http $HOME_NET any -> 114.115.210.125 8880 (msg: "MISP e26070 [CHINA169-BJ China Unicom Beijing Province Network,CobaltStrike,cs-watermark-666666666] Outgoing URL http|3a|//114.115.210.125|3a|8880/g.pixel"; flow:to_server,established; http.header; content:"114.115.210.125"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37121811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 134.122.75.115 $HTTP_PORTS (msg: "MISP e26070 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Outgoing URL http|3a|//134.122.75.115/g.pixel"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37121821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 64.226.76.0 $HTTP_PORTS (msg: "MISP e26070 [CobaltStrike,cs-watermark-230717493,DigitalOcean LLC] Outgoing URL http|3a|//64.226.76.0/c/msdownload/update/others/2020/10/29136388_"; flow:to_server,established; http.header; content:"64.226.76.0"; fast_pattern; nocase; http.uri; content:"/c/msdownload/update/others/2020/10/29136388_"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37121841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 154.8.157.205 8999 (msg: "MISP e26070 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//154.8.157.205|3a|8999/updates.rss"; flow:to_server,established; http.header; content:"154.8.157.205"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37121881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26070 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//122.51.220.170/load"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37121891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 154.8.157.205 8099 (msg: "MISP e26070 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//154.8.157.205|3a|8099/cm"; flow:to_server,established; http.header; content:"154.8.157.205"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37121951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 129.151.142.36 8080 (msg: "MISP e26070 [RedLineStealer] Outgoing To IP: 129.151.142.36|8080"; classtype:trojan-activity; sid:37121961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 120.48.96.69 9001 (msg: "MISP e26070 [BAIDU Beijing Baidu Netcom Science and Technology Co. Ltd.,CobaltStrike,cs-watermark-1234567890] Outgoing URL http|3a|//120.48.96.69|3a|9001/pixel.gif"; flow:to_server,established; http.header; content:"120.48.96.69"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37121971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 120.48.96.69 9001 (msg: "MISP e26227 [] Outgoing URL http|3a|//120.48.96.69|3a|9001/pixel.gif"; flow:to_server,established; http.header; content:"120.48.96.69"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 129.151.142.36 8080 (msg: "MISP e26227 [] Outgoing To IP: 129.151.142.36|8080"; classtype:trojan-activity; sid:37276051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 154.8.157.205 8099 (msg: "MISP e26227 [] Outgoing URL http|3a|//154.8.157.205|3a|8099/cm"; flow:to_server,established; http.header; content:"154.8.157.205"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//122.51.220.170/load"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 154.8.157.205 8999 (msg: "MISP e26227 [] Outgoing URL http|3a|//154.8.157.205|3a|8999/updates.rss"; flow:to_server,established; http.header; content:"154.8.157.205"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 64.226.76.0 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//64.226.76.0/c/msdownload/update/others/2020/10/29136388_"; flow:to_server,established; http.header; content:"64.226.76.0"; fast_pattern; nocase; http.uri; content:"/c/msdownload/update/others/2020/10/29136388_"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 134.122.75.115 $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//134.122.75.115/g.pixel"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 114.115.210.125 8880 (msg: "MISP e26227 [] Outgoing URL http|3a|//114.115.210.125|3a|8880/g.pixel"; flow:to_server,established; http.header; content:"114.115.210.125"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 107.189.14.144 8080 (msg: "MISP e26227 [] Outgoing URL http|3a|//107.189.14.144|3a|8080/visit.js"; flow:to_server,established; http.header; content:"107.189.14.144"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26038 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:37104461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26038;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26038 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37104462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26038;) alert ip $HOME_NET any -> 23.226.138.161 5242 (msg: "MISP e26070 [] Outgoing To IP: 23.226.138.161|5242"; classtype:trojan-activity; sid:37122001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 37.60.242.86 2967 (msg: "MISP e26070 [] Outgoing To IP: 37.60.242.86|2967"; classtype:trojan-activity; sid:37122011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 23.226.138.161 5242 (msg: "MISP e26227 [] Outgoing To IP: 23.226.138.161|5242"; classtype:trojan-activity; sid:37276251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 37.60.242.86 2967 (msg: "MISP e26227 [] Outgoing To IP: 37.60.242.86|2967"; classtype:trojan-activity; sid:37276261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26055 [] Outgoing URL http|3a|//webcestadoempresas.online/"; flow:to_server,established; http.header; content:"webcestadoempresas.online"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37108811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26055;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26055 [] Outgoing URL http|3a|//webcestadoempresas.online/1707493569/ib/presentation/BE2P/index.htm"; flow:to_server,established; http.header; content:"webcestadoempresas.online"; fast_pattern; nocase; http.uri; content:"/1707493569/ib/presentation/BE2P/index.htm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37108821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26055;) alert dns any any -> any any (msg: "MISP e26055 [] Domain webcestadoempresas.online"; dns.query; content:"webcestadoempresas.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online$/i"; classtype:trojan-activity; sid:37108831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26055;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26055 [] Outgoing HTTP Domain webcestadoempresas.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webcestadoempresas.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37108832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26055;) alert ip 87.236.176.55 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.55"; classtype:trojan-activity; sid:37242501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 198.235.24.79 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.79"; classtype:trojan-activity; sid:37242511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 45.227.254.9 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.227.254.9"; classtype:trojan-activity; sid:37242521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 87.236.176.43 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.43"; classtype:trojan-activity; sid:37242531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 103.118.29.110 any -> $HOME_NET any (msg: "MISP e26309 [] Incoming From IP: 103.118.29.110"; classtype:trojan-activity; sid:37242541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 190.4.211.110 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.4.211.110"; classtype:trojan-activity; sid:37242551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 87.236.176.67 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.67"; classtype:trojan-activity; sid:37242561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 87.236.176.63 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.63"; classtype:trojan-activity; sid:37242571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 185.106.21.161 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.106.21.161"; classtype:trojan-activity; sid:37242581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 87.236.176.53 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.53"; classtype:trojan-activity; sid:37242591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 45.67.216.98 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.67.216.98"; classtype:trojan-activity; sid:37242601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 212.227.238.135 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.227.238.135"; classtype:trojan-activity; sid:37242611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 198.199.97.58 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.97.58"; classtype:trojan-activity; sid:37242621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 162.142.125.12 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.12"; classtype:trojan-activity; sid:37242631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert ip 103.98.160.34 any -> $HOME_NET any (msg: "MISP e26309 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.98.160.34"; classtype:trojan-activity; sid:37242641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26309;) alert dns any any -> any any (msg: "MISP e26058 [] Domain cl-banco.estado-inicio.info"; dns.query; content:"cl-banco.estado-inicio.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\-banco\.estado\-inicio\.info$/i"; classtype:trojan-activity; sid:37108971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26058;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26058 [] Outgoing HTTP Domain cl-banco.estado-inicio.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cl-banco.estado-inicio.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\-banco\.estado\-inicio\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37108972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26058;) alert dns any any -> any any (msg: "MISP e26067 [] Domain consuecsmfuir.com"; dns.query; content:"consuecsmfuir.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])consuecsmfuir\.com$/i"; classtype:trojan-activity; sid:37115181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26067;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26067 [] Outgoing HTTP Domain consuecsmfuir.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consuecsmfuir.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consuecsmfuir\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26067;) alert ip $HOME_NET any -> 94.20.88.63 53 (msg: "MISP e26070 [CobaltStrike,cs-watermark-1580103824,HOSTART LLC] Outgoing To IP: 94.20.88.63|53"; classtype:trojan-activity; sid:37122021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [CobaltStrike,cs-watermark-666666,PEG TECH INC] Domain vpn.nsfocus.cn.com"; dns.query; content:"vpn.nsfocus.cn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vpn\.nsfocus\.cn\.com$/i"; classtype:trojan-activity; sid:37122031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [CobaltStrike,cs-watermark-666666,PEG TECH INC] Outgoing HTTP Domain vpn.nsfocus.cn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vpn.nsfocus.cn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vpn\.nsfocus\.cn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37122032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 107.148.1.41 53 (msg: "MISP e26070 [CobaltStrike,cs-watermark-666666,PEG TECH INC] Outgoing To IP: 107.148.1.41|53"; classtype:trojan-activity; sid:37122041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 107.148.1.41 53 (msg: "MISP e26227 [] Outgoing To IP: 107.148.1.41|53"; classtype:trojan-activity; sid:37276271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain vpn.nsfocus.cn.com"; dns.query; content:"vpn.nsfocus.cn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vpn\.nsfocus\.cn\.com$/i"; classtype:trojan-activity; sid:37276281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain vpn.nsfocus.cn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vpn.nsfocus.cn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vpn\.nsfocus\.cn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37276282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 94.20.88.63 53 (msg: "MISP e26227 [] Outgoing To IP: 94.20.88.63|53"; classtype:trojan-activity; sid:37276291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [dcrat] Outgoing URL http|3a|//lest1kkror.ru.swtest.ru/imagetodle.php"; flow:to_server,established; http.header; content:"lest1kkror.ru.swtest.ru"; fast_pattern; nocase; http.uri; content:"/imagetodle.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 45.129.199.163 443 (msg: "MISP e26227 [] Outgoing To IP: 45.129.199.163|443"; classtype:trojan-activity; sid:37276301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.181.202.164 443 (msg: "MISP e26227 [] Outgoing To IP: 5.181.202.164|443"; classtype:trojan-activity; sid:37276311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.231.1.213 443 (msg: "MISP e26227 [] Outgoing To IP: 5.231.1.213|443"; classtype:trojan-activity; sid:37276321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//lest1kkror.ru.swtest.ru/imagetodle.php"; flow:to_server,established; http.header; content:"lest1kkror.ru.swtest.ru"; fast_pattern; nocase; http.uri; content:"/imagetodle.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 80.66.85.145 27441 (msg: "MISP e26227 [] Outgoing To IP: 80.66.85.145|27441"; classtype:trojan-activity; sid:37276341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26068 [] Domain cmunicasocialword.com"; dns.query; content:"cmunicasocialword.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cmunicasocialword\.com$/i"; classtype:trojan-activity; sid:37115701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26068;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26068 [] Outgoing HTTP Domain cmunicasocialword.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cmunicasocialword.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cmunicasocialword\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26068;) alert ip $HOME_NET any -> 88.214.26.22 80 (msg: "MISP e26227 [] Outgoing To IP: 88.214.26.22|80"; classtype:trojan-activity; sid:37276371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 193.29.13.167 443 (msg: "MISP e26227 [] Outgoing To IP: 193.29.13.167|443"; classtype:trojan-activity; sid:37276381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 88.214.26.22 443 (msg: "MISP e26227 [] Outgoing To IP: 88.214.26.22|443"; classtype:trojan-activity; sid:37276391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 193.29.13.167 80 (msg: "MISP e26227 [] Outgoing To IP: 193.29.13.167|80"; classtype:trojan-activity; sid:37276401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//sarkerrentacars.com/zshrc"; flow:to_server,established; http.header; content:"sarkerrentacars.com"; fast_pattern; nocase; http.uri; content:"/zshrc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//turkishfurniture.blog/Previewers"; flow:to_server,established; http.header; content:"turkishfurniture.blog"; fast_pattern; nocase; http.uri; content:"/Previewers"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//linksammosupply.com/VisualStudioUpdater"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/VisualStudioUpdater"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//linksammosupply.com/zshrc2"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/zshrc2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//linksammosupply.com/VisualStudioUpdaterLs2"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/VisualStudioUpdaterLs2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain serviceicloud.com"; dns.query; content:"serviceicloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])serviceicloud\.com$/i"; classtype:trojan-activity; sid:37276461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain serviceicloud.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"serviceicloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])serviceicloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37276462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain maconlineoffice.com"; dns.query; content:"maconlineoffice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])maconlineoffice\.com$/i"; classtype:trojan-activity; sid:37276471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain maconlineoffice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maconlineoffice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maconlineoffice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37276472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 101.201.46.105 8989 (msg: "MISP e26070 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938] Outgoing URL http|3a|//101.201.46.105|3a|8989/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"101.201.46.105"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [Amazon.com Inc.,CobaltStrike,cs-watermark-1044324065] Domain aws-apps.net"; dns.query; content:"aws-apps.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])aws\-apps\.net$/i"; classtype:trojan-activity; sid:37122271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [Amazon.com Inc.,CobaltStrike,cs-watermark-1044324065] Outgoing HTTP Domain aws-apps.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aws-apps.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aws\-apps\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37122272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 192.3.101.133 88 (msg: "MISP e26070 [CobaltStrike,cs-watermark-1580103824,HostPapa] Outgoing URL http|3a|//192.3.101.133|3a|88/updates.rss"; flow:to_server,established; http.header; content:"192.3.101.133"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [CobaltStrike,cs-watermark-666,SIMPLECARRIER] Domain cdn-lnk-075.epsonupdate.uk"; dns.query; content:"cdn-lnk-075.epsonupdate.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-lnk\-075\.epsonupdate\.uk$/i"; classtype:trojan-activity; sid:37122311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [CobaltStrike,cs-watermark-666,SIMPLECARRIER] Outgoing HTTP Domain cdn-lnk-075.epsonupdate.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn-lnk-075.epsonupdate.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-lnk\-075\.epsonupdate\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37122312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 111.230.12.198 8071 (msg: "MISP e26070 [CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//111.230.12.198|3a|8071/g.pixel"; flow:to_server,established; http.header; content:"111.230.12.198"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 78.128.112.205 8080 (msg: "MISP e26070 [4Media Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//78.128.112.205|3a|8080/jp.css"; flow:to_server,established; http.header; content:"78.128.112.205"; fast_pattern; nocase; http.uri; content:"/jp.css"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 129.226.154.245 8888 (msg: "MISP e26070 [CobaltStrike,cs-watermark-0,Tencent Building Kejizhongyi Avenue] Outgoing URL http|3a|//129.226.154.245|3a|8888/fwlink"; flow:to_server,established; http.header; content:"129.226.154.245"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 8.130.79.120 8003 (msg: "MISP e26070 [CobaltStrike,cs-watermark-0,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//8.130.79.120|3a|8003/j.ad"; flow:to_server,established; http.header; content:"8.130.79.120"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> 8.130.79.120 8003 (msg: "MISP e26227 [] Outgoing URL http|3a|//8.130.79.120|3a|8003/j.ad"; flow:to_server,established; http.header; content:"8.130.79.120"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 129.226.154.245 8888 (msg: "MISP e26227 [] Outgoing URL http|3a|//129.226.154.245|3a|8888/fwlink"; flow:to_server,established; http.header; content:"129.226.154.245"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 78.128.112.205 8080 (msg: "MISP e26227 [] Outgoing URL http|3a|//78.128.112.205|3a|8080/jp.css"; flow:to_server,established; http.header; content:"78.128.112.205"; fast_pattern; nocase; http.uri; content:"/jp.css"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 111.230.12.198 8071 (msg: "MISP e26227 [] Outgoing URL http|3a|//111.230.12.198|3a|8071/g.pixel"; flow:to_server,established; http.header; content:"111.230.12.198"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain cdn-lnk-075.epsonupdate.uk"; dns.query; content:"cdn-lnk-075.epsonupdate.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-lnk\-075\.epsonupdate\.uk$/i"; classtype:trojan-activity; sid:37276541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain cdn-lnk-075.epsonupdate.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn-lnk-075.epsonupdate.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-lnk\-075\.epsonupdate\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37276542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 192.3.101.133 88 (msg: "MISP e26227 [] Outgoing URL http|3a|//192.3.101.133|3a|88/updates.rss"; flow:to_server,established; http.header; content:"192.3.101.133"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain aws-apps.net"; dns.query; content:"aws-apps.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])aws\-apps\.net$/i"; classtype:trojan-activity; sid:37276591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain aws-apps.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aws-apps.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aws\-apps\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37276592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 101.201.46.105 8989 (msg: "MISP e26227 [] Outgoing URL http|3a|//101.201.46.105|3a|8989/IE9CompatViewList.xml"; flow:to_server,established; http.header; content:"101.201.46.105"; fast_pattern; nocase; http.uri; content:"/IE9CompatViewList.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37276601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 94.158.247.56 443 (msg: "MISP e26070 [c2,QakBot] Outgoing To IP: 94.158.247.56|443"; classtype:trojan-activity; sid:37122361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 5.75.211.127 80 (msg: "MISP e26070 [c2,Vidar] Outgoing To IP: 5.75.211.127|80"; classtype:trojan-activity; sid:37122371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 49.12.118.45 443 (msg: "MISP e26070 [c2,Vidar] Outgoing To IP: 49.12.118.45|443"; classtype:trojan-activity; sid:37122381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 49.12.118.45 80 (msg: "MISP e26070 [c2,Vidar] Outgoing To IP: 49.12.118.45|80"; classtype:trojan-activity; sid:37122391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 5.75.215.113 80 (msg: "MISP e26070 [c2,Vidar] Outgoing To IP: 5.75.215.113|80"; classtype:trojan-activity; sid:37122401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 5.75.209.125 80 (msg: "MISP e26070 [c2,Vidar] Outgoing To IP: 5.75.209.125|80"; classtype:trojan-activity; sid:37122411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 88.99.38.67 80 (msg: "MISP e26070 [c2,Vidar] Outgoing To IP: 88.99.38.67|80"; classtype:trojan-activity; sid:37122421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 78.46.251.181 80 (msg: "MISP e26070 [c2,Vidar] Outgoing To IP: 78.46.251.181|80"; classtype:trojan-activity; sid:37122431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 95.217.215.24 80 (msg: "MISP e26070 [c2,Vidar] Outgoing To IP: 95.217.215.24|80"; classtype:trojan-activity; sid:37122441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 88.198.107.6 80 (msg: "MISP e26070 [c2,Vidar] Outgoing To IP: 88.198.107.6|80"; classtype:trojan-activity; sid:37122451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 116.202.3.242 80 (msg: "MISP e26070 [c2,Vidar] Outgoing To IP: 116.202.3.242|80"; classtype:trojan-activity; sid:37122461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 195.20.16.227 80 (msg: "MISP e26070 [c2,recordbreaker] Outgoing To IP: 195.20.16.227|80"; classtype:trojan-activity; sid:37122471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 195.20.16.226 80 (msg: "MISP e26070 [c2,recordbreaker] Outgoing To IP: 195.20.16.226|80"; classtype:trojan-activity; sid:37122481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 195.20.16.127 80 (msg: "MISP e26070 [c2,recordbreaker] Outgoing To IP: 195.20.16.127|80"; classtype:trojan-activity; sid:37122491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 41.216.183.87 80 (msg: "MISP e26070 [c2,recordbreaker] Outgoing To IP: 41.216.183.87|80"; classtype:trojan-activity; sid:37122501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 195.20.16.225 80 (msg: "MISP e26070 [c2,recordbreaker] Outgoing To IP: 195.20.16.225|80"; classtype:trojan-activity; sid:37122511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 45.15.156.161 80 (msg: "MISP e26070 [c2,recordbreaker] Outgoing To IP: 45.15.156.161|80"; classtype:trojan-activity; sid:37122521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 193.233.132.152 80 (msg: "MISP e26070 [c2,recordbreaker] Outgoing To IP: 193.233.132.152|80"; classtype:trojan-activity; sid:37122531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 195.2.76.141 80 (msg: "MISP e26070 [c2,recordbreaker] Outgoing To IP: 195.2.76.141|80"; classtype:trojan-activity; sid:37122541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 193.233.132.195 50500 (msg: "MISP e26070 [RiseProStealer] Outgoing To IP: 193.233.132.195|50500"; classtype:trojan-activity; sid:37122551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 176.97.73.6 443 (msg: "MISP e26070 [c2,Gozi] Outgoing To IP: 176.97.73.6|443"; classtype:trojan-activity; sid:37122561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 61.75.17.84 59991 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 61.75.17.84|59991"; classtype:trojan-activity; sid:37122571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 5.255.124.188 33136 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 5.255.124.188|33136"; classtype:trojan-activity; sid:37122581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 8.219.228.210 50010 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 8.219.228.210|50010"; classtype:trojan-activity; sid:37122591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 47.99.151.68 50050 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 47.99.151.68|50050"; classtype:trojan-activity; sid:37122601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 101.43.127.45 50050 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 101.43.127.45|50050"; classtype:trojan-activity; sid:37122611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 43.139.189.54 9999 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 43.139.189.54|9999"; classtype:trojan-activity; sid:37122621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 124.220.185.197 50050 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 124.220.185.197|50050"; classtype:trojan-activity; sid:37122631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 208.83.237.247 50050 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 208.83.237.247|50050"; classtype:trojan-activity; sid:37122641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 43.132.175.126 60666 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 43.132.175.126|60666"; classtype:trojan-activity; sid:37122651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 194.26.135.115 11699 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 194.26.135.115|11699"; classtype:trojan-activity; sid:37122661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 91.245.253.68 37982 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 91.245.253.68|37982"; classtype:trojan-activity; sid:37122671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 8.140.147.193 55555 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 8.140.147.193|55555"; classtype:trojan-activity; sid:37122681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 111.231.22.61 50050 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 111.231.22.61|50050"; classtype:trojan-activity; sid:37122691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 82.117.255.175 51150 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 82.117.255.175|51150"; classtype:trojan-activity; sid:37122701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 47.104.179.218 65534 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 47.104.179.218|65534"; classtype:trojan-activity; sid:37122711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 154.223.17.64 3306 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 154.223.17.64|3306"; classtype:trojan-activity; sid:37122721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 108.160.135.65 8888 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 108.160.135.65|8888"; classtype:trojan-activity; sid:37122731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 74.48.164.62 8040 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 74.48.164.62|8040"; classtype:trojan-activity; sid:37122741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 58.53.128.67 40000 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 58.53.128.67|40000"; classtype:trojan-activity; sid:37122751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 86.107.199.30 14014 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 86.107.199.30|14014"; classtype:trojan-activity; sid:37122761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 163.5.169.23 50050 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 163.5.169.23|50050"; classtype:trojan-activity; sid:37122771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 54.169.49.63 10080 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 54.169.49.63|10080"; classtype:trojan-activity; sid:37122781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 47.115.206.4 54321 (msg: "MISP e26070 [c2,cobalt_strike] Outgoing To IP: 47.115.206.4|54321"; classtype:trojan-activity; sid:37122791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 47.115.206.4 54321 (msg: "MISP e26227 [] Outgoing To IP: 47.115.206.4|54321"; classtype:trojan-activity; sid:37276611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 54.169.49.63 10080 (msg: "MISP e26227 [] Outgoing To IP: 54.169.49.63|10080"; classtype:trojan-activity; sid:37276621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 163.5.169.23 50050 (msg: "MISP e26227 [] Outgoing To IP: 163.5.169.23|50050"; classtype:trojan-activity; sid:37276631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 86.107.199.30 14014 (msg: "MISP e26227 [] Outgoing To IP: 86.107.199.30|14014"; classtype:trojan-activity; sid:37276641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 58.53.128.67 40000 (msg: "MISP e26227 [] Outgoing To IP: 58.53.128.67|40000"; classtype:trojan-activity; sid:37276651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 74.48.164.62 8040 (msg: "MISP e26227 [] Outgoing To IP: 74.48.164.62|8040"; classtype:trojan-activity; sid:37276661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 108.160.135.65 8888 (msg: "MISP e26227 [] Outgoing To IP: 108.160.135.65|8888"; classtype:trojan-activity; sid:37276671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 154.223.17.64 3306 (msg: "MISP e26227 [] Outgoing To IP: 154.223.17.64|3306"; classtype:trojan-activity; sid:37276681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 47.104.179.218 65534 (msg: "MISP e26227 [] Outgoing To IP: 47.104.179.218|65534"; classtype:trojan-activity; sid:37276691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 82.117.255.175 51150 (msg: "MISP e26227 [] Outgoing To IP: 82.117.255.175|51150"; classtype:trojan-activity; sid:37276701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 111.231.22.61 50050 (msg: "MISP e26227 [] Outgoing To IP: 111.231.22.61|50050"; classtype:trojan-activity; sid:37276711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 8.140.147.193 55555 (msg: "MISP e26227 [] Outgoing To IP: 8.140.147.193|55555"; classtype:trojan-activity; sid:37276721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 91.245.253.68 37982 (msg: "MISP e26227 [] Outgoing To IP: 91.245.253.68|37982"; classtype:trojan-activity; sid:37276731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 194.26.135.115 11699 (msg: "MISP e26227 [] Outgoing To IP: 194.26.135.115|11699"; classtype:trojan-activity; sid:37276741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 43.132.175.126 60666 (msg: "MISP e26227 [] Outgoing To IP: 43.132.175.126|60666"; classtype:trojan-activity; sid:37276751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 208.83.237.247 50050 (msg: "MISP e26227 [] Outgoing To IP: 208.83.237.247|50050"; classtype:trojan-activity; sid:37276761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 124.220.185.197 50050 (msg: "MISP e26227 [] Outgoing To IP: 124.220.185.197|50050"; classtype:trojan-activity; sid:37276771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 43.139.189.54 9999 (msg: "MISP e26227 [] Outgoing To IP: 43.139.189.54|9999"; classtype:trojan-activity; sid:37276781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 101.43.127.45 50050 (msg: "MISP e26227 [] Outgoing To IP: 101.43.127.45|50050"; classtype:trojan-activity; sid:37276791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 47.99.151.68 50050 (msg: "MISP e26227 [] Outgoing To IP: 47.99.151.68|50050"; classtype:trojan-activity; sid:37276801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 8.219.228.210 50010 (msg: "MISP e26227 [] Outgoing To IP: 8.219.228.210|50010"; classtype:trojan-activity; sid:37276811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.255.124.188 33136 (msg: "MISP e26227 [] Outgoing To IP: 5.255.124.188|33136"; classtype:trojan-activity; sid:37276821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 61.75.17.84 59991 (msg: "MISP e26227 [] Outgoing To IP: 61.75.17.84|59991"; classtype:trojan-activity; sid:37276831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 176.97.73.6 443 (msg: "MISP e26227 [] Outgoing To IP: 176.97.73.6|443"; classtype:trojan-activity; sid:37276841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 193.233.132.195 50500 (msg: "MISP e26227 [] Outgoing To IP: 193.233.132.195|50500"; classtype:trojan-activity; sid:37276851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 195.2.76.141 80 (msg: "MISP e26227 [] Outgoing To IP: 195.2.76.141|80"; classtype:trojan-activity; sid:37276861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 193.233.132.152 80 (msg: "MISP e26227 [] Outgoing To IP: 193.233.132.152|80"; classtype:trojan-activity; sid:37276871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 45.15.156.161 80 (msg: "MISP e26227 [] Outgoing To IP: 45.15.156.161|80"; classtype:trojan-activity; sid:37276881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 195.20.16.225 80 (msg: "MISP e26227 [] Outgoing To IP: 195.20.16.225|80"; classtype:trojan-activity; sid:37276891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 41.216.183.87 80 (msg: "MISP e26227 [] Outgoing To IP: 41.216.183.87|80"; classtype:trojan-activity; sid:37276901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 195.20.16.127 80 (msg: "MISP e26227 [] Outgoing To IP: 195.20.16.127|80"; classtype:trojan-activity; sid:37276911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 195.20.16.226 80 (msg: "MISP e26227 [] Outgoing To IP: 195.20.16.226|80"; classtype:trojan-activity; sid:37276921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 195.20.16.227 80 (msg: "MISP e26227 [] Outgoing To IP: 195.20.16.227|80"; classtype:trojan-activity; sid:37276931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 116.202.3.242 80 (msg: "MISP e26227 [] Outgoing To IP: 116.202.3.242|80"; classtype:trojan-activity; sid:37276941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 88.198.107.6 80 (msg: "MISP e26227 [] Outgoing To IP: 88.198.107.6|80"; classtype:trojan-activity; sid:37276951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 95.217.215.24 80 (msg: "MISP e26227 [] Outgoing To IP: 95.217.215.24|80"; classtype:trojan-activity; sid:37276961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 78.46.251.181 80 (msg: "MISP e26227 [] Outgoing To IP: 78.46.251.181|80"; classtype:trojan-activity; sid:37276971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 88.99.38.67 80 (msg: "MISP e26227 [] Outgoing To IP: 88.99.38.67|80"; classtype:trojan-activity; sid:37276981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.75.209.125 80 (msg: "MISP e26227 [] Outgoing To IP: 5.75.209.125|80"; classtype:trojan-activity; sid:37276991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.75.215.113 80 (msg: "MISP e26227 [] Outgoing To IP: 5.75.215.113|80"; classtype:trojan-activity; sid:37277001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 49.12.118.45 80 (msg: "MISP e26227 [] Outgoing To IP: 49.12.118.45|80"; classtype:trojan-activity; sid:37277011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 49.12.118.45 443 (msg: "MISP e26227 [] Outgoing To IP: 49.12.118.45|443"; classtype:trojan-activity; sid:37277021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.75.211.127 80 (msg: "MISP e26227 [] Outgoing To IP: 5.75.211.127|80"; classtype:trojan-activity; sid:37277031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 94.158.247.56 443 (msg: "MISP e26227 [] Outgoing To IP: 94.158.247.56|443"; classtype:trojan-activity; sid:37277041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain cdn-uk.widgetsfordeploy.com"; dns.query; content:"cdn-uk.widgetsfordeploy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-uk\.widgetsfordeploy\.com$/i"; classtype:trojan-activity; sid:37277051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain cdn-uk.widgetsfordeploy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn-uk.widgetsfordeploy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-uk\.widgetsfordeploy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37277052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain trans1ategooglecom.com"; dns.query; content:"trans1ategooglecom.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])trans1ategooglecom\.com$/i"; classtype:trojan-activity; sid:37277061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain trans1ategooglecom.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trans1ategooglecom.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trans1ategooglecom\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37277062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert dns any any -> any any (msg: "MISP e26227 [] Domain saintelzearlava.com"; dns.query; content:"saintelzearlava.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])saintelzearlava\.com$/i"; classtype:trojan-activity; sid:37277071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26227 [] Outgoing HTTP Domain saintelzearlava.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saintelzearlava.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saintelzearlava\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37277072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.231.1.213 443 (msg: "MISP e26070 [Latrodectus] Outgoing To IP: 5.231.1.213|443"; classtype:trojan-activity; sid:37122071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 5.181.202.164 443 (msg: "MISP e26070 [Latrodectus] Outgoing To IP: 5.181.202.164|443"; classtype:trojan-activity; sid:37122081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 45.129.199.163 443 (msg: "MISP e26070 [Latrodectus] Outgoing To IP: 45.129.199.163|443"; classtype:trojan-activity; sid:37122091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 80.66.85.145 27441 (msg: "MISP e26070 [infostealer,RedLine,stealer] Outgoing To IP: 80.66.85.145|27441"; classtype:trojan-activity; sid:37122051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [] Domain saintelzearlava.com"; dns.query; content:"saintelzearlava.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])saintelzearlava\.com$/i"; classtype:trojan-activity; sid:37122821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [] Outgoing HTTP Domain saintelzearlava.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saintelzearlava.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saintelzearlava\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37122822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 88.214.26.22 443 (msg: "MISP e26070 [Backdoor,osx,rustdoor] Outgoing To IP: 88.214.26.22|443"; classtype:trojan-activity; sid:37122241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [] Domain trans1ategooglecom.com"; dns.query; content:"trans1ategooglecom.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])trans1ategooglecom\.com$/i"; classtype:trojan-activity; sid:37122811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [] Outgoing HTTP Domain trans1ategooglecom.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trans1ategooglecom.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trans1ategooglecom\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37122812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 88.214.26.22 80 (msg: "MISP e26070 [Backdoor,osx,rustdoor] Outgoing To IP: 88.214.26.22|80"; classtype:trojan-activity; sid:37122221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 193.29.13.167 443 (msg: "MISP e26070 [Backdoor,osx,rustdoor] Outgoing To IP: 193.29.13.167|443"; classtype:trojan-activity; sid:37122231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [] Domain cdn-uk.widgetsfordeploy.com"; dns.query; content:"cdn-uk.widgetsfordeploy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-uk\.widgetsfordeploy\.com$/i"; classtype:trojan-activity; sid:37122801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [] Outgoing HTTP Domain cdn-uk.widgetsfordeploy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn-uk.widgetsfordeploy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-uk\.widgetsfordeploy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37122802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [Backdoor,osx,rustdoor] Outgoing URL http|3a|//sarkerrentacars.com/zshrc"; flow:to_server,established; http.header; content:"sarkerrentacars.com"; fast_pattern; nocase; http.uri; content:"/zshrc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [Backdoor,osx,rustdoor] Outgoing URL http|3a|//turkishfurniture.blog/previewers"; flow:to_server,established; http.header; content:"turkishfurniture.blog"; fast_pattern; nocase; http.uri; content:"/previewers"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 193.29.13.167 80 (msg: "MISP e26070 [Backdoor,osx,rustdoor] Outgoing To IP: 193.29.13.167|80"; classtype:trojan-activity; sid:37122211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [Backdoor,osx,rustdoor] Outgoing URL http|3a|//linksammosupply.com/zshrc2"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/zshrc2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [Backdoor,osx,rustdoor] Outgoing URL http|3a|//linksammosupply.com/visualstudioupdaterls2"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/visualstudioupdaterls2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [Backdoor,osx,rustdoor] Domain maconlineoffice.com"; dns.query; content:"maconlineoffice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])maconlineoffice\.com$/i"; classtype:trojan-activity; sid:37122141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [Backdoor,osx,rustdoor] Outgoing HTTP Domain maconlineoffice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maconlineoffice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maconlineoffice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37122142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert dns any any -> any any (msg: "MISP e26070 [Backdoor,osx,rustdoor] Domain serviceicloud.com"; dns.query; content:"serviceicloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])serviceicloud\.com$/i"; classtype:trojan-activity; sid:37122151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26070 [Backdoor,osx,rustdoor] Outgoing HTTP Domain serviceicloud.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"serviceicloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])serviceicloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37122152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26070 [Backdoor,osx,rustdoor] Outgoing URL http|3a|//linksammosupply.com/visualstudioupdater"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/visualstudioupdater"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37122181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 193.233.132.195 8081 (msg: "MISP e26070 [Risepro,ViriBack] Outgoing To IP: 193.233.132.195|8081"; classtype:trojan-activity; sid:37122831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 168.100.8.112 7443 (msg: "MISP e26070 [BLNWX,Covenant] Outgoing To IP: 168.100.8.112|7443"; classtype:trojan-activity; sid:37122841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 193.233.132.195 8081 (msg: "MISP e26227 [] Outgoing To IP: 193.233.132.195|8081"; classtype:trojan-activity; sid:37277081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 178.189.215.120 443 (msg: "MISP e26070 [A1TELEKOM-AT A1 Telekom Austria AG,Deimos] Outgoing To IP: 178.189.215.120|443"; classtype:trojan-activity; sid:37122851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 143.110.192.8 58637 (msg: "MISP e26070 [Bianlian Go Trojan,DIGITALOCEAN-ASN] Outgoing To IP: 143.110.192.8|58637"; classtype:trojan-activity; sid:37122861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 108.181.0.232 80 (msg: "MISP e26070 [AS40676,Bianlian Go Trojan] Outgoing To IP: 108.181.0.232|80"; classtype:trojan-activity; sid:37122871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 165.227.122.136 443 (msg: "MISP e26070 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 165.227.122.136|443"; classtype:trojan-activity; sid:37122881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 117.200.61.201 445 (msg: "MISP e26070 [BSNL-NIB National Internet Backbone,Responder] Outgoing To IP: 117.200.61.201|445"; classtype:trojan-activity; sid:37122891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 216.137.205.249 443 (msg: "MISP e26070 [MTAONLINE-AS,QakBot] Outgoing To IP: 216.137.205.249|443"; classtype:trojan-activity; sid:37122901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 31.53.190.47 443 (msg: "MISP e26070 [BT-UK-AS BTnet UK Regional network,QakBot] Outgoing To IP: 31.53.190.47|443"; classtype:trojan-activity; sid:37122911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 109.145.252.188 2222 (msg: "MISP e26070 [BT-UK-AS BTnet UK Regional network,QakBot] Outgoing To IP: 109.145.252.188|2222"; classtype:trojan-activity; sid:37122921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 78.167.158.62 443 (msg: "MISP e26070 [QakBot,TTNET] Outgoing To IP: 78.167.158.62|443"; classtype:trojan-activity; sid:37122931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 41.96.89.253 443 (msg: "MISP e26070 [ALGTEL-AS,QakBot] Outgoing To IP: 41.96.89.253|443"; classtype:trojan-activity; sid:37122941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 8.134.69.22 8888 (msg: "MISP e26070 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Supershell] Outgoing To IP: 8.134.69.22|8888"; classtype:trojan-activity; sid:37122951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 8.213.208.58 8888 (msg: "MISP e26070 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Supershell] Outgoing To IP: 8.213.208.58|8888"; classtype:trojan-activity; sid:37122961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 8.213.208.58 8888 (msg: "MISP e26227 [] Outgoing To IP: 8.213.208.58|8888"; classtype:trojan-activity; sid:37277091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 8.134.69.22 8888 (msg: "MISP e26227 [] Outgoing To IP: 8.134.69.22|8888"; classtype:trojan-activity; sid:37277101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 41.96.89.253 443 (msg: "MISP e26227 [] Outgoing To IP: 41.96.89.253|443"; classtype:trojan-activity; sid:37277111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 78.167.158.62 443 (msg: "MISP e26227 [] Outgoing To IP: 78.167.158.62|443"; classtype:trojan-activity; sid:37277121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 109.145.252.188 2222 (msg: "MISP e26227 [] Outgoing To IP: 109.145.252.188|2222"; classtype:trojan-activity; sid:37277131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 31.53.190.47 443 (msg: "MISP e26227 [] Outgoing To IP: 31.53.190.47|443"; classtype:trojan-activity; sid:37277141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 216.137.205.249 443 (msg: "MISP e26227 [] Outgoing To IP: 216.137.205.249|443"; classtype:trojan-activity; sid:37277151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 117.200.61.201 445 (msg: "MISP e26227 [] Outgoing To IP: 117.200.61.201|445"; classtype:trojan-activity; sid:37277161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 165.227.122.136 443 (msg: "MISP e26227 [] Outgoing To IP: 165.227.122.136|443"; classtype:trojan-activity; sid:37277171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 108.181.0.232 80 (msg: "MISP e26227 [] Outgoing To IP: 108.181.0.232|80"; classtype:trojan-activity; sid:37277181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 143.110.192.8 58637 (msg: "MISP e26227 [] Outgoing To IP: 143.110.192.8|58637"; classtype:trojan-activity; sid:37277191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 178.189.215.120 443 (msg: "MISP e26227 [] Outgoing To IP: 178.189.215.120|443"; classtype:trojan-activity; sid:37277201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 168.100.8.112 7443 (msg: "MISP e26227 [] Outgoing To IP: 168.100.8.112|7443"; classtype:trojan-activity; sid:37277211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//aitcaid.com/9659650c81ce1b984c58.js"; flow:to_server,established; http.header; content:"aitcaid.com"; fast_pattern; nocase; http.uri; content:"/9659650c81ce1b984c58.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37277221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//pluralism.themancav.com/lbK9kO6Q3vnxkIeio4aRsueQh7L82d/o+dXbsug="; flow:to_server,established; http.header; content:"pluralism.themancav.com"; fast_pattern; nocase; http.uri; content:"/lbK9kO6Q3vnxkIeio4aRsueQh7L82d/o+dXbsug="; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37277231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//aitcaid.com"; flow:to_server,established; http.header; content:"aitcaid.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37277241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//pluralism.themancav.com"; flow:to_server,established; http.header; content:"pluralism.themancav.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37277251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26227 [] Outgoing URL http|3a|//mwasro.com/25012024.js"; flow:to_server,established; http.header; content:"mwasro.com"; fast_pattern; nocase; http.uri; content:"/25012024.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37277261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 193.233.132.64 50500 (msg: "MISP e26227 [] Outgoing To IP: 193.233.132.64|50500"; classtype:trojan-activity; sid:37277271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 45.134.26.17 50500 (msg: "MISP e26227 [] Outgoing To IP: 45.134.26.17|50500"; classtype:trojan-activity; sid:37277281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 185.172.128.103 50500 (msg: "MISP e26227 [] Outgoing To IP: 185.172.128.103|50500"; classtype:trojan-activity; sid:37277291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 193.233.132.135 50500 (msg: "MISP e26227 [] Outgoing To IP: 193.233.132.135|50500"; classtype:trojan-activity; sid:37277301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 94.156.69.28 50500 (msg: "MISP e26227 [] Outgoing To IP: 94.156.69.28|50500"; classtype:trojan-activity; sid:37277311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert http $HOME_NET any -> 193.35.18.56 $HTTP_PORTS (msg: "MISP e26180 [] Outgoing URL http|3a|//193.35.18.56/bash"; flow:to_server,established; http.header; content:"193.35.18.56"; fast_pattern; nocase; http.uri; content:"/bash"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37207271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26180;) alert ip 193.35.18.56 any -> $HOME_NET any (msg: "MISP e26180 [] Incoming From IP: 193.35.18.56"; classtype:trojan-activity; sid:37207281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26180;) alert ip $HOME_NET any -> 193.35.18.56 65481 (msg: "MISP e26180 [] Outgoing To IP: 193.35.18.56|65481"; classtype:trojan-activity; sid:37207291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26180;) alert http $HOME_NET any -> 172.93.105.135 $HTTP_PORTS (msg: "MISP e26176 [] Outgoing URL http|3a|//172.93.105.135/skid.mips"; flow:to_server,established; http.header; content:"172.93.105.135"; fast_pattern; nocase; http.uri; content:"/skid.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26176;) alert ip 172.93.105.135 any -> $HOME_NET any (msg: "MISP e26176 [] Incoming From IP: 172.93.105.135"; classtype:trojan-activity; sid:37206841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26176;) alert ip $HOME_NET any -> 172.93.105.135 1111 (msg: "MISP e26176 [] Outgoing To IP: 172.93.105.135|1111"; classtype:trojan-activity; sid:37206851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26176;) alert http $HOME_NET any -> 213.232.235.20 $HTTP_PORTS (msg: "MISP e26183 [] Outgoing URL http|3a|//213.232.235.20/mips"; flow:to_server,established; http.header; content:"213.232.235.20"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37207571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26183;) alert ip 213.232.235.20 any -> $HOME_NET any (msg: "MISP e26183 [] Incoming From IP: 213.232.235.20"; classtype:trojan-activity; sid:37207581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26183;) alert ip $HOME_NET any -> 213.232.235.20 666 (msg: "MISP e26183 [] Outgoing To IP: 213.232.235.20|666"; classtype:trojan-activity; sid:37207591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26183;) alert http $HOME_NET any -> 172.93.105.133 $HTTP_PORTS (msg: "MISP e26396 [] Outgoing URL http|3a|//172.93.105.133/skid.mips"; flow:to_server,established; http.header; content:"172.93.105.133"; fast_pattern; nocase; http.uri; content:"/skid.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37256801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26396;) alert ip 172.93.105.133 any -> $HOME_NET any (msg: "MISP e26396 [] Incoming From IP: 172.93.105.133"; classtype:trojan-activity; sid:37256811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26396;) alert ip $HOME_NET any -> 172.93.105.133 1111 (msg: "MISP e26396 [] Outgoing To IP: 172.93.105.133|1111"; classtype:trojan-activity; sid:37256821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26396;) alert http $HOME_NET any -> 45.95.146.22 80 (msg: "MISP e26205 [] Outgoing URL http|3a|//45.95.146.22|3a|80/bins/jew.mips"; flow:to_server,established; http.header; content:"45.95.146.22"; fast_pattern; nocase; http.uri; content:"/bins/jew.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37210221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26205;) alert ip 45.95.146.22 any -> $HOME_NET any (msg: "MISP e26205 [] Incoming From IP: 45.95.146.22"; classtype:trojan-activity; sid:37210231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26205;) alert ip $HOME_NET any -> 45.95.146.22 9931 (msg: "MISP e26205 [] Outgoing To IP: 45.95.146.22|9931"; classtype:trojan-activity; sid:37210241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26205;) alert http $HOME_NET any -> 107.175.242.91 $HTTP_PORTS (msg: "MISP e26204 [] Outgoing URL http|3a|//107.175.242.91/base/paraiso.mips"; flow:to_server,established; http.header; content:"107.175.242.91"; fast_pattern; nocase; http.uri; content:"/base/paraiso.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37210081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26204;) alert ip 107.175.242.91 any -> $HOME_NET any (msg: "MISP e26204 [] Incoming From IP: 107.175.242.91"; classtype:trojan-activity; sid:37210091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26204;) alert ip $HOME_NET any -> 95.214.52.175 13735 (msg: "MISP e26204 [] Outgoing To IP: 95.214.52.175|13735"; classtype:trojan-activity; sid:37210101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26204;) alert http $HOME_NET any -> 45.95.146.126 80 (msg: "MISP e26202 [] Outgoing URL http|3a|//45.95.146.126|3a|80/jklmips"; flow:to_server,established; http.header; content:"45.95.146.126"; fast_pattern; nocase; http.uri; content:"/jklmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37209801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26202;) alert ip 45.95.146.126 any -> $HOME_NET any (msg: "MISP e26202 [] Incoming From IP: 45.95.146.126"; classtype:trojan-activity; sid:37209811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26202;) alert ip $HOME_NET any -> 45.95.146.13 38241 (msg: "MISP e26202 [] Outgoing To IP: 45.95.146.13|38241"; classtype:trojan-activity; sid:37209821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26202;) alert http $HOME_NET any -> 93.123.85.4 $HTTP_PORTS (msg: "MISP e26214 [] Outgoing URL http|3a|//93.123.85.4/bins/jew.mips"; flow:to_server,established; http.header; content:"93.123.85.4"; fast_pattern; nocase; http.uri; content:"/bins/jew.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37216641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26214;) alert ip 93.123.85.4 any -> $HOME_NET any (msg: "MISP e26214 [] Incoming From IP: 93.123.85.4"; classtype:trojan-activity; sid:37216651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26214;) alert ip $HOME_NET any -> 93.123.85.4 9931 (msg: "MISP e26214 [] Outgoing To IP: 93.123.85.4|9931"; classtype:trojan-activity; sid:37216661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26214;) alert http $HOME_NET any -> 45.95.146.126 $HTTP_PORTS (msg: "MISP e26201 [] Outgoing URL http|3a|//45.95.146.126/jklmips"; flow:to_server,established; http.header; content:"45.95.146.126"; fast_pattern; nocase; http.uri; content:"/jklmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37209661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26201;) alert ip 45.95.146.126 any -> $HOME_NET any (msg: "MISP e26201 [] Incoming From IP: 45.95.146.126"; classtype:trojan-activity; sid:37209671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26201;) alert ip $HOME_NET any -> 89.190.156.253 38241 (msg: "MISP e26201 [] Outgoing To IP: 89.190.156.253|38241"; classtype:trojan-activity; sid:37209681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26201;) alert http $HOME_NET any -> 109.107.181.228 80 (msg: "MISP e26198 [] Outgoing URL http|3a|//109.107.181.228|3a|80/AB4g5/Josho.mips"; flow:to_server,established; http.header; content:"109.107.181.228"; fast_pattern; nocase; http.uri; content:"/AB4g5/Josho.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37209241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26198;) alert ip 109.107.181.228 any -> $HOME_NET any (msg: "MISP e26198 [] Incoming From IP: 109.107.181.228"; classtype:trojan-activity; sid:37209251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26198;) alert ip $HOME_NET any -> 109.107.181.228 666 (msg: "MISP e26198 [] Outgoing To IP: 109.107.181.228|666"; classtype:trojan-activity; sid:37209261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26198;) alert http $HOME_NET any -> 91.92.249.110 80 (msg: "MISP e26208 [] Outgoing URL http|3a|//91.92.249.110|3a|80/bins/jew.mips"; flow:to_server,established; http.header; content:"91.92.249.110"; fast_pattern; nocase; http.uri; content:"/bins/jew.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37210531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26208;) alert ip 91.92.249.110 any -> $HOME_NET any (msg: "MISP e26208 [] Incoming From IP: 91.92.249.110"; classtype:trojan-activity; sid:37210541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26208;) alert ip $HOME_NET any -> 91.92.249.110 9931 (msg: "MISP e26208 [] Outgoing To IP: 91.92.249.110|9931"; classtype:trojan-activity; sid:37210551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26208;) alert http $HOME_NET any -> 45.95.147.201 $HTTP_PORTS (msg: "MISP e26189 [] Outgoing URL http|3a|//45.95.147.201/bins/mips"; flow:to_server,established; http.header; content:"45.95.147.201"; fast_pattern; nocase; http.uri; content:"/bins/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37208361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26189;) alert ip 45.95.147.201 any -> $HOME_NET any (msg: "MISP e26189 [] Incoming From IP: 45.95.147.201"; classtype:trojan-activity; sid:37208371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26189;) alert ip $HOME_NET any -> 5.181.80.153 3090 (msg: "MISP e26189 [] Outgoing To IP: 5.181.80.153|3090"; classtype:trojan-activity; sid:37208381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26189;) alert http $HOME_NET any -> 45.95.146.126 $HTTP_PORTS (msg: "MISP e26211 [] Outgoing URL http|3a|//45.95.146.126/jklmips"; flow:to_server,established; http.header; content:"45.95.146.126"; fast_pattern; nocase; http.uri; content:"/jklmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37210901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26211;) alert ip 45.95.146.126 any -> $HOME_NET any (msg: "MISP e26211 [] Incoming From IP: 45.95.146.126"; classtype:trojan-activity; sid:37210911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26211;) alert ip $HOME_NET any -> 94.156.71.52 38241 (msg: "MISP e26211 [] Outgoing To IP: 94.156.71.52|38241"; classtype:trojan-activity; sid:37210921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26211;) alert http $HOME_NET any -> 209.141.58.60 $HTTP_PORTS (msg: "MISP e26199 [] Outgoing URL http|3a|//209.141.58.60/trc/TRC.mips"; flow:to_server,established; http.header; content:"209.141.58.60"; fast_pattern; nocase; http.uri; content:"/trc/TRC.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37209381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26199;) alert ip 209.141.58.60 any -> $HOME_NET any (msg: "MISP e26199 [] Incoming From IP: 209.141.58.60"; classtype:trojan-activity; sid:37209391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26199;) alert ip $HOME_NET any -> 209.141.58.60 13 (msg: "MISP e26199 [] Outgoing To IP: 209.141.58.60|13"; classtype:trojan-activity; sid:37209401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26199;) alert http $HOME_NET any -> 5.181.80.88 80 (msg: "MISP e26397 [] Outgoing URL http|3a|//5.181.80.88|3a|80/bins/Tempus.mips"; flow:to_server,established; http.header; content:"5.181.80.88"; fast_pattern; nocase; http.uri; content:"/bins/Tempus.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37256941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26397;) alert ip 5.181.80.88 any -> $HOME_NET any (msg: "MISP e26397 [] Incoming From IP: 5.181.80.88"; classtype:trojan-activity; sid:37256951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26397;) alert ip $HOME_NET any -> 5.181.80.88 9931 (msg: "MISP e26397 [] Outgoing To IP: 5.181.80.88|9931"; classtype:trojan-activity; sid:37256961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26397;) alert http $HOME_NET any -> 103.67.199.44 $HTTP_PORTS (msg: "MISP e26182 [] Outgoing URL http|3a|//103.67.199.44/quang.mips"; flow:to_server,established; http.header; content:"103.67.199.44"; fast_pattern; nocase; http.uri; content:"/quang.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37207431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26182;) alert ip 103.67.199.44 any -> $HOME_NET any (msg: "MISP e26182 [] Incoming From IP: 103.67.199.44"; classtype:trojan-activity; sid:37207441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26182;) alert ip $HOME_NET any -> 103.67.199.44 56999 (msg: "MISP e26182 [] Outgoing To IP: 103.67.199.44|56999"; classtype:trojan-activity; sid:37207451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26182;) alert http $HOME_NET any -> 45.95.147.201 $HTTP_PORTS (msg: "MISP e26187 [] Outgoing URL http|3a|//45.95.147.201/bins/mips"; flow:to_server,established; http.header; content:"45.95.147.201"; fast_pattern; nocase; http.uri; content:"/bins/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37208081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26187;) alert ip 45.95.147.201 any -> $HOME_NET any (msg: "MISP e26187 [] Incoming From IP: 45.95.147.201"; classtype:trojan-activity; sid:37208091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26187;) alert ip $HOME_NET any -> 5.181.80.83 3090 (msg: "MISP e26187 [] Outgoing To IP: 5.181.80.83|3090"; classtype:trojan-activity; sid:37208101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26187;) alert http $HOME_NET any -> 45.13.227.186 $HTTP_PORTS (msg: "MISP e26184 [] Outgoing URL http|3a|//45.13.227.186/bins/sora.mips"; flow:to_server,established; http.header; content:"45.13.227.186"; fast_pattern; nocase; http.uri; content:"/bins/sora.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37207711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26184;) alert ip 45.13.227.186 any -> $HOME_NET any (msg: "MISP e26184 [] Incoming From IP: 45.13.227.186"; classtype:trojan-activity; sid:37207721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26184;) alert ip $HOME_NET any -> 45.13.227.186 1312 (msg: "MISP e26184 [] Outgoing To IP: 45.13.227.186|1312"; classtype:trojan-activity; sid:37207731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26184;) alert http $HOME_NET any -> 91.92.255.6 80 (msg: "MISP e26203 [] Outgoing URL http|3a|//91.92.255.6|3a|80/jklmips"; flow:to_server,established; http.header; content:"91.92.255.6"; fast_pattern; nocase; http.uri; content:"/jklmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37209941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26203;) alert ip 91.92.255.6 any -> $HOME_NET any (msg: "MISP e26203 [] Incoming From IP: 91.92.255.6"; classtype:trojan-activity; sid:37209951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26203;) alert ip $HOME_NET any -> 5.181.80.41 38241 (msg: "MISP e26203 [] Outgoing To IP: 5.181.80.41|38241"; classtype:trojan-activity; sid:37209961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26203;) alert http $HOME_NET any -> 94.156.71.59 $HTTP_PORTS (msg: "MISP e26200 [] Outgoing URL http|3a|//94.156.71.59/trc/TRC.mips"; flow:to_server,established; http.header; content:"94.156.71.59"; fast_pattern; nocase; http.uri; content:"/trc/TRC.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37209521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26200;) alert ip 94.156.71.59 any -> $HOME_NET any (msg: "MISP e26200 [] Incoming From IP: 94.156.71.59"; classtype:trojan-activity; sid:37209531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26200;) alert ip $HOME_NET any -> 94.156.71.59 13 (msg: "MISP e26200 [] Outgoing To IP: 94.156.71.59|13"; classtype:trojan-activity; sid:37209541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26200;) alert http $HOME_NET any -> 45.95.146.126 $HTTP_PORTS (msg: "MISP e26188 [] Outgoing URL http|3a|//45.95.146.126/jklmips"; flow:to_server,established; http.header; content:"45.95.146.126"; fast_pattern; nocase; http.uri; content:"/jklmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37208221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26188;) alert ip 45.95.146.126 any -> $HOME_NET any (msg: "MISP e26188 [] Incoming From IP: 45.95.146.126"; classtype:trojan-activity; sid:37208231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26188;) alert ip $HOME_NET any -> 5.181.80.54 38241 (msg: "MISP e26188 [] Outgoing To IP: 5.181.80.54|38241"; classtype:trojan-activity; sid:37208241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26188;) alert http $HOME_NET any -> 185.224.128.31 80 (msg: "MISP e26207 [] Outgoing URL http|3a|//185.224.128.31|3a|80/jklmips"; flow:to_server,established; http.header; content:"185.224.128.31"; fast_pattern; nocase; http.uri; content:"/jklmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37210391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26207;) alert ip 185.224.128.31 any -> $HOME_NET any (msg: "MISP e26207 [] Incoming From IP: 185.224.128.31"; classtype:trojan-activity; sid:37210401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26207;) alert ip $HOME_NET any -> 5.181.80.40 38241 (msg: "MISP e26207 [] Outgoing To IP: 5.181.80.40|38241"; classtype:trojan-activity; sid:37210411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26207;) alert http $HOME_NET any -> 45.95.147.201 $HTTP_PORTS (msg: "MISP e26210 [] Outgoing URL http|3a|//45.95.147.201/bins/mips"; flow:to_server,established; http.header; content:"45.95.147.201"; fast_pattern; nocase; http.uri; content:"/bins/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37210761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26210;) alert ip 45.95.147.201 any -> $HOME_NET any (msg: "MISP e26210 [] Incoming From IP: 45.95.147.201"; classtype:trojan-activity; sid:37210771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26210;) alert ip $HOME_NET any -> 5.181.80.174 3090 (msg: "MISP e26210 [] Outgoing To IP: 5.181.80.174|3090"; classtype:trojan-activity; sid:37210781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26210;) alert http $HOME_NET any -> 45.95.146.56 $HTTP_PORTS (msg: "MISP e26177 [] Outgoing URL http|3a|//45.95.146.56/bins/VRmips"; flow:to_server,established; http.header; content:"45.95.146.56"; fast_pattern; nocase; http.uri; content:"/bins/VRmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26177;) alert ip 45.95.146.56 any -> $HOME_NET any (msg: "MISP e26177 [] Incoming From IP: 45.95.146.56"; classtype:trojan-activity; sid:37206981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26177;) alert ip $HOME_NET any -> 45.95.146.56 1337 (msg: "MISP e26177 [] Outgoing To IP: 45.95.146.56|1337"; classtype:trojan-activity; sid:37206991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26177;) alert http $HOME_NET any -> 104.218.48.107 $HTTP_PORTS (msg: "MISP e26398 [] Outgoing URL http|3a|//104.218.48.107/uwu/mips"; flow:to_server,established; http.header; content:"104.218.48.107"; fast_pattern; nocase; http.uri; content:"/uwu/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37257081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26398;) alert ip 104.218.48.107 any -> $HOME_NET any (msg: "MISP e26398 [] Incoming From IP: 104.218.48.107"; classtype:trojan-activity; sid:37257091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26398;) alert ip $HOME_NET any -> 104.218.48.107 7854 (msg: "MISP e26398 [] Outgoing To IP: 104.218.48.107|7854"; classtype:trojan-activity; sid:37257101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26398;) alert http $HOME_NET any -> 193.111.248.58 $HTTP_PORTS (msg: "MISP e26196 [] Outgoing URL http|3a|//193.111.248.58/mips"; flow:to_server,established; http.header; content:"193.111.248.58"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37208961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26196;) alert ip 193.111.248.58 any -> $HOME_NET any (msg: "MISP e26196 [] Incoming From IP: 193.111.248.58"; classtype:trojan-activity; sid:37208971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26196;) alert ip $HOME_NET any -> 193.111.248.58 55579 (msg: "MISP e26196 [] Outgoing To IP: 193.111.248.58|55579"; classtype:trojan-activity; sid:37208981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26196;) alert http $HOME_NET any -> 193.111.248.58 $HTTP_PORTS (msg: "MISP e26213 [] Outgoing URL http|3a|//193.111.248.58/mips"; flow:to_server,established; http.header; content:"193.111.248.58"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37216501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26213;) alert ip 193.111.248.58 any -> $HOME_NET any (msg: "MISP e26213 [] Incoming From IP: 193.111.248.58"; classtype:trojan-activity; sid:37216511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26213;) alert ip $HOME_NET any -> 193.111.248.58 55579 (msg: "MISP e26213 [] Outgoing To IP: 193.111.248.58|55579"; classtype:trojan-activity; sid:37216521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26213;) alert http $HOME_NET any -> 37.60.227.156 $HTTP_PORTS (msg: "MISP e26174 [] Outgoing URL http|3a|//37.60.227.156/S1eJ3/IObeENwjmips"; flow:to_server,established; http.header; content:"37.60.227.156"; fast_pattern; nocase; http.uri; content:"/S1eJ3/IObeENwjmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26174;) alert ip 37.60.227.156 any -> $HOME_NET any (msg: "MISP e26174 [] Incoming From IP: 37.60.227.156"; classtype:trojan-activity; sid:37206481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26174;) alert ip $HOME_NET any -> 37.60.227.156 7 (msg: "MISP e26174 [] Outgoing To IP: 37.60.227.156|7"; classtype:trojan-activity; sid:37206491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26174;) alert http $HOME_NET any -> 37.60.227.156 $HTTP_PORTS (msg: "MISP e26178 [] Outgoing URL http|3a|//37.60.227.156/S1eJ3/IObeENwjmips"; flow:to_server,established; http.header; content:"37.60.227.156"; fast_pattern; nocase; http.uri; content:"/S1eJ3/IObeENwjmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37207111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26178;) alert ip 37.60.227.156 any -> $HOME_NET any (msg: "MISP e26178 [] Incoming From IP: 37.60.227.156"; classtype:trojan-activity; sid:37207121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26178;) alert ip $HOME_NET any -> 37.60.227.156 7 (msg: "MISP e26178 [] Outgoing To IP: 37.60.227.156|7"; classtype:trojan-activity; sid:37207131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26178;) alert ip $HOME_NET any -> 38.255.33.106 7896 (msg: "MISP e26070 [AveMariaRAT,RAT] Outgoing To IP: 38.255.33.106|7896"; classtype:trojan-activity; sid:37122971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 38.255.33.106 7896 (msg: "MISP e26227 [] Outgoing To IP: 38.255.33.106|7896"; classtype:trojan-activity; sid:37277321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 3.6.115.64 15032 (msg: "MISP e26070 [njrat] Outgoing To IP: 3.6.115.64|15032"; classtype:trojan-activity; sid:37122981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 3.6.115.182 15032 (msg: "MISP e26070 [njrat] Outgoing To IP: 3.6.115.182|15032"; classtype:trojan-activity; sid:37122991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 3.6.122.107 15032 (msg: "MISP e26070 [njrat] Outgoing To IP: 3.6.122.107|15032"; classtype:trojan-activity; sid:37123001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 3.6.98.232 15032 (msg: "MISP e26070 [njrat] Outgoing To IP: 3.6.98.232|15032"; classtype:trojan-activity; sid:37123011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26070;) alert ip $HOME_NET any -> 3.6.98.232 15032 (msg: "MISP e26227 [] Outgoing To IP: 3.6.98.232|15032"; classtype:trojan-activity; sid:37277331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 3.6.115.182 15032 (msg: "MISP e26227 [] Outgoing To IP: 3.6.115.182|15032"; classtype:trojan-activity; sid:37277341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 3.6.122.107 15032 (msg: "MISP e26227 [] Outgoing To IP: 3.6.122.107|15032"; classtype:trojan-activity; sid:37277351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 3.6.115.64 15032 (msg: "MISP e26227 [] Outgoing To IP: 3.6.115.64|15032"; classtype:trojan-activity; sid:37277361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 185.215.113.67 26260 (msg: "MISP e26227 [] Outgoing To IP: 185.215.113.67|26260"; classtype:trojan-activity; sid:37277371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26227;) alert ip $HOME_NET any -> 5.255.113.34 443 (msg: "MISP e26168 [] Outgoing To IP: 5.255.113.34|443"; classtype:trojan-activity; sid:37203561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 5.255.126.243 443 (msg: "MISP e26168 [] Outgoing To IP: 5.255.126.243|443"; classtype:trojan-activity; sid:37203571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 45.59.118.118 443 (msg: "MISP e26168 [] Outgoing To IP: 45.59.118.118|443"; classtype:trojan-activity; sid:37203581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.99.133.228 443 (msg: "MISP e26168 [] Outgoing To IP: 185.99.133.228|443"; classtype:trojan-activity; sid:37203591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 5.230.74.51 443 (msg: "MISP e26168 [] Outgoing To IP: 5.230.74.51|443"; classtype:trojan-activity; sid:37203601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 146.19.143.113 443 (msg: "MISP e26168 [] Outgoing To IP: 146.19.143.113|443"; classtype:trojan-activity; sid:37203611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 5.101.44.49 443 (msg: "MISP e26168 [] Outgoing To IP: 5.101.44.49|443"; classtype:trojan-activity; sid:37203621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 5.230.68.180 443 (msg: "MISP e26168 [] Outgoing To IP: 5.230.68.180|443"; classtype:trojan-activity; sid:37203631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.106.102.82 443 (msg: "MISP e26168 [] Outgoing To IP: 185.106.102.82|443"; classtype:trojan-activity; sid:37203641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 5.255.113.36 443 (msg: "MISP e26168 [misp:confidence-level="usually-confident"] Outgoing To IP: 5.255.113.36|443"; classtype:trojan-activity; sid:37203651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 193.168.143.133 443 (msg: "MISP e26168 [misp:confidence-level="usually-confident"] Outgoing To IP: 193.168.143.133|443"; classtype:trojan-activity; sid:37203661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> 123.234.75.154 47980 (msg: "MISP e26075 [] Outgoing URL http|3a|//123.234.75.154|3a|47980/mozi.m"; flow:to_server,established; http.header; content:"123.234.75.154"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37123391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> 123.234.75.154 47980 (msg: "MISP e26168 [misp:confidence-level="fairly-confident"] Outgoing URL http|3a|//123.234.75.154|3a|47980/Mozi.m"; flow:to_server,established; http.header; content:"123.234.75.154"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37203671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 46.246.84.15 1995 (msg: "MISP e26168 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 46.246.84.15|1995"; classtype:trojan-activity; sid:37203681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 91.92.244.55 13002 (msg: "MISP e26075 [RedLineStealer] Outgoing To IP: 91.92.244.55|13002"; classtype:trojan-activity; sid:37123401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 91.92.244.55 13002 (msg: "MISP e26168 [RedLineStealer] Outgoing To IP: 91.92.244.55|13002"; classtype:trojan-activity; sid:37203691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26069 [] Domain consulta.coastconsulting.com.au"; dns.query; content:"consulta.coastconsulting.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-])consulta\.coastconsulting\.com\.au$/i"; classtype:trojan-activity; sid:37115801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26069;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26069 [] Outgoing HTTP Domain consulta.coastconsulting.com.au"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consulta.coastconsulting.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consulta\.coastconsulting\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37115802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26069;) alert ip $HOME_NET any -> 15.204.245.61 23 (msg: "MISP e26168 [Gafgyt,misp-galaxy:malpedia="Bashlite",misp:confidence-level="usually-confident"] Outgoing To IP: 15.204.245.61|23"; classtype:trojan-activity; sid:37203701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26075 [dcrat] Outgoing URL http|3a|//workonz7.beget.tech/l1nc0in.php"; flow:to_server,established; http.header; content:"workonz7.beget.tech"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37123411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26168 [Mirai,misp:confidence-level="usually-confident"] Domain kami.shopkami.site"; dns.query; content:"kami.shopkami.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])kami\.shopkami\.site$/i"; classtype:trojan-activity; sid:37203711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [Mirai,misp:confidence-level="usually-confident"] Outgoing HTTP Domain kami.shopkami.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kami.shopkami.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kami\.shopkami\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37203712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 171.228.211.109 56999 (msg: "MISP e26168 [Mirai,misp:confidence-level="usually-confident"] Outgoing To IP: 171.228.211.109|56999"; classtype:trojan-activity; sid:37203721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [dcrat] Outgoing URL http|3a|//workonz7.beget.tech/L1nc0In.php"; flow:to_server,established; http.header; content:"workonz7.beget.tech"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37203731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 92.246.136.161 80 (msg: "MISP e26075 [c2,Meduza] Outgoing To IP: 92.246.136.161|80"; classtype:trojan-activity; sid:37123431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 154.245.7.231 80 (msg: "MISP e26075 [c2,orcus_rat] Outgoing To IP: 154.245.7.231|80"; classtype:trojan-activity; sid:37123441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 35.246.183.49 80 (msg: "MISP e26075 [c2,hook] Outgoing To IP: 35.246.183.49|80"; classtype:trojan-activity; sid:37123451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 34.141.15.123 80 (msg: "MISP e26075 [c2,hook] Outgoing To IP: 34.141.15.123|80"; classtype:trojan-activity; sid:37123461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 187.135.144.103 2086 (msg: "MISP e26075 [c2,darkcomet] Outgoing To IP: 187.135.144.103|2086"; classtype:trojan-activity; sid:37123471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 187.135.144.103 2222 (msg: "MISP e26075 [c2,darkcomet] Outgoing To IP: 187.135.144.103|2222"; classtype:trojan-activity; sid:37123481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 187.135.144.103 1962 (msg: "MISP e26075 [c2,darkcomet] Outgoing To IP: 187.135.144.103|1962"; classtype:trojan-activity; sid:37123491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 187.135.144.103 2077 (msg: "MISP e26075 [c2,darkcomet] Outgoing To IP: 187.135.144.103|2077"; classtype:trojan-activity; sid:37123501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 187.135.144.103 2000 (msg: "MISP e26075 [c2,darkcomet] Outgoing To IP: 187.135.144.103|2000"; classtype:trojan-activity; sid:37123511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 187.135.144.103 2053 (msg: "MISP e26075 [c2,darkcomet] Outgoing To IP: 187.135.144.103|2053"; classtype:trojan-activity; sid:37123521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 187.135.144.103 2082 (msg: "MISP e26075 [c2,darkcomet] Outgoing To IP: 187.135.144.103|2082"; classtype:trojan-activity; sid:37123531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 187.135.144.103 2095 (msg: "MISP e26075 [c2,darkcomet] Outgoing To IP: 187.135.144.103|2095"; classtype:trojan-activity; sid:37123541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 187.135.144.103 1710 (msg: "MISP e26075 [c2,darkcomet] Outgoing To IP: 187.135.144.103|1710"; classtype:trojan-activity; sid:37123551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 187.135.144.103 1883 (msg: "MISP e26075 [c2,darkcomet] Outgoing To IP: 187.135.144.103|1883"; classtype:trojan-activity; sid:37123561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 111.92.240.246 50550 (msg: "MISP e26075 [c2,cobalt_strike] Outgoing To IP: 111.92.240.246|50550"; classtype:trojan-activity; sid:37123571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 124.71.84.65 8062 (msg: "MISP e26075 [c2,cobalt_strike] Outgoing To IP: 124.71.84.65|8062"; classtype:trojan-activity; sid:37123581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 187.135.144.103 1962 (msg: "MISP e26168 [c2,darkcomet,misp-galaxy:malpedia="DarkComet",misp:confidence-level="usually-confident"] Outgoing To IP: 187.135.144.103|1962"; classtype:trojan-activity; sid:37203751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 187.135.144.103 2222 (msg: "MISP e26168 [c2,darkcomet,misp-galaxy:malpedia="DarkComet",misp:confidence-level="usually-confident"] Outgoing To IP: 187.135.144.103|2222"; classtype:trojan-activity; sid:37203761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 187.135.144.103 2086 (msg: "MISP e26168 [c2,darkcomet,misp-galaxy:malpedia="DarkComet",misp:confidence-level="usually-confident"] Outgoing To IP: 187.135.144.103|2086"; classtype:trojan-activity; sid:37203771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 34.141.15.123 80 (msg: "MISP e26168 [c2,misp:confidence-level="usually-confident"] Outgoing To IP: 34.141.15.123|80"; classtype:trojan-activity; sid:37203781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 35.246.183.49 80 (msg: "MISP e26168 [c2,misp:confidence-level="usually-confident"] Outgoing To IP: 35.246.183.49|80"; classtype:trojan-activity; sid:37203791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 154.245.7.231 80 (msg: "MISP e26168 [c2,misp-galaxy:malpedia="Orcus RAT",misp:confidence-level="usually-confident"] Outgoing To IP: 154.245.7.231|80"; classtype:trojan-activity; sid:37203801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 92.246.136.161 80 (msg: "MISP e26168 [c2,misp:confidence-level="usually-confident"] Outgoing To IP: 92.246.136.161|80"; classtype:trojan-activity; sid:37203811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 124.71.84.65 8062 (msg: "MISP e26168 [] Outgoing To IP: 124.71.84.65|8062"; classtype:trojan-activity; sid:37203821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 111.92.240.246 50550 (msg: "MISP e26168 [] Outgoing To IP: 111.92.240.246|50550"; classtype:trojan-activity; sid:37203831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 187.135.144.103 1883 (msg: "MISP e26168 [] Outgoing To IP: 187.135.144.103|1883"; classtype:trojan-activity; sid:37203841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 187.135.144.103 1710 (msg: "MISP e26168 [] Outgoing To IP: 187.135.144.103|1710"; classtype:trojan-activity; sid:37203851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 187.135.144.103 2095 (msg: "MISP e26168 [] Outgoing To IP: 187.135.144.103|2095"; classtype:trojan-activity; sid:37203861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 187.135.144.103 2082 (msg: "MISP e26168 [] Outgoing To IP: 187.135.144.103|2082"; classtype:trojan-activity; sid:37203871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 187.135.144.103 2053 (msg: "MISP e26168 [] Outgoing To IP: 187.135.144.103|2053"; classtype:trojan-activity; sid:37203881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 187.135.144.103 2000 (msg: "MISP e26168 [] Outgoing To IP: 187.135.144.103|2000"; classtype:trojan-activity; sid:37203891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 187.135.144.103 2077 (msg: "MISP e26168 [] Outgoing To IP: 187.135.144.103|2077"; classtype:trojan-activity; sid:37203901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> 90.63.155.1 41944 (msg: "MISP e26153 [] Outgoing URL http|3a|//90.63.155.1|3a|41944/mozi.a"; flow:to_server,established; http.header; content:"90.63.155.1"; fast_pattern; nocase; http.uri; content:"/mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 42.238.254.19 44192 (msg: "MISP e26153 [] Outgoing URL http|3a|//42.238.254.19|3a|44192/Mozi.m"; flow:to_server,established; http.header; content:"42.238.254.19"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 193.233.132.186 $HTTP_PORTS (msg: "MISP e26153 [] Outgoing URL http|3a|//193.233.132.186/RUN.exe"; flow:to_server,established; http.header; content:"193.233.132.186"; fast_pattern; nocase; http.uri; content:"/RUN.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname att-yahoo-mail-100646.weeblysite.com"; dns.query; content:"att-yahoo-mail-100646.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-yahoo\-mail\-100646\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37170611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname att-yahoo-mail-100646.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-yahoo-mail-100646.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-yahoo\-mail\-100646\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//att-yahoo-mail-100646.weeblysite.com"; flow:to_server,established; http.header; content:"att-yahoo-mail-100646.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname coinz-baseprologin.godaddysites.com"; dns.query; content:"coinz-baseprologin.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinz\-baseprologin\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37170641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname coinz-baseprologin.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| coinz-baseprologin.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinz\-baseprologin\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//coinz-baseprologin.godaddysites.com"; flow:to_server,established; http.header; content:"coinz-baseprologin.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname att-mail-103794.weeblysite.com"; dns.query; content:"att-mail-103794.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-mail\-103794\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37170671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname att-mail-103794.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-mail-103794.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-mail\-103794\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//att-mail-103794.weeblysite.com"; flow:to_server,established; http.header; content:"att-mail-103794.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname adrianabilea.com"; dns.query; content:"adrianabilea.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adrianabilea\.com$/i"; classtype:trojan-activity; sid:37170701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname adrianabilea.com"; flow:to_server,established; http.header; content: "Host|3a| adrianabilea.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adrianabilea\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//adrianabilea.com/choiys/ryosan.co.kr/efax"; flow:to_server,established; http.header; content:"adrianabilea.com"; fast_pattern; nocase; http.uri; content:"/choiys/ryosan.co.kr/efax"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname zfile.akvsdk.workers.dev"; dns.query; content:"zfile.akvsdk.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zfile\.akvsdk\.workers\.dev$/i"; classtype:trojan-activity; sid:37170731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname zfile.akvsdk.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| zfile.akvsdk.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zfile\.akvsdk\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//zfile.akvsdk.workers.dev"; flow:to_server,established; http.header; content:"zfile.akvsdk.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname kdaxpub-fixdapps.pages.dev"; dns.query; content:"kdaxpub-fixdapps.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kdaxpub\-fixdapps\.pages\.dev$/i"; classtype:trojan-activity; sid:37170761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname kdaxpub-fixdapps.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| kdaxpub-fixdapps.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kdaxpub\-fixdapps\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//kdaxpub-fixdapps.pages.dev"; flow:to_server,established; http.header; content:"kdaxpub-fixdapps.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 18yearoldgirlsexgroup.pages.dev"; dns.query; content:"18yearoldgirlsexgroup.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])18yearoldgirlsexgroup\.pages\.dev$/i"; classtype:trojan-activity; sid:37170791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 18yearoldgirlsexgroup.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 18yearoldgirlsexgroup.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])18yearoldgirlsexgroup\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//18yearoldgirlsexgroup.pages.dev"; flow:to_server,established; http.header; content:"18yearoldgirlsexgroup.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname alisonsexygirl.pages.dev"; dns.query; content:"alisonsexygirl.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alisonsexygirl\.pages\.dev$/i"; classtype:trojan-activity; sid:37170821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname alisonsexygirl.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| alisonsexygirl.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alisonsexygirl\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//alisonsexygirl.pages.dev"; flow:to_server,established; http.header; content:"alisonsexygirl.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname od.iri.workers.dev"; dns.query; content:"od.iri.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])od\.iri\.workers\.dev$/i"; classtype:trojan-activity; sid:37170851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname od.iri.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| od.iri.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])od\.iri\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//od.iri.workers.dev"; flow:to_server,established; http.header; content:"od.iri.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname jointhesinglegirlgroupontelegram.pages.dev"; dns.query; content:"jointhesinglegirlgroupontelegram.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jointhesinglegirlgroupontelegram\.pages\.dev$/i"; classtype:trojan-activity; sid:37170881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname jointhesinglegirlgroupontelegram.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jointhesinglegirlgroupontelegram.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jointhesinglegirlgroupontelegram\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//jointhesinglegirlgroupontelegram.pages.dev"; flow:to_server,established; http.header; content:"jointhesinglegirlgroupontelegram.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname meet-me-here.pages.dev"; dns.query; content:"meet-me-here.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meet\-me\-here\.pages\.dev$/i"; classtype:trojan-activity; sid:37170911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname meet-me-here.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| meet-me-here.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meet\-me\-here\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//meet-me-here.pages.dev"; flow:to_server,established; http.header; content:"meet-me-here.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname new-group-whatsappxxx.pages.dev"; dns.query; content:"new-group-whatsappxxx.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])new\-group\-whatsappxxx\.pages\.dev$/i"; classtype:trojan-activity; sid:37170941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname new-group-whatsappxxx.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| new-group-whatsappxxx.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])new\-group\-whatsappxxx\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//new-group-whatsappxxx.pages.dev"; flow:to_server,established; http.header; content:"new-group-whatsappxxx.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname ffwlervermgrdeoruderuwlervermgrdeoruderuyteysduiweyu.pages.dev"; dns.query; content:"ffwlervermgrdeoruderuwlervermgrdeoruderuyteysduiweyu.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ffwlervermgrdeoruderuwlervermgrdeoruderuyteysduiweyu\.pages\.dev$/i"; classtype:trojan-activity; sid:37170971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname ffwlervermgrdeoruderuwlervermgrdeoruderuyteysduiweyu.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ffwlervermgrdeoruderuwlervermgrdeoruderuyteysduiweyu.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ffwlervermgrdeoruderuwlervermgrdeoruderuyteysduiweyu\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37170972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//ffwlervermgrdeoruderuwlervermgrdeoruderuyteysduiweyu.pages.dev"; flow:to_server,established; http.header; content:"ffwlervermgrdeoruderuwlervermgrdeoruderuyteysduiweyu.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname rimson-point-9008.pages.dev"; dns.query; content:"rimson-point-9008.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rimson\-point\-9008\.pages\.dev$/i"; classtype:trojan-activity; sid:37171001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname rimson-point-9008.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| rimson-point-9008.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rimson\-point\-9008\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//rimson-point-9008.pages.dev"; flow:to_server,established; http.header; content:"rimson-point-9008.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37171011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname dubproduction.org"; dns.query; content:"dubproduction.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dubproduction\.org$/i"; classtype:trojan-activity; sid:37171031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname dubproduction.org"; flow:to_server,established; http.header; content: "Host|3a| dubproduction.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dubproduction\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//dubproduction.org"; flow:to_server,established; http.header; content:"dubproduction.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37171041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname diepostpay.net"; dns.query; content:"diepostpay.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diepostpay\.net$/i"; classtype:trojan-activity; sid:37171061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname diepostpay.net"; flow:to_server,established; http.header; content: "Host|3a| diepostpay.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diepostpay\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname passsa.duckdns.org"; dns.query; content:"passsa.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])passsa\.duckdns\.org$/i"; classtype:trojan-activity; sid:37171091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname passsa.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a| passsa.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])passsa\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//passsa.duckdns.org"; flow:to_server,established; http.header; content:"passsa.duckdns.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37171101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname dhlllposteiweight.selfip.com"; dns.query; content:"dhlllposteiweight.selfip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhlllposteiweight\.selfip\.com$/i"; classtype:trojan-activity; sid:37171121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname dhlllposteiweight.selfip.com"; flow:to_server,established; http.header; content: "Host|3a| dhlllposteiweight.selfip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhlllposteiweight\.selfip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname mail.tcbmtrhazineidgov209.com"; dns.query; content:"mail.tcbmtrhazineidgov209.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.tcbmtrhazineidgov209\.com$/i"; classtype:trojan-activity; sid:37171151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname mail.tcbmtrhazineidgov209.com"; flow:to_server,established; http.header; content: "Host|3a| mail.tcbmtrhazineidgov209.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.tcbmtrhazineidgov209\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//mail.tcbmtrhazineidgov209.com"; flow:to_server,established; http.header; content:"mail.tcbmtrhazineidgov209.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37171161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname thedomianname.pages.dev"; dns.query; content:"thedomianname.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thedomianname\.pages\.dev$/i"; classtype:trojan-activity; sid:37171181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname thedomianname.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| thedomianname.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thedomianname\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//thedomianname.pages.dev"; flow:to_server,established; http.header; content:"thedomianname.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37171191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname login.cpssvcs.us"; dns.query; content:"login.cpssvcs.us"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.cpssvcs\.us$/i"; classtype:trojan-activity; sid:37171211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname login.cpssvcs.us"; flow:to_server,established; http.header; content: "Host|3a| login.cpssvcs.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.cpssvcs\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname login.cpssvcs.us"; dns.query; content:"login.cpssvcs.us"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.cpssvcs\.us$/i"; classtype:trojan-activity; sid:37171241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname login.cpssvcs.us"; flow:to_server,established; http.header; content: "Host|3a| login.cpssvcs.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.cpssvcs\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname e718458b49256186a48df49ce0a15aeb.pages.dev"; dns.query; content:"e718458b49256186a48df49ce0a15aeb.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e718458b49256186a48df49ce0a15aeb\.pages\.dev$/i"; classtype:trojan-activity; sid:37171271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname e718458b49256186a48df49ce0a15aeb.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| e718458b49256186a48df49ce0a15aeb.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e718458b49256186a48df49ce0a15aeb\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//e718458b49256186a48df49ce0a15aeb.pages.dev"; flow:to_server,established; http.header; content:"e718458b49256186a48df49ce0a15aeb.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37171281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname blank-template-6-43044.getresponsesite.com"; dns.query; content:"blank-template-6-43044.getresponsesite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blank\-template\-6\-43044\.getresponsesite\.com$/i"; classtype:trojan-activity; sid:37171301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname blank-template-6-43044.getresponsesite.com"; flow:to_server,established; http.header; content: "Host|3a| blank-template-6-43044.getresponsesite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blank\-template\-6\-43044\.getresponsesite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname brco.myds.me"; dns.query; content:"brco.myds.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brco\.myds\.me$/i"; classtype:trojan-activity; sid:37171331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname brco.myds.me"; flow:to_server,established; http.header; content: "Host|3a| brco.myds.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brco\.myds\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname jhukirofuck.lol"; dns.query; content:"jhukirofuck.lol"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhukirofuck\.lol$/i"; classtype:trojan-activity; sid:37171361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname jhukirofuck.lol"; flow:to_server,established; http.header; content: "Host|3a| jhukirofuck.lol"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhukirofuck\.lol[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//jhukirofuck.lol/a6Sg0"; flow:to_server,established; http.header; content:"jhukirofuck.lol"; fast_pattern; nocase; http.uri; content:"/a6Sg0"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37171371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname ljrtrucking.com"; dns.query; content:"ljrtrucking.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ljrtrucking\.com$/i"; classtype:trojan-activity; sid:37171391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname ljrtrucking.com"; flow:to_server,established; http.header; content: "Host|3a| ljrtrucking.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ljrtrucking\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//www.ljrtrucking.com/Configs/PostFinance/"; flow:to_server,established; http.header; content:"www.ljrtrucking.com"; fast_pattern; nocase; http.uri; content:"/Configs/PostFinance/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37171401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname monribotclement.wixsite.com"; dns.query; content:"monribotclement.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])monribotclement\.wixsite\.com$/i"; classtype:trojan-activity; sid:37171451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname monribotclement.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| monribotclement.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])monribotclement\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname llr.rwz.mybluehost.me"; dns.query; content:"llr.rwz.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])llr\.rwz\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37171511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname llr.rwz.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| llr.rwz.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])llr\.rwz\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//tinyurl.com/yc44bzdx"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/yc44bzdx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37171611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname previewpdfoffice.dyynamic-360.workers.dev"; dns.query; content:"previewpdfoffice.dyynamic-360.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])previewpdfoffice\.dyynamic\-360\.workers\.dev$/i"; classtype:trojan-activity; sid:37171661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname previewpdfoffice.dyynamic-360.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| previewpdfoffice.dyynamic-360.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])previewpdfoffice\.dyynamic\-360\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname scancodehub.com"; dns.query; content:"scancodehub.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scancodehub\.com$/i"; classtype:trojan-activity; sid:37171691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname scancodehub.com"; flow:to_server,established; http.header; content: "Host|3a| scancodehub.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scancodehub\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname poczta.pkp.pl"; dns.query; content:"poczta.pkp.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])poczta\.pkp\.pl$/i"; classtype:trojan-activity; sid:37171721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname poczta.pkp.pl"; flow:to_server,established; http.header; content: "Host|3a| poczta.pkp.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])poczta\.pkp\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname o4rakvvd6luqt-1324239560.cos.sa-saopaulo.myqcloud.com"; dns.query; content:"o4rakvvd6luqt-1324239560.cos.sa-saopaulo.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])o4rakvvd6luqt\-1324239560\.cos\.sa\-saopaulo\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37171751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname o4rakvvd6luqt-1324239560.cos.sa-saopaulo.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| o4rakvvd6luqt-1324239560.cos.sa-saopaulo.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])o4rakvvd6luqt\-1324239560\.cos\.sa\-saopaulo\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname c23qvxnkktc95-1324239560.cos.eu-frankfurt.myqcloud.com"; dns.query; content:"c23qvxnkktc95-1324239560.cos.eu-frankfurt.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])c23qvxnkktc95\-1324239560\.cos\.eu\-frankfurt\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37171781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname c23qvxnkktc95-1324239560.cos.eu-frankfurt.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| c23qvxnkktc95-1324239560.cos.eu-frankfurt.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])c23qvxnkktc95\-1324239560\.cos\.eu\-frankfurt\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 9771166x79hdp-1324239560.cos.ap-mumbai.myqcloud.com"; dns.query; content:"9771166x79hdp-1324239560.cos.ap-mumbai.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9771166x79hdp\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37171811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 9771166x79hdp-1324239560.cos.ap-mumbai.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| 9771166x79hdp-1324239560.cos.ap-mumbai.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9771166x79hdp\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname z14wj2b2n84v4-1324239560.cos.na-ashburn.myqcloud.com"; dns.query; content:"z14wj2b2n84v4-1324239560.cos.na-ashburn.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])z14wj2b2n84v4\-1324239560\.cos\.na\-ashburn\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37171841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname z14wj2b2n84v4-1324239560.cos.na-ashburn.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| z14wj2b2n84v4-1324239560.cos.na-ashburn.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])z14wj2b2n84v4\-1324239560\.cos\.na\-ashburn\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname csnhr27hzgzif-1324239560.cos.ap-singapore.myqcloud.com"; dns.query; content:"csnhr27hzgzif-1324239560.cos.ap-singapore.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])csnhr27hzgzif\-1324239560\.cos\.ap\-singapore\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37171871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname csnhr27hzgzif-1324239560.cos.ap-singapore.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| csnhr27hzgzif-1324239560.cos.ap-singapore.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])csnhr27hzgzif\-1324239560\.cos\.ap\-singapore\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname officenced.com"; dns.query; content:"officenced.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officenced\.com$/i"; classtype:trojan-activity; sid:37171901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname officenced.com"; flow:to_server,established; http.header; content: "Host|3a| officenced.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officenced\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname pxcg1xv5fautw-1324239560.cos.ap-mumbai.myqcloud.com"; dns.query; content:"pxcg1xv5fautw-1324239560.cos.ap-mumbai.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pxcg1xv5fautw\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37171931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname pxcg1xv5fautw-1324239560.cos.ap-mumbai.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| pxcg1xv5fautw-1324239560.cos.ap-mumbai.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pxcg1xv5fautw\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname officenced.com"; dns.query; content:"officenced.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officenced\.com$/i"; classtype:trojan-activity; sid:37171961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname officenced.com"; flow:to_server,established; http.header; content: "Host|3a| officenced.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officenced\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cikguu-viral.bino-private-free.my.id"; dns.query; content:"cikguu-viral.bino-private-free.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cikguu\-viral\.bino\-private\-free\.my\.id$/i"; classtype:trojan-activity; sid:37171991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cikguu-viral.bino-private-free.my.id"; flow:to_server,established; http.header; content: "Host|3a| cikguu-viral.bino-private-free.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cikguu\-viral\.bino\-private\-free\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37171992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname debixuserincservice.sviluppo.host"; dns.query; content:"debixuserincservice.sviluppo.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])debixuserincservice\.sviluppo\.host$/i"; classtype:trojan-activity; sid:37172021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname debixuserincservice.sviluppo.host"; flow:to_server,established; http.header; content: "Host|3a| debixuserincservice.sviluppo.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])debixuserincservice\.sviluppo\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname divsly.com"; dns.query; content:"divsly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])divsly\.com$/i"; classtype:trojan-activity; sid:37172051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname divsly.com"; flow:to_server,established; http.header; content: "Host|3a| divsly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])divsly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname mostbet-slot.com"; dns.query; content:"mostbet-slot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mostbet\-slot\.com$/i"; classtype:trojan-activity; sid:37172111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname mostbet-slot.com"; flow:to_server,established; http.header; content: "Host|3a| mostbet-slot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mostbet\-slot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname boitevoicerange00.wixsite.com"; dns.query; content:"boitevoicerange00.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])boitevoicerange00\.wixsite\.com$/i"; classtype:trojan-activity; sid:37172141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname boitevoicerange00.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| boitevoicerange00.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])boitevoicerange00\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname grimnor69x.quest"; dns.query; content:"grimnor69x.quest"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grimnor69x\.quest$/i"; classtype:trojan-activity; sid:37172171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname grimnor69x.quest"; flow:to_server,established; http.header; content: "Host|3a| grimnor69x.quest"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grimnor69x\.quest[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//grimnor69x.quest/cT5og"; flow:to_server,established; http.header; content:"grimnor69x.quest"; fast_pattern; nocase; http.uri; content:"/cT5og"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37172181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname phn1zw.webwave.dev"; dns.query; content:"phn1zw.webwave.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])phn1zw\.webwave\.dev$/i"; classtype:trojan-activity; sid:37172201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname phn1zw.webwave.dev"; flow:to_server,established; http.header; content: "Host|3a| phn1zw.webwave.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])phn1zw\.webwave\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname yassistande.shop"; dns.query; content:"yassistande.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yassistande\.shop$/i"; classtype:trojan-activity; sid:37172231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname yassistande.shop"; flow:to_server,established; http.header; content: "Host|3a| yassistande.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yassistande\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname lnkz.at"; dns.query; content:"lnkz.at"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnkz\.at$/i"; classtype:trojan-activity; sid:37172261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname lnkz.at"; flow:to_server,established; http.header; content: "Host|3a| lnkz.at"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnkz\.at[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname dev-cntactservicesorangeclubinf24.pantheonsite.io"; dns.query; content:"dev-cntactservicesorangeclubinf24.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\-cntactservicesorangeclubinf24\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37172291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname dev-cntactservicesorangeclubinf24.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a| dev-cntactservicesorangeclubinf24.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\-cntactservicesorangeclubinf24\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname page-personnel.hubside.fr"; dns.query; content:"page-personnel.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])page\-personnel\.hubside\.fr$/i"; classtype:trojan-activity; sid:37172351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname page-personnel.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| page-personnel.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])page\-personnel\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname babatundes12.wixstudio.io"; dns.query; content:"babatundes12.wixstudio.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])babatundes12\.wixstudio\.io$/i"; classtype:trojan-activity; sid:37172381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname babatundes12.wixstudio.io"; flow:to_server,established; http.header; content: "Host|3a| babatundes12.wixstudio.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])babatundes12\.wixstudio\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname fstoppers.com"; dns.query; content:"fstoppers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fstoppers\.com$/i"; classtype:trojan-activity; sid:37172411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname fstoppers.com"; flow:to_server,established; http.header; content: "Host|3a| fstoppers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fstoppers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname espaceclientorange8.wixsite.com"; dns.query; content:"espaceclientorange8.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])espaceclientorange8\.wixsite\.com$/i"; classtype:trojan-activity; sid:37172441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname espaceclientorange8.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| espaceclientorange8.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])espaceclientorange8\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname bujli69kon.lol"; dns.query; content:"bujli69kon.lol"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bujli69kon\.lol$/i"; classtype:trojan-activity; sid:37172471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname bujli69kon.lol"; flow:to_server,established; http.header; content: "Host|3a| bujli69kon.lol"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bujli69kon\.lol[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//bujli69kon.lol/WJY0O"; flow:to_server,established; http.header; content:"bujli69kon.lol"; fast_pattern; nocase; http.uri; content:"/WJY0O"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37172481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname bvbdfh.hubside.fr"; dns.query; content:"bvbdfh.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bvbdfh\.hubside\.fr$/i"; classtype:trojan-activity; sid:37172501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname bvbdfh.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| bvbdfh.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bvbdfh\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname tokenpocket-tpmuo.org"; dns.query; content:"tokenpocket-tpmuo.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpmuo\.org$/i"; classtype:trojan-activity; sid:37172561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname tokenpocket-tpmuo.org"; flow:to_server,established; http.header; content: "Host|3a| tokenpocket-tpmuo.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpmuo\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//tokenpocket-tpmuo.org"; flow:to_server,established; http.header; content:"tokenpocket-tpmuo.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37172571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname donani.fr"; dns.query; content:"donani.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])donani\.fr$/i"; classtype:trojan-activity; sid:37172591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname donani.fr"; flow:to_server,established; http.header; content: "Host|3a| donani.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])donani\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname new-interface-a53cec.zapier.app"; dns.query; content:"new-interface-a53cec.zapier.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])new\-interface\-a53cec\.zapier\.app$/i"; classtype:trojan-activity; sid:37172621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname new-interface-a53cec.zapier.app"; flow:to_server,established; http.header; content: "Host|3a| new-interface-a53cec.zapier.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])new\-interface\-a53cec\.zapier\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname bcrowle45.wixsite.com"; dns.query; content:"bcrowle45.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bcrowle45\.wixsite\.com$/i"; classtype:trojan-activity; sid:37172651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname bcrowle45.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| bcrowle45.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bcrowle45\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname smzjx.mjt.lu"; dns.query; content:"smzjx.mjt.lu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smzjx\.mjt\.lu$/i"; classtype:trojan-activity; sid:37172711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname smzjx.mjt.lu"; flow:to_server,established; http.header; content: "Host|3a| smzjx.mjt.lu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smzjx\.mjt\.lu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname www-orang.hubside.fr"; dns.query; content:"www-orang.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-orang\.hubside\.fr$/i"; classtype:trojan-activity; sid:37172741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname www-orang.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| www-orang.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-orang\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname s1.conseptbolo.com"; dns.query; content:"s1.conseptbolo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.conseptbolo\.com$/i"; classtype:trojan-activity; sid:37172771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname s1.conseptbolo.com"; flow:to_server,established; http.header; content: "Host|3a| s1.conseptbolo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.conseptbolo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname espace-client-authentification.hubside.be"; dns.query; content:"espace-client-authentification.hubside.be"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])espace\-client\-authentification\.hubside\.be$/i"; classtype:trojan-activity; sid:37172801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname espace-client-authentification.hubside.be"; flow:to_server,established; http.header; content: "Host|3a| espace-client-authentification.hubside.be"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])espace\-client\-authentification\.hubside\.be[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname schoolutions.africa"; dns.query; content:"schoolutions.africa"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])schoolutions\.africa$/i"; classtype:trojan-activity; sid:37172831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname schoolutions.africa"; flow:to_server,established; http.header; content: "Host|3a| schoolutions.africa"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])schoolutions\.africa[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname partyrentalltd.pages.dev"; dns.query; content:"partyrentalltd.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])partyrentalltd\.pages\.dev$/i"; classtype:trojan-activity; sid:37172861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname partyrentalltd.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| partyrentalltd.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])partyrentalltd\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//partyrentalltd.pages.dev"; flow:to_server,established; http.header; content:"partyrentalltd.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37172871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname weslinshoserihaecutetzinspon03.pages.dev"; dns.query; content:"weslinshoserihaecutetzinspon03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])weslinshoserihaecutetzinspon03\.pages\.dev$/i"; classtype:trojan-activity; sid:37172891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname weslinshoserihaecutetzinspon03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| weslinshoserihaecutetzinspon03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])weslinshoserihaecutetzinspon03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//weslinshoserihaecutetzinspon03.pages.dev"; flow:to_server,established; http.header; content:"weslinshoserihaecutetzinspon03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37172901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname man896.abk.ch"; dns.query; content:"man896.abk.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])man896\.abk\.ch$/i"; classtype:trojan-activity; sid:37172921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname man896.abk.ch"; flow:to_server,established; http.header; content: "Host|3a| man896.abk.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])man896\.abk\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname qrco.de"; dns.query; content:"qrco.de"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qrco\.de$/i"; classtype:trojan-activity; sid:37172951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname qrco.de"; flow:to_server,established; http.header; content: "Host|3a| qrco.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qrco\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname worldtrekimmigration.com"; dns.query; content:"worldtrekimmigration.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worldtrekimmigration\.com$/i"; classtype:trojan-activity; sid:37172981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname worldtrekimmigration.com"; flow:to_server,established; http.header; content: "Host|3a| worldtrekimmigration.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worldtrekimmigration\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37172982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname lyndseydesjardins.com"; dns.query; content:"lyndseydesjardins.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lyndseydesjardins\.com$/i"; classtype:trojan-activity; sid:37173011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname lyndseydesjardins.com"; flow:to_server,established; http.header; content: "Host|3a| lyndseydesjardins.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lyndseydesjardins\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//lyndseydesjardins.com/XASDFCookies2fa0990/dssoppesv/sup-mai/sup-mai/Dir/Connexion.html?utm_campaign=camfree"; flow:to_server,established; http.header; content:"lyndseydesjardins.com"; fast_pattern; nocase; http.uri; content:"/XASDFCookies2fa0990/dssoppesv/sup-mai/sup-mai/Dir/Connexion.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname rd-dataservices.com"; dns.query; content:"rd-dataservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rd\-dataservices\.com$/i"; classtype:trojan-activity; sid:37173041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname rd-dataservices.com"; flow:to_server,established; http.header; content: "Host|3a| rd-dataservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rd\-dataservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname dbfjdffnnfd.weebly.com"; dns.query; content:"dbfjdffnnfd.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dbfjdffnnfd\.weebly\.com$/i"; classtype:trojan-activity; sid:37173071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname dbfjdffnnfd.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| dbfjdffnnfd.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dbfjdffnnfd\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname home-100120.weeblysite.com"; dns.query; content:"home-100120.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-100120\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37173101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname home-100120.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| home-100120.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-100120\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspsp-ostal.com"; dns.query; content:"uspsp-ostal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsp\-ostal\.com$/i"; classtype:trojan-activity; sid:37173161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspsp-ostal.com"; flow:to_server,established; http.header; content: "Host|3a| uspsp-ostal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsp\-ostal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//uspsp-ostal.com"; flow:to_server,established; http.header; content:"uspsp-ostal.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname seeview.pages.dev"; dns.query; content:"seeview.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])seeview\.pages\.dev$/i"; classtype:trojan-activity; sid:37173191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname seeview.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| seeview.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])seeview\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//seeview.pages.dev"; flow:to_server,established; http.header; content:"seeview.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname lkl3.icu"; dns.query; content:"lkl3.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lkl3\.icu$/i"; classtype:trojan-activity; sid:37173221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname lkl3.icu"; flow:to_server,established; http.header; content: "Host|3a| lkl3.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lkl3\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//lkl3.icu"; flow:to_server,established; http.header; content:"lkl3.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname yhgh.pages.dev"; dns.query; content:"yhgh.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yhgh\.pages\.dev$/i"; classtype:trojan-activity; sid:37173251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname yhgh.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yhgh.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yhgh\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//yhgh.pages.dev/%5C%5C%5C%22https|3a|%5C/%5C/t.myvisualiq.net%5C/impression_pixel"; flow:to_server,established; http.header; content:"yhgh.pages.dev"; fast_pattern; nocase; http.uri; content:"/%5C%5C%5C%22https:%5C/%5C/t.myvisualiq.net%5C/impression_pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname ymail-102329.weeblysite.com"; dns.query; content:"ymail-102329.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ymail\-102329\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37173281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname ymail-102329.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| ymail-102329.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ymail\-102329\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//ymail-102329.weeblysite.com"; flow:to_server,established; http.header; content:"ymail-102329.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname wxf.sandiu505.xyz"; dns.query; content:"wxf.sandiu505.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wxf\.sandiu505\.xyz$/i"; classtype:trojan-activity; sid:37173311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname wxf.sandiu505.xyz"; flow:to_server,established; http.header; content: "Host|3a| wxf.sandiu505.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wxf\.sandiu505\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//wxf.sandiu505.xyz"; flow:to_server,established; http.header; content:"wxf.sandiu505.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telegrrml.work"; dns.query; content:"telegrrml.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrrml\.work$/i"; classtype:trojan-activity; sid:37173341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telegrrml.work"; flow:to_server,established; http.header; content: "Host|3a| telegrrml.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrrml\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//www.telegrrml.work"; flow:to_server,established; http.header; content:"www.telegrrml.work"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname www-what-worlhn.com"; dns.query; content:"www-what-worlhn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-what\-worlhn\.com$/i"; classtype:trojan-activity; sid:37173371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname www-what-worlhn.com"; flow:to_server,established; http.header; content: "Host|3a| www-what-worlhn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-what\-worlhn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//www-what-worlhn.com"; flow:to_server,established; http.header; content:"www-what-worlhn.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname lyndseydesjardins.com"; dns.query; content:"lyndseydesjardins.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lyndseydesjardins\.com$/i"; classtype:trojan-activity; sid:37173401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname lyndseydesjardins.com"; flow:to_server,established; http.header; content: "Host|3a| lyndseydesjardins.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lyndseydesjardins\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//www.lyndseydesjardins.com/XASDFCookies2fa0990/dssoppesv/sup-mai/sup-mai/Dir/Connexion.html"; flow:to_server,established; http.header; content:"www.lyndseydesjardins.com"; fast_pattern; nocase; http.uri; content:"/XASDFCookies2fa0990/dssoppesv/sup-mai/sup-mai/Dir/Connexion.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname b04327.com"; dns.query; content:"b04327.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b04327\.com$/i"; classtype:trojan-activity; sid:37173431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname b04327.com"; flow:to_server,established; http.header; content: "Host|3a| b04327.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b04327\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//www.b04327.com"; flow:to_server,established; http.header; content:"www.b04327.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 9955311.cc"; dns.query; content:"9955311.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9955311\.cc$/i"; classtype:trojan-activity; sid:37173461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 9955311.cc"; flow:to_server,established; http.header; content: "Host|3a| 9955311.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9955311\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//www.9955311.cc"; flow:to_server,established; http.header; content:"www.9955311.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname windowsreport.firm.in"; dns.query; content:"windowsreport.firm.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])windowsreport\.firm\.in$/i"; classtype:trojan-activity; sid:37173491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname windowsreport.firm.in"; flow:to_server,established; http.header; content: "Host|3a| windowsreport.firm.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])windowsreport\.firm\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//windowsreport.firm.in"; flow:to_server,established; http.header; content:"windowsreport.firm.in"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname winbuddy.ru"; dns.query; content:"winbuddy.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])winbuddy\.ru$/i"; classtype:trojan-activity; sid:37173521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname winbuddy.ru"; flow:to_server,established; http.header; content: "Host|3a| winbuddy.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])winbuddy\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//winbuddy.ru"; flow:to_server,established; http.header; content:"winbuddy.ru"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname viral-scandal.viral-melayu.my.id"; dns.query; content:"viral-scandal.viral-melayu.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])viral\-scandal\.viral\-melayu\.my\.id$/i"; classtype:trojan-activity; sid:37173551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname viral-scandal.viral-melayu.my.id"; flow:to_server,established; http.header; content: "Host|3a| viral-scandal.viral-melayu.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])viral\-scandal\.viral\-melayu\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//viral-scandal.viral-melayu.my.id"; flow:to_server,established; http.header; content:"viral-scandal.viral-melayu.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname im20.net"; dns.query; content:"im20.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])im20\.net$/i"; classtype:trojan-activity; sid:37173581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname im20.net"; flow:to_server,established; http.header; content: "Host|3a| im20.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])im20\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname vcs-room-private.melayu-viral-vvip.my.id"; dns.query; content:"vcs-room-private.melayu-viral-vvip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vcs\-room\-private\.melayu\-viral\-vvip\.my\.id$/i"; classtype:trojan-activity; sid:37173611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname vcs-room-private.melayu-viral-vvip.my.id"; flow:to_server,established; http.header; content: "Host|3a| vcs-room-private.melayu-viral-vvip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vcs\-room\-private\.melayu\-viral\-vvip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//vcs-room-private.melayu-viral-vvip.my.id"; flow:to_server,established; http.header; content:"vcs-room-private.melayu-viral-vvip.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usus.ussprx.top"; dns.query; content:"usus.ussprx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usus\.ussprx\.top$/i"; classtype:trojan-activity; sid:37173641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usus.ussprx.top"; flow:to_server,established; http.header; content: "Host|3a| usus.ussprx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usus\.ussprx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usus.ussprx.top"; flow:to_server,established; http.header; content:"usus.ussprx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.usspup.top"; dns.query; content:"usp.usspup.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspup\.top$/i"; classtype:trojan-activity; sid:37173671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.usspup.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspup.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspup\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usp.usspup.top"; flow:to_server,established; http.header; content:"usp.usspup.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.ussptc.top"; dns.query; content:"usp.ussptc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptc\.top$/i"; classtype:trojan-activity; sid:37173701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.ussptc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usp.ussptc.top"; flow:to_server,established; http.header; content:"usp.ussptc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.ussprp.top"; dns.query; content:"usp.ussprp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprp\.top$/i"; classtype:trojan-activity; sid:37173731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.ussprp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussprp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usp.ussprp.top"; flow:to_server,established; http.header; content:"usp.ussprp.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.ussprg.top"; dns.query; content:"usp.ussprg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprg\.top$/i"; classtype:trojan-activity; sid:37173761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.ussprg.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussprg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usp.ussprg.top"; flow:to_server,established; http.header; content:"usp.ussprg.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.trackshipments-address.top"; dns.query; content:"usps.trackshipments-address.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.trackshipments\-address\.top$/i"; classtype:trojan-activity; sid:37173791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.trackshipments-address.top"; flow:to_server,established; http.header; content: "Host|3a| usps.trackshipments-address.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.trackshipments\-address\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.trackshipments-address.top"; flow:to_server,established; http.header; content:"usps.trackshipments-address.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.teamtvpei.top"; dns.query; content:"usps.teamtvpei.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.teamtvpei\.top$/i"; classtype:trojan-activity; sid:37173821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.teamtvpei.top"; flow:to_server,established; http.header; content: "Host|3a| usps.teamtvpei.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.teamtvpei\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.teamtvpei.top"; flow:to_server,established; http.header; content:"usps.teamtvpei.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.posthelpgn.top"; dns.query; content:"usps.posthelpgn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.posthelpgn\.top$/i"; classtype:trojan-activity; sid:37173851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.posthelpgn.top"; flow:to_server,established; http.header; content: "Host|3a| usps.posthelpgn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.posthelpgn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.posthelpgn.top"; flow:to_server,established; http.header; content:"usps.posthelpgn.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.mytrack-vt.top"; dns.query; content:"usps.mytrack-vt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-vt\.top$/i"; classtype:trojan-activity; sid:37173881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.mytrack-vt.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrack-vt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-vt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.mytrack-vt.top"; flow:to_server,established; http.header; content:"usps.mytrack-vt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.mytrack-ok.com"; dns.query; content:"usps.mytrack-ok.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-ok\.com$/i"; classtype:trojan-activity; sid:37173911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.mytrack-ok.com"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrack-ok.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-ok\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.mytrack-ok.com"; flow:to_server,established; http.header; content:"usps.mytrack-ok.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.mytrack-nd.top"; dns.query; content:"usps.mytrack-nd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-nd\.top$/i"; classtype:trojan-activity; sid:37173941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.mytrack-nd.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrack-nd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-nd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.mytrack-nd.top"; flow:to_server,established; http.header; content:"usps.mytrack-nd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.mytrack-mn.com"; dns.query; content:"usps.mytrack-mn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-mn\.com$/i"; classtype:trojan-activity; sid:37173971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.mytrack-mn.com"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrack-mn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-mn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37173972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.mytrack-mn.com"; flow:to_server,established; http.header; content:"usps.mytrack-mn.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37173981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.mytrackingtj.top"; dns.query; content:"usps.mytrackingtj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingtj\.top$/i"; classtype:trojan-activity; sid:37174001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.mytrackingtj.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingtj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingtj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.mytrackingtj.top"; flow:to_server,established; http.header; content:"usps.mytrackingtj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.mytrackingqu.top"; dns.query; content:"usps.mytrackingqu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingqu\.top$/i"; classtype:trojan-activity; sid:37174031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.mytrackingqu.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingqu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingqu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.mytrackingqu.top"; flow:to_server,established; http.header; content:"usps.mytrackingqu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.mytrackingp.top"; dns.query; content:"usps.mytrackingp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingp\.top$/i"; classtype:trojan-activity; sid:37174061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.mytrackingp.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.mytrackingp.top"; flow:to_server,established; http.header; content:"usps.mytrackingp.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.mytrackinge-tx.top"; dns.query; content:"usps.mytrackinge-tx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackinge\-tx\.top$/i"; classtype:trojan-activity; sid:37174091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.mytrackinge-tx.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackinge-tx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackinge\-tx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.mytrackinge-tx.top"; flow:to_server,established; http.header; content:"usps.mytrackinge-tx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.hkjtion.com"; dns.query; content:"usps.hkjtion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.hkjtion\.com$/i"; classtype:trojan-activity; sid:37174121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.hkjtion.com"; flow:to_server,established; http.header; content: "Host|3a| usps.hkjtion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.hkjtion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.hkjtion.com"; flow:to_server,established; http.header; content:"usps.hkjtion.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname trackerr.top"; dns.query; content:"trackerr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trackerr\.top$/i"; classtype:trojan-activity; sid:37174151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname trackerr.top"; flow:to_server,established; http.header; content: "Host|3a| trackerr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trackerr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//trackerr.top"; flow:to_server,established; http.header; content:"trackerr.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname tokenas.app"; dns.query; content:"tokenas.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenas\.app$/i"; classtype:trojan-activity; sid:37174181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname tokenas.app"; flow:to_server,established; http.header; content: "Host|3a| tokenas.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenas\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//tokenas.app"; flow:to_server,established; http.header; content:"tokenas.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname tg.telegarm-ms.top"; dns.query; content:"tg.telegarm-ms.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-ms\.top$/i"; classtype:trojan-activity; sid:37174211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname tg.telegarm-ms.top"; flow:to_server,established; http.header; content: "Host|3a| tg.telegarm-ms.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-ms\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//tg.telegarm-ms.top"; flow:to_server,established; http.header; content:"tg.telegarm-ms.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-109049.weeblysite.com"; dns.query; content:"telstra-109049.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-109049\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-109049.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-109049.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-109049\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-109049.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-109049.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-108934.weeblysite.com"; dns.query; content:"telstra-108934.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-108934\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-108934.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-108934.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-108934\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-108934.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-108934.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-107487.weeblysite.com"; dns.query; content:"telstra-107487.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107487\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-107487.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-107487.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107487\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-107487.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-107487.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-107080.weeblysite.com"; dns.query; content:"telstra-107080.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107080\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-107080.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-107080.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107080\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-107080.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-107080.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-106013.weeblysite.com"; dns.query; content:"telstra-106013.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-106013\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-106013.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-106013.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-106013\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-106013.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-106013.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-104968.weeblysite.com"; dns.query; content:"telstra-104968.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-104968\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-104968.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-104968.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-104968\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-104968.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-104968.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-104176.weeblysite.com"; dns.query; content:"telstra-104176.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-104176\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-104176.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-104176.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-104176\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-104176.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-104176.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-104064.weeblysite.com"; dns.query; content:"telstra-104064.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-104064\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-104064.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-104064.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-104064\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-104064.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-104064.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-103160.weeblysite.com"; dns.query; content:"telstra-103160.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-103160\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-103160.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-103160.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-103160\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-103160.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-103160.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-102998.weeblysite.com"; dns.query; content:"telstra-102998.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-102998\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-102998.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-102998.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-102998\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-102998.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-102998.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-102624.weeblysite.com"; dns.query; content:"telstra-102624.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-102624\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-102624.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-102624.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-102624\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-102624.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-102624.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-101970.weeblysite.com"; dns.query; content:"telstra-101970.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-101970\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-101970.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-101970.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-101970\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-101970.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-101970.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname teleqscm.club"; dns.query; content:"teleqscm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleqscm\.club$/i"; classtype:trojan-activity; sid:37174601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname teleqscm.club"; flow:to_server,established; http.header; content: "Host|3a| teleqscm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleqscm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//teleqscm.club"; flow:to_server,established; http.header; content:"teleqscm.club"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-101112.weeblysite.com"; dns.query; content:"telstra-101112.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-101112\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37174631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-101112.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-101112.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-101112\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-101112.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-101112.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telegramxgroups.pages.dev"; dns.query; content:"telegramxgroups.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramxgroups\.pages\.dev$/i"; classtype:trojan-activity; sid:37174661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telegramxgroups.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramxgroups.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramxgroups\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telegramxgroups.pages.dev"; flow:to_server,established; http.header; content:"telegramxgroups.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname tacking-uspst-ue.top"; dns.query; content:"tacking-uspst-ue.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-ue\.top$/i"; classtype:trojan-activity; sid:37174691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname tacking-uspst-ue.top"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspst-ue.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-ue\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//tacking-uspst-ue.top"; flow:to_server,established; http.header; content:"tacking-uspst-ue.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname tacking-uspst-nd.com"; dns.query; content:"tacking-uspst-nd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-nd\.com$/i"; classtype:trojan-activity; sid:37174721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname tacking-uspst-nd.com"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspst-nd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-nd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//tacking-uspst-nd.com"; flow:to_server,established; http.header; content:"tacking-uspst-nd.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname tacking-uspst-mn.com"; dns.query; content:"tacking-uspst-mn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-mn\.com$/i"; classtype:trojan-activity; sid:37174751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname tacking-uspst-mn.com"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspst-mn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-mn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//tacking-uspst-mn.com"; flow:to_server,established; http.header; content:"tacking-uspst-mn.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname bet04320.com"; dns.query; content:"bet04320.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bet04320\.com$/i"; classtype:trojan-activity; sid:37174781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname bet04320.com"; flow:to_server,established; http.header; content: "Host|3a| bet04320.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bet04320\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname worker-muddy-block-7ce2.monmouth20.workers.dev"; dns.query; content:"worker-muddy-block-7ce2.monmouth20.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-muddy\-block\-7ce2\.monmouth20\.workers\.dev$/i"; classtype:trojan-activity; sid:37174811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname worker-muddy-block-7ce2.monmouth20.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-muddy-block-7ce2.monmouth20.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-muddy\-block\-7ce2\.monmouth20\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspe.ussplj.top"; dns.query; content:"uspe.ussplj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussplj\.top$/i"; classtype:trojan-activity; sid:37174841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspe.ussplj.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.ussplj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussplj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname ubiquitous-crepe-04a4d2.netlify.app"; dns.query; content:"ubiquitous-crepe-04a4d2.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ubiquitous\-crepe\-04a4d2\.netlify\.app$/i"; classtype:trojan-activity; sid:37174871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname ubiquitous-crepe-04a4d2.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| ubiquitous-crepe-04a4d2.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ubiquitous\-crepe\-04a4d2\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname tg-mrkfjwg.top"; dns.query; content:"tg-mrkfjwg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\-mrkfjwg\.top$/i"; classtype:trojan-activity; sid:37174901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname tg-mrkfjwg.top"; flow:to_server,established; http.header; content: "Host|3a| tg-mrkfjwg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\-mrkfjwg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname statuesque-jelly-fcz340.netlify.app"; dns.query; content:"statuesque-jelly-fcz340.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])statuesque\-jelly\-fcz340\.netlify\.app$/i"; classtype:trojan-activity; sid:37174931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname statuesque-jelly-fcz340.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| statuesque-jelly-fcz340.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])statuesque\-jelly\-fcz340\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//statuesque-jelly-fcz340.netlify.app"; flow:to_server,established; http.header; content:"statuesque-jelly-fcz340.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37174941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname sginternett-dbssg-bankiing.com"; dns.query; content:"sginternett-dbssg-bankiing.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sginternett\-dbssg\-bankiing\.com$/i"; classtype:trojan-activity; sid:37174961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname sginternett-dbssg-bankiing.com"; flow:to_server,established; http.header; content: "Host|3a| sginternett-dbssg-bankiing.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sginternett\-dbssg\-bankiing\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname sginternett-dbssg-bankiing.com"; dns.query; content:"sginternett-dbssg-bankiing.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sginternett\-dbssg\-bankiing\.com$/i"; classtype:trojan-activity; sid:37174991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname sginternett-dbssg-bankiing.com"; flow:to_server,established; http.header; content: "Host|3a| sginternett-dbssg-bankiing.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sginternett\-dbssg\-bankiing\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37174992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname pub-78a9a9d8b3b14d60a24c7025b7ffdbf2.r2.dev"; dns.query; content:"pub-78a9a9d8b3b14d60a24c7025b7ffdbf2.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-78a9a9d8b3b14d60a24c7025b7ffdbf2\.r2\.dev$/i"; classtype:trojan-activity; sid:37175021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname pub-78a9a9d8b3b14d60a24c7025b7ffdbf2.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-78a9a9d8b3b14d60a24c7025b7ffdbf2.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-78a9a9d8b3b14d60a24c7025b7ffdbf2\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname papaya-palmier-05d480.netlify.app"; dns.query; content:"papaya-palmier-05d480.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])papaya\-palmier\-05d480\.netlify\.app$/i"; classtype:trojan-activity; sid:37175051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname papaya-palmier-05d480.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| papaya-palmier-05d480.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])papaya\-palmier\-05d480\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname erudicaoinvestimentos.com.br"; dns.query; content:"erudicaoinvestimentos.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])erudicaoinvestimentos\.com\.br$/i"; classtype:trojan-activity; sid:37175081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname erudicaoinvestimentos.com.br"; flow:to_server,established; http.header; content: "Host|3a| erudicaoinvestimentos.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])erudicaoinvestimentos\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname erudicaoinvestimentos.com.br"; dns.query; content:"erudicaoinvestimentos.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])erudicaoinvestimentos\.com\.br$/i"; classtype:trojan-activity; sid:37175111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname erudicaoinvestimentos.com.br"; flow:to_server,established; http.header; content: "Host|3a| erudicaoinvestimentos.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])erudicaoinvestimentos\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname d4.san65k.xyz"; dns.query; content:"d4.san65k.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d4\.san65k\.xyz$/i"; classtype:trojan-activity; sid:37175141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname d4.san65k.xyz"; flow:to_server,established; http.header; content: "Host|3a| d4.san65k.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d4\.san65k\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname s7.ichlafmostel.com"; dns.query; content:"s7.ichlafmostel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s7\.ichlafmostel\.com$/i"; classtype:trojan-activity; sid:37175171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname s7.ichlafmostel.com"; flow:to_server,established; http.header; content: "Host|3a| s7.ichlafmostel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s7\.ichlafmostel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//s7.ichlafmostel.com"; flow:to_server,established; http.header; content:"s7.ichlafmostel.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname s5.servicedyalobd.com"; dns.query; content:"s5.servicedyalobd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s5\.servicedyalobd\.com$/i"; classtype:trojan-activity; sid:37175201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname s5.servicedyalobd.com"; flow:to_server,established; http.header; content: "Host|3a| s5.servicedyalobd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s5\.servicedyalobd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//s5.servicedyalobd.com"; flow:to_server,established; http.header; content:"s5.servicedyalobd.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname rjqpx365.cc"; dns.query; content:"rjqpx365.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rjqpx365\.cc$/i"; classtype:trojan-activity; sid:37175231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname rjqpx365.cc"; flow:to_server,established; http.header; content: "Host|3a| rjqpx365.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rjqpx365\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//rjqpx365.cc"; flow:to_server,established; http.header; content:"rjqpx365.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname room-gay-kaki-lancap.sumber-inportal.my.id"; dns.query; content:"room-gay-kaki-lancap.sumber-inportal.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])room\-gay\-kaki\-lancap\.sumber\-inportal\.my\.id$/i"; classtype:trojan-activity; sid:37175261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname room-gay-kaki-lancap.sumber-inportal.my.id"; flow:to_server,established; http.header; content: "Host|3a| room-gay-kaki-lancap.sumber-inportal.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])room\-gay\-kaki\-lancap\.sumber\-inportal\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//room-gay-kaki-lancap.sumber-inportal.my.id"; flow:to_server,established; http.header; content:"room-gay-kaki-lancap.sumber-inportal.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname pttosdnj.pages.dev"; dns.query; content:"pttosdnj.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pttosdnj\.pages\.dev$/i"; classtype:trojan-activity; sid:37175291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname pttosdnj.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pttosdnj.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pttosdnj\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//pttosdnj.pages.dev"; flow:to_server,established; http.header; content:"pttosdnj.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname posthelpv.com"; dns.query; content:"posthelpv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])posthelpv\.com$/i"; classtype:trojan-activity; sid:37175321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname posthelpv.com"; flow:to_server,established; http.header; content: "Host|3a| posthelpv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])posthelpv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//posthelpv.com"; flow:to_server,established; http.header; content:"posthelpv.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname pedf.pages.dev"; dns.query; content:"pedf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pedf\.pages\.dev$/i"; classtype:trojan-activity; sid:37175351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname pedf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pedf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pedf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//pedf.pages.dev/robots.txt"; flow:to_server,established; http.header; content:"pedf.pages.dev"; fast_pattern; nocase; http.uri; content:"/robots.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname mygrefutaxgocv.pages.dev"; dns.query; content:"mygrefutaxgocv.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mygrefutaxgocv\.pages\.dev$/i"; classtype:trojan-activity; sid:37175381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname mygrefutaxgocv.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| mygrefutaxgocv.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mygrefutaxgocv\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//mygrefutaxgocv.pages.dev"; flow:to_server,established; http.header; content:"mygrefutaxgocv.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname mutamaxkwalluit.weebly.com"; dns.query; content:"mutamaxkwalluit.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mutamaxkwalluit\.weebly\.com$/i"; classtype:trojan-activity; sid:37175411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname mutamaxkwalluit.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| mutamaxkwalluit.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mutamaxkwalluit\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//mutamaxkwalluit.weebly.com"; flow:to_server,established; http.header; content:"mutamaxkwalluit.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname mia0lwn-755c.temp0serv-onlinenet.workers.dev"; dns.query; content:"mia0lwn-755c.temp0serv-onlinenet.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mia0lwn\-755c\.temp0serv\-onlinenet\.workers\.dev$/i"; classtype:trojan-activity; sid:37175441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname mia0lwn-755c.temp0serv-onlinenet.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| mia0lwn-755c.temp0serv-onlinenet.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mia0lwn\-755c\.temp0serv\-onlinenet\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//mia0lwn-755c.temp0serv-onlinenet.workers.dev"; flow:to_server,established; http.header; content:"mia0lwn-755c.temp0serv-onlinenet.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname meiseek-ajsfgjasgfjasgfas97979asfasf7a9.pages.dev"; dns.query; content:"meiseek-ajsfgjasgfjasgfas97979asfasf7a9.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meiseek\-ajsfgjasgfjasgfas97979asfasf7a9\.pages\.dev$/i"; classtype:trojan-activity; sid:37175471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname meiseek-ajsfgjasgfjasgfas97979asfasf7a9.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| meiseek-ajsfgjasgfjasgfas97979asfasf7a9.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meiseek\-ajsfgjasgfjasgfas97979asfasf7a9\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//meiseek-ajsfgjasgfjasgfas97979asfasf7a9.pages.dev"; flow:to_server,established; http.header; content:"meiseek-ajsfgjasgfjasgfas97979asfasf7a9.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname marsh-cheerful-crate.glitch.me"; dns.query; content:"marsh-cheerful-crate.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marsh\-cheerful\-crate\.glitch\.me$/i"; classtype:trojan-activity; sid:37175501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname marsh-cheerful-crate.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| marsh-cheerful-crate.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marsh\-cheerful\-crate\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//marsh-cheerful-crate.glitch.me"; flow:to_server,established; http.header; content:"marsh-cheerful-crate.glitch.me"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname lucah-melayu-vvip.sumber-inportal.my.id"; dns.query; content:"lucah-melayu-vvip.sumber-inportal.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucah\-melayu\-vvip\.sumber\-inportal\.my\.id$/i"; classtype:trojan-activity; sid:37175531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname lucah-melayu-vvip.sumber-inportal.my.id"; flow:to_server,established; http.header; content: "Host|3a| lucah-melayu-vvip.sumber-inportal.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucah\-melayu\-vvip\.sumber\-inportal\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//lucah-melayu-vvip.sumber-inportal.my.id"; flow:to_server,established; http.header; content:"lucah-melayu-vvip.sumber-inportal.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname live-room-bogel.sumber-inportal.my.id"; dns.query; content:"live-room-bogel.sumber-inportal.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-room\-bogel\.sumber\-inportal\.my\.id$/i"; classtype:trojan-activity; sid:37175561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname live-room-bogel.sumber-inportal.my.id"; flow:to_server,established; http.header; content: "Host|3a| live-room-bogel.sumber-inportal.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-room\-bogel\.sumber\-inportal\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//live-room-bogel.sumber-inportal.my.id"; flow:to_server,established; http.header; content:"live-room-bogel.sumber-inportal.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname liveprivatevideo3.viral-vip.my.id"; dns.query; content:"liveprivatevideo3.viral-vip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatevideo3\.viral\-vip\.my\.id$/i"; classtype:trojan-activity; sid:37175591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname liveprivatevideo3.viral-vip.my.id"; flow:to_server,established; http.header; content: "Host|3a| liveprivatevideo3.viral-vip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatevideo3\.viral\-vip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//liveprivatevideo3.viral-vip.my.id"; flow:to_server,established; http.header; content:"liveprivatevideo3.viral-vip.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname liveprivatehot.sumber-inportal.my.id"; dns.query; content:"liveprivatehot.sumber-inportal.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatehot\.sumber\-inportal\.my\.id$/i"; classtype:trojan-activity; sid:37175621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname liveprivatehot.sumber-inportal.my.id"; flow:to_server,established; http.header; content: "Host|3a| liveprivatehot.sumber-inportal.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatehot\.sumber\-inportal\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//liveprivatehot.sumber-inportal.my.id"; flow:to_server,established; http.header; content:"liveprivatehot.sumber-inportal.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname junuenart.com"; dns.query; content:"junuenart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])junuenart\.com$/i"; classtype:trojan-activity; sid:37175651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname junuenart.com"; flow:to_server,established; http.header; content: "Host|3a| junuenart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])junuenart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//junuenart.com"; flow:to_server,established; http.header; content:"junuenart.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname joinourgroup.info"; dns.query; content:"joinourgroup.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joinourgroup\.info$/i"; classtype:trojan-activity; sid:37175681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname joinourgroup.info"; flow:to_server,established; http.header; content: "Host|3a| joinourgroup.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joinourgroup\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//joinourgroup.info"; flow:to_server,established; http.header; content:"joinourgroup.info"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname info-cpns-dan-pppk.octafx.my.id"; dns.query; content:"info-cpns-dan-pppk.octafx.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])info\-cpns\-dan\-pppk\.octafx\.my\.id$/i"; classtype:trojan-activity; sid:37175711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname info-cpns-dan-pppk.octafx.my.id"; flow:to_server,established; http.header; content: "Host|3a| info-cpns-dan-pppk.octafx.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])info\-cpns\-dan\-pppk\.octafx\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//info-cpns-dan-pppk.octafx.my.id"; flow:to_server,established; http.header; content:"info-cpns-dan-pppk.octafx.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname instagramfreefollower8.blogspot.com"; dns.query; content:"instagramfreefollower8.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramfreefollower8\.blogspot\.com$/i"; classtype:trojan-activity; sid:37175741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname instagramfreefollower8.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| instagramfreefollower8.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramfreefollower8\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//instagramfreefollower8.blogspot.com"; flow:to_server,established; http.header; content:"instagramfreefollower8.blogspot.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname imtoken-rk.top"; dns.query; content:"imtoken-rk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rk\.top$/i"; classtype:trojan-activity; sid:37175771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname imtoken-rk.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-rk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//imtoken-rk.top"; flow:to_server,established; http.header; content:"imtoken-rk.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname googlechormee.blogspot.com"; dns.query; content:"googlechormee.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])googlechormee\.blogspot\.com$/i"; classtype:trojan-activity; sid:37175801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname googlechormee.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| googlechormee.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])googlechormee\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//googlechormee.blogspot.com"; flow:to_server,established; http.header; content:"googlechormee.blogspot.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname gaylancap-vvip.sumber-inportal.my.id"; dns.query; content:"gaylancap-vvip.sumber-inportal.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gaylancap\-vvip\.sumber\-inportal\.my\.id$/i"; classtype:trojan-activity; sid:37175831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname gaylancap-vvip.sumber-inportal.my.id"; flow:to_server,established; http.header; content: "Host|3a| gaylancap-vvip.sumber-inportal.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gaylancap\-vvip\.sumber\-inportal\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//gaylancap-vvip.sumber-inportal.my.id"; flow:to_server,established; http.header; content:"gaylancap-vvip.sumber-inportal.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname freefollower089.blogspot.com"; dns.query; content:"freefollower089.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freefollower089\.blogspot\.com$/i"; classtype:trojan-activity; sid:37175861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname freefollower089.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| freefollower089.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freefollower089\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//freefollower089.blogspot.com"; flow:to_server,established; http.header; content:"freefollower089.blogspot.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname ff.members-garena.io.vn"; dns.query; content:"ff.members-garena.io.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.members\-garena\.io\.vn$/i"; classtype:trojan-activity; sid:37175891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname ff.members-garena.io.vn"; flow:to_server,established; http.header; content: "Host|3a| ff.members-garena.io.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.members\-garena\.io\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//ff.members-garena.io.vn"; flow:to_server,established; http.header; content:"ff.members-garena.io.vn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname bafybeiarlagic7pj2ihd7vpymgs2753rixflhdfeh6ocrs5cvekctypsva.ipfs.cf-ipfs.com"; dns.query; content:"bafybeiarlagic7pj2ihd7vpymgs2753rixflhdfeh6ocrs5cvekctypsva.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeiarlagic7pj2ihd7vpymgs2753rixflhdfeh6ocrs5cvekctypsva\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37175921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname bafybeiarlagic7pj2ihd7vpymgs2753rixflhdfeh6ocrs5cvekctypsva.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeiarlagic7pj2ihd7vpymgs2753rixflhdfeh6ocrs5cvekctypsva.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeiarlagic7pj2ihd7vpymgs2753rixflhdfeh6ocrs5cvekctypsva\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//bafybeiarlagic7pj2ihd7vpymgs2753rixflhdfeh6ocrs5cvekctypsva.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeiarlagic7pj2ihd7vpymgs2753rixflhdfeh6ocrs5cvekctypsva.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname edevletiadelerbaslamakta.pt"; dns.query; content:"edevletiadelerbaslamakta.pt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevletiadelerbaslamakta\.pt$/i"; classtype:trojan-activity; sid:37175951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname edevletiadelerbaslamakta.pt"; flow:to_server,established; http.header; content: "Host|3a| edevletiadelerbaslamakta.pt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevletiadelerbaslamakta\.pt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//edevletiadelerbaslamakta.pt"; flow:to_server,established; http.header; content:"edevletiadelerbaslamakta.pt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname dh801ed.pages.dev"; dns.query; content:"dh801ed.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dh801ed\.pages\.dev$/i"; classtype:trojan-activity; sid:37175981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname dh801ed.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dh801ed.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dh801ed\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37175982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//dh801ed.pages.dev"; flow:to_server,established; http.header; content:"dh801ed.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37175991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname csc-2s5.pages.dev"; dns.query; content:"csc-2s5.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])csc\-2s5\.pages\.dev$/i"; classtype:trojan-activity; sid:37176011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname csc-2s5.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| csc-2s5.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])csc\-2s5\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//csc-2s5.pages.dev"; flow:to_server,established; http.header; content:"csc-2s5.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmPWMWc6dPKmrNdXBRPh7kPkMBBm1jDq8cv8Zq9oRg9bWX"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmPWMWc6dPKmrNdXBRPh7kPkMBBm1jDq8cv8Zq9oRg9bWX"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname coinabse-prologin.godaddysites.com"; dns.query; content:"coinabse-prologin.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinabse\-prologin\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37176071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname coinabse-prologin.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| coinabse-prologin.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinabse\-prologin\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//coinabse-prologin.godaddysites.com"; flow:to_server,established; http.header; content:"coinabse-prologin.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cdnonedrive.zengxiaopi123.workers.dev"; dns.query; content:"cdnonedrive.zengxiaopi123.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cdnonedrive\.zengxiaopi123\.workers\.dev$/i"; classtype:trojan-activity; sid:37176101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cdnonedrive.zengxiaopi123.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cdnonedrive.zengxiaopi123.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cdnonedrive\.zengxiaopi123\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//cdnonedrive.zengxiaopi123.workers.dev"; flow:to_server,established; http.header; content:"cdnonedrive.zengxiaopi123.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname bt-login-104445.weeblysite.com"; dns.query; content:"bt-login-104445.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-login\-104445\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37176131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname bt-login-104445.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-login-104445.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-login\-104445\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//bt-login-104445.weeblysite.com"; flow:to_server,established; http.header; content:"bt-login-104445.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname btcooonnect.weebly.com"; dns.query; content:"btcooonnect.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btcooonnect\.weebly\.com$/i"; classtype:trojan-activity; sid:37176161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname btcooonnect.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| btcooonnect.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btcooonnect\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//btcooonnect.weebly.com"; flow:to_server,established; http.header; content:"btcooonnect.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname bt1business.weebly.com"; dns.query; content:"bt1business.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt1business\.weebly\.com$/i"; classtype:trojan-activity; sid:37176191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname bt1business.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| bt1business.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt1business\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//bt1business.weebly.com"; flow:to_server,established; http.header; content:"bt1business.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname bt-100684.weeblysite.com"; dns.query; content:"bt-100684.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-100684\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37176221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname bt-100684.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-100684.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-100684\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//bt-100684.weeblysite.com"; flow:to_server,established; http.header; content:"bt-100684.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname beynedidier90.wixsite.com"; dns.query; content:"beynedidier90.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beynedidier90\.wixsite\.com$/i"; classtype:trojan-activity; sid:37176251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname beynedidier90.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| beynedidier90.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beynedidier90\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//beynedidier90.wixsite.com/my-site-1"; flow:to_server,established; http.header; content:"beynedidier90.wixsite.com"; fast_pattern; nocase; http.uri; content:"/my-site-1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname b.3656240203.xyz"; dns.query; content:"b.3656240203.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b\.3656240203\.xyz$/i"; classtype:trojan-activity; sid:37176281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname b.3656240203.xyz"; flow:to_server,established; http.header; content: "Host|3a| b.3656240203.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b\.3656240203\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//b.3656240203.xyz"; flow:to_server,established; http.header; content:"b.3656240203.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname b04328.com"; dns.query; content:"b04328.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b04328\.com$/i"; classtype:trojan-activity; sid:37176311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname b04328.com"; flow:to_server,established; http.header; content: "Host|3a| b04328.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b04328\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//b04328.com"; flow:to_server,established; http.header; content:"b04328.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname attt-106148.weeblysite.com"; dns.query; content:"attt-106148.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attt\-106148\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37176341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname attt-106148.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| attt-106148.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attt\-106148\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//attt-106148.weeblysite.com"; flow:to_server,established; http.header; content:"attt-106148.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname attinc-101356.weeblysite.com"; dns.query; content:"attinc-101356.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attinc\-101356\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37176371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname attinc-101356.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| attinc-101356.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attinc\-101356\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//attinc-101356.weeblysite.com"; flow:to_server,established; http.header; content:"attinc-101356.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname attnetwor.weebly.com"; dns.query; content:"attnetwor.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attnetwor\.weebly\.com$/i"; classtype:trojan-activity; sid:37176401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname attnetwor.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| attnetwor.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attnetwor\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//attnetwor.weebly.com"; flow:to_server,established; http.header; content:"attnetwor.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname att-109675.weeblysite.com"; dns.query; content:"att-109675.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-109675\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37176431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname att-109675.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-109675.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-109675\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//att-109675.weeblysite.com"; flow:to_server,established; http.header; content:"att-109675.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname att-107283.weeblysite.com"; dns.query; content:"att-107283.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-107283\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37176461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname att-107283.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-107283.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-107283\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//att-107283.weeblysite.com"; flow:to_server,established; http.header; content:"att-107283.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname att-105664.weeblysite.com"; dns.query; content:"att-105664.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-105664\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37176491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname att-105664.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-105664.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-105664\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//att-105664.weeblysite.com"; flow:to_server,established; http.header; content:"att-105664.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname att-101190.weeblysite.com"; dns.query; content:"att-101190.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-101190\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37176521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname att-101190.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-101190.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-101190\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//att-101190.weeblysite.com"; flow:to_server,established; http.header; content:"att-101190.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname att-100552.weeblysite.com"; dns.query; content:"att-100552.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-100552\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37176551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname att-100552.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-100552.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-100552\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//att-100552.weeblysite.com"; flow:to_server,established; http.header; content:"att-100552.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname arachuuqoub.terbaru-2023.com"; dns.query; content:"arachuuqoub.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arachuuqoub\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37176581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname arachuuqoub.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| arachuuqoub.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arachuuqoub\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//arachuuqoub.terbaru-2023.com"; flow:to_server,established; http.header; content:"arachuuqoub.terbaru-2023.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 99553-99553.com"; dns.query; content:"99553-99553.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])99553\-99553\.com$/i"; classtype:trojan-activity; sid:37176611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 99553-99553.com"; flow:to_server,established; http.header; content: "Host|3a| 99553-99553.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])99553\-99553\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//99553-99553.com"; flow:to_server,established; http.header; content:"99553-99553.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 995535.vip"; dns.query; content:"995535.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])995535\.vip$/i"; classtype:trojan-activity; sid:37176641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 995535.vip"; flow:to_server,established; http.header; content: "Host|3a| 995535.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])995535\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//995535.vip"; flow:to_server,established; http.header; content:"995535.vip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cf-onedrive.hatu.workers.dev"; dns.query; content:"cf-onedrive.hatu.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cf\-onedrive\.hatu\.workers\.dev$/i"; classtype:trojan-activity; sid:37176671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cf-onedrive.hatu.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cf-onedrive.hatu.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cf\-onedrive\.hatu\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname tgadminuser.jqrjob.com"; dns.query; content:"tgadminuser.jqrjob.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.jqrjob\.com$/i"; classtype:trojan-activity; sid:37176701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname tgadminuser.jqrjob.com"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.jqrjob.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.jqrjob\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 0ggafk.com"; dns.query; content:"0ggafk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0ggafk\.com$/i"; classtype:trojan-activity; sid:37176731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 0ggafk.com"; flow:to_server,established; http.header; content: "Host|3a| 0ggafk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0ggafk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//0ggafk.com/"; flow:to_server,established; http.header; content:"0ggafk.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname jawatankosong.sumber-inportal.my.id"; dns.query; content:"jawatankosong.sumber-inportal.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jawatankosong\.sumber\-inportal\.my\.id$/i"; classtype:trojan-activity; sid:37176761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname jawatankosong.sumber-inportal.my.id"; flow:to_server,established; http.header; content: "Host|3a| jawatankosong.sumber-inportal.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jawatankosong\.sumber\-inportal\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 04323b.com"; dns.query; content:"04323b.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])04323b\.com$/i"; classtype:trojan-activity; sid:37176791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 04323b.com"; flow:to_server,established; http.header; content: "Host|3a| 04323b.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])04323b\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//04323b.com"; flow:to_server,established; http.header; content:"04323b.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 3th-qc-e-i2-w4qj-i74-ol-td9wlkg-o.vercel.app"; dns.query; content:"3th-qc-e-i2-w4qj-i74-ol-td9wlkg-o.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3th\-qc\-e\-i2\-w4qj\-i74\-ol\-td9wlkg\-o\.vercel\.app$/i"; classtype:trojan-activity; sid:37176821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 3th-qc-e-i2-w4qj-i74-ol-td9wlkg-o.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| 3th-qc-e-i2-w4qj-i74-ol-td9wlkg-o.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3th\-qc\-e\-i2\-w4qj\-i74\-ol\-td9wlkg\-o\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//3th-qc-e-i2-w4qj-i74-ol-td9wlkg-o.vercel.app"; flow:to_server,established; http.header; content:"3th-qc-e-i2-w4qj-i74-ol-td9wlkg-o.vercel.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname wx8.xyz"; dns.query; content:"wx8.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wx8\.xyz$/i"; classtype:trojan-activity; sid:37176851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname wx8.xyz"; flow:to_server,established; http.header; content: "Host|3a| wx8.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wx8\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//wx8.xyz"; flow:to_server,established; http.header; content:"wx8.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname iadencepteislemler.app"; dns.query; content:"iadencepteislemler.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iadencepteislemler\.app$/i"; classtype:trojan-activity; sid:37176881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname iadencepteislemler.app"; flow:to_server,established; http.header; content: "Host|3a| iadencepteislemler.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iadencepteislemler\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//iadencepteislemler.app"; flow:to_server,established; http.header; content:"iadencepteislemler.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname bloquepagos.com"; dns.query; content:"bloquepagos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bloquepagos\.com$/i"; classtype:trojan-activity; sid:37176911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname bloquepagos.com"; flow:to_server,established; http.header; content: "Host|3a| bloquepagos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bloquepagos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//bloquepagos.com"; flow:to_server,established; http.header; content:"bloquepagos.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname islemlergirisgovtrportal.app"; dns.query; content:"islemlergirisgovtrportal.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])islemlergirisgovtrportal\.app$/i"; classtype:trojan-activity; sid:37176941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname islemlergirisgovtrportal.app"; flow:to_server,established; http.header; content: "Host|3a| islemlergirisgovtrportal.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])islemlergirisgovtrportal\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//islemlergirisgovtrportal.app"; flow:to_server,established; http.header; content:"islemlergirisgovtrportal.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37176951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname pub-1219515ffb7d4e5aae720b520e5d45e8.r2.dev"; dns.query; content:"pub-1219515ffb7d4e5aae720b520e5d45e8.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-1219515ffb7d4e5aae720b520e5d45e8\.r2\.dev$/i"; classtype:trojan-activity; sid:37176971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname pub-1219515ffb7d4e5aae720b520e5d45e8.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-1219515ffb7d4e5aae720b520e5d45e8.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-1219515ffb7d4e5aae720b520e5d45e8\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37176972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname e-finance-postfinance-vlogin.pinturasvitorpisco.pt"; dns.query; content:"e-finance-postfinance-vlogin.pinturasvitorpisco.pt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e\-finance\-postfinance\-vlogin\.pinturasvitorpisco\.pt$/i"; classtype:trojan-activity; sid:37177001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname e-finance-postfinance-vlogin.pinturasvitorpisco.pt"; flow:to_server,established; http.header; content: "Host|3a| e-finance-postfinance-vlogin.pinturasvitorpisco.pt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e\-finance\-postfinance\-vlogin\.pinturasvitorpisco\.pt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 98488.pages.dev"; dns.query; content:"98488.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])98488\.pages\.dev$/i"; classtype:trojan-activity; sid:37177031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 98488.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 98488.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])98488\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//98488.pages.dev"; flow:to_server,established; http.header; content:"98488.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37177041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname ia601307.us.archive.org"; dns.query; content:"ia601307.us.archive.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ia601307\.us\.archive\.org$/i"; classtype:trojan-activity; sid:37177061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname ia601307.us.archive.org"; flow:to_server,established; http.header; content: "Host|3a| ia601307.us.archive.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ia601307\.us\.archive\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname lnk.to"; dns.query; content:"lnk.to"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnk\.to$/i"; classtype:trojan-activity; sid:37177091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname lnk.to"; flow:to_server,established; http.header; content: "Host|3a| lnk.to"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnk\.to[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname post-sendung.tutdomen.com"; dns.query; content:"post-sendung.tutdomen.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])post\-sendung\.tutdomen\.com$/i"; classtype:trojan-activity; sid:37177121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname post-sendung.tutdomen.com"; flow:to_server,established; http.header; content: "Host|3a| post-sendung.tutdomen.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])post\-sendung\.tutdomen\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname dzswisspassdomainch.web.app"; dns.query; content:"dzswisspassdomainch.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dzswisspassdomainch\.web\.app$/i"; classtype:trojan-activity; sid:37177151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname dzswisspassdomainch.web.app"; flow:to_server,established; http.header; content: "Host|3a| dzswisspassdomainch.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dzswisspassdomainch\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname rabxbangla.com"; dns.query; content:"rabxbangla.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rabxbangla\.com$/i"; classtype:trojan-activity; sid:37177181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname rabxbangla.com"; flow:to_server,established; http.header; content: "Host|3a| rabxbangla.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rabxbangla\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname sqgvqsxawa.blogspot.com"; dns.query; content:"sqgvqsxawa.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sqgvqsxawa\.blogspot\.com$/i"; classtype:trojan-activity; sid:37177211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname sqgvqsxawa.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| sqgvqsxawa.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sqgvqsxawa\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname app.funnel-preview.com"; dns.query; content:"app.funnel-preview.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])app\.funnel\-preview\.com$/i"; classtype:trojan-activity; sid:37177241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname app.funnel-preview.com"; flow:to_server,established; http.header; content: "Host|3a| app.funnel-preview.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])app\.funnel\-preview\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname start4vps.com"; dns.query; content:"start4vps.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])start4vps\.com$/i"; classtype:trojan-activity; sid:37177271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname start4vps.com"; flow:to_server,established; http.header; content: "Host|3a| start4vps.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])start4vps\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname xao.cra.mybluehost.me"; dns.query; content:"xao.cra.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xao\.cra\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37177301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname xao.cra.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| xao.cra.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xao\.cra\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname olinpozsen-dort.com"; dns.query; content:"olinpozsen-dort.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])olinpozsen\-dort\.com$/i"; classtype:trojan-activity; sid:37177331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname olinpozsen-dort.com"; flow:to_server,established; http.header; content: "Host|3a| olinpozsen-dort.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])olinpozsen\-dort\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//olinpozsen-dort.com/"; flow:to_server,established; http.header; content:"olinpozsen-dort.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37177341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname sbonlinegruppesch.com"; dns.query; content:"sbonlinegruppesch.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbonlinegruppesch\.com$/i"; classtype:trojan-activity; sid:37177361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname sbonlinegruppesch.com"; flow:to_server,established; http.header; content: "Host|3a| sbonlinegruppesch.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbonlinegruppesch\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname vd6ky0gpver5z-1324239560.cos.na-ashburn.myqcloud.com"; dns.query; content:"vd6ky0gpver5z-1324239560.cos.na-ashburn.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vd6ky0gpver5z\-1324239560\.cos\.na\-ashburn\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37177391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname vd6ky0gpver5z-1324239560.cos.na-ashburn.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| vd6ky0gpver5z-1324239560.cos.na-ashburn.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vd6ky0gpver5z\-1324239560\.cos\.na\-ashburn\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname pgkocwg7nxnqq-1324239560.cos.na-ashburn.myqcloud.com"; dns.query; content:"pgkocwg7nxnqq-1324239560.cos.na-ashburn.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pgkocwg7nxnqq\-1324239560\.cos\.na\-ashburn\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37177421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname pgkocwg7nxnqq-1324239560.cos.na-ashburn.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| pgkocwg7nxnqq-1324239560.cos.na-ashburn.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pgkocwg7nxnqq\-1324239560\.cos\.na\-ashburn\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname open-live-room-vvip.private-vvip.my.id"; dns.query; content:"open-live-room-vvip.private-vvip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])open\-live\-room\-vvip\.private\-vvip\.my\.id$/i"; classtype:trojan-activity; sid:37177451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname open-live-room-vvip.private-vvip.my.id"; flow:to_server,established; http.header; content: "Host|3a| open-live-room-vvip.private-vvip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])open\-live\-room\-vvip\.private\-vvip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//open-live-room-vvip.private-vvip.my.id/"; flow:to_server,established; http.header; content:"open-live-room-vvip.private-vvip.my.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37177461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname mprtn-ete-pgp-protect.vercel.app"; dns.query; content:"mprtn-ete-pgp-protect.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mprtn\-ete\-pgp\-protect\.vercel\.app$/i"; classtype:trojan-activity; sid:37177481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname mprtn-ete-pgp-protect.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| mprtn-ete-pgp-protect.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mprtn\-ete\-pgp\-protect\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname paikaribaba.com"; dns.query; content:"paikaribaba.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])paikaribaba\.com$/i"; classtype:trojan-activity; sid:37177511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname paikaribaba.com"; flow:to_server,established; http.header; content: "Host|3a| paikaribaba.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])paikaribaba\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname misdept.desmarkpremio.com"; dns.query; content:"misdept.desmarkpremio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])misdept\.desmarkpremio\.com$/i"; classtype:trojan-activity; sid:37177541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname misdept.desmarkpremio.com"; flow:to_server,established; http.header; content: "Host|3a| misdept.desmarkpremio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])misdept\.desmarkpremio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname qsdqs50dqs.blogspot.com"; dns.query; content:"qsdqs50dqs.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qsdqs50dqs\.blogspot\.com$/i"; classtype:trojan-activity; sid:37177571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname qsdqs50dqs.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| qsdqs50dqs.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qsdqs50dqs\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname vsqvq0s0v.blogspot.com"; dns.query; content:"vsqvq0s0v.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vsqvq0s0v\.blogspot\.com$/i"; classtype:trojan-activity; sid:37177601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname vsqvq0s0v.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| vsqvq0s0v.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vsqvq0s0v\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname vlamisgna.blogspot.com"; dns.query; content:"vlamisgna.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vlamisgna\.blogspot\.com$/i"; classtype:trojan-activity; sid:37177631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname vlamisgna.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| vlamisgna.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vlamisgna\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname aa00a0a.blogspot.com"; dns.query; content:"aa00a0a.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aa00a0a\.blogspot\.com$/i"; classtype:trojan-activity; sid:37177661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname aa00a0a.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| aa00a0a.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aa00a0a\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname zxca60.blogspot.com"; dns.query; content:"zxca60.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zxca60\.blogspot\.com$/i"; classtype:trojan-activity; sid:37177691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname zxca60.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| zxca60.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zxca60\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname qsgqsdf0.blogspot.com"; dns.query; content:"qsgqsdf0.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qsgqsdf0\.blogspot\.com$/i"; classtype:trojan-activity; sid:37177721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname qsgqsdf0.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| qsgqsdf0.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qsgqsdf0\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 08524.kayci-music.com"; dns.query; content:"08524.kayci-music.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])08524\.kayci\-music\.com$/i"; classtype:trojan-activity; sid:37177751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 08524.kayci-music.com"; flow:to_server,established; http.header; content: "Host|3a| 08524.kayci-music.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])08524\.kayci\-music\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//08524.kayci-music.com/ss/"; flow:to_server,established; http.header; content:"08524.kayci-music.com"; fast_pattern; nocase; http.uri; content:"/ss/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37177761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname wwdza1.blogspot.com"; dns.query; content:"wwdza1.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wwdza1\.blogspot\.com$/i"; classtype:trojan-activity; sid:37177781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname wwdza1.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| wwdza1.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wwdza1\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname debix-gesperrt-app-3ds.codeanyapp.com"; dns.query; content:"debix-gesperrt-app-3ds.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])debix\-gesperrt\-app\-3ds\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37177811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname debix-gesperrt-app-3ds.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| debix-gesperrt-app-3ds.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])debix\-gesperrt\-app\-3ds\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname vwr.geg.mybluehost.me"; dns.query; content:"vwr.geg.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwr\.geg\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37177841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname vwr.geg.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| vwr.geg.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwr\.geg\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname info.neu.planen.lieferung.4-232-168-112.cprapid.com"; dns.query; content:"info.neu.planen.lieferung.4-232-168-112.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])info\.neu\.planen\.lieferung\.4\-232\-168\-112\.cprapid\.com$/i"; classtype:trojan-activity; sid:37177871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname info.neu.planen.lieferung.4-232-168-112.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a| info.neu.planen.lieferung.4-232-168-112.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])info\.neu\.planen\.lieferung\.4\-232\-168\-112\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname unstapay.sa.com"; dns.query; content:"unstapay.sa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unstapay\.sa\.com$/i"; classtype:trojan-activity; sid:37177901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname unstapay.sa.com"; flow:to_server,established; http.header; content: "Host|3a| unstapay.sa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unstapay\.sa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname du-quickpay.org"; dns.query; content:"du-quickpay.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])du\-quickpay\.org$/i"; classtype:trojan-activity; sid:37177931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname du-quickpay.org"; flow:to_server,established; http.header; content: "Host|3a| du-quickpay.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])du\-quickpay\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//du-quickpay.org"; flow:to_server,established; http.header; content:"du-quickpay.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37177941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname durecido.com"; dns.query; content:"durecido.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])durecido\.com$/i"; classtype:trojan-activity; sid:37177961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname durecido.com"; flow:to_server,established; http.header; content: "Host|3a| durecido.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])durecido\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//durecido.com"; flow:to_server,established; http.header; content:"durecido.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37177971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname gfhgu.pages.dev"; dns.query; content:"gfhgu.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gfhgu\.pages\.dev$/i"; classtype:trojan-activity; sid:37177991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname gfhgu.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gfhgu.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gfhgu\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37177992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//gfhgu.pages.dev"; flow:to_server,established; http.header; content:"gfhgu.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname hjp.pages.dev"; dns.query; content:"hjp.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hjp\.pages\.dev$/i"; classtype:trojan-activity; sid:37178021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname hjp.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hjp.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hjp\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//hjp.pages.dev"; flow:to_server,established; http.header; content:"hjp.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname mmpsw.pages.dev"; dns.query; content:"mmpsw.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mmpsw\.pages\.dev$/i"; classtype:trojan-activity; sid:37178051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname mmpsw.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| mmpsw.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mmpsw\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//mmpsw.pages.dev"; flow:to_server,established; http.header; content:"mmpsw.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname dzioi.pages.dev"; dns.query; content:"dzioi.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dzioi\.pages\.dev$/i"; classtype:trojan-activity; sid:37178081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname dzioi.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dzioi.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dzioi\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//dzioi.pages.dev"; flow:to_server,established; http.header; content:"dzioi.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname contactmynewviptelegram.pages.dev"; dns.query; content:"contactmynewviptelegram.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])contactmynewviptelegram\.pages\.dev$/i"; classtype:trojan-activity; sid:37178111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname contactmynewviptelegram.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| contactmynewviptelegram.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])contactmynewviptelegram\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//contactmynewviptelegram.pages.dev"; flow:to_server,established; http.header; content:"contactmynewviptelegram.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname jhm99.icu"; dns.query; content:"jhm99.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhm99\.icu$/i"; classtype:trojan-activity; sid:37178141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname jhm99.icu"; flow:to_server,established; http.header; content: "Host|3a| jhm99.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhm99\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//jhm99.icu"; flow:to_server,established; http.header; content:"jhm99.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname upsbb.pages.dev"; dns.query; content:"upsbb.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upsbb\.pages\.dev$/i"; classtype:trojan-activity; sid:37178171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname upsbb.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| upsbb.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upsbb\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//upsbb.pages.dev"; flow:to_server,established; http.header; content:"upsbb.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname d5443.top"; dns.query; content:"d5443.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d5443\.top$/i"; classtype:trojan-activity; sid:37178201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname d5443.top"; flow:to_server,established; http.header; content: "Host|3a| d5443.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d5443\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//d5443.top"; flow:to_server,established; http.header; content:"d5443.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname b7721.top"; dns.query; content:"b7721.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b7721\.top$/i"; classtype:trojan-activity; sid:37178231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname b7721.top"; flow:to_server,established; http.header; content: "Host|3a| b7721.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b7721\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//b7721.top"; flow:to_server,established; http.header; content:"b7721.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname yeniy41.top"; dns.query; content:"yeniy41.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy41\.top$/i"; classtype:trojan-activity; sid:37178261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname yeniy41.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy41.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy41\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//yeniy41.top"; flow:to_server,established; http.header; content:"yeniy41.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 669b.cyou"; dns.query; content:"669b.cyou"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])669b\.cyou$/i"; classtype:trojan-activity; sid:37178291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 669b.cyou"; flow:to_server,established; http.header; content: "Host|3a| 669b.cyou"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])669b\.cyou[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//669b.cyou"; flow:to_server,established; http.header; content:"669b.cyou"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname webislemlerimgiris.app"; dns.query; content:"webislemlerimgiris.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webislemlerimgiris\.app$/i"; classtype:trojan-activity; sid:37178321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname webislemlerimgiris.app"; flow:to_server,established; http.header; content: "Host|3a| webislemlerimgiris.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webislemlerimgiris\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//webislemlerimgiris.app"; flow:to_server,established; http.header; content:"webislemlerimgiris.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname lucky-fire.qulakecy.workers.dev"; dns.query; content:"lucky-fire.qulakecy.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucky\-fire\.qulakecy\.workers\.dev$/i"; classtype:trojan-activity; sid:37178351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname lucky-fire.qulakecy.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| lucky-fire.qulakecy.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucky\-fire\.qulakecy\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname tg.telegarm-oe.top"; dns.query; content:"tg.telegarm-oe.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-oe\.top$/i"; classtype:trojan-activity; sid:37178381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname tg.telegarm-oe.top"; flow:to_server,established; http.header; content: "Host|3a| tg.telegarm-oe.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-oe\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//tg.telegarm-oe.top/"; flow:to_server,established; http.header; content:"tg.telegarm-oe.top"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname e7zoc6og8mooe-1324239560.cos.na-siliconvalley.myqcloud.com"; dns.query; content:"e7zoc6og8mooe-1324239560.cos.na-siliconvalley.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e7zoc6og8mooe\-1324239560\.cos\.na\-siliconvalley\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37178411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname e7zoc6og8mooe-1324239560.cos.na-siliconvalley.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| e7zoc6og8mooe-1324239560.cos.na-siliconvalley.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e7zoc6og8mooe\-1324239560\.cos\.na\-siliconvalley\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telegrmsn.club"; dns.query; content:"telegrmsn.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmsn\.club$/i"; classtype:trojan-activity; sid:37178441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telegrmsn.club"; flow:to_server,established; http.header; content: "Host|3a| telegrmsn.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmsn\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telegrmsn.club/"; flow:to_server,established; http.header; content:"telegrmsn.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telegrmsn.bond"; dns.query; content:"telegrmsn.bond"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmsn\.bond$/i"; classtype:trojan-activity; sid:37178471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telegrmsn.bond"; flow:to_server,established; http.header; content: "Host|3a| telegrmsn.bond"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmsn\.bond[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telegrmsn.bond/"; flow:to_server,established; http.header; content:"telegrmsn.bond"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telegrmsn.icu"; dns.query; content:"telegrmsn.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmsn\.icu$/i"; classtype:trojan-activity; sid:37178501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telegrmsn.icu"; flow:to_server,established; http.header; content: "Host|3a| telegrmsn.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmsn\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telegrmsn.icu/"; flow:to_server,established; http.header; content:"telegrmsn.icu"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telegrim.org"; dns.query; content:"telegrim.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrim\.org$/i"; classtype:trojan-activity; sid:37178531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telegrim.org"; flow:to_server,established; http.header; content: "Host|3a| telegrim.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrim\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telegrim.org/"; flow:to_server,established; http.header; content:"telegrim.org"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname imtoken-bf.tel"; dns.query; content:"imtoken-bf.tel"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bf\.tel$/i"; classtype:trojan-activity; sid:37178561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname imtoken-bf.tel"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bf.tel"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bf\.tel[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//imtoken-bf.tel"; flow:to_server,established; http.header; content:"imtoken-bf.tel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname arbdoge-ai.pages.dev"; dns.query; content:"arbdoge-ai.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arbdoge\-ai\.pages\.dev$/i"; classtype:trojan-activity; sid:37178591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname arbdoge-ai.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| arbdoge-ai.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arbdoge\-ai\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//arbdoge-ai.pages.dev"; flow:to_server,established; http.header; content:"arbdoge-ai.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname meta001.pages.dev"; dns.query; content:"meta001.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meta001\.pages\.dev$/i"; classtype:trojan-activity; sid:37178621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname meta001.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| meta001.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meta001\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//meta001.pages.dev"; flow:to_server,established; http.header; content:"meta001.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname brandymorgon69.pages.dev"; dns.query; content:"brandymorgon69.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brandymorgon69\.pages\.dev$/i"; classtype:trojan-activity; sid:37178651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname brandymorgon69.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| brandymorgon69.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brandymorgon69\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//brandymorgon69.pages.dev"; flow:to_server,established; http.header; content:"brandymorgon69.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname gut.pages.dev"; dns.query; content:"gut.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gut\.pages\.dev$/i"; classtype:trojan-activity; sid:37178681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname gut.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gut.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gut\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//gut.pages.dev"; flow:to_server,established; http.header; content:"gut.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname sbbkonto.sviluppo.host"; dns.query; content:"sbbkonto.sviluppo.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbbkonto\.sviluppo\.host$/i"; classtype:trojan-activity; sid:37178741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname sbbkonto.sviluppo.host"; flow:to_server,established; http.header; content: "Host|3a| sbbkonto.sviluppo.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbbkonto\.sviluppo\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname yhgh.pages.dev"; dns.query; content:"yhgh.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yhgh\.pages\.dev$/i"; classtype:trojan-activity; sid:37178771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname yhgh.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yhgh.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yhgh\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//yhgh.pages.dev"; flow:to_server,established; http.header; content:"yhgh.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname islemlerwebgiris.app"; dns.query; content:"islemlerwebgiris.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])islemlerwebgiris\.app$/i"; classtype:trojan-activity; sid:37178801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname islemlerwebgiris.app"; flow:to_server,established; http.header; content: "Host|3a| islemlerwebgiris.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])islemlerwebgiris\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//islemlerwebgiris.app"; flow:to_server,established; http.header; content:"islemlerwebgiris.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37178831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37178861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname one.neri.eu.org"; dns.query; content:"one.neri.eu.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])one\.neri\.eu\.org$/i"; classtype:trojan-activity; sid:37178891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname one.neri.eu.org"; flow:to_server,established; http.header; content: "Host|3a| one.neri.eu.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])one\.neri\.eu\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//one.neri.eu.org/"; flow:to_server,established; http.header; content:"one.neri.eu.org"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname imtoken-bf.biz"; dns.query; content:"imtoken-bf.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bf\.biz$/i"; classtype:trojan-activity; sid:37178921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname imtoken-bf.biz"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bf.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bf\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//imtoken-bf.biz"; flow:to_server,established; http.header; content:"imtoken-bf.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname muddy-moon-71b4.soznvztbmy1542.workers.dev"; dns.query; content:"muddy-moon-71b4.soznvztbmy1542.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])muddy\-moon\-71b4\.soznvztbmy1542\.workers\.dev$/i"; classtype:trojan-activity; sid:37178951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname muddy-moon-71b4.soznvztbmy1542.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| muddy-moon-71b4.soznvztbmy1542.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])muddy\-moon\-71b4\.soznvztbmy1542\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//muddy-moon-71b4.soznvztbmy1542.workers.dev"; flow:to_server,established; http.header; content:"muddy-moon-71b4.soznvztbmy1542.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname ohvgo.pages.dev"; dns.query; content:"ohvgo.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ohvgo\.pages\.dev$/i"; classtype:trojan-activity; sid:37178981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname ohvgo.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ohvgo.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ohvgo\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37178982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//ohvgo.pages.dev"; flow:to_server,established; http.header; content:"ohvgo.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37178991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname ae593bbe86d4a47523319499913e99e4.loophole.site"; dns.query; content:"ae593bbe86d4a47523319499913e99e4.loophole.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ae593bbe86d4a47523319499913e99e4\.loophole\.site$/i"; classtype:trojan-activity; sid:37179011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname ae593bbe86d4a47523319499913e99e4.loophole.site"; flow:to_server,established; http.header; content: "Host|3a| ae593bbe86d4a47523319499913e99e4.loophole.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ae593bbe86d4a47523319499913e99e4\.loophole\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//ae593bbe86d4a47523319499913e99e4.loophole.site"; flow:to_server,established; http.header; content:"ae593bbe86d4a47523319499913e99e4.loophole.site"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname brandy-morgon-sexy.pages.dev"; dns.query; content:"brandy-morgon-sexy.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brandy\-morgon\-sexy\.pages\.dev$/i"; classtype:trojan-activity; sid:37179041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname brandy-morgon-sexy.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| brandy-morgon-sexy.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brandy\-morgon\-sexy\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//brandy-morgon-sexy.pages.dev"; flow:to_server,established; http.header; content:"brandy-morgon-sexy.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname e-devlet-iademerkezonline.pt"; dns.query; content:"e-devlet-iademerkezonline.pt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e\-devlet\-iademerkezonline\.pt$/i"; classtype:trojan-activity; sid:37179071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname e-devlet-iademerkezonline.pt"; flow:to_server,established; http.header; content: "Host|3a| e-devlet-iademerkezonline.pt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e\-devlet\-iademerkezonline\.pt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//e-devlet-iademerkezonline.pt"; flow:to_server,established; http.header; content:"e-devlet-iademerkezonline.pt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telegramsex21new.pages.dev"; dns.query; content:"telegramsex21new.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsex21new\.pages\.dev$/i"; classtype:trojan-activity; sid:37179101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telegramsex21new.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramsex21new.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsex21new\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telegramsex21new.pages.dev"; flow:to_server,established; http.header; content:"telegramsex21new.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telegram21sexxnew.pages.dev"; dns.query; content:"telegram21sexxnew.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram21sexxnew\.pages\.dev$/i"; classtype:trojan-activity; sid:37179131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telegram21sexxnew.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegram21sexxnew.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram21sexxnew\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telegram21sexxnew.pages.dev"; flow:to_server,established; http.header; content:"telegram21sexxnew.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname xco.rwz.mybluehost.me"; dns.query; content:"xco.rwz.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xco\.rwz\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37179161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname xco.rwz.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| xco.rwz.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xco\.rwz\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//xco.rwz.mybluehost.me/us/contracts/contract"; flow:to_server,established; http.header; content:"xco.rwz.mybluehost.me"; fast_pattern; nocase; http.uri; content:"/us/contracts/contract"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspz.uspsac.top"; dns.query; content:"uspz.uspsac.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsac\.top$/i"; classtype:trojan-activity; sid:37179191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspz.uspsac.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsac.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsac\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//uspz.uspsac.top"; flow:to_server,established; http.header; content:"uspz.uspsac.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.posthelpnj.top"; dns.query; content:"usps.posthelpnj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.posthelpnj\.top$/i"; classtype:trojan-activity; sid:37179221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.posthelpnj.top"; flow:to_server,established; http.header; content: "Host|3a| usps.posthelpnj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.posthelpnj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.posthelpnj.top"; flow:to_server,established; http.header; content:"usps.posthelpnj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usps.packfollow-serve.top"; dns.query; content:"usps.packfollow-serve.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.packfollow\-serve\.top$/i"; classtype:trojan-activity; sid:37179251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usps.packfollow-serve.top"; flow:to_server,established; http.header; content: "Host|3a| usps.packfollow-serve.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.packfollow\-serve\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//usps.packfollow-serve.top"; flow:to_server,established; http.header; content:"usps.packfollow-serve.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname tracking-pack-uspsa.com"; dns.query; content:"tracking-pack-uspsa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-pack\-uspsa\.com$/i"; classtype:trojan-activity; sid:37179281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname tracking-pack-uspsa.com"; flow:to_server,established; http.header; content: "Host|3a| tracking-pack-uspsa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-pack\-uspsa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//tracking-pack-uspsa.com"; flow:to_server,established; http.header; content:"tracking-pack-uspsa.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname xs-bwx.pages.dev"; dns.query; content:"xs-bwx.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xs\-bwx\.pages\.dev$/i"; classtype:trojan-activity; sid:37179311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname xs-bwx.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| xs-bwx.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xs\-bwx\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//xs-bwx.pages.dev"; flow:to_server,established; http.header; content:"xs-bwx.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telstra-103688.weeblysite.com"; dns.query; content:"telstra-103688.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-103688\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37179341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telstra-103688.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-103688.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-103688\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//telstra-103688.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-103688.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37179351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 3656z.net"; dns.query; content:"3656z.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656z\.net$/i"; classtype:trojan-activity; sid:37179371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 3656z.net"; flow:to_server,established; http.header; content: "Host|3a| 3656z.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656z\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname wild-river-5c17.sparkymumm6234.workers.dev"; dns.query; content:"wild-river-5c17.sparkymumm6234.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wild\-river\-5c17\.sparkymumm6234\.workers\.dev$/i"; classtype:trojan-activity; sid:37179401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname wild-river-5c17.sparkymumm6234.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wild-river-5c17.sparkymumm6234.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wild\-river\-5c17\.sparkymumm6234\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname ussp.uspjj.top"; dns.query; content:"ussp.uspjj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.uspjj\.top$/i"; classtype:trojan-activity; sid:37179431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname ussp.uspjj.top"; flow:to_server,established; http.header; content: "Host|3a| ussp.uspjj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.uspjj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usq.usspix.top"; dns.query; content:"usq.usspix.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usq\.usspix\.top$/i"; classtype:trojan-activity; sid:37179461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usq.usspix.top"; flow:to_server,established; http.header; content: "Host|3a| usq.usspix.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usq\.usspix\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspz.usspks.top"; dns.query; content:"uspz.usspks.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspks\.top$/i"; classtype:trojan-activity; sid:37179491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspz.usspks.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspks.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspks\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspz.usspjv.top"; dns.query; content:"uspz.usspjv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjv\.top$/i"; classtype:trojan-activity; sid:37179521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspz.usspjv.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspjv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspz.usspjr.top"; dns.query; content:"uspz.usspjr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjr\.top$/i"; classtype:trojan-activity; sid:37179551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspz.usspjr.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspjr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspz.usspjo.top"; dns.query; content:"uspz.usspjo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjo\.top$/i"; classtype:trojan-activity; sid:37179581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspz.usspjo.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspjo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.ussppq.top"; dns.query; content:"usp.ussppq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppq\.top$/i"; classtype:trojan-activity; sid:37179611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.ussppq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.ussppo.top"; dns.query; content:"usp.ussppo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppo\.top$/i"; classtype:trojan-activity; sid:37179641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.ussppo.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.usspvg.top"; dns.query; content:"usp.usspvg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvg\.top$/i"; classtype:trojan-activity; sid:37179671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.usspvg.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.usspkg.top"; dns.query; content:"usp.usspkg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkg\.top$/i"; classtype:trojan-activity; sid:37179701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.usspkg.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.uspsdq.top"; dns.query; content:"usp.uspsdq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsdq\.top$/i"; classtype:trojan-activity; sid:37179731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.uspsdq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.uspsdq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsdq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.uspsdx.top"; dns.query; content:"usp.uspsdx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsdx\.top$/i"; classtype:trojan-activity; sid:37179761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.uspsdx.top"; flow:to_server,established; http.header; content: "Host|3a| usp.uspsdx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsdx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.uspscw.top"; dns.query; content:"usp.uspscw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspscw\.top$/i"; classtype:trojan-activity; sid:37179791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.uspscw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.uspscw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspscw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usp.uspscw.top"; dns.query; content:"usp.uspscw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspscw\.top$/i"; classtype:trojan-activity; sid:37179821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usp.uspscw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.uspscw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspscw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspo.usspuz.top"; dns.query; content:"uspo.usspuz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspuz\.top$/i"; classtype:trojan-activity; sid:37179851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspo.usspuz.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspuz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspuz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspsmessges.world"; dns.query; content:"uspsmessges.world"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsmessges\.world$/i"; classtype:trojan-activity; sid:37179881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspsmessges.world"; flow:to_server,established; http.header; content: "Host|3a| uspsmessges.world"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsmessges\.world[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspo.usspuz.top"; dns.query; content:"uspo.usspuz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspuz\.top$/i"; classtype:trojan-activity; sid:37179911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspo.usspuz.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspuz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspuz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspo.usspqm.top"; dns.query; content:"uspo.usspqm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspqm\.top$/i"; classtype:trojan-activity; sid:37179941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspo.usspqm.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspqm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspqm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspo.ussphw.top"; dns.query; content:"uspo.ussphw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphw\.top$/i"; classtype:trojan-activity; sid:37179971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspo.ussphw.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37179972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspo.ussphn.top"; dns.query; content:"uspo.ussphn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphn\.top$/i"; classtype:trojan-activity; sid:37180001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspo.ussphn.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspe.usspry.top"; dns.query; content:"uspe.usspry.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspry\.top$/i"; classtype:trojan-activity; sid:37180031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspe.usspry.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspry.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspry\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspe.usspqs.top"; dns.query; content:"uspe.usspqs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqs\.top$/i"; classtype:trojan-activity; sid:37180061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspe.usspqs.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspqs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspqs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspc.usspnn.top"; dns.query; content:"uspc.usspnn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspnn\.top$/i"; classtype:trojan-activity; sid:37180091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspc.usspnn.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspnn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspnn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspc.usspqu.top"; dns.query; content:"uspc.usspqu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspqu\.top$/i"; classtype:trojan-activity; sid:37180121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspc.usspqu.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspqu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspqu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspc.usspsp.top"; dns.query; content:"uspc.usspsp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspsp\.top$/i"; classtype:trojan-activity; sid:37180151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspc.usspsp.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspsp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspsp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname uspa.usspce.top"; dns.query; content:"uspa.usspce.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspa\.usspce\.top$/i"; classtype:trojan-activity; sid:37180181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname uspa.usspce.top"; flow:to_server,established; http.header; content: "Host|3a| uspa.usspce.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspa\.usspce\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname usa.usspvf.top"; dns.query; content:"usa.usspvf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usa\.usspvf\.top$/i"; classtype:trojan-activity; sid:37180211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname usa.usspvf.top"; flow:to_server,established; http.header; content: "Host|3a| usa.usspvf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usa\.usspvf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname still-meadow-66bb.3f8in8du.workers.dev"; dns.query; content:"still-meadow-66bb.3f8in8du.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])still\-meadow\-66bb\.3f8in8du\.workers\.dev$/i"; classtype:trojan-activity; sid:37180241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname still-meadow-66bb.3f8in8du.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| still-meadow-66bb.3f8in8du.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])still\-meadow\-66bb\.3f8in8du\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//still-meadow-66bb.3f8in8du.workers.dev"; flow:to_server,established; http.header; content:"still-meadow-66bb.3f8in8du.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37180251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname titiksha008.github.io"; dns.query; content:"titiksha008.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])titiksha008\.github\.io$/i"; classtype:trojan-activity; sid:37180271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname titiksha008.github.io"; flow:to_server,established; http.header; content: "Host|3a| titiksha008.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])titiksha008\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname tacking-uspst-mt.com"; dns.query; content:"tacking-uspst-mt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-mt\.com$/i"; classtype:trojan-activity; sid:37180301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname tacking-uspst-mt.com"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspst-mt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-mt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37180691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname portfolioweb-metamask.ddnss.eu"; dns.query; content:"portfolioweb-metamask.ddnss.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portfolioweb\-metamask\.ddnss\.eu$/i"; classtype:trojan-activity; sid:37180721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname portfolioweb-metamask.ddnss.eu"; flow:to_server,established; http.header; content: "Host|3a| portfolioweb-metamask.ddnss.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portfolioweb\-metamask\.ddnss\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname mmetamaskextension.godaddysites.com"; dns.query; content:"mmetamaskextension.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mmetamaskextension\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37180751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname mmetamaskextension.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| mmetamaskextension.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mmetamaskextension\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname mediafirekgmhcot.terbaru-2023.com"; dns.query; content:"mediafirekgmhcot.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafirekgmhcot\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37180781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname mediafirekgmhcot.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| mediafirekgmhcot.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediafirekgmhcot\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname marcuswinshowllcpay4dportal.pages.dev"; dns.query; content:"marcuswinshowllcpay4dportal.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marcuswinshowllcpay4dportal\.pages\.dev$/i"; classtype:trojan-activity; sid:37180811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname marcuswinshowllcpay4dportal.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| marcuswinshowllcpay4dportal.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marcuswinshowllcpay4dportal\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname liok.pages.dev"; dns.query; content:"liok.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liok\.pages\.dev$/i"; classtype:trojan-activity; sid:37180841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname liok.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| liok.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liok\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname liok.pages.dev"; dns.query; content:"liok.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liok\.pages\.dev$/i"; classtype:trojan-activity; sid:37180871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname liok.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| liok.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liok\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname joingroupiixpcmt.kembalii.my.id"; dns.query; content:"joingroupiixpcmt.kembalii.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupiixpcmt\.kembalii\.my\.id$/i"; classtype:trojan-activity; sid:37180901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname joingroupiixpcmt.kembalii.my.id"; flow:to_server,established; http.header; content: "Host|3a| joingroupiixpcmt.kembalii.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupiixpcmt\.kembalii\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname ipfs.eth.aragon.network"; dns.query; content:"ipfs.eth.aragon.network"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ipfs\.eth\.aragon\.network$/i"; classtype:trojan-activity; sid:37180931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname ipfs.eth.aragon.network"; flow:to_server,established; http.header; content: "Host|3a| ipfs.eth.aragon.network"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ipfs\.eth\.aragon\.network[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname infogard.hu"; dns.query; content:"infogard.hu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])infogard\.hu$/i"; classtype:trojan-activity; sid:37180961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname infogard.hu"; flow:to_server,established; http.header; content: "Host|3a| infogard.hu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])infogard\.hu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname grupwadofv.terbaru-2023.com"; dns.query; content:"grupwadofv.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwadofv\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37180991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname grupwadofv.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| grupwadofv.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwadofv\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37180992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname grupokep2024terbssjs.chickenkiller.com"; dns.query; content:"grupokep2024terbssjs.chickenkiller.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupokep2024terbssjs\.chickenkiller\.com$/i"; classtype:trojan-activity; sid:37181021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname grupokep2024terbssjs.chickenkiller.com"; flow:to_server,established; http.header; content: "Host|3a| grupokep2024terbssjs.chickenkiller.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupokep2024terbssjs\.chickenkiller\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname freespiinetrr8o1mx0.bpdy.biz.id"; dns.query; content:"freespiinetrr8o1mx0.bpdy.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freespiinetrr8o1mx0\.bpdy\.biz\.id$/i"; classtype:trojan-activity; sid:37181051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname freespiinetrr8o1mx0.bpdy.biz.id"; flow:to_server,established; http.header; content: "Host|3a| freespiinetrr8o1mx0.bpdy.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freespiinetrr8o1mx0\.bpdy\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname filem-livelaix3a1.terbaru-2023.com"; dns.query; content:"filem-livelaix3a1.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filem\-livelaix3a1\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:37181081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname filem-livelaix3a1.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| filem-livelaix3a1.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filem\-livelaix3a1\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname f6q4sr83rsypi-1324239560.cos.ap-mumbai.myqcloud.com"; dns.query; content:"f6q4sr83rsypi-1324239560.cos.ap-mumbai.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f6q4sr83rsypi\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37181111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname f6q4sr83rsypi-1324239560.cos.ap-mumbai.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| f6q4sr83rsypi-1324239560.cos.ap-mumbai.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f6q4sr83rsypi\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cloosud-776c.lnskeaysldoavar.workers.dev"; dns.query; content:"cloosud-776c.lnskeaysldoavar.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloosud\-776c\.lnskeaysldoavar\.workers\.dev$/i"; classtype:trojan-activity; sid:37181141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cloosud-776c.lnskeaysldoavar.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cloosud-776c.lnskeaysldoavar.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloosud\-776c\.lnskeaysldoavar\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname candid-chimera-2526c1sd.netlify.app"; dns.query; content:"candid-chimera-2526c1sd.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])candid\-chimera\-2526c1sd\.netlify\.app$/i"; classtype:trojan-activity; sid:37181201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname candid-chimera-2526c1sd.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| candid-chimera-2526c1sd.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])candid\-chimera\-2526c1sd\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname sbcglobal-100540.weeblysite.com"; dns.query; content:"sbcglobal-100540.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbcglobal\-100540\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37181231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname sbcglobal-100540.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| sbcglobal-100540.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbcglobal\-100540\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//sbcglobal-100540.weeblysite.com"; flow:to_server,established; http.header; content:"sbcglobal-100540.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37181241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname billowing-morning-f51f.kokoda1.workers.dev"; dns.query; content:"billowing-morning-f51f.kokoda1.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])billowing\-morning\-f51f\.kokoda1\.workers\.dev$/i"; classtype:trojan-activity; sid:37181261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname billowing-morning-f51f.kokoda1.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| billowing-morning-f51f.kokoda1.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])billowing\-morning\-f51f\.kokoda1\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//billowing-morning-f51f.kokoda1.workers.dev"; flow:to_server,established; http.header; content:"billowing-morning-f51f.kokoda1.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37181271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname b.365k2402062.top"; dns.query; content:"b.365k2402062.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b\.365k2402062\.top$/i"; classtype:trojan-activity; sid:37181291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname b.365k2402062.top"; flow:to_server,established; http.header; content: "Host|3a| b.365k2402062.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b\.365k2402062\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname auto24-leas.pl"; dns.query; content:"auto24-leas.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto24\-leas\.pl$/i"; classtype:trojan-activity; sid:37181321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname auto24-leas.pl"; flow:to_server,established; http.header; content: "Host|3a| auto24-leas.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto24\-leas\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname andrej-chytil.blogspot.com.cy"; dns.query; content:"andrej-chytil.blogspot.com.cy"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])andrej\-chytil\.blogspot\.com\.cy$/i"; classtype:trojan-activity; sid:37181351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname andrej-chytil.blogspot.com.cy"; flow:to_server,established; http.header; content: "Host|3a| andrej-chytil.blogspot.com.cy"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])andrej\-chytil\.blogspot\.com\.cy[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname arshiakohanteb.github.io"; dns.query; content:"arshiakohanteb.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arshiakohanteb\.github\.io$/i"; classtype:trojan-activity; sid:37181381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname arshiakohanteb.github.io"; flow:to_server,established; http.header; content: "Host|3a| arshiakohanteb.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arshiakohanteb\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname andrej-chytil.blogspot.com"; dns.query; content:"andrej-chytil.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])andrej\-chytil\.blogspot\.com$/i"; classtype:trojan-activity; sid:37181411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname andrej-chytil.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| andrej-chytil.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])andrej\-chytil\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 47usps675ps.cc"; dns.query; content:"47usps675ps.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])47usps675ps\.cc$/i"; classtype:trojan-activity; sid:37181441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 47usps675ps.cc"; flow:to_server,established; http.header; content: "Host|3a| 47usps675ps.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])47usps675ps\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname realwebyahoo.weebly.com"; dns.query; content:"realwebyahoo.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])realwebyahoo\.weebly\.com$/i"; classtype:trojan-activity; sid:37181471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname realwebyahoo.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| realwebyahoo.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])realwebyahoo\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//realwebyahoo.weebly.com"; flow:to_server,established; http.header; content:"realwebyahoo.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37181481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname nz5yvxcb47a1.orebeauxindustries.com"; dns.query; content:"nz5yvxcb47a1.orebeauxindustries.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nz5yvxcb47a1\.orebeauxindustries\.com$/i"; classtype:trojan-activity; sid:37181501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname nz5yvxcb47a1.orebeauxindustries.com"; flow:to_server,established; http.header; content: "Host|3a| nz5yvxcb47a1.orebeauxindustries.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nz5yvxcb47a1\.orebeauxindustries\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//nz5yvxcb47a1.orebeauxindustries.com/i/wsmdgssgf?url=edwardaiden.com//wal/agafdgfggf/a25jb3BlcmF0aW9uc0BvZGZsLmNvbQ=="; flow:to_server,established; http.header; content:"nz5yvxcb47a1.orebeauxindustries.com"; fast_pattern; nocase; http.uri; content:"/i/wsmdgssgf"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37181511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname mail.dwjfhfj.manttap.com"; dns.query; content:"mail.dwjfhfj.manttap.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.dwjfhfj\.manttap\.com$/i"; classtype:trojan-activity; sid:37181531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname mail.dwjfhfj.manttap.com"; flow:to_server,established; http.header; content: "Host|3a| mail.dwjfhfj.manttap.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.dwjfhfj\.manttap\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//mail.dwjfhfj.manttap.com"; flow:to_server,established; http.header; content:"mail.dwjfhfj.manttap.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37181541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname joingroupiixpcmt.kembalii.my.id"; dns.query; content:"joingroupiixpcmt.kembalii.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupiixpcmt\.kembalii\.my\.id$/i"; classtype:trojan-activity; sid:37181561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname joingroupiixpcmt.kembalii.my.id"; flow:to_server,established; http.header; content: "Host|3a| joingroupiixpcmt.kembalii.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupiixpcmt\.kembalii\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//joingroupiixpcmt.kembalii.my.id"; flow:to_server,established; http.header; content:"joingroupiixpcmt.kembalii.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37181571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37181591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37181621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37181651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37181681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37181711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37181741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37181771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37181801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37181831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37181861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37181891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37181921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37181951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37181981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37181982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cookingfood56.blogspot.com"; dns.query; content:"cookingfood56.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cookingfood56\.blogspot\.com$/i"; classtype:trojan-activity; sid:37182371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cookingfood56.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| cookingfood56.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cookingfood56\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37182461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname pedophilia.info"; dns.query; content:"pedophilia.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pedophilia\.info$/i"; classtype:trojan-activity; sid:37182491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname pedophilia.info"; flow:to_server,established; http.header; content: "Host|3a| pedophilia.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pedophilia\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//www.pedophilia.info/"; flow:to_server,established; http.header; content:"www.pedophilia.info"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37182501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname pub-a0cff6a397914a3fbee9f171ed547e3d.r2.dev"; dns.query; content:"pub-a0cff6a397914a3fbee9f171ed547e3d.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a0cff6a397914a3fbee9f171ed547e3d\.r2\.dev$/i"; classtype:trojan-activity; sid:37182521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname pub-a0cff6a397914a3fbee9f171ed547e3d.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-a0cff6a397914a3fbee9f171ed547e3d.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a0cff6a397914a3fbee9f171ed547e3d\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname office0f764f54756479d04434d518b44eeeb90f764f54756479d04434d518b.andy2557.workers.dev"; dns.query; content:"office0f764f54756479d04434d518b44eeeb90f764f54756479d04434d518b.andy2557.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])office0f764f54756479d04434d518b44eeeb90f764f54756479d04434d518b\.andy2557\.workers\.dev$/i"; classtype:trojan-activity; sid:37182551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname office0f764f54756479d04434d518b44eeeb90f764f54756479d04434d518b.andy2557.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| office0f764f54756479d04434d518b44eeeb90f764f54756479d04434d518b.andy2557.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])office0f764f54756479d04434d518b44eeeb90f764f54756479d04434d518b\.andy2557\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname mailseries24.pages.dev"; dns.query; content:"mailseries24.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailseries24\.pages\.dev$/i"; classtype:trojan-activity; sid:37182581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname mailseries24.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| mailseries24.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailseries24\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//mailseries24.pages.dev/"; flow:to_server,established; http.header; content:"mailseries24.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37182591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname news-awekmys.mythicmys.shop"; dns.query; content:"news-awekmys.mythicmys.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])news\-awekmys\.mythicmys\.shop$/i"; classtype:trojan-activity; sid:37182611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname news-awekmys.mythicmys.shop"; flow:to_server,established; http.header; content: "Host|3a| news-awekmys.mythicmys.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])news\-awekmys\.mythicmys\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname informasi-terupdate.my.id"; dns.query; content:"informasi-terupdate.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasi\-terupdate\.my\.id$/i"; classtype:trojan-activity; sid:37182641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname informasi-terupdate.my.id"; flow:to_server,established; http.header; content: "Host|3a| informasi-terupdate.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasi\-terupdate\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//informasi-terupdate.my.id/"; flow:to_server,established; http.header; content:"informasi-terupdate.my.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37182651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname openvcs-sexluncah.sumber-inportal.my.id"; dns.query; content:"openvcs-sexluncah.sumber-inportal.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])openvcs\-sexluncah\.sumber\-inportal\.my\.id$/i"; classtype:trojan-activity; sid:37182671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname openvcs-sexluncah.sumber-inportal.my.id"; flow:to_server,established; http.header; content: "Host|3a| openvcs-sexluncah.sumber-inportal.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])openvcs\-sexluncah\.sumber\-inportal\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//openvcs-sexluncah.sumber-inportal.my.id/"; flow:to_server,established; http.header; content:"openvcs-sexluncah.sumber-inportal.my.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37182681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname telegramkf.icu"; dns.query; content:"telegramkf.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramkf\.icu$/i"; classtype:trojan-activity; sid:37182701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname telegramkf.icu"; flow:to_server,established; http.header; content: "Host|3a| telegramkf.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramkf\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname adminuser.telegramkf.icu"; dns.query; content:"adminuser.telegramkf.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.telegramkf\.icu$/i"; classtype:trojan-activity; sid:37182731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname adminuser.telegramkf.icu"; flow:to_server,established; http.header; content: "Host|3a| adminuser.telegramkf.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.telegramkf\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname cookingfood56.blogspot.com.mt"; dns.query; content:"cookingfood56.blogspot.com.mt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cookingfood56\.blogspot\.com\.mt$/i"; classtype:trojan-activity; sid:37182761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname cookingfood56.blogspot.com.mt"; flow:to_server,established; http.header; content: "Host|3a| cookingfood56.blogspot.com.mt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cookingfood56\.blogspot\.com\.mt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//cookingfood56.blogspot.com.mt"; flow:to_server,established; http.header; content:"cookingfood56.blogspot.com.mt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37182771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 42.232.215.223 58826 (msg: "MISP e26157 [] Outgoing URL http|3a|//42.232.215.223|3a|58826/Mozi.m"; flow:to_server,established; http.header; content:"42.232.215.223"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 222.138.73.64 53052 (msg: "MISP e26157 [] Outgoing URL http|3a|//222.138.73.64|3a|53052/Mozi.m"; flow:to_server,established; http.header; content:"222.138.73.64"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 182.180.96.254 38598 (msg: "MISP e26157 [] Outgoing URL http|3a|//182.180.96.254|3a|38598/Mozi.m"; flow:to_server,established; http.header; content:"182.180.96.254"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 117.248.25.199 35074 (msg: "MISP e26157 [] Outgoing URL http|3a|//117.248.25.199|3a|35074/bin.sh"; flow:to_server,established; http.header; content:"117.248.25.199"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 188.251.225.180 40982 (msg: "MISP e26157 [] Outgoing URL http|3a|//188.251.225.180|3a|40982/.i"; flow:to_server,established; http.header; content:"188.251.225.180"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 120.211.71.81 53596 (msg: "MISP e26157 [] Outgoing URL http|3a|//120.211.71.81|3a|53596/i"; flow:to_server,established; http.header; content:"120.211.71.81"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 219.157.65.139 37168 (msg: "MISP e26157 [] Outgoing URL http|3a|//219.157.65.139|3a|37168/Mozi.m"; flow:to_server,established; http.header; content:"219.157.65.139"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 123.10.213.255 60284 (msg: "MISP e26157 [] Outgoing URL http|3a|//123.10.213.255|3a|60284/Mozi.m"; flow:to_server,established; http.header; content:"123.10.213.255"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 112.248.110.18 58863 (msg: "MISP e26157 [] Outgoing URL http|3a|//112.248.110.18|3a|58863/Mozi.m"; flow:to_server,established; http.header; content:"112.248.110.18"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 27.206.80.166 40391 (msg: "MISP e26157 [] Outgoing URL http|3a|//27.206.80.166|3a|40391/Mozi.m"; flow:to_server,established; http.header; content:"27.206.80.166"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 182.126.83.160 38508 (msg: "MISP e26157 [] Outgoing URL http|3a|//182.126.83.160|3a|38508/Mozi.m"; flow:to_server,established; http.header; content:"182.126.83.160"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 123.9.199.78 56073 (msg: "MISP e26157 [] Outgoing URL http|3a|//123.9.199.78|3a|56073/Mozi.m"; flow:to_server,established; http.header; content:"123.9.199.78"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 120.211.137.183 60579 (msg: "MISP e26157 [] Outgoing URL http|3a|//120.211.137.183|3a|60579/bin.sh"; flow:to_server,established; http.header; content:"120.211.137.183"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 61.133.88.236 42709 (msg: "MISP e26157 [] Outgoing URL http|3a|//61.133.88.236|3a|42709/Mozi.m"; flow:to_server,established; http.header; content:"61.133.88.236"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 195.20.16.46 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//195.20.16.46/ext/searchfz.jpeg"; flow:to_server,established; http.header; content:"195.20.16.46"; fast_pattern; nocase; http.uri; content:"/ext/searchfz.jpeg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 195.20.16.46 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//195.20.16.46/ext/ksearches.jpeg"; flow:to_server,established; http.header; content:"195.20.16.46"; fast_pattern; nocase; http.uri; content:"/ext/ksearches.jpeg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 195.20.16.46 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//195.20.16.46/ext/horizontimez.jpeg"; flow:to_server,established; http.header; content:"195.20.16.46"; fast_pattern; nocase; http.uri; content:"/ext/horizontimez.jpeg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 195.20.16.46 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//195.20.16.46/ext/askusdaily.jpeg"; flow:to_server,established; http.header; content:"195.20.16.46"; fast_pattern; nocase; http.uri; content:"/ext/askusdaily.jpeg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//193.233.132.167/cost/ladas.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/cost/ladas.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 193.187.174.182 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//193.187.174.182/f79abd6a472c7e1d/vcruntime140.dll"; flow:to_server,established; http.header; content:"193.187.174.182"; fast_pattern; nocase; http.uri; content:"/f79abd6a472c7e1d/vcruntime140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 193.187.174.182 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//193.187.174.182/f79abd6a472c7e1d/sqlite3.dll"; flow:to_server,established; http.header; content:"193.187.174.182"; fast_pattern; nocase; http.uri; content:"/f79abd6a472c7e1d/sqlite3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 193.187.174.182 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//193.187.174.182/f79abd6a472c7e1d/msvcp140.dll"; flow:to_server,established; http.header; content:"193.187.174.182"; fast_pattern; nocase; http.uri; content:"/f79abd6a472c7e1d/msvcp140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 123.10.213.255 60284 (msg: "MISP e26157 [] Outgoing URL http|3a|//123.10.213.255|3a|60284/"; flow:to_server,established; http.header; content:"123.10.213.255"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 115.54.154.69 47823 (msg: "MISP e26157 [] Outgoing URL http|3a|//115.54.154.69|3a|47823/bin.sh"; flow:to_server,established; http.header; content:"115.54.154.69"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 15.204.245.61 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//15.204.245.61/rebirth.spc"; flow:to_server,established; http.header; content:"15.204.245.61"; fast_pattern; nocase; http.uri; content:"/rebirth.spc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 15.204.245.61 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//15.204.245.61/rebirth.sh4"; flow:to_server,established; http.header; content:"15.204.245.61"; fast_pattern; nocase; http.uri; content:"/rebirth.sh4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 15.204.245.61 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//15.204.245.61/rebirth.ppc"; flow:to_server,established; http.header; content:"15.204.245.61"; fast_pattern; nocase; http.uri; content:"/rebirth.ppc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 15.204.245.61 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//15.204.245.61/rebirth.mpsl"; flow:to_server,established; http.header; content:"15.204.245.61"; fast_pattern; nocase; http.uri; content:"/rebirth.mpsl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 15.204.245.61 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//15.204.245.61/rebirth.mips"; flow:to_server,established; http.header; content:"15.204.245.61"; fast_pattern; nocase; http.uri; content:"/rebirth.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 15.204.245.61 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//15.204.245.61/rebirth.m68"; flow:to_server,established; http.header; content:"15.204.245.61"; fast_pattern; nocase; http.uri; content:"/rebirth.m68"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 15.204.245.61 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//15.204.245.61/rebirth.arm5"; flow:to_server,established; http.header; content:"15.204.245.61"; fast_pattern; nocase; http.uri; content:"/rebirth.arm5"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 15.204.245.61 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//15.204.245.61/rebirth.arm4"; flow:to_server,established; http.header; content:"15.204.245.61"; fast_pattern; nocase; http.uri; content:"/rebirth.arm4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 117.217.38.170 32906 (msg: "MISP e26157 [] Outgoing URL http|3a|//117.217.38.170|3a|32906/Mozi.m"; flow:to_server,established; http.header; content:"117.217.38.170"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 109.107.182.3 $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//109.107.182.3/mine/plaza.exe"; flow:to_server,established; http.header; content:"109.107.182.3"; fast_pattern; nocase; http.uri; content:"/mine/plaza.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//asx.sunaviat.com/data/pdf/may.exe"; flow:to_server,established; http.header; content:"asx.sunaviat.com"; fast_pattern; nocase; http.uri; content:"/data/pdf/may.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 61.54.232.35 36493 (msg: "MISP e26157 [] Outgoing URL http|3a|//61.54.232.35|3a|36493/bin.sh"; flow:to_server,established; http.header; content:"61.54.232.35"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 61.2.111.163 52464 (msg: "MISP e26157 [] Outgoing URL http|3a|//61.2.111.163|3a|52464/Mozi.m"; flow:to_server,established; http.header; content:"61.2.111.163"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 117.254.179.122 38184 (msg: "MISP e26157 [] Outgoing URL http|3a|//117.254.179.122|3a|38184/Mozi.m"; flow:to_server,established; http.header; content:"117.254.179.122"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37170601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> 39.79.238.19 38495 (msg: "MISP e26153 [] Outgoing URL http|3a|//39.79.238.19|3a|38495/Mozi.m"; flow:to_server,established; http.header; content:"39.79.238.19"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 154.9.30.146 $HTTP_PORTS (msg: "MISP e26153 [] Outgoing URL http|3a|//154.9.30.146/mpsl"; flow:to_server,established; http.header; content:"154.9.30.146"; fast_pattern; nocase; http.uri; content:"/mpsl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 154.9.30.146 $HTTP_PORTS (msg: "MISP e26153 [] Outgoing URL http|3a|//154.9.30.146/mips"; flow:to_server,established; http.header; content:"154.9.30.146"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 154.9.30.146 $HTTP_PORTS (msg: "MISP e26153 [] Outgoing URL http|3a|//154.9.30.146/arm7"; flow:to_server,established; http.header; content:"154.9.30.146"; fast_pattern; nocase; http.uri; content:"/arm7"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 154.9.30.146 $HTTP_PORTS (msg: "MISP e26153 [] Outgoing URL http|3a|//154.9.30.146/arm5"; flow:to_server,established; http.header; content:"154.9.30.146"; fast_pattern; nocase; http.uri; content:"/arm5"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 125.40.73.38 37938 (msg: "MISP e26153 [] Outgoing URL http|3a|//125.40.73.38|3a|37938/"; flow:to_server,established; http.header; content:"125.40.73.38"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 117.248.25.199 35074 (msg: "MISP e26153 [] Outgoing URL http|3a|//117.248.25.199|3a|35074/i"; flow:to_server,established; http.header; content:"117.248.25.199"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 115.55.57.105 34878 (msg: "MISP e26153 [] Outgoing URL http|3a|//115.55.57.105|3a|34878/Mozi.m"; flow:to_server,established; http.header; content:"115.55.57.105"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26153 [] Outgoing URL http|3a|//flex.sunaviat.com/data/pdf/june.exe"; flow:to_server,established; http.header; content:"flex.sunaviat.com"; fast_pattern; nocase; http.uri; content:"/data/pdf/june.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 222.136.153.147 59471 (msg: "MISP e26153 [] Outgoing URL http|3a|//222.136.153.147|3a|59471/Mozi.m"; flow:to_server,established; http.header; content:"222.136.153.147"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 123.133.222.161 50085 (msg: "MISP e26153 [] Outgoing URL http|3a|//123.133.222.161|3a|50085/Mozi.m"; flow:to_server,established; http.header; content:"123.133.222.161"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 118.105.100.222 55840 (msg: "MISP e26153 [] Outgoing URL http|3a|//118.105.100.222|3a|55840/Mozi.m"; flow:to_server,established; http.header; content:"118.105.100.222"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert http $HOME_NET any -> 117.213.88.215 46764 (msg: "MISP e26153 [] Outgoing URL http|3a|//117.213.88.215|3a|46764/i"; flow:to_server,established; http.header; content:"117.213.88.215"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26153;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname docprowetranspro.hopto.org"; dns.query; content:"docprowetranspro.hopto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])docprowetranspro\.hopto\.org$/i"; classtype:trojan-activity; sid:37182791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname docprowetranspro.hopto.org"; flow:to_server,established; http.header; content: "Host|3a| docprowetranspro.hopto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])docprowetranspro\.hopto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//docprowetranspro.hopto.org"; flow:to_server,established; http.header; content:"docprowetranspro.hopto.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37182801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname msam.pages.dev"; dns.query; content:"msam.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])msam\.pages\.dev$/i"; classtype:trojan-activity; sid:37182821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname msam.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| msam.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])msam\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//msam.pages.dev"; flow:to_server,established; http.header; content:"msam.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37182831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 365ok16.com"; dns.query; content:"365ok16.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365ok16\.com$/i"; classtype:trojan-activity; sid:37182851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 365ok16.com"; flow:to_server,established; http.header; content: "Host|3a| 365ok16.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365ok16\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//www.365ok16.com/mobile-client/index/"; flow:to_server,established; http.header; content:"www.365ok16.com"; fast_pattern; nocase; http.uri; content:"/mobile-client/index/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37182861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname slg9y86mx00jv-1324239560.cos.na-toronto.myqcloud.com"; dns.query; content:"slg9y86mx00jv-1324239560.cos.na-toronto.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])slg9y86mx00jv\-1324239560\.cos\.na\-toronto\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37182881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname slg9y86mx00jv-1324239560.cos.na-toronto.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| slg9y86mx00jv-1324239560.cos.na-toronto.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])slg9y86mx00jv\-1324239560\.cos\.na\-toronto\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//slg9y86mx00jv-1324239560.cos.na-toronto.myqcloud.com/slg9y86mx00jv.html"; flow:to_server,established; http.header; content:"slg9y86mx00jv-1324239560.cos.na-toronto.myqcloud.com"; fast_pattern; nocase; http.uri; content:"/slg9y86mx00jv.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37182891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname hello-world-still-silence-62f4.jmassell.workers.dev"; dns.query; content:"hello-world-still-silence-62f4.jmassell.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-still\-silence\-62f4\.jmassell\.workers\.dev$/i"; classtype:trojan-activity; sid:37182911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname hello-world-still-silence-62f4.jmassell.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-still-silence-62f4.jmassell.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-still\-silence\-62f4\.jmassell\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname officentry.com"; dns.query; content:"officentry.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officentry\.com$/i"; classtype:trojan-activity; sid:37182941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname officentry.com"; flow:to_server,established; http.header; content: "Host|3a| officentry.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officentry\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname 0nline.brueckner-usa.us"; dns.query; content:"0nline.brueckner-usa.us"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0nline\.brueckner\-usa\.us$/i"; classtype:trojan-activity; sid:37182971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname 0nline.brueckner-usa.us"; flow:to_server,established; http.header; content: "Host|3a| 0nline.brueckner-usa.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0nline\.brueckner\-usa\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37182972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname j99gnubsbn0oi-1324239560.cos.ap-mumbai.myqcloud.com"; dns.query; content:"j99gnubsbn0oi-1324239560.cos.ap-mumbai.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j99gnubsbn0oi\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37183001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname j99gnubsbn0oi-1324239560.cos.ap-mumbai.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| j99gnubsbn0oi-1324239560.cos.ap-mumbai.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j99gnubsbn0oi\-1324239560\.cos\.ap\-mumbai\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname sharession.com"; dns.query; content:"sharession.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharession\.com$/i"; classtype:trojan-activity; sid:37183031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname sharession.com"; flow:to_server,established; http.header; content: "Host|3a| sharession.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharession\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname va3fipbndcoul-1324239560.cos.na-siliconvalley.myqcloud.com"; dns.query; content:"va3fipbndcoul-1324239560.cos.na-siliconvalley.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])va3fipbndcoul\-1324239560\.cos\.na\-siliconvalley\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37183061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname va3fipbndcoul-1324239560.cos.na-siliconvalley.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| va3fipbndcoul-1324239560.cos.na-siliconvalley.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])va3fipbndcoul\-1324239560\.cos\.na\-siliconvalley\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname lieferunginihrestadt.com"; dns.query; content:"lieferunginihrestadt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lieferunginihrestadt\.com$/i"; classtype:trojan-activity; sid:37183091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname lieferunginihrestadt.com"; flow:to_server,established; http.header; content: "Host|3a| lieferunginihrestadt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lieferunginihrestadt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname jillysaoka.com"; dns.query; content:"jillysaoka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jillysaoka\.com$/i"; classtype:trojan-activity; sid:37183121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname jillysaoka.com"; flow:to_server,established; http.header; content: "Host|3a| jillysaoka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jillysaoka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname turbo-stride.top"; dns.query; content:"turbo-stride.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])turbo\-stride\.top$/i"; classtype:trojan-activity; sid:37183151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname turbo-stride.top"; flow:to_server,established; http.header; content: "Host|3a| turbo-stride.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])turbo\-stride\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname purpl.cl"; dns.query; content:"purpl.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])purpl\.cl$/i"; classtype:trojan-activity; sid:37183181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname purpl.cl"; flow:to_server,established; http.header; content: "Host|3a| purpl.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])purpl\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname upsuivs.com"; dns.query; content:"upsuivs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upsuivs\.com$/i"; classtype:trojan-activity; sid:37183211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname upsuivs.com"; flow:to_server,established; http.header; content: "Host|3a| upsuivs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upsuivs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname autogielda-graczyk.pl"; dns.query; content:"autogielda-graczyk.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-graczyk\.pl$/i"; classtype:trojan-activity; sid:37183241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname autogielda-graczyk.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-graczyk.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-graczyk\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//autogielda-graczyk.pl"; flow:to_server,established; http.header; content:"autogielda-graczyk.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37183251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname upsuivs.com"; dns.query; content:"upsuivs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upsuivs\.com$/i"; classtype:trojan-activity; sid:37183271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname upsuivs.com"; flow:to_server,established; http.header; content: "Host|3a| upsuivs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upsuivs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//upsuivs.com"; flow:to_server,established; http.header; content:"upsuivs.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37183281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname partyrental.pages.dev"; dns.query; content:"partyrental.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])partyrental\.pages\.dev$/i"; classtype:trojan-activity; sid:37183301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname partyrental.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| partyrental.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])partyrental\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//partyrental.pages.dev"; flow:to_server,established; http.header; content:"partyrental.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37183311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname marlinfishingcancun.com"; dns.query; content:"marlinfishingcancun.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marlinfishingcancun\.com$/i"; classtype:trojan-activity; sid:37183331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname marlinfishingcancun.com"; flow:to_server,established; http.header; content: "Host|3a| marlinfishingcancun.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marlinfishingcancun\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname wtpcaladium2.com"; dns.query; content:"wtpcaladium2.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wtpcaladium2\.com$/i"; classtype:trojan-activity; sid:37183361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname wtpcaladium2.com"; flow:to_server,established; http.header; content: "Host|3a| wtpcaladium2.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wtpcaladium2\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//wtpcaladium2.com"; flow:to_server,established; http.header; content:"wtpcaladium2.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37183371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname pub-c3c1b24b4817402a85b98a13acc9688d.r2.dev"; dns.query; content:"pub-c3c1b24b4817402a85b98a13acc9688d.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-c3c1b24b4817402a85b98a13acc9688d\.r2\.dev$/i"; classtype:trojan-activity; sid:37183391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname pub-c3c1b24b4817402a85b98a13acc9688d.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-c3c1b24b4817402a85b98a13acc9688d.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-c3c1b24b4817402a85b98a13acc9688d\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//pub-c3c1b24b4817402a85b98a13acc9688d.r2.dev/win77.html"; flow:to_server,established; http.header; content:"pub-c3c1b24b4817402a85b98a13acc9688d.r2.dev"; fast_pattern; nocase; http.uri; content:"/win77.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37183401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname pub-5eb4c2fadece4f6aa3fe27f1665fd3db.r2.dev"; dns.query; content:"pub-5eb4c2fadece4f6aa3fe27f1665fd3db.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5eb4c2fadece4f6aa3fe27f1665fd3db\.r2\.dev$/i"; classtype:trojan-activity; sid:37183421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname pub-5eb4c2fadece4f6aa3fe27f1665fd3db.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-5eb4c2fadece4f6aa3fe27f1665fd3db.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5eb4c2fadece4f6aa3fe27f1665fd3db\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//pub-5eb4c2fadece4f6aa3fe27f1665fd3db.r2.dev/signinfo.html?e=a*****@h****.org"; flow:to_server,established; http.header; content:"pub-5eb4c2fadece4f6aa3fe27f1665fd3db.r2.dev"; fast_pattern; nocase; http.uri; content:"/signinfo.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37183431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert dns any any -> any any (msg: "MISP e26157 [] Hostname assetadvice.pages.dev"; dns.query; content:"assetadvice.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])assetadvice\.pages\.dev$/i"; classtype:trojan-activity; sid:37183451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26157 [] Outgoing HTTP Hostname assetadvice.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| assetadvice.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])assetadvice\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37183452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26157 [] Outgoing URL http|3a|//assetadvice.pages.dev/"; flow:to_server,established; http.header; content:"assetadvice.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37183461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26157;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26075 [dcrat] Outgoing URL http|3a|//a0916535.xsph.ru/db059622.php"; flow:to_server,established; http.header; content:"a0916535.xsph.ru"; fast_pattern; nocase; http.uri; content:"/db059622.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37123591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname imtoken-ca.org"; dns.query; content:"imtoken-ca.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ca\.org$/i"; classtype:trojan-activity; sid:37143921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname imtoken-ca.org"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ca.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ca\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37143922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//imtoken-ca.org"; flow:to_server,established; http.header; content:"imtoken-ca.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname dominique.weidig-spielen.de"; dns.query; content:"dominique.weidig-spielen.de"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dominique\.weidig\-spielen\.de$/i"; classtype:trojan-activity; sid:37143951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname dominique.weidig-spielen.de"; flow:to_server,established; http.header; content: "Host|3a| dominique.weidig-spielen.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dominique\.weidig\-spielen\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37143952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname imtoken-bf.fyi"; dns.query; content:"imtoken-bf.fyi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bf\.fyi$/i"; classtype:trojan-activity; sid:37143981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname imtoken-bf.fyi"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bf.fyi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bf\.fyi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37143982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//imtoken-bf.fyi"; flow:to_server,established; http.header; content:"imtoken-bf.fyi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname assistancech.pages.dev"; dns.query; content:"assistancech.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])assistancech\.pages\.dev$/i"; classtype:trojan-activity; sid:37144011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname assistancech.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| assistancech.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])assistancech\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//assistancech.pages.dev"; flow:to_server,established; http.header; content:"assistancech.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname imtoken-ca.biz"; dns.query; content:"imtoken-ca.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ca\.biz$/i"; classtype:trojan-activity; sid:37144041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname imtoken-ca.biz"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ca.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ca\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//imtoken-ca.biz"; flow:to_server,established; http.header; content:"imtoken-ca.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname netflix.selamalemayehu.com"; dns.query; content:"netflix.selamalemayehu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netflix\.selamalemayehu\.com$/i"; classtype:trojan-activity; sid:37144071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname netflix.selamalemayehu.com"; flow:to_server,established; http.header; content: "Host|3a| netflix.selamalemayehu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netflix\.selamalemayehu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//netflix.selamalemayehu.com"; flow:to_server,established; http.header; content:"netflix.selamalemayehu.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname motohandel-kzz.pl"; dns.query; content:"motohandel-kzz.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motohandel\-kzz\.pl$/i"; classtype:trojan-activity; sid:37144101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname motohandel-kzz.pl"; flow:to_server,established; http.header; content: "Host|3a| motohandel-kzz.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motohandel\-kzz\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//motohandel-kzz.pl"; flow:to_server,established; http.header; content:"motohandel-kzz.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname sf08a0a.blogspot.com"; dns.query; content:"sf08a0a.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sf08a0a\.blogspot\.com$/i"; classtype:trojan-activity; sid:37144131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname sf08a0a.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| sf08a0a.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sf08a0a\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname imtoken-bg.net"; dns.query; content:"imtoken-bg.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bg\.net$/i"; classtype:trojan-activity; sid:37144161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname imtoken-bg.net"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bg.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bg\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//imtoken-bg.net"; flow:to_server,established; http.header; content:"imtoken-bg.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname enoticiatocantins.com.br"; dns.query; content:"enoticiatocantins.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])enoticiatocantins\.com\.br$/i"; classtype:trojan-activity; sid:37144191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname enoticiatocantins.com.br"; flow:to_server,established; http.header; content: "Host|3a| enoticiatocantins.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])enoticiatocantins\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname url-shortener.app"; dns.query; content:"url-shortener.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])url\-shortener\.app$/i"; classtype:trojan-activity; sid:37144221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname url-shortener.app"; flow:to_server,established; http.header; content: "Host|3a| url-shortener.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])url\-shortener\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname acir.postofficeweb.com"; dns.query; content:"acir.postofficeweb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])acir\.postofficeweb\.com$/i"; classtype:trojan-activity; sid:37144251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname acir.postofficeweb.com"; flow:to_server,established; http.header; content: "Host|3a| acir.postofficeweb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])acir\.postofficeweb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//acir.postofficeweb.com/grupoacir/11118306-dIyN8gTVGlPRQA"; flow:to_server,established; http.header; content:"acir.postofficeweb.com"; fast_pattern; nocase; http.uri; content:"/grupoacir/11118306-dIyN8gTVGlPRQA"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname sharession.com"; dns.query; content:"sharession.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharession\.com$/i"; classtype:trojan-activity; sid:37144281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname sharession.com"; flow:to_server,established; http.header; content: "Host|3a| sharession.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharession\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname mhtd1wgi4b7aq-1324239560.cos.ap-singapore.myqcloud.com"; dns.query; content:"mhtd1wgi4b7aq-1324239560.cos.ap-singapore.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mhtd1wgi4b7aq\-1324239560\.cos\.ap\-singapore\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37144311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname mhtd1wgi4b7aq-1324239560.cos.ap-singapore.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| mhtd1wgi4b7aq-1324239560.cos.ap-singapore.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mhtd1wgi4b7aq\-1324239560\.cos\.ap\-singapore\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname attemplate.com"; dns.query; content:"attemplate.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attemplate\.com$/i"; classtype:trojan-activity; sid:37144341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname attemplate.com"; flow:to_server,established; http.header; content: "Host|3a| attemplate.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attemplate\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname slri52k6ysbbs-1324239560.cos.na-siliconvalley.myqcloud.com"; dns.query; content:"slri52k6ysbbs-1324239560.cos.na-siliconvalley.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])slri52k6ysbbs\-1324239560\.cos\.na\-siliconvalley\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37144371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname slri52k6ysbbs-1324239560.cos.na-siliconvalley.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| slri52k6ysbbs-1324239560.cos.na-siliconvalley.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])slri52k6ysbbs\-1324239560\.cos\.na\-siliconvalley\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegrem-a.com"; dns.query; content:"telegrem-a.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-a\.com$/i"; classtype:trojan-activity; sid:37144401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegrem-a.com"; flow:to_server,established; http.header; content: "Host|3a| telegrem-a.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-a\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegrem-a.com/"; flow:to_server,established; http.header; content:"telegrem-a.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname auta-kosiniak.pl"; dns.query; content:"auta-kosiniak.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-kosiniak\.pl$/i"; classtype:trojan-activity; sid:37144431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname auta-kosiniak.pl"; flow:to_server,established; http.header; content: "Host|3a| auta-kosiniak.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-kosiniak\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//auta-kosiniak.pl"; flow:to_server,established; http.header; content:"auta-kosiniak.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname autogielda-czechowski.pl"; dns.query; content:"autogielda-czechowski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-czechowski\.pl$/i"; classtype:trojan-activity; sid:37144461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname autogielda-czechowski.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-czechowski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-czechowski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//autogielda-czechowski.pl"; flow:to_server,established; http.header; content:"autogielda-czechowski.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname kzz-sprzedazpojazdow.pl"; dns.query; content:"kzz-sprzedazpojazdow.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kzz\-sprzedazpojazdow\.pl$/i"; classtype:trojan-activity; sid:37144491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname kzz-sprzedazpojazdow.pl"; flow:to_server,established; http.header; content: "Host|3a| kzz-sprzedazpojazdow.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kzz\-sprzedazpojazdow\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//kzz-sprzedazpojazdow.pl"; flow:to_server,established; http.header; content:"kzz-sprzedazpojazdow.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname mail196162.wixsite.com"; dns.query; content:"mail196162.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail196162\.wixsite\.com$/i"; classtype:trojan-activity; sid:37144521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname mail196162.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| mail196162.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail196162\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname blank-template-5-00495.getresponsesite.com"; dns.query; content:"blank-template-5-00495.getresponsesite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blank\-template\-5\-00495\.getresponsesite\.com$/i"; classtype:trojan-activity; sid:37144551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname blank-template-5-00495.getresponsesite.com"; flow:to_server,established; http.header; content: "Host|3a| blank-template-5-00495.getresponsesite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blank\-template\-5\-00495\.getresponsesite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname blank-template-5-56714.getresponsesite.com"; dns.query; content:"blank-template-5-56714.getresponsesite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blank\-template\-5\-56714\.getresponsesite\.com$/i"; classtype:trojan-activity; sid:37144581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname blank-template-5-56714.getresponsesite.com"; flow:to_server,established; http.header; content: "Host|3a| blank-template-5-56714.getresponsesite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blank\-template\-5\-56714\.getresponsesite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname lumdevelopmentresearch.com"; dns.query; content:"lumdevelopmentresearch.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lumdevelopmentresearch\.com$/i"; classtype:trojan-activity; sid:37144611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname lumdevelopmentresearch.com"; flow:to_server,established; http.header; content: "Host|3a| lumdevelopmentresearch.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lumdevelopmentresearch\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname eiw8s.rqa-b.my.id"; dns.query; content:"eiw8s.rqa-b.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eiw8s\.rqa\-b\.my\.id$/i"; classtype:trojan-activity; sid:37144641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname eiw8s.rqa-b.my.id"; flow:to_server,established; http.header; content: "Host|3a| eiw8s.rqa-b.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eiw8s\.rqa\-b\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//eiw8s.rqa-b.my.id"; flow:to_server,established; http.header; content:"eiw8s.rqa-b.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname lmmoscout24.ch-privatelng.com"; dns.query; content:"lmmoscout24.ch-privatelng.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lmmoscout24\.ch\-privatelng\.com$/i"; classtype:trojan-activity; sid:37144671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname lmmoscout24.ch-privatelng.com"; flow:to_server,established; http.header; content: "Host|3a| lmmoscout24.ch-privatelng.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lmmoscout24\.ch\-privatelng\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname p923l.277st0.com"; dns.query; content:"p923l.277st0.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])p923l\.277st0\.com$/i"; classtype:trojan-activity; sid:37144701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname p923l.277st0.com"; flow:to_server,established; http.header; content: "Host|3a| p923l.277st0.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])p923l\.277st0\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 44mu7.stsin0.com"; dns.query; content:"44mu7.stsin0.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])44mu7\.stsin0\.com$/i"; classtype:trojan-activity; sid:37144731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 44mu7.stsin0.com"; flow:to_server,established; http.header; content: "Host|3a| 44mu7.stsin0.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])44mu7\.stsin0\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname omserteunew.com"; dns.query; content:"omserteunew.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omserteunew\.com$/i"; classtype:trojan-activity; sid:37144761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname omserteunew.com"; flow:to_server,established; http.header; content: "Host|3a| omserteunew.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omserteunew\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//tinyurl.com/5n6dae46"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/5n6dae46"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname docusign-6jd.pages.dev"; dns.query; content:"docusign-6jd.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])docusign\-6jd\.pages\.dev$/i"; classtype:trojan-activity; sid:37144851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname docusign-6jd.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| docusign-6jd.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])docusign\-6jd\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//docusign-6jd.pages.dev"; flow:to_server,established; http.header; content:"docusign-6jd.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37144861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname newsegseguros.com"; dns.query; content:"newsegseguros.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newsegseguros\.com$/i"; classtype:trojan-activity; sid:37144881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname newsegseguros.com"; flow:to_server,established; http.header; content: "Host|3a| newsegseguros.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newsegseguros\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname pastelesallegro.com.mx"; dns.query; content:"pastelesallegro.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pastelesallegro\.com\.mx$/i"; classtype:trojan-activity; sid:37144911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname pastelesallegro.com.mx"; flow:to_server,established; http.header; content: "Host|3a| pastelesallegro.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pastelesallegro\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname afrits.net"; dns.query; content:"afrits.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])afrits\.net$/i"; classtype:trojan-activity; sid:37144941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname afrits.net"; flow:to_server,established; http.header; content: "Host|3a| afrits.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])afrits\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname server1377879.netart.com"; dns.query; content:"server1377879.netart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1377879\.netart\.com$/i"; classtype:trojan-activity; sid:37144971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname server1377879.netart.com"; flow:to_server,established; http.header; content: "Host|3a| server1377879.netart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1377879\.netart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37144972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname pattayapeople.com"; dns.query; content:"pattayapeople.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pattayapeople\.com$/i"; classtype:trojan-activity; sid:37145001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname pattayapeople.com"; flow:to_server,established; http.header; content: "Host|3a| pattayapeople.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pattayapeople\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname mail.ehazine529.com"; dns.query; content:"mail.ehazine529.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.ehazine529\.com$/i"; classtype:trojan-activity; sid:37145031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname mail.ehazine529.com"; flow:to_server,established; http.header; content: "Host|3a| mail.ehazine529.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.ehazine529\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//mail.ehazine529.com"; flow:to_server,established; http.header; content:"mail.ehazine529.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname dvvtlerim-iradem.com"; dns.query; content:"dvvtlerim-iradem.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dvvtlerim\-iradem\.com$/i"; classtype:trojan-activity; sid:37145061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname dvvtlerim-iradem.com"; flow:to_server,established; http.header; content: "Host|3a| dvvtlerim-iradem.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dvvtlerim\-iradem\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//dvvtlerim-iradem.com"; flow:to_server,established; http.header; content:"dvvtlerim-iradem.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname j19739cm7aya8-1324239560.cos.ap-singapore.myqcloud.com"; dns.query; content:"j19739cm7aya8-1324239560.cos.ap-singapore.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j19739cm7aya8\-1324239560\.cos\.ap\-singapore\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37145091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname j19739cm7aya8-1324239560.cos.ap-singapore.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| j19739cm7aya8-1324239560.cos.ap-singapore.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j19739cm7aya8\-1324239560\.cos\.ap\-singapore\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname api-dot.com"; dns.query; content:"api-dot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])api\-dot\.com$/i"; classtype:trojan-activity; sid:37145121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname api-dot.com"; flow:to_server,established; http.header; content: "Host|3a| api-dot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])api\-dot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname pub-d793447c81514171913d3664f37ee09d.r2.dev"; dns.query; content:"pub-d793447c81514171913d3664f37ee09d.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d793447c81514171913d3664f37ee09d\.r2\.dev$/i"; classtype:trojan-activity; sid:37145151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname pub-d793447c81514171913d3664f37ee09d.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-d793447c81514171913d3664f37ee09d.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d793447c81514171913d3664f37ee09d\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname t2k41175jrm0h-1324239560.cos.ap-singapore.myqcloud.com"; dns.query; content:"t2k41175jrm0h-1324239560.cos.ap-singapore.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t2k41175jrm0h\-1324239560\.cos\.ap\-singapore\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37145181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname t2k41175jrm0h-1324239560.cos.ap-singapore.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| t2k41175jrm0h-1324239560.cos.ap-singapore.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t2k41175jrm0h\-1324239560\.cos\.ap\-singapore\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tdqkxc2syoq5l-1324239560.cos.ap-singapore.myqcloud.com"; dns.query; content:"tdqkxc2syoq5l-1324239560.cos.ap-singapore.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tdqkxc2syoq5l\-1324239560\.cos\.ap\-singapore\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37145211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tdqkxc2syoq5l-1324239560.cos.ap-singapore.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| tdqkxc2syoq5l-1324239560.cos.ap-singapore.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tdqkxc2syoq5l\-1324239560\.cos\.ap\-singapore\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegram-grupo-sexo.pages.dev"; dns.query; content:"telegram-grupo-sexo.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-grupo\-sexo\.pages\.dev$/i"; classtype:trojan-activity; sid:37145241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegram-grupo-sexo.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegram-grupo-sexo.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-grupo\-sexo\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegram-grupo-sexo.pages.dev"; flow:to_server,established; http.header; content:"telegram-grupo-sexo.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname cek-selengkapnya.biz.id"; dns.query; content:"cek-selengkapnya.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cek\-selengkapnya\.biz\.id$/i"; classtype:trojan-activity; sid:37145271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname cek-selengkapnya.biz.id"; flow:to_server,established; http.header; content: "Host|3a| cek-selengkapnya.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cek\-selengkapnya\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname hmgj65.top"; dns.query; content:"hmgj65.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hmgj65\.top$/i"; classtype:trojan-activity; sid:37145301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname hmgj65.top"; flow:to_server,established; http.header; content: "Host|3a| hmgj65.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hmgj65\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//hmgj65.top"; flow:to_server,established; http.header; content:"hmgj65.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname islemwebdehizlibasvuru.app"; dns.query; content:"islemwebdehizlibasvuru.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])islemwebdehizlibasvuru\.app$/i"; classtype:trojan-activity; sid:37145331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname islemwebdehizlibasvuru.app"; flow:to_server,established; http.header; content: "Host|3a| islemwebdehizlibasvuru.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])islemwebdehizlibasvuru\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//islemwebdehizlibasvuru.app"; flow:to_server,established; http.header; content:"islemwebdehizlibasvuru.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname mobquick.direct.quickconnect.to"; dns.query; content:"mobquick.direct.quickconnect.to"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mobquick\.direct\.quickconnect\.to$/i"; classtype:trojan-activity; sid:37145361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname mobquick.direct.quickconnect.to"; flow:to_server,established; http.header; content: "Host|3a| mobquick.direct.quickconnect.to"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mobquick\.direct\.quickconnect\.to[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname lfbn-nan-1-1294-107.w90-59.abo.wanadoo.fr"; dns.query; content:"lfbn-nan-1-1294-107.w90-59.abo.wanadoo.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lfbn\-nan\-1\-1294\-107\.w90\-59\.abo\.wanadoo\.fr$/i"; classtype:trojan-activity; sid:37145391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname lfbn-nan-1-1294-107.w90-59.abo.wanadoo.fr"; flow:to_server,established; http.header; content: "Host|3a| lfbn-nan-1-1294-107.w90-59.abo.wanadoo.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lfbn\-nan\-1\-1294\-107\.w90\-59\.abo\.wanadoo\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname autosprzedaz-adek.pl"; dns.query; content:"autosprzedaz-adek.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autosprzedaz\-adek\.pl$/i"; classtype:trojan-activity; sid:37145421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname autosprzedaz-adek.pl"; flow:to_server,established; http.header; content: "Host|3a| autosprzedaz-adek.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autosprzedaz\-adek\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//autosprzedaz-adek.pl"; flow:to_server,established; http.header; content:"autosprzedaz-adek.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname makdental.pages.dev"; dns.query; content:"makdental.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])makdental\.pages\.dev$/i"; classtype:trojan-activity; sid:37145451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname makdental.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| makdental.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])makdental\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//makdental.pages.dev"; flow:to_server,established; http.header; content:"makdental.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname endurancetribute.pro"; dns.query; content:"endurancetribute.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])endurancetribute\.pro$/i"; classtype:trojan-activity; sid:37145481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname endurancetribute.pro"; flow:to_server,established; http.header; content: "Host|3a| endurancetribute.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])endurancetribute\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname sixtyfoldfiftieth.pro"; dns.query; content:"sixtyfoldfiftieth.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sixtyfoldfiftieth\.pro$/i"; classtype:trojan-activity; sid:37145511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname sixtyfoldfiftieth.pro"; flow:to_server,established; http.header; content: "Host|3a| sixtyfoldfiftieth.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sixtyfoldfiftieth\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//sixtyfoldfiftieth.pro"; flow:to_server,established; http.header; content:"sixtyfoldfiftieth.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname humorousunharmed.pro"; dns.query; content:"humorousunharmed.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])humorousunharmed\.pro$/i"; classtype:trojan-activity; sid:37145541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname humorousunharmed.pro"; flow:to_server,established; http.header; content: "Host|3a| humorousunharmed.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])humorousunharmed\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//humorousunharmed.pro"; flow:to_server,established; http.header; content:"humorousunharmed.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegram-3c1.pages.dev"; dns.query; content:"telegram-3c1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-3c1\.pages\.dev$/i"; classtype:trojan-activity; sid:37145571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegram-3c1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegram-3c1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-3c1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegram-3c1.pages.dev"; flow:to_server,established; http.header; content:"telegram-3c1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname motoryzacja-adek.pl"; dns.query; content:"motoryzacja-adek.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motoryzacja\-adek\.pl$/i"; classtype:trojan-activity; sid:37145601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname motoryzacja-adek.pl"; flow:to_server,established; http.header; content: "Host|3a| motoryzacja-adek.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motoryzacja\-adek\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//motoryzacja-adek.pl"; flow:to_server,established; http.header; content:"motoryzacja-adek.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname ouououvu.pages.dev"; dns.query; content:"ouououvu.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ouououvu\.pages\.dev$/i"; classtype:trojan-activity; sid:37145631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname ouououvu.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ouououvu.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ouououvu\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//ouououvu.pages.dev"; flow:to_server,established; http.header; content:"ouououvu.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi.ipfs.dweb.link"; dns.query; content:"bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi.ipfs.dweb.link"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi\.ipfs\.dweb\.link$/i"; classtype:trojan-activity; sid:37145661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi.ipfs.dweb.link"; flow:to_server,established; http.header; content: "Host|3a| bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi.ipfs.dweb.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi\.ipfs\.dweb\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname ymaupdate11.weebly.com"; dns.query; content:"ymaupdate11.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ymaupdate11\.weebly\.com$/i"; classtype:trojan-activity; sid:37145691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname ymaupdate11.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| ymaupdate11.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ymaupdate11\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//ymaupdate11.weebly.com"; flow:to_server,established; http.header; content:"ymaupdate11.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname xkiura.github.io"; dns.query; content:"xkiura.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xkiura\.github\.io$/i"; classtype:trojan-activity; sid:37145721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname xkiura.github.io"; flow:to_server,established; http.header; content: "Host|3a| xkiura.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xkiura\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//xkiura.github.io/Netflix-landing-page-clone"; flow:to_server,established; http.header; content:"xkiura.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-landing-page-clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname xfinityhomesecurityconnect.weebly.com"; dns.query; content:"xfinityhomesecurityconnect.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xfinityhomesecurityconnect\.weebly\.com$/i"; classtype:trojan-activity; sid:37145751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname xfinityhomesecurityconnect.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| xfinityhomesecurityconnect.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xfinityhomesecurityconnect\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//xfinityhomesecurityconnect.weebly.com"; flow:to_server,established; http.header; content:"xfinityhomesecurityconnect.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 365ok55.com"; dns.query; content:"365ok55.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365ok55\.com$/i"; classtype:trojan-activity; sid:37145781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 365ok55.com"; flow:to_server,established; http.header; content: "Host|3a| 365ok55.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365ok55\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//www.365ok55.com"; flow:to_server,established; http.header; content:"www.365ok55.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname wmicrosouab-4ba8.udydzj.workers.dev"; dns.query; content:"wmicrosouab-4ba8.udydzj.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wmicrosouab\-4ba8\.udydzj\.workers\.dev$/i"; classtype:trojan-activity; sid:37145811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname wmicrosouab-4ba8.udydzj.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wmicrosouab-4ba8.udydzj.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wmicrosouab\-4ba8\.udydzj\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//wmicrosouab-4ba8.udydzj.workers.dev"; flow:to_server,established; http.header; content:"wmicrosouab-4ba8.udydzj.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname vgihkn.dje79o3of79475.workers.dev"; dns.query; content:"vgihkn.dje79o3of79475.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vgihkn\.dje79o3of79475\.workers\.dev$/i"; classtype:trojan-activity; sid:37145841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname vgihkn.dje79o3of79475.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| vgihkn.dje79o3of79475.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vgihkn\.dje79o3of79475\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//vgihkn.dje79o3of79475.workers.dev"; flow:to_server,established; http.header; content:"vgihkn.dje79o3of79475.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usps.trackship-serve.top"; dns.query; content:"usps.trackship-serve.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.trackship\-serve\.top$/i"; classtype:trojan-activity; sid:37145871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usps.trackship-serve.top"; flow:to_server,established; http.header; content: "Host|3a| usps.trackship-serve.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.trackship\-serve\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//usps.trackship-serve.top"; flow:to_server,established; http.header; content:"usps.trackship-serve.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usp.ussphb.top"; dns.query; content:"usp.ussphb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussphb\.top$/i"; classtype:trojan-activity; sid:37145901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usp.ussphb.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussphb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussphb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//usp.ussphb.top"; flow:to_server,established; http.header; content:"usp.ussphb.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usps.packtrackers-address.top"; dns.query; content:"usps.packtrackers-address.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.packtrackers\-address\.top$/i"; classtype:trojan-activity; sid:37145931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usps.packtrackers-address.top"; flow:to_server,established; http.header; content: "Host|3a| usps.packtrackers-address.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.packtrackers\-address\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//usps.packtrackers-address.top"; flow:to_server,established; http.header; content:"usps.packtrackers-address.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usps.parceltrackers-address.top"; dns.query; content:"usps.parceltrackers-address.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.parceltrackers\-address\.top$/i"; classtype:trojan-activity; sid:37145961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usps.parceltrackers-address.top"; flow:to_server,established; http.header; content: "Host|3a| usps.parceltrackers-address.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.parceltrackers\-address\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//usps.parceltrackers-address.top"; flow:to_server,established; http.header; content:"usps.parceltrackers-address.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37145971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgfgrfrgg4gg.blogspot.com"; dns.query; content:"5fgfgfgfgrfrgg4gg.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfrgg4gg\.blogspot\.com$/i"; classtype:trojan-activity; sid:37145991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgfgrfrgg4gg.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrfrgg4gg.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfrgg4gg\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37145992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usps.mytrackingy.top"; dns.query; content:"usps.mytrackingy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingy\.top$/i"; classtype:trojan-activity; sid:37146021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usps.mytrackingy.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//usps.mytrackingy.top"; flow:to_server,established; http.header; content:"usps.mytrackingy.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usps.cargotrack-serve.top"; dns.query; content:"usps.cargotrack-serve.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.cargotrack\-serve\.top$/i"; classtype:trojan-activity; sid:37146051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usps.cargotrack-serve.top"; flow:to_server,established; http.header; content: "Host|3a| usps.cargotrack-serve.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.cargotrack\-serve\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//usps.cargotrack-serve.top"; flow:to_server,established; http.header; content:"usps.cargotrack-serve.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fffgfgfg4g4gh4fg4.blogspot.com"; dns.query; content:"5fffgfgfg4g4gh4fg4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fffgfgfg4g4gh4fg4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37146081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fffgfgfg4g4gh4fg4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fffgfgfg4g4gh4fg4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fffgfgfg4g4gh4fg4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tokenav.app"; dns.query; content:"tokenav.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenav\.app$/i"; classtype:trojan-activity; sid:37146111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tokenav.app"; flow:to_server,established; http.header; content: "Host|3a| tokenav.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenav\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//tokenav.app"; flow:to_server,established; http.header; content:"tokenav.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname therealmedusa.github.io"; dns.query; content:"therealmedusa.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])therealmedusa\.github\.io$/i"; classtype:trojan-activity; sid:37146141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname therealmedusa.github.io"; flow:to_server,established; http.header; content: "Host|3a| therealmedusa.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])therealmedusa\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//therealmedusa.github.io/test"; flow:to_server,established; http.header; content:"therealmedusa.github.io"; fast_pattern; nocase; http.uri; content:"/test"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telstra-107857.weeblysite.com"; dns.query; content:"telstra-107857.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107857\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37146171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telstra-107857.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-107857.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107857\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telstra-107857.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-107857.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telstra-105230.weeblysite.com"; dns.query; content:"telstra-105230.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-105230\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37146201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telstra-105230.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-105230.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-105230\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telstra-105230.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-105230.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telstra-105582.weeblysite.com"; dns.query; content:"telstra-105582.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-105582\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37146231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telstra-105582.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-105582.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-105582\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telstra-105582.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-105582.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname whatsappbu0zziu.zezxz.biz.id"; dns.query; content:"whatsappbu0zziu.zezxz.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsappbu0zziu\.zezxz\.biz\.id$/i"; classtype:trojan-activity; sid:37146261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname whatsappbu0zziu.zezxz.biz.id"; flow:to_server,established; http.header; content: "Host|3a| whatsappbu0zziu.zezxz.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsappbu0zziu\.zezxz\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname whatsappbu0zziu.zezxz.biz.id"; dns.query; content:"whatsappbu0zziu.zezxz.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsappbu0zziu\.zezxz\.biz\.id$/i"; classtype:trojan-activity; sid:37146291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname whatsappbu0zziu.zezxz.biz.id"; flow:to_server,established; http.header; content: "Host|3a| whatsappbu0zziu.zezxz.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsappbu0zziu\.zezxz\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname uspz.uspaiu.top"; dns.query; content:"uspz.uspaiu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaiu\.top$/i"; classtype:trojan-activity; sid:37146321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname uspz.uspaiu.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspaiu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaiu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname sukarayamjanjua.github.io"; dns.query; content:"sukarayamjanjua.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sukarayamjanjua\.github\.io$/i"; classtype:trojan-activity; sid:37146351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname sukarayamjanjua.github.io"; flow:to_server,established; http.header; content: "Host|3a| sukarayamjanjua.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sukarayamjanjua\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//sukarayamjanjua.github.io/fb_login_tailwind.github.io"; flow:to_server,established; http.header; content:"sukarayamjanjua.github.io"; fast_pattern; nocase; http.uri; content:"/fb_login_tailwind.github.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname stepupproject-dot-sharepointproject-344311.as.r.appspot.com"; dns.query; content:"stepupproject-dot-sharepointproject-344311.as.r.appspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stepupproject\-dot\-sharepointproject\-344311\.as\.r\.appspot\.com$/i"; classtype:trojan-activity; sid:37146381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname stepupproject-dot-sharepointproject-344311.as.r.appspot.com"; flow:to_server,established; http.header; content: "Host|3a| stepupproject-dot-sharepointproject-344311.as.r.appspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stepupproject\-dot\-sharepointproject\-344311\.as\.r\.appspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//stepupproject-dot-sharepointproject-344311.as.r.appspot.com"; flow:to_server,established; http.header; content:"stepupproject-dot-sharepointproject-344311.as.r.appspot.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname srivastavaarjit.github.io"; dns.query; content:"srivastavaarjit.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srivastavaarjit\.github\.io$/i"; classtype:trojan-activity; sid:37146411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname srivastavaarjit.github.io"; flow:to_server,established; http.header; content: "Host|3a| srivastavaarjit.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srivastavaarjit\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//srivastavaarjit.github.io/Netflix"; flow:to_server,established; http.header; content:"srivastavaarjit.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname round-haze-06a2.lobopuded-bipoleto.workers.dev"; dns.query; content:"round-haze-06a2.lobopuded-bipoleto.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])round\-haze\-06a2\.lobopuded\-bipoleto\.workers\.dev$/i"; classtype:trojan-activity; sid:37146441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname round-haze-06a2.lobopuded-bipoleto.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| round-haze-06a2.lobopuded-bipoleto.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])round\-haze\-06a2\.lobopuded\-bipoleto\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname nhd.pages.dev"; dns.query; content:"nhd.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nhd\.pages\.dev$/i"; classtype:trojan-activity; sid:37146471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname nhd.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nhd.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nhd\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname sky-100117.weeblysite.com"; dns.query; content:"sky-100117.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sky\-100117\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37146501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname sky-100117.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| sky-100117.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sky\-100117\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//sky-100117.weeblysite.com"; flow:to_server,established; http.header; content:"sky-100117.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname signin-metaaamsk-lugin-us-en-g.godaddysites.com"; dns.query; content:"signin-metaaamsk-lugin-us-en-g.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])signin\-metaaamsk\-lugin\-us\-en\-g\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37146531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname signin-metaaamsk-lugin-us-en-g.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| signin-metaaamsk-lugin-us-en-g.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])signin\-metaaamsk\-lugin\-us\-en\-g\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//signin-metaaamsk-lugin-us-en-g.godaddysites.com"; flow:to_server,established; http.header; content:"signin-metaaamsk-lugin-us-en-g.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname sharepoint-0a17.dideto2686.workers.dev"; dns.query; content:"sharepoint-0a17.dideto2686.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharepoint\-0a17\.dideto2686\.workers\.dev$/i"; classtype:trojan-activity; sid:37146561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname sharepoint-0a17.dideto2686.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| sharepoint-0a17.dideto2686.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharepoint\-0a17\.dideto2686\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//sharepoint-0a17.dideto2686.workers.dev"; flow:to_server,established; http.header; content:"sharepoint-0a17.dideto2686.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname sdfg-25n.pages.dev"; dns.query; content:"sdfg-25n.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sdfg\-25n\.pages\.dev$/i"; classtype:trojan-activity; sid:37146591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname sdfg-25n.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sdfg-25n.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sdfg\-25n\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//sdfg-25n.pages.dev"; flow:to_server,established; http.header; content:"sdfg-25n.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname sanvaad.github.io"; dns.query; content:"sanvaad.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sanvaad\.github\.io$/i"; classtype:trojan-activity; sid:37146621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname sanvaad.github.io"; flow:to_server,established; http.header; content: "Host|3a| sanvaad.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sanvaad\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//sanvaad.github.io/Netflix-clone"; flow:to_server,established; http.header; content:"sanvaad.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname san65k.951vip09.xyz"; dns.query; content:"san65k.951vip09.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])san65k\.951vip09\.xyz$/i"; classtype:trojan-activity; sid:37146651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname san65k.951vip09.xyz"; flow:to_server,established; http.header; content: "Host|3a| san65k.951vip09.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])san65k\.951vip09\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//san65k.951vip09.xyz"; flow:to_server,established; http.header; content:"san65k.951vip09.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname angry-stump-mink.glitch.me"; dns.query; content:"angry-stump-mink.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])angry\-stump\-mink\.glitch\.me$/i"; classtype:trojan-activity; sid:37146681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname angry-stump-mink.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| angry-stump-mink.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])angry\-stump\-mink\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname accesfrim.ydns.eu"; dns.query; content:"accesfrim.ydns.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])accesfrim\.ydns\.eu$/i"; classtype:trojan-activity; sid:37146711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname accesfrim.ydns.eu"; flow:to_server,established; http.header; content: "Host|3a| accesfrim.ydns.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])accesfrim\.ydns\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 628376-b1aa.palmidhis.workers.dev"; dns.query; content:"628376-b1aa.palmidhis.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])628376\-b1aa\.palmidhis\.workers\.dev$/i"; classtype:trojan-activity; sid:37146741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 628376-b1aa.palmidhis.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 628376-b1aa.palmidhis.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])628376\-b1aa\.palmidhis\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname red-breeze-fd9b.nemajaso2386.workers.dev"; dns.query; content:"red-breeze-fd9b.nemajaso2386.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])red\-breeze\-fd9b\.nemajaso2386\.workers\.dev$/i"; classtype:trojan-activity; sid:37146771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname red-breeze-fd9b.nemajaso2386.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| red-breeze-fd9b.nemajaso2386.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])red\-breeze\-fd9b\.nemajaso2386\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//red-breeze-fd9b.nemajaso2386.workers.dev"; flow:to_server,established; http.header; content:"red-breeze-fd9b.nemajaso2386.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname qbtwaltesue.weebly.com"; dns.query; content:"qbtwaltesue.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qbtwaltesue\.weebly\.com$/i"; classtype:trojan-activity; sid:37146801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname qbtwaltesue.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| qbtwaltesue.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qbtwaltesue\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//qbtwaltesue.weebly.com"; flow:to_server,established; http.header; content:"qbtwaltesue.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname pembatalanpemblokiran2022.weebly.com"; dns.query; content:"pembatalanpemblokiran2022.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pembatalanpemblokiran2022\.weebly\.com$/i"; classtype:trojan-activity; sid:37146831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname pembatalanpemblokiran2022.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| pembatalanpemblokiran2022.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pembatalanpemblokiran2022\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//pembatalanpemblokiran2022.weebly.com"; flow:to_server,established; http.header; content:"pembatalanpemblokiran2022.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname najiya-nasri.github.io"; dns.query; content:"najiya-nasri.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])najiya\-nasri\.github\.io$/i"; classtype:trojan-activity; sid:37146861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname najiya-nasri.github.io"; flow:to_server,established; http.header; content: "Host|3a| najiya-nasri.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])najiya\-nasri\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//najiya-nasri.github.io/Netflix-home-page"; flow:to_server,established; http.header; content:"najiya-nasri.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-home-page"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname oc365.ongcloudnetworks.workers.dev"; dns.query; content:"oc365.ongcloudnetworks.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oc365\.ongcloudnetworks\.workers\.dev$/i"; classtype:trojan-activity; sid:37146891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname oc365.ongcloudnetworks.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| oc365.ongcloudnetworks.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oc365\.ongcloudnetworks\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//oc365.ongcloudnetworks.workers.dev"; flow:to_server,established; http.header; content:"oc365.ongcloudnetworks.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname natlbankco.com"; dns.query; content:"natlbankco.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])natlbankco\.com$/i"; classtype:trojan-activity; sid:37146921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname natlbankco.com"; flow:to_server,established; http.header; content: "Host|3a| natlbankco.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])natlbankco\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//natlbankco.com"; flow:to_server,established; http.header; content:"natlbankco.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname lovely-probable-infinity.glitch.me"; dns.query; content:"lovely-probable-infinity.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lovely\-probable\-infinity\.glitch\.me$/i"; classtype:trojan-activity; sid:37146951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname lovely-probable-infinity.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| lovely-probable-infinity.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lovely\-probable\-infinity\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//lovely-probable-infinity.glitch.me"; flow:to_server,established; http.header; content:"lovely-probable-infinity.glitch.me"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname mail-109746.weeblysite.com"; dns.query; content:"mail-109746.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\-109746\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37146981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname mail-109746.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| mail-109746.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\-109746\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37146982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//mail-109746.weeblysite.com"; flow:to_server,established; http.header; content:"mail-109746.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37146991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname loreenmaxfamgrapherphotscove.pages.dev"; dns.query; content:"loreenmaxfamgrapherphotscove.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])loreenmaxfamgrapherphotscove\.pages\.dev$/i"; classtype:trojan-activity; sid:37147011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname loreenmaxfamgrapherphotscove.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| loreenmaxfamgrapherphotscove.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])loreenmaxfamgrapherphotscove\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//loreenmaxfamgrapherphotscove.pages.dev"; flow:to_server,established; http.header; content:"loreenmaxfamgrapherphotscove.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname logi-kucoin.weebly.com"; dns.query; content:"logi-kucoin.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logi\-kucoin\.weebly\.com$/i"; classtype:trojan-activity; sid:37147041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname logi-kucoin.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| logi-kucoin.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logi\-kucoin\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//logi-kucoin.weebly.com"; flow:to_server,established; http.header; content:"logi-kucoin.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname lnstagrram.pages.dev"; dns.query; content:"lnstagrram.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnstagrram\.pages\.dev$/i"; classtype:trojan-activity; sid:37147071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname lnstagrram.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| lnstagrram.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnstagrram\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//lnstagrram.pages.dev"; flow:to_server,established; http.header; content:"lnstagrram.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname lali.gercep.top"; dns.query; content:"lali.gercep.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lali\.gercep\.top$/i"; classtype:trojan-activity; sid:37147101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname lali.gercep.top"; flow:to_server,established; http.header; content: "Host|3a| lali.gercep.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lali\.gercep\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//lali.gercep.top"; flow:to_server,established; http.header; content:"lali.gercep.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname kunalsisodiacse.github.io"; dns.query; content:"kunalsisodiacse.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kunalsisodiacse\.github\.io$/i"; classtype:trojan-activity; sid:37147131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname kunalsisodiacse.github.io"; flow:to_server,established; http.header; content: "Host|3a| kunalsisodiacse.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kunalsisodiacse\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//kunalsisodiacse.github.io/NetflixLandingPages"; flow:to_server,established; http.header; content:"kunalsisodiacse.github.io"; fast_pattern; nocase; http.uri; content:"/NetflixLandingPages"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname kpratibha06.github.io"; dns.query; content:"kpratibha06.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kpratibha06\.github\.io$/i"; classtype:trojan-activity; sid:37147161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname kpratibha06.github.io"; flow:to_server,established; http.header; content: "Host|3a| kpratibha06.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kpratibha06\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//kpratibha06.github.io/dummyNetflixWebsite"; flow:to_server,established; http.header; content:"kpratibha06.github.io"; fast_pattern; nocase; http.uri; content:"/dummyNetflixWebsite"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname hotmailupdate-dus.turtipafyo.workers.dev"; dns.query; content:"hotmailupdate-dus.turtipafyo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hotmailupdate\-dus\.turtipafyo\.workers\.dev$/i"; classtype:trojan-activity; sid:37147191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname hotmailupdate-dus.turtipafyo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hotmailupdate-dus.turtipafyo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hotmailupdate\-dus\.turtipafyo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//hotmailupdate-dus.turtipafyo.workers.dev"; flow:to_server,established; http.header; content:"hotmailupdate-dus.turtipafyo.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname harsh2432.github.io"; dns.query; content:"harsh2432.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])harsh2432\.github\.io$/i"; classtype:trojan-activity; sid:37147221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname harsh2432.github.io"; flow:to_server,established; http.header; content: "Host|3a| harsh2432.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])harsh2432\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//harsh2432.github.io/Netflix-HomePage-Clone"; flow:to_server,established; http.header; content:"harsh2432.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-HomePage-Clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname gorgeous-salmiakki-xmnkl-9f8287.netlify.app"; dns.query; content:"gorgeous-salmiakki-xmnkl-9f8287.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gorgeous\-salmiakki\-xmnkl\-9f8287\.netlify\.app$/i"; classtype:trojan-activity; sid:37147251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname gorgeous-salmiakki-xmnkl-9f8287.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| gorgeous-salmiakki-xmnkl-9f8287.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gorgeous\-salmiakki\-xmnkl\-9f8287\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//gorgeous-salmiakki-xmnkl-9f8287.netlify.app"; flow:to_server,established; http.header; content:"gorgeous-salmiakki-xmnkl-9f8287.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname gentle-resonance-160a.ysfxbkdjfbwjrqp.workers.dev"; dns.query; content:"gentle-resonance-160a.ysfxbkdjfbwjrqp.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gentle\-resonance\-160a\.ysfxbkdjfbwjrqp\.workers\.dev$/i"; classtype:trojan-activity; sid:37147281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname gentle-resonance-160a.ysfxbkdjfbwjrqp.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| gentle-resonance-160a.ysfxbkdjfbwjrqp.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gentle\-resonance\-160a\.ysfxbkdjfbwjrqp\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//gentle-resonance-160a.ysfxbkdjfbwjrqp.workers.dev"; flow:to_server,established; http.header; content:"gentle-resonance-160a.ysfxbkdjfbwjrqp.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname e365.site3656.xyz"; dns.query; content:"e365.site3656.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e365\.site3656\.xyz$/i"; classtype:trojan-activity; sid:37147311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname e365.site3656.xyz"; flow:to_server,established; http.header; content: "Host|3a| e365.site3656.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e365\.site3656\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//e365.site3656.xyz"; flow:to_server,established; http.header; content:"e365.site3656.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname e.915vip26.xyz"; dns.query; content:"e.915vip26.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e\.915vip26\.xyz$/i"; classtype:trojan-activity; sid:37147341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname e.915vip26.xyz"; flow:to_server,established; http.header; content: "Host|3a| e.915vip26.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e\.915vip26\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//e.915vip26.xyz"; flow:to_server,established; http.header; content:"e.915vip26.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname daniel-t-gilbert.github.io"; dns.query; content:"daniel-t-gilbert.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])daniel\-t\-gilbert\.github\.io$/i"; classtype:trojan-activity; sid:37147371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname daniel-t-gilbert.github.io"; flow:to_server,established; http.header; content: "Host|3a| daniel-t-gilbert.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])daniel\-t\-gilbert\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//daniel-t-gilbert.github.io/Netflix-Landing-Page"; flow:to_server,established; http.header; content:"daniel-t-gilbert.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-Landing-Page"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname cueinbosepru.godaddysites.com"; dns.query; content:"cueinbosepru.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cueinbosepru\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname cueinbosepru.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| cueinbosepru.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cueinbosepru\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//cueinbosepru.godaddysites.com"; flow:to_server,established; http.header; content:"cueinbosepru.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname cooperative-tremendous-snickerdoodle.glitch.me"; dns.query; content:"cooperative-tremendous-snickerdoodle.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cooperative\-tremendous\-snickerdoodle\.glitch\.me$/i"; classtype:trojan-activity; sid:37147431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname cooperative-tremendous-snickerdoodle.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| cooperative-tremendous-snickerdoodle.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cooperative\-tremendous\-snickerdoodle\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//cooperative-tremendous-snickerdoodle.glitch.me/desuer2qd.html"; flow:to_server,established; http.header; content:"cooperative-tremendous-snickerdoodle.glitch.me"; fast_pattern; nocase; http.uri; content:"/desuer2qd.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname conibuseporligni.godaddysites.com"; dns.query; content:"conibuseporligni.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])conibuseporligni\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname conibuseporligni.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| conibuseporligni.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])conibuseporligni\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//conibuseporligni.godaddysites.com"; flow:to_server,established; http.header; content:"conibuseporligni.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname cone_basezprolugen.godaddysites.com"; dns.query; content:"cone_basezprolugen.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cone_basezprolugen\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname cone_basezprolugen.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| cone_basezprolugen.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cone_basezprolugen\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//cone_basezprolugen.godaddysites.com"; flow:to_server,established; http.header; content:"cone_basezprolugen.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname conbaseuprolugen.godaddysites.com"; dns.query; content:"conbaseuprolugen.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])conbaseuprolugen\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname conbaseuprolugen.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| conbaseuprolugen.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])conbaseuprolugen\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//conbaseuprolugen.godaddysites.com"; flow:to_server,established; http.header; content:"conbaseuprolugen.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname conbaseeprologn.godaddysites.com"; dns.query; content:"conbaseeprologn.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])conbaseeprologn\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname conbaseeprologn.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| conbaseeprologn.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])conbaseeprologn\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//conbaseeprologn.godaddysites.com"; flow:to_server,established; http.header; content:"conbaseeprologn.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname conbaseprrolognusa.godaddysites.com"; dns.query; content:"conbaseprrolognusa.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])conbaseprrolognusa\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname conbaseprrolognusa.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| conbaseprrolognusa.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])conbaseprrolognusa\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//conbaseprrolognusa.godaddysites.com"; flow:to_server,established; http.header; content:"conbaseprrolognusa.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname coinsessswaatet.godaddysites.com"; dns.query; content:"coinsessswaatet.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinsessswaatet\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname coinsessswaatet.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| coinsessswaatet.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinsessswaatet\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//coinsessswaatet.godaddysites.com"; flow:to_server,established; http.header; content:"coinsessswaatet.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname coininbaseloginpro.godaddysites.com"; dns.query; content:"coininbaseloginpro.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coininbaseloginpro\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname coininbaseloginpro.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| coininbaseloginpro.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coininbaseloginpro\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//coininbaseloginpro.godaddysites.com"; flow:to_server,established; http.header; content:"coininbaseloginpro.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname coinbassewpro-login.godaddysites.com"; dns.query; content:"coinbassewpro-login.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbassewpro\-login\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname coinbassewpro-login.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| coinbassewpro-login.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbassewpro\-login\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//coinbassewpro-login.godaddysites.com"; flow:to_server,established; http.header; content:"coinbassewpro-login.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname coinbase-prologie.godaddysites.com"; dns.query; content:"coinbase-prologie.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbase\-prologie\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname coinbase-prologie.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| coinbase-prologie.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbase\-prologie\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//coinbase-prologie.godaddysites.com"; flow:to_server,established; http.header; content:"coinbase-prologie.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname coinbase-usalogin.godaddysites.com"; dns.query; content:"coinbase-usalogin.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbase\-usalogin\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname coinbase-usalogin.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| coinbase-usalogin.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbase\-usalogin\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//coinbase-usalogin.godaddysites.com"; flow:to_server,established; http.header; content:"coinbase-usalogin.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname coinbaseewalltt.godaddysites.com"; dns.query; content:"coinbaseewalltt.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbaseewalltt\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname coinbaseewalltt.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| coinbaseewalltt.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbaseewalltt\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//coinbaseewalltt.godaddysites.com"; flow:to_server,established; http.header; content:"coinbaseewalltt.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname coinbase-dprologin.godaddysites.com"; dns.query; content:"coinbase-dprologin.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbase\-dprologin\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname coinbase-dprologin.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| coinbase-dprologin.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coinbase\-dprologin\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//coinbase-dprologin.godaddysites.com"; flow:to_server,established; http.header; content:"coinbase-dprologin.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname bt-106383.weeblysite.com"; dns.query; content:"bt-106383.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-106383\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37147821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname bt-106383.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-106383.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-106383\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//bt-106383.weeblysite.com"; flow:to_server,established; http.header; content:"bt-106383.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname chocopermithelpfultravesirobuilding.netlify.app"; dns.query; content:"chocopermithelpfultravesirobuilding.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chocopermithelpfultravesirobuilding\.netlify\.app$/i"; classtype:trojan-activity; sid:37147851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname chocopermithelpfultravesirobuilding.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| chocopermithelpfultravesirobuilding.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chocopermithelpfultravesirobuilding\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//chocopermithelpfultravesirobuilding.netlify.app"; flow:to_server,established; http.header; content:"chocopermithelpfultravesirobuilding.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname ckoinbaseprlogg-in.godaddysites.com"; dns.query; content:"ckoinbaseprlogg-in.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ckoinbaseprlogg\-in\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37147881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname ckoinbaseprlogg-in.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| ckoinbaseprlogg-in.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ckoinbaseprlogg\-in\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//ckoinbaseprlogg-in.godaddysites.com"; flow:to_server,established; http.header; content:"ckoinbaseprlogg-in.godaddysites.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname bafybeigfioslvzrrf7lfshbyv7swjknm6nb4esbqrxl7m27qkfr4oqzque.ipfs.cf-ipfs.com"; dns.query; content:"bafybeigfioslvzrrf7lfshbyv7swjknm6nb4esbqrxl7m27qkfr4oqzque.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeigfioslvzrrf7lfshbyv7swjknm6nb4esbqrxl7m27qkfr4oqzque\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37147911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname bafybeigfioslvzrrf7lfshbyv7swjknm6nb4esbqrxl7m27qkfr4oqzque.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeigfioslvzrrf7lfshbyv7swjknm6nb4esbqrxl7m27qkfr4oqzque.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeigfioslvzrrf7lfshbyv7swjknm6nb4esbqrxl7m27qkfr4oqzque\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//bafybeigfioslvzrrf7lfshbyv7swjknm6nb4esbqrxl7m27qkfr4oqzque.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content:"bafybeigfioslvzrrf7lfshbyv7swjknm6nb4esbqrxl7m27qkfr4oqzque.ipfs.cf-ipfs.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi.ipfs.w3s.link"; dns.query; content:"bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi.ipfs.w3s.link"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi\.ipfs\.w3s\.link$/i"; classtype:trojan-activity; sid:37147941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi.ipfs.w3s.link"; flow:to_server,established; http.header; content: "Host|3a| bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi.ipfs.w3s.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi\.ipfs\.w3s\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi.ipfs.w3s.link"; flow:to_server,established; http.header; content:"bafybeig7acp2tja5axhj3il6vo3t3d4xankjtccujdtlcrvrlyzouaiagi.ipfs.w3s.link"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname att-mail-106775.weeblysite.com"; dns.query; content:"att-mail-106775.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-mail\-106775\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37147971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname att-mail-106775.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-mail-106775.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-mail\-106775\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37147972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//att-mail-106775.weeblysite.com"; flow:to_server,established; http.header; content:"att-mail-106775.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37147981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname att-108361.weeblysite.com"; dns.query; content:"att-108361.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-108361\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37148001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname att-108361.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-108361.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-108361\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//att-108361.weeblysite.com"; flow:to_server,established; http.header; content:"att-108361.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname att-109667-107452.weeblysite.com"; dns.query; content:"att-109667-107452.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-109667\-107452\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37148031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname att-109667-107452.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-109667-107452.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-109667\-107452\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//att-109667-107452.weeblysite.com"; flow:to_server,established; http.header; content:"att-109667-107452.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname att-107994.weeblysite.com"; dns.query; content:"att-107994.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-107994\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37148061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname att-107994.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-107994.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-107994\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//att-107994.weeblysite.com"; flow:to_server,established; http.header; content:"att-107994.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname bafybeibk36krvsldjtroxrtftoqgg67tucse3uwweh7hbldt464oa74l24.ipfs.cf-ipfs.com"; dns.query; content:"bafybeibk36krvsldjtroxrtftoqgg67tucse3uwweh7hbldt464oa74l24.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeibk36krvsldjtroxrtftoqgg67tucse3uwweh7hbldt464oa74l24\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37148091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname bafybeibk36krvsldjtroxrtftoqgg67tucse3uwweh7hbldt464oa74l24.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeibk36krvsldjtroxrtftoqgg67tucse3uwweh7hbldt464oa74l24.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeibk36krvsldjtroxrtftoqgg67tucse3uwweh7hbldt464oa74l24\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//bafybeibk36krvsldjtroxrtftoqgg67tucse3uwweh7hbldt464oa74l24.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content:"bafybeibk36krvsldjtroxrtftoqgg67tucse3uwweh7hbldt464oa74l24.ipfs.cf-ipfs.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafkreiel23rdkcbht732dp36t3xfiz7qny5z6rjfpysv223aod73nhptwe"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafkreiel23rdkcbht732dp36t3xfiz7qny5z6rjfpysv223aod73nhptwe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname exc12fg1.pages.dev"; dns.query; content:"exc12fg1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exc12fg1\.pages\.dev$/i"; classtype:trojan-activity; sid:37148151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname exc12fg1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| exc12fg1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exc12fg1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//exc12fg1.pages.dev/"; flow:to_server,established; http.header; content:"exc12fg1.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname adminuser.telegrems.com"; dns.query; content:"adminuser.telegrems.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.telegrems\.com$/i"; classtype:trojan-activity; sid:37148241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname adminuser.telegrems.com"; flow:to_server,established; http.header; content: "Host|3a| adminuser.telegrems.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.telegrems\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname glstelme.net"; dns.query; content:"glstelme.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])glstelme\.net$/i"; classtype:trojan-activity; sid:37148271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname glstelme.net"; flow:to_server,established; http.header; content: "Host|3a| glstelme.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])glstelme\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telejracm.club"; dns.query; content:"telejracm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telejracm\.club$/i"; classtype:trojan-activity; sid:37148301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telejracm.club"; flow:to_server,established; http.header; content: "Host|3a| telejracm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telejracm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telejracm.club/"; flow:to_server,established; http.header; content:"telejracm.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname web.telegram.express"; dns.query; content:"web.telegram.express"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegram\.express$/i"; classtype:trojan-activity; sid:37148331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname web.telegram.express"; flow:to_server,established; http.header; content: "Host|3a| web.telegram.express"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegram\.express[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname live-viral-video8.private-x.my.id"; dns.query; content:"live-viral-video8.private-x.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-viral\-video8\.private\-x\.my\.id$/i"; classtype:trojan-activity; sid:37148361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname live-viral-video8.private-x.my.id"; flow:to_server,established; http.header; content: "Host|3a| live-viral-video8.private-x.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-viral\-video8\.private\-x\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegsrem.fit"; dns.query; content:"telegsrem.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegsrem\.fit$/i"; classtype:trojan-activity; sid:37148391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegsrem.fit"; flow:to_server,established; http.header; content: "Host|3a| telegsrem.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegsrem\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegsrem.fit/web"; flow:to_server,established; http.header; content:"telegsrem.fit"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tiktok-melayu-viral-telegram.vvip1.my.id"; dns.query; content:"tiktok-melayu-viral-telegram.vvip1.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tiktok\-melayu\-viral\-telegram\.vvip1\.my\.id$/i"; classtype:trojan-activity; sid:37148421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tiktok-melayu-viral-telegram.vvip1.my.id"; flow:to_server,established; http.header; content: "Host|3a| tiktok-melayu-viral-telegram.vvip1.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tiktok\-melayu\-viral\-telegram\.vvip1\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname qwl.telegmn.club"; dns.query; content:"qwl.telegmn.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qwl\.telegmn\.club$/i"; classtype:trojan-activity; sid:37148451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname qwl.telegmn.club"; flow:to_server,established; http.header; content: "Host|3a| qwl.telegmn.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qwl\.telegmn\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//qwl.telegmn.club/"; flow:to_server,established; http.header; content:"qwl.telegmn.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname web.telegrann-cn.com"; dns.query; content:"web.telegrann-cn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrann\-cn\.com$/i"; classtype:trojan-activity; sid:37148481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname web.telegrann-cn.com"; flow:to_server,established; http.header; content: "Host|3a| web.telegrann-cn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrann\-cn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname liveprivatevideo29.viral-vip.my.id"; dns.query; content:"liveprivatevideo29.viral-vip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatevideo29\.viral\-vip\.my\.id$/i"; classtype:trojan-activity; sid:37148511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname liveprivatevideo29.viral-vip.my.id"; flow:to_server,established; http.header; content: "Host|3a| liveprivatevideo29.viral-vip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatevideo29\.viral\-vip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegarm.win"; dns.query; content:"telegarm.win"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarm\.win$/i"; classtype:trojan-activity; sid:37148541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegarm.win"; flow:to_server,established; http.header; content: "Host|3a| telegarm.win"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarm\.win[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegarm.win/"; flow:to_server,established; http.header; content:"telegarm.win"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegrmna.fit"; dns.query; content:"telegrmna.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmna\.fit$/i"; classtype:trojan-activity; sid:37148571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegrmna.fit"; flow:to_server,established; http.header; content: "Host|3a| telegrmna.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmna\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegrmna.fit/web"; flow:to_server,established; http.header; content:"telegrmna.fit"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname teletrlqm.work"; dns.query; content:"teletrlqm.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrlqm\.work$/i"; classtype:trojan-activity; sid:37148601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname teletrlqm.work"; flow:to_server,established; http.header; content: "Host|3a| teletrlqm.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrlqm\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//teletrlqm.work/web"; flow:to_server,established; http.header; content:"teletrlqm.work"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname teleptrrm.club"; dns.query; content:"teleptrrm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrrm\.club$/i"; classtype:trojan-activity; sid:37148631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname teleptrrm.club"; flow:to_server,established; http.header; content: "Host|3a| teleptrrm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrrm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//www.teleptrrm.club/web"; flow:to_server,established; http.header; content:"www.teleptrrm.club"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname cp15-com.preview-domain.com"; dns.query; content:"cp15-com.preview-domain.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cp15\-com\.preview\-domain\.com$/i"; classtype:trojan-activity; sid:37148661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname cp15-com.preview-domain.com"; flow:to_server,established; http.header; content: "Host|3a| cp15-com.preview-domain.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cp15\-com\.preview\-domain\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//cp15-com.preview-domain.com/main.php"; flow:to_server,established; http.header; content:"cp15-com.preview-domain.com"; fast_pattern; nocase; http.uri; content:"/main.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname jawatan-kosong1.mlaysia.my.id"; dns.query; content:"jawatan-kosong1.mlaysia.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jawatan\-kosong1\.mlaysia\.my\.id$/i"; classtype:trojan-activity; sid:37148691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname jawatan-kosong1.mlaysia.my.id"; flow:to_server,established; http.header; content: "Host|3a| jawatan-kosong1.mlaysia.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jawatan\-kosong1\.mlaysia\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname liveprivatevideo1.2024-malaysia.my.id"; dns.query; content:"liveprivatevideo1.2024-malaysia.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatevideo1\.2024\-malaysia\.my\.id$/i"; classtype:trojan-activity; sid:37148721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname liveprivatevideo1.2024-malaysia.my.id"; flow:to_server,established; http.header; content: "Host|3a| liveprivatevideo1.2024-malaysia.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatevideo1\.2024\-malaysia\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegrpnm.work"; dns.query; content:"telegrpnm.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.work$/i"; classtype:trojan-activity; sid:37148751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegrpnm.work"; flow:to_server,established; http.header; content: "Host|3a| telegrpnm.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegrpnm.work/web"; flow:to_server,established; http.header; content:"telegrpnm.work"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname web.telegrann-hk.com"; dns.query; content:"web.telegrann-hk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrann\-hk\.com$/i"; classtype:trojan-activity; sid:37148781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname web.telegrann-hk.com"; flow:to_server,established; http.header; content: "Host|3a| web.telegrann-hk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.telegrann\-hk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegrpnm.fit"; dns.query; content:"telegrpnm.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.fit$/i"; classtype:trojan-activity; sid:37148811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegrpnm.fit"; flow:to_server,established; http.header; content: "Host|3a| telegrpnm.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegrpnm.fit/web"; flow:to_server,established; http.header; content:"telegrpnm.fit"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname aakvshh.github.io"; dns.query; content:"aakvshh.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aakvshh\.github\.io$/i"; classtype:trojan-activity; sid:37148841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname aakvshh.github.io"; flow:to_server,established; http.header; content: "Host|3a| aakvshh.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aakvshh\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//aakvshh.github.io/netflix_landing_page"; flow:to_server,established; http.header; content:"aakvshh.github.io"; fast_pattern; nocase; http.uri; content:"/netflix_landing_page"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 995534.vip"; dns.query; content:"995534.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])995534\.vip$/i"; classtype:trojan-activity; sid:37148871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 995534.vip"; flow:to_server,established; http.header; content: "Host|3a| 995534.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])995534\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//995534.vip"; flow:to_server,established; http.header; content:"995534.vip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgfgrfrgg4gg.blogspot.com.eg"; dns.query; content:"5fgfgfgfgrfrgg4gg.blogspot.com.eg"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfrgg4gg\.blogspot\.com\.eg$/i"; classtype:trojan-activity; sid:37148901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgfgrfrgg4gg.blogspot.com.eg"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrfrgg4gg.blogspot.com.eg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfrgg4gg\.blogspot\.com\.eg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//5fgfgfgfgrfrgg4gg.blogspot.com.eg"; flow:to_server,established; http.header; content:"5fgfgfgfgrfrgg4gg.blogspot.com.eg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fffgfgfg4g4gh4fg4.blogspot.lt"; dns.query; content:"5fffgfgfg4g4gh4fg4.blogspot.lt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fffgfgfg4g4gh4fg4\.blogspot\.lt$/i"; classtype:trojan-activity; sid:37148931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fffgfgfg4g4gh4fg4.blogspot.lt"; flow:to_server,established; http.header; content: "Host|3a| 5fffgfgfg4g4gh4fg4.blogspot.lt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fffgfgfg4g4gh4fg4\.blogspot\.lt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//5fffgfgfg4g4gh4fg4.blogspot.lt"; flow:to_server,established; http.header; content:"5fffgfgfg4g4gh4fg4.blogspot.lt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname zm365l.cc"; dns.query; content:"zm365l.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zm365l\.cc$/i"; classtype:trojan-activity; sid:37148961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname zm365l.cc"; flow:to_server,established; http.header; content: "Host|3a| zm365l.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zm365l\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//www.zm365l.cc/"; flow:to_server,established; http.header; content:"www.zm365l.cc"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37148971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname uspsurd.top"; dns.query; content:"uspsurd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsurd\.top$/i"; classtype:trojan-activity; sid:37148991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname uspsurd.top"; flow:to_server,established; http.header; content: "Host|3a| uspsurd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsurd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37148992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//uspsurd.top"; flow:to_server,established; http.header; content:"uspsurd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname dull-eggplant-timer.glitch.me"; dns.query; content:"dull-eggplant-timer.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dull\-eggplant\-timer\.glitch\.me$/i"; classtype:trojan-activity; sid:37149021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname dull-eggplant-timer.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| dull-eggplant-timer.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dull\-eggplant\-timer\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname omserteunew.com"; dns.query; content:"omserteunew.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omserteunew\.com$/i"; classtype:trojan-activity; sid:37149051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname omserteunew.com"; flow:to_server,established; http.header; content: "Host|3a| omserteunew.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omserteunew\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname omserteunew.com"; dns.query; content:"omserteunew.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omserteunew\.com$/i"; classtype:trojan-activity; sid:37149081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname omserteunew.com"; flow:to_server,established; http.header; content: "Host|3a| omserteunew.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omserteunew\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname duvickhotel.com"; dns.query; content:"duvickhotel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])duvickhotel\.com$/i"; classtype:trojan-activity; sid:37149111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname duvickhotel.com"; flow:to_server,established; http.header; content: "Host|3a| duvickhotel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])duvickhotel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname server1377879.netart.com"; dns.query; content:"server1377879.netart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1377879\.netart\.com$/i"; classtype:trojan-activity; sid:37149141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname server1377879.netart.com"; flow:to_server,established; http.header; content: "Host|3a| server1377879.netart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1377879\.netart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname kontodebixtan.sviluppo.host"; dns.query; content:"kontodebixtan.sviluppo.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kontodebixtan\.sviluppo\.host$/i"; classtype:trojan-activity; sid:37149171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname kontodebixtan.sviluppo.host"; flow:to_server,established; http.header; content: "Host|3a| kontodebixtan.sviluppo.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kontodebixtan\.sviluppo\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usps-aindgrt.top"; dns.query; content:"usps-aindgrt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-aindgrt\.top$/i"; classtype:trojan-activity; sid:37149201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usps-aindgrt.top"; flow:to_server,established; http.header; content: "Host|3a| usps-aindgrt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-aindgrt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//usps-aindgrt.top"; flow:to_server,established; http.header; content:"usps-aindgrt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname uspsukd.top"; dns.query; content:"uspsukd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsukd\.top$/i"; classtype:trojan-activity; sid:37149231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname uspsukd.top"; flow:to_server,established; http.header; content: "Host|3a| uspsukd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsukd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//uspsukd.top"; flow:to_server,established; http.header; content:"uspsukd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname uspostc.top"; dns.query; content:"uspostc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspostc\.top$/i"; classtype:trojan-activity; sid:37149261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname uspostc.top"; flow:to_server,established; http.header; content: "Host|3a| uspostc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspostc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//uspostc.top"; flow:to_server,established; http.header; content:"uspostc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tracking-uspostt-tx.top"; dns.query; content:"tracking-uspostt-tx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-uspostt\-tx\.top$/i"; classtype:trojan-activity; sid:37149291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tracking-uspostt-tx.top"; flow:to_server,established; http.header; content: "Host|3a| tracking-uspostt-tx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-uspostt\-tx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//tracking-uspostt-tx.top"; flow:to_server,established; http.header; content:"tracking-uspostt-tx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tracking-uspostt-al.top"; dns.query; content:"tracking-uspostt-al.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-uspostt\-al\.top$/i"; classtype:trojan-activity; sid:37149321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tracking-uspostt-al.top"; flow:to_server,established; http.header; content: "Host|3a| tracking-uspostt-al.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-uspostt\-al\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//tracking-uspostt-al.top"; flow:to_server,established; http.header; content:"tracking-uspostt-al.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tacking-uspost-in.top"; dns.query; content:"tacking-uspost-in.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspost\-in\.top$/i"; classtype:trojan-activity; sid:37149351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tacking-uspost-in.top"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspost-in.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspost\-in\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//tacking-uspost-in.top"; flow:to_server,established; http.header; content:"tacking-uspost-in.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tacking-uspost-tx.top"; dns.query; content:"tacking-uspost-tx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspost\-tx\.top$/i"; classtype:trojan-activity; sid:37149381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tacking-uspost-tx.top"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspost-tx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspost\-tx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//tacking-uspost-tx.top"; flow:to_server,established; http.header; content:"tacking-uspost-tx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tacking-uspost-la.top"; dns.query; content:"tacking-uspost-la.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspost\-la\.top$/i"; classtype:trojan-activity; sid:37149411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tacking-uspost-la.top"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspost-la.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspost\-la\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//tacking-uspost-la.top"; flow:to_server,established; http.header; content:"tacking-uspost-la.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname adult-video.pages.dev"; dns.query; content:"adult-video.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adult\-video\.pages\.dev$/i"; classtype:trojan-activity; sid:37149441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname adult-video.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| adult-video.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adult\-video\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//adult-video.pages.dev"; flow:to_server,established; http.header; content:"adult-video.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname schweiz-rucklieferungssystem.com"; dns.query; content:"schweiz-rucklieferungssystem.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])schweiz\-rucklieferungssystem\.com$/i"; classtype:trojan-activity; sid:37149471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname schweiz-rucklieferungssystem.com"; flow:to_server,established; http.header; content: "Host|3a| schweiz-rucklieferungssystem.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])schweiz\-rucklieferungssystem\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname estabelecimentos.keepcharged.com.br"; dns.query; content:"estabelecimentos.keepcharged.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])estabelecimentos\.keepcharged\.com\.br$/i"; classtype:trojan-activity; sid:37149501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname estabelecimentos.keepcharged.com.br"; flow:to_server,established; http.header; content: "Host|3a| estabelecimentos.keepcharged.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])estabelecimentos\.keepcharged\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname musketiere-foerderverein.info"; dns.query; content:"musketiere-foerderverein.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musketiere\-foerderverein\.info$/i"; classtype:trojan-activity; sid:37149531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname musketiere-foerderverein.info"; flow:to_server,established; http.header; content: "Host|3a| musketiere-foerderverein.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musketiere\-foerderverein\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname eventllys.tibet.org"; dns.query; content:"eventllys.tibet.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eventllys\.tibet\.org$/i"; classtype:trojan-activity; sid:37149561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname eventllys.tibet.org"; flow:to_server,established; http.header; content: "Host|3a| eventllys.tibet.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eventllys\.tibet\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//eventllys.tibet.org/clars_68377873972434101322944666G/Inpot.gov/fiche-de-remis_e/formulaire.php?remise2024dimpots"; flow:to_server,established; http.header; content:"eventllys.tibet.org"; fast_pattern; nocase; http.uri; content:"/clars_68377873972434101322944666G/Inpot.gov/fiche-de-remis_e/formulaire.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname fyi4ehf464bok-1324239560.cos.na-ashburn.myqcloud.com"; dns.query; content:"fyi4ehf464bok-1324239560.cos.na-ashburn.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fyi4ehf464bok\-1324239560\.cos\.na\-ashburn\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37149621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname fyi4ehf464bok-1324239560.cos.na-ashburn.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| fyi4ehf464bok-1324239560.cos.na-ashburn.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fyi4ehf464bok\-1324239560\.cos\.na\-ashburn\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname officence.com"; dns.query; content:"officence.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officence\.com$/i"; classtype:trojan-activity; sid:37149651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname officence.com"; flow:to_server,established; http.header; content: "Host|3a| officence.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officence\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname banti-f242.warik96420.workers.dev"; dns.query; content:"banti-f242.warik96420.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])banti\-f242\.warik96420\.workers\.dev$/i"; classtype:trojan-activity; sid:37149681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname banti-f242.warik96420.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| banti-f242.warik96420.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])banti\-f242\.warik96420\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//banti-f242.warik96420.workers.dev/"; flow:to_server,established; http.header; content:"banti-f242.warik96420.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname khmerpornvideo.singup0.my.id"; dns.query; content:"khmerpornvideo.singup0.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])khmerpornvideo\.singup0\.my\.id$/i"; classtype:trojan-activity; sid:37149711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname khmerpornvideo.singup0.my.id"; flow:to_server,established; http.header; content: "Host|3a| khmerpornvideo.singup0.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])khmerpornvideo\.singup0\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname golos-talats.ru"; dns.query; content:"golos-talats.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])golos\-talats\.ru$/i"; classtype:trojan-activity; sid:37149741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname golos-talats.ru"; flow:to_server,established; http.header; content: "Host|3a| golos-talats.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])golos\-talats\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//golos-talats.ru/"; flow:to_server,established; http.header; content:"golos-talats.ru"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegrmna.work"; dns.query; content:"telegrmna.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmna\.work$/i"; classtype:trojan-activity; sid:37149771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegrmna.work"; flow:to_server,established; http.header; content: "Host|3a| telegrmna.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmna\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegrmna.work/web"; flow:to_server,established; http.header; content:"telegrmna.work"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegrazm.fit"; dns.query; content:"telegrazm.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrazm\.fit$/i"; classtype:trojan-activity; sid:37149801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegrazm.fit"; flow:to_server,established; http.header; content: "Host|3a| telegrazm.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrazm\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegrazm.fit/web"; flow:to_server,established; http.header; content:"telegrazm.fit"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37149811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 2.tele-gram.xyz"; dns.query; content:"2.tele-gram.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2\.tele\-gram\.xyz$/i"; classtype:trojan-activity; sid:37149831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 2.tele-gram.xyz"; flow:to_server,established; http.header; content: "Host|3a| 2.tele-gram.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2\.tele\-gram\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname vwr.geg.mybluehost.me"; dns.query; content:"vwr.geg.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwr\.geg\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37149861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname vwr.geg.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| vwr.geg.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vwr\.geg\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname review-mailwvsecurelink-verify.onrender.com"; dns.query; content:"review-mailwvsecurelink-verify.onrender.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])review\-mailwvsecurelink\-verify\.onrender\.com$/i"; classtype:trojan-activity; sid:37149891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname review-mailwvsecurelink-verify.onrender.com"; flow:to_server,established; http.header; content: "Host|3a| review-mailwvsecurelink-verify.onrender.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])review\-mailwvsecurelink\-verify\.onrender\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname privatecabtransfert.com"; dns.query; content:"privatecabtransfert.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])privatecabtransfert\.com$/i"; classtype:trojan-activity; sid:37149921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname privatecabtransfert.com"; flow:to_server,established; http.header; content: "Host|3a| privatecabtransfert.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])privatecabtransfert\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname review-mailwvlinked-verify.cyclic.app"; dns.query; content:"review-mailwvlinked-verify.cyclic.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])review\-mailwvlinked\-verify\.cyclic\.app$/i"; classtype:trojan-activity; sid:37149951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname review-mailwvlinked-verify.cyclic.app"; flow:to_server,established; http.header; content: "Host|3a| review-mailwvlinked-verify.cyclic.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])review\-mailwvlinked\-verify\.cyclic\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37149952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname hp73monitor.com"; dns.query; content:"hp73monitor.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hp73monitor\.com$/i"; classtype:trojan-activity; sid:37150041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname hp73monitor.com"; flow:to_server,established; http.header; content: "Host|3a| hp73monitor.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hp73monitor\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//hp73monitor.com"; flow:to_server,established; http.header; content:"hp73monitor.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37150051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname updateinfo4.wixsite.com"; dns.query; content:"updateinfo4.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])updateinfo4\.wixsite\.com$/i"; classtype:trojan-activity; sid:37150071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname updateinfo4.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| updateinfo4.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])updateinfo4\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname link.umode.com.br"; dns.query; content:"link.umode.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])link\.umode\.com\.br$/i"; classtype:trojan-activity; sid:37150101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname link.umode.com.br"; flow:to_server,established; http.header; content: "Host|3a| link.umode.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])link\.umode\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tli.sh"; dns.query; content:"tli.sh"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tli\.sh$/i"; classtype:trojan-activity; sid:37150221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tli.sh"; flow:to_server,established; http.header; content: "Host|3a| tli.sh"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tli\.sh[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname g-code.co.id"; dns.query; content:"g-code.co.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g\-code\.co\.id$/i"; classtype:trojan-activity; sid:37150251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname g-code.co.id"; flow:to_server,established; http.header; content: "Host|3a| g-code.co.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g\-code\.co\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname pub-7adbd246ff1b4521aa5a8d1c904cacf8.r2.dev"; dns.query; content:"pub-7adbd246ff1b4521aa5a8d1c904cacf8.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-7adbd246ff1b4521aa5a8d1c904cacf8\.r2\.dev$/i"; classtype:trojan-activity; sid:37150281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname pub-7adbd246ff1b4521aa5a8d1c904cacf8.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-7adbd246ff1b4521aa5a8d1c904cacf8.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-7adbd246ff1b4521aa5a8d1c904cacf8\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname attemplate.com"; dns.query; content:"attemplate.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attemplate\.com$/i"; classtype:trojan-activity; sid:37150311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname attemplate.com"; flow:to_server,established; http.header; content: "Host|3a| attemplate.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attemplate\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname pub-5287bb05bc8149adadd508ff20a600e4.r2.dev"; dns.query; content:"pub-5287bb05bc8149adadd508ff20a600e4.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5287bb05bc8149adadd508ff20a600e4\.r2\.dev$/i"; classtype:trojan-activity; sid:37150341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname pub-5287bb05bc8149adadd508ff20a600e4.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-5287bb05bc8149adadd508ff20a600e4.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5287bb05bc8149adadd508ff20a600e4\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//pub-5287bb05bc8149adadd508ff20a600e4.r2.dev/compgidi.html"; flow:to_server,established; http.header; content:"pub-5287bb05bc8149adadd508ff20a600e4.r2.dev"; fast_pattern; nocase; http.uri; content:"/compgidi.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37150351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname g-code.co.id"; dns.query; content:"g-code.co.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g\-code\.co\.id$/i"; classtype:trojan-activity; sid:37150371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname g-code.co.id"; flow:to_server,established; http.header; content: "Host|3a| g-code.co.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g\-code\.co\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//g-code.co.id/"; flow:to_server,established; http.header; content:"g-code.co.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37150381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname pub-bac5f7218dda4303a5820e4328ce0abb.r2.dev"; dns.query; content:"pub-bac5f7218dda4303a5820e4328ce0abb.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-bac5f7218dda4303a5820e4328ce0abb\.r2\.dev$/i"; classtype:trojan-activity; sid:37150401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname pub-bac5f7218dda4303a5820e4328ce0abb.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-bac5f7218dda4303a5820e4328ce0abb.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-bac5f7218dda4303a5820e4328ce0abb\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname blog.plpone.win"; dns.query; content:"blog.plpone.win"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blog\.plpone\.win$/i"; classtype:trojan-activity; sid:37150431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname blog.plpone.win"; flow:to_server,established; http.header; content: "Host|3a| blog.plpone.win"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blog\.plpone\.win[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//blog.plpone.win/web-telegram/#/login"; flow:to_server,established; http.header; content:"blog.plpone.win"; fast_pattern; nocase; http.uri; content:"/web-telegram/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37150441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegram-me.com"; dns.query; content:"telegram-me.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-me\.com$/i"; classtype:trojan-activity; sid:37150461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegram-me.com"; flow:to_server,established; http.header; content: "Host|3a| telegram-me.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-me\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname test.tg.hexagoncity.life"; dns.query; content:"test.tg.hexagoncity.life"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])test\.tg\.hexagoncity\.life$/i"; classtype:trojan-activity; sid:37150491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname test.tg.hexagoncity.life"; flow:to_server,established; http.header; content: "Host|3a| test.tg.hexagoncity.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])test\.tg\.hexagoncity\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tg-myroom.my.id"; dns.query; content:"tg-myroom.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\-myroom\.my\.id$/i"; classtype:trojan-activity; sid:37150521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tg-myroom.my.id"; flow:to_server,established; http.header; content: "Host|3a| tg-myroom.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\-myroom\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegrom-hk.com"; dns.query; content:"telegrom-hk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-hk\.com$/i"; classtype:trojan-activity; sid:37150551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegrom-hk.com"; flow:to_server,established; http.header; content: "Host|3a| telegrom-hk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-hk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegrom-hk.com/"; flow:to_server,established; http.header; content:"telegrom-hk.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37150561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegrnne.fit"; dns.query; content:"telegrnne.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrnne\.fit$/i"; classtype:trojan-activity; sid:37150581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegrnne.fit"; flow:to_server,established; http.header; content: "Host|3a| telegrnne.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrnne\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegrnne.fit/"; flow:to_server,established; http.header; content:"telegrnne.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37150591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname jobvacancies.viral-telegram.com"; dns.query; content:"jobvacancies.viral-telegram.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jobvacancies\.viral\-telegram\.com$/i"; classtype:trojan-activity; sid:37150611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname jobvacancies.viral-telegram.com"; flow:to_server,established; http.header; content: "Host|3a| jobvacancies.viral-telegram.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jobvacancies\.viral\-telegram\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname free-private-content.4p-0p.com"; dns.query; content:"free-private-content.4p-0p.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])free\-private\-content\.4p\-0p\.com$/i"; classtype:trojan-activity; sid:37150641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname free-private-content.4p-0p.com"; flow:to_server,established; http.header; content: "Host|3a| free-private-content.4p-0p.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])free\-private\-content\.4p\-0p\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//free-private-content.4p-0p.com/main.php"; flow:to_server,established; http.header; content:"free-private-content.4p-0p.com"; fast_pattern; nocase; http.uri; content:"/main.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37150651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname iet1.sa.com"; dns.query; content:"iet1.sa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iet1\.sa\.com$/i"; classtype:trojan-activity; sid:37150671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname iet1.sa.com"; flow:to_server,established; http.header; content: "Host|3a| iet1.sa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iet1\.sa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname labsed.com.br"; dns.query; content:"labsed.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])labsed\.com\.br$/i"; classtype:trojan-activity; sid:37150701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname labsed.com.br"; flow:to_server,established; http.header; content: "Host|3a| labsed.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])labsed\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname duquickd.com"; dns.query; content:"duquickd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])duquickd\.com$/i"; classtype:trojan-activity; sid:37150731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname duquickd.com"; flow:to_server,established; http.header; content: "Host|3a| duquickd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])duquickd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//duquickd.com"; flow:to_server,established; http.header; content:"duquickd.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37150741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname casagrandespa.cl"; dns.query; content:"casagrandespa.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])casagrandespa\.cl$/i"; classtype:trojan-activity; sid:37150761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname casagrandespa.cl"; flow:to_server,established; http.header; content: "Host|3a| casagrandespa.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])casagrandespa\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname sbbagg.page.link"; dns.query; content:"sbbagg.page.link"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbbagg\.page\.link$/i"; classtype:trojan-activity; sid:37150791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname sbbagg.page.link"; flow:to_server,established; http.header; content: "Host|3a| sbbagg.page.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbbagg\.page\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname neftlix.top"; dns.query; content:"neftlix.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])neftlix\.top$/i"; classtype:trojan-activity; sid:37150821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname neftlix.top"; flow:to_server,established; http.header; content: "Host|3a| neftlix.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])neftlix\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname anaika.birlanavya63a.com"; dns.query; content:"anaika.birlanavya63a.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anaika\.birlanavya63a\.com$/i"; classtype:trojan-activity; sid:37150851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname anaika.birlanavya63a.com"; flow:to_server,established; http.header; content: "Host|3a| anaika.birlanavya63a.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anaika\.birlanavya63a\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname imtoken-cc.moe"; dns.query; content:"imtoken-cc.moe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cc\.moe$/i"; classtype:trojan-activity; sid:37150881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname imtoken-cc.moe"; flow:to_server,established; http.header; content: "Host|3a| imtoken-cc.moe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cc\.moe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//imtoken-cc.moe"; flow:to_server,established; http.header; content:"imtoken-cc.moe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37150891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tokenpbrket.pro"; dns.query; content:"tokenpbrket.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbrket\.pro$/i"; classtype:trojan-activity; sid:37150911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tokenpbrket.pro"; flow:to_server,established; http.header; content: "Host|3a| tokenpbrket.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbrket\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//tokenpbrket.pro"; flow:to_server,established; http.header; content:"tokenpbrket.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37150921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname hijazfoundation.org"; dns.query; content:"hijazfoundation.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hijazfoundation\.org$/i"; classtype:trojan-activity; sid:37150941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname hijazfoundation.org"; flow:to_server,established; http.header; content: "Host|3a| hijazfoundation.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hijazfoundation\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname swisspasscffrechung.sviluppo.host"; dns.query; content:"swisspasscffrechung.sviluppo.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspasscffrechung\.sviluppo\.host$/i"; classtype:trojan-activity; sid:37150971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname swisspasscffrechung.sviluppo.host"; flow:to_server,established; http.header; content: "Host|3a| swisspasscffrechung.sviluppo.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspasscffrechung\.sviluppo\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37150972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname bb16eb5678f4dce4ae865c7c8ee8f.pages.dev"; dns.query; content:"bb16eb5678f4dce4ae865c7c8ee8f.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bb16eb5678f4dce4ae865c7c8ee8f\.pages\.dev$/i"; classtype:trojan-activity; sid:37151001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname bb16eb5678f4dce4ae865c7c8ee8f.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bb16eb5678f4dce4ae865c7c8ee8f.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bb16eb5678f4dce4ae865c7c8ee8f\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//bb16eb5678f4dce4ae865c7c8ee8f.pages.dev"; flow:to_server,established; http.header; content:"bb16eb5678f4dce4ae865c7c8ee8f.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37151031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname pub-1eeb6ee60df64322bccebd160cd78888.r2.dev"; dns.query; content:"pub-1eeb6ee60df64322bccebd160cd78888.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-1eeb6ee60df64322bccebd160cd78888\.r2\.dev$/i"; classtype:trojan-activity; sid:37151061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname pub-1eeb6ee60df64322bccebd160cd78888.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-1eeb6ee60df64322bccebd160cd78888.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-1eeb6ee60df64322bccebd160cd78888\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname worker-cold-lab-a49a.walllpaperwendy.workers.dev"; dns.query; content:"worker-cold-lab-a49a.walllpaperwendy.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-cold\-lab\-a49a\.walllpaperwendy\.workers\.dev$/i"; classtype:trojan-activity; sid:37151091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname worker-cold-lab-a49a.walllpaperwendy.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-cold-lab-a49a.walllpaperwendy.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-cold\-lab\-a49a\.walllpaperwendy\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname akbotalive.kz"; dns.query; content:"akbotalive.kz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])akbotalive\.kz$/i"; classtype:trojan-activity; sid:37151121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname akbotalive.kz"; flow:to_server,established; http.header; content: "Host|3a| akbotalive.kz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])akbotalive\.kz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 6f51e60002f1fd553769b68d6599.pages.dev"; dns.query; content:"6f51e60002f1fd553769b68d6599.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])6f51e60002f1fd553769b68d6599\.pages\.dev$/i"; classtype:trojan-activity; sid:37151151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 6f51e60002f1fd553769b68d6599.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 6f51e60002f1fd553769b68d6599.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])6f51e60002f1fd553769b68d6599\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//6f51e60002f1fd553769b68d6599.pages.dev"; flow:to_server,established; http.header; content:"6f51e60002f1fd553769b68d6599.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgfg4g4ghfg4df.blogspot.com"; dns.query; content:"5fgfgfgfg4g4ghfg4df.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4ghfg4df\.blogspot\.com$/i"; classtype:trojan-activity; sid:37151181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgfg4g4ghfg4df.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4ghfg4df.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4ghfg4df\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 0432aaa.com"; dns.query; content:"0432aaa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0432aaa\.com$/i"; classtype:trojan-activity; sid:37151211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 0432aaa.com"; flow:to_server,established; http.header; content: "Host|3a| 0432aaa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0432aaa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//www.0432aaa.com"; flow:to_server,established; http.header; content:"www.0432aaa.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname wed-j.life"; dns.query; content:"wed-j.life"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wed\-j\.life$/i"; classtype:trojan-activity; sid:37151241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname wed-j.life"; flow:to_server,established; http.header; content: "Host|3a| wed-j.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wed\-j\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//wed-j.life"; flow:to_server,established; http.header; content:"wed-j.life"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname waa.weeatg.icu"; dns.query; content:"waa.weeatg.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])waa\.weeatg\.icu$/i"; classtype:trojan-activity; sid:37151271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname waa.weeatg.icu"; flow:to_server,established; http.header; content: "Host|3a| waa.weeatg.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])waa\.weeatg\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//waa.weeatg.icu"; flow:to_server,established; http.header; content:"waa.weeatg.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname uspspostr.shop"; dns.query; content:"uspspostr.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspspostr\.shop$/i"; classtype:trojan-activity; sid:37151301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname uspspostr.shop"; flow:to_server,established; http.header; content: "Host|3a| uspspostr.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspspostr\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//uspspostr.shop"; flow:to_server,established; http.header; content:"uspspostr.shop"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usps.packtrace-serve.top"; dns.query; content:"usps.packtrace-serve.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.packtrace\-serve\.top$/i"; classtype:trojan-activity; sid:37151331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usps.packtrace-serve.top"; flow:to_server,established; http.header; content: "Host|3a| usps.packtrace-serve.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.packtrace\-serve\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//usps.packtrace-serve.top"; flow:to_server,established; http.header; content:"usps.packtrace-serve.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usps.mytrackin-ms.top"; dns.query; content:"usps.mytrackin-ms.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackin\-ms\.top$/i"; classtype:trojan-activity; sid:37151361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usps.mytrackin-ms.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackin-ms.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackin\-ms\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//usps.mytrackin-ms.top"; flow:to_server,established; http.header; content:"usps.mytrackin-ms.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usps.mytrackingx.top"; dns.query; content:"usps.mytrackingx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingx\.top$/i"; classtype:trojan-activity; sid:37151391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usps.mytrackingx.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//usps.mytrackingx.top"; flow:to_server,established; http.header; content:"usps.mytrackingx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usps.mytrackingth.com"; dns.query; content:"usps.mytrackingth.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingth\.com$/i"; classtype:trojan-activity; sid:37151421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usps.mytrackingth.com"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingth.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingth\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//usps.mytrackingth.com"; flow:to_server,established; http.header; content:"usps.mytrackingth.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tracking-pack-uspj.com"; dns.query; content:"tracking-pack-uspj.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-pack\-uspj\.com$/i"; classtype:trojan-activity; sid:37151451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tracking-pack-uspj.com"; flow:to_server,established; http.header; content: "Host|3a| tracking-pack-uspj.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracking\-pack\-uspj\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//tracking-pack-uspj.com"; flow:to_server,established; http.header; content:"tracking-pack-uspj.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegrzct.work"; dns.query; content:"telegrzct.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrzct\.work$/i"; classtype:trojan-activity; sid:37151481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegrzct.work"; flow:to_server,established; http.header; content: "Host|3a| telegrzct.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrzct\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegrzct.work"; flow:to_server,established; http.header; content:"telegrzct.work"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telstra-101853.weeblysite.com"; dns.query; content:"telstra-101853.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-101853\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37151511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telstra-101853.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-101853.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-101853\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telstra-101853.weeblysite.com"; flow:to_server,established; http.header; content:"telstra-101853.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname tacking-uspst-ma.top"; dns.query; content:"tacking-uspst-ma.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-ma\.top$/i"; classtype:trojan-activity; sid:37151541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname tacking-uspst-ma.top"; flow:to_server,established; http.header; content: "Host|3a| tacking-uspst-ma.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tacking\-uspst\-ma\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//tacking-uspst-ma.top"; flow:to_server,established; http.header; content:"tacking-uspst-ma.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37151551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname whatsapp4e81nmn.zezxz.biz.id"; dns.query; content:"whatsapp4e81nmn.zezxz.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsapp4e81nmn\.zezxz\.biz\.id$/i"; classtype:trojan-activity; sid:37151571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname whatsapp4e81nmn.zezxz.biz.id"; flow:to_server,established; http.header; content: "Host|3a| whatsapp4e81nmn.zezxz.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsapp4e81nmn\.zezxz\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname usps.mytrack-nd.com"; dns.query; content:"usps.mytrack-nd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-nd\.com$/i"; classtype:trojan-activity; sid:37151601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname usps.mytrack-nd.com"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrack-nd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrack\-nd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname uspo.usspwo.top"; dns.query; content:"uspo.usspwo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwo\.top$/i"; classtype:trojan-activity; sid:37151631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname uspo.usspwo.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspwo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspwo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname uspo.ussphr.top"; dns.query; content:"uspo.ussphr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphr\.top$/i"; classtype:trojan-activity; sid:37151661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname uspo.ussphr.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegram-sexxgroup3.privatemessage25.com"; dns.query; content:"telegram-sexxgroup3.privatemessage25.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sexxgroup3\.privatemessage25\.com$/i"; classtype:trojan-activity; sid:37151691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegram-sexxgroup3.privatemessage25.com"; flow:to_server,established; http.header; content: "Host|3a| telegram-sexxgroup3.privatemessage25.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-sexxgroup3\.privatemessage25\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname security-page-community-standards.blogspot.my"; dns.query; content:"security-page-community-standards.blogspot.my"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])security\-page\-community\-standards\.blogspot\.my$/i"; classtype:trojan-activity; sid:37151721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname security-page-community-standards.blogspot.my"; flow:to_server,established; http.header; content: "Host|3a| security-page-community-standards.blogspot.my"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])security\-page\-community\-standards\.blogspot\.my[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname security-page-community-standards.blogspot.ca"; dns.query; content:"security-page-community-standards.blogspot.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])security\-page\-community\-standards\.blogspot\.ca$/i"; classtype:trojan-activity; sid:37151751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname security-page-community-standards.blogspot.ca"; flow:to_server,established; http.header; content: "Host|3a| security-page-community-standards.blogspot.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])security\-page\-community\-standards\.blogspot\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname magic-ten-beauty.glitch.me"; dns.query; content:"magic-ten-beauty.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])magic\-ten\-beauty\.glitch\.me$/i"; classtype:trojan-activity; sid:37151781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname magic-ten-beauty.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| magic-ten-beauty.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])magic\-ten\-beauty\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname inc-105697.weeblysite.com"; dns.query; content:"inc-105697.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inc\-105697\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37151811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname inc-105697.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| inc-105697.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inc\-105697\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname hello-world-shiny-sun-9e0c.walllpaperwendy.workers.dev"; dns.query; content:"hello-world-shiny-sun-9e0c.walllpaperwendy.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-shiny\-sun\-9e0c\.walllpaperwendy\.workers\.dev$/i"; classtype:trojan-activity; sid:37151841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname hello-world-shiny-sun-9e0c.walllpaperwendy.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-shiny-sun-9e0c.walllpaperwendy.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-shiny\-sun\-9e0c\.walllpaperwendy\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname gut.pages.dev"; dns.query; content:"gut.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gut\.pages\.dev$/i"; classtype:trojan-activity; sid:37151871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname gut.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gut.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gut\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname hello-world-lively-shadow-657c.borditodru.workers.dev"; dns.query; content:"hello-world-lively-shadow-657c.borditodru.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-lively\-shadow\-657c\.borditodru\.workers\.dev$/i"; classtype:trojan-activity; sid:37151901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname hello-world-lively-shadow-657c.borditodru.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-lively-shadow-657c.borditodru.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-lively\-shadow\-657c\.borditodru\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname hello-world-falling-wind-f18c.zopsayedro.workers.dev"; dns.query; content:"hello-world-falling-wind-f18c.zopsayedro.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-falling\-wind\-f18c\.zopsayedro\.workers\.dev$/i"; classtype:trojan-activity; sid:37151931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname hello-world-falling-wind-f18c.zopsayedro.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-falling-wind-f18c.zopsayedro.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-falling\-wind\-f18c\.zopsayedro\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname fragrant-firefly-ae50.mailo.workers.dev"; dns.query; content:"fragrant-firefly-ae50.mailo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fragrant\-firefly\-ae50\.mailo\.workers\.dev$/i"; classtype:trojan-activity; sid:37151961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname fragrant-firefly-ae50.mailo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| fragrant-firefly-ae50.mailo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fragrant\-firefly\-ae50\.mailo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname dh10ohsiqh1.tulisku.my.id"; dns.query; content:"dh10ohsiqh1.tulisku.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dh10ohsiqh1\.tulisku\.my\.id$/i"; classtype:trojan-activity; sid:37151991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname dh10ohsiqh1.tulisku.my.id"; flow:to_server,established; http.header; content: "Host|3a| dh10ohsiqh1.tulisku.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dh10ohsiqh1\.tulisku\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37151992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname d.313vip36.xyz"; dns.query; content:"d.313vip36.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d\.313vip36\.xyz$/i"; classtype:trojan-activity; sid:37152021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname d.313vip36.xyz"; flow:to_server,established; http.header; content: "Host|3a| d.313vip36.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d\.313vip36\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5ghgfg4g4g4g4g.blogspot.com"; dns.query; content:"5ghgfg4g4g4g4g.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghgfg4g4g4g4g\.blogspot\.com$/i"; classtype:trojan-activity; sid:37152051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5ghgfg4g4g4g4g.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghgfg4g4g4g4g.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghgfg4g4g4g4g\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fhfrhrg3eg3g3g3g3d.blogspot.com"; dns.query; content:"5fhfrhrg3eg3g3g3g3d.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fhfrhrg3eg3g3g3g3d\.blogspot\.com$/i"; classtype:trojan-activity; sid:37152081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fhfrhrg3eg3g3g3g3d.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fhfrhrg3eg3g3g3g3d.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fhfrhrg3eg3g3g3g3d\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname scaxsaasafad.blogspot.com"; dns.query; content:"scaxsaasafad.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scaxsaasafad\.blogspot\.com$/i"; classtype:trojan-activity; sid:37152111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname scaxsaasafad.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| scaxsaasafad.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scaxsaasafad\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//scaxsaasafad.blogspot.com"; flow:to_server,established; http.header; content:"scaxsaasafad.blogspot.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname capulines.com.mx"; dns.query; content:"capulines.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])capulines\.com\.mx$/i"; classtype:trojan-activity; sid:37152141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname capulines.com.mx"; flow:to_server,established; http.header; content: "Host|3a| capulines.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])capulines\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname btinternet-108190.weeblysite.com"; dns.query; content:"btinternet-108190.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-108190\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37152171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname btinternet-108190.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| btinternet-108190.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-108190\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname btinternet-101921.weeblysite.com"; dns.query; content:"btinternet-101921.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-101921\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37152201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname btinternet-101921.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| btinternet-101921.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-101921\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname block.nodereset.com"; dns.query; content:"block.nodereset.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])block\.nodereset\.com$/i"; classtype:trojan-activity; sid:37152231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname block.nodereset.com"; flow:to_server,established; http.header; content: "Host|3a| block.nodereset.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])block\.nodereset\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname autogielda-przybylek.pl"; dns.query; content:"autogielda-przybylek.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-przybylek\.pl$/i"; classtype:trojan-activity; sid:37152261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname autogielda-przybylek.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-przybylek.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-przybylek\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname autogielda-graczyk.pl"; dns.query; content:"autogielda-graczyk.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-graczyk\.pl$/i"; classtype:trojan-activity; sid:37152291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname autogielda-graczyk.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-graczyk.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-graczyk\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5ghgfg4g4g4g4g.blogspot.ba"; dns.query; content:"5ghgfg4g4g4g4g.blogspot.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghgfg4g4g4g4g\.blogspot\.ba$/i"; classtype:trojan-activity; sid:37152321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5ghgfg4g4g4g4g.blogspot.ba"; flow:to_server,established; http.header; content: "Host|3a| 5ghgfg4g4g4g4g.blogspot.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghgfg4g4g4g4g\.blogspot\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5ghgfg4g4g4g4g.blogspot.com.tr"; dns.query; content:"5ghgfg4g4g4g4g.blogspot.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghgfg4g4g4g4g\.blogspot\.com\.tr$/i"; classtype:trojan-activity; sid:37152351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5ghgfg4g4g4g4g.blogspot.com.tr"; flow:to_server,established; http.header; content: "Host|3a| 5ghgfg4g4g4g4g.blogspot.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghgfg4g4g4g4g\.blogspot\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fhfrhrg3eg3g3g3g3d.blogspot.ae"; dns.query; content:"5fhfrhrg3eg3g3g3g3d.blogspot.ae"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fhfrhrg3eg3g3g3g3d\.blogspot\.ae$/i"; classtype:trojan-activity; sid:37152381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fhfrhrg3eg3g3g3g3d.blogspot.ae"; flow:to_server,established; http.header; content: "Host|3a| 5fhfrhrg3eg3g3g3g3d.blogspot.ae"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fhfrhrg3eg3g3g3g3d\.blogspot\.ae[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgfgfg4g4gg4g.blogspot.com"; dns.query; content:"5fgfgfgfgfg4g4gg4g.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfg4g4gg4g\.blogspot\.com$/i"; classtype:trojan-activity; sid:37152411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgfgfg4g4gg4g.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgfg4g4gg4g.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfg4g4gg4g\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgffgrg4g4g.blogspot.com"; dns.query; content:"5fgfgfgffgrg4g4g.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgffgrg4g4g\.blogspot\.com$/i"; classtype:trojan-activity; sid:37152441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgffgrg4g4g.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgffgrg4g4g.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgffgrg4g4g\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgffgfg4g4gg.blogspot.com"; dns.query; content:"5fgfgffgfg4g4gg.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgffgfg4g4gg\.blogspot\.com$/i"; classtype:trojan-activity; sid:37152471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgffgfg4g4gg.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgffgfg4g4gg.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgffgfg4g4gg\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 114514.xqhpp.workers.dev"; dns.query; content:"114514.xqhpp.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])114514\.xqhpp\.workers\.dev$/i"; classtype:trojan-activity; sid:37152501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 114514.xqhpp.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 114514.xqhpp.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])114514\.xqhpp\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 0rg.yachts"; dns.query; content:"0rg.yachts"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0rg\.yachts$/i"; classtype:trojan-activity; sid:37152531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 0rg.yachts"; flow:to_server,established; http.header; content: "Host|3a| 0rg.yachts"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0rg\.yachts[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname instagrambounswebsiteinsta.blogspot.com"; dns.query; content:"instagrambounswebsiteinsta.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagrambounswebsiteinsta\.blogspot\.com$/i"; classtype:trojan-activity; sid:37152561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname instagrambounswebsiteinsta.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| instagrambounswebsiteinsta.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagrambounswebsiteinsta\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname fsdagfadgadgasd.blogspot.com"; dns.query; content:"fsdagfadgadgasd.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fsdagfadgadgasd\.blogspot\.com$/i"; classtype:trojan-activity; sid:37152591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname fsdagfadgadgasd.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| fsdagfadgadgasd.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fsdagfadgadgasd\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname live-viral-video39.private-x.my.id"; dns.query; content:"live-viral-video39.private-x.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-viral\-video39\.private\-x\.my\.id$/i"; classtype:trojan-activity; sid:37152621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname live-viral-video39.private-x.my.id"; flow:to_server,established; http.header; content: "Host|3a| live-viral-video39.private-x.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-viral\-video39\.private\-x\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//live-viral-video39.private-x.my.id"; flow:to_server,established; http.header; content:"live-viral-video39.private-x.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname instagrambounswebsiteinsta.blogspot.jp"; dns.query; content:"instagrambounswebsiteinsta.blogspot.jp"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagrambounswebsiteinsta\.blogspot\.jp$/i"; classtype:trojan-activity; sid:37152651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname instagrambounswebsiteinsta.blogspot.jp"; flow:to_server,established; http.header; content: "Host|3a| instagrambounswebsiteinsta.blogspot.jp"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagrambounswebsiteinsta\.blogspot\.jp[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//instagrambounswebsiteinsta.blogspot.jp"; flow:to_server,established; http.header; content:"instagrambounswebsiteinsta.blogspot.jp"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname imtoken-al.fyi"; dns.query; content:"imtoken-al.fyi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-al\.fyi$/i"; classtype:trojan-activity; sid:37152681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname imtoken-al.fyi"; flow:to_server,established; http.header; content: "Host|3a| imtoken-al.fyi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-al\.fyi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//imtoken-al.fyi"; flow:to_server,established; http.header; content:"imtoken-al.fyi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname im114.app"; dns.query; content:"im114.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])im114\.app$/i"; classtype:trojan-activity; sid:37152711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname im114.app"; flow:to_server,established; http.header; content: "Host|3a| im114.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])im114\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//im114.app"; flow:to_server,established; http.header; content:"im114.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname grupwawdoo.baruxi.my.id"; dns.query; content:"grupwawdoo.baruxi.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwawdoo\.baruxi\.my\.id$/i"; classtype:trojan-activity; sid:37152741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname grupwawdoo.baruxi.my.id"; flow:to_server,established; http.header; content: "Host|3a| grupwawdoo.baruxi.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwawdoo\.baruxi\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//grupwawdoo.baruxi.my.id/vhsfhqpdhdsih6"; flow:to_server,established; http.header; content:"grupwawdoo.baruxi.my.id"; fast_pattern; nocase; http.uri; content:"/vhsfhqpdhdsih6"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname hello-world-divine-scene-2434.pacywumi.workers.dev"; dns.query; content:"hello-world-divine-scene-2434.pacywumi.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-divine\-scene\-2434\.pacywumi\.workers\.dev$/i"; classtype:trojan-activity; sid:37152771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname hello-world-divine-scene-2434.pacywumi.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-divine-scene-2434.pacywumi.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-divine\-scene\-2434\.pacywumi\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//hello-world-divine-scene-2434.pacywumi.workers.dev"; flow:to_server,established; http.header; content:"hello-world-divine-scene-2434.pacywumi.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname fvfg.pages.dev"; dns.query; content:"fvfg.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fvfg\.pages\.dev$/i"; classtype:trojan-activity; sid:37152801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname fvfg.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fvfg.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fvfg\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//fvfg.pages.dev"; flow:to_server,established; http.header; content:"fvfg.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname fsdagfadgadgasd.blogspot.sn"; dns.query; content:"fsdagfadgadgasd.blogspot.sn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fsdagfadgadgasd\.blogspot\.sn$/i"; classtype:trojan-activity; sid:37152831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname fsdagfadgadgasd.blogspot.sn"; flow:to_server,established; http.header; content: "Host|3a| fsdagfadgadgasd.blogspot.sn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fsdagfadgadgasd\.blogspot\.sn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//fsdagfadgadgasd.blogspot.sn"; flow:to_server,established; http.header; content:"fsdagfadgadgasd.blogspot.sn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname fabulous-cuchufli-svdv-78f39d.netlify.app"; dns.query; content:"fabulous-cuchufli-svdv-78f39d.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fabulous\-cuchufli\-svdv\-78f39d\.netlify\.app$/i"; classtype:trojan-activity; sid:37152861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname fabulous-cuchufli-svdv-78f39d.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| fabulous-cuchufli-svdv-78f39d.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fabulous\-cuchufli\-svdv\-78f39d\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//fabulous-cuchufli-svdv-78f39d.netlify.app"; flow:to_server,established; http.header; content:"fabulous-cuchufli-svdv-78f39d.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname bt-login-102393.weeblysite.com"; dns.query; content:"bt-login-102393.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-login\-102393\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37152891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname bt-login-102393.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-login-102393.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-login\-102393\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//bt-login-102393.weeblysite.com"; flow:to_server,established; http.header; content:"bt-login-102393.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname bt-104332.weeblysite.com"; dns.query; content:"bt-104332.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-104332\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37152921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname bt-104332.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-104332.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-104332\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//bt-104332.weeblysite.com"; flow:to_server,established; http.header; content:"bt-104332.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev"; dns.query; content:"pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a0f9c6938a374a2089f6fad1e6e85d1b\.r2\.dev$/i"; classtype:trojan-activity; sid:37152951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a0f9c6938a374a2089f6fad1e6e85d1b\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname beybtvrce.pages.dev"; dns.query; content:"beybtvrce.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beybtvrce\.pages\.dev$/i"; classtype:trojan-activity; sid:37152981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname beybtvrce.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| beybtvrce.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beybtvrce\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37152982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//beybtvrce.pages.dev"; flow:to_server,established; http.header; content:"beybtvrce.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37152991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgrfgr4g4g.blogspot.com"; dns.query; content:"5fgfgfgrfgr4g4g.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfgr4g4g\.blogspot\.com$/i"; classtype:trojan-activity; sid:37153011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgrfgr4g4g.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgrfgr4g4g.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfgr4g4g\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname b6584.top"; dns.query; content:"b6584.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b6584\.top$/i"; classtype:trojan-activity; sid:37153041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname b6584.top"; flow:to_server,established; http.header; content: "Host|3a| b6584.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b6584\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//b6584.top"; flow:to_server,established; http.header; content:"b6584.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgrg4g4gh4fgs.blogspot.com"; dns.query; content:"5fgfgfgrg4g4gh4fgs.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrg4g4gh4fgs\.blogspot\.com$/i"; classtype:trojan-activity; sid:37153071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgrg4g4gh4fgs.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgrg4g4gh4fgs.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrg4g4gh4fgs\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5gbhrhrgrferg4.blogspot.com"; dns.query; content:"5gbhrhrgrferg4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5gbhrhrgrferg4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37153101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5gbhrhrgrferg4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5gbhrhrgrferg4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5gbhrhrgrferg4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgfgr4g4g4.blogspot.com"; dns.query; content:"5fgfgfgfgr4g4g4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgr4g4g4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37153131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgfgr4g4g4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgr4g4g4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgr4g4g4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgfgrg4g4fg.blogspot.com"; dns.query; content:"5fgfgfgfgrg4g4fg.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4fg\.blogspot\.com$/i"; classtype:trojan-activity; sid:37153161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgfgrg4g4fg.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrg4g4fg.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4fg\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname att-mail-100459.weeblysite.com"; dns.query; content:"att-mail-100459.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-mail\-100459\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37153191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname att-mail-100459.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-mail-100459.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-mail\-100459\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//att-mail-100459.weeblysite.com"; flow:to_server,established; http.header; content:"att-mail-100459.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname attcom-100204.weeblysite.com"; dns.query; content:"attcom-100204.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attcom\-100204\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37153221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname attcom-100204.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| attcom-100204.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attcom\-100204\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//attcom-100204.weeblysite.com"; flow:to_server,established; http.header; content:"attcom-100204.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname att-104707.weeblysite.com"; dns.query; content:"att-104707.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-104707\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37153251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname att-104707.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-104707.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-104707\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//att-104707.weeblysite.com"; flow:to_server,established; http.header; content:"att-104707.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname att-102284.weeblysite.com"; dns.query; content:"att-102284.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-102284\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37153281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname att-102284.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-102284.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-102284\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//att-102284.weeblysite.com"; flow:to_server,established; http.header; content:"att-102284.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname aid-in-issue-resolution-c4.netlify.app"; dns.query; content:"aid-in-issue-resolution-c4.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aid\-in\-issue\-resolution\-c4\.netlify\.app$/i"; classtype:trojan-activity; sid:37153311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname aid-in-issue-resolution-c4.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| aid-in-issue-resolution-c4.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aid\-in\-issue\-resolution\-c4\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//aid-in-issue-resolution-c4.netlify.app"; flow:to_server,established; http.header; content:"aid-in-issue-resolution-c4.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname office8ace8758857959b3f9c111e5fc60c76e8ace8758857959b3f9c111e5f.vhfiles.workers.dev"; dns.query; content:"office8ace8758857959b3f9c111e5fc60c76e8ace8758857959b3f9c111e5f.vhfiles.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])office8ace8758857959b3f9c111e5fc60c76e8ace8758857959b3f9c111e5f\.vhfiles\.workers\.dev$/i"; classtype:trojan-activity; sid:37153341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname office8ace8758857959b3f9c111e5fc60c76e8ace8758857959b3f9c111e5f.vhfiles.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| office8ace8758857959b3f9c111e5fc60c76e8ace8758857959b3f9c111e5f.vhfiles.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])office8ace8758857959b3f9c111e5fc60c76e8ace8758857959b3f9c111e5f\.vhfiles\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//office8ace8758857959b3f9c111e5fc60c76e8ace8758857959b3f9c111e5f.vhfiles.workers.dev/"; flow:to_server,established; http.header; content:"office8ace8758857959b3f9c111e5fc60c76e8ace8758857959b3f9c111e5f.vhfiles.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname megaaaglisse.com"; dns.query; content:"megaaaglisse.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])megaaaglisse\.com$/i"; classtype:trojan-activity; sid:37153371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname megaaaglisse.com"; flow:to_server,established; http.header; content: "Host|3a| megaaaglisse.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])megaaaglisse\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//megaaaglisse.com/pret/sas/sas2/u47wmw/wmfocmfad2fsa2vyc3rvdxjzlmnvbq=="; flow:to_server,established; http.header; content:"megaaaglisse.com"; fast_pattern; nocase; http.uri; content:"/pret/sas/sas2/u47wmw/wmfocmfad2fsa2vyc3rvdxjzlmnvbq=="; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5gbhrhrgrferg4.blogspot.sn"; dns.query; content:"5gbhrhrgrferg4.blogspot.sn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5gbhrhrgrferg4\.blogspot\.sn$/i"; classtype:trojan-activity; sid:37153401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5gbhrhrgrferg4.blogspot.sn"; flow:to_server,established; http.header; content: "Host|3a| 5gbhrhrgrferg4.blogspot.sn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5gbhrhrgrferg4\.blogspot\.sn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//5gbhrhrgrferg4.blogspot.sn"; flow:to_server,established; http.header; content:"5gbhrhrgrferg4.blogspot.sn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgrg4g4gh4fgs.blogspot.rs"; dns.query; content:"5fgfgfgrg4g4gh4fgs.blogspot.rs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrg4g4gh4fgs\.blogspot\.rs$/i"; classtype:trojan-activity; sid:37153431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgrg4g4gh4fgs.blogspot.rs"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgrg4g4gh4fgs.blogspot.rs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrg4g4gh4fgs\.blogspot\.rs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//5fgfgfgrg4g4gh4fgs.blogspot.rs"; flow:to_server,established; http.header; content:"5fgfgfgrg4g4gh4fgs.blogspot.rs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgrfgr4g4g.blogspot.rs"; dns.query; content:"5fgfgfgrfgr4g4g.blogspot.rs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfgr4g4g\.blogspot\.rs$/i"; classtype:trojan-activity; sid:37153461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgrfgr4g4g.blogspot.rs"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgrfgr4g4g.blogspot.rs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfgr4g4g\.blogspot\.rs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//5fgfgfgrfgr4g4g.blogspot.rs"; flow:to_server,established; http.header; content:"5fgfgfgrfgr4g4g.blogspot.rs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgfgr4g4g4.blogspot.li"; dns.query; content:"5fgfgfgfgr4g4g4.blogspot.li"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgr4g4g4\.blogspot\.li$/i"; classtype:trojan-activity; sid:37153491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgfgr4g4g4.blogspot.li"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgr4g4g4.blogspot.li"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgr4g4g4\.blogspot\.li[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//5fgfgfgfgr4g4g4.blogspot.li"; flow:to_server,established; http.header; content:"5fgfgfgfgr4g4g4.blogspot.li"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgfgrg4g4fg.blogspot.am"; dns.query; content:"5fgfgfgfgrg4g4fg.blogspot.am"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4fg\.blogspot\.am$/i"; classtype:trojan-activity; sid:37153521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgfgrg4g4fg.blogspot.am"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrg4g4fg.blogspot.am"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrg4g4fg\.blogspot\.am[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//5fgfgfgfgrg4g4fg.blogspot.am"; flow:to_server,established; http.header; content:"5fgfgfgfgrg4g4fg.blogspot.am"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname worker-misty-base-6a04.mrinaldi.workers.dev"; dns.query; content:"worker-misty-base-6a04.mrinaldi.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-misty\-base\-6a04\.mrinaldi\.workers\.dev$/i"; classtype:trojan-activity; sid:37153551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname worker-misty-base-6a04.mrinaldi.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-misty-base-6a04.mrinaldi.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-misty\-base\-6a04\.mrinaldi\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//worker-misty-base-6a04.mrinaldi.workers.dev/"; flow:to_server,established; http.header; content:"worker-misty-base-6a04.mrinaldi.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37153581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37153611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname cdn.cfcdn2.workers.dev"; dns.query; content:"cdn.cfcdn2.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cdn\.cfcdn2\.workers\.dev$/i"; classtype:trojan-activity; sid:37153641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname cdn.cfcdn2.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cdn.cfcdn2.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cdn\.cfcdn2\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telelgmtt.com"; dns.query; content:"telelgmtt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telelgmtt\.com$/i"; classtype:trojan-activity; sid:37153671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telelgmtt.com"; flow:to_server,established; http.header; content: "Host|3a| telelgmtt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telelgmtt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telelgmtt.com/tg_zh/index.html"; flow:to_server,established; http.header; content:"telelgmtt.com"; fast_pattern; nocase; http.uri; content:"/tg_zh/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:37153701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//telegram.dog/+3HHJJ1zfAjdhZmQy"; flow:to_server,established; http.header; content:"telegram.dog"; fast_pattern; nocase; http.uri; content:"/+3HHJJ1zfAjdhZmQy"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname geldbest.com"; dns.query; content:"geldbest.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])geldbest\.com$/i"; classtype:trojan-activity; sid:37153731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname geldbest.com"; flow:to_server,established; http.header; content: "Host|3a| geldbest.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])geldbest\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgfgfg4g4gg4g.blogspot.pe"; dns.query; content:"5fgfgfgfgfg4g4gg4g.blogspot.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfg4g4gg4g\.blogspot\.pe$/i"; classtype:trojan-activity; sid:37153761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgfgfg4g4gg4g.blogspot.pe"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgfg4g4gg4g.blogspot.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgfg4g4gg4g\.blogspot\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//5fgfgfgfgfg4g4gg4g.blogspot.pe"; flow:to_server,established; http.header; content:"5fgfgfgfgfg4g4gg4g.blogspot.pe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgfg4g4ghfg4df.blogspot.sn"; dns.query; content:"5fgfgfgfg4g4ghfg4df.blogspot.sn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4ghfg4df\.blogspot\.sn$/i"; classtype:trojan-activity; sid:37153791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgfg4g4ghfg4df.blogspot.sn"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4ghfg4df.blogspot.sn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4ghfg4df\.blogspot\.sn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//5fgfgfgfg4g4ghfg4df.blogspot.sn"; flow:to_server,established; http.header; content:"5fgfgfgfg4g4ghfg4df.blogspot.sn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgffgfg4g4gg.blogspot.ba"; dns.query; content:"5fgfgffgfg4g4gg.blogspot.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgffgfg4g4gg\.blogspot\.ba$/i"; classtype:trojan-activity; sid:37153821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgffgfg4g4gg.blogspot.ba"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgffgfg4g4gg.blogspot.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgffgfg4g4gg\.blogspot\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//5fgfgffgfg4g4gg.blogspot.ba"; flow:to_server,established; http.header; content:"5fgfgffgfg4g4gg.blogspot.ba"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 3ty6rt5.xyz"; dns.query; content:"3ty6rt5.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3ty6rt5\.xyz$/i"; classtype:trojan-activity; sid:37153851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 3ty6rt5.xyz"; flow:to_server,established; http.header; content: "Host|3a| 3ty6rt5.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3ty6rt5\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//3ty6rt5.xyz"; flow:to_server,established; http.header; content:"3ty6rt5.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname 5fgfgfgffgrg4g4g.blogspot.com.eg"; dns.query; content:"5fgfgfgffgrg4g4g.blogspot.com.eg"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgffgrg4g4g\.blogspot\.com\.eg$/i"; classtype:trojan-activity; sid:37153881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname 5fgfgfgffgrg4g4g.blogspot.com.eg"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgffgrg4g4g.blogspot.com.eg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgffgrg4g4g\.blogspot\.com\.eg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//5fgfgfgffgrg4g4g.blogspot.com.eg"; flow:to_server,established; http.header; content:"5fgfgfgffgrg4g4g.blogspot.com.eg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname imtoken-nk.pro"; dns.query; content:"imtoken-nk.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-nk\.pro$/i"; classtype:trojan-activity; sid:37153911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname imtoken-nk.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-nk.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-nk\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//imtoken-nk.pro"; flow:to_server,established; http.header; content:"imtoken-nk.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert dns any any -> any any (msg: "MISP e26139 [] Hostname swisspasshilfeid.sviluppo.host"; dns.query; content:"swisspasshilfeid.sviluppo.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspasshilfeid\.sviluppo\.host$/i"; classtype:trojan-activity; sid:37153941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26139 [] Outgoing HTTP Hostname swisspasshilfeid.sviluppo.host"; flow:to_server,established; http.header; content: "Host|3a| swisspasshilfeid.sviluppo.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspasshilfeid\.sviluppo\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37153942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26139 [] Outgoing URL http|3a|//swisspasshilfeid.sviluppo.host"; flow:to_server,established; http.header; content:"swisspasshilfeid.sviluppo.host"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37153951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26139;) alert http $HOME_NET any -> 182.120.51.160 41853 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.120.51.160|3a|41853/"; flow:to_server,established; http.header; content:"182.120.51.160"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 117.219.93.245 46174 (msg: "MISP e26137 [] Outgoing URL http|3a|//117.219.93.245|3a|46174/bin.sh"; flow:to_server,established; http.header; content:"117.219.93.245"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 42.235.69.208 45699 (msg: "MISP e26137 [] Outgoing URL http|3a|//42.235.69.208|3a|45699/i"; flow:to_server,established; http.header; content:"42.235.69.208"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 23.94.206.104 $HTTP_PORTS (msg: "MISP e26137 [] Outgoing URL http|3a|//23.94.206.104/9080/conhost.exe"; flow:to_server,established; http.header; content:"23.94.206.104"; fast_pattern; nocase; http.uri; content:"/9080/conhost.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 182.120.51.160 41853 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.120.51.160|3a|41853/Mozi.m"; flow:to_server,established; http.header; content:"182.120.51.160"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 117.199.77.97 38298 (msg: "MISP e26137 [] Outgoing URL http|3a|//117.199.77.97|3a|38298/Mozi.m"; flow:to_server,established; http.header; content:"117.199.77.97"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 94.156.69.111 $HTTP_PORTS (msg: "MISP e26137 [] Outgoing URL http|3a|//94.156.69.111/Downloads/doxx"; flow:to_server,established; http.header; content:"94.156.69.111"; fast_pattern; nocase; http.uri; content:"/Downloads/doxx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 61.53.147.209 34024 (msg: "MISP e26137 [] Outgoing URL http|3a|//61.53.147.209|3a|34024/bin.sh"; flow:to_server,established; http.header; content:"61.53.147.209"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 182.113.219.34 40652 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.113.219.34|3a|40652/Mozi.m"; flow:to_server,established; http.header; content:"182.113.219.34"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 123.11.12.103 35178 (msg: "MISP e26137 [] Outgoing URL http|3a|//123.11.12.103|3a|35178/Mozi.m"; flow:to_server,established; http.header; content:"123.11.12.103"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 117.206.178.74 50689 (msg: "MISP e26137 [] Outgoing URL http|3a|//117.206.178.74|3a|50689/Mozi.m"; flow:to_server,established; http.header; content:"117.206.178.74"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 104.223.6.51 $HTTP_PORTS (msg: "MISP e26137 [] Outgoing URL http|3a|//104.223.6.51/aDOrtFygL236.bin"; flow:to_server,established; http.header; content:"104.223.6.51"; fast_pattern; nocase; http.uri; content:"/aDOrtFygL236.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 182.121.40.157 51802 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.121.40.157|3a|51802/Mozi.m"; flow:to_server,established; http.header; content:"182.121.40.157"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 182.116.83.115 49353 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.116.83.115|3a|49353/Mozi.m"; flow:to_server,established; http.header; content:"182.116.83.115"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 125.46.229.101 40135 (msg: "MISP e26137 [] Outgoing URL http|3a|//125.46.229.101|3a|40135/Mozi.m"; flow:to_server,established; http.header; content:"125.46.229.101"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 123.7.223.117 42963 (msg: "MISP e26137 [] Outgoing URL http|3a|//123.7.223.117|3a|42963/Mozi.m"; flow:to_server,established; http.header; content:"123.7.223.117"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 117.242.233.95 48688 (msg: "MISP e26137 [] Outgoing URL http|3a|//117.242.233.95|3a|48688/Mozi.m"; flow:to_server,established; http.header; content:"117.242.233.95"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 115.63.10.86 35707 (msg: "MISP e26137 [] Outgoing URL http|3a|//115.63.10.86|3a|35707/bin.sh"; flow:to_server,established; http.header; content:"115.63.10.86"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 115.50.66.200 53173 (msg: "MISP e26137 [] Outgoing URL http|3a|//115.50.66.200|3a|53173/Mozi.m"; flow:to_server,established; http.header; content:"115.50.66.200"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 61.53.147.209 34024 (msg: "MISP e26137 [] Outgoing URL http|3a|//61.53.147.209|3a|34024/i"; flow:to_server,established; http.header; content:"61.53.147.209"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 182.121.40.157 51802 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.121.40.157|3a|51802/"; flow:to_server,established; http.header; content:"182.121.40.157"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 123.173.88.5 48948 (msg: "MISP e26137 [] Outgoing URL http|3a|//123.173.88.5|3a|48948/.i"; flow:to_server,established; http.header; content:"123.173.88.5"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 115.63.10.86 35707 (msg: "MISP e26137 [] Outgoing URL http|3a|//115.63.10.86|3a|35707/"; flow:to_server,established; http.header; content:"115.63.10.86"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 106.111.37.129 34382 (msg: "MISP e26137 [] Outgoing URL http|3a|//106.111.37.129|3a|34382/bin.sh"; flow:to_server,established; http.header; content:"106.111.37.129"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 195.20.16.46 $HTTP_PORTS (msg: "MISP e26137 [] Outgoing URL http|3a|//195.20.16.46/ext/videodown.jpeg"; flow:to_server,established; http.header; content:"195.20.16.46"; fast_pattern; nocase; http.uri; content:"/ext/videodown.jpeg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 115.63.10.86 35707 (msg: "MISP e26137 [] Outgoing URL http|3a|//115.63.10.86|3a|35707/i"; flow:to_server,established; http.header; content:"115.63.10.86"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 61.133.88.236 42709 (msg: "MISP e26137 [] Outgoing URL http|3a|//61.133.88.236|3a|42709/i"; flow:to_server,established; http.header; content:"61.133.88.236"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 182.119.59.165 49810 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.119.59.165|3a|49810/bin.sh"; flow:to_server,established; http.header; content:"182.119.59.165"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 102.214.111.49 57260 (msg: "MISP e26137 [] Outgoing URL http|3a|//102.214.111.49|3a|57260/Mozi.m"; flow:to_server,established; http.header; content:"102.214.111.49"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 196.189.41.142 40559 (msg: "MISP e26137 [] Outgoing URL http|3a|//196.189.41.142|3a|40559/bin.sh"; flow:to_server,established; http.header; content:"196.189.41.142"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 125.47.87.101 37007 (msg: "MISP e26137 [] Outgoing URL http|3a|//125.47.87.101|3a|37007/Mozi.m"; flow:to_server,established; http.header; content:"125.47.87.101"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 125.47.87.101 37007 (msg: "MISP e26137 [] Outgoing URL http|3a|//125.47.87.101|3a|37007/"; flow:to_server,established; http.header; content:"125.47.87.101"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 61.53.147.209 34024 (msg: "MISP e26137 [] Outgoing URL http|3a|//61.53.147.209|3a|34024/Mozi.m"; flow:to_server,established; http.header; content:"61.53.147.209"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 61.53.141.49 33908 (msg: "MISP e26137 [] Outgoing URL http|3a|//61.53.141.49|3a|33908/bin.sh"; flow:to_server,established; http.header; content:"61.53.141.49"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 182.121.196.247 53982 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.121.196.247|3a|53982/Mozi.m"; flow:to_server,established; http.header; content:"182.121.196.247"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 182.119.59.165 49810 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.119.59.165|3a|49810/i"; flow:to_server,established; http.header; content:"182.119.59.165"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 182.119.59.165 49810 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.119.59.165|3a|49810/"; flow:to_server,established; http.header; content:"182.119.59.165"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 124.131.0.136 57422 (msg: "MISP e26137 [] Outgoing URL http|3a|//124.131.0.136|3a|57422/Mozi.m"; flow:to_server,established; http.header; content:"124.131.0.136"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 117.72.47.127 $HTTP_PORTS (msg: "MISP e26137 [] Outgoing URL http|3a|//117.72.47.127/%CF%C2%B7%A2%CE%C4%BC%FE/wmlaunch.exe"; flow:to_server,established; http.header; content:"117.72.47.127"; fast_pattern; nocase; http.uri; content:"/%CF%C2%B7%A2%CE%C4%BC%FE/wmlaunch.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 115.55.232.228 58279 (msg: "MISP e26137 [] Outgoing URL http|3a|//115.55.232.228|3a|58279/Mozi.m"; flow:to_server,established; http.header; content:"115.55.232.228"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 117.248.49.210 56296 (msg: "MISP e26137 [] Outgoing URL http|3a|//117.248.49.210|3a|56296/Mozi.m"; flow:to_server,established; http.header; content:"117.248.49.210"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 115.58.83.67 35086 (msg: "MISP e26137 [] Outgoing URL http|3a|//115.58.83.67|3a|35086/Mozi.m"; flow:to_server,established; http.header; content:"115.58.83.67"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 61.53.141.49 33908 (msg: "MISP e26137 [] Outgoing URL http|3a|//61.53.141.49|3a|33908/i"; flow:to_server,established; http.header; content:"61.53.141.49"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 42.238.140.49 34308 (msg: "MISP e26137 [] Outgoing URL http|3a|//42.238.140.49|3a|34308/Mozi.m"; flow:to_server,established; http.header; content:"42.238.140.49"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 222.140.192.242 55720 (msg: "MISP e26137 [] Outgoing URL http|3a|//222.140.192.242|3a|55720/Mozi.m"; flow:to_server,established; http.header; content:"222.140.192.242"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 119.189.228.248 53711 (msg: "MISP e26137 [] Outgoing URL http|3a|//119.189.228.248|3a|53711/Mozi.a"; flow:to_server,established; http.header; content:"119.189.228.248"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 117.213.88.215 46764 (msg: "MISP e26137 [] Outgoing URL http|3a|//117.213.88.215|3a|46764/bin.sh"; flow:to_server,established; http.header; content:"117.213.88.215"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 27.213.106.220 48867 (msg: "MISP e26137 [] Outgoing URL http|3a|//27.213.106.220|3a|48867/Mozi.a"; flow:to_server,established; http.header; content:"27.213.106.220"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 182.121.248.244 51363 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.121.248.244|3a|51363/Mozi.m"; flow:to_server,established; http.header; content:"182.121.248.244"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 182.116.10.150 60685 (msg: "MISP e26137 [] Outgoing URL http|3a|//182.116.10.150|3a|60685/Mozi.m"; flow:to_server,established; http.header; content:"182.116.10.150"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 125.44.51.98 53542 (msg: "MISP e26137 [] Outgoing URL http|3a|//125.44.51.98|3a|53542/Mozi.m"; flow:to_server,established; http.header; content:"125.44.51.98"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> 125.40.73.38 37938 (msg: "MISP e26137 [] Outgoing URL http|3a|//125.40.73.38|3a|37938/Mozi.m"; flow:to_server,established; http.header; content:"125.40.73.38"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26137;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//a0916535.xsph.ru/db059622.php"; flow:to_server,established; http.header; content:"a0916535.xsph.ru"; fast_pattern; nocase; http.uri; content:"/db059622.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37203911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname xhamster.ind.in"; dns.query; content:"xhamster.ind.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xhamster\.ind\.in$/i"; classtype:trojan-activity; sid:37154111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname xhamster.ind.in"; flow:to_server,established; http.header; content: "Host|3a| xhamster.ind.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xhamster\.ind\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//xhamster.ind.in"; flow:to_server,established; http.header; content:"xhamster.ind.in"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37154121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspwc.top"; dns.query; content:"usp.usspwc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwc\.top$/i"; classtype:trojan-activity; sid:37154141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspwc.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspwc.top"; flow:to_server,established; http.header; content:"usp.usspwc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37154151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.ussptp.top"; dns.query; content:"usp.ussptp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptp\.top$/i"; classtype:trojan-activity; sid:37154171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.ussptp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.ussptp.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.ussptp.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37154181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.ussptk.top"; dns.query; content:"usp.ussptk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptk\.top$/i"; classtype:trojan-activity; sid:37154201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.ussptk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussptk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussptk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.ussptk.top/pg?do=index"; flow:to_server,established; http.header; content:"usp.ussptk.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37154211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspeu.top"; dns.query; content:"usp.usspeu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspeu\.top$/i"; classtype:trojan-activity; sid:37154231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspeu.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspeu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspeu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspeu.top"; flow:to_server,established; http.header; content:"usp.usspeu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37154241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname worker-red-cherry-dc0a.rexhepkasami18.workers.dev"; dns.query; content:"worker-red-cherry-dc0a.rexhepkasami18.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-red\-cherry\-dc0a\.rexhepkasami18\.workers\.dev$/i"; classtype:trojan-activity; sid:37154261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname worker-red-cherry-dc0a.rexhepkasami18.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-red-cherry-dc0a.rexhepkasami18.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-red\-cherry\-dc0a\.rexhepkasami18\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname voteforme33.blogspot.com"; dns.query; content:"voteforme33.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])voteforme33\.blogspot\.com$/i"; classtype:trojan-activity; sid:37154291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname voteforme33.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| voteforme33.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])voteforme33\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname ussps.usspej.top"; dns.query; content:"ussps.usspej.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussps\.usspej\.top$/i"; classtype:trojan-activity; sid:37154321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname ussps.usspej.top"; flow:to_server,established; http.header; content: "Host|3a| ussps.usspej.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussps\.usspej\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspsfy.top"; dns.query; content:"uspz.uspsfy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfy\.top$/i"; classtype:trojan-activity; sid:37154351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspsfy.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsfy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspsfn.top"; dns.query; content:"uspz.uspsfn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfn\.top$/i"; classtype:trojan-activity; sid:37154381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspsfn.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsfn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspsfc.top"; dns.query; content:"uspz.uspsfc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfc\.top$/i"; classtype:trojan-activity; sid:37154411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspsfc.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsfc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspsdz.top"; dns.query; content:"uspz.uspsdz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsdz\.top$/i"; classtype:trojan-activity; sid:37154441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspsdz.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsdz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsdz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspaf.top"; dns.query; content:"uspz.uspaf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaf\.top$/i"; classtype:trojan-activity; sid:37154471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspaf.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspaf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspo.usspnq.top"; dns.query; content:"uspo.usspnq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspnq\.top$/i"; classtype:trojan-activity; sid:37154501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspo.usspnq.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspnq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspnq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspo.ussphu.top"; dns.query; content:"uspo.ussphu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphu\.top$/i"; classtype:trojan-activity; sid:37154531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspo.ussphu.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname 5fgffgfgrg4g4gh4h.blogspot.com"; dns.query; content:"5fgffgfgrg4g4gh4h.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfgrg4g4gh4h\.blogspot\.com$/i"; classtype:trojan-activity; sid:37154561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname 5fgffgfgrg4g4gh4h.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgffgfgrg4g4gh4h.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfgrg4g4gh4h\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname star-wise-opinion.glitch.me"; dns.query; content:"star-wise-opinion.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])star\-wise\-opinion\.glitch\.me$/i"; classtype:trojan-activity; sid:37154591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname star-wise-opinion.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| star-wise-opinion.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])star\-wise\-opinion\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname silver-busy-sauroposeidon.glitch.me"; dns.query; content:"silver-busy-sauroposeidon.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])silver\-busy\-sauroposeidon\.glitch\.me$/i"; classtype:trojan-activity; sid:37154621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname silver-busy-sauroposeidon.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| silver-busy-sauroposeidon.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])silver\-busy\-sauroposeidon\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37154651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37154681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37154711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37154741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37154771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37154801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-9d425aa9335c4307a502c0721d499bdd.r2.dev"; dns.query; content:"pub-9d425aa9335c4307a502c0721d499bdd.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-9d425aa9335c4307a502c0721d499bdd\.r2\.dev$/i"; classtype:trojan-activity; sid:37154831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-9d425aa9335c4307a502c0721d499bdd.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-9d425aa9335c4307a502c0721d499bdd.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-9d425aa9335c4307a502c0721d499bdd\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname private-content.telegram-n3w.com"; dns.query; content:"private-content.telegram-n3w.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])private\-content\.telegram\-n3w\.com$/i"; classtype:trojan-activity; sid:37154861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname private-content.telegram-n3w.com"; flow:to_server,established; http.header; content: "Host|3a| private-content.telegram-n3w.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])private\-content\.telegram\-n3w\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname odoo.com.bo"; dns.query; content:"odoo.com.bo"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])odoo\.com\.bo$/i"; classtype:trojan-activity; sid:37154891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname odoo.com.bo"; flow:to_server,established; http.header; content: "Host|3a| odoo.com.bo"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])odoo\.com\.bo[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname officea2c96ab7b32cfb287702c35ab6046342a2c96ab7b32cfb287702c35ab.workfiless.workers.dev"; dns.query; content:"officea2c96ab7b32cfb287702c35ab6046342a2c96ab7b32cfb287702c35ab.workfiless.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officea2c96ab7b32cfb287702c35ab6046342a2c96ab7b32cfb287702c35ab\.workfiless\.workers\.dev$/i"; classtype:trojan-activity; sid:37154921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname officea2c96ab7b32cfb287702c35ab6046342a2c96ab7b32cfb287702c35ab.workfiless.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| officea2c96ab7b32cfb287702c35ab6046342a2c96ab7b32cfb287702c35ab.workfiless.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officea2c96ab7b32cfb287702c35ab6046342a2c96ab7b32cfb287702c35ab\.workfiless\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u.ipfs.dweb.link"; dns.query; content:"bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u.ipfs.dweb.link"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u\.ipfs\.dweb\.link$/i"; classtype:trojan-activity; sid:37154951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u.ipfs.dweb.link"; flow:to_server,established; http.header; content: "Host|3a| bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u.ipfs.dweb.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u\.ipfs\.dweb\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq.ipfs.dweb.link"; dns.query; content:"bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq.ipfs.dweb.link"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq\.ipfs\.dweb\.link$/i"; classtype:trojan-activity; sid:37154981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq.ipfs.dweb.link"; flow:to_server,established; http.header; content: "Host|3a| bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq.ipfs.dweb.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq\.ipfs\.dweb\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37154982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bestinstacouples.blogspot.com"; dns.query; content:"bestinstacouples.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bestinstacouples\.blogspot\.com$/i"; classtype:trojan-activity; sid:37155011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bestinstacouples.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| bestinstacouples.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bestinstacouples\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname iuhkjnm.r709nib0lp.workers.dev"; dns.query; content:"iuhkjnm.r709nib0lp.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iuhkjnm\.r709nib0lp\.workers\.dev$/i"; classtype:trojan-activity; sid:37155041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname iuhkjnm.r709nib0lp.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| iuhkjnm.r709nib0lp.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iuhkjnm\.r709nib0lp\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname icy-tundra-donkey.glitch.me"; dns.query; content:"icy-tundra-donkey.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icy\-tundra\-donkey\.glitch\.me$/i"; classtype:trojan-activity; sid:37155071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname icy-tundra-donkey.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| icy-tundra-donkey.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icy\-tundra\-donkey\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname getinstagramfreeindianfollowers.blogspot.com"; dns.query; content:"getinstagramfreeindianfollowers.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])getinstagramfreeindianfollowers\.blogspot\.com$/i"; classtype:trojan-activity; sid:37155101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname getinstagramfreeindianfollowers.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| getinstagramfreeindianfollowers.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])getinstagramfreeindianfollowers\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname dcezdx-fces-e5d33f.ingress-earth.ewp.live"; dns.query; content:"dcezdx-fces-e5d33f.ingress-earth.ewp.live"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dcezdx\-fces\-e5d33f\.ingress\-earth\.ewp\.live$/i"; classtype:trojan-activity; sid:37155131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname dcezdx-fces-e5d33f.ingress-earth.ewp.live"; flow:to_server,established; http.header; content: "Host|3a| dcezdx-fces-e5d33f.ingress-earth.ewp.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dcezdx\-fces\-e5d33f\.ingress\-earth\.ewp\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname camposepaiva.com"; dns.query; content:"camposepaiva.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])camposepaiva\.com$/i"; classtype:trojan-activity; sid:37155161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname camposepaiva.com"; flow:to_server,established; http.header; content: "Host|3a| camposepaiva.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])camposepaiva\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bt-102426.weeblysite.com"; dns.query; content:"bt-102426.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-102426\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37155191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bt-102426.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-102426.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-102426\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bestinstacouples.blogspot.ug"; dns.query; content:"bestinstacouples.blogspot.ug"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bestinstacouples\.blogspot\.ug$/i"; classtype:trojan-activity; sid:37155221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bestinstacouples.blogspot.ug"; flow:to_server,established; http.header; content: "Host|3a| bestinstacouples.blogspot.ug"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bestinstacouples\.blogspot\.ug[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u.ipfs.infura-ipfs.io"; dns.query; content:"bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u.ipfs.infura-ipfs.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u\.ipfs\.infura\-ipfs\.io$/i"; classtype:trojan-activity; sid:37155251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u.ipfs.infura-ipfs.io"; flow:to_server,established; http.header; content: "Host|3a| bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u.ipfs.infura-ipfs.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeifwflx2wwk5e5nowwpmhopny4xruscnkk77yajifrbz6mwctmi77u\.ipfs\.infura\-ipfs\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq.ipfs.infura-ipfs.io"; dns.query; content:"bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq.ipfs.infura-ipfs.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq\.ipfs\.infura\-ipfs\.io$/i"; classtype:trojan-activity; sid:37155281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq.ipfs.infura-ipfs.io"; flow:to_server,established; http.header; content: "Host|3a| bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq.ipfs.infura-ipfs.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeife3i3kda4isjov4c5jiulit4ksljir6ftnob2etxxsodlhmichvq\.ipfs\.infura\-ipfs\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname autogielda-waszczuk.pl"; dns.query; content:"autogielda-waszczuk.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-waszczuk\.pl$/i"; classtype:trojan-activity; sid:37155311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname autogielda-waszczuk.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-waszczuk.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-waszczuk\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname autogielda-czechowski.pl"; dns.query; content:"autogielda-czechowski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-czechowski\.pl$/i"; classtype:trojan-activity; sid:37155341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname autogielda-czechowski.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-czechowski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-czechowski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname attcom-106632.weeblysite.com"; dns.query; content:"attcom-106632.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attcom\-106632\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37155371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname attcom-106632.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| attcom-106632.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attcom\-106632\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname auta-kosiniak.pl"; dns.query; content:"auta-kosiniak.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-kosiniak\.pl$/i"; classtype:trojan-activity; sid:37155401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname auta-kosiniak.pl"; flow:to_server,established; http.header; content: "Host|3a| auta-kosiniak.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-kosiniak\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname anularpagosbc.replit.app"; dns.query; content:"anularpagosbc.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anularpagosbc\.replit\.app$/i"; classtype:trojan-activity; sid:37155431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname anularpagosbc.replit.app"; flow:to_server,established; http.header; content: "Host|3a| anularpagosbc.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anularpagosbc\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname anularpagosbc.replit.app"; dns.query; content:"anularpagosbc.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anularpagosbc\.replit\.app$/i"; classtype:trojan-activity; sid:37155461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname anularpagosbc.replit.app"; flow:to_server,established; http.header; content: "Host|3a| anularpagosbc.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anularpagosbc\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname 38cpp.com"; dns.query; content:"38cpp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])38cpp\.com$/i"; classtype:trojan-activity; sid:37155491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname 38cpp.com"; flow:to_server,established; http.header; content: "Host|3a| 38cpp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])38cpp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname aboneebatel.blogspot.sn"; dns.query; content:"aboneebatel.blogspot.sn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aboneebatel\.blogspot\.sn$/i"; classtype:trojan-activity; sid:37155521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname aboneebatel.blogspot.sn"; flow:to_server,established; http.header; content: "Host|3a| aboneebatel.blogspot.sn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aboneebatel\.blogspot\.sn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname rekulapelliushasree19.github.io"; dns.query; content:"rekulapelliushasree19.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rekulapelliushasree19\.github\.io$/i"; classtype:trojan-activity; sid:37155551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname rekulapelliushasree19.github.io"; flow:to_server,established; http.header; content: "Host|3a| rekulapelliushasree19.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rekulapelliushasree19\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//rekulapelliushasree19.github.io/Netflix-clone"; flow:to_server,established; http.header; content:"rekulapelliushasree19.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname 0f1472200ea740469ffa4557843d4430.vercel.app"; dns.query; content:"0f1472200ea740469ffa4557843d4430.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0f1472200ea740469ffa4557843d4430\.vercel\.app$/i"; classtype:trojan-activity; sid:37155581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname 0f1472200ea740469ffa4557843d4430.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| 0f1472200ea740469ffa4557843d4430.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0f1472200ea740469ffa4557843d4430\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-ff5bacf94a4d474b9c7cb1c0ba1c5e8f.r2.dev"; dns.query; content:"pub-ff5bacf94a4d474b9c7cb1c0ba1c5e8f.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ff5bacf94a4d474b9c7cb1c0ba1c5e8f\.r2\.dev$/i"; classtype:trojan-activity; sid:37155611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-ff5bacf94a4d474b9c7cb1c0ba1c5e8f.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-ff5bacf94a4d474b9c7cb1c0ba1c5e8f.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ff5bacf94a4d474b9c7cb1c0ba1c5e8f\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//pub-ff5bacf94a4d474b9c7cb1c0ba1c5e8f.r2.dev/script.html?email=3mail@b.c=="; flow:to_server,established; http.header; content:"pub-ff5bacf94a4d474b9c7cb1c0ba1c5e8f.r2.dev"; fast_pattern; nocase; http.uri; content:"/script.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-7d33021d902f47c8841999dde4cf0db0.r2.dev"; dns.query; content:"pub-7d33021d902f47c8841999dde4cf0db0.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-7d33021d902f47c8841999dde4cf0db0\.r2\.dev$/i"; classtype:trojan-activity; sid:37155641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-7d33021d902f47c8841999dde4cf0db0.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-7d33021d902f47c8841999dde4cf0db0.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-7d33021d902f47c8841999dde4cf0db0\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//pub-7d33021d902f47c8841999dde4cf0db0.r2.dev/mwe.html?email="; flow:to_server,established; http.header; content:"pub-7d33021d902f47c8841999dde4cf0db0.r2.dev"; fast_pattern; nocase; http.uri; content:"/mwe.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname problem-0499072825.duckdns.org"; dns.query; content:"problem-0499072825.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])problem\-0499072825\.duckdns\.org$/i"; classtype:trojan-activity; sid:37155671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname problem-0499072825.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a| problem-0499072825.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])problem\-0499072825\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//problem-0499072825.duckdns.org"; flow:to_server,established; http.header; content:"problem-0499072825.duckdns.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname ottawa-design.com"; dns.query; content:"ottawa-design.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ottawa\-design\.com$/i"; classtype:trojan-activity; sid:37155701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname ottawa-design.com"; flow:to_server,established; http.header; content: "Host|3a| ottawa-design.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ottawa\-design\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//ottawa-design.com/zemt/GlobalSources"; flow:to_server,established; http.header; content:"ottawa-design.com"; fast_pattern; nocase; http.uri; content:"/zemt/GlobalSources"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname panini-git.github.io"; dns.query; content:"panini-git.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])panini\-git\.github\.io$/i"; classtype:trojan-activity; sid:37155731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname panini-git.github.io"; flow:to_server,established; http.header; content: "Host|3a| panini-git.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])panini\-git\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//panini-git.github.io/netflix"; flow:to_server,established; http.header; content:"panini-git.github.io"; fast_pattern; nocase; http.uri; content:"/netflix"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname nke.pages.dev"; dns.query; content:"nke.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nke\.pages\.dev$/i"; classtype:trojan-activity; sid:37155761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname nke.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nke.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nke\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//nke.pages.dev/https|3a|/t.myvisualiq.net/impression_pixel"; flow:to_server,established; http.header; content:"nke.pages.dev"; fast_pattern; nocase; http.uri; content:"/https:/t.myvisualiq.net/impression_pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname nke.pages.dev"; dns.query; content:"nke.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nke\.pages\.dev$/i"; classtype:trojan-activity; sid:37155791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname nke.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nke.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nke\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//nke.pages.dev/https/t.myvisualiq.net/impression_pixel"; flow:to_server,established; http.header; content:"nke.pages.dev"; fast_pattern; nocase; http.uri; content:"/https/t.myvisualiq.net/impression_pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname m-groupmarko.github.io"; dns.query; content:"m-groupmarko.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\-groupmarko\.github\.io$/i"; classtype:trojan-activity; sid:37155821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname m-groupmarko.github.io"; flow:to_server,established; http.header; content: "Host|3a| m-groupmarko.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\-groupmarko\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//m-groupmarko.github.io/netflix3"; flow:to_server,established; http.header; content:"m-groupmarko.github.io"; fast_pattern; nocase; http.uri; content:"/netflix3"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname mouad-bounfil.github.io"; dns.query; content:"mouad-bounfil.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mouad\-bounfil\.github\.io$/i"; classtype:trojan-activity; sid:37155851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname mouad-bounfil.github.io"; flow:to_server,established; http.header; content: "Host|3a| mouad-bounfil.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mouad\-bounfil\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//mouad-bounfil.github.io/facebook-login-page-main"; flow:to_server,established; http.header; content:"mouad-bounfil.github.io"; fast_pattern; nocase; http.uri; content:"/facebook-login-page-main"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname khushirana2003.github.io"; dns.query; content:"khushirana2003.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])khushirana2003\.github\.io$/i"; classtype:trojan-activity; sid:37155881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname khushirana2003.github.io"; flow:to_server,established; http.header; content: "Host|3a| khushirana2003.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])khushirana2003\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//khushirana2003.github.io/Online-Streaming-app"; flow:to_server,established; http.header; content:"khushirana2003.github.io"; fast_pattern; nocase; http.uri; content:"/Online-Streaming-app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname hemantpatelcse.github.io"; dns.query; content:"hemantpatelcse.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hemantpatelcse\.github\.io$/i"; classtype:trojan-activity; sid:37155911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname hemantpatelcse.github.io"; flow:to_server,established; http.header; content: "Host|3a| hemantpatelcse.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hemantpatelcse\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//hemantpatelcse.github.io/Netflix-clone"; flow:to_server,established; http.header; content:"hemantpatelcse.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname harshvardhan-mandake.github.io"; dns.query; content:"harshvardhan-mandake.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])harshvardhan\-mandake\.github\.io$/i"; classtype:trojan-activity; sid:37155941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname harshvardhan-mandake.github.io"; flow:to_server,established; http.header; content: "Host|3a| harshvardhan-mandake.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])harshvardhan\-mandake\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//harshvardhan-mandake.github.io/Netflix-Clone"; flow:to_server,established; http.header; content:"harshvardhan-mandake.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-Clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname faizkhn.github.io"; dns.query; content:"faizkhn.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])faizkhn\.github\.io$/i"; classtype:trojan-activity; sid:37155971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname faizkhn.github.io"; flow:to_server,established; http.header; content: "Host|3a| faizkhn.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])faizkhn\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37155972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//faizkhn.github.io/netflix-landing-clone"; flow:to_server,established; http.header; content:"faizkhn.github.io"; fast_pattern; nocase; http.uri; content:"/netflix-landing-clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37155981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname faisal-nafees.github.io"; dns.query; content:"faisal-nafees.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])faisal\-nafees\.github\.io$/i"; classtype:trojan-activity; sid:37156001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname faisal-nafees.github.io"; flow:to_server,established; http.header; content: "Host|3a| faisal-nafees.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])faisal\-nafees\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//faisal-nafees.github.io/netflix-homepage"; flow:to_server,established; http.header; content:"faisal-nafees.github.io"; fast_pattern; nocase; http.uri; content:"/netflix-homepage"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname elixir14082002.github.io"; dns.query; content:"elixir14082002.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])elixir14082002\.github\.io$/i"; classtype:trojan-activity; sid:37156031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname elixir14082002.github.io"; flow:to_server,established; http.header; content: "Host|3a| elixir14082002.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])elixir14082002\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//elixir14082002.github.io/Netflix-Landing-Page"; flow:to_server,established; http.header; content:"elixir14082002.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-Landing-Page"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname dfghjh-107819.weeblysite.com"; dns.query; content:"dfghjh-107819.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dfghjh\-107819\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37156061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname dfghjh-107819.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| dfghjh-107819.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dfghjh\-107819\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//dfghjh-107819.weeblysite.com"; flow:to_server,established; http.header; content:"dfghjh-107819.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname depl.pages.dev"; dns.query; content:"depl.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])depl\.pages\.dev$/i"; classtype:trojan-activity; sid:37156091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname depl.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| depl.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])depl\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//depl.pages.dev/https/tapestry.tapad.com/tapestry/1"; flow:to_server,established; http.header; content:"depl.pages.dev"; fast_pattern; nocase; http.uri; content:"/https/tapestry.tapad.com/tapestry/1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname aboneebatel.blogspot.com"; dns.query; content:"aboneebatel.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aboneebatel\.blogspot\.com$/i"; classtype:trojan-activity; sid:37156121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname aboneebatel.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| aboneebatel.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aboneebatel\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname 5fggfgfgfg4g4gh4g4.blogspot.com"; dns.query; content:"5fggfgfgfg4g4gh4g4.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggfgfgfg4g4gh4g4\.blogspot\.com$/i"; classtype:trojan-activity; sid:37156151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname 5fggfgfgfg4g4gh4g4.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fggfgfgfg4g4gh4g4.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggfgfgfg4g4gh4g4\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeieyryxmc4i75kgrplprrpvncerenx6x26t3oh34jyzy7ukknczh4a"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeieyryxmc4i75kgrplprrpvncerenx6x26t3oh34jyzy7ukknczh4a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeifmsamnyixj47e3a4cxsj2evzm32ra37avlk4wf2xjawhsssgyhni/release.html"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeifmsamnyixj47e3a4cxsj2evzm32ra37avlk4wf2xjawhsssgyhni/release.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeibyfkkpgsbchau6562isxsymfiik65s45bsu3s5yqnglgsavfrfh4"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeibyfkkpgsbchau6562isxsymfiik65s45bsu3s5yqnglgsavfrfh4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bt-internet-105853.weeblysite.com"; dns.query; content:"bt-internet-105853.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-internet\-105853\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37156271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bt-internet-105853.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-internet-105853.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-internet\-105853\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//bt-internet-105853.weeblysite.com"; flow:to_server,established; http.header; content:"bt-internet-105853.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname atuldeshmukh07.github.io"; dns.query; content:"atuldeshmukh07.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])atuldeshmukh07\.github\.io$/i"; classtype:trojan-activity; sid:37156301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname atuldeshmukh07.github.io"; flow:to_server,established; http.header; content: "Host|3a| atuldeshmukh07.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])atuldeshmukh07\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//atuldeshmukh07.github.io/netflix.clone"; flow:to_server,established; http.header; content:"atuldeshmukh07.github.io"; fast_pattern; nocase; http.uri; content:"/netflix.clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37156331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37156361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname webmillionaire.pw.ytwwrntym.com"; dns.query; content:"webmillionaire.pw.ytwwrntym.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmillionaire\.pw\.ytwwrntym\.com$/i"; classtype:trojan-activity; sid:37156391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname webmillionaire.pw.ytwwrntym.com"; flow:to_server,established; http.header; content: "Host|3a| webmillionaire.pw.ytwwrntym.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmillionaire\.pw\.ytwwrntym\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname adoring-clarke-978d9e.netlify.app"; dns.query; content:"adoring-clarke-978d9e.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adoring\-clarke\-978d9e\.netlify\.app$/i"; classtype:trojan-activity; sid:37156421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname adoring-clarke-978d9e.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| adoring-clarke-978d9e.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adoring\-clarke\-978d9e\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//adoring-clarke-978d9e.netlify.app/email-release.html"; flow:to_server,established; http.header; content:"adoring-clarke-978d9e.netlify.app"; fast_pattern; nocase; http.uri; content:"/email-release.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname aboneebatel.blogspot.mk"; dns.query; content:"aboneebatel.blogspot.mk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aboneebatel\.blogspot\.mk$/i"; classtype:trojan-activity; sid:37156451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname aboneebatel.blogspot.mk"; flow:to_server,established; http.header; content: "Host|3a| aboneebatel.blogspot.mk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aboneebatel\.blogspot\.mk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//aboneebatel.blogspot.mk"; flow:to_server,established; http.header; content:"aboneebatel.blogspot.mk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname aakase21.github.io"; dns.query; content:"aakase21.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aakase21\.github\.io$/i"; classtype:trojan-activity; sid:37156481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname aakase21.github.io"; flow:to_server,established; http.header; content: "Host|3a| aakase21.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aakase21\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//aakase21.github.io/NETFLIXCLONE"; flow:to_server,established; http.header; content:"aakase21.github.io"; fast_pattern; nocase; http.uri; content:"/NETFLIXCLONE"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname 5fggfgfgfg4g4gh4g4.blogspot.co.za"; dns.query; content:"5fggfgfgfg4g4gh4g4.blogspot.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggfgfgfg4g4gh4g4\.blogspot\.co\.za$/i"; classtype:trojan-activity; sid:37156511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname 5fggfgfgfg4g4gh4g4.blogspot.co.za"; flow:to_server,established; http.header; content: "Host|3a| 5fggfgfgfg4g4gh4g4.blogspot.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fggfgfgfg4g4gh4g4\.blogspot\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//5fggfgfgfg4g4gh4g4.blogspot.co.za"; flow:to_server,established; http.header; content:"5fggfgfgfg4g4gh4g4.blogspot.co.za"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname 5fgffgfgrg4g4gh4h.blogspot.md"; dns.query; content:"5fgffgfgrg4g4gh4h.blogspot.md"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfgrg4g4gh4h\.blogspot\.md$/i"; classtype:trojan-activity; sid:37156541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname 5fgffgfgrg4g4gh4h.blogspot.md"; flow:to_server,established; http.header; content: "Host|3a| 5fgffgfgrg4g4gh4h.blogspot.md"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgffgfgrg4g4gh4h\.blogspot\.md[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//5fgffgfgrg4g4gh4h.blogspot.md"; flow:to_server,established; http.header; content:"5fgffgfgrg4g4gh4h.blogspot.md"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname 5fgfgfgfgrfg4g4g4.blogspot.com.uy"; dns.query; content:"5fgfgfgfgrfg4g4g4.blogspot.com.uy"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfg4g4g4\.blogspot\.com\.uy$/i"; classtype:trojan-activity; sid:37156571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname 5fgfgfgfgrfg4g4g4.blogspot.com.uy"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfgrfg4g4g4.blogspot.com.uy"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfgrfg4g4g4\.blogspot\.com\.uy[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//5fgfgfgfgrfg4g4g4.blogspot.com.uy"; flow:to_server,established; http.header; content:"5fgfgfgfgrfg4g4g4.blogspot.com.uy"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname reports.inspirehub.com"; dns.query; content:"reports.inspirehub.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])reports\.inspirehub\.com$/i"; classtype:trojan-activity; sid:37156601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname reports.inspirehub.com"; flow:to_server,established; http.header; content: "Host|3a| reports.inspirehub.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])reports\.inspirehub\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//reports.inspirehub.com"; flow:to_server,established; http.header; content:"reports.inspirehub.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26145 [] Outgoing URL http|3a|//sp-storage.spccinta.com/spidentifier/1.0.2.0/spidentifierimpl.exe"; flow:to_server,established; http.header; content:"sp-storage.spccinta.com"; fast_pattern; nocase; http.uri; content:"/spidentifier/1.0.2.0/spidentifierimpl.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 42.235.69.208 45699 (msg: "MISP e26145 [] Outgoing URL http|3a|//42.235.69.208|3a|45699/bin.sh"; flow:to_server,established; http.header; content:"42.235.69.208"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 39.174.238.52 55667 (msg: "MISP e26145 [] Outgoing URL http|3a|//39.174.238.52|3a|55667/bin.sh"; flow:to_server,established; http.header; content:"39.174.238.52"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 27.217.174.254 43581 (msg: "MISP e26145 [] Outgoing URL http|3a|//27.217.174.254|3a|43581/Mozi.m"; flow:to_server,established; http.header; content:"27.217.174.254"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 182.114.253.220 40418 (msg: "MISP e26145 [] Outgoing URL http|3a|//182.114.253.220|3a|40418/Mozi.m"; flow:to_server,established; http.header; content:"182.114.253.220"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 117.220.144.68 35114 (msg: "MISP e26145 [] Outgoing URL http|3a|//117.220.144.68|3a|35114/Mozi.m"; flow:to_server,established; http.header; content:"117.220.144.68"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26075 [dcrat] Outgoing URL http|3a|//a0909872.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0909872.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37123601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//a0909872.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0909872.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37203921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 13.52.244.83 7443 (msg: "MISP e26075 [AMAZON-02,Covenant] Outgoing To IP: 13.52.244.83|7443"; classtype:trojan-activity; sid:37123611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 5.189.152.51 443 (msg: "MISP e26075 [CONTABO,Deimos] Outgoing To IP: 5.189.152.51|443"; classtype:trojan-activity; sid:37123621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 167.86.85.34 443 (msg: "MISP e26075 [CONTABO,Deimos] Outgoing To IP: 167.86.85.34|443"; classtype:trojan-activity; sid:37123631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 45.148.132.134 12345 (msg: "MISP e26075 [Deimos,LSHIY-USER-CONTENT] Outgoing To IP: 45.148.132.134|12345"; classtype:trojan-activity; sid:37123641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 104.238.60.87 2696 (msg: "MISP e26075 [ASN-QUADRANET-GLOBAL,Bianlian Go Trojan] Outgoing To IP: 104.238.60.87|2696"; classtype:trojan-activity; sid:37123651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 172.202.30.12 443 (msg: "MISP e26075 [Havoc,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 172.202.30.12|443"; classtype:trojan-activity; sid:37123661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 114.29.237.119 443 (msg: "MISP e26075 [Havoc,KAMATERAINC-AS-AP Kamatera Inc.] Outgoing To IP: 114.29.237.119|443"; classtype:trojan-activity; sid:37123671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 185.189.196.191 40056 (msg: "MISP e26075 [Havoc,MIS70] Outgoing To IP: 185.189.196.191|40056"; classtype:trojan-activity; sid:37123681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 5.182.36.131 443 (msg: "MISP e26075 [Responder,STARK-INDUSTRIES] Outgoing To IP: 5.182.36.131|443"; classtype:trojan-activity; sid:37123691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 117.200.61.205 445 (msg: "MISP e26075 [BSNL-NIB National Internet Backbone,Responder] Outgoing To IP: 117.200.61.205|445"; classtype:trojan-activity; sid:37123701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 117.200.61.203 445 (msg: "MISP e26075 [BSNL-NIB National Internet Backbone,Responder] Outgoing To IP: 117.200.61.203|445"; classtype:trojan-activity; sid:37123711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 109.154.155.130 443 (msg: "MISP e26075 [BT-UK-AS BTnet UK Regional network,QakBot] Outgoing To IP: 109.154.155.130|443"; classtype:trojan-activity; sid:37123721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 50.35.141.245 443 (msg: "MISP e26075 [AS-WHOLESAIL,QakBot] Outgoing To IP: 50.35.141.245|443"; classtype:trojan-activity; sid:37123731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 105.155.185.229 995 (msg: "MISP e26075 [MT-MPLS,QakBot] Outgoing To IP: 105.155.185.229|995"; classtype:trojan-activity; sid:37123741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 31.117.188.253 2222 (msg: "MISP e26075 [BT-UK-AS BTnet UK Regional network,QakBot] Outgoing To IP: 31.117.188.253|2222"; classtype:trojan-activity; sid:37123751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 31.117.188.253 2222 (msg: "MISP e26168 [] Outgoing To IP: 31.117.188.253|2222"; classtype:trojan-activity; sid:37203931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 105.155.185.229 995 (msg: "MISP e26168 [] Outgoing To IP: 105.155.185.229|995"; classtype:trojan-activity; sid:37203941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 50.35.141.245 443 (msg: "MISP e26168 [] Outgoing To IP: 50.35.141.245|443"; classtype:trojan-activity; sid:37203951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 109.154.155.130 443 (msg: "MISP e26168 [] Outgoing To IP: 109.154.155.130|443"; classtype:trojan-activity; sid:37203961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 117.200.61.203 445 (msg: "MISP e26168 [] Outgoing To IP: 117.200.61.203|445"; classtype:trojan-activity; sid:37203971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 117.200.61.205 445 (msg: "MISP e26168 [] Outgoing To IP: 117.200.61.205|445"; classtype:trojan-activity; sid:37203981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 5.182.36.131 443 (msg: "MISP e26168 [] Outgoing To IP: 5.182.36.131|443"; classtype:trojan-activity; sid:37203991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.189.196.191 40056 (msg: "MISP e26168 [] Outgoing To IP: 185.189.196.191|40056"; classtype:trojan-activity; sid:37204001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 114.29.237.119 443 (msg: "MISP e26168 [] Outgoing To IP: 114.29.237.119|443"; classtype:trojan-activity; sid:37204011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 172.202.30.12 443 (msg: "MISP e26168 [] Outgoing To IP: 172.202.30.12|443"; classtype:trojan-activity; sid:37204021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 104.238.60.87 2696 (msg: "MISP e26168 [] Outgoing To IP: 104.238.60.87|2696"; classtype:trojan-activity; sid:37204031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 45.148.132.134 12345 (msg: "MISP e26168 [] Outgoing To IP: 45.148.132.134|12345"; classtype:trojan-activity; sid:37204041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 167.86.85.34 443 (msg: "MISP e26168 [] Outgoing To IP: 167.86.85.34|443"; classtype:trojan-activity; sid:37204051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 5.189.152.51 443 (msg: "MISP e26168 [] Outgoing To IP: 5.189.152.51|443"; classtype:trojan-activity; sid:37204061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 13.52.244.83 7443 (msg: "MISP e26168 [] Outgoing To IP: 13.52.244.83|7443"; classtype:trojan-activity; sid:37204071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 94.156.68.217 3162 (msg: "MISP e26075 [asyncrat,RAT] Outgoing To IP: 94.156.68.217|3162"; classtype:trojan-activity; sid:37123761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 94.156.68.217 3162 (msg: "MISP e26168 [] Outgoing To IP: 94.156.68.217|3162"; classtype:trojan-activity; sid:37204081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e26320 [] Outgoing URL http|3a|//194.120.116.120/"; flow:to_server,established; http.header; content:"194.120.116.120"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37248791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e26320 [] Outgoing URL http|3a|//194.120.116.120/7321241ee905bfa9/freebl3.dll"; flow:to_server,established; http.header; content:"194.120.116.120"; fast_pattern; nocase; http.uri; content:"/7321241ee905bfa9/freebl3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37248801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e26320 [] Outgoing URL http|3a|//194.120.116.120/7321241ee905bfa9/mozglue.dll"; flow:to_server,established; http.header; content:"194.120.116.120"; fast_pattern; nocase; http.uri; content:"/7321241ee905bfa9/mozglue.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37248811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e26320 [] Outgoing URL http|3a|//194.120.116.120/7321241ee905bfa9/msvcp140.dll"; flow:to_server,established; http.header; content:"194.120.116.120"; fast_pattern; nocase; http.uri; content:"/7321241ee905bfa9/msvcp140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37248821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e26320 [] Outgoing URL http|3a|//194.120.116.120/7321241ee905bfa9/nss3.dll"; flow:to_server,established; http.header; content:"194.120.116.120"; fast_pattern; nocase; http.uri; content:"/7321241ee905bfa9/nss3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37248831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e26320 [] Outgoing URL http|3a|//194.120.116.120/7321241ee905bfa9/softokn3.dll"; flow:to_server,established; http.header; content:"194.120.116.120"; fast_pattern; nocase; http.uri; content:"/7321241ee905bfa9/softokn3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37248841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e26320 [] Outgoing URL http|3a|//194.120.116.120/7321241ee905bfa9/sqlite3.dll"; flow:to_server,established; http.header; content:"194.120.116.120"; fast_pattern; nocase; http.uri; content:"/7321241ee905bfa9/sqlite3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37248851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e26320 [] Outgoing URL http|3a|//194.120.116.120/7321241ee905bfa9/vcruntime140.dll"; flow:to_server,established; http.header; content:"194.120.116.120"; fast_pattern; nocase; http.uri; content:"/7321241ee905bfa9/vcruntime140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37248861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e26320 [] Outgoing URL http|3a|//194.120.116.120/7a957ef6cc168ff6.php"; flow:to_server,established; http.header; content:"194.120.116.120"; fast_pattern; nocase; http.uri; content:"/7a957ef6cc168ff6.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37248871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert dns any any -> any any (msg: "MISP e26320 [] Domain brazilanimalshelp.com"; dns.query; content:"brazilanimalshelp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])brazilanimalshelp\.com$/i"; classtype:trojan-activity; sid:37248891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26320 [] Outgoing HTTP Domain brazilanimalshelp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brazilanimalshelp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brazilanimalshelp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37248892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert ip $HOME_NET any -> 194.120.116.120 any (msg: "MISP e26320 [] Outgoing To IP: 194.120.116.120"; classtype:trojan-activity; sid:37248901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26320;) alert ip $HOME_NET any -> 45.81.23.13 1433 (msg: "MISP e26168 [] Outgoing To IP: 45.81.23.13|1433"; classtype:trojan-activity; sid:37204091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 45.95.146.13 61616 (msg: "MISP e26168 [] Outgoing To IP: 45.95.146.13|61616"; classtype:trojan-activity; sid:37204101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 89.190.156.172 1311 (msg: "MISP e26168 [] Outgoing To IP: 89.190.156.172|1311"; classtype:trojan-activity; sid:37204111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 89.190.156.173 1306 (msg: "MISP e26168 [] Outgoing To IP: 89.190.156.173|1306"; classtype:trojan-activity; sid:37204121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 89.190.156.174 1311 (msg: "MISP e26168 [] Outgoing To IP: 89.190.156.174|1311"; classtype:trojan-activity; sid:37204131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 89.190.156.175 1517 (msg: "MISP e26168 [] Outgoing To IP: 89.190.156.175|1517"; classtype:trojan-activity; sid:37204141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 89.190.156.176 1311 (msg: "MISP e26168 [] Outgoing To IP: 89.190.156.176|1311"; classtype:trojan-activity; sid:37204151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 89.190.156.182 1725 (msg: "MISP e26168 [] Outgoing To IP: 89.190.156.182|1725"; classtype:trojan-activity; sid:37204161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 89.190.156.253 61616 (msg: "MISP e26168 [] Outgoing To IP: 89.190.156.253|61616"; classtype:trojan-activity; sid:37204171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 89.190.156.211 1311 (msg: "MISP e26168 [] Outgoing To IP: 89.190.156.211|1311"; classtype:trojan-activity; sid:37204181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.224.128.49 1311 (msg: "MISP e26168 [] Outgoing To IP: 185.224.128.49|1311"; classtype:trojan-activity; sid:37204191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.224.128.50 1311 (msg: "MISP e26168 [] Outgoing To IP: 185.224.128.50|1311"; classtype:trojan-activity; sid:37204201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.224.128.51 1435 (msg: "MISP e26168 [] Outgoing To IP: 185.224.128.51|1435"; classtype:trojan-activity; sid:37204211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.224.128.52 2053 (msg: "MISP e26168 [] Outgoing To IP: 185.224.128.52|2053"; classtype:trojan-activity; sid:37204221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.224.128.53 2079 (msg: "MISP e26168 [] Outgoing To IP: 185.224.128.53|2079"; classtype:trojan-activity; sid:37204231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.224.128.54 1629 (msg: "MISP e26168 [] Outgoing To IP: 185.224.128.54|1629"; classtype:trojan-activity; sid:37204241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.224.128.55 1713 (msg: "MISP e26168 [] Outgoing To IP: 185.224.128.55|1713"; classtype:trojan-activity; sid:37204251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 13.82.186.9 80 (msg: "MISP e26075 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 13.82.186.9|80"; classtype:trojan-activity; sid:37123771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 146.235.52.69 80 (msg: "MISP e26075 [CobaltStrike,cs-watermark-410617911,ORACLE-BMC-31898] Outgoing To IP: 146.235.52.69|80"; classtype:trojan-activity; sid:37123781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 146.235.52.69 80 (msg: "MISP e26168 [] Outgoing To IP: 146.235.52.69|80"; classtype:trojan-activity; sid:37204361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 13.82.186.9 80 (msg: "MISP e26168 [] Outgoing To IP: 13.82.186.9|80"; classtype:trojan-activity; sid:37204371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26075 [CobaltStrike,CONTABO,cs-watermark-410617911] Domain cupdater.bbtecno.com"; dns.query; content:"cupdater.bbtecno.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cupdater\.bbtecno\.com$/i"; classtype:trojan-activity; sid:37123811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CobaltStrike,CONTABO,cs-watermark-410617911] Outgoing HTTP Domain cupdater.bbtecno.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cupdater.bbtecno.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cupdater\.bbtecno\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 173.212.224.123 443 (msg: "MISP e26075 [CobaltStrike,CONTABO,cs-watermark-410617911] Outgoing To IP: 173.212.224.123|443"; classtype:trojan-activity; sid:37123821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 173.212.224.123 443 (msg: "MISP e26168 [] Outgoing To IP: 173.212.224.123|443"; classtype:trojan-activity; sid:37204381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain cupdater.bbtecno.com"; dns.query; content:"cupdater.bbtecno.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cupdater\.bbtecno\.com$/i"; classtype:trojan-activity; sid:37204391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain cupdater.bbtecno.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cupdater.bbtecno.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cupdater\.bbtecno\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26075 [AMAZON-02,CobaltStrike,cs-watermark-909500662] Domain dns.pwd-reset.net"; dns.query; content:"dns.pwd-reset.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.pwd\-reset\.net$/i"; classtype:trojan-activity; sid:37123831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AMAZON-02,CobaltStrike,cs-watermark-909500662] Outgoing HTTP Domain dns.pwd-reset.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.pwd-reset.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.pwd\-reset\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 63.34.195.83 53 (msg: "MISP e26075 [AMAZON-02,CobaltStrike,cs-watermark-909500662] Outgoing To IP: 63.34.195.83|53"; classtype:trojan-activity; sid:37123841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [Amazon.com Inc.,CobaltStrike,cs-watermark-331797103] Domain dns.sstr.com.br"; dns.query; content:"dns.sstr.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.sstr\.com\.br$/i"; classtype:trojan-activity; sid:37123851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [Amazon.com Inc.,CobaltStrike,cs-watermark-331797103] Outgoing HTTP Domain dns.sstr.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.sstr.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.sstr\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 18.222.142.217 53 (msg: "MISP e26075 [Amazon.com Inc.,CobaltStrike,cs-watermark-331797103] Outgoing To IP: 18.222.142.217|53"; classtype:trojan-activity; sid:37123861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Domain dns.thenewbees.org"; dns.query; content:"dns.thenewbees.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.thenewbees\.org$/i"; classtype:trojan-activity; sid:37123871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing HTTP Domain dns.thenewbees.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.thenewbees.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.thenewbees\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 199.247.30.209 53 (msg: "MISP e26075 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing To IP: 199.247.30.209|53"; classtype:trojan-activity; sid:37123881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Domain dns.startupmartec.net"; dns.query; content:"dns.startupmartec.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.startupmartec\.net$/i"; classtype:trojan-activity; sid:37123891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing HTTP Domain dns.startupmartec.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.startupmartec.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.startupmartec\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 45.77.116.186 53 (msg: "MISP e26075 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing To IP: 45.77.116.186|53"; classtype:trojan-activity; sid:37123901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CobaltStrike,cs-watermark-100000,HONG KONG Megalayer Technology Co.Limited] Domain update.theasiagroupai.com"; dns.query; content:"update.theasiagroupai.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])update\.theasiagroupai\.com$/i"; classtype:trojan-activity; sid:37123911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CobaltStrike,cs-watermark-100000,HONG KONG Megalayer Technology Co.Limited] Outgoing HTTP Domain update.theasiagroupai.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"update.theasiagroupai.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])update\.theasiagroupai\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 154.22.123.68 53 (msg: "MISP e26075 [CobaltStrike,cs-watermark-100000,HONG KONG Megalayer Technology Co.Limited] Outgoing To IP: 154.22.123.68|53"; classtype:trojan-activity; sid:37123921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CobaltStrike,cs-watermark-1002960372,DIGITALOCEAN-ASN] Domain ns2.0-2.pw"; dns.query; content:"ns2.0-2.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.0\-2\.pw$/i"; classtype:trojan-activity; sid:37123931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CobaltStrike,cs-watermark-1002960372,DIGITALOCEAN-ASN] Outgoing HTTP Domain ns2.0-2.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns2.0-2.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.0\-2\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 178.128.229.91 53 (msg: "MISP e26075 [CobaltStrike,cs-watermark-1002960372,DIGITALOCEAN-ASN] Outgoing To IP: 178.128.229.91|53"; classtype:trojan-activity; sid:37123941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CNSERVERS,CobaltStrike,cs-watermark-99999744] Domain check.kudicical.ml"; dns.query; content:"check.kudicical.ml"; nocase; pcre: "/(^|[^A-Za-z0-9-])check\.kudicical\.ml$/i"; classtype:trojan-activity; sid:37123951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CNSERVERS,CobaltStrike,cs-watermark-99999744] Outgoing HTTP Domain check.kudicical.ml"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"check.kudicical.ml"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])check\.kudicical\.ml[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CNSERVERS,CobaltStrike,cs-watermark-99999744] Domain check0.judicical.mm"; dns.query; content:"check0.judicical.mm"; nocase; pcre: "/(^|[^A-Za-z0-9-])check0\.judicical\.mm$/i"; classtype:trojan-activity; sid:37123961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CNSERVERS,CobaltStrike,cs-watermark-99999744] Outgoing HTTP Domain check0.judicical.mm"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"check0.judicical.mm"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])check0\.judicical\.mm[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CobaltStrike,cs-watermark-99999744,xTom Pty Ltd] Domain ns1.dnrdnsdns.onlind"; dns.query; content:"ns1.dnrdnsdns.onlind"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.dnrdnsdns\.onlind$/i"; classtype:trojan-activity; sid:37123971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CobaltStrike,cs-watermark-99999744,xTom Pty Ltd] Outgoing HTTP Domain ns1.dnrdnsdns.onlind"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.dnrdnsdns.onlind"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.dnrdnsdns\.onlind[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CobaltStrike,cs-watermark-99999744,Microsoft Corporation] Domain v2ray2.mlsy.top"; dns.query; content:"v2ray2.mlsy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])v2ray2\.mlsy\.top$/i"; classtype:trojan-activity; sid:37123981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CobaltStrike,cs-watermark-99999744,Microsoft Corporation] Outgoing HTTP Domain v2ray2.mlsy.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"v2ray2.mlsy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])v2ray2\.mlsy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CobaltStrike,cs-watermark-1215974367,DIGITALOCEAN-ASN] Domain dnsswaf.djn.blue"; dns.query; content:"dnsswaf.djn.blue"; nocase; pcre: "/(^|[^A-Za-z0-9-])dnsswaf\.djn\.blue$/i"; classtype:trojan-activity; sid:37123991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CobaltStrike,cs-watermark-1215974367,DIGITALOCEAN-ASN] Outgoing HTTP Domain dnsswaf.djn.blue"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dnsswaf.djn.blue"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dnsswaf\.djn\.blue[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CobaltStrike,COGENT-174,cs-watermark-2029527384] Domain cache.uhorjane.com"; dns.query; content:"cache.uhorjane.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cache\.uhorjane\.com$/i"; classtype:trojan-activity; sid:37124001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CobaltStrike,COGENT-174,cs-watermark-2029527384] Outgoing HTTP Domain cache.uhorjane.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cache.uhorjane.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cache\.uhorjane\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CobaltStrike,cs-watermark-391144682,QuadraNet Enterprises LLC] Domain ns1.brd1ce.top"; dns.query; content:"ns1.brd1ce.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.brd1ce\.top$/i"; classtype:trojan-activity; sid:37124011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CobaltStrike,cs-watermark-391144682,QuadraNet Enterprises LLC] Outgoing HTTP Domain ns1.brd1ce.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.brd1ce.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.brd1ce\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [CobaltStrike,cs-watermark-666922,PEG TECH INC] Domain vpn.nsgocus.cn.com"; dns.query; content:"vpn.nsgocus.cn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vpn\.nsgocus\.cn\.com$/i"; classtype:trojan-activity; sid:37124021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [CobaltStrike,cs-watermark-666922,PEG TECH INC] Outgoing HTTP Domain vpn.nsgocus.cn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vpn.nsgocus.cn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vpn\.nsgocus\.cn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-391144682] Domain dns.t0oger.com"; dns.query; content:"dns.t0oger.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.t0oger\.com$/i"; classtype:trojan-activity; sid:37124031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-391144682] Outgoing HTTP Domain dns.t0oger.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.t0oger.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.t0oger\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 5.42.66.25 3000 (msg: "MISP e26075 [observerstealer] Outgoing To IP: 5.42.66.25|3000"; classtype:trojan-activity; sid:37124041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 5.42.66.25 3000 (msg: "MISP e26168 [] Outgoing To IP: 5.42.66.25|3000"; classtype:trojan-activity; sid:37204421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain dns.t0oger.com"; dns.query; content:"dns.t0oger.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.t0oger\.com$/i"; classtype:trojan-activity; sid:37204431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain dns.t0oger.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.t0oger.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.t0oger\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain vpn.nsgocus.cn.com"; dns.query; content:"vpn.nsgocus.cn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vpn\.nsgocus\.cn\.com$/i"; classtype:trojan-activity; sid:37204441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain vpn.nsgocus.cn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vpn.nsgocus.cn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vpn\.nsgocus\.cn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain ns1.brd1ce.top"; dns.query; content:"ns1.brd1ce.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.brd1ce\.top$/i"; classtype:trojan-activity; sid:37204451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain ns1.brd1ce.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.brd1ce.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.brd1ce\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain cache.uhorjane.com"; dns.query; content:"cache.uhorjane.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cache\.uhorjane\.com$/i"; classtype:trojan-activity; sid:37204461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain cache.uhorjane.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cache.uhorjane.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cache\.uhorjane\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain dnsswaf.djn.blue"; dns.query; content:"dnsswaf.djn.blue"; nocase; pcre: "/(^|[^A-Za-z0-9-])dnsswaf\.djn\.blue$/i"; classtype:trojan-activity; sid:37204471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain dnsswaf.djn.blue"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dnsswaf.djn.blue"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dnsswaf\.djn\.blue[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain v2ray2.mlsy.top"; dns.query; content:"v2ray2.mlsy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])v2ray2\.mlsy\.top$/i"; classtype:trojan-activity; sid:37204481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain v2ray2.mlsy.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"v2ray2.mlsy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])v2ray2\.mlsy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain ns1.dnrdnsdns.onlind"; dns.query; content:"ns1.dnrdnsdns.onlind"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.dnrdnsdns\.onlind$/i"; classtype:trojan-activity; sid:37204491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain ns1.dnrdnsdns.onlind"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.dnrdnsdns.onlind"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.dnrdnsdns\.onlind[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain check0.judicical.mm"; dns.query; content:"check0.judicical.mm"; nocase; pcre: "/(^|[^A-Za-z0-9-])check0\.judicical\.mm$/i"; classtype:trojan-activity; sid:37204501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain check0.judicical.mm"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"check0.judicical.mm"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])check0\.judicical\.mm[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain check.kudicical.ml"; dns.query; content:"check.kudicical.ml"; nocase; pcre: "/(^|[^A-Za-z0-9-])check\.kudicical\.ml$/i"; classtype:trojan-activity; sid:37204511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain check.kudicical.ml"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"check.kudicical.ml"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])check\.kudicical\.ml[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain ns2.0-2.pw"; dns.query; content:"ns2.0-2.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.0\-2\.pw$/i"; classtype:trojan-activity; sid:37204521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain ns2.0-2.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns2.0-2.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.0\-2\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 178.128.229.91 53 (msg: "MISP e26168 [] Outgoing To IP: 178.128.229.91|53"; classtype:trojan-activity; sid:37204531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 154.22.123.68 53 (msg: "MISP e26168 [] Outgoing To IP: 154.22.123.68|53"; classtype:trojan-activity; sid:37204541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain update.theasiagroupai.com"; dns.query; content:"update.theasiagroupai.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])update\.theasiagroupai\.com$/i"; classtype:trojan-activity; sid:37204551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain update.theasiagroupai.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"update.theasiagroupai.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])update\.theasiagroupai\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 45.77.116.186 53 (msg: "MISP e26168 [] Outgoing To IP: 45.77.116.186|53"; classtype:trojan-activity; sid:37204561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain dns.startupmartec.net"; dns.query; content:"dns.startupmartec.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.startupmartec\.net$/i"; classtype:trojan-activity; sid:37204571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain dns.startupmartec.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.startupmartec.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.startupmartec\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 199.247.30.209 53 (msg: "MISP e26168 [] Outgoing To IP: 199.247.30.209|53"; classtype:trojan-activity; sid:37204581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain dns.thenewbees.org"; dns.query; content:"dns.thenewbees.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.thenewbees\.org$/i"; classtype:trojan-activity; sid:37204591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain dns.thenewbees.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.thenewbees.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.thenewbees\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 18.222.142.217 53 (msg: "MISP e26168 [] Outgoing To IP: 18.222.142.217|53"; classtype:trojan-activity; sid:37204601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain dns.sstr.com.br"; dns.query; content:"dns.sstr.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.sstr\.com\.br$/i"; classtype:trojan-activity; sid:37204611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain dns.sstr.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.sstr.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.sstr\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain dns.pwd-reset.net"; dns.query; content:"dns.pwd-reset.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.pwd\-reset\.net$/i"; classtype:trojan-activity; sid:37204621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain dns.pwd-reset.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.pwd-reset.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.pwd\-reset\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 63.34.195.83 53 (msg: "MISP e26168 [] Outgoing To IP: 63.34.195.83|53"; classtype:trojan-activity; sid:37204631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 3.124.67.191 12609 (msg: "MISP e26168 [] Outgoing To IP: 3.124.67.191|12609"; classtype:trojan-activity; sid:37204641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 3.125.188.168 12609 (msg: "MISP e26168 [] Outgoing To IP: 3.125.188.168|12609"; classtype:trojan-activity; sid:37204651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26075 [dcrat] Outgoing URL http|3a|//a0916186.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0916186.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37124051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//a0916186.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0916186.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37204661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26127 [] Outgoing URL http|3a|//vinted-cz.mayonro.com/"; flow:to_server,established; http.header; content:"vinted-cz.mayonro.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26127;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26075 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//122.51.220.170/dpixel"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37124071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> 134.122.75.115 26 (msg: "MISP e26075 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Outgoing URL http|3a|//134.122.75.115|3a|26/fwlink"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37124091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> 134.122.75.115 23 (msg: "MISP e26075 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Outgoing URL http|3a|//134.122.75.115|3a|23/en_us/all.js"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37124101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> 134.122.75.115 23 (msg: "MISP e26168 [] Outgoing URL http|3a|//134.122.75.115|3a|23/en_US/all.js"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37204671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> 134.122.75.115 26 (msg: "MISP e26168 [] Outgoing URL http|3a|//134.122.75.115|3a|26/fwlink"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37204681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//122.51.220.170/dpixel"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37204701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> 134.122.75.115 $HTTP_PORTS (msg: "MISP e26075 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Outgoing URL http|3a|//134.122.75.115/dot.gif"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37124131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> 134.122.75.115 $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//134.122.75.115/dot.gif"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37204721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26075 [dcrat] Outgoing URL http|3a|//007017cm.nyashsens.top/pythonjavascriptjsdownloads.php"; flow:to_server,established; http.header; content:"007017cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/pythonjavascriptjsdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37124141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip 43.156.54.8 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.54.8"; classtype:trojan-activity; sid:37184551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 146.59.228.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.59.228.105"; classtype:trojan-activity; sid:37184561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.201.49.243 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.201.49.243"; classtype:trojan-activity; sid:37184571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.96.229.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.229.45"; classtype:trojan-activity; sid:37184581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.59.23.154 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.23.154"; classtype:trojan-activity; sid:37184591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 141.98.11.169 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.169"; classtype:trojan-activity; sid:37184601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.74.140.254 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.74.140.254"; classtype:trojan-activity; sid:37184611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 178.128.93.152 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.93.152"; classtype:trojan-activity; sid:37184621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 152.32.186.113 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.186.113"; classtype:trojan-activity; sid:37184631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 167.172.82.57 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.82.57"; classtype:trojan-activity; sid:37184641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 89.144.207.100 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.144.207.100"; classtype:trojan-activity; sid:37184651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 51.178.143.50 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.178.143.50"; classtype:trojan-activity; sid:37184661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.157.166.180 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.166.180"; classtype:trojan-activity; sid:37184671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.232.184.225 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.184.225"; classtype:trojan-activity; sid:37184681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 47.110.241.117 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.110.241.117"; classtype:trojan-activity; sid:37184691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.70.25.230 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.25.230"; classtype:trojan-activity; sid:37184701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 157.245.149.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.149.18"; classtype:trojan-activity; sid:37184711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 96.69.13.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.69.13.140"; classtype:trojan-activity; sid:37184721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.43.72.78 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.43.72.78"; classtype:trojan-activity; sid:37184731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.51.22.125 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.22.125"; classtype:trojan-activity; sid:37184741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.89.163.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.163.158"; classtype:trojan-activity; sid:37184751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 112.173.90.204 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.173.90.204"; classtype:trojan-activity; sid:37184761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 191.255.22.84 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.255.22.84"; classtype:trojan-activity; sid:37184771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.123.63.116 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.123.63.116"; classtype:trojan-activity; sid:37184781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 61.241.173.216 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.241.173.216"; classtype:trojan-activity; sid:37184791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 183.56.237.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.237.54"; classtype:trojan-activity; sid:37184801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 167.172.182.99 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.182.99"; classtype:trojan-activity; sid:37184811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.42.2.9 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.42.2.9"; classtype:trojan-activity; sid:37184821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.29.122 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.29.122"; classtype:trojan-activity; sid:37184831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.233.133.154 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.233.133.154"; classtype:trojan-activity; sid:37184841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.140.225.177 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.225.177"; classtype:trojan-activity; sid:37184851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.173.117.82 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.173.117.82"; classtype:trojan-activity; sid:37184861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.249.184.100 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.249.184.100"; classtype:trojan-activity; sid:37184871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.212.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.212.18"; classtype:trojan-activity; sid:37184881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.136.208.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.136.208.18"; classtype:trojan-activity; sid:37184891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.99.66 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.99.66"; classtype:trojan-activity; sid:37184901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.151.148.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.148.193"; classtype:trojan-activity; sid:37184911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 137.184.170.8 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.170.8"; classtype:trojan-activity; sid:37184921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 60.220.185.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.220.185.35"; classtype:trojan-activity; sid:37184931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 158.178.232.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.178.232.193"; classtype:trojan-activity; sid:37184941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 171.220.244.134 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.220.244.134"; classtype:trojan-activity; sid:37184951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.223.105.130 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.105.130"; classtype:trojan-activity; sid:37184961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.103.224.85 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.103.224.85"; classtype:trojan-activity; sid:37184971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.164.111.154 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.164.111.154"; classtype:trojan-activity; sid:37184981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 46.21.159.227 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.21.159.227"; classtype:trojan-activity; sid:37184991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.218.52 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.218.52"; classtype:trojan-activity; sid:37185001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.234.30.213 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.30.213"; classtype:trojan-activity; sid:37185011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.147.242.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.147.242.105"; classtype:trojan-activity; sid:37185021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.0.75.252 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.0.75.252"; classtype:trojan-activity; sid:37185031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.244.7.34 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.244.7.34"; classtype:trojan-activity; sid:37185041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.149.28.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.149.28.105"; classtype:trojan-activity; sid:37185051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.32.254.150 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.254.150"; classtype:trojan-activity; sid:37185061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.35.244.229 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.244.229"; classtype:trojan-activity; sid:37185071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.184.181 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.184.181"; classtype:trojan-activity; sid:37185081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 93.214.42.185 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.214.42.185"; classtype:trojan-activity; sid:37185091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 198.244.246.73 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.244.246.73"; classtype:trojan-activity; sid:37185101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.140.7.52 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.140.7.52"; classtype:trojan-activity; sid:37185111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 35.219.62.194 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.219.62.194"; classtype:trojan-activity; sid:37185121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.136.158.148 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.136.158.148"; classtype:trojan-activity; sid:37185131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.103.44.14 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.44.14"; classtype:trojan-activity; sid:37185141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 38.102.234.38 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.102.234.38"; classtype:trojan-activity; sid:37185151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.176.190.152 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.176.190.152"; classtype:trojan-activity; sid:37185161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.236.129.161 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.236.129.161"; classtype:trojan-activity; sid:37185171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 133.125.33.138 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 133.125.33.138"; classtype:trojan-activity; sid:37185181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.123.135 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.123.135"; classtype:trojan-activity; sid:37185191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.37.2 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.37.2"; classtype:trojan-activity; sid:37185201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.54.3.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.3.193"; classtype:trojan-activity; sid:37185211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 68.168.142.91 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.168.142.91"; classtype:trojan-activity; sid:37185221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.41.64 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.41.64"; classtype:trojan-activity; sid:37185231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.49.76.244 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.49.76.244"; classtype:trojan-activity; sid:37185241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.138.3.21 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.3.21"; classtype:trojan-activity; sid:37185251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.64.193.118 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.193.118"; classtype:trojan-activity; sid:37185261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.76.105.165 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.105.165"; classtype:trojan-activity; sid:37185271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.198.247 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.198.247"; classtype:trojan-activity; sid:37185281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.156.193.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.193.71"; classtype:trojan-activity; sid:37185291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 125.19.112.55 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.19.112.55"; classtype:trojan-activity; sid:37185301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.64.151.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.151.139"; classtype:trojan-activity; sid:37185311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.12.153 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.12.153"; classtype:trojan-activity; sid:37185321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 34.131.119.248 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.131.119.248"; classtype:trojan-activity; sid:37185331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 217.28.220.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.28.220.193"; classtype:trojan-activity; sid:37185341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.236.253.29 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.236.253.29"; classtype:trojan-activity; sid:37185351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 152.32.207.133 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.207.133"; classtype:trojan-activity; sid:37185361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.52.195 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.52.195"; classtype:trojan-activity; sid:37185371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.64.178.136 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.178.136"; classtype:trojan-activity; sid:37185381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.143.195.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.143.195.18"; classtype:trojan-activity; sid:37185391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.199.20.225 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.20.225"; classtype:trojan-activity; sid:37185401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.55.226.251 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.226.251"; classtype:trojan-activity; sid:37185411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 38.242.227.202 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.242.227.202"; classtype:trojan-activity; sid:37185421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 39.91.166.21 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.91.166.21"; classtype:trojan-activity; sid:37185431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.134.217.41 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.134.217.41"; classtype:trojan-activity; sid:37185441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.29.208.76 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.208.76"; classtype:trojan-activity; sid:37185451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 222.137.139.210 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.137.139.210"; classtype:trojan-activity; sid:37185461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.75.245.246 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.245.246"; classtype:trojan-activity; sid:37185471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.101.180 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.101.180"; classtype:trojan-activity; sid:37185481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 158.179.175.164 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.179.175.164"; classtype:trojan-activity; sid:37185491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 134.122.8.182 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.122.8.182"; classtype:trojan-activity; sid:37185501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 164.132.56.100 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.132.56.100"; classtype:trojan-activity; sid:37185511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.201.49.244 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.201.49.244"; classtype:trojan-activity; sid:37185521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.138.68.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.138.68.30"; classtype:trojan-activity; sid:37185531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 94.103.124.161 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.103.124.161"; classtype:trojan-activity; sid:37185541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.244.233.231 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.244.233.231"; classtype:trojan-activity; sid:37185551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.55.28.159 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.28.159"; classtype:trojan-activity; sid:37185561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 39.184.216.4 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.184.216.4"; classtype:trojan-activity; sid:37185571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.154.58.8 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.154.58.8"; classtype:trojan-activity; sid:37185581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.64.150.8 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.150.8"; classtype:trojan-activity; sid:37185591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.198.72.243 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.72.243"; classtype:trojan-activity; sid:37185601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 177.91.80.11 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.91.80.11"; classtype:trojan-activity; sid:37185611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.14.226.92 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.14.226.92"; classtype:trojan-activity; sid:37185621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.170.86.86 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.170.86.86"; classtype:trojan-activity; sid:37185631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.89.88.100 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.88.100"; classtype:trojan-activity; sid:37185641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.19.4.22 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.19.4.22"; classtype:trojan-activity; sid:37185651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.13.116 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.13.116"; classtype:trojan-activity; sid:37185661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.255.112.189 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.255.112.189"; classtype:trojan-activity; sid:37185671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.106.100.84 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.100.84"; classtype:trojan-activity; sid:37185681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 60.235.231.106 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.235.231.106"; classtype:trojan-activity; sid:37185691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.97.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.97.212"; classtype:trojan-activity; sid:37185701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 198.23.165.102 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.23.165.102"; classtype:trojan-activity; sid:37185711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.195.182.56 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.182.56"; classtype:trojan-activity; sid:37185721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 61.91.14.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.91.14.158"; classtype:trojan-activity; sid:37185731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 15.204.211.99 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.204.211.99"; classtype:trojan-activity; sid:37185741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 188.112.63.67 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.112.63.67"; classtype:trojan-activity; sid:37185751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.49.7 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.7"; classtype:trojan-activity; sid:37185761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 129.226.152.106 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.152.106"; classtype:trojan-activity; sid:37185771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 161.35.99.178 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.99.178"; classtype:trojan-activity; sid:37185781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.153.213.112 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.213.112"; classtype:trojan-activity; sid:37185791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.234.83 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.234.83"; classtype:trojan-activity; sid:37185801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 154.8.204.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.8.204.139"; classtype:trojan-activity; sid:37185811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.86.4 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.86.4"; classtype:trojan-activity; sid:37185821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.155.79.62 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.155.79.62"; classtype:trojan-activity; sid:37185831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.221.231 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.221.231"; classtype:trojan-activity; sid:37185841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 107.189.2.157 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.189.2.157"; classtype:trojan-activity; sid:37185851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.195.226.17 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.195.226.17"; classtype:trojan-activity; sid:37185861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 61.241.173.53 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.241.173.53"; classtype:trojan-activity; sid:37185871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.193.43.52 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.43.52"; classtype:trojan-activity; sid:37185881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.114.233 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.114.233"; classtype:trojan-activity; sid:37185891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 90.27.3.185 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.27.3.185"; classtype:trojan-activity; sid:37185901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 86.84.37.75 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.84.37.75"; classtype:trojan-activity; sid:37185911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.190.101.26 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.190.101.26"; classtype:trojan-activity; sid:37185921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 92.247.69.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.247.69.54"; classtype:trojan-activity; sid:37185931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 198.44.170.120 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.44.170.120"; classtype:trojan-activity; sid:37185941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.36.124.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.36.124.105"; classtype:trojan-activity; sid:37185951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 218.29.188.215 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.29.188.215"; classtype:trojan-activity; sid:37185961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.199.164.57 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.164.57"; classtype:trojan-activity; sid:37185971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.107.209.144 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.107.209.144"; classtype:trojan-activity; sid:37185981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 61.178.65.2 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.178.65.2"; classtype:trojan-activity; sid:37185991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.137.125.189 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.125.189"; classtype:trojan-activity; sid:37186001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.130.2.245 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.2.245"; classtype:trojan-activity; sid:37186011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 129.150.60.218 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.150.60.218"; classtype:trojan-activity; sid:37186021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 156.247.11.154 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.247.11.154"; classtype:trojan-activity; sid:37186031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.46.20.110 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.46.20.110"; classtype:trojan-activity; sid:37186041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 46.105.50.96 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.105.50.96"; classtype:trojan-activity; sid:37186051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.170.221.252 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.170.221.252"; classtype:trojan-activity; sid:37186061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.187.173.84 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.187.173.84"; classtype:trojan-activity; sid:37186071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 47.242.112.41 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.112.41"; classtype:trojan-activity; sid:37186081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 129.226.212.87 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.212.87"; classtype:trojan-activity; sid:37186091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 2.135.120.222 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.135.120.222"; classtype:trojan-activity; sid:37186101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.59.46.97 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.46.97"; classtype:trojan-activity; sid:37186111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.133.34.99 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.34.99"; classtype:trojan-activity; sid:37186121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.55.188.218 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.55.188.218"; classtype:trojan-activity; sid:37186131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.250.52.175 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.250.52.175"; classtype:trojan-activity; sid:37186141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.126.90.8 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.126.90.8"; classtype:trojan-activity; sid:37186151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.75.71.218 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.71.218"; classtype:trojan-activity; sid:37186161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 190.156.238.162 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.156.238.162"; classtype:trojan-activity; sid:37186171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.131.251.122 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.251.122"; classtype:trojan-activity; sid:37186181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.133.56.252 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.56.252"; classtype:trojan-activity; sid:37186191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.160.175 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.160.175"; classtype:trojan-activity; sid:37186201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.145.145.142 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.145.145.142"; classtype:trojan-activity; sid:37186211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.65.30.217 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.65.30.217"; classtype:trojan-activity; sid:37186221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.178.206 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.178.206"; classtype:trojan-activity; sid:37186231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.226.133.167 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.226.133.167"; classtype:trojan-activity; sid:37186241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.96.47.163 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.96.47.163"; classtype:trojan-activity; sid:37186251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 13.74.46.65 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.74.46.65"; classtype:trojan-activity; sid:37186261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//007017cm.nyashsens.top/Pythonjavascriptjsdownloads.php"; flow:to_server,established; http.header; content:"007017cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/Pythonjavascriptjsdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37204751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip 217.182.73.127 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.182.73.127"; classtype:trojan-activity; sid:37186271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.14.83 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.14.83"; classtype:trojan-activity; sid:37186281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.44.48.247 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.44.48.247"; classtype:trojan-activity; sid:37186291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.225.31.9 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.225.31.9"; classtype:trojan-activity; sid:37186301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.41.184 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.41.184"; classtype:trojan-activity; sid:37186311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 39.109.104.153 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.109.104.153"; classtype:trojan-activity; sid:37186321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 64.110.110.114 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.110.110.114"; classtype:trojan-activity; sid:37186331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.205.219.185 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.205.219.185"; classtype:trojan-activity; sid:37186341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 129.226.214.79 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.214.79"; classtype:trojan-activity; sid:37186351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.253.190.200 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.253.190.200"; classtype:trojan-activity; sid:37186361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.163.201.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.201.158"; classtype:trojan-activity; sid:37186371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 222.253.40.231 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.253.40.231"; classtype:trojan-activity; sid:37186381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.128.106.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.106.71"; classtype:trojan-activity; sid:37186391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 202.61.224.175 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.61.224.175"; classtype:trojan-activity; sid:37186401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.47.100.239 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.47.100.239"; classtype:trojan-activity; sid:37186411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.27.253.248 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.27.253.248"; classtype:trojan-activity; sid:37186421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.49.16 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.16"; classtype:trojan-activity; sid:37186431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.106.110.213 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.110.213"; classtype:trojan-activity; sid:37186441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 112.30.65.87 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.30.65.87"; classtype:trojan-activity; sid:37186451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.225.200.154 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.225.200.154"; classtype:trojan-activity; sid:37186461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.163.197.146 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.197.146"; classtype:trojan-activity; sid:37186471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.61.9 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.61.9"; classtype:trojan-activity; sid:37186481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.155.184.159 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.184.159"; classtype:trojan-activity; sid:37186491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 188.253.7.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.253.7.6"; classtype:trojan-activity; sid:37186501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.28.37 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.28.37"; classtype:trojan-activity; sid:37186511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.100.51 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.100.51"; classtype:trojan-activity; sid:37186521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.72.212.22 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.72.212.22"; classtype:trojan-activity; sid:37186531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.156.196.88 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.196.88"; classtype:trojan-activity; sid:37186541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 51.68.148.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.68.148.6"; classtype:trojan-activity; sid:37186551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 31.216.62.97 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.216.62.97"; classtype:trojan-activity; sid:37186561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 192.99.247.77 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.99.247.77"; classtype:trojan-activity; sid:37186571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.232.249.53 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.249.53"; classtype:trojan-activity; sid:37186581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.234.36.98 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.36.98"; classtype:trojan-activity; sid:37186591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.172.54.2 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.172.54.2"; classtype:trojan-activity; sid:37186601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 154.211.15.85 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.211.15.85"; classtype:trojan-activity; sid:37186611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 37.187.112.10 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.187.112.10"; classtype:trojan-activity; sid:37186621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.28.228.77 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.228.77"; classtype:trojan-activity; sid:37186631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.155.94.74 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.155.94.74"; classtype:trojan-activity; sid:37186641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.217.1.246 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.217.1.246"; classtype:trojan-activity; sid:37186651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.124.74 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.124.74"; classtype:trojan-activity; sid:37186661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.138.222.252 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.222.252"; classtype:trojan-activity; sid:37186671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.143.239.167 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.239.167"; classtype:trojan-activity; sid:37186681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.28.196.78 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.196.78"; classtype:trojan-activity; sid:37186691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.231.174.116 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.174.116"; classtype:trojan-activity; sid:37186701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.174.226.11 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.174.226.11"; classtype:trojan-activity; sid:37186711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.162.156 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.162.156"; classtype:trojan-activity; sid:37186721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.53.119.150 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.119.150"; classtype:trojan-activity; sid:37186731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.24.117.44 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.24.117.44"; classtype:trojan-activity; sid:37186741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.33.243.230 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.243.230"; classtype:trojan-activity; sid:37186751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.178.234.96 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.178.234.96"; classtype:trojan-activity; sid:37186761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 146.185.196.46 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.185.196.46"; classtype:trojan-activity; sid:37186771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 161.35.106.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.106.13"; classtype:trojan-activity; sid:37186781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 188.121.101.133 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.121.101.133"; classtype:trojan-activity; sid:37186791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 202.191.59.34 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.191.59.34"; classtype:trojan-activity; sid:37186801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.50.44 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.44"; classtype:trojan-activity; sid:37186811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 154.8.157.100 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.8.157.100"; classtype:trojan-activity; sid:37186821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.153.104 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.153.104"; classtype:trojan-activity; sid:37186831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 222.90.56.200 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.90.56.200"; classtype:trojan-activity; sid:37186841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.28.157.174 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.157.174"; classtype:trojan-activity; sid:37186851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 212.252.71.24 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.252.71.24"; classtype:trojan-activity; sid:37186861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 115.236.135.4 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.236.135.4"; classtype:trojan-activity; sid:37186871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 183.160.236.39 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.160.236.39"; classtype:trojan-activity; sid:37186881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.225.234.248 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.225.234.248"; classtype:trojan-activity; sid:37186891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.51.41.27 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.41.27"; classtype:trojan-activity; sid:37186901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.157.214 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.157.214"; classtype:trojan-activity; sid:37186911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.241.51.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.241.51.13"; classtype:trojan-activity; sid:37186921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.137.156.89 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.156.89"; classtype:trojan-activity; sid:37186931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 64.226.82.60 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.226.82.60"; classtype:trojan-activity; sid:37186941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.28.196.77 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.196.77"; classtype:trojan-activity; sid:37186951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 188.36.163.11 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.36.163.11"; classtype:trojan-activity; sid:37186961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.33.213.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.213.71"; classtype:trojan-activity; sid:37186971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 142.93.210.170 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.210.170"; classtype:trojan-activity; sid:37186981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.69.230 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.69.230"; classtype:trojan-activity; sid:37186991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 39.109.122.145 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.109.122.145"; classtype:trojan-activity; sid:37187001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.205.42.0 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.205.42.0"; classtype:trojan-activity; sid:37187011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 157.230.57.125 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.57.125"; classtype:trojan-activity; sid:37187021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.6.232.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.6.232.45"; classtype:trojan-activity; sid:37187031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 94.250.203.245 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.250.203.245"; classtype:trojan-activity; sid:37187041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.255.91.86 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.255.91.86"; classtype:trojan-activity; sid:37187051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.133.64.211 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.64.211"; classtype:trojan-activity; sid:37187061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 34.66.207.48 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.66.207.48"; classtype:trojan-activity; sid:37187071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 34.150.44.100 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.150.44.100"; classtype:trojan-activity; sid:37187081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.153.208.96 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.208.96"; classtype:trojan-activity; sid:37187091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 46.101.77.207 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.77.207"; classtype:trojan-activity; sid:37187101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 164.90.228.94 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.228.94"; classtype:trojan-activity; sid:37187111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 94.139.247.19 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.139.247.19"; classtype:trojan-activity; sid:37187121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.230.61.206 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.61.206"; classtype:trojan-activity; sid:37187131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 158.140.138.86 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.140.138.86"; classtype:trojan-activity; sid:37187141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.2.240.147 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.2.240.147"; classtype:trojan-activity; sid:37187151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 144.126.204.43 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.126.204.43"; classtype:trojan-activity; sid:37187161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.231.8.164 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.231.8.164"; classtype:trojan-activity; sid:37187171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 158.174.14.161 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.174.14.161"; classtype:trojan-activity; sid:37187181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 78.72.235.233 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.72.235.233"; classtype:trojan-activity; sid:37187191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 112.185.18.150 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.185.18.150"; classtype:trojan-activity; sid:37187201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.229.155.68 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.155.68"; classtype:trojan-activity; sid:37187211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.40.248.20 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.40.248.20"; classtype:trojan-activity; sid:37187221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.153.2.39 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.2.39"; classtype:trojan-activity; sid:37187231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.234.205.113 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.205.113"; classtype:trojan-activity; sid:37187241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 217.160.88.147 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.160.88.147"; classtype:trojan-activity; sid:37187251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.128.88.108 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.88.108"; classtype:trojan-activity; sid:37187261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.118.145.213 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.118.145.213"; classtype:trojan-activity; sid:37187271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 212.64.10.125 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.64.10.125"; classtype:trojan-activity; sid:37187281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.12.131.51 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.12.131.51"; classtype:trojan-activity; sid:37187291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.190.140.41 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.190.140.41"; classtype:trojan-activity; sid:37187301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.153.110.76 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.110.76"; classtype:trojan-activity; sid:37187311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.6.232.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.6.232.13"; classtype:trojan-activity; sid:37187321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 138.2.136.236 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.2.136.236"; classtype:trojan-activity; sid:37187331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.106.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.106.15"; classtype:trojan-activity; sid:37187341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 218.60.50.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.60.50.126"; classtype:trojan-activity; sid:37187351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.91.186.55 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.91.186.55"; classtype:trojan-activity; sid:37187361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.242.130.99 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.242.130.99"; classtype:trojan-activity; sid:37187371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.133.57.89 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.57.89"; classtype:trojan-activity; sid:37187381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.164.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.164.71"; classtype:trojan-activity; sid:37187391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.139.208.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.139.208.140"; classtype:trojan-activity; sid:37187401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 178.128.231.34 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.231.34"; classtype:trojan-activity; sid:37187411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 58.8.212.66 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.8.212.66"; classtype:trojan-activity; sid:37187421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 157.245.154.225 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.154.225"; classtype:trojan-activity; sid:37187431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.4.194 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.4.194"; classtype:trojan-activity; sid:37187441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 123.207.54.196 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.54.196"; classtype:trojan-activity; sid:37187451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 68.178.162.179 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.178.162.179"; classtype:trojan-activity; sid:37187461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 61.140.25.138 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.140.25.138"; classtype:trojan-activity; sid:37187471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.107.167.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.107.167.193"; classtype:trojan-activity; sid:37187481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 203.24.92.171 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.24.92.171"; classtype:trojan-activity; sid:37187491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.29.233.192 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.233.192"; classtype:trojan-activity; sid:37187501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.190.252.110 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.190.252.110"; classtype:trojan-activity; sid:37187511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.32.241.81 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.32.241.81"; classtype:trojan-activity; sid:37187521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 15.204.211.171 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.204.211.171"; classtype:trojan-activity; sid:37187531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.232.107.107 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.232.107.107"; classtype:trojan-activity; sid:37187541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.37.160 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.37.160"; classtype:trojan-activity; sid:37187551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.178.136.114 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.178.136.114"; classtype:trojan-activity; sid:37187561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.182.60.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.182.60.140"; classtype:trojan-activity; sid:37187571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.122.198.156 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.122.198.156"; classtype:trojan-activity; sid:37187581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.164.39.253 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.164.39.253"; classtype:trojan-activity; sid:37187591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 157.245.64.39 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.64.39"; classtype:trojan-activity; sid:37187601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.61.17.247 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.17.247"; classtype:trojan-activity; sid:37187611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 201.184.50.251 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.184.50.251"; classtype:trojan-activity; sid:37187621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.224.104 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.224.104"; classtype:trojan-activity; sid:37187631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 84.39.252.141 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.39.252.141"; classtype:trojan-activity; sid:37187641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 168.167.72.150 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.167.72.150"; classtype:trojan-activity; sid:37187651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.167.207.234 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.167.207.234"; classtype:trojan-activity; sid:37187661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.154.133.74 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.133.74"; classtype:trojan-activity; sid:37187671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 24.57.45.253 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.57.45.253"; classtype:trojan-activity; sid:37187681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.79.197.154 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.197.154"; classtype:trojan-activity; sid:37187691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.42.63.69 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.42.63.69"; classtype:trojan-activity; sid:37187701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 134.175.226.129 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.175.226.129"; classtype:trojan-activity; sid:37187711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 51.79.250.103 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.79.250.103"; classtype:trojan-activity; sid:37187721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.76.246.205 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.246.205"; classtype:trojan-activity; sid:37187731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 208.65.84.121 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.65.84.121"; classtype:trojan-activity; sid:37187741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 162.14.202.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.202.35"; classtype:trojan-activity; sid:37187751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.6.141.237 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.141.237"; classtype:trojan-activity; sid:37187761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.14.70.219 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.70.219"; classtype:trojan-activity; sid:37187771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.155.186.160 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.155.186.160"; classtype:trojan-activity; sid:37187781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 112.187.149.34 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.187.149.34"; classtype:trojan-activity; sid:37187791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 177.148.230.150 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.148.230.150"; classtype:trojan-activity; sid:37187801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.13.136.37 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.13.136.37"; classtype:trojan-activity; sid:37187811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 161.132.38.125 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.132.38.125"; classtype:trojan-activity; sid:37187821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 4.17.226.146 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 4.17.226.146"; classtype:trojan-activity; sid:37187831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.207.183.234 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.207.183.234"; classtype:trojan-activity; sid:37187841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 59.127.158.223 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.127.158.223"; classtype:trojan-activity; sid:37187851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 221.229.99.137 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.229.99.137"; classtype:trojan-activity; sid:37187861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.232.190.63 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.190.63"; classtype:trojan-activity; sid:37187871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.112.138.237 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.112.138.237"; classtype:trojan-activity; sid:37187881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 192.3.64.68 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.3.64.68"; classtype:trojan-activity; sid:37187891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 221.213.129.46 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.213.129.46"; classtype:trojan-activity; sid:37187901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.48.142.232 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.142.232"; classtype:trojan-activity; sid:37187911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.95.83.149 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.83.149"; classtype:trojan-activity; sid:37187921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.50.246 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.246"; classtype:trojan-activity; sid:37187931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.157.150.221 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.150.221"; classtype:trojan-activity; sid:37187941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 144.91.113.122 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.91.113.122"; classtype:trojan-activity; sid:37187951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.89.22.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.22.140"; classtype:trojan-activity; sid:37187961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.153.75.83 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.75.83"; classtype:trojan-activity; sid:37187971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.239.137 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.239.137"; classtype:trojan-activity; sid:37187981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.6.232.21 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.6.232.21"; classtype:trojan-activity; sid:37187991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.64.169.153 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.64.169.153"; classtype:trojan-activity; sid:37188001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.79.152.202 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.79.152.202"; classtype:trojan-activity; sid:37188011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 211.179.234.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.179.234.140"; classtype:trojan-activity; sid:37188021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.131.43.244 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.43.244"; classtype:trojan-activity; sid:37188031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.10.44.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.10.44.3"; classtype:trojan-activity; sid:37188041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 162.241.208.68 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.241.208.68"; classtype:trojan-activity; sid:37188051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 8.222.224.174 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.224.174"; classtype:trojan-activity; sid:37188061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.141.171.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.141.171.139"; classtype:trojan-activity; sid:37188071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.2.221.247 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.2.221.247"; classtype:trojan-activity; sid:37188081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 179.1.85.123 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.1.85.123"; classtype:trojan-activity; sid:37188091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.46.154 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.46.154"; classtype:trojan-activity; sid:37188101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.73.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.73.13"; classtype:trojan-activity; sid:37188111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.106.25 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.106.25"; classtype:trojan-activity; sid:37188121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 183.15.178.123 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.15.178.123"; classtype:trojan-activity; sid:37188131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 200.189.192.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.189.192.3"; classtype:trojan-activity; sid:37188141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.89.165.209 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.165.209"; classtype:trojan-activity; sid:37188151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 223.178.222.99 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.178.222.99"; classtype:trojan-activity; sid:37188161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.248.58.12 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.248.58.12"; classtype:trojan-activity; sid:37188171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.255.3.117 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.255.3.117"; classtype:trojan-activity; sid:37188181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.19.156.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.19.156.3"; classtype:trojan-activity; sid:37188191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.153.60.228 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.60.228"; classtype:trojan-activity; sid:37188201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 3.89.193.147 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 3.89.193.147"; classtype:trojan-activity; sid:37188211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 52.77.238.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.77.238.193"; classtype:trojan-activity; sid:37188221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.92.4 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.92.4"; classtype:trojan-activity; sid:37188231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.129.161 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.129.161"; classtype:trojan-activity; sid:37188241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.50.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.18"; classtype:trojan-activity; sid:37188251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.96.71.150 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.96.71.150"; classtype:trojan-activity; sid:37188261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.47.12.32 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.47.12.32"; classtype:trojan-activity; sid:37188271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 187.190.112.180 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.190.112.180"; classtype:trojan-activity; sid:37188281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.87.73.208 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.87.73.208"; classtype:trojan-activity; sid:37188291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 59.21.181.55 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.21.181.55"; classtype:trojan-activity; sid:37188301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 178.128.219.157 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.219.157"; classtype:trojan-activity; sid:37188311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.132.148.144 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.148.144"; classtype:trojan-activity; sid:37188321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 84.163.56.17 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.163.56.17"; classtype:trojan-activity; sid:37188331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.24.179.88 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.24.179.88"; classtype:trojan-activity; sid:37188341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 109.122.208.195 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.122.208.195"; classtype:trojan-activity; sid:37188351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.42.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.42.212"; classtype:trojan-activity; sid:37188361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.59.95.16 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.95.16"; classtype:trojan-activity; sid:37188371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 142.93.179.73 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.179.73"; classtype:trojan-activity; sid:37188381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.2.242.132 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.2.242.132"; classtype:trojan-activity; sid:37188391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 198.44.186.49 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.44.186.49"; classtype:trojan-activity; sid:37188401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.153.203.172 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.203.172"; classtype:trojan-activity; sid:37188411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.188.168.53 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.188.168.53"; classtype:trojan-activity; sid:37188421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.106.192.5 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.192.5"; classtype:trojan-activity; sid:37188431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.234.29.57 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.29.57"; classtype:trojan-activity; sid:37188441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.150.26.228 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.150.26.228"; classtype:trojan-activity; sid:37188451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.89.190.154 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.190.154"; classtype:trojan-activity; sid:37188461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.145.131.95 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.145.131.95"; classtype:trojan-activity; sid:37188471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.137.114.19 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.114.19"; classtype:trojan-activity; sid:37188481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.171.186.74 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.171.186.74"; classtype:trojan-activity; sid:37188491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.199.83.187 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.83.187"; classtype:trojan-activity; sid:37188501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.199.139.58 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.139.58"; classtype:trojan-activity; sid:37188511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.76.104.199 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.104.199"; classtype:trojan-activity; sid:37188521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 167.71.207.240 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.207.240"; classtype:trojan-activity; sid:37188531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 142.93.179.81 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.179.81"; classtype:trojan-activity; sid:37188541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.156.168.244 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.168.244"; classtype:trojan-activity; sid:37188551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.17.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.17.35"; classtype:trojan-activity; sid:37188561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.10.44.109 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.10.44.109"; classtype:trojan-activity; sid:37188571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.235.108.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.108.105"; classtype:trojan-activity; sid:37188581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 61.79.29.208 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.79.29.208"; classtype:trojan-activity; sid:37188591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.223.234.245 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.234.245"; classtype:trojan-activity; sid:37188601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 102.128.78.77 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.128.78.77"; classtype:trojan-activity; sid:37188611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 138.2.234.220 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.2.234.220"; classtype:trojan-activity; sid:37188621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 77.68.117.176 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.68.117.176"; classtype:trojan-activity; sid:37188631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.51.22.118 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.22.118"; classtype:trojan-activity; sid:37188641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 142.93.179.66 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.179.66"; classtype:trojan-activity; sid:37188651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 213.6.109.39 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.6.109.39"; classtype:trojan-activity; sid:37188661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.91.128.84 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.91.128.84"; classtype:trojan-activity; sid:37188671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.136.62.243 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.62.243"; classtype:trojan-activity; sid:37188681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.70.48.219 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.70.48.219"; classtype:trojan-activity; sid:37188691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.10.87.21 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.10.87.21"; classtype:trojan-activity; sid:37188701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.250.118 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.250.118"; classtype:trojan-activity; sid:37188711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 171.103.243.157 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.103.243.157"; classtype:trojan-activity; sid:37188721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.54.56.183 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.54.56.183"; classtype:trojan-activity; sid:37188731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 89.185.85.151 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.185.85.151"; classtype:trojan-activity; sid:37188741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.70.90.135 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.90.135"; classtype:trojan-activity; sid:37188751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 213.225.32.62 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.225.32.62"; classtype:trojan-activity; sid:37188761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 92.35.103.58 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.35.103.58"; classtype:trojan-activity; sid:37188771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 38.7.207.170 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.207.170"; classtype:trojan-activity; sid:37188781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.6.5.95 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.6.5.95"; classtype:trojan-activity; sid:37188791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.125.174.9 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.125.174.9"; classtype:trojan-activity; sid:37188801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.51.216 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.51.216"; classtype:trojan-activity; sid:37188811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.54.215.125 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.215.125"; classtype:trojan-activity; sid:37188821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 138.197.78.164 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.78.164"; classtype:trojan-activity; sid:37188831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 220.164.60.7 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.164.60.7"; classtype:trojan-activity; sid:37188841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.230.246.33 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.246.33"; classtype:trojan-activity; sid:37188851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.180.181.208 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.180.181.208"; classtype:trojan-activity; sid:37188861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.149.156.21 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.149.156.21"; classtype:trojan-activity; sid:37188871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 8.222.153.74 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.153.74"; classtype:trojan-activity; sid:37188881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.178.235.211 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.178.235.211"; classtype:trojan-activity; sid:37188891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.42.75.1 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.75.1"; classtype:trojan-activity; sid:37188901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.239.249.70 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.239.249.70"; classtype:trojan-activity; sid:37188911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 112.213.120.9 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.213.120.9"; classtype:trojan-activity; sid:37188921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.12.220.225 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.220.225"; classtype:trojan-activity; sid:37188931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 112.196.70.142 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.196.70.142"; classtype:trojan-activity; sid:37188941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.140.225.242 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.225.242"; classtype:trojan-activity; sid:37188951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 204.44.92.51 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.44.92.51"; classtype:trojan-activity; sid:37188961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.178.203.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.178.203.139"; classtype:trojan-activity; sid:37188971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.199.73.168 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.73.168"; classtype:trojan-activity; sid:37188981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.78.143.130 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.78.143.130"; classtype:trojan-activity; sid:37188991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.229.86.90 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.86.90"; classtype:trojan-activity; sid:37189001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.117.70.195 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.70.195"; classtype:trojan-activity; sid:37189011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.151.149.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.149.158"; classtype:trojan-activity; sid:37189021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.168.95.234 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.168.95.234"; classtype:trojan-activity; sid:37189031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.51.45.37 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.45.37"; classtype:trojan-activity; sid:37189041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.140.252.68 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.252.68"; classtype:trojan-activity; sid:37189051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.13.22.61 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.13.22.61"; classtype:trojan-activity; sid:37189061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 179.62.89.72 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.62.89.72"; classtype:trojan-activity; sid:37189071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.184.199.39 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.184.199.39"; classtype:trojan-activity; sid:37189081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.62.123.87 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.62.123.87"; classtype:trojan-activity; sid:37189091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 69.165.78.164 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.165.78.164"; classtype:trojan-activity; sid:37189101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 158.220.104.80 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.220.104.80"; classtype:trojan-activity; sid:37189111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 190.176.132.78 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.176.132.78"; classtype:trojan-activity; sid:37189121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 167.172.112.115 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.112.115"; classtype:trojan-activity; sid:37189131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 46.250.251.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.250.251.30"; classtype:trojan-activity; sid:37189141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 154.56.0.216 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.56.0.216"; classtype:trojan-activity; sid:37189151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.53.175 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.53.175"; classtype:trojan-activity; sid:37189161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.192.175 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.192.175"; classtype:trojan-activity; sid:37189171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 129.226.211.85 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.211.85"; classtype:trojan-activity; sid:37189181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.51.28.65 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.28.65"; classtype:trojan-activity; sid:37189191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.184.138.182 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.184.138.182"; classtype:trojan-activity; sid:37189201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 2.82.170.232 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.82.170.232"; classtype:trojan-activity; sid:37189211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.75.243.160 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.75.243.160"; classtype:trojan-activity; sid:37189221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 35.222.117.243 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.222.117.243"; classtype:trojan-activity; sid:37189231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 203.24.92.248 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.24.92.248"; classtype:trojan-activity; sid:37189241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 164.92.164.10 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.164.10"; classtype:trojan-activity; sid:37189251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.31.105.94 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.31.105.94"; classtype:trojan-activity; sid:37189261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.199.243.189 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.243.189"; classtype:trojan-activity; sid:37189271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.125.147.181 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.125.147.181"; classtype:trojan-activity; sid:37189281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 157.245.46.21 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.46.21"; classtype:trojan-activity; sid:37189291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.74.180.141 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.74.180.141"; classtype:trojan-activity; sid:37189301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 94.154.33.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.154.33.15"; classtype:trojan-activity; sid:37189311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.138.95.194 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.138.95.194"; classtype:trojan-activity; sid:37189321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.184.143.23 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.184.143.23"; classtype:trojan-activity; sid:37189331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.50.210.148 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.210.148"; classtype:trojan-activity; sid:37189341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 115.79.35.110 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.79.35.110"; classtype:trojan-activity; sid:37189351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 8.210.252.157 any -> $HOME_NET any (msg: "MISP e26162 [] Incoming From IP: 8.210.252.157"; classtype:trojan-activity; sid:37189361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.75.250.123 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.75.250.123"; classtype:trojan-activity; sid:37189371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.198.174.192 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.198.174.192"; classtype:trojan-activity; sid:37189381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.29.0.182 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.0.182"; classtype:trojan-activity; sid:37189391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.161.248.184 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.161.248.184"; classtype:trojan-activity; sid:37189401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.42.44 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.42.44"; classtype:trojan-activity; sid:37189411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.2.223.190 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.2.223.190"; classtype:trojan-activity; sid:37189421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.153.86 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.153.86"; classtype:trojan-activity; sid:37189431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.13.213.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.213.18"; classtype:trojan-activity; sid:37189441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 64.227.122.198 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.122.198"; classtype:trojan-activity; sid:37189451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.53.89.231 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.89.231"; classtype:trojan-activity; sid:37189461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.192.46.49 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.192.46.49"; classtype:trojan-activity; sid:37189471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.51.178.130 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.178.130"; classtype:trojan-activity; sid:37189481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 68.196.122.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.196.122.126"; classtype:trojan-activity; sid:37189491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 204.44.93.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.44.93.140"; classtype:trojan-activity; sid:37189501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.161.248.183 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.161.248.183"; classtype:trojan-activity; sid:37189511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 202.51.74.123 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.51.74.123"; classtype:trojan-activity; sid:37189521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.98.4.2 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.98.4.2"; classtype:trojan-activity; sid:37189531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.109.12.36 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.12.36"; classtype:trojan-activity; sid:37189541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 219.152.52.221 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.152.52.221"; classtype:trojan-activity; sid:37189551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 92.27.157.252 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.27.157.252"; classtype:trojan-activity; sid:37189561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.14.149.85 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.14.149.85"; classtype:trojan-activity; sid:37189571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.211.172 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.211.172"; classtype:trojan-activity; sid:37189581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.35.235.214 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.235.214"; classtype:trojan-activity; sid:37189591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 31.24.253.170 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.24.253.170"; classtype:trojan-activity; sid:37189601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.158.49.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.49.54"; classtype:trojan-activity; sid:37189611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.182.206.253 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.182.206.253"; classtype:trojan-activity; sid:37189621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.230.97.51 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.230.97.51"; classtype:trojan-activity; sid:37189631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.70.155.60 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.70.155.60"; classtype:trojan-activity; sid:37189641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.221.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.221.6"; classtype:trojan-activity; sid:37189651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.52.21.251 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.52.21.251"; classtype:trojan-activity; sid:37189661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.179.42 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.179.42"; classtype:trojan-activity; sid:37189671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.32.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.32.13"; classtype:trojan-activity; sid:37189681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.238.77 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.238.77"; classtype:trojan-activity; sid:37189691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.158.144.155 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.144.155"; classtype:trojan-activity; sid:37189701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.234.104 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.234.104"; classtype:trojan-activity; sid:37189711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.234.31.117 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.234.31.117"; classtype:trojan-activity; sid:37189721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 39.107.156.29 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.107.156.29"; classtype:trojan-activity; sid:37189731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.232.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.232.140"; classtype:trojan-activity; sid:37189741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 102.218.10.141 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.218.10.141"; classtype:trojan-activity; sid:37189751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.156.84.112 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.84.112"; classtype:trojan-activity; sid:37189761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.95.27.190 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.27.190"; classtype:trojan-activity; sid:37189771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 90.239.30.219 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.239.30.219"; classtype:trojan-activity; sid:37189781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 61.72.45.163 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.72.45.163"; classtype:trojan-activity; sid:37189791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 8.210.70.202 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.210.70.202"; classtype:trojan-activity; sid:37189801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.197.122.4 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.197.122.4"; classtype:trojan-activity; sid:37189811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 203.24.92.246 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.24.92.246"; classtype:trojan-activity; sid:37189821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 95.111.255.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.111.255.6"; classtype:trojan-activity; sid:37189831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.43.75.93 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.43.75.93"; classtype:trojan-activity; sid:37189841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.238.232.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.238.232.3"; classtype:trojan-activity; sid:37189851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.34.235 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.34.235"; classtype:trojan-activity; sid:37189861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.50.132 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.132"; classtype:trojan-activity; sid:37189871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 164.132.51.188 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.132.51.188"; classtype:trojan-activity; sid:37189881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.177.43.130 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.177.43.130"; classtype:trojan-activity; sid:37189891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 194.233.64.174 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.233.64.174"; classtype:trojan-activity; sid:37189901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 116.103.226.231 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.103.226.231"; classtype:trojan-activity; sid:37189911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.135.127.233 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.135.127.233"; classtype:trojan-activity; sid:37189921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 198.44.170.159 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.44.170.159"; classtype:trojan-activity; sid:37189931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.75.19.106 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.19.106"; classtype:trojan-activity; sid:37189941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.45.115.123 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.115.123"; classtype:trojan-activity; sid:37189951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.118.145.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.118.145.15"; classtype:trojan-activity; sid:37189961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.248.197.238 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.197.238"; classtype:trojan-activity; sid:37189971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 116.147.40.93 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.147.40.93"; classtype:trojan-activity; sid:37189981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.143.174.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.143.174.45"; classtype:trojan-activity; sid:37189991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.46.105.31 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.46.105.31"; classtype:trojan-activity; sid:37190001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.51.33.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.33.212"; classtype:trojan-activity; sid:37190011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.232.190.69 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.190.69"; classtype:trojan-activity; sid:37190021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 64.23.141.213 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.141.213"; classtype:trojan-activity; sid:37190031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.116.136.219 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.116.136.219"; classtype:trojan-activity; sid:37190041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.225.133 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.225.133"; classtype:trojan-activity; sid:37190051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.136.59.77 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.59.77"; classtype:trojan-activity; sid:37190061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 116.196.86.4 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.196.86.4"; classtype:trojan-activity; sid:37190071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.183.30.17 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.183.30.17"; classtype:trojan-activity; sid:37190081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.45.209.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.209.139"; classtype:trojan-activity; sid:37190091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.163.30.185 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.163.30.185"; classtype:trojan-activity; sid:37190101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.48.120.222 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.120.222"; classtype:trojan-activity; sid:37190111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.192.205.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.205.126"; classtype:trojan-activity; sid:37190121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.95.81.235 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.81.235"; classtype:trojan-activity; sid:37190131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.50.197.160 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.197.160"; classtype:trojan-activity; sid:37190141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.19.130.244 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.19.130.244"; classtype:trojan-activity; sid:37190151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.24.207.112 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.24.207.112"; classtype:trojan-activity; sid:37190161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.91.206.247 any -> $HOME_NET any (msg: "MISP e26162 [] Incoming From IP: 101.91.206.247"; classtype:trojan-activity; sid:37190171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 52.247.229.5 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.247.229.5"; classtype:trojan-activity; sid:37190181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 24.199.84.116 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.199.84.116"; classtype:trojan-activity; sid:37190191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.114.200.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.114.200.15"; classtype:trojan-activity; sid:37190201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 183.158.117.108 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.158.117.108"; classtype:trojan-activity; sid:37190211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 217.76.52.83 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.76.52.83"; classtype:trojan-activity; sid:37190221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.22.39 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.22.39"; classtype:trojan-activity; sid:37190231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.126.34.231 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.34.231"; classtype:trojan-activity; sid:37190241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.128.107.63 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.107.63"; classtype:trojan-activity; sid:37190251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.50.178.36 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.178.36"; classtype:trojan-activity; sid:37190261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.103.41.141 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.41.141"; classtype:trojan-activity; sid:37190271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.138.208 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.138.208"; classtype:trojan-activity; sid:37190281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.146.53.24 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.146.53.24"; classtype:trojan-activity; sid:37190291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.195.184.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.184.139"; classtype:trojan-activity; sid:37190301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.234.190.70 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.190.70"; classtype:trojan-activity; sid:37190311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.50.176.151 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.176.151"; classtype:trojan-activity; sid:37190321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 58.186.85.94 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.186.85.94"; classtype:trojan-activity; sid:37190331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 218.60.95.59 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.60.95.59"; classtype:trojan-activity; sid:37190341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.227.171.66 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.171.66"; classtype:trojan-activity; sid:37190351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 188.166.94.92 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.94.92"; classtype:trojan-activity; sid:37190361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.177.239.168 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.177.239.168"; classtype:trojan-activity; sid:37190371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.69.215.44 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.69.215.44"; classtype:trojan-activity; sid:37190381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 92.255.195.59 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.255.195.59"; classtype:trojan-activity; sid:37190391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 176.88.41.232 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.88.41.232"; classtype:trojan-activity; sid:37190401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.49.75 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.49.75"; classtype:trojan-activity; sid:37190411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 112.165.212.156 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.165.212.156"; classtype:trojan-activity; sid:37190421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 152.136.157.226 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.157.226"; classtype:trojan-activity; sid:37190431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.78.164.164 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.78.164.164"; classtype:trojan-activity; sid:37190441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.212.197.132 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.212.197.132"; classtype:trojan-activity; sid:37190451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.34.44.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.44.3"; classtype:trojan-activity; sid:37190461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.189.120.213 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.189.120.213"; classtype:trojan-activity; sid:37190471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 116.172.130.191 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.172.130.191"; classtype:trojan-activity; sid:37190481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 203.33.206.80 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.33.206.80"; classtype:trojan-activity; sid:37190491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 112.91.126.10 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.91.126.10"; classtype:trojan-activity; sid:37190501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.230.54.66 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.54.66"; classtype:trojan-activity; sid:37190511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.142.82.135 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.82.135"; classtype:trojan-activity; sid:37190521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 178.33.150.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.33.150.54"; classtype:trojan-activity; sid:37190531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 94.76.228.195 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.76.228.195"; classtype:trojan-activity; sid:37190541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 157.230.21.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.21.139"; classtype:trojan-activity; sid:37190551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 47.242.188.92 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.188.92"; classtype:trojan-activity; sid:37190561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.148.194 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.148.194"; classtype:trojan-activity; sid:37190571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 133.232.68.95 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 133.232.68.95"; classtype:trojan-activity; sid:37190581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 197.153.57.103 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.153.57.103"; classtype:trojan-activity; sid:37190591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 79.137.202.87 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.137.202.87"; classtype:trojan-activity; sid:37190601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 64.23.141.157 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.141.157"; classtype:trojan-activity; sid:37190611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 116.62.150.156 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.62.150.156"; classtype:trojan-activity; sid:37190621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.45.20.136 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.20.136"; classtype:trojan-activity; sid:37190631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 31.14.122.135 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.14.122.135"; classtype:trojan-activity; sid:37190641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.42.68.11 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.42.68.11"; classtype:trojan-activity; sid:37190651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.68.192.11 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.68.192.11"; classtype:trojan-activity; sid:37190661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.159.146.198 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.146.198"; classtype:trojan-activity; sid:37190671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 59.4.55.180 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.4.55.180"; classtype:trojan-activity; sid:37190681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.69.230.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.230.35"; classtype:trojan-activity; sid:37190691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 116.204.120.52 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.204.120.52"; classtype:trojan-activity; sid:37190701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 210.113.92.59 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.113.92.59"; classtype:trojan-activity; sid:37190711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.42.84.61 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.84.61"; classtype:trojan-activity; sid:37190721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.195.158.204 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.195.158.204"; classtype:trojan-activity; sid:37190731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.113.0.122 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.113.0.122"; classtype:trojan-activity; sid:37190741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 18.188.126.43 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 18.188.126.43"; classtype:trojan-activity; sid:37190751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.128.243.225 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.243.225"; classtype:trojan-activity; sid:37190761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.42.206.58 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.206.58"; classtype:trojan-activity; sid:37190771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.21.197 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.21.197"; classtype:trojan-activity; sid:37190781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.105.131 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.105.131"; classtype:trojan-activity; sid:37190791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 60.191.91.42 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.191.91.42"; classtype:trojan-activity; sid:37190801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.138.201.168 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.201.168"; classtype:trojan-activity; sid:37190811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 132.145.115.97 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.145.115.97"; classtype:trojan-activity; sid:37190821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 123.58.214.42 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.58.214.42"; classtype:trojan-activity; sid:37190831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 171.251.28.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.251.28.13"; classtype:trojan-activity; sid:37190841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.220.56 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.220.56"; classtype:trojan-activity; sid:37190851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.41.204.48 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.41.204.48"; classtype:trojan-activity; sid:37190861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.232.189.205 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.189.205"; classtype:trojan-activity; sid:37190871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.28.228.78 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.228.78"; classtype:trojan-activity; sid:37190881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.178.198 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.178.198"; classtype:trojan-activity; sid:37190891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 24.142.93.142 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.142.93.142"; classtype:trojan-activity; sid:37190901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 64.23.141.153 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.141.153"; classtype:trojan-activity; sid:37190911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.103.34.153 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.34.153"; classtype:trojan-activity; sid:37190921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.4.145.49 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.4.145.49"; classtype:trojan-activity; sid:37190931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.103.41.240 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.41.240"; classtype:trojan-activity; sid:37190941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.103.40.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.40.18"; classtype:trojan-activity; sid:37190951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.58.213.152 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.213.152"; classtype:trojan-activity; sid:37190961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.229.205.238 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.205.238"; classtype:trojan-activity; sid:37190971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.30.76 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.30.76"; classtype:trojan-activity; sid:37190981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 163.5.59.25 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.5.59.25"; classtype:trojan-activity; sid:37190991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 218.149.19.39 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.149.19.39"; classtype:trojan-activity; sid:37191001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 116.110.8.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.110.8.193"; classtype:trojan-activity; sid:37191011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.139.58.173 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.139.58.173"; classtype:trojan-activity; sid:37191021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 35.227.114.241 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.227.114.241"; classtype:trojan-activity; sid:37191031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.52.223.109 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.223.109"; classtype:trojan-activity; sid:37191041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 154.82.67.210 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.82.67.210"; classtype:trojan-activity; sid:37191051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.248.134.185 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.248.134.185"; classtype:trojan-activity; sid:37191061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.75.15.223 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.15.223"; classtype:trojan-activity; sid:37191071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 194.113.236.217 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.113.236.217"; classtype:trojan-activity; sid:37191081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 190.12.52.199 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.12.52.199"; classtype:trojan-activity; sid:37191091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.138.134.216 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.134.216"; classtype:trojan-activity; sid:37191101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.225.209.117 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.225.209.117"; classtype:trojan-activity; sid:37191111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.122.72.88 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.122.72.88"; classtype:trojan-activity; sid:37191121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.38.52.131 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.38.52.131"; classtype:trojan-activity; sid:37191131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.244.167.116 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.244.167.116"; classtype:trojan-activity; sid:37191141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.138.70.229 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.70.229"; classtype:trojan-activity; sid:37191151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 85.9.107.218 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.9.107.218"; classtype:trojan-activity; sid:37191161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.72.14.37 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.14.37"; classtype:trojan-activity; sid:37191171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.130.62.221 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.62.221"; classtype:trojan-activity; sid:37191181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 172.109.153.90 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.109.153.90"; classtype:trojan-activity; sid:37191191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.43.85.95 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.43.85.95"; classtype:trojan-activity; sid:37191201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.54.223.124 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.223.124"; classtype:trojan-activity; sid:37191211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 198.57.248.56 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.57.248.56"; classtype:trojan-activity; sid:37191221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.171.182.254 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.171.182.254"; classtype:trojan-activity; sid:37191231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 162.240.228.58 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.240.228.58"; classtype:trojan-activity; sid:37191241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.34.61.37 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.61.37"; classtype:trojan-activity; sid:37191251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.42.156.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.156.126"; classtype:trojan-activity; sid:37191261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 174.138.90.218 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.90.218"; classtype:trojan-activity; sid:37191271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 94.181.191.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.181.191.54"; classtype:trojan-activity; sid:37191281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 59.153.122.36 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.153.122.36"; classtype:trojan-activity; sid:37191291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.186.222.50 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.186.222.50"; classtype:trojan-activity; sid:37191301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.199.150.10 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.150.10"; classtype:trojan-activity; sid:37191311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 177.200.34.186 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.200.34.186"; classtype:trojan-activity; sid:37191321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.230.34.91 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.34.91"; classtype:trojan-activity; sid:37191331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.115.148 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.115.148"; classtype:trojan-activity; sid:37191341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 198.244.220.221 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.244.220.221"; classtype:trojan-activity; sid:37191351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.136.53.203 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.53.203"; classtype:trojan-activity; sid:37191361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.156.129.65 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.129.65"; classtype:trojan-activity; sid:37191371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.97.247.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.97.247.139"; classtype:trojan-activity; sid:37191381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.200.124 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.200.124"; classtype:trojan-activity; sid:37191391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.158.16.204 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.16.204"; classtype:trojan-activity; sid:37191401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.117.244.39 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.117.244.39"; classtype:trojan-activity; sid:37191411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.135.1.80 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.1.80"; classtype:trojan-activity; sid:37191421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.165.203.173 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.165.203.173"; classtype:trojan-activity; sid:37191431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 2.189.254.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.189.254.139"; classtype:trojan-activity; sid:37191441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.128.47.170 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.47.170"; classtype:trojan-activity; sid:37191451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.106.191.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.191.105"; classtype:trojan-activity; sid:37191461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 220.76.163.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.76.163.140"; classtype:trojan-activity; sid:37191471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 219.145.133.51 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.145.133.51"; classtype:trojan-activity; sid:37191481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.112.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.112.105"; classtype:trojan-activity; sid:37191491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.227.123.34 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.123.34"; classtype:trojan-activity; sid:37191501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 191.185.95.210 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.185.95.210"; classtype:trojan-activity; sid:37191511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.49.131 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.131"; classtype:trojan-activity; sid:37191521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.33.252.91 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.33.252.91"; classtype:trojan-activity; sid:37191531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.103.243.144 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.103.243.144"; classtype:trojan-activity; sid:37191541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 149.126.169.197 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.126.169.197"; classtype:trojan-activity; sid:37191551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.48.48.41 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.48.41"; classtype:trojan-activity; sid:37191561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 192.144.151.79 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.144.151.79"; classtype:trojan-activity; sid:37191571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 191.84.14.252 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.84.14.252"; classtype:trojan-activity; sid:37191581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 167.172.90.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.90.30"; classtype:trojan-activity; sid:37191591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 158.220.91.79 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.220.91.79"; classtype:trojan-activity; sid:37191601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 24.144.87.37 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.144.87.37"; classtype:trojan-activity; sid:37191611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 154.222.226.137 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.222.226.137"; classtype:trojan-activity; sid:37191621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 116.198.46.25 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.198.46.25"; classtype:trojan-activity; sid:37191631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.251.237.173 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.251.237.173"; classtype:trojan-activity; sid:37191641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.234.66.122 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.234.66.122"; classtype:trojan-activity; sid:37191651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.66.111.149 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.66.111.149"; classtype:trojan-activity; sid:37191661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 129.226.208.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.208.45"; classtype:trojan-activity; sid:37191671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 177.67.238.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.67.238.6"; classtype:trojan-activity; sid:37191681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.156.153.55 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.153.55"; classtype:trojan-activity; sid:37191691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.205.174.210 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.205.174.210"; classtype:trojan-activity; sid:37191701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.43.83.179 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.43.83.179"; classtype:trojan-activity; sid:37191711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 2.189.242.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.189.242.158"; classtype:trojan-activity; sid:37191721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 137.184.118.88 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.118.88"; classtype:trojan-activity; sid:37191731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.248.22.69 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.248.22.69"; classtype:trojan-activity; sid:37191741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 218.145.159.157 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.145.159.157"; classtype:trojan-activity; sid:37191751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 183.56.167.10 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.167.10"; classtype:trojan-activity; sid:37191761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.136.135.41 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.136.135.41"; classtype:trojan-activity; sid:37191771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.238.55 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.238.55"; classtype:trojan-activity; sid:37191781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 89.185.85.104 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.185.85.104"; classtype:trojan-activity; sid:37191791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 223.241.247.214 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.241.247.214"; classtype:trojan-activity; sid:37191801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.86.104 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.86.104"; classtype:trojan-activity; sid:37191811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.113.112 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.113.112"; classtype:trojan-activity; sid:37191821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 213.89.216.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.89.216.193"; classtype:trojan-activity; sid:37191831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.193.41.241 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.41.241"; classtype:trojan-activity; sid:37191841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.193.43.57 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.43.57"; classtype:trojan-activity; sid:37191851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.50.182.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.182.35"; classtype:trojan-activity; sid:37191861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 222.70.137.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.70.137.13"; classtype:trojan-activity; sid:37191871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 194.145.209.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.145.209.126"; classtype:trojan-activity; sid:37191881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 38.7.199.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.199.35"; classtype:trojan-activity; sid:37191891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.236.192.222 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.236.192.222"; classtype:trojan-activity; sid:37191901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 201.123.67.206 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.123.67.206"; classtype:trojan-activity; sid:37191911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 212.146.133.106 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.146.133.106"; classtype:trojan-activity; sid:37191921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.117.0.124 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.0.124"; classtype:trojan-activity; sid:37191931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.27.158.165 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.27.158.165"; classtype:trojan-activity; sid:37191941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 92.241.192.20 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.241.192.20"; classtype:trojan-activity; sid:37191951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.54.141.90 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.54.141.90"; classtype:trojan-activity; sid:37191961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.25.163 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.25.163"; classtype:trojan-activity; sid:37191971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.93.172.106 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.93.172.106"; classtype:trojan-activity; sid:37191981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.158.197.186 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.158.197.186"; classtype:trojan-activity; sid:37191991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.223.65.33 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.65.33"; classtype:trojan-activity; sid:37192001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.87.21.241 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.87.21.241"; classtype:trojan-activity; sid:37192011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 58.34.198.170 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.34.198.170"; classtype:trojan-activity; sid:37192021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 161.10.247.113 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.10.247.113"; classtype:trojan-activity; sid:37192031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 191.242.105.131 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.242.105.131"; classtype:trojan-activity; sid:37192041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 107.173.147.191 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.147.191"; classtype:trojan-activity; sid:37192051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 157.230.102.185 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.102.185"; classtype:trojan-activity; sid:37192061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.225.206.98 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.225.206.98"; classtype:trojan-activity; sid:37192071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.170.11.119 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.170.11.119"; classtype:trojan-activity; sid:37192081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 207.180.226.133 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.180.226.133"; classtype:trojan-activity; sid:37192091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.76.250.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.250.158"; classtype:trojan-activity; sid:37192101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 222.107.110.168 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.107.110.168"; classtype:trojan-activity; sid:37192111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.3.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.3.54"; classtype:trojan-activity; sid:37192121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.107.140.47 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.107.140.47"; classtype:trojan-activity; sid:37192131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.76.108.90 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.108.90"; classtype:trojan-activity; sid:37192141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.48.147.14 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.48.147.14"; classtype:trojan-activity; sid:37192151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.124.94.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.124.94.3"; classtype:trojan-activity; sid:37192161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 68.183.63.174 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.63.174"; classtype:trojan-activity; sid:37192171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.121.67 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.121.67"; classtype:trojan-activity; sid:37192181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.136.135.42 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.136.135.42"; classtype:trojan-activity; sid:37192191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 24.49.234.209 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.49.234.209"; classtype:trojan-activity; sid:37192201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.48.255.67 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.255.67"; classtype:trojan-activity; sid:37192211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 184.168.125.143 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.168.125.143"; classtype:trojan-activity; sid:37192221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 188.131.206.169 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.131.206.169"; classtype:trojan-activity; sid:37192231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 202.157.184.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.184.3"; classtype:trojan-activity; sid:37192241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.131.235.215 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.235.215"; classtype:trojan-activity; sid:37192251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.132.249.177 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.249.177"; classtype:trojan-activity; sid:37192261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 222.165.138.144 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.165.138.144"; classtype:trojan-activity; sid:37192271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 93.113.63.124 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.113.63.124"; classtype:trojan-activity; sid:37192281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.41.163.95 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.41.163.95"; classtype:trojan-activity; sid:37192291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.64.222.191 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.222.191"; classtype:trojan-activity; sid:37192301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 77.237.66.218 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.237.66.218"; classtype:trojan-activity; sid:37192311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.110.252.135 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.252.135"; classtype:trojan-activity; sid:37192321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.122.147 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.122.147"; classtype:trojan-activity; sid:37192331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.33.128 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.33.128"; classtype:trojan-activity; sid:37192341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 137.184.119.247 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.119.247"; classtype:trojan-activity; sid:37192351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.2.223.178 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.2.223.178"; classtype:trojan-activity; sid:37192361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.203.239.220 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.203.239.220"; classtype:trojan-activity; sid:37192371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.204.167.168 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.204.167.168"; classtype:trojan-activity; sid:37192381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.131.248.141 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.248.141"; classtype:trojan-activity; sid:37192391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.35.56.189 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.56.189"; classtype:trojan-activity; sid:37192401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.92.242.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.242.6"; classtype:trojan-activity; sid:37192411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 161.97.89.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.97.89.3"; classtype:trojan-activity; sid:37192421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.155.168.169 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.168.169"; classtype:trojan-activity; sid:37192431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 123.23.26.40 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.23.26.40"; classtype:trojan-activity; sid:37192441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.55.181.235 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.181.235"; classtype:trojan-activity; sid:37192451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 34.170.71.202 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.170.71.202"; classtype:trojan-activity; sid:37192461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.128.229.223 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.229.223"; classtype:trojan-activity; sid:37192471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.137.245 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.137.245"; classtype:trojan-activity; sid:37192481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.228.122 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.228.122"; classtype:trojan-activity; sid:37192491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 211.248.172.248 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.248.172.248"; classtype:trojan-activity; sid:37192501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 161.22.53.23 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.22.53.23"; classtype:trojan-activity; sid:37192511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.172.168 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.172.168"; classtype:trojan-activity; sid:37192521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.140.62.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.140.62.105"; classtype:trojan-activity; sid:37192541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.199.11.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.11.126"; classtype:trojan-activity; sid:37192531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.222.237.156 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.222.237.156"; classtype:trojan-activity; sid:37192551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 209.38.228.147 any -> $HOME_NET any (msg: "MISP e26162 [] Incoming From IP: 209.38.228.147"; classtype:trojan-activity; sid:37192561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.9.155.82 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.9.155.82"; classtype:trojan-activity; sid:37192571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.42.224.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.224.35"; classtype:trojan-activity; sid:37192581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.156.2 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.156.2"; classtype:trojan-activity; sid:37192591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 154.92.16.129 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.92.16.129"; classtype:trojan-activity; sid:37192601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.135.1.206 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.1.206"; classtype:trojan-activity; sid:37192611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.206.232.123 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.206.232.123"; classtype:trojan-activity; sid:37192621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.28.90.118 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.28.90.118"; classtype:trojan-activity; sid:37192631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 157.230.254.228 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.254.228"; classtype:trojan-activity; sid:37192641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 140.143.143.72 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.143.143.72"; classtype:trojan-activity; sid:37192651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.5.151.124 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.5.151.124"; classtype:trojan-activity; sid:37192661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.164.107.107 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.164.107.107"; classtype:trojan-activity; sid:37192671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.75.243.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.75.243.158"; classtype:trojan-activity; sid:37192681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.241.208.202 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.241.208.202"; classtype:trojan-activity; sid:37192691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.50.151 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.151"; classtype:trojan-activity; sid:37192701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 183.105.71.89 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.105.71.89"; classtype:trojan-activity; sid:37192711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 107.158.225.94 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.158.225.94"; classtype:trojan-activity; sid:37192721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 199.195.254.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 199.195.254.71"; classtype:trojan-activity; sid:37192731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.68.171.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.171.45"; classtype:trojan-activity; sid:37192741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.138.26.116 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.138.26.116"; classtype:trojan-activity; sid:37192751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 176.123.176.213 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.123.176.213"; classtype:trojan-activity; sid:37192761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 138.100.82.173 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.100.82.173"; classtype:trojan-activity; sid:37192771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.133.57.57 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.57.57"; classtype:trojan-activity; sid:37192781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 220.93.167.144 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.93.167.144"; classtype:trojan-activity; sid:37192791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.68.36 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.68.36"; classtype:trojan-activity; sid:37192801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.155.86.96 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.155.86.96"; classtype:trojan-activity; sid:37192811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 212.30.221.159 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.30.221.159"; classtype:trojan-activity; sid:37192821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.49.218 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.218"; classtype:trojan-activity; sid:37192831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 218.15.121.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.15.121.54"; classtype:trojan-activity; sid:37192841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 177.148.230.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.148.230.13"; classtype:trojan-activity; sid:37192851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.21.220.148 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.21.220.148"; classtype:trojan-activity; sid:37192861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 177.234.209.200 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.234.209.200"; classtype:trojan-activity; sid:37192871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.89.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.89.71"; classtype:trojan-activity; sid:37192881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.13.7.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.7.212"; classtype:trojan-activity; sid:37192891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.197.77.53 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.197.77.53"; classtype:trojan-activity; sid:37192901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.110.233.255 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.233.255"; classtype:trojan-activity; sid:37192911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.201.39.159 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.201.39.159"; classtype:trojan-activity; sid:37192921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 51.38.118.40 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.38.118.40"; classtype:trojan-activity; sid:37192931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.192.189.153 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.192.189.153"; classtype:trojan-activity; sid:37192941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.248.254.217 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.254.217"; classtype:trojan-activity; sid:37192951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.54.218.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.218.193"; classtype:trojan-activity; sid:37192961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.67.216.151 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.67.216.151"; classtype:trojan-activity; sid:37192971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.147.122 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.147.122"; classtype:trojan-activity; sid:37192981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.89.122.34 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.122.34"; classtype:trojan-activity; sid:37192991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.96.118 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.96.118"; classtype:trojan-activity; sid:37193001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.42.217.88 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.217.88"; classtype:trojan-activity; sid:37193011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.118.10.141 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.118.10.141"; classtype:trojan-activity; sid:37193021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.211.146.25 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.211.146.25"; classtype:trojan-activity; sid:37193031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.70.151.132 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.151.132"; classtype:trojan-activity; sid:37193041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 167.86.91.9 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.86.91.9"; classtype:trojan-activity; sid:37193051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.232.189.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.189.30"; classtype:trojan-activity; sid:37193061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.156.193.184 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.193.184"; classtype:trojan-activity; sid:37193071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.114.165.233 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.165.233"; classtype:trojan-activity; sid:37193081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.89.82.208 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.82.208"; classtype:trojan-activity; sid:37193091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.116.193.66 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.116.193.66"; classtype:trojan-activity; sid:37193101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 125.213.128.169 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.213.128.169"; classtype:trojan-activity; sid:37193111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.68.75.162 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.75.162"; classtype:trojan-activity; sid:37193121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.101.2 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.101.2"; classtype:trojan-activity; sid:37193131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.141.71.252 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.141.71.252"; classtype:trojan-activity; sid:37193141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.229.139.131 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.139.131"; classtype:trojan-activity; sid:37193151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.200.30.97 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.200.30.97"; classtype:trojan-activity; sid:37193161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.156.153.173 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.153.173"; classtype:trojan-activity; sid:37193171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.59.106.10 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.106.10"; classtype:trojan-activity; sid:37193181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 112.16.229.22 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.16.229.22"; classtype:trojan-activity; sid:37193191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.129.230.48 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.230.48"; classtype:trojan-activity; sid:37193201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.101.182.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.182.6"; classtype:trojan-activity; sid:37193211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.15.94 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.15.94"; classtype:trojan-activity; sid:37193221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.25.26.216 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.26.216"; classtype:trojan-activity; sid:37193231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 64.226.80.56 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.226.80.56"; classtype:trojan-activity; sid:37193241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.232.214.57 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.214.57"; classtype:trojan-activity; sid:37193251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.13.79.144 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.13.79.144"; classtype:trojan-activity; sid:37193261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 85.50.226.36 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.50.226.36"; classtype:trojan-activity; sid:37193271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.198.179.217 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.198.179.217"; classtype:trojan-activity; sid:37193281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.196.208.112 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.196.208.112"; classtype:trojan-activity; sid:37193291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.2.233.242 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.2.233.242"; classtype:trojan-activity; sid:37193301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.132.165.64 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.165.64"; classtype:trojan-activity; sid:37193311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.156.233.144 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.233.144"; classtype:trojan-activity; sid:37193321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.138.16.187 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.16.187"; classtype:trojan-activity; sid:37193331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 218.77.35.197 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.77.35.197"; classtype:trojan-activity; sid:37193341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.42.73.97 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.73.97"; classtype:trojan-activity; sid:37193351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.223.87.202 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.87.202"; classtype:trojan-activity; sid:37193361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.57.151 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.57.151"; classtype:trojan-activity; sid:37193371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.76.37.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.76.37.158"; classtype:trojan-activity; sid:37193381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.76.89 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.76.89"; classtype:trojan-activity; sid:37193391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.136.176.218 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.176.218"; classtype:trojan-activity; sid:37193401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 222.73.134.197 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.73.134.197"; classtype:trojan-activity; sid:37193411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 186.24.47.34 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.24.47.34"; classtype:trojan-activity; sid:37193421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 179.61.226.20 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.61.226.20"; classtype:trojan-activity; sid:37193431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.91.48 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.91.48"; classtype:trojan-activity; sid:37193441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.232.221.197 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.221.197"; classtype:trojan-activity; sid:37193451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.141.151.58 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.141.151.58"; classtype:trojan-activity; sid:37193461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 65.108.85.236 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.108.85.236"; classtype:trojan-activity; sid:37193471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.132.197.5 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.197.5"; classtype:trojan-activity; sid:37193481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.169.35.10 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.169.35.10"; classtype:trojan-activity; sid:37193491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.3.204.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.3.204.35"; classtype:trojan-activity; sid:37193501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.51.197.20 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.197.20"; classtype:trojan-activity; sid:37193511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 221.229.218.141 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.229.218.141"; classtype:trojan-activity; sid:37193521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 23.224.174.113 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.224.174.113"; classtype:trojan-activity; sid:37193531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.128.84.81 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.84.81"; classtype:trojan-activity; sid:37193541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.12.121.227 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.121.227"; classtype:trojan-activity; sid:37193551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.70.185.251 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.185.251"; classtype:trojan-activity; sid:37193561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.54.172.245 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.172.245"; classtype:trojan-activity; sid:37193571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 221.133.36.226 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.133.36.226"; classtype:trojan-activity; sid:37193581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.19.156.4 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.19.156.4"; classtype:trojan-activity; sid:37193591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.117.153.69 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.117.153.69"; classtype:trojan-activity; sid:37193601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.25.50.244 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.50.244"; classtype:trojan-activity; sid:37193611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 194.225.40.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.225.40.45"; classtype:trojan-activity; sid:37193621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 140.206.48.66 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.206.48.66"; classtype:trojan-activity; sid:37193631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.109.208.37 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.109.208.37"; classtype:trojan-activity; sid:37193641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.49.236 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.49.236"; classtype:trojan-activity; sid:37193651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.193.121.242 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.121.242"; classtype:trojan-activity; sid:37193661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 23.95.213.146 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.95.213.146"; classtype:trojan-activity; sid:37193671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.34.148.151 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.148.151"; classtype:trojan-activity; sid:37193681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.228.229.218 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.228.229.218"; classtype:trojan-activity; sid:37193691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.59.255.135 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.255.135"; classtype:trojan-activity; sid:37193701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.47.82.152 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.47.82.152"; classtype:trojan-activity; sid:37193711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.157.30.176 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.30.176"; classtype:trojan-activity; sid:37193721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.103.224.209 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.103.224.209"; classtype:trojan-activity; sid:37193731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.138.43.51 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.43.51"; classtype:trojan-activity; sid:37193741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.154.63.95 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.154.63.95"; classtype:trojan-activity; sid:37193751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.52.113.14 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.113.14"; classtype:trojan-activity; sid:37193761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.51.40.229 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.40.229"; classtype:trojan-activity; sid:37193771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.128.156.148 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.156.148"; classtype:trojan-activity; sid:37193781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.77.27.102 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.77.27.102"; classtype:trojan-activity; sid:37193791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 211.225.62.109 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.225.62.109"; classtype:trojan-activity; sid:37193801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 125.99.173.162 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.99.173.162"; classtype:trojan-activity; sid:37193811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 178.128.54.224 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.54.224"; classtype:trojan-activity; sid:37193821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 107.189.30.69 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.189.30.69"; classtype:trojan-activity; sid:37193831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.106.153.108 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.153.108"; classtype:trojan-activity; sid:37193841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.28.201.73 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.201.73"; classtype:trojan-activity; sid:37193851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 186.228.76.26 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.228.76.26"; classtype:trojan-activity; sid:37193861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.212.226 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.212.226"; classtype:trojan-activity; sid:37193871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.54.178.117 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.54.178.117"; classtype:trojan-activity; sid:37193881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 51.75.253.68 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.75.253.68"; classtype:trojan-activity; sid:37193891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.157.20.121 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.20.121"; classtype:trojan-activity; sid:37193901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.15.76.162 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.15.76.162"; classtype:trojan-activity; sid:37193911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.19.156.8 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.19.156.8"; classtype:trojan-activity; sid:37193921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.195.136.86 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.136.86"; classtype:trojan-activity; sid:37193931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.137.36.214 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.36.214"; classtype:trojan-activity; sid:37193941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.160.78.224 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.160.78.224"; classtype:trojan-activity; sid:37193951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.6.232.12 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.6.232.12"; classtype:trojan-activity; sid:37193961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 154.222.225.117 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.222.225.117"; classtype:trojan-activity; sid:37193971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 183.182.104.202 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.182.104.202"; classtype:trojan-activity; sid:37193981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 125.138.102.9 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.138.102.9"; classtype:trojan-activity; sid:37193991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.146.51.128 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.146.51.128"; classtype:trojan-activity; sid:37194001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.27.212.188 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.27.212.188"; classtype:trojan-activity; sid:37194011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.95.66.56 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.66.56"; classtype:trojan-activity; sid:37194021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 93.42.100.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.42.100.30"; classtype:trojan-activity; sid:37194031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 61.190.114.203 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.190.114.203"; classtype:trojan-activity; sid:37194041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.135.167.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.167.15"; classtype:trojan-activity; sid:37194051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.106.94.74 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.106.94.74"; classtype:trojan-activity; sid:37194061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 47.236.19.164 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.19.164"; classtype:trojan-activity; sid:37194071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 50.114.177.31 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.114.177.31"; classtype:trojan-activity; sid:37194081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.187.173.95 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.187.173.95"; classtype:trojan-activity; sid:37194091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.103.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.103.6"; classtype:trojan-activity; sid:37194101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 192.42.116.24 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.42.116.24"; classtype:trojan-activity; sid:37194111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 199.249.230.87 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 199.249.230.87"; classtype:trojan-activity; sid:37194121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.185.249 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.185.249"; classtype:trojan-activity; sid:37194131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 37.120.166.23 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.120.166.23"; classtype:trojan-activity; sid:37194141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 192.42.116.25 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.42.116.25"; classtype:trojan-activity; sid:37194151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.193.244.148 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.244.148"; classtype:trojan-activity; sid:37194161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.255.98.23 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.255.98.23"; classtype:trojan-activity; sid:37194171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.255.111.64 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.255.111.64"; classtype:trojan-activity; sid:37194181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.192.8.64 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.8.64"; classtype:trojan-activity; sid:37194191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.52.219.88 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.219.88"; classtype:trojan-activity; sid:37194201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 172.105.225.119 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.105.225.119"; classtype:trojan-activity; sid:37194211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.110.43.205 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.110.43.205"; classtype:trojan-activity; sid:37194221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.232.201.147 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.201.147"; classtype:trojan-activity; sid:37194231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.53.108.57 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.108.57"; classtype:trojan-activity; sid:37194241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.252.60 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.252.60"; classtype:trojan-activity; sid:37194251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.114.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.114.15"; classtype:trojan-activity; sid:37194261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 51.250.72.177 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.250.72.177"; classtype:trojan-activity; sid:37194271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.8.108.39 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.8.108.39"; classtype:trojan-activity; sid:37194281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.52.125.183 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.125.183"; classtype:trojan-activity; sid:37194291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 58.220.39.220 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.220.39.220"; classtype:trojan-activity; sid:37194301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.64.90 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.64.90"; classtype:trojan-activity; sid:37194311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.192.43.166 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.192.43.166"; classtype:trojan-activity; sid:37194321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.175.88.224 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.175.88.224"; classtype:trojan-activity; sid:37194331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.254.118 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.254.118"; classtype:trojan-activity; sid:37194341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 142.171.2.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.171.2.6"; classtype:trojan-activity; sid:37194351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.136.242 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.136.242"; classtype:trojan-activity; sid:37194361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 12.21.5.10 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 12.21.5.10"; classtype:trojan-activity; sid:37194371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.210.66.53 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.210.66.53"; classtype:trojan-activity; sid:37194381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 221.159.243.96 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.159.243.96"; classtype:trojan-activity; sid:37194391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 196.220.67.231 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.220.67.231"; classtype:trojan-activity; sid:37194401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.212.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.212.126"; classtype:trojan-activity; sid:37194411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 203.121.40.210 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.121.40.210"; classtype:trojan-activity; sid:37194421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 140.238.45.197 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.238.45.197"; classtype:trojan-activity; sid:37194431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.244.4.89 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.244.4.89"; classtype:trojan-activity; sid:37194441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.140.58.65 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.140.58.65"; classtype:trojan-activity; sid:37194451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.214.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.214.6"; classtype:trojan-activity; sid:37194461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 37.238.159.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.238.159.140"; classtype:trojan-activity; sid:37194471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 208.65.84.174 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.65.84.174"; classtype:trojan-activity; sid:37194481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 39.105.104.148 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.105.104.148"; classtype:trojan-activity; sid:37194491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.238.232.2 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.238.232.2"; classtype:trojan-activity; sid:37194501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.171.92.90 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.171.92.90"; classtype:trojan-activity; sid:37194511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 213.136.80.148 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.136.80.148"; classtype:trojan-activity; sid:37194521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 8.222.220.160 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.220.160"; classtype:trojan-activity; sid:37194531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 186.210.209.117 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.210.209.117"; classtype:trojan-activity; sid:37194541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.158.11.43 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.11.43"; classtype:trojan-activity; sid:37194551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.139.170 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.139.170"; classtype:trojan-activity; sid:37194561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.156.200.144 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.200.144"; classtype:trojan-activity; sid:37194571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 83.233.198.53 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.233.198.53"; classtype:trojan-activity; sid:37194581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.20.126.85 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.20.126.85"; classtype:trojan-activity; sid:37194591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.79.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.79.71"; classtype:trojan-activity; sid:37194601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.120.153 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.120.153"; classtype:trojan-activity; sid:37194611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 173.249.18.42 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.249.18.42"; classtype:trojan-activity; sid:37194621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.24.172.220 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.24.172.220"; classtype:trojan-activity; sid:37194631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.209.230.167 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.209.230.167"; classtype:trojan-activity; sid:37194641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 211.57.143.147 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.57.143.147"; classtype:trojan-activity; sid:37194651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.24.177.195 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.24.177.195"; classtype:trojan-activity; sid:37194661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.81.140.222 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.81.140.222"; classtype:trojan-activity; sid:37194671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.157.233.160 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.233.160"; classtype:trojan-activity; sid:37194681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 197.255.240.46 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.255.240.46"; classtype:trojan-activity; sid:37194691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 64.23.141.185 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.141.185"; classtype:trojan-activity; sid:37194701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.254.137.144 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.254.137.144"; classtype:trojan-activity; sid:37194711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.130.244.94 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.244.94"; classtype:trojan-activity; sid:37194721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 85.195.38.143 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.195.38.143"; classtype:trojan-activity; sid:37194731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 37.53.82.111 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.53.82.111"; classtype:trojan-activity; sid:37194741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.192.131.77 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.131.77"; classtype:trojan-activity; sid:37194751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.200.30.96 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.200.30.96"; classtype:trojan-activity; sid:37194761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.64.135.8 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.135.8"; classtype:trojan-activity; sid:37194771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.34.204.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.204.158"; classtype:trojan-activity; sid:37194781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 129.151.138.242 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.151.138.242"; classtype:trojan-activity; sid:37194791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert http $HOME_NET any -> 77.105.132.197 $HTTP_PORTS (msg: "MISP e26075 [Stealc] Outgoing URL http|3a|//77.105.132.197/05b89c2203fb7bde.php"; flow:to_server,established; http.header; content:"77.105.132.197"; fast_pattern; nocase; http.uri; content:"/05b89c2203fb7bde.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37124151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip 101.35.245.17 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.245.17"; classtype:trojan-activity; sid:37194801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 50.58.197.247 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.58.197.247"; classtype:trojan-activity; sid:37194811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.128.31.27 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.31.27"; classtype:trojan-activity; sid:37194821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.15.242.165 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.15.242.165"; classtype:trojan-activity; sid:37194831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.192.81.46 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.192.81.46"; classtype:trojan-activity; sid:37194841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.50.91 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.91"; classtype:trojan-activity; sid:37194851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.14.101.132 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.101.132"; classtype:trojan-activity; sid:37194861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.30.43.224 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.30.43.224"; classtype:trojan-activity; sid:37194871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 154.221.22.205 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.221.22.205"; classtype:trojan-activity; sid:37194881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.44.164.19 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.44.164.19"; classtype:trojan-activity; sid:37194891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 123.59.232.173 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.59.232.173"; classtype:trojan-activity; sid:37194901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.155.178 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.155.178"; classtype:trojan-activity; sid:37194911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.50.70.107 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.50.70.107"; classtype:trojan-activity; sid:37194921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.235.34.82 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.235.34.82"; classtype:trojan-activity; sid:37194931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 188.230.92.244 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.230.92.244"; classtype:trojan-activity; sid:37194941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.137.192.7 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.192.7"; classtype:trojan-activity; sid:37194951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.62.61.194 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.62.61.194"; classtype:trojan-activity; sid:37194961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip $HOME_NET any -> 46.246.82.3 5552 (msg: "MISP e26075 [njrat] Outgoing To IP: 46.246.82.3|5552"; classtype:trojan-activity; sid:37124161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip 101.43.37.115 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.37.115"; classtype:trojan-activity; sid:37194971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.163.239.251 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.239.251"; classtype:trojan-activity; sid:37194981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 59.1.81.253 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.1.81.253"; classtype:trojan-activity; sid:37194991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 115.77.69.14 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.77.69.14"; classtype:trojan-activity; sid:37195001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.119.85.88 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.119.85.88"; classtype:trojan-activity; sid:37195011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.227.123.24 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.123.24"; classtype:trojan-activity; sid:37195021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert http $HOME_NET any -> 77.105.132.197 $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//77.105.132.197/05b89c2203fb7bde.php"; flow:to_server,established; http.header; content:"77.105.132.197"; fast_pattern; nocase; http.uri; content:"/05b89c2203fb7bde.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37204761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip 103.114.201.91 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.114.201.91"; classtype:trojan-activity; sid:37195031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 201.208.201.137 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.208.201.137"; classtype:trojan-activity; sid:37195041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 183.52.225.141 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.52.225.141"; classtype:trojan-activity; sid:37195051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.229.65.26 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.229.65.26"; classtype:trojan-activity; sid:37195061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.68.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.68.193"; classtype:trojan-activity; sid:37195071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.106.245.20 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.106.245.20"; classtype:trojan-activity; sid:37195081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.32.165.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.165.6"; classtype:trojan-activity; sid:37195091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.55.156.49 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.156.49"; classtype:trojan-activity; sid:37195101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.224.116.208 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.224.116.208"; classtype:trojan-activity; sid:37195111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 58.47.68.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.68.18"; classtype:trojan-activity; sid:37195121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 140.246.137.102 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.246.137.102"; classtype:trojan-activity; sid:37195131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 94.198.135.249 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.198.135.249"; classtype:trojan-activity; sid:37195141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 190.99.162.225 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.99.162.225"; classtype:trojan-activity; sid:37195151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.41.75.226 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.41.75.226"; classtype:trojan-activity; sid:37195161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.127.174 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.127.174"; classtype:trojan-activity; sid:37195171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.45.93.109 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.93.109"; classtype:trojan-activity; sid:37195181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 23.129.64.137 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.137"; classtype:trojan-activity; sid:37195191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 210.16.104.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.16.104.6"; classtype:trojan-activity; sid:37195201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.134.65.233 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.134.65.233"; classtype:trojan-activity; sid:37195211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.20.103.192 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.20.103.192"; classtype:trojan-activity; sid:37195221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.241.208.204 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.241.208.204"; classtype:trojan-activity; sid:37195231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.199.161.227 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.161.227"; classtype:trojan-activity; sid:37195241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.198.208.115 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.208.115"; classtype:trojan-activity; sid:37195251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.155.143.22 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.143.22"; classtype:trojan-activity; sid:37195261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.12.139.246 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.139.246"; classtype:trojan-activity; sid:37195271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 201.48.206.147 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.48.206.147"; classtype:trojan-activity; sid:37195281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.195.180.63 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.180.63"; classtype:trojan-activity; sid:37195291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.13.109 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.13.109"; classtype:trojan-activity; sid:37195301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 212.42.97.108 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.42.97.108"; classtype:trojan-activity; sid:37195311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.230.249.106 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.249.106"; classtype:trojan-activity; sid:37195321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.142.73.44 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.73.44"; classtype:trojan-activity; sid:37195331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.33.199.247 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.199.247"; classtype:trojan-activity; sid:37195341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 194.104.136.232 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.104.136.232"; classtype:trojan-activity; sid:37195351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 191.54.217.211 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.54.217.211"; classtype:trojan-activity; sid:37195361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 162.247.74.74 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.247.74.74"; classtype:trojan-activity; sid:37195371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.184.65.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.184.65.71"; classtype:trojan-activity; sid:37195381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.12.160.238 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.160.238"; classtype:trojan-activity; sid:37195391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.252.143.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.252.143.6"; classtype:trojan-activity; sid:37195401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.28.201.75 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.201.75"; classtype:trojan-activity; sid:37195411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 69.10.36.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.10.36.54"; classtype:trojan-activity; sid:37195421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 172.104.150.86 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.104.150.86"; classtype:trojan-activity; sid:37195431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 218.50.149.213 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.50.149.213"; classtype:trojan-activity; sid:37195441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.75.4.174 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.4.174"; classtype:trojan-activity; sid:37195451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.12.244.43 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.244.43"; classtype:trojan-activity; sid:37195461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.178.29.172 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.178.29.172"; classtype:trojan-activity; sid:37195471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.158.7.254 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.7.254"; classtype:trojan-activity; sid:37195481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 84.42.28.190 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.42.28.190"; classtype:trojan-activity; sid:37195491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 134.122.191.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.122.191.158"; classtype:trojan-activity; sid:37195501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.43.72.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.43.72.139"; classtype:trojan-activity; sid:37195511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 58.215.45.187 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.215.45.187"; classtype:trojan-activity; sid:37195521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.68.64.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.64.35"; classtype:trojan-activity; sid:37195531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.34.194 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.34.194"; classtype:trojan-activity; sid:37195541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 129.204.241.156 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.204.241.156"; classtype:trojan-activity; sid:37195551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.162.151 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.162.151"; classtype:trojan-activity; sid:37195561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 51.250.94.177 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.250.94.177"; classtype:trojan-activity; sid:37195571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.14.109.65 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.109.65"; classtype:trojan-activity; sid:37195581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 77.73.131.239 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.73.131.239"; classtype:trojan-activity; sid:37195591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.35.195.7 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.195.7"; classtype:trojan-activity; sid:37195601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.229.202.203 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.202.203"; classtype:trojan-activity; sid:37195611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 152.136.161.237 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.161.237"; classtype:trojan-activity; sid:37195621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.232.186.7 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.186.7"; classtype:trojan-activity; sid:37195631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.235.143.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.143.35"; classtype:trojan-activity; sid:37195641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.226.49.106 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.226.49.106"; classtype:trojan-activity; sid:37195651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.117.163.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.117.163.139"; classtype:trojan-activity; sid:37195661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.106.77 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.106.77"; classtype:trojan-activity; sid:37195671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 219.152.170.58 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.152.170.58"; classtype:trojan-activity; sid:37195681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 61.177.203.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.177.203.30"; classtype:trojan-activity; sid:37195691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.217.80.89 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.217.80.89"; classtype:trojan-activity; sid:37195701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.75.217.165 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.217.165"; classtype:trojan-activity; sid:37195711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.134.69.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.134.69.15"; classtype:trojan-activity; sid:37195721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.146.44.146 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.146.44.146"; classtype:trojan-activity; sid:37195731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.250.4.164 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.250.4.164"; classtype:trojan-activity; sid:37195741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.152.113.229 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.152.113.229"; classtype:trojan-activity; sid:37195751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 85.113.71.118 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.113.71.118"; classtype:trojan-activity; sid:37195761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.165.94 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.165.94"; classtype:trojan-activity; sid:37195771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.206.107.100 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.206.107.100"; classtype:trojan-activity; sid:37195781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.70.167.36 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.167.36"; classtype:trojan-activity; sid:37195791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.194.251.96 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.251.96"; classtype:trojan-activity; sid:37195801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 90.179.82.177 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.179.82.177"; classtype:trojan-activity; sid:37195811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.7.230.97 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.7.230.97"; classtype:trojan-activity; sid:37195821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.132.252.209 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.252.209"; classtype:trojan-activity; sid:37195831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.175.169 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.175.169"; classtype:trojan-activity; sid:37195841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.64.155.240 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.155.240"; classtype:trojan-activity; sid:37195851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 163.172.219.36 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.172.219.36"; classtype:trojan-activity; sid:37195861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 162.14.108.92 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.108.92"; classtype:trojan-activity; sid:37195871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip $HOME_NET any -> 46.246.82.3 5552 (msg: "MISP e26168 [] Outgoing To IP: 46.246.82.3|5552"; classtype:trojan-activity; sid:37204771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip 43.153.39.161 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.39.161"; classtype:trojan-activity; sid:37195881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.64.222.198 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.222.198"; classtype:trojan-activity; sid:37195891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert dns any any -> any any (msg: "MISP e26071 [] Domain patito.vkinfotechsolution.com"; dns.query; content:"patito.vkinfotechsolution.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.vkinfotechsolution\.com$/i"; classtype:trojan-activity; sid:37123051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26071;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26071 [] Outgoing HTTP Domain patito.vkinfotechsolution.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patito.vkinfotechsolution.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.vkinfotechsolution\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26071;) alert ip 82.156.124.55 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.124.55"; classtype:trojan-activity; sid:37195901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.40.212.99 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.212.99"; classtype:trojan-activity; sid:37195911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.184.202 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.184.202"; classtype:trojan-activity; sid:37195921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.50.63 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.63"; classtype:trojan-activity; sid:37195931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 132.232.100.125 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.232.100.125"; classtype:trojan-activity; sid:37195941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.52.230.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.230.126"; classtype:trojan-activity; sid:37195951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.136.49.157 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.49.157"; classtype:trojan-activity; sid:37195961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.68.219.64 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.219.64"; classtype:trojan-activity; sid:37195971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.230.115.124 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.115.124"; classtype:trojan-activity; sid:37195981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.9.59 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.9.59"; classtype:trojan-activity; sid:37195991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 129.226.221.72 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.221.72"; classtype:trojan-activity; sid:37196001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 221.167.45.84 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.167.45.84"; classtype:trojan-activity; sid:37196011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 154.221.26.21 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.221.26.21"; classtype:trojan-activity; sid:37196021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.142.236.101 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.236.101"; classtype:trojan-activity; sid:37196031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 64.44.58.83 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.44.58.83"; classtype:trojan-activity; sid:37196041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 178.128.94.88 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.94.88"; classtype:trojan-activity; sid:37196051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.153.194.238 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.194.238"; classtype:trojan-activity; sid:37196061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.208.85.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.208.85.193"; classtype:trojan-activity; sid:37196071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.24.62.110 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.24.62.110"; classtype:trojan-activity; sid:37196081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.47.15.165 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.47.15.165"; classtype:trojan-activity; sid:37196091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 171.97.97.19 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.97.97.19"; classtype:trojan-activity; sid:37196101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.40.135.152 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.135.152"; classtype:trojan-activity; sid:37196111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.88.44 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.88.44"; classtype:trojan-activity; sid:37196121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 219.150.93.157 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.150.93.157"; classtype:trojan-activity; sid:37196131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 125.129.96.238 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.129.96.238"; classtype:trojan-activity; sid:37196141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.27.239.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.27.239.13"; classtype:trojan-activity; sid:37196151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.32.254.102 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.254.102"; classtype:trojan-activity; sid:37196161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 198.71.48.5 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.71.48.5"; classtype:trojan-activity; sid:37196171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.140.194.87 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.140.194.87"; classtype:trojan-activity; sid:37196181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.160.57 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.160.57"; classtype:trojan-activity; sid:37196191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.160.96.242 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.160.96.242"; classtype:trojan-activity; sid:37196201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.137.17.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.137.17.158"; classtype:trojan-activity; sid:37196211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 219.237.41.28 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.237.41.28"; classtype:trojan-activity; sid:37196221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 123.207.10.164 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.10.164"; classtype:trojan-activity; sid:37196231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.75.12.239 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.12.239"; classtype:trojan-activity; sid:37196241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.243.26.143 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.243.26.143"; classtype:trojan-activity; sid:37196251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.33.118.122 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.33.118.122"; classtype:trojan-activity; sid:37196261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 197.148.6.162 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.148.6.162"; classtype:trojan-activity; sid:37196271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.212.73 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.212.73"; classtype:trojan-activity; sid:37196281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.231.192.36 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.231.192.36"; classtype:trojan-activity; sid:37196291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.77.50.82 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.77.50.82"; classtype:trojan-activity; sid:37196301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.43.72.148 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.43.72.148"; classtype:trojan-activity; sid:37196311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.35.18.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.35.18.105"; classtype:trojan-activity; sid:37196321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.209.209 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.209.209"; classtype:trojan-activity; sid:37196331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.103.43 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.103.43"; classtype:trojan-activity; sid:37196341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 152.228.149.234 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.228.149.234"; classtype:trojan-activity; sid:37196351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 188.131.244.120 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.131.244.120"; classtype:trojan-activity; sid:37196361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.108.135 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.108.135"; classtype:trojan-activity; sid:37196371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.187.51.138 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.187.51.138"; classtype:trojan-activity; sid:37196381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.167.89.68 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.167.89.68"; classtype:trojan-activity; sid:37196391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.203.175.40 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.175.40"; classtype:trojan-activity; sid:37196401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.253.42.229 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.253.42.229"; classtype:trojan-activity; sid:37196411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.40.173.41 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.173.41"; classtype:trojan-activity; sid:37196421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.117.72.138 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.72.138"; classtype:trojan-activity; sid:37196431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.28.201.74 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.201.74"; classtype:trojan-activity; sid:37196441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.154.86.67 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.86.67"; classtype:trojan-activity; sid:37196451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.196.231 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.196.231"; classtype:trojan-activity; sid:37196461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 95.61.153.246 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.61.153.246"; classtype:trojan-activity; sid:37196471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.230.198.63 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.198.63"; classtype:trojan-activity; sid:37196481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.126.65.210 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.65.210"; classtype:trojan-activity; sid:37196491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 123.207.211.241 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.211.241"; classtype:trojan-activity; sid:37196501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.91.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.91.212"; classtype:trojan-activity; sid:37196511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.150.84.201 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.150.84.201"; classtype:trojan-activity; sid:37196521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.183.4.66 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.183.4.66"; classtype:trojan-activity; sid:37196531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 186.7.75.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.7.75.15"; classtype:trojan-activity; sid:37196541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.42.161.99 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.161.99"; classtype:trojan-activity; sid:37196551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.120.91 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.120.91"; classtype:trojan-activity; sid:37196561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.140.194.75 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.140.194.75"; classtype:trojan-activity; sid:37196571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.223.58.171 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.58.171"; classtype:trojan-activity; sid:37196581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 222.184.35.109 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.184.35.109"; classtype:trojan-activity; sid:37196591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.162.78.100 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.162.78.100"; classtype:trojan-activity; sid:37196601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.45.243.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.243.35"; classtype:trojan-activity; sid:37196611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.35.73 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.35.73"; classtype:trojan-activity; sid:37196621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.174.158.14 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.174.158.14"; classtype:trojan-activity; sid:37196631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.153.43.145 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.43.145"; classtype:trojan-activity; sid:37196641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 123.207.77.12 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.77.12"; classtype:trojan-activity; sid:37196651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.15.56 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.15.56"; classtype:trojan-activity; sid:37196661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 107.151.199.243 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.151.199.243"; classtype:trojan-activity; sid:37196671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.30.63 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.30.63"; classtype:trojan-activity; sid:37196681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.101.97 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.97"; classtype:trojan-activity; sid:37196691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.99.163.171 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.99.163.171"; classtype:trojan-activity; sid:37196701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 59.42.129.230 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.42.129.230"; classtype:trojan-activity; sid:37196711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.101.166 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.166"; classtype:trojan-activity; sid:37196721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.208.75.153 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.208.75.153"; classtype:trojan-activity; sid:37196731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 217.196.103.203 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.196.103.203"; classtype:trojan-activity; sid:37196741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 186.235.70.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.235.70.45"; classtype:trojan-activity; sid:37196751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.232.18.198 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.232.18.198"; classtype:trojan-activity; sid:37196761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.60.69.136 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.60.69.136"; classtype:trojan-activity; sid:37196771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.110.43.200 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.110.43.200"; classtype:trojan-activity; sid:37196781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 38.7.199.34 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.199.34"; classtype:trojan-activity; sid:37196791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.50.185.16 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.185.16"; classtype:trojan-activity; sid:37196801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 24.11.70.85 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 24.11.70.85"; classtype:trojan-activity; sid:37130341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 202.73.49.182 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 202.73.49.182"; classtype:trojan-activity; sid:37130351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 202.55.80.225 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 202.55.80.225"; classtype:trojan-activity; sid:37130361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 24.142.165.2 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 24.142.165.2"; classtype:trojan-activity; sid:37130371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 42.98.5.225 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 42.98.5.225"; classtype:trojan-activity; sid:37130381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 45.83.90.11 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 45.83.90.11"; classtype:trojan-activity; sid:37130391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 45.91.95.181 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 45.91.95.181"; classtype:trojan-activity; sid:37130401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 50.173.136.70 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 50.173.136.70"; classtype:trojan-activity; sid:37130411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 61.14.68.33 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 61.14.68.33"; classtype:trojan-activity; sid:37130421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 62.4.36.126 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 62.4.36.126"; classtype:trojan-activity; sid:37130431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 68.76.150.97 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 68.76.150.97"; classtype:trojan-activity; sid:37130441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 69.51.2.106 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 69.51.2.106"; classtype:trojan-activity; sid:37130451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 69.162.253.21 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 69.162.253.21"; classtype:trojan-activity; sid:37130461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 73.80.9.137 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 73.80.9.137"; classtype:trojan-activity; sid:37130471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 74.208.228.186 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 74.208.228.186"; classtype:trojan-activity; sid:37130481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 80.246.28.58 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 80.246.28.58"; classtype:trojan-activity; sid:37130491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 85.195.206.7 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 85.195.206.7"; classtype:trojan-activity; sid:37130501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 85.240.182.23 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 85.240.182.23"; classtype:trojan-activity; sid:37130511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 89.96.196.150 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 89.96.196.150"; classtype:trojan-activity; sid:37130521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 87.249.139.239 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 87.249.139.239"; classtype:trojan-activity; sid:37130531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 87.249.139.243 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 87.249.139.243"; classtype:trojan-activity; sid:37130541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 89.117.88.2 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 89.117.88.2"; classtype:trojan-activity; sid:37130551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 95.85.72.160 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 95.85.72.160"; classtype:trojan-activity; sid:37130561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 101.255.119.42 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 101.255.119.42"; classtype:trojan-activity; sid:37130571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 108.165.249.2 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 108.165.249.2"; classtype:trojan-activity; sid:37130581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 109.169.22.87 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 109.169.22.87"; classtype:trojan-activity; sid:37130591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 113.160.234.229 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 113.160.234.229"; classtype:trojan-activity; sid:37130601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 149.50.208.22 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 149.50.208.22"; classtype:trojan-activity; sid:37130611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 149.102.246.51 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 149.102.246.51"; classtype:trojan-activity; sid:37130621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 166.0.24.2 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 166.0.24.2"; classtype:trojan-activity; sid:37130631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 168.205.200.55 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 168.205.200.55"; classtype:trojan-activity; sid:37130641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 174.53.242.108 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 174.53.242.108"; classtype:trojan-activity; sid:37130651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 176.67.83.7 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 176.67.83.7"; classtype:trojan-activity; sid:37130661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 181.209.99.204 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 181.209.99.204"; classtype:trojan-activity; sid:37130671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 183.178.180.158 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 183.178.180.158"; classtype:trojan-activity; sid:37130681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 185.132.17.160 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 185.132.17.160"; classtype:trojan-activity; sid:37130691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 185.147.214.177 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 185.147.214.177"; classtype:trojan-activity; sid:37130701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 193.138.218.161 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 193.138.218.161"; classtype:trojan-activity; sid:37130711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 194.14.208.15 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 194.14.208.15"; classtype:trojan-activity; sid:37130721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 194.14.217.63 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 194.14.217.63"; classtype:trojan-activity; sid:37130731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 195.231.67.193 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 195.231.67.193"; classtype:trojan-activity; sid:37130741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 202.175.177.238 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 202.175.177.238"; classtype:trojan-activity; sid:37130751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 203.149.168.34 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 203.149.168.34"; classtype:trojan-activity; sid:37130761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 213.32.252.221 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 213.32.252.221"; classtype:trojan-activity; sid:37130771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 216.131.111.138 any -> $HOME_NET any (msg: "MISP e26116 [] Incoming From IP: 216.131.111.138"; classtype:trojan-activity; sid:37130781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain consumerapp.frge.io"; dns.query; content:"consumerapp.frge.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])consumerapp\.frge\.io$/i"; classtype:trojan-activity; sid:37130791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain consumerapp.frge.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consumerapp.frge.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consumerapp\.frge\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain dsfhdjhgkjhllgdhsh.000webhostapp.com"; dns.query; content:"dsfhdjhgkjhllgdhsh.000webhostapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dsfhdjhgkjhllgdhsh\.000webhostapp\.com$/i"; classtype:trojan-activity; sid:37130801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain dsfhdjhgkjhllgdhsh.000webhostapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dsfhdjhgkjhllgdhsh.000webhostapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dsfhdjhgkjhllgdhsh\.000webhostapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130802; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain hamster-795.frge.io"; dns.query; content:"hamster-795.frge.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])hamster\-795\.frge\.io$/i"; classtype:trojan-activity; sid:37130811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain hamster-795.frge.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hamster-795.frge.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hamster\-795\.frge\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130812; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain sdrhsrthytr.wuaze.com"; dns.query; content:"sdrhsrthytr.wuaze.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sdrhsrthytr\.wuaze\.com$/i"; classtype:trojan-activity; sid:37130821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain sdrhsrthytr.wuaze.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sdrhsrthytr.wuaze.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sdrhsrthytr\.wuaze\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130822; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain settings-inform.rf.gd"; dns.query; content:"settings-inform.rf.gd"; nocase; pcre: "/(^|[^A-Za-z0-9-])settings\-inform\.rf\.gd$/i"; classtype:trojan-activity; sid:37130831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain settings-inform.rf.gd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"settings-inform.rf.gd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])settings\-inform\.rf\.gd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130832; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain settings-panel.frge.io"; dns.query; content:"settings-panel.frge.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])settings\-panel\.frge\.io$/i"; classtype:trojan-activity; sid:37130841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain settings-panel.frge.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"settings-panel.frge.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])settings\-panel\.frge\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130842; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain mockbin.org"; dns.query; content:"mockbin.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mockbin\.org$/i"; classtype:trojan-activity; sid:37130851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain mockbin.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mockbin.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mockbin\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130852; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain run.mocky.io"; dns.query; content:"run.mocky.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])run\.mocky\.io$/i"; classtype:trojan-activity; sid:37130861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain run.mocky.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"run.mocky.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])run\.mocky\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130862; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain webhook.site"; dns.query; content:"webhook.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])webhook\.site$/i"; classtype:trojan-activity; sid:37130871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain webhook.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webhook.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webhook\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130872; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain calc-dwn.infinityfreeapp.com"; dns.query; content:"calc-dwn.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calc\-dwn\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37130881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain calc-dwn.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calc-dwn.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calc\-dwn\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain clouddrive.infinityfreeapp.com"; dns.query; content:"clouddrive.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clouddrive\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37130891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain clouddrive.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clouddrive.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clouddrive\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130892; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain cloud-for-files.rf.gd"; dns.query; content:"cloud-for-files.rf.gd"; nocase; pcre: "/(^|[^A-Za-z0-9-])cloud\-for\-files\.rf\.gd$/i"; classtype:trojan-activity; sid:37130901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain cloud-for-files.rf.gd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cloud-for-files.rf.gd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cloud\-for\-files\.rf\.gd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130902; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain document-c.infinityfreeapp.com"; dns.query; content:"document-c.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])document\-c\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37130911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain document-c.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"document-c.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])document\-c\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130912; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain document-d.infinityfreeapp.com"; dns.query; content:"document-d.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])document\-d\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37130921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain document-d.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"document-d.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])document\-d\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130922; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain downloadc.infinityfreeapp.com"; dns.query; content:"downloadc.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadc\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37130931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain downloadc.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"downloadc.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadc\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130932; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain downloaddoc.infinityfreeapp.com"; dns.query; content:"downloaddoc.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])downloaddoc\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37130941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain downloaddoc.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"downloaddoc.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])downloaddoc\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130942; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain downloadfile.infinityfreeapp.com"; dns.query; content:"downloadfile.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadfile\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37130951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain downloadfile.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"downloadfile.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadfile\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130952; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain downloading.infinityfreeapp.com"; dns.query; content:"downloading.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])downloading\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37130961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain downloading.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"downloading.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])downloading\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130962; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain downloadingdoc.infinityfreeapp.com"; dns.query; content:"downloadingdoc.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadingdoc\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37130971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain downloadingdoc.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"downloadingdoc.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadingdoc\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130972; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain downloadinge.infinityfreeapp.com"; dns.query; content:"downloadinge.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadinge\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37130981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain downloadinge.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"downloadinge.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadinge\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain downloadingf.infinityfreeapp.com"; dns.query; content:"downloadingf.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadingf\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37130991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain downloadingf.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"downloadingf.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadingf\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37130992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain downloadingq.infinityfreeapp.com"; dns.query; content:"downloadingq.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadingq\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain downloadingq.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"downloadingq.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadingq\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain downloadingw.infinityfreeapp.com"; dns.query; content:"downloadingw.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadingw\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain downloadingw.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"downloadingw.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadingw\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain downloadx.infinityfreeapp.com"; dns.query; content:"downloadx.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadx\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain downloadx.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"downloadx.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadx\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain downloadz.infinityfreeapp.com"; dns.query; content:"downloadz.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadz\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain downloadz.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"downloadz.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])downloadz\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131032; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain driveonline.rf.gd"; dns.query; content:"driveonline.rf.gd"; nocase; pcre: "/(^|[^A-Za-z0-9-])driveonline\.rf\.gd$/i"; classtype:trojan-activity; sid:37131041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain driveonline.rf.gd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"driveonline.rf.gd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])driveonline\.rf\.gd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131042; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain file-download.infinityfreeapp.com"; dns.query; content:"file-download.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])file\-download\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain file-download.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"file-download.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])file\-download\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131052; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain filedownload.infinityfreeapp.com"; dns.query; content:"filedownload.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])filedownload\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain filedownload.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"filedownload.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])filedownload\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131062; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain filedwn.infinityfreeapp.com"; dns.query; content:"filedwn.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])filedwn\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain filedwn.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"filedwn.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])filedwn\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain filehosting.infinityfreeapp.com"; dns.query; content:"filehosting.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])filehosting\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain filehosting.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"filehosting.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])filehosting\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131082; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain filihosting.infinityfreeapp.com"; dns.query; content:"filihosting.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])filihosting\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain filihosting.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"filihosting.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])filihosting\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131092; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain microsoftcloud.rf.gd"; dns.query; content:"microsoftcloud.rf.gd"; nocase; pcre: "/(^|[^A-Za-z0-9-])microsoftcloud\.rf\.gd$/i"; classtype:trojan-activity; sid:37131101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain microsoftcloud.rf.gd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"microsoftcloud.rf.gd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])microsoftcloud\.rf\.gd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131102; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain microsoft-files.infinityfreeapp.com"; dns.query; content:"microsoft-files.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])microsoft\-files\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain microsoft-files.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"microsoft-files.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])microsoft\-files\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131112; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain microsoft-update-com.github.io"; dns.query; content:"microsoft-update-com.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])microsoft\-update\-com\.github\.io$/i"; classtype:trojan-activity; sid:37131121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain microsoft-update-com.github.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"microsoft-update-com.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])microsoft\-update\-com\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131122; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain online-shopping.infinityfreeapp.com"; dns.query; content:"online-shopping.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])online\-shopping\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain online-shopping.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"online-shopping.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])online\-shopping\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131132; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain opendoc.infinityfreeapp.com"; dns.query; content:"opendoc.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])opendoc\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain opendoc.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"opendoc.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])opendoc\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131142; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain opendocument.infinityfreeapp.com"; dns.query; content:"opendocument.infinityfreeapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])opendocument\.infinityfreeapp\.com$/i"; classtype:trojan-activity; sid:37131151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain opendocument.infinityfreeapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"opendocument.infinityfreeapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])opendocument\.infinityfreeapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131152; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain radkaulmanova.github.io"; dns.query; content:"radkaulmanova.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])radkaulmanova\.github\.io$/i"; classtype:trojan-activity; sid:37131161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain radkaulmanova.github.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"radkaulmanova.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])radkaulmanova\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131162; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain rosaharvey1985.github.io"; dns.query; content:"rosaharvey1985.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])rosaharvey1985\.github\.io$/i"; classtype:trojan-activity; sid:37131171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain rosaharvey1985.github.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rosaharvey1985.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rosaharvey1985\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131172; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert dns any any -> any any (msg: "MISP e26116 [] Domain shared-files.rf.gd"; dns.query; content:"shared-files.rf.gd"; nocase; pcre: "/(^|[^A-Za-z0-9-])shared\-files\.rf\.gd$/i"; classtype:trojan-activity; sid:37131181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26116 [] Outgoing HTTP Domain shared-files.rf.gd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"shared-files.rf.gd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])shared\-files\.rf\.gd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26116;) alert ip 43.156.39.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.39.45"; classtype:trojan-activity; sid:37196811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 47.243.249.141 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.243.249.141"; classtype:trojan-activity; sid:37196821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 190.129.122.81 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.129.122.81"; classtype:trojan-activity; sid:37196831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 34.120.160.131 any -> $HOME_NET any (msg: "MISP e26117 [] Incoming From IP: 34.120.160.131"; classtype:trojan-activity; sid:37131391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert ip 160.20.147.67 any -> $HOME_NET any (msg: "MISP e26117 [] Incoming From IP: 160.20.147.67"; classtype:trojan-activity; sid:37131401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain hello-chat-c47ad-default-rtdb.firebaseio.com"; dns.query; content:"hello-chat-c47ad-default-rtdb.firebaseio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hello\-chat\-c47ad\-default\-rtdb\.firebaseio\.com$/i"; classtype:trojan-activity; sid:37131411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain hello-chat-c47ad-default-rtdb.firebaseio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hello-chat-c47ad-default-rtdb.firebaseio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hello\-chat\-c47ad\-default\-rtdb\.firebaseio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131412; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain chit-chat-e9053-default-rtdb.firebaseio.com"; dns.query; content:"chit-chat-e9053-default-rtdb.firebaseio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])chit\-chat\-e9053\-default\-rtdb\.firebaseio\.com$/i"; classtype:trojan-activity; sid:37131421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain chit-chat-e9053-default-rtdb.firebaseio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chit-chat-e9053-default-rtdb.firebaseio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chit\-chat\-e9053\-default\-rtdb\.firebaseio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131422; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain meetme-abc03-default-rtdb.firebaseio.com"; dns.query; content:"meetme-abc03-default-rtdb.firebaseio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])meetme\-abc03\-default\-rtdb\.firebaseio\.com$/i"; classtype:trojan-activity; sid:37131431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain meetme-abc03-default-rtdb.firebaseio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"meetme-abc03-default-rtdb.firebaseio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])meetme\-abc03\-default\-rtdb\.firebaseio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131432; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain chatapp-6b96e-default-rtdb.firebaseio.com"; dns.query; content:"chatapp-6b96e-default-rtdb.firebaseio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])chatapp\-6b96e\-default\-rtdb\.firebaseio\.com$/i"; classtype:trojan-activity; sid:37131441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain chatapp-6b96e-default-rtdb.firebaseio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chatapp-6b96e-default-rtdb.firebaseio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chatapp\-6b96e\-default\-rtdb\.firebaseio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain tiktalk-2fc98-default-rtdb.firebaseio.com"; dns.query; content:"tiktalk-2fc98-default-rtdb.firebaseio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiktalk\-2fc98\-default\-rtdb\.firebaseio\.com$/i"; classtype:trojan-activity; sid:37131451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain tiktalk-2fc98-default-rtdb.firebaseio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiktalk-2fc98-default-rtdb.firebaseio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiktalk\-2fc98\-default\-rtdb\.firebaseio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131452; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain wave-chat-e52fe-default-rtdb.firebaseio.com"; dns.query; content:"wave-chat-e52fe-default-rtdb.firebaseio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wave\-chat\-e52fe\-default\-rtdb\.firebaseio\.com$/i"; classtype:trojan-activity; sid:37131461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain wave-chat-e52fe-default-rtdb.firebaseio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wave-chat-e52fe-default-rtdb.firebaseio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wave\-chat\-e52fe\-default\-rtdb\.firebaseio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131462; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain privchat-6cc58-default-rtdb.firebaseio.com"; dns.query; content:"privchat-6cc58-default-rtdb.firebaseio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])privchat\-6cc58\-default\-rtdb\.firebaseio\.com$/i"; classtype:trojan-activity; sid:37131471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain privchat-6cc58-default-rtdb.firebaseio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"privchat-6cc58-default-rtdb.firebaseio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])privchat\-6cc58\-default\-rtdb\.firebaseio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain glowchat-33103-default-rtdb.firebaseio.com"; dns.query; content:"glowchat-33103-default-rtdb.firebaseio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])glowchat\-33103\-default\-rtdb\.firebaseio\.com$/i"; classtype:trojan-activity; sid:37131481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain glowchat-33103-default-rtdb.firebaseio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"glowchat-33103-default-rtdb.firebaseio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])glowchat\-33103\-default\-rtdb\.firebaseio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131482; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain letschat-5d5e3-default-rtdb.firebaseio.com"; dns.query; content:"letschat-5d5e3-default-rtdb.firebaseio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])letschat\-5d5e3\-default\-rtdb\.firebaseio\.com$/i"; classtype:trojan-activity; sid:37131491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain letschat-5d5e3-default-rtdb.firebaseio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"letschat-5d5e3-default-rtdb.firebaseio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])letschat\-5d5e3\-default\-rtdb\.firebaseio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131492; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain quick-chat-1d242-default-rtdb.firebaseio.com"; dns.query; content:"quick-chat-1d242-default-rtdb.firebaseio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])quick\-chat\-1d242\-default\-rtdb\.firebaseio\.com$/i"; classtype:trojan-activity; sid:37131501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain quick-chat-1d242-default-rtdb.firebaseio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"quick-chat-1d242-default-rtdb.firebaseio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])quick\-chat\-1d242\-default\-rtdb\.firebaseio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131502; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain yooho-c3345-default-rtdb.firebaseio.com"; dns.query; content:"yooho-c3345-default-rtdb.firebaseio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])yooho\-c3345\-default\-rtdb\.firebaseio\.com$/i"; classtype:trojan-activity; sid:37131511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain yooho-c3345-default-rtdb.firebaseio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yooho-c3345-default-rtdb.firebaseio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yooho\-c3345\-default\-rtdb\.firebaseio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert dns any any -> any any (msg: "MISP e26117 [] Domain rafaqat-d131f-default-rtdb.asia-southeast1.firebasedatabase.app"; dns.query; content:"rafaqat-d131f-default-rtdb.asia-southeast1.firebasedatabase.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])rafaqat\-d131f\-default\-rtdb\.asia\-southeast1\.firebasedatabase\.app$/i"; classtype:trojan-activity; sid:37131521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26117 [] Outgoing HTTP Domain rafaqat-d131f-default-rtdb.asia-southeast1.firebasedatabase.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rafaqat-d131f-default-rtdb.asia-southeast1.firebasedatabase.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rafaqat\-d131f\-default\-rtdb\.asia\-southeast1\.firebasedatabase\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131522; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26117;) alert ip 210.91.73.167 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.91.73.167"; classtype:trojan-activity; sid:37196841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.125.29.65 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.125.29.65"; classtype:trojan-activity; sid:37196851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 198.244.174.214 any -> $HOME_NET any (msg: "MISP e26118 [] Incoming From IP: 198.244.174.214"; classtype:trojan-activity; sid:37131701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26118;) alert dns any any -> any any (msg: "MISP e26118 [] Domain idowall.com"; dns.query; content:"idowall.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])idowall\.com$/i"; classtype:trojan-activity; sid:37131711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26118;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26118 [] Outgoing HTTP Domain idowall.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"idowall.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])idowall\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26118;) alert ip 24.199.98.128 any -> $HOME_NET any (msg: "MISP e26119 [] Incoming From IP: 24.199.98.128"; classtype:trojan-activity; sid:37131731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26119;) alert dns any any -> any any (msg: "MISP e26119 [] Domain plinqok.com"; dns.query; content:"plinqok.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])plinqok\.com$/i"; classtype:trojan-activity; sid:37131741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26119;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26119 [] Outgoing HTTP Domain plinqok.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"plinqok.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])plinqok\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26119;) alert dns any any -> any any (msg: "MISP e26119 [] Domain trilivok.com"; dns.query; content:"trilivok.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])trilivok\.com$/i"; classtype:trojan-activity; sid:37131751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26119;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26119 [] Outgoing HTTP Domain trilivok.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trilivok.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trilivok\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26119;) alert dns any any -> any any (msg: "MISP e26119 [] Domain xalticainvest.com"; dns.query; content:"xalticainvest.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])xalticainvest\.com$/i"; classtype:trojan-activity; sid:37131761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26119;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26119 [] Outgoing HTTP Domain xalticainvest.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xalticainvest.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xalticainvest\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26119;) alert dns any any -> any any (msg: "MISP e26119 [] Domain moscovatech.com"; dns.query; content:"moscovatech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])moscovatech\.com$/i"; classtype:trojan-activity; sid:37131771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26119;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26119 [] Outgoing HTTP Domain moscovatech.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moscovatech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moscovatech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26119;) alert ip 61.240.156.16 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.240.156.16"; classtype:trojan-activity; sid:37196861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.101.152 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.152"; classtype:trojan-activity; sid:37196871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.12.173.43 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.173.43"; classtype:trojan-activity; sid:37196881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.138.68.207 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.138.68.207"; classtype:trojan-activity; sid:37196891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.129.61.9 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.129.61.9"; classtype:trojan-activity; sid:37196901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26119 [] Outgoing URL http|3a|//trilivok.com/4g3031ar0/cb6y1dh/it.php"; flow:to_server,established; http.header; content:"trilivok.com"; fast_pattern; nocase; http.uri; content:"/4g3031ar0/cb6y1dh/it.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37131781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26119;) alert ip 192.42.116.27 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.42.116.27"; classtype:trojan-activity; sid:37196911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.141.215.111 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.141.215.111"; classtype:trojan-activity; sid:37196921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.154.32.14 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.154.32.14"; classtype:trojan-activity; sid:37196931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 147.182.228.41 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.182.228.41"; classtype:trojan-activity; sid:37196941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.129.26.14 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.26.14"; classtype:trojan-activity; sid:37196951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.101.160.198 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.101.160.198"; classtype:trojan-activity; sid:37196961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert dns any any -> any any (msg: "MISP e26120 [] Domain outlook-web.ddns.net"; dns.query; content:"outlook-web.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])outlook\-web\.ddns\.net$/i"; classtype:trojan-activity; sid:37131881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26120;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26120 [] Outgoing HTTP Domain outlook-web.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"outlook-web.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])outlook\-web\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26120;) alert ip 134.175.223.67 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.175.223.67"; classtype:trojan-activity; sid:37196971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.6.232.78 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.6.232.78"; classtype:trojan-activity; sid:37196981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.42.157.74 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.157.74"; classtype:trojan-activity; sid:37196991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 116.98.164.207 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.98.164.207"; classtype:trojan-activity; sid:37197001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.249.84.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.249.84.71"; classtype:trojan-activity; sid:37197011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 205.185.127.188 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.185.127.188"; classtype:trojan-activity; sid:37197021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 138.197.159.23 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.159.23"; classtype:trojan-activity; sid:37197031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 223.15.246.49 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.15.246.49"; classtype:trojan-activity; sid:37197041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 167.99.64.114 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.64.114"; classtype:trojan-activity; sid:37197051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.156.247.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.156.247.54"; classtype:trojan-activity; sid:37197061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.42.143.12 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.143.12"; classtype:trojan-activity; sid:37197071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.123.237.230 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.123.237.230"; classtype:trojan-activity; sid:37197081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.1.109 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.1.109"; classtype:trojan-activity; sid:37197091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 123.127.222.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.127.222.18"; classtype:trojan-activity; sid:37197101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.195.150.246 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.150.246"; classtype:trojan-activity; sid:37197111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.89.62.112 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.62.112"; classtype:trojan-activity; sid:37197121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 152.32.243.231 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.243.231"; classtype:trojan-activity; sid:37197131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 186.248.197.77 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.248.197.77"; classtype:trojan-activity; sid:37197141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 212.69.48.120 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.69.48.120"; classtype:trojan-activity; sid:37197151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.89.58.133 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.58.133"; classtype:trojan-activity; sid:37197161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 77.105.146.115 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.105.146.115"; classtype:trojan-activity; sid:37197171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.255.83 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.255.83"; classtype:trojan-activity; sid:37197181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.129.138.167 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.129.138.167"; classtype:trojan-activity; sid:37197191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.51.217 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.51.217"; classtype:trojan-activity; sid:37197201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 47.113.224.191 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.113.224.191"; classtype:trojan-activity; sid:37197211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.159.52.64 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.159.52.64"; classtype:trojan-activity; sid:37197221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 162.14.102.43 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.102.43"; classtype:trojan-activity; sid:37197231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 151.80.56.52 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.80.56.52"; classtype:trojan-activity; sid:37197241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 183.31.66.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.31.66.158"; classtype:trojan-activity; sid:37197251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 193.112.178.84 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.112.178.84"; classtype:trojan-activity; sid:37197261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.55.66.66 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.55.66.66"; classtype:trojan-activity; sid:37197271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 206.189.32.56 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.32.56"; classtype:trojan-activity; sid:37197281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.28.233.74 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.233.74"; classtype:trojan-activity; sid:37197291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.58.179.130 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.179.130"; classtype:trojan-activity; sid:37197301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 46.17.105.247 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.17.105.247"; classtype:trojan-activity; sid:37197311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.100.211.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.100.211.212"; classtype:trojan-activity; sid:37197321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 116.198.196.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.198.196.3"; classtype:trojan-activity; sid:37197331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.189.146.102 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.189.146.102"; classtype:trojan-activity; sid:37197341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.198.191 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.198.191"; classtype:trojan-activity; sid:37197351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 137.184.230.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.230.3"; classtype:trojan-activity; sid:37197361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.136.168.125 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.168.125"; classtype:trojan-activity; sid:37197371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.153.10.208 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.10.208"; classtype:trojan-activity; sid:37197381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.157.87.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.157.87.15"; classtype:trojan-activity; sid:37197391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.194.12 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.194.12"; classtype:trojan-activity; sid:37197401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.193.96 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.193.96"; classtype:trojan-activity; sid:37197411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.212.81.227 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.212.81.227"; classtype:trojan-activity; sid:37197421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.202.236.60 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.202.236.60"; classtype:trojan-activity; sid:37197431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.195.163.59 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.163.59"; classtype:trojan-activity; sid:37197441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 187.74.43.32 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.74.43.32"; classtype:trojan-activity; sid:37197451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.133.2.33 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.133.2.33"; classtype:trojan-activity; sid:37197461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.55.64.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.55.64.140"; classtype:trojan-activity; sid:37197471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.13.188.57 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.13.188.57"; classtype:trojan-activity; sid:37197481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.13.4.80 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.13.4.80"; classtype:trojan-activity; sid:37197491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.136.73.252 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.73.252"; classtype:trojan-activity; sid:37197501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.48.95.10 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.95.10"; classtype:trojan-activity; sid:37197511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.232.24.39 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.24.39"; classtype:trojan-activity; sid:37197521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.35.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.35.15"; classtype:trojan-activity; sid:37197531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.11.91 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.11.91"; classtype:trojan-activity; sid:37197541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.25.42.26 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.42.26"; classtype:trojan-activity; sid:37197551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.133.44.202 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.133.44.202"; classtype:trojan-activity; sid:37197561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert http $HOME_NET any -> 139.180.137.107 9932 (msg: "MISP e26121 [] Outgoing URL http|3a|//139.180.137.107|3a|9932/shell3.exe"; flow:to_server,established; http.header; content:"139.180.137.107"; fast_pattern; nocase; http.uri; content:"/shell3.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37131941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> 139.84.130.232 8080 (msg: "MISP e26121 [] Outgoing URL http|3a|//139.84.130.232|3a|8080/CcrN3QqWOeRx"; flow:to_server,established; http.header; content:"139.84.130.232"; fast_pattern; nocase; http.uri; content:"/CcrN3QqWOeRx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37131951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> 139.84.130.232 8080 (msg: "MISP e26121 [] Outgoing URL http|3a|//139.84.130.232|3a|8080/CcrN3QqWOeRx/KAGctYUci"; flow:to_server,established; http.header; content:"139.84.130.232"; fast_pattern; nocase; http.uri; content:"/CcrN3QqWOeRx/KAGctYUci"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37131961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> 139.84.130.232 8080 (msg: "MISP e26121 [] Outgoing URL http|3a|//139.84.130.232|3a|8080/CcrN3QqWOeRx/iDDHJOuzw/1"; flow:to_server,established; http.header; content:"139.84.130.232"; fast_pattern; nocase; http.uri; content:"/CcrN3QqWOeRx/iDDHJOuzw/1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37131971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert ip 222.70.174.50 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.70.174.50"; classtype:trojan-activity; sid:37197571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 80.67.172.162 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.67.172.162"; classtype:trojan-activity; sid:37197581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert dns any any -> any any (msg: "MISP e26121 [] Domain admin.cloudnetsofe.com"; dns.query; content:"admin.cloudnetsofe.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])admin\.cloudnetsofe\.com$/i"; classtype:trojan-activity; sid:37131981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26121 [] Outgoing HTTP Domain admin.cloudnetsofe.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"admin.cloudnetsofe.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])admin\.cloudnetsofe\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert dns any any -> any any (msg: "MISP e26121 [] Domain recruit.iimjobs.asia"; dns.query; content:"recruit.iimjobs.asia"; nocase; pcre: "/(^|[^A-Za-z0-9-])recruit\.iimjobs\.asia$/i"; classtype:trojan-activity; sid:37131991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26121 [] Outgoing HTTP Domain recruit.iimjobs.asia"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"recruit.iimjobs.asia"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])recruit\.iimjobs\.asia[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37131992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert dns any any -> any any (msg: "MISP e26121 [] Domain recruiter.foundit.asia"; dns.query; content:"recruiter.foundit.asia"; nocase; pcre: "/(^|[^A-Za-z0-9-])recruiter\.foundit\.asia$/i"; classtype:trojan-activity; sid:37132001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26121 [] Outgoing HTTP Domain recruiter.foundit.asia"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"recruiter.foundit.asia"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])recruiter\.foundit\.asia[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert dns any any -> any any (msg: "MISP e26121 [] Domain 1.me"; dns.query; content:"1.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])1\.me$/i"; classtype:trojan-activity; sid:37132011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26121 [] Outgoing HTTP Domain 1.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"1.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])1\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert dns any any -> any any (msg: "MISP e26121 [] Domain 7o.ae"; dns.query; content:"7o.ae"; nocase; pcre: "/(^|[^A-Za-z0-9-])7o\.ae$/i"; classtype:trojan-activity; sid:37132021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26121 [] Outgoing HTTP Domain 7o.ae"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"7o.ae"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])7o\.ae[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert dns any any -> any any (msg: "MISP e26121 [] Domain 8r.ae"; dns.query; content:"8r.ae"; nocase; pcre: "/(^|[^A-Za-z0-9-])8r\.ae$/i"; classtype:trojan-activity; sid:37132031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26121 [] Outgoing HTTP Domain 8r.ae"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"8r.ae"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])8r\.ae[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132032; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert dns any any -> any any (msg: "MISP e26121 [] Domain 8t.ae"; dns.query; content:"8t.ae"; nocase; pcre: "/(^|[^A-Za-z0-9-])8t\.ae$/i"; classtype:trojan-activity; sid:37132041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26121 [] Outgoing HTTP Domain 8t.ae"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"8t.ae"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])8t\.ae[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132042; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert dns any any -> any any (msg: "MISP e26121 [] Domain 9gp.cc"; dns.query; content:"9gp.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])9gp\.cc$/i"; classtype:trojan-activity; sid:37132051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26121 [] Outgoing HTTP Domain 9gp.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"9gp.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])9gp\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132052; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert dns any any -> any any (msg: "MISP e26121 [] Domain qu3.cc"; dns.query; content:"qu3.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])qu3\.cc$/i"; classtype:trojan-activity; sid:37132061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26121 [] Outgoing HTTP Domain qu3.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qu3.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qu3\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132062; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert dns any any -> any any (msg: "MISP e26121 [] Domain sb8.co"; dns.query; content:"sb8.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])sb8\.co$/i"; classtype:trojan-activity; sid:37132071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26121 [] Outgoing HTTP Domain sb8.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sb8.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sb8\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert ip 43.134.169.238 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.169.238"; classtype:trojan-activity; sid:37197591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.199.155.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.199.155.35"; classtype:trojan-activity; sid:37197601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.180.137.107 any -> $HOME_NET any (msg: "MISP e26121 [] Incoming From IP: 139.180.137.107"; classtype:trojan-activity; sid:37132081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert ip 139.84.130.232 any -> $HOME_NET any (msg: "MISP e26121 [] Incoming From IP: 139.84.130.232"; classtype:trojan-activity; sid:37132091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert ip 139.84.168.189 any -> $HOME_NET any (msg: "MISP e26121 [] Incoming From IP: 139.84.168.189"; classtype:trojan-activity; sid:37132101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert ip 139.84.62.151 any -> $HOME_NET any (msg: "MISP e26121 [] Incoming From IP: 139.84.62.151"; classtype:trojan-activity; sid:37132111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert ip 173.199.122.65 any -> $HOME_NET any (msg: "MISP e26121 [] Incoming From IP: 173.199.122.65"; classtype:trojan-activity; sid:37132121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26121;) alert ip 182.229.10.141 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.229.10.141"; classtype:trojan-activity; sid:37197611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.232.252.127 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.252.127"; classtype:trojan-activity; sid:37197621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 68.183.10.68 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.10.68"; classtype:trojan-activity; sid:37197631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.151.59 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.151.59"; classtype:trojan-activity; sid:37197641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.126.64 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.126.64"; classtype:trojan-activity; sid:37197651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 123.206.127.168 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.206.127.168"; classtype:trojan-activity; sid:37197661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 23.129.64.224 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.224"; classtype:trojan-activity; sid:37197671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.165.36.178 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.165.36.178"; classtype:trojan-activity; sid:37197681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 188.166.241.172 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.241.172"; classtype:trojan-activity; sid:37197691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.50.184 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.184"; classtype:trojan-activity; sid:37197701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.226.244 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.226.244"; classtype:trojan-activity; sid:37197711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.176.52.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.176.52.13"; classtype:trojan-activity; sid:37197721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 157.230.15.197 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.15.197"; classtype:trojan-activity; sid:37197731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.35.228.53 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.228.53"; classtype:trojan-activity; sid:37197741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 112.168.208.76 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.168.208.76"; classtype:trojan-activity; sid:37197751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.156.150.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.150.54"; classtype:trojan-activity; sid:37197761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 192.144.238.234 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.144.238.234"; classtype:trojan-activity; sid:37197771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.29.156.147 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.156.147"; classtype:trojan-activity; sid:37197781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.194.141.48 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.141.48"; classtype:trojan-activity; sid:37197791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert dns any any -> any any (msg: "MISP e26168 [] Domain peces.duckdns.org"; dns.query; content:"peces.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])peces\.duckdns\.org$/i"; classtype:trojan-activity; sid:37204781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain peces.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"peces.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])peces\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip 49.77.228.119 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.77.228.119"; classtype:trojan-activity; sid:37197801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.101.88.224 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.224"; classtype:trojan-activity; sid:37197811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.122.177 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.122.177"; classtype:trojan-activity; sid:37197821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 211.159.166.210 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.159.166.210"; classtype:trojan-activity; sid:37197831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.100.87.41 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.100.87.41"; classtype:trojan-activity; sid:37197841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.143.73.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.73.71"; classtype:trojan-activity; sid:37197851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 109.123.239.236 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.123.239.236"; classtype:trojan-activity; sid:37197861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 34.92.198.176 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.92.198.176"; classtype:trojan-activity; sid:37197871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.72.188.132 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.72.188.132"; classtype:trojan-activity; sid:37197881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.40.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.40.15"; classtype:trojan-activity; sid:37197891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 47.116.213.122 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.116.213.122"; classtype:trojan-activity; sid:37197901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 152.136.170.24 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.170.24"; classtype:trojan-activity; sid:37197911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 149.56.44.47 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.56.44.47"; classtype:trojan-activity; sid:37197921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 202.29.232.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.29.232.18"; classtype:trojan-activity; sid:37197931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.15.158.60 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.15.158.60"; classtype:trojan-activity; sid:37197941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.103.227.136 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.103.227.136"; classtype:trojan-activity; sid:37197951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 167.71.208.60 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.208.60"; classtype:trojan-activity; sid:37197961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 192.71.151.121 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.71.151.121"; classtype:trojan-activity; sid:37197971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.157.249.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.249.30"; classtype:trojan-activity; sid:37197981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.138.90.107 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.138.90.107"; classtype:trojan-activity; sid:37197991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 146.190.237.28 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.237.28"; classtype:trojan-activity; sid:37198001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.42.19.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.19.45"; classtype:trojan-activity; sid:37198011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.135.173.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.173.15"; classtype:trojan-activity; sid:37198021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.156.2.250 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.156.2.250"; classtype:trojan-activity; sid:37198031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.177.43.138 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.177.43.138"; classtype:trojan-activity; sid:37198041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 97.86.116.231 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 97.86.116.231"; classtype:trojan-activity; sid:37198051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.154.14.47 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.154.14.47"; classtype:trojan-activity; sid:37198061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.227.245.17 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.245.17"; classtype:trojan-activity; sid:37198071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.27.88.61 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.27.88.61"; classtype:trojan-activity; sid:37198081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.50.165.23 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.165.23"; classtype:trojan-activity; sid:37198091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.68.121.194 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.121.194"; classtype:trojan-activity; sid:37198101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 58.87.105.116 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.87.105.116"; classtype:trojan-activity; sid:37198111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 211.23.131.134 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.23.131.134"; classtype:trojan-activity; sid:37198121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 115.159.212.239 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.212.239"; classtype:trojan-activity; sid:37198131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.106.104.91 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.106.104.91"; classtype:trojan-activity; sid:37198141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.42.51.73 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.51.73"; classtype:trojan-activity; sid:37198151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.184.44.169 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.184.44.169"; classtype:trojan-activity; sid:37198161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.40.158.117 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.158.117"; classtype:trojan-activity; sid:37198171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.124.196.184 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.124.196.184"; classtype:trojan-activity; sid:37198181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.55.99.107 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.99.107"; classtype:trojan-activity; sid:37198191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.221.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.221.126"; classtype:trojan-activity; sid:37198201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.193.140.169 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.140.169"; classtype:trojan-activity; sid:37198211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.2.44 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.2.44"; classtype:trojan-activity; sid:37198221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.192.223.167 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.223.167"; classtype:trojan-activity; sid:37198231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.143.127 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.143.127"; classtype:trojan-activity; sid:37198241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 107.175.219.213 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.175.219.213"; classtype:trojan-activity; sid:37198251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.222.210.115 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.222.210.115"; classtype:trojan-activity; sid:37198261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 186.103.164.244 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.103.164.244"; classtype:trojan-activity; sid:37198271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 40.81.27.158 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 40.81.27.158"; classtype:trojan-activity; sid:37198281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 61.231.69.41 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.231.69.41"; classtype:trojan-activity; sid:37198291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.54.208.38 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.208.38"; classtype:trojan-activity; sid:37198301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.107.173.221 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.107.173.221"; classtype:trojan-activity; sid:37198311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.109.183.93 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.109.183.93"; classtype:trojan-activity; sid:37198321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.146.158.118 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.146.158.118"; classtype:trojan-activity; sid:37198331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 211.194.83.173 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.194.83.173"; classtype:trojan-activity; sid:37198341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.14.20.119 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.20.119"; classtype:trojan-activity; sid:37198351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.232.245.34 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.245.34"; classtype:trojan-activity; sid:37198361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.229.144.86 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.144.86"; classtype:trojan-activity; sid:37198371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.167.145 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.167.145"; classtype:trojan-activity; sid:37198381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 46.101.3.129 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.3.129"; classtype:trojan-activity; sid:37198391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.55.104.29 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.104.29"; classtype:trojan-activity; sid:37198401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.34.56.43 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.56.43"; classtype:trojan-activity; sid:37198411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.49.125 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.125"; classtype:trojan-activity; sid:37198421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 23.129.64.138 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.138"; classtype:trojan-activity; sid:37198431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 223.247.150.123 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.247.150.123"; classtype:trojan-activity; sid:37198441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.189.146.155 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.189.146.155"; classtype:trojan-activity; sid:37198451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.200.142 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.200.142"; classtype:trojan-activity; sid:37198461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.40.132.227 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.132.227"; classtype:trojan-activity; sid:37198471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.227.165.179 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.165.179"; classtype:trojan-activity; sid:37198481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.178.3.60 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.178.3.60"; classtype:trojan-activity; sid:37198491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.40.141.21 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.141.21"; classtype:trojan-activity; sid:37198501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 84.239.46.144 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.239.46.144"; classtype:trojan-activity; sid:37198511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 137.184.90.157 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.90.157"; classtype:trojan-activity; sid:37198521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.227.152.171 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.227.152.171"; classtype:trojan-activity; sid:37198531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 51.105.50.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.105.50.140"; classtype:trojan-activity; sid:37198541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.22.214.99 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.214.99"; classtype:trojan-activity; sid:37198551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 108.172.13.164 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.172.13.164"; classtype:trojan-activity; sid:37198561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.126.4.240 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.4.240"; classtype:trojan-activity; sid:37198571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.70.55.204 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.55.204"; classtype:trojan-activity; sid:37198581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.40.155.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.155.71"; classtype:trojan-activity; sid:37198591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.117.147.119 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.147.119"; classtype:trojan-activity; sid:37198601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.24.89.180 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.24.89.180"; classtype:trojan-activity; sid:37198611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.75.146.136 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.146.136"; classtype:trojan-activity; sid:37198621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 38.7.207.242 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.207.242"; classtype:trojan-activity; sid:37198631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.249.184.145 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.249.184.145"; classtype:trojan-activity; sid:37198641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.95.25.178 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.25.178"; classtype:trojan-activity; sid:37198651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.50.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.3"; classtype:trojan-activity; sid:37198661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.156.179.204 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.179.204"; classtype:trojan-activity; sid:37198671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.129.41.228 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.41.228"; classtype:trojan-activity; sid:37198681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 61.140.25.4 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.140.25.4"; classtype:trojan-activity; sid:37198691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.34.57.170 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.57.170"; classtype:trojan-activity; sid:37198701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 179.43.159.201 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.43.159.201"; classtype:trojan-activity; sid:37198711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.79.230.66 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.79.230.66"; classtype:trojan-activity; sid:37198721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.70.59.181 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.59.181"; classtype:trojan-activity; sid:37198731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 216.189.159.197 any -> $HOME_NET any (msg: "MISP e26122 [] Incoming From IP: 216.189.159.197"; classtype:trojan-activity; sid:37132141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert ip 81.69.255.132 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.255.132"; classtype:trojan-activity; sid:37198741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert dns any any -> any any (msg: "MISP e26122 [] Domain ai.kostin.p-e.kr"; dns.query; content:"ai.kostin.p-e.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-])ai\.kostin\.p\-e\.kr$/i"; classtype:trojan-activity; sid:37132151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26122 [] Outgoing HTTP Domain ai.kostin.p-e.kr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ai.kostin.p-e.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ai\.kostin\.p\-e\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132152; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert dns any any -> any any (msg: "MISP e26122 [] Domain ar.kostin.p-e.kr"; dns.query; content:"ar.kostin.p-e.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-])ar\.kostin\.p\-e\.kr$/i"; classtype:trojan-activity; sid:37132161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26122 [] Outgoing HTTP Domain ar.kostin.p-e.kr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ar.kostin.p-e.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ar\.kostin\.p\-e\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132162; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert dns any any -> any any (msg: "MISP e26122 [] Domain ai.negapa.p-e.kr"; dns.query; content:"ai.negapa.p-e.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-])ai\.negapa\.p\-e\.kr$/i"; classtype:trojan-activity; sid:37132171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26122 [] Outgoing HTTP Domain ai.negapa.p-e.kr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ai.negapa.p-e.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ai\.negapa\.p\-e\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132172; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert dns any any -> any any (msg: "MISP e26122 [] Domain ol.negapa.p-e.kr"; dns.query; content:"ol.negapa.p-e.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-])ol\.negapa\.p\-e\.kr$/i"; classtype:trojan-activity; sid:37132181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26122 [] Outgoing HTTP Domain ol.negapa.p-e.kr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ol.negapa.p-e.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ol\.negapa\.p\-e\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert dns any any -> any any (msg: "MISP e26122 [] Domain ai.limsjo.p-e.kr"; dns.query; content:"ai.limsjo.p-e.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-])ai\.limsjo\.p\-e\.kr$/i"; classtype:trojan-activity; sid:37132191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26122 [] Outgoing HTTP Domain ai.limsjo.p-e.kr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ai.limsjo.p-e.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ai\.limsjo\.p\-e\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132192; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert dns any any -> any any (msg: "MISP e26122 [] Domain qi.limsjo.p-e.kr"; dns.query; content:"qi.limsjo.p-e.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-])qi\.limsjo\.p\-e\.kr$/i"; classtype:trojan-activity; sid:37132201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26122 [] Outgoing HTTP Domain qi.limsjo.p-e.kr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qi.limsjo.p-e.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qi\.limsjo\.p\-e\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132202; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert ip 49.51.206.48 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.206.48"; classtype:trojan-activity; sid:37198751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.228.236.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.228.236.13"; classtype:trojan-activity; sid:37198761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26122 [] Outgoing URL http|3a|//ai.kostin.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.kostin.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26122 [] Outgoing URL http|3a|//ar.kostin.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ar.kostin.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26122 [] Outgoing URL http|3a|//ai.negapa.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.negapa.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26122 [] Outgoing URL http|3a|//ol.negapa.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ol.negapa.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26122 [] Outgoing URL http|3a|//ai.limsjo.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.limsjo.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26122 [] Outgoing URL http|3a|//qi.limsjo.p-e.kr/index.php"; flow:to_server,established; http.header; content:"qi.limsjo.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26122 [] Outgoing URL http|3a|//coolsystem.co.kr/admin/mail/index.php"; flow:to_server,established; http.header; content:"coolsystem.co.kr"; fast_pattern; nocase; http.uri; content:"/admin/mail/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26122;) alert ip 101.34.91.196 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.91.196"; classtype:trojan-activity; sid:37198771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.200.35.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.200.35.45"; classtype:trojan-activity; sid:37198781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 172.105.194.114 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.105.194.114"; classtype:trojan-activity; sid:37198791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 123.160.165.99 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.160.165.99"; classtype:trojan-activity; sid:37198801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.140.251.234 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.251.234"; classtype:trojan-activity; sid:37198811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 194.169.175.232 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.169.175.232"; classtype:trojan-activity; sid:37198821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.45.168.10 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.168.10"; classtype:trojan-activity; sid:37198831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.18.107.19 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.18.107.19"; classtype:trojan-activity; sid:37198841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.12.159.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.159.126"; classtype:trojan-activity; sid:37198851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 47.113.189.101 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.113.189.101"; classtype:trojan-activity; sid:37198861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.70.133.50 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.133.50"; classtype:trojan-activity; sid:37198871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 219.152.54.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.152.54.105"; classtype:trojan-activity; sid:37198881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 141.148.151.8 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.148.151.8"; classtype:trojan-activity; sid:37198891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.244.78.162 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.244.78.162"; classtype:trojan-activity; sid:37198901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 51.89.254.170 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.89.254.170"; classtype:trojan-activity; sid:37198911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.231.53 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.231.53"; classtype:trojan-activity; sid:37198921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 194.87.227.180 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.87.227.180"; classtype:trojan-activity; sid:37198931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 194.163.134.4 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.163.134.4"; classtype:trojan-activity; sid:37198941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 89.184.80.5 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.184.80.5"; classtype:trojan-activity; sid:37198951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.103.36.128 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.36.128"; classtype:trojan-activity; sid:37198961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.235.67.210 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.67.210"; classtype:trojan-activity; sid:37198971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.129.180.62 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.180.62"; classtype:trojan-activity; sid:37198981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.193.122.216 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.122.216"; classtype:trojan-activity; sid:37198991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 201.244.246.81 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.244.246.81"; classtype:trojan-activity; sid:37199001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 141.98.7.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.7.3"; classtype:trojan-activity; sid:37199011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 8.134.85.41 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.134.85.41"; classtype:trojan-activity; sid:37199021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 159.75.146.186 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.146.186"; classtype:trojan-activity; sid:37199031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip $HOME_NET any -> 185.119.118.59 8080 (msg: "MISP e26075 [WhiteSnake Stealer] Outgoing To IP: 185.119.118.59|8080"; classtype:trojan-activity; sid:37124171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip 89.58.60.55 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.58.60.55"; classtype:trojan-activity; sid:37199041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.156.228.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.228.30"; classtype:trojan-activity; sid:37199051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.32.148.17 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.32.148.17"; classtype:trojan-activity; sid:37199061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 13.76.162.49 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.76.162.49"; classtype:trojan-activity; sid:37199071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.59.12.97 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.12.97"; classtype:trojan-activity; sid:37199081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 156.255.3.242 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.255.3.242"; classtype:trojan-activity; sid:37199091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.132.198.94 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.198.94"; classtype:trojan-activity; sid:37199101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.133.108 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.133.108"; classtype:trojan-activity; sid:37199111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.135.172.127 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.172.127"; classtype:trojan-activity; sid:37199121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 91.232.247.85 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.232.247.85"; classtype:trojan-activity; sid:37199131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.96.159.237 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.159.237"; classtype:trojan-activity; sid:37199141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.59.235.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.235.139"; classtype:trojan-activity; sid:37199151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 94.181.191.53 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.181.191.53"; classtype:trojan-activity; sid:37199161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.254.222.108 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.254.222.108"; classtype:trojan-activity; sid:37199171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 152.249.213.248 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.249.213.248"; classtype:trojan-activity; sid:37199181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.207.218 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.207.218"; classtype:trojan-activity; sid:37199191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.192.83.197 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.83.197"; classtype:trojan-activity; sid:37199201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.82.196.250 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.82.196.250"; classtype:trojan-activity; sid:37199211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 186.210.213.172 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.210.213.172"; classtype:trojan-activity; sid:37199221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.170.168 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.170.168"; classtype:trojan-activity; sid:37199231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.157.236.103 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.236.103"; classtype:trojan-activity; sid:37199241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.195.107 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.195.107"; classtype:trojan-activity; sid:37199251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 178.128.84.59 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.84.59"; classtype:trojan-activity; sid:37199261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.34.71.28 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.34.71.28"; classtype:trojan-activity; sid:37199271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.6.232.39 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.6.232.39"; classtype:trojan-activity; sid:37199281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 162.14.111.10 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.111.10"; classtype:trojan-activity; sid:37199291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.35.53.58 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.53.58"; classtype:trojan-activity; sid:37199301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 222.252.21.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.252.21.30"; classtype:trojan-activity; sid:37199311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.156.146.138 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.146.138"; classtype:trojan-activity; sid:37199321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.234.160.249 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.160.249"; classtype:trojan-activity; sid:37199331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.103.124.67 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.103.124.67"; classtype:trojan-activity; sid:37199341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.42.217.223 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.217.223"; classtype:trojan-activity; sid:37199351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.128.24.185 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.24.185"; classtype:trojan-activity; sid:37199361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.137.42.43 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.137.42.43"; classtype:trojan-activity; sid:37199371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.134.65.205 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.134.65.205"; classtype:trojan-activity; sid:37199381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.29.237.11 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.237.11"; classtype:trojan-activity; sid:37199391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 211.72.129.211 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.72.129.211"; classtype:trojan-activity; sid:37199401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.6.146.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.146.212"; classtype:trojan-activity; sid:37199411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.70.186.78 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.186.78"; classtype:trojan-activity; sid:37199421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.41.100 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.41.100"; classtype:trojan-activity; sid:37199431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.125.127.89 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.125.127.89"; classtype:trojan-activity; sid:37199441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.15.140.235 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.15.140.235"; classtype:trojan-activity; sid:37199451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.140.162 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.140.162"; classtype:trojan-activity; sid:37199461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.117.173.140 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.117.173.140"; classtype:trojan-activity; sid:37199471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 207.231.111.40 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.231.111.40"; classtype:trojan-activity; sid:37199481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.214.211 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.214.211"; classtype:trojan-activity; sid:37199491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.59.174 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.59.174"; classtype:trojan-activity; sid:37199501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.238.232.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.238.232.30"; classtype:trojan-activity; sid:37199511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 149.78.186.171 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.78.186.171"; classtype:trojan-activity; sid:37199521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.124.180 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.124.180"; classtype:trojan-activity; sid:37199531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 47.180.114.229 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.180.114.229"; classtype:trojan-activity; sid:37199541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.12.251.165 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.251.165"; classtype:trojan-activity; sid:37199551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 187.170.66.76 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.170.66.76"; classtype:trojan-activity; sid:37199561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.68.110.60 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.110.60"; classtype:trojan-activity; sid:37199571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.190.106.236 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.190.106.236"; classtype:trojan-activity; sid:37199581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.71.27.85 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.71.27.85"; classtype:trojan-activity; sid:37199591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 220.194.188.107 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.194.188.107"; classtype:trojan-activity; sid:37199601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.132.170.62 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.170.62"; classtype:trojan-activity; sid:37199611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 39.171.250.77 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.171.250.77"; classtype:trojan-activity; sid:37199621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.88.67.22 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.88.67.22"; classtype:trojan-activity; sid:37199631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 40.233.2.247 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 40.233.2.247"; classtype:trojan-activity; sid:37199641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 77.105.136.235 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.105.136.235"; classtype:trojan-activity; sid:37199651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.32.141.200 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.141.200"; classtype:trojan-activity; sid:37199661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.4.137.243 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.137.243"; classtype:trojan-activity; sid:37199671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.107.226.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.107.226.105"; classtype:trojan-activity; sid:37199681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.51.229.210 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.229.210"; classtype:trojan-activity; sid:37199691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 89.218.15.53 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.218.15.53"; classtype:trojan-activity; sid:37199701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert dns any any -> any any (msg: "MISP e26072 [] Domain tarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"tarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])tarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37123141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26072;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26072 [] Outgoing HTTP Domain tarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26072;) alert ip $HOME_NET any -> 185.119.118.59 8080 (msg: "MISP e26168 [] Outgoing To IP: 185.119.118.59|8080"; classtype:trojan-activity; sid:37204791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip 42.51.22.124 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.22.124"; classtype:trojan-activity; sid:37199711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 161.35.134.21 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.134.21"; classtype:trojan-activity; sid:37199721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 51.255.50.53 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.255.50.53"; classtype:trojan-activity; sid:37199731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.192.136.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.136.30"; classtype:trojan-activity; sid:37199741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.184.108.111 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.184.108.111"; classtype:trojan-activity; sid:37199751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.223.107 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.223.107"; classtype:trojan-activity; sid:37199761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 128.199.185.189 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.185.189"; classtype:trojan-activity; sid:37199771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip $HOME_NET any -> 43.132.212.200 443 (msg: "MISP e26075 [c2,Havoc] Outgoing To IP: 43.132.212.200|443"; classtype:trojan-activity; sid:37124181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 136.54.125.106 80 (msg: "MISP e26075 [c2,Havoc] Outgoing To IP: 136.54.125.106|80"; classtype:trojan-activity; sid:37124191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 40.90.255.165 80 (msg: "MISP e26075 [c2,Havoc] Outgoing To IP: 40.90.255.165|80"; classtype:trojan-activity; sid:37124201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 18.117.144.139 80 (msg: "MISP e26075 [c2,Havoc] Outgoing To IP: 18.117.144.139|80"; classtype:trojan-activity; sid:37124211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 165.154.132.129 50013 (msg: "MISP e26075 [c2,Havoc] Outgoing To IP: 165.154.132.129|50013"; classtype:trojan-activity; sid:37124221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 61.19.254.6 2123 (msg: "MISP e26075 [c2,Havoc] Outgoing To IP: 61.19.254.6|2123"; classtype:trojan-activity; sid:37124231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 45.79.196.203 8080 (msg: "MISP e26075 [c2,Havoc] Outgoing To IP: 45.79.196.203|8080"; classtype:trojan-activity; sid:37124241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 54.169.174.23 443 (msg: "MISP e26075 [c2,Havoc] Outgoing To IP: 54.169.174.23|443"; classtype:trojan-activity; sid:37124251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 150.143.137.163 443 (msg: "MISP e26075 [c2,Havoc] Outgoing To IP: 150.143.137.163|443"; classtype:trojan-activity; sid:37124261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 91.92.241.39 2023 (msg: "MISP e26075 [c2,dcrat] Outgoing To IP: 91.92.241.39|2023"; classtype:trojan-activity; sid:37124271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 91.92.241.121 2023 (msg: "MISP e26075 [c2,dcrat] Outgoing To IP: 91.92.241.121|2023"; classtype:trojan-activity; sid:37124281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 46.246.6.2 2121 (msg: "MISP e26075 [c2,dcrat] Outgoing To IP: 46.246.6.2|2121"; classtype:trojan-activity; sid:37124291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 91.92.241.128 2023 (msg: "MISP e26075 [c2,dcrat] Outgoing To IP: 91.92.241.128|2023"; classtype:trojan-activity; sid:37124301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 147.45.47.96 8081 (msg: "MISP e26075 [c2,Risepro] Outgoing To IP: 147.45.47.96|8081"; classtype:trojan-activity; sid:37124311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip 64.23.128.44 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.128.44"; classtype:trojan-activity; sid:37199781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip $HOME_NET any -> 147.45.47.96 8081 (msg: "MISP e26168 [] Outgoing To IP: 147.45.47.96|8081"; classtype:trojan-activity; sid:37204801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 91.92.241.128 2023 (msg: "MISP e26168 [] Outgoing To IP: 91.92.241.128|2023"; classtype:trojan-activity; sid:37204811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 46.246.6.2 2121 (msg: "MISP e26168 [] Outgoing To IP: 46.246.6.2|2121"; classtype:trojan-activity; sid:37204821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 91.92.241.121 2023 (msg: "MISP e26168 [] Outgoing To IP: 91.92.241.121|2023"; classtype:trojan-activity; sid:37204831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 91.92.241.39 2023 (msg: "MISP e26168 [] Outgoing To IP: 91.92.241.39|2023"; classtype:trojan-activity; sid:37204841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 150.143.137.163 443 (msg: "MISP e26168 [] Outgoing To IP: 150.143.137.163|443"; classtype:trojan-activity; sid:37204851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 54.169.174.23 443 (msg: "MISP e26168 [] Outgoing To IP: 54.169.174.23|443"; classtype:trojan-activity; sid:37204861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 45.79.196.203 8080 (msg: "MISP e26168 [] Outgoing To IP: 45.79.196.203|8080"; classtype:trojan-activity; sid:37204871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 61.19.254.6 2123 (msg: "MISP e26168 [] Outgoing To IP: 61.19.254.6|2123"; classtype:trojan-activity; sid:37204881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 165.154.132.129 50013 (msg: "MISP e26168 [] Outgoing To IP: 165.154.132.129|50013"; classtype:trojan-activity; sid:37204891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 18.117.144.139 80 (msg: "MISP e26168 [] Outgoing To IP: 18.117.144.139|80"; classtype:trojan-activity; sid:37204901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 40.90.255.165 80 (msg: "MISP e26168 [] Outgoing To IP: 40.90.255.165|80"; classtype:trojan-activity; sid:37204911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 136.54.125.106 80 (msg: "MISP e26168 [] Outgoing To IP: 136.54.125.106|80"; classtype:trojan-activity; sid:37204921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 43.132.212.200 443 (msg: "MISP e26168 [] Outgoing To IP: 43.132.212.200|443"; classtype:trojan-activity; sid:37204931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip 101.33.204.201 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.204.201"; classtype:trojan-activity; sid:37199791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 8.222.240.38 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.240.38"; classtype:trojan-activity; sid:37199801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.77.118 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.77.118"; classtype:trojan-activity; sid:37199811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.142.19.34 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.19.34"; classtype:trojan-activity; sid:37199821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.136.240.76 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.240.76"; classtype:trojan-activity; sid:37199831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.200.30.93 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.200.30.93"; classtype:trojan-activity; sid:37199841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 20.6.232.17 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.6.232.17"; classtype:trojan-activity; sid:37199851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.52.120.131 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.120.131"; classtype:trojan-activity; sid:37199861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.164.112.129 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.164.112.129"; classtype:trojan-activity; sid:37199871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.130.165.134 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.130.165.134"; classtype:trojan-activity; sid:37199881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.209.188 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.209.188"; classtype:trojan-activity; sid:37199891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.35.89 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.35.89"; classtype:trojan-activity; sid:37199901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 138.84.41.172 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.84.41.172"; classtype:trojan-activity; sid:37199911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 182.254.157.124 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.254.157.124"; classtype:trojan-activity; sid:37199921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.198.57.107 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.57.107"; classtype:trojan-activity; sid:37199931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.163.159 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.163.159"; classtype:trojan-activity; sid:37199941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 170.64.196.239 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.196.239"; classtype:trojan-activity; sid:37199951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.45.145.194 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.45.145.194"; classtype:trojan-activity; sid:37199961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.22.227.46 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.227.46"; classtype:trojan-activity; sid:37199971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.87.80.171 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.87.80.171"; classtype:trojan-activity; sid:37199981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.152.142 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.152.142"; classtype:trojan-activity; sid:37199991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.19.105.121 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.19.105.121"; classtype:trojan-activity; sid:37200001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.76.97.38 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.97.38"; classtype:trojan-activity; sid:37200011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.78.84.91 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.78.84.91"; classtype:trojan-activity; sid:37200021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 156.227.0.73 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.227.0.73"; classtype:trojan-activity; sid:37200031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.165.32.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.165.32.71"; classtype:trojan-activity; sid:37200041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 165.22.216.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.216.105"; classtype:trojan-activity; sid:37200051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.118.242.91 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.118.242.91"; classtype:trojan-activity; sid:37200061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.177.143 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.177.143"; classtype:trojan-activity; sid:37200071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.152.224.188 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.152.224.188"; classtype:trojan-activity; sid:37200081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.147.242.106 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.147.242.106"; classtype:trojan-activity; sid:37200091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.110.176.216 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.176.216"; classtype:trojan-activity; sid:37200101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 183.180.128.204 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.180.128.204"; classtype:trojan-activity; sid:37200111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.161.194.27 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.161.194.27"; classtype:trojan-activity; sid:37200121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.55.57.164 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.57.164"; classtype:trojan-activity; sid:37200131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.133.42.162 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.42.162"; classtype:trojan-activity; sid:37200141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.62.216.107 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.62.216.107"; classtype:trojan-activity; sid:37200151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 167.71.59.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.59.45"; classtype:trojan-activity; sid:37200161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.34.53.178 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.53.178"; classtype:trojan-activity; sid:37200171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.163.119.229 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.163.119.229"; classtype:trojan-activity; sid:37200181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.197.173 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.197.173"; classtype:trojan-activity; sid:37200191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.230.93.190 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.93.190"; classtype:trojan-activity; sid:37200201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 5.189.132.226 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.189.132.226"; classtype:trojan-activity; sid:37200211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 129.204.17.120 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.204.17.120"; classtype:trojan-activity; sid:37200221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 138.100.82.172 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.100.82.172"; classtype:trojan-activity; sid:37200231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.110.43.198 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.110.43.198"; classtype:trojan-activity; sid:37200241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.101.157 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.157"; classtype:trojan-activity; sid:37200251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.153.2.114 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.2.114"; classtype:trojan-activity; sid:37200261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 107.189.6.124 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.189.6.124"; classtype:trojan-activity; sid:37200271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.183.27 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.183.27"; classtype:trojan-activity; sid:37200281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 24.144.84.240 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.144.84.240"; classtype:trojan-activity; sid:37200291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 152.136.49.35 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.49.35"; classtype:trojan-activity; sid:37200301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.53.188 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.53.188"; classtype:trojan-activity; sid:37200311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.94.225.93 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.94.225.93"; classtype:trojan-activity; sid:37200321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.34.84.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.84.105"; classtype:trojan-activity; sid:37200331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 123.207.59.88 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.59.88"; classtype:trojan-activity; sid:37200341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.146.193 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.146.193"; classtype:trojan-activity; sid:37200351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 88.201.189.216 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.201.189.216"; classtype:trojan-activity; sid:37200361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 37.47.246.8 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.47.246.8"; classtype:trojan-activity; sid:37200371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.205.45.161 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.205.45.161"; classtype:trojan-activity; sid:37200381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.60.147.149 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.60.147.149"; classtype:trojan-activity; sid:37200391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.157.63.72 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.63.72"; classtype:trojan-activity; sid:37200401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 167.235.203.64 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.235.203.64"; classtype:trojan-activity; sid:37200411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.131.241.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.241.54"; classtype:trojan-activity; sid:37200421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.183.20.170 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.183.20.170"; classtype:trojan-activity; sid:37200431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.235.210.251 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.235.210.251"; classtype:trojan-activity; sid:37200441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.123.12.225 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.123.12.225"; classtype:trojan-activity; sid:37200451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 167.71.100.21 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.100.21"; classtype:trojan-activity; sid:37200461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.235.190.129 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.190.129"; classtype:trojan-activity; sid:37200471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 189.190.67.31 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.190.67.31"; classtype:trojan-activity; sid:37200481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.132.57.69 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.57.69"; classtype:trojan-activity; sid:37200491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.239.48 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.239.48"; classtype:trojan-activity; sid:37200501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.108.52 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.108.52"; classtype:trojan-activity; sid:37200511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.234.119.96 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.119.96"; classtype:trojan-activity; sid:37200521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.52.126.237 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.126.237"; classtype:trojan-activity; sid:37200531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.50.200.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.50.200.126"; classtype:trojan-activity; sid:37200541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.14.70.242 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.70.242"; classtype:trojan-activity; sid:37200551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 107.189.2.108 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.189.2.108"; classtype:trojan-activity; sid:37200561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.18.72 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.18.72"; classtype:trojan-activity; sid:37200571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.23.243 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.23.243"; classtype:trojan-activity; sid:37200581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 222.219.131.45 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.219.131.45"; classtype:trojan-activity; sid:37200591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.136.71.14 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.136.71.14"; classtype:trojan-activity; sid:37200601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.157.164.71 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.164.71"; classtype:trojan-activity; sid:37200611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 220.89.64.174 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.89.64.174"; classtype:trojan-activity; sid:37200621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.50.177.82 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.177.82"; classtype:trojan-activity; sid:37200631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.55.165.187 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.55.165.187"; classtype:trojan-activity; sid:37200641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 195.133.196.21 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.133.196.21"; classtype:trojan-activity; sid:37200651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 78.24.218.83 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.24.218.83"; classtype:trojan-activity; sid:37200661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.54.107 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.54.107"; classtype:trojan-activity; sid:37200671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.193.97.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.97.13"; classtype:trojan-activity; sid:37200681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 125.141.12.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.141.12.139"; classtype:trojan-activity; sid:37200691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.160.116.217 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.160.116.217"; classtype:trojan-activity; sid:37200701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.137.40.78 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.137.40.78"; classtype:trojan-activity; sid:37200711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.3.250 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.3.250"; classtype:trojan-activity; sid:37200721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.28.113.42 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.113.42"; classtype:trojan-activity; sid:37200731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.78.104 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.78.104"; classtype:trojan-activity; sid:37200741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 58.97.168.215 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.97.168.215"; classtype:trojan-activity; sid:37200751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 113.142.134.0 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.142.134.0"; classtype:trojan-activity; sid:37200761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 140.246.88.133 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.246.88.133"; classtype:trojan-activity; sid:37200771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 112.168.248.149 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.168.248.149"; classtype:trojan-activity; sid:37200781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 146.190.229.170 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.229.170"; classtype:trojan-activity; sid:37200791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.29.175.202 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.29.175.202"; classtype:trojan-activity; sid:37200801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 111.231.101.223 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.101.223"; classtype:trojan-activity; sid:37200811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 211.159.182.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.159.182.212"; classtype:trojan-activity; sid:37200821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 66.94.114.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.94.114.18"; classtype:trojan-activity; sid:37200831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.101.135 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.135"; classtype:trojan-activity; sid:37200841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.178.165.123 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.165.123"; classtype:trojan-activity; sid:37200851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 212.113.106.126 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.113.106.126"; classtype:trojan-activity; sid:37200861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.233.60.253 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.233.60.253"; classtype:trojan-activity; sid:37200871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.201.194.213 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.201.194.213"; classtype:trojan-activity; sid:37200881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.19.20 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.19.20"; classtype:trojan-activity; sid:37200891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.193.151.18 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.193.151.18"; classtype:trojan-activity; sid:37200901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.232.250.235 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.250.235"; classtype:trojan-activity; sid:37200911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 198.98.48.192 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.98.48.192"; classtype:trojan-activity; sid:37200921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.101.96 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.96"; classtype:trojan-activity; sid:37200931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.163.132.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.163.132.212"; classtype:trojan-activity; sid:37200941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 121.4.38.160 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.38.160"; classtype:trojan-activity; sid:37200951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 107.150.4.132 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.150.4.132"; classtype:trojan-activity; sid:37200961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.229.0.188 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.229.0.188"; classtype:trojan-activity; sid:37200971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.158.138.12 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.138.12"; classtype:trojan-activity; sid:37200981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 152.70.111.135 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.70.111.135"; classtype:trojan-activity; sid:37200991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 161.35.129.190 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.129.190"; classtype:trojan-activity; sid:37201001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.50.192.67 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.192.67"; classtype:trojan-activity; sid:37201011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.117.141.114 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.117.141.114"; classtype:trojan-activity; sid:37201021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.71.44.125 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.71.44.125"; classtype:trojan-activity; sid:37201031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 27.71.26.177 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.71.26.177"; classtype:trojan-activity; sid:37201041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.195.164.97 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.164.97"; classtype:trojan-activity; sid:37201051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 47.104.184.147 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.104.184.147"; classtype:trojan-activity; sid:37201061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 211.252.161.44 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.252.161.44"; classtype:trojan-activity; sid:37201071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 156.236.74.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.74.13"; classtype:trojan-activity; sid:37201081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.152.48.139 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.152.48.139"; classtype:trojan-activity; sid:37201091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.130.219.202 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.219.202"; classtype:trojan-activity; sid:37201101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.56.88.247 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.56.88.247"; classtype:trojan-activity; sid:37201111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 82.207.9.130 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.207.9.130"; classtype:trojan-activity; sid:37201121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.130.37 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.130.37"; classtype:trojan-activity; sid:37201131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.134.27.153 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.27.153"; classtype:trojan-activity; sid:37201141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 192.144.65.3 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.144.65.3"; classtype:trojan-activity; sid:37201151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 93.131.12.157 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.131.12.157"; classtype:trojan-activity; sid:37201161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 158.140.133.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.140.133.54"; classtype:trojan-activity; sid:37201171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 116.110.1.135 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.110.1.135"; classtype:trojan-activity; sid:37201181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 115.245.99.142 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.245.99.142"; classtype:trojan-activity; sid:37201191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.101.142 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.142"; classtype:trojan-activity; sid:37201201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 138.84.41.184 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.84.41.184"; classtype:trojan-activity; sid:37201211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.43.224.124 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.224.124"; classtype:trojan-activity; sid:37201221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.110.229.68 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.229.68"; classtype:trojan-activity; sid:37201231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 65.109.228.195 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.109.228.195"; classtype:trojan-activity; sid:37201241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 51.89.138.51 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.89.138.51"; classtype:trojan-activity; sid:37201251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.138.59.239 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.59.239"; classtype:trojan-activity; sid:37201261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.158.103.204 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.103.204"; classtype:trojan-activity; sid:37201271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.229.119.148 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.229.119.148"; classtype:trojan-activity; sid:37201281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 218.158.22.6 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.158.22.6"; classtype:trojan-activity; sid:37201291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 143.202.208.244 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.202.208.244"; classtype:trojan-activity; sid:37201301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 95.90.242.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.90.242.212"; classtype:trojan-activity; sid:37201311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.68.169.233 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.169.233"; classtype:trojan-activity; sid:37201321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.32.99.147 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.99.147"; classtype:trojan-activity; sid:37201331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 85.198.11.150 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.198.11.150"; classtype:trojan-activity; sid:37201341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 68.178.174.221 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.178.174.221"; classtype:trojan-activity; sid:37201351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.194.176.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.176.212"; classtype:trojan-activity; sid:37201361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 96.62.60.82 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.62.60.82"; classtype:trojan-activity; sid:37201371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.131.119 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.131.119"; classtype:trojan-activity; sid:37201381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 54.36.186.231 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.36.186.231"; classtype:trojan-activity; sid:37201391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.18.15.92 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.18.15.92"; classtype:trojan-activity; sid:37201401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 78.82.186.205 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.82.186.205"; classtype:trojan-activity; sid:37201411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 194.163.143.133 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.163.143.133"; classtype:trojan-activity; sid:37201421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.28.233.75 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.233.75"; classtype:trojan-activity; sid:37201431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 117.50.67.183 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.67.183"; classtype:trojan-activity; sid:37201441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.194.186.157 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.186.157"; classtype:trojan-activity; sid:37201451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 60.164.242.224 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.164.242.224"; classtype:trojan-activity; sid:37201461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.234.214.60 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.214.60"; classtype:trojan-activity; sid:37201471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.248.23.37 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.248.23.37"; classtype:trojan-activity; sid:37201481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 107.200.178.13 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.200.178.13"; classtype:trojan-activity; sid:37201491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.128.131.159 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.131.159"; classtype:trojan-activity; sid:37201501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.48.123.165 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.123.165"; classtype:trojan-activity; sid:37201511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 36.137.186.182 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.186.182"; classtype:trojan-activity; sid:37201521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 175.6.100.226 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.100.226"; classtype:trojan-activity; sid:37201531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 152.32.235.232 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.235.232"; classtype:trojan-activity; sid:37201541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 139.59.21.234 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.21.234"; classtype:trojan-activity; sid:37201551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.42.239.122 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.239.122"; classtype:trojan-activity; sid:37201561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 64.227.190.61 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.190.61"; classtype:trojan-activity; sid:37201571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 94.131.105.239 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.131.105.239"; classtype:trojan-activity; sid:37201581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 192.42.116.19 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.42.116.19"; classtype:trojan-activity; sid:37201591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 62.234.54.246 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.54.246"; classtype:trojan-activity; sid:37201601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.232.53.248 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.53.248"; classtype:trojan-activity; sid:37201611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.116.108.203 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.116.108.203"; classtype:trojan-activity; sid:37201621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.42.225.64 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.225.64"; classtype:trojan-activity; sid:37201631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.147.96 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.147.96"; classtype:trojan-activity; sid:37201641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 60.176.172.122 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.176.172.122"; classtype:trojan-activity; sid:37201651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 162.247.74.7 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.247.74.7"; classtype:trojan-activity; sid:37201661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 119.91.216.92 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.216.92"; classtype:trojan-activity; sid:37201671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.241.208.54 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.241.208.54"; classtype:trojan-activity; sid:37201681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.101.151 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.151"; classtype:trojan-activity; sid:37201691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.101.172 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.172"; classtype:trojan-activity; sid:37201701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 114.132.223.248 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.223.248"; classtype:trojan-activity; sid:37201711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.53.217.219 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.217.219"; classtype:trojan-activity; sid:37201721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.223.119.209 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.119.209"; classtype:trojan-activity; sid:37201731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 75.119.150.172 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.119.150.172"; classtype:trojan-activity; sid:37201741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.143.138.94 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.138.94"; classtype:trojan-activity; sid:37201751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 219.152.53.127 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.152.53.127"; classtype:trojan-activity; sid:37201761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 39.98.59.209 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.98.59.209"; classtype:trojan-activity; sid:37201771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.101.185 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.185"; classtype:trojan-activity; sid:37201781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 134.175.129.189 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.175.129.189"; classtype:trojan-activity; sid:37201791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 220.78.169.134 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.78.169.134"; classtype:trojan-activity; sid:37201801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.237.103.241 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.237.103.241"; classtype:trojan-activity; sid:37201811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.235.146.29 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.235.146.29"; classtype:trojan-activity; sid:37201821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 218.85.247.252 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.85.247.252"; classtype:trojan-activity; sid:37201831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 171.25.193.20 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.25.193.20"; classtype:trojan-activity; sid:37201841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 95.42.59.166 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.42.59.166"; classtype:trojan-activity; sid:37201851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.135.48.212 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.48.212"; classtype:trojan-activity; sid:37201861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.136.133.141 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.133.141"; classtype:trojan-activity; sid:37201871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.221.203.42 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.203.42"; classtype:trojan-activity; sid:37201881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 34.92.146.210 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.92.146.210"; classtype:trojan-activity; sid:37201891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.177.16 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.177.16"; classtype:trojan-activity; sid:37201901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 218.78.63.36 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.78.63.36"; classtype:trojan-activity; sid:37201911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 118.113.244.69 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.113.244.69"; classtype:trojan-activity; sid:37201921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 146.59.250.225 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.59.250.225"; classtype:trojan-activity; sid:37201931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 79.16.66.105 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.16.66.105"; classtype:trojan-activity; sid:37201941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.138.60.33 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.60.33"; classtype:trojan-activity; sid:37201951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.71.140.138 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.71.140.138"; classtype:trojan-activity; sid:37201961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.110.32 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.110.32"; classtype:trojan-activity; sid:37201971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 81.70.156.89 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.156.89"; classtype:trojan-activity; sid:37201981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 179.185.90.114 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.185.90.114"; classtype:trojan-activity; sid:37201991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 45.184.44.172 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.184.44.172"; classtype:trojan-activity; sid:37202001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 58.56.23.210 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.56.23.210"; classtype:trojan-activity; sid:37202011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 107.172.34.215 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.34.215"; classtype:trojan-activity; sid:37202021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 59.93.18.121 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.93.18.121"; classtype:trojan-activity; sid:37202031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.15.155.17 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.15.155.17"; classtype:trojan-activity; sid:37202041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.139.250.52 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.250.52"; classtype:trojan-activity; sid:37202051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.220.186.190 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.186.190"; classtype:trojan-activity; sid:37202061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.50.121 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.121"; classtype:trojan-activity; sid:37202071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.126.6.69 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.6.69"; classtype:trojan-activity; sid:37202081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.220.101.99 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.99"; classtype:trojan-activity; sid:37202091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 146.190.237.14 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.237.14"; classtype:trojan-activity; sid:37202101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 140.143.170.34 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.143.170.34"; classtype:trojan-activity; sid:37202111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 124.222.67.15 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.67.15"; classtype:trojan-activity; sid:37202121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 101.42.88.25 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.88.25"; classtype:trojan-activity; sid:37202131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 134.209.183.166 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.183.166"; classtype:trojan-activity; sid:37202141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 104.250.50.56 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.56"; classtype:trojan-activity; sid:37202151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 211.90.240.151 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.90.240.151"; classtype:trojan-activity; sid:37202161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.31.65.41 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.31.65.41"; classtype:trojan-activity; sid:37202171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 181.115.157.132 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.115.157.132"; classtype:trojan-activity; sid:37202181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 110.40.185.51 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.185.51"; classtype:trojan-activity; sid:37202191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 43.138.152.236 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.152.236"; classtype:trojan-activity; sid:37202201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 190.249.229.59 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.249.229.59"; classtype:trojan-activity; sid:37202211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.253.175.38 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.253.175.38"; classtype:trojan-activity; sid:37202221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 85.198.14.241 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.198.14.241"; classtype:trojan-activity; sid:37202231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 184.168.120.241 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.168.120.241"; classtype:trojan-activity; sid:37202241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 185.81.98.165 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.81.98.165"; classtype:trojan-activity; sid:37202251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 122.115.225.106 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.115.225.106"; classtype:trojan-activity; sid:37202261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 109.194.17.175 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.194.17.175"; classtype:trojan-activity; sid:37202271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 120.53.250.30 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.250.30"; classtype:trojan-activity; sid:37202281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 42.193.0.40 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.0.40"; classtype:trojan-activity; sid:37202291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.118.114.44 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.118.114.44"; classtype:trojan-activity; sid:37202411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 103.171.201.229 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.171.201.229"; classtype:trojan-activity; sid:37202421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 152.136.199.20 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.199.20"; classtype:trojan-activity; sid:37202301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 103.123.63.243 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.123.63.243"; classtype:trojan-activity; sid:37202311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 59.9.11.251 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.9.11.251"; classtype:trojan-activity; sid:37202321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 187.188.240.7 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.188.240.7"; classtype:trojan-activity; sid:37202331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 14.103.42.36 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.42.36"; classtype:trojan-activity; sid:37202341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 190.92.214.208 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.92.214.208"; classtype:trojan-activity; sid:37202351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 150.109.254.239 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.254.239"; classtype:trojan-activity; sid:37202361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 49.51.48.209 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.48.209"; classtype:trojan-activity; sid:37202371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 106.57.197.90 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.57.197.90"; classtype:trojan-activity; sid:37202431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 113.200.137.62 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.62"; classtype:trojan-activity; sid:37202441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 112.184.193.235 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.184.193.235"; classtype:trojan-activity; sid:37202451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 118.248.170.133 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.248.170.133"; classtype:trojan-activity; sid:37202461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 112.160.30.244 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.160.30.244"; classtype:trojan-activity; sid:37202471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 124.61.237.245 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.61.237.245"; classtype:trojan-activity; sid:37202481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 121.239.172.244 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.239.172.244"; classtype:trojan-activity; sid:37202491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 114.138.111.133 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.138.111.133"; classtype:trojan-activity; sid:37202501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 153.230.147.228 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.230.147.228"; classtype:trojan-activity; sid:37202511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 153.131.180.171 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.131.180.171"; classtype:trojan-activity; sid:37202521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 119.189.255.111 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.189.255.111"; classtype:trojan-activity; sid:37202531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 125.228.185.20 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.228.185.20"; classtype:trojan-activity; sid:37202541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 1.14.31.235 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.31.235"; classtype:trojan-activity; sid:37202381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 180.105.228.176 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.105.228.176"; classtype:trojan-activity; sid:37202551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 43.136.166.147 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.166.147"; classtype:trojan-activity; sid:37202391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 171.25.193.234 any -> $HOME_NET any (msg: "MISP e26162 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.25.193.234"; classtype:trojan-activity; sid:37202401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26162;) alert ip 1.2.207.187 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.2.207.187"; classtype:trojan-activity; sid:37202561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 114.33.31.247 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.33.31.247"; classtype:trojan-activity; sid:37202571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 117.215.236.206 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.215.236.206"; classtype:trojan-activity; sid:37202581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 175.32.242.158 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.32.242.158"; classtype:trojan-activity; sid:37202591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 171.112.156.59 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.112.156.59"; classtype:trojan-activity; sid:37202601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 196.191.102.41 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.191.102.41"; classtype:trojan-activity; sid:37202611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 113.118.132.187 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.118.132.187"; classtype:trojan-activity; sid:37202621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 119.196.148.25 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.196.148.25"; classtype:trojan-activity; sid:37202631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 121.226.206.233 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.226.206.233"; classtype:trojan-activity; sid:37202641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 194.48.250.125 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.125"; classtype:trojan-activity; sid:37202651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 185.12.224.148 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.12.224.148"; classtype:trojan-activity; sid:37202661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 42.243.94.51 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.243.94.51"; classtype:trojan-activity; sid:37202671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 117.243.227.203 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.243.227.203"; classtype:trojan-activity; sid:37202681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 125.229.44.99 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.229.44.99"; classtype:trojan-activity; sid:37202691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 122.175.37.20 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.175.37.20"; classtype:trojan-activity; sid:37202701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 149.87.38.199 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.87.38.199"; classtype:trojan-activity; sid:37202711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 27.29.33.2 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.29.33.2"; classtype:trojan-activity; sid:37202721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 171.83.137.176 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.83.137.176"; classtype:trojan-activity; sid:37202731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 153.145.183.3 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.145.183.3"; classtype:trojan-activity; sid:37202741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 175.30.68.60 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.68.60"; classtype:trojan-activity; sid:37202751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 185.12.224.158 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.12.224.158"; classtype:trojan-activity; sid:37202761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 203.117.54.44 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.117.54.44"; classtype:trojan-activity; sid:37202771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 175.8.114.4 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.8.114.4"; classtype:trojan-activity; sid:37202781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 209.97.160.174 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.97.160.174"; classtype:trojan-activity; sid:37202791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 46.106.221.137 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.106.221.137"; classtype:trojan-activity; sid:37202801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 194.48.250.124 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.124"; classtype:trojan-activity; sid:37202811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 61.160.101.170 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.160.101.170"; classtype:trojan-activity; sid:37202821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 194.48.250.127 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.127"; classtype:trojan-activity; sid:37202831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 46.119.228.11 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.119.228.11"; classtype:trojan-activity; sid:37202841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 82.147.91.116 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.147.91.116"; classtype:trojan-activity; sid:37202851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 79.136.3.185 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.136.3.185"; classtype:trojan-activity; sid:37202861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 31.43.99.137 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.43.99.137"; classtype:trojan-activity; sid:37202871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 84.54.51.188 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.54.51.188"; classtype:trojan-activity; sid:37202881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 223.13.1.54 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.13.1.54"; classtype:trojan-activity; sid:37202891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 61.49.152.56 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.49.152.56"; classtype:trojan-activity; sid:37202901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 59.19.192.162 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.19.192.162"; classtype:trojan-activity; sid:37202911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 159.223.98.123 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.98.123"; classtype:trojan-activity; sid:37203371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 192.241.220.43 any -> $HOME_NET any (msg: "MISP e26167 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.220.43"; classtype:trojan-activity; sid:37203551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26167;) alert ip 114.44.27.17 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.44.27.17"; classtype:trojan-activity; sid:37202921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 91.241.214.247 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.241.214.247"; classtype:trojan-activity; sid:37202931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 106.60.35.88 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.60.35.88"; classtype:trojan-activity; sid:37202941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 153.222.99.24 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.222.99.24"; classtype:trojan-activity; sid:37202951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 116.207.17.102 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.207.17.102"; classtype:trojan-activity; sid:37202961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 119.117.255.62 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.117.255.62"; classtype:trojan-activity; sid:37202971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 118.193.59.142 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.59.142"; classtype:trojan-activity; sid:37203381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 115.92.155.19 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.92.155.19"; classtype:trojan-activity; sid:37203391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 117.95.187.109 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.95.187.109"; classtype:trojan-activity; sid:37202981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 113.200.137.55 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.55"; classtype:trojan-activity; sid:37202991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 107.170.240.39 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.240.39"; classtype:trojan-activity; sid:37203401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 103.134.117.38 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.134.117.38"; classtype:trojan-activity; sid:37203001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 113.228.44.91 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.228.44.91"; classtype:trojan-activity; sid:37203011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 101.64.157.225 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.64.157.225"; classtype:trojan-activity; sid:37203021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 87.236.176.217 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.217"; classtype:trojan-activity; sid:37203411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 23.92.27.111 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.92.27.111"; classtype:trojan-activity; sid:37203421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 45.79.141.23 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.141.23"; classtype:trojan-activity; sid:37203431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 87.236.176.213 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.213"; classtype:trojan-activity; sid:37203441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 5.249.144.19 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.249.144.19"; classtype:trojan-activity; sid:37203451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 87.236.176.212 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.212"; classtype:trojan-activity; sid:37203461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 45.33.59.119 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.33.59.119"; classtype:trojan-activity; sid:37203471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 87.236.176.191 any -> $HOME_NET any (msg: "MISP e26164 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.191"; classtype:trojan-activity; sid:37203311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26164;) alert ip 121.203.239.129 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.203.239.129"; classtype:trojan-activity; sid:37203031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 117.201.123.60 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.201.123.60"; classtype:trojan-activity; sid:37203041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 109.224.34.225 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.224.34.225"; classtype:trojan-activity; sid:37203051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 121.143.175.220 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.143.175.220"; classtype:trojan-activity; sid:37203061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 1.14.76.91 any -> $HOME_NET any (msg: "MISP e26164 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.76.91"; classtype:trojan-activity; sid:37203321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26164;) alert ip 165.22.143.72 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.143.72"; classtype:trojan-activity; sid:37203481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 119.203.200.111 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.203.200.111"; classtype:trojan-activity; sid:37203071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 87.236.176.193 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.193"; classtype:trojan-activity; sid:37203491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 87.236.176.197 any -> $HOME_NET any (msg: "MISP e26164 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.197"; classtype:trojan-activity; sid:37203331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26164;) alert ip 192.241.205.67 any -> $HOME_NET any (msg: "MISP e26164 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.205.67"; classtype:trojan-activity; sid:37203341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26164;) alert ip 175.11.240.138 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.240.138"; classtype:trojan-activity; sid:37203081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 194.48.250.128 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.128"; classtype:trojan-activity; sid:37203091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 198.235.24.117 any -> $HOME_NET any (msg: "MISP e26165 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.117"; classtype:trojan-activity; sid:37203501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26165;) alert ip 124.89.86.167 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.89.86.167"; classtype:trojan-activity; sid:37203101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 107.170.250.10 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.250.10"; classtype:trojan-activity; sid:37203111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 87.236.176.216 any -> $HOME_NET any (msg: "MISP e26164 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.216"; classtype:trojan-activity; sid:37203351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26164;) alert ip 190.109.228.162 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.228.162"; classtype:trojan-activity; sid:37203121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 47.98.142.212 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.98.142.212"; classtype:trojan-activity; sid:37203131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 39.164.180.20 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.164.180.20"; classtype:trojan-activity; sid:37203141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 192.241.203.37 any -> $HOME_NET any (msg: "MISP e26164 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.203.37"; classtype:trojan-activity; sid:37203361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26164;) alert ip 220.77.38.15 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.77.38.15"; classtype:trojan-activity; sid:37203151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 59.175.47.216 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.175.47.216"; classtype:trojan-activity; sid:37203161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 14.181.67.224 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.181.67.224"; classtype:trojan-activity; sid:37203171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 125.41.207.245 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.41.207.245"; classtype:trojan-activity; sid:37203181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 58.54.109.74 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.109.74"; classtype:trojan-activity; sid:37203191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 138.97.241.193 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.97.241.193"; classtype:trojan-activity; sid:37203201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 88.129.112.5 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.129.112.5"; classtype:trojan-activity; sid:37203211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 221.217.55.180 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.217.55.180"; classtype:trojan-activity; sid:37203221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 202.56.28.179 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.56.28.179"; classtype:trojan-activity; sid:37203231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 186.225.189.149 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.225.189.149"; classtype:trojan-activity; sid:37203241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 170.245.200.48 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.245.200.48"; classtype:trojan-activity; sid:37203251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 176.50.214.45 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.50.214.45"; classtype:trojan-activity; sid:37203261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 73.139.114.233 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 73.139.114.233"; classtype:trojan-activity; sid:37203271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 173.52.101.9 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.52.101.9"; classtype:trojan-activity; sid:37203281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 181.34.51.245 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.34.51.245"; classtype:trojan-activity; sid:37203291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 81.213.28.63 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.213.28.63"; classtype:trojan-activity; sid:37203301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 222.150.133.93 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.150.133.93"; classtype:trojan-activity; sid:37761441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert ip 175.164.11.141 any -> $HOME_NET any (msg: "MISP e26163 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.164.11.141"; classtype:trojan-activity; sid:37761451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26163;) alert dns any any -> any any (msg: "MISP e26168 [] Domain mail-bafmilbd.servequake.com"; dns.query; content:"mail-bafmilbd.servequake.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-bafmilbd\.servequake\.com$/i"; classtype:trojan-activity; sid:37204941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain mail-bafmilbd.servequake.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-bafmilbd.servequake.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-bafmilbd\.servequake\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain mail-depogovpk.servehttp.com"; dns.query; content:"mail-depogovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-depogovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37204951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain mail-depogovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-depogovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-depogovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain mail-dgdpgovpk.servehalflife.com"; dns.query; content:"mail-dgdpgovpk.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-dgdpgovpk\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37204961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain mail-dgdpgovpk.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-dgdpgovpk.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-dgdpgovpk\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain mail-modgovpk.servehttp.com"; dns.query; content:"mail-modgovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modgovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37204971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain mail-modgovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-modgovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modgovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain mail-mofagovpk.ddns.net"; dns.query; content:"mail-mofagovpk.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.ddns\.net$/i"; classtype:trojan-activity; sid:37204981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain mail-mofagovpk.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofagovpk.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain mail-mofagovpk.gotdns.ch"; dns.query; content:"mail-mofagovpk.gotdns.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.gotdns\.ch$/i"; classtype:trojan-activity; sid:37204991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain mail-mofagovpk.gotdns.ch"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofagovpk.gotdns.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.gotdns\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37204992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain mail-mofagovpk.myddns.me"; dns.query; content:"mail-mofagovpk.myddns.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.myddns\.me$/i"; classtype:trojan-activity; sid:37205001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain mail-mofagovpk.myddns.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofagovpk.myddns.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.myddns\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain mail-mofapk.servehttp.com"; dns.query; content:"mail-mofapk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofapk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain mail-mofapk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofapk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofapk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain mail-scogovpk.servehalflife.com"; dns.query; content:"mail-scogovpk.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-scogovpk\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37205021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain mail-scogovpk.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-scogovpk.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-scogovpk\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain mailhitgovpk.servehalflife.com"; dns.query; content:"mailhitgovpk.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mailhitgovpk\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37205031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain mailhitgovpk.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mailhitgovpk.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mailhitgovpk\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain nanfung.servehttp.com"; dns.query; content:"nanfung.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nanfung\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain nanfung.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nanfung.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nanfung\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain navy-govbd.servehttp.com"; dns.query; content:"navy-govbd.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])navy\-govbd\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain navy-govbd.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"navy-govbd.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])navy\-govbd\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain newmail-armymilbd.servehttp.com"; dns.query; content:"newmail-armymilbd.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])newmail\-armymilbd\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain newmail-armymilbd.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"newmail-armymilbd.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])newmail\-armymilbd\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain news-ptvcompk.servehttp.com"; dns.query; content:"news-ptvcompk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-ptvcompk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain news-ptvcompk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news-ptvcompk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-ptvcompk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain offer-ptclnetpk.servehttp.com"; dns.query; content:"offer-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offer\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain offer-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offer-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offer\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain offers-ptclnetpk.serveblog.net"; dns.query; content:"offers-ptclnetpk.serveblog.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveblog\.net$/i"; classtype:trojan-activity; sid:37205091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain offers-ptclnetpk.serveblog.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveblog.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveblog\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain offers-ptclnetpk.serveftp.com"; dns.query; content:"offers-ptclnetpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37205101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain offers-ptclnetpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain offers-ptclnetpk.serveirc.com"; dns.query; content:"offers-ptclnetpk.serveirc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveirc\.com$/i"; classtype:trojan-activity; sid:37205111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain offers-ptclnetpk.serveirc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveirc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveirc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain ogdcl.servehttp.com"; dns.query; content:"ogdcl.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ogdcl\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain ogdcl.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ogdcl.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ogdcl\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain piac-compk.servehttp.com"; dns.query; content:"piac-compk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])piac\-compk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain piac-compk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"piac-compk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])piac\-compk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain portal-ptclnetpk.servehttp.com"; dns.query; content:"portal-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain portal-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain sdmx-financegovpk.servehttp.com"; dns.query; content:"sdmx-financegovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sdmx\-financegovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain sdmx-financegovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sdmx-financegovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sdmx\-financegovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain sharepakistan-mofa.viewdns.net"; dns.query; content:"sharepakistan-mofa.viewdns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])sharepakistan\-mofa\.viewdns\.net$/i"; classtype:trojan-activity; sid:37205161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain sharepakistan-mofa.viewdns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sharepakistan-mofa.viewdns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sharepakistan\-mofa\.viewdns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain support-ntc.servehttp.com"; dns.query; content:"support-ntc.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])support\-ntc\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain support-ntc.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"support-ntc.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])support\-ntc\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain vibe-ptclnetpk.servehttp.com"; dns.query; content:"vibe-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vibe\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain vibe-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vibe-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vibe\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain advisory-cabinetgpk.servehttp.com"; dns.query; content:"advisory-cabinetgpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])advisory\-cabinetgpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain advisory-cabinetgpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"advisory-cabinetgpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])advisory\-cabinetgpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain awards-piacaero.servehalflife.com"; dns.query; content:"awards-piacaero.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37205201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain awards-piacaero.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"awards-piacaero.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain awards-piacaero.servehttp.com"; dns.query; content:"awards-piacaero.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain awards-piacaero.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"awards-piacaero.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain cap-mofagovpk.servehttp.com"; dns.query; content:"cap-mofagovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofagovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain cap-mofagovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cap-mofagovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofagovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain cap-mofapk.servehttp.com"; dns.query; content:"cap-mofapk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofapk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain cap-mofapk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cap-mofapk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofapk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain circular-financegov.servehalflife.com"; dns.query; content:"circular-financegov.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])circular\-financegov\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37205241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain circular-financegov.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"circular-financegov.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])circular\-financegov\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain eservice-ptclnetpk.servehttp.com"; dns.query; content:"eservice-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eservice\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain eservice-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eservice-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eservice\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain finance-govpk.serveblog.net"; dns.query; content:"finance-govpk.serveblog.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveblog\.net$/i"; classtype:trojan-activity; sid:37205261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain finance-govpk.serveblog.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"finance-govpk.serveblog.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveblog\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain finance-govpk.serveftp.com"; dns.query; content:"finance-govpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37205271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain finance-govpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"finance-govpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain financegovpk.servehttp.com"; dns.query; content:"financegovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])financegovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37205281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain financegovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"financegovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])financegovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain hrmis-financegovpk.serveftp.com"; dns.query; content:"hrmis-financegovpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hrmis\-financegovpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37205291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain hrmis-financegovpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hrmis-financegovpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hrmis\-financegovpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26075 [AS197540,c2,censys] Domain v2202305171327228750.powersrv.de"; dns.query; content:"v2202305171327228750.powersrv.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])v2202305171327228750\.powersrv\.de$/i"; classtype:trojan-activity; sid:37124321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AS197540,c2,censys] Outgoing HTTP Domain v2202305171327228750.powersrv.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"v2202305171327228750.powersrv.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])v2202305171327228750\.powersrv\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 201.27.182.215 8081 (msg: "MISP e26075 [AS27699,c2,censys] Outgoing To IP: 201.27.182.215|8081"; classtype:trojan-activity; sid:37124331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 196.235.228.141 4444 (msg: "MISP e26075 [AS37492,c2,censys,ORANGE-] Outgoing To IP: 196.235.228.141|4444"; classtype:trojan-activity; sid:37124341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 51.38.226.86 80 (msg: "MISP e26075 [AS16276,c2,censys,OVH] Outgoing To IP: 51.38.226.86|80"; classtype:trojan-activity; sid:37124351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 134.122.164.195 5566 (msg: "MISP e26075 [AS64050,c2,censys] Outgoing To IP: 134.122.164.195|5566"; classtype:trojan-activity; sid:37124361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 124.220.53.223 4543 (msg: "MISP e26075 [AS45090,c2,censys] Outgoing To IP: 124.220.53.223|4543"; classtype:trojan-activity; sid:37124371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 78.40.116.82 80 (msg: "MISP e26075 [ALEXHOST,AS200019,c2,censys] Outgoing To IP: 78.40.116.82|80"; classtype:trojan-activity; sid:37124381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 5.45.111.146 443 (msg: "MISP e26075 [AS197540,c2,censys] Outgoing To IP: 5.45.111.146|443"; classtype:trojan-activity; sid:37124391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 5.45.111.146 4433 (msg: "MISP e26075 [AS197540,c2,censys] Outgoing To IP: 5.45.111.146|4433"; classtype:trojan-activity; sid:37124401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 119.91.77.189 31337 (msg: "MISP e26075 [AS45090,c2,censys] Outgoing To IP: 119.91.77.189|31337"; classtype:trojan-activity; sid:37124411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 163.197.247.155 31337 (msg: "MISP e26075 [AS55020,c2,censys,IDCCLOUD] Outgoing To IP: 163.197.247.155|31337"; classtype:trojan-activity; sid:37124421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 114.116.231.53 8888 (msg: "MISP e26075 [AS55990,c2,censys,Supershell] Outgoing To IP: 114.116.231.53|8888"; classtype:trojan-activity; sid:37124431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 104.156.247.38 8000 (msg: "MISP e26075 [AS-CHOOPA,AS20473,c2,censys,RAT] Outgoing To IP: 104.156.247.38|8000"; classtype:trojan-activity; sid:37124441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 40.66.42.165 8808 (msg: "MISP e26075 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT] Outgoing To IP: 40.66.42.165|8808"; classtype:trojan-activity; sid:37124451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 185.189.196.191 443 (msg: "MISP e26075 [AS41922,c2,censys,MIS70,Mythic] Outgoing To IP: 185.189.196.191|443"; classtype:trojan-activity; sid:37124461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 34.72.157.21 443 (msg: "MISP e26075 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,Mythic] Outgoing To IP: 34.72.157.21|443"; classtype:trojan-activity; sid:37124471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 92.63.104.174 80 (msg: "MISP e26075 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 92.63.104.174|80"; classtype:trojan-activity; sid:37124481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 77.73.129.77 80 (msg: "MISP e26075 [AS201814,c2,censys,HookBot,MEVSPACE] Outgoing To IP: 77.73.129.77|80"; classtype:trojan-activity; sid:37124491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [AS63473,c2,censys,HookBot,HOSTHATCH] Domain 056hg568786.f4r5t5y8hh8.click"; dns.query; content:"056hg568786.f4r5t5y8hh8.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])056hg568786\.f4r5t5y8hh8\.click$/i"; classtype:trojan-activity; sid:37124501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AS63473,c2,censys,HookBot,HOSTHATCH] Outgoing HTTP Domain 056hg568786.f4r5t5y8hh8.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"056hg568786.f4r5t5y8hh8.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])056hg568786\.f4r5t5y8hh8\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 185.216.70.224 80 (msg: "MISP e26075 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 185.216.70.224|80"; classtype:trojan-activity; sid:37124511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 185.216.70.225 80 (msg: "MISP e26075 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 185.216.70.225|80"; classtype:trojan-activity; sid:37124521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 37.120.237.196 8081 (msg: "MISP e26075 [AS9009,c2,censys,M247] Outgoing To IP: 37.120.237.196|8081"; classtype:trojan-activity; sid:37124531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 159.100.13.218 1606 (msg: "MISP e26075 [AS44066,c2,censys,RAT] Outgoing To IP: 159.100.13.218|1606"; classtype:trojan-activity; sid:37124541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [AMAZON-02,AS16509,c2,censys] Domain ec2-54-199-117-47.ap-northeast-1.compute.amazonaws.com"; dns.query; content:"ec2-54-199-117-47.ap-northeast-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-199\-117\-47\.ap\-northeast\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37124551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-54-199-117-47.ap-northeast-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-199-117-47.ap-northeast-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-199\-117\-47\.ap\-northeast\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [AMAZON-02,AS16509,c2,censys] Domain ec2-34-244-129-215.eu-west-1.compute.amazonaws.com"; dns.query; content:"ec2-34-244-129-215.eu-west-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-244\-129\-215\.eu\-west\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37124561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-34-244-129-215.eu-west-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-34-244-129-215.eu-west-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-244\-129\-215\.eu\-west\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [AS63949,c2,censys] Domain zqpvr01.sandcats.io"; dns.query; content:"zqpvr01.sandcats.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])zqpvr01\.sandcats\.io$/i"; classtype:trojan-activity; sid:37124571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AS63949,c2,censys] Outgoing HTTP Domain zqpvr01.sandcats.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zqpvr01.sandcats.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zqpvr01\.sandcats\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [AS13335,c2,censys,CLOUDFLARENET] Domain panel.dalkson.com"; dns.query; content:"panel.dalkson.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.dalkson\.com$/i"; classtype:trojan-activity; sid:37124581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AS13335,c2,censys,CLOUDFLARENET] Outgoing HTTP Domain panel.dalkson.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"panel.dalkson.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.dalkson\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [AMAZON-02,AS16509,c2,censys] Domain staging.recruitis.josefbenjac.cz"; dns.query; content:"staging.recruitis.josefbenjac.cz"; nocase; pcre: "/(^|[^A-Za-z0-9-])staging\.recruitis\.josefbenjac\.cz$/i"; classtype:trojan-activity; sid:37124591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain staging.recruitis.josefbenjac.cz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"staging.recruitis.josefbenjac.cz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])staging\.recruitis\.josefbenjac\.cz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 178.33.57.149 4444 (msg: "MISP e26075 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 178.33.57.149|4444"; classtype:trojan-activity; sid:37124601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 178.33.57.149 5000 (msg: "MISP e26075 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 178.33.57.149|5000"; classtype:trojan-activity; sid:37124611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 193.222.96.48 80 (msg: "MISP e26075 [AS203168,c2,censys,UNKNOW] Outgoing To IP: 193.222.96.48|80"; classtype:trojan-activity; sid:37124621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 176.113.115.243 80 (msg: "MISP e26075 [AS57678,c2,CATTECHNOLOGIES-AS,censys] Outgoing To IP: 176.113.115.243|80"; classtype:trojan-activity; sid:37124631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 113.30.191.40 80 (msg: "MISP e26075 [AS204548,c2,censys,CLOUDWEBMANAGE-IL-FR] Outgoing To IP: 113.30.191.40|80"; classtype:trojan-activity; sid:37124641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 4.178.96.222 80 (msg: "MISP e26075 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 4.178.96.222|80"; classtype:trojan-activity; sid:37124651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 185.194.216.22 80 (msg: "MISP e26075 [AS51167,c2,censys,CONTABO] Outgoing To IP: 185.194.216.22|80"; classtype:trojan-activity; sid:37124661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 87.98.147.251 80 (msg: "MISP e26075 [AS16276,c2,censys,OVH] Outgoing To IP: 87.98.147.251|80"; classtype:trojan-activity; sid:37124671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 23.94.66.115 7443 (msg: "MISP e26075 [AS-COLOCROSSING,AS36352,c2,censys,Covenant] Outgoing To IP: 23.94.66.115|7443"; classtype:trojan-activity; sid:37124681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-54-175-203-218.compute-1.amazonaws.com"; dns.query; content:"ec2-54-175-203-218.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-175\-203\-218\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37124691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-54-175-203-218.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-175-203-218.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-175\-203\-218\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 93.123.39.165 80 (msg: "MISP e26075 [AS216289,c2,censys,SIRCROSAR-NET] Outgoing To IP: 93.123.39.165|80"; classtype:trojan-activity; sid:37124701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 103.65.235.21 80 (msg: "MISP e26075 [AS135918,c2,censys] Outgoing To IP: 103.65.235.21|80"; classtype:trojan-activity; sid:37124711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [AS56971,c2,censys,CLOUDBACKBONE,UNAM] Domain www.x3qc.com"; dns.query; content:"www.x3qc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.x3qc\.com$/i"; classtype:trojan-activity; sid:37124721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AS56971,c2,censys,CLOUDBACKBONE,UNAM] Outgoing HTTP Domain www.x3qc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.x3qc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.x3qc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [AS22612,c2,censys,NAMECHEAP-NET,UNAM] Domain www.nanasuuakiaa.host"; dns.query; content:"www.nanasuuakiaa.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nanasuuakiaa\.host$/i"; classtype:trojan-activity; sid:37124731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AS22612,c2,censys,NAMECHEAP-NET,UNAM] Outgoing HTTP Domain www.nanasuuakiaa.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nanasuuakiaa.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nanasuuakiaa\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 49.51.69.128 4000 (msg: "MISP e26075 [AS132203,censys,EvilGinx,phishing] Outgoing To IP: 49.51.69.128|4000"; classtype:trojan-activity; sid:37124741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,phishing] Domain eco-academy.virtualidevs.com"; dns.query; content:"eco-academy.virtualidevs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eco\-academy\.virtualidevs\.com$/i"; classtype:trojan-activity; sid:37124751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,phishing] Outgoing HTTP Domain eco-academy.virtualidevs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eco-academy.virtualidevs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eco\-academy\.virtualidevs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert dns any any -> any any (msg: "MISP e26075 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain blogger.deenpel.com"; dns.query; content:"blogger.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])blogger\.deenpel\.com$/i"; classtype:trojan-activity; sid:37124761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26075 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain blogger.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blogger.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blogger\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37124762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 118.31.49.59 3333 (msg: "MISP e26075 [AS37963,censys,GoPhish,phishing] Outgoing To IP: 118.31.49.59|3333"; classtype:trojan-activity; sid:37124771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 54.198.97.186 5432 (msg: "MISP e26075 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 54.198.97.186|5432"; classtype:trojan-activity; sid:37124781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 172.174.245.183 3333 (msg: "MISP e26075 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 172.174.245.183|3333"; classtype:trojan-activity; sid:37124791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 78.186.239.172 443 (msg: "MISP e26075 [AS9121,censys,GoPhish,phishing,TTNET] Outgoing To IP: 78.186.239.172|443"; classtype:trojan-activity; sid:37124801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 41.78.73.219 8443 (msg: "MISP e26075 [AS37371,censys,GoPhish,HORMUUD,phishing] Outgoing To IP: 41.78.73.219|8443"; classtype:trojan-activity; sid:37124811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 173.212.228.153 3333 (msg: "MISP e26075 [AS51167,censys,CONTABO,GoPhish,phishing] Outgoing To IP: 173.212.228.153|3333"; classtype:trojan-activity; sid:37124821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 122.150.85.11 3333 (msg: "MISP e26075 [AS9443,censys,GoPhish,phishing] Outgoing To IP: 122.150.85.11|3333"; classtype:trojan-activity; sid:37124831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 13.49.116.113 3333 (msg: "MISP e26075 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 13.49.116.113|3333"; classtype:trojan-activity; sid:37124841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 181.32.143.15 443 (msg: "MISP e26075 [AS3816,censys,GoPhish,phishing] Outgoing To IP: 181.32.143.15|443"; classtype:trojan-activity; sid:37124851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 165.232.179.158 4444 (msg: "MISP e26075 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 165.232.179.158|4444"; classtype:trojan-activity; sid:37124861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 3.75.189.17 3333 (msg: "MISP e26075 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.75.189.17|3333"; classtype:trojan-activity; sid:37124871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 34.34.10.37 3333 (msg: "MISP e26075 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.34.10.37|3333"; classtype:trojan-activity; sid:37124881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 122.150.85.11 3333 (msg: "MISP e26168 [] Outgoing To IP: 122.150.85.11|3333"; classtype:trojan-activity; sid:37205301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 173.212.228.153 3333 (msg: "MISP e26168 [] Outgoing To IP: 173.212.228.153|3333"; classtype:trojan-activity; sid:37205311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 41.78.73.219 8443 (msg: "MISP e26168 [] Outgoing To IP: 41.78.73.219|8443"; classtype:trojan-activity; sid:37205321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 78.186.239.172 443 (msg: "MISP e26168 [] Outgoing To IP: 78.186.239.172|443"; classtype:trojan-activity; sid:37205331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 172.174.245.183 3333 (msg: "MISP e26168 [] Outgoing To IP: 172.174.245.183|3333"; classtype:trojan-activity; sid:37205341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 54.198.97.186 5432 (msg: "MISP e26168 [] Outgoing To IP: 54.198.97.186|5432"; classtype:trojan-activity; sid:37205351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 118.31.49.59 3333 (msg: "MISP e26168 [] Outgoing To IP: 118.31.49.59|3333"; classtype:trojan-activity; sid:37205361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain blogger.deenpel.com"; dns.query; content:"blogger.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])blogger\.deenpel\.com$/i"; classtype:trojan-activity; sid:37205371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain blogger.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blogger.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blogger\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain eco-academy.virtualidevs.com"; dns.query; content:"eco-academy.virtualidevs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eco\-academy\.virtualidevs\.com$/i"; classtype:trojan-activity; sid:37205381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain eco-academy.virtualidevs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eco-academy.virtualidevs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eco\-academy\.virtualidevs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 49.51.69.128 4000 (msg: "MISP e26168 [] Outgoing To IP: 49.51.69.128|4000"; classtype:trojan-activity; sid:37205391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain www.nanasuuakiaa.host"; dns.query; content:"www.nanasuuakiaa.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nanasuuakiaa\.host$/i"; classtype:trojan-activity; sid:37205401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain www.nanasuuakiaa.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nanasuuakiaa.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nanasuuakiaa\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain www.x3qc.com"; dns.query; content:"www.x3qc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.x3qc\.com$/i"; classtype:trojan-activity; sid:37205411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain www.x3qc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.x3qc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.x3qc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 103.65.235.21 80 (msg: "MISP e26168 [] Outgoing To IP: 103.65.235.21|80"; classtype:trojan-activity; sid:37205421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 93.123.39.165 80 (msg: "MISP e26168 [] Outgoing To IP: 93.123.39.165|80"; classtype:trojan-activity; sid:37205431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain ec2-54-175-203-218.compute-1.amazonaws.com"; dns.query; content:"ec2-54-175-203-218.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-175\-203\-218\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37205441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain ec2-54-175-203-218.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-175-203-218.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-175\-203\-218\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 23.94.66.115 7443 (msg: "MISP e26168 [] Outgoing To IP: 23.94.66.115|7443"; classtype:trojan-activity; sid:37205451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.194.216.22 80 (msg: "MISP e26168 [] Outgoing To IP: 185.194.216.22|80"; classtype:trojan-activity; sid:37205461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 87.98.147.251 80 (msg: "MISP e26168 [] Outgoing To IP: 87.98.147.251|80"; classtype:trojan-activity; sid:37205471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 4.178.96.222 80 (msg: "MISP e26168 [] Outgoing To IP: 4.178.96.222|80"; classtype:trojan-activity; sid:37205481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 113.30.191.40 80 (msg: "MISP e26168 [] Outgoing To IP: 113.30.191.40|80"; classtype:trojan-activity; sid:37205491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 176.113.115.243 80 (msg: "MISP e26168 [] Outgoing To IP: 176.113.115.243|80"; classtype:trojan-activity; sid:37205501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 193.222.96.48 80 (msg: "MISP e26168 [] Outgoing To IP: 193.222.96.48|80"; classtype:trojan-activity; sid:37205511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 178.33.57.149 5000 (msg: "MISP e26168 [] Outgoing To IP: 178.33.57.149|5000"; classtype:trojan-activity; sid:37205521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 178.33.57.149 4444 (msg: "MISP e26168 [] Outgoing To IP: 178.33.57.149|4444"; classtype:trojan-activity; sid:37205531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain staging.recruitis.josefbenjac.cz"; dns.query; content:"staging.recruitis.josefbenjac.cz"; nocase; pcre: "/(^|[^A-Za-z0-9-])staging\.recruitis\.josefbenjac\.cz$/i"; classtype:trojan-activity; sid:37205541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain staging.recruitis.josefbenjac.cz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"staging.recruitis.josefbenjac.cz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])staging\.recruitis\.josefbenjac\.cz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain panel.dalkson.com"; dns.query; content:"panel.dalkson.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.dalkson\.com$/i"; classtype:trojan-activity; sid:37205551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain panel.dalkson.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"panel.dalkson.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.dalkson\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain ec2-34-244-129-215.eu-west-1.compute.amazonaws.com"; dns.query; content:"ec2-34-244-129-215.eu-west-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-244\-129\-215\.eu\-west\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37205561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain ec2-34-244-129-215.eu-west-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-34-244-129-215.eu-west-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-244\-129\-215\.eu\-west\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain zqpvr01.sandcats.io"; dns.query; content:"zqpvr01.sandcats.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])zqpvr01\.sandcats\.io$/i"; classtype:trojan-activity; sid:37205571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain zqpvr01.sandcats.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zqpvr01.sandcats.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zqpvr01\.sandcats\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain ec2-54-199-117-47.ap-northeast-1.compute.amazonaws.com"; dns.query; content:"ec2-54-199-117-47.ap-northeast-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-199\-117\-47\.ap\-northeast\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37205581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain ec2-54-199-117-47.ap-northeast-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-199-117-47.ap-northeast-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-199\-117\-47\.ap\-northeast\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 159.100.13.218 1606 (msg: "MISP e26168 [] Outgoing To IP: 159.100.13.218|1606"; classtype:trojan-activity; sid:37205591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 37.120.237.196 8081 (msg: "MISP e26168 [] Outgoing To IP: 37.120.237.196|8081"; classtype:trojan-activity; sid:37205601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.216.70.225 80 (msg: "MISP e26168 [] Outgoing To IP: 185.216.70.225|80"; classtype:trojan-activity; sid:37205611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.216.70.224 80 (msg: "MISP e26168 [] Outgoing To IP: 185.216.70.224|80"; classtype:trojan-activity; sid:37205621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain 056hg568786.f4r5t5y8hh8.click"; dns.query; content:"056hg568786.f4r5t5y8hh8.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])056hg568786\.f4r5t5y8hh8\.click$/i"; classtype:trojan-activity; sid:37205631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain 056hg568786.f4r5t5y8hh8.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"056hg568786.f4r5t5y8hh8.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])056hg568786\.f4r5t5y8hh8\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 92.63.104.174 80 (msg: "MISP e26168 [] Outgoing To IP: 92.63.104.174|80"; classtype:trojan-activity; sid:37205641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 77.73.129.77 80 (msg: "MISP e26168 [] Outgoing To IP: 77.73.129.77|80"; classtype:trojan-activity; sid:37205651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.189.196.191 443 (msg: "MISP e26168 [] Outgoing To IP: 185.189.196.191|443"; classtype:trojan-activity; sid:37205661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 34.72.157.21 443 (msg: "MISP e26168 [] Outgoing To IP: 34.72.157.21|443"; classtype:trojan-activity; sid:37205671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 40.66.42.165 8808 (msg: "MISP e26168 [] Outgoing To IP: 40.66.42.165|8808"; classtype:trojan-activity; sid:37205681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 104.156.247.38 8000 (msg: "MISP e26168 [] Outgoing To IP: 104.156.247.38|8000"; classtype:trojan-activity; sid:37205691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 114.116.231.53 8888 (msg: "MISP e26168 [] Outgoing To IP: 114.116.231.53|8888"; classtype:trojan-activity; sid:37205701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 163.197.247.155 31337 (msg: "MISP e26168 [] Outgoing To IP: 163.197.247.155|31337"; classtype:trojan-activity; sid:37205711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 119.91.77.189 31337 (msg: "MISP e26168 [] Outgoing To IP: 119.91.77.189|31337"; classtype:trojan-activity; sid:37205721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 5.45.111.146 443 (msg: "MISP e26168 [] Outgoing To IP: 5.45.111.146|443"; classtype:trojan-activity; sid:37205731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 5.45.111.146 4433 (msg: "MISP e26168 [] Outgoing To IP: 5.45.111.146|4433"; classtype:trojan-activity; sid:37205741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 78.40.116.82 80 (msg: "MISP e26168 [] Outgoing To IP: 78.40.116.82|80"; classtype:trojan-activity; sid:37205751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 124.220.53.223 4543 (msg: "MISP e26168 [] Outgoing To IP: 124.220.53.223|4543"; classtype:trojan-activity; sid:37205761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 134.122.164.195 5566 (msg: "MISP e26168 [] Outgoing To IP: 134.122.164.195|5566"; classtype:trojan-activity; sid:37205771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 51.38.226.86 80 (msg: "MISP e26168 [] Outgoing To IP: 51.38.226.86|80"; classtype:trojan-activity; sid:37205781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 201.27.182.215 8081 (msg: "MISP e26168 [] Outgoing To IP: 201.27.182.215|8081"; classtype:trojan-activity; sid:37205791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 196.235.228.141 4444 (msg: "MISP e26168 [] Outgoing To IP: 196.235.228.141|4444"; classtype:trojan-activity; sid:37205801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain v2202305171327228750.powersrv.de"; dns.query; content:"v2202305171327228750.powersrv.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])v2202305171327228750\.powersrv\.de$/i"; classtype:trojan-activity; sid:37205811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain v2202305171327228750.powersrv.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"v2202305171327228750.powersrv.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])v2202305171327228750\.powersrv\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname nieruchomosci-urbanski.pl"; dns.query; content:"nieruchomosci-urbanski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nieruchomosci\-urbanski\.pl$/i"; classtype:trojan-activity; sid:37156631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname nieruchomosci-urbanski.pl"; flow:to_server,established; http.header; content: "Host|3a| nieruchomosci-urbanski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nieruchomosci\-urbanski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//nieruchomosci-urbanski.pl"; flow:to_server,established; http.header; content:"nieruchomosci-urbanski.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname molinski-auto.pl"; dns.query; content:"molinski-auto.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])molinski\-auto\.pl$/i"; classtype:trojan-activity; sid:37156661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname molinski-auto.pl"; flow:to_server,established; http.header; content: "Host|3a| molinski-auto.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])molinski\-auto\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//molinski-auto.pl"; flow:to_server,established; http.header; content:"molinski-auto.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname autogielda-janowski.pl"; dns.query; content:"autogielda-janowski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-janowski\.pl$/i"; classtype:trojan-activity; sid:37156691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname autogielda-janowski.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-janowski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-janowski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//autogielda-janowski.pl"; flow:to_server,established; http.header; content:"autogielda-janowski.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname abba-autosprzedaz.pl"; dns.query; content:"abba-autosprzedaz.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])abba\-autosprzedaz\.pl$/i"; classtype:trojan-activity; sid:37156721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname abba-autosprzedaz.pl"; flow:to_server,established; http.header; content: "Host|3a| abba-autosprzedaz.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])abba\-autosprzedaz\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//abba-autosprzedaz.pl"; flow:to_server,established; http.header; content:"abba-autosprzedaz.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37156731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname tivugame.com"; dns.query; content:"tivugame.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tivugame\.com$/i"; classtype:trojan-activity; sid:37156751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname tivugame.com"; flow:to_server,established; http.header; content: "Host|3a| tivugame.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tivugame\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname fleek.ipfs.io"; dns.query; content:"fleek.ipfs.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fleek\.ipfs\.io$/i"; classtype:trojan-activity; sid:37156781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname fleek.ipfs.io"; flow:to_server,established; http.header; content: "Host|3a| fleek.ipfs.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fleek\.ipfs\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-eb339ca8da9641838fbf865c572b8f61.r2.dev"; dns.query; content:"pub-eb339ca8da9641838fbf865c572b8f61.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-eb339ca8da9641838fbf865c572b8f61\.r2\.dev$/i"; classtype:trojan-activity; sid:37156811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-eb339ca8da9641838fbf865c572b8f61.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-eb339ca8da9641838fbf865c572b8f61.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-eb339ca8da9641838fbf865c572b8f61\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname googleweblight.com"; dns.query; content:"googleweblight.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])googleweblight\.com$/i"; classtype:trojan-activity; sid:37156841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname googleweblight.com"; flow:to_server,established; http.header; content: "Host|3a| googleweblight.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])googleweblight\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname lumdevelopmentresearch.com"; dns.query; content:"lumdevelopmentresearch.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lumdevelopmentresearch\.com$/i"; classtype:trojan-activity; sid:37156871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname lumdevelopmentresearch.com"; flow:to_server,established; http.header; content: "Host|3a| lumdevelopmentresearch.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lumdevelopmentresearch\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname btyxqgg107999.weeblysite.com"; dns.query; content:"btyxqgg107999.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btyxqgg107999\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37156901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname btyxqgg107999.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| btyxqgg107999.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btyxqgg107999\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname vcenima.blogspot.com"; dns.query; content:"vcenima.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vcenima\.blogspot\.com$/i"; classtype:trojan-activity; sid:37156961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname vcenima.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| vcenima.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vcenima\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname yeniy49.top"; dns.query; content:"yeniy49.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy49\.top$/i"; classtype:trojan-activity; sid:37156991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname yeniy49.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy49.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy49\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37156992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//yeniy49.top"; flow:to_server,established; http.header; content:"yeniy49.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname yah00maildepartmentcenter.weebly.com"; dns.query; content:"yah00maildepartmentcenter.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yah00maildepartmentcenter\.weebly\.com$/i"; classtype:trojan-activity; sid:37157021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname yah00maildepartmentcenter.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| yah00maildepartmentcenter.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yah00maildepartmentcenter\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//yah00maildepartmentcenter.weebly.com"; flow:to_server,established; http.header; content:"yah00maildepartmentcenter.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname myvalue365.com"; dns.query; content:"myvalue365.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myvalue365\.com$/i"; classtype:trojan-activity; sid:37157051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname myvalue365.com"; flow:to_server,established; http.header; content: "Host|3a| myvalue365.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myvalue365\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//www.myvalue365.com/include/ckeditor/skins/moono/images/wtrernsfers/transferwe"; flow:to_server,established; http.header; content:"www.myvalue365.com"; fast_pattern; nocase; http.uri; content:"/include/ckeditor/skins/moono/images/wtrernsfers/transferwe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname vlollcalc.wixsite.com"; dns.query; content:"vlollcalc.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vlollcalc\.wixsite\.com$/i"; classtype:trojan-activity; sid:37157081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname vlollcalc.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| vlollcalc.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vlollcalc\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-e8a101e705ba47dd83681919d9f30905.r2.dev"; dns.query; content:"pub-e8a101e705ba47dd83681919d9f30905.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-e8a101e705ba47dd83681919d9f30905\.r2\.dev$/i"; classtype:trojan-activity; sid:37157111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-e8a101e705ba47dd83681919d9f30905.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-e8a101e705ba47dd83681919d9f30905.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-e8a101e705ba47dd83681919d9f30905\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname vcenima.blogspot.my"; dns.query; content:"vcenima.blogspot.my"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vcenima\.blogspot\.my$/i"; classtype:trojan-activity; sid:37157141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname vcenima.blogspot.my"; flow:to_server,established; http.header; content: "Host|3a| vcenima.blogspot.my"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vcenima\.blogspot\.my[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//vcenima.blogspot.my"; flow:to_server,established; http.header; content:"vcenima.blogspot.my"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspcc.top"; dns.query; content:"uspz.uspcc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcc\.top$/i"; classtype:trojan-activity; sid:37157171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspcc.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspcc.top"; flow:to_server,established; http.header; content:"uspz.uspcc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspzu.top"; dns.query; content:"usp.usspzu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzu\.top$/i"; classtype:trojan-activity; sid:37157201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspzu.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspzu.top"; flow:to_server,established; http.header; content:"usp.usspzu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspza.top"; dns.query; content:"usp.usspza.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspza\.top$/i"; classtype:trojan-activity; sid:37157231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspza.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspza.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspza\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspza.top"; flow:to_server,established; http.header; content:"usp.usspza.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.ussprk.top"; dns.query; content:"usp.ussprk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprk\.top$/i"; classtype:trojan-activity; sid:37157261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.ussprk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussprk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.ussprk.top"; flow:to_server,established; http.header; content:"usp.ussprk.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspgd.top"; dns.query; content:"usp.usspgd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspgd\.top$/i"; classtype:trojan-activity; sid:37157291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspgd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspgd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspgd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspgd.top/pg"; flow:to_server,established; http.header; content:"usp.usspgd.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspcz.top"; dns.query; content:"usp.usspcz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspcz\.top$/i"; classtype:trojan-activity; sid:37157321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspcz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspcz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspcz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspcz.top/pg"; flow:to_server,established; http.header; content:"usp.usspcz.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usa.usspbj.top"; dns.query; content:"usa.usspbj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usa\.usspbj\.top$/i"; classtype:trojan-activity; sid:37157351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usa.usspbj.top"; flow:to_server,established; http.header; content: "Host|3a| usa.usspbj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usa\.usspbj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usa.usspbj.top/pg"; flow:to_server,established; http.header; content:"usa.usspbj.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname testing.renzjasteb57.my.id"; dns.query; content:"testing.renzjasteb57.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testing\.renzjasteb57\.my\.id$/i"; classtype:trojan-activity; sid:37157381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname testing.renzjasteb57.my.id"; flow:to_server,established; http.header; content: "Host|3a| testing.renzjasteb57.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testing\.renzjasteb57\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//testing.renzjasteb57.my.id"; flow:to_server,established; http.header; content:"testing.renzjasteb57.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname tyagi098.github.io"; dns.query; content:"tyagi098.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tyagi098\.github\.io$/i"; classtype:trojan-activity; sid:37157411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname tyagi098.github.io"; flow:to_server,established; http.header; content: "Host|3a| tyagi098.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tyagi098\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//tyagi098.github.io/Ott_Web_App"; flow:to_server,established; http.header; content:"tyagi098.github.io"; fast_pattern; nocase; http.uri; content:"/Ott_Web_App"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname tanejaaryan99.github.io"; dns.query; content:"tanejaaryan99.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tanejaaryan99\.github\.io$/i"; classtype:trojan-activity; sid:37157441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname tanejaaryan99.github.io"; flow:to_server,established; http.header; content: "Host|3a| tanejaaryan99.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tanejaaryan99\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//tanejaaryan99.github.io/Netflix-Clone"; flow:to_server,established; http.header; content:"tanejaaryan99.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-Clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37157451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname yahooosign2022.weebly.com"; dns.query; content:"yahooosign2022.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yahooosign2022\.weebly\.com$/i"; classtype:trojan-activity; sid:37157471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname yahooosign2022.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| yahooosign2022.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yahooosign2022\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname whereisthison.com"; dns.query; content:"whereisthison.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whereisthison\.com$/i"; classtype:trojan-activity; sid:37157501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname whereisthison.com"; flow:to_server,established; http.header; content: "Host|3a| whereisthison.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whereisthison\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname webmail-104291.weeblysite.com"; dns.query; content:"webmail-104291.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\-104291\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37157531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname webmail-104291.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| webmail-104291.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\-104291\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname voteforme33.blogspot.li"; dns.query; content:"voteforme33.blogspot.li"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])voteforme33\.blogspot\.li$/i"; classtype:trojan-activity; sid:37157561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname voteforme33.blogspot.li"; flow:to_server,established; http.header; content: "Host|3a| voteforme33.blogspot.li"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])voteforme33\.blogspot\.li[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname voteforme33.blogspot.com.mt"; dns.query; content:"voteforme33.blogspot.com.mt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])voteforme33\.blogspot\.com\.mt$/i"; classtype:trojan-activity; sid:37157591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname voteforme33.blogspot.com.mt"; flow:to_server,established; http.header; content: "Host|3a| voteforme33.blogspot.com.mt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])voteforme33\.blogspot\.com\.mt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.usphs.top"; dns.query; content:"uspz.usphs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usphs\.top$/i"; classtype:trojan-activity; sid:37157621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.usphs.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usphs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usphs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.usphs.top"; dns.query; content:"uspz.usphs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usphs\.top$/i"; classtype:trojan-activity; sid:37157651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.usphs.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usphs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usphs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspfj.top"; dns.query; content:"uspz.uspfj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfj\.top$/i"; classtype:trojan-activity; sid:37157681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspfj.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspfj.top"; dns.query; content:"uspz.uspfj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfj\.top$/i"; classtype:trojan-activity; sid:37157711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspfj.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspc.usspwt.top"; dns.query; content:"uspc.usspwt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspwt\.top$/i"; classtype:trojan-activity; sid:37157741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspc.usspwt.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspwt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspwt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspd.usspgh.top"; dns.query; content:"uspd.usspgh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspgh\.top$/i"; classtype:trojan-activity; sid:37157771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspd.usspgh.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspgh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspgh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspc.usspwt.top"; dns.query; content:"uspc.usspwt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspwt\.top$/i"; classtype:trojan-activity; sid:37157801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspc.usspwt.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspwt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspwt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname toolsandjobs.info"; dns.query; content:"toolsandjobs.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])toolsandjobs\.info$/i"; classtype:trojan-activity; sid:37157831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname toolsandjobs.info"; flow:to_server,established; http.header; content: "Host|3a| toolsandjobs.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])toolsandjobs\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname thin-shelled-leotard.glitch.me"; dns.query; content:"thin-shelled-leotard.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thin\-shelled\-leotard\.glitch\.me$/i"; classtype:trojan-activity; sid:37157861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname thin-shelled-leotard.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| thin-shelled-leotard.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thin\-shelled\-leotard\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname telstra-108674.weeblysite.com"; dns.query; content:"telstra-108674.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-108674\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37157891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname telstra-108674.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-108674.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-108674\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname telstra-104631.weeblysite.com"; dns.query; content:"telstra-104631.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-104631\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37157921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname telstra-104631.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-104631.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-104631\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname teleofficialxx2.pages.dev"; dns.query; content:"teleofficialxx2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleofficialxx2\.pages\.dev$/i"; classtype:trojan-activity; sid:37157951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname teleofficialxx2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| teleofficialxx2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleofficialxx2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname sheets-term-2b6f.amariruth.workers.dev"; dns.query; content:"sheets-term-2b6f.amariruth.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sheets\-term\-2b6f\.amariruth\.workers\.dev$/i"; classtype:trojan-activity; sid:37157981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname sheets-term-2b6f.amariruth.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| sheets-term-2b6f.amariruth.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sheets\-term\-2b6f\.amariruth\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37157982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname netzero-webmail-105996.weeblysite.com"; dns.query; content:"netzero-webmail-105996.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netzero\-webmail\-105996\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37158671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname netzero-webmail-105996.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| netzero-webmail-105996.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netzero\-webmail\-105996\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname maiiliaaattt.weebly.com"; dns.query; content:"maiiliaaattt.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maiiliaaattt\.weebly\.com$/i"; classtype:trojan-activity; sid:37158701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname maiiliaaattt.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| maiiliaaattt.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maiiliaaattt\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname liveprivatevideo29.viral-vip.my.id"; dns.query; content:"liveprivatevideo29.viral-vip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatevideo29\.viral\-vip\.my\.id$/i"; classtype:trojan-activity; sid:37158731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname liveprivatevideo29.viral-vip.my.id"; flow:to_server,established; http.header; content: "Host|3a| liveprivatevideo29.viral-vip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatevideo29\.viral\-vip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname juno-108835.weeblysite.com"; dns.query; content:"juno-108835.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])juno\-108835\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37158761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname juno-108835.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| juno-108835.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])juno\-108835\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname juno-103233.weeblysite.com"; dns.query; content:"juno-103233.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])juno\-103233\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37158791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname juno-103233.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| juno-103233.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])juno\-103233\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname home-105752-108987.weeblysite.com"; dns.query; content:"home-105752-108987.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-105752\-108987\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37158821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname home-105752-108987.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| home-105752-108987.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-105752\-108987\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname hck.pages.dev"; dns.query; content:"hck.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hck\.pages\.dev$/i"; classtype:trojan-activity; sid:37158851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname hck.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hck.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hck\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname hck.pages.dev"; dns.query; content:"hck.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hck\.pages\.dev$/i"; classtype:trojan-activity; sid:37158881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname hck.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hck.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hck\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname grupwawddo.baruxi.my.id"; dns.query; content:"grupwawddo.baruxi.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwawddo\.baruxi\.my\.id$/i"; classtype:trojan-activity; sid:37158911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname grupwawddo.baruxi.my.id"; flow:to_server,established; http.header; content: "Host|3a| grupwawddo.baruxi.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwawddo\.baruxi\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname gtf36.mujxk.com"; dns.query; content:"gtf36.mujxk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gtf36\.mujxk\.com$/i"; classtype:trojan-activity; sid:37158941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname gtf36.mujxk.com"; flow:to_server,established; http.header; content: "Host|3a| gtf36.mujxk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gtf36\.mujxk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37158971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37158972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//share-52-blink.pages.dev"; flow:to_server,established; http.header; content:"share-52-blink.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37158981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname group-viral.newsgaz.biz.id"; dns.query; content:"group-viral.newsgaz.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])group\-viral\.newsgaz\.biz\.id$/i"; classtype:trojan-activity; sid:37159001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname group-viral.newsgaz.biz.id"; flow:to_server,established; http.header; content: "Host|3a| group-viral.newsgaz.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])group\-viral\.newsgaz\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname frosty-document-5022.dscgs8xo.workers.dev"; dns.query; content:"frosty-document-5022.dscgs8xo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev$/i"; classtype:trojan-activity; sid:37159031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname frosty-document-5022.dscgs8xo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| frosty-document-5022.dscgs8xo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname frosty-document-5022.dscgs8xo.workers.dev"; dns.query; content:"frosty-document-5022.dscgs8xo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev$/i"; classtype:trojan-activity; sid:37159061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname frosty-document-5022.dscgs8xo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| frosty-document-5022.dscgs8xo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname field-6344.kaley1087.workers.dev"; dns.query; content:"field-6344.kaley1087.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])field\-6344\.kaley1087\.workers\.dev$/i"; classtype:trojan-activity; sid:37159091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname field-6344.kaley1087.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| field-6344.kaley1087.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])field\-6344\.kaley1087\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname frosty-document-5022.dscgs8xo.workers.dev"; dns.query; content:"frosty-document-5022.dscgs8xo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev$/i"; classtype:trojan-activity; sid:37159121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname frosty-document-5022.dscgs8xo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| frosty-document-5022.dscgs8xo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frosty\-document\-5022\.dscgs8xo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname ff.member.gareza.vn"; dns.query; content:"ff.member.gareza.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.member\.gareza\.vn$/i"; classtype:trojan-activity; sid:37159151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname ff.member.gareza.vn"; flow:to_server,established; http.header; content: "Host|3a| ff.member.gareza.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.member\.gareza\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname dkmkankkah-02092020.weeblysite.com"; dns.query; content:"dkmkankkah-02092020.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dkmkankkah\-02092020\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37159181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname dkmkankkah-02092020.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| dkmkankkah-02092020.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dkmkankkah\-02092020\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname datingsitefree.pages.dev"; dns.query; content:"datingsitefree.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])datingsitefree\.pages\.dev$/i"; classtype:trojan-activity; sid:37159211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname datingsitefree.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| datingsitefree.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])datingsitefree\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname d0ocs-ow-9c42.nganarxnksoroo.workers.dev"; dns.query; content:"d0ocs-ow-9c42.nganarxnksoroo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d0ocs\-ow\-9c42\.nganarxnksoroo\.workers\.dev$/i"; classtype:trojan-activity; sid:37159241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname d0ocs-ow-9c42.nganarxnksoroo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| d0ocs-ow-9c42.nganarxnksoroo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d0ocs\-ow\-9c42\.nganarxnksoroo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bt-107539.weeblysite.com"; dns.query; content:"bt-107539.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-107539\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37159271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bt-107539.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-107539.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-107539\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname claim.aavelp.com"; dns.query; content:"claim.aavelp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])claim\.aavelp\.com$/i"; classtype:trojan-activity; sid:37159331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname claim.aavelp.com"; flow:to_server,established; http.header; content: "Host|3a| claim.aavelp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])claim\.aavelp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bt-107539.square.site"; dns.query; content:"bt-107539.square.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-107539\.square\.site$/i"; classtype:trojan-activity; sid:37159361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bt-107539.square.site"; flow:to_server,established; http.header; content: "Host|3a| bt-107539.square.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-107539\.square\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname atttmaillmaill.weebly.com"; dns.query; content:"atttmaillmaill.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])atttmaillmaill\.weebly\.com$/i"; classtype:trojan-activity; sid:37159391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname atttmaillmaill.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| atttmaillmaill.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])atttmaillmaill\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname att-105032.weeblysite.com"; dns.query; content:"att-105032.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-105032\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37159421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname att-105032.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-105032.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-105032\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname athome-101274.weeblysite.com"; dns.query; content:"athome-101274.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])athome\-101274\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37159451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname athome-101274.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| athome-101274.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])athome\-101274\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname aolmailboxcomingbal.weebly.com"; dns.query; content:"aolmailboxcomingbal.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aolmailboxcomingbal\.weebly\.com$/i"; classtype:trojan-activity; sid:37159481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname aolmailboxcomingbal.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| aolmailboxcomingbal.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aolmailboxcomingbal\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname aolmail9e3ie.weebly.com"; dns.query; content:"aolmail9e3ie.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aolmail9e3ie\.weebly\.com$/i"; classtype:trojan-activity; sid:37159511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname aolmail9e3ie.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| aolmail9e3ie.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aolmail9e3ie\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname aoldomaincenter00.weebly.com"; dns.query; content:"aoldomaincenter00.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aoldomaincenter00\.weebly\.com$/i"; classtype:trojan-activity; sid:37159541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname aoldomaincenter00.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| aoldomaincenter00.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aoldomaincenter00\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname aged-sunset-c81b.debra1027.workers.dev"; dns.query; content:"aged-sunset-c81b.debra1027.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aged\-sunset\-c81b\.debra1027\.workers\.dev$/i"; classtype:trojan-activity; sid:37159571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname aged-sunset-c81b.debra1027.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| aged-sunset-c81b.debra1027.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aged\-sunset\-c81b\.debra1027\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname 3656w.net"; dns.query; content:"3656w.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656w\.net$/i"; classtype:trojan-activity; sid:37159601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname 3656w.net"; flow:to_server,established; http.header; content: "Host|3a| 3656w.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656w\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-d90b4e6b37254e1687ebe94c4d177a68.r2.dev"; dns.query; content:"pub-d90b4e6b37254e1687ebe94c4d177a68.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d90b4e6b37254e1687ebe94c4d177a68\.r2\.dev$/i"; classtype:trojan-activity; sid:37159631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-d90b4e6b37254e1687ebe94c4d177a68.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-d90b4e6b37254e1687ebe94c4d177a68.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d90b4e6b37254e1687ebe94c4d177a68\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//pub-d90b4e6b37254e1687ebe94c4d177a68.r2.dev/payments0.html"; flow:to_server,established; http.header; content:"pub-d90b4e6b37254e1687ebe94c4d177a68.r2.dev"; fast_pattern; nocase; http.uri; content:"/payments0.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37159641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname mjjahes.com"; dns.query; content:"mjjahes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mjjahes\.com$/i"; classtype:trojan-activity; sid:37159661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname mjjahes.com"; flow:to_server,established; http.header; content: "Host|3a| mjjahes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mjjahes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-bb55aedf0ff24aa5883cbfa402ea4ed7.r2.dev"; dns.query; content:"pub-bb55aedf0ff24aa5883cbfa402ea4ed7.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-bb55aedf0ff24aa5883cbfa402ea4ed7\.r2\.dev$/i"; classtype:trojan-activity; sid:37159691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-bb55aedf0ff24aa5883cbfa402ea4ed7.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-bb55aedf0ff24aa5883cbfa402ea4ed7.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-bb55aedf0ff24aa5883cbfa402ea4ed7\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//pub-bb55aedf0ff24aa5883cbfa402ea4ed7.r2.dev/link.html"; flow:to_server,established; http.header; content:"pub-bb55aedf0ff24aa5883cbfa402ea4ed7.r2.dev"; fast_pattern; nocase; http.uri; content:"/link.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37159701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-b3fdefdd677647fe8069fd5c0cf6c412.r2.dev"; dns.query; content:"pub-b3fdefdd677647fe8069fd5c0cf6c412.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b3fdefdd677647fe8069fd5c0cf6c412\.r2\.dev$/i"; classtype:trojan-activity; sid:37159721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-b3fdefdd677647fe8069fd5c0cf6c412.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-b3fdefdd677647fe8069fd5c0cf6c412.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b3fdefdd677647fe8069fd5c0cf6c412\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//pub-b3fdefdd677647fe8069fd5c0cf6c412.r2.dev/Closing_Document001.html"; flow:to_server,established; http.header; content:"pub-b3fdefdd677647fe8069fd5c0cf6c412.r2.dev"; fast_pattern; nocase; http.uri; content:"/Closing_Document001.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37159731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-8e400b9271f24921a443ccacc73dbe3f.r2.dev"; dns.query; content:"pub-8e400b9271f24921a443ccacc73dbe3f.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8e400b9271f24921a443ccacc73dbe3f\.r2\.dev$/i"; classtype:trojan-activity; sid:37159751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-8e400b9271f24921a443ccacc73dbe3f.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-8e400b9271f24921a443ccacc73dbe3f.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8e400b9271f24921a443ccacc73dbe3f\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//pub-8e400b9271f24921a443ccacc73dbe3f.r2.dev/MY%20OWA.html"; flow:to_server,established; http.header; content:"pub-8e400b9271f24921a443ccacc73dbe3f.r2.dev"; fast_pattern; nocase; http.uri; content:"/MY%20OWA.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37159761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-a4e5282dff38457ebc2af8f56f3ec193.r2.dev"; dns.query; content:"pub-a4e5282dff38457ebc2af8f56f3ec193.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a4e5282dff38457ebc2af8f56f3ec193\.r2\.dev$/i"; classtype:trojan-activity; sid:37159781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-a4e5282dff38457ebc2af8f56f3ec193.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-a4e5282dff38457ebc2af8f56f3ec193.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a4e5282dff38457ebc2af8f56f3ec193\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//pub-a4e5282dff38457ebc2af8f56f3ec193.r2.dev/owa.html"; flow:to_server,established; http.header; content:"pub-a4e5282dff38457ebc2af8f56f3ec193.r2.dev"; fast_pattern; nocase; http.uri; content:"/owa.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37159791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-a376354cedd842688248da2008c41a63.r2.dev"; dns.query; content:"pub-a376354cedd842688248da2008c41a63.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a376354cedd842688248da2008c41a63\.r2\.dev$/i"; classtype:trojan-activity; sid:37159811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-a376354cedd842688248da2008c41a63.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-a376354cedd842688248da2008c41a63.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a376354cedd842688248da2008c41a63\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//pub-a376354cedd842688248da2008c41a63.r2.dev/MY%20OWA.html"; flow:to_server,established; http.header; content:"pub-a376354cedd842688248da2008c41a63.r2.dev"; fast_pattern; nocase; http.uri; content:"/MY%20OWA.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37159821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname norton.net.in.couponreedem.com"; dns.query; content:"norton.net.in.couponreedem.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])norton\.net\.in\.couponreedem\.com$/i"; classtype:trojan-activity; sid:37159841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname norton.net.in.couponreedem.com"; flow:to_server,established; http.header; content: "Host|3a| norton.net.in.couponreedem.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])norton\.net\.in\.couponreedem\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//norton.net.in.couponreedem.com"; flow:to_server,established; http.header; content:"norton.net.in.couponreedem.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37159851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname mjjahes.com"; dns.query; content:"mjjahes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mjjahes\.com$/i"; classtype:trojan-activity; sid:37159871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname mjjahes.com"; flow:to_server,established; http.header; content: "Host|3a| mjjahes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mjjahes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//mjjahes.com"; flow:to_server,established; http.header; content:"mjjahes.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37159881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname kzl.ekr.mybluehost.me"; dns.query; content:"kzl.ekr.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kzl\.ekr\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37159901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname kzl.ekr.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| kzl.ekr.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kzl\.ekr\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//kzl.ekr.mybluehost.me/public/55848621RO/contract"; flow:to_server,established; http.header; content:"kzl.ekr.mybluehost.me"; fast_pattern; nocase; http.uri; content:"/public/55848621RO/contract"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37159911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname grups2hxwz.inilingk.biz.id"; dns.query; content:"grups2hxwz.inilingk.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grups2hxwz\.inilingk\.biz\.id$/i"; classtype:trojan-activity; sid:37159931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname grups2hxwz.inilingk.biz.id"; flow:to_server,established; http.header; content: "Host|3a| grups2hxwz.inilingk.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grups2hxwz\.inilingk\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//grups2hxwz.inilingk.biz.id/vhsfhqpdhdsih6"; flow:to_server,established; http.header; content:"grups2hxwz.inilingk.biz.id"; fast_pattern; nocase; http.uri; content:"/vhsfhqpdhdsih6"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37159941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname grups2hxwz.inilingk.biz.id"; dns.query; content:"grups2hxwz.inilingk.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grups2hxwz\.inilingk\.biz\.id$/i"; classtype:trojan-activity; sid:37159961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname grups2hxwz.inilingk.biz.id"; flow:to_server,established; http.header; content: "Host|3a| grups2hxwz.inilingk.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grups2hxwz\.inilingk\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//grups2hxwz.inilingk.biz.id"; flow:to_server,established; http.header; content:"grups2hxwz.inilingk.biz.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37159971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname fqed.cujptej5sy5356.workers.dev"; dns.query; content:"fqed.cujptej5sy5356.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fqed\.cujptej5sy5356\.workers\.dev$/i"; classtype:trojan-activity; sid:37159991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname fqed.cujptej5sy5356.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| fqed.cujptej5sy5356.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fqed\.cujptej5sy5356\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37159992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//fqed.cujptej5sy5356.workers.dev"; flow:to_server,established; http.header; content:"fqed.cujptej5sy5356.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeidvgpr6nan2wtv4g3vgwhq2za6fpv2o4v5tnoorspr7wgq4kxg2ci"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeidvgpr6nan2wtv4g3vgwhq2za6fpv2o4v5tnoorspr7wgq4kxg2ci"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeidc67ewyrptvjibk2tf2w3lt2snuge47vyguj26ga73mpn5t35w6e"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeidc67ewyrptvjibk2tf2w3lt2snuge47vyguj26ga73mpn5t35w6e"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname 89u.nmvqvufzxhdro8613.workers.dev"; dns.query; content:"89u.nmvqvufzxhdro8613.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])89u\.nmvqvufzxhdro8613\.workers\.dev$/i"; classtype:trojan-activity; sid:37160081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname 89u.nmvqvufzxhdro8613.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| 89u.nmvqvufzxhdro8613.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])89u\.nmvqvufzxhdro8613\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//89u.nmvqvufzxhdro8613.workers.dev"; flow:to_server,established; http.header; content:"89u.nmvqvufzxhdro8613.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname yellow-recipe-c615.wl5n4b9b.workers.dev"; dns.query; content:"yellow-recipe-c615.wl5n4b9b.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yellow\-recipe\-c615\.wl5n4b9b\.workers\.dev$/i"; classtype:trojan-activity; sid:37160111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname yellow-recipe-c615.wl5n4b9b.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| yellow-recipe-c615.wl5n4b9b.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yellow\-recipe\-c615\.wl5n4b9b\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37160141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37160171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname l6r943.csb.app"; dns.query; content:"l6r943.csb.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])l6r943\.csb\.app$/i"; classtype:trojan-activity; sid:37160201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname l6r943.csb.app"; flow:to_server,established; http.header; content: "Host|3a| l6r943.csb.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])l6r943\.csb\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//l6r943.csb.app/"; flow:to_server,established; http.header; content:"l6r943.csb.app"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37160231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev/9d7cd921-b130-4bc8-bd36-f13e338a6d21"; flow:to_server,established; http.header; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; http.uri; content:"/9d7cd921-b130-4bc8-bd36-f13e338a6d21"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37160261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev/cc94f90a-da2c-45a7-b4a4-126c6a19556d"; flow:to_server,established; http.header; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; http.uri; content:"/cc94f90a-da2c-45a7-b4a4-126c6a19556d"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname passsa.duckdns.org"; dns.query; content:"passsa.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])passsa\.duckdns\.org$/i"; classtype:trojan-activity; sid:37160291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname passsa.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a| passsa.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])passsa\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//passsa.duckdns.org/prohqcker.php"; flow:to_server,established; http.header; content:"passsa.duckdns.org"; fast_pattern; nocase; http.uri; content:"/prohqcker.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname stay-vip-home.goodnewsmy.click"; dns.query; content:"stay-vip-home.goodnewsmy.click"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stay\-vip\-home\.goodnewsmy\.click$/i"; classtype:trojan-activity; sid:37160351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname stay-vip-home.goodnewsmy.click"; flow:to_server,established; http.header; content: "Host|3a| stay-vip-home.goodnewsmy.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stay\-vip\-home\.goodnewsmy\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname ehazine572.com"; dns.query; content:"ehazine572.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehazine572\.com$/i"; classtype:trojan-activity; sid:37160381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname ehazine572.com"; flow:to_server,established; http.header; content: "Host|3a| ehazine572.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehazine572\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//ehazine572.com"; flow:to_server,established; http.header; content:"ehazine572.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname mail.ehazine572.com"; dns.query; content:"mail.ehazine572.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.ehazine572\.com$/i"; classtype:trojan-activity; sid:37160411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname mail.ehazine572.com"; flow:to_server,established; http.header; content: "Host|3a| mail.ehazine572.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.ehazine572\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//mail.ehazine572.com"; flow:to_server,established; http.header; content:"mail.ehazine572.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname definodeonline.com"; dns.query; content:"definodeonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])definodeonline\.com$/i"; classtype:trojan-activity; sid:37160441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname definodeonline.com"; flow:to_server,established; http.header; content: "Host|3a| definodeonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])definodeonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//definodeonline.com"; flow:to_server,established; http.header; content:"definodeonline.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname canidasalvataggio.it"; dns.query; content:"canidasalvataggio.it"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])canidasalvataggio\.it$/i"; classtype:trojan-activity; sid:37160471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname canidasalvataggio.it"; flow:to_server,established; http.header; content: "Host|3a| canidasalvataggio.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])canidasalvataggio\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname server1801079.netart.com"; dns.query; content:"server1801079.netart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1801079\.netart\.com$/i"; classtype:trojan-activity; sid:37160501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname server1801079.netart.com"; flow:to_server,established; http.header; content: "Host|3a| server1801079.netart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1801079\.netart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname umplanen-bekanntmachung-adresshinweis.cleverapps.io"; dns.query; content:"umplanen-bekanntmachung-adresshinweis.cleverapps.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])umplanen\-bekanntmachung\-adresshinweis\.cleverapps\.io$/i"; classtype:trojan-activity; sid:37160531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname umplanen-bekanntmachung-adresshinweis.cleverapps.io"; flow:to_server,established; http.header; content: "Host|3a| umplanen-bekanntmachung-adresshinweis.cleverapps.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])umplanen\-bekanntmachung\-adresshinweis\.cleverapps\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//umplanen-bekanntmachung-adresshinweis.cleverapps.io/bearbeiten/adresse/?pwd=chdp"; flow:to_server,established; http.header; content:"umplanen-bekanntmachung-adresshinweis.cleverapps.io"; fast_pattern; nocase; http.uri; content:"/bearbeiten/adresse/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//tinyurl.com/3bk9cyde"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/3bk9cyde"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname rahmatgolos.cc"; dns.query; content:"rahmatgolos.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rahmatgolos\.cc$/i"; classtype:trojan-activity; sid:37160591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname rahmatgolos.cc"; flow:to_server,established; http.header; content: "Host|3a| rahmatgolos.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rahmatgolos\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//rahmatgolos.cc"; flow:to_server,established; http.header; content:"rahmatgolos.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname du-recih.com"; dns.query; content:"du-recih.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])du\-recih\.com$/i"; classtype:trojan-activity; sid:37160621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname du-recih.com"; flow:to_server,established; http.header; content: "Host|3a| du-recih.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])du\-recih\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//du-recih.com"; flow:to_server,established; http.header; content:"du-recih.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname nova-super.ru"; dns.query; content:"nova-super.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nova\-super\.ru$/i"; classtype:trojan-activity; sid:37160651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname nova-super.ru"; flow:to_server,established; http.header; content: "Host|3a| nova-super.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nova\-super\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//nova-super.ru"; flow:to_server,established; http.header; content:"nova-super.ru"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname wzsm.rqa-b.my.id"; dns.query; content:"wzsm.rqa-b.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wzsm\.rqa\-b\.my\.id$/i"; classtype:trojan-activity; sid:37160681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname wzsm.rqa-b.my.id"; flow:to_server,established; http.header; content: "Host|3a| wzsm.rqa-b.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wzsm\.rqa\-b\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//wzsm.rqa-b.my.id"; flow:to_server,established; http.header; content:"wzsm.rqa-b.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname adminuser.telegramchina.live"; dns.query; content:"adminuser.telegramchina.live"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.telegramchina\.live$/i"; classtype:trojan-activity; sid:37160711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname adminuser.telegramchina.live"; flow:to_server,established; http.header; content: "Host|3a| adminuser.telegramchina.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.telegramchina\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname onlychatsexss.pages.dev"; dns.query; content:"onlychatsexss.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onlychatsexss\.pages\.dev$/i"; classtype:trojan-activity; sid:37160741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname onlychatsexss.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| onlychatsexss.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onlychatsexss\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//onlychatsexss.pages.dev"; flow:to_server,established; http.header; content:"onlychatsexss.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname tracciamento-up01.cfolks.pl"; dns.query; content:"tracciamento-up01.cfolks.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracciamento\-up01\.cfolks\.pl$/i"; classtype:trojan-activity; sid:37160771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname tracciamento-up01.cfolks.pl"; flow:to_server,established; http.header; content: "Host|3a| tracciamento-up01.cfolks.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tracciamento\-up01\.cfolks\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname fixit.ma"; dns.query; content:"fixit.ma"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fixit\.ma$/i"; classtype:trojan-activity; sid:37160801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname fixit.ma"; flow:to_server,established; http.header; content: "Host|3a| fixit.ma"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fixit\.ma[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//fixit.ma/sussi"; flow:to_server,established; http.header; content:"fixit.ma"; fast_pattern; nocase; http.uri; content:"/sussi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname enoticiaespiritosanto.com.br"; dns.query; content:"enoticiaespiritosanto.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])enoticiaespiritosanto\.com\.br$/i"; classtype:trojan-activity; sid:37160831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname enoticiaespiritosanto.com.br"; flow:to_server,established; http.header; content: "Host|3a| enoticiaespiritosanto.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])enoticiaespiritosanto\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname imtoken-cc.net"; dns.query; content:"imtoken-cc.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cc\.net$/i"; classtype:trojan-activity; sid:37160861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname imtoken-cc.net"; flow:to_server,established; http.header; content: "Host|3a| imtoken-cc.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cc\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname email.mail.iteratehq.com"; dns.query; content:"email.mail.iteratehq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])email\.mail\.iteratehq\.com$/i"; classtype:trojan-activity; sid:37160891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname email.mail.iteratehq.com"; flow:to_server,established; http.header; content: "Host|3a| email.mail.iteratehq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])email\.mail\.iteratehq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//email.mail.iteratehq.com/c/eJwUw7FuAyEMANCvgREZg89mYOhy_wEXKEicQgNSm7-vMrxHRPHJoi7RMjBZJjh0i5XZu8MFEAahLJg4ic9ALlSiirpHBPSAEBCR4DC2-pALUxUoDymiPNypD9N3eaVd2o-5nrcese09l3JfCk-F5_Uce823SXMqPNdHzuu3r6VfcfYx3srD9_1nrvYfAAD__yaIMa4"; flow:to_server,established; http.header; content:"email.mail.iteratehq.com"; fast_pattern; nocase; http.uri; content:"/c/eJwUw7FuAyEMANCvgREZg89mYOhy_wEXKEicQgNSm7-vMrxHRPHJoi7RMjBZJjh0i5XZu8MFEAahLJg4ic9ALlSiirpHBPSAEBCR4DC2-pALUxUoDymiPNypD9N3eaVd2o-5nrcese09l3JfCk-F5_Uce823SXMqPNdHzuu3r6VfcfYx3srD9_1nrvYfAAD__yaIMa4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname qpa.org.cn"; dns.query; content:"qpa.org.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qpa\.org\.cn$/i"; classtype:trojan-activity; sid:37160921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname qpa.org.cn"; flow:to_server,established; http.header; content: "Host|3a| qpa.org.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qpa\.org\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//qpa.org.cn"; flow:to_server,established; http.header; content:"qpa.org.cn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37160931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname sbbswisspasshilfeapp.sviluppo.host"; dns.query; content:"sbbswisspasshilfeapp.sviluppo.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbbswisspasshilfeapp\.sviluppo\.host$/i"; classtype:trojan-activity; sid:37160951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname sbbswisspasshilfeapp.sviluppo.host"; flow:to_server,established; http.header; content: "Host|3a| sbbswisspasshilfeapp.sviluppo.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbbswisspasshilfeapp\.sviluppo\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37160952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//tinyurl.com/y9ydf7y3"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/y9ydf7y3"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname metis-xpubfix-io.pages.dev"; dns.query; content:"metis-xpubfix-io.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metis\-xpubfix\-io\.pages\.dev$/i"; classtype:trojan-activity; sid:37161041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname metis-xpubfix-io.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| metis-xpubfix-io.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metis\-xpubfix\-io\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//metis-xpubfix-io.pages.dev"; flow:to_server,established; http.header; content:"metis-xpubfix-io.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//tinyurl.com/mpvjdjbm"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/mpvjdjbm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname ehazine712.com"; dns.query; content:"ehazine712.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehazine712\.com$/i"; classtype:trojan-activity; sid:37161191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname ehazine712.com"; flow:to_server,established; http.header; content: "Host|3a| ehazine712.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehazine712\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//ehazine712.com"; flow:to_server,established; http.header; content:"ehazine712.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname mail.ehazine712.com"; dns.query; content:"mail.ehazine712.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.ehazine712\.com$/i"; classtype:trojan-activity; sid:37161221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname mail.ehazine712.com"; flow:to_server,established; http.header; content: "Host|3a| mail.ehazine712.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.ehazine712\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//mail.ehazine712.com"; flow:to_server,established; http.header; content:"mail.ehazine712.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname 3656a.xyz"; dns.query; content:"3656a.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656a\.xyz$/i"; classtype:trojan-activity; sid:37161251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname 3656a.xyz"; flow:to_server,established; http.header; content: "Host|3a| 3656a.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656a\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//www.3656a.xyz/mobile-client/bet365_627/"; flow:to_server,established; http.header; content:"www.3656a.xyz"; fast_pattern; nocase; http.uri; content:"/mobile-client/bet365_627/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname sahm1402edalatt.com"; dns.query; content:"sahm1402edalatt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sahm1402edalatt\.com$/i"; classtype:trojan-activity; sid:37161281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname sahm1402edalatt.com"; flow:to_server,established; http.header; content: "Host|3a| sahm1402edalatt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sahm1402edalatt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname servicei.top"; dns.query; content:"servicei.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servicei\.top$/i"; classtype:trojan-activity; sid:37161311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname servicei.top"; flow:to_server,established; http.header; content: "Host|3a| servicei.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servicei\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname pub-9e11a359d213455e8ad57f733583373b.r2.dev"; dns.query; content:"pub-9e11a359d213455e8ad57f733583373b.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-9e11a359d213455e8ad57f733583373b\.r2\.dev$/i"; classtype:trojan-activity; sid:37161341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname pub-9e11a359d213455e8ad57f733583373b.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-9e11a359d213455e8ad57f733583373b.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-9e11a359d213455e8ad57f733583373b\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname telegrsmn.vip"; dns.query; content:"telegrsmn.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrsmn\.vip$/i"; classtype:trojan-activity; sid:37161371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname telegrsmn.vip"; flow:to_server,established; http.header; content: "Host|3a| telegrsmn.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrsmn\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//telegrsmn.vip/"; flow:to_server,established; http.header; content:"telegrsmn.vip"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname telegpewm.work"; dns.query; content:"telegpewm.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegpewm\.work$/i"; classtype:trojan-activity; sid:37161401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname telegpewm.work"; flow:to_server,established; http.header; content: "Host|3a| telegpewm.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegpewm\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//telegpewm.work/"; flow:to_server,established; http.header; content:"telegpewm.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname telegrwq.vip"; dns.query; content:"telegrwq.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrwq\.vip$/i"; classtype:trojan-activity; sid:37161431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname telegrwq.vip"; flow:to_server,established; http.header; content: "Host|3a| telegrwq.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrwq\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//telegrwq.vip/"; flow:to_server,established; http.header; content:"telegrwq.vip"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname teletsam.fit"; dns.query; content:"teletsam.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsam\.fit$/i"; classtype:trojan-activity; sid:37161461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname teletsam.fit"; flow:to_server,established; http.header; content: "Host|3a| teletsam.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsam\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//teletsam.fit/"; flow:to_server,established; http.header; content:"teletsam.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname tokenpocket-tpome.com"; dns.query; content:"tokenpocket-tpome.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpome\.com$/i"; classtype:trojan-activity; sid:37161491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname tokenpocket-tpome.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpocket-tpome.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpome\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//tokenpocket-tpome.com"; flow:to_server,established; http.header; content:"tokenpocket-tpome.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname hshwgc.sites-id.biz.id"; dns.query; content:"hshwgc.sites-id.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hshwgc\.sites\-id\.biz\.id$/i"; classtype:trojan-activity; sid:37161521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname hshwgc.sites-id.biz.id"; flow:to_server,established; http.header; content: "Host|3a| hshwgc.sites-id.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hshwgc\.sites\-id\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//hshwgc.sites-id.biz.id"; flow:to_server,established; http.header; content:"hshwgc.sites-id.biz.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname join-grupwav2024.procy.cfd"; dns.query; content:"join-grupwav2024.procy.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join\-grupwav2024\.procy\.cfd$/i"; classtype:trojan-activity; sid:37161551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname join-grupwav2024.procy.cfd"; flow:to_server,established; http.header; content: "Host|3a| join-grupwav2024.procy.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join\-grupwav2024\.procy\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//join-grupwav2024.procy.cfd"; flow:to_server,established; http.header; content:"join-grupwav2024.procy.cfd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37161581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname passsa.duckdns.org"; dns.query; content:"passsa.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])passsa\.duckdns\.org$/i"; classtype:trojan-activity; sid:37161611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname passsa.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a| passsa.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])passsa\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//passsa.duckdns.org/index.html"; flow:to_server,established; http.header; content:"passsa.duckdns.org"; fast_pattern; nocase; http.uri; content:"/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> 59.99.129.120 50446 (msg: "MISP e26145 [] Outgoing URL http|3a|//59.99.129.120|3a|50446/Mozi.m"; flow:to_server,established; http.header; content:"59.99.129.120"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 125.26.163.25 53210 (msg: "MISP e26145 [] Outgoing URL http|3a|//125.26.163.25|3a|53210/Mozi.m"; flow:to_server,established; http.header; content:"125.26.163.25"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26145 [] Outgoing URL http|3a|//tivugame.com/samane/app.apk"; flow:to_server,established; http.header; content:"tivugame.com"; fast_pattern; nocase; http.uri; content:"/samane/app.apk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 91.239.77.159 38373 (msg: "MISP e26145 [] Outgoing URL http|3a|//91.239.77.159|3a|38373/Mozi.m"; flow:to_server,established; http.header; content:"91.239.77.159"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 42.228.217.17 43769 (msg: "MISP e26145 [] Outgoing URL http|3a|//42.228.217.17|3a|43769/Mozi.m"; flow:to_server,established; http.header; content:"42.228.217.17"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 42.225.25.71 37794 (msg: "MISP e26145 [] Outgoing URL http|3a|//42.225.25.71|3a|37794/bin.sh"; flow:to_server,established; http.header; content:"42.225.25.71"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 223.8.8.66 54270 (msg: "MISP e26145 [] Outgoing URL http|3a|//223.8.8.66|3a|54270/Mozi.m"; flow:to_server,established; http.header; content:"223.8.8.66"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 61.52.52.206 52869 (msg: "MISP e26145 [] Outgoing URL http|3a|//61.52.52.206|3a|52869/"; flow:to_server,established; http.header; content:"61.52.52.206"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 42.231.89.44 45207 (msg: "MISP e26145 [] Outgoing URL http|3a|//42.231.89.44|3a|45207/Mozi.m"; flow:to_server,established; http.header; content:"42.231.89.44"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 185.81.157.24 222 (msg: "MISP e26145 [] Outgoing URL http|3a|//185.81.157.24|3a|222/cle.jpg"; flow:to_server,established; http.header; content:"185.81.157.24"; fast_pattern; nocase; http.uri; content:"/cle.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 82.80.154.234 29307 (msg: "MISP e26145 [] Outgoing URL http|3a|//82.80.154.234|3a|29307/.i"; flow:to_server,established; http.header; content:"82.80.154.234"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 61.53.124.242 42529 (msg: "MISP e26145 [] Outgoing URL http|3a|//61.53.124.242|3a|42529/Mozi.m"; flow:to_server,established; http.header; content:"61.53.124.242"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 42.238.168.231 36019 (msg: "MISP e26145 [] Outgoing URL http|3a|//42.238.168.231|3a|36019/i"; flow:to_server,established; http.header; content:"42.238.168.231"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 112.248.109.209 39793 (msg: "MISP e26145 [] Outgoing URL http|3a|//112.248.109.209|3a|39793/Mozi.m"; flow:to_server,established; http.header; content:"112.248.109.209"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 222.136.140.186 38833 (msg: "MISP e26145 [] Outgoing URL http|3a|//222.136.140.186|3a|38833/"; flow:to_server,established; http.header; content:"222.136.140.186"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 120.211.137.185 49286 (msg: "MISP e26145 [] Outgoing URL http|3a|//120.211.137.185|3a|49286/Mozi.m"; flow:to_server,established; http.header; content:"120.211.137.185"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 117.207.70.170 43768 (msg: "MISP e26145 [] Outgoing URL http|3a|//117.207.70.170|3a|43768/bin.sh"; flow:to_server,established; http.header; content:"117.207.70.170"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 115.56.128.242 56693 (msg: "MISP e26145 [] Outgoing URL http|3a|//115.56.128.242|3a|56693/Mozi.m"; flow:to_server,established; http.header; content:"115.56.128.242"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 114.230.177.231 53904 (msg: "MISP e26145 [] Outgoing URL http|3a|//114.230.177.231|3a|53904/Mozi.m"; flow:to_server,established; http.header; content:"114.230.177.231"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 112.245.171.210 51021 (msg: "MISP e26145 [] Outgoing URL http|3a|//112.245.171.210|3a|51021/bin.sh"; flow:to_server,established; http.header; content:"112.245.171.210"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert ip $HOME_NET any -> 34.34.10.37 3333 (msg: "MISP e26168 [] Outgoing To IP: 34.34.10.37|3333"; classtype:trojan-activity; sid:37205821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 3.75.189.17 3333 (msg: "MISP e26168 [] Outgoing To IP: 3.75.189.17|3333"; classtype:trojan-activity; sid:37205831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 165.232.179.158 4444 (msg: "MISP e26168 [] Outgoing To IP: 165.232.179.158|4444"; classtype:trojan-activity; sid:37205841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 181.32.143.15 443 (msg: "MISP e26168 [] Outgoing To IP: 181.32.143.15|443"; classtype:trojan-activity; sid:37205851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 13.49.116.113 3333 (msg: "MISP e26168 [] Outgoing To IP: 13.49.116.113|3333"; classtype:trojan-activity; sid:37205861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26147 [] Hostname tivugame.com"; dns.query; content:"tivugame.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tivugame\.com$/i"; classtype:trojan-activity; sid:37165861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26147;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26147 [] Outgoing HTTP Hostname tivugame.com"; flow:to_server,established; http.header; content: "Host|3a| tivugame.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tivugame\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26147;) alert dns any any -> any any (msg: "MISP e26147 [] Domain tivugame.com"; dns.query; content:"tivugame.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tivugame\.com$/i"; classtype:trojan-activity; sid:37165991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26147;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26147 [] Outgoing HTTP Domain tivugame.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tivugame.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tivugame\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26147;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26149 [] Outgoing URL http|3a|//tivugame.com/samane/app.apk"; flow:to_server,established; http.header; content:"tivugame.com"; fast_pattern; nocase; http.uri; content:"/samane/app.apk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37166411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26149;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26073 [] Outgoing URL http|3a|//ifogape.coastconsulting.com.au"; flow:to_server,established; http.header; content:"ifogape.coastconsulting.com.au"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37123211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26073;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26073 [] Outgoing URL http|3a|//ifogape.coastconsulting.com.au/1707587410/imagenes/_personas/home/default.asp"; flow:to_server,established; http.header; content:"ifogape.coastconsulting.com.au"; fast_pattern; nocase; http.uri; content:"/1707587410/imagenes/_personas/home/default.asp"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37123221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26073;) alert dns any any -> any any (msg: "MISP e26073 [] Domain ifogape.coastconsulting.com.au"; dns.query; content:"ifogape.coastconsulting.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifogape\.coastconsulting\.com\.au$/i"; classtype:trojan-activity; sid:37123231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26073;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26073 [] Outgoing HTTP Domain ifogape.coastconsulting.com.au"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifogape.coastconsulting.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifogape\.coastconsulting\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26073;) alert ip $HOME_NET any -> 65.21.64.132 34779 (msg: "MISP e26075 [RedLineStealer] Outgoing To IP: 65.21.64.132|34779"; classtype:trojan-activity; sid:37124901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 65.21.64.132 34779 (msg: "MISP e26168 [] Outgoing To IP: 65.21.64.132|34779"; classtype:trojan-activity; sid:37205881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 40.87.135.62 443 (msg: "MISP e26075 [RedLineStealer] Outgoing To IP: 40.87.135.62|443"; classtype:trojan-activity; sid:37124911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 163.197.247.155 8889 (msg: "MISP e26075 [IDCCLOUD,sliver] Outgoing To IP: 163.197.247.155|8889"; classtype:trojan-activity; sid:37124921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 45.66.248.84 42282 (msg: "MISP e26075 [Bianlian Go Trojan,BV-EU-AS] Outgoing To IP: 45.66.248.84|42282"; classtype:trojan-activity; sid:37124931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 39.40.155.114 995 (msg: "MISP e26075 [PKTELECOM-AS-PK Pakistan Telecommunication Company Limited,QakBot] Outgoing To IP: 39.40.155.114|995"; classtype:trojan-activity; sid:37124941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 78.18.250.125 2222 (msg: "MISP e26075 [AS-BTIRE BT Ireland was previously known as Esat Net EUnet Ireland & IEUnet.,QakBot] Outgoing To IP: 78.18.250.125|2222"; classtype:trojan-activity; sid:37124951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 149.109.109.136 2087 (msg: "MISP e26075 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 149.109.109.136|2087"; classtype:trojan-activity; sid:37124961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 67.71.30.57 2078 (msg: "MISP e26075 [BACOM,QakBot] Outgoing To IP: 67.71.30.57|2078"; classtype:trojan-activity; sid:37124971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 67.71.30.57 2078 (msg: "MISP e26168 [] Outgoing To IP: 67.71.30.57|2078"; classtype:trojan-activity; sid:37205891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 149.109.109.136 2087 (msg: "MISP e26168 [] Outgoing To IP: 149.109.109.136|2087"; classtype:trojan-activity; sid:37205901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 78.18.250.125 2222 (msg: "MISP e26168 [] Outgoing To IP: 78.18.250.125|2222"; classtype:trojan-activity; sid:37205911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 39.40.155.114 995 (msg: "MISP e26168 [] Outgoing To IP: 39.40.155.114|995"; classtype:trojan-activity; sid:37205921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 45.66.248.84 42282 (msg: "MISP e26168 [] Outgoing To IP: 45.66.248.84|42282"; classtype:trojan-activity; sid:37205931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 163.197.247.155 8889 (msg: "MISP e26168 [] Outgoing To IP: 163.197.247.155|8889"; classtype:trojan-activity; sid:37205941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 40.87.135.62 443 (msg: "MISP e26168 [] Outgoing To IP: 40.87.135.62|443"; classtype:trojan-activity; sid:37205951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain keywordslive.com"; dns.query; content:"keywordslive.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])keywordslive\.com$/i"; classtype:trojan-activity; sid:37205961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain keywordslive.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"keywordslive.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])keywordslive\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain gardenplaid.com"; dns.query; content:"gardenplaid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gardenplaid\.com$/i"; classtype:trojan-activity; sid:37205971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain gardenplaid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gardenplaid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gardenplaid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain gibbselectrics.com"; dns.query; content:"gibbselectrics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gibbselectrics\.com$/i"; classtype:trojan-activity; sid:37205981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain gibbselectrics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gibbselectrics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gibbselectrics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain gloverstech.com"; dns.query; content:"gloverstech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gloverstech\.com$/i"; classtype:trojan-activity; sid:37205991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain gloverstech.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gloverstech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gloverstech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37205992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain investechnical.com"; dns.query; content:"investechnical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])investechnical\.com$/i"; classtype:trojan-activity; sid:37206001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain investechnical.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"investechnical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])investechnical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37206002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain brookselectrics.com"; dns.query; content:"brookselectrics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])brookselectrics\.com$/i"; classtype:trojan-activity; sid:37206011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain brookselectrics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brookselectrics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brookselectrics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37206012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 3.67.161.133 13977 (msg: "MISP e26168 [] Outgoing To IP: 3.67.161.133|13977"; classtype:trojan-activity; sid:37206021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//selebration17io.io/index.php"; flow:to_server,established; http.header; content:"selebration17io.io"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//vacantion18ffeu.cc/index.php"; flow:to_server,established; http.header; content:"vacantion18ffeu.cc"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//valarioulinity1.net/index.php"; flow:to_server,established; http.header; content:"valarioulinity1.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//buriatiarutuhuob.net/index.php"; flow:to_server,established; http.header; content:"buriatiarutuhuob.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//cassiosssionunu.me/index.php"; flow:to_server,established; http.header; content:"cassiosssionunu.me"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//sulugilioiu19.net/index.php"; flow:to_server,established; http.header; content:"sulugilioiu19.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//goodfooggooftool.net/index.php"; flow:to_server,established; http.header; content:"goodfooggooftool.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//sjyey.com/tmp/index.php"; flow:to_server,established; http.header; content:"sjyey.com"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//babonwo.ru/tmp/index.php"; flow:to_server,established; http.header; content:"babonwo.ru"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//mth.com.ua/tmp/index.php"; flow:to_server,established; http.header; content:"mth.com.ua"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//piratia.pw/tmp/index.php"; flow:to_server,established; http.header; content:"piratia.pw"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//go-piratia.ru/tmp/index.php"; flow:to_server,established; http.header; content:"go-piratia.ru"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//trad-einmyus.com/index.php"; flow:to_server,established; http.header; content:"trad-einmyus.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//tradein-myus.com/index.php"; flow:to_server,established; http.header; content:"tradein-myus.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//trade-inmyus.com/index.php"; flow:to_server,established; http.header; content:"trade-inmyus.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 45.95.146.13 38241 (msg: "MISP e26168 [] Outgoing To IP: 45.95.146.13|38241"; classtype:trojan-activity; sid:37206181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain microbanafler.com"; dns.query; content:"microbanafler.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])microbanafler\.com$/i"; classtype:trojan-activity; sid:37206191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain microbanafler.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"microbanafler.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])microbanafler\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37206192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.103.100.197 19049 (msg: "MISP e26075 [RedLineStealer] Outgoing To IP: 185.103.100.197|19049"; classtype:trojan-activity; sid:37124981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> 5.42.64.44 $HTTP_PORTS (msg: "MISP e26075 [Amadey] Outgoing URL http|3a|//5.42.64.44/blsswk93ex/index.php"; flow:to_server,established; http.header; content:"5.42.64.44"; fast_pattern; nocase; http.uri; content:"/blsswk93ex/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37124991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> 5.42.64.44 $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//5.42.64.44/BlsSwk93eX/index.php"; flow:to_server,established; http.header; content:"5.42.64.44"; fast_pattern; nocase; http.uri; content:"/BlsSwk93eX/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 185.103.100.197 19049 (msg: "MISP e26168 [] Outgoing To IP: 185.103.100.197|19049"; classtype:trojan-activity; sid:37206211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 147.185.221.18 5204 (msg: "MISP e26168 [] Outgoing To IP: 147.185.221.18|5204"; classtype:trojan-activity; sid:37206221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain win32avemaria.com"; dns.query; content:"win32avemaria.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])win32avemaria\.com$/i"; classtype:trojan-activity; sid:37206231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain win32avemaria.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"win32avemaria.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])win32avemaria\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37206232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 45.77.240.40 25887 (msg: "MISP e26075 [RedLineStealer] Outgoing To IP: 45.77.240.40|25887"; classtype:trojan-activity; sid:37125001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 45.77.240.40 25887 (msg: "MISP e26168 [] Outgoing To IP: 45.77.240.40|25887"; classtype:trojan-activity; sid:37206241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 5.42.64.44 80 (msg: "MISP e26075 [Amadey,ViriBack] Outgoing To IP: 5.42.64.44|80"; classtype:trojan-activity; sid:37125011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 5.42.64.44 80 (msg: "MISP e26168 [] Outgoing To IP: 5.42.64.44|80"; classtype:trojan-activity; sid:37206251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 20.226.21.146 80 (msg: "MISP e26075 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.226.21.146|80"; classtype:trojan-activity; sid:37125021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert ip $HOME_NET any -> 20.226.21.146 80 (msg: "MISP e26168 [] Outgoing To IP: 20.226.21.146|80"; classtype:trojan-activity; sid:37206261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> 45.90.217.194 $HTTP_PORTS (msg: "MISP e26075 [dcrat] Outgoing URL http|3a|//45.90.217.194/_defaultwindows.php"; flow:to_server,established; http.header; content:"45.90.217.194"; fast_pattern; nocase; http.uri; content:"/_defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37125031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> 45.90.217.194 $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//45.90.217.194/_Defaultwindows.php"; flow:to_server,established; http.header; content:"45.90.217.194"; fast_pattern; nocase; http.uri; content:"/_Defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26168 [] Domain serenys.xyz"; dns.query; content:"serenys.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])serenys\.xyz$/i"; classtype:trojan-activity; sid:37206281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26168 [] Outgoing HTTP Domain serenys.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"serenys.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])serenys\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37206282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert ip $HOME_NET any -> 3.125.102.39 17888 (msg: "MISP e26168 [] Outgoing To IP: 3.125.102.39|17888"; classtype:trojan-activity; sid:37206291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> 23.94.202.169 $HTTP_PORTS (msg: "MISP e26075 [AS-COLOCROSSING,CobaltStrike,cs-watermark-1580103824] Outgoing URL http|3a|//23.94.202.169/cm"; flow:to_server,established; http.header; content:"23.94.202.169"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37125041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> 23.94.202.169 $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//23.94.202.169/cm"; flow:to_server,established; http.header; content:"23.94.202.169"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> 185.215.113.32 $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//185.215.113.32/yandex/index.php"; flow:to_server,established; http.header; content:"185.215.113.32"; fast_pattern; nocase; http.uri; content:"/yandex/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//193.233.132.167/enigma/index.php"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/enigma/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert http $HOME_NET any -> 23.94.202.169 $HTTP_PORTS (msg: "MISP e26075 [AS-COLOCROSSING,CobaltStrike,cs-watermark-1580103824] Outgoing URL http|3a|//23.94.202.169/load"; flow:to_server,established; http.header; content:"23.94.202.169"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37125051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> 23.94.202.169 $HTTP_PORTS (msg: "MISP e26168 [] Outgoing URL http|3a|//23.94.202.169/load"; flow:to_server,established; http.header; content:"23.94.202.169"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37206331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26168;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspop.top"; dns.query; content:"uspop.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspop\.top$/i"; classtype:trojan-activity; sid:37167571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspop.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspop.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspop\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167572; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspoo.top"; dns.query; content:"uspoo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspoo\.top$/i"; classtype:trojan-activity; sid:37167581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspoo.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspoo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspoo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167582; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspoj.top"; dns.query; content:"uspoj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspoj\.top$/i"; classtype:trojan-activity; sid:37167591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspoj.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspoj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspoj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167592; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspoh.top"; dns.query; content:"uspoh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspoh\.top$/i"; classtype:trojan-activity; sid:37167601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspoh.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspoh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspoh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167602; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspof.top"; dns.query; content:"uspof.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspof\.top$/i"; classtype:trojan-activity; sid:37167611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspof.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspof.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspof\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167612; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspno.top"; dns.query; content:"uspno.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspno\.top$/i"; classtype:trojan-activity; sid:37167621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspno.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspno.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspno\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167622; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspnl.top"; dns.query; content:"uspnl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspnl\.top$/i"; classtype:trojan-activity; sid:37167631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspnl.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspnl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspnl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167632; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspnk.top"; dns.query; content:"uspnk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspnk\.top$/i"; classtype:trojan-activity; sid:37167641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspnk.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspnk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspnk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167642; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspnh.top"; dns.query; content:"uspnh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspnh\.top$/i"; classtype:trojan-activity; sid:37167651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspnh.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspnh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspnh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspnb.top"; dns.query; content:"uspnb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspnb\.top$/i"; classtype:trojan-activity; sid:37167661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspnb.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspnb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspnb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspjn.top"; dns.query; content:"uspjn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjn\.top$/i"; classtype:trojan-activity; sid:37167671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspjn.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspjn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167672; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspjl.top"; dns.query; content:"uspjl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjl\.top$/i"; classtype:trojan-activity; sid:37167681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspjl.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspjl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167682; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspjj.top"; dns.query; content:"uspjj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjj\.top$/i"; classtype:trojan-activity; sid:37167691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspjj.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspjj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167692; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspii.top"; dns.query; content:"uspii.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspii\.top$/i"; classtype:trojan-activity; sid:37167701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspii.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspii.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspii\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspic.top"; dns.query; content:"uspic.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspic\.top$/i"; classtype:trojan-activity; sid:37167711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspic.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspic.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspic\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspib.top"; dns.query; content:"uspib.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspib\.top$/i"; classtype:trojan-activity; sid:37167721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspib.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspib.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspib\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167722; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspfx.top"; dns.query; content:"uspfx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfx\.top$/i"; classtype:trojan-activity; sid:37167731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspfx.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspfx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167732; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspfv.top"; dns.query; content:"uspfv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfv\.top$/i"; classtype:trojan-activity; sid:37167741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspfv.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspfv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspft.top"; dns.query; content:"uspft.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspft\.top$/i"; classtype:trojan-activity; sid:37167751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspft.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspft.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspft\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspfr.top"; dns.query; content:"uspfr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfr\.top$/i"; classtype:trojan-activity; sid:37167761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspfr.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspfr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspfq.top"; dns.query; content:"uspfq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfq\.top$/i"; classtype:trojan-activity; sid:37167771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspfq.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspfq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspfp.top"; dns.query; content:"uspfp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfp\.top$/i"; classtype:trojan-activity; sid:37167781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspfp.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspfp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167782; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspjs.top"; dns.query; content:"uspjs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjs\.top$/i"; classtype:trojan-activity; sid:37167791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspjs.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspjs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspjv.top"; dns.query; content:"uspjv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjv\.top$/i"; classtype:trojan-activity; sid:37167801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspjv.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspjv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167802; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspjx.top"; dns.query; content:"uspjx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjx\.top$/i"; classtype:trojan-activity; sid:37167811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspjx.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspjx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspjx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167812; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain usplf.top"; dns.query; content:"usplf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usplf\.top$/i"; classtype:trojan-activity; sid:37167821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain usplf.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usplf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usplf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167822; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain usplh.top"; dns.query; content:"usplh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usplh\.top$/i"; classtype:trojan-activity; sid:37167831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain usplh.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usplh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usplh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167832; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain usplq.top"; dns.query; content:"usplq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usplq\.top$/i"; classtype:trojan-activity; sid:37167841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain usplq.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usplq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usplq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167842; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspmw.top"; dns.query; content:"uspmw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmw\.top$/i"; classtype:trojan-activity; sid:37167851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspmw.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspmw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167852; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspmy.top"; dns.query; content:"uspmy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmy\.top$/i"; classtype:trojan-activity; sid:37167861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspmy.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspmy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167862; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspmv.top"; dns.query; content:"uspmv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmv\.top$/i"; classtype:trojan-activity; sid:37167871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspmv.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspmv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167872; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspmu.top"; dns.query; content:"uspmu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmu\.top$/i"; classtype:trojan-activity; sid:37167881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspmu.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspmu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspml.top"; dns.query; content:"uspml.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspml\.top$/i"; classtype:trojan-activity; sid:37167891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspml.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspml.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspml\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167892; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspmj.top"; dns.query; content:"uspmj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmj\.top$/i"; classtype:trojan-activity; sid:37167901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspmj.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspmj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167902; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspmi.top"; dns.query; content:"uspmi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmi\.top$/i"; classtype:trojan-activity; sid:37167911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspmi.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspmi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167912; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspmh.top"; dns.query; content:"uspmh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmh\.top$/i"; classtype:trojan-activity; sid:37167921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspmh.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspmh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167922; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspmg.top"; dns.query; content:"uspmg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmg\.top$/i"; classtype:trojan-activity; sid:37167931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspmg.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspmg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167932; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspmd.top"; dns.query; content:"uspmd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmd\.top$/i"; classtype:trojan-activity; sid:37167941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspmd.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspmd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167942; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspmc.top"; dns.query; content:"uspmc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmc\.top$/i"; classtype:trojan-activity; sid:37167951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspmc.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspmc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167952; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspmb.top"; dns.query; content:"uspmb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmb\.top$/i"; classtype:trojan-activity; sid:37167961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspmb.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspmb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspmb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167962; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspma.top"; dns.query; content:"uspma.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspma\.top$/i"; classtype:trojan-activity; sid:37167971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspma.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspma.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspma\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167972; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain usply.top"; dns.query; content:"usply.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])usply\.top$/i"; classtype:trojan-activity; sid:37167981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain usply.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usply.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usply\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspfo.top"; dns.query; content:"uspfo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfo\.top$/i"; classtype:trojan-activity; sid:37167991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspfo.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspfo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspfo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspff.top"; dns.query; content:"uspff.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspff\.top$/i"; classtype:trojan-activity; sid:37168001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspff.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspff.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspff\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspes.top"; dns.query; content:"uspes.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspes\.top$/i"; classtype:trojan-activity; sid:37168011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspes.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspes.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspes\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspeh.top"; dns.query; content:"uspeh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspeh\.top$/i"; classtype:trojan-activity; sid:37168021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspeh.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspeh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspeh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspeg.top"; dns.query; content:"uspeg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspeg\.top$/i"; classtype:trojan-activity; sid:37168031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspeg.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspeg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspeg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168032; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspdz.top"; dns.query; content:"uspdz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdz\.top$/i"; classtype:trojan-activity; sid:37168041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspdz.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspdz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168042; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspdy.top"; dns.query; content:"uspdy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdy\.top$/i"; classtype:trojan-activity; sid:37168051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspdy.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspdy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168052; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspdw.top"; dns.query; content:"uspdw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdw\.top$/i"; classtype:trojan-activity; sid:37168061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspdw.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspdw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168062; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspdu.top"; dns.query; content:"uspdu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdu\.top$/i"; classtype:trojan-activity; sid:37168071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspdu.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspdu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspdt.top"; dns.query; content:"uspdt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdt\.top$/i"; classtype:trojan-activity; sid:37168081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspdt.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspdt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168082; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspds.top"; dns.query; content:"uspds.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspds\.top$/i"; classtype:trojan-activity; sid:37168091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspds.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspds.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspds\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168092; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspdn.top"; dns.query; content:"uspdn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdn\.top$/i"; classtype:trojan-activity; sid:37168101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspdn.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspdn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168102; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspdm.top"; dns.query; content:"uspdm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdm\.top$/i"; classtype:trojan-activity; sid:37168111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspdm.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspdm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168112; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspdi.top"; dns.query; content:"uspdi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdi\.top$/i"; classtype:trojan-activity; sid:37168121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspdi.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspdi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168122; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspdh.top"; dns.query; content:"uspdh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdh\.top$/i"; classtype:trojan-activity; sid:37168131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspdh.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspdh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168132; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspdg.top"; dns.query; content:"uspdg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdg\.top$/i"; classtype:trojan-activity; sid:37168141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspdg.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspdg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168142; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspdb.top"; dns.query; content:"uspdb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdb\.top$/i"; classtype:trojan-activity; sid:37168151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspdb.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspdb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspdb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168152; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspda.top"; dns.query; content:"uspda.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspda\.top$/i"; classtype:trojan-activity; sid:37168161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspda.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspda.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspda\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168162; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspcw.top"; dns.query; content:"uspcw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspcw\.top$/i"; classtype:trojan-activity; sid:37168171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspcw.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspcw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspcw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168172; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspcv.top"; dns.query; content:"uspcv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspcv\.top$/i"; classtype:trojan-activity; sid:37168181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspcv.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspcv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspcv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspcr.top"; dns.query; content:"uspcr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspcr\.top$/i"; classtype:trojan-activity; sid:37168191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspcr.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspcr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspcr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168192; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspcj.top"; dns.query; content:"uspcj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspcj\.top$/i"; classtype:trojan-activity; sid:37168201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspcj.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspcj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspcj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168202; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspch.top"; dns.query; content:"uspch.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspch\.top$/i"; classtype:trojan-activity; sid:37168211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspch.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspch.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspch\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspcf.top"; dns.query; content:"uspcf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspcf\.top$/i"; classtype:trojan-activity; sid:37168221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspcf.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspcf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspcf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168222; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspbo.top"; dns.query; content:"uspbo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspbo\.top$/i"; classtype:trojan-activity; sid:37168231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspbo.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspbo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspbo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168232; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspbm.top"; dns.query; content:"uspbm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspbm\.top$/i"; classtype:trojan-activity; sid:37168241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspbm.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspbm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspbm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168242; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspbk.top"; dns.query; content:"uspbk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspbk\.top$/i"; classtype:trojan-activity; sid:37168251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspbk.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspbk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspbk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168252; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspbi.top"; dns.query; content:"uspbi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspbi\.top$/i"; classtype:trojan-activity; sid:37168261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspbi.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspbi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspbi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168262; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspbd.top"; dns.query; content:"uspbd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspbd\.top$/i"; classtype:trojan-activity; sid:37168271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspbd.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspbd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspbd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168272; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Domain uspba.top"; dns.query; content:"uspba.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])uspba\.top$/i"; classtype:trojan-activity; sid:37168281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Domain uspba.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uspba.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uspba\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168282; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspop.top"; dns.query; content:"uspz.uspop.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspop\.top$/i"; classtype:trojan-activity; sid:37168291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspop.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspop.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspop\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168292; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspoo.top"; dns.query; content:"uspz.uspoo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoo\.top$/i"; classtype:trojan-activity; sid:37168301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspoo.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspoo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168302; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspoj.top"; dns.query; content:"uspz.uspoj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoj\.top$/i"; classtype:trojan-activity; sid:37168311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspoj.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspoj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168312; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspoh.top"; dns.query; content:"uspz.uspoh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoh\.top$/i"; classtype:trojan-activity; sid:37168321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspoh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspoh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168322; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspof.top"; dns.query; content:"uspz.uspof.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspof\.top$/i"; classtype:trojan-activity; sid:37168331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspof.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspof.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspof\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168332; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspno.top"; dns.query; content:"uspz.uspno.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspno\.top$/i"; classtype:trojan-activity; sid:37168341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspno.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspno.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspno\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168342; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspnl.top"; dns.query; content:"uspz.uspnl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnl\.top$/i"; classtype:trojan-activity; sid:37168351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspnl.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspnl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168352; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspnk.top"; dns.query; content:"uspz.uspnk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnk\.top$/i"; classtype:trojan-activity; sid:37168361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspnk.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspnk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168362; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspnh.top"; dns.query; content:"uspz.uspnh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnh\.top$/i"; classtype:trojan-activity; sid:37168371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspnh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspnh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168372; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspnb.top"; dns.query; content:"uspz.uspnb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnb\.top$/i"; classtype:trojan-activity; sid:37168381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspnb.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspnb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168382; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspjn.top"; dns.query; content:"uspz.uspjn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjn\.top$/i"; classtype:trojan-activity; sid:37168391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspjn.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168392; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspjl.top"; dns.query; content:"uspz.uspjl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjl\.top$/i"; classtype:trojan-activity; sid:37168401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspjl.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168402; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspjj.top"; dns.query; content:"uspz.uspjj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjj\.top$/i"; classtype:trojan-activity; sid:37168411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspjj.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168412; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspii.top"; dns.query; content:"uspz.uspii.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspii\.top$/i"; classtype:trojan-activity; sid:37168421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspii.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspii.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspii\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168422; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspic.top"; dns.query; content:"uspz.uspic.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspic\.top$/i"; classtype:trojan-activity; sid:37168431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspic.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspic.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspic\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168432; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspib.top"; dns.query; content:"uspz.uspib.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspib\.top$/i"; classtype:trojan-activity; sid:37168441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspib.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspib.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspib\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspfx.top"; dns.query; content:"uspz.uspfx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfx\.top$/i"; classtype:trojan-activity; sid:37168451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspfx.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168452; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspfv.top"; dns.query; content:"uspz.uspfv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfv\.top$/i"; classtype:trojan-activity; sid:37168461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspfv.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168462; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspft.top"; dns.query; content:"uspz.uspft.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspft\.top$/i"; classtype:trojan-activity; sid:37168471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspft.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspft.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspft\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspfr.top"; dns.query; content:"uspz.uspfr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfr\.top$/i"; classtype:trojan-activity; sid:37168481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspfr.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168482; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspfq.top"; dns.query; content:"uspz.uspfq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfq\.top$/i"; classtype:trojan-activity; sid:37168491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspfq.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168492; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspfp.top"; dns.query; content:"uspz.uspfp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfp\.top$/i"; classtype:trojan-activity; sid:37168501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspfp.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168502; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspjs.top"; dns.query; content:"uspz.uspjs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjs\.top$/i"; classtype:trojan-activity; sid:37168511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspjs.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspjv.top"; dns.query; content:"uspz.uspjv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjv\.top$/i"; classtype:trojan-activity; sid:37168521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspjv.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168522; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspjx.top"; dns.query; content:"uspz.uspjx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjx\.top$/i"; classtype:trojan-activity; sid:37168531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspjx.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168532; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.usplf.top"; dns.query; content:"uspz.usplf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplf\.top$/i"; classtype:trojan-activity; sid:37168541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.usplf.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usplf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168542; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.usplh.top"; dns.query; content:"uspz.usplh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplh\.top$/i"; classtype:trojan-activity; sid:37168551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.usplh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usplh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168552; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.usplq.top"; dns.query; content:"uspz.usplq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplq\.top$/i"; classtype:trojan-activity; sid:37168561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.usplq.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usplq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168562; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspmw.top"; dns.query; content:"uspz.uspmw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmw\.top$/i"; classtype:trojan-activity; sid:37168571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspmw.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168572; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspmy.top"; dns.query; content:"uspz.uspmy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmy\.top$/i"; classtype:trojan-activity; sid:37168581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspmy.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168582; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspmv.top"; dns.query; content:"uspz.uspmv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmv\.top$/i"; classtype:trojan-activity; sid:37168591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspmv.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168592; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspmu.top"; dns.query; content:"uspz.uspmu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmu\.top$/i"; classtype:trojan-activity; sid:37168601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspmu.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168602; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspml.top"; dns.query; content:"uspz.uspml.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspml\.top$/i"; classtype:trojan-activity; sid:37168611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspml.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspml.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspml\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168612; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspmj.top"; dns.query; content:"uspz.uspmj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmj\.top$/i"; classtype:trojan-activity; sid:37168621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspmj.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168622; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspmi.top"; dns.query; content:"uspz.uspmi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmi\.top$/i"; classtype:trojan-activity; sid:37168631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspmi.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168632; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspmh.top"; dns.query; content:"uspz.uspmh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmh\.top$/i"; classtype:trojan-activity; sid:37168641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspmh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168642; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspmg.top"; dns.query; content:"uspz.uspmg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmg\.top$/i"; classtype:trojan-activity; sid:37168651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspmg.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspmd.top"; dns.query; content:"uspz.uspmd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmd\.top$/i"; classtype:trojan-activity; sid:37168661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspmd.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspmc.top"; dns.query; content:"uspz.uspmc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmc\.top$/i"; classtype:trojan-activity; sid:37168671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspmc.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168672; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspmb.top"; dns.query; content:"uspz.uspmb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmb\.top$/i"; classtype:trojan-activity; sid:37168681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspmb.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168682; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspma.top"; dns.query; content:"uspz.uspma.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspma\.top$/i"; classtype:trojan-activity; sid:37168691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspma.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspma.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspma\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168692; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.usply.top"; dns.query; content:"uspz.usply.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usply\.top$/i"; classtype:trojan-activity; sid:37168701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.usply.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usply.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usply\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspfo.top"; dns.query; content:"uspz.uspfo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfo\.top$/i"; classtype:trojan-activity; sid:37168711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspfo.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspff.top"; dns.query; content:"uspz.uspff.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspff\.top$/i"; classtype:trojan-activity; sid:37168721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspff.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspff.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspff\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168722; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspes.top"; dns.query; content:"uspz.uspes.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspes\.top$/i"; classtype:trojan-activity; sid:37168731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspes.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspes.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspes\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168732; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspeh.top"; dns.query; content:"uspz.uspeh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspeh\.top$/i"; classtype:trojan-activity; sid:37168741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspeh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspeh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspeh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspeg.top"; dns.query; content:"uspz.uspeg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspeg\.top$/i"; classtype:trojan-activity; sid:37168751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspeg.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspeg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspeg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspdz.top"; dns.query; content:"uspz.uspdz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdz\.top$/i"; classtype:trojan-activity; sid:37168761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspdz.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspdy.top"; dns.query; content:"uspz.uspdy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdy\.top$/i"; classtype:trojan-activity; sid:37168771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspdy.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspdw.top"; dns.query; content:"uspz.uspdw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdw\.top$/i"; classtype:trojan-activity; sid:37168781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspdw.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168782; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspdu.top"; dns.query; content:"uspz.uspdu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdu\.top$/i"; classtype:trojan-activity; sid:37168791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspdu.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspdt.top"; dns.query; content:"uspz.uspdt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdt\.top$/i"; classtype:trojan-activity; sid:37168801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspdt.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168802; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspds.top"; dns.query; content:"uspz.uspds.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspds\.top$/i"; classtype:trojan-activity; sid:37168811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspds.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspds.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspds\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168812; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspdn.top"; dns.query; content:"uspz.uspdn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdn\.top$/i"; classtype:trojan-activity; sid:37168821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspdn.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168822; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspdm.top"; dns.query; content:"uspz.uspdm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdm\.top$/i"; classtype:trojan-activity; sid:37168831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspdm.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168832; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspdi.top"; dns.query; content:"uspz.uspdi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdi\.top$/i"; classtype:trojan-activity; sid:37168841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspdi.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168842; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspdh.top"; dns.query; content:"uspz.uspdh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdh\.top$/i"; classtype:trojan-activity; sid:37168851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspdh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168852; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspdg.top"; dns.query; content:"uspz.uspdg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdg\.top$/i"; classtype:trojan-activity; sid:37168861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspdg.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168862; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspdb.top"; dns.query; content:"uspz.uspdb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdb\.top$/i"; classtype:trojan-activity; sid:37168871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspdb.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168872; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspda.top"; dns.query; content:"uspz.uspda.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspda\.top$/i"; classtype:trojan-activity; sid:37168881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspda.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspda.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspda\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspcw.top"; dns.query; content:"uspz.uspcw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcw\.top$/i"; classtype:trojan-activity; sid:37168891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspcw.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168892; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspcv.top"; dns.query; content:"uspz.uspcv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcv\.top$/i"; classtype:trojan-activity; sid:37168901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspcv.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168902; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspcr.top"; dns.query; content:"uspz.uspcr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcr\.top$/i"; classtype:trojan-activity; sid:37168911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspcr.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168912; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspcj.top"; dns.query; content:"uspz.uspcj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcj\.top$/i"; classtype:trojan-activity; sid:37168921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspcj.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168922; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspch.top"; dns.query; content:"uspz.uspch.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspch\.top$/i"; classtype:trojan-activity; sid:37168931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspch.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspch.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspch\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168932; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspcf.top"; dns.query; content:"uspz.uspcf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcf\.top$/i"; classtype:trojan-activity; sid:37168941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspcf.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168942; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspbo.top"; dns.query; content:"uspz.uspbo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbo\.top$/i"; classtype:trojan-activity; sid:37168951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspbo.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspbo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168952; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspbm.top"; dns.query; content:"uspz.uspbm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbm\.top$/i"; classtype:trojan-activity; sid:37168961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspbm.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspbm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168962; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspbk.top"; dns.query; content:"uspz.uspbk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbk\.top$/i"; classtype:trojan-activity; sid:37168971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspbk.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspbk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168972; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspbi.top"; dns.query; content:"uspz.uspbi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbi\.top$/i"; classtype:trojan-activity; sid:37168981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspbi.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspbi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspbd.top"; dns.query; content:"uspz.uspbd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbd\.top$/i"; classtype:trojan-activity; sid:37168991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspbd.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspbd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37168992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26151 [] Hostname uspz.uspba.top"; dns.query; content:"uspz.uspba.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspba\.top$/i"; classtype:trojan-activity; sid:37169001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26151 [] Outgoing HTTP Hostname uspz.uspba.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspba.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspba\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37169002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspop.top"; flow:to_server,established; http.header; content:"uspz.uspop.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspoo.top"; flow:to_server,established; http.header; content:"uspz.uspoo.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspoj.top"; flow:to_server,established; http.header; content:"uspz.uspoj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspoh.top"; flow:to_server,established; http.header; content:"uspz.uspoh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspof.top"; flow:to_server,established; http.header; content:"uspz.uspof.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspno.top"; flow:to_server,established; http.header; content:"uspz.uspno.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspnl.top"; flow:to_server,established; http.header; content:"uspz.uspnl.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspnk.top"; flow:to_server,established; http.header; content:"uspz.uspnk.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspnh.top"; flow:to_server,established; http.header; content:"uspz.uspnh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspnb.top"; flow:to_server,established; http.header; content:"uspz.uspnb.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspjn.top"; flow:to_server,established; http.header; content:"uspz.uspjn.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspjl.top"; flow:to_server,established; http.header; content:"uspz.uspjl.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspjj.top"; flow:to_server,established; http.header; content:"uspz.uspjj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspii.top"; flow:to_server,established; http.header; content:"uspz.uspii.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspic.top"; flow:to_server,established; http.header; content:"uspz.uspic.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspib.top"; flow:to_server,established; http.header; content:"uspz.uspib.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspfx.top"; flow:to_server,established; http.header; content:"uspz.uspfx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspfv.top"; flow:to_server,established; http.header; content:"uspz.uspfv.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspft.top"; flow:to_server,established; http.header; content:"uspz.uspft.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspfr.top"; flow:to_server,established; http.header; content:"uspz.uspfr.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspfq.top"; flow:to_server,established; http.header; content:"uspz.uspfq.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspfp.top"; flow:to_server,established; http.header; content:"uspz.uspfp.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspjs.top"; flow:to_server,established; http.header; content:"uspz.uspjs.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspjv.top"; flow:to_server,established; http.header; content:"uspz.uspjv.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspjx.top"; flow:to_server,established; http.header; content:"uspz.uspjx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.usplf.top"; flow:to_server,established; http.header; content:"uspz.usplf.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.usplh.top"; flow:to_server,established; http.header; content:"uspz.usplh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.usplq.top"; flow:to_server,established; http.header; content:"uspz.usplq.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspmw.top"; flow:to_server,established; http.header; content:"uspz.uspmw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspmy.top"; flow:to_server,established; http.header; content:"uspz.uspmy.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspmv.top"; flow:to_server,established; http.header; content:"uspz.uspmv.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspmu.top"; flow:to_server,established; http.header; content:"uspz.uspmu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspml.top"; flow:to_server,established; http.header; content:"uspz.uspml.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspmj.top"; flow:to_server,established; http.header; content:"uspz.uspmj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspmi.top"; flow:to_server,established; http.header; content:"uspz.uspmi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspmh.top"; flow:to_server,established; http.header; content:"uspz.uspmh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspmg.top"; flow:to_server,established; http.header; content:"uspz.uspmg.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspmd.top"; flow:to_server,established; http.header; content:"uspz.uspmd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspmc.top"; flow:to_server,established; http.header; content:"uspz.uspmc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspmb.top"; flow:to_server,established; http.header; content:"uspz.uspmb.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspma.top"; flow:to_server,established; http.header; content:"uspz.uspma.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.usply.top"; flow:to_server,established; http.header; content:"uspz.usply.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspfo.top"; flow:to_server,established; http.header; content:"uspz.uspfo.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspff.top"; flow:to_server,established; http.header; content:"uspz.uspff.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspes.top"; flow:to_server,established; http.header; content:"uspz.uspes.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspeh.top"; flow:to_server,established; http.header; content:"uspz.uspeh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspeg.top"; flow:to_server,established; http.header; content:"uspz.uspeg.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspdz.top"; flow:to_server,established; http.header; content:"uspz.uspdz.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspdy.top"; flow:to_server,established; http.header; content:"uspz.uspdy.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspdw.top"; flow:to_server,established; http.header; content:"uspz.uspdw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspdu.top"; flow:to_server,established; http.header; content:"uspz.uspdu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspdt.top"; flow:to_server,established; http.header; content:"uspz.uspdt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspds.top"; flow:to_server,established; http.header; content:"uspz.uspds.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspdn.top"; flow:to_server,established; http.header; content:"uspz.uspdn.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspdm.top"; flow:to_server,established; http.header; content:"uspz.uspdm.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspdi.top"; flow:to_server,established; http.header; content:"uspz.uspdi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspdh.top"; flow:to_server,established; http.header; content:"uspz.uspdh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspdg.top"; flow:to_server,established; http.header; content:"uspz.uspdg.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspdb.top"; flow:to_server,established; http.header; content:"uspz.uspdb.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspda.top"; flow:to_server,established; http.header; content:"uspz.uspda.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspcw.top"; flow:to_server,established; http.header; content:"uspz.uspcw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspcv.top"; flow:to_server,established; http.header; content:"uspz.uspcv.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspcr.top"; flow:to_server,established; http.header; content:"uspz.uspcr.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspcj.top"; flow:to_server,established; http.header; content:"uspz.uspcj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspch.top"; flow:to_server,established; http.header; content:"uspz.uspch.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspcf.top"; flow:to_server,established; http.header; content:"uspz.uspcf.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspbo.top"; flow:to_server,established; http.header; content:"uspz.uspbo.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspbm.top"; flow:to_server,established; http.header; content:"uspz.uspbm.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspbk.top"; flow:to_server,established; http.header; content:"uspz.uspbk.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspbi.top"; flow:to_server,established; http.header; content:"uspz.uspbi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspbd.top"; flow:to_server,established; http.header; content:"uspz.uspbd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26151 [] Outgoing URL http|3a|//uspz.uspba.top"; flow:to_server,established; http.header; content:"uspz.uspba.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37169721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26151;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname tok2np0cklt.top"; dns.query; content:"tok2np0cklt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2np0cklt\.top$/i"; classtype:trojan-activity; sid:37161641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname tok2np0cklt.top"; flow:to_server,established; http.header; content: "Host|3a| tok2np0cklt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2np0cklt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//tok2np0cklt.top"; flow:to_server,established; http.header; content:"tok2np0cklt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bxgzyb.com"; dns.query; content:"bxgzyb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bxgzyb\.com$/i"; classtype:trojan-activity; sid:37161671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bxgzyb.com"; flow:to_server,established; http.header; content: "Host|3a| bxgzyb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bxgzyb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname culvq130.sa.com"; dns.query; content:"culvq130.sa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])culvq130\.sa\.com$/i"; classtype:trojan-activity; sid:37161701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname culvq130.sa.com"; flow:to_server,established; http.header; content: "Host|3a| culvq130.sa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])culvq130\.sa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname teleptrrm.club"; dns.query; content:"teleptrrm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrrm\.club$/i"; classtype:trojan-activity; sid:37161731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname teleptrrm.club"; flow:to_server,established; http.header; content: "Host|3a| teleptrrm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrrm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//teleptrrm.club/web"; flow:to_server,established; http.header; content:"teleptrrm.club"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname jobs.apps-gov-bn.xyz"; dns.query; content:"jobs.apps-gov-bn.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jobs\.apps\-gov\-bn\.xyz$/i"; classtype:trojan-activity; sid:37161761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname jobs.apps-gov-bn.xyz"; flow:to_server,established; http.header; content: "Host|3a| jobs.apps-gov-bn.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jobs\.apps\-gov\-bn\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname bxgzyb.com"; dns.query; content:"bxgzyb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bxgzyb\.com$/i"; classtype:trojan-activity; sid:37161791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname bxgzyb.com"; flow:to_server,established; http.header; content: "Host|3a| bxgzyb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bxgzyb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspop.top"; dns.query; content:"uspz.uspop.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspop\.top$/i"; classtype:trojan-activity; sid:37161821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspop.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspop.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspop\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspop.top"; flow:to_server,established; http.header; content:"uspz.uspop.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspoo.top"; dns.query; content:"uspz.uspoo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoo\.top$/i"; classtype:trojan-activity; sid:37161851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspoo.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspoo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspoo.top"; flow:to_server,established; http.header; content:"uspz.uspoo.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspoj.top"; dns.query; content:"uspz.uspoj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoj\.top$/i"; classtype:trojan-activity; sid:37161881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspoj.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspoj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspoj.top"; flow:to_server,established; http.header; content:"uspz.uspoj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspoh.top"; dns.query; content:"uspz.uspoh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoh\.top$/i"; classtype:trojan-activity; sid:37161911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspoh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspoh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspoh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspoh.top"; flow:to_server,established; http.header; content:"uspz.uspoh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspof.top"; dns.query; content:"uspz.uspof.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspof\.top$/i"; classtype:trojan-activity; sid:37161941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspof.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspof.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspof\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspof.top"; flow:to_server,established; http.header; content:"uspz.uspof.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspno.top"; dns.query; content:"uspz.uspno.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspno\.top$/i"; classtype:trojan-activity; sid:37161971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspno.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspno.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspno\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37161972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspno.top"; flow:to_server,established; http.header; content:"uspz.uspno.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37161981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspnl.top"; dns.query; content:"uspz.uspnl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnl\.top$/i"; classtype:trojan-activity; sid:37162001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspnl.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspnl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspnl.top"; flow:to_server,established; http.header; content:"uspz.uspnl.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspnk.top"; dns.query; content:"uspz.uspnk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnk\.top$/i"; classtype:trojan-activity; sid:37162031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspnk.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspnk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspnk.top"; flow:to_server,established; http.header; content:"uspz.uspnk.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspnh.top"; dns.query; content:"uspz.uspnh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnh\.top$/i"; classtype:trojan-activity; sid:37162061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspnh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspnh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspnh.top"; flow:to_server,established; http.header; content:"uspz.uspnh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspnb.top"; dns.query; content:"uspz.uspnb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnb\.top$/i"; classtype:trojan-activity; sid:37162091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspnb.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspnb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspnb.top"; flow:to_server,established; http.header; content:"uspz.uspnb.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspjn.top"; dns.query; content:"uspz.uspjn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjn\.top$/i"; classtype:trojan-activity; sid:37162121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspjn.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspjn.top"; flow:to_server,established; http.header; content:"uspz.uspjn.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspjl.top"; dns.query; content:"uspz.uspjl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjl\.top$/i"; classtype:trojan-activity; sid:37162151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspjl.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspjl.top"; flow:to_server,established; http.header; content:"uspz.uspjl.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspjj.top"; dns.query; content:"uspz.uspjj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjj\.top$/i"; classtype:trojan-activity; sid:37162181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspjj.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspjj.top"; flow:to_server,established; http.header; content:"uspz.uspjj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspii.top"; dns.query; content:"uspz.uspii.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspii\.top$/i"; classtype:trojan-activity; sid:37162211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspii.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspii.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspii\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspii.top"; flow:to_server,established; http.header; content:"uspz.uspii.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspic.top"; dns.query; content:"uspz.uspic.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspic\.top$/i"; classtype:trojan-activity; sid:37162241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspic.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspic.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspic\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspic.top"; flow:to_server,established; http.header; content:"uspz.uspic.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspib.top"; dns.query; content:"uspz.uspib.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspib\.top$/i"; classtype:trojan-activity; sid:37162271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspib.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspib.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspib\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspib.top"; flow:to_server,established; http.header; content:"uspz.uspib.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspfx.top"; dns.query; content:"uspz.uspfx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfx\.top$/i"; classtype:trojan-activity; sid:37162301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspfx.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspfx.top"; flow:to_server,established; http.header; content:"uspz.uspfx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspfv.top"; dns.query; content:"uspz.uspfv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfv\.top$/i"; classtype:trojan-activity; sid:37162331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspfv.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspfv.top"; flow:to_server,established; http.header; content:"uspz.uspfv.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspft.top"; dns.query; content:"uspz.uspft.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspft\.top$/i"; classtype:trojan-activity; sid:37162361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspft.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspft.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspft\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspft.top"; flow:to_server,established; http.header; content:"uspz.uspft.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspfr.top"; dns.query; content:"uspz.uspfr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfr\.top$/i"; classtype:trojan-activity; sid:37162391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspfr.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspfr.top"; flow:to_server,established; http.header; content:"uspz.uspfr.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspfq.top"; dns.query; content:"uspz.uspfq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfq\.top$/i"; classtype:trojan-activity; sid:37162421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspfq.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspfq.top"; flow:to_server,established; http.header; content:"uspz.uspfq.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspfp.top"; dns.query; content:"uspz.uspfp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfp\.top$/i"; classtype:trojan-activity; sid:37162451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspfp.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspfp.top"; flow:to_server,established; http.header; content:"uspz.uspfp.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspjs.top"; dns.query; content:"uspz.uspjs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjs\.top$/i"; classtype:trojan-activity; sid:37162481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspjs.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspjs.top"; flow:to_server,established; http.header; content:"uspz.uspjs.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspjv.top"; dns.query; content:"uspz.uspjv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjv\.top$/i"; classtype:trojan-activity; sid:37162511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspjv.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspjv.top"; flow:to_server,established; http.header; content:"uspz.uspjv.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspjx.top"; dns.query; content:"uspz.uspjx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjx\.top$/i"; classtype:trojan-activity; sid:37162541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspjx.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspjx.top"; flow:to_server,established; http.header; content:"uspz.uspjx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.usplf.top"; dns.query; content:"uspz.usplf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplf\.top$/i"; classtype:trojan-activity; sid:37162571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.usplf.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usplf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.usplf.top"; flow:to_server,established; http.header; content:"uspz.usplf.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.usplh.top"; dns.query; content:"uspz.usplh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplh\.top$/i"; classtype:trojan-activity; sid:37162601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.usplh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usplh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.usplh.top"; flow:to_server,established; http.header; content:"uspz.usplh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.usplq.top"; dns.query; content:"uspz.usplq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplq\.top$/i"; classtype:trojan-activity; sid:37162631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.usplq.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usplq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.usplq.top"; flow:to_server,established; http.header; content:"uspz.usplq.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspmw.top"; dns.query; content:"uspz.uspmw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmw\.top$/i"; classtype:trojan-activity; sid:37162661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspmw.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspmw.top"; flow:to_server,established; http.header; content:"uspz.uspmw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspmy.top"; dns.query; content:"uspz.uspmy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmy\.top$/i"; classtype:trojan-activity; sid:37162691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspmy.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspmy.top"; flow:to_server,established; http.header; content:"uspz.uspmy.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspmv.top"; dns.query; content:"uspz.uspmv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmv\.top$/i"; classtype:trojan-activity; sid:37162721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspmv.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspmv.top"; flow:to_server,established; http.header; content:"uspz.uspmv.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspmu.top"; dns.query; content:"uspz.uspmu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmu\.top$/i"; classtype:trojan-activity; sid:37162751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspmu.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspmu.top"; flow:to_server,established; http.header; content:"uspz.uspmu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspml.top"; dns.query; content:"uspz.uspml.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspml\.top$/i"; classtype:trojan-activity; sid:37162781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspml.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspml.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspml\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspml.top"; flow:to_server,established; http.header; content:"uspz.uspml.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspmj.top"; dns.query; content:"uspz.uspmj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmj\.top$/i"; classtype:trojan-activity; sid:37162811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspmj.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspmj.top"; flow:to_server,established; http.header; content:"uspz.uspmj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspmi.top"; dns.query; content:"uspz.uspmi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmi\.top$/i"; classtype:trojan-activity; sid:37162841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspmi.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspmi.top"; flow:to_server,established; http.header; content:"uspz.uspmi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspmh.top"; dns.query; content:"uspz.uspmh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmh\.top$/i"; classtype:trojan-activity; sid:37162871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspmh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspmh.top"; flow:to_server,established; http.header; content:"uspz.uspmh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspmg.top"; dns.query; content:"uspz.uspmg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmg\.top$/i"; classtype:trojan-activity; sid:37162901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspmg.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspmg.top"; flow:to_server,established; http.header; content:"uspz.uspmg.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspmd.top"; dns.query; content:"uspz.uspmd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmd\.top$/i"; classtype:trojan-activity; sid:37162931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspmd.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspmd.top"; flow:to_server,established; http.header; content:"uspz.uspmd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspmc.top"; dns.query; content:"uspz.uspmc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmc\.top$/i"; classtype:trojan-activity; sid:37162961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspmc.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspmc.top"; flow:to_server,established; http.header; content:"uspz.uspmc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37162971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspmb.top"; dns.query; content:"uspz.uspmb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmb\.top$/i"; classtype:trojan-activity; sid:37162991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspmb.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspmb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspmb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37162992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspmb.top"; flow:to_server,established; http.header; content:"uspz.uspmb.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspma.top"; dns.query; content:"uspz.uspma.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspma\.top$/i"; classtype:trojan-activity; sid:37163021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspma.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspma.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspma\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspma.top"; flow:to_server,established; http.header; content:"uspz.uspma.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.usply.top"; dns.query; content:"uspz.usply.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usply\.top$/i"; classtype:trojan-activity; sid:37163051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.usply.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usply.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usply\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.usply.top"; flow:to_server,established; http.header; content:"uspz.usply.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspfo.top"; dns.query; content:"uspz.uspfo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfo\.top$/i"; classtype:trojan-activity; sid:37163081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspfo.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspfo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspfo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspfo.top"; flow:to_server,established; http.header; content:"uspz.uspfo.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspff.top"; dns.query; content:"uspz.uspff.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspff\.top$/i"; classtype:trojan-activity; sid:37163111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspff.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspff.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspff\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspff.top"; flow:to_server,established; http.header; content:"uspz.uspff.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspes.top"; dns.query; content:"uspz.uspes.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspes\.top$/i"; classtype:trojan-activity; sid:37163141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspes.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspes.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspes\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspes.top"; flow:to_server,established; http.header; content:"uspz.uspes.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspeh.top"; dns.query; content:"uspz.uspeh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspeh\.top$/i"; classtype:trojan-activity; sid:37163171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspeh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspeh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspeh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspeh.top"; flow:to_server,established; http.header; content:"uspz.uspeh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspeg.top"; dns.query; content:"uspz.uspeg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspeg\.top$/i"; classtype:trojan-activity; sid:37163201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspeg.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspeg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspeg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspeg.top"; flow:to_server,established; http.header; content:"uspz.uspeg.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspdz.top"; dns.query; content:"uspz.uspdz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdz\.top$/i"; classtype:trojan-activity; sid:37163231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspdz.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspdz.top"; flow:to_server,established; http.header; content:"uspz.uspdz.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspdy.top"; dns.query; content:"uspz.uspdy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdy\.top$/i"; classtype:trojan-activity; sid:37163261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspdy.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspdy.top"; flow:to_server,established; http.header; content:"uspz.uspdy.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspdw.top"; dns.query; content:"uspz.uspdw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdw\.top$/i"; classtype:trojan-activity; sid:37163291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspdw.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspdw.top"; flow:to_server,established; http.header; content:"uspz.uspdw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspdu.top"; dns.query; content:"uspz.uspdu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdu\.top$/i"; classtype:trojan-activity; sid:37163321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspdu.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspdu.top"; flow:to_server,established; http.header; content:"uspz.uspdu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspdt.top"; dns.query; content:"uspz.uspdt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdt\.top$/i"; classtype:trojan-activity; sid:37163351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspdt.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspdt.top"; flow:to_server,established; http.header; content:"uspz.uspdt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspds.top"; dns.query; content:"uspz.uspds.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspds\.top$/i"; classtype:trojan-activity; sid:37163381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspds.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspds.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspds\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspds.top"; flow:to_server,established; http.header; content:"uspz.uspds.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspdn.top"; dns.query; content:"uspz.uspdn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdn\.top$/i"; classtype:trojan-activity; sid:37163411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspdn.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspdn.top"; flow:to_server,established; http.header; content:"uspz.uspdn.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspdm.top"; dns.query; content:"uspz.uspdm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdm\.top$/i"; classtype:trojan-activity; sid:37163441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspdm.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspdm.top"; flow:to_server,established; http.header; content:"uspz.uspdm.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspdi.top"; dns.query; content:"uspz.uspdi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdi\.top$/i"; classtype:trojan-activity; sid:37163471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspdi.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspdi.top"; flow:to_server,established; http.header; content:"uspz.uspdi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspdh.top"; dns.query; content:"uspz.uspdh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdh\.top$/i"; classtype:trojan-activity; sid:37163501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspdh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspdh.top"; flow:to_server,established; http.header; content:"uspz.uspdh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspdg.top"; dns.query; content:"uspz.uspdg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdg\.top$/i"; classtype:trojan-activity; sid:37163531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspdg.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspdg.top"; flow:to_server,established; http.header; content:"uspz.uspdg.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspdb.top"; dns.query; content:"uspz.uspdb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdb\.top$/i"; classtype:trojan-activity; sid:37163561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspdb.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspdb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspdb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspdb.top"; flow:to_server,established; http.header; content:"uspz.uspdb.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspda.top"; dns.query; content:"uspz.uspda.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspda\.top$/i"; classtype:trojan-activity; sid:37163591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspda.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspda.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspda\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspda.top"; flow:to_server,established; http.header; content:"uspz.uspda.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspcw.top"; dns.query; content:"uspz.uspcw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcw\.top$/i"; classtype:trojan-activity; sid:37163621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspcw.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspcw.top"; flow:to_server,established; http.header; content:"uspz.uspcw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspcv.top"; dns.query; content:"uspz.uspcv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcv\.top$/i"; classtype:trojan-activity; sid:37163651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspcv.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspcv.top"; flow:to_server,established; http.header; content:"uspz.uspcv.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspcr.top"; dns.query; content:"uspz.uspcr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcr\.top$/i"; classtype:trojan-activity; sid:37163681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspcr.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspcr.top"; flow:to_server,established; http.header; content:"uspz.uspcr.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspcj.top"; dns.query; content:"uspz.uspcj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcj\.top$/i"; classtype:trojan-activity; sid:37163711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspcj.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspcj.top"; flow:to_server,established; http.header; content:"uspz.uspcj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspch.top"; dns.query; content:"uspz.uspch.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspch\.top$/i"; classtype:trojan-activity; sid:37163741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspch.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspch.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspch\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspch.top"; flow:to_server,established; http.header; content:"uspz.uspch.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspcf.top"; dns.query; content:"uspz.uspcf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcf\.top$/i"; classtype:trojan-activity; sid:37163771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspcf.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspcf.top"; flow:to_server,established; http.header; content:"uspz.uspcf.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspbo.top"; dns.query; content:"uspz.uspbo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbo\.top$/i"; classtype:trojan-activity; sid:37163801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspbo.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspbo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspbo.top"; flow:to_server,established; http.header; content:"uspz.uspbo.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspbm.top"; dns.query; content:"uspz.uspbm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbm\.top$/i"; classtype:trojan-activity; sid:37163831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspbm.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspbm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspbm.top"; flow:to_server,established; http.header; content:"uspz.uspbm.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspbk.top"; dns.query; content:"uspz.uspbk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbk\.top$/i"; classtype:trojan-activity; sid:37163861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspbk.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspbk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspbk.top"; flow:to_server,established; http.header; content:"uspz.uspbk.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspbi.top"; dns.query; content:"uspz.uspbi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbi\.top$/i"; classtype:trojan-activity; sid:37163891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspbi.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspbi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspbi.top"; flow:to_server,established; http.header; content:"uspz.uspbi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspbd.top"; dns.query; content:"uspz.uspbd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbd\.top$/i"; classtype:trojan-activity; sid:37163921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspbd.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspbd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspbd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspbd.top"; flow:to_server,established; http.header; content:"uspz.uspbd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.uspba.top"; dns.query; content:"uspz.uspba.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspba\.top$/i"; classtype:trojan-activity; sid:37163951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.uspba.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspba.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspba\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.uspba.top"; flow:to_server,established; http.header; content:"uspz.uspba.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37163961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usps.shipcheck-muserve.top"; dns.query; content:"usps.shipcheck-muserve.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.shipcheck\-muserve\.top$/i"; classtype:trojan-activity; sid:37163981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usps.shipcheck-muserve.top"; flow:to_server,established; http.header; content: "Host|3a| usps.shipcheck-muserve.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.shipcheck\-muserve\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37163982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname tenkn.pages.dev"; dns.query; content:"tenkn.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tenkn\.pages\.dev$/i"; classtype:trojan-activity; sid:37164011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname tenkn.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| tenkn.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tenkn\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//tenkn.pages.dev"; flow:to_server,established; http.header; content:"tenkn.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname arh.pages.dev"; dns.query; content:"arh.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arh\.pages\.dev$/i"; classtype:trojan-activity; sid:37164041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname arh.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| arh.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arh\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//arh.pages.dev"; flow:to_server,established; http.header; content:"arh.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname konto-informationen-netflix.com"; dns.query; content:"konto-informationen-netflix.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])konto\-informationen\-netflix\.com$/i"; classtype:trojan-activity; sid:37164071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname konto-informationen-netflix.com"; flow:to_server,established; http.header; content: "Host|3a| konto-informationen-netflix.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])konto\-informationen\-netflix\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname sbmemimemore.blogspot.com"; dns.query; content:"sbmemimemore.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbmemimemore\.blogspot\.com$/i"; classtype:trojan-activity; sid:37164101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname sbmemimemore.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| sbmemimemore.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbmemimemore\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname yeniy48.top"; dns.query; content:"yeniy48.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy48\.top$/i"; classtype:trojan-activity; sid:37164131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname yeniy48.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy48.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy48\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//yeniy48.top"; flow:to_server,established; http.header; content:"yeniy48.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname yeniy46.top"; dns.query; content:"yeniy46.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy46\.top$/i"; classtype:trojan-activity; sid:37164161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname yeniy46.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy46.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy46\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//yeniy46.top"; flow:to_server,established; http.header; content:"yeniy46.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname yeniy47.top"; dns.query; content:"yeniy47.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy47\.top$/i"; classtype:trojan-activity; sid:37164191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname yeniy47.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy47.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy47\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//yeniy47.top"; flow:to_server,established; http.header; content:"yeniy47.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname imtoken-rz.top"; dns.query; content:"imtoken-rz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rz\.top$/i"; classtype:trojan-activity; sid:37164221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname imtoken-rz.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-rz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//imtoken-rz.top"; flow:to_server,established; http.header; content:"imtoken-rz.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname sharepoint-drbgroup.com"; dns.query; content:"sharepoint-drbgroup.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharepoint\-drbgroup\.com$/i"; classtype:trojan-activity; sid:37164251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname sharepoint-drbgroup.com"; flow:to_server,established; http.header; content: "Host|3a| sharepoint-drbgroup.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharepoint\-drbgroup\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//sharepoint-drbgroup.com"; flow:to_server,established; http.header; content:"sharepoint-drbgroup.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname sharepoint-nicoyase.com"; dns.query; content:"sharepoint-nicoyase.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharepoint\-nicoyase\.com$/i"; classtype:trojan-activity; sid:37164281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname sharepoint-nicoyase.com"; flow:to_server,established; http.header; content: "Host|3a| sharepoint-nicoyase.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharepoint\-nicoyase\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//sharepoint-nicoyase.com"; flow:to_server,established; http.header; content:"sharepoint-nicoyase.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname mobildeniz-online-kredi.buzz"; dns.query; content:"mobildeniz-online-kredi.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mobildeniz\-online\-kredi\.buzz$/i"; classtype:trojan-activity; sid:37164311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname mobildeniz-online-kredi.buzz"; flow:to_server,established; http.header; content: "Host|3a| mobildeniz-online-kredi.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mobildeniz\-online\-kredi\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//mobildeniz-online-kredi.buzz"; flow:to_server,established; http.header; content:"mobildeniz-online-kredi.buzz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname mobildeniz-online-kredim.buzz"; dns.query; content:"mobildeniz-online-kredim.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mobildeniz\-online\-kredim\.buzz$/i"; classtype:trojan-activity; sid:37164341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname mobildeniz-online-kredim.buzz"; flow:to_server,established; http.header; content: "Host|3a| mobildeniz-online-kredim.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mobildeniz\-online\-kredim\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//mobildeniz-online-kredim.buzz"; flow:to_server,established; http.header; content:"mobildeniz-online-kredim.buzz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname imtoken-re.top"; dns.query; content:"imtoken-re.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-re\.top$/i"; classtype:trojan-activity; sid:37164371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname imtoken-re.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-re.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-re\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//imtoken-re.top"; flow:to_server,established; http.header; content:"imtoken-re.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname appeal-7378x-case.info"; dns.query; content:"appeal-7378x-case.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appeal\-7378x\-case\.info$/i"; classtype:trojan-activity; sid:37164401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname appeal-7378x-case.info"; flow:to_server,established; http.header; content: "Host|3a| appeal-7378x-case.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appeal\-7378x\-case\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//appeal-7378x-case.info"; flow:to_server,established; http.header; content:"appeal-7378x-case.info"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname xtz.sfw.mybluehost.me"; dns.query; content:"xtz.sfw.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xtz\.sfw\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37164431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname xtz.sfw.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| xtz.sfw.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xtz\.sfw\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname dq.isralepostac.de"; dns.query; content:"dq.isralepostac.de"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dq\.isralepostac\.de$/i"; classtype:trojan-activity; sid:37164461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname dq.isralepostac.de"; flow:to_server,established; http.header; content: "Host|3a| dq.isralepostac.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dq\.isralepostac\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//dq.isralepostac.de/"; flow:to_server,established; http.header; content:"dq.isralepostac.de"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname tmf.fvr.mybluehost.me"; dns.query; content:"tmf.fvr.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tmf\.fvr\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37164491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname tmf.fvr.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| tmf.fvr.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tmf\.fvr\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname afrits.net"; dns.query; content:"afrits.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])afrits\.net$/i"; classtype:trojan-activity; sid:37164521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname afrits.net"; flow:to_server,established; http.header; content: "Host|3a| afrits.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])afrits\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname fdygpt.com"; dns.query; content:"fdygpt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fdygpt\.com$/i"; classtype:trojan-activity; sid:37164551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname fdygpt.com"; flow:to_server,established; http.header; content: "Host|3a| fdygpt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fdygpt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//fdygpt.com"; flow:to_server,established; http.header; content:"fdygpt.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname dymension-dymcoin.com"; dns.query; content:"dymension-dymcoin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dymension\-dymcoin\.com$/i"; classtype:trojan-activity; sid:37164581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname dymension-dymcoin.com"; flow:to_server,established; http.header; content: "Host|3a| dymension-dymcoin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dymension\-dymcoin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//dymension-dymcoin.com"; flow:to_server,established; http.header; content:"dymension-dymcoin.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname dymensionxyz-xpubdapps.pages.dev"; dns.query; content:"dymensionxyz-xpubdapps.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dymensionxyz\-xpubdapps\.pages\.dev$/i"; classtype:trojan-activity; sid:37164611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname dymensionxyz-xpubdapps.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dymensionxyz-xpubdapps.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dymensionxyz\-xpubdapps\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//dymensionxyz-xpubdapps.pages.dev"; flow:to_server,established; http.header; content:"dymensionxyz-xpubdapps.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname justdapp.pro"; dns.query; content:"justdapp.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])justdapp\.pro$/i"; classtype:trojan-activity; sid:37164641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname justdapp.pro"; flow:to_server,established; http.header; content: "Host|3a| justdapp.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])justdapp\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//justdapp.pro"; flow:to_server,established; http.header; content:"justdapp.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname appn-exodisy-oi.top"; dns.query; content:"appn-exodisy-oi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appn\-exodisy\-oi\.top$/i"; classtype:trojan-activity; sid:37164671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname appn-exodisy-oi.top"; flow:to_server,established; http.header; content: "Host|3a| appn-exodisy-oi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appn\-exodisy\-oi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//appn-exodisy-oi.top"; flow:to_server,established; http.header; content:"appn-exodisy-oi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname ehazine954.com"; dns.query; content:"ehazine954.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehazine954\.com$/i"; classtype:trojan-activity; sid:37164701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname ehazine954.com"; flow:to_server,established; http.header; content: "Host|3a| ehazine954.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ehazine954\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//ehazine954.com"; flow:to_server,established; http.header; content:"ehazine954.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname yeniy50.top"; dns.query; content:"yeniy50.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy50\.top$/i"; classtype:trojan-activity; sid:37164731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname yeniy50.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy50.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy50\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.09us2w110ps.top"; dns.query; content:"uspz.09us2w110ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.09us2w110ps\.top$/i"; classtype:trojan-activity; sid:37164761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.09us2w110ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.09us2w110ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.09us2w110ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.09us2w110ps.top"; flow:to_server,established; http.header; content:"uspz.09us2w110ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.08us2w109ps.top"; dns.query; content:"uspz.08us2w109ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.08us2w109ps\.top$/i"; classtype:trojan-activity; sid:37164791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.08us2w109ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.08us2w109ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.08us2w109ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.08us2w109ps.top"; flow:to_server,established; http.header; content:"uspz.08us2w109ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.07us2w108ps.top"; dns.query; content:"uspz.07us2w108ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.07us2w108ps\.top$/i"; classtype:trojan-activity; sid:37164821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.07us2w108ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.07us2w108ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.07us2w108ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.07us2w108ps.top"; flow:to_server,established; http.header; content:"uspz.07us2w108ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.06us2w107ps.top"; dns.query; content:"uspz.06us2w107ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.06us2w107ps\.top$/i"; classtype:trojan-activity; sid:37164851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.06us2w107ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.06us2w107ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.06us2w107ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.06us2w107ps.top"; flow:to_server,established; http.header; content:"uspz.06us2w107ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.05us2w106ps.top"; dns.query; content:"uspz.05us2w106ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.05us2w106ps\.top$/i"; classtype:trojan-activity; sid:37164881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.05us2w106ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.05us2w106ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.05us2w106ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.05us2w106ps.top"; flow:to_server,established; http.header; content:"uspz.05us2w106ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.04us2w105ps.top"; dns.query; content:"uspz.04us2w105ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.04us2w105ps\.top$/i"; classtype:trojan-activity; sid:37164911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.04us2w105ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.04us2w105ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.04us2w105ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.04us2w105ps.top"; flow:to_server,established; http.header; content:"uspz.04us2w105ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.03us2w113ps.top"; dns.query; content:"uspz.03us2w113ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.03us2w113ps\.top$/i"; classtype:trojan-activity; sid:37164941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.03us2w113ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.03us2w113ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.03us2w113ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.03us2w113ps.top"; flow:to_server,established; http.header; content:"uspz.03us2w113ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.03us2w104ps.top"; dns.query; content:"uspz.03us2w104ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.03us2w104ps\.top$/i"; classtype:trojan-activity; sid:37164971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.03us2w104ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.03us2w104ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.03us2w104ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37164972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.03us2w104ps.top"; flow:to_server,established; http.header; content:"uspz.03us2w104ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37164981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.02us2w112ps.top"; dns.query; content:"uspz.02us2w112ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.02us2w112ps\.top$/i"; classtype:trojan-activity; sid:37165001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.02us2w112ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.02us2w112ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.02us2w112ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.02us2w112ps.top"; flow:to_server,established; http.header; content:"uspz.02us2w112ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.02us2w103ps.top"; dns.query; content:"uspz.02us2w103ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.02us2w103ps\.top$/i"; classtype:trojan-activity; sid:37165031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.02us2w103ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.02us2w103ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.02us2w103ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.02us2w103ps.top"; flow:to_server,established; http.header; content:"uspz.02us2w103ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.01us2w111ps.top"; dns.query; content:"uspz.01us2w111ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.01us2w111ps\.top$/i"; classtype:trojan-activity; sid:37165061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.01us2w111ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.01us2w111ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.01us2w111ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.01us2w111ps.top"; flow:to_server,established; http.header; content:"uspz.01us2w111ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspz.01us2w102ps.top"; dns.query; content:"uspz.01us2w102ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.01us2w102ps\.top$/i"; classtype:trojan-activity; sid:37165091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspz.01us2w102ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.01us2w102ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.01us2w102ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspz.01us2w102ps.top"; flow:to_server,established; http.header; content:"uspz.01us2w102ps.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspvp.top"; dns.query; content:"usp.usspvp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvp\.top$/i"; classtype:trojan-activity; sid:37165121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspvp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspvp.top"; flow:to_server,established; http.header; content:"usp.usspvp.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspvo.top"; dns.query; content:"usp.usspvo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvo\.top$/i"; classtype:trojan-activity; sid:37165151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspvo.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspvo.top"; flow:to_server,established; http.header; content:"usp.usspvo.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspvn.top"; dns.query; content:"usp.usspvn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvn\.top$/i"; classtype:trojan-activity; sid:37165181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspvn.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspvn.top"; flow:to_server,established; http.header; content:"usp.usspvn.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspvl.top"; dns.query; content:"usp.usspvl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvl\.top$/i"; classtype:trojan-activity; sid:37165211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspvl.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspvl.top"; flow:to_server,established; http.header; content:"usp.usspvl.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspvj.top"; dns.query; content:"usp.usspvj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvj\.top$/i"; classtype:trojan-activity; sid:37165241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspvj.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspvj.top"; flow:to_server,established; http.header; content:"usp.usspvj.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname usp.usspvh.top"; dns.query; content:"usp.usspvh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvh\.top$/i"; classtype:trojan-activity; sid:37165271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname usp.usspvh.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//usp.usspvh.top"; flow:to_server,established; http.header; content:"usp.usspvh.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname grup-whatsapv1.23newlink.my.id"; dns.query; content:"grup-whatsapv1.23newlink.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup\-whatsapv1\.23newlink\.my\.id$/i"; classtype:trojan-activity; sid:37165301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname grup-whatsapv1.23newlink.my.id"; flow:to_server,established; http.header; content: "Host|3a| grup-whatsapv1.23newlink.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup\-whatsapv1\.23newlink\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//grup-whatsapv1.23newlink.my.id"; flow:to_server,established; http.header; content:"grup-whatsapv1.23newlink.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname uspsurt.top"; dns.query; content:"uspsurt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsurt\.top$/i"; classtype:trojan-activity; sid:37165331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname uspsurt.top"; flow:to_server,established; http.header; content: "Host|3a| uspsurt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsurt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//uspsurt.top"; flow:to_server,established; http.header; content:"uspsurt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert ip $HOME_NET any -> 167.86.86.15 3333 (msg: "MISP e26075 [njrat] Outgoing To IP: 167.86.86.15|3333"; classtype:trojan-activity; sid:37125061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26075;) alert http $HOME_NET any -> 221.13.151.115 54240 (msg: "MISP e26145 [] Outgoing URL http|3a|//221.13.151.115|3a|54240/i"; flow:to_server,established; http.header; content:"221.13.151.115"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 221.13.151.115 54240 (msg: "MISP e26145 [] Outgoing URL http|3a|//221.13.151.115|3a|54240/bin.sh"; flow:to_server,established; http.header; content:"221.13.151.115"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 221.13.151.115 54240 (msg: "MISP e26145 [] Outgoing URL http|3a|//221.13.151.115|3a|54240/"; flow:to_server,established; http.header; content:"221.13.151.115"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 117.206.183.88 50406 (msg: "MISP e26145 [] Outgoing URL http|3a|//117.206.183.88|3a|50406/bin.sh"; flow:to_server,established; http.header; content:"117.206.183.88"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 123.130.39.210 54807 (msg: "MISP e26145 [] Outgoing URL http|3a|//123.130.39.210|3a|54807/i"; flow:to_server,established; http.header; content:"123.130.39.210"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 120.211.69.81 33617 (msg: "MISP e26145 [] Outgoing URL http|3a|//120.211.69.81|3a|33617/i"; flow:to_server,established; http.header; content:"120.211.69.81"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 112.248.111.46 54108 (msg: "MISP e26145 [] Outgoing URL http|3a|//112.248.111.46|3a|54108/Mozi.m"; flow:to_server,established; http.header; content:"112.248.111.46"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 182.120.44.137 35434 (msg: "MISP e26145 [] Outgoing URL http|3a|//182.120.44.137|3a|35434/Mozi.m"; flow:to_server,established; http.header; content:"182.120.44.137"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 118.172.176.41 47895 (msg: "MISP e26145 [] Outgoing URL http|3a|//118.172.176.41|3a|47895/Mozi.m"; flow:to_server,established; http.header; content:"118.172.176.41"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert http $HOME_NET any -> 113.245.217.251 42321 (msg: "MISP e26145 [] Outgoing URL http|3a|//113.245.217.251|3a|42321/Mozi.a"; flow:to_server,established; http.header; content:"113.245.217.251"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26145;) alert ip $HOME_NET any -> 167.86.86.15 3333 (msg: "MISP e26150 [njrat,misp-galaxy:malpedia="NjRAT"] Outgoing To IP: 167.86.86.15|3333"; classtype:trojan-activity; sid:37166441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname imtoken-rf.top"; dns.query; content:"imtoken-rf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rf\.top$/i"; classtype:trojan-activity; sid:37165361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname imtoken-rf.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-rf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//imtoken-rf.top"; flow:to_server,established; http.header; content:"imtoken-rf.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26142 [] Hostname dymension-rpcdebugdapps.pages.dev"; dns.query; content:"dymension-rpcdebugdapps.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dymension\-rpcdebugdapps\.pages\.dev$/i"; classtype:trojan-activity; sid:37165391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26142 [] Outgoing HTTP Hostname dymension-rpcdebugdapps.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dymension-rpcdebugdapps.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dymension\-rpcdebugdapps\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37165392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26142 [] Outgoing URL http|3a|//dymension-rpcdebugdapps.pages.dev"; flow:to_server,established; http.header; content:"dymension-rpcdebugdapps.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26142;) alert dns any any -> any any (msg: "MISP e26150 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Domain junio2023.duckdns.org"; dns.query; content:"junio2023.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])junio2023\.duckdns\.org$/i"; classtype:trojan-activity; sid:37166451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing HTTP Domain junio2023.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"junio2023.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])junio2023\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37166452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26074 [] Outgoing URL http|3a|//dev-cancelarcompra-ytbprem01883.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-cancelarcompra-ytbprem01883.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37123301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26074;) alert dns any any -> any any (msg: "MISP e26074 [] Domain dev-cancelarcompra-ytbprem01883.pantheonsite.io"; dns.query; content:"dev-cancelarcompra-ytbprem01883.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-cancelarcompra\-ytbprem01883\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37123321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26074;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26074 [] Outgoing HTTP Domain dev-cancelarcompra-ytbprem01883.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-cancelarcompra-ytbprem01883.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-cancelarcompra\-ytbprem01883\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37123322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26074;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26076 [dcrat] Outgoing URL http|3a|//a0905554.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0905554.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37125541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26150 [dcrat] Outgoing URL http|3a|//a0905554.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0905554.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37166471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26134 [] Hostname webfun.website"; dns.query; content:"webfun.website"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webfun\.website$/i"; classtype:trojan-activity; sid:37142571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26134;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26134 [] Outgoing HTTP Hostname webfun.website"; flow:to_server,established; http.header; content: "Host|3a| webfun.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webfun\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37142572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26134;) alert ip $HOME_NET any -> 78.47.191.114 80 (msg: "MISP e26076 [c2,Vidar] Outgoing To IP: 78.47.191.114|80"; classtype:trojan-activity; sid:37125551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 78.47.191.114 443 (msg: "MISP e26076 [c2,Vidar] Outgoing To IP: 78.47.191.114|443"; classtype:trojan-activity; sid:37125561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 144.76.203.197 80 (msg: "MISP e26076 [c2,hook] Outgoing To IP: 144.76.203.197|80"; classtype:trojan-activity; sid:37125571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 144.76.203.197 80 (msg: "MISP e26150 [c2,misp:confidence-level="usually-confident"] Outgoing To IP: 144.76.203.197|80"; classtype:trojan-activity; sid:37166481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 78.47.191.114 443 (msg: "MISP e26150 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 78.47.191.114|443"; classtype:trojan-activity; sid:37166491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 78.47.191.114 80 (msg: "MISP e26150 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 78.47.191.114|80"; classtype:trojan-activity; sid:37166501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 78.40.116.82 9090 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 78.40.116.82|9090"; classtype:trojan-activity; sid:37125581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 68.183.86.25 49492 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 68.183.86.25|49492"; classtype:trojan-activity; sid:37125591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 120.48.101.89 37128 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 120.48.101.89|37128"; classtype:trojan-activity; sid:37125601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 117.72.35.189 50050 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 117.72.35.189|50050"; classtype:trojan-activity; sid:37125611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 159.223.77.150 58393 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 159.223.77.150|58393"; classtype:trojan-activity; sid:37125621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 101.201.224.75 50050 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 101.201.224.75|50050"; classtype:trojan-activity; sid:37125631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 20.231.208.182 7788 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 20.231.208.182|7788"; classtype:trojan-activity; sid:37125641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 124.222.234.106 12345 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 124.222.234.106|12345"; classtype:trojan-activity; sid:37125651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 1.15.248.225 38248 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 1.15.248.225|38248"; classtype:trojan-activity; sid:37125661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 74.48.158.197 30080 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 74.48.158.197|30080"; classtype:trojan-activity; sid:37125671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 1.117.117.147 2020 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 1.117.117.147|2020"; classtype:trojan-activity; sid:37125681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 120.79.154.38 55667 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 120.79.154.38|55667"; classtype:trojan-activity; sid:37125691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 208.68.36.130 50050 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 208.68.36.130|50050"; classtype:trojan-activity; sid:37125701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 175.178.83.204 50050 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 175.178.83.204|50050"; classtype:trojan-activity; sid:37125711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 101.43.2.243 26356 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 101.43.2.243|26356"; classtype:trojan-activity; sid:37125721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 31.192.235.73 48126 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 31.192.235.73|48126"; classtype:trojan-activity; sid:37125731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 8.218.137.213 50017 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 8.218.137.213|50017"; classtype:trojan-activity; sid:37125741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 106.52.244.189 10000 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 106.52.244.189|10000"; classtype:trojan-activity; sid:37125751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 149.50.211.216 50050 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 149.50.211.216|50050"; classtype:trojan-activity; sid:37125761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 43.154.39.87 28080 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 43.154.39.87|28080"; classtype:trojan-activity; sid:37125771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 47.120.50.234 35550 (msg: "MISP e26076 [c2,cobalt_strike] Outgoing To IP: 47.120.50.234|35550"; classtype:trojan-activity; sid:37125781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 47.120.50.234 35550 (msg: "MISP e26150 [] Outgoing To IP: 47.120.50.234|35550"; classtype:trojan-activity; sid:37166511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 43.154.39.87 28080 (msg: "MISP e26150 [] Outgoing To IP: 43.154.39.87|28080"; classtype:trojan-activity; sid:37166521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 149.50.211.216 50050 (msg: "MISP e26150 [] Outgoing To IP: 149.50.211.216|50050"; classtype:trojan-activity; sid:37166531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 106.52.244.189 10000 (msg: "MISP e26150 [] Outgoing To IP: 106.52.244.189|10000"; classtype:trojan-activity; sid:37166541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 8.218.137.213 50017 (msg: "MISP e26150 [] Outgoing To IP: 8.218.137.213|50017"; classtype:trojan-activity; sid:37166551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 31.192.235.73 48126 (msg: "MISP e26150 [] Outgoing To IP: 31.192.235.73|48126"; classtype:trojan-activity; sid:37166561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 101.43.2.243 26356 (msg: "MISP e26150 [] Outgoing To IP: 101.43.2.243|26356"; classtype:trojan-activity; sid:37166571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 175.178.83.204 50050 (msg: "MISP e26150 [] Outgoing To IP: 175.178.83.204|50050"; classtype:trojan-activity; sid:37166581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 208.68.36.130 50050 (msg: "MISP e26150 [] Outgoing To IP: 208.68.36.130|50050"; classtype:trojan-activity; sid:37166591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 120.79.154.38 55667 (msg: "MISP e26150 [] Outgoing To IP: 120.79.154.38|55667"; classtype:trojan-activity; sid:37166601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 1.117.117.147 2020 (msg: "MISP e26150 [] Outgoing To IP: 1.117.117.147|2020"; classtype:trojan-activity; sid:37166611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 74.48.158.197 30080 (msg: "MISP e26150 [] Outgoing To IP: 74.48.158.197|30080"; classtype:trojan-activity; sid:37166621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 1.15.248.225 38248 (msg: "MISP e26150 [] Outgoing To IP: 1.15.248.225|38248"; classtype:trojan-activity; sid:37166631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 124.222.234.106 12345 (msg: "MISP e26150 [] Outgoing To IP: 124.222.234.106|12345"; classtype:trojan-activity; sid:37166641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 20.231.208.182 7788 (msg: "MISP e26150 [] Outgoing To IP: 20.231.208.182|7788"; classtype:trojan-activity; sid:37166651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 101.201.224.75 50050 (msg: "MISP e26150 [] Outgoing To IP: 101.201.224.75|50050"; classtype:trojan-activity; sid:37166661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 159.223.77.150 58393 (msg: "MISP e26150 [] Outgoing To IP: 159.223.77.150|58393"; classtype:trojan-activity; sid:37166671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 117.72.35.189 50050 (msg: "MISP e26150 [] Outgoing To IP: 117.72.35.189|50050"; classtype:trojan-activity; sid:37166681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 120.48.101.89 37128 (msg: "MISP e26150 [] Outgoing To IP: 120.48.101.89|37128"; classtype:trojan-activity; sid:37166691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 68.183.86.25 49492 (msg: "MISP e26150 [] Outgoing To IP: 68.183.86.25|49492"; classtype:trojan-activity; sid:37166701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 78.40.116.82 9090 (msg: "MISP e26150 [] Outgoing To IP: 78.40.116.82|9090"; classtype:trojan-activity; sid:37166711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 132.226.123.210 1337 (msg: "MISP e26076 [RedLineStealer] Outgoing To IP: 132.226.123.210|1337"; classtype:trojan-activity; sid:37125791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 132.226.123.210 1337 (msg: "MISP e26150 [] Outgoing To IP: 132.226.123.210|1337"; classtype:trojan-activity; sid:37166721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 18.197.239.109 16992 (msg: "MISP e26076 [njrat] Outgoing To IP: 18.197.239.109|16992"; classtype:trojan-activity; sid:37125801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 3.69.115.178 16992 (msg: "MISP e26076 [njrat] Outgoing To IP: 3.69.115.178|16992"; classtype:trojan-activity; sid:37125811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 3.69.115.178 16992 (msg: "MISP e26150 [] Outgoing To IP: 3.69.115.178|16992"; classtype:trojan-activity; sid:37166731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 18.197.239.109 16992 (msg: "MISP e26150 [] Outgoing To IP: 18.197.239.109|16992"; classtype:trojan-activity; sid:37166741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 3.68.171.119 16992 (msg: "MISP e26150 [] Outgoing To IP: 3.68.171.119|16992"; classtype:trojan-activity; sid:37166751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 3.66.38.117 16992 (msg: "MISP e26150 [] Outgoing To IP: 3.66.38.117|16992"; classtype:trojan-activity; sid:37166761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 45.76.46.64 6606 (msg: "MISP e26076 [asyncrat,RAT] Outgoing To IP: 45.76.46.64|6606"; classtype:trojan-activity; sid:37125841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 45.76.46.64 6606 (msg: "MISP e26150 [] Outgoing To IP: 45.76.46.64|6606"; classtype:trojan-activity; sid:37166771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 91.238.181.248 8080 (msg: "MISP e26076 [Bianlian Go Trojan,FBWNETWORKS] Outgoing To IP: 91.238.181.248|8080"; classtype:trojan-activity; sid:37125851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 193.178.147.164 443 (msg: "MISP e26076 [Havoc,MIROHOST Web hosting datacenter and domain names registration in Ukraine] Outgoing To IP: 193.178.147.164|443"; classtype:trojan-activity; sid:37125861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 159.69.207.158 443 (msg: "MISP e26076 [Havoc,HETZNER-AS] Outgoing To IP: 159.69.207.158|443"; classtype:trojan-activity; sid:37125871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 45.61.159.30 443 (msg: "MISP e26076 [Havoc,ROUTERHOSTING] Outgoing To IP: 45.61.159.30|443"; classtype:trojan-activity; sid:37125881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 43.132.212.200 22694 (msg: "MISP e26076 [Havoc,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue] Outgoing To IP: 43.132.212.200|22694"; classtype:trojan-activity; sid:37125891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 121.127.33.246 80 (msg: "MISP e26076 [Havoc,PRIVEX] Outgoing To IP: 121.127.33.246|80"; classtype:trojan-activity; sid:37125901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 5.182.36.131 80 (msg: "MISP e26076 [Responder,STARK-INDUSTRIES] Outgoing To IP: 5.182.36.131|80"; classtype:trojan-activity; sid:37125911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 117.200.61.202 445 (msg: "MISP e26076 [BSNL-NIB National Internet Backbone,Responder] Outgoing To IP: 117.200.61.202|445"; classtype:trojan-activity; sid:37125921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 84.155.10.84 995 (msg: "MISP e26076 [DTAG Internet service provider operations,QakBot] Outgoing To IP: 84.155.10.84|995"; classtype:trojan-activity; sid:37125931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 151.30.51.255 443 (msg: "MISP e26076 [ASN-WINDTRE IUNET,QakBot] Outgoing To IP: 151.30.51.255|443"; classtype:trojan-activity; sid:37125941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 160.176.66.130 995 (msg: "MISP e26076 [MT-MPLS,QakBot] Outgoing To IP: 160.176.66.130|995"; classtype:trojan-activity; sid:37125951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 41.98.245.251 443 (msg: "MISP e26076 [ALGTEL-AS,QakBot] Outgoing To IP: 41.98.245.251|443"; classtype:trojan-activity; sid:37125961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 124.220.0.201 4849 (msg: "MISP e26076 [Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 124.220.0.201|4849"; classtype:trojan-activity; sid:37125971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 185.193.126.155 8888 (msg: "MISP e26076 [ABSTRACT,Supershell] Outgoing To IP: 185.193.126.155|8888"; classtype:trojan-activity; sid:37125981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 154.9.249.116 8888 (msg: "MISP e26076 [NETLAB-SDN,Supershell] Outgoing To IP: 154.9.249.116|8888"; classtype:trojan-activity; sid:37125991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 216.118.230.118 33452 (msg: "MISP e26076 [NETSEC-HK Netsec Limited,Supershell] Outgoing To IP: 216.118.230.118|33452"; classtype:trojan-activity; sid:37126001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 216.118.230.118 33452 (msg: "MISP e26150 [] Outgoing To IP: 216.118.230.118|33452"; classtype:trojan-activity; sid:37166781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 154.9.249.116 8888 (msg: "MISP e26150 [] Outgoing To IP: 154.9.249.116|8888"; classtype:trojan-activity; sid:37166791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 185.193.126.155 8888 (msg: "MISP e26150 [] Outgoing To IP: 185.193.126.155|8888"; classtype:trojan-activity; sid:37166801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 124.220.0.201 4849 (msg: "MISP e26150 [] Outgoing To IP: 124.220.0.201|4849"; classtype:trojan-activity; sid:37166811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 41.98.245.251 443 (msg: "MISP e26150 [] Outgoing To IP: 41.98.245.251|443"; classtype:trojan-activity; sid:37166821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 160.176.66.130 995 (msg: "MISP e26150 [] Outgoing To IP: 160.176.66.130|995"; classtype:trojan-activity; sid:37166831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 151.30.51.255 443 (msg: "MISP e26150 [] Outgoing To IP: 151.30.51.255|443"; classtype:trojan-activity; sid:37166841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 84.155.10.84 995 (msg: "MISP e26150 [] Outgoing To IP: 84.155.10.84|995"; classtype:trojan-activity; sid:37166851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 117.200.61.202 445 (msg: "MISP e26150 [] Outgoing To IP: 117.200.61.202|445"; classtype:trojan-activity; sid:37166861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 5.182.36.131 80 (msg: "MISP e26150 [] Outgoing To IP: 5.182.36.131|80"; classtype:trojan-activity; sid:37166871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 121.127.33.246 80 (msg: "MISP e26150 [] Outgoing To IP: 121.127.33.246|80"; classtype:trojan-activity; sid:37166881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 43.132.212.200 22694 (msg: "MISP e26150 [] Outgoing To IP: 43.132.212.200|22694"; classtype:trojan-activity; sid:37166891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 45.61.159.30 443 (msg: "MISP e26150 [] Outgoing To IP: 45.61.159.30|443"; classtype:trojan-activity; sid:37166901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 159.69.207.158 443 (msg: "MISP e26150 [] Outgoing To IP: 159.69.207.158|443"; classtype:trojan-activity; sid:37166911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 193.178.147.164 443 (msg: "MISP e26150 [] Outgoing To IP: 193.178.147.164|443"; classtype:trojan-activity; sid:37166921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 91.238.181.248 8080 (msg: "MISP e26150 [] Outgoing To IP: 91.238.181.248|8080"; classtype:trojan-activity; sid:37166931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26150 [] Domain vibe-ptclnetpk.viewdns.net"; dns.query; content:"vibe-ptclnetpk.viewdns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vibe\-ptclnetpk\.viewdns\.net$/i"; classtype:trojan-activity; sid:37166941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain vibe-ptclnetpk.viewdns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vibe-ptclnetpk.viewdns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vibe\-ptclnetpk\.viewdns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37166942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain vibe-ptclnetpk.viewdns.net"; dns.query; content:"vibe-ptclnetpk.viewdns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vibe\-ptclnetpk\.viewdns\.net$/i"; classtype:trojan-activity; sid:37126011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain vibe-ptclnetpk.viewdns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vibe-ptclnetpk.viewdns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vibe\-ptclnetpk\.viewdns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37126012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 3.66.38.117 16992 (msg: "MISP e26076 [njrat,RAT] Outgoing To IP: 3.66.38.117|16992"; classtype:trojan-activity; sid:37125821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 3.68.171.119 16992 (msg: "MISP e26076 [njrat,RAT] Outgoing To IP: 3.68.171.119|16992"; classtype:trojan-activity; sid:37125831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> 185.215.113.32 $HTTP_PORTS (msg: "MISP e26076 [] Outgoing URL http|3a|//185.215.113.32/yandex/index.php"; flow:to_server,established; http.header; content:"185.215.113.32"; fast_pattern; nocase; http.uri; content:"/yandex/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37125521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [njrat,RAT] Domain junio2023.duckdns.org"; dns.query; content:"junio2023.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])junio2023\.duckdns\.org$/i"; classtype:trojan-activity; sid:37125531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [njrat,RAT] Outgoing HTTP Domain junio2023.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"junio2023.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])junio2023\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e26076 [] Outgoing URL http|3a|//193.233.132.167/enigma/index.php"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/enigma/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37125511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [SrryStealer] Domain serenys.xyz"; dns.query; content:"serenys.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])serenys\.xyz$/i"; classtype:trojan-activity; sid:37125501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [SrryStealer] Outgoing HTTP Domain serenys.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"serenys.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])serenys\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 45.95.146.13 38241 (msg: "MISP e26076 [Mirai] Outgoing To IP: 45.95.146.13|38241"; classtype:trojan-activity; sid:37125481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [] Domain win32avemaria.com"; dns.query; content:"win32avemaria.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])win32avemaria\.com$/i"; classtype:trojan-activity; sid:37125491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [] Outgoing HTTP Domain win32avemaria.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"win32avemaria.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])win32avemaria\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain vibe-ptclnetpk.servehttp.com"; dns.query; content:"vibe-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vibe\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain vibe-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vibe-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vibe\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 3.67.161.133 13977 (msg: "MISP e26076 [njrat,RAT] Outgoing To IP: 3.67.161.133|13977"; classtype:trojan-activity; sid:37125471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [Mirai] Domain kami.shopkami.site"; dns.query; content:"kami.shopkami.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])kami\.shopkami\.site$/i"; classtype:trojan-activity; sid:37125091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [Mirai] Outgoing HTTP Domain kami.shopkami.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kami.shopkami.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kami\.shopkami\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 46.246.84.15 1995 (msg: "MISP e26076 [njrat,RAT] Outgoing To IP: 46.246.84.15|1995"; classtype:trojan-activity; sid:37125071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 171.228.211.109 56999 (msg: "MISP e26076 [Mirai] Outgoing To IP: 171.228.211.109|56999"; classtype:trojan-activity; sid:37125081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [njrat,RAT] Domain peces.duckdns.org"; dns.query; content:"peces.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])peces\.duckdns\.org$/i"; classtype:trojan-activity; sid:37125101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [njrat,RAT] Outgoing HTTP Domain peces.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"peces.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])peces\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain advisory-cabinetgpk.servehttp.com"; dns.query; content:"advisory-cabinetgpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])advisory\-cabinetgpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain advisory-cabinetgpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"advisory-cabinetgpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])advisory\-cabinetgpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain awards-piacaero.servehalflife.com"; dns.query; content:"awards-piacaero.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37125121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain awards-piacaero.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"awards-piacaero.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain awards-piacaero.servehttp.com"; dns.query; content:"awards-piacaero.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain awards-piacaero.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"awards-piacaero.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain cap-mofagovpk.servehttp.com"; dns.query; content:"cap-mofagovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofagovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain cap-mofagovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cap-mofagovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofagovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain cap-mofapk.servehttp.com"; dns.query; content:"cap-mofapk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofapk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain cap-mofapk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cap-mofapk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofapk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain circular-financegov.servehalflife.com"; dns.query; content:"circular-financegov.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])circular\-financegov\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37125161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain circular-financegov.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"circular-financegov.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])circular\-financegov\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain eservice-ptclnetpk.servehttp.com"; dns.query; content:"eservice-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eservice\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain eservice-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eservice-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eservice\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain finance-govpk.serveblog.net"; dns.query; content:"finance-govpk.serveblog.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveblog\.net$/i"; classtype:trojan-activity; sid:37125181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain finance-govpk.serveblog.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"finance-govpk.serveblog.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveblog\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain finance-govpk.serveftp.com"; dns.query; content:"finance-govpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37125191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain finance-govpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"finance-govpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain financegovpk.servehttp.com"; dns.query; content:"financegovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])financegovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain financegovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"financegovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])financegovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain hrmis-financegovpk.serveftp.com"; dns.query; content:"hrmis-financegovpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hrmis\-financegovpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37125211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain hrmis-financegovpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hrmis-financegovpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hrmis\-financegovpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain mail-bafmilbd.servequake.com"; dns.query; content:"mail-bafmilbd.servequake.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-bafmilbd\.servequake\.com$/i"; classtype:trojan-activity; sid:37125221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain mail-bafmilbd.servequake.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-bafmilbd.servequake.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-bafmilbd\.servequake\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain mail-depogovpk.servehttp.com"; dns.query; content:"mail-depogovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-depogovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain mail-depogovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-depogovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-depogovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain mail-dgdpgovpk.servehalflife.com"; dns.query; content:"mail-dgdpgovpk.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-dgdpgovpk\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37125241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain mail-dgdpgovpk.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-dgdpgovpk.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-dgdpgovpk\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain mail-modgovpk.servehttp.com"; dns.query; content:"mail-modgovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modgovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain mail-modgovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-modgovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modgovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain mail-mofagovpk.ddns.net"; dns.query; content:"mail-mofagovpk.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.ddns\.net$/i"; classtype:trojan-activity; sid:37125261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain mail-mofagovpk.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofagovpk.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain mail-mofagovpk.gotdns.ch"; dns.query; content:"mail-mofagovpk.gotdns.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.gotdns\.ch$/i"; classtype:trojan-activity; sid:37125271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain mail-mofagovpk.gotdns.ch"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofagovpk.gotdns.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.gotdns\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain mail-mofagovpk.myddns.me"; dns.query; content:"mail-mofagovpk.myddns.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.myddns\.me$/i"; classtype:trojan-activity; sid:37125281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain mail-mofagovpk.myddns.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofagovpk.myddns.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.myddns\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain mail-mofapk.servehttp.com"; dns.query; content:"mail-mofapk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofapk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain mail-mofapk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofapk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofapk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain mail-scogovpk.servehalflife.com"; dns.query; content:"mail-scogovpk.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-scogovpk\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37125301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain mail-scogovpk.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-scogovpk.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-scogovpk\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain mailhitgovpk.servehalflife.com"; dns.query; content:"mailhitgovpk.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mailhitgovpk\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37125311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain mailhitgovpk.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mailhitgovpk.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mailhitgovpk\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain nanfung.servehttp.com"; dns.query; content:"nanfung.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nanfung\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain nanfung.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nanfung.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nanfung\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain navy-govbd.servehttp.com"; dns.query; content:"navy-govbd.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])navy\-govbd\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain navy-govbd.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"navy-govbd.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])navy\-govbd\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain newmail-armymilbd.servehttp.com"; dns.query; content:"newmail-armymilbd.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])newmail\-armymilbd\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain newmail-armymilbd.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"newmail-armymilbd.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])newmail\-armymilbd\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain news-ptvcompk.servehttp.com"; dns.query; content:"news-ptvcompk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-ptvcompk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain news-ptvcompk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news-ptvcompk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-ptvcompk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain offer-ptclnetpk.servehttp.com"; dns.query; content:"offer-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offer\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain offer-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offer-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offer\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain offers-ptclnetpk.serveblog.net"; dns.query; content:"offers-ptclnetpk.serveblog.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveblog\.net$/i"; classtype:trojan-activity; sid:37125371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain offers-ptclnetpk.serveblog.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveblog.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveblog\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain offers-ptclnetpk.serveftp.com"; dns.query; content:"offers-ptclnetpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37125381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain offers-ptclnetpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain offers-ptclnetpk.serveirc.com"; dns.query; content:"offers-ptclnetpk.serveirc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveirc\.com$/i"; classtype:trojan-activity; sid:37125391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain offers-ptclnetpk.serveirc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveirc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveirc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain piac-compk.servehttp.com"; dns.query; content:"piac-compk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])piac\-compk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain piac-compk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"piac-compk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])piac\-compk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain ogdcl.servehttp.com"; dns.query; content:"ogdcl.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ogdcl\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain ogdcl.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ogdcl.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ogdcl\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain portal-ptclnetpk.servehttp.com"; dns.query; content:"portal-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain portal-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain sdmx-financegovpk.servehttp.com"; dns.query; content:"sdmx-financegovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sdmx\-financegovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain sdmx-financegovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sdmx-financegovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sdmx\-financegovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain sharepakistan-mofa.viewdns.net"; dns.query; content:"sharepakistan-mofa.viewdns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])sharepakistan\-mofa\.viewdns\.net$/i"; classtype:trojan-activity; sid:37125441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain sharepakistan-mofa.viewdns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sharepakistan-mofa.viewdns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sharepakistan\-mofa\.viewdns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [APT,SideWinder] Domain support-ntc.servehttp.com"; dns.query; content:"support-ntc.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])support\-ntc\.servehttp\.com$/i"; classtype:trojan-activity; sid:37125451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [APT,SideWinder] Outgoing HTTP Domain support-ntc.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"support-ntc.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])support\-ntc\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37125452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 185.215.113.32 80 (msg: "MISP e26076 [Amadey,ViriBack] Outgoing To IP: 185.215.113.32|80"; classtype:trojan-activity; sid:37126021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 193.233.132.167 80 (msg: "MISP e26076 [Amadey,ViriBack] Outgoing To IP: 193.233.132.167|80"; classtype:trojan-activity; sid:37126031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 104.236.71.61 443 (msg: "MISP e26076 [CobaltStrike,cs-watermark-1839174456,DIGITALOCEAN-ASN] Outgoing To IP: 104.236.71.61|443"; classtype:trojan-activity; sid:37126051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 104.236.71.61 443 (msg: "MISP e26150 [] Outgoing To IP: 104.236.71.61|443"; classtype:trojan-activity; sid:37166951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 193.233.132.167 80 (msg: "MISP e26150 [] Outgoing To IP: 193.233.132.167|80"; classtype:trojan-activity; sid:37166971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 185.215.113.32 80 (msg: "MISP e26150 [] Outgoing To IP: 185.215.113.32|80"; classtype:trojan-activity; sid:37166981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> 47.93.172.190 8000 (msg: "MISP e26143 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//47.93.172.190|3a|8000/BrowserGhost.exe"; flow:to_server,established; http.header; content:"47.93.172.190"; fast_pattern; nocase; http.uri; content:"/BrowserGhost.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37165421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26143;) alert dns any any -> any any (msg: "MISP e26150 [] Domain teaigame.com"; dns.query; content:"teaigame.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])teaigame\.com$/i"; classtype:trojan-activity; sid:37167001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain teaigame.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"teaigame.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])teaigame\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26076 [] Domain teaigame.com"; dns.query; content:"teaigame.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])teaigame\.com$/i"; classtype:trojan-activity; sid:37126061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [] Outgoing HTTP Domain teaigame.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"teaigame.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])teaigame\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37126062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26136 [] Hostname iranmtl.afcsub.sbs"; dns.query; content:"iranmtl.afcsub.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iranmtl\.afcsub\.sbs$/i"; classtype:trojan-activity; sid:37143001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26136;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26136 [] Outgoing HTTP Hostname iranmtl.afcsub.sbs"; flow:to_server,established; http.header; content: "Host|3a| iranmtl.afcsub.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iranmtl\.afcsub\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37143002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26136;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26136 [] Outgoing URL http|3a|//iranmtl.afcsub.sbs/Navaei/Baprc/shaparak.ir.payment1243.sharj/"; flow:to_server,established; http.header; content:"iranmtl.afcsub.sbs"; fast_pattern; nocase; http.uri; content:"/Navaei/Baprc/shaparak.ir.payment1243.sharj/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37143021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26136;) alert dns any any -> any any (msg: "MISP e26135 [] Hostname www.homavash.ir"; dns.query; content:"www.homavash.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.homavash\.ir$/i"; classtype:trojan-activity; sid:37142851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26135;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26135 [] Outgoing HTTP Hostname www.homavash.ir"; flow:to_server,established; http.header; content: "Host|3a| www.homavash.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.homavash\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37142852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26135;) alert ip $HOME_NET any -> 3.66.38.117 17032 (msg: "MISP e26150 [] Outgoing To IP: 3.66.38.117|17032"; classtype:trojan-activity; sid:37167021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 18.197.239.109 17032 (msg: "MISP e26150 [] Outgoing To IP: 18.197.239.109|17032"; classtype:trojan-activity; sid:37167031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> 47.93.172.190 8000 (msg: "MISP e26160 [kill-chain:Command and Control] Outgoing URL http|3a|//47.93.172.190|3a|8000/shell.elf"; flow:to_server,established; http.header; content:"47.93.172.190"; fast_pattern; nocase; http.uri; content:"/shell.elf"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37184381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26160;) alert ip $HOME_NET any -> 18.197.239.109 17032 (msg: "MISP e26076 [njrat,RAT] Outgoing To IP: 18.197.239.109|17032"; classtype:trojan-activity; sid:37126091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 3.66.38.117 17032 (msg: "MISP e26076 [njrat,RAT] Outgoing To IP: 3.66.38.117|17032"; classtype:trojan-activity; sid:37126101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [CobaltStrike,cs-watermark-1357776117] Domain sbdatabase.com"; dns.query; content:"sbdatabase.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sbdatabase\.com$/i"; classtype:trojan-activity; sid:37126111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain sbdatabase.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sbdatabase.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sbdatabase\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37126112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26150 [] Domain sbdatabase.com"; dns.query; content:"sbdatabase.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sbdatabase\.com$/i"; classtype:trojan-activity; sid:37167041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain sbdatabase.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sbdatabase.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sbdatabase\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26076 [dcrat] Outgoing URL http|3a|//cr13705.tw1.ru/_defaultwindows.php"; flow:to_server,established; http.header; content:"cr13705.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37126121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usbson.com"; dns.query; content:"usbson.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usbson\.com$/i"; classtype:trojan-activity; sid:37132521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usbson.com"; flow:to_server,established; http.header; content: "Host|3a| usbson.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usbson\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//usbson.com"; flow:to_server,established; http.header; content:"usbson.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname imtoken-br.net"; dns.query; content:"imtoken-br.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-br\.net$/i"; classtype:trojan-activity; sid:37132551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname imtoken-br.net"; flow:to_server,established; http.header; content: "Host|3a| imtoken-br.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-br\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//imtoken-br.net"; flow:to_server,established; http.header; content:"imtoken-br.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname swisspass-mobilit-tsplattform-xr007wn468392.codeanyapp.com"; dns.query; content:"swisspass-mobilit-tsplattform-xr007wn468392.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspass\-mobilit\-tsplattform\-xr007wn468392\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37132581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname swisspass-mobilit-tsplattform-xr007wn468392.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| swisspass-mobilit-tsplattform-xr007wn468392.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspass\-mobilit\-tsplattform\-xr007wn468392\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname blockchainsdatafix.pages.dev"; dns.query; content:"blockchainsdatafix.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsdatafix\.pages\.dev$/i"; classtype:trojan-activity; sid:37132611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname blockchainsdatafix.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchainsdatafix.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsdatafix\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//blockchainsdatafix.pages.dev"; flow:to_server,established; http.header; content:"blockchainsdatafix.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usberps.com"; dns.query; content:"usberps.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usberps\.com$/i"; classtype:trojan-activity; sid:37132641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usberps.com"; flow:to_server,established; http.header; content: "Host|3a| usberps.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usberps\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//usberps.com"; flow:to_server,established; http.header; content:"usberps.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname iranmtl.afcsub.sbs"; dns.query; content:"iranmtl.afcsub.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iranmtl\.afcsub\.sbs$/i"; classtype:trojan-activity; sid:37132671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname iranmtl.afcsub.sbs"; flow:to_server,established; http.header; content: "Host|3a| iranmtl.afcsub.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iranmtl\.afcsub\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//iranmtl.afcsub.sbs/Navaei/Baprc/shaparak.ir.payment1243.sharj/"; flow:to_server,established; http.header; content:"iranmtl.afcsub.sbs"; fast_pattern; nocase; http.uri; content:"/Navaei/Baprc/shaparak.ir.payment1243.sharj/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-f738f9ba6a7b4dfaa6ffd41acd1a7885.r2.dev"; dns.query; content:"pub-f738f9ba6a7b4dfaa6ffd41acd1a7885.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f738f9ba6a7b4dfaa6ffd41acd1a7885\.r2\.dev$/i"; classtype:trojan-activity; sid:37132701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-f738f9ba6a7b4dfaa6ffd41acd1a7885.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-f738f9ba6a7b4dfaa6ffd41acd1a7885.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f738f9ba6a7b4dfaa6ffd41acd1a7885\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname hello-world-tiny-tooth-8a2f.jln95cha.workers.dev"; dns.query; content:"hello-world-tiny-tooth-8a2f.jln95cha.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-tiny\-tooth\-8a2f\.jln95cha\.workers\.dev$/i"; classtype:trojan-activity; sid:37132731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname hello-world-tiny-tooth-8a2f.jln95cha.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-tiny-tooth-8a2f.jln95cha.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-tiny\-tooth\-8a2f\.jln95cha\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//hello-world-tiny-tooth-8a2f.jln95cha.workers.dev/"; flow:to_server,established; http.header; content:"hello-world-tiny-tooth-8a2f.jln95cha.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname eth20tokensdata.pages.dev"; dns.query; content:"eth20tokensdata.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eth20tokensdata\.pages\.dev$/i"; classtype:trojan-activity; sid:37132761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname eth20tokensdata.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| eth20tokensdata.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eth20tokensdata\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//eth20tokensdata.pages.dev"; flow:to_server,established; http.header; content:"eth20tokensdata.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname imtoken-hf.top"; dns.query; content:"imtoken-hf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-hf\.top$/i"; classtype:trojan-activity; sid:37132791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname imtoken-hf.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-hf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-hf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//imtoken-hf.top"; flow:to_server,established; http.header; content:"imtoken-hf.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname imtoken-br.rip"; dns.query; content:"imtoken-br.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-br\.rip$/i"; classtype:trojan-activity; sid:37132821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname imtoken-br.rip"; flow:to_server,established; http.header; content: "Host|3a| imtoken-br.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-br\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//imtoken-br.rip"; flow:to_server,established; http.header; content:"imtoken-br.rip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname eth20tokendatas.pages.dev"; dns.query; content:"eth20tokendatas.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eth20tokendatas\.pages\.dev$/i"; classtype:trojan-activity; sid:37132851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname eth20tokendatas.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| eth20tokendatas.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eth20tokendatas\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//eth20tokendatas.pages.dev"; flow:to_server,established; http.header; content:"eth20tokendatas.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname kinetic-technologies.com"; dns.query; content:"kinetic-technologies.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kinetic\-technologies\.com$/i"; classtype:trojan-activity; sid:37132881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname kinetic-technologies.com"; flow:to_server,established; http.header; content: "Host|3a| kinetic-technologies.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kinetic\-technologies\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname du-reciha.com"; dns.query; content:"du-reciha.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])du\-reciha\.com$/i"; classtype:trojan-activity; sid:37132911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname du-reciha.com"; flow:to_server,established; http.header; content: "Host|3a| du-reciha.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])du\-reciha\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37132912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//du-reciha.com"; flow:to_server,established; http.header; content:"du-reciha.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37132921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname rpcdebug-extensiondapps.pages.dev"; dns.query; content:"rpcdebug-extensiondapps.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rpcdebug\-extensiondapps\.pages\.dev$/i"; classtype:trojan-activity; sid:37133001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname rpcdebug-extensiondapps.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| rpcdebug-extensiondapps.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rpcdebug\-extensiondapps\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//rpcdebug-extensiondapps.pages.dev"; flow:to_server,established; http.header; content:"rpcdebug-extensiondapps.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//tinyurl.com/mukewndm"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/mukewndm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname kostenlose-videoanrufe.pages.dev"; dns.query; content:"kostenlose-videoanrufe.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kostenlose\-videoanrufe\.pages\.dev$/i"; classtype:trojan-activity; sid:37133061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname kostenlose-videoanrufe.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| kostenlose-videoanrufe.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kostenlose\-videoanrufe\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//kostenlose-videoanrufe.pages.dev"; flow:to_server,established; http.header; content:"kostenlose-videoanrufe.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegrnne.work"; dns.query; content:"telegrnne.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrnne\.work$/i"; classtype:trojan-activity; sid:37133091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegrnne.work"; flow:to_server,established; http.header; content: "Host|3a| telegrnne.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrnne\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegrnne.work/"; flow:to_server,established; http.header; content:"telegrnne.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname teleptrrm.fit"; dns.query; content:"teleptrrm.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrrm\.fit$/i"; classtype:trojan-activity; sid:37133121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname teleptrrm.fit"; flow:to_server,established; http.header; content: "Host|3a| teleptrrm.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleptrrm\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//teleptrrm.fit/web"; flow:to_server,established; http.header; content:"teleptrrm.fit"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegrpnm.club"; dns.query; content:"telegrpnm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.club$/i"; classtype:trojan-activity; sid:37133151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegrpnm.club"; flow:to_server,established; http.header; content: "Host|3a| telegrpnm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrpnm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegrpnm.club/web"; flow:to_server,established; http.header; content:"telegrpnm.club"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname teletrlqm.club"; dns.query; content:"teletrlqm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrlqm\.club$/i"; classtype:trojan-activity; sid:37133181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname teletrlqm.club"; flow:to_server,established; http.header; content: "Host|3a| teletrlqm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrlqm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//teletrlqm.club/web"; flow:to_server,established; http.header; content:"teletrlqm.club"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname teletsma.work"; dns.query; content:"teletsma.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsma\.work$/i"; classtype:trojan-activity; sid:37133211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname teletsma.work"; flow:to_server,established; http.header; content: "Host|3a| teletsma.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsma\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//teletsma.work/web"; flow:to_server,established; http.header; content:"teletsma.work"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname teletsma.club"; dns.query; content:"teletsma.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsma\.club$/i"; classtype:trojan-activity; sid:37133241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname teletsma.club"; flow:to_server,established; http.header; content: "Host|3a| teletsma.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsma\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//teletsma.club/web"; flow:to_server,established; http.header; content:"teletsma.club"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegrlm.fit"; dns.query; content:"telegrlm.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.fit$/i"; classtype:trojan-activity; sid:37133271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegrlm.fit"; flow:to_server,established; http.header; content: "Host|3a| telegrlm.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegrlm.fit/web"; flow:to_server,established; http.header; content:"telegrlm.fit"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegsrem.work"; dns.query; content:"telegsrem.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegsrem\.work$/i"; classtype:trojan-activity; sid:37133301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegsrem.work"; flow:to_server,established; http.header; content: "Host|3a| telegsrem.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegsrem\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegsrem.work/web"; flow:to_server,established; http.header; content:"telegsrem.work"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telepgrlm.work"; dns.query; content:"telepgrlm.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telepgrlm\.work$/i"; classtype:trojan-activity; sid:37133331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telepgrlm.work"; flow:to_server,established; http.header; content: "Host|3a| telepgrlm.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telepgrlm\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telepgrlm.work/web"; flow:to_server,established; http.header; content:"telepgrlm.work"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegrlm.work"; dns.query; content:"telegrlm.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.work$/i"; classtype:trojan-activity; sid:37133361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegrlm.work"; flow:to_server,established; http.header; content: "Host|3a| telegrlm.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegrlm.work/web"; flow:to_server,established; http.header; content:"telegrlm.work"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tg.telegarm-ot.top"; dns.query; content:"tg.telegarm-ot.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-ot\.top$/i"; classtype:trojan-activity; sid:37133391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tg.telegarm-ot.top"; flow:to_server,established; http.header; content: "Host|3a| tg.telegarm-ot.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.telegarm\-ot\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname malaysia.ip1-kd.com"; dns.query; content:"malaysia.ip1-kd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])malaysia\.ip1\-kd\.com$/i"; classtype:trojan-activity; sid:37133421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname malaysia.ip1-kd.com"; flow:to_server,established; http.header; content: "Host|3a| malaysia.ip1-kd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])malaysia\.ip1\-kd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//malaysia.ip1-kd.com/aplly/"; flow:to_server,established; http.header; content:"malaysia.ip1-kd.com"; fast_pattern; nocase; http.uri; content:"/aplly/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname app9.rodalink-store.my.id"; dns.query; content:"app9.rodalink-store.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])app9\.rodalink\-store\.my\.id$/i"; classtype:trojan-activity; sid:37133451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname app9.rodalink-store.my.id"; flow:to_server,established; http.header; content: "Host|3a| app9.rodalink-store.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])app9\.rodalink\-store\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tgtalk66.com"; dns.query; content:"tgtalk66.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgtalk66\.com$/i"; classtype:trojan-activity; sid:37133481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tgtalk66.com"; flow:to_server,established; http.header; content: "Host|3a| tgtalk66.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgtalk66\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname sri-tanah-melaka.my.id"; dns.query; content:"sri-tanah-melaka.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sri\-tanah\-melaka\.my\.id$/i"; classtype:trojan-activity; sid:37133511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname sri-tanah-melaka.my.id"; flow:to_server,established; http.header; content: "Host|3a| sri-tanah-melaka.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sri\-tanah\-melaka\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname teleqgream.vip"; dns.query; content:"teleqgream.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleqgream\.vip$/i"; classtype:trojan-activity; sid:37133541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname teleqgream.vip"; flow:to_server,established; http.header; content: "Host|3a| teleqgream.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleqgream\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//teleqgream.vip/web"; flow:to_server,established; http.header; content:"teleqgream.vip"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegrsmn.vip"; dns.query; content:"telegrsmn.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrsmn\.vip$/i"; classtype:trojan-activity; sid:37133571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegrsmn.vip"; flow:to_server,established; http.header; content: "Host|3a| telegrsmn.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrsmn\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegrsmn.vip/web"; flow:to_server,established; http.header; content:"telegrsmn.vip"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegpewm.work"; dns.query; content:"telegpewm.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegpewm\.work$/i"; classtype:trojan-activity; sid:37133601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegpewm.work"; flow:to_server,established; http.header; content: "Host|3a| telegpewm.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegpewm\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegpewm.work/web"; flow:to_server,established; http.header; content:"telegpewm.work"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegrsamn.work"; dns.query; content:"telegrsamn.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrsamn\.work$/i"; classtype:trojan-activity; sid:37133631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegrsamn.work"; flow:to_server,established; http.header; content: "Host|3a| telegrsamn.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrsamn\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegrsamn.work/web"; flow:to_server,established; http.header; content:"telegrsamn.work"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tok2npo2kht.top"; dns.query; content:"tok2npo2kht.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2npo2kht\.top$/i"; classtype:trojan-activity; sid:37133661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tok2npo2kht.top"; flow:to_server,established; http.header; content: "Host|3a| tok2npo2kht.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2npo2kht\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//tok2npo2kht.top"; flow:to_server,established; http.header; content:"tok2npo2kht.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname sbb-cff-swisspass-servicetusna231075.codeanyapp.com"; dns.query; content:"sbb-cff-swisspass-servicetusna231075.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbb\-cff\-swisspass\-servicetusna231075\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37133691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname sbb-cff-swisspass-servicetusna231075.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| sbb-cff-swisspass-servicetusna231075.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbb\-cff\-swisspass\-servicetusna231075\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname vindumeknes.hellotofmafuo.com"; dns.query; content:"vindumeknes.hellotofmafuo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vindumeknes\.hellotofmafuo\.com$/i"; classtype:trojan-activity; sid:37133721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname vindumeknes.hellotofmafuo.com"; flow:to_server,established; http.header; content: "Host|3a| vindumeknes.hellotofmafuo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vindumeknes\.hellotofmafuo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//vindumeknes.hellotofmafuo.com/"; flow:to_server,established; http.header; content:"vindumeknes.hellotofmafuo.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname laekirap.wpenginepowered.com"; dns.query; content:"laekirap.wpenginepowered.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])laekirap\.wpenginepowered\.com$/i"; classtype:trojan-activity; sid:37133751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname laekirap.wpenginepowered.com"; flow:to_server,established; http.header; content: "Host|3a| laekirap.wpenginepowered.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])laekirap\.wpenginepowered\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname jade-basbousa.pages.dev"; dns.query; content:"jade-basbousa.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jade\-basbousa\.pages\.dev$/i"; classtype:trojan-activity; sid:37133781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname jade-basbousa.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jade-basbousa.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jade\-basbousa\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//jade-basbousa.pages.dev"; flow:to_server,established; http.header; content:"jade-basbousa.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname imtoken-cc.pro"; dns.query; content:"imtoken-cc.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cc\.pro$/i"; classtype:trojan-activity; sid:37133811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname imtoken-cc.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-cc.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cc\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//imtoken-cc.pro"; flow:to_server,established; http.header; content:"imtoken-cc.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname btc-20.pages.dev"; dns.query; content:"btc-20.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btc\-20\.pages\.dev$/i"; classtype:trojan-activity; sid:37133841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname btc-20.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| btc-20.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btc\-20\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//btc-20.pages.dev"; flow:to_server,established; http.header; content:"btc-20.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname imtoken-cc.run"; dns.query; content:"imtoken-cc.run"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cc\.run$/i"; classtype:trojan-activity; sid:37133871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname imtoken-cc.run"; flow:to_server,established; http.header; content: "Host|3a| imtoken-cc.run"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-cc\.run[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//imtoken-cc.run"; flow:to_server,established; http.header; content:"imtoken-cc.run"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname blockchaindataconnect.pages.dev"; dns.query; content:"blockchaindataconnect.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchaindataconnect\.pages\.dev$/i"; classtype:trojan-activity; sid:37133901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname blockchaindataconnect.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchaindataconnect.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchaindataconnect\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//blockchaindataconnect.pages.dev"; flow:to_server,established; http.header; content:"blockchaindataconnect.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname hello-world-odd-waterfall-9f0a.kbeyer71.workers.dev"; dns.query; content:"hello-world-odd-waterfall-9f0a.kbeyer71.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-odd\-waterfall\-9f0a\.kbeyer71\.workers\.dev$/i"; classtype:trojan-activity; sid:37133931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname hello-world-odd-waterfall-9f0a.kbeyer71.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-odd-waterfall-9f0a.kbeyer71.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-odd\-waterfall\-9f0a\.kbeyer71\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-a77079cbc02d401e930bd624d520d888.r2.dev"; dns.query; content:"pub-a77079cbc02d401e930bd624d520d888.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a77079cbc02d401e930bd624d520d888\.r2\.dev$/i"; classtype:trojan-activity; sid:37133961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-a77079cbc02d401e930bd624d520d888.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-a77079cbc02d401e930bd624d520d888.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a77079cbc02d401e930bd624d520d888\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//pub-a77079cbc02d401e930bd624d520d888.r2.dev/index2.html"; flow:to_server,established; http.header; content:"pub-a77079cbc02d401e930bd624d520d888.r2.dev"; fast_pattern; nocase; http.uri; content:"/index2.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37133971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname ustons.com"; dns.query; content:"ustons.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ustons\.com$/i"; classtype:trojan-activity; sid:37133991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname ustons.com"; flow:to_server,established; http.header; content: "Host|3a| ustons.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ustons\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37133992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//ustons.com"; flow:to_server,established; http.header; content:"ustons.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37134001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname dogestardatas.pages.dev"; dns.query; content:"dogestardatas.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dogestardatas\.pages\.dev$/i"; classtype:trojan-activity; sid:37134021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname dogestardatas.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dogestardatas.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dogestardatas\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//dogestardatas.pages.dev"; flow:to_server,established; http.header; content:"dogestardatas.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37134031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tok2npo2kyt.top"; dns.query; content:"tok2npo2kyt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2npo2kyt\.top$/i"; classtype:trojan-activity; sid:37134051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tok2npo2kyt.top"; flow:to_server,established; http.header; content: "Host|3a| tok2npo2kyt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2npo2kyt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//tok2npo2kyt.top"; flow:to_server,established; http.header; content:"tok2npo2kyt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37134061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname udbvv.pages.dev"; dns.query; content:"udbvv.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])udbvv\.pages\.dev$/i"; classtype:trojan-activity; sid:37134081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname udbvv.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| udbvv.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])udbvv\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//udbvv.pages.dev"; flow:to_server,established; http.header; content:"udbvv.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37134091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegramx-ivan.pages.dev"; dns.query; content:"telegramx-ivan.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramx\-ivan\.pages\.dev$/i"; classtype:trojan-activity; sid:37134111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegramx-ivan.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramx-ivan.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramx\-ivan\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegramx-ivan.pages.dev"; flow:to_server,established; http.header; content:"telegramx-ivan.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37134121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname blockchainsbridge.pages.dev"; dns.query; content:"blockchainsbridge.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsbridge\.pages\.dev$/i"; classtype:trojan-activity; sid:37134141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname blockchainsbridge.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchainsbridge.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsbridge\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//blockchainsbridge.pages.dev"; flow:to_server,established; http.header; content:"blockchainsbridge.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37134151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegram-grupo-sexo-102.pages.dev"; dns.query; content:"telegram-grupo-sexo-102.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-grupo\-sexo\-102\.pages\.dev$/i"; classtype:trojan-activity; sid:37134171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegram-grupo-sexo-102.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegram-grupo-sexo-102.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-grupo\-sexo\-102\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegram-grupo-sexo-102.pages.dev"; flow:to_server,established; http.header; content:"telegram-grupo-sexo-102.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37134181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tp18.net"; dns.query; content:"tp18.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp18\.net$/i"; classtype:trojan-activity; sid:37134201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tp18.net"; flow:to_server,established; http.header; content: "Host|3a| tp18.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp18\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tp15.app"; dns.query; content:"tp15.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp15\.app$/i"; classtype:trojan-activity; sid:37134231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tp15.app"; flow:to_server,established; http.header; content: "Host|3a| tp15.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp15\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//tp15.app"; flow:to_server,established; http.header; content:"tp15.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37134241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usspda.top"; dns.query; content:"usspda.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usspda\.top$/i"; classtype:trojan-activity; sid:37134261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usspda.top"; flow:to_server,established; http.header; content: "Host|3a| usspda.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usspda\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//usspda.top"; flow:to_server,established; http.header; content:"usspda.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37134271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspks.top"; dns.query; content:"usp.usspks.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspks\.top$/i"; classtype:trojan-activity; sid:37134291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspks.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspks.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspks\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//usp.usspks.top"; flow:to_server,established; http.header; content:"usp.usspks.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37134301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname xhamster.gen.in.couponreedem.com"; dns.query; content:"xhamster.gen.in.couponreedem.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xhamster\.gen\.in\.couponreedem\.com$/i"; classtype:trojan-activity; sid:37134321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname xhamster.gen.in.couponreedem.com"; flow:to_server,established; http.header; content: "Host|3a| xhamster.gen.in.couponreedem.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xhamster\.gen\.in\.couponreedem\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname vrncit.ru"; dns.query; content:"vrncit.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vrncit\.ru$/i"; classtype:trojan-activity; sid:37134351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname vrncit.ru"; flow:to_server,established; http.header; content: "Host|3a| vrncit.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vrncit\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspz.usspjp.top"; dns.query; content:"uspz.usspjp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjp\.top$/i"; classtype:trojan-activity; sid:37134381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspz.usspjp.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspjp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspjp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspz.uspsfy.top"; dns.query; content:"uspz.uspsfy.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfy\.top$/i"; classtype:trojan-activity; sid:37134411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspz.uspsfy.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsfy.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfy\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspz.uspsfn.top"; dns.query; content:"uspz.uspsfn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfn\.top$/i"; classtype:trojan-activity; sid:37134441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspz.uspsfn.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsfn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsfn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspz.uspsdz.top"; dns.query; content:"uspz.uspsdz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsdz\.top$/i"; classtype:trojan-activity; sid:37134471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspz.uspsdz.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsdz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsdz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspz.uspof.top"; dns.query; content:"uspz.uspof.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspof\.top$/i"; classtype:trojan-activity; sid:37134501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspz.uspof.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspof.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspof\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspz.uspft.top"; dns.query; content:"uspz.uspft.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspft\.top$/i"; classtype:trojan-activity; sid:37134531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspz.uspft.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspft.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspft\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspz.uspnk.top"; dns.query; content:"uspz.uspnk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnk\.top$/i"; classtype:trojan-activity; sid:37134561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspz.uspnk.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspnk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspnk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspz.uspcc.top"; dns.query; content:"uspz.uspcc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcc\.top$/i"; classtype:trojan-activity; sid:37134591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspz.uspcc.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspz.uspaiu.top"; dns.query; content:"uspz.uspaiu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaiu\.top$/i"; classtype:trojan-activity; sid:37134621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspz.uspaiu.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspaiu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaiu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspz.09us2w101ps.top"; dns.query; content:"uspz.09us2w101ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.09us2w101ps\.top$/i"; classtype:trojan-activity; sid:37134651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspz.09us2w101ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.09us2w101ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.09us2w101ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspyw.top"; dns.query; content:"usp.usspyw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyw\.top$/i"; classtype:trojan-activity; sid:37134681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspyw.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspyw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspyw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspzl.top"; dns.query; content:"usp.usspzl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzl\.top$/i"; classtype:trojan-activity; sid:37134711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspzl.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspzl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspzl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspwt.top"; dns.query; content:"usp.usspwt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwt\.top$/i"; classtype:trojan-activity; sid:37134741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspwt.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspwt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspwt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspvz.top"; dns.query; content:"usp.usspvz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvz\.top$/i"; classtype:trojan-activity; sid:37134771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspvz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspvv.top"; dns.query; content:"usp.usspvv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvv\.top$/i"; classtype:trojan-activity; sid:37134801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspvv.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspvu.top"; dns.query; content:"usp.usspvu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvu\.top$/i"; classtype:trojan-activity; sid:37134831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspvu.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspvs.top"; dns.query; content:"usp.usspvs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvs\.top$/i"; classtype:trojan-activity; sid:37134861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspvs.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.ussprk.top"; dns.query; content:"usp.ussprk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprk\.top$/i"; classtype:trojan-activity; sid:37134891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.ussprk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussprk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussprk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.ussppk.top"; dns.query; content:"usp.ussppk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppk\.top$/i"; classtype:trojan-activity; sid:37134921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.ussppk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussppk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussppk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspkm.top"; dns.query; content:"usp.usspkm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkm\.top$/i"; classtype:trojan-activity; sid:37134951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspkm.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspkm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspkm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspjt.top"; dns.query; content:"usp.usspjt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjt\.top$/i"; classtype:trojan-activity; sid:37134981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspjt.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37134982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspjq.top"; dns.query; content:"usp.usspjq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjq\.top$/i"; classtype:trojan-activity; sid:37135011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspjq.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspjk.top"; dns.query; content:"usp.usspjk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjk\.top$/i"; classtype:trojan-activity; sid:37135041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspjk.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspjk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspjk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.ussphz.top"; dns.query; content:"usp.ussphz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussphz\.top$/i"; classtype:trojan-activity; sid:37135071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.ussphz.top"; flow:to_server,established; http.header; content: "Host|3a| usp.ussphz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.ussphz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspfa.top"; dns.query; content:"usp.usspfa.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspfa\.top$/i"; classtype:trojan-activity; sid:37135101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspfa.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspfa.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspfa\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.uspsdp.top"; dns.query; content:"usp.uspsdp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsdp\.top$/i"; classtype:trojan-activity; sid:37135131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.uspsdp.top"; flow:to_server,established; http.header; content: "Host|3a| usp.uspsdp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.uspsdp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspsuxg.top"; dns.query; content:"uspsuxg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxg\.top$/i"; classtype:trojan-activity; sid:37135161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspsuxg.top"; flow:to_server,established; http.header; content: "Host|3a| uspsuxg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspsuxg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usps.mytrackingtf.com"; dns.query; content:"usps.mytrackingtf.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingtf\.com$/i"; classtype:trojan-activity; sid:37135191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usps.mytrackingtf.com"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingtf.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingtf\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usps.inspectpost.com"; dns.query; content:"usps.inspectpost.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.inspectpost\.com$/i"; classtype:trojan-activity; sid:37135221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usps.inspectpost.com"; flow:to_server,established; http.header; content: "Host|3a| usps.inspectpost.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.inspectpost\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspo.usspnq.top"; dns.query; content:"uspo.usspnq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspnq\.top$/i"; classtype:trojan-activity; sid:37135251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspo.usspnq.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspnq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspnq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspo.ussphu.top"; dns.query; content:"uspo.ussphu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphu\.top$/i"; classtype:trojan-activity; sid:37135281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspo.ussphu.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspo.ussphg.top"; dns.query; content:"uspo.ussphg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphg\.top$/i"; classtype:trojan-activity; sid:37135311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspo.ussphg.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspe.ussppi.top"; dns.query; content:"uspe.ussppi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppi\.top$/i"; classtype:trojan-activity; sid:37135341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspe.ussppi.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.ussppi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspd.usspgh.top"; dns.query; content:"uspd.usspgh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspgh\.top$/i"; classtype:trojan-activity; sid:37135371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspd.usspgh.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspgh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspgh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname track-uspos-tols.com"; dns.query; content:"track-uspos-tols.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])track\-uspos\-tols\.com$/i"; classtype:trojan-activity; sid:37135401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname track-uspos-tols.com"; flow:to_server,established; http.header; content: "Host|3a| track-uspos-tols.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])track\-uspos\-tols\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname thewatersofminocqua-2dj.pages.dev"; dns.query; content:"thewatersofminocqua-2dj.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thewatersofminocqua\-2dj\.pages\.dev$/i"; classtype:trojan-activity; sid:37135431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname thewatersofminocqua-2dj.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| thewatersofminocqua-2dj.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thewatersofminocqua\-2dj\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegram18-datinggroup.netlify.app"; dns.query; content:"telegram18-datinggroup.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram18\-datinggroup\.netlify\.app$/i"; classtype:trojan-activity; sid:37135461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegram18-datinggroup.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| telegram18-datinggroup.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram18\-datinggroup\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname snetmailboxverification9102.weeblysite.com"; dns.query; content:"snetmailboxverification9102.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snetmailboxverification9102\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37135491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname snetmailboxverification9102.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| snetmailboxverification9102.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snetmailboxverification9102\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname snapchatlogging.blogspot.com"; dns.query; content:"snapchatlogging.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snapchatlogging\.blogspot\.com$/i"; classtype:trojan-activity; sid:37135521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname snapchatlogging.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| snapchatlogging.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snapchatlogging\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname skolim-autosprzedaz.pl"; dns.query; content:"skolim-autosprzedaz.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])skolim\-autosprzedaz\.pl$/i"; classtype:trojan-activity; sid:37135551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname skolim-autosprzedaz.pl"; flow:to_server,established; http.header; content: "Host|3a| skolim-autosprzedaz.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])skolim\-autosprzedaz\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37135581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname rea.pages.dev"; dns.query; content:"rea.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rea\.pages\.dev$/i"; classtype:trojan-activity; sid:37135611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname rea.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| rea.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rea\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname ratdyfg.weebly.com"; dns.query; content:"ratdyfg.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ratdyfg\.weebly\.com$/i"; classtype:trojan-activity; sid:37135641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname ratdyfg.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| ratdyfg.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ratdyfg\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-8bbbc30421814f1bac74c610fb3d9bf5.r2.dev"; dns.query; content:"pub-8bbbc30421814f1bac74c610fb3d9bf5.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8bbbc30421814f1bac74c610fb3d9bf5\.r2\.dev$/i"; classtype:trojan-activity; sid:37135671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-8bbbc30421814f1bac74c610fb3d9bf5.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-8bbbc30421814f1bac74c610fb3d9bf5.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-8bbbc30421814f1bac74c610fb3d9bf5\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-aa8108c8610841caa5fa7edd2c73175e.r2.dev"; dns.query; content:"pub-aa8108c8610841caa5fa7edd2c73175e.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-aa8108c8610841caa5fa7edd2c73175e\.r2\.dev$/i"; classtype:trojan-activity; sid:37135701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-aa8108c8610841caa5fa7edd2c73175e.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-aa8108c8610841caa5fa7edd2c73175e.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-aa8108c8610841caa5fa7edd2c73175e\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pqtb.pages.dev"; dns.query; content:"pqtb.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pqtb\.pages\.dev$/i"; classtype:trojan-activity; sid:37135731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pqtb.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pqtb.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pqtb\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname otg3656.htyome3656.xyz"; dns.query; content:"otg3656.htyome3656.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])otg3656\.htyome3656\.xyz$/i"; classtype:trojan-activity; sid:37135761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname otg3656.htyome3656.xyz"; flow:to_server,established; http.header; content: "Host|3a| otg3656.htyome3656.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])otg3656\.htyome3656\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname onedrive.tingxi.workers.dev"; dns.query; content:"onedrive.tingxi.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onedrive\.tingxi\.workers\.dev$/i"; classtype:trojan-activity; sid:37135791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname onedrive.tingxi.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| onedrive.tingxi.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onedrive\.tingxi\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname ofl0f1472200ea740469ffa4557843d4430.vercel.app"; dns.query; content:"ofl0f1472200ea740469ffa4557843d4430.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ofl0f1472200ea740469ffa4557843d4430\.vercel\.app$/i"; classtype:trojan-activity; sid:37135821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname ofl0f1472200ea740469ffa4557843d4430.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| ofl0f1472200ea740469ffa4557843d4430.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ofl0f1472200ea740469ffa4557843d4430\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname nieruchomosci-urbanski.pl"; dns.query; content:"nieruchomosci-urbanski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nieruchomosci\-urbanski\.pl$/i"; classtype:trojan-activity; sid:37135851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname nieruchomosci-urbanski.pl"; flow:to_server,established; http.header; content: "Host|3a| nieruchomosci-urbanski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nieruchomosci\-urbanski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname netsxzeeromaisl21.weebly.com"; dns.query; content:"netsxzeeromaisl21.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netsxzeeromaisl21\.weebly\.com$/i"; classtype:trojan-activity; sid:37135881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname netsxzeeromaisl21.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| netsxzeeromaisl21.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netsxzeeromaisl21\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname molinski-auto.pl"; dns.query; content:"molinski-auto.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])molinski\-auto\.pl$/i"; classtype:trojan-activity; sid:37135911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname molinski-auto.pl"; flow:to_server,established; http.header; content: "Host|3a| molinski-auto.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])molinski\-auto\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname microsolfoul.royalwebhosting.net"; dns.query; content:"microsolfoul.royalwebhosting.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsolfoul\.royalwebhosting\.net$/i"; classtype:trojan-activity; sid:37135941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname microsolfoul.royalwebhosting.net"; flow:to_server,established; http.header; content: "Host|3a| microsolfoul.royalwebhosting.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsolfoul\.royalwebhosting\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname lpo.pages.dev"; dns.query; content:"lpo.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lpo\.pages\.dev$/i"; classtype:trojan-activity; sid:37135971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname lpo.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| lpo.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lpo\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37135972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname lucah-melayu-18.uidclown.com"; dns.query; content:"lucah-melayu-18.uidclown.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucah\-melayu\-18\.uidclown\.com$/i"; classtype:trojan-activity; sid:37136001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname lucah-melayu-18.uidclown.com"; flow:to_server,established; http.header; content: "Host|3a| lucah-melayu-18.uidclown.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucah\-melayu\-18\.uidclown\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname lpo.pages.dev"; dns.query; content:"lpo.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lpo\.pages\.dev$/i"; classtype:trojan-activity; sid:37136031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname lpo.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| lpo.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lpo\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname kdhsfgw873461.pages.dev"; dns.query; content:"kdhsfgw873461.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kdhsfgw873461\.pages\.dev$/i"; classtype:trojan-activity; sid:37136061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname kdhsfgw873461.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| kdhsfgw873461.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kdhsfgw873461\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname iresourcing6.wpenginepowered.com"; dns.query; content:"iresourcing6.wpenginepowered.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iresourcing6\.wpenginepowered\.com$/i"; classtype:trojan-activity; sid:37136091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname iresourcing6.wpenginepowered.com"; flow:to_server,established; http.header; content: "Host|3a| iresourcing6.wpenginepowered.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iresourcing6\.wpenginepowered\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname instagram-login-love-m.blogspot.com"; dns.query; content:"instagram-login-love-m.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login\-love\-m\.blogspot\.com$/i"; classtype:trojan-activity; sid:37136121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname instagram-login-love-m.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| instagram-login-love-m.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login\-love\-m\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname imtoken-rn.top"; dns.query; content:"imtoken-rn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rn\.top$/i"; classtype:trojan-activity; sid:37136151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname imtoken-rn.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-rn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname hgdhdgejt.weebly.com"; dns.query; content:"hgdhdgejt.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hgdhdgejt\.weebly\.com$/i"; classtype:trojan-activity; sid:37136181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname hgdhdgejt.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| hgdhdgejt.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hgdhdgejt\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname grup-whatsapv4.23newlink.my.id"; dns.query; content:"grup-whatsapv4.23newlink.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup\-whatsapv4\.23newlink\.my\.id$/i"; classtype:trojan-activity; sid:37136211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname grup-whatsapv4.23newlink.my.id"; flow:to_server,established; http.header; content: "Host|3a| grup-whatsapv4.23newlink.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup\-whatsapv4\.23newlink\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname grup-whatsapv3.23newlink.my.id"; dns.query; content:"grup-whatsapv3.23newlink.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup\-whatsapv3\.23newlink\.my\.id$/i"; classtype:trojan-activity; sid:37136241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname grup-whatsapv3.23newlink.my.id"; flow:to_server,established; http.header; content: "Host|3a| grup-whatsapv3.23newlink.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup\-whatsapv3\.23newlink\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname ghb-coo.pages.dev"; dns.query; content:"ghb-coo.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghb\-coo\.pages\.dev$/i"; classtype:trojan-activity; sid:37136271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname ghb-coo.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ghb-coo.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghb\-coo\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname ff.member.gareza.vn"; dns.query; content:"ff.member.gareza.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.member\.gareza\.vn$/i"; classtype:trojan-activity; sid:37136301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname ff.member.gareza.vn"; flow:to_server,established; http.header; content: "Host|3a| ff.member.gareza.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.member\.gareza\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname depl.pages.dev"; dns.query; content:"depl.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])depl\.pages\.dev$/i"; classtype:trojan-activity; sid:37136331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname depl.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| depl.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])depl\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname dark-bar-5aee.nedefuhiv-qeqediju7214.workers.dev"; dns.query; content:"dark-bar-5aee.nedefuhiv-qeqediju7214.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dark\-bar\-5aee\.nedefuhiv\-qeqediju7214\.workers\.dev$/i"; classtype:trojan-activity; sid:37136361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname dark-bar-5aee.nedefuhiv-qeqediju7214.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| dark-bar-5aee.nedefuhiv-qeqediju7214.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dark\-bar\-5aee\.nedefuhiv\-qeqediju7214\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname carolyolp.weebly.com"; dns.query; content:"carolyolp.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carolyolp\.weebly\.com$/i"; classtype:trojan-activity; sid:37136391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname carolyolp.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| carolyolp.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carolyolp\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeihxjabr4hp42dagn3hgpsvdoqrqym2ya2i2xff53hyhctadpmnk7u.ipfs.cf-ipfs.com"; dns.query; content:"bafybeihxjabr4hp42dagn3hgpsvdoqrqym2ya2i2xff53hyhctadpmnk7u.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeihxjabr4hp42dagn3hgpsvdoqrqym2ya2i2xff53hyhctadpmnk7u\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37136421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeihxjabr4hp42dagn3hgpsvdoqrqym2ya2i2xff53hyhctadpmnk7u.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeihxjabr4hp42dagn3hgpsvdoqrqym2ya2i2xff53hyhctadpmnk7u.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeihxjabr4hp42dagn3hgpsvdoqrqym2ya2i2xff53hyhctadpmnk7u\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeiaj4jz6rnrwy6pkerlmoqykz7s5tsf64p3svl5tpwijlh7hqxdagy.ipfs.cf-ipfs.com"; dns.query; content:"bafybeiaj4jz6rnrwy6pkerlmoqykz7s5tsf64p3svl5tpwijlh7hqxdagy.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeiaj4jz6rnrwy6pkerlmoqykz7s5tsf64p3svl5tpwijlh7hqxdagy\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37136451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeiaj4jz6rnrwy6pkerlmoqykz7s5tsf64p3svl5tpwijlh7hqxdagy.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeiaj4jz6rnrwy6pkerlmoqykz7s5tsf64p3svl5tpwijlh7hqxdagy.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeiaj4jz6rnrwy6pkerlmoqykz7s5tsf64p3svl5tpwijlh7hqxdagy\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname autogielda-wisniowy.pl"; dns.query; content:"autogielda-wisniowy.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-wisniowy\.pl$/i"; classtype:trojan-activity; sid:37136481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname autogielda-wisniowy.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-wisniowy.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-wisniowy\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname autogielda-janowski.pl"; dns.query; content:"autogielda-janowski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-janowski\.pl$/i"; classtype:trojan-activity; sid:37136511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname autogielda-janowski.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-janowski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-janowski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname auta-szwed.pl"; dns.query; content:"auta-szwed.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-szwed\.pl$/i"; classtype:trojan-activity; sid:37136541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname auta-szwed.pl"; flow:to_server,established; http.header; content: "Host|3a| auta-szwed.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-szwed\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname auta-juszczak.pl"; dns.query; content:"auta-juszczak.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-juszczak\.pl$/i"; classtype:trojan-activity; sid:37136571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname auta-juszczak.pl"; flow:to_server,established; http.header; content: "Host|3a| auta-juszczak.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-juszczak\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname auta-juszczak.pl"; dns.query; content:"auta-juszczak.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-juszczak\.pl$/i"; classtype:trojan-activity; sid:37136601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname auta-juszczak.pl"; flow:to_server,established; http.header; content: "Host|3a| auta-juszczak.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-juszczak\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname attsevrices.weebly.com"; dns.query; content:"attsevrices.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attsevrices\.weebly\.com$/i"; classtype:trojan-activity; sid:37136631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname attsevrices.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| attsevrices.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attsevrices\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname anularpagosbc.replit.app"; dns.query; content:"anularpagosbc.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anularpagosbc\.replit\.app$/i"; classtype:trojan-activity; sid:37136661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname anularpagosbc.replit.app"; flow:to_server,established; http.header; content: "Host|3a| anularpagosbc.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anularpagosbc\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname ankushnetflix.netlify.app"; dns.query; content:"ankushnetflix.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ankushnetflix\.netlify\.app$/i"; classtype:trojan-activity; sid:37136691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname ankushnetflix.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| ankushnetflix.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ankushnetflix\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname 951vip02.xyz"; dns.query; content:"951vip02.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])951vip02\.xyz$/i"; classtype:trojan-activity; sid:37136721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname 951vip02.xyz"; flow:to_server,established; http.header; content: "Host|3a| 951vip02.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])951vip02\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname abba-autosprzedaz.pl"; dns.query; content:"abba-autosprzedaz.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])abba\-autosprzedaz\.pl$/i"; classtype:trojan-activity; sid:37136751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname abba-autosprzedaz.pl"; flow:to_server,established; http.header; content: "Host|3a| abba-autosprzedaz.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])abba\-autosprzedaz\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname ofer-halifaxx-ukbankiing.com"; dns.query; content:"ofer-halifaxx-ukbankiing.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ofer\-halifaxx\-ukbankiing\.com$/i"; classtype:trojan-activity; sid:37136781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname ofer-halifaxx-ukbankiing.com"; flow:to_server,established; http.header; content: "Host|3a| ofer-halifaxx-ukbankiing.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ofer\-halifaxx\-ukbankiing\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//ofer-halifaxx-ukbankiing.com/x"; flow:to_server,established; http.header; content:"ofer-halifaxx-ukbankiing.com"; fast_pattern; nocase; http.uri; content:"/x"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37136791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname newlinkqtvz3u4.kezx.my.id"; dns.query; content:"newlinkqtvz3u4.kezx.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newlinkqtvz3u4\.kezx\.my\.id$/i"; classtype:trojan-activity; sid:37136811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname newlinkqtvz3u4.kezx.my.id"; flow:to_server,established; http.header; content: "Host|3a| newlinkqtvz3u4.kezx.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newlinkqtvz3u4\.kezx\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//newlinkqtvz3u4.kezx.my.id"; flow:to_server,established; http.header; content:"newlinkqtvz3u4.kezx.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37136821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname imtoken-au.rip"; dns.query; content:"imtoken-au.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-au\.rip$/i"; classtype:trojan-activity; sid:37136841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname imtoken-au.rip"; flow:to_server,established; http.header; content: "Host|3a| imtoken-au.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-au\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//imtoken-au.rip"; flow:to_server,established; http.header; content:"imtoken-au.rip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37136851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname ff.member.gareza.vn"; dns.query; content:"ff.member.gareza.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.member\.gareza\.vn$/i"; classtype:trojan-activity; sid:37136871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname ff.member.gareza.vn"; flow:to_server,established; http.header; content: "Host|3a| ff.member.gareza.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.member\.gareza\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//ff.member.gareza.vn/tsdjsi0mrzrjkh56stmvms8avuvtnfoabwrniwut85dz7njueaenup3"; flow:to_server,established; http.header; content:"ff.member.gareza.vn"; fast_pattern; nocase; http.uri; content:"/tsdjsi0mrzrjkh56stmvms8avuvtnfoabwrniwut85dz7njueaenup3"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37136881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname facebook.discount.workers.dev"; dns.query; content:"facebook.discount.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\.discount\.workers\.dev$/i"; classtype:trojan-activity; sid:37136901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname facebook.discount.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| facebook.discount.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\.discount\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//facebook.discount.workers.dev"; flow:to_server,established; http.header; content:"facebook.discount.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37136911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname eventllys.tibet.org"; dns.query; content:"eventllys.tibet.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eventllys\.tibet\.org$/i"; classtype:trojan-activity; sid:37136931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname eventllys.tibet.org"; flow:to_server,established; http.header; content: "Host|3a| eventllys.tibet.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eventllys\.tibet\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//eventllys.tibet.org/clars_68377873972434101322944666G/Inpot.gov/f35fd90bf762a01ba120500ad0bcc673/formulaire.php?remise2024dimpots"; flow:to_server,established; http.header; content:"eventllys.tibet.org"; fast_pattern; nocase; http.uri; content:"/clars_68377873972434101322944666G/Inpot.gov/f35fd90bf762a01ba120500ad0bcc673/formulaire.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37136941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname chpiotp.blogspot.com"; dns.query; content:"chpiotp.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chpiotp\.blogspot\.com$/i"; classtype:trojan-activity; sid:37136961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname chpiotp.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| chpiotp.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chpiotp\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname eventllys.tibet.org"; dns.query; content:"eventllys.tibet.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eventllys\.tibet\.org$/i"; classtype:trojan-activity; sid:37136991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname eventllys.tibet.org"; flow:to_server,established; http.header; content: "Host|3a| eventllys.tibet.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eventllys\.tibet\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37136992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//eventllys.tibet.org/clars_68377873972434101322944666G/Inpot.gov/ae699f274873c1e2de83cb1b1d72989b/formulaire.php"; flow:to_server,established; http.header; content:"eventllys.tibet.org"; fast_pattern; nocase; http.uri; content:"/clars_68377873972434101322944666G/Inpot.gov/ae699f274873c1e2de83cb1b1d72989b/formulaire.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname e-ea5.pages.dev"; dns.query; content:"e-ea5.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e\-ea5\.pages\.dev$/i"; classtype:trojan-activity; sid:37137021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname e-ea5.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| e-ea5.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e\-ea5\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//e-ea5.pages.dev/https|3a|/t.myvisualiq.net/impression_pixel?r=739915162"; flow:to_server,established; http.header; content:"e-ea5.pages.dev"; fast_pattern; nocase; http.uri; content:"/https:/t.myvisualiq.net/impression_pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname worker-solitary-heart-a178.hsmith6897.workers.dev"; dns.query; content:"worker-solitary-heart-a178.hsmith6897.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-solitary\-heart\-a178\.hsmith6897\.workers\.dev$/i"; classtype:trojan-activity; sid:37137051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname worker-solitary-heart-a178.hsmith6897.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-solitary-heart-a178.hsmith6897.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-solitary\-heart\-a178\.hsmith6897\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname weareonthesameway.pages.dev"; dns.query; content:"weareonthesameway.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])weareonthesameway\.pages\.dev$/i"; classtype:trojan-activity; sid:37137081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname weareonthesameway.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| weareonthesameway.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])weareonthesameway\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//weareonthesameway.pages.dev/?user-agent=mozilla/5.0windowsnt10.0|3b|win64|3b|x64applewebkit/537.36khtml.likegeckochrome/86.0.4240.75safari/537.36"; flow:to_server,established; http.header; content:"weareonthesameway.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname nwway.pages.dev"; dns.query; content:"nwway.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nwway\.pages\.dev$/i"; classtype:trojan-activity; sid:37137111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname nwway.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nwway.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nwway\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname chpiotp.blogspot.mk"; dns.query; content:"chpiotp.blogspot.mk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chpiotp\.blogspot\.mk$/i"; classtype:trojan-activity; sid:37137141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname chpiotp.blogspot.mk"; flow:to_server,established; http.header; content: "Host|3a| chpiotp.blogspot.mk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chpiotp\.blogspot\.mk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//chpiotp.blogspot.mk"; flow:to_server,established; http.header; content:"chpiotp.blogspot.mk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname qow.telegrammn.cn"; dns.query; content:"qow.telegrammn.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qow\.telegrammn\.cn$/i"; classtype:trojan-activity; sid:37137171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname qow.telegrammn.cn"; flow:to_server,established; http.header; content: "Host|3a| qow.telegrammn.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qow\.telegrammn\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//qow.telegrammn.cn/"; flow:to_server,established; http.header; content:"qow.telegrammn.cn"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname staymyprivate-mys.mythicmys.shop"; dns.query; content:"staymyprivate-mys.mythicmys.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])staymyprivate\-mys\.mythicmys\.shop$/i"; classtype:trojan-activity; sid:37137201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname staymyprivate-mys.mythicmys.shop"; flow:to_server,established; http.header; content: "Host|3a| staymyprivate-mys.mythicmys.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])staymyprivate\-mys\.mythicmys\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname busy-bose.213-226-117-21.plesk.page"; dns.query; content:"busy-bose.213-226-117-21.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])busy\-bose\.213\-226\-117\-21\.plesk\.page$/i"; classtype:trojan-activity; sid:37137231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname busy-bose.213-226-117-21.plesk.page"; flow:to_server,established; http.header; content: "Host|3a| busy-bose.213-226-117-21.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])busy\-bose\.213\-226\-117\-21\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//busy-bose.213-226-117-21.plesk.page/vandetta/evlilik/giris.php"; flow:to_server,established; http.header; content:"busy-bose.213-226-117-21.plesk.page"; fast_pattern; nocase; http.uri; content:"/vandetta/evlilik/giris.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname autogielda-wisniowy.pl"; dns.query; content:"autogielda-wisniowy.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-wisniowy\.pl$/i"; classtype:trojan-activity; sid:37137261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname autogielda-wisniowy.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-wisniowy.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-wisniowy\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//autogielda-wisniowy.pl"; flow:to_server,established; http.header; content:"autogielda-wisniowy.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname auta-szwed.pl"; dns.query; content:"auta-szwed.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-szwed\.pl$/i"; classtype:trojan-activity; sid:37137291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname auta-szwed.pl"; flow:to_server,established; http.header; content: "Host|3a| auta-szwed.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auta\-szwed\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//auta-szwed.pl"; flow:to_server,established; http.header; content:"auta-szwed.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname anularpagosbc.replit.app"; dns.query; content:"anularpagosbc.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anularpagosbc\.replit\.app$/i"; classtype:trojan-activity; sid:37137321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname anularpagosbc.replit.app"; flow:to_server,established; http.header; content: "Host|3a| anularpagosbc.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anularpagosbc\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//anularpagosbc.replit.app/mua/USER/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button"; flow:to_server,established; http.header; content:"anularpagosbc.replit.app"; fast_pattern; nocase; http.uri; content:"/mua/USER/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname imtoken-rg.top"; dns.query; content:"imtoken-rg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rg\.top$/i"; classtype:trojan-activity; sid:37137351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname imtoken-rg.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-rg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//imtoken-rg.top"; flow:to_server,established; http.header; content:"imtoken-rg.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname web3linksync.pages.dev"; dns.query; content:"web3linksync.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web3linksync\.pages\.dev$/i"; classtype:trojan-activity; sid:37137381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname web3linksync.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| web3linksync.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web3linksync\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//web3linksync.pages.dev"; flow:to_server,established; http.header; content:"web3linksync.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname web3resync.pages.dev"; dns.query; content:"web3resync.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web3resync\.pages\.dev$/i"; classtype:trojan-activity; sid:37137411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname web3resync.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| web3resync.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web3resync\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//web3resync.pages.dev"; flow:to_server,established; http.header; content:"web3resync.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uspaoaisbeio1.soundcast.me"; dns.query; content:"uspaoaisbeio1.soundcast.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspaoaisbeio1\.soundcast\.me$/i"; classtype:trojan-activity; sid:37137441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uspaoaisbeio1.soundcast.me"; flow:to_server,established; http.header; content: "Host|3a| uspaoaisbeio1.soundcast.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspaoaisbeio1\.soundcast\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//uspaoaisbeio1.soundcast.me"; flow:to_server,established; http.header; content:"uspaoaisbeio1.soundcast.me"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tok2npo2ket.top"; dns.query; content:"tok2npo2ket.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2npo2ket\.top$/i"; classtype:trojan-activity; sid:37137471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tok2npo2ket.top"; flow:to_server,established; http.header; content: "Host|3a| tok2npo2ket.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2npo2ket\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//tok2npo2ket.top"; flow:to_server,established; http.header; content:"tok2npo2ket.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname xmeo2o.rqa-b.my.id"; dns.query; content:"xmeo2o.rqa-b.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xmeo2o\.rqa\-b\.my\.id$/i"; classtype:trojan-activity; sid:37137501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname xmeo2o.rqa-b.my.id"; flow:to_server,established; http.header; content: "Host|3a| xmeo2o.rqa-b.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xmeo2o\.rqa\-b\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//xmeo2o.rqa-b.my.id"; flow:to_server,established; http.header; content:"xmeo2o.rqa-b.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tok2npo2kwt.top"; dns.query; content:"tok2npo2kwt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2npo2kwt\.top$/i"; classtype:trojan-activity; sid:37137531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tok2npo2kwt.top"; flow:to_server,established; http.header; content: "Host|3a| tok2npo2kwt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2npo2kwt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//tok2npo2kwt.top"; flow:to_server,established; http.header; content:"tok2npo2kwt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> 108.27.217.242 14701 (msg: "MISP e26133 [] Outgoing URL http|3a|//108.27.217.242|3a|14701/.i"; flow:to_server,established; http.header; content:"108.27.217.242"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 42.228.217.17 43769 (msg: "MISP e26133 [] Outgoing URL http|3a|//42.228.217.17|3a|43769/i"; flow:to_server,established; http.header; content:"42.228.217.17"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/x86_64"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/x86_64"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/sparc"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/sparc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/sh4"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/sh4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/powerpc-440fp"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/powerpc-440fp"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/powerpc"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/powerpc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/mipsel"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/mipsel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/m68k"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/m68k"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/i686"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/i686"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/i586"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/i586"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/armv7l"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/armv7l"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/armv6l"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/armv6l"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/armv5l"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/armv5l"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 37.49.228.204 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//37.49.228.204/Simps/armv4l"; flow:to_server,established; http.header; content:"37.49.228.204"; fast_pattern; nocase; http.uri; content:"/Simps/armv4l"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 222.185.99.124 45566 (msg: "MISP e26133 [] Outgoing URL http|3a|//222.185.99.124|3a|45566/bin.sh"; flow:to_server,established; http.header; content:"222.185.99.124"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 222.140.212.50 52199 (msg: "MISP e26133 [] Outgoing URL http|3a|//222.140.212.50|3a|52199/bin.sh"; flow:to_server,established; http.header; content:"222.140.212.50"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//193.233.132.167/lend/joekr1234.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/lend/joekr1234.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//193.233.132.167/lend/goldpricesup12.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/lend/goldpricesup12.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 182.124.144.196 51958 (msg: "MISP e26133 [] Outgoing URL http|3a|//182.124.144.196|3a|51958/Mozi.m"; flow:to_server,established; http.header; content:"182.124.144.196"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 180.117.193.247 34214 (msg: "MISP e26133 [] Outgoing URL http|3a|//180.117.193.247|3a|34214/i"; flow:to_server,established; http.header; content:"180.117.193.247"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 125.47.87.101 37007 (msg: "MISP e26133 [] Outgoing URL http|3a|//125.47.87.101|3a|37007/i"; flow:to_server,established; http.header; content:"125.47.87.101"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 125.47.87.101 37007 (msg: "MISP e26133 [] Outgoing URL http|3a|//125.47.87.101|3a|37007/bin.sh"; flow:to_server,established; http.header; content:"125.47.87.101"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 106.111.37.129 34382 (msg: "MISP e26133 [] Outgoing URL http|3a|//106.111.37.129|3a|34382/Mozi.m"; flow:to_server,established; http.header; content:"106.111.37.129"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 103.42.243.130 34464 (msg: "MISP e26133 [] Outgoing URL http|3a|//103.42.243.130|3a|34464/Mozi.m"; flow:to_server,established; http.header; content:"103.42.243.130"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 222.140.212.50 52199 (msg: "MISP e26133 [] Outgoing URL http|3a|//222.140.212.50|3a|52199/i"; flow:to_server,established; http.header; content:"222.140.212.50"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 222.140.212.50 52199 (msg: "MISP e26133 [] Outgoing URL http|3a|//222.140.212.50|3a|52199/"; flow:to_server,established; http.header; content:"222.140.212.50"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 182.127.177.190 36743 (msg: "MISP e26133 [] Outgoing URL http|3a|//182.127.177.190|3a|36743/bin.sh"; flow:to_server,established; http.header; content:"182.127.177.190"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 118.233.243.14 53813 (msg: "MISP e26133 [] Outgoing URL http|3a|//118.233.243.14|3a|53813/bin.sh"; flow:to_server,established; http.header; content:"118.233.243.14"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 117.255.82.73 50127 (msg: "MISP e26133 [] Outgoing URL http|3a|//117.255.82.73|3a|50127/Mozi.m"; flow:to_server,established; http.header; content:"117.255.82.73"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 117.213.45.175 53832 (msg: "MISP e26133 [] Outgoing URL http|3a|//117.213.45.175|3a|53832/bin.sh"; flow:to_server,established; http.header; content:"117.213.45.175"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 42.230.142.117 51226 (msg: "MISP e26133 [] Outgoing URL http|3a|//42.230.142.117|3a|51226/Mozi.m"; flow:to_server,established; http.header; content:"42.230.142.117"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 182.126.82.249 45150 (msg: "MISP e26133 [] Outgoing URL http|3a|//182.126.82.249|3a|45150/Mozi.m"; flow:to_server,established; http.header; content:"182.126.82.249"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 117.199.74.21 54477 (msg: "MISP e26133 [] Outgoing URL http|3a|//117.199.74.21|3a|54477/Mozi.m"; flow:to_server,established; http.header; content:"117.199.74.21"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 115.51.32.89 37830 (msg: "MISP e26133 [] Outgoing URL http|3a|//115.51.32.89|3a|37830/bin.sh"; flow:to_server,established; http.header; content:"115.51.32.89"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert ip $HOME_NET any -> 85.192.32.83 1194 (msg: "MISP e26150 [] Outgoing To IP: 85.192.32.83|1194"; classtype:trojan-activity; sid:37167051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26150 [] Outgoing URL http|3a|//cr13705.tw1.ru/_Defaultwindows.php"; flow:to_server,established; http.header; content:"cr13705.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_Defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26134 [] Domain webfun.website"; dns.query; content:"webfun.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])webfun\.website$/i"; classtype:trojan-activity; sid:37142711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26134;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26134 [] Outgoing HTTP Domain webfun.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webfun.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webfun\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37142712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26134;) alert ip $HOME_NET any -> 85.192.32.83 1194 (msg: "MISP e26076 [njrat,RAT] Outgoing To IP: 85.192.32.83|1194"; classtype:trojan-activity; sid:37126131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> 217.25.94.158 $HTTP_PORTS (msg: "MISP e26076 [dcrat] Outgoing URL http|3a|//217.25.94.158/0linuxcdnpipe/windowsto/providerproton/347/auth5dumpjs/84geotemporary/vmto_processauthlongpolltraffictrackcdn.php"; flow:to_server,established; http.header; content:"217.25.94.158"; fast_pattern; nocase; http.uri; content:"/0linuxcdnpipe/windowsto/providerproton/347/auth5dumpjs/84geotemporary/vmto_processauthlongpolltraffictrackcdn.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37126141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> 139.196.191.50 8018 (msg: "MISP e26076 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//139.196.191.50|3a|8018/cx"; flow:to_server,established; http.header; content:"139.196.191.50"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37126151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> 81.68.248.191 8021 (msg: "MISP e26076 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//81.68.248.191|3a|8021/ca"; flow:to_server,established; http.header; content:"81.68.248.191"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37126161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> 81.68.248.191 8021 (msg: "MISP e26150 [] Outgoing URL http|3a|//81.68.248.191|3a|8021/ca"; flow:to_server,established; http.header; content:"81.68.248.191"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> 139.196.191.50 8018 (msg: "MISP e26150 [] Outgoing URL http|3a|//139.196.191.50|3a|8018/cx"; flow:to_server,established; http.header; content:"139.196.191.50"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> 217.25.94.158 $HTTP_PORTS (msg: "MISP e26150 [] Outgoing URL http|3a|//217.25.94.158/0LinuxCdnPipe/WindowsTo/ProviderProton/347/auth5dumpJs/84GeoTemporary/Vmto_processauthlongpollTrafficTrackCdn.php"; flow:to_server,established; http.header; content:"217.25.94.158"; fast_pattern; nocase; http.uri; content:"/0LinuxCdnPipe/WindowsTo/ProviderProton/347/auth5dumpJs/84GeoTemporary/Vmto_processauthlongpollTrafficTrackCdn.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> 43.251.159.58 8637 (msg: "MISP e26076 [CobaltStrike,cs-watermark-305419896,IPTELECOM ASIA] Outgoing URL http|3a|//43.251.159.58|3a|8637/j.ad"; flow:to_server,established; http.header; content:"43.251.159.58"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37126171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26148 [Take Down] Hostname v5.chalakishere.site"; dns.query; content:"v5.chalakishere.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])v5\.chalakishere\.site$/i"; classtype:trojan-activity; sid:37166131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26148;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26148 [Take Down] Outgoing HTTP Hostname v5.chalakishere.site"; flow:to_server,established; http.header; content: "Host|3a| v5.chalakishere.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])v5\.chalakishere\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37166132; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26148;) alert dns any any -> any any (msg: "MISP e26148 [Take Down] Domain chalakishere.site"; dns.query; content:"chalakishere.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])chalakishere\.site$/i"; classtype:trojan-activity; sid:37166141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26148;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26148 [Take Down] Outgoing HTTP Domain chalakishere.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chalakishere.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chalakishere\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37166142; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26148;) alert http $HOME_NET any -> 43.251.159.58 8637 (msg: "MISP e26150 [] Outgoing URL http|3a|//43.251.159.58|3a|8637/j.ad"; flow:to_server,established; http.header; content:"43.251.159.58"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26076 [Gomorrah,ViriBack] Domain 53d5-66-154-102-195.ngrok-free.app"; dns.query; content:"53d5-66-154-102-195.ngrok-free.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])53d5\-66\-154\-102\-195\.ngrok\-free\.app$/i"; classtype:trojan-activity; sid:37126181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [Gomorrah,ViriBack] Outgoing HTTP Domain 53d5-66-154-102-195.ngrok-free.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"53d5-66-154-102-195.ngrok-free.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])53d5\-66\-154\-102\-195\.ngrok\-free\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37126182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26136 [] Domain afcsub.sbs"; dns.query; content:"afcsub.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])afcsub\.sbs$/i"; classtype:trojan-activity; sid:37143141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26136;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26136 [] Outgoing HTTP Domain afcsub.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"afcsub.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])afcsub\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37143142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26136;) alert dns any any -> any any (msg: "MISP e26150 [] Domain 53d5-66-154-102-195.ngrok-free.app"; dns.query; content:"53d5-66-154-102-195.ngrok-free.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])53d5\-66\-154\-102\-195\.ngrok\-free\.app$/i"; classtype:trojan-activity; sid:37167111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain 53d5-66-154-102-195.ngrok-free.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"53d5-66-154-102-195.ngrok-free.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])53d5\-66\-154\-102\-195\.ngrok\-free\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 172.245.208.5 2060 (msg: "MISP e26150 [] Outgoing To IP: 172.245.208.5|2060"; classtype:trojan-activity; sid:37167121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26150 [] Domain merckllc.top"; dns.query; content:"merckllc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])merckllc\.top$/i"; classtype:trojan-activity; sid:37167131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain merckllc.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merckllc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merckllc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 3.125.209.94 14114 (msg: "MISP e26150 [] Outgoing To IP: 3.125.209.94|14114"; classtype:trojan-activity; sid:37167141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 45.153.230.56 7777 (msg: "MISP e26150 [] Outgoing To IP: 45.153.230.56|7777"; classtype:trojan-activity; sid:37167151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 3.125.209.94 14114 (msg: "MISP e26076 [njrat,RAT] Outgoing To IP: 3.125.209.94|14114"; classtype:trojan-activity; sid:37126201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 45.153.230.56 7777 (msg: "MISP e26076 [njrat,RAT] Outgoing To IP: 45.153.230.56|7777"; classtype:trojan-activity; sid:37126191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 5.39.43.50 7777 (msg: "MISP e26150 [] Outgoing To IP: 5.39.43.50|7777"; classtype:trojan-activity; sid:37167161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 5.39.43.50 7777 (msg: "MISP e26076 [njrat,RAT] Outgoing To IP: 5.39.43.50|7777"; classtype:trojan-activity; sid:37126211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26150 [] Domain ccuk.edenexit.com"; dns.query; content:"ccuk.edenexit.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ccuk\.edenexit\.com$/i"; classtype:trojan-activity; sid:37167171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain ccuk.edenexit.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ccuk.edenexit.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ccuk\.edenexit\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26150 [] Domain winkimedia.it"; dns.query; content:"winkimedia.it"; nocase; pcre: "/(^|[^A-Za-z0-9-])winkimedia\.it$/i"; classtype:trojan-activity; sid:37167181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain winkimedia.it"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"winkimedia.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])winkimedia\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip 104.152.52.100 any -> $HOME_NET any (msg: "MISP e26156 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.152.52.100"; classtype:trojan-activity; sid:37170211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26156;) alert ip 102.117.233.239 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.117.233.239"; classtype:trojan-activity; sid:37183611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 106.59.10.204 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.59.10.204"; classtype:trojan-activity; sid:37183621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 109.228.137.87 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.228.137.87"; classtype:trojan-activity; sid:37183631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 112.171.133.104 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.171.133.104"; classtype:trojan-activity; sid:37183641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 111.178.108.177 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.178.108.177"; classtype:trojan-activity; sid:37183651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 113.200.137.46 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.46"; classtype:trojan-activity; sid:37183661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 113.195.108.230 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.195.108.230"; classtype:trojan-activity; sid:37183671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 114.227.63.188 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.227.63.188"; classtype:trojan-activity; sid:37183681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 113.239.84.238 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.239.84.238"; classtype:trojan-activity; sid:37183691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 116.55.177.30 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.55.177.30"; classtype:trojan-activity; sid:37183701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 114.227.64.90 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.227.64.90"; classtype:trojan-activity; sid:37183711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 117.63.115.24 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.63.115.24"; classtype:trojan-activity; sid:37183721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 117.252.164.178 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.252.164.178"; classtype:trojan-activity; sid:37183731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 117.63.36.163 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.63.36.163"; classtype:trojan-activity; sid:37183741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 118.140.120.198 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.140.120.198"; classtype:trojan-activity; sid:37183751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 118.9.208.194 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.9.208.194"; classtype:trojan-activity; sid:37183761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 118.26.39.172 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.26.39.172"; classtype:trojan-activity; sid:37183771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 121.239.184.218 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.239.184.218"; classtype:trojan-activity; sid:37183781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 121.82.231.4 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.82.231.4"; classtype:trojan-activity; sid:37183791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 121.135.165.222 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.135.165.222"; classtype:trojan-activity; sid:37183801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 123.244.79.206 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.244.79.206"; classtype:trojan-activity; sid:37183811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 121.57.217.74 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.57.217.74"; classtype:trojan-activity; sid:37183821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 125.26.229.100 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.229.100"; classtype:trojan-activity; sid:37183831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 122.117.149.176 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.149.176"; classtype:trojan-activity; sid:37183841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 141.98.11.107 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.107"; classtype:trojan-activity; sid:37183851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 162.216.150.52 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.216.150.52"; classtype:trojan-activity; sid:37183861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 123.245.97.61 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.245.97.61"; classtype:trojan-activity; sid:37183871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 129.126.215.197 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.126.215.197"; classtype:trojan-activity; sid:37183881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 175.11.133.12 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.133.12"; classtype:trojan-activity; sid:37183891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 183.220.240.140 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.220.240.140"; classtype:trojan-activity; sid:37183901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 150.91.144.239 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.91.144.239"; classtype:trojan-activity; sid:37183911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 171.88.40.86 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.88.40.86"; classtype:trojan-activity; sid:37183921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 184.67.204.178 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.67.204.178"; classtype:trojan-activity; sid:37183931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 189.142.148.12 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.142.148.12"; classtype:trojan-activity; sid:37183941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 177.163.233.128 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.163.233.128"; classtype:trojan-activity; sid:37183951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 204.76.203.96 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.76.203.96"; classtype:trojan-activity; sid:37183961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 184.170.79.34 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.170.79.34"; classtype:trojan-activity; sid:37183971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 185.40.136.42 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.40.136.42"; classtype:trojan-activity; sid:37183981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 212.164.222.119 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.164.222.119"; classtype:trojan-activity; sid:37183991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 194.48.250.126 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.126"; classtype:trojan-activity; sid:37184001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 213.153.152.34 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.153.152.34"; classtype:trojan-activity; sid:37184011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 211.15.120.103 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.15.120.103"; classtype:trojan-activity; sid:37184021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 213.113.8.237 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.113.8.237"; classtype:trojan-activity; sid:37184031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 218.17.187.156 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.17.187.156"; classtype:trojan-activity; sid:37184041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 220.134.165.231 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.134.165.231"; classtype:trojan-activity; sid:37184051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 219.145.103.61 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.145.103.61"; classtype:trojan-activity; sid:37184061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 220.135.13.44 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.13.44"; classtype:trojan-activity; sid:37184071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 220.142.145.95 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.142.145.95"; classtype:trojan-activity; sid:37184081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 220.168.240.107 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.168.240.107"; classtype:trojan-activity; sid:37184091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 221.213.120.159 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.213.120.159"; classtype:trojan-activity; sid:37184101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 223.151.225.246 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.225.246"; classtype:trojan-activity; sid:37184111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 223.8.193.248 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.193.248"; classtype:trojan-activity; sid:37184121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 27.20.144.9 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.20.144.9"; classtype:trojan-activity; sid:37184131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 24.148.91.34 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.148.91.34"; classtype:trojan-activity; sid:37184141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 36.158.123.116 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.158.123.116"; classtype:trojan-activity; sid:37184151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 37.255.236.154 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.255.236.154"; classtype:trojan-activity; sid:37184161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 27.25.99.6 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.25.99.6"; classtype:trojan-activity; sid:37184171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 42.200.36.179 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.200.36.179"; classtype:trojan-activity; sid:37184181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 36.2.92.72 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.2.92.72"; classtype:trojan-activity; sid:37184191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 45.233.211.7 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.233.211.7"; classtype:trojan-activity; sid:37184201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 37.54.65.83 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.54.65.83"; classtype:trojan-activity; sid:37184211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 49.86.121.5 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.86.121.5"; classtype:trojan-activity; sid:37184221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 45.128.232.40 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.128.232.40"; classtype:trojan-activity; sid:37184231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 58.152.158.49 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.152.158.49"; classtype:trojan-activity; sid:37184241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 47.104.209.172 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.104.209.172"; classtype:trojan-activity; sid:37184251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 58.47.64.139 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.64.139"; classtype:trojan-activity; sid:37184261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 50.46.11.137 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.46.11.137"; classtype:trojan-activity; sid:37184271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 60.253.50.44 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.253.50.44"; classtype:trojan-activity; sid:37184281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 58.47.105.196 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.105.196"; classtype:trojan-activity; sid:37184291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 78.188.6.251 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.188.6.251"; classtype:trojan-activity; sid:37184301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 58.55.34.75 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.55.34.75"; classtype:trojan-activity; sid:37184311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 87.27.38.143 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.27.38.143"; classtype:trojan-activity; sid:37184321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 61.178.118.73 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.178.118.73"; classtype:trojan-activity; sid:37184331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 95.106.150.78 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.106.150.78"; classtype:trojan-activity; sid:37184341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 85.27.223.86 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.27.223.86"; classtype:trojan-activity; sid:37184351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 99.7.11.145 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 99.7.11.145"; classtype:trojan-activity; sid:37184361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 101.43.66.142 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.66.142"; classtype:trojan-activity; sid:37183481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 102.152.178.204 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.152.178.204"; classtype:trojan-activity; sid:37183491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 1.232.42.108 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.232.42.108"; classtype:trojan-activity; sid:37183501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 116.172.184.189 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.172.184.189"; classtype:trojan-activity; sid:37183511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 89.207.71.237 any -> $HOME_NET any (msg: "MISP e26159 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.207.71.237"; classtype:trojan-activity; sid:37184371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26159;) alert ip 221.213.12.117 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.213.12.117"; classtype:trojan-activity; sid:37183521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 8.218.88.59 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.218.88.59"; classtype:trojan-activity; sid:37183531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 65.109.108.161 any -> $HOME_NET any (msg: "MISP e26140 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.109.108.161"; classtype:trojan-activity; sid:37153971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26140;) alert ip 185.196.9.45 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.196.9.45"; classtype:trojan-activity; sid:37183541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 43.136.19.130 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.19.130"; classtype:trojan-activity; sid:37183551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 185.167.97.244 any -> $HOME_NET any (msg: "MISP e26140 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.167.97.244"; classtype:trojan-activity; sid:37153981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26140;) alert ip 180.76.188.151 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.188.151"; classtype:trojan-activity; sid:37183561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 171.244.136.159 any -> $HOME_NET any (msg: "MISP e26140 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.244.136.159"; classtype:trojan-activity; sid:37153991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26140;) alert ip 124.221.121.222 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.121.222"; classtype:trojan-activity; sid:37183571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 198.235.24.198 any -> $HOME_NET any (msg: "MISP e26140 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.198"; classtype:trojan-activity; sid:37154001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26140;) alert ip 128.22.150.116 any -> $HOME_NET any (msg: "MISP e26140 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.22.150.116"; classtype:trojan-activity; sid:37154011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26140;) alert ip 111.43.75.97 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.43.75.97"; classtype:trojan-activity; sid:37183581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 8.142.142.89 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.142.142.89"; classtype:trojan-activity; sid:37183591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 185.196.10.93 any -> $HOME_NET any (msg: "MISP e26158 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.196.10.93"; classtype:trojan-activity; sid:37183601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26158;) alert ip 152.32.227.252 any -> $HOME_NET any (msg: "MISP e26140 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.227.252"; classtype:trojan-activity; sid:37154021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26140;) alert ip 123.212.240.162 any -> $HOME_NET any (msg: "MISP e26140 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.212.240.162"; classtype:trojan-activity; sid:37154031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26140;) alert ip 75.74.156.207 any -> $HOME_NET any (msg: "MISP e26140 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.74.156.207"; classtype:trojan-activity; sid:37154041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26140;) alert ip 179.60.150.59 any -> $HOME_NET any (msg: "MISP e26140 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.60.150.59"; classtype:trojan-activity; sid:37154051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26140;) alert ip 121.62.61.246 any -> $HOME_NET any (msg: "MISP e26140 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.62.61.246"; classtype:trojan-activity; sid:37154061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26140;) alert ip $HOME_NET any -> 94.156.69.147 61616 (msg: "MISP e26150 [] Outgoing To IP: 94.156.69.147|61616"; classtype:trojan-activity; sid:37167191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 94.156.71.221 1291 (msg: "MISP e26150 [] Outgoing To IP: 94.156.71.221|1291"; classtype:trojan-activity; sid:37167201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26076 [CobaltStrike,cs-watermark-987654321] Domain winkimedia.it"; dns.query; content:"winkimedia.it"; nocase; pcre: "/(^|[^A-Za-z0-9-])winkimedia\.it$/i"; classtype:trojan-activity; sid:37126231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain winkimedia.it"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"winkimedia.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])winkimedia\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37126232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 94.156.71.221 1291 (msg: "MISP e26076 [TBOTNET] Outgoing To IP: 94.156.71.221|1291"; classtype:trojan-activity; sid:37126251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 94.156.69.147 61616 (msg: "MISP e26076 [TBOTNET] Outgoing To IP: 94.156.69.147|61616"; classtype:trojan-activity; sid:37126241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [CobaltStrike,cs-watermark-987654321] Domain ccuk.edenexit.com"; dns.query; content:"ccuk.edenexit.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ccuk\.edenexit\.com$/i"; classtype:trojan-activity; sid:37126221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain ccuk.edenexit.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ccuk.edenexit.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ccuk\.edenexit\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37126222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 80.66.85.145 27441 (msg: "MISP e26150 [] Outgoing To IP: 80.66.85.145|27441"; classtype:trojan-activity; sid:37167211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 5.231.1.213 443 (msg: "MISP e26150 [] Outgoing To IP: 5.231.1.213|443"; classtype:trojan-activity; sid:37167221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 5.181.202.164 443 (msg: "MISP e26150 [] Outgoing To IP: 5.181.202.164|443"; classtype:trojan-activity; sid:37167231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 45.129.199.163 443 (msg: "MISP e26150 [] Outgoing To IP: 45.129.199.163|443"; classtype:trojan-activity; sid:37167241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname api3-collabland.com"; dns.query; content:"api3-collabland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])api3\-collabland\.com$/i"; classtype:trojan-activity; sid:37137561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname api3-collabland.com"; flow:to_server,established; http.header; content: "Host|3a| api3-collabland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])api3\-collabland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname sidereh.com.ar"; dns.query; content:"sidereh.com.ar"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sidereh\.com\.ar$/i"; classtype:trojan-activity; sid:37137591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname sidereh.com.ar"; flow:to_server,established; http.header; content: "Host|3a| sidereh.com.ar"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sidereh\.com\.ar[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tmsnetwork.pages.dev"; dns.query; content:"tmsnetwork.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tmsnetwork\.pages\.dev$/i"; classtype:trojan-activity; sid:37137621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tmsnetwork.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| tmsnetwork.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tmsnetwork\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//tmsnetwork.pages.dev"; flow:to_server,established; http.header; content:"tmsnetwork.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname ykoef.pages.dev"; dns.query; content:"ykoef.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ykoef\.pages\.dev$/i"; classtype:trojan-activity; sid:37137651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname ykoef.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ykoef.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ykoef\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//ykoef.pages.dev"; flow:to_server,established; http.header; content:"ykoef.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname homeincyprus.info"; dns.query; content:"homeincyprus.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])homeincyprus\.info$/i"; classtype:trojan-activity; sid:37137681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname homeincyprus.info"; flow:to_server,established; http.header; content: "Host|3a| homeincyprus.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])homeincyprus\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname galeriacenter47.com.br"; dns.query; content:"galeriacenter47.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])galeriacenter47\.com\.br$/i"; classtype:trojan-activity; sid:37137711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname galeriacenter47.com.br"; flow:to_server,established; http.header; content: "Host|3a| galeriacenter47.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])galeriacenter47\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname server1163033.netart.com"; dns.query; content:"server1163033.netart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1163033\.netart\.com$/i"; classtype:trojan-activity; sid:37137741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname server1163033.netart.com"; flow:to_server,established; http.header; content: "Host|3a| server1163033.netart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1163033\.netart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-3ab0ea2801fb488ea117ab826ed0ed97.r2.dev"; dns.query; content:"pub-3ab0ea2801fb488ea117ab826ed0ed97.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-3ab0ea2801fb488ea117ab826ed0ed97\.r2\.dev$/i"; classtype:trojan-activity; sid:37137771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-3ab0ea2801fb488ea117ab826ed0ed97.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-3ab0ea2801fb488ea117ab826ed0ed97.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-3ab0ea2801fb488ea117ab826ed0ed97\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bekawin.kz"; dns.query; content:"bekawin.kz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bekawin\.kz$/i"; classtype:trojan-activity; sid:37137801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bekawin.kz"; flow:to_server,established; http.header; content: "Host|3a| bekawin.kz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bekawin\.kz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bekaaviator.kz"; dns.query; content:"bekaaviator.kz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bekaaviator\.kz$/i"; classtype:trojan-activity; sid:37137831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bekaaviator.kz"; flow:to_server,established; http.header; content: "Host|3a| bekaaviator.kz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bekaaviator\.kz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname mvsnv.pages.dev"; dns.query; content:"mvsnv.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mvsnv\.pages\.dev$/i"; classtype:trojan-activity; sid:37137861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname mvsnv.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| mvsnv.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mvsnv\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//mvsnv.pages.dev"; flow:to_server,established; http.header; content:"mvsnv.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname imtoken-bq.net"; dns.query; content:"imtoken-bq.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bq\.net$/i"; classtype:trojan-activity; sid:37137891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname imtoken-bq.net"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bq.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bq\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//imtoken-bq.net"; flow:to_server,established; http.header; content:"imtoken-bq.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tokenpbcket.run"; dns.query; content:"tokenpbcket.run"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbcket\.run$/i"; classtype:trojan-activity; sid:37137921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tokenpbcket.run"; flow:to_server,established; http.header; content: "Host|3a| tokenpbcket.run"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbcket\.run[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//tokenpbcket.run"; flow:to_server,established; http.header; content:"tokenpbcket.run"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname mail.ehazine415.com"; dns.query; content:"mail.ehazine415.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.ehazine415\.com$/i"; classtype:trojan-activity; sid:37137951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname mail.ehazine415.com"; flow:to_server,established; http.header; content: "Host|3a| mail.ehazine415.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.ehazine415\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//mail.ehazine415.com"; flow:to_server,established; http.header; content:"mail.ehazine415.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tokexpocket.com"; dns.query; content:"tokexpocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokexpocket\.com$/i"; classtype:trojan-activity; sid:37137981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tokexpocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokexpocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokexpocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37137982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//tokexpocket.com"; flow:to_server,established; http.header; content:"tokexpocket.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37137991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname blockchainsvalidation.pages.dev"; dns.query; content:"blockchainsvalidation.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsvalidation\.pages\.dev$/i"; classtype:trojan-activity; sid:37138011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname blockchainsvalidation.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchainsvalidation.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsvalidation\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//blockchainsvalidation.pages.dev"; flow:to_server,established; http.header; content:"blockchainsvalidation.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname entry.nftb-claim.com"; dns.query; content:"entry.nftb-claim.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])entry\.nftb\-claim\.com$/i"; classtype:trojan-activity; sid:37138041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname entry.nftb-claim.com"; flow:to_server,established; http.header; content: "Host|3a| entry.nftb-claim.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])entry\.nftb\-claim\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//entry.nftb-claim.com"; flow:to_server,established; http.header; content:"entry.nftb-claim.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname imtoken-bq.run"; dns.query; content:"imtoken-bq.run"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bq\.run$/i"; classtype:trojan-activity; sid:37138071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname imtoken-bq.run"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bq.run"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bq\.run[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//imtoken-bq.run"; flow:to_server,established; http.header; content:"imtoken-bq.run"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bitcoinspark.pages.dev"; dns.query; content:"bitcoinspark.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bitcoinspark\.pages\.dev$/i"; classtype:trojan-activity; sid:37138101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bitcoinspark.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bitcoinspark.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bitcoinspark\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bitcoinspark.pages.dev"; flow:to_server,established; http.header; content:"bitcoinspark.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname autogielda-maciejski.pl"; dns.query; content:"autogielda-maciejski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-maciejski\.pl$/i"; classtype:trojan-activity; sid:37138131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname autogielda-maciejski.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-maciejski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-maciejski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//autogielda-maciejski.pl"; flow:to_server,established; http.header; content:"autogielda-maciejski.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname finde-mich-hier.pages.dev"; dns.query; content:"finde-mich-hier.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finde\-mich\-hier\.pages\.dev$/i"; classtype:trojan-activity; sid:37138161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname finde-mich-hier.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| finde-mich-hier.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finde\-mich\-hier\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//finde-mich-hier.pages.dev"; flow:to_server,established; http.header; content:"finde-mich-hier.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname nieruchomosci-maciejewski.pl"; dns.query; content:"nieruchomosci-maciejewski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nieruchomosci\-maciejewski\.pl$/i"; classtype:trojan-activity; sid:37138191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname nieruchomosci-maciejewski.pl"; flow:to_server,established; http.header; content: "Host|3a| nieruchomosci-maciejewski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nieruchomosci\-maciejewski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//nieruchomosci-maciejewski.pl"; flow:to_server,established; http.header; content:"nieruchomosci-maciejewski.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname eth20token.pages.dev"; dns.query; content:"eth20token.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eth20token\.pages\.dev$/i"; classtype:trojan-activity; sid:37138221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname eth20token.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| eth20token.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eth20token\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//eth20token.pages.dev"; flow:to_server,established; http.header; content:"eth20token.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname yxu.pages.dev"; dns.query; content:"yxu.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yxu\.pages\.dev$/i"; classtype:trojan-activity; sid:37138251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname yxu.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yxu.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yxu\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//yxu.pages.dev/https/tapestry.tapad.com/tapestry/1?ao=0"; flow:to_server,established; http.header; content:"yxu.pages.dev"; fast_pattern; nocase; http.uri; content:"/https/tapestry.tapad.com/tapestry/1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname www-swiss-pass-ch-oevlogin-switz.codeanyapp.com"; dns.query; content:"www-swiss-pass-ch-oevlogin-switz.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-swiss\-pass\-ch\-oevlogin\-switz\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37138281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname www-swiss-pass-ch-oevlogin-switz.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| www-swiss-pass-ch-oevlogin-switz.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-swiss\-pass\-ch\-oevlogin\-switz\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//www-swiss-pass-ch-oevlogin-switz.codeanyapp.com/swiss/CH"; flow:to_server,established; http.header; content:"www-swiss-pass-ch-oevlogin-switz.codeanyapp.com"; fast_pattern; nocase; http.uri; content:"/swiss/CH"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname walletrezornv.weebly.com"; dns.query; content:"walletrezornv.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])walletrezornv\.weebly\.com$/i"; classtype:trojan-activity; sid:37138311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname walletrezornv.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| walletrezornv.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])walletrezornv\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//walletrezornv.weebly.com"; flow:to_server,established; http.header; content:"walletrezornv.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname verifypalestine.blogspot.qa"; dns.query; content:"verifypalestine.blogspot.qa"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifypalestine\.blogspot\.qa$/i"; classtype:trojan-activity; sid:37138341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname verifypalestine.blogspot.qa"; flow:to_server,established; http.header; content: "Host|3a| verifypalestine.blogspot.qa"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifypalestine\.blogspot\.qa[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//verifypalestine.blogspot.qa"; flow:to_server,established; http.header; content:"verifypalestine.blogspot.qa"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname mypackage.xcvcc.top"; dns.query; content:"mypackage.xcvcc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mypackage\.xcvcc\.top$/i"; classtype:trojan-activity; sid:37138371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname mypackage.xcvcc.top"; flow:to_server,established; http.header; content: "Host|3a| mypackage.xcvcc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mypackage\.xcvcc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//mypackage.xcvcc.top"; flow:to_server,established; http.header; content:"mypackage.xcvcc.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname verifypalestine.blogspot.com"; dns.query; content:"verifypalestine.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifypalestine\.blogspot\.com$/i"; classtype:trojan-activity; sid:37138401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname verifypalestine.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| verifypalestine.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifypalestine\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspgd.top"; dns.query; content:"usp.usspgd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspgd\.top$/i"; classtype:trojan-activity; sid:37138431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspgd.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspgd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspgd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//usp.usspgd.top/index"; flow:to_server,established; http.header; content:"usp.usspgd.top"; fast_pattern; nocase; http.uri; content:"/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname uphould-lgin.weebly.com"; dns.query; content:"uphould-lgin.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uphould\-lgin\.weebly\.com$/i"; classtype:trojan-activity; sid:37138461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname uphould-lgin.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| uphould-lgin.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uphould\-lgin\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//uphould-lgin.weebly.com"; flow:to_server,established; http.header; content:"uphould-lgin.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegrlm.club"; dns.query; content:"telegrlm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.club$/i"; classtype:trojan-activity; sid:37138491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegrlm.club"; flow:to_server,established; http.header; content: "Host|3a| telegrlm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrlm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegrlm.club/web"; flow:to_server,established; http.header; content:"telegrlm.club"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegpewm.club"; dns.query; content:"telegpewm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegpewm\.club$/i"; classtype:trojan-activity; sid:37138521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegpewm.club"; flow:to_server,established; http.header; content: "Host|3a| telegpewm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegpewm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//telegpewm.club/web"; flow:to_server,established; http.header; content:"telegpewm.club"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tejas-warade.github.io"; dns.query; content:"tejas-warade.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tejas\-warade\.github\.io$/i"; classtype:trojan-activity; sid:37138551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tejas-warade.github.io"; flow:to_server,established; http.header; content: "Host|3a| tejas-warade.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tejas\-warade\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//tejas-warade.github.io/Netflix-Homepage-Clone"; flow:to_server,established; http.header; content:"tejas-warade.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix-Homepage-Clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tannurajput.github.io"; dns.query; content:"tannurajput.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tannurajput\.github\.io$/i"; classtype:trojan-activity; sid:37138581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tannurajput.github.io"; flow:to_server,established; http.header; content: "Host|3a| tannurajput.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tannurajput\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//tannurajput.github.io/NetflixClone"; flow:to_server,established; http.header; content:"tannurajput.github.io"; fast_pattern; nocase; http.uri; content:"/NetflixClone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname www-swiss-pass-ch-oevlogin-switz.codeanyapp.com"; dns.query; content:"www-swiss-pass-ch-oevlogin-switz.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-swiss\-pass\-ch\-oevlogin\-switz\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37138611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname www-swiss-pass-ch-oevlogin-switz.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| www-swiss-pass-ch-oevlogin-switz.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-swiss\-pass\-ch\-oevlogin\-switz\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname verifypalestine.blogspot.pe"; dns.query; content:"verifypalestine.blogspot.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifypalestine\.blogspot\.pe$/i"; classtype:trojan-activity; sid:37138641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname verifypalestine.blogspot.pe"; flow:to_server,established; http.header; content: "Host|3a| verifypalestine.blogspot.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifypalestine\.blogspot\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname verifypalestine.blogspot.mk"; dns.query; content:"verifypalestine.blogspot.mk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifypalestine\.blogspot\.mk$/i"; classtype:trojan-activity; sid:37138671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname verifypalestine.blogspot.mk"; flow:to_server,established; http.header; content: "Host|3a| verifypalestine.blogspot.mk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifypalestine\.blogspot\.mk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname verifypalestine.blogspot.cl"; dns.query; content:"verifypalestine.blogspot.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifypalestine\.blogspot\.cl$/i"; classtype:trojan-activity; sid:37138701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname verifypalestine.blogspot.cl"; flow:to_server,established; http.header; content: "Host|3a| verifypalestine.blogspot.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verifypalestine\.blogspot\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usp.usspvu.top"; dns.query; content:"usp.usspvu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvu\.top$/i"; classtype:trojan-activity; sid:37138731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usp.usspvu.top"; flow:to_server,established; http.header; content: "Host|3a| usp.usspvu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usp\.usspvu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname usps.myepackage.com"; dns.query; content:"usps.myepackage.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.myepackage\.com$/i"; classtype:trojan-activity; sid:37138761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname usps.myepackage.com"; flow:to_server,established; http.header; content: "Host|3a| usps.myepackage.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.myepackage\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname tectorp.com"; dns.query; content:"tectorp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tectorp\.com$/i"; classtype:trojan-activity; sid:37138791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname tectorp.com"; flow:to_server,established; http.header; content: "Host|3a| tectorp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tectorp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname still-poetry-77cd.uitsnnassdtaa3215.workers.dev"; dns.query; content:"still-poetry-77cd.uitsnnassdtaa3215.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])still\-poetry\-77cd\.uitsnnassdtaa3215\.workers\.dev$/i"; classtype:trojan-activity; sid:37138821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname still-poetry-77cd.uitsnnassdtaa3215.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| still-poetry-77cd.uitsnnassdtaa3215.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])still\-poetry\-77cd\.uitsnnassdtaa3215\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname steamcommunitylog.chez.com"; dns.query; content:"steamcommunitylog.chez.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])steamcommunitylog\.chez\.com$/i"; classtype:trojan-activity; sid:37138851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname steamcommunitylog.chez.com"; flow:to_server,established; http.header; content: "Host|3a| steamcommunitylog.chez.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])steamcommunitylog\.chez\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//steamcommunitylog.chez.com/index.php"; flow:to_server,established; http.header; content:"steamcommunitylog.chez.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37138861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37138881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname recore-3b5e.ilimamecasm.workers.dev"; dns.query; content:"recore-3b5e.ilimamecasm.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])recore\-3b5e\.ilimamecasm\.workers\.dev$/i"; classtype:trojan-activity; sid:37138911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname recore-3b5e.ilimamecasm.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| recore-3b5e.ilimamecasm.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])recore\-3b5e\.ilimamecasm\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37138941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-06cb5d98194843b38d9cce6ace954e24.r2.dev"; dns.query; content:"pub-06cb5d98194843b38d9cce6ace954e24.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-06cb5d98194843b38d9cce6ace954e24\.r2\.dev$/i"; classtype:trojan-activity; sid:37138971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-06cb5d98194843b38d9cce6ace954e24.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-06cb5d98194843b38d9cce6ace954e24.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-06cb5d98194843b38d9cce6ace954e24\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37138972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname mobiilikampanjas.com"; dns.query; content:"mobiilikampanjas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mobiilikampanjas\.com$/i"; classtype:trojan-activity; sid:37139001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname mobiilikampanjas.com"; flow:to_server,established; http.header; content: "Host|3a| mobiilikampanjas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mobiilikampanjas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname motogielda-kss.pl"; dns.query; content:"motogielda-kss.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motogielda\-kss\.pl$/i"; classtype:trojan-activity; sid:37139031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname motogielda-kss.pl"; flow:to_server,established; http.header; content: "Host|3a| motogielda-kss.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motogielda\-kss\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname logopromotionforinstagram.blogspot.sn"; dns.query; content:"logopromotionforinstagram.blogspot.sn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logopromotionforinstagram\.blogspot\.sn$/i"; classtype:trojan-activity; sid:37139061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname logopromotionforinstagram.blogspot.sn"; flow:to_server,established; http.header; content: "Host|3a| logopromotionforinstagram.blogspot.sn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logopromotionforinstagram\.blogspot\.sn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname lambent-genie-6bf565wv.netlify.app"; dns.query; content:"lambent-genie-6bf565wv.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lambent\-genie\-6bf565wv\.netlify\.app$/i"; classtype:trojan-activity; sid:37139091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname lambent-genie-6bf565wv.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| lambent-genie-6bf565wv.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lambent\-genie\-6bf565wv\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname intokent.com"; dns.query; content:"intokent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intokent\.com$/i"; classtype:trojan-activity; sid:37139121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname intokent.com"; flow:to_server,established; http.header; content: "Host|3a| intokent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intokent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname instagramccpreview.blogspot.com.mt"; dns.query; content:"instagramccpreview.blogspot.com.mt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.com\.mt$/i"; classtype:trojan-activity; sid:37139151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname instagramccpreview.blogspot.com.mt"; flow:to_server,established; http.header; content: "Host|3a| instagramccpreview.blogspot.com.mt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.com\.mt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname instagramccpreview.blogspot.am"; dns.query; content:"instagramccpreview.blogspot.am"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.am$/i"; classtype:trojan-activity; sid:37139181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname instagramccpreview.blogspot.am"; flow:to_server,established; http.header; content: "Host|3a| instagramccpreview.blogspot.am"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.am[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37139211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//share-52-blink.pages.dev/1d7fe8e6-2ab7-469e-b827-ad25b831ec6e"; flow:to_server,established; http.header; content:"share-52-blink.pages.dev"; fast_pattern; nocase; http.uri; content:"/1d7fe8e6-2ab7-469e-b827-ad25b831ec6e"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname field-6344.kaley1087.workers.dev"; dns.query; content:"field-6344.kaley1087.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])field\-6344\.kaley1087\.workers\.dev$/i"; classtype:trojan-activity; sid:37139241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname field-6344.kaley1087.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| field-6344.kaley1087.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])field\-6344\.kaley1087\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname ff.member.gareza.vn"; dns.query; content:"ff.member.gareza.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.member\.gareza\.vn$/i"; classtype:trojan-activity; sid:37139271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname ff.member.gareza.vn"; flow:to_server,established; http.header; content: "Host|3a| ff.member.gareza.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.member\.gareza\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname enjucm-6424.anotudhoeah.workers.dev"; dns.query; content:"enjucm-6424.anotudhoeah.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])enjucm\-6424\.anotudhoeah\.workers\.dev$/i"; classtype:trojan-activity; sid:37139301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname enjucm-6424.anotudhoeah.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| enjucm-6424.anotudhoeah.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])enjucm\-6424\.anotudhoeah\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname autosprzedaz-kzz.pl"; dns.query; content:"autosprzedaz-kzz.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autosprzedaz\-kzz\.pl$/i"; classtype:trojan-activity; sid:37139331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname autosprzedaz-kzz.pl"; flow:to_server,established; http.header; content: "Host|3a| autosprzedaz-kzz.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autosprzedaz\-kzz\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname autogielda-waszczuk.pl"; dns.query; content:"autogielda-waszczuk.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-waszczuk\.pl$/i"; classtype:trojan-activity; sid:37139361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname autogielda-waszczuk.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-waszczuk.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-waszczuk\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname aged-sunset-c81b.debra1027.workers.dev"; dns.query; content:"aged-sunset-c81b.debra1027.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aged\-sunset\-c81b\.debra1027\.workers\.dev$/i"; classtype:trojan-activity; sid:37139391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname aged-sunset-c81b.debra1027.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| aged-sunset-c81b.debra1027.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aged\-sunset\-c81b\.debra1027\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname appeal-info-account-case8dd.netlify.app"; dns.query; content:"appeal-info-account-case8dd.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appeal\-info\-account\-case8dd\.netlify\.app$/i"; classtype:trojan-activity; sid:37139421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname appeal-info-account-case8dd.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| appeal-info-account-case8dd.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appeal\-info\-account\-case8dd\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-f2a7a6151b8e45fa9c87891a1b3af4cb.r2.dev"; dns.query; content:"pub-f2a7a6151b8e45fa9c87891a1b3af4cb.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f2a7a6151b8e45fa9c87891a1b3af4cb\.r2\.dev$/i"; classtype:trojan-activity; sid:37139451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-f2a7a6151b8e45fa9c87891a1b3af4cb.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-f2a7a6151b8e45fa9c87891a1b3af4cb.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f2a7a6151b8e45fa9c87891a1b3af4cb\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//pub-f2a7a6151b8e45fa9c87891a1b3af4cb.r2.dev/new.html"; flow:to_server,established; http.header; content:"pub-f2a7a6151b8e45fa9c87891a1b3af4cb.r2.dev"; fast_pattern; nocase; http.uri; content:"/new.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-d8e68521c76b4ecd816eb306fc057a59.r2.dev"; dns.query; content:"pub-d8e68521c76b4ecd816eb306fc057a59.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d8e68521c76b4ecd816eb306fc057a59\.r2\.dev$/i"; classtype:trojan-activity; sid:37139481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-d8e68521c76b4ecd816eb306fc057a59.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-d8e68521c76b4ecd816eb306fc057a59.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d8e68521c76b4ecd816eb306fc057a59\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//pub-d8e68521c76b4ecd816eb306fc057a59.r2.dev/usae5cc43015815732a4d38f73eec6434e3e5cc43015815732a4d38f73eec6434e3e5cc43015815732a4d38f73eec6434e3outl00k.html"; flow:to_server,established; http.header; content:"pub-d8e68521c76b4ecd816eb306fc057a59.r2.dev"; fast_pattern; nocase; http.uri; content:"/usae5cc43015815732a4d38f73eec6434e3e5cc43015815732a4d38f73eec6434e3e5cc43015815732a4d38f73eec6434e3outl00k.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev"; dns.query; content:"pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-94160e4dc1de47c0874194dedd5d5b5d\.r2\.dev$/i"; classtype:trojan-activity; sid:37139511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-94160e4dc1de47c0874194dedd5d5b5d\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html"; flow:to_server,established; http.header; content:"pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev"; fast_pattern; nocase; http.uri; content:"/index2.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-750fa32f2bda4b12aa466410f386c500.r2.dev"; dns.query; content:"pub-750fa32f2bda4b12aa466410f386c500.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-750fa32f2bda4b12aa466410f386c500\.r2\.dev$/i"; classtype:trojan-activity; sid:37139541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-750fa32f2bda4b12aa466410f386c500.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-750fa32f2bda4b12aa466410f386c500.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-750fa32f2bda4b12aa466410f386c500\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//pub-750fa32f2bda4b12aa466410f386c500.r2.dev/owa-me-p2-dgdhfduegdhdhdgdhdgdhdgdhjgdhdgdhdgdhdhdghdh.html"; flow:to_server,established; http.header; content:"pub-750fa32f2bda4b12aa466410f386c500.r2.dev"; fast_pattern; nocase; http.uri; content:"/owa-me-p2-dgdhfduegdhdhdgdhdgdhdgdhjgdhdgdhdgdhdhdghdh.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-60cf5a2cb1fa49b98297042bc79e369a.r2.dev"; dns.query; content:"pub-60cf5a2cb1fa49b98297042bc79e369a.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-60cf5a2cb1fa49b98297042bc79e369a\.r2\.dev$/i"; classtype:trojan-activity; sid:37139571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-60cf5a2cb1fa49b98297042bc79e369a.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-60cf5a2cb1fa49b98297042bc79e369a.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-60cf5a2cb1fa49b98297042bc79e369a\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//pub-60cf5a2cb1fa49b98297042bc79e369a.r2.dev/web.html"; flow:to_server,established; http.header; content:"pub-60cf5a2cb1fa49b98297042bc79e369a.r2.dev"; fast_pattern; nocase; http.uri; content:"/web.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname prisharawat.github.io"; dns.query; content:"prisharawat.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prisharawat\.github\.io$/i"; classtype:trojan-activity; sid:37139601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname prisharawat.github.io"; flow:to_server,established; http.header; content: "Host|3a| prisharawat.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prisharawat\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//prisharawat.github.io/task2"; flow:to_server,established; http.header; content:"prisharawat.github.io"; fast_pattern; nocase; http.uri; content:"/task2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname instagramccpreview.blogspot.com"; dns.query; content:"instagramccpreview.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.com$/i"; classtype:trojan-activity; sid:37139631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname instagramccpreview.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| instagramccpreview.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname logopromotionforinstagram.blogspot.com"; dns.query; content:"logopromotionforinstagram.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logopromotionforinstagram\.blogspot\.com$/i"; classtype:trojan-activity; sid:37139661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname logopromotionforinstagram.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| logopromotionforinstagram.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logopromotionforinstagram\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname newsslink23zv0l.baruxzrg.my.id"; dns.query; content:"newsslink23zv0l.baruxzrg.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newsslink23zv0l\.baruxzrg\.my\.id$/i"; classtype:trojan-activity; sid:37139691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname newsslink23zv0l.baruxzrg.my.id"; flow:to_server,established; http.header; content: "Host|3a| newsslink23zv0l.baruxzrg.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newsslink23zv0l\.baruxzrg\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//newsslink23zv0l.baruxzrg.my.id/barux23"; flow:to_server,established; http.header; content:"newsslink23zv0l.baruxzrg.my.id"; fast_pattern; nocase; http.uri; content:"/barux23"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname newsslink23zv0l.baruxzrg.my.id"; dns.query; content:"newsslink23zv0l.baruxzrg.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newsslink23zv0l\.baruxzrg\.my\.id$/i"; classtype:trojan-activity; sid:37139721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname newsslink23zv0l.baruxzrg.my.id"; flow:to_server,established; http.header; content: "Host|3a| newsslink23zv0l.baruxzrg.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newsslink23zv0l\.baruxzrg\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//newsslink23zv0l.baruxzrg.my.id"; flow:to_server,established; http.header; content:"newsslink23zv0l.baruxzrg.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname logopromotionforinstagram.blogspot.mk"; dns.query; content:"logopromotionforinstagram.blogspot.mk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logopromotionforinstagram\.blogspot\.mk$/i"; classtype:trojan-activity; sid:37139751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname logopromotionforinstagram.blogspot.mk"; flow:to_server,established; http.header; content: "Host|3a| logopromotionforinstagram.blogspot.mk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logopromotionforinstagram\.blogspot\.mk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//logopromotionforinstagram.blogspot.mk"; flow:to_server,established; http.header; content:"logopromotionforinstagram.blogspot.mk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname login-coinbasecom.weebly.com"; dns.query; content:"login-coinbasecom.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\-coinbasecom\.weebly\.com$/i"; classtype:trojan-activity; sid:37139781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname login-coinbasecom.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| login-coinbasecom.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\-coinbasecom\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//login-coinbasecom.weebly.com"; flow:to_server,established; http.header; content:"login-coinbasecom.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname isaquefx.github.io"; dns.query; content:"isaquefx.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isaquefx\.github\.io$/i"; classtype:trojan-activity; sid:37139811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname isaquefx.github.io"; flow:to_server,established; http.header; content: "Host|3a| isaquefx.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isaquefx\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//isaquefx.github.io/PIBID"; flow:to_server,established; http.header; content:"isaquefx.github.io"; fast_pattern; nocase; http.uri; content:"/PIBID"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname instagramccpreview.blogspot.ug"; dns.query; content:"instagramccpreview.blogspot.ug"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.ug$/i"; classtype:trojan-activity; sid:37139841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname instagramccpreview.blogspot.ug"; flow:to_server,established; http.header; content: "Host|3a| instagramccpreview.blogspot.ug"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.ug[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//instagramccpreview.blogspot.ug"; flow:to_server,established; http.header; content:"instagramccpreview.blogspot.ug"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname instagramccpreview.blogspot.com.ng"; dns.query; content:"instagramccpreview.blogspot.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.com\.ng$/i"; classtype:trojan-activity; sid:37139871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname instagramccpreview.blogspot.com.ng"; flow:to_server,established; http.header; content: "Host|3a| instagramccpreview.blogspot.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//instagramccpreview.blogspot.com.ng"; flow:to_server,established; http.header; content:"instagramccpreview.blogspot.com.ng"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname instagramccpreview.blogspot.co.id"; dns.query; content:"instagramccpreview.blogspot.co.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.co\.id$/i"; classtype:trojan-activity; sid:37139901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname instagramccpreview.blogspot.co.id"; flow:to_server,established; http.header; content: "Host|3a| instagramccpreview.blogspot.co.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagramccpreview\.blogspot\.co\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//instagramccpreview.blogspot.co.id"; flow:to_server,established; http.header; content:"instagramccpreview.blogspot.co.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeifuw67t77fyeznyljgwdeivttl6dmw4g4ox44tzb6xlmcjdlu4plm.ipfs.cf-ipfs.com"; dns.query; content:"bafybeifuw67t77fyeznyljgwdeivttl6dmw4g4ox44tzb6xlmcjdlu4plm.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeifuw67t77fyeznyljgwdeivttl6dmw4g4ox44tzb6xlmcjdlu4plm\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37139931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeifuw67t77fyeznyljgwdeivttl6dmw4g4ox44tzb6xlmcjdlu4plm.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeifuw67t77fyeznyljgwdeivttl6dmw4g4ox44tzb6xlmcjdlu4plm.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeifuw67t77fyeznyljgwdeivttl6dmw4g4ox44tzb6xlmcjdlu4plm\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bafybeifuw67t77fyeznyljgwdeivttl6dmw4g4ox44tzb6xlmcjdlu4plm.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeifuw67t77fyeznyljgwdeivttl6dmw4g4ox44tzb6xlmcjdlu4plm.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeidshr2rzvvhitrgcwfuxolrd7spy4mtiatce4e246scloe47cpddq.ipfs.cf-ipfs.com"; dns.query; content:"bafybeidshr2rzvvhitrgcwfuxolrd7spy4mtiatce4e246scloe47cpddq.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeidshr2rzvvhitrgcwfuxolrd7spy4mtiatce4e246scloe47cpddq\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37139961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeidshr2rzvvhitrgcwfuxolrd7spy4mtiatce4e246scloe47cpddq.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeidshr2rzvvhitrgcwfuxolrd7spy4mtiatce4e246scloe47cpddq.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeidshr2rzvvhitrgcwfuxolrd7spy4mtiatce4e246scloe47cpddq\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bafybeidshr2rzvvhitrgcwfuxolrd7spy4mtiatce4e246scloe47cpddq.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeidshr2rzvvhitrgcwfuxolrd7spy4mtiatce4e246scloe47cpddq.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37139971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeidw6oz5afnunqnjucw3gxwu7umkszq354c5mbxq4zwrywm4xyyfaa.ipfs.cf-ipfs.com"; dns.query; content:"bafybeidw6oz5afnunqnjucw3gxwu7umkszq354c5mbxq4zwrywm4xyyfaa.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeidw6oz5afnunqnjucw3gxwu7umkszq354c5mbxq4zwrywm4xyyfaa\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37139991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeidw6oz5afnunqnjucw3gxwu7umkszq354c5mbxq4zwrywm4xyyfaa.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeidw6oz5afnunqnjucw3gxwu7umkszq354c5mbxq4zwrywm4xyyfaa.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeidw6oz5afnunqnjucw3gxwu7umkszq354c5mbxq4zwrywm4xyyfaa\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37139992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bafybeidw6oz5afnunqnjucw3gxwu7umkszq354c5mbxq4zwrywm4xyyfaa.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeidw6oz5afnunqnjucw3gxwu7umkszq354c5mbxq4zwrywm4xyyfaa.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeidmx3loozpsv4ho4wfmxg6dkcw65hbjfuklmpnqpkmidhjnrlh43e.ipfs.cf-ipfs.com"; dns.query; content:"bafybeidmx3loozpsv4ho4wfmxg6dkcw65hbjfuklmpnqpkmidhjnrlh43e.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeidmx3loozpsv4ho4wfmxg6dkcw65hbjfuklmpnqpkmidhjnrlh43e\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37140021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeidmx3loozpsv4ho4wfmxg6dkcw65hbjfuklmpnqpkmidhjnrlh43e.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeidmx3loozpsv4ho4wfmxg6dkcw65hbjfuklmpnqpkmidhjnrlh43e.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeidmx3loozpsv4ho4wfmxg6dkcw65hbjfuklmpnqpkmidhjnrlh43e\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bafybeidmx3loozpsv4ho4wfmxg6dkcw65hbjfuklmpnqpkmidhjnrlh43e.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeidmx3loozpsv4ho4wfmxg6dkcw65hbjfuklmpnqpkmidhjnrlh43e.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeicloiwhvr7lowrpxhkbt3cufpcrpcqsehllsoqakeaof6vyh6rgma.ipfs.cf-ipfs.com"; dns.query; content:"bafybeicloiwhvr7lowrpxhkbt3cufpcrpcqsehllsoqakeaof6vyh6rgma.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeicloiwhvr7lowrpxhkbt3cufpcrpcqsehllsoqakeaof6vyh6rgma\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37140051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeicloiwhvr7lowrpxhkbt3cufpcrpcqsehllsoqakeaof6vyh6rgma.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeicloiwhvr7lowrpxhkbt3cufpcrpcqsehllsoqakeaof6vyh6rgma.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeicloiwhvr7lowrpxhkbt3cufpcrpcqsehllsoqakeaof6vyh6rgma\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bafybeicloiwhvr7lowrpxhkbt3cufpcrpcqsehllsoqakeaof6vyh6rgma.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeicloiwhvr7lowrpxhkbt3cufpcrpcqsehllsoqakeaof6vyh6rgma.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeidpbczwdnqdiz7377qcsxnmhqzymcc5f7e6yibqlyassl5uzsuinm.ipfs.cf-ipfs.com"; dns.query; content:"bafybeidpbczwdnqdiz7377qcsxnmhqzymcc5f7e6yibqlyassl5uzsuinm.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeidpbczwdnqdiz7377qcsxnmhqzymcc5f7e6yibqlyassl5uzsuinm\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37140081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeidpbczwdnqdiz7377qcsxnmhqzymcc5f7e6yibqlyassl5uzsuinm.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeidpbczwdnqdiz7377qcsxnmhqzymcc5f7e6yibqlyassl5uzsuinm.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeidpbczwdnqdiz7377qcsxnmhqzymcc5f7e6yibqlyassl5uzsuinm\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bafybeidpbczwdnqdiz7377qcsxnmhqzymcc5f7e6yibqlyassl5uzsuinm.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeidpbczwdnqdiz7377qcsxnmhqzymcc5f7e6yibqlyassl5uzsuinm.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeibnfpazwggi3v3rxkkujia7nbr5imph2gtzvxcqfkxzwjilu3rhue.ipfs.cf-ipfs.com"; dns.query; content:"bafybeibnfpazwggi3v3rxkkujia7nbr5imph2gtzvxcqfkxzwjilu3rhue.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeibnfpazwggi3v3rxkkujia7nbr5imph2gtzvxcqfkxzwjilu3rhue\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37140111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeibnfpazwggi3v3rxkkujia7nbr5imph2gtzvxcqfkxzwjilu3rhue.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeibnfpazwggi3v3rxkkujia7nbr5imph2gtzvxcqfkxzwjilu3rhue.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeibnfpazwggi3v3rxkkujia7nbr5imph2gtzvxcqfkxzwjilu3rhue\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bafybeibnfpazwggi3v3rxkkujia7nbr5imph2gtzvxcqfkxzwjilu3rhue.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeibnfpazwggi3v3rxkkujia7nbr5imph2gtzvxcqfkxzwjilu3rhue.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeibiciodyuhqob45epu4pfnznexovmfmy4y3ydwmpfp56viuhk72sq.ipfs.cf-ipfs.com"; dns.query; content:"bafybeibiciodyuhqob45epu4pfnznexovmfmy4y3ydwmpfp56viuhk72sq.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeibiciodyuhqob45epu4pfnznexovmfmy4y3ydwmpfp56viuhk72sq\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37140141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeibiciodyuhqob45epu4pfnznexovmfmy4y3ydwmpfp56viuhk72sq.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeibiciodyuhqob45epu4pfnznexovmfmy4y3ydwmpfp56viuhk72sq.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeibiciodyuhqob45epu4pfnznexovmfmy4y3ydwmpfp56viuhk72sq\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bafybeibiciodyuhqob45epu4pfnznexovmfmy4y3ydwmpfp56viuhk72sq.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeibiciodyuhqob45epu4pfnznexovmfmy4y3ydwmpfp56viuhk72sq.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeiagxmojpi4s2matqdt3eriairwby2trjh2xjaccgmfj5qnxxlnt3m.ipfs.cf-ipfs.com"; dns.query; content:"bafybeiagxmojpi4s2matqdt3eriairwby2trjh2xjaccgmfj5qnxxlnt3m.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeiagxmojpi4s2matqdt3eriairwby2trjh2xjaccgmfj5qnxxlnt3m\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37140171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeiagxmojpi4s2matqdt3eriairwby2trjh2xjaccgmfj5qnxxlnt3m.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeiagxmojpi4s2matqdt3eriairwby2trjh2xjaccgmfj5qnxxlnt3m.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeiagxmojpi4s2matqdt3eriairwby2trjh2xjaccgmfj5qnxxlnt3m\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bafybeiagxmojpi4s2matqdt3eriairwby2trjh2xjaccgmfj5qnxxlnt3m.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeiagxmojpi4s2matqdt3eriairwby2trjh2xjaccgmfj5qnxxlnt3m.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bafybeihr5n76xo3kznpfgcw7vhl6ud4kyho7ntfyp2lam2maag2b7uv7qq.ipfs.cf-ipfs.com"; dns.query; content:"bafybeihr5n76xo3kznpfgcw7vhl6ud4kyho7ntfyp2lam2maag2b7uv7qq.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeihr5n76xo3kznpfgcw7vhl6ud4kyho7ntfyp2lam2maag2b7uv7qq\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37140201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bafybeihr5n76xo3kznpfgcw7vhl6ud4kyho7ntfyp2lam2maag2b7uv7qq.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeihr5n76xo3kznpfgcw7vhl6ud4kyho7ntfyp2lam2maag2b7uv7qq.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeihr5n76xo3kznpfgcw7vhl6ud4kyho7ntfyp2lam2maag2b7uv7qq\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bafybeihr5n76xo3kznpfgcw7vhl6ud4kyho7ntfyp2lam2maag2b7uv7qq.ipfs.cf-ipfs.com/"; flow:to_server,established; http.header; content:"bafybeihr5n76xo3kznpfgcw7vhl6ud4kyho7ntfyp2lam2maag2b7uv7qq.ipfs.cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname fidelityeinvestments.weebly.com"; dns.query; content:"fidelityeinvestments.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fidelityeinvestments\.weebly\.com$/i"; classtype:trojan-activity; sid:37140231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname fidelityeinvestments.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| fidelityeinvestments.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fidelityeinvestments\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//fidelityeinvestments.weebly.com"; flow:to_server,established; http.header; content:"fidelityeinvestments.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname d0426.top"; dns.query; content:"d0426.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d0426\.top$/i"; classtype:trojan-activity; sid:37140261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname d0426.top"; flow:to_server,established; http.header; content: "Host|3a| d0426.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])d0426\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//d0426.top"; flow:to_server,established; http.header; content:"d0426.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeihr5n76xo3kznpfgcw7vhl6ud4kyho7ntfyp2lam2maag2b7uv7qq"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeihr5n76xo3kznpfgcw7vhl6ud4kyho7ntfyp2lam2maag2b7uv7qq"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeifuw67t77fyeznyljgwdeivttl6dmw4g4ox44tzb6xlmcjdlu4plm"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeifuw67t77fyeznyljgwdeivttl6dmw4g4ox44tzb6xlmcjdlu4plm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeihlfn54haop3fxlr66ubronkj7hzgfnkhj4mnzowbxiohrhdveshu"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeihlfn54haop3fxlr66ubronkj7hzgfnkhj4mnzowbxiohrhdveshu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeidw6oz5afnunqnjucw3gxwu7umkszq354c5mbxq4zwrywm4xyyfaa"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeidw6oz5afnunqnjucw3gxwu7umkszq354c5mbxq4zwrywm4xyyfaa"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeidshr2rzvvhitrgcwfuxolrd7spy4mtiatce4e246scloe47cpddq"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeidshr2rzvvhitrgcwfuxolrd7spy4mtiatce4e246scloe47cpddq"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeibiciodyuhqob45epu4pfnznexovmfmy4y3ydwmpfp56viuhk72sq"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeibiciodyuhqob45epu4pfnznexovmfmy4y3ydwmpfp56viuhk72sq"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeicloiwhvr7lowrpxhkbt3cufpcrpcqsehllsoqakeaof6vyh6rgma"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeicloiwhvr7lowrpxhkbt3cufpcrpcqsehllsoqakeaof6vyh6rgma"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmW2aezxaErtvqPQnYV3YY7JLRmBEum1aGFRNbfMHmF6oD"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmW2aezxaErtvqPQnYV3YY7JLRmBEum1aGFRNbfMHmF6oD"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmWLzMDzWDFVfw6yQQDYdcsCh996hSPocHdffe6Wr81tP9"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmWLzMDzWDFVfw6yQQDYdcsCh996hSPocHdffe6Wr81tP9"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmVf9X8WLFYhq6cEeTXfFRamrS7qbj5AWvamrbzLowUyQk"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmVf9X8WLFYhq6cEeTXfFRamrS7qbj5AWvamrbzLowUyQk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmVp5fAvxmjT3dmjh92on9ikEnyqVBc1CMSfAJCPjqCMox"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmVp5fAvxmjT3dmjh92on9ikEnyqVBc1CMSfAJCPjqCMox"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmTRAGC1tQKgr7pEGj3oLecNhggbNMHKiRLNVtx9nnTYGX"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmTRAGC1tQKgr7pEGj3oLecNhggbNMHKiRLNVtx9nnTYGX"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmR352wb7vbFtv5sDrgLsgCVK4HLkFRePWVAAtLgSsMseB"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmR352wb7vbFtv5sDrgLsgCVK4HLkFRePWVAAtLgSsMseB"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmRNykhQQW2yuf2qQ282jLGrciKN8aAQAvHN9tuJdPExHW"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmRNykhQQW2yuf2qQ282jLGrciKN8aAQAvHN9tuJdPExHW"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/Qmed1EyjMtndcfSbi7pXkuRFr6tUXoJ4YCWcaiTTRXS1dM"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/Qmed1EyjMtndcfSbi7pXkuRFr6tUXoJ4YCWcaiTTRXS1dM"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmNnvdyKz92qnaWBcjApcxBeWL5qzauweVKXT7qkVLJUcA"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmNnvdyKz92qnaWBcjApcxBeWL5qzauweVKXT7qkVLJUcA"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//cf-ipfs.com/ipfs/QmaW6bsJDsexAK8pjSQ7ARy2XktnBBaZy9sA8WMv2Z5Uca"; flow:to_server,established; http.header; content:"cf-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/QmaW6bsJDsexAK8pjSQ7ARy2XktnBBaZy9sA8WMv2Z5Uca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname beynod123.github.io"; dns.query; content:"beynod123.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beynod123\.github\.io$/i"; classtype:trojan-activity; sid:37140801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname beynod123.github.io"; flow:to_server,established; http.header; content: "Host|3a| beynod123.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beynod123\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//beynod123.github.io/beynod123"; flow:to_server,established; http.header; content:"beynod123.github.io"; fast_pattern; nocase; http.uri; content:"/beynod123"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname attonlineattweb.weebly.com"; dns.query; content:"attonlineattweb.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attonlineattweb\.weebly\.com$/i"; classtype:trojan-activity; sid:37140831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname attonlineattweb.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| attonlineattweb.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attonlineattweb\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//attonlineattweb.weebly.com"; flow:to_server,established; http.header; content:"attonlineattweb.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname anwebdev2000.github.io"; dns.query; content:"anwebdev2000.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anwebdev2000\.github\.io$/i"; classtype:trojan-activity; sid:37140861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname anwebdev2000.github.io"; flow:to_server,established; http.header; content: "Host|3a| anwebdev2000.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anwebdev2000\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//anwebdev2000.github.io/netflix-clone"; flow:to_server,established; http.header; content:"anwebdev2000.github.io"; fast_pattern; nocase; http.uri; content:"/netflix-clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname aaifly.com"; dns.query; content:"aaifly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aaifly\.com$/i"; classtype:trojan-activity; sid:37140891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname aaifly.com"; flow:to_server,established; http.header; content: "Host|3a| aaifly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aaifly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//aaifly.com/e-hfjbsndsjdkb.html"; flow:to_server,established; http.header; content:"aaifly.com"; fast_pattern; nocase; http.uri; content:"/e-hfjbsndsjdkb.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname 7365008.xyz"; dns.query; content:"7365008.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])7365008\.xyz$/i"; classtype:trojan-activity; sid:37140921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname 7365008.xyz"; flow:to_server,established; http.header; content: "Host|3a| 7365008.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])7365008\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-147549d3891840ab821de31d767c6c84.r2.dev"; dns.query; content:"pub-147549d3891840ab821de31d767c6c84.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-147549d3891840ab821de31d767c6c84\.r2\.dev$/i"; classtype:trojan-activity; sid:37140951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-147549d3891840ab821de31d767c6c84.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-147549d3891840ab821de31d767c6c84.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-147549d3891840ab821de31d767c6c84\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//pub-147549d3891840ab821de31d767c6c84.r2.dev/index.html"; flow:to_server,established; http.header; content:"pub-147549d3891840ab821de31d767c6c84.r2.dev"; fast_pattern; nocase; http.uri; content:"/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37140961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37140981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37140982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37141011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname dev-cs0.pages.dev"; dns.query; content:"dev-cs0.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\-cs0\.pages\.dev$/i"; classtype:trojan-activity; sid:37141041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname dev-cs0.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dev-cs0.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dev\-cs0\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-b973b52f3ca042758dd8f0d91b423918.r2.dev"; dns.query; content:"pub-b973b52f3ca042758dd8f0d91b423918.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b973b52f3ca042758dd8f0d91b423918\.r2\.dev$/i"; classtype:trojan-activity; sid:37141071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-b973b52f3ca042758dd8f0d91b423918.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-b973b52f3ca042758dd8f0d91b423918.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b973b52f3ca042758dd8f0d91b423918\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//pub-b973b52f3ca042758dd8f0d91b423918.r2.dev/index.html"; flow:to_server,established; http.header; content:"pub-b973b52f3ca042758dd8f0d91b423918.r2.dev"; fast_pattern; nocase; http.uri; content:"/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname telegrann-hk.com"; dns.query; content:"telegrann-hk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrann\-hk\.com$/i"; classtype:trojan-activity; sid:37141101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname telegrann-hk.com"; flow:to_server,established; http.header; content: "Host|3a| telegrann-hk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrann\-hk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname teleprcmn.fit"; dns.query; content:"teleprcmn.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleprcmn\.fit$/i"; classtype:trojan-activity; sid:37141131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname teleprcmn.fit"; flow:to_server,established; http.header; content: "Host|3a| teleprcmn.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleprcmn\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//teleprcmn.fit/web"; flow:to_server,established; http.header; content:"teleprcmn.fit"; fast_pattern; nocase; http.uri; content:"/web"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname mailbox-109298.weeblysite.com"; dns.query; content:"mailbox-109298.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailbox\-109298\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37141161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname mailbox-109298.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| mailbox-109298.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailbox\-109298\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname v3066130-e9f4fewt42qj.demo079.volusion.com"; dns.query; content:"v3066130-e9f4fewt42qj.demo079.volusion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])v3066130\-e9f4fewt42qj\.demo079\.volusion\.com$/i"; classtype:trojan-activity; sid:37141191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname v3066130-e9f4fewt42qj.demo079.volusion.com"; flow:to_server,established; http.header; content: "Host|3a| v3066130-e9f4fewt42qj.demo079.volusion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])v3066130\-e9f4fewt42qj\.demo079\.volusion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname maison-parisienne.fr"; dns.query; content:"maison-parisienne.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maison\-parisienne\.fr$/i"; classtype:trojan-activity; sid:37141221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname maison-parisienne.fr"; flow:to_server,established; http.header; content: "Host|3a| maison-parisienne.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maison\-parisienne\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname portal-py.top"; dns.query; content:"portal-py.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portal\-py\.top$/i"; classtype:trojan-activity; sid:37141251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname portal-py.top"; flow:to_server,established; http.header; content: "Host|3a| portal-py.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portal\-py\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname imtoken-bs.net"; dns.query; content:"imtoken-bs.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bs\.net$/i"; classtype:trojan-activity; sid:37141281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname imtoken-bs.net"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bs.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bs\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//imtoken-bs.net"; flow:to_server,established; http.header; content:"imtoken-bs.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname blockchainsdatas.pages.dev"; dns.query; content:"blockchainsdatas.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsdatas\.pages\.dev$/i"; classtype:trojan-activity; sid:37141311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname blockchainsdatas.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchainsdatas.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsdatas\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//blockchainsdatas.pages.dev"; flow:to_server,established; http.header; content:"blockchainsdatas.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname blockchainvalidate.pages.dev"; dns.query; content:"blockchainvalidate.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainvalidate\.pages\.dev$/i"; classtype:trojan-activity; sid:37141341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname blockchainvalidate.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchainvalidate.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainvalidate\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//blockchainvalidate.pages.dev"; flow:to_server,established; http.header; content:"blockchainvalidate.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> 42.235.155.233 48196 (msg: "MISP e26133 [] Outgoing URL http|3a|//42.235.155.233|3a|48196/Mozi.m"; flow:to_server,established; http.header; content:"42.235.155.233"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 42.224.95.116 59805 (msg: "MISP e26133 [] Outgoing URL http|3a|//42.224.95.116|3a|59805/"; flow:to_server,established; http.header; content:"42.224.95.116"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 221.14.107.17 51428 (msg: "MISP e26133 [] Outgoing URL http|3a|//221.14.107.17|3a|51428/Mozi.m"; flow:to_server,established; http.header; content:"221.14.107.17"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/dlr.x86"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/dlr.x86"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 115.58.173.248 47634 (msg: "MISP e26133 [] Outgoing URL http|3a|//115.58.173.248|3a|47634/Mozi.m"; flow:to_server,established; http.header; content:"115.58.173.248"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 61.163.13.104 39154 (msg: "MISP e26133 [] Outgoing URL http|3a|//61.163.13.104|3a|39154/bin.sh"; flow:to_server,established; http.header; content:"61.163.13.104"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 60.214.76.192 48530 (msg: "MISP e26133 [] Outgoing URL http|3a|//60.214.76.192|3a|48530/Mozi.m"; flow:to_server,established; http.header; content:"60.214.76.192"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 60.214.76.192 48530 (msg: "MISP e26133 [] Outgoing URL http|3a|//60.214.76.192|3a|48530/bin.sh"; flow:to_server,established; http.header; content:"60.214.76.192"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/spc"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/spc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/sh4"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/sh4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/mpsl"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/mpsl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/i486"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/i486"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/dlr.ppc"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/dlr.ppc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/dlr.arm6"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/dlr.arm6"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/binaries/spc"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/binaries/spc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 182.121.202.51 53982 (msg: "MISP e26133 [] Outgoing URL http|3a|//182.121.202.51|3a|53982/Mozi.m"; flow:to_server,established; http.header; content:"182.121.202.51"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 182.121.202.51 53982 (msg: "MISP e26133 [] Outgoing URL http|3a|//182.121.202.51|3a|53982/"; flow:to_server,established; http.header; content:"182.121.202.51"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 117.200.181.26 54112 (msg: "MISP e26133 [] Outgoing URL http|3a|//117.200.181.26|3a|54112/Mozi.m"; flow:to_server,established; http.header; content:"117.200.181.26"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 115.56.145.121 41308 (msg: "MISP e26133 [] Outgoing URL http|3a|//115.56.145.121|3a|41308/Mozi.m"; flow:to_server,established; http.header; content:"115.56.145.121"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 115.56.145.121 41308 (msg: "MISP e26133 [] Outgoing URL http|3a|//115.56.145.121|3a|41308/"; flow:to_server,established; http.header; content:"115.56.145.121"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 113.24.132.218 42791 (msg: "MISP e26133 [] Outgoing URL http|3a|//113.24.132.218|3a|42791/bin.sh"; flow:to_server,established; http.header; content:"113.24.132.218"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 77.105.132.197 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//77.105.132.197/55200ec337d18acf/vcruntime140.dll"; flow:to_server,established; http.header; content:"77.105.132.197"; fast_pattern; nocase; http.uri; content:"/55200ec337d18acf/vcruntime140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 77.105.132.197 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//77.105.132.197/55200ec337d18acf/sqlite3.dll"; flow:to_server,established; http.header; content:"77.105.132.197"; fast_pattern; nocase; http.uri; content:"/55200ec337d18acf/sqlite3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 77.105.132.197 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//77.105.132.197/55200ec337d18acf/msvcp140.dll"; flow:to_server,established; http.header; content:"77.105.132.197"; fast_pattern; nocase; http.uri; content:"/55200ec337d18acf/msvcp140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 59.93.23.138 42949 (msg: "MISP e26133 [] Outgoing URL http|3a|//59.93.23.138|3a|42949/Mozi.m"; flow:to_server,established; http.header; content:"59.93.23.138"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 219.68.245.35 21388 (msg: "MISP e26133 [] Outgoing URL http|3a|//219.68.245.35|3a|21388/.i"; flow:to_server,established; http.header; content:"219.68.245.35"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/i686"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/i686"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/dlr.sh4"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/dlr.sh4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/dlr.mpsl"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/dlr.mpsl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/dlr.mips"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/dlr.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 194.169.175.30 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//194.169.175.30/dlr.arm7"; flow:to_server,established; http.header; content:"194.169.175.30"; fast_pattern; nocase; http.uri; content:"/dlr.arm7"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//193.233.132.167/lend/monetkamoya.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/lend/monetkamoya.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 119.179.255.86 37939 (msg: "MISP e26133 [] Outgoing URL http|3a|//119.179.255.86|3a|37939/Mozi.m"; flow:to_server,established; http.header; content:"119.179.255.86"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 118.232.124.33 20114 (msg: "MISP e26133 [] Outgoing URL http|3a|//118.232.124.33|3a|20114/.i"; flow:to_server,established; http.header; content:"118.232.124.33"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 117.199.8.105 60074 (msg: "MISP e26133 [] Outgoing URL http|3a|//117.199.8.105|3a|60074/i"; flow:to_server,established; http.header; content:"117.199.8.105"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 112.237.233.248 39574 (msg: "MISP e26133 [] Outgoing URL http|3a|//112.237.233.248|3a|39574/i"; flow:to_server,established; http.header; content:"112.237.233.248"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 110.182.46.137 24396 (msg: "MISP e26133 [] Outgoing URL http|3a|//110.182.46.137|3a|24396/.i"; flow:to_server,established; http.header; content:"110.182.46.137"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert ip $HOME_NET any -> 117.50.162.183 443 (msg: "MISP e26076 [China Mobile Communications Group Co. Ltd.,CobaltStrike,cs-watermark-1234567890] Outgoing To IP: 117.50.162.183|443"; classtype:trojan-activity; sid:37126271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 117.50.162.183 443 (msg: "MISP e26150 [] Outgoing To IP: 117.50.162.183|443"; classtype:trojan-activity; sid:37167261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26150 [] Domain serviceicloud.com"; dns.query; content:"serviceicloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])serviceicloud\.com$/i"; classtype:trojan-activity; sid:37167281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain serviceicloud.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"serviceicloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])serviceicloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26150 [] Outgoing URL http|3a|//linksammosupply.com/VisualStudioUpdater"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/VisualStudioUpdater"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26150 [] Domain maconlineoffice.com"; dns.query; content:"maconlineoffice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])maconlineoffice\.com$/i"; classtype:trojan-activity; sid:37167301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain maconlineoffice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maconlineoffice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maconlineoffice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26150 [] Outgoing URL http|3a|//linksammosupply.com/zshrc2"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/zshrc2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26150 [] Outgoing URL http|3a|//linksammosupply.com/VisualStudioUpdaterLs2"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/VisualStudioUpdaterLs2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26150 [] Outgoing URL http|3a|//sarkerrentacars.com/zshrc"; flow:to_server,established; http.header; content:"sarkerrentacars.com"; fast_pattern; nocase; http.uri; content:"/zshrc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26150 [] Outgoing URL http|3a|//turkishfurniture.blog/Previewers"; flow:to_server,established; http.header; content:"turkishfurniture.blog"; fast_pattern; nocase; http.uri; content:"/Previewers"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 193.29.13.167 80 (msg: "MISP e26150 [] Outgoing To IP: 193.29.13.167|80"; classtype:trojan-activity; sid:37167351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 88.214.26.22 80 (msg: "MISP e26150 [] Outgoing To IP: 88.214.26.22|80"; classtype:trojan-activity; sid:37167361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 193.29.13.167 443 (msg: "MISP e26150 [] Outgoing To IP: 193.29.13.167|443"; classtype:trojan-activity; sid:37167371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 88.214.26.22 443 (msg: "MISP e26150 [] Outgoing To IP: 88.214.26.22|443"; classtype:trojan-activity; sid:37167381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 185.237.206.77 80 (msg: "MISP e26076 [Socks5Systemz] Outgoing To IP: 185.237.206.77|80"; classtype:trojan-activity; sid:37126281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 91.211.247.89 80 (msg: "MISP e26076 [Socks5Systemz] Outgoing To IP: 91.211.247.89|80"; classtype:trojan-activity; sid:37126291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 193.242.211.154 80 (msg: "MISP e26076 [Socks5Systemz] Outgoing To IP: 193.242.211.154|80"; classtype:trojan-activity; sid:37126301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 193.242.211.154 80 (msg: "MISP e26150 [] Outgoing To IP: 193.242.211.154|80"; classtype:trojan-activity; sid:37167391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 91.211.247.89 80 (msg: "MISP e26150 [] Outgoing To IP: 91.211.247.89|80"; classtype:trojan-activity; sid:37167401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 185.237.206.77 80 (msg: "MISP e26150 [] Outgoing To IP: 185.237.206.77|80"; classtype:trojan-activity; sid:37167411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> 61.163.138.230 45530 (msg: "MISP e26076 [] Outgoing URL http|3a|//61.163.138.230|3a|45530/mozi.m"; flow:to_server,established; http.header; content:"61.163.138.230"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37126311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> 61.163.138.230 45530 (msg: "MISP e26150 [] Outgoing URL http|3a|//61.163.138.230|3a|45530/Mozi.m"; flow:to_server,established; http.header; content:"61.163.138.230"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 157.254.20.34 6607 (msg: "MISP e26076 [Deimos,Hytron Network] Outgoing To IP: 157.254.20.34|6607"; classtype:trojan-activity; sid:37126321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 78.19.61.12 2222 (msg: "MISP e26076 [AS-BTIRE BT Ireland was previously known as Esat Net EUnet Ireland & IEUnet.,QakBot] Outgoing To IP: 78.19.61.12|2222"; classtype:trojan-activity; sid:37126331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 5.182.87.145 80 (msg: "MISP e26076 [AEZA-AS,Meduza Stealer] Outgoing To IP: 5.182.87.145|80"; classtype:trojan-activity; sid:37126341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 5.182.87.145 80 (msg: "MISP e26150 [] Outgoing To IP: 5.182.87.145|80"; classtype:trojan-activity; sid:37167431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 78.19.61.12 2222 (msg: "MISP e26150 [] Outgoing To IP: 78.19.61.12|2222"; classtype:trojan-activity; sid:37167441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 157.254.20.34 6607 (msg: "MISP e26150 [] Outgoing To IP: 157.254.20.34|6607"; classtype:trojan-activity; sid:37167451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> 107.189.14.144 8080 (msg: "MISP e26076 [CobaltStrike,cs-watermark-987654321,PONYNET] Outgoing URL http|3a|//107.189.14.144|3a|8080/ptj"; flow:to_server,established; http.header; content:"107.189.14.144"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37126351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26076 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//122.51.220.170/ptj"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37126371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26150 [] Outgoing URL http|3a|//122.51.220.170/ptj"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> 107.189.14.144 8080 (msg: "MISP e26150 [] Outgoing URL http|3a|//107.189.14.144|3a|8080/ptj"; flow:to_server,established; http.header; content:"107.189.14.144"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37167491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 103.186.215.56 53 (msg: "MISP e26076 [CobaltStrike,cs-watermark-Not Found,High Family Technology Co. Limited] Outgoing To IP: 103.186.215.56|53"; classtype:trojan-activity; sid:37126391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [CobaltStrike,cs-watermark-557575264,DIGITALOCEAN-ASN] Domain ns1.mb-testing.de"; dns.query; content:"ns1.mb-testing.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.mb\-testing\.de$/i"; classtype:trojan-activity; sid:37126401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [CobaltStrike,cs-watermark-557575264,DIGITALOCEAN-ASN] Outgoing HTTP Domain ns1.mb-testing.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.mb-testing.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.mb\-testing\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37126402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 64.225.111.119 53 (msg: "MISP e26076 [CobaltStrike,cs-watermark-557575264,DIGITALOCEAN-ASN] Outgoing To IP: 64.225.111.119|53"; classtype:trojan-activity; sid:37126411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [CobaltStrike,CONTABO,cs-watermark-410617911] Domain dev.cabul.bbtecno.com"; dns.query; content:"dev.cabul.bbtecno.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\.cabul\.bbtecno\.com$/i"; classtype:trojan-activity; sid:37126421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [CobaltStrike,CONTABO,cs-watermark-410617911] Outgoing HTTP Domain dev.cabul.bbtecno.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev.cabul.bbtecno.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\.cabul\.bbtecno\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37126422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert dns any any -> any any (msg: "MISP e26076 [CobaltStrike,CONTABO,cs-watermark-410617911] Domain hom.cabul.bbtecno.com"; dns.query; content:"hom.cabul.bbtecno.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hom\.cabul\.bbtecno\.com$/i"; classtype:trojan-activity; sid:37126431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26076 [CobaltStrike,CONTABO,cs-watermark-410617911] Outgoing HTTP Domain hom.cabul.bbtecno.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hom.cabul.bbtecno.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hom\.cabul\.bbtecno\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37126432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 173.212.224.123 53 (msg: "MISP e26076 [CobaltStrike,CONTABO,cs-watermark-410617911] Outgoing To IP: 173.212.224.123|53"; classtype:trojan-activity; sid:37126441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26076;) alert ip $HOME_NET any -> 173.212.224.123 53 (msg: "MISP e26150 [] Outgoing To IP: 173.212.224.123|53"; classtype:trojan-activity; sid:37167511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26150 [] Domain hom.cabul.bbtecno.com"; dns.query; content:"hom.cabul.bbtecno.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hom\.cabul\.bbtecno\.com$/i"; classtype:trojan-activity; sid:37167521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain hom.cabul.bbtecno.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hom.cabul.bbtecno.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hom\.cabul\.bbtecno\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26150 [] Domain dev.cabul.bbtecno.com"; dns.query; content:"dev.cabul.bbtecno.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\.cabul\.bbtecno\.com$/i"; classtype:trojan-activity; sid:37167531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain dev.cabul.bbtecno.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev.cabul.bbtecno.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\.cabul\.bbtecno\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 64.225.111.119 53 (msg: "MISP e26150 [] Outgoing To IP: 64.225.111.119|53"; classtype:trojan-activity; sid:37167541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26150 [] Domain ns1.mb-testing.de"; dns.query; content:"ns1.mb-testing.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.mb\-testing\.de$/i"; classtype:trojan-activity; sid:37167551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26150 [] Outgoing HTTP Domain ns1.mb-testing.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.mb-testing.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.mb\-testing\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37167552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert ip $HOME_NET any -> 103.186.215.56 53 (msg: "MISP e26150 [] Outgoing To IP: 103.186.215.56|53"; classtype:trojan-activity; sid:37167561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26150;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname blockchainsvalidate.pages.dev"; dns.query; content:"blockchainsvalidate.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsvalidate\.pages\.dev$/i"; classtype:trojan-activity; sid:37141371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname blockchainsvalidate.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchainsvalidate.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsvalidate\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//blockchainsvalidate.pages.dev"; flow:to_server,established; http.header; content:"blockchainsvalidate.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname pub-acc327163eeb410bac3630b4251ca13f.r2.dev"; dns.query; content:"pub-acc327163eeb410bac3630b4251ca13f.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-acc327163eeb410bac3630b4251ca13f\.r2\.dev$/i"; classtype:trojan-activity; sid:37141401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname pub-acc327163eeb410bac3630b4251ca13f.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-acc327163eeb410bac3630b4251ca13f.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-acc327163eeb410bac3630b4251ca13f\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//pub-acc327163eeb410bac3630b4251ca13f.r2.dev/index.html"; flow:to_server,established; http.header; content:"pub-acc327163eeb410bac3630b4251ca13f.r2.dev"; fast_pattern; nocase; http.uri; content:"/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname bitcoinsparkdatas.pages.dev"; dns.query; content:"bitcoinsparkdatas.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bitcoinsparkdatas\.pages\.dev$/i"; classtype:trojan-activity; sid:37141431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname bitcoinsparkdatas.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bitcoinsparkdatas.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bitcoinsparkdatas\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//bitcoinsparkdatas.pages.dev"; flow:to_server,established; http.header; content:"bitcoinsparkdatas.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname blockchainsconnect.pages.dev"; dns.query; content:"blockchainsconnect.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsconnect\.pages\.dev$/i"; classtype:trojan-activity; sid:37141461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname blockchainsconnect.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchainsconnect.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainsconnect\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//blockchainsconnect.pages.dev"; flow:to_server,established; http.header; content:"blockchainsconnect.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname teletsam.club"; dns.query; content:"teletsam.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsam\.club$/i"; classtype:trojan-activity; sid:37141491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname teletsam.club"; flow:to_server,established; http.header; content: "Host|3a| teletsam.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsam\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//teletsam.club/"; flow:to_server,established; http.header; content:"teletsam.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname onedrive.h9cg7mpmcx9590.workers.dev"; dns.query; content:"onedrive.h9cg7mpmcx9590.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onedrive\.h9cg7mpmcx9590\.workers\.dev$/i"; classtype:trojan-activity; sid:37141521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname onedrive.h9cg7mpmcx9590.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| onedrive.h9cg7mpmcx9590.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onedrive\.h9cg7mpmcx9590\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//onedrive.h9cg7mpmcx9590.workers.dev"; flow:to_server,established; http.header; content:"onedrive.h9cg7mpmcx9590.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname kuca-motohandel.pl"; dns.query; content:"kuca-motohandel.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kuca\-motohandel\.pl$/i"; classtype:trojan-activity; sid:37141551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname kuca-motohandel.pl"; flow:to_server,established; http.header; content: "Host|3a| kuca-motohandel.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kuca\-motohandel\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//kuca-motohandel.pl"; flow:to_server,established; http.header; content:"kuca-motohandel.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert dns any any -> any any (msg: "MISP e26132 [] Hostname autosprzedaz-mcl.pl"; dns.query; content:"autosprzedaz-mcl.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autosprzedaz\-mcl\.pl$/i"; classtype:trojan-activity; sid:37141581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26132 [] Outgoing HTTP Hostname autosprzedaz-mcl.pl"; flow:to_server,established; http.header; content: "Host|3a| autosprzedaz-mcl.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autosprzedaz\-mcl\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37141582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26132 [] Outgoing URL http|3a|//autosprzedaz-mcl.pl"; flow:to_server,established; http.header; content:"autosprzedaz-mcl.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37141591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26132;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//lsagjogu8ztaueghasdjsdigh.cc/x86_64"; flow:to_server,established; http.header; content:"lsagjogu8ztaueghasdjsdigh.cc"; fast_pattern; nocase; http.uri; content:"/x86_64"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//lsagjogu8ztaueghasdjsdigh.cc/spc"; flow:to_server,established; http.header; content:"lsagjogu8ztaueghasdjsdigh.cc"; fast_pattern; nocase; http.uri; content:"/spc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//lsagjogu8ztaueghasdjsdigh.cc/mpsl"; flow:to_server,established; http.header; content:"lsagjogu8ztaueghasdjsdigh.cc"; fast_pattern; nocase; http.uri; content:"/mpsl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//lsagjogu8ztaueghasdjsdigh.cc/arm6"; flow:to_server,established; http.header; content:"lsagjogu8ztaueghasdjsdigh.cc"; fast_pattern; nocase; http.uri; content:"/arm6"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//lsagjogu8ztaueghasdjsdigh.cc/arm5"; flow:to_server,established; http.header; content:"lsagjogu8ztaueghasdjsdigh.cc"; fast_pattern; nocase; http.uri; content:"/arm5"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 90.159.4.113 33617 (msg: "MISP e26133 [] Outgoing URL http|3a|//90.159.4.113|3a|33617/i"; flow:to_server,established; http.header; content:"90.159.4.113"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 90.159.4.113 33617 (msg: "MISP e26133 [] Outgoing URL http|3a|//90.159.4.113|3a|33617/bin.sh"; flow:to_server,established; http.header; content:"90.159.4.113"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 42.233.143.171 57845 (msg: "MISP e26133 [] Outgoing URL http|3a|//42.233.143.171|3a|57845/bin.sh"; flow:to_server,established; http.header; content:"42.233.143.171"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 31.220.3.140 $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//31.220.3.140/la.bot.arm6"; flow:to_server,established; http.header; content:"31.220.3.140"; fast_pattern; nocase; http.uri; content:"/la.bot.arm6"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 223.8.221.181 63787 (msg: "MISP e26133 [] Outgoing URL http|3a|//223.8.221.181|3a|63787/.i"; flow:to_server,established; http.header; content:"223.8.221.181"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 222.136.128.126 57483 (msg: "MISP e26133 [] Outgoing URL http|3a|//222.136.128.126|3a|57483/"; flow:to_server,established; http.header; content:"222.136.128.126"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 112.248.111.46 54108 (msg: "MISP e26133 [] Outgoing URL http|3a|//112.248.111.46|3a|54108/bin.sh"; flow:to_server,established; http.header; content:"112.248.111.46"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//lsagjogu8ztaueghasdjsdigh.cc/x86"; flow:to_server,established; http.header; content:"lsagjogu8ztaueghasdjsdigh.cc"; fast_pattern; nocase; http.uri; content:"/x86"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//lsagjogu8ztaueghasdjsdigh.cc/mips"; flow:to_server,established; http.header; content:"lsagjogu8ztaueghasdjsdigh.cc"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26133 [] Outgoing URL http|3a|//lsagjogu8ztaueghasdjsdigh.cc/arm7"; flow:to_server,established; http.header; content:"lsagjogu8ztaueghasdjsdigh.cc"; fast_pattern; nocase; http.uri; content:"/arm7"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 61.53.84.102 36743 (msg: "MISP e26133 [] Outgoing URL http|3a|//61.53.84.102|3a|36743/Mozi.m"; flow:to_server,established; http.header; content:"61.53.84.102"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 59.89.66.99 40327 (msg: "MISP e26133 [] Outgoing URL http|3a|//59.89.66.99|3a|40327/Mozi.m"; flow:to_server,established; http.header; content:"59.89.66.99"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 185.32.4.72 34433 (msg: "MISP e26133 [] Outgoing URL http|3a|//185.32.4.72|3a|34433/Mozi.m"; flow:to_server,established; http.header; content:"185.32.4.72"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 164.163.25.241 59509 (msg: "MISP e26133 [] Outgoing URL http|3a|//164.163.25.241|3a|59509/Mozi.a"; flow:to_server,established; http.header; content:"164.163.25.241"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 119.179.255.86 37939 (msg: "MISP e26133 [] Outgoing URL http|3a|//119.179.255.86|3a|37939/i"; flow:to_server,established; http.header; content:"119.179.255.86"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 117.91.233.134 53491 (msg: "MISP e26133 [] Outgoing URL http|3a|//117.91.233.134|3a|53491/"; flow:to_server,established; http.header; content:"117.91.233.134"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 115.55.242.183 56390 (msg: "MISP e26133 [] Outgoing URL http|3a|//115.55.242.183|3a|56390/Mozi.m"; flow:to_server,established; http.header; content:"115.55.242.183"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert http $HOME_NET any -> 112.237.233.248 39574 (msg: "MISP e26133 [] Outgoing URL http|3a|//112.237.233.248|3a|39574/bin.sh"; flow:to_server,established; http.header; content:"112.237.233.248"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37142551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26133;) alert ip $HOME_NET any -> 46.246.84.15 1995 (msg: "MISP e26403 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 46.246.84.15|1995"; classtype:trojan-activity; sid:37266571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 46.246.84.5 7771 (msg: "MISP e26403 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 46.246.84.5|7771"; classtype:trojan-activity; sid:37266581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Domain berlyndnero.duckdns.org"; dns.query; content:"berlyndnero.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])berlyndnero\.duckdns\.org$/i"; classtype:trojan-activity; sid:37266591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing HTTP Domain berlyndnero.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"berlyndnero.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])berlyndnero\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 171.228.211.109 56999 (msg: "MISP e26403 [Mirai,misp:confidence-level="usually-confident"] Outgoing To IP: 171.228.211.109|56999"; classtype:trojan-activity; sid:37266601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [Mirai,misp:confidence-level="usually-confident"] Domain kami.shopkami.site"; dns.query; content:"kami.shopkami.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])kami\.shopkami\.site$/i"; classtype:trojan-activity; sid:37266611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [Mirai,misp:confidence-level="usually-confident"] Outgoing HTTP Domain kami.shopkami.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kami.shopkami.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kami\.shopkami\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26369 [] Domain linkprotect.cudasvc.com"; dns.query; content:"linkprotect.cudasvc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])linkprotect\.cudasvc\.com$/i"; classtype:trojan-activity; sid:37252821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26369;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26369 [] Outgoing HTTP Domain linkprotect.cudasvc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"linkprotect.cudasvc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])linkprotect\.cudasvc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26369;) alert dns any any -> any any (msg: "MISP e26097 [] Domain tarjetacencosud--cl.bhojpuriacademy.org"; dns.query; content:"tarjetacencosud--cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])tarjetacencosud\-\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37129381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26097;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26097 [] Outgoing HTTP Domain tarjetacencosud--cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tarjetacencosud--cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tarjetacencosud\-\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37129382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26097;) alert http $HOME_NET any -> 91.107.121.253 $HTTP_PORTS (msg: "MISP e26238 [dcrat] Outgoing URL http|3a|//91.107.121.253/cdn/9/9/windowspublic/5voiddb/6process3/8/serverdbdatalifedle.php"; flow:to_server,established; http.header; content:"91.107.121.253"; fast_pattern; nocase; http.uri; content:"/cdn/9/9/windowspublic/5voiddb/6process3/8/serverdbdatalifedle.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37228731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS45839,c2,censys] Domain smtp.pioneerprinters.co.uk"; dns.query; content:"smtp.pioneerprinters.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])smtp\.pioneerprinters\.co\.uk$/i"; classtype:trojan-activity; sid:37228741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS45839,c2,censys] Outgoing HTTP Domain smtp.pioneerprinters.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smtp.pioneerprinters.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smtp\.pioneerprinters\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37228742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 111.90.150.185 443 (msg: "MISP e26238 [AS45839,c2,censys] Outgoing To IP: 111.90.150.185|443"; classtype:trojan-activity; sid:37228751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 108.165.106.7 80 (msg: "MISP e26238 [AS-GLOBALTELEHOST,AS63023,c2,censys] Outgoing To IP: 108.165.106.7|80"; classtype:trojan-activity; sid:37228761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 8.137.50.92 8000 (msg: "MISP e26238 [AS37963,c2,censys] Outgoing To IP: 8.137.50.92|8000"; classtype:trojan-activity; sid:37228771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 86.107.199.30 11011 (msg: "MISP e26238 [AS202958,c2,censys] Outgoing To IP: 86.107.199.30|11011"; classtype:trojan-activity; sid:37228781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 83.97.20.183 48080 (msg: "MISP e26238 [AS9009,c2,censys,M247] Outgoing To IP: 83.97.20.183|48080"; classtype:trojan-activity; sid:37228791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 42.192.45.240 4444 (msg: "MISP e26238 [AS45090,c2,censys] Outgoing To IP: 42.192.45.240|4444"; classtype:trojan-activity; sid:37228801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 51.38.226.86 443 (msg: "MISP e26238 [AS16276,c2,censys,OVH] Outgoing To IP: 51.38.226.86|443"; classtype:trojan-activity; sid:37228811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 31.43.159.234 1605 (msg: "MISP e26238 [AS48438,c2,censys,CORBINA-AS] Outgoing To IP: 31.43.159.234|1605"; classtype:trojan-activity; sid:37228821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 177.222.224.56 8080 (msg: "MISP e26238 [AS263399,c2,censys] Outgoing To IP: 177.222.224.56|8080"; classtype:trojan-activity; sid:37228831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 1723 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|1723"; classtype:trojan-activity; sid:37228841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 1962 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|1962"; classtype:trojan-activity; sid:37228851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 2004 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|2004"; classtype:trojan-activity; sid:37228861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 2077 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|2077"; classtype:trojan-activity; sid:37228871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 2082 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|2082"; classtype:trojan-activity; sid:37228881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 2181 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|2181"; classtype:trojan-activity; sid:37228891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 2280 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|2280"; classtype:trojan-activity; sid:37228901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 1628 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|1628"; classtype:trojan-activity; sid:37228911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 2000 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|2000"; classtype:trojan-activity; sid:37228921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 2080 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|2080"; classtype:trojan-activity; sid:37228931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 2083 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|2083"; classtype:trojan-activity; sid:37228941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.135.95.35 2086 (msg: "MISP e26238 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|2086"; classtype:trojan-activity; sid:37228951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 20.52.118.210 31337 (msg: "MISP e26238 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.52.118.210|31337"; classtype:trojan-activity; sid:37228961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 216.118.230.117 33452 (msg: "MISP e26238 [AS45753,c2,censys,Supershell] Outgoing To IP: 216.118.230.117|33452"; classtype:trojan-activity; sid:37228971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 185.81.157.106 777 (msg: "MISP e26238 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.106|777"; classtype:trojan-activity; sid:37228981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 185.81.157.183 9696 (msg: "MISP e26238 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.183|9696"; classtype:trojan-activity; sid:37228991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS40021,c2,censys,NL-811-40021,RAT] Domain srxy123.is-a-geek.com"; dns.query; content:"srxy123.is-a-geek.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])srxy123\.is\-a\-geek\.com$/i"; classtype:trojan-activity; sid:37229001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS40021,c2,censys,NL-811-40021,RAT] Outgoing HTTP Domain srxy123.is-a-geek.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"srxy123.is-a-geek.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])srxy123\.is\-a\-geek\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 20.81.43.192 8080 (msg: "MISP e26238 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT] Outgoing To IP: 20.81.43.192|8080"; classtype:trojan-activity; sid:37229011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 78.161.49.74 3003 (msg: "MISP e26238 [AS9121,c2,censys,RAT,TTNET] Outgoing To IP: 78.161.49.74|3003"; classtype:trojan-activity; sid:37229021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 78.161.49.74 888 (msg: "MISP e26238 [AS9121,c2,censys,RAT,TTNET] Outgoing To IP: 78.161.49.74|888"; classtype:trojan-activity; sid:37229031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 91.92.255.64 6000 (msg: "MISP e26238 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.255.64|6000"; classtype:trojan-activity; sid:37229041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 91.92.255.64 8000 (msg: "MISP e26238 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.255.64|8000"; classtype:trojan-activity; sid:37229051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 91.92.255.64 8088 (msg: "MISP e26238 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.255.64|8088"; classtype:trojan-activity; sid:37229061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 35.202.200.238 443 (msg: "MISP e26238 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,Mythic] Outgoing To IP: 35.202.200.238|443"; classtype:trojan-activity; sid:37229071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 185.196.9.10 7443 (msg: "MISP e26238 [AS42624,c2,censys,Mythic,SIMPLECARRIER] Outgoing To IP: 185.196.9.10|7443"; classtype:trojan-activity; sid:37229081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 46.101.195.151 443 (msg: "MISP e26238 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 46.101.195.151|443"; classtype:trojan-activity; sid:37229091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Domain 64-225-100-2.cprapid.com"; dns.query; content:"64-225-100-2.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])64\-225\-100\-2\.cprapid\.com$/i"; classtype:trojan-activity; sid:37229101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing HTTP Domain 64-225-100-2.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"64-225-100-2.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])64\-225\-100\-2\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Domain ansible-tower-pocket-node1.validatorsheaven.network"; dns.query; content:"ansible-tower-pocket-node1.validatorsheaven.network"; nocase; pcre: "/(^|[^A-Za-z0-9-])ansible\-tower\-pocket\-node1\.validatorsheaven\.network$/i"; classtype:trojan-activity; sid:37229111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing HTTP Domain ansible-tower-pocket-node1.validatorsheaven.network"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ansible-tower-pocket-node1.validatorsheaven.network"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ansible\-tower\-pocket\-node1\.validatorsheaven\.network[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 185.172.128.148 80 (msg: "MISP e26238 [AS216309,c2,censys,EVILEMPIRE-AS,HookBot] Outgoing To IP: 185.172.128.148|80"; classtype:trojan-activity; sid:37229121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 95.216.123.85 80 (msg: "MISP e26238 [AS24940,c2,censys,HETZNER-AS,HookBot] Outgoing To IP: 95.216.123.85|80"; classtype:trojan-activity; sid:37229131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 89.23.103.187 80 (msg: "MISP e26238 [AS207713,c2,censys,GIR-AS,HookBot] Outgoing To IP: 89.23.103.187|80"; classtype:trojan-activity; sid:37229141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 93.123.39.152 50555 (msg: "MISP e26238 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 93.123.39.152|50555"; classtype:trojan-activity; sid:37229151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS9050,c2,censys,HookBot] Domain dgaf.catboy.me"; dns.query; content:"dgaf.catboy.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])dgaf\.catboy\.me$/i"; classtype:trojan-activity; sid:37229161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS9050,c2,censys,HookBot] Outgoing HTTP Domain dgaf.catboy.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dgaf.catboy.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dgaf\.catboy\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain grinevitchnicolas.fvds.ru"; dns.query; content:"grinevitchnicolas.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas\.fvds\.ru$/i"; classtype:trojan-activity; sid:37229171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain grinevitchnicolas.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grinevitchnicolas.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS399077,c2,censys,HookBot,TERAEXCH] Domain 883217.cc"; dns.query; content:"883217.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])883217\.cc$/i"; classtype:trojan-activity; sid:37229181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS399077,c2,censys,HookBot,TERAEXCH] Outgoing HTTP Domain 883217.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"883217.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])883217\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS24940,c2,censys,HETZNER-AS,HookBot] Domain static.197.203.76.144.clients.your-server.de"; dns.query; content:"static.197.203.76.144.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.197\.203\.76\.144\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37229191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS24940,c2,censys,HETZNER-AS,HookBot] Outgoing HTTP Domain static.197.203.76.144.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.197.203.76.144.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.197\.203\.76\.144\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 185.81.157.211 9191 (msg: "MISP e26238 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.211|9191"; classtype:trojan-activity; sid:37229201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 185.81.157.203 9090 (msg: "MISP e26238 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.203|9090"; classtype:trojan-activity; sid:37229211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 82.102.23.170 8081 (msg: "MISP e26238 [AS9009,c2,censys,M247,RAT] Outgoing To IP: 82.102.23.170|8081"; classtype:trojan-activity; sid:37229221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 51.120.7.94 1337 (msg: "MISP e26238 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT] Outgoing To IP: 51.120.7.94|1337"; classtype:trojan-activity; sid:37229231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS63949,c2,censys] Domain 45-79-196-203.ip.linodeusercontent.com"; dns.query; content:"45-79-196-203.ip.linodeusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])45\-79\-196\-203\.ip\.linodeusercontent\.com$/i"; classtype:trojan-activity; sid:37229241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS63949,c2,censys] Outgoing HTTP Domain 45-79-196-203.ip.linodeusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"45-79-196-203.ip.linodeusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])45\-79\-196\-203\.ip\.linodeusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 45.79.196.203 4443 (msg: "MISP e26238 [AS63949,c2,censys] Outgoing To IP: 45.79.196.203|4443"; classtype:trojan-activity; sid:37229251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain reporttest.rubecon.co.za"; dns.query; content:"reporttest.rubecon.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-])reporttest\.rubecon\.co\.za$/i"; classtype:trojan-activity; sid:37229261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain reporttest.rubecon.co.za"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reporttest.rubecon.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reporttest\.rubecon\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 154.245.89.99 80 (msg: "MISP e26238 [ALGTEL-AS,AS36947,c2,censys,RAT] Outgoing To IP: 154.245.89.99|80"; classtype:trojan-activity; sid:37229271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 86.126.4.236 8080 (msg: "MISP e26238 [AS8708,c2,censys,RAT] Outgoing To IP: 86.126.4.236|8080"; classtype:trojan-activity; sid:37229281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 123.206.29.183 10134 (msg: "MISP e26238 [AS45090,c2,censys,RAT] Outgoing To IP: 123.206.29.183|10134"; classtype:trojan-activity; sid:37229291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 197.119.85.192 80 (msg: "MISP e26238 [ALGTEL-AS,AS36947,c2,censys,RAT] Outgoing To IP: 197.119.85.192|80"; classtype:trojan-activity; sid:37229301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 194.48.251.184 80 (msg: "MISP e26238 [AS203168,c2,censys,UNKNOW] Outgoing To IP: 194.48.251.184|80"; classtype:trojan-activity; sid:37229311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 77.232.130.4 80 (msg: "MISP e26238 [AS9123,c2,censys,TIMEWEB-AS] Outgoing To IP: 77.232.130.4|80"; classtype:trojan-activity; sid:37229321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 83.97.73.229 80 (msg: "MISP e26238 [AS208312,c2,censys,REDBYTES] Outgoing To IP: 83.97.73.229|80"; classtype:trojan-activity; sid:37229331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 94.156.65.246 80 (msg: "MISP e26238 [AS394711,c2,censys,LIMENET,stealer] Outgoing To IP: 94.156.65.246|80"; classtype:trojan-activity; sid:37229341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 54.88.105.125 443 (msg: "MISP e26238 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 54.88.105.125|443"; classtype:trojan-activity; sid:37229351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-54-86-17-63.compute-1.amazonaws.com"; dns.query; content:"ec2-54-86-17-63.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-86\-17\-63\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37229361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-54-86-17-63.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-86-17-63.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-86\-17\-63\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 42.96.2.220 80 (msg: "MISP e26238 [AS135918,c2,censys] Outgoing To IP: 42.96.2.220|80"; classtype:trojan-activity; sid:37229371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 42.119.113.85 80 (msg: "MISP e26238 [AS18403,c2,censys] Outgoing To IP: 42.119.113.85|80"; classtype:trojan-activity; sid:37229381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 204.216.223.114 80 (msg: "MISP e26238 [AS31898,c2,censys,ORACLE-BMC-31898,UNAM] Outgoing To IP: 204.216.223.114|80"; classtype:trojan-activity; sid:37229391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 212.64.217.73 8686 (msg: "MISP e26238 [AS61135,c2,censys,COMNET-DATACENTER-ISTANBUL,UNAM] Outgoing To IP: 212.64.217.73|8686"; classtype:trojan-activity; sid:37229401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS-REG,AS197695,c2,censys,UNAM] Domain linkerjeki.fun"; dns.query; content:"linkerjeki.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])linkerjeki\.fun$/i"; classtype:trojan-activity; sid:37229411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS-REG,AS197695,c2,censys,UNAM] Outgoing HTTP Domain linkerjeki.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"linkerjeki.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])linkerjeki\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 34.130.87.37 60000 (msg: "MISP e26238 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,Viper] Outgoing To IP: 34.130.87.37|60000"; classtype:trojan-activity; sid:37229421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 51.68.175.177 3333 (msg: "MISP e26238 [AS16276,censys,GoPhish,OVH,phishing] Outgoing To IP: 51.68.175.177|3333"; classtype:trojan-activity; sid:37229431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 35.200.164.35 3333 (msg: "MISP e26238 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 35.200.164.35|3333"; classtype:trojan-activity; sid:37229441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 185.247.224.35 3333 (msg: "MISP e26238 [AS200651,censys,FLOKINET,GoPhish,phishing] Outgoing To IP: 185.247.224.35|3333"; classtype:trojan-activity; sid:37229451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 195.35.52.127 3333 (msg: "MISP e26238 [AS-HOSTINGER,AS47583,censys,GoPhish,phishing] Outgoing To IP: 195.35.52.127|3333"; classtype:trojan-activity; sid:37229461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 34.230.194.184 443 (msg: "MISP e26238 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 34.230.194.184|443"; classtype:trojan-activity; sid:37229471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 159.146.122.238 2223 (msg: "MISP e26238 [AS12735,ASTURKNET,censys,GoPhish,phishing] Outgoing To IP: 159.146.122.238|2223"; classtype:trojan-activity; sid:37229481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 83.97.73.229 80 (msg: "MISP e26403 [] Outgoing To IP: 83.97.73.229|80"; classtype:trojan-activity; sid:37266621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 77.232.130.4 80 (msg: "MISP e26403 [] Outgoing To IP: 77.232.130.4|80"; classtype:trojan-activity; sid:37266631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 194.48.251.184 80 (msg: "MISP e26403 [] Outgoing To IP: 194.48.251.184|80"; classtype:trojan-activity; sid:37266641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 197.119.85.192 80 (msg: "MISP e26403 [] Outgoing To IP: 197.119.85.192|80"; classtype:trojan-activity; sid:37266651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 123.206.29.183 10134 (msg: "MISP e26403 [] Outgoing To IP: 123.206.29.183|10134"; classtype:trojan-activity; sid:37266661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 86.126.4.236 8080 (msg: "MISP e26403 [] Outgoing To IP: 86.126.4.236|8080"; classtype:trojan-activity; sid:37266671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 154.245.89.99 80 (msg: "MISP e26403 [] Outgoing To IP: 154.245.89.99|80"; classtype:trojan-activity; sid:37266681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain reporttest.rubecon.co.za"; dns.query; content:"reporttest.rubecon.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-])reporttest\.rubecon\.co\.za$/i"; classtype:trojan-activity; sid:37266691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain reporttest.rubecon.co.za"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reporttest.rubecon.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reporttest\.rubecon\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 45.79.196.203 4443 (msg: "MISP e26403 [] Outgoing To IP: 45.79.196.203|4443"; classtype:trojan-activity; sid:37266701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain 45-79-196-203.ip.linodeusercontent.com"; dns.query; content:"45-79-196-203.ip.linodeusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])45\-79\-196\-203\.ip\.linodeusercontent\.com$/i"; classtype:trojan-activity; sid:37266711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain 45-79-196-203.ip.linodeusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"45-79-196-203.ip.linodeusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])45\-79\-196\-203\.ip\.linodeusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 51.120.7.94 1337 (msg: "MISP e26403 [] Outgoing To IP: 51.120.7.94|1337"; classtype:trojan-activity; sid:37266721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 185.81.157.203 9090 (msg: "MISP e26403 [] Outgoing To IP: 185.81.157.203|9090"; classtype:trojan-activity; sid:37266731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 82.102.23.170 8081 (msg: "MISP e26403 [] Outgoing To IP: 82.102.23.170|8081"; classtype:trojan-activity; sid:37266741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 185.81.157.211 9191 (msg: "MISP e26403 [] Outgoing To IP: 185.81.157.211|9191"; classtype:trojan-activity; sid:37266751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain static.197.203.76.144.clients.your-server.de"; dns.query; content:"static.197.203.76.144.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.197\.203\.76\.144\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37266761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain static.197.203.76.144.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.197.203.76.144.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.197\.203\.76\.144\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain 883217.cc"; dns.query; content:"883217.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])883217\.cc$/i"; classtype:trojan-activity; sid:37266771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain 883217.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"883217.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])883217\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain dgaf.catboy.me"; dns.query; content:"dgaf.catboy.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])dgaf\.catboy\.me$/i"; classtype:trojan-activity; sid:37266781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain dgaf.catboy.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dgaf.catboy.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dgaf\.catboy\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain grinevitchnicolas.fvds.ru"; dns.query; content:"grinevitchnicolas.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas\.fvds\.ru$/i"; classtype:trojan-activity; sid:37266791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain grinevitchnicolas.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grinevitchnicolas.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 89.23.103.187 80 (msg: "MISP e26403 [] Outgoing To IP: 89.23.103.187|80"; classtype:trojan-activity; sid:37266801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 93.123.39.152 50555 (msg: "MISP e26403 [] Outgoing To IP: 93.123.39.152|50555"; classtype:trojan-activity; sid:37266811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 95.216.123.85 80 (msg: "MISP e26403 [] Outgoing To IP: 95.216.123.85|80"; classtype:trojan-activity; sid:37266821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 185.172.128.148 80 (msg: "MISP e26403 [] Outgoing To IP: 185.172.128.148|80"; classtype:trojan-activity; sid:37266831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain ansible-tower-pocket-node1.validatorsheaven.network"; dns.query; content:"ansible-tower-pocket-node1.validatorsheaven.network"; nocase; pcre: "/(^|[^A-Za-z0-9-])ansible\-tower\-pocket\-node1\.validatorsheaven\.network$/i"; classtype:trojan-activity; sid:37266841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain ansible-tower-pocket-node1.validatorsheaven.network"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ansible-tower-pocket-node1.validatorsheaven.network"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ansible\-tower\-pocket\-node1\.validatorsheaven\.network[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain 64-225-100-2.cprapid.com"; dns.query; content:"64-225-100-2.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])64\-225\-100\-2\.cprapid\.com$/i"; classtype:trojan-activity; sid:37266851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain 64-225-100-2.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"64-225-100-2.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])64\-225\-100\-2\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 185.196.9.10 7443 (msg: "MISP e26403 [] Outgoing To IP: 185.196.9.10|7443"; classtype:trojan-activity; sid:37266861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 46.101.195.151 443 (msg: "MISP e26403 [] Outgoing To IP: 46.101.195.151|443"; classtype:trojan-activity; sid:37266871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 35.202.200.238 443 (msg: "MISP e26403 [] Outgoing To IP: 35.202.200.238|443"; classtype:trojan-activity; sid:37266881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 91.92.255.64 8000 (msg: "MISP e26403 [] Outgoing To IP: 91.92.255.64|8000"; classtype:trojan-activity; sid:37266891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 91.92.255.64 8088 (msg: "MISP e26403 [] Outgoing To IP: 91.92.255.64|8088"; classtype:trojan-activity; sid:37266901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 91.92.255.64 6000 (msg: "MISP e26403 [] Outgoing To IP: 91.92.255.64|6000"; classtype:trojan-activity; sid:37266911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 78.161.49.74 3003 (msg: "MISP e26403 [] Outgoing To IP: 78.161.49.74|3003"; classtype:trojan-activity; sid:37266921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 78.161.49.74 888 (msg: "MISP e26403 [] Outgoing To IP: 78.161.49.74|888"; classtype:trojan-activity; sid:37266931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 20.81.43.192 8080 (msg: "MISP e26403 [] Outgoing To IP: 20.81.43.192|8080"; classtype:trojan-activity; sid:37266941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain srxy123.is-a-geek.com"; dns.query; content:"srxy123.is-a-geek.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])srxy123\.is\-a\-geek\.com$/i"; classtype:trojan-activity; sid:37266951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain srxy123.is-a-geek.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"srxy123.is-a-geek.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])srxy123\.is\-a\-geek\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 185.81.157.106 777 (msg: "MISP e26403 [] Outgoing To IP: 185.81.157.106|777"; classtype:trojan-activity; sid:37266961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 185.81.157.183 9696 (msg: "MISP e26403 [] Outgoing To IP: 185.81.157.183|9696"; classtype:trojan-activity; sid:37266971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 216.118.230.117 33452 (msg: "MISP e26403 [] Outgoing To IP: 216.118.230.117|33452"; classtype:trojan-activity; sid:37266981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 20.52.118.210 31337 (msg: "MISP e26403 [] Outgoing To IP: 20.52.118.210|31337"; classtype:trojan-activity; sid:37266991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 2086 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|2086"; classtype:trojan-activity; sid:37267001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 2083 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|2083"; classtype:trojan-activity; sid:37267011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 2080 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|2080"; classtype:trojan-activity; sid:37267021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 1628 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|1628"; classtype:trojan-activity; sid:37267031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 2000 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|2000"; classtype:trojan-activity; sid:37267041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 2280 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|2280"; classtype:trojan-activity; sid:37267051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 2082 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|2082"; classtype:trojan-activity; sid:37267061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 2181 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|2181"; classtype:trojan-activity; sid:37267071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 2077 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|2077"; classtype:trojan-activity; sid:37267081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 2004 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|2004"; classtype:trojan-activity; sid:37267091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 1723 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|1723"; classtype:trojan-activity; sid:37267101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.135.95.35 1962 (msg: "MISP e26403 [] Outgoing To IP: 187.135.95.35|1962"; classtype:trojan-activity; sid:37267111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 177.222.224.56 8080 (msg: "MISP e26403 [] Outgoing To IP: 177.222.224.56|8080"; classtype:trojan-activity; sid:37267121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 31.43.159.234 1605 (msg: "MISP e26403 [] Outgoing To IP: 31.43.159.234|1605"; classtype:trojan-activity; sid:37267131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 42.192.45.240 4444 (msg: "MISP e26403 [] Outgoing To IP: 42.192.45.240|4444"; classtype:trojan-activity; sid:37267141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 51.38.226.86 443 (msg: "MISP e26403 [] Outgoing To IP: 51.38.226.86|443"; classtype:trojan-activity; sid:37267151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 83.97.20.183 48080 (msg: "MISP e26403 [] Outgoing To IP: 83.97.20.183|48080"; classtype:trojan-activity; sid:37267161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 86.107.199.30 11011 (msg: "MISP e26403 [] Outgoing To IP: 86.107.199.30|11011"; classtype:trojan-activity; sid:37267171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 8.137.50.92 8000 (msg: "MISP e26403 [] Outgoing To IP: 8.137.50.92|8000"; classtype:trojan-activity; sid:37267181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 108.165.106.7 80 (msg: "MISP e26403 [] Outgoing To IP: 108.165.106.7|80"; classtype:trojan-activity; sid:37267191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 111.90.150.185 443 (msg: "MISP e26403 [] Outgoing To IP: 111.90.150.185|443"; classtype:trojan-activity; sid:37267201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain smtp.pioneerprinters.co.uk"; dns.query; content:"smtp.pioneerprinters.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])smtp\.pioneerprinters\.co\.uk$/i"; classtype:trojan-activity; sid:37267211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain smtp.pioneerprinters.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smtp.pioneerprinters.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smtp\.pioneerprinters\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37267212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> 91.107.121.253 $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//91.107.121.253/Cdn/9/9/windowsPublic/5Voiddb/6process3/8/ServerdbDatalifeDle.php"; flow:to_server,established; http.header; content:"91.107.121.253"; fast_pattern; nocase; http.uri; content:"/Cdn/9/9/windowsPublic/5Voiddb/6process3/8/ServerdbDatalifeDle.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37267221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 31.223.68.157 2223 (msg: "MISP e26238 [AS12735,ASTURKNET,censys,GoPhish,phishing] Outgoing To IP: 31.223.68.157|2223"; classtype:trojan-activity; sid:37229491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 54.155.137.99 443 (msg: "MISP e26238 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 54.155.137.99|443"; classtype:trojan-activity; sid:37229501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 49.13.48.92 53721 (msg: "MISP e26238 [AS24940,censys,GoPhish,HETZNER-AS,phishing] Outgoing To IP: 49.13.48.92|53721"; classtype:trojan-activity; sid:37229511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 185.7.52.219 3333 (msg: "MISP e26238 [AS1886,BTNET,censys,GoPhish,phishing] Outgoing To IP: 185.7.52.219|3333"; classtype:trojan-activity; sid:37229521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 137.184.108.32 3333 (msg: "MISP e26238 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 137.184.108.32|3333"; classtype:trojan-activity; sid:37229531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 194.163.154.118 3333 (msg: "MISP e26238 [AS51167,censys,CONTABO,GoPhish,phishing] Outgoing To IP: 194.163.154.118|3333"; classtype:trojan-activity; sid:37229541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 43.139.43.200 31220 (msg: "MISP e26238 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 43.139.43.200|31220"; classtype:trojan-activity; sid:37229551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 13.246.66.162 443 (msg: "MISP e26238 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 13.246.66.162|443"; classtype:trojan-activity; sid:37229561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 142.154.95.21 443 (msg: "MISP e26238 [AS25019,c2,censys,SAUDINETSTC-AS] Outgoing To IP: 142.154.95.21|443"; classtype:trojan-activity; sid:37229571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 142.154.95.21 443 (msg: "MISP e26403 [] Outgoing To IP: 142.154.95.21|443"; classtype:trojan-activity; sid:37267231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 13.246.66.162 443 (msg: "MISP e26403 [] Outgoing To IP: 13.246.66.162|443"; classtype:trojan-activity; sid:37267241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 43.139.43.200 31220 (msg: "MISP e26403 [] Outgoing To IP: 43.139.43.200|31220"; classtype:trojan-activity; sid:37267251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 194.163.154.118 3333 (msg: "MISP e26403 [] Outgoing To IP: 194.163.154.118|3333"; classtype:trojan-activity; sid:37267261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 137.184.108.32 3333 (msg: "MISP e26403 [] Outgoing To IP: 137.184.108.32|3333"; classtype:trojan-activity; sid:37267271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 185.7.52.219 3333 (msg: "MISP e26403 [] Outgoing To IP: 185.7.52.219|3333"; classtype:trojan-activity; sid:37267281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 49.13.48.92 53721 (msg: "MISP e26403 [] Outgoing To IP: 49.13.48.92|53721"; classtype:trojan-activity; sid:37267291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 54.155.137.99 443 (msg: "MISP e26403 [] Outgoing To IP: 54.155.137.99|443"; classtype:trojan-activity; sid:37267301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 31.223.68.157 2223 (msg: "MISP e26403 [] Outgoing To IP: 31.223.68.157|2223"; classtype:trojan-activity; sid:37267311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 159.146.122.238 2223 (msg: "MISP e26403 [] Outgoing To IP: 159.146.122.238|2223"; classtype:trojan-activity; sid:37267321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 34.230.194.184 443 (msg: "MISP e26403 [] Outgoing To IP: 34.230.194.184|443"; classtype:trojan-activity; sid:37267331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 195.35.52.127 3333 (msg: "MISP e26403 [] Outgoing To IP: 195.35.52.127|3333"; classtype:trojan-activity; sid:37267341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 185.247.224.35 3333 (msg: "MISP e26403 [] Outgoing To IP: 185.247.224.35|3333"; classtype:trojan-activity; sid:37267351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 35.200.164.35 3333 (msg: "MISP e26403 [] Outgoing To IP: 35.200.164.35|3333"; classtype:trojan-activity; sid:37267361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 51.68.175.177 3333 (msg: "MISP e26403 [] Outgoing To IP: 51.68.175.177|3333"; classtype:trojan-activity; sid:37267371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 34.130.87.37 60000 (msg: "MISP e26403 [] Outgoing To IP: 34.130.87.37|60000"; classtype:trojan-activity; sid:37267381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain linkerjeki.fun"; dns.query; content:"linkerjeki.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])linkerjeki\.fun$/i"; classtype:trojan-activity; sid:37267391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain linkerjeki.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"linkerjeki.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])linkerjeki\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37267392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 212.64.217.73 8686 (msg: "MISP e26403 [] Outgoing To IP: 212.64.217.73|8686"; classtype:trojan-activity; sid:37267401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 204.216.223.114 80 (msg: "MISP e26403 [] Outgoing To IP: 204.216.223.114|80"; classtype:trojan-activity; sid:37267411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 42.96.2.220 80 (msg: "MISP e26403 [] Outgoing To IP: 42.96.2.220|80"; classtype:trojan-activity; sid:37267421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 42.119.113.85 80 (msg: "MISP e26403 [] Outgoing To IP: 42.119.113.85|80"; classtype:trojan-activity; sid:37267431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain ec2-54-86-17-63.compute-1.amazonaws.com"; dns.query; content:"ec2-54-86-17-63.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-86\-17\-63\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37267441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain ec2-54-86-17-63.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-86-17-63.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-86\-17\-63\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37267442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 54.88.105.125 443 (msg: "MISP e26403 [] Outgoing To IP: 54.88.105.125|443"; classtype:trojan-activity; sid:37267451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 94.156.65.246 80 (msg: "MISP e26403 [] Outgoing To IP: 94.156.65.246|80"; classtype:trojan-activity; sid:37267461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 46.246.6.12 1995 (msg: "MISP e26403 [] Outgoing To IP: 46.246.6.12|1995"; classtype:trojan-activity; sid:37267471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> 62.109.13.250 $HTTP_PORTS (msg: "MISP e26238 [dcrat] Outgoing URL http|3a|//62.109.13.250/privateto_/universaldownloads/better/publichttpwindows9/request2/serverdownloads6sql/936/httphttplocalsql/31/cpu0temppublic/requestwordpressgametest/linux5dlegame/wordpress2privatedump/imagegame_protect/vmprotect.php"; flow:to_server,established; http.header; content:"62.109.13.250"; fast_pattern; nocase; http.uri; content:"/privateto_/universaldownloads/better/publichttpwindows9/request2/serverdownloads6sql/936/httphttplocalsql/31/cpu0temppublic/requestwordpressgametest/linux5dlegame/wordpress2privatedump/imagegame_protect/vmprotect.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37229591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> 62.109.13.250 $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//62.109.13.250/privateTo_/UniversalDownloads/Better/publicHttpwindows9/request2/ServerDownloads6Sql/936/HttpHttpLocalSql/31/Cpu0TempPublic/RequestWordpressGameTest/linux5DleGame/Wordpress2Privatedump/imageGame_Protect/vmprotect.php"; flow:to_server,established; http.header; content:"62.109.13.250"; fast_pattern; nocase; http.uri; content:"/privateTo_/UniversalDownloads/Better/publicHttpwindows9/request2/ServerDownloads6Sql/936/HttpHttpLocalSql/31/Cpu0TempPublic/RequestWordpressGameTest/linux5DleGame/Wordpress2Privatedump/imageGame_Protect/vmprotect.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37267481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26238 [dcrat] Outgoing URL http|3a|//685938cm.nyashtech.top/jsprocessflowertrafficdownloads.php"; flow:to_server,established; http.header; content:"685938cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/jsprocessflowertrafficdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37229601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//685938cm.nyashtech.top/JsprocessFlowertrafficdownloads.php"; flow:to_server,established; http.header; content:"685938cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/JsprocessFlowertrafficdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37267491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 46.246.6.12 1995 (msg: "MISP e26238 [njrat,RAT] Outgoing To IP: 46.246.6.12|1995"; classtype:trojan-activity; sid:37229581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [njrat,RAT] Domain berlyndnero.duckdns.org"; dns.query; content:"berlyndnero.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])berlyndnero\.duckdns\.org$/i"; classtype:trojan-activity; sid:37228721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [njrat,RAT] Outgoing HTTP Domain berlyndnero.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"berlyndnero.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])berlyndnero\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37228722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 46.246.84.5 7771 (msg: "MISP e26238 [njrat,RAT] Outgoing To IP: 46.246.84.5|7771"; classtype:trojan-activity; sid:37228711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 188.127.235.191 59666 (msg: "MISP e26238 [Mirai] Outgoing To IP: 188.127.235.191|59666"; classtype:trojan-activity; sid:37229611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 45.95.169.103 2545 (msg: "MISP e26238 [Gafgyt] Outgoing To IP: 45.95.169.103|2545"; classtype:trojan-activity; sid:37229621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 45.95.169.103 2545 (msg: "MISP e26403 [] Outgoing To IP: 45.95.169.103|2545"; classtype:trojan-activity; sid:37267501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 188.127.235.191 59666 (msg: "MISP e26403 [] Outgoing To IP: 188.127.235.191|59666"; classtype:trojan-activity; sid:37267511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 72.27.164.56 443 (msg: "MISP e26238 [FLOW-NET,QakBot] Outgoing To IP: 72.27.164.56|443"; classtype:trojan-activity; sid:37229641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 5.194.147.107 2222 (msg: "MISP e26238 [EMIRATES-INTERNET Emirates Internet,QakBot] Outgoing To IP: 5.194.147.107|2222"; classtype:trojan-activity; sid:37229651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 79.107.157.38 995 (msg: "MISP e26238 [QakBot,WIND-AS] Outgoing To IP: 79.107.157.38|995"; classtype:trojan-activity; sid:37229661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 216.118.230.116 33452 (msg: "MISP e26238 [NETSEC-HK Netsec Limited,Supershell] Outgoing To IP: 216.118.230.116|33452"; classtype:trojan-activity; sid:37229671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 216.118.230.114 33452 (msg: "MISP e26238 [NETSEC-HK Netsec Limited,Supershell] Outgoing To IP: 216.118.230.114|33452"; classtype:trojan-activity; sid:37229681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 216.118.230.114 33452 (msg: "MISP e26403 [] Outgoing To IP: 216.118.230.114|33452"; classtype:trojan-activity; sid:37267521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 216.118.230.116 33452 (msg: "MISP e26403 [] Outgoing To IP: 216.118.230.116|33452"; classtype:trojan-activity; sid:37267531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 79.107.157.38 995 (msg: "MISP e26403 [] Outgoing To IP: 79.107.157.38|995"; classtype:trojan-activity; sid:37267541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 5.194.147.107 2222 (msg: "MISP e26403 [] Outgoing To IP: 5.194.147.107|2222"; classtype:trojan-activity; sid:37267551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 72.27.164.56 443 (msg: "MISP e26403 [] Outgoing To IP: 72.27.164.56|443"; classtype:trojan-activity; sid:37267561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain mb-testing.azureedge.net"; dns.query; content:"mb-testing.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mb\-testing\.azureedge\.net$/i"; classtype:trojan-activity; sid:37267571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain mb-testing.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mb-testing.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mb\-testing\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37267572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> 18.231.155.189 42188 (msg: "MISP e26594 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//18.231.155.189|3a|42188/gbPLJBFvMLJ.xml"; flow:to_server,established; http.header; content:"18.231.155.189"; fast_pattern; nocase; http.uri; content:"/gbPLJBFvMLJ.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37484881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26594;) alert http $HOME_NET any -> 18.231.155.189 4318 (msg: "MISP e26594 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//18.231.155.189|3a|4318/"; flow:to_server,established; http.header; content:"18.231.155.189"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37484891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26594;) alert http $HOME_NET any -> 15.228.160.156 4917 (msg: "MISP e26594 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//15.228.160.156|3a|4917/"; flow:to_server,established; http.header; content:"15.228.160.156"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37484901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26594;) alert http $HOME_NET any -> 15.228.167.91 34184 (msg: "MISP e26594 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//15.228.167.91|3a|34184/uNKBgcUMez.xml"; flow:to_server,established; http.header; content:"15.228.167.91"; fast_pattern; nocase; http.uri; content:"/uNKBgcUMez.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37484911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26594;) alert http $HOME_NET any -> 15.228.167.91 34184 (msg: "MISP e26594 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//15.228.167.91|3a|34184/TjRKLA.xml"; flow:to_server,established; http.header; content:"15.228.167.91"; fast_pattern; nocase; http.uri; content:"/TjRKLA.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37484921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26594;) alert http $HOME_NET any -> 15.228.167.91 34184 (msg: "MISP e26594 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//15.228.167.91|3a|34184/KpcYtkgme.xml"; flow:to_server,established; http.header; content:"15.228.167.91"; fast_pattern; nocase; http.uri; content:"/KpcYtkgme.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37484931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26594;) alert http $HOME_NET any -> 18.231.158.245 30194 (msg: "MISP e26594 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//18.231.158.245|3a|30194/cEPidEhcX.xml"; flow:to_server,established; http.header; content:"18.231.158.245"; fast_pattern; nocase; http.uri; content:"/cEPidEhcX.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37484941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26594;) alert http $HOME_NET any -> 18.230.204.243 40551 (msg: "MISP e26594 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//18.230.204.243|3a|40551/BsFvgBMeX.xml"; flow:to_server,established; http.header; content:"18.230.204.243"; fast_pattern; nocase; http.uri; content:"/BsFvgBMeX.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37484951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26594;) alert http $HOME_NET any -> 18.228.222.53 30877 (msg: "MISP e26594 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//18.228.222.53|3a|30877/ohHsAUJj.xml"; flow:to_server,established; http.header; content:"18.228.222.53"; fast_pattern; nocase; http.uri; content:"/ohHsAUJj.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37484961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26594;) alert dns any any -> any any (msg: "MISP e26238 [CobaltStrike,cs-watermark-557575264] Domain mb-testing.azureedge.net"; dns.query; content:"mb-testing.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mb\-testing\.azureedge\.net$/i"; classtype:trojan-activity; sid:37229631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [CobaltStrike,cs-watermark-557575264] Outgoing HTTP Domain mb-testing.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mb-testing.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mb\-testing\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26325 [] Outgoing URL http|3a|//tinyurl.com/y8e29jk4?"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/y8e29jk4"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37251421; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26325;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26238 [dcrat] Outgoing URL http|3a|//a0914338.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0914338.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37229691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> 116.202.101.219 8080 (msg: "MISP e26305 [kill-chain:Command and Control] Outgoing URL http|3a|//116.202.101.219|3a|8080/C4d7l/RuntimeBroker.EXE"; flow:to_server,established; http.header; content:"116.202.101.219"; fast_pattern; nocase; http.uri; content:"/C4d7l/RuntimeBroker.EXE"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37241441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26305;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//a0914338.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0914338.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37267581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26238 [dcrat] Outgoing URL http|3a|//bobrcurw.top/pipetopythonjsrequesthttpwordpress.php"; flow:to_server,established; http.header; content:"bobrcurw.top"; fast_pattern; nocase; http.uri; content:"/pipetopythonjsrequesthttpwordpress.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37229701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//bobrcurw.top/PipeToPythonJsrequesthttpwordpress.php"; flow:to_server,established; http.header; content:"bobrcurw.top"; fast_pattern; nocase; http.uri; content:"/PipeToPythonJsrequesthttpwordpress.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37267591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26190 [] Domain consulta.coastconsulting.com.au"; dns.query; content:"consulta.coastconsulting.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-])consulta\.coastconsulting\.com\.au$/i"; classtype:trojan-activity; sid:37208501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26190;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26190 [] Outgoing HTTP Domain consulta.coastconsulting.com.au"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consulta.coastconsulting.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consulta\.coastconsulting\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37208502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26190;) alert ip $HOME_NET any -> 78.47.174.101 9000 (msg: "MISP e26238 [Vidar] Outgoing To IP: 78.47.174.101|9000"; classtype:trojan-activity; sid:37229771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 78.47.191.114 9000 (msg: "MISP e26238 [Vidar] Outgoing To IP: 78.47.191.114|9000"; classtype:trojan-activity; sid:37229781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 49.12.101.249 9000 (msg: "MISP e26238 [Vidar] Outgoing To IP: 49.12.101.249|9000"; classtype:trojan-activity; sid:37229791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 95.217.209.180 443 (msg: "MISP e26238 [Vidar] Outgoing To IP: 95.217.209.180|443"; classtype:trojan-activity; sid:37229801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 95.217.243.137 443 (msg: "MISP e26238 [Vidar] Outgoing To IP: 95.217.243.137|443"; classtype:trojan-activity; sid:37229811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26305 [kill-chain:Command and Control] Outgoing URL http|3a|//www.mystictesting.com/testing/RuntimeBroker.EXE"; flow:to_server,established; http.header; content:"www.mystictesting.com"; fast_pattern; nocase; http.uri; content:"/testing/RuntimeBroker.EXE"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37241451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26305;) alert ip $HOME_NET any -> 95.217.209.180 443 (msg: "MISP e26403 [] Outgoing To IP: 95.217.209.180|443"; classtype:trojan-activity; sid:37267601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 95.217.243.137 443 (msg: "MISP e26403 [] Outgoing To IP: 95.217.243.137|443"; classtype:trojan-activity; sid:37267611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 78.47.174.101 9000 (msg: "MISP e26403 [] Outgoing To IP: 78.47.174.101|9000"; classtype:trojan-activity; sid:37267631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 78.47.191.114 9000 (msg: "MISP e26403 [] Outgoing To IP: 78.47.191.114|9000"; classtype:trojan-activity; sid:37267641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 49.12.101.249 9000 (msg: "MISP e26403 [] Outgoing To IP: 49.12.101.249|9000"; classtype:trojan-activity; sid:37267651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.colbere.uk"; dns.query; content:"www.colbere.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.colbere\.uk$/i"; classtype:trojan-activity; sid:37247671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.colbere.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.colbere.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.colbere\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247672; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.78669vip.com"; dns.query; content:"www.78669vip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.78669vip\.com$/i"; classtype:trojan-activity; sid:37247681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.78669vip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.78669vip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.78669vip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247682; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.abttt.win"; dns.query; content:"www.abttt.win"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.abttt\.win$/i"; classtype:trojan-activity; sid:37247691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.abttt.win"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.abttt.win"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.abttt\.win[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247692; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.adelaidesociety.com"; dns.query; content:"www.adelaidesociety.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.adelaidesociety\.com$/i"; classtype:trojan-activity; sid:37247701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.adelaidesociety.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.adelaidesociety.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.adelaidesociety\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.adenium1000rose.store"; dns.query; content:"www.adenium1000rose.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.adenium1000rose\.store$/i"; classtype:trojan-activity; sid:37247711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.adenium1000rose.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.adenium1000rose.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.adenium1000rose\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.barabell.com"; dns.query; content:"www.barabell.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.barabell\.com$/i"; classtype:trojan-activity; sid:37247721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.barabell.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.barabell.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.barabell\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247722; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.bodypopsshop.com"; dns.query; content:"www.bodypopsshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.bodypopsshop\.com$/i"; classtype:trojan-activity; sid:37247731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.bodypopsshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.bodypopsshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.bodypopsshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247732; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.canlicerrahi.xyz"; dns.query; content:"www.canlicerrahi.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.canlicerrahi\.xyz$/i"; classtype:trojan-activity; sid:37247741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.canlicerrahi.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.canlicerrahi.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.canlicerrahi\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.christmatoy.com"; dns.query; content:"www.christmatoy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.christmatoy\.com$/i"; classtype:trojan-activity; sid:37247751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.christmatoy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.christmatoy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.christmatoy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.forumhtc.com"; dns.query; content:"www.forumhtc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.forumhtc\.com$/i"; classtype:trojan-activity; sid:37247761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.forumhtc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.forumhtc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.forumhtc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.gadpuch.website"; dns.query; content:"www.gadpuch.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gadpuch\.website$/i"; classtype:trojan-activity; sid:37247771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.gadpuch.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.gadpuch.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gadpuch\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.gtalc.asia"; dns.query; content:"www.gtalc.asia"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gtalc\.asia$/i"; classtype:trojan-activity; sid:37247781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.gtalc.asia"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.gtalc.asia"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gtalc\.asia[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247782; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.insightcherry.online"; dns.query; content:"www.insightcherry.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.insightcherry\.online$/i"; classtype:trojan-activity; sid:37247791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.insightcherry.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.insightcherry.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.insightcherry\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.justfeelgood.org"; dns.query; content:"www.justfeelgood.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.justfeelgood\.org$/i"; classtype:trojan-activity; sid:37247801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.justfeelgood.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.justfeelgood.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.justfeelgood\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247802; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.themesterofsuepnse.rest"; dns.query; content:"www.themesterofsuepnse.rest"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.themesterofsuepnse\.rest$/i"; classtype:trojan-activity; sid:37247811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.themesterofsuepnse.rest"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.themesterofsuepnse.rest"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.themesterofsuepnse\.rest[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247812; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e26317 [] Domain www.visawe.online"; dns.query; content:"www.visawe.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.visawe\.online$/i"; classtype:trojan-activity; sid:37247821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26317 [] Outgoing HTTP Domain www.visawe.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.visawe.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.visawe\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247822; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26317;) alert dns any any -> any any (msg: "MISP e24600 [] Domain www.cns-lux.com"; dns.query; content:"www.cns-lux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cns\-lux\.com$/i"; classtype:trojan-activity; sid:37248291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain www.cns-lux.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.cns-lux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cns\-lux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37248292; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain page5store.com"; dns.query; content:"page5store.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])page5store\.com$/i"; classtype:trojan-activity; sid:37248331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain page5store.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"page5store.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])page5store\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37248332; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing URL k.com/share/r/dVWegYL1BSXSaDbR"; flow:to_server,established; http.uri; content:"k.com/share/r/dVWegYL1BSXSaDbR"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37248341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e26375 [] Domain sunbeltlubricant.com"; dns.query; content:"sunbeltlubricant.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sunbeltlubricant\.com$/i"; classtype:trojan-activity; sid:37252961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Domain sunbeltlubricant.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sunbeltlubricant.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sunbeltlubricant\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert dns any any -> any any (msg: "MISP e24600 [] Domain eboo-luxe.shacknet.us"; dns.query; content:"eboo-luxe.shacknet.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])eboo\-luxe\.shacknet\.us$/i"; classtype:trojan-activity; sid:37248391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain eboo-luxe.shacknet.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eboo-luxe.shacknet.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eboo\-luxe\.shacknet\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37248392; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain luxtrust-bgl-banking.land-4-sale.us"; dns.query; content:"luxtrust-bgl-banking.land-4-sale.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])luxtrust\-bgl\-banking\.land\-4\-sale\.us$/i"; classtype:trojan-activity; sid:37248431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain luxtrust-bgl-banking.land-4-sale.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luxtrust-bgl-banking.land-4-sale.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luxtrust\-bgl\-banking\.land\-4\-sale\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37248432; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain ddf.is-a-soxfan.org"; dns.query; content:"ddf.is-a-soxfan.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])ddf\.is\-a\-soxfan\.org$/i"; classtype:trojan-activity; sid:37248471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain ddf.is-a-soxfan.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ddf.is-a-soxfan.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ddf\.is\-a\-soxfan\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37248472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e26328 [] Domain proximus-client.ddns.net"; dns.query; content:"proximus-client.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])proximus\-client\.ddns\.net$/i"; classtype:trojan-activity; sid:37251701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26328;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26328 [] Outgoing HTTP Domain proximus-client.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"proximus-client.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])proximus\-client\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26328;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname wefwvszdsdfbscsdcsxdcdsc.page.link"; dns.query; content:"wefwvszdsdfbscsdcsxdcdsc.page.link"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wefwvszdsdfbscsdcsxdcdsc\.page\.link$/i"; classtype:trojan-activity; sid:37259591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname wefwvszdsdfbscsdcsxdcdsc.page.link"; flow:to_server,established; http.header; content: "Host|3a| wefwvszdsdfbscsdcsxdcdsc.page.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wefwvszdsdfbscsdcsxdcdsc\.page\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname sneakerskampala.com"; dns.query; content:"sneakerskampala.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com$/i"; classtype:trojan-activity; sid:37259611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname sneakerskampala.com"; flow:to_server,established; http.header; content: "Host|3a| sneakerskampala.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname brmasonry.com.au"; dns.query; content:"brmasonry.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au$/i"; classtype:trojan-activity; sid:37259631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname brmasonry.com.au"; flow:to_server,established; http.header; content: "Host|3a| brmasonry.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname taldartechconsultancy.com"; dns.query; content:"taldartechconsultancy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com$/i"; classtype:trojan-activity; sid:37259651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname taldartechconsultancy.com"; flow:to_server,established; http.header; content: "Host|3a| taldartechconsultancy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ellebraude.com.br"; dns.query; content:"ellebraude.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br$/i"; classtype:trojan-activity; sid:37259671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ellebraude.com.br"; flow:to_server,established; http.header; content: "Host|3a| ellebraude.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname 24jobsz.com"; dns.query; content:"24jobsz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])24jobsz\.com$/i"; classtype:trojan-activity; sid:37259691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname 24jobsz.com"; flow:to_server,established; http.header; content: "Host|3a| 24jobsz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])24jobsz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname latinasiaperu.com"; dns.query; content:"latinasiaperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com$/i"; classtype:trojan-activity; sid:37259711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname latinasiaperu.com"; flow:to_server,established; http.header; content: "Host|3a| latinasiaperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37259731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname deviance.za.net"; dns.query; content:"deviance.za.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net$/i"; classtype:trojan-activity; sid:37259751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname deviance.za.net"; flow:to_server,established; http.header; content: "Host|3a| deviance.za.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37259771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ellebraude.com.br"; dns.query; content:"ellebraude.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br$/i"; classtype:trojan-activity; sid:37259791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ellebraude.com.br"; flow:to_server,established; http.header; content: "Host|3a| ellebraude.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname sneakerskampala.com"; dns.query; content:"sneakerskampala.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com$/i"; classtype:trojan-activity; sid:37259811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname sneakerskampala.com"; flow:to_server,established; http.header; content: "Host|3a| sneakerskampala.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname smlwari.com"; dns.query; content:"smlwari.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com$/i"; classtype:trojan-activity; sid:37259831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname smlwari.com"; flow:to_server,established; http.header; content: "Host|3a| smlwari.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname gmaiil.com.mx"; dns.query; content:"gmaiil.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx$/i"; classtype:trojan-activity; sid:37259851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname gmaiil.com.mx"; flow:to_server,established; http.header; content: "Host|3a| gmaiil.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37259871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37259891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ibookit.app"; dns.query; content:"ibookit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ibookit\.app$/i"; classtype:trojan-activity; sid:37259911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ibookit.app"; flow:to_server,established; http.header; content: "Host|3a| ibookit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ibookit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37259931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname yourspiritualhaven.ca"; dns.query; content:"yourspiritualhaven.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yourspiritualhaven\.ca$/i"; classtype:trojan-activity; sid:37259951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname yourspiritualhaven.ca"; flow:to_server,established; http.header; content: "Host|3a| yourspiritualhaven.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yourspiritualhaven\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37259971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname taldartechconsultancy.com"; dns.query; content:"taldartechconsultancy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com$/i"; classtype:trojan-activity; sid:37259991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname taldartechconsultancy.com"; flow:to_server,established; http.header; content: "Host|3a| taldartechconsultancy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname kgcdiary.com"; dns.query; content:"kgcdiary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kgcdiary\.com$/i"; classtype:trojan-activity; sid:37260011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname kgcdiary.com"; flow:to_server,established; http.header; content: "Host|3a| kgcdiary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kgcdiary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname icvpartners.com"; dns.query; content:"icvpartners.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icvpartners\.com$/i"; classtype:trojan-activity; sid:37260031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname icvpartners.com"; flow:to_server,established; http.header; content: "Host|3a| icvpartners.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icvpartners\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname quick-ez.com"; dns.query; content:"quick-ez.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quick\-ez\.com$/i"; classtype:trojan-activity; sid:37260051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname quick-ez.com"; flow:to_server,established; http.header; content: "Host|3a| quick-ez.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quick\-ez\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname smakebangsaan.sch.id"; dns.query; content:"smakebangsaan.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id$/i"; classtype:trojan-activity; sid:37260071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname smakebangsaan.sch.id"; flow:to_server,established; http.header; content: "Host|3a| smakebangsaan.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname taldartechconsultancy.com"; dns.query; content:"taldartechconsultancy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com$/i"; classtype:trojan-activity; sid:37260091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname taldartechconsultancy.com"; flow:to_server,established; http.header; content: "Host|3a| taldartechconsultancy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname gmaiil.com.mx"; dns.query; content:"gmaiil.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx$/i"; classtype:trojan-activity; sid:37260111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname gmaiil.com.mx"; flow:to_server,established; http.header; content: "Host|3a| gmaiil.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname dancesynergyworx.co.za"; dns.query; content:"dancesynergyworx.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za$/i"; classtype:trojan-activity; sid:37260131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname dancesynergyworx.co.za"; flow:to_server,established; http.header; content: "Host|3a| dancesynergyworx.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname global-convenience.com"; dns.query; content:"global-convenience.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com$/i"; classtype:trojan-activity; sid:37260151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname global-convenience.com"; flow:to_server,established; http.header; content: "Host|3a| global-convenience.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37260171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37260191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname brmasonry.com.au"; dns.query; content:"brmasonry.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au$/i"; classtype:trojan-activity; sid:37260211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname brmasonry.com.au"; flow:to_server,established; http.header; content: "Host|3a| brmasonry.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname scmsgroup.org"; dns.query; content:"scmsgroup.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scmsgroup\.org$/i"; classtype:trojan-activity; sid:37260231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname scmsgroup.org"; flow:to_server,established; http.header; content: "Host|3a| scmsgroup.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scmsgroup\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname newhorizoncanada.com"; dns.query; content:"newhorizoncanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newhorizoncanada\.com$/i"; classtype:trojan-activity; sid:37260251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname newhorizoncanada.com"; flow:to_server,established; http.header; content: "Host|3a| newhorizoncanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newhorizoncanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname mijaljevic.com"; dns.query; content:"mijaljevic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com$/i"; classtype:trojan-activity; sid:37260271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname mijaljevic.com"; flow:to_server,established; http.header; content: "Host|3a| mijaljevic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname diresaapurimac.gob.pe"; dns.query; content:"diresaapurimac.gob.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe$/i"; classtype:trojan-activity; sid:37260291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname diresaapurimac.gob.pe"; flow:to_server,established; http.header; content: "Host|3a| diresaapurimac.gob.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname smakebangsaan.sch.id"; dns.query; content:"smakebangsaan.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id$/i"; classtype:trojan-activity; sid:37260311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname smakebangsaan.sch.id"; flow:to_server,established; http.header; content: "Host|3a| smakebangsaan.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37260331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname sunilvishwakarma.in"; dns.query; content:"sunilvishwakarma.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in$/i"; classtype:trojan-activity; sid:37260351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname sunilvishwakarma.in"; flow:to_server,established; http.header; content: "Host|3a| sunilvishwakarma.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bss.com.pk"; dns.query; content:"bss.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk$/i"; classtype:trojan-activity; sid:37260371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bss.com.pk"; flow:to_server,established; http.header; content: "Host|3a| bss.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname adbs.sch.id"; dns.query; content:"adbs.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id$/i"; classtype:trojan-activity; sid:37260391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname adbs.sch.id"; flow:to_server,established; http.header; content: "Host|3a| adbs.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname sneakerskampala.com"; dns.query; content:"sneakerskampala.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com$/i"; classtype:trojan-activity; sid:37260411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname sneakerskampala.com"; flow:to_server,established; http.header; content: "Host|3a| sneakerskampala.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname 24jobsz.com"; dns.query; content:"24jobsz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])24jobsz\.com$/i"; classtype:trojan-activity; sid:37260431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname 24jobsz.com"; flow:to_server,established; http.header; content: "Host|3a| 24jobsz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])24jobsz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname grandlieucouverture.fr"; dns.query; content:"grandlieucouverture.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr$/i"; classtype:trojan-activity; sid:37260451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname grandlieucouverture.fr"; flow:to_server,established; http.header; content: "Host|3a| grandlieucouverture.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname cursosrdg.ccr.edu.pe"; dns.query; content:"cursosrdg.ccr.edu.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe$/i"; classtype:trojan-activity; sid:37260471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname cursosrdg.ccr.edu.pe"; flow:to_server,established; http.header; content: "Host|3a| cursosrdg.ccr.edu.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bss.com.pk"; dns.query; content:"bss.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk$/i"; classtype:trojan-activity; sid:37260491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bss.com.pk"; flow:to_server,established; http.header; content: "Host|3a| bss.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname omtglobal.com"; dns.query; content:"omtglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com$/i"; classtype:trojan-activity; sid:37260511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname omtglobal.com"; flow:to_server,established; http.header; content: "Host|3a| omtglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname pratiscare.com"; dns.query; content:"pratiscare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com$/i"; classtype:trojan-activity; sid:37260531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname pratiscare.com"; flow:to_server,established; http.header; content: "Host|3a| pratiscare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname gmaiil.com.mx"; dns.query; content:"gmaiil.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx$/i"; classtype:trojan-activity; sid:37260551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname gmaiil.com.mx"; flow:to_server,established; http.header; content: "Host|3a| gmaiil.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname global-convenience.com"; dns.query; content:"global-convenience.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com$/i"; classtype:trojan-activity; sid:37260571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname global-convenience.com"; flow:to_server,established; http.header; content: "Host|3a| global-convenience.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname sneakerskampala.com"; dns.query; content:"sneakerskampala.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com$/i"; classtype:trojan-activity; sid:37260591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname sneakerskampala.com"; flow:to_server,established; http.header; content: "Host|3a| sneakerskampala.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname pobo.com.br"; dns.query; content:"pobo.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pobo\.com\.br$/i"; classtype:trojan-activity; sid:37260611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname pobo.com.br"; flow:to_server,established; http.header; content: "Host|3a| pobo.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pobo\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname 24jobsz.com"; dns.query; content:"24jobsz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])24jobsz\.com$/i"; classtype:trojan-activity; sid:37260631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname 24jobsz.com"; flow:to_server,established; http.header; content: "Host|3a| 24jobsz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])24jobsz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname freshfarmnyc.com"; dns.query; content:"freshfarmnyc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freshfarmnyc\.com$/i"; classtype:trojan-activity; sid:37260651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname freshfarmnyc.com"; flow:to_server,established; http.header; content: "Host|3a| freshfarmnyc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freshfarmnyc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname calistakitchenandbath.com"; dns.query; content:"calistakitchenandbath.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com$/i"; classtype:trojan-activity; sid:37260671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname calistakitchenandbath.com"; flow:to_server,established; http.header; content: "Host|3a| calistakitchenandbath.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname smakebangsaan.sch.id"; dns.query; content:"smakebangsaan.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id$/i"; classtype:trojan-activity; sid:37260691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname smakebangsaan.sch.id"; flow:to_server,established; http.header; content: "Host|3a| smakebangsaan.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname carologyauctions.net"; dns.query; content:"carologyauctions.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net$/i"; classtype:trojan-activity; sid:37260711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname carologyauctions.net"; flow:to_server,established; http.header; content: "Host|3a| carologyauctions.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname carologyauctions.net"; dns.query; content:"carologyauctions.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net$/i"; classtype:trojan-activity; sid:37260731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname carologyauctions.net"; flow:to_server,established; http.header; content: "Host|3a| carologyauctions.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname deviance.za.net"; dns.query; content:"deviance.za.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net$/i"; classtype:trojan-activity; sid:37260751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname deviance.za.net"; flow:to_server,established; http.header; content: "Host|3a| deviance.za.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname grandlieucouverture.fr"; dns.query; content:"grandlieucouverture.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr$/i"; classtype:trojan-activity; sid:37260771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname grandlieucouverture.fr"; flow:to_server,established; http.header; content: "Host|3a| grandlieucouverture.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname adbs.sch.id"; dns.query; content:"adbs.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id$/i"; classtype:trojan-activity; sid:37260791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname adbs.sch.id"; flow:to_server,established; http.header; content: "Host|3a| adbs.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname adsnapshot.co.uk"; dns.query; content:"adsnapshot.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk$/i"; classtype:trojan-activity; sid:37260811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname adsnapshot.co.uk"; flow:to_server,established; http.header; content: "Host|3a| adsnapshot.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname grandlieucouverture.fr"; dns.query; content:"grandlieucouverture.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr$/i"; classtype:trojan-activity; sid:37260831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname grandlieucouverture.fr"; flow:to_server,established; http.header; content: "Host|3a| grandlieucouverture.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname grandlieucouverture.fr"; dns.query; content:"grandlieucouverture.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr$/i"; classtype:trojan-activity; sid:37260851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname grandlieucouverture.fr"; flow:to_server,established; http.header; content: "Host|3a| grandlieucouverture.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname adbs.sch.id"; dns.query; content:"adbs.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id$/i"; classtype:trojan-activity; sid:37260871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname adbs.sch.id"; flow:to_server,established; http.header; content: "Host|3a| adbs.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname gmaiil.com.mx"; dns.query; content:"gmaiil.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx$/i"; classtype:trojan-activity; sid:37260891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname gmaiil.com.mx"; flow:to_server,established; http.header; content: "Host|3a| gmaiil.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname adsnapshot.co.uk"; dns.query; content:"adsnapshot.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk$/i"; classtype:trojan-activity; sid:37260911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname adsnapshot.co.uk"; flow:to_server,established; http.header; content: "Host|3a| adsnapshot.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname smlwari.com"; dns.query; content:"smlwari.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com$/i"; classtype:trojan-activity; sid:37260931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname smlwari.com"; flow:to_server,established; http.header; content: "Host|3a| smlwari.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname grandlieucouverture.fr"; dns.query; content:"grandlieucouverture.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr$/i"; classtype:trojan-activity; sid:37260951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname grandlieucouverture.fr"; flow:to_server,established; http.header; content: "Host|3a| grandlieucouverture.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37260971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname adsnapshot.co.uk"; dns.query; content:"adsnapshot.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk$/i"; classtype:trojan-activity; sid:37260991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname adsnapshot.co.uk"; flow:to_server,established; http.header; content: "Host|3a| adsnapshot.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37260992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bartfa.hu"; dns.query; content:"bartfa.hu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu$/i"; classtype:trojan-activity; sid:37261011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bartfa.hu"; flow:to_server,established; http.header; content: "Host|3a| bartfa.hu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname freshfarmnyc.com"; dns.query; content:"freshfarmnyc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freshfarmnyc\.com$/i"; classtype:trojan-activity; sid:37261031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname freshfarmnyc.com"; flow:to_server,established; http.header; content: "Host|3a| freshfarmnyc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])freshfarmnyc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bss.com.pk"; dns.query; content:"bss.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk$/i"; classtype:trojan-activity; sid:37261051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bss.com.pk"; flow:to_server,established; http.header; content: "Host|3a| bss.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname brmasonry.com.au"; dns.query; content:"brmasonry.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au$/i"; classtype:trojan-activity; sid:37261071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname brmasonry.com.au"; flow:to_server,established; http.header; content: "Host|3a| brmasonry.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname techbo.org"; dns.query; content:"techbo.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])techbo\.org$/i"; classtype:trojan-activity; sid:37261091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname techbo.org"; flow:to_server,established; http.header; content: "Host|3a| techbo.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])techbo\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname smlwari.com"; dns.query; content:"smlwari.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com$/i"; classtype:trojan-activity; sid:37261111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname smlwari.com"; flow:to_server,established; http.header; content: "Host|3a| smlwari.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bartfa.hu"; dns.query; content:"bartfa.hu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu$/i"; classtype:trojan-activity; sid:37261131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bartfa.hu"; flow:to_server,established; http.header; content: "Host|3a| bartfa.hu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname orgazopro.com"; dns.query; content:"orgazopro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])orgazopro\.com$/i"; classtype:trojan-activity; sid:37261151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname orgazopro.com"; flow:to_server,established; http.header; content: "Host|3a| orgazopro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])orgazopro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname sunilvishwakarma.in"; dns.query; content:"sunilvishwakarma.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in$/i"; classtype:trojan-activity; sid:37261171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname sunilvishwakarma.in"; flow:to_server,established; http.header; content: "Host|3a| sunilvishwakarma.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname sunilvishwakarma.in"; dns.query; content:"sunilvishwakarma.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in$/i"; classtype:trojan-activity; sid:37261191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname sunilvishwakarma.in"; flow:to_server,established; http.header; content: "Host|3a| sunilvishwakarma.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname icvpartners.com"; dns.query; content:"icvpartners.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icvpartners\.com$/i"; classtype:trojan-activity; sid:37261211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname icvpartners.com"; flow:to_server,established; http.header; content: "Host|3a| icvpartners.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icvpartners\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bss.com.pk"; dns.query; content:"bss.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk$/i"; classtype:trojan-activity; sid:37261231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bss.com.pk"; flow:to_server,established; http.header; content: "Host|3a| bss.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname maxreal.vn"; dns.query; content:"maxreal.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maxreal\.vn$/i"; classtype:trojan-activity; sid:37261251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname maxreal.vn"; flow:to_server,established; http.header; content: "Host|3a| maxreal.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])maxreal\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37261271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname sneakerskampala.com"; dns.query; content:"sneakerskampala.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com$/i"; classtype:trojan-activity; sid:37261291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname sneakerskampala.com"; flow:to_server,established; http.header; content: "Host|3a| sneakerskampala.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname diresaapurimac.gob.pe"; dns.query; content:"diresaapurimac.gob.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe$/i"; classtype:trojan-activity; sid:37261311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname diresaapurimac.gob.pe"; flow:to_server,established; http.header; content: "Host|3a| diresaapurimac.gob.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname adbs.sch.id"; dns.query; content:"adbs.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id$/i"; classtype:trojan-activity; sid:37261331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname adbs.sch.id"; flow:to_server,established; http.header; content: "Host|3a| adbs.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adbs\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname dancesynergyworx.co.za"; dns.query; content:"dancesynergyworx.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za$/i"; classtype:trojan-activity; sid:37261351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname dancesynergyworx.co.za"; flow:to_server,established; http.header; content: "Host|3a| dancesynergyworx.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37261371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hobitronik.com"; dns.query; content:"hobitronik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com$/i"; classtype:trojan-activity; sid:37261391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hobitronik.com"; flow:to_server,established; http.header; content: "Host|3a| hobitronik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname icvpartners.com"; dns.query; content:"icvpartners.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icvpartners\.com$/i"; classtype:trojan-activity; sid:37261411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname icvpartners.com"; flow:to_server,established; http.header; content: "Host|3a| icvpartners.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icvpartners\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37261431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hegram.ba"; dns.query; content:"hegram.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba$/i"; classtype:trojan-activity; sid:37261451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hegram.ba"; flow:to_server,established; http.header; content: "Host|3a| hegram.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname omtglobal.com"; dns.query; content:"omtglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com$/i"; classtype:trojan-activity; sid:37261471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname omtglobal.com"; flow:to_server,established; http.header; content: "Host|3a| omtglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hobitronik.com"; dns.query; content:"hobitronik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com$/i"; classtype:trojan-activity; sid:37261491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hobitronik.com"; flow:to_server,established; http.header; content: "Host|3a| hobitronik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname isl-supply.com"; dns.query; content:"isl-supply.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com$/i"; classtype:trojan-activity; sid:37261511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname isl-supply.com"; flow:to_server,established; http.header; content: "Host|3a| isl-supply.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname iamanivilladecharme.com.br"; dns.query; content:"iamanivilladecharme.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br$/i"; classtype:trojan-activity; sid:37261531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname iamanivilladecharme.com.br"; flow:to_server,established; http.header; content: "Host|3a| iamanivilladecharme.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hamfekrqom.ir"; dns.query; content:"hamfekrqom.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir$/i"; classtype:trojan-activity; sid:37261551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hamfekrqom.ir"; flow:to_server,established; http.header; content: "Host|3a| hamfekrqom.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname lindenprofessionalservices.com"; dns.query; content:"lindenprofessionalservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com$/i"; classtype:trojan-activity; sid:37261571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname lindenprofessionalservices.com"; flow:to_server,established; http.header; content: "Host|3a| lindenprofessionalservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lindenprofessionalservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname gmaiil.com.mx"; dns.query; content:"gmaiil.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx$/i"; classtype:trojan-activity; sid:37261591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname gmaiil.com.mx"; flow:to_server,established; http.header; content: "Host|3a| gmaiil.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gmaiil\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname asilpark.com.tr"; dns.query; content:"asilpark.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr$/i"; classtype:trojan-activity; sid:37261611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname asilpark.com.tr"; flow:to_server,established; http.header; content: "Host|3a| asilpark.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ibookit.app"; dns.query; content:"ibookit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ibookit\.app$/i"; classtype:trojan-activity; sid:37261631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ibookit.app"; flow:to_server,established; http.header; content: "Host|3a| ibookit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ibookit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname taldartechconsultancy.com"; dns.query; content:"taldartechconsultancy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com$/i"; classtype:trojan-activity; sid:37261651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname taldartechconsultancy.com"; flow:to_server,established; http.header; content: "Host|3a| taldartechconsultancy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname dancesynergyworx.co.za"; dns.query; content:"dancesynergyworx.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za$/i"; classtype:trojan-activity; sid:37261671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname dancesynergyworx.co.za"; flow:to_server,established; http.header; content: "Host|3a| dancesynergyworx.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dancesynergyworx\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname dovetales.co"; dns.query; content:"dovetales.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co$/i"; classtype:trojan-activity; sid:37261691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname dovetales.co"; flow:to_server,established; http.header; content: "Host|3a| dovetales.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname diresaapurimac.gob.pe"; dns.query; content:"diresaapurimac.gob.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe$/i"; classtype:trojan-activity; sid:37261711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname diresaapurimac.gob.pe"; flow:to_server,established; http.header; content: "Host|3a| diresaapurimac.gob.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bartfa.hu"; dns.query; content:"bartfa.hu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu$/i"; classtype:trojan-activity; sid:37261731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bartfa.hu"; flow:to_server,established; http.header; content: "Host|3a| bartfa.hu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bartfa.hu"; dns.query; content:"bartfa.hu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu$/i"; classtype:trojan-activity; sid:37261751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bartfa.hu"; flow:to_server,established; http.header; content: "Host|3a| bartfa.hu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname carologyauctions.net"; dns.query; content:"carologyauctions.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net$/i"; classtype:trojan-activity; sid:37261771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname carologyauctions.net"; flow:to_server,established; http.header; content: "Host|3a| carologyauctions.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bartfa.hu"; dns.query; content:"bartfa.hu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu$/i"; classtype:trojan-activity; sid:37261791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bartfa.hu"; flow:to_server,established; http.header; content: "Host|3a| bartfa.hu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname dovetales.co"; dns.query; content:"dovetales.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co$/i"; classtype:trojan-activity; sid:37261811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname dovetales.co"; flow:to_server,established; http.header; content: "Host|3a| dovetales.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ghanadiscount.com"; dns.query; content:"ghanadiscount.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com$/i"; classtype:trojan-activity; sid:37261831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ghanadiscount.com"; flow:to_server,established; http.header; content: "Host|3a| ghanadiscount.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghanadiscount\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37261851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hegram.ba"; dns.query; content:"hegram.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba$/i"; classtype:trojan-activity; sid:37261871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hegram.ba"; flow:to_server,established; http.header; content: "Host|3a| hegram.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname smlwari.com"; dns.query; content:"smlwari.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com$/i"; classtype:trojan-activity; sid:37261891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname smlwari.com"; flow:to_server,established; http.header; content: "Host|3a| smlwari.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname sneakerskampala.com"; dns.query; content:"sneakerskampala.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com$/i"; classtype:trojan-activity; sid:37261911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname sneakerskampala.com"; flow:to_server,established; http.header; content: "Host|3a| sneakerskampala.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sneakerskampala\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname pilsa.cat"; dns.query; content:"pilsa.cat"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat$/i"; classtype:trojan-activity; sid:37261931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname pilsa.cat"; flow:to_server,established; http.header; content: "Host|3a| pilsa.cat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname taldartechconsultancy.com"; dns.query; content:"taldartechconsultancy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com$/i"; classtype:trojan-activity; sid:37261951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname taldartechconsultancy.com"; flow:to_server,established; http.header; content: "Host|3a| taldartechconsultancy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname icvpartners.com"; dns.query; content:"icvpartners.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icvpartners\.com$/i"; classtype:trojan-activity; sid:37261971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname icvpartners.com"; flow:to_server,established; http.header; content: "Host|3a| icvpartners.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])icvpartners\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname kgcdiary.com"; dns.query; content:"kgcdiary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kgcdiary\.com$/i"; classtype:trojan-activity; sid:37261991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname kgcdiary.com"; flow:to_server,established; http.header; content: "Host|3a| kgcdiary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kgcdiary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37261992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname calistakitchenandbath.com"; dns.query; content:"calistakitchenandbath.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com$/i"; classtype:trojan-activity; sid:37262011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname calistakitchenandbath.com"; flow:to_server,established; http.header; content: "Host|3a| calistakitchenandbath.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname calistakitchenandbath.com"; dns.query; content:"calistakitchenandbath.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com$/i"; classtype:trojan-activity; sid:37262031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname calistakitchenandbath.com"; flow:to_server,established; http.header; content: "Host|3a| calistakitchenandbath.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37262051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname mijaljevic.com"; dns.query; content:"mijaljevic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com$/i"; classtype:trojan-activity; sid:37262071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname mijaljevic.com"; flow:to_server,established; http.header; content: "Host|3a| mijaljevic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mijaljevic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname pilsa.cat"; dns.query; content:"pilsa.cat"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat$/i"; classtype:trojan-activity; sid:37262091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname pilsa.cat"; flow:to_server,established; http.header; content: "Host|3a| pilsa.cat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hamfekrqom.ir"; dns.query; content:"hamfekrqom.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir$/i"; classtype:trojan-activity; sid:37262111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hamfekrqom.ir"; flow:to_server,established; http.header; content: "Host|3a| hamfekrqom.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname quick-ez.com"; dns.query; content:"quick-ez.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quick\-ez\.com$/i"; classtype:trojan-activity; sid:37262131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname quick-ez.com"; flow:to_server,established; http.header; content: "Host|3a| quick-ez.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quick\-ez\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname calistakitchenandbath.com"; dns.query; content:"calistakitchenandbath.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com$/i"; classtype:trojan-activity; sid:37262151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname calistakitchenandbath.com"; flow:to_server,established; http.header; content: "Host|3a| calistakitchenandbath.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])calistakitchenandbath\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hamfekrqom.ir"; dns.query; content:"hamfekrqom.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir$/i"; classtype:trojan-activity; sid:37262171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hamfekrqom.ir"; flow:to_server,established; http.header; content: "Host|3a| hamfekrqom.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname global-convenience.com"; dns.query; content:"global-convenience.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com$/i"; classtype:trojan-activity; sid:37262191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname global-convenience.com"; flow:to_server,established; http.header; content: "Host|3a| global-convenience.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])global\-convenience\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname omtglobal.com"; dns.query; content:"omtglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com$/i"; classtype:trojan-activity; sid:37262211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname omtglobal.com"; flow:to_server,established; http.header; content: "Host|3a| omtglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname smakebangsaan.sch.id"; dns.query; content:"smakebangsaan.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id$/i"; classtype:trojan-activity; sid:37262231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname smakebangsaan.sch.id"; flow:to_server,established; http.header; content: "Host|3a| smakebangsaan.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smakebangsaan\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname muilee.com.my"; dns.query; content:"muilee.com.my"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])muilee\.com\.my$/i"; classtype:trojan-activity; sid:37262251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname muilee.com.my"; flow:to_server,established; http.header; content: "Host|3a| muilee.com.my"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])muilee\.com\.my[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname techbo.org"; dns.query; content:"techbo.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])techbo\.org$/i"; classtype:trojan-activity; sid:37262271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname techbo.org"; flow:to_server,established; http.header; content: "Host|3a| techbo.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])techbo\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname music-city.ro"; dns.query; content:"music-city.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro$/i"; classtype:trojan-activity; sid:37262291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname music-city.ro"; flow:to_server,established; http.header; content: "Host|3a| music-city.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])music\-city\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname pobo.com.br"; dns.query; content:"pobo.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pobo\.com\.br$/i"; classtype:trojan-activity; sid:37262311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname pobo.com.br"; flow:to_server,established; http.header; content: "Host|3a| pobo.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pobo\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname omtglobal.com"; dns.query; content:"omtglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com$/i"; classtype:trojan-activity; sid:37262331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname omtglobal.com"; flow:to_server,established; http.header; content: "Host|3a| omtglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hobitronik.com"; dns.query; content:"hobitronik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com$/i"; classtype:trojan-activity; sid:37262351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hobitronik.com"; flow:to_server,established; http.header; content: "Host|3a| hobitronik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname mlc.cl"; dns.query; content:"mlc.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlc\.cl$/i"; classtype:trojan-activity; sid:37262371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname mlc.cl"; flow:to_server,established; http.header; content: "Host|3a| mlc.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlc\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname diresaapurimac.gob.pe"; dns.query; content:"diresaapurimac.gob.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe$/i"; classtype:trojan-activity; sid:37262391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname diresaapurimac.gob.pe"; flow:to_server,established; http.header; content: "Host|3a| diresaapurimac.gob.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname diresaapurimac.gob.pe"; dns.query; content:"diresaapurimac.gob.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe$/i"; classtype:trojan-activity; sid:37262411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname diresaapurimac.gob.pe"; flow:to_server,established; http.header; content: "Host|3a| diresaapurimac.gob.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diresaapurimac\.gob\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname min4lampungtimur.sch.id"; dns.query; content:"min4lampungtimur.sch.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id$/i"; classtype:trojan-activity; sid:37262431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname min4lampungtimur.sch.id"; flow:to_server,established; http.header; content: "Host|3a| min4lampungtimur.sch.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])min4lampungtimur\.sch\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname wolofmedical.com"; dns.query; content:"wolofmedical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com$/i"; classtype:trojan-activity; sid:37262451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname wolofmedical.com"; flow:to_server,established; http.header; content: "Host|3a| wolofmedical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname techbo.org"; dns.query; content:"techbo.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])techbo\.org$/i"; classtype:trojan-activity; sid:37262471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname techbo.org"; flow:to_server,established; http.header; content: "Host|3a| techbo.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])techbo\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname latinasiaperu.com"; dns.query; content:"latinasiaperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com$/i"; classtype:trojan-activity; sid:37262491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname latinasiaperu.com"; flow:to_server,established; http.header; content: "Host|3a| latinasiaperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname techbo.org"; dns.query; content:"techbo.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])techbo\.org$/i"; classtype:trojan-activity; sid:37262511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname techbo.org"; flow:to_server,established; http.header; content: "Host|3a| techbo.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])techbo\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname isl-supply.com"; dns.query; content:"isl-supply.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com$/i"; classtype:trojan-activity; sid:37262531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname isl-supply.com"; flow:to_server,established; http.header; content: "Host|3a| isl-supply.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname asilpark.com.tr"; dns.query; content:"asilpark.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr$/i"; classtype:trojan-activity; sid:37262551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname asilpark.com.tr"; flow:to_server,established; http.header; content: "Host|3a| asilpark.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname taldartechconsultancy.com"; dns.query; content:"taldartechconsultancy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com$/i"; classtype:trojan-activity; sid:37262571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname taldartechconsultancy.com"; flow:to_server,established; http.header; content: "Host|3a| taldartechconsultancy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname pilsa.cat"; dns.query; content:"pilsa.cat"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat$/i"; classtype:trojan-activity; sid:37262591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname pilsa.cat"; flow:to_server,established; http.header; content: "Host|3a| pilsa.cat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37262611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname cambiosarequipa.com"; dns.query; content:"cambiosarequipa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cambiosarequipa\.com$/i"; classtype:trojan-activity; sid:37262631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname cambiosarequipa.com"; flow:to_server,established; http.header; content: "Host|3a| cambiosarequipa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cambiosarequipa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname sunilvishwakarma.in"; dns.query; content:"sunilvishwakarma.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in$/i"; classtype:trojan-activity; sid:37262651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname sunilvishwakarma.in"; flow:to_server,established; http.header; content: "Host|3a| sunilvishwakarma.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname prepcenterin.com"; dns.query; content:"prepcenterin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prepcenterin\.com$/i"; classtype:trojan-activity; sid:37262671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname prepcenterin.com"; flow:to_server,established; http.header; content: "Host|3a| prepcenterin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prepcenterin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname asilpark.com.tr"; dns.query; content:"asilpark.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr$/i"; classtype:trojan-activity; sid:37262691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname asilpark.com.tr"; flow:to_server,established; http.header; content: "Host|3a| asilpark.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname smlwari.com"; dns.query; content:"smlwari.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com$/i"; classtype:trojan-activity; sid:37262711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname smlwari.com"; flow:to_server,established; http.header; content: "Host|3a| smlwari.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname supplycenter.cl"; dns.query; content:"supplycenter.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl$/i"; classtype:trojan-activity; sid:37262731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname supplycenter.cl"; flow:to_server,established; http.header; content: "Host|3a| supplycenter.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname prasadcellcare.com"; dns.query; content:"prasadcellcare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prasadcellcare\.com$/i"; classtype:trojan-activity; sid:37262751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname prasadcellcare.com"; flow:to_server,established; http.header; content: "Host|3a| prasadcellcare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prasadcellcare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname omtglobal.com"; dns.query; content:"omtglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com$/i"; classtype:trojan-activity; sid:37262771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname omtglobal.com"; flow:to_server,established; http.header; content: "Host|3a| omtglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname beatlesmontreal.com"; dns.query; content:"beatlesmontreal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com$/i"; classtype:trojan-activity; sid:37262791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname beatlesmontreal.com"; flow:to_server,established; http.header; content: "Host|3a| beatlesmontreal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hegram.ba"; dns.query; content:"hegram.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba$/i"; classtype:trojan-activity; sid:37262811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hegram.ba"; flow:to_server,established; http.header; content: "Host|3a| hegram.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ellebraude.com.br"; dns.query; content:"ellebraude.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br$/i"; classtype:trojan-activity; sid:37262831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ellebraude.com.br"; flow:to_server,established; http.header; content: "Host|3a| ellebraude.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname taldartechconsultancy.com"; dns.query; content:"taldartechconsultancy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com$/i"; classtype:trojan-activity; sid:37262851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname taldartechconsultancy.com"; flow:to_server,established; http.header; content: "Host|3a| taldartechconsultancy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname wolofmedical.com"; dns.query; content:"wolofmedical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com$/i"; classtype:trojan-activity; sid:37262871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname wolofmedical.com"; flow:to_server,established; http.header; content: "Host|3a| wolofmedical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname newhorizoncanada.com"; dns.query; content:"newhorizoncanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newhorizoncanada\.com$/i"; classtype:trojan-activity; sid:37262891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname newhorizoncanada.com"; flow:to_server,established; http.header; content: "Host|3a| newhorizoncanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newhorizoncanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname smlwari.com"; dns.query; content:"smlwari.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com$/i"; classtype:trojan-activity; sid:37262911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname smlwari.com"; flow:to_server,established; http.header; content: "Host|3a| smlwari.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smlwari\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname kgcdiary.com"; dns.query; content:"kgcdiary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kgcdiary\.com$/i"; classtype:trojan-activity; sid:37262931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname kgcdiary.com"; flow:to_server,established; http.header; content: "Host|3a| kgcdiary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kgcdiary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname isl-supply.com"; dns.query; content:"isl-supply.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com$/i"; classtype:trojan-activity; sid:37262951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname isl-supply.com"; flow:to_server,established; http.header; content: "Host|3a| isl-supply.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname asilpark.com.tr"; dns.query; content:"asilpark.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr$/i"; classtype:trojan-activity; sid:37262971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname asilpark.com.tr"; flow:to_server,established; http.header; content: "Host|3a| asilpark.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asilpark\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname taldartechconsultancy.com"; dns.query; content:"taldartechconsultancy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com$/i"; classtype:trojan-activity; sid:37262991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname taldartechconsultancy.com"; flow:to_server,established; http.header; content: "Host|3a| taldartechconsultancy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])taldartechconsultancy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37262992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ellebraude.com.br"; dns.query; content:"ellebraude.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br$/i"; classtype:trojan-activity; sid:37263011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ellebraude.com.br"; flow:to_server,established; http.header; content: "Host|3a| ellebraude.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname beatlesmontreal.com"; dns.query; content:"beatlesmontreal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com$/i"; classtype:trojan-activity; sid:37263031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname beatlesmontreal.com"; flow:to_server,established; http.header; content: "Host|3a| beatlesmontreal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hamfekrqom.ir"; dns.query; content:"hamfekrqom.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir$/i"; classtype:trojan-activity; sid:37263051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hamfekrqom.ir"; flow:to_server,established; http.header; content: "Host|3a| hamfekrqom.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname mlc.cl"; dns.query; content:"mlc.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlc\.cl$/i"; classtype:trojan-activity; sid:37263071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname mlc.cl"; flow:to_server,established; http.header; content: "Host|3a| mlc.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlc\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname supplycenter.cl"; dns.query; content:"supplycenter.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl$/i"; classtype:trojan-activity; sid:37263091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname supplycenter.cl"; flow:to_server,established; http.header; content: "Host|3a| supplycenter.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])supplycenter\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname wolofmedical.com"; dns.query; content:"wolofmedical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com$/i"; classtype:trojan-activity; sid:37263111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname wolofmedical.com"; flow:to_server,established; http.header; content: "Host|3a| wolofmedical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname pobo.com.br"; dns.query; content:"pobo.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pobo\.com\.br$/i"; classtype:trojan-activity; sid:37263131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname pobo.com.br"; flow:to_server,established; http.header; content: "Host|3a| pobo.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pobo\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname carologyauctions.net"; dns.query; content:"carologyauctions.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net$/i"; classtype:trojan-activity; sid:37263151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname carologyauctions.net"; flow:to_server,established; http.header; content: "Host|3a| carologyauctions.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carologyauctions\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hobitronik.com"; dns.query; content:"hobitronik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com$/i"; classtype:trojan-activity; sid:37263171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hobitronik.com"; flow:to_server,established; http.header; content: "Host|3a| hobitronik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname betravaux.com"; dns.query; content:"betravaux.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com$/i"; classtype:trojan-activity; sid:37263191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname betravaux.com"; flow:to_server,established; http.header; content: "Host|3a| betravaux.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betravaux\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname inverex.org"; dns.query; content:"inverex.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org$/i"; classtype:trojan-activity; sid:37263211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname inverex.org"; flow:to_server,established; http.header; content: "Host|3a| inverex.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bss.com.pk"; dns.query; content:"bss.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk$/i"; classtype:trojan-activity; sid:37263231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bss.com.pk"; flow:to_server,established; http.header; content: "Host|3a| bss.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ashleycharles.com"; dns.query; content:"ashleycharles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com$/i"; classtype:trojan-activity; sid:37263251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ashleycharles.com"; flow:to_server,established; http.header; content: "Host|3a| ashleycharles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hobitronik.com"; dns.query; content:"hobitronik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com$/i"; classtype:trojan-activity; sid:37263271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hobitronik.com"; flow:to_server,established; http.header; content: "Host|3a| hobitronik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname dovetales.co"; dns.query; content:"dovetales.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co$/i"; classtype:trojan-activity; sid:37263291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname dovetales.co"; flow:to_server,established; http.header; content: "Host|3a| dovetales.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dovetales\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname rcihandicrafts.com"; dns.query; content:"rcihandicrafts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcihandicrafts\.com$/i"; classtype:trojan-activity; sid:37263311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname rcihandicrafts.com"; flow:to_server,established; http.header; content: "Host|3a| rcihandicrafts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcihandicrafts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname orgazopro.com"; dns.query; content:"orgazopro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])orgazopro\.com$/i"; classtype:trojan-activity; sid:37263331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname orgazopro.com"; flow:to_server,established; http.header; content: "Host|3a| orgazopro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])orgazopro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname grandlieucouverture.fr"; dns.query; content:"grandlieucouverture.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr$/i"; classtype:trojan-activity; sid:37263351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname grandlieucouverture.fr"; flow:to_server,established; http.header; content: "Host|3a| grandlieucouverture.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname adsnapshot.co.uk"; dns.query; content:"adsnapshot.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk$/i"; classtype:trojan-activity; sid:37263371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname adsnapshot.co.uk"; flow:to_server,established; http.header; content: "Host|3a| adsnapshot.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsnapshot\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname quick-ez.com"; dns.query; content:"quick-ez.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quick\-ez\.com$/i"; classtype:trojan-activity; sid:37263391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname quick-ez.com"; flow:to_server,established; http.header; content: "Host|3a| quick-ez.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quick\-ez\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ellebraude.com.br"; dns.query; content:"ellebraude.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br$/i"; classtype:trojan-activity; sid:37263411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ellebraude.com.br"; flow:to_server,established; http.header; content: "Host|3a| ellebraude.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname orgazopro.com"; dns.query; content:"orgazopro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])orgazopro\.com$/i"; classtype:trojan-activity; sid:37263431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname orgazopro.com"; flow:to_server,established; http.header; content: "Host|3a| orgazopro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])orgazopro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname inverex.org"; dns.query; content:"inverex.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org$/i"; classtype:trojan-activity; sid:37263451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname inverex.org"; flow:to_server,established; http.header; content: "Host|3a| inverex.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname deviance.za.net"; dns.query; content:"deviance.za.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net$/i"; classtype:trojan-activity; sid:37263471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname deviance.za.net"; flow:to_server,established; http.header; content: "Host|3a| deviance.za.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname eastridgepacific.com"; dns.query; content:"eastridgepacific.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eastridgepacific\.com$/i"; classtype:trojan-activity; sid:37263491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname eastridgepacific.com"; flow:to_server,established; http.header; content: "Host|3a| eastridgepacific.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eastridgepacific\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hamfekrqom.ir"; dns.query; content:"hamfekrqom.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir$/i"; classtype:trojan-activity; sid:37263511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hamfekrqom.ir"; flow:to_server,established; http.header; content: "Host|3a| hamfekrqom.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hamfekrqom\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname inverex.org"; dns.query; content:"inverex.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org$/i"; classtype:trojan-activity; sid:37263531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname inverex.org"; flow:to_server,established; http.header; content: "Host|3a| inverex.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inverex\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname isl-supply.com"; dns.query; content:"isl-supply.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com$/i"; classtype:trojan-activity; sid:37263551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname isl-supply.com"; flow:to_server,established; http.header; content: "Host|3a| isl-supply.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])isl\-supply\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname quick-ez.com"; dns.query; content:"quick-ez.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quick\-ez\.com$/i"; classtype:trojan-activity; sid:37263571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname quick-ez.com"; flow:to_server,established; http.header; content: "Host|3a| quick-ez.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quick\-ez\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname iamanivilladecharme.com.br"; dns.query; content:"iamanivilladecharme.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br$/i"; classtype:trojan-activity; sid:37263591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname iamanivilladecharme.com.br"; flow:to_server,established; http.header; content: "Host|3a| iamanivilladecharme.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname omtglobal.com"; dns.query; content:"omtglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com$/i"; classtype:trojan-activity; sid:37263611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname omtglobal.com"; flow:to_server,established; http.header; content: "Host|3a| omtglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname brmasonry.com.au"; dns.query; content:"brmasonry.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au$/i"; classtype:trojan-activity; sid:37263631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname brmasonry.com.au"; flow:to_server,established; http.header; content: "Host|3a| brmasonry.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ellebraude.com.br"; dns.query; content:"ellebraude.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br$/i"; classtype:trojan-activity; sid:37263651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ellebraude.com.br"; flow:to_server,established; http.header; content: "Host|3a| ellebraude.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellebraude\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname cambiosarequipa.com"; dns.query; content:"cambiosarequipa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cambiosarequipa\.com$/i"; classtype:trojan-activity; sid:37263671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname cambiosarequipa.com"; flow:to_server,established; http.header; content: "Host|3a| cambiosarequipa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cambiosarequipa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37263691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname wolofmedical.com"; dns.query; content:"wolofmedical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com$/i"; classtype:trojan-activity; sid:37263711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname wolofmedical.com"; flow:to_server,established; http.header; content: "Host|3a| wolofmedical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wolofmedical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname pilsa.cat"; dns.query; content:"pilsa.cat"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat$/i"; classtype:trojan-activity; sid:37263731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname pilsa.cat"; flow:to_server,established; http.header; content: "Host|3a| pilsa.cat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname latinasiaperu.com"; dns.query; content:"latinasiaperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com$/i"; classtype:trojan-activity; sid:37263751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname latinasiaperu.com"; flow:to_server,established; http.header; content: "Host|3a| latinasiaperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname pratiscare.com"; dns.query; content:"pratiscare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com$/i"; classtype:trojan-activity; sid:37263771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname pratiscare.com"; flow:to_server,established; http.header; content: "Host|3a| pratiscare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pratiscare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname brmasonry.com.au"; dns.query; content:"brmasonry.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au$/i"; classtype:trojan-activity; sid:37263791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname brmasonry.com.au"; flow:to_server,established; http.header; content: "Host|3a| brmasonry.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brmasonry\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hegram.ba"; dns.query; content:"hegram.ba"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba$/i"; classtype:trojan-activity; sid:37263811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hegram.ba"; flow:to_server,established; http.header; content: "Host|3a| hegram.ba"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hegram\.ba[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname latinasiaperu.com"; dns.query; content:"latinasiaperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com$/i"; classtype:trojan-activity; sid:37263831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname latinasiaperu.com"; flow:to_server,established; http.header; content: "Host|3a| latinasiaperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latinasiaperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname kgcdiary.com"; dns.query; content:"kgcdiary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kgcdiary\.com$/i"; classtype:trojan-activity; sid:37263851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname kgcdiary.com"; flow:to_server,established; http.header; content: "Host|3a| kgcdiary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kgcdiary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ashleycharles.com"; dns.query; content:"ashleycharles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com$/i"; classtype:trojan-activity; sid:37263871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ashleycharles.com"; flow:to_server,established; http.header; content: "Host|3a| ashleycharles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ashleycharles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ibookit.app"; dns.query; content:"ibookit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ibookit\.app$/i"; classtype:trojan-activity; sid:37263891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ibookit.app"; flow:to_server,established; http.header; content: "Host|3a| ibookit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ibookit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname deviance.za.net"; dns.query; content:"deviance.za.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net$/i"; classtype:trojan-activity; sid:37263911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname deviance.za.net"; flow:to_server,established; http.header; content: "Host|3a| deviance.za.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname omtglobal.com"; dns.query; content:"omtglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com$/i"; classtype:trojan-activity; sid:37263931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname omtglobal.com"; flow:to_server,established; http.header; content: "Host|3a| omtglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname hobitronik.com"; dns.query; content:"hobitronik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com$/i"; classtype:trojan-activity; sid:37263951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname hobitronik.com"; flow:to_server,established; http.header; content: "Host|3a| hobitronik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hobitronik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname grandlieucouverture.fr"; dns.query; content:"grandlieucouverture.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr$/i"; classtype:trojan-activity; sid:37263971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname grandlieucouverture.fr"; flow:to_server,established; http.header; content: "Host|3a| grandlieucouverture.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grandlieucouverture\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname ibookit.app"; dns.query; content:"ibookit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ibookit\.app$/i"; classtype:trojan-activity; sid:37263991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname ibookit.app"; flow:to_server,established; http.header; content: "Host|3a| ibookit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ibookit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37263992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname franklin-ogan.com"; dns.query; content:"franklin-ogan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com$/i"; classtype:trojan-activity; sid:37264011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname franklin-ogan.com"; flow:to_server,established; http.header; content: "Host|3a| franklin-ogan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])franklin\-ogan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname deviance.za.net"; dns.query; content:"deviance.za.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net$/i"; classtype:trojan-activity; sid:37264031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname deviance.za.net"; flow:to_server,established; http.header; content: "Host|3a| deviance.za.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deviance\.za\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname sunilvishwakarma.in"; dns.query; content:"sunilvishwakarma.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in$/i"; classtype:trojan-activity; sid:37264051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname sunilvishwakarma.in"; flow:to_server,established; http.header; content: "Host|3a| sunilvishwakarma.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sunilvishwakarma\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname omtglobal.com"; dns.query; content:"omtglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com$/i"; classtype:trojan-activity; sid:37264071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname omtglobal.com"; flow:to_server,established; http.header; content: "Host|3a| omtglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omtglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname beatlesmontreal.com"; dns.query; content:"beatlesmontreal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com$/i"; classtype:trojan-activity; sid:37264091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname beatlesmontreal.com"; flow:to_server,established; http.header; content: "Host|3a| beatlesmontreal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beatlesmontreal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname pilsa.cat"; dns.query; content:"pilsa.cat"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat$/i"; classtype:trojan-activity; sid:37264111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname pilsa.cat"; flow:to_server,established; http.header; content: "Host|3a| pilsa.cat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pilsa\.cat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname muilee.com.my"; dns.query; content:"muilee.com.my"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])muilee\.com\.my$/i"; classtype:trojan-activity; sid:37264131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname muilee.com.my"; flow:to_server,established; http.header; content: "Host|3a| muilee.com.my"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])muilee\.com\.my[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname iamanivilladecharme.com.br"; dns.query; content:"iamanivilladecharme.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br$/i"; classtype:trojan-activity; sid:37264151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname iamanivilladecharme.com.br"; flow:to_server,established; http.header; content: "Host|3a| iamanivilladecharme.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iamanivilladecharme\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bss.com.pk"; dns.query; content:"bss.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk$/i"; classtype:trojan-activity; sid:37264171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bss.com.pk"; flow:to_server,established; http.header; content: "Host|3a| bss.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bss\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname bartfa.hu"; dns.query; content:"bartfa.hu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu$/i"; classtype:trojan-activity; sid:37264191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname bartfa.hu"; flow:to_server,established; http.header; content: "Host|3a| bartfa.hu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bartfa\.hu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname cursosrdg.ccr.edu.pe"; dns.query; content:"cursosrdg.ccr.edu.pe"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe$/i"; classtype:trojan-activity; sid:37264211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname cursosrdg.ccr.edu.pe"; flow:to_server,established; http.header; content: "Host|3a| cursosrdg.ccr.edu.pe"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cursosrdg\.ccr\.edu\.pe[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26401 [] Hostname deltaind.in"; dns.query; content:"deltaind.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in$/i"; classtype:trojan-activity; sid:37264231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26401 [] Outgoing HTTP Hostname deltaind.in"; flow:to_server,established; http.header; content: "Host|3a| deltaind.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deltaind\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26401;) alert dns any any -> any any (msg: "MISP e26329 [] Domain skynet229.godaddysites.com"; dns.query; content:"skynet229.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skynet229\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37251721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26329;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26329 [] Outgoing HTTP Domain skynet229.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skynet229.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skynet229\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251722; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26329;) alert ip $HOME_NET any -> 159.100.30.156 443 (msg: "MISP e26238 [CobaltStrike,cs-watermark-1357776117,DE-FIRSTCOLO www.first-colo.net] Outgoing To IP: 159.100.30.156|443"; classtype:trojan-activity; sid:37229831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 108.165.106.7 443 (msg: "MISP e26238 [AS-GLOBALTELEHOST,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 108.165.106.7|443"; classtype:trojan-activity; sid:37229851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 108.165.106.7 443 (msg: "MISP e26403 [] Outgoing To IP: 108.165.106.7|443"; classtype:trojan-activity; sid:37267711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 159.100.30.156 443 (msg: "MISP e26403 [] Outgoing To IP: 159.100.30.156|443"; classtype:trojan-activity; sid:37267731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26570 [] Source Email Address: louisa.fricke@gsmedi.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"louisa.fricke@gsmedi.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26570;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26570 [] Bad Email Subject"; flow:established,to_server; content:"Subject|3a|"; nocase; content:"Bestellung BEE-22201200"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26570;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26570 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"Bestellung BEE-22201200_pdf .img|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26570;) alert ip 34.64.203.15 any -> $HOME_NET any (msg: "MISP e26570 [] Incoming From IP: 34.64.203.15"; classtype:trojan-activity; sid:37477981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26570;) alert ip 185.222.58.43 any -> $HOME_NET any (msg: "MISP e26570 [] Incoming From IP: 185.222.58.43"; classtype:trojan-activity; sid:37477991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26570;) alert ip $HOME_NET any -> 103.183.118.30 any (msg: "MISP e26318 [] Outgoing To IP: 103.183.118.30"; classtype:trojan-activity; sid:37247961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26318;) alert dns any any -> any any (msg: "MISP e26375 [] Domain activepass.shop"; dns.query; content:"activepass.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])activepass\.shop$/i"; classtype:trojan-activity; sid:37252971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Domain activepass.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"activepass.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])activepass\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert dns any any -> any any (msg: "MISP e26366 [] Domain shoppinggala.net"; dns.query; content:"shoppinggala.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])shoppinggala\.net$/i"; classtype:trojan-activity; sid:37252751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26366 [] Outgoing HTTP Domain shoppinggala.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"shoppinggala.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])shoppinggala\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26366;) alert dns any any -> any any (msg: "MISP e26376 [] Domain beginwealthaccumulation.com"; dns.query; content:"beginwealthaccumulation.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beginwealthaccumulation\.com$/i"; classtype:trojan-activity; sid:37253101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26376;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26376 [] Outgoing HTTP Domain beginwealthaccumulation.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beginwealthaccumulation.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beginwealthaccumulation\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26376;) alert ip $HOME_NET any -> 146.190.244.20 9932 (msg: "MISP e26238 [Mirai] Outgoing To IP: 146.190.244.20|9932"; classtype:trojan-activity; sid:37229861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 103.174.73.85 19990 (msg: "MISP e26238 [Mirai] Outgoing To IP: 103.174.73.85|19990"; classtype:trojan-activity; sid:37229871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [Mirai] Domain haha.skyljne.click"; dns.query; content:"haha.skyljne.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])haha\.skyljne\.click$/i"; classtype:trojan-activity; sid:37229881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [Mirai] Outgoing HTTP Domain haha.skyljne.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haha.skyljne.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haha\.skyljne\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37229882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26403 [] Domain haha.skyljne.click"; dns.query; content:"haha.skyljne.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])haha\.skyljne\.click$/i"; classtype:trojan-activity; sid:37267751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain haha.skyljne.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haha.skyljne.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haha\.skyljne\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37267752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 103.174.73.85 19990 (msg: "MISP e26403 [] Outgoing To IP: 103.174.73.85|19990"; classtype:trojan-activity; sid:37267761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 146.190.244.20 9932 (msg: "MISP e26403 [] Outgoing To IP: 146.190.244.20|9932"; classtype:trojan-activity; sid:37267771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e24599 [] Domain log.wiseaccount.net"; dns.query; content:"log.wiseaccount.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])log\.wiseaccount\.net$/i"; classtype:trojan-activity; sid:37248201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24599 [] Outgoing HTTP Domain log.wiseaccount.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"log.wiseaccount.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])log\.wiseaccount\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37248202; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert dns any any -> any any (msg: "MISP e24599 [] Domain wiseaccount.net"; dns.query; content:"wiseaccount.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])wiseaccount\.net$/i"; classtype:trojan-activity; sid:37248211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24599 [] Outgoing HTTP Domain wiseaccount.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wiseaccount.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wiseaccount\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37248212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert dns any any -> any any (msg: "MISP e26376 [] Domain live-page-offer.online"; dns.query; content:"live-page-offer.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])live\-page\-offer\.online$/i"; classtype:trojan-activity; sid:37253111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26376;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26376 [] Outgoing HTTP Domain live-page-offer.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"live-page-offer.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])live\-page\-offer\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26376;) alert dns any any -> any any (msg: "MISP e26376 [] Hostname 1135.theydayssay.live"; dns.query; content:"1135.theydayssay.live"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1135\.theydayssay\.live$/i"; classtype:trojan-activity; sid:37253121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26376;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26376 [] Outgoing HTTP Hostname 1135.theydayssay.live"; flow:to_server,established; http.header; content: "Host|3a| 1135.theydayssay.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1135\.theydayssay\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26376;) alert ip $HOME_NET any -> 18.158.58.205 19920 (msg: "MISP e26238 [njrat] Outgoing To IP: 18.158.58.205|19920"; classtype:trojan-activity; sid:37229891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 3.67.62.142 19920 (msg: "MISP e26238 [njrat] Outgoing To IP: 3.67.62.142|19920"; classtype:trojan-activity; sid:37229911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 3.67.161.133 19920 (msg: "MISP e26238 [njrat] Outgoing To IP: 3.67.161.133|19920"; classtype:trojan-activity; sid:37229921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 3.127.181.115 19920 (msg: "MISP e26238 [njrat] Outgoing To IP: 3.127.181.115|19920"; classtype:trojan-activity; sid:37229931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> 175.24.130.231 9000 (msg: "MISP e26238 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//175.24.130.231|3a|9000/en_us/all.js"; flow:to_server,established; http.header; content:"175.24.130.231"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37229941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> 13.36.225.33 $HTTP_PORTS (msg: "MISP e26238 [Amazon.com Inc.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//13.36.225.33/ca"; flow:to_server,established; http.header; content:"13.36.225.33"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37229951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 13.36.225.33 80 (msg: "MISP e26238 [Amazon.com Inc.,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 13.36.225.33|80"; classtype:trojan-activity; sid:37229961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.veikkausbonukset.guru"; dns.query; content:"www.veikkausbonukset.guru"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.veikkausbonukset\.guru$/i"; classtype:trojan-activity; sid:37250571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.veikkausbonukset.guru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.veikkausbonukset.guru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.veikkausbonukset\.guru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.vgjimei.icu"; dns.query; content:"www.vgjimei.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.vgjimei\.icu$/i"; classtype:trojan-activity; sid:37250581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.vgjimei.icu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.vgjimei.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.vgjimei\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.rlzp.com"; dns.query; content:"www.rlzp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.rlzp\.com$/i"; classtype:trojan-activity; sid:37250591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.rlzp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.rlzp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.rlzp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.plainxplain.shop"; dns.query; content:"www.plainxplain.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.plainxplain\.shop$/i"; classtype:trojan-activity; sid:37250601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.plainxplain.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.plainxplain.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.plainxplain\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.beake.shop"; dns.query; content:"www.beake.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.beake\.shop$/i"; classtype:trojan-activity; sid:37250611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.beake.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.beake.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.beake\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.dreamingflyther.com"; dns.query; content:"www.dreamingflyther.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.dreamingflyther\.com$/i"; classtype:trojan-activity; sid:37250621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.dreamingflyther.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.dreamingflyther.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.dreamingflyther\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.ac59.fun"; dns.query; content:"www.ac59.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ac59\.fun$/i"; classtype:trojan-activity; sid:37250631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.ac59.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.ac59.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ac59\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.ren4ksc.site"; dns.query; content:"www.ren4ksc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ren4ksc\.site$/i"; classtype:trojan-activity; sid:37250641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.ren4ksc.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.ren4ksc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ren4ksc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.7ysn.shop"; dns.query; content:"www.7ysn.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.7ysn\.shop$/i"; classtype:trojan-activity; sid:37250651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.7ysn.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.7ysn.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.7ysn\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.acreagebuyers.com"; dns.query; content:"www.acreagebuyers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.acreagebuyers\.com$/i"; classtype:trojan-activity; sid:37250661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.acreagebuyers.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.acreagebuyers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.acreagebuyers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.t3c1srf.site"; dns.query; content:"www.t3c1srf.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.t3c1srf\.site$/i"; classtype:trojan-activity; sid:37250671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.t3c1srf.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.t3c1srf.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.t3c1srf\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.shootprecious.com"; dns.query; content:"www.shootprecious.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.shootprecious\.com$/i"; classtype:trojan-activity; sid:37250681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.shootprecious.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.shootprecious.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.shootprecious\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.promoplace.online"; dns.query; content:"www.promoplace.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.promoplace\.online$/i"; classtype:trojan-activity; sid:37250691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.promoplace.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.promoplace.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.promoplace\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.tsnizhui.cyou"; dns.query; content:"www.tsnizhui.cyou"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.tsnizhui\.cyou$/i"; classtype:trojan-activity; sid:37250701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.tsnizhui.cyou"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.tsnizhui.cyou"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.tsnizhui\.cyou[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.continentaloilandgas.com"; dns.query; content:"www.continentaloilandgas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.continentaloilandgas\.com$/i"; classtype:trojan-activity; sid:37250711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.continentaloilandgas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.continentaloilandgas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.continentaloilandgas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.hit.koeln"; dns.query; content:"www.hit.koeln"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hit\.koeln$/i"; classtype:trojan-activity; sid:37250721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.hit.koeln"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.hit.koeln"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hit\.koeln[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.c4videogames.com"; dns.query; content:"www.c4videogames.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.c4videogames\.com$/i"; classtype:trojan-activity; sid:37250731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.c4videogames.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.c4videogames.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.c4videogames\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.diyexpress1.com"; dns.query; content:"www.diyexpress1.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.diyexpress1\.com$/i"; classtype:trojan-activity; sid:37250741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.diyexpress1.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.diyexpress1.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.diyexpress1\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.o1fzcm6of.sbs"; dns.query; content:"www.o1fzcm6of.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.o1fzcm6of\.sbs$/i"; classtype:trojan-activity; sid:37250751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.o1fzcm6of.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.o1fzcm6of.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.o1fzcm6of\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.yogicdrishti.com"; dns.query; content:"www.yogicdrishti.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.yogicdrishti\.com$/i"; classtype:trojan-activity; sid:37250761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.yogicdrishti.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.yogicdrishti.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.yogicdrishti\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.hidrapelenobrasil.shop"; dns.query; content:"www.hidrapelenobrasil.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hidrapelenobrasil\.shop$/i"; classtype:trojan-activity; sid:37250771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.hidrapelenobrasil.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.hidrapelenobrasil.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hidrapelenobrasil\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.bangietis.net"; dns.query; content:"www.bangietis.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.bangietis\.net$/i"; classtype:trojan-activity; sid:37250781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.bangietis.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.bangietis.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.bangietis\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.fidyart.com"; dns.query; content:"www.fidyart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fidyart\.com$/i"; classtype:trojan-activity; sid:37250791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.fidyart.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.fidyart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fidyart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.astrologervijay.co.in"; dns.query; content:"www.astrologervijay.co.in"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.astrologervijay\.co\.in$/i"; classtype:trojan-activity; sid:37250801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.astrologervijay.co.in"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.astrologervijay.co.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.astrologervijay\.co\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.clarycyber.com"; dns.query; content:"www.clarycyber.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.clarycyber\.com$/i"; classtype:trojan-activity; sid:37250811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.clarycyber.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.clarycyber.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.clarycyber\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.agiluxer.com"; dns.query; content:"www.agiluxer.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.agiluxer\.com$/i"; classtype:trojan-activity; sid:37250821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.agiluxer.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.agiluxer.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.agiluxer\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.cursomulhermaravilha.com"; dns.query; content:"www.cursomulhermaravilha.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cursomulhermaravilha\.com$/i"; classtype:trojan-activity; sid:37250831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.cursomulhermaravilha.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.cursomulhermaravilha.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cursomulhermaravilha\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.thegreenpenmedia.com"; dns.query; content:"www.thegreenpenmedia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.thegreenpenmedia\.com$/i"; classtype:trojan-activity; sid:37250841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.thegreenpenmedia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.thegreenpenmedia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.thegreenpenmedia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.gregoriusalvin.com"; dns.query; content:"www.gregoriusalvin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gregoriusalvin\.com$/i"; classtype:trojan-activity; sid:37250851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.gregoriusalvin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.gregoriusalvin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gregoriusalvin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.6whebx.cyou"; dns.query; content:"www.6whebx.cyou"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.6whebx\.cyou$/i"; classtype:trojan-activity; sid:37250861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.6whebx.cyou"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.6whebx.cyou"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.6whebx\.cyou[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.meliorras.com"; dns.query; content:"www.meliorras.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.meliorras\.com$/i"; classtype:trojan-activity; sid:37250871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.meliorras.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.meliorras.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.meliorras\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.nomadlist.click"; dns.query; content:"www.nomadlist.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nomadlist\.click$/i"; classtype:trojan-activity; sid:37250881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.nomadlist.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nomadlist.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nomadlist\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.justgoodsin.com"; dns.query; content:"www.justgoodsin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.justgoodsin\.com$/i"; classtype:trojan-activity; sid:37250891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.justgoodsin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.justgoodsin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.justgoodsin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.chameleonboysclub.com"; dns.query; content:"www.chameleonboysclub.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.chameleonboysclub\.com$/i"; classtype:trojan-activity; sid:37250901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.chameleonboysclub.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.chameleonboysclub.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.chameleonboysclub\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.dolceitalyescorts.com"; dns.query; content:"www.dolceitalyescorts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.dolceitalyescorts\.com$/i"; classtype:trojan-activity; sid:37250911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.dolceitalyescorts.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.dolceitalyescorts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.dolceitalyescorts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.rootedrental.online"; dns.query; content:"www.rootedrental.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.rootedrental\.online$/i"; classtype:trojan-activity; sid:37250921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.rootedrental.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.rootedrental.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.rootedrental\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.distribuidorabeveon.com"; dns.query; content:"www.distribuidorabeveon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.distribuidorabeveon\.com$/i"; classtype:trojan-activity; sid:37250931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.distribuidorabeveon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.distribuidorabeveon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.distribuidorabeveon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.awllywood.com"; dns.query; content:"www.awllywood.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.awllywood\.com$/i"; classtype:trojan-activity; sid:37250941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.awllywood.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.awllywood.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.awllywood\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.thesleeperandco.com"; dns.query; content:"www.thesleeperandco.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.thesleeperandco\.com$/i"; classtype:trojan-activity; sid:37250951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.thesleeperandco.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.thesleeperandco.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.thesleeperandco\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.woodenhomeandheart.com"; dns.query; content:"www.woodenhomeandheart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.woodenhomeandheart\.com$/i"; classtype:trojan-activity; sid:37250961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.woodenhomeandheart.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.woodenhomeandheart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.woodenhomeandheart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.efektivniterapie.online"; dns.query; content:"www.efektivniterapie.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.efektivniterapie\.online$/i"; classtype:trojan-activity; sid:37250971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.efektivniterapie.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.efektivniterapie.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.efektivniterapie\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.galacticprojector.store"; dns.query; content:"www.galacticprojector.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.galacticprojector\.store$/i"; classtype:trojan-activity; sid:37250981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.galacticprojector.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.galacticprojector.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.galacticprojector\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.cyberpsychsecurity.com"; dns.query; content:"www.cyberpsychsecurity.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cyberpsychsecurity\.com$/i"; classtype:trojan-activity; sid:37250991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.cyberpsychsecurity.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.cyberpsychsecurity.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cyberpsychsecurity\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37250992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.astralavenue.xyz"; dns.query; content:"www.astralavenue.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.astralavenue\.xyz$/i"; classtype:trojan-activity; sid:37251001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.astralavenue.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.astralavenue.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.astralavenue\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.himebauch.live"; dns.query; content:"www.himebauch.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.himebauch\.live$/i"; classtype:trojan-activity; sid:37251011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.himebauch.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.himebauch.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.himebauch\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.nctallstars.com"; dns.query; content:"www.nctallstars.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nctallstars\.com$/i"; classtype:trojan-activity; sid:37251021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.nctallstars.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nctallstars.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nctallstars\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.feshi.store"; dns.query; content:"www.feshi.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.feshi\.store$/i"; classtype:trojan-activity; sid:37251031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.feshi.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.feshi.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.feshi\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.maguirelaneliving.com"; dns.query; content:"www.maguirelaneliving.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maguirelaneliving\.com$/i"; classtype:trojan-activity; sid:37251041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.maguirelaneliving.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.maguirelaneliving.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maguirelaneliving\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.enjxgs9e.shop"; dns.query; content:"www.enjxgs9e.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.enjxgs9e\.shop$/i"; classtype:trojan-activity; sid:37251051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.enjxgs9e.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.enjxgs9e.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.enjxgs9e\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.ltdtrans.com"; dns.query; content:"www.ltdtrans.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ltdtrans\.com$/i"; classtype:trojan-activity; sid:37251061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.ltdtrans.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.ltdtrans.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ltdtrans\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.angelasboutiquesc.com"; dns.query; content:"www.angelasboutiquesc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.angelasboutiquesc\.com$/i"; classtype:trojan-activity; sid:37251071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.angelasboutiquesc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.angelasboutiquesc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.angelasboutiquesc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.blissfulbooks.online"; dns.query; content:"www.blissfulbooks.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.blissfulbooks\.online$/i"; classtype:trojan-activity; sid:37251081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.blissfulbooks.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.blissfulbooks.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.blissfulbooks\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.allforneed.com"; dns.query; content:"www.allforneed.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.allforneed\.com$/i"; classtype:trojan-activity; sid:37251091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.allforneed.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.allforneed.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.allforneed\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.yhz40.top"; dns.query; content:"www.yhz40.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.yhz40\.top$/i"; classtype:trojan-activity; sid:37251101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.yhz40.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.yhz40.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.yhz40\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.artismeapparel.com"; dns.query; content:"www.artismeapparel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.artismeapparel\.com$/i"; classtype:trojan-activity; sid:37251111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.artismeapparel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.artismeapparel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.artismeapparel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.awpplxjd0.sbs"; dns.query; content:"www.awpplxjd0.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.awpplxjd0\.sbs$/i"; classtype:trojan-activity; sid:37251121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.awpplxjd0.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.awpplxjd0.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.awpplxjd0\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.lululimon.homes"; dns.query; content:"www.lululimon.homes"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.lululimon\.homes$/i"; classtype:trojan-activity; sid:37251131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.lululimon.homes"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.lululimon.homes"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.lululimon\.homes[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.gcashservice247.com"; dns.query; content:"www.gcashservice247.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gcashservice247\.com$/i"; classtype:trojan-activity; sid:37251141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.gcashservice247.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.gcashservice247.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gcashservice247\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.crayonworm.com"; dns.query; content:"www.crayonworm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.crayonworm\.com$/i"; classtype:trojan-activity; sid:37251151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.crayonworm.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.crayonworm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.crayonworm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.globalworld-travel.com"; dns.query; content:"www.globalworld-travel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.globalworld\-travel\.com$/i"; classtype:trojan-activity; sid:37251161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.globalworld-travel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.globalworld-travel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.globalworld\-travel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.mylashnme.com"; dns.query; content:"www.mylashnme.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mylashnme\.com$/i"; classtype:trojan-activity; sid:37251171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.mylashnme.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.mylashnme.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mylashnme\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.cuisinier.org"; dns.query; content:"www.cuisinier.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cuisinier\.org$/i"; classtype:trojan-activity; sid:37251181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.cuisinier.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.cuisinier.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cuisinier\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.pltsystems.com"; dns.query; content:"www.pltsystems.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.pltsystems\.com$/i"; classtype:trojan-activity; sid:37251191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.pltsystems.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.pltsystems.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.pltsystems\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.breadandorchid.com"; dns.query; content:"www.breadandorchid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.breadandorchid\.com$/i"; classtype:trojan-activity; sid:37251201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.breadandorchid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.breadandorchid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.breadandorchid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> 108.165.106.7 $HTTP_PORTS (msg: "MISP e26238 [AS-GLOBALTELEHOST,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//108.165.106.7/c/msdownload/update/others/2016/12/29136388_"; flow:to_server,established; http.header; content:"108.165.106.7"; fast_pattern; nocase; http.uri; content:"/c/msdownload/update/others/2016/12/29136388_"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37230001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26324 [] Domain www.sibuordesigns.com"; dns.query; content:"www.sibuordesigns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sibuordesigns\.com$/i"; classtype:trojan-activity; sid:37251221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26324 [] Outgoing HTTP Domain www.sibuordesigns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.sibuordesigns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sibuordesigns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert http $HOME_NET any -> 108.165.106.7 $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//108.165.106.7/c/msdownload/update/others/2016/12/29136388_"; flow:to_server,established; http.header; content:"108.165.106.7"; fast_pattern; nocase; http.uri; content:"/c/msdownload/update/others/2016/12/29136388_"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37267781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 13.36.225.33 80 (msg: "MISP e26403 [] Outgoing To IP: 13.36.225.33|80"; classtype:trojan-activity; sid:37267821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> 13.36.225.33 $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//13.36.225.33/ca"; flow:to_server,established; http.header; content:"13.36.225.33"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37267831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> 175.24.130.231 9000 (msg: "MISP e26403 [] Outgoing URL http|3a|//175.24.130.231|3a|9000/en_US/all.js"; flow:to_server,established; http.header; content:"175.24.130.231"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37267841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 3.127.181.115 19920 (msg: "MISP e26403 [] Outgoing To IP: 3.127.181.115|19920"; classtype:trojan-activity; sid:37267851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 3.67.161.133 19920 (msg: "MISP e26403 [] Outgoing To IP: 3.67.161.133|19920"; classtype:trojan-activity; sid:37267861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 3.67.62.142 19920 (msg: "MISP e26403 [] Outgoing To IP: 3.67.62.142|19920"; classtype:trojan-activity; sid:37267871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 18.158.58.205 19920 (msg: "MISP e26403 [] Outgoing To IP: 18.158.58.205|19920"; classtype:trojan-activity; sid:37267891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26324 [] Outgoing URL http|3a|//www.sibuordesigns.com/af45/"; flow:to_server,established; http.header; content:"www.sibuordesigns.com"; fast_pattern; nocase; http.uri; content:"/af45/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37251211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26324;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37264271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37264361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37264481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37264511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37264601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37264631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37264661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37264781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37264811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37264841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37264931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37264961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37264991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37264992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37265021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37265051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37265111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37265171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37265291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37265321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37265351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37265441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37265471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37265501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37265561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37265591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37265621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37265651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37265681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37265711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37265741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37265831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37265861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37265891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37265981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37265982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37266011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37266041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37266071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37266101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37266131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37266161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37266191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37266221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37266251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37266281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37266311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37266341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37266371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37266401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37266431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37266461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname finderunion.com"; dns.query; content:"finderunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com$/i"; classtype:trojan-activity; sid:37266491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname finderunion.com"; flow:to_server,established; http.header; content: "Host|3a| finderunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])finderunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname musicclubcompany.com"; dns.query; content:"musicclubcompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com$/i"; classtype:trojan-activity; sid:37266521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname musicclubcompany.com"; flow:to_server,established; http.header; content: "Host|3a| musicclubcompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])musicclubcompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert dns any any -> any any (msg: "MISP e26402 [] Hostname berringtonnews.com"; dns.query; content:"berringtonnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com$/i"; classtype:trojan-activity; sid:37266551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26402 [] Outgoing HTTP Hostname berringtonnews.com"; flow:to_server,established; http.header; content: "Host|3a| berringtonnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])berringtonnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37266552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26402;) alert ip $HOME_NET any -> 86.38.225.108 2226 (msg: "MISP e26238 [] Outgoing To IP: 86.38.225.108|2226"; classtype:trojan-activity; sid:37230011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 86.38.225.106 2221 (msg: "MISP e26238 [] Outgoing To IP: 86.38.225.106|2221"; classtype:trojan-activity; sid:37230021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 86.38.225.105 13721 (msg: "MISP e26238 [] Outgoing To IP: 86.38.225.105|13721"; classtype:trojan-activity; sid:37230031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26238 [dcrat] Outgoing URL http|3a|//lilbabyfan.000webhostapp.com/500ae1b3.php"; flow:to_server,established; http.header; content:"lilbabyfan.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/500ae1b3.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37230071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 86.38.225.108 2226 (msg: "MISP e26403 [] Outgoing To IP: 86.38.225.108|2226"; classtype:trojan-activity; sid:37267931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 86.38.225.106 2221 (msg: "MISP e26403 [] Outgoing To IP: 86.38.225.106|2221"; classtype:trojan-activity; sid:37267941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 86.38.225.105 13721 (msg: "MISP e26403 [] Outgoing To IP: 86.38.225.105|13721"; classtype:trojan-activity; sid:37267951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26191 [] Domain webbanco.estado-cl.info"; dns.query; content:"webbanco.estado-cl.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])webbanco\.estado\-cl\.info$/i"; classtype:trojan-activity; sid:37208591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26191;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26191 [] Outgoing HTTP Domain webbanco.estado-cl.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webbanco.estado-cl.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webbanco\.estado\-cl\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37208592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26191;) alert dns any any -> any any (msg: "MISP e26192 [] Domain webbanco.estado-cl.info"; dns.query; content:"webbanco.estado-cl.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])webbanco\.estado\-cl\.info$/i"; classtype:trojan-activity; sid:37208681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26192;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26192 [] Outgoing HTTP Domain webbanco.estado-cl.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webbanco.estado-cl.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webbanco\.estado\-cl\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37208682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26192;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//lilbabyfan.000webhostapp.com/500ae1b3.php"; flow:to_server,established; http.header; content:"lilbabyfan.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/500ae1b3.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37267961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26238 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Domain 199.60.149.34.bc.googleusercontent.com"; dns.query; content:"199.60.149.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])199\.60\.149\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37230081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing HTTP Domain 199.60.149.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"199.60.149.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])199\.60\.149\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37230082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS212317,c2,censys,HETZNER-CLOUD3-AS] Domain static.127.103.78.5.clients.your-server.de"; dns.query; content:"static.127.103.78.5.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.127\.103\.78\.5\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37230091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS212317,c2,censys,HETZNER-CLOUD3-AS] Outgoing HTTP Domain static.127.103.78.5.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.127.103.78.5.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.127\.103\.78\.5\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37230092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 143.110.176.113 80 (msg: "MISP e26238 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 143.110.176.113|80"; classtype:trojan-activity; sid:37230101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 54.169.210.113 80 (msg: "MISP e26238 [AMAZON-02,AS16509,c2,censys] Outgoing To IP: 54.169.210.113|80"; classtype:trojan-activity; sid:37230111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 185.229.225.190 80 (msg: "MISP e26238 [AS41436,c2,censys,CLOUDWEBMANAGE-EU] Outgoing To IP: 185.229.225.190|80"; classtype:trojan-activity; sid:37230121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 148.72.132.181 43255 (msg: "MISP e26238 [AS-30083-GO-DADDY-COM-LLC,AS30083,c2,censys] Outgoing To IP: 148.72.132.181|43255"; classtype:trojan-activity; sid:37230131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 37.32.13.166 80 (msg: "MISP e26238 [AS202468,c2,censys] Outgoing To IP: 37.32.13.166|80"; classtype:trojan-activity; sid:37230141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 139.9.62.69 8090 (msg: "MISP e26238 [AS55990,c2,censys] Outgoing To IP: 139.9.62.69|8090"; classtype:trojan-activity; sid:37230151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 185.196.9.6 8888 (msg: "MISP e26238 [AS42624,c2,censys,SIMPLECARRIER,Supershell] Outgoing To IP: 185.196.9.6|8888"; classtype:trojan-activity; sid:37230161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 45.88.186.16 7707 (msg: "MISP e26238 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 45.88.186.16|7707"; classtype:trojan-activity; sid:37230171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 154.212.146.81 8008 (msg: "MISP e26238 [AS136778,c2,censys,RAT] Outgoing To IP: 154.212.146.81|8008"; classtype:trojan-activity; sid:37230181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 69.46.36.208 7443 (msg: "MISP e26238 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.208|7443"; classtype:trojan-activity; sid:37230191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 62.210.130.233 80 (msg: "MISP e26238 [AS12876,c2,censys,HookBot] Outgoing To IP: 62.210.130.233|80"; classtype:trojan-activity; sid:37230201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 204.44.124.8 4782 (msg: "MISP e26238 [AS8100,ASN-QUADRANET-GLOBAL,c2,censys,RAT] Outgoing To IP: 204.44.124.8|4782"; classtype:trojan-activity; sid:37230211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 177.138.248.251 5000 (msg: "MISP e26238 [AS27699,c2,censys,RAT] Outgoing To IP: 177.138.248.251|5000"; classtype:trojan-activity; sid:37230221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 185.16.39.253 8888 (msg: "MISP e26238 [AS201814,c2,censys,MEVSPACE,RAT] Outgoing To IP: 185.16.39.253|8888"; classtype:trojan-activity; sid:37230231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [AS20068,c2,censys,HAWKHOST] Domain 23-26-55-9.cprapid.com"; dns.query; content:"23-26-55-9.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])23\-26\-55\-9\.cprapid\.com$/i"; classtype:trojan-activity; sid:37230241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [AS20068,c2,censys,HAWKHOST] Outgoing HTTP Domain 23-26-55-9.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"23-26-55-9.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])23\-26\-55\-9\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37230242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 5.206.224.7 80 (msg: "MISP e26238 [AS47674,c2,censys,NETSOLUTIONS,RAT] Outgoing To IP: 5.206.224.7|80"; classtype:trojan-activity; sid:37230251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 34.116.253.50 5000 (msg: "MISP e26238 [AS396982,botnet,byob,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.116.253.50|5000"; classtype:trojan-activity; sid:37230261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 45.153.229.71 5000 (msg: "MISP e26238 [AS44477,botnet,byob,c2,censys,STARK-INDUSTRIES] Outgoing To IP: 45.153.229.71|5000"; classtype:trojan-activity; sid:37230271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 116.118.49.164 80 (msg: "MISP e26238 [AS63760,c2,censys] Outgoing To IP: 116.118.49.164|80"; classtype:trojan-activity; sid:37230281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 128.199.65.13 80 (msg: "MISP e26238 [AS14061,c2,censys,DIGITALOCEAN-ASN,UNAM] Outgoing To IP: 128.199.65.13|80"; classtype:trojan-activity; sid:37230291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 135.148.115.76 443 (msg: "MISP e26238 [AS16276,censys,GoPhish,OVH,phishing] Outgoing To IP: 135.148.115.76|443"; classtype:trojan-activity; sid:37230301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 46.232.249.112 3333 (msg: "MISP e26238 [AS197540,censys,GoPhish,phishing] Outgoing To IP: 46.232.249.112|3333"; classtype:trojan-activity; sid:37230311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 95.20.241.182 443 (msg: "MISP e26238 [AS12479,c2,censys,UNI2-AS] Outgoing To IP: 95.20.241.182|443"; classtype:trojan-activity; sid:37230321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [] Domain file.fmwhat.download"; dns.query; content:"file.fmwhat.download"; nocase; pcre: "/(^|[^A-Za-z0-9-])file\.fmwhat\.download$/i"; classtype:trojan-activity; sid:37230331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [] Outgoing HTTP Domain file.fmwhat.download"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"file.fmwhat.download"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])file\.fmwhat\.download[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37230332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26403 [] Domain file.fmwhat.download"; dns.query; content:"file.fmwhat.download"; nocase; pcre: "/(^|[^A-Za-z0-9-])file\.fmwhat\.download$/i"; classtype:trojan-activity; sid:37267971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain file.fmwhat.download"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"file.fmwhat.download"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])file\.fmwhat\.download[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37267972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 95.20.241.182 443 (msg: "MISP e26403 [] Outgoing To IP: 95.20.241.182|443"; classtype:trojan-activity; sid:37268001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 46.232.249.112 3333 (msg: "MISP e26403 [] Outgoing To IP: 46.232.249.112|3333"; classtype:trojan-activity; sid:37268011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 135.148.115.76 443 (msg: "MISP e26403 [] Outgoing To IP: 135.148.115.76|443"; classtype:trojan-activity; sid:37268021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 128.199.65.13 80 (msg: "MISP e26403 [] Outgoing To IP: 128.199.65.13|80"; classtype:trojan-activity; sid:37268031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 116.118.49.164 80 (msg: "MISP e26403 [] Outgoing To IP: 116.118.49.164|80"; classtype:trojan-activity; sid:37268041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 45.153.229.71 5000 (msg: "MISP e26403 [] Outgoing To IP: 45.153.229.71|5000"; classtype:trojan-activity; sid:37268051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 34.116.253.50 5000 (msg: "MISP e26403 [] Outgoing To IP: 34.116.253.50|5000"; classtype:trojan-activity; sid:37268061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 5.206.224.7 80 (msg: "MISP e26403 [] Outgoing To IP: 5.206.224.7|80"; classtype:trojan-activity; sid:37268071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain 23-26-55-9.cprapid.com"; dns.query; content:"23-26-55-9.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])23\-26\-55\-9\.cprapid\.com$/i"; classtype:trojan-activity; sid:37268081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain 23-26-55-9.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"23-26-55-9.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])23\-26\-55\-9\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 185.16.39.253 8888 (msg: "MISP e26403 [] Outgoing To IP: 185.16.39.253|8888"; classtype:trojan-activity; sid:37268091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 177.138.248.251 5000 (msg: "MISP e26403 [] Outgoing To IP: 177.138.248.251|5000"; classtype:trojan-activity; sid:37268101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 204.44.124.8 4782 (msg: "MISP e26403 [] Outgoing To IP: 204.44.124.8|4782"; classtype:trojan-activity; sid:37268111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 62.210.130.233 80 (msg: "MISP e26403 [] Outgoing To IP: 62.210.130.233|80"; classtype:trojan-activity; sid:37268121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 69.46.36.208 7443 (msg: "MISP e26403 [] Outgoing To IP: 69.46.36.208|7443"; classtype:trojan-activity; sid:37268131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 154.212.146.81 8008 (msg: "MISP e26403 [] Outgoing To IP: 154.212.146.81|8008"; classtype:trojan-activity; sid:37268141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 45.88.186.16 7707 (msg: "MISP e26403 [] Outgoing To IP: 45.88.186.16|7707"; classtype:trojan-activity; sid:37268151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 185.196.9.6 8888 (msg: "MISP e26403 [] Outgoing To IP: 185.196.9.6|8888"; classtype:trojan-activity; sid:37268161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 139.9.62.69 8090 (msg: "MISP e26403 [] Outgoing To IP: 139.9.62.69|8090"; classtype:trojan-activity; sid:37268171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 37.32.13.166 80 (msg: "MISP e26403 [] Outgoing To IP: 37.32.13.166|80"; classtype:trojan-activity; sid:37268181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 148.72.132.181 43255 (msg: "MISP e26403 [] Outgoing To IP: 148.72.132.181|43255"; classtype:trojan-activity; sid:37268191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 185.229.225.190 80 (msg: "MISP e26403 [] Outgoing To IP: 185.229.225.190|80"; classtype:trojan-activity; sid:37268201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 54.169.210.113 80 (msg: "MISP e26403 [] Outgoing To IP: 54.169.210.113|80"; classtype:trojan-activity; sid:37268211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 143.110.176.113 80 (msg: "MISP e26403 [] Outgoing To IP: 143.110.176.113|80"; classtype:trojan-activity; sid:37268221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain static.127.103.78.5.clients.your-server.de"; dns.query; content:"static.127.103.78.5.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.127\.103\.78\.5\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37268231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain static.127.103.78.5.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.127.103.78.5.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.127\.103\.78\.5\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain 199.60.149.34.bc.googleusercontent.com"; dns.query; content:"199.60.149.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])199\.60\.149\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37268241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain 199.60.149.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"199.60.149.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])199\.60\.149\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26193 [] Domain personas.milab.digital"; dns.query; content:"personas.milab.digital"; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital$/i"; classtype:trojan-activity; sid:37208781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26193;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26193 [] Outgoing HTTP Domain personas.milab.digital"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"personas.milab.digital"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37208782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26193;) alert ip $HOME_NET any -> 194.38.20.230 6666 (msg: "MISP e26238 [njrat] Outgoing To IP: 194.38.20.230|6666"; classtype:trojan-activity; sid:37230361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 194.38.20.230 6666 (msg: "MISP e26403 [] Outgoing To IP: 194.38.20.230|6666"; classtype:trojan-activity; sid:37268251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26376 [] Domain aircanadarefac09.com"; dns.query; content:"aircanadarefac09.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aircanadarefac09\.com$/i"; classtype:trojan-activity; sid:37253131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26376;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26376 [] Outgoing HTTP Domain aircanadarefac09.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aircanadarefac09.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aircanadarefac09\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26376;) alert dns any any -> any any (msg: "MISP e26375 [] Domain docosignonline.com"; dns.query; content:"docosignonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])docosignonline\.com$/i"; classtype:trojan-activity; sid:37252981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Domain docosignonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"docosignonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])docosignonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26392 [] Outgoing URL http|3a|//icg-climate.com"; flow:to_server,established; http.header; content:"icg-climate.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37256501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26392;) alert dns any any -> any any (msg: "MISP e26528 [Take Down] Hostname v5.patmatishere.site"; dns.query; content:"v5.patmatishere.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])v5\.patmatishere\.site$/i"; classtype:trojan-activity; sid:37463321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26528;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26528 [Take Down] Outgoing HTTP Hostname v5.patmatishere.site"; flow:to_server,established; http.header; content: "Host|3a| v5.patmatishere.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])v5\.patmatishere\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37463322; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26528;) alert dns any any -> any any (msg: "MISP e26528 [Take Down] Domain patmatishere.site"; dns.query; content:"patmatishere.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])patmatishere\.site$/i"; classtype:trojan-activity; sid:37463331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26528;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26528 [Take Down] Outgoing HTTP Domain patmatishere.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patmatishere.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patmatishere\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37463332; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26528;) alert dns any any -> any any (msg: "MISP e26375 [] Domain rbcbank-securitycheck.com"; dns.query; content:"rbcbank-securitycheck.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rbcbank\-securitycheck\.com$/i"; classtype:trojan-activity; sid:37252991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Domain rbcbank-securitycheck.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rbcbank-securitycheck.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rbcbank\-securitycheck\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert dns any any -> any any (msg: "MISP e26403 [] Domain peces.duckdns.org"; dns.query; content:"peces.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])peces\.duckdns\.org$/i"; classtype:trojan-activity; sid:37268261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain peces.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"peces.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])peces\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26389 [] Outgoing URL http|3a|//click.promote.weebly.com/ls/click?upn=CLHq-2BqDyLPQrp1cp0AuedP9onSNX9PZ-2FshzEUY9jxEM-2BdOJSjNSn032upUcW7hIpuccY_QbFm494QXtk2Y0vsW8OH2jaT271Ew3ZAV78-2FpzoCktqYOvnrhESeHcIyvJfVQGiCKjkL2S-2FnQDe-2BMnUmqOI0RVDfCVjmzGw7UCNrH4bxCJO3UMeOVIR4QzIY82eb9D5YG-2BsG-2FFRr1LelgKtU-2BgehhkZfYvE3kV-2FWJrKbpwKkQ-2BnjfWdq1Cnv6R2cC8C63sTu25BcZFYtxQwGsMR-2B0S7VtsqySq9Ua-2BG-2BcMtfo0uGI0ZWK8nRMPVtyVGsfswBYjevoUqvrMBCuertqlRvyBh53niXLbQwYEQdgthnjB7F5G6-2FYkJp-2FtGJMApwH04px3hgoPRZKkyME9UbtmgFqYkMlUPaySq5o-2BjJJ3B6eaKH9Vkzo2q5ekoDpGb1kdXNAwDtJSagrKBa-2BAkZFzKdF3WY-2Fh22I-2BxAEWXyGoW0X-2FsHCDLGgJOozM1gRhH90MFFWRCPh2Z78eMQy-2Fpr2ltsK4OoYIErMj5TxOm2U-2FrIw5Zg5qo-3D"; flow:to_server,established; http.header; content:"click.promote.weebly.com"; fast_pattern; nocase; http.uri; content:"/ls/click"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37256471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26389;) alert ip $HOME_NET any -> 5.39.43.50 1609 (msg: "MISP e26403 [] Outgoing To IP: 5.39.43.50|1609"; classtype:trojan-activity; sid:37268271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 5.39.43.50 1609 (msg: "MISP e26238 [njrat,RAT] Outgoing To IP: 5.39.43.50|1609"; classtype:trojan-activity; sid:37230371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26393 [] Domain yorkcapital-eu.com"; dns.query; content:"yorkcapital-eu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])yorkcapital\-eu\.com$/i"; classtype:trojan-activity; sid:37256511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26393;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26393 [] Outgoing HTTP Domain yorkcapital-eu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yorkcapital-eu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yorkcapital\-eu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37256512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26393;) alert dns any any -> any any (msg: "MISP e26362 [] Domain smart-id-estonia.is-with-theband.com"; dns.query; content:"smart-id-estonia.is-with-theband.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])smart\-id\-estonia\.is\-with\-theband\.com$/i"; classtype:trojan-activity; sid:37252661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26362;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26362 [] Outgoing HTTP Domain smart-id-estonia.is-with-theband.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smart-id-estonia.is-with-theband.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smart\-id\-estonia\.is\-with\-theband\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26362;) alert ip $HOME_NET any -> 46.246.80.9 1995 (msg: "MISP e26403 [] Outgoing To IP: 46.246.80.9|1995"; classtype:trojan-activity; sid:37268281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 46.246.80.9 1995 (msg: "MISP e26238 [njrat,RAT] Outgoing To IP: 46.246.80.9|1995"; classtype:trojan-activity; sid:37230381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 65.109.242.25 443 (msg: "MISP e26238 [Vidar] Outgoing To IP: 65.109.242.25|443"; classtype:trojan-activity; sid:37230391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 159.69.101.193 5432 (msg: "MISP e26238 [Vidar] Outgoing To IP: 159.69.101.193|5432"; classtype:trojan-activity; sid:37230401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 116.203.6.77 9000 (msg: "MISP e26238 [Vidar] Outgoing To IP: 116.203.6.77|9000"; classtype:trojan-activity; sid:37230411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 116.203.165.197 9000 (msg: "MISP e26238 [Vidar] Outgoing To IP: 116.203.165.197|9000"; classtype:trojan-activity; sid:37230421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 65.109.242.25 443 (msg: "MISP e26403 [] Outgoing To IP: 65.109.242.25|443"; classtype:trojan-activity; sid:37268351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 159.69.101.193 5432 (msg: "MISP e26403 [] Outgoing To IP: 159.69.101.193|5432"; classtype:trojan-activity; sid:37268361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 116.203.6.77 9000 (msg: "MISP e26403 [] Outgoing To IP: 116.203.6.77|9000"; classtype:trojan-activity; sid:37268371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 116.203.165.197 9000 (msg: "MISP e26403 [] Outgoing To IP: 116.203.165.197|9000"; classtype:trojan-activity; sid:37268381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain support-ntc.servehttp.com"; dns.query; content:"support-ntc.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])support\-ntc\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain support-ntc.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"support-ntc.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])support\-ntc\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain sdmx-financegovpk.servehttp.com"; dns.query; content:"sdmx-financegovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sdmx\-financegovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain sdmx-financegovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sdmx-financegovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sdmx\-financegovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain sharepakistan-mofa.viewdns.net"; dns.query; content:"sharepakistan-mofa.viewdns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])sharepakistan\-mofa\.viewdns\.net$/i"; classtype:trojan-activity; sid:37268411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain sharepakistan-mofa.viewdns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sharepakistan-mofa.viewdns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sharepakistan\-mofa\.viewdns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain ogdcl.servehttp.com"; dns.query; content:"ogdcl.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ogdcl\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain ogdcl.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ogdcl.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ogdcl\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain portal-ptclnetpk.servehttp.com"; dns.query; content:"portal-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain portal-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain piac-compk.servehttp.com"; dns.query; content:"piac-compk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])piac\-compk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain piac-compk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"piac-compk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])piac\-compk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain offers-ptclnetpk.serveirc.com"; dns.query; content:"offers-ptclnetpk.serveirc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveirc\.com$/i"; classtype:trojan-activity; sid:37268451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain offers-ptclnetpk.serveirc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveirc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveirc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain offers-ptclnetpk.serveblog.net"; dns.query; content:"offers-ptclnetpk.serveblog.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveblog\.net$/i"; classtype:trojan-activity; sid:37268461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain offers-ptclnetpk.serveblog.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveblog.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveblog\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain offers-ptclnetpk.serveftp.com"; dns.query; content:"offers-ptclnetpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37268471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain offers-ptclnetpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain news-ptvcompk.servehttp.com"; dns.query; content:"news-ptvcompk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-ptvcompk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain news-ptvcompk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news-ptvcompk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-ptvcompk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain offer-ptclnetpk.servehttp.com"; dns.query; content:"offer-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offer\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain offer-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offer-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offer\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain newmail-armymilbd.servehttp.com"; dns.query; content:"newmail-armymilbd.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])newmail\-armymilbd\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain newmail-armymilbd.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"newmail-armymilbd.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])newmail\-armymilbd\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain navy-govbd.servehttp.com"; dns.query; content:"navy-govbd.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])navy\-govbd\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain navy-govbd.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"navy-govbd.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])navy\-govbd\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain mailhitgovpk.servehalflife.com"; dns.query; content:"mailhitgovpk.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mailhitgovpk\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37268521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain mailhitgovpk.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mailhitgovpk.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mailhitgovpk\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain nanfung.servehttp.com"; dns.query; content:"nanfung.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nanfung\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain nanfung.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nanfung.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nanfung\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain mail-scogovpk.servehalflife.com"; dns.query; content:"mail-scogovpk.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-scogovpk\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37268541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain mail-scogovpk.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-scogovpk.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-scogovpk\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain mail-mofagovpk.myddns.me"; dns.query; content:"mail-mofagovpk.myddns.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.myddns\.me$/i"; classtype:trojan-activity; sid:37268551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain mail-mofagovpk.myddns.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofagovpk.myddns.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.myddns\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain mail-mofapk.servehttp.com"; dns.query; content:"mail-mofapk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofapk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain mail-mofapk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofapk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofapk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain mail-mofagovpk.ddns.net"; dns.query; content:"mail-mofagovpk.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.ddns\.net$/i"; classtype:trojan-activity; sid:37268571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain mail-mofagovpk.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofagovpk.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain mail-mofagovpk.gotdns.ch"; dns.query; content:"mail-mofagovpk.gotdns.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.gotdns\.ch$/i"; classtype:trojan-activity; sid:37268581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain mail-mofagovpk.gotdns.ch"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mofagovpk.gotdns.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mofagovpk\.gotdns\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain mail-modgovpk.servehttp.com"; dns.query; content:"mail-modgovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modgovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain mail-modgovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-modgovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modgovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain mail-depogovpk.servehttp.com"; dns.query; content:"mail-depogovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-depogovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain mail-depogovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-depogovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-depogovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain mail-dgdpgovpk.servehalflife.com"; dns.query; content:"mail-dgdpgovpk.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-dgdpgovpk\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37268611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain mail-dgdpgovpk.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-dgdpgovpk.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-dgdpgovpk\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain hrmis-financegovpk.serveftp.com"; dns.query; content:"hrmis-financegovpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hrmis\-financegovpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37268621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain hrmis-financegovpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hrmis-financegovpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hrmis\-financegovpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain mail-bafmilbd.servequake.com"; dns.query; content:"mail-bafmilbd.servequake.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-bafmilbd\.servequake\.com$/i"; classtype:trojan-activity; sid:37268631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain mail-bafmilbd.servequake.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-bafmilbd.servequake.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-bafmilbd\.servequake\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain finance-govpk.serveblog.net"; dns.query; content:"finance-govpk.serveblog.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveblog\.net$/i"; classtype:trojan-activity; sid:37268641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain finance-govpk.serveblog.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"finance-govpk.serveblog.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveblog\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain finance-govpk.serveftp.com"; dns.query; content:"finance-govpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37268651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain finance-govpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"finance-govpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain financegovpk.servehttp.com"; dns.query; content:"financegovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])financegovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain financegovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"financegovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])financegovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain circular-financegov.servehalflife.com"; dns.query; content:"circular-financegov.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])circular\-financegov\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37268671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain circular-financegov.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"circular-financegov.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])circular\-financegov\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain eservice-ptclnetpk.servehttp.com"; dns.query; content:"eservice-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eservice\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain eservice-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eservice-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eservice\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain cap-mofapk.servehttp.com"; dns.query; content:"cap-mofapk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofapk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain cap-mofapk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cap-mofapk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofapk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain awards-piacaero.servehalflife.com"; dns.query; content:"awards-piacaero.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37268701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain awards-piacaero.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"awards-piacaero.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain awards-piacaero.servehttp.com"; dns.query; content:"awards-piacaero.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain awards-piacaero.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"awards-piacaero.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])awards\-piacaero\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain cap-mofagovpk.servehttp.com"; dns.query; content:"cap-mofagovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofagovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain cap-mofagovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cap-mofagovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cap\-mofagovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain advisory-cabinetgpk.servehttp.com"; dns.query; content:"advisory-cabinetgpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])advisory\-cabinetgpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain advisory-cabinetgpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"advisory-cabinetgpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])advisory\-cabinetgpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain vibe-ptclnetpk.servehttp.com"; dns.query; content:"vibe-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vibe\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37268741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain vibe-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vibe-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vibe\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26194 [] Outgoing URL http|3a|//banco.estado-acceso.info/"; flow:to_server,established; http.header; content:"banco.estado-acceso.info"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37208851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26194;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26194 [] Outgoing URL http|3a|//banco.estado-acceso.info/142I8N2I010"; flow:to_server,established; http.header; content:"banco.estado-acceso.info"; fast_pattern; nocase; http.uri; content:"/142I8N2I010"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37208861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26194;) alert dns any any -> any any (msg: "MISP e26194 [] Domain banco.estado-acceso.info"; dns.query; content:"banco.estado-acceso.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estado\-acceso\.info$/i"; classtype:trojan-activity; sid:37208871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26194;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26194 [] Outgoing HTTP Domain banco.estado-acceso.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banco.estado-acceso.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estado\-acceso\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37208872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26194;) alert ip $HOME_NET any -> 45.155.91.135 21425 (msg: "MISP e26238 [Mirai] Outgoing To IP: 45.155.91.135|21425"; classtype:trojan-activity; sid:37230491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 5.39.43.50 1610 (msg: "MISP e26403 [] Outgoing To IP: 5.39.43.50|1610"; classtype:trojan-activity; sid:37268751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 45.155.91.135 21425 (msg: "MISP e26403 [] Outgoing To IP: 45.155.91.135|21425"; classtype:trojan-activity; sid:37268761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 94.156.68.226 3787 (msg: "MISP e26238 [AveMariaRAT,RAT] Outgoing To IP: 94.156.68.226|3787"; classtype:trojan-activity; sid:37230511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26299 [kill-chain:Command and Control] Outgoing URL http|3a|//www.lgedwards.co.za/wp-includes/XNnwLJXXBbAwjWLmac.exe"; flow:to_server,established; http.header; content:"www.lgedwards.co.za"; fast_pattern; nocase; http.uri; content:"/wp-includes/XNnwLJXXBbAwjWLmac.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37240281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26299;) alert ip $HOME_NET any -> 94.156.68.226 3787 (msg: "MISP e26403 [] Outgoing To IP: 94.156.68.226|3787"; classtype:trojan-activity; sid:37268771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26209 [] Outgoing URL http|3a|//dev-mi-provinciabip-acceso.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-mi-provinciabip-acceso.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37210661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26209;) alert dns any any -> any any (msg: "MISP e26209 [] Domain dev-mi-provinciabip-acceso.pantheonsite.io"; dns.query; content:"dev-mi-provinciabip-acceso.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-mi\-provinciabip\-acceso\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37210681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26209;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26209 [] Outgoing HTTP Domain dev-mi-provinciabip-acceso.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-mi-provinciabip-acceso.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-mi\-provinciabip\-acceso\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37210682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26209;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tw-csdrops.com"; dns.query; content:"tw-csdrops.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tw\-csdrops\.com$/i"; classtype:trojan-activity; sid:37338191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tw-csdrops.com"; flow:to_server,established; http.header; content: "Host|3a| tw-csdrops.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tw\-csdrops\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tw-csdrops.com"; flow:to_server,established; http.header; content:"tw-csdrops.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37338201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname eeqjj9jol0lyj-1324239560.cos.ap-bangkok.myqcloud.com"; dns.query; content:"eeqjj9jol0lyj-1324239560.cos.ap-bangkok.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eeqjj9jol0lyj\-1324239560\.cos\.ap\-bangkok\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37338221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname eeqjj9jol0lyj-1324239560.cos.ap-bangkok.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| eeqjj9jol0lyj-1324239560.cos.ap-bangkok.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eeqjj9jol0lyj\-1324239560\.cos\.ap\-bangkok\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//eeqjj9jol0lyj-1324239560.cos.ap-bangkok.myqcloud.com/eeqjj9jol0lyj.html"; flow:to_server,established; http.header; content:"eeqjj9jol0lyj-1324239560.cos.ap-bangkok.myqcloud.com"; fast_pattern; nocase; http.uri; content:"/eeqjj9jol0lyj.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37338231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tgadminuser.webpp.wang"; dns.query; content:"tgadminuser.webpp.wang"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webpp\.wang$/i"; classtype:trojan-activity; sid:37338251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tgadminuser.webpp.wang"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.webpp.wang"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webpp\.wang[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname izn.geg.mybluehost.me"; dns.query; content:"izn.geg.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])izn\.geg\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37338281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname izn.geg.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| izn.geg.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])izn\.geg\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname krichna.torinopenna.com"; dns.query; content:"krichna.torinopenna.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])krichna\.torinopenna\.com$/i"; classtype:trojan-activity; sid:37338311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname krichna.torinopenna.com"; flow:to_server,established; http.header; content: "Host|3a| krichna.torinopenna.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])krichna\.torinopenna\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//krichna.torinopenna.com/"; flow:to_server,established; http.header; content:"krichna.torinopenna.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37338321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname izn.geg.mybluehost.me"; dns.query; content:"izn.geg.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])izn\.geg\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37338341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname izn.geg.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| izn.geg.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])izn\.geg\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-bc.com"; dns.query; content:"imtoken-bc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bc\.com$/i"; classtype:trojan-activity; sid:37338371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-bc.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-ay.com"; dns.query; content:"imtoken-ay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ay\.com$/i"; classtype:trojan-activity; sid:37338401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-ay.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtokencion.com"; dns.query; content:"imtokencion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokencion\.com$/i"; classtype:trojan-activity; sid:37338431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtokencion.com"; flow:to_server,established; http.header; content: "Host|3a| imtokencion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokencion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtokenapps.com"; dns.query; content:"imtokenapps.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenapps\.com$/i"; classtype:trojan-activity; sid:37338461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtokenapps.com"; flow:to_server,established; http.header; content: "Host|3a| imtokenapps.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenapps\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtokenl.com"; dns.query; content:"imtokenl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenl\.com$/i"; classtype:trojan-activity; sid:37338491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtokenl.com"; flow:to_server,established; http.header; content: "Host|3a| imtokenl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-bj.com"; dns.query; content:"imtoken-bj.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bj\.com$/i"; classtype:trojan-activity; sid:37338521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-bj.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bj.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bj\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-guanfang.com"; dns.query; content:"imtoken-guanfang.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-guanfang\.com$/i"; classtype:trojan-activity; sid:37338551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-guanfang.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-guanfang.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-guanfang\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//imtoken-guanfang.com/"; flow:to_server,established; http.header; content:"imtoken-guanfang.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37338561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-w.com"; dns.query; content:"imtoken-w.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-w\.com$/i"; classtype:trojan-activity; sid:37338581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-w.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-w.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-w\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-paly.com"; dns.query; content:"imtoken-paly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-paly\.com$/i"; classtype:trojan-activity; sid:37338611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-paly.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-paly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-paly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-bl.com"; dns.query; content:"imtoken-bl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bl\.com$/i"; classtype:trojan-activity; sid:37338641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-bl.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-bi.com"; dns.query; content:"imtoken-bi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bi\.com$/i"; classtype:trojan-activity; sid:37338671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-bi.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-br.com"; dns.query; content:"imtoken-br.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-br\.com$/i"; classtype:trojan-activity; sid:37338701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-br.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-br.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-br\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtokenzhc.com"; dns.query; content:"imtokenzhc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenzhc\.com$/i"; classtype:trojan-activity; sid:37338731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtokenzhc.com"; flow:to_server,established; http.header; content: "Host|3a| imtokenzhc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenzhc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//imtokenzhc.com/"; flow:to_server,established; http.header; content:"imtokenzhc.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37338741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-bo.com"; dns.query; content:"imtoken-bo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bo\.com$/i"; classtype:trojan-activity; sid:37338761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-bo.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-ax.com"; dns.query; content:"imtoken-ax.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ax\.com$/i"; classtype:trojan-activity; sid:37338791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-ax.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ax.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ax\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-ar.com"; dns.query; content:"imtoken-ar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ar\.com$/i"; classtype:trojan-activity; sid:37338821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-ar.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtokenoa.com"; dns.query; content:"imtokenoa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenoa\.com$/i"; classtype:trojan-activity; sid:37338851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtokenoa.com"; flow:to_server,established; http.header; content: "Host|3a| imtokenoa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenoa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//imtokenoa.com/"; flow:to_server,established; http.header; content:"imtokenoa.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37338861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-ca.com"; dns.query; content:"imtoken-ca.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ca\.com$/i"; classtype:trojan-activity; sid:37338881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-ca.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ca.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ca\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-ba.com"; dns.query; content:"imtoken-ba.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ba\.com$/i"; classtype:trojan-activity; sid:37338911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-ba.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ba.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ba\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-ae.com"; dns.query; content:"imtoken-ae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ae\.com$/i"; classtype:trojan-activity; sid:37338941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-ae.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-af.com"; dns.query; content:"imtoken-af.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-af\.com$/i"; classtype:trojan-activity; sid:37338971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-af.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-af.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-af\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-aw.com"; dns.query; content:"imtoken-aw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-aw\.com$/i"; classtype:trojan-activity; sid:37339001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-aw.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-aw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-aw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-open.com"; dns.query; content:"imtoken-open.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-open\.com$/i"; classtype:trojan-activity; sid:37339031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-open.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-open.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-open\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtokenk.com"; dns.query; content:"imtokenk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenk\.com$/i"; classtype:trojan-activity; sid:37339061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtokenk.com"; flow:to_server,established; http.header; content: "Host|3a| imtokenk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//imtokenk.com/"; flow:to_server,established; http.header; content:"imtokenk.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37339071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-aj.com"; dns.query; content:"imtoken-aj.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-aj\.com$/i"; classtype:trojan-activity; sid:37339091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-aj.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-aj.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-aj\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-ah.com"; dns.query; content:"imtoken-ah.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ah\.com$/i"; classtype:trojan-activity; sid:37339121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-ah.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ah.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ah\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtokengf.com"; dns.query; content:"imtokengf.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokengf\.com$/i"; classtype:trojan-activity; sid:37339151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtokengf.com"; flow:to_server,established; http.header; content: "Host|3a| imtokengf.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokengf\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-ak.com"; dns.query; content:"imtoken-ak.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ak\.com$/i"; classtype:trojan-activity; sid:37339181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-ak.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ak.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ak\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtokentprov2.com"; dns.query; content:"imtokentprov2.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokentprov2\.com$/i"; classtype:trojan-activity; sid:37339211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtokentprov2.com"; flow:to_server,established; http.header; content: "Host|3a| imtokentprov2.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokentprov2\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-nm.com"; dns.query; content:"imtoken-nm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-nm\.com$/i"; classtype:trojan-activity; sid:37339241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-nm.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-nm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-nm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-r.com"; dns.query; content:"imtoken-r.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-r\.com$/i"; classtype:trojan-activity; sid:37339271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-r.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-r.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-r\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname wsfinland.com"; dns.query; content:"wsfinland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wsfinland\.com$/i"; classtype:trojan-activity; sid:37339331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname wsfinland.com"; flow:to_server,established; http.header; content: "Host|3a| wsfinland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wsfinland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname lfbn-nan-1-1294-107.w90-59.abo.wanadoo.fr"; dns.query; content:"lfbn-nan-1-1294-107.w90-59.abo.wanadoo.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lfbn\-nan\-1\-1294\-107\.w90\-59\.abo\.wanadoo\.fr$/i"; classtype:trojan-activity; sid:37339361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname lfbn-nan-1-1294-107.w90-59.abo.wanadoo.fr"; flow:to_server,established; http.header; content: "Host|3a| lfbn-nan-1-1294-107.w90-59.abo.wanadoo.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lfbn\-nan\-1\-1294\-107\.w90\-59\.abo\.wanadoo\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname mobquick.direct.quickconnect.to"; dns.query; content:"mobquick.direct.quickconnect.to"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mobquick\.direct\.quickconnect\.to$/i"; classtype:trojan-activity; sid:37339391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname mobquick.direct.quickconnect.to"; flow:to_server,established; http.header; content: "Host|3a| mobquick.direct.quickconnect.to"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mobquick\.direct\.quickconnect\.to[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname brco.myds.me"; dns.query; content:"brco.myds.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brco\.myds\.me$/i"; classtype:trojan-activity; sid:37339421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname brco.myds.me"; flow:to_server,established; http.header; content: "Host|3a| brco.myds.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brco\.myds\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname gratka-gielda.pl"; dns.query; content:"gratka-gielda.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gratka\-gielda\.pl$/i"; classtype:trojan-activity; sid:37339451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname gratka-gielda.pl"; flow:to_server,established; http.header; content: "Host|3a| gratka-gielda.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gratka\-gielda\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//gratka-gielda.pl"; flow:to_server,established; http.header; content:"gratka-gielda.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37339461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname deploysyncs.pages.dev"; dns.query; content:"deploysyncs.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deploysyncs\.pages\.dev$/i"; classtype:trojan-activity; sid:37339481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname deploysyncs.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| deploysyncs.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deploysyncs\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//deploysyncs.pages.dev"; flow:to_server,established; http.header; content:"deploysyncs.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37339491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname t0kenpack2t.fyi"; dns.query; content:"t0kenpack2t.fyi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kenpack2t\.fyi$/i"; classtype:trojan-activity; sid:37339571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname t0kenpack2t.fyi"; flow:to_server,established; http.header; content: "Host|3a| t0kenpack2t.fyi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kenpack2t\.fyi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//t0kenpack2t.fyi"; flow:to_server,established; http.header; content:"t0kenpack2t.fyi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37339581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname t0kenpaek2t.org"; dns.query; content:"t0kenpaek2t.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kenpaek2t\.org$/i"; classtype:trojan-activity; sid:37339601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname t0kenpaek2t.org"; flow:to_server,established; http.header; content: "Host|3a| t0kenpaek2t.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t0kenpaek2t\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//t0kenpaek2t.org"; flow:to_server,established; http.header; content:"t0kenpaek2t.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37339611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname upcrechung87515841.from-de.com"; dns.query; content:"upcrechung87515841.from-de.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upcrechung87515841\.from\-de\.com$/i"; classtype:trojan-activity; sid:37339631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname upcrechung87515841.from-de.com"; flow:to_server,established; http.header; content: "Host|3a| upcrechung87515841.from-de.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])upcrechung87515841\.from\-de\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname deluxereads.com"; dns.query; content:"deluxereads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deluxereads\.com$/i"; classtype:trojan-activity; sid:37339661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname deluxereads.com"; flow:to_server,established; http.header; content: "Host|3a| deluxereads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])deluxereads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname bthomemailer.w3spaces.com"; dns.query; content:"bthomemailer.w3spaces.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bthomemailer\.w3spaces\.com$/i"; classtype:trojan-activity; sid:37339691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname bthomemailer.w3spaces.com"; flow:to_server,established; http.header; content: "Host|3a| bthomemailer.w3spaces.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bthomemailer\.w3spaces\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname jacksonrosemary1735.wixsite.com"; dns.query; content:"jacksonrosemary1735.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jacksonrosemary1735\.wixsite\.com$/i"; classtype:trojan-activity; sid:37339721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname jacksonrosemary1735.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| jacksonrosemary1735.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jacksonrosemary1735\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname portfolio-oqyzbnk.format.com"; dns.query; content:"portfolio-oqyzbnk.format.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portfolio\-oqyzbnk\.format\.com$/i"; classtype:trojan-activity; sid:37339751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname portfolio-oqyzbnk.format.com"; flow:to_server,established; http.header; content: "Host|3a| portfolio-oqyzbnk.format.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portfolio\-oqyzbnk\.format\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname bt-109001.weeblysite.com"; dns.query; content:"bt-109001.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-109001\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37339781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname bt-109001.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-109001.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-109001\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tapk.it"; dns.query; content:"tapk.it"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tapk\.it$/i"; classtype:trojan-activity; sid:37339811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tapk.it"; flow:to_server,established; http.header; content: "Host|3a| tapk.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tapk\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname ssbswisspassccfhfccom.web.app"; dns.query; content:"ssbswisspassccfhfccom.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ssbswisspassccfhfccom\.web\.app$/i"; classtype:trojan-activity; sid:37339841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname ssbswisspassccfhfccom.web.app"; flow:to_server,established; http.header; content: "Host|3a| ssbswisspassccfhfccom.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ssbswisspassccfhfccom\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname sandraclarrk2.wixsite.com"; dns.query; content:"sandraclarrk2.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sandraclarrk2\.wixsite\.com$/i"; classtype:trojan-activity; sid:37339871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname sandraclarrk2.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| sandraclarrk2.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sandraclarrk2\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname flowcode.com"; dns.query; content:"flowcode.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flowcode\.com$/i"; classtype:trojan-activity; sid:37339901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname flowcode.com"; flow:to_server,established; http.header; content: "Host|3a| flowcode.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flowcode\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname ilus-107363.weeblysite.com"; dns.query; content:"ilus-107363.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ilus\-107363\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37339931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname ilus-107363.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| ilus-107363.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ilus\-107363\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//ilus-107363.weeblysite.com/"; flow:to_server,established; http.header; content:"ilus-107363.weeblysite.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37339941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname dfghjgfgjhgfdsgh23453tghjgfgd.weebly.com"; dns.query; content:"dfghjgfgjhgfdsgh23453tghjgfgd.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dfghjgfgjhgfdsgh23453tghjgfgd\.weebly\.com$/i"; classtype:trojan-activity; sid:37339991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname dfghjgfgjhgfdsgh23453tghjgfgd.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| dfghjgfgjhgfdsgh23453tghjgfgd.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dfghjgfgjhgfdsgh23453tghjgfgd\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37339992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname etredf.weebly.com"; dns.query; content:"etredf.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])etredf\.weebly\.com$/i"; classtype:trojan-activity; sid:37340021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname etredf.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| etredf.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])etredf\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname aply-exodise-oi.top"; dns.query; content:"aply-exodise-oi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aply\-exodise\-oi\.top$/i"; classtype:trojan-activity; sid:37340051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname aply-exodise-oi.top"; flow:to_server,established; http.header; content: "Host|3a| aply-exodise-oi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aply\-exodise\-oi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//aply-exodise-oi.top"; flow:to_server,established; http.header; content:"aply-exodise-oi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname bantuan-malaysia.claims.my.id"; dns.query; content:"bantuan-malaysia.claims.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bantuan\-malaysia\.claims\.my\.id$/i"; classtype:trojan-activity; sid:37340081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname bantuan-malaysia.claims.my.id"; flow:to_server,established; http.header; content: "Host|3a| bantuan-malaysia.claims.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bantuan\-malaysia\.claims\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname afurelding46-e48247.ingress-daribow.ewp.live"; dns.query; content:"afurelding46-e48247.ingress-daribow.ewp.live"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])afurelding46\-e48247\.ingress\-daribow\.ewp\.live$/i"; classtype:trojan-activity; sid:37340201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname afurelding46-e48247.ingress-daribow.ewp.live"; flow:to_server,established; http.header; content: "Host|3a| afurelding46-e48247.ingress-daribow.ewp.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])afurelding46\-e48247\.ingress\-daribow\.ewp\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37340471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname program-pengajian-islamic-brunei.com"; dns.query; content:"program-pengajian-islamic-brunei.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])program\-pengajian\-islamic\-brunei\.com$/i"; classtype:trojan-activity; sid:37340501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname program-pengajian-islamic-brunei.com"; flow:to_server,established; http.header; content: "Host|3a| program-pengajian-islamic-brunei.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])program\-pengajian\-islamic\-brunei\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//program-pengajian-islamic-brunei.com"; flow:to_server,established; http.header; content:"program-pengajian-islamic-brunei.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname postesan.com"; dns.query; content:"postesan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])postesan\.com$/i"; classtype:trojan-activity; sid:37340531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname postesan.com"; flow:to_server,established; http.header; content: "Host|3a| postesan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])postesan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//postesan.com/update"; flow:to_server,established; http.header; content:"postesan.com"; fast_pattern; nocase; http.uri; content:"/update"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname sbcglobaltmx.weebly.com"; dns.query; content:"sbcglobaltmx.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbcglobaltmx\.weebly\.com$/i"; classtype:trojan-activity; sid:37340561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname sbcglobaltmx.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| sbcglobaltmx.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbcglobaltmx\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname petal-lovely-dinghy.glitch.me"; dns.query; content:"petal-lovely-dinghy.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])petal\-lovely\-dinghy\.glitch\.me$/i"; classtype:trojan-activity; sid:37340591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname petal-lovely-dinghy.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| petal-lovely-dinghy.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])petal\-lovely\-dinghy\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//petal-lovely-dinghy.glitch.me/vay.html"; flow:to_server,established; http.header; content:"petal-lovely-dinghy.glitch.me"; fast_pattern; nocase; http.uri; content:"/vay.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname register-live-streaming-privat.newsmy.id"; dns.query; content:"register-live-streaming-privat.newsmy.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])register\-live\-streaming\-privat\.newsmy\.id$/i"; classtype:trojan-activity; sid:37340621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname register-live-streaming-privat.newsmy.id"; flow:to_server,established; http.header; content: "Host|3a| register-live-streaming-privat.newsmy.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])register\-live\-streaming\-privat\.newsmy\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname iradem-zamani-geldimir.com"; dns.query; content:"iradem-zamani-geldimir.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iradem\-zamani\-geldimir\.com$/i"; classtype:trojan-activity; sid:37340651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname iradem-zamani-geldimir.com"; flow:to_server,established; http.header; content: "Host|3a| iradem-zamani-geldimir.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iradem\-zamani\-geldimir\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//iradem-zamani-geldimir.com"; flow:to_server,established; http.header; content:"iradem-zamani-geldimir.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.rs"; dns.query; content:"instagram-login123.blogspot.rs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.rs$/i"; classtype:trojan-activity; sid:37340681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.rs"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.rs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.rs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//instagram-login123.blogspot.rs"; flow:to_server,established; http.header; content:"instagram-login123.blogspot.rs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname oenameuane-e56172.ingress-haven.ewp.live"; dns.query; content:"oenameuane-e56172.ingress-haven.ewp.live"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oenameuane\-e56172\.ingress\-haven\.ewp\.live$/i"; classtype:trojan-activity; sid:37340711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname oenameuane-e56172.ingress-haven.ewp.live"; flow:to_server,established; http.header; content: "Host|3a| oenameuane-e56172.ingress-haven.ewp.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oenameuane\-e56172\.ingress\-haven\.ewp\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.it"; dns.query; content:"instagram-login123.blogspot.it"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.it$/i"; classtype:trojan-activity; sid:37340741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.it"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//instagram-login123.blogspot.it"; flow:to_server,established; http.header; content:"instagram-login123.blogspot.it"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.in"; dns.query; content:"instagram-login123.blogspot.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.in$/i"; classtype:trojan-activity; sid:37340771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.in"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//instagram-login123.blogspot.in"; flow:to_server,established; http.header; content:"instagram-login123.blogspot.in"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.fr"; dns.query; content:"instagram-login123.blogspot.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.fr$/i"; classtype:trojan-activity; sid:37340801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.fr"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//instagram-login123.blogspot.fr"; flow:to_server,established; http.header; content:"instagram-login123.blogspot.fr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.co.uk"; dns.query; content:"instagram-login123.blogspot.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.co\.uk$/i"; classtype:trojan-activity; sid:37340831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.co.uk"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//instagram-login123.blogspot.co.uk"; flow:to_server,established; http.header; content:"instagram-login123.blogspot.co.uk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.com.ng"; dns.query; content:"instagram-login123.blogspot.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.ng$/i"; classtype:trojan-activity; sid:37340861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.com.ng"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//instagram-login123.blogspot.com.ng"; flow:to_server,established; http.header; content:"instagram-login123.blogspot.com.ng"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname joingroupssoavde8v.lanjutkann.my.id"; dns.query; content:"joingroupssoavde8v.lanjutkann.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupssoavde8v\.lanjutkann\.my\.id$/i"; classtype:trojan-activity; sid:37340891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname joingroupssoavde8v.lanjutkann.my.id"; flow:to_server,established; http.header; content: "Host|3a| joingroupssoavde8v.lanjutkann.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupssoavde8v\.lanjutkann\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.be"; dns.query; content:"instagram-login123.blogspot.be"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.be$/i"; classtype:trojan-activity; sid:37340921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.be"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.be"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.be[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//instagram-login123.blogspot.be"; flow:to_server,established; http.header; content:"instagram-login123.blogspot.be"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname home-102904.weeblysite.com"; dns.query; content:"home-102904.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-102904\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37340951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname home-102904.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| home-102904.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-102904\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//home-102904.weeblysite.com"; flow:to_server,established; http.header; content:"home-102904.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37340961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname joingroupssoavde8v.lanjutkann.my.id"; dns.query; content:"joingroupssoavde8v.lanjutkann.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupssoavde8v\.lanjutkann\.my\.id$/i"; classtype:trojan-activity; sid:37340981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname joingroupssoavde8v.lanjutkann.my.id"; flow:to_server,established; http.header; content: "Host|3a| joingroupssoavde8v.lanjutkann.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupssoavde8v\.lanjutkann\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37340982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname hexagonal-maroon-chestnut.glitch.me"; dns.query; content:"hexagonal-maroon-chestnut.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hexagonal\-maroon\-chestnut\.glitch\.me$/i"; classtype:trojan-activity; sid:37341011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname hexagonal-maroon-chestnut.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| hexagonal-maroon-chestnut.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hexagonal\-maroon\-chestnut\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//hexagonal-maroon-chestnut.glitch.me/hay.html"; flow:to_server,established; http.header; content:"hexagonal-maroon-chestnut.glitch.me"; fast_pattern; nocase; http.uri; content:"/hay.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname efficacious-intelligent-chimpanzee.glitch.me"; dns.query; content:"efficacious-intelligent-chimpanzee.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])efficacious\-intelligent\-chimpanzee\.glitch\.me$/i"; classtype:trojan-activity; sid:37341041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname efficacious-intelligent-chimpanzee.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| efficacious-intelligent-chimpanzee.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])efficacious\-intelligent\-chimpanzee\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//efficacious-intelligent-chimpanzee.glitch.me/brain.html"; flow:to_server,established; http.header; content:"efficacious-intelligent-chimpanzee.glitch.me"; fast_pattern; nocase; http.uri; content:"/brain.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname digitalparnav.blogspot.com"; dns.query; content:"digitalparnav.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])digitalparnav\.blogspot\.com$/i"; classtype:trojan-activity; sid:37341071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname digitalparnav.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| digitalparnav.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])digitalparnav\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//digitalparnav.blogspot.com/?m=1"; flow:to_server,established; http.header; content:"digitalparnav.blogspot.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname dhhairya5.github.io"; dns.query; content:"dhhairya5.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhhairya5\.github\.io$/i"; classtype:trojan-activity; sid:37341101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname dhhairya5.github.io"; flow:to_server,established; http.header; content: "Host|3a| dhhairya5.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhhairya5\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//dhhairya5.github.io/NetflixHomePage_BharatIntern"; flow:to_server,established; http.header; content:"dhhairya5.github.io"; fast_pattern; nocase; http.uri; content:"/NetflixHomePage_BharatIntern"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.sn"; dns.query; content:"instagram-login123.blogspot.sn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.sn$/i"; classtype:trojan-activity; sid:37341131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.sn"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.sn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.sn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.sk"; dns.query; content:"instagram-login123.blogspot.sk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.sk$/i"; classtype:trojan-activity; sid:37341161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.sk"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.sk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.sk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.si"; dns.query; content:"instagram-login123.blogspot.si"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.si$/i"; classtype:trojan-activity; sid:37341191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.si"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.si"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.si[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.sg"; dns.query; content:"instagram-login123.blogspot.sg"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.sg$/i"; classtype:trojan-activity; sid:37341221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.sg"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.sg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.sg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//cloudflare-ipfs.com/ipfs/bafybeibnfpazwggi3v3rxkkujia7nbr5imph2gtzvxcqfkxzwjilu3rhue"; flow:to_server,established; http.header; content:"cloudflare-ipfs.com"; fast_pattern; nocase; http.uri; content:"/ipfs/bafybeibnfpazwggi3v3rxkkujia7nbr5imph2gtzvxcqfkxzwjilu3rhue"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname closed-zealous-cloth.glitch.me"; dns.query; content:"closed-zealous-cloth.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])closed\-zealous\-cloth\.glitch\.me$/i"; classtype:trojan-activity; sid:37341281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname closed-zealous-cloth.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| closed-zealous-cloth.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])closed\-zealous\-cloth\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//closed-zealous-cloth.glitch.me/kabal.html"; flow:to_server,established; http.header; content:"closed-zealous-cloth.glitch.me"; fast_pattern; nocase; http.uri; content:"/kabal.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname chaitanya670.github.io"; dns.query; content:"chaitanya670.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chaitanya670\.github\.io$/i"; classtype:trojan-activity; sid:37341311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname chaitanya670.github.io"; flow:to_server,established; http.header; content: "Host|3a| chaitanya670.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chaitanya670\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//chaitanya670.github.io/Netflix"; flow:to_server,established; http.header; content:"chaitanya670.github.io"; fast_pattern; nocase; http.uri; content:"/Netflix"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.no"; dns.query; content:"instagram-login123.blogspot.no"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.no$/i"; classtype:trojan-activity; sid:37341341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.no"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.no"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.no[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.nl"; dns.query; content:"instagram-login123.blogspot.nl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.nl$/i"; classtype:trojan-activity; sid:37341371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.nl"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.nl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.nl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname case-support-account-restricted.netlify.app"; dns.query; content:"case-support-account-restricted.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])case\-support\-account\-restricted\.netlify\.app$/i"; classtype:trojan-activity; sid:37341401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname case-support-account-restricted.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| case-support-account-restricted.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])case\-support\-account\-restricted\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//case-support-account-restricted.netlify.app"; flow:to_server,established; http.header; content:"case-support-account-restricted.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.my"; dns.query; content:"instagram-login123.blogspot.my"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.my$/i"; classtype:trojan-activity; sid:37341431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.my"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.my"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.my[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.md"; dns.query; content:"instagram-login123.blogspot.md"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.md$/i"; classtype:trojan-activity; sid:37341461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.md"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.md"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.md[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.mk"; dns.query; content:"instagram-login123.blogspot.mk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.mk$/i"; classtype:trojan-activity; sid:37341491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.mk"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.mk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.mk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname bit-of-sraddha.github.io"; dns.query; content:"bit-of-sraddha.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bit\-of\-sraddha\.github\.io$/i"; classtype:trojan-activity; sid:37341521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname bit-of-sraddha.github.io"; flow:to_server,established; http.header; content: "Host|3a| bit-of-sraddha.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bit\-of\-sraddha\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//bit-of-sraddha.github.io/netflix-clone"; flow:to_server,established; http.header; content:"bit-of-sraddha.github.io"; fast_pattern; nocase; http.uri; content:"/netflix-clone"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.lu"; dns.query; content:"instagram-login123.blogspot.lu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.lu$/i"; classtype:trojan-activity; sid:37341551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.lu"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.lu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.lu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.lt"; dns.query; content:"instagram-login123.blogspot.lt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.lt$/i"; classtype:trojan-activity; sid:37341581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.lt"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.lt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.lt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.li"; dns.query; content:"instagram-login123.blogspot.li"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.li$/i"; classtype:trojan-activity; sid:37341611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.li"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.li"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.li[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.kr"; dns.query; content:"instagram-login123.blogspot.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.kr$/i"; classtype:trojan-activity; sid:37341641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.kr"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.is"; dns.query; content:"instagram-login123.blogspot.is"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.is$/i"; classtype:trojan-activity; sid:37341671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.is"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.is"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.is[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname atharvpandey981.github.io"; dns.query; content:"atharvpandey981.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])atharvpandey981\.github\.io$/i"; classtype:trojan-activity; sid:37341701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname atharvpandey981.github.io"; flow:to_server,established; http.header; content: "Host|3a| atharvpandey981.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])atharvpandey981\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//atharvpandey981.github.io/NETFLIX-HOMEPAGE-CLONE"; flow:to_server,established; http.header; content:"atharvpandey981.github.io"; fast_pattern; nocase; http.uri; content:"/NETFLIX-HOMEPAGE-CLONE"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname anleitung-unterstutzung-konto.netlify.app"; dns.query; content:"anleitung-unterstutzung-konto.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anleitung\-unterstutzung\-konto\.netlify\.app$/i"; classtype:trojan-activity; sid:37341731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname anleitung-unterstutzung-konto.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| anleitung-unterstutzung-konto.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])anleitung\-unterstutzung\-konto\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//anleitung-unterstutzung-konto.netlify.app"; flow:to_server,established; http.header; content:"anleitung-unterstutzung-konto.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.gr"; dns.query; content:"instagram-login123.blogspot.gr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.gr$/i"; classtype:trojan-activity; sid:37341761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.gr"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.gr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.gr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname alluring-infrequent-heart.glitch.me"; dns.query; content:"alluring-infrequent-heart.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alluring\-infrequent\-heart\.glitch\.me$/i"; classtype:trojan-activity; sid:37341791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname alluring-infrequent-heart.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| alluring-infrequent-heart.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alluring\-infrequent\-heart\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//alluring-infrequent-heart.glitch.me/jazz.html"; flow:to_server,established; http.header; content:"alluring-infrequent-heart.glitch.me"; fast_pattern; nocase; http.uri; content:"/jazz.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37341801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.fi"; dns.query; content:"instagram-login123.blogspot.fi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.fi$/i"; classtype:trojan-activity; sid:37341821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.fi"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.fi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.fi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.dk"; dns.query; content:"instagram-login123.blogspot.dk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.dk$/i"; classtype:trojan-activity; sid:37341851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.dk"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.dk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.dk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.cz"; dns.query; content:"instagram-login123.blogspot.cz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.cz$/i"; classtype:trojan-activity; sid:37341881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.cz"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.cz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.cz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.co.za"; dns.query; content:"instagram-login123.blogspot.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.co\.za$/i"; classtype:trojan-activity; sid:37341911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.co.za"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.co.nz"; dns.query; content:"instagram-login123.blogspot.co.nz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.co\.nz$/i"; classtype:trojan-activity; sid:37341941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.co.nz"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.co.nz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.co\.nz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname yellow-recipe-c615.wl5n4b9b.workers.dev"; dns.query; content:"yellow-recipe-c615.wl5n4b9b.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yellow\-recipe\-c615\.wl5n4b9b\.workers\.dev$/i"; classtype:trojan-activity; sid:37341971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname yellow-recipe-c615.wl5n4b9b.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| yellow-recipe-c615.wl5n4b9b.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yellow\-recipe\-c615\.wl5n4b9b\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37341972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.com.uy"; dns.query; content:"instagram-login123.blogspot.com.uy"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.uy$/i"; classtype:trojan-activity; sid:37342001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.com.uy"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.com.uy"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.uy[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37342031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.com.mt"; dns.query; content:"instagram-login123.blogspot.com.mt"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.mt$/i"; classtype:trojan-activity; sid:37342061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.com.mt"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.com.mt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.mt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.com.tr"; dns.query; content:"instagram-login123.blogspot.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.tr$/i"; classtype:trojan-activity; sid:37342091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.com.tr"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.com.eg"; dns.query; content:"instagram-login123.blogspot.com.eg"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.eg$/i"; classtype:trojan-activity; sid:37342121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.com.eg"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.com.eg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.eg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.com"; dns.query; content:"instagram-login123.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com$/i"; classtype:trojan-activity; sid:37342151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.com.ee"; dns.query; content:"instagram-login123.blogspot.com.ee"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.ee$/i"; classtype:trojan-activity; sid:37342181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.com.ee"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.com.ee"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.ee[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.co.ke"; dns.query; content:"instagram-login123.blogspot.co.ke"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.co\.ke$/i"; classtype:trojan-activity; sid:37342211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.co.ke"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.co.ke"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.co\.ke[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.com.co"; dns.query; content:"instagram-login123.blogspot.com.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.co$/i"; classtype:trojan-activity; sid:37342241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.com.co"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.com.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.com.ar"; dns.query; content:"instagram-login123.blogspot.com.ar"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.ar$/i"; classtype:trojan-activity; sid:37342271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.com.ar"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.com.ar"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.ar[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.com.br"; dns.query; content:"instagram-login123.blogspot.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.br$/i"; classtype:trojan-activity; sid:37342301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.com.br"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname instagram-login123.blogspot.com.cy"; dns.query; content:"instagram-login123.blogspot.com.cy"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.cy$/i"; classtype:trojan-activity; sid:37342331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname instagram-login123.blogspot.com.cy"; flow:to_server,established; http.header; content: "Host|3a| instagram-login123.blogspot.com.cy"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-login123\.blogspot\.com\.cy[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname pub-47f4fe3f7f294eae9bbe42c346a2e63a.r2.dev"; dns.query; content:"pub-47f4fe3f7f294eae9bbe42c346a2e63a.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-47f4fe3f7f294eae9bbe42c346a2e63a\.r2\.dev$/i"; classtype:trojan-activity; sid:37342361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname pub-47f4fe3f7f294eae9bbe42c346a2e63a.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-47f4fe3f7f294eae9bbe42c346a2e63a.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-47f4fe3f7f294eae9bbe42c346a2e63a\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//pub-47f4fe3f7f294eae9bbe42c346a2e63a.r2.dev/hh.html"; flow:to_server,established; http.header; content:"pub-47f4fe3f7f294eae9bbe42c346a2e63a.r2.dev"; fast_pattern; nocase; http.uri; content:"/hh.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37342371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname netfimarketing.com"; dns.query; content:"netfimarketing.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netfimarketing\.com$/i"; classtype:trojan-activity; sid:37342391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname netfimarketing.com"; flow:to_server,established; http.header; content: "Host|3a| netfimarketing.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netfimarketing\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname shareholds.com"; dns.query; content:"shareholds.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shareholds\.com$/i"; classtype:trojan-activity; sid:37342421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname shareholds.com"; flow:to_server,established; http.header; content: "Host|3a| shareholds.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shareholds\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname telegramchina.live"; dns.query; content:"telegramchina.live"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramchina\.live$/i"; classtype:trojan-activity; sid:37342451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname telegramchina.live"; flow:to_server,established; http.header; content: "Host|3a| telegramchina.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramchina\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname klubbgeld.com"; dns.query; content:"klubbgeld.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klubbgeld\.com$/i"; classtype:trojan-activity; sid:37342481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname klubbgeld.com"; flow:to_server,established; http.header; content: "Host|3a| klubbgeld.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])klubbgeld\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname joinxpremium.my.id"; dns.query; content:"joinxpremium.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joinxpremium\.my\.id$/i"; classtype:trojan-activity; sid:37342511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname joinxpremium.my.id"; flow:to_server,established; http.header; content: "Host|3a| joinxpremium.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joinxpremium\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//joinxpremium.my.id/main.php"; flow:to_server,established; http.header; content:"joinxpremium.my.id"; fast_pattern; nocase; http.uri; content:"/main.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37342521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname open-rekrutmen-freelance-2024.iform5.my.id"; dns.query; content:"open-rekrutmen-freelance-2024.iform5.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])open\-rekrutmen\-freelance\-2024\.iform5\.my\.id$/i"; classtype:trojan-activity; sid:37342541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname open-rekrutmen-freelance-2024.iform5.my.id"; flow:to_server,established; http.header; content: "Host|3a| open-rekrutmen-freelance-2024.iform5.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])open\-rekrutmen\-freelance\-2024\.iform5\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname aidanochka-tabys.kz"; dns.query; content:"aidanochka-tabys.kz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aidanochka\-tabys\.kz$/i"; classtype:trojan-activity; sid:37342571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname aidanochka-tabys.kz"; flow:to_server,established; http.header; content: "Host|3a| aidanochka-tabys.kz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aidanochka\-tabys\.kz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname snrise1.weebly.com"; dns.query; content:"snrise1.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snrise1\.weebly\.com$/i"; classtype:trojan-activity; sid:37342661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname snrise1.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| snrise1.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snrise1\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname iadelercepteonlinebasvuruislem.app"; dns.query; content:"iadelercepteonlinebasvuruislem.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iadelercepteonlinebasvuruislem\.app$/i"; classtype:trojan-activity; sid:37342721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname iadelercepteonlinebasvuruislem.app"; flow:to_server,established; http.header; content: "Host|3a| iadelercepteonlinebasvuruislem.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iadelercepteonlinebasvuruislem\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//iadelercepteonlinebasvuruislem.app"; flow:to_server,established; http.header; content:"iadelercepteonlinebasvuruislem.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37342731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname polaksokio.hrsphr.com"; dns.query; content:"polaksokio.hrsphr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])polaksokio\.hrsphr\.com$/i"; classtype:trojan-activity; sid:37342751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname polaksokio.hrsphr.com"; flow:to_server,established; http.header; content: "Host|3a| polaksokio.hrsphr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])polaksokio\.hrsphr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//polaksokio.hrsphr.com/"; flow:to_server,established; http.header; content:"polaksokio.hrsphr.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37342761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname syncdapps-io.pages.dev"; dns.query; content:"syncdapps-io.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])syncdapps\-io\.pages\.dev$/i"; classtype:trojan-activity; sid:37342781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname syncdapps-io.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| syncdapps-io.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])syncdapps\-io\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//syncdapps-io.pages.dev"; flow:to_server,established; http.header; content:"syncdapps-io.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37342791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname fixchainlive.pages.dev"; dns.query; content:"fixchainlive.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fixchainlive\.pages\.dev$/i"; classtype:trojan-activity; sid:37342811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname fixchainlive.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fixchainlive.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fixchainlive\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//fixchainlive.pages.dev"; flow:to_server,established; http.header; content:"fixchainlive.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37342821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname s1.legaldistoy.com"; dns.query; content:"s1.legaldistoy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.legaldistoy\.com$/i"; classtype:trojan-activity; sid:37342841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname s1.legaldistoy.com"; flow:to_server,established; http.header; content: "Host|3a| s1.legaldistoy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.legaldistoy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname s1.fiskalbrodiss.com"; dns.query; content:"s1.fiskalbrodiss.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.fiskalbrodiss\.com$/i"; classtype:trojan-activity; sid:37342871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname s1.fiskalbrodiss.com"; flow:to_server,established; http.header; content: "Host|3a| s1.fiskalbrodiss.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.fiskalbrodiss\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname goodman.pages.dev"; dns.query; content:"goodman.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])goodman\.pages\.dev$/i"; classtype:trojan-activity; sid:37342901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname goodman.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| goodman.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])goodman\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//goodman.pages.dev"; flow:to_server,established; http.header; content:"goodman.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37342911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenipocket.com"; dns.query; content:"tokenipocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenipocket\.com$/i"; classtype:trojan-activity; sid:37342931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenipocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenipocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenipocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tokenipocket.com/"; flow:to_server,established; http.header; content:"tokenipocket.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37342941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenpockell.com"; dns.query; content:"tokenpockell.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpockell\.com$/i"; classtype:trojan-activity; sid:37342961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenpockell.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpockell.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpockell\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenpnckot.com"; dns.query; content:"tokenpnckot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpnckot\.com$/i"; classtype:trojan-activity; sid:37342991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenpnckot.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpnckot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpnckot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37342992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenmpocket.com"; dns.query; content:"tokenmpocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenmpocket\.com$/i"; classtype:trojan-activity; sid:37343021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenmpocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenmpocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenmpocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tokenmpocket.com/"; flow:to_server,established; http.header; content:"tokenmpocket.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenpacknt.com"; dns.query; content:"tokenpacknt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpacknt\.com$/i"; classtype:trojan-activity; sid:37343051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenpacknt.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpacknt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpacknt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenfpocket.com"; dns.query; content:"tokenfpocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenfpocket\.com$/i"; classtype:trojan-activity; sid:37343081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenfpocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenfpocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenfpocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tokenfpocket.com/"; flow:to_server,established; http.header; content:"tokenfpocket.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenpeocket.com"; dns.query; content:"tokenpeocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpeocket\.com$/i"; classtype:trojan-activity; sid:37343111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenpeocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpeocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpeocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenhpocket.com"; dns.query; content:"tokenhpocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenhpocket\.com$/i"; classtype:trojan-activity; sid:37343141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenhpocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenhpocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenhpocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tokenhpocket.com/"; flow:to_server,established; http.header; content:"tokenhpocket.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenppocket.com"; dns.query; content:"tokenppocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenppocket\.com$/i"; classtype:trojan-activity; sid:37343171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenppocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenppocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenppocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tokenppocket.com/"; flow:to_server,established; http.header; content:"tokenppocket.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenbpocket.com"; dns.query; content:"tokenbpocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenbpocket\.com$/i"; classtype:trojan-activity; sid:37343201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenbpocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenbpocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenbpocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tokenbpocket.com/"; flow:to_server,established; http.header; content:"tokenbpocket.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenkpocket.com"; dns.query; content:"tokenkpocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenkpocket\.com$/i"; classtype:trojan-activity; sid:37343231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenkpocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenkpocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenkpocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tokenkpocket.com/"; flow:to_server,established; http.header; content:"tokenkpocket.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname elige-que-mujeres-quieres.pages.dev"; dns.query; content:"elige-que-mujeres-quieres.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])elige\-que\-mujeres\-quieres\.pages\.dev$/i"; classtype:trojan-activity; sid:37343261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname elige-que-mujeres-quieres.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| elige-que-mujeres-quieres.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])elige\-que\-mujeres\-quieres\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//elige-que-mujeres-quieres.pages.dev"; flow:to_server,established; http.header; content:"elige-que-mujeres-quieres.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenpocket-tpke.com"; dns.query; content:"tokenpocket-tpke.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpke\.com$/i"; classtype:trojan-activity; sid:37343291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenpocket-tpke.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpocket-tpke.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpke\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenpocket-tpoe.com"; dns.query; content:"tokenpocket-tpoe.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpoe\.com$/i"; classtype:trojan-activity; sid:37343321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenpocket-tpoe.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpocket-tpoe.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpoe\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenxpocket.com"; dns.query; content:"tokenxpocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenxpocket\.com$/i"; classtype:trojan-activity; sid:37343351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenxpocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenxpocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenxpocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tokenxpocket.com/"; flow:to_server,established; http.header; content:"tokenxpocket.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tinyurl.com/mryx55zj"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/mryx55zj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname pub-646a3b0115b3455984476e4cbe8207c2.r2.dev"; dns.query; content:"pub-646a3b0115b3455984476e4cbe8207c2.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-646a3b0115b3455984476e4cbe8207c2\.r2\.dev$/i"; classtype:trojan-activity; sid:37343441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname pub-646a3b0115b3455984476e4cbe8207c2.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-646a3b0115b3455984476e4cbe8207c2.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-646a3b0115b3455984476e4cbe8207c2\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname pub-4336695deae64820af8ea2eee84027df.r2.dev"; dns.query; content:"pub-4336695deae64820af8ea2eee84027df.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-4336695deae64820af8ea2eee84027df\.r2\.dev$/i"; classtype:trojan-activity; sid:37343471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname pub-4336695deae64820af8ea2eee84027df.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-4336695deae64820af8ea2eee84027df.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-4336695deae64820af8ea2eee84027df\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//pub-4336695deae64820af8ea2eee84027df.r2.dev/index.html"; flow:to_server,established; http.header; content:"pub-4336695deae64820af8ea2eee84027df.r2.dev"; fast_pattern; nocase; http.uri; content:"/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname makanaa.pages.dev"; dns.query; content:"makanaa.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])makanaa\.pages\.dev$/i"; classtype:trojan-activity; sid:37343501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname makanaa.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| makanaa.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])makanaa\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//makanaa.pages.dev/"; flow:to_server,established; http.header; content:"makanaa.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname ex.tokenpokce.com"; dns.query; content:"ex.tokenpokce.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ex\.tokenpokce\.com$/i"; classtype:trojan-activity; sid:37343531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname ex.tokenpokce.com"; flow:to_server,established; http.header; content: "Host|3a| ex.tokenpokce.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ex\.tokenpokce\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenjpocket.com"; dns.query; content:"tokenjpocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenjpocket\.com$/i"; classtype:trojan-activity; sid:37343561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenjpocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenjpocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenjpocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tokenjpocket.com/"; flow:to_server,established; http.header; content:"tokenjpocket.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname arabbasiastarizz.pages.dev"; dns.query; content:"arabbasiastarizz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arabbasiastarizz\.pages\.dev$/i"; classtype:trojan-activity; sid:37343591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname arabbasiastarizz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| arabbasiastarizz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arabbasiastarizz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//arabbasiastarizz.pages.dev"; flow:to_server,established; http.header; content:"arabbasiastarizz.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenp0kczt.com"; dns.query; content:"tokenp0kczt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0kczt\.com$/i"; classtype:trojan-activity; sid:37343621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenp0kczt.com"; flow:to_server,established; http.header; content: "Host|3a| tokenp0kczt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0kczt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokendpocket.com"; dns.query; content:"tokendpocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokendpocket\.com$/i"; classtype:trojan-activity; sid:37343651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokendpocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokendpocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokendpocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tokendpocket.com/"; flow:to_server,established; http.header; content:"tokendpocket.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname oo9iwtfcn99uo-1324239560.cos.ap-bangkok.myqcloud.com"; dns.query; content:"oo9iwtfcn99uo-1324239560.cos.ap-bangkok.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oo9iwtfcn99uo\-1324239560\.cos\.ap\-bangkok\.myqcloud\.com$/i"; classtype:trojan-activity; sid:37343681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname oo9iwtfcn99uo-1324239560.cos.ap-bangkok.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| oo9iwtfcn99uo-1324239560.cos.ap-bangkok.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oo9iwtfcn99uo\-1324239560\.cos\.ap\-bangkok\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenupocket.com"; dns.query; content:"tokenupocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenupocket\.com$/i"; classtype:trojan-activity; sid:37343711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenupocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenupocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenupocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//tokenupocket.com/"; flow:to_server,established; http.header; content:"tokenupocket.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37343721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname clubmillion.site.ytwwrntym.com"; dns.query; content:"clubmillion.site.ytwwrntym.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clubmillion\.site\.ytwwrntym\.com$/i"; classtype:trojan-activity; sid:37343741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname clubmillion.site.ytwwrntym.com"; flow:to_server,established; http.header; content: "Host|3a| clubmillion.site.ytwwrntym.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clubmillion\.site\.ytwwrntym\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tgadminuser.webapt.top"; dns.query; content:"tgadminuser.webapt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webapt\.top$/i"; classtype:trojan-activity; sid:37343771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tgadminuser.webapt.top"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.webapt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webapt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname url.datamart.co.kr"; dns.query; content:"url.datamart.co.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])url\.datamart\.co\.kr$/i"; classtype:trojan-activity; sid:37343801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname url.datamart.co.kr"; flow:to_server,established; http.header; content: "Host|3a| url.datamart.co.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])url\.datamart\.co\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname autoescolaantunes.com.br"; dns.query; content:"autoescolaantunes.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autoescolaantunes\.com\.br$/i"; classtype:trojan-activity; sid:37343831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname autoescolaantunes.com.br"; flow:to_server,established; http.header; content: "Host|3a| autoescolaantunes.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autoescolaantunes\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname infosrelation001.wixsite.com"; dns.query; content:"infosrelation001.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])infosrelation001\.wixsite\.com$/i"; classtype:trojan-activity; sid:37343861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname infosrelation001.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| infosrelation001.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])infosrelation001\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tokenpeckot.com"; dns.query; content:"tokenpeckot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpeckot\.com$/i"; classtype:trojan-activity; sid:37343891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tokenpeckot.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpeckot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpeckot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname xjh.sfw.mybluehost.me"; dns.query; content:"xjh.sfw.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xjh\.sfw\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37343921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname xjh.sfw.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| xjh.sfw.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xjh\.sfw\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname playgirlgold.com"; dns.query; content:"playgirlgold.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])playgirlgold\.com$/i"; classtype:trojan-activity; sid:37343951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname playgirlgold.com"; flow:to_server,established; http.header; content: "Host|3a| playgirlgold.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])playgirlgold\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37343952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname swissoasspchcom465.web.app"; dns.query; content:"swissoasspchcom465.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swissoasspchcom465\.web\.app$/i"; classtype:trojan-activity; sid:37344011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname swissoasspchcom465.web.app"; flow:to_server,established; http.header; content: "Host|3a| swissoasspchcom465.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swissoasspchcom465\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname wpw.xvx.mybluehost.me"; dns.query; content:"wpw.xvx.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wpw\.xvx\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37344041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname wpw.xvx.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| wpw.xvx.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wpw\.xvx\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname swisspasschpbjectives.web.app"; dns.query; content:"swisspasschpbjectives.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspasschpbjectives\.web\.app$/i"; classtype:trojan-activity; sid:37344071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname swisspasschpbjectives.web.app"; flow:to_server,established; http.header; content: "Host|3a| swisspasschpbjectives.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspasschpbjectives\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname s1.gtlikblalatbki.com"; dns.query; content:"s1.gtlikblalatbki.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.gtlikblalatbki\.com$/i"; classtype:trojan-activity; sid:37344101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname s1.gtlikblalatbki.com"; flow:to_server,established; http.header; content: "Host|3a| s1.gtlikblalatbki.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.gtlikblalatbki\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname smartchoice-int.com"; dns.query; content:"smartchoice-int.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smartchoice\-int\.com$/i"; classtype:trojan-activity; sid:37344131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname smartchoice-int.com"; flow:to_server,established; http.header; content: "Host|3a| smartchoice-int.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smartchoice\-int\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname smartchoice-int.com"; dns.query; content:"smartchoice-int.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smartchoice\-int\.com$/i"; classtype:trojan-activity; sid:37344161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname smartchoice-int.com"; flow:to_server,established; http.header; content: "Host|3a| smartchoice-int.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smartchoice\-int\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname pub-62151b6ea63b48fd8aede30a0de6256a.r2.dev"; dns.query; content:"pub-62151b6ea63b48fd8aede30a0de6256a.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-62151b6ea63b48fd8aede30a0de6256a\.r2\.dev$/i"; classtype:trojan-activity; sid:37344191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname pub-62151b6ea63b48fd8aede30a0de6256a.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-62151b6ea63b48fd8aede30a0de6256a.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-62151b6ea63b48fd8aede30a0de6256a\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname smartchoice-int.com"; dns.query; content:"smartchoice-int.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smartchoice\-int\.com$/i"; classtype:trojan-activity; sid:37344221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname smartchoice-int.com"; flow:to_server,established; http.header; content: "Host|3a| smartchoice-int.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])smartchoice\-int\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname url4e.com"; dns.query; content:"url4e.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])url4e\.com$/i"; classtype:trojan-activity; sid:37344251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname url4e.com"; flow:to_server,established; http.header; content: "Host|3a| url4e.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])url4e\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname t.salesmatemail12.com"; dns.query; content:"t.salesmatemail12.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t\.salesmatemail12\.com$/i"; classtype:trojan-activity; sid:37344281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname t.salesmatemail12.com"; flow:to_server,established; http.header; content: "Host|3a| t.salesmatemail12.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t\.salesmatemail12\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//t.salesmatemail12.com/email/v1/track?key=60dd9657-ee14-47d5-a115-b7108392d607"; flow:to_server,established; http.header; content:"t.salesmatemail12.com"; fast_pattern; nocase; http.uri; content:"/email/v1/track"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37344291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname userdimn.ecomailapp.cz"; dns.query; content:"userdimn.ecomailapp.cz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])userdimn\.ecomailapp\.cz$/i"; classtype:trojan-activity; sid:37344311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname userdimn.ecomailapp.cz"; flow:to_server,established; http.header; content: "Host|3a| userdimn.ecomailapp.cz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])userdimn\.ecomailapp\.cz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname udertinmedad.krtra.com"; dns.query; content:"udertinmedad.krtra.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])udertinmedad\.krtra\.com$/i"; classtype:trojan-activity; sid:37344341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname udertinmedad.krtra.com"; flow:to_server,established; http.header; content: "Host|3a| udertinmedad.krtra.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])udertinmedad\.krtra\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname lzpz.rqa-b.my.id"; dns.query; content:"lzpz.rqa-b.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lzpz\.rqa\-b\.my\.id$/i"; classtype:trojan-activity; sid:37344371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname lzpz.rqa-b.my.id"; flow:to_server,established; http.header; content: "Host|3a| lzpz.rqa-b.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lzpz\.rqa\-b\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//lzpz.rqa-b.my.id"; flow:to_server,established; http.header; content:"lzpz.rqa-b.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37344381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname id-login.hubside.fr"; dns.query; content:"id-login.hubside.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])id\-login\.hubside\.fr$/i"; classtype:trojan-activity; sid:37344401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname id-login.hubside.fr"; flow:to_server,established; http.header; content: "Host|3a| id-login.hubside.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])id\-login\.hubside\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname joinbox.today"; dns.query; content:"joinbox.today"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joinbox\.today$/i"; classtype:trojan-activity; sid:37344431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname joinbox.today"; flow:to_server,established; http.header; content: "Host|3a| joinbox.today"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joinbox\.today[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname essageriepro3-pro-logins.tempurl.host"; dns.query; content:"essageriepro3-pro-logins.tempurl.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])essageriepro3\-pro\-logins\.tempurl\.host$/i"; classtype:trojan-activity; sid:37344461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname essageriepro3-pro-logins.tempurl.host"; flow:to_server,established; http.header; content: "Host|3a| essageriepro3-pro-logins.tempurl.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])essageriepro3\-pro\-logins\.tempurl\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname essageriepro3-pro-logins.tempurl.host"; dns.query; content:"essageriepro3-pro-logins.tempurl.host"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])essageriepro3\-pro\-logins\.tempurl\.host$/i"; classtype:trojan-activity; sid:37344491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname essageriepro3-pro-logins.tempurl.host"; flow:to_server,established; http.header; content: "Host|3a| essageriepro3-pro-logins.tempurl.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])essageriepro3\-pro\-logins\.tempurl\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname s1.kifdarmaldomsi.com"; dns.query; content:"s1.kifdarmaldomsi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.kifdarmaldomsi\.com$/i"; classtype:trojan-activity; sid:37344521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname s1.kifdarmaldomsi.com"; flow:to_server,established; http.header; content: "Host|3a| s1.kifdarmaldomsi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])s1\.kifdarmaldomsi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname bonecrushingsambrial.com"; dns.query; content:"bonecrushingsambrial.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bonecrushingsambrial\.com$/i"; classtype:trojan-activity; sid:37344581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname bonecrushingsambrial.com"; flow:to_server,established; http.header; content: "Host|3a| bonecrushingsambrial.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bonecrushingsambrial\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cs08782.tw1.ru"; dns.query; content:"cs08782.tw1.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cs08782\.tw1\.ru$/i"; classtype:trojan-activity; sid:37344611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cs08782.tw1.ru"; flow:to_server,established; http.header; content: "Host|3a| cs08782.tw1.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cs08782\.tw1\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//cs08782.tw1.ru/login/ologin.php"; flow:to_server,established; http.header; content:"cs08782.tw1.ru"; fast_pattern; nocase; http.uri; content:"/login/ologin.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37344621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cq07179.tw1.ru"; dns.query; content:"cq07179.tw1.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cq07179\.tw1\.ru$/i"; classtype:trojan-activity; sid:37344641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cq07179.tw1.ru"; flow:to_server,established; http.header; content: "Host|3a| cq07179.tw1.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cq07179\.tw1\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//cq07179.tw1.ru/login/ologin.php"; flow:to_server,established; http.header; content:"cq07179.tw1.ru"; fast_pattern; nocase; http.uri; content:"/login/ologin.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37344651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname mailidorange.weebly.com"; dns.query; content:"mailidorange.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailidorange\.weebly\.com$/i"; classtype:trojan-activity; sid:37344701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname mailidorange.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| mailidorange.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailidorange\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname teramais.com.br"; dns.query; content:"teramais.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teramais\.com\.br$/i"; classtype:trojan-activity; sid:37344731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname teramais.com.br"; flow:to_server,established; http.header; content: "Host|3a| teramais.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teramais\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname sharepoint-engelundvoelkers.de"; dns.query; content:"sharepoint-engelundvoelkers.de"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharepoint\-engelundvoelkers\.de$/i"; classtype:trojan-activity; sid:37344761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname sharepoint-engelundvoelkers.de"; flow:to_server,established; http.header; content: "Host|3a| sharepoint-engelundvoelkers.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sharepoint\-engelundvoelkers\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname infoconsold-paypal-de-jmldod45920588.codeanyapp.com"; dns.query; content:"infoconsold-paypal-de-jmldod45920588.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])infoconsold\-paypal\-de\-jmldod45920588\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37344791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname infoconsold-paypal-de-jmldod45920588.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| infoconsold-paypal-de-jmldod45920588.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])infoconsold\-paypal\-de\-jmldod45920588\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname firrifm.com"; dns.query; content:"firrifm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])firrifm\.com$/i"; classtype:trojan-activity; sid:37344821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname firrifm.com"; flow:to_server,established; http.header; content: "Host|3a| firrifm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])firrifm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname torinonews24.it"; dns.query; content:"torinonews24.it"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])torinonews24\.it$/i"; classtype:trojan-activity; sid:37344851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname torinonews24.it"; flow:to_server,established; http.header; content: "Host|3a| torinonews24.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])torinonews24\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname oticasmart.com"; dns.query; content:"oticasmart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oticasmart\.com$/i"; classtype:trojan-activity; sid:37344881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname oticasmart.com"; flow:to_server,established; http.header; content: "Host|3a| oticasmart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oticasmart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname jetvacpressurecleaning.com.au"; dns.query; content:"jetvacpressurecleaning.com.au"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jetvacpressurecleaning\.com\.au$/i"; classtype:trojan-activity; sid:37344911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname jetvacpressurecleaning.com.au"; flow:to_server,established; http.header; content: "Host|3a| jetvacpressurecleaning.com.au"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jetvacpressurecleaning\.com\.au[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname amkor-atm.com"; dns.query; content:"amkor-atm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])amkor\-atm\.com$/i"; classtype:trojan-activity; sid:37344941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname amkor-atm.com"; flow:to_server,established; http.header; content: "Host|3a| amkor-atm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])amkor\-atm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname server1163033.netart.com"; dns.query; content:"server1163033.netart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1163033\.netart\.com$/i"; classtype:trojan-activity; sid:37344971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname server1163033.netart.com"; flow:to_server,established; http.header; content: "Host|3a| server1163033.netart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])server1163033\.netart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37344972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname thewellnessplus.com"; dns.query; content:"thewellnessplus.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thewellnessplus\.com$/i"; classtype:trojan-activity; sid:37345001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname thewellnessplus.com"; flow:to_server,established; http.header; content: "Host|3a| thewellnessplus.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thewellnessplus\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//thewellnessplus.com/en/"; flow:to_server,established; http.header; content:"thewellnessplus.com"; fast_pattern; nocase; http.uri; content:"/en/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname snrise2.weebly.com"; dns.query; content:"snrise2.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snrise2\.weebly\.com$/i"; classtype:trojan-activity; sid:37345031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname snrise2.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| snrise2.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snrise2\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname addmecloud.com"; dns.query; content:"addmecloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])addmecloud\.com$/i"; classtype:trojan-activity; sid:37345061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname addmecloud.com"; flow:to_server,established; http.header; content: "Host|3a| addmecloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])addmecloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname swisspassonline.web.app"; dns.query; content:"swisspassonline.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspassonline\.web\.app$/i"; classtype:trojan-activity; sid:37345091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname swisspassonline.web.app"; flow:to_server,established; http.header; content: "Host|3a| swisspassonline.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swisspassonline\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname galeriacenter47.com.br"; dns.query; content:"galeriacenter47.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])galeriacenter47\.com\.br$/i"; classtype:trojan-activity; sid:37345121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname galeriacenter47.com.br"; flow:to_server,established; http.header; content: "Host|3a| galeriacenter47.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])galeriacenter47\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname apptuts.bio"; dns.query; content:"apptuts.bio"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apptuts\.bio$/i"; classtype:trojan-activity; sid:37345151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname apptuts.bio"; flow:to_server,established; http.header; content: "Host|3a| apptuts.bio"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apptuts\.bio[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname ups-tracking.world"; dns.query; content:"ups-tracking.world"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ups\-tracking\.world$/i"; classtype:trojan-activity; sid:37345211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname ups-tracking.world"; flow:to_server,established; http.header; content: "Host|3a| ups-tracking.world"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ups\-tracking\.world[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//ups-tracking.world"; flow:to_server,established; http.header; content:"ups-tracking.world"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname whasd.vip"; dns.query; content:"whasd.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whasd\.vip$/i"; classtype:trojan-activity; sid:37345241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname whasd.vip"; flow:to_server,established; http.header; content: "Host|3a| whasd.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whasd\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//whasd.vip"; flow:to_server,established; http.header; content:"whasd.vip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname yeniy57.top"; dns.query; content:"yeniy57.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy57\.top$/i"; classtype:trojan-activity; sid:37345271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname yeniy57.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy57.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy57\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//yeniy57.top"; flow:to_server,established; http.header; content:"yeniy57.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname yeniy56.top"; dns.query; content:"yeniy56.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy56\.top$/i"; classtype:trojan-activity; sid:37345301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname yeniy56.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy56.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy56\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//yeniy56.top"; flow:to_server,established; http.header; content:"yeniy56.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname yeniy55.top"; dns.query; content:"yeniy55.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy55\.top$/i"; classtype:trojan-activity; sid:37345331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname yeniy55.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy55.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy55\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//yeniy55.top"; flow:to_server,established; http.header; content:"yeniy55.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname usps-help.life"; dns.query; content:"usps-help.life"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-help\.life$/i"; classtype:trojan-activity; sid:37345361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname usps-help.life"; flow:to_server,established; http.header; content: "Host|3a| usps-help.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\-help\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//usps-help.life"; flow:to_server,established; http.header; content:"usps-help.life"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname forms.aweber.com"; dns.query; content:"forms.aweber.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])forms\.aweber\.com$/i"; classtype:trojan-activity; sid:37345391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname forms.aweber.com"; flow:to_server,established; http.header; content: "Host|3a| forms.aweber.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])forms\.aweber\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname djoskenzy99.000webhostapp.com"; dns.query; content:"djoskenzy99.000webhostapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djoskenzy99\.000webhostapp\.com$/i"; classtype:trojan-activity; sid:37345421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname djoskenzy99.000webhostapp.com"; flow:to_server,established; http.header; content: "Host|3a| djoskenzy99.000webhostapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djoskenzy99\.000webhostapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname pekersemihtr8.com"; dns.query; content:"pekersemihtr8.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pekersemihtr8\.com$/i"; classtype:trojan-activity; sid:37345451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname pekersemihtr8.com"; flow:to_server,established; http.header; content: "Host|3a| pekersemihtr8.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pekersemihtr8\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//pekersemihtr8.com"; flow:to_server,established; http.header; content:"pekersemihtr8.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname yeniy54.top"; dns.query; content:"yeniy54.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy54\.top$/i"; classtype:trojan-activity; sid:37345481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname yeniy54.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy54.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy54\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//yeniy54.top"; flow:to_server,established; http.header; content:"yeniy54.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname yeniy53.top"; dns.query; content:"yeniy53.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy53\.top$/i"; classtype:trojan-activity; sid:37345511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname yeniy53.top"; flow:to_server,established; http.header; content: "Host|3a| yeniy53.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeniy53\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//yeniy53.top"; flow:to_server,established; http.header; content:"yeniy53.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname appy-exodise-oi.top"; dns.query; content:"appy-exodise-oi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appy\-exodise\-oi\.top$/i"; classtype:trojan-activity; sid:37345541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname appy-exodise-oi.top"; flow:to_server,established; http.header; content: "Host|3a| appy-exodise-oi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appy\-exodise\-oi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//appy-exodise-oi.top"; flow:to_server,established; http.header; content:"appy-exodise-oi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtooun.com"; dns.query; content:"imtooun.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtooun\.com$/i"; classtype:trojan-activity; sid:37345601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtooun.com"; flow:to_server,established; http.header; content: "Host|3a| imtooun.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtooun\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//imtooun.com"; flow:to_server,established; http.header; content:"imtooun.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname telergcm.club"; dns.query; content:"telergcm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telergcm\.club$/i"; classtype:trojan-activity; sid:37345631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname telergcm.club"; flow:to_server,established; http.header; content: "Host|3a| telergcm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telergcm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//telergcm.club/"; flow:to_server,established; http.header; content:"telergcm.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname telergcm.vip"; dns.query; content:"telergcm.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telergcm\.vip$/i"; classtype:trojan-activity; sid:37345661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname telergcm.vip"; flow:to_server,established; http.header; content: "Host|3a| telergcm.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telergcm\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//telergcm.vip/"; flow:to_server,established; http.header; content:"telergcm.vip"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname teletrgpm.cc"; dns.query; content:"teletrgpm.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrgpm\.cc$/i"; classtype:trojan-activity; sid:37345691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname teletrgpm.cc"; flow:to_server,established; http.header; content: "Host|3a| teletrgpm.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrgpm\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//teletrgpm.cc/"; flow:to_server,established; http.header; content:"teletrgpm.cc"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname teletrgpm.club"; dns.query; content:"teletrgpm.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrgpm\.club$/i"; classtype:trojan-activity; sid:37345721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname teletrgpm.club"; flow:to_server,established; http.header; content: "Host|3a| teletrgpm.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrgpm\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//teletrgpm.club/"; flow:to_server,established; http.header; content:"teletrgpm.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname teletrgpm.com.cn"; dns.query; content:"teletrgpm.com.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrgpm\.com\.cn$/i"; classtype:trojan-activity; sid:37345751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname teletrgpm.com.cn"; flow:to_server,established; http.header; content: "Host|3a| teletrgpm.com.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrgpm\.com\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//teletrgpm.com.cn/"; flow:to_server,established; http.header; content:"teletrgpm.com.cn"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname teletrgpm.work"; dns.query; content:"teletrgpm.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrgpm\.work$/i"; classtype:trojan-activity; sid:37345781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname teletrgpm.work"; flow:to_server,established; http.header; content: "Host|3a| teletrgpm.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletrgpm\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//teletrgpm.work"; flow:to_server,established; http.header; content:"teletrgpm.work"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname teletsam.cc"; dns.query; content:"teletsam.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsam\.cc$/i"; classtype:trojan-activity; sid:37345811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname teletsam.cc"; flow:to_server,established; http.header; content: "Host|3a| teletsam.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsam\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//teletsam.cc"; flow:to_server,established; http.header; content:"teletsam.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname teletsam.com.cn"; dns.query; content:"teletsam.com.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsam\.com\.cn$/i"; classtype:trojan-activity; sid:37345841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname teletsam.com.cn"; flow:to_server,established; http.header; content: "Host|3a| teletsam.com.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teletsam\.com\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//teletsam.com.cn"; flow:to_server,established; http.header; content:"teletsam.com.cn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; dns.query; content:"login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.microsoftonline\.us\.office\.rp1\.abangaritest\.govshn\.net$/i"; classtype:trojan-activity; sid:37345871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; flow:to_server,established; http.header; content: "Host|3a| login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.microsoftonline\.us\.office\.rp1\.abangaritest\.govshn\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; dns.query; content:"gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gov\.teams\.microsoft\.us\.office\.rp1\.abangaritest\.govshn\.net$/i"; classtype:trojan-activity; sid:37345901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; flow:to_server,established; http.header; content: "Host|3a| gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gov\.teams\.microsoft\.us\.office\.rp1\.abangaritest\.govshn\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/"; flow:to_server,established; http.header; content:"gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37345911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname tgadminuser.web-cs.xyz"; dns.query; content:"tgadminuser.web-cs.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-cs\.xyz$/i"; classtype:trojan-activity; sid:37345931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname tgadminuser.web-cs.xyz"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.web-cs.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-cs\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname videoprivatevip.mt-me.com"; dns.query; content:"videoprivatevip.mt-me.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])videoprivatevip\.mt\-me\.com$/i"; classtype:trojan-activity; sid:37345961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname videoprivatevip.mt-me.com"; flow:to_server,established; http.header; content: "Host|3a| videoprivatevip.mt-me.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])videoprivatevip\.mt\-me\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname claim.apps-bansos.xyz"; dns.query; content:"claim.apps-bansos.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])claim\.apps\-bansos\.xyz$/i"; classtype:trojan-activity; sid:37345991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname claim.apps-bansos.xyz"; flow:to_server,established; http.header; content: "Host|3a| claim.apps-bansos.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])claim\.apps\-bansos\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37345992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname rasti-vip.mild-private-vip.my.id"; dns.query; content:"rasti-vip.mild-private-vip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rasti\-vip\.mild\-private\-vip\.my\.id$/i"; classtype:trojan-activity; sid:37346021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname rasti-vip.mild-private-vip.my.id"; flow:to_server,established; http.header; content: "Host|3a| rasti-vip.mild-private-vip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rasti\-vip\.mild\-private\-vip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:37346051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname telegm.xyz"; dns.query; content:"telegm.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegm\.xyz$/i"; classtype:trojan-activity; sid:37346081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname telegm.xyz"; flow:to_server,established; http.header; content: "Host|3a| telegm.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegm\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname telegrom-z.com"; dns.query; content:"telegrom-z.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-z\.com$/i"; classtype:trojan-activity; sid:37346111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname telegrom-z.com"; flow:to_server,established; http.header; content: "Host|3a| telegrom-z.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-z\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname live-private.my.id"; dns.query; content:"live-private.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-private\.my\.id$/i"; classtype:trojan-activity; sid:37346141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname live-private.my.id"; flow:to_server,established; http.header; content: "Host|3a| live-private.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-private\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cek-all-informasi.my.id"; dns.query; content:"cek-all-informasi.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cek\-all\-informasi\.my\.id$/i"; classtype:trojan-activity; sid:37346171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cek-all-informasi.my.id"; flow:to_server,established; http.header; content: "Host|3a| cek-all-informasi.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cek\-all\-informasi\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname live-televip.pages.dev"; dns.query; content:"live-televip.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-televip\.pages\.dev$/i"; classtype:trojan-activity; sid:37346201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname live-televip.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| live-televip.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-televip\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//live-televip.pages.dev"; flow:to_server,established; http.header; content:"live-televip.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37346211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname live-prons-sex.pages.dev"; dns.query; content:"live-prons-sex.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-prons\-sex\.pages\.dev$/i"; classtype:trojan-activity; sid:37346231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname live-prons-sex.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| live-prons-sex.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])live\-prons\-sex\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//live-prons-sex.pages.dev"; flow:to_server,established; http.header; content:"live-prons-sex.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37346241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname shtgi.pages.dev"; dns.query; content:"shtgi.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shtgi\.pages\.dev$/i"; classtype:trojan-activity; sid:37346261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname shtgi.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| shtgi.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shtgi\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//shtgi.pages.dev"; flow:to_server,established; http.header; content:"shtgi.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37346271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname pub-5fafafbf1056439ca7ae1496c917be7b.r2.dev"; dns.query; content:"pub-5fafafbf1056439ca7ae1496c917be7b.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5fafafbf1056439ca7ae1496c917be7b\.r2\.dev$/i"; classtype:trojan-activity; sid:37346291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname pub-5fafafbf1056439ca7ae1496c917be7b.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-5fafafbf1056439ca7ae1496c917be7b.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5fafafbf1056439ca7ae1496c917be7b\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname mlcro-out-look-verify.pages.dev"; dns.query; content:"mlcro-out-look-verify.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlcro\-out\-look\-verify\.pages\.dev$/i"; classtype:trojan-activity; sid:37346321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname mlcro-out-look-verify.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| mlcro-out-look-verify.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlcro\-out\-look\-verify\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname myonedrive.4130678276813.workers.dev"; dns.query; content:"myonedrive.4130678276813.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myonedrive\.4130678276813\.workers\.dev$/i"; classtype:trojan-activity; sid:37346351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname myonedrive.4130678276813.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| myonedrive.4130678276813.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])myonedrive\.4130678276813\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//myonedrive.4130678276813.workers.dev/"; flow:to_server,established; http.header; content:"myonedrive.4130678276813.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37346361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname grup-bokep-viralterbaru.23newlink.my.id"; dns.query; content:"grup-bokep-viralterbaru.23newlink.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup\-bokep\-viralterbaru\.23newlink\.my\.id$/i"; classtype:trojan-activity; sid:37346381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname grup-bokep-viralterbaru.23newlink.my.id"; flow:to_server,established; http.header; content: "Host|3a| grup-bokep-viralterbaru.23newlink.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup\-bokep\-viralterbaru\.23newlink\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//grup-bokep-viralterbaru.23newlink.my.id"; flow:to_server,established; http.header; content:"grup-bokep-viralterbaru.23newlink.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37346391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname authenticatebtc20.pages.dev"; dns.query; content:"authenticatebtc20.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])authenticatebtc20\.pages\.dev$/i"; classtype:trojan-activity; sid:37346411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname authenticatebtc20.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| authenticatebtc20.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])authenticatebtc20\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//authenticatebtc20.pages.dev"; flow:to_server,established; http.header; content:"authenticatebtc20.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37346421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname api-connects.pages.dev"; dns.query; content:"api-connects.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])api\-connects\.pages\.dev$/i"; classtype:trojan-activity; sid:37346441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname api-connects.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| api-connects.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])api\-connects\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//api-connects.pages.dev"; flow:to_server,established; http.header; content:"api-connects.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37346451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname join-grup-wa-tebaru2024.abalonsyh.cfd"; dns.query; content:"join-grup-wa-tebaru2024.abalonsyh.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join\-grup\-wa\-tebaru2024\.abalonsyh\.cfd$/i"; classtype:trojan-activity; sid:37346471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname join-grup-wa-tebaru2024.abalonsyh.cfd"; flow:to_server,established; http.header; content: "Host|3a| join-grup-wa-tebaru2024.abalonsyh.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join\-grup\-wa\-tebaru2024\.abalonsyh\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//join-grup-wa-tebaru2024.abalonsyh.cfd"; flow:to_server,established; http.header; content:"join-grup-wa-tebaru2024.abalonsyh.cfd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37346481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname servec.template-radio.getonnet.dev"; dns.query; content:"servec.template-radio.getonnet.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev$/i"; classtype:trojan-activity; sid:37346501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname servec.template-radio.getonnet.dev"; flow:to_server,established; http.header; content: "Host|3a| servec.template-radio.getonnet.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname stingy-veiled-whimsey.glitch.me"; dns.query; content:"stingy-veiled-whimsey.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stingy\-veiled\-whimsey\.glitch\.me$/i"; classtype:trojan-activity; sid:37346531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname stingy-veiled-whimsey.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| stingy-veiled-whimsey.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stingy\-veiled\-whimsey\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37346561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname servec.template-radio.getonnet.dev"; dns.query; content:"servec.template-radio.getonnet.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev$/i"; classtype:trojan-activity; sid:37346591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname servec.template-radio.getonnet.dev"; flow:to_server,established; http.header; content: "Host|3a| servec.template-radio.getonnet.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servec\.template\-radio\.getonnet\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname respected-nosy-airport.glitch.me"; dns.query; content:"respected-nosy-airport.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])respected\-nosy\-airport\.glitch\.me$/i"; classtype:trojan-activity; sid:37346621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname respected-nosy-airport.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| respected-nosy-airport.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])respected\-nosy\-airport\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname reinaldolimadev.github.io"; dns.query; content:"reinaldolimadev.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])reinaldolimadev\.github\.io$/i"; classtype:trojan-activity; sid:37346651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname reinaldolimadev.github.io"; flow:to_server,established; http.header; content: "Host|3a| reinaldolimadev.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])reinaldolimadev\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname pub-dd2ea2ecb19b41d3a3c7d600fb7119b6.r2.dev"; dns.query; content:"pub-dd2ea2ecb19b41d3a3c7d600fb7119b6.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-dd2ea2ecb19b41d3a3c7d600fb7119b6\.r2\.dev$/i"; classtype:trojan-activity; sid:37346681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname pub-dd2ea2ecb19b41d3a3c7d600fb7119b6.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-dd2ea2ecb19b41d3a3c7d600fb7119b6.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-dd2ea2ecb19b41d3a3c7d600fb7119b6\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname pub-98170f3329d74dfaaf3af127130403d9.r2.dev"; dns.query; content:"pub-98170f3329d74dfaaf3af127130403d9.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-98170f3329d74dfaaf3af127130403d9\.r2\.dev$/i"; classtype:trojan-activity; sid:37346711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname pub-98170f3329d74dfaaf3af127130403d9.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-98170f3329d74dfaaf3af127130403d9.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-98170f3329d74dfaaf3af127130403d9\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname oudslc-docs-4c58.pchgpwahni.workers.dev"; dns.query; content:"oudslc-docs-4c58.pchgpwahni.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oudslc\-docs\-4c58\.pchgpwahni\.workers\.dev$/i"; classtype:trojan-activity; sid:37346741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname oudslc-docs-4c58.pchgpwahni.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| oudslc-docs-4c58.pchgpwahni.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oudslc\-docs\-4c58\.pchgpwahni\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname pixelartsfcompetition.pages.dev"; dns.query; content:"pixelartsfcompetition.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelartsfcompetition\.pages\.dev$/i"; classtype:trojan-activity; sid:37346771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname pixelartsfcompetition.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pixelartsfcompetition.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pixelartsfcompetition\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname panoramic-grape-push.glitch.me"; dns.query; content:"panoramic-grape-push.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])panoramic\-grape\-push\.glitch\.me$/i"; classtype:trojan-activity; sid:37346801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname panoramic-grape-push.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| panoramic-grape-push.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])panoramic\-grape\-push\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname newlink03th5fu.kezx.my.id"; dns.query; content:"newlink03th5fu.kezx.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newlink03th5fu\.kezx\.my\.id$/i"; classtype:trojan-activity; sid:37346831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname newlink03th5fu.kezx.my.id"; flow:to_server,established; http.header; content: "Host|3a| newlink03th5fu.kezx.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])newlink03th5fu\.kezx\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname mova-stream-j2arxub0v-soyoong.vercel.app"; dns.query; content:"mova-stream-j2arxub0v-soyoong.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mova\-stream\-j2arxub0v\-soyoong\.vercel\.app$/i"; classtype:trojan-activity; sid:37346861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname mova-stream-j2arxub0v-soyoong.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| mova-stream-j2arxub0v-soyoong.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mova\-stream\-j2arxub0v\-soyoong\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname molin-autohandel.pl"; dns.query; content:"molin-autohandel.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])molin\-autohandel\.pl$/i"; classtype:trojan-activity; sid:37346891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname molin-autohandel.pl"; flow:to_server,established; http.header; content: "Host|3a| molin-autohandel.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])molin\-autohandel\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname molin-autohandel.pl"; dns.query; content:"molin-autohandel.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])molin\-autohandel\.pl$/i"; classtype:trojan-activity; sid:37346921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname molin-autohandel.pl"; flow:to_server,established; http.header; content: "Host|3a| molin-autohandel.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])molin\-autohandel\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname lilac-beautiful-blob.glitch.me"; dns.query; content:"lilac-beautiful-blob.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lilac\-beautiful\-blob\.glitch\.me$/i"; classtype:trojan-activity; sid:37346951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname lilac-beautiful-blob.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| lilac-beautiful-blob.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lilac\-beautiful\-blob\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname kuca-motohandel.pl"; dns.query; content:"kuca-motohandel.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kuca\-motohandel\.pl$/i"; classtype:trojan-activity; sid:37346981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname kuca-motohandel.pl"; flow:to_server,established; http.header; content: "Host|3a| kuca-motohandel.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kuca\-motohandel\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37346982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname kuca-autogielda.pl"; dns.query; content:"kuca-autogielda.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kuca\-autogielda\.pl$/i"; classtype:trojan-activity; sid:37347011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname kuca-autogielda.pl"; flow:to_server,established; http.header; content: "Host|3a| kuca-autogielda.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kuca\-autogielda\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname kcc-auto.pl"; dns.query; content:"kcc-auto.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kcc\-auto\.pl$/i"; classtype:trojan-activity; sid:37347041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname kcc-auto.pl"; flow:to_server,established; http.header; content: "Host|3a| kcc-auto.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kcc\-auto\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname joingroupnmkvevv.lanjutkann.my.id"; dns.query; content:"joingroupnmkvevv.lanjutkann.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupnmkvevv\.lanjutkann\.my\.id$/i"; classtype:trojan-activity; sid:37347071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname joingroupnmkvevv.lanjutkann.my.id"; flow:to_server,established; http.header; content: "Host|3a| joingroupnmkvevv.lanjutkann.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupnmkvevv\.lanjutkann\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname joingroupnmkvevv.lanjutkann.my.id"; dns.query; content:"joingroupnmkvevv.lanjutkann.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupnmkvevv\.lanjutkann\.my\.id$/i"; classtype:trojan-activity; sid:37347101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname joingroupnmkvevv.lanjutkann.my.id"; flow:to_server,established; http.header; content: "Host|3a| joingroupnmkvevv.lanjutkann.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joingroupnmkvevv\.lanjutkann\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname jd7e.pages.dev"; dns.query; content:"jd7e.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jd7e\.pages\.dev$/i"; classtype:trojan-activity; sid:37347131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname jd7e.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jd7e.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jd7e\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname ipfs.eth.aragon.network"; dns.query; content:"ipfs.eth.aragon.network"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ipfs\.eth\.aragon\.network$/i"; classtype:trojan-activity; sid:37347161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname ipfs.eth.aragon.network"; flow:to_server,established; http.header; content: "Host|3a| ipfs.eth.aragon.network"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ipfs\.eth\.aragon\.network[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname imtoken-ar.ist"; dns.query; content:"imtoken-ar.ist"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ar\.ist$/i"; classtype:trojan-activity; sid:37347191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname imtoken-ar.ist"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ar.ist"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ar\.ist[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname intriguing-confusion-orca.glitch.me"; dns.query; content:"intriguing-confusion-orca.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intriguing\-confusion\-orca\.glitch\.me$/i"; classtype:trojan-activity; sid:37347221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname intriguing-confusion-orca.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| intriguing-confusion-orca.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intriguing\-confusion\-orca\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname hkhkjdhy.weebly.com"; dns.query; content:"hkhkjdhy.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hkhkjdhy\.weebly\.com$/i"; classtype:trojan-activity; sid:37347251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname hkhkjdhy.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| hkhkjdhy.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hkhkjdhy\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname hfh.pages.dev"; dns.query; content:"hfh.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hfh\.pages\.dev$/i"; classtype:trojan-activity; sid:37347281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname hfh.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hfh.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hfh\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname hfh.pages.dev"; dns.query; content:"hfh.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hfh\.pages\.dev$/i"; classtype:trojan-activity; sid:37347311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname hfh.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hfh.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hfh\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname share-52-blink.pages.dev"; dns.query; content:"share-52-blink.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev$/i"; classtype:trojan-activity; sid:37347341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname share-52-blink.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| share-52-blink.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])share\-52\-blink\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//share-52-blink.pages.dev/8594a705-a04b-43ab-a8df-1e98495fbad0"; flow:to_server,established; http.header; content:"share-52-blink.pages.dev"; fast_pattern; nocase; http.uri; content:"/8594a705-a04b-43ab-a8df-1e98495fbad0"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37347351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname goood-fod12.blogspot.com"; dns.query; content:"goood-fod12.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])goood\-fod12\.blogspot\.com$/i"; classtype:trojan-activity; sid:37347371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname goood-fod12.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| goood-fod12.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])goood\-fod12\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname goldenocalarealestate.pages.dev"; dns.query; content:"goldenocalarealestate.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])goldenocalarealestate\.pages\.dev$/i"; classtype:trojan-activity; sid:37347401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname goldenocalarealestate.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| goldenocalarealestate.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])goldenocalarealestate\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname gielda-auta.pl"; dns.query; content:"gielda-auta.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gielda\-auta\.pl$/i"; classtype:trojan-activity; sid:37347431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname gielda-auta.pl"; flow:to_server,established; http.header; content: "Host|3a| gielda-auta.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gielda\-auta\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname gielda-auta.pl"; dns.query; content:"gielda-auta.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gielda\-auta\.pl$/i"; classtype:trojan-activity; sid:37347461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname gielda-auta.pl"; flow:to_server,established; http.header; content: "Host|3a| gielda-auta.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gielda\-auta\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname complex-cobalt-eggnog.glitch.me"; dns.query; content:"complex-cobalt-eggnog.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])complex\-cobalt\-eggnog\.glitch\.me$/i"; classtype:trojan-activity; sid:37347491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname complex-cobalt-eggnog.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| complex-cobalt-eggnog.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])complex\-cobalt\-eggnog\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname autosprzedaz-mcl.pl"; dns.query; content:"autosprzedaz-mcl.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autosprzedaz\-mcl\.pl$/i"; classtype:trojan-activity; sid:37347521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname autosprzedaz-mcl.pl"; flow:to_server,established; http.header; content: "Host|3a| autosprzedaz-mcl.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autosprzedaz\-mcl\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname autogielda-maciejski.pl"; dns.query; content:"autogielda-maciejski.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-maciejski\.pl$/i"; classtype:trojan-activity; sid:37347551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname autogielda-maciejski.pl"; flow:to_server,established; http.header; content: "Host|3a| autogielda-maciejski.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autogielda\-maciejski\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname uspo.ussphg.top"; dns.query; content:"uspo.ussphg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphg\.top$/i"; classtype:trojan-activity; sid:37347581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname uspo.ussphg.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.ussphg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.ussphg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname filf.pages.dev"; dns.query; content:"filf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filf\.pages\.dev$/i"; classtype:trojan-activity; sid:37347611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname filf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| filf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//filf.pages.dev"; flow:to_server,established; http.header; content:"filf.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37347621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname findyourkicks.blogspot.com"; dns.query; content:"findyourkicks.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])findyourkicks\.blogspot\.com$/i"; classtype:trojan-activity; sid:37347641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname findyourkicks.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| findyourkicks.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])findyourkicks\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//findyourkicks.blogspot.com"; flow:to_server,established; http.header; content:"findyourkicks.blogspot.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37347651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname fashionfitnessbychunkschirag.blogspot.com"; dns.query; content:"fashionfitnessbychunkschirag.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fashionfitnessbychunkschirag\.blogspot\.com$/i"; classtype:trojan-activity; sid:37347671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname fashionfitnessbychunkschirag.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| fashionfitnessbychunkschirag.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fashionfitnessbychunkschirag\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//fashionfitnessbychunkschirag.blogspot.com/?m=1"; flow:to_server,established; http.header; content:"fashionfitnessbychunkschirag.blogspot.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37347681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname f16.hkwordpress.com"; dns.query; content:"f16.hkwordpress.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f16\.hkwordpress\.com$/i"; classtype:trojan-activity; sid:37347701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname f16.hkwordpress.com"; flow:to_server,established; http.header; content: "Host|3a| f16.hkwordpress.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f16\.hkwordpress\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//f16.hkwordpress.com/wp-includes/js/DDH/GlobalSources/?email=3mail@b.c"; flow:to_server,established; http.header; content:"f16.hkwordpress.com"; fast_pattern; nocase; http.uri; content:"/wp-includes/js/DDH/GlobalSources/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37347711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname autokomis-jan.pl"; dns.query; content:"autokomis-jan.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autokomis\-jan\.pl$/i"; classtype:trojan-activity; sid:37347731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname autokomis-jan.pl"; flow:to_server,established; http.header; content: "Host|3a| autokomis-jan.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autokomis\-jan\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//autokomis-jan.pl"; flow:to_server,established; http.header; content:"autokomis-jan.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37347741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37347761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37347791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37347821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37347851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37347881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37347911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37347941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37347971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37347972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; dns.query; content:"cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev$/i"; classtype:trojan-activity; sid:37348001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cas86t798-broad-cake-e386.wgwhiwgzpjw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cas86t798\-broad\-cake\-e386\.wgwhiwgzpjw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname home-jawatan-kosong.newsmy.id"; dns.query; content:"home-jawatan-kosong.newsmy.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-jawatan\-kosong\.newsmy\.id$/i"; classtype:trojan-activity; sid:37348031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname home-jawatan-kosong.newsmy.id"; flow:to_server,established; http.header; content: "Host|3a| home-jawatan-kosong.newsmy.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-jawatan\-kosong\.newsmy\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname pub-f488d77bc04a4676ad79ee159fe7d8c5.r2.dev"; dns.query; content:"pub-f488d77bc04a4676ad79ee159fe7d8c5.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f488d77bc04a4676ad79ee159fe7d8c5\.r2\.dev$/i"; classtype:trojan-activity; sid:37348061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname pub-f488d77bc04a4676ad79ee159fe7d8c5.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-f488d77bc04a4676ad79ee159fe7d8c5.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f488d77bc04a4676ad79ee159fe7d8c5\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//pub-f488d77bc04a4676ad79ee159fe7d8c5.r2.dev/index2.html"; flow:to_server,established; http.header; content:"pub-f488d77bc04a4676ad79ee159fe7d8c5.r2.dev"; fast_pattern; nocase; http.uri; content:"/index2.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname degrainblockchain.pages.dev"; dns.query; content:"degrainblockchain.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])degrainblockchain\.pages\.dev$/i"; classtype:trojan-activity; sid:37348091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname degrainblockchain.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| degrainblockchain.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])degrainblockchain\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//degrainblockchain.pages.dev"; flow:to_server,established; http.header; content:"degrainblockchain.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert dns any any -> any any (msg: "MISP e26510 [] Hostname bitcoinbschain.pages.dev"; dns.query; content:"bitcoinbschain.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bitcoinbschain\.pages\.dev$/i"; classtype:trojan-activity; sid:37348121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26510 [] Outgoing HTTP Hostname bitcoinbschain.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bitcoinbschain.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bitcoinbschain\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26510 [] Outgoing URL http|3a|//bitcoinbschain.pages.dev"; flow:to_server,established; http.header; content:"bitcoinbschain.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37348131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26510;) alert ip $HOME_NET any -> 5.39.43.50 1610 (msg: "MISP e26238 [njrat,RAT] Outgoing To IP: 5.39.43.50|1610"; classtype:trojan-activity; sid:37230501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 5.75.211.197 3306 (msg: "MISP e26238 [RedLineStealer] Outgoing To IP: 5.75.211.197|3306"; classtype:trojan-activity; sid:37230521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 5.75.211.197 3306 (msg: "MISP e26403 [] Outgoing To IP: 5.75.211.197|3306"; classtype:trojan-activity; sid:37268781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 213.248.43.58 80 (msg: "MISP e26403 [] Outgoing To IP: 213.248.43.58|80"; classtype:trojan-activity; sid:37268791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> 213.248.43.58 $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//213.248.43.58/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms"; flow:to_server,established; http.header; content:"213.248.43.58"; fast_pattern; nocase; http.uri; content:"/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37268801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> 213.248.43.58 $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//213.248.43.58/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms"; flow:to_server,established; http.header; content:"213.248.43.58"; fast_pattern; nocase; http.uri; content:"/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37268811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 170.187.207.78 8888 (msg: "MISP e26238 [AKAMAI-LINODE-AP Akamai Connected Cloud,sliver] Outgoing To IP: 170.187.207.78|8888"; classtype:trojan-activity; sid:37230531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 170.187.207.78 31337 (msg: "MISP e26238 [AKAMAI-LINODE-AP Akamai Connected Cloud,sliver] Outgoing To IP: 170.187.207.78|31337"; classtype:trojan-activity; sid:37230541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 70.31.125.60 2078 (msg: "MISP e26238 [BACOM,QakBot] Outgoing To IP: 70.31.125.60|2078"; classtype:trojan-activity; sid:37230551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 197.14.148.208 443 (msg: "MISP e26238 [QakBot,TN-BB-AS Tunisia BackBone AS] Outgoing To IP: 197.14.148.208|443"; classtype:trojan-activity; sid:37230561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 41.136.51.241 443 (msg: "MISP e26238 [MauritiusTelecom,QakBot] Outgoing To IP: 41.136.51.241|443"; classtype:trojan-activity; sid:37230571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 121.121.101.183 995 (msg: "MISP e26238 [MAXIS-AS1-AP Binariang Berhad,QakBot] Outgoing To IP: 121.121.101.183|995"; classtype:trojan-activity; sid:37230581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 41.96.177.159 443 (msg: "MISP e26238 [ALGTEL-AS,QakBot] Outgoing To IP: 41.96.177.159|443"; classtype:trojan-activity; sid:37230591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 187.170.239.221 995 (msg: "MISP e26238 [QakBot,UNINET] Outgoing To IP: 187.170.239.221|995"; classtype:trojan-activity; sid:37230601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 46.246.82.7 6000 (msg: "MISP e26238 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.82.7|6000"; classtype:trojan-activity; sid:37230611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert ip $HOME_NET any -> 46.246.82.7 6000 (msg: "MISP e26403 [] Outgoing To IP: 46.246.82.7|6000"; classtype:trojan-activity; sid:37268821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 187.170.239.221 995 (msg: "MISP e26403 [] Outgoing To IP: 187.170.239.221|995"; classtype:trojan-activity; sid:37268831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 41.96.177.159 443 (msg: "MISP e26403 [] Outgoing To IP: 41.96.177.159|443"; classtype:trojan-activity; sid:37268841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 121.121.101.183 995 (msg: "MISP e26403 [] Outgoing To IP: 121.121.101.183|995"; classtype:trojan-activity; sid:37268851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 41.136.51.241 443 (msg: "MISP e26403 [] Outgoing To IP: 41.136.51.241|443"; classtype:trojan-activity; sid:37268861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 197.14.148.208 443 (msg: "MISP e26403 [] Outgoing To IP: 197.14.148.208|443"; classtype:trojan-activity; sid:37268871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 70.31.125.60 2078 (msg: "MISP e26403 [] Outgoing To IP: 70.31.125.60|2078"; classtype:trojan-activity; sid:37268881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 170.187.207.78 31337 (msg: "MISP e26403 [] Outgoing To IP: 170.187.207.78|31337"; classtype:trojan-activity; sid:37268891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 170.187.207.78 8888 (msg: "MISP e26403 [] Outgoing To IP: 170.187.207.78|8888"; classtype:trojan-activity; sid:37268901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain cheatlab.live"; dns.query; content:"cheatlab.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])cheatlab\.live$/i"; classtype:trojan-activity; sid:37268931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain cheatlab.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cheatlab.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cheatlab\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 3.67.161.133 13977 (msg: "MISP e26403 [] Outgoing To IP: 3.67.161.133|13977"; classtype:trojan-activity; sid:37268941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 45.95.146.13 38241 (msg: "MISP e26403 [] Outgoing To IP: 45.95.146.13|38241"; classtype:trojan-activity; sid:37268951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 194.147.140.138 9090 (msg: "MISP e26238 [NVPN,PRIVACYFIRST,XWorm,Zero-Logs-VPN] Outgoing To IP: 194.147.140.138|9090"; classtype:trojan-activity; sid:37230621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26238 [XWorm] Domain janxworm9090.duckdns.org"; dns.query; content:"janxworm9090.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])janxworm9090\.duckdns\.org$/i"; classtype:trojan-activity; sid:37230631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26238 [XWorm] Outgoing HTTP Domain janxworm9090.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"janxworm9090.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])janxworm9090\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37230632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert dns any any -> any any (msg: "MISP e26403 [] Domain janxworm9090.duckdns.org"; dns.query; content:"janxworm9090.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])janxworm9090\.duckdns\.org$/i"; classtype:trojan-activity; sid:37268961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain janxworm9090.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"janxworm9090.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])janxworm9090\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37268962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip $HOME_NET any -> 194.147.140.138 9090 (msg: "MISP e26403 [] Outgoing To IP: 194.147.140.138|9090"; classtype:trojan-activity; sid:37268971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26403 [] Domain win32avemaria.com"; dns.query; content:"win32avemaria.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])win32avemaria\.com$/i"; classtype:trojan-activity; sid:37269091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain win32avemaria.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"win32avemaria.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])win32avemaria\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37269092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert ip 100.15.97.125 any -> $HOME_NET any (msg: "MISP e26293 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 100.15.97.125"; classtype:trojan-activity; sid:37239371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26293;) alert ip 101.111.4.162 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.111.4.162"; classtype:trojan-activity; sid:37239381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 108.189.21.173 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.189.21.173"; classtype:trojan-activity; sid:37239391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 103.251.219.22 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.251.219.22"; classtype:trojan-activity; sid:37239401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 109.116.97.10 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.116.97.10"; classtype:trojan-activity; sid:37239411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert dns any any -> any any (msg: "MISP e26236 [] Domain mi-tarjetacencosud-cll.bhojpuriacademy.org"; dns.query; content:"mi-tarjetacencosud-cll.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cll\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37228551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26236;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26236 [] Outgoing HTTP Domain mi-tarjetacencosud-cll.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cll.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cll\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37228552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26236;) alert ip 110.182.112.12 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.182.112.12"; classtype:trojan-activity; sid:37239421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 110.86.161.240 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.86.161.240"; classtype:trojan-activity; sid:37239431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 111.70.31.14 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.31.14"; classtype:trojan-activity; sid:37239441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 112.112.135.204 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.112.135.204"; classtype:trojan-activity; sid:37239451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 113.224.224.228 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.224.224.228"; classtype:trojan-activity; sid:37239461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 113.24.190.160 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.24.190.160"; classtype:trojan-activity; sid:37239471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 113.25.128.225 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.25.128.225"; classtype:trojan-activity; sid:37239481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 114.239.107.231 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.107.231"; classtype:trojan-activity; sid:37239491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 114.167.3.91 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.167.3.91"; classtype:trojan-activity; sid:37239501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 114.32.1.46 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.1.46"; classtype:trojan-activity; sid:37239511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 117.233.217.8 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.217.8"; classtype:trojan-activity; sid:37239521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 119.114.140.124 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.114.140.124"; classtype:trojan-activity; sid:37239531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 118.104.163.196 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.104.163.196"; classtype:trojan-activity; sid:37239541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 121.186.4.56 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.186.4.56"; classtype:trojan-activity; sid:37239551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 12.70.187.125 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 12.70.187.125"; classtype:trojan-activity; sid:37239561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 121.231.155.8 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.231.155.8"; classtype:trojan-activity; sid:37239571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 171.125.85.178 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.125.85.178"; classtype:trojan-activity; sid:37239581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 178.34.106.97 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.34.106.97"; classtype:trojan-activity; sid:37239591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 14.241.73.109 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.241.73.109"; classtype:trojan-activity; sid:37239601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 126.61.32.135 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.61.32.135"; classtype:trojan-activity; sid:37239611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 150.158.3.205 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.3.205"; classtype:trojan-activity; sid:37239621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 123.173.91.173 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.173.91.173"; classtype:trojan-activity; sid:37239631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 182.53.188.9 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.188.9"; classtype:trojan-activity; sid:37239641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 223.15.15.249 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.15.15.249"; classtype:trojan-activity; sid:37239651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 218.161.74.199 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.161.74.199"; classtype:trojan-activity; sid:37239661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 190.109.228.143 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.228.143"; classtype:trojan-activity; sid:37239671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 222.169.41.7 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.169.41.7"; classtype:trojan-activity; sid:37239681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 61.142.29.17 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.142.29.17"; classtype:trojan-activity; sid:37239691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 59.173.83.198 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.173.83.198"; classtype:trojan-activity; sid:37239701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 117.163.56.10 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.163.56.10"; classtype:trojan-activity; sid:37239971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 223.12.177.103 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.12.177.103"; classtype:trojan-activity; sid:37239711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 190.36.85.44 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.36.85.44"; classtype:trojan-activity; sid:37239721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 36.93.121.234 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.121.234"; classtype:trojan-activity; sid:37239731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 42.242.94.170 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.242.94.170"; classtype:trojan-activity; sid:37239741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 60.161.23.197 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.161.23.197"; classtype:trojan-activity; sid:37239751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 45.95.146.13 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.95.146.13"; classtype:trojan-activity; sid:37239761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 205.210.31.34 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.34"; classtype:trojan-activity; sid:37239981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 120.48.92.138 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.92.138"; classtype:trojan-activity; sid:37239991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 79.138.214.209 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.138.214.209"; classtype:trojan-activity; sid:37239771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 171.244.51.190 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.244.51.190"; classtype:trojan-activity; sid:37240001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 72.105.221.231 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.105.221.231"; classtype:trojan-activity; sid:37239781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 144.217.16.12 any -> $HOME_NET any (msg: "MISP e26296 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.217.16.12"; classtype:trojan-activity; sid:37240121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26296;) alert ip 87.236.176.211 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.211"; classtype:trojan-activity; sid:37239791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 62.122.184.252 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.122.184.252"; classtype:trojan-activity; sid:37240011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 43.128.69.133 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.69.133"; classtype:trojan-activity; sid:37240021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 103.56.61.130 any -> $HOME_NET any (msg: "MISP e26296 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.56.61.130"; classtype:trojan-activity; sid:37240131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26296;) alert ip 80.75.212.43 any -> $HOME_NET any (msg: "MISP e26296 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.75.212.43"; classtype:trojan-activity; sid:37240141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26296;) alert ip 192.241.236.28 any -> $HOME_NET any (msg: "MISP e26296 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.236.28"; classtype:trojan-activity; sid:37240151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26296;) alert ip 3.85.100.6 any -> $HOME_NET any (msg: "MISP e26296 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 3.85.100.6"; classtype:trojan-activity; sid:37240161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26296;) alert ip 125.73.36.178 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.73.36.178"; classtype:trojan-activity; sid:37239801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 182.240.62.155 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.62.155"; classtype:trojan-activity; sid:37239811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 121.61.104.218 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.104.218"; classtype:trojan-activity; sid:37239821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 179.49.99.198 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.49.99.198"; classtype:trojan-activity; sid:37239831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 171.224.9.32 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.224.9.32"; classtype:trojan-activity; sid:37239841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 223.8.196.203 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.196.203"; classtype:trojan-activity; sid:37239851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 153.135.81.130 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.135.81.130"; classtype:trojan-activity; sid:37239861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 138.118.176.190 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.118.176.190"; classtype:trojan-activity; sid:37239871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 222.221.211.44 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.221.211.44"; classtype:trojan-activity; sid:37239881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 144.255.147.165 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.255.147.165"; classtype:trojan-activity; sid:37239891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 190.211.255.250 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.211.255.250"; classtype:trojan-activity; sid:37239901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 180.115.160.176 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.115.160.176"; classtype:trojan-activity; sid:37239911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 220.135.95.196 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.95.196"; classtype:trojan-activity; sid:37239921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 59.93.190.15 any -> $HOME_NET any (msg: "MISP e26294 [] Incoming From IP: 59.93.190.15"; classtype:trojan-activity; sid:37239931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 211.199.69.236 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.199.69.236"; classtype:trojan-activity; sid:37239941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 183.136.225.32 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.136.225.32"; classtype:trojan-activity; sid:37239951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 47.111.113.43 any -> $HOME_NET any (msg: "MISP e26294 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.111.113.43"; classtype:trojan-activity; sid:37239961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26294;) alert ip 107.150.101.105 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.150.101.105"; classtype:trojan-activity; sid:37240031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 118.220.31.109 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.220.31.109"; classtype:trojan-activity; sid:37240041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 140.210.196.114 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.210.196.114"; classtype:trojan-activity; sid:37240051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 42.193.148.12 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.148.12"; classtype:trojan-activity; sid:37240061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 205.210.31.64 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.64"; classtype:trojan-activity; sid:37240071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 58.215.203.139 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.215.203.139"; classtype:trojan-activity; sid:37240081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 205.210.31.152 any -> $HOME_NET any (msg: "MISP e26296 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.152"; classtype:trojan-activity; sid:37240171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26296;) alert ip 185.11.61.88 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.11.61.88"; classtype:trojan-activity; sid:37240091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 88.90.90.41 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.90.90.41"; classtype:trojan-activity; sid:37240101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 140.118.102.99 any -> $HOME_NET any (msg: "MISP e26296 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.118.102.99"; classtype:trojan-activity; sid:37240181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26296;) alert ip 42.51.13.246 any -> $HOME_NET any (msg: "MISP e26295 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.13.246"; classtype:trojan-activity; sid:37240111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26295;) alert ip 45.135.201.151 any -> $HOME_NET any (msg: "MISP e26296 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.135.201.151"; classtype:trojan-activity; sid:37240191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26296;) alert ip 185.122.204.98 any -> $HOME_NET any (msg: "MISP e26296 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.122.204.98"; classtype:trojan-activity; sid:37240201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26296;) alert ip 165.22.160.184 any -> $HOME_NET any (msg: "MISP e26300 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.160.184"; classtype:trojan-activity; sid:37240301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26300;) alert dns any any -> any any (msg: "MISP e26403 [] Domain serenys.xyz"; dns.query; content:"serenys.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])serenys\.xyz$/i"; classtype:trojan-activity; sid:37269101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26403 [] Outgoing HTTP Domain serenys.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"serenys.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])serenys\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37269102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26237 [] Domain banco.estado-acceso.info"; dns.query; content:"banco.estado-acceso.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estado\-acceso\.info$/i"; classtype:trojan-activity; sid:37228641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26237;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26237 [] Outgoing HTTP Domain banco.estado-acceso.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banco.estado-acceso.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estado\-acceso\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37228642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26237;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//193.233.132.167/enigma/index.php"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/enigma/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> 185.215.113.32 $HTTP_PORTS (msg: "MISP e26403 [] Outgoing URL http|3a|//185.215.113.32/yandex/index.php"; flow:to_server,established; http.header; content:"185.215.113.32"; fast_pattern; nocase; http.uri; content:"/yandex/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert http $HOME_NET any -> 121.41.50.152 8088 (msg: "MISP e26238 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//121.41.50.152|3a|8088/ptj"; flow:to_server,established; http.header; content:"121.41.50.152"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37230641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26238;) alert http $HOME_NET any -> 121.41.50.152 8088 (msg: "MISP e26403 [] Outgoing URL http|3a|//121.41.50.152|3a|8088/ptj"; flow:to_server,established; http.header; content:"121.41.50.152"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37269141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26403;) alert dns any any -> any any (msg: "MISP e26400 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Domain junio2023.duckdns.org"; dns.query; content:"junio2023.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])junio2023\.duckdns\.org$/i"; classtype:trojan-activity; sid:37257451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing HTTP Domain junio2023.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"junio2023.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])junio2023\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37257452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [misp:confidence-level="usually-confident"] Domain net-killer.servehttp.com"; dns.query; content:"net-killer.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com$/i"; classtype:trojan-activity; sid:37257461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [misp:confidence-level="usually-confident"] Outgoing HTTP Domain net-killer.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"net-killer.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37257462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 103.28.32.56 2023 (msg: "MISP e26400 [misp:confidence-level="usually-confident"] Outgoing To IP: 103.28.32.56|2023"; classtype:trojan-activity; sid:37257471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 147.45.75.185 80 (msg: "MISP e26248 [Meduza,ViriBack] Outgoing To IP: 147.45.75.185|80"; classtype:trojan-activity; sid:37231651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 147.45.75.185 80 (msg: "MISP e26400 [misp:confidence-level="fairly-confident"] Outgoing To IP: 147.45.75.185|80"; classtype:trojan-activity; sid:37257481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26299 [kill-chain:Command and Control] Outgoing URL http|3a|//lgedwards.co.za/wp-includes/xnnwljxxbbawjwlmac.exe"; flow:to_server,established; http.header; content:"lgedwards.co.za"; fast_pattern; nocase; http.uri; content:"/wp-includes/xnnwljxxbbawjwlmac.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37240291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26299;) alert ip $HOME_NET any -> 116.202.0.229 80 (msg: "MISP e26248 [c2,Vidar] Outgoing To IP: 116.202.0.229|80"; classtype:trojan-activity; sid:37231661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 116.202.0.229 2271 (msg: "MISP e26248 [c2,Vidar] Outgoing To IP: 116.202.0.229|2271"; classtype:trojan-activity; sid:37231671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 194.116.173.129 80 (msg: "MISP e26248 [c2,recordbreaker] Outgoing To IP: 194.116.173.129|80"; classtype:trojan-activity; sid:37231681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 185.216.70.11 80 (msg: "MISP e26248 [c2,hook] Outgoing To IP: 185.216.70.11|80"; classtype:trojan-activity; sid:37231691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 20.7.67.78 443 (msg: "MISP e26248 [c2,darkcomet] Outgoing To IP: 20.7.67.78|443"; classtype:trojan-activity; sid:37231701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 187.135.95.35 2095 (msg: "MISP e26248 [c2,darkcomet] Outgoing To IP: 187.135.95.35|2095"; classtype:trojan-activity; sid:37231711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 187.135.95.35 2096 (msg: "MISP e26248 [c2,darkcomet] Outgoing To IP: 187.135.95.35|2096"; classtype:trojan-activity; sid:37231721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 187.135.95.35 1801 (msg: "MISP e26248 [c2,darkcomet] Outgoing To IP: 187.135.95.35|1801"; classtype:trojan-activity; sid:37231731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 187.135.95.35 2045 (msg: "MISP e26248 [c2,darkcomet] Outgoing To IP: 187.135.95.35|2045"; classtype:trojan-activity; sid:37231741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 187.135.95.35 1981 (msg: "MISP e26248 [c2,darkcomet] Outgoing To IP: 187.135.95.35|1981"; classtype:trojan-activity; sid:37231751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 107.189.14.144 50050 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 107.189.14.144|50050"; classtype:trojan-activity; sid:37231761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 91.103.253.227 80 (msg: "MISP e26248 [c2,Meduza] Outgoing To IP: 91.103.253.227|80"; classtype:trojan-activity; sid:37231771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 62.234.46.238 6543 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 62.234.46.238|6543"; classtype:trojan-activity; sid:37231781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 110.41.4.168 50050 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 110.41.4.168|50050"; classtype:trojan-activity; sid:37231791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 187.135.95.35 2045 (msg: "MISP e26400 [c2,darkcomet,misp-galaxy:malpedia="DarkComet",misp:confidence-level="usually-confident"] Outgoing To IP: 187.135.95.35|2045"; classtype:trojan-activity; sid:37257491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 187.135.95.35 1801 (msg: "MISP e26400 [c2,darkcomet,misp-galaxy:malpedia="DarkComet",misp:confidence-level="usually-confident"] Outgoing To IP: 187.135.95.35|1801"; classtype:trojan-activity; sid:37257501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 187.135.95.35 2096 (msg: "MISP e26400 [c2,darkcomet,misp-galaxy:malpedia="DarkComet",misp:confidence-level="usually-confident"] Outgoing To IP: 187.135.95.35|2096"; classtype:trojan-activity; sid:37257511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 187.135.95.35 2095 (msg: "MISP e26400 [c2,darkcomet,misp-galaxy:malpedia="DarkComet",misp:confidence-level="usually-confident"] Outgoing To IP: 187.135.95.35|2095"; classtype:trojan-activity; sid:37257521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 20.7.67.78 443 (msg: "MISP e26400 [c2,darkcomet,misp-galaxy:malpedia="DarkComet",misp:confidence-level="usually-confident"] Outgoing To IP: 20.7.67.78|443"; classtype:trojan-activity; sid:37257531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 185.216.70.11 80 (msg: "MISP e26400 [c2,misp:confidence-level="usually-confident"] Outgoing To IP: 185.216.70.11|80"; classtype:trojan-activity; sid:37257541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 194.116.173.129 80 (msg: "MISP e26400 [c2,misp:confidence-level="usually-confident"] Outgoing To IP: 194.116.173.129|80"; classtype:trojan-activity; sid:37257551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 116.202.0.229 2271 (msg: "MISP e26400 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 116.202.0.229|2271"; classtype:trojan-activity; sid:37257561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 116.202.0.229 80 (msg: "MISP e26400 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 116.202.0.229|80"; classtype:trojan-activity; sid:37257571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 122.51.243.31 50266 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 122.51.243.31|50266"; classtype:trojan-activity; sid:37231801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 121.37.11.148 50050 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 121.37.11.148|50050"; classtype:trojan-activity; sid:37231811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 140.143.142.107 50050 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 140.143.142.107|50050"; classtype:trojan-activity; sid:37231821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 139.224.194.38 50005 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 139.224.194.38|50005"; classtype:trojan-activity; sid:37231831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 47.113.147.154 50050 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 47.113.147.154|50050"; classtype:trojan-activity; sid:37231841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 42.194.210.177 50040 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 42.194.210.177|50040"; classtype:trojan-activity; sid:37231851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 43.138.128.109 12345 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 43.138.128.109|12345"; classtype:trojan-activity; sid:37231861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 101.132.192.106 60010 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 101.132.192.106|60010"; classtype:trojan-activity; sid:37231871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 45.227.255.164 58888 (msg: "MISP e26248 [c2,cobalt_strike] Outgoing To IP: 45.227.255.164|58888"; classtype:trojan-activity; sid:37231881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 45.227.255.164 58888 (msg: "MISP e26400 [] Outgoing To IP: 45.227.255.164|58888"; classtype:trojan-activity; sid:37257581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 101.132.192.106 60010 (msg: "MISP e26400 [] Outgoing To IP: 101.132.192.106|60010"; classtype:trojan-activity; sid:37257591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 43.138.128.109 12345 (msg: "MISP e26400 [] Outgoing To IP: 43.138.128.109|12345"; classtype:trojan-activity; sid:37257601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 42.194.210.177 50040 (msg: "MISP e26400 [] Outgoing To IP: 42.194.210.177|50040"; classtype:trojan-activity; sid:37257611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 47.113.147.154 50050 (msg: "MISP e26400 [] Outgoing To IP: 47.113.147.154|50050"; classtype:trojan-activity; sid:37257621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 139.224.194.38 50005 (msg: "MISP e26400 [] Outgoing To IP: 139.224.194.38|50005"; classtype:trojan-activity; sid:37257631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 140.143.142.107 50050 (msg: "MISP e26400 [] Outgoing To IP: 140.143.142.107|50050"; classtype:trojan-activity; sid:37257641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 121.37.11.148 50050 (msg: "MISP e26400 [] Outgoing To IP: 121.37.11.148|50050"; classtype:trojan-activity; sid:37257651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 122.51.243.31 50266 (msg: "MISP e26400 [] Outgoing To IP: 122.51.243.31|50266"; classtype:trojan-activity; sid:37257661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 110.41.4.168 50050 (msg: "MISP e26400 [] Outgoing To IP: 110.41.4.168|50050"; classtype:trojan-activity; sid:37257671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 62.234.46.238 6543 (msg: "MISP e26400 [] Outgoing To IP: 62.234.46.238|6543"; classtype:trojan-activity; sid:37257681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 91.103.253.227 80 (msg: "MISP e26400 [] Outgoing To IP: 91.103.253.227|80"; classtype:trojan-activity; sid:37257691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 107.189.14.144 50050 (msg: "MISP e26400 [] Outgoing To IP: 107.189.14.144|50050"; classtype:trojan-activity; sid:37257701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 187.135.95.35 1981 (msg: "MISP e26400 [] Outgoing To IP: 187.135.95.35|1981"; classtype:trojan-activity; sid:37257711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26239 [] Outgoing URL http|3a|//dev-provinciabip-inicio.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-provinciabip-inicio.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37230661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26239;) alert dns any any -> any any (msg: "MISP e26239 [] Domain dev-provinciabip-inicio.pantheonsite.io"; dns.query; content:"dev-provinciabip-inicio.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-provinciabip\-inicio\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37230681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26239;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26239 [] Outgoing HTTP Domain dev-provinciabip-inicio.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-provinciabip-inicio.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-provinciabip\-inicio\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37230682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26239;) alert http $HOME_NET any -> 77.105.132.208 $HTTP_PORTS (msg: "MISP e26248 [Stealc] Outgoing URL http|3a|//77.105.132.208/021322b478b21e87.php"; flow:to_server,established; http.header; content:"77.105.132.208"; fast_pattern; nocase; http.uri; content:"/021322b478b21e87.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37231891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> 77.105.132.208 $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//77.105.132.208/021322b478b21e87.php"; flow:to_server,established; http.header; content:"77.105.132.208"; fast_pattern; nocase; http.uri; content:"/021322b478b21e87.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37257721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> 91.107.121.93 $HTTP_PORTS (msg: "MISP e26248 [dcrat] Outgoing URL http|3a|//91.107.121.93/vmmultiwordpress.php"; flow:to_server,established; http.header; content:"91.107.121.93"; fast_pattern; nocase; http.uri; content:"/vmmultiwordpress.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37231901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 3.66.38.117 16992 (msg: "MISP e26400 [] Outgoing To IP: 3.66.38.117|16992"; classtype:trojan-activity; sid:37257731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 3.68.171.119 16992 (msg: "MISP e26400 [] Outgoing To IP: 3.68.171.119|16992"; classtype:trojan-activity; sid:37257741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> 91.107.121.93 $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//91.107.121.93/vmMultiWordpress.php"; flow:to_server,established; http.header; content:"91.107.121.93"; fast_pattern; nocase; http.uri; content:"/vmMultiWordpress.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37257751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26375 [] Hostname pub-19ec0f4f62024aef8b1a6cd6cc064a4a.r2.dev"; dns.query; content:"pub-19ec0f4f62024aef8b1a6cd6cc064a4a.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-19ec0f4f62024aef8b1a6cd6cc064a4a\.r2\.dev$/i"; classtype:trojan-activity; sid:37253001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Hostname pub-19ec0f4f62024aef8b1a6cd6cc064a4a.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-19ec0f4f62024aef8b1a6cd6cc064a4a.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-19ec0f4f62024aef8b1a6cd6cc064a4a\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert ip $HOME_NET any -> 157.230.175.190 6534 (msg: "MISP e26248 [Bianlian Go Trojan,DIGITALOCEAN-ASN] Outgoing To IP: 157.230.175.190|6534"; classtype:trojan-activity; sid:37231911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 37.128.207.56 53 (msg: "MISP e26248 [Bianlian Go Trojan,VEESP-LV-AS] Outgoing To IP: 37.128.207.56|53"; classtype:trojan-activity; sid:37231921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 23.229.31.21 39561 (msg: "MISP e26248 [Bianlian Go Trojan,SERVER-MANIA] Outgoing To IP: 23.229.31.21|39561"; classtype:trojan-activity; sid:37231931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 192.109.241.139 443 (msg: "MISP e26248 [Havoc,PL-IWACOM-AS] Outgoing To IP: 192.109.241.139|443"; classtype:trojan-activity; sid:37231941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 159.253.120.2 443 (msg: "MISP e26248 [ALEXHOST,Havoc] Outgoing To IP: 159.253.120.2|443"; classtype:trojan-activity; sid:37231951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 203.41.157.230 445 (msg: "MISP e26248 [ASN-TELSTRA Telstra Corporation Ltd,Responder] Outgoing To IP: 203.41.157.230|445"; classtype:trojan-activity; sid:37231961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 138.197.56.161 9001 (msg: "MISP e26248 [DIGITALOCEAN-ASN,Pupy RAT] Outgoing To IP: 138.197.56.161|9001"; classtype:trojan-activity; sid:37231971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 92.97.115.164 2222 (msg: "MISP e26248 [EMIRATES-INTERNET Emirates Internet,QakBot] Outgoing To IP: 92.97.115.164|2222"; classtype:trojan-activity; sid:37231981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 70.31.125.60 2222 (msg: "MISP e26248 [BACOM,QakBot] Outgoing To IP: 70.31.125.60|2222"; classtype:trojan-activity; sid:37231991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 105.102.99.5 443 (msg: "MISP e26248 [ALGTEL-AS,QakBot] Outgoing To IP: 105.102.99.5|443"; classtype:trojan-activity; sid:37232001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 95.20.17.129 443 (msg: "MISP e26248 [QakBot,UNI2-AS] Outgoing To IP: 95.20.17.129|443"; classtype:trojan-activity; sid:37232011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 41.99.82.76 443 (msg: "MISP e26248 [ALGTEL-AS,QakBot] Outgoing To IP: 41.99.82.76|443"; classtype:trojan-activity; sid:37232021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 181.141.40.47 4433 (msg: "MISP e26248 [dcrat,EPM Telecomunicaciones S.A. E.S.P.] Outgoing To IP: 181.141.40.47|4433"; classtype:trojan-activity; sid:37232031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 216.118.230.115 33452 (msg: "MISP e26248 [NETSEC-HK Netsec Limited,Supershell] Outgoing To IP: 216.118.230.115|33452"; classtype:trojan-activity; sid:37232041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 216.118.230.115 33452 (msg: "MISP e26400 [] Outgoing To IP: 216.118.230.115|33452"; classtype:trojan-activity; sid:37257761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 181.141.40.47 4433 (msg: "MISP e26400 [] Outgoing To IP: 181.141.40.47|4433"; classtype:trojan-activity; sid:37257771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 41.99.82.76 443 (msg: "MISP e26400 [] Outgoing To IP: 41.99.82.76|443"; classtype:trojan-activity; sid:37257781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 95.20.17.129 443 (msg: "MISP e26400 [] Outgoing To IP: 95.20.17.129|443"; classtype:trojan-activity; sid:37257791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 105.102.99.5 443 (msg: "MISP e26400 [] Outgoing To IP: 105.102.99.5|443"; classtype:trojan-activity; sid:37257801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 70.31.125.60 2222 (msg: "MISP e26400 [] Outgoing To IP: 70.31.125.60|2222"; classtype:trojan-activity; sid:37257811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 92.97.115.164 2222 (msg: "MISP e26400 [] Outgoing To IP: 92.97.115.164|2222"; classtype:trojan-activity; sid:37257821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 138.197.56.161 9001 (msg: "MISP e26400 [] Outgoing To IP: 138.197.56.161|9001"; classtype:trojan-activity; sid:37257831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 203.41.157.230 445 (msg: "MISP e26400 [] Outgoing To IP: 203.41.157.230|445"; classtype:trojan-activity; sid:37257841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 159.253.120.2 443 (msg: "MISP e26400 [] Outgoing To IP: 159.253.120.2|443"; classtype:trojan-activity; sid:37257851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 192.109.241.139 443 (msg: "MISP e26400 [] Outgoing To IP: 192.109.241.139|443"; classtype:trojan-activity; sid:37257861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 23.229.31.21 39561 (msg: "MISP e26400 [] Outgoing To IP: 23.229.31.21|39561"; classtype:trojan-activity; sid:37257871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 37.128.207.56 53 (msg: "MISP e26400 [] Outgoing To IP: 37.128.207.56|53"; classtype:trojan-activity; sid:37257881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 157.230.175.190 6534 (msg: "MISP e26400 [] Outgoing To IP: 157.230.175.190|6534"; classtype:trojan-activity; sid:37257891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26375 [] Hostname webmc6706e.dynip.online"; dns.query; content:"webmc6706e.dynip.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmc6706e\.dynip\.online$/i"; classtype:trojan-activity; sid:37253011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Hostname webmc6706e.dynip.online"; flow:to_server,established; http.header; content: "Host|3a| webmc6706e.dynip.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmc6706e\.dynip\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert dns any any -> any any (msg: "MISP e26248 [zgrat] Domain cheatlab.live"; dns.query; content:"cheatlab.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])cheatlab\.live$/i"; classtype:trojan-activity; sid:37231491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [zgrat] Outgoing HTTP Domain cheatlab.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cheatlab.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cheatlab\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37231492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 213.248.43.58 80 (msg: "MISP e26248 [] Outgoing To IP: 213.248.43.58|80"; classtype:trojan-activity; sid:37231481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> 213.248.43.58 $HTTP_PORTS (msg: "MISP e26248 [] Outgoing URL http|3a|//213.248.43.58/loader/screen/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms"; flow:to_server,established; http.header; content:"213.248.43.58"; fast_pattern; nocase; http.uri; content:"/loader/screen/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37231461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> 213.248.43.58 $HTTP_PORTS (msg: "MISP e26248 [] Outgoing URL http|3a|//213.248.43.58/task/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms"; flow:to_server,established; http.header; content:"213.248.43.58"; fast_pattern; nocase; http.uri; content:"/task/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37231471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [moobot] Domain net-killer.servehttp.com"; dns.query; content:"net-killer.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com$/i"; classtype:trojan-activity; sid:37231641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [moobot] Outgoing HTTP Domain net-killer.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"net-killer.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37231642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 103.28.32.56 2023 (msg: "MISP e26248 [moobot] Outgoing To IP: 103.28.32.56|2023"; classtype:trojan-activity; sid:37231631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26375 [] Hostname mxt.dongahbolt.co"; dns.query; content:"mxt.dongahbolt.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mxt\.dongahbolt\.co$/i"; classtype:trojan-activity; sid:37253021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Hostname mxt.dongahbolt.co"; flow:to_server,established; http.header; content: "Host|3a| mxt.dongahbolt.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mxt\.dongahbolt\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert ip $HOME_NET any -> 95.217.27.143 443 (msg: "MISP e26248 [Vidar] Outgoing To IP: 95.217.27.143|443"; classtype:trojan-activity; sid:37232051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 138.201.119.252 3000 (msg: "MISP e26248 [Vidar] Outgoing To IP: 138.201.119.252|3000"; classtype:trojan-activity; sid:37232061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 95.217.27.143 443 (msg: "MISP e26400 [] Outgoing To IP: 95.217.27.143|443"; classtype:trojan-activity; sid:37257921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 138.201.119.252 3000 (msg: "MISP e26400 [] Outgoing To IP: 138.201.119.252|3000"; classtype:trojan-activity; sid:37257931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> 172.245.214.91 $HTTP_PORTS (msg: "MISP e26297 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//172.245.214.91/htamicrosoftredesignbuddyupdationchildprocessthroughballonupdationprocess.doC"; flow:to_server,established; http.header; content:"172.245.214.91"; fast_pattern; nocase; http.uri; content:"/htamicrosoftredesignbuddyupdationchildprocessthroughballonupdationprocess.doC"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37240211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26297;) alert ip $HOME_NET any -> 204.76.203.129 7645 (msg: "MISP e26248 [Mirai] Outgoing To IP: 204.76.203.129|7645"; classtype:trojan-activity; sid:37232091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [Mirai] Domain bigballz.bounceme.net"; dns.query; content:"bigballz.bounceme.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])bigballz\.bounceme\.net$/i"; classtype:trojan-activity; sid:37232101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [Mirai] Outgoing HTTP Domain bigballz.bounceme.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bigballz.bounceme.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bigballz\.bounceme\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37232102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26400 [] Domain bigballz.bounceme.net"; dns.query; content:"bigballz.bounceme.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])bigballz\.bounceme\.net$/i"; classtype:trojan-activity; sid:37257941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain bigballz.bounceme.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bigballz.bounceme.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bigballz\.bounceme\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37257942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 204.76.203.129 7645 (msg: "MISP e26400 [] Outgoing To IP: 204.76.203.129|7645"; classtype:trojan-activity; sid:37257951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26375 [] Domain kollectdelivery.online"; dns.query; content:"kollectdelivery.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])kollectdelivery\.online$/i"; classtype:trojan-activity; sid:37253031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Domain kollectdelivery.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kollectdelivery.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kollectdelivery\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26569 [] Source Email Address: agnieszka.lopatka@koper-law.pl"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"agnieszka.lopatka@koper-law.pl"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26569;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26569 [] Bad Email Subject"; flow:established,to_server; content:"Subject|3a|"; nocase; content:"Podpisany egzemplarz od Agnieszki Łopatki"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26569;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26569 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"pobierz-13-02-2024 docx.z|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26569;) alert ip 136.243.254.67 any -> $HOME_NET any (msg: "MISP e26569 [] Incoming From IP: 136.243.254.67"; classtype:trojan-activity; sid:37477931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26569;) alert http $HOME_NET any -> 103.183.118.30 $HTTP_PORTS (msg: "MISP e26316 [] Outgoing URL http|3a|//103.183.118.30/THANOS/Wxvxjj.vdf"; flow:to_server,established; http.header; content:"103.183.118.30"; fast_pattern; nocase; http.uri; content:"/THANOS/Wxvxjj.vdf"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37247431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26316;) alert dns any any -> any any (msg: "MISP e26316 [] Domain mail.victoriahotel.ro"; dns.query; content:"mail.victoriahotel.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.victoriahotel\.ro$/i"; classtype:trojan-activity; sid:37247441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26316;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26316 [] Outgoing HTTP Domain mail.victoriahotel.ro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.victoriahotel.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.victoriahotel\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37247442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26316;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26316 [] Source Email Address: contact@victoriahotel.ro"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"contact@victoriahotel.ro"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37247451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26316;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26316 [] Destination Email Address: shem.fujiw@gmx.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"shem.fujiw@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37247461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26316;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26568 [] Source Email Address: federico.peron@gsmedi.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"federico.peron@gsmedi.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26568;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26568 [] Bad Email Subject"; flow:established,to_server; content:"Subject|3a|"; nocase; content:"Ordine d'acquisto/Purchase order nr.122 del/of 13/02/2024"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26568;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26568 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"ORA_1588453_2024_1_122_8022024_pdf .img|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26568;) alert ip 34.64.203.15 any -> $HOME_NET any (msg: "MISP e26568 [] Incoming From IP: 34.64.203.15"; classtype:trojan-activity; sid:37477881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26568;) alert ip 185.222.58.43 any -> $HOME_NET any (msg: "MISP e26568 [] Incoming From IP: 185.222.58.43"; classtype:trojan-activity; sid:37477891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26568;) alert ip $HOME_NET any -> 154.12.84.6 53 (msg: "MISP e26248 [CobaltStrike,cs-watermark-Not Found,High Family Technology Co. Limited] Outgoing To IP: 154.12.84.6|53"; classtype:trojan-activity; sid:37232111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 154.12.84.6 53 (msg: "MISP e26400 [] Outgoing To IP: 154.12.84.6|53"; classtype:trojan-activity; sid:37257961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 195.65.41.209 53 (msg: "MISP e26400 [] Outgoing To IP: 195.65.41.209|53"; classtype:trojan-activity; sid:37257971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain www.is-not-really-a.website"; dns.query; content:"www.is-not-really-a.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.is\-not\-really\-a\.website$/i"; classtype:trojan-activity; sid:37257981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain www.is-not-really-a.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.is-not-really-a.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.is\-not\-really\-a\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37257982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain tab.is-not-really-a.space"; dns.query; content:"tab.is-not-really-a.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])tab\.is\-not\-really\-a\.space$/i"; classtype:trojan-activity; sid:37257991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain tab.is-not-really-a.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tab.is-not-really-a.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tab\.is\-not\-really\-a\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37257992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain dns.no-war-make.love"; dns.query; content:"dns.no-war-make.love"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.no\-war\-make\.love$/i"; classtype:trojan-activity; sid:37258001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain dns.no-war-make.love"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.no-war-make.love"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.no\-war\-make\.love[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 79.137.207.35 15666 (msg: "MISP e26400 [] Outgoing To IP: 79.137.207.35|15666"; classtype:trojan-activity; sid:37258011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> 79.137.207.35 $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//79.137.207.35/auth/login"; flow:to_server,established; http.header; content:"79.137.207.35"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26240 [] Outgoing URL http|3a|//dev-delikhome.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-delikhome.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37230751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26240;) alert dns any any -> any any (msg: "MISP e26240 [] Domain dev-delikhome.pantheonsite.io"; dns.query; content:"dev-delikhome.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-delikhome\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37230771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26240;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26240 [] Outgoing HTTP Domain dev-delikhome.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-delikhome.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-delikhome\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37230772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26240;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26567 [] Source Email Address: marzena.jasinska@altis.com.pl"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"marzena.jasinska@altis.com.pl"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26567;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26567 [] Bad Email Subject"; flow:established,to_server; content:"Subject|3a|"; nocase; content:"Podpisany egzemplarz od Marzeny Jasińskiej"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26567;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26567 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"pobierz-13 -02- 2024 docx.z|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26567;) alert ip 136.243.254.67 any -> $HOME_NET any (msg: "MISP e26567 [] Incoming From IP: 136.243.254.67"; classtype:trojan-activity; sid:37477831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26567;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26241 [] Outgoing URL http|3a|//dev-live-fitness-trainer.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-live-fitness-trainer.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37230841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26241;) alert dns any any -> any any (msg: "MISP e26241 [] Domain discountdays.ru"; dns.query; content:"discountdays.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])discountdays\.ru$/i"; classtype:trojan-activity; sid:37230871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26241;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26241 [] Outgoing HTTP Domain discountdays.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"discountdays.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])discountdays\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37230872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26241;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26242 [] Outgoing URL http|3a|//dev-flip-creativity.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-flip-creativity.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37230941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26242;) alert dns any any -> any any (msg: "MISP e26242 [] Domain discountdays.ru"; dns.query; content:"discountdays.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])discountdays\.ru$/i"; classtype:trojan-activity; sid:37230971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26242;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26242 [] Outgoing HTTP Domain discountdays.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"discountdays.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])discountdays\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37230972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26242;) alert dns any any -> any any (msg: "MISP e26400 [] Domain teaigame.com"; dns.query; content:"teaigame.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])teaigame\.com$/i"; classtype:trojan-activity; sid:37258031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain teaigame.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"teaigame.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])teaigame\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26248 [dcrat] Outgoing URL http|3a|//vilon.000webhostapp.com/adcac1e6.php"; flow:to_server,established; http.header; content:"vilon.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/adcac1e6.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> 39.104.230.184 6666 (msg: "MISP e26248 [CobaltStrike,cs-watermark-100000,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//39.104.230.184|3a|6666/__utm.gif"; flow:to_server,established; http.header; content:"39.104.230.184"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26248 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//122.51.220.170/pixel.gif"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26243 [] Domain fogape.theaerie.ca"; dns.query; content:"fogape.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37231051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26243;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26243 [] Outgoing HTTP Domain fogape.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fogape.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37231052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26243;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//122.51.220.170/pixel.gif"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> 39.104.230.184 6666 (msg: "MISP e26400 [] Outgoing URL http|3a|//39.104.230.184|3a|6666/__utm.gif"; flow:to_server,established; http.header; content:"39.104.230.184"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//vilon.000webhostapp.com/adcac1e6.php"; flow:to_server,established; http.header; content:"vilon.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/adcac1e6.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 18.197.239.109 17032 (msg: "MISP e26400 [] Outgoing To IP: 18.197.239.109|17032"; classtype:trojan-activity; sid:37258081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 3.66.38.117 17032 (msg: "MISP e26400 [] Outgoing To IP: 3.66.38.117|17032"; classtype:trojan-activity; sid:37258091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26244 [] Domain patito.theaerie.ca"; dns.query; content:"patito.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37231131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26244;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26244 [] Outgoing HTTP Domain patito.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patito.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37231132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26244;) alert dns any any -> any any (msg: "MISP e26245 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:37231211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26245;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26245 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37231212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26245;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26566 [] Source Email Address: anna.ostasiewicz@sllawyers.pl"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"anna.ostasiewicz@sllawyers.pl"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26566;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26566 [] Bad Email Subject"; flow:established,to_server; content:"Subject|3a|"; nocase; content:"Podpisany egzemplarz od Anny Ostasiewicz"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26566;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26566 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"pobierz-13- 02 - 2024 docx.z|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37477771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26566;) alert ip 136.243.254.67 any -> $HOME_NET any (msg: "MISP e26566 [] Incoming From IP: 136.243.254.67"; classtype:trojan-activity; sid:37477781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26566;) alert ip $HOME_NET any -> 85.192.32.83 1194 (msg: "MISP e26400 [] Outgoing To IP: 85.192.32.83|1194"; classtype:trojan-activity; sid:37258101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e24600 [] Domain pub-5dc91a8193ee4d22946657cdb1d50df3.r2.dev"; dns.query; content:"pub-5dc91a8193ee4d22946657cdb1d50df3.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-5dc91a8193ee4d22946657cdb1d50df3\.r2\.dev$/i"; classtype:trojan-activity; sid:37248511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain pub-5dc91a8193ee4d22946657cdb1d50df3.r2.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pub-5dc91a8193ee4d22946657cdb1d50df3.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-5dc91a8193ee4d22946657cdb1d50df3\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37248512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 79.137.207.35 15666 (msg: "MISP e26248 [] Outgoing To IP: 79.137.207.35|15666"; classtype:trojan-activity; sid:37232131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> 79.137.207.35 $HTTP_PORTS (msg: "MISP e26248 [panel] Outgoing URL http|3a|//79.137.207.35/auth/login"; flow:to_server,established; http.header; content:"79.137.207.35"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26246 [] Domain bancoestado-solicita.pages.dev"; dns.query; content:"bancoestado-solicita.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-solicita\.pages\.dev$/i"; classtype:trojan-activity; sid:37231291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26246;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26246 [] Outgoing HTTP Domain bancoestado-solicita.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancoestado-solicita.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-solicita\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37231292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26246;) alert dns any any -> any any (msg: "MISP e26344 [] Domain vmi.lt-dekleracija-e.net"; dns.query; content:"vmi.lt-dekleracija-e.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net$/i"; classtype:trojan-activity; sid:37252201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26344;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26344 [] Outgoing HTTP Domain vmi.lt-dekleracija-e.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija-e.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26344;) alert ip $HOME_NET any -> 42.3.121.142 443 (msg: "MISP e26248 [CobaltStrike,cs-watermark-987654321,HKT Limited] Outgoing To IP: 42.3.121.142|443"; classtype:trojan-activity; sid:37232171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET 8123 (msg: "MISP e26248 [CHINANET-BACKBONE,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//www.qichen.fun|3a|8123/dot.gif"; flow:to_server,established; http.header; content:"www.qichen.fun"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [CHINANET-BACKBONE,CobaltStrike,cs-watermark-987654321] Domain www.qichen.fun"; dns.query; content:"www.qichen.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.qichen\.fun$/i"; classtype:trojan-activity; sid:37232191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [CHINANET-BACKBONE,CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain www.qichen.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.qichen.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.qichen\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37232192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 125.70.238.9 8123 (msg: "MISP e26248 [CHINANET-BACKBONE,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 125.70.238.9|8123"; classtype:trojan-activity; sid:37232201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26343 [] Domain vmi.lt-dekleracija-e.net"; dns.query; content:"vmi.lt-dekleracija-e.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net$/i"; classtype:trojan-activity; sid:37252171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26343;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26343 [] Outgoing HTTP Domain vmi.lt-dekleracija-e.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija-e.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26343;) alert dns any any -> any any (msg: "MISP e26400 [] Domain www.qichen.fun"; dns.query; content:"www.qichen.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.qichen\.fun$/i"; classtype:trojan-activity; sid:37258111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain www.qichen.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.qichen.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.qichen\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 125.70.238.9 8123 (msg: "MISP e26400 [] Outgoing To IP: 125.70.238.9|8123"; classtype:trojan-activity; sid:37258121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET 8123 (msg: "MISP e26400 [] Outgoing URL http|3a|//www.qichen.fun|3a|8123/dot.gif"; flow:to_server,established; http.header; content:"www.qichen.fun"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 42.3.121.142 443 (msg: "MISP e26400 [] Outgoing To IP: 42.3.121.142|443"; classtype:trojan-activity; sid:37258141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26356 [] Domain bafybeibncd3o36djc43fzxyykdremg3nqdyjb263thjx37qznp3tbtsqki.ipfs.cf-ipfs.com"; dns.query; content:"bafybeibncd3o36djc43fzxyykdremg3nqdyjb263thjx37qznp3tbtsqki.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bafybeibncd3o36djc43fzxyykdremg3nqdyjb263thjx37qznp3tbtsqki\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37252531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26356;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26356 [] Outgoing HTTP Domain bafybeibncd3o36djc43fzxyykdremg3nqdyjb263thjx37qznp3tbtsqki.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bafybeibncd3o36djc43fzxyykdremg3nqdyjb263thjx37qznp3tbtsqki.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bafybeibncd3o36djc43fzxyykdremg3nqdyjb263thjx37qznp3tbtsqki\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26356;) alert dns any any -> any any (msg: "MISP e26355 [] Domain pub-f881673bdca94f08abbd51639e988b6c.r2.dev"; dns.query; content:"pub-f881673bdca94f08abbd51639e988b6c.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-f881673bdca94f08abbd51639e988b6c\.r2\.dev$/i"; classtype:trojan-activity; sid:37252501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26355;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26355 [] Outgoing HTTP Domain pub-f881673bdca94f08abbd51639e988b6c.r2.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pub-f881673bdca94f08abbd51639e988b6c.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-f881673bdca94f08abbd51639e988b6c\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26355;) alert dns any any -> any any (msg: "MISP e26354 [] Domain bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4.ipfs.cf-ipfs.com"; dns.query; content:"bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37252471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26354;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26354 [] Outgoing HTTP Domain bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26354;) alert dns any any -> any any (msg: "MISP e26353 [] Domain bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34.ipfs.cf-ipfs.com"; dns.query; content:"bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37252441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26353;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26353 [] Outgoing HTTP Domain bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26353;) alert dns any any -> any any (msg: "MISP e26350 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37252371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26350;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26350 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26350;) alert dns any any -> any any (msg: "MISP e26349 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37252341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26349;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26349 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26349;) alert dns any any -> any any (msg: "MISP e26348 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37252311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26348;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26348 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26348;) alert dns any any -> any any (msg: "MISP e26347 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37252281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26347;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26347 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26347;) alert dns any any -> any any (msg: "MISP e26346 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37252251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26346;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26346 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26346;) alert ip $HOME_NET any -> 77.105.132.94 4449 (msg: "MISP e26248 [asyncrat] Outgoing To IP: 77.105.132.94|4449"; classtype:trojan-activity; sid:37232211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 77.105.132.94 465 (msg: "MISP e26248 [asyncrat] Outgoing To IP: 77.105.132.94|465"; classtype:trojan-activity; sid:37232221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 77.105.132.94 80 (msg: "MISP e26248 [asyncrat] Outgoing To IP: 77.105.132.94|80"; classtype:trojan-activity; sid:37232231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 77.105.132.94 8080 (msg: "MISP e26248 [asyncrat] Outgoing To IP: 77.105.132.94|8080"; classtype:trojan-activity; sid:37232241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 77.105.132.94 8080 (msg: "MISP e26400 [] Outgoing To IP: 77.105.132.94|8080"; classtype:trojan-activity; sid:37258151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 77.105.132.94 80 (msg: "MISP e26400 [] Outgoing To IP: 77.105.132.94|80"; classtype:trojan-activity; sid:37258161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 77.105.132.94 465 (msg: "MISP e26400 [] Outgoing To IP: 77.105.132.94|465"; classtype:trojan-activity; sid:37258171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 77.105.132.94 4449 (msg: "MISP e26400 [] Outgoing To IP: 77.105.132.94|4449"; classtype:trojan-activity; sid:37258181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 46.246.12.14 1994 (msg: "MISP e26400 [] Outgoing To IP: 46.246.12.14|1994"; classtype:trojan-activity; sid:37258191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 45.153.230.56 7777 (msg: "MISP e26400 [] Outgoing To IP: 45.153.230.56|7777"; classtype:trojan-activity; sid:37258201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 3.125.209.94 14114 (msg: "MISP e26400 [] Outgoing To IP: 3.125.209.94|14114"; classtype:trojan-activity; sid:37258211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26297 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//yegfhdbcnxvzaheiopfhjd.ydns.eu/ESH.exe"; flow:to_server,established; http.header; content:"yegfhdbcnxvzaheiopfhjd.ydns.eu"; fast_pattern; nocase; http.uri; content:"/ESH.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37240231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26297;) alert dns any any -> any any (msg: "MISP e28740 [] Domain maconlineoffice.com"; dns.query; content:"maconlineoffice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])maconlineoffice\.com$/i"; classtype:trojan-activity; sid:38706581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28740;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28740 [] Outgoing HTTP Domain maconlineoffice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maconlineoffice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maconlineoffice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38706582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28740;) alert ip $HOME_NET any -> 193.29.13.167 any (msg: "MISP e28740 [] Outgoing To IP: 193.29.13.167"; classtype:trojan-activity; sid:38706591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28740;) alert ip $HOME_NET any -> 88.214.26.22 any (msg: "MISP e28740 [] Outgoing To IP: 88.214.26.22"; classtype:trojan-activity; sid:38706601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28740;) alert dns any any -> any any (msg: "MISP e26247 [] Domain personas.milab.digital"; dns.query; content:"personas.milab.digital"; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital$/i"; classtype:trojan-activity; sid:37231391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26247;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26247 [] Outgoing HTTP Domain personas.milab.digital"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"personas.milab.digital"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37231392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26247;) alert dns any any -> any any (msg: "MISP e26327 [] Domain proximus-client.ddns.net"; dns.query; content:"proximus-client.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])proximus\-client\.ddns\.net$/i"; classtype:trojan-activity; sid:37251671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26327;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26327 [] Outgoing HTTP Domain proximus-client.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"proximus-client.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])proximus\-client\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26327;) alert dns any any -> any any (msg: "MISP e26375 [] Domain magnivetaman.com"; dns.query; content:"magnivetaman.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])magnivetaman\.com$/i"; classtype:trojan-activity; sid:37253041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Domain magnivetaman.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"magnivetaman.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])magnivetaman\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert ip $HOME_NET any -> 5.39.43.50 7777 (msg: "MISP e26400 [] Outgoing To IP: 5.39.43.50|7777"; classtype:trojan-activity; sid:37258221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 181.71.216.30 4040 (msg: "MISP e26248 [asyncrat,RAT] Outgoing To IP: 181.71.216.30|4040"; classtype:trojan-activity; sid:37232261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e28739 [] Hostname lapz.ddns.net"; dns.query; content:"lapz.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lapz\.ddns\.net$/i"; classtype:trojan-activity; sid:38706041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28739;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28739 [] Outgoing HTTP Hostname lapz.ddns.net"; flow:to_server,established; http.header; content: "Host|3a| lapz.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lapz\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38706042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28739;) alert dns any any -> any any (msg: "MISP e28739 [] Hostname exchangeupgrade.ddns.net"; dns.query; content:"exchangeupgrade.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exchangeupgrade\.ddns\.net$/i"; classtype:trojan-activity; sid:38706051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28739;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28739 [] Outgoing HTTP Hostname exchangeupgrade.ddns.net"; flow:to_server,established; http.header; content: "Host|3a| exchangeupgrade.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exchangeupgrade\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38706052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28739;) alert dns any any -> any any (msg: "MISP e28739 [] Hostname exchangeserver.zapto.org"; dns.query; content:"exchangeserver.zapto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exchangeserver\.zapto\.org$/i"; classtype:trojan-activity; sid:38706061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28739;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28739 [] Outgoing HTTP Hostname exchangeserver.zapto.org"; flow:to_server,established; http.header; content: "Host|3a| exchangeserver.zapto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exchangeserver\.zapto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38706062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28739;) alert ip $HOME_NET any -> 181.71.216.30 4040 (msg: "MISP e26400 [] Outgoing To IP: 181.71.216.30|4040"; classtype:trojan-activity; sid:37258231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e28738 [] Domain sachacel.ru"; dns.query; content:"sachacel.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])sachacel\.ru$/i"; classtype:trojan-activity; sid:38705711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28738 [] Outgoing HTTP Domain sachacel.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sachacel.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sachacel\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert dns any any -> any any (msg: "MISP e28738 [] Domain lobnya.com"; dns.query; content:"lobnya.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lobnya\.com$/i"; classtype:trojan-activity; sid:38705721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28738 [] Outgoing HTTP Domain lobnya.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lobnya.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lobnya\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert dns any any -> any any (msg: "MISP e28738 [] Domain makeapp.today"; dns.query; content:"makeapp.today"; nocase; pcre: "/(^|[^A-Za-z0-9-])makeapp\.today$/i"; classtype:trojan-activity; sid:38705731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28738 [] Outgoing HTTP Domain makeapp.today"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"makeapp.today"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])makeapp\.today[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert dns any any -> any any (msg: "MISP e28738 [] Domain alexhost.com"; dns.query; content:"alexhost.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])alexhost\.com$/i"; classtype:trojan-activity; sid:38705741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28738 [] Outgoing HTTP Domain alexhost.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"alexhost.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])alexhost\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert dns any any -> any any (msg: "MISP e28738 [] Domain mol.ru"; dns.query; content:"mol.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])mol\.ru$/i"; classtype:trojan-activity; sid:38705751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28738 [] Outgoing HTTP Domain mol.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mol.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mol\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert dns any any -> any any (msg: "MISP e28738 [] Domain smartape.net"; dns.query; content:"smartape.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])smartape\.net$/i"; classtype:trojan-activity; sid:38705761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28738 [] Outgoing HTTP Domain smartape.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smartape.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smartape\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert dns any any -> any any (msg: "MISP e28738 [] Domain airtel.com"; dns.query; content:"airtel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])airtel\.com$/i"; classtype:trojan-activity; sid:38705771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28738 [] Outgoing HTTP Domain airtel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"airtel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])airtel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert dns any any -> any any (msg: "MISP e28738 [] Domain mtnonline.com"; dns.query; content:"mtnonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mtnonline\.com$/i"; classtype:trojan-activity; sid:38705781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28738 [] Outgoing HTTP Domain mtnonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mtnonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mtnonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert dns any any -> any any (msg: "MISP e28738 [] Domain acedatacenter.com"; dns.query; content:"acedatacenter.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])acedatacenter\.com$/i"; classtype:trojan-activity; sid:38705791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28738 [] Outgoing HTTP Domain acedatacenter.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"acedatacenter.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])acedatacenter\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28738;) alert dns any any -> any any (msg: "MISP e28736 [] Domain q905hr35.life"; dns.query; content:"q905hr35.life"; nocase; pcre: "/(^|[^A-Za-z0-9-])q905hr35\.life$/i"; classtype:trojan-activity; sid:38705081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28736;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28736 [] Outgoing HTTP Domain q905hr35.life"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"q905hr35.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])q905hr35\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28736;) alert ip $HOME_NET any -> 49.13.76.144 443 (msg: "MISP e28736 [] Outgoing To IP: 49.13.76.144|443"; classtype:trojan-activity; sid:38705091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28736;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28736 [] Source Email Address: info@quarlesaa[.]com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"info@quarlesaa[.]com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38705101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28736;) alert dns any any -> any any (msg: "MISP e26310 [] Domain lawwormroleveinn.mom"; dns.query; content:"lawwormroleveinn.mom"; nocase; pcre: "/(^|[^A-Za-z0-9-])lawwormroleveinn\.mom$/i"; classtype:trojan-activity; sid:37243291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26310 [] Outgoing HTTP Domain lawwormroleveinn.mom"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lawwormroleveinn.mom"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lawwormroleveinn\.mom[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243292; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert dns any any -> any any (msg: "MISP e26310 [] Domain baketransparentadw.pics"; dns.query; content:"baketransparentadw.pics"; nocase; pcre: "/(^|[^A-Za-z0-9-])baketransparentadw\.pics$/i"; classtype:trojan-activity; sid:37243301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26310 [] Outgoing HTTP Domain baketransparentadw.pics"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"baketransparentadw.pics"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])baketransparentadw\.pics[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243302; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert dns any any -> any any (msg: "MISP e26310 [] Domain legislationdictater.mom"; dns.query; content:"legislationdictater.mom"; nocase; pcre: "/(^|[^A-Za-z0-9-])legislationdictater\.mom$/i"; classtype:trojan-activity; sid:37243311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26310 [] Outgoing HTTP Domain legislationdictater.mom"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"legislationdictater.mom"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])legislationdictater\.mom[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243312; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert dns any any -> any any (msg: "MISP e26310 [] Domain mercyaloofprincipleo.pics"; dns.query; content:"mercyaloofprincipleo.pics"; nocase; pcre: "/(^|[^A-Za-z0-9-])mercyaloofprincipleo\.pics$/i"; classtype:trojan-activity; sid:37243321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26310 [] Outgoing HTTP Domain mercyaloofprincipleo.pics"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mercyaloofprincipleo.pics"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mercyaloofprincipleo\.pics[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243322; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert dns any any -> any any (msg: "MISP e26310 [] Domain brakesummitfiightre.pics"; dns.query; content:"brakesummitfiightre.pics"; nocase; pcre: "/(^|[^A-Za-z0-9-])brakesummitfiightre\.pics$/i"; classtype:trojan-activity; sid:37243331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26310 [] Outgoing HTTP Domain brakesummitfiightre.pics"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brakesummitfiightre.pics"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brakesummitfiightre\.pics[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243332; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert dns any any -> any any (msg: "MISP e26310 [] Domain colonmoonmushroo.mom"; dns.query; content:"colonmoonmushroo.mom"; nocase; pcre: "/(^|[^A-Za-z0-9-])colonmoonmushroo\.mom$/i"; classtype:trojan-activity; sid:37243341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26310 [] Outgoing HTTP Domain colonmoonmushroo.mom"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"colonmoonmushroo.mom"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])colonmoonmushroo\.mom[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37243342; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26310;) alert ip $HOME_NET any -> 45.140.147.91 4001 (msg: "MISP e26248 [SystemBC] Outgoing To IP: 45.140.147.91|4001"; classtype:trojan-activity; sid:37232271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 45.140.147.91 4001 (msg: "MISP e26400 [] Outgoing To IP: 45.140.147.91|4001"; classtype:trojan-activity; sid:37258241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain ccuk.edenexit.com"; dns.query; content:"ccuk.edenexit.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ccuk\.edenexit\.com$/i"; classtype:trojan-activity; sid:37258251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain ccuk.edenexit.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ccuk.edenexit.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ccuk\.edenexit\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain winkimedia.it"; dns.query; content:"winkimedia.it"; nocase; pcre: "/(^|[^A-Za-z0-9-])winkimedia\.it$/i"; classtype:trojan-activity; sid:37258261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain winkimedia.it"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"winkimedia.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])winkimedia\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 8.222.251.253 32091 (msg: "MISP e26248 [Triada] Outgoing To IP: 8.222.251.253|32091"; classtype:trojan-activity; sid:37232281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 8.219.196.124 18038 (msg: "MISP e26248 [Triada] Outgoing To IP: 8.219.196.124|18038"; classtype:trojan-activity; sid:37232291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [Triada] Domain is5jg.3zweuj.com"; dns.query; content:"is5jg.3zweuj.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])is5jg\.3zweuj\.com$/i"; classtype:trojan-activity; sid:37232301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [Triada] Outgoing HTTP Domain is5jg.3zweuj.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"is5jg.3zweuj.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])is5jg\.3zweuj\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37232302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [Triada] Domain qxjjj.j7ute.com"; dns.query; content:"qxjjj.j7ute.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qxjjj\.j7ute\.com$/i"; classtype:trojan-activity; sid:37232311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [Triada] Outgoing HTTP Domain qxjjj.j7ute.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qxjjj.j7ute.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qxjjj\.j7ute\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37232312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AMAZON-02,AS16509,c2,censys] Domain ec2-13-214-29-253.ap-southeast-1.compute.amazonaws.com"; dns.query; content:"ec2-13-214-29-253.ap-southeast-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-214\-29\-253\.ap\-southeast\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37232341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-13-214-29-253.ap-southeast-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-214-29-253.ap-southeast-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-214\-29\-253\.ap\-southeast\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37232342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 45.148.244.206 18443 (msg: "MISP e26248 [ALEXHOST,AS200019,c2,censys] Outgoing To IP: 45.148.244.206|18443"; classtype:trojan-activity; sid:37232351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 42.193.10.78 48086 (msg: "MISP e26248 [AS45090,c2,censys] Outgoing To IP: 42.193.10.78|48086"; classtype:trojan-activity; sid:37232361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 185.165.169.113 34443 (msg: "MISP e26248 [AS200651,c2,censys,FLOKINET] Outgoing To IP: 185.165.169.113|34443"; classtype:trojan-activity; sid:37232371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 84.46.79.30 4433 (msg: "MISP e26248 [AS15943,c2,censys] Outgoing To IP: 84.46.79.30|4433"; classtype:trojan-activity; sid:37232381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 185.233.203.43 80 (msg: "MISP e26248 [AS200740,c2,censys,FIRST-SERVER-EU-AS] Outgoing To IP: 185.233.203.43|80"; classtype:trojan-activity; sid:37232391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 43.139.177.77 88 (msg: "MISP e26248 [AS45090,c2,censys] Outgoing To IP: 43.139.177.77|88"; classtype:trojan-activity; sid:37232401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 108.165.106.7 4433 (msg: "MISP e26248 [AS-GLOBALTELEHOST,AS63023,c2,censys] Outgoing To IP: 108.165.106.7|4433"; classtype:trojan-activity; sid:37232411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 39.104.230.184 6667 (msg: "MISP e26248 [AS37963,c2,censys] Outgoing To IP: 39.104.230.184|6667"; classtype:trojan-activity; sid:37232421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 167.235.58.45 443 (msg: "MISP e26248 [AS24940,c2,censys,HETZNER-AS] Outgoing To IP: 167.235.58.45|443"; classtype:trojan-activity; sid:37232431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 139.9.41.156 81 (msg: "MISP e26248 [AS55990,c2,censys] Outgoing To IP: 139.9.41.156|81"; classtype:trojan-activity; sid:37232441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 110.40.168.108 2053 (msg: "MISP e26248 [AS45090,c2,censys] Outgoing To IP: 110.40.168.108|2053"; classtype:trojan-activity; sid:37232451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 43.251.159.58 8637 (msg: "MISP e26248 [AS55799,c2,censys] Outgoing To IP: 43.251.159.58|8637"; classtype:trojan-activity; sid:37232461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 68.183.111.170 81 (msg: "MISP e26248 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 68.183.111.170|81"; classtype:trojan-activity; sid:37232471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 139.9.62.69 8080 (msg: "MISP e26248 [AS55990,c2,censys] Outgoing To IP: 139.9.62.69|8080"; classtype:trojan-activity; sid:37232481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 119.91.200.209 24443 (msg: "MISP e26248 [AS45090,c2,censys] Outgoing To IP: 119.91.200.209|24443"; classtype:trojan-activity; sid:37232491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 187.135.95.35 2078 (msg: "MISP e26248 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.95.35|2078"; classtype:trojan-activity; sid:37232501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 103.66.59.20 8888 (msg: "MISP e26248 [AS55020,c2,censys,IDCCLOUD,Supershell] Outgoing To IP: 103.66.59.20|8888"; classtype:trojan-activity; sid:37232511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 51.89.199.122 6606 (msg: "MISP e26248 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 51.89.199.122|6606"; classtype:trojan-activity; sid:37232521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 192.250.225.3 8088 (msg: "MISP e26248 [AS14670,c2,censys,RAT,WHG-USE1] Outgoing To IP: 192.250.225.3|8088"; classtype:trojan-activity; sid:37232531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 186.170.96.237 8888 (msg: "MISP e26248 [AS3816,c2,censys,RAT] Outgoing To IP: 186.170.96.237|8888"; classtype:trojan-activity; sid:37232541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 178.73.218.5 2000 (msg: "MISP e26248 [AS42708,c2,censys,RAT] Outgoing To IP: 178.73.218.5|2000"; classtype:trojan-activity; sid:37232551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 138.201.176.60 6606 (msg: "MISP e26248 [AS24940,c2,censys,HETZNER-AS,RAT] Outgoing To IP: 138.201.176.60|6606"; classtype:trojan-activity; sid:37232561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 138.201.176.60 8808 (msg: "MISP e26248 [AS24940,c2,censys,HETZNER-AS,RAT] Outgoing To IP: 138.201.176.60|8808"; classtype:trojan-activity; sid:37232571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 37.1.214.209 1111 (msg: "MISP e26248 [AS29802,c2,censys,HVC-AS,RAT] Outgoing To IP: 37.1.214.209|1111"; classtype:trojan-activity; sid:37232581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 69.46.36.215 7443 (msg: "MISP e26248 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.215|7443"; classtype:trojan-activity; sid:37232591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 69.46.36.209 443 (msg: "MISP e26248 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.209|443"; classtype:trojan-activity; sid:37232601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 69.46.36.220 443 (msg: "MISP e26248 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.220|443"; classtype:trojan-activity; sid:37232611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 69.46.36.216 443 (msg: "MISP e26248 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.216|443"; classtype:trojan-activity; sid:37232621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 69.46.36.217 443 (msg: "MISP e26248 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.217|443"; classtype:trojan-activity; sid:37232631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26248 [Dondigidon,KjGtqi,Lumma,stealer,ViaCrackSite] Outgoing URL http|3a|//bleednumberrottern.homes/api"; flow:to_server,established; http.header; content:"bleednumberrottern.homes"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26248 [Dondigidon,KjGtqi,Lumma,stealer,ViaCrackSite] Outgoing URL http|3a|//brakesummitfiightre.pics/api"; flow:to_server,established; http.header; content:"brakesummitfiightre.pics"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 69.46.36.219 7443 (msg: "MISP e26248 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.219|7443"; classtype:trojan-activity; sid:37232661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26248 [Dondigidon,KjGtqi,Lumma,stealer,ViaCrackSite] Outgoing URL http|3a|//legislationdictater.mom/api"; flow:to_server,established; http.header; content:"legislationdictater.mom"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 134.255.233.199 63443 (msg: "MISP e26248 [AS30823,c2,censys,Mythic] Outgoing To IP: 134.255.233.199|63443"; classtype:trojan-activity; sid:37232681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26248 [Dondigidon,KjGtqi,Lumma,stealer,ViaCrackSite] Outgoing URL http|3a|//developmentalveiop.homes/api"; flow:to_server,established; http.header; content:"developmentalveiop.homes"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 69.46.36.208 443 (msg: "MISP e26248 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.208|443"; classtype:trojan-activity; sid:37232701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26248 [Dondigidon,KjGtqi,Lumma,stealer,ViaCrackSite] Outgoing URL http|3a|//baketransparentadw.pics/api"; flow:to_server,established; http.header; content:"baketransparentadw.pics"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Domain gymlog.de"; dns.query; content:"gymlog.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymlog\.de$/i"; classtype:trojan-activity; sid:37232721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing HTTP Domain gymlog.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymlog.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymlog\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37232722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26248 [Dondigidon,KjGtqi,Lumma,stealer,ViaCrackSite] Outgoing URL http|3a|//lawwormroleveinn.mom/api"; flow:to_server,established; http.header; content:"lawwormroleveinn.mom"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 69.46.36.211 443 (msg: "MISP e26248 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.211|443"; classtype:trojan-activity; sid:37232741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26248 [Dondigidon,KjGtqi,Lumma,stealer,ViaCrackSite] Outgoing URL http|3a|//hunterstrawmersp.homes/api"; flow:to_server,established; http.header; content:"hunterstrawmersp.homes"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26248 [Dondigidon,KjGtqi,Lumma,stealer,ViaCrackSite] Outgoing URL http|3a|//mercyaloofprincipleo.pics/api"; flow:to_server,established; http.header; content:"mercyaloofprincipleo.pics"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 69.46.36.211 7443 (msg: "MISP e26248 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.211|7443"; classtype:trojan-activity; sid:37232771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26248 [Dondigidon,KjGtqi,Lumma,stealer,ViaCrackSite] Outgoing URL http|3a|//townsfolkhiwoeko.fun/api"; flow:to_server,established; http.header; content:"townsfolkhiwoeko.fun"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37232781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 69.46.36.218 443 (msg: "MISP e26248 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.218|443"; classtype:trojan-activity; sid:37232791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 69.46.36.218 7443 (msg: "MISP e26248 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.218|7443"; classtype:trojan-activity; sid:37232801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 176.123.168.157 80 (msg: "MISP e26248 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 176.123.168.157|80"; classtype:trojan-activity; sid:37232811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 185.216.70.198 80 (msg: "MISP e26248 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 185.216.70.198|80"; classtype:trojan-activity; sid:37232821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 185.216.70.107 80 (msg: "MISP e26248 [AS216289,c2,censys,HookBot,SIRCROSAR-NET] Outgoing To IP: 185.216.70.107|80"; classtype:trojan-activity; sid:37232831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AS12876,c2,censys,HookBot] Domain great-burnell.62-210-130-233.plesk.page"; dns.query; content:"great-burnell.62-210-130-233.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])great\-burnell\.62\-210\-130\-233\.plesk\.page$/i"; classtype:trojan-activity; sid:37232841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AS12876,c2,censys,HookBot] Outgoing HTTP Domain great-burnell.62-210-130-233.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"great-burnell.62-210-130-233.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])great\-burnell\.62\-210\-130\-233\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37232842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 146.190.36.87 80 (msg: "MISP e26248 [AS14061,c2,censys,DIGITALOCEAN-ASN,HookBot] Outgoing To IP: 146.190.36.87|80"; classtype:trojan-activity; sid:37232851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AS12876,c2,censys,HookBot] Domain funny-kirch.62-210-130-233.plesk.page"; dns.query; content:"funny-kirch.62-210-130-233.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])funny\-kirch\.62\-210\-130\-233\.plesk\.page$/i"; classtype:trojan-activity; sid:37232861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AS12876,c2,censys,HookBot] Outgoing HTTP Domain funny-kirch.62-210-130-233.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"funny-kirch.62-210-130-233.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])funny\-kirch\.62\-210\-130\-233\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37232862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 46.246.12.14 1994 (msg: "MISP e26248 [njrat,RAT] Outgoing To IP: 46.246.12.14|1994"; classtype:trojan-activity; sid:37232251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 194.147.140.176 2222 (msg: "MISP e26248 [AS208476,c2,censys,PRIVACYFIRST,RAT] Outgoing To IP: 194.147.140.176|2222"; classtype:trojan-activity; sid:37232871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 172.207.72.220 80 (msg: "MISP e26248 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT] Outgoing To IP: 172.207.72.220|80"; classtype:trojan-activity; sid:37232881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 181.161.13.84 8080 (msg: "MISP e26248 [AS7418,c2,censys,RAT] Outgoing To IP: 181.161.13.84|8080"; classtype:trojan-activity; sid:37232891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 27.124.46.236 8080 (msg: "MISP e26248 [AS64050,c2,censys,RAT] Outgoing To IP: 27.124.46.236|8080"; classtype:trojan-activity; sid:37232901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 27.124.46.227 8080 (msg: "MISP e26248 [AS64050,c2,censys,RAT] Outgoing To IP: 27.124.46.227|8080"; classtype:trojan-activity; sid:37232911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 88.184.9.216 4444 (msg: "MISP e26248 [AS12322,c2,censys,PROXAD,RAT] Outgoing To IP: 88.184.9.216|4444"; classtype:trojan-activity; sid:37232921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 27.124.46.142 8080 (msg: "MISP e26248 [AS64050,c2,censys,RAT] Outgoing To IP: 27.124.46.142|8080"; classtype:trojan-activity; sid:37232931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 51.159.175.8 443 (msg: "MISP e26248 [AS12876,c2,censys] Outgoing To IP: 51.159.175.8|443"; classtype:trojan-activity; sid:37232941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 185.236.234.129 443 (msg: "MISP e26248 [AS44477,c2,censys,STARK-INDUSTRIES] Outgoing To IP: 185.236.234.129|443"; classtype:trojan-activity; sid:37232951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 94.156.65.16 443 (msg: "MISP e26248 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.65.16|443"; classtype:trojan-activity; sid:37232961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain 161-35-239-147.cprapid.com"; dns.query; content:"161-35-239-147.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])161\-35\-239\-147\.cprapid\.com$/i"; classtype:trojan-activity; sid:37232971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain 161-35-239-147.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"161-35-239-147.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])161\-35\-239\-147\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37232972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AS12876,c2,censys] Domain glptestasets.com"; dns.query; content:"glptestasets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])glptestasets\.com$/i"; classtype:trojan-activity; sid:37232981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AS12876,c2,censys] Outgoing HTTP Domain glptestasets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"glptestasets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])glptestasets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37232982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AS30823,c2,censys] Domain vps-zap477067-1.zap-srv.com"; dns.query; content:"vps-zap477067-1.zap-srv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap477067\-1\.zap\-srv\.com$/i"; classtype:trojan-activity; sid:37232991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AS30823,c2,censys] Outgoing HTTP Domain vps-zap477067-1.zap-srv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vps-zap477067-1.zap-srv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap477067\-1\.zap\-srv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37232992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AS12876,c2,censys] Domain www.glptestasets.com"; dns.query; content:"www.glptestasets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.glptestasets\.com$/i"; classtype:trojan-activity; sid:37233001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AS12876,c2,censys] Outgoing HTTP Domain www.glptestasets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.glptestasets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.glptestasets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 3.68.135.109 80 (msg: "MISP e26248 [AMAZON-02,AS16509,c2,censys] Outgoing To IP: 3.68.135.109|80"; classtype:trojan-activity; sid:37233011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 85.202.160.45 80 (msg: "MISP e26248 [AMBYRE,AS13627,c2,censys] Outgoing To IP: 85.202.160.45|80"; classtype:trojan-activity; sid:37233021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 77.105.132.7 80 (msg: "MISP e26248 [AS215939,c2,censys,WERNER-AS] Outgoing To IP: 77.105.132.7|80"; classtype:trojan-activity; sid:37233031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 34.116.204.231 5000 (msg: "MISP e26248 [AS396982,botnet,byob,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.116.204.231|5000"; classtype:trojan-activity; sid:37233041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 147.45.45.0 80 (msg: "MISP e26248 [AS215826,c2,censys,PARTNER-HOSTING-LTD,UNAM] Outgoing To IP: 147.45.45.0|80"; classtype:trojan-activity; sid:37233051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 188.116.24.193 80 (msg: "MISP e26248 [AS58061,c2,censys,SCALAXY-AS,UNAM] Outgoing To IP: 188.116.24.193|80"; classtype:trojan-activity; sid:37233061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 188.116.24.193 443 (msg: "MISP e26248 [AS58061,c2,censys,SCALAXY-AS,UNAM] Outgoing To IP: 188.116.24.193|443"; classtype:trojan-activity; sid:37233071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AS-REG,AS197695,c2,censys,UNAM] Domain www.miner.bitron-mining.online"; dns.query; content:"www.miner.bitron-mining.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.miner\.bitron\-mining\.online$/i"; classtype:trojan-activity; sid:37233081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AS-REG,AS197695,c2,censys,UNAM] Outgoing HTTP Domain www.miner.bitron-mining.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.miner.bitron-mining.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.miner\.bitron\-mining\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AS-REG,AS197695,c2,censys,UNAM] Domain miner.bitron-mining.online"; dns.query; content:"miner.bitron-mining.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])miner\.bitron\-mining\.online$/i"; classtype:trojan-activity; sid:37233091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AS-REG,AS197695,c2,censys,UNAM] Outgoing HTTP Domain miner.bitron-mining.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"miner.bitron-mining.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])miner\.bitron\-mining\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AS24940,c2,censys,HETZNER-AS,Loader,T34loader] Domain static.156.235.21.65.clients.your-server.de"; dns.query; content:"static.156.235.21.65.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.156\.235\.21\.65\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37233101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AS24940,c2,censys,HETZNER-AS,Loader,T34loader] Outgoing HTTP Domain static.156.235.21.65.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.156.235.21.65.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.156\.235\.21\.65\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 24.199.69.112 60000 (msg: "MISP e26248 [AS14061,censys,DIGITALOCEAN-ASN,Viper] Outgoing To IP: 24.199.69.112|60000"; classtype:trojan-activity; sid:37233111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 137.184.234.102 60000 (msg: "MISP e26248 [AS14061,censys,DIGITALOCEAN-ASN,Viper] Outgoing To IP: 137.184.234.102|60000"; classtype:trojan-activity; sid:37233121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain www.cranky-easley.142-11-199-59.plesk.page"; dns.query; content:"www.cranky-easley.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cranky\-easley\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37233131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain www.cranky-easley.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.cranky-easley.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cranky\-easley\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 64.225.28.1 3333 (msg: "MISP e26248 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 64.225.28.1|3333"; classtype:trojan-activity; sid:37233141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 147.45.106.5 1234 (msg: "MISP e26248 [AS9123,censys,GoPhish,phishing,TIMEWEB-AS] Outgoing To IP: 147.45.106.5|1234"; classtype:trojan-activity; sid:37233151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 87.106.121.244 3333 (msg: "MISP e26248 [AS8560,censys,GoPhish,phishing] Outgoing To IP: 87.106.121.244|3333"; classtype:trojan-activity; sid:37233161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 3.12.9.12 8443 (msg: "MISP e26248 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.12.9.12|8443"; classtype:trojan-activity; sid:37233171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 185.199.52.140 8888 (msg: "MISP e26248 [AS-HOSTINGER,AS47583,censys,GoPhish,phishing] Outgoing To IP: 185.199.52.140|8888"; classtype:trojan-activity; sid:37233181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 34.121.174.173 3333 (msg: "MISP e26248 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.121.174.173|3333"; classtype:trojan-activity; sid:37233191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 176.53.182.97 4444 (msg: "MISP e26248 [AS203714,censys,GoPhish,LLCFLEX-AS,phishing] Outgoing To IP: 176.53.182.97|4444"; classtype:trojan-activity; sid:37233201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 52.188.58.183 3333 (msg: "MISP e26248 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 52.188.58.183|3333"; classtype:trojan-activity; sid:37233211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 64.176.169.200 443 (msg: "MISP e26248 [AS-CHOOPA,AS20473,censys,GoPhish,phishing] Outgoing To IP: 64.176.169.200|443"; classtype:trojan-activity; sid:37233221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 44.213.214.182 443 (msg: "MISP e26248 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 44.213.214.182|443"; classtype:trojan-activity; sid:37233231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 119.91.248.126 8421 (msg: "MISP e26248 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 119.91.248.126|8421"; classtype:trojan-activity; sid:37233241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 5.249.160.250 80 (msg: "MISP e26248 [AS30823,AveMariaRAT,c2,censys,RAT] Outgoing To IP: 5.249.160.250|80"; classtype:trojan-activity; sid:37233251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 172.205.219.119 80 (msg: "MISP e26248 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 172.205.219.119|80"; classtype:trojan-activity; sid:37233261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 95.20.241.72 443 (msg: "MISP e26248 [AS12479,c2,censys,UNI2-AS] Outgoing To IP: 95.20.241.72|443"; classtype:trojan-activity; sid:37233271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 95.20.241.72 443 (msg: "MISP e26400 [] Outgoing To IP: 95.20.241.72|443"; classtype:trojan-activity; sid:37258271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 172.205.219.119 80 (msg: "MISP e26400 [] Outgoing To IP: 172.205.219.119|80"; classtype:trojan-activity; sid:37258281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 5.249.160.250 80 (msg: "MISP e26400 [] Outgoing To IP: 5.249.160.250|80"; classtype:trojan-activity; sid:37258291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 119.91.248.126 8421 (msg: "MISP e26400 [] Outgoing To IP: 119.91.248.126|8421"; classtype:trojan-activity; sid:37258301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 44.213.214.182 443 (msg: "MISP e26400 [] Outgoing To IP: 44.213.214.182|443"; classtype:trojan-activity; sid:37258311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 64.176.169.200 443 (msg: "MISP e26400 [] Outgoing To IP: 64.176.169.200|443"; classtype:trojan-activity; sid:37258321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 52.188.58.183 3333 (msg: "MISP e26400 [] Outgoing To IP: 52.188.58.183|3333"; classtype:trojan-activity; sid:37258331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 176.53.182.97 4444 (msg: "MISP e26400 [] Outgoing To IP: 176.53.182.97|4444"; classtype:trojan-activity; sid:37258341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 34.121.174.173 3333 (msg: "MISP e26400 [] Outgoing To IP: 34.121.174.173|3333"; classtype:trojan-activity; sid:37258351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 185.199.52.140 8888 (msg: "MISP e26400 [] Outgoing To IP: 185.199.52.140|8888"; classtype:trojan-activity; sid:37258361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 3.12.9.12 8443 (msg: "MISP e26400 [] Outgoing To IP: 3.12.9.12|8443"; classtype:trojan-activity; sid:37258371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 87.106.121.244 3333 (msg: "MISP e26400 [] Outgoing To IP: 87.106.121.244|3333"; classtype:trojan-activity; sid:37258381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 147.45.106.5 1234 (msg: "MISP e26400 [] Outgoing To IP: 147.45.106.5|1234"; classtype:trojan-activity; sid:37258391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 64.225.28.1 3333 (msg: "MISP e26400 [] Outgoing To IP: 64.225.28.1|3333"; classtype:trojan-activity; sid:37258401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain www.cranky-easley.142-11-199-59.plesk.page"; dns.query; content:"www.cranky-easley.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cranky\-easley\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37258411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain www.cranky-easley.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.cranky-easley.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cranky\-easley\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 137.184.234.102 60000 (msg: "MISP e26400 [] Outgoing To IP: 137.184.234.102|60000"; classtype:trojan-activity; sid:37258421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 24.199.69.112 60000 (msg: "MISP e26400 [] Outgoing To IP: 24.199.69.112|60000"; classtype:trojan-activity; sid:37258431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain static.156.235.21.65.clients.your-server.de"; dns.query; content:"static.156.235.21.65.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.156\.235\.21\.65\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37258441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain static.156.235.21.65.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.156.235.21.65.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.156\.235\.21\.65\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain www.miner.bitron-mining.online"; dns.query; content:"www.miner.bitron-mining.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.miner\.bitron\-mining\.online$/i"; classtype:trojan-activity; sid:37258451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain www.miner.bitron-mining.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.miner.bitron-mining.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.miner\.bitron\-mining\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain miner.bitron-mining.online"; dns.query; content:"miner.bitron-mining.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])miner\.bitron\-mining\.online$/i"; classtype:trojan-activity; sid:37258461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain miner.bitron-mining.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"miner.bitron-mining.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])miner\.bitron\-mining\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 188.116.24.193 443 (msg: "MISP e26400 [] Outgoing To IP: 188.116.24.193|443"; classtype:trojan-activity; sid:37258471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 188.116.24.193 80 (msg: "MISP e26400 [] Outgoing To IP: 188.116.24.193|80"; classtype:trojan-activity; sid:37258481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 147.45.45.0 80 (msg: "MISP e26400 [] Outgoing To IP: 147.45.45.0|80"; classtype:trojan-activity; sid:37258491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 34.116.204.231 5000 (msg: "MISP e26400 [] Outgoing To IP: 34.116.204.231|5000"; classtype:trojan-activity; sid:37258501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 77.105.132.7 80 (msg: "MISP e26400 [] Outgoing To IP: 77.105.132.7|80"; classtype:trojan-activity; sid:37258511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 85.202.160.45 80 (msg: "MISP e26400 [] Outgoing To IP: 85.202.160.45|80"; classtype:trojan-activity; sid:37258521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 3.68.135.109 80 (msg: "MISP e26400 [] Outgoing To IP: 3.68.135.109|80"; classtype:trojan-activity; sid:37258531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain www.glptestasets.com"; dns.query; content:"www.glptestasets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.glptestasets\.com$/i"; classtype:trojan-activity; sid:37258541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain www.glptestasets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.glptestasets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.glptestasets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain vps-zap477067-1.zap-srv.com"; dns.query; content:"vps-zap477067-1.zap-srv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap477067\-1\.zap\-srv\.com$/i"; classtype:trojan-activity; sid:37258551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain vps-zap477067-1.zap-srv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vps-zap477067-1.zap-srv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap477067\-1\.zap\-srv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain 161-35-239-147.cprapid.com"; dns.query; content:"161-35-239-147.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])161\-35\-239\-147\.cprapid\.com$/i"; classtype:trojan-activity; sid:37258561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain 161-35-239-147.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"161-35-239-147.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])161\-35\-239\-147\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain glptestasets.com"; dns.query; content:"glptestasets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])glptestasets\.com$/i"; classtype:trojan-activity; sid:37258571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain glptestasets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"glptestasets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])glptestasets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 94.156.65.16 443 (msg: "MISP e26400 [] Outgoing To IP: 94.156.65.16|443"; classtype:trojan-activity; sid:37258581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 51.159.175.8 443 (msg: "MISP e26400 [] Outgoing To IP: 51.159.175.8|443"; classtype:trojan-activity; sid:37258591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 185.236.234.129 443 (msg: "MISP e26400 [] Outgoing To IP: 185.236.234.129|443"; classtype:trojan-activity; sid:37258601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 27.124.46.142 8080 (msg: "MISP e26400 [] Outgoing To IP: 27.124.46.142|8080"; classtype:trojan-activity; sid:37258611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 88.184.9.216 4444 (msg: "MISP e26400 [] Outgoing To IP: 88.184.9.216|4444"; classtype:trojan-activity; sid:37258621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 27.124.46.236 8080 (msg: "MISP e26400 [] Outgoing To IP: 27.124.46.236|8080"; classtype:trojan-activity; sid:37258631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 27.124.46.227 8080 (msg: "MISP e26400 [] Outgoing To IP: 27.124.46.227|8080"; classtype:trojan-activity; sid:37258641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 181.161.13.84 8080 (msg: "MISP e26400 [] Outgoing To IP: 181.161.13.84|8080"; classtype:trojan-activity; sid:37258651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 172.207.72.220 80 (msg: "MISP e26400 [] Outgoing To IP: 172.207.72.220|80"; classtype:trojan-activity; sid:37258661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 194.147.140.176 2222 (msg: "MISP e26400 [] Outgoing To IP: 194.147.140.176|2222"; classtype:trojan-activity; sid:37258671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain funny-kirch.62-210-130-233.plesk.page"; dns.query; content:"funny-kirch.62-210-130-233.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])funny\-kirch\.62\-210\-130\-233\.plesk\.page$/i"; classtype:trojan-activity; sid:37258681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain funny-kirch.62-210-130-233.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"funny-kirch.62-210-130-233.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])funny\-kirch\.62\-210\-130\-233\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 146.190.36.87 80 (msg: "MISP e26400 [] Outgoing To IP: 146.190.36.87|80"; classtype:trojan-activity; sid:37258691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 185.216.70.107 80 (msg: "MISP e26400 [] Outgoing To IP: 185.216.70.107|80"; classtype:trojan-activity; sid:37258701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain great-burnell.62-210-130-233.plesk.page"; dns.query; content:"great-burnell.62-210-130-233.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])great\-burnell\.62\-210\-130\-233\.plesk\.page$/i"; classtype:trojan-activity; sid:37258711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain great-burnell.62-210-130-233.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"great-burnell.62-210-130-233.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])great\-burnell\.62\-210\-130\-233\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 185.216.70.198 80 (msg: "MISP e26400 [] Outgoing To IP: 185.216.70.198|80"; classtype:trojan-activity; sid:37258721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 176.123.168.157 80 (msg: "MISP e26400 [] Outgoing To IP: 176.123.168.157|80"; classtype:trojan-activity; sid:37258731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 69.46.36.218 7443 (msg: "MISP e26400 [] Outgoing To IP: 69.46.36.218|7443"; classtype:trojan-activity; sid:37258741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//townsfolkhiwoeko.fun/api"; flow:to_server,established; http.header; content:"townsfolkhiwoeko.fun"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 69.46.36.218 443 (msg: "MISP e26400 [] Outgoing To IP: 69.46.36.218|443"; classtype:trojan-activity; sid:37258761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 69.46.36.211 443 (msg: "MISP e26400 [] Outgoing To IP: 69.46.36.211|443"; classtype:trojan-activity; sid:37258771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//hunterstrawmersp.homes/api"; flow:to_server,established; http.header; content:"hunterstrawmersp.homes"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//mercyaloofprincipleo.pics/api"; flow:to_server,established; http.header; content:"mercyaloofprincipleo.pics"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 69.46.36.211 7443 (msg: "MISP e26400 [] Outgoing To IP: 69.46.36.211|7443"; classtype:trojan-activity; sid:37258801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain gymlog.de"; dns.query; content:"gymlog.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymlog\.de$/i"; classtype:trojan-activity; sid:37258811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain gymlog.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymlog.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymlog\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37258812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//lawwormroleveinn.mom/api"; flow:to_server,established; http.header; content:"lawwormroleveinn.mom"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//developmentalveiop.homes/api"; flow:to_server,established; http.header; content:"developmentalveiop.homes"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 69.46.36.208 443 (msg: "MISP e26400 [] Outgoing To IP: 69.46.36.208|443"; classtype:trojan-activity; sid:37258841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//baketransparentadw.pics/api"; flow:to_server,established; http.header; content:"baketransparentadw.pics"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//brakesummitfiightre.pics/api"; flow:to_server,established; http.header; content:"brakesummitfiightre.pics"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 69.46.36.219 7443 (msg: "MISP e26400 [] Outgoing To IP: 69.46.36.219|7443"; classtype:trojan-activity; sid:37258871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//legislationdictater.mom/api"; flow:to_server,established; http.header; content:"legislationdictater.mom"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 134.255.233.199 63443 (msg: "MISP e26400 [] Outgoing To IP: 134.255.233.199|63443"; classtype:trojan-activity; sid:37258891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 69.46.36.217 443 (msg: "MISP e26400 [] Outgoing To IP: 69.46.36.217|443"; classtype:trojan-activity; sid:37258901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//bleednumberrottern.homes/api"; flow:to_server,established; http.header; content:"bleednumberrottern.homes"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37258911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 69.46.36.216 443 (msg: "MISP e26400 [] Outgoing To IP: 69.46.36.216|443"; classtype:trojan-activity; sid:37258921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 69.46.36.220 443 (msg: "MISP e26400 [] Outgoing To IP: 69.46.36.220|443"; classtype:trojan-activity; sid:37258931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 69.46.36.209 443 (msg: "MISP e26400 [] Outgoing To IP: 69.46.36.209|443"; classtype:trojan-activity; sid:37258941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 69.46.36.215 7443 (msg: "MISP e26400 [] Outgoing To IP: 69.46.36.215|7443"; classtype:trojan-activity; sid:37258951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 37.1.214.209 1111 (msg: "MISP e26400 [] Outgoing To IP: 37.1.214.209|1111"; classtype:trojan-activity; sid:37258961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 138.201.176.60 8808 (msg: "MISP e26400 [] Outgoing To IP: 138.201.176.60|8808"; classtype:trojan-activity; sid:37258971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 138.201.176.60 6606 (msg: "MISP e26400 [] Outgoing To IP: 138.201.176.60|6606"; classtype:trojan-activity; sid:37258981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 178.73.218.5 2000 (msg: "MISP e26400 [] Outgoing To IP: 178.73.218.5|2000"; classtype:trojan-activity; sid:37258991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 192.250.225.3 8088 (msg: "MISP e26400 [] Outgoing To IP: 192.250.225.3|8088"; classtype:trojan-activity; sid:37259001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 186.170.96.237 8888 (msg: "MISP e26400 [] Outgoing To IP: 186.170.96.237|8888"; classtype:trojan-activity; sid:37259011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 51.89.199.122 6606 (msg: "MISP e26400 [] Outgoing To IP: 51.89.199.122|6606"; classtype:trojan-activity; sid:37259021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 103.66.59.20 8888 (msg: "MISP e26400 [] Outgoing To IP: 103.66.59.20|8888"; classtype:trojan-activity; sid:37259031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 187.135.95.35 2078 (msg: "MISP e26400 [] Outgoing To IP: 187.135.95.35|2078"; classtype:trojan-activity; sid:37259041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 119.91.200.209 24443 (msg: "MISP e26400 [] Outgoing To IP: 119.91.200.209|24443"; classtype:trojan-activity; sid:37259051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 68.183.111.170 81 (msg: "MISP e26400 [] Outgoing To IP: 68.183.111.170|81"; classtype:trojan-activity; sid:37259061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 139.9.62.69 8080 (msg: "MISP e26400 [] Outgoing To IP: 139.9.62.69|8080"; classtype:trojan-activity; sid:37259071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 43.251.159.58 8637 (msg: "MISP e26400 [] Outgoing To IP: 43.251.159.58|8637"; classtype:trojan-activity; sid:37259081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 110.40.168.108 2053 (msg: "MISP e26400 [] Outgoing To IP: 110.40.168.108|2053"; classtype:trojan-activity; sid:37259091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 139.9.41.156 81 (msg: "MISP e26400 [] Outgoing To IP: 139.9.41.156|81"; classtype:trojan-activity; sid:37259101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 39.104.230.184 6667 (msg: "MISP e26400 [] Outgoing To IP: 39.104.230.184|6667"; classtype:trojan-activity; sid:37259111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 167.235.58.45 443 (msg: "MISP e26400 [] Outgoing To IP: 167.235.58.45|443"; classtype:trojan-activity; sid:37259121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 108.165.106.7 4433 (msg: "MISP e26400 [] Outgoing To IP: 108.165.106.7|4433"; classtype:trojan-activity; sid:37259131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 43.139.177.77 88 (msg: "MISP e26400 [] Outgoing To IP: 43.139.177.77|88"; classtype:trojan-activity; sid:37259141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 185.233.203.43 80 (msg: "MISP e26400 [] Outgoing To IP: 185.233.203.43|80"; classtype:trojan-activity; sid:37259151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 185.165.169.113 34443 (msg: "MISP e26400 [] Outgoing To IP: 185.165.169.113|34443"; classtype:trojan-activity; sid:37259161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 84.46.79.30 4433 (msg: "MISP e26400 [] Outgoing To IP: 84.46.79.30|4433"; classtype:trojan-activity; sid:37259171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 42.193.10.78 48086 (msg: "MISP e26400 [] Outgoing To IP: 42.193.10.78|48086"; classtype:trojan-activity; sid:37259181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 45.148.244.206 18443 (msg: "MISP e26400 [] Outgoing To IP: 45.148.244.206|18443"; classtype:trojan-activity; sid:37259191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain ec2-13-214-29-253.ap-southeast-1.compute.amazonaws.com"; dns.query; content:"ec2-13-214-29-253.ap-southeast-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-214\-29\-253\.ap\-southeast\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37259201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain ec2-13-214-29-253.ap-southeast-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-214-29-253.ap-southeast-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-214\-29\-253\.ap\-southeast\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain is5jg.3zweuj.com"; dns.query; content:"is5jg.3zweuj.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])is5jg\.3zweuj\.com$/i"; classtype:trojan-activity; sid:37259231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain is5jg.3zweuj.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"is5jg.3zweuj.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])is5jg\.3zweuj\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain qxjjj.j7ute.com"; dns.query; content:"qxjjj.j7ute.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qxjjj\.j7ute\.com$/i"; classtype:trojan-activity; sid:37259241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain qxjjj.j7ute.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qxjjj.j7ute.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qxjjj\.j7ute\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 8.222.251.253 32091 (msg: "MISP e26400 [] Outgoing To IP: 8.222.251.253|32091"; classtype:trojan-activity; sid:37259251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 8.219.196.124 18038 (msg: "MISP e26400 [] Outgoing To IP: 8.219.196.124|18038"; classtype:trojan-activity; sid:37259261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 77.105.132.92 any (msg: "MISP e26311 [] Outgoing To IP: 77.105.132.92"; classtype:trojan-activity; sid:37243511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26311;) alert dns any any -> any any (msg: "MISP e26413 [] Domain piter-news.net"; dns.query; content:"piter-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])piter\-news\.net$/i"; classtype:trojan-activity; sid:37285401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain piter-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"piter-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])piter\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain lenta.kharkiv.ua"; dns.query; content:"lenta.kharkiv.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])lenta\.kharkiv\.ua$/i"; classtype:trojan-activity; sid:37285411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain lenta.kharkiv.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lenta.kharkiv.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lenta\.kharkiv\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain moskva-news.com"; dns.query; content:"moskva-news.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])moskva\-news\.com$/i"; classtype:trojan-activity; sid:37285421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain moskva-news.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moskva-news.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moskva\-news\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.kharkiv.ua"; dns.query; content:"uanews.kharkiv.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.kharkiv\.ua$/i"; classtype:trojan-activity; sid:37285431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.kharkiv.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.kharkiv.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.kharkiv\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.kiev.ua"; dns.query; content:"topnews.kiev.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.kiev\.ua$/i"; classtype:trojan-activity; sid:37285441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.kiev.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.kiev.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.kiev\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.odessa.ua"; dns.query; content:"topnews.odessa.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.odessa\.ua$/i"; classtype:trojan-activity; sid:37285451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.odessa.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.odessa.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.odessa\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.odessa.ua"; dns.query; content:"uanews.odessa.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.odessa\.ua$/i"; classtype:trojan-activity; sid:37285461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.odessa.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.odessa.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.odessa\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain dneprnews.com.ua"; dns.query; content:"dneprnews.com.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])dneprnews\.com\.ua$/i"; classtype:trojan-activity; sid:37285471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain dneprnews.com.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dneprnews.com.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dneprnews\.com\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.dp.ua"; dns.query; content:"uanews.dp.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.dp\.ua$/i"; classtype:trojan-activity; sid:37285481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.dp.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.dp.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.dp\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.zp.ua"; dns.query; content:"topnews.zp.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.zp\.ua$/i"; classtype:trojan-activity; sid:37285491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.zp.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.zp.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.zp\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.zp.ua"; dns.query; content:"uanews.zp.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.zp\.ua$/i"; classtype:trojan-activity; sid:37285501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.zp.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.zp.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.zp\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain lenta.te.ua"; dns.query; content:"lenta.te.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])lenta\.te\.ua$/i"; classtype:trojan-activity; sid:37285511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain lenta.te.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lenta.te.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lenta\.te\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain lenta.lviv.ua"; dns.query; content:"lenta.lviv.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])lenta\.lviv\.ua$/i"; classtype:trojan-activity; sid:37285521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain lenta.lviv.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lenta.lviv.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lenta\.lviv\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain lenta.donetsk.ua"; dns.query; content:"lenta.donetsk.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])lenta\.donetsk\.ua$/i"; classtype:trojan-activity; sid:37285531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain lenta.donetsk.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lenta.donetsk.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lenta\.donetsk\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.uz.ua"; dns.query; content:"topnews.uz.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.uz\.ua$/i"; classtype:trojan-activity; sid:37285541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.uz.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.uz.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.uz\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.sebastopol.ua"; dns.query; content:"topnews.sebastopol.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.sebastopol\.ua$/i"; classtype:trojan-activity; sid:37285551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.sebastopol.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.sebastopol.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.sebastopol\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.sumy.ua"; dns.query; content:"topnews.sumy.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.sumy\.ua$/i"; classtype:trojan-activity; sid:37285561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.sumy.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.sumy.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.sumy\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.crimea.ua"; dns.query; content:"uanews.crimea.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.crimea\.ua$/i"; classtype:trojan-activity; sid:37285571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.crimea.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.crimea.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.crimea\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.sumy.ua"; dns.query; content:"uanews.sumy.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.sumy\.ua$/i"; classtype:trojan-activity; sid:37285581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.sumy.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.sumy.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.sumy\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain lenta.if.ua"; dns.query; content:"lenta.if.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])lenta\.if\.ua$/i"; classtype:trojan-activity; sid:37285591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain lenta.if.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lenta.if.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lenta\.if\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.km.ua"; dns.query; content:"topnews.km.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.km\.ua$/i"; classtype:trojan-activity; sid:37285601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.km.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.km.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.km\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.ks.ua"; dns.query; content:"topnews.ks.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.ks\.ua$/i"; classtype:trojan-activity; sid:37285611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.ks.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.ks.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.ks\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.lg.ua"; dns.query; content:"topnews.lg.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.lg\.ua$/i"; classtype:trojan-activity; sid:37285621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.lg.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.lg.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.lg\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.ck.ua"; dns.query; content:"uanews.ck.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.ck\.ua$/i"; classtype:trojan-activity; sid:37285631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.ck.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.ck.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.ck\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.cn.ua"; dns.query; content:"uanews.cn.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.cn\.ua$/i"; classtype:trojan-activity; sid:37285641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.cn.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.cn.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.cn\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.cv.ua"; dns.query; content:"uanews.cv.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.cv\.ua$/i"; classtype:trojan-activity; sid:37285651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.cv.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.cv.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.cv\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.if.ua"; dns.query; content:"uanews.if.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.if\.ua$/i"; classtype:trojan-activity; sid:37285661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.if.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.if.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.if\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.km.ua"; dns.query; content:"uanews.km.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.km\.ua$/i"; classtype:trojan-activity; sid:37285671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.km.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.km.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.km\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.kr.ua"; dns.query; content:"uanews.kr.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.kr\.ua$/i"; classtype:trojan-activity; sid:37285681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.kr.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.kr.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.kr\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.ks.ua"; dns.query; content:"uanews.ks.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.ks\.ua$/i"; classtype:trojan-activity; sid:37285691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.ks.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.ks.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.ks\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.lg.ua"; dns.query; content:"uanews.lg.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.lg\.ua$/i"; classtype:trojan-activity; sid:37285701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.lg.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.lg.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.lg\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.pl.ua"; dns.query; content:"uanews.pl.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.pl\.ua$/i"; classtype:trojan-activity; sid:37285711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.pl.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.pl.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.pl\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.rv.ua"; dns.query; content:"uanews.rv.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.rv\.ua$/i"; classtype:trojan-activity; sid:37285721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.rv.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.rv.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.rv\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.uz.ua"; dns.query; content:"uanews.uz.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.uz\.ua$/i"; classtype:trojan-activity; sid:37285731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.uz.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.uz.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.uz\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.vn.ua"; dns.query; content:"uanews.vn.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.vn\.ua$/i"; classtype:trojan-activity; sid:37285741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.vn.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.vn.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.vn\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.zt.ua"; dns.query; content:"uanews.zt.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.zt\.ua$/i"; classtype:trojan-activity; sid:37285751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.zt.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.zt.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.zt\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.donetsk.ua"; dns.query; content:"uanews.donetsk.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.donetsk\.ua$/i"; classtype:trojan-activity; sid:37285761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.donetsk.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.donetsk.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.donetsk\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.lviv.ua"; dns.query; content:"uanews.lviv.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.lviv\.ua$/i"; classtype:trojan-activity; sid:37285771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.lviv.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.lviv.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.lviv\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.volyn.ua"; dns.query; content:"topnews.volyn.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.volyn\.ua$/i"; classtype:trojan-activity; sid:37285781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.volyn.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.volyn.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.volyn\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.cv.ua"; dns.query; content:"topnews.cv.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.cv\.ua$/i"; classtype:trojan-activity; sid:37285791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.cv.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.cv.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.cv\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.te.ua"; dns.query; content:"uanews.te.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.te\.ua$/i"; classtype:trojan-activity; sid:37285801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.te.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.te.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.te\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uanews.volyn.ua"; dns.query; content:"uanews.volyn.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.volyn\.ua$/i"; classtype:trojan-activity; sid:37285811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uanews.volyn.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uanews.volyn.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uanews\.volyn\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kiev-news.com.ua"; dns.query; content:"kiev-news.com.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])kiev\-news\.com\.ua$/i"; classtype:trojan-activity; sid:37285821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kiev-news.com.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kiev-news.com.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kiev\-news\.com\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain niknews.com.ua"; dns.query; content:"niknews.com.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])niknews\.com\.ua$/i"; classtype:trojan-activity; sid:37285831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain niknews.com.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"niknews.com.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])niknews\.com\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.zt.ua"; dns.query; content:"topnews.zt.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.zt\.ua$/i"; classtype:trojan-activity; sid:37285841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.zt.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.zt.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.zt\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain nikolaevnews.com.ua"; dns.query; content:"nikolaevnews.com.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikolaevnews\.com\.ua$/i"; classtype:trojan-activity; sid:37285851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain nikolaevnews.com.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikolaevnews.com.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikolaevnews\.com\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.pl.ua"; dns.query; content:"topnews.pl.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.pl\.ua$/i"; classtype:trojan-activity; sid:37285861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.pl.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.pl.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.pl\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.rv.ua"; dns.query; content:"topnews.rv.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.rv\.ua$/i"; classtype:trojan-activity; sid:37285871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.rv.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.rv.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.rv\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.cn.ua"; dns.query; content:"topnews.cn.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.cn\.ua$/i"; classtype:trojan-activity; sid:37285881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.cn.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.cn.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.cn\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.ck.ua"; dns.query; content:"topnews.ck.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.ck\.ua$/i"; classtype:trojan-activity; sid:37285891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.ck.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.ck.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.ck\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.kr.ua"; dns.query; content:"topnews.kr.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.kr\.ua$/i"; classtype:trojan-activity; sid:37285901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.kr.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.kr.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.kr\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain topnews.vn.ua"; dns.query; content:"topnews.vn.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.vn\.ua$/i"; classtype:trojan-activity; sid:37285911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain topnews.vn.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topnews.vn.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topnews\.vn\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain crimea-news.com"; dns.query; content:"crimea-news.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])crimea\-news\.com$/i"; classtype:trojan-activity; sid:37285921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain crimea-news.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crimea-news.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crimea\-news\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain barnaul-news.net"; dns.query; content:"barnaul-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])barnaul\-news\.net$/i"; classtype:trojan-activity; sid:37285931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain barnaul-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"barnaul-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])barnaul\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain chelyabinsk-news.net"; dns.query; content:"chelyabinsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])chelyabinsk\-news\.net$/i"; classtype:trojan-activity; sid:37285941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain chelyabinsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chelyabinsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chelyabinsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain irkutsk-news.net"; dns.query; content:"irkutsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])irkutsk\-news\.net$/i"; classtype:trojan-activity; sid:37285951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain irkutsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"irkutsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])irkutsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain izhevsk-news.net"; dns.query; content:"izhevsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])izhevsk\-news\.net$/i"; classtype:trojan-activity; sid:37285961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain izhevsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"izhevsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])izhevsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kazan-news.net"; dns.query; content:"kazan-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kazan\-news\.net$/i"; classtype:trojan-activity; sid:37285971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kazan-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kazan-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kazan\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain khabarovsk-news.net"; dns.query; content:"khabarovsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])khabarovsk\-news\.net$/i"; classtype:trojan-activity; sid:37285981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain khabarovsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"khabarovsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])khabarovsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain krasnodar-news.net"; dns.query; content:"krasnodar-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])krasnodar\-news\.net$/i"; classtype:trojan-activity; sid:37285991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain krasnodar-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"krasnodar-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])krasnodar\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37285992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain krasnoyarsk-news.net"; dns.query; content:"krasnoyarsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])krasnoyarsk\-news\.net$/i"; classtype:trojan-activity; sid:37286001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain krasnoyarsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"krasnoyarsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])krasnoyarsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain nn-news.net"; dns.query; content:"nn-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])nn\-news\.net$/i"; classtype:trojan-activity; sid:37286011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain nn-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nn-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nn\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain novosibirsk-news.net"; dns.query; content:"novosibirsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])novosibirsk\-news\.net$/i"; classtype:trojan-activity; sid:37286021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain novosibirsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"novosibirsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])novosibirsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain omsk-news.net"; dns.query; content:"omsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])omsk\-news\.net$/i"; classtype:trojan-activity; sid:37286031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain omsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain perm-news.net"; dns.query; content:"perm-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])perm\-news\.net$/i"; classtype:trojan-activity; sid:37286041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain perm-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"perm-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])perm\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain rostov-news.net"; dns.query; content:"rostov-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])rostov\-news\.net$/i"; classtype:trojan-activity; sid:37286051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain rostov-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rostov-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rostov\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain samara-news.net"; dns.query; content:"samara-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])samara\-news\.net$/i"; classtype:trojan-activity; sid:37286061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain samara-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"samara-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])samara\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain saratov-news.net"; dns.query; content:"saratov-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])saratov\-news\.net$/i"; classtype:trojan-activity; sid:37286071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain saratov-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saratov-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saratov\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain sochi-news.net"; dns.query; content:"sochi-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])sochi\-news\.net$/i"; classtype:trojan-activity; sid:37286081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain sochi-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sochi-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sochi\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain tolyatti-news.net"; dns.query; content:"tolyatti-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tolyatti\-news\.net$/i"; classtype:trojan-activity; sid:37286091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain tolyatti-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tolyatti-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tolyatti\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain tyumen-news.net"; dns.query; content:"tyumen-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tyumen\-news\.net$/i"; classtype:trojan-activity; sid:37286101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain tyumen-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tyumen-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tyumen\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain ufa-news.net"; dns.query; content:"ufa-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ufa\-news\.net$/i"; classtype:trojan-activity; sid:37286111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain ufa-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ufa-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ufa\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain ulyanovsk-news.net"; dns.query; content:"ulyanovsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ulyanovsk\-news\.net$/i"; classtype:trojan-activity; sid:37286121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain ulyanovsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ulyanovsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ulyanovsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain ural-news.net"; dns.query; content:"ural-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ural\-news\.net$/i"; classtype:trojan-activity; sid:37286131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain ural-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ural-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ural\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain vladivostok-news.net"; dns.query; content:"vladivostok-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vladivostok\-news\.net$/i"; classtype:trojan-activity; sid:37286141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain vladivostok-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vladivostok-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vladivostok\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain volgograd-news.net"; dns.query; content:"volgograd-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])volgograd\-news\.net$/i"; classtype:trojan-activity; sid:37286151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain volgograd-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"volgograd-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])volgograd\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain voronezh-news.net"; dns.query; content:"voronezh-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])voronezh\-news\.net$/i"; classtype:trojan-activity; sid:37286161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain voronezh-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"voronezh-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])voronezh\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain yaroslavl-news.net"; dns.query; content:"yaroslavl-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])yaroslavl\-news\.net$/i"; classtype:trojan-activity; sid:37286171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain yaroslavl-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yaroslavl-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yaroslavl\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain sevastopol-news.com"; dns.query; content:"sevastopol-news.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sevastopol\-news\.com$/i"; classtype:trojan-activity; sid:37286181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain sevastopol-news.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sevastopol-news.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sevastopol\-news\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain msk-news.net"; dns.query; content:"msk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])msk\-news\.net$/i"; classtype:trojan-activity; sid:37286191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain msk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"msk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])msk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain astrakhan-news.net"; dns.query; content:"astrakhan-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])astrakhan\-news\.net$/i"; classtype:trojan-activity; sid:37286201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain astrakhan-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"astrakhan-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])astrakhan\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain arkhangelsk-news.net"; dns.query; content:"arkhangelsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])arkhangelsk\-news\.net$/i"; classtype:trojan-activity; sid:37286211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain arkhangelsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arkhangelsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arkhangelsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain belgorod-news.net"; dns.query; content:"belgorod-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])belgorod\-news\.net$/i"; classtype:trojan-activity; sid:37286221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain belgorod-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"belgorod-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])belgorod\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain vladimir-news.net"; dns.query; content:"vladimir-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vladimir\-news\.net$/i"; classtype:trojan-activity; sid:37286231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain vladimir-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vladimir-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vladimir\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain vologda-news.net"; dns.query; content:"vologda-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vologda\-news\.net$/i"; classtype:trojan-activity; sid:37286241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain vologda-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vologda-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vologda\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain dagestan-news.net"; dns.query; content:"dagestan-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])dagestan\-news\.net$/i"; classtype:trojan-activity; sid:37286251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain dagestan-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dagestan-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dagestan\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain ivanovo-news.net"; dns.query; content:"ivanovo-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ivanovo\-news\.net$/i"; classtype:trojan-activity; sid:37286261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain ivanovo-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ivanovo-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ivanovo\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kaliningrad-news.net"; dns.query; content:"kaliningrad-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kaliningrad\-news\.net$/i"; classtype:trojan-activity; sid:37286271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kaliningrad-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kaliningrad-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kaliningrad\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kirov-news.net"; dns.query; content:"kirov-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kirov\-news\.net$/i"; classtype:trojan-activity; sid:37286281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kirov-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kirov-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kirov\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain murmansk-news.net"; dns.query; content:"murmansk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])murmansk\-news\.net$/i"; classtype:trojan-activity; sid:37286291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain murmansk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"murmansk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])murmansk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kemerovo-news.net"; dns.query; content:"kemerovo-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kemerovo\-news\.net$/i"; classtype:trojan-activity; sid:37286301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kemerovo-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kemerovo-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kemerovo\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain penza-news.net"; dns.query; content:"penza-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])penza\-news\.net$/i"; classtype:trojan-activity; sid:37286311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain penza-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"penza-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])penza\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain orenburg-news.net"; dns.query; content:"orenburg-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])orenburg\-news\.net$/i"; classtype:trojan-activity; sid:37286321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain orenburg-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"orenburg-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])orenburg\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain orel-news.net"; dns.query; content:"orel-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])orel\-news\.net$/i"; classtype:trojan-activity; sid:37286331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain orel-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"orel-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])orel\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain stavropol-news.net"; dns.query; content:"stavropol-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])stavropol\-news\.net$/i"; classtype:trojan-activity; sid:37286341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain stavropol-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stavropol-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stavropol\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain smolensk-news.net"; dns.query; content:"smolensk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])smolensk\-news\.net$/i"; classtype:trojan-activity; sid:37286351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain smolensk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smolensk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smolensk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain tomsk-news.net"; dns.query; content:"tomsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomsk\-news\.net$/i"; classtype:trojan-activity; sid:37286361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain tomsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain tver-news.net"; dns.query; content:"tver-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tver\-news\.net$/i"; classtype:trojan-activity; sid:37286371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain tver-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tver-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tver\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain ryazan-news.net"; dns.query; content:"ryazan-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ryazan\-news\.net$/i"; classtype:trojan-activity; sid:37286381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain ryazan-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ryazan-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ryazan\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain tula-news.net"; dns.query; content:"tula-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tula\-news\.net$/i"; classtype:trojan-activity; sid:37286391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain tula-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tula-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tula\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain chita-news.net"; dns.query; content:"chita-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])chita\-news\.net$/i"; classtype:trojan-activity; sid:37286401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain chita-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chita-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chita\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kursk-news.net"; dns.query; content:"kursk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kursk\-news\.net$/i"; classtype:trojan-activity; sid:37286411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kursk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kursk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kursk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain lipetsk-news.net"; dns.query; content:"lipetsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])lipetsk\-news\.net$/i"; classtype:trojan-activity; sid:37286421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain lipetsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lipetsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lipetsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain saransk-news.net"; dns.query; content:"saransk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])saransk\-news\.net$/i"; classtype:trojan-activity; sid:37286431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain saransk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saransk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saransk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kostroma-news.net"; dns.query; content:"kostroma-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kostroma\-news\.net$/i"; classtype:trojan-activity; sid:37286441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kostroma-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kostroma-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kostroma\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain yamal-news.net"; dns.query; content:"yamal-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])yamal\-news\.net$/i"; classtype:trojan-activity; sid:37286451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain yamal-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yamal-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yamal\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain tambov-news.net"; dns.query; content:"tambov-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tambov\-news\.net$/i"; classtype:trojan-activity; sid:37286461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain tambov-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tambov-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tambov\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kaluga-news.net"; dns.query; content:"kaluga-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kaluga\-news\.net$/i"; classtype:trojan-activity; sid:37286471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kaluga-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kaluga-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kaluga\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain sakhalin-news.net"; dns.query; content:"sakhalin-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])sakhalin\-news\.net$/i"; classtype:trojan-activity; sid:37286481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain sakhalin-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sakhalin-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sakhalin\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain cheb-news.net"; dns.query; content:"cheb-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])cheb\-news\.net$/i"; classtype:trojan-activity; sid:37286491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain cheb-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cheb-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cheb\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain ugra-news.net"; dns.query; content:"ugra-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ugra\-news\.net$/i"; classtype:trojan-activity; sid:37286501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain ugra-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ugra-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ugra\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain yakutsk-news.net"; dns.query; content:"yakutsk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])yakutsk\-news\.net$/i"; classtype:trojan-activity; sid:37286511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain yakutsk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yakutsk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yakutsk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kamchatka-news.net"; dns.query; content:"kamchatka-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kamchatka\-news\.net$/i"; classtype:trojan-activity; sid:37286521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kamchatka-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kamchatka-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kamchatka\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain karelia-news.net"; dns.query; content:"karelia-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])karelia\-news\.net$/i"; classtype:trojan-activity; sid:37286531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain karelia-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karelia-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karelia\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain komi-news.net"; dns.query; content:"komi-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])komi\-news\.net$/i"; classtype:trojan-activity; sid:37286541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain komi-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"komi-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])komi\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain udmurt-news.net"; dns.query; content:"udmurt-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])udmurt\-news\.net$/i"; classtype:trojan-activity; sid:37286551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain udmurt-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"udmurt-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])udmurt\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kalmykia-news.net"; dns.query; content:"kalmykia-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kalmykia\-news\.net$/i"; classtype:trojan-activity; sid:37286561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kalmykia-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kalmykia-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kalmykia\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain tuva-news.net"; dns.query; content:"tuva-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tuva\-news\.net$/i"; classtype:trojan-activity; sid:37286571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain tuva-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tuva-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tuva\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain baikal-news.net"; dns.query; content:"baikal-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])baikal\-news\.net$/i"; classtype:trojan-activity; sid:37286581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain baikal-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"baikal-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])baikal\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain pskov-news.net"; dns.query; content:"pskov-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])pskov\-news\.net$/i"; classtype:trojan-activity; sid:37286591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain pskov-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pskov-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pskov\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain altay-news.net"; dns.query; content:"altay-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])altay\-news\.net$/i"; classtype:trojan-activity; sid:37286601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain altay-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altay-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altay\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain ingushetiya-news.net"; dns.query; content:"ingushetiya-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ingushetiya\-news\.net$/i"; classtype:trojan-activity; sid:37286611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain ingushetiya-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ingushetiya-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ingushetiya\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain adygheya-news.net"; dns.query; content:"adygheya-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])adygheya\-news\.net$/i"; classtype:trojan-activity; sid:37286621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain adygheya-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adygheya-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adygheya\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain nalchik-news.net"; dns.query; content:"nalchik-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])nalchik\-news\.net$/i"; classtype:trojan-activity; sid:37286631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain nalchik-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nalchik-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nalchik\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain mariel-news.net"; dns.query; content:"mariel-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mariel\-news\.net$/i"; classtype:trojan-activity; sid:37286641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain mariel-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mariel-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mariel\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain cherkessk-news.net"; dns.query; content:"cherkessk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])cherkessk\-news\.net$/i"; classtype:trojan-activity; sid:37286651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain cherkessk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cherkessk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cherkessk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain vladikavkaz-news.net"; dns.query; content:"vladikavkaz-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vladikavkaz\-news\.net$/i"; classtype:trojan-activity; sid:37286661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain vladikavkaz-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vladikavkaz-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vladikavkaz\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain abakan-news.net"; dns.query; content:"abakan-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])abakan\-news\.net$/i"; classtype:trojan-activity; sid:37286671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain abakan-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"abakan-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])abakan\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain grozny-news.net"; dns.query; content:"grozny-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])grozny\-news\.net$/i"; classtype:trojan-activity; sid:37286681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain grozny-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grozny-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grozny\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain amur-news.net"; dns.query; content:"amur-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])amur\-news\.net$/i"; classtype:trojan-activity; sid:37286691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain amur-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"amur-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])amur\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain bryansk-news.net"; dns.query; content:"bryansk-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])bryansk\-news\.net$/i"; classtype:trojan-activity; sid:37286701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain bryansk-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bryansk-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bryansk\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kurgan-news.net"; dns.query; content:"kurgan-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kurgan\-news\.net$/i"; classtype:trojan-activity; sid:37286711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kurgan-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kurgan-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kurgan\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain birobidzhan-news.net"; dns.query; content:"birobidzhan-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])birobidzhan\-news\.net$/i"; classtype:trojan-activity; sid:37286721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain birobidzhan-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"birobidzhan-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])birobidzhan\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain nao-news.net"; dns.query; content:"nao-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])nao\-news\.net$/i"; classtype:trojan-activity; sid:37286731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain nao-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nao-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nao\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain chukotka-news.net"; dns.query; content:"chukotka-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])chukotka\-news\.net$/i"; classtype:trojan-activity; sid:37286741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain chukotka-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chukotka-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chukotka\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain novgorod-news.net"; dns.query; content:"novgorod-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])novgorod\-news\.net$/i"; classtype:trojan-activity; sid:37286751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain novgorod-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"novgorod-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])novgorod\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain magadan-news.net"; dns.query; content:"magadan-news.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])magadan\-news\.net$/i"; classtype:trojan-activity; sid:37286761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain magadan-news.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"magadan-news.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])magadan\-news\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain novyny.kr.ua"; dns.query; content:"novyny.kr.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])novyny\.kr\.ua$/i"; classtype:trojan-activity; sid:37286771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain novyny.kr.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"novyny.kr.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])novyny\.kr\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain novyny.zt.ua"; dns.query; content:"novyny.zt.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])novyny\.zt\.ua$/i"; classtype:trojan-activity; sid:37286781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain novyny.zt.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"novyny.zt.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])novyny\.zt\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain gazeta.kharkiv.ua"; dns.query; content:"gazeta.kharkiv.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])gazeta\.kharkiv\.ua$/i"; classtype:trojan-activity; sid:37286791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain gazeta.kharkiv.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gazeta.kharkiv.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gazeta\.kharkiv\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain cherkassy-news.ru"; dns.query; content:"cherkassy-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])cherkassy\-news\.ru$/i"; classtype:trojan-activity; sid:37286801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain cherkassy-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cherkassy-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cherkassy\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kherson-news.ru"; dns.query; content:"kherson-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])kherson\-news\.ru$/i"; classtype:trojan-activity; sid:37286811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kherson-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kherson-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kherson\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain lnr-news.ru"; dns.query; content:"lnr-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])lnr\-news\.ru$/i"; classtype:trojan-activity; sid:37286821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain lnr-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lnr-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lnr\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain news-kharkov.ru"; dns.query; content:"news-kharkov.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-kharkov\.ru$/i"; classtype:trojan-activity; sid:37286831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain news-kharkov.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news-kharkov.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-kharkov\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain poltava-news.ru"; dns.query; content:"poltava-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])poltava\-news\.ru$/i"; classtype:trojan-activity; sid:37286841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain poltava-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"poltava-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])poltava\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain vin-news.ru"; dns.query; content:"vin-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])vin\-news\.ru$/i"; classtype:trojan-activity; sid:37286851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain vin-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vin-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vin\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain zp-news.ru"; dns.query; content:"zp-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])zp\-news\.ru$/i"; classtype:trojan-activity; sid:37286861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain zp-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zp-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zp\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain chernigov-news.ru"; dns.query; content:"chernigov-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])chernigov\-news\.ru$/i"; classtype:trojan-activity; sid:37286871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain chernigov-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chernigov-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chernigov\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain dnepr-news.ru"; dns.query; content:"dnepr-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])dnepr\-news\.ru$/i"; classtype:trojan-activity; sid:37286881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain dnepr-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dnepr-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dnepr\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain dnr-news.ru"; dns.query; content:"dnr-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])dnr\-news\.ru$/i"; classtype:trojan-activity; sid:37286891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain dnr-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dnr-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dnr\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kirovograd-news.ru"; dns.query; content:"kirovograd-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])kirovograd\-news\.ru$/i"; classtype:trojan-activity; sid:37286901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kirovograd-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kirovograd-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kirovograd\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain news-kiev.ru"; dns.query; content:"news-kiev.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-kiev\.ru$/i"; classtype:trojan-activity; sid:37286911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain news-kiev.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news-kiev.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-kiev\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain news-odessa.ru"; dns.query; content:"news-odessa.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-odessa\.ru$/i"; classtype:trojan-activity; sid:37286921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain news-odessa.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news-odessa.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-odessa\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain nikolaev-news.ru"; dns.query; content:"nikolaev-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikolaev\-news\.ru$/i"; classtype:trojan-activity; sid:37286931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain nikolaev-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikolaev-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikolaev\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain sumy-news.ru"; dns.query; content:"sumy-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])sumy\-news\.ru$/i"; classtype:trojan-activity; sid:37286941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain sumy-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sumy-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sumy\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain zhitomir-news.ru"; dns.query; content:"zhitomir-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])zhitomir\-news\.ru$/i"; classtype:trojan-activity; sid:37286951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain zhitomir-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zhitomir-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zhitomir\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain berdyansk-news.ru"; dns.query; content:"berdyansk-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])berdyansk\-news\.ru$/i"; classtype:trojan-activity; sid:37286961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain berdyansk-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"berdyansk-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])berdyansk\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain donetsk-news.ru"; dns.query; content:"donetsk-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])donetsk\-news\.ru$/i"; classtype:trojan-activity; sid:37286971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain donetsk-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"donetsk-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])donetsk\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain lugansk-news.ru"; dns.query; content:"lugansk-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])lugansk\-news\.ru$/i"; classtype:trojan-activity; sid:37286981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain lugansk-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lugansk-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lugansk\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain mariupol-news.ru"; dns.query; content:"mariupol-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])mariupol\-news\.ru$/i"; classtype:trojan-activity; sid:37286991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain mariupol-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mariupol-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mariupol\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37286992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain melitopol-news.ru"; dns.query; content:"melitopol-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])melitopol\-news\.ru$/i"; classtype:trojan-activity; sid:37287001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain melitopol-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melitopol-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melitopol\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain alchevsk-news.ru"; dns.query; content:"alchevsk-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])alchevsk\-news\.ru$/i"; classtype:trojan-activity; sid:37287011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain alchevsk-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"alchevsk-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])alchevsk\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain bc-news.ru"; dns.query; content:"bc-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])bc\-news\.ru$/i"; classtype:trojan-activity; sid:37287021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain bc-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bc-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bc\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain news.ru"; dns.query; content:"news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\.ru$/i"; classtype:trojan-activity; sid:37287031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain gorlovka-news.ru"; dns.query; content:"gorlovka-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])gorlovka\-news\.ru$/i"; classtype:trojan-activity; sid:37287041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain gorlovka-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gorlovka-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gorlovka\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kramatorsk-news.ru"; dns.query; content:"kramatorsk-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])kramatorsk\-news\.ru$/i"; classtype:trojan-activity; sid:37287051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kramatorsk-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kramatorsk-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kramatorsk\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain kremenchug-news.ru"; dns.query; content:"kremenchug-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])kremenchug\-news\.ru$/i"; classtype:trojan-activity; sid:37287061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain kremenchug-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kremenchug-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kremenchug\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain krivoy-rog-news.ru"; dns.query; content:"krivoy-rog-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])krivoy\-rog\-news\.ru$/i"; classtype:trojan-activity; sid:37287071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain krivoy-rog-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"krivoy-rog-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])krivoy\-rog\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain news-makeevka.ru"; dns.query; content:"news-makeevka.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-makeevka\.ru$/i"; classtype:trojan-activity; sid:37287081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain news-makeevka.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news-makeevka.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-makeevka\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain nikopol-news.ru"; dns.query; content:"nikopol-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikopol\-news\.ru$/i"; classtype:trojan-activity; sid:37287091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain nikopol-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikopol-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikopol\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain pavlograd-news.ru"; dns.query; content:"pavlograd-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])pavlograd\-news\.ru$/i"; classtype:trojan-activity; sid:37287101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain pavlograd-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pavlograd-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pavlograd\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain slavyansk-news.ru"; dns.query; content:"slavyansk-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])slavyansk\-news\.ru$/i"; classtype:trojan-activity; sid:37287111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain slavyansk-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"slavyansk-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])slavyansk\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain tiraspol-news.ru"; dns.query; content:"tiraspol-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiraspol\-news\.ru$/i"; classtype:trojan-activity; sid:37287121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain tiraspol-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiraspol-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiraspol\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain norilsk-news.ru"; dns.query; content:"norilsk-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])norilsk\-news\.ru$/i"; classtype:trojan-activity; sid:37287131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain norilsk-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"norilsk-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])norilsk\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain nabchelny-news.ru"; dns.query; content:"nabchelny-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])nabchelny\-news\.ru$/i"; classtype:trojan-activity; sid:37287141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain nabchelny-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nabchelny-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nabchelny\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain nk-news.ru"; dns.query; content:"nk-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])nk\-news\.ru$/i"; classtype:trojan-activity; sid:37287151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain nk-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nk-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nk\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain tagil-news.ru"; dns.query; content:"tagil-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])tagil\-news\.ru$/i"; classtype:trojan-activity; sid:37287161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain tagil-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tagil-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tagil\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain news-surgut.ru"; dns.query; content:"news-surgut.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-surgut\.ru$/i"; classtype:trojan-activity; sid:37287171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain news-surgut.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news-surgut.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-surgut\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain chernovcy-news.ru"; dns.query; content:"chernovcy-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])chernovcy\-news\.ru$/i"; classtype:trojan-activity; sid:37287181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain chernovcy-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chernovcy-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chernovcy\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain if-news.ru"; dns.query; content:"if-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])if\-news\.ru$/i"; classtype:trojan-activity; sid:37287191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain if-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"if-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])if\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain rovno-news.ru"; dns.query; content:"rovno-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])rovno\-news\.ru$/i"; classtype:trojan-activity; sid:37287201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain rovno-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rovno-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rovno\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain volyn-news.ru"; dns.query; content:"volyn-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])volyn\-news\.ru$/i"; classtype:trojan-activity; sid:37287211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain volyn-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"volyn-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])volyn\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain khmelnitskiy-news.ru"; dns.query; content:"khmelnitskiy-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])khmelnitskiy\-news\.ru$/i"; classtype:trojan-activity; sid:37287221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain khmelnitskiy-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"khmelnitskiy-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])khmelnitskiy\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain lvov-news.ru"; dns.query; content:"lvov-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])lvov\-news\.ru$/i"; classtype:trojan-activity; sid:37287231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain lvov-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lvov-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lvov\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain ternopol-news.ru"; dns.query; content:"ternopol-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])ternopol\-news\.ru$/i"; classtype:trojan-activity; sid:37287241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain ternopol-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ternopol-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ternopol\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain uzhgorod-news.ru"; dns.query; content:"uzhgorod-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])uzhgorod\-news\.ru$/i"; classtype:trojan-activity; sid:37287251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain uzhgorod-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uzhgorod-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uzhgorod\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain pravda-de.com"; dns.query; content:"pravda-de.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pravda\-de\.com$/i"; classtype:trojan-activity; sid:37287261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain pravda-de.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pravda-de.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pravda\-de\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain pravda-en.com"; dns.query; content:"pravda-en.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pravda\-en\.com$/i"; classtype:trojan-activity; sid:37287271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain pravda-en.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pravda-en.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pravda\-en\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain pravda-es.com"; dns.query; content:"pravda-es.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pravda\-es\.com$/i"; classtype:trojan-activity; sid:37287281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain pravda-es.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pravda-es.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pravda\-es\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain pravda-fr.com"; dns.query; content:"pravda-fr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pravda\-fr\.com$/i"; classtype:trojan-activity; sid:37287291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain pravda-fr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pravda-fr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pravda\-fr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain pravda-pl.com"; dns.query; content:"pravda-pl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pravda\-pl\.com$/i"; classtype:trojan-activity; sid:37287301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain pravda-pl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pravda-pl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pravda\-pl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain news-balashiha.ru"; dns.query; content:"news-balashiha.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-balashiha\.ru$/i"; classtype:trojan-activity; sid:37287311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain news-balashiha.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news-balashiha.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-balashiha\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert dns any any -> any any (msg: "MISP e26413 [] Domain volzhskiy-news.ru"; dns.query; content:"volzhskiy-news.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])volzhskiy\-news\.ru$/i"; classtype:trojan-activity; sid:37287321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26413 [] Outgoing HTTP Domain volzhskiy-news.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"volzhskiy-news.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])volzhskiy\-news\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37287322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e26400 [] Outgoing URL http|3a|//prodomainnameeforappru.com|3a|443"; flow:to_server,established; http.header; content:"prodomainnameeforappru.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37259291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert dns any any -> any any (msg: "MISP e26400 [] Domain prodomainnameeforappru.com"; dns.query; content:"prodomainnameeforappru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])prodomainnameeforappru\.com$/i"; classtype:trojan-activity; sid:37259301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26400 [] Outgoing HTTP Domain prodomainnameeforappru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"prodomainnameeforappru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])prodomainnameeforappru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37259302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 178.21.13.3 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.13.3"; classtype:trojan-activity; sid:37287331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 178.21.13.32 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.13.32"; classtype:trojan-activity; sid:37287341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 178.21.13.33 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.13.33"; classtype:trojan-activity; sid:37287351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 178.21.13.34 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.13.34"; classtype:trojan-activity; sid:37287361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 178.21.13.35 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.13.35"; classtype:trojan-activity; sid:37287371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 178.21.14.92 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.14.92"; classtype:trojan-activity; sid:37287381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 178.21.14.93 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.14.93"; classtype:trojan-activity; sid:37287391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 178.21.15.204 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.15.204"; classtype:trojan-activity; sid:37287401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 176.99.6.152 any (msg: "MISP e26413 [] Outgoing To IP: 176.99.6.152"; classtype:trojan-activity; sid:37287411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 178.21.15.41 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.15.41"; classtype:trojan-activity; sid:37287421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 178.21.15.42 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.15.42"; classtype:trojan-activity; sid:37287431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 178.21.15.183 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.15.183"; classtype:trojan-activity; sid:37287441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 178.21.15.85 any (msg: "MISP e26413 [] Outgoing To IP: 178.21.15.85"; classtype:trojan-activity; sid:37287451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip 178.21.14.0/23 any -> $HOME_NET any (msg: "MISP e26413 [] Incoming From IP: 178.21.14.0/23"; classtype:trojan-activity; sid:37287481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26413;) alert ip $HOME_NET any -> 94.156.69.147 61616 (msg: "MISP e26400 [] Outgoing To IP: 94.156.69.147|61616"; classtype:trojan-activity; sid:37259311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 94.156.71.221 1291 (msg: "MISP e26400 [] Outgoing To IP: 94.156.71.221|1291"; classtype:trojan-activity; sid:37259321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e26248 [CobaltStrike] Outgoing URL http|3a|//horseridinghotel.com|3a|443/wp-content/chunky/"; flow:to_server,established; http.header; content:"horseridinghotel.com"; fast_pattern; nocase; http.uri; content:"/wp-content/chunky/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37233321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> 109.107.182.163 $HTTP_PORTS (msg: "MISP e26248 [dcrat] Outgoing URL http|3a|//109.107.182.163/rf/imagevideo_securesqlasynctrackuploads.php"; flow:to_server,established; http.header; content:"109.107.182.163"; fast_pattern; nocase; http.uri; content:"/rf/imagevideo_securesqlasynctrackuploads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37233331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> 109.107.182.163 $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//109.107.182.163/rf/Imagevideo_SecureSqlasyncTrackuploads.php"; flow:to_server,established; http.header; content:"109.107.182.163"; fast_pattern; nocase; http.uri; content:"/rf/Imagevideo_SecureSqlasyncTrackuploads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37259331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e26400 [] Outgoing URL http|3a|//horseridinghotel.com|3a|443/wp-content/chunky/"; flow:to_server,established; http.header; content:"horseridinghotel.com"; fast_pattern; nocase; http.uri; content:"/wp-content/chunky/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37259341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip 1.198.107.62 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.198.107.62"; classtype:trojan-activity; sid:37235171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 1.170.205.225 any -> $HOME_NET any (msg: "MISP e26279 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.170.205.225"; classtype:trojan-activity; sid:37236101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26279;) alert ip 1.205.231.4 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.205.231.4"; classtype:trojan-activity; sid:37235181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 1.33.206.133 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.33.206.133"; classtype:trojan-activity; sid:37235191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 106.41.162.41 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.162.41"; classtype:trojan-activity; sid:37235201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 106.56.93.138 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.56.93.138"; classtype:trojan-activity; sid:37235211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 108.30.132.95 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.30.132.95"; classtype:trojan-activity; sid:37235221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 110.183.59.31 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.183.59.31"; classtype:trojan-activity; sid:37235231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 112.103.128.198 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.128.198"; classtype:trojan-activity; sid:37235241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 110.230.200.198 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.230.200.198"; classtype:trojan-activity; sid:37235251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 113.120.139.49 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.120.139.49"; classtype:trojan-activity; sid:37235261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 112.120.122.181 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.120.122.181"; classtype:trojan-activity; sid:37235271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 114.218.147.113 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.218.147.113"; classtype:trojan-activity; sid:37235281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 113.68.52.32 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.68.52.32"; classtype:trojan-activity; sid:37235291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 114.32.246.205 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.246.205"; classtype:trojan-activity; sid:37235301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 114.218.149.184 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.218.149.184"; classtype:trojan-activity; sid:37235311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 117.81.31.29 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.81.31.29"; classtype:trojan-activity; sid:37235321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 117.245.67.64 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.245.67.64"; classtype:trojan-activity; sid:37235331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 121.226.186.102 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.226.186.102"; classtype:trojan-activity; sid:37235341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 119.74.253.125 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.74.253.125"; classtype:trojan-activity; sid:37235351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 123.139.220.180 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.139.220.180"; classtype:trojan-activity; sid:37235361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 122.117.15.166 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.15.166"; classtype:trojan-activity; sid:37235371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 123.241.17.238 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.241.17.238"; classtype:trojan-activity; sid:37235381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 177.60.241.75 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.60.241.75"; classtype:trojan-activity; sid:37235391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 175.3.24.169 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.3.24.169"; classtype:trojan-activity; sid:37235401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 125.25.59.217 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.25.59.217"; classtype:trojan-activity; sid:37235411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 14.240.230.24 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.240.230.24"; classtype:trojan-activity; sid:37235421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 131.72.65.20 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 131.72.65.20"; classtype:trojan-activity; sid:37235431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 171.81.92.227 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.81.92.227"; classtype:trojan-activity; sid:37235441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 179.232.99.187 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.232.99.187"; classtype:trojan-activity; sid:37235451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 167.179.148.51 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.179.148.51"; classtype:trojan-activity; sid:37235461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 180.109.243.75 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.109.243.75"; classtype:trojan-activity; sid:37235471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 182.241.192.87 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.241.192.87"; classtype:trojan-activity; sid:37235481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 36.48.28.60 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.48.28.60"; classtype:trojan-activity; sid:37235491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 2.181.155.1 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.181.155.1"; classtype:trojan-activity; sid:37235501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 223.11.62.107 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.11.62.107"; classtype:trojan-activity; sid:37235511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 190.109.227.235 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.235"; classtype:trojan-activity; sid:37235521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 190.90.140.31 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.90.140.31"; classtype:trojan-activity; sid:37235531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 222.246.115.9 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.115.9"; classtype:trojan-activity; sid:37235541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 218.35.172.81 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.35.172.81"; classtype:trojan-activity; sid:37235551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 45.177.167.51 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.177.167.51"; classtype:trojan-activity; sid:37235561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 37.229.84.244 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.229.84.244"; classtype:trojan-activity; sid:37235571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 46.185.216.162 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.185.216.162"; classtype:trojan-activity; sid:37235581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 78.63.171.152 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.63.171.152"; classtype:trojan-activity; sid:37235591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 59.8.8.225 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.8.8.225"; classtype:trojan-activity; sid:37235601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 59.1.48.150 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.1.48.150"; classtype:trojan-activity; sid:37235611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 67.174.143.52 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 67.174.143.52"; classtype:trojan-activity; sid:37235621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 58.47.43.140 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.43.140"; classtype:trojan-activity; sid:37235631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 82.140.203.114 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.140.203.114"; classtype:trojan-activity; sid:37235641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 61.5.139.65 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.5.139.65"; classtype:trojan-activity; sid:37235651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 79.13.208.53 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.13.208.53"; classtype:trojan-activity; sid:37235661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 60.220.193.28 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.220.193.28"; classtype:trojan-activity; sid:37235671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 88.204.217.246 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.204.217.246"; classtype:trojan-activity; sid:37235681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 115.159.95.209 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.95.209"; classtype:trojan-activity; sid:37236111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 103.148.29.248 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.148.29.248"; classtype:trojan-activity; sid:37236121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 111.249.193.103 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.249.193.103"; classtype:trojan-activity; sid:37236131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 111.230.198.114 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.198.114"; classtype:trojan-activity; sid:37236141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 122.160.48.252 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.160.48.252"; classtype:trojan-activity; sid:37236151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 150.109.203.100 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.203.100"; classtype:trojan-activity; sid:37236161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 95.47.251.89 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.47.251.89"; classtype:trojan-activity; sid:37235691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 103.163.119.224 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.163.119.224"; classtype:trojan-activity; sid:37236171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 159.203.192.45 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.192.45"; classtype:trojan-activity; sid:37236181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 93.40.14.42 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.40.14.42"; classtype:trojan-activity; sid:37235701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 149.34.246.34 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.34.246.34"; classtype:trojan-activity; sid:37236341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 185.87.51.215 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.87.51.215"; classtype:trojan-activity; sid:37236191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 211.149.129.219 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.149.129.219"; classtype:trojan-activity; sid:37236201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 81.70.94.21 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.94.21"; classtype:trojan-activity; sid:37236211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 193.151.148.118 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.148.118"; classtype:trojan-activity; sid:37236221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 43.159.133.39 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.133.39"; classtype:trojan-activity; sid:37236231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 79.137.227.29 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.137.227.29"; classtype:trojan-activity; sid:37236241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 85.122.181.66 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.122.181.66"; classtype:trojan-activity; sid:37236251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 162.0.234.118 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.0.234.118"; classtype:trojan-activity; sid:37236351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 45.125.65.81 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.125.65.81"; classtype:trojan-activity; sid:37236361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 178.62.106.230 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.106.230"; classtype:trojan-activity; sid:37236261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 87.236.176.127 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.127"; classtype:trojan-activity; sid:37236371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 205.210.31.165 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.165"; classtype:trojan-activity; sid:37236381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 45.56.116.172 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.56.116.172"; classtype:trojan-activity; sid:37236391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 106.254.1.67 any -> $HOME_NET any (msg: "MISP e26282 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.254.1.67"; classtype:trojan-activity; sid:37236501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26282;) alert ip 178.75.123.153 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.75.123.153"; classtype:trojan-activity; sid:37235711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 87.236.176.118 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.118"; classtype:trojan-activity; sid:37236401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 116.62.134.137 any -> $HOME_NET any (msg: "MISP e26283 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.62.134.137"; classtype:trojan-activity; sid:37236521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26283;) alert ip 20.106.216.151 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.106.216.151"; classtype:trojan-activity; sid:37236411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 126.83.109.148 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.83.109.148"; classtype:trojan-activity; sid:37235721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 123.175.68.168 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.175.68.168"; classtype:trojan-activity; sid:37235731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 168.232.12.84 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.232.12.84"; classtype:trojan-activity; sid:37235741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 123.245.99.82 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.245.99.82"; classtype:trojan-activity; sid:37235751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 14.207.119.231 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.207.119.231"; classtype:trojan-activity; sid:37235761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 175.11.8.168 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.8.168"; classtype:trojan-activity; sid:37235771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 180.108.1.23 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.108.1.23"; classtype:trojan-activity; sid:37235781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 151.242.1.239 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.242.1.239"; classtype:trojan-activity; sid:37235791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 222.246.20.180 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.20.180"; classtype:trojan-activity; sid:37235801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 182.244.168.130 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.244.168.130"; classtype:trojan-activity; sid:37235811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 175.5.87.173 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.5.87.173"; classtype:trojan-activity; sid:37235821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 188.151.54.214 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.151.54.214"; classtype:trojan-activity; sid:37235831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 192.241.226.25 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.226.25"; classtype:trojan-activity; sid:37235841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 59.89.136.193 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.89.136.193"; classtype:trojan-activity; sid:37235851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 45.177.167.122 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.177.167.122"; classtype:trojan-activity; sid:37235861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 180.117.13.68 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.117.13.68"; classtype:trojan-activity; sid:37235871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 221.225.139.60 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.225.139.60"; classtype:trojan-activity; sid:37235881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 188.169.124.144 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.169.124.144"; classtype:trojan-activity; sid:37235891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 45.86.86.176 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.86.86.176"; classtype:trojan-activity; sid:37235901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 201.77.115.22 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.77.115.22"; classtype:trojan-activity; sid:37235911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 36.251.43.81 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.251.43.81"; classtype:trojan-activity; sid:37235921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 78.134.11.130 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.134.11.130"; classtype:trojan-activity; sid:37235931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 94.180.114.203 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.180.114.203"; classtype:trojan-activity; sid:37235941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 58.33.103.178 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.33.103.178"; classtype:trojan-activity; sid:37235951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 190.72.161.191 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.72.161.191"; classtype:trojan-activity; sid:37235961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 49.75.176.115 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.75.176.115"; classtype:trojan-activity; sid:37235971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 37.103.61.31 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.103.61.31"; classtype:trojan-activity; sid:37235981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 79.117.120.87 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.117.120.87"; classtype:trojan-activity; sid:37235991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 59.126.9.67 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.126.9.67"; classtype:trojan-activity; sid:37236001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 103.196.136.5 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.196.136.5"; classtype:trojan-activity; sid:37236271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 58.54.207.125 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.207.125"; classtype:trojan-activity; sid:37236011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 162.62.213.196 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.213.196"; classtype:trojan-activity; sid:37236281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 111.230.248.153 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.248.153"; classtype:trojan-activity; sid:37236291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 88.247.91.224 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.247.91.224"; classtype:trojan-activity; sid:37236021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 61.2.105.45 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.2.105.45"; classtype:trojan-activity; sid:37236031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 81.214.75.160 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.214.75.160"; classtype:trojan-activity; sid:37236041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 63.47.119.117 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 63.47.119.117"; classtype:trojan-activity; sid:37236051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 49.87.233.211 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.87.233.211"; classtype:trojan-activity; sid:37236061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 91.92.247.196 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.247.196"; classtype:trojan-activity; sid:37236071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 93.148.189.146 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.148.189.146"; classtype:trojan-activity; sid:37236081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 114.80.23.154 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.80.23.154"; classtype:trojan-activity; sid:37236301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 124.222.192.119 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.192.119"; classtype:trojan-activity; sid:37236311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 103.138.96.201 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.138.96.201"; classtype:trojan-activity; sid:37236321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 190.107.30.216 any -> $HOME_NET any (msg: "MISP e26280 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.107.30.216"; classtype:trojan-activity; sid:37236331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26280;) alert ip 159.89.226.38 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.226.38"; classtype:trojan-activity; sid:37236421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 87.241.168.49 any -> $HOME_NET any (msg: "MISP e26278 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.241.168.49"; classtype:trojan-activity; sid:37236091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26278;) alert ip 87.236.176.115 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.115"; classtype:trojan-activity; sid:37236431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 20.163.18.235 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.163.18.235"; classtype:trojan-activity; sid:37236441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 2.63.104.205 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.63.104.205"; classtype:trojan-activity; sid:37236451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 192.241.204.75 any -> $HOME_NET any (msg: "MISP e26282 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.204.75"; classtype:trojan-activity; sid:37236511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26282;) alert ip 103.232.54.67 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.232.54.67"; classtype:trojan-activity; sid:37236461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 205.210.31.186 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.186"; classtype:trojan-activity; sid:37236471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 179.60.147.129 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.60.147.129"; classtype:trojan-activity; sid:37236481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 87.236.176.122 any -> $HOME_NET any (msg: "MISP e26281 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.122"; classtype:trojan-activity; sid:37236491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26281;) alert ip 64.62.197.212 any -> $HOME_NET any (msg: "MISP e26283 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.212"; classtype:trojan-activity; sid:37236531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26283;) alert ip $HOME_NET any -> 185.209.30.112 9202 (msg: "MISP e26248 [Rhadamanthys,VDSINA-AS,VDSINA-NET] Outgoing To IP: 185.209.30.112|9202"; classtype:trojan-activity; sid:37233341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 185.209.30.112 9202 (msg: "MISP e26400 [] Outgoing To IP: 185.209.30.112|9202"; classtype:trojan-activity; sid:37259351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 154.13.28.16 46321 (msg: "MISP e26248 [Deimos,IPTELECOM-AP IPTELECOM ASIA] Outgoing To IP: 154.13.28.16|46321"; classtype:trojan-activity; sid:37233351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 188.54.71.27 995 (msg: "MISP e26248 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 188.54.71.27|995"; classtype:trojan-activity; sid:37233361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 71.250.202.197 443 (msg: "MISP e26248 [QakBot,UUNET] Outgoing To IP: 71.250.202.197|443"; classtype:trojan-activity; sid:37233371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 77.0.149.167 443 (msg: "MISP e26248 [QakBot,TDDE-ASN1] Outgoing To IP: 77.0.149.167|443"; classtype:trojan-activity; sid:37233381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 31.117.164.92 2222 (msg: "MISP e26248 [BT-UK-AS BTnet UK Regional network,QakBot] Outgoing To IP: 31.117.164.92|2222"; classtype:trojan-activity; sid:37233391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 87.11.7.161 443 (msg: "MISP e26248 [ASN-IBSNAZ,QakBot] Outgoing To IP: 87.11.7.161|443"; classtype:trojan-activity; sid:37233401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 87.11.7.161 443 (msg: "MISP e26400 [] Outgoing To IP: 87.11.7.161|443"; classtype:trojan-activity; sid:37259361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 31.117.164.92 2222 (msg: "MISP e26400 [] Outgoing To IP: 31.117.164.92|2222"; classtype:trojan-activity; sid:37259371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 77.0.149.167 443 (msg: "MISP e26400 [] Outgoing To IP: 77.0.149.167|443"; classtype:trojan-activity; sid:37259381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 71.250.202.197 443 (msg: "MISP e26400 [] Outgoing To IP: 71.250.202.197|443"; classtype:trojan-activity; sid:37259391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 188.54.71.27 995 (msg: "MISP e26400 [] Outgoing To IP: 188.54.71.27|995"; classtype:trojan-activity; sid:37259401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 154.13.28.16 46321 (msg: "MISP e26400 [] Outgoing To IP: 154.13.28.16|46321"; classtype:trojan-activity; sid:37259411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e26248 [6.1.9,admin888,DarkGate] Outgoing URL http|3a|//prodomainnameeforappru.com|3a|443"; flow:to_server,established; http.header; content:"prodomainnameeforappru.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37233291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert dns any any -> any any (msg: "MISP e26248 [6.1.9,admin888,DarkGate] Domain prodomainnameeforappru.com"; dns.query; content:"prodomainnameeforappru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])prodomainnameeforappru\.com$/i"; classtype:trojan-activity; sid:37233281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26248 [6.1.9,admin888,DarkGate] Outgoing HTTP Domain prodomainnameeforappru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"prodomainnameeforappru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])prodomainnameeforappru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 111.67.195.90 6000 (msg: "MISP e26248 [Gh0stRAT] Outgoing To IP: 111.67.195.90|6000"; classtype:trojan-activity; sid:37233411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 111.67.195.90 6000 (msg: "MISP e26400 [] Outgoing To IP: 111.67.195.90|6000"; classtype:trojan-activity; sid:37259421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 149.248.3.194 443 (msg: "MISP e26248 [SystemBC] Outgoing To IP: 149.248.3.194|443"; classtype:trojan-activity; sid:37233421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 149.248.3.194 443 (msg: "MISP e26400 [] Outgoing To IP: 149.248.3.194|443"; classtype:trojan-activity; sid:37259431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 5.39.43.50 3456 (msg: "MISP e26400 [] Outgoing To IP: 5.39.43.50|3456"; classtype:trojan-activity; sid:37259441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> 195.43.142.35 $HTTP_PORTS (msg: "MISP e26248 [dcrat] Outgoing URL http|3a|//195.43.142.35/secure/gametemporaryvoiddb7/3protonpythongame/publicprotonsecure0/updateto/7vm/update5processor3/dlewindowsrequest/low6proton/servereternal/geo/vm_updategeneratordatalife.php"; flow:to_server,established; http.header; content:"195.43.142.35"; fast_pattern; nocase; http.uri; content:"/secure/gametemporaryvoiddb7/3protonpythongame/publicprotonsecure0/updateto/7vm/update5processor3/dlewindowsrequest/low6proton/servereternal/geo/vm_updategeneratordatalife.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37233431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> 195.43.142.35 $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//195.43.142.35/secure/GameTemporaryvoiddb7/3ProtonpythonGame/publicProtonsecure0/updateto/7vm/Update5Processor3/DlewindowsRequest/Low6Proton/Servereternal/geo/vm_updategeneratordatalife.php"; flow:to_server,established; http.header; content:"195.43.142.35"; fast_pattern; nocase; http.uri; content:"/secure/GameTemporaryvoiddb7/3ProtonpythonGame/publicProtonsecure0/updateto/7vm/Update5Processor3/DlewindowsRequest/Low6Proton/Servereternal/geo/vm_updategeneratordatalife.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37259451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 94.103.94.25 13581 (msg: "MISP e26248 [RedLineStealer] Outgoing To IP: 94.103.94.25|13581"; classtype:trojan-activity; sid:37233441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 94.103.94.25 13581 (msg: "MISP e26400 [] Outgoing To IP: 94.103.94.25|13581"; classtype:trojan-activity; sid:37259461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> 107.172.79.5 $HTTP_PORTS (msg: "MISP e26414 [] Outgoing URL http|3a|//107.172.79.5/h51z7qpNe35DecAvOKdf/index.php?dC1Zk3F=0193F0800193F080"; flow:to_server,established; http.header; content:"107.172.79.5"; fast_pattern; nocase; http.uri; content:"/h51z7qpNe35DecAvOKdf/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37288321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26414;) alert http $HOME_NET any -> 107.172.79.5 $HTTP_PORTS (msg: "MISP e26414 [] Outgoing URL http|3a|//107.172.79.5/h51z7qpNe35DecAvOKdf/index.php?dC1Zk3F=00AFF00000AFF000"; flow:to_server,established; http.header; content:"107.172.79.5"; fast_pattern; nocase; http.uri; content:"/h51z7qpNe35DecAvOKdf/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37288331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26414;) alert http $HOME_NET any -> 107.172.79.5 $HTTP_PORTS (msg: "MISP e26414 [] Outgoing URL http|3a|//107.172.79.5/h51z7qpNe35DecAvOKdf/index.php?dC1Zk3F=0018EAE00018EAE0"; flow:to_server,established; http.header; content:"107.172.79.5"; fast_pattern; nocase; http.uri; content:"/h51z7qpNe35DecAvOKdf/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37288341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26414;) alert ip $HOME_NET any -> 107.172.79.5 any (msg: "MISP e26414 [] Outgoing To IP: 107.172.79.5"; classtype:trojan-activity; sid:37288351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26414;) alert ip $HOME_NET any -> 188.116.21.141 20213 (msg: "MISP e26400 [] Outgoing To IP: 188.116.21.141|20213"; classtype:trojan-activity; sid:37259471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 104.129.55.106 13783 (msg: "MISP e26248 [] Outgoing To IP: 104.129.55.106|13783"; classtype:trojan-activity; sid:37233451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 45.32.248.100 2226 (msg: "MISP e26248 [] Outgoing To IP: 45.32.248.100|2226"; classtype:trojan-activity; sid:37233461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 45.76.251.190 5631 (msg: "MISP e26248 [] Outgoing To IP: 45.76.251.190|5631"; classtype:trojan-activity; sid:37233471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 103.82.243.5 13785 (msg: "MISP e26248 [] Outgoing To IP: 103.82.243.5|13785"; classtype:trojan-activity; sid:37233481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 104.129.55.105 2223 (msg: "MISP e26248 [] Outgoing To IP: 104.129.55.105|2223"; classtype:trojan-activity; sid:37233491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26248 [dcrat] Outgoing URL http|3a|//209374cm.nyashsens.top/videovmsecureupdateauthserverbasepublic.php"; flow:to_server,established; http.header; content:"209374cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/videovmsecureupdateauthserverbasepublic.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37233501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//209374cm.nyashsens.top/videoVmSecureupdateAuthserverbasePublic.php"; flow:to_server,established; http.header; content:"209374cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/videoVmSecureupdateAuthserverbasePublic.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37259481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 104.129.55.106 13783 (msg: "MISP e26400 [] Outgoing To IP: 104.129.55.106|13783"; classtype:trojan-activity; sid:37259491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 45.32.248.100 2226 (msg: "MISP e26400 [] Outgoing To IP: 45.32.248.100|2226"; classtype:trojan-activity; sid:37259501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 45.76.251.190 5631 (msg: "MISP e26400 [] Outgoing To IP: 45.76.251.190|5631"; classtype:trojan-activity; sid:37259511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 103.82.243.5 13785 (msg: "MISP e26400 [] Outgoing To IP: 103.82.243.5|13785"; classtype:trojan-activity; sid:37259521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert ip $HOME_NET any -> 104.129.55.105 2223 (msg: "MISP e26400 [] Outgoing To IP: 104.129.55.105|2223"; classtype:trojan-activity; sid:37259531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> 68.183.111.170 $HTTP_PORTS (msg: "MISP e26248 [CobaltStrike,cs-watermark-305419896,DIGITALOCEAN-ASN] Outgoing URL http|3a|//68.183.111.170/ga.js"; flow:to_server,established; http.header; content:"68.183.111.170"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37233511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 68.183.111.170 80 (msg: "MISP e26248 [CobaltStrike,cs-watermark-305419896,DIGITALOCEAN-ASN] Outgoing To IP: 68.183.111.170|80"; classtype:trojan-activity; sid:37233521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert ip $HOME_NET any -> 68.183.111.170 80 (msg: "MISP e26400 [] Outgoing To IP: 68.183.111.170|80"; classtype:trojan-activity; sid:37259541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> 68.183.111.170 $HTTP_PORTS (msg: "MISP e26400 [] Outgoing URL http|3a|//68.183.111.170/ga.js"; flow:to_server,established; http.header; content:"68.183.111.170"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37259551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26400;) alert http $HOME_NET any -> 45.9.73.82 $HTTP_PORTS (msg: "MISP e26248 [dcrat] Outgoing URL http|3a|//45.9.73.82/proton/cdndump/0pipe4/processtemp0/generator304/requestcdn/2baseasyncauth/flower/8mariadbbetter/2wp/eternalcpubigloadtemporary.php"; flow:to_server,established; http.header; content:"45.9.73.82"; fast_pattern; nocase; http.uri; content:"/proton/cdndump/0pipe4/processtemp0/generator304/requestcdn/2baseasyncauth/flower/8mariadbbetter/2wp/eternalcpubigloadtemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37233531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26248;) alert http $HOME_NET any -> 45.9.73.82 $HTTP_PORTS (msg: "MISP e26399 [dcrat] Outgoing URL http|3a|//45.9.73.82/proton/cdndump/0Pipe4/processTemp0/generator304/Requestcdn/2BaseAsyncAuth/Flower/8mariadbbetter/2wp/EternalCpuBigloadTemporary.php"; flow:to_server,established; http.header; content:"45.9.73.82"; fast_pattern; nocase; http.uri; content:"/proton/cdndump/0Pipe4/processTemp0/generator304/Requestcdn/2BaseAsyncAuth/Flower/8mariadbbetter/2wp/EternalCpuBigloadTemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37257211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 81.200.146.58 $HTTP_PORTS (msg: "MISP e26419 [dcrat] Outgoing URL http|3a|//81.200.146.58/linewindowstrack.php"; flow:to_server,established; http.header; content:"81.200.146.58"; fast_pattern; nocase; http.uri; content:"/linewindowstrack.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 81.200.146.58 $HTTP_PORTS (msg: "MISP e26399 [dcrat] Outgoing URL http|3a|//81.200.146.58/Linewindowstrack.php"; flow:to_server,established; http.header; content:"81.200.146.58"; fast_pattern; nocase; http.uri; content:"/Linewindowstrack.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37257221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 45.14.244.72 $HTTP_PORTS (msg: "MISP e26419 [recordbreaker] Outgoing URL http|3a|//45.14.244.72/"; flow:to_server,established; http.header; content:"45.14.244.72"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 45.14.244.72 $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//45.14.244.72/"; flow:to_server,established; http.header; content:"45.14.244.72"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37257231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 46.246.84.5 7771 (msg: "MISP e26399 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 46.246.84.5|7771"; classtype:trojan-activity; sid:37257241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Domain berlyndnero.duckdns.org"; dns.query; content:"berlyndnero.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])berlyndnero\.duckdns\.org$/i"; classtype:trojan-activity; sid:37257251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing HTTP Domain berlyndnero.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"berlyndnero.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])berlyndnero\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37257252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//weapkd4.jarteaused.live"; flow:to_server,established; http.header; content:"weapkd4.jarteaused.live"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37257261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//winvipbonus.life"; flow:to_server,established; http.header; content:"winvipbonus.life"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37257271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//frightyserver.org/Bgkc244P"; flow:to_server,established; http.header; content:"frightyserver.org"; fast_pattern; nocase; http.uri; content:"/Bgkc244P"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37257281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//frightyserver.org"; flow:to_server,established; http.header; content:"frightyserver.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37257291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26249 [] Domain wwwmi-tarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"wwwmi-tarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwmi\-tarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37233561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26249;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26249 [] Outgoing HTTP Domain wwwmi-tarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwmi-tarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwmi\-tarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26249;) alert ip $HOME_NET any -> 191.248.177.208 15833 (msg: "MISP e26419 [N-W0rm] Outgoing To IP: 191.248.177.208|15833"; classtype:trojan-activity; sid:37290291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 191.248.177.208 15833 (msg: "MISP e26399 [] Outgoing To IP: 191.248.177.208|15833"; classtype:trojan-activity; sid:37257301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 46.246.6.12 1995 (msg: "MISP e26399 [] Outgoing To IP: 46.246.6.12|1995"; classtype:trojan-activity; sid:37257311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26332 [] Domain kusikuyperu.com"; dns.query; content:"kusikuyperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kusikuyperu\.com$/i"; classtype:trojan-activity; sid:37251851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26332;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26332 [] Outgoing HTTP Domain kusikuyperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kusikuyperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kusikuyperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26332;) alert dns any any -> any any (msg: "MISP e26250 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37233641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26250;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26250 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26250;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [VexTrio] Outgoing URL http|3a|//weapkd4.jarteaused.live"; flow:to_server,established; http.header; content:"weapkd4.jarteaused.live"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [KeitaroTDS,SocGholish] Outgoing URL http|3a|//frightyserver.org"; flow:to_server,established; http.header; content:"frightyserver.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [KeitaroTDS,SocGholish] Outgoing URL http|3a|//frightyserver.org/bgkc244p"; flow:to_server,established; http.header; content:"frightyserver.org"; fast_pattern; nocase; http.uri; content:"/bgkc244p"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [VexTrio] Outgoing URL http|3a|//winvipbonus.life"; flow:to_server,established; http.header; content:"winvipbonus.life"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 5.39.43.50 3456 (msg: "MISP e26419 [NanoCore,RAT] Outgoing To IP: 5.39.43.50|3456"; classtype:trojan-activity; sid:37290211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 188.116.21.141 20213 (msg: "MISP e26419 [infostealer,RedLine,stealer] Outgoing To IP: 188.116.21.141|20213"; classtype:trojan-activity; sid:37290221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26251 [] Domain ingreso-banestado.pages.dev"; dns.query; content:"ingreso-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])ingreso\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37233721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26251;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26251 [] Outgoing HTTP Domain ingreso-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ingreso-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ingreso\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26251;) alert dns any any -> any any (msg: "MISP e26252 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37233801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26252;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26252 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26252;) alert dns any any -> any any (msg: "MISP e26253 [] Domain bepass-bestado.pages.dev"; dns.query; content:"bepass-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37233881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26253;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26253 [] Outgoing HTTP Domain bepass-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bepass-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26253;) alert dns any any -> any any (msg: "MISP e26254 [] Domain portal-estado.pages.dev"; dns.query; content:"portal-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37233961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26254;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26254 [] Outgoing HTTP Domain portal-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37233962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26254;) alert dns any any -> any any (msg: "MISP e26255 [] Domain bepass-bestado.pages.dev"; dns.query; content:"bepass-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37234041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26255;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26255 [] Outgoing HTTP Domain bepass-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bepass-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37234042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26255;) alert dns any any -> any any (msg: "MISP e26256 [] Domain portal-banestado.pages.dev"; dns.query; content:"portal-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37234121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26256;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26256 [] Outgoing HTTP Domain portal-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37234122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26256;) alert dns any any -> any any (msg: "MISP e26257 [] Domain simula-banestado.pages.dev"; dns.query; content:"simula-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])simula\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37234201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26257;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26257 [] Outgoing HTTP Domain simula-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"simula-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])simula\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37234202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26257;) alert dns any any -> any any (msg: "MISP e26258 [] Domain micro-bancaestado.pages.dev"; dns.query; content:"micro-bancaestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37234281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26258;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26258 [] Outgoing HTTP Domain micro-bancaestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"micro-bancaestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37234282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26258;) alert dns any any -> any any (msg: "MISP e26259 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:37234361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26259;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26259 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37234362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26259;) alert dns any any -> any any (msg: "MISP e26375 [] Domain authenticationsignon.biz"; dns.query; content:"authenticationsignon.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-])authenticationsignon\.biz$/i"; classtype:trojan-activity; sid:37253051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Domain authenticationsignon.biz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"authenticationsignon.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])authenticationsignon\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert ip $HOME_NET any -> 69.46.36.220 7443 (msg: "MISP e26419 [MPDCOL,Mythic] Outgoing To IP: 69.46.36.220|7443"; classtype:trojan-activity; sid:37290301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 69.46.36.216 7443 (msg: "MISP e26419 [MPDCOL,Mythic] Outgoing To IP: 69.46.36.216|7443"; classtype:trojan-activity; sid:37290311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 69.46.36.210 7443 (msg: "MISP e26419 [MPDCOL,Mythic] Outgoing To IP: 69.46.36.210|7443"; classtype:trojan-activity; sid:37290321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 218.28.172.11 80 (msg: "MISP e26419 [CHINA169-BACKBONE CHINA UNICOM China169 Backbone,Deimos] Outgoing To IP: 218.28.172.11|80"; classtype:trojan-activity; sid:37290331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 45.45.219.118 80 (msg: "MISP e26419 [Bianlian Go Trojan,HOSTHATCH] Outgoing To IP: 45.45.219.118|80"; classtype:trojan-activity; sid:37290341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 158.101.163.23 443 (msg: "MISP e26419 [Havoc,ORACLE-BMC-31898] Outgoing To IP: 158.101.163.23|443"; classtype:trojan-activity; sid:37290351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 38.142.20.186 445 (msg: "MISP e26419 [COGENT-174,Responder] Outgoing To IP: 38.142.20.186|445"; classtype:trojan-activity; sid:37290361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 72.27.170.157 443 (msg: "MISP e26419 [FLOW-NET,QakBot] Outgoing To IP: 72.27.170.157|443"; classtype:trojan-activity; sid:37290371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 41.96.83.214 443 (msg: "MISP e26419 [ALGTEL-AS,QakBot] Outgoing To IP: 41.96.83.214|443"; classtype:trojan-activity; sid:37290381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 47.236.115.26 8888 (msg: "MISP e26419 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Supershell] Outgoing To IP: 47.236.115.26|8888"; classtype:trojan-activity; sid:37290391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 101.34.243.60 8888 (msg: "MISP e26419 [Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 101.34.243.60|8888"; classtype:trojan-activity; sid:37290401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 91.92.251.202 2024 (msg: "MISP e26419 [asyncrat,RAT] Outgoing To IP: 91.92.251.202|2024"; classtype:trojan-activity; sid:37290411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26341 [] Domain tiesas.lv-ogre.net"; dns.query; content:"tiesas.lv-ogre.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net$/i"; classtype:trojan-activity; sid:37252121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26341;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26341 [] Outgoing HTTP Domain tiesas.lv-ogre.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-ogre.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26341;) alert ip $HOME_NET any -> 91.92.251.202 2024 (msg: "MISP e26399 [] Outgoing To IP: 91.92.251.202|2024"; classtype:trojan-activity; sid:37257321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 101.34.243.60 8888 (msg: "MISP e26399 [] Outgoing To IP: 101.34.243.60|8888"; classtype:trojan-activity; sid:37257331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 47.236.115.26 8888 (msg: "MISP e26399 [] Outgoing To IP: 47.236.115.26|8888"; classtype:trojan-activity; sid:37257341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 41.96.83.214 443 (msg: "MISP e26399 [] Outgoing To IP: 41.96.83.214|443"; classtype:trojan-activity; sid:37257351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 72.27.170.157 443 (msg: "MISP e26399 [] Outgoing To IP: 72.27.170.157|443"; classtype:trojan-activity; sid:37257361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 38.142.20.186 445 (msg: "MISP e26399 [] Outgoing To IP: 38.142.20.186|445"; classtype:trojan-activity; sid:37257371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 158.101.163.23 443 (msg: "MISP e26399 [] Outgoing To IP: 158.101.163.23|443"; classtype:trojan-activity; sid:37257381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 45.45.219.118 80 (msg: "MISP e26399 [] Outgoing To IP: 45.45.219.118|80"; classtype:trojan-activity; sid:37257391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 218.28.172.11 80 (msg: "MISP e26399 [] Outgoing To IP: 218.28.172.11|80"; classtype:trojan-activity; sid:37257401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 69.46.36.210 7443 (msg: "MISP e26399 [] Outgoing To IP: 69.46.36.210|7443"; classtype:trojan-activity; sid:37257411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 69.46.36.216 7443 (msg: "MISP e26399 [] Outgoing To IP: 69.46.36.216|7443"; classtype:trojan-activity; sid:37257421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 69.46.36.220 7443 (msg: "MISP e26399 [] Outgoing To IP: 69.46.36.220|7443"; classtype:trojan-activity; sid:37257431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain mb-testing.azureedge.net"; dns.query; content:"mb-testing.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mb\-testing\.azureedge\.net$/i"; classtype:trojan-activity; sid:37257441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain mb-testing.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mb-testing.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mb\-testing\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37257442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26339 [] Domain tiesas.lv-ogre.net"; dns.query; content:"tiesas.lv-ogre.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net$/i"; classtype:trojan-activity; sid:37252071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26339;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26339 [] Outgoing HTTP Domain tiesas.lv-ogre.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-ogre.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26339;) alert dns any any -> any any (msg: "MISP e26338 [] Domain tiesas.lv-ogre.net"; dns.query; content:"tiesas.lv-ogre.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net$/i"; classtype:trojan-activity; sid:37252041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26338;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26338 [] Outgoing HTTP Domain tiesas.lv-ogre.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-ogre.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26338;) alert ip $HOME_NET any -> 93.123.85.140 9932 (msg: "MISP e26419 [Mirai] Outgoing To IP: 93.123.85.140|9932"; classtype:trojan-activity; sid:37290421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26337 [] Domain tiesas.lv-ogre.net"; dns.query; content:"tiesas.lv-ogre.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net$/i"; classtype:trojan-activity; sid:37252011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26337;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26337 [] Outgoing HTTP Domain tiesas.lv-ogre.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-ogre.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37252012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26337;) alert dns any any -> any any (msg: "MISP e26336 [] Domain tiesas.lv-ogre.net"; dns.query; content:"tiesas.lv-ogre.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net$/i"; classtype:trojan-activity; sid:37251981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26336;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26336 [] Outgoing HTTP Domain tiesas.lv-ogre.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-ogre.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26336;) alert dns any any -> any any (msg: "MISP e26335 [] Domain tiesas.lv-ogre.net"; dns.query; content:"tiesas.lv-ogre.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net$/i"; classtype:trojan-activity; sid:37251951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26335;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26335 [] Outgoing HTTP Domain tiesas.lv-ogre.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-ogre.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26335;) alert dns any any -> any any (msg: "MISP e26334 [] Domain tiesas.lv-ogre.net"; dns.query; content:"tiesas.lv-ogre.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net$/i"; classtype:trojan-activity; sid:37251921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26334;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26334 [] Outgoing HTTP Domain tiesas.lv-ogre.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-ogre.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26334;) alert dns any any -> any any (msg: "MISP e26333 [] Domain tiesas.lv-ogre.net"; dns.query; content:"tiesas.lv-ogre.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net$/i"; classtype:trojan-activity; sid:37251891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26333;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26333 [] Outgoing HTTP Domain tiesas.lv-ogre.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-ogre.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-ogre\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37251892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26333;) alert ip $HOME_NET any -> 93.123.85.140 9932 (msg: "MISP e26399 [] Outgoing To IP: 93.123.85.140|9932"; classtype:trojan-activity; sid:37501381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26419 [Mirai] Domain botnet.nguyennghi.info"; dns.query; content:"botnet.nguyennghi.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.nguyennghi\.info$/i"; classtype:trojan-activity; sid:37290431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [Mirai] Outgoing HTTP Domain botnet.nguyennghi.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.nguyennghi.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.nguyennghi\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37290432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 103.155.81.228 1234 (msg: "MISP e26419 [Mirai] Outgoing To IP: 103.155.81.228|1234"; classtype:trojan-activity; sid:37290441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 95.216.177.94 443 (msg: "MISP e26419 [Vidar] Outgoing To IP: 95.216.177.94|443"; classtype:trojan-activity; sid:37290471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 78.47.117.126 443 (msg: "MISP e26419 [Vidar] Outgoing To IP: 78.47.117.126|443"; classtype:trojan-activity; sid:37290481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 95.216.177.94 443 (msg: "MISP e26399 [] Outgoing To IP: 95.216.177.94|443"; classtype:trojan-activity; sid:37501391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 78.47.117.126 443 (msg: "MISP e26399 [] Outgoing To IP: 78.47.117.126|443"; classtype:trojan-activity; sid:37501401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 103.155.81.228 1234 (msg: "MISP e26399 [] Outgoing To IP: 103.155.81.228|1234"; classtype:trojan-activity; sid:37501431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain botnet.nguyennghi.info"; dns.query; content:"botnet.nguyennghi.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.nguyennghi\.info$/i"; classtype:trojan-activity; sid:37501441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain botnet.nguyennghi.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.nguyennghi.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.nguyennghi\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37501442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 70.34.220.238 $HTTP_PORTS (msg: "MISP e26276 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//70.34.220.238/ght/microsoftballondesignedbyentireprocesstoconfirmtheupdationtodevelopnewballonupdationrpcesstopcupdatepc.doc"; flow:to_server,established; http.header; content:"70.34.220.238"; fast_pattern; nocase; http.uri; content:"/ght/microsoftballondesignedbyentireprocesstoconfirmtheupdationtodevelopnewballonupdationrpcesstopcupdatepc.doc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37235101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26276;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26276 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//heygirlisheeverythingyouwantedinaman.com/get/65cba614682f6ac4569c7f29"; flow:to_server,established; http.header; content:"heygirlisheeverythingyouwantedinaman.com"; fast_pattern; nocase; http.uri; content:"/get/65cba614682f6ac4569c7f29"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37235111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26276;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26276 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//heygirlisheeverythingyouwantedinaman.com/get/65cb9791682f6ac4569c7f07"; flow:to_server,established; http.header; content:"heygirlisheeverythingyouwantedinaman.com"; fast_pattern; nocase; http.uri; content:"/get/65cb9791682f6ac4569c7f07"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37235121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26276;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26276 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//heygirlisheeverythingyouwantedinaman.com/get/65cbf468682f6ac4569c8338"; flow:to_server,established; http.header; content:"heygirlisheeverythingyouwantedinaman.com"; fast_pattern; nocase; http.uri; content:"/get/65cbf468682f6ac4569c8338"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37235131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26276;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26276 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//heygirlisheeverythingyouwantedinaman.com/get/65cbb679682f6ac4569c7f91"; flow:to_server,established; http.header; content:"heygirlisheeverythingyouwantedinaman.com"; fast_pattern; nocase; http.uri; content:"/get/65cbb679682f6ac4569c7f91"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37235141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26276;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26276 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//aluminprodu.top/xtxFomcBB170.bin"; flow:to_server,established; http.header; content:"aluminprodu.top"; fast_pattern; nocase; http.uri; content:"/xtxFomcBB170.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37235151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26276;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26276 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//heygirlisheeverythingyouwantedinaman.com/get/65cba180682f6ac4569c7f21"; flow:to_server,established; http.header; content:"heygirlisheeverythingyouwantedinaman.com"; fast_pattern; nocase; http.uri; content:"/get/65cba180682f6ac4569c7f21"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37477541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26276;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26276 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//heygirlisheeverythingyouwantedinaman.com/get/65cc3d0b682f6ac4569c85fb"; flow:to_server,established; http.header; content:"heygirlisheeverythingyouwantedinaman.com"; fast_pattern; nocase; http.uri; content:"/get/65cc3d0b682f6ac4569c85fb"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37477551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26276;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26276 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//heygirlisheeverythingyouwantedinaman.com/get/65cb9ac7682f6ac4569c7f0f"; flow:to_server,established; http.header; content:"heygirlisheeverythingyouwantedinaman.com"; fast_pattern; nocase; http.uri; content:"/get/65cb9ac7682f6ac4569c7f0f"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37477561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26276;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26277 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//dlink.metallc.top/pages/agodzx.exe"; flow:to_server,established; http.header; content:"dlink.metallc.top"; fast_pattern; nocase; http.uri; content:"/pages/agodzx.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37235161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26277;) alert dns any any -> any any (msg: "MISP e26592 [] Domain metaforadvertising.com"; dns.query; content:"metaforadvertising.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])metaforadvertising\.com$/i"; classtype:trojan-activity; sid:37484701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26592;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26592 [] Outgoing HTTP Domain metaforadvertising.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"metaforadvertising.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])metaforadvertising\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37484702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26592;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//dadadsadaccsoong.top/match"; flow:to_server,established; http.header; content:"dadadsadaccsoong.top"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Domain dadadsadaccsoong.top"; dns.query; content:"dadadsadaccsoong.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])dadadsadaccsoong\.top$/i"; classtype:trojan-activity; sid:37290521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain dadadsadaccsoong.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dadadsadaccsoong.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dadadsadaccsoong\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37290522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 139.9.41.156 81 (msg: "MISP e26419 [CobaltStrike,cs-watermark-426352781,Huawei Cloud Service data center] Outgoing URL http|3a|//139.9.41.156|3a|81/activity"; flow:to_server,established; http.header; content:"139.9.41.156"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 116.198.46.64 6666 (msg: "MISP e26419 [CobaltStrike,cs-watermark-666666666,IDC China Telecommunications Corporation] Outgoing URL http|3a|//116.198.46.64|3a|6666/load"; flow:to_server,established; http.header; content:"116.198.46.64"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26419 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//122.51.220.170/cm"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//122.51.220.170/cm"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 116.198.46.64 6666 (msg: "MISP e26399 [] Outgoing URL http|3a|//116.198.46.64|3a|6666/load"; flow:to_server,established; http.header; content:"116.198.46.64"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 139.9.41.156 81 (msg: "MISP e26399 [] Outgoing URL http|3a|//139.9.41.156|3a|81/activity"; flow:to_server,established; http.header; content:"139.9.41.156"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain dadadsadaccsoong.top"; dns.query; content:"dadadsadaccsoong.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])dadadsadaccsoong\.top$/i"; classtype:trojan-activity; sid:37501501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain dadadsadaccsoong.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dadadsadaccsoong.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dadadsadaccsoong\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37501502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//dadadsadaccsoong.top/match"; flow:to_server,established; http.header; content:"dadadsadaccsoong.top"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 68.183.111.170 $HTTP_PORTS (msg: "MISP e26419 [CobaltStrike,cs-watermark-305419896,DIGITALOCEAN-ASN] Outgoing URL http|3a|//68.183.111.170/j.ad"; flow:to_server,established; http.header; content:"68.183.111.170"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26624 [] Domain finnfund.org"; dns.query; content:"finnfund.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])finnfund\.org$/i"; classtype:trojan-activity; sid:37487951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26624;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26624 [] Outgoing HTTP Domain finnfund.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"finnfund.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])finnfund\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26624;) alert http $HOME_NET any -> 68.183.111.170 $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//68.183.111.170/j.ad"; flow:to_server,established; http.header; content:"68.183.111.170"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 141.98.10.72 1024 (msg: "MISP e26399 [] Outgoing To IP: 141.98.10.72|1024"; classtype:trojan-activity; sid:37501541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 141.98.10.72 1024 (msg: "MISP e26419 [Mirai] Outgoing To IP: 141.98.10.72|1024"; classtype:trojan-activity; sid:37290571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [dcrat] Outgoing URL http|3a|//a0919021.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0919021.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//a0919021.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0919021.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26561 [kill-chain:Command and Control] Outgoing URL http|3a|//soundbase.top/resources.dll"; flow:to_server,established; http.header; content:"soundbase.top"; fast_pattern; nocase; http.uri; content:"/resources.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37475191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26561;) alert dns any any -> any any (msg: "MISP e26625 [] Domain getomniva.life"; dns.query; content:"getomniva.life"; nocase; pcre: "/(^|[^A-Za-z0-9-])getomniva\.life$/i"; classtype:trojan-activity; sid:37487961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26625;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26625 [] Outgoing HTTP Domain getomniva.life"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"getomniva.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])getomniva\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26625;) alert ip $HOME_NET any -> 43.229.78.74 2226 (msg: "MISP e26419 [] Outgoing To IP: 43.229.78.74|2226"; classtype:trojan-activity; sid:37290601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 154.201.81.8 2967 (msg: "MISP e26419 [] Outgoing To IP: 154.201.81.8|2967"; classtype:trojan-activity; sid:37290611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 108.61.78.17 13783 (msg: "MISP e26419 [] Outgoing To IP: 108.61.78.17|13783"; classtype:trojan-activity; sid:37290621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 104.156.233.235 2226 (msg: "MISP e26419 [] Outgoing To IP: 104.156.233.235|2226"; classtype:trojan-activity; sid:37290631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 43.229.78.74 2226 (msg: "MISP e26399 [] Outgoing To IP: 43.229.78.74|2226"; classtype:trojan-activity; sid:37501561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 154.201.81.8 2967 (msg: "MISP e26399 [] Outgoing To IP: 154.201.81.8|2967"; classtype:trojan-activity; sid:37501571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 108.61.78.17 13783 (msg: "MISP e26399 [] Outgoing To IP: 108.61.78.17|13783"; classtype:trojan-activity; sid:37501581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 104.156.233.235 2226 (msg: "MISP e26399 [] Outgoing To IP: 104.156.233.235|2226"; classtype:trojan-activity; sid:37501591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 8.222.251.253 43001 (msg: "MISP e26419 [Traida] Outgoing To IP: 8.222.251.253|43001"; classtype:trojan-activity; sid:37290651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [Triada] Domain qrchq.vrhoeas.com"; dns.query; content:"qrchq.vrhoeas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qrchq\.vrhoeas\.com$/i"; classtype:trojan-activity; sid:37290661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [Triada] Outgoing HTTP Domain qrchq.vrhoeas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qrchq.vrhoeas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qrchq\.vrhoeas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37290662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26399 [] Domain qrchq.vrhoeas.com"; dns.query; content:"qrchq.vrhoeas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qrchq\.vrhoeas\.com$/i"; classtype:trojan-activity; sid:37501601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain qrchq.vrhoeas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qrchq.vrhoeas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qrchq\.vrhoeas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37501602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 8.222.251.253 43001 (msg: "MISP e26399 [] Outgoing To IP: 8.222.251.253|43001"; classtype:trojan-activity; sid:37501611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e24600 [] Domain tics.atacilli.com.tr"; dns.query; content:"tics.atacilli.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-])tics\.atacilli\.com\.tr$/i"; classtype:trojan-activity; sid:37248561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain tics.atacilli.com.tr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tics.atacilli.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tics\.atacilli\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37248562; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 8675345687776b987779.from-al.com"; dns.query; content:"8675345687776b987779.from-al.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])8675345687776b987779\.from\-al\.com$/i"; classtype:trojan-activity; sid:37248611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 8675345687776b987779.from-al.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"8675345687776b987779.from-al.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])8675345687776b987779\.from\-al\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37248612; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e26629 [] Domain victorias-secret.berich-today.com"; dns.query; content:"victorias-secret.berich-today.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])victorias\-secret\.berich\-today\.com$/i"; classtype:trojan-activity; sid:37488091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26629;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26629 [] Outgoing HTTP Domain victorias-secret.berich-today.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"victorias-secret.berich-today.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])victorias\-secret\.berich\-today\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37488092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26629;) alert dns any any -> any any (msg: "MISP e26628 [] Domain pub-924b8be63d6b410d83371eee10677624.r2.dev"; dns.query; content:"pub-924b8be63d6b410d83371eee10677624.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-924b8be63d6b410d83371eee10677624\.r2\.dev$/i"; classtype:trojan-activity; sid:37488051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26628;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26628 [] Outgoing HTTP Domain pub-924b8be63d6b410d83371eee10677624.r2.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pub-924b8be63d6b410d83371eee10677624.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-924b8be63d6b410d83371eee10677624\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37488052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26628;) alert dns any any -> any any (msg: "MISP e26627 [] Domain pub-924b8be63d6b410d83371eee10677624.r2.dev"; dns.query; content:"pub-924b8be63d6b410d83371eee10677624.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-924b8be63d6b410d83371eee10677624\.r2\.dev$/i"; classtype:trojan-activity; sid:37488011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26627;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26627 [] Outgoing HTTP Domain pub-924b8be63d6b410d83371eee10677624.r2.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pub-924b8be63d6b410d83371eee10677624.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-924b8be63d6b410d83371eee10677624\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37488012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26627;) alert ip $HOME_NET any -> 77.105.132.92 21 (msg: "MISP e26419 [remcos] Outgoing To IP: 77.105.132.92|21"; classtype:trojan-activity; sid:37290671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 77.105.132.92 2404 (msg: "MISP e26419 [remcos] Outgoing To IP: 77.105.132.92|2404"; classtype:trojan-activity; sid:37290681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 77.105.132.92 463 (msg: "MISP e26419 [remcos] Outgoing To IP: 77.105.132.92|463"; classtype:trojan-activity; sid:37290691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 77.105.132.92 465 (msg: "MISP e26419 [remcos] Outgoing To IP: 77.105.132.92|465"; classtype:trojan-activity; sid:37290701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 77.105.132.92 4899 (msg: "MISP e26419 [remcos] Outgoing To IP: 77.105.132.92|4899"; classtype:trojan-activity; sid:37290711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 77.105.132.92 60989 (msg: "MISP e26419 [remcos] Outgoing To IP: 77.105.132.92|60989"; classtype:trojan-activity; sid:37290721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 77.105.132.92 80 (msg: "MISP e26419 [remcos] Outgoing To IP: 77.105.132.92|80"; classtype:trojan-activity; sid:37290731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 77.105.132.92 81 (msg: "MISP e26419 [remcos] Outgoing To IP: 77.105.132.92|81"; classtype:trojan-activity; sid:37290741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 77.105.132.92 21 (msg: "MISP e26399 [] Outgoing To IP: 77.105.132.92|21"; classtype:trojan-activity; sid:37502791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 77.105.132.92 2404 (msg: "MISP e26399 [] Outgoing To IP: 77.105.132.92|2404"; classtype:trojan-activity; sid:37502801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 77.105.132.92 463 (msg: "MISP e26399 [] Outgoing To IP: 77.105.132.92|463"; classtype:trojan-activity; sid:37502831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 77.105.132.92 465 (msg: "MISP e26399 [] Outgoing To IP: 77.105.132.92|465"; classtype:trojan-activity; sid:37502841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 77.105.132.92 4899 (msg: "MISP e26399 [] Outgoing To IP: 77.105.132.92|4899"; classtype:trojan-activity; sid:37502851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 77.105.132.92 60989 (msg: "MISP e26399 [] Outgoing To IP: 77.105.132.92|60989"; classtype:trojan-activity; sid:37502861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 77.105.132.92 80 (msg: "MISP e26399 [] Outgoing To IP: 77.105.132.92|80"; classtype:trojan-activity; sid:37502871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 77.105.132.92 81 (msg: "MISP e26399 [] Outgoing To IP: 77.105.132.92|81"; classtype:trojan-activity; sid:37502881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26375 [] Domain lestutosjv.com"; dns.query; content:"lestutosjv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lestutosjv\.com$/i"; classtype:trojan-activity; sid:37253061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Domain lestutosjv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lestutosjv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lestutosjv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26561 [kill-chain:Command and Control] Outgoing URL http|3a|//soundline.top/resources.dll"; flow:to_server,established; http.header; content:"soundline.top"; fast_pattern; nocase; http.uri; content:"/resources.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37475201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26561;) alert http $HOME_NET any -> 47.123.4.117 8099 (msg: "MISP e26419 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.123.4.117|3a|8099/jquery-3.3.2.n2cq4mxdz4nio9xihttp.min.js"; flow:to_server,established; http.header; content:"47.123.4.117"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.2.n2cq4mxdz4nio9xihttp.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 20.163.176.140 $HTTP_PORTS (msg: "MISP e26419 [CobaltStrike,cs-watermark-391144938,Microsoft Corporation] Outgoing URL http|3a|//20.163.176.140/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"20.163.176.140"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Domain cdn.dadadsadaccsoong.top"; dns.query; content:"cdn.dadadsadaccsoong.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\.dadadsadaccsoong\.top$/i"; classtype:trojan-activity; sid:37290781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain cdn.dadadsadaccsoong.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn.dadadsadaccsoong.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\.dadadsadaccsoong\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37290782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 43.139.177.77 443 (msg: "MISP e26419 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 43.139.177.77|443"; classtype:trojan-activity; sid:37290791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 43.139.177.77 88 (msg: "MISP e26419 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//43.139.177.77|3a|88/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"43.139.177.77"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 45.134.225.247 $HTTP_PORTS (msg: "MISP e26419 [CobaltStrike,ColocationX Ltd.,cs-watermark-987654321] Outgoing URL http|3a|//45.134.225.247/metro91/admin/1/ppptp.jpg"; flow:to_server,established; http.header; content:"45.134.225.247"; fast_pattern; nocase; http.uri; content:"/metro91/admin/1/ppptp.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 68.183.111.170 443 (msg: "MISP e26419 [CobaltStrike,cs-watermark-305419896,DIGITALOCEAN-ASN] Outgoing To IP: 68.183.111.170|443"; classtype:trojan-activity; sid:37290831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 95.164.63.54 $HTTP_PORTS (msg: "MISP e26419 [] Outgoing URL http|3a|//95.164.63.54/documents/build-x64.zip"; flow:to_server,established; http.header; content:"95.164.63.54"; fast_pattern; nocase; http.uri; content:"/documents/build-x64.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 95.164.63.54 80 (msg: "MISP e26419 [] Outgoing To IP: 95.164.63.54|80"; classtype:trojan-activity; sid:37290881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 95.164.63.54 $HTTP_PORTS (msg: "MISP e26419 [] Outgoing URL http|3a|//95.164.63.54/documents/build-x64.zip/build-x64.msi"; flow:to_server,established; http.header; content:"95.164.63.54"; fast_pattern; nocase; http.uri; content:"/documents/build-x64.zip/build-x64.msi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 20.163.176.140 $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//20.163.176.140/IE9CompatViewList.xml"; flow:to_server,established; http.header; content:"20.163.176.140"; fast_pattern; nocase; http.uri; content:"/IE9CompatViewList.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37502671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 47.123.4.117 8099 (msg: "MISP e26399 [] Outgoing URL http|3a|//47.123.4.117|3a|8099/jquery-3.3.2.N2cQ4mXdZ4nIo9XIhttp.min.js"; flow:to_server,established; http.header; content:"47.123.4.117"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.2.N2cQ4mXdZ4nIo9XIhttp.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37502681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 45.134.225.247 $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//45.134.225.247/metro91/admin/1/ppptp.jpg"; flow:to_server,established; http.header; content:"45.134.225.247"; fast_pattern; nocase; http.uri; content:"/metro91/admin/1/ppptp.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37502691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 43.139.177.77 88 (msg: "MISP e26399 [] Outgoing URL http|3a|//43.139.177.77|3a|88/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"43.139.177.77"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37502701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain cdn.dadadsadaccsoong.top"; dns.query; content:"cdn.dadadsadaccsoong.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\.dadadsadaccsoong\.top$/i"; classtype:trojan-activity; sid:37502711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain cdn.dadadsadaccsoong.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn.dadadsadaccsoong.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\.dadadsadaccsoong\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37502712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 43.139.177.77 443 (msg: "MISP e26399 [] Outgoing To IP: 43.139.177.77|443"; classtype:trojan-activity; sid:37502721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 68.183.111.170 443 (msg: "MISP e26399 [] Outgoing To IP: 68.183.111.170|443"; classtype:trojan-activity; sid:37502741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 95.164.63.54 $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//95.164.63.54/documents/build-x64.zip"; flow:to_server,established; http.header; content:"95.164.63.54"; fast_pattern; nocase; http.uri; content:"/documents/build-x64.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37502761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 95.164.63.54 80 (msg: "MISP e26399 [] Outgoing To IP: 95.164.63.54|80"; classtype:trojan-activity; sid:37502771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 95.164.63.54 $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//95.164.63.54/documents/build-x64.zip/build-x64.msi"; flow:to_server,established; http.header; content:"95.164.63.54"; fast_pattern; nocase; http.uri; content:"/documents/build-x64.zip/build-x64.msi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37502821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26630 [] Hostname www.projectsupdate.com"; dns.query; content:"www.projectsupdate.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.projectsupdate\.com$/i"; classtype:trojan-activity; sid:37488121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26630;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26630 [] Outgoing HTTP Hostname www.projectsupdate.com"; flow:to_server,established; http.header; content: "Host|3a| www.projectsupdate.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.projectsupdate\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37488122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26630;) alert dns any any -> any any (msg: "MISP e26375 [] Hostname shop.gpc.co.zw"; dns.query; content:"shop.gpc.co.zw"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shop\.gpc\.co\.zw$/i"; classtype:trojan-activity; sid:37253071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Hostname shop.gpc.co.zw"; flow:to_server,established; http.header; content: "Host|3a| shop.gpc.co.zw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shop\.gpc\.co\.zw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//cdn.dadadsadaccsoong.top/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"cdn.dadadsadaccsoong.top"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//cdn.dadadsadaccsoong.top/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"cdn.dadadsadaccsoong.top"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37502651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26419 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//122.51.220.170/visit.js"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37290931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [AS15169,c2,censys,GOOGLE] Domain 77.198.208.35.bc.googleusercontent.com"; dns.query; content:"77.198.208.35.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])77\.198\.208\.35\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37290941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [AS15169,c2,censys,GOOGLE] Outgoing HTTP Domain 77.198.208.35.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"77.198.208.35.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])77\.198\.208\.35\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37290942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [AS208046,c2,censys] Domain api.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"api.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37290951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [AS208046,c2,censys] Outgoing HTTP Domain api.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"api.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37290952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 42.186.17.183 8080 (msg: "MISP e26419 [AS45062,c2,censys] Outgoing To IP: 42.186.17.183|8080"; classtype:trojan-activity; sid:37290961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 23.160.193.182 443 (msg: "MISP e26419 [AS397270,c2,censys,NETINF-TRANSIT-AS] Outgoing To IP: 23.160.193.182|443"; classtype:trojan-activity; sid:37290971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 154.44.10.51 80 (msg: "MISP e26419 [AS979,c2,censys,NETLAB-SDN] Outgoing To IP: 154.44.10.51|80"; classtype:trojan-activity; sid:37290981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 103.146.179.72 80 (msg: "MISP e26419 [AS136933,c2,censys] Outgoing To IP: 103.146.179.72|80"; classtype:trojan-activity; sid:37290991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [AS-GLOBALTELEHOST,AS63023,c2,censys] Domain eganet.linkpc.net"; dns.query; content:"eganet.linkpc.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])eganet\.linkpc\.net$/i"; classtype:trojan-activity; sid:37291001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [AS-GLOBALTELEHOST,AS63023,c2,censys] Outgoing HTTP Domain eganet.linkpc.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eganet.linkpc.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eganet\.linkpc\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37291002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 185.158.248.34 80 (msg: "MISP e26419 [AS9009,c2,censys,M247] Outgoing To IP: 185.158.248.34|80"; classtype:trojan-activity; sid:37291011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 5.161.85.189 443 (msg: "MISP e26419 [AS213230,c2,censys,HETZNER-CLOUD2-AS] Outgoing To IP: 5.161.85.189|443"; classtype:trojan-activity; sid:37291021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 117.50.178.197 33221 (msg: "MISP e26419 [AS4808,c2,censys] Outgoing To IP: 117.50.178.197|33221"; classtype:trojan-activity; sid:37291031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 106.75.240.189 4090 (msg: "MISP e26419 [AS17621,c2,censys] Outgoing To IP: 106.75.240.189|4090"; classtype:trojan-activity; sid:37291041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 146.70.149.184 443 (msg: "MISP e26419 [AS9009,c2,censys,M247] Outgoing To IP: 146.70.149.184|443"; classtype:trojan-activity; sid:37291051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 45.134.225.245 80 (msg: "MISP e26419 [AS208046,c2,censys] Outgoing To IP: 45.134.225.245|80"; classtype:trojan-activity; sid:37291061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 86.107.199.30 10101 (msg: "MISP e26419 [AS202958,c2,censys] Outgoing To IP: 86.107.199.30|10101"; classtype:trojan-activity; sid:37291071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 1883 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|1883"; classtype:trojan-activity; sid:37291081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 2000 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|2000"; classtype:trojan-activity; sid:37291091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 2052 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|2052"; classtype:trojan-activity; sid:37291101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 2079 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|2079"; classtype:trojan-activity; sid:37291111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 2082 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|2082"; classtype:trojan-activity; sid:37291121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 1666 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|1666"; classtype:trojan-activity; sid:37291131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 1672 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|1672"; classtype:trojan-activity; sid:37291141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 1723 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|1723"; classtype:trojan-activity; sid:37291151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 2096 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|2096"; classtype:trojan-activity; sid:37291161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 2095 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|2095"; classtype:trojan-activity; sid:37291171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 2053 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|2053"; classtype:trojan-activity; sid:37291181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 2078 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|2078"; classtype:trojan-activity; sid:37291191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 187.135.85.245 2087 (msg: "MISP e26419 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.85.245|2087"; classtype:trojan-activity; sid:37291201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 78.129.165.233 443 (msg: "MISP e26419 [AS20860,c2,censys,IOMART-AS] Outgoing To IP: 78.129.165.233|443"; classtype:trojan-activity; sid:37291211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 209.141.54.92 443 (msg: "MISP e26419 [AS53667,c2,censys,PONYNET] Outgoing To IP: 209.141.54.92|443"; classtype:trojan-activity; sid:37291221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 46.246.6.5 2000 (msg: "MISP e26419 [AS42708,c2,censys,RAT] Outgoing To IP: 46.246.6.5|2000"; classtype:trojan-activity; sid:37291231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 185.81.157.21 7707 (msg: "MISP e26419 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.21|7707"; classtype:trojan-activity; sid:37291241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 185.81.157.21 8808 (msg: "MISP e26419 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.21|8808"; classtype:trojan-activity; sid:37291251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 186.112.206.181 2404 (msg: "MISP e26419 [AS3816,c2,censys,RAT] Outgoing To IP: 186.112.206.181|2404"; classtype:trojan-activity; sid:37291261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 193.26.115.221 7707 (msg: "MISP e26419 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 193.26.115.221|7707"; classtype:trojan-activity; sid:37291271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 5.252.74.133 80 (msg: "MISP e26419 [AS47436,c2,censys,OMER-FARUK-DEMIRCI,RAT] Outgoing To IP: 5.252.74.133|80"; classtype:trojan-activity; sid:37291281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 5.252.74.133 8080 (msg: "MISP e26419 [AS47436,c2,censys,OMER-FARUK-DEMIRCI,RAT] Outgoing To IP: 5.252.74.133|8080"; classtype:trojan-activity; sid:37291291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 178.33.203.39 8808 (msg: "MISP e26419 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 178.33.203.39|8808"; classtype:trojan-activity; sid:37291301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 178.33.203.39 7707 (msg: "MISP e26419 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 178.33.203.39|7707"; classtype:trojan-activity; sid:37291311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 185.81.157.106 443 (msg: "MISP e26419 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.106|443"; classtype:trojan-activity; sid:37291321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 45.88.186.16 8808 (msg: "MISP e26419 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 45.88.186.16|8808"; classtype:trojan-activity; sid:37291331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 186.170.96.237 2404 (msg: "MISP e26419 [AS3816,c2,censys,RAT] Outgoing To IP: 186.170.96.237|2404"; classtype:trojan-activity; sid:37291341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 154.212.146.81 7707 (msg: "MISP e26419 [AS136778,c2,censys,RAT] Outgoing To IP: 154.212.146.81|7707"; classtype:trojan-activity; sid:37291351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 154.212.146.81 8808 (msg: "MISP e26419 [AS136778,c2,censys,RAT] Outgoing To IP: 154.212.146.81|8808"; classtype:trojan-activity; sid:37291361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 192.250.225.3 6000 (msg: "MISP e26419 [AS14670,c2,censys,RAT,WHG-USE1] Outgoing To IP: 192.250.225.3|6000"; classtype:trojan-activity; sid:37291371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 185.81.157.103 8888 (msg: "MISP e26419 [AS198375,c2,censys,INU-AS,RAT] Outgoing To IP: 185.81.157.103|8888"; classtype:trojan-activity; sid:37291381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 69.46.36.210 443 (msg: "MISP e26419 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.210|443"; classtype:trojan-activity; sid:37291391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,Mythic] Domain 238.200.202.35.bc.googleusercontent.com"; dns.query; content:"238.200.202.35.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])238\.200\.202\.35\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37291401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,Mythic] Outgoing HTTP Domain 238.200.202.35.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"238.200.202.35.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])238\.200\.202\.35\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37291402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 69.46.36.209 7443 (msg: "MISP e26419 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.209|7443"; classtype:trojan-activity; sid:37291411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 69.46.36.219 443 (msg: "MISP e26419 [AS19528,c2,censys,MPDCOL,Mythic] Outgoing To IP: 69.46.36.219|443"; classtype:trojan-activity; sid:37291421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain evgenytchurakin6.fvds.ru"; dns.query; content:"evgenytchurakin6.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin6\.fvds\.ru$/i"; classtype:trojan-activity; sid:37291431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain evgenytchurakin6.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"evgenytchurakin6.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin6\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37291432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [AS210558,c2,censys,HookBot] Domain jovial-wescoff.45-138-16-161.plesk.page"; dns.query; content:"jovial-wescoff.45-138-16-161.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])jovial\-wescoff\.45\-138\-16\-161\.plesk\.page$/i"; classtype:trojan-activity; sid:37291441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [AS210558,c2,censys,HookBot] Outgoing HTTP Domain jovial-wescoff.45-138-16-161.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jovial-wescoff.45-138-16-161.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jovial\-wescoff\.45\-138\-16\-161\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37291442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 45.138.16.161 80 (msg: "MISP e26419 [AS210558,c2,censys,HookBot] Outgoing To IP: 45.138.16.161|80"; classtype:trojan-activity; sid:37291451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 64.226.76.253 80 (msg: "MISP e26419 [AS14061,c2,censys,DIGITALOCEAN-ASN,HookBot] Outgoing To IP: 64.226.76.253|80"; classtype:trojan-activity; sid:37291461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 185.209.30.141 80 (msg: "MISP e26419 [AS48282,c2,censys,HookBot,VDSINA-AS] Outgoing To IP: 185.209.30.141|80"; classtype:trojan-activity; sid:37291471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 167.235.136.41 8081 (msg: "MISP e26419 [AS24940,c2,censys,HETZNER-AS] Outgoing To IP: 167.235.136.41|8081"; classtype:trojan-activity; sid:37291481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 193.233.132.214 8081 (msg: "MISP e26419 [AS216319,c2,censys,SUNHOST-AS] Outgoing To IP: 193.233.132.214|8081"; classtype:trojan-activity; sid:37291491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [AS24940,c2,censys,HETZNER-AS] Domain wapt.dgcs.cloud"; dns.query; content:"wapt.dgcs.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])wapt\.dgcs\.cloud$/i"; classtype:trojan-activity; sid:37291501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [AS24940,c2,censys,HETZNER-AS] Outgoing HTTP Domain wapt.dgcs.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wapt.dgcs.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wapt\.dgcs\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37291502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [AS31898,c2,censys,ORACLE-BMC-31898] Domain imperiummalczyc.pl"; dns.query; content:"imperiummalczyc.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-])imperiummalczyc\.pl$/i"; classtype:trojan-activity; sid:37291511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [AS31898,c2,censys,ORACLE-BMC-31898] Outgoing HTTP Domain imperiummalczyc.pl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"imperiummalczyc.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])imperiummalczyc\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37291512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 115.74.30.127 9999 (msg: "MISP e26419 [AS7552,c2,censys,RAT] Outgoing To IP: 115.74.30.127|9999"; classtype:trojan-activity; sid:37291521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 195.206.235.241 80 (msg: "MISP e26419 [AS47436,c2,censys,OMER-FARUK-DEMIRCI] Outgoing To IP: 195.206.235.241|80"; classtype:trojan-activity; sid:37291531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 74.234.3.141 80 (msg: "MISP e26419 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 74.234.3.141|80"; classtype:trojan-activity; sid:37291541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 95.214.177.31 80 (msg: "MISP e26419 [AS43260,c2,censys] Outgoing To IP: 95.214.177.31|80"; classtype:trojan-activity; sid:37291551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 51.107.41.155 80 (msg: "MISP e26419 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 51.107.41.155|80"; classtype:trojan-activity; sid:37291561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 129.152.4.113 5000 (msg: "MISP e26419 [AS31898,botnet,byob,c2,censys,ORACLE-BMC-31898] Outgoing To IP: 129.152.4.113|5000"; classtype:trojan-activity; sid:37291571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 52.20.229.84 443 (msg: "MISP e26419 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 52.20.229.84|443"; classtype:trojan-activity; sid:37291581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 109.107.181.93 80 (msg: "MISP e26419 [AEZA-AS,AS210644,c2,censys] Outgoing To IP: 109.107.181.93|80"; classtype:trojan-activity; sid:37291591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 79.137.207.38 80 (msg: "MISP e26419 [AEZA-AS,AS210644,c2,censys] Outgoing To IP: 79.137.207.38|80"; classtype:trojan-activity; sid:37291601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 123.206.227.241 60000 (msg: "MISP e26419 [AS45090,censys,Viper] Outgoing To IP: 123.206.227.241|60000"; classtype:trojan-activity; sid:37291611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 104.225.235.101 60000 (msg: "MISP e26419 [AS25820,censys,IT7NET,Viper] Outgoing To IP: 104.225.235.101|60000"; classtype:trojan-activity; sid:37291621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain 142-11-199-59.plesk.page"; dns.query; content:"142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37291631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain 142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37291632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 45.61.158.17 443 (msg: "MISP e26419 [AS14956,censys,GoPhish,phishing,ROUTERHOSTING] Outgoing To IP: 45.61.158.17|443"; classtype:trojan-activity; sid:37291641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 20.54.117.62 3333 (msg: "MISP e26419 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.54.117.62|3333"; classtype:trojan-activity; sid:37291651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 172.234.228.130 443 (msg: "MISP e26419 [AS63949,censys,GoPhish,phishing] Outgoing To IP: 172.234.228.130|443"; classtype:trojan-activity; sid:37291661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 4.175.95.128 3333 (msg: "MISP e26419 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 4.175.95.128|3333"; classtype:trojan-activity; sid:37291671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 99.81.225.111 443 (msg: "MISP e26419 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 99.81.225.111|443"; classtype:trojan-activity; sid:37291681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 35.233.72.158 3333 (msg: "MISP e26419 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 35.233.72.158|3333"; classtype:trojan-activity; sid:37291691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 20.105.186.218 3333 (msg: "MISP e26419 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.105.186.218|3333"; classtype:trojan-activity; sid:37291701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 110.42.163.130 36699 (msg: "MISP e26419 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 110.42.163.130|36699"; classtype:trojan-activity; sid:37291711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 138.91.109.82 3333 (msg: "MISP e26419 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 138.91.109.82|3333"; classtype:trojan-activity; sid:37291721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 20.211.122.42 3333 (msg: "MISP e26419 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.211.122.42|3333"; classtype:trojan-activity; sid:37291731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 5.9.185.124 2083 (msg: "MISP e26419 [AS24940,censys,GoPhish,HETZNER-AS,phishing] Outgoing To IP: 5.9.185.124|2083"; classtype:trojan-activity; sid:37291741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 198.199.121.71 443 (msg: "MISP e26419 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 198.199.121.71|443"; classtype:trojan-activity; sid:37291751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 1.12.221.30 3333 (msg: "MISP e26419 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 1.12.221.30|3333"; classtype:trojan-activity; sid:37291761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 202.83.25.9 4433 (msg: "MISP e26419 [AS24309,censys,GoPhish,phishing] Outgoing To IP: 202.83.25.9|4433"; classtype:trojan-activity; sid:37291771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 185.88.196.130 4433 (msg: "MISP e26419 [AS202757,CASTLE-IT,censys,GoPhish,phishing] Outgoing To IP: 185.88.196.130|4433"; classtype:trojan-activity; sid:37291781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 139.59.3.90 5000 (msg: "MISP e26419 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 139.59.3.90|5000"; classtype:trojan-activity; sid:37291791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 51.15.220.70 3333 (msg: "MISP e26419 [AS12876,censys,GoPhish,phishing] Outgoing To IP: 51.15.220.70|3333"; classtype:trojan-activity; sid:37291801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 185.83.113.126 32009 (msg: "MISP e26419 [AS59441,c2,censys,HOSTIRAN-NETWORK] Outgoing To IP: 185.83.113.126|32009"; classtype:trojan-activity; sid:37291811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 190.135.174.163 995 (msg: "MISP e26419 [AS6057,c2,censys] Outgoing To IP: 190.135.174.163|995"; classtype:trojan-activity; sid:37291821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//122.51.220.170/visit.js"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain 77.198.208.35.bc.googleusercontent.com"; dns.query; content:"77.198.208.35.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])77\.198\.208\.35\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37501751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain 77.198.208.35.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"77.198.208.35.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])77\.198\.208\.35\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37501752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 23.160.193.182 443 (msg: "MISP e26399 [] Outgoing To IP: 23.160.193.182|443"; classtype:trojan-activity; sid:37501761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 42.186.17.183 8080 (msg: "MISP e26399 [] Outgoing To IP: 42.186.17.183|8080"; classtype:trojan-activity; sid:37501771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain api.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"api.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37501781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain api.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"api.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37501782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 103.146.179.72 80 (msg: "MISP e26399 [] Outgoing To IP: 103.146.179.72|80"; classtype:trojan-activity; sid:37501791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 185.158.248.34 80 (msg: "MISP e26399 [] Outgoing To IP: 185.158.248.34|80"; classtype:trojan-activity; sid:37501801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain eganet.linkpc.net"; dns.query; content:"eganet.linkpc.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])eganet\.linkpc\.net$/i"; classtype:trojan-activity; sid:37501811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain eganet.linkpc.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eganet.linkpc.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eganet\.linkpc\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37501812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 154.44.10.51 80 (msg: "MISP e26399 [] Outgoing To IP: 154.44.10.51|80"; classtype:trojan-activity; sid:37501821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 106.75.240.189 4090 (msg: "MISP e26399 [] Outgoing To IP: 106.75.240.189|4090"; classtype:trojan-activity; sid:37501831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 117.50.178.197 33221 (msg: "MISP e26399 [] Outgoing To IP: 117.50.178.197|33221"; classtype:trojan-activity; sid:37501841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 5.161.85.189 443 (msg: "MISP e26399 [] Outgoing To IP: 5.161.85.189|443"; classtype:trojan-activity; sid:37501851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 146.70.149.184 443 (msg: "MISP e26399 [] Outgoing To IP: 146.70.149.184|443"; classtype:trojan-activity; sid:37501861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 86.107.199.30 10101 (msg: "MISP e26399 [] Outgoing To IP: 86.107.199.30|10101"; classtype:trojan-activity; sid:37501871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 45.134.225.245 80 (msg: "MISP e26399 [] Outgoing To IP: 45.134.225.245|80"; classtype:trojan-activity; sid:37501881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 2000 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|2000"; classtype:trojan-activity; sid:37501891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 1883 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|1883"; classtype:trojan-activity; sid:37501901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 1666 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|1666"; classtype:trojan-activity; sid:37501911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 2079 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|2079"; classtype:trojan-activity; sid:37501921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 2082 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|2082"; classtype:trojan-activity; sid:37501931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 2052 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|2052"; classtype:trojan-activity; sid:37501941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 1723 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|1723"; classtype:trojan-activity; sid:37501951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 2096 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|2096"; classtype:trojan-activity; sid:37501961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 1672 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|1672"; classtype:trojan-activity; sid:37501971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 2053 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|2053"; classtype:trojan-activity; sid:37501981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 2095 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|2095"; classtype:trojan-activity; sid:37501991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 78.129.165.233 443 (msg: "MISP e26399 [] Outgoing To IP: 78.129.165.233|443"; classtype:trojan-activity; sid:37502001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 2078 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|2078"; classtype:trojan-activity; sid:37502011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 187.135.85.245 2087 (msg: "MISP e26399 [] Outgoing To IP: 187.135.85.245|2087"; classtype:trojan-activity; sid:37502021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 46.246.6.5 2000 (msg: "MISP e26399 [] Outgoing To IP: 46.246.6.5|2000"; classtype:trojan-activity; sid:37502031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 209.141.54.92 443 (msg: "MISP e26399 [] Outgoing To IP: 209.141.54.92|443"; classtype:trojan-activity; sid:37502041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 186.112.206.181 2404 (msg: "MISP e26399 [] Outgoing To IP: 186.112.206.181|2404"; classtype:trojan-activity; sid:37502051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 185.81.157.21 7707 (msg: "MISP e26399 [] Outgoing To IP: 185.81.157.21|7707"; classtype:trojan-activity; sid:37502061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 185.81.157.21 8808 (msg: "MISP e26399 [] Outgoing To IP: 185.81.157.21|8808"; classtype:trojan-activity; sid:37502071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 5.252.74.133 80 (msg: "MISP e26399 [] Outgoing To IP: 5.252.74.133|80"; classtype:trojan-activity; sid:37502081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 193.26.115.221 7707 (msg: "MISP e26399 [] Outgoing To IP: 193.26.115.221|7707"; classtype:trojan-activity; sid:37502091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 178.33.203.39 7707 (msg: "MISP e26399 [] Outgoing To IP: 178.33.203.39|7707"; classtype:trojan-activity; sid:37502101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 5.252.74.133 8080 (msg: "MISP e26399 [] Outgoing To IP: 5.252.74.133|8080"; classtype:trojan-activity; sid:37502111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 178.33.203.39 8808 (msg: "MISP e26399 [] Outgoing To IP: 178.33.203.39|8808"; classtype:trojan-activity; sid:37502121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 186.170.96.237 2404 (msg: "MISP e26399 [] Outgoing To IP: 186.170.96.237|2404"; classtype:trojan-activity; sid:37502131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 185.81.157.106 443 (msg: "MISP e26399 [] Outgoing To IP: 185.81.157.106|443"; classtype:trojan-activity; sid:37502141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 45.88.186.16 8808 (msg: "MISP e26399 [] Outgoing To IP: 45.88.186.16|8808"; classtype:trojan-activity; sid:37502151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 154.212.146.81 7707 (msg: "MISP e26399 [] Outgoing To IP: 154.212.146.81|7707"; classtype:trojan-activity; sid:37502161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 154.212.146.81 8808 (msg: "MISP e26399 [] Outgoing To IP: 154.212.146.81|8808"; classtype:trojan-activity; sid:37502171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 185.81.157.103 8888 (msg: "MISP e26399 [] Outgoing To IP: 185.81.157.103|8888"; classtype:trojan-activity; sid:37502181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 192.250.225.3 6000 (msg: "MISP e26399 [] Outgoing To IP: 192.250.225.3|6000"; classtype:trojan-activity; sid:37502191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 69.46.36.210 443 (msg: "MISP e26399 [] Outgoing To IP: 69.46.36.210|443"; classtype:trojan-activity; sid:37502201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain 238.200.202.35.bc.googleusercontent.com"; dns.query; content:"238.200.202.35.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])238\.200\.202\.35\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37502211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain 238.200.202.35.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"238.200.202.35.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])238\.200\.202\.35\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37502212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 69.46.36.209 7443 (msg: "MISP e26399 [] Outgoing To IP: 69.46.36.209|7443"; classtype:trojan-activity; sid:37502221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 69.46.36.219 443 (msg: "MISP e26399 [] Outgoing To IP: 69.46.36.219|443"; classtype:trojan-activity; sid:37502231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 64.226.76.253 80 (msg: "MISP e26399 [] Outgoing To IP: 64.226.76.253|80"; classtype:trojan-activity; sid:37502241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 45.138.16.161 80 (msg: "MISP e26399 [] Outgoing To IP: 45.138.16.161|80"; classtype:trojan-activity; sid:37502251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain evgenytchurakin6.fvds.ru"; dns.query; content:"evgenytchurakin6.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin6\.fvds\.ru$/i"; classtype:trojan-activity; sid:37502261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain evgenytchurakin6.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"evgenytchurakin6.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin6\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37502262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain jovial-wescoff.45-138-16-161.plesk.page"; dns.query; content:"jovial-wescoff.45-138-16-161.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])jovial\-wescoff\.45\-138\-16\-161\.plesk\.page$/i"; classtype:trojan-activity; sid:37502271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain jovial-wescoff.45-138-16-161.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jovial-wescoff.45-138-16-161.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jovial\-wescoff\.45\-138\-16\-161\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37502272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 167.235.136.41 8081 (msg: "MISP e26399 [] Outgoing To IP: 167.235.136.41|8081"; classtype:trojan-activity; sid:37502281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 185.209.30.141 80 (msg: "MISP e26399 [] Outgoing To IP: 185.209.30.141|80"; classtype:trojan-activity; sid:37502291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain imperiummalczyc.pl"; dns.query; content:"imperiummalczyc.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-])imperiummalczyc\.pl$/i"; classtype:trojan-activity; sid:37502301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain imperiummalczyc.pl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"imperiummalczyc.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])imperiummalczyc\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37502302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 193.233.132.214 8081 (msg: "MISP e26399 [] Outgoing To IP: 193.233.132.214|8081"; classtype:trojan-activity; sid:37502311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 195.206.235.241 80 (msg: "MISP e26399 [] Outgoing To IP: 195.206.235.241|80"; classtype:trojan-activity; sid:37502321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 74.234.3.141 80 (msg: "MISP e26399 [] Outgoing To IP: 74.234.3.141|80"; classtype:trojan-activity; sid:37502331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 115.74.30.127 9999 (msg: "MISP e26399 [] Outgoing To IP: 115.74.30.127|9999"; classtype:trojan-activity; sid:37502341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain wapt.dgcs.cloud"; dns.query; content:"wapt.dgcs.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])wapt\.dgcs\.cloud$/i"; classtype:trojan-activity; sid:37502351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain wapt.dgcs.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wapt.dgcs.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wapt\.dgcs\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37502352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 51.107.41.155 80 (msg: "MISP e26399 [] Outgoing To IP: 51.107.41.155|80"; classtype:trojan-activity; sid:37502361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 95.214.177.31 80 (msg: "MISP e26399 [] Outgoing To IP: 95.214.177.31|80"; classtype:trojan-activity; sid:37502371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 52.20.229.84 443 (msg: "MISP e26399 [] Outgoing To IP: 52.20.229.84|443"; classtype:trojan-activity; sid:37502381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 129.152.4.113 5000 (msg: "MISP e26399 [] Outgoing To IP: 129.152.4.113|5000"; classtype:trojan-activity; sid:37502391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 79.137.207.38 80 (msg: "MISP e26399 [] Outgoing To IP: 79.137.207.38|80"; classtype:trojan-activity; sid:37502401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 109.107.181.93 80 (msg: "MISP e26399 [] Outgoing To IP: 109.107.181.93|80"; classtype:trojan-activity; sid:37502411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 104.225.235.101 60000 (msg: "MISP e26399 [] Outgoing To IP: 104.225.235.101|60000"; classtype:trojan-activity; sid:37502421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 123.206.227.241 60000 (msg: "MISP e26399 [] Outgoing To IP: 123.206.227.241|60000"; classtype:trojan-activity; sid:37502431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 20.54.117.62 3333 (msg: "MISP e26399 [] Outgoing To IP: 20.54.117.62|3333"; classtype:trojan-activity; sid:37502441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain 142-11-199-59.plesk.page"; dns.query; content:"142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37502451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain 142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37502452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 99.81.225.111 443 (msg: "MISP e26399 [] Outgoing To IP: 99.81.225.111|443"; classtype:trojan-activity; sid:37502461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 4.175.95.128 3333 (msg: "MISP e26399 [] Outgoing To IP: 4.175.95.128|3333"; classtype:trojan-activity; sid:37502471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 172.234.228.130 443 (msg: "MISP e26399 [] Outgoing To IP: 172.234.228.130|443"; classtype:trojan-activity; sid:37502481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 45.61.158.17 443 (msg: "MISP e26399 [] Outgoing To IP: 45.61.158.17|443"; classtype:trojan-activity; sid:37502491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 110.42.163.130 36699 (msg: "MISP e26399 [] Outgoing To IP: 110.42.163.130|36699"; classtype:trojan-activity; sid:37502501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 20.105.186.218 3333 (msg: "MISP e26399 [] Outgoing To IP: 20.105.186.218|3333"; classtype:trojan-activity; sid:37502511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 35.233.72.158 3333 (msg: "MISP e26399 [] Outgoing To IP: 35.233.72.158|3333"; classtype:trojan-activity; sid:37502521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 138.91.109.82 3333 (msg: "MISP e26399 [] Outgoing To IP: 138.91.109.82|3333"; classtype:trojan-activity; sid:37502531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 5.9.185.124 2083 (msg: "MISP e26399 [] Outgoing To IP: 5.9.185.124|2083"; classtype:trojan-activity; sid:37502541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 20.211.122.42 3333 (msg: "MISP e26399 [] Outgoing To IP: 20.211.122.42|3333"; classtype:trojan-activity; sid:37502551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 1.12.221.30 3333 (msg: "MISP e26399 [] Outgoing To IP: 1.12.221.30|3333"; classtype:trojan-activity; sid:37502561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 198.199.121.71 443 (msg: "MISP e26399 [] Outgoing To IP: 198.199.121.71|443"; classtype:trojan-activity; sid:37502571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 185.88.196.130 4433 (msg: "MISP e26399 [] Outgoing To IP: 185.88.196.130|4433"; classtype:trojan-activity; sid:37502581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 202.83.25.9 4433 (msg: "MISP e26399 [] Outgoing To IP: 202.83.25.9|4433"; classtype:trojan-activity; sid:37502591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 190.135.174.163 995 (msg: "MISP e26399 [] Outgoing To IP: 190.135.174.163|995"; classtype:trojan-activity; sid:37502601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 185.83.113.126 32009 (msg: "MISP e26399 [] Outgoing To IP: 185.83.113.126|32009"; classtype:trojan-activity; sid:37502611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 51.15.220.70 3333 (msg: "MISP e26399 [] Outgoing To IP: 51.15.220.70|3333"; classtype:trojan-activity; sid:37502621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 139.59.3.90 5000 (msg: "MISP e26399 [] Outgoing To IP: 139.59.3.90|5000"; classtype:trojan-activity; sid:37502631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 203.95.9.54 any (msg: "MISP e26677 [] Outgoing To IP: 203.95.9.54"; classtype:trojan-activity; sid:37505871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26677;) alert ip $HOME_NET any -> 203.95.8.98 any (msg: "MISP e26677 [ C2] Outgoing To IP: 203.95.8.98"; classtype:trojan-activity; sid:37505861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26677;) alert dns any any -> any any (msg: "MISP e26631 [] Domain mail.cock.li"; dns.query; content:"mail.cock.li"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.cock\.li$/i"; classtype:trojan-activity; sid:37488361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26631 [] Outgoing HTTP Domain mail.cock.li"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.cock.li"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.cock\.li[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37488362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26631;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26631 [] Source Email Address: arua@rape.lol"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"arua@rape.lol"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37488371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26631;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26631 [] Destination Email Address: arua@rape.lol"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"arua@rape.lol"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37488372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26631;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26631 [] Destination Email Address: marksolomann@mail.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"marksolomann@mail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37488381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26631;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26678 [] Source Email Address: teikobest@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"teikobest@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37507361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26678;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26678 [] Source Email Address: loxoclash@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"loxoclash@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37507371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26678;) alert ip $HOME_NET any -> 50.215.39.49 any (msg: "MISP e26679 [] Outgoing To IP: 50.215.39.49"; classtype:trojan-activity; sid:37507071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert ip $HOME_NET any -> 186.179.39.235 any (msg: "MISP e26679 [] Outgoing To IP: 186.179.39.235"; classtype:trojan-activity; sid:37507091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert ip $HOME_NET any -> 91.92.254.14 any (msg: "MISP e26679 [] Outgoing To IP: 91.92.254.14"; classtype:trojan-activity; sid:37507101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert ip $HOME_NET any -> 45.61.136.14 any (msg: "MISP e26679 [] Outgoing To IP: 45.61.136.14"; classtype:trojan-activity; sid:37507121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert ip $HOME_NET any -> 173.220.106.166 any (msg: "MISP e26679 [] Outgoing To IP: 173.220.106.166"; classtype:trojan-activity; sid:37507131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert ip $HOME_NET any -> 8.137.112.245 any (msg: "MISP e26679 [] Outgoing To IP: 8.137.112.245"; classtype:trojan-activity; sid:37507061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert ip $HOME_NET any -> 131.153.231.178 2221 (msg: "MISP e26419 [] Outgoing To IP: 131.153.231.178|2221"; classtype:trojan-activity; sid:37291831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 95.179.135.3 2225 (msg: "MISP e26419 [] Outgoing To IP: 95.179.135.3|2225"; classtype:trojan-activity; sid:37291841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 155.138.147.62 2223 (msg: "MISP e26419 [] Outgoing To IP: 155.138.147.62|2223"; classtype:trojan-activity; sid:37291851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 86.38.225.109 13724 (msg: "MISP e26419 [] Outgoing To IP: 86.38.225.109|13724"; classtype:trojan-activity; sid:37291861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 172.232.189.219 2224 (msg: "MISP e26419 [] Outgoing To IP: 172.232.189.219|2224"; classtype:trojan-activity; sid:37291871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 198.44.187.12 2224 (msg: "MISP e26419 [] Outgoing To IP: 198.44.187.12|2224"; classtype:trojan-activity; sid:37291881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 45.32.21.184 5242 (msg: "MISP e26419 [] Outgoing To IP: 45.32.21.184|5242"; classtype:trojan-activity; sid:37291891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 172.232.189.10 1194 (msg: "MISP e26419 [] Outgoing To IP: 172.232.189.10|1194"; classtype:trojan-activity; sid:37291901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 172.232.162.97 13783 (msg: "MISP e26419 [] Outgoing To IP: 172.232.162.97|13783"; classtype:trojan-activity; sid:37291911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain logclear.pl"; dns.query; content:"logclear.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-])logclear\.pl$/i"; classtype:trojan-activity; sid:37506911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain logclear.pl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"logclear.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])logclear\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37506912; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain secure-cama.com"; dns.query; content:"secure-cama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])secure\-cama\.com$/i"; classtype:trojan-activity; sid:37506921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain secure-cama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"secure-cama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])secure\-cama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37506922; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain symantke.com"; dns.query; content:"symantke.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])symantke\.com$/i"; classtype:trojan-activity; sid:37506931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain symantke.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"symantke.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])symantke\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37506932; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain line-api.com"; dns.query; content:"line-api.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])line\-api\.com$/i"; classtype:trojan-activity; sid:37506941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain line-api.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"line-api.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])line\-api\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37506942; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain entraide-internationale.fr"; dns.query; content:"entraide-internationale.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])entraide\-internationale\.fr$/i"; classtype:trojan-activity; sid:37506951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain entraide-internationale.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"entraide-internationale.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])entraide\-internationale\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37506952; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain ehangmun.com"; dns.query; content:"ehangmun.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ehangmun\.com$/i"; classtype:trojan-activity; sid:37506961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain ehangmun.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ehangmun.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ehangmun\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37506962; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain duorhytm.fun"; dns.query; content:"duorhytm.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])duorhytm\.fun$/i"; classtype:trojan-activity; sid:37506971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain duorhytm.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"duorhytm.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])duorhytm\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37506972; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain clicko.click"; dns.query; content:"clicko.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])clicko\.click$/i"; classtype:trojan-activity; sid:37506981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain clicko.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clicko.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clicko\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37506982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain clickcom.click"; dns.query; content:"clickcom.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])clickcom\.click$/i"; classtype:trojan-activity; sid:37506991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain clickcom.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clickcom.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clickcom\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37506992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain areekaweb.com"; dns.query; content:"areekaweb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])areekaweb\.com$/i"; classtype:trojan-activity; sid:37507001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain areekaweb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"areekaweb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])areekaweb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37507002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain miltonhouse.nl"; dns.query; content:"miltonhouse.nl"; nocase; pcre: "/(^|[^A-Za-z0-9-])miltonhouse\.nl$/i"; classtype:trojan-activity; sid:37507011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain miltonhouse.nl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"miltonhouse.nl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])miltonhouse\.nl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37507012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert dns any any -> any any (msg: "MISP e26679 [ C2] Domain request.data"; dns.query; content:"request.data"; nocase; pcre: "/(^|[^A-Za-z0-9-])request\.data$/i"; classtype:trojan-activity; sid:37507021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26679 [ C2] Outgoing HTTP Domain request.data"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"request.data"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])request\.data[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37507022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26679;) alert ip $HOME_NET any -> 5.39.43.50 1050 (msg: "MISP e26419 [njrat,RAT] Outgoing To IP: 5.39.43.50|1050"; classtype:trojan-activity; sid:37291921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 155.138.147.62 2223 (msg: "MISP e26399 [] Outgoing To IP: 155.138.147.62|2223"; classtype:trojan-activity; sid:37501631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 172.232.162.97 13783 (msg: "MISP e26399 [] Outgoing To IP: 172.232.162.97|13783"; classtype:trojan-activity; sid:37501641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 131.153.231.178 2221 (msg: "MISP e26399 [] Outgoing To IP: 131.153.231.178|2221"; classtype:trojan-activity; sid:37501651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 95.179.135.3 2225 (msg: "MISP e26399 [] Outgoing To IP: 95.179.135.3|2225"; classtype:trojan-activity; sid:37501661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 45.32.21.184 5242 (msg: "MISP e26399 [] Outgoing To IP: 45.32.21.184|5242"; classtype:trojan-activity; sid:37501671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 172.232.189.10 1194 (msg: "MISP e26399 [] Outgoing To IP: 172.232.189.10|1194"; classtype:trojan-activity; sid:37501681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 86.38.225.109 13724 (msg: "MISP e26399 [] Outgoing To IP: 86.38.225.109|13724"; classtype:trojan-activity; sid:37501691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 172.232.189.219 2224 (msg: "MISP e26399 [] Outgoing To IP: 172.232.189.219|2224"; classtype:trojan-activity; sid:37501701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 198.44.187.12 2224 (msg: "MISP e26399 [] Outgoing To IP: 198.44.187.12|2224"; classtype:trojan-activity; sid:37501711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 5.39.43.50 1050 (msg: "MISP e26399 [] Outgoing To IP: 5.39.43.50|1050"; classtype:trojan-activity; sid:37501741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26593 [] Domain be-isabel-6.com"; dns.query; content:"be-isabel-6.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])be\-isabel\-6\.com$/i"; classtype:trojan-activity; sid:37484731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26593;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26593 [] Outgoing HTTP Domain be-isabel-6.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"be-isabel-6.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])be\-isabel\-6\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37484732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26593;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26593 [] Outgoing URL http|3a|//online.shcoolrefrigeration.com/"; flow:to_server,established; http.header; content:"online.shcoolrefrigeration.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37484751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26593;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26277 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//aineommall.com/lt/lt.exe"; flow:to_server,established; http.header; content:"aineommall.com"; fast_pattern; nocase; http.uri; content:"/lt/lt.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37477611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26277;) alert dns any any -> any any (msg: "MISP e26375 [] Domain swedbank-help.com"; dns.query; content:"swedbank-help.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])swedbank\-help\.com$/i"; classtype:trojan-activity; sid:37253081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Domain swedbank-help.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"swedbank-help.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])swedbank\-help\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert dns any any -> any any (msg: "MISP e26681 [] Hostname ns1.disponibletogether.com"; dns.query; content:"ns1.disponibletogether.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ns1\.disponibletogether\.com$/i"; classtype:trojan-activity; sid:37508581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26681;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26681 [] Outgoing HTTP Hostname ns1.disponibletogether.com"; flow:to_server,established; http.header; content: "Host|3a| ns1.disponibletogether.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ns1\.disponibletogether\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37508582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26681;) alert ip $HOME_NET any -> 185.196.9.190 any (msg: "MISP e26681 [] Outgoing To IP: 185.196.9.190"; classtype:trojan-activity; sid:37508591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26681;) alert ip $HOME_NET any -> 185.196.9.200 any (msg: "MISP e26681 [] Outgoing To IP: 185.196.9.200"; classtype:trojan-activity; sid:37508601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26681;) alert ip $HOME_NET any -> 185.196.9.5 any (msg: "MISP e26681 [] Outgoing To IP: 185.196.9.5"; classtype:trojan-activity; sid:37508611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26681;) alert ip $HOME_NET any -> 185.196.9.7 any (msg: "MISP e26681 [] Outgoing To IP: 185.196.9.7"; classtype:trojan-activity; sid:37508621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26681;) alert ip $HOME_NET any -> 185.196.9.8 any (msg: "MISP e26681 [] Outgoing To IP: 185.196.9.8"; classtype:trojan-activity; sid:37508631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26681;) alert ip $HOME_NET any -> 185.196.9.181 any (msg: "MISP e26681 [] Outgoing To IP: 185.196.9.181"; classtype:trojan-activity; sid:37508641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26681;) alert ip $HOME_NET any -> 188.116.23.142 23033 (msg: "MISP e26419 [RAT,RemcosRAT] Outgoing To IP: 188.116.23.142|23033"; classtype:trojan-activity; sid:37291931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26375 [] Domain iboymegapanel.com"; dns.query; content:"iboymegapanel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])iboymegapanel\.com$/i"; classtype:trojan-activity; sid:37253091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Domain iboymegapanel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"iboymegapanel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])iboymegapanel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37253092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [Loki] Outgoing URL http|3a|//ebnsina.top/kelvin/five/fre.php"; flow:to_server,established; http.header; content:"ebnsina.top"; fast_pattern; nocase; http.uri; content:"/kelvin/five/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37291941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//ebnsina.top/kelvin/five/fre.php"; flow:to_server,established; http.header; content:"ebnsina.top"; fast_pattern; nocase; http.uri; content:"/kelvin/five/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37502891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 188.116.23.142 23033 (msg: "MISP e26399 [] Outgoing To IP: 188.116.23.142|23033"; classtype:trojan-activity; sid:37502901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 5.39.43.50 1609 (msg: "MISP e26399 [] Outgoing To IP: 5.39.43.50|1609"; classtype:trojan-activity; sid:37502911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26682 [diamond-model:Infrastructure] Domain medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion"; dns.query; content:"medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd\.onion$/i"; classtype:trojan-activity; sid:37508781; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26682;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26682 [diamond-model:Infrastructure] Outgoing HTTP Domain medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37508782; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26682;) alert dns any any -> any any (msg: "MISP e26682 [diamond-model:Infrastructure] Domain medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion"; dns.query; content:"medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd\.onion$/i"; classtype:trojan-activity; sid:37508791; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26682;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26682 [diamond-model:Infrastructure] Outgoing HTTP Domain medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37508792; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26682;) alert dns any any -> any any (msg: "MISP e26286 [] Domain mi-tarjetacencosud.cl.kayroscc.org"; dns.query; content:"mi-tarjetacencosud.cl.kayroscc.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\.cl\.kayroscc\.org$/i"; classtype:trojan-activity; sid:37236621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26286;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26286 [] Outgoing HTTP Domain mi-tarjetacencosud.cl.kayroscc.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud.cl.kayroscc.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\.cl\.kayroscc\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37236622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26286;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26683 [] Outgoing URL slack.trialap.com/app/Slack-Apps.dmg"; flow:to_server,established; http.uri; content:"slack.trialap.com/app/Slack-Apps.dmg"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37508991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26683;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26683 [] Outgoing URL slack.trialap.com/app/Slack-x86.msix"; flow:to_server,established; http.uri; content:"slack.trialap.com/app/Slack-x86.msix"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37509041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26683;) alert dns any any -> any any (msg: "MISP e26683 [ C2] Domain ads-strong.online"; dns.query; content:"ads-strong.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-strong\.online$/i"; classtype:trojan-activity; sid:37509051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26683;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26683 [ C2] Outgoing HTTP Domain ads-strong.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ads-strong.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-strong\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37509052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26683;) alert ip $HOME_NET any -> 5.42.65.108 any (msg: "MISP e26683 [ C2] Outgoing To IP: 5.42.65.108"; classtype:trojan-activity; sid:37509071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26683;) alert dns any any -> any any (msg: "MISP e26683 [malvertising] Hostname red.seecho.net"; dns.query; content:"red.seecho.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])red\.seecho\.net$/i"; classtype:trojan-activity; sid:37509011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26683;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26683 [malvertising] Outgoing HTTP Hostname red.seecho.net"; flow:to_server,established; http.header; content: "Host|3a| red.seecho.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])red\.seecho\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37509012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26683;) alert dns any any -> any any (msg: "MISP e26683 [ Decoy] Hostname slack.trialap.com"; dns.query; content:"slack.trialap.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])slack\.trialap\.com$/i"; classtype:trojan-activity; sid:37509001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26683;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26683 [ Decoy] Outgoing HTTP Hostname slack.trialap.com"; flow:to_server,established; http.header; content: "Host|3a| slack.trialap.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])slack\.trialap\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37509002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26683;) alert dns any any -> any any (msg: "MISP e26683 [malvertising] Hostname ivchlo.gotrackier.com"; dns.query; content:"ivchlo.gotrackier.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ivchlo\.gotrackier\.com$/i"; classtype:trojan-activity; sid:37509021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26683;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26683 [malvertising] Outgoing HTTP Hostname ivchlo.gotrackier.com"; flow:to_server,established; http.header; content: "Host|3a| ivchlo.gotrackier.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ivchlo\.gotrackier\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37509022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26683;) alert dns any any -> any any (msg: "MISP e26675 [] Hostname brouweres.com"; dns.query; content:"brouweres.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brouweres\.com$/i"; classtype:trojan-activity; sid:37505171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26675;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26675 [] Outgoing HTTP Hostname brouweres.com"; flow:to_server,established; http.header; content: "Host|3a| brouweres.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brouweres\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37505172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26675;) alert dns any any -> any any (msg: "MISP e26419 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Domain dns.artstrailman.com"; dns.query; content:"dns.artstrailman.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.artstrailman\.com$/i"; classtype:trojan-activity; sid:37291961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing HTTP Domain dns.artstrailman.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.artstrailman.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.artstrailman\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37291962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 95.179.189.177 53 (msg: "MISP e26419 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing To IP: 95.179.189.177|53"; classtype:trojan-activity; sid:37291971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26399 [] Domain ebnsina.top"; dns.query; content:"ebnsina.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ebnsina\.top$/i"; classtype:trojan-activity; sid:37502931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain ebnsina.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ebnsina.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ebnsina\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37502932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 95.179.189.177 53 (msg: "MISP e26399 [] Outgoing To IP: 95.179.189.177|53"; classtype:trojan-activity; sid:37502941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain dns.artstrailman.com"; dns.query; content:"dns.artstrailman.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.artstrailman\.com$/i"; classtype:trojan-activity; sid:37502951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain dns.artstrailman.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.artstrailman.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.artstrailman\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37502952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26419 [infostealer,LokiBot,stealer] Domain ebnsina.top"; dns.query; content:"ebnsina.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ebnsina\.top$/i"; classtype:trojan-activity; sid:37291981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [infostealer,LokiBot,stealer] Outgoing HTTP Domain ebnsina.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ebnsina.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ebnsina\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37291982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 5.255.116.158 443 (msg: "MISP e26399 [] Outgoing To IP: 5.255.116.158|443"; classtype:trojan-activity; sid:37502961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 85.239.34.138 443 (msg: "MISP e26399 [] Outgoing To IP: 85.239.34.138|443"; classtype:trojan-activity; sid:37502971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 185.99.133.77 443 (msg: "MISP e26399 [] Outgoing To IP: 185.99.133.77|443"; classtype:trojan-activity; sid:37502981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 85.239.34.138 443 (msg: "MISP e26419 [Latrodectus] Outgoing To IP: 85.239.34.138|443"; classtype:trojan-activity; sid:37292011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 185.99.133.77 443 (msg: "MISP e26419 [Latrodectus] Outgoing To IP: 185.99.133.77|443"; classtype:trojan-activity; sid:37291991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 5.255.116.158 443 (msg: "MISP e26419 [Latrodectus] Outgoing To IP: 5.255.116.158|443"; classtype:trojan-activity; sid:37292001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 5.39.43.50 1610 (msg: "MISP e26399 [] Outgoing To IP: 5.39.43.50|1610"; classtype:trojan-activity; sid:37502991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 65.109.242.48 9000 (msg: "MISP e26419 [Vidar] Outgoing To IP: 65.109.242.48|9000"; classtype:trojan-activity; sid:37292021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 65.109.242.48 443 (msg: "MISP e26419 [Vidar] Outgoing To IP: 65.109.242.48|443"; classtype:trojan-activity; sid:37292031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 65.109.242.48 443 (msg: "MISP e26399 [] Outgoing To IP: 65.109.242.48|443"; classtype:trojan-activity; sid:37503021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 65.109.242.48 9000 (msg: "MISP e26399 [] Outgoing To IP: 65.109.242.48|9000"; classtype:trojan-activity; sid:37503031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [CobaltStrike,cs-watermark-1357776117,HOSTKEY] Outgoing URL http|3a|//saturnreviews.com/alert/welcome/qj81aiz9qhk"; flow:to_server,established; http.header; content:"saturnreviews.com"; fast_pattern; nocase; http.uri; content:"/alert/welcome/qj81aiz9qhk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [CobaltStrike,cs-watermark-1357776117,HOSTKEY] Domain saturnreviews.com"; dns.query; content:"saturnreviews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])saturnreviews\.com$/i"; classtype:trojan-activity; sid:37292071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [CobaltStrike,cs-watermark-1357776117,HOSTKEY] Outgoing HTTP Domain saturnreviews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saturnreviews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saturnreviews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 179.60.149.231 80 (msg: "MISP e26419 [CobaltStrike,cs-watermark-1357776117,HOSTKEY] Outgoing To IP: 179.60.149.231|80"; classtype:trojan-activity; sid:37292081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip 1.190.202.71 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.190.202.71"; classtype:trojan-activity; sid:37470091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 1.70.136.155 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.70.136.155"; classtype:trojan-activity; sid:37470101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 1.63.7.149 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.63.7.149"; classtype:trojan-activity; sid:37470111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 104.140.188.34 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.140.188.34"; classtype:trojan-activity; sid:37470121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 111.169.76.33 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.169.76.33"; classtype:trojan-activity; sid:37470131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 106.56.32.5 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.56.32.5"; classtype:trojan-activity; sid:37470141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 80.82.77.33 any -> $HOME_NET any (msg: "MISP e26553 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.82.77.33"; classtype:trojan-activity; sid:37470851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26553;) alert ip 1.202.113.63 any -> $HOME_NET any (msg: "MISP e26552 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.202.113.63"; classtype:trojan-activity; sid:37470821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26552;) alert ip 111.170.127.119 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.170.127.119"; classtype:trojan-activity; sid:37470151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 111.61.92.194 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.61.92.194"; classtype:trojan-activity; sid:37470161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 111.47.73.203 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.47.73.203"; classtype:trojan-activity; sid:37470171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 112.114.152.197 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.114.152.197"; classtype:trojan-activity; sid:37470181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 112.103.75.51 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.75.51"; classtype:trojan-activity; sid:37470191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 113.200.137.60 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.60"; classtype:trojan-activity; sid:37470201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 112.27.59.147 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.27.59.147"; classtype:trojan-activity; sid:37470211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 113.128.27.165 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.128.27.165"; classtype:trojan-activity; sid:37470221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 114.220.13.51 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.220.13.51"; classtype:trojan-activity; sid:37470231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 113.215.216.63 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.215.216.63"; classtype:trojan-activity; sid:37470241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 116.53.241.146 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.53.241.146"; classtype:trojan-activity; sid:37470251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 113.221.26.41 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.221.26.41"; classtype:trojan-activity; sid:37470261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 114.226.63.67 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.226.63.67"; classtype:trojan-activity; sid:37470271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 117.214.78.64 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.78.64"; classtype:trojan-activity; sid:37470281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 114.37.119.178 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.37.119.178"; classtype:trojan-activity; sid:37470291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 117.103.159.250 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.103.159.250"; classtype:trojan-activity; sid:37470301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 118.250.55.29 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.250.55.29"; classtype:trojan-activity; sid:37470311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 117.209.86.243 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.209.86.243"; classtype:trojan-activity; sid:37470321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 117.233.201.35 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.201.35"; classtype:trojan-activity; sid:37470331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 118.180.166.44 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.180.166.44"; classtype:trojan-activity; sid:37470341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 118.71.106.197 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.71.106.197"; classtype:trojan-activity; sid:37470351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 120.196.68.204 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.196.68.204"; classtype:trojan-activity; sid:37470361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 119.112.198.213 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.112.198.213"; classtype:trojan-activity; sid:37470371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 121.167.167.106 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.167.167.106"; classtype:trojan-activity; sid:37470381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 121.228.17.202 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.228.17.202"; classtype:trojan-activity; sid:37470391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 122.117.156.4 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.156.4"; classtype:trojan-activity; sid:37470401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 121.228.151.132 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.228.151.132"; classtype:trojan-activity; sid:37470411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 121.233.167.135 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.233.167.135"; classtype:trojan-activity; sid:37470421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 123.222.97.136 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.222.97.136"; classtype:trojan-activity; sid:37470431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 121.61.24.251 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.24.251"; classtype:trojan-activity; sid:37470441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 122.6.250.168 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.6.250.168"; classtype:trojan-activity; sid:37470451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 125.185.242.107 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.185.242.107"; classtype:trojan-activity; sid:37470461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 123.185.109.174 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.185.109.174"; classtype:trojan-activity; sid:37470471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 124.117.252.158 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.117.252.158"; classtype:trojan-activity; sid:37470481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 168.196.165.220 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.196.165.220"; classtype:trojan-activity; sid:37470491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 124.255.20.34 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.255.20.34"; classtype:trojan-activity; sid:37470501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 152.170.200.131 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.170.200.131"; classtype:trojan-activity; sid:37470511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 180.107.231.206 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.107.231.206"; classtype:trojan-activity; sid:37470521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 166.253.68.54 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 166.253.68.54"; classtype:trojan-activity; sid:37470531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 176.8.23.42 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.8.23.42"; classtype:trojan-activity; sid:37470541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 178.159.232.204 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.159.232.204"; classtype:trojan-activity; sid:37470551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 182.158.91.132 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.158.91.132"; classtype:trojan-activity; sid:37470561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 180.119.8.204 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.119.8.204"; classtype:trojan-activity; sid:37470571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 181.101.93.105 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.101.93.105"; classtype:trojan-activity; sid:37470581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 183.128.221.83 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.128.221.83"; classtype:trojan-activity; sid:37470591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 182.53.150.197 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.150.197"; classtype:trojan-activity; sid:37470601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 182.247.148.170 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.247.148.170"; classtype:trojan-activity; sid:37470611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 183.4.224.181 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.4.224.181"; classtype:trojan-activity; sid:37470621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 188.226.109.166 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.226.109.166"; classtype:trojan-activity; sid:37470631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 183.253.104.253 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.253.104.253"; classtype:trojan-activity; sid:37470641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip $HOME_NET any -> 179.60.149.231 80 (msg: "MISP e26399 [] Outgoing To IP: 179.60.149.231|80"; classtype:trojan-activity; sid:37503051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//saturnreviews.com/Alert/welcome/QJ81AIZ9QHK"; flow:to_server,established; http.header; content:"saturnreviews.com"; fast_pattern; nocase; http.uri; content:"/Alert/welcome/QJ81AIZ9QHK"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain saturnreviews.com"; dns.query; content:"saturnreviews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])saturnreviews\.com$/i"; classtype:trojan-activity; sid:37503071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain saturnreviews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saturnreviews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saturnreviews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip 200.59.72.214 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.59.72.214"; classtype:trojan-activity; sid:37470651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 200.53.26.251 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.53.26.251"; classtype:trojan-activity; sid:37470661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 191.196.133.247 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.196.133.247"; classtype:trojan-activity; sid:37470671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 213.65.157.90 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.65.157.90"; classtype:trojan-activity; sid:37470681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 119.28.158.97 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.158.97"; classtype:trojan-activity; sid:37470881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 198.235.24.107 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.107"; classtype:trojan-activity; sid:37470891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 101.42.52.240 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.52.240"; classtype:trojan-activity; sid:37470901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 163.172.216.48 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.172.216.48"; classtype:trojan-activity; sid:37470911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 122.114.156.157 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.156.157"; classtype:trojan-activity; sid:37470921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 221.214.2.98 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.214.2.98"; classtype:trojan-activity; sid:37470931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.128.116.24 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.116.24"; classtype:trojan-activity; sid:37470941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 158.51.99.81 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.51.99.81"; classtype:trojan-activity; sid:37470951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 104.236.68.209 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.68.209"; classtype:trojan-activity; sid:37470961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 124.156.223.195 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.223.195"; classtype:trojan-activity; sid:37470971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 180.230.178.244 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.230.178.244"; classtype:trojan-activity; sid:37470981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 210.68.6.48 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.68.6.48"; classtype:trojan-activity; sid:37470991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 192.72.105.47 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.72.105.47"; classtype:trojan-activity; sid:37471001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 86.245.111.225 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.245.111.225"; classtype:trojan-activity; sid:37470691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 58.246.97.150 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.246.97.150"; classtype:trojan-activity; sid:37470701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 39.74.152.89 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.74.152.89"; classtype:trojan-activity; sid:37470711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 220.133.195.93 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.133.195.93"; classtype:trojan-activity; sid:37470721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 42.200.168.236 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.200.168.236"; classtype:trojan-activity; sid:37470731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 178.32.197.94 any -> $HOME_NET any (msg: "MISP e26553 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.32.197.94"; classtype:trojan-activity; sid:37470861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26553;) alert ip 222.186.13.131 any -> $HOME_NET any (msg: "MISP e26555 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.186.13.131"; classtype:trojan-activity; sid:37471641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26555;) alert ip 205.210.31.105 any -> $HOME_NET any (msg: "MISP e26555 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.105"; classtype:trojan-activity; sid:37471651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26555;) alert ip 213.99.184.154 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.99.184.154"; classtype:trojan-activity; sid:37470741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 104.236.1.59 any -> $HOME_NET any (msg: "MISP e26553 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.1.59"; classtype:trojan-activity; sid:37470871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26553;) alert ip 51.77.202.84 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.77.202.84"; classtype:trojan-activity; sid:37471011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 45.168.176.35 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance] Incoming From IP: 45.168.176.35"; classtype:trojan-activity; sid:37471021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 211.244.200.220 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.244.200.220"; classtype:trojan-activity; sid:37470751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 42.100.59.49 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.59.49"; classtype:trojan-activity; sid:37470761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 223.8.4.7 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.4.7"; classtype:trojan-activity; sid:37470771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 43.156.84.147 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.84.147"; classtype:trojan-activity; sid:37471031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 129.226.147.203 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.147.203"; classtype:trojan-activity; sid:37471041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.153.69.156 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.69.156"; classtype:trojan-activity; sid:37471051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.134.76.213 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.76.213"; classtype:trojan-activity; sid:37471061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 218.71.49.41 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.71.49.41"; classtype:trojan-activity; sid:37470781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 43.128.81.123 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.81.123"; classtype:trojan-activity; sid:37471071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.134.190.57 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.190.57"; classtype:trojan-activity; sid:37471081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 85.192.63.68 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.192.63.68"; classtype:trojan-activity; sid:37471091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.134.111.177 any -> $HOME_NET any (msg: "MISP e26554 [] Incoming From IP: 43.134.111.177"; classtype:trojan-activity; sid:37471101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 180.95.231.223 any -> $HOME_NET any (msg: "MISP e26552 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.95.231.223"; classtype:trojan-activity; sid:37470831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26552;) alert ip 43.157.88.137 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.88.137"; classtype:trojan-activity; sid:37471111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 195.133.44.91 any -> $HOME_NET any (msg: "MISP e26554 [] Incoming From IP: 195.133.44.91"; classtype:trojan-activity; sid:37471121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.163.194.204 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.194.204"; classtype:trojan-activity; sid:37471131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 106.13.215.150 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.215.150"; classtype:trojan-activity; sid:37471141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 139.226.161.64 any -> $HOME_NET any (msg: "MISP e26552 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.226.161.64"; classtype:trojan-activity; sid:37470841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26552;) alert ip 92.185.185.129 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.185.185.129"; classtype:trojan-activity; sid:37470791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 123.30.98.134 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.30.98.134"; classtype:trojan-activity; sid:37471151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 218.157.163.203 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.157.163.203"; classtype:trojan-activity; sid:37471161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.153.205.254 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.205.254"; classtype:trojan-activity; sid:37471171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 71.183.150.248 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.183.150.248"; classtype:trojan-activity; sid:37470801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 186.13.43.10 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.13.43.10"; classtype:trojan-activity; sid:37471181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 203.228.7.104 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.228.7.104"; classtype:trojan-activity; sid:37471191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 159.223.149.212 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.149.212"; classtype:trojan-activity; sid:37471201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 5.181.80.126 any -> $HOME_NET any (msg: "MISP e26551 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.181.80.126"; classtype:trojan-activity; sid:37470811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26551;) alert ip 43.131.39.113 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.39.113"; classtype:trojan-activity; sid:37471211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 115.159.205.208 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.205.208"; classtype:trojan-activity; sid:37471221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.134.45.203 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.45.203"; classtype:trojan-activity; sid:37471231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 103.115.104.38 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.115.104.38"; classtype:trojan-activity; sid:37471241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 94.247.130.35 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.247.130.35"; classtype:trojan-activity; sid:37471251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 216.73.161.153 any -> $HOME_NET any (msg: "MISP e26555 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.73.161.153"; classtype:trojan-activity; sid:37471661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26555;) alert ip 43.131.41.29 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.41.29"; classtype:trojan-activity; sid:37471261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.163.238.106 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.238.106"; classtype:trojan-activity; sid:37471271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 167.99.244.220 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.244.220"; classtype:trojan-activity; sid:37471281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 37.44.238.204 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.44.238.204"; classtype:trojan-activity; sid:37471291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 121.188.160.55 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.188.160.55"; classtype:trojan-activity; sid:37471301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.157.90.19 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.90.19"; classtype:trojan-activity; sid:37471311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 159.223.26.253 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.26.253"; classtype:trojan-activity; sid:37471321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 39.105.35.21 any -> $HOME_NET any (msg: "MISP e26554 [] Incoming From IP: 39.105.35.21"; classtype:trojan-activity; sid:37471331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 206.119.117.45 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.119.117.45"; classtype:trojan-activity; sid:37471341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 46.19.143.42 any -> $HOME_NET any (msg: "MISP e26555 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.19.143.42"; classtype:trojan-activity; sid:37471671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26555;) alert ip 128.199.11.157 any -> $HOME_NET any (msg: "MISP e26553 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.11.157"; classtype:trojan-activity; sid:37761301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26553;) alert ip 43.155.147.150 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.147.150"; classtype:trojan-activity; sid:37471351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 60.247.225.32 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.247.225.32"; classtype:trojan-activity; sid:37471361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 46.101.142.246 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.142.246"; classtype:trojan-activity; sid:37471371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 221.120.40.205 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.120.40.205"; classtype:trojan-activity; sid:37471381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.133.35.150 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.35.150"; classtype:trojan-activity; sid:37471391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.153.223.239 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.223.239"; classtype:trojan-activity; sid:37471401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 121.225.23.2 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.225.23.2"; classtype:trojan-activity; sid:37471411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.134.71.84 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.71.84"; classtype:trojan-activity; sid:37471421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 60.251.120.199 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.251.120.199"; classtype:trojan-activity; sid:37471431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 167.172.158.91 any -> $HOME_NET any (msg: "MISP e26553 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.158.91"; classtype:trojan-activity; sid:37761311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26553;) alert ip 43.138.109.80 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.109.80"; classtype:trojan-activity; sid:37471441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 178.253.43.236 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.253.43.236"; classtype:trojan-activity; sid:37471451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 119.188.169.56 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.188.169.56"; classtype:trojan-activity; sid:37471461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.157.42.226 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.42.226"; classtype:trojan-activity; sid:37471471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 198.235.24.101 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.101"; classtype:trojan-activity; sid:37471481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 139.227.161.107 any -> $HOME_NET any (msg: "MISP e26552 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.227.161.107"; classtype:trojan-activity; sid:37761291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26552;) alert ip 129.226.89.47 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.89.47"; classtype:trojan-activity; sid:37471491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 104.131.13.25 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.13.25"; classtype:trojan-activity; sid:37471501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 124.156.201.50 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.201.50"; classtype:trojan-activity; sid:37471511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.158.216.231 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.158.216.231"; classtype:trojan-activity; sid:37471521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.130.246.156 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.246.156"; classtype:trojan-activity; sid:37471531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.134.15.253 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.15.253"; classtype:trojan-activity; sid:37471541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 138.197.15.182 any -> $HOME_NET any (msg: "MISP e26555 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.15.182"; classtype:trojan-activity; sid:37471681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26555;) alert ip 43.134.100.15 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.100.15"; classtype:trojan-activity; sid:37471551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 188.166.89.94 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.89.94"; classtype:trojan-activity; sid:37471561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 47.106.126.55 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.106.126.55"; classtype:trojan-activity; sid:37471571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.163.241.49 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.241.49"; classtype:trojan-activity; sid:37471581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.157.57.113 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.57.113"; classtype:trojan-activity; sid:37471591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 107.9.49.221 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.9.49.221"; classtype:trojan-activity; sid:37471601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.153.4.243 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.4.243"; classtype:trojan-activity; sid:37471611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.153.14.132 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.14.132"; classtype:trojan-activity; sid:37471621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert ip 43.156.69.126 any -> $HOME_NET any (msg: "MISP e26554 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.69.126"; classtype:trojan-activity; sid:37471631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26554;) alert http $HOME_NET any -> 213.248.43.58 $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//213.248.43.58/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms"; flow:to_server,established; http.header; content:"213.248.43.58"; fast_pattern; nocase; http.uri; content:"/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 213.248.43.58 $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//213.248.43.58/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms"; flow:to_server,established; http.header; content:"213.248.43.58"; fast_pattern; nocase; http.uri; content:"/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 213.248.43.58 80 (msg: "MISP e26399 [] Outgoing To IP: 213.248.43.58|80"; classtype:trojan-activity; sid:37503101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//thunderdepthsforger.top"; flow:to_server,established; http.header; content:"thunderdepthsforger.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//cdnstatic.thunderdepthsforger.top"; flow:to_server,established; http.header; content:"cdnstatic.thunderdepthsforger.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//new-bestfortunes.life"; flow:to_server,established; http.header; content:"new-bestfortunes.life"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//canopusacrux.top"; flow:to_server,established; http.header; content:"canopusacrux.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//qltuh.thunderdepthsforger.top"; flow:to_server,established; http.header; content:"qltuh.thunderdepthsforger.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 172.212.163.113 7443 (msg: "MISP e26419 [MICROSOFT-CORP-MSN-AS-BLOCK,Mythic] Outgoing To IP: 172.212.163.113|7443"; classtype:trojan-activity; sid:37292171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [KeitaroTDS,SocGholish] Outgoing URL http|3a|//tnoodlezy.com/y562rjrt"; flow:to_server,established; http.header; content:"tnoodlezy.com"; fast_pattern; nocase; http.uri; content:"/y562rjrt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [VexTrio] Outgoing URL http|3a|//cdnstatic.thunderdepthsforger.top"; flow:to_server,established; http.header; content:"cdnstatic.thunderdepthsforger.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [KeitaroTDS,SocGholish] Outgoing URL http|3a|//tnoodlezy.com"; flow:to_server,established; http.header; content:"tnoodlezy.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [VexTrio] Outgoing URL http|3a|//canopusacrux.top"; flow:to_server,established; http.header; content:"canopusacrux.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [VexTrio] Outgoing URL http|3a|//thunderdepthsforger.top"; flow:to_server,established; http.header; content:"thunderdepthsforger.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [VexTrio] Outgoing URL http|3a|//qltuh.thunderdepthsforger.top"; flow:to_server,established; http.header; content:"qltuh.thunderdepthsforger.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [VexTrio] Outgoing URL http|3a|//new-bestfortunes.life"; flow:to_server,established; http.header; content:"new-bestfortunes.life"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 45.59.118.25 80 (msg: "MISP e26419 [Havoc,ROUTERHOSTING] Outgoing To IP: 45.59.118.25|80"; classtype:trojan-activity; sid:37292181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 31.117.122.184 2222 (msg: "MISP e26419 [BT-UK-AS BTnet UK Regional network,QakBot] Outgoing To IP: 31.117.122.184|2222"; classtype:trojan-activity; sid:37292191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 31.117.122.184 2222 (msg: "MISP e26399 [] Outgoing To IP: 31.117.122.184|2222"; classtype:trojan-activity; sid:37503161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 45.59.118.25 80 (msg: "MISP e26399 [] Outgoing To IP: 45.59.118.25|80"; classtype:trojan-activity; sid:37503171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//tnoodlezy.com"; flow:to_server,established; http.header; content:"tnoodlezy.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//tnoodlezy.com/Y562RJRt"; flow:to_server,established; http.header; content:"tnoodlezy.com"; fast_pattern; nocase; http.uri; content:"/Y562RJRt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 172.212.163.113 7443 (msg: "MISP e26399 [] Outgoing To IP: 172.212.163.113|7443"; classtype:trojan-activity; sid:37503201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 139.198.160.133 59900 (msg: "MISP e26419 [Supershell,YUNIFY-NET Yunify Technologies Inc.] Outgoing To IP: 139.198.160.133|59900"; classtype:trojan-activity; sid:37292201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 175.110.115.65 80 (msg: "MISP e26419 [Meduza Stealer,WORLDSTREAM] Outgoing To IP: 175.110.115.65|80"; classtype:trojan-activity; sid:37292211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 91.92.246.233 2897 (msg: "MISP e26419 [RedLineStealer] Outgoing To IP: 91.92.246.233|2897"; classtype:trojan-activity; sid:37292221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 91.92.246.233 2897 (msg: "MISP e26399 [] Outgoing To IP: 91.92.246.233|2897"; classtype:trojan-activity; sid:37503211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 175.110.115.65 80 (msg: "MISP e26399 [] Outgoing To IP: 175.110.115.65|80"; classtype:trojan-activity; sid:37503221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 139.198.160.133 59900 (msg: "MISP e26399 [] Outgoing To IP: 139.198.160.133|59900"; classtype:trojan-activity; sid:37503231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain cheatlab.live"; dns.query; content:"cheatlab.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])cheatlab\.live$/i"; classtype:trojan-activity; sid:37503241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain cheatlab.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cheatlab.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cheatlab\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain usaglobalnews.com"; dns.query; content:"usaglobalnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])usaglobalnews\.com$/i"; classtype:trojan-activity; sid:37503271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain usaglobalnews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usaglobalnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usaglobalnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain topglobaltv.com"; dns.query; content:"topglobaltv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])topglobaltv\.com$/i"; classtype:trojan-activity; sid:37503281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain topglobaltv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topglobaltv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topglobaltv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain startupmartec.net"; dns.query; content:"startupmartec.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])startupmartec\.net$/i"; classtype:trojan-activity; sid:37503291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain startupmartec.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"startupmartec.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])startupmartec\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 154.12.224.251 $HTTP_PORTS (msg: "MISP e26598 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//154.12.224.251/serv.php"; flow:to_server,established; http.header; content:"154.12.224.251"; fast_pattern; nocase; http.uri; content:"/serv.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26598;) alert http $HOME_NET any -> 172.16.1.3 5357 (msg: "MISP e26598 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//172.16.1.3|3a|5357/048da2fc-03cd-4f4f-9037-fcd5f0ea1411/"; flow:to_server,established; http.header; content:"172.16.1.3"; fast_pattern; nocase; http.uri; content:"/048da2fc-03cd-4f4f-9037-fcd5f0ea1411/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26598;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26598 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//laispremoldados.com.br/site/php/"; flow:to_server,established; http.header; content:"laispremoldados.com.br"; fast_pattern; nocase; http.uri; content:"/site/php/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26598;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26598 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//laispremoldados.com.br/site/php/contador.php"; flow:to_server,established; http.header; content:"laispremoldados.com.br"; fast_pattern; nocase; http.uri; content:"/site/php/contador.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26598;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26598 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//laispremoldados.com.br/site/c.php"; flow:to_server,established; http.header; content:"laispremoldados.com.br"; fast_pattern; nocase; http.uri; content:"/site/c.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26598;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26598 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//laispremoldados.com.br/site/s/nfe.php?file=nf3_20_24_br.zip"; flow:to_server,established; http.header; content:"laispremoldados.com.br"; fast_pattern; nocase; http.uri; content:"/site/s/nfe.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26598;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26598 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//laispremoldados.com.br/site/s/n"; flow:to_server,established; http.header; content:"laispremoldados.com.br"; fast_pattern; nocase; http.uri; content:"/site/s/n"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26598;) alert dns any any -> any any (msg: "MISP e26399 [] Domain gspiceyl.com"; dns.query; content:"gspiceyl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gspiceyl\.com$/i"; classtype:trojan-activity; sid:37503431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain gspiceyl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gspiceyl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gspiceyl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26419 [Loki] Outgoing URL http|3a|//www.makeyourbrandz.com/xwork/panel/five/fre.php"; flow:to_server,established; http.header; content:"www.makeyourbrandz.com"; fast_pattern; nocase; http.uri; content:"/xwork/panel/five/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26399 [] Outgoing URL http|3a|//www.makeyourbrandz.com/xwork/Panel/five/fre.php"; flow:to_server,established; http.header; content:"www.makeyourbrandz.com"; fast_pattern; nocase; http.uri; content:"/xwork/Panel/five/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain snackfunp.com"; dns.query; content:"snackfunp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])snackfunp\.com$/i"; classtype:trojan-activity; sid:37503461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain snackfunp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"snackfunp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])snackfunp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 49.13.89.187 3306 (msg: "MISP e26419 [RedLineStealer] Outgoing To IP: 49.13.89.187|3306"; classtype:trojan-activity; sid:37292241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 49.13.89.187 3306 (msg: "MISP e26399 [] Outgoing To IP: 49.13.89.187|3306"; classtype:trojan-activity; sid:37503471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26419 [CobaltStrike,cs-watermark-1357776117,DIGITALOCEAN-ASN] Domain cb.1ancast3r.top"; dns.query; content:"cb.1ancast3r.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])cb\.1ancast3r\.top$/i"; classtype:trojan-activity; sid:37292261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [CobaltStrike,cs-watermark-1357776117,DIGITALOCEAN-ASN] Outgoing HTTP Domain cb.1ancast3r.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cb.1ancast3r.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cb\.1ancast3r\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 138.68.40.6 443 (msg: "MISP e26419 [CobaltStrike,cs-watermark-1357776117,DIGITALOCEAN-ASN] Outgoing To IP: 138.68.40.6|443"; classtype:trojan-activity; sid:37292271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 138.68.40.6 443 (msg: "MISP e26399 [] Outgoing To IP: 138.68.40.6|443"; classtype:trojan-activity; sid:37503481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain cb.1ancast3r.top"; dns.query; content:"cb.1ancast3r.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])cb\.1ancast3r\.top$/i"; classtype:trojan-activity; sid:37503501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain cb.1ancast3r.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cb.1ancast3r.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cb\.1ancast3r\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain saturnexa.com"; dns.query; content:"saturnexa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])saturnexa\.com$/i"; classtype:trojan-activity; sid:37503511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain saturnexa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saturnexa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saturnexa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET 53092 (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//msupdate.brazilsouth.cloudapp.azure.com|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"msupdate.brazilsouth.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET 53092 (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//www2.itaberabanoticias.com|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"www2.itaberabanoticias.com"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Domain www2.itaberabanoticias.com"; dns.query; content:"www2.itaberabanoticias.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www2\.itaberabanoticias\.com$/i"; classtype:trojan-activity; sid:37292301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain www2.itaberabanoticias.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www2.itaberabanoticias.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www2\.itaberabanoticias\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET 53092 (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//www.itaberabanoticias.com|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"www.itaberabanoticias.com"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Domain www.itaberabanoticias.com"; dns.query; content:"www.itaberabanoticias.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.itaberabanoticias\.com$/i"; classtype:trojan-activity; sid:37292321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain www.itaberabanoticias.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.itaberabanoticias.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.itaberabanoticias\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 40.86.174.181 53092 (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//40.86.174.181|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"40.86.174.181"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 23.101.122.219 53092 (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//23.101.122.219|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"23.101.122.219"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> 13.82.186.9 53092 (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//13.82.186.9|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"13.82.186.9"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET 53092 (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//teamsupd.azurewebsites.net|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"teamsupd.azurewebsites.net"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37292361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert dns any any -> any any (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Domain teamsupd.azurewebsites.net"; dns.query; content:"teamsupd.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])teamsupd\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37292371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain teamsupd.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"teamsupd.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])teamsupd\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert http $HOME_NET any -> $EXTERNAL_NET 53092 (msg: "MISP e26399 [] Outgoing URL http|3a|//teamsupd.azurewebsites.net|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"teamsupd.azurewebsites.net"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain teamsupd.azurewebsites.net"; dns.query; content:"teamsupd.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])teamsupd\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37503531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain teamsupd.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"teamsupd.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])teamsupd\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 23.101.122.219 53092 (msg: "MISP e26399 [] Outgoing URL http|3a|//23.101.122.219|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"23.101.122.219"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 13.82.186.9 53092 (msg: "MISP e26399 [] Outgoing URL http|3a|//13.82.186.9|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"13.82.186.9"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain www.itaberabanoticias.com"; dns.query; content:"www.itaberabanoticias.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.itaberabanoticias\.com$/i"; classtype:trojan-activity; sid:37503561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain www.itaberabanoticias.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.itaberabanoticias.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.itaberabanoticias\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> 40.86.174.181 53092 (msg: "MISP e26399 [] Outgoing URL http|3a|//40.86.174.181|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"40.86.174.181"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET 53092 (msg: "MISP e26399 [] Outgoing URL http|3a|//www.itaberabanoticias.com|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"www.itaberabanoticias.com"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET 53092 (msg: "MISP e26399 [] Outgoing URL http|3a|//www2.itaberabanoticias.com|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"www2.itaberabanoticias.com"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert dns any any -> any any (msg: "MISP e26399 [] Domain www2.itaberabanoticias.com"; dns.query; content:"www2.itaberabanoticias.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www2\.itaberabanoticias\.com$/i"; classtype:trojan-activity; sid:37503601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26399 [] Outgoing HTTP Domain www2.itaberabanoticias.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www2.itaberabanoticias.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www2\.itaberabanoticias\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37503602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert http $HOME_NET any -> $EXTERNAL_NET 53092 (msg: "MISP e26399 [] Outgoing URL http|3a|//msupdate.brazilsouth.cloudapp.azure.com|3a|53092/pkg/b/"; flow:to_server,established; http.header; content:"msupdate.brazilsouth.cloudapp.azure.com"; fast_pattern; nocase; http.uri; content:"/pkg/b/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37503611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26399;) alert ip $HOME_NET any -> 159.112.177.137 53092 (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,ORACLE-BMC-31898] Outgoing To IP: 159.112.177.137|53092"; classtype:trojan-activity; sid:37292381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 20.226.21.146 53092 (msg: "MISP e26419 [CobaltStrike,cs-watermark-410617911,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.226.21.146|53092"; classtype:trojan-activity; sid:37292391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26419;) alert ip $HOME_NET any -> 20.226.21.146 53092 (msg: "MISP e26674 [CobaltStrike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing To IP: 20.226.21.146|53092"; classtype:trojan-activity; sid:37499191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 159.112.177.137 53092 (msg: "MISP e26674 [CobaltStrike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing To IP: 159.112.177.137|53092"; classtype:trojan-activity; sid:37499201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 103.28.32.56 2023 (msg: "MISP e26674 [] Outgoing To IP: 103.28.32.56|2023"; classtype:trojan-activity; sid:37499231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain net-killer.servehttp.com"; dns.query; content:"net-killer.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com$/i"; classtype:trojan-activity; sid:37499241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain net-killer.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"net-killer.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37499242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 88.198.108.242 443 (msg: "MISP e26430 [c2,Vidar] Outgoing To IP: 88.198.108.242|443"; classtype:trojan-activity; sid:37293421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 95.216.177.94 80 (msg: "MISP e26430 [c2,Vidar] Outgoing To IP: 95.216.177.94|80"; classtype:trojan-activity; sid:37293431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 45.14.244.72 80 (msg: "MISP e26430 [c2,recordbreaker] Outgoing To IP: 45.14.244.72|80"; classtype:trojan-activity; sid:37293441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 194.116.173.154 80 (msg: "MISP e26430 [c2,recordbreaker] Outgoing To IP: 194.116.173.154|80"; classtype:trojan-activity; sid:37293451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 193.233.132.193 8081 (msg: "MISP e26430 [c2,Risepro] Outgoing To IP: 193.233.132.193|8081"; classtype:trojan-activity; sid:37293461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 154.91.83.163 80 (msg: "MISP e26430 [c2,hook] Outgoing To IP: 154.91.83.163|80"; classtype:trojan-activity; sid:37293471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 187.135.85.245 1801 (msg: "MISP e26430 [c2,darkcomet] Outgoing To IP: 187.135.85.245|1801"; classtype:trojan-activity; sid:37293481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 187.135.85.245 2077 (msg: "MISP e26430 [c2,darkcomet] Outgoing To IP: 187.135.85.245|2077"; classtype:trojan-activity; sid:37293491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 187.135.85.245 1962 (msg: "MISP e26430 [c2,darkcomet] Outgoing To IP: 187.135.85.245|1962"; classtype:trojan-activity; sid:37293501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 187.135.85.245 2281 (msg: "MISP e26430 [c2,darkcomet] Outgoing To IP: 187.135.85.245|2281"; classtype:trojan-activity; sid:37293511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 47.93.254.171 5470 (msg: "MISP e26430 [c2,cobalt_strike] Outgoing To IP: 47.93.254.171|5470"; classtype:trojan-activity; sid:37293521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 47.94.120.34 65521 (msg: "MISP e26430 [c2,cobalt_strike] Outgoing To IP: 47.94.120.34|65521"; classtype:trojan-activity; sid:37293531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 43.129.239.195 61111 (msg: "MISP e26430 [c2,cobalt_strike] Outgoing To IP: 43.129.239.195|61111"; classtype:trojan-activity; sid:37293541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 193.17.92.248 45451 (msg: "MISP e26430 [c2,cobalt_strike] Outgoing To IP: 193.17.92.248|45451"; classtype:trojan-activity; sid:37293551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 198.244.144.231 50050 (msg: "MISP e26430 [c2,cobalt_strike] Outgoing To IP: 198.244.144.231|50050"; classtype:trojan-activity; sid:37293561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 124.223.62.233 50050 (msg: "MISP e26430 [c2,cobalt_strike] Outgoing To IP: 124.223.62.233|50050"; classtype:trojan-activity; sid:37293571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 114.115.210.125 50050 (msg: "MISP e26430 [c2,cobalt_strike] Outgoing To IP: 114.115.210.125|50050"; classtype:trojan-activity; sid:37293581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 192.3.189.182 51938 (msg: "MISP e26430 [c2,cobalt_strike] Outgoing To IP: 192.3.189.182|51938"; classtype:trojan-activity; sid:37293591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 115.159.102.112 8778 (msg: "MISP e26430 [c2,cobalt_strike] Outgoing To IP: 115.159.102.112|8778"; classtype:trojan-activity; sid:37293601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 101.200.172.125 50050 (msg: "MISP e26430 [c2,cobalt_strike] Outgoing To IP: 101.200.172.125|50050"; classtype:trojan-activity; sid:37293611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 101.200.172.125 50050 (msg: "MISP e26674 [] Outgoing To IP: 101.200.172.125|50050"; classtype:trojan-activity; sid:37499251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 115.159.102.112 8778 (msg: "MISP e26674 [] Outgoing To IP: 115.159.102.112|8778"; classtype:trojan-activity; sid:37499261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 192.3.189.182 51938 (msg: "MISP e26674 [] Outgoing To IP: 192.3.189.182|51938"; classtype:trojan-activity; sid:37499271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 114.115.210.125 50050 (msg: "MISP e26674 [] Outgoing To IP: 114.115.210.125|50050"; classtype:trojan-activity; sid:37499281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 124.223.62.233 50050 (msg: "MISP e26674 [] Outgoing To IP: 124.223.62.233|50050"; classtype:trojan-activity; sid:37499291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 198.244.144.231 50050 (msg: "MISP e26674 [] Outgoing To IP: 198.244.144.231|50050"; classtype:trojan-activity; sid:37499301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 193.17.92.248 45451 (msg: "MISP e26674 [] Outgoing To IP: 193.17.92.248|45451"; classtype:trojan-activity; sid:37499311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 43.129.239.195 61111 (msg: "MISP e26674 [] Outgoing To IP: 43.129.239.195|61111"; classtype:trojan-activity; sid:37499321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 47.94.120.34 65521 (msg: "MISP e26674 [] Outgoing To IP: 47.94.120.34|65521"; classtype:trojan-activity; sid:37499331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 47.93.254.171 5470 (msg: "MISP e26674 [] Outgoing To IP: 47.93.254.171|5470"; classtype:trojan-activity; sid:37499341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 187.135.85.245 2281 (msg: "MISP e26674 [] Outgoing To IP: 187.135.85.245|2281"; classtype:trojan-activity; sid:37499351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 187.135.85.245 1962 (msg: "MISP e26674 [] Outgoing To IP: 187.135.85.245|1962"; classtype:trojan-activity; sid:37499361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 187.135.85.245 2077 (msg: "MISP e26674 [] Outgoing To IP: 187.135.85.245|2077"; classtype:trojan-activity; sid:37499371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 187.135.85.245 1801 (msg: "MISP e26674 [] Outgoing To IP: 187.135.85.245|1801"; classtype:trojan-activity; sid:37499381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 154.91.83.163 80 (msg: "MISP e26674 [] Outgoing To IP: 154.91.83.163|80"; classtype:trojan-activity; sid:37499391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 193.233.132.193 8081 (msg: "MISP e26674 [] Outgoing To IP: 193.233.132.193|8081"; classtype:trojan-activity; sid:37499401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 194.116.173.154 80 (msg: "MISP e26674 [] Outgoing To IP: 194.116.173.154|80"; classtype:trojan-activity; sid:37499411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 45.14.244.72 80 (msg: "MISP e26674 [] Outgoing To IP: 45.14.244.72|80"; classtype:trojan-activity; sid:37499421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 95.216.177.94 80 (msg: "MISP e26674 [] Outgoing To IP: 95.216.177.94|80"; classtype:trojan-activity; sid:37499431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 88.198.108.242 443 (msg: "MISP e26674 [] Outgoing To IP: 88.198.108.242|443"; classtype:trojan-activity; sid:37499441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 103.114.104.158 1663 (msg: "MISP e26430 [NanoCore,RAT] Outgoing To IP: 103.114.104.158|1663"; classtype:trojan-activity; sid:37293621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 103.114.104.158 1663 (msg: "MISP e26674 [] Outgoing To IP: 103.114.104.158|1663"; classtype:trojan-activity; sid:37499451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 45.40.96.169 60144 (msg: "MISP e26598 [c2,diamond-model:Infrastructure] Outgoing To IP: 45.40.96.169|60144"; classtype:trojan-activity; sid:37487171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26598;) alert ip $HOME_NET any -> 49.13.89.187 443 (msg: "MISP e26430 [RedLineStealer] Outgoing To IP: 49.13.89.187|443"; classtype:trojan-activity; sid:37293631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 49.13.89.187 443 (msg: "MISP e26674 [] Outgoing To IP: 49.13.89.187|443"; classtype:trojan-activity; sid:37499461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26557 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//dlink.metallc.top/pages/virginzx.exe"; flow:to_server,established; http.header; content:"dlink.metallc.top"; fast_pattern; nocase; http.uri; content:"/pages/virginzx.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37471731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26557;) alert dns any any -> any any (msg: "MISP e26430 [BlackBasta] Domain startupmartec.net"; dns.query; content:"startupmartec.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])startupmartec\.net$/i"; classtype:trojan-activity; sid:37293301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [BlackBasta] Outgoing HTTP Domain startupmartec.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"startupmartec.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])startupmartec\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37293302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert dns any any -> any any (msg: "MISP e26430 [BlackBasta] Domain topglobaltv.com"; dns.query; content:"topglobaltv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])topglobaltv\.com$/i"; classtype:trojan-activity; sid:37293291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [BlackBasta] Outgoing HTTP Domain topglobaltv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topglobaltv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topglobaltv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37293292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert dns any any -> any any (msg: "MISP e26430 [BlackBasta] Domain usaglobalnews.com"; dns.query; content:"usaglobalnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])usaglobalnews\.com$/i"; classtype:trojan-activity; sid:37293281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [BlackBasta] Outgoing HTTP Domain usaglobalnews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usaglobalnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usaglobalnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37293282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert dns any any -> any any (msg: "MISP e26430 [KeitaroTDS,SocGholish] Domain gspiceyl.com"; dns.query; content:"gspiceyl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gspiceyl\.com$/i"; classtype:trojan-activity; sid:37293321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [KeitaroTDS,SocGholish] Outgoing HTTP Domain gspiceyl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gspiceyl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gspiceyl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37293322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert dns any any -> any any (msg: "MISP e26430 [KeitaroTDS,SocGholish] Domain snackfunp.com"; dns.query; content:"snackfunp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])snackfunp\.com$/i"; classtype:trojan-activity; sid:37293341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [KeitaroTDS,SocGholish] Outgoing HTTP Domain snackfunp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"snackfunp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])snackfunp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37293342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert dns any any -> any any (msg: "MISP e26430 [] Domain saturnexa.com"; dns.query; content:"saturnexa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])saturnexa\.com$/i"; classtype:trojan-activity; sid:37293361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [] Outgoing HTTP Domain saturnexa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saturnexa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saturnexa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37293362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 80.66.89.102 $HTTP_PORTS (msg: "MISP e26430 [dcrat] Outgoing URL http|3a|//80.66.89.102/poll8trafficcpu/gameflowerlocal/update/cpugeneratortotrack/testpipe/secure/datalifecpu/uploads5/93image0/downloadsproton6/providercpusqlflowerasynclocaluploads.php"; flow:to_server,established; http.header; content:"80.66.89.102"; fast_pattern; nocase; http.uri; content:"/poll8trafficcpu/gameflowerlocal/update/cpugeneratortotrack/testpipe/secure/datalifecpu/uploads5/93image0/downloadsproton6/providercpusqlflowerasynclocaluploads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37293641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 80.66.89.102 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//80.66.89.102/poll8trafficcpu/gameFlowerLocal/update/CpugeneratorTotrack/Testpipe/Secure/DatalifeCpu/Uploads5/93Image0/downloadsProton6/providercpuSqlflowerasynclocaluploads.php"; flow:to_server,established; http.header; content:"80.66.89.102"; fast_pattern; nocase; http.uri; content:"/poll8trafficcpu/gameFlowerLocal/update/CpugeneratorTotrack/Testpipe/Secure/DatalifeCpu/Uploads5/93Image0/downloadsProton6/providercpuSqlflowerasynclocaluploads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 185.196.9.214 445 (msg: "MISP e26430 [SIMPLECARRIER,sliver] Outgoing To IP: 185.196.9.214|445"; classtype:trojan-activity; sid:37293651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 34.82.156.114 7443 (msg: "MISP e26430 [GOOGLE-CLOUD-PLATFORM,Mythic] Outgoing To IP: 34.82.156.114|7443"; classtype:trojan-activity; sid:37293661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 157.90.120.132 7443 (msg: "MISP e26430 [HETZNER-AS,Mythic] Outgoing To IP: 157.90.120.132|7443"; classtype:trojan-activity; sid:37293671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 34.138.61.159 443 (msg: "MISP e26430 [Deimos,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.138.61.159|443"; classtype:trojan-activity; sid:37293681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 45.55.200.153 443 (msg: "MISP e26430 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 45.55.200.153|443"; classtype:trojan-activity; sid:37293691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 88.214.25.240 443 (msg: "MISP e26430 [Havoc,HGCOMP-ASN] Outgoing To IP: 88.214.25.240|443"; classtype:trojan-activity; sid:37293701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 13.233.144.170 80 (msg: "MISP e26430 [AMAZON-02,Havoc] Outgoing To IP: 13.233.144.170|80"; classtype:trojan-activity; sid:37293711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 34.76.179.109 443 (msg: "MISP e26430 [GOOGLE-CLOUD-PLATFORM,Havoc] Outgoing To IP: 34.76.179.109|443"; classtype:trojan-activity; sid:37293721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 209.94.58.96 445 (msg: "MISP e26430 [Responder,UPCLOUDUSA] Outgoing To IP: 209.94.58.96|445"; classtype:trojan-activity; sid:37293731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 118.38.132.38 443 (msg: "MISP e26430 [KIXS-AS-KR Korea Telecom,QakBot] Outgoing To IP: 118.38.132.38|443"; classtype:trojan-activity; sid:37293741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 2.49.60.224 2222 (msg: "MISP e26430 [EMIRATES-INTERNET Emirates Internet,QakBot] Outgoing To IP: 2.49.60.224|2222"; classtype:trojan-activity; sid:37293751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 70.31.125.111 2222 (msg: "MISP e26430 [BACOM,QakBot] Outgoing To IP: 70.31.125.111|2222"; classtype:trojan-activity; sid:37293761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 78.101.28.103 443 (msg: "MISP e26430 [GCC-MPLS-PEERING GCC MPLS peering,QakBot] Outgoing To IP: 78.101.28.103|443"; classtype:trojan-activity; sid:37293771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 68.56.172.196 443 (msg: "MISP e26430 [COMCAST-7922,QakBot] Outgoing To IP: 68.56.172.196|443"; classtype:trojan-activity; sid:37293781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 197.204.251.116 443 (msg: "MISP e26430 [ALGTEL-AS,QakBot] Outgoing To IP: 197.204.251.116|443"; classtype:trojan-activity; sid:37293791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 79.107.137.189 995 (msg: "MISP e26430 [QakBot,WIND-AS] Outgoing To IP: 79.107.137.189|995"; classtype:trojan-activity; sid:37293801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 41.96.151.65 443 (msg: "MISP e26430 [ALGTEL-AS,QakBot] Outgoing To IP: 41.96.151.65|443"; classtype:trojan-activity; sid:37293811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 197.204.251.116 443 (msg: "MISP e26674 [] Outgoing To IP: 197.204.251.116|443"; classtype:trojan-activity; sid:37499481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 68.56.172.196 443 (msg: "MISP e26674 [] Outgoing To IP: 68.56.172.196|443"; classtype:trojan-activity; sid:37499491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 78.101.28.103 443 (msg: "MISP e26674 [] Outgoing To IP: 78.101.28.103|443"; classtype:trojan-activity; sid:37499501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 70.31.125.111 2222 (msg: "MISP e26674 [] Outgoing To IP: 70.31.125.111|2222"; classtype:trojan-activity; sid:37499511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 2.49.60.224 2222 (msg: "MISP e26674 [] Outgoing To IP: 2.49.60.224|2222"; classtype:trojan-activity; sid:37499521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 118.38.132.38 443 (msg: "MISP e26674 [] Outgoing To IP: 118.38.132.38|443"; classtype:trojan-activity; sid:37499531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 209.94.58.96 445 (msg: "MISP e26674 [] Outgoing To IP: 209.94.58.96|445"; classtype:trojan-activity; sid:37499541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 34.76.179.109 443 (msg: "MISP e26674 [] Outgoing To IP: 34.76.179.109|443"; classtype:trojan-activity; sid:37499551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 13.233.144.170 80 (msg: "MISP e26674 [] Outgoing To IP: 13.233.144.170|80"; classtype:trojan-activity; sid:37499561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 88.214.25.240 443 (msg: "MISP e26674 [] Outgoing To IP: 88.214.25.240|443"; classtype:trojan-activity; sid:37499571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 45.55.200.153 443 (msg: "MISP e26674 [] Outgoing To IP: 45.55.200.153|443"; classtype:trojan-activity; sid:37499581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 34.138.61.159 443 (msg: "MISP e26674 [] Outgoing To IP: 34.138.61.159|443"; classtype:trojan-activity; sid:37499591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 157.90.120.132 7443 (msg: "MISP e26674 [] Outgoing To IP: 157.90.120.132|7443"; classtype:trojan-activity; sid:37499601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 34.82.156.114 7443 (msg: "MISP e26674 [] Outgoing To IP: 34.82.156.114|7443"; classtype:trojan-activity; sid:37499611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 185.196.9.214 445 (msg: "MISP e26674 [] Outgoing To IP: 185.196.9.214|445"; classtype:trojan-activity; sid:37499621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 172.232.186.100 2083 (msg: "MISP e26430 [AKAMAI-LINODE-AP Akamai Connected Cloud,Pikabot] Outgoing To IP: 172.232.186.100|2083"; classtype:trojan-activity; sid:37293821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 172.232.186.100 2083 (msg: "MISP e26674 [] Outgoing To IP: 172.232.186.100|2083"; classtype:trojan-activity; sid:37499631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 41.96.151.65 443 (msg: "MISP e26674 [] Outgoing To IP: 41.96.151.65|443"; classtype:trojan-activity; sid:37499641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 79.107.137.189 995 (msg: "MISP e26674 [] Outgoing To IP: 79.107.137.189|995"; classtype:trojan-activity; sid:37499651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 144.172.113.104 $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//144.172.113.104/byhq2a.php"; flow:to_server,established; http.header; content:"144.172.113.104"; fast_pattern; nocase; http.uri; content:"/byhq2a.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> 144.172.113.104 $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//144.172.113.104/v"; flow:to_server,established; http.header; content:"144.172.113.104"; fast_pattern; nocase; http.uri; content:"/v"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> 144.172.113.104 $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//144.172.113.104/g1"; flow:to_server,established; http.header; content:"144.172.113.104"; fast_pattern; nocase; http.uri; content:"/g1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> 144.172.113.104 $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//144.172.113.104/g2"; flow:to_server,established; http.header; content:"144.172.113.104"; fast_pattern; nocase; http.uri; content:"/g2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> 144.172.113.104 $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//144.172.113.104/g3"; flow:to_server,established; http.header; content:"144.172.113.104"; fast_pattern; nocase; http.uri; content:"/g3"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//cmod01.longmusic.com/jgsea.php"; flow:to_server,established; http.header; content:"cmod01.longmusic.com"; fast_pattern; nocase; http.uri; content:"/jgsea.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> 167.88.166.22 $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//167.88.166.22/v"; flow:to_server,established; http.header; content:"167.88.166.22"; fast_pattern; nocase; http.uri; content:"/v"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> 167.88.166.22 $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//167.88.166.22/g1"; flow:to_server,established; http.header; content:"167.88.166.22"; fast_pattern; nocase; http.uri; content:"/g1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> 167.88.166.22 $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//167.88.166.22/g2"; flow:to_server,established; http.header; content:"167.88.166.22"; fast_pattern; nocase; http.uri; content:"/g2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> 167.88.166.22 $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//167.88.166.22/g3"; flow:to_server,established; http.header; content:"167.88.166.22"; fast_pattern; nocase; http.uri; content:"/g3"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//libertyjm.tempserverjm.shop/"; flow:to_server,established; http.header; content:"libertyjm.tempserverjm.shop"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//libertyjm.tempserverjm.shop/v"; flow:to_server,established; http.header; content:"libertyjm.tempserverjm.shop"; fast_pattern; nocase; http.uri; content:"/v"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//libertyjm.tempserverjm.shop/g1"; flow:to_server,established; http.header; content:"libertyjm.tempserverjm.shop"; fast_pattern; nocase; http.uri; content:"/g1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26597 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//libertyjm.tempserverjm.shop/g3"; flow:to_server,established; http.header; content:"libertyjm.tempserverjm.shop"; fast_pattern; nocase; http.uri; content:"/g3"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37486291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26597;) alert ip $HOME_NET any -> 91.92.252.34 6667 (msg: "MISP e26430 [Tsunami] Outgoing To IP: 91.92.252.34|6667"; classtype:trojan-activity; sid:37293831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 91.92.252.34 6667 (msg: "MISP e26674 [] Outgoing To IP: 91.92.252.34|6667"; classtype:trojan-activity; sid:37499661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 161.35.90.184 1311 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 161.35.90.184|1311"; classtype:trojan-activity; sid:37293881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 165.22.201.172 1288 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 165.22.201.172|1288"; classtype:trojan-activity; sid:37293891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 24.144.81.7 1302 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 24.144.81.7|1302"; classtype:trojan-activity; sid:37293901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 161.35.88.106 1311 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 161.35.88.106|1311"; classtype:trojan-activity; sid:37293861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 161.35.89.255 1311 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 161.35.89.255|1311"; classtype:trojan-activity; sid:37293871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 195.133.88.98 443 (msg: "MISP e26430 [] Outgoing To IP: 195.133.88.98|443"; classtype:trojan-activity; sid:37293841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 91.201.67.85 443 (msg: "MISP e26430 [] Outgoing To IP: 91.201.67.85|443"; classtype:trojan-activity; sid:37293851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 195.133.88.98 443 (msg: "MISP e26674 [] Outgoing To IP: 195.133.88.98|443"; classtype:trojan-activity; sid:37499671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 91.201.67.85 443 (msg: "MISP e26674 [] Outgoing To IP: 91.201.67.85|443"; classtype:trojan-activity; sid:37499681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 161.35.88.106 1311 (msg: "MISP e26674 [] Outgoing To IP: 161.35.88.106|1311"; classtype:trojan-activity; sid:37499691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 161.35.89.255 1311 (msg: "MISP e26674 [] Outgoing To IP: 161.35.89.255|1311"; classtype:trojan-activity; sid:37499701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 161.35.90.184 1311 (msg: "MISP e26674 [] Outgoing To IP: 161.35.90.184|1311"; classtype:trojan-activity; sid:37499711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 165.22.201.172 1288 (msg: "MISP e26674 [] Outgoing To IP: 165.22.201.172|1288"; classtype:trojan-activity; sid:37499721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 24.144.81.7 1302 (msg: "MISP e26674 [] Outgoing To IP: 24.144.81.7|1302"; classtype:trojan-activity; sid:37499731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 85.204.116.128 1287 (msg: "MISP e26674 [] Outgoing To IP: 85.204.116.128|1287"; classtype:trojan-activity; sid:37499741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 87.121.112.41 1311 (msg: "MISP e26674 [] Outgoing To IP: 87.121.112.41|1311"; classtype:trojan-activity; sid:37499751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 94.131.13.80 1311 (msg: "MISP e26674 [] Outgoing To IP: 94.131.13.80|1311"; classtype:trojan-activity; sid:37499761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 20.187.91.63 59413 (msg: "MISP e26674 [] Outgoing To IP: 20.187.91.63|59413"; classtype:trojan-activity; sid:37499771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 85.204.116.230 1311 (msg: "MISP e26674 [] Outgoing To IP: 85.204.116.230|1311"; classtype:trojan-activity; sid:37499781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 85.204.116.231 1288 (msg: "MISP e26674 [] Outgoing To IP: 85.204.116.231|1288"; classtype:trojan-activity; sid:37499791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 87.121.112.29 1311 (msg: "MISP e26674 [] Outgoing To IP: 87.121.112.29|1311"; classtype:trojan-activity; sid:37499801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 198.44.187.12 any (msg: "MISP e26577 [] Outgoing To IP: 198.44.187.12"; classtype:trojan-activity; sid:37480271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 103.82.243.5 any (msg: "MISP e26577 [] Outgoing To IP: 103.82.243.5"; classtype:trojan-activity; sid:37480281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 86.38.225.106 any (msg: "MISP e26577 [] Outgoing To IP: 86.38.225.106"; classtype:trojan-activity; sid:37480291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 178.18.246.136 any (msg: "MISP e26577 [] Outgoing To IP: 178.18.246.136"; classtype:trojan-activity; sid:37480301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 86.38.225.105 any (msg: "MISP e26577 [] Outgoing To IP: 86.38.225.105"; classtype:trojan-activity; sid:37480311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 45.32.21.184 any (msg: "MISP e26577 [] Outgoing To IP: 45.32.21.184"; classtype:trojan-activity; sid:37480321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 108.61.78.17 any (msg: "MISP e26577 [] Outgoing To IP: 108.61.78.17"; classtype:trojan-activity; sid:37480331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 37.60.242.85 any (msg: "MISP e26577 [] Outgoing To IP: 37.60.242.85"; classtype:trojan-activity; sid:37480341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 23.226.138.161 any (msg: "MISP e26577 [] Outgoing To IP: 23.226.138.161"; classtype:trojan-activity; sid:37480351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 45.32.248.100 any (msg: "MISP e26577 [] Outgoing To IP: 45.32.248.100"; classtype:trojan-activity; sid:37480361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 104.156.233.235 any (msg: "MISP e26577 [] Outgoing To IP: 104.156.233.235"; classtype:trojan-activity; sid:37480371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 86.38.225.109 any (msg: "MISP e26577 [] Outgoing To IP: 86.38.225.109"; classtype:trojan-activity; sid:37480381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 155.138.147.62 any (msg: "MISP e26577 [] Outgoing To IP: 155.138.147.62"; classtype:trojan-activity; sid:37480391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 95.179.135.3 any (msg: "MISP e26577 [] Outgoing To IP: 95.179.135.3"; classtype:trojan-activity; sid:37480401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 131.153.231.178 any (msg: "MISP e26577 [] Outgoing To IP: 131.153.231.178"; classtype:trojan-activity; sid:37480411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 45.76.251.190 any (msg: "MISP e26577 [] Outgoing To IP: 45.76.251.190"; classtype:trojan-activity; sid:37480421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert http $HOME_NET any -> 139.180.191.68 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//139.180.191.68/auth/login"; flow:to_server,established; http.header; content:"139.180.191.68"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 103.241.72.56 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//103.241.72.56/auth/login"; flow:to_server,established; http.header; content:"103.241.72.56"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 212.113.116.110 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//212.113.116.110/auth/login"; flow:to_server,established; http.header; content:"212.113.116.110"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 147.45.40.99 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//147.45.40.99/auth/login"; flow:to_server,established; http.header; content:"147.45.40.99"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 147.45.40.196 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//147.45.40.196/auth/login"; flow:to_server,established; http.header; content:"147.45.40.196"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 5.182.86.194 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//5.182.86.194/auth/login"; flow:to_server,established; http.header; content:"5.182.86.194"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 5.42.73.251 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//5.42.73.251/auth/login"; flow:to_server,established; http.header; content:"5.42.73.251"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 147.45.75.185 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//147.45.75.185/auth/login"; flow:to_server,established; http.header; content:"147.45.75.185"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 2.56.109.134 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//2.56.109.134/auth/login"; flow:to_server,established; http.header; content:"2.56.109.134"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 5.182.87.145 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//5.182.87.145/auth/login"; flow:to_server,established; http.header; content:"5.182.87.145"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 94.228.162.3 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//94.228.162.3/auth/login"; flow:to_server,established; http.header; content:"94.228.162.3"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 45.93.9.108 1311 (msg: "MISP e26674 [] Outgoing To IP: 45.93.9.108|1311"; classtype:trojan-activity; sid:37499921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 45.93.9.119 1311 (msg: "MISP e26674 [] Outgoing To IP: 45.93.9.119|1311"; classtype:trojan-activity; sid:37499931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 45.93.9.98 1311 (msg: "MISP e26674 [] Outgoing To IP: 45.93.9.98|1311"; classtype:trojan-activity; sid:37499941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 79.137.207.35 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//79.137.207.35/auth/login"; flow:to_server,established; http.header; content:"79.137.207.35"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 79.137.207.35 15666 (msg: "MISP e26674 [] Outgoing To IP: 79.137.207.35|15666"; classtype:trojan-activity; sid:37499961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 212.193.11.40 7707 (msg: "MISP e26430 [asyncrat,RAT] Outgoing To IP: 212.193.11.40|7707"; classtype:trojan-activity; sid:37294191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 212.193.11.40 7707 (msg: "MISP e26674 [] Outgoing To IP: 212.193.11.40|7707"; classtype:trojan-activity; sid:37499971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 116.204.110.99 8082 (msg: "MISP e26674 [] Outgoing URL http|3a|//116.204.110.99|3a|8082/login/index"; flow:to_server,established; http.header; content:"116.204.110.99"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 82.157.154.37 8082 (msg: "MISP e26674 [] Outgoing URL http|3a|//82.157.154.37|3a|8082/login/index"; flow:to_server,established; http.header; content:"82.157.154.37"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37499991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 134.122.132.52 8082 (msg: "MISP e26674 [] Outgoing URL http|3a|//134.122.132.52|3a|8082/login/index"; flow:to_server,established; http.header; content:"134.122.132.52"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 134.122.132.23 8082 (msg: "MISP e26674 [] Outgoing URL http|3a|//134.122.132.23|3a|8082/login/index"; flow:to_server,established; http.header; content:"134.122.132.23"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 180.76.179.154 8082 (msg: "MISP e26674 [] Outgoing URL http|3a|//180.76.179.154|3a|8082/login/index"; flow:to_server,established; http.header; content:"180.76.179.154"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 8.134.166.14 8082 (msg: "MISP e26674 [] Outgoing URL http|3a|//8.134.166.14|3a|8082/login/index"; flow:to_server,established; http.header; content:"8.134.166.14"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 164.155.206.126 8082 (msg: "MISP e26674 [] Outgoing URL http|3a|//164.155.206.126|3a|8082/login/index"; flow:to_server,established; http.header; content:"164.155.206.126"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 120.24.179.84 $HTTP_PORTS (msg: "MISP e26430 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//120.24.179.84/j.ad"; flow:to_server,established; http.header; content:"120.24.179.84"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26430 [CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//service-bzbl2uq7-1312255927.bj.apigw.tencentcs.com/fwlink"; flow:to_server,established; http.header; content:"service-bzbl2uq7-1312255927.bj.apigw.tencentcs.com"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//service-bzbl2uq7-1312255927.bj.apigw.tencentcs.com/fwlink"; flow:to_server,established; http.header; content:"service-bzbl2uq7-1312255927.bj.apigw.tencentcs.com"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 120.24.179.84 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//120.24.179.84/j.ad"; flow:to_server,established; http.header; content:"120.24.179.84"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 85.204.116.231 1288 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 85.204.116.231|1288"; classtype:trojan-activity; sid:37293961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 85.204.116.128 1287 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 85.204.116.128|1287"; classtype:trojan-activity; sid:37293971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 85.204.116.230 1311 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 85.204.116.230|1311"; classtype:trojan-activity; sid:37293951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 20.187.91.63 59413 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 20.187.91.63|59413"; classtype:trojan-activity; sid:37293941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 94.131.13.80 1311 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 94.131.13.80|1311"; classtype:trojan-activity; sid:37293931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 87.121.112.29 1311 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 87.121.112.29|1311"; classtype:trojan-activity; sid:37293911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 87.121.112.41 1311 (msg: "MISP e26430 [TBOTNET] Outgoing To IP: 87.121.112.41|1311"; classtype:trojan-activity; sid:37293921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 45.93.9.108 1311 (msg: "MISP e26430 [ALEXHOST,TBOTNET] Outgoing To IP: 45.93.9.108|1311"; classtype:trojan-activity; sid:37294111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 45.93.9.98 1311 (msg: "MISP e26430 [ALEXHOST,TBOTNET] Outgoing To IP: 45.93.9.98|1311"; classtype:trojan-activity; sid:37294101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 45.93.9.119 1311 (msg: "MISP e26430 [ALEXHOST,TBOTNET] Outgoing To IP: 45.93.9.119|1311"; classtype:trojan-activity; sid:37294091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 139.180.191.68 $HTTP_PORTS (msg: "MISP e26430 [panel] Outgoing URL http|3a|//139.180.191.68/auth/login"; flow:to_server,established; http.header; content:"139.180.191.68"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 212.113.116.110 $HTTP_PORTS (msg: "MISP e26430 [panel] Outgoing URL http|3a|//212.113.116.110/auth/login"; flow:to_server,established; http.header; content:"212.113.116.110"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 103.241.72.56 $HTTP_PORTS (msg: "MISP e26430 [panel] Outgoing URL http|3a|//103.241.72.56/auth/login"; flow:to_server,established; http.header; content:"103.241.72.56"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 5.182.86.194 $HTTP_PORTS (msg: "MISP e26430 [panel] Outgoing URL http|3a|//5.182.86.194/auth/login"; flow:to_server,established; http.header; content:"5.182.86.194"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 147.45.40.99 $HTTP_PORTS (msg: "MISP e26430 [panel] Outgoing URL http|3a|//147.45.40.99/auth/login"; flow:to_server,established; http.header; content:"147.45.40.99"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 147.45.40.196 $HTTP_PORTS (msg: "MISP e26430 [panel] Outgoing URL http|3a|//147.45.40.196/auth/login"; flow:to_server,established; http.header; content:"147.45.40.196"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 2.56.109.134 $HTTP_PORTS (msg: "MISP e26430 [panel] Outgoing URL http|3a|//2.56.109.134/auth/login"; flow:to_server,established; http.header; content:"2.56.109.134"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 5.42.73.251 $HTTP_PORTS (msg: "MISP e26430 [panel] Outgoing URL http|3a|//5.42.73.251/auth/login"; flow:to_server,established; http.header; content:"5.42.73.251"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 5.182.87.145 $HTTP_PORTS (msg: "MISP e26430 [panel] Outgoing URL http|3a|//5.182.87.145/auth/login"; flow:to_server,established; http.header; content:"5.182.87.145"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37293991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 147.45.75.185 $HTTP_PORTS (msg: "MISP e26430 [panel] Outgoing URL http|3a|//147.45.75.185/auth/login"; flow:to_server,established; http.header; content:"147.45.75.185"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 94.228.162.3 $HTTP_PORTS (msg: "MISP e26430 [panel] Outgoing URL http|3a|//94.228.162.3/auth/login"; flow:to_server,established; http.header; content:"94.228.162.3"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37293981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 116.204.110.99 8082 (msg: "MISP e26430 [panel,Vshell] Outgoing URL http|3a|//116.204.110.99|3a|8082/login/index"; flow:to_server,established; http.header; content:"116.204.110.99"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 82.157.154.37 8082 (msg: "MISP e26430 [panel,Vshell] Outgoing URL http|3a|//82.157.154.37|3a|8082/login/index"; flow:to_server,established; http.header; content:"82.157.154.37"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 134.122.132.52 8082 (msg: "MISP e26430 [panel,Vshell] Outgoing URL http|3a|//134.122.132.52|3a|8082/login/index"; flow:to_server,established; http.header; content:"134.122.132.52"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 134.122.132.23 8082 (msg: "MISP e26430 [panel,Vshell] Outgoing URL http|3a|//134.122.132.23|3a|8082/login/index"; flow:to_server,established; http.header; content:"134.122.132.23"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 180.76.179.154 8082 (msg: "MISP e26430 [panel,Vshell] Outgoing URL http|3a|//180.76.179.154|3a|8082/login/index"; flow:to_server,established; http.header; content:"180.76.179.154"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 164.155.206.126 8082 (msg: "MISP e26430 [panel,Vshell] Outgoing URL http|3a|//164.155.206.126|3a|8082/login/index"; flow:to_server,established; http.header; content:"164.155.206.126"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 8.134.166.14 8082 (msg: "MISP e26430 [panel,Vshell] Outgoing URL http|3a|//8.134.166.14|3a|8082/login/index"; flow:to_server,established; http.header; content:"8.134.166.14"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 109.107.182.163 $HTTP_PORTS (msg: "MISP e26430 [dcrat] Outgoing URL http|3a|//109.107.182.163/aaaad/httppacketcpubigloadgeneratorwordpressprivatetemporary.php"; flow:to_server,established; http.header; content:"109.107.182.163"; fast_pattern; nocase; http.uri; content:"/aaaad/httppacketcpubigloadgeneratorwordpressprivatetemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 109.107.182.163 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//109.107.182.163/aaaad/httppacketcpubigloadGeneratorWordpressprivateTemporary.php"; flow:to_server,established; http.header; content:"109.107.182.163"; fast_pattern; nocase; http.uri; content:"/aaaad/httppacketcpubigloadGeneratorWordpressprivateTemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26420 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:37292411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26420;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26420 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26420;) alert dns any any -> any any (msg: "MISP e26421 [] Domain patito.theaerie.ca"; dns.query; content:"patito.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37292491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26421;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26421 [] Outgoing HTTP Domain patito.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patito.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26421;) alert dns any any -> any any (msg: "MISP e26422 [] Domain fogape.theaerie.ca"; dns.query; content:"fogape.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37292571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26422;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26422 [] Outgoing HTTP Domain fogape.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fogape.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26422;) alert dns any any -> any any (msg: "MISP e26423 [] Domain banco.estado-acceso.info"; dns.query; content:"banco.estado-acceso.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estado\-acceso\.info$/i"; classtype:trojan-activity; sid:37292661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26423;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26423 [] Outgoing HTTP Domain banco.estado-acceso.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banco.estado-acceso.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estado\-acceso\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26423;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26430 [dcrat] Outgoing URL http|3a|//372451cm.nyashtech.top/geolongpollbaselinuxtraffictrackdatalifetemporary.php"; flow:to_server,established; http.header; content:"372451cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/geolongpollbaselinuxtraffictrackdatalifetemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//372451cm.nyashtech.top/geoLongpollbaselinuxTraffictrackdatalifeTemporary.php"; flow:to_server,established; http.header; content:"372451cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/geoLongpollbaselinuxTraffictrackdatalifeTemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26575 [] Outgoing URL http|3a|//syjks.org/uKNKCRuBiw3EJbjkon.exe"; flow:to_server,established; http.header; content:"syjks.org"; fast_pattern; nocase; http.uri; content:"/uKNKCRuBiw3EJbjkon.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37479791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26575;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26575 [] Source Email Address: isok@showpiece.trillennium.biz"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"isok@showpiece.trillennium.biz"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37479811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26575;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26575 [] Destination Email Address: jitlkaschu@web.de"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"jitlkaschu@web.de"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37479821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26575;) alert dns any any -> any any (msg: "MISP e26575 [] Domain mail.showpiece.trillennium.biz"; dns.query; content:"mail.showpiece.trillennium.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.showpiece\.trillennium\.biz$/i"; classtype:trojan-activity; sid:37479801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26575;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26575 [] Outgoing HTTP Domain mail.showpiece.trillennium.biz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.showpiece.trillennium.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.showpiece\.trillennium\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26575;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26575 [] Destination Email Address: info.superseal@yandex.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"info.superseal@yandex.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37479851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26575;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26575 [] Source Email Address: project@truinfosys.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"project@truinfosys.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37479841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26575;) alert dns any any -> any any (msg: "MISP e26575 [] Domain mail.truinfosys.com"; dns.query; content:"mail.truinfosys.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.truinfosys\.com$/i"; classtype:trojan-activity; sid:37479831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26575;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26575 [] Outgoing HTTP Domain mail.truinfosys.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.truinfosys.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.truinfosys\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26575;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26588 [] Outgoing URL http|3a|//syjks.org/uKNKCRuBiw3EJbjkon.exe"; flow:to_server,established; http.header; content:"syjks.org"; fast_pattern; nocase; http.uri; content:"/uKNKCRuBiw3EJbjkon.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26588;) alert dns any any -> any any (msg: "MISP e26588 [] Domain syjks.org"; dns.query; content:"syjks.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])syjks\.org$/i"; classtype:trojan-activity; sid:37483761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26588;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26588 [] Outgoing HTTP Domain syjks.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"syjks.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])syjks\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37483762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26588;) alert ip $HOME_NET any -> 103.152.79.3 any (msg: "MISP e26588 [] Outgoing To IP: 103.152.79.3"; classtype:trojan-activity; sid:37483763; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26588;) alert ip 103.152.79.3 any -> $HOME_NET any (msg: "MISP e26588 [] Incoming From IP: 103.152.79.3"; classtype:trojan-activity; sid:37483764; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26588;) alert dns any any -> any any (msg: "MISP e26621 [] Domain kusikuyperu.com"; dns.query; content:"kusikuyperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kusikuyperu\.com$/i"; classtype:trojan-activity; sid:37487861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26621;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26621 [] Outgoing HTTP Domain kusikuyperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kusikuyperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kusikuyperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26621;) alert dns any any -> any any (msg: "MISP e26588 [] Hostname mail.truinfosys.com"; dns.query; content:"mail.truinfosys.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.truinfosys\.com$/i"; classtype:trojan-activity; sid:37483781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26588;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26588 [] Outgoing HTTP Hostname mail.truinfosys.com"; flow:to_server,established; http.header; content: "Host|3a| mail.truinfosys.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.truinfosys\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37483782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26588;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26588 [] Source Email Address: project@truinfosys.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"project@truinfosys.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37483791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26588;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26588 [] Destination Email Address: info.superseal@yandex.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"info.superseal@yandex.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37483801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26588;) alert ip $HOME_NET any -> 5.252.176.25 443 (msg: "MISP e26430 [RedLineStealer] Outgoing To IP: 5.252.176.25|443"; classtype:trojan-activity; sid:37294251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 5.252.176.25 443 (msg: "MISP e26674 [] Outgoing To IP: 5.252.176.25|443"; classtype:trojan-activity; sid:37500101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 194.169.175.233 3608 (msg: "MISP e26430 [STRRAT] Outgoing To IP: 194.169.175.233|3608"; classtype:trojan-activity; sid:37294261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 194.169.175.233 3608 (msg: "MISP e26674 [] Outgoing To IP: 194.169.175.233|3608"; classtype:trojan-activity; sid:37500111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 45.156.21.39 3443 (msg: "MISP e26430 [remcos] Outgoing To IP: 45.156.21.39|3443"; classtype:trojan-activity; sid:37294301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 5.181.80.175 38241 (msg: "MISP e26430 [infectedchink.cat,TBOTNET] Outgoing To IP: 5.181.80.175|38241"; classtype:trojan-activity; sid:37294291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 5.181.80.192 38241 (msg: "MISP e26430 [infectedchink.cat,TBOTNET] Outgoing To IP: 5.181.80.192|38241"; classtype:trojan-activity; sid:37294271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 5.181.80.173 38241 (msg: "MISP e26430 [infectedchink.cat,TBOTNET] Outgoing To IP: 5.181.80.173|38241"; classtype:trojan-activity; sid:37294281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 5.181.80.192 38241 (msg: "MISP e26674 [] Outgoing To IP: 5.181.80.192|38241"; classtype:trojan-activity; sid:37500121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 5.181.80.173 38241 (msg: "MISP e26674 [] Outgoing To IP: 5.181.80.173|38241"; classtype:trojan-activity; sid:37500131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 5.181.80.175 38241 (msg: "MISP e26674 [] Outgoing To IP: 5.181.80.175|38241"; classtype:trojan-activity; sid:37500141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 45.156.21.39 3443 (msg: "MISP e26674 [] Outgoing To IP: 45.156.21.39|3443"; classtype:trojan-activity; sid:37500151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26424 [] Domain m1-tarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"m1-tarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])m1\-tarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37292751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26424;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26424 [] Outgoing HTTP Domain m1-tarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"m1-tarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])m1\-tarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26424;) alert dns any any -> any any (msg: "MISP e26425 [] Domain fogape.vkcluster.com"; dns.query; content:"fogape.vkcluster.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.vkcluster\.com$/i"; classtype:trojan-activity; sid:37292851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26425;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26425 [] Outgoing HTTP Domain fogape.vkcluster.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fogape.vkcluster.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fogape\.vkcluster\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26425;) alert dns any any -> any any (msg: "MISP e26426 [] Domain webcestadoempresas.online"; dns.query; content:"webcestadoempresas.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online$/i"; classtype:trojan-activity; sid:37292931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26426;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26426 [] Outgoing HTTP Domain webcestadoempresas.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webcestadoempresas.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37292932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26426;) alert http $HOME_NET any -> 42.193.16.213 9981 (msg: "MISP e26430 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//42.193.16.213|3a|9981/pixel.gif"; flow:to_server,established; http.header; content:"42.193.16.213"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37294311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 42.193.16.213 9981 (msg: "MISP e26674 [] Outgoing URL http|3a|//42.193.16.213|3a|9981/pixel.gif"; flow:to_server,established; http.header; content:"42.193.16.213"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26430 [njrat,RAT] Domain llllllllllllllllllllllllllll.site"; dns.query; content:"llllllllllllllllllllllllllll.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])llllllllllllllllllllllllllll\.site$/i"; classtype:trojan-activity; sid:37294331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [njrat,RAT] Outgoing HTTP Domain llllllllllllllllllllllllllll.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"llllllllllllllllllllllllllll.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])llllllllllllllllllllllllllll\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37294332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 154.197.124.161 2222 (msg: "MISP e26430 [njrat,RAT] Outgoing To IP: 154.197.124.161|2222"; classtype:trojan-activity; sid:37294321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 154.197.124.161 2222 (msg: "MISP e26674 [] Outgoing To IP: 154.197.124.161|2222"; classtype:trojan-activity; sid:37500171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain llllllllllllllllllllllllllll.site"; dns.query; content:"llllllllllllllllllllllllllll.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])llllllllllllllllllllllllllll\.site$/i"; classtype:trojan-activity; sid:37500181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain llllllllllllllllllllllllllll.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"llllllllllllllllllllllllllll.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])llllllllllllllllllllllllllll\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37500182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26622 [] Domain dmlps.top"; dns.query; content:"dmlps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])dmlps\.top$/i"; classtype:trojan-activity; sid:37487911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26622;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26622 [] Outgoing HTTP Domain dmlps.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dmlps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dmlps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26622;) alert ip $HOME_NET any -> 192.177.98.104 1337 (msg: "MISP e26430 [asyncrat] Outgoing To IP: 192.177.98.104|1337"; classtype:trojan-activity; sid:37294341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 192.177.98.104 1337 (msg: "MISP e26674 [] Outgoing To IP: 192.177.98.104|1337"; classtype:trojan-activity; sid:37500191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 154.197.124.161 1111 (msg: "MISP e26674 [] Outgoing To IP: 154.197.124.161|1111"; classtype:trojan-activity; sid:37500231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 154.197.124.161 1111 (msg: "MISP e26430 [] Outgoing To IP: 154.197.124.161|1111"; classtype:trojan-activity; sid:37294391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 20.218.68.91 9552 (msg: "MISP e26674 [] Outgoing To IP: 20.218.68.91|9552"; classtype:trojan-activity; sid:37500251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 46.246.12.14 1995 (msg: "MISP e26674 [] Outgoing To IP: 46.246.12.14|1995"; classtype:trojan-activity; sid:37500261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 46.246.12.14 1994 (msg: "MISP e26674 [] Outgoing To IP: 46.246.12.14|1994"; classtype:trojan-activity; sid:37500271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26430 [AS55990,c2,censys] Domain ecs-124-71-158-221.compute.hwclouds-dns.com"; dns.query; content:"ecs-124-71-158-221.compute.hwclouds-dns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-124\-71\-158\-221\.compute\.hwclouds\-dns\.com$/i"; classtype:trojan-activity; sid:37294421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [AS55990,c2,censys] Outgoing HTTP Domain ecs-124-71-158-221.compute.hwclouds-dns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecs-124-71-158-221.compute.hwclouds-dns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-124\-71\-158\-221\.compute\.hwclouds\-dns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37294422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 47.92.27.147 80 (msg: "MISP e26430 [AS37963,c2,censys] Outgoing To IP: 47.92.27.147|80"; classtype:trojan-activity; sid:37294431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 210.114.11.173 806 (msg: "MISP e26430 [AS4766,c2,censys] Outgoing To IP: 210.114.11.173|806"; classtype:trojan-activity; sid:37294441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 8.148.10.39 8888 (msg: "MISP e26430 [AS37963,c2,censys] Outgoing To IP: 8.148.10.39|8888"; classtype:trojan-activity; sid:37294451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 106.54.227.54 6655 (msg: "MISP e26430 [AS45090,c2,censys] Outgoing To IP: 106.54.227.54|6655"; classtype:trojan-activity; sid:37294461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 104.168.173.70 20000 (msg: "MISP e26430 [AS54290,c2,censys,HOSTWINDS] Outgoing To IP: 104.168.173.70|20000"; classtype:trojan-activity; sid:37294471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 172.233.67.44 1433 (msg: "MISP e26430 [AS63949,c2,censys] Outgoing To IP: 172.233.67.44|1433"; classtype:trojan-activity; sid:37294481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 35.208.198.77 80 (msg: "MISP e26430 [AS15169,c2,censys,GOOGLE] Outgoing To IP: 35.208.198.77|80"; classtype:trojan-activity; sid:37294491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 35.208.198.77 443 (msg: "MISP e26430 [AS15169,c2,censys,GOOGLE] Outgoing To IP: 35.208.198.77|443"; classtype:trojan-activity; sid:37294501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 4.157.160.27 8444 (msg: "MISP e26430 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 4.157.160.27|8444"; classtype:trojan-activity; sid:37294511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 132.145.209.99 443 (msg: "MISP e26430 [AS31898,c2,censys,ORACLE-BMC-31898] Outgoing To IP: 132.145.209.99|443"; classtype:trojan-activity; sid:37294521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 45.134.83.165 8808 (msg: "MISP e26430 [AS6134,c2,censys,RAT,XNNET] Outgoing To IP: 45.134.83.165|8808"; classtype:trojan-activity; sid:37294531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 147.189.172.2 6666 (msg: "MISP e26430 [AS30823,c2,censys,RAT] Outgoing To IP: 147.189.172.2|6666"; classtype:trojan-activity; sid:37294541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 45.40.96.97 9441 (msg: "MISP e26430 [AS270564,c2,censys,RAT] Outgoing To IP: 45.40.96.97|9441"; classtype:trojan-activity; sid:37294551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 193.26.115.221 8808 (msg: "MISP e26430 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 193.26.115.221|8808"; classtype:trojan-activity; sid:37294561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 46.246.82.18 2000 (msg: "MISP e26430 [AS42708,c2,censys,RAT] Outgoing To IP: 46.246.82.18|2000"; classtype:trojan-activity; sid:37294571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 192.250.225.3 8000 (msg: "MISP e26430 [AS14670,c2,censys,RAT,WHG-USE1] Outgoing To IP: 192.250.225.3|8000"; classtype:trojan-activity; sid:37294581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 164.92.238.134 443 (msg: "MISP e26430 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 164.92.238.134|443"; classtype:trojan-activity; sid:37294591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 45.14.247.89 80 (msg: "MISP e26430 [AS44477,c2,censys,HookBot,STARK-INDUSTRIES] Outgoing To IP: 45.14.247.89|80"; classtype:trojan-activity; sid:37294601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert dns any any -> any any (msg: "MISP e26430 [AS399077,c2,censys,HookBot,TERAEXCH] Domain www.qq00.cc"; dns.query; content:"www.qq00.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.qq00\.cc$/i"; classtype:trojan-activity; sid:37294611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [AS399077,c2,censys,HookBot,TERAEXCH] Outgoing HTTP Domain www.qq00.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.qq00.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.qq00\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37294612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 91.92.249.161 80 (msg: "MISP e26430 [AS394711,c2,censys,HookBot,LIMENET] Outgoing To IP: 91.92.249.161|80"; classtype:trojan-activity; sid:37294621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 82.146.52.203 80 (msg: "MISP e26430 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 82.146.52.203|80"; classtype:trojan-activity; sid:37294631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 188.166.194.125 80 (msg: "MISP e26430 [AS14061,c2,censys,DIGITALOCEAN-ASN,HookBot] Outgoing To IP: 188.166.194.125|80"; classtype:trojan-activity; sid:37294641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert dns any any -> any any (msg: "MISP e26430 [AS24940,c2,censys,HETZNER-AS] Domain static.181.200.107.91.clients.your-server.de"; dns.query; content:"static.181.200.107.91.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.181\.200\.107\.91\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37294651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [AS24940,c2,censys,HETZNER-AS] Outgoing HTTP Domain static.181.200.107.91.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.181.200.107.91.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.181\.200\.107\.91\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37294652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 178.62.57.69 80 (msg: "MISP e26430 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 178.62.57.69|80"; classtype:trojan-activity; sid:37294661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 115.74.30.127 8000 (msg: "MISP e26430 [AS7552,c2,censys,RAT] Outgoing To IP: 115.74.30.127|8000"; classtype:trojan-activity; sid:37294671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert dns any any -> any any (msg: "MISP e26430 [AS51167,c2,censys,CONTABO,L3MON] Domain l3mon.emilemilchen.de"; dns.query; content:"l3mon.emilemilchen.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])l3mon\.emilemilchen\.de$/i"; classtype:trojan-activity; sid:37294681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [AS51167,c2,censys,CONTABO,L3MON] Outgoing HTTP Domain l3mon.emilemilchen.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"l3mon.emilemilchen.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])l3mon\.emilemilchen\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37294682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 154.82.85.78 80 (msg: "MISP e26430 [AS399077,c2,censys,TERAEXCH] Outgoing To IP: 154.82.85.78|80"; classtype:trojan-activity; sid:37294691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 74.234.3.141 8080 (msg: "MISP e26430 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 74.234.3.141|8080"; classtype:trojan-activity; sid:37294701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 128.199.116.190 7443 (msg: "MISP e26430 [AS14061,c2,censys,Covenant,DIGITALOCEAN-ASN] Outgoing To IP: 128.199.116.190|7443"; classtype:trojan-activity; sid:37294711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 39.109.86.101 34013 (msg: "MISP e26430 [AS141768,censys,Viper] Outgoing To IP: 39.109.86.101|34013"; classtype:trojan-activity; sid:37294721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 43.131.253.190 60000 (msg: "MISP e26430 [AS132203,censys,Viper] Outgoing To IP: 43.131.253.190|60000"; classtype:trojan-activity; sid:37294731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 49.12.123.28 60000 (msg: "MISP e26430 [AS24940,censys,HETZNER-AS,Viper] Outgoing To IP: 49.12.123.28|60000"; classtype:trojan-activity; sid:37294741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 106.15.234.107 60000 (msg: "MISP e26430 [AS37963,censys,Viper] Outgoing To IP: 106.15.234.107|60000"; classtype:trojan-activity; sid:37294751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert dns any any -> any any (msg: "MISP e26430 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain play.deenpel.com"; dns.query; content:"play.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])play\.deenpel\.com$/i"; classtype:trojan-activity; sid:37294761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain play.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"play.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])play\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37294762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 165.227.68.176 3333 (msg: "MISP e26430 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 165.227.68.176|3333"; classtype:trojan-activity; sid:37294771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 18.210.152.248 443 (msg: "MISP e26430 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 18.210.152.248|443"; classtype:trojan-activity; sid:37294781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 139.59.19.90 3333 (msg: "MISP e26430 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 139.59.19.90|3333"; classtype:trojan-activity; sid:37294791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 170.64.157.219 3333 (msg: "MISP e26430 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 170.64.157.219|3333"; classtype:trojan-activity; sid:37294801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 13.50.203.223 443 (msg: "MISP e26430 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 13.50.203.223|443"; classtype:trojan-activity; sid:37294811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 16.170.251.183 3333 (msg: "MISP e26430 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 16.170.251.183|3333"; classtype:trojan-activity; sid:37294821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 165.227.95.225 1724 (msg: "MISP e26430 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 165.227.95.225|1724"; classtype:trojan-activity; sid:37294831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 51.81.237.25 443 (msg: "MISP e26430 [AS16276,censys,GoPhish,OVH,phishing] Outgoing To IP: 51.81.237.25|443"; classtype:trojan-activity; sid:37294841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 54.92.160.242 443 (msg: "MISP e26430 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 54.92.160.242|443"; classtype:trojan-activity; sid:37294851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 175.24.133.171 3333 (msg: "MISP e26430 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 175.24.133.171|3333"; classtype:trojan-activity; sid:37294861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 20.235.118.171 3333 (msg: "MISP e26430 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.235.118.171|3333"; classtype:trojan-activity; sid:37294871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 3.224.37.105 443 (msg: "MISP e26430 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 3.224.37.105|443"; classtype:trojan-activity; sid:37294881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 3.224.37.105 443 (msg: "MISP e26674 [] Outgoing To IP: 3.224.37.105|443"; classtype:trojan-activity; sid:37500281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 20.235.118.171 3333 (msg: "MISP e26674 [] Outgoing To IP: 20.235.118.171|3333"; classtype:trojan-activity; sid:37500291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 175.24.133.171 3333 (msg: "MISP e26674 [] Outgoing To IP: 175.24.133.171|3333"; classtype:trojan-activity; sid:37500301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 54.92.160.242 443 (msg: "MISP e26674 [] Outgoing To IP: 54.92.160.242|443"; classtype:trojan-activity; sid:37500311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 165.227.95.225 1724 (msg: "MISP e26674 [] Outgoing To IP: 165.227.95.225|1724"; classtype:trojan-activity; sid:37500321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 51.81.237.25 443 (msg: "MISP e26674 [] Outgoing To IP: 51.81.237.25|443"; classtype:trojan-activity; sid:37500331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 16.170.251.183 3333 (msg: "MISP e26674 [] Outgoing To IP: 16.170.251.183|3333"; classtype:trojan-activity; sid:37500341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 13.50.203.223 443 (msg: "MISP e26674 [] Outgoing To IP: 13.50.203.223|443"; classtype:trojan-activity; sid:37500351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 170.64.157.219 3333 (msg: "MISP e26674 [] Outgoing To IP: 170.64.157.219|3333"; classtype:trojan-activity; sid:37500361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 139.59.19.90 3333 (msg: "MISP e26674 [] Outgoing To IP: 139.59.19.90|3333"; classtype:trojan-activity; sid:37500371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 18.210.152.248 443 (msg: "MISP e26674 [] Outgoing To IP: 18.210.152.248|443"; classtype:trojan-activity; sid:37500381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 165.227.68.176 3333 (msg: "MISP e26674 [] Outgoing To IP: 165.227.68.176|3333"; classtype:trojan-activity; sid:37500391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain play.deenpel.com"; dns.query; content:"play.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])play\.deenpel\.com$/i"; classtype:trojan-activity; sid:37500401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain play.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"play.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])play\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37500402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 49.12.123.28 60000 (msg: "MISP e26674 [] Outgoing To IP: 49.12.123.28|60000"; classtype:trojan-activity; sid:37500411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 106.15.234.107 60000 (msg: "MISP e26674 [] Outgoing To IP: 106.15.234.107|60000"; classtype:trojan-activity; sid:37500421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 43.131.253.190 60000 (msg: "MISP e26674 [] Outgoing To IP: 43.131.253.190|60000"; classtype:trojan-activity; sid:37500431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 39.109.86.101 34013 (msg: "MISP e26674 [] Outgoing To IP: 39.109.86.101|34013"; classtype:trojan-activity; sid:37500441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 128.199.116.190 7443 (msg: "MISP e26674 [] Outgoing To IP: 128.199.116.190|7443"; classtype:trojan-activity; sid:37500451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 74.234.3.141 8080 (msg: "MISP e26674 [] Outgoing To IP: 74.234.3.141|8080"; classtype:trojan-activity; sid:37500461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 154.82.85.78 80 (msg: "MISP e26674 [] Outgoing To IP: 154.82.85.78|80"; classtype:trojan-activity; sid:37500471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain l3mon.emilemilchen.de"; dns.query; content:"l3mon.emilemilchen.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])l3mon\.emilemilchen\.de$/i"; classtype:trojan-activity; sid:37500481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain l3mon.emilemilchen.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"l3mon.emilemilchen.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])l3mon\.emilemilchen\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37500482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 115.74.30.127 8000 (msg: "MISP e26674 [] Outgoing To IP: 115.74.30.127|8000"; classtype:trojan-activity; sid:37500491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 178.62.57.69 80 (msg: "MISP e26674 [] Outgoing To IP: 178.62.57.69|80"; classtype:trojan-activity; sid:37500501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain static.181.200.107.91.clients.your-server.de"; dns.query; content:"static.181.200.107.91.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.181\.200\.107\.91\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37500511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain static.181.200.107.91.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.181.200.107.91.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.181\.200\.107\.91\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37500512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 188.166.194.125 80 (msg: "MISP e26674 [] Outgoing To IP: 188.166.194.125|80"; classtype:trojan-activity; sid:37500521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 82.146.52.203 80 (msg: "MISP e26674 [] Outgoing To IP: 82.146.52.203|80"; classtype:trojan-activity; sid:37500531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 91.92.249.161 80 (msg: "MISP e26674 [] Outgoing To IP: 91.92.249.161|80"; classtype:trojan-activity; sid:37500541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain www.qq00.cc"; dns.query; content:"www.qq00.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.qq00\.cc$/i"; classtype:trojan-activity; sid:37500551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain www.qq00.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.qq00.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.qq00\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37500552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 45.14.247.89 80 (msg: "MISP e26674 [] Outgoing To IP: 45.14.247.89|80"; classtype:trojan-activity; sid:37500561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 164.92.238.134 443 (msg: "MISP e26674 [] Outgoing To IP: 164.92.238.134|443"; classtype:trojan-activity; sid:37500571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 192.250.225.3 8000 (msg: "MISP e26674 [] Outgoing To IP: 192.250.225.3|8000"; classtype:trojan-activity; sid:37500581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 46.246.82.18 2000 (msg: "MISP e26674 [] Outgoing To IP: 46.246.82.18|2000"; classtype:trojan-activity; sid:37500591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 193.26.115.221 8808 (msg: "MISP e26674 [] Outgoing To IP: 193.26.115.221|8808"; classtype:trojan-activity; sid:37500601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 45.40.96.97 9441 (msg: "MISP e26674 [] Outgoing To IP: 45.40.96.97|9441"; classtype:trojan-activity; sid:37500611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 45.134.83.165 8808 (msg: "MISP e26674 [] Outgoing To IP: 45.134.83.165|8808"; classtype:trojan-activity; sid:37500621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 147.189.172.2 6666 (msg: "MISP e26674 [] Outgoing To IP: 147.189.172.2|6666"; classtype:trojan-activity; sid:37500631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 132.145.209.99 443 (msg: "MISP e26674 [] Outgoing To IP: 132.145.209.99|443"; classtype:trojan-activity; sid:37500641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 4.157.160.27 8444 (msg: "MISP e26674 [] Outgoing To IP: 4.157.160.27|8444"; classtype:trojan-activity; sid:37500651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 35.208.198.77 443 (msg: "MISP e26674 [] Outgoing To IP: 35.208.198.77|443"; classtype:trojan-activity; sid:37500661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 35.208.198.77 80 (msg: "MISP e26674 [] Outgoing To IP: 35.208.198.77|80"; classtype:trojan-activity; sid:37500671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 172.233.67.44 1433 (msg: "MISP e26674 [] Outgoing To IP: 172.233.67.44|1433"; classtype:trojan-activity; sid:37500681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 104.168.173.70 20000 (msg: "MISP e26674 [] Outgoing To IP: 104.168.173.70|20000"; classtype:trojan-activity; sid:37500691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 106.54.227.54 6655 (msg: "MISP e26674 [] Outgoing To IP: 106.54.227.54|6655"; classtype:trojan-activity; sid:37500701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 8.148.10.39 8888 (msg: "MISP e26674 [] Outgoing To IP: 8.148.10.39|8888"; classtype:trojan-activity; sid:37500711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 210.114.11.173 806 (msg: "MISP e26674 [] Outgoing To IP: 210.114.11.173|806"; classtype:trojan-activity; sid:37500721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 47.92.27.147 80 (msg: "MISP e26674 [] Outgoing To IP: 47.92.27.147|80"; classtype:trojan-activity; sid:37500731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain ecs-124-71-158-221.compute.hwclouds-dns.com"; dns.query; content:"ecs-124-71-158-221.compute.hwclouds-dns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-124\-71\-158\-221\.compute\.hwclouds\-dns\.com$/i"; classtype:trojan-activity; sid:37500741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain ecs-124-71-158-221.compute.hwclouds-dns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecs-124-71-158-221.compute.hwclouds-dns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-124\-71\-158\-221\.compute\.hwclouds\-dns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37500742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e24600 [] Domain realponti.com"; dns.query; content:"realponti.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])realponti\.com$/i"; classtype:trojan-activity; sid:37480491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain realponti.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"realponti.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])realponti\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37480492; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e26430 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Domain dns.freshstartupusa.org"; dns.query; content:"dns.freshstartupusa.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.freshstartupusa\.org$/i"; classtype:trojan-activity; sid:37294901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing HTTP Domain dns.freshstartupusa.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.freshstartupusa.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.freshstartupusa\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37294902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 207.246.74.189 53 (msg: "MISP e26430 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing To IP: 207.246.74.189|53"; classtype:trojan-activity; sid:37294911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert dns any any -> any any (msg: "MISP e24600 [] Domain globalpanelinc.com"; dns.query; content:"globalpanelinc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])globalpanelinc\.com$/i"; classtype:trojan-activity; sid:37480541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain globalpanelinc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"globalpanelinc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])globalpanelinc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37480542; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 207.246.74.189 53 (msg: "MISP e26674 [] Outgoing To IP: 207.246.74.189|53"; classtype:trojan-activity; sid:37500751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain dns.freshstartupusa.org"; dns.query; content:"dns.freshstartupusa.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.freshstartupusa\.org$/i"; classtype:trojan-activity; sid:37500761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain dns.freshstartupusa.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.freshstartupusa.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.freshstartupusa\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37500762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 193.233.255.60 15666 (msg: "MISP e26674 [] Outgoing To IP: 193.233.255.60|15666"; classtype:trojan-activity; sid:37500771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26427 [] Outgoing URL http|3a|//dev-ks-mamun.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-ks-mamun.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37293001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26427;) alert dns any any -> any any (msg: "MISP e26427 [] Domain discountdays.ru"; dns.query; content:"discountdays.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])discountdays\.ru$/i"; classtype:trojan-activity; sid:37293031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26427;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26427 [] Outgoing HTTP Domain discountdays.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"discountdays.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])discountdays\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37293032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26427;) alert ip $HOME_NET any -> 85.195.115.20 any (msg: "MISP e26577 [] Outgoing To IP: 85.195.115.20"; classtype:trojan-activity; sid:37480441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 77.245.76.113 any (msg: "MISP e26577 [] Outgoing To IP: 77.245.76.113"; classtype:trojan-activity; sid:37480451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 46.246.12.14 1995 (msg: "MISP e26430 [] Outgoing To IP: 46.246.12.14|1995"; classtype:trojan-activity; sid:37294401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 20.218.68.91 9552 (msg: "MISP e26430 [infostealer,RedLine,stealer] Outgoing To IP: 20.218.68.91|9552"; classtype:trojan-activity; sid:37294411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 193.233.255.60 15666 (msg: "MISP e26430 [] Outgoing To IP: 193.233.255.60|15666"; classtype:trojan-activity; sid:37294891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 172.96.14.33 6789 (msg: "MISP e26430 [remcos] Outgoing To IP: 172.96.14.33|6789"; classtype:trojan-activity; sid:37294981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 46.183.223.29 2404 (msg: "MISP e26430 [remcos] Outgoing To IP: 46.183.223.29|2404"; classtype:trojan-activity; sid:37294991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 46.183.223.29 2404 (msg: "MISP e26674 [] Outgoing To IP: 46.183.223.29|2404"; classtype:trojan-activity; sid:37500841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 172.96.14.33 6789 (msg: "MISP e26674 [] Outgoing To IP: 172.96.14.33|6789"; classtype:trojan-activity; sid:37500851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26430 [dcrat] Outgoing URL http|3a|//watermjx.beget.tech/l1nc0in.php"; flow:to_server,established; http.header; content:"watermjx.beget.tech"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37295001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//watermjx.beget.tech/L1nc0In.php"; flow:to_server,established; http.header; content:"watermjx.beget.tech"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26428 [] Domain m-tarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"m-tarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])m\-tarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37293121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26428;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26428 [] Outgoing HTTP Domain m-tarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"m-tarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])m\-tarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37293122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26428;) alert ip $HOME_NET any -> 46.246.86.20 415 (msg: "MISP e26430 [njrat] Outgoing To IP: 46.246.86.20|415"; classtype:trojan-activity; sid:37295101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 46.246.86.20 415 (msg: "MISP e26674 [] Outgoing To IP: 46.246.86.20|415"; classtype:trojan-activity; sid:37500961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain prodomainnameeforappru.com"; dns.query; content:"prodomainnameeforappru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])prodomainnameeforappru\.com$/i"; classtype:trojan-activity; sid:37500971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain prodomainnameeforappru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"prodomainnameeforappru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])prodomainnameeforappru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37500972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e26674 [] Outgoing URL http|3a|//prodomainnameeforappru.com|3a|443"; flow:to_server,established; http.header; content:"prodomainnameeforappru.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37500981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain yuya0415.duckdns.org"; dns.query; content:"yuya0415.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])yuya0415\.duckdns\.org$/i"; classtype:trojan-activity; sid:37501011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain yuya0415.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yuya0415.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yuya0415\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37501012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 95.217.244.208 443 (msg: "MISP e26430 [Vidar] Outgoing To IP: 95.217.244.208|443"; classtype:trojan-activity; sid:37295141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 95.217.244.208 9000 (msg: "MISP e26430 [Vidar] Outgoing To IP: 95.217.244.208|9000"; classtype:trojan-activity; sid:37295151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 95.217.244.208 443 (msg: "MISP e26674 [] Outgoing To IP: 95.217.244.208|443"; classtype:trojan-activity; sid:37501021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 95.217.244.208 9000 (msg: "MISP e26674 [] Outgoing To IP: 95.217.244.208|9000"; classtype:trojan-activity; sid:37501031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26430 [dcrat] Outgoing URL http|3a|//88888cl.nyashtyan.top/nyashsupport.php"; flow:to_server,established; http.header; content:"88888cl.nyashtyan.top"; fast_pattern; nocase; http.uri; content:"/nyashsupport.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37295211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//88888cl.nyashtyan.top/nyashsupport.php"; flow:to_server,established; http.header; content:"88888cl.nyashtyan.top"; fast_pattern; nocase; http.uri; content:"/nyashsupport.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26430 [njrat,RAT] Domain yuya0415.duckdns.org"; dns.query; content:"yuya0415.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])yuya0415\.duckdns\.org$/i"; classtype:trojan-activity; sid:37295111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26430 [njrat,RAT] Outgoing HTTP Domain yuya0415.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yuya0415.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yuya0415\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37295112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 128.199.116.190 5000 (msg: "MISP e26430 [Covenant,DIGITALOCEAN-ASN] Outgoing To IP: 128.199.116.190|5000"; classtype:trojan-activity; sid:37295221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 145.82.207.217 443 (msg: "MISP e26430 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 145.82.207.217|443"; classtype:trojan-activity; sid:37295231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 128.199.116.190 5000 (msg: "MISP e26674 [] Outgoing To IP: 128.199.116.190|5000"; classtype:trojan-activity; sid:37501121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 70.31.125.111 2078 (msg: "MISP e26430 [BACOM,QakBot] Outgoing To IP: 70.31.125.111|2078"; classtype:trojan-activity; sid:37295241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 95.7.52.25 443 (msg: "MISP e26430 [QakBot,TTNET] Outgoing To IP: 95.7.52.25|443"; classtype:trojan-activity; sid:37295251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 124.149.139.54 2222 (msg: "MISP e26430 [QakBot,TPG-INTERNET-AP TPG Telecom Limited] Outgoing To IP: 124.149.139.54|2222"; classtype:trojan-activity; sid:37295261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 31.117.25.91 2222 (msg: "MISP e26430 [BT-UK-AS BTnet UK Regional network,QakBot] Outgoing To IP: 31.117.25.91|2222"; classtype:trojan-activity; sid:37295271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 197.204.24.19 443 (msg: "MISP e26430 [ALGTEL-AS,QakBot] Outgoing To IP: 197.204.24.19|443"; classtype:trojan-activity; sid:37295281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 86.98.19.74 443 (msg: "MISP e26430 [EMIRATES-INTERNET Emirates Internet,QakBot] Outgoing To IP: 86.98.19.74|443"; classtype:trojan-activity; sid:37295291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 86.98.19.74 443 (msg: "MISP e26674 [] Outgoing To IP: 86.98.19.74|443"; classtype:trojan-activity; sid:37501131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 197.204.24.19 443 (msg: "MISP e26674 [] Outgoing To IP: 197.204.24.19|443"; classtype:trojan-activity; sid:37501141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 31.117.25.91 2222 (msg: "MISP e26674 [] Outgoing To IP: 31.117.25.91|2222"; classtype:trojan-activity; sid:37501151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 124.149.139.54 2222 (msg: "MISP e26674 [] Outgoing To IP: 124.149.139.54|2222"; classtype:trojan-activity; sid:37501161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 95.7.52.25 443 (msg: "MISP e26674 [] Outgoing To IP: 95.7.52.25|443"; classtype:trojan-activity; sid:37501171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 70.31.125.111 2078 (msg: "MISP e26674 [] Outgoing To IP: 70.31.125.111|2078"; classtype:trojan-activity; sid:37501181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 145.82.207.217 443 (msg: "MISP e26674 [] Outgoing To IP: 145.82.207.217|443"; classtype:trojan-activity; sid:37501191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26430 [dcrat] Outgoing URL http|3a|//a0918108.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0918108.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37295301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip 1.62.160.146 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.62.160.146"; classtype:trojan-activity; sid:37467701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 1.70.127.99 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.70.127.99"; classtype:trojan-activity; sid:37467711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 103.197.49.92 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.197.49.92"; classtype:trojan-activity; sid:37467721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 107.170.251.21 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.251.21"; classtype:trojan-activity; sid:37467731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 110.182.96.215 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.182.96.215"; classtype:trojan-activity; sid:37467741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 110.0.248.88 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.0.248.88"; classtype:trojan-activity; sid:37467751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 111.22.76.193 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.22.76.193"; classtype:trojan-activity; sid:37467761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 112.74.113.120 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.74.113.120"; classtype:trojan-activity; sid:37467771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 111.22.74.166 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.22.74.166"; classtype:trojan-activity; sid:37467781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 113.200.222.189 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.222.189"; classtype:trojan-activity; sid:37467791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 112.116.107.155 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.116.107.155"; classtype:trojan-activity; sid:37467801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 114.34.177.99 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.34.177.99"; classtype:trojan-activity; sid:37467811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 113.200.137.41 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.41"; classtype:trojan-activity; sid:37467821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 118.173.85.25 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.173.85.25"; classtype:trojan-activity; sid:37467831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 114.232.246.197 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.232.246.197"; classtype:trojan-activity; sid:37467841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 119.99.213.1 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.99.213.1"; classtype:trojan-activity; sid:37467851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 114.34.209.65 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.34.209.65"; classtype:trojan-activity; sid:37467861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 171.41.145.96 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.41.145.96"; classtype:trojan-activity; sid:37467871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 124.160.153.248 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.160.153.248"; classtype:trojan-activity; sid:37467881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 121.61.132.37 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.132.37"; classtype:trojan-activity; sid:37467891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 175.31.30.115 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.30.115"; classtype:trojan-activity; sid:37467901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 126.59.25.229 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.59.25.229"; classtype:trojan-activity; sid:37467911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 120.236.75.29 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.236.75.29"; classtype:trojan-activity; sid:37467921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 124.89.86.185 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.89.86.185"; classtype:trojan-activity; sid:37467931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 147.158.197.104 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.158.197.104"; classtype:trojan-activity; sid:37467941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 125.73.36.202 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.73.36.202"; classtype:trojan-activity; sid:37467951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 167.94.138.51 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.51"; classtype:trojan-activity; sid:37467961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 182.247.129.233 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.247.129.233"; classtype:trojan-activity; sid:37467971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 222.245.54.139 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.245.54.139"; classtype:trojan-activity; sid:37467981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 190.109.228.16 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.228.16"; classtype:trojan-activity; sid:37467991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 188.149.143.38 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.149.143.38"; classtype:trojan-activity; sid:37468001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 220.135.204.163 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.204.163"; classtype:trojan-activity; sid:37468011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 204.248.120.147 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.248.120.147"; classtype:trojan-activity; sid:37468021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 200.114.64.140 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.114.64.140"; classtype:trojan-activity; sid:37468031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 101.43.231.195 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.231.195"; classtype:trojan-activity; sid:37468481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 59.46.160.98 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.46.160.98"; classtype:trojan-activity; sid:37468041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 37.1.80.193 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.1.80.193"; classtype:trojan-activity; sid:37468051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 58.47.27.175 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.27.175"; classtype:trojan-activity; sid:37468061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 221.118.82.181 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.118.82.181"; classtype:trojan-activity; sid:37468071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 5.53.17.76 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.53.17.76"; classtype:trojan-activity; sid:37468081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 213.64.252.166 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.64.252.166"; classtype:trojan-activity; sid:37468091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 218.70.17.82 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.70.17.82"; classtype:trojan-activity; sid:37468101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 118.113.245.53 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.113.245.53"; classtype:trojan-activity; sid:37468491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 91.92.243.216 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.243.216"; classtype:trojan-activity; sid:37468111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 60.172.207.113 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.172.207.113"; classtype:trojan-activity; sid:37468121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 82.209.65.35 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.209.65.35"; classtype:trojan-activity; sid:37468131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 27.21.148.107 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.21.148.107"; classtype:trojan-activity; sid:37468141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 182.43.248.122 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.43.248.122"; classtype:trojan-activity; sid:37468501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 123.58.207.81 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.58.207.81"; classtype:trojan-activity; sid:37468511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 170.64.147.222 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.147.222"; classtype:trojan-activity; sid:37468521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 123.207.201.187 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.201.187"; classtype:trojan-activity; sid:37468531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 121.159.163.6 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.159.163.6"; classtype:trojan-activity; sid:37468541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 81.70.4.105 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.4.105"; classtype:trojan-activity; sid:37468551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 61.3.150.220 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.3.150.220"; classtype:trojan-activity; sid:37468151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 43.131.13.102 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.13.102"; classtype:trojan-activity; sid:37468561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 178.128.92.9 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.92.9"; classtype:trojan-activity; sid:37468571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 161.132.39.55 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.132.39.55"; classtype:trojan-activity; sid:37468581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 113.125.167.139 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.125.167.139"; classtype:trojan-activity; sid:37468591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 94.142.138.222 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.142.138.222"; classtype:trojan-activity; sid:37468601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 43.156.7.94 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.7.94"; classtype:trojan-activity; sid:37468611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 43.155.138.51 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.138.51"; classtype:trojan-activity; sid:37468621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 43.153.72.68 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.72.68"; classtype:trojan-activity; sid:37468631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 198.235.24.85 any -> $HOME_NET any (msg: "MISP e26543 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.85"; classtype:trojan-activity; sid:37468931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26543;) alert ip 167.248.133.35 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.35"; classtype:trojan-activity; sid:37468641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 91.149.237.34 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.149.237.34"; classtype:trojan-activity; sid:37468651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 121.61.197.119 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.197.119"; classtype:trojan-activity; sid:37468161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 61.91.43.232 any -> $HOME_NET any (msg: "MISP e26543 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.91.43.232"; classtype:trojan-activity; sid:37468941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26543;) alert ip 43.157.16.50 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.16.50"; classtype:trojan-activity; sid:37468661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 42.192.149.164 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.149.164"; classtype:trojan-activity; sid:37468671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 34.140.248.32 any -> $HOME_NET any (msg: "MISP e26544 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.140.248.32"; classtype:trojan-activity; sid:37469021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26544;) alert ip 45.79.181.251 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.181.251"; classtype:trojan-activity; sid:37468681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 182.240.237.93 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.237.93"; classtype:trojan-activity; sid:37468171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 124.235.58.222 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.235.58.222"; classtype:trojan-activity; sid:37468181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 125.27.188.77 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.27.188.77"; classtype:trojan-activity; sid:37468191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 172.81.62.238 any -> $HOME_NET any (msg: "MISP e26544 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.238"; classtype:trojan-activity; sid:37469031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26544;) alert ip 192.3.101.25 any -> $HOME_NET any (msg: "MISP e26543 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.3.101.25"; classtype:trojan-activity; sid:37468951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26543;) alert ip 119.187.61.60 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.187.61.60"; classtype:trojan-activity; sid:37468201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 134.17.24.54 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.17.24.54"; classtype:trojan-activity; sid:37468211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 222.246.111.179 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.111.179"; classtype:trojan-activity; sid:37468221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 120.57.119.84 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.57.119.84"; classtype:trojan-activity; sid:37468231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 189.183.213.130 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.183.213.130"; classtype:trojan-activity; sid:37468241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 186.193.8.95 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.193.8.95"; classtype:trojan-activity; sid:37468251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 162.216.150.21 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.216.150.21"; classtype:trojan-activity; sid:37468261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 177.200.6.203 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.200.6.203"; classtype:trojan-activity; sid:37468271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 200.53.95.193 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.53.95.193"; classtype:trojan-activity; sid:37468281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 83.239.229.32 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.239.229.32"; classtype:trojan-activity; sid:37468291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 27.18.185.143 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.18.185.143"; classtype:trojan-activity; sid:37468301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 180.180.18.17 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.180.18.17"; classtype:trojan-activity; sid:37468311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 175.30.204.116 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.204.116"; classtype:trojan-activity; sid:37468321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 223.17.35.193 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.17.35.193"; classtype:trojan-activity; sid:37468331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 212.24.42.247 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.24.42.247"; classtype:trojan-activity; sid:37468341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 170.82.74.87 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.82.74.87"; classtype:trojan-activity; sid:37468351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 125.9.226.75 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.9.226.75"; classtype:trojan-activity; sid:37468361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 165.227.191.78 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.191.78"; classtype:trojan-activity; sid:37468691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 103.151.141.89 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.151.141.89"; classtype:trojan-activity; sid:37468701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 220.135.95.227 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.95.227"; classtype:trojan-activity; sid:37468371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 39.40.223.28 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.40.223.28"; classtype:trojan-activity; sid:37468381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//a0918108.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0918108.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip 219.148.91.172 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.148.91.172"; classtype:trojan-activity; sid:37468391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 222.185.19.90 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.185.19.90"; classtype:trojan-activity; sid:37468401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 95.189.78.131 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.189.78.131"; classtype:trojan-activity; sid:37468411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 170.64.202.162 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.202.162"; classtype:trojan-activity; sid:37468711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 216.115.129.206 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.115.129.206"; classtype:trojan-activity; sid:37468421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 50.250.202.131 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.250.202.131"; classtype:trojan-activity; sid:37468431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 60.183.148.133 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.183.148.133"; classtype:trojan-activity; sid:37468441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 103.29.180.11 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.29.180.11"; classtype:trojan-activity; sid:37468721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 71.58.45.188 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.58.45.188"; classtype:trojan-activity; sid:37468451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 43.155.171.31 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.171.31"; classtype:trojan-activity; sid:37468731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 2.140.136.88 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.140.136.88"; classtype:trojan-activity; sid:37468461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 170.64.139.138 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.139.138"; classtype:trojan-activity; sid:37468741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 43.163.237.70 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.237.70"; classtype:trojan-activity; sid:37468751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 59.95.247.119 any -> $HOME_NET any (msg: "MISP e26541 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.95.247.119"; classtype:trojan-activity; sid:37468471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26541;) alert ip 117.72.15.5 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.15.5"; classtype:trojan-activity; sid:37468761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 123.23.91.186 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.23.91.186"; classtype:trojan-activity; sid:37468771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 192.227.231.198 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.227.231.198"; classtype:trojan-activity; sid:37468781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 43.156.70.152 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.70.152"; classtype:trojan-activity; sid:37468791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 143.137.45.121 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.137.45.121"; classtype:trojan-activity; sid:37468801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 45.48.129.249 any -> $HOME_NET any (msg: "MISP e26543 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.48.129.249"; classtype:trojan-activity; sid:37468961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26543;) alert ip 118.27.114.204 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.27.114.204"; classtype:trojan-activity; sid:37468811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 88.208.209.234 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.208.209.234"; classtype:trojan-activity; sid:37468821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 43.153.37.125 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.37.125"; classtype:trojan-activity; sid:37468831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 64.202.184.88 any -> $HOME_NET any (msg: "MISP e26543 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.202.184.88"; classtype:trojan-activity; sid:37468971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26543;) alert ip 3.142.222.129 any -> $HOME_NET any (msg: "MISP e26544 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 3.142.222.129"; classtype:trojan-activity; sid:37469041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26544;) alert ip 43.154.47.21 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.47.21"; classtype:trojan-activity; sid:37468841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 121.199.76.15 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.199.76.15"; classtype:trojan-activity; sid:37468851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 198.235.24.251 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.251"; classtype:trojan-activity; sid:37468861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 27.128.160.131 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.160.131"; classtype:trojan-activity; sid:37468871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 185.91.127.42 any -> $HOME_NET any (msg: "MISP e26543 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.91.127.42"; classtype:trojan-activity; sid:37468981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26543;) alert ip 195.154.62.147 any -> $HOME_NET any (msg: "MISP e26543 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.154.62.147"; classtype:trojan-activity; sid:37468991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26543;) alert ip 14.194.5.2 any -> $HOME_NET any (msg: "MISP e26543 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.194.5.2"; classtype:trojan-activity; sid:37469001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26543;) alert ip 43.128.71.129 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.71.129"; classtype:trojan-activity; sid:37468881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 103.189.93.13 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.189.93.13"; classtype:trojan-activity; sid:37468891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 91.165.131.14 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.165.131.14"; classtype:trojan-activity; sid:37468901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 185.180.140.5 any -> $HOME_NET any (msg: "MISP e26543 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.180.140.5"; classtype:trojan-activity; sid:37469011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26543;) alert ip 181.171.122.189 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.171.122.189"; classtype:trojan-activity; sid:37468911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip 47.243.189.181 any -> $HOME_NET any (msg: "MISP e26542 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.243.189.181"; classtype:trojan-activity; sid:37468921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26542;) alert ip $HOME_NET any -> 3.124.67.191 15119 (msg: "MISP e26430 [njrat,RAT] Outgoing To IP: 3.124.67.191|15119"; classtype:trojan-activity; sid:37295321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 35.157.111.131 15119 (msg: "MISP e26430 [njrat,RAT] Outgoing To IP: 35.157.111.131|15119"; classtype:trojan-activity; sid:37295311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 35.157.111.131 15119 (msg: "MISP e26674 [] Outgoing To IP: 35.157.111.131|15119"; classtype:trojan-activity; sid:37501211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 3.124.67.191 15119 (msg: "MISP e26674 [] Outgoing To IP: 3.124.67.191|15119"; classtype:trojan-activity; sid:37501221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 5.39.43.50 3456 (msg: "MISP e26674 [] Outgoing To IP: 5.39.43.50|3456"; classtype:trojan-activity; sid:37501231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 188.116.21.141 20213 (msg: "MISP e26674 [] Outgoing To IP: 188.116.21.141|20213"; classtype:trojan-activity; sid:37501241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26429 [] Domain m1tarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"m1tarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])m1tarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37293211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26429;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26429 [] Outgoing HTTP Domain m1tarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"m1tarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])m1tarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37293212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26429;) alert dns any any -> any any (msg: "MISP e26674 [] Domain frenchpies.org"; dns.query; content:"frenchpies.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])frenchpies\.org$/i"; classtype:trojan-activity; sid:37501251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain frenchpies.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frenchpies.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frenchpies\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37501252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain tnoodlezy.com"; dns.query; content:"tnoodlezy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tnoodlezy\.com$/i"; classtype:trojan-activity; sid:37501261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain tnoodlezy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tnoodlezy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tnoodlezy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37501262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain basenetgear.world"; dns.query; content:"basenetgear.world"; nocase; pcre: "/(^|[^A-Za-z0-9-])basenetgear\.world$/i"; classtype:trojan-activity; sid:37501271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain basenetgear.world"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"basenetgear.world"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])basenetgear\.world[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37501272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert dns any any -> any any (msg: "MISP e26674 [] Domain eeatgoodx.com"; dns.query; content:"eeatgoodx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eeatgoodx\.com$/i"; classtype:trojan-activity; sid:37501281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26674 [] Outgoing HTTP Domain eeatgoodx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eeatgoodx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eeatgoodx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37501282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26430 [LaplasClipper] Outgoing URL http|3a|//ww25.searchseedphase.online/bot/regex?subid1=20240216-0903-3410-838e-a4f52d7bfbdf"; flow:to_server,established; http.header; content:"ww25.searchseedphase.online"; fast_pattern; nocase; http.uri; content:"/bot/regex"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37295331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26430 [LaplasClipper] Outgoing URL http|3a|//ww25.searchseedphase.online/bot/regex?subid1=20240216-0901-32da-92dc-d6bc77bc9e34"; flow:to_server,established; http.header; content:"ww25.searchseedphase.online"; fast_pattern; nocase; http.uri; content:"/bot/regex"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37295341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26430 [LaplasClipper] Outgoing URL http|3a|//ww25.searchseedphase.online/bot/regex?subid1=20240216-0900-3289-a6cd-362bac037c0c"; flow:to_server,established; http.header; content:"ww25.searchseedphase.online"; fast_pattern; nocase; http.uri; content:"/bot/regex"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37295351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26430 [LaplasClipper] Outgoing URL http|3a|//ww25.searchseedphase.online/bot/regex?subid1=20240216-0902-335a-b5ea-cb36ceb34a2b"; flow:to_server,established; http.header; content:"ww25.searchseedphase.online"; fast_pattern; nocase; http.uri; content:"/bot/regex"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37295361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26430 [LaplasClipper] Outgoing URL http|3a|//ww25.searchseedphase.online/bot/regex?subid1=20240216-0904-355f-b107-1d1adef9f9fa"; flow:to_server,established; http.header; content:"ww25.searchseedphase.online"; fast_pattern; nocase; http.uri; content:"/bot/regex"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37295371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//ww25.searchseedphase.online/bot/regex?subid1=20240216-0904-355f-b107-1d1adef9f9fa"; flow:to_server,established; http.header; content:"ww25.searchseedphase.online"; fast_pattern; nocase; http.uri; content:"/bot/regex"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//ww25.searchseedphase.online/bot/regex?subid1=20240216-0902-335a-b5ea-cb36ceb34a2b"; flow:to_server,established; http.header; content:"ww25.searchseedphase.online"; fast_pattern; nocase; http.uri; content:"/bot/regex"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//ww25.searchseedphase.online/bot/regex?subid1=20240216-0900-3289-a6cd-362bac037c0c"; flow:to_server,established; http.header; content:"ww25.searchseedphase.online"; fast_pattern; nocase; http.uri; content:"/bot/regex"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//ww25.searchseedphase.online/bot/regex?subid1=20240216-0901-32da-92dc-d6bc77bc9e34"; flow:to_server,established; http.header; content:"ww25.searchseedphase.online"; fast_pattern; nocase; http.uri; content:"/bot/regex"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//ww25.searchseedphase.online/bot/regex?subid1=20240216-0903-3410-838e-a4f52d7bfbdf"; flow:to_server,established; http.header; content:"ww25.searchseedphase.online"; fast_pattern; nocase; http.uri; content:"/bot/regex"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 179.60.149.220 443 (msg: "MISP e26430 [CobaltStrike,cs-watermark-1357776117,HOSTKEY-USA] Outgoing To IP: 179.60.149.220|443"; classtype:trojan-activity; sid:37295391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 93.177.75.98 56816 (msg: "MISP e26430 [RAT,RemcosRAT] Outgoing To IP: 93.177.75.98|56816"; classtype:trojan-activity; sid:37295401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert ip $HOME_NET any -> 93.177.75.98 56816 (msg: "MISP e26674 [] Outgoing To IP: 93.177.75.98|56816"; classtype:trojan-activity; sid:37501341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 179.60.149.220 443 (msg: "MISP e26674 [] Outgoing To IP: 179.60.149.220|443"; classtype:trojan-activity; sid:37501351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert http $HOME_NET any -> 41.216.183.87 $HTTP_PORTS (msg: "MISP e26430 [recordbreaker] Outgoing URL http|3a|//41.216.183.87/"; flow:to_server,established; http.header; content:"41.216.183.87"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37295411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 41.216.183.87 $HTTP_PORTS (msg: "MISP e26674 [] Outgoing URL http|3a|//41.216.183.87/"; flow:to_server,established; http.header; content:"41.216.183.87"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37501371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26674;) alert ip $HOME_NET any -> 91.92.250.122 2404 (msg: "MISP e26430 [RAT,RemcosRAT] Outgoing To IP: 91.92.250.122|2404"; classtype:trojan-activity; sid:37295421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 159.89.17.81 $HTTP_PORTS (msg: "MISP e26430 [dcrat] Outgoing URL http|3a|//159.89.17.81/polltrack2/traffic3/6datalife9/line0api/privatevmapi/wpwindows6/server3image/flowerwindowswindows/wordpresspublictest/mariadbasyncwordpress/1sql/phptracktesttemporary/http/8eternal0/httpapidefaultcdn.php"; flow:to_server,established; http.header; content:"159.89.17.81"; fast_pattern; nocase; http.uri; content:"/polltrack2/traffic3/6datalife9/line0api/privatevmapi/wpwindows6/server3image/flowerwindowswindows/wordpresspublictest/mariadbasyncwordpress/1sql/phptracktesttemporary/http/8eternal0/httpapidefaultcdn.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37295431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26430;) alert http $HOME_NET any -> 159.89.17.81 $HTTP_PORTS (msg: "MISP e26673 [dcrat] Outgoing URL http|3a|//159.89.17.81/Polltrack2/traffic3/6Datalife9/Line0Api/PrivateVmApi/Wpwindows6/Server3Image/FlowerWindowsWindows/WordpressPublicTest/MariadbAsyncwordpress/1Sql/phpTrackTestTemporary/Http/8Eternal0/httpapiDefaultCdn.php"; flow:to_server,established; http.header; content:"159.89.17.81"; fast_pattern; nocase; http.uri; content:"/Polltrack2/traffic3/6Datalife9/Line0Api/PrivateVmApi/Wpwindows6/Server3Image/FlowerWindowsWindows/WordpressPublicTest/MariadbAsyncwordpress/1Sql/phpTrackTestTemporary/Http/8Eternal0/httpapiDefaultCdn.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 91.92.250.122 2404 (msg: "MISP e26673 [RAT,RemcosRAT,misp-galaxy:malpedia="Remcos"] Outgoing To IP: 91.92.250.122|2404"; classtype:trojan-activity; sid:37495761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain persikmonkiey7drone.com"; dns.query; content:"persikmonkiey7drone.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])persikmonkiey7drone\.com$/i"; classtype:trojan-activity; sid:37495771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain persikmonkiey7drone.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"persikmonkiey7drone.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])persikmonkiey7drone\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg: "MISP e26673 [] Outgoing URL http|3a|//persikmonkiey7drone.com|3a|80"; flow:to_server,established; http.header; content:"persikmonkiey7drone.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 103.195.236.98 23 (msg: "MISP e26673 [Gafgyt,misp-galaxy:malpedia="Bashlite",misp:confidence-level="usually-confident"] Outgoing To IP: 103.195.236.98|23"; classtype:trojan-activity; sid:37495791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 3.126.37.18 15020 (msg: "MISP e26673 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 3.126.37.18|15020"; classtype:trojan-activity; sid:37495801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 3.127.138.57 15020 (msg: "MISP e26673 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 3.127.138.57|15020"; classtype:trojan-activity; sid:37495811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [dcrat] Outgoing URL http|3a|//386958cm.nyashsens.top/vmdlecentral.php"; flow:to_server,established; http.header; content:"386958cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/vmdlecentral.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37296671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [dcrat] Outgoing URL http|3a|//386958cm.nyashsens.top/vmDleCentral.php"; flow:to_server,established; http.header; content:"386958cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/vmDleCentral.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [dcrat] Outgoing URL http|3a|//a0919167.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0919167.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37296681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [dcrat] Outgoing URL http|3a|//a0919167.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0919167.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//frightyserver.org"; flow:to_server,established; http.header; content:"frightyserver.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//frightyserver.org/Bgkc244P"; flow:to_server,established; http.header; content:"frightyserver.org"; fast_pattern; nocase; http.uri; content:"/Bgkc244P"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//winvipbonus.life"; flow:to_server,established; http.header; content:"winvipbonus.life"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//weapkd4.jarteaused.live"; flow:to_server,established; http.header; content:"weapkd4.jarteaused.live"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 172.67.167.246 80 (msg: "MISP e26673 [] Outgoing To IP: 172.67.167.246|80"; classtype:trojan-activity; sid:37495881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [dcrat] Outgoing URL http|3a|//cy58784.tw1.ru/_defaultwindows.php"; flow:to_server,established; http.header; content:"cy58784.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37296701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//cy58784.tw1.ru/_Defaultwindows.php"; flow:to_server,established; http.header; content:"cy58784.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_Defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 91.92.242.133 2025 (msg: "MISP e26444 [asyncrat,RAT] Outgoing To IP: 91.92.242.133|2025"; classtype:trojan-activity; sid:37296711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 91.92.242.133 2025 (msg: "MISP e26673 [] Outgoing To IP: 91.92.242.133|2025"; classtype:trojan-activity; sid:37495901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 172.67.167.246 80 (msg: "MISP e26444 [infostealer,LokiBot,stealer] Outgoing To IP: 172.67.167.246|80"; classtype:trojan-activity; sid:37296691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 3.126.37.18 15020 (msg: "MISP e26444 [njrat,RAT] Outgoing To IP: 3.126.37.18|15020"; classtype:trojan-activity; sid:37296661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg: "MISP e26444 [6.1.9,admin888,DarkGate] Outgoing URL http|3a|//persikmonkiey7drone.com|3a|80"; flow:to_server,established; http.header; content:"persikmonkiey7drone.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37296631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [6.1.9,admin888,DarkGate] Domain persikmonkiey7drone.com"; dns.query; content:"persikmonkiey7drone.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])persikmonkiey7drone\.com$/i"; classtype:trojan-activity; sid:37296641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [6.1.9,admin888,DarkGate] Outgoing HTTP Domain persikmonkiey7drone.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"persikmonkiey7drone.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])persikmonkiey7drone\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37296642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 3.127.138.57 15020 (msg: "MISP e26444 [njrat,RAT] Outgoing To IP: 3.127.138.57|15020"; classtype:trojan-activity; sid:37296651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 103.195.236.98 23 (msg: "MISP e26444 [Gafgyt] Outgoing To IP: 103.195.236.98|23"; classtype:trojan-activity; sid:37296621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [KeitaroTDS,SocGholish] Domain frenchpies.org"; dns.query; content:"frenchpies.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])frenchpies\.org$/i"; classtype:trojan-activity; sid:37296581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [KeitaroTDS,SocGholish] Outgoing HTTP Domain frenchpies.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frenchpies.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frenchpies\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37296582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [KeitaroTDS,SocGholish] Domain tnoodlezy.com"; dns.query; content:"tnoodlezy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tnoodlezy\.com$/i"; classtype:trojan-activity; sid:37296591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [KeitaroTDS,SocGholish] Outgoing HTTP Domain tnoodlezy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tnoodlezy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tnoodlezy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37296592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [KeitaroTDS,SocGholish] Domain basenetgear.world"; dns.query; content:"basenetgear.world"; nocase; pcre: "/(^|[^A-Za-z0-9-])basenetgear\.world$/i"; classtype:trojan-activity; sid:37296561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [KeitaroTDS,SocGholish] Outgoing HTTP Domain basenetgear.world"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"basenetgear.world"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])basenetgear\.world[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37296562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [KeitaroTDS,SocGholish] Domain eeatgoodx.com"; dns.query; content:"eeatgoodx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eeatgoodx\.com$/i"; classtype:trojan-activity; sid:37296571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [KeitaroTDS,SocGholish] Outgoing HTTP Domain eeatgoodx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eeatgoodx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eeatgoodx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37296572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsinfo.website"; dns.query; content:"ntsinfo.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsinfo\.website$/i"; classtype:trojan-activity; sid:37478001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsinfo.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsinfo.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsinfo\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain nts-post.website"; dns.query; content:"nts-post.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-post\.website$/i"; classtype:trojan-activity; sid:37478011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain nts-post.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nts-post.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nts\-post\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsposter.website"; dns.query; content:"ntsposter.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsposter\.website$/i"; classtype:trojan-activity; sid:37478021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsposter.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsposter.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsposter\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsmailer.store"; dns.query; content:"ntsmailer.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmailer\.store$/i"; classtype:trojan-activity; sid:37478031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsmailer.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsmailer.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmailer\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsmsg.website"; dns.query; content:"ntsmsg.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmsg\.website$/i"; classtype:trojan-activity; sid:37478041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsmsg.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsmsg.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmsg\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsmail.website"; dns.query; content:"ntsmail.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmail\.website$/i"; classtype:trojan-activity; sid:37478051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsmail.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsmail.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmail\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntshome.website"; dns.query; content:"ntshome.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntshome\.website$/i"; classtype:trojan-activity; sid:37478061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntshome.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntshome.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntshome\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain googlces.com"; dns.query; content:"googlces.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])googlces\.com$/i"; classtype:trojan-activity; sid:37478071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain googlces.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"googlces.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])googlces\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain npsposter.site"; dns.query; content:"npsposter.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])npsposter\.site$/i"; classtype:trojan-activity; sid:37478081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain npsposter.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"npsposter.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])npsposter\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain npsposter.space"; dns.query; content:"npsposter.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])npsposter\.space$/i"; classtype:trojan-activity; sid:37478091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain npsposter.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"npsposter.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])npsposter\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain npsviewer.site"; dns.query; content:"npsviewer.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])npsviewer\.site$/i"; classtype:trojan-activity; sid:37478101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain npsviewer.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"npsviewer.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])npsviewer\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain npsviewer.space"; dns.query; content:"npsviewer.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])npsviewer\.space$/i"; classtype:trojan-activity; sid:37478111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain npsviewer.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"npsviewer.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])npsviewer\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntshelp.site"; dns.query; content:"ntshelp.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntshelp\.site$/i"; classtype:trojan-activity; sid:37478121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntshelp.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntshelp.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntshelp\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsinforms.space"; dns.query; content:"ntsinforms.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsinforms\.space$/i"; classtype:trojan-activity; sid:37478131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsinforms.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsinforms.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsinforms\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsmailer.space"; dns.query; content:"ntsmailer.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmailer\.space$/i"; classtype:trojan-activity; sid:37478141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsmailer.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsmailer.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmailer\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsmailing.site"; dns.query; content:"ntsmailing.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmailing\.site$/i"; classtype:trojan-activity; sid:37478151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsmailing.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsmailing.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmailing\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsposter.site"; dns.query; content:"ntsposter.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsposter\.site$/i"; classtype:trojan-activity; sid:37478161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsposter.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsposter.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsposter\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsposting.space"; dns.query; content:"ntsposting.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsposting\.space$/i"; classtype:trojan-activity; sid:37478171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsposting.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsposting.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsposting\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsviewer.site"; dns.query; content:"ntsviewer.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsviewer\.site$/i"; classtype:trojan-activity; sid:37478181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsviewer.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsviewer.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsviewer\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26617 [] Domain omnivaproperties.click"; dns.query; content:"omnivaproperties.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])omnivaproperties\.click$/i"; classtype:trojan-activity; sid:37487771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26617;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26617 [] Outgoing HTTP Domain omnivaproperties.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omnivaproperties.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omnivaproperties\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26617;) alert http $HOME_NET any -> 192.168.1.103 $HTTP_PORTS (msg: "MISP e26571 [] Outgoing URL http|3a|//192.168.1.103/test"; flow:to_server,established; http.header; content:"192.168.1.103"; fast_pattern; nocase; http.uri; content:"/test"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37478201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert ip $HOME_NET any -> 45.195.69.28 14275 (msg: "MISP e26571 [] Outgoing To IP: 45.195.69.28|14275"; classtype:trojan-activity; sid:37478211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert ip $HOME_NET any -> 45.195.69.28 any (msg: "MISP e26571 [] Outgoing To IP: 45.195.69.28"; classtype:trojan-activity; sid:37478221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain binace.homes"; dns.query; content:"binace.homes"; nocase; pcre: "/(^|[^A-Za-z0-9-])binace\.homes$/i"; classtype:trojan-activity; sid:37478231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain binace.homes"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"binace.homes"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])binace\.homes[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain binaces.homes"; dns.query; content:"binaces.homes"; nocase; pcre: "/(^|[^A-Za-z0-9-])binaces\.homes$/i"; classtype:trojan-activity; sid:37478241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain binaces.homes"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"binaces.homes"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])binaces\.homes[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain masnail.shop"; dns.query; content:"masnail.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])masnail\.shop$/i"; classtype:trojan-activity; sid:37478251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain masnail.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"masnail.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])masnail\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain edocs-center.site"; dns.query; content:"edocs-center.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-center\.site$/i"; classtype:trojan-activity; sid:37478261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain edocs-center.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edocs-center.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-center\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain moscheck.site"; dns.query; content:"moscheck.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])moscheck\.site$/i"; classtype:trojan-activity; sid:37478271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain moscheck.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moscheck.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moscheck\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain moscloud.online"; dns.query; content:"moscloud.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])moscloud\.online$/i"; classtype:trojan-activity; sid:37478281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain moscloud.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moscloud.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moscloud\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain mosiview.online"; dns.query; content:"mosiview.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])mosiview\.online$/i"; classtype:trojan-activity; sid:37478291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain mosiview.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mosiview.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mosiview\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain mosplay.fun"; dns.query; content:"mosplay.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])mosplay\.fun$/i"; classtype:trojan-activity; sid:37478301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain mosplay.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mosplay.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mosplay\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain mpas-kr.site"; dns.query; content:"mpas-kr.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])mpas\-kr\.site$/i"; classtype:trojan-activity; sid:37478311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain mpas-kr.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mpas-kr.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mpas\-kr\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain navedocs.site"; dns.query; content:"navedocs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])navedocs\.site$/i"; classtype:trojan-activity; sid:37478321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain navedocs.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"navedocs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])navedocs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain nmsvc-edoc.cloud"; dns.query; content:"nmsvc-edoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])nmsvc\-edoc\.cloud$/i"; classtype:trojan-activity; sid:37478331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain nmsvc-edoc.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nmsvc-edoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nmsvc\-edoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntcloudn.site"; dns.query; content:"ntcloudn.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntcloudn\.site$/i"; classtype:trojan-activity; sid:37478341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntcloudn.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntcloudn.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntcloudn\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntclouds.site"; dns.query; content:"ntclouds.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntclouds\.site$/i"; classtype:trojan-activity; sid:37478351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntclouds.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntclouds.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntclouds\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname mosi.mosiview.online"; dns.query; content:"mosi.mosiview.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mosi\.mosiview\.online$/i"; classtype:trojan-activity; sid:37478361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname mosi.mosiview.online"; flow:to_server,established; http.header; content: "Host|3a| mosi.mosiview.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mosi\.mosiview\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname mosi.ntclouds.site"; dns.query; content:"mosi.ntclouds.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mosi\.ntclouds\.site$/i"; classtype:trojan-activity; sid:37478371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname mosi.ntclouds.site"; flow:to_server,established; http.header; content: "Host|3a| mosi.ntclouds.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mosi\.ntclouds\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname post.navedocs.site"; dns.query; content:"post.navedocs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])post\.navedocs\.site$/i"; classtype:trojan-activity; sid:37478381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname post.navedocs.site"; flow:to_server,established; http.header; content: "Host|3a| post.navedocs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])post\.navedocs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.mosplay.fun"; dns.query; content:"view.mosplay.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mosplay\.fun$/i"; classtype:trojan-activity; sid:37478391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.mosplay.fun"; flow:to_server,established; http.header; content: "Host|3a| view.mosplay.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mosplay\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.navedocs.site"; dns.query; content:"view.navedocs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.navedocs\.site$/i"; classtype:trojan-activity; sid:37478401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.navedocs.site"; flow:to_server,established; http.header; content: "Host|3a| view.navedocs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.navedocs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.nmsvc-edoc.cloud"; dns.query; content:"view.nmsvc-edoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nmsvc\-edoc\.cloud$/i"; classtype:trojan-activity; sid:37478411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.nmsvc-edoc.cloud"; flow:to_server,established; http.header; content: "Host|3a| view.nmsvc-edoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nmsvc\-edoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.ntcloudn.site"; dns.query; content:"view.ntcloudn.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntcloudn\.site$/i"; classtype:trojan-activity; sid:37478421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.ntcloudn.site"; flow:to_server,established; http.header; content: "Host|3a| view.ntcloudn.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntcloudn\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain edocs-mid.site"; dns.query; content:"edocs-mid.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-mid\.site$/i"; classtype:trojan-activity; sid:37478431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain edocs-mid.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edocs-mid.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-mid\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain edocs-moseid.site"; dns.query; content:"edocs-moseid.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-moseid\.site$/i"; classtype:trojan-activity; sid:37478441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain edocs-moseid.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edocs-moseid.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edocs\-moseid\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain gov24-kr.site"; dns.query; content:"gov24-kr.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])gov24\-kr\.site$/i"; classtype:trojan-activity; sid:37478451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain gov24-kr.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gov24-kr.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gov24\-kr\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain mois-view.site"; dns.query; content:"mois-view.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])mois\-view\.site$/i"; classtype:trojan-activity; sid:37478461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain mois-view.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mois-view.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mois\-view\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain mosgov.site"; dns.query; content:"mosgov.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])mosgov\.site$/i"; classtype:trojan-activity; sid:37478471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain mosgov.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mosgov.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mosgov\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain nhosrv.site"; dns.query; content:"nhosrv.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhosrv\.site$/i"; classtype:trojan-activity; sid:37478481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain nhosrv.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhosrv.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhosrv\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntaview.site"; dns.query; content:"ntaview.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntaview\.site$/i"; classtype:trojan-activity; sid:37478491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntaview.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntaview.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntaview\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname emv1.mosgov.site"; dns.query; content:"emv1.mosgov.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.mosgov\.site$/i"; classtype:trojan-activity; sid:37478501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname emv1.mosgov.site"; flow:to_server,established; http.header; content: "Host|3a| emv1.mosgov.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.mosgov\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname mosi.ntsvc-edoc.cloud"; dns.query; content:"mosi.ntsvc-edoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mosi\.ntsvc\-edoc\.cloud$/i"; classtype:trojan-activity; sid:37478511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname mosi.ntsvc-edoc.cloud"; flow:to_server,established; http.header; content: "Host|3a| mosi.ntsvc-edoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mosi\.ntsvc\-edoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname mosi.ntsview.store"; dns.query; content:"mosi.ntsview.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mosi\.ntsview\.store$/i"; classtype:trojan-activity; sid:37478521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname mosi.ntsview.store"; flow:to_server,established; http.header; content: "Host|3a| mosi.ntsview.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mosi\.ntsview\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname mta-sts.mosgov.site"; dns.query; content:"mta-sts.mosgov.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.mosgov\.site$/i"; classtype:trojan-activity; sid:37478531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname mta-sts.mosgov.site"; flow:to_server,established; http.header; content: "Host|3a| mta-sts.mosgov.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.mosgov\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname si.ntsvc-edoc.cloud"; dns.query; content:"si.ntsvc-edoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])si\.ntsvc\-edoc\.cloud$/i"; classtype:trojan-activity; sid:37478541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname si.ntsvc-edoc.cloud"; flow:to_server,established; http.header; content: "Host|3a| si.ntsvc-edoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])si\.ntsvc\-edoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.ntcloudo.site"; dns.query; content:"view.ntcloudo.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntcloudo\.site$/i"; classtype:trojan-activity; sid:37478551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.ntcloudo.site"; flow:to_server,established; http.header; content: "Host|3a| view.ntcloudo.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntcloudo\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.ntsvc-edoc.cloud"; dns.query; content:"view.ntsvc-edoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntsvc\-edoc\.cloud$/i"; classtype:trojan-activity; sid:37478561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.ntsvc-edoc.cloud"; flow:to_server,established; http.header; content: "Host|3a| view.ntsvc-edoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntsvc\-edoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain httpost.site"; dns.query; content:"httpost.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])httpost\.site$/i"; classtype:trojan-activity; sid:37478571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain httpost.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"httpost.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])httpost\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain navnsrc.cloud"; dns.query; content:"navnsrc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])navnsrc\.cloud$/i"; classtype:trojan-activity; sid:37478581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain navnsrc.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"navnsrc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])navnsrc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain navsvcs.cloud"; dns.query; content:"navsvcs.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])navsvcs\.cloud$/i"; classtype:trojan-activity; sid:37478591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain navsvcs.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"navsvcs.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])navsvcs\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain niddocs.site"; dns.query; content:"niddocs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])niddocs\.site$/i"; classtype:trojan-activity; sid:37478601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain niddocs.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"niddocs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])niddocs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain nidedoc.cloud"; dns.query; content:"nidedoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])nidedoc\.cloud$/i"; classtype:trojan-activity; sid:37478611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain nidedoc.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nidedoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nidedoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntcloudo.site"; dns.query; content:"ntcloudo.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntcloudo\.site$/i"; classtype:trojan-activity; sid:37478621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntcloudo.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntcloudo.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntcloudo\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntclouds.cloud"; dns.query; content:"ntclouds.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntclouds\.cloud$/i"; classtype:trojan-activity; sid:37478631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntclouds.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntclouds.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntclouds\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsvc-edoc.cloud"; dns.query; content:"ntsvc-edoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsvc\-edoc\.cloud$/i"; classtype:trojan-activity; sid:37478641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsvc-edoc.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsvc-edoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsvc\-edoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntsview.store"; dns.query; content:"ntsview.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsview\.store$/i"; classtype:trojan-activity; sid:37478651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntsview.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsview.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsview\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain dlndocs.site"; dns.query; content:"dlndocs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])dlndocs\.site$/i"; classtype:trojan-activity; sid:37478661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain dlndocs.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dlndocs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dlndocs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain heisof.mom"; dns.query; content:"heisof.mom"; nocase; pcre: "/(^|[^A-Za-z0-9-])heisof\.mom$/i"; classtype:trojan-activity; sid:37478671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain heisof.mom"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"heisof.mom"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])heisof\.mom[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain moecsxet.fun"; dns.query; content:"moecsxet.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])moecsxet\.fun$/i"; classtype:trojan-activity; sid:37478681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain moecsxet.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moecsxet.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moecsxet\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain moschck.store"; dns.query; content:"moschck.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])moschck\.store$/i"; classtype:trojan-activity; sid:37478691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain moschck.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moschck.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moschck\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain mossrv.site"; dns.query; content:"mossrv.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])mossrv\.site$/i"; classtype:trojan-activity; sid:37478701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain mossrv.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mossrv.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mossrv\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain moxcei.online"; dns.query; content:"moxcei.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])moxcei\.online$/i"; classtype:trojan-activity; sid:37478711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain moxcei.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moxcei.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moxcei\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntcloud-edoc.site"; dns.query; content:"ntcloud-edoc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntcloud\-edoc\.site$/i"; classtype:trojan-activity; sid:37478721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntcloud-edoc.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntcloud-edoc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntcloud\-edoc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntcloude.site"; dns.query; content:"ntcloude.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntcloude\.site$/i"; classtype:trojan-activity; sid:37478731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntcloude.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntcloude.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntcloude\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntidocs.site"; dns.query; content:"ntidocs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntidocs\.site$/i"; classtype:trojan-activity; sid:37478741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntidocs.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntidocs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntidocs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain ntihosp.site"; dns.query; content:"ntihosp.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntihosp\.site$/i"; classtype:trojan-activity; sid:37478751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain ntihosp.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntihosp.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntihosp\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain oiwoske.store"; dns.query; content:"oiwoske.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])oiwoske\.store$/i"; classtype:trojan-activity; sid:37478761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain oiwoske.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oiwoske.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oiwoske\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain secdoc.site"; dns.query; content:"secdoc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])secdoc\.site$/i"; classtype:trojan-activity; sid:37478771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain secdoc.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"secdoc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])secdoc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain settingdirect.org"; dns.query; content:"settingdirect.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])settingdirect\.org$/i"; classtype:trojan-activity; sid:37478781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain settingdirect.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"settingdirect.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])settingdirect\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain uugirl.vip"; dns.query; content:"uugirl.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-])uugirl\.vip$/i"; classtype:trojan-activity; sid:37478791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain uugirl.vip"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uugirl.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uugirl\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname emv1.dlndocs.site"; dns.query; content:"emv1.dlndocs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.dlndocs\.site$/i"; classtype:trojan-activity; sid:37478801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname emv1.dlndocs.site"; flow:to_server,established; http.header; content: "Host|3a| emv1.dlndocs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.dlndocs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname emv1.htxpost.site"; dns.query; content:"emv1.htxpost.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.htxpost\.site$/i"; classtype:trojan-activity; sid:37478811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname emv1.htxpost.site"; flow:to_server,established; http.header; content: "Host|3a| emv1.htxpost.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.htxpost\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname emv1.ntcloud-edoc.site"; dns.query; content:"emv1.ntcloud-edoc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.ntcloud\-edoc\.site$/i"; classtype:trojan-activity; sid:37478821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname emv1.ntcloud-edoc.site"; flow:to_server,established; http.header; content: "Host|3a| emv1.ntcloud-edoc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.ntcloud\-edoc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname emv1.secdoc.site"; dns.query; content:"emv1.secdoc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.secdoc\.site$/i"; classtype:trojan-activity; sid:37478831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname emv1.secdoc.site"; flow:to_server,established; http.header; content: "Host|3a| emv1.secdoc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.secdoc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname gvidfaas.htxpost.site"; dns.query; content:"gvidfaas.htxpost.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gvidfaas\.htxpost\.site$/i"; classtype:trojan-activity; sid:37478841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname gvidfaas.htxpost.site"; flow:to_server,established; http.header; content: "Host|3a| gvidfaas.htxpost.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gvidfaas\.htxpost\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname hostmaster.secdoc.site"; dns.query; content:"hostmaster.secdoc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hostmaster\.secdoc\.site$/i"; classtype:trojan-activity; sid:37478851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname hostmaster.secdoc.site"; flow:to_server,established; http.header; content: "Host|3a| hostmaster.secdoc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hostmaster\.secdoc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname ldrssbkg.htxpost.site"; dns.query; content:"ldrssbkg.htxpost.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ldrssbkg\.htxpost\.site$/i"; classtype:trojan-activity; sid:37478861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname ldrssbkg.htxpost.site"; flow:to_server,established; http.header; content: "Host|3a| ldrssbkg.htxpost.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ldrssbkg\.htxpost\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname mail.htxpost.site"; dns.query; content:"mail.htxpost.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.htxpost\.site$/i"; classtype:trojan-activity; sid:37478871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname mail.htxpost.site"; flow:to_server,established; http.header; content: "Host|3a| mail.htxpost.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.htxpost\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname motu.moecsxet.fun"; dns.query; content:"motu.moecsxet.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motu\.moecsxet\.fun$/i"; classtype:trojan-activity; sid:37478881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname motu.moecsxet.fun"; flow:to_server,established; http.header; content: "Host|3a| motu.moecsxet.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motu\.moecsxet\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname motu.moschck.store"; dns.query; content:"motu.moschck.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motu\.moschck\.store$/i"; classtype:trojan-activity; sid:37478891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname motu.moschck.store"; flow:to_server,established; http.header; content: "Host|3a| motu.moschck.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motu\.moschck\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname mta-sts.dlndocs.site"; dns.query; content:"mta-sts.dlndocs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.dlndocs\.site$/i"; classtype:trojan-activity; sid:37478901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname mta-sts.dlndocs.site"; flow:to_server,established; http.header; content: "Host|3a| mta-sts.dlndocs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.dlndocs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname mta-sts.htxpost.site"; dns.query; content:"mta-sts.htxpost.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.htxpost\.site$/i"; classtype:trojan-activity; sid:37478911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname mta-sts.htxpost.site"; flow:to_server,established; http.header; content: "Host|3a| mta-sts.htxpost.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.htxpost\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname mta-sts.ntcloud-edoc.site"; dns.query; content:"mta-sts.ntcloud-edoc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.ntcloud\-edoc\.site$/i"; classtype:trojan-activity; sid:37478921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname mta-sts.ntcloud-edoc.site"; flow:to_server,established; http.header; content: "Host|3a| mta-sts.ntcloud-edoc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.ntcloud\-edoc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.dlndocs.site"; dns.query; content:"view.dlndocs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.dlndocs\.site$/i"; classtype:trojan-activity; sid:37478931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.dlndocs.site"; flow:to_server,established; http.header; content: "Host|3a| view.dlndocs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.dlndocs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.htxpost.site"; dns.query; content:"view.htxpost.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.htxpost\.site$/i"; classtype:trojan-activity; sid:37478941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.htxpost.site"; flow:to_server,established; http.header; content: "Host|3a| view.htxpost.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.htxpost\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.moecsxet.fun"; dns.query; content:"view.moecsxet.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.moecsxet\.fun$/i"; classtype:trojan-activity; sid:37478951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.moecsxet.fun"; flow:to_server,established; http.header; content: "Host|3a| view.moecsxet.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.moecsxet\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.moschck.store"; dns.query; content:"view.moschck.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.moschck\.store$/i"; classtype:trojan-activity; sid:37478961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.moschck.store"; flow:to_server,established; http.header; content: "Host|3a| view.moschck.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.moschck\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.mossrv.site"; dns.query; content:"view.mossrv.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mossrv\.site$/i"; classtype:trojan-activity; sid:37478971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.mossrv.site"; flow:to_server,established; http.header; content: "Host|3a| view.mossrv.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.mossrv\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.niddocs.site"; dns.query; content:"view.niddocs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.niddocs\.site$/i"; classtype:trojan-activity; sid:37478981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.niddocs.site"; flow:to_server,established; http.header; content: "Host|3a| view.niddocs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.niddocs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.nidedoc.cloud"; dns.query; content:"view.nidedoc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nidedoc\.cloud$/i"; classtype:trojan-activity; sid:37478991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.nidedoc.cloud"; flow:to_server,established; http.header; content: "Host|3a| view.nidedoc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nidedoc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37478992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.ntcloud-edoc.site"; dns.query; content:"view.ntcloud-edoc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntcloud\-edoc\.site$/i"; classtype:trojan-activity; sid:37479001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.ntcloud-edoc.site"; flow:to_server,established; http.header; content: "Host|3a| view.ntcloud-edoc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntcloud\-edoc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.ntcloude.site"; dns.query; content:"view.ntcloude.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntcloude\.site$/i"; classtype:trojan-activity; sid:37479011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.ntcloude.site"; flow:to_server,established; http.header; content: "Host|3a| view.ntcloude.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.ntcloude\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.secdoc.site"; dns.query; content:"view.secdoc.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.secdoc\.site$/i"; classtype:trojan-activity; sid:37479021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.secdoc.site"; flow:to_server,established; http.header; content: "Host|3a| view.secdoc.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.secdoc\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain fsceit.cloud"; dns.query; content:"fsceit.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])fsceit\.cloud$/i"; classtype:trojan-activity; sid:37479031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain fsceit.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fsceit.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fsceit\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain fscsies.info"; dns.query; content:"fscsies.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])fscsies\.info$/i"; classtype:trojan-activity; sid:37479041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain fscsies.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fscsies.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fscsies\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain navserv.cloud"; dns.query; content:"navserv.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])navserv\.cloud$/i"; classtype:trojan-activity; sid:37479051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain navserv.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"navserv.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])navserv\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain nhitalk.online"; dns.query; content:"nhitalk.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhitalk\.online$/i"; classtype:trojan-activity; sid:37479061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain nhitalk.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhitalk.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhitalk\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Domain nhseco.store"; dns.query; content:"nhseco.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])nhseco\.store$/i"; classtype:trojan-activity; sid:37479071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Domain nhseco.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nhseco.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nhseco\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname mail.navserv.cloud"; dns.query; content:"mail.navserv.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.navserv\.cloud$/i"; classtype:trojan-activity; sid:37479081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname mail.navserv.cloud"; flow:to_server,established; http.header; content: "Host|3a| mail.navserv.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.navserv\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname motu.nhseco.store"; dns.query; content:"motu.nhseco.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motu\.nhseco\.store$/i"; classtype:trojan-activity; sid:37479091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname motu.nhseco.store"; flow:to_server,established; http.header; content: "Host|3a| motu.nhseco.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])motu\.nhseco\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname nhos.nhseco.store"; dns.query; content:"nhos.nhseco.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nhos\.nhseco\.store$/i"; classtype:trojan-activity; sid:37479101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname nhos.nhseco.store"; flow:to_server,established; http.header; content: "Host|3a| nhos.nhseco.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nhos\.nhseco\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.fsceit.cloud"; dns.query; content:"view.fsceit.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.fsceit\.cloud$/i"; classtype:trojan-activity; sid:37479111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.fsceit.cloud"; flow:to_server,established; http.header; content: "Host|3a| view.fsceit.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.fsceit\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.navnsrc.cloud"; dns.query; content:"view.navnsrc.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.navnsrc\.cloud$/i"; classtype:trojan-activity; sid:37479121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.navnsrc.cloud"; flow:to_server,established; http.header; content: "Host|3a| view.navnsrc.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.navnsrc\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.navserv.cloud"; dns.query; content:"view.navserv.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.navserv\.cloud$/i"; classtype:trojan-activity; sid:37479131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.navserv.cloud"; flow:to_server,established; http.header; content: "Host|3a| view.navserv.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.navserv\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert dns any any -> any any (msg: "MISP e26571 [] Hostname view.nhitalk.online"; dns.query; content:"view.nhitalk.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhitalk\.online$/i"; classtype:trojan-activity; sid:37479141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26571 [] Outgoing HTTP Hostname view.nhitalk.online"; flow:to_server,established; http.header; content: "Host|3a| view.nhitalk.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])view\.nhitalk\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26571;) alert ip $HOME_NET any -> 137.184.96.202 22 (msg: "MISP e26444 [DIGITALOCEAN-ASN,sliver] Outgoing To IP: 137.184.96.202|22"; classtype:trojan-activity; sid:37296721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 69.46.36.217 7443 (msg: "MISP e26444 [MPDCOL,Mythic] Outgoing To IP: 69.46.36.217|7443"; classtype:trojan-activity; sid:37296731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 20.41.216.145 7443 (msg: "MISP e26444 [MICROSOFT-CORP-MSN-AS-BLOCK,Mythic] Outgoing To IP: 20.41.216.145|7443"; classtype:trojan-activity; sid:37296741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 95.217.6.101 7443 (msg: "MISP e26444 [HETZNER-AS,Mythic] Outgoing To IP: 95.217.6.101|7443"; classtype:trojan-activity; sid:37296751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 34.141.124.126 443 (msg: "MISP e26444 [GOOGLE-CLOUD-PLATFORM,Havoc] Outgoing To IP: 34.141.124.126|443"; classtype:trojan-activity; sid:37296761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 89.147.111.163 443 (msg: "MISP e26444 [Havoc,THE-1984-AS] Outgoing To IP: 89.147.111.163|443"; classtype:trojan-activity; sid:37296771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 47.232.161.146 443 (msg: "MISP e26444 [CHARTER-20115,Havoc] Outgoing To IP: 47.232.161.146|443"; classtype:trojan-activity; sid:37296781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 173.237.206.178 80 (msg: "MISP e26444 [Havoc,LIGHTWAVE-NETWORKS] Outgoing To IP: 173.237.206.178|80"; classtype:trojan-activity; sid:37296791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 107.189.31.164 445 (msg: "MISP e26444 [PONYNET,Responder] Outgoing To IP: 107.189.31.164|445"; classtype:trojan-activity; sid:37296801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 41.147.196.189 80 (msg: "MISP e26444 [Pupy RAT,Telkom-Internet] Outgoing To IP: 41.147.196.189|80"; classtype:trojan-activity; sid:37296811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 189.253.230.198 443 (msg: "MISP e26444 [QakBot,UNINET] Outgoing To IP: 189.253.230.198|443"; classtype:trojan-activity; sid:37296821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 50.35.143.32 443 (msg: "MISP e26444 [AS-WHOLESAIL,QakBot] Outgoing To IP: 50.35.143.32|443"; classtype:trojan-activity; sid:37296831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 72.27.169.43 443 (msg: "MISP e26444 [FLOW-NET,QakBot] Outgoing To IP: 72.27.169.43|443"; classtype:trojan-activity; sid:37296841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 173.237.206.178 80 (msg: "MISP e26673 [] Outgoing To IP: 173.237.206.178|80"; classtype:trojan-activity; sid:37495911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 47.232.161.146 443 (msg: "MISP e26673 [] Outgoing To IP: 47.232.161.146|443"; classtype:trojan-activity; sid:37495921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 89.147.111.163 443 (msg: "MISP e26673 [] Outgoing To IP: 89.147.111.163|443"; classtype:trojan-activity; sid:37495931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 34.141.124.126 443 (msg: "MISP e26673 [] Outgoing To IP: 34.141.124.126|443"; classtype:trojan-activity; sid:37495941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 95.217.6.101 7443 (msg: "MISP e26673 [] Outgoing To IP: 95.217.6.101|7443"; classtype:trojan-activity; sid:37495951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 20.41.216.145 7443 (msg: "MISP e26673 [] Outgoing To IP: 20.41.216.145|7443"; classtype:trojan-activity; sid:37495961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 69.46.36.217 7443 (msg: "MISP e26673 [] Outgoing To IP: 69.46.36.217|7443"; classtype:trojan-activity; sid:37495971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 137.184.96.202 22 (msg: "MISP e26673 [] Outgoing To IP: 137.184.96.202|22"; classtype:trojan-activity; sid:37495981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 75.173.26.183 443 (msg: "MISP e26444 [BRSPD-PUBLIC,QakBot] Outgoing To IP: 75.173.26.183|443"; classtype:trojan-activity; sid:37296851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 189.140.70.226 443 (msg: "MISP e26444 [QakBot,UNINET] Outgoing To IP: 189.140.70.226|443"; classtype:trojan-activity; sid:37296861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 86.121.139.203 2222 (msg: "MISP e26444 [QakBot,RCS-RDS 73-75 Dr. Staicovici] Outgoing To IP: 86.121.139.203|2222"; classtype:trojan-activity; sid:37296871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 122.10.110.233 8888 (msg: "MISP e26444 [DXTL-HK DXTL Tseung Kwan O Service,Supershell] Outgoing To IP: 122.10.110.233|8888"; classtype:trojan-activity; sid:37296881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 122.10.27.225 8888 (msg: "MISP e26444 [DXTL-HK DXTL Tseung Kwan O Service,Supershell] Outgoing To IP: 122.10.27.225|8888"; classtype:trojan-activity; sid:37296891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 122.10.49.62 8888 (msg: "MISP e26444 [DXTL-HK DXTL Tseung Kwan O Service,Supershell] Outgoing To IP: 122.10.49.62|8888"; classtype:trojan-activity; sid:37296901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 147.45.42.25 80 (msg: "MISP e26444 [AEZA-AS,Meduza Stealer] Outgoing To IP: 147.45.42.25|80"; classtype:trojan-activity; sid:37296911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 143.198.95.76 42061 (msg: "MISP e26444 [Mirai] Outgoing To IP: 143.198.95.76|42061"; classtype:trojan-activity; sid:37296921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 143.198.95.76 42061 (msg: "MISP e26673 [] Outgoing To IP: 143.198.95.76|42061"; classtype:trojan-activity; sid:37495991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 147.45.42.25 80 (msg: "MISP e26673 [] Outgoing To IP: 147.45.42.25|80"; classtype:trojan-activity; sid:37496001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 122.10.49.62 8888 (msg: "MISP e26673 [] Outgoing To IP: 122.10.49.62|8888"; classtype:trojan-activity; sid:37496011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 122.10.27.225 8888 (msg: "MISP e26673 [] Outgoing To IP: 122.10.27.225|8888"; classtype:trojan-activity; sid:37496021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 122.10.110.233 8888 (msg: "MISP e26673 [] Outgoing To IP: 122.10.110.233|8888"; classtype:trojan-activity; sid:37496031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 86.121.139.203 2222 (msg: "MISP e26673 [] Outgoing To IP: 86.121.139.203|2222"; classtype:trojan-activity; sid:37496041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 189.140.70.226 443 (msg: "MISP e26673 [] Outgoing To IP: 189.140.70.226|443"; classtype:trojan-activity; sid:37496051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 75.173.26.183 443 (msg: "MISP e26673 [] Outgoing To IP: 75.173.26.183|443"; classtype:trojan-activity; sid:37496061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 72.27.169.43 443 (msg: "MISP e26673 [] Outgoing To IP: 72.27.169.43|443"; classtype:trojan-activity; sid:37496071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 50.35.143.32 443 (msg: "MISP e26673 [] Outgoing To IP: 50.35.143.32|443"; classtype:trojan-activity; sid:37496081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 189.253.230.198 443 (msg: "MISP e26673 [] Outgoing To IP: 189.253.230.198|443"; classtype:trojan-activity; sid:37496091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 41.147.196.189 80 (msg: "MISP e26673 [] Outgoing To IP: 41.147.196.189|80"; classtype:trojan-activity; sid:37496101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 107.189.31.164 445 (msg: "MISP e26673 [] Outgoing To IP: 107.189.31.164|445"; classtype:trojan-activity; sid:37496111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 193.233.255.127 36579 (msg: "MISP e26444 [RedLineStealer] Outgoing To IP: 193.233.255.127|36579"; classtype:trojan-activity; sid:37296931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 193.233.255.127 36579 (msg: "MISP e26673 [] Outgoing To IP: 193.233.255.127|36579"; classtype:trojan-activity; sid:37496121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 1.14.206.144 6606 (msg: "MISP e26444 [asyncrat] Outgoing To IP: 1.14.206.144|6606"; classtype:trojan-activity; sid:37296941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 1.14.206.144 6606 (msg: "MISP e26673 [] Outgoing To IP: 1.14.206.144|6606"; classtype:trojan-activity; sid:37496131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 95.217.24.13 443 (msg: "MISP e26444 [Vidar] Outgoing To IP: 95.217.24.13|443"; classtype:trojan-activity; sid:37296951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 78.46.234.146 5432 (msg: "MISP e26444 [Vidar] Outgoing To IP: 78.46.234.146|5432"; classtype:trojan-activity; sid:37296961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 95.216.182.244 443 (msg: "MISP e26444 [Vidar] Outgoing To IP: 95.216.182.244|443"; classtype:trojan-activity; sid:37296971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 95.217.24.13 443 (msg: "MISP e26673 [] Outgoing To IP: 95.217.24.13|443"; classtype:trojan-activity; sid:37496171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 78.46.234.146 5432 (msg: "MISP e26673 [] Outgoing To IP: 78.46.234.146|5432"; classtype:trojan-activity; sid:37496181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 95.216.182.244 443 (msg: "MISP e26673 [] Outgoing To IP: 95.216.182.244|443"; classtype:trojan-activity; sid:37496191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 130.185.249.90 6667 (msg: "MISP e26444 [Tsunami] Outgoing To IP: 130.185.249.90|6667"; classtype:trojan-activity; sid:37297011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 130.185.249.90 6667 (msg: "MISP e26673 [] Outgoing To IP: 130.185.249.90|6667"; classtype:trojan-activity; sid:37496201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26480 [] Domain om-nivaee.cyou"; dns.query; content:"om-nivaee.cyou"; nocase; pcre: "/(^|[^A-Za-z0-9-])om\-nivaee\.cyou$/i"; classtype:trojan-activity; sid:37305201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26480;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26480 [] Outgoing HTTP Domain om-nivaee.cyou"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"om-nivaee.cyou"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])om\-nivaee\.cyou[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37305202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26480;) alert ip $HOME_NET any -> 52.91.67.138 443 (msg: "MISP e26444 [AMAZON-AES,CobaltStrike,cs-watermark-873316145] Outgoing To IP: 52.91.67.138|443"; classtype:trojan-activity; sid:37297031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 175.24.197.196 888 (msg: "MISP e26444 [Kaiji] Outgoing To IP: 175.24.197.196|888"; classtype:trojan-activity; sid:37297041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [Kaiji] Domain qiefuwuqi.20242525.xyz"; dns.query; content:"qiefuwuqi.20242525.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])qiefuwuqi\.20242525\.xyz$/i"; classtype:trojan-activity; sid:37297051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [Kaiji] Outgoing HTTP Domain qiefuwuqi.20242525.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qiefuwuqi.20242525.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qiefuwuqi\.20242525\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26673 [] Domain qiefuwuqi.20242525.xyz"; dns.query; content:"qiefuwuqi.20242525.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])qiefuwuqi\.20242525\.xyz$/i"; classtype:trojan-activity; sid:37496211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain qiefuwuqi.20242525.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qiefuwuqi.20242525.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qiefuwuqi\.20242525\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 175.24.197.196 888 (msg: "MISP e26673 [] Outgoing To IP: 175.24.197.196|888"; classtype:trojan-activity; sid:37496221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 52.91.67.138 443 (msg: "MISP e26673 [] Outgoing To IP: 52.91.67.138|443"; classtype:trojan-activity; sid:37496231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 103.178.235.32 19990 (msg: "MISP e26444 [Gafgyt,Mirai] Outgoing To IP: 103.178.235.32|19990"; classtype:trojan-activity; sid:37297061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 103.178.235.32 19990 (msg: "MISP e26673 [] Outgoing To IP: 103.178.235.32|19990"; classtype:trojan-activity; sid:37496251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26486 [] Domain pub-e15b71d20bfd4a42875f6b3837d4176b.r2.dev"; dns.query; content:"pub-e15b71d20bfd4a42875f6b3837d4176b.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-e15b71d20bfd4a42875f6b3837d4176b\.r2\.dev$/i"; classtype:trojan-activity; sid:37332031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26486;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26486 [] Outgoing HTTP Domain pub-e15b71d20bfd4a42875f6b3837d4176b.r2.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pub-e15b71d20bfd4a42875f6b3837d4176b.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-e15b71d20bfd4a42875f6b3837d4176b\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37332032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26486;) alert dns any any -> any any (msg: "MISP e26608 [] Domain pub-e15b71d20bfd4a42875f6b3837d4176b.r2.dev"; dns.query; content:"pub-e15b71d20bfd4a42875f6b3837d4176b.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-e15b71d20bfd4a42875f6b3837d4176b\.r2\.dev$/i"; classtype:trojan-activity; sid:37487501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26608;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26608 [] Outgoing HTTP Domain pub-e15b71d20bfd4a42875f6b3837d4176b.r2.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pub-e15b71d20bfd4a42875f6b3837d4176b.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-e15b71d20bfd4a42875f6b3837d4176b\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26608;) alert ip $HOME_NET any -> 185.179.217.216 9785 (msg: "MISP e26444 [Pikabot] Outgoing To IP: 185.179.217.216|9785"; classtype:trojan-activity; sid:37297091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 172.232.174.6 5242 (msg: "MISP e26444 [Pikabot] Outgoing To IP: 172.232.174.6|5242"; classtype:trojan-activity; sid:37297101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 185.179.217.216 9785 (msg: "MISP e26673 [] Outgoing To IP: 185.179.217.216|9785"; classtype:trojan-activity; sid:37496281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 172.232.174.6 5242 (msg: "MISP e26673 [] Outgoing To IP: 172.232.174.6|5242"; classtype:trojan-activity; sid:37496291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26375 [] Hostname pub-18b55ea6379a48229bab44f605734db6.r2.dev"; dns.query; content:"pub-18b55ea6379a48229bab44f605734db6.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-18b55ea6379a48229bab44f605734db6\.r2\.dev$/i"; classtype:trojan-activity; sid:37488131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Hostname pub-18b55ea6379a48229bab44f605734db6.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-18b55ea6379a48229bab44f605734db6.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-18b55ea6379a48229bab44f605734db6\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37488132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> 52.91.67.138 8084 (msg: "MISP e26444 [Amazon.com Inc.,CobaltStrike,cs-watermark-873316145] Outgoing URL http|3a|//52.91.67.138|3a|8084/pixel"; flow:to_server,established; http.header; content:"52.91.67.138"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 141.98.81.98 81 (msg: "MISP e26444 [CobaltStrike,cs-watermark-987654321,Flyservers S.A.] Outgoing URL http|3a|//141.98.81.98|3a|81/fwlink"; flow:to_server,established; http.header; content:"141.98.81.98"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 103.82.243.5 13785 (msg: "MISP e26574 [] Outgoing To IP: 103.82.243.5|13785"; classtype:trojan-activity; sid:37479361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 104.129.55.105 2223 (msg: "MISP e26574 [] Outgoing To IP: 104.129.55.105|2223"; classtype:trojan-activity; sid:37479371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 104.156.233.235 2226 (msg: "MISP e26574 [] Outgoing To IP: 104.156.233.235|2226"; classtype:trojan-activity; sid:37479381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 108.61.78.17 13783 (msg: "MISP e26574 [] Outgoing To IP: 108.61.78.17|13783"; classtype:trojan-activity; sid:37479391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 131.153.231.178 2221 (msg: "MISP e26574 [] Outgoing To IP: 131.153.231.178|2221"; classtype:trojan-activity; sid:37479401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 155.138.147.62 2223 (msg: "MISP e26574 [] Outgoing To IP: 155.138.147.62|2223"; classtype:trojan-activity; sid:37479411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 172.232.162.97 13783 (msg: "MISP e26574 [] Outgoing To IP: 172.232.162.97|13783"; classtype:trojan-activity; sid:37479421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 172.232.189.10 1194 (msg: "MISP e26574 [] Outgoing To IP: 172.232.189.10|1194"; classtype:trojan-activity; sid:37479431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 172.232.189.219 2224 (msg: "MISP e26574 [] Outgoing To IP: 172.232.189.219|2224"; classtype:trojan-activity; sid:37479441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 178.18.246.136 2078 (msg: "MISP e26574 [] Outgoing To IP: 178.18.246.136|2078"; classtype:trojan-activity; sid:37479451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 198.44.187.12 2224 (msg: "MISP e26574 [] Outgoing To IP: 198.44.187.12|2224"; classtype:trojan-activity; sid:37479461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 23.226.138.161 5242 (msg: "MISP e26574 [] Outgoing To IP: 23.226.138.161|5242"; classtype:trojan-activity; sid:37479471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 37.60.242.85 9785 (msg: "MISP e26574 [] Outgoing To IP: 37.60.242.85|9785"; classtype:trojan-activity; sid:37479481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 45.32.21.184 5242 (msg: "MISP e26574 [] Outgoing To IP: 45.32.21.184|5242"; classtype:trojan-activity; sid:37479491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 45.32.248.100 2226 (msg: "MISP e26574 [] Outgoing To IP: 45.32.248.100|2226"; classtype:trojan-activity; sid:37479501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 45.76.251.190 5631 (msg: "MISP e26574 [] Outgoing To IP: 45.76.251.190|5631"; classtype:trojan-activity; sid:37479511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 86.38.225.105 13721 (msg: "MISP e26574 [] Outgoing To IP: 86.38.225.105|13721"; classtype:trojan-activity; sid:37479521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 86.38.225.106 2221 (msg: "MISP e26574 [] Outgoing To IP: 86.38.225.106|2221"; classtype:trojan-activity; sid:37479531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 86.38.225.109 13724 (msg: "MISP e26574 [] Outgoing To IP: 86.38.225.109|13724"; classtype:trojan-activity; sid:37479541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert ip $HOME_NET any -> 95.179.135.3 2225 (msg: "MISP e26574 [] Outgoing To IP: 95.179.135.3|2225"; classtype:trojan-activity; sid:37479551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26574;) alert http $HOME_NET any -> 152.136.100.26 $HTTP_PORTS (msg: "MISP e26444 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//152.136.100.26/match"; flow:to_server,established; http.header; content:"152.136.100.26"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 152.136.100.26 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//152.136.100.26/match"; flow:to_server,established; http.header; content:"152.136.100.26"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 141.98.81.98 81 (msg: "MISP e26673 [] Outgoing URL http|3a|//141.98.81.98|3a|81/fwlink"; flow:to_server,established; http.header; content:"141.98.81.98"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 52.91.67.138 8084 (msg: "MISP e26673 [] Outgoing URL http|3a|//52.91.67.138|3a|8084/pixel"; flow:to_server,established; http.header; content:"52.91.67.138"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26529 [] Domain soundata.top"; dns.query; content:"soundata.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])soundata\.top$/i"; classtype:trojan-activity; sid:37463511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26529 [] Outgoing HTTP Domain soundata.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"soundata.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])soundata\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37463512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert dns any any -> any any (msg: "MISP e26529 [] Domain soundbase.top"; dns.query; content:"soundbase.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])soundbase\.top$/i"; classtype:trojan-activity; sid:37463521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26529 [] Outgoing HTTP Domain soundbase.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"soundbase.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])soundbase\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37463522; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert dns any any -> any any (msg: "MISP e26529 [] Domain soundline.top"; dns.query; content:"soundline.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])soundline\.top$/i"; classtype:trojan-activity; sid:37463541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26529 [] Outgoing HTTP Domain soundline.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"soundline.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])soundline\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37463542; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert dns any any -> any any (msg: "MISP e26529 [] Domain guvencecelik.com"; dns.query; content:"guvencecelik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])guvencecelik\.com$/i"; classtype:trojan-activity; sid:37463571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26529 [] Outgoing HTTP Domain guvencecelik.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"guvencecelik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])guvencecelik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37463572; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert dns any any -> any any (msg: "MISP e26529 [] Domain fidelizza.desarrollojm.com"; dns.query; content:"fidelizza.desarrollojm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fidelizza\.desarrollojm\.com$/i"; classtype:trojan-activity; sid:37463601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26529 [] Outgoing HTTP Domain fidelizza.desarrollojm.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fidelizza.desarrollojm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fidelizza\.desarrollojm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37463602; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert dns any any -> any any (msg: "MISP e26529 [] Domain novak-home.com"; dns.query; content:"novak-home.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])novak\-home\.com$/i"; classtype:trojan-activity; sid:37463631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26529 [] Outgoing HTTP Domain novak-home.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"novak-home.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])novak\-home\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37463632; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert dns any any -> any any (msg: "MISP e26529 [] Domain janisthaaivf.com"; dns.query; content:"janisthaaivf.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])janisthaaivf\.com$/i"; classtype:trojan-activity; sid:37463681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26529 [] Outgoing HTTP Domain janisthaaivf.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"janisthaaivf.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])janisthaaivf\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37463682; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//tvoikcloud.pw/api"; flow:to_server,established; http.header; content:"tvoikcloud.pw"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//doonwload.fun/api"; flow:to_server,established; http.header; content:"doonwload.fun"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26529 [] Domain moravalero.cl"; dns.query; content:"moravalero.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-])moravalero\.cl$/i"; classtype:trojan-activity; sid:37463711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26529 [] Outgoing HTTP Domain moravalero.cl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moravalero.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moravalero\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37463712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert ip $HOME_NET any -> 142.250.178.4 any (msg: "MISP e26529 [] Outgoing To IP: 142.250.178.4"; classtype:trojan-activity; sid:37463721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert http $HOME_NET any -> 198.12.81.134 $HTTP_PORTS (msg: "MISP e26537 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//198.12.81.134/extrafiledroid1.vbs"; flow:to_server,established; http.header; content:"198.12.81.134"; fast_pattern; nocase; http.uri; content:"/extrafiledroid1.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37466171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26537;) alert dns any any -> any any (msg: "MISP e26444 [] Domain fleetconsciousnessjuiw.site"; dns.query; content:"fleetconsciousnessjuiw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fleetconsciousnessjuiw\.site$/i"; classtype:trojan-activity; sid:37297361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain fleetconsciousnessjuiw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fleetconsciousnessjuiw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fleetconsciousnessjuiw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain oluaskaz.pw"; dns.query; content:"oluaskaz.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])oluaskaz\.pw$/i"; classtype:trojan-activity; sid:37297371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain oluaskaz.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oluaskaz.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oluaskaz\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain contextsuffreintymore.fun"; dns.query; content:"contextsuffreintymore.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])contextsuffreintymore\.fun$/i"; classtype:trojan-activity; sid:37297381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain contextsuffreintymore.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"contextsuffreintymore.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])contextsuffreintymore\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain joystickempiricalhirpw.site"; dns.query; content:"joystickempiricalhirpw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])joystickempiricalhirpw\.site$/i"; classtype:trojan-activity; sid:37297391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain joystickempiricalhirpw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"joystickempiricalhirpw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])joystickempiricalhirpw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain makeexpectentrypon.pw"; dns.query; content:"makeexpectentrypon.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])makeexpectentrypon\.pw$/i"; classtype:trojan-activity; sid:37297401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain makeexpectentrypon.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"makeexpectentrypon.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])makeexpectentrypon\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain attachmentartikidw.fun"; dns.query; content:"attachmentartikidw.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])attachmentartikidw\.fun$/i"; classtype:trojan-activity; sid:37297411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain attachmentartikidw.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"attachmentartikidw.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])attachmentartikidw\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain willpoweragreebokkskiew.site"; dns.query; content:"willpoweragreebokkskiew.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])willpoweragreebokkskiew\.site$/i"; classtype:trojan-activity; sid:37297421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain willpoweragreebokkskiew.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"willpoweragreebokkskiew.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])willpoweragreebokkskiew\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain racerecessionrestrai.site"; dns.query; content:"racerecessionrestrai.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])racerecessionrestrai\.site$/i"; classtype:trojan-activity; sid:37297431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain racerecessionrestrai.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"racerecessionrestrai.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])racerecessionrestrai\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain vesselspeedcrosswakew.site"; dns.query; content:"vesselspeedcrosswakew.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])vesselspeedcrosswakew\.site$/i"; classtype:trojan-activity; sid:37297441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain vesselspeedcrosswakew.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vesselspeedcrosswakew.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vesselspeedcrosswakew\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain goddirtybrilliancece.fun"; dns.query; content:"goddirtybrilliancece.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])goddirtybrilliancece\.fun$/i"; classtype:trojan-activity; sid:37297451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain goddirtybrilliancece.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"goddirtybrilliancece.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])goddirtybrilliancece\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain consciouosoepewmausj.site"; dns.query; content:"consciouosoepewmausj.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])consciouosoepewmausj\.site$/i"; classtype:trojan-activity; sid:37297461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain consciouosoepewmausj.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consciouosoepewmausj.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consciouosoepewmausj\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain beaturifuelministyuowwas.site"; dns.query; content:"beaturifuelministyuowwas.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])beaturifuelministyuowwas\.site$/i"; classtype:trojan-activity; sid:37297471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain beaturifuelministyuowwas.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beaturifuelministyuowwas.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beaturifuelministyuowwas\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain conferenctdressingshrw.site"; dns.query; content:"conferenctdressingshrw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])conferenctdressingshrw\.site$/i"; classtype:trojan-activity; sid:37297481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain conferenctdressingshrw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"conferenctdressingshrw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])conferenctdressingshrw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain cooperatecliqueobstac.site"; dns.query; content:"cooperatecliqueobstac.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])cooperatecliqueobstac\.site$/i"; classtype:trojan-activity; sid:37297491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain cooperatecliqueobstac.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cooperatecliqueobstac.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cooperatecliqueobstac\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain tvoikcloud.pw"; dns.query; content:"tvoikcloud.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])tvoikcloud\.pw$/i"; classtype:trojan-activity; sid:37297501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain tvoikcloud.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tvoikcloud.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tvoikcloud\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain gearboomchocolateowfs.site"; dns.query; content:"gearboomchocolateowfs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])gearboomchocolateowfs\.site$/i"; classtype:trojan-activity; sid:37297511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain gearboomchocolateowfs.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gearboomchocolateowfs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gearboomchocolateowfs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain radicalleafletmissfoxw.pw"; dns.query; content:"radicalleafletmissfoxw.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])radicalleafletmissfoxw\.pw$/i"; classtype:trojan-activity; sid:37297521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain radicalleafletmissfoxw.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"radicalleafletmissfoxw.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])radicalleafletmissfoxw\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain evokenumberpottruckere.fun"; dns.query; content:"evokenumberpottruckere.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])evokenumberpottruckere\.fun$/i"; classtype:trojan-activity; sid:37297531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain evokenumberpottruckere.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"evokenumberpottruckere.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])evokenumberpottruckere\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain doonwload.fun"; dns.query; content:"doonwload.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])doonwload\.fun$/i"; classtype:trojan-activity; sid:37297541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain doonwload.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doonwload.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doonwload\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain carvewomanflavourwop.site"; dns.query; content:"carvewomanflavourwop.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])carvewomanflavourwop\.site$/i"; classtype:trojan-activity; sid:37297551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain carvewomanflavourwop.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"carvewomanflavourwop.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])carvewomanflavourwop\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain negliganceassumeruew.site"; dns.query; content:"negliganceassumeruew.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])negliganceassumeruew\.site$/i"; classtype:trojan-activity; sid:37297561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain negliganceassumeruew.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"negliganceassumeruew.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])negliganceassumeruew\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain crisisestimatehealtwh.site"; dns.query; content:"crisisestimatehealtwh.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])crisisestimatehealtwh\.site$/i"; classtype:trojan-activity; sid:37297571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain crisisestimatehealtwh.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crisisestimatehealtwh.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crisisestimatehealtwh\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain sayleafletcamerakwov.site"; dns.query; content:"sayleafletcamerakwov.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])sayleafletcamerakwov\.site$/i"; classtype:trojan-activity; sid:37297581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain sayleafletcamerakwov.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sayleafletcamerakwov.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sayleafletcamerakwov\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain brickabsorptiondullyi.site"; dns.query; content:"brickabsorptiondullyi.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])brickabsorptiondullyi\.site$/i"; classtype:trojan-activity; sid:37297591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain brickabsorptiondullyi.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brickabsorptiondullyi.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brickabsorptiondullyi\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain assaultseekwoodywod.pw"; dns.query; content:"assaultseekwoodywod.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])assaultseekwoodywod\.pw$/i"; classtype:trojan-activity; sid:37297601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain assaultseekwoodywod.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"assaultseekwoodywod.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])assaultseekwoodywod\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain retainfactorypunishjkw.site"; dns.query; content:"retainfactorypunishjkw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])retainfactorypunishjkw\.site$/i"; classtype:trojan-activity; sid:37297611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain retainfactorypunishjkw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"retainfactorypunishjkw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])retainfactorypunishjkw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain communicationinchoicer.site"; dns.query; content:"communicationinchoicer.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])communicationinchoicer\.site$/i"; classtype:trojan-activity; sid:37297621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain communicationinchoicer.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"communicationinchoicer.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])communicationinchoicer\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain braidfadefriendklypk.site"; dns.query; content:"braidfadefriendklypk.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])braidfadefriendklypk\.site$/i"; classtype:trojan-activity; sid:37297631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain braidfadefriendklypk.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"braidfadefriendklypk.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])braidfadefriendklypk\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37297632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 91.201.67.85 any (msg: "MISP e26529 [] Outgoing To IP: 91.201.67.85"; classtype:trojan-activity; sid:37463731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert ip $HOME_NET any -> 195.133.88.98 any (msg: "MISP e26529 [] Outgoing To IP: 195.133.88.98"; classtype:trojan-activity; sid:37463741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26529;) alert dns any any -> any any (msg: "MISP e26673 [] Domain carvewomanflavourwop.site"; dns.query; content:"carvewomanflavourwop.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])carvewomanflavourwop\.site$/i"; classtype:trojan-activity; sid:37496331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain carvewomanflavourwop.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"carvewomanflavourwop.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])carvewomanflavourwop\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain negliganceassumeruew.site"; dns.query; content:"negliganceassumeruew.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])negliganceassumeruew\.site$/i"; classtype:trojan-activity; sid:37496341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain negliganceassumeruew.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"negliganceassumeruew.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])negliganceassumeruew\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain crisisestimatehealtwh.site"; dns.query; content:"crisisestimatehealtwh.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])crisisestimatehealtwh\.site$/i"; classtype:trojan-activity; sid:37496351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain crisisestimatehealtwh.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crisisestimatehealtwh.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crisisestimatehealtwh\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain sayleafletcamerakwov.site"; dns.query; content:"sayleafletcamerakwov.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])sayleafletcamerakwov\.site$/i"; classtype:trojan-activity; sid:37496361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain sayleafletcamerakwov.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sayleafletcamerakwov.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sayleafletcamerakwov\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain brickabsorptiondullyi.site"; dns.query; content:"brickabsorptiondullyi.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])brickabsorptiondullyi\.site$/i"; classtype:trojan-activity; sid:37496371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain brickabsorptiondullyi.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brickabsorptiondullyi.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brickabsorptiondullyi\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain assaultseekwoodywod.pw"; dns.query; content:"assaultseekwoodywod.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])assaultseekwoodywod\.pw$/i"; classtype:trojan-activity; sid:37496381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain assaultseekwoodywod.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"assaultseekwoodywod.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])assaultseekwoodywod\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain retainfactorypunishjkw.site"; dns.query; content:"retainfactorypunishjkw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])retainfactorypunishjkw\.site$/i"; classtype:trojan-activity; sid:37496391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain retainfactorypunishjkw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"retainfactorypunishjkw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])retainfactorypunishjkw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain communicationinchoicer.site"; dns.query; content:"communicationinchoicer.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])communicationinchoicer\.site$/i"; classtype:trojan-activity; sid:37496401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain communicationinchoicer.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"communicationinchoicer.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])communicationinchoicer\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain braidfadefriendklypk.site"; dns.query; content:"braidfadefriendklypk.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])braidfadefriendklypk\.site$/i"; classtype:trojan-activity; sid:37496411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain braidfadefriendklypk.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"braidfadefriendklypk.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])braidfadefriendklypk\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain fleetconsciousnessjuiw.site"; dns.query; content:"fleetconsciousnessjuiw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fleetconsciousnessjuiw\.site$/i"; classtype:trojan-activity; sid:37496421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain fleetconsciousnessjuiw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fleetconsciousnessjuiw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fleetconsciousnessjuiw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain oluaskaz.pw"; dns.query; content:"oluaskaz.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])oluaskaz\.pw$/i"; classtype:trojan-activity; sid:37496431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain oluaskaz.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oluaskaz.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oluaskaz\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain contextsuffreintymore.fun"; dns.query; content:"contextsuffreintymore.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])contextsuffreintymore\.fun$/i"; classtype:trojan-activity; sid:37496441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain contextsuffreintymore.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"contextsuffreintymore.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])contextsuffreintymore\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain joystickempiricalhirpw.site"; dns.query; content:"joystickempiricalhirpw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])joystickempiricalhirpw\.site$/i"; classtype:trojan-activity; sid:37496451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain joystickempiricalhirpw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"joystickempiricalhirpw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])joystickempiricalhirpw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain makeexpectentrypon.pw"; dns.query; content:"makeexpectentrypon.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])makeexpectentrypon\.pw$/i"; classtype:trojan-activity; sid:37496461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain makeexpectentrypon.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"makeexpectentrypon.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])makeexpectentrypon\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain attachmentartikidw.fun"; dns.query; content:"attachmentartikidw.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])attachmentartikidw\.fun$/i"; classtype:trojan-activity; sid:37496471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain attachmentartikidw.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"attachmentartikidw.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])attachmentartikidw\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain willpoweragreebokkskiew.site"; dns.query; content:"willpoweragreebokkskiew.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])willpoweragreebokkskiew\.site$/i"; classtype:trojan-activity; sid:37496481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain willpoweragreebokkskiew.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"willpoweragreebokkskiew.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])willpoweragreebokkskiew\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain racerecessionrestrai.site"; dns.query; content:"racerecessionrestrai.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])racerecessionrestrai\.site$/i"; classtype:trojan-activity; sid:37496491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain racerecessionrestrai.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"racerecessionrestrai.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])racerecessionrestrai\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain vesselspeedcrosswakew.site"; dns.query; content:"vesselspeedcrosswakew.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])vesselspeedcrosswakew\.site$/i"; classtype:trojan-activity; sid:37496501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain vesselspeedcrosswakew.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vesselspeedcrosswakew.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vesselspeedcrosswakew\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain goddirtybrilliancece.fun"; dns.query; content:"goddirtybrilliancece.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])goddirtybrilliancece\.fun$/i"; classtype:trojan-activity; sid:37496511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain goddirtybrilliancece.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"goddirtybrilliancece.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])goddirtybrilliancece\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain consciouosoepewmausj.site"; dns.query; content:"consciouosoepewmausj.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])consciouosoepewmausj\.site$/i"; classtype:trojan-activity; sid:37496521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain consciouosoepewmausj.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consciouosoepewmausj.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consciouosoepewmausj\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain beaturifuelministyuowwas.site"; dns.query; content:"beaturifuelministyuowwas.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])beaturifuelministyuowwas\.site$/i"; classtype:trojan-activity; sid:37496531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain beaturifuelministyuowwas.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beaturifuelministyuowwas.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beaturifuelministyuowwas\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain conferenctdressingshrw.site"; dns.query; content:"conferenctdressingshrw.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])conferenctdressingshrw\.site$/i"; classtype:trojan-activity; sid:37496541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain conferenctdressingshrw.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"conferenctdressingshrw.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])conferenctdressingshrw\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain cooperatecliqueobstac.site"; dns.query; content:"cooperatecliqueobstac.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])cooperatecliqueobstac\.site$/i"; classtype:trojan-activity; sid:37496551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain cooperatecliqueobstac.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cooperatecliqueobstac.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cooperatecliqueobstac\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain tvoikcloud.pw"; dns.query; content:"tvoikcloud.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])tvoikcloud\.pw$/i"; classtype:trojan-activity; sid:37496561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain tvoikcloud.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tvoikcloud.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tvoikcloud\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain gearboomchocolateowfs.site"; dns.query; content:"gearboomchocolateowfs.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])gearboomchocolateowfs\.site$/i"; classtype:trojan-activity; sid:37496571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain gearboomchocolateowfs.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gearboomchocolateowfs.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gearboomchocolateowfs\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain radicalleafletmissfoxw.pw"; dns.query; content:"radicalleafletmissfoxw.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])radicalleafletmissfoxw\.pw$/i"; classtype:trojan-activity; sid:37496581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain radicalleafletmissfoxw.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"radicalleafletmissfoxw.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])radicalleafletmissfoxw\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain evokenumberpottruckere.fun"; dns.query; content:"evokenumberpottruckere.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])evokenumberpottruckere\.fun$/i"; classtype:trojan-activity; sid:37496591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain evokenumberpottruckere.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"evokenumberpottruckere.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])evokenumberpottruckere\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain doonwload.fun"; dns.query; content:"doonwload.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])doonwload\.fun$/i"; classtype:trojan-activity; sid:37496601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain doonwload.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doonwload.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doonwload\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37496602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 179.43.175.207 809 (msg: "MISP e26673 [] Outgoing To IP: 179.43.175.207|809"; classtype:trojan-activity; sid:37496611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//doonwload.fun/api"; flow:to_server,established; http.header; content:"doonwload.fun"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//tvoikcloud.pw/api"; flow:to_server,established; http.header; content:"tvoikcloud.pw"; fast_pattern; nocase; http.uri; content:"/api"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 192.3.176.142 $HTTP_PORTS (msg: "MISP e26537 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//192.3.176.142/58000/conhost.exe"; flow:to_server,established; http.header; content:"192.3.176.142"; fast_pattern; nocase; http.uri; content:"/58000/conhost.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37466191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26537;) alert http $HOME_NET any -> 192.3.176.142 $HTTP_PORTS (msg: "MISP e26537 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//192.3.176.142/rdf/feelhappyonnewupdationprocessballonitsmakechangesentireprocessofthepctoupdationfrompctopc.doC"; flow:to_server,established; http.header; content:"192.3.176.142"; fast_pattern; nocase; http.uri; content:"/rdf/feelhappyonnewupdationprocessballonitsmakechangesentireprocessofthepctoupdationfrompctopc.doC"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37466201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26537;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//app.alie3ksgaa.com/check/safe"; flow:to_server,established; http.header; content:"app.alie3ksgaa.com"; fast_pattern; nocase; http.uri; content:"/check/safe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26685 [] Source Email Address: iletisim@bursatemamutfak.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"iletisim@bursatemamutfak.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37509721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26685;) alert dns any any -> any any (msg: "MISP e26685 [] Domain bursatemamutfak.com"; dns.query; content:"bursatemamutfak.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bursatemamutfak\.com$/i"; classtype:trojan-activity; sid:37509741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26685;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26685 [] Outgoing HTTP Domain bursatemamutfak.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bursatemamutfak.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bursatemamutfak\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37509742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26685;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26685 [] Source Email Address: iletisim@bursatemamutfak.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"iletisim@bursatemamutfak.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37509761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26685;) alert http $HOME_NET any -> 185.172.128.79 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//185.172.128.79"; flow:to_server,established; http.header; content:"185.172.128.79"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 185.172.128.24 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//185.172.128.24"; flow:to_server,established; http.header; content:"185.172.128.24"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//giveapp.pro"; flow:to_server,established; http.header; content:"giveapp.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 77.105.132.216 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//77.105.132.216"; flow:to_server,established; http.header; content:"77.105.132.216"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//finnmanninger.icu"; flow:to_server,established; http.header; content:"finnmanninger.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//raphaelbischoff.icu"; flow:to_server,established; http.header; content:"raphaelbischoff.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 109.107.182.60 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//109.107.182.60"; flow:to_server,established; http.header; content:"109.107.182.60"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 116.203.180.34 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//116.203.180.34"; flow:to_server,established; http.header; content:"116.203.180.34"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 5.42.65.54 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//5.42.65.54"; flow:to_server,established; http.header; content:"5.42.65.54"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//ettoregiardina.icu"; flow:to_server,established; http.header; content:"ettoregiardina.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 149.255.35.132 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//149.255.35.132"; flow:to_server,established; http.header; content:"149.255.35.132"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//dskflherlkhopihsf.com"; flow:to_server,established; http.header; content:"dskflherlkhopihsf.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//janmorath.icu"; flow:to_server,established; http.header; content:"janmorath.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 82.115.223.87 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//82.115.223.87"; flow:to_server,established; http.header; content:"82.115.223.87"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 80.66.85.128 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//80.66.85.128"; flow:to_server,established; http.header; content:"80.66.85.128"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 5.42.66.58 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//5.42.66.58"; flow:to_server,established; http.header; content:"5.42.66.58"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 109.107.181.33 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//109.107.181.33"; flow:to_server,established; http.header; content:"109.107.181.33"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 82.115.223.88 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//82.115.223.88"; flow:to_server,established; http.header; content:"82.115.223.88"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 45.87.153.135 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//45.87.153.135"; flow:to_server,established; http.header; content:"45.87.153.135"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 77.91.76.36 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//77.91.76.36"; flow:to_server,established; http.header; content:"77.91.76.36"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 5.75.177.20 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//5.75.177.20"; flow:to_server,established; http.header; content:"5.75.177.20"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//phoenixexec.icu"; flow:to_server,established; http.header; content:"phoenixexec.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 5.42.66.57 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//5.42.66.57"; flow:to_server,established; http.header; content:"5.42.66.57"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 138.201.196.248 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//138.201.196.248"; flow:to_server,established; http.header; content:"138.201.196.248"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//florianhabeler.icu"; flow:to_server,established; http.header; content:"florianhabeler.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//194.120.116.120"; flow:to_server,established; http.header; content:"194.120.116.120"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 92.246.138.149 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//92.246.138.149"; flow:to_server,established; http.header; content:"92.246.138.149"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 104.245.33.157 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//104.245.33.157"; flow:to_server,established; http.header; content:"104.245.33.157"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 77.105.132.229 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//77.105.132.229"; flow:to_server,established; http.header; content:"77.105.132.229"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 5.42.64.41 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//5.42.64.41"; flow:to_server,established; http.header; content:"5.42.64.41"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 77.91.123.99 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//77.91.123.99"; flow:to_server,established; http.header; content:"77.91.123.99"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 80.89.239.178 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//80.89.239.178"; flow:to_server,established; http.header; content:"80.89.239.178"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 95.216.72.17 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//95.216.72.17"; flow:to_server,established; http.header; content:"95.216.72.17"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 91.242.229.100 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//91.242.229.100"; flow:to_server,established; http.header; content:"91.242.229.100"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 193.163.7.111 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//193.163.7.111"; flow:to_server,established; http.header; content:"193.163.7.111"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37297991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 185.17.40.133 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//185.17.40.133"; flow:to_server,established; http.header; content:"185.17.40.133"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37298001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//ffud666.com"; flow:to_server,established; http.header; content:"ffud666.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37298011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 185.244.48.135 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//185.244.48.135"; flow:to_server,established; http.header; content:"185.244.48.135"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37298021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 176.124.198.17 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//176.124.198.17"; flow:to_server,established; http.header; content:"176.124.198.17"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37298031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//bubbebottle.xyz"; flow:to_server,established; http.header; content:"bubbebottle.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37298041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 5.42.66.36 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//5.42.66.36"; flow:to_server,established; http.header; content:"5.42.66.36"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37298051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//bubbebottle.xyz"; flow:to_server,established; http.header; content:"bubbebottle.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 5.42.66.36 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//5.42.66.36"; flow:to_server,established; http.header; content:"5.42.66.36"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 185.244.48.135 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//185.244.48.135"; flow:to_server,established; http.header; content:"185.244.48.135"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 176.124.198.17 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//176.124.198.17"; flow:to_server,established; http.header; content:"176.124.198.17"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 185.17.40.133 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//185.17.40.133"; flow:to_server,established; http.header; content:"185.17.40.133"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//ffud666.com"; flow:to_server,established; http.header; content:"ffud666.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 91.242.229.100 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//91.242.229.100"; flow:to_server,established; http.header; content:"91.242.229.100"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 193.163.7.111 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//193.163.7.111"; flow:to_server,established; http.header; content:"193.163.7.111"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 80.89.239.178 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//80.89.239.178"; flow:to_server,established; http.header; content:"80.89.239.178"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 95.216.72.17 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//95.216.72.17"; flow:to_server,established; http.header; content:"95.216.72.17"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 77.105.132.229 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//77.105.132.229"; flow:to_server,established; http.header; content:"77.105.132.229"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 5.42.64.41 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//5.42.64.41"; flow:to_server,established; http.header; content:"5.42.64.41"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 77.91.123.99 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//77.91.123.99"; flow:to_server,established; http.header; content:"77.91.123.99"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 92.246.138.149 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//92.246.138.149"; flow:to_server,established; http.header; content:"92.246.138.149"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 104.245.33.157 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//104.245.33.157"; flow:to_server,established; http.header; content:"104.245.33.157"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 194.120.116.120 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//194.120.116.120"; flow:to_server,established; http.header; content:"194.120.116.120"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 138.201.196.248 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//138.201.196.248"; flow:to_server,established; http.header; content:"138.201.196.248"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37496991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//florianhabeler.icu"; flow:to_server,established; http.header; content:"florianhabeler.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 5.75.177.20 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//5.75.177.20"; flow:to_server,established; http.header; content:"5.75.177.20"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//phoenixexec.icu"; flow:to_server,established; http.header; content:"phoenixexec.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 5.42.66.57 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//5.42.66.57"; flow:to_server,established; http.header; content:"5.42.66.57"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 45.87.153.135 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//45.87.153.135"; flow:to_server,established; http.header; content:"45.87.153.135"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 77.91.76.36 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//77.91.76.36"; flow:to_server,established; http.header; content:"77.91.76.36"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 109.107.181.33 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//109.107.181.33"; flow:to_server,established; http.header; content:"109.107.181.33"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 82.115.223.88 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//82.115.223.88"; flow:to_server,established; http.header; content:"82.115.223.88"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 80.66.85.128 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//80.66.85.128"; flow:to_server,established; http.header; content:"80.66.85.128"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 5.42.66.58 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//5.42.66.58"; flow:to_server,established; http.header; content:"5.42.66.58"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//janmorath.icu"; flow:to_server,established; http.header; content:"janmorath.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 82.115.223.87 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//82.115.223.87"; flow:to_server,established; http.header; content:"82.115.223.87"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 149.255.35.132 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//149.255.35.132"; flow:to_server,established; http.header; content:"149.255.35.132"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//dskflherlkhopihsf.com"; flow:to_server,established; http.header; content:"dskflherlkhopihsf.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 116.203.180.34 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//116.203.180.34"; flow:to_server,established; http.header; content:"116.203.180.34"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 5.42.65.54 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//5.42.65.54"; flow:to_server,established; http.header; content:"5.42.65.54"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//ettoregiardina.icu"; flow:to_server,established; http.header; content:"ettoregiardina.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 109.107.182.60 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//109.107.182.60"; flow:to_server,established; http.header; content:"109.107.182.60"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 77.105.132.216 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//77.105.132.216"; flow:to_server,established; http.header; content:"77.105.132.216"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//finnmanninger.icu"; flow:to_server,established; http.header; content:"finnmanninger.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//raphaelbischoff.icu"; flow:to_server,established; http.header; content:"raphaelbischoff.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 185.172.128.24 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//185.172.128.24"; flow:to_server,established; http.header; content:"185.172.128.24"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//giveapp.pro"; flow:to_server,established; http.header; content:"giveapp.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 185.172.128.79 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//185.172.128.79"; flow:to_server,established; http.header; content:"185.172.128.79"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//app.alie3ksgaa.com/check/safe"; flow:to_server,established; http.header; content:"app.alie3ksgaa.com"; fast_pattern; nocase; http.uri; content:"/check/safe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37497241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26444 [] Domain zxyhwww.top"; dns.query; content:"zxyhwww.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])zxyhwww\.top$/i"; classtype:trojan-activity; sid:37298061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain zxyhwww.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zxyhwww.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zxyhwww\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain cn-he-plc-2.openfrp.top"; dns.query; content:"cn-he-plc-2.openfrp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])cn\-he\-plc\-2\.openfrp\.top$/i"; classtype:trojan-activity; sid:37298071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain cn-he-plc-2.openfrp.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cn-he-plc-2.openfrp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cn\-he\-plc\-2\.openfrp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain 66ddjkr.e3.luyouxia.net"; dns.query; content:"66ddjkr.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])66ddjkr\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37298081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain 66ddjkr.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"66ddjkr.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])66ddjkr\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain kx5555.e3.luyouxia.net"; dns.query; content:"kx5555.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kx5555\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37298091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain kx5555.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kx5555.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kx5555\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain p.f2pool.info"; dns.query; content:"p.f2pool.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])p\.f2pool\.info$/i"; classtype:trojan-activity; sid:37298101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain p.f2pool.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"p.f2pool.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])p\.f2pool\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain hfs666.top"; dns.query; content:"hfs666.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])hfs666\.top$/i"; classtype:trojan-activity; sid:37298111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain hfs666.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hfs666.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hfs666\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain latiao.ddns.net"; dns.query; content:"latiao.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])latiao\.ddns\.net$/i"; classtype:trojan-activity; sid:37298121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain latiao.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"latiao.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])latiao\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain asjidoaiosdjo.e3.luyouxia.net"; dns.query; content:"asjidoaiosdjo.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])asjidoaiosdjo\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37298131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain asjidoaiosdjo.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asjidoaiosdjo.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asjidoaiosdjo\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain fdsfhkjf.e3.luyouxia.net"; dns.query; content:"fdsfhkjf.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])fdsfhkjf\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37298141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain fdsfhkjf.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fdsfhkjf.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fdsfhkjf\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain xiaoyuwudi.e3.luyouxia.net"; dns.query; content:"xiaoyuwudi.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])xiaoyuwudi\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37298151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain xiaoyuwudi.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xiaoyuwudi.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xiaoyuwudi\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain www.996m2m2.top"; dns.query; content:"www.996m2m2.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.996m2m2\.top$/i"; classtype:trojan-activity; sid:37298161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain www.996m2m2.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.996m2m2.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.996m2m2\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain 54412.e3.luyouxia.net"; dns.query; content:"54412.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])54412\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37298171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain 54412.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"54412.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])54412\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ad2916985983.e2.luyouxia.net"; dns.query; content:"ad2916985983.e2.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ad2916985983\.e2\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37298181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ad2916985983.e2.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ad2916985983.e2.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ad2916985983\.e2\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain free.idcfengye.com"; dns.query; content:"free.idcfengye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])free\.idcfengye\.com$/i"; classtype:trojan-activity; sid:37298191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain free.idcfengye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"free.idcfengye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])free\.idcfengye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain gx121.e1.luyouxia.net"; dns.query; content:"gx121.e1.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])gx121\.e1\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37298201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain gx121.e1.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gx121.e1.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gx121\.e1\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain xc091221.e2.luyouxia.net"; dns.query; content:"xc091221.e2.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])xc091221\.e2\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37298211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain xc091221.e2.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xc091221.e2.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xc091221\.e2\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain adverting-cdn.com"; dns.query; content:"adverting-cdn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])adverting\-cdn\.com$/i"; classtype:trojan-activity; sid:37298221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain adverting-cdn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adverting-cdn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adverting\-cdn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain 441autoparts.com"; dns.query; content:"441autoparts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])441autoparts\.com$/i"; classtype:trojan-activity; sid:37298231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain 441autoparts.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"441autoparts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])441autoparts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 91.241.19.100 80 (msg: "MISP e26444 [] Outgoing To IP: 91.241.19.100|80"; classtype:trojan-activity; sid:37298241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain jazzcity.top"; dns.query; content:"jazzcity.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])jazzcity\.top$/i"; classtype:trojan-activity; sid:37298251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain jazzcity.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jazzcity.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jazzcity\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain merknegrok.me"; dns.query; content:"merknegrok.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])merknegrok\.me$/i"; classtype:trojan-activity; sid:37298261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain merknegrok.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merknegrok.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merknegrok\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain warrioruno.top"; dns.query; content:"warrioruno.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])warrioruno\.top$/i"; classtype:trojan-activity; sid:37298271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain warrioruno.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"warrioruno.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])warrioruno\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain loadkanoe.casa"; dns.query; content:"loadkanoe.casa"; nocase; pcre: "/(^|[^A-Za-z0-9-])loadkanoe\.casa$/i"; classtype:trojan-activity; sid:37298281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain loadkanoe.casa"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loadkanoe.casa"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loadkanoe\.casa[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain puppybloder.pw"; dns.query; content:"puppybloder.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])puppybloder\.pw$/i"; classtype:trojan-activity; sid:37298291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain puppybloder.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"puppybloder.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])puppybloder\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain bloadypupper.best"; dns.query; content:"bloadypupper.best"; nocase; pcre: "/(^|[^A-Za-z0-9-])bloadypupper\.best$/i"; classtype:trojan-activity; sid:37298301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain bloadypupper.best"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bloadypupper.best"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bloadypupper\.best[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain warriordos.top"; dns.query; content:"warriordos.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])warriordos\.top$/i"; classtype:trojan-activity; sid:37298311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain warriordos.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"warriordos.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])warriordos\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain lovuterry.best"; dns.query; content:"lovuterry.best"; nocase; pcre: "/(^|[^A-Za-z0-9-])lovuterry\.best$/i"; classtype:trojan-activity; sid:37298321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain lovuterry.best"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lovuterry.best"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lovuterry\.best[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26673 [] Domain lovuterry.best"; dns.query; content:"lovuterry.best"; nocase; pcre: "/(^|[^A-Za-z0-9-])lovuterry\.best$/i"; classtype:trojan-activity; sid:37497251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain lovuterry.best"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lovuterry.best"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lovuterry\.best[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain jazzcity.top"; dns.query; content:"jazzcity.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])jazzcity\.top$/i"; classtype:trojan-activity; sid:37497261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain jazzcity.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jazzcity.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jazzcity\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain merknegrok.me"; dns.query; content:"merknegrok.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])merknegrok\.me$/i"; classtype:trojan-activity; sid:37497271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain merknegrok.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merknegrok.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merknegrok\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain warrioruno.top"; dns.query; content:"warrioruno.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])warrioruno\.top$/i"; classtype:trojan-activity; sid:37497281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain warrioruno.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"warrioruno.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])warrioruno\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain loadkanoe.casa"; dns.query; content:"loadkanoe.casa"; nocase; pcre: "/(^|[^A-Za-z0-9-])loadkanoe\.casa$/i"; classtype:trojan-activity; sid:37497291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain loadkanoe.casa"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loadkanoe.casa"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loadkanoe\.casa[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain puppybloder.pw"; dns.query; content:"puppybloder.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])puppybloder\.pw$/i"; classtype:trojan-activity; sid:37497301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain puppybloder.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"puppybloder.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])puppybloder\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain bloadypupper.best"; dns.query; content:"bloadypupper.best"; nocase; pcre: "/(^|[^A-Za-z0-9-])bloadypupper\.best$/i"; classtype:trojan-activity; sid:37497311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain bloadypupper.best"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bloadypupper.best"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bloadypupper\.best[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain warriordos.top"; dns.query; content:"warriordos.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])warriordos\.top$/i"; classtype:trojan-activity; sid:37497321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain warriordos.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"warriordos.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])warriordos\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 91.241.19.100 80 (msg: "MISP e26673 [] Outgoing To IP: 91.241.19.100|80"; classtype:trojan-activity; sid:37497331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain adverting-cdn.com"; dns.query; content:"adverting-cdn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])adverting\-cdn\.com$/i"; classtype:trojan-activity; sid:37497341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain adverting-cdn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adverting-cdn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adverting\-cdn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain 441autoparts.com"; dns.query; content:"441autoparts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])441autoparts\.com$/i"; classtype:trojan-activity; sid:37497351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain 441autoparts.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"441autoparts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])441autoparts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain xiaoyuwudi.e3.luyouxia.net"; dns.query; content:"xiaoyuwudi.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])xiaoyuwudi\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37497361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain xiaoyuwudi.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xiaoyuwudi.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xiaoyuwudi\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain www.996m2m2.top"; dns.query; content:"www.996m2m2.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.996m2m2\.top$/i"; classtype:trojan-activity; sid:37497371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain www.996m2m2.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.996m2m2.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.996m2m2\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain 54412.e3.luyouxia.net"; dns.query; content:"54412.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])54412\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37497381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain 54412.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"54412.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])54412\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ad2916985983.e2.luyouxia.net"; dns.query; content:"ad2916985983.e2.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ad2916985983\.e2\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37497391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ad2916985983.e2.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ad2916985983.e2.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ad2916985983\.e2\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain free.idcfengye.com"; dns.query; content:"free.idcfengye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])free\.idcfengye\.com$/i"; classtype:trojan-activity; sid:37497401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain free.idcfengye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"free.idcfengye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])free\.idcfengye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain gx121.e1.luyouxia.net"; dns.query; content:"gx121.e1.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])gx121\.e1\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37497411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain gx121.e1.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gx121.e1.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gx121\.e1\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain xc091221.e2.luyouxia.net"; dns.query; content:"xc091221.e2.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])xc091221\.e2\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37497421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain xc091221.e2.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xc091221.e2.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xc091221\.e2\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain zxyhwww.top"; dns.query; content:"zxyhwww.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])zxyhwww\.top$/i"; classtype:trojan-activity; sid:37497431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain zxyhwww.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zxyhwww.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zxyhwww\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain cn-he-plc-2.openfrp.top"; dns.query; content:"cn-he-plc-2.openfrp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])cn\-he\-plc\-2\.openfrp\.top$/i"; classtype:trojan-activity; sid:37497441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain cn-he-plc-2.openfrp.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cn-he-plc-2.openfrp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cn\-he\-plc\-2\.openfrp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain 66ddjkr.e3.luyouxia.net"; dns.query; content:"66ddjkr.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])66ddjkr\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37497451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain 66ddjkr.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"66ddjkr.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])66ddjkr\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain kx5555.e3.luyouxia.net"; dns.query; content:"kx5555.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kx5555\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37497461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain kx5555.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kx5555.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kx5555\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain p.f2pool.info"; dns.query; content:"p.f2pool.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])p\.f2pool\.info$/i"; classtype:trojan-activity; sid:37497471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain p.f2pool.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"p.f2pool.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])p\.f2pool\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain hfs666.top"; dns.query; content:"hfs666.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])hfs666\.top$/i"; classtype:trojan-activity; sid:37497481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain hfs666.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hfs666.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hfs666\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain latiao.ddns.net"; dns.query; content:"latiao.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])latiao\.ddns\.net$/i"; classtype:trojan-activity; sid:37497491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain latiao.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"latiao.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])latiao\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain asjidoaiosdjo.e3.luyouxia.net"; dns.query; content:"asjidoaiosdjo.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])asjidoaiosdjo\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37497501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain asjidoaiosdjo.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asjidoaiosdjo.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asjidoaiosdjo\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain fdsfhkjf.e3.luyouxia.net"; dns.query; content:"fdsfhkjf.e3.luyouxia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])fdsfhkjf\.e3\.luyouxia\.net$/i"; classtype:trojan-activity; sid:37497511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain fdsfhkjf.e3.luyouxia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fdsfhkjf.e3.luyouxia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fdsfhkjf\.e3\.luyouxia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//cdn-uk.widgetsfordeploy.com"; flow:to_server,established; http.header; content:"cdn-uk.widgetsfordeploy.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37298331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morqoi02.top"; dns.query; content:"morqoi02.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morqoi02\.top$/i"; classtype:trojan-activity; sid:37298341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morqoi02.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morqoi02.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morqoi02\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morhaq06.top"; dns.query; content:"morhaq06.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morhaq06\.top$/i"; classtype:trojan-activity; sid:37298351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morhaq06.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morhaq06.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morhaq06\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain tuytee11.top"; dns.query; content:"tuytee11.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])tuytee11\.top$/i"; classtype:trojan-activity; sid:37298361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain tuytee11.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tuytee11.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tuytee11\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain lysayu42.top"; dns.query; content:"lysayu42.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])lysayu42\.top$/i"; classtype:trojan-activity; sid:37298371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain lysayu42.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lysayu42.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lysayu42\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain marjkc03.top"; dns.query; content:"marjkc03.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])marjkc03\.top$/i"; classtype:trojan-activity; sid:37298381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain marjkc03.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marjkc03.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marjkc03\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain haiolr12.top"; dns.query; content:"haiolr12.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])haiolr12\.top$/i"; classtype:trojan-activity; sid:37298391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain haiolr12.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haiolr12.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haiolr12\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain befzco47.top"; dns.query; content:"befzco47.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befzco47\.top$/i"; classtype:trojan-activity; sid:37298401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain befzco47.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befzco47.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befzco47\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morbyn04.top"; dns.query; content:"morbyn04.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morbyn04\.top$/i"; classtype:trojan-activity; sid:37298411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morbyn04.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morbyn04.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morbyn04\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morups07.top"; dns.query; content:"morups07.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morups07\.top$/i"; classtype:trojan-activity; sid:37298421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morups07.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morups07.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morups07\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain haizul15.top"; dns.query; content:"haizul15.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])haizul15\.top$/i"; classtype:trojan-activity; sid:37298431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain haizul15.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haizul15.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haizul15\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewayky18.top"; dns.query; content:"ewayky18.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewayky18\.top$/i"; classtype:trojan-activity; sid:37298441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewayky18.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewayky18.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewayky18\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morcyr03.top"; dns.query; content:"morcyr03.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morcyr03\.top$/i"; classtype:trojan-activity; sid:37298451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morcyr03.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morcyr03.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morcyr03\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain rasqdc22.top"; dns.query; content:"rasqdc22.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])rasqdc22\.top$/i"; classtype:trojan-activity; sid:37298461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain rasqdc22.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rasqdc22.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rasqdc22\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewaisb31.top"; dns.query; content:"ewaisb31.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaisb31\.top$/i"; classtype:trojan-activity; sid:37298471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewaisb31.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaisb31.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaisb31\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain lyswug41.top"; dns.query; content:"lyswug41.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])lyswug41\.top$/i"; classtype:trojan-activity; sid:37298481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain lyswug41.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lyswug41.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lyswug41\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain smajug75.top"; dns.query; content:"smajug75.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])smajug75\.top$/i"; classtype:trojan-activity; sid:37298491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain smajug75.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smajug75.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smajug75\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain smainz71.top"; dns.query; content:"smainz71.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])smainz71\.top$/i"; classtype:trojan-activity; sid:37298501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain smainz71.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smainz71.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smainz71\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain befuak48.top"; dns.query; content:"befuak48.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befuak48\.top$/i"; classtype:trojan-activity; sid:37298511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain befuak48.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befuak48.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befuak48\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain befkap57.top"; dns.query; content:"befkap57.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befkap57\.top$/i"; classtype:trojan-activity; sid:37298521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain befkap57.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befkap57.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befkap57\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewadmw53.top"; dns.query; content:"ewadmw53.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewadmw53\.top$/i"; classtype:trojan-activity; sid:37298531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewadmw53.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewadmw53.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewadmw53\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain fokfgl36.top"; dns.query; content:"fokfgl36.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])fokfgl36\.top$/i"; classtype:trojan-activity; sid:37298541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain fokfgl36.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fokfgl36.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fokfgl36\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morsyr05.top"; dns.query; content:"morsyr05.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morsyr05\.top$/i"; classtype:trojan-activity; sid:37298551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morsyr05.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morsyr05.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morsyr05\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain smadyi56.top"; dns.query; content:"smadyi56.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])smadyi56\.top$/i"; classtype:trojan-activity; sid:37298561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain smadyi56.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smadyi56.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smadyi56\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morsuq02.top"; dns.query; content:"morsuq02.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morsuq02\.top$/i"; classtype:trojan-activity; sid:37298571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morsuq02.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morsuq02.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morsuq02\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morwiv04.top"; dns.query; content:"morwiv04.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morwiv04\.top$/i"; classtype:trojan-activity; sid:37298581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morwiv04.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morwiv04.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morwiv04\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewasic56.top"; dns.query; content:"ewasic56.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewasic56\.top$/i"; classtype:trojan-activity; sid:37298591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewasic56.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewasic56.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewasic56\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morekt05.top"; dns.query; content:"morekt05.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morekt05\.top$/i"; classtype:trojan-activity; sid:37298601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morekt05.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morekt05.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morekt05\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewaqfe45.top"; dns.query; content:"ewaqfe45.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaqfe45\.top$/i"; classtype:trojan-activity; sid:37298611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewaqfe45.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaqfe45.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaqfe45\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain befrgv71.top"; dns.query; content:"befrgv71.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befrgv71\.top$/i"; classtype:trojan-activity; sid:37298621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain befrgv71.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befrgv71.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befrgv71\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain chuawt52.top"; dns.query; content:"chuawt52.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])chuawt52\.top$/i"; classtype:trojan-activity; sid:37298631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain chuawt52.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chuawt52.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chuawt52\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain befixc63.top"; dns.query; content:"befixc63.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befixc63\.top$/i"; classtype:trojan-activity; sid:37298641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain befixc63.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befixc63.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befixc63\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain moryei03.top"; dns.query; content:"moryei03.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])moryei03\.top$/i"; classtype:trojan-activity; sid:37298651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain moryei03.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moryei03.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moryei03\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain knurxh28.top"; dns.query; content:"knurxh28.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])knurxh28\.top$/i"; classtype:trojan-activity; sid:37298661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain knurxh28.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"knurxh28.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])knurxh28\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewavmp35.top"; dns.query; content:"ewavmp35.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewavmp35\.top$/i"; classtype:trojan-activity; sid:37298671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewavmp35.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewavmp35.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewavmp35\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain beflku61.top"; dns.query; content:"beflku61.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])beflku61\.top$/i"; classtype:trojan-activity; sid:37298681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain beflku61.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beflku61.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beflku61\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain haiezf32.top"; dns.query; content:"haiezf32.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])haiezf32\.top$/i"; classtype:trojan-activity; sid:37298691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain haiezf32.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haiezf32.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haiezf32\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morcgu03.top"; dns.query; content:"morcgu03.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morcgu03\.top$/i"; classtype:trojan-activity; sid:37298701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morcgu03.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morcgu03.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morcgu03\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewafxq25.top"; dns.query; content:"ewafxq25.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewafxq25\.top$/i"; classtype:trojan-activity; sid:37298711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewafxq25.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewafxq25.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewafxq25\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain pacter42.top"; dns.query; content:"pacter42.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])pacter42\.top$/i"; classtype:trojan-activity; sid:37298721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain pacter42.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pacter42.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pacter42\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewauhc58.top"; dns.query; content:"ewauhc58.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewauhc58\.top$/i"; classtype:trojan-activity; sid:37298731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewauhc58.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewauhc58.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewauhc58\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain mortiq04.top"; dns.query; content:"mortiq04.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])mortiq04\.top$/i"; classtype:trojan-activity; sid:37298741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain mortiq04.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mortiq04.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mortiq04\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewaumk24.top"; dns.query; content:"ewaumk24.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaumk24\.top$/i"; classtype:trojan-activity; sid:37298751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewaumk24.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaumk24.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaumk24\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain fokacv34.top"; dns.query; content:"fokacv34.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])fokacv34\.top$/i"; classtype:trojan-activity; sid:37298761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain fokacv34.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fokacv34.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fokacv34\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewaymo21.top"; dns.query; content:"ewaymo21.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaymo21\.top$/i"; classtype:trojan-activity; sid:37298771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewaymo21.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaymo21.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaymo21\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain mortbo03.top"; dns.query; content:"mortbo03.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])mortbo03\.top$/i"; classtype:trojan-activity; sid:37298781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain mortbo03.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mortbo03.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mortbo03\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain befuwa51.top"; dns.query; content:"befuwa51.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befuwa51\.top$/i"; classtype:trojan-activity; sid:37298791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain befuwa51.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befuwa51.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befuwa51\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain saas01.pro"; dns.query; content:"saas01.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-])saas01\.pro$/i"; classtype:trojan-activity; sid:37298801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain saas01.pro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saas01.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saas01\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewabpl55.top"; dns.query; content:"ewabpl55.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewabpl55\.top$/i"; classtype:trojan-activity; sid:37298811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewabpl55.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewabpl55.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewabpl55\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain rasrzh25.top"; dns.query; content:"rasrzh25.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])rasrzh25\.top$/i"; classtype:trojan-activity; sid:37298821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain rasrzh25.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rasrzh25.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rasrzh25\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain knudqw18.top"; dns.query; content:"knudqw18.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])knudqw18\.top$/i"; classtype:trojan-activity; sid:37298831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain knudqw18.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"knudqw18.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])knudqw18\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewafal62.top"; dns.query; content:"ewafal62.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewafal62\.top$/i"; classtype:trojan-activity; sid:37298841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewafal62.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewafal62.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewafal62\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewawtm26.top"; dns.query; content:"ewawtm26.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewawtm26\.top$/i"; classtype:trojan-activity; sid:37298851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewawtm26.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewawtm26.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewawtm26\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain dyxlx33.top"; dns.query; content:"dyxlx33.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])dyxlx33\.top$/i"; classtype:trojan-activity; sid:37298861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain dyxlx33.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dyxlx33.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dyxlx33\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain moraku02.top"; dns.query; content:"moraku02.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])moraku02\.top$/i"; classtype:trojan-activity; sid:37298871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain moraku02.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moraku02.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moraku02\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morhas01.top"; dns.query; content:"morhas01.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morhas01\.top$/i"; classtype:trojan-activity; sid:37298881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morhas01.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morhas01.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morhas01\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain haijwd23.top"; dns.query; content:"haijwd23.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])haijwd23\.top$/i"; classtype:trojan-activity; sid:37298891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain haijwd23.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haijwd23.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haijwd23\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewaunl38.top"; dns.query; content:"ewaunl38.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaunl38\.top$/i"; classtype:trojan-activity; sid:37298901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewaunl38.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaunl38.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaunl38\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewaosm65.top"; dns.query; content:"ewaosm65.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaosm65\.top$/i"; classtype:trojan-activity; sid:37298911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewaosm65.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaosm65.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaosm65\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain morfiw05.top"; dns.query; content:"morfiw05.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morfiw05\.top$/i"; classtype:trojan-activity; sid:37298921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain morfiw05.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morfiw05.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morfiw05\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain rasctx32.top"; dns.query; content:"rasctx32.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])rasctx32\.top$/i"; classtype:trojan-activity; sid:37298931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain rasctx32.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rasctx32.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rasctx32\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewadgz11.top"; dns.query; content:"ewadgz11.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewadgz11\.top$/i"; classtype:trojan-activity; sid:37298941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewadgz11.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewadgz11.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewadgz11\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain raspdh35.top"; dns.query; content:"raspdh35.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])raspdh35\.top$/i"; classtype:trojan-activity; sid:37298951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain raspdh35.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"raspdh35.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])raspdh35\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain hairdx22.top"; dns.query; content:"hairdx22.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])hairdx22\.top$/i"; classtype:trojan-activity; sid:37298961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain hairdx22.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hairdx22.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hairdx22\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain fokuti41.top"; dns.query; content:"fokuti41.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])fokuti41\.top$/i"; classtype:trojan-activity; sid:37298971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain fokuti41.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fokuti41.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fokuti41\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain haiwpj11.top"; dns.query; content:"haiwpj11.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])haiwpj11\.top$/i"; classtype:trojan-activity; sid:37298981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain haiwpj11.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haiwpj11.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haiwpj11\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain rasbrq34.top"; dns.query; content:"rasbrq34.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])rasbrq34\.top$/i"; classtype:trojan-activity; sid:37298991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain rasbrq34.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rasbrq34.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rasbrq34\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37298992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain xokecn54.top"; dns.query; content:"xokecn54.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])xokecn54\.top$/i"; classtype:trojan-activity; sid:37299001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain xokecn54.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xokecn54.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xokecn54\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37299002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain ewamcd41.top"; dns.query; content:"ewamcd41.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewamcd41\.top$/i"; classtype:trojan-activity; sid:37299011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain ewamcd41.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewamcd41.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewamcd41\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37299012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [] Domain nekyil22.top"; dns.query; content:"nekyil22.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])nekyil22\.top$/i"; classtype:trojan-activity; sid:37299021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [] Outgoing HTTP Domain nekyil22.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nekyil22.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nekyil22\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37299022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26673 [] Domain fokuti41.top"; dns.query; content:"fokuti41.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])fokuti41\.top$/i"; classtype:trojan-activity; sid:37497521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain fokuti41.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fokuti41.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fokuti41\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain haiwpj11.top"; dns.query; content:"haiwpj11.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])haiwpj11\.top$/i"; classtype:trojan-activity; sid:37497531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain haiwpj11.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haiwpj11.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haiwpj11\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain rasbrq34.top"; dns.query; content:"rasbrq34.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])rasbrq34\.top$/i"; classtype:trojan-activity; sid:37497541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain rasbrq34.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rasbrq34.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rasbrq34\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain xokecn54.top"; dns.query; content:"xokecn54.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])xokecn54\.top$/i"; classtype:trojan-activity; sid:37497551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain xokecn54.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xokecn54.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xokecn54\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewamcd41.top"; dns.query; content:"ewamcd41.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewamcd41\.top$/i"; classtype:trojan-activity; sid:37497561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewamcd41.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewamcd41.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewamcd41\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain nekyil22.top"; dns.query; content:"nekyil22.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])nekyil22\.top$/i"; classtype:trojan-activity; sid:37497571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain nekyil22.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nekyil22.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nekyil22\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain saas01.pro"; dns.query; content:"saas01.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-])saas01\.pro$/i"; classtype:trojan-activity; sid:37497581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain saas01.pro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saas01.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saas01\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewabpl55.top"; dns.query; content:"ewabpl55.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewabpl55\.top$/i"; classtype:trojan-activity; sid:37497591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewabpl55.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewabpl55.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewabpl55\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain rasrzh25.top"; dns.query; content:"rasrzh25.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])rasrzh25\.top$/i"; classtype:trojan-activity; sid:37497601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain rasrzh25.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rasrzh25.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rasrzh25\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain knudqw18.top"; dns.query; content:"knudqw18.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])knudqw18\.top$/i"; classtype:trojan-activity; sid:37497611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain knudqw18.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"knudqw18.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])knudqw18\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewafal62.top"; dns.query; content:"ewafal62.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewafal62\.top$/i"; classtype:trojan-activity; sid:37497621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewafal62.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewafal62.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewafal62\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewawtm26.top"; dns.query; content:"ewawtm26.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewawtm26\.top$/i"; classtype:trojan-activity; sid:37497631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewawtm26.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewawtm26.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewawtm26\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain dyxlx33.top"; dns.query; content:"dyxlx33.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])dyxlx33\.top$/i"; classtype:trojan-activity; sid:37497641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain dyxlx33.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dyxlx33.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dyxlx33\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain moraku02.top"; dns.query; content:"moraku02.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])moraku02\.top$/i"; classtype:trojan-activity; sid:37497651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain moraku02.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moraku02.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moraku02\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morhas01.top"; dns.query; content:"morhas01.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morhas01\.top$/i"; classtype:trojan-activity; sid:37497661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morhas01.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morhas01.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morhas01\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain haijwd23.top"; dns.query; content:"haijwd23.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])haijwd23\.top$/i"; classtype:trojan-activity; sid:37497671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain haijwd23.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haijwd23.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haijwd23\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewaunl38.top"; dns.query; content:"ewaunl38.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaunl38\.top$/i"; classtype:trojan-activity; sid:37497681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewaunl38.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaunl38.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaunl38\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewaosm65.top"; dns.query; content:"ewaosm65.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaosm65\.top$/i"; classtype:trojan-activity; sid:37497691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewaosm65.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaosm65.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaosm65\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morfiw05.top"; dns.query; content:"morfiw05.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morfiw05\.top$/i"; classtype:trojan-activity; sid:37497701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morfiw05.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morfiw05.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morfiw05\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain rasctx32.top"; dns.query; content:"rasctx32.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])rasctx32\.top$/i"; classtype:trojan-activity; sid:37497711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain rasctx32.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rasctx32.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rasctx32\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewadgz11.top"; dns.query; content:"ewadgz11.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewadgz11\.top$/i"; classtype:trojan-activity; sid:37497721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewadgz11.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewadgz11.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewadgz11\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain raspdh35.top"; dns.query; content:"raspdh35.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])raspdh35\.top$/i"; classtype:trojan-activity; sid:37497731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain raspdh35.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"raspdh35.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])raspdh35\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain hairdx22.top"; dns.query; content:"hairdx22.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])hairdx22\.top$/i"; classtype:trojan-activity; sid:37497741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain hairdx22.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hairdx22.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hairdx22\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain befrgv71.top"; dns.query; content:"befrgv71.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befrgv71\.top$/i"; classtype:trojan-activity; sid:37497751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain befrgv71.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befrgv71.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befrgv71\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain chuawt52.top"; dns.query; content:"chuawt52.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])chuawt52\.top$/i"; classtype:trojan-activity; sid:37497761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain chuawt52.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chuawt52.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chuawt52\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain befixc63.top"; dns.query; content:"befixc63.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befixc63\.top$/i"; classtype:trojan-activity; sid:37497771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain befixc63.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befixc63.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befixc63\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain moryei03.top"; dns.query; content:"moryei03.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])moryei03\.top$/i"; classtype:trojan-activity; sid:37497781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain moryei03.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moryei03.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moryei03\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain knurxh28.top"; dns.query; content:"knurxh28.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])knurxh28\.top$/i"; classtype:trojan-activity; sid:37497791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain knurxh28.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"knurxh28.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])knurxh28\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewavmp35.top"; dns.query; content:"ewavmp35.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewavmp35\.top$/i"; classtype:trojan-activity; sid:37497801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewavmp35.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewavmp35.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewavmp35\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain beflku61.top"; dns.query; content:"beflku61.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])beflku61\.top$/i"; classtype:trojan-activity; sid:37497811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain beflku61.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beflku61.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beflku61\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain haiezf32.top"; dns.query; content:"haiezf32.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])haiezf32\.top$/i"; classtype:trojan-activity; sid:37497821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain haiezf32.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haiezf32.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haiezf32\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morcgu03.top"; dns.query; content:"morcgu03.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morcgu03\.top$/i"; classtype:trojan-activity; sid:37497831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morcgu03.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morcgu03.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morcgu03\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewafxq25.top"; dns.query; content:"ewafxq25.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewafxq25\.top$/i"; classtype:trojan-activity; sid:37497841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewafxq25.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewafxq25.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewafxq25\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain pacter42.top"; dns.query; content:"pacter42.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])pacter42\.top$/i"; classtype:trojan-activity; sid:37497851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain pacter42.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pacter42.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pacter42\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewauhc58.top"; dns.query; content:"ewauhc58.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewauhc58\.top$/i"; classtype:trojan-activity; sid:37497861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewauhc58.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewauhc58.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewauhc58\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain mortiq04.top"; dns.query; content:"mortiq04.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])mortiq04\.top$/i"; classtype:trojan-activity; sid:37497871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain mortiq04.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mortiq04.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mortiq04\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewaumk24.top"; dns.query; content:"ewaumk24.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaumk24\.top$/i"; classtype:trojan-activity; sid:37497881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewaumk24.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaumk24.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaumk24\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain fokacv34.top"; dns.query; content:"fokacv34.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])fokacv34\.top$/i"; classtype:trojan-activity; sid:37497891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain fokacv34.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fokacv34.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fokacv34\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewaymo21.top"; dns.query; content:"ewaymo21.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaymo21\.top$/i"; classtype:trojan-activity; sid:37497901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewaymo21.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaymo21.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaymo21\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain mortbo03.top"; dns.query; content:"mortbo03.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])mortbo03\.top$/i"; classtype:trojan-activity; sid:37497911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain mortbo03.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mortbo03.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mortbo03\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain befuwa51.top"; dns.query; content:"befuwa51.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befuwa51\.top$/i"; classtype:trojan-activity; sid:37497921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain befuwa51.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befuwa51.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befuwa51\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewayky18.top"; dns.query; content:"ewayky18.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewayky18\.top$/i"; classtype:trojan-activity; sid:37497931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewayky18.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewayky18.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewayky18\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morcyr03.top"; dns.query; content:"morcyr03.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morcyr03\.top$/i"; classtype:trojan-activity; sid:37497941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morcyr03.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morcyr03.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morcyr03\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain rasqdc22.top"; dns.query; content:"rasqdc22.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])rasqdc22\.top$/i"; classtype:trojan-activity; sid:37497951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain rasqdc22.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rasqdc22.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rasqdc22\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewaisb31.top"; dns.query; content:"ewaisb31.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaisb31\.top$/i"; classtype:trojan-activity; sid:37497961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewaisb31.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaisb31.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaisb31\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain lyswug41.top"; dns.query; content:"lyswug41.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])lyswug41\.top$/i"; classtype:trojan-activity; sid:37497971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain lyswug41.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lyswug41.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lyswug41\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain smajug75.top"; dns.query; content:"smajug75.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])smajug75\.top$/i"; classtype:trojan-activity; sid:37497981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain smajug75.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smajug75.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smajug75\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain smainz71.top"; dns.query; content:"smainz71.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])smainz71\.top$/i"; classtype:trojan-activity; sid:37497991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain smainz71.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smainz71.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smainz71\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37497992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain befuak48.top"; dns.query; content:"befuak48.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befuak48\.top$/i"; classtype:trojan-activity; sid:37498001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain befuak48.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befuak48.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befuak48\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain befkap57.top"; dns.query; content:"befkap57.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befkap57\.top$/i"; classtype:trojan-activity; sid:37498011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain befkap57.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befkap57.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befkap57\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewadmw53.top"; dns.query; content:"ewadmw53.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewadmw53\.top$/i"; classtype:trojan-activity; sid:37498021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewadmw53.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewadmw53.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewadmw53\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain fokfgl36.top"; dns.query; content:"fokfgl36.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])fokfgl36\.top$/i"; classtype:trojan-activity; sid:37498031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain fokfgl36.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fokfgl36.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fokfgl36\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morsyr05.top"; dns.query; content:"morsyr05.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morsyr05\.top$/i"; classtype:trojan-activity; sid:37498041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morsyr05.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morsyr05.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morsyr05\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain smadyi56.top"; dns.query; content:"smadyi56.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])smadyi56\.top$/i"; classtype:trojan-activity; sid:37498051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain smadyi56.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smadyi56.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smadyi56\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morsuq02.top"; dns.query; content:"morsuq02.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morsuq02\.top$/i"; classtype:trojan-activity; sid:37498061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morsuq02.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morsuq02.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morsuq02\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morwiv04.top"; dns.query; content:"morwiv04.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morwiv04\.top$/i"; classtype:trojan-activity; sid:37498071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morwiv04.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morwiv04.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morwiv04\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewasic56.top"; dns.query; content:"ewasic56.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewasic56\.top$/i"; classtype:trojan-activity; sid:37498081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewasic56.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewasic56.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewasic56\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morekt05.top"; dns.query; content:"morekt05.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morekt05\.top$/i"; classtype:trojan-activity; sid:37498091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morekt05.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morekt05.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morekt05\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ewaqfe45.top"; dns.query; content:"ewaqfe45.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaqfe45\.top$/i"; classtype:trojan-activity; sid:37498101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ewaqfe45.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ewaqfe45.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ewaqfe45\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morqoi02.top"; dns.query; content:"morqoi02.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morqoi02\.top$/i"; classtype:trojan-activity; sid:37498111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morqoi02.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morqoi02.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morqoi02\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morhaq06.top"; dns.query; content:"morhaq06.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morhaq06\.top$/i"; classtype:trojan-activity; sid:37498121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morhaq06.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morhaq06.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morhaq06\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain tuytee11.top"; dns.query; content:"tuytee11.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])tuytee11\.top$/i"; classtype:trojan-activity; sid:37498131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain tuytee11.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tuytee11.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tuytee11\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain lysayu42.top"; dns.query; content:"lysayu42.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])lysayu42\.top$/i"; classtype:trojan-activity; sid:37498141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain lysayu42.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lysayu42.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lysayu42\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain marjkc03.top"; dns.query; content:"marjkc03.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])marjkc03\.top$/i"; classtype:trojan-activity; sid:37498151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain marjkc03.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marjkc03.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marjkc03\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain haiolr12.top"; dns.query; content:"haiolr12.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])haiolr12\.top$/i"; classtype:trojan-activity; sid:37498161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain haiolr12.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haiolr12.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haiolr12\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain befzco47.top"; dns.query; content:"befzco47.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])befzco47\.top$/i"; classtype:trojan-activity; sid:37498171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain befzco47.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"befzco47.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])befzco47\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morbyn04.top"; dns.query; content:"morbyn04.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morbyn04\.top$/i"; classtype:trojan-activity; sid:37498181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morbyn04.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morbyn04.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morbyn04\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain morups07.top"; dns.query; content:"morups07.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])morups07\.top$/i"; classtype:trojan-activity; sid:37498191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain morups07.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"morups07.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])morups07\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain haizul15.top"; dns.query; content:"haizul15.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])haizul15\.top$/i"; classtype:trojan-activity; sid:37498201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain haizul15.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haizul15.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haizul15\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//cdn-uk.widgetsfordeploy.com"; flow:to_server,established; http.header; content:"cdn-uk.widgetsfordeploy.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37498211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET 2040 (msg: "MISP e26444 [] Outgoing URL http|3a|//trabajovalle2019.duckdns.org|3a|2040"; flow:to_server,established; http.header; content:"trabajovalle2019.duckdns.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37299041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET 3609 (msg: "MISP e26444 [] Outgoing URL http|3a|//harold.jetos.com|3a|3609"; flow:to_server,established; http.header; content:"harold.jetos.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37299051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 179.43.175.207 809 (msg: "MISP e26444 [] Outgoing To IP: 179.43.175.207|809"; classtype:trojan-activity; sid:37297351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET 4758 (msg: "MISP e26444 [] Outgoing URL http|3a|//poseidon99.duckdns.org|3a|4758"; flow:to_server,established; http.header; content:"poseidon99.duckdns.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37299031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET 4758 (msg: "MISP e26673 [] Outgoing URL http|3a|//poseidon99.duckdns.org|3a|4758"; flow:to_server,established; http.header; content:"poseidon99.duckdns.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37498231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET 2040 (msg: "MISP e26673 [] Outgoing URL http|3a|//trabajovalle2019.duckdns.org|3a|2040"; flow:to_server,established; http.header; content:"trabajovalle2019.duckdns.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37498241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET 3609 (msg: "MISP e26673 [] Outgoing URL http|3a|//harold.jetos.com|3a|3609"; flow:to_server,established; http.header; content:"harold.jetos.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37498251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26375 [] Domain appsauthsign.com"; dns.query; content:"appsauthsign.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])appsauthsign\.com$/i"; classtype:trojan-activity; sid:37488141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26375 [] Outgoing HTTP Domain appsauthsign.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"appsauthsign.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])appsauthsign\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37488142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26375;) alert ip $HOME_NET any -> 154.29.75.236 443 (msg: "MISP e26673 [] Outgoing To IP: 154.29.75.236|443"; classtype:trojan-activity; sid:37498271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain absolutecache.com"; dns.query; content:"absolutecache.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])absolutecache\.com$/i"; classtype:trojan-activity; sid:37498281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain absolutecache.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"absolutecache.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])absolutecache\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26444 [SocGholish] Domain absolutecache.com"; dns.query; content:"absolutecache.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])absolutecache\.com$/i"; classtype:trojan-activity; sid:37299061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [SocGholish] Outgoing HTTP Domain absolutecache.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"absolutecache.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])absolutecache\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37299062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 154.29.75.236 443 (msg: "MISP e26444 [SocGholish] Outgoing To IP: 154.29.75.236|443"; classtype:trojan-activity; sid:37299071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//sm.jrworcester.org/index.php"; flow:to_server,established; http.header; content:"sm.jrworcester.org"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37299121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 185.79.156.18 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//185.79.156.18/gka/index.php"; flow:to_server,established; http.header; content:"185.79.156.18"; fast_pattern; nocase; http.uri; content:"/gka/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37299081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 45.95.147.64 $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//45.95.147.64/austino/index.php"; flow:to_server,established; http.header; content:"45.95.147.64"; fast_pattern; nocase; http.uri; content:"/austino/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37299091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//i42325.hostru2.fornex.org/index.php"; flow:to_server,established; http.header; content:"i42325.hostru2.fornex.org"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37299101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [] Outgoing URL http|3a|//bruxara.com/index.php"; flow:to_server,established; http.header; content:"bruxara.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37299111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> 185.79.156.18 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//185.79.156.18/gka/index.php"; flow:to_server,established; http.header; content:"185.79.156.18"; fast_pattern; nocase; http.uri; content:"/gka/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37498291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> 45.95.147.64 $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//45.95.147.64/austino/index.php"; flow:to_server,established; http.header; content:"45.95.147.64"; fast_pattern; nocase; http.uri; content:"/austino/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37498301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//i42325.hostru2.fornex.org/index.php"; flow:to_server,established; http.header; content:"i42325.hostru2.fornex.org"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37498311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//bruxara.com/index.php"; flow:to_server,established; http.header; content:"bruxara.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37498321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//sm.jrworcester.org/index.php"; flow:to_server,established; http.header; content:"sm.jrworcester.org"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37498331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26431 [] Domain webcestadoempresas.online"; dns.query; content:"webcestadoempresas.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online$/i"; classtype:trojan-activity; sid:37295451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26431;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26431 [] Outgoing HTTP Domain webcestadoempresas.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webcestadoempresas.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37295452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26431;) alert dns any any -> any any (msg: "MISP e26432 [] Domain webcestadoempresas.online"; dns.query; content:"webcestadoempresas.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online$/i"; classtype:trojan-activity; sid:37295531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26432;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26432 [] Outgoing HTTP Domain webcestadoempresas.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webcestadoempresas.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37295532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26432;) alert dns any any -> any any (msg: "MISP e26433 [] Domain webcestadoempresas.online"; dns.query; content:"webcestadoempresas.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online$/i"; classtype:trojan-activity; sid:37295611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26433;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26433 [] Outgoing HTTP Domain webcestadoempresas.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webcestadoempresas.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37295612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26433;) alert http $HOME_NET any -> $EXTERNAL_NET 7250 (msg: "MISP e26444 [Vjw0rm] Outgoing URL http|3a|//newyear7250.duckdns.org|3a|7250/vre"; flow:to_server,established; http.header; content:"newyear7250.duckdns.org"; fast_pattern; nocase; http.uri; content:"/vre"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37299131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 81.94.150.21 443 (msg: "MISP e26673 [] Outgoing To IP: 81.94.150.21|443"; classtype:trojan-activity; sid:37498341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26614 [] Domain vmi.lt-deklaricija02.net"; dns.query; content:"vmi.lt-deklaricija02.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net$/i"; classtype:trojan-activity; sid:37487681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26614;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26614 [] Outgoing HTTP Domain vmi.lt-deklaricija02.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-deklaricija02.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26614;) alert dns any any -> any any (msg: "MISP e26613 [] Domain vmi.lt-deklaricija02.net"; dns.query; content:"vmi.lt-deklaricija02.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net$/i"; classtype:trojan-activity; sid:37487651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26613;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26613 [] Outgoing HTTP Domain vmi.lt-deklaricija02.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-deklaricija02.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26613;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26537 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//mnfhsgfhaioeuywgdbcva.ydns.eu/EWW.exe"; flow:to_server,established; http.header; content:"mnfhsgfhaioeuywgdbcva.ydns.eu"; fast_pattern; nocase; http.uri; content:"/EWW.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37466221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26537;) alert dns any any -> any any (msg: "MISP e26611 [] Domain vmi.lt-deklaricija02.net"; dns.query; content:"vmi.lt-deklaricija02.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net$/i"; classtype:trojan-activity; sid:37487591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26611;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26611 [] Outgoing HTTP Domain vmi.lt-deklaricija02.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-deklaricija02.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26611;) alert dns any any -> any any (msg: "MISP e26612 [] Domain vmi.lt-deklaricija02.net"; dns.query; content:"vmi.lt-deklaricija02.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net$/i"; classtype:trojan-activity; sid:37487621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26612;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26612 [] Outgoing HTTP Domain vmi.lt-deklaricija02.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-deklaricija02.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26612;) alert dns any any -> any any (msg: "MISP e26610 [] Domain vmi.lt-deklaricija02.net"; dns.query; content:"vmi.lt-deklaricija02.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net$/i"; classtype:trojan-activity; sid:37487561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26610;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26610 [] Outgoing HTTP Domain vmi.lt-deklaricija02.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-deklaricija02.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26610;) alert dns any any -> any any (msg: "MISP e26616 [] Domain vmi.lt-deklaricija02.net"; dns.query; content:"vmi.lt-deklaricija02.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net$/i"; classtype:trojan-activity; sid:37487741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26616;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26616 [] Outgoing HTTP Domain vmi.lt-deklaricija02.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-deklaricija02.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26616;) alert dns any any -> any any (msg: "MISP e26673 [] Domain abc.anti-ddos.io.vn"; dns.query; content:"abc.anti-ddos.io.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-])abc\.anti\-ddos\.io\.vn$/i"; classtype:trojan-activity; sid:37498351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain abc.anti-ddos.io.vn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"abc.anti-ddos.io.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])abc\.anti\-ddos\.io\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 103.47.195.200 42597 (msg: "MISP e26673 [] Outgoing To IP: 103.47.195.200|42597"; classtype:trojan-activity; sid:37498361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET 7250 (msg: "MISP e26673 [] Outgoing URL http|3a|//newyear7250.duckdns.org|3a|7250/Vre"; flow:to_server,established; http.header; content:"newyear7250.duckdns.org"; fast_pattern; nocase; http.uri; content:"/Vre"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37498371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26615 [] Domain vmi.lt-deklaricija02.net"; dns.query; content:"vmi.lt-deklaricija02.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net$/i"; classtype:trojan-activity; sid:37487711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26615;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26615 [] Outgoing HTTP Domain vmi.lt-deklaricija02.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-deklaricija02.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-deklaricija02\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26615;) alert dns any any -> any any (msg: "MISP e26434 [] Domain wwwbanc0chil3com.shahanshasports.com"; dns.query; content:"wwwbanc0chil3com.shahanshasports.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com$/i"; classtype:trojan-activity; sid:37295701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26434 [] Outgoing HTTP Domain wwwbanc0chil3com.shahanshasports.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwbanc0chil3com.shahanshasports.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37295702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26434;) alert dns any any -> any any (msg: "MISP e26435 [] Domain wwwbanc0chil3com.shahanshasports.com"; dns.query; content:"wwwbanc0chil3com.shahanshasports.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com$/i"; classtype:trojan-activity; sid:37295791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26435;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26435 [] Outgoing HTTP Domain wwwbanc0chil3com.shahanshasports.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwbanc0chil3com.shahanshasports.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37295792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26435;) alert dns any any -> any any (msg: "MISP e26436 [] Domain wwwbanc0chil3com.shahanshasports.com"; dns.query; content:"wwwbanc0chil3com.shahanshasports.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com$/i"; classtype:trojan-activity; sid:37295871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26436;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26436 [] Outgoing HTTP Domain wwwbanc0chil3com.shahanshasports.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwbanc0chil3com.shahanshasports.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37295872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26436;) alert dns any any -> any any (msg: "MISP e26437 [] Domain wwwbanc0chil3com.shahanshasports.com"; dns.query; content:"wwwbanc0chil3com.shahanshasports.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com$/i"; classtype:trojan-activity; sid:37295951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26437;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26437 [] Outgoing HTTP Domain wwwbanc0chil3com.shahanshasports.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwbanc0chil3com.shahanshasports.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37295952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26437;) alert dns any any -> any any (msg: "MISP e26438 [] Domain wwwbanc0chil3com.shahanshasports.com"; dns.query; content:"wwwbanc0chil3com.shahanshasports.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com$/i"; classtype:trojan-activity; sid:37296031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26438;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26438 [] Outgoing HTTP Domain wwwbanc0chil3com.shahanshasports.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwbanc0chil3com.shahanshasports.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37296032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26438;) alert dns any any -> any any (msg: "MISP e26439 [] Domain wwwbanc0chil3com.shahanshasports.com"; dns.query; content:"wwwbanc0chil3com.shahanshasports.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com$/i"; classtype:trojan-activity; sid:37296111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26439;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26439 [] Outgoing HTTP Domain wwwbanc0chil3com.shahanshasports.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwbanc0chil3com.shahanshasports.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbanc0chil3com\.shahanshasports\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37296112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26439;) alert dns any any -> any any (msg: "MISP e28737 [] Domain ms2ve.cc"; dns.query; content:"ms2ve.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])ms2ve\.cc$/i"; classtype:trojan-activity; sid:38705401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain ms2ve.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ms2ve.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ms2ve\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain hds6y.cc"; dns.query; content:"hds6y.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])hds6y\.cc$/i"; classtype:trojan-activity; sid:38705411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain hds6y.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hds6y.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hds6y\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain smgeo.cc"; dns.query; content:"smgeo.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])smgeo\.cc$/i"; classtype:trojan-activity; sid:38705421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain smgeo.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smgeo.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smgeo\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Hostname www.dg1e.com"; dns.query; content:"www.dg1e.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.dg1e\.com$/i"; classtype:trojan-activity; sid:38705431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Hostname www.dg1e.com"; flow:to_server,established; http.header; content: "Host|3a| www.dg1e.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.dg1e\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain zu7kt.cc"; dns.query; content:"zu7kt.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])zu7kt\.cc$/i"; classtype:trojan-activity; sid:38705441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain zu7kt.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zu7kt.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zu7kt\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain ks8cb.cc"; dns.query; content:"ks8cb.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])ks8cb\.cc$/i"; classtype:trojan-activity; sid:38705451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain ks8cb.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ks8cb.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ks8cb\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain wbke.cc"; dns.query; content:"wbke.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])wbke\.cc$/i"; classtype:trojan-activity; sid:38705461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain wbke.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wbke.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wbke\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain t8bc.xyz"; dns.query; content:"t8bc.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])t8bc\.xyz$/i"; classtype:trojan-activity; sid:38705471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain t8bc.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"t8bc.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])t8bc\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain bv8k.xyz"; dns.query; content:"bv8k.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])bv8k\.xyz$/i"; classtype:trojan-activity; sid:38705481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain bv8k.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bv8k.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bv8k\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain hzc5.xyz"; dns.query; content:"hzc5.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hzc5\.xyz$/i"; classtype:trojan-activity; sid:38705491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain hzc5.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hzc5.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hzc5\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain wsy6.xyz"; dns.query; content:"wsy6.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])wsy6\.xyz$/i"; classtype:trojan-activity; sid:38705501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain wsy6.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wsy6.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wsy6\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain r6go.xyz"; dns.query; content:"r6go.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])r6go\.xyz$/i"; classtype:trojan-activity; sid:38705511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain r6go.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"r6go.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])r6go\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain msc4.xyz"; dns.query; content:"msc4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])msc4\.xyz$/i"; classtype:trojan-activity; sid:38705521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain msc4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"msc4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])msc4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain wts3.xyz"; dns.query; content:"wts3.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])wts3\.xyz$/i"; classtype:trojan-activity; sid:38705531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain wts3.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wts3.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wts3\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain qskm.xyz"; dns.query; content:"qskm.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])qskm\.xyz$/i"; classtype:trojan-activity; sid:38705541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain qskm.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qskm.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qskm\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain tp7s.xyz"; dns.query; content:"tp7s.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])tp7s\.xyz$/i"; classtype:trojan-activity; sid:38705551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain tp7s.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tp7s.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tp7s\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain vki9.xyz"; dns.query; content:"vki9.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])vki9\.xyz$/i"; classtype:trojan-activity; sid:38705561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain vki9.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vki9.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vki9\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain bgt6.xyz"; dns.query; content:"bgt6.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])bgt6\.xyz$/i"; classtype:trojan-activity; sid:38705571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain bgt6.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bgt6.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bgt6\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e28737 [] Domain gt6ss.xyz"; dns.query; content:"gt6ss.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])gt6ss\.xyz$/i"; classtype:trojan-activity; sid:38705581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28737 [] Outgoing HTTP Domain gt6ss.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gt6ss.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gt6ss\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38705582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28737;) alert dns any any -> any any (msg: "MISP e26440 [] Domain m-tarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"m-tarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])m\-tarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37296201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26440;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26440 [] Outgoing HTTP Domain m-tarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"m-tarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])m\-tarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37296202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26440;) alert ip $HOME_NET any -> 8.222.184.154 10000 (msg: "MISP e26444 [AS45102,c2,censys] Outgoing To IP: 8.222.184.154|10000"; classtype:trojan-activity; sid:37299141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 185.193.126.187 443 (msg: "MISP e26444 [ABSTRACT,AS39287,c2,censys] Outgoing To IP: 185.193.126.187|443"; classtype:trojan-activity; sid:37299151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 60.204.249.34 8080 (msg: "MISP e26444 [AS55990,c2,censys] Outgoing To IP: 60.204.249.34|8080"; classtype:trojan-activity; sid:37299161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 120.78.83.129 52120 (msg: "MISP e26444 [AS37963,c2,censys] Outgoing To IP: 120.78.83.129|52120"; classtype:trojan-activity; sid:37299171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 120.27.132.223 8888 (msg: "MISP e26444 [AS37963,c2,censys] Outgoing To IP: 120.27.132.223|8888"; classtype:trojan-activity; sid:37299181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 167.99.112.140 443 (msg: "MISP e26444 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 167.99.112.140|443"; classtype:trojan-activity; sid:37299191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 118.193.62.169 3026 (msg: "MISP e26444 [AS135377,c2,censys] Outgoing To IP: 118.193.62.169|3026"; classtype:trojan-activity; sid:37299201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 45.131.132.55 9995 (msg: "MISP e26444 [AS41378,c2,censys,KIRINONET] Outgoing To IP: 45.131.132.55|9995"; classtype:trojan-activity; sid:37299211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 45.131.132.55 5520 (msg: "MISP e26444 [AS41378,c2,censys,KIRINONET] Outgoing To IP: 45.131.132.55|5520"; classtype:trojan-activity; sid:37299221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 187.135.86.23 2281 (msg: "MISP e26444 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.86.23|2281"; classtype:trojan-activity; sid:37299231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 187.135.86.23 1656 (msg: "MISP e26444 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.86.23|1656"; classtype:trojan-activity; sid:37299241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 187.135.86.23 1723 (msg: "MISP e26444 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.86.23|1723"; classtype:trojan-activity; sid:37299251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 187.135.86.23 1899 (msg: "MISP e26444 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.86.23|1899"; classtype:trojan-activity; sid:37299261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 187.135.86.23 2004 (msg: "MISP e26444 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.86.23|2004"; classtype:trojan-activity; sid:37299271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 187.135.86.23 2082 (msg: "MISP e26444 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.86.23|2082"; classtype:trojan-activity; sid:37299281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 187.135.86.23 2222 (msg: "MISP e26444 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.86.23|2222"; classtype:trojan-activity; sid:37299291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 187.135.86.23 2271 (msg: "MISP e26444 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.86.23|2271"; classtype:trojan-activity; sid:37299301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 4.145.90.29 443 (msg: "MISP e26444 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 4.145.90.29|443"; classtype:trojan-activity; sid:37299311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 5.250.189.135 40750 (msg: "MISP e26444 [AS8560,c2,censys] Outgoing To IP: 5.250.189.135|40750"; classtype:trojan-activity; sid:37299321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 216.245.181.92 443 (msg: "MISP e26444 [AMAZON-02,AS16509,c2,censys] Outgoing To IP: 216.245.181.92|443"; classtype:trojan-activity; sid:37299331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 45.134.83.162 8808 (msg: "MISP e26444 [AS6134,c2,censys,RAT,XNNET] Outgoing To IP: 45.134.83.162|8808"; classtype:trojan-activity; sid:37299341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 147.135.97.94 6606 (msg: "MISP e26444 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 147.135.97.94|6606"; classtype:trojan-activity; sid:37299351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 186.112.206.181 8888 (msg: "MISP e26444 [AS3816,c2,censys,RAT] Outgoing To IP: 186.112.206.181|8888"; classtype:trojan-activity; sid:37299361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 193.26.115.221 6606 (msg: "MISP e26444 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 193.26.115.221|6606"; classtype:trojan-activity; sid:37299371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 13.237.100.49 7443 (msg: "MISP e26444 [AMAZON-02,AS16509,c2,censys,Mythic] Outgoing To IP: 13.237.100.49|7443"; classtype:trojan-activity; sid:37299381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 23.101.226.140 443 (msg: "MISP e26444 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Mythic] Outgoing To IP: 23.101.226.140|443"; classtype:trojan-activity; sid:37299391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 51.81.90.181 443 (msg: "MISP e26444 [AS16276,c2,censys,Mythic,OVH] Outgoing To IP: 51.81.90.181|443"; classtype:trojan-activity; sid:37299401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 45.83.31.204 80 (msg: "MISP e26444 [AS23470,c2,censys,HookBot,RELIABLESITE] Outgoing To IP: 45.83.31.204|80"; classtype:trojan-activity; sid:37299411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 185.146.156.85 80 (msg: "MISP e26444 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 185.146.156.85|80"; classtype:trojan-activity; sid:37299421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 209.126.7.24 4444 (msg: "MISP e26444 [AS40021,c2,censys,NL-811-40021,RAT] Outgoing To IP: 209.126.7.24|4444"; classtype:trojan-activity; sid:37299431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 181.162.178.142 8080 (msg: "MISP e26444 [AS7418,c2,censys,RAT] Outgoing To IP: 181.162.178.142|8080"; classtype:trojan-activity; sid:37299441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 107.148.237.29 8088 (msg: "MISP e26444 [AS398478,c2,censys,PEG-HK,RAT] Outgoing To IP: 107.148.237.29|8088"; classtype:trojan-activity; sid:37299451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 5.189.175.70 443 (msg: "MISP e26444 [AS51167,c2,censys,CONTABO,RAT] Outgoing To IP: 5.189.175.70|443"; classtype:trojan-activity; sid:37299461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 159.223.52.78 9782 (msg: "MISP e26444 [AS14061,c2,censys,DIGITALOCEAN-ASN,RAT] Outgoing To IP: 159.223.52.78|9782"; classtype:trojan-activity; sid:37299471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 94.156.66.77 8080 (msg: "MISP e26444 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 94.156.66.77|8080"; classtype:trojan-activity; sid:37299481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 185.249.227.27 80 (msg: "MISP e26444 [AS51167,c2,censys,CONTABO] Outgoing To IP: 185.249.227.27|80"; classtype:trojan-activity; sid:37299491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Domain epsilon1337.fr"; dns.query; content:"epsilon1337.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilon1337\.fr$/i"; classtype:trojan-activity; sid:37299501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Outgoing HTTP Domain epsilon1337.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"epsilon1337.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilon1337\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37299502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert dns any any -> any any (msg: "MISP e26444 [AS16276,c2,censys,EpsilonStealer,OVH,stealer] Domain ip136.ip-51-195-83.eu"; dns.query; content:"ip136.ip-51-195-83.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])ip136\.ip\-51\-195\-83\.eu$/i"; classtype:trojan-activity; sid:37299511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26444 [AS16276,c2,censys,EpsilonStealer,OVH,stealer] Outgoing HTTP Domain ip136.ip-51-195-83.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ip136.ip-51-195-83.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ip136\.ip\-51\-195\-83\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37299512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 103.47.195.200 80 (msg: "MISP e26444 [AS140832,c2,censys] Outgoing To IP: 103.47.195.200|80"; classtype:trojan-activity; sid:37299521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 47.242.21.119 60000 (msg: "MISP e26444 [AS45102,censys,Viper] Outgoing To IP: 47.242.21.119|60000"; classtype:trojan-activity; sid:37299531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 14.225.19.116 60000 (msg: "MISP e26444 [AS135905,censys,Viper] Outgoing To IP: 14.225.19.116|60000"; classtype:trojan-activity; sid:37299541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 18.118.138.192 3333 (msg: "MISP e26444 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 18.118.138.192|3333"; classtype:trojan-activity; sid:37299551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 44.218.45.27 443 (msg: "MISP e26444 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 44.218.45.27|443"; classtype:trojan-activity; sid:37299561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 3.250.162.249 3333 (msg: "MISP e26444 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.250.162.249|3333"; classtype:trojan-activity; sid:37299571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 146.190.9.102 9999 (msg: "MISP e26444 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 146.190.9.102|9999"; classtype:trojan-activity; sid:37299581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 135.181.20.182 3333 (msg: "MISP e26444 [AS24940,censys,GoPhish,HETZNER-AS,phishing] Outgoing To IP: 135.181.20.182|3333"; classtype:trojan-activity; sid:37299591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 13.127.226.130 3333 (msg: "MISP e26444 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 13.127.226.130|3333"; classtype:trojan-activity; sid:37299601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 34.123.222.44 443 (msg: "MISP e26444 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.123.222.44|443"; classtype:trojan-activity; sid:37299611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 34.101.86.127 3333 (msg: "MISP e26444 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.101.86.127|3333"; classtype:trojan-activity; sid:37299621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 3.120.71.192 443 (msg: "MISP e26444 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.120.71.192|443"; classtype:trojan-activity; sid:37299631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 18.202.134.235 443 (msg: "MISP e26444 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 18.202.134.235|443"; classtype:trojan-activity; sid:37299641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 35.208.245.146 3333 (msg: "MISP e26444 [AS19527,censys,GOOGLE-2,GoPhish,phishing] Outgoing To IP: 35.208.245.146|3333"; classtype:trojan-activity; sid:37299651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 20.117.112.154 52525 (msg: "MISP e26444 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.117.112.154|52525"; classtype:trojan-activity; sid:37299661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 35.157.195.58 443 (msg: "MISP e26444 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 35.157.195.58|443"; classtype:trojan-activity; sid:37299671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 3.85.194.45 3333 (msg: "MISP e26444 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 3.85.194.45|3333"; classtype:trojan-activity; sid:37299681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 167.71.231.122 9999 (msg: "MISP e26444 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 167.71.231.122|9999"; classtype:trojan-activity; sid:37299691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 185.83.113.126 32017 (msg: "MISP e26444 [AS59441,c2,censys,HOSTIRAN-NETWORK] Outgoing To IP: 185.83.113.126|32017"; classtype:trojan-activity; sid:37299701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip 146.185.214.63 any -> $HOME_NET any (msg: "MISP e26492 [] Incoming From IP: 146.185.214.63"; classtype:trojan-activity; sid:37335281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26492;) alert ip 70.34.208.197 any -> $HOME_NET any (msg: "MISP e26493 [] Incoming From IP: 70.34.208.197"; classtype:trojan-activity; sid:37336641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert ip 140.82.33.130 any -> $HOME_NET any (msg: "MISP e26493 [] Incoming From IP: 140.82.33.130"; classtype:trojan-activity; sid:37336651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert ip 70.34.194.185 any -> $HOME_NET any (msg: "MISP e26493 [] Incoming From IP: 70.34.194.185"; classtype:trojan-activity; sid:37336661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert ip 139.84.232.245 any -> $HOME_NET any (msg: "MISP e26493 [] Incoming From IP: 139.84.232.245"; classtype:trojan-activity; sid:37336671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert ip 208.85.20.130 any -> $HOME_NET any (msg: "MISP e26493 [] Incoming From IP: 208.85.20.130"; classtype:trojan-activity; sid:37336681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert ip 139.84.229.192 any -> $HOME_NET any (msg: "MISP e26493 [] Incoming From IP: 139.84.229.192"; classtype:trojan-activity; sid:37336691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert ip 70.34.195.221 any -> $HOME_NET any (msg: "MISP e26493 [] Incoming From IP: 70.34.195.221"; classtype:trojan-activity; sid:37336701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert ip 217.69.1.128 any -> $HOME_NET any (msg: "MISP e26493 [] Incoming From IP: 217.69.1.128"; classtype:trojan-activity; sid:37336711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert ip 108.181.20.36 any -> $HOME_NET any (msg: "MISP e26493 [] Incoming From IP: 108.181.20.36"; classtype:trojan-activity; sid:37336721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert ip 108.61.189.125 any -> $HOME_NET any (msg: "MISP e26493 [] Incoming From IP: 108.61.189.125"; classtype:trojan-activity; sid:37336731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert dns any any -> any any (msg: "MISP e26493 [] Domain lapz.ddns.net"; dns.query; content:"lapz.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])lapz\.ddns\.net$/i"; classtype:trojan-activity; sid:37336741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26493 [] Outgoing HTTP Domain lapz.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lapz.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lapz\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37336742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert dns any any -> any any (msg: "MISP e26493 [] Domain exchangeupgrade.ddns.net"; dns.query; content:"exchangeupgrade.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])exchangeupgrade\.ddns\.net$/i"; classtype:trojan-activity; sid:37336751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26493 [] Outgoing HTTP Domain exchangeupgrade.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"exchangeupgrade.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])exchangeupgrade\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37336752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert dns any any -> any any (msg: "MISP e26493 [] Domain exchangeserver.zapto.org"; dns.query; content:"exchangeserver.zapto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])exchangeserver\.zapto\.org$/i"; classtype:trojan-activity; sid:37336761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26493 [] Outgoing HTTP Domain exchangeserver.zapto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"exchangeserver.zapto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])exchangeserver\.zapto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37336762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26493;) alert ip $HOME_NET any -> 185.83.113.126 32017 (msg: "MISP e26673 [] Outgoing To IP: 185.83.113.126|32017"; classtype:trojan-activity; sid:37498381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 167.71.231.122 9999 (msg: "MISP e26673 [] Outgoing To IP: 167.71.231.122|9999"; classtype:trojan-activity; sid:37498391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 35.157.195.58 443 (msg: "MISP e26673 [] Outgoing To IP: 35.157.195.58|443"; classtype:trojan-activity; sid:37498401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 3.85.194.45 3333 (msg: "MISP e26673 [] Outgoing To IP: 3.85.194.45|3333"; classtype:trojan-activity; sid:37498411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 20.117.112.154 52525 (msg: "MISP e26673 [] Outgoing To IP: 20.117.112.154|52525"; classtype:trojan-activity; sid:37498421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 18.202.134.235 443 (msg: "MISP e26673 [] Outgoing To IP: 18.202.134.235|443"; classtype:trojan-activity; sid:37498431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 35.208.245.146 3333 (msg: "MISP e26673 [] Outgoing To IP: 35.208.245.146|3333"; classtype:trojan-activity; sid:37498441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 3.120.71.192 443 (msg: "MISP e26673 [] Outgoing To IP: 3.120.71.192|443"; classtype:trojan-activity; sid:37498451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 34.101.86.127 3333 (msg: "MISP e26673 [] Outgoing To IP: 34.101.86.127|3333"; classtype:trojan-activity; sid:37498461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 34.123.222.44 443 (msg: "MISP e26673 [] Outgoing To IP: 34.123.222.44|443"; classtype:trojan-activity; sid:37498471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 13.127.226.130 3333 (msg: "MISP e26673 [] Outgoing To IP: 13.127.226.130|3333"; classtype:trojan-activity; sid:37498481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 135.181.20.182 3333 (msg: "MISP e26673 [] Outgoing To IP: 135.181.20.182|3333"; classtype:trojan-activity; sid:37498491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 146.190.9.102 9999 (msg: "MISP e26673 [] Outgoing To IP: 146.190.9.102|9999"; classtype:trojan-activity; sid:37498501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 3.250.162.249 3333 (msg: "MISP e26673 [] Outgoing To IP: 3.250.162.249|3333"; classtype:trojan-activity; sid:37498511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 44.218.45.27 443 (msg: "MISP e26673 [] Outgoing To IP: 44.218.45.27|443"; classtype:trojan-activity; sid:37498521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 18.118.138.192 3333 (msg: "MISP e26673 [] Outgoing To IP: 18.118.138.192|3333"; classtype:trojan-activity; sid:37498531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 14.225.19.116 60000 (msg: "MISP e26673 [] Outgoing To IP: 14.225.19.116|60000"; classtype:trojan-activity; sid:37498541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 47.242.21.119 60000 (msg: "MISP e26673 [] Outgoing To IP: 47.242.21.119|60000"; classtype:trojan-activity; sid:37498551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 103.47.195.200 80 (msg: "MISP e26673 [] Outgoing To IP: 103.47.195.200|80"; classtype:trojan-activity; sid:37498561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain ip136.ip-51-195-83.eu"; dns.query; content:"ip136.ip-51-195-83.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])ip136\.ip\-51\-195\-83\.eu$/i"; classtype:trojan-activity; sid:37498571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain ip136.ip-51-195-83.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ip136.ip-51-195-83.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ip136\.ip\-51\-195\-83\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain epsilon1337.fr"; dns.query; content:"epsilon1337.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilon1337\.fr$/i"; classtype:trojan-activity; sid:37498581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain epsilon1337.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"epsilon1337.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilon1337\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37498582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 185.249.227.27 80 (msg: "MISP e26673 [] Outgoing To IP: 185.249.227.27|80"; classtype:trojan-activity; sid:37498591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 94.156.66.77 8080 (msg: "MISP e26673 [] Outgoing To IP: 94.156.66.77|8080"; classtype:trojan-activity; sid:37498601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 159.223.52.78 9782 (msg: "MISP e26673 [] Outgoing To IP: 159.223.52.78|9782"; classtype:trojan-activity; sid:37498611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 5.189.175.70 443 (msg: "MISP e26673 [] Outgoing To IP: 5.189.175.70|443"; classtype:trojan-activity; sid:37498621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 181.162.178.142 8080 (msg: "MISP e26673 [] Outgoing To IP: 181.162.178.142|8080"; classtype:trojan-activity; sid:37498631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 107.148.237.29 8088 (msg: "MISP e26673 [] Outgoing To IP: 107.148.237.29|8088"; classtype:trojan-activity; sid:37498641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 209.126.7.24 4444 (msg: "MISP e26673 [] Outgoing To IP: 209.126.7.24|4444"; classtype:trojan-activity; sid:37498651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 185.146.156.85 80 (msg: "MISP e26673 [] Outgoing To IP: 185.146.156.85|80"; classtype:trojan-activity; sid:37498661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 45.83.31.204 80 (msg: "MISP e26673 [] Outgoing To IP: 45.83.31.204|80"; classtype:trojan-activity; sid:37498671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 51.81.90.181 443 (msg: "MISP e26673 [] Outgoing To IP: 51.81.90.181|443"; classtype:trojan-activity; sid:37498681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 23.101.226.140 443 (msg: "MISP e26673 [] Outgoing To IP: 23.101.226.140|443"; classtype:trojan-activity; sid:37498691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 13.237.100.49 7443 (msg: "MISP e26673 [] Outgoing To IP: 13.237.100.49|7443"; classtype:trojan-activity; sid:37498701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 193.26.115.221 6606 (msg: "MISP e26673 [] Outgoing To IP: 193.26.115.221|6606"; classtype:trojan-activity; sid:37498711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 186.112.206.181 8888 (msg: "MISP e26673 [] Outgoing To IP: 186.112.206.181|8888"; classtype:trojan-activity; sid:37498721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 147.135.97.94 6606 (msg: "MISP e26673 [] Outgoing To IP: 147.135.97.94|6606"; classtype:trojan-activity; sid:37498731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 45.134.83.162 8808 (msg: "MISP e26673 [] Outgoing To IP: 45.134.83.162|8808"; classtype:trojan-activity; sid:37498741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 216.245.181.92 443 (msg: "MISP e26673 [] Outgoing To IP: 216.245.181.92|443"; classtype:trojan-activity; sid:37498751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 5.250.189.135 40750 (msg: "MISP e26673 [] Outgoing To IP: 5.250.189.135|40750"; classtype:trojan-activity; sid:37498761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 4.145.90.29 443 (msg: "MISP e26673 [] Outgoing To IP: 4.145.90.29|443"; classtype:trojan-activity; sid:37498771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 187.135.86.23 2271 (msg: "MISP e26673 [] Outgoing To IP: 187.135.86.23|2271"; classtype:trojan-activity; sid:37498781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 187.135.86.23 2082 (msg: "MISP e26673 [] Outgoing To IP: 187.135.86.23|2082"; classtype:trojan-activity; sid:37498791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 187.135.86.23 2222 (msg: "MISP e26673 [] Outgoing To IP: 187.135.86.23|2222"; classtype:trojan-activity; sid:37498801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 187.135.86.23 2004 (msg: "MISP e26673 [] Outgoing To IP: 187.135.86.23|2004"; classtype:trojan-activity; sid:37498811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 187.135.86.23 1899 (msg: "MISP e26673 [] Outgoing To IP: 187.135.86.23|1899"; classtype:trojan-activity; sid:37498821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 187.135.86.23 1723 (msg: "MISP e26673 [] Outgoing To IP: 187.135.86.23|1723"; classtype:trojan-activity; sid:37498831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 187.135.86.23 2281 (msg: "MISP e26673 [] Outgoing To IP: 187.135.86.23|2281"; classtype:trojan-activity; sid:37498841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 187.135.86.23 1656 (msg: "MISP e26673 [] Outgoing To IP: 187.135.86.23|1656"; classtype:trojan-activity; sid:37498851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 45.131.132.55 5520 (msg: "MISP e26673 [] Outgoing To IP: 45.131.132.55|5520"; classtype:trojan-activity; sid:37498861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 45.131.132.55 9995 (msg: "MISP e26673 [] Outgoing To IP: 45.131.132.55|9995"; classtype:trojan-activity; sid:37498871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 118.193.62.169 3026 (msg: "MISP e26673 [] Outgoing To IP: 118.193.62.169|3026"; classtype:trojan-activity; sid:37498881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 167.99.112.140 443 (msg: "MISP e26673 [] Outgoing To IP: 167.99.112.140|443"; classtype:trojan-activity; sid:37498891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 120.27.132.223 8888 (msg: "MISP e26673 [] Outgoing To IP: 120.27.132.223|8888"; classtype:trojan-activity; sid:37498901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 120.78.83.129 52120 (msg: "MISP e26673 [] Outgoing To IP: 120.78.83.129|52120"; classtype:trojan-activity; sid:37498911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 60.204.249.34 8080 (msg: "MISP e26673 [] Outgoing To IP: 60.204.249.34|8080"; classtype:trojan-activity; sid:37498921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 185.193.126.187 443 (msg: "MISP e26673 [] Outgoing To IP: 185.193.126.187|443"; classtype:trojan-activity; sid:37498931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 8.222.184.154 10000 (msg: "MISP e26673 [] Outgoing To IP: 8.222.184.154|10000"; classtype:trojan-activity; sid:37498941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26494 [] Domain 2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion"; dns.query; content:"2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid\.onion$/i"; classtype:trojan-activity; sid:37336981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain 2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37336982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain 4inahjbeyrmqzhvqbsgtcmoibz47joueo3f44rgidig6xdzmljue7uyd.onion"; dns.query; content:"4inahjbeyrmqzhvqbsgtcmoibz47joueo3f44rgidig6xdzmljue7uyd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])4inahjbeyrmqzhvqbsgtcmoibz47joueo3f44rgidig6xdzmljue7uyd\.onion$/i"; classtype:trojan-activity; sid:37336991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain 4inahjbeyrmqzhvqbsgtcmoibz47joueo3f44rgidig6xdzmljue7uyd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"4inahjbeyrmqzhvqbsgtcmoibz47joueo3f44rgidig6xdzmljue7uyd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])4inahjbeyrmqzhvqbsgtcmoibz47joueo3f44rgidig6xdzmljue7uyd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37336992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion"; dns.query; content:"archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd\.onion$/i"; classtype:trojan-activity; sid:37337001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion"; dns.query; content:"bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd\.onion$/i"; classtype:trojan-activity; sid:37337011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain blkchairbknpn73cfjhevhla7rkp4ed5gg2knctvv7it4lioy22defid.onion"; dns.query; content:"blkchairbknpn73cfjhevhla7rkp4ed5gg2knctvv7it4lioy22defid.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])blkchairbknpn73cfjhevhla7rkp4ed5gg2knctvv7it4lioy22defid\.onion$/i"; classtype:trojan-activity; sid:37337021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain blkchairbknpn73cfjhevhla7rkp4ed5gg2knctvv7it4lioy22defid.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blkchairbknpn73cfjhevhla7rkp4ed5gg2knctvv7it4lioy22defid.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blkchairbknpn73cfjhevhla7rkp4ed5gg2knctvv7it4lioy22defid\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion"; dns.query; content:"brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd\.onion$/i"; classtype:trojan-activity; sid:37337031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337032; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion"; dns.query; content:"ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad\.onion$/i"; classtype:trojan-activity; sid:37337041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337042; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion"; dns.query; content:"darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id\.onion$/i"; classtype:trojan-activity; sid:37337051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337052; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion"; dns.query; content:"facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd\.onion$/i"; classtype:trojan-activity; sid:37337061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337062; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain fpfjxcrmw437h6z2xl3w4czl55kvkmxpapg37bbopsafdu7q454byxid.onion"; dns.query; content:"fpfjxcrmw437h6z2xl3w4czl55kvkmxpapg37bbopsafdu7q454byxid.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])fpfjxcrmw437h6z2xl3w4czl55kvkmxpapg37bbopsafdu7q454byxid\.onion$/i"; classtype:trojan-activity; sid:37337071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain fpfjxcrmw437h6z2xl3w4czl55kvkmxpapg37bbopsafdu7q454byxid.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fpfjxcrmw437h6z2xl3w4czl55kvkmxpapg37bbopsafdu7q454byxid.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fpfjxcrmw437h6z2xl3w4czl55kvkmxpapg37bbopsafdu7q454byxid\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3oqfoprid.onion"; dns.query; content:"guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3oqfoprid.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3oqfoprid\.onion$/i"; classtype:trojan-activity; sid:37337081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3oqfoprid.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3oqfoprid.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3oqfoprid\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337082; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion"; dns.query; content:"hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid\.onion$/i"; classtype:trojan-activity; sid:37337091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337092; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion"; dns.query; content:"juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd\.onion$/i"; classtype:trojan-activity; sid:37337101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337102; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain ncidetfs7banpz2d7vpndev5somwoki5vwdpfty2k7javniujekit6ad.onion"; dns.query; content:"ncidetfs7banpz2d7vpndev5somwoki5vwdpfty2k7javniujekit6ad.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])ncidetfs7banpz2d7vpndev5somwoki5vwdpfty2k7javniujekit6ad\.onion$/i"; classtype:trojan-activity; sid:37337111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain ncidetfs7banpz2d7vpndev5somwoki5vwdpfty2k7javniujekit6ad.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ncidetfs7banpz2d7vpndev5somwoki5vwdpfty2k7javniujekit6ad.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ncidetfs7banpz2d7vpndev5somwoki5vwdpfty2k7javniujekit6ad\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337112; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion"; dns.query; content:"nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd\.onion$/i"; classtype:trojan-activity; sid:37337121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337122; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain onionamev33r7w4zckyttobq3vrt725iuyr6xessihxifhxrhupixqad.onion"; dns.query; content:"onionamev33r7w4zckyttobq3vrt725iuyr6xessihxifhxrhupixqad.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])onionamev33r7w4zckyttobq3vrt725iuyr6xessihxifhxrhupixqad\.onion$/i"; classtype:trojan-activity; sid:37337131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain onionamev33r7w4zckyttobq3vrt725iuyr6xessihxifhxrhupixqad.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onionamev33r7w4zckyttobq3vrt725iuyr6xessihxifhxrhupixqad.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onionamev33r7w4zckyttobq3vrt725iuyr6xessihxifhxrhupixqad\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337132; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion"; dns.query; content:"p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd\.onion$/i"; classtype:trojan-activity; sid:37337141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337142; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion"; dns.query; content:"protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd\.onion$/i"; classtype:trojan-activity; sid:37337151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337152; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion"; dns.query; content:"reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad\.onion$/i"; classtype:trojan-activity; sid:37337161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337162; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion"; dns.query; content:"torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad\.onion$/i"; classtype:trojan-activity; sid:37337171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337172; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion"; dns.query; content:"vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd\.onion$/i"; classtype:trojan-activity; sid:37337181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion"; dns.query; content:"wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad\.onion$/i"; classtype:trojan-activity; sid:37337191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337192; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain zerobinftagjpeeebbvyzjcqyjpmjvynj5qlexwyxe7l3vqejxnqv5qd.onion"; dns.query; content:"zerobinftagjpeeebbvyzjcqyjpmjvynj5qlexwyxe7l3vqejxnqv5qd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])zerobinftagjpeeebbvyzjcqyjpmjvynj5qlexwyxe7l3vqejxnqv5qd\.onion$/i"; classtype:trojan-activity; sid:37337201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain zerobinftagjpeeebbvyzjcqyjpmjvynj5qlexwyxe7l3vqejxnqv5qd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zerobinftagjpeeebbvyzjcqyjpmjvynj5qlexwyxe7l3vqejxnqv5qd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zerobinftagjpeeebbvyzjcqyjpmjvynj5qlexwyxe7l3vqejxnqv5qd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337202; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert dns any any -> any any (msg: "MISP e26494 [] Domain zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion"; dns.query; content:"zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad\.onion$/i"; classtype:trojan-activity; sid:37337211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26494 [] Outgoing HTTP Domain zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26494;) alert ip 88.214.26.22 any -> $HOME_NET any (msg: "MISP e26488 [] Incoming From IP: 88.214.26.22"; classtype:trojan-activity; sid:37332161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert ip 193.29.13.167 any -> $HOME_NET any (msg: "MISP e26488 [] Incoming From IP: 193.29.13.167"; classtype:trojan-activity; sid:37332171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert dns any any -> any any (msg: "MISP e26488 [] Domain linksammosupply.com"; dns.query; content:"linksammosupply.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])linksammosupply\.com$/i"; classtype:trojan-activity; sid:37332181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26488 [] Outgoing HTTP Domain linksammosupply.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"linksammosupply.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])linksammosupply\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37332182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert dns any any -> any any (msg: "MISP e26488 [] Domain maconlineoffice.com"; dns.query; content:"maconlineoffice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])maconlineoffice\.com$/i"; classtype:trojan-activity; sid:37332191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26488 [] Outgoing HTTP Domain maconlineoffice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maconlineoffice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maconlineoffice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37332192; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert dns any any -> any any (msg: "MISP e26488 [] Domain sarkerrentacars.com"; dns.query; content:"sarkerrentacars.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sarkerrentacars\.com$/i"; classtype:trojan-activity; sid:37332201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26488 [] Outgoing HTTP Domain sarkerrentacars.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sarkerrentacars.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sarkerrentacars\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37332202; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert dns any any -> any any (msg: "MISP e26488 [] Domain serviceicloud.com"; dns.query; content:"serviceicloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])serviceicloud\.com$/i"; classtype:trojan-activity; sid:37332211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26488 [] Outgoing HTTP Domain serviceicloud.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"serviceicloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])serviceicloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37332212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert dns any any -> any any (msg: "MISP e26488 [] Domain turkishfurniture.blog"; dns.query; content:"turkishfurniture.blog"; nocase; pcre: "/(^|[^A-Za-z0-9-])turkishfurniture\.blog$/i"; classtype:trojan-activity; sid:37332221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26488 [] Outgoing HTTP Domain turkishfurniture.blog"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"turkishfurniture.blog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])turkishfurniture\.blog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37332222; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26488 [] Outgoing URL http|3a|//linksammosupply.com/VisualStudioUpdater"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/VisualStudioUpdater"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37332231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26488 [] Outgoing URL http|3a|//linksammosupply.com/VisualStudioUpdaterLs2"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/VisualStudioUpdaterLs2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37332241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26488 [] Outgoing URL http|3a|//linksammosupply.com/zshrc2"; flow:to_server,established; http.header; content:"linksammosupply.com"; fast_pattern; nocase; http.uri; content:"/zshrc2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37332251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26488;) alert ip 139.84.237.229 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 139.84.237.229"; classtype:trojan-activity; sid:37337461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 23.226.138.143 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 23.226.138.143"; classtype:trojan-activity; sid:37337471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 104.129.55.103 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 104.129.55.103"; classtype:trojan-activity; sid:37337481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 104.129.55.104 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 104.129.55.104"; classtype:trojan-activity; sid:37337491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 158.220.80.157 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 158.220.80.157"; classtype:trojan-activity; sid:37337501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 158.220.80.167 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 158.220.80.167"; classtype:trojan-activity; sid:37337511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 178.18.246.136 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 178.18.246.136"; classtype:trojan-activity; sid:37337521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 23.226.138.161 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 23.226.138.161"; classtype:trojan-activity; sid:37337531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 37.60.242.85 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 37.60.242.85"; classtype:trojan-activity; sid:37337541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 37.60.242.86 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 37.60.242.86"; classtype:trojan-activity; sid:37337551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 65.20.66.218 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 65.20.66.218"; classtype:trojan-activity; sid:37337561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 85.239.243.155 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 85.239.243.155"; classtype:trojan-activity; sid:37337571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 95.179.191.137 any -> $HOME_NET any (msg: "MISP e26495 [] Incoming From IP: 95.179.191.137"; classtype:trojan-activity; sid:37337581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 104.129.55.103 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//104.129.55.103"; flow:to_server,established; http.header; content:"104.129.55.103"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 104.129.55.104 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//104.129.55.104"; flow:to_server,established; http.header; content:"104.129.55.104"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 139.84.237.229 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//139.84.237.229"; flow:to_server,established; http.header; content:"139.84.237.229"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 158.220.80.157 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//158.220.80.157"; flow:to_server,established; http.header; content:"158.220.80.157"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 158.220.80.167 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//158.220.80.167"; flow:to_server,established; http.header; content:"158.220.80.167"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 178.18.246.136 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//178.18.246.136"; flow:to_server,established; http.header; content:"178.18.246.136"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 23.226.138.143 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//23.226.138.143"; flow:to_server,established; http.header; content:"23.226.138.143"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 23.226.138.161 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//23.226.138.161"; flow:to_server,established; http.header; content:"23.226.138.161"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 37.60.242.85 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//37.60.242.85"; flow:to_server,established; http.header; content:"37.60.242.85"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 37.60.242.86 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//37.60.242.86"; flow:to_server,established; http.header; content:"37.60.242.86"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 65.20.66.218 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//65.20.66.218"; flow:to_server,established; http.header; content:"65.20.66.218"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 85.239.243.155 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//85.239.243.155"; flow:to_server,established; http.header; content:"85.239.243.155"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert http $HOME_NET any -> 95.179.191.137 $HTTP_PORTS (msg: "MISP e26495 [] Outgoing URL http|3a|//95.179.191.137"; flow:to_server,established; http.header; content:"95.179.191.137"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26495;) alert ip 159.65.123.122 any -> $HOME_NET any (msg: "MISP e26496 [] Incoming From IP: 159.65.123.122"; classtype:trojan-activity; sid:37337771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26496;) alert dns any any -> any any (msg: "MISP e26489 [] Domain weareelight.com"; dns.query; content:"weareelight.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])weareelight\.com$/i"; classtype:trojan-activity; sid:37332961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain weareelight.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"weareelight.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])weareelight\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37332962; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert dns any any -> any any (msg: "MISP e26489 [] Domain onualituyrs.org"; dns.query; content:"onualituyrs.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])onualituyrs\.org$/i"; classtype:trojan-activity; sid:37332971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain onualituyrs.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onualituyrs.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onualituyrs\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37332972; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert dns any any -> any any (msg: "MISP e26489 [] Domain snukerukeutit.org"; dns.query; content:"snukerukeutit.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])snukerukeutit\.org$/i"; classtype:trojan-activity; sid:37332981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain snukerukeutit.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"snukerukeutit.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])snukerukeutit\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37332982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert dns any any -> any any (msg: "MISP e26489 [] Domain stualialuyastrelia.net"; dns.query; content:"stualialuyastrelia.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])stualialuyastrelia\.net$/i"; classtype:trojan-activity; sid:37332991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain stualialuyastrelia.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stualialuyastrelia.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stualialuyastrelia\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37332992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert dns any any -> any any (msg: "MISP e26489 [] Domain sumagulituyo.org"; dns.query; content:"sumagulituyo.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])sumagulituyo\.org$/i"; classtype:trojan-activity; sid:37333001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain sumagulituyo.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sumagulituyo.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sumagulituyo\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37333002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert dns any any -> any any (msg: "MISP e26489 [] Domain criogetikfenbut.org"; dns.query; content:"criogetikfenbut.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])criogetikfenbut\.org$/i"; classtype:trojan-activity; sid:37333011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain criogetikfenbut.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"criogetikfenbut.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])criogetikfenbut\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37333012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert dns any any -> any any (msg: "MISP e26489 [] Domain dpav.cc"; dns.query; content:"dpav.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])dpav\.cc$/i"; classtype:trojan-activity; sid:37333021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain dpav.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dpav.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dpav\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37333022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert dns any any -> any any (msg: "MISP e26489 [] Domain humydrole.com"; dns.query; content:"humydrole.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])humydrole\.com$/i"; classtype:trojan-activity; sid:37333031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain humydrole.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"humydrole.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])humydrole\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37333032; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert dns any any -> any any (msg: "MISP e26489 [] Domain kggcp.com"; dns.query; content:"kggcp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kggcp\.com$/i"; classtype:trojan-activity; sid:37333041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain kggcp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kggcp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kggcp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37333042; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert dns any any -> any any (msg: "MISP e26489 [] Domain kumbuyartyty.net"; dns.query; content:"kumbuyartyty.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])kumbuyartyty\.net$/i"; classtype:trojan-activity; sid:37333051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain kumbuyartyty.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kumbuyartyty.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kumbuyartyty\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37333052; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert dns any any -> any any (msg: "MISP e26489 [] Domain lightseinsteniki.org"; dns.query; content:"lightseinsteniki.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])lightseinsteniki\.org$/i"; classtype:trojan-activity; sid:37333061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain lightseinsteniki.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lightseinsteniki.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lightseinsteniki\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37333062; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert dns any any -> any any (msg: "MISP e26489 [] Domain liuliuoumumy.org"; dns.query; content:"liuliuoumumy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])liuliuoumumy\.org$/i"; classtype:trojan-activity; sid:37333071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26489 [] Outgoing HTTP Domain liuliuoumumy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liuliuoumumy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liuliuoumumy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37333072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26489;) alert ip 84.32.189.74 any -> $HOME_NET any (msg: "MISP e26490 [] Incoming From IP: 84.32.189.74"; classtype:trojan-activity; sid:37333991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert ip 179.43.172.127 any -> $HOME_NET any (msg: "MISP e26490 [] Incoming From IP: 179.43.172.127"; classtype:trojan-activity; sid:37334001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert ip 179.43.172.191 any -> $HOME_NET any (msg: "MISP e26490 [] Incoming From IP: 179.43.172.191"; classtype:trojan-activity; sid:37334011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert ip 64.31.63.70 any -> $HOME_NET any (msg: "MISP e26490 [] Incoming From IP: 64.31.63.70"; classtype:trojan-activity; sid:37334021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert ip 64.31.63.194 any -> $HOME_NET any (msg: "MISP e26490 [] Incoming From IP: 64.31.63.194"; classtype:trojan-activity; sid:37334031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74"; flow:to_server,established; http.header; content:"84.32.189.74"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/xampp/"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/xampp/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/webdav/"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/webdav/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/pictures"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/pictures"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/pictures/photo_2023-12-29.jpg.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/pictures/photo_2023-12-29.jpg.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/pictures/Thumbs.db"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/pictures/Thumbs.db"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/pictures/2.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/pictures/2.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/pictures/a2.zip"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/pictures/a2.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/pictures/a2.zip/a2.cmd"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/pictures/a2.zip/a2.cmd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/pictures/b3.dll"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/pictures/b3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/pictures/7z.dll"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/pictures/7z.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/pictures/7z.exe"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/pictures/7z.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/pictures/photo_2023-12-29s.jpg"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/pictures/photo_2023-12-29s.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/pictures/My2.zip"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/pictures/My2.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/images"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/images"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/images/photo_2023-12-29.jpg.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/images/photo_2023-12-29.jpg.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/images/Thumbs.db"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/images/Thumbs.db"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/images/2.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/images/2.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/images/a2.zip"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/images/a2.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/images/a2.zip/a2.cmd"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/images/a2.zip/a2.cmd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/images/b3.dll"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/images/b3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/images/7z.dll"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/images/7z.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/images/7z.exe"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/images/7z.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/images/photo_2023-12-29s.jpg"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/images/photo_2023-12-29s.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/images/My2.zip"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/images/My2.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/net"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/net/photo_2023-12-29.jpg.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/net/photo_2023-12-29.jpg.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/net/Thumbs.db"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/net/Thumbs.db"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/net/2.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/net/2.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/net/a2.zip"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/net/a2.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/net/a2.zip/a2.cmd"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/net/a2.zip/a2.cmd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/net/b3.dll"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/net/b3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/net/7z.dll"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/net/7z.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/net/7z.exe"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/net/7z.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/net/photo_2023-12-29s.jpg"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/net/photo_2023-12-29s.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/fxbulls/net/My2.zip"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/fxbulls/net/My2.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/docs"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/docs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/docs/7z.zip"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/docs/7z.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/docs/passport.jpg.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/docs/passport.jpg.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/docs/warop.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/docs/warop.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/expand"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/expand"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/expand/7z.zip"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/expand/7z.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/expand/photo_2023-12-26.jpg.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/expand/photo_2023-12-26.jpg.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/expand/warop.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/expand/warop.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/society"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/society"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/society/7z.zip"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/society/7z.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/society/photo_2023-12-26.jpg.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/society/photo_2023-12-26.jpg.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert http $HOME_NET any -> 84.32.189.74 $HTTP_PORTS (msg: "MISP e26490 [] Outgoing URL http|3a|//84.32.189.74/underwall/society/warop.url"; flow:to_server,established; http.header; content:"84.32.189.74"; fast_pattern; nocase; http.uri; content:"/underwall/society/warop.url"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37334561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26490;) alert ip 49.13.76.144 any -> $HOME_NET any (msg: "MISP e26491 [] Incoming From IP: 49.13.76.144"; classtype:trojan-activity; sid:37335171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26491;) alert dns any any -> any any (msg: "MISP e26491 [] Domain q905hr35.life"; dns.query; content:"q905hr35.life"; nocase; pcre: "/(^|[^A-Za-z0-9-])q905hr35\.life$/i"; classtype:trojan-activity; sid:37335181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26491;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26491 [] Outgoing HTTP Domain q905hr35.life"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"q905hr35.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])q905hr35\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37335182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26491;) alert http $HOME_NET any -> 213.139.205.131 $HTTP_PORTS (msg: "MISP e26491 [] Outgoing URL http|3a|//213.139.205.131/update_ver"; flow:to_server,established; http.header; content:"213.139.205.131"; fast_pattern; nocase; http.uri; content:"/update_ver"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37335211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26491;) alert http $HOME_NET any -> 213.139.205.131 $HTTP_PORTS (msg: "MISP e26491 [] Outgoing URL http|3a|//213.139.205.131/w_ver.dat"; flow:to_server,established; http.header; content:"213.139.205.131"; fast_pattern; nocase; http.uri; content:"/w_ver.dat"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37335221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26491;) alert ip 47.245.118.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.245.118.136"; classtype:trojan-activity; sid:37305671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.72.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.72.193"; classtype:trojan-activity; sid:37305681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.19.191.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.19.191.193"; classtype:trojan-activity; sid:37305691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.178.214.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.214.25"; classtype:trojan-activity; sid:37305701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 145.255.5.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 145.255.5.76"; classtype:trojan-activity; sid:37305711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 173.248.237.221 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.248.237.221"; classtype:trojan-activity; sid:37305721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.232.6.67 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.6.67"; classtype:trojan-activity; sid:37305731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.100.53.145 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.100.53.145"; classtype:trojan-activity; sid:37305741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.158.103.138 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.103.138"; classtype:trojan-activity; sid:37305751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.178.68.8 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.68.8"; classtype:trojan-activity; sid:37305761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 187.137.241.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.137.241.178"; classtype:trojan-activity; sid:37305771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.188.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.188.96"; classtype:trojan-activity; sid:37305781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.253.246.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.253.246.239"; classtype:trojan-activity; sid:37305791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 200.207.201.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.207.201.63"; classtype:trojan-activity; sid:37305801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.156.187.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.156.187.157"; classtype:trojan-activity; sid:37305811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.142.12.30 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.12.30"; classtype:trojan-activity; sid:37305821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.251.251.39 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.251.251.39"; classtype:trojan-activity; sid:37305831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.89.229.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.229.254"; classtype:trojan-activity; sid:37305841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 115.23.75.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.23.75.168"; classtype:trojan-activity; sid:37305851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.42.28.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.42.28.34"; classtype:trojan-activity; sid:37305861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 58.210.241.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.210.241.5"; classtype:trojan-activity; sid:37305871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.232.234.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.234.239"; classtype:trojan-activity; sid:37305881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.156.241.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.241.218"; classtype:trojan-activity; sid:37305891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 171.244.37.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.244.37.96"; classtype:trojan-activity; sid:37305901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.222.159.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.159.96"; classtype:trojan-activity; sid:37305911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.144.232.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.144.232.75"; classtype:trojan-activity; sid:37305921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.13.132.116 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.13.132.116"; classtype:trojan-activity; sid:37305931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.99.113.35 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.113.35"; classtype:trojan-activity; sid:37305941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.46.52.14 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.52.14"; classtype:trojan-activity; sid:37305951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.12.133.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.133.92"; classtype:trojan-activity; sid:37305961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.80.228.228 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.80.228.228"; classtype:trojan-activity; sid:37305971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 50.7.196.18 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.7.196.18"; classtype:trojan-activity; sid:37305981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.136.105.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.105.91"; classtype:trojan-activity; sid:37305991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.8.185.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.8.185.12"; classtype:trojan-activity; sid:37306001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 218.255.245.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.255.245.10"; classtype:trojan-activity; sid:37306011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.32.145.102 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.145.102"; classtype:trojan-activity; sid:37306021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.69.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.69.155"; classtype:trojan-activity; sid:37306031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.62.40.68 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.40.68"; classtype:trojan-activity; sid:37306041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.154.93.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.93.77"; classtype:trojan-activity; sid:37306051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.44.227 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.44.227"; classtype:trojan-activity; sid:37306061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.126.69.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.69.23"; classtype:trojan-activity; sid:37306071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.110.86.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.110.86.62"; classtype:trojan-activity; sid:37306081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 221.163.124.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.163.124.200"; classtype:trojan-activity; sid:37306091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.116.38.108 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.116.38.108"; classtype:trojan-activity; sid:37306101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 113.193.234.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.193.234.210"; classtype:trojan-activity; sid:37306111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 113.104.165.195 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.104.165.195"; classtype:trojan-activity; sid:37306121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.57.16.58 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.57.16.58"; classtype:trojan-activity; sid:37306131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 54.36.40.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.36.40.120"; classtype:trojan-activity; sid:37306141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 46.40.52.67 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.40.52.67"; classtype:trojan-activity; sid:37306151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 131.255.212.139 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 131.255.212.139"; classtype:trojan-activity; sid:37306161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.176.20.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.176.20.17"; classtype:trojan-activity; sid:37306171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 184.147.71.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.147.71.152"; classtype:trojan-activity; sid:37306181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 213.114.146.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.114.146.142"; classtype:trojan-activity; sid:37306191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 183.150.182.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.150.182.186"; classtype:trojan-activity; sid:37306201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 142.4.1.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.4.1.183"; classtype:trojan-activity; sid:37306211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 128.199.202.79 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.202.79"; classtype:trojan-activity; sid:37306221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.199.182.205 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.199.182.205"; classtype:trojan-activity; sid:37306231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.2.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.2.75"; classtype:trojan-activity; sid:37306241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.122.147.195 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.122.147.195"; classtype:trojan-activity; sid:37306251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.51.169.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.51.169.25"; classtype:trojan-activity; sid:37306261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 195.154.105.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.154.105.43"; classtype:trojan-activity; sid:37306271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.251.237.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.251.237.172"; classtype:trojan-activity; sid:37306281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.20.246.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.20.246.131"; classtype:trojan-activity; sid:37306291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.19.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.19.4"; classtype:trojan-activity; sid:37306301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.230.57.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.57.77"; classtype:trojan-activity; sid:37306311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.222.52.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.52.172"; classtype:trojan-activity; sid:37306321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.252.31.196 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.252.31.196"; classtype:trojan-activity; sid:37306331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.222.42.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.42.91"; classtype:trojan-activity; sid:37306341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.145.142.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.145.142.44"; classtype:trojan-activity; sid:37306351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 222.96.27.50 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.96.27.50"; classtype:trojan-activity; sid:37306361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.47.180.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.47.180.25"; classtype:trojan-activity; sid:37306371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.40.185.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.185.4"; classtype:trojan-activity; sid:37306381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 140.238.1.87 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.238.1.87"; classtype:trojan-activity; sid:37306391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.87.95.130 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.87.95.130"; classtype:trojan-activity; sid:37306401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.171.131.118 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.171.131.118"; classtype:trojan-activity; sid:37306411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.247.164.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.247.164.44"; classtype:trojan-activity; sid:37306421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.140.199.211 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.199.211"; classtype:trojan-activity; sid:37306431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.132.235.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.235.63"; classtype:trojan-activity; sid:37306441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.23.143.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.23.143.193"; classtype:trojan-activity; sid:37306451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.35.21.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.21.136"; classtype:trojan-activity; sid:37306461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.235.226.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.235.226.112"; classtype:trojan-activity; sid:37306471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.211.117.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.211.117.22"; classtype:trojan-activity; sid:37306481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 164.128.142.212 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.128.142.212"; classtype:trojan-activity; sid:37306491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.132.232.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.232.26"; classtype:trojan-activity; sid:37306501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.178.20.143 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.20.143"; classtype:trojan-activity; sid:37306511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 220.189.194.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.189.194.182"; classtype:trojan-activity; sid:37306521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.248.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.248.218"; classtype:trojan-activity; sid:37306531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.229.189.80 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.229.189.80"; classtype:trojan-activity; sid:37306541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 213.225.3.105 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.225.3.105"; classtype:trojan-activity; sid:37306551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.34.207.180 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.207.180"; classtype:trojan-activity; sid:37306561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 128.199.195.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.195.92"; classtype:trojan-activity; sid:37306571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.231.80.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.80.10"; classtype:trojan-activity; sid:37306581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.40.253.188 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.40.253.188"; classtype:trojan-activity; sid:37306591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.212.195 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.212.195"; classtype:trojan-activity; sid:37306601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 80.190.174.169 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.190.174.169"; classtype:trojan-activity; sid:37306611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.29.237.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.237.24"; classtype:trojan-activity; sid:37306621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.155.15.109 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.155.15.109"; classtype:trojan-activity; sid:37306631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 109.91.155.213 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.91.155.213"; classtype:trojan-activity; sid:37306641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.249.111.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.249.111.40"; classtype:trojan-activity; sid:37306651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.56.127 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.56.127"; classtype:trojan-activity; sid:37306661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.231.3.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.3.73"; classtype:trojan-activity; sid:37306671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.250.49.238 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.238"; classtype:trojan-activity; sid:37306681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.216.197 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.216.197"; classtype:trojan-activity; sid:37306691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.22.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.22.178"; classtype:trojan-activity; sid:37306701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 42.194.151.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.151.198"; classtype:trojan-activity; sid:37306711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 195.20.241.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.20.241.60"; classtype:trojan-activity; sid:37306721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.234.227.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.234.227.141"; classtype:trojan-activity; sid:37306731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.229.189.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.189.31"; classtype:trojan-activity; sid:37306741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.116.57.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.116.57.36"; classtype:trojan-activity; sid:37306751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 27.128.169.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.169.104"; classtype:trojan-activity; sid:37306761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 84.216.163.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.216.163.193"; classtype:trojan-activity; sid:37306771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 145.14.134.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 145.14.134.224"; classtype:trojan-activity; sid:37306781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.238.83.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.238.83.43"; classtype:trojan-activity; sid:37306791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 156.231.0.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.231.0.64"; classtype:trojan-activity; sid:37306801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.130.212.105 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.212.105"; classtype:trojan-activity; sid:37306811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.29.174.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.29.174.17"; classtype:trojan-activity; sid:37306821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.198.35.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.198.35.186"; classtype:trojan-activity; sid:37306831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.180.98.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.180.98.231"; classtype:trojan-activity; sid:37306841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 179.1.85.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.1.85.121"; classtype:trojan-activity; sid:37306851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.167.165.54 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.167.165.54"; classtype:trojan-activity; sid:37306861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 93.133.60.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.133.60.84"; classtype:trojan-activity; sid:37306871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.52.230.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.230.254"; classtype:trojan-activity; sid:37306881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.118.219.59 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.118.219.59"; classtype:trojan-activity; sid:37306891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 222.186.172.46 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.186.172.46"; classtype:trojan-activity; sid:37306901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.79.34.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.79.34.90"; classtype:trojan-activity; sid:37306911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.147.188.238 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.147.188.238"; classtype:trojan-activity; sid:37306921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.243.64.209 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.243.64.209"; classtype:trojan-activity; sid:37306931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 138.59.97.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.59.97.154"; classtype:trojan-activity; sid:37306941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.32.162.18 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.162.18"; classtype:trojan-activity; sid:37306951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.228.7.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.228.7.17"; classtype:trojan-activity; sid:37306961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.113.17.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.113.17.210"; classtype:trojan-activity; sid:37306971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.184.139.166 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.184.139.166"; classtype:trojan-activity; sid:37306981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 179.43.159.196 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.43.159.196"; classtype:trojan-activity; sid:37306991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.14.110.225 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.110.225"; classtype:trojan-activity; sid:37307001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.48.129.162 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.129.162"; classtype:trojan-activity; sid:37307011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.214.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.214.155"; classtype:trojan-activity; sid:37307021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.195.208.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.208.222"; classtype:trojan-activity; sid:37307031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.153 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.153"; classtype:trojan-activity; sid:37307041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.188 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.188"; classtype:trojan-activity; sid:37307051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.4.175.99 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.175.99"; classtype:trojan-activity; sid:37307061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.206.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.206.76"; classtype:trojan-activity; sid:37307071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 171.25.193.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.25.193.77"; classtype:trojan-activity; sid:37307081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.43.235.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.43.235.75"; classtype:trojan-activity; sid:37307091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.145.147.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.145.147.112"; classtype:trojan-activity; sid:37307101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.241.208.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.241.208.206"; classtype:trojan-activity; sid:37307111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.176.190.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.176.190.90"; classtype:trojan-activity; sid:37307121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.125.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.125.189"; classtype:trojan-activity; sid:37307131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.127.99.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.127.99.81"; classtype:trojan-activity; sid:37307141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.222.232.27 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.232.27"; classtype:trojan-activity; sid:37307151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.247.154.195 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.247.154.195"; classtype:trojan-activity; sid:37307161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.82.110.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.82.110.34"; classtype:trojan-activity; sid:37307171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 60.220.185.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.220.185.22"; classtype:trojan-activity; sid:37307181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 221.132.33.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.132.33.165"; classtype:trojan-activity; sid:37307191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 18.144.49.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 18.144.49.183"; classtype:trojan-activity; sid:37307201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.184.1.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.184.1.248"; classtype:trojan-activity; sid:37307211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.75.77.242 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.75.77.242"; classtype:trojan-activity; sid:37307221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.76.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.76.183"; classtype:trojan-activity; sid:37307231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.150.115.124 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.150.115.124"; classtype:trojan-activity; sid:37307241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.166.56 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.166.56"; classtype:trojan-activity; sid:37307251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.48.137.18 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.48.137.18"; classtype:trojan-activity; sid:37307261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 66.128.42.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.128.42.24"; classtype:trojan-activity; sid:37307271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.9.246.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.9.246.34"; classtype:trojan-activity; sid:37307281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.247.59 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.247.59"; classtype:trojan-activity; sid:37307291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.53.20.228 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.20.228"; classtype:trojan-activity; sid:37307301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 42.193.51.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.51.17"; classtype:trojan-activity; sid:37307311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 112.64.33.38 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.64.33.38"; classtype:trojan-activity; sid:37307321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.172.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.172.6"; classtype:trojan-activity; sid:37307331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.183.154.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.154.146"; classtype:trojan-activity; sid:37307341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.44.124 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.44.124"; classtype:trojan-activity; sid:37307351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.191.63.194 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.191.63.194"; classtype:trojan-activity; sid:37307361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.222.180.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.180.25"; classtype:trojan-activity; sid:37307371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.68.92.113 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.92.113"; classtype:trojan-activity; sid:37307381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.35.234.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.234.126"; classtype:trojan-activity; sid:37307391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.110.213.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.213.55"; classtype:trojan-activity; sid:37307401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 138.197.131.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.131.5"; classtype:trojan-activity; sid:37307411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 59.2.250.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.2.250.144"; classtype:trojan-activity; sid:37307421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 144.126.157.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.126.157.154"; classtype:trojan-activity; sid:37307431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.234.29.107 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.29.107"; classtype:trojan-activity; sid:37307441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.183.80.132 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.80.132"; classtype:trojan-activity; sid:37307451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.251.85.118 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.251.85.118"; classtype:trojan-activity; sid:37307461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.2.220.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.2.220.3"; classtype:trojan-activity; sid:37307471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.172.97.39 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.97.39"; classtype:trojan-activity; sid:37307481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.143.230.78 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.143.230.78"; classtype:trojan-activity; sid:37307491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 219.79.142.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.79.142.81"; classtype:trojan-activity; sid:37307501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.181.240 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.181.240"; classtype:trojan-activity; sid:37307511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.120.187 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.120.187"; classtype:trojan-activity; sid:37307521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.199.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.199.62"; classtype:trojan-activity; sid:37307531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.229.116 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.229.116"; classtype:trojan-activity; sid:37307541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 66.170.209.129 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.170.209.129"; classtype:trojan-activity; sid:37307551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.52.242 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.52.242"; classtype:trojan-activity; sid:37307561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 42.192.227.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.227.34"; classtype:trojan-activity; sid:37307571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.233.94 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.233.94"; classtype:trojan-activity; sid:37307581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 138.197.90.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.90.222"; classtype:trojan-activity; sid:37307591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.140.221.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.221.64"; classtype:trojan-activity; sid:37307601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.42.73.122 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.73.122"; classtype:trojan-activity; sid:37307611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.243.127.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.243.127.74"; classtype:trojan-activity; sid:37307621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.232.247.233 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.247.233"; classtype:trojan-activity; sid:37307631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.213.167.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.213.167.10"; classtype:trojan-activity; sid:37307641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.34.252.117 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.252.117"; classtype:trojan-activity; sid:37307651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.28.129.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.129.131"; classtype:trojan-activity; sid:37307661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26444 [dcrat] Outgoing URL http|3a|//gafisezs.beget.tech/providervmto.php"; flow:to_server,established; http.header; content:"gafisezs.beget.tech"; fast_pattern; nocase; http.uri; content:"/providervmto.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37299711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip 116.105.209.20 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.105.209.20"; classtype:trojan-activity; sid:37307671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 79.241.23.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.241.23.200"; classtype:trojan-activity; sid:37307681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.157.66 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.157.66"; classtype:trojan-activity; sid:37307691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.91.233.83 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.233.83"; classtype:trojan-activity; sid:37307701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 79.124.62.59 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.124.62.59"; classtype:trojan-activity; sid:37307711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.170.110.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.110.248"; classtype:trojan-activity; sid:37307721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.34.53.158 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.53.158"; classtype:trojan-activity; sid:37307731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.250.34.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.34.22"; classtype:trojan-activity; sid:37307741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.233.67.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.233.67.55"; classtype:trojan-activity; sid:37307751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 42.193.43.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.43.190"; classtype:trojan-activity; sid:37307761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 133.186.211.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 133.186.211.96"; classtype:trojan-activity; sid:37307771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.247.178.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.247.178.81"; classtype:trojan-activity; sid:37307781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.207.74.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.74.248"; classtype:trojan-activity; sid:37307791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.234.214 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.234.214"; classtype:trojan-activity; sid:37307801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 200.155.147.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.155.147.10"; classtype:trojan-activity; sid:37307811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.233.21.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.233.21.60"; classtype:trojan-activity; sid:37307821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.34.130.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.130.178"; classtype:trojan-activity; sid:37307831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.152.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.152.11"; classtype:trojan-activity; sid:37307841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.202.78 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.202.78"; classtype:trojan-activity; sid:37307851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.195.248.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.195.248.144"; classtype:trojan-activity; sid:37307861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.71.41.151 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.71.41.151"; classtype:trojan-activity; sid:37307871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.47.225 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.47.225"; classtype:trojan-activity; sid:37307881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.181.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.181.5"; classtype:trojan-activity; sid:37307891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.158.12.65 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.12.65"; classtype:trojan-activity; sid:37307901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.156.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.156.148"; classtype:trojan-activity; sid:37307911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.229.97 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.229.97"; classtype:trojan-activity; sid:37307921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.67.166.19 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.67.166.19"; classtype:trojan-activity; sid:37307931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.105 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.105"; classtype:trojan-activity; sid:37307941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.222.11.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.11.75"; classtype:trojan-activity; sid:37307951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.183.49.87 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.183.49.87"; classtype:trojan-activity; sid:37307961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.142.127.35 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.127.35"; classtype:trojan-activity; sid:37307971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.225.207.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.225.207.84"; classtype:trojan-activity; sid:37307981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.202.11.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.202.11.146"; classtype:trojan-activity; sid:37307991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.112.111.207 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.112.111.207"; classtype:trojan-activity; sid:37308001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.143.255.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.143.255.43"; classtype:trojan-activity; sid:37308011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.108.240.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.108.240.199"; classtype:trojan-activity; sid:37308021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.110.213.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.213.62"; classtype:trojan-activity; sid:37308031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 85.240.46.138 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.240.46.138"; classtype:trojan-activity; sid:37308041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 89.223.120.225 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.223.120.225"; classtype:trojan-activity; sid:37308051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.248.23.51 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.248.23.51"; classtype:trojan-activity; sid:37308061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.184.163 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.184.163"; classtype:trojan-activity; sid:37308071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.220.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.220.3"; classtype:trojan-activity; sid:37308081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.232.220.113 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.220.113"; classtype:trojan-activity; sid:37308091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 223.100.28.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.100.28.112"; classtype:trojan-activity; sid:37308101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.33.210.253 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.210.253"; classtype:trojan-activity; sid:37308111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.45.20 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.45.20"; classtype:trojan-activity; sid:37308121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.181.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.181.104"; classtype:trojan-activity; sid:37308131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.53.50.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.50.135"; classtype:trojan-activity; sid:37308141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.190.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.190.193"; classtype:trojan-activity; sid:37308151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.248.34.110 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.34.110"; classtype:trojan-activity; sid:37308161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.2.242.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.2.242.136"; classtype:trojan-activity; sid:37308171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.94.4.16 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.94.4.16"; classtype:trojan-activity; sid:37308181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 163.197.242.46 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.197.242.46"; classtype:trojan-activity; sid:37308191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.242.168.227 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.242.168.227"; classtype:trojan-activity; sid:37308201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 141.223.63.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.223.63.172"; classtype:trojan-activity; sid:37308211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.156.178.118 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.178.118"; classtype:trojan-activity; sid:37308221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.44.96.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.44.96.254"; classtype:trojan-activity; sid:37308231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.34.238.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.238.155"; classtype:trojan-activity; sid:37308241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.108 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.108"; classtype:trojan-activity; sid:37308251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.247.74.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.247.74.200"; classtype:trojan-activity; sid:37308261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 218.55.114.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.55.114.52"; classtype:trojan-activity; sid:37308271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 156.200.117.117 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.200.117.117"; classtype:trojan-activity; sid:37308281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 54.38.55.13 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.38.55.13"; classtype:trojan-activity; sid:37308291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.133.113.89 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.113.89"; classtype:trojan-activity; sid:37308301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.161.18.53 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.161.18.53"; classtype:trojan-activity; sid:37308311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.15.158.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.15.158.165"; classtype:trojan-activity; sid:37308321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.51.102.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.102.206"; classtype:trojan-activity; sid:37308331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.13.248.53 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.13.248.53"; classtype:trojan-activity; sid:37308341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.126.4.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.4.215"; classtype:trojan-activity; sid:37308351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.99.189.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.189.186"; classtype:trojan-activity; sid:37308361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.42.179 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.42.179"; classtype:trojan-activity; sid:37308371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 223.197.175.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.197.175.91"; classtype:trojan-activity; sid:37308381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.111.78.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.111.78.155"; classtype:trojan-activity; sid:37308391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.112.221.161 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.112.221.161"; classtype:trojan-activity; sid:37308401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.133"; classtype:trojan-activity; sid:37308411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.136.112.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.112.234"; classtype:trojan-activity; sid:37308421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.84.226.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.84.226.236"; classtype:trojan-activity; sid:37308431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 42.192.108.39 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.108.39"; classtype:trojan-activity; sid:37308441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 3.108.0.156 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 3.108.0.156"; classtype:trojan-activity; sid:37308451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.139.170.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.139.170.6"; classtype:trojan-activity; sid:37308461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.178.238.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.238.3"; classtype:trojan-activity; sid:37308471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.188.67.20 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.188.67.20"; classtype:trojan-activity; sid:37308481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.99.80.28 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.99.80.28"; classtype:trojan-activity; sid:37308491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.177.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.177.90"; classtype:trojan-activity; sid:37308501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.162 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.162"; classtype:trojan-activity; sid:37308511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 164.90.199.99 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.199.99"; classtype:trojan-activity; sid:37308521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 189.136.213.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.136.213.249"; classtype:trojan-activity; sid:37308531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 176.120.75.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.120.75.149"; classtype:trojan-activity; sid:37308541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.110 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.110"; classtype:trojan-activity; sid:37308551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 94.102.51.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.102.51.15"; classtype:trojan-activity; sid:37308561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 23.129.64.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.222"; classtype:trojan-activity; sid:37308571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.202.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.202.44"; classtype:trojan-activity; sid:37308581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.202.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.202.47"; classtype:trojan-activity; sid:37308591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.42.212.237 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.212.237"; classtype:trojan-activity; sid:37308601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.12.85.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.12.85.154"; classtype:trojan-activity; sid:37308611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.247.72.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.247.72.192"; classtype:trojan-activity; sid:37308621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.170.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.170.230"; classtype:trojan-activity; sid:37308631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 176.149.201.184 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance] Incoming From IP: 176.149.201.184"; classtype:trojan-activity; sid:37308641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.47.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.47.239"; classtype:trojan-activity; sid:37308651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.31.39.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.31.39.182"; classtype:trojan-activity; sid:37308661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 205.185.121.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.185.121.170"; classtype:trojan-activity; sid:37308671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.183.183.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.183.172"; classtype:trojan-activity; sid:37308681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.93.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.93.47"; classtype:trojan-activity; sid:37308691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 161.35.211.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.211.178"; classtype:trojan-activity; sid:37308701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 77.48.28.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.48.28.193"; classtype:trojan-activity; sid:37308711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.249.156.250 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.249.156.250"; classtype:trojan-activity; sid:37308721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 58.136.166.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.136.166.7"; classtype:trojan-activity; sid:37308731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 202.21.123.196 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.21.123.196"; classtype:trojan-activity; sid:37308741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.121.221 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.121.221"; classtype:trojan-activity; sid:37308751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.178.229.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.229.7"; classtype:trojan-activity; sid:37308761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.6.149.79 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.149.79"; classtype:trojan-activity; sid:37308771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.250.49.167 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.167"; classtype:trojan-activity; sid:37308781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.129.62.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.129.62.63"; classtype:trojan-activity; sid:37308791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.114.199.71 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.199.71"; classtype:trojan-activity; sid:37308801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.83.79.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.83.79.31"; classtype:trojan-activity; sid:37308811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.51.1.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.51.1.63"; classtype:trojan-activity; sid:37308821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.139.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.139.189"; classtype:trojan-activity; sid:37308831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.236.17.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.17.60"; classtype:trojan-activity; sid:37308841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 199.21.115.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 199.21.115.199"; classtype:trojan-activity; sid:37308851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.53.87.28 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.53.87.28"; classtype:trojan-activity; sid:37308861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.136"; classtype:trojan-activity; sid:37308871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 87.98.138.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.98.138.142"; classtype:trojan-activity; sid:37308881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.229.171.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.171.75"; classtype:trojan-activity; sid:37308891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.131.70 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.131.70"; classtype:trojan-activity; sid:37308901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.154.128.184 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.128.184"; classtype:trojan-activity; sid:37308911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.75.233.111 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.75.233.111"; classtype:trojan-activity; sid:37308921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26673 [] Outgoing URL http|3a|//gafisezs.beget.tech/providervmTo.php"; flow:to_server,established; http.header; content:"gafisezs.beget.tech"; fast_pattern; nocase; http.uri; content:"/providervmTo.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37498951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip 101.43.62.56 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.62.56"; classtype:trojan-activity; sid:37308931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.34.246.169 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.246.169"; classtype:trojan-activity; sid:37308941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.91.32.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.32.36"; classtype:trojan-activity; sid:37308951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.164.13.69 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.164.13.69"; classtype:trojan-activity; sid:37308961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.14.107.89 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.107.89"; classtype:trojan-activity; sid:37308971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.117.233.118 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.233.118"; classtype:trojan-activity; sid:37308981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 222.108.85.243 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.108.85.243"; classtype:trojan-activity; sid:37308991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.189.233 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.189.233"; classtype:trojan-activity; sid:37309001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.211.100.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.211.100.121"; classtype:trojan-activity; sid:37309011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.117.186.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.186.155"; classtype:trojan-activity; sid:37309021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.226.53.27 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.226.53.27"; classtype:trojan-activity; sid:37309031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.157.52.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.52.140"; classtype:trojan-activity; sid:37309041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.112.89 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.112.89"; classtype:trojan-activity; sid:37309051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.64.46 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.64.46"; classtype:trojan-activity; sid:37309061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.183.148.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.148.142"; classtype:trojan-activity; sid:37309071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.54.22.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.22.149"; classtype:trojan-activity; sid:37309081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.137.184.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.137.184.189"; classtype:trojan-activity; sid:37309091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 211.101.232.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.101.232.92"; classtype:trojan-activity; sid:37309101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.248.120.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.248.120.6"; classtype:trojan-activity; sid:37309111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.59.239.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.59.239.6"; classtype:trojan-activity; sid:37309121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.7.209.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.7.209.199"; classtype:trojan-activity; sid:37309131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.101.143.30 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.143.30"; classtype:trojan-activity; sid:37309141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.103.8 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.103.8"; classtype:trojan-activity; sid:37309151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 95.216.174.188 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.216.174.188"; classtype:trojan-activity; sid:37309161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.226.138.171 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.226.138.171"; classtype:trojan-activity; sid:37309171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 149.104.64.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.104.64.40"; classtype:trojan-activity; sid:37309181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 128.199.74.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.74.74"; classtype:trojan-activity; sid:37309191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 109.123.237.173 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.123.237.173"; classtype:trojan-activity; sid:37309201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 89.116.30.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.116.30.47"; classtype:trojan-activity; sid:37309211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.136.122.160 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.122.160"; classtype:trojan-activity; sid:37309221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 95.167.221.138 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.167.221.138"; classtype:trojan-activity; sid:37309231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 23.26.112.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.26.112.3"; classtype:trojan-activity; sid:37309241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.170.221.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.170.221.254"; classtype:trojan-activity; sid:37309251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.55.178.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.178.174"; classtype:trojan-activity; sid:37309261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.164.106.78 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.164.106.78"; classtype:trojan-activity; sid:37309271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.232.178.237 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.178.237"; classtype:trojan-activity; sid:37309281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.201.108 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.201.108"; classtype:trojan-activity; sid:37309291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.231.233 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.231.233"; classtype:trojan-activity; sid:37309301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.53.222.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.222.57"; classtype:trojan-activity; sid:37309311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.232.167.177 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.167.177"; classtype:trojan-activity; sid:37309321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.44.237.68 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.44.237.68"; classtype:trojan-activity; sid:37309331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.25.138.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.138.222"; classtype:trojan-activity; sid:37309341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.242.82.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.82.91"; classtype:trojan-activity; sid:37309351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.28.40.153 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.28.40.153"; classtype:trojan-activity; sid:37309361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.126.66.128 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.66.128"; classtype:trojan-activity; sid:37309371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.123.1.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.123.1.199"; classtype:trojan-activity; sid:37309381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.35.129.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.129.202"; classtype:trojan-activity; sid:37309391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 93.84.100.70 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.84.100.70"; classtype:trojan-activity; sid:37309401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.188.46 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.188.46"; classtype:trojan-activity; sid:37309411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.6.232.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.6.232.31"; classtype:trojan-activity; sid:37309421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.64.23.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.64.23.86"; classtype:trojan-activity; sid:37309431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 220.85.247.129 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.85.247.129"; classtype:trojan-activity; sid:37309441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 31.207.44.233 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.207.44.233"; classtype:trojan-activity; sid:37309451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.143.248.87 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.248.87"; classtype:trojan-activity; sid:37309461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.156.217.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.217.165"; classtype:trojan-activity; sid:37309471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.121.131.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.121.131.26"; classtype:trojan-activity; sid:37309481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 157.143.214.175 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.143.214.175"; classtype:trojan-activity; sid:37309491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.189.111 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.189.111"; classtype:trojan-activity; sid:37309501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.210.193.105 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.210.193.105"; classtype:trojan-activity; sid:37309511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 134.175.123.251 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.175.123.251"; classtype:trojan-activity; sid:37309521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 113.88.241.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.88.241.90"; classtype:trojan-activity; sid:37309531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.138.89.246 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.138.89.246"; classtype:trojan-activity; sid:37309541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.98.169.153 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.98.169.153"; classtype:trojan-activity; sid:37309551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.12.236.95 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.236.95"; classtype:trojan-activity; sid:37309561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.181.216 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.181.216"; classtype:trojan-activity; sid:37309571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.244.248.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.244.248.55"; classtype:trojan-activity; sid:37309581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.15.159.227 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.15.159.227"; classtype:trojan-activity; sid:37309591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.190.40.102 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.40.102"; classtype:trojan-activity; sid:37309601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.250.49.116 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.116"; classtype:trojan-activity; sid:37309611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 203.189.196.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.189.196.168"; classtype:trojan-activity; sid:37309631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.70.54.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.54.4"; classtype:trojan-activity; sid:37309641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 59.56.111.128 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.56.111.128"; classtype:trojan-activity; sid:37309651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.229.186.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.186.186"; classtype:trojan-activity; sid:37309661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.136.208.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.136.208.190"; classtype:trojan-activity; sid:37309671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.174.136.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.174.136.146"; classtype:trojan-activity; sid:37309681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.220.71 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.220.71"; classtype:trojan-activity; sid:37309691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.75.76.187 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.76.187"; classtype:trojan-activity; sid:37309701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.28.158.227 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.158.227"; classtype:trojan-activity; sid:37309711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.2.242.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.2.242.131"; classtype:trojan-activity; sid:37309721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.1.172.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.1.172.23"; classtype:trojan-activity; sid:37309731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.96.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.96.73"; classtype:trojan-activity; sid:37309741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.129.73.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.73.168"; classtype:trojan-activity; sid:37309751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 203.15.15.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.15.15.133"; classtype:trojan-activity; sid:37309761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.161.248.217 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.161.248.217"; classtype:trojan-activity; sid:37309771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.27.195.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.27.195.248"; classtype:trojan-activity; sid:37309781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.242.199.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.242.199.91"; classtype:trojan-activity; sid:37309791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.137.90.68 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.90.68"; classtype:trojan-activity; sid:37309801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.197.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.197.223"; classtype:trojan-activity; sid:37309811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.35.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.35.254"; classtype:trojan-activity; sid:37309821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.75.120.93 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.75.120.93"; classtype:trojan-activity; sid:37309831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.28.205.110 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.205.110"; classtype:trojan-activity; sid:37309841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 183.239.171.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.239.171.21"; classtype:trojan-activity; sid:37309851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.180.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.180.126"; classtype:trojan-activity; sid:37309861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.158.14.145 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.158.14.145"; classtype:trojan-activity; sid:37309871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.254.158.179 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.254.158.179"; classtype:trojan-activity; sid:37309881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.202.232 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.202.232"; classtype:trojan-activity; sid:37309891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 187.147.137.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.147.137.36"; classtype:trojan-activity; sid:37309901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.33.246.113 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.246.113"; classtype:trojan-activity; sid:37309911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.242.199.20 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.242.199.20"; classtype:trojan-activity; sid:37309921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 41.93.33.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.93.33.2"; classtype:trojan-activity; sid:37309931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.236.23.226 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.23.226"; classtype:trojan-activity; sid:37309941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.102.214.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.102.214.48"; classtype:trojan-activity; sid:37309951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.12.70.162 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.12.70.162"; classtype:trojan-activity; sid:37309961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.235.70.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.235.70.44"; classtype:trojan-activity; sid:37309971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 222.235.45.233 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.235.45.233"; classtype:trojan-activity; sid:37309981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.30.187.208 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.30.187.208"; classtype:trojan-activity; sid:37309991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.80.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.80.192"; classtype:trojan-activity; sid:37310001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.196.11.28 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.196.11.28"; classtype:trojan-activity; sid:37310011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.19.59.252 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.19.59.252"; classtype:trojan-activity; sid:37310021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.178.47.185 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.47.185"; classtype:trojan-activity; sid:37310031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.168.83.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.168.83.5"; classtype:trojan-activity; sid:37310041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.201.41.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.201.41.148"; classtype:trojan-activity; sid:37310051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 112.162.111.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.162.111.140"; classtype:trojan-activity; sid:37310061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 144.24.0.226 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.24.0.226"; classtype:trojan-activity; sid:37310071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.129.122.95 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.129.122.95"; classtype:trojan-activity; sid:37310081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.156.224.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.224.154"; classtype:trojan-activity; sid:37310091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.136.48.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.48.82"; classtype:trojan-activity; sid:37310101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.232.240.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.240.64"; classtype:trojan-activity; sid:37310111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.156.14.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.14.31"; classtype:trojan-activity; sid:37310121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.99.139.33 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.99.139.33"; classtype:trojan-activity; sid:37310131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.102.42.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.102.42.5"; classtype:trojan-activity; sid:37310141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 65.109.199.1 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.109.199.1"; classtype:trojan-activity; sid:37310151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 115.111.242.116 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.111.242.116"; classtype:trojan-activity; sid:37310161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.31.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.31.165"; classtype:trojan-activity; sid:37310171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 177.220.180.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.220.180.6"; classtype:trojan-activity; sid:37310181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.78.247.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.78.247.133"; classtype:trojan-activity; sid:37310191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.187.98.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.187.98.126"; classtype:trojan-activity; sid:37310201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.14.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.14.57"; classtype:trojan-activity; sid:37310211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.92.111.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.92.111.55"; classtype:trojan-activity; sid:37310221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.156.141.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.141.210"; classtype:trojan-activity; sid:37310231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 60.217.78.80 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.217.78.80"; classtype:trojan-activity; sid:37310241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.4.236.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.236.43"; classtype:trojan-activity; sid:37310251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.151.253.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.151.253.62"; classtype:trojan-activity; sid:37310261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.45.146.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.146.17"; classtype:trojan-activity; sid:37310271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 115.159.155.147 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.155.147"; classtype:trojan-activity; sid:37310281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.6.232.30 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.6.232.30"; classtype:trojan-activity; sid:37310291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.155.157.20 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.155.157.20"; classtype:trojan-activity; sid:37310301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 46.24.152.173 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.24.152.173"; classtype:trojan-activity; sid:37310311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.242.128.205 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.242.128.205"; classtype:trojan-activity; sid:37310321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 211.159.163.117 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.159.163.117"; classtype:trojan-activity; sid:37310331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.254.78 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.254.78"; classtype:trojan-activity; sid:37310341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.168"; classtype:trojan-activity; sid:37310351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.18.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.18.174"; classtype:trojan-activity; sid:37310361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 3.92.33.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 3.92.33.172"; classtype:trojan-activity; sid:37310371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.172.26.109 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.26.109"; classtype:trojan-activity; sid:37310381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.172.30.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.30.63"; classtype:trojan-activity; sid:37310391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.61.20.125 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.61.20.125"; classtype:trojan-activity; sid:37310401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.144.210.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.144.210.3"; classtype:trojan-activity; sid:37310411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 183.178.94.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.178.94.191"; classtype:trojan-activity; sid:37310421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.2.234.20 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.2.234.20"; classtype:trojan-activity; sid:37310431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.250.34.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.34.112"; classtype:trojan-activity; sid:37310441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.137.18.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.137.18.32"; classtype:trojan-activity; sid:37310451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.156.147.188 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.147.188"; classtype:trojan-activity; sid:37310461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.178.90.244 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.90.244"; classtype:trojan-activity; sid:37310471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.13.168.228 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.13.168.228"; classtype:trojan-activity; sid:37310481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.172.204.80 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.172.204.80"; classtype:trojan-activity; sid:37310491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.53.160.150 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.160.150"; classtype:trojan-activity; sid:37310501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.219.167 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.219.167"; classtype:trojan-activity; sid:37310511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 138.197.20.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.20.247"; classtype:trojan-activity; sid:37310521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 115.20.185.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.20.185.86"; classtype:trojan-activity; sid:37310531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.72.219.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.72.219.186"; classtype:trojan-activity; sid:37310541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 78.139.7.163 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.139.7.163"; classtype:trojan-activity; sid:37310551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.139.182.150 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.139.182.150"; classtype:trojan-activity; sid:37310561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.219.211 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.219.211"; classtype:trojan-activity; sid:37310571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 189.113.8.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.113.8.254"; classtype:trojan-activity; sid:37310581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.77.213.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.77.213.190"; classtype:trojan-activity; sid:37310591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.157.236.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.236.2"; classtype:trojan-activity; sid:37310601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.81.132 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.81.132"; classtype:trojan-activity; sid:37310611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.141.60.128 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.141.60.128"; classtype:trojan-activity; sid:37310621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.241.202.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.202.10"; classtype:trojan-activity; sid:37310631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.19.141.188 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.19.141.188"; classtype:trojan-activity; sid:37310641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.120.231.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.120.231.29"; classtype:trojan-activity; sid:37310651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.46.103.235 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.46.103.235"; classtype:trojan-activity; sid:37310661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.13.222.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.222.172"; classtype:trojan-activity; sid:37310671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 115.159.223.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.223.91"; classtype:trojan-activity; sid:37310681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 8.242.72.116 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.242.72.116"; classtype:trojan-activity; sid:37310691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.136.135.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.135.222"; classtype:trojan-activity; sid:37310701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 84.247.143.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.247.143.155"; classtype:trojan-activity; sid:37310711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.133.34.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.34.191"; classtype:trojan-activity; sid:37310721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.163.53.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.163.53.190"; classtype:trojan-activity; sid:37310731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.1.143 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.1.143"; classtype:trojan-activity; sid:37310741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 213.225.9.27 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.225.9.27"; classtype:trojan-activity; sid:37310751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.52.219.95 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.219.95"; classtype:trojan-activity; sid:37310761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 148.113.24.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.113.24.74"; classtype:trojan-activity; sid:37310771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 138.2.5.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.2.5.77"; classtype:trojan-activity; sid:37310781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 219.144.67.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.144.67.60"; classtype:trojan-activity; sid:37310791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.30.79.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.30.79.34"; classtype:trojan-activity; sid:37310801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.158.1.176 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.1.176"; classtype:trojan-activity; sid:37310811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.128.186.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.128.186.72"; classtype:trojan-activity; sid:37310821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 160.251.232.132 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 160.251.232.132"; classtype:trojan-activity; sid:37310831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 35.238.79.207 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.238.79.207"; classtype:trojan-activity; sid:37310841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 218.157.152.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.157.152.248"; classtype:trojan-activity; sid:37310851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.222.201.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.201.154"; classtype:trojan-activity; sid:37310861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 58.49.26.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.49.26.202"; classtype:trojan-activity; sid:37310871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.77.36.137 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.77.36.137"; classtype:trojan-activity; sid:37310881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.34.133.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.133.91"; classtype:trojan-activity; sid:37310891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.238.81.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.238.81.40"; classtype:trojan-activity; sid:37310901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.157.49 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.157.49"; classtype:trojan-activity; sid:37310911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.126.24.19 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.24.19"; classtype:trojan-activity; sid:37310921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.98.170.139 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.98.170.139"; classtype:trojan-activity; sid:37310931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.13.58.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.13.58.218"; classtype:trojan-activity; sid:37310941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.61.38.253 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.38.253"; classtype:trojan-activity; sid:37310951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.91.33.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.91.33.72"; classtype:trojan-activity; sid:37310961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 115.73.209.212 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.73.209.212"; classtype:trojan-activity; sid:37310971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 109.226.57.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.226.57.52"; classtype:trojan-activity; sid:37310981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 95.237.67.204 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.237.67.204"; classtype:trojan-activity; sid:37310991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 40.81.27.219 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 40.81.27.219"; classtype:trojan-activity; sid:37311001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.230.196.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.196.57"; classtype:trojan-activity; sid:37311011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.132.236.95 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.236.95"; classtype:trojan-activity; sid:37311021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.212.168.151 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.212.168.151"; classtype:trojan-activity; sid:37311031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 64.227.146.250 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.146.250"; classtype:trojan-activity; sid:37311041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 46.121.219.201 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.121.219.201"; classtype:trojan-activity; sid:37311051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.144.65.0 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.144.65.0"; classtype:trojan-activity; sid:37311061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.185.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.185.131"; classtype:trojan-activity; sid:37311071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.235.70.42 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.235.70.42"; classtype:trojan-activity; sid:37311081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.237.194.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.237.194.23"; classtype:trojan-activity; sid:37311091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.46.48.151 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.48.151"; classtype:trojan-activity; sid:37311101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 219.92.10.208 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.92.10.208"; classtype:trojan-activity; sid:37311111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.210.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.210.215"; classtype:trojan-activity; sid:37311121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.41.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.41.23"; classtype:trojan-activity; sid:37311131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.248.223.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.248.223.3"; classtype:trojan-activity; sid:37311141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.45.219.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.219.32"; classtype:trojan-activity; sid:37311151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 134.175.198.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.175.198.193"; classtype:trojan-activity; sid:37311161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.232.161 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.232.161"; classtype:trojan-activity; sid:37311171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.207.13.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.207.13.22"; classtype:trojan-activity; sid:37311181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.4.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.4.186"; classtype:trojan-activity; sid:37311191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 39.98.191.219 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.98.191.219"; classtype:trojan-activity; sid:37311201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.219.187 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.219.187"; classtype:trojan-activity; sid:37311211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.44.187.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.44.187.224"; classtype:trojan-activity; sid:37311221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.40.213.116 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.213.116"; classtype:trojan-activity; sid:37311231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.235.70.41 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.235.70.41"; classtype:trojan-activity; sid:37311241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.218.139.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.218.139.249"; classtype:trojan-activity; sid:37311251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.225.13.56 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.225.13.56"; classtype:trojan-activity; sid:37311261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.69.185.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.185.174"; classtype:trojan-activity; sid:37311271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.46.54.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.54.199"; classtype:trojan-activity; sid:37311281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.32.239.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.239.25"; classtype:trojan-activity; sid:37311291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.128.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.128.22"; classtype:trojan-activity; sid:37311301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.160.0.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.160.0.76"; classtype:trojan-activity; sid:37311311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.51.76.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.51.76.154"; classtype:trojan-activity; sid:37311321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.232.21.54 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.21.54"; classtype:trojan-activity; sid:37311331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.125.242 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.125.242"; classtype:trojan-activity; sid:37311341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.6.232.16 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.6.232.16"; classtype:trojan-activity; sid:37311351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.54.148.250 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.54.148.250"; classtype:trojan-activity; sid:37311361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.227.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.227.15"; classtype:trojan-activity; sid:37311371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.136.62.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.62.88"; classtype:trojan-activity; sid:37311381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 183.66.136.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.66.136.6"; classtype:trojan-activity; sid:37311391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 172.93.102.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.93.102.2"; classtype:trojan-activity; sid:37311401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.132.52.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.52.234"; classtype:trojan-activity; sid:37311411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.53.228 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.53.228"; classtype:trojan-activity; sid:37311421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.46.48.99 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.48.99"; classtype:trojan-activity; sid:37311431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.113.207.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.113.207.206"; classtype:trojan-activity; sid:37311441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.48.124.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.124.172"; classtype:trojan-activity; sid:37311451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.77.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.77.36"; classtype:trojan-activity; sid:37311461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.234.252 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.234.252"; classtype:trojan-activity; sid:37311471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.46.51.30 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.51.30"; classtype:trojan-activity; sid:37311481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.199.5.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.199.5.239"; classtype:trojan-activity; sid:37311491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.29.182.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.29.182.60"; classtype:trojan-activity; sid:37311501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.35.181.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.181.230"; classtype:trojan-activity; sid:37311511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.136.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.136.92"; classtype:trojan-activity; sid:37311521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.32.196.87 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.32.196.87"; classtype:trojan-activity; sid:37311531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.57.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.57.186"; classtype:trojan-activity; sid:37311541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 37.32.8.107 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.32.8.107"; classtype:trojan-activity; sid:37311551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 187.95.146.42 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.95.146.42"; classtype:trojan-activity; sid:37311561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.182.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.182.189"; classtype:trojan-activity; sid:37311571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.228.119 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.228.119"; classtype:trojan-activity; sid:37311581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.15.51.35 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.15.51.35"; classtype:trojan-activity; sid:37311591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.218.250 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.218.250"; classtype:trojan-activity; sid:37311601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 85.75.152.132 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.75.152.132"; classtype:trojan-activity; sid:37311611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 24.199.101.158 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.199.101.158"; classtype:trojan-activity; sid:37311621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.207.115.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.207.115.249"; classtype:trojan-activity; sid:37311631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.67.164 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.67.164"; classtype:trojan-activity; sid:37311641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.165.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.165.6"; classtype:trojan-activity; sid:37311651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.239.66.61 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.239.66.61"; classtype:trojan-activity; sid:37311661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.135.19 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.135.19"; classtype:trojan-activity; sid:37311671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.234.49.53 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.49.53"; classtype:trojan-activity; sid:37311681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.209.101 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.209.101"; classtype:trojan-activity; sid:37311691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 147.182.195.240 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.182.195.240"; classtype:trojan-activity; sid:37311701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.251.140.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.251.140.3"; classtype:trojan-activity; sid:37311711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.239.92.127 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.239.92.127"; classtype:trojan-activity; sid:37311721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.239.93.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.239.93.5"; classtype:trojan-activity; sid:37311731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.89.165.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.165.88"; classtype:trojan-activity; sid:37311741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.250.49.164 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.164"; classtype:trojan-activity; sid:37311751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.14.115.35 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.115.35"; classtype:trojan-activity; sid:37311761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.19.156.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.19.156.10"; classtype:trojan-activity; sid:37311771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 138.197.18.220 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.18.220"; classtype:trojan-activity; sid:37311781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 46.175.147.209 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.175.147.209"; classtype:trojan-activity; sid:37311791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.15.50.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.15.50.21"; classtype:trojan-activity; sid:37311801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.124.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.124.98"; classtype:trojan-activity; sid:37311811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.142.87.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.87.223"; classtype:trojan-activity; sid:37311821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 42.192.117.128 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.117.128"; classtype:trojan-activity; sid:37311831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 84.0.255.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.0.255.85"; classtype:trojan-activity; sid:37311841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.33.241.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.241.223"; classtype:trojan-activity; sid:37311851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.250.180.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.250.180.96"; classtype:trojan-activity; sid:37311861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.109.2.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.109.2.74"; classtype:trojan-activity; sid:37311871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.128.85.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.128.85.31"; classtype:trojan-activity; sid:37311881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.179.205.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.179.205.168"; classtype:trojan-activity; sid:37311891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.185.254.97 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.185.254.97"; classtype:trojan-activity; sid:37311901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 66.70.190.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.70.190.23"; classtype:trojan-activity; sid:37311911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.48.192.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.48.192.48"; classtype:trojan-activity; sid:37311921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.46.51.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.51.15"; classtype:trojan-activity; sid:37311931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.158.27.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.27.141"; classtype:trojan-activity; sid:37311941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.55.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.55.189"; classtype:trojan-activity; sid:37311951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 85.190.254.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.190.254.210"; classtype:trojan-activity; sid:37311961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 177.152.42.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.152.42.12"; classtype:trojan-activity; sid:37311971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.68.45 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.68.45"; classtype:trojan-activity; sid:37311981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.145.200.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.145.200.210"; classtype:trojan-activity; sid:37311991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 210.117.212.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.117.212.82"; classtype:trojan-activity; sid:37312001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.209.49.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.209.49.5"; classtype:trojan-activity; sid:37312011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.25.113 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.25.113"; classtype:trojan-activity; sid:37312021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.95.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.95.72"; classtype:trojan-activity; sid:37312031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.124.166.203 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.124.166.203"; classtype:trojan-activity; sid:37312041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.224.177.195 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.224.177.195"; classtype:trojan-activity; sid:37312051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.16.179.214 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.16.179.214"; classtype:trojan-activity; sid:37312061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.105.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.105.136"; classtype:trojan-activity; sid:37312071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 41.216.177.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.216.177.183"; classtype:trojan-activity; sid:37312081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 194.163.172.79 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.163.172.79"; classtype:trojan-activity; sid:37312091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 222.108.100.117 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.108.100.117"; classtype:trojan-activity; sid:37312101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.190.58.103 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.58.103"; classtype:trojan-activity; sid:37312111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.59.112.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.59.112.48"; classtype:trojan-activity; sid:37312121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 113.125.22.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.125.22.136"; classtype:trojan-activity; sid:37312131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.72.105.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.72.105.44"; classtype:trojan-activity; sid:37312141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.163.218.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.163.218.247"; classtype:trojan-activity; sid:37312151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.235.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.235.120"; classtype:trojan-activity; sid:37312161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.133.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.133.200"; classtype:trojan-activity; sid:37312171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.81.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.81.24"; classtype:trojan-activity; sid:37312181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.234.211 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.234.211"; classtype:trojan-activity; sid:37312191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 108.172.255.253 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.172.255.253"; classtype:trojan-activity; sid:37312201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.143.72.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.72.165"; classtype:trojan-activity; sid:37312211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 94.156.66.205 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.156.66.205"; classtype:trojan-activity; sid:37312221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 18.232.130.208 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 18.232.130.208"; classtype:trojan-activity; sid:37312231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 210.66.21.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.66.21.136"; classtype:trojan-activity; sid:37312241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.209.226.195 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.209.226.195"; classtype:trojan-activity; sid:37312251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.225.154.161 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.225.154.161"; classtype:trojan-activity; sid:37312261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.160.46 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.160.46"; classtype:trojan-activity; sid:37312271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.81.30.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.81.30.84"; classtype:trojan-activity; sid:37312281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.248.239.87 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.239.87"; classtype:trojan-activity; sid:37312291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.51.254.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.51.254.230"; classtype:trojan-activity; sid:37312301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 40.127.173.225 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 40.127.173.225"; classtype:trojan-activity; sid:37312311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 27.185.52.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.185.52.202"; classtype:trojan-activity; sid:37312321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.70.86.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.86.88"; classtype:trojan-activity; sid:37312331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 158.160.100.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.160.100.198"; classtype:trojan-activity; sid:37312341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 216.238.83.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.238.83.223"; classtype:trojan-activity; sid:37312351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 54.36.244.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.36.244.17"; classtype:trojan-activity; sid:37312361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.67.94.113 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.67.94.113"; classtype:trojan-activity; sid:37312371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 195.211.124.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.211.124.206"; classtype:trojan-activity; sid:37312381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.12.53.127 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.12.53.127"; classtype:trojan-activity; sid:37312391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 23.228.114.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.228.114.133"; classtype:trojan-activity; sid:37312401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.242.235.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.242.235.249"; classtype:trojan-activity; sid:37312411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.178.116.89 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.116.89"; classtype:trojan-activity; sid:37312421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.211.83.1 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.211.83.1"; classtype:trojan-activity; sid:37312431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 176.165.119.181 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.165.119.181"; classtype:trojan-activity; sid:37312441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.76.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.76.43"; classtype:trojan-activity; sid:37312451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 72.167.52.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.167.52.254"; classtype:trojan-activity; sid:37312461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.212.148.14 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.212.148.14"; classtype:trojan-activity; sid:37312471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.168.129.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.168.129.178"; classtype:trojan-activity; sid:37312481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 194.233.90.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.233.90.7"; classtype:trojan-activity; sid:37312491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.126.69.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.69.75"; classtype:trojan-activity; sid:37312501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.214.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.214.135"; classtype:trojan-activity; sid:37312511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.171.148.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.171.148.120"; classtype:trojan-activity; sid:37312521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 221.120.49.54 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.120.49.54"; classtype:trojan-activity; sid:37312531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.29.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.29.148"; classtype:trojan-activity; sid:37312541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 77.68.102.106 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.68.102.106"; classtype:trojan-activity; sid:37312551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.178.43.161 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.178.43.161"; classtype:trojan-activity; sid:37312561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.65.83.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.65.83.63"; classtype:trojan-activity; sid:37312571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.39.227.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.39.227.149"; classtype:trojan-activity; sid:37312581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 135.181.89.160 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 135.181.89.160"; classtype:trojan-activity; sid:37312591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 217.18.62.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.18.62.222"; classtype:trojan-activity; sid:37312601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 96.44.153.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.44.153.168"; classtype:trojan-activity; sid:37312611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.42.136.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.42.136.26"; classtype:trojan-activity; sid:37312621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 145.239.84.139 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 145.239.84.139"; classtype:trojan-activity; sid:37312631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.122.10.219 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.122.10.219"; classtype:trojan-activity; sid:37312641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.207.240.150 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.207.240.150"; classtype:trojan-activity; sid:37312651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 204.44.94.159 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.44.94.159"; classtype:trojan-activity; sid:37312661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.219.3.162 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.219.3.162"; classtype:trojan-activity; sid:37312671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 191.17.108.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.17.108.112"; classtype:trojan-activity; sid:37312681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 92.245.116.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.245.116.31"; classtype:trojan-activity; sid:37312691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.4.245.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.4.245.222"; classtype:trojan-activity; sid:37312701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 220.180.41.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.180.41.206"; classtype:trojan-activity; sid:37312711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.38.134.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.38.134.73"; classtype:trojan-activity; sid:37312721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 187.200.39.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.200.39.32"; classtype:trojan-activity; sid:37312731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.22.44.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.44.154"; classtype:trojan-activity; sid:37312741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 96.44.153.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.44.153.140"; classtype:trojan-activity; sid:37312751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.33.63.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.33.63.218"; classtype:trojan-activity; sid:37312761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.127.207 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.127.207"; classtype:trojan-activity; sid:37312771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 171.104.143.176 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.104.143.176"; classtype:trojan-activity; sid:37312781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 211.49.225.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.49.225.148"; classtype:trojan-activity; sid:37312791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.74.145.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.74.145.157"; classtype:trojan-activity; sid:37312801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 200.234.231.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.234.231.254"; classtype:trojan-activity; sid:37312811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 64.23.132.113 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.132.113"; classtype:trojan-activity; sid:37312821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.229.21.111 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.21.111"; classtype:trojan-activity; sid:37312831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 64.23.135.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.135.98"; classtype:trojan-activity; sid:37312841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.170.86.53 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.170.86.53"; classtype:trojan-activity; sid:37312851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.59.94.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.59.94.75"; classtype:trojan-activity; sid:37312861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.31.20.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.31.20.81"; classtype:trojan-activity; sid:37312871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 164.52.200.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.52.200.223"; classtype:trojan-activity; sid:37312881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.134.89.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.134.89.15"; classtype:trojan-activity; sid:37312891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 31.42.190.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.42.190.22"; classtype:trojan-activity; sid:37312901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.240.27.138 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.240.27.138"; classtype:trojan-activity; sid:37312911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.227.68.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.68.11"; classtype:trojan-activity; sid:37312921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.35.241.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.241.96"; classtype:trojan-activity; sid:37312931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.129.60.125 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.129.60.125"; classtype:trojan-activity; sid:37312941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 65.109.133.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.109.133.7"; classtype:trojan-activity; sid:37312951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 95.70.237.184 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.70.237.184"; classtype:trojan-activity; sid:37312961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.142.26.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.142.26.47"; classtype:trojan-activity; sid:37312971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.139.43.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.139.43.76"; classtype:trojan-activity; sid:37312981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.222.136.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.136.224"; classtype:trojan-activity; sid:37312991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.221.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.221.168"; classtype:trojan-activity; sid:37313001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.65.119.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.65.119.140"; classtype:trojan-activity; sid:37313011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 50.116.98.18 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.116.98.18"; classtype:trojan-activity; sid:37313021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.28.217.42 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.217.42"; classtype:trojan-activity; sid:37313031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.242.155.233 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.242.155.233"; classtype:trojan-activity; sid:37313041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 172.245.9.37 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.245.9.37"; classtype:trojan-activity; sid:37313051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.186.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.186.6"; classtype:trojan-activity; sid:37313061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.148.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.148.25"; classtype:trojan-activity; sid:37313071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.169.4.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.169.4.104"; classtype:trojan-activity; sid:37313081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.203.3.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.3.149"; classtype:trojan-activity; sid:37313091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 95.62.94.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.62.94.85"; classtype:trojan-activity; sid:37313101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.207.8.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.207.8.154"; classtype:trojan-activity; sid:37313111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.254.155.106 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.254.155.106"; classtype:trojan-activity; sid:37313121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 142.44.247.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.44.247.114"; classtype:trojan-activity; sid:37313131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.25.204.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.25.204.40"; classtype:trojan-activity; sid:37313141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.95.68 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.95.68"; classtype:trojan-activity; sid:37313151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 96.44.153.159 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.44.153.159"; classtype:trojan-activity; sid:37313161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.19.112.56 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.19.112.56"; classtype:trojan-activity; sid:37313171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.51.50.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.50.120"; classtype:trojan-activity; sid:37313181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.222.227.97 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.222.227.97"; classtype:trojan-activity; sid:37313191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.141.34.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.141.34.91"; classtype:trojan-activity; sid:37313201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 109.228.48.102 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.228.48.102"; classtype:trojan-activity; sid:37313211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 191.232.175.58 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.232.175.58"; classtype:trojan-activity; sid:37313221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 27.128.113.214 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.113.214"; classtype:trojan-activity; sid:37313231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.222.235.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.235.234"; classtype:trojan-activity; sid:37313241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.95.81.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.81.64"; classtype:trojan-activity; sid:37313251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 151.177.13.119 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.177.13.119"; classtype:trojan-activity; sid:37313261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 191.98.175.162 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.98.175.162"; classtype:trojan-activity; sid:37313271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.54.239.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.54.239.224"; classtype:trojan-activity; sid:37313281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.238.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.238.148"; classtype:trojan-activity; sid:37313291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 79.174.84.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.174.84.200"; classtype:trojan-activity; sid:37313301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.75.17.87 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.17.87"; classtype:trojan-activity; sid:37313311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.51.50.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.51.50.23"; classtype:trojan-activity; sid:37313321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.101.202.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.101.202.81"; classtype:trojan-activity; sid:37313331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 217.196.107.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.196.107.26"; classtype:trojan-activity; sid:37313341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.150.124.201 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.150.124.201"; classtype:trojan-activity; sid:37313351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.42.143.184 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.42.143.184"; classtype:trojan-activity; sid:37313361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 202.53.169.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.53.169.98"; classtype:trojan-activity; sid:37313371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 200.195.162.67 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.195.162.67"; classtype:trojan-activity; sid:37313381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.85.184.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.85.184.157"; classtype:trojan-activity; sid:37313391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 78.39.46.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.39.46.73"; classtype:trojan-activity; sid:37313401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.99.70.80 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.99.70.80"; classtype:trojan-activity; sid:37313411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 87.219.167.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.219.167.22"; classtype:trojan-activity; sid:37313421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.46.52.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.52.168"; classtype:trojan-activity; sid:37313431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 191.252.56.160 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.252.56.160"; classtype:trojan-activity; sid:37313441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.4.180.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.180.218"; classtype:trojan-activity; sid:37313451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.128.30.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.30.236"; classtype:trojan-activity; sid:37313461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.142.87.177 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.142.87.177"; classtype:trojan-activity; sid:37313471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 209.14.71.94 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.14.71.94"; classtype:trojan-activity; sid:37313481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 188.83.79.229 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.83.79.229"; classtype:trojan-activity; sid:37313491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 115.85.53.93 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.85.53.93"; classtype:trojan-activity; sid:37313501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.156.253 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.156.253"; classtype:trojan-activity; sid:37313511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.40.156.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.156.189"; classtype:trojan-activity; sid:37313521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 31.220.103.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.220.103.4"; classtype:trojan-activity; sid:37313531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.89.48.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.48.230"; classtype:trojan-activity; sid:37313541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 79.106.73.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.106.73.114"; classtype:trojan-activity; sid:37313551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 142.93.99.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.99.230"; classtype:trojan-activity; sid:37313561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 176.226.155.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.226.155.223"; classtype:trojan-activity; sid:37313571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.162.244.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.162.244.190"; classtype:trojan-activity; sid:37313581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 46.232.165.208 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.232.165.208"; classtype:trojan-activity; sid:37313591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.87.175.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.87.175.29"; classtype:trojan-activity; sid:37313601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.28.153.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.153.121"; classtype:trojan-activity; sid:37313611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 87.98.168.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.98.168.24"; classtype:trojan-activity; sid:37313621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.8.183.173 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.8.183.173"; classtype:trojan-activity; sid:37313631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 172.245.19.240 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.245.19.240"; classtype:trojan-activity; sid:37313641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.40.177.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.177.57"; classtype:trojan-activity; sid:37313651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 97.107.139.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 97.107.139.64"; classtype:trojan-activity; sid:37313661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.69.154.93 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.69.154.93"; classtype:trojan-activity; sid:37313671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.91.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.91.215"; classtype:trojan-activity; sid:37313681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.0.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.0.112"; classtype:trojan-activity; sid:37313691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.187.232.28 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.187.232.28"; classtype:trojan-activity; sid:37313701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.198.145.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.145.136"; classtype:trojan-activity; sid:37313711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 135.181.93.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 135.181.93.120"; classtype:trojan-activity; sid:37313721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 15.204.28.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.204.28.32"; classtype:trojan-activity; sid:37313731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 59.120.32.207 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.120.32.207"; classtype:trojan-activity; sid:37313741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 79.137.196.237 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.137.196.237"; classtype:trojan-activity; sid:37313751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.19.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.19.215"; classtype:trojan-activity; sid:37313761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.118.4.38 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.118.4.38"; classtype:trojan-activity; sid:37313771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.165.81.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.165.81.92"; classtype:trojan-activity; sid:37313781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.95.26.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.26.86"; classtype:trojan-activity; sid:37313791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.127.39 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.127.39"; classtype:trojan-activity; sid:37313801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 89.46.223.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.46.223.32"; classtype:trojan-activity; sid:37313811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.136.37.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.136.37.224"; classtype:trojan-activity; sid:37313821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 177.191.172.153 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.191.172.153"; classtype:trojan-activity; sid:37313831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.189.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.189.121"; classtype:trojan-activity; sid:37313841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 64.32.27.107 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.32.27.107"; classtype:trojan-activity; sid:37313851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 188.250.169.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.250.169.82"; classtype:trojan-activity; sid:37313861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.119.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.119.96"; classtype:trojan-activity; sid:37313871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 77.232.128.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.232.128.152"; classtype:trojan-activity; sid:37313881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 60.250.94.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.250.94.62"; classtype:trojan-activity; sid:37313891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.164.117.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.164.117.239"; classtype:trojan-activity; sid:37313901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.160.148.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.160.148.25"; classtype:trojan-activity; sid:37313911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.48.115.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.115.202"; classtype:trojan-activity; sid:37313921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.190.177 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.190.177"; classtype:trojan-activity; sid:37313931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.207.40.101 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.40.101"; classtype:trojan-activity; sid:37313941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.136.51.30 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.136.51.30"; classtype:trojan-activity; sid:37313951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.155.87.9 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.155.87.9"; classtype:trojan-activity; sid:37313961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.101.88.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.231"; classtype:trojan-activity; sid:37313971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 112.109.19.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.109.19.114"; classtype:trojan-activity; sid:37313981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.250.49.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.104"; classtype:trojan-activity; sid:37313991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.61.60.71 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.60.71"; classtype:trojan-activity; sid:37314001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.45.181.50 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.181.50"; classtype:trojan-activity; sid:37314011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.222.229.134 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.229.134"; classtype:trojan-activity; sid:37314021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.56.216.132 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.56.216.132"; classtype:trojan-activity; sid:37314031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.187.186.235 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.187.186.235"; classtype:trojan-activity; sid:37314041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.130.219.147 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.219.147"; classtype:trojan-activity; sid:37314051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.239.68.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.239.68.170"; classtype:trojan-activity; sid:37314061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.35.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.35.12"; classtype:trojan-activity; sid:37314071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 194.233.74.128 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.233.74.128"; classtype:trojan-activity; sid:37314081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.203.36.13 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.36.13"; classtype:trojan-activity; sid:37314091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.239.68.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.239.68.90"; classtype:trojan-activity; sid:37314101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 168.119.49.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.119.49.200"; classtype:trojan-activity; sid:37314111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 202.157.189.179 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.189.179"; classtype:trojan-activity; sid:37314121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.131.13.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.13.15"; classtype:trojan-activity; sid:37314131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.198.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.198.168"; classtype:trojan-activity; sid:37314141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 134.209.102.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.102.62"; classtype:trojan-activity; sid:37314151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.239.69.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.239.69.82"; classtype:trojan-activity; sid:37314161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.14.155.137 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.155.137"; classtype:trojan-activity; sid:37314171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 74.82.195.39 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.82.195.39"; classtype:trojan-activity; sid:37314181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.101.88.220 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.220"; classtype:trojan-activity; sid:37314191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.86.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.86.165"; classtype:trojan-activity; sid:37314201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.227.209.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.209.189"; classtype:trojan-activity; sid:37314211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 109.122.208.227 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.122.208.227"; classtype:trojan-activity; sid:37314221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.232.160.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.160.26"; classtype:trojan-activity; sid:37314231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.157.142.228 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.142.228"; classtype:trojan-activity; sid:37314241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.189.173 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.189.173"; classtype:trojan-activity; sid:37314251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.17.233 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.17.233"; classtype:trojan-activity; sid:37314261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.173.107.214 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.173.107.214"; classtype:trojan-activity; sid:37314271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 58.56.20.70 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.56.20.70"; classtype:trojan-activity; sid:37314281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.242.199.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.242.199.24"; classtype:trojan-activity; sid:37314291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.55.194.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.55.194.115"; classtype:trojan-activity; sid:37314301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 221.120.38.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.120.38.5"; classtype:trojan-activity; sid:37314311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.152.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.152.198"; classtype:trojan-activity; sid:37314321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.254.156.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.254.156.230"; classtype:trojan-activity; sid:37314331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.164.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.164.72"; classtype:trojan-activity; sid:37314341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.170.204.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.170.204.115"; classtype:trojan-activity; sid:37314351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.206.231.209 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.206.231.209"; classtype:trojan-activity; sid:37314361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 79.101.52.185 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.101.52.185"; classtype:trojan-activity; sid:37314371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.132.84.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.84.182"; classtype:trojan-activity; sid:37314381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 210.61.162.59 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.61.162.59"; classtype:trojan-activity; sid:37314391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 153.92.126.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.92.126.43"; classtype:trojan-activity; sid:37314401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 64.119.29.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.119.29.157"; classtype:trojan-activity; sid:37314411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.178.46.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.178.46.2"; classtype:trojan-activity; sid:37314421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.241.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.241.112"; classtype:trojan-activity; sid:37314431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.123.222.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.123.222.223"; classtype:trojan-activity; sid:37314441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 179.104.76.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.104.76.44"; classtype:trojan-activity; sid:37314451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 79.142.243.197 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.142.243.197"; classtype:trojan-activity; sid:37314461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.198.197.252 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.197.252"; classtype:trojan-activity; sid:37314471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.40.205.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.205.17"; classtype:trojan-activity; sid:37314481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.226.124.158 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.226.124.158"; classtype:trojan-activity; sid:37314491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 15.204.30.161 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.204.30.161"; classtype:trojan-activity; sid:37314501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.239.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.239.82"; classtype:trojan-activity; sid:37314511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 172.252.193.217 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.252.193.217"; classtype:trojan-activity; sid:37314521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 27.128.163.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.163.48"; classtype:trojan-activity; sid:37314531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.72.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.72.157"; classtype:trojan-activity; sid:37314541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.198.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.198.190"; classtype:trojan-activity; sid:37314551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.79.161.69 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.79.161.69"; classtype:trojan-activity; sid:37314561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.178.44.105 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.178.44.105"; classtype:trojan-activity; sid:37314571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.107.252.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.107.252.52"; classtype:trojan-activity; sid:37314581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.56.61.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.56.61.43"; classtype:trojan-activity; sid:37314591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 213.60.211.220 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.60.211.220"; classtype:trojan-activity; sid:37314601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 83.209.41.161 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.209.41.161"; classtype:trojan-activity; sid:37314611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.175.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.175.210"; classtype:trojan-activity; sid:37314621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.46.53.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.53.189"; classtype:trojan-activity; sid:37314631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.240.6.109 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.240.6.109"; classtype:trojan-activity; sid:37314641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.242.197.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.242.197.44"; classtype:trojan-activity; sid:37314651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.132.58 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.132.58"; classtype:trojan-activity; sid:37314661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.171.76.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.171.76.182"; classtype:trojan-activity; sid:37314671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.184.67.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.184.67.98"; classtype:trojan-activity; sid:37314681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.137.112.13 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.112.13"; classtype:trojan-activity; sid:37314691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.52.70.225 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.70.225"; classtype:trojan-activity; sid:37314701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.4.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.4.186"; classtype:trojan-activity; sid:37314711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 217.160.248.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.160.248.11"; classtype:trojan-activity; sid:37314721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 113.140.26.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.140.26.44"; classtype:trojan-activity; sid:37314731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 203.195.157.137 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.195.157.137"; classtype:trojan-activity; sid:37314741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.246.69 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.246.69"; classtype:trojan-activity; sid:37314751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.3.42.164 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.3.42.164"; classtype:trojan-activity; sid:37314761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.64.174.9 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.64.174.9"; classtype:trojan-activity; sid:37314771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.112.229 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.112.229"; classtype:trojan-activity; sid:37314781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.29.214.89 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.29.214.89"; classtype:trojan-activity; sid:37314791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip $HOME_NET any -> 174.138.6.9 7443 (msg: "MISP e26444 [DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 174.138.6.9|7443"; classtype:trojan-activity; sid:37299721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip 198.23.176.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.23.176.86"; classtype:trojan-activity; sid:37314801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 210.121.193.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.121.193.57"; classtype:trojan-activity; sid:37314811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.93.217 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.93.217"; classtype:trojan-activity; sid:37314821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.223.173 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.223.173"; classtype:trojan-activity; sid:37314831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.192.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.192.85"; classtype:trojan-activity; sid:37314841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.145.31.212 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.145.31.212"; classtype:trojan-activity; sid:37314851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.28.115.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.115.168"; classtype:trojan-activity; sid:37314861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.243.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.243.75"; classtype:trojan-activity; sid:37314871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.13.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.13.81"; classtype:trojan-activity; sid:37314881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.15.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.15.126"; classtype:trojan-activity; sid:37314891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.126.69.203 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.69.203"; classtype:trojan-activity; sid:37314901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.188.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.188.74"; classtype:trojan-activity; sid:37314911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.177.164 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.177.164"; classtype:trojan-activity; sid:37314921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.218.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.218.223"; classtype:trojan-activity; sid:37314931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.49.14 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.49.14"; classtype:trojan-activity; sid:37314941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.2.16 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.2.16"; classtype:trojan-activity; sid:37314951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 200.109.234.38 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.109.234.38"; classtype:trojan-activity; sid:37314961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.154.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.154.239"; classtype:trojan-activity; sid:37314971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.12.59.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.59.73"; classtype:trojan-activity; sid:37314981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 64.225.76.134 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.225.76.134"; classtype:trojan-activity; sid:37314991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.151.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.151.249"; classtype:trojan-activity; sid:37315001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.202.30 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.202.30"; classtype:trojan-activity; sid:37315011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.252.243 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.252.243"; classtype:trojan-activity; sid:37315021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.155.143 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.155.143"; classtype:trojan-activity; sid:37315031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 60.170.105.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.170.105.154"; classtype:trojan-activity; sid:37315041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.239.65.251 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.239.65.251"; classtype:trojan-activity; sid:37315051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 158.51.99.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.51.99.84"; classtype:trojan-activity; sid:37315061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.22.65.99 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.65.99"; classtype:trojan-activity; sid:37315071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.54.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.54.21"; classtype:trojan-activity; sid:37315081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.29.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.29.254"; classtype:trojan-activity; sid:37315091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.37.80.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.37.80.92"; classtype:trojan-activity; sid:37315101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 222.173.29.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.173.29.165"; classtype:trojan-activity; sid:37315111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.174.186.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.186.239"; classtype:trojan-activity; sid:37315121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 221.120.38.216 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.120.38.216"; classtype:trojan-activity; sid:37315131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.175.111.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.175.111.183"; classtype:trojan-activity; sid:37315141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.190.24.61 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.24.61"; classtype:trojan-activity; sid:37315151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.10.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.10.222"; classtype:trojan-activity; sid:37315161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.201.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.201.248"; classtype:trojan-activity; sid:37315171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 77.82.90.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.82.90.210"; classtype:trojan-activity; sid:37315181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 128.199.24.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.24.88"; classtype:trojan-activity; sid:37315191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 209.97.186.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.97.186.17"; classtype:trojan-activity; sid:37315201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.175.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.175.146"; classtype:trojan-activity; sid:37315211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.22.217.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.217.96"; classtype:trojan-activity; sid:37315221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 13.74.217.118 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.74.217.118"; classtype:trojan-activity; sid:37315231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.46.50.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.50.11"; classtype:trojan-activity; sid:37315241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.54.148.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.54.148.142"; classtype:trojan-activity; sid:37315251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 64.225.64.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.225.64.155"; classtype:trojan-activity; sid:37315261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 156.236.75.33 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.75.33"; classtype:trojan-activity; sid:37315271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.179.106 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.179.106"; classtype:trojan-activity; sid:37315281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip $HOME_NET any -> 168.119.96.5 40056 (msg: "MISP e26444 [Havoc,HETZNER-AS] Outgoing To IP: 168.119.96.5|40056"; classtype:trojan-activity; sid:37299731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip 42.193.181.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.181.34"; classtype:trojan-activity; sid:37315291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.78.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.78.174"; classtype:trojan-activity; sid:37315301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.204.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.204.144"; classtype:trojan-activity; sid:37315311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.111.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.111.15"; classtype:trojan-activity; sid:37315321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.205.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.205.248"; classtype:trojan-activity; sid:37315331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.26.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.26.86"; classtype:trojan-activity; sid:37315341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.5.38.238 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.5.38.238"; classtype:trojan-activity; sid:37315351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 77.241.80.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.241.80.60"; classtype:trojan-activity; sid:37315361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.157.150.107 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.150.107"; classtype:trojan-activity; sid:37315371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 41.224.12.238 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.224.12.238"; classtype:trojan-activity; sid:37315381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip $HOME_NET any -> 174.138.6.9 7443 (msg: "MISP e26673 [] Outgoing To IP: 174.138.6.9|7443"; classtype:trojan-activity; sid:37498961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip 43.157.90.18 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.90.18"; classtype:trojan-activity; sid:37315391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.157.137 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.157.137"; classtype:trojan-activity; sid:37315401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.217.205 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.217.205"; classtype:trojan-activity; sid:37315411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 168.119.235.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.119.235.85"; classtype:trojan-activity; sid:37315421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.208.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.208.190"; classtype:trojan-activity; sid:37315431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip $HOME_NET any -> 197.83.246.32 443 (msg: "MISP e26444 [OPTINET,QakBot] Outgoing To IP: 197.83.246.32|443"; classtype:trojan-activity; sid:37299741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip 43.159.135.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.135.86"; classtype:trojan-activity; sid:37315441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip $HOME_NET any -> 60.50.255.168 443 (msg: "MISP e26444 [QakBot,TTSSB-MY TM TECHNOLOGY SERVICES SDN. BHD.] Outgoing To IP: 60.50.255.168|443"; classtype:trojan-activity; sid:37299751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip 43.133.48.79 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.48.79"; classtype:trojan-activity; sid:37315451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 140.249.206.244 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.249.206.244"; classtype:trojan-activity; sid:37315461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.203.104.187 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.104.187"; classtype:trojan-activity; sid:37315471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.195.8 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.195.8"; classtype:trojan-activity; sid:37315481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.251.147 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.251.147"; classtype:trojan-activity; sid:37315491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.80.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.80.15"; classtype:trojan-activity; sid:37315501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.231.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.231.126"; classtype:trojan-activity; sid:37315511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.217.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.217.22"; classtype:trojan-activity; sid:37315521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 221.120.48.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.120.48.157"; classtype:trojan-activity; sid:37315531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.183.210.33 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.210.33"; classtype:trojan-activity; sid:37315541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.223.205 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.223.205"; classtype:trojan-activity; sid:37315551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.42.233.61 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.233.61"; classtype:trojan-activity; sid:37315561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.171.162.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.171.162.91"; classtype:trojan-activity; sid:37315571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.154.75.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.75.55"; classtype:trojan-activity; sid:37315581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.183.88.70 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.88.70"; classtype:trojan-activity; sid:37315591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.207.8.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.207.8.198"; classtype:trojan-activity; sid:37315601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 207.246.90.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.246.90.82"; classtype:trojan-activity; sid:37315611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 194.233.68.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.233.68.63"; classtype:trojan-activity; sid:37315621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.70.95.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.70.95.96"; classtype:trojan-activity; sid:37315631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.57.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.57.144"; classtype:trojan-activity; sid:37315641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.197.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.197.154"; classtype:trojan-activity; sid:37315651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.55.177.100 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.177.100"; classtype:trojan-activity; sid:37315661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.120.124 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.120.124"; classtype:trojan-activity; sid:37315671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.103.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.103.182"; classtype:trojan-activity; sid:37315681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 27.128.161.14 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.161.14"; classtype:trojan-activity; sid:37315691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.177.195 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.177.195"; classtype:trojan-activity; sid:37315701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 206.81.5.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.81.5.26"; classtype:trojan-activity; sid:37315711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.10.8.95 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.10.8.95"; classtype:trojan-activity; sid:37315721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.226.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.226.200"; classtype:trojan-activity; sid:37315731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 60.176.169.13 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.176.169.13"; classtype:trojan-activity; sid:37315741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.80.230.101 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.80.230.101"; classtype:trojan-activity; sid:37315751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.128.40.173 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.40.173"; classtype:trojan-activity; sid:37315761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 75.102.51.164 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.102.51.164"; classtype:trojan-activity; sid:37315771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.63.79 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.63.79"; classtype:trojan-activity; sid:37315781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.51.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.51.6"; classtype:trojan-activity; sid:37315791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 136.232.185.138 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 136.232.185.138"; classtype:trojan-activity; sid:37315801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.214.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.214.218"; classtype:trojan-activity; sid:37315811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.84.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.84.218"; classtype:trojan-activity; sid:37315821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.207.143 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.207.143"; classtype:trojan-activity; sid:37315831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.12.255.45 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.255.45"; classtype:trojan-activity; sid:37315841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.158.19 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.158.19"; classtype:trojan-activity; sid:37315851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.98.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.98.47"; classtype:trojan-activity; sid:37315861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.225.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.225.90"; classtype:trojan-activity; sid:37315871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.52.28.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.28.115"; classtype:trojan-activity; sid:37315881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.195.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.195.36"; classtype:trojan-activity; sid:37315891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.173.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.173.17"; classtype:trojan-activity; sid:37315901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.143.3.65 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.143.3.65"; classtype:trojan-activity; sid:37315911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.252.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.252.149"; classtype:trojan-activity; sid:37315921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.58.214.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.214.52"; classtype:trojan-activity; sid:37315931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.189.172.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.189.172.146"; classtype:trojan-activity; sid:37315941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.253.186.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.253.186.82"; classtype:trojan-activity; sid:37315951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 95.90.93.169 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.90.93.169"; classtype:trojan-activity; sid:37315961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.35.45.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.45.55"; classtype:trojan-activity; sid:37315971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 140.164.70.27 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.164.70.27"; classtype:trojan-activity; sid:37315981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.105.175 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.105.175"; classtype:trojan-activity; sid:37315991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 158.51.99.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.51.99.183"; classtype:trojan-activity; sid:37316001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip $HOME_NET any -> 60.50.255.168 443 (msg: "MISP e26673 [] Outgoing To IP: 60.50.255.168|443"; classtype:trojan-activity; sid:37498971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 197.83.246.32 443 (msg: "MISP e26673 [] Outgoing To IP: 197.83.246.32|443"; classtype:trojan-activity; sid:37498981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 168.119.96.5 40056 (msg: "MISP e26673 [] Outgoing To IP: 168.119.96.5|40056"; classtype:trojan-activity; sid:37498991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 104.243.46.129 6666 (msg: "MISP e26444 [asyncrat,RAT] Outgoing To IP: 104.243.46.129|6666"; classtype:trojan-activity; sid:37299761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip 175.178.70.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.70.121"; classtype:trojan-activity; sid:37316011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.33.73.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.73.168"; classtype:trojan-activity; sid:37316021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 195.24.66.58 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.24.66.58"; classtype:trojan-activity; sid:37316031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.190.147 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.190.147"; classtype:trojan-activity; sid:37316041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.178.59 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.178.59"; classtype:trojan-activity; sid:37316051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.21.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.21.98"; classtype:trojan-activity; sid:37316061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 177.69.144.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.69.144.91"; classtype:trojan-activity; sid:37316071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.69.220.19 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.69.220.19"; classtype:trojan-activity; sid:37316081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.205.16 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.205.16"; classtype:trojan-activity; sid:37316091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.41.206.213 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.41.206.213"; classtype:trojan-activity; sid:37316101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.213.101 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.213.101"; classtype:trojan-activity; sid:37316111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.4.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.4.31"; classtype:trojan-activity; sid:37316121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.23.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.23.120"; classtype:trojan-activity; sid:37316131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.236.233.163 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.233.163"; classtype:trojan-activity; sid:37316141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.7.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.7.22"; classtype:trojan-activity; sid:37316151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.184.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.184.190"; classtype:trojan-activity; sid:37316161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.150.7.117 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.150.7.117"; classtype:trojan-activity; sid:37316171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.192.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.192.15"; classtype:trojan-activity; sid:37316181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.58.233 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.58.233"; classtype:trojan-activity; sid:37316191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.210.103 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.210.103"; classtype:trojan-activity; sid:37316201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 149.102.153.204 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.102.153.204"; classtype:trojan-activity; sid:37316211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.42.246.184 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.246.184"; classtype:trojan-activity; sid:37316221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.234.119.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.119.43"; classtype:trojan-activity; sid:37316231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 189.178.12.97 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.178.12.97"; classtype:trojan-activity; sid:37316241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.134.181 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.134.181"; classtype:trojan-activity; sid:37316251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.227.232 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.227.232"; classtype:trojan-activity; sid:37316261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.61.147.79 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.147.79"; classtype:trojan-activity; sid:37316271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.116.107 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.116.107"; classtype:trojan-activity; sid:37316281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.193.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.193.248"; classtype:trojan-activity; sid:37316291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.148.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.148.206"; classtype:trojan-activity; sid:37316301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.21.27 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.21.27"; classtype:trojan-activity; sid:37316311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.155.110 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.155.110"; classtype:trojan-activity; sid:37316321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.147.189.180 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.147.189.180"; classtype:trojan-activity; sid:37316331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.6.42 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.6.42"; classtype:trojan-activity; sid:37316341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.227.187.251 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.227.187.251"; classtype:trojan-activity; sid:37316351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.198.137.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.137.222"; classtype:trojan-activity; sid:37316361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.23.87 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.23.87"; classtype:trojan-activity; sid:37316371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.113.105.227 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.113.105.227"; classtype:trojan-activity; sid:37316381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.228.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.228.2"; classtype:trojan-activity; sid:37316391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 41.111.172.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.111.172.10"; classtype:trojan-activity; sid:37316401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 132.232.103.229 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.232.103.229"; classtype:trojan-activity; sid:37316411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 187.45.100.0 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.45.100.0"; classtype:trojan-activity; sid:37316421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.220.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.220.11"; classtype:trojan-activity; sid:37316431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.190.50.37 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.50.37"; classtype:trojan-activity; sid:37316441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.241.129 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.241.129"; classtype:trojan-activity; sid:37316451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.103.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.103.23"; classtype:trojan-activity; sid:37316461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.196.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.196.191"; classtype:trojan-activity; sid:37316471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.211.161 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.211.161"; classtype:trojan-activity; sid:37316481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.26.139 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.26.139"; classtype:trojan-activity; sid:37316491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.173.27.65 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.173.27.65"; classtype:trojan-activity; sid:37316501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.244.16.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.244.16.34"; classtype:trojan-activity; sid:37316511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.146.101 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.146.101"; classtype:trojan-activity; sid:37316521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 92.124.144.204 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.124.144.204"; classtype:trojan-activity; sid:37316531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 223.247.145.225 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.247.145.225"; classtype:trojan-activity; sid:37316541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.156.30 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.156.30"; classtype:trojan-activity; sid:37316551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.7.199.58 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.199.58"; classtype:trojan-activity; sid:37316561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.60.220 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.60.220"; classtype:trojan-activity; sid:37316571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.171.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.171.154"; classtype:trojan-activity; sid:37316581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.129.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.129.23"; classtype:trojan-activity; sid:37316591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.157.180.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.180.82"; classtype:trojan-activity; sid:37316601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.29.168.103 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.168.103"; classtype:trojan-activity; sid:37316611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.25.150 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.25.150"; classtype:trojan-activity; sid:37316621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.231.80 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.231.80"; classtype:trojan-activity; sid:37316631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.235.220 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.235.220"; classtype:trojan-activity; sid:37316641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 37.32.15.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.32.15.81"; classtype:trojan-activity; sid:37316651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.162.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.162.136"; classtype:trojan-activity; sid:37316661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.227.156 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.227.156"; classtype:trojan-activity; sid:37316671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip $HOME_NET any -> 104.243.46.129 6666 (msg: "MISP e26673 [] Outgoing To IP: 104.243.46.129|6666"; classtype:trojan-activity; sid:37499001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip 194.146.13.105 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.146.13.105"; classtype:trojan-activity; sid:37316681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.132.194.109 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.194.109"; classtype:trojan-activity; sid:37316691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.147.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.147.115"; classtype:trojan-activity; sid:37316701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.252.111 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.252.111"; classtype:trojan-activity; sid:37316711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.22.213 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.22.213"; classtype:trojan-activity; sid:37316721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.173.248.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.248.231"; classtype:trojan-activity; sid:37316731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.99.164.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.99.164.174"; classtype:trojan-activity; sid:37316741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 217.182.168.181 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.182.168.181"; classtype:trojan-activity; sid:37316751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 213.194.140.33 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.194.140.33"; classtype:trojan-activity; sid:37316761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.123.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.123.32"; classtype:trojan-activity; sid:37316771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.132.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.132.121"; classtype:trojan-activity; sid:37316781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.33.205 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.33.205"; classtype:trojan-activity; sid:37316791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.34.138.39 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.34.138.39"; classtype:trojan-activity; sid:37316801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.135.150.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.150.76"; classtype:trojan-activity; sid:37316811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.234.143.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.234.143.55"; classtype:trojan-activity; sid:37316821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 187.190.112.181 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.190.112.181"; classtype:trojan-activity; sid:37316831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.109.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.109.32"; classtype:trojan-activity; sid:37316841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.170.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.170.64"; classtype:trojan-activity; sid:37316851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.88.116 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.88.116"; classtype:trojan-activity; sid:37316861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 174.138.10.205 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.10.205"; classtype:trojan-activity; sid:37316871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.79.112.208 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.79.112.208"; classtype:trojan-activity; sid:37316881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.135.156.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.156.55"; classtype:trojan-activity; sid:37316891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.169.179.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.169.179.144"; classtype:trojan-activity; sid:37316901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.23.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.23.198"; classtype:trojan-activity; sid:37316911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.11.105 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.11.105"; classtype:trojan-activity; sid:37316921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.207.176.167 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.207.176.167"; classtype:trojan-activity; sid:37316931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.138.88.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.138.88.63"; classtype:trojan-activity; sid:37316941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 74.48.143.49 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.143.49"; classtype:trojan-activity; sid:37316951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.28.105.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.105.44"; classtype:trojan-activity; sid:37316961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.93.94 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.93.94"; classtype:trojan-activity; sid:37316971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.242.199.89 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.242.199.89"; classtype:trojan-activity; sid:37316981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.136.212.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.212.90"; classtype:trojan-activity; sid:37316991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.107.200.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.107.200.155"; classtype:trojan-activity; sid:37317001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.157.169 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.157.169"; classtype:trojan-activity; sid:37317011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.71.70.207 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.71.70.207"; classtype:trojan-activity; sid:37317021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.52.161 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.52.161"; classtype:trojan-activity; sid:37317031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.39.214 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.39.214"; classtype:trojan-activity; sid:37317041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 37.58.18.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.58.18.178"; classtype:trojan-activity; sid:37317051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.142.61.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.61.21"; classtype:trojan-activity; sid:37317061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.40.158.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.158.24"; classtype:trojan-activity; sid:37317071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 128.199.148.220 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.148.220"; classtype:trojan-activity; sid:37317081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.151.248.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.151.248.200"; classtype:trojan-activity; sid:37317091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 102.220.204.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.220.204.29"; classtype:trojan-activity; sid:37317101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.29.9 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.29.9"; classtype:trojan-activity; sid:37317111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.19.191.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.19.191.21"; classtype:trojan-activity; sid:37317121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.248.138.211 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.248.138.211"; classtype:trojan-activity; sid:37317131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.35.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.35.115"; classtype:trojan-activity; sid:37317141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.208.206.251 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.208.206.251"; classtype:trojan-activity; sid:37317151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.142.87.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.142.87.231"; classtype:trojan-activity; sid:37317161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.0.13 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.0.13"; classtype:trojan-activity; sid:37317171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.196.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.196.136"; classtype:trojan-activity; sid:37317181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.104.104.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.104.104.170"; classtype:trojan-activity; sid:37317191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.10.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.10.157"; classtype:trojan-activity; sid:37317201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.237.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.237.131"; classtype:trojan-activity; sid:37317211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.155.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.155.25"; classtype:trojan-activity; sid:37317221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.28.104.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.104.64"; classtype:trojan-activity; sid:37317231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.227.138.9 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.227.138.9"; classtype:trojan-activity; sid:37317241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.7.73.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.73.73"; classtype:trojan-activity; sid:37317251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.245.237.33 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.245.237.33"; classtype:trojan-activity; sid:37317261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 172.206.249.117 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.206.249.117"; classtype:trojan-activity; sid:37317271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.237.109 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.237.109"; classtype:trojan-activity; sid:37317281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 222.186.20.80 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.186.20.80"; classtype:trojan-activity; sid:37317291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 189.190.94.175 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.190.94.175"; classtype:trojan-activity; sid:37317301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.131.9.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.9.218"; classtype:trojan-activity; sid:37317311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.210.233.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.210.233.234"; classtype:trojan-activity; sid:37317321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.202.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.202.75"; classtype:trojan-activity; sid:37317331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.214.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.214.190"; classtype:trojan-activity; sid:37317341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.7.74.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.74.190"; classtype:trojan-activity; sid:37317351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.132.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.132.206"; classtype:trojan-activity; sid:37317361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.194.242 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.194.242"; classtype:trojan-activity; sid:37317371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.79.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.79.115"; classtype:trojan-activity; sid:37317381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.157.22.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.22.191"; classtype:trojan-activity; sid:37317391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.213.207 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.213.207"; classtype:trojan-activity; sid:37317401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.87.207.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.87.207.254"; classtype:trojan-activity; sid:37317411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.152.67.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.152.67.249"; classtype:trojan-activity; sid:37317421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 221.239.103.213 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.239.103.213"; classtype:trojan-activity; sid:37317431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.198.220.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.220.26"; classtype:trojan-activity; sid:37317441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 161.35.52.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.52.191"; classtype:trojan-activity; sid:37317451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 191.7.32.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.7.32.22"; classtype:trojan-activity; sid:37317461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.212.228 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.212.228"; classtype:trojan-activity; sid:37317471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.32.241.195 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.241.195"; classtype:trojan-activity; sid:37317481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 213.170.91.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.170.91.2"; classtype:trojan-activity; sid:37317491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.168.145.160 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.168.145.160"; classtype:trojan-activity; sid:37317501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.94.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.94.88"; classtype:trojan-activity; sid:37317511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.128.111.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.111.24"; classtype:trojan-activity; sid:37317521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 79.137.198.67 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.137.198.67"; classtype:trojan-activity; sid:37317531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.249.89.102 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.249.89.102"; classtype:trojan-activity; sid:37317541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 138.121.64.241 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.121.64.241"; classtype:trojan-activity; sid:37317551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 194.62.17.124 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.62.17.124"; classtype:trojan-activity; sid:37317561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.186.65.87 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.186.65.87"; classtype:trojan-activity; sid:37317571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.0.232 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.0.232"; classtype:trojan-activity; sid:37317581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.214.231.232 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.214.231.232"; classtype:trojan-activity; sid:37317591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.203.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.203.90"; classtype:trojan-activity; sid:37317601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.199.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.199.115"; classtype:trojan-activity; sid:37317611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.33.80.241 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.80.241"; classtype:trojan-activity; sid:37317621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 59.125.255.46 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.125.255.46"; classtype:trojan-activity; sid:37317631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.214.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.214.115"; classtype:trojan-activity; sid:37317641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.6.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.6.22"; classtype:trojan-activity; sid:37317651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.160.137 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.160.137"; classtype:trojan-activity; sid:37317661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.154.187.49 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.154.187.49"; classtype:trojan-activity; sid:37317671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.65.43.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.65.43.136"; classtype:trojan-activity; sid:37317681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.176.153.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.176.153.231"; classtype:trojan-activity; sid:37317691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.139.171.251 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.139.171.251"; classtype:trojan-activity; sid:37317701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 222.252.97.42 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.252.97.42"; classtype:trojan-activity; sid:37317711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 187.208.156.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.208.156.230"; classtype:trojan-activity; sid:37317721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.213.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.213.140"; classtype:trojan-activity; sid:37317731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.232.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.232.52"; classtype:trojan-activity; sid:37317741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.235.219.28 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.235.219.28"; classtype:trojan-activity; sid:37317751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.172.130.188 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.172.130.188"; classtype:trojan-activity; sid:37317761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.70.171.35 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.70.171.35"; classtype:trojan-activity; sid:37317771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.107.195.128 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.107.195.128"; classtype:trojan-activity; sid:37317781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.70.189.78 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.189.78"; classtype:trojan-activity; sid:37317791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.19.145 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.19.145"; classtype:trojan-activity; sid:37317801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.22.96.229 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.96.229"; classtype:trojan-activity; sid:37317811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.198.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.198.60"; classtype:trojan-activity; sid:37317821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.48.214 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.48.214"; classtype:trojan-activity; sid:37317831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.131.12.250 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.12.250"; classtype:trojan-activity; sid:37317841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.219.219 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.219.219"; classtype:trojan-activity; sid:37317851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.216.127 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.216.127"; classtype:trojan-activity; sid:37317861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.38.39.235 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.38.39.235"; classtype:trojan-activity; sid:37317871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.63.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.63.222"; classtype:trojan-activity; sid:37317881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 8.134.213.207 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.134.213.207"; classtype:trojan-activity; sid:37317891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.225.134.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.225.134.202"; classtype:trojan-activity; sid:37317901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.195.134 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.195.134"; classtype:trojan-activity; sid:37317911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.52.94 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.52.94"; classtype:trojan-activity; sid:37317921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 223.247.133.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.247.133.234"; classtype:trojan-activity; sid:37317931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.114.3.150 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.114.3.150"; classtype:trojan-activity; sid:37317941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.57.58 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.57.58"; classtype:trojan-activity; sid:37317951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.175.221 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.175.221"; classtype:trojan-activity; sid:37317961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.195.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.195.48"; classtype:trojan-activity; sid:37317971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.90.19 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.90.19"; classtype:trojan-activity; sid:37317981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.46.250.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.46.250.11"; classtype:trojan-activity; sid:37317991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.13.219.194 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.13.219.194"; classtype:trojan-activity; sid:37318001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.19.244.69 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.19.244.69"; classtype:trojan-activity; sid:37318011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 188.166.210.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.210.192"; classtype:trojan-activity; sid:37318021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.59.95.164 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.59.95.164"; classtype:trojan-activity; sid:37318031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.229.122.163 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.122.163"; classtype:trojan-activity; sid:37318041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.4.237.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.4.237.135"; classtype:trojan-activity; sid:37318051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.52.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.52.218"; classtype:trojan-activity; sid:37318061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 188.130.160.181 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.130.160.181"; classtype:trojan-activity; sid:37318071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.227.235.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.235.144"; classtype:trojan-activity; sid:37318081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.5.178.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.5.178.84"; classtype:trojan-activity; sid:37318091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.234.151.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.234.151.55"; classtype:trojan-activity; sid:37318101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.115.104.226 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.115.104.226"; classtype:trojan-activity; sid:37318111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.35.243 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.35.243"; classtype:trojan-activity; sid:37318121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 158.160.55.156 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.160.55.156"; classtype:trojan-activity; sid:37318131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.158.32.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.158.32.73"; classtype:trojan-activity; sid:37318141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.210.200.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.210.200.29"; classtype:trojan-activity; sid:37318151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.234.39.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.39.215"; classtype:trojan-activity; sid:37318161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.15.79.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.15.79.234"; classtype:trojan-activity; sid:37318171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.204.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.204.186"; classtype:trojan-activity; sid:37318181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 188.75.78.147 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.75.78.147"; classtype:trojan-activity; sid:37318191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.241.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.241.198"; classtype:trojan-activity; sid:37318201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.53.120.113 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.120.113"; classtype:trojan-activity; sid:37318211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.62.63.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.62.63.29"; classtype:trojan-activity; sid:37318221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.212.139.240 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.212.139.240"; classtype:trojan-activity; sid:37318231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 78.47.195.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.47.195.182"; classtype:trojan-activity; sid:37318241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.72.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.72.29"; classtype:trojan-activity; sid:37318251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.180.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.180.115"; classtype:trojan-activity; sid:37318261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.195.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.195.17"; classtype:trojan-activity; sid:37318271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.19.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.19.96"; classtype:trojan-activity; sid:37318281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.51.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.51.148"; classtype:trojan-activity; sid:37318291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.39.123 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.39.123"; classtype:trojan-activity; sid:37318301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.172.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.172.6"; classtype:trojan-activity; sid:37318311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.206.251 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.251"; classtype:trojan-activity; sid:37318321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.89.177 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.89.177"; classtype:trojan-activity; sid:37318331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.224.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.224.193"; classtype:trojan-activity; sid:37318341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.17.233 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.17.233"; classtype:trojan-activity; sid:37318351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.12.2.127 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.12.2.127"; classtype:trojan-activity; sid:37318361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.219.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.219.86"; classtype:trojan-activity; sid:37318371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 173.249.27.59 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.249.27.59"; classtype:trojan-activity; sid:37318381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 94.74.77.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.74.77.29"; classtype:trojan-activity; sid:37318391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.191.201 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.191.201"; classtype:trojan-activity; sid:37318401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 2.83.94.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.83.94.222"; classtype:trojan-activity; sid:37318411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.211.168.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.211.168.55"; classtype:trojan-activity; sid:37318421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.72.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.72.249"; classtype:trojan-activity; sid:37318431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.241.242 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.241.242"; classtype:trojan-activity; sid:37318441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.74.110 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.74.110"; classtype:trojan-activity; sid:37318451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.52.89 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.52.89"; classtype:trojan-activity; sid:37318461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.56.0.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.56.0.121"; classtype:trojan-activity; sid:37318471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.193.139 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.193.139"; classtype:trojan-activity; sid:37318481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.151.56.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.151.56.126"; classtype:trojan-activity; sid:37318491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.244.30.185 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.244.30.185"; classtype:trojan-activity; sid:37318501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 59.36.78.66 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.36.78.66"; classtype:trojan-activity; sid:37318511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.237.143 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.237.143"; classtype:trojan-activity; sid:37318521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.100.211.166 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.100.211.166"; classtype:trojan-activity; sid:37318531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.40.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.40.34"; classtype:trojan-activity; sid:37318541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.221.151 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.221.151"; classtype:trojan-activity; sid:37318551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 220.133.132.240 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.133.132.240"; classtype:trojan-activity; sid:37318561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.188.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.188.77"; classtype:trojan-activity; sid:37318571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.227.233.20 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.227.233.20"; classtype:trojan-activity; sid:37318581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.48.90.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.48.90.15"; classtype:trojan-activity; sid:37318591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.199.197.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.199.197.245"; classtype:trojan-activity; sid:37318601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.191.184 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.191.184"; classtype:trojan-activity; sid:37318611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.252.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.252.192"; classtype:trojan-activity; sid:37318621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 132.232.100.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.232.100.64"; classtype:trojan-activity; sid:37318631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.181.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.181.149"; classtype:trojan-activity; sid:37318641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.20.42.180 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.20.42.180"; classtype:trojan-activity; sid:37318651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.81.223.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.81.223.81"; classtype:trojan-activity; sid:37318661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 164.52.215.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.52.215.135"; classtype:trojan-activity; sid:37318671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.6.31.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.6.31.174"; classtype:trojan-activity; sid:37318681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 113.205.74.129 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.205.74.129"; classtype:trojan-activity; sid:37318691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.173.179 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.173.179"; classtype:trojan-activity; sid:37318701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.1.20.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.1.20.141"; classtype:trojan-activity; sid:37318711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.131.167.54 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.167.54"; classtype:trojan-activity; sid:37318721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.228.173 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.228.173"; classtype:trojan-activity; sid:37318731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.215.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.215.62"; classtype:trojan-activity; sid:37318741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 210.100.165.51 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.100.165.51"; classtype:trojan-activity; sid:37318751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 13.126.185.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.126.185.114"; classtype:trojan-activity; sid:37318761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.72.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.72.174"; classtype:trojan-activity; sid:37318771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.25.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.25.231"; classtype:trojan-activity; sid:37318781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.237.214 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.237.214"; classtype:trojan-activity; sid:37318791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.172.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.172.144"; classtype:trojan-activity; sid:37318801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 134.122.18.0 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.122.18.0"; classtype:trojan-activity; sid:37318811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.36.231.242 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.36.231.242"; classtype:trojan-activity; sid:37318821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 183.134.89.216 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.134.89.216"; classtype:trojan-activity; sid:37318831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.145.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.145.215"; classtype:trojan-activity; sid:37318841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.7.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.7.148"; classtype:trojan-activity; sid:37318851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 172.104.33.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.104.33.31"; classtype:trojan-activity; sid:37318861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 142.93.229.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.229.57"; classtype:trojan-activity; sid:37318871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.153.186.209 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.153.186.209"; classtype:trojan-activity; sid:37318881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.89.14.103 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.89.14.103"; classtype:trojan-activity; sid:37318891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 202.157.176.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.176.29"; classtype:trojan-activity; sid:37318901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.238.72.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.238.72.140"; classtype:trojan-activity; sid:37318911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.140.50 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.140.50"; classtype:trojan-activity; sid:37318921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.223.12.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.12.84"; classtype:trojan-activity; sid:37318931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.12.204 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.12.204"; classtype:trojan-activity; sid:37318941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.121.196.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.121.196.90"; classtype:trojan-activity; sid:37318951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.196.123 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.196.123"; classtype:trojan-activity; sid:37318961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.177.43.134 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.177.43.134"; classtype:trojan-activity; sid:37318971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.227.117 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.227.117"; classtype:trojan-activity; sid:37318981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 80.91.183.93 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.91.183.93"; classtype:trojan-activity; sid:37318991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.112.74.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.112.74.236"; classtype:trojan-activity; sid:37319001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.154.219 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.154.219"; classtype:trojan-activity; sid:37319011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.199.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.199.17"; classtype:trojan-activity; sid:37319021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.65.207 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.65.207"; classtype:trojan-activity; sid:37319031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert dns any any -> any any (msg: "MISP e26673 [] Domain usaglobalnews.com"; dns.query; content:"usaglobalnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])usaglobalnews\.com$/i"; classtype:trojan-activity; sid:37499011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain usaglobalnews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"usaglobalnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])usaglobalnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37499012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain topglobaltv.com"; dns.query; content:"topglobaltv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])topglobaltv\.com$/i"; classtype:trojan-activity; sid:37499021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain topglobaltv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topglobaltv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topglobaltv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37499022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert dns any any -> any any (msg: "MISP e26673 [] Domain startupmartec.net"; dns.query; content:"startupmartec.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])startupmartec\.net$/i"; classtype:trojan-activity; sid:37499031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain startupmartec.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"startupmartec.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])startupmartec\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37499032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip 170.64.154.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.154.72"; classtype:trojan-activity; sid:37319041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.29.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.29.24"; classtype:trojan-activity; sid:37319051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.35.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.35.254"; classtype:trojan-activity; sid:37319061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.199.169.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.199.169.133"; classtype:trojan-activity; sid:37319071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.81.220.125 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.81.220.125"; classtype:trojan-activity; sid:37319081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.135.158 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.135.158"; classtype:trojan-activity; sid:37319091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.46.54.147 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.54.147"; classtype:trojan-activity; sid:37319101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.175.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.175.141"; classtype:trojan-activity; sid:37319111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.155.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.155.43"; classtype:trojan-activity; sid:37319121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 210.243.168.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.243.168.72"; classtype:trojan-activity; sid:37319131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.180.87.61 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.180.87.61"; classtype:trojan-activity; sid:37319141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.63.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.63.34"; classtype:trojan-activity; sid:37319151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.198.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.198.141"; classtype:trojan-activity; sid:37319161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.154.145.233 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.145.233"; classtype:trojan-activity; sid:37319171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.236.223.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.236.223.63"; classtype:trojan-activity; sid:37319181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.116.6.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.116.6.157"; classtype:trojan-activity; sid:37319191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.156.254.122 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.156.254.122"; classtype:trojan-activity; sid:37319201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.153.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.153.29"; classtype:trojan-activity; sid:37319211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.5.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.5.149"; classtype:trojan-activity; sid:37319221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.194.53.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.194.53.121"; classtype:trojan-activity; sid:37319231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 54.164.180.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.164.180.249"; classtype:trojan-activity; sid:37319241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.60.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.60.152"; classtype:trojan-activity; sid:37319251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.226.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.226.10"; classtype:trojan-activity; sid:37319261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.77.205.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.77.205.234"; classtype:trojan-activity; sid:37319271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.71.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.71.236"; classtype:trojan-activity; sid:37319281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.19.156.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.19.156.2"; classtype:trojan-activity; sid:37319291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 191.55.188.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.55.188.121"; classtype:trojan-activity; sid:37319301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.159.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.159.3"; classtype:trojan-activity; sid:37319311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.72.235.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.72.235.172"; classtype:trojan-activity; sid:37319321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.142.25.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.142.25.22"; classtype:trojan-activity; sid:37319331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.95.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.95.157"; classtype:trojan-activity; sid:37319341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 200.174.198.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.174.198.155"; classtype:trojan-activity; sid:37319351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.169.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.169.224"; classtype:trojan-activity; sid:37319361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.22.218.181 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.218.181"; classtype:trojan-activity; sid:37319371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.136.101.197 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.101.197"; classtype:trojan-activity; sid:37319381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.90.39.137 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.90.39.137"; classtype:trojan-activity; sid:37319391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.131.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.131.178"; classtype:trojan-activity; sid:37319401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.166.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.166.234"; classtype:trojan-activity; sid:37319411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.103.240.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.103.240.126"; classtype:trojan-activity; sid:37319421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.170.8.134 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.170.8.134"; classtype:trojan-activity; sid:37319431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.228.85.46 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.228.85.46"; classtype:trojan-activity; sid:37319441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.188.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.188.222"; classtype:trojan-activity; sid:37319451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.151.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.151.133"; classtype:trojan-activity; sid:37319461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.170.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.170.29"; classtype:trojan-activity; sid:37319471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.100.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.100.154"; classtype:trojan-activity; sid:37319481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.233.55.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.233.55.198"; classtype:trojan-activity; sid:37319491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.103.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.103.17"; classtype:trojan-activity; sid:37319501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.87.160 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.87.160"; classtype:trojan-activity; sid:37319511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.159.234.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.159.234.25"; classtype:trojan-activity; sid:37319521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.56.11.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.56.11.120"; classtype:trojan-activity; sid:37319531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.142.139.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.142.139.21"; classtype:trojan-activity; sid:37319541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.94.99 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.94.99"; classtype:trojan-activity; sid:37319551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.45.97 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.45.97"; classtype:trojan-activity; sid:37319561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.35.30.232 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.35.30.232"; classtype:trojan-activity; sid:37319571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.146.1.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.146.1.11"; classtype:trojan-activity; sid:37319581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.226.248.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.226.248.168"; classtype:trojan-activity; sid:37319591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.148.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.148.40"; classtype:trojan-activity; sid:37319601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.105.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.105.223"; classtype:trojan-activity; sid:37319611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.56.11.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.56.11.2"; classtype:trojan-activity; sid:37319621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.186.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.186.76"; classtype:trojan-activity; sid:37319631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.58.65 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.58.65"; classtype:trojan-activity; sid:37319641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 39.109.114.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.109.114.234"; classtype:trojan-activity; sid:37319651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.85.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.85.202"; classtype:trojan-activity; sid:37319661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 112.49.112.41 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.49.112.41"; classtype:trojan-activity; sid:37319671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.211.12.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.211.12.77"; classtype:trojan-activity; sid:37319681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.105.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.105.141"; classtype:trojan-activity; sid:37319691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.203.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.203.215"; classtype:trojan-activity; sid:37319701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.206.216 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.216"; classtype:trojan-activity; sid:37319711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 141.94.23.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.94.23.12"; classtype:trojan-activity; sid:37319721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 83.6.144.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.6.144.91"; classtype:trojan-activity; sid:37319731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.210.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.210.57"; classtype:trojan-activity; sid:37319741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.136.203 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.136.203"; classtype:trojan-activity; sid:37319751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.238.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.238.152"; classtype:trojan-activity; sid:37319761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.49.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.49.254"; classtype:trojan-activity; sid:37319771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.184.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.184.29"; classtype:trojan-activity; sid:37319781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.253.9 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.253.9"; classtype:trojan-activity; sid:37319791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.239.153.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.239.153.131"; classtype:trojan-activity; sid:37319801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 179.104.234.128 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.104.234.128"; classtype:trojan-activity; sid:37319811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.51.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.51.24"; classtype:trojan-activity; sid:37319821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.166.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.166.183"; classtype:trojan-activity; sid:37319831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.37.212 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.37.212"; classtype:trojan-activity; sid:37319841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.72.83 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.72.83"; classtype:trojan-activity; sid:37319851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.75.55.150 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.55.150"; classtype:trojan-activity; sid:37319861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 92.236.3.246 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.236.3.246"; classtype:trojan-activity; sid:37319871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.184.194.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.184.194.133"; classtype:trojan-activity; sid:37319881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.138.165.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.138.165.40"; classtype:trojan-activity; sid:37319891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.223.15.211 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.223.15.211"; classtype:trojan-activity; sid:37319901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.138.165.56 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.138.165.56"; classtype:trojan-activity; sid:37319911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.3.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.3.210"; classtype:trojan-activity; sid:37319921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.106.38 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.106.38"; classtype:trojan-activity; sid:37319931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.62.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.62.234"; classtype:trojan-activity; sid:37319941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 92.255.170.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.255.170.48"; classtype:trojan-activity; sid:37319951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.108.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.108.202"; classtype:trojan-activity; sid:37319961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 188.26.200.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.26.200.23"; classtype:trojan-activity; sid:37319971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.103.253.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.103.253.62"; classtype:trojan-activity; sid:37319981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.127.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.127.254"; classtype:trojan-activity; sid:37319991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.28.52.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.28.52.6"; classtype:trojan-activity; sid:37320001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.123.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.123.193"; classtype:trojan-activity; sid:37320011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.91.168.158 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.91.168.158"; classtype:trojan-activity; sid:37320021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.178.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.178.210"; classtype:trojan-activity; sid:37320031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.232.135.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.232.135.98"; classtype:trojan-activity; sid:37320041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.158.99.161 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.99.161"; classtype:trojan-activity; sid:37320051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 221.226.98.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.226.98.114"; classtype:trojan-activity; sid:37320061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.74.235 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.74.235"; classtype:trojan-activity; sid:37320071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.72.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.72.133"; classtype:trojan-activity; sid:37320081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.255.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.255.189"; classtype:trojan-activity; sid:37320091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.174.181 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.174.181"; classtype:trojan-activity; sid:37320101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.99.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.99.92"; classtype:trojan-activity; sid:37320111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.105.93 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.105.93"; classtype:trojan-activity; sid:37320121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.234.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.234.47"; classtype:trojan-activity; sid:37320131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.69.30.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.30.88"; classtype:trojan-activity; sid:37320141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.198.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.198.17"; classtype:trojan-activity; sid:37320151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.223.25.27 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.25.27"; classtype:trojan-activity; sid:37320161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.53.66.110 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.66.110"; classtype:trojan-activity; sid:37320171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.37.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.37.88"; classtype:trojan-activity; sid:37320181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 87.106.123.54 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.106.123.54"; classtype:trojan-activity; sid:37320191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 196.127.18.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.127.18.191"; classtype:trojan-activity; sid:37320201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.139.217.113 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.139.217.113"; classtype:trojan-activity; sid:37320211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.207.41.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.41.136"; classtype:trojan-activity; sid:37320221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 69.75.129.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.75.129.174"; classtype:trojan-activity; sid:37320231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.102.173.158 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.102.173.158"; classtype:trojan-activity; sid:37320241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.198.198.102 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.198.102"; classtype:trojan-activity; sid:37320251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.28.209 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.28.209"; classtype:trojan-activity; sid:37320261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.155.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.155.74"; classtype:trojan-activity; sid:37320271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.196.54.125 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.196.54.125"; classtype:trojan-activity; sid:37320281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.199.27.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.199.27.148"; classtype:trojan-activity; sid:37320291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.216.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.216.43"; classtype:trojan-activity; sid:37320301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.159.160 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.159.160"; classtype:trojan-activity; sid:37320311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.145.61 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.145.61"; classtype:trojan-activity; sid:37320321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.107.120.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.107.120.231"; classtype:trojan-activity; sid:37320331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.165.166.138 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.165.166.138"; classtype:trojan-activity; sid:37320341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.157.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.157.206"; classtype:trojan-activity; sid:37320351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.204.117 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.204.117"; classtype:trojan-activity; sid:37320361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.3.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.3.210"; classtype:trojan-activity; sid:37320371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.189.122.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.189.122.249"; classtype:trojan-activity; sid:37320381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.165.54 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.165.54"; classtype:trojan-activity; sid:37320391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.107.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.107.91"; classtype:trojan-activity; sid:37320401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.33.198.185 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.33.198.185"; classtype:trojan-activity; sid:37320411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 46.250.225.242 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.250.225.242"; classtype:trojan-activity; sid:37320421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.157.22.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.22.34"; classtype:trojan-activity; sid:37320431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 27.107.161.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.107.161.10"; classtype:trojan-activity; sid:37320441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.179.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.179.36"; classtype:trojan-activity; sid:37320451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.126.64.69 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.64.69"; classtype:trojan-activity; sid:37320461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.36.119.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.36.119.174"; classtype:trojan-activity; sid:37320471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 94.179.109.66 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.179.109.66"; classtype:trojan-activity; sid:37320481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.235.212.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.235.212.247"; classtype:trojan-activity; sid:37320491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.194.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.194.3"; classtype:trojan-activity; sid:37320501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.8.154.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.8.154.84"; classtype:trojan-activity; sid:37320511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.140.212.39 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.212.39"; classtype:trojan-activity; sid:37320521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.11.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.11.199"; classtype:trojan-activity; sid:37320531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.149.49.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.149.49.146"; classtype:trojan-activity; sid:37320541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 115.159.31.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.31.146"; classtype:trojan-activity; sid:37320551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.163.56.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.163.56.17"; classtype:trojan-activity; sid:37320561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.199.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.199.31"; classtype:trojan-activity; sid:37320571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.105.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.105.47"; classtype:trojan-activity; sid:37320581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.16.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.16.81"; classtype:trojan-activity; sid:37320591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.27.221.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.27.221.76"; classtype:trojan-activity; sid:37320601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.8.136.255 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.8.136.255"; classtype:trojan-activity; sid:37320611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 161.35.44.139 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.44.139"; classtype:trojan-activity; sid:37320621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.163.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.163.254"; classtype:trojan-activity; sid:37320631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.193.54.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.193.54.64"; classtype:trojan-activity; sid:37320641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.91.116 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.91.116"; classtype:trojan-activity; sid:37320651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.214.38 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.214.38"; classtype:trojan-activity; sid:37320661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 138.68.106.58 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.106.58"; classtype:trojan-activity; sid:37320671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.157.235 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.157.235"; classtype:trojan-activity; sid:37320681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.235.67 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.235.67"; classtype:trojan-activity; sid:37320691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.133.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.133.17"; classtype:trojan-activity; sid:37320701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.115.53.100 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.115.53.100"; classtype:trojan-activity; sid:37320711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.140.27.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.140.27.26"; classtype:trojan-activity; sid:37320721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.154.202.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.154.202.44"; classtype:trojan-activity; sid:37320731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.208.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.208.154"; classtype:trojan-activity; sid:37320741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.126.67.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.67.168"; classtype:trojan-activity; sid:37320751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 200.146.84.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.146.84.190"; classtype:trojan-activity; sid:37320761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.70.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.70.245"; classtype:trojan-activity; sid:37320771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.33.81.93 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.81.93"; classtype:trojan-activity; sid:37320781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 23.94.43.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.43.131"; classtype:trojan-activity; sid:37320791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.232.211.87 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.211.87"; classtype:trojan-activity; sid:37320801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.183.221.93 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.221.93"; classtype:trojan-activity; sid:37320811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.29.192.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.29.192.146"; classtype:trojan-activity; sid:37320821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.174.45.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.45.126"; classtype:trojan-activity; sid:37320831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.218.73.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.218.73.115"; classtype:trojan-activity; sid:37320841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.51.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.51.170"; classtype:trojan-activity; sid:37320851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.99.211.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.211.152"; classtype:trojan-activity; sid:37320861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.242.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.242.4"; classtype:trojan-activity; sid:37320871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 80.78.245.251 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.78.245.251"; classtype:trojan-activity; sid:37320881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.242.106 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.242.106"; classtype:trojan-activity; sid:37320891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.55.49.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.55.49.10"; classtype:trojan-activity; sid:37320901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.158.252.18 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.158.252.18"; classtype:trojan-activity; sid:37320911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.92.240 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.92.240"; classtype:trojan-activity; sid:37320921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.221.17.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.221.17.23"; classtype:trojan-activity; sid:37320931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.13.252 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.13.252"; classtype:trojan-activity; sid:37320941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.247.180 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.247.180"; classtype:trojan-activity; sid:37320951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.66.193.213 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.66.193.213"; classtype:trojan-activity; sid:37320961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.192.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.192.247"; classtype:trojan-activity; sid:37320971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.233.36.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.233.36.133"; classtype:trojan-activity; sid:37320981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.159.171 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.159.171"; classtype:trojan-activity; sid:37320991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.147.70 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.147.70"; classtype:trojan-activity; sid:37321001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.100.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.100.183"; classtype:trojan-activity; sid:37321011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.245.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.245.223"; classtype:trojan-activity; sid:37321021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.146.229 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.146.229"; classtype:trojan-activity; sid:37321031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.226.37 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.226.37"; classtype:trojan-activity; sid:37321041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 115.239.221.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.239.221.36"; classtype:trojan-activity; sid:37321051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 23.129.64.228 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.228"; classtype:trojan-activity; sid:37321061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.102.228.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.102.228.26"; classtype:trojan-activity; sid:37321071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.121.48.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.121.48.3"; classtype:trojan-activity; sid:37321081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.166.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.166.146"; classtype:trojan-activity; sid:37321091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 42.193.21.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.21.144"; classtype:trojan-activity; sid:37321101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 39.104.20.46 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.104.20.46"; classtype:trojan-activity; sid:37321111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.83.41 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.83.41"; classtype:trojan-activity; sid:37321121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.32.100.106 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.100.106"; classtype:trojan-activity; sid:37321131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.198.137.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.137.192"; classtype:trojan-activity; sid:37321141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.214.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.214.133"; classtype:trojan-activity; sid:37321151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.42.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.42.60"; classtype:trojan-activity; sid:37321161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.95.128 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.95.128"; classtype:trojan-activity; sid:37321171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.83.17.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.83.17.17"; classtype:trojan-activity; sid:37321181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.17.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.17.254"; classtype:trojan-activity; sid:37321191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.41.232 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.41.232"; classtype:trojan-activity; sid:37321201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.70.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.70.84"; classtype:trojan-activity; sid:37321211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.203.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.203.182"; classtype:trojan-activity; sid:37321221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 88.84.216.217 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.84.216.217"; classtype:trojan-activity; sid:37321231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.205.124 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.205.124"; classtype:trojan-activity; sid:37321241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.209.30.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.209.30.131"; classtype:trojan-activity; sid:37321251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.136.196.37 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.136.196.37"; classtype:trojan-activity; sid:37321261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.203.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.203.135"; classtype:trojan-activity; sid:37321271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.154.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.154.85"; classtype:trojan-activity; sid:37321281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.120.45 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.120.45"; classtype:trojan-activity; sid:37321291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.160.107.134 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.160.107.134"; classtype:trojan-activity; sid:37321301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 164.92.177.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.177.189"; classtype:trojan-activity; sid:37321311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.30.99.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.30.99.114"; classtype:trojan-activity; sid:37321321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 95.165.26.166 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.165.26.166"; classtype:trojan-activity; sid:37321331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.196.4.20 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.196.4.20"; classtype:trojan-activity; sid:37321341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.237.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.237.11"; classtype:trojan-activity; sid:37321351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.28.108.250 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.108.250"; classtype:trojan-activity; sid:37321361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.230.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.230.40"; classtype:trojan-activity; sid:37321371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.204.98.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.204.98.63"; classtype:trojan-activity; sid:37321381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.235.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.235.224"; classtype:trojan-activity; sid:37321391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.183.95.176 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.95.176"; classtype:trojan-activity; sid:37321401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 220.197.14.219 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.197.14.219"; classtype:trojan-activity; sid:37321411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.71.9.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.71.9.52"; classtype:trojan-activity; sid:37321421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.12.243.235 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.243.235"; classtype:trojan-activity; sid:37321431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.87.161.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.87.161.186"; classtype:trojan-activity; sid:37321441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.32.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.32.248"; classtype:trojan-activity; sid:37321451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.131.19 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.131.19"; classtype:trojan-activity; sid:37321461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 222.120.84.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.120.84.218"; classtype:trojan-activity; sid:37321471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.34.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.34.218"; classtype:trojan-activity; sid:37321481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.203.204 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.203.204"; classtype:trojan-activity; sid:37321491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.65.132 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.65.132"; classtype:trojan-activity; sid:37321501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 80.222.146.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.222.146.142"; classtype:trojan-activity; sid:37321511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.71.226 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.71.226"; classtype:trojan-activity; sid:37321521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 52.81.57.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.81.57.63"; classtype:trojan-activity; sid:37321531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 171.249.184.97 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.249.184.97"; classtype:trojan-activity; sid:37321541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.234.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.234.198"; classtype:trojan-activity; sid:37321551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 171.221.146.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.221.146.141"; classtype:trojan-activity; sid:37321561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.248.82.241 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.82.241"; classtype:trojan-activity; sid:37321571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.149.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.149.36"; classtype:trojan-activity; sid:37321581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.92.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.92.81"; classtype:trojan-activity; sid:37321591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.21.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.21.6"; classtype:trojan-activity; sid:37321601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.92.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.92.88"; classtype:trojan-activity; sid:37321611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.14.20 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.14.20"; classtype:trojan-activity; sid:37321621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 13.60.13.159 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.60.13.159"; classtype:trojan-activity; sid:37321631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.44.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.44.86"; classtype:trojan-activity; sid:37321641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.249.87.203 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.249.87.203"; classtype:trojan-activity; sid:37321651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.77.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.77.215"; classtype:trojan-activity; sid:37321661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.51.181 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.51.181"; classtype:trojan-activity; sid:37321671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.7.163 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.7.163"; classtype:trojan-activity; sid:37321681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.212.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.212.210"; classtype:trojan-activity; sid:37321691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 95.95.192.20 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.95.192.20"; classtype:trojan-activity; sid:37321701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.135.133.8 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.133.8"; classtype:trojan-activity; sid:37321711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 137.184.119.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.119.24"; classtype:trojan-activity; sid:37321721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.215.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.215.182"; classtype:trojan-activity; sid:37321731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.64.102 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.64.102"; classtype:trojan-activity; sid:37321741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.68.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.68.82"; classtype:trojan-activity; sid:37321751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.145.113.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.145.113.148"; classtype:trojan-activity; sid:37321761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.103.252.1 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.103.252.1"; classtype:trojan-activity; sid:37321771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.211.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.211.210"; classtype:trojan-activity; sid:37321781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.111.172.9 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.111.172.9"; classtype:trojan-activity; sid:37321791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.161.113 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.161.113"; classtype:trojan-activity; sid:37321801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.135.31.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.31.172"; classtype:trojan-activity; sid:37321811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.80.127 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.80.127"; classtype:trojan-activity; sid:37321821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.203.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.203.126"; classtype:trojan-activity; sid:37321831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.52.90.97 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.90.97"; classtype:trojan-activity; sid:37321841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.67.203 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.67.203"; classtype:trojan-activity; sid:37321851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.186.97.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.186.97.121"; classtype:trojan-activity; sid:37321861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.25.142.212 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.142.212"; classtype:trojan-activity; sid:37321871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.110.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.110.96"; classtype:trojan-activity; sid:37321881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.75.153 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.75.153"; classtype:trojan-activity; sid:37321891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.219.153.28 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.219.153.28"; classtype:trojan-activity; sid:37321901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 208.65.84.143 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.65.84.143"; classtype:trojan-activity; sid:37321911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.60.125.147 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.60.125.147"; classtype:trojan-activity; sid:37321921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.128.230.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.128.230.98"; classtype:trojan-activity; sid:37321931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.7.125 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.7.125"; classtype:trojan-activity; sid:37321941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.68.108.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.68.108.73"; classtype:trojan-activity; sid:37321951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.126.11.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.126.11.6"; classtype:trojan-activity; sid:37321961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.213.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.213.190"; classtype:trojan-activity; sid:37321971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.195.237 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.195.237"; classtype:trojan-activity; sid:37321981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.90.217.14 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.90.217.14"; classtype:trojan-activity; sid:37321991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.155.176.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.155.176.104"; classtype:trojan-activity; sid:37322001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.106.219 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.106.219"; classtype:trojan-activity; sid:37322011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.190.107.30 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.107.30"; classtype:trojan-activity; sid:37322021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.246.13 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.246.13"; classtype:trojan-activity; sid:37322031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.174.103.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.174.103.90"; classtype:trojan-activity; sid:37322041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.9.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.9.168"; classtype:trojan-activity; sid:37322051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 183.131.22.164 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.131.22.164"; classtype:trojan-activity; sid:37322061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.9.220 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.9.220"; classtype:trojan-activity; sid:37322071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 195.90.213.108 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.90.213.108"; classtype:trojan-activity; sid:37322081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.181.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.181.112"; classtype:trojan-activity; sid:37322091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.234.191.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.191.144"; classtype:trojan-activity; sid:37322101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.31.136.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.31.136.191"; classtype:trojan-activity; sid:37322111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.93.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.93.222"; classtype:trojan-activity; sid:37322121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.238.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.238.63"; classtype:trojan-activity; sid:37322131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.110.254.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.254.245"; classtype:trojan-activity; sid:37322141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.14.255.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.255.112"; classtype:trojan-activity; sid:37322151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 195.231.85.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.231.85.11"; classtype:trojan-activity; sid:37322161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.35.49 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.35.49"; classtype:trojan-activity; sid:37322171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.32.126.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.126.96"; classtype:trojan-activity; sid:37322181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.178.20.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.20.245"; classtype:trojan-activity; sid:37322191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.42.39.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.42.39.74"; classtype:trojan-activity; sid:37322201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.62.216.132 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.216.132"; classtype:trojan-activity; sid:37322211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.112.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.112.4"; classtype:trojan-activity; sid:37322221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.198.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.198.200"; classtype:trojan-activity; sid:37322231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 211.21.158.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.21.158.24"; classtype:trojan-activity; sid:37322241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.46.53.38 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.53.38"; classtype:trojan-activity; sid:37322251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.107.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.107.112"; classtype:trojan-activity; sid:37322261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.201.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.201.2"; classtype:trojan-activity; sid:37322271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.100.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.100.126"; classtype:trojan-activity; sid:37322281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 223.240.123.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.240.123.4"; classtype:trojan-activity; sid:37322291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 23.95.216.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.95.216.236"; classtype:trojan-activity; sid:37322301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.201.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.201.25"; classtype:trojan-activity; sid:37322311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.14.104.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.104.230"; classtype:trojan-activity; sid:37322321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.28.232.181 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.232.181"; classtype:trojan-activity; sid:37322331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.211.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.211.6"; classtype:trojan-activity; sid:37322341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.238.77.235 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.238.77.235"; classtype:trojan-activity; sid:37322351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 60.18.25.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.18.25.172"; classtype:trojan-activity; sid:37322361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.164.53 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.164.53"; classtype:trojan-activity; sid:37322371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.244.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.244.31"; classtype:trojan-activity; sid:37322381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 200.233.248.163 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.233.248.163"; classtype:trojan-activity; sid:37322391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.14.217 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.14.217"; classtype:trojan-activity; sid:37322401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.178.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.178.198"; classtype:trojan-activity; sid:37322411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.75.113.228 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.113.228"; classtype:trojan-activity; sid:37322421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.203.174.61 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.203.174.61"; classtype:trojan-activity; sid:37322431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.202.171 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.202.171"; classtype:trojan-activity; sid:37322441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.126.25.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.25.183"; classtype:trojan-activity; sid:37322451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 23.224.132.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.224.132.200"; classtype:trojan-activity; sid:37322461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.70.166.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.166.44"; classtype:trojan-activity; sid:37322471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.68.192.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.68.192.231"; classtype:trojan-activity; sid:37322481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.43.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.43.36"; classtype:trojan-activity; sid:37322491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 92.60.39.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.60.39.131"; classtype:trojan-activity; sid:37322501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 15.204.31.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.204.31.249"; classtype:trojan-activity; sid:37322511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.205.27.221 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.205.27.221"; classtype:trojan-activity; sid:37322521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 195.228.231.116 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.228.231.116"; classtype:trojan-activity; sid:37322531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.9.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.9.186"; classtype:trojan-activity; sid:37322541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.208.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.208.88"; classtype:trojan-activity; sid:37322551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.181.70.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.181.70.40"; classtype:trojan-activity; sid:37322561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.174.102.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.174.102.72"; classtype:trojan-activity; sid:37322571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.145.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.145.48"; classtype:trojan-activity; sid:37322581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.95.221.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.95.221.140"; classtype:trojan-activity; sid:37322591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 196.45.42.59 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.45.42.59"; classtype:trojan-activity; sid:37322601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.59.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.59.140"; classtype:trojan-activity; sid:37322611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.62.220.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.220.230"; classtype:trojan-activity; sid:37322621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.229.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.229.234"; classtype:trojan-activity; sid:37322631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.252.125 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.252.125"; classtype:trojan-activity; sid:37322641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.20.249.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.20.249.189"; classtype:trojan-activity; sid:37322651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 189.59.205.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.59.205.73"; classtype:trojan-activity; sid:37322661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 223.247.157.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.247.157.76"; classtype:trojan-activity; sid:37322671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.51.160.122 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.160.122"; classtype:trojan-activity; sid:37322681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 85.198.9.51 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.198.9.51"; classtype:trojan-activity; sid:37322691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.52.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.52.75"; classtype:trojan-activity; sid:37322701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 209.141.55.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.141.55.26"; classtype:trojan-activity; sid:37322711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.21.80 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.21.80"; classtype:trojan-activity; sid:37322721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.242.147 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.242.147"; classtype:trojan-activity; sid:37322731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.42.128.70 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.42.128.70"; classtype:trojan-activity; sid:37322741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 23.129.64.217 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.217"; classtype:trojan-activity; sid:37322751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 147.182.194.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.182.194.131"; classtype:trojan-activity; sid:37322761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.162.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.162.174"; classtype:trojan-activity; sid:37322771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 194.182.78.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.182.78.114"; classtype:trojan-activity; sid:37322781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.177.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.177.142"; classtype:trojan-activity; sid:37322791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 85.214.130.28 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.214.130.28"; classtype:trojan-activity; sid:37322801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 58.8.212.179 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.8.212.179"; classtype:trojan-activity; sid:37322811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.213.213 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.213.213"; classtype:trojan-activity; sid:37322821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.172.221 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.172.221"; classtype:trojan-activity; sid:37322831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 59.120.214.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.120.214.25"; classtype:trojan-activity; sid:37322841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.246.201 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.246.201"; classtype:trojan-activity; sid:37322851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.157.6.212 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.6.212"; classtype:trojan-activity; sid:37322861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.157.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.157.76"; classtype:trojan-activity; sid:37322871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert dns any any -> any any (msg: "MISP e26673 [] Domain gspiceyl.com"; dns.query; content:"gspiceyl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gspiceyl\.com$/i"; classtype:trojan-activity; sid:37499061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain gspiceyl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gspiceyl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gspiceyl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37499062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip 36.137.0.106 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.0.106"; classtype:trojan-activity; sid:37322881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 210.164.66.50 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.164.66.50"; classtype:trojan-activity; sid:37322891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.32.166 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.32.166"; classtype:trojan-activity; sid:37322901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 77.197.49.35 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.197.49.35"; classtype:trojan-activity; sid:37322911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.237.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.237.234"; classtype:trojan-activity; sid:37322921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 133.242.29.134 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 133.242.29.134"; classtype:trojan-activity; sid:37322931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.208.122.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.208.122.36"; classtype:trojan-activity; sid:37322941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.195.28 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.195.28"; classtype:trojan-activity; sid:37322951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.80.213.100 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.80.213.100"; classtype:trojan-activity; sid:37322961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.65.181.99 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.181.99"; classtype:trojan-activity; sid:37322971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.8.209.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.8.209.142"; classtype:trojan-activity; sid:37322981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.50.10.106 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.50.10.106"; classtype:trojan-activity; sid:37322991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.203.80.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.80.32"; classtype:trojan-activity; sid:37323001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.184.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.184.64"; classtype:trojan-activity; sid:37323011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 142.93.132.156 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.132.156"; classtype:trojan-activity; sid:37323021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 138.197.162.203 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.162.203"; classtype:trojan-activity; sid:37323031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.83.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.83.74"; classtype:trojan-activity; sid:37323041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.60.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.60.40"; classtype:trojan-activity; sid:37323051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.186.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.186.82"; classtype:trojan-activity; sid:37323061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.183.69 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.183.69"; classtype:trojan-activity; sid:37323071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.225.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.225.63"; classtype:trojan-activity; sid:37323081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.41.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.41.43"; classtype:trojan-activity; sid:37323091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.115.104.50 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.115.104.50"; classtype:trojan-activity; sid:37323101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.11.101 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.11.101"; classtype:trojan-activity; sid:37323111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.237.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.237.140"; classtype:trojan-activity; sid:37323121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.22.85.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.22.85.29"; classtype:trojan-activity; sid:37323131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.133.9.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.133.9.10"; classtype:trojan-activity; sid:37323141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 148.216.17.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.216.17.48"; classtype:trojan-activity; sid:37323151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.170.153 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.170.153"; classtype:trojan-activity; sid:37323161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.70.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.70.144"; classtype:trojan-activity; sid:37323171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.172.78.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.78.189"; classtype:trojan-activity; sid:37323181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.194.213 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.194.213"; classtype:trojan-activity; sid:37323191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.43.80.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.43.80.206"; classtype:trojan-activity; sid:37323201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.194.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.194.86"; classtype:trojan-activity; sid:37323211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 174.138.19.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.19.131"; classtype:trojan-activity; sid:37323221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.142.138 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.142.138"; classtype:trojan-activity; sid:37323231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.3.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.3.149"; classtype:trojan-activity; sid:37323241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 77.253.203.119 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.253.203.119"; classtype:trojan-activity; sid:37323251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.179.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.179.82"; classtype:trojan-activity; sid:37323261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 202.103.157.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.103.157.115"; classtype:trojan-activity; sid:37323271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.36.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.36.85"; classtype:trojan-activity; sid:37323281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.85.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.85.74"; classtype:trojan-activity; sid:37323291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 37.233.102.42 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.233.102.42"; classtype:trojan-activity; sid:37323301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.196.86.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.196.86.10"; classtype:trojan-activity; sid:37323311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.28.229 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.28.229"; classtype:trojan-activity; sid:37323321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.35.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.35.57"; classtype:trojan-activity; sid:37323331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 27.131.61.211 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.131.61.211"; classtype:trojan-activity; sid:37323341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.197.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.197.222"; classtype:trojan-activity; sid:37323351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.152.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.152.114"; classtype:trojan-activity; sid:37323361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 41.57.69.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.57.69.6"; classtype:trojan-activity; sid:37323371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.153.220.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.153.220.165"; classtype:trojan-activity; sid:37323381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.244.189.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.244.189.218"; classtype:trojan-activity; sid:37323391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.143.230.237 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.230.237"; classtype:trojan-activity; sid:37323401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.194.50 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.194.50"; classtype:trojan-activity; sid:37323411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.6.129 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.6.129"; classtype:trojan-activity; sid:37323421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.61.127 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.61.127"; classtype:trojan-activity; sid:37323431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.61.209 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.61.209"; classtype:trojan-activity; sid:37323441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.222.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.222.60"; classtype:trojan-activity; sid:37323451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.80.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.80.120"; classtype:trojan-activity; sid:37323461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.48.36.175 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.36.175"; classtype:trojan-activity; sid:37323471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 211.22.167.163 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.22.167.163"; classtype:trojan-activity; sid:37323481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.223.55.122 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.55.122"; classtype:trojan-activity; sid:37323491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.212.201 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.212.201"; classtype:trojan-activity; sid:37323501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.6.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.6.144"; classtype:trojan-activity; sid:37323511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.238.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.238.206"; classtype:trojan-activity; sid:37323521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 189.136.219.187 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.136.219.187"; classtype:trojan-activity; sid:37323531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.42.143 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.42.143"; classtype:trojan-activity; sid:37323541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.239.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.239.88"; classtype:trojan-activity; sid:37323551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.179.111 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.179.111"; classtype:trojan-activity; sid:37323561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.51.168.185 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.168.185"; classtype:trojan-activity; sid:37323571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.117.182.101 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.182.101"; classtype:trojan-activity; sid:37323581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.249.156 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.249.156"; classtype:trojan-activity; sid:37323591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.183"; classtype:trojan-activity; sid:37323601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.124.59 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.124.59"; classtype:trojan-activity; sid:37323611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.164 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.164"; classtype:trojan-activity; sid:37323621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.214.132 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.214.132"; classtype:trojan-activity; sid:37323631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 187.10.0.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.10.0.114"; classtype:trojan-activity; sid:37323641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.44.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.44.4"; classtype:trojan-activity; sid:37323651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.183.232.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.232.239"; classtype:trojan-activity; sid:37323661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.157.19.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.19.135"; classtype:trojan-activity; sid:37323671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.72.68.122 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.72.68.122"; classtype:trojan-activity; sid:37323681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.214.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.214.154"; classtype:trojan-activity; sid:37323691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 94.179.133.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.179.133.22"; classtype:trojan-activity; sid:37323701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 80.87.194.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.87.194.21"; classtype:trojan-activity; sid:37323711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.23.175.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.23.175.11"; classtype:trojan-activity; sid:37323721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.101.187 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.101.187"; classtype:trojan-activity; sid:37323731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.91.34.106 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.91.34.106"; classtype:trojan-activity; sid:37323741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.168.50.194 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.168.50.194"; classtype:trojan-activity; sid:37323751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 187.111.28.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.111.28.131"; classtype:trojan-activity; sid:37323761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.101.205 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.101.205"; classtype:trojan-activity; sid:37323771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 62.234.193.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.193.84"; classtype:trojan-activity; sid:37323781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.239.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.239.21"; classtype:trojan-activity; sid:37323791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 93.99.104.128 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.99.104.128"; classtype:trojan-activity; sid:37323801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.222.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.222.63"; classtype:trojan-activity; sid:37323811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.20.41 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.20.41"; classtype:trojan-activity; sid:37323821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.244.77.79 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.244.77.79"; classtype:trojan-activity; sid:37323831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.96.158.87 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.158.87"; classtype:trojan-activity; sid:37323841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.239.69.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.239.69.239"; classtype:trojan-activity; sid:37323851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.69.177.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.69.177.192"; classtype:trojan-activity; sid:37323861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.247.74.204 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.247.74.204"; classtype:trojan-activity; sid:37323871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.129 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.129"; classtype:trojan-activity; sid:37323881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.112.138.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.112.138.63"; classtype:trojan-activity; sid:37323891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert http $HOME_NET any -> 45.95.169.103 $HTTP_PORTS (msg: "MISP e26641 [] Outgoing URL http|3a|//45.95.169.103/ntpd"; flow:to_server,established; http.header; content:"45.95.169.103"; fast_pattern; nocase; http.uri; content:"/ntpd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37489661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26641;) alert ip 45.95.169.103 any -> $HOME_NET any (msg: "MISP e26641 [] Incoming From IP: 45.95.169.103"; classtype:trojan-activity; sid:37489671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26641;) alert ip $HOME_NET any -> 45.95.169.103 2545 (msg: "MISP e26641 [] Outgoing To IP: 45.95.169.103|2545"; classtype:trojan-activity; sid:37489681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26641;) alert http $HOME_NET any -> 93.123.85.141 $HTTP_PORTS (msg: "MISP e26643 [] Outgoing URL http|3a|//93.123.85.141/mips"; flow:to_server,established; http.header; content:"93.123.85.141"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37489881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26643;) alert ip 93.123.85.141 any -> $HOME_NET any (msg: "MISP e26643 [] Incoming From IP: 93.123.85.141"; classtype:trojan-activity; sid:37489891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26643;) alert ip $HOME_NET any -> 93.123.85.141 666 (msg: "MISP e26643 [] Outgoing To IP: 93.123.85.141|666"; classtype:trojan-activity; sid:37489901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26643;) alert http $HOME_NET any -> 193.35.18.56 $HTTP_PORTS (msg: "MISP e26479 [] Outgoing URL http|3a|//193.35.18.56/bash"; flow:to_server,established; http.header; content:"193.35.18.56"; fast_pattern; nocase; http.uri; content:"/bash"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37305071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26479;) alert ip 193.35.18.56 any -> $HOME_NET any (msg: "MISP e26479 [] Incoming From IP: 193.35.18.56"; classtype:trojan-activity; sid:37305081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26479;) alert ip $HOME_NET any -> 193.35.18.56 65482 (msg: "MISP e26479 [] Outgoing To IP: 193.35.18.56|65482"; classtype:trojan-activity; sid:37305091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26479;) alert http $HOME_NET any -> 89.190.156.162 $HTTP_PORTS (msg: "MISP e26645 [] Outgoing URL http|3a|//89.190.156.162/bins/skid.mips"; flow:to_server,established; http.header; content:"89.190.156.162"; fast_pattern; nocase; http.uri; content:"/bins/skid.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37490101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26645;) alert ip 89.190.156.162 any -> $HOME_NET any (msg: "MISP e26645 [] Incoming From IP: 89.190.156.162"; classtype:trojan-activity; sid:37490111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26645;) alert ip $HOME_NET any -> 146.190.244.20 9932 (msg: "MISP e26645 [] Outgoing To IP: 146.190.244.20|9932"; classtype:trojan-activity; sid:37490121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26645;) alert http $HOME_NET any -> 77.105.163.9 $HTTP_PORTS (msg: "MISP e26646 [] Outgoing URL http|3a|//77.105.163.9/hiddenbin/amachlenix2.mips"; flow:to_server,established; http.header; content:"77.105.163.9"; fast_pattern; nocase; http.uri; content:"/hiddenbin/amachlenix2.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37490241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26646;) alert ip 77.105.163.9 any -> $HOME_NET any (msg: "MISP e26646 [] Incoming From IP: 77.105.163.9"; classtype:trojan-activity; sid:37490251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26646;) alert ip $HOME_NET any -> 77.105.163.9 3778 (msg: "MISP e26646 [] Outgoing To IP: 77.105.163.9|3778"; classtype:trojan-activity; sid:37490261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26646;) alert http $HOME_NET any -> 5.181.80.88 80 (msg: "MISP e26647 [] Outgoing URL http|3a|//5.181.80.88|3a|80/bins/Tempus.mips"; flow:to_server,established; http.header; content:"5.181.80.88"; fast_pattern; nocase; http.uri; content:"/bins/Tempus.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37490381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26647;) alert ip 5.181.80.88 any -> $HOME_NET any (msg: "MISP e26647 [] Incoming From IP: 5.181.80.88"; classtype:trojan-activity; sid:37490391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26647;) alert ip $HOME_NET any -> 5.181.80.88 9931 (msg: "MISP e26647 [] Outgoing To IP: 5.181.80.88|9931"; classtype:trojan-activity; sid:37490401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26647;) alert http $HOME_NET any -> 45.86.86.60 $HTTP_PORTS (msg: "MISP e26648 [] Outgoing URL http|3a|//45.86.86.60/bins/sora.mips"; flow:to_server,established; http.header; content:"45.86.86.60"; fast_pattern; nocase; http.uri; content:"/bins/sora.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37490521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26648;) alert ip 45.86.86.60 any -> $HOME_NET any (msg: "MISP e26648 [] Incoming From IP: 45.86.86.60"; classtype:trojan-activity; sid:37490531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26648;) alert ip $HOME_NET any -> 45.86.86.60 1312 (msg: "MISP e26648 [] Outgoing To IP: 45.86.86.60|1312"; classtype:trojan-activity; sid:37490541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26648;) alert http $HOME_NET any -> 194.48.250.102 $HTTP_PORTS (msg: "MISP e26476 [] Outgoing URL http|3a|//194.48.250.102/skid.mips"; flow:to_server,established; http.header; content:"194.48.250.102"; fast_pattern; nocase; http.uri; content:"/skid.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37304531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26476;) alert ip 194.48.250.102 any -> $HOME_NET any (msg: "MISP e26476 [] Incoming From IP: 194.48.250.102"; classtype:trojan-activity; sid:37304541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26476;) alert ip $HOME_NET any -> 89.190.156.176 8872 (msg: "MISP e26476 [] Outgoing To IP: 89.190.156.176|8872"; classtype:trojan-activity; sid:37304551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26476;) alert http $HOME_NET any -> 94.156.71.217 $HTTP_PORTS (msg: "MISP e26484 [] Outgoing URL http|3a|//94.156.71.217/bins/sora.mips"; flow:to_server,established; http.header; content:"94.156.71.217"; fast_pattern; nocase; http.uri; content:"/bins/sora.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37305541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26484;) alert ip 94.156.71.217 any -> $HOME_NET any (msg: "MISP e26484 [] Incoming From IP: 94.156.71.217"; classtype:trojan-activity; sid:37305551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26484;) alert ip $HOME_NET any -> 94.156.71.217 1312 (msg: "MISP e26484 [] Outgoing To IP: 94.156.71.217|1312"; classtype:trojan-activity; sid:37305561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26484;) alert http $HOME_NET any -> 93.123.85.192 $HTTP_PORTS (msg: "MISP e26649 [] Outgoing URL http|3a|//93.123.85.192/bins/sora.mips"; flow:to_server,established; http.header; content:"93.123.85.192"; fast_pattern; nocase; http.uri; content:"/bins/sora.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37490661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26649;) alert ip 93.123.85.192 any -> $HOME_NET any (msg: "MISP e26649 [] Incoming From IP: 93.123.85.192"; classtype:trojan-activity; sid:37490671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26649;) alert ip $HOME_NET any -> 93.123.85.192 1312 (msg: "MISP e26649 [] Outgoing To IP: 93.123.85.192|1312"; classtype:trojan-activity; sid:37490681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26649;) alert http $HOME_NET any -> 213.232.235.20 $HTTP_PORTS (msg: "MISP e26650 [] Outgoing URL http|3a|//213.232.235.20/bins/sora.mips"; flow:to_server,established; http.header; content:"213.232.235.20"; fast_pattern; nocase; http.uri; content:"/bins/sora.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37490801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26650;) alert ip 213.232.235.20 any -> $HOME_NET any (msg: "MISP e26650 [] Incoming From IP: 213.232.235.20"; classtype:trojan-activity; sid:37490811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26650;) alert ip $HOME_NET any -> 213.232.235.20 1312 (msg: "MISP e26650 [] Outgoing To IP: 213.232.235.20|1312"; classtype:trojan-activity; sid:37490821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26650;) alert http $HOME_NET any -> 194.110.247.222 $HTTP_PORTS (msg: "MISP e26651 [] Outgoing URL http|3a|//194.110.247.222/shindemips"; flow:to_server,established; http.header; content:"194.110.247.222"; fast_pattern; nocase; http.uri; content:"/shindemips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37490941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26651;) alert ip 194.110.247.222 any -> $HOME_NET any (msg: "MISP e26651 [] Incoming From IP: 194.110.247.222"; classtype:trojan-activity; sid:37490951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26651;) alert ip $HOME_NET any -> 194.110.247.222 59666 (msg: "MISP e26651 [] Outgoing To IP: 194.110.247.222|59666"; classtype:trojan-activity; sid:37490961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26651;) alert http $HOME_NET any -> 109.245.65.201 $HTTP_PORTS (msg: "MISP e26652 [] Outgoing URL http|3a|//109.245.65.201/bins/sora.mips"; flow:to_server,established; http.header; content:"109.245.65.201"; fast_pattern; nocase; http.uri; content:"/bins/sora.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37491081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26652;) alert ip 109.245.65.201 any -> $HOME_NET any (msg: "MISP e26652 [] Incoming From IP: 109.245.65.201"; classtype:trojan-activity; sid:37491091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26652;) alert ip $HOME_NET any -> 109.245.65.201 60195 (msg: "MISP e26652 [] Outgoing To IP: 109.245.65.201|60195"; classtype:trojan-activity; sid:37491101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26652;) alert http $HOME_NET any -> 194.110.247.222 $HTTP_PORTS (msg: "MISP e26653 [] Outgoing URL http|3a|//194.110.247.222/shindemips"; flow:to_server,established; http.header; content:"194.110.247.222"; fast_pattern; nocase; http.uri; content:"/shindemips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37491221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26653;) alert ip 194.110.247.222 any -> $HOME_NET any (msg: "MISP e26653 [] Incoming From IP: 194.110.247.222"; classtype:trojan-activity; sid:37491231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26653;) alert ip $HOME_NET any -> 194.110.247.222 59666 (msg: "MISP e26653 [] Outgoing To IP: 194.110.247.222|59666"; classtype:trojan-activity; sid:37491241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26653;) alert http $HOME_NET any -> 109.245.65.201 $HTTP_PORTS (msg: "MISP e26654 [] Outgoing URL http|3a|//109.245.65.201/bins/sora.mips"; flow:to_server,established; http.header; content:"109.245.65.201"; fast_pattern; nocase; http.uri; content:"/bins/sora.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37491361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26654;) alert ip 109.245.65.201 any -> $HOME_NET any (msg: "MISP e26654 [] Incoming From IP: 109.245.65.201"; classtype:trojan-activity; sid:37491371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26654;) alert ip $HOME_NET any -> 109.245.65.201 60195 (msg: "MISP e26654 [] Outgoing To IP: 109.245.65.201|60195"; classtype:trojan-activity; sid:37491381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26654;) alert http $HOME_NET any -> 91.92.255.6 80 (msg: "MISP e26655 [] Outgoing URL http|3a|//91.92.255.6|3a|80/jklmips"; flow:to_server,established; http.header; content:"91.92.255.6"; fast_pattern; nocase; http.uri; content:"/jklmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37491501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26655;) alert ip 91.92.255.6 any -> $HOME_NET any (msg: "MISP e26655 [] Incoming From IP: 91.92.255.6"; classtype:trojan-activity; sid:37491511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26655;) alert ip $HOME_NET any -> 45.95.147.209 38241 (msg: "MISP e26655 [] Outgoing To IP: 45.95.147.209|38241"; classtype:trojan-activity; sid:37491521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26655;) alert http $HOME_NET any -> 45.142.214.108 $HTTP_PORTS (msg: "MISP e26656 [] Outgoing URL http|3a|//45.142.214.108/mips"; flow:to_server,established; http.header; content:"45.142.214.108"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37491641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26656;) alert ip 45.142.214.108 any -> $HOME_NET any (msg: "MISP e26656 [] Incoming From IP: 45.142.214.108"; classtype:trojan-activity; sid:37491651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26656;) alert ip $HOME_NET any -> 45.155.91.135 21425 (msg: "MISP e26656 [] Outgoing To IP: 45.155.91.135|21425"; classtype:trojan-activity; sid:37491661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26656;) alert http $HOME_NET any -> 104.243.46.182 $HTTP_PORTS (msg: "MISP e26657 [] Outgoing URL http|3a|//104.243.46.182/hiddenbin/boatnet.mips"; flow:to_server,established; http.header; content:"104.243.46.182"; fast_pattern; nocase; http.uri; content:"/hiddenbin/boatnet.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37491781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26657;) alert ip 104.243.46.182 any -> $HOME_NET any (msg: "MISP e26657 [] Incoming From IP: 104.243.46.182"; classtype:trojan-activity; sid:37491791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26657;) alert ip $HOME_NET any -> 104.243.46.182 3778 (msg: "MISP e26657 [] Outgoing To IP: 104.243.46.182|3778"; classtype:trojan-activity; sid:37491801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26657;) alert http $HOME_NET any -> 192.3.152.183 $HTTP_PORTS (msg: "MISP e26483 [] Outgoing URL http|3a|//192.3.152.183/mips"; flow:to_server,established; http.header; content:"192.3.152.183"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37305401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26483;) alert ip 192.3.152.183 any -> $HOME_NET any (msg: "MISP e26483 [] Incoming From IP: 192.3.152.183"; classtype:trojan-activity; sid:37305411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26483;) alert ip $HOME_NET any -> 45.155.91.135 21425 (msg: "MISP e26483 [] Outgoing To IP: 45.155.91.135|21425"; classtype:trojan-activity; sid:37305421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26483;) alert http $HOME_NET any -> 91.92.252.208 $HTTP_PORTS (msg: "MISP e26658 [] Outgoing URL http|3a|//91.92.252.208/bins/sora.mips"; flow:to_server,established; http.header; content:"91.92.252.208"; fast_pattern; nocase; http.uri; content:"/bins/sora.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37491921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26658;) alert ip 91.92.252.208 any -> $HOME_NET any (msg: "MISP e26658 [] Incoming From IP: 91.92.252.208"; classtype:trojan-activity; sid:37491931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26658;) alert ip $HOME_NET any -> 91.92.252.208 1312 (msg: "MISP e26658 [] Outgoing To IP: 91.92.252.208|1312"; classtype:trojan-activity; sid:37491941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26658;) alert http $HOME_NET any -> 172.105.176.100 $HTTP_PORTS (msg: "MISP e26637 [] Outgoing URL http|3a|//172.105.176.100/bins/mips"; flow:to_server,established; http.header; content:"172.105.176.100"; fast_pattern; nocase; http.uri; content:"/bins/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37489101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26637;) alert ip 172.105.176.100 any -> $HOME_NET any (msg: "MISP e26637 [] Incoming From IP: 172.105.176.100"; classtype:trojan-activity; sid:37489111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26637;) alert ip $HOME_NET any -> 172.105.176.100 5555 (msg: "MISP e26637 [] Outgoing To IP: 172.105.176.100|5555"; classtype:trojan-activity; sid:37489121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26637;) alert http $HOME_NET any -> 192.3.152.183 $HTTP_PORTS (msg: "MISP e26638 [] Outgoing URL http|3a|//192.3.152.183/mips"; flow:to_server,established; http.header; content:"192.3.152.183"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37489241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26638;) alert ip 192.3.152.183 any -> $HOME_NET any (msg: "MISP e26638 [] Incoming From IP: 192.3.152.183"; classtype:trojan-activity; sid:37489251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26638;) alert ip $HOME_NET any -> 45.155.91.135 21425 (msg: "MISP e26638 [] Outgoing To IP: 45.155.91.135|21425"; classtype:trojan-activity; sid:37489261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26638;) alert http $HOME_NET any -> 204.76.203.131 $HTTP_PORTS (msg: "MISP e26639 [] Outgoing URL http|3a|//204.76.203.131/bins/nklmips"; flow:to_server,established; http.header; content:"204.76.203.131"; fast_pattern; nocase; http.uri; content:"/bins/nklmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37489381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26639;) alert ip 204.76.203.131 any -> $HOME_NET any (msg: "MISP e26639 [] Incoming From IP: 204.76.203.131"; classtype:trojan-activity; sid:37489391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26639;) alert ip $HOME_NET any -> 5.181.80.192 38241 (msg: "MISP e26639 [] Outgoing To IP: 5.181.80.192|38241"; classtype:trojan-activity; sid:37489401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26639;) alert http $HOME_NET any -> 204.76.203.131 $HTTP_PORTS (msg: "MISP e26482 [] Outgoing URL http|3a|//204.76.203.131/bins/permips"; flow:to_server,established; http.header; content:"204.76.203.131"; fast_pattern; nocase; http.uri; content:"/bins/permips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37305261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26482;) alert ip 204.76.203.131 any -> $HOME_NET any (msg: "MISP e26482 [] Incoming From IP: 204.76.203.131"; classtype:trojan-activity; sid:37305271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26482;) alert ip $HOME_NET any -> 204.76.203.53 38241 (msg: "MISP e26482 [] Outgoing To IP: 204.76.203.53|38241"; classtype:trojan-activity; sid:37305281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26482;) alert http $HOME_NET any -> 204.76.203.131 $HTTP_PORTS (msg: "MISP e26660 [] Outgoing URL http|3a|//204.76.203.131/bins/zermips"; flow:to_server,established; http.header; content:"204.76.203.131"; fast_pattern; nocase; http.uri; content:"/bins/zermips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37492221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26660;) alert ip 204.76.203.131 any -> $HOME_NET any (msg: "MISP e26660 [] Incoming From IP: 204.76.203.131"; classtype:trojan-activity; sid:37492231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26660;) alert ip $HOME_NET any -> 5.181.80.192 38241 (msg: "MISP e26660 [] Outgoing To IP: 5.181.80.192|38241"; classtype:trojan-activity; sid:37492241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26660;) alert http $HOME_NET any -> 45.95.146.13 80 (msg: "MISP e26661 [] Outgoing URL http|3a|//45.95.146.13|3a|80/jklmips"; flow:to_server,established; http.header; content:"45.95.146.13"; fast_pattern; nocase; http.uri; content:"/jklmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37492361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26661;) alert ip 45.95.146.13 any -> $HOME_NET any (msg: "MISP e26661 [] Incoming From IP: 45.95.146.13"; classtype:trojan-activity; sid:37492371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26661;) alert ip $HOME_NET any -> 5.181.80.38 38241 (msg: "MISP e26661 [] Outgoing To IP: 5.181.80.38|38241"; classtype:trojan-activity; sid:37492381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26661;) alert http $HOME_NET any -> 193.141.60.128 $HTTP_PORTS (msg: "MISP e26662 [] Outgoing URL http|3a|//193.141.60.128/pbot.mips"; flow:to_server,established; http.header; content:"193.141.60.128"; fast_pattern; nocase; http.uri; content:"/pbot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37492501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26662;) alert ip 193.141.60.128 any -> $HOME_NET any (msg: "MISP e26662 [] Incoming From IP: 193.141.60.128"; classtype:trojan-activity; sid:37492511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26662;) alert ip $HOME_NET any -> 193.141.60.128 666 (msg: "MISP e26662 [] Outgoing To IP: 193.141.60.128|666"; classtype:trojan-activity; sid:37492521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26662;) alert http $HOME_NET any -> 103.47.195.200 $HTTP_PORTS (msg: "MISP e26663 [] Outgoing URL http|3a|//103.47.195.200/cundi.mips"; flow:to_server,established; http.header; content:"103.47.195.200"; fast_pattern; nocase; http.uri; content:"/cundi.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37492641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26663;) alert ip 103.47.195.200 any -> $HOME_NET any (msg: "MISP e26663 [] Incoming From IP: 103.47.195.200"; classtype:trojan-activity; sid:37492651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26663;) alert ip $HOME_NET any -> 103.47.195.200 42597 (msg: "MISP e26663 [] Outgoing To IP: 103.47.195.200|42597"; classtype:trojan-activity; sid:37492661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26663;) alert http $HOME_NET any -> 103.67.196.50 $HTTP_PORTS (msg: "MISP e26664 [] Outgoing URL http|3a|//103.67.196.50/most-mips"; flow:to_server,established; http.header; content:"103.67.196.50"; fast_pattern; nocase; http.uri; content:"/most-mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37492781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26664;) alert ip 103.67.196.50 any -> $HOME_NET any (msg: "MISP e26664 [] Incoming From IP: 103.67.196.50"; classtype:trojan-activity; sid:37492791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26664;) alert ip $HOME_NET any -> 103.67.196.50 2023 (msg: "MISP e26664 [] Outgoing To IP: 103.67.196.50|2023"; classtype:trojan-activity; sid:37492801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26664;) alert http $HOME_NET any -> 103.67.196.50 $HTTP_PORTS (msg: "MISP e26665 [] Outgoing URL http|3a|//103.67.196.50/most-mips"; flow:to_server,established; http.header; content:"103.67.196.50"; fast_pattern; nocase; http.uri; content:"/most-mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37492921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26665;) alert ip 103.67.196.50 any -> $HOME_NET any (msg: "MISP e26665 [] Incoming From IP: 103.67.196.50"; classtype:trojan-activity; sid:37492931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26665;) alert ip $HOME_NET any -> 103.67.196.50 2023 (msg: "MISP e26665 [] Outgoing To IP: 103.67.196.50|2023"; classtype:trojan-activity; sid:37492941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26665;) alert http $HOME_NET any -> 93.123.39.165 $HTTP_PORTS (msg: "MISP e26666 [] Outgoing URL http|3a|//93.123.39.165/bot.mips"; flow:to_server,established; http.header; content:"93.123.39.165"; fast_pattern; nocase; http.uri; content:"/bot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37493061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26666;) alert ip 93.123.39.165 any -> $HOME_NET any (msg: "MISP e26666 [] Incoming From IP: 93.123.39.165"; classtype:trojan-activity; sid:37493071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26666;) alert ip $HOME_NET any -> 93.123.39.165 43957 (msg: "MISP e26666 [] Outgoing To IP: 93.123.39.165|43957"; classtype:trojan-activity; sid:37493081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26666;) alert http $HOME_NET any -> 42.96.2.220 $HTTP_PORTS (msg: "MISP e26668 [] Outgoing URL http|3a|//42.96.2.220/bot.mips"; flow:to_server,established; http.header; content:"42.96.2.220"; fast_pattern; nocase; http.uri; content:"/bot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37493271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26668;) alert ip 42.96.2.220 any -> $HOME_NET any (msg: "MISP e26668 [] Incoming From IP: 42.96.2.220"; classtype:trojan-activity; sid:37493281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26668;) alert ip $HOME_NET any -> 42.96.2.220 43957 (msg: "MISP e26668 [] Outgoing To IP: 42.96.2.220|43957"; classtype:trojan-activity; sid:37493291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26668;) alert http $HOME_NET any -> 103.67.196.50 $HTTP_PORTS (msg: "MISP e26669 [] Outgoing URL http|3a|//103.67.196.50/most-mips"; flow:to_server,established; http.header; content:"103.67.196.50"; fast_pattern; nocase; http.uri; content:"/most-mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37493411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26669;) alert ip 103.67.196.50 any -> $HOME_NET any (msg: "MISP e26669 [] Incoming From IP: 103.67.196.50"; classtype:trojan-activity; sid:37493421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26669;) alert ip $HOME_NET any -> 103.67.196.50 2023 (msg: "MISP e26669 [] Outgoing To IP: 103.67.196.50|2023"; classtype:trojan-activity; sid:37493431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26669;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26670 [] Outgoing URL http|3a|//bp.somersaultcloud.xyz/cundi.mips"; flow:to_server,established; http.header; content:"bp.somersaultcloud.xyz"; fast_pattern; nocase; http.uri; content:"/cundi.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37493551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26670;) alert dns any any -> any any (msg: "MISP e26670 [] Domain bp.somersaultcloud.xyz"; dns.query; content:"bp.somersaultcloud.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])bp\.somersaultcloud\.xyz$/i"; classtype:trojan-activity; sid:37493561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26670;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26670 [] Outgoing HTTP Domain bp.somersaultcloud.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bp.somersaultcloud.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bp\.somersaultcloud\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37493562; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26670;) alert ip $HOME_NET any -> 149.50.209.216 43957 (msg: "MISP e26670 [] Outgoing To IP: 149.50.209.216|43957"; classtype:trojan-activity; sid:37493571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26670;) alert http $HOME_NET any -> 31.220.41.170 80 (msg: "MISP e26640 [] Outgoing URL http|3a|//31.220.41.170|3a|80/la.bot.mips"; flow:to_server,established; http.header; content:"31.220.41.170"; fast_pattern; nocase; http.uri; content:"/la.bot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37489521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26640;) alert ip 31.220.41.170 any -> $HOME_NET any (msg: "MISP e26640 [] Incoming From IP: 31.220.41.170"; classtype:trojan-activity; sid:37489531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26640;) alert ip $HOME_NET any -> 128.199.219.227 42061 (msg: "MISP e26640 [] Outgoing To IP: 128.199.219.227|42061"; classtype:trojan-activity; sid:37489541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26640;) alert http $HOME_NET any -> 31.220.3.140 $HTTP_PORTS (msg: "MISP e26632 [] Outgoing URL http|3a|//31.220.3.140/bins/la.bot.mips"; flow:to_server,established; http.header; content:"31.220.3.140"; fast_pattern; nocase; http.uri; content:"/bins/la.bot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37488401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26632;) alert ip 31.220.3.140 any -> $HOME_NET any (msg: "MISP e26632 [] Incoming From IP: 31.220.3.140"; classtype:trojan-activity; sid:37488411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26632;) alert ip $HOME_NET any -> 164.90.190.187 42061 (msg: "MISP e26632 [] Outgoing To IP: 164.90.190.187|42061"; classtype:trojan-activity; sid:37488421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26632;) alert http $HOME_NET any -> 31.220.41.170 80 (msg: "MISP e26633 [] Outgoing URL http|3a|//31.220.41.170|3a|80/la.bot.mips"; flow:to_server,established; http.header; content:"31.220.41.170"; fast_pattern; nocase; http.uri; content:"/la.bot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37488541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26633;) alert ip 31.220.41.170 any -> $HOME_NET any (msg: "MISP e26633 [] Incoming From IP: 31.220.41.170"; classtype:trojan-activity; sid:37488551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26633;) alert ip $HOME_NET any -> 128.199.219.227 42061 (msg: "MISP e26633 [] Outgoing To IP: 128.199.219.227|42061"; classtype:trojan-activity; sid:37488561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26633;) alert http $HOME_NET any -> 45.142.182.114 $HTTP_PORTS (msg: "MISP e26634 [] Outgoing URL http|3a|//45.142.182.114/mips"; flow:to_server,established; http.header; content:"45.142.182.114"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37488681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26634;) alert ip 45.142.182.114 any -> $HOME_NET any (msg: "MISP e26634 [] Incoming From IP: 45.142.182.114"; classtype:trojan-activity; sid:37488691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26634;) alert ip $HOME_NET any -> 45.142.182.114 2211 (msg: "MISP e26634 [] Outgoing To IP: 45.142.182.114|2211"; classtype:trojan-activity; sid:37488701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26634;) alert http $HOME_NET any -> 5.181.80.126 80 (msg: "MISP e26635 [] Outgoing URL http|3a|//5.181.80.126|3a|80/loki.mips"; flow:to_server,established; http.header; content:"5.181.80.126"; fast_pattern; nocase; http.uri; content:"/loki.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37488821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26635;) alert ip 5.181.80.126 any -> $HOME_NET any (msg: "MISP e26635 [] Incoming From IP: 5.181.80.126"; classtype:trojan-activity; sid:37488831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26635;) alert ip $HOME_NET any -> 5.181.80.126 16 (msg: "MISP e26635 [] Outgoing To IP: 5.181.80.126|16"; classtype:trojan-activity; sid:37488841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26635;) alert http $HOME_NET any -> 5.181.80.126 80 (msg: "MISP e26636 [] Outgoing URL http|3a|//5.181.80.126|3a|80/loki.mips"; flow:to_server,established; http.header; content:"5.181.80.126"; fast_pattern; nocase; http.uri; content:"/loki.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37488961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26636;) alert ip 5.181.80.126 any -> $HOME_NET any (msg: "MISP e26636 [] Incoming From IP: 5.181.80.126"; classtype:trojan-activity; sid:37488971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26636;) alert ip $HOME_NET any -> 5.181.80.126 16 (msg: "MISP e26636 [] Outgoing To IP: 5.181.80.126|16"; classtype:trojan-activity; sid:37488981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26636;) alert dns any any -> any any (msg: "MISP e26673 [] Domain snackfunp.com"; dns.query; content:"snackfunp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])snackfunp\.com$/i"; classtype:trojan-activity; sid:37499081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain snackfunp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"snackfunp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])snackfunp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37499082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip 106.52.3.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.3.234"; classtype:trojan-activity; sid:37323901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 157.245.104.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.104.247"; classtype:trojan-activity; sid:37323911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.222.59 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.222.59"; classtype:trojan-activity; sid:37323921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip $HOME_NET any -> 35.178.199.78 80 (msg: "MISP e26444 [c2,Havoc] Outgoing To IP: 35.178.199.78|80"; classtype:trojan-activity; sid:37299771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 45.59.118.25 443 (msg: "MISP e26444 [c2,Havoc] Outgoing To IP: 45.59.118.25|443"; classtype:trojan-activity; sid:37299781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 45.78.32.214 8080 (msg: "MISP e26444 [c2,Havoc] Outgoing To IP: 45.78.32.214|8080"; classtype:trojan-activity; sid:37299791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 171.41.197.221 25565 (msg: "MISP e26444 [c2,dcrat] Outgoing To IP: 171.41.197.221|25565"; classtype:trojan-activity; sid:37299801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 171.41.251.198 25565 (msg: "MISP e26444 [c2,dcrat] Outgoing To IP: 171.41.251.198|25565"; classtype:trojan-activity; sid:37299811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip $HOME_NET any -> 109.200.24.62 443 (msg: "MISP e26444 [c2,empire_downloader] Outgoing To IP: 109.200.24.62|443"; classtype:trojan-activity; sid:37299821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip 162.62.125.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.125.198"; classtype:trojan-activity; sid:37323931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 203.145.34.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.145.34.222"; classtype:trojan-activity; sid:37323941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.35.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.35.239"; classtype:trojan-activity; sid:37323951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.204.176.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.204.176.120"; classtype:trojan-activity; sid:37323961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.8.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.8.152"; classtype:trojan-activity; sid:37323971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.42.250 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.42.250"; classtype:trojan-activity; sid:37323981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.215.238 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.215.238"; classtype:trojan-activity; sid:37323991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.212.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.212.131"; classtype:trojan-activity; sid:37324001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.254.25.213 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.254.25.213"; classtype:trojan-activity; sid:37324011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.200.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.200.247"; classtype:trojan-activity; sid:37324021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.213.215.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.213.215.245"; classtype:trojan-activity; sid:37324031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.33.69.235 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.69.235"; classtype:trojan-activity; sid:37324041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.10.44.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.10.44.104"; classtype:trojan-activity; sid:37324051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.248.130.196 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.130.196"; classtype:trojan-activity; sid:37324061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 189.190.218.93 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.190.218.93"; classtype:trojan-activity; sid:37324071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.90.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.90.12"; classtype:trojan-activity; sid:37324081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.236.248.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.248.10"; classtype:trojan-activity; sid:37324091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.211.185.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.211.185.140"; classtype:trojan-activity; sid:37324101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.136.183.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.183.247"; classtype:trojan-activity; sid:37324111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.253.156.184 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.253.156.184"; classtype:trojan-activity; sid:37324121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.196.134 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.196.134"; classtype:trojan-activity; sid:37324131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.182.159 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.182.159"; classtype:trojan-activity; sid:37324141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.21.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.21.15"; classtype:trojan-activity; sid:37324151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip $HOME_NET any -> 109.200.24.62 443 (msg: "MISP e26673 [] Outgoing To IP: 109.200.24.62|443"; classtype:trojan-activity; sid:37499091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 171.41.251.198 25565 (msg: "MISP e26673 [] Outgoing To IP: 171.41.251.198|25565"; classtype:trojan-activity; sid:37499101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 171.41.197.221 25565 (msg: "MISP e26673 [] Outgoing To IP: 171.41.197.221|25565"; classtype:trojan-activity; sid:37499111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 45.78.32.214 8080 (msg: "MISP e26673 [] Outgoing To IP: 45.78.32.214|8080"; classtype:trojan-activity; sid:37499121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 45.59.118.25 443 (msg: "MISP e26673 [] Outgoing To IP: 45.59.118.25|443"; classtype:trojan-activity; sid:37499131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip $HOME_NET any -> 35.178.199.78 80 (msg: "MISP e26673 [] Outgoing To IP: 35.178.199.78|80"; classtype:trojan-activity; sid:37499141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip 43.134.52.158 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.52.158"; classtype:trojan-activity; sid:37324161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.16.20.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.16.20.215"; classtype:trojan-activity; sid:37324171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.241.68 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.241.68"; classtype:trojan-activity; sid:37324181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.114.69.235 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.69.235"; classtype:trojan-activity; sid:37324191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 161.132.39.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.132.39.76"; classtype:trojan-activity; sid:37324201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.14.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.14.141"; classtype:trojan-activity; sid:37324211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.56.162.101 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.56.162.101"; classtype:trojan-activity; sid:37324221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.42.115.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.42.115.144"; classtype:trojan-activity; sid:37324231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.16.138.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.16.138.140"; classtype:trojan-activity; sid:37324241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.226.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.226.224"; classtype:trojan-activity; sid:37324251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 177.30.67.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.30.67.114"; classtype:trojan-activity; sid:37324261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.87.166.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.87.166.141"; classtype:trojan-activity; sid:37324271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.103.253.18 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.103.253.18"; classtype:trojan-activity; sid:37324281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.172.255.119 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.255.119"; classtype:trojan-activity; sid:37324291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.178.234.14 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.234.14"; classtype:trojan-activity; sid:37324301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.129.61.1 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.129.61.1"; classtype:trojan-activity; sid:37324311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 200.87.49.188 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.87.49.188"; classtype:trojan-activity; sid:37324321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.196.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.196.36"; classtype:trojan-activity; sid:37324331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.174.0.156 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.174.0.156"; classtype:trojan-activity; sid:37324341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.183.83.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.83.64"; classtype:trojan-activity; sid:37324351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.180.119 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.180.119"; classtype:trojan-activity; sid:37324361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.156.135.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.135.7"; classtype:trojan-activity; sid:37324371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.131.210.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.131.210.170"; classtype:trojan-activity; sid:37324381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.74.57.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.74.57.174"; classtype:trojan-activity; sid:37324391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.25.119.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.25.119.198"; classtype:trojan-activity; sid:37324401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.53.219.225 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.219.225"; classtype:trojan-activity; sid:37324411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.88.129 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.88.129"; classtype:trojan-activity; sid:37324421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.164.68 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.164.68"; classtype:trojan-activity; sid:37324431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.166.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.166.136"; classtype:trojan-activity; sid:37324441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.40.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.40.144"; classtype:trojan-activity; sid:37324451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 41.223.66.18 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.223.66.18"; classtype:trojan-activity; sid:37324461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.33.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.33.74"; classtype:trojan-activity; sid:37324471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.29.64.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.64.10"; classtype:trojan-activity; sid:37324481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.239.153 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.239.153"; classtype:trojan-activity; sid:37324491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.236.200.116 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.200.116"; classtype:trojan-activity; sid:37324501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 158.51.99.35 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.51.99.35"; classtype:trojan-activity; sid:37324511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.135.207 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.135.207"; classtype:trojan-activity; sid:37324521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.13.147.145 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.13.147.145"; classtype:trojan-activity; sid:37324531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.195.248.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.248.12"; classtype:trojan-activity; sid:37324541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.108.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.108.149"; classtype:trojan-activity; sid:37324551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.67.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.67.44"; classtype:trojan-activity; sid:37324561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 174.100.30.242 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.100.30.242"; classtype:trojan-activity; sid:37324571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.57.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.57.236"; classtype:trojan-activity; sid:37324581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.57.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.57.142"; classtype:trojan-activity; sid:37324591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.47.132.204 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.47.132.204"; classtype:trojan-activity; sid:37324601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.33.206.147 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.33.206.147"; classtype:trojan-activity; sid:37324611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.70.19.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.19.182"; classtype:trojan-activity; sid:37324621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.95.119 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.95.119"; classtype:trojan-activity; sid:37324631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.211.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.211.11"; classtype:trojan-activity; sid:37324641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.35.9.181 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.9.181"; classtype:trojan-activity; sid:37324651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.249.57.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.249.57.5"; classtype:trojan-activity; sid:37324661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 154.211.15.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.211.15.26"; classtype:trojan-activity; sid:37324671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 172.96.227.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.96.227.178"; classtype:trojan-activity; sid:37324681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.146.50.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.146.50.230"; classtype:trojan-activity; sid:37324691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 195.211.46.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.211.46.135"; classtype:trojan-activity; sid:37324701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.111.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.111.32"; classtype:trojan-activity; sid:37324711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.65.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.65.178"; classtype:trojan-activity; sid:37324721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.56.206.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.56.206.52"; classtype:trojan-activity; sid:37324731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.56.45.137 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.56.45.137"; classtype:trojan-activity; sid:37324741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.93.200.50 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.93.200.50"; classtype:trojan-activity; sid:37324751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.248.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.248.43"; classtype:trojan-activity; sid:37324761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 13.212.77.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.212.77.146"; classtype:trojan-activity; sid:37324771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.236.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.236.223"; classtype:trojan-activity; sid:37324781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.80.160 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.80.160"; classtype:trojan-activity; sid:37324791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.204.180 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.204.180"; classtype:trojan-activity; sid:37324801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.105.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.105.15"; classtype:trojan-activity; sid:37324811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 168.167.228.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.167.228.74"; classtype:trojan-activity; sid:37324821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 70.52.141.111 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 70.52.141.111"; classtype:trojan-activity; sid:37324831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.213.52.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.213.52.76"; classtype:trojan-activity; sid:37324841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.66.9 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.66.9"; classtype:trojan-activity; sid:37324851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.86.53.242 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.86.53.242"; classtype:trojan-activity; sid:37324861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 191.55.188.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.55.188.104"; classtype:trojan-activity; sid:37324871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.150.254.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.150.254.239"; classtype:trojan-activity; sid:37324881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.45.1.197 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.1.197"; classtype:trojan-activity; sid:37324891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.15.19 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.15.19"; classtype:trojan-activity; sid:37324901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 210.68.237.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.68.237.72"; classtype:trojan-activity; sid:37324911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.26.32.106 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.26.32.106"; classtype:trojan-activity; sid:37324931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.195.161 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.195.161"; classtype:trojan-activity; sid:37324941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.223.230.65 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.230.65"; classtype:trojan-activity; sid:37324951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.136.175.162 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.175.162"; classtype:trojan-activity; sid:37324961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.227.172.177 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.227.172.177"; classtype:trojan-activity; sid:37324971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.178.37.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.178.37.5"; classtype:trojan-activity; sid:37324981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.142.136.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.136.17"; classtype:trojan-activity; sid:37324991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 35.238.179.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.238.179.165"; classtype:trojan-activity; sid:37325001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.210.81.125 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.210.81.125"; classtype:trojan-activity; sid:37325011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.151.128.225 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.151.128.225"; classtype:trojan-activity; sid:37325021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.220.201 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.220.201"; classtype:trojan-activity; sid:37325031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.30.209 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.30.209"; classtype:trojan-activity; sid:37325041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.14.72.184 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.72.184"; classtype:trojan-activity; sid:37325051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 141.94.71.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.94.71.52"; classtype:trojan-activity; sid:37325061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.185.237 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.185.237"; classtype:trojan-activity; sid:37325071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.146.140.167 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.146.140.167"; classtype:trojan-activity; sid:37325081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.136.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.136.135"; classtype:trojan-activity; sid:37325091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 37.152.177.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.152.177.6"; classtype:trojan-activity; sid:37325101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.225.51 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.225.51"; classtype:trojan-activity; sid:37325111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 173.249.17.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.249.17.92"; classtype:trojan-activity; sid:37325121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.214.93 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.214.93"; classtype:trojan-activity; sid:37325131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.217.210.130 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.217.210.130"; classtype:trojan-activity; sid:37325141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.234.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.234.182"; classtype:trojan-activity; sid:37325151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.15.105 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.15.105"; classtype:trojan-activity; sid:37325161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.143.230.74 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.143.230.74"; classtype:trojan-activity; sid:37325171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.208.75.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.208.75.3"; classtype:trojan-activity; sid:37325181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.45.11.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.11.178"; classtype:trojan-activity; sid:37325191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.44.69 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.44.69"; classtype:trojan-activity; sid:37325201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.44.250.150 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.44.250.150"; classtype:trojan-activity; sid:37325211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.30.201.237 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.30.201.237"; classtype:trojan-activity; sid:37325221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.16.39 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.16.39"; classtype:trojan-activity; sid:37325231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 2.38.140.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.38.140.60"; classtype:trojan-activity; sid:37325241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 42.123.121.167 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.123.121.167"; classtype:trojan-activity; sid:37325251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.112.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.112.26"; classtype:trojan-activity; sid:37325261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 221.120.49.111 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.120.49.111"; classtype:trojan-activity; sid:37325271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 109.123.230.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.123.230.96"; classtype:trojan-activity; sid:37325281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.223.124 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.223.124"; classtype:trojan-activity; sid:37325291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.130.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.130.168"; classtype:trojan-activity; sid:37325301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.183.8.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.183.8.43"; classtype:trojan-activity; sid:37325311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.159.29.123 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.159.29.123"; classtype:trojan-activity; sid:37325321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.89.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.89.140"; classtype:trojan-activity; sid:37325331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.54.175 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.54.175"; classtype:trojan-activity; sid:37325341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.136.62.238 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.62.238"; classtype:trojan-activity; sid:37325351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.79.225 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.79.225"; classtype:trojan-activity; sid:37325361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.90.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.90.148"; classtype:trojan-activity; sid:37325371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.115.208.53 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.115.208.53"; classtype:trojan-activity; sid:37325381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.40.83 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.40.83"; classtype:trojan-activity; sid:37325391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.164.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.164.198"; classtype:trojan-activity; sid:37325401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.67.52.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.67.52.239"; classtype:trojan-activity; sid:37325411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.213.99.45 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.213.99.45"; classtype:trojan-activity; sid:37325421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.31.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.31.15"; classtype:trojan-activity; sid:37325431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.171.97 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.171.97"; classtype:trojan-activity; sid:37325441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 58.87.80.196 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.87.80.196"; classtype:trojan-activity; sid:37325451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 59.24.127.242 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.24.127.242"; classtype:trojan-activity; sid:37325461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.110.175 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.110.175"; classtype:trojan-activity; sid:37325471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.13.155.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.13.155.191"; classtype:trojan-activity; sid:37325481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.110.90.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.110.90.12"; classtype:trojan-activity; sid:37325491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.187.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.187.12"; classtype:trojan-activity; sid:37325501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 188.254.0.138 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.254.0.138"; classtype:trojan-activity; sid:37325511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.251.63.69 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.251.63.69"; classtype:trojan-activity; sid:37325521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.38.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.38.170"; classtype:trojan-activity; sid:37325531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.6.102 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.6.102"; classtype:trojan-activity; sid:37325541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.75.247.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.75.247.144"; classtype:trojan-activity; sid:37325551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.7.167 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.7.167"; classtype:trojan-activity; sid:37325561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.103.42.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.42.210"; classtype:trojan-activity; sid:37325571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.229.234.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.234.202"; classtype:trojan-activity; sid:37325581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.140.216.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.216.77"; classtype:trojan-activity; sid:37325591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 176.118.28.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.118.28.126"; classtype:trojan-activity; sid:37325601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.183.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.183.254"; classtype:trojan-activity; sid:37325611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.94.198 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.94.198"; classtype:trojan-activity; sid:37325621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.172.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.172.77"; classtype:trojan-activity; sid:37325631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.202.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.202.245"; classtype:trojan-activity; sid:37325641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.233.204.9 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.233.204.9"; classtype:trojan-activity; sid:37325651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.34.165.151 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.165.151"; classtype:trojan-activity; sid:37325661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.176.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.176.152"; classtype:trojan-activity; sid:37325671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.84.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.84.76"; classtype:trojan-activity; sid:37325681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.58.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.58.82"; classtype:trojan-activity; sid:37325691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.0.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.0.210"; classtype:trojan-activity; sid:37325701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.109.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.109.21"; classtype:trojan-activity; sid:37325711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.95.68 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.95.68"; classtype:trojan-activity; sid:37325721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.225.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.225.174"; classtype:trojan-activity; sid:37325731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.51.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.51.245"; classtype:trojan-activity; sid:37325741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 92.222.25.127 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.222.25.127"; classtype:trojan-activity; sid:37325751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 187.16.96.250 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.16.96.250"; classtype:trojan-activity; sid:37325761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.95.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.95.36"; classtype:trojan-activity; sid:37325771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.244.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.244.40"; classtype:trojan-activity; sid:37325781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.102.18 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.102.18"; classtype:trojan-activity; sid:37325791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.118.211.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.118.211.4"; classtype:trojan-activity; sid:37325801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.76.164.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.164.4"; classtype:trojan-activity; sid:37325811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 210.212.47.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.212.47.82"; classtype:trojan-activity; sid:37325821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 142.93.211.42 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.211.42"; classtype:trojan-activity; sid:37325831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.10.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.10.200"; classtype:trojan-activity; sid:37325841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 211.75.136.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.75.136.57"; classtype:trojan-activity; sid:37325851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.233.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.233.62"; classtype:trojan-activity; sid:37325861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.235.53.103 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.53.103"; classtype:trojan-activity; sid:37325871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.237.103 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.237.103"; classtype:trojan-activity; sid:37325881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.62.220.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.220.206"; classtype:trojan-activity; sid:37325891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.44.196 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.44.196"; classtype:trojan-activity; sid:37325901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 46.182.19.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.182.19.7"; classtype:trojan-activity; sid:37325911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.219.110 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.219.110"; classtype:trojan-activity; sid:37325921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.53.103 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.53.103"; classtype:trojan-activity; sid:37325931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.155.129 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.155.129"; classtype:trojan-activity; sid:37325941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.152.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.152.148"; classtype:trojan-activity; sid:37325951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.147.129.110 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.147.129.110"; classtype:trojan-activity; sid:37325961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.254.211 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.254.211"; classtype:trojan-activity; sid:37325971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.144.245.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.144.245.23"; classtype:trojan-activity; sid:37325981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.204.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.204.245"; classtype:trojan-activity; sid:37325991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.18.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.18.172"; classtype:trojan-activity; sid:37326001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.193.163.229 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.193.163.229"; classtype:trojan-activity; sid:37326011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.70.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.70.239"; classtype:trojan-activity; sid:37326021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.79.192.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.79.192.248"; classtype:trojan-activity; sid:37326031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.247.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.247.189"; classtype:trojan-activity; sid:37326041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 176.110.245.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.110.245.202"; classtype:trojan-activity; sid:37326051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.238.175 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.238.175"; classtype:trojan-activity; sid:37326061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.165.66.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.165.66.155"; classtype:trojan-activity; sid:37326071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 115.159.149.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.149.133"; classtype:trojan-activity; sid:37326081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 183.63.103.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.63.103.84"; classtype:trojan-activity; sid:37326091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.216.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.216.239"; classtype:trojan-activity; sid:37326101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.32.103.80 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.103.80"; classtype:trojan-activity; sid:37326111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 23.129.64.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.135"; classtype:trojan-activity; sid:37326121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.186.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.186.192"; classtype:trojan-activity; sid:37326131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.14.105.138 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.105.138"; classtype:trojan-activity; sid:37326141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.148.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.148.215"; classtype:trojan-activity; sid:37326151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.156.239.181 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.156.239.181"; classtype:trojan-activity; sid:37326161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.118.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.118.62"; classtype:trojan-activity; sid:37326171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 203.56.121.201 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.56.121.201"; classtype:trojan-activity; sid:37326181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.221.179 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.221.179"; classtype:trojan-activity; sid:37326191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.93.226 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.93.226"; classtype:trojan-activity; sid:37326201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.28.122.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.122.154"; classtype:trojan-activity; sid:37326211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.228.94 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.228.94"; classtype:trojan-activity; sid:37326221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.236.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.236.190"; classtype:trojan-activity; sid:37326231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.242.99.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.242.99.88"; classtype:trojan-activity; sid:37326241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.151.142.6 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.142.6"; classtype:trojan-activity; sid:37326251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.27.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.27.170"; classtype:trojan-activity; sid:37326261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.76.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.76.85"; classtype:trojan-activity; sid:37326271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.131.7.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.7.152"; classtype:trojan-activity; sid:37326281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 205.234.146.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.234.146.191"; classtype:trojan-activity; sid:37326291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.72.250 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.72.250"; classtype:trojan-activity; sid:37326301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.121.50.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.121.50.199"; classtype:trojan-activity; sid:37326311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.235.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.235.43"; classtype:trojan-activity; sid:37326321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.118.49 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.118.49"; classtype:trojan-activity; sid:37326331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 195.110.39.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.110.39.247"; classtype:trojan-activity; sid:37326341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.215.209.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.215.209.5"; classtype:trojan-activity; sid:37326351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.2.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.2.249"; classtype:trojan-activity; sid:37326361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.23.137.119 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.23.137.119"; classtype:trojan-activity; sid:37326371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 164.90.186.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.186.3"; classtype:trojan-activity; sid:37326381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.62.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.62.81"; classtype:trojan-activity; sid:37326391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.48.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.48.47"; classtype:trojan-activity; sid:37326401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 112.161.86.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.161.86.234"; classtype:trojan-activity; sid:37326411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.200.94 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.200.94"; classtype:trojan-activity; sid:37326421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.71.99.94 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.99.94"; classtype:trojan-activity; sid:37326431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.45.99 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.45.99"; classtype:trojan-activity; sid:37326441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.211.59.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.211.59.200"; classtype:trojan-activity; sid:37326451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.36.106.169 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.36.106.169"; classtype:trojan-activity; sid:37326461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.11.122 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.11.122"; classtype:trojan-activity; sid:37326471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 31.220.88.201 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.220.88.201"; classtype:trojan-activity; sid:37326481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.226.35 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.226.35"; classtype:trojan-activity; sid:37326491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 113.137.42.214 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.137.42.214"; classtype:trojan-activity; sid:37326501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 158.220.91.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.220.91.75"; classtype:trojan-activity; sid:37326511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.203.184 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.203.184"; classtype:trojan-activity; sid:37326521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.190.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.190.75"; classtype:trojan-activity; sid:37326531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.159.211.119 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.159.211.119"; classtype:trojan-activity; sid:37326541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.151.243.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.151.243.26"; classtype:trojan-activity; sid:37326551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.165.233.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.165.233.236"; classtype:trojan-activity; sid:37326561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.188.177.46 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.188.177.46"; classtype:trojan-activity; sid:37326571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.121.54 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.121.54"; classtype:trojan-activity; sid:37326581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.14.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.14.23"; classtype:trojan-activity; sid:37326591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.99.65.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.65.31"; classtype:trojan-activity; sid:37326601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.18.84.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.18.84.247"; classtype:trojan-activity; sid:37326611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.178.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.178.48"; classtype:trojan-activity; sid:37326621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.193.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.193.199"; classtype:trojan-activity; sid:37326631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.97.51 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.97.51"; classtype:trojan-activity; sid:37326641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 202.184.238.14 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.184.238.14"; classtype:trojan-activity; sid:37326651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.163.234.169 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.163.234.169"; classtype:trojan-activity; sid:37326661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 59.34.217.89 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.34.217.89"; classtype:trojan-activity; sid:37326671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.56.132.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.56.132.43"; classtype:trojan-activity; sid:37326681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 112.74.162.201 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.74.162.201"; classtype:trojan-activity; sid:37326691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.54.137 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.54.137"; classtype:trojan-activity; sid:37326701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.41.188 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.41.188"; classtype:trojan-activity; sid:37326711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.42.116.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.42.116.15"; classtype:trojan-activity; sid:37326721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.71.104.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.104.206"; classtype:trojan-activity; sid:37326731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.10.125.209 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.10.125.209"; classtype:trojan-activity; sid:37326741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 113.116.74.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.116.74.215"; classtype:trojan-activity; sid:37326751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.41.61 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.41.61"; classtype:trojan-activity; sid:37326761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.24.65 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.24.65"; classtype:trojan-activity; sid:37326771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 222.77.96.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.77.96.62"; classtype:trojan-activity; sid:37326781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 205.185.113.140 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.185.113.140"; classtype:trojan-activity; sid:37326791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.254.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.254.7"; classtype:trojan-activity; sid:37326801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.195.132.99 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.195.132.99"; classtype:trojan-activity; sid:37326811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.8.118 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.8.118"; classtype:trojan-activity; sid:37326821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 35.222.255.158 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.222.255.158"; classtype:trojan-activity; sid:37326831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.62.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.62.25"; classtype:trojan-activity; sid:37326841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.99.243.220 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.243.220"; classtype:trojan-activity; sid:37326851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 41.63.0.127 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.63.0.127"; classtype:trojan-activity; sid:37326861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 206.189.18.227 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.18.227"; classtype:trojan-activity; sid:37326871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.81.195 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.81.195"; classtype:trojan-activity; sid:37326881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.108.38 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.108.38"; classtype:trojan-activity; sid:37326891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.242.51.134 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.51.134"; classtype:trojan-activity; sid:37326901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.48.2.117 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.2.117"; classtype:trojan-activity; sid:37326911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.53.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.53.144"; classtype:trojan-activity; sid:37326921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.198.13.16 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.13.16"; classtype:trojan-activity; sid:37326931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.76.169.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.76.169.182"; classtype:trojan-activity; sid:37326941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.245.61.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.245.61.114"; classtype:trojan-activity; sid:37326951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.50.158 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.50.158"; classtype:trojan-activity; sid:37326961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 39.109.113.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.109.113.199"; classtype:trojan-activity; sid:37326971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.226.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.226.224"; classtype:trojan-activity; sid:37326981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 112.167.155.41 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.167.155.41"; classtype:trojan-activity; sid:37326991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.231.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.231.224"; classtype:trojan-activity; sid:37327001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.63.203 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.63.203"; classtype:trojan-activity; sid:37327011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.158.35.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.35.76"; classtype:trojan-activity; sid:37327021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.44.201.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.44.201.17"; classtype:trojan-activity; sid:37327031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.109.13 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.109.13"; classtype:trojan-activity; sid:37327041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.63.160.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.63.160.31"; classtype:trojan-activity; sid:37327051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.246.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.246.112"; classtype:trojan-activity; sid:37327061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.232.38.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.38.77"; classtype:trojan-activity; sid:37327071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.16.56.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.16.56.3"; classtype:trojan-activity; sid:37327081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.125.241 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.125.241"; classtype:trojan-activity; sid:37327091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.173.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.173.92"; classtype:trojan-activity; sid:37327101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 179.104.70.159 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.104.70.159"; classtype:trojan-activity; sid:37327111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 163.197.212.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.197.212.88"; classtype:trojan-activity; sid:37327121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.227.190.166 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.227.190.166"; classtype:trojan-activity; sid:37327131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 200.174.198.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.174.198.170"; classtype:trojan-activity; sid:37327141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.13.79 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.13.79"; classtype:trojan-activity; sid:37327151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 220.179.198.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.179.198.25"; classtype:trojan-activity; sid:37327161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.178.200.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.178.200.48"; classtype:trojan-activity; sid:37327171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.80.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.80.96"; classtype:trojan-activity; sid:37327181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 74.48.30.70 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.30.70"; classtype:trojan-activity; sid:37327191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.41.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.41.36"; classtype:trojan-activity; sid:37327201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.81.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.81.92"; classtype:trojan-activity; sid:37327211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.224.55.220 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.224.55.220"; classtype:trojan-activity; sid:37327221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 158.220.109.143 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.220.109.143"; classtype:trojan-activity; sid:37327231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.147.242.116 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.147.242.116"; classtype:trojan-activity; sid:37327241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.12.65.156 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.12.65.156"; classtype:trojan-activity; sid:37327251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.216.158 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.216.158"; classtype:trojan-activity; sid:37327261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 155.4.68.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 155.4.68.48"; classtype:trojan-activity; sid:37327271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.169.46 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.169.46"; classtype:trojan-activity; sid:37327281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.51.68.89 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.68.89"; classtype:trojan-activity; sid:37327291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.219.232 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.219.232"; classtype:trojan-activity; sid:37327301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.100.210.163 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.100.210.163"; classtype:trojan-activity; sid:37327311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.148.203 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.148.203"; classtype:trojan-activity; sid:37327321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.47.41.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.47.41.254"; classtype:trojan-activity; sid:37327331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.150.54 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.150.54"; classtype:trojan-activity; sid:37327341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 64.227.136.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.136.11"; classtype:trojan-activity; sid:37327351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 94.179.107.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.179.107.98"; classtype:trojan-activity; sid:37327361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.248.25.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.25.154"; classtype:trojan-activity; sid:37327371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.77.49 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.77.49"; classtype:trojan-activity; sid:37327381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.23.72.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.23.72.191"; classtype:trojan-activity; sid:37327391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.150.7.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.150.7.34"; classtype:trojan-activity; sid:37327401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 179.43.159.194 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.43.159.194"; classtype:trojan-activity; sid:37327411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.16.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.16.114"; classtype:trojan-activity; sid:37327421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.214.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.214.86"; classtype:trojan-activity; sid:37327431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.224.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.224.136"; classtype:trojan-activity; sid:37327441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 37.228.129.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.228.129.24"; classtype:trojan-activity; sid:37327451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.146.232.234 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.146.232.234"; classtype:trojan-activity; sid:37327461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.158.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.158.88"; classtype:trojan-activity; sid:37327471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 42.192.119.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.119.148"; classtype:trojan-activity; sid:37327481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.238.249.171 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.238.249.171"; classtype:trojan-activity; sid:37327491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.140.90.130 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.140.90.130"; classtype:trojan-activity; sid:37327501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.218.171 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.218.171"; classtype:trojan-activity; sid:37327511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 67.203.192.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 67.203.192.24"; classtype:trojan-activity; sid:37327521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.231.0.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.231.0.115"; classtype:trojan-activity; sid:37327531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.225.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.225.90"; classtype:trojan-activity; sid:37327541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 197.157.17.151 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.157.17.151"; classtype:trojan-activity; sid:37327551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.9.227.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.9.227.32"; classtype:trojan-activity; sid:37327561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.104.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.104.218"; classtype:trojan-activity; sid:37327571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.26.94 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.26.94"; classtype:trojan-activity; sid:37327581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.173.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.173.31"; classtype:trojan-activity; sid:37327591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.75.179.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.179.86"; classtype:trojan-activity; sid:37327601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.160.37.139 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.160.37.139"; classtype:trojan-activity; sid:37327611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.18.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.18.88"; classtype:trojan-activity; sid:37327621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.48.60.50 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.48.60.50"; classtype:trojan-activity; sid:37327631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.139.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.139.34"; classtype:trojan-activity; sid:37327641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.38.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.38.60"; classtype:trojan-activity; sid:37327651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.128.241.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.128.241.2"; classtype:trojan-activity; sid:37327661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.32.18 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.32.18"; classtype:trojan-activity; sid:37327671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 52.131.228.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.131.228.222"; classtype:trojan-activity; sid:37327681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.198.13.13 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.13.13"; classtype:trojan-activity; sid:37327691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.13.5.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.13.5.77"; classtype:trojan-activity; sid:37327701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 222.96.14.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.96.14.76"; classtype:trojan-activity; sid:37327711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.136.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.136.155"; classtype:trojan-activity; sid:37327721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.159.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.159.72"; classtype:trojan-activity; sid:37327731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.237.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.237.12"; classtype:trojan-activity; sid:37327741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.89.162.214 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.89.162.214"; classtype:trojan-activity; sid:37327751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.228.28 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.228.28"; classtype:trojan-activity; sid:37327761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 35.247.104.225 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.247.104.225"; classtype:trojan-activity; sid:37327771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.226.241 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.226.241"; classtype:trojan-activity; sid:37327781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.143.143.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.143.52"; classtype:trojan-activity; sid:37327791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.57.127 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.57.127"; classtype:trojan-activity; sid:37327801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 209.14.70.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.14.70.120"; classtype:trojan-activity; sid:37327811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.55.49 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.55.49"; classtype:trojan-activity; sid:37327821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.198.190.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.198.190.131"; classtype:trojan-activity; sid:37327831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 183.15.121.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.15.121.193"; classtype:trojan-activity; sid:37327841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.184.199.14 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.184.199.14"; classtype:trojan-activity; sid:37327851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.165.37 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.165.37"; classtype:trojan-activity; sid:37327861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.199.102 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.199.102"; classtype:trojan-activity; sid:37327871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.155.80.244 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.155.80.244"; classtype:trojan-activity; sid:37327881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.233.97 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.233.97"; classtype:trojan-activity; sid:37327891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.16.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.16.114"; classtype:trojan-activity; sid:37327901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.12.90.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.12.90.104"; classtype:trojan-activity; sid:37327911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.242.150 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.242.150"; classtype:trojan-activity; sid:37327921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.132.125.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.125.202"; classtype:trojan-activity; sid:37327931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.82.137.16 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.82.137.16"; classtype:trojan-activity; sid:37327941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.172.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.172.92"; classtype:trojan-activity; sid:37327951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.245.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.245.206"; classtype:trojan-activity; sid:37327961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.46.101 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.46.101"; classtype:trojan-activity; sid:37327971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.55.237.61 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.237.61"; classtype:trojan-activity; sid:37327981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.26.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.26.40"; classtype:trojan-activity; sid:37327991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.105.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.105.247"; classtype:trojan-activity; sid:37328001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.234.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.234.215"; classtype:trojan-activity; sid:37328011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.124.145 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.124.145"; classtype:trojan-activity; sid:37328021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.88.235.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.88.235.247"; classtype:trojan-activity; sid:37328031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.250.49.139 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.139"; classtype:trojan-activity; sid:37328041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.233.211.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.233.211.17"; classtype:trojan-activity; sid:37328051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.238.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.238.224"; classtype:trojan-activity; sid:37328061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.59.70.113 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.70.113"; classtype:trojan-activity; sid:37328071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.132.150 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.132.150"; classtype:trojan-activity; sid:37328081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.141.153.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.141.153.170"; classtype:trojan-activity; sid:37328091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.22.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.22.168"; classtype:trojan-activity; sid:37328101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.39.100 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.39.100"; classtype:trojan-activity; sid:37328111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 172.245.60.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.245.60.121"; classtype:trojan-activity; sid:37328121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.190.103.194 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.103.194"; classtype:trojan-activity; sid:37328131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.219.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.219.135"; classtype:trojan-activity; sid:37328141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 60.178.168.119 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.178.168.119"; classtype:trojan-activity; sid:37328151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.193.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.193.192"; classtype:trojan-activity; sid:37328161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.11.13 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.11.13"; classtype:trojan-activity; sid:37328171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 179.60.147.118 any -> $HOME_NET any (msg: "MISP e26534 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.60.147.118"; classtype:trojan-activity; sid:37466011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26534;) alert ip 14.225.198.63 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.225.198.63"; classtype:trojan-activity; sid:37328181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.191.71 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.191.71"; classtype:trojan-activity; sid:37328191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.244.134.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.244.134.31"; classtype:trojan-activity; sid:37328201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.32.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.32.60"; classtype:trojan-activity; sid:37328211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 144.217.89.216 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.217.89.216"; classtype:trojan-activity; sid:37328221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 142.93.221.250 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.221.250"; classtype:trojan-activity; sid:37328231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.153.20 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.153.20"; classtype:trojan-activity; sid:37328241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.25.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.25.52"; classtype:trojan-activity; sid:37328251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.216.116.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.216.116.44"; classtype:trojan-activity; sid:37328261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.224.115.232 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.224.115.232"; classtype:trojan-activity; sid:37328271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.203.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.203.236"; classtype:trojan-activity; sid:37328281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.196.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.196.202"; classtype:trojan-activity; sid:37328291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 85.234.139.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.234.139.11"; classtype:trojan-activity; sid:37328301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 221.120.38.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.120.38.98"; classtype:trojan-activity; sid:37328311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.147.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.147.126"; classtype:trojan-activity; sid:37328321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.34.105 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.34.105"; classtype:trojan-activity; sid:37328331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.197.129.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.197.129.199"; classtype:trojan-activity; sid:37328341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 203.223.174.91 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.223.174.91"; classtype:trojan-activity; sid:37328351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.117.240.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.117.240.62"; classtype:trojan-activity; sid:37328361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.218.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.218.231"; classtype:trojan-activity; sid:37328371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.9.8 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.9.8"; classtype:trojan-activity; sid:37328381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.204.115 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.204.115"; classtype:trojan-activity; sid:37328391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.252.204 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.252.204"; classtype:trojan-activity; sid:37328401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.114.130.78 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.130.78"; classtype:trojan-activity; sid:37328411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.188.180 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.188.180"; classtype:trojan-activity; sid:37328421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.168.153 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.168.153"; classtype:trojan-activity; sid:37328431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.143.177.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.177.236"; classtype:trojan-activity; sid:37328441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 35.229.111.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.229.111.120"; classtype:trojan-activity; sid:37328451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.177.51 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.177.51"; classtype:trojan-activity; sid:37328461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.81.164 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.81.164"; classtype:trojan-activity; sid:37328471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.213.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.213.75"; classtype:trojan-activity; sid:37328481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.182.17.232 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.182.17.232"; classtype:trojan-activity; sid:37328491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.133.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.133.172"; classtype:trojan-activity; sid:37328501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 211.51.96.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.51.96.76"; classtype:trojan-activity; sid:37328511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.22.193.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.193.40"; classtype:trojan-activity; sid:37328521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 42.192.6.197 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.6.197"; classtype:trojan-activity; sid:37328531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.46.49 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.46.49"; classtype:trojan-activity; sid:37328541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 207.231.108.33 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.231.108.33"; classtype:trojan-activity; sid:37328551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.89.66 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.89.66"; classtype:trojan-activity; sid:37328561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.116.127 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.116.127"; classtype:trojan-activity; sid:37328571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.108.253 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.108.253"; classtype:trojan-activity; sid:37328581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.75.159 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.75.159"; classtype:trojan-activity; sid:37328591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 91.134.253.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.134.253.23"; classtype:trojan-activity; sid:37328601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.156.34.229 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.34.229"; classtype:trojan-activity; sid:37328611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.136.35.30 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.35.30"; classtype:trojan-activity; sid:37328621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 37.152.183.13 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.152.183.13"; classtype:trojan-activity; sid:37328631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.54.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.54.174"; classtype:trojan-activity; sid:37328641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.172.19 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.172.19"; classtype:trojan-activity; sid:37328651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.40.188.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.188.144"; classtype:trojan-activity; sid:37328661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.102.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.102.98"; classtype:trojan-activity; sid:37328671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.234.69 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.234.69"; classtype:trojan-activity; sid:37328681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.213.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.213.47"; classtype:trojan-activity; sid:37328691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.186.196 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.186.196"; classtype:trojan-activity; sid:37328701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 87.236.208.147 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.208.147"; classtype:trojan-activity; sid:37328711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 158.51.99.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.51.99.165"; classtype:trojan-activity; sid:37328721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.72.167 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.72.167"; classtype:trojan-activity; sid:37328731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.33.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.33.136"; classtype:trojan-activity; sid:37328741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.39.125 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.39.125"; classtype:trojan-activity; sid:37328751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.56.242.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.56.242.57"; classtype:trojan-activity; sid:37328761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.254.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.254.10"; classtype:trojan-activity; sid:37328771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.143.143.163 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.143.163"; classtype:trojan-activity; sid:37328781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 137.184.38.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.38.60"; classtype:trojan-activity; sid:37328791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.167.180.164 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.167.180.164"; classtype:trojan-activity; sid:37328801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 221.120.38.213 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.120.38.213"; classtype:trojan-activity; sid:37328811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.84.236.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.84.236.222"; classtype:trojan-activity; sid:37328821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.113.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.113.165"; classtype:trojan-activity; sid:37328831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.144.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.144.4"; classtype:trojan-activity; sid:37328841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert dns any any -> any any (msg: "MISP e26441 [] Domain consumos-banestado.pages.dev"; dns.query; content:"consumos-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37296281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26441;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26441 [] Outgoing HTTP Domain consumos-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consumos-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37296282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26441;) alert ip 45.207.61.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.207.61.73"; classtype:trojan-activity; sid:37328851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.234.139.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.139.98"; classtype:trojan-activity; sid:37328861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.178.235.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.178.235.43"; classtype:trojan-activity; sid:37328871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.138.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.138.12"; classtype:trojan-activity; sid:37328881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 178.128.112.8 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.112.8"; classtype:trojan-activity; sid:37328891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.91.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.91.84"; classtype:trojan-activity; sid:37328901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert dns any any -> any any (msg: "MISP e26673 [] Domain saturnexa.com"; dns.query; content:"saturnexa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])saturnexa\.com$/i"; classtype:trojan-activity; sid:37499151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26673 [] Outgoing HTTP Domain saturnexa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saturnexa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saturnexa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37499152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26673;) alert ip 43.133.46.36 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.46.36"; classtype:trojan-activity; sid:37328911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.126.33 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.126.33"; classtype:trojan-activity; sid:37328921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.186.176 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.186.176"; classtype:trojan-activity; sid:37328931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.29.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.29.75"; classtype:trojan-activity; sid:37328941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.207.8.194 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.207.8.194"; classtype:trojan-activity; sid:37328951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.244.184.15 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.244.184.15"; classtype:trojan-activity; sid:37328961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.145.70 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.145.70"; classtype:trojan-activity; sid:37328971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.250.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.250.5"; classtype:trojan-activity; sid:37328981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.116.44.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.116.44.120"; classtype:trojan-activity; sid:37328991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 115.23.23.89 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.23.23.89"; classtype:trojan-activity; sid:37329001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.218.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.218.90"; classtype:trojan-activity; sid:37329011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.107.249 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.107.249"; classtype:trojan-activity; sid:37329021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.254.39 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.254.39"; classtype:trojan-activity; sid:37329031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.62.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.62.192"; classtype:trojan-activity; sid:37329041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.177.119 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.177.119"; classtype:trojan-activity; sid:37329051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.203.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.203.193"; classtype:trojan-activity; sid:37329061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.236.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.236.47"; classtype:trojan-activity; sid:37329071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 193.151.149.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.149.172"; classtype:trojan-activity; sid:37329081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 89.163.151.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.163.151.189"; classtype:trojan-activity; sid:37329091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.196.86.51 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.196.86.51"; classtype:trojan-activity; sid:37329101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.29.209.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.209.183"; classtype:trojan-activity; sid:37329111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 12.29.193.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 12.29.193.114"; classtype:trojan-activity; sid:37329121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.181.15.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.181.15.3"; classtype:trojan-activity; sid:37329131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.159.225 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.159.225"; classtype:trojan-activity; sid:37329141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 27.71.26.60 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.71.26.60"; classtype:trojan-activity; sid:37329151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.190.254.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.254.48"; classtype:trojan-activity; sid:37329161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.181.251 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.181.251"; classtype:trojan-activity; sid:37329171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.204.65 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.204.65"; classtype:trojan-activity; sid:37329181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.134.96.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.134.96.76"; classtype:trojan-activity; sid:37329191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 47.120.36.83 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.120.36.83"; classtype:trojan-activity; sid:37329201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.223.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.223.152"; classtype:trojan-activity; sid:37329211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 188.166.211.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.211.7"; classtype:trojan-activity; sid:37329221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.209.117 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.209.117"; classtype:trojan-activity; sid:37329231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.83.100 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.83.100"; classtype:trojan-activity; sid:37329241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.226.102 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.226.102"; classtype:trojan-activity; sid:37329251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.32.167.195 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.167.195"; classtype:trojan-activity; sid:37329261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.9.250.122 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.9.250.122"; classtype:trojan-activity; sid:37329271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.15.68.208 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.15.68.208"; classtype:trojan-activity; sid:37329281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 13.250.89.237 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.250.89.237"; classtype:trojan-activity; sid:37329291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.55.130 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.55.130"; classtype:trojan-activity; sid:37329301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 77.239.235.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.239.235.5"; classtype:trojan-activity; sid:37329311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.174.208 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.174.208"; classtype:trojan-activity; sid:37329321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.229.246 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.229.246"; classtype:trojan-activity; sid:37329331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.232.44.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.44.23"; classtype:trojan-activity; sid:37329341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.132.252.51 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.252.51"; classtype:trojan-activity; sid:37329351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.72.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.72.192"; classtype:trojan-activity; sid:37329361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 113.141.94.171 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.141.94.171"; classtype:trojan-activity; sid:37329371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.58.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.58.10"; classtype:trojan-activity; sid:37329381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.20.46.33 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.20.46.33"; classtype:trojan-activity; sid:37329391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.186.180 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.186.180"; classtype:trojan-activity; sid:37329401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 85.234.116.19 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.234.116.19"; classtype:trojan-activity; sid:37329411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.210.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.210.230"; classtype:trojan-activity; sid:37329421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 156.236.71.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.71.21"; classtype:trojan-activity; sid:37329431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.111.14.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.111.14.81"; classtype:trojan-activity; sid:37329441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.175.37.163 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.175.37.163"; classtype:trojan-activity; sid:37329451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.57.135.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.57.135.231"; classtype:trojan-activity; sid:37329461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.195.251 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.195.251"; classtype:trojan-activity; sid:37329471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.211.126.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.211.126.230"; classtype:trojan-activity; sid:37329481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.193.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.193.3"; classtype:trojan-activity; sid:37329491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.117.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.117.210"; classtype:trojan-activity; sid:37329501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 188.126.89.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.126.89.85"; classtype:trojan-activity; sid:37329511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.227.2.252 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.2.252"; classtype:trojan-activity; sid:37329521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.254.209.69 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.254.209.69"; classtype:trojan-activity; sid:37329531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.150.5.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.150.5.135"; classtype:trojan-activity; sid:37329541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.133.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.133.157"; classtype:trojan-activity; sid:37329551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.169.70 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.169.70"; classtype:trojan-activity; sid:37329561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.238.90.66 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.238.90.66"; classtype:trojan-activity; sid:37329571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.135.182.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.182.231"; classtype:trojan-activity; sid:37329581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 177.92.1.238 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.92.1.238"; classtype:trojan-activity; sid:37329591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.55.72.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.55.72.112"; classtype:trojan-activity; sid:37329601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.64.90.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.64.90.34"; classtype:trojan-activity; sid:37329611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.77.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.77.248"; classtype:trojan-activity; sid:37329621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.187.139 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.187.139"; classtype:trojan-activity; sid:37329631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.240.137.238 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.240.137.238"; classtype:trojan-activity; sid:37329641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 195.154.105.129 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.154.105.129"; classtype:trojan-activity; sid:37329651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 204.44.92.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.44.92.98"; classtype:trojan-activity; sid:37329661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.137.49 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.137.49"; classtype:trojan-activity; sid:37329671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.226.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.226.17"; classtype:trojan-activity; sid:37329681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.229.137.95 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.137.95"; classtype:trojan-activity; sid:37329691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.123.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.123.4"; classtype:trojan-activity; sid:37329701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.172.209.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.172.209.224"; classtype:trojan-activity; sid:37329711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.102.200.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.102.200.21"; classtype:trojan-activity; sid:37329721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.161.75.117 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.161.75.117"; classtype:trojan-activity; sid:37329731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 211.159.172.68 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.159.172.68"; classtype:trojan-activity; sid:37329741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 76.11.100.129 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.11.100.129"; classtype:trojan-activity; sid:37329751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.23.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.23.149"; classtype:trojan-activity; sid:37329761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.149.156.87 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.149.156.87"; classtype:trojan-activity; sid:37329771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.6.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.6.85"; classtype:trojan-activity; sid:37329781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.42.229.185 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.229.185"; classtype:trojan-activity; sid:37329791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.177.228 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.177.228"; classtype:trojan-activity; sid:37329801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.118.148.132 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.118.148.132"; classtype:trojan-activity; sid:37329811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.135.156.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.156.104"; classtype:trojan-activity; sid:37329821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.165.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.165.55"; classtype:trojan-activity; sid:37329831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.72.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.72.146"; classtype:trojan-activity; sid:37329841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.46.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.46.239"; classtype:trojan-activity; sid:37329851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.253.150.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.253.150.254"; classtype:trojan-activity; sid:37329861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.67.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.67.224"; classtype:trojan-activity; sid:37329871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.83.137 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.83.137"; classtype:trojan-activity; sid:37329881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 134.209.43.1 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.43.1"; classtype:trojan-activity; sid:37329891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.206.206.168 any -> $HOME_NET any (msg: "MISP e26481 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.206.206.168"; classtype:trojan-activity; sid:37305231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26481;) alert ip 81.70.82.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.82.75"; classtype:trojan-activity; sid:37329901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 194.163.179.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.163.179.245"; classtype:trojan-activity; sid:37329911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.250.50.97 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.97"; classtype:trojan-activity; sid:37329921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 39.173.95.32 any -> $HOME_NET any (msg: "MISP e26481 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.173.95.32"; classtype:trojan-activity; sid:37305241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26481;) alert ip 162.243.150.39 any -> $HOME_NET any (msg: "MISP e26534 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.150.39"; classtype:trojan-activity; sid:37466021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26534;) alert ip 43.133.255.139 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.255.139"; classtype:trojan-activity; sid:37329931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 164.92.109.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.109.62"; classtype:trojan-activity; sid:37329941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.53.245.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.245.120"; classtype:trojan-activity; sid:37329951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.190.102.53 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.102.53"; classtype:trojan-activity; sid:37329961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.63.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.63.206"; classtype:trojan-activity; sid:37329971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.221.76.125 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.221.76.125"; classtype:trojan-activity; sid:37329981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.232.194.70 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.194.70"; classtype:trojan-activity; sid:37329991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.51.142.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.142.236"; classtype:trojan-activity; sid:37330001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert dns any any -> any any (msg: "MISP e26442 [] Domain consumos-banestado.pages.dev"; dns.query; content:"consumos-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37296401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26442;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26442 [] Outgoing HTTP Domain consumos-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consumos-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37296402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26442;) alert ip 124.221.170.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.170.5"; classtype:trojan-activity; sid:37330011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 42.49.216.35 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.49.216.35"; classtype:trojan-activity; sid:37330021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.60.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.60.82"; classtype:trojan-activity; sid:37330031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.105.252 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.105.252"; classtype:trojan-activity; sid:37330041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.68.109 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.68.109"; classtype:trojan-activity; sid:37330051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 109.95.233.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.95.233.182"; classtype:trojan-activity; sid:37330061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 143.198.13.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.13.25"; classtype:trojan-activity; sid:37330071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.229.10.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.10.52"; classtype:trojan-activity; sid:37330081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.75.179.119 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.179.119"; classtype:trojan-activity; sid:37330091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 31.220.103.184 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.220.103.184"; classtype:trojan-activity; sid:37330101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.206.150 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.206.150"; classtype:trojan-activity; sid:37330111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.109.192.55 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.109.192.55"; classtype:trojan-activity; sid:37330121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.20.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.20.34"; classtype:trojan-activity; sid:37330131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.165.214 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.165.214"; classtype:trojan-activity; sid:37330141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.72.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.72.62"; classtype:trojan-activity; sid:37330151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.123.241 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.123.241"; classtype:trojan-activity; sid:37330161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.57.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.57.75"; classtype:trojan-activity; sid:37330171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.29.215.187 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.215.187"; classtype:trojan-activity; sid:37330181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 31.172.67.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.172.67.136"; classtype:trojan-activity; sid:37330191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 146.190.28.205 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.28.205"; classtype:trojan-activity; sid:37330201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 85.121.170.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.121.170.21"; classtype:trojan-activity; sid:37330211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip $HOME_NET any -> 5.252.176.25 3306 (msg: "MISP e26444 [RedLineStealer] Outgoing To IP: 5.252.176.25|3306"; classtype:trojan-activity; sid:37299831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26444;) alert ip 124.156.203.80 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.203.80"; classtype:trojan-activity; sid:37330221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip $HOME_NET any -> 5.252.176.25 3306 (msg: "MISP e26672 [RedLineStealer] Outgoing To IP: 5.252.176.25|3306"; classtype:trojan-activity; sid:37494071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip 190.181.25.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.181.25.210"; classtype:trojan-activity; sid:37330231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.196.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.196.7"; classtype:trojan-activity; sid:37330241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.167.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.167.126"; classtype:trojan-activity; sid:37330251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.32.219.175 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.219.175"; classtype:trojan-activity; sid:37330261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.120.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.120.170"; classtype:trojan-activity; sid:37330271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 70.114.117.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 70.114.117.81"; classtype:trojan-activity; sid:37330281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 37.187.122.163 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.187.122.163"; classtype:trojan-activity; sid:37330291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.182.143 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.182.143"; classtype:trojan-activity; sid:37330301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.90.130 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.90.130"; classtype:trojan-activity; sid:37330311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.78.208 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.78.208"; classtype:trojan-activity; sid:37330321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.251.96.153 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.251.96.153"; classtype:trojan-activity; sid:37330331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.23.114 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.23.114"; classtype:trojan-activity; sid:37330341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.244.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.244.4"; classtype:trojan-activity; sid:37330351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.62.160.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.62.160.247"; classtype:trojan-activity; sid:37330361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 114.207.58.167 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.207.58.167"; classtype:trojan-activity; sid:37330371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.176.253 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.176.253"; classtype:trojan-activity; sid:37330381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.55.75.8 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.55.75.8"; classtype:trojan-activity; sid:37330391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.13.213.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.213.186"; classtype:trojan-activity; sid:37330401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.169.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.169.223"; classtype:trojan-activity; sid:37330411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.250.49.205 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.205"; classtype:trojan-activity; sid:37330421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 79.175.189.38 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.175.189.38"; classtype:trojan-activity; sid:37330431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.27.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.27.141"; classtype:trojan-activity; sid:37330441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.180.79.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.180.79.152"; classtype:trojan-activity; sid:37330451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.54.41 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.54.41"; classtype:trojan-activity; sid:37330461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.232.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.232.90"; classtype:trojan-activity; sid:37330471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.54.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.54.210"; classtype:trojan-activity; sid:37330481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 41.59.86.232 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.59.86.232"; classtype:trojan-activity; sid:37330491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 5.135.90.165 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.135.90.165"; classtype:trojan-activity; sid:37330501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 171.111.192.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.111.192.157"; classtype:trojan-activity; sid:37330511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 89.185.84.49 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.185.84.49"; classtype:trojan-activity; sid:37330521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.43.72.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.43.72.170"; classtype:trojan-activity; sid:37330531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.14.226.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.226.190"; classtype:trojan-activity; sid:37330541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.117.42.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.42.10"; classtype:trojan-activity; sid:37330551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.160.37.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.160.37.146"; classtype:trojan-activity; sid:37330561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.165.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.165.32"; classtype:trojan-activity; sid:37330571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.84.19 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.84.19"; classtype:trojan-activity; sid:37330581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.67.176 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.67.176"; classtype:trojan-activity; sid:37330591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.130.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.130.215"; classtype:trojan-activity; sid:37330601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.16.78 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.16.78"; classtype:trojan-activity; sid:37330611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.105.167 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.105.167"; classtype:trojan-activity; sid:37330621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.92.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.92.236"; classtype:trojan-activity; sid:37330631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.253.162.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.253.162.254"; classtype:trojan-activity; sid:37330641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.186.16.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.186.16.152"; classtype:trojan-activity; sid:37330651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.135.71.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.71.72"; classtype:trojan-activity; sid:37330661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.59.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.59.112"; classtype:trojan-activity; sid:37330671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.154.3.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.154.3.142"; classtype:trojan-activity; sid:37330681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.82.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.82.7"; classtype:trojan-activity; sid:37330691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.100.150.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.100.150.90"; classtype:trojan-activity; sid:37330701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.210.250.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.210.250.73"; classtype:trojan-activity; sid:37330711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.95.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.95.77"; classtype:trojan-activity; sid:37330721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.127.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.127.178"; classtype:trojan-activity; sid:37330731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.158.54.252 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.54.252"; classtype:trojan-activity; sid:37330741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.181.118 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.181.118"; classtype:trojan-activity; sid:37330751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 202.70.65.229 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.70.65.229"; classtype:trojan-activity; sid:37330761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.73.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.73.126"; classtype:trojan-activity; sid:37330771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.99.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.99.142"; classtype:trojan-activity; sid:37330781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.186.196 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.186.196"; classtype:trojan-activity; sid:37330791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.150.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.150.17"; classtype:trojan-activity; sid:37330801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.177.254 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.177.254"; classtype:trojan-activity; sid:37330811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 137.63.148.154 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.63.148.154"; classtype:trojan-activity; sid:37330821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.115.9 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.115.9"; classtype:trojan-activity; sid:37330831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.229.115.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.115.2"; classtype:trojan-activity; sid:37330841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.97.134 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.97.134"; classtype:trojan-activity; sid:37330851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.93.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.93.85"; classtype:trojan-activity; sid:37330861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.245.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.245.90"; classtype:trojan-activity; sid:37330871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 92.38.78.17 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.38.78.17"; classtype:trojan-activity; sid:37330881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.232.161.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.161.223"; classtype:trojan-activity; sid:37330891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.193.240.226 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.193.240.226"; classtype:trojan-activity; sid:37330901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.97.240.161 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.97.240.161"; classtype:trojan-activity; sid:37330911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.228.1.156 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.228.1.156"; classtype:trojan-activity; sid:37330921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 104.218.120.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.218.120.142"; classtype:trojan-activity; sid:37330931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.209.229 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.209.229"; classtype:trojan-activity; sid:37330941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.140.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.140.136"; classtype:trojan-activity; sid:37330951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.65.189.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.189.22"; classtype:trojan-activity; sid:37330961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 78.155.202.10 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.155.202.10"; classtype:trojan-activity; sid:37330971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 110.41.127.82 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.41.127.82"; classtype:trojan-activity; sid:37330981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.229.103 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.229.103"; classtype:trojan-activity; sid:37330991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.211.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.211.148"; classtype:trojan-activity; sid:37331001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.241.167 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.241.167"; classtype:trojan-activity; sid:37331011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.131.113 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.131.113"; classtype:trojan-activity; sid:37331021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.142.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.142.126"; classtype:trojan-activity; sid:37331031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.99.43.223 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.43.223"; classtype:trojan-activity; sid:37331041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.13.95.136 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.13.95.136"; classtype:trojan-activity; sid:37331051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.139.83 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.139.83"; classtype:trojan-activity; sid:37331061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.129.152.144 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.129.152.144"; classtype:trojan-activity; sid:37331071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.25.111 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.25.111"; classtype:trojan-activity; sid:37331081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 187.114.13.179 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.114.13.179"; classtype:trojan-activity; sid:37331091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.200.61 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.200.61"; classtype:trojan-activity; sid:37331101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 92.222.180.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.222.180.245"; classtype:trojan-activity; sid:37331111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.227.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.227.86"; classtype:trojan-activity; sid:37331121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.232.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.232.192"; classtype:trojan-activity; sid:37331131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 204.44.88.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.44.88.245"; classtype:trojan-activity; sid:37331141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 90.188.251.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.188.251.32"; classtype:trojan-activity; sid:37331151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.150.190 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.150.190"; classtype:trojan-activity; sid:37331161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.118.97 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.118.97"; classtype:trojan-activity; sid:37331171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.55.99.151 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.99.151"; classtype:trojan-activity; sid:37331181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.143.184.179 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.143.184.179"; classtype:trojan-activity; sid:37331191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.229.190.64 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.190.64"; classtype:trojan-activity; sid:37331201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.119.226 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.119.226"; classtype:trojan-activity; sid:37331211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 201.249.87.201 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.249.87.201"; classtype:trojan-activity; sid:37331221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.70.158.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.158.178"; classtype:trojan-activity; sid:37331231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.116.196.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.116.196.31"; classtype:trojan-activity; sid:37331241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.203.128 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.203.128"; classtype:trojan-activity; sid:37331251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.183.145 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.183.145"; classtype:trojan-activity; sid:37331261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 37.27.10.62 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.27.10.62"; classtype:trojan-activity; sid:37331271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 109.123.234.146 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.123.234.146"; classtype:trojan-activity; sid:37331281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 186.16.41.158 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.16.41.158"; classtype:trojan-activity; sid:37331291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 93.121.177.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.121.177.72"; classtype:trojan-activity; sid:37331301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.44.160 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.44.160"; classtype:trojan-activity; sid:37331311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.253.156.173 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.253.156.173"; classtype:trojan-activity; sid:37331321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 223.240.93.54 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.240.93.54"; classtype:trojan-activity; sid:37331331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.211.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.211.92"; classtype:trojan-activity; sid:37331341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 183.82.100.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.82.100.141"; classtype:trojan-activity; sid:37331351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.240.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.240.230"; classtype:trojan-activity; sid:37331361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.244.167 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.244.167"; classtype:trojan-activity; sid:37331371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.208.148 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.208.148"; classtype:trojan-activity; sid:37331381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.93.23.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.93.23.178"; classtype:trojan-activity; sid:37331391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.235.212 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.235.212"; classtype:trojan-activity; sid:37331401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.51.43.99 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.43.99"; classtype:trojan-activity; sid:37331411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 140.143.143.246 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.143.143.246"; classtype:trojan-activity; sid:37331421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.108.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.108.174"; classtype:trojan-activity; sid:37331431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.235.160.65 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.235.160.65"; classtype:trojan-activity; sid:37331441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 41.222.234.59 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.222.234.59"; classtype:trojan-activity; sid:37331451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 8.217.77.179 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.217.77.179"; classtype:trojan-activity; sid:37331461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.232.71 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.232.71"; classtype:trojan-activity; sid:37331471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.221.237.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.237.2"; classtype:trojan-activity; sid:37331481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.32.115.197 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.115.197"; classtype:trojan-activity; sid:37331491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.0.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.0.199"; classtype:trojan-activity; sid:37331501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.156.219.199 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.156.219.199"; classtype:trojan-activity; sid:37331511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 194.195.254.228 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.195.254.228"; classtype:trojan-activity; sid:37331521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.53.210.145 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.210.145"; classtype:trojan-activity; sid:37331531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 37.75.12.42 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.75.12.42"; classtype:trojan-activity; sid:37331541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.22.216 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.22.216"; classtype:trojan-activity; sid:37331551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.108.119.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.108.119.172"; classtype:trojan-activity; sid:37331561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 142.93.211.16 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.211.16"; classtype:trojan-activity; sid:37331571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.194.172.169 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.194.172.169"; classtype:trojan-activity; sid:37331581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.220.212 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.220.212"; classtype:trojan-activity; sid:37331591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 144.22.133.244 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.22.133.244"; classtype:trojan-activity; sid:37331601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.96.168.33 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.168.33"; classtype:trojan-activity; sid:37331611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 176.118.167.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.118.167.141"; classtype:trojan-activity; sid:37331621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.157.96.179 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.157.96.179"; classtype:trojan-activity; sid:37331631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.13.111.109 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.13.111.109"; classtype:trojan-activity; sid:37331641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 60.173.239.156 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.173.239.156"; classtype:trojan-activity; sid:37331651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 66.128.42.23 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.128.42.23"; classtype:trojan-activity; sid:37331661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.152.76 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.152.76"; classtype:trojan-activity; sid:37331671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.166.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.166.52"; classtype:trojan-activity; sid:37331681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.18.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.18.191"; classtype:trojan-activity; sid:37331691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.105.220.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.105.220.2"; classtype:trojan-activity; sid:37331701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.225.151 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.225.151"; classtype:trojan-activity; sid:37331711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.183.213 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.183.213"; classtype:trojan-activity; sid:37331721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.53.243.122 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.243.122"; classtype:trojan-activity; sid:37331731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 89.148.51.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.148.51.206"; classtype:trojan-activity; sid:37331741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.33.125 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.33.125"; classtype:trojan-activity; sid:37331751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 20.205.184.175 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.205.184.175"; classtype:trojan-activity; sid:37331761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.11.180 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.11.180"; classtype:trojan-activity; sid:37331771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.43.127.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.127.47"; classtype:trojan-activity; sid:37331781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.25.15.145 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.15.145"; classtype:trojan-activity; sid:37331791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.150.9.164 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.150.9.164"; classtype:trojan-activity; sid:37331801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 121.204.163.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.204.163.81"; classtype:trojan-activity; sid:37331811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 36.112.150.215 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.112.150.215"; classtype:trojan-activity; sid:37331821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.25.193 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.25.193"; classtype:trojan-activity; sid:37331831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 35.246.29.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.246.29.81"; classtype:trojan-activity; sid:37331841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.172.236 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.172.236"; classtype:trojan-activity; sid:37331851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.17.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.17.202"; classtype:trojan-activity; sid:37331861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 210.205.19.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.205.19.121"; classtype:trojan-activity; sid:37331871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 14.198.35.168 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.198.35.168"; classtype:trojan-activity; sid:37331881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.85.108.187 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.85.108.187"; classtype:trojan-activity; sid:37331891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.171.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.171.85"; classtype:trojan-activity; sid:37331901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.145.169 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.145.169"; classtype:trojan-activity; sid:37331911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.53.103 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.53.103"; classtype:trojan-activity; sid:37331921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 209.141.41.166 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.141.41.166"; classtype:trojan-activity; sid:37331931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.52.170.212 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.52.170.212"; classtype:trojan-activity; sid:37331941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.136.214.170 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.214.170"; classtype:trojan-activity; sid:37331951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.38.60.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.38.60.4"; classtype:trojan-activity; sid:37331961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.150.4.83 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.150.4.83"; classtype:trojan-activity; sid:37331971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.206.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.230"; classtype:trojan-activity; sid:37331981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.208.196 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.208.196"; classtype:trojan-activity; sid:37331991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.64.149.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.149.31"; classtype:trojan-activity; sid:37332001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.35.168.108 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.168.108"; classtype:trojan-activity; sid:37332011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.161.232 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.161.232"; classtype:trojan-activity; sid:37332021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.147.125 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.147.125"; classtype:trojan-activity; sid:37463821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.247.189 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.247.189"; classtype:trojan-activity; sid:37463831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 41.59.100.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.59.100.34"; classtype:trojan-activity; sid:37463841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.211.94 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.211.94"; classtype:trojan-activity; sid:37463851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.197.66 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.197.66"; classtype:trojan-activity; sid:37463861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.164.13.195 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.164.13.195"; classtype:trojan-activity; sid:37463871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 183.31.67.197 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.31.67.197"; classtype:trojan-activity; sid:37463881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 78.100.236.86 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.100.236.86"; classtype:trojan-activity; sid:37463891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.176.42 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.176.42"; classtype:trojan-activity; sid:37463901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.32.118 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.32.118"; classtype:trojan-activity; sid:37463911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.157.177.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.177.131"; classtype:trojan-activity; sid:37463921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.173.146.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.146.239"; classtype:trojan-activity; sid:37463931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 190.116.6.156 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.116.6.156"; classtype:trojan-activity; sid:37463941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.28.105.172 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.105.172"; classtype:trojan-activity; sid:37463951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.176.168.66 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.176.168.66"; classtype:trojan-activity; sid:37463961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.115.98 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.115.98"; classtype:trojan-activity; sid:37463971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.242.88 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.242.88"; classtype:trojan-activity; sid:37463981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.145.252 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.145.252"; classtype:trojan-activity; sid:37463991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 223.26.75.126 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.26.75.126"; classtype:trojan-activity; sid:37464001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 92.87.22.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.87.22.210"; classtype:trojan-activity; sid:37464011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 68.183.86.139 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.86.139"; classtype:trojan-activity; sid:37464021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.227.155.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.227.155.104"; classtype:trojan-activity; sid:37464031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.29.38 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.29.38"; classtype:trojan-activity; sid:37464041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.38.76.251 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.38.76.251"; classtype:trojan-activity; sid:37464051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.157.15.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.15.152"; classtype:trojan-activity; sid:37464061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.104.65 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.104.65"; classtype:trojan-activity; sid:37464071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.132.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.132.231"; classtype:trojan-activity; sid:37464081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.254.162.162 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.254.162.162"; classtype:trojan-activity; sid:37464091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 106.75.229.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.229.174"; classtype:trojan-activity; sid:37464101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.210.156 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.210.156"; classtype:trojan-activity; sid:37464111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.32.108.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.108.31"; classtype:trojan-activity; sid:37464121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 183.196.180.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.196.180.84"; classtype:trojan-activity; sid:37464131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.248.133 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.248.133"; classtype:trojan-activity; sid:37464141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.172.196.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.196.3"; classtype:trojan-activity; sid:37464151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.166.245 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.166.245"; classtype:trojan-activity; sid:37464161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.25.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.25.47"; classtype:trojan-activity; sid:37464171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.117.204.123 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.204.123"; classtype:trojan-activity; sid:37464181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.38.83 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.38.83"; classtype:trojan-activity; sid:37464191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.36.125.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.36.125.149"; classtype:trojan-activity; sid:37464201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.220.16.61 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.16.61"; classtype:trojan-activity; sid:37464211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 180.149.241.207 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.149.241.207"; classtype:trojan-activity; sid:37464221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 223.76.228.239 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.76.228.239"; classtype:trojan-activity; sid:37464231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.241.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.241.104"; classtype:trojan-activity; sid:37464241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.5.42 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.5.42"; classtype:trojan-activity; sid:37464251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 95.217.237.9 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.217.237.9"; classtype:trojan-activity; sid:37464261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.29.5 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.29.5"; classtype:trojan-activity; sid:37464271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 147.78.179.134 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.78.179.134"; classtype:trojan-activity; sid:37464281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 1.116.39.41 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.116.39.41"; classtype:trojan-activity; sid:37464291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.243.53.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.243.53.48"; classtype:trojan-activity; sid:37464301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.220.28 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.220.28"; classtype:trojan-activity; sid:37464311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.234.218.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.218.57"; classtype:trojan-activity; sid:37464321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.139.214.42 any -> $HOME_NET any (msg: "MISP e26481 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.139.214.42"; classtype:trojan-activity; sid:37466041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26481;) alert ip 43.153.55.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.55.31"; classtype:trojan-activity; sid:37464331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.133.214 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.133.214"; classtype:trojan-activity; sid:37464341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.161.166.171 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.161.166.171"; classtype:trojan-activity; sid:37464351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 64.227.77.69 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.77.69"; classtype:trojan-activity; sid:37464361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.59.69.194 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.69.194"; classtype:trojan-activity; sid:37464371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 208.65.84.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.65.84.32"; classtype:trojan-activity; sid:37464381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.235.208.218 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.235.208.218"; classtype:trojan-activity; sid:37464391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.51.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.51.31"; classtype:trojan-activity; sid:37464401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.240.208 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.240.208"; classtype:trojan-activity; sid:37464411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.45.15.217 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.15.217"; classtype:trojan-activity; sid:37464421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.154.21 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.154.21"; classtype:trojan-activity; sid:37464431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 182.151.37.230 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.151.37.230"; classtype:trojan-activity; sid:37464441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.193.182 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.193.182"; classtype:trojan-activity; sid:37464451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 81.70.42.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.42.224"; classtype:trojan-activity; sid:37464461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 123.49.33.102 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.49.33.102"; classtype:trojan-activity; sid:37464471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.22.101.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.101.85"; classtype:trojan-activity; sid:37464481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.149.240 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.149.240"; classtype:trojan-activity; sid:37464491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.232.113.85 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.113.85"; classtype:trojan-activity; sid:37464501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 189.244.64.220 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.244.64.220"; classtype:trojan-activity; sid:37464511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 137.184.106.160 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.106.160"; classtype:trojan-activity; sid:37464521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 128.199.226.219 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.226.219"; classtype:trojan-activity; sid:37464531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 45.61.185.11 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.61.185.11"; classtype:trojan-activity; sid:37464541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 162.62.231.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.231.224"; classtype:trojan-activity; sid:37464551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.194.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.194.29"; classtype:trojan-activity; sid:37464561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.233.210 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.233.210"; classtype:trojan-activity; sid:37464571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.182.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.182.44"; classtype:trojan-activity; sid:37464581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.236.233.152 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.236.233.152"; classtype:trojan-activity; sid:37464591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.131.205 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.131.205"; classtype:trojan-activity; sid:37464601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.16.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.16.131"; classtype:trojan-activity; sid:37464611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 170.106.173.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.173.131"; classtype:trojan-activity; sid:37464621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.236.13 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.236.13"; classtype:trojan-activity; sid:37464631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.12.116.68 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.12.116.68"; classtype:trojan-activity; sid:37464641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.241.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.241.206"; classtype:trojan-activity; sid:37464651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.223.41.41 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.41.41"; classtype:trojan-activity; sid:37464661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.28.114.202 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.114.202"; classtype:trojan-activity; sid:37464671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 152.136.42.253 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.42.253"; classtype:trojan-activity; sid:37464681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 167.71.98.243 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.98.243"; classtype:trojan-activity; sid:37464691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.3.250.77 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.3.250.77"; classtype:trojan-activity; sid:37464701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.11.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.11.131"; classtype:trojan-activity; sid:37464711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 102.22.146.178 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.22.146.178"; classtype:trojan-activity; sid:37464721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.129.201 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.129.201"; classtype:trojan-activity; sid:37464731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.247.33.186 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.247.33.186"; classtype:trojan-activity; sid:37464741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.179.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.179.224"; classtype:trojan-activity; sid:37464751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.154.96.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.96.206"; classtype:trojan-activity; sid:37464761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.128.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.128.155"; classtype:trojan-activity; sid:37464771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.195.123 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.195.123"; classtype:trojan-activity; sid:37464781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.176.71 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.176.71"; classtype:trojan-activity; sid:37464791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.231.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.231.57"; classtype:trojan-activity; sid:37464801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.34.131.177 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.34.131.177"; classtype:trojan-activity; sid:37464811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.152.72.200 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.152.72.200"; classtype:trojan-activity; sid:37464821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 210.183.161.61 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.183.161.61"; classtype:trojan-activity; sid:37464831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.154.162.241 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.162.241"; classtype:trojan-activity; sid:37464841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.29.16 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.29.16"; classtype:trojan-activity; sid:37464851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.152.211 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.152.211"; classtype:trojan-activity; sid:37464861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.220.101.160 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.160"; classtype:trojan-activity; sid:37464871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 165.154.12.34 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.12.34"; classtype:trojan-activity; sid:37464881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.75.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.75.222"; classtype:trojan-activity; sid:37464891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.178.28.8 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.178.28.8"; classtype:trojan-activity; sid:37464901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.177.244 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.177.244"; classtype:trojan-activity; sid:37464911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.253.72 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.253.72"; classtype:trojan-activity; sid:37464921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.204.102 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.204.102"; classtype:trojan-activity; sid:37464931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 46.28.110.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.28.110.131"; classtype:trojan-activity; sid:37464941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 119.28.115.37 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.115.37"; classtype:trojan-activity; sid:37464951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.103.235 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.103.235"; classtype:trojan-activity; sid:37464961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.53.231 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.53.231"; classtype:trojan-activity; sid:37464971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.215.26 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.215.26"; classtype:trojan-activity; sid:37464981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.89.133.2 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.133.2"; classtype:trojan-activity; sid:37464991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 191.232.55.135 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.232.55.135"; classtype:trojan-activity; sid:37465001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.170.158.197 any -> $HOME_NET any (msg: "MISP e26481 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.170.158.197"; classtype:trojan-activity; sid:37466051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26481;) alert ip 1.158.28.37 any -> $HOME_NET any (msg: "MISP e26481 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.158.28.37"; classtype:trojan-activity; sid:37466061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26481;) alert ip 112.248.248.130 any -> $HOME_NET any (msg: "MISP e26481 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.248.248.130"; classtype:trojan-activity; sid:37466071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26481;) alert ip 43.139.191.185 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.191.185"; classtype:trojan-activity; sid:37465011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.156.15.174 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.15.174"; classtype:trojan-activity; sid:37465021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 89.237.200.187 any -> $HOME_NET any (msg: "MISP e26531 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.237.200.187"; classtype:trojan-activity; sid:37463791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26531;) alert ip 43.134.181.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.181.43"; classtype:trojan-activity; sid:37465031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 189.128.28.73 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.128.28.73"; classtype:trojan-activity; sid:37465041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.203.50 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.203.50"; classtype:trojan-activity; sid:37465051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 39.40.199.142 any -> $HOME_NET any (msg: "MISP e26481 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.40.199.142"; classtype:trojan-activity; sid:37466081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26481;) alert ip 43.159.52.122 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.52.122"; classtype:trojan-activity; sid:37465061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 122.114.252.184 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.252.184"; classtype:trojan-activity; sid:37465071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.33.241.29 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.241.29"; classtype:trojan-activity; sid:37465081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.205.52 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.205.52"; classtype:trojan-activity; sid:37465091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 198.235.24.106 any -> $HOME_NET any (msg: "MISP e26534 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.106"; classtype:trojan-activity; sid:37466031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26534;) alert ip 58.54.205.31 any -> $HOME_NET any (msg: "MISP e26481 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.205.31"; classtype:trojan-activity; sid:37466091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26481;) alert ip 35.195.93.98 any -> $HOME_NET any (msg: "MISP e26531 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.195.93.98"; classtype:trojan-activity; sid:37463801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26531;) alert ip 106.254.1.81 any -> $HOME_NET any (msg: "MISP e26531 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.254.1.81"; classtype:trojan-activity; sid:37463811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26531;) alert ip 107.174.95.217 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.95.217"; classtype:trojan-activity; sid:37465101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.70.4 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.70.4"; classtype:trojan-activity; sid:37465111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.77.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.77.142"; classtype:trojan-activity; sid:37465121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 76.133.223.149 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.133.223.149"; classtype:trojan-activity; sid:37465131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 23.94.92.24 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.92.24"; classtype:trojan-activity; sid:37465141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.213.253 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.213.253"; classtype:trojan-activity; sid:37465151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 220.135.126.35 any -> $HOME_NET any (msg: "MISP e26481 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.126.35"; classtype:trojan-activity; sid:37466101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26481;) alert ip 139.162.11.92 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.162.11.92"; classtype:trojan-activity; sid:37465161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.178.103.108 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.103.108"; classtype:trojan-activity; sid:37465171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 192.241.238.27 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.238.27"; classtype:trojan-activity; sid:37465181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.126.3.247 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.3.247"; classtype:trojan-activity; sid:37465191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.249.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.249.142"; classtype:trojan-activity; sid:37465201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.196.224 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.196.224"; classtype:trojan-activity; sid:37465211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.12.248 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.12.248"; classtype:trojan-activity; sid:37465221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.84.47 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.84.47"; classtype:trojan-activity; sid:37465231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.135.161.42 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.161.42"; classtype:trojan-activity; sid:37465241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.91.136.18 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.91.136.18"; classtype:trojan-activity; sid:37465251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 125.41.243.159 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.41.243.159"; classtype:trojan-activity; sid:37465261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 139.155.4.103 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.155.4.103"; classtype:trojan-activity; sid:37465271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 150.109.12.104 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.12.104"; classtype:trojan-activity; sid:37465281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.45.141 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.45.141"; classtype:trojan-activity; sid:37465291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.7.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.7.191"; classtype:trojan-activity; sid:37465301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 116.196.80.78 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.196.80.78"; classtype:trojan-activity; sid:37465311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.139.206.67 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.206.67"; classtype:trojan-activity; sid:37465321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.239.90 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.239.90"; classtype:trojan-activity; sid:37465331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 149.62.187.192 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.62.187.192"; classtype:trojan-activity; sid:37465341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.94.155 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.94.155"; classtype:trojan-activity; sid:37465351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.160.37.197 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.160.37.197"; classtype:trojan-activity; sid:37465361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 60.28.16.222 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.28.16.222"; classtype:trojan-activity; sid:37465371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 206.204.134.41 any -> $HOME_NET any (msg: "MISP e26481 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.204.134.41"; classtype:trojan-activity; sid:37466111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26481;) alert ip 47.76.173.157 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.76.173.157"; classtype:trojan-activity; sid:37465381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 82.157.112.253 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.112.253"; classtype:trojan-activity; sid:37465391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.69.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.69.7"; classtype:trojan-activity; sid:37465401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 111.230.210.40 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.210.40"; classtype:trojan-activity; sid:37465411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.33.79.22 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.79.22"; classtype:trojan-activity; sid:37465421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 159.223.150.43 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.150.43"; classtype:trojan-activity; sid:37465431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 124.156.211.246 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.211.246"; classtype:trojan-activity; sid:37465441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.3.7 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.3.7"; classtype:trojan-activity; sid:37465451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.173.154.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.154.57"; classtype:trojan-activity; sid:37465461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.175.191 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.175.191"; classtype:trojan-activity; sid:37465471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.131.56.25 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.56.25"; classtype:trojan-activity; sid:37465481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.51.230.79 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.230.79"; classtype:trojan-activity; sid:37465491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.192.241 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.192.241"; classtype:trojan-activity; sid:37465501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.110.3 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.110.3"; classtype:trojan-activity; sid:37465511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 38.7.199.57 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.199.57"; classtype:trojan-activity; sid:37465521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 129.226.214.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.214.12"; classtype:trojan-activity; sid:37465531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 101.126.46.131 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.46.131"; classtype:trojan-activity; sid:37465541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.157.14 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.157.14"; classtype:trojan-activity; sid:37465551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.81.174.84 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.81.174.84"; classtype:trojan-activity; sid:37465561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.61.120 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.61.120"; classtype:trojan-activity; sid:37465571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 120.92.84.211 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.92.84.211"; classtype:trojan-activity; sid:37465581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.51.72.183 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.72.183"; classtype:trojan-activity; sid:37465591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.44.250.28 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.44.250.28"; classtype:trojan-activity; sid:37465601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 103.25.56.48 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.25.56.48"; classtype:trojan-activity; sid:37465611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 83.235.16.111 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.235.16.111"; classtype:trojan-activity; sid:37465621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 107.172.143.44 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.143.44"; classtype:trojan-activity; sid:37465631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.170.35 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.170.35"; classtype:trojan-activity; sid:37465641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 181.167.237.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.167.237.96"; classtype:trojan-activity; sid:37465651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.138.100.31 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.100.31"; classtype:trojan-activity; sid:37465661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 175.101.84.75 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.101.84.75"; classtype:trojan-activity; sid:37465671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 34.140.165.33 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.140.165.33"; classtype:trojan-activity; sid:37465681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.163.214.35 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.214.35"; classtype:trojan-activity; sid:37465691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 49.232.156.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.156.121"; classtype:trojan-activity; sid:37465701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 141.98.233.37 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.233.37"; classtype:trojan-activity; sid:37465711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.155.146.121 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.146.121"; classtype:trojan-activity; sid:37465721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.133.70.124 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.70.124"; classtype:trojan-activity; sid:37465731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 118.24.205.187 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.24.205.187"; classtype:trojan-activity; sid:37465741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.156.35.67 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.35.67"; classtype:trojan-activity; sid:37465751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.167.81 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.167.81"; classtype:trojan-activity; sid:37465761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.93.206 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.93.206"; classtype:trojan-activity; sid:37465771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 185.148.13.227 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.148.13.227"; classtype:trojan-activity; sid:37465781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.128.74.71 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.74.71"; classtype:trojan-activity; sid:37465791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.130.48.32 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.48.32"; classtype:trojan-activity; sid:37465801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 117.50.172.12 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.172.12"; classtype:trojan-activity; sid:37465811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 51.38.214.180 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.38.214.180"; classtype:trojan-activity; sid:37465821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.134.15.112 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.15.112"; classtype:trojan-activity; sid:37465831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.159.38.78 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.38.78"; classtype:trojan-activity; sid:37465841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 61.240.213.169 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.240.213.169"; classtype:trojan-activity; sid:37465851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 43.153.62.96 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.62.96"; classtype:trojan-activity; sid:37465861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert ip 212.83.143.142 any -> $HOME_NET any (msg: "MISP e26485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.83.143.142"; classtype:trojan-activity; sid:37465871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26485;) alert dns any any -> any any (msg: "MISP e26443 [] Domain mii-tarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"mii-tarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mii\-tarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37296491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26443;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26443 [] Outgoing HTTP Domain mii-tarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mii-tarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mii\-tarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37296492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26443;) alert ip $HOME_NET any -> 45.148.4.76 8888 (msg: "MISP e26447 [c2,Venom] Outgoing To IP: 45.148.4.76|8888"; classtype:trojan-activity; sid:37300081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 116.203.165.197 443 (msg: "MISP e26447 [c2,Vidar] Outgoing To IP: 116.203.165.197|443"; classtype:trojan-activity; sid:37300091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 46.151.31.26 80 (msg: "MISP e26447 [c2,recordbreaker] Outgoing To IP: 46.151.31.26|80"; classtype:trojan-activity; sid:37300101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 40.113.117.114 1337 (msg: "MISP e26447 [c2,orcus_rat] Outgoing To IP: 40.113.117.114|1337"; classtype:trojan-activity; sid:37300111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 34.125.32.157 80 (msg: "MISP e26447 [c2,hook] Outgoing To IP: 34.125.32.157|80"; classtype:trojan-activity; sid:37300121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 124.121.18.177 8080 (msg: "MISP e26447 [c2,darkcomet] Outgoing To IP: 124.121.18.177|8080"; classtype:trojan-activity; sid:37300131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 114.115.159.80 50050 (msg: "MISP e26447 [c2,cobalt_strike] Outgoing To IP: 114.115.159.80|50050"; classtype:trojan-activity; sid:37300141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 36.111.166.231 50050 (msg: "MISP e26447 [c2,cobalt_strike] Outgoing To IP: 36.111.166.231|50050"; classtype:trojan-activity; sid:37300151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 154.92.14.41 50050 (msg: "MISP e26447 [c2,cobalt_strike] Outgoing To IP: 154.92.14.41|50050"; classtype:trojan-activity; sid:37300161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 157.245.78.225 42718 (msg: "MISP e26447 [c2,cobalt_strike] Outgoing To IP: 157.245.78.225|42718"; classtype:trojan-activity; sid:37300171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 43.156.108.42 32323 (msg: "MISP e26447 [c2,cobalt_strike] Outgoing To IP: 43.156.108.42|32323"; classtype:trojan-activity; sid:37300181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 162.244.80.14 17124 (msg: "MISP e26447 [c2,cobalt_strike] Outgoing To IP: 162.244.80.14|17124"; classtype:trojan-activity; sid:37300191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 162.244.80.14 17124 (msg: "MISP e26672 [c2,misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 162.244.80.14|17124"; classtype:trojan-activity; sid:37494141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 43.156.108.42 32323 (msg: "MISP e26672 [c2,misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 43.156.108.42|32323"; classtype:trojan-activity; sid:37494151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 157.245.78.225 42718 (msg: "MISP e26672 [c2,misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 157.245.78.225|42718"; classtype:trojan-activity; sid:37494161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 154.92.14.41 50050 (msg: "MISP e26672 [c2,misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 154.92.14.41|50050"; classtype:trojan-activity; sid:37494171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 36.111.166.231 50050 (msg: "MISP e26672 [c2,misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 36.111.166.231|50050"; classtype:trojan-activity; sid:37494181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 114.115.159.80 50050 (msg: "MISP e26672 [c2,misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing To IP: 114.115.159.80|50050"; classtype:trojan-activity; sid:37494191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 124.121.18.177 8080 (msg: "MISP e26672 [c2,darkcomet,misp-galaxy:malpedia="DarkComet",misp:confidence-level="usually-confident"] Outgoing To IP: 124.121.18.177|8080"; classtype:trojan-activity; sid:37494201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 34.125.32.157 80 (msg: "MISP e26672 [c2,misp:confidence-level="usually-confident"] Outgoing To IP: 34.125.32.157|80"; classtype:trojan-activity; sid:37494211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 40.113.117.114 1337 (msg: "MISP e26672 [c2,misp-galaxy:malpedia="Orcus RAT",misp:confidence-level="usually-confident"] Outgoing To IP: 40.113.117.114|1337"; classtype:trojan-activity; sid:37494221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 46.151.31.26 80 (msg: "MISP e26672 [c2,misp:confidence-level="usually-confident"] Outgoing To IP: 46.151.31.26|80"; classtype:trojan-activity; sid:37494231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 116.203.165.197 443 (msg: "MISP e26672 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 116.203.165.197|443"; classtype:trojan-activity; sid:37494241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 45.148.4.76 8888 (msg: "MISP e26672 [c2,misp:confidence-level="usually-confident"] Outgoing To IP: 45.148.4.76|8888"; classtype:trojan-activity; sid:37494251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 8.222.165.110 $HTTP_PORTS (msg: "MISP e26447 [Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//8.222.165.110/g.pixel"; flow:to_server,established; http.header; content:"8.222.165.110"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37300201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> 8.222.165.110 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//8.222.165.110/g.pixel"; flow:to_server,established; http.header; content:"8.222.165.110"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 37.28.157.3 $HTTP_PORTS (msg: "MISP e26447 [Stealc] Outgoing URL http|3a|//37.28.157.3/17303af8450cc290.php"; flow:to_server,established; http.header; content:"37.28.157.3"; fast_pattern; nocase; http.uri; content:"/17303af8450cc290.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37300211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> 37.28.157.3 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//37.28.157.3/17303af8450cc290.php"; flow:to_server,established; http.header; content:"37.28.157.3"; fast_pattern; nocase; http.uri; content:"/17303af8450cc290.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 45.61.138.43 20000 (msg: "MISP e26447 [Bianlian Go Trojan,BLNWX] Outgoing To IP: 45.61.138.43|20000"; classtype:trojan-activity; sid:37300221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 185.83.113.126 32031 (msg: "MISP e26447 [Bianlian Go Trojan,HOSTIRAN-NETWORK] Outgoing To IP: 185.83.113.126|32031"; classtype:trojan-activity; sid:37300231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 185.83.113.126 32005 (msg: "MISP e26447 [Bianlian Go Trojan,HOSTIRAN-NETWORK] Outgoing To IP: 185.83.113.126|32005"; classtype:trojan-activity; sid:37300241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 185.83.113.126 32012 (msg: "MISP e26447 [Bianlian Go Trojan,HOSTIRAN-NETWORK] Outgoing To IP: 185.83.113.126|32012"; classtype:trojan-activity; sid:37300251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 185.83.113.126 32023 (msg: "MISP e26447 [Bianlian Go Trojan,HOSTIRAN-NETWORK] Outgoing To IP: 185.83.113.126|32023"; classtype:trojan-activity; sid:37300261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 185.11.61.124 20000 (msg: "MISP e26447 [Bianlian Go Trojan,CHANGWAY-AS] Outgoing To IP: 185.11.61.124|20000"; classtype:trojan-activity; sid:37300271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 146.190.165.243 443 (msg: "MISP e26447 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 146.190.165.243|443"; classtype:trojan-activity; sid:37300281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 141.164.161.19 443 (msg: "MISP e26447 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 141.164.161.19|443"; classtype:trojan-activity; sid:37300291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 72.27.104.149 443 (msg: "MISP e26447 [FLOW-NET,QakBot] Outgoing To IP: 72.27.104.149|443"; classtype:trojan-activity; sid:37300301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 160.176.70.45 995 (msg: "MISP e26447 [MT-MPLS,QakBot] Outgoing To IP: 160.176.70.45|995"; classtype:trojan-activity; sid:37300311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 88.153.94.39 4444 (msg: "MISP e26447 [dcrat,VODANET International IP-Backbone of Vodafone] Outgoing To IP: 88.153.94.39|4444"; classtype:trojan-activity; sid:37300321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 172.232.190.57 2224 (msg: "MISP e26447 [AKAMAI-LINODE-AP Akamai Connected Cloud,Pikabot] Outgoing To IP: 172.232.190.57|2224"; classtype:trojan-activity; sid:37300331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 172.232.190.57 2224 (msg: "MISP e26672 [] Outgoing To IP: 172.232.190.57|2224"; classtype:trojan-activity; sid:37494281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 88.153.94.39 4444 (msg: "MISP e26672 [] Outgoing To IP: 88.153.94.39|4444"; classtype:trojan-activity; sid:37494291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 160.176.70.45 995 (msg: "MISP e26672 [] Outgoing To IP: 160.176.70.45|995"; classtype:trojan-activity; sid:37494301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 72.27.104.149 443 (msg: "MISP e26672 [] Outgoing To IP: 72.27.104.149|443"; classtype:trojan-activity; sid:37494311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 141.164.161.19 443 (msg: "MISP e26672 [] Outgoing To IP: 141.164.161.19|443"; classtype:trojan-activity; sid:37494321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 146.190.165.243 443 (msg: "MISP e26672 [] Outgoing To IP: 146.190.165.243|443"; classtype:trojan-activity; sid:37494331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 185.83.113.126 32023 (msg: "MISP e26672 [] Outgoing To IP: 185.83.113.126|32023"; classtype:trojan-activity; sid:37494341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 185.11.61.124 20000 (msg: "MISP e26672 [] Outgoing To IP: 185.11.61.124|20000"; classtype:trojan-activity; sid:37494351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 185.83.113.126 32012 (msg: "MISP e26672 [] Outgoing To IP: 185.83.113.126|32012"; classtype:trojan-activity; sid:37494361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 185.83.113.126 32005 (msg: "MISP e26672 [] Outgoing To IP: 185.83.113.126|32005"; classtype:trojan-activity; sid:37494371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 185.83.113.126 32031 (msg: "MISP e26672 [] Outgoing To IP: 185.83.113.126|32031"; classtype:trojan-activity; sid:37494381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 45.61.138.43 20000 (msg: "MISP e26672 [] Outgoing To IP: 45.61.138.43|20000"; classtype:trojan-activity; sid:37494391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26445 [] Domain consuecsmfuir.com"; dns.query; content:"consuecsmfuir.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])consuecsmfuir\.com$/i"; classtype:trojan-activity; sid:37299871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26445;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26445 [] Outgoing HTTP Domain consuecsmfuir.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consuecsmfuir.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consuecsmfuir\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37299872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26445;) alert ip $HOME_NET any -> 81.94.150.21 443 (msg: "MISP e26447 [KeitaroTDS,SocGholish] Outgoing To IP: 81.94.150.21|443"; classtype:trojan-activity; sid:37300041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 103.47.195.200 42597 (msg: "MISP e26447 [moobot] Outgoing To IP: 103.47.195.200|42597"; classtype:trojan-activity; sid:37300051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [moobot] Domain abc.anti-ddos.io.vn"; dns.query; content:"abc.anti-ddos.io.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-])abc\.anti\-ddos\.io\.vn$/i"; classtype:trojan-activity; sid:37300061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [moobot] Outgoing HTTP Domain abc.anti-ddos.io.vn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"abc.anti-ddos.io.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])abc\.anti\-ddos\.io\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26468 [] Domain vmi.lt-baudos-asm.net"; dns.query; content:"vmi.lt-baudos-asm.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net$/i"; classtype:trojan-activity; sid:37304131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26468;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26468 [] Outgoing HTTP Domain vmi.lt-baudos-asm.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-baudos-asm.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37304132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26468;) alert dns any any -> any any (msg: "MISP e26465 [] Domain vmi.lt-baudos-asm.net"; dns.query; content:"vmi.lt-baudos-asm.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net$/i"; classtype:trojan-activity; sid:37304041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26465;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26465 [] Outgoing HTTP Domain vmi.lt-baudos-asm.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-baudos-asm.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37304042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26465;) alert dns any any -> any any (msg: "MISP e26472 [] Domain vmi.lt-baudos-asm.net"; dns.query; content:"vmi.lt-baudos-asm.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net$/i"; classtype:trojan-activity; sid:37304361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26472;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26472 [] Outgoing HTTP Domain vmi.lt-baudos-asm.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-baudos-asm.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37304362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26472;) alert dns any any -> any any (msg: "MISP e26605 [] Domain vmi.lt-baudos-asm.net"; dns.query; content:"vmi.lt-baudos-asm.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net$/i"; classtype:trojan-activity; sid:37487431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26605;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26605 [] Outgoing HTTP Domain vmi.lt-baudos-asm.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-baudos-asm.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26605;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26447 [dcrat] Outgoing URL http|3a|//514885cm.nyashsens.top/processtestpublic.php"; flow:to_server,established; http.header; content:"514885cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/processtestpublic.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37300341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26467 [] Domain vmi.lt-baudos-asm.net"; dns.query; content:"vmi.lt-baudos-asm.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net$/i"; classtype:trojan-activity; sid:37304101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26467;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26467 [] Outgoing HTTP Domain vmi.lt-baudos-asm.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-baudos-asm.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37304102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26467;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//514885cm.nyashsens.top/processTestPublic.php"; flow:to_server,established; http.header; content:"514885cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/processTestPublic.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26466 [] Domain vmi.lt-baudos-asm.net"; dns.query; content:"vmi.lt-baudos-asm.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net$/i"; classtype:trojan-activity; sid:37304071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26466;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26466 [] Outgoing HTTP Domain vmi.lt-baudos-asm.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-baudos-asm.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-baudos\-asm\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37304072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26466;) alert dns any any -> any any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Domain ns1.topglobaltv.com"; dns.query; content:"ns1.topglobaltv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.topglobaltv\.com$/i"; classtype:trojan-activity; sid:37300401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain ns1.topglobaltv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.topglobaltv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.topglobaltv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Domain www.southernlandmortgage.cloud"; dns.query; content:"www.southernlandmortgage.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.southernlandmortgage\.cloud$/i"; classtype:trojan-activity; sid:37300411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain www.southernlandmortgage.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.southernlandmortgage.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.southernlandmortgage\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Domain ns1.waltontechnical.com"; dns.query; content:"ns1.waltontechnical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.waltontechnical\.com$/i"; classtype:trojan-activity; sid:37300371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain ns1.waltontechnical.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.waltontechnical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.waltontechnical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Domain myinternationalsolutions.com"; dns.query; content:"myinternationalsolutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])myinternationalsolutions\.com$/i"; classtype:trojan-activity; sid:37300381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain myinternationalsolutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"myinternationalsolutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])myinternationalsolutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Domain ns1.myinternationalsolutions.com"; dns.query; content:"ns1.myinternationalsolutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.myinternationalsolutions\.com$/i"; classtype:trojan-activity; sid:37300391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain ns1.myinternationalsolutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.myinternationalsolutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.myinternationalsolutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Domain ns1.usaglobalnews.com"; dns.query; content:"ns1.usaglobalnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.usaglobalnews\.com$/i"; classtype:trojan-activity; sid:37300351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain ns1.usaglobalnews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.usaglobalnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.usaglobalnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Domain waltontechnical.com"; dns.query; content:"waltontechnical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])waltontechnical\.com$/i"; classtype:trojan-activity; sid:37300361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain waltontechnical.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"waltontechnical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])waltontechnical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26672 [] Domain ns1.usaglobalnews.com"; dns.query; content:"ns1.usaglobalnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.usaglobalnews\.com$/i"; classtype:trojan-activity; sid:37494411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain ns1.usaglobalnews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.usaglobalnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.usaglobalnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain waltontechnical.com"; dns.query; content:"waltontechnical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])waltontechnical\.com$/i"; classtype:trojan-activity; sid:37494421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain waltontechnical.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"waltontechnical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])waltontechnical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain ns1.waltontechnical.com"; dns.query; content:"ns1.waltontechnical.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.waltontechnical\.com$/i"; classtype:trojan-activity; sid:37494431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain ns1.waltontechnical.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.waltontechnical.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.waltontechnical\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain myinternationalsolutions.com"; dns.query; content:"myinternationalsolutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])myinternationalsolutions\.com$/i"; classtype:trojan-activity; sid:37494441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain myinternationalsolutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"myinternationalsolutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])myinternationalsolutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain ns1.myinternationalsolutions.com"; dns.query; content:"ns1.myinternationalsolutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.myinternationalsolutions\.com$/i"; classtype:trojan-activity; sid:37494451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain ns1.myinternationalsolutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.myinternationalsolutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.myinternationalsolutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain ns1.topglobaltv.com"; dns.query; content:"ns1.topglobaltv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.topglobaltv\.com$/i"; classtype:trojan-activity; sid:37494461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain ns1.topglobaltv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.topglobaltv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.topglobaltv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain www.southernlandmortgage.cloud"; dns.query; content:"www.southernlandmortgage.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.southernlandmortgage\.cloud$/i"; classtype:trojan-activity; sid:37494471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain www.southernlandmortgage.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.southernlandmortgage.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.southernlandmortgage\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26578 [] Domain data1.zip"; dns.query; content:"data1.zip"; nocase; pcre: "/(^|[^A-Za-z0-9-])data1\.zip$/i"; classtype:trojan-activity; sid:37480661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26578;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26578 [] Outgoing HTTP Domain data1.zip"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"data1.zip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])data1\.zip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37480662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26578;) alert dns any any -> any any (msg: "MISP e26578 [] Domain data3.zip"; dns.query; content:"data3.zip"; nocase; pcre: "/(^|[^A-Za-z0-9-])data3\.zip$/i"; classtype:trojan-activity; sid:37480851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26578;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26578 [] Outgoing HTTP Domain data3.zip"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"data3.zip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])data3\.zip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37480852; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26578;) alert dns any any -> any any (msg: "MISP e26578 [] Hostname docusign3.url.download"; dns.query; content:"docusign3.url.download"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])docusign3\.url\.download$/i"; classtype:trojan-activity; sid:37481401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26578;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26578 [] Outgoing HTTP Hostname docusign3.url.download"; flow:to_server,established; http.header; content: "Host|3a| docusign3.url.download"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])docusign3\.url\.download[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37481402; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26578;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26578 [] Source Email Address: john.mocally174@40mail.ru"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"john.mocally174@40mail.ru"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37482141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26578;) alert ip $HOME_NET any -> 104.129.55.103 2224 (msg: "MISP e26581 [] Outgoing To IP: 104.129.55.103|2224"; classtype:trojan-activity; sid:37482821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 178.18.246.136 2078 (msg: "MISP e26581 [] Outgoing To IP: 178.18.246.136|2078"; classtype:trojan-activity; sid:37482831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 158.220.80.167 2967 (msg: "MISP e26581 [] Outgoing To IP: 158.220.80.167|2967"; classtype:trojan-activity; sid:37482841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 104.129.55.104 2223 (msg: "MISP e26581 [] Outgoing To IP: 104.129.55.104|2223"; classtype:trojan-activity; sid:37482851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 23.226.138.161 5242 (msg: "MISP e26581 [] Outgoing To IP: 23.226.138.161|5242"; classtype:trojan-activity; sid:37482861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 37.60.242.85 9785 (msg: "MISP e26581 [] Outgoing To IP: 37.60.242.85|9785"; classtype:trojan-activity; sid:37482871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 23.226.138.143 2083 (msg: "MISP e26581 [] Outgoing To IP: 23.226.138.143|2083"; classtype:trojan-activity; sid:37482881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 37.60.242.86 2967 (msg: "MISP e26581 [] Outgoing To IP: 37.60.242.86|2967"; classtype:trojan-activity; sid:37482891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 85.239.243.155 5000 (msg: "MISP e26581 [] Outgoing To IP: 85.239.243.155|5000"; classtype:trojan-activity; sid:37482901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 158.220.80.157 9785 (msg: "MISP e26581 [] Outgoing To IP: 158.220.80.157|9785"; classtype:trojan-activity; sid:37482911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 65.20.66.218 5938 (msg: "MISP e26581 [] Outgoing To IP: 65.20.66.218|5938"; classtype:trojan-activity; sid:37482921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 95.179.191.137 5938 (msg: "MISP e26581 [] Outgoing To IP: 95.179.191.137|5938"; classtype:trojan-activity; sid:37482931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert ip $HOME_NET any -> 139.84.237.229 2967 (msg: "MISP e26581 [] Outgoing To IP: 139.84.237.229|2967"; classtype:trojan-activity; sid:37482941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26581;) alert dns any any -> any any (msg: "MISP e26582 [] Hostname gratislauncher-pc-set-up.v.2o24.zip"; dns.query; content:"gratislauncher-pc-set-up.v.2o24.zip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gratislauncher\-pc\-set\-up\.v\.2o24\.zip$/i"; classtype:trojan-activity; sid:37483021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26582;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26582 [] Outgoing HTTP Hostname gratislauncher-pc-set-up.v.2o24.zip"; flow:to_server,established; http.header; content: "Host|3a| gratislauncher-pc-set-up.v.2o24.zip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gratislauncher\-pc\-set\-up\.v\.2o24\.zip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37483022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26582;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ai.aerosp.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.aerosp.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ai.bananat.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.bananat.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ai.daysol.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.daysol.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ai.kimyy.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.kimyy.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ai.kostin.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.kostin.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ai.limsjo.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.limsjo.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ai.negapa.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.negapa.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ai.selecto.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.selecto.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ai.ssungmin.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.ssungmin.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ar.kostin.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ar.kostin.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ca.bananat.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ca.bananat.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ce.aerosp.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ce.aerosp.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//coolsystem.co.kr/admin/mail/index.php"; flow:to_server,established; http.header; content:"coolsystem.co.kr"; fast_pattern; nocase; http.uri; content:"/admin/mail/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//dl.netup.p-e.kr/index.php"; flow:to_server,established; http.header; content:"dl.netup.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//li.ssungmin.p-e.kr/index.php"; flow:to_server,established; http.header; content:"li.ssungmin.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ol.negapa.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ol.negapa.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//pe.daysol.p-e.kr/index.php"; flow:to_server,established; http.header; content:"pe.daysol.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//pi.selecto.p-e.kr/index.php"; flow:to_server,established; http.header; content:"pi.selecto.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//qa.jaychoi.p-e.kr/index.php"; flow:to_server,established; http.header; content:"qa.jaychoi.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//qi.limsjo.p-e.kr/index.php"; flow:to_server,established; http.header; content:"qi.limsjo.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//sa.netup.p-e.kr/index.php"; flow:to_server,established; http.header; content:"sa.netup.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//ve.kimyy.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ve.kimyy.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26583 [] Outgoing URL http|3a|//viewer.appofficer.kro.kr/index.php"; flow:to_server,established; http.header; content:"viewer.appofficer.kro.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37483681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26583;) alert dns any any -> any any (msg: "MISP e26672 [] Domain anhelo.con-ip.com"; dns.query; content:"anhelo.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])anhelo\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain anhelo.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"anhelo.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])anhelo\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain bendecidos.con-ip.com"; dns.query; content:"bendecidos.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bendecidos\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain bendecidos.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bendecidos.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bendecidos\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain dsfkdsvnlsnvklvdsnvodv.con-ip.com"; dns.query; content:"dsfkdsvnlsnvklvdsnvodv.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dsfkdsvnlsnvklvdsnvodv\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain dsfkdsvnlsnvklvdsnvodv.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dsfkdsvnlsnvklvdsnvodv.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dsfkdsvnlsnvklvdsnvodv\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain edden.con-ip.com"; dns.query; content:"edden.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])edden\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain edden.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edden.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edden\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain enticonfio.con-ip.com"; dns.query; content:"enticonfio.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])enticonfio\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain enticonfio.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"enticonfio.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])enticonfio\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain ergdsbsicshdfsijfsiudhf.con-ip.com"; dns.query; content:"ergdsbsicshdfsijfsiudhf.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ergdsbsicshdfsijfsiudhf\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain ergdsbsicshdfsijfsiudhf.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ergdsbsicshdfsijfsiudhf.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ergdsbsicshdfsijfsiudhf\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain galaxia.con-ip.com"; dns.query; content:"galaxia.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])galaxia\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain galaxia.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"galaxia.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])galaxia\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain memorias.con-ip.com"; dns.query; content:"memorias.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])memorias\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain memorias.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"memorias.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])memorias\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain nuevocomienzo777.con-ip.com"; dns.query; content:"nuevocomienzo777.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nuevocomienzo777\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain nuevocomienzo777.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nuevocomienzo777.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nuevocomienzo777\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain ostentar.con-ip.com"; dns.query; content:"ostentar.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ostentar\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain ostentar.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ostentar.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ostentar\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain persistencia.con-ip.com"; dns.query; content:"persistencia.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])persistencia\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain persistencia.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"persistencia.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])persistencia\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain salomon77.con-ip.com"; dns.query; content:"salomon77.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salomon77\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain salomon77.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salomon77.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salomon77\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain sion.con-ip.com"; dns.query; content:"sion.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sion\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain sion.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sion.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sion\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain abundancia777.con-ip.com"; dns.query; content:"abundancia777.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])abundancia777\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain abundancia777.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"abundancia777.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])abundancia777\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain caramelo.con-ip.com"; dns.query; content:"caramelo.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])caramelo\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain caramelo.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caramelo.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caramelo\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain mazaltov.con-ip.com"; dns.query; content:"mazaltov.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mazaltov\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain mazaltov.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mazaltov.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mazaltov\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain krater1.con-ip.com"; dns.query; content:"krater1.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])krater1\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain krater1.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"krater1.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])krater1\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain graciasdiosito.con-ip.com"; dns.query; content:"graciasdiosito.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])graciasdiosito\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain graciasdiosito.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"graciasdiosito.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])graciasdiosito\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain deusdsfduhfdjisjdfasaxc.con-ip.com"; dns.query; content:"deusdsfduhfdjisjdfasaxc.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])deusdsfduhfdjisjdfasaxc\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain deusdsfduhfdjisjdfasaxc.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"deusdsfduhfdjisjdfasaxc.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])deusdsfduhfdjisjdfasaxc\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain sssssssdhhdiodhuhdisdisgi.con-ip.com"; dns.query; content:"sssssssdhhdiodhuhdisdisgi.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sssssssdhhdiodhuhdisdisgi\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain sssssssdhhdiodhuhdisdisgi.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sssssssdhhdiodhuhdisdisgi.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sssssssdhhdiodhuhdisdisgi\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain gamin.con-ip.com"; dns.query; content:"gamin.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gamin\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain gamin.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gamin.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gamin\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain redentor.con-ip.com"; dns.query; content:"redentor.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])redentor\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain redentor.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"redentor.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])redentor\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain salud77.con-ip.com"; dns.query; content:"salud77.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salud77\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain salud77.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salud77.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salud77\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain yahweh.con-ip.com"; dns.query; content:"yahweh.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])yahweh\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain yahweh.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yahweh.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yahweh\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain anguila.con-ip.com"; dns.query; content:"anguila.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])anguila\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain anguila.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"anguila.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])anguila\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain jireh.con-ip.com"; dns.query; content:"jireh.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jireh\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain jireh.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jireh.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jireh\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain farsante9.con-ip.com"; dns.query; content:"farsante9.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])farsante9\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain farsante9.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"farsante9.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])farsante9\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain matusalen77.con-ip.com"; dns.query; content:"matusalen77.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])matusalen77\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37494751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain matusalen77.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"matusalen77.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])matusalen77\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37494752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26447 [] Domain salomon77.con-ip.com"; dns.query; content:"salomon77.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salomon77\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain salomon77.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salomon77.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salomon77\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain sion.con-ip.com"; dns.query; content:"sion.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sion\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain sion.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sion.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sion\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain ostentar.con-ip.com"; dns.query; content:"ostentar.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ostentar\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain ostentar.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ostentar.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ostentar\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain persistencia.con-ip.com"; dns.query; content:"persistencia.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])persistencia\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain persistencia.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"persistencia.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])persistencia\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain galaxia.con-ip.com"; dns.query; content:"galaxia.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])galaxia\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain galaxia.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"galaxia.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])galaxia\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain memorias.con-ip.com"; dns.query; content:"memorias.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])memorias\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain memorias.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"memorias.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])memorias\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain nuevocomienzo777.con-ip.com"; dns.query; content:"nuevocomienzo777.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nuevocomienzo777\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain nuevocomienzo777.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nuevocomienzo777.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nuevocomienzo777\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain dsfkdsvnlsnvklvdsnvodv.con-ip.com"; dns.query; content:"dsfkdsvnlsnvklvdsnvodv.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dsfkdsvnlsnvklvdsnvodv\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain dsfkdsvnlsnvklvdsnvodv.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dsfkdsvnlsnvklvdsnvodv.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dsfkdsvnlsnvklvdsnvodv\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain edden.con-ip.com"; dns.query; content:"edden.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])edden\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain edden.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edden.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edden\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain enticonfio.con-ip.com"; dns.query; content:"enticonfio.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])enticonfio\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain enticonfio.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"enticonfio.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])enticonfio\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain ergdsbsicshdfsijfsiudhf.con-ip.com"; dns.query; content:"ergdsbsicshdfsijfsiudhf.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ergdsbsicshdfsijfsiudhf\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain ergdsbsicshdfsijfsiudhf.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ergdsbsicshdfsijfsiudhf.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ergdsbsicshdfsijfsiudhf\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain matusalen77.con-ip.com"; dns.query; content:"matusalen77.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])matusalen77\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain matusalen77.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"matusalen77.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])matusalen77\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain anhelo.con-ip.com"; dns.query; content:"anhelo.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])anhelo\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain anhelo.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"anhelo.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])anhelo\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain bendecidos.con-ip.com"; dns.query; content:"bendecidos.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bendecidos\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain bendecidos.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bendecidos.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bendecidos\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain yahweh.con-ip.com"; dns.query; content:"yahweh.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])yahweh\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain yahweh.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yahweh.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yahweh\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain anguila.con-ip.com"; dns.query; content:"anguila.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])anguila\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain anguila.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"anguila.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])anguila\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain jireh.con-ip.com"; dns.query; content:"jireh.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jireh\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain jireh.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jireh.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jireh\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain farsante9.con-ip.com"; dns.query; content:"farsante9.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])farsante9\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain farsante9.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"farsante9.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])farsante9\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain gamin.con-ip.com"; dns.query; content:"gamin.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gamin\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain gamin.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gamin.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gamin\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain redentor.con-ip.com"; dns.query; content:"redentor.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])redentor\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain redentor.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"redentor.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])redentor\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain salud77.con-ip.com"; dns.query; content:"salud77.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salud77\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain salud77.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salud77.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salud77\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain graciasdiosito.con-ip.com"; dns.query; content:"graciasdiosito.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])graciasdiosito\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain graciasdiosito.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"graciasdiosito.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])graciasdiosito\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain deusdsfduhfdjisjdfasaxc.con-ip.com"; dns.query; content:"deusdsfduhfdjisjdfasaxc.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])deusdsfduhfdjisjdfasaxc\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain deusdsfduhfdjisjdfasaxc.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"deusdsfduhfdjisjdfasaxc.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])deusdsfduhfdjisjdfasaxc\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain sssssssdhhdiodhuhdisdisgi.con-ip.com"; dns.query; content:"sssssssdhhdiodhuhdisdisgi.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sssssssdhhdiodhuhdisdisgi\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain sssssssdhhdiodhuhdisdisgi.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sssssssdhhdiodhuhdisdisgi.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sssssssdhhdiodhuhdisdisgi\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain caramelo.con-ip.com"; dns.query; content:"caramelo.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])caramelo\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain caramelo.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caramelo.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caramelo\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain mazaltov.con-ip.com"; dns.query; content:"mazaltov.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mazaltov\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain mazaltov.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mazaltov.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mazaltov\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain krater1.con-ip.com"; dns.query; content:"krater1.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])krater1\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain krater1.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"krater1.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])krater1\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain abundancia777.con-ip.com"; dns.query; content:"abundancia777.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])abundancia777\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain abundancia777.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"abundancia777.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])abundancia777\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 1.94.110.130 443 (msg: "MISP e26447 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing To IP: 1.94.110.130|443"; classtype:trojan-activity; sid:37300711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 43.139.177.244 443 (msg: "MISP e26447 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 43.139.177.244|443"; classtype:trojan-activity; sid:37300721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 43.139.177.244 443 (msg: "MISP e26672 [] Outgoing To IP: 43.139.177.244|443"; classtype:trojan-activity; sid:37494761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 1.94.110.130 443 (msg: "MISP e26672 [] Outgoing To IP: 1.94.110.130|443"; classtype:trojan-activity; sid:37494781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 87.121.112.29 1311 (msg: "MISP e26672 [] Outgoing To IP: 87.121.112.29|1311"; classtype:trojan-activity; sid:37494791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 87.121.112.41 1311 (msg: "MISP e26672 [] Outgoing To IP: 87.121.112.41|1311"; classtype:trojan-activity; sid:37494801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 94.131.13.80 1311 (msg: "MISP e26672 [] Outgoing To IP: 94.131.13.80|1311"; classtype:trojan-activity; sid:37494811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 20.187.91.63 59413 (msg: "MISP e26672 [] Outgoing To IP: 20.187.91.63|59413"; classtype:trojan-activity; sid:37494821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 85.204.116.230 1311 (msg: "MISP e26672 [] Outgoing To IP: 85.204.116.230|1311"; classtype:trojan-activity; sid:37494831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 85.204.116.231 1288 (msg: "MISP e26672 [] Outgoing To IP: 85.204.116.231|1288"; classtype:trojan-activity; sid:37494841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 85.204.116.128 1287 (msg: "MISP e26672 [] Outgoing To IP: 85.204.116.128|1287"; classtype:trojan-activity; sid:37494851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 94.228.162.3 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//94.228.162.3/auth/login"; flow:to_server,established; http.header; content:"94.228.162.3"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 5.182.87.145 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//5.182.87.145/auth/login"; flow:to_server,established; http.header; content:"5.182.87.145"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 147.45.75.185 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//147.45.75.185/auth/login"; flow:to_server,established; http.header; content:"147.45.75.185"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 2.56.109.134 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//2.56.109.134/auth/login"; flow:to_server,established; http.header; content:"2.56.109.134"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 5.42.73.251 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//5.42.73.251/auth/login"; flow:to_server,established; http.header; content:"5.42.73.251"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 147.45.40.196 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//147.45.40.196/auth/login"; flow:to_server,established; http.header; content:"147.45.40.196"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 147.45.40.99 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//147.45.40.99/auth/login"; flow:to_server,established; http.header; content:"147.45.40.99"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 5.182.86.194 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//5.182.86.194/auth/login"; flow:to_server,established; http.header; content:"5.182.86.194"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 212.113.116.110 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//212.113.116.110/auth/login"; flow:to_server,established; http.header; content:"212.113.116.110"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 103.241.72.56 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//103.241.72.56/auth/login"; flow:to_server,established; http.header; content:"103.241.72.56"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 139.180.191.68 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//139.180.191.68/auth/login"; flow:to_server,established; http.header; content:"139.180.191.68"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37494961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 45.93.9.119 1311 (msg: "MISP e26672 [] Outgoing To IP: 45.93.9.119|1311"; classtype:trojan-activity; sid:37494971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 45.93.9.98 1311 (msg: "MISP e26672 [] Outgoing To IP: 45.93.9.98|1311"; classtype:trojan-activity; sid:37494981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 45.93.9.108 1311 (msg: "MISP e26672 [] Outgoing To IP: 45.93.9.108|1311"; classtype:trojan-activity; sid:37494991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26473 [] Outgoing URL http|3a|//wilhelms-radical-site-3051ae304d5b31062.webflow.io"; flow:to_server,established; http.header; content:"wilhelms-radical-site-3051ae304d5b31062.webflow.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37304391; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26473;) alert dns any any -> any any (msg: "MISP e26672 [] Domain cholin777.con-ip.com"; dns.query; content:"cholin777.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cholin777\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37495001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain cholin777.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cholin777.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cholin777\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain elgigante.con-ip.com"; dns.query; content:"elgigante.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])elgigante\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37495011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain elgigante.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elgigante.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elgigante\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain elgrande.con-ip.com"; dns.query; content:"elgrande.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])elgrande\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37495021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain elgrande.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elgrande.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elgrande\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain gomelo.con-ip.com"; dns.query; content:"gomelo.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gomelo\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37495031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain gomelo.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gomelo.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gomelo\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain hebreo.con-ip.com"; dns.query; content:"hebreo.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hebreo\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37495041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain hebreo.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hebreo.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hebreo\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain jerusalen.con-ip.com"; dns.query; content:"jerusalen.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jerusalen\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37495051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain jerusalen.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jerusalen.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jerusalen\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain lesbiano.con-ip.com"; dns.query; content:"lesbiano.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lesbiano\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37495061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain lesbiano.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lesbiano.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lesbiano\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain ruby.con-ip.com"; dns.query; content:"ruby.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ruby\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37495071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain ruby.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ruby.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ruby\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 164.155.206.126 8082 (msg: "MISP e26672 [] Outgoing URL http|3a|//164.155.206.126|3a|8082/login/index"; flow:to_server,established; http.header; content:"164.155.206.126"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 8.134.166.14 8082 (msg: "MISP e26672 [] Outgoing URL http|3a|//8.134.166.14|3a|8082/login/index"; flow:to_server,established; http.header; content:"8.134.166.14"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 180.76.179.154 8082 (msg: "MISP e26672 [] Outgoing URL http|3a|//180.76.179.154|3a|8082/login/index"; flow:to_server,established; http.header; content:"180.76.179.154"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 134.122.132.52 8082 (msg: "MISP e26672 [] Outgoing URL http|3a|//134.122.132.52|3a|8082/login/index"; flow:to_server,established; http.header; content:"134.122.132.52"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 134.122.132.23 8082 (msg: "MISP e26672 [] Outgoing URL http|3a|//134.122.132.23|3a|8082/login/index"; flow:to_server,established; http.header; content:"134.122.132.23"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 82.157.154.37 8082 (msg: "MISP e26672 [] Outgoing URL http|3a|//82.157.154.37|3a|8082/login/index"; flow:to_server,established; http.header; content:"82.157.154.37"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 116.204.110.99 8082 (msg: "MISP e26672 [] Outgoing URL http|3a|//116.204.110.99|3a|8082/login/index"; flow:to_server,established; http.header; content:"116.204.110.99"; fast_pattern; nocase; http.uri; content:"/login/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 68.183.111.170 $HTTP_PORTS (msg: "MISP e26447 [CobaltStrike,cs-watermark-305419896,DIGITALOCEAN-ASN] Outgoing URL http|3a|//68.183.111.170/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"68.183.111.170"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37300811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> 68.183.111.170 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//68.183.111.170/IE9CompatViewList.xml"; flow:to_server,established; http.header; content:"68.183.111.170"; fast_pattern; nocase; http.uri; content:"/IE9CompatViewList.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 134.122.75.115 23 (msg: "MISP e26447 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Outgoing URL http|3a|//134.122.75.115|3a|23/dpixel"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37300831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> 134.122.75.115 26 (msg: "MISP e26447 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Outgoing URL http|3a|//134.122.75.115|3a|26/pixel"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37300841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> 134.122.75.115 26 (msg: "MISP e26672 [] Outgoing URL http|3a|//134.122.75.115|3a|26/pixel"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 134.122.75.115 23 (msg: "MISP e26672 [] Outgoing URL http|3a|//134.122.75.115|3a|23/dpixel"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e24599 [] Domain oth3rp|30 78|t.store"; dns.query; content:"oth3rp|30 78|t.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])oth3rp\|30 78\|t\.store$/i"; classtype:trojan-activity; sid:37480111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24599 [] Outgoing HTTP Domain oth3rp|30 78|t.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oth3rp|30 78|t.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oth3rp\|30 78\|t\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37480112; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert ip 185.224.128.10 any -> $HOME_NET any (msg: "MISP e26471 [] Incoming From IP: 185.224.128.10"; classtype:trojan-activity; sid:37304201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26471;) alert ip $HOME_NET any -> 45.155.91.135 7722 (msg: "MISP e26471 [] Outgoing To IP: 45.155.91.135|7722"; classtype:trojan-activity; sid:37304231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26471;) alert ip $HOME_NET any -> 45.142.214.108 any (msg: "MISP e26471 [] Outgoing To IP: 45.142.214.108"; classtype:trojan-activity; sid:37304221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26471;) alert dns any any -> any any (msg: "MISP e26447 [Mirai] Domain fucktheccp.top"; dns.query; content:"fucktheccp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])fucktheccp\.top$/i"; classtype:trojan-activity; sid:37300851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [Mirai] Outgoing HTTP Domain fucktheccp.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fucktheccp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fucktheccp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 194.110.247.222 59666 (msg: "MISP e26447 [Mirai] Outgoing To IP: 194.110.247.222|59666"; classtype:trojan-activity; sid:37300861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain lesbiano.con-ip.com"; dns.query; content:"lesbiano.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lesbiano\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain lesbiano.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lesbiano.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lesbiano\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain ruby.con-ip.com"; dns.query; content:"ruby.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ruby\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain ruby.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ruby.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ruby\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain hebreo.con-ip.com"; dns.query; content:"hebreo.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hebreo\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain hebreo.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hebreo.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hebreo\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain jerusalen.con-ip.com"; dns.query; content:"jerusalen.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jerusalen\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain jerusalen.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jerusalen.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jerusalen\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain elgigante.con-ip.com"; dns.query; content:"elgigante.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])elgigante\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain elgigante.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elgigante.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elgigante\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain elgrande.con-ip.com"; dns.query; content:"elgrande.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])elgrande\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain elgrande.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elgrande.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elgrande\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain gomelo.con-ip.com"; dns.query; content:"gomelo.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gomelo\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain gomelo.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gomelo.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gomelo\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26447 [] Domain cholin777.con-ip.com"; dns.query; content:"cholin777.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cholin777\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37300731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain cholin777.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cholin777.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cholin777\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 194.110.247.222 59666 (msg: "MISP e26672 [] Outgoing To IP: 194.110.247.222|59666"; classtype:trojan-activity; sid:37495191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain fucktheccp.top"; dns.query; content:"fucktheccp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])fucktheccp\.top$/i"; classtype:trojan-activity; sid:37495201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain fucktheccp.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fucktheccp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fucktheccp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 91.92.244.21 40096 (msg: "MISP e26447 [RedLineStealer] Outgoing To IP: 91.92.244.21|40096"; classtype:trojan-activity; sid:37300871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 91.92.244.21 40096 (msg: "MISP e26672 [] Outgoing To IP: 91.92.244.21|40096"; classtype:trojan-activity; sid:37495211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 20.218.68.91 9552 (msg: "MISP e26672 [] Outgoing To IP: 20.218.68.91|9552"; classtype:trojan-activity; sid:37495221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 46.246.12.14 1995 (msg: "MISP e26672 [] Outgoing To IP: 46.246.12.14|1995"; classtype:trojan-activity; sid:37495231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26446 [] Domain wwwbancoestadocl.theaerie.ca"; dns.query; content:"wwwbancoestadocl.theaerie.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbancoestadocl\.theaerie\.ca$/i"; classtype:trojan-activity; sid:37299971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26446;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26446 [] Outgoing HTTP Domain wwwbancoestadocl.theaerie.ca"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwbancoestadocl.theaerie.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwbancoestadocl\.theaerie\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37299972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26446;) alert ip $HOME_NET any -> 193.233.255.60 15666 (msg: "MISP e26672 [] Outgoing To IP: 193.233.255.60|15666"; classtype:trojan-activity; sid:37495241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 147.45.40.62 9931 (msg: "MISP e26672 [] Outgoing To IP: 147.45.40.62|9931"; classtype:trojan-activity; sid:37495311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain software.dth.wtf"; dns.query; content:"software.dth.wtf"; nocase; pcre: "/(^|[^A-Za-z0-9-])software\.dth\.wtf$/i"; classtype:trojan-activity; sid:37495321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain software.dth.wtf"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"software.dth.wtf"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])software\.dth\.wtf[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 82.117.230.122 54984 (msg: "MISP e26447 [NanoCore,RAT] Outgoing To IP: 82.117.230.122|54984"; classtype:trojan-activity; sid:37300901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 82.117.230.122 54984 (msg: "MISP e26672 [] Outgoing To IP: 82.117.230.122|54984"; classtype:trojan-activity; sid:37495331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26447 [] Domain software.dth.wtf"; dns.query; content:"software.dth.wtf"; nocase; pcre: "/(^|[^A-Za-z0-9-])software\.dth\.wtf$/i"; classtype:trojan-activity; sid:37300891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26447 [] Outgoing HTTP Domain software.dth.wtf"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"software.dth.wtf"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])software\.dth\.wtf[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37300892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 147.45.40.62 9931 (msg: "MISP e26447 [Mirai] Outgoing To IP: 147.45.40.62|9931"; classtype:trojan-activity; sid:37300881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert dns any any -> any any (msg: "MISP e26672 [] Domain yuya0415.duckdns.org"; dns.query; content:"yuya0415.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])yuya0415\.duckdns\.org$/i"; classtype:trojan-activity; sid:37495341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain yuya0415.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yuya0415.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yuya0415\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 18.158.249.75 10540 (msg: "MISP e26672 [] Outgoing To IP: 18.158.249.75|10540"; classtype:trojan-activity; sid:37495401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 3.125.209.94 10540 (msg: "MISP e26672 [] Outgoing To IP: 3.125.209.94|10540"; classtype:trojan-activity; sid:37495411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 147.185.221.18 35017 (msg: "MISP e26672 [] Outgoing To IP: 147.185.221.18|35017"; classtype:trojan-activity; sid:37495421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain content-royal.gl.at.ply.gg"; dns.query; content:"content-royal.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])content\-royal\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37495431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain content-royal.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"content-royal.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])content\-royal\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 193.178.172.180 16346 (msg: "MISP e26447 [RedLineStealer] Outgoing To IP: 193.178.172.180|16346"; classtype:trojan-activity; sid:37300911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 193.178.172.180 16346 (msg: "MISP e26672 [] Outgoing To IP: 193.178.172.180|16346"; classtype:trojan-activity; sid:37495441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 117.252.165.6 52805 (msg: "MISP e26447 [] Outgoing URL http|3a|//117.252.165.6|3a|52805/mozi.m"; flow:to_server,established; http.header; content:"117.252.165.6"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37300921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> 117.252.165.6 52805 (msg: "MISP e26672 [] Outgoing URL http|3a|//117.252.165.6|3a|52805/Mozi.m"; flow:to_server,established; http.header; content:"117.252.165.6"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 51.210.244.254 443 (msg: "MISP e26447 [Havoc,OVH] Outgoing To IP: 51.210.244.254|443"; classtype:trojan-activity; sid:37300931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 79.130.49.211 2222 (msg: "MISP e26447 [OTENET-GR Athens - Greece,QakBot] Outgoing To IP: 79.130.49.211|2222"; classtype:trojan-activity; sid:37300941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 113.141.94.195 8888 (msg: "MISP e26447 [CHINANET-BACKBONE No.31Jin-rong Street,Supershell] Outgoing To IP: 113.141.94.195|8888"; classtype:trojan-activity; sid:37300951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 113.141.94.195 8888 (msg: "MISP e26672 [] Outgoing To IP: 113.141.94.195|8888"; classtype:trojan-activity; sid:37495461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 79.130.49.211 2222 (msg: "MISP e26672 [] Outgoing To IP: 79.130.49.211|2222"; classtype:trojan-activity; sid:37495471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 51.210.244.254 443 (msg: "MISP e26672 [] Outgoing To IP: 51.210.244.254|443"; classtype:trojan-activity; sid:37495481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 18.158.249.75 18563 (msg: "MISP e26447 [njrat] Outgoing To IP: 18.158.249.75|18563"; classtype:trojan-activity; sid:37300961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 18.192.31.165 18563 (msg: "MISP e26447 [njrat] Outgoing To IP: 18.192.31.165|18563"; classtype:trojan-activity; sid:37300971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 3.125.102.39 18563 (msg: "MISP e26447 [njrat] Outgoing To IP: 3.125.102.39|18563"; classtype:trojan-activity; sid:37300981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 3.124.142.205 18563 (msg: "MISP e26447 [njrat] Outgoing To IP: 3.124.142.205|18563"; classtype:trojan-activity; sid:37300991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 3.124.142.205 18563 (msg: "MISP e26672 [] Outgoing To IP: 3.124.142.205|18563"; classtype:trojan-activity; sid:37495491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 3.125.102.39 18563 (msg: "MISP e26672 [] Outgoing To IP: 3.125.102.39|18563"; classtype:trojan-activity; sid:37495501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 18.192.31.165 18563 (msg: "MISP e26672 [] Outgoing To IP: 18.192.31.165|18563"; classtype:trojan-activity; sid:37495511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 18.158.249.75 18563 (msg: "MISP e26672 [] Outgoing To IP: 18.158.249.75|18563"; classtype:trojan-activity; sid:37495521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 3.6.122.107 17383 (msg: "MISP e26447 [RedLineStealer] Outgoing To IP: 3.6.122.107|17383"; classtype:trojan-activity; sid:37301001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 3.6.98.232 17383 (msg: "MISP e26447 [RedLineStealer] Outgoing To IP: 3.6.98.232|17383"; classtype:trojan-activity; sid:37301011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 3.6.98.232 17383 (msg: "MISP e26672 [] Outgoing To IP: 3.6.98.232|17383"; classtype:trojan-activity; sid:37495531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 3.6.122.107 17383 (msg: "MISP e26672 [] Outgoing To IP: 3.6.122.107|17383"; classtype:trojan-activity; sid:37495541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 147.185.221.17 10652 (msg: "MISP e26447 [njrat] Outgoing To IP: 147.185.221.17|10652"; classtype:trojan-activity; sid:37301021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 147.185.221.17 10652 (msg: "MISP e26672 [] Outgoing To IP: 147.185.221.17|10652"; classtype:trojan-activity; sid:37495551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 193.163.7.160 $HTTP_PORTS (msg: "MISP e26447 [Stealc] Outgoing URL http|3a|//193.163.7.160/f95721327cee196f.php"; flow:to_server,established; http.header; content:"193.163.7.160"; fast_pattern; nocase; http.uri; content:"/f95721327cee196f.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37301031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 3.125.209.94 18563 (msg: "MISP e26672 [] Outgoing To IP: 3.125.209.94|18563"; classtype:trojan-activity; sid:37495561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain mary-cottage.gl.at.ply.gg"; dns.query; content:"mary-cottage.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])mary\-cottage\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37495571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain mary-cottage.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mary-cottage.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mary\-cottage\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> 193.163.7.160 $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//193.163.7.160/f95721327cee196f.php"; flow:to_server,established; http.header; content:"193.163.7.160"; fast_pattern; nocase; http.uri; content:"/f95721327cee196f.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26447 [AZORult] Outgoing URL http|3a|//parals.ac.ug/index.php"; flow:to_server,established; http.header; content:"parals.ac.ug"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37301041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26447 [dcrat] Outgoing URL http|3a|//chromestartup.top/requesthttpupdategamebigloadasyncuploads.php"; flow:to_server,established; http.header; content:"chromestartup.top"; fast_pattern; nocase; http.uri; content:"/requesthttpupdategamebigloadasyncuploads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37301051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//chromestartup.top/requesthttpupdateGameBigloadAsyncuploads.php"; flow:to_server,established; http.header; content:"chromestartup.top"; fast_pattern; nocase; http.uri; content:"/requesthttpupdateGameBigloadAsyncuploads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26672 [] Outgoing URL http|3a|//parals.ac.ug/index.php"; flow:to_server,established; http.header; content:"parals.ac.ug"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37495601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 193.233.21.140 4001 (msg: "MISP e26447 [SystemBC] Outgoing To IP: 193.233.21.140|4001"; classtype:trojan-activity; sid:37301061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 193.233.21.140 4001 (msg: "MISP e26672 [] Outgoing To IP: 193.233.21.140|4001"; classtype:trojan-activity; sid:37495611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain gemcreedarticulateod.shop"; dns.query; content:"gemcreedarticulateod.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])gemcreedarticulateod\.shop$/i"; classtype:trojan-activity; sid:37495621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain gemcreedarticulateod.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gemcreedarticulateod.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gemcreedarticulateod\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain claimconcessionrebe.shop"; dns.query; content:"claimconcessionrebe.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])claimconcessionrebe\.shop$/i"; classtype:trojan-activity; sid:37495631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain claimconcessionrebe.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"claimconcessionrebe.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])claimconcessionrebe\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain liabilityarrangemenyit.shop"; dns.query; content:"liabilityarrangemenyit.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])liabilityarrangemenyit\.shop$/i"; classtype:trojan-activity; sid:37495641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain liabilityarrangemenyit.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liabilityarrangemenyit.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liabilityarrangemenyit\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain basenetgear.world"; dns.query; content:"basenetgear.world"; nocase; pcre: "/(^|[^A-Za-z0-9-])basenetgear\.world$/i"; classtype:trojan-activity; sid:37495691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain basenetgear.world"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"basenetgear.world"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])basenetgear\.world[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain eeatgoodx.com"; dns.query; content:"eeatgoodx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eeatgoodx\.com$/i"; classtype:trojan-activity; sid:37495701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain eeatgoodx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eeatgoodx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eeatgoodx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain frenchpies.org"; dns.query; content:"frenchpies.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])frenchpies\.org$/i"; classtype:trojan-activity; sid:37495711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain frenchpies.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frenchpies.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frenchpies\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert dns any any -> any any (msg: "MISP e26672 [] Domain tnoodlezy.com"; dns.query; content:"tnoodlezy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tnoodlezy\.com$/i"; classtype:trojan-activity; sid:37495721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26672 [] Outgoing HTTP Domain tnoodlezy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tnoodlezy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tnoodlezy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37495722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26672;) alert ip $HOME_NET any -> 49.13.194.252 10919 (msg: "MISP e26447 [RedLineStealer] Outgoing To IP: 49.13.194.252|10919"; classtype:trojan-activity; sid:37301071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 49.13.194.252 10919 (msg: "MISP e26460 [RedLineStealer] Outgoing To IP: 49.13.194.252|10919"; classtype:trojan-activity; sid:37302701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 147.185.221.18 29182 (msg: "MISP e26447 [njrat] Outgoing To IP: 147.185.221.18|29182"; classtype:trojan-activity; sid:37301081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26447;) alert ip $HOME_NET any -> 147.185.221.18 29182 (msg: "MISP e26460 [njrat,misp-galaxy:malpedia="NjRAT"] Outgoing To IP: 147.185.221.18|29182"; classtype:trojan-activity; sid:37302711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 103.195.236.98 23 (msg: "MISP e26460 [Gafgyt,misp-galaxy:malpedia="Bashlite",misp:confidence-level="usually-confident"] Outgoing To IP: 103.195.236.98|23"; classtype:trojan-activity; sid:37302741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg: "MISP e26460 [] Outgoing URL http|3a|//persikmonkiey7drone.com|3a|80"; flow:to_server,established; http.header; content:"persikmonkiey7drone.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37302751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain persikmonkiey7drone.com"; dns.query; content:"persikmonkiey7drone.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])persikmonkiey7drone\.com$/i"; classtype:trojan-activity; sid:37302761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain persikmonkiey7drone.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"persikmonkiey7drone.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])persikmonkiey7drone\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 3.127.138.57 15020 (msg: "MISP e26460 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 3.127.138.57|15020"; classtype:trojan-activity; sid:37302771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 3.126.37.18 15020 (msg: "MISP e26460 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 3.126.37.18|15020"; classtype:trojan-activity; sid:37302781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 172.67.167.246 80 (msg: "MISP e26460 [] Outgoing To IP: 172.67.167.246|80"; classtype:trojan-activity; sid:37302791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26448 [] Domain mii-tarjetacencosud-cl.bhojpuriacademy.org"; dns.query; content:"mii-tarjetacencosud-cl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mii\-tarjetacencosud\-cl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37301111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26448;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26448 [] Outgoing HTTP Domain mii-tarjetacencosud-cl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mii-tarjetacencosud-cl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mii\-tarjetacencosud\-cl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26448;) alert ip $HOME_NET any -> 2.34.147.152 9002 (msg: "MISP e26450 [Brute Ratel C4,VODAFONE-IT-ASN] Outgoing To IP: 2.34.147.152|9002"; classtype:trojan-activity; sid:37301401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 43.198.108.245 443 (msg: "MISP e26450 [AMAZON-02,Deimos] Outgoing To IP: 43.198.108.245|443"; classtype:trojan-activity; sid:37301411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 37.120.239.146 8085 (msg: "MISP e26450 [Bianlian Go Trojan,M247] Outgoing To IP: 37.120.239.146|8085"; classtype:trojan-activity; sid:37301421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 185.83.113.126 32004 (msg: "MISP e26450 [Bianlian Go Trojan,HOSTIRAN-NETWORK] Outgoing To IP: 185.83.113.126|32004"; classtype:trojan-activity; sid:37301431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 191.96.53.132 443 (msg: "MISP e26450 [AS-HOSTINGER,Havoc] Outgoing To IP: 191.96.53.132|443"; classtype:trojan-activity; sid:37301441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 24.199.107.91 443 (msg: "MISP e26450 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 24.199.107.91|443"; classtype:trojan-activity; sid:37301451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 94.237.54.16 445 (msg: "MISP e26450 [Responder,UPCLOUD] Outgoing To IP: 94.237.54.16|445"; classtype:trojan-activity; sid:37301461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 175.10.222.136 4432 (msg: "MISP e26450 [CHINANET-BACKBONE No.31Jin-rong Street,QakBot] Outgoing To IP: 175.10.222.136|4432"; classtype:trojan-activity; sid:37301471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 41.98.29.102 443 (msg: "MISP e26450 [ALGTEL-AS,QakBot] Outgoing To IP: 41.98.29.102|443"; classtype:trojan-activity; sid:37301481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 14.202.148.249 443 (msg: "MISP e26450 [QakBot,TPG-INTERNET-AP TPG Telecom Limited] Outgoing To IP: 14.202.148.249|443"; classtype:trojan-activity; sid:37301491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 14.202.148.249 443 (msg: "MISP e26460 [] Outgoing To IP: 14.202.148.249|443"; classtype:trojan-activity; sid:37302801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 41.98.29.102 443 (msg: "MISP e26460 [] Outgoing To IP: 41.98.29.102|443"; classtype:trojan-activity; sid:37302811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 175.10.222.136 4432 (msg: "MISP e26460 [] Outgoing To IP: 175.10.222.136|4432"; classtype:trojan-activity; sid:37302821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 94.237.54.16 445 (msg: "MISP e26460 [] Outgoing To IP: 94.237.54.16|445"; classtype:trojan-activity; sid:37302831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 24.199.107.91 443 (msg: "MISP e26460 [] Outgoing To IP: 24.199.107.91|443"; classtype:trojan-activity; sid:37302841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 191.96.53.132 443 (msg: "MISP e26460 [] Outgoing To IP: 191.96.53.132|443"; classtype:trojan-activity; sid:37302851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 185.83.113.126 32004 (msg: "MISP e26460 [] Outgoing To IP: 185.83.113.126|32004"; classtype:trojan-activity; sid:37302861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 37.120.239.146 8085 (msg: "MISP e26460 [] Outgoing To IP: 37.120.239.146|8085"; classtype:trojan-activity; sid:37302871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 43.198.108.245 443 (msg: "MISP e26460 [] Outgoing To IP: 43.198.108.245|443"; classtype:trojan-activity; sid:37302881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 2.34.147.152 9002 (msg: "MISP e26460 [] Outgoing To IP: 2.34.147.152|9002"; classtype:trojan-activity; sid:37302891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26450 [] Domain liabilityarrangemenyit.shop"; dns.query; content:"liabilityarrangemenyit.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])liabilityarrangemenyit\.shop$/i"; classtype:trojan-activity; sid:37301391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain liabilityarrangemenyit.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liabilityarrangemenyit.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liabilityarrangemenyit\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain gemcreedarticulateod.shop"; dns.query; content:"gemcreedarticulateod.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])gemcreedarticulateod\.shop$/i"; classtype:trojan-activity; sid:37301371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain gemcreedarticulateod.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gemcreedarticulateod.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gemcreedarticulateod\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain claimconcessionrebe.shop"; dns.query; content:"claimconcessionrebe.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])claimconcessionrebe\.shop$/i"; classtype:trojan-activity; sid:37301381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain claimconcessionrebe.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"claimconcessionrebe.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])claimconcessionrebe\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [njrat,RAT] Domain mary-cottage.gl.at.ply.gg"; dns.query; content:"mary-cottage.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])mary\-cottage\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37301311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [njrat,RAT] Outgoing HTTP Domain mary-cottage.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mary-cottage.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mary\-cottage\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 3.125.209.94 18563 (msg: "MISP e26450 [njrat,RAT] Outgoing To IP: 3.125.209.94|18563"; classtype:trojan-activity; sid:37301321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [njrat,RAT] Domain content-royal.gl.at.ply.gg"; dns.query; content:"content-royal.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])content\-royal\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37301281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [njrat,RAT] Outgoing HTTP Domain content-royal.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"content-royal.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])content\-royal\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 3.125.209.94 10540 (msg: "MISP e26450 [njrat,RAT] Outgoing To IP: 3.125.209.94|10540"; classtype:trojan-activity; sid:37301291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 18.158.249.75 10540 (msg: "MISP e26450 [njrat,RAT] Outgoing To IP: 18.158.249.75|10540"; classtype:trojan-activity; sid:37301301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 147.185.221.18 35017 (msg: "MISP e26450 [njrat,RAT] Outgoing To IP: 147.185.221.18|35017"; classtype:trojan-activity; sid:37301271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [Latrodectus] Domain saicetyapy.space"; dns.query; content:"saicetyapy.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])saicetyapy\.space$/i"; classtype:trojan-activity; sid:37301511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [Latrodectus] Outgoing HTTP Domain saicetyapy.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saicetyapy.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saicetyapy\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [Latrodectus] Domain antyparkov.site"; dns.query; content:"antyparkov.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])antyparkov\.site$/i"; classtype:trojan-activity; sid:37301521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [Latrodectus] Outgoing HTTP Domain antyparkov.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"antyparkov.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])antyparkov\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26460 [] Domain saicetyapy.space"; dns.query; content:"saicetyapy.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])saicetyapy\.space$/i"; classtype:trojan-activity; sid:37302931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain saicetyapy.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saicetyapy.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saicetyapy\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain antyparkov.site"; dns.query; content:"antyparkov.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])antyparkov\.site$/i"; classtype:trojan-activity; sid:37302941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain antyparkov.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"antyparkov.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])antyparkov\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26450 [Mirai] Domain botnet.networkbotbet.top"; dns.query; content:"botnet.networkbotbet.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.networkbotbet\.top$/i"; classtype:trojan-activity; sid:37301551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [Mirai] Outgoing HTTP Domain botnet.networkbotbet.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.networkbotbet.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.networkbotbet\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [Mirai] Domain networkbotbet.top"; dns.query; content:"networkbotbet.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])networkbotbet\.top$/i"; classtype:trojan-activity; sid:37301561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [Mirai] Outgoing HTTP Domain networkbotbet.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"networkbotbet.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])networkbotbet\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 91.92.240.138 56999 (msg: "MISP e26450 [Mirai] Outgoing To IP: 91.92.240.138|56999"; classtype:trojan-activity; sid:37301571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 91.92.240.138 56999 (msg: "MISP e26460 [] Outgoing To IP: 91.92.240.138|56999"; classtype:trojan-activity; sid:37302951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain botnet.networkbotbet.top"; dns.query; content:"botnet.networkbotbet.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.networkbotbet\.top$/i"; classtype:trojan-activity; sid:37302961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain botnet.networkbotbet.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.networkbotbet.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.networkbotbet\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain networkbotbet.top"; dns.query; content:"networkbotbet.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])networkbotbet\.top$/i"; classtype:trojan-activity; sid:37302971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain networkbotbet.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"networkbotbet.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])networkbotbet\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 91.92.240.138 2023 (msg: "MISP e26460 [] Outgoing To IP: 91.92.240.138|2023"; classtype:trojan-activity; sid:37302981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 5.78.70.86 443 (msg: "MISP e26450 [CobaltStrike,cs-watermark-987654321,HETZNER-CLOUD3-AS] Outgoing To IP: 5.78.70.86|443"; classtype:trojan-activity; sid:37301601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 154.82.81.136 443 (msg: "MISP e26450 [CobaltStrike,cs-watermark-987654321,TERAEXCH] Outgoing To IP: 154.82.81.136|443"; classtype:trojan-activity; sid:37301621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 154.82.81.136 443 (msg: "MISP e26460 [] Outgoing To IP: 154.82.81.136|443"; classtype:trojan-activity; sid:37302991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 5.78.70.86 443 (msg: "MISP e26460 [] Outgoing To IP: 5.78.70.86|443"; classtype:trojan-activity; sid:37303011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 91.92.240.138 2023 (msg: "MISP e26450 [] Outgoing To IP: 91.92.240.138|2023"; classtype:trojan-activity; sid:37301581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 45.86.86.60 3912 (msg: "MISP e26450 [Mirai] Outgoing To IP: 45.86.86.60|3912"; classtype:trojan-activity; sid:37301631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 45.86.86.60 3912 (msg: "MISP e26460 [] Outgoing To IP: 45.86.86.60|3912"; classtype:trojan-activity; sid:37303031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26603 [] Domain tiesas.lv-riga-elieta.net"; dns.query; content:"tiesas.lv-riga-elieta.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net$/i"; classtype:trojan-activity; sid:37487381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26603;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26603 [] Outgoing HTTP Domain tiesas.lv-riga-elieta.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-riga-elieta.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26603;) alert dns any any -> any any (msg: "MISP e26602 [] Domain tiesas.lv-riga-elieta.net"; dns.query; content:"tiesas.lv-riga-elieta.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net$/i"; classtype:trojan-activity; sid:37487351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26602;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26602 [] Outgoing HTTP Domain tiesas.lv-riga-elieta.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-riga-elieta.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26602;) alert dns any any -> any any (msg: "MISP e26457 [] Domain tiesas.lv-riga-elieta.net"; dns.query; content:"tiesas.lv-riga-elieta.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net$/i"; classtype:trojan-activity; sid:37302631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26457;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26457 [] Outgoing HTTP Domain tiesas.lv-riga-elieta.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-riga-elieta.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26457;) alert dns any any -> any any (msg: "MISP e26452 [] Domain tiesas.lv-riga-elieta.net"; dns.query; content:"tiesas.lv-riga-elieta.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net$/i"; classtype:trojan-activity; sid:37302381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26452;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26452 [] Outgoing HTTP Domain tiesas.lv-riga-elieta.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-riga-elieta.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26452;) alert dns any any -> any any (msg: "MISP e26456 [] Domain tiesas.lv-riga-elieta.net"; dns.query; content:"tiesas.lv-riga-elieta.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net$/i"; classtype:trojan-activity; sid:37302601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26456;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26456 [] Outgoing HTTP Domain tiesas.lv-riga-elieta.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-riga-elieta.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26456;) alert dns any any -> any any (msg: "MISP e26462 [] Domain tiesas.lv-riga-elieta.net"; dns.query; content:"tiesas.lv-riga-elieta.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net$/i"; classtype:trojan-activity; sid:37303891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26462;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26462 [] Outgoing HTTP Domain tiesas.lv-riga-elieta.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-riga-elieta.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26462;) alert dns any any -> any any (msg: "MISP e26601 [] Domain tiesas.lv-riga-elieta.net"; dns.query; content:"tiesas.lv-riga-elieta.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net$/i"; classtype:trojan-activity; sid:37487321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26601;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26601 [] Outgoing HTTP Domain tiesas.lv-riga-elieta.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-riga-elieta.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26601;) alert dns any any -> any any (msg: "MISP e26451 [] Domain tiesas.lv-riga-elieta.net"; dns.query; content:"tiesas.lv-riga-elieta.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net$/i"; classtype:trojan-activity; sid:37302351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26451;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26451 [] Outgoing HTTP Domain tiesas.lv-riga-elieta.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-riga-elieta.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26451;) alert dns any any -> any any (msg: "MISP e26459 [] Domain tiesas.lv-riga-elieta.net"; dns.query; content:"tiesas.lv-riga-elieta.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net$/i"; classtype:trojan-activity; sid:37302671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26459;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26459 [] Outgoing HTTP Domain tiesas.lv-riga-elieta.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiesas.lv-riga-elieta.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiesas\.lv\-riga\-elieta\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26459;) alert ip $HOME_NET any -> 179.43.175.207 809 (msg: "MISP e26460 [] Outgoing To IP: 179.43.175.207|809"; classtype:trojan-activity; sid:37303041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> 154.9.255.31 6666 (msg: "MISP e26450 [CobaltStrike,cs-watermark-100000,NetLab Global] Outgoing URL http|3a|//154.9.255.31|3a|6666/dot.gif"; flow:to_server,established; http.header; content:"154.9.255.31"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37301641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> 106.12.124.212 8012 (msg: "MISP e26450 [Beijing Baidu Netcom Science and Technology Co. Ltd.,CobaltStrike,cs-watermark-391144938] Outgoing URL http|3a|//106.12.124.212|3a|8012/azure/api/v2/userinfo/get"; flow:to_server,established; http.header; content:"106.12.124.212"; fast_pattern; nocase; http.uri; content:"/azure/api/v2/userinfo/get"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37301651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> 139.155.127.233 8790 (msg: "MISP e26450 [CobaltStrike,cs-watermark-0,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//139.155.127.233|3a|8790/ga.js"; flow:to_server,established; http.header; content:"139.155.127.233"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37301661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> 213.109.202.222 $HTTP_PORTS (msg: "MISP e26450 [CobaltStrike,cs-watermark-1357776117,Red Byte LLC] Outgoing URL http|3a|//213.109.202.222/pixel.gif"; flow:to_server,established; http.header; content:"213.109.202.222"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37301671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> 152.136.55.237 8088 (msg: "MISP e26450 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//152.136.55.237|3a|8088/cx"; flow:to_server,established; http.header; content:"152.136.55.237"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37301681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> 152.136.55.237 8088 (msg: "MISP e26460 [] Outgoing URL http|3a|//152.136.55.237|3a|8088/cx"; flow:to_server,established; http.header; content:"152.136.55.237"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37303051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> 213.109.202.222 $HTTP_PORTS (msg: "MISP e26460 [] Outgoing URL http|3a|//213.109.202.222/pixel.gif"; flow:to_server,established; http.header; content:"213.109.202.222"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37303061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> 139.155.127.233 8790 (msg: "MISP e26460 [] Outgoing URL http|3a|//139.155.127.233|3a|8790/ga.js"; flow:to_server,established; http.header; content:"139.155.127.233"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37303071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> 106.12.124.212 8012 (msg: "MISP e26460 [] Outgoing URL http|3a|//106.12.124.212|3a|8012/azure/api/v2/userinfo/get"; flow:to_server,established; http.header; content:"106.12.124.212"; fast_pattern; nocase; http.uri; content:"/azure/api/v2/userinfo/get"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37303081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> 154.9.255.31 6666 (msg: "MISP e26460 [] Outgoing URL http|3a|//154.9.255.31|3a|6666/dot.gif"; flow:to_server,established; http.header; content:"154.9.255.31"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37303091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26450 [Mirai] Domain net-killer.servehttp.com"; dns.query; content:"net-killer.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com$/i"; classtype:trojan-activity; sid:37301691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [Mirai] Outgoing HTTP Domain net-killer.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"net-killer.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26460 [] Domain net-killer.servehttp.com"; dns.query; content:"net-killer.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com$/i"; classtype:trojan-activity; sid:37303101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain net-killer.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"net-killer.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26450 [Mirai] Domain mostnet.servegame.com"; dns.query; content:"mostnet.servegame.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mostnet\.servegame\.com$/i"; classtype:trojan-activity; sid:37301701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [Mirai] Outgoing HTTP Domain mostnet.servegame.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mostnet.servegame.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mostnet\.servegame\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26460 [] Domain mostnet.servegame.com"; dns.query; content:"mostnet.servegame.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mostnet\.servegame\.com$/i"; classtype:trojan-activity; sid:37303111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain mostnet.servegame.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mostnet.servegame.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mostnet\.servegame\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain absolutecache.com"; dns.query; content:"absolutecache.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])absolutecache\.com$/i"; classtype:trojan-activity; sid:37303121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain absolutecache.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"absolutecache.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])absolutecache\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 154.29.75.236 443 (msg: "MISP e26460 [] Outgoing To IP: 154.29.75.236|443"; classtype:trojan-activity; sid:37303131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain net-killer.online"; dns.query; content:"net-killer.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.online$/i"; classtype:trojan-activity; sid:37303141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain net-killer.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"net-killer.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain botnet.serveblog.net"; dns.query; content:"botnet.serveblog.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.serveblog\.net$/i"; classtype:trojan-activity; sid:37303151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain botnet.serveblog.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.serveblog.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.serveblog\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 81.94.150.21 443 (msg: "MISP e26460 [] Outgoing To IP: 81.94.150.21|443"; classtype:trojan-activity; sid:37303161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain abc.anti-ddos.io.vn"; dns.query; content:"abc.anti-ddos.io.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-])abc\.anti\-ddos\.io\.vn$/i"; classtype:trojan-activity; sid:37303171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain abc.anti-ddos.io.vn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"abc.anti-ddos.io.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])abc\.anti\-ddos\.io\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 103.47.195.200 42597 (msg: "MISP e26460 [] Outgoing To IP: 103.47.195.200|42597"; classtype:trojan-activity; sid:37303181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26450 [] Domain net-killer.online"; dns.query; content:"net-killer.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.online$/i"; classtype:trojan-activity; sid:37301711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain net-killer.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"net-killer.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain botnet.serveblog.net"; dns.query; content:"botnet.serveblog.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.serveblog\.net$/i"; classtype:trojan-activity; sid:37301721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain botnet.serveblog.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.serveblog.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.serveblog\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26460 [] Domain 714745cm.nyashland.top"; dns.query; content:"714745cm.nyashland.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])714745cm\.nyashland\.top$/i"; classtype:trojan-activity; sid:37303191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain 714745cm.nyashland.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"714745cm.nyashland.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])714745cm\.nyashland\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26478 [] Domain www.ac59.fun"; dns.query; content:"www.ac59.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ac59\.fun$/i"; classtype:trojan-activity; sid:37479681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26478 [] Outgoing HTTP Domain www.ac59.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.ac59.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ac59\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479682; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert dns any any -> any any (msg: "MISP e26478 [] Domain www.benappetit.co.uk"; dns.query; content:"www.benappetit.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.benappetit\.co\.uk$/i"; classtype:trojan-activity; sid:37479691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26478 [] Outgoing HTTP Domain www.benappetit.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.benappetit.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.benappetit\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479692; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert dns any any -> any any (msg: "MISP e26478 [] Domain www.dadatonsaka.com"; dns.query; content:"www.dadatonsaka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.dadatonsaka\.com$/i"; classtype:trojan-activity; sid:37479701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26478 [] Outgoing HTTP Domain www.dadatonsaka.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.dadatonsaka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.dadatonsaka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert dns any any -> any any (msg: "MISP e26478 [] Domain www.eycuihzb2.sbs"; dns.query; content:"www.eycuihzb2.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.eycuihzb2\.sbs$/i"; classtype:trojan-activity; sid:37479711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26478 [] Outgoing HTTP Domain www.eycuihzb2.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.eycuihzb2.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.eycuihzb2\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert dns any any -> any any (msg: "MISP e26478 [] Domain www.gender.agency"; dns.query; content:"www.gender.agency"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gender\.agency$/i"; classtype:trojan-activity; sid:37479721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26478 [] Outgoing HTTP Domain www.gender.agency"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.gender.agency"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gender\.agency[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479722; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert dns any any -> any any (msg: "MISP e26478 [] Domain www.hillfinconsult.com"; dns.query; content:"www.hillfinconsult.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hillfinconsult\.com$/i"; classtype:trojan-activity; sid:37479731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26478 [] Outgoing HTTP Domain www.hillfinconsult.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.hillfinconsult.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hillfinconsult\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479732; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert dns any any -> any any (msg: "MISP e26478 [] Domain www.nwtrackclinic.com"; dns.query; content:"www.nwtrackclinic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nwtrackclinic\.com$/i"; classtype:trojan-activity; sid:37479741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26478 [] Outgoing HTTP Domain www.nwtrackclinic.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nwtrackclinic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nwtrackclinic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert dns any any -> any any (msg: "MISP e26478 [] Domain www.rosebearwrld.com"; dns.query; content:"www.rosebearwrld.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.rosebearwrld\.com$/i"; classtype:trojan-activity; sid:37479751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26478 [] Outgoing HTTP Domain www.rosebearwrld.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.rosebearwrld.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.rosebearwrld\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert dns any any -> any any (msg: "MISP e26478 [] Domain www.sqlite.org"; dns.query; content:"www.sqlite.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sqlite\.org$/i"; classtype:trojan-activity; sid:37479761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26478 [] Outgoing HTTP Domain www.sqlite.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.sqlite.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sqlite\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert dns any any -> any any (msg: "MISP e26478 [] Domain www.www89kyu.com"; dns.query; content:"www.www89kyu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.www89kyu\.com$/i"; classtype:trojan-activity; sid:37479771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26478 [] Outgoing HTTP Domain www.www89kyu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.www89kyu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.www89kyu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert dns any any -> any any (msg: "MISP e26478 [] Domain www.yhz40.top"; dns.query; content:"www.yhz40.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.yhz40\.top$/i"; classtype:trojan-activity; sid:37479781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26478 [] Outgoing HTTP Domain www.yhz40.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.yhz40.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.yhz40\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479782; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26478;) alert ip $HOME_NET any -> 18.134.234.207 3306 (msg: "MISP e26450 [QuasarRAT,RAT] Outgoing To IP: 18.134.234.207|3306"; classtype:trojan-activity; sid:37301781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26460 [] Domain finance-govnp.servehalflife.com"; dns.query; content:"finance-govnp.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govnp\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37303201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain finance-govnp.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"finance-govnp.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govnp\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain mail-ntcgovpk.servehttp.com"; dns.query; content:"mail-ntcgovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-ntcgovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37303211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain mail-ntcgovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-ntcgovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-ntcgovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain mail-scogovpk.servehttp.com"; dns.query; content:"mail-scogovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-scogovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37303221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain mail-scogovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-scogovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-scogovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain mof-govnp.servehttp.com"; dns.query; content:"mof-govnp.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mof\-govnp\.servehttp\.com$/i"; classtype:trojan-activity; sid:37303231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain mof-govnp.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mof-govnp.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mof\-govnp\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26450 [APT,SideWinder] Domain mof-govnp.servehttp.com"; dns.query; content:"mof-govnp.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mof\-govnp\.servehttp\.com$/i"; classtype:trojan-activity; sid:37301771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [APT,SideWinder] Outgoing HTTP Domain mof-govnp.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mof-govnp.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mof\-govnp\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [APT,SideWinder] Domain mail-ntcgovpk.servehttp.com"; dns.query; content:"mail-ntcgovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-ntcgovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37301751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [APT,SideWinder] Outgoing HTTP Domain mail-ntcgovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-ntcgovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-ntcgovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [APT,SideWinder] Domain mail-scogovpk.servehttp.com"; dns.query; content:"mail-scogovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-scogovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37301761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [APT,SideWinder] Outgoing HTTP Domain mail-scogovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-scogovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-scogovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [dcrat,RAT] Domain 714745cm.nyashland.top"; dns.query; content:"714745cm.nyashland.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])714745cm\.nyashland\.top$/i"; classtype:trojan-activity; sid:37301731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [dcrat,RAT] Outgoing HTTP Domain 714745cm.nyashland.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"714745cm.nyashland.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])714745cm\.nyashland\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [APT,SideWinder] Domain finance-govnp.servehalflife.com"; dns.query; content:"finance-govnp.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govnp\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37301741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [APT,SideWinder] Outgoing HTTP Domain finance-govnp.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"finance-govnp.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])finance\-govnp\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 18.134.234.207 3306 (msg: "MISP e26460 [] Outgoing To IP: 18.134.234.207|3306"; classtype:trojan-activity; sid:37303241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26455 [Take Down] Domain mamadishere.site"; dns.query; content:"mamadishere.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])mamadishere\.site$/i"; classtype:trojan-activity; sid:37302481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26455;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26455 [Take Down] Outgoing HTTP Domain mamadishere.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mamadishere.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mamadishere\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302482; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26455;) alert dns any any -> any any (msg: "MISP e26455 [Take Down] Hostname v5.mamadishere.site"; dns.query; content:"v5.mamadishere.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])v5\.mamadishere\.site$/i"; classtype:trojan-activity; sid:37302471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26455;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26455 [Take Down] Outgoing HTTP Hostname v5.mamadishere.site"; flow:to_server,established; http.header; content: "Host|3a| v5.mamadishere.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])v5\.mamadishere\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26455;) alert ip $HOME_NET any -> 149.50.209.216 43957 (msg: "MISP e26460 [] Outgoing To IP: 149.50.209.216|43957"; classtype:trojan-activity; sid:37303251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 185.196.9.72 56537 (msg: "MISP e26460 [] Outgoing To IP: 185.196.9.72|56537"; classtype:trojan-activity; sid:37303261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 185.196.9.72 62452 (msg: "MISP e26460 [] Outgoing To IP: 185.196.9.72|62452"; classtype:trojan-activity; sid:37303271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 199.195.249.78 13145 (msg: "MISP e26460 [] Outgoing To IP: 199.195.249.78|13145"; classtype:trojan-activity; sid:37303281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 46.3.113.170 8778 (msg: "MISP e26460 [] Outgoing To IP: 46.3.113.170|8778"; classtype:trojan-activity; sid:37303291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 93.123.85.174 9931 (msg: "MISP e26460 [] Outgoing To IP: 93.123.85.174|9931"; classtype:trojan-activity; sid:37303301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 1.162.151.116 39167 (msg: "MISP e26460 [] Outgoing To IP: 1.162.151.116|39167"; classtype:trojan-activity; sid:37303311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 103.106.228.99 11259 (msg: "MISP e26460 [] Outgoing To IP: 103.106.228.99|11259"; classtype:trojan-activity; sid:37303321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 111.243.109.76 41465 (msg: "MISP e26460 [] Outgoing To IP: 111.243.109.76|41465"; classtype:trojan-activity; sid:37303331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 129.159.55.240 56636 (msg: "MISP e26460 [] Outgoing To IP: 129.159.55.240|56636"; classtype:trojan-activity; sid:37303341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 141.98.11.208 16837 (msg: "MISP e26460 [] Outgoing To IP: 141.98.11.208|16837"; classtype:trojan-activity; sid:37303351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain ackcm.awuam.com"; dns.query; content:"ackcm.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ackcm\.awuam\.com$/i"; classtype:trojan-activity; sid:37303361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain ackcm.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ackcm.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ackcm\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain awuam.com"; dns.query; content:"awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])awuam\.com$/i"; classtype:trojan-activity; sid:37303371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain botnet.awuam.com"; dns.query; content:"botnet.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.awuam\.com$/i"; classtype:trojan-activity; sid:37303381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain botnet.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain bots.awuam.com"; dns.query; content:"bots.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bots\.awuam\.com$/i"; classtype:trojan-activity; sid:37303391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain bots.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bots.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bots\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain ddns.awuam.com"; dns.query; content:"ddns.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ddns\.awuam\.com$/i"; classtype:trojan-activity; sid:37303401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain ddns.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ddns.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ddns\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain ddos.sdxpay.cn"; dns.query; content:"ddos.sdxpay.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])ddos\.sdxpay\.cn$/i"; classtype:trojan-activity; sid:37303411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain ddos.sdxpay.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ddos.sdxpay.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ddos\.sdxpay\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain feckoffbr0.sbs"; dns.query; content:"feckoffbr0.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])feckoffbr0\.sbs$/i"; classtype:trojan-activity; sid:37303421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain feckoffbr0.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"feckoffbr0.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])feckoffbr0\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain mirailovers.ddns.net"; dns.query; content:"mirailovers.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mirailovers\.ddns\.net$/i"; classtype:trojan-activity; sid:37303431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain mirailovers.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mirailovers.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mirailovers\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain nw.awuam.com"; dns.query; content:"nw.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nw\.awuam\.com$/i"; classtype:trojan-activity; sid:37303441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain nw.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nw.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nw\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain qwerty.awuam.com"; dns.query; content:"qwerty.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qwerty\.awuam\.com$/i"; classtype:trojan-activity; sid:37303451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain qwerty.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qwerty.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qwerty\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain weilaibot.net"; dns.query; content:"weilaibot.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])weilaibot\.net$/i"; classtype:trojan-activity; sid:37303461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain weilaibot.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"weilaibot.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])weilaibot\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain zunbot.awuam.com"; dns.query; content:"zunbot.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zunbot\.awuam\.com$/i"; classtype:trojan-activity; sid:37303471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain zunbot.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zunbot.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zunbot\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26449 [] Domain mii-tarjetacencosudcl.bhojpuriacademy.org"; dns.query; content:"mii-tarjetacencosudcl.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mii\-tarjetacencosudcl\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37301201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26449;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26449 [] Outgoing HTTP Domain mii-tarjetacencosudcl.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mii-tarjetacencosudcl.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mii\-tarjetacencosudcl\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26449;) alert ip $HOME_NET any -> 46.3.113.170 8778 (msg: "MISP e26450 [] Outgoing To IP: 46.3.113.170|8778"; classtype:trojan-activity; sid:37302001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 93.123.85.174 9931 (msg: "MISP e26450 [] Outgoing To IP: 93.123.85.174|9931"; classtype:trojan-activity; sid:37302011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 185.196.9.72 62452 (msg: "MISP e26450 [] Outgoing To IP: 185.196.9.72|62452"; classtype:trojan-activity; sid:37301981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 199.195.249.78 13145 (msg: "MISP e26450 [] Outgoing To IP: 199.195.249.78|13145"; classtype:trojan-activity; sid:37301991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain ackcm.awuam.com"; dns.query; content:"ackcm.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ackcm\.awuam\.com$/i"; classtype:trojan-activity; sid:37301791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain ackcm.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ackcm.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ackcm\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain awuam.com"; dns.query; content:"awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])awuam\.com$/i"; classtype:trojan-activity; sid:37301801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain botnet.awuam.com"; dns.query; content:"botnet.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.awuam\.com$/i"; classtype:trojan-activity; sid:37301811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain botnet.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain ddns.awuam.com"; dns.query; content:"ddns.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ddns\.awuam\.com$/i"; classtype:trojan-activity; sid:37301831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain ddns.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ddns.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ddns\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain ddos.sdxpay.cn"; dns.query; content:"ddos.sdxpay.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])ddos\.sdxpay\.cn$/i"; classtype:trojan-activity; sid:37301841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain ddos.sdxpay.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ddos.sdxpay.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ddos\.sdxpay\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain bots.awuam.com"; dns.query; content:"bots.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bots\.awuam\.com$/i"; classtype:trojan-activity; sid:37301821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain bots.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bots.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bots\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain feckoffbr0.sbs"; dns.query; content:"feckoffbr0.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])feckoffbr0\.sbs$/i"; classtype:trojan-activity; sid:37301851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain feckoffbr0.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"feckoffbr0.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])feckoffbr0\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain mirailovers.ddns.net"; dns.query; content:"mirailovers.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mirailovers\.ddns\.net$/i"; classtype:trojan-activity; sid:37301861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain mirailovers.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mirailovers.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mirailovers\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain nw.awuam.com"; dns.query; content:"nw.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nw\.awuam\.com$/i"; classtype:trojan-activity; sid:37301871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain nw.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nw.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nw\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain qwerty.awuam.com"; dns.query; content:"qwerty.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qwerty\.awuam\.com$/i"; classtype:trojan-activity; sid:37301881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain qwerty.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qwerty.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qwerty\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain weilaibot.net"; dns.query; content:"weilaibot.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])weilaibot\.net$/i"; classtype:trojan-activity; sid:37301891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain weilaibot.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"weilaibot.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])weilaibot\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain zunbot.awuam.com"; dns.query; content:"zunbot.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zunbot\.awuam\.com$/i"; classtype:trojan-activity; sid:37301901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain zunbot.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zunbot.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zunbot\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37301902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 1.162.151.116 39167 (msg: "MISP e26450 [] Outgoing To IP: 1.162.151.116|39167"; classtype:trojan-activity; sid:37301911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 103.106.228.99 11259 (msg: "MISP e26450 [] Outgoing To IP: 103.106.228.99|11259"; classtype:trojan-activity; sid:37301921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 111.243.109.76 41465 (msg: "MISP e26450 [] Outgoing To IP: 111.243.109.76|41465"; classtype:trojan-activity; sid:37301931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 141.98.11.208 16837 (msg: "MISP e26450 [] Outgoing To IP: 141.98.11.208|16837"; classtype:trojan-activity; sid:37301951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [njrat,RAT] Domain plus-subcommittee.gl.at.ply.gg"; dns.query; content:"plus-subcommittee.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])plus\-subcommittee\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37302021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [njrat,RAT] Outgoing HTTP Domain plus-subcommittee.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"plus-subcommittee.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])plus\-subcommittee\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 185.196.9.72 56537 (msg: "MISP e26450 [] Outgoing To IP: 185.196.9.72|56537"; classtype:trojan-activity; sid:37301971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 129.159.55.240 56636 (msg: "MISP e26450 [] Outgoing To IP: 129.159.55.240|56636"; classtype:trojan-activity; sid:37301941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 149.50.209.216 43957 (msg: "MISP e26450 [] Outgoing To IP: 149.50.209.216|43957"; classtype:trojan-activity; sid:37301961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 193.161.193.99 31620 (msg: "MISP e26450 [njrat,RAT] Outgoing To IP: 193.161.193.99|31620"; classtype:trojan-activity; sid:37302031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [njrat,RAT] Domain nanoudu30-31620.portmap.host"; dns.query; content:"nanoudu30-31620.portmap.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])nanoudu30\-31620\.portmap\.host$/i"; classtype:trojan-activity; sid:37302041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [njrat,RAT] Outgoing HTTP Domain nanoudu30-31620.portmap.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nanoudu30-31620.portmap.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nanoudu30\-31620\.portmap\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26460 [] Domain nanoudu30-31620.portmap.host"; dns.query; content:"nanoudu30-31620.portmap.host"; nocase; pcre: "/(^|[^A-Za-z0-9-])nanoudu30\-31620\.portmap\.host$/i"; classtype:trojan-activity; sid:37303481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain nanoudu30-31620.portmap.host"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nanoudu30-31620.portmap.host"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nanoudu30\-31620\.portmap\.host[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 193.161.193.99 31620 (msg: "MISP e26460 [] Outgoing To IP: 193.161.193.99|31620"; classtype:trojan-activity; sid:37303491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain plus-subcommittee.gl.at.ply.gg"; dns.query; content:"plus-subcommittee.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])plus\-subcommittee\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37303501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain plus-subcommittee.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"plus-subcommittee.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])plus\-subcommittee\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 51.159.167.215 34241 (msg: "MISP e26460 [] Outgoing To IP: 51.159.167.215|34241"; classtype:trojan-activity; sid:37303511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain discounts-ptclnetpk.servehttp.com"; dns.query; content:"discounts-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])discounts\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37303521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain discounts-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"discounts-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])discounts\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain offers-ptclnetpk.serveftp.com"; dns.query; content:"offers-ptclnetpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37303531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain offers-ptclnetpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain rewards-ptclnetpk.viewdns.net"; dns.query; content:"rewards-ptclnetpk.viewdns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])rewards\-ptclnetpk\.viewdns\.net$/i"; classtype:trojan-activity; sid:37303541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain rewards-ptclnetpk.viewdns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rewards-ptclnetpk.viewdns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rewards\-ptclnetpk\.viewdns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain visualstudiomacupdate.com"; dns.query; content:"visualstudiomacupdate.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])visualstudiomacupdate\.com$/i"; classtype:trojan-activity; sid:37303551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain visualstudiomacupdate.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"visualstudiomacupdate.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])visualstudiomacupdate\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26450 [Backdoor,osx,rustdoor] Domain visualstudiomacupdate.com"; dns.query; content:"visualstudiomacupdate.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])visualstudiomacupdate\.com$/i"; classtype:trojan-activity; sid:37302091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [Backdoor,osx,rustdoor] Outgoing HTTP Domain visualstudiomacupdate.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"visualstudiomacupdate.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])visualstudiomacupdate\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 51.159.167.215 34241 (msg: "MISP e26450 [Mirai] Outgoing To IP: 51.159.167.215|34241"; classtype:trojan-activity; sid:37302081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [APT,SideWinder] Domain discounts-ptclnetpk.servehttp.com"; dns.query; content:"discounts-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])discounts\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37302051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [APT,SideWinder] Outgoing HTTP Domain discounts-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"discounts-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])discounts\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [APT,SideWinder] Domain offers-ptclnetpk.serveftp.com"; dns.query; content:"offers-ptclnetpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37302061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [APT,SideWinder] Outgoing HTTP Domain offers-ptclnetpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [APT,SideWinder] Domain rewards-ptclnetpk.viewdns.net"; dns.query; content:"rewards-ptclnetpk.viewdns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])rewards\-ptclnetpk\.viewdns\.net$/i"; classtype:trojan-activity; sid:37302071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [APT,SideWinder] Outgoing HTTP Domain rewards-ptclnetpk.viewdns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rewards-ptclnetpk.viewdns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rewards\-ptclnetpk\.viewdns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 20.212.217.245 10002 (msg: "MISP e26450 [Deimos,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.212.217.245|10002"; classtype:trojan-activity; sid:37302101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 66.187.7.174 3074 (msg: "MISP e26450 [Mirai] Outgoing To IP: 66.187.7.174|3074"; classtype:trojan-activity; sid:37302111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 45.245.101.32 995 (msg: "MISP e26450 [LINKdotNET-AS,QakBot] Outgoing To IP: 45.245.101.32|995"; classtype:trojan-activity; sid:37302121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 142.247.95.55 443 (msg: "MISP e26450 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 142.247.95.55|443"; classtype:trojan-activity; sid:37302131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 77.49.51.87 995 (msg: "MISP e26450 [FORTHNET-GR Forthnet,QakBot] Outgoing To IP: 77.49.51.87|995"; classtype:trojan-activity; sid:37302141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 102.113.143.173 443 (msg: "MISP e26450 [MauritiusTelecom,QakBot] Outgoing To IP: 102.113.143.173|443"; classtype:trojan-activity; sid:37302151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 104.233.244.98 8888 (msg: "MISP e26450 [PEG-SV,Supershell] Outgoing To IP: 104.233.244.98|8888"; classtype:trojan-activity; sid:37302161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26453 [] Domain nllb-kllk.com"; dns.query; content:"nllb-kllk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nllb\-kllk\.com$/i"; classtype:trojan-activity; sid:37302411; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26453;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26453 [] Outgoing HTTP Domain nllb-kllk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nllb-kllk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nllb\-kllk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302412; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26453;) alert dns any any -> any any (msg: "MISP e26450 [] Domain aquabotnet.xyz"; dns.query; content:"aquabotnet.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])aquabotnet\.xyz$/i"; classtype:trojan-activity; sid:37302171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain aquabotnet.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aquabotnet.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aquabotnet\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain botnet.zapto.org"; dns.query; content:"botnet.zapto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.zapto\.org$/i"; classtype:trojan-activity; sid:37302181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain botnet.zapto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.zapto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.zapto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26450 [] Domain bulldognet.info"; dns.query; content:"bulldognet.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])bulldognet\.info$/i"; classtype:trojan-activity; sid:37302191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26450 [] Outgoing HTTP Domain bulldognet.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bulldognet.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bulldognet\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37302192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert dns any any -> any any (msg: "MISP e26460 [] Domain aquabotnet.xyz"; dns.query; content:"aquabotnet.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])aquabotnet\.xyz$/i"; classtype:trojan-activity; sid:37303561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain aquabotnet.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aquabotnet.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aquabotnet\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain botnet.zapto.org"; dns.query; content:"botnet.zapto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.zapto\.org$/i"; classtype:trojan-activity; sid:37303571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain botnet.zapto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.zapto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.zapto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain bulldognet.info"; dns.query; content:"bulldognet.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])bulldognet\.info$/i"; classtype:trojan-activity; sid:37303581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain bulldognet.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bulldognet.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bulldognet\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 104.233.244.98 8888 (msg: "MISP e26460 [] Outgoing To IP: 104.233.244.98|8888"; classtype:trojan-activity; sid:37303591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 102.113.143.173 443 (msg: "MISP e26460 [] Outgoing To IP: 102.113.143.173|443"; classtype:trojan-activity; sid:37303601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 77.49.51.87 995 (msg: "MISP e26460 [] Outgoing To IP: 77.49.51.87|995"; classtype:trojan-activity; sid:37303611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 142.247.95.55 443 (msg: "MISP e26460 [] Outgoing To IP: 142.247.95.55|443"; classtype:trojan-activity; sid:37303621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 45.245.101.32 995 (msg: "MISP e26460 [] Outgoing To IP: 45.245.101.32|995"; classtype:trojan-activity; sid:37303631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 66.187.7.174 3074 (msg: "MISP e26460 [] Outgoing To IP: 66.187.7.174|3074"; classtype:trojan-activity; sid:37303641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 20.212.217.245 10002 (msg: "MISP e26460 [] Outgoing To IP: 20.212.217.245|10002"; classtype:trojan-activity; sid:37303651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 91.92.251.16 80 (msg: "MISP e26450 [Amadey,ViriBack] Outgoing To IP: 91.92.251.16|80"; classtype:trojan-activity; sid:37302201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 91.92.251.16 80 (msg: "MISP e26460 [] Outgoing To IP: 91.92.251.16|80"; classtype:trojan-activity; sid:37303661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 65.21.212.74 7800 (msg: "MISP e26450 [STRRAT] Outgoing To IP: 65.21.212.74|7800"; classtype:trojan-activity; sid:37302231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26450 [dcrat] Outgoing URL http|3a|//a0913701.xsph.ru/_defaultwindows.php"; flow:to_server,established; http.header; content:"a0913701.xsph.ru"; fast_pattern; nocase; http.uri; content:"/_defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37302241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26460 [] Outgoing URL http|3a|//a0913701.xsph.ru/_Defaultwindows.php"; flow:to_server,established; http.header; content:"a0913701.xsph.ru"; fast_pattern; nocase; http.uri; content:"/_Defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37303691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 65.21.212.74 7800 (msg: "MISP e26460 [] Outgoing To IP: 65.21.212.74|7800"; classtype:trojan-activity; sid:37303701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 185.172.128.33 8970 (msg: "MISP e26460 [] Outgoing To IP: 185.172.128.33|8970"; classtype:trojan-activity; sid:37303711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 3.127.138.57 13627 (msg: "MISP e26460 [] Outgoing To IP: 3.127.138.57|13627"; classtype:trojan-activity; sid:37303721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> 107.189.14.144 8080 (msg: "MISP e26450 [CobaltStrike,cs-watermark-987654321,PONYNET] Outgoing URL http|3a|//107.189.14.144|3a|8080/dot.gif"; flow:to_server,established; http.header; content:"107.189.14.144"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37302251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> 110.41.134.233 $HTTP_PORTS (msg: "MISP e26450 [CobaltStrike,cs-watermark-305419896,Huawei Cloud Service data center] Outgoing URL http|3a|//110.41.134.233/updates.rss"; flow:to_server,established; http.header; content:"110.41.134.233"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37302261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> 43.251.159.58 8637 (msg: "MISP e26450 [CobaltStrike,cs-watermark-305419896,IPTELECOM ASIA] Outgoing URL http|3a|//43.251.159.58|3a|8637/ca"; flow:to_server,established; http.header; content:"43.251.159.58"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37302271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> 43.251.159.58 8637 (msg: "MISP e26460 [] Outgoing URL http|3a|//43.251.159.58|3a|8637/ca"; flow:to_server,established; http.header; content:"43.251.159.58"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37303761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> 110.41.134.233 $HTTP_PORTS (msg: "MISP e26460 [] Outgoing URL http|3a|//110.41.134.233/updates.rss"; flow:to_server,established; http.header; content:"110.41.134.233"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37303771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> 107.189.14.144 8080 (msg: "MISP e26460 [] Outgoing URL http|3a|//107.189.14.144|3a|8080/dot.gif"; flow:to_server,established; http.header; content:"107.189.14.144"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37303781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 87.3.215.35 65199 (msg: "MISP e26460 [] Outgoing To IP: 87.3.215.35|65199"; classtype:trojan-activity; sid:37303791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain ihateciroparisi.serveminecraft.net"; dns.query; content:"ihateciroparisi.serveminecraft.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ihateciroparisi\.serveminecraft\.net$/i"; classtype:trojan-activity; sid:37303801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain ihateciroparisi.serveminecraft.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ihateciroparisi.serveminecraft.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ihateciroparisi\.serveminecraft\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26450 [dcrat] Outgoing URL http|3a|//a0916462.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0916462.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37302311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26460 [] Outgoing URL http|3a|//a0916462.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0916462.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37303811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain foodmattkent.live"; dns.query; content:"foodmattkent.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])foodmattkent\.live$/i"; classtype:trojan-activity; sid:37303821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain foodmattkent.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"foodmattkent.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])foodmattkent\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 207.246.120.23 8140 (msg: "MISP e26460 [] Outgoing To IP: 207.246.120.23|8140"; classtype:trojan-activity; sid:37303831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain winvipbonus.life"; dns.query; content:"winvipbonus.life"; nocase; pcre: "/(^|[^A-Za-z0-9-])winvipbonus\.life$/i"; classtype:trojan-activity; sid:37303841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain winvipbonus.life"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"winvipbonus.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])winvipbonus\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert dns any any -> any any (msg: "MISP e26460 [] Domain day.50adayplan.com"; dns.query; content:"day.50adayplan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])day\.50adayplan\.com$/i"; classtype:trojan-activity; sid:37303851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26460 [] Outgoing HTTP Domain day.50adayplan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"day.50adayplan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])day\.50adayplan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37303852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 46.183.220.203 35966 (msg: "MISP e26450 [RAT,RemcosRAT] Outgoing To IP: 46.183.220.203|35966"; classtype:trojan-activity; sid:37302321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 46.183.220.203 35966 (msg: "MISP e26460 [] Outgoing To IP: 46.183.220.203|35966"; classtype:trojan-activity; sid:37303861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26460;) alert ip $HOME_NET any -> 116.203.63.87 9216 (msg: "MISP e26450 [RedLineStealer] Outgoing To IP: 116.203.63.87|9216"; classtype:trojan-activity; sid:37302331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert ip $HOME_NET any -> 116.203.63.87 9216 (msg: "MISP e26671 [RedLineStealer] Outgoing To IP: 116.203.63.87|9216"; classtype:trojan-activity; sid:37493681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26450 [dcrat] Outgoing URL http|3a|//a0919334.xsph.ru/9bc7b45d.php"; flow:to_server,established; http.header; content:"a0919334.xsph.ru"; fast_pattern; nocase; http.uri; content:"/9bc7b45d.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37302341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26450;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26671 [dcrat] Outgoing URL http|3a|//a0919334.xsph.ru/9bc7b45d.php"; flow:to_server,established; http.header; content:"a0919334.xsph.ru"; fast_pattern; nocase; http.uri; content:"/9bc7b45d.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37493691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.125.102.39 13406 (msg: "MISP e26686 [njrat] Outgoing To IP: 3.125.102.39|13406"; classtype:trojan-activity; sid:37509871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 18.192.31.165 13406 (msg: "MISP e26686 [njrat] Outgoing To IP: 18.192.31.165|13406"; classtype:trojan-activity; sid:37509881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 18.192.31.165 13406 (msg: "MISP e26671 [njrat,misp-galaxy:malpedia="NjRAT"] Outgoing To IP: 18.192.31.165|13406"; classtype:trojan-activity; sid:37493711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.125.102.39 13406 (msg: "MISP e26671 [njrat,misp-galaxy:malpedia="NjRAT"] Outgoing To IP: 3.125.102.39|13406"; classtype:trojan-activity; sid:37493721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26686 [dcrat] Outgoing URL http|3a|//a0916796.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0916796.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37509891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26671 [dcrat] Outgoing URL http|3a|//a0916796.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0916796.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37493731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 147.45.47.100 24854 (msg: "MISP e26671 [infostealer,RedLine,stealer] Outgoing To IP: 147.45.47.100|24854"; classtype:trojan-activity; sid:37493741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 18.158.249.75 13406 (msg: "MISP e26671 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 18.158.249.75|13406"; classtype:trojan-activity; sid:37493751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.125.209.94 13406 (msg: "MISP e26671 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 3.125.209.94|13406"; classtype:trojan-activity; sid:37493761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 196.112.147.229 5566 (msg: "MISP e26686 [asyncrat,RAT] Outgoing To IP: 196.112.147.229|5566"; classtype:trojan-activity; sid:37509931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 196.112.147.229 5588 (msg: "MISP e26686 [Loda] Outgoing To IP: 196.112.147.229|5588"; classtype:trojan-activity; sid:37509941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 196.112.147.229 5577 (msg: "MISP e26686 [njrat] Outgoing To IP: 196.112.147.229|5577"; classtype:trojan-activity; sid:37509951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 196.112.147.229 5577 (msg: "MISP e26671 [njrat,misp-galaxy:malpedia="NjRAT"] Outgoing To IP: 196.112.147.229|5577"; classtype:trojan-activity; sid:37493771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 196.112.147.229 5588 (msg: "MISP e26671 [misp-galaxy:malpedia="Loda"] Outgoing To IP: 196.112.147.229|5588"; classtype:trojan-activity; sid:37493781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 196.112.147.229 5566 (msg: "MISP e26671 [asyncrat,RAT] Outgoing To IP: 196.112.147.229|5566"; classtype:trojan-activity; sid:37493791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 144.76.184.11 50500 (msg: "MISP e26686 [RiseProStealer] Outgoing To IP: 144.76.184.11|50500"; classtype:trojan-activity; sid:37509961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 144.76.184.11 50500 (msg: "MISP e26671 [] Outgoing To IP: 144.76.184.11|50500"; classtype:trojan-activity; sid:37493801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 144.76.184.11 8081 (msg: "MISP e26686 [Risepro,ViriBack] Outgoing To IP: 144.76.184.11|8081"; classtype:trojan-activity; sid:37509971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 144.76.184.11 8081 (msg: "MISP e26671 [misp:confidence-level="fairly-confident"] Outgoing To IP: 144.76.184.11|8081"; classtype:trojan-activity; sid:37493811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 172.94.111.9 5200 (msg: "MISP e26686 [AveMariaRAT,RAT] Outgoing To IP: 172.94.111.9|5200"; classtype:trojan-activity; sid:37509981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 172.94.111.9 5200 (msg: "MISP e26671 [] Outgoing To IP: 172.94.111.9|5200"; classtype:trojan-activity; sid:37493821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26686 [AZORult] Outgoing URL http|3a|//mhlc.shop/mc341/index.php"; flow:to_server,established; http.header; content:"mhlc.shop"; fast_pattern; nocase; http.uri; content:"/mc341/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37510061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26671 [] Outgoing URL http|3a|//mhlc.shop/MC341/index.php"; flow:to_server,established; http.header; content:"mhlc.shop"; fast_pattern; nocase; http.uri; content:"/MC341/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37493831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-sco\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37493841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-sco\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37493842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain news.ntc-telecomcorporation.workers.dev"; dns.query; content:"news.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37493851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain news.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37493852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain elccorp-net.ntc-telecomcorporation.workers.dev"; dns.query; content:"elccorp-net.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])elccorp\-net\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37493861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain elccorp-net.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elccorp-net.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elccorp\-net\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37493862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-ecp\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37493871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-ecp\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37493872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-gwadarport\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37493881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-gwadarport\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37493882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain gwadarportt.workers.dev"; dns.query; content:"gwadarportt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarportt\.workers\.dev$/i"; classtype:trojan-activity; sid:37493891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain gwadarportt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gwadarportt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarportt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37493892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain gwadarport-gov-pk.gwadarportt.workers.dev"; dns.query; content:"gwadarport-gov-pk.gwadarportt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarport\-gov\-pk\.gwadarportt\.workers\.dev$/i"; classtype:trojan-activity; sid:37493901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain gwadarport-gov-pk.gwadarportt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gwadarport-gov-pk.gwadarportt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarport\-gov\-pk\.gwadarportt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37493902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 194.147.140.132 9231 (msg: "MISP e26686 [RAT,RemcosRAT] Outgoing To IP: 194.147.140.132|9231"; classtype:trojan-activity; sid:37510071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 194.147.140.132 9231 (msg: "MISP e26671 [] Outgoing To IP: 194.147.140.132|9231"; classtype:trojan-activity; sid:37493911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26498 [] Outgoing URL http|3a|//www.vintedlogin.com/"; flow:to_server,established; http.header; content:"www.vintedlogin.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37337791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26498;) alert ip $HOME_NET any -> 13.113.86.16 80 (msg: "MISP e26686 [AMAZON-02,Brute Ratel C4] Outgoing To IP: 13.113.86.16|80"; classtype:trojan-activity; sid:37510081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 74.48.56.81 7443 (msg: "MISP e26686 [MULTA-ASN1,Mythic] Outgoing To IP: 74.48.56.81|7443"; classtype:trojan-activity; sid:37510091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 43.198.89.50 443 (msg: "MISP e26686 [AMAZON-02,Deimos] Outgoing To IP: 43.198.89.50|443"; classtype:trojan-activity; sid:37510101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 94.103.87.88 465 (msg: "MISP e26686 [Bianlian Go Trojan,VDSINA-AS] Outgoing To IP: 94.103.87.88|465"; classtype:trojan-activity; sid:37510111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 94.103.87.88 3306 (msg: "MISP e26686 [Bianlian Go Trojan,VDSINA-AS] Outgoing To IP: 94.103.87.88|3306"; classtype:trojan-activity; sid:37510121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [APT,SideWinder] Domain news.ntc-telecomcorporation.workers.dev"; dns.query; content:"news.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37510051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [APT,SideWinder] Outgoing HTTP Domain news.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [SocGholish] Domain day.50adayplan.com"; dns.query; content:"day.50adayplan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])day\.50adayplan\.com$/i"; classtype:trojan-activity; sid:37509841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [SocGholish] Outgoing HTTP Domain day.50adayplan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"day.50adayplan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])day\.50adayplan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37509842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [VexTrio] Domain winvipbonus.life"; dns.query; content:"winvipbonus.life"; nocase; pcre: "/(^|[^A-Za-z0-9-])winvipbonus\.life$/i"; classtype:trojan-activity; sid:37509851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [VexTrio] Outgoing HTTP Domain winvipbonus.life"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"winvipbonus.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])winvipbonus\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37509852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 87.3.215.35 65199 (msg: "MISP e26686 [NanoCore,RAT] Outgoing To IP: 87.3.215.35|65199"; classtype:trojan-activity; sid:37509811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [NanoCore,RAT] Domain ihateciroparisi.serveminecraft.net"; dns.query; content:"ihateciroparisi.serveminecraft.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ihateciroparisi\.serveminecraft\.net$/i"; classtype:trojan-activity; sid:37509821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [NanoCore,RAT] Outgoing HTTP Domain ihateciroparisi.serveminecraft.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ihateciroparisi.serveminecraft.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ihateciroparisi\.serveminecraft\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37509822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [] Domain foodmattkent.live"; dns.query; content:"foodmattkent.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])foodmattkent\.live$/i"; classtype:trojan-activity; sid:37509831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [] Outgoing HTTP Domain foodmattkent.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"foodmattkent.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])foodmattkent\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37509832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 185.172.128.33 8970 (msg: "MISP e26686 [infostealer,RedLine,stealer] Outgoing To IP: 185.172.128.33|8970"; classtype:trojan-activity; sid:37509801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 18.158.249.75 13406 (msg: "MISP e26686 [njrat,RAT] Outgoing To IP: 18.158.249.75|13406"; classtype:trojan-activity; sid:37509911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 207.246.120.23 8140 (msg: "MISP e26686 [infostealer,RedLine,stealer] Outgoing To IP: 207.246.120.23|8140"; classtype:trojan-activity; sid:37509861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 3.125.209.94 13406 (msg: "MISP e26686 [njrat,RAT] Outgoing To IP: 3.125.209.94|13406"; classtype:trojan-activity; sid:37509901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 3.127.138.57 13627 (msg: "MISP e26686 [njrat,RAT] Outgoing To IP: 3.127.138.57|13627"; classtype:trojan-activity; sid:37509791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [APT,SideWinder] Domain mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-sco\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37510041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [APT,SideWinder] Outgoing HTTP Domain mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-sco\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [APT,SideWinder] Domain mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-ecp\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37510021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [APT,SideWinder] Outgoing HTTP Domain mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-ecp\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [APT,SideWinder] Domain mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-gwadarport\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37510031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [APT,SideWinder] Outgoing HTTP Domain mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-gwadarport\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 147.45.47.100 24854 (msg: "MISP e26686 [infostealer,RedLine,stealer] Outgoing To IP: 147.45.47.100|24854"; classtype:trojan-activity; sid:37509921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [APT,SideWinder] Domain gwadarportt.workers.dev"; dns.query; content:"gwadarportt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarportt\.workers\.dev$/i"; classtype:trojan-activity; sid:37509991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [APT,SideWinder] Outgoing HTTP Domain gwadarportt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gwadarportt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarportt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37509992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [APT,SideWinder] Domain gwadarport-gov-pk.gwadarportt.workers.dev"; dns.query; content:"gwadarport-gov-pk.gwadarportt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarport\-gov\-pk\.gwadarportt\.workers\.dev$/i"; classtype:trojan-activity; sid:37510001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [APT,SideWinder] Outgoing HTTP Domain gwadarport-gov-pk.gwadarportt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gwadarport-gov-pk.gwadarportt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarport\-gov\-pk\.gwadarportt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [APT,SideWinder] Domain elccorp-net.ntc-telecomcorporation.workers.dev"; dns.query; content:"elccorp-net.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])elccorp\-net\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37510011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [APT,SideWinder] Outgoing HTTP Domain elccorp-net.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elccorp-net.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elccorp\-net\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 72.27.101.0 443 (msg: "MISP e26686 [FLOW-NET,QakBot] Outgoing To IP: 72.27.101.0|443"; classtype:trojan-activity; sid:37510131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 189.177.0.136 995 (msg: "MISP e26686 [QakBot,UNINET] Outgoing To IP: 189.177.0.136|995"; classtype:trojan-activity; sid:37510141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 79.131.125.30 2222 (msg: "MISP e26686 [OTENET-GR Athens - Greece,QakBot] Outgoing To IP: 79.131.125.30|2222"; classtype:trojan-activity; sid:37510151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 167.56.71.240 995 (msg: "MISP e26686 [Administracion Nacional de Telecomunicaciones,QakBot] Outgoing To IP: 167.56.71.240|995"; classtype:trojan-activity; sid:37510161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 20.117.169.244 80 (msg: "MISP e26686 [dcrat,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.117.169.244|80"; classtype:trojan-activity; sid:37510171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 20.26.126.28 80 (msg: "MISP e26686 [dcrat,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.26.126.28|80"; classtype:trojan-activity; sid:37510181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 104.233.244.97 8888 (msg: "MISP e26686 [PEG-SV,Supershell] Outgoing To IP: 104.233.244.97|8888"; classtype:trojan-activity; sid:37510191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 104.233.187.164 8888 (msg: "MISP e26686 [PEG-SV,Supershell] Outgoing To IP: 104.233.187.164|8888"; classtype:trojan-activity; sid:37510201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 104.233.187.165 8888 (msg: "MISP e26686 [PEG-SV,Supershell] Outgoing To IP: 104.233.187.165|8888"; classtype:trojan-activity; sid:37510211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 109.107.181.83 80 (msg: "MISP e26686 [AEZA-AS,Meduza Stealer] Outgoing To IP: 109.107.181.83|80"; classtype:trojan-activity; sid:37510221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 109.107.181.83 80 (msg: "MISP e26671 [] Outgoing To IP: 109.107.181.83|80"; classtype:trojan-activity; sid:37493921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 104.233.187.165 8888 (msg: "MISP e26671 [] Outgoing To IP: 104.233.187.165|8888"; classtype:trojan-activity; sid:37493931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 104.233.187.164 8888 (msg: "MISP e26671 [] Outgoing To IP: 104.233.187.164|8888"; classtype:trojan-activity; sid:37493941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 104.233.244.97 8888 (msg: "MISP e26671 [] Outgoing To IP: 104.233.244.97|8888"; classtype:trojan-activity; sid:37493951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 20.26.126.28 80 (msg: "MISP e26671 [] Outgoing To IP: 20.26.126.28|80"; classtype:trojan-activity; sid:37493961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 20.117.169.244 80 (msg: "MISP e26671 [] Outgoing To IP: 20.117.169.244|80"; classtype:trojan-activity; sid:37493971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 167.56.71.240 995 (msg: "MISP e26671 [] Outgoing To IP: 167.56.71.240|995"; classtype:trojan-activity; sid:37493981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 79.131.125.30 2222 (msg: "MISP e26671 [] Outgoing To IP: 79.131.125.30|2222"; classtype:trojan-activity; sid:37493991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 189.177.0.136 995 (msg: "MISP e26671 [] Outgoing To IP: 189.177.0.136|995"; classtype:trojan-activity; sid:37494001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 72.27.101.0 443 (msg: "MISP e26671 [] Outgoing To IP: 72.27.101.0|443"; classtype:trojan-activity; sid:37494011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 94.103.87.88 3306 (msg: "MISP e26671 [] Outgoing To IP: 94.103.87.88|3306"; classtype:trojan-activity; sid:37494021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 94.103.87.88 465 (msg: "MISP e26671 [] Outgoing To IP: 94.103.87.88|465"; classtype:trojan-activity; sid:37494031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 43.198.89.50 443 (msg: "MISP e26671 [] Outgoing To IP: 43.198.89.50|443"; classtype:trojan-activity; sid:37494041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 74.48.56.81 7443 (msg: "MISP e26671 [] Outgoing To IP: 74.48.56.81|7443"; classtype:trojan-activity; sid:37494051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 13.113.86.16 80 (msg: "MISP e26671 [] Outgoing To IP: 13.113.86.16|80"; classtype:trojan-activity; sid:37494061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 23.88.117.132 5432 (msg: "MISP e26686 [Vidar] Outgoing To IP: 23.88.117.132|5432"; classtype:trojan-activity; sid:37510231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 95.217.237.91 443 (msg: "MISP e26686 [Vidar] Outgoing To IP: 95.217.237.91|443"; classtype:trojan-activity; sid:37510241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 65.109.241.164 9000 (msg: "MISP e26686 [Vidar] Outgoing To IP: 65.109.241.164|9000"; classtype:trojan-activity; sid:37510251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 65.109.241.164 443 (msg: "MISP e26686 [Vidar] Outgoing To IP: 65.109.241.164|443"; classtype:trojan-activity; sid:37510261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 95.217.31.190 9000 (msg: "MISP e26686 [Vidar] Outgoing To IP: 95.217.31.190|9000"; classtype:trojan-activity; sid:37510271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 95.217.31.190 443 (msg: "MISP e26686 [Vidar] Outgoing To IP: 95.217.31.190|443"; classtype:trojan-activity; sid:37510281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 95.217.243.152 443 (msg: "MISP e26686 [Vidar] Outgoing To IP: 95.217.243.152|443"; classtype:trojan-activity; sid:37510291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [Mirai] Domain botnet.layer4.bf"; dns.query; content:"botnet.layer4.bf"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.layer4\.bf$/i"; classtype:trojan-activity; sid:37510371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [Mirai] Outgoing HTTP Domain botnet.layer4.bf"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.layer4.bf"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.layer4\.bf[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 159.223.196.192 56999 (msg: "MISP e26686 [Mirai] Outgoing To IP: 159.223.196.192|56999"; classtype:trojan-activity; sid:37510381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e24600 [] Domain help-orangelu.com"; dns.query; content:"help-orangelu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])help\-orangelu\.com$/i"; classtype:trojan-activity; sid:37480591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain help-orangelu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"help-orangelu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])help\-orangelu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37480592; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 159.223.196.192 56999 (msg: "MISP e26671 [] Outgoing To IP: 159.223.196.192|56999"; classtype:trojan-activity; sid:37547541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain botnet.layer4.bf"; dns.query; content:"botnet.layer4.bf"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.layer4\.bf$/i"; classtype:trojan-activity; sid:37547551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain botnet.layer4.bf"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.layer4.bf"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.layer4\.bf[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 95.217.31.190 9000 (msg: "MISP e26671 [] Outgoing To IP: 95.217.31.190|9000"; classtype:trojan-activity; sid:37547631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 95.217.31.190 443 (msg: "MISP e26671 [] Outgoing To IP: 95.217.31.190|443"; classtype:trojan-activity; sid:37547641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 95.217.243.152 443 (msg: "MISP e26671 [] Outgoing To IP: 95.217.243.152|443"; classtype:trojan-activity; sid:37547651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 23.88.117.132 5432 (msg: "MISP e26671 [] Outgoing To IP: 23.88.117.132|5432"; classtype:trojan-activity; sid:37547661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 95.217.237.91 443 (msg: "MISP e26671 [] Outgoing To IP: 95.217.237.91|443"; classtype:trojan-activity; sid:37547671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 65.109.241.164 9000 (msg: "MISP e26671 [] Outgoing To IP: 65.109.241.164|9000"; classtype:trojan-activity; sid:37547681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 65.109.241.164 443 (msg: "MISP e26671 [] Outgoing To IP: 65.109.241.164|443"; classtype:trojan-activity; sid:37547691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26686 [CobaltStrike,cs-watermark-391144938,MULTACOM CORPORATION] Outgoing URL http|3a|//abillioncoin.com/www/handle/doc"; flow:to_server,established; http.header; content:"abillioncoin.com"; fast_pattern; nocase; http.uri; content:"/www/handle/doc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37510391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26686 [CobaltStrike,cs-watermark-391144938,MULTACOM CORPORATION] Outgoing URL http|3a|//cn.bing.com/www/handle/doc"; flow:to_server,established; http.header; content:"cn.bing.com"; fast_pattern; nocase; http.uri; content:"/www/handle/doc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37510401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [CobaltStrike,cs-watermark-391144938,MULTACOM CORPORATION] Domain cn.bing.com"; dns.query; content:"cn.bing.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cn\.bing\.com$/i"; classtype:trojan-activity; sid:37510411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [CobaltStrike,cs-watermark-391144938,MULTACOM CORPORATION] Outgoing HTTP Domain cn.bing.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cn.bing.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cn\.bing\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> 101.201.46.105 $HTTP_PORTS (msg: "MISP e26686 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938] Outgoing URL http|3a|//101.201.46.105/ga.js"; flow:to_server,established; http.header; content:"101.201.46.105"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37510421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> 101.201.46.105 $HTTP_PORTS (msg: "MISP e26671 [] Outgoing URL http|3a|//101.201.46.105/ga.js"; flow:to_server,established; http.header; content:"101.201.46.105"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37547701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26671 [] Outgoing URL http|3a|//cn.bing.com/www/handle/doc"; flow:to_server,established; http.header; content:"cn.bing.com"; fast_pattern; nocase; http.uri; content:"/www/handle/doc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37547721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26671 [] Outgoing URL http|3a|//abillioncoin.com/www/handle/doc"; flow:to_server,established; http.header; content:"abillioncoin.com"; fast_pattern; nocase; http.uri; content:"/www/handle/doc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37547731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26487 [] Domain webcestadoempresas.online"; dns.query; content:"webcestadoempresas.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online$/i"; classtype:trojan-activity; sid:37332081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26487;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26487 [] Outgoing HTTP Domain webcestadoempresas.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webcestadoempresas.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webcestadoempresas\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37332082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26487;) alert http $HOME_NET any -> 74.119.150.152 $HTTP_PORTS (msg: "MISP e26738 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//74.119.150.152/luzdelsur/recibos/"; flow:to_server,established; http.header; content:"74.119.150.152"; fast_pattern; nocase; http.uri; content:"/luzdelsur/recibos/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37535431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26738;) alert http $HOME_NET any -> 54.84.222.106 $HTTP_PORTS (msg: "MISP e26738 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//54.84.222.106/contador-mega/inspecionando.php"; flow:to_server,established; http.header; content:"54.84.222.106"; fast_pattern; nocase; http.uri; content:"/contador-mega/inspecionando.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37535471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26738;) alert ip $HOME_NET any -> 45.128.96.16 4449 (msg: "MISP e26686 [asyncrat] Outgoing To IP: 45.128.96.16|4449"; classtype:trojan-activity; sid:37510431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 45.128.96.16 4449 (msg: "MISP e26671 [] Outgoing To IP: 45.128.96.16|4449"; classtype:trojan-activity; sid:37547741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26790 [] Hostname tiesas.lv-elieta-riga.net"; dns.query; content:"tiesas.lv-elieta-riga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tiesas\.lv\-elieta\-riga\.net$/i"; classtype:trojan-activity; sid:37546301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Hostname tiesas.lv-elieta-riga.net"; flow:to_server,established; http.header; content: "Host|3a| tiesas.lv-elieta-riga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tiesas\.lv\-elieta\-riga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37546302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26684 [] Source Email Address: luxtras000120@voo.be"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"luxtras000120@voo.be"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37864161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26684;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26684 [] Source Email Address: luxtrust12|30 78|x020@voo.be"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"luxtrust12|30 78|x020@voo.be"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37864171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26684;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26684 [] Source Email Address: luxtras00020@voo.be"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"luxtras00020@voo.be"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37864181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26684;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26746 [] Outgoing URL http|3a|//nlbklik-16-02-si.li-cy.icu/nlbpay"; flow:to_server,established; http.header; content:"nlbklik-16-02-si.li-cy.icu"; fast_pattern; nocase; http.uri; content:"/nlbpay"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37538851; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26746;) alert dns any any -> any any (msg: "MISP e26766 [] Domain alphaprobe.s3.us-east-2.amazonaws.com"; dns.query; content:"alphaprobe.s3.us-east-2.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])alphaprobe\.s3\.us\-east\-2\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37539911; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26766;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26766 [] Outgoing HTTP Domain alphaprobe.s3.us-east-2.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"alphaprobe.s3.us-east-2.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])alphaprobe\.s3\.us\-east\-2\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539912; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26766;) alert dns any any -> any any (msg: "MISP e26766 [] Domain coolcat.website"; dns.query; content:"coolcat.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])coolcat\.website$/i"; classtype:trojan-activity; sid:37539921; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26766;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26766 [] Outgoing HTTP Domain coolcat.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"coolcat.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])coolcat\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539922; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26766;) alert dns any any -> any any (msg: "MISP e26790 [] Hostname dpd.lv.delivery-serv1ce.shop"; dns.query; content:"dpd.lv.delivery-serv1ce.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dpd\.lv\.delivery\-serv1ce\.shop$/i"; classtype:trojan-activity; sid:37546341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Hostname dpd.lv.delivery-serv1ce.shop"; flow:to_server,established; http.header; content: "Host|3a| dpd.lv.delivery-serv1ce.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dpd\.lv\.delivery\-serv1ce\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37546342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert dns any any -> any any (msg: "MISP e26671 [] Domain cholin777.con-ip.com"; dns.query; content:"cholin777.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cholin777\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37547751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain cholin777.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cholin777.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cholin777\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain elgigante.con-ip.com"; dns.query; content:"elgigante.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])elgigante\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37547761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain elgigante.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elgigante.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elgigante\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain elgrande.con-ip.com"; dns.query; content:"elgrande.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])elgrande\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37547771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain elgrande.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elgrande.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elgrande\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain gomelo.con-ip.com"; dns.query; content:"gomelo.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gomelo\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37547781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain gomelo.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gomelo.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gomelo\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain hebreo.con-ip.com"; dns.query; content:"hebreo.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hebreo\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37547791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain hebreo.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hebreo.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hebreo\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain jerusalen.con-ip.com"; dns.query; content:"jerusalen.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jerusalen\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37547801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain jerusalen.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jerusalen.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jerusalen\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain lesbiano.con-ip.com"; dns.query; content:"lesbiano.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lesbiano\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37547811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain lesbiano.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lesbiano.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lesbiano\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain ruby.con-ip.com"; dns.query; content:"ruby.con-ip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ruby\.con\-ip\.com$/i"; classtype:trojan-activity; sid:37547821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain ruby.con-ip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ruby.con-ip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ruby\.con\-ip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 93.123.85.73 4258 (msg: "MISP e26686 [Gafgyt] Outgoing To IP: 93.123.85.73|4258"; classtype:trojan-activity; sid:37510441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 93.123.85.141 666 (msg: "MISP e26686 [Gafgyt] Outgoing To IP: 93.123.85.141|666"; classtype:trojan-activity; sid:37510451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 93.123.85.73 4258 (msg: "MISP e26671 [] Outgoing To IP: 93.123.85.73|4258"; classtype:trojan-activity; sid:37547831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 93.123.85.141 666 (msg: "MISP e26671 [] Outgoing To IP: 93.123.85.141|666"; classtype:trojan-activity; sid:37547841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 185.222.58.40 1990 (msg: "MISP e26686 [remcos] Outgoing To IP: 185.222.58.40|1990"; classtype:trojan-activity; sid:37510461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 106.54.202.74 443 (msg: "MISP e26686 [CobaltStrike,cs-watermark-1234567890,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 106.54.202.74|443"; classtype:trojan-activity; sid:37510481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 106.54.202.74 443 (msg: "MISP e26671 [] Outgoing To IP: 106.54.202.74|443"; classtype:trojan-activity; sid:37547851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 185.222.58.40 1990 (msg: "MISP e26671 [] Outgoing To IP: 185.222.58.40|1990"; classtype:trojan-activity; sid:37547871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> 45.93.20.242 $HTTP_PORTS (msg: "MISP e26686 [Chang Way Technologies Co. Limited,CobaltStrike,cs-watermark-1357776117] Outgoing URL http|3a|//45.93.20.242/g.pixel"; flow:to_server,established; http.header; content:"45.93.20.242"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37510491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> 45.93.20.242 $HTTP_PORTS (msg: "MISP e26671 [] Outgoing URL http|3a|//45.93.20.242/g.pixel"; flow:to_server,established; http.header; content:"45.93.20.242"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37547891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26686 [Gafgyt] Domain lkasjdfhsdag.servebeer.com"; dns.query; content:"lkasjdfhsdag.servebeer.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lkasjdfhsdag\.servebeer\.com$/i"; classtype:trojan-activity; sid:37510521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [Gafgyt] Outgoing HTTP Domain lkasjdfhsdag.servebeer.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lkasjdfhsdag.servebeer.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lkasjdfhsdag\.servebeer\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 185.196.8.191 1290 (msg: "MISP e26686 [Gafgyt] Outgoing To IP: 185.196.8.191|1290"; classtype:trojan-activity; sid:37510531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26671 [] Domain lkasjdfhsdag.servebeer.com"; dns.query; content:"lkasjdfhsdag.servebeer.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lkasjdfhsdag\.servebeer\.com$/i"; classtype:trojan-activity; sid:37547911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain lkasjdfhsdag.servebeer.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lkasjdfhsdag.servebeer.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lkasjdfhsdag\.servebeer\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 185.196.8.191 1290 (msg: "MISP e26671 [] Outgoing To IP: 185.196.8.191|1290"; classtype:trojan-activity; sid:37547921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.125.209.94 16904 (msg: "MISP e26686 [njrat] Outgoing To IP: 3.125.209.94|16904"; classtype:trojan-activity; sid:37510541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 3.125.102.39 16904 (msg: "MISP e26686 [njrat] Outgoing To IP: 3.125.102.39|16904"; classtype:trojan-activity; sid:37510551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 3.125.223.134 16904 (msg: "MISP e26686 [njrat] Outgoing To IP: 3.125.223.134|16904"; classtype:trojan-activity; sid:37510561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 3.125.223.134 16904 (msg: "MISP e26671 [] Outgoing To IP: 3.125.223.134|16904"; classtype:trojan-activity; sid:37547931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.125.102.39 16904 (msg: "MISP e26671 [] Outgoing To IP: 3.125.102.39|16904"; classtype:trojan-activity; sid:37547941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.125.209.94 16904 (msg: "MISP e26671 [] Outgoing To IP: 3.125.209.94|16904"; classtype:trojan-activity; sid:37547951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26736 [] Domain ftp.experthvac.ro"; dns.query; content:"ftp.experthvac.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.experthvac\.ro$/i"; classtype:trojan-activity; sid:37535371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26736;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26736 [] Outgoing HTTP Domain ftp.experthvac.ro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ftp.experthvac.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.experthvac\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37535372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26736;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26736 [] Destination Email Address: ftpadmon@experthvac.ro"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"ftpadmon@experthvac.ro"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37535381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26736;) alert dns any any -> any any (msg: "MISP e24600 [] Domain zerhwfzrsiezpqcywuuj3592345297.blogspot.com"; dns.query; content:"zerhwfzrsiezpqcywuuj3592345297.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zerhwfzrsiezpqcywuuj3592345297\.blogspot\.com$/i"; classtype:trojan-activity; sid:37571431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain zerhwfzrsiezpqcywuuj3592345297.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zerhwfzrsiezpqcywuuj3592345297.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zerhwfzrsiezpqcywuuj3592345297\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571432; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain www.lu.mundome.com"; dns.query; content:"www.lu.mundome.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.lu\.mundome\.com$/i"; classtype:trojan-activity; sid:37571461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain www.lu.mundome.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.lu.mundome.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.lu\.mundome\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571462; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain vendorportal.gtt.net"; dns.query; content:"vendorportal.gtt.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vendorportal\.gtt\.net$/i"; classtype:trojan-activity; sid:37571511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain vendorportal.gtt.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vendorportal.gtt.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vendorportal\.gtt\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain f.newslettescreationslines.eu"; dns.query; content:"f.newslettescreationslines.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])f\.newslettescreationslines\.eu$/i"; classtype:trojan-activity; sid:37571571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain f.newslettescreationslines.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"f.newslettescreationslines.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])f\.newslettescreationslines\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571572; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 9618635468.newslettescreationslines.eu"; dns.query; content:"9618635468.newslettescreationslines.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])9618635468\.newslettescreationslines\.eu$/i"; classtype:trojan-activity; sid:37571611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 9618635468.newslettescreationslines.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"9618635468.newslettescreationslines.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])9618635468\.newslettescreationslines\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571612; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e24600 [] Outgoing URL http|3a|//jkpfb.standimpose.top/hdoobobglower01?affsub2=uigswwmrfh"; flow:to_server,established; http.header; content:"jkpfb.standimpose.top"; fast_pattern; nocase; http.uri; content:"/hdoobobglower01"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37571621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain jkpfb.standimpose.top"; dns.query; content:"jkpfb.standimpose.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])jkpfb\.standimpose\.top$/i"; classtype:trojan-activity; sid:37571661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain jkpfb.standimpose.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jkpfb.standimpose.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jkpfb\.standimpose\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain small.terflatmix.us"; dns.query; content:"small.terflatmix.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])small\.terflatmix\.us$/i"; classtype:trojan-activity; sid:37571691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain small.terflatmix.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"small.terflatmix.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])small\.terflatmix\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571692; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e26782 [] Domain vmi.lt-skola.net"; dns.query; content:"vmi.lt-skola.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net$/i"; classtype:trojan-activity; sid:37545791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26782;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26782 [] Outgoing HTTP Domain vmi.lt-skola.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-skola.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37545792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26782;) alert dns any any -> any any (msg: "MISP e26741 [] Domain vmi.lt-skola.net"; dns.query; content:"vmi.lt-skola.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net$/i"; classtype:trojan-activity; sid:37535931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26741;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26741 [] Outgoing HTTP Domain vmi.lt-skola.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-skola.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37535932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26741;) alert dns any any -> any any (msg: "MISP e26772 [] Domain vmi.lt-skola.net"; dns.query; content:"vmi.lt-skola.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net$/i"; classtype:trojan-activity; sid:37540811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26772;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26772 [] Outgoing HTTP Domain vmi.lt-skola.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-skola.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37540812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26772;) alert dns any any -> any any (msg: "MISP e26750 [] Domain track-my-ups-parcel.com"; dns.query; content:"track-my-ups-parcel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])track\-my\-ups\-parcel\.com$/i"; classtype:trojan-activity; sid:37539031; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26750;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26750 [] Outgoing HTTP Domain track-my-ups-parcel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"track-my-ups-parcel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])track\-my\-ups\-parcel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539032; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26750;) alert dns any any -> any any (msg: "MISP e26788 [] Domain vmi.lt-skola.net"; dns.query; content:"vmi.lt-skola.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net$/i"; classtype:trojan-activity; sid:37545991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26788;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26788 [] Outgoing HTTP Domain vmi.lt-skola.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-skola.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37545992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26788;) alert ip $HOME_NET any -> 18.158.249.75 16904 (msg: "MISP e26671 [] Outgoing To IP: 18.158.249.75|16904"; classtype:trojan-activity; sid:37547961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26775 [] Outgoing URL http|3a|//pfhz0l29om.arrowtechnical.co.uk/#?act=cl&|3b|pid=163976_md&|3b|uid=5&|3b|vid=62876&|3b|ofid=3878&|3b|lid=1538&|3b|cid=948"; flow:to_server,established; http.header; content:"pfhz0l29om.arrowtechnical.co.uk"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37540951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26775;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26775 [] Outgoing URL http|3a|//pfhz0l29om.arrowtechnical.co.uk/#?act=cl&pid=163976_md&uid=5&vid=62876&ofid=3878&lid=1538&cid=948"; flow:to_server,established; http.header; content:"pfhz0l29om.arrowtechnical.co.uk"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37540961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26775;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26775 [] Outgoing URL http|3a|//pfhz0l29om.arrowtechnical.co.uk/#?act=un&|3b|pid=163976_md&|3b|uid=5&|3b|vid=62876&|3b|ofid=3878&|3b|lid=1538&|3b|cid=948"; flow:to_server,established; http.header; content:"pfhz0l29om.arrowtechnical.co.uk"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37540971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26775;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26775 [] Outgoing URL http|3a|//pfhz0l29om.arrowtechnical.co.uk/#?act=un&pid=163976_md&uid=5&vid=62876&ofid=3878&lid=1538&cid=948"; flow:to_server,established; http.header; content:"pfhz0l29om.arrowtechnical.co.uk"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37540981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26775;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26686 [dcrat] Outgoing URL http|3a|//vamknigi.mcdir.me/l1nc0in.php"; flow:to_server,established; http.header; content:"vamknigi.mcdir.me"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37510581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26671 [] Outgoing URL http|3a|//vamknigi.mcdir.me/L1nc0In.php"; flow:to_server,established; http.header; content:"vamknigi.mcdir.me"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37547971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip 195.2.240.100 any -> $HOME_NET any (msg: "MISP e26591 [] Incoming From IP: 195.2.240.100"; classtype:trojan-activity; sid:38629341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26591;) alert dns any any -> any any (msg: "MISP e26761 [] Domain vmi.lt-skola.net"; dns.query; content:"vmi.lt-skola.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net$/i"; classtype:trojan-activity; sid:37539761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26761;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26761 [] Outgoing HTTP Domain vmi.lt-skola.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-skola.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26761;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing URL yournutrientsolutions.com"; flow:to_server,established; http.uri; content:"yournutrientsolutions.com"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37571701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e26760 [] Domain vmi.lt-skola.net"; dns.query; content:"vmi.lt-skola.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net$/i"; classtype:trojan-activity; sid:37539731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26760;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26760 [] Outgoing HTTP Domain vmi.lt-skola.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-skola.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26760;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing URL allterra24.com"; flow:to_server,established; http.uri; content:"allterra24.com"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37571731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e26770 [] Domain vmi.lt-skola.net"; dns.query; content:"vmi.lt-skola.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net$/i"; classtype:trojan-activity; sid:37540751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26770;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26770 [] Outgoing HTTP Domain vmi.lt-skola.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-skola.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-skola\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37540752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26770;) alert dns any any -> any any (msg: "MISP e26773 [] Hostname p26.douyinpic.com"; dns.query; content:"p26.douyinpic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])p26\.douyinpic\.com$/i"; classtype:trojan-activity; sid:37540841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26773;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26773 [] Outgoing HTTP Hostname p26.douyinpic.com"; flow:to_server,established; http.header; content: "Host|3a| p26.douyinpic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])p26\.douyinpic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37540842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26773;) alert dns any any -> any any (msg: "MISP e26790 [] Hostname firefly-int1.com"; dns.query; content:"firefly-int1.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])firefly\-int1\.com$/i"; classtype:trojan-activity; sid:37546381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Hostname firefly-int1.com"; flow:to_server,established; http.header; content: "Host|3a| firefly-int1.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])firefly\-int1\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37546382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert dns any any -> any any (msg: "MISP e26505 [] Domain banestado-tarifas.pages.dev"; dns.query; content:"banestado-tarifas.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-tarifas\.pages\.dev$/i"; classtype:trojan-activity; sid:37337911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26505;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26505 [] Outgoing HTTP Domain banestado-tarifas.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-tarifas.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-tarifas\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37337912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26505;) alert dns any any -> any any (msg: "MISP e26508 [] Domain beneficio-banestado.pages.dev"; dns.query; content:"beneficio-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])beneficio\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37338041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26508;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26508 [] Outgoing HTTP Domain beneficio-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beneficio-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beneficio\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26508;) alert dns any any -> any any (msg: "MISP e26509 [] Domain tarifas-banestado.pages.dev"; dns.query; content:"tarifas-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37338121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26509;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26509 [] Outgoing HTTP Domain tarifas-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tarifas-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37338122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26509;) alert dns any any -> any any (msg: "MISP e26511 [] Domain banco.estado-acceso.info"; dns.query; content:"banco.estado-acceso.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estado\-acceso\.info$/i"; classtype:trojan-activity; sid:37348171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26511;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26511 [] Outgoing HTTP Domain banco.estado-acceso.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banco.estado-acceso.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estado\-acceso\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26511;) alert dns any any -> any any (msg: "MISP e26512 [] Domain consumos-banestado.pages.dev"; dns.query; content:"consumos-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37348251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26512;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26512 [] Outgoing HTTP Domain consumos-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consumos-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26512;) alert ip $HOME_NET any -> 37.60.242.86 any (msg: "MISP e26577 [] Outgoing To IP: 37.60.242.86"; classtype:trojan-activity; sid:37567651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 104.129.55.105 any (msg: "MISP e26577 [] Outgoing To IP: 104.129.55.105"; classtype:trojan-activity; sid:37567661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 23.226.138.143 any (msg: "MISP e26577 [] Outgoing To IP: 23.226.138.143"; classtype:trojan-activity; sid:37567671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26577 [] Outgoing URL introwebllc.com/public/hd.zip"; flow:to_server,established; http.uri; content:"introwebllc.com/public/hd.zip"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37567681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26577 [] Outgoing URL allterra24.com/public/xkn.zip"; flow:to_server,established; http.uri; content:"allterra24.com/public/xkn.zip"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37567691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert dns any any -> any any (msg: "MISP e26513 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:37348331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26513 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37348332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26513;) alert ip $HOME_NET any -> 18.158.249.75 16904 (msg: "MISP e26686 [njrat,RAT] Outgoing To IP: 18.158.249.75|16904"; classtype:trojan-activity; sid:37510571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26577 [] Outgoing URL yournutrientsolutions.com/public/XA.zip"; flow:to_server,established; http.uri; content:"yournutrientsolutions.com/public/XA.zip"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37567701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26800 [] Source Email Address: ycwedo.ho@themjcl.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"ycwedo.ho@themjcl.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37547451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26800;) alert ip $HOME_NET any -> 5.75.209.12 9001 (msg: "MISP e26686 [Vidar] Outgoing To IP: 5.75.209.12|9001"; classtype:trojan-activity; sid:37510651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 95.217.31.198 443 (msg: "MISP e26686 [Vidar] Outgoing To IP: 95.217.31.198|443"; classtype:trojan-activity; sid:37510661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 5.75.209.12 9001 (msg: "MISP e26671 [] Outgoing To IP: 5.75.209.12|9001"; classtype:trojan-activity; sid:37548081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 95.217.31.198 443 (msg: "MISP e26671 [] Outgoing To IP: 95.217.31.198|443"; classtype:trojan-activity; sid:37548091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26790 [] Domain firefly-int1.com"; dns.query; content:"firefly-int1.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])firefly\-int1\.com$/i"; classtype:trojan-activity; sid:37546261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Domain firefly-int1.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"firefly-int1.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])firefly\-int1\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37546262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26800 [] Outgoing URL file|3a|//newssocialwork.com/public/MW.zip"; flow:to_server,established; http.uri; content:"file|3a|//newssocialwork.com/public/MW.zip"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37547471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26800;) alert dns any any -> any any (msg: "MISP e26800 [] Domain newssocialwork.com"; dns.query; content:"newssocialwork.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])newssocialwork\.com$/i"; classtype:trojan-activity; sid:37547481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26800;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26800 [] Outgoing HTTP Domain newssocialwork.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"newssocialwork.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])newssocialwork\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26800;) alert dns any any -> any any (msg: "MISP e26733 [] Domain qrco.de"; dns.query; content:"qrco.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])qrco\.de$/i"; classtype:trojan-activity; sid:37534851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26733;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26733 [] Outgoing HTTP Domain qrco.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qrco.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qrco\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37534852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26733;) alert ip $HOME_NET any -> 147.45.40.62 9931 (msg: "MISP e26671 [] Outgoing To IP: 147.45.40.62|9931"; classtype:trojan-activity; sid:37548101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26800 [] Source Email Address: steven@fitnessfirstnow.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"steven@fitnessfirstnow.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37547491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26800;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26800 [] Outgoing URL file|3a|//funredblog.com/public/PYK.zip"; flow:to_server,established; http.uri; content:"file|3a|//funredblog.com/public/PYK.zip"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37547511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26800;) alert dns any any -> any any (msg: "MISP e26800 [] Domain funredblog.com"; dns.query; content:"funredblog.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])funredblog\.com$/i"; classtype:trojan-activity; sid:37547521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26800;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26800 [] Outgoing HTTP Domain funredblog.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"funredblog.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])funredblog\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26800;) alert ip $HOME_NET any -> 95.179.137.233 53 (msg: "MISP e26686 [CobaltStrike,cs-watermark-1234567890,The Constant Company LLC] Outgoing To IP: 95.179.137.233|53"; classtype:trojan-activity; sid:37510711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 95.179.137.233 53 (msg: "MISP e26671 [] Outgoing To IP: 95.179.137.233|53"; classtype:trojan-activity; sid:37548111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26686 [AS215862,c2,censys,SOUZA-AS] Domain ninhobaby.com.br"; dns.query; content:"ninhobaby.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])ninhobaby\.com\.br$/i"; classtype:trojan-activity; sid:37510721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS215862,c2,censys,SOUZA-AS] Outgoing HTTP Domain ninhobaby.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ninhobaby.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ninhobaby\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS55990,c2,censys] Domain ecs-123-60-57-13.compute.hwclouds-dns.com"; dns.query; content:"ecs-123-60-57-13.compute.hwclouds-dns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-123\-60\-57\-13\.compute\.hwclouds\-dns\.com$/i"; classtype:trojan-activity; sid:37510731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS55990,c2,censys] Outgoing HTTP Domain ecs-123-60-57-13.compute.hwclouds-dns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecs-123-60-57-13.compute.hwclouds-dns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-123\-60\-57\-13\.compute\.hwclouds\-dns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Domain 155.39.168.34.bc.googleusercontent.com"; dns.query; content:"155.39.168.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])155\.39\.168\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37510741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing HTTP Domain 155.39.168.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"155.39.168.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])155\.39\.168\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS212317,c2,censys,HETZNER-CLOUD3-AS] Domain static.86.70.78.5.clients.your-server.de"; dns.query; content:"static.86.70.78.5.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.86\.70\.78\.5\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37510751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS212317,c2,censys,HETZNER-CLOUD3-AS] Outgoing HTTP Domain static.86.70.78.5.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.86.70.78.5.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.86\.70\.78\.5\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS-CHOOPA,AS20473,c2,censys] Domain blissful-jackson.216-238-76-219.plesk.page"; dns.query; content:"blissful-jackson.216-238-76-219.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])blissful\-jackson\.216\-238\-76\-219\.plesk\.page$/i"; classtype:trojan-activity; sid:37510761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS-CHOOPA,AS20473,c2,censys] Outgoing HTTP Domain blissful-jackson.216-238-76-219.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blissful-jackson.216-238-76-219.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blissful\-jackson\.216\-238\-76\-219\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37510762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 43.135.34.148 17843 (msg: "MISP e26686 [AS132203,c2,censys] Outgoing To IP: 43.135.34.148|17843"; classtype:trojan-activity; sid:37510771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 115.159.195.80 1234 (msg: "MISP e26686 [AS45090,c2,censys] Outgoing To IP: 115.159.195.80|1234"; classtype:trojan-activity; sid:37510781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 152.42.134.17 4433 (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 152.42.134.17|4433"; classtype:trojan-activity; sid:37510791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 109.205.61.95 8080 (msg: "MISP e26686 [AS63473,c2,censys,HOSTHATCH] Outgoing To IP: 109.205.61.95|8080"; classtype:trojan-activity; sid:37510801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 124.221.133.199 33891 (msg: "MISP e26686 [AS45090,c2,censys] Outgoing To IP: 124.221.133.199|33891"; classtype:trojan-activity; sid:37510811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 93.177.75.125 12121 (msg: "MISP e26686 [AS9009,c2,censys,M247] Outgoing To IP: 93.177.75.125|12121"; classtype:trojan-activity; sid:37510821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 8.130.130.59 8080 (msg: "MISP e26686 [AS37963,c2,censys] Outgoing To IP: 8.130.130.59|8080"; classtype:trojan-activity; sid:37510831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 103.146.179.104 443 (msg: "MISP e26686 [AS136933,c2,censys] Outgoing To IP: 103.146.179.104|443"; classtype:trojan-activity; sid:37510841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 5.78.103.127 443 (msg: "MISP e26686 [AS212317,c2,censys,HETZNER-CLOUD3-AS] Outgoing To IP: 5.78.103.127|443"; classtype:trojan-activity; sid:37510851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 42.193.16.213 9981 (msg: "MISP e26686 [AS45090,c2,censys] Outgoing To IP: 42.193.16.213|9981"; classtype:trojan-activity; sid:37510861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 123.60.60.29 8001 (msg: "MISP e26686 [AS55990,c2,censys] Outgoing To IP: 123.60.60.29|8001"; classtype:trojan-activity; sid:37510871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 45.95.174.47 2053 (msg: "MISP e26686 [AS29066,c2,censys] Outgoing To IP: 45.95.174.47|2053"; classtype:trojan-activity; sid:37510881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 34.168.39.155 443 (msg: "MISP e26686 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.168.39.155|443"; classtype:trojan-activity; sid:37510891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 47.92.80.115 80 (msg: "MISP e26686 [AS37963,c2,censys] Outgoing To IP: 47.92.80.115|80"; classtype:trojan-activity; sid:37510901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 47.108.145.250 8080 (msg: "MISP e26686 [AS37963,c2,censys] Outgoing To IP: 47.108.145.250|8080"; classtype:trojan-activity; sid:37510911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 206.237.7.51 6000 (msg: "MISP e26686 [AS932,c2,censys,XNNET] Outgoing To IP: 206.237.7.51|6000"; classtype:trojan-activity; sid:37510921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 154.12.29.22 80 (msg: "MISP e26686 [AS142032,c2,censys] Outgoing To IP: 154.12.29.22|80"; classtype:trojan-activity; sid:37510931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 152.136.55.237 8088 (msg: "MISP e26686 [AS45090,c2,censys] Outgoing To IP: 152.136.55.237|8088"; classtype:trojan-activity; sid:37510941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 150.107.201.170 80 (msg: "MISP e26686 [AS63473,c2,censys,HOSTHATCH] Outgoing To IP: 150.107.201.170|80"; classtype:trojan-activity; sid:37510951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 150.107.201.170 443 (msg: "MISP e26686 [AS63473,c2,censys,HOSTHATCH] Outgoing To IP: 150.107.201.170|443"; classtype:trojan-activity; sid:37510961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 47.115.206.4 53080 (msg: "MISP e26686 [AS37963,c2,censys] Outgoing To IP: 47.115.206.4|53080"; classtype:trojan-activity; sid:37510971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 43.143.169.86 443 (msg: "MISP e26686 [AS45090,c2,censys] Outgoing To IP: 43.143.169.86|443"; classtype:trojan-activity; sid:37510981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 101.201.81.175 8888 (msg: "MISP e26686 [AS37963,c2,censys] Outgoing To IP: 101.201.81.175|8888"; classtype:trojan-activity; sid:37510991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 47.101.181.195 80 (msg: "MISP e26686 [AS37963,c2,censys] Outgoing To IP: 47.101.181.195|80"; classtype:trojan-activity; sid:37511001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 8.219.54.123 80 (msg: "MISP e26686 [AS45102,c2,censys] Outgoing To IP: 8.219.54.123|80"; classtype:trojan-activity; sid:37511011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 8.219.54.123 5060 (msg: "MISP e26686 [AS45102,c2,censys] Outgoing To IP: 8.219.54.123|5060"; classtype:trojan-activity; sid:37511021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 175.178.103.238 4444 (msg: "MISP e26686 [AS45090,c2,censys] Outgoing To IP: 175.178.103.238|4444"; classtype:trojan-activity; sid:37511031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 98.71.17.145 443 (msg: "MISP e26686 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 98.71.17.145|443"; classtype:trojan-activity; sid:37511041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 20.115.68.15 443 (msg: "MISP e26686 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.115.68.15|443"; classtype:trojan-activity; sid:37511051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 34.162.114.31 443 (msg: "MISP e26686 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.162.114.31|443"; classtype:trojan-activity; sid:37511061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 143.198.214.96 31337 (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 143.198.214.96|31337"; classtype:trojan-activity; sid:37511071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 50.78.185.152 443 (msg: "MISP e26686 [AS33490,c2,censys,COMCAST-33490] Outgoing To IP: 50.78.185.152|443"; classtype:trojan-activity; sid:37511081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 43.229.115.108 8888 (msg: "MISP e26686 [AS136800,c2,censys,Supershell] Outgoing To IP: 43.229.115.108|8888"; classtype:trojan-activity; sid:37511091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 123.249.35.1 8888 (msg: "MISP e26686 [AS55990,c2,censys,Supershell] Outgoing To IP: 123.249.35.1|8888"; classtype:trojan-activity; sid:37511101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 204.12.229.169 5600 (msg: "MISP e26686 [AS32097,c2,censys,RAT,WII] Outgoing To IP: 204.12.229.169|5600"; classtype:trojan-activity; sid:37511111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 136.243.179.5 8888 (msg: "MISP e26686 [AS24940,c2,censys,HETZNER-AS,RAT] Outgoing To IP: 136.243.179.5|8888"; classtype:trojan-activity; sid:37511121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 88.214.59.174 9090 (msg: "MISP e26686 [AS397423,c2,censys,RAT,TIER-NET] Outgoing To IP: 88.214.59.174|9090"; classtype:trojan-activity; sid:37511131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 172.94.111.213 8888 (msg: "MISP e26686 [AS9009,c2,censys,M247,RAT] Outgoing To IP: 172.94.111.213|8888"; classtype:trojan-activity; sid:37511141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 207.32.217.170 2004 (msg: "MISP e26686 [1GSERVERS,AS14315,c2,censys,RAT] Outgoing To IP: 207.32.217.170|2004"; classtype:trojan-activity; sid:37511151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 186.112.207.226 2404 (msg: "MISP e26686 [AS3816,c2,censys,RAT] Outgoing To IP: 186.112.207.226|2404"; classtype:trojan-activity; sid:37511161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 186.112.207.226 8888 (msg: "MISP e26686 [AS3816,c2,censys,RAT] Outgoing To IP: 186.112.207.226|8888"; classtype:trojan-activity; sid:37511171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 38.242.236.116 8808 (msg: "MISP e26686 [AS51167,c2,censys,CONTABO,RAT] Outgoing To IP: 38.242.236.116|8808"; classtype:trojan-activity; sid:37511181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 34.176.21.185 8808 (msg: "MISP e26686 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,RAT] Outgoing To IP: 34.176.21.185|8808"; classtype:trojan-activity; sid:37511191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 89.117.21.203 8808 (msg: "MISP e26686 [AS40021,c2,censys,NL-811-40021,RAT] Outgoing To IP: 89.117.21.203|8808"; classtype:trojan-activity; sid:37511201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 186.170.98.239 2404 (msg: "MISP e26686 [AS3816,c2,censys,RAT] Outgoing To IP: 186.170.98.239|2404"; classtype:trojan-activity; sid:37511211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 186.170.98.239 8888 (msg: "MISP e26686 [AS3816,c2,censys,RAT] Outgoing To IP: 186.170.98.239|8888"; classtype:trojan-activity; sid:37511221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 193.26.115.42 6606 (msg: "MISP e26686 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 193.26.115.42|6606"; classtype:trojan-activity; sid:37511231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 193.26.115.42 7707 (msg: "MISP e26686 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 193.26.115.42|7707"; classtype:trojan-activity; sid:37511241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 207.231.111.88 6606 (msg: "MISP e26686 [AS62633,c2,censys,RAT,SERVERDIME-SERVERCHEAP-HOSTRUSH] Outgoing To IP: 207.231.111.88|6606"; classtype:trojan-activity; sid:37511251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 207.231.111.88 7707 (msg: "MISP e26686 [AS62633,c2,censys,RAT,SERVERDIME-SERVERCHEAP-HOSTRUSH] Outgoing To IP: 207.231.111.88|7707"; classtype:trojan-activity; sid:37511261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 147.124.213.188 6006 (msg: "MISP e26686 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 147.124.213.188|6006"; classtype:trojan-activity; sid:37511271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 147.124.213.188 8008 (msg: "MISP e26686 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 147.124.213.188|8008"; classtype:trojan-activity; sid:37511281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 147.124.213.188 4444 (msg: "MISP e26686 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 147.124.213.188|4444"; classtype:trojan-activity; sid:37511291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 147.135.97.94 8808 (msg: "MISP e26686 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 147.135.97.94|8808"; classtype:trojan-activity; sid:37511301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 147.135.97.94 7707 (msg: "MISP e26686 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 147.135.97.94|7707"; classtype:trojan-activity; sid:37511311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 206.123.135.63 2020 (msg: "MISP e26686 [AS3223,c2,censys,RAT,VOXILITY] Outgoing To IP: 206.123.135.63|2020"; classtype:trojan-activity; sid:37511321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 192.250.225.3 7000 (msg: "MISP e26686 [AS14670,c2,censys,RAT,WHG-USE1] Outgoing To IP: 192.250.225.3|7000"; classtype:trojan-activity; sid:37511331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 91.92.242.57 8008 (msg: "MISP e26686 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.242.57|8008"; classtype:trojan-activity; sid:37511341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 213.195.118.64 4001 (msg: "MISP e26686 [AS15704,c2,censys,RAT] Outgoing To IP: 213.195.118.64|4001"; classtype:trojan-activity; sid:37511351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 46.246.4.7 2000 (msg: "MISP e26686 [AS42708,c2,censys,RAT] Outgoing To IP: 46.246.4.7|2000"; classtype:trojan-activity; sid:37511361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 38.60.249.75 7443 (msg: "MISP e26686 [AS138915,c2,censys,Mythic] Outgoing To IP: 38.60.249.75|7443"; classtype:trojan-activity; sid:37511371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Domain kitrknis.com"; dns.query; content:"kitrknis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kitrknis\.com$/i"; classtype:trojan-activity; sid:37511381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing HTTP Domain kitrknis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kitrknis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kitrknis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 38.60.216.65 7443 (msg: "MISP e26686 [AS138915,c2,censys,Mythic] Outgoing To IP: 38.60.216.65|7443"; classtype:trojan-activity; sid:37511391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Domain trainlog.de"; dns.query; content:"trainlog.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])trainlog\.de$/i"; classtype:trojan-activity; sid:37511401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing HTTP Domain trainlog.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trainlog.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trainlog\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 178.62.237.92 7443 (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 178.62.237.92|7443"; classtype:trojan-activity; sid:37511411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 91.92.240.49 80 (msg: "MISP e26686 [AS394711,c2,censys,HookBot,LIMENET] Outgoing To IP: 91.92.240.49|80"; classtype:trojan-activity; sid:37511421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 37.46.132.116 80 (msg: "MISP e26686 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 37.46.132.116|80"; classtype:trojan-activity; sid:37511431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 46.149.77.191 80 (msg: "MISP e26686 [AS216071,c2,censys,HookBot,VDSINA] Outgoing To IP: 46.149.77.191|80"; classtype:trojan-activity; sid:37511441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain evgenytchurakin3.fvds.ru"; dns.query; content:"evgenytchurakin3.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin3\.fvds\.ru$/i"; classtype:trojan-activity; sid:37511451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain evgenytchurakin3.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"evgenytchurakin3.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin3\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain kozak.timur.fvds.ru"; dns.query; content:"kozak.timur.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])kozak\.timur\.fvds\.ru$/i"; classtype:trojan-activity; sid:37511461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain kozak.timur.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kozak.timur.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kozak\.timur\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 94.156.67.40 80 (msg: "MISP e26686 [AS394711,c2,censys,HookBot,LIMENET] Outgoing To IP: 94.156.67.40|80"; classtype:trojan-activity; sid:37511471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 176.123.169.239 80 (msg: "MISP e26686 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 176.123.169.239|80"; classtype:trojan-activity; sid:37511481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Domain nv567.net"; dns.query; content:"nv567.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])nv567\.net$/i"; classtype:trojan-activity; sid:37511491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Outgoing HTTP Domain nv567.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nv567.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nv567\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 193.233.132.223 8081 (msg: "MISP e26686 [AS216319,c2,censys,SUNHOST-AS] Outgoing To IP: 193.233.132.223|8081"; classtype:trojan-activity; sid:37511501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 193.233.132.190 8081 (msg: "MISP e26686 [AS216319,c2,censys,SUNHOST-AS] Outgoing To IP: 193.233.132.190|8081"; classtype:trojan-activity; sid:37511511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 190.9.208.167 8081 (msg: "MISP e26686 [AS13489,c2,censys,RAT] Outgoing To IP: 190.9.208.167|8081"; classtype:trojan-activity; sid:37511521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 192.121.102.70 443 (msg: "MISP e26686 [AS1299,c2,censys,RAT] Outgoing To IP: 192.121.102.70|443"; classtype:trojan-activity; sid:37511531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 51.103.213.60 8080 (msg: "MISP e26686 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT] Outgoing To IP: 51.103.213.60|8080"; classtype:trojan-activity; sid:37511541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 50.34.48.26 4444 (msg: "MISP e26686 [AS-WHOLESAIL,AS20055,c2,censys,RAT] Outgoing To IP: 50.34.48.26|4444"; classtype:trojan-activity; sid:37511551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 94.156.69.145 7000 (msg: "MISP e26686 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 94.156.69.145|7000"; classtype:trojan-activity; sid:37511561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AMAZON-02,AS16509,c2,censys,RAT] Domain ec2-3-99-102-8.ca-central-1.compute.amazonaws.com"; dns.query; content:"ec2-3-99-102-8.ca-central-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-99\-102\-8\.ca\-central\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37511571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AMAZON-02,AS16509,c2,censys,RAT] Outgoing HTTP Domain ec2-3-99-102-8.ca-central-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-99-102-8.ca-central-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-99\-102\-8\.ca\-central\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS40021,c2,censys,NL-811-40021,RAT] Domain vmi1502970.contaboserver.net"; dns.query; content:"vmi1502970.contaboserver.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1502970\.contaboserver\.net$/i"; classtype:trojan-activity; sid:37511581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS40021,c2,censys,NL-811-40021,RAT] Outgoing HTTP Domain vmi1502970.contaboserver.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi1502970.contaboserver.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1502970\.contaboserver\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS51167,c2,censys,CONTABO,RAT] Domain vmi1528797.contaboserver.net"; dns.query; content:"vmi1528797.contaboserver.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1528797\.contaboserver\.net$/i"; classtype:trojan-activity; sid:37511591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS51167,c2,censys,CONTABO,RAT] Outgoing HTTP Domain vmi1528797.contaboserver.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi1528797.contaboserver.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1528797\.contaboserver\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 146.190.103.72 8080 (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN,RAT] Outgoing To IP: 146.190.103.72|8080"; classtype:trojan-activity; sid:37511601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 213.176.29.29 10000 (msg: "MISP e26686 [AS59441,c2,censys,HOSTIRAN-NETWORK,RAT] Outgoing To IP: 213.176.29.29|10000"; classtype:trojan-activity; sid:37511611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 141.94.221.216 443 (msg: "MISP e26686 [AS16276,c2,censys,OVH] Outgoing To IP: 141.94.221.216|443"; classtype:trojan-activity; sid:37511621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS-CHOOPA,AS20473,c2,censys] Domain www2.laboratoriodiagnosticoescobar.com"; dns.query; content:"www2.laboratoriodiagnosticoescobar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www2\.laboratoriodiagnosticoescobar\.com$/i"; classtype:trojan-activity; sid:37511631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS-CHOOPA,AS20473,c2,censys] Outgoing HTTP Domain www2.laboratoriodiagnosticoescobar.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www2.laboratoriodiagnosticoescobar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www2\.laboratoriodiagnosticoescobar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 146.70.79.64 443 (msg: "MISP e26686 [AS9009,c2,censys,M247] Outgoing To IP: 146.70.79.64|443"; classtype:trojan-activity; sid:37511641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 45.63.120.163 443 (msg: "MISP e26686 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 45.63.120.163|443"; classtype:trojan-activity; sid:37511651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS-CHOOPA,AS20473,c2,censys] Domain ciscointernship.com"; dns.query; content:"ciscointernship.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ciscointernship\.com$/i"; classtype:trojan-activity; sid:37511661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS-CHOOPA,AS20473,c2,censys] Outgoing HTTP Domain ciscointernship.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ciscointernship.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ciscointernship\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AMAZON-02,AS16509,c2,censys] Domain ec2-13-233-144-170.ap-south-1.compute.amazonaws.com"; dns.query; content:"ec2-13-233-144-170.ap-south-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-233\-144\-170\.ap\-south\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37511671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-13-233-144-170.ap-south-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-233-144-170.ap-south-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-233\-144\-170\.ap\-south\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS30823,c2,censys] Domain vps-zap1030125-1.zap-srv.com"; dns.query; content:"vps-zap1030125-1.zap-srv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap1030125\-1\.zap\-srv\.com$/i"; classtype:trojan-activity; sid:37511681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS30823,c2,censys] Outgoing HTTP Domain vps-zap1030125-1.zap-srv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vps-zap1030125-1.zap-srv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap1030125\-1\.zap\-srv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 185.236.234.129 80 (msg: "MISP e26686 [AS44477,c2,censys,STARK-INDUSTRIES] Outgoing To IP: 185.236.234.129|80"; classtype:trojan-activity; sid:37511691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 139.84.137.249 443 (msg: "MISP e26686 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 139.84.137.249|443"; classtype:trojan-activity; sid:37511701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS30823,c2,censys] Domain vps-zap859144-11.zap-srv.com"; dns.query; content:"vps-zap859144-11.zap-srv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap859144\-11\.zap\-srv\.com$/i"; classtype:trojan-activity; sid:37511711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS30823,c2,censys] Outgoing HTTP Domain vps-zap859144-11.zap-srv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vps-zap859144-11.zap-srv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap859144\-11\.zap\-srv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain reneesellers.autos"; dns.query; content:"reneesellers.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])reneesellers\.autos$/i"; classtype:trojan-activity; sid:37511721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain reneesellers.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reneesellers.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reneesellers\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Domain 109.179.76.34.bc.googleusercontent.com"; dns.query; content:"109.179.76.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])109\.179\.76\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37511731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing HTTP Domain 109.179.76.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"109.179.76.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])109\.179\.76\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain maribelgould.autos"; dns.query; content:"maribelgould.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])maribelgould\.autos$/i"; classtype:trojan-activity; sid:37511741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain maribelgould.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maribelgould.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maribelgould\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain 24-199-107-91.ipv4.staticdns3.io"; dns.query; content:"24-199-107-91.ipv4.staticdns3.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])24\-199\-107\-91\.ipv4\.staticdns3\.io$/i"; classtype:trojan-activity; sid:37511751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain 24-199-107-91.ipv4.staticdns3.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"24-199-107-91.ipv4.staticdns3.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])24\-199\-107\-91\.ipv4\.staticdns3\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [ALEXHOST,AS200019,c2,censys] Domain smtracking.suparamining.swp23.com"; dns.query; content:"smtracking.suparamining.swp23.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])smtracking\.suparamining\.swp23\.com$/i"; classtype:trojan-activity; sid:37511761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [ALEXHOST,AS200019,c2,censys] Outgoing HTTP Domain smtracking.suparamining.swp23.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smtracking.suparamining.swp23.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smtracking\.suparamining\.swp23\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS13335,c2,censys,CLOUDFLARENET] Domain linki.one"; dns.query; content:"linki.one"; nocase; pcre: "/(^|[^A-Za-z0-9-])linki\.one$/i"; classtype:trojan-activity; sid:37511771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS13335,c2,censys,CLOUDFLARENET] Outgoing HTTP Domain linki.one"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"linki.one"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])linki\.one[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain www.reneesellers.autos"; dns.query; content:"www.reneesellers.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.reneesellers\.autos$/i"; classtype:trojan-activity; sid:37511781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain www.reneesellers.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.reneesellers.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.reneesellers\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 178.168.70.101 443 (msg: "MISP e26686 [AS31252,c2,censys,RAT,STARNET-AS] Outgoing To IP: 178.168.70.101|443"; classtype:trojan-activity; sid:37511791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 192.71.172.113 8888 (msg: "MISP e26686 [AS1299,c2,censys,RAT] Outgoing To IP: 192.71.172.113|8888"; classtype:trojan-activity; sid:37511801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 147.189.161.48 4444 (msg: "MISP e26686 [AS212083,c2,censys,EVOXT,RAT] Outgoing To IP: 147.189.161.48|4444"; classtype:trojan-activity; sid:37511811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 45.148.4.18 8888 (msg: "MISP e26686 [AS1299,c2,censys,RAT] Outgoing To IP: 45.148.4.18|8888"; classtype:trojan-activity; sid:37511821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AMAZON-02,AS16509,c2,censys,L3MON] Domain ec2-43-204-230-44.ap-south-1.compute.amazonaws.com"; dns.query; content:"ec2-43-204-230-44.ap-south-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-43\-204\-230\-44\.ap\-south\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37511831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AMAZON-02,AS16509,c2,censys,L3MON] Outgoing HTTP Domain ec2-43-204-230-44.ap-south-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-43-204-230-44.ap-south-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-43\-204\-230\-44\.ap\-south\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 197.82.164.175 4444 (msg: "MISP e26686 [AS10474,c2,censys,OPTINET,RAT] Outgoing To IP: 197.82.164.175|4444"; classtype:trojan-activity; sid:37511841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 34.16.134.132 80 (msg: "MISP e26686 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.16.134.132|80"; classtype:trojan-activity; sid:37511851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 77.105.132.32 80 (msg: "MISP e26686 [AS215481,c2,censys,Silence] Outgoing To IP: 77.105.132.32|80"; classtype:trojan-activity; sid:37511861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 45.136.6.149 80 (msg: "MISP e26686 [AS212219,c2,censys] Outgoing To IP: 45.136.6.149|80"; classtype:trojan-activity; sid:37511871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 34.118.125.155 5000 (msg: "MISP e26686 [AS396982,botnet,byob,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.118.125.155|5000"; classtype:trojan-activity; sid:37511881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 109.107.161.51 5000 (msg: "MISP e26686 [AS216334,botnet,byob,c2,censys,LANDVPS-AS] Outgoing To IP: 109.107.161.51|5000"; classtype:trojan-activity; sid:37511891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AEZA-AS,AS210644,c2,censys,stealer] Domain 147.45.42.25.sslip.io"; dns.query; content:"147.45.42.25.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])147\.45\.42\.25\.sslip\.io$/i"; classtype:trojan-activity; sid:37511901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AEZA-AS,AS210644,c2,censys,stealer] Outgoing HTTP Domain 147.45.42.25.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"147.45.42.25.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])147\.45\.42\.25\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 54.234.189.192 443 (msg: "MISP e26686 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 54.234.189.192|443"; classtype:trojan-activity; sid:37511911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-18-206-73-190.compute-1.amazonaws.com"; dns.query; content:"ec2-18-206-73-190.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-206\-73\-190\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37511921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-18-206-73-190.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-18-206-73-190.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-206\-73\-190\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 39.134.69.79 17080 (msg: "MISP e26686 [AS56046,c2,censys] Outgoing To IP: 39.134.69.79|17080"; classtype:trojan-activity; sid:37511931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 51.250.71.111 443 (msg: "MISP e26686 [AS200350,c2,censys,YANDEXCLOUD] Outgoing To IP: 51.250.71.111|443"; classtype:trojan-activity; sid:37511941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 103.180.149.224 80 (msg: "MISP e26686 [AS140803,c2,censys] Outgoing To IP: 103.180.149.224|80"; classtype:trojan-activity; sid:37511951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 93.0.93.225 80 (msg: "MISP e26686 [AS15557,c2,censys,LDCOMNET,UNAM] Outgoing To IP: 93.0.93.225|80"; classtype:trojan-activity; sid:37511961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS-HOSTINGER,AS47583,c2,censys,UNAM] Domain www.sanctamsolutions.com"; dns.query; content:"www.sanctamsolutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sanctamsolutions\.com$/i"; classtype:trojan-activity; sid:37511971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS-HOSTINGER,AS47583,c2,censys,UNAM] Outgoing HTTP Domain www.sanctamsolutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.sanctamsolutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sanctamsolutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37511972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 94.156.8.46 80 (msg: "MISP e26686 [AS216289,c2,censys,SIRCROSAR-NET,UNAM] Outgoing To IP: 94.156.8.46|80"; classtype:trojan-activity; sid:37511981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 94.156.8.46 443 (msg: "MISP e26686 [AS216289,c2,censys,SIRCROSAR-NET,UNAM] Outgoing To IP: 94.156.8.46|443"; classtype:trojan-activity; sid:37511991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 92.246.137.230 80 (msg: "MISP e26686 [AEZA-AS,AS210644,c2,censys,UNAM] Outgoing To IP: 92.246.137.230|80"; classtype:trojan-activity; sid:37512001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 91.92.241.253 80 (msg: "MISP e26686 [AS394711,c2,censys,LIMENET,UNAM] Outgoing To IP: 91.92.241.253|80"; classtype:trojan-activity; sid:37512011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 91.92.241.253 443 (msg: "MISP e26686 [AS394711,c2,censys,LIMENET,UNAM] Outgoing To IP: 91.92.241.253|443"; classtype:trojan-activity; sid:37512021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 58.59.222.234 60000 (msg: "MISP e26686 [AS4134,censys,Viper] Outgoing To IP: 58.59.222.234|60000"; classtype:trojan-activity; sid:37512031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 82.97.251.102 60000 (msg: "MISP e26686 [AS9123,censys,TIMEWEB-AS,Viper] Outgoing To IP: 82.97.251.102|60000"; classtype:trojan-activity; sid:37512041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 180.113.169.93 8008 (msg: "MISP e26686 [AS4134,censys,Viper] Outgoing To IP: 180.113.169.93|8008"; classtype:trojan-activity; sid:37512051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 106.14.24.198 60000 (msg: "MISP e26686 [AS37963,censys,Viper] Outgoing To IP: 106.14.24.198|60000"; classtype:trojan-activity; sid:37512061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 154.92.18.140 60000 (msg: "MISP e26686 [AS142403,censys,Viper] Outgoing To IP: 154.92.18.140|60000"; classtype:trojan-activity; sid:37512071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 172.245.131.108 60000 (msg: "MISP e26686 [AS-COLOCROSSING,AS36352,censys,Viper] Outgoing To IP: 172.245.131.108|60000"; classtype:trojan-activity; sid:37512081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 43.136.242.247 60000 (msg: "MISP e26686 [AS45090,censys,Viper] Outgoing To IP: 43.136.242.247|60000"; classtype:trojan-activity; sid:37512091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 39.106.145.100 60000 (msg: "MISP e26686 [AS37963,censys,Viper] Outgoing To IP: 39.106.145.100|60000"; classtype:trojan-activity; sid:37512101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,phishing] Domain 159-223-204-229.ipv4.staticdns2.io"; dns.query; content:"159-223-204-229.ipv4.staticdns2.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])159\-223\-204\-229\.ipv4\.staticdns2\.io$/i"; classtype:trojan-activity; sid:37512111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,phishing] Outgoing HTTP Domain 159-223-204-229.ipv4.staticdns2.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"159-223-204-229.ipv4.staticdns2.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])159\-223\-204\-229\.ipv4\.staticdns2\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37512112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain charming-wright.142-11-199-59.plesk.page"; dns.query; content:"charming-wright.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])charming\-wright\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37512121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain charming-wright.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"charming-wright.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])charming\-wright\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37512122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain mail.deenpel.com"; dns.query; content:"mail.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.deenpel\.com$/i"; classtype:trojan-activity; sid:37512131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain mail.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37512132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain analytics.deenpel.com"; dns.query; content:"analytics.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])analytics\.deenpel\.com$/i"; classtype:trojan-activity; sid:37512141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain analytics.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"analytics.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])analytics\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37512142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [AS-CHOOPA,AS20473,censys,EvilGinx,phishing] Domain microsoft-fonts.net"; dns.query; content:"microsoft-fonts.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])microsoft\-fonts\.net$/i"; classtype:trojan-activity; sid:37512151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [AS-CHOOPA,AS20473,censys,EvilGinx,phishing] Outgoing HTTP Domain microsoft-fonts.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"microsoft-fonts.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])microsoft\-fonts\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37512152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 20.47.112.27 3333 (msg: "MISP e26686 [AS8069,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.47.112.27|3333"; classtype:trojan-activity; sid:37512161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 139.199.168.248 3333 (msg: "MISP e26686 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 139.199.168.248|3333"; classtype:trojan-activity; sid:37512171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 82.67.20.246 80 (msg: "MISP e26686 [AS12322,censys,GoPhish,phishing,PROXAD] Outgoing To IP: 82.67.20.246|80"; classtype:trojan-activity; sid:37512181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 137.184.239.148 3333 (msg: "MISP e26686 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 137.184.239.148|3333"; classtype:trojan-activity; sid:37512191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 101.52.133.2 8443 (msg: "MISP e26686 [AS45079,censys,GoPhish,phishing] Outgoing To IP: 101.52.133.2|8443"; classtype:trojan-activity; sid:37512201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 18.208.197.178 3333 (msg: "MISP e26686 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 18.208.197.178|3333"; classtype:trojan-activity; sid:37512211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 34.206.107.177 443 (msg: "MISP e26686 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 34.206.107.177|443"; classtype:trojan-activity; sid:37512221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 13.245.182.184 443 (msg: "MISP e26686 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 13.245.182.184|443"; classtype:trojan-activity; sid:37512231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 115.159.198.207 3333 (msg: "MISP e26686 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 115.159.198.207|3333"; classtype:trojan-activity; sid:37512241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 143.110.153.37 3333 (msg: "MISP e26686 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 143.110.153.37|3333"; classtype:trojan-activity; sid:37512251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 44.217.121.181 443 (msg: "MISP e26686 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 44.217.121.181|443"; classtype:trojan-activity; sid:37512261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 212.44.236.195 443 (msg: "MISP e26686 [AS8921,censys,FR-OC3NETWORK,GoPhish,phishing] Outgoing To IP: 212.44.236.195|443"; classtype:trojan-activity; sid:37512271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 193.106.196.165 443 (msg: "MISP e26686 [AS48678,censys,GoPhish,phishing,TR-PENTECH-AS] Outgoing To IP: 193.106.196.165|443"; classtype:trojan-activity; sid:37512281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 172.166.231.240 3333 (msg: "MISP e26686 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 172.166.231.240|3333"; classtype:trojan-activity; sid:37512291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 35.91.153.140 3333 (msg: "MISP e26686 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 35.91.153.140|3333"; classtype:trojan-activity; sid:37512301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 167.99.92.251 9999 (msg: "MISP e26686 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 167.99.92.251|9999"; classtype:trojan-activity; sid:37512311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 34.247.215.92 3333 (msg: "MISP e26686 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 34.247.215.92|3333"; classtype:trojan-activity; sid:37512321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 172.234.228.130 1724 (msg: "MISP e26686 [AS63949,censys,GoPhish,phishing] Outgoing To IP: 172.234.228.130|1724"; classtype:trojan-activity; sid:37512331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 51.81.237.25 3333 (msg: "MISP e26686 [AS16276,censys,GoPhish,OVH,phishing] Outgoing To IP: 51.81.237.25|3333"; classtype:trojan-activity; sid:37512341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 43.139.192.157 4444 (msg: "MISP e26686 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 43.139.192.157|4444"; classtype:trojan-activity; sid:37512351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 3.110.143.241 3333 (msg: "MISP e26686 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.110.143.241|3333"; classtype:trojan-activity; sid:37512361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 172.174.252.134 3333 (msg: "MISP e26686 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 172.174.252.134|3333"; classtype:trojan-activity; sid:37512371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 52.29.64.25 80 (msg: "MISP e26686 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 52.29.64.25|80"; classtype:trojan-activity; sid:37512381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 52.29.64.25 443 (msg: "MISP e26686 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 52.29.64.25|443"; classtype:trojan-activity; sid:37512391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 52.18.172.73 443 (msg: "MISP e26686 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 52.18.172.73|443"; classtype:trojan-activity; sid:37512401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 176.98.250.99 3333 (msg: "MISP e26686 [AS62099,censys,GoPhish,JMNET,phishing] Outgoing To IP: 176.98.250.99|3333"; classtype:trojan-activity; sid:37512411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 35.157.195.58 80 (msg: "MISP e26686 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 35.157.195.58|80"; classtype:trojan-activity; sid:37512421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 139.59.57.167 8888 (msg: "MISP e26686 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 139.59.57.167|8888"; classtype:trojan-activity; sid:37512431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 24.212.223.72 3333 (msg: "MISP e26686 [AS5645,censys,GoPhish,phishing,TEKSAVVY] Outgoing To IP: 24.212.223.72|3333"; classtype:trojan-activity; sid:37512441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 1.12.64.19 53333 (msg: "MISP e26686 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 1.12.64.19|53333"; classtype:trojan-activity; sid:37512451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 18.135.30.45 4024 (msg: "MISP e26686 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 18.135.30.45|4024"; classtype:trojan-activity; sid:37512461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 54.83.238.42 443 (msg: "MISP e26686 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 54.83.238.42|443"; classtype:trojan-activity; sid:37512471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 3.120.71.192 80 (msg: "MISP e26686 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.120.71.192|80"; classtype:trojan-activity; sid:37512481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 185.161.248.231 443 (msg: "MISP e26686 [AS49202,AveMariaRAT,c2,censys,KISARA-AS,RAT] Outgoing To IP: 185.161.248.231|443"; classtype:trojan-activity; sid:37512491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 210.16.120.210 53 (msg: "MISP e26686 [AS7489,c2,censys] Outgoing To IP: 210.16.120.210|53"; classtype:trojan-activity; sid:37512501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 78.168.81.13 443 (msg: "MISP e26686 [AS9121,c2,censys,TTNET] Outgoing To IP: 78.168.81.13|443"; classtype:trojan-activity; sid:37512511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 78.168.81.13 443 (msg: "MISP e26671 [] Outgoing To IP: 78.168.81.13|443"; classtype:trojan-activity; sid:37548121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 210.16.120.210 53 (msg: "MISP e26671 [] Outgoing To IP: 210.16.120.210|53"; classtype:trojan-activity; sid:37548131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 185.161.248.231 443 (msg: "MISP e26671 [] Outgoing To IP: 185.161.248.231|443"; classtype:trojan-activity; sid:37548141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.120.71.192 80 (msg: "MISP e26671 [] Outgoing To IP: 3.120.71.192|80"; classtype:trojan-activity; sid:37548151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 54.83.238.42 443 (msg: "MISP e26671 [] Outgoing To IP: 54.83.238.42|443"; classtype:trojan-activity; sid:37548161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 18.135.30.45 4024 (msg: "MISP e26671 [] Outgoing To IP: 18.135.30.45|4024"; classtype:trojan-activity; sid:37548171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 1.12.64.19 53333 (msg: "MISP e26671 [] Outgoing To IP: 1.12.64.19|53333"; classtype:trojan-activity; sid:37548181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 24.212.223.72 3333 (msg: "MISP e26671 [] Outgoing To IP: 24.212.223.72|3333"; classtype:trojan-activity; sid:37548191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 139.59.57.167 8888 (msg: "MISP e26671 [] Outgoing To IP: 139.59.57.167|8888"; classtype:trojan-activity; sid:37548201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 176.98.250.99 3333 (msg: "MISP e26671 [] Outgoing To IP: 176.98.250.99|3333"; classtype:trojan-activity; sid:37548211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 35.157.195.58 80 (msg: "MISP e26671 [] Outgoing To IP: 35.157.195.58|80"; classtype:trojan-activity; sid:37548221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 52.18.172.73 443 (msg: "MISP e26671 [] Outgoing To IP: 52.18.172.73|443"; classtype:trojan-activity; sid:37548231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 52.29.64.25 443 (msg: "MISP e26671 [] Outgoing To IP: 52.29.64.25|443"; classtype:trojan-activity; sid:37548241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 52.29.64.25 80 (msg: "MISP e26671 [] Outgoing To IP: 52.29.64.25|80"; classtype:trojan-activity; sid:37548251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 172.174.252.134 3333 (msg: "MISP e26671 [] Outgoing To IP: 172.174.252.134|3333"; classtype:trojan-activity; sid:37548261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 43.139.192.157 4444 (msg: "MISP e26671 [] Outgoing To IP: 43.139.192.157|4444"; classtype:trojan-activity; sid:37548271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.110.143.241 3333 (msg: "MISP e26671 [] Outgoing To IP: 3.110.143.241|3333"; classtype:trojan-activity; sid:37548281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 51.81.237.25 3333 (msg: "MISP e26671 [] Outgoing To IP: 51.81.237.25|3333"; classtype:trojan-activity; sid:37548291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 172.234.228.130 1724 (msg: "MISP e26671 [] Outgoing To IP: 172.234.228.130|1724"; classtype:trojan-activity; sid:37548301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 34.247.215.92 3333 (msg: "MISP e26671 [] Outgoing To IP: 34.247.215.92|3333"; classtype:trojan-activity; sid:37548311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 167.99.92.251 9999 (msg: "MISP e26671 [] Outgoing To IP: 167.99.92.251|9999"; classtype:trojan-activity; sid:37548321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 35.91.153.140 3333 (msg: "MISP e26671 [] Outgoing To IP: 35.91.153.140|3333"; classtype:trojan-activity; sid:37548331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 172.166.231.240 3333 (msg: "MISP e26671 [] Outgoing To IP: 172.166.231.240|3333"; classtype:trojan-activity; sid:37548341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 193.106.196.165 443 (msg: "MISP e26671 [] Outgoing To IP: 193.106.196.165|443"; classtype:trojan-activity; sid:37548351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 212.44.236.195 443 (msg: "MISP e26671 [] Outgoing To IP: 212.44.236.195|443"; classtype:trojan-activity; sid:37548361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 44.217.121.181 443 (msg: "MISP e26671 [] Outgoing To IP: 44.217.121.181|443"; classtype:trojan-activity; sid:37548371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 143.110.153.37 3333 (msg: "MISP e26671 [] Outgoing To IP: 143.110.153.37|3333"; classtype:trojan-activity; sid:37548381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 115.159.198.207 3333 (msg: "MISP e26671 [] Outgoing To IP: 115.159.198.207|3333"; classtype:trojan-activity; sid:37548391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 13.245.182.184 443 (msg: "MISP e26671 [] Outgoing To IP: 13.245.182.184|443"; classtype:trojan-activity; sid:37548401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 34.206.107.177 443 (msg: "MISP e26671 [] Outgoing To IP: 34.206.107.177|443"; classtype:trojan-activity; sid:37548411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 18.208.197.178 3333 (msg: "MISP e26671 [] Outgoing To IP: 18.208.197.178|3333"; classtype:trojan-activity; sid:37548421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 101.52.133.2 8443 (msg: "MISP e26671 [] Outgoing To IP: 101.52.133.2|8443"; classtype:trojan-activity; sid:37548431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 137.184.239.148 3333 (msg: "MISP e26671 [] Outgoing To IP: 137.184.239.148|3333"; classtype:trojan-activity; sid:37548441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 82.67.20.246 80 (msg: "MISP e26671 [] Outgoing To IP: 82.67.20.246|80"; classtype:trojan-activity; sid:37548451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 20.47.112.27 3333 (msg: "MISP e26671 [] Outgoing To IP: 20.47.112.27|3333"; classtype:trojan-activity; sid:37548461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 139.199.168.248 3333 (msg: "MISP e26671 [] Outgoing To IP: 139.199.168.248|3333"; classtype:trojan-activity; sid:37548471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain analytics.deenpel.com"; dns.query; content:"analytics.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])analytics\.deenpel\.com$/i"; classtype:trojan-activity; sid:37548481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain analytics.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"analytics.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])analytics\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain microsoft-fonts.net"; dns.query; content:"microsoft-fonts.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])microsoft\-fonts\.net$/i"; classtype:trojan-activity; sid:37548491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain microsoft-fonts.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"microsoft-fonts.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])microsoft\-fonts\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain mail.deenpel.com"; dns.query; content:"mail.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.deenpel\.com$/i"; classtype:trojan-activity; sid:37548501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain mail.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain 159-223-204-229.ipv4.staticdns2.io"; dns.query; content:"159-223-204-229.ipv4.staticdns2.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])159\-223\-204\-229\.ipv4\.staticdns2\.io$/i"; classtype:trojan-activity; sid:37548511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain 159-223-204-229.ipv4.staticdns2.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"159-223-204-229.ipv4.staticdns2.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])159\-223\-204\-229\.ipv4\.staticdns2\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain charming-wright.142-11-199-59.plesk.page"; dns.query; content:"charming-wright.142-11-199-59.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])charming\-wright\.142\-11\-199\-59\.plesk\.page$/i"; classtype:trojan-activity; sid:37548521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain charming-wright.142-11-199-59.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"charming-wright.142-11-199-59.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])charming\-wright\.142\-11\-199\-59\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 39.106.145.100 60000 (msg: "MISP e26671 [] Outgoing To IP: 39.106.145.100|60000"; classtype:trojan-activity; sid:37548531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 43.136.242.247 60000 (msg: "MISP e26671 [] Outgoing To IP: 43.136.242.247|60000"; classtype:trojan-activity; sid:37548541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 172.245.131.108 60000 (msg: "MISP e26671 [] Outgoing To IP: 172.245.131.108|60000"; classtype:trojan-activity; sid:37548551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 106.14.24.198 60000 (msg: "MISP e26671 [] Outgoing To IP: 106.14.24.198|60000"; classtype:trojan-activity; sid:37548561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 154.92.18.140 60000 (msg: "MISP e26671 [] Outgoing To IP: 154.92.18.140|60000"; classtype:trojan-activity; sid:37548571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 180.113.169.93 8008 (msg: "MISP e26671 [] Outgoing To IP: 180.113.169.93|8008"; classtype:trojan-activity; sid:37548581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 58.59.222.234 60000 (msg: "MISP e26671 [] Outgoing To IP: 58.59.222.234|60000"; classtype:trojan-activity; sid:37548591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 82.97.251.102 60000 (msg: "MISP e26671 [] Outgoing To IP: 82.97.251.102|60000"; classtype:trojan-activity; sid:37548601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 91.92.241.253 80 (msg: "MISP e26671 [] Outgoing To IP: 91.92.241.253|80"; classtype:trojan-activity; sid:37548611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 91.92.241.253 443 (msg: "MISP e26671 [] Outgoing To IP: 91.92.241.253|443"; classtype:trojan-activity; sid:37548621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 92.246.137.230 80 (msg: "MISP e26671 [] Outgoing To IP: 92.246.137.230|80"; classtype:trojan-activity; sid:37548631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 94.156.8.46 443 (msg: "MISP e26671 [] Outgoing To IP: 94.156.8.46|443"; classtype:trojan-activity; sid:37548641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain www.sanctamsolutions.com"; dns.query; content:"www.sanctamsolutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sanctamsolutions\.com$/i"; classtype:trojan-activity; sid:37548651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain www.sanctamsolutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.sanctamsolutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sanctamsolutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 94.156.8.46 80 (msg: "MISP e26671 [] Outgoing To IP: 94.156.8.46|80"; classtype:trojan-activity; sid:37548661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 93.0.93.225 80 (msg: "MISP e26671 [] Outgoing To IP: 93.0.93.225|80"; classtype:trojan-activity; sid:37548671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 103.180.149.224 80 (msg: "MISP e26671 [] Outgoing To IP: 103.180.149.224|80"; classtype:trojan-activity; sid:37548681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 51.250.71.111 443 (msg: "MISP e26671 [] Outgoing To IP: 51.250.71.111|443"; classtype:trojan-activity; sid:37548691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 39.134.69.79 17080 (msg: "MISP e26671 [] Outgoing To IP: 39.134.69.79|17080"; classtype:trojan-activity; sid:37548701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 54.234.189.192 443 (msg: "MISP e26671 [] Outgoing To IP: 54.234.189.192|443"; classtype:trojan-activity; sid:37548711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain ec2-18-206-73-190.compute-1.amazonaws.com"; dns.query; content:"ec2-18-206-73-190.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-206\-73\-190\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37548721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain ec2-18-206-73-190.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-18-206-73-190.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-206\-73\-190\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain 147.45.42.25.sslip.io"; dns.query; content:"147.45.42.25.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])147\.45\.42\.25\.sslip\.io$/i"; classtype:trojan-activity; sid:37548731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain 147.45.42.25.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"147.45.42.25.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])147\.45\.42\.25\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 109.107.161.51 5000 (msg: "MISP e26671 [] Outgoing To IP: 109.107.161.51|5000"; classtype:trojan-activity; sid:37548741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 34.118.125.155 5000 (msg: "MISP e26671 [] Outgoing To IP: 34.118.125.155|5000"; classtype:trojan-activity; sid:37548751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 45.136.6.149 80 (msg: "MISP e26671 [] Outgoing To IP: 45.136.6.149|80"; classtype:trojan-activity; sid:37548761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 34.16.134.132 80 (msg: "MISP e26671 [] Outgoing To IP: 34.16.134.132|80"; classtype:trojan-activity; sid:37548771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 77.105.132.32 80 (msg: "MISP e26671 [] Outgoing To IP: 77.105.132.32|80"; classtype:trojan-activity; sid:37548781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 197.82.164.175 4444 (msg: "MISP e26671 [] Outgoing To IP: 197.82.164.175|4444"; classtype:trojan-activity; sid:37548791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain ec2-43-204-230-44.ap-south-1.compute.amazonaws.com"; dns.query; content:"ec2-43-204-230-44.ap-south-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-43\-204\-230\-44\.ap\-south\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37548801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain ec2-43-204-230-44.ap-south-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-43-204-230-44.ap-south-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-43\-204\-230\-44\.ap\-south\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 45.148.4.18 8888 (msg: "MISP e26671 [] Outgoing To IP: 45.148.4.18|8888"; classtype:trojan-activity; sid:37548811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 147.189.161.48 4444 (msg: "MISP e26671 [] Outgoing To IP: 147.189.161.48|4444"; classtype:trojan-activity; sid:37548821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 192.71.172.113 8888 (msg: "MISP e26671 [] Outgoing To IP: 192.71.172.113|8888"; classtype:trojan-activity; sid:37548831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 178.168.70.101 443 (msg: "MISP e26671 [] Outgoing To IP: 178.168.70.101|443"; classtype:trojan-activity; sid:37548841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain linki.one"; dns.query; content:"linki.one"; nocase; pcre: "/(^|[^A-Za-z0-9-])linki\.one$/i"; classtype:trojan-activity; sid:37548851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain linki.one"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"linki.one"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])linki\.one[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain www.reneesellers.autos"; dns.query; content:"www.reneesellers.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.reneesellers\.autos$/i"; classtype:trojan-activity; sid:37548861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain www.reneesellers.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.reneesellers.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.reneesellers\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain smtracking.suparamining.swp23.com"; dns.query; content:"smtracking.suparamining.swp23.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])smtracking\.suparamining\.swp23\.com$/i"; classtype:trojan-activity; sid:37548871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain smtracking.suparamining.swp23.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smtracking.suparamining.swp23.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smtracking\.suparamining\.swp23\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain 24-199-107-91.ipv4.staticdns3.io"; dns.query; content:"24-199-107-91.ipv4.staticdns3.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])24\-199\-107\-91\.ipv4\.staticdns3\.io$/i"; classtype:trojan-activity; sid:37548881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain 24-199-107-91.ipv4.staticdns3.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"24-199-107-91.ipv4.staticdns3.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])24\-199\-107\-91\.ipv4\.staticdns3\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain 109.179.76.34.bc.googleusercontent.com"; dns.query; content:"109.179.76.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])109\.179\.76\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37548891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain 109.179.76.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"109.179.76.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])109\.179\.76\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain maribelgould.autos"; dns.query; content:"maribelgould.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])maribelgould\.autos$/i"; classtype:trojan-activity; sid:37548901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain maribelgould.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maribelgould.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maribelgould\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain vps-zap859144-11.zap-srv.com"; dns.query; content:"vps-zap859144-11.zap-srv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap859144\-11\.zap\-srv\.com$/i"; classtype:trojan-activity; sid:37548911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain vps-zap859144-11.zap-srv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vps-zap859144-11.zap-srv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap859144\-11\.zap\-srv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain reneesellers.autos"; dns.query; content:"reneesellers.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])reneesellers\.autos$/i"; classtype:trojan-activity; sid:37548921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain reneesellers.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reneesellers.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reneesellers\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 185.236.234.129 80 (msg: "MISP e26671 [] Outgoing To IP: 185.236.234.129|80"; classtype:trojan-activity; sid:37548931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 139.84.137.249 443 (msg: "MISP e26671 [] Outgoing To IP: 139.84.137.249|443"; classtype:trojan-activity; sid:37548941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain vps-zap1030125-1.zap-srv.com"; dns.query; content:"vps-zap1030125-1.zap-srv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap1030125\-1\.zap\-srv\.com$/i"; classtype:trojan-activity; sid:37548951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain vps-zap1030125-1.zap-srv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vps-zap1030125-1.zap-srv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vps\-zap1030125\-1\.zap\-srv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain ciscointernship.com"; dns.query; content:"ciscointernship.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ciscointernship\.com$/i"; classtype:trojan-activity; sid:37548961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain ciscointernship.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ciscointernship.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ciscointernship\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain ec2-13-233-144-170.ap-south-1.compute.amazonaws.com"; dns.query; content:"ec2-13-233-144-170.ap-south-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-233\-144\-170\.ap\-south\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37548971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain ec2-13-233-144-170.ap-south-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-233-144-170.ap-south-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-233\-144\-170\.ap\-south\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37548972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 45.63.120.163 443 (msg: "MISP e26671 [] Outgoing To IP: 45.63.120.163|443"; classtype:trojan-activity; sid:37548981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 146.70.79.64 443 (msg: "MISP e26671 [] Outgoing To IP: 146.70.79.64|443"; classtype:trojan-activity; sid:37548991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain www2.laboratoriodiagnosticoescobar.com"; dns.query; content:"www2.laboratoriodiagnosticoescobar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www2\.laboratoriodiagnosticoescobar\.com$/i"; classtype:trojan-activity; sid:37549001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain www2.laboratoriodiagnosticoescobar.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www2.laboratoriodiagnosticoescobar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www2\.laboratoriodiagnosticoescobar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 141.94.221.216 443 (msg: "MISP e26671 [] Outgoing To IP: 141.94.221.216|443"; classtype:trojan-activity; sid:37549011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 213.176.29.29 10000 (msg: "MISP e26671 [] Outgoing To IP: 213.176.29.29|10000"; classtype:trojan-activity; sid:37549021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 146.190.103.72 8080 (msg: "MISP e26671 [] Outgoing To IP: 146.190.103.72|8080"; classtype:trojan-activity; sid:37549031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain vmi1502970.contaboserver.net"; dns.query; content:"vmi1502970.contaboserver.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1502970\.contaboserver\.net$/i"; classtype:trojan-activity; sid:37549041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain vmi1502970.contaboserver.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi1502970.contaboserver.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1502970\.contaboserver\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain vmi1528797.contaboserver.net"; dns.query; content:"vmi1528797.contaboserver.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1528797\.contaboserver\.net$/i"; classtype:trojan-activity; sid:37549051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain vmi1528797.contaboserver.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi1528797.contaboserver.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi1528797\.contaboserver\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 94.156.69.145 7000 (msg: "MISP e26671 [] Outgoing To IP: 94.156.69.145|7000"; classtype:trojan-activity; sid:37549061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain ec2-3-99-102-8.ca-central-1.compute.amazonaws.com"; dns.query; content:"ec2-3-99-102-8.ca-central-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-99\-102\-8\.ca\-central\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37549071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain ec2-3-99-102-8.ca-central-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-99-102-8.ca-central-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-99\-102\-8\.ca\-central\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 50.34.48.26 4444 (msg: "MISP e26671 [] Outgoing To IP: 50.34.48.26|4444"; classtype:trojan-activity; sid:37549081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 51.103.213.60 8080 (msg: "MISP e26671 [] Outgoing To IP: 51.103.213.60|8080"; classtype:trojan-activity; sid:37549091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 192.121.102.70 443 (msg: "MISP e26671 [] Outgoing To IP: 192.121.102.70|443"; classtype:trojan-activity; sid:37549101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 190.9.208.167 8081 (msg: "MISP e26671 [] Outgoing To IP: 190.9.208.167|8081"; classtype:trojan-activity; sid:37549111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 193.233.132.190 8081 (msg: "MISP e26671 [] Outgoing To IP: 193.233.132.190|8081"; classtype:trojan-activity; sid:37549121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 193.233.132.223 8081 (msg: "MISP e26671 [] Outgoing To IP: 193.233.132.223|8081"; classtype:trojan-activity; sid:37549131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain nv567.net"; dns.query; content:"nv567.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])nv567\.net$/i"; classtype:trojan-activity; sid:37549141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain nv567.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nv567.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nv567\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 176.123.169.239 80 (msg: "MISP e26671 [] Outgoing To IP: 176.123.169.239|80"; classtype:trojan-activity; sid:37549151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 94.156.67.40 80 (msg: "MISP e26671 [] Outgoing To IP: 94.156.67.40|80"; classtype:trojan-activity; sid:37549161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain evgenytchurakin3.fvds.ru"; dns.query; content:"evgenytchurakin3.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin3\.fvds\.ru$/i"; classtype:trojan-activity; sid:37549171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain evgenytchurakin3.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"evgenytchurakin3.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin3\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain kozak.timur.fvds.ru"; dns.query; content:"kozak.timur.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])kozak\.timur\.fvds\.ru$/i"; classtype:trojan-activity; sid:37549181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain kozak.timur.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kozak.timur.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kozak\.timur\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 46.149.77.191 80 (msg: "MISP e26671 [] Outgoing To IP: 46.149.77.191|80"; classtype:trojan-activity; sid:37549191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 37.46.132.116 80 (msg: "MISP e26671 [] Outgoing To IP: 37.46.132.116|80"; classtype:trojan-activity; sid:37549201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 91.92.240.49 80 (msg: "MISP e26671 [] Outgoing To IP: 91.92.240.49|80"; classtype:trojan-activity; sid:37549211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 178.62.237.92 7443 (msg: "MISP e26671 [] Outgoing To IP: 178.62.237.92|7443"; classtype:trojan-activity; sid:37549221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain trainlog.de"; dns.query; content:"trainlog.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])trainlog\.de$/i"; classtype:trojan-activity; sid:37549231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain trainlog.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trainlog.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trainlog\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 38.60.216.65 7443 (msg: "MISP e26671 [] Outgoing To IP: 38.60.216.65|7443"; classtype:trojan-activity; sid:37549241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain kitrknis.com"; dns.query; content:"kitrknis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kitrknis\.com$/i"; classtype:trojan-activity; sid:37549251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain kitrknis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kitrknis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kitrknis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 38.60.249.75 7443 (msg: "MISP e26671 [] Outgoing To IP: 38.60.249.75|7443"; classtype:trojan-activity; sid:37549261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 46.246.4.7 2000 (msg: "MISP e26671 [] Outgoing To IP: 46.246.4.7|2000"; classtype:trojan-activity; sid:37549271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 213.195.118.64 4001 (msg: "MISP e26671 [] Outgoing To IP: 213.195.118.64|4001"; classtype:trojan-activity; sid:37549281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 91.92.242.57 8008 (msg: "MISP e26671 [] Outgoing To IP: 91.92.242.57|8008"; classtype:trojan-activity; sid:37549291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 206.123.135.63 2020 (msg: "MISP e26671 [] Outgoing To IP: 206.123.135.63|2020"; classtype:trojan-activity; sid:37549301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 192.250.225.3 7000 (msg: "MISP e26671 [] Outgoing To IP: 192.250.225.3|7000"; classtype:trojan-activity; sid:37549311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 147.135.97.94 7707 (msg: "MISP e26671 [] Outgoing To IP: 147.135.97.94|7707"; classtype:trojan-activity; sid:37549321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 147.135.97.94 8808 (msg: "MISP e26671 [] Outgoing To IP: 147.135.97.94|8808"; classtype:trojan-activity; sid:37549331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 147.124.213.188 4444 (msg: "MISP e26671 [] Outgoing To IP: 147.124.213.188|4444"; classtype:trojan-activity; sid:37549341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 147.124.213.188 8008 (msg: "MISP e26671 [] Outgoing To IP: 147.124.213.188|8008"; classtype:trojan-activity; sid:37549351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 207.231.111.88 7707 (msg: "MISP e26671 [] Outgoing To IP: 207.231.111.88|7707"; classtype:trojan-activity; sid:37549361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 147.124.213.188 6006 (msg: "MISP e26671 [] Outgoing To IP: 147.124.213.188|6006"; classtype:trojan-activity; sid:37549371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 207.231.111.88 6606 (msg: "MISP e26671 [] Outgoing To IP: 207.231.111.88|6606"; classtype:trojan-activity; sid:37549381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 193.26.115.42 7707 (msg: "MISP e26671 [] Outgoing To IP: 193.26.115.42|7707"; classtype:trojan-activity; sid:37549391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 193.26.115.42 6606 (msg: "MISP e26671 [] Outgoing To IP: 193.26.115.42|6606"; classtype:trojan-activity; sid:37549401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 186.170.98.239 2404 (msg: "MISP e26671 [] Outgoing To IP: 186.170.98.239|2404"; classtype:trojan-activity; sid:37549411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 186.170.98.239 8888 (msg: "MISP e26671 [] Outgoing To IP: 186.170.98.239|8888"; classtype:trojan-activity; sid:37549421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 89.117.21.203 8808 (msg: "MISP e26671 [] Outgoing To IP: 89.117.21.203|8808"; classtype:trojan-activity; sid:37549431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 38.242.236.116 8808 (msg: "MISP e26671 [] Outgoing To IP: 38.242.236.116|8808"; classtype:trojan-activity; sid:37549441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 34.176.21.185 8808 (msg: "MISP e26671 [] Outgoing To IP: 34.176.21.185|8808"; classtype:trojan-activity; sid:37549451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 186.112.207.226 8888 (msg: "MISP e26671 [] Outgoing To IP: 186.112.207.226|8888"; classtype:trojan-activity; sid:37549461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 186.112.207.226 2404 (msg: "MISP e26671 [] Outgoing To IP: 186.112.207.226|2404"; classtype:trojan-activity; sid:37549471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 207.32.217.170 2004 (msg: "MISP e26671 [] Outgoing To IP: 207.32.217.170|2004"; classtype:trojan-activity; sid:37549481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 172.94.111.213 8888 (msg: "MISP e26671 [] Outgoing To IP: 172.94.111.213|8888"; classtype:trojan-activity; sid:37549491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 136.243.179.5 8888 (msg: "MISP e26671 [] Outgoing To IP: 136.243.179.5|8888"; classtype:trojan-activity; sid:37549501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 88.214.59.174 9090 (msg: "MISP e26671 [] Outgoing To IP: 88.214.59.174|9090"; classtype:trojan-activity; sid:37549511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 204.12.229.169 5600 (msg: "MISP e26671 [] Outgoing To IP: 204.12.229.169|5600"; classtype:trojan-activity; sid:37549521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 123.249.35.1 8888 (msg: "MISP e26671 [] Outgoing To IP: 123.249.35.1|8888"; classtype:trojan-activity; sid:37549531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 43.229.115.108 8888 (msg: "MISP e26671 [] Outgoing To IP: 43.229.115.108|8888"; classtype:trojan-activity; sid:37549541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 50.78.185.152 443 (msg: "MISP e26671 [] Outgoing To IP: 50.78.185.152|443"; classtype:trojan-activity; sid:37549551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 143.198.214.96 31337 (msg: "MISP e26671 [] Outgoing To IP: 143.198.214.96|31337"; classtype:trojan-activity; sid:37549561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 34.162.114.31 443 (msg: "MISP e26671 [] Outgoing To IP: 34.162.114.31|443"; classtype:trojan-activity; sid:37549571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 20.115.68.15 443 (msg: "MISP e26671 [] Outgoing To IP: 20.115.68.15|443"; classtype:trojan-activity; sid:37549581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 98.71.17.145 443 (msg: "MISP e26671 [] Outgoing To IP: 98.71.17.145|443"; classtype:trojan-activity; sid:37549591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 175.178.103.238 4444 (msg: "MISP e26671 [] Outgoing To IP: 175.178.103.238|4444"; classtype:trojan-activity; sid:37549601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 8.219.54.123 5060 (msg: "MISP e26671 [] Outgoing To IP: 8.219.54.123|5060"; classtype:trojan-activity; sid:37549611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 8.219.54.123 80 (msg: "MISP e26671 [] Outgoing To IP: 8.219.54.123|80"; classtype:trojan-activity; sid:37549621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 47.101.181.195 80 (msg: "MISP e26671 [] Outgoing To IP: 47.101.181.195|80"; classtype:trojan-activity; sid:37549631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 101.201.81.175 8888 (msg: "MISP e26671 [] Outgoing To IP: 101.201.81.175|8888"; classtype:trojan-activity; sid:37549641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 43.143.169.86 443 (msg: "MISP e26671 [] Outgoing To IP: 43.143.169.86|443"; classtype:trojan-activity; sid:37549651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 47.115.206.4 53080 (msg: "MISP e26671 [] Outgoing To IP: 47.115.206.4|53080"; classtype:trojan-activity; sid:37549661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 150.107.201.170 443 (msg: "MISP e26671 [] Outgoing To IP: 150.107.201.170|443"; classtype:trojan-activity; sid:37549671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 150.107.201.170 80 (msg: "MISP e26671 [] Outgoing To IP: 150.107.201.170|80"; classtype:trojan-activity; sid:37549681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 152.136.55.237 8088 (msg: "MISP e26671 [] Outgoing To IP: 152.136.55.237|8088"; classtype:trojan-activity; sid:37549691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 154.12.29.22 80 (msg: "MISP e26671 [] Outgoing To IP: 154.12.29.22|80"; classtype:trojan-activity; sid:37549701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 206.237.7.51 6000 (msg: "MISP e26671 [] Outgoing To IP: 206.237.7.51|6000"; classtype:trojan-activity; sid:37549711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 47.108.145.250 8080 (msg: "MISP e26671 [] Outgoing To IP: 47.108.145.250|8080"; classtype:trojan-activity; sid:37549721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 47.92.80.115 80 (msg: "MISP e26671 [] Outgoing To IP: 47.92.80.115|80"; classtype:trojan-activity; sid:37549731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 34.168.39.155 443 (msg: "MISP e26671 [] Outgoing To IP: 34.168.39.155|443"; classtype:trojan-activity; sid:37549741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 45.95.174.47 2053 (msg: "MISP e26671 [] Outgoing To IP: 45.95.174.47|2053"; classtype:trojan-activity; sid:37549751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 123.60.60.29 8001 (msg: "MISP e26671 [] Outgoing To IP: 123.60.60.29|8001"; classtype:trojan-activity; sid:37549761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 42.193.16.213 9981 (msg: "MISP e26671 [] Outgoing To IP: 42.193.16.213|9981"; classtype:trojan-activity; sid:37549771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 5.78.103.127 443 (msg: "MISP e26671 [] Outgoing To IP: 5.78.103.127|443"; classtype:trojan-activity; sid:37549781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 103.146.179.104 443 (msg: "MISP e26671 [] Outgoing To IP: 103.146.179.104|443"; classtype:trojan-activity; sid:37549791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 93.177.75.125 12121 (msg: "MISP e26671 [] Outgoing To IP: 93.177.75.125|12121"; classtype:trojan-activity; sid:37549801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 8.130.130.59 8080 (msg: "MISP e26671 [] Outgoing To IP: 8.130.130.59|8080"; classtype:trojan-activity; sid:37549811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 124.221.133.199 33891 (msg: "MISP e26671 [] Outgoing To IP: 124.221.133.199|33891"; classtype:trojan-activity; sid:37549821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 109.205.61.95 8080 (msg: "MISP e26671 [] Outgoing To IP: 109.205.61.95|8080"; classtype:trojan-activity; sid:37549831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 115.159.195.80 1234 (msg: "MISP e26671 [] Outgoing To IP: 115.159.195.80|1234"; classtype:trojan-activity; sid:37549841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 152.42.134.17 4433 (msg: "MISP e26671 [] Outgoing To IP: 152.42.134.17|4433"; classtype:trojan-activity; sid:37549851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 43.135.34.148 17843 (msg: "MISP e26671 [] Outgoing To IP: 43.135.34.148|17843"; classtype:trojan-activity; sid:37549861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain blissful-jackson.216-238-76-219.plesk.page"; dns.query; content:"blissful-jackson.216-238-76-219.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])blissful\-jackson\.216\-238\-76\-219\.plesk\.page$/i"; classtype:trojan-activity; sid:37549871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain blissful-jackson.216-238-76-219.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blissful-jackson.216-238-76-219.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blissful\-jackson\.216\-238\-76\-219\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain 155.39.168.34.bc.googleusercontent.com"; dns.query; content:"155.39.168.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])155\.39\.168\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37549881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain 155.39.168.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"155.39.168.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])155\.39\.168\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain static.86.70.78.5.clients.your-server.de"; dns.query; content:"static.86.70.78.5.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.86\.70\.78\.5\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37549891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain static.86.70.78.5.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.86.70.78.5.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.86\.70\.78\.5\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain ecs-123-60-57-13.compute.hwclouds-dns.com"; dns.query; content:"ecs-123-60-57-13.compute.hwclouds-dns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-123\-60\-57\-13\.compute\.hwclouds\-dns\.com$/i"; classtype:trojan-activity; sid:37549901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain ecs-123-60-57-13.compute.hwclouds-dns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecs-123-60-57-13.compute.hwclouds-dns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-123\-60\-57\-13\.compute\.hwclouds\-dns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain ninhobaby.com.br"; dns.query; content:"ninhobaby.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])ninhobaby\.com\.br$/i"; classtype:trojan-activity; sid:37549911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain ninhobaby.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ninhobaby.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ninhobaby\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain software.dth.wtf"; dns.query; content:"software.dth.wtf"; nocase; pcre: "/(^|[^A-Za-z0-9-])software\.dth\.wtf$/i"; classtype:trojan-activity; sid:37549921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain software.dth.wtf"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"software.dth.wtf"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])software\.dth\.wtf[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37549922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 89.117.23.34 5938 (msg: "MISP e26686 [] Outgoing To IP: 89.117.23.34|5938"; classtype:trojan-activity; sid:37512521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 89.117.23.185 2221 (msg: "MISP e26686 [] Outgoing To IP: 89.117.23.185|2221"; classtype:trojan-activity; sid:37512531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 57.128.165.176 13721 (msg: "MISP e26686 [] Outgoing To IP: 57.128.165.176|13721"; classtype:trojan-activity; sid:37512541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 141.95.106.106 2967 (msg: "MISP e26686 [] Outgoing To IP: 141.95.106.106|2967"; classtype:trojan-activity; sid:37512551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 154.12.248.41 5000 (msg: "MISP e26686 [] Outgoing To IP: 154.12.248.41|5000"; classtype:trojan-activity; sid:37512561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 145.239.135.24 5243 (msg: "MISP e26686 [] Outgoing To IP: 145.239.135.24|5243"; classtype:trojan-activity; sid:37512571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 89.117.23.186 5632 (msg: "MISP e26686 [] Outgoing To IP: 89.117.23.186|5632"; classtype:trojan-activity; sid:37512581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 148.113.141.220 2224 (msg: "MISP e26686 [] Outgoing To IP: 148.113.141.220|2224"; classtype:trojan-activity; sid:37512591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 154.38.175.241 13721 (msg: "MISP e26686 [] Outgoing To IP: 154.38.175.241|13721"; classtype:trojan-activity; sid:37512601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 109.199.99.131 13721 (msg: "MISP e26686 [] Outgoing To IP: 109.199.99.131|13721"; classtype:trojan-activity; sid:37512611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 154.12.233.66 2224 (msg: "MISP e26686 [] Outgoing To IP: 154.12.233.66|2224"; classtype:trojan-activity; sid:37512621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26576 [] Source Email Address: burak@liderprzeprowazki.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"burak@liderprzeprowazki.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37480161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26576;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26576 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"202402151104060855010826.7z|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37480181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26576;) alert ip $HOME_NET any -> 57.128.165.176 13721 (msg: "MISP e26671 [] Outgoing To IP: 57.128.165.176|13721"; classtype:trojan-activity; sid:37549931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 141.95.106.106 2967 (msg: "MISP e26671 [] Outgoing To IP: 141.95.106.106|2967"; classtype:trojan-activity; sid:37549941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 154.12.248.41 5000 (msg: "MISP e26671 [] Outgoing To IP: 154.12.248.41|5000"; classtype:trojan-activity; sid:37549951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 145.239.135.24 5243 (msg: "MISP e26671 [] Outgoing To IP: 145.239.135.24|5243"; classtype:trojan-activity; sid:37549961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 89.117.23.186 5632 (msg: "MISP e26671 [] Outgoing To IP: 89.117.23.186|5632"; classtype:trojan-activity; sid:37549971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 148.113.141.220 2224 (msg: "MISP e26671 [] Outgoing To IP: 148.113.141.220|2224"; classtype:trojan-activity; sid:37549981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 154.38.175.241 13721 (msg: "MISP e26671 [] Outgoing To IP: 154.38.175.241|13721"; classtype:trojan-activity; sid:37549991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 109.199.99.131 13721 (msg: "MISP e26671 [] Outgoing To IP: 109.199.99.131|13721"; classtype:trojan-activity; sid:37550001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 154.12.233.66 2224 (msg: "MISP e26671 [] Outgoing To IP: 154.12.233.66|2224"; classtype:trojan-activity; sid:37550011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 89.117.23.34 5938 (msg: "MISP e26671 [] Outgoing To IP: 89.117.23.34|5938"; classtype:trojan-activity; sid:37550021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 89.117.23.185 2221 (msg: "MISP e26671 [] Outgoing To IP: 89.117.23.185|2221"; classtype:trojan-activity; sid:37550031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.19.130.43 19346 (msg: "MISP e26671 [] Outgoing To IP: 3.19.130.43|19346"; classtype:trojan-activity; sid:37550041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.142.167.54 19346 (msg: "MISP e26671 [] Outgoing To IP: 3.142.167.54|19346"; classtype:trojan-activity; sid:37550051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.142.167.4 19346 (msg: "MISP e26671 [] Outgoing To IP: 3.142.167.4|19346"; classtype:trojan-activity; sid:37550061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26533 [] Domain mi-tarjetacencosudcll.bhojpuriacademy.org"; dns.query; content:"mi-tarjetacencosudcll.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosudcll\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37465941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26533;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26533 [] Outgoing HTTP Domain mi-tarjetacencosudcll.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosudcll.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosudcll\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37465942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26533;) alert ip $HOME_NET any -> 3.142.167.4 19346 (msg: "MISP e26686 [njrat,RAT] Outgoing To IP: 3.142.167.4|19346"; classtype:trojan-activity; sid:37512641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 3.19.130.43 19346 (msg: "MISP e26686 [njrat,RAT] Outgoing To IP: 3.19.130.43|19346"; classtype:trojan-activity; sid:37512651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 3.142.167.54 19346 (msg: "MISP e26686 [njrat,RAT] Outgoing To IP: 3.142.167.54|19346"; classtype:trojan-activity; sid:37512631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26765 [] Domain my-omniva.com"; dns.query; content:"my-omniva.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-omniva\.com$/i"; classtype:trojan-activity; sid:37539871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26765;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26765 [] Outgoing HTTP Domain my-omniva.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"my-omniva.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-omniva\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26765;) alert ip $HOME_NET any -> 205.234.200.26 44188 (msg: "MISP e26686 [ConnectBack] Outgoing To IP: 205.234.200.26|44188"; classtype:trojan-activity; sid:37512661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26795 [] Domain my.net-acc.com"; dns.query; content:"my.net-acc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])my\.net\-acc\.com$/i"; classtype:trojan-activity; sid:37547061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26795;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26795 [] Outgoing HTTP Domain my.net-acc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"my.net-acc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])my\.net\-acc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26795;) alert dns any any -> any any (msg: "MISP e26686 [BillGates] Domain syn.xsvi.cc"; dns.query; content:"syn.xsvi.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])syn\.xsvi\.cc$/i"; classtype:trojan-activity; sid:37512671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [BillGates] Outgoing HTTP Domain syn.xsvi.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"syn.xsvi.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])syn\.xsvi\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37512672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 205.234.200.26 44188 (msg: "MISP e26671 [] Outgoing To IP: 205.234.200.26|44188"; classtype:trojan-activity; sid:37550071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 198.98.56.144 6001 (msg: "MISP e26686 [BillGates,MrBlack] Outgoing To IP: 198.98.56.144|6001"; classtype:trojan-activity; sid:37512681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [BillGates] Domain 02maill.com"; dns.query; content:"02maill.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])02maill\.com$/i"; classtype:trojan-activity; sid:37512691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [BillGates] Outgoing HTTP Domain 02maill.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"02maill.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])02maill\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37512692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26686 [BillGates] Domain syn.02maill.com"; dns.query; content:"syn.02maill.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])syn\.02maill\.com$/i"; classtype:trojan-activity; sid:37512701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [BillGates] Outgoing HTTP Domain syn.02maill.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"syn.02maill.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])syn\.02maill\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37512702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26671 [] Domain 02maill.com"; dns.query; content:"02maill.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])02maill\.com$/i"; classtype:trojan-activity; sid:37550081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain 02maill.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"02maill.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])02maill\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain syn.02maill.com"; dns.query; content:"syn.02maill.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])syn\.02maill\.com$/i"; classtype:trojan-activity; sid:37550091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain syn.02maill.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"syn.02maill.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])syn\.02maill\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 198.98.56.144 6001 (msg: "MISP e26671 [] Outgoing To IP: 198.98.56.144|6001"; classtype:trojan-activity; sid:37550101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain syn.xsvi.cc"; dns.query; content:"syn.xsvi.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])syn\.xsvi\.cc$/i"; classtype:trojan-activity; sid:37550111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain syn.xsvi.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"syn.xsvi.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])syn\.xsvi\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26774 [] Hostname tuc.uentapersonal.com"; dns.query; content:"tuc.uentapersonal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tuc\.uentapersonal\.com$/i"; classtype:trojan-activity; sid:37540881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26774;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26774 [] Outgoing HTTP Hostname tuc.uentapersonal.com"; flow:to_server,established; http.header; content: "Host|3a| tuc.uentapersonal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tuc\.uentapersonal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37540882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26774;) alert dns any any -> any any (msg: "MISP e26771 [] Domain pub-f881673bdca94f08abbd51639e988b6c.r2.dev"; dns.query; content:"pub-f881673bdca94f08abbd51639e988b6c.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-f881673bdca94f08abbd51639e988b6c\.r2\.dev$/i"; classtype:trojan-activity; sid:37540781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26771;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26771 [] Outgoing HTTP Domain pub-f881673bdca94f08abbd51639e988b6c.r2.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pub-f881673bdca94f08abbd51639e988b6c.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-f881673bdca94f08abbd51639e988b6c\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37540782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26771;) alert dns any any -> any any (msg: "MISP e26784 [] Domain bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4.ipfs.cf-ipfs.com"; dns.query; content:"bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37545841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26784;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26784 [] Outgoing HTTP Domain bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bafybeifub3lemdpq74ix36k5qs6yaueinx2rmq56xsexxyidnbqmhzq6y4\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37545842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26784;) alert dns any any -> any any (msg: "MISP e26793 [] Domain bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34.ipfs.cf-ipfs.com"; dns.query; content:"bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37546951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26793;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26793 [] Outgoing HTTP Domain bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bafybeihzugap335h3nnkjfiq3zvisrsjuurjuds3vcenihazxqaktmcr34\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37546952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26793;) alert dns any any -> any any (msg: "MISP e26769 [] Domain planmyhealth.in"; dns.query; content:"planmyhealth.in"; nocase; pcre: "/(^|[^A-Za-z0-9-])planmyhealth\.in$/i"; classtype:trojan-activity; sid:37540721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26769;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26769 [] Outgoing HTTP Domain planmyhealth.in"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"planmyhealth.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])planmyhealth\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37540722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26769;) alert dns any any -> any any (msg: "MISP e26754 [] Domain vmi.lt-dekleracija-e.net"; dns.query; content:"vmi.lt-dekleracija-e.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net$/i"; classtype:trojan-activity; sid:37539141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26754;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26754 [] Outgoing HTTP Domain vmi.lt-dekleracija-e.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija-e.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26754;) alert http $HOME_NET any -> 107.173.4.5 $HTTP_PORTS (msg: "MISP e26759 [] Outgoing URL http|3a|//107.173.4.5/sweetpotattolikebabiesareusingballonforudationofnewverygoodupdatesfromthepcfornewsureupdatemakefasterp.doC"; flow:to_server,established; http.header; content:"107.173.4.5"; fast_pattern; nocase; http.uri; content:"/sweetpotattolikebabiesareusingballonforudationofnewverygoodupdatesfromthepcfornewsureupdatemakefasterp.doC"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37539301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26759;) alert dns any any -> any any (msg: "MISP e26747 [] Domain vmi.lt-dekleracija-e.net"; dns.query; content:"vmi.lt-dekleracija-e.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net$/i"; classtype:trojan-activity; sid:37538871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26747;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26747 [] Outgoing HTTP Domain vmi.lt-dekleracija-e.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi.lt-dekleracija-e.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\.lt\-dekleracija\-e\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37538872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26747;) alert dns any any -> any any (msg: "MISP e26781 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37545761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26781;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26781 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37545762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26781;) alert dns any any -> any any (msg: "MISP e26764 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37539831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26764;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26764 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26764;) alert http $HOME_NET any -> 107.173.4.5 $HTTP_PORTS (msg: "MISP e26759 [] Outgoing URL http|3a|//107.173.4.5/caliallalala.vbs"; flow:to_server,established; http.header; content:"107.173.4.5"; fast_pattern; nocase; http.uri; content:"/caliallalala.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37539311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26759;) alert dns any any -> any any (msg: "MISP e26798 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37547121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26798;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26798 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37547122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26798;) alert dns any any -> any any (msg: "MISP e26732 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37534811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26732 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37534812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26732;) alert dns any any -> any any (msg: "MISP e26752 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37539091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26752;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26752 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26752;) alert ip $HOME_NET any -> 46.246.80.3 1994 (msg: "MISP e26686 [njrat] Outgoing To IP: 46.246.80.3|1994"; classtype:trojan-activity; sid:37512711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26763 [] Domain e-teismai.lt-paslauga.net"; dns.query; content:"e-teismai.lt-paslauga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net$/i"; classtype:trojan-activity; sid:37539801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26763;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26763 [] Outgoing HTTP Domain e-teismai.lt-paslauga.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-teismai.lt-paslauga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-teismai\.lt\-paslauga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26763;) alert ip $HOME_NET any -> 46.246.80.3 1994 (msg: "MISP e26671 [] Outgoing To IP: 46.246.80.3|1994"; classtype:trojan-activity; sid:37550121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> 107.173.4.5 $HTTP_PORTS (msg: "MISP e26759 [] Outgoing URL http|3a|//107.173.4.5/stopluokinf.txt"; flow:to_server,established; http.header; content:"107.173.4.5"; fast_pattern; nocase; http.uri; content:"/stopluokinf.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37539341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26759;) alert dns any any -> any any (msg: "MISP e26759 [] Domain ftp.elquijotebanquetes.com"; dns.query; content:"ftp.elquijotebanquetes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.elquijotebanquetes\.com$/i"; classtype:trojan-activity; sid:37539351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26759;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26759 [] Outgoing HTTP Domain ftp.elquijotebanquetes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ftp.elquijotebanquetes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.elquijotebanquetes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26759;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26759 [] Source Email Address: mojovagina@elquijotebanquetes.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"mojovagina@elquijotebanquetes.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37539361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26759;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26759 [] Destination Email Address: mojovagina@elquijotebanquetes.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"mojovagina@elquijotebanquetes.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37539362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26759;) alert dns any any -> any any (msg: "MISP e26573 [] Domain personas.milab.digital"; dns.query; content:"personas.milab.digital"; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital$/i"; classtype:trojan-activity; sid:37479291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26573;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26573 [] Outgoing HTTP Domain personas.milab.digital"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"personas.milab.digital"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37479292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26573;) alert ip 212.83.143.142 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.83.143.142"; classtype:trojan-activity; sid:37541031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 139.59.69.141 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.69.141"; classtype:trojan-activity; sid:37541041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.138.54.218 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.54.218"; classtype:trojan-activity; sid:37541051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 68.178.200.48 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.178.200.48"; classtype:trojan-activity; sid:37541061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 119.96.168.33 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.168.33"; classtype:trojan-activity; sid:37541071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 2.57.122.244 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.57.122.244"; classtype:trojan-activity; sid:37541081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 122.152.229.216 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.152.229.216"; classtype:trojan-activity; sid:37541091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 101.33.79.22 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.79.22"; classtype:trojan-activity; sid:37541101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 49.51.230.79 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.230.79"; classtype:trojan-activity; sid:37541111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 101.126.46.131 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.46.131"; classtype:trojan-activity; sid:37541121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.157.45.223 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.45.223"; classtype:trojan-activity; sid:37541131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.155.157.14 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.157.14"; classtype:trojan-activity; sid:37541141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 154.8.199.251 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.8.199.251"; classtype:trojan-activity; sid:37541151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 118.193.62.104 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.62.104"; classtype:trojan-activity; sid:37541161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.197.63 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.197.63"; classtype:trojan-activity; sid:37541171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.192.241 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.192.241"; classtype:trojan-activity; sid:37541181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 1.162.199.173 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.162.199.173"; classtype:trojan-activity; sid:37541191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 1.169.65.128 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.169.65.128"; classtype:trojan-activity; sid:37541201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 170.106.137.49 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.137.49"; classtype:trojan-activity; sid:37541211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.122.31.214 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.122.31.214"; classtype:trojan-activity; sid:37541221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.93.206 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.93.206"; classtype:trojan-activity; sid:37541231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 49.234.36.92 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.36.92"; classtype:trojan-activity; sid:37541241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 129.226.214.12 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.214.12"; classtype:trojan-activity; sid:37541251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.128.73.126 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.73.126"; classtype:trojan-activity; sid:37541261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.69.110 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.69.110"; classtype:trojan-activity; sid:37541271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.133.67.85 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.67.85"; classtype:trojan-activity; sid:37541281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 114.224.55.220 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.224.55.220"; classtype:trojan-activity; sid:37541291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 107.172.201.253 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.201.253"; classtype:trojan-activity; sid:37541301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 170.106.116.42 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.116.42"; classtype:trojan-activity; sid:37541311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 8.218.37.227 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.218.37.227"; classtype:trojan-activity; sid:37541321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 186.210.207.46 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.210.207.46"; classtype:trojan-activity; sid:37541331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.25.56.48 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.25.56.48"; classtype:trojan-activity; sid:37541341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip $HOME_NET any -> 147.185.221.18 35017 (msg: "MISP e26671 [] Outgoing To IP: 147.185.221.18|35017"; classtype:trojan-activity; sid:37550131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain content-royal.gl.at.ply.gg"; dns.query; content:"content-royal.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])content\-royal\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37550141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain content-royal.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"content-royal.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])content\-royal\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.125.209.94 10540 (msg: "MISP e26671 [] Outgoing To IP: 3.125.209.94|10540"; classtype:trojan-activity; sid:37550151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 18.158.249.75 10540 (msg: "MISP e26671 [] Outgoing To IP: 18.158.249.75|10540"; classtype:trojan-activity; sid:37550161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip 51.81.174.84 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.81.174.84"; classtype:trojan-activity; sid:37541351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 198.46.235.107 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.46.235.107"; classtype:trojan-activity; sid:37541361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 124.156.213.51 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.213.51"; classtype:trojan-activity; sid:37541371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.244.80.196 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.244.80.196"; classtype:trojan-activity; sid:37541381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 4.224.28.240 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 4.224.28.240"; classtype:trojan-activity; sid:37541391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.25.193 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.25.193"; classtype:trojan-activity; sid:37541401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 150.109.22.32 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.22.32"; classtype:trojan-activity; sid:37541411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.196.254 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.196.254"; classtype:trojan-activity; sid:37541421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 111.230.210.40 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.210.40"; classtype:trojan-activity; sid:37541431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.128.135.176 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.135.176"; classtype:trojan-activity; sid:37541441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 117.161.75.117 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.161.75.117"; classtype:trojan-activity; sid:37541451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 45.147.99.136 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.147.99.136"; classtype:trojan-activity; sid:37541461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.155.172.236 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.172.236"; classtype:trojan-activity; sid:37541471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.56.148.178 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.56.148.178"; classtype:trojan-activity; sid:37541481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 111.230.51.188 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.51.188"; classtype:trojan-activity; sid:37541491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.79.213 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.79.213"; classtype:trojan-activity; sid:37541501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 85.111.16.189 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.111.16.189"; classtype:trojan-activity; sid:37541511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.170.29 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.170.29"; classtype:trojan-activity; sid:37541521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.157.108.32 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.108.32"; classtype:trojan-activity; sid:37541531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.95.40 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.95.40"; classtype:trojan-activity; sid:37541541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.186.196 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.186.196"; classtype:trojan-activity; sid:37541551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 101.126.70.12 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.70.12"; classtype:trojan-activity; sid:37541561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 110.42.196.156 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.196.156"; classtype:trojan-activity; sid:37541571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.133.22.168 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.22.168"; classtype:trojan-activity; sid:37541581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.131.61.31 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.61.31"; classtype:trojan-activity; sid:37541591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 132.232.171.23 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.232.171.23"; classtype:trojan-activity; sid:37541601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.44.194 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.44.194"; classtype:trojan-activity; sid:37541611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.1.36 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.1.36"; classtype:trojan-activity; sid:37541621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.138.200.228 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.200.228"; classtype:trojan-activity; sid:37541631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.91.136.18 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.91.136.18"; classtype:trojan-activity; sid:37541641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 167.71.44.206 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.44.206"; classtype:trojan-activity; sid:37541651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.61.120 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.61.120"; classtype:trojan-activity; sid:37541661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.56.187 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.56.187"; classtype:trojan-activity; sid:37541671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 164.92.216.107 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.216.107"; classtype:trojan-activity; sid:37541681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.75.121 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.75.121"; classtype:trojan-activity; sid:37541691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 198.46.235.64 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.46.235.64"; classtype:trojan-activity; sid:37541701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.133.64.242 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.64.242"; classtype:trojan-activity; sid:37541711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.162.117 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.162.117"; classtype:trojan-activity; sid:37541721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 165.232.161.223 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.161.223"; classtype:trojan-activity; sid:37541731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 121.225.81.69 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.225.81.69"; classtype:trojan-activity; sid:37541741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 107.174.252.17 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.252.17"; classtype:trojan-activity; sid:37541751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.182.204 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.182.204"; classtype:trojan-activity; sid:37541761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.180.201 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.180.201"; classtype:trojan-activity; sid:37541771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 119.188.171.173 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.188.171.173"; classtype:trojan-activity; sid:37541781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 49.232.156.121 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.156.121"; classtype:trojan-activity; sid:37541791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 116.105.217.251 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.105.217.251"; classtype:trojan-activity; sid:37541801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 124.156.207.142 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.207.142"; classtype:trojan-activity; sid:37541811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 20.115.45.153 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.115.45.153"; classtype:trojan-activity; sid:37541821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.113.116 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.113.116"; classtype:trojan-activity; sid:37541831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 211.159.172.68 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.159.172.68"; classtype:trojan-activity; sid:37541841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 213.226.124.251 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.226.124.251"; classtype:trojan-activity; sid:37541851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.167.81 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.167.81"; classtype:trojan-activity; sid:37541861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 107.172.157.203 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.157.203"; classtype:trojan-activity; sid:37541871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.157.82.142 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.82.142"; classtype:trojan-activity; sid:37541881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 148.135.12.30 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.135.12.30"; classtype:trojan-activity; sid:37541891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 150.109.245.90 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.245.90"; classtype:trojan-activity; sid:37541901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.221.169 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.221.169"; classtype:trojan-activity; sid:37541911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 78.108.188.12 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.108.188.12"; classtype:trojan-activity; sid:37541921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 45.154.89.252 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.154.89.252"; classtype:trojan-activity; sid:37541931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.37.197 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.37.197"; classtype:trojan-activity; sid:37541941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 45.120.115.150 any -> $HOME_NET any (msg: "MISP e26777 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 45.120.115.150"; classtype:trojan-activity; sid:37541951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 83.6.140.225 any -> $HOME_NET any (msg: "MISP e26777 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 83.6.140.225"; classtype:trojan-activity; sid:37541961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.159.60.88 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.60.88"; classtype:trojan-activity; sid:37541971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 76.11.100.129 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.11.100.129"; classtype:trojan-activity; sid:37541981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.135.161.42 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.161.42"; classtype:trojan-activity; sid:37541991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.131.254.59 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.254.59"; classtype:trojan-activity; sid:37542001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 150.109.25.47 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.25.47"; classtype:trojan-activity; sid:37542011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 14.103.34.64 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.34.64"; classtype:trojan-activity; sid:37542021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 23.94.212.33 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.212.33"; classtype:trojan-activity; sid:37542031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 91.228.236.12 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.228.236.12"; classtype:trojan-activity; sid:37542041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.201.224 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.201.224"; classtype:trojan-activity; sid:37542051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 150.109.198.66 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.198.66"; classtype:trojan-activity; sid:37542061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 86.191.84.161 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.191.84.161"; classtype:trojan-activity; sid:37542071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 45.180.136.12 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.180.136.12"; classtype:trojan-activity; sid:37542081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 150.138.113.196 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.138.113.196"; classtype:trojan-activity; sid:37542091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 124.156.194.121 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.194.121"; classtype:trojan-activity; sid:37542101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.133.75.114 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.75.114"; classtype:trojan-activity; sid:37542111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 179.0.109.36 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.0.109.36"; classtype:trojan-activity; sid:37542121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 101.32.128.185 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.128.185"; classtype:trojan-activity; sid:37542131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 192.210.213.19 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.210.213.19"; classtype:trojan-activity; sid:37542141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 125.41.182.238 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.41.182.238"; classtype:trojan-activity; sid:37542151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.133.218.84 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.218.84"; classtype:trojan-activity; sid:37542161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.232.30 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.232.30"; classtype:trojan-activity; sid:37542171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.133.218 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.133.218"; classtype:trojan-activity; sid:37542181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.128.86.22 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.86.22"; classtype:trojan-activity; sid:37542191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 183.150.182.144 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.150.182.144"; classtype:trojan-activity; sid:37542201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.248.128.139 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.248.128.139"; classtype:trojan-activity; sid:37542211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 107.173.147.112 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.147.112"; classtype:trojan-activity; sid:37542221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.110.186 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.110.186"; classtype:trojan-activity; sid:37542231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 124.126.103.153 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.126.103.153"; classtype:trojan-activity; sid:37542241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 38.83.108.10 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.83.108.10"; classtype:trojan-activity; sid:37542251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 98.248.158.158 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 98.248.158.158"; classtype:trojan-activity; sid:37542261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 175.178.191.244 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.191.244"; classtype:trojan-activity; sid:37542271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.130.48.32 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.48.32"; classtype:trojan-activity; sid:37542281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 89.41.182.116 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.41.182.116"; classtype:trojan-activity; sid:37542291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.83.61 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.83.61"; classtype:trojan-activity; sid:37542301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 51.38.214.180 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.38.214.180"; classtype:trojan-activity; sid:37542311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.63.2 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.63.2"; classtype:trojan-activity; sid:37542321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 212.64.29.26 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.64.29.26"; classtype:trojan-activity; sid:37542331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.3.238 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.3.238"; classtype:trojan-activity; sid:37542341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 120.71.9.52 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.71.9.52"; classtype:trojan-activity; sid:37542351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 185.148.13.227 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.148.13.227"; classtype:trojan-activity; sid:37542361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 202.157.189.159 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.189.159"; classtype:trojan-activity; sid:37542371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.21.6 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.21.6"; classtype:trojan-activity; sid:37542381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.224.98 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.224.98"; classtype:trojan-activity; sid:37542391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 61.87.161.186 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.87.161.186"; classtype:trojan-activity; sid:37542401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 114.132.84.61 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.84.61"; classtype:trojan-activity; sid:37542411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 175.136.210.83 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.136.210.83"; classtype:trojan-activity; sid:37542421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 13.60.13.159 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.60.13.159"; classtype:trojan-activity; sid:37542431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.14.20 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.14.20"; classtype:trojan-activity; sid:37542441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 221.239.103.213 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.239.103.213"; classtype:trojan-activity; sid:37542451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.122.179 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.122.179"; classtype:trojan-activity; sid:37542461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.220.28 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.220.28"; classtype:trojan-activity; sid:37542471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 123.52.26.77 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.52.26.77"; classtype:trojan-activity; sid:37542481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.135.133.8 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.133.8"; classtype:trojan-activity; sid:37542491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 74.48.175.139 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.175.139"; classtype:trojan-activity; sid:37542501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.157.67.23 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.67.23"; classtype:trojan-activity; sid:37542511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 84.252.143.77 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.252.143.77"; classtype:trojan-activity; sid:37542521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.157.97.61 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.97.61"; classtype:trojan-activity; sid:37542531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 208.65.84.32 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.65.84.32"; classtype:trojan-activity; sid:37542541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.222.137 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.222.137"; classtype:trojan-activity; sid:37542551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 162.62.126.11 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.126.11"; classtype:trojan-activity; sid:37542561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 1.164.111.182 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.164.111.182"; classtype:trojan-activity; sid:37542571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 46.28.24.69 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.28.24.69"; classtype:trojan-activity; sid:37542581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 124.221.188.239 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.188.239"; classtype:trojan-activity; sid:37542591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 150.109.7.125 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.7.125"; classtype:trojan-activity; sid:37542601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.62.96 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.62.96"; classtype:trojan-activity; sid:37542611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 185.126.11.6 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.126.11.6"; classtype:trojan-activity; sid:37542621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 124.156.223.57 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.223.57"; classtype:trojan-activity; sid:37542631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.139.195.181 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.195.181"; classtype:trojan-activity; sid:37542641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.195.237 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.195.237"; classtype:trojan-activity; sid:37542651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 61.240.213.169 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.240.213.169"; classtype:trojan-activity; sid:37542661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.212.28 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.212.28"; classtype:trojan-activity; sid:37542671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.133.57.239 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.57.239"; classtype:trojan-activity; sid:37542681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 144.172.83.85 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.172.83.85"; classtype:trojan-activity; sid:37542691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 162.14.74.121 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.74.121"; classtype:trojan-activity; sid:37542701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 170.106.65.35 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.65.35"; classtype:trojan-activity; sid:37542711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 23.94.43.59 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.43.59"; classtype:trojan-activity; sid:37542721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.130.246.13 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.246.13"; classtype:trojan-activity; sid:37542731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.173.89 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.173.89"; classtype:trojan-activity; sid:37542741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.218.148 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.218.148"; classtype:trojan-activity; sid:37542751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.111.124 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.111.124"; classtype:trojan-activity; sid:37542761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 101.126.64.205 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.64.205"; classtype:trojan-activity; sid:37542771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 122.114.74.53 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.74.53"; classtype:trojan-activity; sid:37542781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.128.106.219 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.106.219"; classtype:trojan-activity; sid:37542791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 128.254.225.63 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.254.225.63"; classtype:trojan-activity; sid:37542801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.236.150 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.236.150"; classtype:trojan-activity; sid:37542811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.155.175.81 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.175.81"; classtype:trojan-activity; sid:37542821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.211.93 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.211.93"; classtype:trojan-activity; sid:37542831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 104.28.248.129 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.248.129"; classtype:trojan-activity; sid:37542841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 49.1.50.30 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.1.50.30"; classtype:trojan-activity; sid:37542851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 23.94.220.156 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.220.156"; classtype:trojan-activity; sid:37542861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 150.109.11.122 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.11.122"; classtype:trojan-activity; sid:37542871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 36.105.172.120 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.105.172.120"; classtype:trojan-activity; sid:37542881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 125.19.112.50 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.19.112.50"; classtype:trojan-activity; sid:37542891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.250.169 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.250.169"; classtype:trojan-activity; sid:37542901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 34.76.161.135 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.76.161.135"; classtype:trojan-activity; sid:37542911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 101.42.226.94 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.226.94"; classtype:trojan-activity; sid:37542921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 104.28.153.10 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.153.10"; classtype:trojan-activity; sid:37542931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.2.254 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.2.254"; classtype:trojan-activity; sid:37542941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 221.225.82.40 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.225.82.40"; classtype:trojan-activity; sid:37542951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 113.239.200.192 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.239.200.192"; classtype:trojan-activity; sid:37542961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 170.106.167.185 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.167.185"; classtype:trojan-activity; sid:37542971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 206.189.135.113 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.135.113"; classtype:trojan-activity; sid:37542981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 107.173.10.105 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.10.105"; classtype:trojan-activity; sid:37542991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.159.38.78 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.38.78"; classtype:trojan-activity; sid:37543001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 191.232.182.244 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.232.182.244"; classtype:trojan-activity; sid:37543011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.128.133.217 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.133.217"; classtype:trojan-activity; sid:37543021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 24.199.114.11 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.199.114.11"; classtype:trojan-activity; sid:37543031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.15.112 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.15.112"; classtype:trojan-activity; sid:37543041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 185.216.117.191 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.216.117.191"; classtype:trojan-activity; sid:37543051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 1.12.67.160 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.67.160"; classtype:trojan-activity; sid:37543061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.219.38 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.219.38"; classtype:trojan-activity; sid:37543071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 139.59.69.194 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.69.194"; classtype:trojan-activity; sid:37543081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.39.129 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.39.129"; classtype:trojan-activity; sid:37543091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 170.106.176.3 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.176.3"; classtype:trojan-activity; sid:37543101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.174.31 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.174.31"; classtype:trojan-activity; sid:37543111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 124.156.199.133 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.199.133"; classtype:trojan-activity; sid:37543121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 129.226.205.52 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.205.52"; classtype:trojan-activity; sid:37543131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 47.196.62.25 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.196.62.25"; classtype:trojan-activity; sid:37543141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.229.230 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.229.230"; classtype:trojan-activity; sid:37543151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.157.65.24 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.65.24"; classtype:trojan-activity; sid:37543161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 107.174.95.217 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.95.217"; classtype:trojan-activity; sid:37543171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 5.250.185.68 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.250.185.68"; classtype:trojan-activity; sid:37543181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.240.208 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.240.208"; classtype:trojan-activity; sid:37543191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 180.242.130.6 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.242.130.6"; classtype:trojan-activity; sid:37543201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 113.24.66.76 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.24.66.76"; classtype:trojan-activity; sid:37543211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 107.189.12.220 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.189.12.220"; classtype:trojan-activity; sid:37543221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 192.3.153.105 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.3.153.105"; classtype:trojan-activity; sid:37543231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.231.159 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.231.159"; classtype:trojan-activity; sid:37543241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 34.34.137.73 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.34.137.73"; classtype:trojan-activity; sid:37543251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.97.219 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.97.219"; classtype:trojan-activity; sid:37543261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.47.80.222 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.47.80.222"; classtype:trojan-activity; sid:37543271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 208.109.37.82 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.109.37.82"; classtype:trojan-activity; sid:37543281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.212.209 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.212.209"; classtype:trojan-activity; sid:37543291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.232.46 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.232.46"; classtype:trojan-activity; sid:37543301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 87.255.193.50 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.255.193.50"; classtype:trojan-activity; sid:37543311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 78.25.105.127 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.25.105.127"; classtype:trojan-activity; sid:37543321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.51.31 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.51.31"; classtype:trojan-activity; sid:37543331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 119.28.116.161 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.116.161"; classtype:trojan-activity; sid:37543341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.130.15.112 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.15.112"; classtype:trojan-activity; sid:37543351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 123.235.208.218 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.235.208.218"; classtype:trojan-activity; sid:37543361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 192.18.131.66 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.18.131.66"; classtype:trojan-activity; sid:37543371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.94.121.90 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.94.121.90"; classtype:trojan-activity; sid:37543381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 170.64.222.152 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.222.152"; classtype:trojan-activity; sid:37543391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 170.64.222.142 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.222.142"; classtype:trojan-activity; sid:37543401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 137.184.161.92 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.161.92"; classtype:trojan-activity; sid:37543411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 170.64.222.150 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.222.150"; classtype:trojan-activity; sid:37543421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 64.227.77.69 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.77.69"; classtype:trojan-activity; sid:37543431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.184.89 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.184.89"; classtype:trojan-activity; sid:37543441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.131.232.11 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.232.11"; classtype:trojan-activity; sid:37543451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 170.64.222.143 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.222.143"; classtype:trojan-activity; sid:37543461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 119.45.15.217 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.15.217"; classtype:trojan-activity; sid:37543471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 47.109.71.32 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.109.71.32"; classtype:trojan-activity; sid:37543481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 218.156.108.222 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.156.108.222"; classtype:trojan-activity; sid:37543491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 107.172.142.118 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.142.118"; classtype:trojan-activity; sid:37543501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 170.64.139.239 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.139.239"; classtype:trojan-activity; sid:37543511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 146.190.137.227 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.137.227"; classtype:trojan-activity; sid:37543521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.70.137 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.70.137"; classtype:trojan-activity; sid:37543531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 101.32.141.43 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.141.43"; classtype:trojan-activity; sid:37543541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.154.78.106 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.78.106"; classtype:trojan-activity; sid:37543551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.102.19 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.102.19"; classtype:trojan-activity; sid:37543561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 49.51.75.178 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.75.178"; classtype:trojan-activity; sid:37543571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 171.251.30.58 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.251.30.58"; classtype:trojan-activity; sid:37543581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 34.147.163.223 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.147.163.223"; classtype:trojan-activity; sid:37543591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 146.190.167.218 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.167.218"; classtype:trojan-activity; sid:37543601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 104.225.158.183 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.225.158.183"; classtype:trojan-activity; sid:37543611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 213.6.49.84 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.6.49.84"; classtype:trojan-activity; sid:37543621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.135.169.210 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.169.210"; classtype:trojan-activity; sid:37543631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 104.250.49.4 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.4"; classtype:trojan-activity; sid:37543641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 120.92.84.211 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.92.84.211"; classtype:trojan-activity; sid:37543651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 150.109.13.165 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.13.165"; classtype:trojan-activity; sid:37543661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.233.79.213 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.233.79.213"; classtype:trojan-activity; sid:37543671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.16.94 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.16.94"; classtype:trojan-activity; sid:37543681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.59.194 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.59.194"; classtype:trojan-activity; sid:37543691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.67.148 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.67.148"; classtype:trojan-activity; sid:37543701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.133.47.86 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.47.86"; classtype:trojan-activity; sid:37543711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 20.245.60.160 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.245.60.160"; classtype:trojan-activity; sid:37543721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.157.1.142 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.1.142"; classtype:trojan-activity; sid:37543731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.99.197 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.99.197"; classtype:trojan-activity; sid:37543741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.213.253 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.213.253"; classtype:trojan-activity; sid:37543751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.70.79 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.70.79"; classtype:trojan-activity; sid:37543761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 101.32.32.56 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.32.56"; classtype:trojan-activity; sid:37543771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 129.226.221.242 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.221.242"; classtype:trojan-activity; sid:37543781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 101.35.11.54 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.11.54"; classtype:trojan-activity; sid:37543791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 113.166.127.6 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.166.127.6"; classtype:trojan-activity; sid:37543801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.128.130.87 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.130.87"; classtype:trojan-activity; sid:37543811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 49.65.101.245 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.65.101.245"; classtype:trojan-activity; sid:37543821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.66.78 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.66.78"; classtype:trojan-activity; sid:37543831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.211.59.5 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.211.59.5"; classtype:trojan-activity; sid:37543841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.46.186 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.46.186"; classtype:trojan-activity; sid:37543851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 129.226.154.21 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.154.21"; classtype:trojan-activity; sid:37543861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 14.168.53.55 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.168.53.55"; classtype:trojan-activity; sid:37543871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 181.115.208.122 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.115.208.122"; classtype:trojan-activity; sid:37543881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 62.234.29.14 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.29.14"; classtype:trojan-activity; sid:37543891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.154.157.216 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.157.216"; classtype:trojan-activity; sid:37543901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 170.64.218.242 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.218.242"; classtype:trojan-activity; sid:37543911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.130.34.144 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.34.144"; classtype:trojan-activity; sid:37543921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 159.223.3.3 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.3.3"; classtype:trojan-activity; sid:37543931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.214.35 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.214.35"; classtype:trojan-activity; sid:37543941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 150.109.204.207 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.204.207"; classtype:trojan-activity; sid:37543951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 181.115.208.190 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.115.208.190"; classtype:trojan-activity; sid:37543961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.162.225 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.162.225"; classtype:trojan-activity; sid:37543971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 129.226.156.194 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.156.194"; classtype:trojan-activity; sid:37543981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.157.24.59 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.24.59"; classtype:trojan-activity; sid:37543991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.133.3.153 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.3.153"; classtype:trojan-activity; sid:37544001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 82.157.36.82 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.36.82"; classtype:trojan-activity; sid:37544011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.69.7 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.69.7"; classtype:trojan-activity; sid:37544021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.139.53 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.139.53"; classtype:trojan-activity; sid:37544031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 177.33.194.110 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.33.194.110"; classtype:trojan-activity; sid:37544041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.179.87 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.179.87"; classtype:trojan-activity; sid:37544051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 143.92.42.57 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.92.42.57"; classtype:trojan-activity; sid:37544061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.163.232.248 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.232.248"; classtype:trojan-activity; sid:37544071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.167.35.76 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.167.35.76"; classtype:trojan-activity; sid:37544081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.90.203.131 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.90.203.131"; classtype:trojan-activity; sid:37544091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.133.70.4 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.70.4"; classtype:trojan-activity; sid:37544101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.130.228.28 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.228.28"; classtype:trojan-activity; sid:37544111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.218.14 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.218.14"; classtype:trojan-activity; sid:37544121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 181.115.208.53 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.115.208.53"; classtype:trojan-activity; sid:37544131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 116.52.210.18 any -> $HOME_NET any (msg: "MISP e26735 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.52.210.18"; classtype:trojan-activity; sid:37535211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26735;) alert ip 104.152.52.195 any -> $HOME_NET any (msg: "MISP e26739 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.152.52.195"; classtype:trojan-activity; sid:37535821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26739;) alert ip 111.22.74.159 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.22.74.159"; classtype:trojan-activity; sid:37536191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 111.70.9.92 any -> $HOME_NET any (msg: "MISP e26755 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.9.92"; classtype:trojan-activity; sid:37539171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26755;) alert ip 43.134.116.96 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.116.96"; classtype:trojan-activity; sid:37544141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 116.238.154.150 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.238.154.150"; classtype:trojan-activity; sid:37544151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 118.167.194.245 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.167.194.245"; classtype:trojan-activity; sid:37536201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 157.107.252.37 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.107.252.37"; classtype:trojan-activity; sid:37536211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 162.62.213.246 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.213.246"; classtype:trojan-activity; sid:37536221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 178.34.159.39 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.34.159.39"; classtype:trojan-activity; sid:37536231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 123.11.78.156 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.11.78.156"; classtype:trojan-activity; sid:37536241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 179.0.113.244 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.0.113.244"; classtype:trojan-activity; sid:37536251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 27.20.191.173 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.20.191.173"; classtype:trojan-activity; sid:37536261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 37.44.238.66 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.44.238.66"; classtype:trojan-activity; sid:37536271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 42.100.27.9 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.27.9"; classtype:trojan-activity; sid:37536281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 222.170.20.194 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.170.20.194"; classtype:trojan-activity; sid:37536291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 121.158.105.37 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.158.105.37"; classtype:trojan-activity; sid:37536301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 77.242.107.203 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.242.107.203"; classtype:trojan-activity; sid:37536311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 183.64.247.2 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.64.247.2"; classtype:trojan-activity; sid:37536321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 220.168.239.210 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.168.239.210"; classtype:trojan-activity; sid:37536331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 61.185.91.235 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.185.91.235"; classtype:trojan-activity; sid:37536341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 117.141.150.30 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.141.150.30"; classtype:trojan-activity; sid:37544161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 45.156.129.12 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.156.129.12"; classtype:trojan-activity; sid:37544171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 23.227.203.251 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.227.203.251"; classtype:trojan-activity; sid:37534871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 162.55.128.58 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.55.128.58"; classtype:trojan-activity; sid:37534881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 87.236.176.145 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.145"; classtype:trojan-activity; sid:37534891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 37.151.48.169 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.151.48.169"; classtype:trojan-activity; sid:37539961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 43.153.84.47 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.84.47"; classtype:trojan-activity; sid:37544181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 223.151.249.95 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.249.95"; classtype:trojan-activity; sid:37536351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 85.105.81.180 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.105.81.180"; classtype:trojan-activity; sid:37536361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 61.141.31.3 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.141.31.3"; classtype:trojan-activity; sid:37536371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 103.149.26.253 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.149.26.253"; classtype:trojan-activity; sid:37534901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 85.113.14.18 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.113.14.18"; classtype:trojan-activity; sid:37539971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 87.236.176.229 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.229"; classtype:trojan-activity; sid:37546391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 87.236.176.124 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.124"; classtype:trojan-activity; sid:37534911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 106.183.35.202 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.183.35.202"; classtype:trojan-activity; sid:37536381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 79.27.162.178 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.27.162.178"; classtype:trojan-activity; sid:37536391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 213.232.246.5 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.232.246.5"; classtype:trojan-activity; sid:37539981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 112.124.18.88 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.124.18.88"; classtype:trojan-activity; sid:37536401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 43.131.249.230 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.249.230"; classtype:trojan-activity; sid:37544191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 117.190.224.41 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.190.224.41"; classtype:trojan-activity; sid:37536411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 121.234.173.95 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.234.173.95"; classtype:trojan-activity; sid:37536421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 175.30.105.60 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.105.60"; classtype:trojan-activity; sid:37536431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 47.105.33.16 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.105.33.16"; classtype:trojan-activity; sid:37546401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 212.27.30.60 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.27.30.60"; classtype:trojan-activity; sid:37536441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 87.236.176.119 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.119"; classtype:trojan-activity; sid:37534921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 47.76.173.157 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.76.173.157"; classtype:trojan-activity; sid:37544201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 178.218.201.81 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.218.201.81"; classtype:trojan-activity; sid:37539991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 101.108.88.247 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.108.88.247"; classtype:trojan-activity; sid:37536451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 122.117.28.201 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.28.201"; classtype:trojan-activity; sid:37536461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 182.240.54.116 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.54.116"; classtype:trojan-activity; sid:37536471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 116.248.101.122 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.248.101.122"; classtype:trojan-activity; sid:37536481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 119.98.244.43 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.98.244.43"; classtype:trojan-activity; sid:37536491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 153.187.142.241 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.187.142.241"; classtype:trojan-activity; sid:37536501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 42.100.22.3 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.22.3"; classtype:trojan-activity; sid:37536511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 221.202.23.106 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.202.23.106"; classtype:trojan-activity; sid:37536521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 202.75.28.193 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.75.28.193"; classtype:trojan-activity; sid:37536531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 60.191.75.194 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.191.75.194"; classtype:trojan-activity; sid:37536541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 182.70.253.229 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.70.253.229"; classtype:trojan-activity; sid:37536551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 39.68.249.194 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.68.249.194"; classtype:trojan-activity; sid:37536561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 192.241.195.115 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.195.115"; classtype:trojan-activity; sid:37546411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 182.112.11.118 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.112.11.118"; classtype:trojan-activity; sid:37536571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 81.215.196.121 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.215.196.121"; classtype:trojan-activity; sid:37536581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 59.98.178.109 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.98.178.109"; classtype:trojan-activity; sid:37536591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 47.199.112.156 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.199.112.156"; classtype:trojan-activity; sid:37536601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 222.134.174.128 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.134.174.128"; classtype:trojan-activity; sid:37536611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 78.186.203.167 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.186.203.167"; classtype:trojan-activity; sid:37536621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 221.200.120.60 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.200.120.60"; classtype:trojan-activity; sid:37536631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 122.164.124.244 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.164.124.244"; classtype:trojan-activity; sid:37544211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 58.47.85.241 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.85.241"; classtype:trojan-activity; sid:37536641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 46.73.101.3 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.73.101.3"; classtype:trojan-activity; sid:37536651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 79.167.163.216 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.167.163.216"; classtype:trojan-activity; sid:37536661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 94.141.253.202 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.141.253.202"; classtype:trojan-activity; sid:37536671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 43.134.240.109 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.240.109"; classtype:trojan-activity; sid:37544221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 61.221.235.137 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.221.235.137"; classtype:trojan-activity; sid:37536681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 81.213.26.131 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.213.26.131"; classtype:trojan-activity; sid:37536691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 93.71.9.21 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.71.9.21"; classtype:trojan-activity; sid:37536701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 93.46.12.91 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.46.12.91"; classtype:trojan-activity; sid:37536711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 98.143.255.25 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 98.143.255.25"; classtype:trojan-activity; sid:37544231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 179.1.85.124 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.1.85.124"; classtype:trojan-activity; sid:37544241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 14.169.92.185 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.169.92.185"; classtype:trojan-activity; sid:37536721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 121.137.74.48 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.137.74.48"; classtype:trojan-activity; sid:37544251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 198.235.24.185 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.185"; classtype:trojan-activity; sid:37544261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 47.94.3.123 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.94.3.123"; classtype:trojan-activity; sid:37544271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 162.243.144.9 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.144.9"; classtype:trojan-activity; sid:37544281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.23.163 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.23.163"; classtype:trojan-activity; sid:37544291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 123.172.48.15 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.48.15"; classtype:trojan-activity; sid:37536731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 178.64.201.250 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.64.201.250"; classtype:trojan-activity; sid:37536741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 62.234.68.208 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.68.208"; classtype:trojan-activity; sid:37544301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.157.10.176 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.10.176"; classtype:trojan-activity; sid:37544311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 119.116.133.105 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.116.133.105"; classtype:trojan-activity; sid:37536751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 219.157.11.51 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.157.11.51"; classtype:trojan-activity; sid:37536761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 124.98.150.23 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.98.150.23"; classtype:trojan-activity; sid:37536771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 95.73.172.170 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.73.172.170"; classtype:trojan-activity; sid:37544321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 121.61.141.41 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.141.41"; classtype:trojan-activity; sid:37536781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 27.25.112.214 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.25.112.214"; classtype:trojan-activity; sid:37536791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 175.30.115.14 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.115.14"; classtype:trojan-activity; sid:37536801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 138.121.122.170 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.121.122.170"; classtype:trojan-activity; sid:37536811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 171.83.236.26 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.83.236.26"; classtype:trojan-activity; sid:37536821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 175.149.47.77 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.149.47.77"; classtype:trojan-activity; sid:37536831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 178.212.221.60 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.212.221.60"; classtype:trojan-activity; sid:37536841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 185.205.230.85 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.205.230.85"; classtype:trojan-activity; sid:37536851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 177.82.180.139 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.82.180.139"; classtype:trojan-activity; sid:37536861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 183.179.170.78 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.179.170.78"; classtype:trojan-activity; sid:37536871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 218.201.12.153 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.201.12.153"; classtype:trojan-activity; sid:37536881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 222.172.146.128 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.172.146.128"; classtype:trojan-activity; sid:37536891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 211.54.136.150 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.54.136.150"; classtype:trojan-activity; sid:37536901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 45.235.37.11 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.235.37.11"; classtype:trojan-activity; sid:37536911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 183.61.16.107 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.61.16.107"; classtype:trojan-activity; sid:37536921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 27.35.239.200 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.35.239.200"; classtype:trojan-activity; sid:37536931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 27.22.118.76 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.22.118.76"; classtype:trojan-activity; sid:37536941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 58.50.136.136 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.50.136.136"; classtype:trojan-activity; sid:37536951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 89.147.236.10 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.147.236.10"; classtype:trojan-activity; sid:37536961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 60.246.188.199 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.246.188.199"; classtype:trojan-activity; sid:37536971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 114.227.48.211 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.227.48.211"; classtype:trojan-activity; sid:37536981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 82.145.159.236 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.145.159.236"; classtype:trojan-activity; sid:37536991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 5.187.205.251 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.187.205.251"; classtype:trojan-activity; sid:37537001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 89.189.86.91 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.189.86.91"; classtype:trojan-activity; sid:37540001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 89.190.156.209 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.190.156.209"; classtype:trojan-activity; sid:37537011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 125.26.201.16 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.201.16"; classtype:trojan-activity; sid:37537021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 93.95.143.110 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.95.143.110"; classtype:trojan-activity; sid:37537031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 190.211.255.106 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.211.255.106"; classtype:trojan-activity; sid:37537041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 112.53.160.61 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.53.160.61"; classtype:trojan-activity; sid:37544331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 106.55.20.84 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.20.84"; classtype:trojan-activity; sid:37544341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 117.72.8.31 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.8.31"; classtype:trojan-activity; sid:37546421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 162.243.142.48 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.142.48"; classtype:trojan-activity; sid:37546431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 222.189.91.98 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.189.91.98"; classtype:trojan-activity; sid:37537051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 121.196.198.96 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.196.198.96"; classtype:trojan-activity; sid:37546441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 39.39.117.232 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.39.117.232"; classtype:trojan-activity; sid:37537061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 111.43.1.93 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.43.1.93"; classtype:trojan-activity; sid:37537071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 124.164.249.74 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.164.249.74"; classtype:trojan-activity; sid:37537081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 42.202.17.37 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.202.17.37"; classtype:trojan-activity; sid:37537091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 117.245.70.136 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.245.70.136"; classtype:trojan-activity; sid:37537101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 59.17.117.150 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.17.117.150"; classtype:trojan-activity; sid:37537111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 129.226.203.175 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.203.175"; classtype:trojan-activity; sid:37544351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 84.54.51.3 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.54.51.3"; classtype:trojan-activity; sid:37537121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 178.72.83.72 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.72.83.72"; classtype:trojan-activity; sid:37537131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 88.135.61.38 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.135.61.38"; classtype:trojan-activity; sid:37540011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 24.152.82.120 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.152.82.120"; classtype:trojan-activity; sid:37537141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 81.16.9.208 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.16.9.208"; classtype:trojan-activity; sid:37537151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 191.14.21.179 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.14.21.179"; classtype:trojan-activity; sid:37537161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 64.92.14.200 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.92.14.200"; classtype:trojan-activity; sid:37537171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 162.243.143.53 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.143.53"; classtype:trojan-activity; sid:37546451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 198.235.24.168 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.168"; classtype:trojan-activity; sid:37544361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 106.86.209.118 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.86.209.118"; classtype:trojan-activity; sid:37544371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 46.98.167.66 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.98.167.66"; classtype:trojan-activity; sid:37537181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 106.41.82.96 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.82.96"; classtype:trojan-activity; sid:37537191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 121.236.234.196 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.236.234.196"; classtype:trojan-activity; sid:37537201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 143.198.223.22 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.223.22"; classtype:trojan-activity; sid:37544381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 182.240.204.149 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.204.149"; classtype:trojan-activity; sid:37537211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 116.52.75.155 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.52.75.155"; classtype:trojan-activity; sid:37537221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 101.108.241.86 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.108.241.86"; classtype:trojan-activity; sid:37537231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 178.34.159.111 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.34.159.111"; classtype:trojan-activity; sid:37537241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 223.10.65.158 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.10.65.158"; classtype:trojan-activity; sid:37537251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 43.241.106.135 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.241.106.135"; classtype:trojan-activity; sid:37537261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 118.69.78.28 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.69.78.28"; classtype:trojan-activity; sid:37537271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 95.132.253.84 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.132.253.84"; classtype:trojan-activity; sid:37537281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 43.134.4.79 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.4.79"; classtype:trojan-activity; sid:37544391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 61.166.199.198 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.166.199.198"; classtype:trojan-activity; sid:37537291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 181.191.130.221 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.191.130.221"; classtype:trojan-activity; sid:37537301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 41.200.248.160 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.200.248.160"; classtype:trojan-activity; sid:37537311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 38.130.226.109 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.130.226.109"; classtype:trojan-activity; sid:37534931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 83.191.161.48 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.191.161.48"; classtype:trojan-activity; sid:37537321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 195.210.47.41 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.210.47.41"; classtype:trojan-activity; sid:37544401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.176.118 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.176.118"; classtype:trojan-activity; sid:37544411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.156.12.121 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.12.121"; classtype:trojan-activity; sid:37544421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 85.230.203.27 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.230.203.27"; classtype:trojan-activity; sid:37544431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 136.33.247.88 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 136.33.247.88"; classtype:trojan-activity; sid:37537331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 76.133.223.149 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.133.223.149"; classtype:trojan-activity; sid:37544441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 121.227.93.13 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.227.93.13"; classtype:trojan-activity; sid:37537341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 45.79.181.104 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.181.104"; classtype:trojan-activity; sid:37544451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 36.74.117.172 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.74.117.172"; classtype:trojan-activity; sid:37540021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 188.119.66.112 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.119.66.112"; classtype:trojan-activity; sid:37534941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 87.236.176.116 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.116"; classtype:trojan-activity; sid:37534951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 177.142.6.51 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.142.6.51"; classtype:trojan-activity; sid:37537351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 87.236.176.131 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.131"; classtype:trojan-activity; sid:37534961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 14.201.117.148 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.201.117.148"; classtype:trojan-activity; sid:37537361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 87.236.176.120 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.120"; classtype:trojan-activity; sid:37534971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 114.33.208.167 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.33.208.167"; classtype:trojan-activity; sid:37537371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 213.230.110.13 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.230.110.13"; classtype:trojan-activity; sid:37540031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 89.237.203.223 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.237.203.223"; classtype:trojan-activity; sid:37540041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 198.199.115.123 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.115.123"; classtype:trojan-activity; sid:37537381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 161.35.155.246 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.155.246"; classtype:trojan-activity; sid:37546461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 117.131.151.169 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.131.151.169"; classtype:trojan-activity; sid:37546471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 182.202.11.112 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.202.11.112"; classtype:trojan-activity; sid:37537391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 124.154.44.154 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.154.44.154"; classtype:trojan-activity; sid:37537401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 8.210.135.95 any -> $HOME_NET any (msg: "MISP e26791 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 8.210.135.95"; classtype:trojan-activity; sid:37546481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 101.37.157.60 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.37.157.60"; classtype:trojan-activity; sid:37537411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 117.196.195.79 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.196.195.79"; classtype:trojan-activity; sid:37537421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 223.151.225.225 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.225.225"; classtype:trojan-activity; sid:37537431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 112.133.241.6 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.133.241.6"; classtype:trojan-activity; sid:37537441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 49.82.95.149 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.82.95.149"; classtype:trojan-activity; sid:37537451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 12.219.42.110 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 12.219.42.110"; classtype:trojan-activity; sid:37537461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 175.31.201.61 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.201.61"; classtype:trojan-activity; sid:37537471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 202.134.27.91 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.134.27.91"; classtype:trojan-activity; sid:37537481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 91.98.119.245 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.98.119.245"; classtype:trojan-activity; sid:37537491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 109.75.45.104 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.75.45.104"; classtype:trojan-activity; sid:37537501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 220.163.199.24 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.163.199.24"; classtype:trojan-activity; sid:37537511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 92.63.204.70 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.63.204.70"; classtype:trojan-activity; sid:37540051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 103.172.26.5 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.172.26.5"; classtype:trojan-activity; sid:37534981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 27.25.97.241 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.25.97.241"; classtype:trojan-activity; sid:37537521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 119.119.53.206 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.119.53.206"; classtype:trojan-activity; sid:37537531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 182.53.149.7 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.149.7"; classtype:trojan-activity; sid:37537541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 87.236.176.89 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.89"; classtype:trojan-activity; sid:37534991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 112.120.71.167 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.120.71.167"; classtype:trojan-activity; sid:37537551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 159.89.80.97 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.80.97"; classtype:trojan-activity; sid:37537561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 113.89.82.219 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance] Incoming From IP: 113.89.82.219"; classtype:trojan-activity; sid:37537571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 162.243.139.35 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.139.35"; classtype:trojan-activity; sid:37537581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 61.166.30.200 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.166.30.200"; classtype:trojan-activity; sid:37537591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 79.31.240.228 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.31.240.228"; classtype:trojan-activity; sid:37537601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 122.226.61.206 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.226.61.206"; classtype:trojan-activity; sid:37537611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 190.109.227.195 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.195"; classtype:trojan-activity; sid:37537621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 221.131.183.69 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.131.183.69"; classtype:trojan-activity; sid:37537631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 167.94.146.52 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.146.52"; classtype:trojan-activity; sid:37535001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 182.119.220.58 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.119.220.58"; classtype:trojan-activity; sid:37537641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 2.182.2.171 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.182.2.171"; classtype:trojan-activity; sid:37540061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 59.127.43.139 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.127.43.139"; classtype:trojan-activity; sid:37537651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 59.127.134.189 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.127.134.189"; classtype:trojan-activity; sid:37537661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 75.91.9.105 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.91.9.105"; classtype:trojan-activity; sid:37544461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 147.78.47.34 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.78.47.34"; classtype:trojan-activity; sid:37535011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 14.155.206.180 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.155.206.180"; classtype:trojan-activity; sid:37537671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 172.81.62.219 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.219"; classtype:trojan-activity; sid:37540071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 5.121.5.130 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.121.5.130"; classtype:trojan-activity; sid:37540081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 192.241.238.27 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.238.27"; classtype:trojan-activity; sid:37544471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 111.9.240.38 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.9.240.38"; classtype:trojan-activity; sid:37544481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 187.18.155.145 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.18.155.145"; classtype:trojan-activity; sid:37537681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 87.236.176.251 any -> $HOME_NET any (msg: "MISP e26791 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 87.236.176.251"; classtype:trojan-activity; sid:37546491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 121.41.81.220 any -> $HOME_NET any (msg: "MISP e26791 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 121.41.81.220"; classtype:trojan-activity; sid:37546501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 137.184.153.174 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.153.174"; classtype:trojan-activity; sid:37540091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 213.230.86.38 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.230.86.38"; classtype:trojan-activity; sid:37540101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 95.56.105.254 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.56.105.254"; classtype:trojan-activity; sid:37540111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 222.102.214.75 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.102.214.75"; classtype:trojan-activity; sid:37544491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 203.215.32.14 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.215.32.14"; classtype:trojan-activity; sid:37540121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 105.159.123.100 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 105.159.123.100"; classtype:trojan-activity; sid:37537691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 116.107.115.128 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.107.115.128"; classtype:trojan-activity; sid:37537701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 117.92.237.221 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.92.237.221"; classtype:trojan-activity; sid:37537711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 85.9.140.45 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.9.140.45"; classtype:trojan-activity; sid:37540131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 190.109.227.134 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.134"; classtype:trojan-activity; sid:37537721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 185.72.86.39 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.72.86.39"; classtype:trojan-activity; sid:37544501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.86.146.140 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.86.146.140"; classtype:trojan-activity; sid:37537731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 114.34.118.50 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.34.118.50"; classtype:trojan-activity; sid:37537741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 87.236.176.108 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.108"; classtype:trojan-activity; sid:37535021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 117.220.101.233 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.220.101.233"; classtype:trojan-activity; sid:37537751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 195.189.109.235 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.189.109.235"; classtype:trojan-activity; sid:37540141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 175.31.202.234 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.202.234"; classtype:trojan-activity; sid:37537761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 162.243.143.51 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.143.51"; classtype:trojan-activity; sid:37535031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 46.98.142.61 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.98.142.61"; classtype:trojan-activity; sid:37540151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 205.210.31.207 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.207"; classtype:trojan-activity; sid:37546511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 109.236.47.119 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.236.47.119"; classtype:trojan-activity; sid:37540161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 113.177.151.43 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.177.151.43"; classtype:trojan-activity; sid:37537771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 129.226.212.230 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.212.230"; classtype:trojan-activity; sid:37544511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 209.141.40.117 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.141.40.117"; classtype:trojan-activity; sid:37546521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 112.102.169.20 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.169.20"; classtype:trojan-activity; sid:37537781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 117.214.76.162 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.76.162"; classtype:trojan-activity; sid:37537791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 117.85.198.43 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.85.198.43"; classtype:trojan-activity; sid:37537801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 45.141.87.180 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.141.87.180"; classtype:trojan-activity; sid:37535041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 117.206.122.40 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.206.122.40"; classtype:trojan-activity; sid:37537811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 121.227.208.82 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.227.208.82"; classtype:trojan-activity; sid:37537821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 182.253.124.103 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.253.124.103"; classtype:trojan-activity; sid:37540171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 179.106.18.128 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.106.18.128"; classtype:trojan-activity; sid:37537831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 113.100.86.67 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.100.86.67"; classtype:trojan-activity; sid:37537841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 45.89.52.225 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.89.52.225"; classtype:trojan-activity; sid:37540181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 121.224.200.33 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.224.200.33"; classtype:trojan-activity; sid:37537851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 116.62.10.253 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.62.10.253"; classtype:trojan-activity; sid:37546531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 27.21.157.40 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.21.157.40"; classtype:trojan-activity; sid:37537861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 121.61.143.107 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.143.107"; classtype:trojan-activity; sid:37537871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 116.118.49.76 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.118.49.76"; classtype:trojan-activity; sid:37544521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 89.45.182.152 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.45.182.152"; classtype:trojan-activity; sid:37537881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 77.92.42.6 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.92.42.6"; classtype:trojan-activity; sid:37537891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 180.106.91.152 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.106.91.152"; classtype:trojan-activity; sid:37537901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 213.109.202.127 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.109.202.127"; classtype:trojan-activity; sid:37544531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 36.49.172.123 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.49.172.123"; classtype:trojan-activity; sid:37537911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 107.170.231.9 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.231.9"; classtype:trojan-activity; sid:37535051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 111.9.55.134 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.9.55.134"; classtype:trojan-activity; sid:37537921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 43.134.118.142 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.118.142"; classtype:trojan-activity; sid:37544541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 87.236.176.96 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.96"; classtype:trojan-activity; sid:37535061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 117.199.194.248 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.199.194.248"; classtype:trojan-activity; sid:37537931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 119.99.123.205 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.99.123.205"; classtype:trojan-activity; sid:37537941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 43.153.168.50 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.168.50"; classtype:trojan-activity; sid:37544551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 49.130.21.26 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.130.21.26"; classtype:trojan-activity; sid:37537951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 45.87.212.180 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.87.212.180"; classtype:trojan-activity; sid:37535071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 204.216.150.16 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.216.150.16"; classtype:trojan-activity; sid:37544561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.105.17 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.105.17"; classtype:trojan-activity; sid:37544571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 79.175.132.19 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.175.132.19"; classtype:trojan-activity; sid:37544581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 218.150.98.41 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.150.98.41"; classtype:trojan-activity; sid:37544591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.154.179.123 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.179.123"; classtype:trojan-activity; sid:37544601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 205.210.31.216 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.216"; classtype:trojan-activity; sid:37535081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 2.187.36.211 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.187.36.211"; classtype:trojan-activity; sid:37540191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 43.156.83.109 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.83.109"; classtype:trojan-activity; sid:37544611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 162.243.128.30 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.128.30"; classtype:trojan-activity; sid:37535091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 46.42.251.29 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.42.251.29"; classtype:trojan-activity; sid:37540201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 151.80.47.2 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.80.47.2"; classtype:trojan-activity; sid:37535101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 95.164.87.126 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.164.87.126"; classtype:trojan-activity; sid:37544621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.202.86 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.202.86"; classtype:trojan-activity; sid:37544631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 109.201.179.129 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.201.179.129"; classtype:trojan-activity; sid:37540211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 147.45.78.143 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.45.78.143"; classtype:trojan-activity; sid:37535111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 84.54.72.60 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.54.72.60"; classtype:trojan-activity; sid:37540221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 176.113.141.34 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.113.141.34"; classtype:trojan-activity; sid:37540231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 188.0.132.48 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.0.132.48"; classtype:trojan-activity; sid:37540241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 175.110.10.118 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.110.10.118"; classtype:trojan-activity; sid:37540251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 116.26.24.5 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.26.24.5"; classtype:trojan-activity; sid:37537961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 172.81.62.237 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.237"; classtype:trojan-activity; sid:37540261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 176.223.185.214 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.223.185.214"; classtype:trojan-activity; sid:37540271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 154.244.3.185 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.244.3.185"; classtype:trojan-activity; sid:37540281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 178.130.73.57 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.130.73.57"; classtype:trojan-activity; sid:37540291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 103.67.197.53 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.67.197.53"; classtype:trojan-activity; sid:37537971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 5.125.99.114 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.125.99.114"; classtype:trojan-activity; sid:37540301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 178.131.66.100 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.131.66.100"; classtype:trojan-activity; sid:37540311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 178.130.96.241 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.130.96.241"; classtype:trojan-activity; sid:37540321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 125.229.216.131 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.229.216.131"; classtype:trojan-activity; sid:37537981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 217.218.35.133 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.218.35.133"; classtype:trojan-activity; sid:37540331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 81.91.29.140 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.91.29.140"; classtype:trojan-activity; sid:37540341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 188.240.109.35 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.240.109.35"; classtype:trojan-activity; sid:37540351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 80.191.254.83 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.191.254.83"; classtype:trojan-activity; sid:37540361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 192.15.45.196 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.15.45.196"; classtype:trojan-activity; sid:37540371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 81.91.182.55 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.91.182.55"; classtype:trojan-activity; sid:37540381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 113.25.135.214 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.25.135.214"; classtype:trojan-activity; sid:37537991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 39.41.170.112 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.41.170.112"; classtype:trojan-activity; sid:37540391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 183.223.210.166 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.223.210.166"; classtype:trojan-activity; sid:37538001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 85.249.28.83 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.249.28.83"; classtype:trojan-activity; sid:37540401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 117.214.93.47 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.93.47"; classtype:trojan-activity; sid:37538011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 101.126.64.240 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.64.240"; classtype:trojan-activity; sid:37544641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 125.229.88.177 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.229.88.177"; classtype:trojan-activity; sid:37538021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26600 [] Source Email Address: operations1@dlcgroup.com.co"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"operations1@dlcgroup.com.co"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37487261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26600;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26600 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"ODC#PO 45006289500985746543235678757656744633.xla|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37487281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26600;) alert ip 193.37.69.213 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.37.69.213"; classtype:trojan-activity; sid:37535121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 124.156.192.13 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.192.13"; classtype:trojan-activity; sid:37544651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 107.174.121.4 any -> $HOME_NET any (msg: "MISP e26600 [] Incoming From IP: 107.174.121.4"; classtype:trojan-activity; sid:37487301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26600;) alert dns any any -> any any (msg: "MISP e26600 [] Domain mail2.tankertelz.co"; dns.query; content:"mail2.tankertelz.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail2\.tankertelz\.co$/i"; classtype:trojan-activity; sid:37487311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26600 [] Outgoing HTTP Domain mail2.tankertelz.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail2.tankertelz.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail2\.tankertelz\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37487312; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26600;) alert ip 178.131.93.149 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.131.93.149"; classtype:trojan-activity; sid:37540411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 36.138.56.92 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.138.56.92"; classtype:trojan-activity; sid:37544661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 223.115.88.25 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.115.88.25"; classtype:trojan-activity; sid:37540421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 65.49.1.30 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.49.1.30"; classtype:trojan-activity; sid:37544671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 165.154.128.199 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.128.199"; classtype:trojan-activity; sid:37535131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 110.42.230.219 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.230.219"; classtype:trojan-activity; sid:37546541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 175.110.11.146 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.110.11.146"; classtype:trojan-activity; sid:37540431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 106.110.218.154 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.110.218.154"; classtype:trojan-activity; sid:37538031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 185.139.138.113 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.139.138.113"; classtype:trojan-activity; sid:37540441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 46.161.198.241 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.161.198.241"; classtype:trojan-activity; sid:37540451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 92.63.204.182 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.63.204.182"; classtype:trojan-activity; sid:37540461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 116.207.31.69 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.207.31.69"; classtype:trojan-activity; sid:37538041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 119.122.114.158 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.122.114.158"; classtype:trojan-activity; sid:37538051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 223.12.155.45 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.12.155.45"; classtype:trojan-activity; sid:37538061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 198.235.24.99 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.99"; classtype:trojan-activity; sid:37544681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.183.233 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.183.233"; classtype:trojan-activity; sid:37544691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.156.92.113 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.156.92.113"; classtype:trojan-activity; sid:37535141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 176.64.29.28 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.64.29.28"; classtype:trojan-activity; sid:37540471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 188.246.255.81 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.246.255.81"; classtype:trojan-activity; sid:37540481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 141.95.57.77 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.95.57.77"; classtype:trojan-activity; sid:37540491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 81.91.182.234 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.91.182.234"; classtype:trojan-activity; sid:37540501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip $HOME_NET any -> 5.226.137.157 443 (msg: "MISP e26686 [BANDWIDTH-AS,Responder] Outgoing To IP: 5.226.137.157|443"; classtype:trojan-activity; sid:37512721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 24.88.87.29 445 (msg: "MISP e26686 [Responder,TWC-11426-CAROLINAS] Outgoing To IP: 24.88.87.29|445"; classtype:trojan-activity; sid:37512731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 78.101.24.11 443 (msg: "MISP e26686 [GCC-MPLS-PEERING GCC MPLS peering,QakBot] Outgoing To IP: 78.101.24.11|443"; classtype:trojan-activity; sid:37512741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 154.246.249.128 2078 (msg: "MISP e26686 [ALGTEL-AS,QakBot] Outgoing To IP: 154.246.249.128|2078"; classtype:trojan-activity; sid:37512751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 94.49.14.17 995 (msg: "MISP e26686 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 94.49.14.17|995"; classtype:trojan-activity; sid:37512761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 43.229.115.110 8888 (msg: "MISP e26686 [MOACKCOLTD-AS-AP MOACK.Co.LTD,Supershell] Outgoing To IP: 43.229.115.110|8888"; classtype:trojan-activity; sid:37512771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 43.229.115.110 8888 (msg: "MISP e26671 [] Outgoing To IP: 43.229.115.110|8888"; classtype:trojan-activity; sid:37550171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 94.49.14.17 995 (msg: "MISP e26671 [] Outgoing To IP: 94.49.14.17|995"; classtype:trojan-activity; sid:37550181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 154.246.249.128 2078 (msg: "MISP e26671 [] Outgoing To IP: 154.246.249.128|2078"; classtype:trojan-activity; sid:37550191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 78.101.24.11 443 (msg: "MISP e26671 [] Outgoing To IP: 78.101.24.11|443"; classtype:trojan-activity; sid:37550201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 24.88.87.29 445 (msg: "MISP e26671 [] Outgoing To IP: 24.88.87.29|445"; classtype:trojan-activity; sid:37550211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 5.226.137.157 443 (msg: "MISP e26671 [] Outgoing To IP: 5.226.137.157|443"; classtype:trojan-activity; sid:37550221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip 101.166.64.114 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.166.64.114"; classtype:trojan-activity; sid:37538071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 104.140.148.62 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.140.148.62"; classtype:trojan-activity; sid:37538081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 106.59.240.154 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.59.240.154"; classtype:trojan-activity; sid:37538091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 106.41.28.47 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.28.47"; classtype:trojan-activity; sid:37538101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 111.179.41.68 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.179.41.68"; classtype:trojan-activity; sid:37538111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 111.10.199.122 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.10.199.122"; classtype:trojan-activity; sid:37538121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 111.225.100.44 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.225.100.44"; classtype:trojan-activity; sid:37538131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 111.220.207.182 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.220.207.182"; classtype:trojan-activity; sid:37538141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 113.116.126.206 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.116.126.206"; classtype:trojan-activity; sid:37538151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 111.53.116.82 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.53.116.82"; classtype:trojan-activity; sid:37538161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 113.26.86.79 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.26.86.79"; classtype:trojan-activity; sid:37538171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 113.162.13.11 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.162.13.11"; classtype:trojan-activity; sid:37538181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 114.227.157.74 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.227.157.74"; classtype:trojan-activity; sid:37538191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 114.239.91.154 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.91.154"; classtype:trojan-activity; sid:37538201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 114.178.76.17 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.178.76.17"; classtype:trojan-activity; sid:37538211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 114.239.129.210 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.129.210"; classtype:trojan-activity; sid:37538221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 116.10.132.5 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.10.132.5"; classtype:trojan-activity; sid:37538231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 116.52.246.119 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.52.246.119"; classtype:trojan-activity; sid:37538241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 115.41.71.197 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.41.71.197"; classtype:trojan-activity; sid:37538251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 116.248.103.199 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.248.103.199"; classtype:trojan-activity; sid:37538261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 117.254.180.200 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.254.180.200"; classtype:trojan-activity; sid:37538271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 117.214.77.212 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.77.212"; classtype:trojan-activity; sid:37538281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 117.63.36.212 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.63.36.212"; classtype:trojan-activity; sid:37538291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 119.176.117.147 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.176.117.147"; classtype:trojan-activity; sid:37538301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 121.224.178.69 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.224.178.69"; classtype:trojan-activity; sid:37538311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 123.185.221.147 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.185.221.147"; classtype:trojan-activity; sid:37538321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 125.26.140.158 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.140.158"; classtype:trojan-activity; sid:37538331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 134.255.69.185 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.255.69.185"; classtype:trojan-activity; sid:37538341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 125.26.142.134 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.142.134"; classtype:trojan-activity; sid:37538351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 144.0.250.127 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.0.250.127"; classtype:trojan-activity; sid:37538361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 175.30.110.91 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.110.91"; classtype:trojan-activity; sid:37538371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 175.30.82.88 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.82.88"; classtype:trojan-activity; sid:37538381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 175.30.76.191 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.76.191"; classtype:trojan-activity; sid:37538391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 177.12.181.3 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.12.181.3"; classtype:trojan-activity; sid:37538401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 178.175.167.94 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.175.167.94"; classtype:trojan-activity; sid:37538411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 185.233.19.205 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.233.19.205"; classtype:trojan-activity; sid:37538421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 185.91.127.234 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.91.127.234"; classtype:trojan-activity; sid:37538431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip 190.196.230.88 any -> $HOME_NET any (msg: "MISP e26744 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.196.230.88"; classtype:trojan-activity; sid:37538441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26744;) alert ip $HOME_NET any -> 172.105.41.109 8088 (msg: "MISP e26778 [diamond-model:Infrastructure,kill-chain:Command and Control] Outgoing To IP: 172.105.41.109|8088"; classtype:trojan-activity; sid:37545011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26778;) alert ip 1.117.207.47 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.207.47"; classtype:trojan-activity; sid:37544701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 101.32.127.58 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.127.58"; classtype:trojan-activity; sid:37544711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 106.13.14.77 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.14.77"; classtype:trojan-activity; sid:37544721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 103.250.196.10 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.250.196.10"; classtype:trojan-activity; sid:37544731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 124.219.149.157 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.219.149.157"; classtype:trojan-activity; sid:37544741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 121.185.28.133 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.185.28.133"; classtype:trojan-activity; sid:37544751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 190.103.240.121 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.103.240.121"; classtype:trojan-activity; sid:37544761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 18.193.73.45 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 18.193.73.45"; classtype:trojan-activity; sid:37544771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 141.98.10.59 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.10.59"; classtype:trojan-activity; sid:37544781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.153.168.232 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.168.232"; classtype:trojan-activity; sid:37544791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.17.9 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.17.9"; classtype:trojan-activity; sid:37544801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.133.39.252 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.39.252"; classtype:trojan-activity; sid:37544811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 18.222.35.37 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 18.222.35.37"; classtype:trojan-activity; sid:37535151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 8.218.55.214 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.218.55.214"; classtype:trojan-activity; sid:37544821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 209.38.208.65 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.38.208.65"; classtype:trojan-activity; sid:37544831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 198.235.24.254 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.254"; classtype:trojan-activity; sid:37535161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 178.124.27.127 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.124.27.127"; classtype:trojan-activity; sid:37540511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 103.146.170.55 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.146.170.55"; classtype:trojan-activity; sid:37540521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 213.230.102.198 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.230.102.198"; classtype:trojan-activity; sid:37540531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 49.51.39.54 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.39.54"; classtype:trojan-activity; sid:37544841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 1.1.245.165 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.1.245.165"; classtype:trojan-activity; sid:37540541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 181.188.211.153 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.188.211.153"; classtype:trojan-activity; sid:37540551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 223.228.248.116 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.228.248.116"; classtype:trojan-activity; sid:37540561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 94.20.233.181 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.20.233.181"; classtype:trojan-activity; sid:37540571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 198.199.93.93 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.93.93"; classtype:trojan-activity; sid:37540581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 5.237.26.198 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.237.26.198"; classtype:trojan-activity; sid:37540591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 46.101.134.6 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.134.6"; classtype:trojan-activity; sid:37546551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 198.235.24.58 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.58"; classtype:trojan-activity; sid:37544851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 92.63.204.33 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.63.204.33"; classtype:trojan-activity; sid:37540601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 43.134.89.20 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.89.20"; classtype:trojan-activity; sid:37544861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 198.199.117.57 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.117.57"; classtype:trojan-activity; sid:37544871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 47.242.5.165 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.5.165"; classtype:trojan-activity; sid:37546561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 71.6.232.23 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.6.232.23"; classtype:trojan-activity; sid:37544881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 43.134.121.244 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.121.244"; classtype:trojan-activity; sid:37544891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 45.175.75.254 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.175.75.254"; classtype:trojan-activity; sid:37544901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 171.76.95.142 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.76.95.142"; classtype:trojan-activity; sid:37544911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert dns any any -> any any (msg: "MISP e26596 [] Domain mi-tarjetacencosuds.com.bhojpuriacademy.org"; dns.query; content:"mi-tarjetacencosuds.com.bhojpuriacademy.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosuds\.com\.bhojpuriacademy\.org$/i"; classtype:trojan-activity; sid:37485931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26596 [] Outgoing HTTP Domain mi-tarjetacencosuds.com.bhojpuriacademy.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosuds.com.bhojpuriacademy.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosuds\.com\.bhojpuriacademy\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37485932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26596;) alert ip 45.137.201.204 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.137.201.204"; classtype:trojan-activity; sid:37535171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 183.104.160.181 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.104.160.181"; classtype:trojan-activity; sid:37544921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 40.90.239.97 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 40.90.239.97"; classtype:trojan-activity; sid:37535181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 178.124.84.121 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.124.84.121"; classtype:trojan-activity; sid:37540611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 178.124.176.193 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.124.176.193"; classtype:trojan-activity; sid:37540621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 205.210.31.199 any -> $HOME_NET any (msg: "MISP e26777 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.199"; classtype:trojan-activity; sid:37544931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26777;) alert ip 193.242.195.21 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.242.195.21"; classtype:trojan-activity; sid:37540631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 203.161.35.127 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.161.35.127"; classtype:trojan-activity; sid:37540641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 82.200.198.122 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.200.198.122"; classtype:trojan-activity; sid:37540651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 52.14.84.44 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.14.84.44"; classtype:trojan-activity; sid:37540661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 95.57.232.24 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.57.232.24"; classtype:trojan-activity; sid:37540671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 46.101.143.249 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.143.249"; classtype:trojan-activity; sid:37546571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip 198.235.24.170 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.170"; classtype:trojan-activity; sid:37535191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 45.141.87.103 any -> $HOME_NET any (msg: "MISP e26734 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.141.87.103"; classtype:trojan-activity; sid:37535201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26734;) alert ip 103.108.4.18 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.108.4.18"; classtype:trojan-activity; sid:37540681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 182.178.200.219 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.178.200.219"; classtype:trojan-activity; sid:37540691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 185.177.0.230 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.177.0.230"; classtype:trojan-activity; sid:37540701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 217.218.35.97 any -> $HOME_NET any (msg: "MISP e26768 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.218.35.97"; classtype:trojan-activity; sid:37540711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26768;) alert ip 8.222.170.38 any -> $HOME_NET any (msg: "MISP e26791 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.170.38"; classtype:trojan-activity; sid:37546581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26791;) alert ip $HOME_NET any -> 173.211.81.11 443 (msg: "MISP e26671 [] Outgoing To IP: 173.211.81.11|443"; classtype:trojan-activity; sid:37550231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain followcache.com"; dns.query; content:"followcache.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])followcache\.com$/i"; classtype:trojan-activity; sid:37550241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain followcache.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"followcache.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])followcache\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain mary-cottage.gl.at.ply.gg"; dns.query; content:"mary-cottage.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])mary\-cottage\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37550251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain mary-cottage.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mary-cottage.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mary\-cottage\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 3.125.209.94 18563 (msg: "MISP e26671 [] Outgoing To IP: 3.125.209.94|18563"; classtype:trojan-activity; sid:37550261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26659 [] Source Email Address: tudogarcfdi5@167869126.t-sender-sib.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"tudogarcfdi5@167869126.t-sender-sib.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37492101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26659;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26659 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"comprobante_0089.xla|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37492121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26659;) alert ip 107.174.121.59 any -> $HOME_NET any (msg: "MISP e26659 [] Incoming From IP: 107.174.121.59"; classtype:trojan-activity; sid:37492131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26659;) alert dns any any -> any any (msg: "MISP e26659 [] Domain mail6.tankertelz.co"; dns.query; content:"mail6.tankertelz.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail6\.tankertelz\.co$/i"; classtype:trojan-activity; sid:37492141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26659;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26659 [] Outgoing HTTP Domain mail6.tankertelz.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail6.tankertelz.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail6\.tankertelz\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37492142; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26659;) alert dns any any -> any any (msg: "MISP e26686 [SocGholish] Domain followcache.com"; dns.query; content:"followcache.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])followcache\.com$/i"; classtype:trojan-activity; sid:37512781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26686 [SocGholish] Outgoing HTTP Domain followcache.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"followcache.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])followcache\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37512782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 173.211.81.11 443 (msg: "MISP e26686 [SocGholish] Outgoing To IP: 173.211.81.11|443"; classtype:trojan-activity; sid:37512791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert dns any any -> any any (msg: "MISP e26642 [] Domain estado.accesoclientes.info"; dns.query; content:"estado.accesoclientes.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info$/i"; classtype:trojan-activity; sid:37489801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26642;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26642 [] Outgoing HTTP Domain estado.accesoclientes.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado.accesoclientes.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37489802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26642;) alert ip $HOME_NET any -> 93.123.85.174 43957 (msg: "MISP e26671 [] Outgoing To IP: 93.123.85.174|43957"; classtype:trojan-activity; sid:37550271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 156.96.155.234 56999 (msg: "MISP e26671 [] Outgoing To IP: 156.96.155.234|56999"; classtype:trojan-activity; sid:37550281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26644 [] Domain estado.accesoclientes.info"; dns.query; content:"estado.accesoclientes.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info$/i"; classtype:trojan-activity; sid:37490021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26644;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26644 [] Outgoing HTTP Domain estado.accesoclientes.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado.accesoclientes.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37490022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26644;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26667 [] Source Email Address: denaroda@ugvcl.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"denaroda@ugvcl.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37493211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26667;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26667 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"Zimbra Web Client Sign In in.htm|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37493221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26667;) alert dns any any -> any any (msg: "MISP e26671 [] Domain gemcreedarticulateod.shop"; dns.query; content:"gemcreedarticulateod.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])gemcreedarticulateod\.shop$/i"; classtype:trojan-activity; sid:37550331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain gemcreedarticulateod.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gemcreedarticulateod.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gemcreedarticulateod\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain claimconcessionrebe.shop"; dns.query; content:"claimconcessionrebe.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])claimconcessionrebe\.shop$/i"; classtype:trojan-activity; sid:37550341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain claimconcessionrebe.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"claimconcessionrebe.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])claimconcessionrebe\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert dns any any -> any any (msg: "MISP e26671 [] Domain liabilityarrangemenyit.shop"; dns.query; content:"liabilityarrangemenyit.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])liabilityarrangemenyit\.shop$/i"; classtype:trojan-activity; sid:37550351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26671 [] Outgoing HTTP Domain liabilityarrangemenyit.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liabilityarrangemenyit.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liabilityarrangemenyit\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip 103.39.129.131 any -> $HOME_NET any (msg: "MISP e26667 [] Incoming From IP: 103.39.129.131"; classtype:trojan-activity; sid:37493241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26667;) alert dns any any -> any any (msg: "MISP e26667 [] Domain isms.ugvcl.com"; dns.query; content:"isms.ugvcl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])isms\.ugvcl\.com$/i"; classtype:trojan-activity; sid:37493251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26667;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26667 [] Outgoing HTTP Domain isms.ugvcl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"isms.ugvcl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])isms\.ugvcl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37493252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26667;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26688 [] Source Email Address: copycolor@copycolor.com.ar"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"copycolor@copycolor.com.ar"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37513001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26688;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26688 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"Facturas 0000051113, 005112,, 005113, 005114 000511353.xla|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37513021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26688;) alert ip 190.111.115.19 any -> $HOME_NET any (msg: "MISP e26688 [] Incoming From IP: 190.111.115.19"; classtype:trojan-activity; sid:37513031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26688;) alert dns any any -> any any (msg: "MISP e26688 [] Domain correo.transdatos.net.ar"; dns.query; content:"correo.transdatos.net.ar"; nocase; pcre: "/(^|[^A-Za-z0-9-])correo\.transdatos\.net\.ar$/i"; classtype:trojan-activity; sid:37513041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26688;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26688 [] Outgoing HTTP Domain correo.transdatos.net.ar"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correo.transdatos.net.ar"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correo\.transdatos\.net\.ar[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37513042; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26688;) alert ip $HOME_NET any -> 158.101.28.51 8778 (msg: "MISP e26686 [RedLineStealer] Outgoing To IP: 158.101.28.51|8778"; classtype:trojan-activity; sid:37512801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 158.101.28.51 8778 (msg: "MISP e26671 [] Outgoing To IP: 158.101.28.51|8778"; classtype:trojan-activity; sid:37550361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26671;) alert ip $HOME_NET any -> 103.77.243.159 4042 (msg: "MISP e26686 [RAT,RemcosRAT] Outgoing To IP: 103.77.243.159|4042"; classtype:trojan-activity; sid:37512831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 103.77.243.159 4042 (msg: "MISP e26857 [RAT,RemcosRAT,misp-galaxy:malpedia="Remcos"] Outgoing To IP: 103.77.243.159|4042"; classtype:trojan-activity; sid:37568251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 172.86.69.21 4042 (msg: "MISP e26686 [remcos] Outgoing To IP: 172.86.69.21|4042"; classtype:trojan-activity; sid:37512841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26686;) alert ip $HOME_NET any -> 172.86.69.21 4042 (msg: "MISP e26857 [remcos,misp-galaxy:malpedia="Remcos",misp:confidence-level="usually-confident"] Outgoing To IP: 172.86.69.21|4042"; classtype:trojan-activity; sid:37568261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26691 [dcrat] Outgoing URL http|3a|//miwekahb.beget.tech/l1nc0in.php"; flow:to_server,established; http.header; content:"miwekahb.beget.tech"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37513411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26857 [dcrat] Outgoing URL http|3a|//miwekahb.beget.tech/L1nc0In.php"; flow:to_server,established; http.header; content:"miwekahb.beget.tech"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37568281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 94.156.65.61 $HTTP_PORTS (msg: "MISP e26691 [Stealc] Outgoing URL http|3a|//94.156.65.61/129edec4272dc2c8.php"; flow:to_server,established; http.header; content:"94.156.65.61"; fast_pattern; nocase; http.uri; content:"/129edec4272dc2c8.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37513421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 94.156.65.61 $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//94.156.65.61/129edec4272dc2c8.php"; flow:to_server,established; http.header; content:"94.156.65.61"; fast_pattern; nocase; http.uri; content:"/129edec4272dc2c8.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37568291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26691 [Amadey] Outgoing URL http|3a|//cdn-analytic.com/bdjkb2xsd/index.php"; flow:to_server,established; http.header; content:"cdn-analytic.com"; fast_pattern; nocase; http.uri; content:"/bdjkb2xsd/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37513431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26857 [Amadey,misp-galaxy:malpedia="Amadey"] Outgoing URL http|3a|//cdn-analytic.com/bDjkb2xSd/index.php"; flow:to_server,established; http.header; content:"cdn-analytic.com"; fast_pattern; nocase; http.uri; content:"/bDjkb2xSd/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37568301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26691 [Amadey,ViriBack] Domain cdn-analytic.com"; dns.query; content:"cdn-analytic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-analytic\.com$/i"; classtype:trojan-activity; sid:37513441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [Amadey,ViriBack] Outgoing HTTP Domain cdn-analytic.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn-analytic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-analytic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37513442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert dns any any -> any any (msg: "MISP e26857 [Amadey,misp-galaxy:malpedia="Amadey",misp:confidence-level="fairly-confident"] Domain cdn-analytic.com"; dns.query; content:"cdn-analytic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-analytic\.com$/i"; classtype:trojan-activity; sid:37568311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [Amadey,misp-galaxy:malpedia="Amadey",misp:confidence-level="fairly-confident"] Outgoing HTTP Domain cdn-analytic.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn-analytic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-analytic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 185.147.34.93 55615 (msg: "MISP e26691 [RedLineStealer] Outgoing To IP: 185.147.34.93|55615"; classtype:trojan-activity; sid:37513451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 185.147.34.93 55615 (msg: "MISP e26857 [RedLineStealer] Outgoing To IP: 185.147.34.93|55615"; classtype:trojan-activity; sid:37568321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 37.27.36.6 80 (msg: "MISP e26691 [c2,Vidar] Outgoing To IP: 37.27.36.6|80"; classtype:trojan-activity; sid:37513461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 37.27.36.6 443 (msg: "MISP e26691 [c2,Vidar] Outgoing To IP: 37.27.36.6|443"; classtype:trojan-activity; sid:37513471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 193.233.132.216 8081 (msg: "MISP e26691 [c2,Risepro] Outgoing To IP: 193.233.132.216|8081"; classtype:trojan-activity; sid:37513481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 74.248.32.95 8081 (msg: "MISP e26691 [c2,Risepro] Outgoing To IP: 74.248.32.95|8081"; classtype:trojan-activity; sid:37513491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 187.135.83.6 1723 (msg: "MISP e26691 [c2,darkcomet] Outgoing To IP: 187.135.83.6|1723"; classtype:trojan-activity; sid:37513501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 187.135.83.6 1895 (msg: "MISP e26691 [c2,darkcomet] Outgoing To IP: 187.135.83.6|1895"; classtype:trojan-activity; sid:37513511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 185.196.8.37 10003 (msg: "MISP e26691 [c2,cobalt_strike] Outgoing To IP: 185.196.8.37|10003"; classtype:trojan-activity; sid:37513521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 80.66.75.53 50050 (msg: "MISP e26691 [c2,cobalt_strike] Outgoing To IP: 80.66.75.53|50050"; classtype:trojan-activity; sid:37513531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 3.136.160.122 20755 (msg: "MISP e26691 [c2,cobalt_strike] Outgoing To IP: 3.136.160.122|20755"; classtype:trojan-activity; sid:37513541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 47.99.93.124 50050 (msg: "MISP e26691 [c2,cobalt_strike] Outgoing To IP: 47.99.93.124|50050"; classtype:trojan-activity; sid:37513551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 110.42.209.75 50050 (msg: "MISP e26691 [c2,cobalt_strike] Outgoing To IP: 110.42.209.75|50050"; classtype:trojan-activity; sid:37513561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 123.57.193.197 50050 (msg: "MISP e26691 [c2,cobalt_strike] Outgoing To IP: 123.57.193.197|50050"; classtype:trojan-activity; sid:37513571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 159.89.209.22 2525 (msg: "MISP e26691 [c2,cobalt_strike] Outgoing To IP: 159.89.209.22|2525"; classtype:trojan-activity; sid:37513581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 159.89.209.22 2525 (msg: "MISP e26857 [] Outgoing To IP: 159.89.209.22|2525"; classtype:trojan-activity; sid:37568331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 123.57.193.197 50050 (msg: "MISP e26857 [] Outgoing To IP: 123.57.193.197|50050"; classtype:trojan-activity; sid:37568341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 110.42.209.75 50050 (msg: "MISP e26857 [] Outgoing To IP: 110.42.209.75|50050"; classtype:trojan-activity; sid:37568351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 47.99.93.124 50050 (msg: "MISP e26857 [] Outgoing To IP: 47.99.93.124|50050"; classtype:trojan-activity; sid:37568361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 3.136.160.122 20755 (msg: "MISP e26857 [] Outgoing To IP: 3.136.160.122|20755"; classtype:trojan-activity; sid:37568371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 80.66.75.53 50050 (msg: "MISP e26857 [] Outgoing To IP: 80.66.75.53|50050"; classtype:trojan-activity; sid:37568381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 185.196.8.37 10003 (msg: "MISP e26857 [] Outgoing To IP: 185.196.8.37|10003"; classtype:trojan-activity; sid:37568391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 187.135.83.6 1895 (msg: "MISP e26857 [] Outgoing To IP: 187.135.83.6|1895"; classtype:trojan-activity; sid:37568401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 187.135.83.6 1723 (msg: "MISP e26857 [] Outgoing To IP: 187.135.83.6|1723"; classtype:trojan-activity; sid:37568411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 74.248.32.95 8081 (msg: "MISP e26857 [] Outgoing To IP: 74.248.32.95|8081"; classtype:trojan-activity; sid:37568421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 193.233.132.216 8081 (msg: "MISP e26857 [] Outgoing To IP: 193.233.132.216|8081"; classtype:trojan-activity; sid:37568431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 37.27.36.6 443 (msg: "MISP e26857 [] Outgoing To IP: 37.27.36.6|443"; classtype:trojan-activity; sid:37568441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 37.27.36.6 80 (msg: "MISP e26857 [] Outgoing To IP: 37.27.36.6|80"; classtype:trojan-activity; sid:37568451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 171.233.98.70 18274 (msg: "MISP e26691 [asyncrat] Outgoing To IP: 171.233.98.70|18274"; classtype:trojan-activity; sid:37513591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 171.233.98.70 18274 (msg: "MISP e26857 [] Outgoing To IP: 171.233.98.70|18274"; classtype:trojan-activity; sid:37568461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26687 [] Domain mi-tarjetacencosud.cl.unleashyourgreatness.com"; dns.query; content:"mi-tarjetacencosud.cl.unleashyourgreatness.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\.cl\.unleashyourgreatness\.com$/i"; classtype:trojan-activity; sid:37512871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26687;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26687 [] Outgoing HTTP Domain mi-tarjetacencosud.cl.unleashyourgreatness.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud.cl.unleashyourgreatness.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\.cl\.unleashyourgreatness\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37512872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26687;) alert ip $HOME_NET any -> 141.98.168.167 9222 (msg: "MISP e26691 [RedLineStealer] Outgoing To IP: 141.98.168.167|9222"; classtype:trojan-activity; sid:37513601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 141.98.168.167 9222 (msg: "MISP e26857 [] Outgoing To IP: 141.98.168.167|9222"; classtype:trojan-activity; sid:37568471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26858 [] Outgoing URL http|3a|//vlnted-gb.aiuysy.info/getpayment/265854171"; flow:to_server,established; http.header; content:"vlnted-gb.aiuysy.info"; fast_pattern; nocase; http.uri; content:"/getpayment/265854171"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37571371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26858;) alert ip $HOME_NET any -> 156.96.155.234 56999 (msg: "MISP e26691 [] Outgoing To IP: 156.96.155.234|56999"; classtype:trojan-activity; sid:37513381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 93.123.85.174 43957 (msg: "MISP e26691 [moobot] Outgoing To IP: 93.123.85.174|43957"; classtype:trojan-activity; sid:37513391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 41.216.183.27 5034 (msg: "MISP e26691 [Mirai] Outgoing To IP: 41.216.183.27|5034"; classtype:trojan-activity; sid:37513611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 103.172.79.74 2807 (msg: "MISP e26691 [Mirai,moobot] Outgoing To IP: 103.172.79.74|2807"; classtype:trojan-activity; sid:37513621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert dns any any -> any any (msg: "MISP e26691 [Mirai,moobot] Domain bonet.networkbn.com"; dns.query; content:"bonet.networkbn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bonet\.networkbn\.com$/i"; classtype:trojan-activity; sid:37513631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [Mirai,moobot] Outgoing HTTP Domain bonet.networkbn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bonet.networkbn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bonet\.networkbn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37513632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 41.216.183.27 5034 (msg: "MISP e26857 [] Outgoing To IP: 41.216.183.27|5034"; classtype:trojan-activity; sid:37568481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 146.71.78.14 151 (msg: "MISP e26857 [] Outgoing To IP: 146.71.78.14|151"; classtype:trojan-activity; sid:37568491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain bonet.networkbn.com"; dns.query; content:"bonet.networkbn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bonet\.networkbn\.com$/i"; classtype:trojan-activity; sid:37568501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain bonet.networkbn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bonet.networkbn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bonet\.networkbn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 103.172.79.74 2807 (msg: "MISP e26857 [] Outgoing To IP: 103.172.79.74|2807"; classtype:trojan-activity; sid:37568511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27003 [] Source Email Address: arif_surti@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"arif_surti@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37761511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27003;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27003 [] Bad Email Subject"; flow:established,to_server; content:"Subject|3a|"; nocase; content:"PO NO 4500005181 RAJYOG ENTERPRISES"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37761521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27003;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27003 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"POQ-3042300F.lz|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37761531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27003;) alert ip 161.129.65.78 any -> $HOME_NET any (msg: "MISP e27003 [] Incoming From IP: 161.129.65.78"; classtype:trojan-activity; sid:37761541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27003;) alert ip $HOME_NET any -> 146.71.78.14 151 (msg: "MISP e26691 [Gafgyt] Outgoing To IP: 146.71.78.14|151"; classtype:trojan-activity; sid:37513641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 52.162.200.36 7443 (msg: "MISP e26691 [MICROSOFT-CORP-MSN-AS-BLOCK,Mythic] Outgoing To IP: 52.162.200.36|7443"; classtype:trojan-activity; sid:37513651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 88.214.25.240 7443 (msg: "MISP e26691 [HGCOMP-ASN,Mythic] Outgoing To IP: 88.214.25.240|7443"; classtype:trojan-activity; sid:37513661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 94.130.169.13 443 (msg: "MISP e26691 [Havoc,HETZNER-AS] Outgoing To IP: 94.130.169.13|443"; classtype:trojan-activity; sid:37513671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 23.88.118.173 443 (msg: "MISP e26691 [Havoc,HETZNER-AS] Outgoing To IP: 23.88.118.173|443"; classtype:trojan-activity; sid:37513681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 45.150.67.45 8081 (msg: "MISP e26691 [Havoc,STARK-INDUSTRIES] Outgoing To IP: 45.150.67.45|8081"; classtype:trojan-activity; sid:37513691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 2.50.137.96 995 (msg: "MISP e26691 [EMIRATES-INTERNET Emirates Internet,QakBot] Outgoing To IP: 2.50.137.96|995"; classtype:trojan-activity; sid:37513701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 89.137.186.176 443 (msg: "MISP e26691 [QakBot,VODAFONE_RO Charles de Gaulle nr.15] Outgoing To IP: 89.137.186.176|443"; classtype:trojan-activity; sid:37513711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 175.10.223.19 4432 (msg: "MISP e26691 [CHINANET-BACKBONE No.31Jin-rong Street,QakBot] Outgoing To IP: 175.10.223.19|4432"; classtype:trojan-activity; sid:37513721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 201.137.233.254 443 (msg: "MISP e26691 [QakBot,UNINET] Outgoing To IP: 201.137.233.254|443"; classtype:trojan-activity; sid:37513731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 216.137.233.159 443 (msg: "MISP e26691 [MTAONLINE-AS,QakBot] Outgoing To IP: 216.137.233.159|443"; classtype:trojan-activity; sid:37513741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 95.20.241.10 443 (msg: "MISP e26691 [QakBot,UNI2-AS] Outgoing To IP: 95.20.241.10|443"; classtype:trojan-activity; sid:37513751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 43.229.115.107 8888 (msg: "MISP e26691 [MOACKCOLTD-AS-AP MOACK.Co.LTD,Supershell] Outgoing To IP: 43.229.115.107|8888"; classtype:trojan-activity; sid:37513761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 43.229.115.109 8888 (msg: "MISP e26691 [MOACKCOLTD-AS-AP MOACK.Co.LTD,Supershell] Outgoing To IP: 43.229.115.109|8888"; classtype:trojan-activity; sid:37513771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 43.229.115.106 8888 (msg: "MISP e26691 [MOACKCOLTD-AS-AP MOACK.Co.LTD,Supershell] Outgoing To IP: 43.229.115.106|8888"; classtype:trojan-activity; sid:37513781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 43.229.115.106 8888 (msg: "MISP e26857 [] Outgoing To IP: 43.229.115.106|8888"; classtype:trojan-activity; sid:37568521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 43.229.115.109 8888 (msg: "MISP e26857 [] Outgoing To IP: 43.229.115.109|8888"; classtype:trojan-activity; sid:37568531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 43.229.115.107 8888 (msg: "MISP e26857 [] Outgoing To IP: 43.229.115.107|8888"; classtype:trojan-activity; sid:37568541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 95.20.241.10 443 (msg: "MISP e26857 [] Outgoing To IP: 95.20.241.10|443"; classtype:trojan-activity; sid:37568551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 216.137.233.159 443 (msg: "MISP e26857 [] Outgoing To IP: 216.137.233.159|443"; classtype:trojan-activity; sid:37568561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 201.137.233.254 443 (msg: "MISP e26857 [] Outgoing To IP: 201.137.233.254|443"; classtype:trojan-activity; sid:37568571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 175.10.223.19 4432 (msg: "MISP e26857 [] Outgoing To IP: 175.10.223.19|4432"; classtype:trojan-activity; sid:37568581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 89.137.186.176 443 (msg: "MISP e26857 [] Outgoing To IP: 89.137.186.176|443"; classtype:trojan-activity; sid:37568591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 2.50.137.96 995 (msg: "MISP e26857 [] Outgoing To IP: 2.50.137.96|995"; classtype:trojan-activity; sid:37568601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 45.150.67.45 8081 (msg: "MISP e26857 [] Outgoing To IP: 45.150.67.45|8081"; classtype:trojan-activity; sid:37568611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 23.88.118.173 443 (msg: "MISP e26857 [] Outgoing To IP: 23.88.118.173|443"; classtype:trojan-activity; sid:37568621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 94.130.169.13 443 (msg: "MISP e26857 [] Outgoing To IP: 94.130.169.13|443"; classtype:trojan-activity; sid:37568631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 88.214.25.240 7443 (msg: "MISP e26857 [] Outgoing To IP: 88.214.25.240|7443"; classtype:trojan-activity; sid:37568641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 52.162.200.36 7443 (msg: "MISP e26857 [] Outgoing To IP: 52.162.200.36|7443"; classtype:trojan-activity; sid:37568651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 104.218.236.114 $HTTP_PORTS (msg: "MISP e27001 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//104.218.236.114/winds/MOH.txt"; flow:to_server,established; http.header; content:"104.218.236.114"; fast_pattern; nocase; http.uri; content:"/winds/MOH.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37761231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27001;) alert dns any any -> any any (msg: "MISP e26790 [] Hostname vpm.elieta-gov-riga.net"; dns.query; content:"vpm.elieta-gov-riga.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vpm\.elieta\-gov\-riga\.net$/i"; classtype:trojan-activity; sid:37568241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Hostname vpm.elieta-gov-riga.net"; flow:to_server,established; http.header; content: "Host|3a| vpm.elieta-gov-riga.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vpm\.elieta\-gov\-riga\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert ip $HOME_NET any -> 194.169.175.233 3609 (msg: "MISP e26691 [Vjw0rm] Outgoing To IP: 194.169.175.233|3609"; classtype:trojan-activity; sid:37513791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 65.109.242.97 443 (msg: "MISP e26691 [Vidar] Outgoing To IP: 65.109.242.97|443"; classtype:trojan-activity; sid:37513821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 65.109.242.97 443 (msg: "MISP e26857 [] Outgoing To IP: 65.109.242.97|443"; classtype:trojan-activity; sid:37568661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 194.169.175.233 3609 (msg: "MISP e26857 [] Outgoing To IP: 194.169.175.233|3609"; classtype:trojan-activity; sid:37568691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 103.186.117.238 1941 (msg: "MISP e26691 [RAT,RemcosRAT] Outgoing To IP: 103.186.117.238|1941"; classtype:trojan-activity; sid:37513831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 103.186.117.238 1941 (msg: "MISP e26857 [] Outgoing To IP: 103.186.117.238|1941"; classtype:trojan-activity; sid:37568701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 103.186.117.77 1761 (msg: "MISP e26691 [RAT,RemcosRAT] Outgoing To IP: 103.186.117.77|1761"; classtype:trojan-activity; sid:37513871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 103.186.117.77 1761 (msg: "MISP e26857 [] Outgoing To IP: 103.186.117.77|1761"; classtype:trojan-activity; sid:37568741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 91.92.242.176 51480 (msg: "MISP e26691 [remcos] Outgoing To IP: 91.92.242.176|51480"; classtype:trojan-activity; sid:37513881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 91.92.242.176 51480 (msg: "MISP e26857 [] Outgoing To IP: 91.92.242.176|51480"; classtype:trojan-activity; sid:37568751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 185.172.128.145 $HTTP_PORTS (msg: "MISP e26691 [Stealc] Outgoing URL http|3a|//185.172.128.145/3cd2b41cbde8fc9c.php"; flow:to_server,established; http.header; content:"185.172.128.145"; fast_pattern; nocase; http.uri; content:"/3cd2b41cbde8fc9c.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37513891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 185.172.128.145 $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//185.172.128.145/3cd2b41cbde8fc9c.php"; flow:to_server,established; http.header; content:"185.172.128.145"; fast_pattern; nocase; http.uri; content:"/3cd2b41cbde8fc9c.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37568761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26731 [] Domain preachers.top"; dns.query; content:"preachers.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])preachers\.top$/i"; classtype:trojan-activity; sid:37534801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26731;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26731 [] Outgoing HTTP Domain preachers.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"preachers.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])preachers\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37534802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26731;) alert ip $HOME_NET any -> 81.19.138.57 443 (msg: "MISP e26691 [Alviva Holding Limited,CobaltStrike,cs-watermark-1580103824] Outgoing To IP: 81.19.138.57|443"; classtype:trojan-activity; sid:37513911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip 74.48.81.180 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.81.180"; classtype:trojan-activity; sid:37516111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.200.213 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.200.213"; classtype:trojan-activity; sid:37516121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.58.154 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.58.154"; classtype:trojan-activity; sid:37516131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 65.124.57.254 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.124.57.254"; classtype:trojan-activity; sid:37516141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.58.8 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.58.8"; classtype:trojan-activity; sid:37516151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 79.10.24.181 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.10.24.181"; classtype:trojan-activity; sid:37516161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 201.69.177.235 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.69.177.235"; classtype:trojan-activity; sid:37516171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.231.209 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.231.209"; classtype:trojan-activity; sid:37516181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.39.94 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.39.94"; classtype:trojan-activity; sid:37516191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.138.58.133 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.58.133"; classtype:trojan-activity; sid:37516201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.245.222 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.245.222"; classtype:trojan-activity; sid:37516211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.28.105.101 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.105.101"; classtype:trojan-activity; sid:37516221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.150.124.205 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.150.124.205"; classtype:trojan-activity; sid:37516231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.39.85 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.39.85"; classtype:trojan-activity; sid:37516241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 198.12.92.218 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.12.92.218"; classtype:trojan-activity; sid:37516251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.196.17 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.196.17"; classtype:trojan-activity; sid:37516261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.180.207 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.180.207"; classtype:trojan-activity; sid:37516271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.255.209.48 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.255.209.48"; classtype:trojan-activity; sid:37516281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.172.63.13 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.63.13"; classtype:trojan-activity; sid:37516291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.139.169.119 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.169.119"; classtype:trojan-activity; sid:37516301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.200.19 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.200.19"; classtype:trojan-activity; sid:37516311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.126.3.175 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.3.175"; classtype:trojan-activity; sid:37516321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.225.205.189 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.225.205.189"; classtype:trojan-activity; sid:37516331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.195.51 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.195.51"; classtype:trojan-activity; sid:37516341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 221.194.144.142 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.194.144.142"; classtype:trojan-activity; sid:37516351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.213.53 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.213.53"; classtype:trojan-activity; sid:37516361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.203.153 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.203.153"; classtype:trojan-activity; sid:37516371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.175.142.111 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.175.142.111"; classtype:trojan-activity; sid:37516381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.146.226 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.146.226"; classtype:trojan-activity; sid:37516391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.67.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.67.74"; classtype:trojan-activity; sid:37516401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.61.215 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.61.215"; classtype:trojan-activity; sid:37516411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.175.79 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.175.79"; classtype:trojan-activity; sid:37516421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.241.172 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.241.172"; classtype:trojan-activity; sid:37516431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.28.156.175 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.156.175"; classtype:trojan-activity; sid:37516441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.21.66 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.21.66"; classtype:trojan-activity; sid:37516451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.110.88 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.110.88"; classtype:trojan-activity; sid:37516461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.28.114.174 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.114.174"; classtype:trojan-activity; sid:37516471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 154.221.27.76 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.221.27.76"; classtype:trojan-activity; sid:37516481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.195.202.231 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.195.202.231"; classtype:trojan-activity; sid:37516491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.45.95.240 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.95.240"; classtype:trojan-activity; sid:37516501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.204.208 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.204.208"; classtype:trojan-activity; sid:37516511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 159.223.41.28 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.41.28"; classtype:trojan-activity; sid:37516521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 61.171.48.28 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.171.48.28"; classtype:trojan-activity; sid:37516531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.210.203 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.210.203"; classtype:trojan-activity; sid:37516541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.231.168 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.231.168"; classtype:trojan-activity; sid:37516551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.45.115.87 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.115.87"; classtype:trojan-activity; sid:37516561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.152.67.33 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.152.67.33"; classtype:trojan-activity; sid:37516571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.200.129 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.200.129"; classtype:trojan-activity; sid:37516581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 191.54.217.185 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.54.217.185"; classtype:trojan-activity; sid:37516591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 110.235.219.25 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.235.219.25"; classtype:trojan-activity; sid:37516601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 138.2.31.179 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.2.31.179"; classtype:trojan-activity; sid:37516611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.59.213 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.59.213"; classtype:trojan-activity; sid:37516621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.121.72 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.121.72"; classtype:trojan-activity; sid:37516631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 146.235.59.55 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.235.59.55"; classtype:trojan-activity; sid:37516641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.209.101 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.209.101"; classtype:trojan-activity; sid:37516651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 159.223.13.196 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.13.196"; classtype:trojan-activity; sid:37516661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 202.157.186.116 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.186.116"; classtype:trojan-activity; sid:37516671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert dns any any -> any any (msg: "MISP e26691 [CobaltStrike,cs-watermark-987654321,LUCID-AS-AP LUCIDACLOUD LIMITED] Domain service-3rca94g4-1319979259.hk.tencentapigw.cn"; dns.query; content:"service-3rca94g4-1319979259.hk.tencentapigw.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-3rca94g4\-1319979259\.hk\.tencentapigw\.cn$/i"; classtype:trojan-activity; sid:37513931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [CobaltStrike,cs-watermark-987654321,LUCID-AS-AP LUCIDACLOUD LIMITED] Outgoing HTTP Domain service-3rca94g4-1319979259.hk.tencentapigw.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-3rca94g4-1319979259.hk.tencentapigw.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-3rca94g4\-1319979259\.hk\.tencentapigw\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37513932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 45.152.66.91 443 (msg: "MISP e26691 [CobaltStrike,cs-watermark-987654321,LUCID-AS-AP LUCIDACLOUD LIMITED] Outgoing To IP: 45.152.66.91|443"; classtype:trojan-activity; sid:37513941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip 43.163.243.57 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.243.57"; classtype:trojan-activity; sid:37516681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 68.183.85.49 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.85.49"; classtype:trojan-activity; sid:37516691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.53.144 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.53.144"; classtype:trojan-activity; sid:37516701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.51.76.154 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.51.76.154"; classtype:trojan-activity; sid:37516711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.146.149 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.146.149"; classtype:trojan-activity; sid:37516721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 222.121.250.116 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.121.250.116"; classtype:trojan-activity; sid:37516731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 38.7.199.52 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.199.52"; classtype:trojan-activity; sid:37516741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 194.163.132.65 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.163.132.65"; classtype:trojan-activity; sid:37516751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.182.127 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.182.127"; classtype:trojan-activity; sid:37516761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.48.150 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.48.150"; classtype:trojan-activity; sid:37516771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert http $HOME_NET any -> 81.19.138.57 $HTTP_PORTS (msg: "MISP e26691 [Alviva Holding Limited,CobaltStrike,cs-watermark-1580103824] Outgoing URL http|3a|//81.19.138.57/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"81.19.138.57"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37513951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 81.19.138.57 80 (msg: "MISP e26691 [Alviva Holding Limited,CobaltStrike,cs-watermark-1580103824] Outgoing To IP: 81.19.138.57|80"; classtype:trojan-activity; sid:37513961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip 101.173.10.114 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.173.10.114"; classtype:trojan-activity; sid:37516781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.203.125 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.203.125"; classtype:trojan-activity; sid:37516791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.95.196 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.95.196"; classtype:trojan-activity; sid:37516801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 106.63.7.92 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.63.7.92"; classtype:trojan-activity; sid:37516811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.79.186 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.79.186"; classtype:trojan-activity; sid:37516821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.223.17.33 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.17.33"; classtype:trojan-activity; sid:37516831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 51.77.116.35 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.77.116.35"; classtype:trojan-activity; sid:37516841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.134.23.100 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.134.23.100"; classtype:trojan-activity; sid:37516851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.105.44 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.105.44"; classtype:trojan-activity; sid:37516861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.140.168.34 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.140.168.34"; classtype:trojan-activity; sid:37516871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.245.123 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.245.123"; classtype:trojan-activity; sid:37516881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.232.128.183 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.128.183"; classtype:trojan-activity; sid:37516891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.196.82 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.196.82"; classtype:trojan-activity; sid:37516901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.163.234 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.163.234"; classtype:trojan-activity; sid:37516911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 175.178.214.137 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.214.137"; classtype:trojan-activity; sid:37516921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.164.159 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.164.159"; classtype:trojan-activity; sid:37516931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.56.148.238 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.56.148.238"; classtype:trojan-activity; sid:37516941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.123.238.14 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.123.238.14"; classtype:trojan-activity; sid:37516951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.220.56 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.220.56"; classtype:trojan-activity; sid:37516961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.10.233 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.10.233"; classtype:trojan-activity; sid:37516971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.63.170 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.63.170"; classtype:trojan-activity; sid:37516981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.73.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.73.74"; classtype:trojan-activity; sid:37516991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 162.62.62.94 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.62.94"; classtype:trojan-activity; sid:37517001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.232.197 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.232.197"; classtype:trojan-activity; sid:37517011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.210.224 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.210.224"; classtype:trojan-activity; sid:37517021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 132.232.109.12 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.232.109.12"; classtype:trojan-activity; sid:37517031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.199.47 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.199.47"; classtype:trojan-activity; sid:37517041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.180.160 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.180.160"; classtype:trojan-activity; sid:37517051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 162.62.126.85 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.126.85"; classtype:trojan-activity; sid:37517061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 1.14.93.109 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.93.109"; classtype:trojan-activity; sid:37517071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.96.119 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.96.119"; classtype:trojan-activity; sid:37517081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.3.225 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.3.225"; classtype:trojan-activity; sid:37517091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 14.19.163.130 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.19.163.130"; classtype:trojan-activity; sid:37517101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.214.248 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.214.248"; classtype:trojan-activity; sid:37517111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.173.179.195 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.179.195"; classtype:trojan-activity; sid:37517121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 96.77.25.60 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.77.25.60"; classtype:trojan-activity; sid:37517131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.142.73.238 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.73.238"; classtype:trojan-activity; sid:37517141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.138.32.16 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.32.16"; classtype:trojan-activity; sid:37517151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.206.84 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.84"; classtype:trojan-activity; sid:37517161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.114.214 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.114.214"; classtype:trojan-activity; sid:37517171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 111.229.131.112 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.131.112"; classtype:trojan-activity; sid:37517181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 81.68.247.148 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.247.148"; classtype:trojan-activity; sid:37517191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.28.119.81 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.119.81"; classtype:trojan-activity; sid:37517201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 61.80.237.204 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.80.237.204"; classtype:trojan-activity; sid:37517211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.173.180.54 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.180.54"; classtype:trojan-activity; sid:37517221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.184.122.124 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.184.122.124"; classtype:trojan-activity; sid:37517231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 186.57.186.216 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.57.186.216"; classtype:trojan-activity; sid:37517241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.12.196 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.12.196"; classtype:trojan-activity; sid:37517251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.248.225 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.248.225"; classtype:trojan-activity; sid:37517261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 175.178.41.8 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.41.8"; classtype:trojan-activity; sid:37517271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.68.211 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.68.211"; classtype:trojan-activity; sid:37517281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 51.159.17.182 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.159.17.182"; classtype:trojan-activity; sid:37517291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.97.125.49 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.97.125.49"; classtype:trojan-activity; sid:37517301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.116.111 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.116.111"; classtype:trojan-activity; sid:37517311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 117.72.9.0 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.9.0"; classtype:trojan-activity; sid:37517321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 121.4.195.168 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.195.168"; classtype:trojan-activity; sid:37517331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.130.215.191 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.215.191"; classtype:trojan-activity; sid:37517341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 179.1.85.122 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.1.85.122"; classtype:trojan-activity; sid:37517351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 80.253.31.232 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.253.31.232"; classtype:trojan-activity; sid:37517361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.226.92 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.226.92"; classtype:trojan-activity; sid:37517371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.23.186 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.23.186"; classtype:trojan-activity; sid:37517381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.43.102 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.43.102"; classtype:trojan-activity; sid:37517391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.7.226.128 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.7.226.128"; classtype:trojan-activity; sid:37517401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 114.132.163.171 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.163.171"; classtype:trojan-activity; sid:37517411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.221.219.243 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.219.243"; classtype:trojan-activity; sid:37517421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.39.141 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.39.141"; classtype:trojan-activity; sid:37517431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.234.40.20 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.40.20"; classtype:trojan-activity; sid:37517441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 162.62.225.170 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.225.170"; classtype:trojan-activity; sid:37517451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.32.114.105 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.114.105"; classtype:trojan-activity; sid:37517461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 217.144.107.189 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.144.107.189"; classtype:trojan-activity; sid:37517471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 220.180.112.208 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.180.112.208"; classtype:trojan-activity; sid:37517481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.213.225 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.213.225"; classtype:trojan-activity; sid:37517491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 34.78.45.146 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.78.45.146"; classtype:trojan-activity; sid:37517501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 211.149.134.45 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.149.134.45"; classtype:trojan-activity; sid:37517511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.224.167 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.224.167"; classtype:trojan-activity; sid:37517521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 8.219.236.45 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.219.236.45"; classtype:trojan-activity; sid:37517531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 122.54.18.220 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.54.18.220"; classtype:trojan-activity; sid:37517541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.153.103 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.153.103"; classtype:trojan-activity; sid:37517551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.142.254 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.142.254"; classtype:trojan-activity; sid:37517561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.185.228 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.185.228"; classtype:trojan-activity; sid:37517571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 186.23.39.251 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.23.39.251"; classtype:trojan-activity; sid:37517581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.212.186 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.212.186"; classtype:trojan-activity; sid:37517591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.106.178.249 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.178.249"; classtype:trojan-activity; sid:37517601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.86.209.54 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.86.209.54"; classtype:trojan-activity; sid:37517611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 202.157.177.213 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.177.213"; classtype:trojan-activity; sid:37517621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.239.150.227 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.239.150.227"; classtype:trojan-activity; sid:37517631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.238.70 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.238.70"; classtype:trojan-activity; sid:37517641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.245.206 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.245.206"; classtype:trojan-activity; sid:37517651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 120.92.33.108 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.92.33.108"; classtype:trojan-activity; sid:37517661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 206.189.81.229 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.81.229"; classtype:trojan-activity; sid:37517671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 205.185.123.214 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.185.123.214"; classtype:trojan-activity; sid:37517681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 1.12.49.106 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.49.106"; classtype:trojan-activity; sid:37517691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.197.225 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.197.225"; classtype:trojan-activity; sid:37517701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.176.50 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.176.50"; classtype:trojan-activity; sid:37517711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 222.211.70.48 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.211.70.48"; classtype:trojan-activity; sid:37517721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 146.59.93.12 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.59.93.12"; classtype:trojan-activity; sid:37517731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 191.243.58.235 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance] Incoming From IP: 191.243.58.235"; classtype:trojan-activity; sid:37517741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.56.214 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.56.214"; classtype:trojan-activity; sid:37517751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 221.216.7.58 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.216.7.58"; classtype:trojan-activity; sid:37517761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 223.194.105.146 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.194.105.146"; classtype:trojan-activity; sid:37517771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 64.225.97.106 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.225.97.106"; classtype:trojan-activity; sid:37517781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.127.46 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.127.46"; classtype:trojan-activity; sid:37517791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.11.155 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.11.155"; classtype:trojan-activity; sid:37517801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 162.62.133.248 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.133.248"; classtype:trojan-activity; sid:37517811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.96.15 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.96.15"; classtype:trojan-activity; sid:37517821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.105.251 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.105.251"; classtype:trojan-activity; sid:37517831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.55.112 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.55.112"; classtype:trojan-activity; sid:37517841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.221.189.36 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.189.36"; classtype:trojan-activity; sid:37517851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 109.123.236.91 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.123.236.91"; classtype:trojan-activity; sid:37517861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 152.32.253.207 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.253.207"; classtype:trojan-activity; sid:37517871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip $HOME_NET any -> 81.19.138.57 80 (msg: "MISP e26857 [] Outgoing To IP: 81.19.138.57|80"; classtype:trojan-activity; sid:37568771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 81.19.138.57 $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//81.19.138.57/IE9CompatViewList.xml"; flow:to_server,established; http.header; content:"81.19.138.57"; fast_pattern; nocase; http.uri; content:"/IE9CompatViewList.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37568781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain service-3rca94g4-1319979259.hk.tencentapigw.cn"; dns.query; content:"service-3rca94g4-1319979259.hk.tencentapigw.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-3rca94g4\-1319979259\.hk\.tencentapigw\.cn$/i"; classtype:trojan-activity; sid:37568791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain service-3rca94g4-1319979259.hk.tencentapigw.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-3rca94g4-1319979259.hk.tencentapigw.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-3rca94g4\-1319979259\.hk\.tencentapigw\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 45.152.66.91 443 (msg: "MISP e26857 [] Outgoing To IP: 45.152.66.91|443"; classtype:trojan-activity; sid:37568801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 81.19.138.57 443 (msg: "MISP e26857 [] Outgoing To IP: 81.19.138.57|443"; classtype:trojan-activity; sid:37568821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 91.92.240.138 2023 (msg: "MISP e26857 [] Outgoing To IP: 91.92.240.138|2023"; classtype:trojan-activity; sid:37568841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip 70.51.160.98 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 70.51.160.98"; classtype:trojan-activity; sid:37517881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.196.20 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.196.20"; classtype:trojan-activity; sid:37517891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.212.215 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.212.215"; classtype:trojan-activity; sid:37517901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.106.115.217 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.115.217"; classtype:trojan-activity; sid:37517911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.4.110 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.4.110"; classtype:trojan-activity; sid:37517921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.70.129 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.70.129"; classtype:trojan-activity; sid:37517931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.232.244.122 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.232.244.122"; classtype:trojan-activity; sid:37517941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.32.105 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.32.105"; classtype:trojan-activity; sid:37517951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.197.174 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.197.174"; classtype:trojan-activity; sid:37517961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 106.55.195.50 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.195.50"; classtype:trojan-activity; sid:37517971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.224.75 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.224.75"; classtype:trojan-activity; sid:37517981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 144.22.50.217 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.22.50.217"; classtype:trojan-activity; sid:37517991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.207.166 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.207.166"; classtype:trojan-activity; sid:37518001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.43.160.129 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.160.129"; classtype:trojan-activity; sid:37518011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 113.104.165.4 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.104.165.4"; classtype:trojan-activity; sid:37518021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.135.164.42 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.164.42"; classtype:trojan-activity; sid:37518031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 203.176.92.30 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.176.92.30"; classtype:trojan-activity; sid:37518041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 175.178.69.85 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.69.85"; classtype:trojan-activity; sid:37518051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 223.240.92.213 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.240.92.213"; classtype:trojan-activity; sid:37518061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.40.95 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.40.95"; classtype:trojan-activity; sid:37518071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 118.195.244.142 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.244.142"; classtype:trojan-activity; sid:37518081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 62.210.27.104 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.210.27.104"; classtype:trojan-activity; sid:37518091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.90.243 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.90.243"; classtype:trojan-activity; sid:37518101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.139.242.86 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.242.86"; classtype:trojan-activity; sid:37518111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.211.65 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.211.65"; classtype:trojan-activity; sid:37518121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 1.116.57.91 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.116.57.91"; classtype:trojan-activity; sid:37518131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.11.250 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.11.250"; classtype:trojan-activity; sid:37518141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 79.21.172.230 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.21.172.230"; classtype:trojan-activity; sid:37518151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 156.245.5.12 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.245.5.12"; classtype:trojan-activity; sid:37518161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.9.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.9.178"; classtype:trojan-activity; sid:37518171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 193.142.146.165 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.142.146.165"; classtype:trojan-activity; sid:37518181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 178.128.103.149 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.103.149"; classtype:trojan-activity; sid:37518191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.156.110 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.156.110"; classtype:trojan-activity; sid:37518201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.184.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.184.74"; classtype:trojan-activity; sid:37518211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 146.190.148.179 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.148.179"; classtype:trojan-activity; sid:37518221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 23.94.214.145 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.214.145"; classtype:trojan-activity; sid:37518231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 154.221.17.149 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.221.17.149"; classtype:trojan-activity; sid:37518241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.198.44.205 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.198.44.205"; classtype:trojan-activity; sid:37518251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.178.123 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.178.123"; classtype:trojan-activity; sid:37518261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 181.78.77.73 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.78.77.73"; classtype:trojan-activity; sid:37518271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 198.12.65.162 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.12.65.162"; classtype:trojan-activity; sid:37518281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.198.246 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.198.246"; classtype:trojan-activity; sid:37518291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.34.131.70 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.131.70"; classtype:trojan-activity; sid:37518301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.123.175.240 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.123.175.240"; classtype:trojan-activity; sid:37518311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 219.144.68.44 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.144.68.44"; classtype:trojan-activity; sid:37518321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.202.252 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.202.252"; classtype:trojan-activity; sid:37518331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 181.90.204.204 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.90.204.204"; classtype:trojan-activity; sid:37518341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 132.148.73.98 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.148.73.98"; classtype:trojan-activity; sid:37518351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.154.61.94 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.61.94"; classtype:trojan-activity; sid:37518361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 194.152.214.16 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.152.214.16"; classtype:trojan-activity; sid:37518371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.135.160.153 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.160.153"; classtype:trojan-activity; sid:37518381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 143.110.224.97 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.224.97"; classtype:trojan-activity; sid:37518391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.48.222 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.48.222"; classtype:trojan-activity; sid:37518401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 47.236.113.37 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.113.37"; classtype:trojan-activity; sid:37518411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.221.98.177 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.98.177"; classtype:trojan-activity; sid:37518421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 200.60.12.163 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.60.12.163"; classtype:trojan-activity; sid:37518431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.97.125.100 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.97.125.100"; classtype:trojan-activity; sid:37518441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 183.131.33.91 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.131.33.91"; classtype:trojan-activity; sid:37518451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.43.35.70 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.35.70"; classtype:trojan-activity; sid:37518461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.168.19.66 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.168.19.66"; classtype:trojan-activity; sid:37518471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.93.69 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.93.69"; classtype:trojan-activity; sid:37518481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 159.89.169.100 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.169.100"; classtype:trojan-activity; sid:37518491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.89.127 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.89.127"; classtype:trojan-activity; sid:37518501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.186.38 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.186.38"; classtype:trojan-activity; sid:37518511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.27.119 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.27.119"; classtype:trojan-activity; sid:37518521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.28.99 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.28.99"; classtype:trojan-activity; sid:37518531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.248.10.11 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.10.11"; classtype:trojan-activity; sid:37518541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 164.92.102.208 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.102.208"; classtype:trojan-activity; sid:37518551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 218.60.0.210 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.60.0.210"; classtype:trojan-activity; sid:37518561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.42.231 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.42.231"; classtype:trojan-activity; sid:37518571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 222.186.141.168 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.186.141.168"; classtype:trojan-activity; sid:37518581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.174.71.22 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.71.22"; classtype:trojan-activity; sid:37518591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.53.119 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.53.119"; classtype:trojan-activity; sid:37518601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.109.251 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.109.251"; classtype:trojan-activity; sid:37518611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 125.124.183.158 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.124.183.158"; classtype:trojan-activity; sid:37518621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 178.62.193.169 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.193.169"; classtype:trojan-activity; sid:37518631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 191.100.25.45 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.100.25.45"; classtype:trojan-activity; sid:37518641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 180.97.195.35 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.97.195.35"; classtype:trojan-activity; sid:37518651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.210.233 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.210.233"; classtype:trojan-activity; sid:37518661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.222.182 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.222.182"; classtype:trojan-activity; sid:37518671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 186.121.205.29 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.121.205.29"; classtype:trojan-activity; sid:37518681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 138.121.65.158 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.121.65.158"; classtype:trojan-activity; sid:37518691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 13.233.161.64 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.233.161.64"; classtype:trojan-activity; sid:37518701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.96.205 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.96.205"; classtype:trojan-activity; sid:37518711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.122.54 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.122.54"; classtype:trojan-activity; sid:37518721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.177.56 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.177.56"; classtype:trojan-activity; sid:37518731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.130.44.53 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.44.53"; classtype:trojan-activity; sid:37518741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.96.73.135 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.96.73.135"; classtype:trojan-activity; sid:37518751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.193.173 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.193.173"; classtype:trojan-activity; sid:37518761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.223.78.24 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.78.24"; classtype:trojan-activity; sid:37518771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 181.188.159.138 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.188.159.138"; classtype:trojan-activity; sid:37518781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.173.162 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.173.162"; classtype:trojan-activity; sid:37518791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.234.53.183 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.234.53.183"; classtype:trojan-activity; sid:37518801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.175.246.218 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.175.246.218"; classtype:trojan-activity; sid:37518811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.94.241 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.94.241"; classtype:trojan-activity; sid:37518821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 180.101.40.34 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.40.34"; classtype:trojan-activity; sid:37518831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.107.58 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.107.58"; classtype:trojan-activity; sid:37518841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.65.101 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.65.101"; classtype:trojan-activity; sid:37518851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.222.208.121 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.208.121"; classtype:trojan-activity; sid:37518861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.18.37 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.18.37"; classtype:trojan-activity; sid:37518871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 123.200.17.60 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.200.17.60"; classtype:trojan-activity; sid:37518881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.204.227 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.204.227"; classtype:trojan-activity; sid:37518891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 125.124.66.34 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.124.66.34"; classtype:trojan-activity; sid:37518901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.67.231 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.67.231"; classtype:trojan-activity; sid:37518911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.27.22 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.27.22"; classtype:trojan-activity; sid:37518921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.153.186 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.153.186"; classtype:trojan-activity; sid:37518931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.114.197 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.114.197"; classtype:trojan-activity; sid:37518941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.35.232.12 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.232.12"; classtype:trojan-activity; sid:37518951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.146.189.13 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.146.189.13"; classtype:trojan-activity; sid:37518961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.163.139.82 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.163.139.82"; classtype:trojan-activity; sid:37518971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.219.137 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.219.137"; classtype:trojan-activity; sid:37518981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.72.107 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.72.107"; classtype:trojan-activity; sid:37518991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.36.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.36.74"; classtype:trojan-activity; sid:37519001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 35.134.12.81 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.134.12.81"; classtype:trojan-activity; sid:37519011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.178.47 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.178.47"; classtype:trojan-activity; sid:37519021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.194.235 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.194.235"; classtype:trojan-activity; sid:37519031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.19.40 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.19.40"; classtype:trojan-activity; sid:37519041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 114.132.186.4 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.186.4"; classtype:trojan-activity; sid:37519051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 117.72.14.49 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.14.49"; classtype:trojan-activity; sid:37519061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.221.215.20 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.215.20"; classtype:trojan-activity; sid:37519071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 182.43.163.99 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.43.163.99"; classtype:trojan-activity; sid:37519081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.233.41.75 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.233.41.75"; classtype:trojan-activity; sid:37519091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.32.167.180 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.167.180"; classtype:trojan-activity; sid:37519101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.22.114 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.22.114"; classtype:trojan-activity; sid:37519111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 140.246.225.169 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.246.225.169"; classtype:trojan-activity; sid:37519121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.234.125.168 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.125.168"; classtype:trojan-activity; sid:37519131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.43.226.18 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.226.18"; classtype:trojan-activity; sid:37519141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.144.191 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.144.191"; classtype:trojan-activity; sid:37519151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.205.252 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.205.252"; classtype:trojan-activity; sid:37519161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 157.254.21.27 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.254.21.27"; classtype:trojan-activity; sid:37519171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 5.189.137.169 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.189.137.169"; classtype:trojan-activity; sid:37519181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.196.110 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.196.110"; classtype:trojan-activity; sid:37519191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.197.192 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.197.192"; classtype:trojan-activity; sid:37519201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.199.124 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.199.124"; classtype:trojan-activity; sid:37519211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.196.39 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.196.39"; classtype:trojan-activity; sid:37519221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.66.239 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.66.239"; classtype:trojan-activity; sid:37519231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.186.174 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.186.174"; classtype:trojan-activity; sid:37519241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.144.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.144.178"; classtype:trojan-activity; sid:37519251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing URL yournutrientsolutions.com/public/XA.zip"; flow:to_server,established; http.uri; content:"yournutrientsolutions.com/public/XA.zip"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37571761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip 46.18.107.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.18.107.74"; classtype:trojan-activity; sid:37519261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 42.193.14.203 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.14.203"; classtype:trojan-activity; sid:37519271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.205.191 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.205.191"; classtype:trojan-activity; sid:37519281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 46.5.230.122 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.5.230.122"; classtype:trojan-activity; sid:37519291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 102.217.123.243 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.217.123.243"; classtype:trojan-activity; sid:37519301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.199.62 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.199.62"; classtype:trojan-activity; sid:37519311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 35.240.125.103 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.240.125.103"; classtype:trojan-activity; sid:37519321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.244.242 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.244.242"; classtype:trojan-activity; sid:37519331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.163.131 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.163.131"; classtype:trojan-activity; sid:37519341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.22.166 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.22.166"; classtype:trojan-activity; sid:37519351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 165.154.0.66 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.0.66"; classtype:trojan-activity; sid:37519361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.136.245.144 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.245.144"; classtype:trojan-activity; sid:37519371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.106.65.5 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.65.5"; classtype:trojan-activity; sid:37519381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.216.46 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.216.46"; classtype:trojan-activity; sid:37519391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.57.90 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.57.90"; classtype:trojan-activity; sid:37519401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.238.55 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.238.55"; classtype:trojan-activity; sid:37519411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.92.47 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.92.47"; classtype:trojan-activity; sid:37519421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.118.30 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.118.30"; classtype:trojan-activity; sid:37519431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.222.85 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.222.85"; classtype:trojan-activity; sid:37519441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.163.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.163.74"; classtype:trojan-activity; sid:37519451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.94.187 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.94.187"; classtype:trojan-activity; sid:37519461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 80.158.76.235 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.158.76.235"; classtype:trojan-activity; sid:37519471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 8.222.132.155 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.132.155"; classtype:trojan-activity; sid:37519481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.95.210 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.95.210"; classtype:trojan-activity; sid:37519491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 35.187.16.69 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.187.16.69"; classtype:trojan-activity; sid:37519501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.76.228 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.76.228"; classtype:trojan-activity; sid:37519511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 93.93.119.241 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.93.119.241"; classtype:trojan-activity; sid:37519521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 117.50.187.144 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.187.144"; classtype:trojan-activity; sid:37519531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.145.176 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.145.176"; classtype:trojan-activity; sid:37519541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.161.182 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.161.182"; classtype:trojan-activity; sid:37519551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.116.239 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.116.239"; classtype:trojan-activity; sid:37519561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.247.39 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.247.39"; classtype:trojan-activity; sid:37519571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.173.10.3 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.10.3"; classtype:trojan-activity; sid:37519581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 201.3.87.206 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.3.87.206"; classtype:trojan-activity; sid:37519591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 80.248.59.138 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.248.59.138"; classtype:trojan-activity; sid:37519601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.230.45 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.230.45"; classtype:trojan-activity; sid:37519611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.220.126 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.220.126"; classtype:trojan-activity; sid:37519621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 164.90.132.241 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.132.241"; classtype:trojan-activity; sid:37519631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 159.203.2.142 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.2.142"; classtype:trojan-activity; sid:37519641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.130.212.167 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.212.167"; classtype:trojan-activity; sid:37519651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.205.189 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.205.189"; classtype:trojan-activity; sid:37519661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.51.146 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.51.146"; classtype:trojan-activity; sid:37519671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.130.1.192 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.1.192"; classtype:trojan-activity; sid:37519681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.148 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.148"; classtype:trojan-activity; sid:37519691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 121.4.23.253 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.23.253"; classtype:trojan-activity; sid:37519701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.232.73.84 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.232.73.84"; classtype:trojan-activity; sid:37519711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.137 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.137"; classtype:trojan-activity; sid:37519721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.22.64.26 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.22.64.26"; classtype:trojan-activity; sid:37519731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.16.223 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.16.223"; classtype:trojan-activity; sid:37519741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.130 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.130"; classtype:trojan-activity; sid:37519751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.228.134 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.228.134"; classtype:trojan-activity; sid:37519761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.223.123 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.223.123"; classtype:trojan-activity; sid:37519771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.158.101 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.158.101"; classtype:trojan-activity; sid:37519781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.245.37 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.245.37"; classtype:trojan-activity; sid:37519791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 47.245.86.183 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.245.86.183"; classtype:trojan-activity; sid:37519801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 46.183.222.173 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.183.222.173"; classtype:trojan-activity; sid:37519811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.157.252 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.157.252"; classtype:trojan-activity; sid:37519821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.131 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.131"; classtype:trojan-activity; sid:37519831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.52.114.20 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.52.114.20"; classtype:trojan-activity; sid:37519841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.50.218 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.50.218"; classtype:trojan-activity; sid:37519851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.222.156.161 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.156.161"; classtype:trojan-activity; sid:37519861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 1.164.113.120 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.164.113.120"; classtype:trojan-activity; sid:37519871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 42.192.81.14 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.81.14"; classtype:trojan-activity; sid:37519881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.103.4 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.103.4"; classtype:trojan-activity; sid:37519891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.33.118 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.33.118"; classtype:trojan-activity; sid:37519901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 115.85.23.3 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.85.23.3"; classtype:trojan-activity; sid:37519911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.77.195 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.77.195"; classtype:trojan-activity; sid:37519921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.40.86 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.40.86"; classtype:trojan-activity; sid:37519931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 23.94.169.133 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.169.133"; classtype:trojan-activity; sid:37519941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.105.220.118 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.105.220.118"; classtype:trojan-activity; sid:37519951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.175.28 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.175.28"; classtype:trojan-activity; sid:37519961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.106.190.242 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.190.242"; classtype:trojan-activity; sid:37519971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.244.184 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.244.184"; classtype:trojan-activity; sid:37519981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 144.172.83.47 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.172.83.47"; classtype:trojan-activity; sid:37519991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.196.78 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.196.78"; classtype:trojan-activity; sid:37520001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.13.212 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.13.212"; classtype:trojan-activity; sid:37520011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.68.156 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.68.156"; classtype:trojan-activity; sid:37520021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.180.49 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.180.49"; classtype:trojan-activity; sid:37520031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 142.171.186.32 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.171.186.32"; classtype:trojan-activity; sid:37520041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 177.221.97.6 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.221.97.6"; classtype:trojan-activity; sid:37520051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 123.231.237.130 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.231.237.130"; classtype:trojan-activity; sid:37520061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.151.216 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.151.216"; classtype:trojan-activity; sid:37520071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.44.223 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.44.223"; classtype:trojan-activity; sid:37520081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 117.194.175.217 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.194.175.217"; classtype:trojan-activity; sid:37520091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 111.231.171.49 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.171.49"; classtype:trojan-activity; sid:37520101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 120.48.11.144 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.11.144"; classtype:trojan-activity; sid:37520111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.112.55 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.112.55"; classtype:trojan-activity; sid:37520121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.235.174.100 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.235.174.100"; classtype:trojan-activity; sid:37520131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.79.142.23 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.79.142.23"; classtype:trojan-activity; sid:37520141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.219.236 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.219.236"; classtype:trojan-activity; sid:37520151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 181.90.96.42 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.90.96.42"; classtype:trojan-activity; sid:37520161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.220.96.102 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.96.102"; classtype:trojan-activity; sid:37520171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.242.250 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.242.250"; classtype:trojan-activity; sid:37520181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 165.232.88.22 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.88.22"; classtype:trojan-activity; sid:37520191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.184.97 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.184.97"; classtype:trojan-activity; sid:37520201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 118.193.35.209 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.35.209"; classtype:trojan-activity; sid:37520211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.9.140 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.9.140"; classtype:trojan-activity; sid:37520221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.173.123 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.173.123"; classtype:trojan-activity; sid:37520231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.156.63 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.156.63"; classtype:trojan-activity; sid:37520241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.133.61.59 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.61.59"; classtype:trojan-activity; sid:37520251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 213.225.6.206 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.225.6.206"; classtype:trojan-activity; sid:37520261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 190.188.218.206 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.188.218.206"; classtype:trojan-activity; sid:37520271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.121.174 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.121.174"; classtype:trojan-activity; sid:37520281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 154.221.23.189 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.221.23.189"; classtype:trojan-activity; sid:37520291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.242.54 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.242.54"; classtype:trojan-activity; sid:37520301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 188.164.160.102 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.164.160.102"; classtype:trojan-activity; sid:37520311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.151.113 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.151.113"; classtype:trojan-activity; sid:37520321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.230.138.17 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.230.138.17"; classtype:trojan-activity; sid:37520331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.233.205 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.233.205"; classtype:trojan-activity; sid:37520341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.173.164.220 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.164.220"; classtype:trojan-activity; sid:37520351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.69.106 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.69.106"; classtype:trojan-activity; sid:37520361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.201.222 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.201.222"; classtype:trojan-activity; sid:37520371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 85.215.64.241 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.215.64.241"; classtype:trojan-activity; sid:37520381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip $HOME_NET any -> 193.27.90.9 any (msg: "MISP e26577 [] Outgoing To IP: 193.27.90.9"; classtype:trojan-activity; sid:37567731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 94.156.8.9 any (msg: "MISP e26577 [] Outgoing To IP: 94.156.8.9"; classtype:trojan-activity; sid:37567741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26577 [] Outgoing URL 193.27.90.9/ILHUP/121748"; flow:to_server,established; http.uri; content:"193.27.90.9/ILHUP/121748"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37567751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip 104.250.50.2 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.2"; classtype:trojan-activity; sid:37520391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.34.121 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.34.121"; classtype:trojan-activity; sid:37520401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 138.68.58.124 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.58.124"; classtype:trojan-activity; sid:37520411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.70.17 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.70.17"; classtype:trojan-activity; sid:37520421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.43.92 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.43.92"; classtype:trojan-activity; sid:37520431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.211.212 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.211.212"; classtype:trojan-activity; sid:37520441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.60.43 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.60.43"; classtype:trojan-activity; sid:37520451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 69.4.142.98 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.4.142.98"; classtype:trojan-activity; sid:37520461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.221.113 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.221.113"; classtype:trojan-activity; sid:37520471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert http $HOME_NET any -> 107.173.4.5 $HTTP_PORTS (msg: "MISP e26759 [] Outgoing URL http|3a|//107.173.4.5/esentiallsTools.vbs"; flow:to_server,established; http.header; content:"107.173.4.5"; fast_pattern; nocase; http.uri; content:"/esentiallsTools.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37571101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26759;) alert ip 170.106.188.15 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.188.15"; classtype:trojan-activity; sid:37520481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.147.243 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.147.243"; classtype:trojan-activity; sid:37520491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 1.116.198.79 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.116.198.79"; classtype:trojan-activity; sid:37520501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.94.182 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.94.182"; classtype:trojan-activity; sid:37520511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.134.71.180 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.134.71.180"; classtype:trojan-activity; sid:37520521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.221.224.199 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.224.199"; classtype:trojan-activity; sid:37520531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 218.158.124.28 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.158.124.28"; classtype:trojan-activity; sid:37520541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.211.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.211.178"; classtype:trojan-activity; sid:37520551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.65.213 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.65.213"; classtype:trojan-activity; sid:37520561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 139.224.60.82 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.224.60.82"; classtype:trojan-activity; sid:37520571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 213.219.212.106 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.219.212.106"; classtype:trojan-activity; sid:37520581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 89.46.223.31 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.46.223.31"; classtype:trojan-activity; sid:37520591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 164.52.223.117 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.52.223.117"; classtype:trojan-activity; sid:37520601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 123.58.215.207 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.58.215.207"; classtype:trojan-activity; sid:37520611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.32.127.125 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.127.125"; classtype:trojan-activity; sid:37520621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.76.166 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.76.166"; classtype:trojan-activity; sid:37520631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.214.71 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.214.71"; classtype:trojan-activity; sid:37520641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.211.46 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.211.46"; classtype:trojan-activity; sid:37520651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.154.45 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.154.45"; classtype:trojan-activity; sid:37520661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 190.145.192.106 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.145.192.106"; classtype:trojan-activity; sid:37520671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 110.137.195.51 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.137.195.51"; classtype:trojan-activity; sid:37520681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.15.85 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.15.85"; classtype:trojan-activity; sid:37520691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 114.96.116.52 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.96.116.52"; classtype:trojan-activity; sid:37520701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 79.137.198.108 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.137.198.108"; classtype:trojan-activity; sid:37520711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.135.154.130 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.154.130"; classtype:trojan-activity; sid:37520721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 89.46.223.35 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.46.223.35"; classtype:trojan-activity; sid:37520731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 78.153.130.75 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.153.130.75"; classtype:trojan-activity; sid:37520741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 5.189.175.121 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.189.175.121"; classtype:trojan-activity; sid:37520751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.88.173 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.88.173"; classtype:trojan-activity; sid:37520761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 106.12.48.161 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.48.161"; classtype:trojan-activity; sid:37520771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.237.236 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.237.236"; classtype:trojan-activity; sid:37520781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.40.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.40.178"; classtype:trojan-activity; sid:37520791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 106.52.85.67 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.85.67"; classtype:trojan-activity; sid:37520801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.3.174 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.3.174"; classtype:trojan-activity; sid:37520811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.113.25 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.113.25"; classtype:trojan-activity; sid:37520821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.25.109 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.25.109"; classtype:trojan-activity; sid:37520831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.203.109.25 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.203.109.25"; classtype:trojan-activity; sid:37520841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.117.163 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.117.163"; classtype:trojan-activity; sid:37520851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 62.234.57.198 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.57.198"; classtype:trojan-activity; sid:37520861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.104.206 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.104.206"; classtype:trojan-activity; sid:37520871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 175.178.96.148 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.96.148"; classtype:trojan-activity; sid:37520881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 143.110.251.126 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.251.126"; classtype:trojan-activity; sid:37520891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.244.87 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.244.87"; classtype:trojan-activity; sid:37520901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 120.53.94.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.94.178"; classtype:trojan-activity; sid:37520911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.46.24 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.46.24"; classtype:trojan-activity; sid:37520921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.139.64 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.139.64"; classtype:trojan-activity; sid:37520931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.139.164.98 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.164.98"; classtype:trojan-activity; sid:37520941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.176.172 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.176.172"; classtype:trojan-activity; sid:37520951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.15.205 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.15.205"; classtype:trojan-activity; sid:37520961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.223.100.217 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.100.217"; classtype:trojan-activity; sid:37520971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 180.76.144.128 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.144.128"; classtype:trojan-activity; sid:37520981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 223.113.121.94 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.113.121.94"; classtype:trojan-activity; sid:37520991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 122.115.50.243 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.115.50.243"; classtype:trojan-activity; sid:37521001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.0.176 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.0.176"; classtype:trojan-activity; sid:37521011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 206.189.128.64 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.128.64"; classtype:trojan-activity; sid:37521021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.89.75 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.89.75"; classtype:trojan-activity; sid:37521031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.68.211 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.68.211"; classtype:trojan-activity; sid:37521041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 192.74.254.46 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.74.254.46"; classtype:trojan-activity; sid:37521051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert http $HOME_NET any -> 107.173.4.5 $HTTP_PORTS (msg: "MISP e26759 [] Outgoing URL http|3a|//107.173.4.5/yeysysysyysysysysys.txt"; flow:to_server,established; http.header; content:"107.173.4.5"; fast_pattern; nocase; http.uri; content:"/yeysysysyysysysysys.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37571121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26759;) alert ip 119.28.100.77 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.100.77"; classtype:trojan-activity; sid:37521061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.3.8 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.3.8"; classtype:trojan-activity; sid:37521071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.32.115.235 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.115.235"; classtype:trojan-activity; sid:37521081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.192.145 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.192.145"; classtype:trojan-activity; sid:37521091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 125.72.13.21 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.72.13.21"; classtype:trojan-activity; sid:37521101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 172.245.88.84 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.245.88.84"; classtype:trojan-activity; sid:37521111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 180.76.97.63 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.97.63"; classtype:trojan-activity; sid:37521121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.92.47.129 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.92.47.129"; classtype:trojan-activity; sid:37521131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 222.240.1.12 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.240.1.12"; classtype:trojan-activity; sid:37521141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.126.194 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.126.194"; classtype:trojan-activity; sid:37521151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 64.23.157.227 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.157.227"; classtype:trojan-activity; sid:37521161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 79.174.186.212 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.174.186.212"; classtype:trojan-activity; sid:37521171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.210.91 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.210.91"; classtype:trojan-activity; sid:37521181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.95.241 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.95.241"; classtype:trojan-activity; sid:37521191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 95.85.47.10 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.85.47.10"; classtype:trojan-activity; sid:37521201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.243.168 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.243.168"; classtype:trojan-activity; sid:37521211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.146.15 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.146.15"; classtype:trojan-activity; sid:37521221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 40.86.81.214 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 40.86.81.214"; classtype:trojan-activity; sid:37521231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.164.77.254 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.164.77.254"; classtype:trojan-activity; sid:37521241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.246.85 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.246.85"; classtype:trojan-activity; sid:37521251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 172.190.123.72 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.190.123.72"; classtype:trojan-activity; sid:37521261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.236.121 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.236.121"; classtype:trojan-activity; sid:37521271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.130.251.49 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.251.49"; classtype:trojan-activity; sid:37521281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.241.2 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.241.2"; classtype:trojan-activity; sid:37521291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 183.56.206.27 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.206.27"; classtype:trojan-activity; sid:37521301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.195.115 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.195.115"; classtype:trojan-activity; sid:37521311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 110.81.179.228 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.81.179.228"; classtype:trojan-activity; sid:37521321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 175.24.244.173 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.24.244.173"; classtype:trojan-activity; sid:37521331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.249.184.231 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.249.184.231"; classtype:trojan-activity; sid:37521341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 159.223.14.205 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.14.205"; classtype:trojan-activity; sid:37521351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.146.113 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.146.113"; classtype:trojan-activity; sid:37521361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.223.11.5 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.11.5"; classtype:trojan-activity; sid:37521371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.179.27 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.179.27"; classtype:trojan-activity; sid:37521381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.224.221 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.224.221"; classtype:trojan-activity; sid:37521391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.134.219 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.134.219"; classtype:trojan-activity; sid:37521401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.131.232 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.131.232"; classtype:trojan-activity; sid:37521411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.235.53 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.235.53"; classtype:trojan-activity; sid:37521421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 2.42.197.250 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.42.197.250"; classtype:trojan-activity; sid:37521431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.205.42.177 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.205.42.177"; classtype:trojan-activity; sid:37521441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.45.171 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.45.171"; classtype:trojan-activity; sid:37521451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.198.121 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.198.121"; classtype:trojan-activity; sid:37521461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.222.189 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.222.189"; classtype:trojan-activity; sid:37521471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.7.139 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.7.139"; classtype:trojan-activity; sid:37521481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 167.114.31.85 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.114.31.85"; classtype:trojan-activity; sid:37521491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.170.200.41 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.170.200.41"; classtype:trojan-activity; sid:37521501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.36.184 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.36.184"; classtype:trojan-activity; sid:37521511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 181.50.70.110 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.50.70.110"; classtype:trojan-activity; sid:37521521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.226.35 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.226.35"; classtype:trojan-activity; sid:37521531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.245.7 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.245.7"; classtype:trojan-activity; sid:37521541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 213.136.87.230 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.136.87.230"; classtype:trojan-activity; sid:37521551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.56.30 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.56.30"; classtype:trojan-activity; sid:37521561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 51.38.91.49 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.38.91.49"; classtype:trojan-activity; sid:37521571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.64.128 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.64.128"; classtype:trojan-activity; sid:37521581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 159.89.123.98 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.123.98"; classtype:trojan-activity; sid:37521591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.131.188.84 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.188.84"; classtype:trojan-activity; sid:37521601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.207.245.76 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.207.245.76"; classtype:trojan-activity; sid:37521611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.192.241 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.192.241"; classtype:trojan-activity; sid:37521621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.9.254 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.9.254"; classtype:trojan-activity; sid:37521631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.136.21.205 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.21.205"; classtype:trojan-activity; sid:37521641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.243.125 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.243.125"; classtype:trojan-activity; sid:37521651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.19.70 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.19.70"; classtype:trojan-activity; sid:37521661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.211.156 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.211.156"; classtype:trojan-activity; sid:37521671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 35.244.63.246 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.244.63.246"; classtype:trojan-activity; sid:37521681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 157.92.52.19 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.92.52.19"; classtype:trojan-activity; sid:37521691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.40.6 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.40.6"; classtype:trojan-activity; sid:37521701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.0.131 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.0.131"; classtype:trojan-activity; sid:37521711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.33.80.18 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.80.18"; classtype:trojan-activity; sid:37521721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 114.175.140.98 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.175.140.98"; classtype:trojan-activity; sid:37521731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.21.120 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.21.120"; classtype:trojan-activity; sid:37521741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.106.136.19 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.136.19"; classtype:trojan-activity; sid:37521751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 122.192.11.1 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.192.11.1"; classtype:trojan-activity; sid:37521761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.197.252 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.197.252"; classtype:trojan-activity; sid:37521771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.177.27 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.177.27"; classtype:trojan-activity; sid:37521781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.197.173 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.197.173"; classtype:trojan-activity; sid:37521791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.249.200 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.249.200"; classtype:trojan-activity; sid:37521801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 123.206.115.109 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.206.115.109"; classtype:trojan-activity; sid:37521811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.28.156.240 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.156.240"; classtype:trojan-activity; sid:37521821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.122.161 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.122.161"; classtype:trojan-activity; sid:37521831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.89.144.101 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.144.101"; classtype:trojan-activity; sid:37521841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.74.78 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.74.78"; classtype:trojan-activity; sid:37521851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.246.113 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.246.113"; classtype:trojan-activity; sid:37521861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.45.202 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.45.202"; classtype:trojan-activity; sid:37521871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.155.251 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.155.251"; classtype:trojan-activity; sid:37521881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.133.155 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.133.155"; classtype:trojan-activity; sid:37521891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.103.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.103.178"; classtype:trojan-activity; sid:37521901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.229.171 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.229.171"; classtype:trojan-activity; sid:37521911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.138.204.179 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.204.179"; classtype:trojan-activity; sid:37521921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.14.224.53 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.14.224.53"; classtype:trojan-activity; sid:37521931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 196.29.34.170 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.29.34.170"; classtype:trojan-activity; sid:37521941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.201.82.10 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.201.82.10"; classtype:trojan-activity; sid:37521951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.244.216.42 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.244.216.42"; classtype:trojan-activity; sid:37521961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.64.231 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.64.231"; classtype:trojan-activity; sid:37521971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.78.171.113 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.78.171.113"; classtype:trojan-activity; sid:37521981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 24.144.85.251 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.144.85.251"; classtype:trojan-activity; sid:37521991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 5.42.77.17 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.77.17"; classtype:trojan-activity; sid:37522001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 62.219.172.50 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.219.172.50"; classtype:trojan-activity; sid:37522011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.214.214 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.214.214"; classtype:trojan-activity; sid:37522021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.126.69.104 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.69.104"; classtype:trojan-activity; sid:37522031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 82.157.171.156 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.171.156"; classtype:trojan-activity; sid:37522041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 14.225.255.208 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.225.255.208"; classtype:trojan-activity; sid:37522051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 154.211.14.38 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.211.14.38"; classtype:trojan-activity; sid:37522061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.56.40 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.56.40"; classtype:trojan-activity; sid:37522071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.230.190 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.230.190"; classtype:trojan-activity; sid:37522081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 113.204.50.98 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.204.50.98"; classtype:trojan-activity; sid:37522091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 117.220.10.3 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.220.10.3"; classtype:trojan-activity; sid:37522101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.131.16 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.131.16"; classtype:trojan-activity; sid:37522111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 38.7.199.51 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.199.51"; classtype:trojan-activity; sid:37522121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 69.49.228.185 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.49.228.185"; classtype:trojan-activity; sid:37522131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.28.162.55 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.162.55"; classtype:trojan-activity; sid:37522141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.28.110.71 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.110.71"; classtype:trojan-activity; sid:37522151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 24.144.85.231 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.144.85.231"; classtype:trojan-activity; sid:37522161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 186.121.240.39 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.121.240.39"; classtype:trojan-activity; sid:37522171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.198.12 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.198.12"; classtype:trojan-activity; sid:37522181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.235.239.235 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.239.235"; classtype:trojan-activity; sid:37522191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.37.43 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.37.43"; classtype:trojan-activity; sid:37522201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.3.137 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.3.137"; classtype:trojan-activity; sid:37522211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 146.56.198.86 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.56.198.86"; classtype:trojan-activity; sid:37522221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.219.166 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.219.166"; classtype:trojan-activity; sid:37522231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 172.104.156.216 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.104.156.216"; classtype:trojan-activity; sid:37522241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.221.104.16 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.104.16"; classtype:trojan-activity; sid:37522251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.28.249.42 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.249.42"; classtype:trojan-activity; sid:37522261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.201.18 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.201.18"; classtype:trojan-activity; sid:37522271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.28.249.43 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.249.43"; classtype:trojan-activity; sid:37522281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 220.118.152.110 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.118.152.110"; classtype:trojan-activity; sid:37522291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.111.149.33 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.111.149.33"; classtype:trojan-activity; sid:37522301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.28.159.120 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.159.120"; classtype:trojan-activity; sid:37522311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.228.179 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.228.179"; classtype:trojan-activity; sid:37522321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.226.88 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.226.88"; classtype:trojan-activity; sid:37522331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 140.143.143.155 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.143.143.155"; classtype:trojan-activity; sid:37522341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.28.217.43 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.217.43"; classtype:trojan-activity; sid:37522351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 23.95.61.184 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.95.61.184"; classtype:trojan-activity; sid:37522361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 140.143.163.61 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.143.163.61"; classtype:trojan-activity; sid:37522371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 121.5.250.143 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.5.250.143"; classtype:trojan-activity; sid:37522381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.140.28 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.140.28"; classtype:trojan-activity; sid:37522391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.143.129.245 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.129.245"; classtype:trojan-activity; sid:37522401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 165.22.91.165 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.91.165"; classtype:trojan-activity; sid:37522411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.133.1.251 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.1.251"; classtype:trojan-activity; sid:37522421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.130.16.190 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.16.190"; classtype:trojan-activity; sid:37522431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 152.136.59.127 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.59.127"; classtype:trojan-activity; sid:37522441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.24.88 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.24.88"; classtype:trojan-activity; sid:37522451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.174.205.10 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.205.10"; classtype:trojan-activity; sid:37522461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.27.150 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.27.150"; classtype:trojan-activity; sid:37522471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.118.164 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.118.164"; classtype:trojan-activity; sid:37522481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.147.174 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.147.174"; classtype:trojan-activity; sid:37522491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 123.58.220.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.58.220.74"; classtype:trojan-activity; sid:37522501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.170.94 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.170.94"; classtype:trojan-activity; sid:37522511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 159.89.95.203 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.95.203"; classtype:trojan-activity; sid:37522521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.49.202 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.49.202"; classtype:trojan-activity; sid:37522531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.152.72.236 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.152.72.236"; classtype:trojan-activity; sid:37522541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 187.235.125.188 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.235.125.188"; classtype:trojan-activity; sid:37522551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 59.125.75.24 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.125.75.24"; classtype:trojan-activity; sid:37522561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 146.190.127.139 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.127.139"; classtype:trojan-activity; sid:37522571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.75.53 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.75.53"; classtype:trojan-activity; sid:37522581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 178.18.242.253 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.18.242.253"; classtype:trojan-activity; sid:37522591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 82.97.241.247 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.97.241.247"; classtype:trojan-activity; sid:37522601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 186.96.151.198 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.96.151.198"; classtype:trojan-activity; sid:37522611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 138.68.133.251 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.133.251"; classtype:trojan-activity; sid:37522621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 58.144.198.141 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.144.198.141"; classtype:trojan-activity; sid:37522631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.242.181 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.242.181"; classtype:trojan-activity; sid:37522641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.98.175.148 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.98.175.148"; classtype:trojan-activity; sid:37522651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.189.29 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.189.29"; classtype:trojan-activity; sid:37522661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 94.250.186.67 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.250.186.67"; classtype:trojan-activity; sid:37522671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.27.113 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.27.113"; classtype:trojan-activity; sid:37522681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 8.222.248.47 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.248.47"; classtype:trojan-activity; sid:37522691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.66.47 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.66.47"; classtype:trojan-activity; sid:37522701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.224.208 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.224.208"; classtype:trojan-activity; sid:37522711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.20.175 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.20.175"; classtype:trojan-activity; sid:37522721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.214.187 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.214.187"; classtype:trojan-activity; sid:37522731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 106.12.174.231 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.174.231"; classtype:trojan-activity; sid:37522741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.144.31 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.144.31"; classtype:trojan-activity; sid:37522751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 106.228.22.39 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.228.22.39"; classtype:trojan-activity; sid:37522761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.220.140 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.220.140"; classtype:trojan-activity; sid:37522771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.0.139 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.0.139"; classtype:trojan-activity; sid:37522781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.232.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.232.74"; classtype:trojan-activity; sid:37522791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 183.192.0.18 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.192.0.18"; classtype:trojan-activity; sid:37522801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.43.60.89 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.60.89"; classtype:trojan-activity; sid:37522811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.169.90.197 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.169.90.197"; classtype:trojan-activity; sid:37522821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.242.199.123 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.242.199.123"; classtype:trojan-activity; sid:37522831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.193.191 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.193.191"; classtype:trojan-activity; sid:37522841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.174.78.62 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.78.62"; classtype:trojan-activity; sid:37522851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 203.209.209.89 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.209.209.89"; classtype:trojan-activity; sid:37522861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 42.191.221.214 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.191.221.214"; classtype:trojan-activity; sid:37522871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 120.48.36.126 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.36.126"; classtype:trojan-activity; sid:37522881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 162.240.24.174 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.240.24.174"; classtype:trojan-activity; sid:37522891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.106.154 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.106.154"; classtype:trojan-activity; sid:37522901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.25.23 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.25.23"; classtype:trojan-activity; sid:37522911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.106.110.102 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.110.102"; classtype:trojan-activity; sid:37522921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.89.213.77 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.213.77"; classtype:trojan-activity; sid:37522931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 222.186.180.156 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.186.180.156"; classtype:trojan-activity; sid:37522941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.198.8 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.198.8"; classtype:trojan-activity; sid:37522951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.179.242.13 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.179.242.13"; classtype:trojan-activity; sid:37522961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 183.56.235.86 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.235.86"; classtype:trojan-activity; sid:37522971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 175.161.172.49 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.161.172.49"; classtype:trojan-activity; sid:37522981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 187.114.34.128 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.114.34.128"; classtype:trojan-activity; sid:37522991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.131.249 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.131.249"; classtype:trojan-activity; sid:37523001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 178.128.113.58 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.113.58"; classtype:trojan-activity; sid:37523011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.228.181 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.228.181"; classtype:trojan-activity; sid:37523021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 94.247.178.35 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.247.178.35"; classtype:trojan-activity; sid:37523031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.183.237 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.183.237"; classtype:trojan-activity; sid:37523041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.205.110 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.205.110"; classtype:trojan-activity; sid:37523051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.206.179 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.179"; classtype:trojan-activity; sid:37523061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.154.89.250 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.154.89.250"; classtype:trojan-activity; sid:37523071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.154.89.249 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.154.89.249"; classtype:trojan-activity; sid:37523081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 14.155.59.111 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.155.59.111"; classtype:trojan-activity; sid:37523091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.77.110 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.77.110"; classtype:trojan-activity; sid:37523101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.95.205 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.95.205"; classtype:trojan-activity; sid:37523111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 172.86.69.61 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.86.69.61"; classtype:trojan-activity; sid:37523121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 192.162.9.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.162.9.178"; classtype:trojan-activity; sid:37523131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.36.148.41 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance] Incoming From IP: 104.36.148.41"; classtype:trojan-activity; sid:37523141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.44.235 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.44.235"; classtype:trojan-activity; sid:37523151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.113.111 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.113.111"; classtype:trojan-activity; sid:37523161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 5.196.114.220 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.196.114.220"; classtype:trojan-activity; sid:37523171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 195.182.194.237 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.182.194.237"; classtype:trojan-activity; sid:37523181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.223.49 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.223.49"; classtype:trojan-activity; sid:37523191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.194.72 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.194.72"; classtype:trojan-activity; sid:37523201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 162.62.124.201 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.124.201"; classtype:trojan-activity; sid:37523211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 167.172.172.163 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.172.163"; classtype:trojan-activity; sid:37523221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.56.21 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.56.21"; classtype:trojan-activity; sid:37523231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.206.72.2 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.206.72.2"; classtype:trojan-activity; sid:37523241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.133.68.86 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.68.86"; classtype:trojan-activity; sid:37523251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.32.11 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.32.11"; classtype:trojan-activity; sid:37523261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.147.165 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.147.165"; classtype:trojan-activity; sid:37523271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 152.136.41.246 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.41.246"; classtype:trojan-activity; sid:37523281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.51.21 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.51.21"; classtype:trojan-activity; sid:37523291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.172.248 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.172.248"; classtype:trojan-activity; sid:37523301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.172.29.238 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.29.238"; classtype:trojan-activity; sid:37523311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 14.116.206.169 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.116.206.169"; classtype:trojan-activity; sid:37523321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 157.120.59.153 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.120.59.153"; classtype:trojan-activity; sid:37523331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.167.247 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.167.247"; classtype:trojan-activity; sid:37523341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.172.58 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.172.58"; classtype:trojan-activity; sid:37523351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 113.31.126.124 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.31.126.124"; classtype:trojan-activity; sid:37523361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 58.58.53.6 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.58.53.6"; classtype:trojan-activity; sid:37523371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 23.224.232.227 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.224.232.227"; classtype:trojan-activity; sid:37523381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.100.210.4 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.100.210.4"; classtype:trojan-activity; sid:37523391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.130.215.82 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.215.82"; classtype:trojan-activity; sid:37523401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.231.91 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.231.91"; classtype:trojan-activity; sid:37523411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 58.136.161.203 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.136.161.203"; classtype:trojan-activity; sid:37523421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 146.190.97.169 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.97.169"; classtype:trojan-activity; sid:37523431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 42.194.249.251 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.249.251"; classtype:trojan-activity; sid:37523441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 153.187.87.138 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.187.87.138"; classtype:trojan-activity; sid:37523451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 220.124.89.47 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.124.89.47"; classtype:trojan-activity; sid:37523461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.32.116.101 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.116.101"; classtype:trojan-activity; sid:37523471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.42.21 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.42.21"; classtype:trojan-activity; sid:37523481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.206.99 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.206.99"; classtype:trojan-activity; sid:37523491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.194.131 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.194.131"; classtype:trojan-activity; sid:37523501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 165.154.57.214 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.57.214"; classtype:trojan-activity; sid:37523511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 60.25.13.100 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.25.13.100"; classtype:trojan-activity; sid:37523521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 2.84.171.175 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.84.171.175"; classtype:trojan-activity; sid:37523531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.130.245.71 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.245.71"; classtype:trojan-activity; sid:37523541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 82.156.17.64 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.17.64"; classtype:trojan-activity; sid:37523551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.177.143 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.177.143"; classtype:trojan-activity; sid:37523561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 64.23.166.240 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.166.240"; classtype:trojan-activity; sid:37523571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.214.53 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.214.53"; classtype:trojan-activity; sid:37523581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 2.50.1.109 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.50.1.109"; classtype:trojan-activity; sid:37523591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.132.140 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.132.140"; classtype:trojan-activity; sid:37523601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.142.86.128 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.86.128"; classtype:trojan-activity; sid:37523611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.228.205 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.228.205"; classtype:trojan-activity; sid:37523621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 46.245.64.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.245.64.74"; classtype:trojan-activity; sid:37523631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 47.236.229.16 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.229.16"; classtype:trojan-activity; sid:37523641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.52.219 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.52.219"; classtype:trojan-activity; sid:37523651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.235.144 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.235.144"; classtype:trojan-activity; sid:37523661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 86.33.1.116 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.33.1.116"; classtype:trojan-activity; sid:37523671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.100.211.218 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.100.211.218"; classtype:trojan-activity; sid:37523681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.200.216 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.200.216"; classtype:trojan-activity; sid:37523691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.178.94 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.178.94"; classtype:trojan-activity; sid:37523701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.198.207.191 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.198.207.191"; classtype:trojan-activity; sid:37523711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.186.231 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.186.231"; classtype:trojan-activity; sid:37523721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 51.250.47.221 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.250.47.221"; classtype:trojan-activity; sid:37523731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.28.131 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.28.131"; classtype:trojan-activity; sid:37523741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.139.239.15 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.139.239.15"; classtype:trojan-activity; sid:37523751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.24.67.144 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.24.67.144"; classtype:trojan-activity; sid:37523761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.37.230 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.37.230"; classtype:trojan-activity; sid:37523771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 183.150.182.113 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.150.182.113"; classtype:trojan-activity; sid:37523781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 47.200.165.205 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.200.165.205"; classtype:trojan-activity; sid:37523791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.156.158 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.156.158"; classtype:trojan-activity; sid:37523801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 186.233.204.10 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.233.204.10"; classtype:trojan-activity; sid:37523811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.171.219.204 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.171.219.204"; classtype:trojan-activity; sid:37523821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.130.1.213 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.1.213"; classtype:trojan-activity; sid:37523831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 122.176.88.136 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.176.88.136"; classtype:trojan-activity; sid:37523841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 69.49.231.8 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.49.231.8"; classtype:trojan-activity; sid:37523851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 188.241.240.24 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.241.240.24"; classtype:trojan-activity; sid:37523861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 8.140.192.44 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.140.192.44"; classtype:trojan-activity; sid:37523871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 138.2.105.112 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.2.105.112"; classtype:trojan-activity; sid:37523881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 188.239.180.236 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.239.180.236"; classtype:trojan-activity; sid:37523891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.43.15.25 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.15.25"; classtype:trojan-activity; sid:37523901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.6.188.35 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.6.188.35"; classtype:trojan-activity; sid:37523911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.32.77 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.32.77"; classtype:trojan-activity; sid:37523921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 194.182.83.241 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.182.83.241"; classtype:trojan-activity; sid:37523931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.242.30 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.242.30"; classtype:trojan-activity; sid:37523941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.199.39 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.199.39"; classtype:trojan-activity; sid:37523951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.239.152 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.239.152"; classtype:trojan-activity; sid:37523961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.177.253 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.177.253"; classtype:trojan-activity; sid:37523971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 115.195.48.68 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.195.48.68"; classtype:trojan-activity; sid:37523981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.183.112.140 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.183.112.140"; classtype:trojan-activity; sid:37523991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.131.11.132 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.11.132"; classtype:trojan-activity; sid:37524001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.183.77 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.183.77"; classtype:trojan-activity; sid:37524011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.70.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.70.178"; classtype:trojan-activity; sid:37524021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.150.4.85 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.150.4.85"; classtype:trojan-activity; sid:37524031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 62.234.13.117 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.13.117"; classtype:trojan-activity; sid:37524041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 146.190.246.105 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.246.105"; classtype:trojan-activity; sid:37524051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 134.209.44.109 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.44.109"; classtype:trojan-activity; sid:37524071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 159.203.41.196 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.41.196"; classtype:trojan-activity; sid:37524081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.208.126.138 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.208.126.138"; classtype:trojan-activity; sid:37524091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.167.125 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.167.125"; classtype:trojan-activity; sid:37524101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.36.147 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.36.147"; classtype:trojan-activity; sid:37524111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.86.122 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.86.122"; classtype:trojan-activity; sid:37524121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 165.227.82.150 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.82.150"; classtype:trojan-activity; sid:37524131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 198.12.80.190 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.12.80.190"; classtype:trojan-activity; sid:37524141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 111.21.195.10 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.21.195.10"; classtype:trojan-activity; sid:37524151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 109.167.197.20 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.167.197.20"; classtype:trojan-activity; sid:37524161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 121.60.83.85 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.60.83.85"; classtype:trojan-activity; sid:37524171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.83.71 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.83.71"; classtype:trojan-activity; sid:37524181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 139.155.244.248 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.155.244.248"; classtype:trojan-activity; sid:37524191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 14.116.214.236 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.116.214.236"; classtype:trojan-activity; sid:37524201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 142.93.13.232 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.13.232"; classtype:trojan-activity; sid:37524211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.144.3.218 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.144.3.218"; classtype:trojan-activity; sid:37524221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.177.52 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.177.52"; classtype:trojan-activity; sid:37524231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 165.22.193.26 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.193.26"; classtype:trojan-activity; sid:37524241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 114.232.189.98 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.232.189.98"; classtype:trojan-activity; sid:37524251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 114.232.189.191 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.232.189.191"; classtype:trojan-activity; sid:37524261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.135.58 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.135.58"; classtype:trojan-activity; sid:37524271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.55.64 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.55.64"; classtype:trojan-activity; sid:37524281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 117.164.164.145 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.164.164.145"; classtype:trojan-activity; sid:37524291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.130.33.19 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.33.19"; classtype:trojan-activity; sid:37524301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.234.151.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.234.151.178"; classtype:trojan-activity; sid:37524311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.192.26 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.192.26"; classtype:trojan-activity; sid:37524321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.47.72 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.47.72"; classtype:trojan-activity; sid:37524331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.183.174 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.183.174"; classtype:trojan-activity; sid:37524341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.95.147.236 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.95.147.236"; classtype:trojan-activity; sid:37524351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.112.82 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.112.82"; classtype:trojan-activity; sid:37524361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.93.21 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.93.21"; classtype:trojan-activity; sid:37524371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.49.90 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.49.90"; classtype:trojan-activity; sid:37524381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.106.180.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.180.74"; classtype:trojan-activity; sid:37524391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.73.123 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.73.123"; classtype:trojan-activity; sid:37524401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.206.82 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.82"; classtype:trojan-activity; sid:37524411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.89.22 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.89.22"; classtype:trojan-activity; sid:37524421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.120.71.139 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.120.71.139"; classtype:trojan-activity; sid:37524431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.138.187.61 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.187.61"; classtype:trojan-activity; sid:37524441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.72.45 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.72.45"; classtype:trojan-activity; sid:37524451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 117.72.34.232 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.34.232"; classtype:trojan-activity; sid:37524461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.105.190 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.105.190"; classtype:trojan-activity; sid:37524481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.43.13.171 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.13.171"; classtype:trojan-activity; sid:37524491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 1.117.174.124 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.174.124"; classtype:trojan-activity; sid:37524501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 168.228.42.155 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.228.42.155"; classtype:trojan-activity; sid:37524511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.249.184.158 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.249.184.158"; classtype:trojan-activity; sid:37524521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.179.38 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.179.38"; classtype:trojan-activity; sid:37524531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.193.44 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.193.44"; classtype:trojan-activity; sid:37524541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.195.101 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.195.101"; classtype:trojan-activity; sid:37524551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 207.180.217.21 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.180.217.21"; classtype:trojan-activity; sid:37524561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.135.75 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.135.75"; classtype:trojan-activity; sid:37524571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.255.144 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.255.144"; classtype:trojan-activity; sid:37524581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.183.116 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.183.116"; classtype:trojan-activity; sid:37524591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 188.18.23.163 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.18.23.163"; classtype:trojan-activity; sid:37524601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 201.251.51.218 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.251.51.218"; classtype:trojan-activity; sid:37524611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.188.226 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.188.226"; classtype:trojan-activity; sid:37524621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 196.216.84.246 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.216.84.246"; classtype:trojan-activity; sid:37524631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.141.79 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.141.79"; classtype:trojan-activity; sid:37524641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 171.251.28.12 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.251.28.12"; classtype:trojan-activity; sid:37524651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.219.28 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.219.28"; classtype:trojan-activity; sid:37524661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.159.208.8 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.159.208.8"; classtype:trojan-activity; sid:37524671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 14.103.34.185 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.34.185"; classtype:trojan-activity; sid:37524681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 158.220.91.89 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.220.91.89"; classtype:trojan-activity; sid:37524691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 38.242.252.77 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.242.252.77"; classtype:trojan-activity; sid:37524701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.118.233 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.118.233"; classtype:trojan-activity; sid:37524711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.133.56.49 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.133.56.49"; classtype:trojan-activity; sid:37524721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 181.47.30.23 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.47.30.23"; classtype:trojan-activity; sid:37524731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 47.245.85.116 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.245.85.116"; classtype:trojan-activity; sid:37524741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.185.214 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.185.214"; classtype:trojan-activity; sid:37524751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.157.3.132 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.3.132"; classtype:trojan-activity; sid:37524761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 139.224.32.239 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.224.32.239"; classtype:trojan-activity; sid:37524771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.151.30 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.151.30"; classtype:trojan-activity; sid:37524781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.135.163.21 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.163.21"; classtype:trojan-activity; sid:37524791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 167.99.8.87 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.8.87"; classtype:trojan-activity; sid:37524801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.211.77 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.211.77"; classtype:trojan-activity; sid:37524811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 93.123.39.76 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.123.39.76"; classtype:trojan-activity; sid:37524821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 46.41.138.34 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.41.138.34"; classtype:trojan-activity; sid:37524831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 190.145.81.37 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.145.81.37"; classtype:trojan-activity; sid:37524841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 202.157.185.152 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.185.152"; classtype:trojan-activity; sid:37524851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 178.208.132.38 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.208.132.38"; classtype:trojan-activity; sid:37524861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.28.157.172 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.157.172"; classtype:trojan-activity; sid:37524871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.175.127.32 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.175.127.32"; classtype:trojan-activity; sid:37524881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 154.26.192.22 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.26.192.22"; classtype:trojan-activity; sid:37524891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.218.77 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.218.77"; classtype:trojan-activity; sid:37524901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 195.158.24.42 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.158.24.42"; classtype:trojan-activity; sid:37524911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 95.252.141.23 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.252.141.23"; classtype:trojan-activity; sid:37524921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 117.199.3.144 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.199.3.144"; classtype:trojan-activity; sid:37524931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.180.106 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.180.106"; classtype:trojan-activity; sid:37524941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.204.66 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.204.66"; classtype:trojan-activity; sid:37524951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 137.220.190.31 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.220.190.31"; classtype:trojan-activity; sid:37524961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.216.7 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.216.7"; classtype:trojan-activity; sid:37524971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 71.70.165.8 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.70.165.8"; classtype:trojan-activity; sid:37524981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.135.85 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.135.85"; classtype:trojan-activity; sid:37524991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.235.156 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.235.156"; classtype:trojan-activity; sid:37525001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.135.76 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.135.76"; classtype:trojan-activity; sid:37525011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.186.83 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.186.83"; classtype:trojan-activity; sid:37525021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 137.186.227.113 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.186.227.113"; classtype:trojan-activity; sid:37525031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 186.75.154.14 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.75.154.14"; classtype:trojan-activity; sid:37525041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.46.48 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.46.48"; classtype:trojan-activity; sid:37525051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.154.29.237 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.29.237"; classtype:trojan-activity; sid:37525061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 121.140.180.198 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.140.180.198"; classtype:trojan-activity; sid:37525071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.159.59.241 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.59.241"; classtype:trojan-activity; sid:37525081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 202.29.229.132 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.29.229.132"; classtype:trojan-activity; sid:37525091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 207.180.199.237 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.180.199.237"; classtype:trojan-activity; sid:37525101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.250.221.250 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.250.221.250"; classtype:trojan-activity; sid:37525111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.171.46 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.171.46"; classtype:trojan-activity; sid:37525121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 175.45.17.14 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.45.17.14"; classtype:trojan-activity; sid:37525131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.156.181 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.156.181"; classtype:trojan-activity; sid:37525141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 189.46.104.139 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.46.104.139"; classtype:trojan-activity; sid:37525151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 139.155.11.207 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.155.11.207"; classtype:trojan-activity; sid:37525161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.228.181 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.228.181"; classtype:trojan-activity; sid:37525171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 14.103.41.39 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.41.39"; classtype:trojan-activity; sid:37525181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.209.90 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.209.90"; classtype:trojan-activity; sid:37525191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.106.173.112 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.173.112"; classtype:trojan-activity; sid:37525201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.8.229 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.8.229"; classtype:trojan-activity; sid:37525211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.91.201.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.201.74"; classtype:trojan-activity; sid:37525221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 64.64.226.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.64.226.178"; classtype:trojan-activity; sid:37525231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 47.149.31.206 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.149.31.206"; classtype:trojan-activity; sid:37525241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 66.179.250.83 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.179.250.83"; classtype:trojan-activity; sid:37525251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.34.81 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.34.81"; classtype:trojan-activity; sid:37525261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.206.16 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.16"; classtype:trojan-activity; sid:37525271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 110.40.165.170 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.165.170"; classtype:trojan-activity; sid:37525281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.131.188.82 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.188.82"; classtype:trojan-activity; sid:37525291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.247.48 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.247.48"; classtype:trojan-activity; sid:37525301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 148.70.196.152 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.70.196.152"; classtype:trojan-activity; sid:37525311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 146.56.230.17 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.56.230.17"; classtype:trojan-activity; sid:37525321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.200.91 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.200.91"; classtype:trojan-activity; sid:37525331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 140.143.38.161 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.143.38.161"; classtype:trojan-activity; sid:37525341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.156.239.182 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.156.239.182"; classtype:trojan-activity; sid:37525351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.225.254 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.225.254"; classtype:trojan-activity; sid:37525361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.235.68.125 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.68.125"; classtype:trojan-activity; sid:37525371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.170.99 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.170.99"; classtype:trojan-activity; sid:37525381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.12.196.236 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.12.196.236"; classtype:trojan-activity; sid:37525391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.172.114.41 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.172.114.41"; classtype:trojan-activity; sid:37525401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip $HOME_NET any -> 83.137.157.54 9231 (msg: "MISP e26691 [RAT,RemcosRAT] Outgoing To IP: 83.137.157.54|9231"; classtype:trojan-activity; sid:37513971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip 129.226.145.162 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.145.162"; classtype:trojan-activity; sid:37525411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 179.41.0.55 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.41.0.55"; classtype:trojan-activity; sid:37525421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.135.64 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.135.64"; classtype:trojan-activity; sid:37525431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.22.78 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.22.78"; classtype:trojan-activity; sid:37525441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 35.199.95.142 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.199.95.142"; classtype:trojan-activity; sid:37525451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.213.118 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.213.118"; classtype:trojan-activity; sid:37525461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.153.0.227 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.153.0.227"; classtype:trojan-activity; sid:37525471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 162.62.61.159 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.61.159"; classtype:trojan-activity; sid:37525481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.160.230 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.160.230"; classtype:trojan-activity; sid:37525491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 65.21.188.43 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.21.188.43"; classtype:trojan-activity; sid:37525501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 172.245.168.222 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.245.168.222"; classtype:trojan-activity; sid:37525511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.135.59 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.135.59"; classtype:trojan-activity; sid:37525521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.45.5 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.45.5"; classtype:trojan-activity; sid:37525531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 109.234.35.170 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.234.35.170"; classtype:trojan-activity; sid:37525541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.245.219 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.245.219"; classtype:trojan-activity; sid:37525551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 198.46.210.89 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.46.210.89"; classtype:trojan-activity; sid:37525561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.158.124 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.158.124"; classtype:trojan-activity; sid:37525571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.35.197.226 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.197.226"; classtype:trojan-activity; sid:37525581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 198.211.124.50 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.211.124.50"; classtype:trojan-activity; sid:37525591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 82.4.218.201 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.4.218.201"; classtype:trojan-activity; sid:37525601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 182.43.31.121 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.43.31.121"; classtype:trojan-activity; sid:37525611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 92.205.111.173 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.205.111.173"; classtype:trojan-activity; sid:37525621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.130.32.179 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.32.179"; classtype:trojan-activity; sid:37525631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 157.230.44.66 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.44.66"; classtype:trojan-activity; sid:37525641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.197.120 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.197.120"; classtype:trojan-activity; sid:37525651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 8.222.205.118 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.205.118"; classtype:trojan-activity; sid:37525661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.170.134 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.170.134"; classtype:trojan-activity; sid:37525671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.3.56.21 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.3.56.21"; classtype:trojan-activity; sid:37525681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.93.23 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.93.23"; classtype:trojan-activity; sid:37525691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.143.252.151 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.252.151"; classtype:trojan-activity; sid:37525701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 203.130.248.211 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.130.248.211"; classtype:trojan-activity; sid:37525711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.7.250 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.7.250"; classtype:trojan-activity; sid:37525721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.34.51 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.34.51"; classtype:trojan-activity; sid:37525731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.37.152 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.37.152"; classtype:trojan-activity; sid:37525741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 14.103.44.104 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.44.104"; classtype:trojan-activity; sid:37525751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.242.199.11 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.242.199.11"; classtype:trojan-activity; sid:37525761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 115.159.224.20 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.224.20"; classtype:trojan-activity; sid:37525771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.209.170 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.209.170"; classtype:trojan-activity; sid:37525781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.151.244.235 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.151.244.235"; classtype:trojan-activity; sid:37525791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 137.184.127.243 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.127.243"; classtype:trojan-activity; sid:37525801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.109.214 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.109.214"; classtype:trojan-activity; sid:37525811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 79.127.118.89 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.127.118.89"; classtype:trojan-activity; sid:37525821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 192.3.53.210 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.3.53.210"; classtype:trojan-activity; sid:37525831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.0.65 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.0.65"; classtype:trojan-activity; sid:37525841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 61.191.75.26 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.191.75.26"; classtype:trojan-activity; sid:37525851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 121.40.192.216 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.192.216"; classtype:trojan-activity; sid:37525861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 68.183.190.179 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.190.179"; classtype:trojan-activity; sid:37525871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.28.249.50 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.249.50"; classtype:trojan-activity; sid:37525881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.156.38.102 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.38.102"; classtype:trojan-activity; sid:37525891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.28.154.33 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.154.33"; classtype:trojan-activity; sid:37525901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.86.181.37 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.86.181.37"; classtype:trojan-activity; sid:37525911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 190.174.24.35 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.174.24.35"; classtype:trojan-activity; sid:37525921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.25.106 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.25.106"; classtype:trojan-activity; sid:37525931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 23.94.239.228 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.239.228"; classtype:trojan-activity; sid:37525941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.106.109.201 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.109.201"; classtype:trojan-activity; sid:37525951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 79.174.37.6 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.174.37.6"; classtype:trojan-activity; sid:37525961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 110.138.91.59 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.138.91.59"; classtype:trojan-activity; sid:37525971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.106.195.38 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.195.38"; classtype:trojan-activity; sid:37525981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 8.219.117.148 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.219.117.148"; classtype:trojan-activity; sid:37525991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 152.136.206.54 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.206.54"; classtype:trojan-activity; sid:37526001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.154.89.245 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.154.89.245"; classtype:trojan-activity; sid:37526011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 209.126.12.24 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.126.12.24"; classtype:trojan-activity; sid:37526021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 172.105.94.38 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.105.94.38"; classtype:trojan-activity; sid:37526031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 5.39.93.23 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.39.93.23"; classtype:trojan-activity; sid:37526041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 65.0.238.167 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.0.238.167"; classtype:trojan-activity; sid:37526051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 172.206.233.141 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.206.233.141"; classtype:trojan-activity; sid:37526061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.172.141.112 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.141.112"; classtype:trojan-activity; sid:37526071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.108.102 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.108.102"; classtype:trojan-activity; sid:37526081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 18.118.207.207 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 18.118.207.207"; classtype:trojan-activity; sid:37526091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 190.188.234.156 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.188.234.156"; classtype:trojan-activity; sid:37526101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 212.98.60.188 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.98.60.188"; classtype:trojan-activity; sid:37526111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 41.220.27.162 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.220.27.162"; classtype:trojan-activity; sid:37526121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.223.42.34 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.42.34"; classtype:trojan-activity; sid:37526131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.95.81.95 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.81.95"; classtype:trojan-activity; sid:37526141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.226.217.227 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.226.217.227"; classtype:trojan-activity; sid:37526151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.13.162.92 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.13.162.92"; classtype:trojan-activity; sid:37526161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 60.120.120.151 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.120.120.151"; classtype:trojan-activity; sid:37526171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.73.172 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.73.172"; classtype:trojan-activity; sid:37526181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 167.71.222.38 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.222.38"; classtype:trojan-activity; sid:37526191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.107.243 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.107.243"; classtype:trojan-activity; sid:37526201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 23.95.218.244 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.95.218.244"; classtype:trojan-activity; sid:37526211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.132.225.205 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.225.205"; classtype:trojan-activity; sid:37526221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.179.194 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.179.194"; classtype:trojan-activity; sid:37526231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.241.203 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.241.203"; classtype:trojan-activity; sid:37526241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 213.219.228.150 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.219.228.150"; classtype:trojan-activity; sid:37526251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 113.161.75.167 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.161.75.167"; classtype:trojan-activity; sid:37526261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.110.121 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.110.121"; classtype:trojan-activity; sid:37526271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 175.178.172.210 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.172.210"; classtype:trojan-activity; sid:37526281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 177.47.93.73 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.47.93.73"; classtype:trojan-activity; sid:37526291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 143.0.176.110 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.0.176.110"; classtype:trojan-activity; sid:37526301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.174.186.236 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.186.236"; classtype:trojan-activity; sid:37526311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 175.170.149.29 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.170.149.29"; classtype:trojan-activity; sid:37526321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 122.10.224.39 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.10.224.39"; classtype:trojan-activity; sid:37526331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 42.236.120.28 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.236.120.28"; classtype:trojan-activity; sid:37526341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.145.177 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.145.177"; classtype:trojan-activity; sid:37526351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 213.230.67.32 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.230.67.32"; classtype:trojan-activity; sid:37526361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip $HOME_NET any -> 83.137.157.54 9231 (msg: "MISP e26857 [] Outgoing To IP: 83.137.157.54|9231"; classtype:trojan-activity; sid:37568851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip 217.21.78.91 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.21.78.91"; classtype:trojan-activity; sid:37526371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 42.51.42.175 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.42.175"; classtype:trojan-activity; sid:37526381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.203.181 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.203.181"; classtype:trojan-activity; sid:37526391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 95.181.173.114 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.181.173.114"; classtype:trojan-activity; sid:37526401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.130.218.31 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.218.31"; classtype:trojan-activity; sid:37526411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 139.224.103.221 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.224.103.221"; classtype:trojan-activity; sid:37526421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 117.247.236.51 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.247.236.51"; classtype:trojan-activity; sid:37526431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 144.172.120.172 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.172.120.172"; classtype:trojan-activity; sid:37526441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 211.21.133.127 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.21.133.127"; classtype:trojan-activity; sid:37526451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 186.4.206.197 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.4.206.197"; classtype:trojan-activity; sid:37526461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.32.241.188 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.241.188"; classtype:trojan-activity; sid:37526471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 201.30.158.66 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.30.158.66"; classtype:trojan-activity; sid:37526481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.238.149 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.238.149"; classtype:trojan-activity; sid:37526491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 59.95.155.246 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.95.155.246"; classtype:trojan-activity; sid:37526501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.92.47.35 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.92.47.35"; classtype:trojan-activity; sid:37526511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 151.248.68.192 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.248.68.192"; classtype:trojan-activity; sid:37526521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.254.218 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.254.218"; classtype:trojan-activity; sid:37526531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.196.9.160 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.196.9.160"; classtype:trojan-activity; sid:37526541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.95.109 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.95.109"; classtype:trojan-activity; sid:37526551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.179.57.5 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.179.57.5"; classtype:trojan-activity; sid:37526561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.73.43.40 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.73.43.40"; classtype:trojan-activity; sid:37526571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 196.221.205.121 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.221.205.121"; classtype:trojan-activity; sid:37526581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 24.199.110.50 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.199.110.50"; classtype:trojan-activity; sid:37526591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 203.208.86.96 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.208.86.96"; classtype:trojan-activity; sid:37526601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.79.37.84 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.79.37.84"; classtype:trojan-activity; sid:37526611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 208.125.75.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.125.75.178"; classtype:trojan-activity; sid:37526621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 211.23.185.64 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.23.185.64"; classtype:trojan-activity; sid:37526631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.206.47 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.47"; classtype:trojan-activity; sid:37526641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 96.44.153.173 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.44.153.173"; classtype:trojan-activity; sid:37526651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 60.250.23.37 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.250.23.37"; classtype:trojan-activity; sid:37526661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 159.223.134.232 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.134.232"; classtype:trojan-activity; sid:37526671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 85.214.81.46 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.214.81.46"; classtype:trojan-activity; sid:37526681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.126.69.176 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.69.176"; classtype:trojan-activity; sid:37526691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 218.245.5.178 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.245.5.178"; classtype:trojan-activity; sid:37526701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.51.250.20 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.250.20"; classtype:trojan-activity; sid:37526711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.171.66 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.171.66"; classtype:trojan-activity; sid:37526721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.28.104.43 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.104.43"; classtype:trojan-activity; sid:37526731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.213.172.113 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.213.172.113"; classtype:trojan-activity; sid:37526741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 177.38.10.144 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.38.10.144"; classtype:trojan-activity; sid:37526751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.110.24.54 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.110.24.54"; classtype:trojan-activity; sid:37526761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 91.186.194.128 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.186.194.128"; classtype:trojan-activity; sid:37526771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 74.48.101.123 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.101.123"; classtype:trojan-activity; sid:37526781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 182.76.204.237 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.76.204.237"; classtype:trojan-activity; sid:37526791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 178.47.142.130 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.47.142.130"; classtype:trojan-activity; sid:37526801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 200.40.83.186 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.40.83.186"; classtype:trojan-activity; sid:37526811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 72.167.46.119 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.167.46.119"; classtype:trojan-activity; sid:37526821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 188.132.232.163 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.132.232.163"; classtype:trojan-activity; sid:37526831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 142.171.135.161 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.171.135.161"; classtype:trojan-activity; sid:37526841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 89.46.223.34 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.46.223.34"; classtype:trojan-activity; sid:37526851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 96.44.153.135 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.44.153.135"; classtype:trojan-activity; sid:37526861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.221.244.139 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.244.139"; classtype:trojan-activity; sid:37526871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.228.135.38 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.228.135.38"; classtype:trojan-activity; sid:37526881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 131.100.74.103 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 131.100.74.103"; classtype:trojan-activity; sid:37526891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.142.125 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.142.125"; classtype:trojan-activity; sid:37526901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 150.109.197.33 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.197.33"; classtype:trojan-activity; sid:37526911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.221.25 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.221.25"; classtype:trojan-activity; sid:37526921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.234.67 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.234.67"; classtype:trojan-activity; sid:37526931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 82.156.192.238 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.192.238"; classtype:trojan-activity; sid:37526941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 31.173.15.220 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.173.15.220"; classtype:trojan-activity; sid:37526951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 148.135.118.84 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.135.118.84"; classtype:trojan-activity; sid:37526961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.221.233.3 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.233.3"; classtype:trojan-activity; sid:37526971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 172.104.46.33 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.104.46.33"; classtype:trojan-activity; sid:37526981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 162.62.54.151 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.54.151"; classtype:trojan-activity; sid:37526991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 187.141.109.234 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.141.109.234"; classtype:trojan-activity; sid:37527001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 46.31.77.216 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.31.77.216"; classtype:trojan-activity; sid:37527011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.86.45.136 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.86.45.136"; classtype:trojan-activity; sid:37527021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 96.44.153.133 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.44.153.133"; classtype:trojan-activity; sid:37527031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 159.75.164.110 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.164.110"; classtype:trojan-activity; sid:37527041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 62.72.27.38 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.72.27.38"; classtype:trojan-activity; sid:37527051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 196.188.56.196 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.188.56.196"; classtype:trojan-activity; sid:37527061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.42.30 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.42.30"; classtype:trojan-activity; sid:37527071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.236.187.6 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.236.187.6"; classtype:trojan-activity; sid:37527081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 193.176.158.29 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.176.158.29"; classtype:trojan-activity; sid:37527091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.102.133 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.102.133"; classtype:trojan-activity; sid:37527101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 123.207.219.189 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.219.189"; classtype:trojan-activity; sid:37527111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 96.44.153.166 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.44.153.166"; classtype:trojan-activity; sid:37527121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 165.22.56.58 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.56.58"; classtype:trojan-activity; sid:37527131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.6.48 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.6.48"; classtype:trojan-activity; sid:37527141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.223.215.100 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.215.100"; classtype:trojan-activity; sid:37527151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 62.201.117.119 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.201.117.119"; classtype:trojan-activity; sid:37527161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.44.169 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.44.169"; classtype:trojan-activity; sid:37527171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 182.253.42.39 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.253.42.39"; classtype:trojan-activity; sid:37527181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 58.213.119.18 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.213.119.18"; classtype:trojan-activity; sid:37527191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.222.30.126 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.30.126"; classtype:trojan-activity; sid:37527201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.187.84 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.187.84"; classtype:trojan-activity; sid:37527211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.247.111 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.247.111"; classtype:trojan-activity; sid:37527221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 182.48.44.225 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.48.44.225"; classtype:trojan-activity; sid:37527231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 122.184.72.218 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.184.72.218"; classtype:trojan-activity; sid:37527241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 89.23.181.191 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.23.181.191"; classtype:trojan-activity; sid:37527251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 190.145.194.210 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.145.194.210"; classtype:trojan-activity; sid:37527261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 104.214.60.77 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.214.60.77"; classtype:trojan-activity; sid:37527271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.96.130.6 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.96.130.6"; classtype:trojan-activity; sid:37527281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 85.50.120.227 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.50.120.227"; classtype:trojan-activity; sid:37527291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 128.199.76.225 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.76.225"; classtype:trojan-activity; sid:37527301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.135.164.197 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.164.197"; classtype:trojan-activity; sid:37527311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 77.158.178.46 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.158.178.46"; classtype:trojan-activity; sid:37527321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 180.101.88.234 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.234"; classtype:trojan-activity; sid:37527331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 118.27.29.57 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.27.29.57"; classtype:trojan-activity; sid:37527341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.167.161 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.167.161"; classtype:trojan-activity; sid:37527351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 179.233.31.225 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.233.31.225"; classtype:trojan-activity; sid:37527361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.211.3 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.211.3"; classtype:trojan-activity; sid:37527371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.204.67 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.204.67"; classtype:trojan-activity; sid:37527381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.153.59.228 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.59.228"; classtype:trojan-activity; sid:37527391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.182.142 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.182.142"; classtype:trojan-activity; sid:37527401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.128.225.10 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.225.10"; classtype:trojan-activity; sid:37527411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.194.51 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.194.51"; classtype:trojan-activity; sid:37527421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 106.53.150.230 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.150.230"; classtype:trojan-activity; sid:37527431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.165.43 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.165.43"; classtype:trojan-activity; sid:37527441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.42.22.97 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.22.97"; classtype:trojan-activity; sid:37527451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 122.184.140.218 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.184.140.218"; classtype:trojan-activity; sid:37527461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 83.252.164.25 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.252.164.25"; classtype:trojan-activity; sid:37527471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.196.83 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.196.83"; classtype:trojan-activity; sid:37527481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.242.140 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.242.140"; classtype:trojan-activity; sid:37527491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.137.23 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.137.23"; classtype:trojan-activity; sid:37527501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 218.92.0.22 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.22"; classtype:trojan-activity; sid:37527511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 58.71.95.41 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.71.95.41"; classtype:trojan-activity; sid:37527521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 168.119.169.63 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.119.169.63"; classtype:trojan-activity; sid:37527531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.1.152 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.1.152"; classtype:trojan-activity; sid:37527541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 87.157.106.169 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.157.106.169"; classtype:trojan-activity; sid:37527551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.156.202.51 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.202.51"; classtype:trojan-activity; sid:37527561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 38.7.199.54 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.199.54"; classtype:trojan-activity; sid:37527571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 198.46.158.57 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.46.158.57"; classtype:trojan-activity; sid:37527581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 35.200.237.19 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.200.237.19"; classtype:trojan-activity; sid:37527591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.211.131 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.211.131"; classtype:trojan-activity; sid:37527601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.207.28 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.207.28"; classtype:trojan-activity; sid:37527611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 61.7.241.146 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.7.241.146"; classtype:trojan-activity; sid:37527621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.212.25.124 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.212.25.124"; classtype:trojan-activity; sid:37527631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 14.19.130.111 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.19.130.111"; classtype:trojan-activity; sid:37527641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 88.222.100.93 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.222.100.93"; classtype:trojan-activity; sid:37527651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.41.64.57 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.41.64.57"; classtype:trojan-activity; sid:37527661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 177.67.232.158 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.67.232.158"; classtype:trojan-activity; sid:37527671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 89.218.8.26 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.218.8.26"; classtype:trojan-activity; sid:37527681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 173.255.254.136 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.255.254.136"; classtype:trojan-activity; sid:37527691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 161.18.228.75 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.18.228.75"; classtype:trojan-activity; sid:37527701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 85.216.4.211 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.216.4.211"; classtype:trojan-activity; sid:37527711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.71.139 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.71.139"; classtype:trojan-activity; sid:37527721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.247.173.14 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.247.173.14"; classtype:trojan-activity; sid:37527731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 124.13.191.245 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.13.191.245"; classtype:trojan-activity; sid:37527741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 74.48.175.182 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.175.182"; classtype:trojan-activity; sid:37527751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 119.96.168.145 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.168.145"; classtype:trojan-activity; sid:37527761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 129.226.194.6 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.194.6"; classtype:trojan-activity; sid:37527771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 177.128.213.50 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.128.213.50"; classtype:trojan-activity; sid:37527781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.189.234.25 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.189.234.25"; classtype:trojan-activity; sid:37527791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 134.209.33.246 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.33.246"; classtype:trojan-activity; sid:37527801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 152.42.138.74 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.42.138.74"; classtype:trojan-activity; sid:37527811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.176.78.202 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.176.78.202"; classtype:trojan-activity; sid:37527821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 194.113.236.177 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.113.236.177"; classtype:trojan-activity; sid:37527831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 187.140.194.151 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.140.194.151"; classtype:trojan-activity; sid:37527841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 101.35.5.159 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.5.159"; classtype:trojan-activity; sid:37527851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 49.247.174.193 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.247.174.193"; classtype:trojan-activity; sid:37527861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 189.126.4.42 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.126.4.42"; classtype:trojan-activity; sid:37527871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 221.150.111.121 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.150.111.121"; classtype:trojan-activity; sid:37527881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 120.133.52.142 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.133.52.142"; classtype:trojan-activity; sid:37527891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 36.93.168.186 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.168.186"; classtype:trojan-activity; sid:37527901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 23.94.136.173 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.136.173"; classtype:trojan-activity; sid:37527911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 164.92.177.176 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.177.176"; classtype:trojan-activity; sid:37527921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.109.148 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.109.148"; classtype:trojan-activity; sid:37527931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 173.230.132.92 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.230.132.92"; classtype:trojan-activity; sid:37527941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 211.101.237.50 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.101.237.50"; classtype:trojan-activity; sid:37527951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.134.102.172 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.102.172"; classtype:trojan-activity; sid:37527961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.145.66 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.145.66"; classtype:trojan-activity; sid:37527971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 85.215.117.85 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.215.117.85"; classtype:trojan-activity; sid:37527981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 78.68.199.10 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.68.199.10"; classtype:trojan-activity; sid:37527991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 14.103.36.11 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.36.11"; classtype:trojan-activity; sid:37528001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 59.63.212.28 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.63.212.28"; classtype:trojan-activity; sid:37528011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 172.245.156.30 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.245.156.30"; classtype:trojan-activity; sid:37528021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 103.141.208.61 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.141.208.61"; classtype:trojan-activity; sid:37528031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.94.14 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.94.14"; classtype:trojan-activity; sid:37528041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 23.94.57.203 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.57.203"; classtype:trojan-activity; sid:37528051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.175.31.67 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.175.31.67"; classtype:trojan-activity; sid:37528061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 60.50.114.236 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.50.114.236"; classtype:trojan-activity; sid:37528071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 78.139.2.5 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.139.2.5"; classtype:trojan-activity; sid:37528081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 200.117.214.166 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.117.214.166"; classtype:trojan-activity; sid:37528091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 200.150.85.66 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.150.85.66"; classtype:trojan-activity; sid:37528101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 171.76.82.194 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.76.82.194"; classtype:trojan-activity; sid:37528111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 152.67.248.66 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.67.248.66"; classtype:trojan-activity; sid:37528121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.131.45.64 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.45.64"; classtype:trojan-activity; sid:37528131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 218.70.106.202 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.70.106.202"; classtype:trojan-activity; sid:37528141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.138 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.138"; classtype:trojan-activity; sid:37528151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.222.97 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.222.97"; classtype:trojan-activity; sid:37528161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.174 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.174"; classtype:trojan-activity; sid:37528171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.132 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.132"; classtype:trojan-activity; sid:37528181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.163.218.130 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.218.130"; classtype:trojan-activity; sid:37528191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.191 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.191"; classtype:trojan-activity; sid:37528201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 107.174.11.250 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.11.250"; classtype:trojan-activity; sid:37528211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.171 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.171"; classtype:trojan-activity; sid:37528221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 68.183.157.235 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.157.235"; classtype:trojan-activity; sid:37528231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.98 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.98"; classtype:trojan-activity; sid:37528241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.158 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.158"; classtype:trojan-activity; sid:37528251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.133.173.223 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.173.223"; classtype:trojan-activity; sid:37528261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.246.188.140 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.246.188.140"; classtype:trojan-activity; sid:37528271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.118.146.109 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.118.146.109"; classtype:trojan-activity; sid:37528281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.149 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.149"; classtype:trojan-activity; sid:37528291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 83.6.22.49 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.6.22.49"; classtype:trojan-activity; sid:37528301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 179.43.159.195 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.43.159.195"; classtype:trojan-activity; sid:37528311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 192.42.116.23 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.42.116.23"; classtype:trojan-activity; sid:37528321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 43.155.181.229 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.181.229"; classtype:trojan-activity; sid:37528331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 128.199.201.57 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.201.57"; classtype:trojan-activity; sid:37528341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 192.42.116.17 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.42.116.17"; classtype:trojan-activity; sid:37528351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 89.147.109.226 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.147.109.226"; classtype:trojan-activity; sid:37528361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 45.183.247.34 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.183.247.34"; classtype:trojan-activity; sid:37528371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 209.141.62.71 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.141.62.71"; classtype:trojan-activity; sid:37528381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 138.2.80.10 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.2.80.10"; classtype:trojan-activity; sid:37528391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 143.198.53.154 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.53.154"; classtype:trojan-activity; sid:37528401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 95.143.193.125 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.143.193.125"; classtype:trojan-activity; sid:37528411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 38.242.236.92 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.242.236.92"; classtype:trojan-activity; sid:37528421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 116.110.214.232 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.110.214.232"; classtype:trojan-activity; sid:37528431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.170.114.25 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.170.114.25"; classtype:trojan-activity; sid:37528441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 178.175.131.141 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.175.131.141"; classtype:trojan-activity; sid:37528451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 185.220.101.189 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.189"; classtype:trojan-activity; sid:37528461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip $HOME_NET any -> 45.15.156.167 any (msg: "MISP e26700 [] Outgoing To IP: 45.15.156.167"; classtype:trojan-activity; sid:37528991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26700;) alert dns any any -> any any (msg: "MISP e26790 [] Domain owanemnoicsecure.com"; dns.query; content:"owanemnoicsecure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])owanemnoicsecure\.com$/i"; classtype:trojan-activity; sid:37568121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Domain owanemnoicsecure.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"owanemnoicsecure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])owanemnoicsecure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27002 [] Source Email Address: geral@centralcash.pt"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"geral@centralcash.pt"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37761461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27002;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27002 [] Bad Email Subject"; flow:established,to_server; content:"Subject|3a|"; nocase; content:"PURCHASE ORDER #00911890"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37761471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27002;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27002 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"IMG #00911890.pdf.rar|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37761481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27002;) alert ip 200.68.105.9 any -> $HOME_NET any (msg: "MISP e27002 [] Incoming From IP: 200.68.105.9"; classtype:trojan-activity; sid:37761491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27002;) alert ip 88.157.208.198 any -> $HOME_NET any (msg: "MISP e27002 [] Incoming From IP: 88.157.208.198"; classtype:trojan-activity; sid:37761501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27002;) alert http $HOME_NET any -> 101.201.46.105 8989 (msg: "MISP e26691 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938] Outgoing URL http|3a|//101.201.46.105|3a|8989/en_us/all.js"; flow:to_server,established; http.header; content:"101.201.46.105"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37513981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26691 [dcrat] Outgoing URL http|3a|//cs52010.tw1.ru/_defaultwindows.php"; flow:to_server,established; http.header; content:"cs52010.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37513991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//cs52010.tw1.ru/_Defaultwindows.php"; flow:to_server,established; http.header; content:"cs52010.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_Defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37568861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 101.201.46.105 8989 (msg: "MISP e26857 [] Outgoing URL http|3a|//101.201.46.105|3a|8989/en_US/all.js"; flow:to_server,established; http.header; content:"101.201.46.105"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37568871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26691 [CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//service-mlanbdgq-1301500665.gz.tencentapigw.com.cn/api/x"; flow:to_server,established; http.header; content:"service-mlanbdgq-1301500665.gz.tencentapigw.com.cn"; fast_pattern; nocase; http.uri; content:"/api/x"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37514031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert dns any any -> any any (msg: "MISP e26691 [CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Domain service-mlanbdgq-1301500665.gz.tencentapigw.com.cn"; dns.query; content:"service-mlanbdgq-1301500665.gz.tencentapigw.com.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-mlanbdgq\-1301500665\.gz\.tencentapigw\.com\.cn$/i"; classtype:trojan-activity; sid:37514041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain service-mlanbdgq-1301500665.gz.tencentapigw.com.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-mlanbdgq-1301500665.gz.tencentapigw.com.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-mlanbdgq\-1301500665\.gz\.tencentapigw\.com\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37514042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 8.222.165.110 $HTTP_PORTS (msg: "MISP e26691 [Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//8.222.165.110/__utm.gif"; flow:to_server,established; http.header; content:"8.222.165.110"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37514051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 107.189.14.144 8080 (msg: "MISP e26691 [CobaltStrike,cs-watermark-987654321,PONYNET] Outgoing URL http|3a|//107.189.14.144|3a|8080/match"; flow:to_server,established; http.header; content:"107.189.14.144"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37514061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 107.189.14.144 8080 (msg: "MISP e26857 [] Outgoing URL http|3a|//107.189.14.144|3a|8080/match"; flow:to_server,established; http.header; content:"107.189.14.144"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37568891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 8.222.165.110 $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//8.222.165.110/__utm.gif"; flow:to_server,established; http.header; content:"8.222.165.110"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37568901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//service-mlanbdgq-1301500665.gz.tencentapigw.com.cn/api/x"; flow:to_server,established; http.header; content:"service-mlanbdgq-1301500665.gz.tencentapigw.com.cn"; fast_pattern; nocase; http.uri; content:"/api/x"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37568911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain service-mlanbdgq-1301500665.gz.tencentapigw.com.cn"; dns.query; content:"service-mlanbdgq-1301500665.gz.tencentapigw.com.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-mlanbdgq\-1301500665\.gz\.tencentapigw\.com\.cn$/i"; classtype:trojan-activity; sid:37568921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain service-mlanbdgq-1301500665.gz.tencentapigw.com.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-mlanbdgq-1301500665.gz.tencentapigw.com.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-mlanbdgq\-1301500665\.gz\.tencentapigw\.com\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26726 [] Domain e.lt-dok-informacija.net"; dns.query; content:"e.lt-dok-informacija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net$/i"; classtype:trojan-activity; sid:37533821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26726;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26726 [] Outgoing HTTP Domain e.lt-dok-informacija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-informacija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37533822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26726;) alert dns any any -> any any (msg: "MISP e26707 [] Domain e.lt-dok-informacija.net"; dns.query; content:"e.lt-dok-informacija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net$/i"; classtype:trojan-activity; sid:37529371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26707;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26707 [] Outgoing HTTP Domain e.lt-dok-informacija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-informacija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37529372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26707;) alert ip $HOME_NET any -> 109.248.151.96 52048 (msg: "MISP e26691 [remcos] Outgoing To IP: 109.248.151.96|52048"; classtype:trojan-activity; sid:37514081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 109.248.151.96 52048 (msg: "MISP e26857 [] Outgoing To IP: 109.248.151.96|52048"; classtype:trojan-activity; sid:37568961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26689 [] Source Email Address: copycolor@copycolor.com.ar"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"copycolor@copycolor.com.ar"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37513121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26689;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26689 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"devuelto_Pagos.PDF.uue|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37513141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26689;) alert ip 190.111.115.19 any -> $HOME_NET any (msg: "MISP e26689 [] Incoming From IP: 190.111.115.19"; classtype:trojan-activity; sid:37513161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26689;) alert dns any any -> any any (msg: "MISP e26689 [] Domain correo.transdatos.net.ar"; dns.query; content:"correo.transdatos.net.ar"; nocase; pcre: "/(^|[^A-Za-z0-9-])correo\.transdatos\.net\.ar$/i"; classtype:trojan-activity; sid:37513171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26689;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26689 [] Outgoing HTTP Domain correo.transdatos.net.ar"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correo.transdatos.net.ar"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correo\.transdatos\.net\.ar[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37513172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26689;) alert dns any any -> any any (msg: "MISP e26706 [] Domain e.lt-dok-informacija.net"; dns.query; content:"e.lt-dok-informacija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net$/i"; classtype:trojan-activity; sid:37529341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26706;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26706 [] Outgoing HTTP Domain e.lt-dok-informacija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-informacija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37529342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26706;) alert dns any any -> any any (msg: "MISP e26725 [] Domain e.lt-dok-informacija.net"; dns.query; content:"e.lt-dok-informacija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net$/i"; classtype:trojan-activity; sid:37533791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26725;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26725 [] Outgoing HTTP Domain e.lt-dok-informacija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-informacija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37533792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26725;) alert dns any any -> any any (msg: "MISP e26702 [] Domain e.lt-dok-informacija.net"; dns.query; content:"e.lt-dok-informacija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net$/i"; classtype:trojan-activity; sid:37529021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26702;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26702 [] Outgoing HTTP Domain e.lt-dok-informacija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-informacija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37529022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26702;) alert dns any any -> any any (msg: "MISP e26691 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Domain service-qzxfb4ay-1318428097.gz.tencentapigw.com.cn"; dns.query; content:"service-qzxfb4ay-1318428097.gz.tencentapigw.com.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-qzxfb4ay\-1318428097\.gz\.tencentapigw\.com\.cn$/i"; classtype:trojan-activity; sid:37514111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain service-qzxfb4ay-1318428097.gz.tencentapigw.com.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-qzxfb4ay-1318428097.gz.tencentapigw.com.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-qzxfb4ay\-1318428097\.gz\.tencentapigw\.com\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37514112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert dns any any -> any any (msg: "MISP e26714 [] Domain e.lt-dok-informacija.net"; dns.query; content:"e.lt-dok-informacija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net$/i"; classtype:trojan-activity; sid:37532861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26714 [] Outgoing HTTP Domain e.lt-dok-informacija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-informacija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37532862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26714;) alert dns any any -> any any (msg: "MISP e26729 [] Domain e.lt-dok-informacija.net"; dns.query; content:"e.lt-dok-informacija.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net$/i"; classtype:trojan-activity; sid:37534741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26729 [] Outgoing HTTP Domain e.lt-dok-informacija.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-informacija.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-informacija\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37534742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26729;) alert dns any any -> any any (msg: "MISP e26857 [] Domain service-qzxfb4ay-1318428097.gz.tencentapigw.com.cn"; dns.query; content:"service-qzxfb4ay-1318428097.gz.tencentapigw.com.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-qzxfb4ay\-1318428097\.gz\.tencentapigw\.com\.cn$/i"; classtype:trojan-activity; sid:37568981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain service-qzxfb4ay-1318428097.gz.tencentapigw.com.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-qzxfb4ay-1318428097.gz.tencentapigw.com.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-qzxfb4ay\-1318428097\.gz\.tencentapigw\.com\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain mangaforme.cloud"; dns.query; content:"mangaforme.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])mangaforme\.cloud$/i"; classtype:trojan-activity; sid:37569001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain mangaforme.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mangaforme.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mangaforme\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37569002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 91.108.240.151 $HTTP_PORTS (msg: "MISP e26691 [Stealc] Outgoing URL http|3a|//91.108.240.151/5441a82c9941418d.php"; flow:to_server,established; http.header; content:"91.108.240.151"; fast_pattern; nocase; http.uri; content:"/5441a82c9941418d.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37514131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 91.108.240.151 $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//91.108.240.151/5441a82c9941418d.php"; flow:to_server,established; http.header; content:"91.108.240.151"; fast_pattern; nocase; http.uri; content:"/5441a82c9941418d.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37569011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain net-killer.servehttp.com"; dns.query; content:"net-killer.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com$/i"; classtype:trojan-activity; sid:37569021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain net-killer.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"net-killer.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37569022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26855 [] Outgoing URL connection.lockscreen.kro.kr/index.php"; flow:to_server,established; http.uri; content:"connection.lockscreen.kro.kr/index.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37567411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26855 [] Outgoing URL updating.dothome.co.kr/microsoft/app/google"; flow:to_server,established; http.uri; content:"updating.dothome.co.kr/microsoft/app/google"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37567421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert dns any any -> any any (msg: "MISP e26855 [] Domain chrysalisc.com"; dns.query; content:"chrysalisc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])chrysalisc\.com$/i"; classtype:trojan-activity; sid:37567431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26855 [] Outgoing HTTP Domain chrysalisc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chrysalisc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chrysalisc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37567432; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert dns any any -> any any (msg: "MISP e26855 [] Domain sifucanva.com"; dns.query; content:"sifucanva.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sifucanva\.com$/i"; classtype:trojan-activity; sid:37567441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26855 [] Outgoing HTTP Domain sifucanva.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sifucanva.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sifucanva\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37567442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert dns any any -> any any (msg: "MISP e26855 [] Hostname thefrostery.co.uk"; dns.query; content:"thefrostery.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thefrostery\.co\.uk$/i"; classtype:trojan-activity; sid:37567451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26855 [] Outgoing HTTP Hostname thefrostery.co.uk"; flow:to_server,established; http.header; content: "Host|3a| thefrostery.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thefrostery\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37567452; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert dns any any -> any any (msg: "MISP e26855 [] Domain rginfotechnology.com"; dns.query; content:"rginfotechnology.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rginfotechnology\.com$/i"; classtype:trojan-activity; sid:37567461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26855 [] Outgoing HTTP Domain rginfotechnology.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rginfotechnology.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rginfotechnology\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37567462; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert dns any any -> any any (msg: "MISP e26855 [] Domain job4writers.com"; dns.query; content:"job4writers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])job4writers\.com$/i"; classtype:trojan-activity; sid:37567471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26855 [] Outgoing HTTP Domain job4writers.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"job4writers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])job4writers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37567472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert dns any any -> any any (msg: "MISP e26855 [] Hostname contact.rgssm.in"; dns.query; content:"contact.rgssm.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])contact\.rgssm\.in$/i"; classtype:trojan-activity; sid:37567481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26855 [] Outgoing HTTP Hostname contact.rgssm.in"; flow:to_server,established; http.header; content: "Host|3a| contact.rgssm.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])contact\.rgssm\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37567482; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26855;) alert dns any any -> any any (msg: "MISP e26691 [njrat,RAT] Domain mangaforme.cloud"; dns.query; content:"mangaforme.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])mangaforme\.cloud$/i"; classtype:trojan-activity; sid:37514121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [njrat,RAT] Outgoing HTTP Domain mangaforme.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mangaforme.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mangaforme\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37514122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert dns any any -> any any (msg: "MISP e26712 [] Domain criminalmw.fun"; dns.query; content:"criminalmw.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])criminalmw\.fun$/i"; classtype:trojan-activity; sid:37532771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26712;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26712 [] Outgoing HTTP Domain criminalmw.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"criminalmw.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])criminalmw\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37532772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26712;) alert dns any any -> any any (msg: "MISP e26712 [] Domain droidweb.net"; dns.query; content:"droidweb.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])droidweb\.net$/i"; classtype:trojan-activity; sid:37532781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26712;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26712 [] Outgoing HTTP Domain droidweb.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"droidweb.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])droidweb\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37532782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26712;) alert ip $HOME_NET any -> 46.246.12.11 2054 (msg: "MISP e26691 [njrat] Outgoing To IP: 46.246.12.11|2054"; classtype:trojan-activity; sid:37514141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 46.246.12.11 2054 (msg: "MISP e26857 [] Outgoing To IP: 46.246.12.11|2054"; classtype:trojan-activity; sid:37569031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 80.66.89.64 32557 (msg: "MISP e26691 [RedLineStealer] Outgoing To IP: 80.66.89.64|32557"; classtype:trojan-activity; sid:37514151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 80.66.89.64 32557 (msg: "MISP e26857 [] Outgoing To IP: 80.66.89.64|32557"; classtype:trojan-activity; sid:37569041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 123.20.56.214 7777 (msg: "MISP e26691 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//123.20.56.214|3a|7777/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"123.20.56.214"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37514171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26691 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//service-bvvdi136-1317500845.gz.tencentapigw.com/ca"; flow:to_server,established; http.header; content:"service-bvvdi136-1317500845.gz.tencentapigw.com"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37514191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26691 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//122.51.220.170/match"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37514221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//122.51.220.170/match"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37569051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//service-bvvdi136-1317500845.gz.tencentapigw.com/ca"; flow:to_server,established; http.header; content:"service-bvvdi136-1317500845.gz.tencentapigw.com"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37569081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 123.20.56.214 7777 (msg: "MISP e26857 [] Outgoing URL http|3a|//123.20.56.214|3a|7777/IE9CompatViewList.xml"; flow:to_server,established; http.header; content:"123.20.56.214"; fast_pattern; nocase; http.uri; content:"/IE9CompatViewList.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37569101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain net-killer.online"; dns.query; content:"net-killer.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.online$/i"; classtype:trojan-activity; sid:37569121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain net-killer.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"net-killer.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])net\-killer\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37569122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain botnet.serveblog.net"; dns.query; content:"botnet.serveblog.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.serveblog\.net$/i"; classtype:trojan-activity; sid:37569131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain botnet.serveblog.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.serveblog.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.serveblog\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37569132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 193.233.132.81 50500 (msg: "MISP e26691 [RiseProStealer] Outgoing To IP: 193.233.132.81|50500"; classtype:trojan-activity; sid:37514231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 193.233.132.81 50500 (msg: "MISP e26857 [] Outgoing To IP: 193.233.132.81|50500"; classtype:trojan-activity; sid:37569141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 77.83.242.244 1664 (msg: "MISP e26691 [RedLineStealer] Outgoing To IP: 77.83.242.244|1664"; classtype:trojan-activity; sid:37514241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 89.117.23.34 any (msg: "MISP e26577 [] Outgoing To IP: 89.117.23.34"; classtype:trojan-activity; sid:37567941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 89.117.23.185 any (msg: "MISP e26577 [] Outgoing To IP: 89.117.23.185"; classtype:trojan-activity; sid:37567951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 141.95.106.106 any (msg: "MISP e26577 [] Outgoing To IP: 141.95.106.106"; classtype:trojan-activity; sid:37567961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 57.128.165.176 any (msg: "MISP e26577 [] Outgoing To IP: 57.128.165.176"; classtype:trojan-activity; sid:37567971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 154.12.248.41 any (msg: "MISP e26577 [] Outgoing To IP: 154.12.248.41"; classtype:trojan-activity; sid:37567981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 145.239.135.24 any (msg: "MISP e26577 [] Outgoing To IP: 145.239.135.24"; classtype:trojan-activity; sid:37567991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 89.117.23.186 any (msg: "MISP e26577 [] Outgoing To IP: 89.117.23.186"; classtype:trojan-activity; sid:37568001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 148.113.141.220 any (msg: "MISP e26577 [] Outgoing To IP: 148.113.141.220"; classtype:trojan-activity; sid:37568011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 154.38.175.241 any (msg: "MISP e26577 [] Outgoing To IP: 154.38.175.241"; classtype:trojan-activity; sid:37568021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 109.199.99.131 any (msg: "MISP e26577 [] Outgoing To IP: 109.199.99.131"; classtype:trojan-activity; sid:37568031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 154.12.233.66 any (msg: "MISP e26577 [] Outgoing To IP: 154.12.233.66"; classtype:trojan-activity; sid:37568041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert dns any any -> any any (msg: "MISP e26577 [] Domain vendercompany.com"; dns.query; content:"vendercompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vendercompany\.com$/i"; classtype:trojan-activity; sid:37568051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26577 [] Outgoing HTTP Domain vendercompany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vendercompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vendercompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568052; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert dns any any -> any any (msg: "MISP e26577 [] Domain allterra24.com"; dns.query; content:"allterra24.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])allterra24\.com$/i"; classtype:trojan-activity; sid:37568061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26577 [] Outgoing HTTP Domain allterra24.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"allterra24.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])allterra24\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568062; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert dns any any -> any any (msg: "MISP e26577 [] Domain funredblog.com"; dns.query; content:"funredblog.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])funredblog\.com$/i"; classtype:trojan-activity; sid:37568071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26577 [] Outgoing HTTP Domain funredblog.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"funredblog.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])funredblog\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert dns any any -> any any (msg: "MISP e26577 [] Domain introwebllc.com"; dns.query; content:"introwebllc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])introwebllc\.com$/i"; classtype:trojan-activity; sid:37568081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26577 [] Outgoing HTTP Domain introwebllc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"introwebllc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])introwebllc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568082; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26577;) alert ip $HOME_NET any -> 81.31.197.38 53 (msg: "MISP e26691 [dns] Outgoing To IP: 81.31.197.38|53"; classtype:trojan-activity; sid:37514281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 152.89.198.214 53 (msg: "MISP e26691 [dns] Outgoing To IP: 152.89.198.214|53"; classtype:trojan-activity; sid:37514271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 91.211.247.248 53 (msg: "MISP e26691 [dns] Outgoing To IP: 91.211.247.248|53"; classtype:trojan-activity; sid:37514261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 217.23.9.168 53 (msg: "MISP e26691 [dns] Outgoing To IP: 217.23.9.168|53"; classtype:trojan-activity; sid:37514251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 217.23.9.168 53 (msg: "MISP e26857 [] Outgoing To IP: 217.23.9.168|53"; classtype:trojan-activity; sid:37569151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 91.211.247.248 53 (msg: "MISP e26857 [] Outgoing To IP: 91.211.247.248|53"; classtype:trojan-activity; sid:37569161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 152.89.198.214 53 (msg: "MISP e26857 [] Outgoing To IP: 152.89.198.214|53"; classtype:trojan-activity; sid:37569171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 81.31.197.38 53 (msg: "MISP e26857 [] Outgoing To IP: 81.31.197.38|53"; classtype:trojan-activity; sid:37569181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 77.83.242.244 1664 (msg: "MISP e26857 [] Outgoing To IP: 77.83.242.244|1664"; classtype:trojan-activity; sid:37569191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain 714745cm.nyashland.top"; dns.query; content:"714745cm.nyashland.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])714745cm\.nyashland\.top$/i"; classtype:trojan-activity; sid:37569201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain 714745cm.nyashland.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"714745cm.nyashland.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])714745cm\.nyashland\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37569202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 114.132.41.186 81 (msg: "MISP e26691 [AS45090,c2,censys] Outgoing To IP: 114.132.41.186|81"; classtype:trojan-activity; sid:37514291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 154.3.8.55 443 (msg: "MISP e26691 [AS63916,c2,censys] Outgoing To IP: 154.3.8.55|443"; classtype:trojan-activity; sid:37514301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 42.192.37.195 80 (msg: "MISP e26691 [AS45090,c2,censys] Outgoing To IP: 42.192.37.195|80"; classtype:trojan-activity; sid:37514311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 78.40.116.82 443 (msg: "MISP e26691 [ALEXHOST,AS200019,c2,censys] Outgoing To IP: 78.40.116.82|443"; classtype:trojan-activity; sid:37514321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 154.92.18.140 8880 (msg: "MISP e26691 [AS142403,c2,censys] Outgoing To IP: 154.92.18.140|8880"; classtype:trojan-activity; sid:37514331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 13.72.106.240 80 (msg: "MISP e26691 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 13.72.106.240|80"; classtype:trojan-activity; sid:37514341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 39.100.90.171 80 (msg: "MISP e26691 [AS37963,c2,censys] Outgoing To IP: 39.100.90.171|80"; classtype:trojan-activity; sid:37514351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 128.199.252.34 8080 (msg: "MISP e26691 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 128.199.252.34|8080"; classtype:trojan-activity; sid:37514361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 1.14.255.248 443 (msg: "MISP e26691 [AS45090,c2,censys] Outgoing To IP: 1.14.255.248|443"; classtype:trojan-activity; sid:37514371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 149.104.23.176 8080 (msg: "MISP e26691 [AS932,c2,censys,XNNET] Outgoing To IP: 149.104.23.176|8080"; classtype:trojan-activity; sid:37514381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 8.210.229.211 8090 (msg: "MISP e26691 [AS45102,c2,censys] Outgoing To IP: 8.210.229.211|8090"; classtype:trojan-activity; sid:37514391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e26691 [AS55990,c2,censys] Outgoing To IP: 1.94.110.130|808"; classtype:trojan-activity; sid:37514401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 101.201.100.74 8888 (msg: "MISP e26691 [AS37963,c2,censys] Outgoing To IP: 101.201.100.74|8888"; classtype:trojan-activity; sid:37514411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 43.142.183.159 8080 (msg: "MISP e26691 [AS45090,c2,censys] Outgoing To IP: 43.142.183.159|8080"; classtype:trojan-activity; sid:37514421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 40.113.7.196 443 (msg: "MISP e26691 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 40.113.7.196|443"; classtype:trojan-activity; sid:37514431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 154.9.255.31 9999 (msg: "MISP e26691 [AS979,c2,censys,NETLAB-SDN] Outgoing To IP: 154.9.255.31|9999"; classtype:trojan-activity; sid:37514441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 112.74.72.133 8080 (msg: "MISP e26691 [AS37963,c2,censys] Outgoing To IP: 112.74.72.133|8080"; classtype:trojan-activity; sid:37514451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 123.57.235.196 8888 (msg: "MISP e26691 [AS37963,c2,censys] Outgoing To IP: 123.57.235.196|8888"; classtype:trojan-activity; sid:37514461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 1.14.69.16 443 (msg: "MISP e26691 [AS45090,c2,censys] Outgoing To IP: 1.14.69.16|443"; classtype:trojan-activity; sid:37514471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 31.156.119.149 88 (msg: "MISP e26691 [AS30722,c2,censys,VODAFONE-IT-ASN] Outgoing To IP: 31.156.119.149|88"; classtype:trojan-activity; sid:37514481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 69.172.74.108 4443 (msg: "MISP e26691 [AS135373,c2,censys] Outgoing To IP: 69.172.74.108|4443"; classtype:trojan-activity; sid:37514491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 103.146.179.82 8888 (msg: "MISP e26691 [AS136933,c2,censys,Supershell] Outgoing To IP: 103.146.179.82|8888"; classtype:trojan-activity; sid:37514501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 91.92.243.63 5000 (msg: "MISP e26691 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.243.63|5000"; classtype:trojan-activity; sid:37514511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 85.215.197.98 8888 (msg: "MISP e26691 [AS6724,c2,censys,RAT] Outgoing To IP: 85.215.197.98|8888"; classtype:trojan-activity; sid:37514521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 45.88.186.65 8808 (msg: "MISP e26691 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 45.88.186.65|8808"; classtype:trojan-activity; sid:37514531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 38.242.236.116 7707 (msg: "MISP e26691 [AS51167,c2,censys,CONTABO,RAT] Outgoing To IP: 38.242.236.116|7707"; classtype:trojan-activity; sid:37514541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 85.239.237.148 2006 (msg: "MISP e26691 [AS40021,c2,censys,NL-811-40021,RAT] Outgoing To IP: 85.239.237.148|2006"; classtype:trojan-activity; sid:37514551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert dns any any -> any any (msg: "MISP e26691 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain evgenytchurakin1.fvds.ru"; dns.query; content:"evgenytchurakin1.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin1\.fvds\.ru$/i"; classtype:trojan-activity; sid:37514561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain evgenytchurakin1.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"evgenytchurakin1.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin1\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37514562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 92.63.98.227 80 (msg: "MISP e26691 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 92.63.98.227|80"; classtype:trojan-activity; sid:37514571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert dns any any -> any any (msg: "MISP e26691 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Domain ok.system-samsung.com"; dns.query; content:"ok.system-samsung.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.system\-samsung\.com$/i"; classtype:trojan-activity; sid:37514581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Outgoing HTTP Domain ok.system-samsung.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ok.system-samsung.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.system\-samsung\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37514582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 45.94.31.31 80 (msg: "MISP e26691 [AS210558,botnet,c2,censys,Scarab] Outgoing To IP: 45.94.31.31|80"; classtype:trojan-activity; sid:37514591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 191.82.250.214 2000 (msg: "MISP e26691 [AS22927,c2,censys,RAT] Outgoing To IP: 191.82.250.214|2000"; classtype:trojan-activity; sid:37514601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 94.156.66.50 82 (msg: "MISP e26691 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 94.156.66.50|82"; classtype:trojan-activity; sid:37514611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 45.84.198.9 30120 (msg: "MISP e26691 [AS49581,c2,censys,FERDINANDZINK,RAT] Outgoing To IP: 45.84.198.9|30120"; classtype:trojan-activity; sid:37514621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert dns any any -> any any (msg: "MISP e26691 [AS40021,c2,censys,NL-811-40021,RAT] Domain www.liceback.online"; dns.query; content:"www.liceback.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.liceback\.online$/i"; classtype:trojan-activity; sid:37514631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [AS40021,c2,censys,NL-811-40021,RAT] Outgoing HTTP Domain www.liceback.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.liceback.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.liceback\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37514632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 193.181.41.109 443 (msg: "MISP e26691 [AS1299,c2,censys,RAT] Outgoing To IP: 193.181.41.109|443"; classtype:trojan-activity; sid:37514641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 1492 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|1492"; classtype:trojan-activity; sid:37514651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 47800 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|47800"; classtype:trojan-activity; sid:37514661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 636 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|636"; classtype:trojan-activity; sid:37514671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 4721 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|4721"; classtype:trojan-activity; sid:37514681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 8080 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|8080"; classtype:trojan-activity; sid:37514691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 13999 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|13999"; classtype:trojan-activity; sid:37514701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 49502 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|49502"; classtype:trojan-activity; sid:37514711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 4125 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|4125"; classtype:trojan-activity; sid:37514721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 40022 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|40022"; classtype:trojan-activity; sid:37514731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 39109 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|39109"; classtype:trojan-activity; sid:37514741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 40961 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|40961"; classtype:trojan-activity; sid:37514751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 56597 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|56597"; classtype:trojan-activity; sid:37514761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 18080 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|18080"; classtype:trojan-activity; sid:37514771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 26641 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|26641"; classtype:trojan-activity; sid:37514781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 40240 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|40240"; classtype:trojan-activity; sid:37514791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 65245 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|65245"; classtype:trojan-activity; sid:37514801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 1024 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|1024"; classtype:trojan-activity; sid:37514811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 1883 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|1883"; classtype:trojan-activity; sid:37514821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 4433 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|4433"; classtype:trojan-activity; sid:37514831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 5060 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|5060"; classtype:trojan-activity; sid:37514841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 8088 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|8088"; classtype:trojan-activity; sid:37514851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 8418 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|8418"; classtype:trojan-activity; sid:37514861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 29975 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|29975"; classtype:trojan-activity; sid:37514871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 36249 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|36249"; classtype:trojan-activity; sid:37514881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 4572 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|4572"; classtype:trojan-activity; sid:37514891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 7077 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|7077"; classtype:trojan-activity; sid:37514901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 13946 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|13946"; classtype:trojan-activity; sid:37514911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 25516 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|25516"; classtype:trojan-activity; sid:37514921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 50995 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|50995"; classtype:trojan-activity; sid:37514931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 58603 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|58603"; classtype:trojan-activity; sid:37514941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 21 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|21"; classtype:trojan-activity; sid:37514951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 4444 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|4444"; classtype:trojan-activity; sid:37514961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 18084 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|18084"; classtype:trojan-activity; sid:37514971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 53311 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|53311"; classtype:trojan-activity; sid:37514981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 2455 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|2455"; classtype:trojan-activity; sid:37514991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 56832 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|56832"; classtype:trojan-activity; sid:37515001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 9653 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|9653"; classtype:trojan-activity; sid:37515011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 26238 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|26238"; classtype:trojan-activity; sid:37515021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 27049 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|27049"; classtype:trojan-activity; sid:37515031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 2380 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|2380"; classtype:trojan-activity; sid:37515041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 51005 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|51005"; classtype:trojan-activity; sid:37515051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 2053 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|2053"; classtype:trojan-activity; sid:37515061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 8082 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|8082"; classtype:trojan-activity; sid:37515071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 41489 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|41489"; classtype:trojan-activity; sid:37515081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 389 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|389"; classtype:trojan-activity; sid:37515091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 2404 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|2404"; classtype:trojan-activity; sid:37515101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 17393 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|17393"; classtype:trojan-activity; sid:37515111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 27646 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|27646"; classtype:trojan-activity; sid:37515121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 48087 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|48087"; classtype:trojan-activity; sid:37515131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 57609 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|57609"; classtype:trojan-activity; sid:37515141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 465 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|465"; classtype:trojan-activity; sid:37515151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 631 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|631"; classtype:trojan-activity; sid:37515161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 2004 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|2004"; classtype:trojan-activity; sid:37515171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 9142 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|9142"; classtype:trojan-activity; sid:37515181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 36945 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|36945"; classtype:trojan-activity; sid:37515191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 102.117.113.205 63696 (msg: "MISP e26691 [AS23889,c2,censys,MauritiusTelecom,RAT] Outgoing To IP: 102.117.113.205|63696"; classtype:trojan-activity; sid:37515201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 212.47.244.109 443 (msg: "MISP e26691 [AS12876,c2,censys] Outgoing To IP: 212.47.244.109|443"; classtype:trojan-activity; sid:37515211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert dns any any -> any any (msg: "MISP e26691 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain kendraesparza.autos"; dns.query; content:"kendraesparza.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])kendraesparza\.autos$/i"; classtype:trojan-activity; sid:37515221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain kendraesparza.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kendraesparza.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kendraesparza\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37515222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 82.115.223.46 7777 (msg: "MISP e26691 [AS215789,c2,censys,KARINAR,RAT] Outgoing To IP: 82.115.223.46|7777"; classtype:trojan-activity; sid:37515231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 164.90.183.39 443 (msg: "MISP e26691 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 164.90.183.39|443"; classtype:trojan-activity; sid:37515241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 77.105.132.58 80 (msg: "MISP e26691 [AS215481,c2,censys,Silence] Outgoing To IP: 77.105.132.58|80"; classtype:trojan-activity; sid:37515251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 77.105.132.58 8080 (msg: "MISP e26691 [AS215481,c2,censys,Silence] Outgoing To IP: 77.105.132.58|8080"; classtype:trojan-activity; sid:37515261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 49.13.170.9 5000 (msg: "MISP e26691 [AS24940,botnet,byob,c2,censys,HETZNER-AS] Outgoing To IP: 49.13.170.9|5000"; classtype:trojan-activity; sid:37515271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 34.230.177.18 443 (msg: "MISP e26691 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 34.230.177.18|443"; classtype:trojan-activity; sid:37515281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 38.6.167.222 80 (msg: "MISP e26691 [AS55933,c2,censys,UNAM] Outgoing To IP: 38.6.167.222|80"; classtype:trojan-activity; sid:37515291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 38.6.167.222 443 (msg: "MISP e26691 [AS55933,c2,censys,UNAM] Outgoing To IP: 38.6.167.222|443"; classtype:trojan-activity; sid:37515301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert dns any any -> any any (msg: "MISP e26691 [AS-REG,AS197695,c2,censys,UNAM] Domain webpanel.space"; dns.query; content:"webpanel.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])webpanel\.space$/i"; classtype:trojan-activity; sid:37515311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [AS-REG,AS197695,c2,censys,UNAM] Outgoing HTTP Domain webpanel.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webpanel.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webpanel\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37515312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 165.154.55.190 60000 (msg: "MISP e26691 [AS135377,censys,Viper] Outgoing To IP: 165.154.55.190|60000"; classtype:trojan-activity; sid:37515321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 103.139.93.20 60000 (msg: "MISP e26691 [AS137443,censys,Viper] Outgoing To IP: 103.139.93.20|60000"; classtype:trojan-activity; sid:37515331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 107.151.244.111 60000 (msg: "MISP e26691 [AS137443,censys,Viper] Outgoing To IP: 107.151.244.111|60000"; classtype:trojan-activity; sid:37515341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 139.59.80.33 443 (msg: "MISP e26691 [AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,phishing] Outgoing To IP: 139.59.80.33|443"; classtype:trojan-activity; sid:37515351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 54.173.139.125 443 (msg: "MISP e26691 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 54.173.139.125|443"; classtype:trojan-activity; sid:37515361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 116.202.176.116 1403 (msg: "MISP e26691 [AS24940,censys,GoPhish,HETZNER-AS,phishing] Outgoing To IP: 116.202.176.116|1403"; classtype:trojan-activity; sid:37515371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 185.119.57.49 3333 (msg: "MISP e26691 [AS9123,censys,GoPhish,phishing,TIMEWEB-AS] Outgoing To IP: 185.119.57.49|3333"; classtype:trojan-activity; sid:37515381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 34.163.246.120 443 (msg: "MISP e26691 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.163.246.120|443"; classtype:trojan-activity; sid:37515391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 212.81.188.105 3333 (msg: "MISP e26691 [AS3262,censys,GoPhish,phishing,SARENET] Outgoing To IP: 212.81.188.105|3333"; classtype:trojan-activity; sid:37515401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 34.122.164.64 443 (msg: "MISP e26691 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.122.164.64|443"; classtype:trojan-activity; sid:37515411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 51.159.183.32 443 (msg: "MISP e26691 [AS12876,c2,censys] Outgoing To IP: 51.159.183.32|443"; classtype:trojan-activity; sid:37515421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 94.198.50.195 8000 (msg: "MISP e26691 [AS56694,c2,censys,SMARTAPE] Outgoing To IP: 94.198.50.195|8000"; classtype:trojan-activity; sid:37515431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 94.198.50.195 8000 (msg: "MISP e26857 [] Outgoing To IP: 94.198.50.195|8000"; classtype:trojan-activity; sid:37569211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 51.159.183.32 443 (msg: "MISP e26857 [] Outgoing To IP: 51.159.183.32|443"; classtype:trojan-activity; sid:37569221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 34.122.164.64 443 (msg: "MISP e26857 [] Outgoing To IP: 34.122.164.64|443"; classtype:trojan-activity; sid:37569231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 212.81.188.105 3333 (msg: "MISP e26857 [] Outgoing To IP: 212.81.188.105|3333"; classtype:trojan-activity; sid:37569241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 34.163.246.120 443 (msg: "MISP e26857 [] Outgoing To IP: 34.163.246.120|443"; classtype:trojan-activity; sid:37569251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 185.119.57.49 3333 (msg: "MISP e26857 [] Outgoing To IP: 185.119.57.49|3333"; classtype:trojan-activity; sid:37569261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 116.202.176.116 1403 (msg: "MISP e26857 [] Outgoing To IP: 116.202.176.116|1403"; classtype:trojan-activity; sid:37569271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 54.173.139.125 443 (msg: "MISP e26857 [] Outgoing To IP: 54.173.139.125|443"; classtype:trojan-activity; sid:37569281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 139.59.80.33 443 (msg: "MISP e26857 [] Outgoing To IP: 139.59.80.33|443"; classtype:trojan-activity; sid:37569291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 107.151.244.111 60000 (msg: "MISP e26857 [] Outgoing To IP: 107.151.244.111|60000"; classtype:trojan-activity; sid:37569301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 165.154.55.190 60000 (msg: "MISP e26857 [] Outgoing To IP: 165.154.55.190|60000"; classtype:trojan-activity; sid:37569311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 103.139.93.20 60000 (msg: "MISP e26857 [] Outgoing To IP: 103.139.93.20|60000"; classtype:trojan-activity; sid:37569321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain webpanel.space"; dns.query; content:"webpanel.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])webpanel\.space$/i"; classtype:trojan-activity; sid:37569331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain webpanel.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webpanel.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webpanel\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37569332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 38.6.167.222 443 (msg: "MISP e26857 [] Outgoing To IP: 38.6.167.222|443"; classtype:trojan-activity; sid:37569341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 38.6.167.222 80 (msg: "MISP e26857 [] Outgoing To IP: 38.6.167.222|80"; classtype:trojan-activity; sid:37569351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 34.230.177.18 443 (msg: "MISP e26857 [] Outgoing To IP: 34.230.177.18|443"; classtype:trojan-activity; sid:37569361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 49.13.170.9 5000 (msg: "MISP e26857 [] Outgoing To IP: 49.13.170.9|5000"; classtype:trojan-activity; sid:37569371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 77.105.132.58 8080 (msg: "MISP e26857 [] Outgoing To IP: 77.105.132.58|8080"; classtype:trojan-activity; sid:37569381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 77.105.132.58 80 (msg: "MISP e26857 [] Outgoing To IP: 77.105.132.58|80"; classtype:trojan-activity; sid:37569391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 164.90.183.39 443 (msg: "MISP e26857 [] Outgoing To IP: 164.90.183.39|443"; classtype:trojan-activity; sid:37569401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 82.115.223.46 7777 (msg: "MISP e26857 [] Outgoing To IP: 82.115.223.46|7777"; classtype:trojan-activity; sid:37569411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain kendraesparza.autos"; dns.query; content:"kendraesparza.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])kendraesparza\.autos$/i"; classtype:trojan-activity; sid:37569421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain kendraesparza.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kendraesparza.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kendraesparza\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37569422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 212.47.244.109 443 (msg: "MISP e26857 [] Outgoing To IP: 212.47.244.109|443"; classtype:trojan-activity; sid:37569431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 63696 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|63696"; classtype:trojan-activity; sid:37569441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 9142 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|9142"; classtype:trojan-activity; sid:37569451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 36945 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|36945"; classtype:trojan-activity; sid:37569461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 2004 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|2004"; classtype:trojan-activity; sid:37569471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 465 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|465"; classtype:trojan-activity; sid:37569481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 631 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|631"; classtype:trojan-activity; sid:37569491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 57609 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|57609"; classtype:trojan-activity; sid:37569501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 48087 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|48087"; classtype:trojan-activity; sid:37569511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 17393 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|17393"; classtype:trojan-activity; sid:37569521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 27646 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|27646"; classtype:trojan-activity; sid:37569531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 2404 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|2404"; classtype:trojan-activity; sid:37569541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 41489 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|41489"; classtype:trojan-activity; sid:37569551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 389 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|389"; classtype:trojan-activity; sid:37569561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 8082 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|8082"; classtype:trojan-activity; sid:37569571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 51005 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|51005"; classtype:trojan-activity; sid:37569581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 2053 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|2053"; classtype:trojan-activity; sid:37569591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 2380 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|2380"; classtype:trojan-activity; sid:37569601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 27049 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|27049"; classtype:trojan-activity; sid:37569611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 9653 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|9653"; classtype:trojan-activity; sid:37569621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 26238 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|26238"; classtype:trojan-activity; sid:37569631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 2455 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|2455"; classtype:trojan-activity; sid:37569641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 56832 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|56832"; classtype:trojan-activity; sid:37569651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 53311 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|53311"; classtype:trojan-activity; sid:37569661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 4444 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|4444"; classtype:trojan-activity; sid:37569671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 18084 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|18084"; classtype:trojan-activity; sid:37569681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 21 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|21"; classtype:trojan-activity; sid:37569691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 50995 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|50995"; classtype:trojan-activity; sid:37569701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 58603 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|58603"; classtype:trojan-activity; sid:37569711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 25516 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|25516"; classtype:trojan-activity; sid:37569721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 13946 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|13946"; classtype:trojan-activity; sid:37569731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 4572 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|4572"; classtype:trojan-activity; sid:37569741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 7077 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|7077"; classtype:trojan-activity; sid:37569751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 36249 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|36249"; classtype:trojan-activity; sid:37569761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 8418 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|8418"; classtype:trojan-activity; sid:37569771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 29975 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|29975"; classtype:trojan-activity; sid:37569781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 8088 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|8088"; classtype:trojan-activity; sid:37569791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 4433 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|4433"; classtype:trojan-activity; sid:37569801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 5060 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|5060"; classtype:trojan-activity; sid:37569811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 1883 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|1883"; classtype:trojan-activity; sid:37569821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 1024 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|1024"; classtype:trojan-activity; sid:37569831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 40240 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|40240"; classtype:trojan-activity; sid:37569841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 65245 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|65245"; classtype:trojan-activity; sid:37569851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 26641 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|26641"; classtype:trojan-activity; sid:37569861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 56597 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|56597"; classtype:trojan-activity; sid:37569871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 18080 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|18080"; classtype:trojan-activity; sid:37569881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 40961 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|40961"; classtype:trojan-activity; sid:37569891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 40022 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|40022"; classtype:trojan-activity; sid:37569901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 39109 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|39109"; classtype:trojan-activity; sid:37569911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 4125 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|4125"; classtype:trojan-activity; sid:37569921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 13999 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|13999"; classtype:trojan-activity; sid:37569931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 49502 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|49502"; classtype:trojan-activity; sid:37569941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 8080 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|8080"; classtype:trojan-activity; sid:37569951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 636 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|636"; classtype:trojan-activity; sid:37569961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 4721 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|4721"; classtype:trojan-activity; sid:37569971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 47800 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|47800"; classtype:trojan-activity; sid:37569981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 193.181.41.109 443 (msg: "MISP e26857 [] Outgoing To IP: 193.181.41.109|443"; classtype:trojan-activity; sid:37569991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 102.117.113.205 1492 (msg: "MISP e26857 [] Outgoing To IP: 102.117.113.205|1492"; classtype:trojan-activity; sid:37570001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain www.liceback.online"; dns.query; content:"www.liceback.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.liceback\.online$/i"; classtype:trojan-activity; sid:37570011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain www.liceback.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.liceback.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.liceback\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 94.156.66.50 82 (msg: "MISP e26857 [] Outgoing To IP: 94.156.66.50|82"; classtype:trojan-activity; sid:37570021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 45.84.198.9 30120 (msg: "MISP e26857 [] Outgoing To IP: 45.84.198.9|30120"; classtype:trojan-activity; sid:37570031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 191.82.250.214 2000 (msg: "MISP e26857 [] Outgoing To IP: 191.82.250.214|2000"; classtype:trojan-activity; sid:37570041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 45.94.31.31 80 (msg: "MISP e26857 [] Outgoing To IP: 45.94.31.31|80"; classtype:trojan-activity; sid:37570051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain ok.system-samsung.com"; dns.query; content:"ok.system-samsung.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.system\-samsung\.com$/i"; classtype:trojan-activity; sid:37570061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain ok.system-samsung.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ok.system-samsung.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.system\-samsung\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 92.63.98.227 80 (msg: "MISP e26857 [] Outgoing To IP: 92.63.98.227|80"; classtype:trojan-activity; sid:37570071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain evgenytchurakin1.fvds.ru"; dns.query; content:"evgenytchurakin1.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin1\.fvds\.ru$/i"; classtype:trojan-activity; sid:37570081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain evgenytchurakin1.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"evgenytchurakin1.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])evgenytchurakin1\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 38.242.236.116 7707 (msg: "MISP e26857 [] Outgoing To IP: 38.242.236.116|7707"; classtype:trojan-activity; sid:37570091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 85.239.237.148 2006 (msg: "MISP e26857 [] Outgoing To IP: 85.239.237.148|2006"; classtype:trojan-activity; sid:37570101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 45.88.186.65 8808 (msg: "MISP e26857 [] Outgoing To IP: 45.88.186.65|8808"; classtype:trojan-activity; sid:37570111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 85.215.197.98 8888 (msg: "MISP e26857 [] Outgoing To IP: 85.215.197.98|8888"; classtype:trojan-activity; sid:37570121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 91.92.243.63 5000 (msg: "MISP e26857 [] Outgoing To IP: 91.92.243.63|5000"; classtype:trojan-activity; sid:37570131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 103.146.179.82 8888 (msg: "MISP e26857 [] Outgoing To IP: 103.146.179.82|8888"; classtype:trojan-activity; sid:37570141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 69.172.74.108 4443 (msg: "MISP e26857 [] Outgoing To IP: 69.172.74.108|4443"; classtype:trojan-activity; sid:37570151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 31.156.119.149 88 (msg: "MISP e26857 [] Outgoing To IP: 31.156.119.149|88"; classtype:trojan-activity; sid:37570161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 1.14.69.16 443 (msg: "MISP e26857 [] Outgoing To IP: 1.14.69.16|443"; classtype:trojan-activity; sid:37570171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 123.57.235.196 8888 (msg: "MISP e26857 [] Outgoing To IP: 123.57.235.196|8888"; classtype:trojan-activity; sid:37570181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 112.74.72.133 8080 (msg: "MISP e26857 [] Outgoing To IP: 112.74.72.133|8080"; classtype:trojan-activity; sid:37570191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 154.9.255.31 9999 (msg: "MISP e26857 [] Outgoing To IP: 154.9.255.31|9999"; classtype:trojan-activity; sid:37570201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 40.113.7.196 443 (msg: "MISP e26857 [] Outgoing To IP: 40.113.7.196|443"; classtype:trojan-activity; sid:37570211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 43.142.183.159 8080 (msg: "MISP e26857 [] Outgoing To IP: 43.142.183.159|8080"; classtype:trojan-activity; sid:37570221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e26857 [] Outgoing To IP: 1.94.110.130|808"; classtype:trojan-activity; sid:37570231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 101.201.100.74 8888 (msg: "MISP e26857 [] Outgoing To IP: 101.201.100.74|8888"; classtype:trojan-activity; sid:37570241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 8.210.229.211 8090 (msg: "MISP e26857 [] Outgoing To IP: 8.210.229.211|8090"; classtype:trojan-activity; sid:37570251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 149.104.23.176 8080 (msg: "MISP e26857 [] Outgoing To IP: 149.104.23.176|8080"; classtype:trojan-activity; sid:37570261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 128.199.252.34 8080 (msg: "MISP e26857 [] Outgoing To IP: 128.199.252.34|8080"; classtype:trojan-activity; sid:37570271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 1.14.255.248 443 (msg: "MISP e26857 [] Outgoing To IP: 1.14.255.248|443"; classtype:trojan-activity; sid:37570281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 39.100.90.171 80 (msg: "MISP e26857 [] Outgoing To IP: 39.100.90.171|80"; classtype:trojan-activity; sid:37570291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 13.72.106.240 80 (msg: "MISP e26857 [] Outgoing To IP: 13.72.106.240|80"; classtype:trojan-activity; sid:37570301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 154.92.18.140 8880 (msg: "MISP e26857 [] Outgoing To IP: 154.92.18.140|8880"; classtype:trojan-activity; sid:37570311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 78.40.116.82 443 (msg: "MISP e26857 [] Outgoing To IP: 78.40.116.82|443"; classtype:trojan-activity; sid:37570321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 154.3.8.55 443 (msg: "MISP e26857 [] Outgoing To IP: 154.3.8.55|443"; classtype:trojan-activity; sid:37570331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 42.192.37.195 80 (msg: "MISP e26857 [] Outgoing To IP: 42.192.37.195|80"; classtype:trojan-activity; sid:37570341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 114.132.41.186 81 (msg: "MISP e26857 [] Outgoing To IP: 114.132.41.186|81"; classtype:trojan-activity; sid:37570351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26856 [] Domain ee-delfinews.shop"; dns.query; content:"ee-delfinews.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])ee\-delfinews\.shop$/i"; classtype:trojan-activity; sid:37568111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26856;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26856 [] Outgoing HTTP Domain ee-delfinews.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ee-delfinews.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ee\-delfinews\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26856;) alert ip $HOME_NET any -> 193.233.132.81 8081 (msg: "MISP e26691 [Risepro,ViriBack] Outgoing To IP: 193.233.132.81|8081"; classtype:trojan-activity; sid:37515441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 193.233.132.81 8081 (msg: "MISP e26857 [] Outgoing To IP: 193.233.132.81|8081"; classtype:trojan-activity; sid:37570361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 94.156.8.100 $HTTP_PORTS (msg: "MISP e26691 [Stealc] Outgoing URL http|3a|//94.156.8.100/5dce321003e6a6b5.php"; flow:to_server,established; http.header; content:"94.156.8.100"; fast_pattern; nocase; http.uri; content:"/5dce321003e6a6b5.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37515451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26728 [] Outgoing URL http|3a|//nlbklik-02-20-gl.on-eu.icu/nlbpay"; flow:to_server,established; http.header; content:"nlbklik-02-20-gl.on-eu.icu"; fast_pattern; nocase; http.uri; content:"/nlbpay"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37534731; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26728;) alert http $HOME_NET any -> 94.156.8.100 $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//94.156.8.100/5dce321003e6a6b5.php"; flow:to_server,established; http.header; content:"94.156.8.100"; fast_pattern; nocase; http.uri; content:"/5dce321003e6a6b5.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37570371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 129.159.55.240 56636 (msg: "MISP e26857 [] Outgoing To IP: 129.159.55.240|56636"; classtype:trojan-activity; sid:37570381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 149.50.209.216 43957 (msg: "MISP e26857 [] Outgoing To IP: 149.50.209.216|43957"; classtype:trojan-activity; sid:37570391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 185.196.9.72 56537 (msg: "MISP e26857 [] Outgoing To IP: 185.196.9.72|56537"; classtype:trojan-activity; sid:37570401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 141.98.11.208 16837 (msg: "MISP e26857 [] Outgoing To IP: 141.98.11.208|16837"; classtype:trojan-activity; sid:37570411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 1.162.151.116 39167 (msg: "MISP e26857 [] Outgoing To IP: 1.162.151.116|39167"; classtype:trojan-activity; sid:37570421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 103.106.228.99 11259 (msg: "MISP e26857 [] Outgoing To IP: 103.106.228.99|11259"; classtype:trojan-activity; sid:37570431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 111.243.109.76 41465 (msg: "MISP e26857 [] Outgoing To IP: 111.243.109.76|41465"; classtype:trojan-activity; sid:37570441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain weilaibot.net"; dns.query; content:"weilaibot.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])weilaibot\.net$/i"; classtype:trojan-activity; sid:37570451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain weilaibot.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"weilaibot.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])weilaibot\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain zunbot.awuam.com"; dns.query; content:"zunbot.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zunbot\.awuam\.com$/i"; classtype:trojan-activity; sid:37570461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain zunbot.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zunbot.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zunbot\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain mirailovers.ddns.net"; dns.query; content:"mirailovers.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mirailovers\.ddns\.net$/i"; classtype:trojan-activity; sid:37570471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain mirailovers.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mirailovers.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mirailovers\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain nw.awuam.com"; dns.query; content:"nw.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nw\.awuam\.com$/i"; classtype:trojan-activity; sid:37570481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain nw.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nw.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nw\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain qwerty.awuam.com"; dns.query; content:"qwerty.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qwerty\.awuam\.com$/i"; classtype:trojan-activity; sid:37570491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain qwerty.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qwerty.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qwerty\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain bots.awuam.com"; dns.query; content:"bots.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bots\.awuam\.com$/i"; classtype:trojan-activity; sid:37570501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain bots.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bots.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bots\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain feckoffbr0.sbs"; dns.query; content:"feckoffbr0.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])feckoffbr0\.sbs$/i"; classtype:trojan-activity; sid:37570511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain feckoffbr0.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"feckoffbr0.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])feckoffbr0\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain ddns.awuam.com"; dns.query; content:"ddns.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ddns\.awuam\.com$/i"; classtype:trojan-activity; sid:37570521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain ddns.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ddns.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ddns\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain ddos.sdxpay.cn"; dns.query; content:"ddos.sdxpay.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])ddos\.sdxpay\.cn$/i"; classtype:trojan-activity; sid:37570531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain ddos.sdxpay.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ddos.sdxpay.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ddos\.sdxpay\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain ackcm.awuam.com"; dns.query; content:"ackcm.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ackcm\.awuam\.com$/i"; classtype:trojan-activity; sid:37570541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain ackcm.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ackcm.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ackcm\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain awuam.com"; dns.query; content:"awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])awuam\.com$/i"; classtype:trojan-activity; sid:37570551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain botnet.awuam.com"; dns.query; content:"botnet.awuam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.awuam\.com$/i"; classtype:trojan-activity; sid:37570561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain botnet.awuam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.awuam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.awuam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 185.196.9.72 62452 (msg: "MISP e26857 [] Outgoing To IP: 185.196.9.72|62452"; classtype:trojan-activity; sid:37570571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 199.195.249.78 13145 (msg: "MISP e26857 [] Outgoing To IP: 199.195.249.78|13145"; classtype:trojan-activity; sid:37570581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 46.3.113.170 8778 (msg: "MISP e26857 [] Outgoing To IP: 46.3.113.170|8778"; classtype:trojan-activity; sid:37570591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 93.123.85.174 9931 (msg: "MISP e26857 [] Outgoing To IP: 93.123.85.174|9931"; classtype:trojan-activity; sid:37570601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26722 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//r9ou2v.innovationstrategy.biz.id/?"; flow:to_server,established; http.header; content:"r9ou2v.innovationstrategy.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37533671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26722;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26722 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//nWajp.lingualdo.ru.com/?1/"; flow:to_server,established; http.header; content:"nWajp.lingualdo.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37533681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26722;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26722 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//yoa8w.sardinha.za.com/?1/"; flow:to_server,established; http.header; content:"yoa8w.sardinha.za.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37533691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26722;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26722 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//eeoea.peixegato.ru.com/?1/"; flow:to_server,established; http.header; content:"eeoea.peixegato.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37533701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26722;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26722 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//wjiu5v.managements.biz.id/?5/"; flow:to_server,established; http.header; content:"wjiu5v.managements.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37533711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26722;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e26691 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.110.130|3a|808/match"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37515461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 89.248.225.196 443 (msg: "MISP e26691 [NetSupport] Outgoing To IP: 89.248.225.196|443"; classtype:trojan-activity; sid:37515471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 62.133.62.61 any (msg: "MISP e26699 [] Outgoing To IP: 62.133.62.61"; classtype:trojan-activity; sid:37528571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 62.133.62.73 any (msg: "MISP e26699 [] Outgoing To IP: 62.133.62.73"; classtype:trojan-activity; sid:37528581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 46.29.234.192 any (msg: "MISP e26699 [] Outgoing To IP: 46.29.234.192"; classtype:trojan-activity; sid:37528591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 78.153.139.198 any (msg: "MISP e26699 [] Outgoing To IP: 78.153.139.198"; classtype:trojan-activity; sid:37528601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 81.19.139.22 any (msg: "MISP e26699 [] Outgoing To IP: 81.19.139.22"; classtype:trojan-activity; sid:37528611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 45.95.233.5 any (msg: "MISP e26699 [] Outgoing To IP: 45.95.233.5"; classtype:trojan-activity; sid:37528621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 78.153.139.241 any (msg: "MISP e26699 [] Outgoing To IP: 78.153.139.241"; classtype:trojan-activity; sid:37528631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 45.95.232.241 any (msg: "MISP e26699 [] Outgoing To IP: 45.95.232.241"; classtype:trojan-activity; sid:37528641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 45.95.232.138 any (msg: "MISP e26699 [] Outgoing To IP: 45.95.232.138"; classtype:trojan-activity; sid:37528651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 194.58.112.174 any (msg: "MISP e26699 [] Outgoing To IP: 194.58.112.174"; classtype:trojan-activity; sid:37528661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 92.118.112.251 any (msg: "MISP e26699 [] Outgoing To IP: 92.118.112.251"; classtype:trojan-activity; sid:37528671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 193.32.176.121 any (msg: "MISP e26699 [] Outgoing To IP: 193.32.176.121"; classtype:trojan-activity; sid:37528681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 45.82.13.179 any (msg: "MISP e26699 [] Outgoing To IP: 45.82.13.179"; classtype:trojan-activity; sid:37528691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 45.82.13.165 any (msg: "MISP e26699 [] Outgoing To IP: 45.82.13.165"; classtype:trojan-activity; sid:37528701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert dns any any -> any any (msg: "MISP e26699 [] Domain vifpor.ru"; dns.query; content:"vifpor.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])vifpor\.ru$/i"; classtype:trojan-activity; sid:37528711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26699 [] Outgoing HTTP Domain vifpor.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vifpor.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vifpor\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37528712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 162.252.172.57 any (msg: "MISP e26699 [] Outgoing To IP: 162.252.172.57"; classtype:trojan-activity; sid:37528721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert http $HOME_NET any -> 193.32.176.47 $HTTP_PORTS (msg: "MISP e26699 [] Outgoing URL http|3a|//193.32.176.47/link.php"; flow:to_server,established; http.header; content:"193.32.176.47"; fast_pattern; nocase; http.uri; content:"/link.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37528731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26699 [] Outgoing URL t.me/s/ycavkafoprm"; flow:to_server,established; http.uri; content:"t.me/s/ycavkafoprm"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37528761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26699;) alert ip $HOME_NET any -> 89.248.225.196 443 (msg: "MISP e26857 [] Outgoing To IP: 89.248.225.196|443"; classtype:trojan-activity; sid:37570611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e26857 [] Outgoing URL http|3a|//1.94.110.130|3a|808/match"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37570621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain discounts-ptclnetpk.servehttp.com"; dns.query; content:"discounts-ptclnetpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])discounts\-ptclnetpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37570631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain discounts-ptclnetpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"discounts-ptclnetpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])discounts\-ptclnetpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain offers-ptclnetpk.serveftp.com"; dns.query; content:"offers-ptclnetpk.serveftp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com$/i"; classtype:trojan-activity; sid:37570641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain offers-ptclnetpk.serveftp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"offers-ptclnetpk.serveftp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])offers\-ptclnetpk\.serveftp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain rewards-ptclnetpk.viewdns.net"; dns.query; content:"rewards-ptclnetpk.viewdns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])rewards\-ptclnetpk\.viewdns\.net$/i"; classtype:trojan-activity; sid:37570651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain rewards-ptclnetpk.viewdns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rewards-ptclnetpk.viewdns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rewards\-ptclnetpk\.viewdns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 51.159.167.215 34241 (msg: "MISP e26857 [] Outgoing To IP: 51.159.167.215|34241"; classtype:trojan-activity; sid:37570661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain visualstudiomacupdate.com"; dns.query; content:"visualstudiomacupdate.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])visualstudiomacupdate\.com$/i"; classtype:trojan-activity; sid:37570671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain visualstudiomacupdate.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"visualstudiomacupdate.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])visualstudiomacupdate\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 172.234.224.39 $HTTP_PORTS (msg: "MISP e27001 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//172.234.224.39/210001/SVD.txt"; flow:to_server,established; http.header; content:"172.234.224.39"; fast_pattern; nocase; http.uri; content:"/210001/SVD.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37761241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27001;) alert ip $HOME_NET any -> 38.132.122.178 8443 (msg: "MISP e26691 [M247,sliver] Outgoing To IP: 38.132.122.178|8443"; classtype:trojan-activity; sid:37515481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 147.182.158.99 7443 (msg: "MISP e26691 [DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 147.182.158.99|7443"; classtype:trojan-activity; sid:37515491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 159.100.6.118 443 (msg: "MISP e26691 [DE-FIRSTCOLO firstcolo.net,Responder] Outgoing To IP: 159.100.6.118|443"; classtype:trojan-activity; sid:37515501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 159.223.178.234 443 (msg: "MISP e26691 [DIGITALOCEAN-ASN,Responder] Outgoing To IP: 159.223.178.234|443"; classtype:trojan-activity; sid:37515511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 104.248.1.234 443 (msg: "MISP e26691 [DIGITALOCEAN-ASN,Responder] Outgoing To IP: 104.248.1.234|443"; classtype:trojan-activity; sid:37515521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 103.92.113.14 443 (msg: "MISP e26691 [NETVSN-AS-IN Netvision Awadh Networks Private Limited,QakBot] Outgoing To IP: 103.92.113.14|443"; classtype:trojan-activity; sid:37515531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 2.6.198.137 2222 (msg: "MISP e26691 [France Telecom - Orange,QakBot] Outgoing To IP: 2.6.198.137|2222"; classtype:trojan-activity; sid:37515541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 41.227.100.131 443 (msg: "MISP e26691 [GLOBALNET-AS,QakBot] Outgoing To IP: 41.227.100.131|443"; classtype:trojan-activity; sid:37515551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 39.40.162.179 995 (msg: "MISP e26691 [PKTELECOM-AS-PK Pakistan Telecommunication Company Limited,QakBot] Outgoing To IP: 39.40.162.179|995"; classtype:trojan-activity; sid:37515561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 41.250.184.191 995 (msg: "MISP e26691 [MT-MPLS,QakBot] Outgoing To IP: 41.250.184.191|995"; classtype:trojan-activity; sid:37515571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 72.27.83.111 443 (msg: "MISP e26691 [FLOW-NET,QakBot] Outgoing To IP: 72.27.83.111|443"; classtype:trojan-activity; sid:37515581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 45.32.204.175 2222 (msg: "MISP e26691 [AS-CHOOPA,Pikabot] Outgoing To IP: 45.32.204.175|2222"; classtype:trojan-activity; sid:37515591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 45.77.55.133 2078 (msg: "MISP e26691 [AS-CHOOPA,Pikabot] Outgoing To IP: 45.77.55.133|2078"; classtype:trojan-activity; sid:37515601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 72.27.83.111 443 (msg: "MISP e26857 [] Outgoing To IP: 72.27.83.111|443"; classtype:trojan-activity; sid:37570681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 41.250.184.191 995 (msg: "MISP e26857 [] Outgoing To IP: 41.250.184.191|995"; classtype:trojan-activity; sid:37570691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 39.40.162.179 995 (msg: "MISP e26857 [] Outgoing To IP: 39.40.162.179|995"; classtype:trojan-activity; sid:37570701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 41.227.100.131 443 (msg: "MISP e26857 [] Outgoing To IP: 41.227.100.131|443"; classtype:trojan-activity; sid:37570711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 2.6.198.137 2222 (msg: "MISP e26857 [] Outgoing To IP: 2.6.198.137|2222"; classtype:trojan-activity; sid:37570721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 103.92.113.14 443 (msg: "MISP e26857 [] Outgoing To IP: 103.92.113.14|443"; classtype:trojan-activity; sid:37570731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 104.248.1.234 443 (msg: "MISP e26857 [] Outgoing To IP: 104.248.1.234|443"; classtype:trojan-activity; sid:37570741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 159.223.178.234 443 (msg: "MISP e26857 [] Outgoing To IP: 159.223.178.234|443"; classtype:trojan-activity; sid:37570751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 159.100.6.118 443 (msg: "MISP e26857 [] Outgoing To IP: 159.100.6.118|443"; classtype:trojan-activity; sid:37570761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 147.182.158.99 7443 (msg: "MISP e26857 [] Outgoing To IP: 147.182.158.99|7443"; classtype:trojan-activity; sid:37570771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 38.132.122.178 8443 (msg: "MISP e26857 [] Outgoing To IP: 38.132.122.178|8443"; classtype:trojan-activity; sid:37570781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26691 [CobaltStrike,cs-watermark-390427329] Domain sudarshanadisk.com"; dns.query; content:"sudarshanadisk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sudarshanadisk\.com$/i"; classtype:trojan-activity; sid:37515611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [CobaltStrike,cs-watermark-390427329] Outgoing HTTP Domain sudarshanadisk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sudarshanadisk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sudarshanadisk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37515612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 40.127.104.147 443 (msg: "MISP e26691 [CobaltStrike,cs-watermark-390427329] Outgoing To IP: 40.127.104.147|443"; classtype:trojan-activity; sid:37515621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 40.127.104.147 443 (msg: "MISP e26857 [] Outgoing To IP: 40.127.104.147|443"; classtype:trojan-activity; sid:37570791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain sudarshanadisk.com"; dns.query; content:"sudarshanadisk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sudarshanadisk\.com$/i"; classtype:trojan-activity; sid:37570801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain sudarshanadisk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sudarshanadisk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sudarshanadisk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 45.77.55.133 2078 (msg: "MISP e26857 [] Outgoing To IP: 45.77.55.133|2078"; classtype:trojan-activity; sid:37570811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 45.32.204.175 2222 (msg: "MISP e26857 [] Outgoing To IP: 45.32.204.175|2222"; classtype:trojan-activity; sid:37570821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26691 [CobaltStrike,cs-watermark-391144938] Domain chrome-online.site"; dns.query; content:"chrome-online.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])chrome\-online\.site$/i"; classtype:trojan-activity; sid:37515631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26691 [CobaltStrike,cs-watermark-391144938] Outgoing HTTP Domain chrome-online.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chrome-online.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chrome\-online\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37515632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 5.75.210.22 443 (msg: "MISP e26691 [RedLineStealer] Outgoing To IP: 5.75.210.22|443"; classtype:trojan-activity; sid:37515641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 5.75.210.22 443 (msg: "MISP e26857 [] Outgoing To IP: 5.75.210.22|443"; classtype:trojan-activity; sid:37570831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain chrome-online.site"; dns.query; content:"chrome-online.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])chrome\-online\.site$/i"; classtype:trojan-activity; sid:37570841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain chrome-online.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chrome-online.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chrome\-online\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 20.218.68.91 13817 (msg: "MISP e26857 [] Outgoing To IP: 20.218.68.91|13817"; classtype:trojan-activity; sid:37570851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 3.127.138.57 13627 (msg: "MISP e26857 [] Outgoing To IP: 3.127.138.57|13627"; classtype:trojan-activity; sid:37570861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 185.172.128.33 8970 (msg: "MISP e26857 [] Outgoing To IP: 185.172.128.33|8970"; classtype:trojan-activity; sid:37570871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 103.183.115.241 $HTTP_PORTS (msg: "MISP e26703 [] Outgoing URL http|3a|//103.183.115.241/NguxStoiauhccvQclG223.bin"; flow:to_server,established; http.header; content:"103.183.115.241"; fast_pattern; nocase; http.uri; content:"/NguxStoiauhccvQclG223.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37529051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26703;) alert ip $HOME_NET any -> 103.183.115.241 any (msg: "MISP e26703 [] Outgoing To IP: 103.183.115.241"; classtype:trojan-activity; sid:37529061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26703;) alert ip $HOME_NET any -> 116.203.3.120 443 (msg: "MISP e26691 [Vidar] Outgoing To IP: 116.203.3.120|443"; classtype:trojan-activity; sid:37515651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 193.203.164.168 80 (msg: "MISP e26691 [Vidar] Outgoing To IP: 193.203.164.168|80"; classtype:trojan-activity; sid:37515661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 5.252.118.12 80 (msg: "MISP e26691 [Vidar] Outgoing To IP: 5.252.118.12|80"; classtype:trojan-activity; sid:37515671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert ip $HOME_NET any -> 5.182.86.94 80 (msg: "MISP e26691 [Vidar] Outgoing To IP: 5.182.86.94|80"; classtype:trojan-activity; sid:37515681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 193.203.164.168 $HTTP_PORTS (msg: "MISP e26691 [Vidar] Outgoing URL http|3a|//193.203.164.168/"; flow:to_server,established; http.header; content:"193.203.164.168"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37515701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 5.252.118.12 $HTTP_PORTS (msg: "MISP e26691 [Vidar] Outgoing URL http|3a|//5.252.118.12/"; flow:to_server,established; http.header; content:"5.252.118.12"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37515711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 5.182.86.94 $HTTP_PORTS (msg: "MISP e26691 [Vidar] Outgoing URL http|3a|//5.182.86.94/"; flow:to_server,established; http.header; content:"5.182.86.94"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37515721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> 5.252.118.12 $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//5.252.118.12/"; flow:to_server,established; http.header; content:"5.252.118.12"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37570881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 5.182.86.94 $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//5.182.86.94/"; flow:to_server,established; http.header; content:"5.182.86.94"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37570891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 193.203.164.168 $HTTP_PORTS (msg: "MISP e26857 [] Outgoing URL http|3a|//193.203.164.168/"; flow:to_server,established; http.header; content:"193.203.164.168"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37570901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 116.203.3.120 443 (msg: "MISP e26857 [] Outgoing To IP: 116.203.3.120|443"; classtype:trojan-activity; sid:37570921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 193.203.164.168 80 (msg: "MISP e26857 [] Outgoing To IP: 193.203.164.168|80"; classtype:trojan-activity; sid:37570931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 5.252.118.12 80 (msg: "MISP e26857 [] Outgoing To IP: 5.252.118.12|80"; classtype:trojan-activity; sid:37570941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 5.182.86.94 80 (msg: "MISP e26857 [] Outgoing To IP: 5.182.86.94|80"; classtype:trojan-activity; sid:37570951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 87.3.215.35 65199 (msg: "MISP e26857 [] Outgoing To IP: 87.3.215.35|65199"; classtype:trojan-activity; sid:37570961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain ihateciroparisi.serveminecraft.net"; dns.query; content:"ihateciroparisi.serveminecraft.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ihateciroparisi\.serveminecraft\.net$/i"; classtype:trojan-activity; sid:37570971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain ihateciroparisi.serveminecraft.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ihateciroparisi.serveminecraft.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ihateciroparisi\.serveminecraft\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain elianisgalidon3020.duckdns.org"; dns.query; content:"elianisgalidon3020.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])elianisgalidon3020\.duckdns\.org$/i"; classtype:trojan-activity; sid:37570981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain elianisgalidon3020.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elianisgalidon3020.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elianisgalidon3020\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37570982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26690 [] Domain lider.bci-soporte.info"; dns.query; content:"lider.bci-soporte.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])lider\.bci\-soporte\.info$/i"; classtype:trojan-activity; sid:37513311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26690;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26690 [] Outgoing HTTP Domain lider.bci-soporte.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lider.bci-soporte.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lider\.bci\-soporte\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37513312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26690;) alert ip $HOME_NET any -> 193.168.141.40 443 (msg: "MISP e26857 [] Outgoing To IP: 193.168.141.40|443"; classtype:trojan-activity; sid:37570991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 213.139.205.174 443 (msg: "MISP e26857 [] Outgoing To IP: 213.139.205.174|443"; classtype:trojan-activity; sid:37571001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 77.72.85.124 443 (msg: "MISP e26857 [] Outgoing To IP: 77.72.85.124|443"; classtype:trojan-activity; sid:37571011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 5.181.202.117 443 (msg: "MISP e26857 [] Outgoing To IP: 5.181.202.117|443"; classtype:trojan-activity; sid:37571021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip 1.82.191.110 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.82.191.110"; classtype:trojan-activity; sid:37760361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 101.200.166.251 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.200.166.251"; classtype:trojan-activity; sid:37760371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 106.41.74.98 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.74.98"; classtype:trojan-activity; sid:37760381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert dns any any -> any any (msg: "MISP e26857 [] Domain foodmattkent.live"; dns.query; content:"foodmattkent.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])foodmattkent\.live$/i"; classtype:trojan-activity; sid:37571031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain foodmattkent.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"foodmattkent.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])foodmattkent\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip 103.47.194.166 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.47.194.166"; classtype:trojan-activity; sid:37760391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 110.183.17.85 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.183.17.85"; classtype:trojan-activity; sid:37760401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 110.177.107.177 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.177.107.177"; classtype:trojan-activity; sid:37760411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 113.128.11.133 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.128.11.133"; classtype:trojan-activity; sid:37760421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 112.112.194.90 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.112.194.90"; classtype:trojan-activity; sid:37760431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 113.218.139.36 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.218.139.36"; classtype:trojan-activity; sid:37760441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 113.195.9.222 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.195.9.222"; classtype:trojan-activity; sid:37760451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 114.239.125.51 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.125.51"; classtype:trojan-activity; sid:37760461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 114.33.36.97 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.33.36.97"; classtype:trojan-activity; sid:37760471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 113.26.82.26 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.26.82.26"; classtype:trojan-activity; sid:37760481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 114.239.125.81 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.125.81"; classtype:trojan-activity; sid:37760491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 114.35.23.222 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.35.23.222"; classtype:trojan-activity; sid:37760501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 117.214.73.150 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.73.150"; classtype:trojan-activity; sid:37760511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 114.33.57.48 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.33.57.48"; classtype:trojan-activity; sid:37760521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 116.248.10.229 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.248.10.229"; classtype:trojan-activity; sid:37760531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 117.233.157.219 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.157.219"; classtype:trojan-activity; sid:37760541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 117.214.8.234 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.8.234"; classtype:trojan-activity; sid:37760551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 119.100.116.208 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.100.116.208"; classtype:trojan-activity; sid:37760561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 120.57.222.229 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.57.222.229"; classtype:trojan-activity; sid:37760571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 117.233.182.238 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.182.238"; classtype:trojan-activity; sid:37760581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 121.234.205.34 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.234.205.34"; classtype:trojan-activity; sid:37760591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 119.184.9.22 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.184.9.22"; classtype:trojan-activity; sid:37760601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 123.50.84.132 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.50.84.132"; classtype:trojan-activity; sid:37760611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 136.50.98.128 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 136.50.98.128"; classtype:trojan-activity; sid:37760621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 120.57.95.79 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.57.95.79"; classtype:trojan-activity; sid:37760631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 157.52.30.204 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.52.30.204"; classtype:trojan-activity; sid:37760641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 178.151.78.14 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.151.78.14"; classtype:trojan-activity; sid:37760651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 123.172.145.146 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.145.146"; classtype:trojan-activity; sid:37760661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 125.26.229.236 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.229.236"; classtype:trojan-activity; sid:37760671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 179.63.147.59 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.63.147.59"; classtype:trojan-activity; sid:37760681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 153.194.189.241 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.194.189.241"; classtype:trojan-activity; sid:37760691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 180.97.90.143 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.97.90.143"; classtype:trojan-activity; sid:37760701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 177.230.149.49 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.230.149.49"; classtype:trojan-activity; sid:37760711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 179.216.215.171 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.216.215.171"; classtype:trojan-activity; sid:37760721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 182.56.170.14 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.56.170.14"; classtype:trojan-activity; sid:37760731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 189.36.218.10 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.36.218.10"; classtype:trojan-activity; sid:37760741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 180.106.130.181 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.106.130.181"; classtype:trojan-activity; sid:37760751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 182.240.52.238 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.52.238"; classtype:trojan-activity; sid:37760761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 218.201.76.218 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.201.76.218"; classtype:trojan-activity; sid:37760771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 220.174.158.199 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.174.158.199"; classtype:trojan-activity; sid:37760781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 185.232.233.194 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.232.233.194"; classtype:trojan-activity; sid:37760791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 205.209.96.38 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.209.96.38"; classtype:trojan-activity; sid:37760801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 24.84.212.161 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.84.212.161"; classtype:trojan-activity; sid:37760811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 27.42.179.139 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.42.179.139"; classtype:trojan-activity; sid:37760821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 218.29.231.106 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.29.231.106"; classtype:trojan-activity; sid:37760831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 222.109.88.91 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.109.88.91"; classtype:trojan-activity; sid:37760841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 45.121.108.115 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.121.108.115"; classtype:trojan-activity; sid:37760851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 27.20.179.244 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.20.179.244"; classtype:trojan-activity; sid:37760861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 49.70.10.146 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.70.10.146"; classtype:trojan-activity; sid:37760871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 41.74.141.21 any -> $HOME_NET any (msg: "MISP e26998 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.74.141.21"; classtype:trojan-activity; sid:37760881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 59.98.103.177 any -> $HOME_NET any (msg: "MISP e26998 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 59.98.103.177"; classtype:trojan-activity; sid:37760891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 61.36.4.92 any -> $HOME_NET any (msg: "MISP e26998 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 61.36.4.92"; classtype:trojan-activity; sid:37760901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 47.106.122.3 any -> $HOME_NET any (msg: "MISP e26998 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 47.106.122.3"; classtype:trojan-activity; sid:37760911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 76.232.83.1 any -> $HOME_NET any (msg: "MISP e26998 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 76.232.83.1"; classtype:trojan-activity; sid:37760921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 49.70.20.246 any -> $HOME_NET any (msg: "MISP e26998 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 49.70.20.246"; classtype:trojan-activity; sid:37760931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 80.246.94.60 any -> $HOME_NET any (msg: "MISP e26998 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 80.246.94.60"; classtype:trojan-activity; sid:37760941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26998;) alert ip 185.236.38.137 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.236.38.137"; classtype:trojan-activity; sid:37528471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 170.64.187.63 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.187.63"; classtype:trojan-activity; sid:37528481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 2.57.122.127 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.57.122.127"; classtype:trojan-activity; sid:37528491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 209.97.174.45 any -> $HOME_NET any (msg: "MISP e26696 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.97.174.45"; classtype:trojan-activity; sid:37528501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26696;) alert ip 167.99.212.101 any -> $HOME_NET any (msg: "MISP e26999 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.212.101"; classtype:trojan-activity; sid:37760951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26999;) alert ip 80.66.76.80 any -> $HOME_NET any (msg: "MISP e26724 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.76.80"; classtype:trojan-activity; sid:37533741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26724;) alert ip 198.235.24.154 any -> $HOME_NET any (msg: "MISP e26724 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.154"; classtype:trojan-activity; sid:37533751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26724;) alert ip 124.128.251.66 any -> $HOME_NET any (msg: "MISP e26999 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.128.251.66"; classtype:trojan-activity; sid:37760961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26999;) alert ip 192.241.201.6 any -> $HOME_NET any (msg: "MISP e26710 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.201.6"; classtype:trojan-activity; sid:37531991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26710;) alert ip 178.128.176.245 any -> $HOME_NET any (msg: "MISP e26724 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.176.245"; classtype:trojan-activity; sid:37533761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26724;) alert ip 87.236.176.17 any -> $HOME_NET any (msg: "MISP e26710 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.17"; classtype:trojan-activity; sid:37532001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26710;) alert ip 188.113.235.40 any -> $HOME_NET any (msg: "MISP e26999 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.113.235.40"; classtype:trojan-activity; sid:37760971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26999;) alert ip 104.131.144.28 any -> $HOME_NET any (msg: "MISP e26724 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.144.28"; classtype:trojan-activity; sid:37533771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26724;) alert ip 139.144.185.46 any -> $HOME_NET any (msg: "MISP e26724 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.144.185.46"; classtype:trojan-activity; sid:37533781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26724;) alert ip 198.199.114.5 any -> $HOME_NET any (msg: "MISP e26724 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.114.5"; classtype:trojan-activity; sid:37761001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26724;) alert ip 165.227.24.17 any -> $HOME_NET any (msg: "MISP e26724 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.24.17"; classtype:trojan-activity; sid:37761011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26724;) alert ip 177.11.148.42 any -> $HOME_NET any (msg: "MISP e26999 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.11.148.42"; classtype:trojan-activity; sid:37760981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26999;) alert ip 103.47.194.156 any -> $HOME_NET any (msg: "MISP e26999 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.47.194.156"; classtype:trojan-activity; sid:37760991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26999;) alert ip 51.75.52.3 any -> $HOME_NET any (msg: "MISP e26724 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.75.52.3"; classtype:trojan-activity; sid:37761021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26724;) alert ip $HOME_NET any -> 207.246.120.23 8140 (msg: "MISP e26857 [] Outgoing To IP: 207.246.120.23|8140"; classtype:trojan-activity; sid:37571041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain day.50adayplan.com"; dns.query; content:"day.50adayplan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])day\.50adayplan\.com$/i"; classtype:trojan-activity; sid:37571051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain day.50adayplan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"day.50adayplan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])day\.50adayplan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert dns any any -> any any (msg: "MISP e26857 [] Domain winvipbonus.life"; dns.query; content:"winvipbonus.life"; nocase; pcre: "/(^|[^A-Za-z0-9-])winvipbonus\.life$/i"; classtype:trojan-activity; sid:37571061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain winvipbonus.life"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"winvipbonus.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])winvipbonus\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip 8.138.80.119 any -> $HOME_NET any (msg: "MISP e26710 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.138.80.119"; classtype:trojan-activity; sid:37532011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26710;) alert http $HOME_NET any -> 111.230.51.186 9000 (msg: "MISP e26691 [CobaltStrike,cs-watermark-100000,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//111.230.51.186|3a|9000/push"; flow:to_server,established; http.header; content:"111.230.51.186"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37515731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert dns any any -> any any (msg: "MISP e26857 [] Domain db2017417b23.zapto.org"; dns.query; content:"db2017417b23.zapto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])db2017417b23\.zapto\.org$/i"; classtype:trojan-activity; sid:37571071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26857 [] Outgoing HTTP Domain db2017417b23.zapto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"db2017417b23.zapto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])db2017417b23\.zapto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert ip $HOME_NET any -> 45.95.146.3 8872 (msg: "MISP e26857 [] Outgoing To IP: 45.95.146.3|8872"; classtype:trojan-activity; sid:37571081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> 111.230.51.186 9000 (msg: "MISP e26857 [] Outgoing URL http|3a|//111.230.51.186|3a|9000/push"; flow:to_server,established; http.header; content:"111.230.51.186"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37571091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26857;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e26691 [CobaltStrike] Outgoing URL http|3a|//horseridinghotel.com|3a|443/wp-content/unsalted-condensed-soups/"; flow:to_server,established; http.header; content:"horseridinghotel.com"; fast_pattern; nocase; http.uri; content:"/wp-content/unsalted-condensed-soups/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37515741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26691;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e26851 [CobaltStrike,misp-galaxy:malpedia="Cobalt Strike",misp:confidence-level="usually-confident"] Outgoing URL http|3a|//horseridinghotel.com|3a|443/wp-content/unsalted-condensed-soups/"; flow:to_server,established; http.header; content:"horseridinghotel.com"; fast_pattern; nocase; http.uri; content:"/wp-content/unsalted-condensed-soups/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [NanoCore,RAT,misp-galaxy:malpedia="Nanocore RAT"] Domain nanocore73.zapto.org"; dns.query; content:"nanocore73.zapto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])nanocore73\.zapto\.org$/i"; classtype:trojan-activity; sid:37563201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [NanoCore,RAT,misp-galaxy:malpedia="Nanocore RAT"] Outgoing HTTP Domain nanocore73.zapto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nanocore73.zapto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nanocore73\.zapto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 88.165.236.23 64278 (msg: "MISP e26851 [NanoCore,RAT,misp-galaxy:malpedia="Nanocore RAT"] Outgoing To IP: 88.165.236.23|64278"; classtype:trojan-activity; sid:37563211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 147.45.47.100 24854 (msg: "MISP e26851 [infostealer,RedLine,stealer] Outgoing To IP: 147.45.47.100|24854"; classtype:trojan-activity; sid:37563221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.125.209.94 13406 (msg: "MISP e26851 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 3.125.209.94|13406"; classtype:trojan-activity; sid:37563231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 18.158.249.75 13406 (msg: "MISP e26851 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing To IP: 18.158.249.75|13406"; classtype:trojan-activity; sid:37563241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.22.30.40 18237 (msg: "MISP e26809 [NanoCore,RAT] Outgoing To IP: 3.22.30.40|18237"; classtype:trojan-activity; sid:37551171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.134.125.175 18237 (msg: "MISP e26809 [NanoCore,RAT] Outgoing To IP: 3.134.125.175|18237"; classtype:trojan-activity; sid:37551181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.17.7.232 18237 (msg: "MISP e26809 [NanoCore,RAT] Outgoing To IP: 3.17.7.232|18237"; classtype:trojan-activity; sid:37551191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.13.191.225 18237 (msg: "MISP e26809 [NanoCore,RAT] Outgoing To IP: 3.13.191.225|18237"; classtype:trojan-activity; sid:37551201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.14.182.203 18237 (msg: "MISP e26809 [NanoCore,RAT] Outgoing To IP: 3.14.182.203|18237"; classtype:trojan-activity; sid:37551211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.14.182.203 18237 (msg: "MISP e26851 [NanoCore,RAT,misp-galaxy:malpedia="Nanocore RAT"] Outgoing To IP: 3.14.182.203|18237"; classtype:trojan-activity; sid:37563251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.13.191.225 18237 (msg: "MISP e26851 [NanoCore,RAT,misp-galaxy:malpedia="Nanocore RAT"] Outgoing To IP: 3.13.191.225|18237"; classtype:trojan-activity; sid:37563261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.17.7.232 18237 (msg: "MISP e26851 [NanoCore,RAT,misp-galaxy:malpedia="Nanocore RAT"] Outgoing To IP: 3.17.7.232|18237"; classtype:trojan-activity; sid:37563271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.134.125.175 18237 (msg: "MISP e26851 [NanoCore,RAT,misp-galaxy:malpedia="Nanocore RAT"] Outgoing To IP: 3.134.125.175|18237"; classtype:trojan-activity; sid:37563281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.22.30.40 18237 (msg: "MISP e26851 [NanoCore,RAT,misp-galaxy:malpedia="Nanocore RAT"] Outgoing To IP: 3.22.30.40|18237"; classtype:trojan-activity; sid:37563291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 147.45.47.35 $HTTP_PORTS (msg: "MISP e26809 [Amadey] Outgoing URL http|3a|//147.45.47.35/bdjkb2xsd/index.php"; flow:to_server,established; http.header; content:"147.45.47.35"; fast_pattern; nocase; http.uri; content:"/bdjkb2xsd/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 147.45.47.35 $HTTP_PORTS (msg: "MISP e26851 [Amadey,misp-galaxy:malpedia="Amadey"] Outgoing URL http|3a|//147.45.47.35/bDjkb2xSd/index.php"; flow:to_server,established; http.header; content:"147.45.47.35"; fast_pattern; nocase; http.uri; content:"/bDjkb2xSd/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//soundsend.com/?offer=Chrome"; flow:to_server,established; http.header; content:"soundsend.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//student-voice.com/api/set_v_2_new_uuid"; flow:to_server,established; http.header; content:"student-voice.com"; fast_pattern; nocase; http.uri; content:"/api/set_v_2_new_uuid"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//phpsearch.com/api/get_file_drop?offer=Chrome"; flow:to_server,established; http.header; content:"phpsearch.com"; fast_pattern; nocase; http.uri; content:"/api/get_file_drop"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 88.165.236.23 54985 (msg: "MISP e26851 [NanoCore,RAT,misp-galaxy:malpedia="Nanocore RAT"] Outgoing To IP: 88.165.236.23|54985"; classtype:trojan-activity; sid:37563341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//chrome.freegeneratorai.com/intl/en/chrome/next-steps.html"; flow:to_server,established; http.header; content:"chrome.freegeneratorai.com"; fast_pattern; nocase; http.uri; content:"/intl/en/chrome/next-steps.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.134.39.220 18237 (msg: "MISP e26851 [NanoCore,RAT,misp-galaxy:malpedia="Nanocore RAT"] Outgoing To IP: 3.134.39.220|18237"; classtype:trojan-activity; sid:37563361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//soundsend.com/traffic?uuid="; flow:to_server,established; http.header; content:"soundsend.com"; fast_pattern; nocase; http.uri; content:"/traffic"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//posiit.com/cookies"; flow:to_server,established; http.header; content:"posiit.com"; fast_pattern; nocase; http.uri; content:"/cookies"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//posiit.com/get_file"; flow:to_server,established; http.header; content:"posiit.com"; fast_pattern; nocase; http.uri; content:"/get_file"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//peeriosity.com/shared-services/j.js?"; flow:to_server,established; http.header; content:"peeriosity.com"; fast_pattern; nocase; http.uri; content:"/shared-services/j.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 147.45.47.35 80 (msg: "MISP e26809 [Amadey,ViriBack] Outgoing To IP: 147.45.47.35|80"; classtype:trojan-activity; sid:37551331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//opera.freegeneratorai.com"; flow:to_server,established; http.header; content:"opera.freegeneratorai.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//mozila.freegeneratorai.com"; flow:to_server,established; http.header; content:"mozila.freegeneratorai.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 147.45.47.35 80 (msg: "MISP e26851 [Amadey,misp-galaxy:malpedia="Amadey",misp:confidence-level="fairly-confident"] Outgoing To IP: 147.45.47.35|80"; classtype:trojan-activity; sid:37563431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 167.235.36.34 8056 (msg: "MISP e26809 [RedLineStealer] Outgoing To IP: 167.235.36.34|8056"; classtype:trojan-activity; sid:37551361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 167.235.36.34 8056 (msg: "MISP e26851 [] Outgoing To IP: 167.235.36.34|8056"; classtype:trojan-activity; sid:37563441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 185.222.58.40 1978 (msg: "MISP e26809 [asyncrat,RAT] Outgoing To IP: 185.222.58.40|1978"; classtype:trojan-activity; sid:37551451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 185.222.58.40 1978 (msg: "MISP e26851 [] Outgoing To IP: 185.222.58.40|1978"; classtype:trojan-activity; sid:37563531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 46.246.6.4 1994 (msg: "MISP e26851 [] Outgoing To IP: 46.246.6.4|1994"; classtype:trojan-activity; sid:37563541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain elccorp-net.ntc-telecomcorporation.workers.dev"; dns.query; content:"elccorp-net.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])elccorp\-net\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37563551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain elccorp-net.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elccorp-net.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elccorp\-net\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain gwadarportt.workers.dev"; dns.query; content:"gwadarportt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarportt\.workers\.dev$/i"; classtype:trojan-activity; sid:37563561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain gwadarportt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gwadarportt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarportt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain gwadarport-gov-pk.gwadarportt.workers.dev"; dns.query; content:"gwadarport-gov-pk.gwadarportt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarport\-gov\-pk\.gwadarportt\.workers\.dev$/i"; classtype:trojan-activity; sid:37563571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain gwadarport-gov-pk.gwadarportt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gwadarport-gov-pk.gwadarportt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gwadarport\-gov\-pk\.gwadarportt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-ecp\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37563581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-ecp\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-gwadarport\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37563591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-gwadarport\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-sco\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37563601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-sco-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-sco\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain news.ntc-telecomcorporation.workers.dev"; dns.query; content:"news.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37563611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain news.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 185.91.127.233 23 (msg: "MISP e26851 [] Outgoing To IP: 185.91.127.233|23"; classtype:trojan-activity; sid:37563621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 193.149.180.213 7443 (msg: "MISP e26809 [BLNWX,Covenant] Outgoing To IP: 193.149.180.213|7443"; classtype:trojan-activity; sid:37551481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 158.160.97.165 7443 (msg: "MISP e26809 [Mythic,YANDEXCLOUD] Outgoing To IP: 158.160.97.165|7443"; classtype:trojan-activity; sid:37551491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 5.255.117.32 4971 (msg: "MISP e26809 [Bianlian Go Trojan,LITESERVER] Outgoing To IP: 5.255.117.32|4971"; classtype:trojan-activity; sid:37551501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 193.168.141.40 443 (msg: "MISP e26809 [Latrodectus] Outgoing To IP: 193.168.141.40|443"; classtype:trojan-activity; sid:37551111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 5.181.202.117 443 (msg: "MISP e26809 [Latrodectus] Outgoing To IP: 5.181.202.117|443"; classtype:trojan-activity; sid:37551081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 213.139.205.174 443 (msg: "MISP e26809 [Latrodectus] Outgoing To IP: 213.139.205.174|443"; classtype:trojan-activity; sid:37551091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 20.218.68.91 13817 (msg: "MISP e26809 [infostealer,RedLine,stealer] Outgoing To IP: 20.218.68.91|13817"; classtype:trojan-activity; sid:37551061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [NanoCore,RAT] Domain elianisgalidon3020.duckdns.org"; dns.query; content:"elianisgalidon3020.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])elianisgalidon3020\.duckdns\.org$/i"; classtype:trojan-activity; sid:37551071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [NanoCore,RAT] Outgoing HTTP Domain elianisgalidon3020.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elianisgalidon3020.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elianisgalidon3020\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 91.35.211.80 995 (msg: "MISP e26809 [DTAG Internet service provider operations,QakBot] Outgoing To IP: 91.35.211.80|995"; classtype:trojan-activity; sid:37551511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 46.246.6.4 1994 (msg: "MISP e26809 [njrat,RAT] Outgoing To IP: 46.246.6.4|1994"; classtype:trojan-activity; sid:37551461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 95.20.240.52 443 (msg: "MISP e26809 [QakBot,UNI2-AS] Outgoing To IP: 95.20.240.52|443"; classtype:trojan-activity; sid:37551521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 189.253.236.111 443 (msg: "MISP e26809 [QakBot,UNINET] Outgoing To IP: 189.253.236.111|443"; classtype:trojan-activity; sid:37551531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [DynamicFake] Outgoing URL http|3a|//mozila.freegeneratorai.com"; flow:to_server,established; http.header; content:"mozila.freegeneratorai.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [DynamicFake] Outgoing URL http|3a|//opera.freegeneratorai.com"; flow:to_server,established; http.header; content:"opera.freegeneratorai.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [DynamicFake] Outgoing URL http|3a|//phpsearch.com/api/get_file_drop?offer=chrome"; flow:to_server,established; http.header; content:"phpsearch.com"; fast_pattern; nocase; http.uri; content:"/api/get_file_drop"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [DynamicFake] Outgoing URL http|3a|//student-voice.com/api/set_v_2_new_uuid"; flow:to_server,established; http.header; content:"student-voice.com"; fast_pattern; nocase; http.uri; content:"/api/set_v_2_new_uuid"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [DynamicFake] Outgoing URL http|3a|//soundsend.com/?offer=chrome"; flow:to_server,established; http.header; content:"soundsend.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 88.165.236.23 54985 (msg: "MISP e26809 [NanoCore,RAT] Outgoing To IP: 88.165.236.23|54985"; classtype:trojan-activity; sid:37551291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 95.20.241.161 443 (msg: "MISP e26809 [QakBot,UNI2-AS] Outgoing To IP: 95.20.241.161|443"; classtype:trojan-activity; sid:37551541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.134.39.220 18237 (msg: "MISP e26809 [NanoCore,RAT] Outgoing To IP: 3.134.39.220|18237"; classtype:trojan-activity; sid:37551271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 88.165.236.23 64278 (msg: "MISP e26809 [NanoCore,RAT] Outgoing To IP: 88.165.236.23|64278"; classtype:trojan-activity; sid:37551151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 77.72.85.124 443 (msg: "MISP e26809 [Latrodectus] Outgoing To IP: 77.72.85.124|443"; classtype:trojan-activity; sid:37551101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [DynamicFake] Outgoing URL http|3a|//chrome.freegeneratorai.com/intl/en/chrome/next-steps.html"; flow:to_server,established; http.header; content:"chrome.freegeneratorai.com"; fast_pattern; nocase; http.uri; content:"/intl/en/chrome/next-steps.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 41.96.168.36 443 (msg: "MISP e26809 [ALGTEL-AS,QakBot] Outgoing To IP: 41.96.168.36|443"; classtype:trojan-activity; sid:37551551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [DynamicFake] Outgoing URL http|3a|//posiit.com/cookies"; flow:to_server,established; http.header; content:"posiit.com"; fast_pattern; nocase; http.uri; content:"/cookies"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [DynamicFake] Outgoing URL http|3a|//soundsend.com/traffic?uuid="; flow:to_server,established; http.header; content:"soundsend.com"; fast_pattern; nocase; http.uri; content:"/traffic"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [NanoCore,RAT] Domain nanocore73.zapto.org"; dns.query; content:"nanocore73.zapto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])nanocore73\.zapto\.org$/i"; classtype:trojan-activity; sid:37551161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [NanoCore,RAT] Outgoing HTTP Domain nanocore73.zapto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nanocore73.zapto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nanocore73\.zapto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [DynamicFake] Outgoing URL http|3a|//peeriosity.com/shared-services/j.js?"; flow:to_server,established; http.header; content:"peeriosity.com"; fast_pattern; nocase; http.uri; content:"/shared-services/j.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [DynamicFake] Outgoing URL http|3a|//posiit.com/get_file"; flow:to_server,established; http.header; content:"posiit.com"; fast_pattern; nocase; http.uri; content:"/get_file"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 5.163.163.158 995 (msg: "MISP e26809 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 5.163.163.158|995"; classtype:trojan-activity; sid:37551561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 5.255.117.32 4971 (msg: "MISP e26851 [] Outgoing To IP: 5.255.117.32|4971"; classtype:trojan-activity; sid:37563631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 158.160.97.165 7443 (msg: "MISP e26851 [] Outgoing To IP: 158.160.97.165|7443"; classtype:trojan-activity; sid:37563641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 193.149.180.213 7443 (msg: "MISP e26851 [] Outgoing To IP: 193.149.180.213|7443"; classtype:trojan-activity; sid:37563651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 154.7.14.19 8888 (msg: "MISP e26809 [PEG-SV,Supershell] Outgoing To IP: 154.7.14.19|8888"; classtype:trojan-activity; sid:37551571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 185.16.38.147 8888 (msg: "MISP e26809 [MEVSPACE,Supershell] Outgoing To IP: 185.16.38.147|8888"; classtype:trojan-activity; sid:37551581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 178.33.57.148 7634 (msg: "MISP e26809 [RAT,RemcosRAT] Outgoing To IP: 178.33.57.148|7634"; classtype:trojan-activity; sid:37551591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [DarkGate] Domain rourtmanjsdadhfakja.com"; dns.query; content:"rourtmanjsdadhfakja.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rourtmanjsdadhfakja\.com$/i"; classtype:trojan-activity; sid:37551601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [DarkGate] Outgoing HTTP Domain rourtmanjsdadhfakja.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rourtmanjsdadhfakja.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rourtmanjsdadhfakja\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 45.67.34.69 443 (msg: "MISP e26809 [DarkGate] Outgoing To IP: 45.67.34.69|443"; classtype:trojan-activity; sid:37551611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 45.67.34.69 443 (msg: "MISP e26851 [] Outgoing To IP: 45.67.34.69|443"; classtype:trojan-activity; sid:37563661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain rourtmanjsdadhfakja.com"; dns.query; content:"rourtmanjsdadhfakja.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rourtmanjsdadhfakja\.com$/i"; classtype:trojan-activity; sid:37563671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain rourtmanjsdadhfakja.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rourtmanjsdadhfakja.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rourtmanjsdadhfakja\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 178.33.57.148 7634 (msg: "MISP e26851 [] Outgoing To IP: 178.33.57.148|7634"; classtype:trojan-activity; sid:37563681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 185.16.38.147 8888 (msg: "MISP e26851 [] Outgoing To IP: 185.16.38.147|8888"; classtype:trojan-activity; sid:37563691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 154.7.14.19 8888 (msg: "MISP e26851 [] Outgoing To IP: 154.7.14.19|8888"; classtype:trojan-activity; sid:37563701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 5.163.163.158 995 (msg: "MISP e26851 [] Outgoing To IP: 5.163.163.158|995"; classtype:trojan-activity; sid:37563711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 41.96.168.36 443 (msg: "MISP e26851 [] Outgoing To IP: 41.96.168.36|443"; classtype:trojan-activity; sid:37563721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 95.20.241.161 443 (msg: "MISP e26851 [] Outgoing To IP: 95.20.241.161|443"; classtype:trojan-activity; sid:37563731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 189.253.236.111 443 (msg: "MISP e26851 [] Outgoing To IP: 189.253.236.111|443"; classtype:trojan-activity; sid:37563741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 95.20.240.52 443 (msg: "MISP e26851 [] Outgoing To IP: 95.20.240.52|443"; classtype:trojan-activity; sid:37563751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 91.35.211.80 995 (msg: "MISP e26851 [] Outgoing To IP: 91.35.211.80|995"; classtype:trojan-activity; sid:37563761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 185.29.10.51 5211 (msg: "MISP e26809 [NanoCore,RAT] Outgoing To IP: 185.29.10.51|5211"; classtype:trojan-activity; sid:37551621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 185.29.10.51 5211 (msg: "MISP e26851 [] Outgoing To IP: 185.29.10.51|5211"; classtype:trojan-activity; sid:37563771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e27108 [] Domain emta.ee-kontroll.com"; dns.query; content:"emta.ee-kontroll.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\.ee\-kontroll\.com$/i"; classtype:trojan-activity; sid:37775451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27108;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27108 [] Outgoing HTTP Domain emta.ee-kontroll.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"emta.ee-kontroll.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\.ee\-kontroll\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27108;) alert dns any any -> any any (msg: "MISP e26851 [] Domain jmoha66808.ddns.net"; dns.query; content:"jmoha66808.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])jmoha66808\.ddns\.net$/i"; classtype:trojan-activity; sid:37563781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain jmoha66808.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jmoha66808.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jmoha66808\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26809 [NanoCore,RAT] Domain jmoha66808.ddns.net"; dns.query; content:"jmoha66808.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])jmoha66808\.ddns\.net$/i"; classtype:trojan-activity; sid:37551631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [NanoCore,RAT] Outgoing HTTP Domain jmoha66808.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jmoha66808.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jmoha66808\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 23.94.148.10 $HTTP_PORTS (msg: "MISP e26997 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//23.94.148.10/8080/ORR.txt"; flow:to_server,established; http.header; content:"23.94.148.10"; fast_pattern; nocase; http.uri; content:"/8080/ORR.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37760251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26997;) alert ip $HOME_NET any -> 185.91.127.233 23 (msg: "MISP e26809 [Gafgyt] Outgoing To IP: 185.91.127.233|23"; classtype:trojan-activity; sid:37551471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [Mirai] Domain db2017417b23.zapto.org"; dns.query; content:"db2017417b23.zapto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])db2017417b23\.zapto\.org$/i"; classtype:trojan-activity; sid:37551131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [Mirai] Outgoing HTTP Domain db2017417b23.zapto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"db2017417b23.zapto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])db2017417b23\.zapto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 45.95.146.3 8872 (msg: "MISP e26809 [Mirai] Outgoing To IP: 45.95.146.3|8872"; classtype:trojan-activity; sid:37551121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26790 [] Hostname email.translaters.click"; dns.query; content:"email.translaters.click"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])email\.translaters\.click$/i"; classtype:trojan-activity; sid:37568131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Hostname email.translaters.click"; flow:to_server,established; http.header; content: "Host|3a| email.translaters.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])email\.translaters\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [dcrat] Outgoing URL http|3a|//969727cm.nyashsens.top/externalservertrackwordpresspublicprivate.php"; flow:to_server,established; http.header; content:"969727cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/externalservertrackwordpresspublicprivate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//969727cm.nyashsens.top/externalserverTrackWordpresspublicprivate.php"; flow:to_server,established; http.header; content:"969727cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/externalserverTrackWordpresspublicprivate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain ronreznick.com"; dns.query; content:"ronreznick.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ronreznick\.com$/i"; classtype:trojan-activity; sid:37563811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain ronreznick.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ronreznick.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ronreznick\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26809 [SocGholish] Domain ronreznick.com"; dns.query; content:"ronreznick.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ronreznick\.com$/i"; classtype:trojan-activity; sid:37551661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [SocGholish] Outgoing HTTP Domain ronreznick.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ronreznick.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ronreznick\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26849 [] Domain lyringenieria.com.ar"; dns.query; content:"lyringenieria.com.ar"; nocase; pcre: "/(^|[^A-Za-z0-9-])lyringenieria\.com\.ar$/i"; classtype:trojan-activity; sid:37563101; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26849;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26849 [] Outgoing HTTP Domain lyringenieria.com.ar"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lyringenieria.com.ar"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lyringenieria\.com\.ar[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563102; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26849;) alert dns any any -> any any (msg: "MISP e26849 [] Domain akaphibetaomega.org"; dns.query; content:"akaphibetaomega.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])akaphibetaomega\.org$/i"; classtype:trojan-activity; sid:37563111; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26849;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26849 [] Outgoing HTTP Domain akaphibetaomega.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"akaphibetaomega.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])akaphibetaomega\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563112; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26849;) alert dns any any -> any any (msg: "MISP e26692 [] Domain tarifas-banestado.pages.dev"; dns.query; content:"tarifas-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37515761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26692;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26692 [] Outgoing HTTP Domain tarifas-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tarifas-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37515762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26692;) alert dns any any -> any any (msg: "MISP e26693 [] Domain tarifas-banestado.pages.dev"; dns.query; content:"tarifas-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37515841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26693;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26693 [] Outgoing HTTP Domain tarifas-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tarifas-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37515842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26693;) alert dns any any -> any any (msg: "MISP e26694 [] Domain tarifas-banestado.pages.dev"; dns.query; content:"tarifas-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37515921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26694;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26694 [] Outgoing HTTP Domain tarifas-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tarifas-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37515922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26694;) alert dns any any -> any any (msg: "MISP e26790 [] Domain lv-citadele.net"; dns.query; content:"lv-citadele.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])lv\-citadele\.net$/i"; classtype:trojan-activity; sid:37568141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Domain lv-citadele.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lv-citadele.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lv\-citadele\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert ip $HOME_NET any -> 91.223.3.151 4508 (msg: "MISP e26809 [remcos] Outgoing To IP: 91.223.3.151|4508"; classtype:trojan-activity; sid:37551671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 91.223.3.151 4508 (msg: "MISP e26851 [] Outgoing To IP: 91.223.3.151|4508"; classtype:trojan-activity; sid:37563821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26695 [] Domain banestado-beneficio.pages.dev"; dns.query; content:"banestado-beneficio.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-beneficio\.pages\.dev$/i"; classtype:trojan-activity; sid:37516041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26695;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26695 [] Outgoing HTTP Domain banestado-beneficio.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-beneficio.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-beneficio\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37516042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26695;) alert ip $HOME_NET any -> 157.230.180.251 43624 (msg: "MISP e26851 [] Outgoing To IP: 157.230.180.251|43624"; classtype:trojan-activity; sid:37563831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 157.230.180.251 49838 (msg: "MISP e26851 [] Outgoing To IP: 157.230.180.251|49838"; classtype:trojan-activity; sid:37563841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [dcrat] Outgoing URL http|3a|//f0918974.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"f0918974.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 157.230.180.251 43624 (msg: "MISP e26809 [] Outgoing To IP: 157.230.180.251|43624"; classtype:trojan-activity; sid:37551681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 157.230.180.251 49838 (msg: "MISP e26809 [] Outgoing To IP: 157.230.180.251|49838"; classtype:trojan-activity; sid:37551691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//f0918974.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"f0918974.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [dcrat] Outgoing URL http|3a|//f0914549.xsph.ru/f8a8b9ed.php"; flow:to_server,established; http.header; content:"f0914549.xsph.ru"; fast_pattern; nocase; http.uri; content:"/f8a8b9ed.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//f0914549.xsph.ru/f8a8b9ed.php"; flow:to_server,established; http.header; content:"f0914549.xsph.ru"; fast_pattern; nocase; http.uri; content:"/f8a8b9ed.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain stealit.onrender.com"; dns.query; content:"stealit.onrender.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stealit\.onrender\.com$/i"; classtype:trojan-activity; sid:37563881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain stealit.onrender.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stealit.onrender.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stealit\.onrender\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 94.156.8.80 43957 (msg: "MISP e26851 [] Outgoing To IP: 94.156.8.80|43957"; classtype:trojan-activity; sid:37563891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 94.156.68.104 55555 (msg: "MISP e26851 [] Outgoing To IP: 94.156.68.104|55555"; classtype:trojan-activity; sid:37563901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 45.95.146.89 7788 (msg: "MISP e26851 [] Outgoing To IP: 45.95.146.89|7788"; classtype:trojan-activity; sid:37563911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 45.95.146.38 1312 (msg: "MISP e26851 [] Outgoing To IP: 45.95.146.38|1312"; classtype:trojan-activity; sid:37563921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 194.169.175.31 38245 (msg: "MISP e26851 [] Outgoing To IP: 194.169.175.31|38245"; classtype:trojan-activity; sid:37563931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 85.239.34.84 23 (msg: "MISP e26851 [] Outgoing To IP: 85.239.34.84|23"; classtype:trojan-activity; sid:37563941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 93.123.85.49 1312 (msg: "MISP e26851 [] Outgoing To IP: 93.123.85.49|1312"; classtype:trojan-activity; sid:37563951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 93.123.85.113 1312 (msg: "MISP e26851 [] Outgoing To IP: 93.123.85.113|1312"; classtype:trojan-activity; sid:37563961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 93.123.85.127 5555 (msg: "MISP e26851 [] Outgoing To IP: 93.123.85.127|5555"; classtype:trojan-activity; sid:37563971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 93.123.85.109 5555 (msg: "MISP e26851 [] Outgoing To IP: 93.123.85.109|5555"; classtype:trojan-activity; sid:37563981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 93.123.85.136 5555 (msg: "MISP e26851 [] Outgoing To IP: 93.123.85.136|5555"; classtype:trojan-activity; sid:37563991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 91.92.252.208 1312 (msg: "MISP e26851 [] Outgoing To IP: 91.92.252.208|1312"; classtype:trojan-activity; sid:37564001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 173.44.141.244 443 (msg: "MISP e26851 [] Outgoing To IP: 173.44.141.244|443"; classtype:trojan-activity; sid:37564011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain germanclics.com"; dns.query; content:"germanclics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])germanclics\.com$/i"; classtype:trojan-activity; sid:37564021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain germanclics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"germanclics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])germanclics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26809 [RENDER,stealer,stealit,US] Domain stealit.onrender.com"; dns.query; content:"stealit.onrender.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stealit\.onrender\.com$/i"; classtype:trojan-activity; sid:37551871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [RENDER,stealer,stealit,US] Outgoing HTTP Domain stealit.onrender.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stealit.onrender.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stealit\.onrender\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 20.127.165.86 80 (msg: "MISP e26809 [stealer,stealit,US] Outgoing To IP: 20.127.165.86|80"; classtype:trojan-activity; sid:37551881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 85.239.34.84 23 (msg: "MISP e26809 [elf,Mirai] Outgoing To IP: 85.239.34.84|23"; classtype:trojan-activity; sid:37551851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 94.156.8.80 43957 (msg: "MISP e26809 [c2,moobot] Outgoing To IP: 94.156.8.80|43957"; classtype:trojan-activity; sid:37551861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 194.169.175.31 38245 (msg: "MISP e26809 [elf,Mirai] Outgoing To IP: 194.169.175.31|38245"; classtype:trojan-activity; sid:37551841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [SocGholish] Domain germanclics.com"; dns.query; content:"germanclics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])germanclics\.com$/i"; classtype:trojan-activity; sid:37551731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [SocGholish] Outgoing HTTP Domain germanclics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"germanclics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])germanclics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 173.44.141.244 443 (msg: "MISP e26809 [SocGholish] Outgoing To IP: 173.44.141.244|443"; classtype:trojan-activity; sid:37551741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 93.123.85.49 1312 (msg: "MISP e26809 [elf,Mirai] Outgoing To IP: 93.123.85.49|1312"; classtype:trojan-activity; sid:37551751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 45.95.146.89 7788 (msg: "MISP e26809 [elf,Mirai] Outgoing To IP: 45.95.146.89|7788"; classtype:trojan-activity; sid:37551821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 45.95.146.38 1312 (msg: "MISP e26809 [elf,Mirai] Outgoing To IP: 45.95.146.38|1312"; classtype:trojan-activity; sid:37551831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 93.123.85.136 5555 (msg: "MISP e26809 [elf,Mirai] Outgoing To IP: 93.123.85.136|5555"; classtype:trojan-activity; sid:37551791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 91.92.252.208 1312 (msg: "MISP e26809 [elf,Mirai] Outgoing To IP: 91.92.252.208|1312"; classtype:trojan-activity; sid:37551801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 94.156.68.104 55555 (msg: "MISP e26809 [elf,Mirai] Outgoing To IP: 94.156.68.104|55555"; classtype:trojan-activity; sid:37551811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 93.123.85.127 5555 (msg: "MISP e26809 [elf,Mirai] Outgoing To IP: 93.123.85.127|5555"; classtype:trojan-activity; sid:37551771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 93.123.85.109 5555 (msg: "MISP e26809 [elf,Mirai] Outgoing To IP: 93.123.85.109|5555"; classtype:trojan-activity; sid:37551781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 93.123.85.113 1312 (msg: "MISP e26809 [elf,Mirai] Outgoing To IP: 93.123.85.113|1312"; classtype:trojan-activity; sid:37551761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 20.127.165.86 80 (msg: "MISP e26851 [] Outgoing To IP: 20.127.165.86|80"; classtype:trojan-activity; sid:37564031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,LIMENET] Outgoing URL http|3a|//www.ynpuning.cn|3a|8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; flow:to_server,established; http.header; content:"www.ynpuning.cn"; fast_pattern; nocase; http.uri; content:"/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,LIMENET] Domain www.ynpuning.cn"; dns.query; content:"www.ynpuning.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ynpuning\.cn$/i"; classtype:trojan-activity; sid:37551921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,LIMENET] Outgoing HTTP Domain www.ynpuning.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.ynpuning.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ynpuning\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,LIMENET] Outgoing URL http|3a|//www.nkbiky.cn|3a|8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; flow:to_server,established; http.header; content:"www.nkbiky.cn"; fast_pattern; nocase; http.uri; content:"/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,LIMENET] Domain www.nkbiky.cn"; dns.query; content:"www.nkbiky.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nkbiky\.cn$/i"; classtype:trojan-activity; sid:37551941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,LIMENET] Outgoing HTTP Domain www.nkbiky.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nkbiky.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nkbiky\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 104.21.80.122 8080 (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,LIMENET] Outgoing URL http|3a|//104.21.80.122|3a|8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; flow:to_server,established; http.header; content:"104.21.80.122"; fast_pattern; nocase; http.uri; content:"/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37551951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 94.156.71.76 8080 (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,LIMENET] Outgoing To IP: 94.156.71.76|8080"; classtype:trojan-activity; sid:37551961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [CobaltStrike,cs-watermark-1787456026,FORTHNET-GR Forthnet] Domain hathat.azureedge.net"; dns.query; content:"hathat.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])hathat\.azureedge\.net$/i"; classtype:trojan-activity; sid:37551981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [CobaltStrike,cs-watermark-1787456026,FORTHNET-GR Forthnet] Outgoing HTTP Domain hathat.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hathat.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hathat\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 193.92.234.217 443 (msg: "MISP e26809 [CobaltStrike,cs-watermark-1787456026,FORTHNET-GR Forthnet] Outgoing To IP: 193.92.234.217|443"; classtype:trojan-activity; sid:37551991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 94.156.71.76 8080 (msg: "MISP e26851 [] Outgoing To IP: 94.156.71.76|8080"; classtype:trojan-activity; sid:37564041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 104.21.80.122 8080 (msg: "MISP e26851 [] Outgoing URL http|3a|//104.21.80.122|3a|8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; flow:to_server,established; http.header; content:"104.21.80.122"; fast_pattern; nocase; http.uri; content:"/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37564051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain www.nkbiky.cn"; dns.query; content:"www.nkbiky.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nkbiky\.cn$/i"; classtype:trojan-activity; sid:37564061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain www.nkbiky.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nkbiky.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nkbiky\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg: "MISP e26851 [] Outgoing URL http|3a|//www.nkbiky.cn|3a|8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; flow:to_server,established; http.header; content:"www.nkbiky.cn"; fast_pattern; nocase; http.uri; content:"/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37564071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain www.ynpuning.cn"; dns.query; content:"www.ynpuning.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ynpuning\.cn$/i"; classtype:trojan-activity; sid:37564081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain www.ynpuning.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.ynpuning.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ynpuning\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg: "MISP e26851 [] Outgoing URL http|3a|//www.ynpuning.cn|3a|8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; flow:to_server,established; http.header; content:"www.ynpuning.cn"; fast_pattern; nocase; http.uri; content:"/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37564091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain event.coachgreb.com"; dns.query; content:"event.coachgreb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])event\.coachgreb\.com$/i"; classtype:trojan-activity; sid:37564101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain event.coachgreb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"event.coachgreb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])event\.coachgreb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 170.75.170.7 443 (msg: "MISP e26851 [] Outgoing To IP: 170.75.170.7|443"; classtype:trojan-activity; sid:37564111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 193.92.234.217 443 (msg: "MISP e26851 [] Outgoing To IP: 193.92.234.217|443"; classtype:trojan-activity; sid:37564121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain hathat.azureedge.net"; dns.query; content:"hathat.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])hathat\.azureedge\.net$/i"; classtype:trojan-activity; sid:37564131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain hathat.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hathat.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hathat\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26684 [] Source Email Address: luxtrust-verification-services-no-reply2024@voo.be"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"luxtrust-verification-services-no-reply2024@voo.be"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37864201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26684;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26684 [] Source Email Address: luxtrust-vrefication20240@voo.be"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"luxtrust-vrefication20240@voo.be"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37864211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26684;) alert ip $HOME_NET any -> 84.54.51.103 6666 (msg: "MISP e26851 [] Outgoing To IP: 84.54.51.103|6666"; classtype:trojan-activity; sid:37564151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 87.121.58.103 6666 (msg: "MISP e26851 [] Outgoing To IP: 87.121.58.103|6666"; classtype:trojan-activity; sid:37564161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 91.92.246.192 $HTTP_PORTS (msg: "MISP e26809 [Stealc] Outgoing URL http|3a|//91.92.246.192/129edec4272dc2c8.php"; flow:to_server,established; http.header; content:"91.92.246.192"; fast_pattern; nocase; http.uri; content:"/129edec4272dc2c8.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37552031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 93.123.39.166 671 (msg: "MISP e26809 [Gafgyt] Outgoing To IP: 93.123.39.166|671"; classtype:trojan-activity; sid:37552021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [SocGholish] Domain event.coachgreb.com"; dns.query; content:"event.coachgreb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])event\.coachgreb\.com$/i"; classtype:trojan-activity; sid:37551901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [SocGholish] Outgoing HTTP Domain event.coachgreb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"event.coachgreb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])event\.coachgreb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37551902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 84.54.51.103 6666 (msg: "MISP e26809 [] Outgoing To IP: 84.54.51.103|6666"; classtype:trojan-activity; sid:37552001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 87.121.58.103 6666 (msg: "MISP e26809 [] Outgoing To IP: 87.121.58.103|6666"; classtype:trojan-activity; sid:37552011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 170.75.170.7 443 (msg: "MISP e26809 [SocGholish] Outgoing To IP: 170.75.170.7|443"; classtype:trojan-activity; sid:37551891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 93.123.39.166 671 (msg: "MISP e26851 [] Outgoing To IP: 93.123.39.166|671"; classtype:trojan-activity; sid:37564171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 91.92.246.192 $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//91.92.246.192/129edec4272dc2c8.php"; flow:to_server,established; http.header; content:"91.92.246.192"; fast_pattern; nocase; http.uri; content:"/129edec4272dc2c8.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37564181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 47.122.24.43 443 (msg: "MISP e26851 [] Outgoing URL http|3a|//47.122.24.43|3a|443/_/static/plugins/jquery/jquery.cookie.js"; flow:to_server,established; http.header; content:"47.122.24.43"; fast_pattern; nocase; http.uri; content:"/_/static/plugins/jquery/jquery.cookie.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37564191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 18.158.249.75 16904 (msg: "MISP e26851 [] Outgoing To IP: 18.158.249.75|16904"; classtype:trojan-activity; sid:37564201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26790 [] Domain magnivetaman.com"; dns.query; content:"magnivetaman.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])magnivetaman\.com$/i"; classtype:trojan-activity; sid:37568151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Domain magnivetaman.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"magnivetaman.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])magnivetaman\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert ip $HOME_NET any -> 83.69.236.143 443 (msg: "MISP e26851 [] Outgoing To IP: 83.69.236.143|443"; classtype:trojan-activity; sid:37564211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e24600 [] Domain google.maps-services.com"; dns.query; content:"google.maps-services.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])google\.maps\-services\.com$/i"; classtype:trojan-activity; sid:37765611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain google.maps-services.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"google.maps-services.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])google\.maps\-services\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37765612; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e27108 [] Domain omnivetech.top"; dns.query; content:"omnivetech.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])omnivetech\.top$/i"; classtype:trojan-activity; sid:37775481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27108;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27108 [] Outgoing HTTP Domain omnivetech.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omnivetech.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omnivetech\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27108;) alert dns any any -> any any (msg: "MISP e24600 [] Domain eboo-retablir-lu.com"; dns.query; content:"eboo-retablir-lu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eboo\-retablir\-lu\.com$/i"; classtype:trojan-activity; sid:37765651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain eboo-retablir-lu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eboo-retablir-lu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eboo\-retablir\-lu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37765652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 116.62.130.96 4444 (msg: "MISP e26809 [CobaltStrike,cs-watermark-1234567890,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//116.62.130.96|3a|4444/pixel.gif"; flow:to_server,established; http.header; content:"116.62.130.96"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37552061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 124.70.180.22 89 (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,Huawei Cloud Service data center] Outgoing URL http|3a|//124.70.180.22|3a|89/pixel"; flow:to_server,established; http.header; content:"124.70.180.22"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37552071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 47.108.153.69 7777 (msg: "MISP e26809 [CobaltStrike,cs-watermark-0,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.108.153.69|3a|7777/pixel"; flow:to_server,established; http.header; content:"47.108.153.69"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37552081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 94.156.69.227 $HTTP_PORTS (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,LIMENET] Outgoing URL http|3a|//94.156.69.227/fwlink"; flow:to_server,established; http.header; content:"94.156.69.227"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37552091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 94.156.69.224 80 (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,LIMENET] Outgoing To IP: 94.156.69.224|80"; classtype:trojan-activity; sid:37552101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 116.62.130.96 5555 (msg: "MISP e26809 [CobaltStrike,cs-watermark-1234567890,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//116.62.130.96|3a|5555/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"116.62.130.96"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37552121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 34.168.39.155 $HTTP_PORTS (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,Google LLC] Outgoing URL http|3a|//34.168.39.155/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; flow:to_server,established; http.header; content:"34.168.39.155"; fast_pattern; nocase; http.uri; content:"/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37552131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 34.168.39.155 80 (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,Google LLC] Outgoing To IP: 34.168.39.155|80"; classtype:trojan-activity; sid:37552141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 34.168.39.155 80 (msg: "MISP e26851 [] Outgoing To IP: 34.168.39.155|80"; classtype:trojan-activity; sid:37564221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 34.168.39.155 $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//34.168.39.155/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; flow:to_server,established; http.header; content:"34.168.39.155"; fast_pattern; nocase; http.uri; content:"/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37564231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 116.62.130.96 5555 (msg: "MISP e26851 [] Outgoing URL http|3a|//116.62.130.96|3a|5555/IE9CompatViewList.xml"; flow:to_server,established; http.header; content:"116.62.130.96"; fast_pattern; nocase; http.uri; content:"/IE9CompatViewList.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37564241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 94.156.69.224 80 (msg: "MISP e26851 [] Outgoing To IP: 94.156.69.224|80"; classtype:trojan-activity; sid:37564261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 94.156.69.227 $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//94.156.69.227/fwlink"; flow:to_server,established; http.header; content:"94.156.69.227"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37564271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 47.108.153.69 7777 (msg: "MISP e26851 [] Outgoing URL http|3a|//47.108.153.69|3a|7777/pixel"; flow:to_server,established; http.header; content:"47.108.153.69"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37564281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 124.70.180.22 89 (msg: "MISP e26851 [] Outgoing URL http|3a|//124.70.180.22|3a|89/pixel"; flow:to_server,established; http.header; content:"124.70.180.22"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37564291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 116.62.130.96 4444 (msg: "MISP e26851 [] Outgoing URL http|3a|//116.62.130.96|3a|4444/pixel.gif"; flow:to_server,established; http.header; content:"116.62.130.96"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37564301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 83.69.236.143 443 (msg: "MISP e26809 [KeitaroTDS,SocGholish] Outgoing To IP: 83.69.236.143|443"; classtype:trojan-activity; sid:37552051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 47.122.24.43 443 (msg: "MISP e26809 [] Outgoing URL http|3a|//47.122.24.43|3a|443/_/static/plugins/jquery/jquery.cookie.js"; flow:to_server,established; http.header; content:"47.122.24.43"; fast_pattern; nocase; http.uri; content:"/_/static/plugins/jquery/jquery.cookie.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37552041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26709 [] Domain banestado-tarifas.pages.dev"; dns.query; content:"banestado-tarifas.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-tarifas\.pages\.dev$/i"; classtype:trojan-activity; sid:37531921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26709;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26709 [] Outgoing HTTP Domain banestado-tarifas.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-tarifas.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-tarifas\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37531922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26709;) alert dns any any -> any any (msg: "MISP e26790 [] Hostname online.databasse.click"; dns.query; content:"online.databasse.click"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])online\.databasse\.click$/i"; classtype:trojan-activity; sid:37568161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Hostname online.databasse.click"; flow:to_server,established; http.header; content: "Host|3a| online.databasse.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])online\.databasse\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert dns any any -> any any (msg: "MISP e26790 [] Domain ws123.xyz"; dns.query; content:"ws123.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])ws123\.xyz$/i"; classtype:trojan-activity; sid:37568171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Domain ws123.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ws123.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ws123\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert ip $HOME_NET any -> 18.158.58.205 13326 (msg: "MISP e26809 [njrat] Outgoing To IP: 18.158.58.205|13326"; classtype:trojan-activity; sid:37552151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26790 [] Domain entrepreneurs-club.top"; dns.query; content:"entrepreneurs-club.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])entrepreneurs\-club\.top$/i"; classtype:trojan-activity; sid:37568181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Domain entrepreneurs-club.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"entrepreneurs-club.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])entrepreneurs\-club\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert ip $HOME_NET any -> 18.158.58.205 13326 (msg: "MISP e26851 [] Outgoing To IP: 18.158.58.205|13326"; classtype:trojan-activity; sid:37564311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26790 [] Domain post-mx.life"; dns.query; content:"post-mx.life"; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-mx\.life$/i"; classtype:trojan-activity; sid:37568191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Domain post-mx.life"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"post-mx.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-mx\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert dns any any -> any any (msg: "MISP e26790 [] Domain wehaveitsure.ro"; dns.query; content:"wehaveitsure.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-])wehaveitsure\.ro$/i"; classtype:trojan-activity; sid:37568201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26790 [] Outgoing HTTP Domain wehaveitsure.ro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wehaveitsure.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wehaveitsure\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37568202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26790;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26740 [] Outgoing URL http|3a|//qrco.de/beoaEt"; flow:to_server,established; http.header; content:"qrco.de"; fast_pattern; nocase; http.uri; content:"/beoaEt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37535831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26740;) alert dns any any -> any any (msg: "MISP e26740 [] Domain cl.gouzhang.top"; dns.query; content:"cl.gouzhang.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\.gouzhang\.top$/i"; classtype:trojan-activity; sid:37535861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26740;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26740 [] Outgoing HTTP Domain cl.gouzhang.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cl.gouzhang.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\.gouzhang\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37535862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26740;) alert dns any any -> any any (msg: "MISP e26743 [] Domain banestado-beneficio.pages.dev"; dns.query; content:"banestado-beneficio.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-beneficio\.pages\.dev$/i"; classtype:trojan-activity; sid:37536121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26743;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26743 [] Outgoing HTTP Domain banestado-beneficio.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-beneficio.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-beneficio\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37536122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26743;) alert ip $HOME_NET any -> 18.192.31.165 19599 (msg: "MISP e26809 [njrat] Outgoing To IP: 18.192.31.165|19599"; classtype:trojan-activity; sid:37552171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.125.102.39 19599 (msg: "MISP e26809 [njrat] Outgoing To IP: 3.125.102.39|19599"; classtype:trojan-activity; sid:37552181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 18.158.249.75 19599 (msg: "MISP e26809 [njrat] Outgoing To IP: 18.158.249.75|19599"; classtype:trojan-activity; sid:37552191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.125.209.94 19599 (msg: "MISP e26809 [njrat] Outgoing To IP: 3.125.209.94|19599"; classtype:trojan-activity; sid:37552201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.125.223.134 19599 (msg: "MISP e26809 [njrat] Outgoing To IP: 3.125.223.134|19599"; classtype:trojan-activity; sid:37552211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.125.223.134 19599 (msg: "MISP e26851 [] Outgoing To IP: 3.125.223.134|19599"; classtype:trojan-activity; sid:37564331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.125.209.94 19599 (msg: "MISP e26851 [] Outgoing To IP: 3.125.209.94|19599"; classtype:trojan-activity; sid:37564341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 18.158.249.75 19599 (msg: "MISP e26851 [] Outgoing To IP: 18.158.249.75|19599"; classtype:trojan-activity; sid:37564351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.125.102.39 19599 (msg: "MISP e26851 [] Outgoing To IP: 3.125.102.39|19599"; classtype:trojan-activity; sid:37564361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 18.192.31.165 19599 (msg: "MISP e26851 [] Outgoing To IP: 18.192.31.165|19599"; classtype:trojan-activity; sid:37564371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 185.222.58.252 1992 (msg: "MISP e26809 [remcos] Outgoing To IP: 185.222.58.252|1992"; classtype:trojan-activity; sid:37552221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 185.222.58.252 1992 (msg: "MISP e26851 [] Outgoing To IP: 185.222.58.252|1992"; classtype:trojan-activity; sid:37564381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 149.88.78.241 443 (msg: "MISP e26809 [AS142032,c2,censys] Outgoing To IP: 149.88.78.241|443"; classtype:trojan-activity; sid:37552231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 116.204.37.20 443 (msg: "MISP e26809 [AS55990,c2,censys] Outgoing To IP: 116.204.37.20|443"; classtype:trojan-activity; sid:37552241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 43.136.40.231 888 (msg: "MISP e26809 [AS45090,c2,censys] Outgoing To IP: 43.136.40.231|888"; classtype:trojan-activity; sid:37552251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [AS12874,c2,censys,FASTWEB] Domain 93-33-203-219.ip46.fastwebnet.it"; dns.query; content:"93-33-203-219.ip46.fastwebnet.it"; nocase; pcre: "/(^|[^A-Za-z0-9-])93\-33\-203\-219\.ip46\.fastwebnet\.it$/i"; classtype:trojan-activity; sid:37552261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [AS12874,c2,censys,FASTWEB] Outgoing HTTP Domain 93-33-203-219.ip46.fastwebnet.it"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"93-33-203-219.ip46.fastwebnet.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])93\-33\-203\-219\.ip46\.fastwebnet\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37552262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 95.215.108.98 80 (msg: "MISP e26809 [AS207713,c2,censys,GIR-AS] Outgoing To IP: 95.215.108.98|80"; classtype:trojan-activity; sid:37552271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 45.152.66.209 7121 (msg: "MISP e26809 [AS139659,c2,censys] Outgoing To IP: 45.152.66.209|7121"; classtype:trojan-activity; sid:37552281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 103.108.107.231 1024 (msg: "MISP e26809 [AS137431,c2,censys] Outgoing To IP: 103.108.107.231|1024"; classtype:trojan-activity; sid:37552291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 124.71.108.110 443 (msg: "MISP e26809 [AS55990,c2,censys] Outgoing To IP: 124.71.108.110|443"; classtype:trojan-activity; sid:37552301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 121.43.58.124 4444 (msg: "MISP e26809 [AS37963,c2,censys] Outgoing To IP: 121.43.58.124|4444"; classtype:trojan-activity; sid:37552311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 123.57.181.89 6000 (msg: "MISP e26809 [AS37963,c2,censys] Outgoing To IP: 123.57.181.89|6000"; classtype:trojan-activity; sid:37552321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 1.14.255.248 80 (msg: "MISP e26809 [AS45090,c2,censys] Outgoing To IP: 1.14.255.248|80"; classtype:trojan-activity; sid:37552331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 82.157.164.51 80 (msg: "MISP e26809 [AS45090,c2,censys] Outgoing To IP: 82.157.164.51|80"; classtype:trojan-activity; sid:37552341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 38.55.197.151 2053 (msg: "MISP e26809 [AS55020,c2,censys,IDCCLOUD] Outgoing To IP: 38.55.197.151|2053"; classtype:trojan-activity; sid:37552351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 146.70.44.156 8443 (msg: "MISP e26809 [AS9009,c2,censys,M247] Outgoing To IP: 146.70.44.156|8443"; classtype:trojan-activity; sid:37552361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 139.9.52.98 80 (msg: "MISP e26809 [AS55990,c2,censys] Outgoing To IP: 139.9.52.98|80"; classtype:trojan-activity; sid:37552371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 120.55.183.201 80 (msg: "MISP e26809 [AS37963,c2,censys] Outgoing To IP: 120.55.183.201|80"; classtype:trojan-activity; sid:37552381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 139.162.155.161 443 (msg: "MISP e26809 [AS63949,c2,censys] Outgoing To IP: 139.162.155.161|443"; classtype:trojan-activity; sid:37552391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 47.120.50.234 57777 (msg: "MISP e26809 [AS37963,c2,censys] Outgoing To IP: 47.120.50.234|57777"; classtype:trojan-activity; sid:37552401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 182.23.67.109 8080 (msg: "MISP e26809 [AS38513,c2,censys] Outgoing To IP: 182.23.67.109|8080"; classtype:trojan-activity; sid:37552411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 101.42.47.72 443 (msg: "MISP e26809 [AS45090,c2,censys] Outgoing To IP: 101.42.47.72|443"; classtype:trojan-activity; sid:37552421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 1.14.69.16 80 (msg: "MISP e26809 [AS45090,c2,censys] Outgoing To IP: 1.14.69.16|80"; classtype:trojan-activity; sid:37552431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 206.188.196.107 8080 (msg: "MISP e26809 [AS399629,BLNWX,c2,censys] Outgoing To IP: 206.188.196.107|8080"; classtype:trojan-activity; sid:37552441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 187.135.122.195 2222 (msg: "MISP e26809 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.122.195|2222"; classtype:trojan-activity; sid:37552451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 187.135.83.6 1883 (msg: "MISP e26809 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.6|1883"; classtype:trojan-activity; sid:37552461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 167.71.51.239 31337 (msg: "MISP e26809 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 167.71.51.239|31337"; classtype:trojan-activity; sid:37552471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 15.206.179.62 8888 (msg: "MISP e26809 [AMAZON-02,AS16509,c2,censys,Supershell] Outgoing To IP: 15.206.179.62|8888"; classtype:trojan-activity; sid:37552481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 106.54.207.116 8888 (msg: "MISP e26809 [AS45090,c2,censys,Supershell] Outgoing To IP: 106.54.207.116|8888"; classtype:trojan-activity; sid:37552491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 147.189.172.103 6969 (msg: "MISP e26809 [AS30823,c2,censys,RAT] Outgoing To IP: 147.189.172.103|6969"; classtype:trojan-activity; sid:37552501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 194.67.204.7 88 (msg: "MISP e26809 [AS209641,c2,censys,I-SERVERS-EAST,RAT] Outgoing To IP: 194.67.204.7|88"; classtype:trojan-activity; sid:37552511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 104.210.36.227 8808 (msg: "MISP e26809 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT] Outgoing To IP: 104.210.36.227|8808"; classtype:trojan-activity; sid:37552521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 172.111.148.20 222 (msg: "MISP e26809 [AS9009,c2,censys,M247,RAT] Outgoing To IP: 172.111.148.20|222"; classtype:trojan-activity; sid:37552531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 89.117.21.203 6606 (msg: "MISP e26809 [AS40021,c2,censys,NL-811-40021,RAT] Outgoing To IP: 89.117.21.203|6606"; classtype:trojan-activity; sid:37552541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 89.117.21.203 7707 (msg: "MISP e26809 [AS40021,c2,censys,NL-811-40021,RAT] Outgoing To IP: 89.117.21.203|7707"; classtype:trojan-activity; sid:37552551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 45.138.16.248 9090 (msg: "MISP e26809 [AS210558,c2,censys,RAT] Outgoing To IP: 45.138.16.248|9090"; classtype:trojan-activity; sid:37552561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 109.199.104.52 8888 (msg: "MISP e26809 [AS51167,c2,censys,CONTABO,RAT] Outgoing To IP: 109.199.104.52|8888"; classtype:trojan-activity; sid:37552571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 139.162.249.47 443 (msg: "MISP e26809 [AS63949,c2,censys,Mythic] Outgoing To IP: 139.162.249.47|443"; classtype:trojan-activity; sid:37552581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 64.23.186.161 80 (msg: "MISP e26809 [AS14061,c2,censys,DIGITALOCEAN-ASN,HookBot] Outgoing To IP: 64.23.186.161|80"; classtype:trojan-activity; sid:37552591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,HookBot] Domain 157.32.125.34.bc.googleusercontent.com"; dns.query; content:"157.32.125.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])157\.32\.125\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37552601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,HookBot] Outgoing HTTP Domain 157.32.125.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"157.32.125.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])157\.32\.125\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37552602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Domain ok.system111.top"; dns.query; content:"ok.system111.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.system111\.top$/i"; classtype:trojan-activity; sid:37552611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Outgoing HTTP Domain ok.system111.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ok.system111.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.system111\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37552612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Domain bistoxcrypto.com"; dns.query; content:"bistoxcrypto.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bistoxcrypto\.com$/i"; classtype:trojan-activity; sid:37552621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Outgoing HTTP Domain bistoxcrypto.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bistoxcrypto.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bistoxcrypto\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37552622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [AS399077,c2,censys,HookBot,TERAEXCH] Domain hg88654.cc"; dns.query; content:"hg88654.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])hg88654\.cc$/i"; classtype:trojan-activity; sid:37552631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [AS399077,c2,censys,HookBot,TERAEXCH] Outgoing HTTP Domain hg88654.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hg88654.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hg88654\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37552632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 91.92.242.86 8081 (msg: "MISP e26809 [AS394711,c2,censys,LIMENET] Outgoing To IP: 91.92.242.86|8081"; classtype:trojan-activity; sid:37552641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 193.233.132.234 8081 (msg: "MISP e26809 [AS216319,c2,censys,SUNHOST-AS] Outgoing To IP: 193.233.132.234|8081"; classtype:trojan-activity; sid:37552651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 181.161.23.232 8080 (msg: "MISP e26809 [AS7418,c2,censys,RAT] Outgoing To IP: 181.161.23.232|8080"; classtype:trojan-activity; sid:37552661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 20.42.80.234 8080 (msg: "MISP e26809 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT] Outgoing To IP: 20.42.80.234|8080"; classtype:trojan-activity; sid:37552671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 177.103.63.67 5000 (msg: "MISP e26809 [AS27699,c2,censys,RAT] Outgoing To IP: 177.103.63.67|5000"; classtype:trojan-activity; sid:37552681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 167.172.87.109 8080 (msg: "MISP e26809 [AS14061,c2,censys,DIGITALOCEAN-ASN,RAT] Outgoing To IP: 167.172.87.109|8080"; classtype:trojan-activity; sid:37552691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 185.196.8.93 4782 (msg: "MISP e26809 [AS42624,c2,censys,RAT,SIMPLECARRIER] Outgoing To IP: 185.196.8.93|4782"; classtype:trojan-activity; sid:37552701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 49.13.129.77 443 (msg: "MISP e26809 [AS24940,c2,censys,HETZNER-AS] Outgoing To IP: 49.13.129.77|443"; classtype:trojan-activity; sid:37552711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain irenecameron.autos"; dns.query; content:"irenecameron.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])irenecameron\.autos$/i"; classtype:trojan-activity; sid:37552721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain irenecameron.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"irenecameron.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])irenecameron\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37552722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.84.126.255 443 (msg: "MISP e26809 [AMAZON-AES,AS14618,c2,censys] Outgoing To IP: 3.84.126.255|443"; classtype:trojan-activity; sid:37552731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain www.kendraesparza.autos"; dns.query; content:"www.kendraesparza.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kendraesparza\.autos$/i"; classtype:trojan-activity; sid:37552741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain www.kendraesparza.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.kendraesparza.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kendraesparza\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37552742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain www.maribelgould.autos"; dns.query; content:"www.maribelgould.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maribelgould\.autos$/i"; classtype:trojan-activity; sid:37552751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain www.maribelgould.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.maribelgould.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maribelgould\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37552752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 35.177.215.200 80 (msg: "MISP e26809 [AMAZON-02,AS16509,c2,censys] Outgoing To IP: 35.177.215.200|80"; classtype:trojan-activity; sid:37552761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 38.242.144.29 7049 (msg: "MISP e26809 [AS51167,c2,censys,CONTABO,RAT] Outgoing To IP: 38.242.144.29|7049"; classtype:trojan-activity; sid:37552771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 89.163.145.141 5000 (msg: "MISP e26809 [AS24961,botnet,byob,c2,censys] Outgoing To IP: 89.163.145.141|5000"; classtype:trojan-activity; sid:37552781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 203.161.60.175 80 (msg: "MISP e26809 [AS22612,botnet,byob,c2,censys,NAMECHEAP-NET] Outgoing To IP: 203.161.60.175|80"; classtype:trojan-activity; sid:37552791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 203.161.60.175 5000 (msg: "MISP e26809 [AS22612,botnet,byob,c2,censys,NAMECHEAP-NET] Outgoing To IP: 203.161.60.175|5000"; classtype:trojan-activity; sid:37552801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 45.138.16.132 80 (msg: "MISP e26809 [AS210558,c2,censys,stealer] Outgoing To IP: 45.138.16.132|80"; classtype:trojan-activity; sid:37552811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [AEZA-AS,AS210644,c2,censys,stealer] Domain 109.107.181.83.sslip.io"; dns.query; content:"109.107.181.83.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])109\.107\.181\.83\.sslip\.io$/i"; classtype:trojan-activity; sid:37552821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [AEZA-AS,AS210644,c2,censys,stealer] Outgoing HTTP Domain 109.107.181.83.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"109.107.181.83.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])109\.107\.181\.83\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37552822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [AS13335,c2,censys,CLOUDFLARENET,stealer] Domain ftp.huboftest.ir"; dns.query; content:"ftp.huboftest.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.huboftest\.ir$/i"; classtype:trojan-activity; sid:37552831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [AS13335,c2,censys,CLOUDFLARENET,stealer] Outgoing HTTP Domain ftp.huboftest.ir"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ftp.huboftest.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.huboftest\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37552832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 52.23.117.205 443 (msg: "MISP e26809 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 52.23.117.205|443"; classtype:trojan-activity; sid:37552841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-52-20-229-84.compute-1.amazonaws.com"; dns.query; content:"ec2-52-20-229-84.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-20\-229\-84\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37552851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-52-20-229-84.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-52-20-229-84.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-20\-229\-84\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37552852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 106.54.200.213 80 (msg: "MISP e26809 [AS45090,c2,censys,UNAM] Outgoing To IP: 106.54.200.213|80"; classtype:trojan-activity; sid:37552861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 106.54.200.213 443 (msg: "MISP e26809 [AS45090,c2,censys,UNAM] Outgoing To IP: 106.54.200.213|443"; classtype:trojan-activity; sid:37552871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 103.140.187.137 60000 (msg: "MISP e26809 [AS206804,censys,ESTNOC-GLOBAL,Viper] Outgoing To IP: 103.140.187.137|60000"; classtype:trojan-activity; sid:37552881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 43.139.47.68 3333 (msg: "MISP e26809 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 43.139.47.68|3333"; classtype:trojan-activity; sid:37552891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 51.210.242.251 443 (msg: "MISP e26809 [AS16276,censys,GoPhish,OVH,phishing] Outgoing To IP: 51.210.242.251|443"; classtype:trojan-activity; sid:37552901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 18.218.56.158 443 (msg: "MISP e26809 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 18.218.56.158|443"; classtype:trojan-activity; sid:37552911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.84.189.215 3333 (msg: "MISP e26809 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 3.84.189.215|3333"; classtype:trojan-activity; sid:37552921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 20.75.254.123 443 (msg: "MISP e26809 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.75.254.123|443"; classtype:trojan-activity; sid:37552931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 34.170.222.164 10443 (msg: "MISP e26809 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.170.222.164|10443"; classtype:trojan-activity; sid:37552941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 104.238.214.185 4444 (msg: "MISP e26809 [AS36007,censys,GoPhish,KAMATERA,phishing] Outgoing To IP: 104.238.214.185|4444"; classtype:trojan-activity; sid:37552951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 178.73.210.202 443 (msg: "MISP e26809 [AS42708,censys,GoPhish,phishing] Outgoing To IP: 178.73.210.202|443"; classtype:trojan-activity; sid:37552961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 172.160.250.195 3333 (msg: "MISP e26809 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 172.160.250.195|3333"; classtype:trojan-activity; sid:37552971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 152.89.198.197 443 (msg: "MISP e26809 [AS57523,AveMariaRAT,c2,censys,CHANGWAY-AS,RAT] Outgoing To IP: 152.89.198.197|443"; classtype:trojan-activity; sid:37552981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 152.89.198.197 443 (msg: "MISP e26851 [] Outgoing To IP: 152.89.198.197|443"; classtype:trojan-activity; sid:37564391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 172.160.250.195 3333 (msg: "MISP e26851 [] Outgoing To IP: 172.160.250.195|3333"; classtype:trojan-activity; sid:37564401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 178.73.210.202 443 (msg: "MISP e26851 [] Outgoing To IP: 178.73.210.202|443"; classtype:trojan-activity; sid:37564411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 104.238.214.185 4444 (msg: "MISP e26851 [] Outgoing To IP: 104.238.214.185|4444"; classtype:trojan-activity; sid:37564421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 34.170.222.164 10443 (msg: "MISP e26851 [] Outgoing To IP: 34.170.222.164|10443"; classtype:trojan-activity; sid:37564431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 20.75.254.123 443 (msg: "MISP e26851 [] Outgoing To IP: 20.75.254.123|443"; classtype:trojan-activity; sid:37564441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.84.189.215 3333 (msg: "MISP e26851 [] Outgoing To IP: 3.84.189.215|3333"; classtype:trojan-activity; sid:37564451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 18.218.56.158 443 (msg: "MISP e26851 [] Outgoing To IP: 18.218.56.158|443"; classtype:trojan-activity; sid:37564461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 51.210.242.251 443 (msg: "MISP e26851 [] Outgoing To IP: 51.210.242.251|443"; classtype:trojan-activity; sid:37564471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 43.139.47.68 3333 (msg: "MISP e26851 [] Outgoing To IP: 43.139.47.68|3333"; classtype:trojan-activity; sid:37564481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 103.140.187.137 60000 (msg: "MISP e26851 [] Outgoing To IP: 103.140.187.137|60000"; classtype:trojan-activity; sid:37564491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 106.54.200.213 443 (msg: "MISP e26851 [] Outgoing To IP: 106.54.200.213|443"; classtype:trojan-activity; sid:37564501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 106.54.200.213 80 (msg: "MISP e26851 [] Outgoing To IP: 106.54.200.213|80"; classtype:trojan-activity; sid:37564511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain ec2-52-20-229-84.compute-1.amazonaws.com"; dns.query; content:"ec2-52-20-229-84.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-20\-229\-84\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37564521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain ec2-52-20-229-84.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-52-20-229-84.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-20\-229\-84\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 52.23.117.205 443 (msg: "MISP e26851 [] Outgoing To IP: 52.23.117.205|443"; classtype:trojan-activity; sid:37564531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain ftp.huboftest.ir"; dns.query; content:"ftp.huboftest.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.huboftest\.ir$/i"; classtype:trojan-activity; sid:37564541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain ftp.huboftest.ir"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ftp.huboftest.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.huboftest\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain 109.107.181.83.sslip.io"; dns.query; content:"109.107.181.83.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])109\.107\.181\.83\.sslip\.io$/i"; classtype:trojan-activity; sid:37564551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain 109.107.181.83.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"109.107.181.83.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])109\.107\.181\.83\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 45.138.16.132 80 (msg: "MISP e26851 [] Outgoing To IP: 45.138.16.132|80"; classtype:trojan-activity; sid:37564561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 203.161.60.175 80 (msg: "MISP e26851 [] Outgoing To IP: 203.161.60.175|80"; classtype:trojan-activity; sid:37564571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 203.161.60.175 5000 (msg: "MISP e26851 [] Outgoing To IP: 203.161.60.175|5000"; classtype:trojan-activity; sid:37564581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 89.163.145.141 5000 (msg: "MISP e26851 [] Outgoing To IP: 89.163.145.141|5000"; classtype:trojan-activity; sid:37564591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 38.242.144.29 7049 (msg: "MISP e26851 [] Outgoing To IP: 38.242.144.29|7049"; classtype:trojan-activity; sid:37564601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 35.177.215.200 80 (msg: "MISP e26851 [] Outgoing To IP: 35.177.215.200|80"; classtype:trojan-activity; sid:37564611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain www.maribelgould.autos"; dns.query; content:"www.maribelgould.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maribelgould\.autos$/i"; classtype:trojan-activity; sid:37564621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain www.maribelgould.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.maribelgould.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.maribelgould\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.84.126.255 443 (msg: "MISP e26851 [] Outgoing To IP: 3.84.126.255|443"; classtype:trojan-activity; sid:37564631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain www.kendraesparza.autos"; dns.query; content:"www.kendraesparza.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kendraesparza\.autos$/i"; classtype:trojan-activity; sid:37564641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain www.kendraesparza.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.kendraesparza.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kendraesparza\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain irenecameron.autos"; dns.query; content:"irenecameron.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])irenecameron\.autos$/i"; classtype:trojan-activity; sid:37564651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain irenecameron.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"irenecameron.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])irenecameron\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 49.13.129.77 443 (msg: "MISP e26851 [] Outgoing To IP: 49.13.129.77|443"; classtype:trojan-activity; sid:37564661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 167.172.87.109 8080 (msg: "MISP e26851 [] Outgoing To IP: 167.172.87.109|8080"; classtype:trojan-activity; sid:37564671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 185.196.8.93 4782 (msg: "MISP e26851 [] Outgoing To IP: 185.196.8.93|4782"; classtype:trojan-activity; sid:37564681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 177.103.63.67 5000 (msg: "MISP e26851 [] Outgoing To IP: 177.103.63.67|5000"; classtype:trojan-activity; sid:37564691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 20.42.80.234 8080 (msg: "MISP e26851 [] Outgoing To IP: 20.42.80.234|8080"; classtype:trojan-activity; sid:37564701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 181.161.23.232 8080 (msg: "MISP e26851 [] Outgoing To IP: 181.161.23.232|8080"; classtype:trojan-activity; sid:37564711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 91.92.242.86 8081 (msg: "MISP e26851 [] Outgoing To IP: 91.92.242.86|8081"; classtype:trojan-activity; sid:37564721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 193.233.132.234 8081 (msg: "MISP e26851 [] Outgoing To IP: 193.233.132.234|8081"; classtype:trojan-activity; sid:37564731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain hg88654.cc"; dns.query; content:"hg88654.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])hg88654\.cc$/i"; classtype:trojan-activity; sid:37564741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain hg88654.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hg88654.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hg88654\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain ok.system111.top"; dns.query; content:"ok.system111.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.system111\.top$/i"; classtype:trojan-activity; sid:37564751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain ok.system111.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ok.system111.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ok\.system111\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain bistoxcrypto.com"; dns.query; content:"bistoxcrypto.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bistoxcrypto\.com$/i"; classtype:trojan-activity; sid:37564761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain bistoxcrypto.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bistoxcrypto.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bistoxcrypto\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain 157.32.125.34.bc.googleusercontent.com"; dns.query; content:"157.32.125.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])157\.32\.125\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37564771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain 157.32.125.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"157.32.125.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])157\.32\.125\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37564772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 64.23.186.161 80 (msg: "MISP e26851 [] Outgoing To IP: 64.23.186.161|80"; classtype:trojan-activity; sid:37564781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 139.162.249.47 443 (msg: "MISP e26851 [] Outgoing To IP: 139.162.249.47|443"; classtype:trojan-activity; sid:37564791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 109.199.104.52 8888 (msg: "MISP e26851 [] Outgoing To IP: 109.199.104.52|8888"; classtype:trojan-activity; sid:37564801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 45.138.16.248 9090 (msg: "MISP e26851 [] Outgoing To IP: 45.138.16.248|9090"; classtype:trojan-activity; sid:37564811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 89.117.21.203 6606 (msg: "MISP e26851 [] Outgoing To IP: 89.117.21.203|6606"; classtype:trojan-activity; sid:37564821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 89.117.21.203 7707 (msg: "MISP e26851 [] Outgoing To IP: 89.117.21.203|7707"; classtype:trojan-activity; sid:37564831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 172.111.148.20 222 (msg: "MISP e26851 [] Outgoing To IP: 172.111.148.20|222"; classtype:trojan-activity; sid:37564841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 104.210.36.227 8808 (msg: "MISP e26851 [] Outgoing To IP: 104.210.36.227|8808"; classtype:trojan-activity; sid:37564851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 194.67.204.7 88 (msg: "MISP e26851 [] Outgoing To IP: 194.67.204.7|88"; classtype:trojan-activity; sid:37564861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 147.189.172.103 6969 (msg: "MISP e26851 [] Outgoing To IP: 147.189.172.103|6969"; classtype:trojan-activity; sid:37564871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 106.54.207.116 8888 (msg: "MISP e26851 [] Outgoing To IP: 106.54.207.116|8888"; classtype:trojan-activity; sid:37564881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 15.206.179.62 8888 (msg: "MISP e26851 [] Outgoing To IP: 15.206.179.62|8888"; classtype:trojan-activity; sid:37564891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 167.71.51.239 31337 (msg: "MISP e26851 [] Outgoing To IP: 167.71.51.239|31337"; classtype:trojan-activity; sid:37564901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 187.135.83.6 1883 (msg: "MISP e26851 [] Outgoing To IP: 187.135.83.6|1883"; classtype:trojan-activity; sid:37564911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 206.188.196.107 8080 (msg: "MISP e26851 [] Outgoing To IP: 206.188.196.107|8080"; classtype:trojan-activity; sid:37564921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 187.135.122.195 2222 (msg: "MISP e26851 [] Outgoing To IP: 187.135.122.195|2222"; classtype:trojan-activity; sid:37564931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 1.14.69.16 80 (msg: "MISP e26851 [] Outgoing To IP: 1.14.69.16|80"; classtype:trojan-activity; sid:37564941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 182.23.67.109 8080 (msg: "MISP e26851 [] Outgoing To IP: 182.23.67.109|8080"; classtype:trojan-activity; sid:37564951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 101.42.47.72 443 (msg: "MISP e26851 [] Outgoing To IP: 101.42.47.72|443"; classtype:trojan-activity; sid:37564961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 47.120.50.234 57777 (msg: "MISP e26851 [] Outgoing To IP: 47.120.50.234|57777"; classtype:trojan-activity; sid:37564971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 139.162.155.161 443 (msg: "MISP e26851 [] Outgoing To IP: 139.162.155.161|443"; classtype:trojan-activity; sid:37564981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 139.9.52.98 80 (msg: "MISP e26851 [] Outgoing To IP: 139.9.52.98|80"; classtype:trojan-activity; sid:37564991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 120.55.183.201 80 (msg: "MISP e26851 [] Outgoing To IP: 120.55.183.201|80"; classtype:trojan-activity; sid:37565001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 146.70.44.156 8443 (msg: "MISP e26851 [] Outgoing To IP: 146.70.44.156|8443"; classtype:trojan-activity; sid:37565011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 38.55.197.151 2053 (msg: "MISP e26851 [] Outgoing To IP: 38.55.197.151|2053"; classtype:trojan-activity; sid:37565021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 82.157.164.51 80 (msg: "MISP e26851 [] Outgoing To IP: 82.157.164.51|80"; classtype:trojan-activity; sid:37565031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 123.57.181.89 6000 (msg: "MISP e26851 [] Outgoing To IP: 123.57.181.89|6000"; classtype:trojan-activity; sid:37565041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 1.14.255.248 80 (msg: "MISP e26851 [] Outgoing To IP: 1.14.255.248|80"; classtype:trojan-activity; sid:37565051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 124.71.108.110 443 (msg: "MISP e26851 [] Outgoing To IP: 124.71.108.110|443"; classtype:trojan-activity; sid:37565061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 121.43.58.124 4444 (msg: "MISP e26851 [] Outgoing To IP: 121.43.58.124|4444"; classtype:trojan-activity; sid:37565071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 103.108.107.231 1024 (msg: "MISP e26851 [] Outgoing To IP: 103.108.107.231|1024"; classtype:trojan-activity; sid:37565081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 45.152.66.209 7121 (msg: "MISP e26851 [] Outgoing To IP: 45.152.66.209|7121"; classtype:trojan-activity; sid:37565091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain 93-33-203-219.ip46.fastwebnet.it"; dns.query; content:"93-33-203-219.ip46.fastwebnet.it"; nocase; pcre: "/(^|[^A-Za-z0-9-])93\-33\-203\-219\.ip46\.fastwebnet\.it$/i"; classtype:trojan-activity; sid:37565101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain 93-33-203-219.ip46.fastwebnet.it"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"93-33-203-219.ip46.fastwebnet.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])93\-33\-203\-219\.ip46\.fastwebnet\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37565102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 95.215.108.98 80 (msg: "MISP e26851 [] Outgoing To IP: 95.215.108.98|80"; classtype:trojan-activity; sid:37565111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 43.136.40.231 888 (msg: "MISP e26851 [] Outgoing To IP: 43.136.40.231|888"; classtype:trojan-activity; sid:37565121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 149.88.78.241 443 (msg: "MISP e26851 [] Outgoing To IP: 149.88.78.241|443"; classtype:trojan-activity; sid:37565131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 116.204.37.20 443 (msg: "MISP e26851 [] Outgoing To IP: 116.204.37.20|443"; classtype:trojan-activity; sid:37565141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26758 [] Domain consumos-banestado.pages.dev"; dns.query; content:"consumos-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37539231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26758;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26758 [] Outgoing HTTP Domain consumos-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consumos-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37539232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26758;) alert ip $HOME_NET any -> 3.127.181.115 13326 (msg: "MISP e26851 [] Outgoing To IP: 3.127.181.115|13326"; classtype:trojan-activity; sid:37565181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.124.142.205 19599 (msg: "MISP e26851 [] Outgoing To IP: 3.124.142.205|19599"; classtype:trojan-activity; sid:37565191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.127.181.115 13326 (msg: "MISP e26809 [njrat,RAT] Outgoing To IP: 3.127.181.115|13326"; classtype:trojan-activity; sid:37553001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 3.124.142.205 19599 (msg: "MISP e26809 [njrat,RAT] Outgoing To IP: 3.124.142.205|19599"; classtype:trojan-activity; sid:37552991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26851 [] Domain aitcaid.com"; dns.query; content:"aitcaid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aitcaid\.com$/i"; classtype:trojan-activity; sid:37858511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain aitcaid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aitcaid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aitcaid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37858512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 46.246.14.2 1998 (msg: "MISP e26809 [njrat] Outgoing To IP: 46.246.14.2|1998"; classtype:trojan-activity; sid:37553021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 46.246.14.2 1998 (msg: "MISP e26851 [] Outgoing To IP: 46.246.14.2|1998"; classtype:trojan-activity; sid:37858521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26794 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:37546991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26794;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26794 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37546992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26794;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//eeatgoodx.com"; flow:to_server,established; http.header; content:"eeatgoodx.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 81.94.150.21 $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//81.94.150.21"; flow:to_server,established; http.header; content:"81.94.150.21"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 134.122.75.115 26 (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Outgoing URL http|3a|//134.122.75.115|3a|26/activity"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 123.20.56.214 7777 (msg: "MISP e26809 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//123.20.56.214|3a|7777/ga.js"; flow:to_server,established; http.header; content:"123.20.56.214"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [CobaltStrike,cs-watermark-666666666,TERAEXCH] Domain www.nbcnews.site"; dns.query; content:"www.nbcnews.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nbcnews\.site$/i"; classtype:trojan-activity; sid:37553091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [CobaltStrike,cs-watermark-666666666,TERAEXCH] Outgoing HTTP Domain www.nbcnews.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nbcnews.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nbcnews\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37553092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//service-bvvdi136-1317500845.gz.tencentapigw.com/cx"; flow:to_server,established; http.header; content:"service-bvvdi136-1317500845.gz.tencentapigw.com"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 81.94.150.21 $HTTP_PORTS (msg: "MISP e26809 [KeitaroTDS,SocGholish] Outgoing URL http|3a|//81.94.150.21"; flow:to_server,established; http.header; content:"81.94.150.21"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e26809 [SocGholish] Domain aitcaid.com"; dns.query; content:"aitcaid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aitcaid\.com$/i"; classtype:trojan-activity; sid:37553011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [SocGholish] Outgoing HTTP Domain aitcaid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aitcaid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aitcaid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37553012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [KeitaroTDS,SocGholish] Outgoing URL http|3a|//eeatgoodx.com"; flow:to_server,established; http.header; content:"eeatgoodx.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 152.136.100.26 $HTTP_PORTS (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//152.136.100.26/pixel"; flow:to_server,established; http.header; content:"152.136.100.26"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 152.136.100.26 $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//152.136.100.26/pixel"; flow:to_server,established; http.header; content:"152.136.100.26"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//service-bvvdi136-1317500845.gz.tencentapigw.com/cx"; flow:to_server,established; http.header; content:"service-bvvdi136-1317500845.gz.tencentapigw.com"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain www.nbcnews.site"; dns.query; content:"www.nbcnews.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nbcnews\.site$/i"; classtype:trojan-activity; sid:37858641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain www.nbcnews.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nbcnews.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nbcnews\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37858642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 123.20.56.214 7777 (msg: "MISP e26851 [] Outgoing URL http|3a|//123.20.56.214|3a|7777/ga.js"; flow:to_server,established; http.header; content:"123.20.56.214"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 134.122.75.115 26 (msg: "MISP e26851 [] Outgoing URL http|3a|//134.122.75.115|3a|26/activity"; flow:to_server,established; http.header; content:"134.122.75.115"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 68.183.111.170 $HTTP_PORTS (msg: "MISP e26809 [CobaltStrike,cs-watermark-305419896,DIGITALOCEAN-ASN] Outgoing URL http|3a|//68.183.111.170/dpixel"; flow:to_server,established; http.header; content:"68.183.111.170"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 68.183.111.170 $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//68.183.111.170/dpixel"; flow:to_server,established; http.header; content:"68.183.111.170"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.142.167.54 19346 (msg: "MISP e26851 [] Outgoing To IP: 3.142.167.54|19346"; classtype:trojan-activity; sid:37858711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.142.167.4 19346 (msg: "MISP e26851 [] Outgoing To IP: 3.142.167.4|19346"; classtype:trojan-activity; sid:37858721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 3.19.130.43 19346 (msg: "MISP e26851 [] Outgoing To IP: 3.19.130.43|19346"; classtype:trojan-activity; sid:37858731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26850 [] Domain adnne-e59c95.ingress-florina.ewp.live"; dns.query; content:"adnne-e59c95.ingress-florina.ewp.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])adnne\-e59c95\.ingress\-florina\.ewp\.live$/i"; classtype:trojan-activity; sid:37563141; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26850;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26850 [] Outgoing HTTP Domain adnne-e59c95.ingress-florina.ewp.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adnne-e59c95.ingress-florina.ewp.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adnne\-e59c95\.ingress\-florina\.ewp\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37563142; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26850;) alert dns any any -> any any (msg: "MISP e26853 [] Domain thinrecordsunrjisow.pw"; dns.query; content:"thinrecordsunrjisow.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])thinrecordsunrjisow\.pw$/i"; classtype:trojan-activity; sid:37565481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26853 [] Outgoing HTTP Domain thinrecordsunrjisow.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thinrecordsunrjisow.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thinrecordsunrjisow\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37565482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert dns any any -> any any (msg: "MISP e26853 [] Domain theoryapparatusjuko.fun"; dns.query; content:"theoryapparatusjuko.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])theoryapparatusjuko\.fun$/i"; classtype:trojan-activity; sid:37565491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26853 [] Outgoing HTTP Domain theoryapparatusjuko.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"theoryapparatusjuko.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])theoryapparatusjuko\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37565492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert dns any any -> any any (msg: "MISP e26853 [] Domain telephoneverdictyow.site"; dns.query; content:"telephoneverdictyow.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])telephoneverdictyow\.site$/i"; classtype:trojan-activity; sid:37565501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26853 [] Outgoing HTTP Domain telephoneverdictyow.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"telephoneverdictyow.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])telephoneverdictyow\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37565502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert dns any any -> any any (msg: "MISP e26853 [] Domain strainriskpropos.store"; dns.query; content:"strainriskpropos.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])strainriskpropos\.store$/i"; classtype:trojan-activity; sid:37565511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26853 [] Outgoing HTTP Domain strainriskpropos.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"strainriskpropos.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])strainriskpropos\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37565512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert dns any any -> any any (msg: "MISP e26853 [] Domain snuggleapplicationswo.fun"; dns.query; content:"snuggleapplicationswo.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])snuggleapplicationswo\.fun$/i"; classtype:trojan-activity; sid:37565521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26853 [] Outgoing HTTP Domain snuggleapplicationswo.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"snuggleapplicationswo.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])snuggleapplicationswo\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37565522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert dns any any -> any any (msg: "MISP e26853 [] Domain smallrabbitcrossing.site"; dns.query; content:"smallrabbitcrossing.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])smallrabbitcrossing\.site$/i"; classtype:trojan-activity; sid:37565531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26853 [] Outgoing HTTP Domain smallrabbitcrossing.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smallrabbitcrossing.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smallrabbitcrossing\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37565532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert dns any any -> any any (msg: "MISP e26853 [] Domain punchtelephoneverdi.store"; dns.query; content:"punchtelephoneverdi.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])punchtelephoneverdi\.store$/i"; classtype:trojan-activity; sid:37565541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26853 [] Outgoing HTTP Domain punchtelephoneverdi.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"punchtelephoneverdi.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])punchtelephoneverdi\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37565542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26853;) alert ip $HOME_NET any -> 195.201.121.240 40819 (msg: "MISP e26851 [] Outgoing To IP: 195.201.121.240|40819"; classtype:trojan-activity; sid:37858761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 195.201.121.240 40819 (msg: "MISP e26809 [infostealer,RedLine,stealer] Outgoing To IP: 195.201.121.240|40819"; classtype:trojan-activity; sid:37553231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 94.156.65.180 34241 (msg: "MISP e26809 [Mirai] Outgoing To IP: 94.156.65.180|34241"; classtype:trojan-activity; sid:37553241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 94.156.65.180 34241 (msg: "MISP e26851 [] Outgoing To IP: 94.156.65.180|34241"; classtype:trojan-activity; sid:37858771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26802 [] Outgoing URL http|3a|//bancolombia-sucursal-crediagil360.replit.app"; flow:to_server,established; http.header; content:"bancolombia-sucursal-crediagil360.replit.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37550391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26802;) alert dns any any -> any any (msg: "MISP e26802 [] Domain bancolombia-sucursal-crediagil360.replit.app"; dns.query; content:"bancolombia-sucursal-crediagil360.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancolombia\-sucursal\-crediagil360\.replit\.app$/i"; classtype:trojan-activity; sid:37550421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26802;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26802 [] Outgoing HTTP Domain bancolombia-sucursal-crediagil360.replit.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancolombia-sucursal-crediagil360.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancolombia\-sucursal\-crediagil360\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26802;) alert ip $HOME_NET any -> 159.69.103.8 9001 (msg: "MISP e26809 [Vidar] Outgoing To IP: 159.69.103.8|9001"; classtype:trojan-activity; sid:37553251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 116.203.12.183 443 (msg: "MISP e26809 [Vidar] Outgoing To IP: 116.203.12.183|443"; classtype:trojan-activity; sid:37553261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 116.203.12.183 9000 (msg: "MISP e26809 [Vidar] Outgoing To IP: 116.203.12.183|9000"; classtype:trojan-activity; sid:37553271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 49.13.32.193 443 (msg: "MISP e26809 [Vidar] Outgoing To IP: 49.13.32.193|443"; classtype:trojan-activity; sid:37553281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 95.217.29.171 443 (msg: "MISP e26809 [Vidar] Outgoing To IP: 95.217.29.171|443"; classtype:trojan-activity; sid:37553291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 49.13.32.193 443 (msg: "MISP e26851 [] Outgoing To IP: 49.13.32.193|443"; classtype:trojan-activity; sid:37858831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 95.217.29.171 443 (msg: "MISP e26851 [] Outgoing To IP: 95.217.29.171|443"; classtype:trojan-activity; sid:37858841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 159.69.103.8 9001 (msg: "MISP e26851 [] Outgoing To IP: 159.69.103.8|9001"; classtype:trojan-activity; sid:37858851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 116.203.12.183 443 (msg: "MISP e26851 [] Outgoing To IP: 116.203.12.183|443"; classtype:trojan-activity; sid:37858861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 116.203.12.183 9000 (msg: "MISP e26851 [] Outgoing To IP: 116.203.12.183|9000"; classtype:trojan-activity; sid:37858871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26809 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Domain dns.artstrailreviews.com"; dns.query; content:"dns.artstrailreviews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.artstrailreviews\.com$/i"; classtype:trojan-activity; sid:37553351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26809 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing HTTP Domain dns.artstrailreviews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.artstrailreviews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.artstrailreviews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37553352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 45.77.72.150 53 (msg: "MISP e26809 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing To IP: 45.77.72.150|53"; classtype:trojan-activity; sid:37553361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert dns any any -> any any (msg: "MISP e27090 [] Domain emta.ee-control.live"; dns.query; content:"emta.ee-control.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\.ee\-control\.live$/i"; classtype:trojan-activity; sid:37774931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27090;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27090 [] Outgoing HTTP Domain emta.ee-control.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"emta.ee-control.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\.ee\-control\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27090;) alert ip $HOME_NET any -> 45.77.72.150 53 (msg: "MISP e26851 [] Outgoing To IP: 45.77.72.150|53"; classtype:trojan-activity; sid:37858881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26851 [] Domain dns.artstrailreviews.com"; dns.query; content:"dns.artstrailreviews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.artstrailreviews\.com$/i"; classtype:trojan-activity; sid:37858891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain dns.artstrailreviews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.artstrailreviews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.artstrailreviews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37858892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e27091 [] Domain e.lt-eteismai-prisijungti.net"; dns.query; content:"e.lt-eteismai-prisijungti.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net$/i"; classtype:trojan-activity; sid:37774961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27091;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27091 [] Outgoing HTTP Domain e.lt-eteismai-prisijungti.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-eteismai-prisijungti.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27091;) alert dns any any -> any any (msg: "MISP e27096 [] Domain e.lt-eteismai-prisijungti.net"; dns.query; content:"e.lt-eteismai-prisijungti.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net$/i"; classtype:trojan-activity; sid:37775111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27096;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27096 [] Outgoing HTTP Domain e.lt-eteismai-prisijungti.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-eteismai-prisijungti.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27096;) alert dns any any -> any any (msg: "MISP e27095 [] Domain e.lt-eteismai-prisijungti.net"; dns.query; content:"e.lt-eteismai-prisijungti.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net$/i"; classtype:trojan-activity; sid:37775081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27095;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27095 [] Outgoing HTTP Domain e.lt-eteismai-prisijungti.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-eteismai-prisijungti.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27095;) alert dns any any -> any any (msg: "MISP e27094 [] Domain e.lt-eteismai-prisijungti.net"; dns.query; content:"e.lt-eteismai-prisijungti.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net$/i"; classtype:trojan-activity; sid:37775051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27094;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27094 [] Outgoing HTTP Domain e.lt-eteismai-prisijungti.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-eteismai-prisijungti.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27094;) alert dns any any -> any any (msg: "MISP e27093 [] Domain e.lt-eteismai-prisijungti.net"; dns.query; content:"e.lt-eteismai-prisijungti.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net$/i"; classtype:trojan-activity; sid:37775021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27093;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27093 [] Outgoing HTTP Domain e.lt-eteismai-prisijungti.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-eteismai-prisijungti.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27093;) alert dns any any -> any any (msg: "MISP e27092 [] Domain e.lt-eteismai-prisijungti.net"; dns.query; content:"e.lt-eteismai-prisijungti.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net$/i"; classtype:trojan-activity; sid:37774991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27092;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27092 [] Outgoing HTTP Domain e.lt-eteismai-prisijungti.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-eteismai-prisijungti.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-eteismai\-prisijungti\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27092;) alert http $HOME_NET any -> 116.72.22.117 39137 (msg: "MISP e26809 [] Outgoing URL http|3a|//116.72.22.117|3a|39137/mozi.m"; flow:to_server,established; http.header; content:"116.72.22.117"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 38.132.122.178 443 (msg: "MISP e26809 [M247,sliver] Outgoing To IP: 38.132.122.178|443"; classtype:trojan-activity; sid:37553381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 38.132.122.178 443 (msg: "MISP e26851 [] Outgoing To IP: 38.132.122.178|443"; classtype:trojan-activity; sid:37858901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 116.72.22.117 39137 (msg: "MISP e26851 [] Outgoing URL http|3a|//116.72.22.117|3a|39137/Mozi.m"; flow:to_server,established; http.header; content:"116.72.22.117"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 145.239.230.233 8443 (msg: "MISP e26809 [Bianlian Go Trojan,OVH] Outgoing To IP: 145.239.230.233|8443"; classtype:trojan-activity; sid:37553391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 94.102.49.161 8080 (msg: "MISP e26809 [Havoc,INT-NETWORK] Outgoing To IP: 94.102.49.161|8080"; classtype:trojan-activity; sid:37553401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 51.159.178.12 445 (msg: "MISP e26809 [Online SAS,Responder] Outgoing To IP: 51.159.178.12|445"; classtype:trojan-activity; sid:37553411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 141.164.48.82 8443 (msg: "MISP e26809 [AS-CHOOPA,Pupy RAT] Outgoing To IP: 141.164.48.82|8443"; classtype:trojan-activity; sid:37553421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 41.227.173.126 443 (msg: "MISP e26809 [GLOBALNET-AS,QakBot] Outgoing To IP: 41.227.173.126|443"; classtype:trojan-activity; sid:37553431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 142.154.28.33 443 (msg: "MISP e26809 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 142.154.28.33|443"; classtype:trojan-activity; sid:37553441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 5.15.83.50 443 (msg: "MISP e26809 [QakBot,RCS-RDS 73-75 Dr. Staicovici] Outgoing To IP: 5.15.83.50|443"; classtype:trojan-activity; sid:37553451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 95.219.218.28 443 (msg: "MISP e26809 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 95.219.218.28|443"; classtype:trojan-activity; sid:37553461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 54.84.110.180 443 (msg: "MISP e26809 [AMAZON-AES,Pikabot] Outgoing To IP: 54.84.110.180|443"; classtype:trojan-activity; sid:37553471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip 45.144.115.43 any -> $HOME_NET any (msg: "MISP e26938 [] Incoming From IP: 45.144.115.43"; classtype:trojan-activity; sid:37724591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26938;) alert ip 2001:ee0:41a1:6eac:7d4f:90ea:f613:3981 any -> $HOME_NET any (msg: "MISP e26938 [] Incoming From IP: 2001:ee0:41a1:6eac:7d4f:90ea:f613:3981"; classtype:trojan-activity; sid:37724601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26938;) alert ip 103.242.2.252 any -> $HOME_NET any (msg: "MISP e26938 [] Incoming From IP: 103.242.2.252"; classtype:trojan-activity; sid:37724611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26938;) alert ip 2001:ee0:41a1:4424:b5fa:d5a7:be13:717d any -> $HOME_NET any (msg: "MISP e26938 [] Incoming From IP: 2001:ee0:41a1:4424:b5fa:d5a7:be13:717d"; classtype:trojan-activity; sid:37724621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26938;) alert ip 2001:ee0:41a1:6eac:79b4:b00b:ef9a:b12f any -> $HOME_NET any (msg: "MISP e26938 [] Incoming From IP: 2001:ee0:41a1:6eac:79b4:b00b:ef9a:b12f"; classtype:trojan-activity; sid:37724631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26938;) alert ip 79.110.53.20 any -> $HOME_NET any (msg: "MISP e26938 [] Incoming From IP: 79.110.53.20"; classtype:trojan-activity; sid:37724641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26938;) alert ip 113.178.27.229 any -> $HOME_NET any (msg: "MISP e26938 [] Incoming From IP: 113.178.27.229"; classtype:trojan-activity; sid:37724651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26938;) alert ip $HOME_NET any -> 54.84.110.180 443 (msg: "MISP e26851 [] Outgoing To IP: 54.84.110.180|443"; classtype:trojan-activity; sid:37858921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 95.219.218.28 443 (msg: "MISP e26851 [] Outgoing To IP: 95.219.218.28|443"; classtype:trojan-activity; sid:37858931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 5.15.83.50 443 (msg: "MISP e26851 [] Outgoing To IP: 5.15.83.50|443"; classtype:trojan-activity; sid:37858941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 142.154.28.33 443 (msg: "MISP e26851 [] Outgoing To IP: 142.154.28.33|443"; classtype:trojan-activity; sid:37858951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 41.227.173.126 443 (msg: "MISP e26851 [] Outgoing To IP: 41.227.173.126|443"; classtype:trojan-activity; sid:37858961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 141.164.48.82 8443 (msg: "MISP e26851 [] Outgoing To IP: 141.164.48.82|8443"; classtype:trojan-activity; sid:37858971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 51.159.178.12 445 (msg: "MISP e26851 [] Outgoing To IP: 51.159.178.12|445"; classtype:trojan-activity; sid:37858981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 94.102.49.161 8080 (msg: "MISP e26851 [] Outgoing To IP: 94.102.49.161|8080"; classtype:trojan-activity; sid:37858991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 145.239.230.233 8443 (msg: "MISP e26851 [] Outgoing To IP: 145.239.230.233|8443"; classtype:trojan-activity; sid:37859001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 52.28.247.255 19437 (msg: "MISP e26809 [njrat,RAT] Outgoing To IP: 52.28.247.255|19437"; classtype:trojan-activity; sid:37553481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26809 [dcrat] Outgoing URL http|3a|//102822cm.nyashsens.top/geogeneratorwp.php"; flow:to_server,established; http.header; content:"102822cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/geogeneratorwp.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26804 [] Source Email Address: contatti61@epalsment.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"contatti61@epalsment.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37550601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26804;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26804 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"solicitud de cotizaci|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37550621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26804;) alert ip 192.227.252.89 any -> $HOME_NET any (msg: "MISP e26804 [] Incoming From IP: 192.227.252.89"; classtype:trojan-activity; sid:37550631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26804;) alert dns any any -> any any (msg: "MISP e26804 [] Domain 192-227-252-89-host.colocrossing.com"; dns.query; content:"192-227-252-89-host.colocrossing.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])192\-227\-252\-89\-host\.colocrossing\.com$/i"; classtype:trojan-activity; sid:37550641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26804;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26804 [] Outgoing HTTP Domain 192-227-252-89-host.colocrossing.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"192-227-252-89-host.colocrossing.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])192\-227\-252\-89\-host\.colocrossing\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550642; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26804;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//102822cm.nyashsens.top/GeoGeneratorwp.php"; flow:to_server,established; http.header; content:"102822cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/GeoGeneratorwp.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37859011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 52.28.247.255 19437 (msg: "MISP e26851 [] Outgoing To IP: 52.28.247.255|19437"; classtype:trojan-activity; sid:37859021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip 101.108.97.160 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.108.97.160"; classtype:trojan-activity; sid:37756731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 103.38.12.88 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.38.12.88"; classtype:trojan-activity; sid:37756741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 110.46.173.94 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.46.173.94"; classtype:trojan-activity; sid:37756751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 103.42.243.2 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.42.243.2"; classtype:trojan-activity; sid:37756761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 111.250.52.165 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.250.52.165"; classtype:trojan-activity; sid:37756771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 111.246.188.141 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.246.188.141"; classtype:trojan-activity; sid:37756781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 112.102.169.240 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.169.240"; classtype:trojan-activity; sid:37756791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 111.70.30.82 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.30.82"; classtype:trojan-activity; sid:37756801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 112.243.92.57 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.243.92.57"; classtype:trojan-activity; sid:37756811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 112.112.244.25 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.112.244.25"; classtype:trojan-activity; sid:37756821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 113.53.84.13 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.53.84.13"; classtype:trojan-activity; sid:37756831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 113.226.213.81 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.226.213.81"; classtype:trojan-activity; sid:37756841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 114.221.222.203 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.221.222.203"; classtype:trojan-activity; sid:37756851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 114.32.97.195 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.97.195"; classtype:trojan-activity; sid:37756861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 116.2.169.123 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.2.169.123"; classtype:trojan-activity; sid:37756871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 114.35.7.122 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.35.7.122"; classtype:trojan-activity; sid:37756881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 117.202.46.235 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.202.46.235"; classtype:trojan-activity; sid:37756891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 117.209.118.167 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.209.118.167"; classtype:trojan-activity; sid:37756901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 117.194.96.58 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.194.96.58"; classtype:trojan-activity; sid:37756911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 117.243.192.95 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.243.192.95"; classtype:trojan-activity; sid:37756921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 117.35.240.93 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.35.240.93"; classtype:trojan-activity; sid:37756931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 117.203.150.81 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.203.150.81"; classtype:trojan-activity; sid:37756941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 120.229.211.159 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.229.211.159"; classtype:trojan-activity; sid:37756951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 121.61.140.12 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.140.12"; classtype:trojan-activity; sid:37756961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 117.236.182.245 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.236.182.245"; classtype:trojan-activity; sid:37756971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 135.180.27.109 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 135.180.27.109"; classtype:trojan-activity; sid:37756981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 148.75.61.73 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.75.61.73"; classtype:trojan-activity; sid:37756991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 117.26.67.196 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.26.67.196"; classtype:trojan-activity; sid:37757001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 153.156.0.157 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.156.0.157"; classtype:trojan-activity; sid:37757011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 171.38.221.225 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.38.221.225"; classtype:trojan-activity; sid:37757021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 119.100.99.3 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.100.99.3"; classtype:trojan-activity; sid:37757031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 121.234.187.36 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.234.187.36"; classtype:trojan-activity; sid:37757041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 177.22.46.109 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.22.46.109"; classtype:trojan-activity; sid:37757051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 124.92.209.85 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.92.209.85"; classtype:trojan-activity; sid:37757061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 141.98.7.237 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.7.237"; classtype:trojan-activity; sid:37757071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 188.113.47.228 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.113.47.228"; classtype:trojan-activity; sid:37757081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 201.248.21.89 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.248.21.89"; classtype:trojan-activity; sid:37757091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 152.253.124.193 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.253.124.193"; classtype:trojan-activity; sid:37757101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 170.78.39.66 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.78.39.66"; classtype:trojan-activity; sid:37757111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 213.59.156.9 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.59.156.9"; classtype:trojan-activity; sid:37757121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 218.151.55.130 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.151.55.130"; classtype:trojan-activity; sid:37757131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 220.173.32.171 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.173.32.171"; classtype:trojan-activity; sid:37757141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 175.13.4.164 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.13.4.164"; classtype:trojan-activity; sid:37757151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 222.116.19.43 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.116.19.43"; classtype:trojan-activity; sid:37757161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 36.49.37.190 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.49.37.190"; classtype:trojan-activity; sid:37757171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 180.116.28.62 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.116.28.62"; classtype:trojan-activity; sid:37757181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 198.235.24.247 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.247"; classtype:trojan-activity; sid:37757191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 42.243.140.8 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.243.140.8"; classtype:trojan-activity; sid:37757201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 220.192.237.223 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.192.237.223"; classtype:trojan-activity; sid:37757211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 223.151.228.40 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.228.40"; classtype:trojan-activity; sid:37757221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 211.33.207.184 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.33.207.184"; classtype:trojan-activity; sid:37757231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 219.157.34.179 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.157.34.179"; classtype:trojan-activity; sid:37757241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 218.149.99.121 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.149.99.121"; classtype:trojan-activity; sid:37757251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 119.91.146.160 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.146.160"; classtype:trojan-activity; sid:37757281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 58.54.205.141 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.205.141"; classtype:trojan-activity; sid:37757261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 49.73.80.135 any -> $HOME_NET any (msg: "MISP e26984 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.73.80.135"; classtype:trojan-activity; sid:37757271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26984;) alert ip 170.64.193.215 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.193.215"; classtype:trojan-activity; sid:37757291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 213.35.189.86 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.35.189.86"; classtype:trojan-activity; sid:37757301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 152.32.134.89 any -> $HOME_NET any (msg: "MISP e26986 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.134.89"; classtype:trojan-activity; sid:37757441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26986;) alert ip 73.150.33.205 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 73.150.33.205"; classtype:trojan-activity; sid:37757311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 45.79.38.219 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.38.219"; classtype:trojan-activity; sid:37757321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 54.90.202.118 any -> $HOME_NET any (msg: "MISP e26987 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.90.202.118"; classtype:trojan-activity; sid:37757501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26987;) alert ip 179.60.147.47 any -> $HOME_NET any (msg: "MISP e26986 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.60.147.47"; classtype:trojan-activity; sid:37757451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26986;) alert ip 103.20.97.207 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.20.97.207"; classtype:trojan-activity; sid:37757331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 185.146.215.40 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.146.215.40"; classtype:trojan-activity; sid:37757341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 43.129.219.189 any -> $HOME_NET any (msg: "MISP e26986 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.219.189"; classtype:trojan-activity; sid:37757461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26986;) alert ip 198.235.24.115 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.115"; classtype:trojan-activity; sid:37757351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 64.62.197.227 any -> $HOME_NET any (msg: "MISP e26986 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.227"; classtype:trojan-activity; sid:37757471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26986;) alert ip 96.44.153.169 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.44.153.169"; classtype:trojan-activity; sid:37757361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 121.43.179.165 any -> $HOME_NET any (msg: "MISP e26987 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.43.179.165"; classtype:trojan-activity; sid:37757511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26987;) alert ip 162.243.152.4 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.152.4"; classtype:trojan-activity; sid:37757371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 43.153.176.141 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.176.141"; classtype:trojan-activity; sid:37757381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 49.0.194.43 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.0.194.43"; classtype:trojan-activity; sid:37757391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 212.220.211.218 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.220.211.218"; classtype:trojan-activity; sid:37757401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 47.242.77.181 any -> $HOME_NET any (msg: "MISP e26987 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.77.181"; classtype:trojan-activity; sid:37757521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26987;) alert ip 222.255.117.32 any -> $HOME_NET any (msg: "MISP e26988 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.255.117.32"; classtype:trojan-activity; sid:37757551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26988;) alert ip 8.210.105.141 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.210.105.141"; classtype:trojan-activity; sid:37757411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 205.210.31.134 any -> $HOME_NET any (msg: "MISP e26986 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.134"; classtype:trojan-activity; sid:37757481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26986;) alert ip 23.90.165.131 any -> $HOME_NET any (msg: "MISP e26987 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.90.165.131"; classtype:trojan-activity; sid:37757531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26987;) alert ip 104.152.52.237 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.152.52.237"; classtype:trojan-activity; sid:37757421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 138.197.141.28 any -> $HOME_NET any (msg: "MISP e26985 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.141.28"; classtype:trojan-activity; sid:37757431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26985;) alert ip 50.31.21.10 any -> $HOME_NET any (msg: "MISP e26986 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.31.21.10"; classtype:trojan-activity; sid:37757491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26986;) alert ip 143.244.142.125 any -> $HOME_NET any (msg: "MISP e26987 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.244.142.125"; classtype:trojan-activity; sid:37757541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26987;) alert dns any any -> any any (msg: "MISP e26851 [] Domain followcache.com"; dns.query; content:"followcache.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])followcache\.com$/i"; classtype:trojan-activity; sid:37859031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26851 [] Outgoing HTTP Domain followcache.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"followcache.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])followcache\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37859032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 173.211.81.11 443 (msg: "MISP e26851 [] Outgoing To IP: 173.211.81.11|443"; classtype:trojan-activity; sid:37859041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 156.96.155.234 56999 (msg: "MISP e26851 [] Outgoing To IP: 156.96.155.234|56999"; classtype:trojan-activity; sid:37859051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 93.123.85.174 43957 (msg: "MISP e26851 [] Outgoing To IP: 93.123.85.174|43957"; classtype:trojan-activity; sid:37859061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26805 [] Source Email Address: info@razorshed.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"info@razorshed.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37550731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26805;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26805 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"BL, Invoice and Packing List.html|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37550751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26805;) alert ip 146.70.81.82 any -> $HOME_NET any (msg: "MISP e26805 [] Incoming From IP: 146.70.81.82"; classtype:trojan-activity; sid:37550761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26805;) alert dns any any -> any any (msg: "MISP e26805 [] Domain razorshed.com"; dns.query; content:"razorshed.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])razorshed\.com$/i"; classtype:trojan-activity; sid:37550771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26805;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26805 [] Outgoing HTTP Domain razorshed.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"razorshed.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])razorshed\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26805;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26806 [] Source Email Address: m137185@ipatinga.mg.gov.br"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"m137185@ipatinga.mg.gov.br"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37550801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26806;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26806 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"Recibo de Pago.Pdf.html|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37550821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26806;) alert ip 189.76.226.132 any -> $HOME_NET any (msg: "MISP e26806 [] Incoming From IP: 189.76.226.132"; classtype:trojan-activity; sid:37550831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26806;) alert dns any any -> any any (msg: "MISP e26806 [] Domain mail.ipatinga.mg.gov.br"; dns.query; content:"mail.ipatinga.mg.gov.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.ipatinga\.mg\.gov\.br$/i"; classtype:trojan-activity; sid:37550841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26806;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26806 [] Outgoing HTTP Domain mail.ipatinga.mg.gov.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.ipatinga.mg.gov.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.ipatinga\.mg\.gov\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26806;) alert ip $HOME_NET any -> 102.47.184.255 1177 (msg: "MISP e26809 [njrat] Outgoing To IP: 102.47.184.255|1177"; classtype:trojan-activity; sid:37553501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert http $HOME_NET any -> 68.183.111.170 $HTTP_PORTS (msg: "MISP e26809 [CobaltStrike,cs-watermark-987654321,DIGITALOCEAN-ASN] Outgoing URL http|3a|//68.183.111.170/ca"; flow:to_server,established; http.header; content:"68.183.111.170"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 193.168.173.45 443 (msg: "MISP e26809 [CLOUDWEBMANAGE-EU,CobaltStrike,cs-watermark-177309403] Outgoing To IP: 193.168.173.45|443"; classtype:trojan-activity; sid:37553531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 121.43.55.149 443 (msg: "MISP e26809 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938] Outgoing To IP: 121.43.55.149|443"; classtype:trojan-activity; sid:37553621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26809;) alert ip $HOME_NET any -> 121.43.55.149 443 (msg: "MISP e26851 [] Outgoing To IP: 121.43.55.149|443"; classtype:trojan-activity; sid:37859081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 193.168.173.45 443 (msg: "MISP e26851 [] Outgoing To IP: 193.168.173.45|443"; classtype:trojan-activity; sid:37859171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert http $HOME_NET any -> 68.183.111.170 $HTTP_PORTS (msg: "MISP e26851 [] Outgoing URL http|3a|//68.183.111.170/ca"; flow:to_server,established; http.header; content:"68.183.111.170"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37859191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert ip $HOME_NET any -> 102.47.184.255 1177 (msg: "MISP e26851 [] Outgoing To IP: 102.47.184.255|1177"; classtype:trojan-activity; sid:37859201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26851;) alert dns any any -> any any (msg: "MISP e26807 [] Domain mi.tarjetacencosud-cl.awadgallery.co.uk"; dns.query; content:"mi.tarjetacencosud-cl.awadgallery.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\.tarjetacencosud\-cl\.awadgallery\.co\.uk$/i"; classtype:trojan-activity; sid:37550871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26807;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26807 [] Outgoing HTTP Domain mi.tarjetacencosud-cl.awadgallery.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi.tarjetacencosud-cl.awadgallery.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\.tarjetacencosud\-cl\.awadgallery\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26807;) alert dns any any -> any any (msg: "MISP e27169 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Domain amma.myftp.biz"; dns.query; content:"amma.myftp.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-])amma\.myftp\.biz$/i"; classtype:trojan-activity; sid:37856301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [njrat,RAT,misp-galaxy:malpedia="NjRAT",misp:confidence-level="usually-confident"] Outgoing HTTP Domain amma.myftp.biz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"amma.myftp.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])amma\.myftp\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37856302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27041 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|/aeey7hxzgl6zowiwhteo5xjbf6sb36tkbn5hptykgmbsjrbiygv4c4id.onion"; flow:to_server,established; http.header; content:""; fast_pattern; nocase; http.uri; content:"/aeey7hxzgl6zowiwhteo5xjbf6sb36tkbn5hptykgmbsjrbiygv4c4id.onion"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37773211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27041;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27041 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//znuzuy4hkjacew5y2q7mo63hufhzzjtsr2bkjetxqjibk4ctfl7jghyd.onion/"; flow:to_server,established; http.header; content:"znuzuy4hkjacew5y2q7mo63hufhzzjtsr2bkjetxqjibk4ctfl7jghyd.onion"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37773221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27041;) alert ip $HOME_NET any -> 2.57.149.233 3366 (msg: "MISP e27041 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing To IP: 2.57.149.233|3366"; classtype:trojan-activity; sid:37773231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27041;) alert ip $HOME_NET any -> 45.227.253.106 8000 (msg: "MISP e27041 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing To IP: 45.227.253.106|8000"; classtype:trojan-activity; sid:37773241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27041;) alert ip $HOME_NET any -> 45.227.253.99 8000 (msg: "MISP e27041 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing To IP: 45.227.253.99|8000"; classtype:trojan-activity; sid:37773251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27041;) alert dns any any -> any any (msg: "MISP e27103 [] Domain e.lt-dok-prisijungti.net"; dns.query; content:"e.lt-dok-prisijungti.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-prisijungti\.net$/i"; classtype:trojan-activity; sid:37775271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27103;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27103 [] Outgoing HTTP Domain e.lt-dok-prisijungti.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-prisijungti.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-prisijungti\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27103;) alert dns any any -> any any (msg: "MISP e27102 [] Domain e.lt-dok-prisijungti.net"; dns.query; content:"e.lt-dok-prisijungti.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-prisijungti\.net$/i"; classtype:trojan-activity; sid:37775241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27102;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27102 [] Outgoing HTTP Domain e.lt-dok-prisijungti.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-prisijungti.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-prisijungti\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27102;) alert dns any any -> any any (msg: "MISP e27086 [] Domain e.lt-dok-prisijungti.net"; dns.query; content:"e.lt-dok-prisijungti.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-prisijungti\.net$/i"; classtype:trojan-activity; sid:37774831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27086;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27086 [] Outgoing HTTP Domain e.lt-dok-prisijungti.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-prisijungti.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-prisijungti\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27086;) alert dns any any -> any any (msg: "MISP e27084 [] Domain e.lt-dok-prisijungti.net"; dns.query; content:"e.lt-dok-prisijungti.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-prisijungti\.net$/i"; classtype:trojan-activity; sid:37774771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27084;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27084 [] Outgoing HTTP Domain e.lt-dok-prisijungti.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-prisijungti.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-prisijungti\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27084;) alert dns any any -> any any (msg: "MISP e27085 [] Domain e.lt-dok-prisijungti.net"; dns.query; content:"e.lt-dok-prisijungti.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-prisijungti\.net$/i"; classtype:trojan-activity; sid:37774801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27085;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27085 [] Outgoing HTTP Domain e.lt-dok-prisijungti.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e.lt-dok-prisijungti.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\.lt\-dok\-prisijungti\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27085;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26808 [] Outgoing URL http|3a|//dev-virtual-login-02-21-2024.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-virtual-login-02-21-2024.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37550941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26808;) alert dns any any -> any any (msg: "MISP e26808 [] Domain dev-virtual-login-02-21-2024.pantheonsite.io"; dns.query; content:"dev-virtual-login-02-21-2024.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-virtual\-login\-02\-21\-2024\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37550991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26808;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26808 [] Outgoing HTTP Domain dev-virtual-login-02-21-2024.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-virtual-login-02-21-2024.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-virtual\-login\-02\-21\-2024\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37550992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26808;) alert ip $HOME_NET any -> 5.75.162.217 43724 (msg: "MISP e27169 [infostealer,RedLine,stealer] Outgoing To IP: 5.75.162.217|43724"; classtype:trojan-activity; sid:37856331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 45.148.4.19 8888 (msg: "MISP e26826 [c2,Venom] Outgoing To IP: 45.148.4.19|8888"; classtype:trojan-activity; sid:37555141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 159.69.103.8 80 (msg: "MISP e26826 [c2,Vidar] Outgoing To IP: 159.69.103.8|80"; classtype:trojan-activity; sid:37555151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 159.69.103.8 443 (msg: "MISP e26826 [c2,Vidar] Outgoing To IP: 159.69.103.8|443"; classtype:trojan-activity; sid:37555161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 65.109.242.25 80 (msg: "MISP e26826 [c2,Vidar] Outgoing To IP: 65.109.242.25|80"; classtype:trojan-activity; sid:37555171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 65.109.242.25 5432 (msg: "MISP e26826 [c2,Vidar] Outgoing To IP: 65.109.242.25|5432"; classtype:trojan-activity; sid:37555181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 95.217.31.198 80 (msg: "MISP e26826 [c2,Vidar] Outgoing To IP: 95.217.31.198|80"; classtype:trojan-activity; sid:37555191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 49.13.32.193 80 (msg: "MISP e26826 [c2,Vidar] Outgoing To IP: 49.13.32.193|80"; classtype:trojan-activity; sid:37555201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 95.217.29.171 80 (msg: "MISP e26826 [c2,Vidar] Outgoing To IP: 95.217.29.171|80"; classtype:trojan-activity; sid:37555211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 116.203.3.120 80 (msg: "MISP e26826 [c2,Vidar] Outgoing To IP: 116.203.3.120|80"; classtype:trojan-activity; sid:37555221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 193.233.132.21 80 (msg: "MISP e26826 [c2,recordbreaker] Outgoing To IP: 193.233.132.21|80"; classtype:trojan-activity; sid:37555231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 193.233.132.75 80 (msg: "MISP e26826 [c2,recordbreaker] Outgoing To IP: 193.233.132.75|80"; classtype:trojan-activity; sid:37555241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 92.223.106.203 12134 (msg: "MISP e26826 [c2,orcus_rat] Outgoing To IP: 92.223.106.203|12134"; classtype:trojan-activity; sid:37555251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 193.233.132.18 8081 (msg: "MISP e26826 [c2,Risepro] Outgoing To IP: 193.233.132.18|8081"; classtype:trojan-activity; sid:37555261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 193.233.132.235 8081 (msg: "MISP e26826 [c2,Risepro] Outgoing To IP: 193.233.132.235|8081"; classtype:trojan-activity; sid:37555271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 20.215.188.233 8081 (msg: "MISP e26826 [c2,Risepro] Outgoing To IP: 20.215.188.233|8081"; classtype:trojan-activity; sid:37555281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 4.233.217.146 80 (msg: "MISP e26826 [c2,hook] Outgoing To IP: 4.233.217.146|80"; classtype:trojan-activity; sid:37555291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 20.106.172.90 80 (msg: "MISP e26826 [c2,hook] Outgoing To IP: 20.106.172.90|80"; classtype:trojan-activity; sid:37555301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 91.92.250.128 80 (msg: "MISP e26826 [c2,hook] Outgoing To IP: 91.92.250.128|80"; classtype:trojan-activity; sid:37555311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 104.129.182.25 80 (msg: "MISP e26826 [c2,hook] Outgoing To IP: 104.129.182.25|80"; classtype:trojan-activity; sid:37555321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 193.233.132.21 80 (msg: "MISP e27169 [c2,misp:confidence-level="usually-confident"] Outgoing To IP: 193.233.132.21|80"; classtype:trojan-activity; sid:37856351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 116.203.3.120 80 (msg: "MISP e27169 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 116.203.3.120|80"; classtype:trojan-activity; sid:37856361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 95.217.29.171 80 (msg: "MISP e27169 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 95.217.29.171|80"; classtype:trojan-activity; sid:37856371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 49.13.32.193 80 (msg: "MISP e27169 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 49.13.32.193|80"; classtype:trojan-activity; sid:37856381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 95.217.31.198 80 (msg: "MISP e27169 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 95.217.31.198|80"; classtype:trojan-activity; sid:37856391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 65.109.242.25 5432 (msg: "MISP e27169 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 65.109.242.25|5432"; classtype:trojan-activity; sid:37856401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 65.109.242.25 80 (msg: "MISP e27169 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 65.109.242.25|80"; classtype:trojan-activity; sid:37856411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 159.69.103.8 443 (msg: "MISP e27169 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 159.69.103.8|443"; classtype:trojan-activity; sid:37856421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 159.69.103.8 80 (msg: "MISP e27169 [c2,Vidar,misp-galaxy:malpedia="vidar",misp:confidence-level="usually-confident"] Outgoing To IP: 159.69.103.8|80"; classtype:trojan-activity; sid:37856431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 45.148.4.19 8888 (msg: "MISP e27169 [c2,misp:confidence-level="usually-confident"] Outgoing To IP: 45.148.4.19|8888"; classtype:trojan-activity; sid:37856441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 164.90.169.184 31228 (msg: "MISP e26826 [c2,cobalt_strike] Outgoing To IP: 164.90.169.184|31228"; classtype:trojan-activity; sid:37555331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 43.139.74.167 50034 (msg: "MISP e26826 [c2,cobalt_strike] Outgoing To IP: 43.139.74.167|50034"; classtype:trojan-activity; sid:37555341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 103.151.217.93 50050 (msg: "MISP e26826 [c2,cobalt_strike] Outgoing To IP: 103.151.217.93|50050"; classtype:trojan-activity; sid:37555351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 43.137.5.20 8888 (msg: "MISP e26826 [c2,cobalt_strike] Outgoing To IP: 43.137.5.20|8888"; classtype:trojan-activity; sid:37555361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 5.188.87.36 36543 (msg: "MISP e26826 [c2,cobalt_strike] Outgoing To IP: 5.188.87.36|36543"; classtype:trojan-activity; sid:37555371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 161.35.203.116 50050 (msg: "MISP e26826 [c2,cobalt_strike] Outgoing To IP: 161.35.203.116|50050"; classtype:trojan-activity; sid:37555381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 139.159.197.241 50050 (msg: "MISP e26826 [c2,cobalt_strike] Outgoing To IP: 139.159.197.241|50050"; classtype:trojan-activity; sid:37555391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 103.28.33.96 2023 (msg: "MISP e26826 [c2,moobot] Outgoing To IP: 103.28.33.96|2023"; classtype:trojan-activity; sid:37555401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 103.28.33.96 2023 (msg: "MISP e27169 [] Outgoing To IP: 103.28.33.96|2023"; classtype:trojan-activity; sid:37856451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 139.159.197.241 50050 (msg: "MISP e27169 [] Outgoing To IP: 139.159.197.241|50050"; classtype:trojan-activity; sid:37856461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 161.35.203.116 50050 (msg: "MISP e27169 [] Outgoing To IP: 161.35.203.116|50050"; classtype:trojan-activity; sid:37856471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 5.188.87.36 36543 (msg: "MISP e27169 [] Outgoing To IP: 5.188.87.36|36543"; classtype:trojan-activity; sid:37856481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 43.137.5.20 8888 (msg: "MISP e27169 [] Outgoing To IP: 43.137.5.20|8888"; classtype:trojan-activity; sid:37856491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 103.151.217.93 50050 (msg: "MISP e27169 [] Outgoing To IP: 103.151.217.93|50050"; classtype:trojan-activity; sid:37856501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 43.139.74.167 50034 (msg: "MISP e27169 [] Outgoing To IP: 43.139.74.167|50034"; classtype:trojan-activity; sid:37856511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 164.90.169.184 31228 (msg: "MISP e27169 [] Outgoing To IP: 164.90.169.184|31228"; classtype:trojan-activity; sid:37856521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 104.129.182.25 80 (msg: "MISP e27169 [] Outgoing To IP: 104.129.182.25|80"; classtype:trojan-activity; sid:37856531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 91.92.250.128 80 (msg: "MISP e27169 [] Outgoing To IP: 91.92.250.128|80"; classtype:trojan-activity; sid:37856541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 20.106.172.90 80 (msg: "MISP e27169 [] Outgoing To IP: 20.106.172.90|80"; classtype:trojan-activity; sid:37856551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 4.233.217.146 80 (msg: "MISP e27169 [] Outgoing To IP: 4.233.217.146|80"; classtype:trojan-activity; sid:37856561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 20.215.188.233 8081 (msg: "MISP e27169 [] Outgoing To IP: 20.215.188.233|8081"; classtype:trojan-activity; sid:37856571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 193.233.132.235 8081 (msg: "MISP e27169 [] Outgoing To IP: 193.233.132.235|8081"; classtype:trojan-activity; sid:37856581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 193.233.132.18 8081 (msg: "MISP e27169 [] Outgoing To IP: 193.233.132.18|8081"; classtype:trojan-activity; sid:37856591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 92.223.106.203 12134 (msg: "MISP e27169 [] Outgoing To IP: 92.223.106.203|12134"; classtype:trojan-activity; sid:37856601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 193.233.132.75 80 (msg: "MISP e27169 [] Outgoing To IP: 193.233.132.75|80"; classtype:trojan-activity; sid:37856611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26810 [] Outgoing URL http|3a|//dev-security-02-21-2024.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-security-02-21-2024.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26810;) alert dns any any -> any any (msg: "MISP e26810 [] Domain dev-security-02-21-2024.pantheonsite.io"; dns.query; content:"dev-security-02-21-2024.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-security\-02\-21\-2024\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37553691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26810 [] Outgoing HTTP Domain dev-security-02-21-2024.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-security-02-21-2024.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-security\-02\-21\-2024\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37553692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26810;) alert ip $HOME_NET any -> 185.133.40.202 80 (msg: "MISP e27169 [] Outgoing To IP: 185.133.40.202|80"; classtype:trojan-activity; sid:37856621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 146.71.78.14 151 (msg: "MISP e27169 [] Outgoing To IP: 146.71.78.14|151"; classtype:trojan-activity; sid:37856631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 222.186.174.9 43268 (msg: "MISP e26826 [njrat] Outgoing To IP: 222.186.174.9|43268"; classtype:trojan-activity; sid:37555421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 222.186.174.9 43268 (msg: "MISP e27169 [] Outgoing To IP: 222.186.174.9|43268"; classtype:trojan-activity; sid:37856641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 185.133.40.202 80 (msg: "MISP e26826 [infostealer,RedLine,stealer] Outgoing To IP: 185.133.40.202|80"; classtype:trojan-activity; sid:37555411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 5.75.162.217 43724 (msg: "MISP e26826 [infostealer,RedLine,stealer] Outgoing To IP: 5.75.162.217|43724"; classtype:trojan-activity; sid:37555121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [njrat,RAT] Domain amma.myftp.biz"; dns.query; content:"amma.myftp.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-])amma\.myftp\.biz$/i"; classtype:trojan-activity; sid:37555101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [njrat,RAT] Outgoing HTTP Domain amma.myftp.biz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"amma.myftp.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])amma\.myftp\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37555102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 103.183.115.241 $HTTP_PORTS (msg: "MISP e26978 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//103.183.115.241/rEBfTcmbhlXwFfMTfw228.bin"; flow:to_server,established; http.header; content:"103.183.115.241"; fast_pattern; nocase; http.uri; content:"/rEBfTcmbhlXwFfMTfw228.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37753351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26978;) alert ip $HOME_NET any -> 147.182.190.27 8888 (msg: "MISP e26826 [DIGITALOCEAN-ASN,sliver] Outgoing To IP: 147.182.190.27|8888"; classtype:trojan-activity; sid:37555431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 159.89.204.198 8888 (msg: "MISP e26826 [DIGITALOCEAN-ASN,sliver] Outgoing To IP: 159.89.204.198|8888"; classtype:trojan-activity; sid:37555441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 159.89.204.198 31337 (msg: "MISP e26826 [DIGITALOCEAN-ASN,sliver] Outgoing To IP: 159.89.204.198|31337"; classtype:trojan-activity; sid:37555451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 103.35.189.93 443 (msg: "MISP e26826 [Bianlian Go Trojan,STARK-INDUSTRIES] Outgoing To IP: 103.35.189.93|443"; classtype:trojan-activity; sid:37555461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 103.35.189.93 8443 (msg: "MISP e26826 [Bianlian Go Trojan,STARK-INDUSTRIES] Outgoing To IP: 103.35.189.93|8443"; classtype:trojan-activity; sid:37555471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 193.239.86.189 443 (msg: "MISP e26826 [Havoc,M247] Outgoing To IP: 193.239.86.189|443"; classtype:trojan-activity; sid:37555481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 154.246.82.173 995 (msg: "MISP e26826 [ALGTEL-AS,QakBot] Outgoing To IP: 154.246.82.173|995"; classtype:trojan-activity; sid:37555491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 41.97.43.5 443 (msg: "MISP e26826 [ALGTEL-AS,QakBot] Outgoing To IP: 41.97.43.5|443"; classtype:trojan-activity; sid:37555501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 41.96.190.102 443 (msg: "MISP e26826 [ALGTEL-AS,QakBot] Outgoing To IP: 41.96.190.102|443"; classtype:trojan-activity; sid:37555511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 5.42.92.25 8848 (msg: "MISP e26826 [ALTAWK,dcrat] Outgoing To IP: 5.42.92.25|8848"; classtype:trojan-activity; sid:37555521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 165.232.41.54 8888 (msg: "MISP e26826 [DIGITALOCEAN-ASN,Supershell] Outgoing To IP: 165.232.41.54|8888"; classtype:trojan-activity; sid:37555531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 103.233.11.13 8888 (msg: "MISP e26826 [MYCLOUD-AS-AP LUOGELANG FRANCE LIMITED,Supershell] Outgoing To IP: 103.233.11.13|8888"; classtype:trojan-activity; sid:37555541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 103.233.11.14 8888 (msg: "MISP e26826 [MYCLOUD-AS-AP LUOGELANG FRANCE LIMITED,Supershell] Outgoing To IP: 103.233.11.14|8888"; classtype:trojan-activity; sid:37555551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 103.233.11.14 8888 (msg: "MISP e27169 [] Outgoing To IP: 103.233.11.14|8888"; classtype:trojan-activity; sid:37856651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 103.233.11.13 8888 (msg: "MISP e27169 [] Outgoing To IP: 103.233.11.13|8888"; classtype:trojan-activity; sid:37856661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 165.232.41.54 8888 (msg: "MISP e27169 [] Outgoing To IP: 165.232.41.54|8888"; classtype:trojan-activity; sid:37856671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 5.42.92.25 8848 (msg: "MISP e27169 [] Outgoing To IP: 5.42.92.25|8848"; classtype:trojan-activity; sid:37856681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 41.96.190.102 443 (msg: "MISP e27169 [] Outgoing To IP: 41.96.190.102|443"; classtype:trojan-activity; sid:37856691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 41.97.43.5 443 (msg: "MISP e27169 [] Outgoing To IP: 41.97.43.5|443"; classtype:trojan-activity; sid:37856701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 154.246.82.173 995 (msg: "MISP e27169 [] Outgoing To IP: 154.246.82.173|995"; classtype:trojan-activity; sid:37856711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 193.239.86.189 443 (msg: "MISP e27169 [] Outgoing To IP: 193.239.86.189|443"; classtype:trojan-activity; sid:37856721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 103.35.189.93 8443 (msg: "MISP e27169 [] Outgoing To IP: 103.35.189.93|8443"; classtype:trojan-activity; sid:37856731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 103.35.189.93 443 (msg: "MISP e27169 [] Outgoing To IP: 103.35.189.93|443"; classtype:trojan-activity; sid:37856741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 159.89.204.198 31337 (msg: "MISP e27169 [] Outgoing To IP: 159.89.204.198|31337"; classtype:trojan-activity; sid:37856751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 159.89.204.198 8888 (msg: "MISP e27169 [] Outgoing To IP: 159.89.204.198|8888"; classtype:trojan-activity; sid:37856761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 147.182.190.27 8888 (msg: "MISP e27169 [] Outgoing To IP: 147.182.190.27|8888"; classtype:trojan-activity; sid:37856771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 5.42.65.107 any (msg: "MISP e27078 [] Outgoing To IP: 5.42.65.107"; classtype:trojan-activity; sid:37774561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27078;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27088 [] Outgoing URL http|3a|//zakhbat.m.online.fr/zatik2/"; flow:to_server,established; http.header; content:"zakhbat.m.online.fr"; fast_pattern; nocase; http.uri; content:"/zatik2/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37774891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27088;) alert dns any any -> any any (msg: "MISP e27080 [] Domain omniva.johanpotgieterfa.co.za"; dns.query; content:"omniva.johanpotgieterfa.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.johanpotgieterfa\.co\.za$/i"; classtype:trojan-activity; sid:37774681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27080;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27080 [] Outgoing HTTP Domain omniva.johanpotgieterfa.co.za"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omniva.johanpotgieterfa.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.johanpotgieterfa\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27080;) alert ip $HOME_NET any -> 64.176.178.205 2017 (msg: "MISP e26826 [AveMariaRAT,RAT] Outgoing To IP: 64.176.178.205|2017"; classtype:trojan-activity; sid:37555561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e27087 [] Domain omniva.johanpotgieterfa.co.za"; dns.query; content:"omniva.johanpotgieterfa.co.za"; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.johanpotgieterfa\.co\.za$/i"; classtype:trojan-activity; sid:37774861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27087;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27087 [] Outgoing HTTP Domain omniva.johanpotgieterfa.co.za"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omniva.johanpotgieterfa.co.za"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.johanpotgieterfa\.co\.za[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27087;) alert ip $HOME_NET any -> 64.176.178.205 2017 (msg: "MISP e27169 [] Outgoing To IP: 64.176.178.205|2017"; classtype:trojan-activity; sid:37856781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e24600 [] Outgoing URL http|3a|//post.lu.iwsea.pt/"; flow:to_server,established; http.header; content:"post.lu.iwsea.pt"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37765661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain post.lu.iwsea.pt"; dns.query; content:"post.lu.iwsea.pt"; nocase; pcre: "/(^|[^A-Za-z0-9-])post\.lu\.iwsea\.pt$/i"; classtype:trojan-activity; sid:37765691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain post.lu.iwsea.pt"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"post.lu.iwsea.pt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])post\.lu\.iwsea\.pt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37765692; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e27030 [] Domain nkbm-online.com"; dns.query; content:"nkbm-online.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nkbm\-online\.com$/i"; classtype:trojan-activity; sid:37767311; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27030;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27030 [] Outgoing HTTP Domain nkbm-online.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nkbm-online.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nkbm\-online\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37767312; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27030;) alert ip $HOME_NET any -> 5.181.80.116 3090 (msg: "MISP e26826 [c2,Mirai,TAMATIYA-AS] Outgoing To IP: 5.181.80.116|3090"; classtype:trojan-activity; sid:37555591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 5.181.80.177 3090 (msg: "MISP e26826 [c2,Mirai,TAMATIYA-AS] Outgoing To IP: 5.181.80.177|3090"; classtype:trojan-activity; sid:37555601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 5.181.80.27 3090 (msg: "MISP e26826 [c2,Mirai,TAMATIYA-AS] Outgoing To IP: 5.181.80.27|3090"; classtype:trojan-activity; sid:37555571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 5.181.80.153 3090 (msg: "MISP e26826 [c2,Mirai,TAMATIYA-AS] Outgoing To IP: 5.181.80.153|3090"; classtype:trojan-activity; sid:37555581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 5.181.80.126 35769 (msg: "MISP e26826 [AS-50360,c2,moobot,TAMATIYA-AS] Outgoing To IP: 5.181.80.126|35769"; classtype:trojan-activity; sid:37555611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 185.91.127.233 56999 (msg: "MISP e26826 [AS-49581,c2,moobot,Tube-hosting.com] Outgoing To IP: 185.91.127.233|56999"; classtype:trojan-activity; sid:37555631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 185.91.127.216 55555 (msg: "MISP e26826 [AS-49581,c2,moobot,Tube-hosting.com] Outgoing To IP: 185.91.127.216|55555"; classtype:trojan-activity; sid:37555621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 146.19.191.200 69 (msg: "MISP e26826 [AS-49581,c2,Mirai,Tube-hosting.com] Outgoing To IP: 146.19.191.200|69"; classtype:trojan-activity; sid:37555661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 45.138.174.72 3778 (msg: "MISP e26826 [AS-30823,Aurologic.com,c2,Mirai] Outgoing To IP: 45.138.174.72|3778"; classtype:trojan-activity; sid:37555671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 185.91.127.233 3778 (msg: "MISP e26826 [AS-49581,c2,Mirai,Tube-hosting.com] Outgoing To IP: 185.91.127.233|3778"; classtype:trojan-activity; sid:37555641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 37.221.94.43 5555 (msg: "MISP e26826 [AS-49581,c2,Mirai,Tube-hosting.com] Outgoing To IP: 37.221.94.43|5555"; classtype:trojan-activity; sid:37555651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 94.156.8.116 43957 (msg: "MISP e27169 [] Outgoing To IP: 94.156.8.116|43957"; classtype:trojan-activity; sid:37856791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 185.91.127.233 3778 (msg: "MISP e27169 [] Outgoing To IP: 185.91.127.233|3778"; classtype:trojan-activity; sid:37856801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 37.221.94.43 5555 (msg: "MISP e27169 [] Outgoing To IP: 37.221.94.43|5555"; classtype:trojan-activity; sid:37856811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 146.19.191.200 69 (msg: "MISP e27169 [] Outgoing To IP: 146.19.191.200|69"; classtype:trojan-activity; sid:37856821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 45.138.174.72 3778 (msg: "MISP e27169 [] Outgoing To IP: 45.138.174.72|3778"; classtype:trojan-activity; sid:37856831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 185.91.127.216 55555 (msg: "MISP e27169 [] Outgoing To IP: 185.91.127.216|55555"; classtype:trojan-activity; sid:37856841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 185.91.127.233 56999 (msg: "MISP e27169 [] Outgoing To IP: 185.91.127.233|56999"; classtype:trojan-activity; sid:37856851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 5.181.80.126 35769 (msg: "MISP e27169 [] Outgoing To IP: 5.181.80.126|35769"; classtype:trojan-activity; sid:37856861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 5.181.80.27 3090 (msg: "MISP e27169 [] Outgoing To IP: 5.181.80.27|3090"; classtype:trojan-activity; sid:37856871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 5.181.80.153 3090 (msg: "MISP e27169 [] Outgoing To IP: 5.181.80.153|3090"; classtype:trojan-activity; sid:37856881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 5.181.80.116 3090 (msg: "MISP e27169 [] Outgoing To IP: 5.181.80.116|3090"; classtype:trojan-activity; sid:37856891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 5.181.80.177 3090 (msg: "MISP e27169 [] Outgoing To IP: 5.181.80.177|3090"; classtype:trojan-activity; sid:37856901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 94.156.8.116 43957 (msg: "MISP e26826 [AS-216289,c2,moobot,Sicrosar.net] Outgoing To IP: 94.156.8.116|43957"; classtype:trojan-activity; sid:37555681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 185.196.10.139 59666 (msg: "MISP e27169 [] Outgoing To IP: 185.196.10.139|59666"; classtype:trojan-activity; sid:37856911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 185.196.9.223 1302 (msg: "MISP e27169 [] Outgoing To IP: 185.196.9.223|1302"; classtype:trojan-activity; sid:37856921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 185.196.10.164 59312 (msg: "MISP e27169 [] Outgoing To IP: 185.196.10.164|59312"; classtype:trojan-activity; sid:37856931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 185.196.10.60 55655 (msg: "MISP e27169 [] Outgoing To IP: 185.196.10.60|55655"; classtype:trojan-activity; sid:37856941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 91.92.240.13 9511 (msg: "MISP e27169 [] Outgoing To IP: 91.92.240.13|9511"; classtype:trojan-activity; sid:37856951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 45.142.107.117 3549 (msg: "MISP e27169 [] Outgoing To IP: 45.142.107.117|3549"; classtype:trojan-activity; sid:37856961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e24600 [] Domain postluxembourg.godaddysites.com"; dns.query; content:"postluxembourg.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])postluxembourg\.godaddysites\.com$/i"; classtype:trojan-activity; sid:37765741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain postluxembourg.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"postluxembourg.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])postluxembourg\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37765742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 185.196.9.223 1302 (msg: "MISP e26826 [AS-42624,c2,Mirai,SIMPLECARRIER-US] Outgoing To IP: 185.196.9.223|1302"; classtype:trojan-activity; sid:37555741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 185.196.10.60 55655 (msg: "MISP e26826 [AS-42624,c2,moobot,SIMPLECARRIER-US] Outgoing To IP: 185.196.10.60|55655"; classtype:trojan-activity; sid:37555721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 91.92.240.13 9511 (msg: "MISP e26826 [AS-394711,c2,Limenet.io,Mirai] Outgoing To IP: 91.92.240.13|9511"; classtype:trojan-activity; sid:37555701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 185.196.10.164 59312 (msg: "MISP e26826 [AS-42624,c2,moobot,SIMPLECARRIER-US] Outgoing To IP: 185.196.10.164|59312"; classtype:trojan-activity; sid:37555711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 45.142.107.117 3549 (msg: "MISP e26826 [AS-49581,c2,Mirai,Tube-hosting.com] Outgoing To IP: 45.142.107.117|3549"; classtype:trojan-activity; sid:37555691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 185.196.10.139 59666 (msg: "MISP e26826 [AS-42624,c2,Mirai,SIMPLECARRIER-US] Outgoing To IP: 185.196.10.139|59666"; classtype:trojan-activity; sid:37555731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 212.102.39.208 58095 (msg: "MISP e27169 [] Outgoing To IP: 212.102.39.208|58095"; classtype:trojan-activity; sid:37856971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e26937 [] Domain rtqe52tg2coih7ky2zozlpzpmviw6xor.3ahvymq.1.0.z6d3apxsyt2z743cllyvabuu5y.nfweceh.dns0.org"; dns.query; content:"rtqe52tg2coih7ky2zozlpzpmviw6xor.3ahvymq.1.0.z6d3apxsyt2z743cllyvabuu5y.nfweceh.dns0.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])rtqe52tg2coih7ky2zozlpzpmviw6xor\.3ahvymq\.1\.0\.z6d3apxsyt2z743cllyvabuu5y\.nfweceh\.dns0\.org$/i"; classtype:trojan-activity; sid:37724321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26937;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26937 [] Outgoing HTTP Domain rtqe52tg2coih7ky2zozlpzpmviw6xor.3ahvymq.1.0.z6d3apxsyt2z743cllyvabuu5y.nfweceh.dns0.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rtqe52tg2coih7ky2zozlpzpmviw6xor.3ahvymq.1.0.z6d3apxsyt2z743cllyvabuu5y.nfweceh.dns0.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rtqe52tg2coih7ky2zozlpzpmviw6xor\.3ahvymq\.1\.0\.z6d3apxsyt2z743cllyvabuu5y\.nfweceh\.dns0\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37724322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26937;) alert dns any any -> any any (msg: "MISP e26811 [] Domain beneficio-banestado.pages.dev"; dns.query; content:"beneficio-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])beneficio\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37553771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26811;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26811 [] Outgoing HTTP Domain beneficio-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beneficio-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beneficio\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37553772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26811;) alert dns any any -> any any (msg: "MISP e26826 [AS62904,CobaltStrike,cs-watermark-1357776117] Domain realusatruck.com"; dns.query; content:"realusatruck.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])realusatruck\.com$/i"; classtype:trojan-activity; sid:37555771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS62904,CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain realusatruck.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"realusatruck.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])realusatruck\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37555772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 173.44.141.86 443 (msg: "MISP e26826 [AS62904,CobaltStrike,cs-watermark-1357776117] Outgoing To IP: 173.44.141.86|443"; classtype:trojan-activity; sid:37555781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 193.29.56.130 443 (msg: "MISP e26826 [CobaltStrike,cs-watermark-987654321,IP-PROJECTS] Outgoing To IP: 193.29.56.130|443"; classtype:trojan-activity; sid:37555801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 124.71.108.110 $HTTP_PORTS (msg: "MISP e26826 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//124.71.108.110/ptj"; flow:to_server,established; http.header; content:"124.71.108.110"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37555811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 124.71.108.110 80 (msg: "MISP e26826 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing To IP: 124.71.108.110|80"; classtype:trojan-activity; sid:37555821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 124.71.108.110 80 (msg: "MISP e27169 [] Outgoing To IP: 124.71.108.110|80"; classtype:trojan-activity; sid:37856981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> 124.71.108.110 $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//124.71.108.110/ptj"; flow:to_server,established; http.header; content:"124.71.108.110"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37856991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 193.29.56.130 443 (msg: "MISP e27169 [] Outgoing To IP: 193.29.56.130|443"; classtype:trojan-activity; sid:37857001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 173.44.141.86 443 (msg: "MISP e27169 [] Outgoing To IP: 173.44.141.86|443"; classtype:trojan-activity; sid:37857021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain realusatruck.com"; dns.query; content:"realusatruck.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])realusatruck\.com$/i"; classtype:trojan-activity; sid:37857031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain realusatruck.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"realusatruck.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])realusatruck\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 212.102.39.208 58095 (msg: "MISP e26826 [c2,moobot] Outgoing To IP: 212.102.39.208|58095"; classtype:trojan-activity; sid:37555751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e26826 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//122.51.220.170/ga.js"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37555851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 124.222.64.203 $HTTP_PORTS (msg: "MISP e26826 [CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//124.222.64.203/en_us/all.js"; flow:to_server,established; http.header; content:"124.222.64.203"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37555861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 8.142.5.148 $HTTP_PORTS (msg: "MISP e26826 [CobaltStrike,cs-watermark-305419896,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//8.142.5.148/dot.gif"; flow:to_server,established; http.header; content:"8.142.5.148"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37555871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 221.150.72.75 $HTTP_PORTS (msg: "MISP e26826 [CobaltStrike,cs-watermark-987654321,Korea Telecom] Outgoing URL http|3a|//221.150.72.75/match"; flow:to_server,established; http.header; content:"221.150.72.75"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37555891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 94.156.69.227 $HTTP_PORTS (msg: "MISP e26826 [CobaltStrike,cs-watermark-987654321,LIMENET] Outgoing URL http|3a|//94.156.69.227/en_us/all.js"; flow:to_server,established; http.header; content:"94.156.69.227"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37555901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 94.156.69.227 $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//94.156.69.227/en_US/all.js"; flow:to_server,established; http.header; content:"94.156.69.227"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37857061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> 221.150.72.75 $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//221.150.72.75/match"; flow:to_server,established; http.header; content:"221.150.72.75"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37857071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> 8.142.5.148 $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//8.142.5.148/dot.gif"; flow:to_server,established; http.header; content:"8.142.5.148"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37857091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> 124.222.64.203 $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//124.222.64.203/en_US/all.js"; flow:to_server,established; http.header; content:"124.222.64.203"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37857101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> 122.51.220.170 $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//122.51.220.170/ga.js"; flow:to_server,established; http.header; content:"122.51.220.170"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37857111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 46.246.12.6 2054 (msg: "MISP e26826 [njrat] Outgoing To IP: 46.246.12.6|2054"; classtype:trojan-activity; sid:37555921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 46.246.12.6 2054 (msg: "MISP e27169 [] Outgoing To IP: 46.246.12.6|2054"; classtype:trojan-activity; sid:37857141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e26742 [] Domain pepsi-koola.com"; dns.query; content:"pepsi-koola.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pepsi\-koola\.com$/i"; classtype:trojan-activity; sid:37724221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26742;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26742 [] Outgoing HTTP Domain pepsi-koola.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pepsi-koola.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pepsi\-koola\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37724222; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26742;) alert dns any any -> any any (msg: "MISP e26742 [] Domain rahianemobile.com"; dns.query; content:"rahianemobile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rahianemobile\.com$/i"; classtype:trojan-activity; sid:37724241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26742;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26742 [] Outgoing HTTP Domain rahianemobile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rahianemobile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rahianemobile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37724242; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26742;) alert dns any any -> any any (msg: "MISP e27169 [] Domain ecuaecua.duckdns.org"; dns.query; content:"ecuaecua.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecuaecua\.duckdns\.org$/i"; classtype:trojan-activity; sid:37857151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain ecuaecua.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecuaecua.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecuaecua\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip 8.219.244.212 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.219.244.212"; classtype:trojan-activity; sid:37753811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 104.250.34.202 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.34.202"; classtype:trojan-activity; sid:37753821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 185.220.101.141 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.141"; classtype:trojan-activity; sid:37753831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 185.220.101.187 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.187"; classtype:trojan-activity; sid:37753841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 171.25.193.25 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.25.193.25"; classtype:trojan-activity; sid:37753851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 81.71.102.242 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.71.102.242"; classtype:trojan-activity; sid:37753861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 118.44.111.7 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.44.111.7"; classtype:trojan-activity; sid:37753871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 203.251.128.98 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.251.128.98"; classtype:trojan-activity; sid:37753881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 221.156.106.151 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.156.106.151"; classtype:trojan-activity; sid:37753891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 102.117.84.15 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.117.84.15"; classtype:trojan-activity; sid:37753901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 92.118.114.118 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.118.114.118"; classtype:trojan-activity; sid:37753911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 123.125.14.66 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.125.14.66"; classtype:trojan-activity; sid:37753921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 103.150.221.167 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.150.221.167"; classtype:trojan-activity; sid:37753931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 185.103.101.231 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.103.101.231"; classtype:trojan-activity; sid:37753941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 143.110.211.142 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.211.142"; classtype:trojan-activity; sid:37753951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 116.110.75.41 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.110.75.41"; classtype:trojan-activity; sid:37753961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 103.20.249.53 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.20.249.53"; classtype:trojan-activity; sid:37753971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 45.55.40.168 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.55.40.168"; classtype:trojan-activity; sid:37753981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 143.110.209.142 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.209.142"; classtype:trojan-activity; sid:37753991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 8.222.147.39 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.147.39"; classtype:trojan-activity; sid:37754001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.159.47.103 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.47.103"; classtype:trojan-activity; sid:37754011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 103.170.86.93 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.170.86.93"; classtype:trojan-activity; sid:37754021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.151.21 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.151.21"; classtype:trojan-activity; sid:37754031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 173.76.102.58 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.76.102.58"; classtype:trojan-activity; sid:37754041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 47.245.90.35 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.245.90.35"; classtype:trojan-activity; sid:37754051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 36.40.72.1 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.40.72.1"; classtype:trojan-activity; sid:37754061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.135.161.228 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.161.228"; classtype:trojan-activity; sid:37754071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.134.20.26 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.20.26"; classtype:trojan-activity; sid:37754081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 193.104.57.235 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.104.57.235"; classtype:trojan-activity; sid:37754091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 8.219.249.116 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.219.249.116"; classtype:trojan-activity; sid:37754101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 36.151.192.27 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.151.192.27"; classtype:trojan-activity; sid:37754111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 221.165.136.172 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.165.136.172"; classtype:trojan-activity; sid:37754121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 64.225.5.110 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.225.5.110"; classtype:trojan-activity; sid:37754131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 103.151.37.81 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.151.37.81"; classtype:trojan-activity; sid:37754141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 8.219.232.64 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.219.232.64"; classtype:trojan-activity; sid:37754151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.151.13 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.151.13"; classtype:trojan-activity; sid:37754161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 119.123.179.242 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.123.179.242"; classtype:trojan-activity; sid:37754171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 47.236.19.225 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.19.225"; classtype:trojan-activity; sid:37754181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.193.210 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.193.210"; classtype:trojan-activity; sid:37754191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 92.124.132.235 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.124.132.235"; classtype:trojan-activity; sid:37754201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.151.24 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.151.24"; classtype:trojan-activity; sid:37754211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 59.23.39.135 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.23.39.135"; classtype:trojan-activity; sid:37754221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 143.198.217.107 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.217.107"; classtype:trojan-activity; sid:37754231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 157.245.10.235 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.10.235"; classtype:trojan-activity; sid:37754241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.163.206.161 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.206.161"; classtype:trojan-activity; sid:37754251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.163.239.63 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.239.63"; classtype:trojan-activity; sid:37754261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 72.167.44.240 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.167.44.240"; classtype:trojan-activity; sid:37754271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 78.109.194.151 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.109.194.151"; classtype:trojan-activity; sid:37754281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.157.53.4 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.53.4"; classtype:trojan-activity; sid:37754291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 47.108.187.239 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.108.187.239"; classtype:trojan-activity; sid:37754301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 8.222.138.250 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.138.250"; classtype:trojan-activity; sid:37754311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 206.47.133.208 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.47.133.208"; classtype:trojan-activity; sid:37754321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 113.236.140.76 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.236.140.76"; classtype:trojan-activity; sid:37754331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 159.203.19.236 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.19.236"; classtype:trojan-activity; sid:37754341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 133.186.144.91 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 133.186.144.91"; classtype:trojan-activity; sid:37754351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 106.52.210.224 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.210.224"; classtype:trojan-activity; sid:37754361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.157.3.201 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.3.201"; classtype:trojan-activity; sid:37754371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 118.195.136.52 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.136.52"; classtype:trojan-activity; sid:37754381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 42.192.53.183 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.53.183"; classtype:trojan-activity; sid:37754391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 14.103.46.18 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.46.18"; classtype:trojan-activity; sid:37754401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 109.173.25.204 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.173.25.204"; classtype:trojan-activity; sid:37754411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 64.23.175.231 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.175.231"; classtype:trojan-activity; sid:37754421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 122.8.150.110 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.8.150.110"; classtype:trojan-activity; sid:37754431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 64.23.208.56 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.208.56"; classtype:trojan-activity; sid:37754441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 159.203.19.56 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.19.56"; classtype:trojan-activity; sid:37754451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 178.62.222.107 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.222.107"; classtype:trojan-activity; sid:37754461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 104.250.49.217 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.217"; classtype:trojan-activity; sid:37754471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 14.46.116.243 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.46.116.243"; classtype:trojan-activity; sid:37754481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 103.53.185.28 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.53.185.28"; classtype:trojan-activity; sid:37754491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 119.40.89.120 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.40.89.120"; classtype:trojan-activity; sid:37754501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.193.226 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.193.226"; classtype:trojan-activity; sid:37754511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 159.138.172.81 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.138.172.81"; classtype:trojan-activity; sid:37754521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 3.37.154.61 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 3.37.154.61"; classtype:trojan-activity; sid:37754531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.153.194.131 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.194.131"; classtype:trojan-activity; sid:37754541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 8.219.243.187 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.219.243.187"; classtype:trojan-activity; sid:37754551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.155.144.238 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.144.238"; classtype:trojan-activity; sid:37754561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.134.118.228 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.118.228"; classtype:trojan-activity; sid:37754571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 47.242.191.183 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.191.183"; classtype:trojan-activity; sid:37754581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 37.221.208.168 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.221.208.168"; classtype:trojan-activity; sid:37754591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 193.151.146.161 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.146.161"; classtype:trojan-activity; sid:37754601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 103.174.102.79 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.174.102.79"; classtype:trojan-activity; sid:37754611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 51.195.122.241 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.195.122.241"; classtype:trojan-activity; sid:37754621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 200.54.224.162 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.54.224.162"; classtype:trojan-activity; sid:37754631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 146.59.233.75 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.59.233.75"; classtype:trojan-activity; sid:37754641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 139.177.99.235 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.177.99.235"; classtype:trojan-activity; sid:37754651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 162.62.219.58 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.219.58"; classtype:trojan-activity; sid:37754661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.134.14.22 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.14.22"; classtype:trojan-activity; sid:37754671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 64.23.150.66 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.150.66"; classtype:trojan-activity; sid:37754681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 220.117.3.198 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.117.3.198"; classtype:trojan-activity; sid:37754691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 8.222.237.5 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.237.5"; classtype:trojan-activity; sid:37754701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 14.103.19.80 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.19.80"; classtype:trojan-activity; sid:37754711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 141.94.221.28 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.94.221.28"; classtype:trojan-activity; sid:37754721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 209.141.34.130 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.141.34.130"; classtype:trojan-activity; sid:37754731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 42.51.49.150 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.49.150"; classtype:trojan-activity; sid:37754741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.134.23.67 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.23.67"; classtype:trojan-activity; sid:37754751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 161.132.39.74 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.132.39.74"; classtype:trojan-activity; sid:37754761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 119.202.130.102 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.202.130.102"; classtype:trojan-activity; sid:37754771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 124.156.200.8 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.200.8"; classtype:trojan-activity; sid:37754781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 60.52.49.202 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.52.49.202"; classtype:trojan-activity; sid:37754791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.153.174.163 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.174.163"; classtype:trojan-activity; sid:37754801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 45.55.181.197 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.55.181.197"; classtype:trojan-activity; sid:37754811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 212.233.98.205 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.233.98.205"; classtype:trojan-activity; sid:37754821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 122.8.189.94 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.8.189.94"; classtype:trojan-activity; sid:37754831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.193.202 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.193.202"; classtype:trojan-activity; sid:37754841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 181.49.50.202 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.49.50.202"; classtype:trojan-activity; sid:37754851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 183.129.205.118 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.129.205.118"; classtype:trojan-activity; sid:37754861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 139.59.251.14 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.251.14"; classtype:trojan-activity; sid:37754871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 8.210.50.4 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.210.50.4"; classtype:trojan-activity; sid:37754881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 200.98.136.42 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.98.136.42"; classtype:trojan-activity; sid:37754891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.135.33.243 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.33.243"; classtype:trojan-activity; sid:37754901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 143.110.186.123 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.186.123"; classtype:trojan-activity; sid:37754911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 104.131.15.101 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.15.101"; classtype:trojan-activity; sid:37754921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 35.223.76.238 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.223.76.238"; classtype:trojan-activity; sid:37754931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 104.131.15.102 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.15.102"; classtype:trojan-activity; sid:37754941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 36.111.167.238 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.111.167.238"; classtype:trojan-activity; sid:37754951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 101.226.168.113 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.226.168.113"; classtype:trojan-activity; sid:37754961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 141.98.11.86 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.86"; classtype:trojan-activity; sid:37754971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 150.109.203.118 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.203.118"; classtype:trojan-activity; sid:37754981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.151.147 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.151.147"; classtype:trojan-activity; sid:37754991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 121.156.118.253 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.156.118.253"; classtype:trojan-activity; sid:37755001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.163.213.118 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.213.118"; classtype:trojan-activity; sid:37755011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.130.16.107 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.16.107"; classtype:trojan-activity; sid:37755021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 202.65.158.178 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.65.158.178"; classtype:trojan-activity; sid:37755031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 183.4.22.218 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.4.22.218"; classtype:trojan-activity; sid:37755041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.128.97.111 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.97.111"; classtype:trojan-activity; sid:37755051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 144.91.125.14 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.91.125.14"; classtype:trojan-activity; sid:37755061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 223.113.54.200 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.113.54.200"; classtype:trojan-activity; sid:37755071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 123.58.212.195 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.58.212.195"; classtype:trojan-activity; sid:37755081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 158.69.194.208 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.69.194.208"; classtype:trojan-activity; sid:37755091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 8.219.254.15 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.219.254.15"; classtype:trojan-activity; sid:37755101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 124.107.34.26 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.107.34.26"; classtype:trojan-activity; sid:37755111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 124.156.192.109 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.192.109"; classtype:trojan-activity; sid:37755121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 101.43.234.114 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.234.114"; classtype:trojan-activity; sid:37755131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 49.51.49.191 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.49.191"; classtype:trojan-activity; sid:37755141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.128.119.208 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.119.208"; classtype:trojan-activity; sid:37755151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 121.166.157.240 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.166.157.240"; classtype:trojan-activity; sid:37755161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 101.46.48.189 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.46.48.189"; classtype:trojan-activity; sid:37755171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 183.111.66.59 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.111.66.59"; classtype:trojan-activity; sid:37755181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 101.47.10.60 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.47.10.60"; classtype:trojan-activity; sid:37755191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 46.138.24.216 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.138.24.216"; classtype:trojan-activity; sid:37755201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.134.55.199 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.55.199"; classtype:trojan-activity; sid:37755211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 89.213.131.19 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.213.131.19"; classtype:trojan-activity; sid:37755221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 210.18.138.41 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.18.138.41"; classtype:trojan-activity; sid:37755231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 176.112.157.201 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.112.157.201"; classtype:trojan-activity; sid:37755241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 176.10.98.242 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.10.98.242"; classtype:trojan-activity; sid:37755251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 109.227.54.17 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.227.54.17"; classtype:trojan-activity; sid:37755261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 14.103.42.2 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.42.2"; classtype:trojan-activity; sid:37755271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.131.57.69 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.57.69"; classtype:trojan-activity; sid:37755281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.155.135.250 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.135.250"; classtype:trojan-activity; sid:37755291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 186.237.243.183 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.237.243.183"; classtype:trojan-activity; sid:37755301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 124.131.39.188 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.131.39.188"; classtype:trojan-activity; sid:37755311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 124.156.213.251 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.213.251"; classtype:trojan-activity; sid:37755321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.133.225.195 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.225.195"; classtype:trojan-activity; sid:37755331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 124.14.224.43 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.14.224.43"; classtype:trojan-activity; sid:37755341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 5.202.75.147 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.202.75.147"; classtype:trojan-activity; sid:37755351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 139.59.41.80 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.41.80"; classtype:trojan-activity; sid:37755361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 51.83.135.87 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.83.135.87"; classtype:trojan-activity; sid:37755371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.106.183.204 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.183.204"; classtype:trojan-activity; sid:37755381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 103.163.118.84 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.163.118.84"; classtype:trojan-activity; sid:37755391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 64.227.158.157 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.158.157"; classtype:trojan-activity; sid:37755401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 122.170.99.165 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.170.99.165"; classtype:trojan-activity; sid:37755411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 103.212.137.32 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.212.137.32"; classtype:trojan-activity; sid:37755421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 3.101.126.151 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 3.101.126.151"; classtype:trojan-activity; sid:37755431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 141.98.11.141 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.141"; classtype:trojan-activity; sid:37755441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 115.159.224.49 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.224.49"; classtype:trojan-activity; sid:37755451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 47.76.77.187 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.76.77.187"; classtype:trojan-activity; sid:37755461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 51.195.119.66 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.195.119.66"; classtype:trojan-activity; sid:37755471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 154.83.13.250 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.83.13.250"; classtype:trojan-activity; sid:37755481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 152.70.139.130 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.70.139.130"; classtype:trojan-activity; sid:37755491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 37.221.208.169 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.221.208.169"; classtype:trojan-activity; sid:37755501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 74.208.137.154 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.208.137.154"; classtype:trojan-activity; sid:37755511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 128.134.187.150 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.134.187.150"; classtype:trojan-activity; sid:37755521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 5.182.26.91 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.182.26.91"; classtype:trojan-activity; sid:37755531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 141.98.10.153 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.10.153"; classtype:trojan-activity; sid:37755541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.163.242.237 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.242.237"; classtype:trojan-activity; sid:37755551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 125.164.5.95 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.164.5.95"; classtype:trojan-activity; sid:37755561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.157.112.247 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.112.247"; classtype:trojan-activity; sid:37755571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.193.225 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.193.225"; classtype:trojan-activity; sid:37755581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 158.51.99.89 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.51.99.89"; classtype:trojan-activity; sid:37755591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 172.178.84.164 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.178.84.164"; classtype:trojan-activity; sid:37755601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 84.241.10.64 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.241.10.64"; classtype:trojan-activity; sid:37755611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 124.156.204.243 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.204.243"; classtype:trojan-activity; sid:37755621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 150.109.24.182 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.24.182"; classtype:trojan-activity; sid:37755631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 76.191.33.5 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.191.33.5"; classtype:trojan-activity; sid:37755641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 188.173.117.62 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.173.117.62"; classtype:trojan-activity; sid:37755651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.209.142 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.209.142"; classtype:trojan-activity; sid:37755661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 103.140.238.16 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance] Incoming From IP: 103.140.238.16"; classtype:trojan-activity; sid:37755671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 104.131.15.95 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.15.95"; classtype:trojan-activity; sid:37755681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.133.67.75 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.67.75"; classtype:trojan-activity; sid:37755691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 119.28.112.219 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.112.219"; classtype:trojan-activity; sid:37755701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 45.145.6.210 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.145.6.210"; classtype:trojan-activity; sid:37755711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 191.52.241.206 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.52.241.206"; classtype:trojan-activity; sid:37755721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 37.101.66.245 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.101.66.245"; classtype:trojan-activity; sid:37755731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 117.50.205.92 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.205.92"; classtype:trojan-activity; sid:37755741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 124.54.88.188 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.54.88.188"; classtype:trojan-activity; sid:37755751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 106.75.136.142 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.136.142"; classtype:trojan-activity; sid:37755761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 36.133.34.221 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.34.221"; classtype:trojan-activity; sid:37755771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 195.133.228.102 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.133.228.102"; classtype:trojan-activity; sid:37755781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.135.254 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.135.254"; classtype:trojan-activity; sid:37755791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 159.65.163.216 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.163.216"; classtype:trojan-activity; sid:37755801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 159.203.19.75 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.19.75"; classtype:trojan-activity; sid:37755811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 34.29.221.228 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.29.221.228"; classtype:trojan-activity; sid:37755821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.209.139 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.209.139"; classtype:trojan-activity; sid:37755831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 213.197.164.50 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.197.164.50"; classtype:trojan-activity; sid:37755841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 217.160.118.211 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.160.118.211"; classtype:trojan-activity; sid:37755851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 94.131.106.170 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.131.106.170"; classtype:trojan-activity; sid:37755861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 44.203.203.204 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 44.203.203.204"; classtype:trojan-activity; sid:37755871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.51.24.233 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.51.24.233"; classtype:trojan-activity; sid:37755881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 194.169.175.22 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.169.175.22"; classtype:trojan-activity; sid:37755891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 162.240.146.93 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.240.146.93"; classtype:trojan-activity; sid:37755901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 159.203.40.79 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.40.79"; classtype:trojan-activity; sid:37755911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 179.153.31.69 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.153.31.69"; classtype:trojan-activity; sid:37755921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 5.187.100.40 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.187.100.40"; classtype:trojan-activity; sid:37755931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 101.33.66.20 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.66.20"; classtype:trojan-activity; sid:37755941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 158.160.106.0 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.160.106.0"; classtype:trojan-activity; sid:37755951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 122.55.5.206 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.55.5.206"; classtype:trojan-activity; sid:37755961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 176.118.221.168 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.118.221.168"; classtype:trojan-activity; sid:37755971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 148.153.136.82 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.153.136.82"; classtype:trojan-activity; sid:37755981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 180.242.99.107 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.242.99.107"; classtype:trojan-activity; sid:37755991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 142.93.151.63 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.151.63"; classtype:trojan-activity; sid:37756001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 45.236.128.182 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.236.128.182"; classtype:trojan-activity; sid:37756011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 111.67.198.161 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.67.198.161"; classtype:trojan-activity; sid:37756021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 220.247.224.226 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.247.224.226"; classtype:trojan-activity; sid:37756031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 200.40.51.62 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.40.51.62"; classtype:trojan-activity; sid:37756041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 193.151.138.117 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.138.117"; classtype:trojan-activity; sid:37756051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 177.180.210.74 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.180.210.74"; classtype:trojan-activity; sid:37756061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 139.196.210.37 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.196.210.37"; classtype:trojan-activity; sid:37756071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 36.137.53.76 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.53.76"; classtype:trojan-activity; sid:37756081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.106.141.183 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.141.183"; classtype:trojan-activity; sid:37756091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 122.173.30.210 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.173.30.210"; classtype:trojan-activity; sid:37756101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 46.101.74.178 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.74.178"; classtype:trojan-activity; sid:37756111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 124.156.211.115 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.211.115"; classtype:trojan-activity; sid:37756121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 148.72.246.251 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.72.246.251"; classtype:trojan-activity; sid:37756131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.133.59.247 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.59.247"; classtype:trojan-activity; sid:37756141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 91.201.5.13 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.201.5.13"; classtype:trojan-activity; sid:37756151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 159.65.171.54 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.171.54"; classtype:trojan-activity; sid:37756161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 59.5.132.26 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.5.132.26"; classtype:trojan-activity; sid:37756171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 120.70.103.53 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.70.103.53"; classtype:trojan-activity; sid:37756181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 82.146.56.139 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.146.56.139"; classtype:trojan-activity; sid:37756191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.135.54 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance] Incoming From IP: 170.64.135.54"; classtype:trojan-activity; sid:37756211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 139.59.31.108 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.31.108"; classtype:trojan-activity; sid:37756221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 111.67.197.233 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.67.197.233"; classtype:trojan-activity; sid:37756231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 160.119.251.212 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 160.119.251.212"; classtype:trojan-activity; sid:37756241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.134.174.248 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.174.248"; classtype:trojan-activity; sid:37756251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 191.55.10.34 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.55.10.34"; classtype:trojan-activity; sid:37756261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 15.235.215.159 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.235.215.159"; classtype:trojan-activity; sid:37756271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.159.51.7 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.51.7"; classtype:trojan-activity; sid:37756281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 103.61.75.236 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.61.75.236"; classtype:trojan-activity; sid:37756291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.209.173 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.209.173"; classtype:trojan-activity; sid:37756301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 81.170.198.226 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.170.198.226"; classtype:trojan-activity; sid:37756311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 197.232.69.251 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.232.69.251"; classtype:trojan-activity; sid:37756321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 189.190.229.13 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.190.229.13"; classtype:trojan-activity; sid:37756331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 92.38.64.21 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.38.64.21"; classtype:trojan-activity; sid:37756341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 62.234.31.205 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.31.205"; classtype:trojan-activity; sid:37756351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 64.23.153.65 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.153.65"; classtype:trojan-activity; sid:37756361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 139.59.154.98 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.154.98"; classtype:trojan-activity; sid:37756371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.131.25.135 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.25.135"; classtype:trojan-activity; sid:37756381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 94.125.165.89 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.125.165.89"; classtype:trojan-activity; sid:37756391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 170.64.209.160 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.209.160"; classtype:trojan-activity; sid:37756401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 139.186.168.67 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.186.168.67"; classtype:trojan-activity; sid:37756411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 124.221.228.18 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.228.18"; classtype:trojan-activity; sid:37756421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 65.109.205.158 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.109.205.158"; classtype:trojan-activity; sid:37756431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.245.198.180 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.245.198.180"; classtype:trojan-activity; sid:37756441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 175.178.157.213 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.157.213"; classtype:trojan-activity; sid:37756451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 82.157.139.234 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.139.234"; classtype:trojan-activity; sid:37756461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 180.247.1.31 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.247.1.31"; classtype:trojan-activity; sid:37756471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 143.110.152.23 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.152.23"; classtype:trojan-activity; sid:37756481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.155.133.214 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.133.214"; classtype:trojan-activity; sid:37756491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 175.24.135.100 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.24.135.100"; classtype:trojan-activity; sid:37756501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.128.97.228 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.97.228"; classtype:trojan-activity; sid:37756511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.153.94.24 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.94.24"; classtype:trojan-activity; sid:37756521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 191.180.164.173 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.180.164.173"; classtype:trojan-activity; sid:37756531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 185.237.85.71 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.237.85.71"; classtype:trojan-activity; sid:37756541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 178.217.173.54 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.217.173.54"; classtype:trojan-activity; sid:37756551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 210.71.231.184 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.71.231.184"; classtype:trojan-activity; sid:37756561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 42.192.112.79 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.112.79"; classtype:trojan-activity; sid:37756571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 200.45.95.30 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.45.95.30"; classtype:trojan-activity; sid:37756581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 211.186.118.31 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.186.118.31"; classtype:trojan-activity; sid:37756591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 137.184.76.77 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.76.77"; classtype:trojan-activity; sid:37756601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 150.109.198.111 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.198.111"; classtype:trojan-activity; sid:37756611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 222.186.160.198 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.186.160.198"; classtype:trojan-activity; sid:37756621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 142.171.72.33 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.171.72.33"; classtype:trojan-activity; sid:37756631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 103.167.88.219 any -> $HOME_NET any (msg: "MISP e26983 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 103.167.88.219"; classtype:trojan-activity; sid:37756641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 43.134.163.244 any -> $HOME_NET any (msg: "MISP e26983 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 43.134.163.244"; classtype:trojan-activity; sid:37756651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 152.42.136.139 any -> $HOME_NET any (msg: "MISP e26983 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 152.42.136.139"; classtype:trojan-activity; sid:37756661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert dns any any -> any any (msg: "MISP e26826 [njrat,RAT] Domain ecuaecua.duckdns.org"; dns.query; content:"ecuaecua.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecuaecua\.duckdns\.org$/i"; classtype:trojan-activity; sid:37555931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [njrat,RAT] Outgoing HTTP Domain ecuaecua.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecuaecua.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecuaecua\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37555932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26812 [] Outgoing URL http|3a|//miotarjetazonacencosud.info/"; flow:to_server,established; http.header; content:"miotarjetazonacencosud.info"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26812;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26812 [] Outgoing URL http|3a|//miotarjetazonacencosud.info/1708605489/login/index.html"; flow:to_server,established; http.header; content:"miotarjetazonacencosud.info"; fast_pattern; nocase; http.uri; content:"/1708605489/login/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26812;) alert dns any any -> any any (msg: "MISP e26812 [] Domain miotarjetazonacencosud.info"; dns.query; content:"miotarjetazonacencosud.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])miotarjetazonacencosud\.info$/i"; classtype:trojan-activity; sid:37553861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26812;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26812 [] Outgoing HTTP Domain miotarjetazonacencosud.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"miotarjetazonacencosud.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])miotarjetazonacencosud\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37553862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26812;) alert http $HOME_NET any -> 45.134.225.247 5555 (msg: "MISP e26826 [CobaltStrike,ColocationX Ltd.,cs-watermark-987654321] Outgoing URL http|3a|//45.134.225.247|3a|5555/metro91/admin/1/ppptp.jpg"; flow:to_server,established; http.header; content:"45.134.225.247"; fast_pattern; nocase; http.uri; content:"/metro91/admin/1/ppptp.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37555961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26826 [dcrat] Outgoing URL http|3a|//356873cm.nyashtyan.top/nyashsupport.php"; flow:to_server,established; http.header; content:"356873cm.nyashtyan.top"; fast_pattern; nocase; http.uri; content:"/nyashsupport.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37555971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//356873cm.nyashtyan.top/nyashsupport.php"; flow:to_server,established; http.header; content:"356873cm.nyashtyan.top"; fast_pattern; nocase; http.uri; content:"/nyashsupport.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37857171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> 45.134.225.247 5555 (msg: "MISP e27169 [] Outgoing URL http|3a|//45.134.225.247|3a|5555/metro91/admin/1/ppptp.jpg"; flow:to_server,established; http.header; content:"45.134.225.247"; fast_pattern; nocase; http.uri; content:"/metro91/admin/1/ppptp.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37857181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain mangaforme.cloud"; dns.query; content:"mangaforme.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])mangaforme\.cloud$/i"; classtype:trojan-activity; sid:37857201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain mangaforme.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mangaforme.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mangaforme\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27008 [] Domain voda.renew-bill.com"; dns.query; content:"voda.renew-bill.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])voda\.renew\-bill\.com$/i"; classtype:trojan-activity; sid:37762391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27008;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27008 [] Outgoing HTTP Domain voda.renew-bill.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"voda.renew-bill.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])voda\.renew\-bill\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27008;) alert dns any any -> any any (msg: "MISP e27008 [] Domain renew-bill.com"; dns.query; content:"renew-bill.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])renew\-bill\.com$/i"; classtype:trojan-activity; sid:37762461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27008;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27008 [] Outgoing HTTP Domain renew-bill.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"renew-bill.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])renew\-bill\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27008;) alert dns any any -> any any (msg: "MISP e27008 [] Domain voda-billspayable.com"; dns.query; content:"voda-billspayable.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])voda\-billspayable\.com$/i"; classtype:trojan-activity; sid:37762491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27008;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27008 [] Outgoing HTTP Domain voda-billspayable.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"voda-billspayable.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])voda\-billspayable\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27008;) alert dns any any -> any any (msg: "MISP e27008 [] Domain three.co.uk.renew-bill.com"; dns.query; content:"three.co.uk.renew-bill.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])three\.co\.uk\.renew\-bill\.com$/i"; classtype:trojan-activity; sid:37762471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27008;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27008 [] Outgoing HTTP Domain three.co.uk.renew-bill.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"three.co.uk.renew-bill.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])three\.co\.uk\.renew\-bill\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27008;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing URL ddtyhb.com"; flow:to_server,established; http.uri; content:"ddtyhb.com"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37765761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing URL fyikc0iqf1t.softstonesdevelopment.com"; flow:to_server,established; http.uri; content:"fyikc0iqf1t.softstonesdevelopment.com"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37765791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26813 [] Outgoing URL http|3a|//virtual-persona-app.replit.app"; flow:to_server,established; http.header; content:"virtual-persona-app.replit.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37553931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26813;) alert dns any any -> any any (msg: "MISP e26813 [] Domain virtual-persona-app.replit.app"; dns.query; content:"virtual-persona-app.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])virtual\-persona\-app\.replit\.app$/i"; classtype:trojan-activity; sid:37553951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26813;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26813 [] Outgoing HTTP Domain virtual-persona-app.replit.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"virtual-persona-app.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])virtual\-persona\-app\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37553952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26813;) alert dns any any -> any any (msg: "MISP e24600 [] Domain app.acuityscheduling.com"; dns.query; content:"app.acuityscheduling.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\.acuityscheduling\.com$/i"; classtype:trojan-activity; sid:37765861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain app.acuityscheduling.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app.acuityscheduling.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\.acuityscheduling\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37765862; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26814 [] Outgoing URL http|3a|//prestamos-nequi-users.replit.app"; flow:to_server,established; http.header; content:"prestamos-nequi-users.replit.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37554021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26814;) alert dns any any -> any any (msg: "MISP e26814 [] Domain prestamos-nequi-users.replit.app"; dns.query; content:"prestamos-nequi-users.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])prestamos\-nequi\-users\.replit\.app$/i"; classtype:trojan-activity; sid:37554041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26814;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26814 [] Outgoing HTTP Domain prestamos-nequi-users.replit.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"prestamos-nequi-users.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])prestamos\-nequi\-users\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37554042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26814;) alert http $HOME_NET any -> 103.124.105.140 $HTTP_PORTS (msg: "MISP e27018 [] Outgoing URL http|3a|//103.124.105.140/guJ/0.9097007527715266.dat"; flow:to_server,established; http.header; content:"103.124.105.140"; fast_pattern; nocase; http.uri; content:"/guJ/0.9097007527715266.dat"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37765101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 103.82.243.5 13785 (msg: "MISP e27018 [] Outgoing To IP: 103.82.243.5|13785"; classtype:trojan-activity; sid:37765111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 104.129.55.105 2223 (msg: "MISP e27018 [] Outgoing To IP: 104.129.55.105|2223"; classtype:trojan-activity; sid:37765121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 104.129.55.106 13783 (msg: "MISP e27018 [] Outgoing To IP: 104.129.55.106|13783"; classtype:trojan-activity; sid:37765131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 141.95.106.106 2967 (msg: "MISP e27018 [] Outgoing To IP: 141.95.106.106|2967"; classtype:trojan-activity; sid:37765141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 145.239.135.24 5243 (msg: "MISP e27018 [] Outgoing To IP: 145.239.135.24|5243"; classtype:trojan-activity; sid:37765151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 154.12.233.66 2224 (msg: "MISP e27018 [] Outgoing To IP: 154.12.233.66|2224"; classtype:trojan-activity; sid:37765161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 154.12.248.41 5000 (msg: "MISP e27018 [] Outgoing To IP: 154.12.248.41|5000"; classtype:trojan-activity; sid:37765171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 178.18.246.136 2078 (msg: "MISP e27018 [] Outgoing To IP: 178.18.246.136|2078"; classtype:trojan-activity; sid:37765181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 198.44.187.12 2224 (msg: "MISP e27018 [] Outgoing To IP: 198.44.187.12|2224"; classtype:trojan-activity; sid:37765191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 23.226.138.143 2083 (msg: "MISP e27018 [] Outgoing To IP: 23.226.138.143|2083"; classtype:trojan-activity; sid:37765201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 23.226.138.161 5242 (msg: "MISP e27018 [] Outgoing To IP: 23.226.138.161|5242"; classtype:trojan-activity; sid:37765211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 37.60.242.85 9785 (msg: "MISP e27018 [] Outgoing To IP: 37.60.242.85|9785"; classtype:trojan-activity; sid:37765221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 57.128.165.176 13721 (msg: "MISP e27018 [] Outgoing To IP: 57.128.165.176|13721"; classtype:trojan-activity; sid:37765231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 85.239.243.155 5000 (msg: "MISP e27018 [] Outgoing To IP: 85.239.243.155|5000"; classtype:trojan-activity; sid:37765241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 86.38.225.105 13721 (msg: "MISP e27018 [] Outgoing To IP: 86.38.225.105|13721"; classtype:trojan-activity; sid:37765251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 86.38.225.106 2221 (msg: "MISP e27018 [] Outgoing To IP: 86.38.225.106|2221"; classtype:trojan-activity; sid:37765261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 89.117.23.185 2221 (msg: "MISP e27018 [] Outgoing To IP: 89.117.23.185|2221"; classtype:trojan-activity; sid:37765271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert ip $HOME_NET any -> 89.117.23.186 5632 (msg: "MISP e27018 [] Outgoing To IP: 89.117.23.186|5632"; classtype:trojan-activity; sid:37765281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27018;) alert dns any any -> any any (msg: "MISP e28732 [] Domain welt.pm"; dns.query; content:"welt.pm"; nocase; pcre: "/(^|[^A-Za-z0-9-])welt\.pm$/i"; classtype:trojan-activity; sid:38702661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain welt.pm"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"welt.pm"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])welt\.pm[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain legrandsoir.info"; dns.query; content:"legrandsoir.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])legrandsoir\.info$/i"; classtype:trojan-activity; sid:38702671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain legrandsoir.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"legrandsoir.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])legrandsoir\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain brennendefrage.com"; dns.query; content:"brennendefrage.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])brennendefrage\.com$/i"; classtype:trojan-activity; sid:38702681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain brennendefrage.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brennendefrage.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brennendefrage\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain bluetoffee-books.com"; dns.query; content:"bluetoffee-books.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bluetoffee\-books\.com$/i"; classtype:trojan-activity; sid:38702691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain bluetoffee-books.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bluetoffee-books.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bluetoffee\-books\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain overton-magazin.de"; dns.query; content:"overton-magazin.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])overton\-magazin\.de$/i"; classtype:trojan-activity; sid:38702701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain overton-magazin.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"overton-magazin.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])overton\-magazin\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain sueddeutsche.ltd"; dns.query; content:"sueddeutsche.ltd"; nocase; pcre: "/(^|[^A-Za-z0-9-])sueddeutsche\.ltd$/i"; classtype:trojan-activity; sid:38702711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain sueddeutsche.ltd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sueddeutsche.ltd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sueddeutsche\.ltd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain hungarianconservative.com"; dns.query; content:"hungarianconservative.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hungarianconservative\.com$/i"; classtype:trojan-activity; sid:38702721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain hungarianconservative.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hungarianconservative.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hungarianconservative\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain deintelligenz.com"; dns.query; content:"deintelligenz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])deintelligenz\.com$/i"; classtype:trojan-activity; sid:38702731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain deintelligenz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"deintelligenz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])deintelligenz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain faz.ltd"; dns.query; content:"faz.ltd"; nocase; pcre: "/(^|[^A-Za-z0-9-])faz\.ltd$/i"; classtype:trojan-activity; sid:38702741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain faz.ltd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"faz.ltd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])faz\.ltd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain osthessen-news.de"; dns.query; content:"osthessen-news.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])osthessen\-news\.de$/i"; classtype:trojan-activity; sid:38702751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain osthessen-news.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"osthessen-news.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])osthessen\-news\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain leparisien.re"; dns.query; content:"leparisien.re"; nocase; pcre: "/(^|[^A-Za-z0-9-])leparisien\.re$/i"; classtype:trojan-activity; sid:38702761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain leparisien.re"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"leparisien.re"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])leparisien\.re[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain derbayerischelowe.info"; dns.query; content:"derbayerischelowe.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])derbayerischelowe\.info$/i"; classtype:trojan-activity; sid:38702771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain derbayerischelowe.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"derbayerischelowe.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])derbayerischelowe\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain mt-secure-bnk.com"; dns.query; content:"mt-secure-bnk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mt\-secure\-bnk\.com$/i"; classtype:trojan-activity; sid:38702781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain mt-secure-bnk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mt-secure-bnk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mt\-secure\-bnk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain 6fmb3r.great-cred195.buzz"; dns.query; content:"6fmb3r.great-cred195.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])6fmb3r\.great\-cred195\.buzz$/i"; classtype:trojan-activity; sid:38702791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain 6fmb3r.great-cred195.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"6fmb3r.great-cred195.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])6fmb3r\.great\-cred195\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain nw3m7o.samaritana.com.br"; dns.query; content:"nw3m7o.samaritana.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])nw3m7o\.samaritana\.com\.br$/i"; classtype:trojan-activity; sid:38702801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain nw3m7o.samaritana.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nw3m7o.samaritana.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nw3m7o\.samaritana\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain arbeitspause.org"; dns.query; content:"arbeitspause.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])arbeitspause\.org$/i"; classtype:trojan-activity; sid:38702811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain arbeitspause.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arbeitspause.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arbeitspause\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain 1wifsq.c-majac-ann4.buzz"; dns.query; content:"1wifsq.c-majac-ann4.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])1wifsq\.c\-majac\-ann4\.buzz$/i"; classtype:trojan-activity; sid:38702821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain 1wifsq.c-majac-ann4.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"1wifsq.c-majac-ann4.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])1wifsq\.c\-majac\-ann4\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain lildoxi.com"; dns.query; content:"lildoxi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lildoxi\.com$/i"; classtype:trojan-activity; sid:38702831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain lildoxi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lildoxi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lildoxi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain 09474w.reyt-cre-ad34.buzz"; dns.query; content:"09474w.reyt-cre-ad34.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])09474w\.reyt\-cre\-ad34\.buzz$/i"; classtype:trojan-activity; sid:38702841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain 09474w.reyt-cre-ad34.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"09474w.reyt-cre-ad34.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])09474w\.reyt\-cre\-ad34\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain v5yoaq.chilling.lol"; dns.query; content:"v5yoaq.chilling.lol"; nocase; pcre: "/(^|[^A-Za-z0-9-])v5yoaq\.chilling\.lol$/i"; classtype:trojan-activity; sid:38702851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain v5yoaq.chilling.lol"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"v5yoaq.chilling.lol"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])v5yoaq\.chilling\.lol[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain contre-attaque.net"; dns.query; content:"contre-attaque.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])contre\-attaque\.net$/i"; classtype:trojan-activity; sid:38702861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain contre-attaque.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"contre-attaque.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])contre\-attaque\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain miastagebuch.com"; dns.query; content:"miastagebuch.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])miastagebuch\.com$/i"; classtype:trojan-activity; sid:38702871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain miastagebuch.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"miastagebuch.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])miastagebuch\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain nice-credits-list266.buzz"; dns.query; content:"nice-credits-list266.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-credits\-list266\.buzz$/i"; classtype:trojan-activity; sid:38702881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain nice-credits-list266.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nice-credits-list266.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-credits\-list266\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain freiewelt.net"; dns.query; content:"freiewelt.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])freiewelt\.net$/i"; classtype:trojan-activity; sid:38702891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain freiewelt.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"freiewelt.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])freiewelt\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain derglaube.com"; dns.query; content:"derglaube.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])derglaube\.com$/i"; classtype:trojan-activity; sid:38702901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain derglaube.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"derglaube.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])derglaube\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain jungefreiheit.de"; dns.query; content:"jungefreiheit.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])jungefreiheit\.de$/i"; classtype:trojan-activity; sid:38702911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain jungefreiheit.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jungefreiheit.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jungefreiheit\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain buegym.ranking-kariz108.buzz"; dns.query; content:"buegym.ranking-kariz108.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])buegym\.ranking\-kariz108\.buzz$/i"; classtype:trojan-activity; sid:38702921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain buegym.ranking-kariz108.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"buegym.ranking-kariz108.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])buegym\.ranking\-kariz108\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain 3wk8wa.kariz-good-ad10.buzz"; dns.query; content:"3wk8wa.kariz-good-ad10.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])3wk8wa\.kariz\-good\-ad10\.buzz$/i"; classtype:trojan-activity; sid:38702931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain 3wk8wa.kariz-good-ad10.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"3wk8wa.kariz-good-ad10.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])3wk8wa\.kariz\-good\-ad10\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain arizztar.com"; dns.query; content:"arizztar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arizztar\.com$/i"; classtype:trojan-activity; sid:38702941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain arizztar.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arizztar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arizztar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain referendud.com"; dns.query; content:"referendud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])referendud\.com$/i"; classtype:trojan-activity; sid:38702951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain referendud.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"referendud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])referendud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain o21obd.reyt-credbest-mx29.buzz"; dns.query; content:"o21obd.reyt-credbest-mx29.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])o21obd\.reyt\-credbest\-mx29\.buzz$/i"; classtype:trojan-activity; sid:38702961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain o21obd.reyt-credbest-mx29.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"o21obd.reyt-credbest-mx29.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])o21obd\.reyt\-credbest\-mx29\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain voltairenet.org"; dns.query; content:"voltairenet.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])voltairenet\.org$/i"; classtype:trojan-activity; sid:38702971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain voltairenet.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"voltairenet.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])voltairenet\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain sbl63p.kredit-money-fun274.buzz"; dns.query; content:"sbl63p.kredit-money-fun274.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])sbl63p\.kredit\-money\-fun274\.buzz$/i"; classtype:trojan-activity; sid:38702981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain sbl63p.kredit-money-fun274.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sbl63p.kredit-money-fun274.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sbl63p\.kredit\-money\-fun274\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain profesionalvirtual.com"; dns.query; content:"profesionalvirtual.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])profesionalvirtual\.com$/i"; classtype:trojan-activity; sid:38703001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain profesionalvirtual.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"profesionalvirtual.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])profesionalvirtual\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain deutschlandkurier.de"; dns.query; content:"deutschlandkurier.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])deutschlandkurier\.de$/i"; classtype:trojan-activity; sid:38703011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain deutschlandkurier.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"deutschlandkurier.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])deutschlandkurier\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain ggspace.space"; dns.query; content:"ggspace.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])ggspace\.space$/i"; classtype:trojan-activity; sid:38703021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain ggspace.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ggspace.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ggspace\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain allons-y.social"; dns.query; content:"allons-y.social"; nocase; pcre: "/(^|[^A-Za-z0-9-])allons\-y\.social$/i"; classtype:trojan-activity; sid:38703031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain allons-y.social"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"allons-y.social"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])allons\-y\.social[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain sdgqaef.site"; dns.query; content:"sdgqaef.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])sdgqaef\.site$/i"; classtype:trojan-activity; sid:38703041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain sdgqaef.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sdgqaef.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sdgqaef\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain grunehummel.com"; dns.query; content:"grunehummel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])grunehummel\.com$/i"; classtype:trojan-activity; sid:38703051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain grunehummel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grunehummel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grunehummel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain yzrhhk.kredit-money-fun202.buzz"; dns.query; content:"yzrhhk.kredit-money-fun202.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])yzrhhk\.kredit\-money\-fun202\.buzz$/i"; classtype:trojan-activity; sid:38703061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain yzrhhk.kredit-money-fun202.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yzrhhk.kredit-money-fun202.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yzrhhk\.kredit\-money\-fun202\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain ledialogue.fr"; dns.query; content:"ledialogue.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-])ledialogue\.fr$/i"; classtype:trojan-activity; sid:38703071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain ledialogue.fr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ledialogue.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ledialogue\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain 62ogyy.internetbusinesslondon.co.uk"; dns.query; content:"62ogyy.internetbusinesslondon.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])62ogyy\.internetbusinesslondon\.co\.uk$/i"; classtype:trojan-activity; sid:38703081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain 62ogyy.internetbusinesslondon.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"62ogyy.internetbusinesslondon.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])62ogyy\.internetbusinesslondon\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain restuapp.com"; dns.query; content:"restuapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])restuapp\.com$/i"; classtype:trojan-activity; sid:38703091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain restuapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"restuapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])restuapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain freeebooktemplates.com"; dns.query; content:"freeebooktemplates.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])freeebooktemplates\.com$/i"; classtype:trojan-activity; sid:38703101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain freeebooktemplates.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"freeebooktemplates.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])freeebooktemplates\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain derrattenfanger.net"; dns.query; content:"derrattenfanger.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])derrattenfanger\.net$/i"; classtype:trojan-activity; sid:38703111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain derrattenfanger.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"derrattenfanger.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])derrattenfanger\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain faridmehdipour.com"; dns.query; content:"faridmehdipour.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])faridmehdipour\.com$/i"; classtype:trojan-activity; sid:38703121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain faridmehdipour.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"faridmehdipour.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])faridmehdipour\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain kaputteampel.com"; dns.query; content:"kaputteampel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kaputteampel\.com$/i"; classtype:trojan-activity; sid:38703131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain kaputteampel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kaputteampel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kaputteampel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain realpeoplesreviews.com"; dns.query; content:"realpeoplesreviews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])realpeoplesreviews\.com$/i"; classtype:trojan-activity; sid:38703141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain realpeoplesreviews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"realpeoplesreviews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])realpeoplesreviews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain wanderfalke.net"; dns.query; content:"wanderfalke.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])wanderfalke\.net$/i"; classtype:trojan-activity; sid:38703151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain wanderfalke.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wanderfalke.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wanderfalke\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain histoireetsociete.com"; dns.query; content:"histoireetsociete.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])histoireetsociete\.com$/i"; classtype:trojan-activity; sid:38703161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain histoireetsociete.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"histoireetsociete.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])histoireetsociete\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain uncut-news.ch"; dns.query; content:"uncut-news.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-])uncut\-news\.ch$/i"; classtype:trojan-activity; sid:38703181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain uncut-news.ch"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uncut-news.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uncut\-news\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain www.nachdenkseiten.de"; dns.query; content:"www.nachdenkseiten.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nachdenkseiten\.de$/i"; classtype:trojan-activity; sid:38703191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain www.nachdenkseiten.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nachdenkseiten.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nachdenkseiten\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain d6egyr.borafazerfestaoficial.online"; dns.query; content:"d6egyr.borafazerfestaoficial.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])d6egyr\.borafazerfestaoficial\.online$/i"; classtype:trojan-activity; sid:38703201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain d6egyr.borafazerfestaoficial.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"d6egyr.borafazerfestaoficial.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])d6egyr\.borafazerfestaoficial\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain telepolis.de"; dns.query; content:"telepolis.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])telepolis\.de$/i"; classtype:trojan-activity; sid:38703211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain telepolis.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"telepolis.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])telepolis\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e28732 [] Domain pcrrjx.kredit-money-fun169.buzz"; dns.query; content:"pcrrjx.kredit-money-fun169.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])pcrrjx\.kredit\-money\-fun169\.buzz$/i"; classtype:trojan-activity; sid:38703221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28732 [] Outgoing HTTP Domain pcrrjx.kredit-money-fun169.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pcrrjx.kredit-money-fun169.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pcrrjx\.kredit\-money\-fun169\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28732;) alert dns any any -> any any (msg: "MISP e26815 [] Domain consuecsmfuir.com"; dns.query; content:"consuecsmfuir.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])consuecsmfuir\.com$/i"; classtype:trojan-activity; sid:37554141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26815;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26815 [] Outgoing HTTP Domain consuecsmfuir.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consuecsmfuir.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consuecsmfuir\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37554142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26815;) alert dns any any -> any any (msg: "MISP e26816 [] Domain spakupier.pages.dev"; dns.query; content:"spakupier.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])spakupier\.pages\.dev$/i"; classtype:trojan-activity; sid:37554221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26816;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26816 [] Outgoing HTTP Domain spakupier.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"spakupier.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])spakupier\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37554222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26816;) alert dns any any -> any any (msg: "MISP e26817 [] Domain cuentarut-bancoestado.pages.dev"; dns.query; content:"cuentarut-bancoestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-bancoestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37554301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26817;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26817 [] Outgoing HTTP Domain cuentarut-bancoestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cuentarut-bancoestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-bancoestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37554302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26817;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27009 [] Source Email Address: inksharley5@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"inksharley5@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37762501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27009;) alert ip 192.229.211.108 any -> $HOME_NET any (msg: "MISP e27019 [tlp:green,diamond-model:Infrastructure] Incoming From IP: 192.229.211.108"; classtype:trojan-activity; sid:37766401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27019;) alert ip 20.99.184.37 any -> $HOME_NET any (msg: "MISP e27019 [tlp:green,diamond-model:Infrastructure] Incoming From IP: 20.99.184.37"; classtype:trojan-activity; sid:37766421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27019;) alert dns any any -> any any (msg: "MISP e26818 [] Domain consumer-life.pages.dev"; dns.query; content:"consumer-life.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])consumer\-life\.pages\.dev$/i"; classtype:trojan-activity; sid:37554381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26818;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26818 [] Outgoing HTTP Domain consumer-life.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consumer-life.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consumer\-life\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37554382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26818;) alert dns any any -> any any (msg: "MISP e24600 [] Domain post-lu-acc.com"; dns.query; content:"post-lu-acc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\-acc\.com$/i"; classtype:trojan-activity; sid:37765891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain post-lu-acc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"post-lu-acc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\-acc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37765892; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain r20.rs6.net"; dns.query; content:"r20.rs6.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])r20\.rs6\.net$/i"; classtype:trojan-activity; sid:37765941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain r20.rs6.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"r20.rs6.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])r20\.rs6\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37765942; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain suivi-livraison-post-lu.info"; dns.query; content:"suivi-livraison-post-lu.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])suivi\-livraison\-post\-lu\.info$/i"; classtype:trojan-activity; sid:37765981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain suivi-livraison-post-lu.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suivi-livraison-post-lu.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suivi\-livraison\-post\-lu\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37765982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain mypost-packup-lu.com"; dns.query; content:"mypost-packup-lu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mypost\-packup\-lu\.com$/i"; classtype:trojan-activity; sid:37766011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain mypost-packup-lu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mypost-packup-lu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mypost\-packup\-lu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 142.93.217.163 $HTTP_PORTS (msg: "MISP e26819 [] Outgoing URL http|3a|//142.93.217.163/2a5fcae8b2107c17ad707277be36344a/8b731c02bac15fb0b0e2a2c90e593bd0?g=KryCr"; flow:to_server,established; http.header; content:"142.93.217.163"; fast_pattern; nocase; http.uri; content:"/2a5fcae8b2107c17ad707277be36344a/8b731c02bac15fb0b0e2a2c90e593bd0"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37554451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26819;) alert dns any any -> any any (msg: "MISP e26819 [] Domain banestado-beneficio.pages.dev"; dns.query; content:"banestado-beneficio.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-beneficio\.pages\.dev$/i"; classtype:trojan-activity; sid:37554481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26819;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26819 [] Outgoing HTTP Domain banestado-beneficio.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-beneficio.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-beneficio\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37554482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26819;) alert ip $HOME_NET any -> 129.153.86.0 8778 (msg: "MISP e26826 [RedLineStealer] Outgoing To IP: 129.153.86.0|8778"; classtype:trojan-activity; sid:37556031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 129.153.86.0 8778 (msg: "MISP e27169 [] Outgoing To IP: 129.153.86.0|8778"; classtype:trojan-activity; sid:37857211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e26820 [] Domain mitarjetacencosud-cl.awadgallery.co.uk"; dns.query; content:"mitarjetacencosud-cl.awadgallery.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencosud\-cl\.awadgallery\.co\.uk$/i"; classtype:trojan-activity; sid:37554571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26820;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26820 [] Outgoing HTTP Domain mitarjetacencosud-cl.awadgallery.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mitarjetacencosud-cl.awadgallery.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencosud\-cl\.awadgallery\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37554572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26820;) alert ip $HOME_NET any -> 185.158.248.141 1344 (msg: "MISP e26826 [NetSupport] Outgoing To IP: 185.158.248.141|1344"; classtype:trojan-activity; sid:37556041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET 63645 (msg: "MISP e26826 [ALEXHOST,AS200019,elf,Mirai] Outgoing URL http|3a|//auth.tesla-alert.com|3a|63645"; flow:to_server,established; http.header; content:"auth.tesla-alert.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37556001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET 63645 (msg: "MISP e26826 [ALEXHOST,AS200019,elf,Mirai] Outgoing URL http|3a|//app.tesla-alert.com|3a|63645"; flow:to_server,established; http.header; content:"app.tesla-alert.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37556011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [] Domain mafiakorea.com"; dns.query; content:"mafiakorea.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mafiakorea\.com$/i"; classtype:trojan-activity; sid:37556021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [] Outgoing HTTP Domain mafiakorea.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mafiakorea.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mafiakorea\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 37.221.65.78 63645 (msg: "MISP e26826 [ALEXHOST,AS200019,elf,Mirai] Outgoing URL http|3a|//37.221.65.78|3a|63645"; flow:to_server,established; http.header; content:"37.221.65.78"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37555981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET 63645 (msg: "MISP e26826 [ALEXHOST,AS200019,elf,Mirai] Outgoing URL http|3a|//chernobyl.fun|3a|63645"; flow:to_server,established; http.header; content:"chernobyl.fun"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37555991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 37.221.65.78 63645 (msg: "MISP e26826 [Mirai] Outgoing To IP: 37.221.65.78|63645"; classtype:trojan-activity; sid:37556051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 37.221.65.78 63645 (msg: "MISP e27169 [] Outgoing URL http|3a|//37.221.65.78|3a|63645"; flow:to_server,established; http.header; content:"37.221.65.78"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37857221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET 63645 (msg: "MISP e27169 [] Outgoing URL http|3a|//chernobyl.fun|3a|63645"; flow:to_server,established; http.header; content:"chernobyl.fun"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37857231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET 63645 (msg: "MISP e27169 [] Outgoing URL http|3a|//auth.tesla-alert.com|3a|63645"; flow:to_server,established; http.header; content:"auth.tesla-alert.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37857241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET 63645 (msg: "MISP e27169 [] Outgoing URL http|3a|//app.tesla-alert.com|3a|63645"; flow:to_server,established; http.header; content:"app.tesla-alert.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37857251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain mafiakorea.com"; dns.query; content:"mafiakorea.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mafiakorea\.com$/i"; classtype:trojan-activity; sid:37857261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain mafiakorea.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mafiakorea.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mafiakorea\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 185.158.248.141 1344 (msg: "MISP e27169 [] Outgoing To IP: 185.158.248.141|1344"; classtype:trojan-activity; sid:37857271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 37.221.65.78 63645 (msg: "MISP e27169 [] Outgoing To IP: 37.221.65.78|63645"; classtype:trojan-activity; sid:37857281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 31.10.67.116 5552 (msg: "MISP e26826 [njrat,RAT] Outgoing To IP: 31.10.67.116|5552"; classtype:trojan-activity; sid:37556061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 95.216.104.115 4328 (msg: "MISP e26826 [infostealer,RedLine,stealer] Outgoing To IP: 95.216.104.115|4328"; classtype:trojan-activity; sid:37556071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [Latrodectus] Domain grebiunti.top"; dns.query; content:"grebiunti.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])grebiunti\.top$/i"; classtype:trojan-activity; sid:37556091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [Latrodectus] Outgoing HTTP Domain grebiunti.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grebiunti.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grebiunti\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26821 [] Domain francais-english-arabic.com"; dns.query; content:"francais-english-arabic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])francais\-english\-arabic\.com$/i"; classtype:trojan-activity; sid:37554671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26821;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26821 [] Outgoing HTTP Domain francais-english-arabic.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"francais-english-arabic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])francais\-english\-arabic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37554672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26821;) alert dns any any -> any any (msg: "MISP e27169 [] Domain grebiunti.top"; dns.query; content:"grebiunti.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])grebiunti\.top$/i"; classtype:trojan-activity; sid:37857291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain grebiunti.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grebiunti.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grebiunti\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 31.10.67.116 5552 (msg: "MISP e27169 [] Outgoing To IP: 31.10.67.116|5552"; classtype:trojan-activity; sid:37857311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 95.216.104.115 4328 (msg: "MISP e27169 [] Outgoing To IP: 95.216.104.115|4328"; classtype:trojan-activity; sid:37857321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e26826 [AS63949,c2,censys] Domain 139-162-155-161.ip.linodeusercontent.com"; dns.query; content:"139-162-155-161.ip.linodeusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])139\-162\-155\-161\.ip\.linodeusercontent\.com$/i"; classtype:trojan-activity; sid:37556121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS63949,c2,censys] Outgoing HTTP Domain 139-162-155-161.ip.linodeusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"139-162-155-161.ip.linodeusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])139\-162\-155\-161\.ip\.linodeusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain software.ftoffice.com"; dns.query; content:"software.ftoffice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])software\.ftoffice\.com$/i"; classtype:trojan-activity; sid:37556131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain software.ftoffice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"software.ftoffice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])software\.ftoffice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 39.105.194.11 8088 (msg: "MISP e26826 [AS37963,c2,censys] Outgoing To IP: 39.105.194.11|8088"; classtype:trojan-activity; sid:37556141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 59.110.142.91 8888 (msg: "MISP e26826 [AS37963,c2,censys] Outgoing To IP: 59.110.142.91|8888"; classtype:trojan-activity; sid:37556151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AS8987,c2,censys] Domain hr-helpdesk.org"; dns.query; content:"hr-helpdesk.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])hr\-helpdesk\.org$/i"; classtype:trojan-activity; sid:37556161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS8987,c2,censys] Outgoing HTTP Domain hr-helpdesk.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hr-helpdesk.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hr\-helpdesk\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 124.222.114.227 80 (msg: "MISP e26826 [AS45090,c2,censys] Outgoing To IP: 124.222.114.227|80"; classtype:trojan-activity; sid:37556171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 47.101.160.122 8888 (msg: "MISP e26826 [AS37963,c2,censys] Outgoing To IP: 47.101.160.122|8888"; classtype:trojan-activity; sid:37556181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 47.98.214.54 443 (msg: "MISP e26826 [AS37963,c2,censys] Outgoing To IP: 47.98.214.54|443"; classtype:trojan-activity; sid:37556191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 175.178.48.91 80 (msg: "MISP e26826 [AS45090,c2,censys] Outgoing To IP: 175.178.48.91|80"; classtype:trojan-activity; sid:37556201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 111.92.243.96 8080 (msg: "MISP e26826 [AS142032,c2,censys] Outgoing To IP: 111.92.243.96|8080"; classtype:trojan-activity; sid:37556211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 94.156.69.227 80 (msg: "MISP e26826 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.69.227|80"; classtype:trojan-activity; sid:37556221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 103.191.15.189 80 (msg: "MISP e26826 [AS38513,c2,censys] Outgoing To IP: 103.191.15.189|80"; classtype:trojan-activity; sid:37556231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 74.235.199.105 80 (msg: "MISP e26826 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 74.235.199.105|80"; classtype:trojan-activity; sid:37556241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 74.235.199.105 443 (msg: "MISP e26826 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 74.235.199.105|443"; classtype:trojan-activity; sid:37556251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 124.223.97.173 8000 (msg: "MISP e26826 [AS45090,c2,censys] Outgoing To IP: 124.223.97.173|8000"; classtype:trojan-activity; sid:37556261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 118.31.75.32 443 (msg: "MISP e26826 [AS37963,c2,censys] Outgoing To IP: 118.31.75.32|443"; classtype:trojan-activity; sid:37556271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 38.60.253.150 443 (msg: "MISP e26826 [AS138915,c2,censys] Outgoing To IP: 38.60.253.150|443"; classtype:trojan-activity; sid:37556281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 47.113.195.22 80 (msg: "MISP e26826 [AS37963,c2,censys] Outgoing To IP: 47.113.195.22|80"; classtype:trojan-activity; sid:37556291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 101.42.47.72 8000 (msg: "MISP e26826 [AS45090,c2,censys] Outgoing To IP: 101.42.47.72|8000"; classtype:trojan-activity; sid:37556301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 104.168.54.228 80 (msg: "MISP e26826 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 104.168.54.228|80"; classtype:trojan-activity; sid:37556311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 23.26.137.225 80 (msg: "MISP e26826 [AS25846,c2,censys,US-CLOUDNIUM-01] Outgoing To IP: 23.26.137.225|80"; classtype:trojan-activity; sid:37556321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 23.26.137.225 8181 (msg: "MISP e26826 [AS25846,c2,censys,US-CLOUDNIUM-01] Outgoing To IP: 23.26.137.225|8181"; classtype:trojan-activity; sid:37556331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 5.34.198.105 80 (msg: "MISP e26826 [AS202468,c2,censys] Outgoing To IP: 5.34.198.105|80"; classtype:trojan-activity; sid:37556341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 39.104.73.42 443 (msg: "MISP e26826 [AS37963,c2,censys] Outgoing To IP: 39.104.73.42|443"; classtype:trojan-activity; sid:37556351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 42.193.178.194 55443 (msg: "MISP e26826 [AS45090,c2,censys] Outgoing To IP: 42.193.178.194|55443"; classtype:trojan-activity; sid:37556361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 91.92.243.90 31337 (msg: "MISP e26826 [AS394711,c2,censys,LIMENET] Outgoing To IP: 91.92.243.90|31337"; classtype:trojan-activity; sid:37556371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 216.245.181.105 443 (msg: "MISP e26826 [AMAZON-02,AS16509,c2,censys] Outgoing To IP: 216.245.181.105|443"; classtype:trojan-activity; sid:37556381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 78.40.116.82 5005 (msg: "MISP e26826 [ALEXHOST,AS200019,c2,censys] Outgoing To IP: 78.40.116.82|5005"; classtype:trojan-activity; sid:37556391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 172.111.148.12 222 (msg: "MISP e26826 [AS9009,c2,censys,M247,RAT] Outgoing To IP: 172.111.148.12|222"; classtype:trojan-activity; sid:37556401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 113.174.1.186 8080 (msg: "MISP e26826 [AS45899,c2,censys,RAT] Outgoing To IP: 113.174.1.186|8080"; classtype:trojan-activity; sid:37556411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 181.131.216.198 6606 (msg: "MISP e26826 [AS13489,c2,censys,RAT] Outgoing To IP: 181.131.216.198|6606"; classtype:trojan-activity; sid:37556421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 136.243.111.71 5900 (msg: "MISP e26826 [AS24940,c2,censys,HETZNER-AS,RAT] Outgoing To IP: 136.243.111.71|5900"; classtype:trojan-activity; sid:37556431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 45.88.186.65 6606 (msg: "MISP e26826 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 45.88.186.65|6606"; classtype:trojan-activity; sid:37556441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 91.92.253.26 7443 (msg: "MISP e26826 [AS394711,c2,censys,LIMENET,Mythic] Outgoing To IP: 91.92.253.26|7443"; classtype:trojan-activity; sid:37556451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 78.129.165.233 7443 (msg: "MISP e26826 [AS20860,c2,censys,IOMART-AS,Mythic] Outgoing To IP: 78.129.165.233|7443"; classtype:trojan-activity; sid:37556461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AS8767,c2,censys,Mythic] Domain data.iexcom.de"; dns.query; content:"data.iexcom.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])data\.iexcom\.de$/i"; classtype:trojan-activity; sid:37556471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS8767,c2,censys,Mythic] Outgoing HTTP Domain data.iexcom.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"data.iexcom.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])data\.iexcom\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 172.188.29.138 80 (msg: "MISP e26826 [AS8075,c2,censys,HookBot,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 172.188.29.138|80"; classtype:trojan-activity; sid:37556481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 91.92.250.168 80 (msg: "MISP e26826 [AS394711,c2,censys,HookBot,LIMENET] Outgoing To IP: 91.92.250.168|80"; classtype:trojan-activity; sid:37556491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain grinevitchnicolas4.fvds.ru"; dns.query; content:"grinevitchnicolas4.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas4\.fvds\.ru$/i"; classtype:trojan-activity; sid:37556501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain grinevitchnicolas4.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grinevitchnicolas4.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas4\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 185.146.157.85 80 (msg: "MISP e26826 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 185.146.157.85|80"; classtype:trojan-activity; sid:37556511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,HookBot] Domain 49.183.246.35.bc.googleusercontent.com"; dns.query; content:"49.183.246.35.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])49\.183\.246\.35\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37556521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,HookBot] Outgoing HTTP Domain 49.183.246.35.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"49.183.246.35.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])49\.183\.246\.35\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 47.128.64.139 443 (msg: "MISP e26826 [AMAZON-02,AS16509,c2,censys,HookBot] Outgoing To IP: 47.128.64.139|443"; classtype:trojan-activity; sid:37556531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 94.156.69.246 8081 (msg: "MISP e26826 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.69.246|8081"; classtype:trojan-activity; sid:37556541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 162.222.206.193 4782 (msg: "MISP e26826 [AS8560,c2,censys,RAT] Outgoing To IP: 162.222.206.193|4782"; classtype:trojan-activity; sid:37556551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 3.99.102.8 80 (msg: "MISP e26826 [AMAZON-02,AS16509,c2,censys,RAT] Outgoing To IP: 3.99.102.8|80"; classtype:trojan-activity; sid:37556561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 94.156.69.145 7539 (msg: "MISP e26826 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 94.156.69.145|7539"; classtype:trojan-activity; sid:37556571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AMAZON-02,AS16509,c2,censys,RAT] Domain the.networkguru.com"; dns.query; content:"the.networkguru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])the\.networkguru\.com$/i"; classtype:trojan-activity; sid:37556581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AMAZON-02,AS16509,c2,censys,RAT] Outgoing HTTP Domain the.networkguru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"the.networkguru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])the\.networkguru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 166.88.132.139 8443 (msg: "MISP e26826 [AS149440,c2,censys,RAT] Outgoing To IP: 166.88.132.139|8443"; classtype:trojan-activity; sid:37556591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 52.184.85.209 443 (msg: "MISP e26826 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 52.184.85.209|443"; classtype:trojan-activity; sid:37556601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 20.56.35.166 8443 (msg: "MISP e26826 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.56.35.166|8443"; classtype:trojan-activity; sid:37556611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 107.173.118.89 443 (msg: "MISP e26826 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 107.173.118.89|443"; classtype:trojan-activity; sid:37556621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AS24940,c2,censys,HETZNER-AS] Domain static.77.129.13.49.clients.your-server.de"; dns.query; content:"static.77.129.13.49.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.77\.129\.13\.49\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37556631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS24940,c2,censys,HETZNER-AS] Outgoing HTTP Domain static.77.129.13.49.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.77.129.13.49.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.77\.129\.13\.49\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AMAZON-02,AS16509,c2,censys] Domain recruitis.josefbenjac.cz"; dns.query; content:"recruitis.josefbenjac.cz"; nocase; pcre: "/(^|[^A-Za-z0-9-])recruitis\.josefbenjac\.cz$/i"; classtype:trojan-activity; sid:37556641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain recruitis.josefbenjac.cz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"recruitis.josefbenjac.cz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])recruitis\.josefbenjac\.cz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain digital20.agriprotechx.com"; dns.query; content:"digital20.agriprotechx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])digital20\.agriprotechx\.com$/i"; classtype:trojan-activity; sid:37556651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain digital20.agriprotechx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"digital20.agriprotechx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])digital20\.agriprotechx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 91.151.88.209 4449 (msg: "MISP e26826 [AS212219,c2,censys,RAT] Outgoing To IP: 91.151.88.209|4449"; classtype:trojan-activity; sid:37556661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 34.118.33.152 5000 (msg: "MISP e26826 [AS396982,botnet,byob,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.118.33.152|5000"; classtype:trojan-activity; sid:37556671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AS210558,c2,censys,stealer] Domain nice-margulis.45-138-16-132.plesk.page"; dns.query; content:"nice-margulis.45-138-16-132.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-margulis\.45\-138\-16\-132\.plesk\.page$/i"; classtype:trojan-activity; sid:37556681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS210558,c2,censys,stealer] Outgoing HTTP Domain nice-margulis.45-138-16-132.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nice-margulis.45-138-16-132.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-margulis\.45\-138\-16\-132\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-54-88-105-125.compute-1.amazonaws.com"; dns.query; content:"ec2-54-88-105-125.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-88\-105\-125\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37556691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-54-88-105-125.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-88-105-125.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-88\-105\-125\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 209.141.35.151 888 (msg: "MISP e26826 [AS53667,c2,censys,PONYNET] Outgoing To IP: 209.141.35.151|888"; classtype:trojan-activity; sid:37556701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 108.174.198.206 80 (msg: "MISP e26826 [AS54290,c2,censys,HOSTWINDS] Outgoing To IP: 108.174.198.206|80"; classtype:trojan-activity; sid:37556711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 45.95.169.135 80 (msg: "MISP e26826 [AS211619,c2,censys,MAXKO] Outgoing To IP: 45.95.169.135|80"; classtype:trojan-activity; sid:37556721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 95.216.253.55 80 (msg: "MISP e26826 [AS24940,c2,censys,HETZNER-AS,UNAM] Outgoing To IP: 95.216.253.55|80"; classtype:trojan-activity; sid:37556731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AS24940,c2,censys,HETZNER-AS,UNAM] Domain striperouter.supelle.co"; dns.query; content:"striperouter.supelle.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])striperouter\.supelle\.co$/i"; classtype:trojan-activity; sid:37556741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS24940,c2,censys,HETZNER-AS,UNAM] Outgoing HTTP Domain striperouter.supelle.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"striperouter.supelle.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])striperouter\.supelle\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AS-REG,AS197695,c2,censys,UNAM] Domain linkerfunyfile.store"; dns.query; content:"linkerfunyfile.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])linkerfunyfile\.store$/i"; classtype:trojan-activity; sid:37556751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS-REG,AS197695,c2,censys,UNAM] Outgoing HTTP Domain linkerfunyfile.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"linkerfunyfile.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])linkerfunyfile\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 51.11.25.174 443 (msg: "MISP e26826 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RedWarden] Outgoing To IP: 51.11.25.174|443"; classtype:trojan-activity; sid:37556761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 219.147.89.12 60000 (msg: "MISP e26826 [AS4134,censys,Viper] Outgoing To IP: 219.147.89.12|60000"; classtype:trojan-activity; sid:37556771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 45.207.58.56 60000 (msg: "MISP e26826 [AS133199,censys,Viper] Outgoing To IP: 45.207.58.56|60000"; classtype:trojan-activity; sid:37556781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 38.54.119.156 60000 (msg: "MISP e26826 [AS138915,censys,Viper] Outgoing To IP: 38.54.119.156|60000"; classtype:trojan-activity; sid:37556791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 39.107.109.9 60000 (msg: "MISP e26826 [AS37963,censys,Viper] Outgoing To IP: 39.107.109.9|60000"; classtype:trojan-activity; sid:37556801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain hwsrv-1126965.hostwindsdns.com"; dns.query; content:"hwsrv-1126965.hostwindsdns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hwsrv\-1126965\.hostwindsdns\.com$/i"; classtype:trojan-activity; sid:37556811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain hwsrv-1126965.hostwindsdns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hwsrv-1126965.hostwindsdns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hwsrv\-1126965\.hostwindsdns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37556812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 164.177.30.14 3333 (msg: "MISP e26826 [AS5410,BOUYGTEL-ISP,censys,GoPhish,phishing] Outgoing To IP: 164.177.30.14|3333"; classtype:trojan-activity; sid:37556821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 137.184.150.67 443 (msg: "MISP e26826 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 137.184.150.67|443"; classtype:trojan-activity; sid:37556831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 96.231.143.205 443 (msg: "MISP e26826 [AS701,censys,GoPhish,phishing,UUNET] Outgoing To IP: 96.231.143.205|443"; classtype:trojan-activity; sid:37556841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 34.16.51.172 10443 (msg: "MISP e26826 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.16.51.172|10443"; classtype:trojan-activity; sid:37556851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 138.197.13.114 3333 (msg: "MISP e26826 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 138.197.13.114|3333"; classtype:trojan-activity; sid:37556861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 172.187.145.182 443 (msg: "MISP e26826 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 172.187.145.182|443"; classtype:trojan-activity; sid:37556871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 3.110.14.54 443 (msg: "MISP e26826 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.110.14.54|443"; classtype:trojan-activity; sid:37556881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 54.206.231.185 3333 (msg: "MISP e26826 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 54.206.231.185|3333"; classtype:trojan-activity; sid:37556891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 34.72.103.8 3333 (msg: "MISP e26826 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.72.103.8|3333"; classtype:trojan-activity; sid:37556901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 34.118.85.166 443 (msg: "MISP e26826 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.118.85.166|443"; classtype:trojan-activity; sid:37556911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 147.189.175.79 443 (msg: "MISP e26826 [AS30823,AveMariaRAT,c2,censys,RAT] Outgoing To IP: 147.189.175.79|443"; classtype:trojan-activity; sid:37556921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 103.35.189.93 10443 (msg: "MISP e26826 [AS44477,c2,censys,STARK-INDUSTRIES] Outgoing To IP: 103.35.189.93|10443"; classtype:trojan-activity; sid:37556931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e27169 [] Domain hwsrv-1126965.hostwindsdns.com"; dns.query; content:"hwsrv-1126965.hostwindsdns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hwsrv\-1126965\.hostwindsdns\.com$/i"; classtype:trojan-activity; sid:37857331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain hwsrv-1126965.hostwindsdns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hwsrv-1126965.hostwindsdns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hwsrv\-1126965\.hostwindsdns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain linkerfunyfile.store"; dns.query; content:"linkerfunyfile.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])linkerfunyfile\.store$/i"; classtype:trojan-activity; sid:37857341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain linkerfunyfile.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"linkerfunyfile.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])linkerfunyfile\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain striperouter.supelle.co"; dns.query; content:"striperouter.supelle.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])striperouter\.supelle\.co$/i"; classtype:trojan-activity; sid:37857351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain striperouter.supelle.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"striperouter.supelle.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])striperouter\.supelle\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain ec2-54-88-105-125.compute-1.amazonaws.com"; dns.query; content:"ec2-54-88-105-125.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-88\-105\-125\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37857361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain ec2-54-88-105-125.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-88-105-125.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-88\-105\-125\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain nice-margulis.45-138-16-132.plesk.page"; dns.query; content:"nice-margulis.45-138-16-132.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-margulis\.45\-138\-16\-132\.plesk\.page$/i"; classtype:trojan-activity; sid:37857371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain nice-margulis.45-138-16-132.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nice-margulis.45-138-16-132.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-margulis\.45\-138\-16\-132\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain recruitis.josefbenjac.cz"; dns.query; content:"recruitis.josefbenjac.cz"; nocase; pcre: "/(^|[^A-Za-z0-9-])recruitis\.josefbenjac\.cz$/i"; classtype:trojan-activity; sid:37857381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain recruitis.josefbenjac.cz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"recruitis.josefbenjac.cz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])recruitis\.josefbenjac\.cz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain digital20.agriprotechx.com"; dns.query; content:"digital20.agriprotechx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])digital20\.agriprotechx\.com$/i"; classtype:trojan-activity; sid:37857391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain digital20.agriprotechx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"digital20.agriprotechx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])digital20\.agriprotechx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain static.77.129.13.49.clients.your-server.de"; dns.query; content:"static.77.129.13.49.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.77\.129\.13\.49\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37857401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain static.77.129.13.49.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.77.129.13.49.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.77\.129\.13\.49\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain the.networkguru.com"; dns.query; content:"the.networkguru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])the\.networkguru\.com$/i"; classtype:trojan-activity; sid:37857411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain the.networkguru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"the.networkguru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])the\.networkguru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain 49.183.246.35.bc.googleusercontent.com"; dns.query; content:"49.183.246.35.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])49\.183\.246\.35\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37857421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain 49.183.246.35.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"49.183.246.35.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])49\.183\.246\.35\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain grinevitchnicolas4.fvds.ru"; dns.query; content:"grinevitchnicolas4.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas4\.fvds\.ru$/i"; classtype:trojan-activity; sid:37857431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain grinevitchnicolas4.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grinevitchnicolas4.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas4\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain data.iexcom.de"; dns.query; content:"data.iexcom.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])data\.iexcom\.de$/i"; classtype:trojan-activity; sid:37857441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain data.iexcom.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"data.iexcom.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])data\.iexcom\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain hr-helpdesk.org"; dns.query; content:"hr-helpdesk.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])hr\-helpdesk\.org$/i"; classtype:trojan-activity; sid:37857451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain hr-helpdesk.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hr-helpdesk.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hr\-helpdesk\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain software.ftoffice.com"; dns.query; content:"software.ftoffice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])software\.ftoffice\.com$/i"; classtype:trojan-activity; sid:37857461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain software.ftoffice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"software.ftoffice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])software\.ftoffice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain 139-162-155-161.ip.linodeusercontent.com"; dns.query; content:"139-162-155-161.ip.linodeusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])139\-162\-155\-161\.ip\.linodeusercontent\.com$/i"; classtype:trojan-activity; sid:37857471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain 139-162-155-161.ip.linodeusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"139-162-155-161.ip.linodeusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])139\-162\-155\-161\.ip\.linodeusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37857472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 103.35.189.93 10443 (msg: "MISP e27169 [] Outgoing To IP: 103.35.189.93|10443"; classtype:trojan-activity; sid:37857481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 147.189.175.79 443 (msg: "MISP e27169 [] Outgoing To IP: 147.189.175.79|443"; classtype:trojan-activity; sid:37857491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 34.72.103.8 3333 (msg: "MISP e27169 [] Outgoing To IP: 34.72.103.8|3333"; classtype:trojan-activity; sid:37857501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 34.118.85.166 443 (msg: "MISP e27169 [] Outgoing To IP: 34.118.85.166|443"; classtype:trojan-activity; sid:37857511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 54.206.231.185 3333 (msg: "MISP e27169 [] Outgoing To IP: 54.206.231.185|3333"; classtype:trojan-activity; sid:37857521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 3.110.14.54 443 (msg: "MISP e27169 [] Outgoing To IP: 3.110.14.54|443"; classtype:trojan-activity; sid:37857531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 172.187.145.182 443 (msg: "MISP e27169 [] Outgoing To IP: 172.187.145.182|443"; classtype:trojan-activity; sid:37857541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 138.197.13.114 3333 (msg: "MISP e27169 [] Outgoing To IP: 138.197.13.114|3333"; classtype:trojan-activity; sid:37857551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 34.16.51.172 10443 (msg: "MISP e27169 [] Outgoing To IP: 34.16.51.172|10443"; classtype:trojan-activity; sid:37857561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 96.231.143.205 443 (msg: "MISP e27169 [] Outgoing To IP: 96.231.143.205|443"; classtype:trojan-activity; sid:37857571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 137.184.150.67 443 (msg: "MISP e27169 [] Outgoing To IP: 137.184.150.67|443"; classtype:trojan-activity; sid:37857581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 164.177.30.14 3333 (msg: "MISP e27169 [] Outgoing To IP: 164.177.30.14|3333"; classtype:trojan-activity; sid:37857591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 39.107.109.9 60000 (msg: "MISP e27169 [] Outgoing To IP: 39.107.109.9|60000"; classtype:trojan-activity; sid:37857601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 38.54.119.156 60000 (msg: "MISP e27169 [] Outgoing To IP: 38.54.119.156|60000"; classtype:trojan-activity; sid:37857611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 45.207.58.56 60000 (msg: "MISP e27169 [] Outgoing To IP: 45.207.58.56|60000"; classtype:trojan-activity; sid:37857621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 219.147.89.12 60000 (msg: "MISP e27169 [] Outgoing To IP: 219.147.89.12|60000"; classtype:trojan-activity; sid:37857631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 51.11.25.174 443 (msg: "MISP e27169 [] Outgoing To IP: 51.11.25.174|443"; classtype:trojan-activity; sid:37857641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 95.216.253.55 80 (msg: "MISP e27169 [] Outgoing To IP: 95.216.253.55|80"; classtype:trojan-activity; sid:37857651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 45.95.169.135 80 (msg: "MISP e27169 [] Outgoing To IP: 45.95.169.135|80"; classtype:trojan-activity; sid:37857661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 108.174.198.206 80 (msg: "MISP e27169 [] Outgoing To IP: 108.174.198.206|80"; classtype:trojan-activity; sid:37857671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 209.141.35.151 888 (msg: "MISP e27169 [] Outgoing To IP: 209.141.35.151|888"; classtype:trojan-activity; sid:37857681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 34.118.33.152 5000 (msg: "MISP e27169 [] Outgoing To IP: 34.118.33.152|5000"; classtype:trojan-activity; sid:37857691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 91.151.88.209 4449 (msg: "MISP e27169 [] Outgoing To IP: 91.151.88.209|4449"; classtype:trojan-activity; sid:37857701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 20.56.35.166 8443 (msg: "MISP e27169 [] Outgoing To IP: 20.56.35.166|8443"; classtype:trojan-activity; sid:37857711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 107.173.118.89 443 (msg: "MISP e27169 [] Outgoing To IP: 107.173.118.89|443"; classtype:trojan-activity; sid:37857721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 52.184.85.209 443 (msg: "MISP e27169 [] Outgoing To IP: 52.184.85.209|443"; classtype:trojan-activity; sid:37857731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 166.88.132.139 8443 (msg: "MISP e27169 [] Outgoing To IP: 166.88.132.139|8443"; classtype:trojan-activity; sid:37857741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 94.156.69.145 7539 (msg: "MISP e27169 [] Outgoing To IP: 94.156.69.145|7539"; classtype:trojan-activity; sid:37857751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 3.99.102.8 80 (msg: "MISP e27169 [] Outgoing To IP: 3.99.102.8|80"; classtype:trojan-activity; sid:37857761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 162.222.206.193 4782 (msg: "MISP e27169 [] Outgoing To IP: 162.222.206.193|4782"; classtype:trojan-activity; sid:37857771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 94.156.69.246 8081 (msg: "MISP e27169 [] Outgoing To IP: 94.156.69.246|8081"; classtype:trojan-activity; sid:37857781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 47.128.64.139 443 (msg: "MISP e27169 [] Outgoing To IP: 47.128.64.139|443"; classtype:trojan-activity; sid:37857791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 185.146.157.85 80 (msg: "MISP e27169 [] Outgoing To IP: 185.146.157.85|80"; classtype:trojan-activity; sid:37857801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 91.92.250.168 80 (msg: "MISP e27169 [] Outgoing To IP: 91.92.250.168|80"; classtype:trojan-activity; sid:37857811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 172.188.29.138 80 (msg: "MISP e27169 [] Outgoing To IP: 172.188.29.138|80"; classtype:trojan-activity; sid:37857821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 91.92.253.26 7443 (msg: "MISP e27169 [] Outgoing To IP: 91.92.253.26|7443"; classtype:trojan-activity; sid:37857831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 78.129.165.233 7443 (msg: "MISP e27169 [] Outgoing To IP: 78.129.165.233|7443"; classtype:trojan-activity; sid:37857841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 45.88.186.65 6606 (msg: "MISP e27169 [] Outgoing To IP: 45.88.186.65|6606"; classtype:trojan-activity; sid:37857851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 136.243.111.71 5900 (msg: "MISP e27169 [] Outgoing To IP: 136.243.111.71|5900"; classtype:trojan-activity; sid:37857861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 113.174.1.186 8080 (msg: "MISP e27169 [] Outgoing To IP: 113.174.1.186|8080"; classtype:trojan-activity; sid:37857871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 181.131.216.198 6606 (msg: "MISP e27169 [] Outgoing To IP: 181.131.216.198|6606"; classtype:trojan-activity; sid:37857881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 172.111.148.12 222 (msg: "MISP e27169 [] Outgoing To IP: 172.111.148.12|222"; classtype:trojan-activity; sid:37857891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 78.40.116.82 5005 (msg: "MISP e27169 [] Outgoing To IP: 78.40.116.82|5005"; classtype:trojan-activity; sid:37857901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 216.245.181.105 443 (msg: "MISP e27169 [] Outgoing To IP: 216.245.181.105|443"; classtype:trojan-activity; sid:37857911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 91.92.243.90 31337 (msg: "MISP e27169 [] Outgoing To IP: 91.92.243.90|31337"; classtype:trojan-activity; sid:37857921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 42.193.178.194 55443 (msg: "MISP e27169 [] Outgoing To IP: 42.193.178.194|55443"; classtype:trojan-activity; sid:37857931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 39.104.73.42 443 (msg: "MISP e27169 [] Outgoing To IP: 39.104.73.42|443"; classtype:trojan-activity; sid:37857941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 5.34.198.105 80 (msg: "MISP e27169 [] Outgoing To IP: 5.34.198.105|80"; classtype:trojan-activity; sid:37857951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 23.26.137.225 80 (msg: "MISP e27169 [] Outgoing To IP: 23.26.137.225|80"; classtype:trojan-activity; sid:37857961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 23.26.137.225 8181 (msg: "MISP e27169 [] Outgoing To IP: 23.26.137.225|8181"; classtype:trojan-activity; sid:37857971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 104.168.54.228 80 (msg: "MISP e27169 [] Outgoing To IP: 104.168.54.228|80"; classtype:trojan-activity; sid:37857981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 47.113.195.22 80 (msg: "MISP e27169 [] Outgoing To IP: 47.113.195.22|80"; classtype:trojan-activity; sid:37857991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 101.42.47.72 8000 (msg: "MISP e27169 [] Outgoing To IP: 101.42.47.72|8000"; classtype:trojan-activity; sid:37858001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 38.60.253.150 443 (msg: "MISP e27169 [] Outgoing To IP: 38.60.253.150|443"; classtype:trojan-activity; sid:37858011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 118.31.75.32 443 (msg: "MISP e27169 [] Outgoing To IP: 118.31.75.32|443"; classtype:trojan-activity; sid:37858021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 74.235.199.105 443 (msg: "MISP e27169 [] Outgoing To IP: 74.235.199.105|443"; classtype:trojan-activity; sid:37858031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 124.223.97.173 8000 (msg: "MISP e27169 [] Outgoing To IP: 124.223.97.173|8000"; classtype:trojan-activity; sid:37858041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 74.235.199.105 80 (msg: "MISP e27169 [] Outgoing To IP: 74.235.199.105|80"; classtype:trojan-activity; sid:37858051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 103.191.15.189 80 (msg: "MISP e27169 [] Outgoing To IP: 103.191.15.189|80"; classtype:trojan-activity; sid:37858061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 111.92.243.96 8080 (msg: "MISP e27169 [] Outgoing To IP: 111.92.243.96|8080"; classtype:trojan-activity; sid:37858071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 94.156.69.227 80 (msg: "MISP e27169 [] Outgoing To IP: 94.156.69.227|80"; classtype:trojan-activity; sid:37858081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 175.178.48.91 80 (msg: "MISP e27169 [] Outgoing To IP: 175.178.48.91|80"; classtype:trojan-activity; sid:37858091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 47.98.214.54 443 (msg: "MISP e27169 [] Outgoing To IP: 47.98.214.54|443"; classtype:trojan-activity; sid:37858101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 47.101.160.122 8888 (msg: "MISP e27169 [] Outgoing To IP: 47.101.160.122|8888"; classtype:trojan-activity; sid:37858111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 124.222.114.227 80 (msg: "MISP e27169 [] Outgoing To IP: 124.222.114.227|80"; classtype:trojan-activity; sid:37858121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 59.110.142.91 8888 (msg: "MISP e27169 [] Outgoing To IP: 59.110.142.91|8888"; classtype:trojan-activity; sid:37858131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 39.105.194.11 8088 (msg: "MISP e27169 [] Outgoing To IP: 39.105.194.11|8088"; classtype:trojan-activity; sid:37858141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26826 [Pony] Outgoing URL http|3a|//yourstudyway.com/w2p/panel/gate.php"; flow:to_server,established; http.header; content:"yourstudyway.com"; fast_pattern; nocase; http.uri; content:"/w2p/panel/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37556941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//yourstudyway.com/w2p/Panel/gate.php"; flow:to_server,established; http.header; content:"yourstudyway.com"; fast_pattern; nocase; http.uri; content:"/w2p/Panel/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27029 [] Outgoing URL http|3a|//ironbd.com/wp-admin/js/widgets/xblax/xceldgbvfgfb/ijretgmnerntg.html?msg=mail@example.com"; flow:to_server,established; http.header; content:"ironbd.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/js/widgets/xblax/xceldgbvfgfb/ijretgmnerntg.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37767271; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27029;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27029 [] Outgoing URL http|3a|//ironbd.com/wp-admin/js/widgets/xblax/xceldgbvfgfb/ijretgmnerntg.html"; flow:to_server,established; http.header; content:"ironbd.com"; fast_pattern; nocase; http.uri; content:"/wp-admin/js/widgets/xblax/xceldgbvfgfb/ijretgmnerntg.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37767281; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27029;) alert dns any any -> any any (msg: "MISP e27029 [] Domain ironbd.com"; dns.query; content:"ironbd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ironbd\.com$/i"; classtype:trojan-activity; sid:37767291; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27029;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27029 [] Outgoing HTTP Domain ironbd.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ironbd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ironbd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37767292; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27029;) alert http $HOME_NET any -> 39.106.74.90 $HTTP_PORTS (msg: "MISP e26826 [CobaltStrike,cs-watermark-305419896,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//39.106.74.90/cm"; flow:to_server,established; http.header; content:"39.106.74.90"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37557081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 124.71.108.110 $HTTP_PORTS (msg: "MISP e26826 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//124.71.108.110/visit.js"; flow:to_server,established; http.header; content:"124.71.108.110"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37557101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26822 [] Outgoing URL http|3a|//bancolombia-actualizado-crediagil-alinstante.replit.app"; flow:to_server,established; http.header; content:"bancolombia-actualizado-crediagil-alinstante.replit.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37554741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26822;) alert dns any any -> any any (msg: "MISP e26822 [] Domain bancolombia-actualizado-crediagil-alinstante.replit.app"; dns.query; content:"bancolombia-actualizado-crediagil-alinstante.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancolombia\-actualizado\-crediagil\-alinstante\.replit\.app$/i"; classtype:trojan-activity; sid:37554771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26822;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26822 [] Outgoing HTTP Domain bancolombia-actualizado-crediagil-alinstante.replit.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancolombia-actualizado-crediagil-alinstante.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancolombia\-actualizado\-crediagil\-alinstante\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37554772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26822;) alert http $HOME_NET any -> 124.71.108.110 $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//124.71.108.110/visit.js"; flow:to_server,established; http.header; content:"124.71.108.110"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> 39.106.74.90 $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//39.106.74.90/cm"; flow:to_server,established; http.header; content:"39.106.74.90"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> 102.33.76.214 38909 (msg: "MISP e26826 [] Outgoing URL http|3a|//102.33.76.214|3a|38909/mozi.m"; flow:to_server,established; http.header; content:"102.33.76.214"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37557111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 190.182.251.4 35039 (msg: "MISP e26826 [] Outgoing URL http|3a|//190.182.251.4|3a|35039/mozi.m"; flow:to_server,established; http.header; content:"190.182.251.4"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37557121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 190.182.251.4 35039 (msg: "MISP e27169 [] Outgoing URL http|3a|//190.182.251.4|3a|35039/Mozi.m"; flow:to_server,established; http.header; content:"190.182.251.4"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> 102.33.76.214 38909 (msg: "MISP e27169 [] Outgoing URL http|3a|//102.33.76.214|3a|38909/Mozi.m"; flow:to_server,established; http.header; content:"102.33.76.214"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 24.90.18.97 443 (msg: "MISP e26826 [QakBot,TWC-12271-NYC] Outgoing To IP: 24.90.18.97|443"; classtype:trojan-activity; sid:37557131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 154.247.12.253 995 (msg: "MISP e26826 [ALGTEL-AS,QakBot] Outgoing To IP: 154.247.12.253|995"; classtype:trojan-activity; sid:37557141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 75.90.82.104 995 (msg: "MISP e26826 [QakBot,WINDSTREAM] Outgoing To IP: 75.90.82.104|995"; classtype:trojan-activity; sid:37557151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 154.246.82.173 2078 (msg: "MISP e26826 [ALGTEL-AS,QakBot] Outgoing To IP: 154.246.82.173|2078"; classtype:trojan-activity; sid:37557161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 79.131.125.79 2222 (msg: "MISP e26826 [OTENET-GR Athens - Greece,QakBot] Outgoing To IP: 79.131.125.79|2222"; classtype:trojan-activity; sid:37557171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 79.131.125.79 2222 (msg: "MISP e27169 [] Outgoing To IP: 79.131.125.79|2222"; classtype:trojan-activity; sid:37858331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 154.246.82.173 2078 (msg: "MISP e27169 [] Outgoing To IP: 154.246.82.173|2078"; classtype:trojan-activity; sid:37858341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 75.90.82.104 995 (msg: "MISP e27169 [] Outgoing To IP: 75.90.82.104|995"; classtype:trojan-activity; sid:37858351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 154.247.12.253 995 (msg: "MISP e27169 [] Outgoing To IP: 154.247.12.253|995"; classtype:trojan-activity; sid:37858361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 24.90.18.97 443 (msg: "MISP e27169 [] Outgoing To IP: 24.90.18.97|443"; classtype:trojan-activity; sid:37858371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> 77.91.124.57 $HTTP_PORTS (msg: "MISP e26826 [dcrat] Outgoing URL http|3a|//77.91.124.57/eternalhttp2db/longpollvoiddb2server/longpollsecure3bigload/196downloads/32proton/061/imagevmproton/1pipe/dlebigloadcentral/game/50uploadscentral/phpbigload9/externalimageapigeneratoruniversalwordpresslocalcdn.php"; flow:to_server,established; http.header; content:"77.91.124.57"; fast_pattern; nocase; http.uri; content:"/eternalhttp2db/longpollvoiddb2server/longpollsecure3bigload/196downloads/32proton/061/imagevmproton/1pipe/dlebigloadcentral/game/50uploadscentral/phpbigload9/externalimageapigeneratoruniversalwordpresslocalcdn.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37557191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> 77.91.124.57 $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//77.91.124.57/Eternalhttp2db/Longpollvoiddb2server/LongpollSecure3bigload/196downloads/32Proton/061/ImageVmproton/1pipe/Dlebigloadcentral/Game/50UploadsCentral/phpbigload9/ExternalImageApigeneratorUniversalwordpressLocalcdn.php"; flow:to_server,established; http.header; content:"77.91.124.57"; fast_pattern; nocase; http.uri; content:"/Eternalhttp2db/Longpollvoiddb2server/LongpollSecure3bigload/196downloads/32Proton/061/ImageVmproton/1pipe/Dlebigloadcentral/Game/50UploadsCentral/phpbigload9/ExternalImageApigeneratorUniversalwordpressLocalcdn.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e26823 [] Domain wvvwsoporte-mlbancochile-cl.downtownarena.in"; dns.query; content:"wvvwsoporte-mlbancochile-cl.downtownarena.in"; nocase; pcre: "/(^|[^A-Za-z0-9-])wvvwsoporte\-mlbancochile\-cl\.downtownarena\.in$/i"; classtype:trojan-activity; sid:37554851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26823 [] Outgoing HTTP Domain wvvwsoporte-mlbancochile-cl.downtownarena.in"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wvvwsoporte-mlbancochile-cl.downtownarena.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wvvwsoporte\-mlbancochile\-cl\.downtownarena\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37554852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26823;) alert ip $HOME_NET any -> 159.223.220.165 443 (msg: "MISP e26826 [CobaltStrike,cs-watermark-1727139162,DIGITALOCEAN-ASN] Outgoing To IP: 159.223.220.165|443"; classtype:trojan-activity; sid:37557241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 38.147.172.234 443 (msg: "MISP e26826 [CobaltStrike,cs-watermark-987654321,LUCID-AS-AP LUCIDACLOUD LIMITED] Outgoing To IP: 38.147.172.234|443"; classtype:trojan-activity; sid:37557261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 38.147.172.234 443 (msg: "MISP e27169 [] Outgoing To IP: 38.147.172.234|443"; classtype:trojan-activity; sid:37858411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 159.223.220.165 443 (msg: "MISP e27169 [] Outgoing To IP: 159.223.220.165|443"; classtype:trojan-activity; sid:37858421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e26826 [moobot] Domain 79-9-691.581-alps.qyhgroup.com"; dns.query; content:"79-9-691.581-alps.qyhgroup.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])79\-9\-691\.581\-alps\.qyhgroup\.com$/i"; classtype:trojan-activity; sid:37557221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [moobot] Outgoing HTTP Domain 79-9-691.581-alps.qyhgroup.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"79-9-691.581-alps.qyhgroup.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])79\-9\-691\.581\-alps\.qyhgroup\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37557222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 185.196.9.97 43957 (msg: "MISP e26826 [moobot] Outgoing To IP: 185.196.9.97|43957"; classtype:trojan-activity; sid:37557211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 193.35.18.127 51321 (msg: "MISP e26826 [elf,Mirai,PFCLOUD] Outgoing To IP: 193.35.18.127|51321"; classtype:trojan-activity; sid:37557181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 185.196.9.97 48795 (msg: "MISP e26826 [c2,moobot] Outgoing To IP: 185.196.9.97|48795"; classtype:trojan-activity; sid:37557201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e26826 [njrat,RAT] Domain training-invasion.gl.at.ply.gg"; dns.query; content:"training-invasion.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])training\-invasion\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37557021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26826 [njrat,RAT] Outgoing HTTP Domain training-invasion.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"training-invasion.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])training\-invasion\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37557022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 147.185.221.18 37064 (msg: "MISP e26826 [njrat,RAT] Outgoing To IP: 147.185.221.18|37064"; classtype:trojan-activity; sid:37557011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert ip $HOME_NET any -> 45.95.169.14 9931 (msg: "MISP e26826 [elf,Mirai] Outgoing To IP: 45.95.169.14|9931"; classtype:trojan-activity; sid:37557001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert dns any any -> any any (msg: "MISP e27169 [] Domain training-invasion.gl.at.ply.gg"; dns.query; content:"training-invasion.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])training\-invasion\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37858431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain training-invasion.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"training-invasion.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])training\-invasion\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37858432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e27169 [] Domain 79-9-691.581-alps.qyhgroup.com"; dns.query; content:"79-9-691.581-alps.qyhgroup.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])79\-9\-691\.581\-alps\.qyhgroup\.com$/i"; classtype:trojan-activity; sid:37858441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27169 [] Outgoing HTTP Domain 79-9-691.581-alps.qyhgroup.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"79-9-691.581-alps.qyhgroup.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])79\-9\-691\.581\-alps\.qyhgroup\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37858442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 45.95.169.14 9931 (msg: "MISP e27169 [] Outgoing To IP: 45.95.169.14|9931"; classtype:trojan-activity; sid:37858451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 147.185.221.18 37064 (msg: "MISP e27169 [] Outgoing To IP: 147.185.221.18|37064"; classtype:trojan-activity; sid:37858461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 185.196.9.97 48795 (msg: "MISP e27169 [] Outgoing To IP: 185.196.9.97|48795"; classtype:trojan-activity; sid:37858471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 193.35.18.127 51321 (msg: "MISP e27169 [] Outgoing To IP: 193.35.18.127|51321"; classtype:trojan-activity; sid:37858481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert ip $HOME_NET any -> 185.196.9.97 43957 (msg: "MISP e27169 [] Outgoing To IP: 185.196.9.97|43957"; classtype:trojan-activity; sid:37858491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert http $HOME_NET any -> 79.137.207.120 $HTTP_PORTS (msg: "MISP e26826 [dcrat] Outgoing URL http|3a|//79.137.207.120/generatorexternal9windows/local74/3processor/js/updatebigloadprocess/httptest/uploads9universaltest/trackflower6/pipe0wp/trafficlinegameprovider/publiclocal80/6better9/processorphp/6defaultserver/0javascript/multi8external/5betterrequestlinux/uploadswindowslow/tobigloadmultiflowerasyncwptempdownloads.php"; flow:to_server,established; http.header; content:"79.137.207.120"; fast_pattern; nocase; http.uri; content:"/generatorexternal9windows/local74/3processor/js/updatebigloadprocess/httptest/uploads9universaltest/trackflower6/pipe0wp/trafficlinegameprovider/publiclocal80/6better9/processorphp/6defaultserver/0javascript/multi8external/5betterrequestlinux/uploadswindowslow/tobigloadmultiflowerasyncwptempdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37557271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26824 [] Outgoing URL http|3a|//nequi-prestamos-ingreso.replit.app"; flow:to_server,established; http.header; content:"nequi-prestamos-ingreso.replit.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37554921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26824;) alert dns any any -> any any (msg: "MISP e26824 [] Domain nequi-prestamos-ingreso.replit.app"; dns.query; content:"nequi-prestamos-ingreso.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])nequi\-prestamos\-ingreso\.replit\.app$/i"; classtype:trojan-activity; sid:37554941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26824;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26824 [] Outgoing HTTP Domain nequi-prestamos-ingreso.replit.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nequi-prestamos-ingreso.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nequi\-prestamos\-ingreso\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37554942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26824;) alert http $HOME_NET any -> 79.137.207.120 $HTTP_PORTS (msg: "MISP e27169 [] Outgoing URL http|3a|//79.137.207.120/generatorExternal9Windows/Local74/3Processor/Js/UpdateBigloadProcess/HttpTest/uploads9universalTest/Trackflower6/pipe0Wp/trafficLineGameprovider/publicLocal80/6Better9/processorPhp/6defaultServer/0javascript/multi8external/5betterRequestlinux/UploadswindowsLow/toBigloadmultiflowerAsyncwptempdownloads.php"; flow:to_server,established; http.header; content:"79.137.207.120"; fast_pattern; nocase; http.uri; content:"/generatorExternal9Windows/Local74/3Processor/Js/UpdateBigloadProcess/HttpTest/uploads9universalTest/Trackflower6/pipe0Wp/trafficLineGameprovider/publicLocal80/6Better9/processorPhp/6defaultServer/0javascript/multi8external/5betterRequestlinux/UploadswindowsLow/toBigloadmultiflowerAsyncwptempdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37858501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27169;) alert dns any any -> any any (msg: "MISP e26825 [] Domain www-tarjetacencosud-cl.awadgallery.co.uk"; dns.query; content:"www-tarjetacencosud-cl.awadgallery.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-tarjetacencosud\-cl\.awadgallery\.co\.uk$/i"; classtype:trojan-activity; sid:37555031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26825;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26825 [] Outgoing HTTP Domain www-tarjetacencosud-cl.awadgallery.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www-tarjetacencosud-cl.awadgallery.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-tarjetacencosud\-cl\.awadgallery\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37555032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26825;) alert dns any any -> any any (msg: "MISP e27036 [diamond-model:Infrastructure,kill-chain:Installation] Domain medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion"; dns.query; content:"medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd\.onion$/i"; classtype:trojan-activity; sid:37768151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27036;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27036 [diamond-model:Infrastructure,kill-chain:Installation] Outgoing HTTP Domain medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37768152; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27036;) alert dns any any -> any any (msg: "MISP e27036 [diamond-model:Infrastructure,kill-chain:Installation] Domain medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion"; dns.query; content:"medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion"; nocase; pcre: "/(^|[^A-Za-z0-9-])medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd\.onion$/i"; classtype:trojan-activity; sid:37768161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27036;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27036 [diamond-model:Infrastructure,kill-chain:Installation] Outgoing HTTP Domain medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd\.onion[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37768162; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27036;) alert http $HOME_NET any -> $EXTERNAL_NET 5557 (msg: "MISP e26826 [CobaltStrike,cs-watermark-987654321,LUCID-AS-AP LUCIDACLOUD LIMITED] Outgoing URL http|3a|//mscs.v1.vscll.com|3a|5557/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"mscs.v1.vscll.com"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37557281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26826;) alert http $HOME_NET any -> $EXTERNAL_NET 5557 (msg: "MISP e27168 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing URL http|3a|//mscs.v1.vscll.com|3a|5557/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"mscs.v1.vscll.com"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37854151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip 103.137.50.92 any -> $HOME_NET any (msg: "MISP e26961 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.137.50.92"; classtype:trojan-activity; sid:37748751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26961;) alert ip 1.172.30.221 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.172.30.221"; classtype:trojan-activity; sid:37748761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 111.123.70.130 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.123.70.130"; classtype:trojan-activity; sid:37748771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 106.41.137.103 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.137.103"; classtype:trojan-activity; sid:37748781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 146.70.186.206 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.206"; classtype:trojan-activity; sid:37749321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 112.102.168.34 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.168.34"; classtype:trojan-activity; sid:37748791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 112.113.243.207 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.113.243.207"; classtype:trojan-activity; sid:37748801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 183.253.129.200 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.253.129.200"; classtype:trojan-activity; sid:37749331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 113.87.202.130 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.87.202.130"; classtype:trojan-activity; sid:37748811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 114.32.46.110 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.46.110"; classtype:trojan-activity; sid:37748821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 194.33.45.65 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.45.65"; classtype:trojan-activity; sid:37749341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 115.63.201.159 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.63.201.159"; classtype:trojan-activity; sid:37748831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 116.53.73.26 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.53.73.26"; classtype:trojan-activity; sid:37748841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 5.76.74.190 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.76.74.190"; classtype:trojan-activity; sid:37749351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 116.94.200.115 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.94.200.115"; classtype:trojan-activity; sid:37748851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 117.194.203.11 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.194.203.11"; classtype:trojan-activity; sid:37748861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 117.248.113.57 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.248.113.57"; classtype:trojan-activity; sid:37748871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 117.72.35.164 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.35.164"; classtype:trojan-activity; sid:37748881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 118.248.193.33 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.248.193.33"; classtype:trojan-activity; sid:37748891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 118.233.49.158 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.233.49.158"; classtype:trojan-activity; sid:37748901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 84.54.73.107 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.54.73.107"; classtype:trojan-activity; sid:37749361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 121.61.40.228 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.40.228"; classtype:trojan-activity; sid:37748911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 119.1.121.181 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.1.121.181"; classtype:trojan-activity; sid:37748921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 122.116.46.241 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.116.46.241"; classtype:trojan-activity; sid:37748931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 122.114.21.158 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.21.158"; classtype:trojan-activity; sid:37748941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 123.133.209.230 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.133.209.230"; classtype:trojan-activity; sid:37748951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 122.117.206.89 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.206.89"; classtype:trojan-activity; sid:37748961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 47.76.50.53 any -> $HOME_NET any (msg: "MISP e26964 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.76.50.53"; classtype:trojan-activity; sid:37749451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26964;) alert ip 123.172.167.11 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.167.11"; classtype:trojan-activity; sid:37748971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 123.144.56.94 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.144.56.94"; classtype:trojan-activity; sid:37748981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 123.248.162.124 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.248.162.124"; classtype:trojan-activity; sid:37748991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 123.172.70.231 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.70.231"; classtype:trojan-activity; sid:37749001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 139.200.68.57 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.200.68.57"; classtype:trojan-activity; sid:37749011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 125.112.224.208 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.112.224.208"; classtype:trojan-activity; sid:37749021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 14.155.206.225 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.155.206.225"; classtype:trojan-activity; sid:37749031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 172.97.129.243 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.97.129.243"; classtype:trojan-activity; sid:37749041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 177.223.89.1 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.223.89.1"; classtype:trojan-activity; sid:37749051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 175.11.243.199 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.243.199"; classtype:trojan-activity; sid:37749061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 178.54.225.228 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.54.225.228"; classtype:trojan-activity; sid:37749071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 180.94.154.38 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.94.154.38"; classtype:trojan-activity; sid:37749081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 186.73.19.254 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.73.19.254"; classtype:trojan-activity; sid:37749091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 203.161.35.128 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.161.35.128"; classtype:trojan-activity; sid:37749101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 203.177.140.211 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.177.140.211"; classtype:trojan-activity; sid:37749111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 217.210.57.211 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.210.57.211"; classtype:trojan-activity; sid:37749121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 219.107.156.210 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.107.156.210"; classtype:trojan-activity; sid:37749131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 219.85.158.124 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.85.158.124"; classtype:trojan-activity; sid:37749141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 220.76.155.50 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.76.155.50"; classtype:trojan-activity; sid:37749151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 219.86.240.113 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.86.240.113"; classtype:trojan-activity; sid:37749161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 223.12.176.102 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.12.176.102"; classtype:trojan-activity; sid:37749171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 221.15.4.139 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.15.4.139"; classtype:trojan-activity; sid:37749181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 49.67.129.114 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.67.129.114"; classtype:trojan-activity; sid:37749191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 41.212.46.42 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.212.46.42"; classtype:trojan-activity; sid:37749201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 49.89.157.74 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.89.157.74"; classtype:trojan-activity; sid:37749211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 49.70.108.75 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.70.108.75"; classtype:trojan-activity; sid:37749221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 58.29.106.148 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.29.106.148"; classtype:trojan-activity; sid:37749231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 5.42.52.152 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.52.152"; classtype:trojan-activity; sid:37749241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 68.38.182.217 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.38.182.217"; classtype:trojan-activity; sid:37749251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 59.127.97.53 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.127.97.53"; classtype:trojan-activity; sid:37749261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 76.72.50.148 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.72.50.148"; classtype:trojan-activity; sid:37749271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 70.183.108.219 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 70.183.108.219"; classtype:trojan-activity; sid:37749281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 81.226.72.153 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.226.72.153"; classtype:trojan-activity; sid:37749291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 77.239.217.42 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.239.217.42"; classtype:trojan-activity; sid:37749301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 107.170.255.35 any -> $HOME_NET any (msg: "MISP e26965 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.255.35"; classtype:trojan-activity; sid:37749471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26965;) alert ip 146.70.186.124 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.124"; classtype:trojan-activity; sid:37749371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 154.160.5.215 any -> $HOME_NET any (msg: "MISP e26963 [] Incoming From IP: 154.160.5.215"; classtype:trojan-activity; sid:37749381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 193.223.104.45 any -> $HOME_NET any (msg: "MISP e26965 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.223.104.45"; classtype:trojan-activity; sid:37749481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26965;) alert ip 146.70.186.166 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.166"; classtype:trojan-activity; sid:37749391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 138.199.40.168 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.199.40.168"; classtype:trojan-activity; sid:37749401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 194.33.45.121 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.45.121"; classtype:trojan-activity; sid:37749411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 185.129.51.9 any -> $HOME_NET any (msg: "MISP e26965 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.129.51.9"; classtype:trojan-activity; sid:37749491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26965;) alert ip 94.230.206.226 any -> $HOME_NET any (msg: "MISP e26962 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.230.206.226"; classtype:trojan-activity; sid:37749311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26962;) alert ip 104.131.144.12 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.144.12"; classtype:trojan-activity; sid:37749421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 185.180.143.50 any -> $HOME_NET any (msg: "MISP e26965 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.180.143.50"; classtype:trojan-activity; sid:37749501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26965;) alert ip 138.199.40.173 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.199.40.173"; classtype:trojan-activity; sid:37749431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 167.248.133.34 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.34"; classtype:trojan-activity; sid:37756671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 186.155.227.234 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.155.227.234"; classtype:trojan-activity; sid:37756681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 39.105.54.237 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.105.54.237"; classtype:trojan-activity; sid:37756691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 162.216.150.214 any -> $HOME_NET any (msg: "MISP e26965 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.216.150.214"; classtype:trojan-activity; sid:37749511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26965;) alert ip 170.64.209.167 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.209.167"; classtype:trojan-activity; sid:37756701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 81.17.21.98 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.17.21.98"; classtype:trojan-activity; sid:37756711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip 84.17.35.117 any -> $HOME_NET any (msg: "MISP e26963 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.117"; classtype:trojan-activity; sid:37749441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26963;) alert ip 162.243.145.44 any -> $HOME_NET any (msg: "MISP e26964 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.145.44"; classtype:trojan-activity; sid:37749461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26964;) alert ip 151.51.13.19 any -> $HOME_NET any (msg: "MISP e26983 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.51.13.19"; classtype:trojan-activity; sid:37756721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26983;) alert ip $HOME_NET any -> 3.253.247.39 443 (msg: "MISP e26836 [c2,Havoc] Outgoing To IP: 3.253.247.39|443"; classtype:trojan-activity; sid:37558191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 35.178.199.73 80 (msg: "MISP e26836 [c2,Havoc] Outgoing To IP: 35.178.199.73|80"; classtype:trojan-activity; sid:37558201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 18.153.179.54 443 (msg: "MISP e26836 [c2,Havoc] Outgoing To IP: 18.153.179.54|443"; classtype:trojan-activity; sid:37558211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 166.88.61.138 8848 (msg: "MISP e26836 [c2,dcrat] Outgoing To IP: 166.88.61.138|8848"; classtype:trojan-activity; sid:37558221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 106.53.186.12 8848 (msg: "MISP e26836 [c2,dcrat] Outgoing To IP: 106.53.186.12|8848"; classtype:trojan-activity; sid:37558231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 83.217.9.199 8848 (msg: "MISP e26836 [c2,dcrat] Outgoing To IP: 83.217.9.199|8848"; classtype:trojan-activity; sid:37558241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 91.92.252.227 1000 (msg: "MISP e26836 [c2,dcrat] Outgoing To IP: 91.92.252.227|1000"; classtype:trojan-activity; sid:37558251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 212.192.12.222 5008 (msg: "MISP e26836 [c2,dcrat] Outgoing To IP: 212.192.12.222|5008"; classtype:trojan-activity; sid:37558261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 91.202.233.133 8848 (msg: "MISP e26836 [c2,dcrat] Outgoing To IP: 91.202.233.133|8848"; classtype:trojan-activity; sid:37558271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 91.202.233.133 8848 (msg: "MISP e27168 [] Outgoing To IP: 91.202.233.133|8848"; classtype:trojan-activity; sid:37854161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 212.192.12.222 5008 (msg: "MISP e27168 [] Outgoing To IP: 212.192.12.222|5008"; classtype:trojan-activity; sid:37854171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 91.92.252.227 1000 (msg: "MISP e27168 [] Outgoing To IP: 91.92.252.227|1000"; classtype:trojan-activity; sid:37854181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 83.217.9.199 8848 (msg: "MISP e27168 [] Outgoing To IP: 83.217.9.199|8848"; classtype:trojan-activity; sid:37854191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 106.53.186.12 8848 (msg: "MISP e27168 [] Outgoing To IP: 106.53.186.12|8848"; classtype:trojan-activity; sid:37854201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 166.88.61.138 8848 (msg: "MISP e27168 [] Outgoing To IP: 166.88.61.138|8848"; classtype:trojan-activity; sid:37854211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 18.153.179.54 443 (msg: "MISP e27168 [] Outgoing To IP: 18.153.179.54|443"; classtype:trojan-activity; sid:37854221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 35.178.199.73 80 (msg: "MISP e27168 [] Outgoing To IP: 35.178.199.73|80"; classtype:trojan-activity; sid:37854231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 3.253.247.39 443 (msg: "MISP e27168 [] Outgoing To IP: 3.253.247.39|443"; classtype:trojan-activity; sid:37854241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26836 [dcrat] Outgoing URL http|3a|//cm65198.tw1.ru/_defaultwindows.php"; flow:to_server,established; http.header; content:"cm65198.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37558281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27168 [] Outgoing URL http|3a|//cm65198.tw1.ru/_Defaultwindows.php"; flow:to_server,established; http.header; content:"cm65198.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_Defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37854251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27075 [] Domain my-zone-eu.acolseas.com"; dns.query; content:"my-zone-eu.acolseas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-zone\-eu\.acolseas\.com$/i"; classtype:trojan-activity; sid:37774261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27075;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27075 [] Outgoing HTTP Domain my-zone-eu.acolseas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"my-zone-eu.acolseas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-zone\-eu\.acolseas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27075;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27076 [] Source Email Address: web4dimax@tikupoiss.ee"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"web4dimax@tikupoiss.ee"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert dns any any -> any any (msg: "MISP e27076 [] Domain omniva.in"; dns.query; content:"omniva.in"; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.in$/i"; classtype:trojan-activity; sid:37774321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27076 [] Outgoing HTTP Domain omniva.in"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omniva.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert dns any any -> any any (msg: "MISP e27076 [] Domain my-zone-eu.acolseas.com"; dns.query; content:"my-zone-eu.acolseas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-zone\-eu\.acolseas\.com$/i"; classtype:trojan-activity; sid:37774341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27076 [] Outgoing HTTP Domain my-zone-eu.acolseas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"my-zone-eu.acolseas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-zone\-eu\.acolseas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert ip $HOME_NET any -> 51.250.74.43 7443 (msg: "MISP e26836 [Mythic,YANDEXCLOUD] Outgoing To IP: 51.250.74.43|7443"; classtype:trojan-activity; sid:37558301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 209.9.200.69 32002 (msg: "MISP e26836 [Deimos,HKTIMS-AP HKT Limited] Outgoing To IP: 209.9.200.69|32002"; classtype:trojan-activity; sid:37558311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [Latrodectus] Domain lastaflirtely.me"; dns.query; content:"lastaflirtely.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])lastaflirtely\.me$/i"; classtype:trojan-activity; sid:37558321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [Latrodectus] Outgoing HTTP Domain lastaflirtely.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lastaflirtely.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lastaflirtely\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37558322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 23.227.193.214 443 (msg: "MISP e26836 [Havoc,HVC-AS] Outgoing To IP: 23.227.193.214|443"; classtype:trojan-activity; sid:37558331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 58.65.172.132 443 (msg: "MISP e26836 [Havoc,NAYATEL-PK Nayatel Pvt Ltd] Outgoing To IP: 58.65.172.132|443"; classtype:trojan-activity; sid:37558341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 165.227.122.136 80 (msg: "MISP e26836 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 165.227.122.136|80"; classtype:trojan-activity; sid:37558351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 34.116.205.0 443 (msg: "MISP e26836 [GOOGLE-CLOUD-PLATFORM,Havoc] Outgoing To IP: 34.116.205.0|443"; classtype:trojan-activity; sid:37558361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 37.1.210.109 443 (msg: "MISP e26836 [Havoc,HVC-AS] Outgoing To IP: 37.1.210.109|443"; classtype:trojan-activity; sid:37558371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 103.27.132.105 445 (msg: "MISP e26836 [Responder,SHOCK-1] Outgoing To IP: 103.27.132.105|445"; classtype:trojan-activity; sid:37558381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 209.151.153.136 445 (msg: "MISP e26836 [Responder,UPCLOUDUSA] Outgoing To IP: 209.151.153.136|445"; classtype:trojan-activity; sid:37558391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 154.247.12.253 993 (msg: "MISP e26836 [ALGTEL-AS,QakBot] Outgoing To IP: 154.247.12.253|993"; classtype:trojan-activity; sid:37558401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 194.147.140.242 2202 (msg: "MISP e26836 [dcrat,PRIVACYFIRST] Outgoing To IP: 194.147.140.242|2202"; classtype:trojan-activity; sid:37558411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 89.190.156.176 8872 (msg: "MISP e26836 [moobot] Outgoing To IP: 89.190.156.176|8872"; classtype:trojan-activity; sid:37558181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 185.226.106.107 666 (msg: "MISP e26836 [Gafgyt] Outgoing To IP: 185.226.106.107|666"; classtype:trojan-activity; sid:37558291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 142.171.33.169 8888 (msg: "MISP e26836 [MULTA-ASN1,Supershell] Outgoing To IP: 142.171.33.169|8888"; classtype:trojan-activity; sid:37558421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e27168 [] Domain lastaflirtely.me"; dns.query; content:"lastaflirtely.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])lastaflirtely\.me$/i"; classtype:trojan-activity; sid:37854261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain lastaflirtely.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lastaflirtely.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lastaflirtely\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 154.247.12.253 993 (msg: "MISP e27168 [] Outgoing To IP: 154.247.12.253|993"; classtype:trojan-activity; sid:37854271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 209.151.153.136 445 (msg: "MISP e27168 [] Outgoing To IP: 209.151.153.136|445"; classtype:trojan-activity; sid:37854281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 103.27.132.105 445 (msg: "MISP e27168 [] Outgoing To IP: 103.27.132.105|445"; classtype:trojan-activity; sid:37854291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 37.1.210.109 443 (msg: "MISP e27168 [] Outgoing To IP: 37.1.210.109|443"; classtype:trojan-activity; sid:37854301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 34.116.205.0 443 (msg: "MISP e27168 [] Outgoing To IP: 34.116.205.0|443"; classtype:trojan-activity; sid:37854311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 165.227.122.136 80 (msg: "MISP e27168 [] Outgoing To IP: 165.227.122.136|80"; classtype:trojan-activity; sid:37854321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 58.65.172.132 443 (msg: "MISP e27168 [] Outgoing To IP: 58.65.172.132|443"; classtype:trojan-activity; sid:37854331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 23.227.193.214 443 (msg: "MISP e27168 [] Outgoing To IP: 23.227.193.214|443"; classtype:trojan-activity; sid:37854341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 209.9.200.69 32002 (msg: "MISP e27168 [] Outgoing To IP: 209.9.200.69|32002"; classtype:trojan-activity; sid:37854351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 51.250.74.43 7443 (msg: "MISP e27168 [] Outgoing To IP: 51.250.74.43|7443"; classtype:trojan-activity; sid:37854361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e24600 [] Domain ddtyhb.com"; dns.query; content:"ddtyhb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ddtyhb\.com$/i"; classtype:trojan-activity; sid:37766051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain ddtyhb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ddtyhb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ddtyhb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766052; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain q21k5uancet.softstonesdevelopment.com"; dns.query; content:"q21k5uancet.softstonesdevelopment.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])q21k5uancet\.softstonesdevelopment\.com$/i"; classtype:trojan-activity; sid:37766091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain q21k5uancet.softstonesdevelopment.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"q21k5uancet.softstonesdevelopment.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])q21k5uancet\.softstonesdevelopment\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766092; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 94.103.188.173 666 (msg: "MISP e26836 [Gafgyt] Outgoing To IP: 94.103.188.173|666"; classtype:trojan-activity; sid:37558431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e24600 [] Domain webmailp0stluxmbrg.weebly.com"; dns.query; content:"webmailp0stluxmbrg.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])webmailp0stluxmbrg\.weebly\.com$/i"; classtype:trojan-activity; sid:37766141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain webmailp0stluxmbrg.weebly.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webmailp0stluxmbrg.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webmailp0stluxmbrg\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766142; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 154.222.236.61 56999 (msg: "MISP e26836 [moobot] Outgoing To IP: 154.222.236.61|56999"; classtype:trojan-activity; sid:37558441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 154.222.236.61 56999 (msg: "MISP e27168 [] Outgoing To IP: 154.222.236.61|56999"; classtype:trojan-activity; sid:37854371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 94.103.188.173 666 (msg: "MISP e27168 [] Outgoing To IP: 94.103.188.173|666"; classtype:trojan-activity; sid:37854381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 142.171.33.169 8888 (msg: "MISP e27168 [] Outgoing To IP: 142.171.33.169|8888"; classtype:trojan-activity; sid:37854391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 89.190.156.176 8872 (msg: "MISP e27168 [] Outgoing To IP: 89.190.156.176|8872"; classtype:trojan-activity; sid:37854401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 185.226.106.107 666 (msg: "MISP e27168 [] Outgoing To IP: 185.226.106.107|666"; classtype:trojan-activity; sid:37854411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 194.147.140.242 2202 (msg: "MISP e27168 [] Outgoing To IP: 194.147.140.242|2202"; classtype:trojan-activity; sid:37854421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 118.31.3.116 any (msg: "MISP e27682 [] Outgoing To IP: 118.31.3.116"; classtype:trojan-activity; sid:38015291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert ip $HOME_NET any -> 171.88.143.37 any (msg: "MISP e27682 [] Outgoing To IP: 171.88.143.37"; classtype:trojan-activity; sid:38015301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert ip $HOME_NET any -> 1.192.194.162 any (msg: "MISP e27682 [] Outgoing To IP: 1.192.194.162"; classtype:trojan-activity; sid:38015311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert ip $HOME_NET any -> 101.219.17.111 any (msg: "MISP e27682 [] Outgoing To IP: 101.219.17.111"; classtype:trojan-activity; sid:38015321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert ip $HOME_NET any -> 221.13.74.218 any (msg: "MISP e27682 [] Outgoing To IP: 221.13.74.218"; classtype:trojan-activity; sid:38015331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert ip $HOME_NET any -> 171.88.142.148 any (msg: "MISP e27682 [] Outgoing To IP: 171.88.142.148"; classtype:trojan-activity; sid:38015341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert ip $HOME_NET any -> 171.88.143.72 any (msg: "MISP e27682 [] Outgoing To IP: 171.88.143.72"; classtype:trojan-activity; sid:38015351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert ip $HOME_NET any -> 66.98.127.105 any (msg: "MISP e27682 [] Outgoing To IP: 66.98.127.105"; classtype:trojan-activity; sid:38015361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert ip $HOME_NET any -> 8.218.67.52 any (msg: "MISP e27682 [] Outgoing To IP: 8.218.67.52"; classtype:trojan-activity; sid:38015261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert ip $HOME_NET any -> 74.120.172.10 any (msg: "MISP e27682 [diamond-model:Infrastructure] Outgoing To IP: 74.120.172.10"; classtype:trojan-activity; sid:38015401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert dns any any -> any any (msg: "MISP e27682 [] Domain mailnotes.online"; dns.query; content:"mailnotes.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])mailnotes\.online$/i"; classtype:trojan-activity; sid:38015411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27682 [] Outgoing HTTP Domain mailnotes.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mailnotes.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mailnotes\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38015412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27682;) alert ip $HOME_NET any -> 185.196.10.134 6117 (msg: "MISP e26836 [Gafgyt] Outgoing To IP: 185.196.10.134|6117"; classtype:trojan-activity; sid:37558451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 185.196.10.134 6117 (msg: "MISP e27168 [] Outgoing To IP: 185.196.10.134|6117"; classtype:trojan-activity; sid:37854431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e26827 [] Domain spakupier.pages.dev"; dns.query; content:"spakupier.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])spakupier\.pages\.dev$/i"; classtype:trojan-activity; sid:37557301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26827;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26827 [] Outgoing HTTP Domain spakupier.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"spakupier.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])spakupier\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37557302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26827;) alert dns any any -> any any (msg: "MISP e24600 [] Domain vtipzopu1rg0um.com"; dns.query; content:"vtipzopu1rg0um.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vtipzopu1rg0um\.com$/i"; classtype:trojan-activity; sid:37766171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain vtipzopu1rg0um.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vtipzopu1rg0um.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vtipzopu1rg0um\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766172; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//sa.netup.p-e.kr/index.php"; flow:to_server,established; http.header; content:"sa.netup.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//dl.netup.p-e.kr/index.php"; flow:to_server,established; http.header; content:"dl.netup.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//ai.kimyy.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.kimyy.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//ve.kimyy.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ve.kimyy.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//pe.daysol.p-e.kr/index.php"; flow:to_server,established; http.header; content:"pe.daysol.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//ai.daysol.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.daysol.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//ca.bananat.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ca.bananat.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//ai.bananat.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.bananat.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//pi.selecto.p-e.kr/index.php"; flow:to_server,established; http.header; content:"pi.selecto.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//ai.selecto.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.selecto.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//ai.aerosp.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.aerosp.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//ce.aerosp.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ce.aerosp.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//ai.ssungmin.p-e.kr/index.php"; flow:to_server,established; http.header; content:"ai.ssungmin.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//li.ssungmin.p-e.kr/index.php"; flow:to_server,established; http.header; content:"li.ssungmin.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//qa.jaychoi.p-e.kr/index.php"; flow:to_server,established; http.header; content:"qa.jaychoi.p-e.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27010 [] Outgoing URL http|3a|//viewer.appofficer.kro.kr/index.php"; flow:to_server,established; http.header; content:"viewer.appofficer.kro.kr"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37762851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname victory-2024.mywebcommunity.org"; dns.query; content:"victory-2024.mywebcommunity.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])victory\-2024\.mywebcommunity\.org$/i"; classtype:trojan-activity; sid:37762861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname victory-2024.mywebcommunity.org"; flow:to_server,established; http.header; content: "Host|3a| victory-2024.mywebcommunity.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])victory\-2024\.mywebcommunity\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname 3cym4ims.medianewsonline.com"; dns.query; content:"3cym4ims.medianewsonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3cym4ims\.medianewsonline\.com$/i"; classtype:trojan-activity; sid:37762871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname 3cym4ims.medianewsonline.com"; flow:to_server,established; http.header; content: "Host|3a| 3cym4ims.medianewsonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3cym4ims\.medianewsonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname j1p75639.medianewsonline.com"; dns.query; content:"j1p75639.medianewsonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j1p75639\.medianewsonline\.com$/i"; classtype:trojan-activity; sid:37762881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname j1p75639.medianewsonline.com"; flow:to_server,established; http.header; content: "Host|3a| j1p75639.medianewsonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j1p75639\.medianewsonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname 99695njd.myartsonline.com"; dns.query; content:"99695njd.myartsonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])99695njd\.myartsonline\.com$/i"; classtype:trojan-activity; sid:37762891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname 99695njd.myartsonline.com"; flow:to_server,established; http.header; content: "Host|3a| 99695njd.myartsonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])99695njd\.myartsonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname mhhnv7s9.myartsonline.com"; dns.query; content:"mhhnv7s9.myartsonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mhhnv7s9\.myartsonline\.com$/i"; classtype:trojan-activity; sid:37762901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname mhhnv7s9.myartsonline.com"; flow:to_server,established; http.header; content: "Host|3a| mhhnv7s9.myartsonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mhhnv7s9\.myartsonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname g66nzt8q.mygamesonline.org"; dns.query; content:"g66nzt8q.mygamesonline.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g66nzt8q\.mygamesonline\.org$/i"; classtype:trojan-activity; sid:37762911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname g66nzt8q.mygamesonline.org"; flow:to_server,established; http.header; content: "Host|3a| g66nzt8q.mygamesonline.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g66nzt8q\.mygamesonline\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname p593d8g9.mygamesonline.org"; dns.query; content:"p593d8g9.mygamesonline.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])p593d8g9\.mygamesonline\.org$/i"; classtype:trojan-activity; sid:37762921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname p593d8g9.mygamesonline.org"; flow:to_server,established; http.header; content: "Host|3a| p593d8g9.mygamesonline.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])p593d8g9\.mygamesonline\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname mbfasq54.mypressonline.com"; dns.query; content:"mbfasq54.mypressonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mbfasq54\.mypressonline\.com$/i"; classtype:trojan-activity; sid:37762931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname mbfasq54.mypressonline.com"; flow:to_server,established; http.header; content: "Host|3a| mbfasq54.mypressonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mbfasq54\.mypressonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname tl2j38w9.mypressonline.com"; dns.query; content:"tl2j38w9.mypressonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tl2j38w9\.mypressonline\.com$/i"; classtype:trojan-activity; sid:37762941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname tl2j38w9.mypressonline.com"; flow:to_server,established; http.header; content: "Host|3a| tl2j38w9.mypressonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tl2j38w9\.mypressonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname t8nptw2h.mywebcommunity.org"; dns.query; content:"t8nptw2h.mywebcommunity.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t8nptw2h\.mywebcommunity\.org$/i"; classtype:trojan-activity; sid:37762951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname t8nptw2h.mywebcommunity.org"; flow:to_server,established; http.header; content: "Host|3a| t8nptw2h.mywebcommunity.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])t8nptw2h\.mywebcommunity\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname w9uzs9la.mywebcommunity.org"; dns.query; content:"w9uzs9la.mywebcommunity.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])w9uzs9la\.mywebcommunity\.org$/i"; classtype:trojan-activity; sid:37762961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname w9uzs9la.mywebcommunity.org"; flow:to_server,established; http.header; content: "Host|3a| w9uzs9la.mywebcommunity.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])w9uzs9la\.mywebcommunity\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname zcvbm1zv.onlinewebshop.net"; dns.query; content:"zcvbm1zv.onlinewebshop.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zcvbm1zv\.onlinewebshop\.net$/i"; classtype:trojan-activity; sid:37762971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname zcvbm1zv.onlinewebshop.net"; flow:to_server,established; http.header; content: "Host|3a| zcvbm1zv.onlinewebshop.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zcvbm1zv\.onlinewebshop\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname zomfaa9a.onlinewebshop.net"; dns.query; content:"zomfaa9a.onlinewebshop.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zomfaa9a\.onlinewebshop\.net$/i"; classtype:trojan-activity; sid:37762981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname zomfaa9a.onlinewebshop.net"; flow:to_server,established; http.header; content: "Host|3a| zomfaa9a.onlinewebshop.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zomfaa9a\.onlinewebshop\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname 694qf6w8.scienceontheweb.net"; dns.query; content:"694qf6w8.scienceontheweb.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])694qf6w8\.scienceontheweb\.net$/i"; classtype:trojan-activity; sid:37762991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname 694qf6w8.scienceontheweb.net"; flow:to_server,established; http.header; content: "Host|3a| 694qf6w8.scienceontheweb.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])694qf6w8\.scienceontheweb\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname 24ev0apa.scienceontheweb.net"; dns.query; content:"24ev0apa.scienceontheweb.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])24ev0apa\.scienceontheweb\.net$/i"; classtype:trojan-activity; sid:37763001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname 24ev0apa.scienceontheweb.net"; flow:to_server,established; http.header; content: "Host|3a| 24ev0apa.scienceontheweb.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])24ev0apa\.scienceontheweb\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname c6cdg4su.sportsontheweb.net"; dns.query; content:"c6cdg4su.sportsontheweb.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])c6cdg4su\.sportsontheweb\.net$/i"; classtype:trojan-activity; sid:37763011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname c6cdg4su.sportsontheweb.net"; flow:to_server,established; http.header; content: "Host|3a| c6cdg4su.sportsontheweb.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])c6cdg4su\.sportsontheweb\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname 5s6bqbea.sportsontheweb.net"; dns.query; content:"5s6bqbea.sportsontheweb.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5s6bqbea\.sportsontheweb\.net$/i"; classtype:trojan-activity; sid:37763021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname 5s6bqbea.sportsontheweb.net"; flow:to_server,established; http.header; content: "Host|3a| 5s6bqbea.sportsontheweb.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5s6bqbea\.sportsontheweb\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname jbkza9h7.atwebpages.com"; dns.query; content:"jbkza9h7.atwebpages.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jbkza9h7\.atwebpages\.com$/i"; classtype:trojan-activity; sid:37763031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname jbkza9h7.atwebpages.com"; flow:to_server,established; http.header; content: "Host|3a| jbkza9h7.atwebpages.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jbkza9h7\.atwebpages\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname 88zr7cua.atwebpages.com"; dns.query; content:"88zr7cua.atwebpages.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])88zr7cua\.atwebpages\.com$/i"; classtype:trojan-activity; sid:37763041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname 88zr7cua.atwebpages.com"; flow:to_server,established; http.header; content: "Host|3a| 88zr7cua.atwebpages.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])88zr7cua\.atwebpages\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname p8tebfel.getenjoyment.net"; dns.query; content:"p8tebfel.getenjoyment.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])p8tebfel\.getenjoyment\.net$/i"; classtype:trojan-activity; sid:37763051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname p8tebfel.getenjoyment.net"; flow:to_server,established; http.header; content: "Host|3a| p8tebfel.getenjoyment.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])p8tebfel\.getenjoyment\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname cor8xcib.getenjoyment.net"; dns.query; content:"cor8xcib.getenjoyment.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cor8xcib\.getenjoyment\.net$/i"; classtype:trojan-activity; sid:37763061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname cor8xcib.getenjoyment.net"; flow:to_server,established; http.header; content: "Host|3a| cor8xcib.getenjoyment.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cor8xcib\.getenjoyment\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26892 [] Outgoing URL http|3a|//beloremi.online.fr/bago"; flow:to_server,established; http.header; content:"beloremi.online.fr"; fast_pattern; nocase; http.uri; content:"/bago"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37614281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26892;) alert dns any any -> any any (msg: "MISP e26836 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Domain service-hlaqy0v7-1303081427.sh.tencentapigw.com"; dns.query; content:"service-hlaqy0v7-1303081427.sh.tencentapigw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-hlaqy0v7\-1303081427\.sh\.tencentapigw\.com$/i"; classtype:trojan-activity; sid:37558471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain service-hlaqy0v7-1303081427.sh.tencentapigw.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-hlaqy0v7-1303081427.sh.tencentapigw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-hlaqy0v7\-1303081427\.sh\.tencentapigw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37558472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 106.54.228.198 443 (msg: "MISP e26836 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 106.54.228.198|443"; classtype:trojan-activity; sid:37558481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e27110 [] Hostname vid-gov.web.app"; dns.query; content:"vid-gov.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vid\-gov\.web\.app$/i"; classtype:trojan-activity; sid:37775611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27110;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27110 [] Outgoing HTTP Hostname vid-gov.web.app"; flow:to_server,established; http.header; content: "Host|3a| vid-gov.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vid\-gov\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27110;) alert ip $HOME_NET any -> 31.222.202.156 5555 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 31.222.202.156|5555"; classtype:trojan-activity; sid:37558491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 45.154.1.68 1420 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 45.154.1.68|1420"; classtype:trojan-activity; sid:37558501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 46.19.140.242 32465 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 46.19.140.242|32465"; classtype:trojan-activity; sid:37558511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 47.105.86.47 21997 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 47.105.86.47|21997"; classtype:trojan-activity; sid:37558521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 62.173.140.174 17900 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 62.173.140.174|17900"; classtype:trojan-activity; sid:37558531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 78.31.67.78 2300 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 78.31.67.78|2300"; classtype:trojan-activity; sid:37558541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 84.54.51.103 32015 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 84.54.51.103|32015"; classtype:trojan-activity; sid:37558551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 87.121.58.103 32015 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 87.121.58.103|32015"; classtype:trojan-activity; sid:37558561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 93.123.85.181 1337 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 93.123.85.181|1337"; classtype:trojan-activity; sid:37558571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 114.67.217.170 1312 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 114.67.217.170|1312"; classtype:trojan-activity; sid:37558581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 134.209.111.71 9999 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 134.209.111.71|9999"; classtype:trojan-activity; sid:37558591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 141.95.81.119 2300 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 141.95.81.119|2300"; classtype:trojan-activity; sid:37558601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 141.98.7.15 1915 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 141.98.7.15|1915"; classtype:trojan-activity; sid:37558611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 146.59.12.246 20002 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 146.59.12.246|20002"; classtype:trojan-activity; sid:37558621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 146.190.53.148 81 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 146.190.53.148|81"; classtype:trojan-activity; sid:37558631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 178.79.150.75 4444 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 178.79.150.75|4444"; classtype:trojan-activity; sid:37558641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 185.209.160.19 8872 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 185.209.160.19|8872"; classtype:trojan-activity; sid:37558651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 192.227.231.5 23 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 192.227.231.5|23"; classtype:trojan-activity; sid:37558661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 203.25.119.136 48748 (msg: "MISP e26836 [elf,Mirai] Outgoing To IP: 203.25.119.136|48748"; classtype:trojan-activity; sid:37558671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e27168 [] Domain service-hlaqy0v7-1303081427.sh.tencentapigw.com"; dns.query; content:"service-hlaqy0v7-1303081427.sh.tencentapigw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-hlaqy0v7\-1303081427\.sh\.tencentapigw\.com$/i"; classtype:trojan-activity; sid:37854451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain service-hlaqy0v7-1303081427.sh.tencentapigw.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-hlaqy0v7-1303081427.sh.tencentapigw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-hlaqy0v7\-1303081427\.sh\.tencentapigw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 106.54.228.198 443 (msg: "MISP e27168 [] Outgoing To IP: 106.54.228.198|443"; classtype:trojan-activity; sid:37854471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname lcs.ntsnews.space"; dns.query; content:"lcs.ntsnews.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.ntsnews\.space$/i"; classtype:trojan-activity; sid:37763071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname lcs.ntsnews.space"; flow:to_server,established; http.header; content: "Host|3a| lcs.ntsnews.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcs\.ntsnews\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname mta-sts.ntsmails.space"; dns.query; content:"mta-sts.ntsmails.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.ntsmails\.space$/i"; classtype:trojan-activity; sid:37763081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname mta-sts.ntsmails.space"; flow:to_server,established; http.header; content: "Host|3a| mta-sts.ntsmails.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.ntsmails\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname shop.ntsboard.space"; dns.query; content:"shop.ntsboard.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shop\.ntsboard\.space$/i"; classtype:trojan-activity; sid:37763091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname shop.ntsboard.space"; flow:to_server,established; http.header; content: "Host|3a| shop.ntsboard.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shop\.ntsboard\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname shop.ntspost.space"; dns.query; content:"shop.ntspost.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shop\.ntspost\.space$/i"; classtype:trojan-activity; sid:37763101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname shop.ntspost.space"; flow:to_server,established; http.header; content: "Host|3a| shop.ntspost.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shop\.ntspost\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname store.ntspost.space"; dns.query; content:"store.ntspost.space"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])store\.ntspost\.space$/i"; classtype:trojan-activity; sid:37763111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname store.ntspost.space"; flow:to_server,established; http.header; content: "Host|3a| store.ntspost.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])store\.ntspost\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname emv1.npsviewer.site"; dns.query; content:"emv1.npsviewer.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.npsviewer\.site$/i"; classtype:trojan-activity; sid:37763121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname emv1.npsviewer.site"; flow:to_server,established; http.header; content: "Host|3a| emv1.npsviewer.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.npsviewer\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname mta-sts.npsviewer.site"; dns.query; content:"mta-sts.npsviewer.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.npsviewer\.site$/i"; classtype:trojan-activity; sid:37763131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname mta-sts.npsviewer.site"; flow:to_server,established; http.header; content: "Host|3a| mta-sts.npsviewer.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.npsviewer\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing URL aas.com/inc/basl/up1/show.php"; flow:to_server,established; http.uri; content:"aas.com/inc/basl/up1/show.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37763141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain navarcope.site"; dns.query; content:"navarcope.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])navarcope\.site$/i"; classtype:trojan-activity; sid:37763151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain navarcope.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"navarcope.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])navarcope\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain news-nps1.site"; dns.query; content:"news-nps1.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-nps1\.site$/i"; classtype:trojan-activity; sid:37763161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain news-nps1.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"news-nps1.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])news\-nps1\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain nps-sends.site"; dns.query; content:"nps-sends.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])nps\-sends\.site$/i"; classtype:trojan-activity; sid:37763171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain nps-sends.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nps-sends.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nps\-sends\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain npsreview.site"; dns.query; content:"npsreview.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])npsreview\.site$/i"; classtype:trojan-activity; sid:37763181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain npsreview.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"npsreview.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])npsreview\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain npssign.space"; dns.query; content:"npssign.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])npssign\.space$/i"; classtype:trojan-activity; sid:37763191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain npssign.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"npssign.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])npssign\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain ntsadv.site"; dns.query; content:"ntsadv.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsadv\.site$/i"; classtype:trojan-activity; sid:37763201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain ntsadv.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsadv.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsadv\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain ntscorp.store"; dns.query; content:"ntscorp.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntscorp\.store$/i"; classtype:trojan-activity; sid:37763211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain ntscorp.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntscorp.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntscorp\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain ntsgrp.site"; dns.query; content:"ntsgrp.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsgrp\.site$/i"; classtype:trojan-activity; sid:37763221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain ntsgrp.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsgrp.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsgrp\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain ntsmid.space"; dns.query; content:"ntsmid.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmid\.space$/i"; classtype:trojan-activity; sid:37763231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain ntsmid.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsmid.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsmid\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain ntspage.space"; dns.query; content:"ntspage.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntspage\.space$/i"; classtype:trojan-activity; sid:37763241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain ntspage.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntspage.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntspage\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain ntsroom.store"; dns.query; content:"ntsroom.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsroom\.store$/i"; classtype:trojan-activity; sid:37763251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain ntsroom.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntsroom.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntsroom\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain rskey.buzz"; dns.query; content:"rskey.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])rskey\.buzz$/i"; classtype:trojan-activity; sid:37763261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain rskey.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rskey.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rskey\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain wetax-notice.site"; dns.query; content:"wetax-notice.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-notice\.site$/i"; classtype:trojan-activity; sid:37763271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain wetax-notice.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wetax-notice.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-notice\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain wetax-notice.space"; dns.query; content:"wetax-notice.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-notice\.space$/i"; classtype:trojan-activity; sid:37763281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain wetax-notice.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wetax-notice.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-notice\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain wetax-pay.online"; dns.query; content:"wetax-pay.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-pay\.online$/i"; classtype:trojan-activity; sid:37763291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain wetax-pay.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wetax-pay.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-pay\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain wetax-pay.site"; dns.query; content:"wetax-pay.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-pay\.site$/i"; classtype:trojan-activity; sid:37763301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain wetax-pay.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wetax-pay.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-pay\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain wetax-pay.space"; dns.query; content:"wetax-pay.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-pay\.space$/i"; classtype:trojan-activity; sid:37763311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain wetax-pay.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wetax-pay.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-pay\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Domain wetax-pay.store"; dns.query; content:"wetax-pay.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-pay\.store$/i"; classtype:trojan-activity; sid:37763321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Domain wetax-pay.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wetax-pay.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wetax\-pay\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname emv1.npsnote.site"; dns.query; content:"emv1.npsnote.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.npsnote\.site$/i"; classtype:trojan-activity; sid:37763331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname emv1.npsnote.site"; flow:to_server,established; http.header; content: "Host|3a| emv1.npsnote.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.npsnote\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname emvl.npsnote.site"; dns.query; content:"emvl.npsnote.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emvl\.npsnote\.site$/i"; classtype:trojan-activity; sid:37763341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname emvl.npsnote.site"; flow:to_server,established; http.header; content: "Host|3a| emvl.npsnote.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emvl\.npsnote\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname naver.wetax-pay.online"; dns.query; content:"naver.wetax-pay.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.wetax\-pay\.online$/i"; classtype:trojan-activity; sid:37763351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname naver.wetax-pay.online"; flow:to_server,established; http.header; content: "Host|3a| naver.wetax-pay.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])naver\.wetax\-pay\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27064 [] Domain omniva.sajanaholidays.it"; dns.query; content:"omniva.sajanaholidays.it"; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.sajanaholidays\.it$/i"; classtype:trojan-activity; sid:37773931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27064;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27064 [] Outgoing HTTP Domain omniva.sajanaholidays.it"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omniva.sajanaholidays.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.sajanaholidays\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37773932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27064;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27064 [] Outgoing URL http|3a|//beloremi.online.fr/bago"; flow:to_server,established; http.header; content:"beloremi.online.fr"; fast_pattern; nocase; http.uri; content:"/bago"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37773961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27064;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27076 [] Source Email Address: mail@server1.drevo.social"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"mail@server1.drevo.social"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27076 [] Source Email Address: vabatahtlik@lastefond.ee"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"vabatahtlik@lastefond.ee"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27076 [] Source Email Address: tutti@lastefond.ee"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"tutti@lastefond.ee"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27076 [] Source Email Address: oleg@diamantek.ee"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"oleg@diamantek.ee"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert dns any any -> any any (msg: "MISP e27076 [] Domain omniva.sajanaholidays.it"; dns.query; content:"omniva.sajanaholidays.it"; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.sajanaholidays\.it$/i"; classtype:trojan-activity; sid:37774401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27076 [] Outgoing HTTP Domain omniva.sajanaholidays.it"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omniva.sajanaholidays.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.sajanaholidays\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname emv1.ntshome.website"; dns.query; content:"emv1.ntshome.website"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.ntshome\.website$/i"; classtype:trojan-activity; sid:37763361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname emv1.ntshome.website"; flow:to_server,established; http.header; content: "Host|3a| emv1.ntshome.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.ntshome\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname emv1.ntsmail.website"; dns.query; content:"emv1.ntsmail.website"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.ntsmail\.website$/i"; classtype:trojan-activity; sid:37763371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname emv1.ntsmail.website"; flow:to_server,established; http.header; content: "Host|3a| emv1.ntsmail.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.ntsmail\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname emv1.ntsposter.website"; dns.query; content:"emv1.ntsposter.website"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.ntsposter\.website$/i"; classtype:trojan-activity; sid:37763381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname emv1.ntsposter.website"; flow:to_server,established; http.header; content: "Host|3a| emv1.ntsposter.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emv1\.ntsposter\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname lcgwihug.ntsposter.website"; dns.query; content:"lcgwihug.ntsposter.website"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcgwihug\.ntsposter\.website$/i"; classtype:trojan-activity; sid:37763391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname lcgwihug.ntsposter.website"; flow:to_server,established; http.header; content: "Host|3a| lcgwihug.ntsposter.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lcgwihug\.ntsposter\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname mta-sts.ntshome.website"; dns.query; content:"mta-sts.ntshome.website"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.ntshome\.website$/i"; classtype:trojan-activity; sid:37763401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname mta-sts.ntshome.website"; flow:to_server,established; http.header; content: "Host|3a| mta-sts.ntshome.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.ntshome\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname mta-sts.ntsinfo.website"; dns.query; content:"mta-sts.ntsinfo.website"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.ntsinfo\.website$/i"; classtype:trojan-activity; sid:37763411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname mta-sts.ntsinfo.website"; flow:to_server,established; http.header; content: "Host|3a| mta-sts.ntsinfo.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.ntsinfo\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert dns any any -> any any (msg: "MISP e27010 [] Hostname mta-sts.ntsmailer.store"; dns.query; content:"mta-sts.ntsmailer.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.ntsmailer\.store$/i"; classtype:trojan-activity; sid:37763421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27010 [] Outgoing HTTP Hostname mta-sts.ntsmailer.store"; flow:to_server,established; http.header; content: "Host|3a| mta-sts.ntsmailer.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mta\-sts\.ntsmailer\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27010;) alert ip $HOME_NET any -> 192.227.231.5 23 (msg: "MISP e27168 [] Outgoing To IP: 192.227.231.5|23"; classtype:trojan-activity; sid:37854481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 203.25.119.136 48748 (msg: "MISP e27168 [] Outgoing To IP: 203.25.119.136|48748"; classtype:trojan-activity; sid:37854491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 178.79.150.75 4444 (msg: "MISP e27168 [] Outgoing To IP: 178.79.150.75|4444"; classtype:trojan-activity; sid:37854501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 185.209.160.19 8872 (msg: "MISP e27168 [] Outgoing To IP: 185.209.160.19|8872"; classtype:trojan-activity; sid:37854511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 141.98.7.15 1915 (msg: "MISP e27168 [] Outgoing To IP: 141.98.7.15|1915"; classtype:trojan-activity; sid:37854521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 146.59.12.246 20002 (msg: "MISP e27168 [] Outgoing To IP: 146.59.12.246|20002"; classtype:trojan-activity; sid:37854531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 146.190.53.148 81 (msg: "MISP e27168 [] Outgoing To IP: 146.190.53.148|81"; classtype:trojan-activity; sid:37854541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 134.209.111.71 9999 (msg: "MISP e27168 [] Outgoing To IP: 134.209.111.71|9999"; classtype:trojan-activity; sid:37854551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 141.95.81.119 2300 (msg: "MISP e27168 [] Outgoing To IP: 141.95.81.119|2300"; classtype:trojan-activity; sid:37854561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 114.67.217.170 1312 (msg: "MISP e27168 [] Outgoing To IP: 114.67.217.170|1312"; classtype:trojan-activity; sid:37854571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 87.121.58.103 32015 (msg: "MISP e27168 [] Outgoing To IP: 87.121.58.103|32015"; classtype:trojan-activity; sid:37854581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 93.123.85.181 1337 (msg: "MISP e27168 [] Outgoing To IP: 93.123.85.181|1337"; classtype:trojan-activity; sid:37854591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 78.31.67.78 2300 (msg: "MISP e27168 [] Outgoing To IP: 78.31.67.78|2300"; classtype:trojan-activity; sid:37854601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 84.54.51.103 32015 (msg: "MISP e27168 [] Outgoing To IP: 84.54.51.103|32015"; classtype:trojan-activity; sid:37854611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 47.105.86.47 21997 (msg: "MISP e27168 [] Outgoing To IP: 47.105.86.47|21997"; classtype:trojan-activity; sid:37854621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 62.173.140.174 17900 (msg: "MISP e27168 [] Outgoing To IP: 62.173.140.174|17900"; classtype:trojan-activity; sid:37854631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 45.154.1.68 1420 (msg: "MISP e27168 [] Outgoing To IP: 45.154.1.68|1420"; classtype:trojan-activity; sid:37854641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 46.19.140.242 32465 (msg: "MISP e27168 [] Outgoing To IP: 46.19.140.242|32465"; classtype:trojan-activity; sid:37854651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 31.222.202.156 5555 (msg: "MISP e27168 [] Outgoing To IP: 31.222.202.156|5555"; classtype:trojan-activity; sid:37854661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 49.13.32.37 443 (msg: "MISP e26836 [Vidar] Outgoing To IP: 49.13.32.37|443"; classtype:trojan-activity; sid:37558701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 49.13.32.37 443 (msg: "MISP e27168 [] Outgoing To IP: 49.13.32.37|443"; classtype:trojan-activity; sid:37854681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27076 [] Source Email Address: imports@publiactiva.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"imports@publiactiva.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27076 [] Source Email Address: import@inttrans.lv"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"import@inttrans.lv"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27076 [] Source Email Address: tutti@maarjatugikeskus.ee"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"tutti@maarjatugikeskus.ee"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27065 [] Source Email Address: mcomceen@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"mcomceen@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37773971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27065;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27076 [] Source Email Address: import@forza.lv"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"import@forza.lv"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert dns any any -> any any (msg: "MISP e27076 [] Domain my-omniva.com"; dns.query; content:"my-omniva.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-omniva\.com$/i"; classtype:trojan-activity; sid:37774451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27076 [] Outgoing HTTP Domain my-omniva.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"my-omniva.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-omniva\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27076 [] Source Email Address: imports@luniglass.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"imports@luniglass.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27076 [] Source Email Address: karils.krumins@inittrans.lv"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"karils.krumins@inittrans.lv"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27066 [] Source Email Address: karils.krumins@inittrans.lv"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"karils.krumins@inittrans.lv"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27066;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27066 [] Source Email Address: imports@luniglass.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"imports@luniglass.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27066;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27066 [] Source Email Address: import@forza.lv"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"import@forza.lv"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27066;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27066 [] Source Email Address: imports@publiactiva.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"imports@publiactiva.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27066;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27066 [] Source Email Address: import@inttrans.lv"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"import@inttrans.lv"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37774031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27066;) alert dns any any -> any any (msg: "MISP e27076 [] Domain postomnivaee.info"; dns.query; content:"postomnivaee.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])postomnivaee\.info$/i"; classtype:trojan-activity; sid:37774491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27076 [] Outgoing HTTP Domain postomnivaee.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"postomnivaee.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])postomnivaee\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert dns any any -> any any (msg: "MISP e26836 [CobaltStrike,cs-watermark-1762370733,MICROSOFT-CORP-MSN-AS-BLOCK] Domain cyprusvillahomes.com"; dns.query; content:"cyprusvillahomes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cyprusvillahomes\.com$/i"; classtype:trojan-activity; sid:37558741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [CobaltStrike,cs-watermark-1762370733,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain cyprusvillahomes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cyprusvillahomes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cyprusvillahomes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37558742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 20.91.244.250 443 (msg: "MISP e26836 [CobaltStrike,cs-watermark-1762370733,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.91.244.250|443"; classtype:trojan-activity; sid:37558751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 159.65.130.146 443 (msg: "MISP e26836 [CobaltStrike,cs-watermark-987654321,DIGITALOCEAN-ASN] Outgoing To IP: 159.65.130.146|443"; classtype:trojan-activity; sid:37558771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> 78.40.116.82 $HTTP_PORTS (msg: "MISP e26836 [ALEXHOST,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//78.40.116.82/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"78.40.116.82"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37558781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 38.180.71.140 443 (msg: "MISP e26836 [CobaltStrike,cs-watermark-987654321,SCALAXY-AS] Outgoing To IP: 38.180.71.140|443"; classtype:trojan-activity; sid:37558801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> 78.40.116.82 $HTTP_PORTS (msg: "MISP e27168 [] Outgoing URL http|3a|//78.40.116.82/IE9CompatViewList.xml"; flow:to_server,established; http.header; content:"78.40.116.82"; fast_pattern; nocase; http.uri; content:"/IE9CompatViewList.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37854701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27168 [] Domain cyprusvillahomes.com"; dns.query; content:"cyprusvillahomes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cyprusvillahomes\.com$/i"; classtype:trojan-activity; sid:37854721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain cyprusvillahomes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cyprusvillahomes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cyprusvillahomes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 38.180.71.140 443 (msg: "MISP e27168 [] Outgoing To IP: 38.180.71.140|443"; classtype:trojan-activity; sid:37854741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 159.65.130.146 443 (msg: "MISP e27168 [] Outgoing To IP: 159.65.130.146|443"; classtype:trojan-activity; sid:37854751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 20.91.244.250 443 (msg: "MISP e27168 [] Outgoing To IP: 20.91.244.250|443"; classtype:trojan-activity; sid:37854761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27076 [] Domain safe.builderfixring.com"; dns.query; content:"safe.builderfixring.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])safe\.builderfixring\.com$/i"; classtype:trojan-activity; sid:37774531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27076 [] Outgoing HTTP Domain safe.builderfixring.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"safe.builderfixring.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])safe\.builderfixring\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27076;) alert ip $HOME_NET any -> 193.233.132.89 50500 (msg: "MISP e26836 [RiseProStealer] Outgoing To IP: 193.233.132.89|50500"; classtype:trojan-activity; sid:37558821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 45.11.93.150 8964 (msg: "MISP e26836 [c2,moobot] Outgoing To IP: 45.11.93.150|8964"; classtype:trojan-activity; sid:37558711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 193.23.55.21 56789 (msg: "MISP e26836 [c2,moobot] Outgoing To IP: 193.23.55.21|56789"; classtype:trojan-activity; sid:37558721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 756568443.postlu.lat"; dns.query; content:"756568443.postlu.lat"; nocase; pcre: "/(^|[^A-Za-z0-9-])756568443\.postlu\.lat$/i"; classtype:trojan-activity; sid:37766211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 756568443.postlu.lat"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"756568443.postlu.lat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])756568443\.postlu\.lat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 45.11.93.150 8964 (msg: "MISP e27168 [] Outgoing To IP: 45.11.93.150|8964"; classtype:trojan-activity; sid:37854791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 193.23.55.21 56789 (msg: "MISP e27168 [] Outgoing To IP: 193.23.55.21|56789"; classtype:trojan-activity; sid:37854801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 193.233.132.89 50500 (msg: "MISP e27168 [] Outgoing To IP: 193.233.132.89|50500"; classtype:trojan-activity; sid:37854811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27027 [] Domain giottosas.it"; dns.query; content:"giottosas.it"; nocase; pcre: "/(^|[^A-Za-z0-9-])giottosas\.it$/i"; classtype:trojan-activity; sid:37766981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27027;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27027 [] Outgoing HTTP Domain giottosas.it"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"giottosas.it"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])giottosas\.it[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27027;) alert ip $HOME_NET any -> 86.107.32.25 any (msg: "MISP e27027 [] Outgoing To IP: 86.107.32.25"; classtype:trojan-activity; sid:37766983; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27027;) alert ip 86.107.32.25 any -> $HOME_NET any (msg: "MISP e27027 [] Incoming From IP: 86.107.32.25"; classtype:trojan-activity; sid:37766984; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27027;) alert dns any any -> any any (msg: "MISP e27027 [] Hostname mail.knoow.net"; dns.query; content:"mail.knoow.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.knoow\.net$/i"; classtype:trojan-activity; sid:37766991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27027;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27027 [] Outgoing HTTP Hostname mail.knoow.net"; flow:to_server,established; http.header; content: "Host|3a| mail.knoow.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.knoow\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27027;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27027 [] Destination Email Address: neo2@knoow.net"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"neo2@knoow.net"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37767011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27027;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27027 [] Source Email Address: neo@knoow.net"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"neo@knoow.net"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37767001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27027;) alert dns any any -> any any (msg: "MISP e27017 [] Domain mail.knoow.net"; dns.query; content:"mail.knoow.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.knoow\.net$/i"; classtype:trojan-activity; sid:37764821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27017;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27017 [] Outgoing HTTP Domain mail.knoow.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.knoow.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.knoow\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37764822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27017;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27017 [] Source Email Address: neo@knoow.net"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"neo@knoow.net"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37764831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27017;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27017 [] Destination Email Address: neo2@knoow.net"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"neo2@knoow.net"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37764841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27017;) alert ip $HOME_NET any -> 185.209.162.106 80 (msg: "MISP e26836 [infostealer,RedLine,stealer] Outgoing To IP: 185.209.162.106|80"; classtype:trojan-activity; sid:37558841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [infostealer,RedLine,stealer] Domain mezla.site"; dns.query; content:"mezla.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])mezla\.site$/i"; classtype:trojan-activity; sid:37558851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [infostealer,RedLine,stealer] Outgoing HTTP Domain mezla.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mezla.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mezla\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37558852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e27168 [] Domain mezla.site"; dns.query; content:"mezla.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])mezla\.site$/i"; classtype:trojan-activity; sid:37854821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain mezla.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mezla.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mezla\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 185.209.162.106 80 (msg: "MISP e27168 [] Outgoing To IP: 185.209.162.106|80"; classtype:trojan-activity; sid:37854831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e26836 [Latrodectus] Domain sluitionsbad.tech"; dns.query; content:"sluitionsbad.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-])sluitionsbad\.tech$/i"; classtype:trojan-activity; sid:37558871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [Latrodectus] Outgoing HTTP Domain sluitionsbad.tech"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sluitionsbad.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sluitionsbad\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37558872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e27168 [] Domain sluitionsbad.tech"; dns.query; content:"sluitionsbad.tech"; nocase; pcre: "/(^|[^A-Za-z0-9-])sluitionsbad\.tech$/i"; classtype:trojan-activity; sid:37854841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain sluitionsbad.tech"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sluitionsbad.tech"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sluitionsbad\.tech[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 193.233.132.89 8081 (msg: "MISP e26836 [Risepro,ViriBack] Outgoing To IP: 193.233.132.89|8081"; classtype:trojan-activity; sid:37558881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26828 [] Domain consuecsmfuir.com"; dns.query; content:"consuecsmfuir.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])consuecsmfuir\.com$/i"; classtype:trojan-activity; sid:37557401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26828;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26828 [] Outgoing HTTP Domain consuecsmfuir.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consuecsmfuir.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consuecsmfuir\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37557402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26828;) alert dns any any -> any any (msg: "MISP e26829 [] Domain www-mitarjetacencosud-cl.awadgallery.co.uk"; dns.query; content:"www-mitarjetacencosud-cl.awadgallery.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-mitarjetacencosud\-cl\.awadgallery\.co\.uk$/i"; classtype:trojan-activity; sid:37557491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26829;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26829 [] Outgoing HTTP Domain www-mitarjetacencosud-cl.awadgallery.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www-mitarjetacencosud-cl.awadgallery.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-mitarjetacencosud\-cl\.awadgallery\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37557492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26829;) alert ip $HOME_NET any -> 5.181.80.195 4258 (msg: "MISP e26836 [Gafgyt] Outgoing To IP: 5.181.80.195|4258"; classtype:trojan-activity; sid:37558891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 193.233.132.89 8081 (msg: "MISP e27168 [] Outgoing To IP: 193.233.132.89|8081"; classtype:trojan-activity; sid:37854861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> 47.92.146.233 1234 (msg: "MISP e26836 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.92.146.233|3a|1234/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"47.92.146.233"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37558901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> 39.106.26.184 8088 (msg: "MISP e26836 [CobaltStrike,cs-watermark-426352781,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//39.106.26.184|3a|8088/dot.gif"; flow:to_server,established; http.header; content:"39.106.26.184"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37558911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 192.229.211.108 any (msg: "MISP e26937 [] Outgoing To IP: 192.229.211.108"; classtype:trojan-activity; sid:37724331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26937;) alert http $HOME_NET any -> 39.106.26.184 8088 (msg: "MISP e27168 [] Outgoing URL http|3a|//39.106.26.184|3a|8088/dot.gif"; flow:to_server,established; http.header; content:"39.106.26.184"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37854871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> 47.92.146.233 1234 (msg: "MISP e27168 [] Outgoing URL http|3a|//47.92.146.233|3a|1234/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"47.92.146.233"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37854881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 5.181.80.195 4258 (msg: "MISP e27168 [] Outgoing To IP: 5.181.80.195|4258"; classtype:trojan-activity; sid:37854891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27069 [] Domain dpd.id646801.com"; dns.query; content:"dpd.id646801.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dpd\.id646801\.com$/i"; classtype:trojan-activity; sid:37774111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27069;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27069 [] Outgoing HTTP Domain dpd.id646801.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dpd.id646801.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dpd\.id646801\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27069;) alert dns any any -> any any (msg: "MISP e27070 [] Domain dpd.id646801.com"; dns.query; content:"dpd.id646801.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dpd\.id646801\.com$/i"; classtype:trojan-activity; sid:37774141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27070;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27070 [] Outgoing HTTP Domain dpd.id646801.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dpd.id646801.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dpd\.id646801\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27070;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26836 [dcrat] Outgoing URL http|3a|//113754cm.nyashtech.top/externalsecuredlecentral.php"; flow:to_server,established; http.header; content:"113754cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/externalsecuredlecentral.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37558921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27168 [] Outgoing URL http|3a|//113754cm.nyashtech.top/externalSecureDleCentral.php"; flow:to_server,established; http.header; content:"113754cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/externalSecureDleCentral.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37854901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26830 [] Source Email Address: sandra.alcayaga@avalon.com.co"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"sandra.alcayaga@avalon.com.co"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37557611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26830;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26830 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"solicitud de cotizaci|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37557631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26830;) alert ip 192.227.252.86 any -> $HOME_NET any (msg: "MISP e26830 [] Incoming From IP: 192.227.252.86"; classtype:trojan-activity; sid:37557641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26830;) alert dns any any -> any any (msg: "MISP e26830 [] Domain 192-227-252-86-host.colocrossing.com"; dns.query; content:"192-227-252-86-host.colocrossing.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])192\-227\-252\-86\-host\.colocrossing\.com$/i"; classtype:trojan-activity; sid:37557651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26830;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26830 [] Outgoing HTTP Domain 192-227-252-86-host.colocrossing.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"192-227-252-86-host.colocrossing.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])192\-227\-252\-86\-host\.colocrossing\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37557652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26830;) alert dns any any -> any any (msg: "MISP e26836 [CobaltStrike,cs-watermark-485872468,The Constant Company LLC] Domain rd.|30 78|3f34.dev"; dns.query; content:"rd.|30 78|3f34.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])rd\.\|30 78\|3f34\.dev$/i"; classtype:trojan-activity; sid:37559001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [CobaltStrike,cs-watermark-485872468,The Constant Company LLC] Outgoing HTTP Domain rd.|30 78|3f34.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rd.|30 78|3f34.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rd\.\|30 78\|3f34\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [CobaltStrike,cs-watermark-485872468,The Constant Company LLC] Domain rd.|30 78|115c.click"; dns.query; content:"rd.|30 78|115c.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])rd\.\|30 78\|115c\.click$/i"; classtype:trojan-activity; sid:37559011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [CobaltStrike,cs-watermark-485872468,The Constant Company LLC] Outgoing HTTP Domain rd.|30 78|115c.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rd.|30 78|115c.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rd\.\|30 78\|115c\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 45.76.123.14 53 (msg: "MISP e26836 [CobaltStrike,cs-watermark-485872468,The Constant Company LLC] Outgoing To IP: 45.76.123.14|53"; classtype:trojan-activity; sid:37559021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> 178.20.43.58 $HTTP_PORTS (msg: "MISP e26836 [recordbreaker] Outgoing URL http|3a|//178.20.43.58/"; flow:to_server,established; http.header; content:"178.20.43.58"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37559031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [CobaltStrike,cs-watermark-1878854471,DigitalOcean LLC] Domain ns1.ftoffice.com"; dns.query; content:"ns1.ftoffice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.ftoffice\.com$/i"; classtype:trojan-activity; sid:37559041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [CobaltStrike,cs-watermark-1878854471,DigitalOcean LLC] Outgoing HTTP Domain ns1.ftoffice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.ftoffice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.ftoffice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 46.101.147.204 53 (msg: "MISP e26836 [CobaltStrike,cs-watermark-1878854471,DigitalOcean LLC] Outgoing To IP: 46.101.147.204|53"; classtype:trojan-activity; sid:37559051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [AMAZON-02,CobaltStrike,cs-watermark-1525128883] Domain dns.byresolved.com"; dns.query; content:"dns.byresolved.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.byresolved\.com$/i"; classtype:trojan-activity; sid:37559061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [AMAZON-02,CobaltStrike,cs-watermark-1525128883] Outgoing HTTP Domain dns.byresolved.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.byresolved.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.byresolved\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 18.219.198.202 53 (msg: "MISP e26836 [AMAZON-02,CobaltStrike,cs-watermark-1525128883] Outgoing To IP: 18.219.198.202|53"; classtype:trojan-activity; sid:37559071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [CobaltStrike,cs-watermark-1414618523,MICROSOFT-CORP-MSN-AS-BLOCK] Domain eu.webmailservice.at"; dns.query; content:"eu.webmailservice.at"; nocase; pcre: "/(^|[^A-Za-z0-9-])eu\.webmailservice\.at$/i"; classtype:trojan-activity; sid:37559081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [CobaltStrike,cs-watermark-1414618523,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain eu.webmailservice.at"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eu.webmailservice.at"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eu\.webmailservice\.at[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 20.170.19.248 53 (msg: "MISP e26836 [CobaltStrike,cs-watermark-1414618523,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.170.19.248|53"; classtype:trojan-activity; sid:37559091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26831 [] Source Email Address: administraciongdl@naccisa.com.mx"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"administraciongdl@naccisa.com.mx"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37557771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26831;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26831 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"comprobante_swift0000099.xla|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37557791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26831;) alert ip 173.0.130.78 any -> $HOME_NET any (msg: "MISP e26831 [] Incoming From IP: 173.0.130.78"; classtype:trojan-activity; sid:37557801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26831;) alert dns any any -> any any (msg: "MISP e26831 [] Domain os1.myhsphere.biz"; dns.query; content:"os1.myhsphere.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-])os1\.myhsphere\.biz$/i"; classtype:trojan-activity; sid:37557811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26831;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26831 [] Outgoing HTTP Domain os1.myhsphere.biz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"os1.myhsphere.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])os1\.myhsphere\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37557812; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26831;) alert dns any any -> any any (msg: "MISP e27168 [] Domain eu.webmailservice.at"; dns.query; content:"eu.webmailservice.at"; nocase; pcre: "/(^|[^A-Za-z0-9-])eu\.webmailservice\.at$/i"; classtype:trojan-activity; sid:37854931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain eu.webmailservice.at"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eu.webmailservice.at"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eu\.webmailservice\.at[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27168 [] Domain dns.byresolved.com"; dns.query; content:"dns.byresolved.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.byresolved\.com$/i"; classtype:trojan-activity; sid:37854941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain dns.byresolved.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.byresolved.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.byresolved\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27168 [] Domain ns1.ftoffice.com"; dns.query; content:"ns1.ftoffice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.ftoffice\.com$/i"; classtype:trojan-activity; sid:37854951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain ns1.ftoffice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.ftoffice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.ftoffice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> 178.20.43.58 $HTTP_PORTS (msg: "MISP e27168 [] Outgoing URL http|3a|//178.20.43.58/"; flow:to_server,established; http.header; content:"178.20.43.58"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37854961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27168 [] Domain rd.|30 78|3f34.dev"; dns.query; content:"rd.|30 78|3f34.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])rd\.\|30 78\|3f34\.dev$/i"; classtype:trojan-activity; sid:37854971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain rd.|30 78|3f34.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rd.|30 78|3f34.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rd\.\|30 78\|3f34\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27168 [] Domain rd.|30 78|115c.click"; dns.query; content:"rd.|30 78|115c.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])rd\.\|30 78\|115c\.click$/i"; classtype:trojan-activity; sid:37854981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain rd.|30 78|115c.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rd.|30 78|115c.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rd\.\|30 78\|115c\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 20.170.19.248 53 (msg: "MISP e27168 [] Outgoing To IP: 20.170.19.248|53"; classtype:trojan-activity; sid:37854991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 18.219.198.202 53 (msg: "MISP e27168 [] Outgoing To IP: 18.219.198.202|53"; classtype:trojan-activity; sid:37855001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 46.101.147.204 53 (msg: "MISP e27168 [] Outgoing To IP: 46.101.147.204|53"; classtype:trojan-activity; sid:37855011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 45.76.123.14 53 (msg: "MISP e27168 [] Outgoing To IP: 45.76.123.14|53"; classtype:trojan-activity; sid:37855021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e26836 [RAT,RemcosRAT] Domain jnchina.ydns.eu"; dns.query; content:"jnchina.ydns.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])jnchina\.ydns\.eu$/i"; classtype:trojan-activity; sid:37559101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [RAT,RemcosRAT] Outgoing HTTP Domain jnchina.ydns.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jnchina.ydns.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jnchina\.ydns\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 23.106.121.133 1177 (msg: "MISP e26836 [RAT,RemcosRAT] Outgoing To IP: 23.106.121.133|1177"; classtype:trojan-activity; sid:37559111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e27168 [] Domain jnchina.ydns.eu"; dns.query; content:"jnchina.ydns.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])jnchina\.ydns\.eu$/i"; classtype:trojan-activity; sid:37855031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain jnchina.ydns.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jnchina.ydns.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jnchina\.ydns\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37855032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 23.106.121.133 1177 (msg: "MISP e27168 [] Outgoing To IP: 23.106.121.133|1177"; classtype:trojan-activity; sid:37855041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip 1.20.157.67 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.20.157.67"; classtype:trojan-activity; sid:37750241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 101.109.178.41 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.109.178.41"; classtype:trojan-activity; sid:37750251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 104.203.242.76 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.203.242.76"; classtype:trojan-activity; sid:37750261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 103.144.121.46 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.144.121.46"; classtype:trojan-activity; sid:37750271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 106.57.197.193 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.57.197.193"; classtype:trojan-activity; sid:37750281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 106.116.1.182 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.116.1.182"; classtype:trojan-activity; sid:37750291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 111.185.163.101 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.185.163.101"; classtype:trojan-activity; sid:37750301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 109.149.65.180 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.149.65.180"; classtype:trojan-activity; sid:37750311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 112.239.123.156 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.239.123.156"; classtype:trojan-activity; sid:37750321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 112.113.109.144 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.113.109.144"; classtype:trojan-activity; sid:37750331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 113.221.73.35 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.221.73.35"; classtype:trojan-activity; sid:37750341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 113.111.3.174 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.111.3.174"; classtype:trojan-activity; sid:37750351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 117.199.207.173 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.199.207.173"; classtype:trojan-activity; sid:37750361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 116.74.30.200 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.74.30.200"; classtype:trojan-activity; sid:37750371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 117.209.77.99 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.209.77.99"; classtype:trojan-activity; sid:37750381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 117.201.123.123 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.201.123.123"; classtype:trojan-activity; sid:37750391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 117.212.62.254 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.212.62.254"; classtype:trojan-activity; sid:37750401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 121.227.117.67 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.227.117.67"; classtype:trojan-activity; sid:37750411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 122.96.31.136 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.96.31.136"; classtype:trojan-activity; sid:37750421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 122.116.183.88 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.116.183.88"; classtype:trojan-activity; sid:37750431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 123.166.132.247 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.166.132.247"; classtype:trojan-activity; sid:37750441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 125.126.40.249 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.126.40.249"; classtype:trojan-activity; sid:37750451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 144.62.234.121 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.62.234.121"; classtype:trojan-activity; sid:37750461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 152.240.133.25 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.240.133.25"; classtype:trojan-activity; sid:37750471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 161.216.43.53 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.216.43.53"; classtype:trojan-activity; sid:37750481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 162.243.135.9 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.135.9"; classtype:trojan-activity; sid:37750491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 169.0.129.39 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 169.0.129.39"; classtype:trojan-activity; sid:37750501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 171.80.52.149 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.80.52.149"; classtype:trojan-activity; sid:37750511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 182.246.237.113 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.246.237.113"; classtype:trojan-activity; sid:37750521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 180.119.177.121 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.119.177.121"; classtype:trojan-activity; sid:37750531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 183.130.33.229 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.130.33.229"; classtype:trojan-activity; sid:37750541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 217.211.82.169 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.211.82.169"; classtype:trojan-activity; sid:37750551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 202.189.199.69 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.189.199.69"; classtype:trojan-activity; sid:37750561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 181.47.12.70 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.47.12.70"; classtype:trojan-activity; sid:37750571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 220.132.145.22 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.132.145.22"; classtype:trojan-activity; sid:37750581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 2.84.167.107 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.84.167.107"; classtype:trojan-activity; sid:37750591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 221.151.38.102 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.151.38.102"; classtype:trojan-activity; sid:37750601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 190.103.64.162 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.103.64.162"; classtype:trojan-activity; sid:37750611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 223.13.192.156 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.13.192.156"; classtype:trojan-activity; sid:37750621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 187.45.17.182 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.45.17.182"; classtype:trojan-activity; sid:37750631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 107.172.62.104 any -> $HOME_NET any (msg: "MISP e26970 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.62.104"; classtype:trojan-activity; sid:37750821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26970;) alert ip 116.203.197.123 any -> $HOME_NET any (msg: "MISP e26970 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.203.197.123"; classtype:trojan-activity; sid:37750831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26970;) alert ip 150.109.18.58 any -> $HOME_NET any (msg: "MISP e26970 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.18.58"; classtype:trojan-activity; sid:37750841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26970;) alert ip 89.39.253.198 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.39.253.198"; classtype:trojan-activity; sid:37750641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 85.105.235.70 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.105.235.70"; classtype:trojan-activity; sid:37750651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 59.126.98.151 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.126.98.151"; classtype:trojan-activity; sid:37750661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 59.99.66.23 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.99.66.23"; classtype:trojan-activity; sid:37750671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 49.143.62.33 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.143.62.33"; classtype:trojan-activity; sid:37750681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 36.2.144.10 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.2.144.10"; classtype:trojan-activity; sid:37750691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 81.227.17.227 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.227.17.227"; classtype:trojan-activity; sid:37750701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 72.180.173.69 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.180.173.69"; classtype:trojan-activity; sid:37750711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 61.184.69.126 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.184.69.126"; classtype:trojan-activity; sid:37750721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 194.33.45.105 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.45.105"; classtype:trojan-activity; sid:37750941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 89.134.255.74 any -> $HOME_NET any (msg: "MISP e26970 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.134.255.74"; classtype:trojan-activity; sid:37750851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26970;) alert ip 146.70.186.118 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.118"; classtype:trojan-activity; sid:37750951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 192.241.218.12 any -> $HOME_NET any (msg: "MISP e26972 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.218.12"; classtype:trojan-activity; sid:37751181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26972;) alert ip 39.130.142.71 any -> $HOME_NET any (msg: "MISP e26970 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.130.142.71"; classtype:trojan-activity; sid:37750861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26970;) alert ip 138.199.40.180 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.199.40.180"; classtype:trojan-activity; sid:37750961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 34.126.187.228 any -> $HOME_NET any (msg: "MISP e26972 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.126.187.228"; classtype:trojan-activity; sid:37751191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26972;) alert ip 87.236.176.94 any -> $HOME_NET any (msg: "MISP e26972 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.94"; classtype:trojan-activity; sid:37751201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26972;) alert ip 2.57.149.92 any -> $HOME_NET any (msg: "MISP e26972 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.57.149.92"; classtype:trojan-activity; sid:37751211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26972;) alert ip 198.199.106.114 any -> $HOME_NET any (msg: "MISP e26973 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.106.114"; classtype:trojan-activity; sid:37751261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26973;) alert ip 149.102.252.11 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.102.252.11"; classtype:trojan-activity; sid:37750971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 167.86.101.35 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.86.101.35"; classtype:trojan-activity; sid:37750981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 146.70.186.158 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.158"; classtype:trojan-activity; sid:37750991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 84.17.35.74 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.74"; classtype:trojan-activity; sid:37751001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 84.17.35.82 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.82"; classtype:trojan-activity; sid:37751011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 91.246.58.179 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.246.58.179"; classtype:trojan-activity; sid:37751021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 37.46.115.29 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.46.115.29"; classtype:trojan-activity; sid:37751031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 89.187.178.104 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.187.178.104"; classtype:trojan-activity; sid:37751041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 182.34.151.163 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.34.151.163"; classtype:trojan-activity; sid:37750731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 175.146.222.152 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.146.222.152"; classtype:trojan-activity; sid:37750741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 175.10.227.83 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.10.227.83"; classtype:trojan-activity; sid:37750751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 181.17.179.106 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.17.179.106"; classtype:trojan-activity; sid:37750761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 206.0.185.146 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.0.185.146"; classtype:trojan-activity; sid:37750771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 218.91.24.33 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.91.24.33"; classtype:trojan-activity; sid:37750781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 200.69.52.30 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.69.52.30"; classtype:trojan-activity; sid:37750791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 182.181.162.123 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.181.162.123"; classtype:trojan-activity; sid:37750801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 176.114.212.242 any -> $HOME_NET any (msg: "MISP e26969 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.114.212.242"; classtype:trojan-activity; sid:37750811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26969;) alert ip 78.24.205.142 any -> $HOME_NET any (msg: "MISP e26972 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.24.205.142"; classtype:trojan-activity; sid:37751221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26972;) alert ip 103.154.184.109 any -> $HOME_NET any (msg: "MISP e26970 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 103.154.184.109"; classtype:trojan-activity; sid:37750881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26970;) alert ip 43.131.35.5 any -> $HOME_NET any (msg: "MISP e26970 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 43.131.35.5"; classtype:trojan-activity; sid:37750891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26970;) alert ip 205.210.31.205 any -> $HOME_NET any (msg: "MISP e26972 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.205"; classtype:trojan-activity; sid:37751231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26972;) alert ip 129.226.212.210 any -> $HOME_NET any (msg: "MISP e26970 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 129.226.212.210"; classtype:trojan-activity; sid:37750901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26970;) alert ip 198.199.114.62 any -> $HOME_NET any (msg: "MISP e26972 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.114.62"; classtype:trojan-activity; sid:37751241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26972;) alert ip 162.243.137.10 any -> $HOME_NET any (msg: "MISP e26970 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 162.243.137.10"; classtype:trojan-activity; sid:37750911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26970;) alert ip 113.108.217.9 any -> $HOME_NET any (msg: "MISP e26970 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.108.217.9"; classtype:trojan-activity; sid:37750921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26970;) alert ip 198.235.24.33 any -> $HOME_NET any (msg: "MISP e26970 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.33"; classtype:trojan-activity; sid:37750931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26970;) alert ip 170.64.130.197 any -> $HOME_NET any (msg: "MISP e26972 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.130.197"; classtype:trojan-activity; sid:37751251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26972;) alert ip 89.187.177.121 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.187.177.121"; classtype:trojan-activity; sid:37751051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 146.70.186.190 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.190"; classtype:trojan-activity; sid:37751061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 138.199.40.163 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.199.40.163"; classtype:trojan-activity; sid:37751071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 146.70.186.148 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.148"; classtype:trojan-activity; sid:37751081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 178.91.13.158 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.91.13.158"; classtype:trojan-activity; sid:37751091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 138.199.40.185 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.199.40.185"; classtype:trojan-activity; sid:37751101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 194.33.45.75 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.45.75"; classtype:trojan-activity; sid:37751111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 84.17.35.79 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.79"; classtype:trojan-activity; sid:37751121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 84.17.35.67 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.67"; classtype:trojan-activity; sid:37751131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 149.102.252.48 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.102.252.48"; classtype:trojan-activity; sid:37751141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 194.33.45.113 any -> $HOME_NET any (msg: "MISP e26971 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.45.113"; classtype:trojan-activity; sid:37751151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 194.33.45.89 any -> $HOME_NET any (msg: "MISP e26971 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 194.33.45.89"; classtype:trojan-activity; sid:37751161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 45.148.120.221 any -> $HOME_NET any (msg: "MISP e26973 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.148.120.221"; classtype:trojan-activity; sid:37751271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26973;) alert ip 91.246.58.171 any -> $HOME_NET any (msg: "MISP e26971 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 91.246.58.171"; classtype:trojan-activity; sid:37751171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26971;) alert ip 107.170.255.12 any -> $HOME_NET any (msg: "MISP e26973 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.255.12"; classtype:trojan-activity; sid:37751281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26973;) alert ip $HOME_NET any -> 3.124.142.205 12607 (msg: "MISP e26836 [njrat,RAT] Outgoing To IP: 3.124.142.205|12607"; classtype:trojan-activity; sid:37559161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [njrat,RAT] Domain cut-britney.gl.at.ply.gg"; dns.query; content:"cut-britney.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])cut\-britney\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37559151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [njrat,RAT] Outgoing HTTP Domain cut-britney.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cut-britney.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cut\-britney\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 3.125.209.94 12607 (msg: "MISP e26836 [njrat,RAT] Outgoing To IP: 3.125.209.94|12607"; classtype:trojan-activity; sid:37559141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 147.185.221.16 38277 (msg: "MISP e26836 [njrat,RAT] Outgoing To IP: 147.185.221.16|38277"; classtype:trojan-activity; sid:37559131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 3.125.102.39 12607 (msg: "MISP e26836 [njrat,RAT] Outgoing To IP: 3.125.102.39|12607"; classtype:trojan-activity; sid:37559121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26832 [] Domain cuentapro-banestado.pages.dev"; dns.query; content:"cuentapro-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentapro\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37557831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26832;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26832 [] Outgoing HTTP Domain cuentapro-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cuentapro-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentapro\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37557832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26832;) alert dns any any -> any any (msg: "MISP e26923 [] Domain hanagram.jp"; dns.query; content:"hanagram.jp"; nocase; pcre: "/(^|[^A-Za-z0-9-])hanagram\.jp$/i"; classtype:trojan-activity; sid:37722291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26923 [] Outgoing HTTP Domain hanagram.jp"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hanagram.jp"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hanagram\.jp[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722292; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert dns any any -> any any (msg: "MISP e26923 [] Domain thefinetreats.com"; dns.query; content:"thefinetreats.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thefinetreats\.com$/i"; classtype:trojan-activity; sid:37722301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26923 [] Outgoing HTTP Domain thefinetreats.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thefinetreats.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thefinetreats\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722302; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert dns any any -> any any (msg: "MISP e26923 [] Domain caduff-sa.ch"; dns.query; content:"caduff-sa.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-])caduff\-sa\.ch$/i"; classtype:trojan-activity; sid:37722311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26923 [] Outgoing HTTP Domain caduff-sa.ch"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caduff-sa.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caduff\-sa\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722312; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert dns any any -> any any (msg: "MISP e26923 [] Domain jeepcarlease.com"; dns.query; content:"jeepcarlease.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jeepcarlease\.com$/i"; classtype:trojan-activity; sid:37722321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26923 [] Outgoing HTTP Domain jeepcarlease.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jeepcarlease.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jeepcarlease\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722322; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert dns any any -> any any (msg: "MISP e26923 [] Domain buy-new-car.com"; dns.query; content:"buy-new-car.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])buy\-new\-car\.com$/i"; classtype:trojan-activity; sid:37722331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26923 [] Outgoing HTTP Domain buy-new-car.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"buy-new-car.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])buy\-new\-car\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722332; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert dns any any -> any any (msg: "MISP e26923 [] Domain carleasingguru.com"; dns.query; content:"carleasingguru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])carleasingguru\.com$/i"; classtype:trojan-activity; sid:37722341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26923 [] Outgoing HTTP Domain carleasingguru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"carleasingguru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])carleasingguru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722342; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26923;) alert dns any any -> any any (msg: "MISP e27168 [] Domain cut-britney.gl.at.ply.gg"; dns.query; content:"cut-britney.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])cut\-britney\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37855051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain cut-britney.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cut-britney.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cut\-britney\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37855052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 3.125.102.39 12607 (msg: "MISP e27168 [] Outgoing To IP: 3.125.102.39|12607"; classtype:trojan-activity; sid:37855061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 147.185.221.16 38277 (msg: "MISP e27168 [] Outgoing To IP: 147.185.221.16|38277"; classtype:trojan-activity; sid:37855071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 3.125.209.94 12607 (msg: "MISP e27168 [] Outgoing To IP: 3.125.209.94|12607"; classtype:trojan-activity; sid:37855081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 3.124.142.205 12607 (msg: "MISP e27168 [] Outgoing To IP: 3.124.142.205|12607"; classtype:trojan-activity; sid:37855091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip 18.142.163.73 any -> $HOME_NET any (msg: "MISP e26924 [] Incoming From IP: 18.142.163.73"; classtype:trojan-activity; sid:37722361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain bgt6.xyz"; dns.query; content:"bgt6.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])bgt6\.xyz$/i"; classtype:trojan-activity; sid:37722371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain bgt6.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bgt6.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bgt6\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722372; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain bv8k.xyz"; dns.query; content:"bv8k.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])bv8k\.xyz$/i"; classtype:trojan-activity; sid:37722381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain bv8k.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bv8k.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bv8k\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722382; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain gt6ss.xyz"; dns.query; content:"gt6ss.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])gt6ss\.xyz$/i"; classtype:trojan-activity; sid:37722391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain gt6ss.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gt6ss.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gt6ss\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722392; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain hds6y.cc"; dns.query; content:"hds6y.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])hds6y\.cc$/i"; classtype:trojan-activity; sid:37722401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain hds6y.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hds6y.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hds6y\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722402; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain hzc5.xyz"; dns.query; content:"hzc5.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hzc5\.xyz$/i"; classtype:trojan-activity; sid:37722411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain hzc5.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hzc5.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hzc5\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722412; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain ks8cb.cc"; dns.query; content:"ks8cb.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])ks8cb\.cc$/i"; classtype:trojan-activity; sid:37722421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain ks8cb.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ks8cb.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ks8cb\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722422; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain ms2ve.cc"; dns.query; content:"ms2ve.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])ms2ve\.cc$/i"; classtype:trojan-activity; sid:37722431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain ms2ve.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ms2ve.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ms2ve\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722432; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain msc4.xyz"; dns.query; content:"msc4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])msc4\.xyz$/i"; classtype:trojan-activity; sid:37722441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain msc4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"msc4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])msc4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain qskm.xyz"; dns.query; content:"qskm.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])qskm\.xyz$/i"; classtype:trojan-activity; sid:37722451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain qskm.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qskm.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qskm\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722452; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain r6go.xyz"; dns.query; content:"r6go.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])r6go\.xyz$/i"; classtype:trojan-activity; sid:37722461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain r6go.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"r6go.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])r6go\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722462; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain smgeo.cc"; dns.query; content:"smgeo.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])smgeo\.cc$/i"; classtype:trojan-activity; sid:37722471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain smgeo.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smgeo.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smgeo\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain t8bc.xyz"; dns.query; content:"t8bc.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])t8bc\.xyz$/i"; classtype:trojan-activity; sid:37722481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain t8bc.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"t8bc.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])t8bc\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722482; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain tp7s.xyz"; dns.query; content:"tp7s.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])tp7s\.xyz$/i"; classtype:trojan-activity; sid:37722491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain tp7s.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tp7s.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tp7s\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722492; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain vki9.xyz"; dns.query; content:"vki9.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])vki9\.xyz$/i"; classtype:trojan-activity; sid:37722501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain vki9.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vki9.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vki9\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722502; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain wbke.cc"; dns.query; content:"wbke.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])wbke\.cc$/i"; classtype:trojan-activity; sid:37722511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain wbke.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wbke.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wbke\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain wsy6.xyz"; dns.query; content:"wsy6.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])wsy6\.xyz$/i"; classtype:trojan-activity; sid:37722521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain wsy6.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wsy6.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wsy6\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722522; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain wts3.xyz"; dns.query; content:"wts3.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])wts3\.xyz$/i"; classtype:trojan-activity; sid:37722531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain wts3.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wts3.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wts3\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722532; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain zu7kt.cc"; dns.query; content:"zu7kt.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])zu7kt\.cc$/i"; classtype:trojan-activity; sid:37722541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain zu7kt.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zu7kt.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zu7kt\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722542; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert dns any any -> any any (msg: "MISP e26924 [] Domain www.dg1e.com"; dns.query; content:"www.dg1e.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.dg1e\.com$/i"; classtype:trojan-activity; sid:37722551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26924 [] Outgoing HTTP Domain www.dg1e.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.dg1e.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.dg1e\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722552; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert http $HOME_NET any -> 18.142.163.73 1935 (msg: "MISP e26924 [] Outgoing URL http|3a|//18.142.163.73|3a|1935/live/"; flow:to_server,established; http.header; content:"18.142.163.73"; fast_pattern; nocase; http.uri; content:"/live/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37722561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26924;) alert ip $HOME_NET any -> 3.125.209.94 12044 (msg: "MISP e26836 [njrat,RAT] Outgoing To IP: 3.125.209.94|12044"; classtype:trojan-activity; sid:37559211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 3.125.102.39 12044 (msg: "MISP e26836 [njrat,RAT] Outgoing To IP: 3.125.102.39|12044"; classtype:trojan-activity; sid:37559201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 18.192.31.165 12044 (msg: "MISP e26836 [njrat,RAT] Outgoing To IP: 18.192.31.165|12044"; classtype:trojan-activity; sid:37559191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 3.125.223.134 12044 (msg: "MISP e26836 [njrat,RAT] Outgoing To IP: 3.125.223.134|12044"; classtype:trojan-activity; sid:37559181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 18.158.249.75 12044 (msg: "MISP e26836 [njrat,RAT] Outgoing To IP: 18.158.249.75|12044"; classtype:trojan-activity; sid:37559171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip 38.180.2.23 any -> $HOME_NET any (msg: "MISP e26925 [] Incoming From IP: 38.180.2.23"; classtype:trojan-activity; sid:37722681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert ip 38.180.3.57 any -> $HOME_NET any (msg: "MISP e26925 [] Incoming From IP: 38.180.3.57"; classtype:trojan-activity; sid:37722691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert ip 38.180.76.31 any -> $HOME_NET any (msg: "MISP e26925 [] Incoming From IP: 38.180.76.31"; classtype:trojan-activity; sid:37722701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert ip 86.105.18.113 any -> $HOME_NET any (msg: "MISP e26925 [] Incoming From IP: 86.105.18.113"; classtype:trojan-activity; sid:37722711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert ip 176.97.66.57 any -> $HOME_NET any (msg: "MISP e26925 [] Incoming From IP: 176.97.66.57"; classtype:trojan-activity; sid:37722721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert ip 176.97.76.118 any -> $HOME_NET any (msg: "MISP e26925 [] Incoming From IP: 176.97.76.118"; classtype:trojan-activity; sid:37722731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert ip 176.97.76.129 any -> $HOME_NET any (msg: "MISP e26925 [] Incoming From IP: 176.97.76.129"; classtype:trojan-activity; sid:37722741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert ip 198.50.170.72 any -> $HOME_NET any (msg: "MISP e26925 [] Incoming From IP: 198.50.170.72"; classtype:trojan-activity; sid:37722751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert dns any any -> any any (msg: "MISP e26925 [] Domain bugiplaysec.com"; dns.query; content:"bugiplaysec.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bugiplaysec\.com$/i"; classtype:trojan-activity; sid:37722761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26925 [] Outgoing HTTP Domain bugiplaysec.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bugiplaysec.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bugiplaysec\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert dns any any -> any any (msg: "MISP e26925 [] Domain hitsbitsx.com"; dns.query; content:"hitsbitsx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hitsbitsx\.com$/i"; classtype:trojan-activity; sid:37722771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26925 [] Outgoing HTTP Domain hitsbitsx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hitsbitsx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hitsbitsx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert dns any any -> any any (msg: "MISP e26925 [] Domain ocsp-reloads.com"; dns.query; content:"ocsp-reloads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ocsp\-reloads\.com$/i"; classtype:trojan-activity; sid:37722781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26925 [] Outgoing HTTP Domain ocsp-reloads.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ocsp-reloads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ocsp\-reloads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722782; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert dns any any -> any any (msg: "MISP e26925 [] Domain recsecas.com"; dns.query; content:"recsecas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])recsecas\.com$/i"; classtype:trojan-activity; sid:37722791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26925 [] Outgoing HTTP Domain recsecas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"recsecas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])recsecas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26925;) alert ip 144.217.117.74 any -> $HOME_NET any (msg: "MISP e26915 [] Incoming From IP: 144.217.117.74"; classtype:trojan-activity; sid:37720141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert ip 149.28.133.236 any -> $HOME_NET any (msg: "MISP e26915 [] Incoming From IP: 149.28.133.236"; classtype:trojan-activity; sid:37720151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert ip 185.36.189.81 any -> $HOME_NET any (msg: "MISP e26915 [] Incoming From IP: 185.36.189.81"; classtype:trojan-activity; sid:37720161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain defaultbluemarker.info"; dns.query; content:"defaultbluemarker.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])defaultbluemarker\.info$/i"; classtype:trojan-activity; sid:37720171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain defaultbluemarker.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"defaultbluemarker.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])defaultbluemarker\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720172; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain rasaanah-iiis.org"; dns.query; content:"rasaanah-iiis.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])rasaanah\-iiis\.org$/i"; classtype:trojan-activity; sid:37720181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain rasaanah-iiis.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rasaanah-iiis.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rasaanah\-iiis\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain rasaaneh-iiis.org"; dns.query; content:"rasaaneh-iiis.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])rasaaneh\-iiis\.org$/i"; classtype:trojan-activity; sid:37720191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain rasaaneh-iiis.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rasaaneh-iiis.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rasaaneh\-iiis\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720192; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain rasaneh-iiis.org"; dns.query; content:"rasaneh-iiis.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])rasaneh\-iiis\.org$/i"; classtype:trojan-activity; sid:37720201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain rasaneh-iiis.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rasaneh-iiis.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rasaneh\-iiis\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720202; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain beginningofgraylife.ddns.net"; dns.query; content:"beginningofgraylife.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])beginningofgraylife\.ddns\.net$/i"; classtype:trojan-activity; sid:37720211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain beginningofgraylife.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beginningofgraylife.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beginningofgraylife\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain ndrrftqrlblfecpupppp.supabase.co"; dns.query; content:"ndrrftqrlblfecpupppp.supabase.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])ndrrftqrlblfecpupppp\.supabase\.co$/i"; classtype:trojan-activity; sid:37720221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain ndrrftqrlblfecpupppp.supabase.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ndrrftqrlblfecpupppp.supabase.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ndrrftqrlblfecpupppp\.supabase\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720222; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain panel.rasaanah-iiis.org"; dns.query; content:"panel.rasaanah-iiis.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.rasaanah\-iiis\.org$/i"; classtype:trojan-activity; sid:37720231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain panel.rasaanah-iiis.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"panel.rasaanah-iiis.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.rasaanah\-iiis\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720232; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain wulpfsrqupnuqorhexiw.supabase.co"; dns.query; content:"wulpfsrqupnuqorhexiw.supabase.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])wulpfsrqupnuqorhexiw\.supabase\.co$/i"; classtype:trojan-activity; sid:37720241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain wulpfsrqupnuqorhexiw.supabase.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wulpfsrqupnuqorhexiw.supabase.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wulpfsrqupnuqorhexiw\.supabase\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720242; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain www.defaultbluemarker.info"; dns.query; content:"www.defaultbluemarker.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.defaultbluemarker\.info$/i"; classtype:trojan-activity; sid:37720251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain www.defaultbluemarker.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.defaultbluemarker.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.defaultbluemarker\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720252; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain www.panel.rasaaneh-iiis.org"; dns.query; content:"www.panel.rasaaneh-iiis.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.panel\.rasaaneh\-iiis\.org$/i"; classtype:trojan-activity; sid:37720261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain www.panel.rasaaneh-iiis.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.panel.rasaaneh-iiis.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.panel\.rasaaneh\-iiis\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720262; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain www.rasaaneh-iiis.org"; dns.query; content:"www.rasaaneh-iiis.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.rasaaneh\-iiis\.org$/i"; classtype:trojan-activity; sid:37720271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain www.rasaaneh-iiis.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.rasaaneh-iiis.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.rasaaneh\-iiis\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720272; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26915 [] Domain yellowparallelworld.ddns.net"; dns.query; content:"yellowparallelworld.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])yellowparallelworld\.ddns\.net$/i"; classtype:trojan-activity; sid:37720281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26915 [] Outgoing HTTP Domain yellowparallelworld.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yellowparallelworld.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yellowparallelworld\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37720282; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26915;) alert dns any any -> any any (msg: "MISP e26916 [] Domain us.archive-ubuntu.top"; dns.query; content:"us.archive-ubuntu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])us\.archive\-ubuntu\.top$/i"; classtype:trojan-activity; sid:37721121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26916;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26916 [] Outgoing HTTP Domain us.archive-ubuntu.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"us.archive-ubuntu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])us\.archive\-ubuntu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37721122; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26916;) alert ip $HOME_NET any -> 18.158.249.75 12044 (msg: "MISP e27168 [] Outgoing To IP: 18.158.249.75|12044"; classtype:trojan-activity; sid:37855101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 3.125.223.134 12044 (msg: "MISP e27168 [] Outgoing To IP: 3.125.223.134|12044"; classtype:trojan-activity; sid:37855111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 18.192.31.165 12044 (msg: "MISP e27168 [] Outgoing To IP: 18.192.31.165|12044"; classtype:trojan-activity; sid:37855121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 3.125.102.39 12044 (msg: "MISP e27168 [] Outgoing To IP: 3.125.102.39|12044"; classtype:trojan-activity; sid:37855131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 3.125.209.94 12044 (msg: "MISP e27168 [] Outgoing To IP: 3.125.209.94|12044"; classtype:trojan-activity; sid:37855141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 103.178.234.224 19990 (msg: "MISP e26836 [moobot] Outgoing To IP: 103.178.234.224|19990"; classtype:trojan-activity; sid:37559221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 103.178.234.224 19990 (msg: "MISP e27168 [] Outgoing To IP: 103.178.234.224|19990"; classtype:trojan-activity; sid:37855151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e26833 [] Domain falabllacl.webcindario.com"; dns.query; content:"falabllacl.webcindario.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])falabllacl\.webcindario\.com$/i"; classtype:trojan-activity; sid:37557911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26833;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26833 [] Outgoing HTTP Domain falabllacl.webcindario.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"falabllacl.webcindario.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])falabllacl\.webcindario\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37557912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26833;) alert dns any any -> any any (msg: "MISP e26834 [] Domain mi-tarjetacencosud-com.awadgallery.co.uk"; dns.query; content:"mi-tarjetacencosud-com.awadgallery.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-com\.awadgallery\.co\.uk$/i"; classtype:trojan-activity; sid:37558001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26834;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26834 [] Outgoing HTTP Domain mi-tarjetacencosud-com.awadgallery.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-com.awadgallery.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-com\.awadgallery\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37558002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26834;) alert ip $HOME_NET any -> 46.101.147.204 443 (msg: "MISP e26836 [CobaltStrike,cs-watermark-1878854471,DigitalOcean LLC] Outgoing To IP: 46.101.147.204|443"; classtype:trojan-activity; sid:37559241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 46.101.147.204 443 (msg: "MISP e27168 [] Outgoing To IP: 46.101.147.204|443"; classtype:trojan-activity; sid:37855171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> 185.196.10.134 80 (msg: "MISP e27145 [] Outgoing URL http|3a|//185.196.10.134|3a|80/mips"; flow:to_server,established; http.header; content:"185.196.10.134"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37841651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27145;) alert ip 185.196.10.134 any -> $HOME_NET any (msg: "MISP e27145 [] Incoming From IP: 185.196.10.134"; classtype:trojan-activity; sid:37841661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27145;) alert ip $HOME_NET any -> 185.196.10.134 6117 (msg: "MISP e27145 [] Outgoing To IP: 185.196.10.134|6117"; classtype:trojan-activity; sid:37841671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27145;) alert http $HOME_NET any -> 93.123.85.197 $HTTP_PORTS (msg: "MISP e26896 [] Outgoing URL http|3a|//93.123.85.197/m-i.p-s.AXIS"; flow:to_server,established; http.header; content:"93.123.85.197"; fast_pattern; nocase; http.uri; content:"/m-i.p-s.AXIS"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37614601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26896;) alert ip 93.123.85.197 any -> $HOME_NET any (msg: "MISP e26896 [] Incoming From IP: 93.123.85.197"; classtype:trojan-activity; sid:37614611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26896;) alert ip $HOME_NET any -> 93.123.85.197 606 (msg: "MISP e26896 [] Outgoing To IP: 93.123.85.197|606"; classtype:trojan-activity; sid:37614621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26896;) alert http $HOME_NET any -> 93.123.85.73 $HTTP_PORTS (msg: "MISP e27147 [] Outgoing URL http|3a|//93.123.85.73/fuckjewishpeople.mips"; flow:to_server,established; http.header; content:"93.123.85.73"; fast_pattern; nocase; http.uri; content:"/fuckjewishpeople.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37841931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27147;) alert ip 93.123.85.73 any -> $HOME_NET any (msg: "MISP e27147 [] Incoming From IP: 93.123.85.73"; classtype:trojan-activity; sid:37841941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27147;) alert ip $HOME_NET any -> 93.123.85.73 4258 (msg: "MISP e27147 [] Outgoing To IP: 93.123.85.73|4258"; classtype:trojan-activity; sid:37841951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27147;) alert http $HOME_NET any -> 146.71.78.14 $HTTP_PORTS (msg: "MISP e27146 [] Outgoing URL http|3a|//146.71.78.14/ntpd"; flow:to_server,established; http.header; content:"146.71.78.14"; fast_pattern; nocase; http.uri; content:"/ntpd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37841791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27146;) alert ip 146.71.78.14 any -> $HOME_NET any (msg: "MISP e27146 [] Incoming From IP: 146.71.78.14"; classtype:trojan-activity; sid:37841801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27146;) alert ip $HOME_NET any -> 146.71.78.14 151 (msg: "MISP e27146 [] Outgoing To IP: 146.71.78.14|151"; classtype:trojan-activity; sid:37841811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27146;) alert http $HOME_NET any -> 194.48.250.57 $HTTP_PORTS (msg: "MISP e27150 [] Outgoing URL http|3a|//194.48.250.57/m-i.p-s.ISIS"; flow:to_server,established; http.header; content:"194.48.250.57"; fast_pattern; nocase; http.uri; content:"/m-i.p-s.ISIS"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37842351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27150;) alert ip 194.48.250.57 any -> $HOME_NET any (msg: "MISP e27150 [] Incoming From IP: 194.48.250.57"; classtype:trojan-activity; sid:37842361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27150;) alert ip $HOME_NET any -> 194.48.250.57 5532 (msg: "MISP e27150 [] Outgoing To IP: 194.48.250.57|5532"; classtype:trojan-activity; sid:37842371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27150;) alert http $HOME_NET any -> 193.35.18.56 $HTTP_PORTS (msg: "MISP e27149 [] Outgoing URL http|3a|//193.35.18.56/bash"; flow:to_server,established; http.header; content:"193.35.18.56"; fast_pattern; nocase; http.uri; content:"/bash"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37842211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27149;) alert ip 193.35.18.56 any -> $HOME_NET any (msg: "MISP e27149 [] Incoming From IP: 193.35.18.56"; classtype:trojan-activity; sid:37842221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27149;) alert ip $HOME_NET any -> 193.35.18.56 65482 (msg: "MISP e27149 [] Outgoing To IP: 193.35.18.56|65482"; classtype:trojan-activity; sid:37842231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27149;) alert http $HOME_NET any -> 91.92.241.36 $HTTP_PORTS (msg: "MISP e27148 [] Outgoing URL http|3a|//91.92.241.36/.billgates/b4ngl4d3shS3N941.mips"; flow:to_server,established; http.header; content:"91.92.241.36"; fast_pattern; nocase; http.uri; content:"/.billgates/b4ngl4d3shS3N941.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37842071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27148;) alert ip 91.92.241.36 any -> $HOME_NET any (msg: "MISP e27148 [] Incoming From IP: 91.92.241.36"; classtype:trojan-activity; sid:37842081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27148;) alert ip $HOME_NET any -> 91.92.241.36 1356 (msg: "MISP e27148 [] Outgoing To IP: 91.92.241.36|1356"; classtype:trojan-activity; sid:37842091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27148;) alert http $HOME_NET any -> 203.145.47.215 $HTTP_PORTS (msg: "MISP e26889 [] Outgoing URL http|3a|//203.145.47.215/hiddenbin/boatnet.mips"; flow:to_server,established; http.header; content:"203.145.47.215"; fast_pattern; nocase; http.uri; content:"/hiddenbin/boatnet.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37613981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26889;) alert ip 203.145.47.215 any -> $HOME_NET any (msg: "MISP e26889 [] Incoming From IP: 203.145.47.215"; classtype:trojan-activity; sid:37613991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26889;) alert ip $HOME_NET any -> 203.145.47.215 3778 (msg: "MISP e26889 [] Outgoing To IP: 203.145.47.215|3778"; classtype:trojan-activity; sid:37614001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26889;) alert http $HOME_NET any -> 107.175.3.29 $HTTP_PORTS (msg: "MISP e27151 [] Outgoing URL http|3a|//107.175.3.29/mips"; flow:to_server,established; http.header; content:"107.175.3.29"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37842491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27151;) alert ip 107.175.3.29 any -> $HOME_NET any (msg: "MISP e27151 [] Incoming From IP: 107.175.3.29"; classtype:trojan-activity; sid:37842501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27151;) alert ip $HOME_NET any -> 45.155.91.135 21425 (msg: "MISP e27151 [] Outgoing To IP: 45.155.91.135|21425"; classtype:trojan-activity; sid:37842511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27151;) alert http $HOME_NET any -> 45.138.174.72 $HTTP_PORTS (msg: "MISP e27152 [] Outgoing URL http|3a|//45.138.174.72/hiddenbin/boatnet.mips"; flow:to_server,established; http.header; content:"45.138.174.72"; fast_pattern; nocase; http.uri; content:"/hiddenbin/boatnet.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37842631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27152;) alert ip 45.138.174.72 any -> $HOME_NET any (msg: "MISP e27152 [] Incoming From IP: 45.138.174.72"; classtype:trojan-activity; sid:37842641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27152;) alert ip $HOME_NET any -> 45.138.174.72 3778 (msg: "MISP e27152 [] Outgoing To IP: 45.138.174.72|3778"; classtype:trojan-activity; sid:37842651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27152;) alert http $HOME_NET any -> 194.110.247.222 $HTTP_PORTS (msg: "MISP e27153 [] Outgoing URL http|3a|//194.110.247.222/wkshindemips"; flow:to_server,established; http.header; content:"194.110.247.222"; fast_pattern; nocase; http.uri; content:"/wkshindemips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37842771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27153;) alert ip 194.110.247.222 any -> $HOME_NET any (msg: "MISP e27153 [] Incoming From IP: 194.110.247.222"; classtype:trojan-activity; sid:37842781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27153;) alert ip $HOME_NET any -> 194.110.247.222 59666 (msg: "MISP e27153 [] Outgoing To IP: 194.110.247.222|59666"; classtype:trojan-activity; sid:37842791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27153;) alert http $HOME_NET any -> 37.221.65.78 $HTTP_PORTS (msg: "MISP e27156 [] Outgoing URL http|3a|//37.221.65.78/Fantazy.mips"; flow:to_server,established; http.header; content:"37.221.65.78"; fast_pattern; nocase; http.uri; content:"/Fantazy.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37843191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27156;) alert ip 37.221.65.78 any -> $HOME_NET any (msg: "MISP e27156 [] Incoming From IP: 37.221.65.78"; classtype:trojan-activity; sid:37843201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27156;) alert ip $HOME_NET any -> 37.221.65.78 63645 (msg: "MISP e27156 [] Outgoing To IP: 37.221.65.78|63645"; classtype:trojan-activity; sid:37843211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27156;) alert http $HOME_NET any -> 194.110.247.222 $HTTP_PORTS (msg: "MISP e27154 [] Outgoing URL http|3a|//194.110.247.222/shindeVmips"; flow:to_server,established; http.header; content:"194.110.247.222"; fast_pattern; nocase; http.uri; content:"/shindeVmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37842911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27154;) alert ip 194.110.247.222 any -> $HOME_NET any (msg: "MISP e27154 [] Incoming From IP: 194.110.247.222"; classtype:trojan-activity; sid:37842921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27154;) alert ip $HOME_NET any -> 194.110.247.222 59666 (msg: "MISP e27154 [] Outgoing To IP: 194.110.247.222|59666"; classtype:trojan-activity; sid:37842931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27154;) alert http $HOME_NET any -> 37.221.94.43 $HTTP_PORTS (msg: "MISP e26895 [] Outgoing URL http|3a|//37.221.94.43/bins/kira.mips"; flow:to_server,established; http.header; content:"37.221.94.43"; fast_pattern; nocase; http.uri; content:"/bins/kira.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37614461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26895;) alert ip 37.221.94.43 any -> $HOME_NET any (msg: "MISP e26895 [] Incoming From IP: 37.221.94.43"; classtype:trojan-activity; sid:37614471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26895;) alert ip $HOME_NET any -> 37.221.94.43 5555 (msg: "MISP e26895 [] Outgoing To IP: 37.221.94.43|5555"; classtype:trojan-activity; sid:37614481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26895;) alert http $HOME_NET any -> 89.190.156.209 80 (msg: "MISP e27155 [] Outgoing URL http|3a|//89.190.156.209|3a|80/jklmips"; flow:to_server,established; http.header; content:"89.190.156.209"; fast_pattern; nocase; http.uri; content:"/jklmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37843051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27155;) alert ip 89.190.156.209 any -> $HOME_NET any (msg: "MISP e27155 [] Incoming From IP: 89.190.156.209"; classtype:trojan-activity; sid:37843061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27155;) alert ip $HOME_NET any -> 204.76.203.59 38241 (msg: "MISP e27155 [] Outgoing To IP: 204.76.203.59|38241"; classtype:trojan-activity; sid:37843071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27155;) alert http $HOME_NET any -> 89.190.156.209 80 (msg: "MISP e27157 [] Outgoing URL http|3a|//89.190.156.209|3a|80/jklmips"; flow:to_server,established; http.header; content:"89.190.156.209"; fast_pattern; nocase; http.uri; content:"/jklmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37843331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27157;) alert ip 89.190.156.209 any -> $HOME_NET any (msg: "MISP e27157 [] Incoming From IP: 89.190.156.209"; classtype:trojan-activity; sid:37843341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27157;) alert ip $HOME_NET any -> 62.72.185.8 38241 (msg: "MISP e27157 [] Outgoing To IP: 62.72.185.8|38241"; classtype:trojan-activity; sid:37843351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27157;) alert http $HOME_NET any -> 103.28.32.56 $HTTP_PORTS (msg: "MISP e27158 [] Outgoing URL http|3a|//103.28.32.56/most-mips"; flow:to_server,established; http.header; content:"103.28.32.56"; fast_pattern; nocase; http.uri; content:"/most-mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37843471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27158;) alert ip 103.28.32.56 any -> $HOME_NET any (msg: "MISP e27158 [] Incoming From IP: 103.28.32.56"; classtype:trojan-activity; sid:37843481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27158;) alert ip $HOME_NET any -> 103.28.32.56 2023 (msg: "MISP e27158 [] Outgoing To IP: 103.28.32.56|2023"; classtype:trojan-activity; sid:37843491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27158;) alert http $HOME_NET any -> 103.28.33.96 $HTTP_PORTS (msg: "MISP e27159 [] Outgoing URL http|3a|//103.28.33.96/most-mips"; flow:to_server,established; http.header; content:"103.28.33.96"; fast_pattern; nocase; http.uri; content:"/most-mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37843611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27159;) alert ip 103.28.33.96 any -> $HOME_NET any (msg: "MISP e27159 [] Incoming From IP: 103.28.33.96"; classtype:trojan-activity; sid:37843621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27159;) alert ip $HOME_NET any -> 103.28.33.96 2023 (msg: "MISP e27159 [] Outgoing To IP: 103.28.33.96|2023"; classtype:trojan-activity; sid:37843631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27159;) alert http $HOME_NET any -> 103.180.149.224 $HTTP_PORTS (msg: "MISP e27160 [] Outgoing URL http|3a|//103.180.149.224/bulu.mips"; flow:to_server,established; http.header; content:"103.180.149.224"; fast_pattern; nocase; http.uri; content:"/bulu.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37843751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27160;) alert ip 103.180.149.224 any -> $HOME_NET any (msg: "MISP e27160 [] Incoming From IP: 103.180.149.224"; classtype:trojan-activity; sid:37843761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27160;) alert ip $HOME_NET any -> 103.180.149.224 43957 (msg: "MISP e27160 [] Outgoing To IP: 103.180.149.224|43957"; classtype:trojan-activity; sid:37843771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27160;) alert http $HOME_NET any -> 91.92.240.138 $HTTP_PORTS (msg: "MISP e27161 [] Outgoing URL http|3a|//91.92.240.138/bot.mips"; flow:to_server,established; http.header; content:"91.92.240.138"; fast_pattern; nocase; http.uri; content:"/bot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37843891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27161;) alert ip 91.92.240.138 any -> $HOME_NET any (msg: "MISP e27161 [] Incoming From IP: 91.92.240.138"; classtype:trojan-activity; sid:37843901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27161;) alert ip $HOME_NET any -> 91.92.240.138 56999 (msg: "MISP e27161 [] Outgoing To IP: 91.92.240.138|56999"; classtype:trojan-activity; sid:37843911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27161;) alert http $HOME_NET any -> 94.156.8.116 $HTTP_PORTS (msg: "MISP e27162 [] Outgoing URL http|3a|//94.156.8.116/bot.mips"; flow:to_server,established; http.header; content:"94.156.8.116"; fast_pattern; nocase; http.uri; content:"/bot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37844031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27162;) alert ip 94.156.8.116 any -> $HOME_NET any (msg: "MISP e27162 [] Incoming From IP: 94.156.8.116"; classtype:trojan-activity; sid:37844041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27162;) alert ip $HOME_NET any -> 94.156.8.116 43957 (msg: "MISP e27162 [] Outgoing To IP: 94.156.8.116|43957"; classtype:trojan-activity; sid:37844051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27162;) alert http $HOME_NET any -> 209.141.35.151 $HTTP_PORTS (msg: "MISP e26894 [] Outgoing URL http|3a|//209.141.35.151/mips"; flow:to_server,established; http.header; content:"209.141.35.151"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37614321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26894;) alert ip 209.141.35.151 any -> $HOME_NET any (msg: "MISP e26894 [] Incoming From IP: 209.141.35.151"; classtype:trojan-activity; sid:37614331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26894;) alert ip $HOME_NET any -> 209.141.35.151 55650 (msg: "MISP e26894 [] Outgoing To IP: 209.141.35.151|55650"; classtype:trojan-activity; sid:37614341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26894;) alert http $HOME_NET any -> 103.172.79.74 $HTTP_PORTS (msg: "MISP e27163 [] Outgoing URL http|3a|//103.172.79.74/bot.mips"; flow:to_server,established; http.header; content:"103.172.79.74"; fast_pattern; nocase; http.uri; content:"/bot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37844171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27163;) alert ip 103.172.79.74 any -> $HOME_NET any (msg: "MISP e27163 [] Incoming From IP: 103.172.79.74"; classtype:trojan-activity; sid:37844181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27163;) alert ip $HOME_NET any -> 103.172.79.74 43957 (msg: "MISP e27163 [] Outgoing To IP: 103.172.79.74|43957"; classtype:trojan-activity; sid:37844191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27163;) alert http $HOME_NET any -> 185.196.10.60 $HTTP_PORTS (msg: "MISP e26890 [] Outgoing URL http|3a|//185.196.10.60/mips"; flow:to_server,established; http.header; content:"185.196.10.60"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37614121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26890;) alert ip 185.196.10.60 any -> $HOME_NET any (msg: "MISP e26890 [] Incoming From IP: 185.196.10.60"; classtype:trojan-activity; sid:37614131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26890;) alert ip $HOME_NET any -> 185.196.10.60 55655 (msg: "MISP e26890 [] Outgoing To IP: 185.196.10.60|55655"; classtype:trojan-activity; sid:37614141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26890;) alert http $HOME_NET any -> 103.28.33.96 $HTTP_PORTS (msg: "MISP e27164 [] Outgoing URL http|3a|//103.28.33.96/most-mips"; flow:to_server,established; http.header; content:"103.28.33.96"; fast_pattern; nocase; http.uri; content:"/most-mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37844311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27164;) alert ip 103.28.33.96 any -> $HOME_NET any (msg: "MISP e27164 [] Incoming From IP: 103.28.33.96"; classtype:trojan-activity; sid:37844321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27164;) alert ip $HOME_NET any -> 45.77.249.79 2023 (msg: "MISP e27164 [] Outgoing To IP: 45.77.249.79|2023"; classtype:trojan-activity; sid:37844331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27164;) alert http $HOME_NET any -> 103.67.196.50 $HTTP_PORTS (msg: "MISP e27165 [] Outgoing URL http|3a|//103.67.196.50/most-mips"; flow:to_server,established; http.header; content:"103.67.196.50"; fast_pattern; nocase; http.uri; content:"/most-mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37844451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27165;) alert ip 103.67.196.50 any -> $HOME_NET any (msg: "MISP e27165 [] Incoming From IP: 103.67.196.50"; classtype:trojan-activity; sid:37844461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27165;) alert ip $HOME_NET any -> 103.67.196.50 2023 (msg: "MISP e27165 [] Outgoing To IP: 103.67.196.50|2023"; classtype:trojan-activity; sid:37844471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27165;) alert http $HOME_NET any -> 31.220.3.140 $HTTP_PORTS (msg: "MISP e27142 [] Outgoing URL http|3a|//31.220.3.140/ri/la.bot.mips"; flow:to_server,established; http.header; content:"31.220.3.140"; fast_pattern; nocase; http.uri; content:"/ri/la.bot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37841231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27142;) alert ip 31.220.3.140 any -> $HOME_NET any (msg: "MISP e27142 [] Incoming From IP: 31.220.3.140"; classtype:trojan-activity; sid:37841241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27142;) alert ip $HOME_NET any -> 143.198.95.76 42061 (msg: "MISP e27142 [] Outgoing To IP: 143.198.95.76|42061"; classtype:trojan-activity; sid:37841251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27142;) alert http $HOME_NET any -> 31.220.3.140 $HTTP_PORTS (msg: "MISP e27143 [] Outgoing URL http|3a|//31.220.3.140/ri/la.bot.mips"; flow:to_server,established; http.header; content:"31.220.3.140"; fast_pattern; nocase; http.uri; content:"/ri/la.bot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37841371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27143;) alert ip 31.220.3.140 any -> $HOME_NET any (msg: "MISP e27143 [] Incoming From IP: 31.220.3.140"; classtype:trojan-activity; sid:37841381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27143;) alert ip $HOME_NET any -> 174.138.7.9 42061 (msg: "MISP e27143 [] Outgoing To IP: 174.138.7.9|42061"; classtype:trojan-activity; sid:37841391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27143;) alert http $HOME_NET any -> 45.142.182.114 $HTTP_PORTS (msg: "MISP e27144 [] Outgoing URL http|3a|//45.142.182.114/mips"; flow:to_server,established; http.header; content:"45.142.182.114"; fast_pattern; nocase; http.uri; content:"/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37841511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27144;) alert ip 45.142.182.114 any -> $HOME_NET any (msg: "MISP e27144 [] Incoming From IP: 45.142.182.114"; classtype:trojan-activity; sid:37841521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27144;) alert ip $HOME_NET any -> 45.142.182.114 2211 (msg: "MISP e27144 [] Outgoing To IP: 45.142.182.114|2211"; classtype:trojan-activity; sid:37841531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27144;) alert ip $HOME_NET any -> 130.193.34.93 7443 (msg: "MISP e26836 [Mythic,YANDEXCLOUD] Outgoing To IP: 130.193.34.93|7443"; classtype:trojan-activity; sid:37559251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 122.114.11.150 7443 (msg: "MISP e26836 [CHINA169-BACKBONE CHINA UNICOM China169 Backbone,Mythic] Outgoing To IP: 122.114.11.150|7443"; classtype:trojan-activity; sid:37559261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 138.124.180.245 443 (msg: "MISP e26836 [Havoc,STARK-INDUSTRIES] Outgoing To IP: 138.124.180.245|443"; classtype:trojan-activity; sid:37559271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 20.189.118.216 443 (msg: "MISP e26836 [Havoc,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.189.118.216|443"; classtype:trojan-activity; sid:37559281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 37.1.210.109 40056 (msg: "MISP e26836 [Havoc,HVC-AS] Outgoing To IP: 37.1.210.109|40056"; classtype:trojan-activity; sid:37559291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 89.116.227.76 443 (msg: "MISP e26836 [AS-HOSTINGER,Havoc] Outgoing To IP: 89.116.227.76|443"; classtype:trojan-activity; sid:37559301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 195.78.220.27 80 (msg: "MISP e26836 [AS-IRIDEOS,Havoc] Outgoing To IP: 195.78.220.27|80"; classtype:trojan-activity; sid:37559311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 176.233.252.31 445 (msg: "MISP e26836 [Responder,TELLCOM-AS] Outgoing To IP: 176.233.252.31|445"; classtype:trojan-activity; sid:37559321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 105.155.177.133 995 (msg: "MISP e26836 [MT-MPLS,QakBot] Outgoing To IP: 105.155.177.133|995"; classtype:trojan-activity; sid:37559331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 86.98.212.14 22 (msg: "MISP e26836 [EMIRATES-INTERNET Emirates Internet,QakBot] Outgoing To IP: 86.98.212.14|22"; classtype:trojan-activity; sid:37559341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 192.210.136.123 8888 (msg: "MISP e26836 [AS-COLOCROSSING,Supershell] Outgoing To IP: 192.210.136.123|8888"; classtype:trojan-activity; sid:37559351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 86.98.212.14 22 (msg: "MISP e27168 [] Outgoing To IP: 86.98.212.14|22"; classtype:trojan-activity; sid:37855181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 105.155.177.133 995 (msg: "MISP e27168 [] Outgoing To IP: 105.155.177.133|995"; classtype:trojan-activity; sid:37855191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 176.233.252.31 445 (msg: "MISP e27168 [] Outgoing To IP: 176.233.252.31|445"; classtype:trojan-activity; sid:37855201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 195.78.220.27 80 (msg: "MISP e27168 [] Outgoing To IP: 195.78.220.27|80"; classtype:trojan-activity; sid:37855211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 89.116.227.76 443 (msg: "MISP e27168 [] Outgoing To IP: 89.116.227.76|443"; classtype:trojan-activity; sid:37855221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 37.1.210.109 40056 (msg: "MISP e27168 [] Outgoing To IP: 37.1.210.109|40056"; classtype:trojan-activity; sid:37855231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 20.189.118.216 443 (msg: "MISP e27168 [] Outgoing To IP: 20.189.118.216|443"; classtype:trojan-activity; sid:37855241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 138.124.180.245 443 (msg: "MISP e27168 [] Outgoing To IP: 138.124.180.245|443"; classtype:trojan-activity; sid:37855251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 122.114.11.150 7443 (msg: "MISP e27168 [] Outgoing To IP: 122.114.11.150|7443"; classtype:trojan-activity; sid:37855261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 130.193.34.93 7443 (msg: "MISP e27168 [] Outgoing To IP: 130.193.34.93|7443"; classtype:trojan-activity; sid:37855271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 192.210.136.123 8888 (msg: "MISP e27168 [] Outgoing To IP: 192.210.136.123|8888"; classtype:trojan-activity; sid:37855281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 58.137.140.249 80 (msg: "MISP e26836 [AS4750,c2,censys] Outgoing To IP: 58.137.140.249|80"; classtype:trojan-activity; sid:37559431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 52.190.15.163 443 (msg: "MISP e26836 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 52.190.15.163|443"; classtype:trojan-activity; sid:37559441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 20.108.32.205 443 (msg: "MISP e26836 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.108.32.205|443"; classtype:trojan-activity; sid:37559451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 47.254.149.115 8080 (msg: "MISP e26836 [AS45102,c2,censys] Outgoing To IP: 47.254.149.115|8080"; classtype:trojan-activity; sid:37559461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 221.234.36.116 10001 (msg: "MISP e26836 [AS4134,c2,censys] Outgoing To IP: 221.234.36.116|10001"; classtype:trojan-activity; sid:37559471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 1.94.110.130 8082 (msg: "MISP e26836 [AS55990,c2,censys] Outgoing To IP: 1.94.110.130|8082"; classtype:trojan-activity; sid:37559481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 152.42.164.112 443 (msg: "MISP e26836 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 152.42.164.112|443"; classtype:trojan-activity; sid:37559491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 175.24.133.171 80 (msg: "MISP e26836 [AS45090,c2,censys] Outgoing To IP: 175.24.133.171|80"; classtype:trojan-activity; sid:37559501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 43.136.71.208 8085 (msg: "MISP e26836 [AS45090,c2,censys] Outgoing To IP: 43.136.71.208|8085"; classtype:trojan-activity; sid:37559511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 154.197.98.85 80 (msg: "MISP e26836 [AS136933,c2,censys] Outgoing To IP: 154.197.98.85|80"; classtype:trojan-activity; sid:37559521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 139.180.146.240 80 (msg: "MISP e26836 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 139.180.146.240|80"; classtype:trojan-activity; sid:37559531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 111.231.146.154 443 (msg: "MISP e26836 [AS45090,c2,censys] Outgoing To IP: 111.231.146.154|443"; classtype:trojan-activity; sid:37559541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 167.71.186.178 443 (msg: "MISP e26836 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 167.71.186.178|443"; classtype:trojan-activity; sid:37559551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 154.221.17.44 2991 (msg: "MISP e26836 [AS142403,c2,censys] Outgoing To IP: 154.221.17.44|2991"; classtype:trojan-activity; sid:37559561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 101.200.164.66 5555 (msg: "MISP e26836 [AS37963,c2,censys] Outgoing To IP: 101.200.164.66|5555"; classtype:trojan-activity; sid:37559571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 107.172.196.196 80 (msg: "MISP e26836 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 107.172.196.196|80"; classtype:trojan-activity; sid:37559581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 91.149.237.252 52299 (msg: "MISP e26836 [AS26383,ASNET,c2,censys] Outgoing To IP: 91.149.237.252|52299"; classtype:trojan-activity; sid:37559591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 45.131.132.55 4443 (msg: "MISP e26836 [AS41378,c2,censys,KIRINONET] Outgoing To IP: 45.131.132.55|4443"; classtype:trojan-activity; sid:37559601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 8.222.150.46 8443 (msg: "MISP e26836 [AS45102,c2,censys] Outgoing To IP: 8.222.150.46|8443"; classtype:trojan-activity; sid:37559611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 8.222.150.46 443 (msg: "MISP e26836 [AS45102,c2,censys] Outgoing To IP: 8.222.150.46|443"; classtype:trojan-activity; sid:37559621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 45.159.209.194 80 (msg: "MISP e26836 [AS56971,c2,censys,CLOUDBACKBONE] Outgoing To IP: 45.159.209.194|80"; classtype:trojan-activity; sid:37559631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 117.72.42.129 8089 (msg: "MISP e26836 [AS141679,c2,censys] Outgoing To IP: 117.72.42.129|8089"; classtype:trojan-activity; sid:37559641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 91.92.241.199 443 (msg: "MISP e26836 [AS394711,c2,censys,LIMENET] Outgoing To IP: 91.92.241.199|443"; classtype:trojan-activity; sid:37559651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 182.92.207.142 8090 (msg: "MISP e26836 [AS37963,c2,censys] Outgoing To IP: 182.92.207.142|8090"; classtype:trojan-activity; sid:37559661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 176.32.38.186 81 (msg: "MISP e26836 [AS49392,ASBAXETN,c2,censys] Outgoing To IP: 176.32.38.186|81"; classtype:trojan-activity; sid:37559671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 34.168.39.155 10000 (msg: "MISP e26836 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.168.39.155|10000"; classtype:trojan-activity; sid:37559681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 39.104.73.42 8080 (msg: "MISP e26836 [AS37963,c2,censys] Outgoing To IP: 39.104.73.42|8080"; classtype:trojan-activity; sid:37559691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 39.104.73.42 8081 (msg: "MISP e26836 [AS37963,c2,censys] Outgoing To IP: 39.104.73.42|8081"; classtype:trojan-activity; sid:37559701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 65.20.80.197 8888 (msg: "MISP e26836 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 65.20.80.197|8888"; classtype:trojan-activity; sid:37559711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 65.20.80.197 9999 (msg: "MISP e26836 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 65.20.80.197|9999"; classtype:trojan-activity; sid:37559721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 101.201.46.105 8888 (msg: "MISP e26836 [AS37963,c2,censys] Outgoing To IP: 101.201.46.105|8888"; classtype:trojan-activity; sid:37559731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 101.201.46.105 10000 (msg: "MISP e26836 [AS37963,c2,censys] Outgoing To IP: 101.201.46.105|10000"; classtype:trojan-activity; sid:37559741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 114.115.129.32 31337 (msg: "MISP e26836 [AS4808,c2,censys] Outgoing To IP: 114.115.129.32|31337"; classtype:trojan-activity; sid:37559751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 35.93.24.71 31337 (msg: "MISP e26836 [AMAZON-02,AS16509,c2,censys] Outgoing To IP: 35.93.24.71|31337"; classtype:trojan-activity; sid:37559761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 82.97.244.235 443 (msg: "MISP e26836 [AS9123,c2,censys,TIMEWEB-AS] Outgoing To IP: 82.97.244.235|443"; classtype:trojan-activity; sid:37559771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 185.87.150.199 2222 (msg: "MISP e26836 [AS9009,c2,censys,M247,RAT] Outgoing To IP: 185.87.150.199|2222"; classtype:trojan-activity; sid:37559781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 34.86.252.187 8808 (msg: "MISP e26836 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,RAT] Outgoing To IP: 34.86.252.187|8808"; classtype:trojan-activity; sid:37559791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 82.165.208.218 8888 (msg: "MISP e26836 [AS54548,c2,censys,PROFITBRICKS-USA,RAT] Outgoing To IP: 82.165.208.218|8888"; classtype:trojan-activity; sid:37559801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 213.195.119.244 4002 (msg: "MISP e26836 [AS15704,c2,censys,RAT] Outgoing To IP: 213.195.119.244|4002"; classtype:trojan-activity; sid:37559811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 213.195.119.244 4003 (msg: "MISP e26836 [AS15704,c2,censys,RAT] Outgoing To IP: 213.195.119.244|4003"; classtype:trojan-activity; sid:37559821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 213.195.119.244 5001 (msg: "MISP e26836 [AS15704,c2,censys,RAT] Outgoing To IP: 213.195.119.244|5001"; classtype:trojan-activity; sid:37559831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 213.195.119.244 5003 (msg: "MISP e26836 [AS15704,c2,censys,RAT] Outgoing To IP: 213.195.119.244|5003"; classtype:trojan-activity; sid:37559841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 46.4.37.212 100 (msg: "MISP e26836 [AS24940,c2,censys,HETZNER-AS,RAT] Outgoing To IP: 46.4.37.212|100"; classtype:trojan-activity; sid:37559851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 186.170.114.55 2404 (msg: "MISP e26836 [AS3816,c2,censys,RAT] Outgoing To IP: 186.170.114.55|2404"; classtype:trojan-activity; sid:37559861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 186.170.114.55 8888 (msg: "MISP e26836 [AS3816,c2,censys,RAT] Outgoing To IP: 186.170.114.55|8888"; classtype:trojan-activity; sid:37559871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [AMAZON-AES,AS14618,c2,censys,Mythic] Domain ec2-54-152-184-1.compute-1.amazonaws.com"; dns.query; content:"ec2-54-152-184-1.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-152\-184\-1\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37559881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [AMAZON-AES,AS14618,c2,censys,Mythic] Outgoing HTTP Domain ec2-54-152-184-1.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-152-184-1.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-152\-184\-1\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [AS16276,c2,censys,Mythic,OVH] Domain ovh.rfc.pp.ua"; dns.query; content:"ovh.rfc.pp.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])ovh\.rfc\.pp\.ua$/i"; classtype:trojan-activity; sid:37559891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [AS16276,c2,censys,Mythic,OVH] Outgoing HTTP Domain ovh.rfc.pp.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ovh.rfc.pp.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ovh\.rfc\.pp\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 185.217.197.66 80 (msg: "MISP e26836 [AEZA-AS,AS210644,c2,censys,HookBot] Outgoing To IP: 185.217.197.66|80"; classtype:trojan-activity; sid:37559901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 86.110.194.13 80 (msg: "MISP e26836 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 86.110.194.13|80"; classtype:trojan-activity; sid:37559911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [AMAZON-02,AS16509,c2,censys,HookBot] Domain ec2-13-214-93-225.ap-southeast-1.compute.amazonaws.com"; dns.query; content:"ec2-13-214-93-225.ap-southeast-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-214\-93\-225\.ap\-southeast\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37559921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [AMAZON-02,AS16509,c2,censys,HookBot] Outgoing HTTP Domain ec2-13-214-93-225.ap-southeast-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-214-93-225.ap-southeast-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-214\-93\-225\.ap\-southeast\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 193.233.254.32 80 (msg: "MISP e26836 [AS210281,c2,censys,HookBot,WAICORE] Outgoing To IP: 193.233.254.32|80"; classtype:trojan-activity; sid:37559931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 212.70.149.199 80 (msg: "MISP e26836 [AS204428,c2,censys,HookBot,SS-Net] Outgoing To IP: 212.70.149.199|80"; classtype:trojan-activity; sid:37559941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 89.23.102.221 8081 (msg: "MISP e26836 [AS56694,c2,censys,SMARTAPE] Outgoing To IP: 89.23.102.221|8081"; classtype:trojan-activity; sid:37559951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 181.162.129.236 8080 (msg: "MISP e26836 [AS7418,c2,censys,RAT] Outgoing To IP: 181.162.129.236|8080"; classtype:trojan-activity; sid:37559961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 220.78.13.217 8080 (msg: "MISP e26836 [AS4766,c2,censys,RAT] Outgoing To IP: 220.78.13.217|8080"; classtype:trojan-activity; sid:37559971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [AS40021,c2,censys,NL-811-40021,RAT] Domain liceback.online"; dns.query; content:"liceback.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])liceback\.online$/i"; classtype:trojan-activity; sid:37559981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [AS40021,c2,censys,NL-811-40021,RAT] Outgoing HTTP Domain liceback.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liceback.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liceback\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain www.edgarmcneil.autos"; dns.query; content:"www.edgarmcneil.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.edgarmcneil\.autos$/i"; classtype:trojan-activity; sid:37559991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain www.edgarmcneil.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.edgarmcneil.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.edgarmcneil\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37559992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [ALEXHOST,AS200019,c2,censys] Domain dbdfbd.xyz"; dns.query; content:"dbdfbd.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])dbdfbd\.xyz$/i"; classtype:trojan-activity; sid:37560001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [ALEXHOST,AS200019,c2,censys] Outgoing HTTP Domain dbdfbd.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dbdfbd.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dbdfbd\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37560002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 154.244.6.141 80 (msg: "MISP e26836 [ALGTEL-AS,AS36947,c2,censys,RAT] Outgoing To IP: 154.244.6.141|80"; classtype:trojan-activity; sid:37560011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 46.246.86.12 6000 (msg: "MISP e26836 [AS42708,c2,censys,RAT] Outgoing To IP: 46.246.86.12|6000"; classtype:trojan-activity; sid:37560021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 37.140.242.93 80 (msg: "MISP e26836 [AS212219,c2,censys] Outgoing To IP: 37.140.242.93|80"; classtype:trojan-activity; sid:37560031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 5.42.67.89 8080 (msg: "MISP e26836 [AS210352,c2,censys,SERVER4-AS] Outgoing To IP: 5.42.67.89|8080"; classtype:trojan-activity; sid:37560041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 110.173.54.195 80 (msg: "MISP e26836 [AS45753,c2,censys] Outgoing To IP: 110.173.54.195|80"; classtype:trojan-activity; sid:37560051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 5.42.67.10 8080 (msg: "MISP e26836 [AS210352,c2,censys,SERVER4-AS] Outgoing To IP: 5.42.67.10|8080"; classtype:trojan-activity; sid:37560061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 89.163.145.141 80 (msg: "MISP e26836 [AS24961,botnet,byob,c2,censys] Outgoing To IP: 89.163.145.141|80"; classtype:trojan-activity; sid:37560071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 34.207.38.46 443 (msg: "MISP e26836 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 34.207.38.46|443"; classtype:trojan-activity; sid:37560081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert dns any any -> any any (msg: "MISP e26836 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Domain epsilon7331.uk"; dns.query; content:"epsilon7331.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilon7331\.uk$/i"; classtype:trojan-activity; sid:37560091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26836 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Outgoing HTTP Domain epsilon7331.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"epsilon7331.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilon7331\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37560092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 93.123.85.206 80 (msg: "MISP e26836 [AS216240,c2,censys,MORTALSOFT] Outgoing To IP: 93.123.85.206|80"; classtype:trojan-activity; sid:37560101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 84.27.0.166 443 (msg: "MISP e26836 [AS33915,c2,censys,TNF-AS,UNAM] Outgoing To IP: 84.27.0.166|443"; classtype:trojan-activity; sid:37560111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 111.231.146.154 60000 (msg: "MISP e26836 [AS45090,censys,Viper] Outgoing To IP: 111.231.146.154|60000"; classtype:trojan-activity; sid:37560121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 124.220.110.22 60000 (msg: "MISP e26836 [AS45090,censys,Viper] Outgoing To IP: 124.220.110.22|60000"; classtype:trojan-activity; sid:37560131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 47.245.122.5 60000 (msg: "MISP e26836 [AS45102,censys,Viper] Outgoing To IP: 47.245.122.5|60000"; classtype:trojan-activity; sid:37560141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 138.197.168.34 1337 (msg: "MISP e26836 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 138.197.168.34|1337"; classtype:trojan-activity; sid:37560151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 34.88.129.107 3333 (msg: "MISP e26836 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.88.129.107|3333"; classtype:trojan-activity; sid:37560161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 34.66.42.107 443 (msg: "MISP e26836 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.66.42.107|443"; classtype:trojan-activity; sid:37560171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 84.76.152.132 4444 (msg: "MISP e26836 [AS12479,censys,GoPhish,phishing,UNI2-AS] Outgoing To IP: 84.76.152.132|4444"; classtype:trojan-activity; sid:37560181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 167.71.229.69 3333 (msg: "MISP e26836 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 167.71.229.69|3333"; classtype:trojan-activity; sid:37560191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 142.93.75.136 443 (msg: "MISP e26836 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 142.93.75.136|443"; classtype:trojan-activity; sid:37560201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 172.104.219.42 3333 (msg: "MISP e26836 [AS63949,censys,GoPhish,phishing] Outgoing To IP: 172.104.219.42|3333"; classtype:trojan-activity; sid:37560211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 4.147.26.237 3333 (msg: "MISP e26836 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 4.147.26.237|3333"; classtype:trojan-activity; sid:37560221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 34.134.123.117 443 (msg: "MISP e26836 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.134.123.117|443"; classtype:trojan-activity; sid:37560231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 3.65.151.202 443 (msg: "MISP e26836 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.65.151.202|443"; classtype:trojan-activity; sid:37560241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 52.87.249.14 3333 (msg: "MISP e26836 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 52.87.249.14|3333"; classtype:trojan-activity; sid:37560251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 52.231.117.124 3333 (msg: "MISP e26836 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 52.231.117.124|3333"; classtype:trojan-activity; sid:37560261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 138.68.180.208 3333 (msg: "MISP e26836 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 138.68.180.208|3333"; classtype:trojan-activity; sid:37560271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 124.223.177.244 3333 (msg: "MISP e26836 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 124.223.177.244|3333"; classtype:trojan-activity; sid:37560281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 34.250.248.33 443 (msg: "MISP e26836 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 34.250.248.33|443"; classtype:trojan-activity; sid:37560291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 20.115.87.236 3333 (msg: "MISP e26836 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.115.87.236|3333"; classtype:trojan-activity; sid:37560301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 51.81.42.253 3333 (msg: "MISP e26836 [AS16276,censys,GoPhish,OVH,phishing] Outgoing To IP: 51.81.42.253|3333"; classtype:trojan-activity; sid:37560311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26835 [] Outgoing URL http|3a|//sec-passbanruralvirtual.web.app"; flow:to_server,established; http.header; content:"sec-passbanruralvirtual.web.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37558071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26835;) alert dns any any -> any any (msg: "MISP e26835 [] Domain sec-passbanruralvirtual.web.app"; dns.query; content:"sec-passbanruralvirtual.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])sec\-passbanruralvirtual\.web\.app$/i"; classtype:trojan-activity; sid:37558111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26835;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26835 [] Outgoing HTTP Domain sec-passbanruralvirtual.web.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sec-passbanruralvirtual.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sec\-passbanruralvirtual\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37558112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26835;) alert dns any any -> any any (msg: "MISP e27168 [] Domain epsilon7331.uk"; dns.query; content:"epsilon7331.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilon7331\.uk$/i"; classtype:trojan-activity; sid:37855361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain epsilon7331.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"epsilon7331.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilon7331\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37855362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27168 [] Domain www.edgarmcneil.autos"; dns.query; content:"www.edgarmcneil.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.edgarmcneil\.autos$/i"; classtype:trojan-activity; sid:37855371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain www.edgarmcneil.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.edgarmcneil.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.edgarmcneil\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37855372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27168 [] Domain dbdfbd.xyz"; dns.query; content:"dbdfbd.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])dbdfbd\.xyz$/i"; classtype:trojan-activity; sid:37855381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain dbdfbd.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dbdfbd.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dbdfbd\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37855382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27168 [] Domain liceback.online"; dns.query; content:"liceback.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])liceback\.online$/i"; classtype:trojan-activity; sid:37855391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain liceback.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liceback.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liceback\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37855392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27168 [] Domain ec2-13-214-93-225.ap-southeast-1.compute.amazonaws.com"; dns.query; content:"ec2-13-214-93-225.ap-southeast-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-214\-93\-225\.ap\-southeast\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37855401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain ec2-13-214-93-225.ap-southeast-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-13-214-93-225.ap-southeast-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-13\-214\-93\-225\.ap\-southeast\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37855402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27168 [] Domain ovh.rfc.pp.ua"; dns.query; content:"ovh.rfc.pp.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-])ovh\.rfc\.pp\.ua$/i"; classtype:trojan-activity; sid:37855411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain ovh.rfc.pp.ua"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ovh.rfc.pp.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ovh\.rfc\.pp\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37855412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert dns any any -> any any (msg: "MISP e27168 [] Domain ec2-54-152-184-1.compute-1.amazonaws.com"; dns.query; content:"ec2-54-152-184-1.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-152\-184\-1\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37855421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27168 [] Outgoing HTTP Domain ec2-54-152-184-1.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-152-184-1.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-152\-184\-1\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37855422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 51.81.42.253 3333 (msg: "MISP e27168 [] Outgoing To IP: 51.81.42.253|3333"; classtype:trojan-activity; sid:37855431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 20.115.87.236 3333 (msg: "MISP e27168 [] Outgoing To IP: 20.115.87.236|3333"; classtype:trojan-activity; sid:37855441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 34.250.248.33 443 (msg: "MISP e27168 [] Outgoing To IP: 34.250.248.33|443"; classtype:trojan-activity; sid:37855451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 124.223.177.244 3333 (msg: "MISP e27168 [] Outgoing To IP: 124.223.177.244|3333"; classtype:trojan-activity; sid:37855461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 138.68.180.208 3333 (msg: "MISP e27168 [] Outgoing To IP: 138.68.180.208|3333"; classtype:trojan-activity; sid:37855471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 52.231.117.124 3333 (msg: "MISP e27168 [] Outgoing To IP: 52.231.117.124|3333"; classtype:trojan-activity; sid:37855481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 52.87.249.14 3333 (msg: "MISP e27168 [] Outgoing To IP: 52.87.249.14|3333"; classtype:trojan-activity; sid:37855491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 3.65.151.202 443 (msg: "MISP e27168 [] Outgoing To IP: 3.65.151.202|443"; classtype:trojan-activity; sid:37855501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 34.134.123.117 443 (msg: "MISP e27168 [] Outgoing To IP: 34.134.123.117|443"; classtype:trojan-activity; sid:37855511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 4.147.26.237 3333 (msg: "MISP e27168 [] Outgoing To IP: 4.147.26.237|3333"; classtype:trojan-activity; sid:37855521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 172.104.219.42 3333 (msg: "MISP e27168 [] Outgoing To IP: 172.104.219.42|3333"; classtype:trojan-activity; sid:37855531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 142.93.75.136 443 (msg: "MISP e27168 [] Outgoing To IP: 142.93.75.136|443"; classtype:trojan-activity; sid:37855541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 167.71.229.69 3333 (msg: "MISP e27168 [] Outgoing To IP: 167.71.229.69|3333"; classtype:trojan-activity; sid:37855551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 84.76.152.132 4444 (msg: "MISP e27168 [] Outgoing To IP: 84.76.152.132|4444"; classtype:trojan-activity; sid:37855561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 34.66.42.107 443 (msg: "MISP e27168 [] Outgoing To IP: 34.66.42.107|443"; classtype:trojan-activity; sid:37855571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 34.88.129.107 3333 (msg: "MISP e27168 [] Outgoing To IP: 34.88.129.107|3333"; classtype:trojan-activity; sid:37855581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 138.197.168.34 1337 (msg: "MISP e27168 [] Outgoing To IP: 138.197.168.34|1337"; classtype:trojan-activity; sid:37855591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 47.245.122.5 60000 (msg: "MISP e27168 [] Outgoing To IP: 47.245.122.5|60000"; classtype:trojan-activity; sid:37855601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 124.220.110.22 60000 (msg: "MISP e27168 [] Outgoing To IP: 124.220.110.22|60000"; classtype:trojan-activity; sid:37855611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 111.231.146.154 60000 (msg: "MISP e27168 [] Outgoing To IP: 111.231.146.154|60000"; classtype:trojan-activity; sid:37855621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 84.27.0.166 443 (msg: "MISP e27168 [] Outgoing To IP: 84.27.0.166|443"; classtype:trojan-activity; sid:37855631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 93.123.85.206 80 (msg: "MISP e27168 [] Outgoing To IP: 93.123.85.206|80"; classtype:trojan-activity; sid:37855641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 34.207.38.46 443 (msg: "MISP e27168 [] Outgoing To IP: 34.207.38.46|443"; classtype:trojan-activity; sid:37855651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 89.163.145.141 80 (msg: "MISP e27168 [] Outgoing To IP: 89.163.145.141|80"; classtype:trojan-activity; sid:37855661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 5.42.67.10 8080 (msg: "MISP e27168 [] Outgoing To IP: 5.42.67.10|8080"; classtype:trojan-activity; sid:37855671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 5.42.67.89 8080 (msg: "MISP e27168 [] Outgoing To IP: 5.42.67.89|8080"; classtype:trojan-activity; sid:37855681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 110.173.54.195 80 (msg: "MISP e27168 [] Outgoing To IP: 110.173.54.195|80"; classtype:trojan-activity; sid:37855691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 37.140.242.93 80 (msg: "MISP e27168 [] Outgoing To IP: 37.140.242.93|80"; classtype:trojan-activity; sid:37855701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 46.246.86.12 6000 (msg: "MISP e27168 [] Outgoing To IP: 46.246.86.12|6000"; classtype:trojan-activity; sid:37855711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 154.244.6.141 80 (msg: "MISP e27168 [] Outgoing To IP: 154.244.6.141|80"; classtype:trojan-activity; sid:37855721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 220.78.13.217 8080 (msg: "MISP e27168 [] Outgoing To IP: 220.78.13.217|8080"; classtype:trojan-activity; sid:37855731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 181.162.129.236 8080 (msg: "MISP e27168 [] Outgoing To IP: 181.162.129.236|8080"; classtype:trojan-activity; sid:37855741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 89.23.102.221 8081 (msg: "MISP e27168 [] Outgoing To IP: 89.23.102.221|8081"; classtype:trojan-activity; sid:37855751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 193.233.254.32 80 (msg: "MISP e27168 [] Outgoing To IP: 193.233.254.32|80"; classtype:trojan-activity; sid:37855761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 212.70.149.199 80 (msg: "MISP e27168 [] Outgoing To IP: 212.70.149.199|80"; classtype:trojan-activity; sid:37855771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 86.110.194.13 80 (msg: "MISP e27168 [] Outgoing To IP: 86.110.194.13|80"; classtype:trojan-activity; sid:37855781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 185.217.197.66 80 (msg: "MISP e27168 [] Outgoing To IP: 185.217.197.66|80"; classtype:trojan-activity; sid:37855791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 186.170.114.55 8888 (msg: "MISP e27168 [] Outgoing To IP: 186.170.114.55|8888"; classtype:trojan-activity; sid:37855801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 46.4.37.212 100 (msg: "MISP e27168 [] Outgoing To IP: 46.4.37.212|100"; classtype:trojan-activity; sid:37855811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 186.170.114.55 2404 (msg: "MISP e27168 [] Outgoing To IP: 186.170.114.55|2404"; classtype:trojan-activity; sid:37855821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 213.195.119.244 5003 (msg: "MISP e27168 [] Outgoing To IP: 213.195.119.244|5003"; classtype:trojan-activity; sid:37855831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 213.195.119.244 4003 (msg: "MISP e27168 [] Outgoing To IP: 213.195.119.244|4003"; classtype:trojan-activity; sid:37855841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 213.195.119.244 5001 (msg: "MISP e27168 [] Outgoing To IP: 213.195.119.244|5001"; classtype:trojan-activity; sid:37855851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 213.195.119.244 4002 (msg: "MISP e27168 [] Outgoing To IP: 213.195.119.244|4002"; classtype:trojan-activity; sid:37855861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 82.165.208.218 8888 (msg: "MISP e27168 [] Outgoing To IP: 82.165.208.218|8888"; classtype:trojan-activity; sid:37855871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 34.86.252.187 8808 (msg: "MISP e27168 [] Outgoing To IP: 34.86.252.187|8808"; classtype:trojan-activity; sid:37855881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 185.87.150.199 2222 (msg: "MISP e27168 [] Outgoing To IP: 185.87.150.199|2222"; classtype:trojan-activity; sid:37855891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 82.97.244.235 443 (msg: "MISP e27168 [] Outgoing To IP: 82.97.244.235|443"; classtype:trojan-activity; sid:37855901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 35.93.24.71 31337 (msg: "MISP e27168 [] Outgoing To IP: 35.93.24.71|31337"; classtype:trojan-activity; sid:37855911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 114.115.129.32 31337 (msg: "MISP e27168 [] Outgoing To IP: 114.115.129.32|31337"; classtype:trojan-activity; sid:37855921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 101.201.46.105 10000 (msg: "MISP e27168 [] Outgoing To IP: 101.201.46.105|10000"; classtype:trojan-activity; sid:37855931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 65.20.80.197 9999 (msg: "MISP e27168 [] Outgoing To IP: 65.20.80.197|9999"; classtype:trojan-activity; sid:37855941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 101.201.46.105 8888 (msg: "MISP e27168 [] Outgoing To IP: 101.201.46.105|8888"; classtype:trojan-activity; sid:37855951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 65.20.80.197 8888 (msg: "MISP e27168 [] Outgoing To IP: 65.20.80.197|8888"; classtype:trojan-activity; sid:37855961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 39.104.73.42 8081 (msg: "MISP e27168 [] Outgoing To IP: 39.104.73.42|8081"; classtype:trojan-activity; sid:37855971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 34.168.39.155 10000 (msg: "MISP e27168 [] Outgoing To IP: 34.168.39.155|10000"; classtype:trojan-activity; sid:37855981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 39.104.73.42 8080 (msg: "MISP e27168 [] Outgoing To IP: 39.104.73.42|8080"; classtype:trojan-activity; sid:37855991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 176.32.38.186 81 (msg: "MISP e27168 [] Outgoing To IP: 176.32.38.186|81"; classtype:trojan-activity; sid:37856001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 182.92.207.142 8090 (msg: "MISP e27168 [] Outgoing To IP: 182.92.207.142|8090"; classtype:trojan-activity; sid:37856011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 91.92.241.199 443 (msg: "MISP e27168 [] Outgoing To IP: 91.92.241.199|443"; classtype:trojan-activity; sid:37856021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 45.159.209.194 80 (msg: "MISP e27168 [] Outgoing To IP: 45.159.209.194|80"; classtype:trojan-activity; sid:37856031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 117.72.42.129 8089 (msg: "MISP e27168 [] Outgoing To IP: 117.72.42.129|8089"; classtype:trojan-activity; sid:37856041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 8.222.150.46 8443 (msg: "MISP e27168 [] Outgoing To IP: 8.222.150.46|8443"; classtype:trojan-activity; sid:37856051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 8.222.150.46 443 (msg: "MISP e27168 [] Outgoing To IP: 8.222.150.46|443"; classtype:trojan-activity; sid:37856061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 45.131.132.55 4443 (msg: "MISP e27168 [] Outgoing To IP: 45.131.132.55|4443"; classtype:trojan-activity; sid:37856071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 91.149.237.252 52299 (msg: "MISP e27168 [] Outgoing To IP: 91.149.237.252|52299"; classtype:trojan-activity; sid:37856081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 101.200.164.66 5555 (msg: "MISP e27168 [] Outgoing To IP: 101.200.164.66|5555"; classtype:trojan-activity; sid:37856091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 107.172.196.196 80 (msg: "MISP e27168 [] Outgoing To IP: 107.172.196.196|80"; classtype:trojan-activity; sid:37856101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 154.221.17.44 2991 (msg: "MISP e27168 [] Outgoing To IP: 154.221.17.44|2991"; classtype:trojan-activity; sid:37856111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 111.231.146.154 443 (msg: "MISP e27168 [] Outgoing To IP: 111.231.146.154|443"; classtype:trojan-activity; sid:37856121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 167.71.186.178 443 (msg: "MISP e27168 [] Outgoing To IP: 167.71.186.178|443"; classtype:trojan-activity; sid:37856131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 139.180.146.240 80 (msg: "MISP e27168 [] Outgoing To IP: 139.180.146.240|80"; classtype:trojan-activity; sid:37856141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 43.136.71.208 8085 (msg: "MISP e27168 [] Outgoing To IP: 43.136.71.208|8085"; classtype:trojan-activity; sid:37856151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 154.197.98.85 80 (msg: "MISP e27168 [] Outgoing To IP: 154.197.98.85|80"; classtype:trojan-activity; sid:37856161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 175.24.133.171 80 (msg: "MISP e27168 [] Outgoing To IP: 175.24.133.171|80"; classtype:trojan-activity; sid:37856171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 152.42.164.112 443 (msg: "MISP e27168 [] Outgoing To IP: 152.42.164.112|443"; classtype:trojan-activity; sid:37856181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 221.234.36.116 10001 (msg: "MISP e27168 [] Outgoing To IP: 221.234.36.116|10001"; classtype:trojan-activity; sid:37856191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 1.94.110.130 8082 (msg: "MISP e27168 [] Outgoing To IP: 1.94.110.130|8082"; classtype:trojan-activity; sid:37856201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 47.254.149.115 8080 (msg: "MISP e27168 [] Outgoing To IP: 47.254.149.115|8080"; classtype:trojan-activity; sid:37856211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 20.108.32.205 443 (msg: "MISP e27168 [] Outgoing To IP: 20.108.32.205|443"; classtype:trojan-activity; sid:37856221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 52.190.15.163 443 (msg: "MISP e27168 [] Outgoing To IP: 52.190.15.163|443"; classtype:trojan-activity; sid:37856231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 58.137.140.249 80 (msg: "MISP e27168 [] Outgoing To IP: 58.137.140.249|80"; classtype:trojan-activity; sid:37856241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 147.185.221.18 36364 (msg: "MISP e26836 [njrat] Outgoing To IP: 147.185.221.18|36364"; classtype:trojan-activity; sid:37560321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 147.185.221.18 36364 (msg: "MISP e27168 [] Outgoing To IP: 147.185.221.18|36364"; classtype:trojan-activity; sid:37856251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 65.0.50.125 22158 (msg: "MISP e26836 [njrat] Outgoing To IP: 65.0.50.125|22158"; classtype:trojan-activity; sid:37560331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 213.152.162.89 9702 (msg: "MISP e26836 [RAT,RemcosRAT] Outgoing To IP: 213.152.162.89|9702"; classtype:trojan-activity; sid:37560341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 65.0.50.125 22158 (msg: "MISP e27168 [] Outgoing To IP: 65.0.50.125|22158"; classtype:trojan-activity; sid:37856261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 213.152.162.89 9702 (msg: "MISP e27168 [] Outgoing To IP: 213.152.162.89|9702"; classtype:trojan-activity; sid:37856271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert ip $HOME_NET any -> 85.159.228.138 41572 (msg: "MISP e26836 [RedLineStealer] Outgoing To IP: 85.159.228.138|41572"; classtype:trojan-activity; sid:37560351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert ip $HOME_NET any -> 85.159.228.138 41572 (msg: "MISP e27168 [] Outgoing To IP: 85.159.228.138|41572"; classtype:trojan-activity; sid:37856281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> 176.123.169.110 $HTTP_PORTS (msg: "MISP e26836 [dcrat] Outgoing URL http|3a|//176.123.169.110/imageprotect.php"; flow:to_server,established; http.header; content:"176.123.169.110"; fast_pattern; nocase; http.uri; content:"/imageprotect.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37560361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> 39.104.73.42 8081 (msg: "MISP e26836 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-100000] Outgoing URL http|3a|//39.104.73.42|3a|8081/pixel.gif"; flow:to_server,established; http.header; content:"39.104.73.42"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37560371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26836;) alert http $HOME_NET any -> 176.123.169.110 $HTTP_PORTS (msg: "MISP e27168 [] Outgoing URL http|3a|//176.123.169.110/imageprotect.php"; flow:to_server,established; http.header; content:"176.123.169.110"; fast_pattern; nocase; http.uri; content:"/imageprotect.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37856291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27168;) alert http $HOME_NET any -> 39.104.73.42 8081 (msg: "MISP e27167 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing URL http|3a|//39.104.73.42|3a|8081/pixel.gif"; flow:to_server,established; http.header; content:"39.104.73.42"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 45.80.158.25 5055 (msg: "MISP e26842 [asyncrat,RAT] Outgoing To IP: 45.80.158.25|5055"; classtype:trojan-activity; sid:37560921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 37.120.237.196 50500 (msg: "MISP e26842 [RiseProStealer] Outgoing To IP: 37.120.237.196|50500"; classtype:trojan-activity; sid:37560931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 37.120.237.196 50500 (msg: "MISP e27167 [] Outgoing To IP: 37.120.237.196|50500"; classtype:trojan-activity; sid:37853111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 45.80.158.25 5055 (msg: "MISP e27167 [] Outgoing To IP: 45.80.158.25|5055"; classtype:trojan-activity; sid:37853121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 147.185.221.18 32544 (msg: "MISP e26842 [njrat] Outgoing To IP: 147.185.221.18|32544"; classtype:trojan-activity; sid:37560941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 147.185.221.18 32544 (msg: "MISP e27167 [] Outgoing To IP: 147.185.221.18|32544"; classtype:trojan-activity; sid:37853131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e26837 [] Domain estado.accesoclientes.info"; dns.query; content:"estado.accesoclientes.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info$/i"; classtype:trojan-activity; sid:37560401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26837;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26837 [] Outgoing HTTP Domain estado.accesoclientes.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado.accesoclientes.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37560402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26837;) alert ip $HOME_NET any -> 49.13.32.37 80 (msg: "MISP e26842 [c2,Vidar] Outgoing To IP: 49.13.32.37|80"; classtype:trojan-activity; sid:37560951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 94.154.172.74 80 (msg: "MISP e26842 [c2,recordbreaker] Outgoing To IP: 94.154.172.74|80"; classtype:trojan-activity; sid:37560961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 105.100.10.190 6001 (msg: "MISP e26842 [c2,darkcomet] Outgoing To IP: 105.100.10.190|6001"; classtype:trojan-activity; sid:37560971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 121.37.66.33 50050 (msg: "MISP e26842 [c2,cobalt_strike] Outgoing To IP: 121.37.66.33|50050"; classtype:trojan-activity; sid:37560981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 121.37.66.33 50050 (msg: "MISP e27167 [] Outgoing To IP: 121.37.66.33|50050"; classtype:trojan-activity; sid:37853141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 105.100.10.190 6001 (msg: "MISP e27167 [] Outgoing To IP: 105.100.10.190|6001"; classtype:trojan-activity; sid:37853151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 94.154.172.74 80 (msg: "MISP e27167 [] Outgoing To IP: 94.154.172.74|80"; classtype:trojan-activity; sid:37853161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 49.13.32.37 80 (msg: "MISP e27167 [] Outgoing To IP: 49.13.32.37|80"; classtype:trojan-activity; sid:37853171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26842 [dcrat] Outgoing URL http|3a|//ck07725.tw1.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"ck07725.tw1.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37561001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27167 [] Outgoing URL http|3a|//ck07725.tw1.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"ck07725.tw1.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 92.246.136.169 16668 (msg: "MISP e26842 [RedLineStealer] Outgoing To IP: 92.246.136.169|16668"; classtype:trojan-activity; sid:37561011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 92.246.136.169 16668 (msg: "MISP e27167 [] Outgoing To IP: 92.246.136.169|16668"; classtype:trojan-activity; sid:37853191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 172.96.137.224 10443 (msg: "MISP e26842 [SHOCK-1,sliver] Outgoing To IP: 172.96.137.224|10443"; classtype:trojan-activity; sid:37561051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 143.198.112.191 445 (msg: "MISP e26842 [DIGITALOCEAN-ASN,Responder] Outgoing To IP: 143.198.112.191|445"; classtype:trojan-activity; sid:37561061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 77.49.56.209 995 (msg: "MISP e26842 [FORTHNET-GR Forthnet,QakBot] Outgoing To IP: 77.49.56.209|995"; classtype:trojan-activity; sid:37561071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 95.179.200.130 1024 (msg: "MISP e26842 [AS-CHOOPA,dcrat] Outgoing To IP: 95.179.200.130|1024"; classtype:trojan-activity; sid:37561081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 13.231.247.174 8888 (msg: "MISP e26842 [AMAZON-02,Supershell] Outgoing To IP: 13.231.247.174|8888"; classtype:trojan-activity; sid:37561091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 45.138.74.228 80 (msg: "MISP e26842 [AEZA-AS,Meduza Stealer] Outgoing To IP: 45.138.74.228|80"; classtype:trojan-activity; sid:37561101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 77.49.56.209 995 (msg: "MISP e27167 [] Outgoing To IP: 77.49.56.209|995"; classtype:trojan-activity; sid:37853201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 143.198.112.191 445 (msg: "MISP e27167 [] Outgoing To IP: 143.198.112.191|445"; classtype:trojan-activity; sid:37853211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 172.96.137.224 10443 (msg: "MISP e27167 [] Outgoing To IP: 172.96.137.224|10443"; classtype:trojan-activity; sid:37853221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 45.138.74.228 80 (msg: "MISP e27167 [] Outgoing To IP: 45.138.74.228|80"; classtype:trojan-activity; sid:37853231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 13.231.247.174 8888 (msg: "MISP e27167 [] Outgoing To IP: 13.231.247.174|8888"; classtype:trojan-activity; sid:37853241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 95.179.200.130 1024 (msg: "MISP e27167 [] Outgoing To IP: 95.179.200.130|1024"; classtype:trojan-activity; sid:37853251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 192.169.69.26 1177 (msg: "MISP e26842 [NanoCore,RAT] Outgoing To IP: 192.169.69.26|1177"; classtype:trojan-activity; sid:37561111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 147.185.221.18 80 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 147.185.221.18|80"; classtype:trojan-activity; sid:37561031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 93.123.85.8 1312 (msg: "MISP e26842 [Mirai] Outgoing To IP: 93.123.85.8|1312"; classtype:trojan-activity; sid:37561041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [njrat,RAT] Domain nature-dawn.gl.at.ply.gg"; dns.query; content:"nature-dawn.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])nature\-dawn\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37560901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [njrat,RAT] Outgoing HTTP Domain nature-dawn.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nature-dawn.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nature\-dawn\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37560902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [njrat,RAT] Domain pcpanel.hackcrack.io"; dns.query; content:"pcpanel.hackcrack.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])pcpanel\.hackcrack\.io$/i"; classtype:trojan-activity; sid:37560991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [njrat,RAT] Outgoing HTTP Domain pcpanel.hackcrack.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pcpanel.hackcrack.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pcpanel\.hackcrack\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37560992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 18.157.68.73 15217 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 18.157.68.73|15217"; classtype:trojan-activity; sid:37561021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [njrat,RAT] Domain than-electoral.gl.at.ply.gg"; dns.query; content:"than-electoral.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])than\-electoral\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37560881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [njrat,RAT] Outgoing HTTP Domain than-electoral.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"than-electoral.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])than\-electoral\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37560882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 147.185.221.18 3639 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 147.185.221.18|3639"; classtype:trojan-activity; sid:37560891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 18.156.13.209 18876 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 18.156.13.209|18876"; classtype:trojan-activity; sid:37560851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 18.192.93.86 18876 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 18.192.93.86|18876"; classtype:trojan-activity; sid:37560861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 18.197.239.5 18876 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 18.197.239.5|18876"; classtype:trojan-activity; sid:37560871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 3.126.37.18 18876 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 3.126.37.18|18876"; classtype:trojan-activity; sid:37560831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 3.127.138.57 18876 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 3.127.138.57|18876"; classtype:trojan-activity; sid:37560841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 52.28.247.255 17155 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 52.28.247.255|17155"; classtype:trojan-activity; sid:37560811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 3.69.157.220 17155 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 3.69.157.220|17155"; classtype:trojan-activity; sid:37560821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 18.197.239.109 17155 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 18.197.239.109|17155"; classtype:trojan-activity; sid:37560801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e27167 [] Domain than-electoral.gl.at.ply.gg"; dns.query; content:"than-electoral.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])than\-electoral\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37853261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain than-electoral.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"than-electoral.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])than\-electoral\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain pcpanel.hackcrack.io"; dns.query; content:"pcpanel.hackcrack.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])pcpanel\.hackcrack\.io$/i"; classtype:trojan-activity; sid:37853271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain pcpanel.hackcrack.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pcpanel.hackcrack.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pcpanel\.hackcrack\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain nature-dawn.gl.at.ply.gg"; dns.query; content:"nature-dawn.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])nature\-dawn\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37853281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain nature-dawn.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nature-dawn.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nature\-dawn\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 18.197.239.109 17155 (msg: "MISP e27167 [] Outgoing To IP: 18.197.239.109|17155"; classtype:trojan-activity; sid:37853301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 52.28.247.255 17155 (msg: "MISP e27167 [] Outgoing To IP: 52.28.247.255|17155"; classtype:trojan-activity; sid:37853311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 3.69.157.220 17155 (msg: "MISP e27167 [] Outgoing To IP: 3.69.157.220|17155"; classtype:trojan-activity; sid:37853321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 3.126.37.18 18876 (msg: "MISP e27167 [] Outgoing To IP: 3.126.37.18|18876"; classtype:trojan-activity; sid:37853331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 3.127.138.57 18876 (msg: "MISP e27167 [] Outgoing To IP: 3.127.138.57|18876"; classtype:trojan-activity; sid:37853341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 18.156.13.209 18876 (msg: "MISP e27167 [] Outgoing To IP: 18.156.13.209|18876"; classtype:trojan-activity; sid:37853351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 18.192.93.86 18876 (msg: "MISP e27167 [] Outgoing To IP: 18.192.93.86|18876"; classtype:trojan-activity; sid:37853361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 18.197.239.5 18876 (msg: "MISP e27167 [] Outgoing To IP: 18.197.239.5|18876"; classtype:trojan-activity; sid:37853371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 147.185.221.18 3639 (msg: "MISP e27167 [] Outgoing To IP: 147.185.221.18|3639"; classtype:trojan-activity; sid:37853381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 18.157.68.73 15217 (msg: "MISP e27167 [] Outgoing To IP: 18.157.68.73|15217"; classtype:trojan-activity; sid:37853391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 147.185.221.18 80 (msg: "MISP e27167 [] Outgoing To IP: 147.185.221.18|80"; classtype:trojan-activity; sid:37853401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 93.123.85.8 1312 (msg: "MISP e27167 [] Outgoing To IP: 93.123.85.8|1312"; classtype:trojan-activity; sid:37853411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 192.169.69.26 1177 (msg: "MISP e27167 [] Outgoing To IP: 192.169.69.26|1177"; classtype:trojan-activity; sid:37853421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 142.132.224.223 9001 (msg: "MISP e26842 [Vidar] Outgoing To IP: 142.132.224.223|9001"; classtype:trojan-activity; sid:37561121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 142.132.224.223 9001 (msg: "MISP e27167 [] Outgoing To IP: 142.132.224.223|9001"; classtype:trojan-activity; sid:37853431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e24599 [] Outgoing URL http|3a|//mimorvrste.com/si.html"; flow:to_server,established; http.header; content:"mimorvrste.com"; fast_pattern; nocase; http.uri; content:"/si.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37765521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert ip $HOME_NET any -> 148.72.132.181 53 (msg: "MISP e26842 [CobaltStrike,cs-watermark-1580103824,GoDaddy.com LLC] Outgoing To IP: 148.72.132.181|53"; classtype:trojan-activity; sid:37561131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 148.72.132.181 53 (msg: "MISP e27167 [] Outgoing To IP: 148.72.132.181|53"; classtype:trojan-activity; sid:37853441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e26842 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.110.130|3a|808/fwlink"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37561151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [CobaltStrike,cs-watermark-2005868699,MICROSOFT-CORP-MSN-AS-BLOCK] Domain ipadd.show"; dns.query; content:"ipadd.show"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipadd\.show$/i"; classtype:trojan-activity; sid:37561181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [CobaltStrike,cs-watermark-2005868699,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain ipadd.show"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipadd.show"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipadd\.show[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [CobaltStrike,cs-watermark-2005868699,MICROSOFT-CORP-MSN-AS-BLOCK] Domain cdncloud.info"; dns.query; content:"cdncloud.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdncloud\.info$/i"; classtype:trojan-activity; sid:37561201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [CobaltStrike,cs-watermark-2005868699,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain cdncloud.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdncloud.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdncloud\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e27167 [] Outgoing URL http|3a|//1.94.110.130|3a|808/fwlink"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> 185.196.8.200 $HTTP_PORTS (msg: "MISP e26842 [Phonk] Outgoing URL http|3a|//185.196.8.200/sosorry.php"; flow:to_server,established; http.header; content:"185.196.8.200"; fast_pattern; nocase; http.uri; content:"/sosorry.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37561211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> 185.196.8.200 $HTTP_PORTS (msg: "MISP e27167 [] Outgoing URL http|3a|//185.196.8.200/SOSORRY.php"; flow:to_server,established; http.header; content:"185.196.8.200"; fast_pattern; nocase; http.uri; content:"/SOSORRY.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain cdncloud.info"; dns.query; content:"cdncloud.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdncloud\.info$/i"; classtype:trojan-activity; sid:37853491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain cdncloud.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdncloud.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdncloud\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> 111.231.74.147 888 (msg: "MISP e26842 [CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//111.231.74.147|3a|888/j.ad"; flow:to_server,established; http.header; content:"111.231.74.147"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37561221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> 111.231.74.147 888 (msg: "MISP e27167 [] Outgoing URL http|3a|//111.231.74.147|3a|888/j.ad"; flow:to_server,established; http.header; content:"111.231.74.147"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26880 [] Outgoing URL http|3a|//omniva.today/"; flow:to_server,established; http.header; content:"omniva.today"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37581201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26880;) alert dns any any -> any any (msg: "MISP e26880 [] Domain omniva.today"; dns.query; content:"omniva.today"; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.today$/i"; classtype:trojan-activity; sid:37581211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26880;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26880 [] Outgoing HTTP Domain omniva.today"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omniva.today"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.today[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37581212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26880;) alert dns any any -> any any (msg: "MISP e26880 [] Domain my-omniva.com"; dns.query; content:"my-omniva.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-omniva\.com$/i"; classtype:trojan-activity; sid:37581231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26880;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26880 [] Outgoing HTTP Domain my-omniva.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"my-omniva.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])my\-omniva\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37581232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26880;) alert dns any any -> any any (msg: "MISP e27171 [] Domain bugiplaysec.com"; dns.query; content:"bugiplaysec.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bugiplaysec\.com$/i"; classtype:trojan-activity; sid:37861711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27171 [] Outgoing HTTP Domain bugiplaysec.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bugiplaysec.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bugiplaysec\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37861712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert dns any any -> any any (msg: "MISP e27171 [] Domain hitsbitsx.com"; dns.query; content:"hitsbitsx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hitsbitsx\.com$/i"; classtype:trojan-activity; sid:37861721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27171 [] Outgoing HTTP Domain hitsbitsx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hitsbitsx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hitsbitsx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37861722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert dns any any -> any any (msg: "MISP e27171 [] Domain ocsp-reloads.com"; dns.query; content:"ocsp-reloads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ocsp\-reloads\.com$/i"; classtype:trojan-activity; sid:37861731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27171 [] Outgoing HTTP Domain ocsp-reloads.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ocsp-reloads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ocsp\-reloads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37861732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert dns any any -> any any (msg: "MISP e27171 [] Domain recsecas.com"; dns.query; content:"recsecas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])recsecas\.com$/i"; classtype:trojan-activity; sid:37861741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27171 [] Outgoing HTTP Domain recsecas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"recsecas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])recsecas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37861742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert ip $HOME_NET any -> 38.180.2.23 any (msg: "MISP e27171 [] Outgoing To IP: 38.180.2.23"; classtype:trojan-activity; sid:37861751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert ip $HOME_NET any -> 38.180.3.57 any (msg: "MISP e27171 [] Outgoing To IP: 38.180.3.57"; classtype:trojan-activity; sid:37861761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert ip $HOME_NET any -> 38.180.76.31 any (msg: "MISP e27171 [] Outgoing To IP: 38.180.76.31"; classtype:trojan-activity; sid:37861771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert ip $HOME_NET any -> 86.105.18.113 any (msg: "MISP e27171 [] Outgoing To IP: 86.105.18.113"; classtype:trojan-activity; sid:37861781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert ip $HOME_NET any -> 176.97.66.57 any (msg: "MISP e27171 [] Outgoing To IP: 176.97.66.57"; classtype:trojan-activity; sid:37861791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert ip $HOME_NET any -> 176.97.76.118 any (msg: "MISP e27171 [] Outgoing To IP: 176.97.76.118"; classtype:trojan-activity; sid:37861801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert ip $HOME_NET any -> 176.97.76.129 any (msg: "MISP e27171 [] Outgoing To IP: 176.97.76.129"; classtype:trojan-activity; sid:37861811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert ip $HOME_NET any -> 198.50.170.72 any (msg: "MISP e27171 [] Outgoing To IP: 198.50.170.72"; classtype:trojan-activity; sid:37861821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27171;) alert http $HOME_NET any -> 5.34.198.105 $HTTP_PORTS (msg: "MISP e26842 [CobaltStrike,cs-watermark-987654321,Noyan Abr Arvan Co. ( Private Joint Stock)] Outgoing URL http|3a|//5.34.198.105/cm"; flow:to_server,established; http.header; content:"5.34.198.105"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37561231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 5.42.73.150 80 (msg: "MISP e26842 [Meduza,ViriBack] Outgoing To IP: 5.42.73.150|80"; classtype:trojan-activity; sid:37561241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> 5.34.198.105 $HTTP_PORTS (msg: "MISP e27167 [] Outgoing URL http|3a|//5.34.198.105/cm"; flow:to_server,established; http.header; content:"5.34.198.105"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 5.42.73.150 80 (msg: "MISP e27167 [] Outgoing To IP: 5.42.73.150|80"; classtype:trojan-activity; sid:37853561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 43.229.148.210 5556 (msg: "MISP e26842 [njrat] Outgoing To IP: 43.229.148.210|5556"; classtype:trojan-activity; sid:37561261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 43.229.148.210 5556 (msg: "MISP e27167 [] Outgoing To IP: 43.229.148.210|5556"; classtype:trojan-activity; sid:37853571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26838 [] Outgoing URL http|3a|//validartokenitau.webcindario.com"; flow:to_server,established; http.header; content:"validartokenitau.webcindario.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37560471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26838;) alert dns any any -> any any (msg: "MISP e26838 [] Domain validartokenitau.webcindario.com"; dns.query; content:"validartokenitau.webcindario.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])validartokenitau\.webcindario\.com$/i"; classtype:trojan-activity; sid:37560481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26838 [] Outgoing HTTP Domain validartokenitau.webcindario.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"validartokenitau.webcindario.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])validartokenitau\.webcindario\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37560482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26838;) alert dns any any -> any any (msg: "MISP e26842 [Android,APT,GravityRAT,TransparentTribe] Domain instantchatapp.com"; dns.query; content:"instantchatapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])instantchatapp\.com$/i"; classtype:trojan-activity; sid:37561311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [Android,APT,GravityRAT,TransparentTribe] Outgoing HTTP Domain instantchatapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"instantchatapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])instantchatapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [SocGholish] Domain funcallback.com"; dns.query; content:"funcallback.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])funcallback\.com$/i"; classtype:trojan-activity; sid:37561321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [SocGholish] Outgoing HTTP Domain funcallback.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"funcallback.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])funcallback\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [njrat,RAT] Domain appserv.ddns.net"; dns.query; content:"appserv.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])appserv\.ddns\.net$/i"; classtype:trojan-activity; sid:37561341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [njrat,RAT] Outgoing HTTP Domain appserv.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"appserv.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])appserv\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [Android,APT,GravityRAT,TransparentTribe] Domain cloudieapp.net"; dns.query; content:"cloudieapp.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])cloudieapp\.net$/i"; classtype:trojan-activity; sid:37561301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [Android,APT,GravityRAT,TransparentTribe] Outgoing HTTP Domain cloudieapp.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cloudieapp.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cloudieapp\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 77.246.158.53 13551 (msg: "MISP e26842 [infostealer,RedLine,stealer] Outgoing To IP: 77.246.158.53|13551"; classtype:trojan-activity; sid:37561251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [APT,caprarat,TransparentTribe] Domain manta.brasilia.me"; dns.query; content:"manta.brasilia.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])manta\.brasilia\.me$/i"; classtype:trojan-activity; sid:37561271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [APT,caprarat,TransparentTribe] Outgoing HTTP Domain manta.brasilia.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"manta.brasilia.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])manta\.brasilia\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [SocGholish] Domain stake.libertariancounterpoint.com"; dns.query; content:"stake.libertariancounterpoint.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stake\.libertariancounterpoint\.com$/i"; classtype:trojan-activity; sid:37561331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [SocGholish] Outgoing HTTP Domain stake.libertariancounterpoint.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stake.libertariancounterpoint.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stake\.libertariancounterpoint\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 185.158.251.240 443 (msg: "MISP e26842 [SocGholish] Outgoing To IP: 185.158.251.240|443"; classtype:trojan-activity; sid:37561351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e27167 [] Domain stake.libertariancounterpoint.com"; dns.query; content:"stake.libertariancounterpoint.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stake\.libertariancounterpoint\.com$/i"; classtype:trojan-activity; sid:37853581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain stake.libertariancounterpoint.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stake.libertariancounterpoint.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stake\.libertariancounterpoint\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain cloudieapp.net"; dns.query; content:"cloudieapp.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])cloudieapp\.net$/i"; classtype:trojan-activity; sid:37853601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain cloudieapp.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cloudieapp.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cloudieapp\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain instantchatapp.com"; dns.query; content:"instantchatapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])instantchatapp\.com$/i"; classtype:trojan-activity; sid:37853621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain instantchatapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"instantchatapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])instantchatapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain funcallback.com"; dns.query; content:"funcallback.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])funcallback\.com$/i"; classtype:trojan-activity; sid:37853631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain funcallback.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"funcallback.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])funcallback\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain appserv.ddns.net"; dns.query; content:"appserv.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])appserv\.ddns\.net$/i"; classtype:trojan-activity; sid:37853641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain appserv.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"appserv.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])appserv\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 185.158.251.240 443 (msg: "MISP e27167 [] Outgoing To IP: 185.158.251.240|443"; classtype:trojan-activity; sid:37853651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 77.246.158.53 13551 (msg: "MISP e27167 [] Outgoing To IP: 77.246.158.53|13551"; classtype:trojan-activity; sid:37853661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 192.236.162.239 80 (msg: "MISP e26842 [infostealer,LokiBot,stealer] Outgoing To IP: 192.236.162.239|80"; classtype:trojan-activity; sid:37561461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 192.236.162.239 80 (msg: "MISP e27167 [] Outgoing To IP: 192.236.162.239|80"; classtype:trojan-activity; sid:37853771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e26842 [njrat,RAT] Domain kisel228.zapto.org"; dns.query; content:"kisel228.zapto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])kisel228\.zapto\.org$/i"; classtype:trojan-activity; sid:37561481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [njrat,RAT] Outgoing HTTP Domain kisel228.zapto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kisel228.zapto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kisel228\.zapto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip $HOME_NET any -> 95.86.227.200 25565 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 95.86.227.200|25565"; classtype:trojan-activity; sid:37561471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e27167 [] Domain kisel228.zapto.org"; dns.query; content:"kisel228.zapto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])kisel228\.zapto\.org$/i"; classtype:trojan-activity; sid:37853781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain kisel228.zapto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kisel228.zapto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kisel228\.zapto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 95.86.227.200 25565 (msg: "MISP e27167 [] Outgoing To IP: 95.86.227.200|25565"; classtype:trojan-activity; sid:37853791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 1.48.45.56 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.48.45.56"; classtype:trojan-activity; sid:37581261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.168.63.126 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.168.63.126"; classtype:trojan-activity; sid:37581271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.32.28.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.32.28.220"; classtype:trojan-activity; sid:37581281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.51.62.149 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.51.62.149"; classtype:trojan-activity; sid:37581291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.203.242.76 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.203.242.76"; classtype:trojan-activity; sid:37581301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.144.121.46 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.144.121.46"; classtype:trojan-activity; sid:37581311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 192.241.218.12 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.218.12"; classtype:trojan-activity; sid:37577371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.47.172.129 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.47.172.129"; classtype:trojan-activity; sid:37577381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 172.81.62.174 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.174"; classtype:trojan-activity; sid:37573201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 172.81.62.168 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.168"; classtype:trojan-activity; sid:37573211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 109.67.132.188 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.67.132.188"; classtype:trojan-activity; sid:37581321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.103.130.119 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.130.119"; classtype:trojan-activity; sid:37581331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 109.149.65.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.149.65.180"; classtype:trojan-activity; sid:37581341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.185.163.101 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.185.163.101"; classtype:trojan-activity; sid:37581351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.221.73.35 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.221.73.35"; classtype:trojan-activity; sid:37581361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 147.78.179.134 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.78.179.134"; classtype:trojan-activity; sid:37599011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 151.51.13.19 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.51.13.19"; classtype:trojan-activity; sid:37599021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.147.250.222 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.147.250.222"; classtype:trojan-activity; sid:37577391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 170.64.209.167 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.209.167"; classtype:trojan-activity; sid:37599031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 147.182.204.119 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.182.204.119"; classtype:trojan-activity; sid:37599041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 34.126.187.228 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.126.187.228"; classtype:trojan-activity; sid:37577401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 167.248.133.34 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.34"; classtype:trojan-activity; sid:37599051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 89.187.177.121 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.187.177.121"; classtype:trojan-activity; sid:37573221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 114.226.105.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.226.105.54"; classtype:trojan-activity; sid:37581371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.66.88.211 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.88.211"; classtype:trojan-activity; sid:37573231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 117.209.77.99 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.209.77.99"; classtype:trojan-activity; sid:37581381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 152.89.198.42 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.89.198.42"; classtype:trojan-activity; sid:37573241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 114.239.245.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.245.85"; classtype:trojan-activity; sid:37581391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 39.105.54.237 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.105.54.237"; classtype:trojan-activity; sid:37599061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.111.3.174 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.111.3.174"; classtype:trojan-activity; sid:37581401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 115.203.161.109 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.203.161.109"; classtype:trojan-activity; sid:37581411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.116.47.137 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.116.47.137"; classtype:trojan-activity; sid:37581421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.207.80.55 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.207.80.55"; classtype:trojan-activity; sid:37581431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.201.123.123 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.201.123.123"; classtype:trojan-activity; sid:37581441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.78 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.78"; classtype:trojan-activity; sid:37577411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 144.62.234.121 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.62.234.121"; classtype:trojan-activity; sid:37581451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.131.248.141 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.248.141"; classtype:trojan-activity; sid:37599071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.131.60.40 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.60.40"; classtype:trojan-activity; sid:37599081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.74 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.74"; classtype:trojan-activity; sid:37577421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.248.134.185 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.248.134.185"; classtype:trojan-activity; sid:37599091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.233.220.132 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.220.132"; classtype:trojan-activity; sid:37581461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.138.214.217 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.214.217"; classtype:trojan-activity; sid:37599101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.80 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.80"; classtype:trojan-activity; sid:37746851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 118.249.40.120 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.249.40.120"; classtype:trojan-activity; sid:37581471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 23.90.165.131 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.90.165.131"; classtype:trojan-activity; sid:37746861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.236.176.76 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.76"; classtype:trojan-activity; sid:37746871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 54.90.202.118 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.90.202.118"; classtype:trojan-activity; sid:37746881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 47.242.77.181 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.77.181"; classtype:trojan-activity; sid:37746891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 45.137.201.204 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.137.201.204"; classtype:trojan-activity; sid:37577431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 122.116.183.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.116.183.88"; classtype:trojan-activity; sid:37581481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.243.145.44 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.145.44"; classtype:trojan-activity; sid:37746901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 103.197.49.92 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.197.49.92"; classtype:trojan-activity; sid:37581491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.243.135.9 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.135.9"; classtype:trojan-activity; sid:37581501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.210.31.178 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.178"; classtype:trojan-activity; sid:37577441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 101.200.166.251 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.200.166.251"; classtype:trojan-activity; sid:37581511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.82.191.110 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.82.191.110"; classtype:trojan-activity; sid:37581521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.254.26.57 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.254.26.57"; classtype:trojan-activity; sid:37581531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.137.50.92 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.137.50.92"; classtype:trojan-activity; sid:37581541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.173.88.124 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.173.88.124"; classtype:trojan-activity; sid:37581551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.248.10.229 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.248.10.229"; classtype:trojan-activity; sid:37581561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 173.52.101.9 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.52.101.9"; classtype:trojan-activity; sid:37581571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.214.8.234 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.8.234"; classtype:trojan-activity; sid:37581581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.233.182.238 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.182.238"; classtype:trojan-activity; sid:37581591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.233.157.219 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.157.219"; classtype:trojan-activity; sid:37581601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 196.170.75.54 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.170.75.54"; classtype:trojan-activity; sid:37573251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 125.126.40.249 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.126.40.249"; classtype:trojan-activity; sid:37581611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 212.70.149.142 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.70.149.142"; classtype:trojan-activity; sid:37577451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 123.185.228.8 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.185.228.8"; classtype:trojan-activity; sid:37581621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.98 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.98"; classtype:trojan-activity; sid:37577461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.97 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.97"; classtype:trojan-activity; sid:37577471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 94.26.228.162 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.26.228.162"; classtype:trojan-activity; sid:37577481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 64.62.197.197 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.197"; classtype:trojan-activity; sid:37577491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 124.129.222.144 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.129.222.144"; classtype:trojan-activity; sid:37581631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 179.216.215.171 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.216.215.171"; classtype:trojan-activity; sid:37581641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.53.73.26 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.53.73.26"; classtype:trojan-activity; sid:37581651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.119.177.121 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.119.177.121"; classtype:trojan-activity; sid:37581661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.35.23.222 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.35.23.222"; classtype:trojan-activity; sid:37581671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.106.130.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.106.130.181"; classtype:trojan-activity; sid:37581681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.41.137.103 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.137.103"; classtype:trojan-activity; sid:37581691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.124.58.142 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.124.58.142"; classtype:trojan-activity; sid:37573261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 117.214.73.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.73.150"; classtype:trojan-activity; sid:37581701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 149.102.252.48 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.102.252.48"; classtype:trojan-activity; sid:37573271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 162.142.125.213 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.213"; classtype:trojan-activity; sid:37581711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.76.74.190 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.76.74.190"; classtype:trojan-activity; sid:37573281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 112.243.92.57 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.243.92.57"; classtype:trojan-activity; sid:37581721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 84.17.35.102 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.102"; classtype:trojan-activity; sid:37573291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 84.54.73.107 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.54.73.107"; classtype:trojan-activity; sid:37573301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 146.70.186.190 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.190"; classtype:trojan-activity; sid:37573311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 167.94.138.49 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.49"; classtype:trojan-activity; sid:37581731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.151.78.14 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.151.78.14"; classtype:trojan-activity; sid:37581741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.246.237.113 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.246.237.113"; classtype:trojan-activity; sid:37581751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.98.103.177 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.98.103.177"; classtype:trojan-activity; sid:37581761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 177.230.149.49 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.230.149.49"; classtype:trojan-activity; sid:37581771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 179.63.147.59 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.63.147.59"; classtype:trojan-activity; sid:37581781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.46.173.94 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.46.173.94"; classtype:trojan-activity; sid:37581791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.89.86.251 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.89.86.251"; classtype:trojan-activity; sid:37581801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.67.196.50 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.67.196.50"; classtype:trojan-activity; sid:37581811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.81 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.81"; classtype:trojan-activity; sid:37599111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.25.194.63 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.25.194.63"; classtype:trojan-activity; sid:37581821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.70.10.146 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.70.10.146"; classtype:trojan-activity; sid:37581831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.70.30.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.30.82"; classtype:trojan-activity; sid:37581841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 24.229.64.86 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.229.64.86"; classtype:trojan-activity; sid:37573321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 187.45.17.182 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.45.17.182"; classtype:trojan-activity; sid:37581851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.80.52.149 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.80.52.149"; classtype:trojan-activity; sid:37581861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.1.121.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.1.121.181"; classtype:trojan-activity; sid:37581871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.246.188.141 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.246.188.141"; classtype:trojan-activity; sid:37581881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.86.181.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.86.181.114"; classtype:trojan-activity; sid:37581891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 51.75.52.3 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.75.52.3"; classtype:trojan-activity; sid:37577501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 194.33.45.75 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.45.75"; classtype:trojan-activity; sid:37573331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 157.119.203.222 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.119.203.222"; classtype:trojan-activity; sid:37581901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.64.187.63 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.187.63"; classtype:trojan-activity; sid:37599121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.35.240.93 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.35.240.93"; classtype:trojan-activity; sid:37581911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.250.52.165 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.250.52.165"; classtype:trojan-activity; sid:37581921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.121.108.115 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.121.108.115"; classtype:trojan-activity; sid:37581931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.106.122.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.106.122.3"; classtype:trojan-activity; sid:37581941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.79.163.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.163.53"; classtype:trojan-activity; sid:37581951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 157.52.30.204 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.52.30.204"; classtype:trojan-activity; sid:37581961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 65.49.20.69 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.49.20.69"; classtype:trojan-activity; sid:37746911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 117.194.96.58 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.194.96.58"; classtype:trojan-activity; sid:37581971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 2.38.146.6 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.38.146.6"; classtype:trojan-activity; sid:37581981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.70.20.246 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.70.20.246"; classtype:trojan-activity; sid:37581991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.236.182.245 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.236.182.245"; classtype:trojan-activity; sid:37582001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 176.114.212.242 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.114.212.242"; classtype:trojan-activity; sid:37582011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.148.120.221 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.148.120.221"; classtype:trojan-activity; sid:37746921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 154.92.23.218 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.92.23.218"; classtype:trojan-activity; sid:37599131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.161.41.156 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.161.41.156"; classtype:trojan-activity; sid:37599141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 141.98.11.90 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.90"; classtype:trojan-activity; sid:37599151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.172.70.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.70.231"; classtype:trojan-activity; sid:37582021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 177.12.186.135 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.12.186.135"; classtype:trojan-activity; sid:37582031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.61.40.228 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.40.228"; classtype:trojan-activity; sid:37582041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.203.150.81 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.203.150.81"; classtype:trojan-activity; sid:37582051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.202.46.235 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.202.46.235"; classtype:trojan-activity; sid:37582061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.243.137.18 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.137.18"; classtype:trojan-activity; sid:37746931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 187.137.241.178 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.137.241.178"; classtype:trojan-activity; sid:37599161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.199.114.5 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.114.5"; classtype:trojan-activity; sid:37577511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 117.209.118.167 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.209.118.167"; classtype:trojan-activity; sid:37582071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.151.83.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.151.83.166"; classtype:trojan-activity; sid:37582081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.38.221.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.38.221.225"; classtype:trojan-activity; sid:37582091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 206.0.185.146 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.0.185.146"; classtype:trojan-activity; sid:37582101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.128.176.245 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.176.245"; classtype:trojan-activity; sid:37577521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 182.181.162.123 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.181.162.123"; classtype:trojan-activity; sid:37582111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 141.98.7.237 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.7.237"; classtype:trojan-activity; sid:37582121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.91 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.91"; classtype:trojan-activity; sid:37746941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 179.145.223.76 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.145.223.76"; classtype:trojan-activity; sid:37582131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.94.138.50 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.50"; classtype:trojan-activity; sid:37582141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.90 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.90"; classtype:trojan-activity; sid:37746951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 185.139.228.190 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.139.228.190"; classtype:trojan-activity; sid:37577531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 152.253.124.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.253.124.193"; classtype:trojan-activity; sid:37582151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 165.227.24.17 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.24.17"; classtype:trojan-activity; sid:37577541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 148.75.61.73 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.75.61.73"; classtype:trojan-activity; sid:37582161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.119.226.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.119.226.139"; classtype:trojan-activity; sid:37582171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.248.162.124 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.248.162.124"; classtype:trojan-activity; sid:37582181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.151.38.102 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.151.38.102"; classtype:trojan-activity; sid:37582191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.164.11.141 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.164.11.141"; classtype:trojan-activity; sid:37582201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.154 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.154"; classtype:trojan-activity; sid:37577551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 153.156.0.157 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.156.0.157"; classtype:trojan-activity; sid:37582211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 35.190.199.12 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.190.199.12"; classtype:trojan-activity; sid:37573341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 184.82.253.120 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.82.253.120"; classtype:trojan-activity; sid:37582221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.192.237.223 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.192.237.223"; classtype:trojan-activity; sid:37582231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.177.0.185 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.177.0.185"; classtype:trojan-activity; sid:37573351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 111.179.41.68 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.179.41.68"; classtype:trojan-activity; sid:37582241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 211.33.207.184 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.33.207.184"; classtype:trojan-activity; sid:37582251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.66.88.148 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.88.148"; classtype:trojan-activity; sid:37573361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 188.113.235.40 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.113.235.40"; classtype:trojan-activity; sid:37573371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 27.21.170.135 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.21.170.135"; classtype:trojan-activity; sid:37582261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.59.156.9 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.59.156.9"; classtype:trojan-activity; sid:37582271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 181.188.211.153 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.188.211.153"; classtype:trojan-activity; sid:37573381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 177.223.89.1 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.223.89.1"; classtype:trojan-activity; sid:37582281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.120.54.236 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.120.54.236"; classtype:trojan-activity; sid:37582291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.32.46.110 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.46.110"; classtype:trojan-activity; sid:37582301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.82.13.19 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.82.13.19"; classtype:trojan-activity; sid:37582311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.87.202.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.87.202.130"; classtype:trojan-activity; sid:37582321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.71.49.41 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.71.49.41"; classtype:trojan-activity; sid:37582331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.149.99.121 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.149.99.121"; classtype:trojan-activity; sid:37582341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 217.210.57.211 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.210.57.211"; classtype:trojan-activity; sid:37582351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.5.3.35 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.5.3.35"; classtype:trojan-activity; sid:37582361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 189.201.207.146 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.201.207.146"; classtype:trojan-activity; sid:37582371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.224.178.69 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.224.178.69"; classtype:trojan-activity; sid:37582381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 2.180.161.204 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.180.161.204"; classtype:trojan-activity; sid:37582391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.59.240.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.59.240.154"; classtype:trojan-activity; sid:37582401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.73.80.135 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.73.80.135"; classtype:trojan-activity; sid:37582411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.151.55.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.151.55.130"; classtype:trojan-activity; sid:37582421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.10.199.122 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.10.199.122"; classtype:trojan-activity; sid:37582431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 108.76.249.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.76.249.180"; classtype:trojan-activity; sid:37582441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.143.62.33 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.143.62.33"; classtype:trojan-activity; sid:37582451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.49.173.179 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.49.173.179"; classtype:trojan-activity; sid:37582461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.41.28.47 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.28.47"; classtype:trojan-activity; sid:37582471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.72.35.164 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.35.164"; classtype:trojan-activity; sid:37582481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.211.255.106 any -> $HOME_NET any (msg: "MISP e26882 [] Incoming From IP: 190.211.255.106"; classtype:trojan-activity; sid:37582491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.49.37.190 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.49.37.190"; classtype:trojan-activity; sid:37582501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 202.189.199.69 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.189.199.69"; classtype:trojan-activity; sid:37582511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 219.107.156.210 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.107.156.210"; classtype:trojan-activity; sid:37582521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 189.85.33.83 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.85.33.83"; classtype:trojan-activity; sid:37582531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.233.49.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.233.49.158"; classtype:trojan-activity; sid:37582541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.243.140.8 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.243.140.8"; classtype:trojan-activity; sid:37582551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.122.114.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance] Incoming From IP: 119.122.114.158"; classtype:trojan-activity; sid:37582561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.233.77.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.233.77.54"; classtype:trojan-activity; sid:37582571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 2.181.160.40 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.181.160.40"; classtype:trojan-activity; sid:37582581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.236.149.129 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.236.149.129"; classtype:trojan-activity; sid:37582591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.254.180.200 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.254.180.200"; classtype:trojan-activity; sid:37582601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.67.129.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.67.129.114"; classtype:trojan-activity; sid:37582611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.176.117.147 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.176.117.147"; classtype:trojan-activity; sid:37582621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 88.199.146.42 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.199.146.42"; classtype:trojan-activity; sid:37582631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 78.102.96.183 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.102.96.183"; classtype:trojan-activity; sid:37582641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.63.36.212 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.63.36.212"; classtype:trojan-activity; sid:37582651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.93.21.134 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.93.21.134"; classtype:trojan-activity; sid:37582661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.214.77.212 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.77.212"; classtype:trojan-activity; sid:37582671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 217.211.82.169 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.211.82.169"; classtype:trojan-activity; sid:37582681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.168.240.141 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.168.240.141"; classtype:trojan-activity; sid:37582691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 72.69.72.87 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.69.72.87"; classtype:trojan-activity; sid:37582701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 191.7.2.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.7.2.166"; classtype:trojan-activity; sid:37582711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.133.209.230 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.133.209.230"; classtype:trojan-activity; sid:37582721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.230.89.51 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.89.51"; classtype:trojan-activity; sid:37599171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.221.212.16 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.212.16"; classtype:trojan-activity; sid:37599181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.70.108.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.70.108.75"; classtype:trojan-activity; sid:37582731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.144.56.94 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.144.56.94"; classtype:trojan-activity; sid:37582741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 197.90.104.143 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.90.104.143"; classtype:trojan-activity; sid:37582751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.75.229.247 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.229.247"; classtype:trojan-activity; sid:37599191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 191.12.102.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.12.102.4"; classtype:trojan-activity; sid:37582761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 62.244.157.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.244.157.85"; classtype:trojan-activity; sid:37582771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.86.65.93 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.86.65.93"; classtype:trojan-activity; sid:37582781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.17.30.248 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.17.30.248"; classtype:trojan-activity; sid:37582791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.196.230.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.196.230.88"; classtype:trojan-activity; sid:37582801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.215.2.28 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.215.2.28"; classtype:trojan-activity; sid:37582811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.91.127.234 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.91.127.234"; classtype:trojan-activity; sid:37582821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 2.181.123.50 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.181.123.50"; classtype:trojan-activity; sid:37582831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.175.17.241 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.175.17.241"; classtype:trojan-activity; sid:37582841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 23.145.112.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.145.112.107"; classtype:trojan-activity; sid:37582851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 78.189.85.240 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.189.85.240"; classtype:trojan-activity; sid:37582861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.186.1.76 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.186.1.76"; classtype:trojan-activity; sid:37599201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 71.90.30.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.90.30.53"; classtype:trojan-activity; sid:37582871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.75.164.110 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.164.110"; classtype:trojan-activity; sid:37599211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.165.40.95 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.165.40.95"; classtype:trojan-activity; sid:37582881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.178.219.144 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.219.144"; classtype:trojan-activity; sid:37599221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.91.146.160 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.146.160"; classtype:trojan-activity; sid:37599231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 120.48.146.229 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.146.229"; classtype:trojan-activity; sid:37599241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.100.56.129 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.56.129"; classtype:trojan-activity; sid:37582891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.229.251.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.229.251.107"; classtype:trojan-activity; sid:37582901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.91.139.84 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.139.84"; classtype:trojan-activity; sid:37599251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.248.133.124 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.124"; classtype:trojan-activity; sid:37582911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.158.49.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.49.54"; classtype:trojan-activity; sid:37599261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.140.243.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.140.243.180"; classtype:trojan-activity; sid:37582921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 72.196.240.38 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.196.240.38"; classtype:trojan-activity; sid:37582931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.97.129.243 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.97.129.243"; classtype:trojan-activity; sid:37582941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 41.32.77.131 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.32.77.131"; classtype:trojan-activity; sid:37582951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.43.39.167 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.39.167"; classtype:trojan-activity; sid:37599271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.11.137.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.11.137.220"; classtype:trojan-activity; sid:37582961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.143.249.129 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.249.129"; classtype:trojan-activity; sid:37599281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.223.33.128 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.33.128"; classtype:trojan-activity; sid:37599291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.84.134.169 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.84.134.169"; classtype:trojan-activity; sid:37582971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.60.22.183 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.60.22.183"; classtype:trojan-activity; sid:37582981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 212.220.211.218 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.220.211.218"; classtype:trojan-activity; sid:37599301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 115.21.60.8 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.21.60.8"; classtype:trojan-activity; sid:37599311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.104.157 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.104.157"; classtype:trojan-activity; sid:37599321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.178.234.96 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.178.234.96"; classtype:trojan-activity; sid:37599331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.62.214.135 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.214.135"; classtype:trojan-activity; sid:37599341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.103.52.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.103.52.2"; classtype:trojan-activity; sid:37599351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 165.154.183.23 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.183.23"; classtype:trojan-activity; sid:37599361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.243.152.4 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.152.4"; classtype:trojan-activity; sid:37599371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.37"; classtype:trojan-activity; sid:37599381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.61.2.59 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.2.59"; classtype:trojan-activity; sid:37599391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.33.80.241 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.80.241"; classtype:trojan-activity; sid:37599401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.211.208.101 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.211.208.101"; classtype:trojan-activity; sid:37582991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.32.141.43 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.141.43"; classtype:trojan-activity; sid:37599411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 181.229.62.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.229.62.65"; classtype:trojan-activity; sid:37599421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.219.149.157 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.219.149.157"; classtype:trojan-activity; sid:37599431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 18.193.73.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 18.193.73.45"; classtype:trojan-activity; sid:37599441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 203.161.35.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.161.35.128"; classtype:trojan-activity; sid:37583001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.248.16.72 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.248.16.72"; classtype:trojan-activity; sid:37599451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.133.170.211 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.170.211"; classtype:trojan-activity; sid:37599461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.126.98.151 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.126.98.151"; classtype:trojan-activity; sid:37583011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.39.253.198 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.39.253.198"; classtype:trojan-activity; sid:37583021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.142.125.226 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.226"; classtype:trojan-activity; sid:37577561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 8.210.105.141 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.210.105.141"; classtype:trojan-activity; sid:37599471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.156.211.11 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.211.11"; classtype:trojan-activity; sid:37599481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.221.133.108 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.133.108"; classtype:trojan-activity; sid:37599491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 203.177.140.211 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.177.140.211"; classtype:trojan-activity; sid:37583031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.131.15.101 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.15.101"; classtype:trojan-activity; sid:37599501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.92.251.164 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.251.164"; classtype:trojan-activity; sid:37599511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.35.33.200 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.35.33.200"; classtype:trojan-activity; sid:37583041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.35.189.86 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.35.189.86"; classtype:trojan-activity; sid:37599521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.156.197.222 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.197.222"; classtype:trojan-activity; sid:37599531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.129.219.189 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.219.189"; classtype:trojan-activity; sid:37577571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 123.175.55.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.175.55.53"; classtype:trojan-activity; sid:37583051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.156.193.192 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.193.192"; classtype:trojan-activity; sid:37599541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 165.154.183.15 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.183.15"; classtype:trojan-activity; sid:37599551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.163 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.163"; classtype:trojan-activity; sid:37599561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 73.150.33.205 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 73.150.33.205"; classtype:trojan-activity; sid:37599571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.62.106.230 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.106.230"; classtype:trojan-activity; sid:37599581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 171.76.95.142 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.76.95.142"; classtype:trojan-activity; sid:37599591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 213.215.140.6 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.215.140.6"; classtype:trojan-activity; sid:37599601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 81.17.21.98 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.17.21.98"; classtype:trojan-activity; sid:37599611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 64.62.197.227 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.227"; classtype:trojan-activity; sid:37577581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 61.184.69.126 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.184.69.126"; classtype:trojan-activity; sid:37583061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.108.217.9 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.108.217.9"; classtype:trojan-activity; sid:37599621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 147.78.47.229 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.78.47.229"; classtype:trojan-activity; sid:37573391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 223.12.176.102 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.12.176.102"; classtype:trojan-activity; sid:37583071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 152.58.189.99 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.58.189.99"; classtype:trojan-activity; sid:37573401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 163.228.248.90 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.228.248.90"; classtype:trojan-activity; sid:37599631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 96.44.153.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.44.153.169"; classtype:trojan-activity; sid:37599641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.223.85.11 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.85.11"; classtype:trojan-activity; sid:37599651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 212.70.149.146 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.70.149.146"; classtype:trojan-activity; sid:37577591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 212.109.192.55 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.109.192.55"; classtype:trojan-activity; sid:37599661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 210.212.47.82 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.212.47.82"; classtype:trojan-activity; sid:37599671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 211.47.49.99 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.47.49.99"; classtype:trojan-activity; sid:37599681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 8.219.117.148 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.219.117.148"; classtype:trojan-activity; sid:37599691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.49.254 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.49.254"; classtype:trojan-activity; sid:37599701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.131.144.12 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.144.12"; classtype:trojan-activity; sid:37573411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 60.251.194.252 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.251.194.252"; classtype:trojan-activity; sid:37573421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 45.89.76.238 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.89.76.238"; classtype:trojan-activity; sid:37573431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 5.181.80.136 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.181.80.136"; classtype:trojan-activity; sid:37573441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 80.94.95.217 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.94.95.217"; classtype:trojan-activity; sid:37573451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 92.222.171.6 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.222.171.6"; classtype:trojan-activity; sid:37573461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 61.231.160.118 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.231.160.118"; classtype:trojan-activity; sid:37573471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 61.221.83.139 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.221.83.139"; classtype:trojan-activity; sid:37573481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 82.147.85.123 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.147.85.123"; classtype:trojan-activity; sid:37573491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 180.184.161.197 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.184.161.197"; classtype:trojan-activity; sid:37746961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 152.32.134.89 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.134.89"; classtype:trojan-activity; sid:37577601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 103.47.194.156 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.47.194.156"; classtype:trojan-activity; sid:37573501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 185.177.0.230 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.177.0.230"; classtype:trojan-activity; sid:37573511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 122.114.180.211 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.180.211"; classtype:trojan-activity; sid:37599711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.64.193.215 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.193.215"; classtype:trojan-activity; sid:37599721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.193.43.57 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.43.57"; classtype:trojan-activity; sid:37599731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.130.165.134 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.130.165.134"; classtype:trojan-activity; sid:37599741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.53.160.150 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.160.150"; classtype:trojan-activity; sid:37599751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.70.123.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.70.123.181"; classtype:trojan-activity; sid:37583081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.27.38.143 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.27.38.143"; classtype:trojan-activity; sid:37583091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.78.39.66 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.78.39.66"; classtype:trojan-activity; sid:37583101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.202.86 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.202.86"; classtype:trojan-activity; sid:37599761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 95.164.87.126 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.164.87.126"; classtype:trojan-activity; sid:37599771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 220.173.32.171 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.173.32.171"; classtype:trojan-activity; sid:37583111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.26.67.196 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.26.67.196"; classtype:trojan-activity; sid:37583121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.86.86.176 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.86.86.176"; classtype:trojan-activity; sid:37583131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.138.51.86 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.51.86"; classtype:trojan-activity; sid:37599781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 142.93.255.174 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.255.174"; classtype:trojan-activity; sid:37599791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.61.16.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.61.16.107"; classtype:trojan-activity; sid:37583141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 139.199.199.115 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.199.199.115"; classtype:trojan-activity; sid:37599801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.166.47.99 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.47.99"; classtype:trojan-activity; sid:37599811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.251.67.226 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.251.67.226"; classtype:trojan-activity; sid:37573521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 64.202.184.88 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.202.184.88"; classtype:trojan-activity; sid:37577611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 60.172.131.27 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.172.131.27"; classtype:trojan-activity; sid:37599821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.128.161.14 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.161.14"; classtype:trojan-activity; sid:37599831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 79.31.240.228 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.31.240.228"; classtype:trojan-activity; sid:37583151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.70.127.99 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.70.127.99"; classtype:trojan-activity; sid:37583161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.221.26.41 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.221.26.41"; classtype:trojan-activity; sid:37583171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.188.43.242 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.188.43.242"; classtype:trojan-activity; sid:37583181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.224.200.33 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.224.200.33"; classtype:trojan-activity; sid:37583191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.229.186.186 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.186.186"; classtype:trojan-activity; sid:37599841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 163.172.216.48 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.172.216.48"; classtype:trojan-activity; sid:37599851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.109.243.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.109.243.75"; classtype:trojan-activity; sid:37583201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 197.199.224.52 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.199.224.52"; classtype:trojan-activity; sid:37599861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.227.48.211 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.227.48.211"; classtype:trojan-activity; sid:37583211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.92.14.200 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.92.14.200"; classtype:trojan-activity; sid:37583221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.117.149.176 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.149.176"; classtype:trojan-activity; sid:37583231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.175.68.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance] Incoming From IP: 123.175.68.168"; classtype:trojan-activity; sid:37583241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.155.132.179 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.132.179"; classtype:trojan-activity; sid:37599871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.29.156.147 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.156.147"; classtype:trojan-activity; sid:37599881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.53.150.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.150.197"; classtype:trojan-activity; sid:37583251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.200.120.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.200.120.60"; classtype:trojan-activity; sid:37583261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.43.248.122 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.43.248.122"; classtype:trojan-activity; sid:37599891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.25.100.35 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.25.100.35"; classtype:trojan-activity; sid:37583271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.30.105.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.105.60"; classtype:trojan-activity; sid:37583281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 139.198.9.32 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.198.9.32"; classtype:trojan-activity; sid:37599901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 85.240.58.125 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.240.58.125"; classtype:trojan-activity; sid:37599911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.33.8.20 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.33.8.20"; classtype:trojan-activity; sid:37583291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.137.74.48 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.137.74.48"; classtype:trojan-activity; sid:37599921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.205.231.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.205.231.4"; classtype:trojan-activity; sid:37583301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.78.101 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.78.101"; classtype:trojan-activity; sid:37599931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.232.221.197 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.221.197"; classtype:trojan-activity; sid:37599941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.43.179.165 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.43.179.165"; classtype:trojan-activity; sid:37746971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 216.73.161.62 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.73.161.62"; classtype:trojan-activity; sid:37577621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 1.70.136.252 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.70.136.252"; classtype:trojan-activity; sid:37583311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.135.134.197 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.134.197"; classtype:trojan-activity; sid:37599951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.200 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.200"; classtype:trojan-activity; sid:37577631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.157.88.137 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.88.137"; classtype:trojan-activity; sid:37599961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.128.88.108 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.88.108"; classtype:trojan-activity; sid:37599971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 193.254.3.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.254.3.18"; classtype:trojan-activity; sid:37599981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.81.253 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.81.253"; classtype:trojan-activity; sid:37599991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 192.241.232.15 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.232.15"; classtype:trojan-activity; sid:37600001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.235.120.200 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.120.200"; classtype:trojan-activity; sid:37600011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.228.112.254 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.228.112.254"; classtype:trojan-activity; sid:37600021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.20.179.244 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.20.179.244"; classtype:trojan-activity; sid:37583321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.130.16.82 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.16.82"; classtype:trojan-activity; sid:37600031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.33.36.97 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.33.36.97"; classtype:trojan-activity; sid:37583331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.10.132.5 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.10.132.5"; classtype:trojan-activity; sid:37583341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.190.252.104 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.190.252.104"; classtype:trojan-activity; sid:37583351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.83.5.39 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.83.5.39"; classtype:trojan-activity; sid:37600041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.51.219.94 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.219.94"; classtype:trojan-activity; sid:37600051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 144.16.111.79 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.16.111.79"; classtype:trojan-activity; sid:37600061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 171.88.40.86 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.88.40.86"; classtype:trojan-activity; sid:37583361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 141.98.11.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.107"; classtype:trojan-activity; sid:37583371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.248.170.88 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.248.170.88"; classtype:trojan-activity; sid:37577641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 111.229.234.202 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.234.202"; classtype:trojan-activity; sid:37600071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.117.207.47 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.207.47"; classtype:trojan-activity; sid:37600081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.40.146.229 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.146.229"; classtype:trojan-activity; sid:37573531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 60.253.50.44 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.253.50.44"; classtype:trojan-activity; sid:37583381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.176.77.70 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.176.77.70"; classtype:trojan-activity; sid:37600091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.38.16 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.38.16"; classtype:trojan-activity; sid:37600101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.118.114.44 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.118.114.44"; classtype:trojan-activity; sid:37583391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.243.227.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.243.227.203"; classtype:trojan-activity; sid:37583401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.134.194.34 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.134.194.34"; classtype:trojan-activity; sid:37573541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.145 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.145"; classtype:trojan-activity; sid:37577651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 62.234.68.208 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.68.208"; classtype:trojan-activity; sid:37600111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.196.6.71 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.196.6.71"; classtype:trojan-activity; sid:37600121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.49.76.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.49.76.244"; classtype:trojan-activity; sid:37600131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.168.232 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.168.232"; classtype:trojan-activity; sid:37600141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 50.31.21.10 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.31.21.10"; classtype:trojan-activity; sid:37577661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.120.139.49 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.120.139.49"; classtype:trojan-activity; sid:37583411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 95.73.172.170 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.73.172.170"; classtype:trojan-activity; sid:37600151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.27.188.77 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.27.188.77"; classtype:trojan-activity; sid:37583421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 20.141.64.165 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.141.64.165"; classtype:trojan-activity; sid:37600161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 89.252.140.21 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.252.140.21"; classtype:trojan-activity; sid:37600171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.137.208.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.137.208.75"; classtype:trojan-activity; sid:37583431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.49.132.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.49.132.231"; classtype:trojan-activity; sid:37583441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.95.64.119 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.64.119"; classtype:trojan-activity; sid:37600181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 90.188.251.32 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.188.251.32"; classtype:trojan-activity; sid:37600191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.127 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.127"; classtype:trojan-activity; sid:37577671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 193.151.148.118 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.148.118"; classtype:trojan-activity; sid:37600201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.175.167.94 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.175.167.94"; classtype:trojan-activity; sid:37583451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 51.77.58.143 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.77.58.143"; classtype:trojan-activity; sid:37600211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.179.148.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.179.148.51"; classtype:trojan-activity; sid:37583461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 142.4.218.114 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.4.218.114"; classtype:trojan-activity; sid:37746981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 223.12.155.45 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.12.155.45"; classtype:trojan-activity; sid:37583471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 95.102.47.243 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.102.47.243"; classtype:trojan-activity; sid:37583481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 186.193.8.95 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.193.8.95"; classtype:trojan-activity; sid:37583491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.48.250.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.128"; classtype:trojan-activity; sid:37583501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.84.47 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.84.47"; classtype:trojan-activity; sid:37600221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.133.255.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.255.139"; classtype:trojan-activity; sid:37600231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.47.73.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.47.73.203"; classtype:trojan-activity; sid:37583511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 37.103.61.31 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.103.61.31"; classtype:trojan-activity; sid:37583521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.62.197.77 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.77"; classtype:trojan-activity; sid:37583531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.138.193.5 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.138.193.5"; classtype:trojan-activity; sid:37600241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.126.64.240 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.64.240"; classtype:trojan-activity; sid:37600251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 39.40.199.142 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.40.199.142"; classtype:trojan-activity; sid:37583541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.112.135.204 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.112.135.204"; classtype:trojan-activity; sid:37583551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.178.234.14 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.234.14"; classtype:trojan-activity; sid:37600261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.62.10.253 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.62.10.253"; classtype:trojan-activity; sid:37746991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 112.120.71.167 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.120.71.167"; classtype:trojan-activity; sid:37583561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.243.56.221 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.243.56.221"; classtype:trojan-activity; sid:37583571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 152.169.179.144 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.169.179.144"; classtype:trojan-activity; sid:37600271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 210.114.22.126 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.114.22.126"; classtype:trojan-activity; sid:37600281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.132.165.186 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.165.186"; classtype:trojan-activity; sid:37600291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.45.203 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.45.203"; classtype:trojan-activity; sid:37600301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.205.219.185 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.205.219.185"; classtype:trojan-activity; sid:37600311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 5.237.26.198 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.237.26.198"; classtype:trojan-activity; sid:37573551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 165.22.143.72 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.143.72"; classtype:trojan-activity; sid:37577681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 114.218.196.81 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.218.196.81"; classtype:trojan-activity; sid:37583581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.55.66.199 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.55.66.199"; classtype:trojan-activity; sid:37573561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 178.32.197.94 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.32.197.94"; classtype:trojan-activity; sid:37573571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 111.229.139.131 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.139.131"; classtype:trojan-activity; sid:37600321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 153.135.81.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.135.81.130"; classtype:trojan-activity; sid:37583591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.14.98.48 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.98.48"; classtype:trojan-activity; sid:37600331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 141.98.11.116 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.116"; classtype:trojan-activity; sid:37600341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.247.188.6 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.247.188.6"; classtype:trojan-activity; sid:37600351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.40.239.220 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.239.220"; classtype:trojan-activity; sid:37600361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.142.73.44 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.73.44"; classtype:trojan-activity; sid:37600371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.15.15.249 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.15.15.249"; classtype:trojan-activity; sid:37583601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 69.49.247.238 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.49.247.238"; classtype:trojan-activity; sid:37600381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.245.54.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.245.54.139"; classtype:trojan-activity; sid:37583611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 2.57.122.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.57.122.244"; classtype:trojan-activity; sid:37600391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.157.193.14 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.193.14"; classtype:trojan-activity; sid:37600401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.177.105.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.177.105.197"; classtype:trojan-activity; sid:37583621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.108.25.137 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.108.25.137"; classtype:trojan-activity; sid:37583631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.54.207.125 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.207.125"; classtype:trojan-activity; sid:37583641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 88.204.217.246 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.204.217.246"; classtype:trojan-activity; sid:37583651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.143 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.143"; classtype:trojan-activity; sid:37577691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 211.15.120.103 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.15.120.103"; classtype:trojan-activity; sid:37583661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.173.77.219 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.173.77.219"; classtype:trojan-activity; sid:37583671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.189 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.189"; classtype:trojan-activity; sid:37600411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.105.17 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.105.17"; classtype:trojan-activity; sid:37600421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.53 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.53"; classtype:trojan-activity; sid:37577701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 79.136.3.185 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.136.3.185"; classtype:trojan-activity; sid:37583681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.67.148 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.67.148"; classtype:trojan-activity; sid:37600431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.106.103.24 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.103.24"; classtype:trojan-activity; sid:37600441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.135.50.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.135.50.128"; classtype:trojan-activity; sid:37583691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.128.69.133 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.69.133"; classtype:trojan-activity; sid:37600451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.51.45.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.45.37"; classtype:trojan-activity; sid:37600461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.92.11 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.92.11"; classtype:trojan-activity; sid:37600471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.166.142.21 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.166.142.21"; classtype:trojan-activity; sid:37583701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.55.149.235 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.55.149.235"; classtype:trojan-activity; sid:37583711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.157.117.190 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.117.190"; classtype:trojan-activity; sid:37600481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.131.151.169 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.131.151.169"; classtype:trojan-activity; sid:37747001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 190.107.30.216 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.107.30.216"; classtype:trojan-activity; sid:37600491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 14.169.92.185 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.169.92.185"; classtype:trojan-activity; sid:37583721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.33.87.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.33.87.154"; classtype:trojan-activity; sid:37600501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.149.237.34 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.149.237.34"; classtype:trojan-activity; sid:37600511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.187.39.17 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.187.39.17"; classtype:trojan-activity; sid:37600521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 172.81.62.222 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.222"; classtype:trojan-activity; sid:37573581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.232.9.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.232.9.128"; classtype:trojan-activity; sid:37583731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.3"; classtype:trojan-activity; sid:37583741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 94.187.224.120 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.187.224.120"; classtype:trojan-activity; sid:37583751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.30.67.240 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.30.67.240"; classtype:trojan-activity; sid:37583761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.181.114.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.181.114.54"; classtype:trojan-activity; sid:37600531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.51 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.51"; classtype:trojan-activity; sid:37577711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 223.151.226.66 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.226.66"; classtype:trojan-activity; sid:37583771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 85.122.181.66 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.122.181.66"; classtype:trojan-activity; sid:37600541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.122 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.122"; classtype:trojan-activity; sid:37577721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 115.41.71.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.41.71.197"; classtype:trojan-activity; sid:37583781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.50.177.82 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.177.82"; classtype:trojan-activity; sid:37600551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.15.117 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.15.117"; classtype:trojan-activity; sid:37600561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.125.167.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.125.167.139"; classtype:trojan-activity; sid:37600571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.71.48.84 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.71.48.84"; classtype:trojan-activity; sid:37583791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.188.43.61 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.188.43.61"; classtype:trojan-activity; sid:37600581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.142.125.215 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.215"; classtype:trojan-activity; sid:37600591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.91.127.42 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.91.127.42"; classtype:trojan-activity; sid:37577731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 106.56.32.5 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.56.32.5"; classtype:trojan-activity; sid:37583801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.14.178.191 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.14.178.191"; classtype:trojan-activity; sid:37583811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.25.135.214 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.25.135.214"; classtype:trojan-activity; sid:37583821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.223.210.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.223.210.166"; classtype:trojan-activity; sid:37583831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.65.101.245 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.65.101.245"; classtype:trojan-activity; sid:37600601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 190.219.5.175 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.219.5.175"; classtype:trojan-activity; sid:37600611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 209.101.183.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.101.183.130"; classtype:trojan-activity; sid:37583841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.53.210.145 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.210.145"; classtype:trojan-activity; sid:37600621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.62.142.14 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.62.142.14"; classtype:trojan-activity; sid:37600631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.165.152.25 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.165.152.25"; classtype:trojan-activity; sid:37583851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 37.44.238.66 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.44.238.66"; classtype:trojan-activity; sid:37583861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 209.38.228.147 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.38.228.147"; classtype:trojan-activity; sid:37600641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.240.126.219 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.240.126.219"; classtype:trojan-activity; sid:37583871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 146.59.127.25 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.59.127.25"; classtype:trojan-activity; sid:37600651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.176.118 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.176.118"; classtype:trojan-activity; sid:37600661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 143.198.210.228 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.210.228"; classtype:trojan-activity; sid:37600671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 195.189.109.235 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.189.109.235"; classtype:trojan-activity; sid:37573591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 111.22.76.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.22.76.193"; classtype:trojan-activity; sid:37583881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.23.157.114 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.157.114"; classtype:trojan-activity; sid:37600681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.156.223.195 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.223.195"; classtype:trojan-activity; sid:37600691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 12.219.42.110 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 12.219.42.110"; classtype:trojan-activity; sid:37583891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.89.86.185 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.89.86.185"; classtype:trojan-activity; sid:37583901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 142.171.81.108 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.171.81.108"; classtype:trojan-activity; sid:37600701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.135.165.222 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.135.165.222"; classtype:trojan-activity; sid:37583911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 60.191.75.194 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.191.75.194"; classtype:trojan-activity; sid:37583921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.209.65.35 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.209.65.35"; classtype:trojan-activity; sid:37583931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.241.168.49 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.241.168.49"; classtype:trojan-activity; sid:37583941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.66.220.39 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.66.220.39"; classtype:trojan-activity; sid:37573601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.154.47.21 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.47.21"; classtype:trojan-activity; sid:37600711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.222.151 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.222.151"; classtype:trojan-activity; sid:37600721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 37.255.236.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.255.236.154"; classtype:trojan-activity; sid:37583951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 149.100.164.157 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.100.164.157"; classtype:trojan-activity; sid:37583961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.47.172.136 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.47.172.136"; classtype:trojan-activity; sid:37577741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.137.0.81 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.0.81"; classtype:trojan-activity; sid:37600731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 220.134.197.112 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.134.197.112"; classtype:trojan-activity; sid:37583971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.133.187.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.133.187.4"; classtype:trojan-activity; sid:37583981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.117.163.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.117.163.139"; classtype:trojan-activity; sid:37600741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.52.134.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.52.134.74"; classtype:trojan-activity; sid:37583991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.158.3.205 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.3.205"; classtype:trojan-activity; sid:37584001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.48.250.127 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.127"; classtype:trojan-activity; sid:37584011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 94.102.61.20 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.102.61.20"; classtype:trojan-activity; sid:37600751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.199.71.131 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.71.131"; classtype:trojan-activity; sid:37573611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 111.70.31.14 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.31.14"; classtype:trojan-activity; sid:37584021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.224.128.31 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.224.128.31"; classtype:trojan-activity; sid:37584031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.62.247 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.247"; classtype:trojan-activity; sid:37573621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 167.94.146.52 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.146.52"; classtype:trojan-activity; sid:37577751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 42.54.226.159 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.54.226.159"; classtype:trojan-activity; sid:37584041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.74.78.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.74.78.244"; classtype:trojan-activity; sid:37600761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.107.231.206 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.107.231.206"; classtype:trojan-activity; sid:37584051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.219.213.10 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.219.213.10"; classtype:trojan-activity; sid:37600771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.22.74.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.22.74.166"; classtype:trojan-activity; sid:37584061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 115.238.224.38 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.238.224.38"; classtype:trojan-activity; sid:37584071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.43.66.142 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.66.142"; classtype:trojan-activity; sid:37600781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.34.27.249 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.27.249"; classtype:trojan-activity; sid:37600791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.1.36 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.1.36"; classtype:trojan-activity; sid:37600801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.228 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.228"; classtype:trojan-activity; sid:37747011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 35.202.9.133 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.202.9.133"; classtype:trojan-activity; sid:37600811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 80.68.7.179 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.68.7.179"; classtype:trojan-activity; sid:37600821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.9.208.194 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.9.208.194"; classtype:trojan-activity; sid:37584081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.152.134.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.152.134.130"; classtype:trojan-activity; sid:37584091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 208.65.84.143 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.65.84.143"; classtype:trojan-activity; sid:37600831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 81.91.182.234 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.91.182.234"; classtype:trojan-activity; sid:37573631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 176.50.214.45 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.50.214.45"; classtype:trojan-activity; sid:37584101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.86.148 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.86.148"; classtype:trojan-activity; sid:37600841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 219.140.189.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.140.189.90"; classtype:trojan-activity; sid:37584111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 160.251.212.122 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 160.251.212.122"; classtype:trojan-activity; sid:37600851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.61.37.217 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.37.217"; classtype:trojan-activity; sid:37600861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.77.96.52 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.77.96.52"; classtype:trojan-activity; sid:37600871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.220.0.101 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.0.101"; classtype:trojan-activity; sid:37600881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 156.236.66.141 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.66.141"; classtype:trojan-activity; sid:37600891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.245.70.136 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.245.70.136"; classtype:trojan-activity; sid:37584121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 139.227.161.107 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.227.161.107"; classtype:trojan-activity; sid:37747021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 46.98.167.66 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.98.167.66"; classtype:trojan-activity; sid:37584131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.218.201.81 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.218.201.81"; classtype:trojan-activity; sid:37573641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 49.86.121.5 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.86.121.5"; classtype:trojan-activity; sid:37584141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.220.100.165 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.100.165"; classtype:trojan-activity; sid:37600901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.163.241.49 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.241.49"; classtype:trojan-activity; sid:37600911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.167.97.229 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.167.97.229"; classtype:trojan-activity; sid:37577761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 121.167.167.106 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.167.167.106"; classtype:trojan-activity; sid:37584151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.224 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.224"; classtype:trojan-activity; sid:37747031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 43.157.16.50 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.16.50"; classtype:trojan-activity; sid:37600921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.51.192.96 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.192.96"; classtype:trojan-activity; sid:37600931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 190.213.180.98 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.213.180.98"; classtype:trojan-activity; sid:37600941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 8.218.55.214 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.218.55.214"; classtype:trojan-activity; sid:37600951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.13.1.132 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.1.132"; classtype:trojan-activity; sid:37600961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.27.59.147 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.27.59.147"; classtype:trojan-activity; sid:37584161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 39.109.122.51 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.109.122.51"; classtype:trojan-activity; sid:37600971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 95.52.231.253 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.52.231.253"; classtype:trojan-activity; sid:37584171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.246.115.9 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.115.9"; classtype:trojan-activity; sid:37584181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.105.128.11 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.105.128.11"; classtype:trojan-activity; sid:37600981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.223.149.212 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.149.212"; classtype:trojan-activity; sid:37600991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.245.67.64 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.245.67.64"; classtype:trojan-activity; sid:37584191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.143.164.227 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.164.227"; classtype:trojan-activity; sid:37601001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 60.220.193.28 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.220.193.28"; classtype:trojan-activity; sid:37584201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.61.237.245 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.61.237.245"; classtype:trojan-activity; sid:37584211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.59.10.204 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.59.10.204"; classtype:trojan-activity; sid:37584221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.52.210.18 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.52.210.18"; classtype:trojan-activity; sid:37584231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.8.8.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.8.8.225"; classtype:trojan-activity; sid:37584241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.243.150.39 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.150.39"; classtype:trojan-activity; sid:37577771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 121.188.160.55 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.188.160.55"; classtype:trojan-activity; sid:37601011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.247.134.165 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.247.134.165"; classtype:trojan-activity; sid:37601021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 157.245.52.79 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.52.79"; classtype:trojan-activity; sid:37601031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 39.164.180.20 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.164.180.20"; classtype:trojan-activity; sid:37584251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.163.194.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.194.204"; classtype:trojan-activity; sid:37601041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.202.113.63 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.202.113.63"; classtype:trojan-activity; sid:37747041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 218.17.187.156 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.17.187.156"; classtype:trojan-activity; sid:37584261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.69.156 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.69.156"; classtype:trojan-activity; sid:37601051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.4.250.94 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.4.250.94"; classtype:trojan-activity; sid:37601061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.154.238.13 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.154.238.13"; classtype:trojan-activity; sid:37601071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.158.28.37 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.158.28.37"; classtype:trojan-activity; sid:37584271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.101.88.218 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.218"; classtype:trojan-activity; sid:37601081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 150.158.196.148 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.196.148"; classtype:trojan-activity; sid:37601091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.244.79.206 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.244.79.206"; classtype:trojan-activity; sid:37584281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 51.158.230.229 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.158.230.229"; classtype:trojan-activity; sid:37601101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.131.93.149 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.131.93.149"; classtype:trojan-activity; sid:37573651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 117.251.209.69 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.251.209.69"; classtype:trojan-activity; sid:37584291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 191.14.21.179 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.14.21.179"; classtype:trojan-activity; sid:37584301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.62.221 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.221"; classtype:trojan-activity; sid:37573661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 198.235.24.209 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.209"; classtype:trojan-activity; sid:37577781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 123.132.83.205 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.132.83.205"; classtype:trojan-activity; sid:37584311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.241.214.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.241.214.247"; classtype:trojan-activity; sid:37584321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.172.119 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.172.119"; classtype:trojan-activity; sid:37601111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.44.27.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.44.27.17"; classtype:trojan-activity; sid:37584331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.229.150.117 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.150.117"; classtype:trojan-activity; sid:37601121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.52.195 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.52.195"; classtype:trojan-activity; sid:37601131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 109.236.47.119 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.236.47.119"; classtype:trojan-activity; sid:37573671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 61.155.9.4 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.155.9.4"; classtype:trojan-activity; sid:37601141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.157.27.141 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.27.141"; classtype:trojan-activity; sid:37601151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.200.198.122 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.200.198.122"; classtype:trojan-activity; sid:37573681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 91.92.244.11 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.244.11"; classtype:trojan-activity; sid:37601161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.134.113.192 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.134.113.192"; classtype:trojan-activity; sid:37584341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.180.163.123 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.180.163.123"; classtype:trojan-activity; sid:37584351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.76.213 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.76.213"; classtype:trojan-activity; sid:37601171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 147.78.47.34 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.78.47.34"; classtype:trojan-activity; sid:37577791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.36.81.86 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.36.81.86"; classtype:trojan-activity; sid:37573691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 204.216.150.16 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.216.150.16"; classtype:trojan-activity; sid:37601181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 192.241.195.115 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.195.115"; classtype:trojan-activity; sid:37747051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 117.199.194.248 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.199.194.248"; classtype:trojan-activity; sid:37584361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.240.52.238 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.52.238"; classtype:trojan-activity; sid:37584371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.173.122.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.173.122.4"; classtype:trojan-activity; sid:37584381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.5.87.173 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.5.87.173"; classtype:trojan-activity; sid:37584391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.86.64.137 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.86.64.137"; classtype:trojan-activity; sid:37584401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.69.134.63 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.69.134.63"; classtype:trojan-activity; sid:37584411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.133.39.252 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.39.252"; classtype:trojan-activity; sid:37601191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.203.192.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.192.45"; classtype:trojan-activity; sid:37601201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.30.115.14 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.115.14"; classtype:trojan-activity; sid:37584421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.249.193.103 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.249.193.103"; classtype:trojan-activity; sid:37601211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.1.245.165 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.1.245.165"; classtype:trojan-activity; sid:37573701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 64.23.148.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.148.65"; classtype:trojan-activity; sid:37601221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.102.84.42 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.84.42"; classtype:trojan-activity; sid:37584431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.138.111.133 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.138.111.133"; classtype:trojan-activity; sid:37584441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.71.26.117 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.71.26.117"; classtype:trojan-activity; sid:37577801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 1.169.38.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.169.38.85"; classtype:trojan-activity; sid:37584451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.114.3.150 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.114.3.150"; classtype:trojan-activity; sid:37601231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.50.189.223 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.189.223"; classtype:trojan-activity; sid:37601241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.115.84.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.115.84.220"; classtype:trojan-activity; sid:37584461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.232.77.133 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.232.77.133"; classtype:trojan-activity; sid:37573711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 130.0.177.161 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 130.0.177.161"; classtype:trojan-activity; sid:37601251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.240.204.149 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.204.149"; classtype:trojan-activity; sid:37584471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.235.135.82 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.135.82"; classtype:trojan-activity; sid:37601261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.238.206 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.238.206"; classtype:trojan-activity; sid:37601271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.51.37.41 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.37.41"; classtype:trojan-activity; sid:37601281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.9.226.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.9.226.75"; classtype:trojan-activity; sid:37584481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.62.121.22 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.121.22"; classtype:trojan-activity; sid:37601291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.241.106.135 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.241.106.135"; classtype:trojan-activity; sid:37584491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.38.151.151 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.38.151.151"; classtype:trojan-activity; sid:37584501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.120.40.205 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.120.40.205"; classtype:trojan-activity; sid:37601301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.246.58.139 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.246.58.139"; classtype:trojan-activity; sid:37573721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 124.235.175.200 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.235.175.200"; classtype:trojan-activity; sid:37584511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.28.46.67 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.28.46.67"; classtype:trojan-activity; sid:37584521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.44.86 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.44.86"; classtype:trojan-activity; sid:37601311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 92.63.204.94 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.63.204.94"; classtype:trojan-activity; sid:37573731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 190.109.228.16 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.228.16"; classtype:trojan-activity; sid:37584531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.188.169.56 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.188.169.56"; classtype:trojan-activity; sid:37601321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 192.241.205.67 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.205.67"; classtype:trojan-activity; sid:37747061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 1.48.185.133 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.48.185.133"; classtype:trojan-activity; sid:37584541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.103.205.217 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.205.217"; classtype:trojan-activity; sid:37584551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.100.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.100.154"; classtype:trojan-activity; sid:37601331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 84.54.51.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.54.51.3"; classtype:trojan-activity; sid:37584561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.74.6.181 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.74.6.181"; classtype:trojan-activity; sid:37601341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.203.57.12 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.203.57.12"; classtype:trojan-activity; sid:37577811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 124.234.218.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.234.218.90"; classtype:trojan-activity; sid:37584571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.125.65.81 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.125.65.81"; classtype:trojan-activity; sid:37577821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.134.109.110 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.109.110"; classtype:trojan-activity; sid:37601351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.208.96 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.208.96"; classtype:trojan-activity; sid:37601361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.123.90.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.123.90.53"; classtype:trojan-activity; sid:37584581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 188.246.255.81 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.246.255.81"; classtype:trojan-activity; sid:37573741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 114.218.149.184 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.218.149.184"; classtype:trojan-activity; sid:37584591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 88.218.254.67 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.218.254.67"; classtype:trojan-activity; sid:37584601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.92.247.196 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.247.196"; classtype:trojan-activity; sid:37584611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.11.8.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.8.168"; classtype:trojan-activity; sid:37584621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.94.138.127 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.127"; classtype:trojan-activity; sid:37577831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 171.112.92.142 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.112.92.142"; classtype:trojan-activity; sid:37584631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.139 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.139"; classtype:trojan-activity; sid:37747071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 194.33.45.89 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.45.89"; classtype:trojan-activity; sid:37573751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 150.158.48.191 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.48.191"; classtype:trojan-activity; sid:37573761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 91.246.58.179 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.246.58.179"; classtype:trojan-activity; sid:37573771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 177.11.148.42 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.11.148.42"; classtype:trojan-activity; sid:37573781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 150.109.254.133 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.254.133"; classtype:trojan-activity; sid:37601371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 120.48.17.127 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.17.127"; classtype:trojan-activity; sid:37601381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.172.62.104 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.62.104"; classtype:trojan-activity; sid:37601391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 141.98.11.86 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.86"; classtype:trojan-activity; sid:37601401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.193.194 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.193.194"; classtype:trojan-activity; sid:37601411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.112.224.208 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.112.224.208"; classtype:trojan-activity; sid:37584641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.61.140.12 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.140.12"; classtype:trojan-activity; sid:37584651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.15.4.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.15.4.139"; classtype:trojan-activity; sid:37584661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.48.129.162 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.129.162"; classtype:trojan-activity; sid:37601421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.248.193.33 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.248.193.33"; classtype:trojan-activity; sid:37584671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 219.157.34.179 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.157.34.179"; classtype:trojan-activity; sid:37584681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.248.103.199 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.248.103.199"; classtype:trojan-activity; sid:37584691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 139.200.68.57 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.200.68.57"; classtype:trojan-activity; sid:37584701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.221 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.221"; classtype:trojan-activity; sid:37747081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 112.112.194.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.112.194.90"; classtype:trojan-activity; sid:37584711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.128.11.133 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.128.11.133"; classtype:trojan-activity; sid:37584721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.99.66.23 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.99.66.23"; classtype:trojan-activity; sid:37584731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.248 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.248"; classtype:trojan-activity; sid:37747091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 101.43.93.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.93.18"; classtype:trojan-activity; sid:37601431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.49.172.123 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.49.172.123"; classtype:trojan-activity; sid:37584741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.234.173.95 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.234.173.95"; classtype:trojan-activity; sid:37584751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.227 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.227"; classtype:trojan-activity; sid:37747101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 182.240.54.116 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.54.116"; classtype:trojan-activity; sid:37584761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.156.129.12 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.156.129.12"; classtype:trojan-activity; sid:37601441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 74.48.175.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.175.139"; classtype:trojan-activity; sid:37601451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 5.42.85.159 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.85.159"; classtype:trojan-activity; sid:37601461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 115.159.95.209 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.95.209"; classtype:trojan-activity; sid:37601471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.170.251.21 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.251.21"; classtype:trojan-activity; sid:37584771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.239.184.218 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.239.184.218"; classtype:trojan-activity; sid:37584781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.229.190.64 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.190.64"; classtype:trojan-activity; sid:37601481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.133.44.69 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.44.69"; classtype:trojan-activity; sid:37601491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 24.199.88.134 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.199.88.134"; classtype:trojan-activity; sid:37573791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 139.59.235.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.235.139"; classtype:trojan-activity; sid:37601501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.206.206.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.206.206.168"; classtype:trojan-activity; sid:37584791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.62.134.137 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.62.134.137"; classtype:trojan-activity; sid:37747111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 189.183.213.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.183.213.130"; classtype:trojan-activity; sid:37584801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.61.197.119 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.197.119"; classtype:trojan-activity; sid:37584811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 179.106.18.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.106.18.128"; classtype:trojan-activity; sid:37584821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.159.56.191 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.56.191"; classtype:trojan-activity; sid:37601511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.92.242.159 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.242.159"; classtype:trojan-activity; sid:37584831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.253.40.231 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.253.40.231"; classtype:trojan-activity; sid:37601521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 128.199.214.193 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.214.193"; classtype:trojan-activity; sid:37601531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.5.139.65 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.5.139.65"; classtype:trojan-activity; sid:37584841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.157.65.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.157.65.154"; classtype:trojan-activity; sid:37584851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 157.107.252.37 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.107.252.37"; classtype:trojan-activity; sid:37584861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 38.7.207.12 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.207.12"; classtype:trojan-activity; sid:37601541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.223.81.105 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.81.105"; classtype:trojan-activity; sid:37601551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.47.64.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.64.139"; classtype:trojan-activity; sid:37584871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.188.205.70 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.188.205.70"; classtype:trojan-activity; sid:37601561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.44.249.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.44.249.18"; classtype:trojan-activity; sid:37601571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.210.31.34 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.34"; classtype:trojan-activity; sid:37601581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 89.207.71.237 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.207.71.237"; classtype:trojan-activity; sid:37584881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 37.54.65.83 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.54.65.83"; classtype:trojan-activity; sid:37584891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.95.147.198 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.95.147.198"; classtype:trojan-activity; sid:37601591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.175 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.175"; classtype:trojan-activity; sid:37601601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 192.241.239.36 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.239.36"; classtype:trojan-activity; sid:37747121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 220.172.226.199 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.172.226.199"; classtype:trojan-activity; sid:37584901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 83.249.246.194 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.249.246.194"; classtype:trojan-activity; sid:37584911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 176.36.110.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.36.110.197"; classtype:trojan-activity; sid:37584921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.46 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.46"; classtype:trojan-activity; sid:37577841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.93.121.234 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.121.234"; classtype:trojan-activity; sid:37584931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 90.226.46.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.226.46.114"; classtype:trojan-activity; sid:37584941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.12.177.103 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.12.177.103"; classtype:trojan-activity; sid:37584951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.238.247.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.238.247.166"; classtype:trojan-activity; sid:37584961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.250.50.67 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.67"; classtype:trojan-activity; sid:37601611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.203.60.162 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.60.162"; classtype:trojan-activity; sid:37601621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.93.108.186 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.108.186"; classtype:trojan-activity; sid:37573801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 187.110.238.50 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.110.238.50"; classtype:trojan-activity; sid:37601631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.221.253.129 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.253.129"; classtype:trojan-activity; sid:37601641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 126.4.127.102 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.4.127.102"; classtype:trojan-activity; sid:37601651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.51.21.126 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.21.126"; classtype:trojan-activity; sid:37601661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 157.65.102.63 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.65.102.63"; classtype:trojan-activity; sid:37584971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 20.24.187.182 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.24.187.182"; classtype:trojan-activity; sid:37577851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 121.116.167.59 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.116.167.59"; classtype:trojan-activity; sid:37584981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 115.56.152.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.56.152.197"; classtype:trojan-activity; sid:37584991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.62.197.167 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.167"; classtype:trojan-activity; sid:37577861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 111.178.84.24 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.178.84.24"; classtype:trojan-activity; sid:37585001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.75.188.138 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.188.138"; classtype:trojan-activity; sid:37601671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.55.177.241 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.55.177.241"; classtype:trojan-activity; sid:37585011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 107.170.251.41 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.251.41"; classtype:trojan-activity; sid:37585021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.134.208.211 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.134.208.211"; classtype:trojan-activity; sid:37585031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.236 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.236"; classtype:trojan-activity; sid:37577871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 110.53.52.101 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.53.52.101"; classtype:trojan-activity; sid:37585041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 93.195.72.112 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.195.72.112"; classtype:trojan-activity; sid:37577881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 123.97.44.249 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.97.44.249"; classtype:trojan-activity; sid:37585051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 138.219.184.214 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.219.184.214"; classtype:trojan-activity; sid:37585061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.213.30.140 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.213.30.140"; classtype:trojan-activity; sid:37585071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.154.151.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.151.93"; classtype:trojan-activity; sid:37601681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 153.214.167.35 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.214.167.35"; classtype:trojan-activity; sid:37585081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.155.186.56 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.186.56"; classtype:trojan-activity; sid:37601691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.68.111.100 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.68.111.100"; classtype:trojan-activity; sid:37601701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.31.11.152 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.31.11.152"; classtype:trojan-activity; sid:37585091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.254.71.234 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.254.71.234"; classtype:trojan-activity; sid:37601711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.236.194.175 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.194.175"; classtype:trojan-activity; sid:37601721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.218 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.218"; classtype:trojan-activity; sid:37747131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 161.35.213.29 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.213.29"; classtype:trojan-activity; sid:37601731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.63.84.27 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.63.84.27"; classtype:trojan-activity; sid:37585101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.213.99.15 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.213.99.15"; classtype:trojan-activity; sid:37601741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.32.126.66 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.126.66"; classtype:trojan-activity; sid:37577891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 218.63.101.244 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.63.101.244"; classtype:trojan-activity; sid:37585111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.211.98.236 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.211.98.236"; classtype:trojan-activity; sid:37573811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 222.168.236.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.168.236.168"; classtype:trojan-activity; sid:37585121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 173.173.177.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.173.177.51"; classtype:trojan-activity; sid:37585131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.253.25.211 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.253.25.211"; classtype:trojan-activity; sid:37585141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 77.243.80.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.243.80.54"; classtype:trojan-activity; sid:37601751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 115.236.75.10 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.236.75.10"; classtype:trojan-activity; sid:37577901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 112.26.124.235 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.26.124.235"; classtype:trojan-activity; sid:37585151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.159.145.170 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.145.170"; classtype:trojan-activity; sid:37601761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 136.239.69.146 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 136.239.69.146"; classtype:trojan-activity; sid:37585161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 60.18.106.137 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.18.106.137"; classtype:trojan-activity; sid:37585171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.4.106.50 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.4.106.50"; classtype:trojan-activity; sid:37585181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.31.254.153 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.254.153"; classtype:trojan-activity; sid:37585191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.138.194.188 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.138.194.188"; classtype:trojan-activity; sid:37601771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 128.199.194.4 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.194.4"; classtype:trojan-activity; sid:37601781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.185 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.185"; classtype:trojan-activity; sid:37577911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.112.157.232 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.112.157.232"; classtype:trojan-activity; sid:37601791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 39.109.117.82 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.109.117.82"; classtype:trojan-activity; sid:37601801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 20.141.174.209 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.141.174.209"; classtype:trojan-activity; sid:37601811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.156.150.3 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.150.3"; classtype:trojan-activity; sid:37577921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 175.4.26.179 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.4.26.179"; classtype:trojan-activity; sid:37577931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 94.180.247.20 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.180.247.20"; classtype:trojan-activity; sid:37601821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 64.227.170.15 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.170.15"; classtype:trojan-activity; sid:37601831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 47.94.109.53 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.94.109.53"; classtype:trojan-activity; sid:37577941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 37.151.48.169 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.151.48.169"; classtype:trojan-activity; sid:37573821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 170.106.50.141 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.50.141"; classtype:trojan-activity; sid:37601841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 84.227.90.219 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.227.90.219"; classtype:trojan-activity; sid:37585201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 203.161.35.127 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.161.35.127"; classtype:trojan-activity; sid:37573831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 172.81.62.242 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.242"; classtype:trojan-activity; sid:37573841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 114.217.71.120 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.217.71.120"; classtype:trojan-activity; sid:37585211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 65.49.1.26 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.49.1.26"; classtype:trojan-activity; sid:37601851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 220.174.158.199 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.174.158.199"; classtype:trojan-activity; sid:37585221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.232.193.151 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.232.193.151"; classtype:trojan-activity; sid:37585231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.169.175.22 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.169.175.22"; classtype:trojan-activity; sid:37601861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.103.175.223 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.103.175.223"; classtype:trojan-activity; sid:37585241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.246.108.254 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.108.254"; classtype:trojan-activity; sid:37585251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.242.233.118 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.242.233.118"; classtype:trojan-activity; sid:37601871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.79.21.137 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.79.21.137"; classtype:trojan-activity; sid:37585261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.173.83.198 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.173.83.198"; classtype:trojan-activity; sid:37585271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.216.150.214 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.216.150.214"; classtype:trojan-activity; sid:37577951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 114.227.63.188 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.227.63.188"; classtype:trojan-activity; sid:37585281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.75.216.74 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.75.216.74"; classtype:trojan-activity; sid:37601881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.166.64.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.166.64.114"; classtype:trojan-activity; sid:37585291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.149.4.242 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.149.4.242"; classtype:trojan-activity; sid:37585301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.204.32.101 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.204.32.101"; classtype:trojan-activity; sid:37585311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.214.78.64 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.78.64"; classtype:trojan-activity; sid:37585321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.37.170.163 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.37.170.163"; classtype:trojan-activity; sid:37585331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 161.35.155.246 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.155.246"; classtype:trojan-activity; sid:37747141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 43.159.147.253 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.147.253"; classtype:trojan-activity; sid:37601891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 177.142.6.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.142.6.51"; classtype:trojan-activity; sid:37585341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.139.153.236 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.139.153.236"; classtype:trojan-activity; sid:37585351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 156.59.75.211 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.59.75.211"; classtype:trojan-activity; sid:37601901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 81.235.245.35 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.235.245.35"; classtype:trojan-activity; sid:37585361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 50.250.202.131 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.250.202.131"; classtype:trojan-activity; sid:37585371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.23.66.6 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.23.66.6"; classtype:trojan-activity; sid:37573851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 129.146.173.29 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.146.173.29"; classtype:trojan-activity; sid:37601911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.32.127.58 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.127.58"; classtype:trojan-activity; sid:37601921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.43.1.93 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.43.1.93"; classtype:trojan-activity; sid:37585381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.32.97.195 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.97.195"; classtype:trojan-activity; sid:37585391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.155.177.51 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.177.51"; classtype:trojan-activity; sid:37601931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 177.163.233.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.163.233.128"; classtype:trojan-activity; sid:37585401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 219.151.147.117 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.151.147.117"; classtype:trojan-activity; sid:37601941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.201.91.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.201.91.128"; classtype:trojan-activity; sid:37585411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.218.139.36 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.218.139.36"; classtype:trojan-activity; sid:37585421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.35.23.90 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.23.90"; classtype:trojan-activity; sid:37601951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.221.78.207 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.221.78.207"; classtype:trojan-activity; sid:37585431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.25.44.104 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.44.104"; classtype:trojan-activity; sid:37601961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 65.49.1.108 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.49.1.108"; classtype:trojan-activity; sid:37577961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 14.194.5.2 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.194.5.2"; classtype:trojan-activity; sid:37577971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 180.116.243.184 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.116.243.184"; classtype:trojan-activity; sid:37585441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.55.177.30 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.55.177.30"; classtype:trojan-activity; sid:37585451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 181.34.51.245 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.34.51.245"; classtype:trojan-activity; sid:37585461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.51.13.246 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.13.246"; classtype:trojan-activity; sid:37601971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.20.191.173 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.20.191.173"; classtype:trojan-activity; sid:37585471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.212.240.162 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.212.240.162"; classtype:trojan-activity; sid:37577981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 122.117.156.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.156.4"; classtype:trojan-activity; sid:37585481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.53.210.63 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.210.63"; classtype:trojan-activity; sid:37573861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 146.235.61.97 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.235.61.97"; classtype:trojan-activity; sid:37601981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.75.65.22 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.75.65.22"; classtype:trojan-activity; sid:37601991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.248.133.35 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.35"; classtype:trojan-activity; sid:37602001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 79.175.151.86 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.175.151.86"; classtype:trojan-activity; sid:37602011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.216.119.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.216.119.169"; classtype:trojan-activity; sid:37602021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 60.172.207.113 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.172.207.113"; classtype:trojan-activity; sid:37585491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 188.117.146.202 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.117.146.202"; classtype:trojan-activity; sid:37573871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 175.175.12.245 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.175.12.245"; classtype:trojan-activity; sid:37585501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.200.36.179 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.200.36.179"; classtype:trojan-activity; sid:37585511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.159.146.198 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.146.198"; classtype:trojan-activity; sid:37602031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.64.187.220 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.187.220"; classtype:trojan-activity; sid:37602041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.9.171.37 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.9.171.37"; classtype:trojan-activity; sid:37585521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.63.7.149 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.63.7.149"; classtype:trojan-activity; sid:37585531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.9.22.191 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.9.22.191"; classtype:trojan-activity; sid:37585541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.67.205.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.67.205.75"; classtype:trojan-activity; sid:37585551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.94.146.59 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.146.59"; classtype:trojan-activity; sid:37602051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.131.59.140 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.59.140"; classtype:trojan-activity; sid:37602061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 94.102.61.84 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.102.61.84"; classtype:trojan-activity; sid:37573881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 179.158.224.160 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.158.224.160"; classtype:trojan-activity; sid:37585561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.143.31.30 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.143.31.30"; classtype:trojan-activity; sid:37602071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 147.182.136.72 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.182.136.72"; classtype:trojan-activity; sid:37577991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 189.11.142.29 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.11.142.29"; classtype:trojan-activity; sid:37602081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 138.68.248.78 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.248.78"; classtype:trojan-activity; sid:37602091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 128.22.150.116 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.22.150.116"; classtype:trojan-activity; sid:37578001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 180.76.202.69 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.202.69"; classtype:trojan-activity; sid:37602101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.245.66.112 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.245.66.112"; classtype:trojan-activity; sid:37585571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.206.124.122 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.206.124.122"; classtype:trojan-activity; sid:37578011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 209.97.160.174 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.97.160.174"; classtype:trojan-activity; sid:37585581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.91.214.145 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.214.145"; classtype:trojan-activity; sid:37602111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.170.244.29 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.244.29"; classtype:trojan-activity; sid:37747151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 117.63.115.24 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.63.115.24"; classtype:trojan-activity; sid:37585591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 51.250.8.177 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.250.8.177"; classtype:trojan-activity; sid:37602121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 201.131.212.19 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.131.212.19"; classtype:trojan-activity; sid:37602131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.208.139.39 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.208.139.39"; classtype:trojan-activity; sid:37585601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.51.79.214 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.51.79.214"; classtype:trojan-activity; sid:37602141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 192.241.238.27 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.238.27"; classtype:trojan-activity; sid:37602151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.180.201.251 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.180.201.251"; classtype:trojan-activity; sid:37602161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 219.76.153.183 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.76.153.183"; classtype:trojan-activity; sid:37602171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.251.3.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.251.3.168"; classtype:trojan-activity; sid:37585611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.61.248 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.61.248"; classtype:trojan-activity; sid:37573891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 116.55.177.157 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.55.177.157"; classtype:trojan-activity; sid:37585621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.135.182.209 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.182.209"; classtype:trojan-activity; sid:37602181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 62.204.41.195 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.204.41.195"; classtype:trojan-activity; sid:37578021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 120.79.80.80 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.79.80.80"; classtype:trojan-activity; sid:37573901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 88.250.31.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.250.31.32"; classtype:trojan-activity; sid:37585631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 168.195.81.1 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.195.81.1"; classtype:trojan-activity; sid:37585641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.53.147.92 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.147.92"; classtype:trojan-activity; sid:37585651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.34.211.24 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.34.211.24"; classtype:trojan-activity; sid:37602191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 126.116.156.129 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.116.156.129"; classtype:trojan-activity; sid:37585661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.17.0.181 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.17.0.181"; classtype:trojan-activity; sid:37602201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.165.29.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.165.29.54"; classtype:trojan-activity; sid:37585671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.43.156.82 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.156.82"; classtype:trojan-activity; sid:37602211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.20.132.182 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.20.132.182"; classtype:trojan-activity; sid:37585681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.55.231.243 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.55.231.243"; classtype:trojan-activity; sid:37585691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 189.46.212.254 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.46.212.254"; classtype:trojan-activity; sid:37602221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 76.72.50.148 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.72.50.148"; classtype:trojan-activity; sid:37585701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.196.192.195 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.196.192.195"; classtype:trojan-activity; sid:37578031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 167.71.205.80 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.205.80"; classtype:trojan-activity; sid:37602231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 138.118.176.190 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.118.176.190"; classtype:trojan-activity; sid:37585711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 107.151.33.20 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.151.33.20"; classtype:trojan-activity; sid:37585721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 78.68.99.185 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.68.99.185"; classtype:trojan-activity; sid:37585731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.92.137.194 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.92.137.194"; classtype:trojan-activity; sid:37602241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.74.78.114 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.74.78.114"; classtype:trojan-activity; sid:37602251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.113.227.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.113.227.90"; classtype:trojan-activity; sid:37585741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 138.118.91.240 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.118.91.240"; classtype:trojan-activity; sid:37585751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.235.92.122 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.92.122"; classtype:trojan-activity; sid:37602261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.167.93.89 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.167.93.89"; classtype:trojan-activity; sid:37585761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.134.225.242 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.134.225.242"; classtype:trojan-activity; sid:37573911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 185.73.125.23 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.73.125.23"; classtype:trojan-activity; sid:37573921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 80.243.58.249 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.243.58.249"; classtype:trojan-activity; sid:37578041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.231.124.46 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.231.124.46"; classtype:trojan-activity; sid:37585771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.108.97.160 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.108.97.160"; classtype:trojan-activity; sid:37585781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.62.197.117 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.117"; classtype:trojan-activity; sid:37602271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.223.169.88 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.223.169.88"; classtype:trojan-activity; sid:37578051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 49.87.68.124 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.87.68.124"; classtype:trojan-activity; sid:37585791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.4.254.116 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.254.116"; classtype:trojan-activity; sid:37602281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.14.155.137 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.155.137"; classtype:trojan-activity; sid:37602291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 221.225.254.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.225.254.180"; classtype:trojan-activity; sid:37585801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.227.84.240 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.227.84.240"; classtype:trojan-activity; sid:37585811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 20.244.134.31 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.244.134.31"; classtype:trojan-activity; sid:37602301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.163.196.104 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.163.196.104"; classtype:trojan-activity; sid:37602311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.55.28.159 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.28.159"; classtype:trojan-activity; sid:37602321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.97.146.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.97.146.75"; classtype:trojan-activity; sid:37585821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.151.230.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.230.34"; classtype:trojan-activity; sid:37585831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.227.114.131 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.114.131"; classtype:trojan-activity; sid:37585841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.252.140.220 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.252.140.220"; classtype:trojan-activity; sid:37602331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 171.236.247.19 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.236.247.19"; classtype:trojan-activity; sid:37585851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.42.80.198 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.80.198"; classtype:trojan-activity; sid:37602341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 192.241.202.77 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.202.77"; classtype:trojan-activity; sid:37578061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 114.132.197.5 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.197.5"; classtype:trojan-activity; sid:37602351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.141.150.30 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.141.150.30"; classtype:trojan-activity; sid:37602361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 14.19.130.250 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.19.130.250"; classtype:trojan-activity; sid:37602371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.32 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.32"; classtype:trojan-activity; sid:37747161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 78.63.171.152 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.63.171.152"; classtype:trojan-activity; sid:37585861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.34.14.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.34.14.90"; classtype:trojan-activity; sid:37585871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.23.246.120 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.23.246.120"; classtype:trojan-activity; sid:37602381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.243.137.10 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.137.10"; classtype:trojan-activity; sid:37602391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.98.160.206 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.98.160.206"; classtype:trojan-activity; sid:37585881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 95.189.78.131 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.189.78.131"; classtype:trojan-activity; sid:37585891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 181.49.8.58 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.49.8.58"; classtype:trojan-activity; sid:37602401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 136.50.98.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 136.50.98.128"; classtype:trojan-activity; sid:37585901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.138.163.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.163.54"; classtype:trojan-activity; sid:37585911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 203.192.210.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.192.210.34"; classtype:trojan-activity; sid:37585921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.132.200.4 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.200.4"; classtype:trojan-activity; sid:37602411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.243.144.9 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.144.9"; classtype:trojan-activity; sid:37602421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.159.132.25 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.132.25"; classtype:trojan-activity; sid:37602431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.34.214.131 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.34.214.131"; classtype:trojan-activity; sid:37585931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.135.166.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.166.197"; classtype:trojan-activity; sid:37585941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.52.129.64 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.52.129.64"; classtype:trojan-activity; sid:37585951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.203.224.34 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.224.34"; classtype:trojan-activity; sid:37602441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 41.196.0.91 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.196.0.91"; classtype:trojan-activity; sid:37602451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.184.51.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.184.51.114"; classtype:trojan-activity; sid:37585961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.147.250.233 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.147.250.233"; classtype:trojan-activity; sid:37578071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 182.61.55.68 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.55.68"; classtype:trojan-activity; sid:37578081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.142.136.17 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.136.17"; classtype:trojan-activity; sid:37602461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.241.126.176 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.241.126.176"; classtype:trojan-activity; sid:37602471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 179.60.147.47 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.60.147.47"; classtype:trojan-activity; sid:37578091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 117.41.167.121 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.41.167.121"; classtype:trojan-activity; sid:37602481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 181.17.146.189 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.17.146.189"; classtype:trojan-activity; sid:37585971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.185.28.133 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.185.28.133"; classtype:trojan-activity; sid:37602491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.127.134.189 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.127.134.189"; classtype:trojan-activity; sid:37585981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 35.195.93.98 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.195.93.98"; classtype:trojan-activity; sid:37573931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.163.119.224 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.163.119.224"; classtype:trojan-activity; sid:37602501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.198.59.254 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.198.59.254"; classtype:trojan-activity; sid:37602511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 64.226.72.75 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.226.72.75"; classtype:trojan-activity; sid:37602521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 212.164.222.119 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.164.222.119"; classtype:trojan-activity; sid:37585991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 134.17.24.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.17.24.54"; classtype:trojan-activity; sid:37586001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 187.107.127.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.107.127.37"; classtype:trojan-activity; sid:37602531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 196.20.68.81 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.20.68.81"; classtype:trojan-activity; sid:37602541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.122.80.239 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.122.80.239"; classtype:trojan-activity; sid:37586011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.47.42.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.42.130"; classtype:trojan-activity; sid:37586021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.237.200.187 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.237.200.187"; classtype:trojan-activity; sid:37573941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 114.32.34.235 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.34.235"; classtype:trojan-activity; sid:37586031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 192.241.236.28 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.236.28"; classtype:trojan-activity; sid:37578101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 117.205.26.9 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.205.26.9"; classtype:trojan-activity; sid:37586041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 77.239.217.42 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.239.217.42"; classtype:trojan-activity; sid:37586051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.142.125.12 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.12"; classtype:trojan-activity; sid:37578111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 202.42.186.30 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.42.186.30"; classtype:trojan-activity; sid:37602561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.50.210.148 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.210.148"; classtype:trojan-activity; sid:37602571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 90.229.228.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.229.228.154"; classtype:trojan-activity; sid:37586061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 142.93.34.124 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.34.124"; classtype:trojan-activity; sid:37602581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.139.220.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.139.220.180"; classtype:trojan-activity; sid:37586071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.195.147.215 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.147.215"; classtype:trojan-activity; sid:37602591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 51.77.215.145 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.77.215.145"; classtype:trojan-activity; sid:37602601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 20.163.18.235 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.163.18.235"; classtype:trojan-activity; sid:37578121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 178.72.83.72 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.72.83.72"; classtype:trojan-activity; sid:37586081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.248.133.186 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.186"; classtype:trojan-activity; sid:37602611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.232.42.108 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.232.42.108"; classtype:trojan-activity; sid:37602621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.53.54.227 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.53.54.227"; classtype:trojan-activity; sid:37586091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.50.139.177 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.50.139.177"; classtype:trojan-activity; sid:37586101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.91.139.101 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.91.139.101"; classtype:trojan-activity; sid:37602631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 220.135.95.196 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.95.196"; classtype:trojan-activity; sid:37586111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.65.2.178 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.65.2.178"; classtype:trojan-activity; sid:37602641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.103.118.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.118.34"; classtype:trojan-activity; sid:37586121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 219.148.91.172 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.148.91.172"; classtype:trojan-activity; sid:37586131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.124.177.148 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.124.177.148"; classtype:trojan-activity; sid:37602651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 60.246.188.199 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.246.188.199"; classtype:trojan-activity; sid:37586141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.234.182.81 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.234.182.81"; classtype:trojan-activity; sid:37586151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.196.122.152 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.196.122.152"; classtype:trojan-activity; sid:37602661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 165.22.59.198 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.59.198"; classtype:trojan-activity; sid:37602671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.194.86 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.194.86"; classtype:trojan-activity; sid:37602681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.175.77.7 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.175.77.7"; classtype:trojan-activity; sid:37586161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 193.222.96.194 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.222.96.194"; classtype:trojan-activity; sid:37578131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 180.0.114.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.0.114.32"; classtype:trojan-activity; sid:37586171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.174.93.170 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.174.93.170"; classtype:trojan-activity; sid:37586181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.70.29.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.29.17"; classtype:trojan-activity; sid:37586191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 210.79.134.9 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.79.134.9"; classtype:trojan-activity; sid:37602691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.147.27.145 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.147.27.145"; classtype:trojan-activity; sid:37586201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.43.172.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.172.37"; classtype:trojan-activity; sid:37602701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.210.31.128 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.128"; classtype:trojan-activity; sid:37578141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 104.215.4.115 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.215.4.115"; classtype:trojan-activity; sid:37602711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.86.7.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.86.7.62"; classtype:trojan-activity; sid:37586211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.33.62.198 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.33.62.198"; classtype:trojan-activity; sid:37586221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.109.228.122 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.228.122"; classtype:trojan-activity; sid:37586231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 14.63.196.175 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.63.196.175"; classtype:trojan-activity; sid:37602721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 102.117.233.239 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.117.233.239"; classtype:trojan-activity; sid:37586241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.154.233.75 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.154.233.75"; classtype:trojan-activity; sid:37602731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.55 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.55"; classtype:trojan-activity; sid:37578151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 191.57.112.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.57.112.166"; classtype:trojan-activity; sid:37586251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 179.232.99.187 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.232.99.187"; classtype:trojan-activity; sid:37586261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 34.127.48.66 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.127.48.66"; classtype:trojan-activity; sid:37602741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 24.148.91.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.148.91.34"; classtype:trojan-activity; sid:37586271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.222.223.32 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.223.32"; classtype:trojan-activity; sid:37602751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.43.19.169 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.19.169"; classtype:trojan-activity; sid:37573951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 114.216.23.212 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.216.23.212"; classtype:trojan-activity; sid:37586281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.93.123.74 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.123.74"; classtype:trojan-activity; sid:37573961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 1.172.101.185 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.172.101.185"; classtype:trojan-activity; sid:37586291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 12.70.187.125 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 12.70.187.125"; classtype:trojan-activity; sid:37586301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.120.72.26 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.120.72.26"; classtype:trojan-activity; sid:37602761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.14.145.14 any -> $HOME_NET any (msg: "MISP e26875 [] Incoming From IP: 106.14.145.14"; classtype:trojan-activity; sid:37573971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 223.108.112.106 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.108.112.106"; classtype:trojan-activity; sid:37586311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 51.250.18.92 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.250.18.92"; classtype:trojan-activity; sid:37602771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 195.158.5.10 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.158.5.10"; classtype:trojan-activity; sid:37602781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 130.25.187.241 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 130.25.187.241"; classtype:trojan-activity; sid:37586321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.103.207.196 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.207.196"; classtype:trojan-activity; sid:37586331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 86.98.89.147 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.98.89.147"; classtype:trojan-activity; sid:37586341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.62.197.219 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.219"; classtype:trojan-activity; sid:37602791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.229.76.126 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.76.126"; classtype:trojan-activity; sid:37602801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.100.57.127 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.57.127"; classtype:trojan-activity; sid:37586351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.55.83.90 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.55.83.90"; classtype:trojan-activity; sid:37602811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.102.170.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.170.168"; classtype:trojan-activity; sid:37586361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 93.46.12.91 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.46.12.91"; classtype:trojan-activity; sid:37586371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.58.115.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.58.115.75"; classtype:trojan-activity; sid:37586381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 146.190.166.168 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.166.168"; classtype:trojan-activity; sid:37578161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 64.62.197.137 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.137"; classtype:trojan-activity; sid:37586391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.63.215.82 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.63.215.82"; classtype:trojan-activity; sid:37602821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 200.35.43.142 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.35.43.142"; classtype:trojan-activity; sid:37586401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.38.50.221 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.38.50.221"; classtype:trojan-activity; sid:37586411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 77.105.182.66 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.105.182.66"; classtype:trojan-activity; sid:37602831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 190.109.227.119 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.119"; classtype:trojan-activity; sid:37586421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.163.209.117 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.209.117"; classtype:trojan-activity; sid:37602841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.199.101.89 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.101.89"; classtype:trojan-activity; sid:37578171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 95.132.80.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.132.80.231"; classtype:trojan-activity; sid:37586431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.64.167.117 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.167.117"; classtype:trojan-activity; sid:37602851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.13.24.57 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.13.24.57"; classtype:trojan-activity; sid:37586441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 207.154.228.21 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.154.228.21"; classtype:trojan-activity; sid:37602861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.87.68.215 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.87.68.215"; classtype:trojan-activity; sid:37586451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.160.172.126 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.160.172.126"; classtype:trojan-activity; sid:37573981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.86.146.140 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.86.146.140"; classtype:trojan-activity; sid:37586461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.243.136.202 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.243.136.202"; classtype:trojan-activity; sid:37578181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 216.80.104.71 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.80.104.71"; classtype:trojan-activity; sid:37747171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 95.57.232.24 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.57.232.24"; classtype:trojan-activity; sid:37573991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 66.240.236.109 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.240.236.109"; classtype:trojan-activity; sid:37747181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 84.240.247.126 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.240.247.126"; classtype:trojan-activity; sid:37574001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 210.3.96.246 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.3.96.246"; classtype:trojan-activity; sid:37578191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 193.142.146.227 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.142.146.227"; classtype:trojan-activity; sid:37578201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 167.99.212.101 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.212.101"; classtype:trojan-activity; sid:37574011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 198.235.24.170 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.170"; classtype:trojan-activity; sid:37578211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 49.232.6.67 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.6.67"; classtype:trojan-activity; sid:37602871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.165.166 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.165.166"; classtype:trojan-activity; sid:37602881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 200.229.145.21 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.229.145.21"; classtype:trojan-activity; sid:37586471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.103.34.149 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.103.34.149"; classtype:trojan-activity; sid:37586481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.245.200.48 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.245.200.48"; classtype:trojan-activity; sid:37586491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.65.41.104 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.41.104"; classtype:trojan-activity; sid:37602891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.94.138.125 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.125"; classtype:trojan-activity; sid:37586501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 129.226.147.203 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.147.203"; classtype:trojan-activity; sid:37602901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.232.233.194 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.232.233.194"; classtype:trojan-activity; sid:37586511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.126.144.165 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.126.144.165"; classtype:trojan-activity; sid:37586521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.76.155.50 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.76.155.50"; classtype:trojan-activity; sid:37586531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 153.194.189.241 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.194.189.241"; classtype:trojan-activity; sid:37586541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.172.145.146 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.145.146"; classtype:trojan-activity; sid:37586551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.47.194.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.47.194.166"; classtype:trojan-activity; sid:37586561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.41.74.98 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.74.98"; classtype:trojan-activity; sid:37586571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.73.36.202 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.73.36.202"; classtype:trojan-activity; sid:37586581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.114.156.157 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.156.157"; classtype:trojan-activity; sid:37602911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 179.60.147.118 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.60.147.118"; classtype:trojan-activity; sid:37578221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 118.250.55.29 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.250.55.29"; classtype:trojan-activity; sid:37586591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.246.97.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.246.97.150"; classtype:trojan-activity; sid:37586601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.156.224.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.224.154"; classtype:trojan-activity; sid:37602921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.206 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.206"; classtype:trojan-activity; sid:37747191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 120.196.68.204 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.196.68.204"; classtype:trojan-activity; sid:37586611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.223.70.226 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.223.70.226"; classtype:trojan-activity; sid:37586621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.159.163.6 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.159.163.6"; classtype:trojan-activity; sid:37602931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.170.86.86 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.170.86.86"; classtype:trojan-activity; sid:37602941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 120.48.2.117 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.2.117"; classtype:trojan-activity; sid:37602951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.56.211.201 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.211.201"; classtype:trojan-activity; sid:37586631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.233.201.35 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.201.35"; classtype:trojan-activity; sid:37586641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.41.145.96 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.41.145.96"; classtype:trojan-activity; sid:37586651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.9.44.249 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.9.44.249"; classtype:trojan-activity; sid:37586661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 140.86.12.31 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.86.12.31"; classtype:trojan-activity; sid:37602961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.247.129.233 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.247.129.233"; classtype:trojan-activity; sid:37586671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 65.49.1.94 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.49.1.94"; classtype:trojan-activity; sid:37586681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.52.230.126 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.230.126"; classtype:trojan-activity; sid:37602971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.79.141.23 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.141.23"; classtype:trojan-activity; sid:37578231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 211.54.246.6 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.54.246.6"; classtype:trojan-activity; sid:37586691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 77.242.107.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.242.107.203"; classtype:trojan-activity; sid:37586701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 179.60.150.59 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.60.150.59"; classtype:trojan-activity; sid:37578241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 99.7.11.145 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 99.7.11.145"; classtype:trojan-activity; sid:37586711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.89.86.157 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.89.86.157"; classtype:trojan-activity; sid:37586721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 90.226.130.135 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.226.130.135"; classtype:trojan-activity; sid:37586731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.79.20.162 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.20.162"; classtype:trojan-activity; sid:37578251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 71.6.134.234 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.6.134.234"; classtype:trojan-activity; sid:37747201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 121.203.239.129 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.203.239.129"; classtype:trojan-activity; sid:37586741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.47.105.196 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.105.196"; classtype:trojan-activity; sid:37586751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 196.191.102.41 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.191.102.41"; classtype:trojan-activity; sid:37586761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 211.20.14.156 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.20.14.156"; classtype:trojan-activity; sid:37602981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.193.227.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.227.2"; classtype:trojan-activity; sid:37602991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.200.137.55 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.55"; classtype:trojan-activity; sid:37586771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.150.115.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.150.115.114"; classtype:trojan-activity; sid:37586781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.54.109.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.109.74"; classtype:trojan-activity; sid:37586791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 208.65.84.84 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.65.84.84"; classtype:trojan-activity; sid:37603001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.118.132.187 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.118.132.187"; classtype:trojan-activity; sid:37586801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 78.92.43.126 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.92.43.126"; classtype:trojan-activity; sid:37603011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.199.95.104 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.95.104"; classtype:trojan-activity; sid:37586811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.133.54.222 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.133.54.222"; classtype:trojan-activity; sid:37586821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.119.228.11 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.119.228.11"; classtype:trojan-activity; sid:37586831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 134.122.88.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.122.88.182"; classtype:trojan-activity; sid:37603021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.13.198.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.198.93"; classtype:trojan-activity; sid:37603031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.11.133.12 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.133.12"; classtype:trojan-activity; sid:37586841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 15.204.172.20 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.204.172.20"; classtype:trojan-activity; sid:37603041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.250.38.141 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.250.38.141"; classtype:trojan-activity; sid:37586851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.57.193.185 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.57.193.185"; classtype:trojan-activity; sid:37586861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.210.31.196 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.196"; classtype:trojan-activity; sid:37603051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.229.184.146 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.184.146"; classtype:trojan-activity; sid:37578261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 121.227.127.136 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.227.127.136"; classtype:trojan-activity; sid:37586871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.233.19.214 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.233.19.214"; classtype:trojan-activity; sid:37578271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 23.227.203.19 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.227.203.19"; classtype:trojan-activity; sid:37578281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 154.38.184.52 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.38.184.52"; classtype:trojan-activity; sid:37578291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 121.158.249.166 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.158.249.166"; classtype:trojan-activity; sid:37603061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.255.90.49 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.255.90.49"; classtype:trojan-activity; sid:37603071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.70.38.71 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.38.71"; classtype:trojan-activity; sid:37586881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.206.191.149 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.206.191.149"; classtype:trojan-activity; sid:37586891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.103.128.123 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.128.123"; classtype:trojan-activity; sid:37586901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 85.105.201.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.105.201.53"; classtype:trojan-activity; sid:37586911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.127.182.238 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.127.182.238"; classtype:trojan-activity; sid:37586921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.109 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.109"; classtype:trojan-activity; sid:37747211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 197.248.180.212 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.248.180.212"; classtype:trojan-activity; sid:37603081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.212.9.61 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.212.9.61"; classtype:trojan-activity; sid:37586931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.213.66.33 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.213.66.33"; classtype:trojan-activity; sid:37586941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 197.60.234.20 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.60.234.20"; classtype:trojan-activity; sid:37586951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.48.250.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.88"; classtype:trojan-activity; sid:37586961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 165.232.130.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.130.204"; classtype:trojan-activity; sid:37603091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.199.106.114 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.106.114"; classtype:trojan-activity; sid:37747221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 192.36.61.226 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.36.61.226"; classtype:trojan-activity; sid:37578301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 58.46.226.9 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.46.226.9"; classtype:trojan-activity; sid:37586971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.42.230.219 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.230.219"; classtype:trojan-activity; sid:37747231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 110.89.14.218 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.89.14.218"; classtype:trojan-activity; sid:37586981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 168.195.81.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.195.81.3"; classtype:trojan-activity; sid:37586991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.15 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.15"; classtype:trojan-activity; sid:37578311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 120.77.26.190 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.77.26.190"; classtype:trojan-activity; sid:37574021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 60.161.138.21 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.161.138.21"; classtype:trojan-activity; sid:37587001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.163.150.78 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.163.150.78"; classtype:trojan-activity; sid:37587011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.93.205.246 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.246"; classtype:trojan-activity; sid:37587021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.175.112.21 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.175.112.21"; classtype:trojan-activity; sid:37587031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.226.98.63 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.226.98.63"; classtype:trojan-activity; sid:37603101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 64.62.197.2 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.2"; classtype:trojan-activity; sid:37578321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 82.196.6.167 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.196.6.167"; classtype:trojan-activity; sid:37603111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.34.215.66 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.215.66"; classtype:trojan-activity; sid:37603121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.40.185.99 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.185.99"; classtype:trojan-activity; sid:37574031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.58.215.167 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.215.167"; classtype:trojan-activity; sid:37578331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.82 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.82"; classtype:trojan-activity; sid:37747241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 147.78.103.20 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.78.103.20"; classtype:trojan-activity; sid:37587041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.61 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.61"; classtype:trojan-activity; sid:37747251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 106.12.134.87 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.134.87"; classtype:trojan-activity; sid:37574041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 34.76.96.55 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.76.96.55"; classtype:trojan-activity; sid:37574051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 81.69.247.8 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.247.8"; classtype:trojan-activity; sid:37578341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.133.122.4 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.122.4"; classtype:trojan-activity; sid:37603131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 31.31.109.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.31.109.85"; classtype:trojan-activity; sid:37587051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 192.144.107.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.144.107.197"; classtype:trojan-activity; sid:37587061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.95 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.95"; classtype:trojan-activity; sid:37578351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 124.235.174.204 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.235.174.204"; classtype:trojan-activity; sid:37587071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.156.35.214 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.35.214"; classtype:trojan-activity; sid:37603141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 172.171.243.237 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.171.243.237"; classtype:trojan-activity; sid:37578361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 178.49.98.198 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.49.98.198"; classtype:trojan-activity; sid:37587081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.69.230.35 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.230.35"; classtype:trojan-activity; sid:37603151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 85.185.249.118 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.185.249.118"; classtype:trojan-activity; sid:37603161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.210.31.194 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.194"; classtype:trojan-activity; sid:37603171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.149.181.195 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.149.181.195"; classtype:trojan-activity; sid:37587091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 138.68.40.35 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.40.35"; classtype:trojan-activity; sid:37574061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 194.33.45.121 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.45.121"; classtype:trojan-activity; sid:37574071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 2.187.36.211 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.187.36.211"; classtype:trojan-activity; sid:37574081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.75 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.75"; classtype:trojan-activity; sid:37578371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 106.58.179.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.179.182"; classtype:trojan-activity; sid:37603181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.232.169.162 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.169.162"; classtype:trojan-activity; sid:37578381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 134.122.82.170 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.122.82.170"; classtype:trojan-activity; sid:37603191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.154.179.123 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.179.123"; classtype:trojan-activity; sid:37603201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.89.82.219 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.89.82.219"; classtype:trojan-activity; sid:37587101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.109.178.41 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.109.178.41"; classtype:trojan-activity; sid:37587111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 206.204.134.41 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.204.134.41"; classtype:trojan-activity; sid:37587121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.113.243.207 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.113.243.207"; classtype:trojan-activity; sid:37587131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.40.196.220 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.196.220"; classtype:trojan-activity; sid:37574091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 185.180.143.171 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.180.143.171"; classtype:trojan-activity; sid:37578391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 95.111.122.12 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.111.122.12"; classtype:trojan-activity; sid:37587141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.192.117.128 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.117.128"; classtype:trojan-activity; sid:37603211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 94.141.253.202 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.141.253.202"; classtype:trojan-activity; sid:37587151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 94.190.231.27 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.190.231.27"; classtype:trojan-activity; sid:37587161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.4.79 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.4.79"; classtype:trojan-activity; sid:37603221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.114 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.114"; classtype:trojan-activity; sid:37578401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 182.241.192.87 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.241.192.87"; classtype:trojan-activity; sid:37587171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.103.64.162 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.103.64.162"; classtype:trojan-activity; sid:37587181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.224.224.228 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.224.224.228"; classtype:trojan-activity; sid:37587191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 151.242.1.239 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.242.1.239"; classtype:trojan-activity; sid:37587201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.164.124.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.164.124.244"; classtype:trojan-activity; sid:37603231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.189.255.162 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.189.255.162"; classtype:trojan-activity; sid:37603241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 152.136.160.237 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.160.237"; classtype:trojan-activity; sid:37603251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.50.85.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.50.85.139"; classtype:trojan-activity; sid:37587211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.223.120.253 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.120.253"; classtype:trojan-activity; sid:37603261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.89.226.38 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.226.38"; classtype:trojan-activity; sid:37578411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 192.241.193.64 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.193.64"; classtype:trojan-activity; sid:37747261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 121.61.143.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.143.107"; classtype:trojan-activity; sid:37587221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 129.226.212.230 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.212.230"; classtype:trojan-activity; sid:37603271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 92.124.144.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.124.144.204"; classtype:trojan-activity; sid:37603281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.92.0.53 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.53"; classtype:trojan-activity; sid:37603291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 84.52.103.234 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.52.103.234"; classtype:trojan-activity; sid:37603301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.132.58 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.132.58"; classtype:trojan-activity; sid:37603311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.64.222.152 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.222.152"; classtype:trojan-activity; sid:37603321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 202.134.27.91 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.134.27.91"; classtype:trojan-activity; sid:37587231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.134.204.6 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.134.204.6"; classtype:trojan-activity; sid:37587241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.138.212.248 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.212.248"; classtype:trojan-activity; sid:37603331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.42.138.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.138.18"; classtype:trojan-activity; sid:37603341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 192.241.204.75 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.204.75"; classtype:trojan-activity; sid:37574101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 182.244.168.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.244.168.130"; classtype:trojan-activity; sid:37587251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.53.106.207 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.106.207"; classtype:trojan-activity; sid:37603351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.100.21.105 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.21.105"; classtype:trojan-activity; sid:37587261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 20.87.21.241 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.87.21.241"; classtype:trojan-activity; sid:37603361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.212.5 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.212.5"; classtype:trojan-activity; sid:37603371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.56.225.246 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.56.225.246"; classtype:trojan-activity; sid:37587271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.226.78.91 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.226.78.91"; classtype:trojan-activity; sid:37603381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.9.240.38 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.9.240.38"; classtype:trojan-activity; sid:37603391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 5.150.244.132 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.150.244.132"; classtype:trojan-activity; sid:37587281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.58.195.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.58.195.32"; classtype:trojan-activity; sid:37587291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 169.0.129.39 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 169.0.129.39"; classtype:trojan-activity; sid:37587301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.207.8.242 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.207.8.242"; classtype:trojan-activity; sid:37603401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 85.192.63.68 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.192.63.68"; classtype:trojan-activity; sid:37603411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.35.235.214 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.235.214"; classtype:trojan-activity; sid:37603421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 2.181.155.1 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.181.155.1"; classtype:trojan-activity; sid:37587311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.93.186.125 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.93.186.125"; classtype:trojan-activity; sid:37603431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.15.50.21 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.15.50.21"; classtype:trojan-activity; sid:37603441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 35.240.121.17 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.240.121.17"; classtype:trojan-activity; sid:37574111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 201.179.37.48 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.179.37.48"; classtype:trojan-activity; sid:37603451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 115.216.137.216 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.216.137.216"; classtype:trojan-activity; sid:37587321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.157.151.20 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.157.151.20"; classtype:trojan-activity; sid:37574121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.153.207.98 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.207.98"; classtype:trojan-activity; sid:37603461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 179.116.191.56 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.116.191.56"; classtype:trojan-activity; sid:37587331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.100.113.95 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.100.113.95"; classtype:trojan-activity; sid:37587341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.157.235.246 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.235.246"; classtype:trojan-activity; sid:37603471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.91.166.34 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.91.166.34"; classtype:trojan-activity; sid:37603481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.221.0.129 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.0.129"; classtype:trojan-activity; sid:37603491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.4.243 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.4.243"; classtype:trojan-activity; sid:37603501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.246.252.102 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.246.252.102"; classtype:trojan-activity; sid:37587351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 31.173.193.30 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.173.193.30"; classtype:trojan-activity; sid:37587361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.151.1.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.151.1.93"; classtype:trojan-activity; sid:37603511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 51.159.5.101 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.159.5.101"; classtype:trojan-activity; sid:37587371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.235.169.15 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.235.169.15"; classtype:trojan-activity; sid:37587381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.131.41.29 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.41.29"; classtype:trojan-activity; sid:37603521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.9 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.9"; classtype:trojan-activity; sid:37578421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 198.235.24.115 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.115"; classtype:trojan-activity; sid:37603531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 85.48.125.160 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.48.125.160"; classtype:trojan-activity; sid:37587391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.72.119.24 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.72.119.24"; classtype:trojan-activity; sid:37603541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.10.160.163 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.10.160.163"; classtype:trojan-activity; sid:37587401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.222.214.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.222.214.34"; classtype:trojan-activity; sid:37587411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 51.222.13.180 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.222.13.180"; classtype:trojan-activity; sid:37603551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 20.219.187.238 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.219.187.238"; classtype:trojan-activity; sid:37603561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.106 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.106"; classtype:trojan-activity; sid:37603571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.115.162.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.115.162.220"; classtype:trojan-activity; sid:37587421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.230.105.4 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.105.4"; classtype:trojan-activity; sid:37603581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.203 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.203"; classtype:trojan-activity; sid:37747271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 118.173.236.207 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.173.236.207"; classtype:trojan-activity; sid:37587431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.70.82.15 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.70.82.15"; classtype:trojan-activity; sid:37587441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.43.240.23 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.240.23"; classtype:trojan-activity; sid:37603591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 220.83.244.55 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.83.244.55"; classtype:trojan-activity; sid:37587451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.159.56.117 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.56.117"; classtype:trojan-activity; sid:37603601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.156.184.42 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.184.42"; classtype:trojan-activity; sid:37603611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 94.127.212.198 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.127.212.198"; classtype:trojan-activity; sid:37603621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 189.4.10.114 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.4.10.114"; classtype:trojan-activity; sid:37603631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.30.188.235 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.30.188.235"; classtype:trojan-activity; sid:37578431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 192.241.220.43 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.220.43"; classtype:trojan-activity; sid:37574131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 179.50.90.210 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.50.90.210"; classtype:trojan-activity; sid:37574141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 115.20.139.16 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.20.139.16"; classtype:trojan-activity; sid:37587461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.66.76.92 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.76.92"; classtype:trojan-activity; sid:37578441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 222.109.124.51 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.109.124.51"; classtype:trojan-activity; sid:37603641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.187.229.22 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.187.229.22"; classtype:trojan-activity; sid:37587471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.254.192.185 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.254.192.185"; classtype:trojan-activity; sid:37603651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.18.49.50 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.18.49.50"; classtype:trojan-activity; sid:37603661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.128"; classtype:trojan-activity; sid:37587481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 192.227.101.80 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.227.101.80"; classtype:trojan-activity; sid:37578451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 114.219.38.177 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.219.38.177"; classtype:trojan-activity; sid:37587491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.172.48.72 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.48.72"; classtype:trojan-activity; sid:37587501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.26 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.26"; classtype:trojan-activity; sid:37603671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.79.21 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.79.21"; classtype:trojan-activity; sid:37603681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 168.182.36.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.182.36.169"; classtype:trojan-activity; sid:37603691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 199.45.155.33 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 199.45.155.33"; classtype:trojan-activity; sid:37578461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 124.225.21.96 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.225.21.96"; classtype:trojan-activity; sid:37603701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 134.209.108.136 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.108.136"; classtype:trojan-activity; sid:37603711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 41.242.142.227 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.242.142.227"; classtype:trojan-activity; sid:37603721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.153.77.170 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.153.77.170"; classtype:trojan-activity; sid:37578471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 117.163.56.10 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.163.56.10"; classtype:trojan-activity; sid:37603731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.119.66.112 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.119.66.112"; classtype:trojan-activity; sid:37578481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 164.92.116.119 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.116.119"; classtype:trojan-activity; sid:37574151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 117.190.224.41 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.190.224.41"; classtype:trojan-activity; sid:37587511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.34.149.30 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.34.149.30"; classtype:trojan-activity; sid:37587521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 164.92.116.96 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.116.96"; classtype:trojan-activity; sid:37574161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.133.56.30 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.56.30"; classtype:trojan-activity; sid:37578491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 118.89.136.106 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.136.106"; classtype:trojan-activity; sid:37603741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 147.182.153.235 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.182.153.235"; classtype:trojan-activity; sid:37603751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.144.20.198 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.144.20.198"; classtype:trojan-activity; sid:37603761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 78.66.73.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.66.73.3"; classtype:trojan-activity; sid:37587531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.247.155.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.247.155.247"; classtype:trojan-activity; sid:37587541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.229.211.159 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.229.211.159"; classtype:trojan-activity; sid:37587551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 84.17.35.109 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.109"; classtype:trojan-activity; sid:37574171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 92.115.73.39 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.115.73.39"; classtype:trojan-activity; sid:37587561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.248.139.52 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.248.139.52"; classtype:trojan-activity; sid:37587571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.141.222.92 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.141.222.92"; classtype:trojan-activity; sid:37574181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 47.242.189.123 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.189.123"; classtype:trojan-activity; sid:37603771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.93.205.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.225"; classtype:trojan-activity; sid:37587581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 128.199.226.9 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.226.9"; classtype:trojan-activity; sid:37603781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 3.85.100.6 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 3.85.100.6"; classtype:trojan-activity; sid:37578501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 89.189.86.91 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.189.86.91"; classtype:trojan-activity; sid:37574191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 138.199.40.163 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.199.40.163"; classtype:trojan-activity; sid:37574201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.253.148.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.253.148.181"; classtype:trojan-activity; sid:37587591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.62.160.146 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.62.160.146"; classtype:trojan-activity; sid:37587601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.26.170.28 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.26.170.28"; classtype:trojan-activity; sid:37587611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.241.17.238 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.241.17.238"; classtype:trojan-activity; sid:37587621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.219.56.217 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.219.56.217"; classtype:trojan-activity; sid:37603791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.52.125.183 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.125.183"; classtype:trojan-activity; sid:37603801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.34.151.163 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.34.151.163"; classtype:trojan-activity; sid:37587631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.91.182.55 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.91.182.55"; classtype:trojan-activity; sid:37574211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 180.233.236.190 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.233.236.190"; classtype:trojan-activity; sid:37587641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.92.91.103 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.92.91.103"; classtype:trojan-activity; sid:37587651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.116.133.105 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.116.133.105"; classtype:trojan-activity; sid:37587661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.115 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.115"; classtype:trojan-activity; sid:37747281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 175.31.201.61 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.201.61"; classtype:trojan-activity; sid:37587671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.11.243.199 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.243.199"; classtype:trojan-activity; sid:37587681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.14.203.96 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.14.203.96"; classtype:trojan-activity; sid:37587691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.11.78.156 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.11.78.156"; classtype:trojan-activity; sid:37587701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.101.142.246 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.142.246"; classtype:trojan-activity; sid:37603811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.133.241.6 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.133.241.6"; classtype:trojan-activity; sid:37587711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.109.227.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.158"; classtype:trojan-activity; sid:37587721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.89.171.252 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.89.171.252"; classtype:trojan-activity; sid:37587731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.41.208.149 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.41.208.149"; classtype:trojan-activity; sid:37603821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 94.230.206.226 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.230.206.226"; classtype:trojan-activity; sid:37587741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.178.108.177 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.178.108.177"; classtype:trojan-activity; sid:37587751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.243.152.18 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.152.18"; classtype:trojan-activity; sid:37578511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 129.226.146.135 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.146.135"; classtype:trojan-activity; sid:37603831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.157.42.226 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.42.226"; classtype:trojan-activity; sid:37603841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.230.42.107 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.42.107"; classtype:trojan-activity; sid:37603851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 83.191.161.48 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.191.161.48"; classtype:trojan-activity; sid:37587761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.223.42.226 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.42.226"; classtype:trojan-activity; sid:37574221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 14.153.206.142 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.153.206.142"; classtype:trojan-activity; sid:37587771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.0.246.7 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.0.246.7"; classtype:trojan-activity; sid:37603861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.98.142.61 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.98.142.61"; classtype:trojan-activity; sid:37574231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 82.157.169.5 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.169.5"; classtype:trojan-activity; sid:37603871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 192.241.226.25 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.226.25"; classtype:trojan-activity; sid:37587781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.73.124.50 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.73.124.50"; classtype:trojan-activity; sid:37578521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 118.89.88.100 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.88.100"; classtype:trojan-activity; sid:37603881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.243.128.30 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.128.30"; classtype:trojan-activity; sid:37578531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 75.91.9.105 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.91.9.105"; classtype:trojan-activity; sid:37603891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.47.43.140 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.43.140"; classtype:trojan-activity; sid:37587791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.195.138.169 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.138.169"; classtype:trojan-activity; sid:37574241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 144.255.147.165 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.255.147.165"; classtype:trojan-activity; sid:37587801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.64.241.87 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.64.241.87"; classtype:trojan-activity; sid:37587811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.74.253.125 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.74.253.125"; classtype:trojan-activity; sid:37587821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.123.143.39 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.123.143.39"; classtype:trojan-activity; sid:37587831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.232.54.67 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.232.54.67"; classtype:trojan-activity; sid:37578541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 112.115.137.164 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.115.137.164"; classtype:trojan-activity; sid:37587841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.57.199.81 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.57.199.81"; classtype:trojan-activity; sid:37587851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 107.150.101.105 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.150.101.105"; classtype:trojan-activity; sid:37603901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.164.249.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.164.249.74"; classtype:trojan-activity; sid:37587861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.249.83.115 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.249.83.115"; classtype:trojan-activity; sid:37603911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.210.31.183 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.183"; classtype:trojan-activity; sid:37603921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 164.92.205.212 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.205.212"; classtype:trojan-activity; sid:37603931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.72 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.72"; classtype:trojan-activity; sid:37578551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 109.120.37.156 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.120.37.156"; classtype:trojan-activity; sid:37587871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.171.86.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.171.86.2"; classtype:trojan-activity; sid:37603941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.166.89.94 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.89.94"; classtype:trojan-activity; sid:37603951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.67 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.67"; classtype:trojan-activity; sid:37578561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 67.205.177.222 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 67.205.177.222"; classtype:trojan-activity; sid:37603961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.40.210.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.210.182"; classtype:trojan-activity; sid:37603971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.142.32.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.142.32.231"; classtype:trojan-activity; sid:37587881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.249.16.227 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.249.16.227"; classtype:trojan-activity; sid:37603981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.35.179.223 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.35.179.223"; classtype:trojan-activity; sid:37587891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.62.213.196 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.213.196"; classtype:trojan-activity; sid:37603991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.92.93.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.92.93.54"; classtype:trojan-activity; sid:37604001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.93.190.15 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.93.190.15"; classtype:trojan-activity; sid:37587901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.242.82.103 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.242.82.103"; classtype:trojan-activity; sid:37587911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 8.217.216.111 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.217.216.111"; classtype:trojan-activity; sid:37747291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 119.196.47.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.196.47.82"; classtype:trojan-activity; sid:37587921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.20.164.95 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.20.164.95"; classtype:trojan-activity; sid:37587931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.199.105.56 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.105.56"; classtype:trojan-activity; sid:37604011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.34.52.217 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.34.52.217"; classtype:trojan-activity; sid:37587941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.118.29.110 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.118.29.110"; classtype:trojan-activity; sid:37578571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.128.89.192 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.89.192"; classtype:trojan-activity; sid:37604021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 79.175.189.64 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.175.189.64"; classtype:trojan-activity; sid:37604031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 194.33.45.105 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.45.105"; classtype:trojan-activity; sid:37574251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.161.120.18 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.161.120.18"; classtype:trojan-activity; sid:37587951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.251.67.225 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.251.67.225"; classtype:trojan-activity; sid:37574261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 59.20.169.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.20.169.85"; classtype:trojan-activity; sid:37587961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 34.126.71.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.126.71.93"; classtype:trojan-activity; sid:37604041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 37.44.238.124 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.44.238.124"; classtype:trojan-activity; sid:37587971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.239.27.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.239.27.18"; classtype:trojan-activity; sid:37604051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.134.135.29 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.134.135.29"; classtype:trojan-activity; sid:37587981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 186.73.19.254 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.73.19.254"; classtype:trojan-activity; sid:37587991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.221.179.243 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.221.179.243"; classtype:trojan-activity; sid:37604061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.86.101.35 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.86.101.35"; classtype:trojan-activity; sid:37574271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 189.217.130.14 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.217.130.14"; classtype:trojan-activity; sid:37604071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 147.192.81.228 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.192.81.228"; classtype:trojan-activity; sid:37588001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 31.29.171.79 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.29.171.79"; classtype:trojan-activity; sid:37588011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.94.145.58 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.145.58"; classtype:trojan-activity; sid:37578581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.246 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.246"; classtype:trojan-activity; sid:37747301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 31.211.44.70 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.211.44.70"; classtype:trojan-activity; sid:37588021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 138.68.9.99 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.9.99"; classtype:trojan-activity; sid:37604081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.72.142.62 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.72.142.62"; classtype:trojan-activity; sid:37604091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 64.62.197.113 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.113"; classtype:trojan-activity; sid:37604101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.176.89.29 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.176.89.29"; classtype:trojan-activity; sid:37588031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.239.152.198 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.152.198"; classtype:trojan-activity; sid:37588041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.24.204.205 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.24.204.205"; classtype:trojan-activity; sid:37604111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.93.205.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.193"; classtype:trojan-activity; sid:37588051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.185.133.113 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.185.133.113"; classtype:trojan-activity; sid:37588061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.88 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.88"; classtype:trojan-activity; sid:37578591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 115.41.97.66 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.41.97.66"; classtype:trojan-activity; sid:37588071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.9.146.232 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.9.146.232"; classtype:trojan-activity; sid:37588081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.156.113.104 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.113.104"; classtype:trojan-activity; sid:37604121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 210.48.146.104 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.48.146.104"; classtype:trojan-activity; sid:37578601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 119.45.163.72 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.163.72"; classtype:trojan-activity; sid:37604131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 181.94.223.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.94.223.139"; classtype:trojan-activity; sid:37604141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.31.104.109 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.31.104.109"; classtype:trojan-activity; sid:37604151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.90.121.149 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.90.121.149"; classtype:trojan-activity; sid:37588091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.94.145.51 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.145.51"; classtype:trojan-activity; sid:37747311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 222.114.197.33 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.114.197.33"; classtype:trojan-activity; sid:37588101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.228.46.94 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.228.46.94"; classtype:trojan-activity; sid:37604161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.247 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.247"; classtype:trojan-activity; sid:37747321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 113.26.48.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.26.48.231"; classtype:trojan-activity; sid:37588111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.235.136.127 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.235.136.127"; classtype:trojan-activity; sid:37604171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.251.67.221 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.251.67.221"; classtype:trojan-activity; sid:37574281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 117.192.234.183 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.192.234.183"; classtype:trojan-activity; sid:37588121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 65.181.73.155 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.181.73.155"; classtype:trojan-activity; sid:37604181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.199.114.62 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.114.62"; classtype:trojan-activity; sid:37578611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 79.242.10.88 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.242.10.88"; classtype:trojan-activity; sid:37578621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 223.151.75.66 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.75.66"; classtype:trojan-activity; sid:37588131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.48.73.229 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.48.73.229"; classtype:trojan-activity; sid:37604191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 14.250.249.188 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.250.249.188"; classtype:trojan-activity; sid:37588141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.152.52.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.152.52.197"; classtype:trojan-activity; sid:37588151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.147.237.109 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.147.237.109"; classtype:trojan-activity; sid:37588161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 4.213.88.220 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 4.213.88.220"; classtype:trojan-activity; sid:37604201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 217.218.35.133 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.218.35.133"; classtype:trojan-activity; sid:37574291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 101.42.49.98 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.49.98"; classtype:trojan-activity; sid:37604211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.204.36.249 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.204.36.249"; classtype:trojan-activity; sid:37604221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.44.201.100 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.44.201.100"; classtype:trojan-activity; sid:37574301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 181.116.210.85 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.116.210.85"; classtype:trojan-activity; sid:37604231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 137.184.179.251 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.179.251"; classtype:trojan-activity; sid:37604241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 146.70.186.124 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.124"; classtype:trojan-activity; sid:37574311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 27.128.239.46 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.239.46"; classtype:trojan-activity; sid:37578631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 119.206.205.23 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.206.205.23"; classtype:trojan-activity; sid:37588171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.166.146 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.166.146"; classtype:trojan-activity; sid:37604251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.56.54.202 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.56.54.202"; classtype:trojan-activity; sid:37574321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 77.109.32.245 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.109.32.245"; classtype:trojan-activity; sid:37604261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.136.165.121 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.136.165.121"; classtype:trojan-activity; sid:37604271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 195.87.73.208 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.87.73.208"; classtype:trojan-activity; sid:37604281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.136.236.48 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.236.48"; classtype:trojan-activity; sid:37604291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 38.7.207.170 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.207.170"; classtype:trojan-activity; sid:37604301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.125.64.23 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.125.64.23"; classtype:trojan-activity; sid:37588181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.214.2.98 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.214.2.98"; classtype:trojan-activity; sid:37604311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 120.240.145.8 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.240.145.8"; classtype:trojan-activity; sid:37578641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.221.28.189 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.221.28.189"; classtype:trojan-activity; sid:37588191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.158.151.97 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.151.97"; classtype:trojan-activity; sid:37604321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.135.2.216 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.2.216"; classtype:trojan-activity; sid:37604331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.14.14.240 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.14.14.240"; classtype:trojan-activity; sid:37574331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 146.70.186.182 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.182"; classtype:trojan-activity; sid:37574341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 45.235.37.11 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.235.37.11"; classtype:trojan-activity; sid:37588201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.85 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.85"; classtype:trojan-activity; sid:37578651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.66.71.194 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.66.71.194"; classtype:trojan-activity; sid:37604341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 109.201.179.129 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.201.179.129"; classtype:trojan-activity; sid:37574351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 125.124.181.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.124.181.182"; classtype:trojan-activity; sid:37604351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.39.137.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.39.137.51"; classtype:trojan-activity; sid:37588211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.96.31.136 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.96.31.136"; classtype:trojan-activity; sid:37588221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.219.14.173 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.219.14.173"; classtype:trojan-activity; sid:37588231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 85.198.11.206 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.198.11.206"; classtype:trojan-activity; sid:37604361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.203.175 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.203.175"; classtype:trojan-activity; sid:37604371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 24.214.243.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.214.243.32"; classtype:trojan-activity; sid:37588241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 152.240.133.25 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.240.133.25"; classtype:trojan-activity; sid:37588251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 192.166.123.50 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.166.123.50"; classtype:trojan-activity; sid:37604381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.33 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.33"; classtype:trojan-activity; sid:37604391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.20.157.67 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.20.157.67"; classtype:trojan-activity; sid:37588261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 138.121.122.170 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.121.122.170"; classtype:trojan-activity; sid:37588271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.31.18.26 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.31.18.26"; classtype:trojan-activity; sid:37574361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 119.204.36.70 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.204.36.70"; classtype:trojan-activity; sid:37588281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 195.133.44.91 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.133.44.91"; classtype:trojan-activity; sid:37604401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.91.21.197 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.21.197"; classtype:trojan-activity; sid:37604411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 195.154.62.147 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.154.62.147"; classtype:trojan-activity; sid:37578661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 107.170.230.31 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.230.31"; classtype:trojan-activity; sid:37747331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 43.134.180.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.180.37"; classtype:trojan-activity; sid:37604421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 221.202.23.106 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.202.23.106"; classtype:trojan-activity; sid:37588291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 78.16.217.201 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.16.217.201"; classtype:trojan-activity; sid:37588301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 139.59.255.135 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.255.135"; classtype:trojan-activity; sid:37604431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.98.178.109 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.98.178.109"; classtype:trojan-activity; sid:37588311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.21.157.40 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.21.157.40"; classtype:trojan-activity; sid:37588321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.117.120.87 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.117.120.87"; classtype:trojan-activity; sid:37588331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 164.90.140.230 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.140.230"; classtype:trojan-activity; sid:37604441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.43.127.178 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.127.178"; classtype:trojan-activity; sid:37604451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.177.167.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.177.167.51"; classtype:trojan-activity; sid:37588341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 165.22.16.134 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.16.134"; classtype:trojan-activity; sid:37604461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.103.141.5 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.141.5"; classtype:trojan-activity; sid:37588351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.91.205.99 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.205.99"; classtype:trojan-activity; sid:37578671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.64 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.64"; classtype:trojan-activity; sid:37578681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 117.214.93.47 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.93.47"; classtype:trojan-activity; sid:37588361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 139.226.161.64 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.226.161.64"; classtype:trojan-activity; sid:37747341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 220.133.195.93 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.133.195.93"; classtype:trojan-activity; sid:37588371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 189.190.101.26 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.190.101.26"; classtype:trojan-activity; sid:37604471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.173.98.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.173.98.85"; classtype:trojan-activity; sid:37588381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.49.52.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.49.52.114"; classtype:trojan-activity; sid:37588391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 93.190.106.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.190.106.139"; classtype:trojan-activity; sid:37604481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 135.26.97.230 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 135.26.97.230"; classtype:trojan-activity; sid:37588401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 177.60.241.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.60.241.75"; classtype:trojan-activity; sid:37588411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 203.117.54.44 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.117.54.44"; classtype:trojan-activity; sid:37588421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.141.228.50 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.141.228.50"; classtype:trojan-activity; sid:37588431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.98.142.212 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.98.142.212"; classtype:trojan-activity; sid:37588441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.136.225.29 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.136.225.29"; classtype:trojan-activity; sid:37588451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 41.200.39.185 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.200.39.185"; classtype:trojan-activity; sid:37588461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.150.26.251 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.150.26.251"; classtype:trojan-activity; sid:37588471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.99.244.220 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.244.220"; classtype:trojan-activity; sid:37604491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.74.14.153 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.74.14.153"; classtype:trojan-activity; sid:37604501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.207 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.207"; classtype:trojan-activity; sid:37578691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.2 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.2"; classtype:trojan-activity; sid:37747351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 101.37.69.56 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.37.69.56"; classtype:trojan-activity; sid:37574371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 110.230.200.198 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.230.200.198"; classtype:trojan-activity; sid:37588481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.62.239 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.239"; classtype:trojan-activity; sid:37574381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.154.184.109 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.154.184.109"; classtype:trojan-activity; sid:37604511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.243.94.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.243.94.51"; classtype:trojan-activity; sid:37588491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.239.255.140 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.239.255.140"; classtype:trojan-activity; sid:37588501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.55.108.11 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.55.108.11"; classtype:trojan-activity; sid:37588511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.62.197.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.32"; classtype:trojan-activity; sid:37588521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.42.251.29 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.42.251.29"; classtype:trojan-activity; sid:37574391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.254.1.69 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.254.1.69"; classtype:trojan-activity; sid:37574401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 198.235.24.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.93"; classtype:trojan-activity; sid:37604521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.236.200.116 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.200.116"; classtype:trojan-activity; sid:37604531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 135.125.190.81 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 135.125.190.81"; classtype:trojan-activity; sid:37604541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 139.217.80.89 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.217.80.89"; classtype:trojan-activity; sid:37604551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.221.190.101 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.221.190.101"; classtype:trojan-activity; sid:37588531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.13.4.164 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.13.4.164"; classtype:trojan-activity; sid:37588541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.92.241.129 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.241.129"; classtype:trojan-activity; sid:37588551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 95.6.65.16 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.6.65.16"; classtype:trojan-activity; sid:37588561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.53.84.13 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.53.84.13"; classtype:trojan-activity; sid:37588571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.226.72.153 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.226.72.153"; classtype:trojan-activity; sid:37588581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.30.76.191 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.76.191"; classtype:trojan-activity; sid:37588591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.92.29.245 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.92.29.245"; classtype:trojan-activity; sid:37588601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.230.210.40 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.210.40"; classtype:trojan-activity; sid:37604561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.167.97.244 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.167.97.244"; classtype:trojan-activity; sid:37578701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.200.222.189 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.222.189"; classtype:trojan-activity; sid:37588611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.91.136.219 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.91.136.219"; classtype:trojan-activity; sid:37604571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 71.6.232.23 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.6.232.23"; classtype:trojan-activity; sid:37604581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 213.230.86.38 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.230.86.38"; classtype:trojan-activity; sid:37574411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.156.138.208 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.138.208"; classtype:trojan-activity; sid:37604591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 211.54.136.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.54.136.150"; classtype:trojan-activity; sid:37588621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.220.101.233 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.220.101.233"; classtype:trojan-activity; sid:37588631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.72.68 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.72.68"; classtype:trojan-activity; sid:37604601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.245.12.16 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.245.12.16"; classtype:trojan-activity; sid:37588641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.75.251.110 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.251.110"; classtype:trojan-activity; sid:37604611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.94.71.207 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.94.71.207"; classtype:trojan-activity; sid:37604621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 98.143.255.25 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 98.143.255.25"; classtype:trojan-activity; sid:37604631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.43.12.38 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.12.38"; classtype:trojan-activity; sid:37604641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.64.247.2 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.64.247.2"; classtype:trojan-activity; sid:37588651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.41.82.96 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.82.96"; classtype:trojan-activity; sid:37588661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 160.153.251.28 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 160.153.251.28"; classtype:trojan-activity; sid:37604651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.155.144.147 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.144.147"; classtype:trojan-activity; sid:37604661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 80.224.116.59 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.224.116.59"; classtype:trojan-activity; sid:37604671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 177.234.209.200 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.234.209.200"; classtype:trojan-activity; sid:37604681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.62.21.8 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.62.21.8"; classtype:trojan-activity; sid:37588671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.185.216 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.185.216"; classtype:trojan-activity; sid:37604691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.195.155.71 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.155.71"; classtype:trojan-activity; sid:37604701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.221.175.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.175.65"; classtype:trojan-activity; sid:37604711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 102.152.178.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.152.178.204"; classtype:trojan-activity; sid:37604721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.169.124.144 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.169.124.144"; classtype:trojan-activity; sid:37588681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.55.53.166 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.55.53.166"; classtype:trojan-activity; sid:37604731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.238.135.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.238.135.114"; classtype:trojan-activity; sid:37588691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 143.198.208.216 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.208.216"; classtype:trojan-activity; sid:37604741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.231.155.8 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.231.155.8"; classtype:trojan-activity; sid:37588701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.113.135.222 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.113.135.222"; classtype:trojan-activity; sid:37588711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.249.52.238 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.249.52.238"; classtype:trojan-activity; sid:37604751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 134.175.223.67 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.175.223.67"; classtype:trojan-activity; sid:37604761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.74.4.20 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.74.4.20"; classtype:trojan-activity; sid:37604771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.236.91.226 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.236.91.226"; classtype:trojan-activity; sid:37588721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.210.31.87 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.87"; classtype:trojan-activity; sid:37604781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.235 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.235"; classtype:trojan-activity; sid:37747361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 192.241.233.53 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.233.53"; classtype:trojan-activity; sid:37604791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.76.188.151 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.188.151"; classtype:trojan-activity; sid:37604801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 157.245.248.115 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.248.115"; classtype:trojan-activity; sid:37604811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip $HOME_NET any -> 93.123.85.197 606 (msg: "MISP e26842 [Gafgyt] Outgoing To IP: 93.123.85.197|606"; classtype:trojan-activity; sid:37561491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 194.187.176.135 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.135"; classtype:trojan-activity; sid:37578711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.23 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.23"; classtype:trojan-activity; sid:37747371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 43.134.108.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.108.169"; classtype:trojan-activity; sid:37604821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.167.3.91 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.167.3.91"; classtype:trojan-activity; sid:37588731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.135.172.223 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.172.223"; classtype:trojan-activity; sid:37604831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 5.42.62.144 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.62.144"; classtype:trojan-activity; sid:37588741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.183.119.213 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.183.119.213"; classtype:trojan-activity; sid:37588751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.236.24.35 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.24.35"; classtype:trojan-activity; sid:37604841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.8.208.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.208.74"; classtype:trojan-activity; sid:37588761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.144.94.93 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.144.94.93"; classtype:trojan-activity; sid:37588771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 20.243.19.173 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.243.19.173"; classtype:trojan-activity; sid:37604851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.185.216.162 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.185.216.162"; classtype:trojan-activity; sid:37588781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.9.198.212 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.9.198.212"; classtype:trojan-activity; sid:37604861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 60.18.103.170 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.18.103.170"; classtype:trojan-activity; sid:37588791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.113.11.45 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.113.11.45"; classtype:trojan-activity; sid:37588801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 202.110.160.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.110.160.180"; classtype:trojan-activity; sid:37588811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.254.156.121 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.254.156.121"; classtype:trojan-activity; sid:37604871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 219.146.240.138 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.146.240.138"; classtype:trojan-activity; sid:37604881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.250.49.9 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.9"; classtype:trojan-activity; sid:37604891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.74.5.177 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.74.5.177"; classtype:trojan-activity; sid:37604901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.103.60.23 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.60.23"; classtype:trojan-activity; sid:37588821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.92.120.125 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.92.120.125"; classtype:trojan-activity; sid:37574421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 128.14.209.30 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.14.209.30"; classtype:trojan-activity; sid:37604911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.242.143.121 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.242.143.121"; classtype:trojan-activity; sid:37604921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.4.79.138 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.4.79.138"; classtype:trojan-activity; sid:37604931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 177.118.28.55 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.118.28.55"; classtype:trojan-activity; sid:37588831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.179.221.80 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.179.221.80"; classtype:trojan-activity; sid:37588841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.191.203.232 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.191.203.232"; classtype:trojan-activity; sid:37588851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 8.222.158.100 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.158.100"; classtype:trojan-activity; sid:37604941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.2.52.122 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.2.52.122"; classtype:trojan-activity; sid:37604951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.88.208.128 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.88.208.128"; classtype:trojan-activity; sid:37604961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.9.47.35 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.9.47.35"; classtype:trojan-activity; sid:37588861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.213.143.215 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.213.143.215"; classtype:trojan-activity; sid:37588871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 152.32.201.142 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.201.142"; classtype:trojan-activity; sid:37604971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.35.253.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.253.65"; classtype:trojan-activity; sid:37604981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.234.252.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.234.252.247"; classtype:trojan-activity; sid:37588881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.58.217.149 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.217.149"; classtype:trojan-activity; sid:37578721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 223.8.202.70 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.202.70"; classtype:trojan-activity; sid:37588891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.110.13.15 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.110.13.15"; classtype:trojan-activity; sid:37588901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 200.84.209.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.84.209.168"; classtype:trojan-activity; sid:37588911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.42.82.235 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.82.235"; classtype:trojan-activity; sid:37604991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 210.187.80.132 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.187.80.132"; classtype:trojan-activity; sid:37605001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.241.126.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.241.126.244"; classtype:trojan-activity; sid:37605011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 194.33.45.65 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.45.65"; classtype:trojan-activity; sid:37574431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 45.141.26.228 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.141.26.228"; classtype:trojan-activity; sid:37578731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 138.255.149.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.255.149.53"; classtype:trojan-activity; sid:37588921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.226.1.184 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.226.1.184"; classtype:trojan-activity; sid:37605021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.245.150.194 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.245.150.194"; classtype:trojan-activity; sid:37588931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.178.209.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.178.209.3"; classtype:trojan-activity; sid:37588941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.155.137.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.137.204"; classtype:trojan-activity; sid:37605031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 71.6.232.26 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.6.232.26"; classtype:trojan-activity; sid:37588951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.245.237.53 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.245.237.53"; classtype:trojan-activity; sid:37605041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.20.97.207 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.20.97.207"; classtype:trojan-activity; sid:37605051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.128.102.216 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.102.216"; classtype:trojan-activity; sid:37605061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 195.158.4.210 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.158.4.210"; classtype:trojan-activity; sid:37605071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.124.227.232 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.124.227.232"; classtype:trojan-activity; sid:37605081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 176.197.8.217 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.197.8.217"; classtype:trojan-activity; sid:37588961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 78.188.87.40 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.188.87.40"; classtype:trojan-activity; sid:37588971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.70.50.106 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.70.50.106"; classtype:trojan-activity; sid:37588981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.48.193.7 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.48.193.7"; classtype:trojan-activity; sid:37605091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.250.50.192 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.192"; classtype:trojan-activity; sid:37605101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.93.130.58 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.130.58"; classtype:trojan-activity; sid:37574441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.210.237.233 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.210.237.233"; classtype:trojan-activity; sid:37578741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 49.233.244.124 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.233.244.124"; classtype:trojan-activity; sid:37605111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 209.141.34.40 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.141.34.40"; classtype:trojan-activity; sid:37578751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 42.240.141.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.240.141.37"; classtype:trojan-activity; sid:37605121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 212.12.31.69 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.12.31.69"; classtype:trojan-activity; sid:37605131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.139.172.168 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.172.168"; classtype:trojan-activity; sid:37605141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.128.232.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.128.232.247"; classtype:trojan-activity; sid:37588991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.100 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.100"; classtype:trojan-activity; sid:37578761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 81.214.84.178 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.214.84.178"; classtype:trojan-activity; sid:37589001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.164.4.232 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.164.4.232"; classtype:trojan-activity; sid:37605151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 172.81.62.166 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.166"; classtype:trojan-activity; sid:37574451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 181.89.20.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.89.20.154"; classtype:trojan-activity; sid:37589011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 135.180.27.109 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 135.180.27.109"; classtype:trojan-activity; sid:37589021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 68.183.132.72 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.132.72"; classtype:trojan-activity; sid:37605161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.33.208 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.33.208"; classtype:trojan-activity; sid:37578771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 81.214.137.78 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.214.137.78"; classtype:trojan-activity; sid:37589031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.136.234.153 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.136.234.153"; classtype:trojan-activity; sid:37589041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 134.209.153.189 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.153.189"; classtype:trojan-activity; sid:37605171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.64.147.222 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.147.222"; classtype:trojan-activity; sid:37605181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.33.57.48 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.33.57.48"; classtype:trojan-activity; sid:37589051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.253.129.200 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.253.129.200"; classtype:trojan-activity; sid:37574461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 42.51.45.234 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.45.234"; classtype:trojan-activity; sid:37605191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 128.199.147.72 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.147.72"; classtype:trojan-activity; sid:37605201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.41.116.52 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.41.116.52"; classtype:trojan-activity; sid:37574471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 46.101.82.89 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.82.89"; classtype:trojan-activity; sid:37605211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 138.199.40.185 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.199.40.185"; classtype:trojan-activity; sid:37574481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.203.57.11 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.203.57.11"; classtype:trojan-activity; sid:37605221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.158.105.37 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.158.105.37"; classtype:trojan-activity; sid:37589061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.71.164.88 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.164.88"; classtype:trojan-activity; sid:37574491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 222.170.20.194 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.170.20.194"; classtype:trojan-activity; sid:37589071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.72.14.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.14.37"; classtype:trojan-activity; sid:37605231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.239.125.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.125.51"; classtype:trojan-activity; sid:37589081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.86.161.240 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.86.161.240"; classtype:trojan-activity; sid:37589091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.62.213.246 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.213.246"; classtype:trojan-activity; sid:37589101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.100.86.67 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.100.86.67"; classtype:trojan-activity; sid:37589111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.94.138.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.51"; classtype:trojan-activity; sid:37589121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.220.240.140 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.220.240.140"; classtype:trojan-activity; sid:37589131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.212.211.155 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.212.211.155"; classtype:trojan-activity; sid:37605241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.12.240.127 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.240.127"; classtype:trojan-activity; sid:37605251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 221.213.120.159 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.213.120.159"; classtype:trojan-activity; sid:37589141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.152.158.49 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.152.158.49"; classtype:trojan-activity; sid:37589151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.23.91.186 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.23.91.186"; classtype:trojan-activity; sid:37605261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.161.121.29 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.161.121.29"; classtype:trojan-activity; sid:37574501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 178.34.106.97 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.34.106.97"; classtype:trojan-activity; sid:37589161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 136.57.144.156 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 136.57.144.156"; classtype:trojan-activity; sid:37589171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.58.139.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.139.51"; classtype:trojan-activity; sid:37589181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.233.111.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.233.111.45"; classtype:trojan-activity; sid:37605271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.103.128.198 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.128.198"; classtype:trojan-activity; sid:37589191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.31.217.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.31.217.18"; classtype:trojan-activity; sid:37605281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.229.103.189 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.103.189"; classtype:trojan-activity; sid:37605291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 31.43.99.137 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.43.99.137"; classtype:trojan-activity; sid:37589201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.148.29.248 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.148.29.248"; classtype:trojan-activity; sid:37605301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.61.217.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.217.62"; classtype:trojan-activity; sid:37589211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.13.208.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.13.208.53"; classtype:trojan-activity; sid:37589221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.106.21.161 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.106.21.161"; classtype:trojan-activity; sid:37578781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 114.80.34.158 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.80.34.158"; classtype:trojan-activity; sid:37605311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.50 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.50"; classtype:trojan-activity; sid:37747381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 177.200.6.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.200.6.203"; classtype:trojan-activity; sid:37589231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.241.224.185 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.241.224.185"; classtype:trojan-activity; sid:37589241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.13.227.186 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.13.227.186"; classtype:trojan-activity; sid:37589251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.182.96.215 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.182.96.215"; classtype:trojan-activity; sid:37589261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.141.171.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.141.171.139"; classtype:trojan-activity; sid:37605321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.30.11 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.30.11"; classtype:trojan-activity; sid:37605331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 153.150.118.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.150.118.204"; classtype:trojan-activity; sid:37605341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.76.153.250 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.153.250"; classtype:trojan-activity; sid:37578791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 117.235.68.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.235.68.154"; classtype:trojan-activity; sid:37589271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.157.237.97 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.237.97"; classtype:trojan-activity; sid:37605351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.58.126.24 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.126.24"; classtype:trojan-activity; sid:37589281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.103.37.76 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.103.37.76"; classtype:trojan-activity; sid:37589291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 197.40.10.86 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.40.10.86"; classtype:trojan-activity; sid:37589301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.226.119.58 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.226.119.58"; classtype:trojan-activity; sid:37605361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 221.237.182.46 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.237.182.46"; classtype:trojan-activity; sid:37589311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 95.106.150.78 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.106.150.78"; classtype:trojan-activity; sid:37589321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.102.11.225 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.102.11.225"; classtype:trojan-activity; sid:37605371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.83.50.118 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.83.50.118"; classtype:trojan-activity; sid:37589331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.48.250.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.17"; classtype:trojan-activity; sid:37589341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.143.183.96 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.143.183.96"; classtype:trojan-activity; sid:37589351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.86.131.245 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.86.131.245"; classtype:trojan-activity; sid:37589361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.156.30.217 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.30.217"; classtype:trojan-activity; sid:37605381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip $HOME_NET any -> 93.123.85.197 606 (msg: "MISP e27167 [] Outgoing To IP: 93.123.85.197|606"; classtype:trojan-activity; sid:37853801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 43.156.29.177 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.29.177"; classtype:trojan-activity; sid:37605391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.13 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.13"; classtype:trojan-activity; sid:37578801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 175.151.115.167 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.151.115.167"; classtype:trojan-activity; sid:37589371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.77.84.71 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.77.84.71"; classtype:trojan-activity; sid:37589381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 38.242.251.79 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.242.251.79"; classtype:trojan-activity; sid:37589391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 143.110.233.79 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.233.79"; classtype:trojan-activity; sid:37605401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.193.2.121 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.2.121"; classtype:trojan-activity; sid:37605411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.116.218.120 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.116.218.120"; classtype:trojan-activity; sid:37589401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.158.103.138 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.103.138"; classtype:trojan-activity; sid:37605421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.24.145.79 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.24.145.79"; classtype:trojan-activity; sid:37589411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.31.170.25 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.170.25"; classtype:trojan-activity; sid:37589421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.173.174.97 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.173.174.97"; classtype:trojan-activity; sid:37605431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.103.72.191 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.72.191"; classtype:trojan-activity; sid:37589431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 140.246.149.76 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.246.149.76"; classtype:trojan-activity; sid:37578811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 150.158.36.157 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.36.157"; classtype:trojan-activity; sid:37574511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 175.209.9.144 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.209.9.144"; classtype:trojan-activity; sid:37605441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 79.41.209.184 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.41.209.184"; classtype:trojan-activity; sid:37589441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.200.60.74 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.60.74"; classtype:trojan-activity; sid:37605451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 181.101.108.38 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.101.108.38"; classtype:trojan-activity; sid:37589451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.98.47 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.98.47"; classtype:trojan-activity; sid:37605461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.61.228 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.61.228"; classtype:trojan-activity; sid:37605471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.33.120.18 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.33.120.18"; classtype:trojan-activity; sid:37578821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 50.31.21.11 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.31.21.11"; classtype:trojan-activity; sid:37747391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 43.156.0.112 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.0.112"; classtype:trojan-activity; sid:37605481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.20.27 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.20.27"; classtype:trojan-activity; sid:37605491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.74.7.106 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.74.7.106"; classtype:trojan-activity; sid:37605501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.102.169.20 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.169.20"; classtype:trojan-activity; sid:37589461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.251.67.183 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.251.67.183"; classtype:trojan-activity; sid:37574521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.101 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.101"; classtype:trojan-activity; sid:37747401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 194.187.176.114 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.114"; classtype:trojan-activity; sid:37578831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 106.55.20.84 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.20.84"; classtype:trojan-activity; sid:37605511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.170.247.28 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.247.28"; classtype:trojan-activity; sid:37578841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 119.98.244.43 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.98.244.43"; classtype:trojan-activity; sid:37589471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.2.144.10 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.2.144.10"; classtype:trojan-activity; sid:37589481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.67.254.109 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.67.254.109"; classtype:trojan-activity; sid:37578851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 201.216.223.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.216.223.168"; classtype:trojan-activity; sid:37589491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 71.246.111.202 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.246.111.202"; classtype:trojan-activity; sid:37589501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.57.78 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.57.78"; classtype:trojan-activity; sid:37605521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 72.180.173.69 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.180.173.69"; classtype:trojan-activity; sid:37589511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.133.157.9 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.133.157.9"; classtype:trojan-activity; sid:37589521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 185.222.58.83 55615 (msg: "MISP e26842 [RedLineStealer] Outgoing To IP: 185.222.58.83|55615"; classtype:trojan-activity; sid:37561501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 198.235.24.117 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.117"; classtype:trojan-activity; sid:37578861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 67.174.143.52 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 67.174.143.52"; classtype:trojan-activity; sid:37589531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.247.147.173 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.247.147.173"; classtype:trojan-activity; sid:37605531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 95.56.105.254 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.56.105.254"; classtype:trojan-activity; sid:37574531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 201.77.115.22 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.77.115.22"; classtype:trojan-activity; sid:37589541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.202.246.212 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.202.246.212"; classtype:trojan-activity; sid:37589551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 141.98.11.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.169"; classtype:trojan-activity; sid:37605541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 192.241.151.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.151.75"; classtype:trojan-activity; sid:37589561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 107.170.231.9 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.231.9"; classtype:trojan-activity; sid:37605551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.3.76.218 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.3.76.218"; classtype:trojan-activity; sid:37605561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.36.196.124 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.36.196.124"; classtype:trojan-activity; sid:37605571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 50.46.11.137 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.46.11.137"; classtype:trojan-activity; sid:37589571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 71.6.232.28 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.6.232.28"; classtype:trojan-activity; sid:37589581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 128.201.217.192 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.201.217.192"; classtype:trojan-activity; sid:37589591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.203.57.19 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.203.57.19"; classtype:trojan-activity; sid:37589601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.156.22.4 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.156.22.4"; classtype:trojan-activity; sid:37605581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.76.134.203 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.134.203"; classtype:trojan-activity; sid:37605591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.207.218.249 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.207.218.249"; classtype:trojan-activity; sid:37605601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.178.41.215 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.178.41.215"; classtype:trojan-activity; sid:37589611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 136.33.247.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 136.33.247.88"; classtype:trojan-activity; sid:37589621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.243.189.181 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.243.189.181"; classtype:trojan-activity; sid:37605611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.141.26.232 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.141.26.232"; classtype:trojan-activity; sid:37578871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 222.133.66.115 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.133.66.115"; classtype:trojan-activity; sid:37589631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 153.184.71.6 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.184.71.6"; classtype:trojan-activity; sid:37589641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 39.74.152.89 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.74.152.89"; classtype:trojan-activity; sid:37589651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.40.183.200 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.183.200"; classtype:trojan-activity; sid:37574541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 27.72.62.222 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.72.62.222"; classtype:trojan-activity; sid:37605621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.58.118.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.118.128"; classtype:trojan-activity; sid:37589661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.131.144.8 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.144.8"; classtype:trojan-activity; sid:37605631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 120.48.89.254 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.89.254"; classtype:trojan-activity; sid:37605641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 153.145.183.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.145.183.3"; classtype:trojan-activity; sid:37589671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.150.28.19 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.150.28.19"; classtype:trojan-activity; sid:37605651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.57.60.226 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.57.60.226"; classtype:trojan-activity; sid:37589681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 95.130.227.252 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.130.227.252"; classtype:trojan-activity; sid:37605661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.142.79.238 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.142.79.238"; classtype:trojan-activity; sid:37589691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.219.167.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.219.167.45"; classtype:trojan-activity; sid:37605671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.164 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.164"; classtype:trojan-activity; sid:37605681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 194.169.175.178 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.169.175.178"; classtype:trojan-activity; sid:37605691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.30.82.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.82.88"; classtype:trojan-activity; sid:37589701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.228.248.116 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.228.248.116"; classtype:trojan-activity; sid:37574551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 112.113.210.111 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.113.210.111"; classtype:trojan-activity; sid:37589711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.30.98.134 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.30.98.134"; classtype:trojan-activity; sid:37605701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.131.186.247 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.186.247"; classtype:trojan-activity; sid:37605711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 165.227.191.78 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.191.78"; classtype:trojan-activity; sid:37605721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 194.180.48.4 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.180.48.4"; classtype:trojan-activity; sid:37578881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 121.226.206.233 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.226.206.233"; classtype:trojan-activity; sid:37589721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.150.114.179 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.150.114.179"; classtype:trojan-activity; sid:37578891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 175.24.207.112 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.24.207.112"; classtype:trojan-activity; sid:37605731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.117.252.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.117.252.158"; classtype:trojan-activity; sid:37589731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.75.56.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.75.56.4"; classtype:trojan-activity; sid:37589741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.83.137.176 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.83.137.176"; classtype:trojan-activity; sid:37589751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 152.32.236.74 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.236.74"; classtype:trojan-activity; sid:37605741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.132.124.95 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.132.124.95"; classtype:trojan-activity; sid:37574561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 101.132.72.42 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.132.72.42"; classtype:trojan-activity; sid:37574571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 101.37.124.206 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.37.124.206"; classtype:trojan-activity; sid:37574581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.54.181.82 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.181.82"; classtype:trojan-activity; sid:37574591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 101.34.235.198 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.235.198"; classtype:trojan-activity; sid:37574601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 111.229.30.152 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.30.152"; classtype:trojan-activity; sid:37574611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 112.74.56.254 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.74.56.254"; classtype:trojan-activity; sid:37574621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 51.158.205.47 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.158.205.47"; classtype:trojan-activity; sid:37578901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.161.248.148 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.161.248.148"; classtype:trojan-activity; sid:37578911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.251.75.145 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.251.75.145"; classtype:trojan-activity; sid:37578921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 79.56.172.159 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.56.172.159"; classtype:trojan-activity; sid:37589761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.110 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.110"; classtype:trojan-activity; sid:37747411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 84.17.35.117 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.117"; classtype:trojan-activity; sid:37574631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 220.130.226.160 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.130.226.160"; classtype:trojan-activity; sid:37574641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 183.104.160.181 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.104.160.181"; classtype:trojan-activity; sid:37605751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 141.98.11.141 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.141"; classtype:trojan-activity; sid:37605761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.92.0.26 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.26"; classtype:trojan-activity; sid:37605771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.72.16.162 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.72.16.162"; classtype:trojan-activity; sid:37605781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 186.4.174.138 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.4.174.138"; classtype:trojan-activity; sid:37605791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 146.190.143.102 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.143.102"; classtype:trojan-activity; sid:37605801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 51.250.109.172 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.250.109.172"; classtype:trojan-activity; sid:37605811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.92.0.47 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.47"; classtype:trojan-activity; sid:37605821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 85.209.11.27 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.209.11.27"; classtype:trojan-activity; sid:37605831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 120.55.38.47 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.55.38.47"; classtype:trojan-activity; sid:37574651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.41.65.82 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.41.65.82"; classtype:trojan-activity; sid:37574661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 190.196.165.186 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.196.165.186"; classtype:trojan-activity; sid:37574671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.41.65.161 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.41.65.161"; classtype:trojan-activity; sid:37574681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.40.139.171 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.139.171"; classtype:trojan-activity; sid:37574691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 182.61.138.60 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.138.60"; classtype:trojan-activity; sid:37574701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 175.146.222.152 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.146.222.152"; classtype:trojan-activity; sid:37589771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 202.43.110.181 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.43.110.181"; classtype:trojan-activity; sid:37574711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 223.13.192.156 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.13.192.156"; classtype:trojan-activity; sid:37589781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 203.113.38.232 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.113.38.232"; classtype:trojan-activity; sid:37574721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 161.216.43.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.216.43.53"; classtype:trojan-activity; sid:37589791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 107.170.255.12 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.255.12"; classtype:trojan-activity; sid:37747421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 203.113.38.226 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.113.38.226"; classtype:trojan-activity; sid:37574731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 60.161.74.235 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.161.74.235"; classtype:trojan-activity; sid:37589801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 85.105.235.70 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.105.235.70"; classtype:trojan-activity; sid:37589811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.81.130.136 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.81.130.136"; classtype:trojan-activity; sid:37574741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 138.199.40.173 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.199.40.173"; classtype:trojan-activity; sid:37574751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 154.160.5.215 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.160.5.215"; classtype:trojan-activity; sid:37574761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 112.112.244.25 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.112.244.25"; classtype:trojan-activity; sid:37589821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.102 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.102"; classtype:trojan-activity; sid:37747431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 146.70.186.118 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.118"; classtype:trojan-activity; sid:37574771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 141.98.9.34 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.9.34"; classtype:trojan-activity; sid:37578931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.236.38.137 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.236.38.137"; classtype:trojan-activity; sid:37605841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.116.46.241 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.116.46.241"; classtype:trojan-activity; sid:37589831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.91.186.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.91.186.93"; classtype:trojan-activity; sid:37605851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 41.74.141.21 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.74.141.21"; classtype:trojan-activity; sid:37589841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.116.19.43 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.116.19.43"; classtype:trojan-activity; sid:37589851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.244.35.215 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.244.35.215"; classtype:trojan-activity; sid:37589861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.95.201.157 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.95.201.157"; classtype:trojan-activity; sid:37589871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.210.31.205 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.205"; classtype:trojan-activity; sid:37578941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 80.190.174.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.190.174.169"; classtype:trojan-activity; sid:37605861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.79.38.219 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.38.219"; classtype:trojan-activity; sid:37605871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.243.192.95 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.243.192.95"; classtype:trojan-activity; sid:37589881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 193.223.104.45 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.223.104.45"; classtype:trojan-activity; sid:37578951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.153.112.196 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.112.196"; classtype:trojan-activity; sid:37605881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.142.142.223 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.142.223"; classtype:trojan-activity; sid:37605891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 209.38.208.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.38.208.65"; classtype:trojan-activity; sid:37605901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.128.133.17 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.133.17"; classtype:trojan-activity; sid:37605911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.54.225.228 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.54.225.228"; classtype:trojan-activity; sid:37589891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.26.142.134 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.142.134"; classtype:trojan-activity; sid:37589901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.156.83.109 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.83.109"; classtype:trojan-activity; sid:37605921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.233.19.205 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.233.19.205"; classtype:trojan-activity; sid:37589911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 68.183.18.215 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.18.215"; classtype:trojan-activity; sid:37605931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.225.100.44 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.225.100.44"; classtype:trojan-activity; sid:37589921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.138.109.80 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.109.80"; classtype:trojan-activity; sid:37605941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.166.180.212 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.180.212"; classtype:trojan-activity; sid:37605951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.196.8.151 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.196.8.151"; classtype:trojan-activity; sid:37605961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.201.76.218 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.201.76.218"; classtype:trojan-activity; sid:37589931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.191.254.83 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.191.254.83"; classtype:trojan-activity; sid:37574781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 205.210.31.201 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.201"; classtype:trojan-activity; sid:37605971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.54.205.141 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.205.141"; classtype:trojan-activity; sid:37589941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 38.7.199.70 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.199.70"; classtype:trojan-activity; sid:37605981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.53.116.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.53.116.82"; classtype:trojan-activity; sid:37589951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.101.134.6 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.134.6"; classtype:trojan-activity; sid:37747441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 221.233.213.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.233.213.90"; classtype:trojan-activity; sid:37589961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.150.98.41 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.150.98.41"; classtype:trojan-activity; sid:37605991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.251 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.251"; classtype:trojan-activity; sid:37747451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 175.178.194.27 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.194.27"; classtype:trojan-activity; sid:37606001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.130.96.241 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.130.96.241"; classtype:trojan-activity; sid:37574791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 182.61.45.113 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.45.113"; classtype:trojan-activity; sid:37606011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.163.234.211 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.234.211"; classtype:trojan-activity; sid:37606021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.107.115.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.107.115.128"; classtype:trojan-activity; sid:37589971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.14.202.35 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.202.35"; classtype:trojan-activity; sid:37606031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.130.28.152 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.28.152"; classtype:trojan-activity; sid:37606041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 206.189.46.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.46.93"; classtype:trojan-activity; sid:37606051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.99.123.205 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.99.123.205"; classtype:trojan-activity; sid:37589981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.131.183.69 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.131.183.69"; classtype:trojan-activity; sid:37589991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.92.237.221 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.92.237.221"; classtype:trojan-activity; sid:37590001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.135.150.76 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.150.76"; classtype:trojan-activity; sid:37606061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.210.31.207 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.207"; classtype:trojan-activity; sid:37747461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 39.173.95.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.173.95.32"; classtype:trojan-activity; sid:37590011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.196.198.96 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.196.198.96"; classtype:trojan-activity; sid:37747471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 85.249.28.83 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.249.28.83"; classtype:trojan-activity; sid:37574801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 117.206.122.40 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.206.122.40"; classtype:trojan-activity; sid:37590021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.185 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.185"; classtype:trojan-activity; sid:37606071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.3.150.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.3.150.220"; classtype:trojan-activity; sid:37590031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.109.227.134 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.134"; classtype:trojan-activity; sid:37590041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.72.8.31 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.8.31"; classtype:trojan-activity; sid:37747481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 140.246.220.165 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.246.220.165"; classtype:trojan-activity; sid:37606081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.30.204.116 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.204.116"; classtype:trojan-activity; sid:37590051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 41.191.116.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.191.116.18"; classtype:trojan-activity; sid:37606091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 186.227.193.156 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.227.193.156"; classtype:trojan-activity; sid:37606101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.183.35.202 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.183.35.202"; classtype:trojan-activity; sid:37590061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.227.208.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.227.208.82"; classtype:trojan-activity; sid:37590071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 212.27.30.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.27.30.60"; classtype:trojan-activity; sid:37590081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.140.233.48 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.140.233.48"; classtype:trojan-activity; sid:37590091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.110.218.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.110.218.154"; classtype:trojan-activity; sid:37590101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 185.222.58.83 55615 (msg: "MISP e27167 [] Outgoing To IP: 185.222.58.83|55615"; classtype:trojan-activity; sid:37853811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 47.199.112.156 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.199.112.156"; classtype:trojan-activity; sid:37590111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.158.156.4 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.156.4"; classtype:trojan-activity; sid:37606111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.85.198.43 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.85.198.43"; classtype:trojan-activity; sid:37590121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.91.29.140 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.91.29.140"; classtype:trojan-activity; sid:37574811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 162.243.139.35 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.139.35"; classtype:trojan-activity; sid:37590131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.113 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.113"; classtype:trojan-activity; sid:37578961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 125.26.201.16 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.201.16"; classtype:trojan-activity; sid:37590141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.159.232.204 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.159.232.204"; classtype:trojan-activity; sid:37590151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 78.186.203.167 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.186.203.167"; classtype:trojan-activity; sid:37590161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.105.33.16 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.105.33.16"; classtype:trojan-activity; sid:37747491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 103.63.108.25 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.63.108.25"; classtype:trojan-activity; sid:37606121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.142.30.91 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.142.30.91"; classtype:trojan-activity; sid:37606131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.89.60.153 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.60.153"; classtype:trojan-activity; sid:37606141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.161.220.18 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.161.220.18"; classtype:trojan-activity; sid:37590171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.213.26.131 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.213.26.131"; classtype:trojan-activity; sid:37590181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.219.167.20 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.219.167.20"; classtype:trojan-activity; sid:37606151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.223 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.223"; classtype:trojan-activity; sid:37747501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 36.74.117.172 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.74.117.172"; classtype:trojan-activity; sid:37574821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.124 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.124"; classtype:trojan-activity; sid:37578971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 122.117.28.201 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.28.201"; classtype:trojan-activity; sid:37590191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 166.253.68.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 166.253.68.54"; classtype:trojan-activity; sid:37590201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 71.6.146.130 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.6.146.130"; classtype:trojan-activity; sid:37574831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.254.1.81 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.254.1.81"; classtype:trojan-activity; sid:37574841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 167.172.158.91 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.158.91"; classtype:trojan-activity; sid:37574851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 76.133.223.149 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.133.223.149"; classtype:trojan-activity; sid:37606161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.226.186.102 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.226.186.102"; classtype:trojan-activity; sid:37590211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 107.9.49.221 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.9.49.221"; classtype:trojan-activity; sid:37606171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.94.146.51 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.146.51"; classtype:trojan-activity; sid:37747511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 104.152.52.195 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.152.52.195"; classtype:trojan-activity; sid:37590221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.131.13.25 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.13.25"; classtype:trojan-activity; sid:37606181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.90.246 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.90.246"; classtype:trojan-activity; sid:37606191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 68.183.85.57 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.85.57"; classtype:trojan-activity; sid:37606201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 213.230.110.13 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.230.110.13"; classtype:trojan-activity; sid:37574861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.114 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.114"; classtype:trojan-activity; sid:37578981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.128.27.165 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.128.27.165"; classtype:trojan-activity; sid:37590231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.67.31.241 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.67.31.241"; classtype:trojan-activity; sid:37606211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.155.171.31 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.171.31"; classtype:trojan-activity; sid:37606221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 134.209.156.5 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.156.5"; classtype:trojan-activity; sid:37606231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.189.93.13 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.189.93.13"; classtype:trojan-activity; sid:37606241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.135.146.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.146.18"; classtype:trojan-activity; sid:37606251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.43.231.195 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.231.195"; classtype:trojan-activity; sid:37606261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 179.49.99.198 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.49.99.198"; classtype:trojan-activity; sid:37590241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.5.68.59 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.5.68.59"; classtype:trojan-activity; sid:37606271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.126.9.67 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.126.9.67"; classtype:trojan-activity; sid:37590251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 128.199.211.78 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.211.78"; classtype:trojan-activity; sid:37606281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.165.131.14 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.165.131.14"; classtype:trojan-activity; sid:37606291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.84.147 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.84.147"; classtype:trojan-activity; sid:37606301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.154.235.92 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.235.92"; classtype:trojan-activity; sid:37606311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.152.48.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.152.48.139"; classtype:trojan-activity; sid:37606321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.229.62.94 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.229.62.94"; classtype:trojan-activity; sid:37606331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.100.15 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.100.15"; classtype:trojan-activity; sid:37606341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.99.124.104 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.124.104"; classtype:trojan-activity; sid:37574871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 183.4.224.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.4.224.181"; classtype:trojan-activity; sid:37590261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.138.100.66 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.100.66"; classtype:trojan-activity; sid:37606351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 134.209.168.219 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.168.219"; classtype:trojan-activity; sid:37606361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 39.105.35.21 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.105.35.21"; classtype:trojan-activity; sid:37606371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.253.104.253 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.253.104.253"; classtype:trojan-activity; sid:37590271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.156.30.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.30.2"; classtype:trojan-activity; sid:37606381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.89.47 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.89.47"; classtype:trojan-activity; sid:37606391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 81.214.75.160 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.214.75.160"; classtype:trojan-activity; sid:37590281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.79.181.251 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.181.251"; classtype:trojan-activity; sid:37606401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.147.179 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.147.179"; classtype:trojan-activity; sid:37606411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.254.1.67 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.254.1.67"; classtype:trojan-activity; sid:37574881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.133.34.99 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.34.99"; classtype:trojan-activity; sid:37606421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 60.170.105.66 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.170.105.66"; classtype:trojan-activity; sid:37606431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 217.210.84.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.210.84.88"; classtype:trojan-activity; sid:37590291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.75.176.115 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.75.176.115"; classtype:trojan-activity; sid:37590301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 181.55.188.218 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.55.188.218"; classtype:trojan-activity; sid:37606441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.143.49.58 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.49.58"; classtype:trojan-activity; sid:37606451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.106.99.201 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.99.201"; classtype:trojan-activity; sid:37606461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.0.234.118 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.0.234.118"; classtype:trojan-activity; sid:37578991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 180.76.227.46 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.227.46"; classtype:trojan-activity; sid:37606471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 8.213.22.73 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.213.22.73"; classtype:trojan-activity; sid:37606481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.54.217.227 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.217.227"; classtype:trojan-activity; sid:37606491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.222.192.119 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.192.119"; classtype:trojan-activity; sid:37606501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.79.181.223 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.181.223"; classtype:trojan-activity; sid:37606511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.71.84 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.71.84"; classtype:trojan-activity; sid:37606521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.171.133.104 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.171.133.104"; classtype:trojan-activity; sid:37590311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.138.177.42 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.177.42"; classtype:trojan-activity; sid:37606531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.12.224.148 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.12.224.148"; classtype:trojan-activity; sid:37590321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.94.138.34 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.34"; classtype:trojan-activity; sid:37579001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.158.123.116 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.158.123.116"; classtype:trojan-activity; sid:37590331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.158.87.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.87.169"; classtype:trojan-activity; sid:37606541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.151.44.205 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.151.44.205"; classtype:trojan-activity; sid:37606551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 140.210.196.114 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.210.196.114"; classtype:trojan-activity; sid:37606561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 189.142.148.12 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.142.148.12"; classtype:trojan-activity; sid:37590341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.138.214.209 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.138.214.209"; classtype:trojan-activity; sid:37590351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.222.221.6 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.221.6"; classtype:trojan-activity; sid:37606571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 67.205.190.61 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 67.205.190.61"; classtype:trojan-activity; sid:37606581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.220.31.109 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.220.31.109"; classtype:trojan-activity; sid:37606591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 184.67.204.178 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.67.204.178"; classtype:trojan-activity; sid:37590361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.134.165.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.134.165.231"; classtype:trojan-activity; sid:37590371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.244.136.159 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.244.136.159"; classtype:trojan-activity; sid:37579011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 223.9.44.69 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.9.44.69"; classtype:trojan-activity; sid:37590381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.239.172.244 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.239.172.244"; classtype:trojan-activity; sid:37590391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.89.86.167 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.89.86.167"; classtype:trojan-activity; sid:37590401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.77.38.15 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.77.38.15"; classtype:trojan-activity; sid:37590411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.227.64.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.227.64.90"; classtype:trojan-activity; sid:37590421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.172.153.100 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.172.153.100"; classtype:trojan-activity; sid:37606601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.234.231.12 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.234.231.12"; classtype:trojan-activity; sid:37590431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 54.37.153.81 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.37.153.81"; classtype:trojan-activity; sid:37606611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.8.114.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.8.114.4"; classtype:trojan-activity; sid:37590441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 192.241.203.37 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.203.37"; classtype:trojan-activity; sid:37747521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 67.166.159.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 67.166.159.204"; classtype:trojan-activity; sid:37606621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 186.225.189.149 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.225.189.149"; classtype:trojan-activity; sid:37590451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.163.118.168 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.163.118.168"; classtype:trojan-activity; sid:37606631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 168.197.104.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.197.104.130"; classtype:trojan-activity; sid:37590461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.225.109.87 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.225.109.87"; classtype:trojan-activity; sid:37590471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.136.225.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.136.225.32"; classtype:trojan-activity; sid:37590481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.234.36.217 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.36.217"; classtype:trojan-activity; sid:37606641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.64.157.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.64.157.225"; classtype:trojan-activity; sid:37590491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 66.215.32.119 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.215.32.119"; classtype:trojan-activity; sid:37590501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.184.193.235 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.184.193.235"; classtype:trojan-activity; sid:37590511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.115.40.27 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.115.40.27"; classtype:trojan-activity; sid:37590521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 143.110.136.180 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.136.180"; classtype:trojan-activity; sid:37579021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 14.240.230.24 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.240.230.24"; classtype:trojan-activity; sid:37590531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.33.59.119 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.33.59.119"; classtype:trojan-activity; sid:37579031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 118.182.85.69 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.182.85.69"; classtype:trojan-activity; sid:37590541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.226.180.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.226.180.17"; classtype:trojan-activity; sid:37590551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.213.109.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.213.109.34"; classtype:trojan-activity; sid:37590561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.165.83.22 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.165.83.22"; classtype:trojan-activity; sid:37590571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.76.36.75 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.36.75"; classtype:trojan-activity; sid:37606651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.157.94.147 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.94.147"; classtype:trojan-activity; sid:37606661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.239.163.0 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.239.163.0"; classtype:trojan-activity; sid:37590581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.163.50.97 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.163.50.97"; classtype:trojan-activity; sid:37590591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.170.46.140 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.170.46.140"; classtype:trojan-activity; sid:37606671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 157.245.99.230 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.99.230"; classtype:trojan-activity; sid:37606681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.59.1.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.59.1.107"; classtype:trojan-activity; sid:37590601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.63 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.63"; classtype:trojan-activity; sid:37579041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 221.162.209.158 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.162.209.158"; classtype:trojan-activity; sid:37606691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.139.164.69 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.164.69"; classtype:trojan-activity; sid:37606701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 161.35.129.255 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.129.255"; classtype:trojan-activity; sid:37606711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.93.131.242 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.131.242"; classtype:trojan-activity; sid:37574891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 61.240.138.240 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.240.138.240"; classtype:trojan-activity; sid:37606721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.43.76.134 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.43.76.134"; classtype:trojan-activity; sid:37590611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 157.230.124.218 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.124.218"; classtype:trojan-activity; sid:37606731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.160.153.112 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.160.153.112"; classtype:trojan-activity; sid:37590621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.3.97.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.3.97.181"; classtype:trojan-activity; sid:37590631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.154.172.119 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.154.172.119"; classtype:trojan-activity; sid:37590641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 192.241.235.32 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.235.32"; classtype:trojan-activity; sid:37606741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.96.171.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.96.171.17"; classtype:trojan-activity; sid:37590651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.90.53.151 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.90.53.151"; classtype:trojan-activity; sid:37590661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.156.134.128 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.134.128"; classtype:trojan-activity; sid:37574901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 124.223.219.43 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.219.43"; classtype:trojan-activity; sid:37606751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.239.38.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.239.38.168"; classtype:trojan-activity; sid:37590671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 200.69.57.236 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.69.57.236"; classtype:trojan-activity; sid:37590681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.147.213.162 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.147.213.162"; classtype:trojan-activity; sid:37606761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.228.64.46 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.228.64.46"; classtype:trojan-activity; sid:37590691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.30.69.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.69.181"; classtype:trojan-activity; sid:37590701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.130.59.111 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.59.111"; classtype:trojan-activity; sid:37606771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.35.54.203 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.54.203"; classtype:trojan-activity; sid:37606781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 75.31.75.97 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.31.75.97"; classtype:trojan-activity; sid:37590711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.55.57.26 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.55.57.26"; classtype:trojan-activity; sid:37574911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 58.247.43.46 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.247.43.46"; classtype:trojan-activity; sid:37590721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 60.32.152.198 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.32.152.198"; classtype:trojan-activity; sid:37574921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 220.172.226.172 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.172.226.172"; classtype:trojan-activity; sid:37590731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.83.211.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.83.211.32"; classtype:trojan-activity; sid:37590741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.133.12.6 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.133.12.6"; classtype:trojan-activity; sid:37606791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.227.23.14 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.227.23.14"; classtype:trojan-activity; sid:37590751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.95.59.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.95.59.154"; classtype:trojan-activity; sid:37590761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.51.207.184 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.207.184"; classtype:trojan-activity; sid:37606801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.122.3.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.122.3.231"; classtype:trojan-activity; sid:37590771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.13.31.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.13.31.75"; classtype:trojan-activity; sid:37590781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.112.49.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.112.49.74"; classtype:trojan-activity; sid:37590791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.243.148.4 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.148.4"; classtype:trojan-activity; sid:37747531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 120.6.85.89 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.6.85.89"; classtype:trojan-activity; sid:37590801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.80.46.125 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.80.46.125"; classtype:trojan-activity; sid:37590811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.79.114.211 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.114.211"; classtype:trojan-activity; sid:37579051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 111.70.3.24 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.3.24"; classtype:trojan-activity; sid:37590821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.163.198.96 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.163.198.96"; classtype:trojan-activity; sid:37606811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 186.226.188.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.226.188.75"; classtype:trojan-activity; sid:37590831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 211.51.243.175 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.51.243.175"; classtype:trojan-activity; sid:37590841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 85.198.8.149 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.198.8.149"; classtype:trojan-activity; sid:37606821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip $HOME_NET any -> 173.44.141.149 4001 (msg: "MISP e26842 [SystemBC] Outgoing To IP: 173.44.141.149|4001"; classtype:trojan-activity; sid:37561511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 179.221.100.183 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.221.100.183"; classtype:trojan-activity; sid:37590851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.9.73.67 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.9.73.67"; classtype:trojan-activity; sid:37590861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.25.133.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.25.133.231"; classtype:trojan-activity; sid:37590871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 173.44.141.149 4001 (msg: "MISP e27167 [] Outgoing To IP: 173.44.141.149|4001"; classtype:trojan-activity; sid:37853821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 42.51.13.155 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.13.155"; classtype:trojan-activity; sid:37606831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.91.39.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.91.39.197"; classtype:trojan-activity; sid:37590881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.165.188.113 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.165.188.113"; classtype:trojan-activity; sid:37590891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.98.182.99 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.98.182.99"; classtype:trojan-activity; sid:37590901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.14.132 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.14.132"; classtype:trojan-activity; sid:37606841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.89.20 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.89.20"; classtype:trojan-activity; sid:37606851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.152.72.200 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.152.72.200"; classtype:trojan-activity; sid:37606861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.131.252.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.252.204"; classtype:trojan-activity; sid:37606871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.131.234.215 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.234.215"; classtype:trojan-activity; sid:37606881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.93.206 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.93.206"; classtype:trojan-activity; sid:37606891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.177.195 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.177.195"; classtype:trojan-activity; sid:37606901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.228.28 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.228.28"; classtype:trojan-activity; sid:37606911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.17.9 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.17.9"; classtype:trojan-activity; sid:37606921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.37.148 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.37.148"; classtype:trojan-activity; sid:37606931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.254 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.254"; classtype:trojan-activity; sid:37579061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 40.90.239.97 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 40.90.239.97"; classtype:trojan-activity; sid:37579071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 45.141.87.103 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.141.87.103"; classtype:trojan-activity; sid:37579081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 94.20.233.181 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.20.233.181"; classtype:trojan-activity; sid:37574931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 82.207.8.202 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.207.8.202"; classtype:trojan-activity; sid:37606941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 60.160.171.131 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.160.171.131"; classtype:trojan-activity; sid:37590911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.97.218.142 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.97.218.142"; classtype:trojan-activity; sid:37606951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.191.209.206 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.191.209.206"; classtype:trojan-activity; sid:37606961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.163.224.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.224.204"; classtype:trojan-activity; sid:37606971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.163.199.115 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.199.115"; classtype:trojan-activity; sid:37606981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 60.220.185.35 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.220.185.35"; classtype:trojan-activity; sid:37606991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.51.39.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.39.54"; classtype:trojan-activity; sid:37607001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 213.230.102.198 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.230.102.198"; classtype:trojan-activity; sid:37574941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 172.81.62.238 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.238"; classtype:trojan-activity; sid:37574951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 178.124.27.127 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.124.27.127"; classtype:trojan-activity; sid:37574961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 178.124.84.121 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.124.84.121"; classtype:trojan-activity; sid:37574971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 172.81.62.241 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.241"; classtype:trojan-activity; sid:37574981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 92.63.204.33 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.63.204.33"; classtype:trojan-activity; sid:37574991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 125.27.114.160 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.27.114.160"; classtype:trojan-activity; sid:37590921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.101.143.249 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.143.249"; classtype:trojan-activity; sid:37747541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 116.207.31.69 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.207.31.69"; classtype:trojan-activity; sid:37590931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 42.2.112.129 32002 (msg: "MISP e26842 [Deimos,HKTIMS-AP HKT Limited] Outgoing To IP: 42.2.112.129|32002"; classtype:trojan-activity; sid:37561521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 175.149.47.77 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.149.47.77"; classtype:trojan-activity; sid:37590941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 172.104.53.129 10002 (msg: "MISP e26842 [AKAMAI-LINODE-AP Akamai Connected Cloud,Deimos] Outgoing To IP: 172.104.53.129|10002"; classtype:trojan-activity; sid:37561531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 124.98.150.23 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.98.150.23"; classtype:trojan-activity; sid:37590951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.22.74.159 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.22.74.159"; classtype:trojan-activity; sid:37590961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.34.118.50 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.34.118.50"; classtype:trojan-activity; sid:37590971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.9.55.134 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.9.55.134"; classtype:trojan-activity; sid:37590981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.83.236.26 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.83.236.26"; classtype:trojan-activity; sid:37590991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.31.202.234 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.202.234"; classtype:trojan-activity; sid:37591001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.205.230.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.205.230.85"; classtype:trojan-activity; sid:37591011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 216.146.26.94 80 (msg: "MISP e26842 [Bianlian Go Trojan,CDNEXT] Outgoing To IP: 216.146.26.94|80"; classtype:trojan-activity; sid:37561541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 49.130.21.26 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.130.21.26"; classtype:trojan-activity; sid:37591021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 216.146.26.94 443 (msg: "MISP e26842 [Bianlian Go Trojan,CDNEXT] Outgoing To IP: 216.146.26.94|443"; classtype:trojan-activity; sid:37561551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 49.82.95.149 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.82.95.149"; classtype:trojan-activity; sid:37591031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 193.242.195.21 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.242.195.21"; classtype:trojan-activity; sid:37575001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 5.187.205.251 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.187.205.251"; classtype:trojan-activity; sid:37591041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.147.236.10 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.147.236.10"; classtype:trojan-activity; sid:37591051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 176.64.29.28 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.64.29.28"; classtype:trojan-activity; sid:37575011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 165.154.128.199 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.128.199"; classtype:trojan-activity; sid:37579091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 209.141.40.117 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.141.40.117"; classtype:trojan-activity; sid:37747551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 117.23.6.96 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.23.6.96"; classtype:trojan-activity; sid:37607011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.129 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.129"; classtype:trojan-activity; sid:37579101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 220.163.199.24 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.163.199.24"; classtype:trojan-activity; sid:37591061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.199.115.123 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.115.123"; classtype:trojan-activity; sid:37591071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.102.64.108 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.102.64.108"; classtype:trojan-activity; sid:37607021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.137.205.60 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.137.205.60"; classtype:trojan-activity; sid:37607031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.62.61.246 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.62.61.246"; classtype:trojan-activity; sid:37579111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 109.75.45.104 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.75.45.104"; classtype:trojan-activity; sid:37591081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 39.39.117.232 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.39.117.232"; classtype:trojan-activity; sid:37591091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.227.93.13 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.227.93.13"; classtype:trojan-activity; sid:37591101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 188.234.151.86 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.234.151.86"; classtype:trojan-activity; sid:37591111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 64.227.179.34 40056 (msg: "MISP e26842 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 64.227.179.34|40056"; classtype:trojan-activity; sid:37561561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 162.62.127.207 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.127.207"; classtype:trojan-activity; sid:37607041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.116.107.155 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.116.107.155"; classtype:trojan-activity; sid:37591121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 109.224.34.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.224.34.225"; classtype:trojan-activity; sid:37591131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.45.182.152 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.45.182.152"; classtype:trojan-activity; sid:37591141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.22.189.214 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.22.189.214"; classtype:trojan-activity; sid:37607051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip $HOME_NET any -> 188.40.19.86 443 (msg: "MISP e26842 [Havoc,HETZNER-AS] Outgoing To IP: 188.40.19.86|443"; classtype:trojan-activity; sid:37561571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 198.235.24.79 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.79"; classtype:trojan-activity; sid:37579121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 80.85.241.43 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.85.241.43"; classtype:trojan-activity; sid:37607061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 93.95.143.110 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.95.143.110"; classtype:trojan-activity; sid:37591151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.151.225.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.225.225"; classtype:trojan-activity; sid:37591161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.144.245.15 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.144.245.15"; classtype:trojan-activity; sid:37607071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert dns any any -> any any (msg: "MISP e26839 [] Domain cuentapro-banestado.pages.dev"; dns.query; content:"cuentapro-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentapro\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37560561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26839;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26839 [] Outgoing HTTP Domain cuentapro-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cuentapro-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentapro\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37560562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26839;) alert ip 42.51.21.119 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.21.119"; classtype:trojan-activity; sid:37607081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.94.145.52 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.145.52"; classtype:trojan-activity; sid:37607091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 220.135.95.227 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.95.227"; classtype:trojan-activity; sid:37591171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 147.158.197.104 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.158.197.104"; classtype:trojan-activity; sid:37591181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.171.114 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.171.114"; classtype:trojan-activity; sid:37607101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.163.239.88 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.239.88"; classtype:trojan-activity; sid:37607111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.79.168.172 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.168.172"; classtype:trojan-activity; sid:37607121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 202.21.47.115 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.21.47.115"; classtype:trojan-activity; sid:37579131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 125.229.44.99 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.229.44.99"; classtype:trojan-activity; sid:37591191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.62.219 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.219"; classtype:trojan-activity; sid:37575021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 172.81.62.237 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.237"; classtype:trojan-activity; sid:37575031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 188.113.108.242 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.113.108.242"; classtype:trojan-activity; sid:37591201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.51.181 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.51.181"; classtype:trojan-activity; sid:37607131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.252 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.252"; classtype:trojan-activity; sid:37747561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip $HOME_NET any -> 105.108.32.227 993 (msg: "MISP e26842 [ALGTEL-AS,QakBot] Outgoing To IP: 105.108.32.227|993"; classtype:trojan-activity; sid:37561581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 162.243.143.53 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.143.53"; classtype:trojan-activity; sid:37747571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 181.94.223.41 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.94.223.41"; classtype:trojan-activity; sid:37607141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.43.123.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.123.18"; classtype:trojan-activity; sid:37607151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip $HOME_NET any -> 84.212.127.234 443 (msg: "MISP e26842 [GET-NO GET Norway,QakBot] Outgoing To IP: 84.212.127.234|443"; classtype:trojan-activity; sid:37561591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 103.159.52.64 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.159.52.64"; classtype:trojan-activity; sid:37607161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 65.49.1.30 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.49.1.30"; classtype:trojan-activity; sid:37607171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.223.53.187 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.223.53.187"; classtype:trojan-activity; sid:37579141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 221.217.55.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.217.55.180"; classtype:trojan-activity; sid:37591211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 60.163.232.212 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.163.232.212"; classtype:trojan-activity; sid:37591221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.243.142.48 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.142.48"; classtype:trojan-activity; sid:37747581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 175.110.10.118 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.110.10.118"; classtype:trojan-activity; sid:37575041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 182.112.11.118 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.112.11.118"; classtype:trojan-activity; sid:37591231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 72.107.60.7 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.107.60.7"; classtype:trojan-activity; sid:37591241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 31.173.64.112 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.173.64.112"; classtype:trojan-activity; sid:37591251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.17.117.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.17.117.150"; classtype:trojan-activity; sid:37591261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.106.91.152 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.106.91.152"; classtype:trojan-activity; sid:37591271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.156.16.237 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.16.237"; classtype:trojan-activity; sid:37607181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.142.82.135 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.82.135"; classtype:trojan-activity; sid:37607191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.94.138.52 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.52"; classtype:trojan-activity; sid:37747591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 198.235.24.99 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.99"; classtype:trojan-activity; sid:37607201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.94.138.35 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.35"; classtype:trojan-activity; sid:37579151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 24.128.147.10 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.128.147.10"; classtype:trojan-activity; sid:37607211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.47.85.241 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.85.241"; classtype:trojan-activity; sid:37591281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.156.192.15 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.192.15"; classtype:trojan-activity; sid:37607221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.14.107.122 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.14.107.122"; classtype:trojan-activity; sid:37591291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.248.133.187 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.187"; classtype:trojan-activity; sid:37607231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.58.164.84 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.164.84"; classtype:trojan-activity; sid:37579161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 31.131.24.206 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.131.24.206"; classtype:trojan-activity; sid:37607241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.32.116.25 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.116.25"; classtype:trojan-activity; sid:37579171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 120.48.64.252 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.64.252"; classtype:trojan-activity; sid:37579181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 167.71.254.138 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.254.138"; classtype:trojan-activity; sid:37607251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.0.132.48 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.0.132.48"; classtype:trojan-activity; sid:37575051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 125.25.163.140 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.25.163.140"; classtype:trojan-activity; sid:37591301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.119.220.58 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.119.220.58"; classtype:trojan-activity; sid:37591311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.183.233 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.183.233"; classtype:trojan-activity; sid:37607261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 181.101.14.233 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.101.14.233"; classtype:trojan-activity; sid:37591321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 41.44.123.49 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.44.123.49"; classtype:trojan-activity; sid:37591331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 212.64.29.26 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.64.29.26"; classtype:trojan-activity; sid:37607271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.26.24.5 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.26.24.5"; classtype:trojan-activity; sid:37591341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.91.181.235 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.91.181.235"; classtype:trojan-activity; sid:37607281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.226.248.146 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.226.248.146"; classtype:trojan-activity; sid:37607291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.221.235.137 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.221.235.137"; classtype:trojan-activity; sid:37591351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.210.31.216 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.216"; classtype:trojan-activity; sid:37579191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 202.75.28.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.75.28.193"; classtype:trojan-activity; sid:37591361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 128.14.173.91 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.14.173.91"; classtype:trojan-activity; sid:37607301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 39.41.170.112 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.41.170.112"; classtype:trojan-activity; sid:37575061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 129.226.152.106 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.152.106"; classtype:trojan-activity; sid:37607311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 85.221.48.114 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.221.48.114"; classtype:trojan-activity; sid:37607321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.226.61.206 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.226.61.206"; classtype:trojan-activity; sid:37591371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.86.209.118 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.86.209.118"; classtype:trojan-activity; sid:37607331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 138.68.105.55 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.105.55"; classtype:trojan-activity; sid:37607341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.251.80.194 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.251.80.194"; classtype:trojan-activity; sid:37607351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip $HOME_NET any -> 84.212.127.234 443 (msg: "MISP e27167 [] Outgoing To IP: 84.212.127.234|443"; classtype:trojan-activity; sid:37853831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 105.108.32.227 993 (msg: "MISP e27167 [] Outgoing To IP: 105.108.32.227|993"; classtype:trojan-activity; sid:37853841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 188.40.19.86 443 (msg: "MISP e27167 [] Outgoing To IP: 188.40.19.86|443"; classtype:trojan-activity; sid:37853851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 64.227.179.34 40056 (msg: "MISP e27167 [] Outgoing To IP: 64.227.179.34|40056"; classtype:trojan-activity; sid:37853861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 216.146.26.94 443 (msg: "MISP e27167 [] Outgoing To IP: 216.146.26.94|443"; classtype:trojan-activity; sid:37853871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 216.146.26.94 80 (msg: "MISP e27167 [] Outgoing To IP: 216.146.26.94|80"; classtype:trojan-activity; sid:37853881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 172.104.53.129 10002 (msg: "MISP e27167 [] Outgoing To IP: 172.104.53.129|10002"; classtype:trojan-activity; sid:37853891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 42.2.112.129 32002 (msg: "MISP e27167 [] Outgoing To IP: 42.2.112.129|32002"; classtype:trojan-activity; sid:37853901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 39.110.54.251 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.110.54.251"; classtype:trojan-activity; sid:37591381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.211.5.86 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.211.5.86"; classtype:trojan-activity; sid:37591391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 192.241.197.51 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.197.51"; classtype:trojan-activity; sid:37607361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.200.78.78 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.200.78.78"; classtype:trojan-activity; sid:37607371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.42.135.203 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.135.203"; classtype:trojan-activity; sid:37607381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.96.169.74 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.169.74"; classtype:trojan-activity; sid:37579201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 106.58.165.88 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.165.88"; classtype:trojan-activity; sid:37579211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 128.14.153.206 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.14.153.206"; classtype:trojan-activity; sid:37607391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.35.214.133 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.214.133"; classtype:trojan-activity; sid:37747601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 185.209.161.107 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.209.161.107"; classtype:trojan-activity; sid:37607401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.156.72.20 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.156.72.20"; classtype:trojan-activity; sid:37575071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 38.7.199.158 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.199.158"; classtype:trojan-activity; sid:37607411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert dns any any -> any any (msg: "MISP e26840 [] Domain cuentapro-banestado.pages.dev"; dns.query; content:"cuentapro-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentapro\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37560641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26840;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26840 [] Outgoing HTTP Domain cuentapro-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cuentapro-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentapro\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37560642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26840;) alert ip 39.68.249.194 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.68.249.194"; classtype:trojan-activity; sid:37591401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.101.192.62 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.101.192.62"; classtype:trojan-activity; sid:37607421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.223.249.206 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.223.249.206"; classtype:trojan-activity; sid:37607431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip $HOME_NET any -> 193.161.193.99 20543 (msg: "MISP e26842 [njrat] Outgoing To IP: 193.161.193.99|20543"; classtype:trojan-activity; sid:37561601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 2.140.136.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.140.136.88"; classtype:trojan-activity; sid:37591411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.95.187.109 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.95.187.109"; classtype:trojan-activity; sid:37591421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 88.86.220.69 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.86.220.69"; classtype:trojan-activity; sid:37591431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.49.67 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.49.67"; classtype:trojan-activity; sid:37607441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 115.206.46.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.206.46.74"; classtype:trojan-activity; sid:37591441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.62.204 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.204"; classtype:trojan-activity; sid:37575081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 223.151.72.43 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.72.43"; classtype:trojan-activity; sid:37591451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.145.159.236 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.145.159.236"; classtype:trojan-activity; sid:37591461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 60.161.27.94 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.161.27.94"; classtype:trojan-activity; sid:37591471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.30.80.61 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.80.61"; classtype:trojan-activity; sid:37591481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 84.77.102.224 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.77.102.224"; classtype:trojan-activity; sid:37591491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.152.52.237 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.152.52.237"; classtype:trojan-activity; sid:37607451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip $HOME_NET any -> 193.161.193.99 20543 (msg: "MISP e27167 [] Outgoing To IP: 193.161.193.99|20543"; classtype:trojan-activity; sid:37853911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 223.15.20.248 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.15.20.248"; classtype:trojan-activity; sid:37591501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.66.202.15 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.66.202.15"; classtype:trojan-activity; sid:37591511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.199.145.118 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.199.145.118"; classtype:trojan-activity; sid:37591521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 187.148.216.240 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.148.216.240"; classtype:trojan-activity; sid:37591531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.132.51.76 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.132.51.76"; classtype:trojan-activity; sid:37591541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.118.82.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.118.82.181"; classtype:trojan-activity; sid:37591551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 219.86.240.113 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.86.240.113"; classtype:trojan-activity; sid:37591561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.17.146.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.17.146.53"; classtype:trojan-activity; sid:37591571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 31.220.1.83 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.220.1.83"; classtype:trojan-activity; sid:37591581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 63.47.116.72 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 63.47.116.72"; classtype:trojan-activity; sid:37591591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.178.13.33 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.178.13.33"; classtype:trojan-activity; sid:37591601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.50.133.215 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.50.133.215"; classtype:trojan-activity; sid:37591611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.243.133.127 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.243.133.127"; classtype:trojan-activity; sid:37591621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.42.20.66 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.20.66"; classtype:trojan-activity; sid:37591631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.100.58.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.58.82"; classtype:trojan-activity; sid:37591641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.18.138.69 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.18.138.69"; classtype:trojan-activity; sid:37591651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 88.247.185.86 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.247.185.86"; classtype:trojan-activity; sid:37591661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.43.61.227 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.43.61.227"; classtype:trojan-activity; sid:37575091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.193 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.193"; classtype:trojan-activity; sid:37579221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 146.70.186.166 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.166"; classtype:trojan-activity; sid:37575101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 104.250.34.194 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.34.194"; classtype:trojan-activity; sid:37607461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.36.106.86 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.36.106.86"; classtype:trojan-activity; sid:37575111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 124.223.81.112 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.81.112"; classtype:trojan-activity; sid:37575121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.251.233.106 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.251.233.106"; classtype:trojan-activity; sid:37575131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 101.43.148.206 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.148.206"; classtype:trojan-activity; sid:37607471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.126.44.124 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.44.124"; classtype:trojan-activity; sid:37607481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 94.155.35.240 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.155.35.240"; classtype:trojan-activity; sid:37607491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 96.85.55.234 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.85.55.234"; classtype:trojan-activity; sid:37591671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.190.156.209 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.190.156.209"; classtype:trojan-activity; sid:37591681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 93.84.86.104 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.84.86.104"; classtype:trojan-activity; sid:37591691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.238.46.126 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.238.46.126"; classtype:trojan-activity; sid:37591701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.62.181 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.181"; classtype:trojan-activity; sid:37575141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 175.203.118.149 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.203.118.149"; classtype:trojan-activity; sid:37607501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 41.212.46.42 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.212.46.42"; classtype:trojan-activity; sid:37591711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.194.232.189 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.232.189"; classtype:trojan-activity; sid:37607511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.11.61.88 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.11.61.88"; classtype:trojan-activity; sid:37607521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.93.184.98 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.93.184.98"; classtype:trojan-activity; sid:37591721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 13.76.162.49 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.76.162.49"; classtype:trojan-activity; sid:37607531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 120.48.66.167 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.66.167"; classtype:trojan-activity; sid:37607541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.220.206.49 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.206.49"; classtype:trojan-activity; sid:37607551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.146.226 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.146.226"; classtype:trojan-activity; sid:37607561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.108 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.108"; classtype:trojan-activity; sid:37579231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 168.126.4.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.126.4.93"; classtype:trojan-activity; sid:37607571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.92.0.51 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.51"; classtype:trojan-activity; sid:37607581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.176.141 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.176.141"; classtype:trojan-activity; sid:37607591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.92.0.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.45"; classtype:trojan-activity; sid:37607601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.2.169.123 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.2.169.123"; classtype:trojan-activity; sid:37591731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.210.31.155 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.155"; classtype:trojan-activity; sid:37607611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.123.70.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.123.70.130"; classtype:trojan-activity; sid:37591741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.109.202.127 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.109.202.127"; classtype:trojan-activity; sid:37607621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.92.0.28 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.28"; classtype:trojan-activity; sid:37607631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.92.0.33 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.33"; classtype:trojan-activity; sid:37607641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.251.75.64 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.251.75.64"; classtype:trojan-activity; sid:37579241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 119.184.9.22 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.184.9.22"; classtype:trojan-activity; sid:37591751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 62.122.184.252 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.122.184.252"; classtype:trojan-activity; sid:37607651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.92.0.43 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.43"; classtype:trojan-activity; sid:37607661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.177.107.177 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.177.107.177"; classtype:trojan-activity; sid:37591761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.0.194.43 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.0.194.43"; classtype:trojan-activity; sid:37607671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 79.175.189.34 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.175.189.34"; classtype:trojan-activity; sid:37607681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.51.31 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.51.31"; classtype:trojan-activity; sid:37607691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.1.152 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.1.152"; classtype:trojan-activity; sid:37607701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.116.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.116.2"; classtype:trojan-activity; sid:37607711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.163.198.121 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.198.121"; classtype:trojan-activity; sid:37607721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.167.96.150 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.167.96.150"; classtype:trojan-activity; sid:37579251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.180.143.148 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.180.143.148"; classtype:trojan-activity; sid:37579261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.91.222.100 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.91.222.100"; classtype:trojan-activity; sid:37579271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 76.232.83.1 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.232.83.1"; classtype:trojan-activity; sid:37591771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.234.218.57 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.218.57"; classtype:trojan-activity; sid:37607731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 189.36.218.10 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.36.218.10"; classtype:trojan-activity; sid:37591781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.132.143.108 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.132.143.108"; classtype:trojan-activity; sid:37575151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 172.81.62.240 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.240"; classtype:trojan-activity; sid:37575161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.208 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.208"; classtype:trojan-activity; sid:37579281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.195.9.222 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.195.9.222"; classtype:trojan-activity; sid:37591791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.14.166.15 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.14.166.15"; classtype:trojan-activity; sid:37575171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.13.238.3 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.238.3"; classtype:trojan-activity; sid:37575181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.54.49.128 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.49.128"; classtype:trojan-activity; sid:37607741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.114.168.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.114.168.244"; classtype:trojan-activity; sid:37607751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.55.7.207 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.7.207"; classtype:trojan-activity; sid:37575191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.155.162.33 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.162.33"; classtype:trojan-activity; sid:37607761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.229.17.21 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.17.21"; classtype:trojan-activity; sid:37575201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 118.104.163.196 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.104.163.196"; classtype:trojan-activity; sid:37591801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.196 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.196"; classtype:trojan-activity; sid:37579291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 88.204.58.208 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.204.58.208"; classtype:trojan-activity; sid:37591811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.33.224.239 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.33.224.239"; classtype:trojan-activity; sid:37575211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 114.178.76.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.178.76.17"; classtype:trojan-activity; sid:37591821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.29.231.106 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.29.231.106"; classtype:trojan-activity; sid:37591831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.132.234.155 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.234.155"; classtype:trojan-activity; sid:37575221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 2.57.149.186 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.57.149.186"; classtype:trojan-activity; sid:37579301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 104.236.1.59 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.1.59"; classtype:trojan-activity; sid:37575231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 104.131.144.28 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.144.28"; classtype:trojan-activity; sid:37579311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 120.76.177.200 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.76.177.200"; classtype:trojan-activity; sid:37575241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 120.27.245.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.27.245.169"; classtype:trojan-activity; sid:37607771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 120.24.22.74 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.24.22.74"; classtype:trojan-activity; sid:37575251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 61.36.4.92 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.36.4.92"; classtype:trojan-activity; sid:37591841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.40.214.119 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.214.119"; classtype:trojan-activity; sid:37575261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.217 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.217"; classtype:trojan-activity; sid:37579321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.6 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.6"; classtype:trojan-activity; sid:37747611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 106.53.74.140 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.74.140"; classtype:trojan-activity; sid:37575271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 221.231.111.186 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.231.111.186"; classtype:trojan-activity; sid:37591851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.207.72.60 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.72.60"; classtype:trojan-activity; sid:37575281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 119.100.116.208 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.100.116.208"; classtype:trojan-activity; sid:37591861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.222.62.173 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.62.173"; classtype:trojan-activity; sid:37575291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 114.132.160.92 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.160.92"; classtype:trojan-activity; sid:37575301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.146.181.82 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.146.181.82"; classtype:trojan-activity; sid:37575311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.14.159.51 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.14.159.51"; classtype:trojan-activity; sid:37575321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 71.6.134.233 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.6.134.233"; classtype:trojan-activity; sid:37607781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.128.251.66 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.128.251.66"; classtype:trojan-activity; sid:37575331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 119.23.66.198 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.23.66.198"; classtype:trojan-activity; sid:37575341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 146.70.186.140 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.140"; classtype:trojan-activity; sid:37575351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 120.79.34.147 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.79.34.147"; classtype:trojan-activity; sid:37575361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 111.229.154.12 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.154.12"; classtype:trojan-activity; sid:37575371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.13.14.77 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.14.77"; classtype:trojan-activity; sid:37607791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 138.199.40.180 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.199.40.180"; classtype:trojan-activity; sid:37575381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 74.199.43.123 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.199.43.123"; classtype:trojan-activity; sid:37591871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.55.167.100 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.55.167.100"; classtype:trojan-activity; sid:37575391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 113.162.13.11 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.162.13.11"; classtype:trojan-activity; sid:37591881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.23.105.190 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.23.105.190"; classtype:trojan-activity; sid:37575401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 164.92.124.114 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.124.114"; classtype:trojan-activity; sid:37575411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 113.26.82.26 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.26.82.26"; classtype:trojan-activity; sid:37591891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 199.195.254.71 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 199.195.254.71"; classtype:trojan-activity; sid:37607801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.30.110.91 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.110.91"; classtype:trojan-activity; sid:37591901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.239.123.156 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.239.123.156"; classtype:trojan-activity; sid:37591911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.207.59.41 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.59.41"; classtype:trojan-activity; sid:37575421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 218.201.12.153 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.201.12.153"; classtype:trojan-activity; sid:37591921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.55.64.33 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.55.64.33"; classtype:trojan-activity; sid:37575431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 221.194.132.82 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.194.132.82"; classtype:trojan-activity; sid:37575451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.154.90.94 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.90.94"; classtype:trojan-activity; sid:37607811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.26.86.79 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.26.86.79"; classtype:trojan-activity; sid:37591931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 37.46.115.28 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.46.115.28"; classtype:trojan-activity; sid:37575461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 128.199.8.178 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.8.178"; classtype:trojan-activity; sid:37575471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 222.109.88.91 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.109.88.91"; classtype:trojan-activity; sid:37591941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.109.18.84 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.18.84"; classtype:trojan-activity; sid:37575481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.40.172.15 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.172.15"; classtype:trojan-activity; sid:37575491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 218.0.49.30 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.0.49.30"; classtype:trojan-activity; sid:37575501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 84.17.35.79 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.79"; classtype:trojan-activity; sid:37575511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.78.164.164 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.78.164.164"; classtype:trojan-activity; sid:37607821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.221.40.178 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.40.178"; classtype:trojan-activity; sid:37575521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.138 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.138"; classtype:trojan-activity; sid:37747621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 146.190.56.62 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.56.62"; classtype:trojan-activity; sid:37575531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 84.17.35.67 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.67"; classtype:trojan-activity; sid:37575541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.130 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.130"; classtype:trojan-activity; sid:37747631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 172.81.62.185 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.185"; classtype:trojan-activity; sid:37575551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 139.144.185.46 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.144.185.46"; classtype:trojan-activity; sid:37579331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 198.199.117.57 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.117.57"; classtype:trojan-activity; sid:37607831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.10.227.83 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.10.227.83"; classtype:trojan-activity; sid:37591951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.93.130.242 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.130.242"; classtype:trojan-activity; sid:37575561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 219.157.11.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.157.11.51"; classtype:trojan-activity; sid:37591961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.166.132.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.166.132.247"; classtype:trojan-activity; sid:37591971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.246.58.171 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.246.58.171"; classtype:trojan-activity; sid:37575571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 84.54.51.37 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.54.51.37"; classtype:trojan-activity; sid:37591981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.53.149.7 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.149.7"; classtype:trojan-activity; sid:37591991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 78.110.65.153 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.110.65.153"; classtype:trojan-activity; sid:37592001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.57.197.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.57.197.193"; classtype:trojan-activity; sid:37592011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.67.197.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.67.197.53"; classtype:trojan-activity; sid:37592021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.160.153.248 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.160.153.248"; classtype:trojan-activity; sid:37592031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 129.226.212.210 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.212.210"; classtype:trojan-activity; sid:37607841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 150.109.18.58 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.18.58"; classtype:trojan-activity; sid:37607851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 2.84.167.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.84.167.107"; classtype:trojan-activity; sid:37592041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 177.12.181.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.12.181.3"; classtype:trojan-activity; sid:37592051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.42.214.20 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.42.214.20"; classtype:trojan-activity; sid:37607861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26842 [smokeloader] Outgoing URL http|3a|//kamsmad.com/tmp/index.php"; flow:to_server,established; http.header; content:"kamsmad.com"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37561611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26842 [smokeloader] Outgoing URL http|3a|//souzhensil.ru/tmp/index.php"; flow:to_server,established; http.header; content:"souzhensil.ru"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37561621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26842 [smokeloader] Outgoing URL http|3a|//teplokub.com.ua/tmp/index.php"; flow:to_server,established; http.header; content:"teplokub.com.ua"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37561631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 43.131.13.102 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.13.102"; classtype:trojan-activity; sid:37607871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.251.197.238 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.251.197.238"; classtype:trojan-activity; sid:37607881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert dns any any -> any any (msg: "MISP e26842 [8220-Gang] Domain fbi.su1001-2.top"; dns.query; content:"fbi.su1001-2.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])fbi\.su1001\-2\.top$/i"; classtype:trojan-activity; sid:37561641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [8220-Gang] Outgoing HTTP Domain fbi.su1001-2.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fbi.su1001-2.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fbi\.su1001\-2\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [8220-Gang] Domain dw.bpdeliver.ru"; dns.query; content:"dw.bpdeliver.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])dw\.bpdeliver\.ru$/i"; classtype:trojan-activity; sid:37561651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [8220-Gang] Outgoing HTTP Domain dw.bpdeliver.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dw.bpdeliver.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dw\.bpdeliver\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [8220-Gang] Domain jira.letmaker.top"; dns.query; content:"jira.letmaker.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])jira\.letmaker\.top$/i"; classtype:trojan-activity; sid:37561661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [8220-Gang] Outgoing HTTP Domain jira.letmaker.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jira.letmaker.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jira\.letmaker\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [8220-Gang] Domain work.onlypirate.top"; dns.query; content:"work.onlypirate.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])work\.onlypirate\.top$/i"; classtype:trojan-activity; sid:37561671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [8220-Gang] Outgoing HTTP Domain work.onlypirate.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"work.onlypirate.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])work\.onlypirate\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [8220-Gang] Domain a.oracleservice.top"; dns.query; content:"a.oracleservice.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])a\.oracleservice\.top$/i"; classtype:trojan-activity; sid:37561681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [8220-Gang] Outgoing HTTP Domain a.oracleservice.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"a.oracleservice.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])a\.oracleservice\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [8220-Gang] Domain b.oracleservice.top"; dns.query; content:"b.oracleservice.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])b\.oracleservice\.top$/i"; classtype:trojan-activity; sid:37561691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [8220-Gang] Outgoing HTTP Domain b.oracleservice.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"b.oracleservice.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])b\.oracleservice\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [8220-Gang] Domain pwn.oracleservice.top"; dns.query; content:"pwn.oracleservice.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])pwn\.oracleservice\.top$/i"; classtype:trojan-activity; sid:37561701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [8220-Gang] Outgoing HTTP Domain pwn.oracleservice.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pwn.oracleservice.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pwn\.oracleservice\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [8220-Gang] Domain c4k-ircd.pwndns.pw"; dns.query; content:"c4k-ircd.pwndns.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])c4k\-ircd\.pwndns\.pw$/i"; classtype:trojan-activity; sid:37561711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [8220-Gang] Outgoing HTTP Domain c4k-ircd.pwndns.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c4k-ircd.pwndns.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c4k\-ircd\.pwndns\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27167 [] Outgoing URL http|3a|//teplokub.com.ua/tmp/index.php"; flow:to_server,established; http.header; content:"teplokub.com.ua"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27167 [] Outgoing URL http|3a|//kamsmad.com/tmp/index.php"; flow:to_server,established; http.header; content:"kamsmad.com"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27167 [] Outgoing URL http|3a|//souzhensil.ru/tmp/index.php"; flow:to_server,established; http.header; content:"souzhensil.ru"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 87.236.176.239 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.239"; classtype:trojan-activity; sid:37579341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 14.225.207.84 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.225.207.84"; classtype:trojan-activity; sid:37607891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.56.143 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.56.143"; classtype:trojan-activity; sid:37607901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.236.68.209 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.68.209"; classtype:trojan-activity; sid:37607911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.151.231.188 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.231.188"; classtype:trojan-activity; sid:37592061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.136.84.250 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.84.250"; classtype:trojan-activity; sid:37607921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.241 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.241"; classtype:trojan-activity; sid:37579351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 142.93.220.205 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.220.205"; classtype:trojan-activity; sid:37607931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.13.215.150 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.215.150"; classtype:trojan-activity; sid:37607941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.47.194.154 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.47.194.154"; classtype:trojan-activity; sid:37575581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 142.202.189.46 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.202.189.46"; classtype:trojan-activity; sid:37575591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 172.81.62.118 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.118"; classtype:trojan-activity; sid:37575601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 138.68.208.30 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.208.30"; classtype:trojan-activity; sid:37747641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 112.86.222.238 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.86.222.238"; classtype:trojan-activity; sid:37607951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.42.214.227 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.214.227"; classtype:trojan-activity; sid:37607961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 192.241.231.51 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.231.51"; classtype:trojan-activity; sid:37607971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 2.57.122.127 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.57.122.127"; classtype:trojan-activity; sid:37607981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 67.139.77.11 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 67.139.77.11"; classtype:trojan-activity; sid:37592071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 76.217.49.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.217.49.75"; classtype:trojan-activity; sid:37592081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.17.35.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.17.35.193"; classtype:trojan-activity; sid:37592091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.170.144.3 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.170.144.3"; classtype:trojan-activity; sid:37579361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.180.143.169 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.180.143.169"; classtype:trojan-activity; sid:37579371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.197 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.197"; classtype:trojan-activity; sid:37579381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.110.228.254 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.110.228.254"; classtype:trojan-activity; sid:37607991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.14.123.114 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.14.123.114"; classtype:trojan-activity; sid:37575611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 218.92.0.40 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.40"; classtype:trojan-activity; sid:37608001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.163.219.236 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.219.236"; classtype:trojan-activity; sid:37608011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.30 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.30"; classtype:trojan-activity; sid:37747651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 218.92.0.59 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.59"; classtype:trojan-activity; sid:37608021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.132.168.95 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.168.95"; classtype:trojan-activity; sid:37575621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.210 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.210"; classtype:trojan-activity; sid:37579391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 218.92.0.52 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.52"; classtype:trojan-activity; sid:37608031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 193.201.9.48 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.201.9.48"; classtype:trojan-activity; sid:37579401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 218.92.0.55 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.0.55"; classtype:trojan-activity; sid:37608041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 120.78.173.72 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.78.173.72"; classtype:trojan-activity; sid:37575631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.13.20.9 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.20.9"; classtype:trojan-activity; sid:37575641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.55.23.115 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.23.115"; classtype:trojan-activity; sid:37575651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 124.223.73.187 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.73.187"; classtype:trojan-activity; sid:37575661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.33 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.33"; classtype:trojan-activity; sid:37747661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 113.133.179.149 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.133.179.149"; classtype:trojan-activity; sid:37575671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 118.193.38.43 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.38.43"; classtype:trojan-activity; sid:37575681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 202.39.38.71 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.39.38.71"; classtype:trojan-activity; sid:37575691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.41.224.198 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.41.224.198"; classtype:trojan-activity; sid:37575701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.58.208.39 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.208.39"; classtype:trojan-activity; sid:37575711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.184 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.184"; classtype:trojan-activity; sid:37579411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 121.41.81.220 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.41.81.220"; classtype:trojan-activity; sid:37747671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 120.78.167.139 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.78.167.139"; classtype:trojan-activity; sid:37575721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.14.151.105 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.14.151.105"; classtype:trojan-activity; sid:37575731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 119.188.169.9 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.188.169.9"; classtype:trojan-activity; sid:37575741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 146.70.186.148 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.148"; classtype:trojan-activity; sid:37575751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 114.132.71.92 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.71.92"; classtype:trojan-activity; sid:37575761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.15.55.235 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.15.55.235"; classtype:trojan-activity; sid:37575771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 124.223.113.15 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.113.15"; classtype:trojan-activity; sid:37575781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 120.78.68.176 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.78.68.176"; classtype:trojan-activity; sid:37575791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 185.74.238.167 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.74.238.167"; classtype:trojan-activity; sid:37575801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 117.4.139.147 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.4.139.147"; classtype:trojan-activity; sid:37575811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 58.251.34.66 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.251.34.66"; classtype:trojan-activity; sid:37575821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 146.70.186.206 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.206"; classtype:trojan-activity; sid:37575831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 128.199.11.157 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.11.157"; classtype:trojan-activity; sid:37575841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.196.226.220 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.196.226.220"; classtype:trojan-activity; sid:37575851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.5 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.5"; classtype:trojan-activity; sid:37747681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 58.73.68.168 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.73.68.168"; classtype:trojan-activity; sid:37575861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 203.113.38.227 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.113.38.227"; classtype:trojan-activity; sid:37575871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 84.22.44.198 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.22.44.198"; classtype:trojan-activity; sid:37575881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.8 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.8"; classtype:trojan-activity; sid:37747691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 146.190.52.233 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.52.233"; classtype:trojan-activity; sid:37575891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.111 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.111"; classtype:trojan-activity; sid:37747701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 167.94.145.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.145.54"; classtype:trojan-activity; sid:37592101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.227.117.67 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.227.117.67"; classtype:trojan-activity; sid:37592111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.206.52.148 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.206.52.148"; classtype:trojan-activity; sid:37592121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 181.17.179.106 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.17.179.106"; classtype:trojan-activity; sid:37592131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.138.248.95 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.138.248.95"; classtype:trojan-activity; sid:37575901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.116.1.182 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.116.1.182"; classtype:trojan-activity; sid:37592141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.13.80.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.13.80.197"; classtype:trojan-activity; sid:37592151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 39.130.142.71 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.130.142.71"; classtype:trojan-activity; sid:37608051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.229.202.203 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.202.203"; classtype:trojan-activity; sid:37608061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.117 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.117"; classtype:trojan-activity; sid:37747711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 210.61.49.131 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.61.49.131"; classtype:trojan-activity; sid:37575911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.99 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.99"; classtype:trojan-activity; sid:37579421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.126 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.126"; classtype:trojan-activity; sid:37747721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.236.176.11 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.11"; classtype:trojan-activity; sid:37747731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 120.48.133.5 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.133.5"; classtype:trojan-activity; sid:37608071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.203.197.123 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.203.197.123"; classtype:trojan-activity; sid:37608081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.33.97.119 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.33.97.119"; classtype:trojan-activity; sid:37608091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.94.172.243 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.94.172.243"; classtype:trojan-activity; sid:37592161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.110.11.146 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.110.11.146"; classtype:trojan-activity; sid:37575921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.131.35.5 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.35.5"; classtype:trojan-activity; sid:37608101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.29.145.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.29.145.54"; classtype:trojan-activity; sid:37592171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.91.24.33 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.91.24.33"; classtype:trojan-activity; sid:37592181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.246.94.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.246.94.60"; classtype:trojan-activity; sid:37592191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.185.221.147 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.185.221.147"; classtype:trojan-activity; sid:37592201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.15.122 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.15.122"; classtype:trojan-activity; sid:37608111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.149.42.224 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.149.42.224"; classtype:trojan-activity; sid:37592211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.133.112.167 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.112.167"; classtype:trojan-activity; sid:37608121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.170.144.113 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.170.144.113"; classtype:trojan-activity; sid:37579431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 124.221.235.81 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.235.81"; classtype:trojan-activity; sid:37608131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.117.206.89 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.206.89"; classtype:trojan-activity; sid:37592221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.154.44.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.154.44.154"; classtype:trojan-activity; sid:37592231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.163.68.86 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.163.68.86"; classtype:trojan-activity; sid:37592241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.158.138.12 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.138.12"; classtype:trojan-activity; sid:37608141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 79.124.60.242 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.124.60.242"; classtype:trojan-activity; sid:37575931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 120.92.84.211 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.92.84.211"; classtype:trojan-activity; sid:37608151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.207.48.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.48.18"; classtype:trojan-activity; sid:37608161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 14.103.41.239 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.41.239"; classtype:trojan-activity; sid:37608171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.80.222.61 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.80.222.61"; classtype:trojan-activity; sid:37592251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.239.107.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.107.231"; classtype:trojan-activity; sid:37592261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert dns any any -> any any (msg: "MISP e27167 [] Domain fbi.su1001-2.top"; dns.query; content:"fbi.su1001-2.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])fbi\.su1001\-2\.top$/i"; classtype:trojan-activity; sid:37853951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain fbi.su1001-2.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fbi.su1001-2.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fbi\.su1001\-2\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain dw.bpdeliver.ru"; dns.query; content:"dw.bpdeliver.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])dw\.bpdeliver\.ru$/i"; classtype:trojan-activity; sid:37853961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain dw.bpdeliver.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dw.bpdeliver.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dw\.bpdeliver\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain jira.letmaker.top"; dns.query; content:"jira.letmaker.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])jira\.letmaker\.top$/i"; classtype:trojan-activity; sid:37853971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain jira.letmaker.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jira.letmaker.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jira\.letmaker\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain work.onlypirate.top"; dns.query; content:"work.onlypirate.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])work\.onlypirate\.top$/i"; classtype:trojan-activity; sid:37853981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain work.onlypirate.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"work.onlypirate.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])work\.onlypirate\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain a.oracleservice.top"; dns.query; content:"a.oracleservice.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])a\.oracleservice\.top$/i"; classtype:trojan-activity; sid:37853991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain a.oracleservice.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"a.oracleservice.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])a\.oracleservice\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37853992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain pwn.oracleservice.top"; dns.query; content:"pwn.oracleservice.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])pwn\.oracleservice\.top$/i"; classtype:trojan-activity; sid:37854011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain pwn.oracleservice.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pwn.oracleservice.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pwn\.oracleservice\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain c4k-ircd.pwndns.pw"; dns.query; content:"c4k-ircd.pwndns.pw"; nocase; pcre: "/(^|[^A-Za-z0-9-])c4k\-ircd\.pwndns\.pw$/i"; classtype:trojan-activity; sid:37854021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain c4k-ircd.pwndns.pw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c4k-ircd.pwndns.pw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c4k\-ircd\.pwndns\.pw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 188.235.5.40 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.235.5.40"; classtype:trojan-activity; sid:37575941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 182.247.148.170 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.247.148.170"; classtype:trojan-activity; sid:37592271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.27.34.197 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.27.34.197"; classtype:trojan-activity; sid:37608181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 221.225.139.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.225.139.60"; classtype:trojan-activity; sid:37592281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.234.187.36 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.234.187.36"; classtype:trojan-activity; sid:37592291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.41.207.245 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.41.207.245"; classtype:trojan-activity; sid:37592301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.146.215.40 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.146.215.40"; classtype:trojan-activity; sid:37608191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.100.28.112 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.100.28.112"; classtype:trojan-activity; sid:37747741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip $HOME_NET any -> 147.185.221.18 43519 (msg: "MISP e26842 [njrat,RAT] Outgoing To IP: 147.185.221.18|43519"; classtype:trojan-activity; sid:37561721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [njrat,RAT] Domain male-stephen.gl.at.ply.gg"; dns.query; content:"male-stephen.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])male\-stephen\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37561731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [njrat,RAT] Outgoing HTTP Domain male-stephen.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"male-stephen.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])male\-stephen\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [Tsunami] Domain dw.c4kdeliver.top"; dns.query; content:"dw.c4kdeliver.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])dw\.c4kdeliver\.top$/i"; classtype:trojan-activity; sid:37561741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [Tsunami] Outgoing HTTP Domain dw.c4kdeliver.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dw.c4kdeliver.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dw\.c4kdeliver\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 60.8.95.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.8.95.82"; classtype:trojan-activity; sid:37592311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.62.246 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.246"; classtype:trojan-activity; sid:37575951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 114.239.129.210 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.129.210"; classtype:trojan-activity; sid:37592321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.232.45.196 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.232.45.196"; classtype:trojan-activity; sid:37592331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.184.199.12 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.184.199.12"; classtype:trojan-activity; sid:37608201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.54.69.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.54.69.53"; classtype:trojan-activity; sid:37592341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 157.245.56.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.56.18"; classtype:trojan-activity; sid:37608211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.122.204.179 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.122.204.179"; classtype:trojan-activity; sid:37608221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.161.248.87 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.161.248.87"; classtype:trojan-activity; sid:37608231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert dns any any -> any any (msg: "MISP e27167 [] Domain dw.c4kdeliver.top"; dns.query; content:"dw.c4kdeliver.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])dw\.c4kdeliver\.top$/i"; classtype:trojan-activity; sid:37854031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain dw.c4kdeliver.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dw.c4kdeliver.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dw\.c4kdeliver\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain male-stephen.gl.at.ply.gg"; dns.query; content:"male-stephen.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])male\-stephen\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37854041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain male-stephen.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"male-stephen.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])male\-stephen\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 147.185.221.18 43519 (msg: "MISP e27167 [] Outgoing To IP: 147.185.221.18|43519"; classtype:trojan-activity; sid:37854051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 118.0.154.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.0.154.107"; classtype:trojan-activity; sid:37592351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.233.177.151 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.177.151"; classtype:trojan-activity; sid:37592361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.216.82.111 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.216.82.111"; classtype:trojan-activity; sid:37592371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.0.246.15 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.0.246.15"; classtype:trojan-activity; sid:37592381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.194.229.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.194.229.62"; classtype:trojan-activity; sid:37592391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.66.76.80 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.76.80"; classtype:trojan-activity; sid:37608241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.100.121.108 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.100.121.108"; classtype:trojan-activity; sid:37592401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.31.184.192 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.31.184.192"; classtype:trojan-activity; sid:37592411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.237.10.73 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.237.10.73"; classtype:trojan-activity; sid:37592421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.18.189.240 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.18.189.240"; classtype:trojan-activity; sid:37592431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.14.94.232 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.14.94.232"; classtype:trojan-activity; sid:37592441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.116.72.30 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.116.72.30"; classtype:trojan-activity; sid:37592451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 85.209.11.254 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.209.11.254"; classtype:trojan-activity; sid:37608251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.9.116.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.9.116.154"; classtype:trojan-activity; sid:37592461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.143.208.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.143.208.53"; classtype:trojan-activity; sid:37592471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.165.152.121 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.165.152.121"; classtype:trojan-activity; sid:37592481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 156.219.20.19 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.219.20.19"; classtype:trojan-activity; sid:37592491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.41.129.175 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.41.129.175"; classtype:trojan-activity; sid:37592501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.122.237.207 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.122.237.207"; classtype:trojan-activity; sid:37592511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.147.239.46 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.147.239.46"; classtype:trojan-activity; sid:37592521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.229.246.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.229.246.197"; classtype:trojan-activity; sid:37592531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.104.233.126 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.104.233.126"; classtype:trojan-activity; sid:37592541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 211.218.96.40 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.218.96.40"; classtype:trojan-activity; sid:37592551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 200.44.202.167 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.44.202.167"; classtype:trojan-activity; sid:37592561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 63.47.120.241 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 63.47.120.241"; classtype:trojan-activity; sid:37592571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.89.37.11 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.89.37.11"; classtype:trojan-activity; sid:37592581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.134.212.85 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.134.212.85"; classtype:trojan-activity; sid:37608261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.172.117.172 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.172.117.172"; classtype:trojan-activity; sid:37592591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.248.133.52 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.52"; classtype:trojan-activity; sid:37747751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 47.245.102.73 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.245.102.73"; classtype:trojan-activity; sid:37747761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 101.52.251.167 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.52.251.167"; classtype:trojan-activity; sid:37575961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 1.117.34.174 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.34.174"; classtype:trojan-activity; sid:37608271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.128.209.102 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.209.102"; classtype:trojan-activity; sid:37608281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 80.66.76.149 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.76.149"; classtype:trojan-activity; sid:37608291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.227.248 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.227.248"; classtype:trojan-activity; sid:37608301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.210.160.254 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.210.160.254"; classtype:trojan-activity; sid:37592601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 96.127.160.234 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.127.160.234"; classtype:trojan-activity; sid:37592611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.103.174.42 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.103.174.42"; classtype:trojan-activity; sid:37592621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.175.71.49 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.175.71.49"; classtype:trojan-activity; sid:37592631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.111.26.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.111.26.82"; classtype:trojan-activity; sid:37592641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.199.8.59 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.199.8.59"; classtype:trojan-activity; sid:37592651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.0.220.48 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.0.220.48"; classtype:trojan-activity; sid:37579441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 176.124.198.112 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.124.198.112"; classtype:trojan-activity; sid:37608311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 64.62.197.134 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.134"; classtype:trojan-activity; sid:37608321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.175.61.25 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.175.61.25"; classtype:trojan-activity; sid:37592661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.134.69.8 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.134.69.8"; classtype:trojan-activity; sid:37608331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.6.54.203 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.54.203"; classtype:trojan-activity; sid:37608341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 176.118.125.237 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.118.125.237"; classtype:trojan-activity; sid:37592671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.60.89 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.60.89"; classtype:trojan-activity; sid:37575971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 134.195.90.200 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.195.90.200"; classtype:trojan-activity; sid:37579451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 222.187.121.108 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.187.121.108"; classtype:trojan-activity; sid:37592681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.104.151.210 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.104.151.210"; classtype:trojan-activity; sid:37592691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 146.120.231.40 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.120.231.40"; classtype:trojan-activity; sid:37592701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.87.179.97 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.87.179.97"; classtype:trojan-activity; sid:37592711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.181.72.205 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.181.72.205"; classtype:trojan-activity; sid:37592721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 193.151.149.107 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.149.107"; classtype:trojan-activity; sid:37608351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 23.92.27.132 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.92.27.132"; classtype:trojan-activity; sid:37579461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 220.86.118.225 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.86.118.225"; classtype:trojan-activity; sid:37608361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 79.54.64.69 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.54.64.69"; classtype:trojan-activity; sid:37608371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.31.12.233 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.12.233"; classtype:trojan-activity; sid:37592731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.64.175.91 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.175.91"; classtype:trojan-activity; sid:37608381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.132.162.133 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.132.162.133"; classtype:trojan-activity; sid:37575981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 64.62.197.217 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.217"; classtype:trojan-activity; sid:37608391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 179.247.69.80 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.247.69.80"; classtype:trojan-activity; sid:37592741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 137.59.194.38 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.59.194.38"; classtype:trojan-activity; sid:37592751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.93.124.140 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.93.124.140"; classtype:trojan-activity; sid:37747771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.251.75.179 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.251.75.179"; classtype:trojan-activity; sid:37579471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 61.83.148.111 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.83.148.111"; classtype:trojan-activity; sid:37608401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.142.8.230 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.142.8.230"; classtype:trojan-activity; sid:37592761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 109.161.51.187 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.161.51.187"; classtype:trojan-activity; sid:37592771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.29.56.110 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.29.56.110"; classtype:trojan-activity; sid:37592781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.21.63.206 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.21.63.206"; classtype:trojan-activity; sid:37592791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.236.246.254 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.246.254"; classtype:trojan-activity; sid:37747781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 112.27.196.119 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.27.196.119"; classtype:trojan-activity; sid:37592801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.202 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.202"; classtype:trojan-activity; sid:37747791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 198.235.24.233 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.233"; classtype:trojan-activity; sid:37608411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.175.54.244 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.175.54.244"; classtype:trojan-activity; sid:37592811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 71.207.237.161 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.207.237.161"; classtype:trojan-activity; sid:37592821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.8.153.6 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.8.153.6"; classtype:trojan-activity; sid:37592831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.120.134.93 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.120.134.93"; classtype:trojan-activity; sid:37579481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 110.182.98.202 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.182.98.202"; classtype:trojan-activity; sid:37592841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.192.127.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.192.127.247"; classtype:trojan-activity; sid:37592851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.62.197.92 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.92"; classtype:trojan-activity; sid:37592861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 208.53.61.115 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.53.61.115"; classtype:trojan-activity; sid:37579491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 121.236.243.36 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.236.243.36"; classtype:trojan-activity; sid:37592871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 115.223.82.101 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.223.82.101"; classtype:trojan-activity; sid:37592881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.172.51.147 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.51.147"; classtype:trojan-activity; sid:37592891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 169.0.219.184 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 169.0.219.184"; classtype:trojan-activity; sid:37592901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 201.231.255.221 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.231.255.221"; classtype:trojan-activity; sid:37608421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.169.238.183 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.169.238.183"; classtype:trojan-activity; sid:37592911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.31.252.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.252.54"; classtype:trojan-activity; sid:37592921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.51.156.160 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.51.156.160"; classtype:trojan-activity; sid:37592931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.18.107.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.18.107.203"; classtype:trojan-activity; sid:37592941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.13.2.224 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.13.2.224"; classtype:trojan-activity; sid:37592951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.205.210.63 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.205.210.63"; classtype:trojan-activity; sid:37592961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.56.66.82 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.56.66.82"; classtype:trojan-activity; sid:37608431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 176.122.255.155 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.122.255.155"; classtype:trojan-activity; sid:37592971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.118.199.199 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.118.199.199"; classtype:trojan-activity; sid:37592981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.73.4.110 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.73.4.110"; classtype:trojan-activity; sid:37592991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.13.1.67 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.1.67"; classtype:trojan-activity; sid:37608441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.70.32.188 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.70.32.188"; classtype:trojan-activity; sid:37593001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.15.114.129 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.15.114.129"; classtype:trojan-activity; sid:37608451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.93.205.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.220"; classtype:trojan-activity; sid:37593011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 71.41.188.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.41.188.158"; classtype:trojan-activity; sid:37593021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.145.27.42 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.145.27.42"; classtype:trojan-activity; sid:37579501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 211.91.60.69 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.91.60.69"; classtype:trojan-activity; sid:37579511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.167.96.146 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.167.96.146"; classtype:trojan-activity; sid:37579521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.200.137.41 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.41"; classtype:trojan-activity; sid:37593031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 23.227.202.211 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.227.202.211"; classtype:trojan-activity; sid:37579531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 62.204.41.107 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.204.41.107"; classtype:trojan-activity; sid:37579541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.195 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.195"; classtype:trojan-activity; sid:37579551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.215 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.215"; classtype:trojan-activity; sid:37579561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert http $HOME_NET any -> $EXTERNAL_NET 15426 (msg: "MISP e26876 [kill-chain:Command and Control] Outgoing URL http|3a|//5.tcp.eu.ngrok.io|3a|15426"; flow:to_server,established; http.header; content:"5.tcp.eu.ngrok.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37577351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26876;) alert dns any any -> any any (msg: "MISP e26842 [] Domain srv.tamatri.co"; dns.query; content:"srv.tamatri.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])srv\.tamatri\.co$/i"; classtype:trojan-activity; sid:37561751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [] Outgoing HTTP Domain srv.tamatri.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"srv.tamatri.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])srv\.tamatri\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert dns any any -> any any (msg: "MISP e26842 [] Domain tamatri.co"; dns.query; content:"tamatri.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])tamatri\.co$/i"; classtype:trojan-activity; sid:37561761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26842 [] Outgoing HTTP Domain tamatri.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tamatri.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tamatri\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 101.132.141.209 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.132.141.209"; classtype:trojan-activity; sid:37575991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 101.133.231.65 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.133.231.65"; classtype:trojan-activity; sid:37576001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 101.34.56.158 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.56.158"; classtype:trojan-activity; sid:37576011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip $HOME_NET any -> 45.95.147.236 43782 (msg: "MISP e26842 [] Outgoing To IP: 45.95.147.236|43782"; classtype:trojan-activity; sid:37561771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 122.96.50.100 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.96.50.100"; classtype:trojan-activity; sid:37593041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.57.119.84 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.57.119.84"; classtype:trojan-activity; sid:37593051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.82.74.87 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.82.74.87"; classtype:trojan-activity; sid:37593061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.216.150.21 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.216.150.21"; classtype:trojan-activity; sid:37593071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.194.90.138 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.194.90.138"; classtype:trojan-activity; sid:37593081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.187.61.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.187.61.60"; classtype:trojan-activity; sid:37593091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.73.36.178 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.73.36.178"; classtype:trojan-activity; sid:37593101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.34.209.65 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.34.209.65"; classtype:trojan-activity; sid:37593111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.61.132.37 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.132.37"; classtype:trojan-activity; sid:37593121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.236.75.29 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.236.75.29"; classtype:trojan-activity; sid:37593131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.232.246.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.232.246.197"; classtype:trojan-activity; sid:37593141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.34.177.99 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.34.177.99"; classtype:trojan-activity; sid:37593151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 126.59.25.229 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.59.25.229"; classtype:trojan-activity; sid:37593161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.235.58.222 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.235.58.222"; classtype:trojan-activity; sid:37593171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.99.213.1 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.99.213.1"; classtype:trojan-activity; sid:37593181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 102.33.125.72 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.33.125.72"; classtype:trojan-activity; sid:37576021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 106.14.164.35 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.14.164.35"; classtype:trojan-activity; sid:37576031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 27.21.148.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.21.148.107"; classtype:trojan-activity; sid:37593191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.157.76.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.157.76.181"; classtype:trojan-activity; sid:37593201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.14.63.99 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.14.63.99"; classtype:trojan-activity; sid:37576041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 200.114.64.140 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.114.64.140"; classtype:trojan-activity; sid:37593211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.18.185.143 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.18.185.143"; classtype:trojan-activity; sid:37593221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.246.111.179 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.111.179"; classtype:trojan-activity; sid:37593231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.64.252.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.64.252.166"; classtype:trojan-activity; sid:37593241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 204.248.120.147 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.248.120.147"; classtype:trojan-activity; sid:37593251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.135.204.163 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.204.163"; classtype:trojan-activity; sid:37593261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.1.232.195 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.1.232.195"; classtype:trojan-activity; sid:37593271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.180.18.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.180.18.17"; classtype:trojan-activity; sid:37593281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 212.24.42.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.24.42.247"; classtype:trojan-activity; sid:37593291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 200.53.95.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.53.95.193"; classtype:trojan-activity; sid:37593301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.240.237.93 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.237.93"; classtype:trojan-activity; sid:37593311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.185.19.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.185.19.90"; classtype:trojan-activity; sid:37593321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.70.17.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.70.17.82"; classtype:trojan-activity; sid:37593331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.52.249.253 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.249.253"; classtype:trojan-activity; sid:37576051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.30.117.202 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.30.117.202"; classtype:trojan-activity; sid:37608461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.42.218.75 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.218.75"; classtype:trojan-activity; sid:37576061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 101.42.160.47 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.160.47"; classtype:trojan-activity; sid:37608471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.29.180.11 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.29.180.11"; classtype:trojan-activity; sid:37608481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 83.239.229.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.239.229.32"; classtype:trojan-activity; sid:37593341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 60.183.148.133 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.183.148.133"; classtype:trojan-activity; sid:37593351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.151.141.89 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.151.141.89"; classtype:trojan-activity; sid:37608491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 39.40.223.28 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.40.223.28"; classtype:trojan-activity; sid:37593361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.46.160.98 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.46.160.98"; classtype:trojan-activity; sid:37593371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.43.58.236 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.58.236"; classtype:trojan-activity; sid:37608501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 71.58.45.188 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.58.45.188"; classtype:trojan-activity; sid:37593381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.229.164.28 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.164.28"; classtype:trojan-activity; sid:37576071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 58.54.88.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.88.85"; classtype:trojan-activity; sid:37593391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.92.243.216 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.243.216"; classtype:trojan-activity; sid:37593401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.227.254.48 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.227.254.48"; classtype:trojan-activity; sid:37593411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.220.157.77 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.157.77"; classtype:trojan-activity; sid:37608511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.53.166.226 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.53.166.226"; classtype:trojan-activity; sid:37608521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.229.86.177 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.86.177"; classtype:trojan-activity; sid:37576081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 139.59.64.179 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.64.179"; classtype:trojan-activity; sid:37608531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 115.159.205.208 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.205.208"; classtype:trojan-activity; sid:37608541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.29.233.192 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.233.192"; classtype:trojan-activity; sid:37608551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.156.193.184 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.193.184"; classtype:trojan-activity; sid:37608561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.122.32.99 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.122.32.99"; classtype:trojan-activity; sid:37608571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.250.96.66 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.250.96.66"; classtype:trojan-activity; sid:37608581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 143.137.45.121 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.137.45.121"; classtype:trojan-activity; sid:37608591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.91.208.163 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.208.163"; classtype:trojan-activity; sid:37608601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.113.245.53 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.113.245.53"; classtype:trojan-activity; sid:37608611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.27.114.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.27.114.204"; classtype:trojan-activity; sid:37608621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 189.195.123.57 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.195.123.57"; classtype:trojan-activity; sid:37608631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.207.201.187 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.201.187"; classtype:trojan-activity; sid:37608641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.72.15.5 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.15.5"; classtype:trojan-activity; sid:37608651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 14.18.113.233 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.18.113.233"; classtype:trojan-activity; sid:37608661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.248.133.184 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.184"; classtype:trojan-activity; sid:37608671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.166.236.23 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.236.23"; classtype:trojan-activity; sid:37608681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 202.112.212.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.112.212.169"; classtype:trojan-activity; sid:37608691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.61.229.78 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.61.229.78"; classtype:trojan-activity; sid:37576091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 178.128.92.9 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.92.9"; classtype:trojan-activity; sid:37608701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.64.202.162 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.202.162"; classtype:trojan-activity; sid:37608711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 165.154.145.225 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.145.225"; classtype:trojan-activity; sid:37608721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.64.139.138 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.139.138"; classtype:trojan-activity; sid:37608731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 161.82.233.183 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.82.233.183"; classtype:trojan-activity; sid:37608741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 181.171.122.189 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.171.122.189"; classtype:trojan-activity; sid:37608751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 200.118.99.170 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.118.99.170"; classtype:trojan-activity; sid:37608761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.155.138.51 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.138.51"; classtype:trojan-activity; sid:37608771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 5.42.84.61 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.84.61"; classtype:trojan-activity; sid:37608781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.251 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.251"; classtype:trojan-activity; sid:37608791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.133.62.48 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.62.48"; classtype:trojan-activity; sid:37608801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 41.82.208.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.82.208.182"; classtype:trojan-activity; sid:37608811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.124.66.82 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.124.66.82"; classtype:trojan-activity; sid:37576101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.153.45.237 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.45.237"; classtype:trojan-activity; sid:37608821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 94.142.138.222 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.142.138.222"; classtype:trojan-activity; sid:37608831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.169.76.33 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.169.76.33"; classtype:trojan-activity; sid:37593421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.157.150.221 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.150.221"; classtype:trojan-activity; sid:37608841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.243.136.56 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.136.56"; classtype:trojan-activity; sid:37576111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 198.235.24.85 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.85"; classtype:trojan-activity; sid:37579571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 42.192.149.164 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.149.164"; classtype:trojan-activity; sid:37608851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.220.13.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.220.13.51"; classtype:trojan-activity; sid:37593431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.220.176.59 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.220.176.59"; classtype:trojan-activity; sid:37576121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.233.167.135 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.233.167.135"; classtype:trojan-activity; sid:37593441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.176.75.28 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.176.75.28"; classtype:trojan-activity; sid:37576131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 81.19.135.47 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.19.135.47"; classtype:trojan-activity; sid:37576141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 118.178.229.234 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.178.229.234"; classtype:trojan-activity; sid:37576151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 117.103.159.250 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.103.159.250"; classtype:trojan-activity; sid:37593451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 152.170.200.131 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.170.200.131"; classtype:trojan-activity; sid:37593461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 191.196.133.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.196.133.247"; classtype:trojan-activity; sid:37593471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.96.238.168 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.238.168"; classtype:trojan-activity; sid:37576161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 180.145.39.29 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.145.39.29"; classtype:trojan-activity; sid:37593481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.24.91.176 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.24.91.176"; classtype:trojan-activity; sid:37576171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 223.8.4.7 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.4.7"; classtype:trojan-activity; sid:37593491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.25.227.158 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.25.227.158"; classtype:trojan-activity; sid:37576181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 181.101.93.105 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.101.93.105"; classtype:trojan-activity; sid:37593501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 92.185.185.129 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.185.185.129"; classtype:trojan-activity; sid:37593511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.55.85.33 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.55.85.33"; classtype:trojan-activity; sid:37576191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 120.78.125.244 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.78.125.244"; classtype:trojan-activity; sid:37576201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 37.1.80.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.1.80.193"; classtype:trojan-activity; sid:37593521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.139.159.35 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.139.159.35"; classtype:trojan-activity; sid:37576211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 112.35.26.27 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.35.26.27"; classtype:trojan-activity; sid:37608861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.196.198.48 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.196.198.48"; classtype:trojan-activity; sid:37576221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.40.191.195 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.191.195"; classtype:trojan-activity; sid:37576231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 123.207.39.131 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.39.131"; classtype:trojan-activity; sid:37576241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 123.31.31.19 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.31.31.19"; classtype:trojan-activity; sid:37576251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 124.220.226.223 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.226.223"; classtype:trojan-activity; sid:37576261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 124.221.254.193 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.254.193"; classtype:trojan-activity; sid:37576271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 124.221.70.60 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.70.60"; classtype:trojan-activity; sid:37576281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 138.199.40.168 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.199.40.168"; classtype:trojan-activity; sid:37576291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 146.190.34.20 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.34.20"; classtype:trojan-activity; sid:37576301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 146.190.60.239 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.60.239"; classtype:trojan-activity; sid:37576311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 149.102.252.11 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.102.252.11"; classtype:trojan-activity; sid:37576321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 150.158.10.199 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.10.199"; classtype:trojan-activity; sid:37576331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 165.22.178.106 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.178.106"; classtype:trojan-activity; sid:37576341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 172.81.62.167 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.167"; classtype:trojan-activity; sid:37576351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 172.81.62.203 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.203"; classtype:trojan-activity; sid:37576361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 220.93.99.249 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.93.99.249"; classtype:trojan-activity; sid:37576371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.134.101.44 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.101.44"; classtype:trojan-activity; sid:37608871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.93.117.154 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.117.154"; classtype:trojan-activity; sid:37576381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 59.29.239.109 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.29.239.109"; classtype:trojan-activity; sid:37576391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 80.252.210.56 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.252.210.56"; classtype:trojan-activity; sid:37576401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 82.186.169.249 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.186.169.249"; classtype:trojan-activity; sid:37576411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 84.17.35.74 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.74"; classtype:trojan-activity; sid:37576421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 84.17.35.82 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.17.35.82"; classtype:trojan-activity; sid:37576431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert dns any any -> any any (msg: "MISP e27167 [] Domain srv.tamatri.co"; dns.query; content:"srv.tamatri.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])srv\.tamatri\.co$/i"; classtype:trojan-activity; sid:37854061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain srv.tamatri.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"srv.tamatri.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])srv\.tamatri\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert dns any any -> any any (msg: "MISP e27167 [] Domain tamatri.co"; dns.query; content:"tamatri.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])tamatri\.co$/i"; classtype:trojan-activity; sid:37854071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27167 [] Outgoing HTTP Domain tamatri.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tamatri.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tamatri\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37854072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip $HOME_NET any -> 45.95.147.236 43782 (msg: "MISP e27167 [] Outgoing To IP: 45.95.147.236|43782"; classtype:trojan-activity; sid:37854081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 87.236.176.123 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.123"; classtype:trojan-activity; sid:37747801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.236.176.131 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.131"; classtype:trojan-activity; sid:37747811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 112.113.109.144 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.113.109.144"; classtype:trojan-activity; sid:37593531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.74.30.200 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.74.30.200"; classtype:trojan-activity; sid:37593541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.181.80.126 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.181.80.126"; classtype:trojan-activity; sid:37593551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.126.64.102 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.64.102"; classtype:trojan-activity; sid:37608881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.6.97.174 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.97.174"; classtype:trojan-activity; sid:37608891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 89.134.255.74 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.134.255.74"; classtype:trojan-activity; sid:37608901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 2.57.149.92 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.57.149.92"; classtype:trojan-activity; sid:37579581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 78.24.205.142 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.24.205.142"; classtype:trojan-activity; sid:37579591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 146.70.186.158 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.186.158"; classtype:trojan-activity; sid:37576441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 37.46.115.29 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.46.115.29"; classtype:trojan-activity; sid:37576451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.89 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.89"; classtype:trojan-activity; sid:37747821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 115.63.201.159 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.63.201.159"; classtype:trojan-activity; sid:37593561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.199.207.173 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.199.207.173"; classtype:trojan-activity; sid:37593571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.212.62.254 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.212.62.254"; classtype:trojan-activity; sid:37593581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.132.145.22 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.132.145.22"; classtype:trojan-activity; sid:37593591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 200.69.52.30 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.69.52.30"; classtype:trojan-activity; sid:37593601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 88.250.206.248 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.250.206.248"; classtype:trojan-activity; sid:37593611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.227.17.227 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.227.17.227"; classtype:trojan-activity; sid:37593621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.221.130.226 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.130.226"; classtype:trojan-activity; sid:37608911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.84 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.84"; classtype:trojan-activity; sid:37747831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 58.218.204.183 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.218.204.183"; classtype:trojan-activity; sid:37579601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.94 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.94"; classtype:trojan-activity; sid:37579611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 194.33.45.113 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.45.113"; classtype:trojan-activity; sid:37576461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 164.52.200.223 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.52.200.223"; classtype:trojan-activity; sid:37608921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 193.36.183.250 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.36.183.250"; classtype:trojan-activity; sid:37608931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 68.38.182.217 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.38.182.217"; classtype:trojan-activity; sid:37593631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.89.157.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.89.157.74"; classtype:trojan-activity; sid:37593641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.194.203.11 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.194.203.11"; classtype:trojan-activity; sid:37593651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 211.20.42.44 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.20.42.44"; classtype:trojan-activity; sid:37593661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.62.207 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.207"; classtype:trojan-activity; sid:37576471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 14.155.206.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.155.206.225"; classtype:trojan-activity; sid:37593671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.114.21.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.21.158"; classtype:trojan-activity; sid:37593681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.210.31.16 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.16"; classtype:trojan-activity; sid:37608941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 141.98.10.105 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.10.105"; classtype:trojan-activity; sid:37608951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.142.125.216 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.216"; classtype:trojan-activity; sid:37579621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 58.29.106.148 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.29.106.148"; classtype:trojan-activity; sid:37593691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.137.192.144 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.137.192.144"; classtype:trojan-activity; sid:37593701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.180.143.50 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.180.143.50"; classtype:trojan-activity; sid:37579631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.92.107.125 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.92.107.125"; classtype:trojan-activity; sid:37608961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.102.169.240 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.169.240"; classtype:trojan-activity; sid:37593711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.246.125.136 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.125.136"; classtype:trojan-activity; sid:37593721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 195.158.1.169 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.158.1.169"; classtype:trojan-activity; sid:37576481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.38.12.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.38.12.88"; classtype:trojan-activity; sid:37593731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.196.9.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.196.9.45"; classtype:trojan-activity; sid:37608971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.116.28.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.116.28.62"; classtype:trojan-activity; sid:37593741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.183.17.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.183.17.85"; classtype:trojan-activity; sid:37593751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.247"; classtype:trojan-activity; sid:37593761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 24.84.212.161 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.84.212.161"; classtype:trojan-activity; sid:37593771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 138.197.141.28 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.141.28"; classtype:trojan-activity; sid:37608981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.255.117.32 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.255.117.32"; classtype:trojan-activity; sid:37576491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.251.67.169 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.251.67.169"; classtype:trojan-activity; sid:37576501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 125.26.229.236 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.229.236"; classtype:trojan-activity; sid:37593781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.122.54.54 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.122.54.54"; classtype:trojan-activity; sid:37576511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.17 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.17"; classtype:trojan-activity; sid:37747841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 209.97.174.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.97.174.45"; classtype:trojan-activity; sid:37608991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 143.244.142.125 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.244.142.125"; classtype:trojan-activity; sid:37747851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.236.176.35 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.35"; classtype:trojan-activity; sid:37747861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 120.76.211.20 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.76.211.20"; classtype:trojan-activity; sid:37576521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 81.22.60.6 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.22.60.6"; classtype:trojan-activity; sid:37593791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 134.255.69.185 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.255.69.185"; classtype:trojan-activity; sid:37593801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.234.205.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.234.205.34"; classtype:trojan-activity; sid:37593811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.145.159.157 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.145.159.157"; classtype:trojan-activity; sid:37609001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 128.199.225.7 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.225.7"; classtype:trojan-activity; sid:37609011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 69.164.217.74 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.164.217.74"; classtype:trojan-activity; sid:37747871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 36.138.224.103 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.138.224.103"; classtype:trojan-activity; sid:37609021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.135.163.185 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.163.185"; classtype:trojan-activity; sid:37609031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.124.167.89 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.124.167.89"; classtype:trojan-activity; sid:37609041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.120 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.120"; classtype:trojan-activity; sid:37579641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 8.138.80.119 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.138.80.119"; classtype:trojan-activity; sid:37747881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 176.223.185.214 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.223.185.214"; classtype:trojan-activity; sid:37576531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 120.57.222.229 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.57.222.229"; classtype:trojan-activity; sid:37593821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.236.192.222 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.236.192.222"; classtype:trojan-activity; sid:37609051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 219.117.5.136 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.117.5.136"; classtype:trojan-activity; sid:37593831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 153.187.142.241 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.187.142.241"; classtype:trojan-activity; sid:37593841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.94.146.56 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.146.56"; classtype:trojan-activity; sid:37593851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.75.246.113 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.246.113"; classtype:trojan-activity; sid:37609061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.52.246.119 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.52.246.119"; classtype:trojan-activity; sid:37593861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.64.130.116 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.130.116"; classtype:trojan-activity; sid:37609071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 172.245.19.240 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.245.19.240"; classtype:trojan-activity; sid:37609081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.149.26.253 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.149.26.253"; classtype:trojan-activity; sid:37579651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.155.168.85 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.168.85"; classtype:trojan-activity; sid:37609091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 194.48.250.126 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.126"; classtype:trojan-activity; sid:37593871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.141.132.88 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.141.132.88"; classtype:trojan-activity; sid:37609101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.227.157.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.227.157.74"; classtype:trojan-activity; sid:37593881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 201.33.248.42 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.33.248.42"; classtype:trojan-activity; sid:37593891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 206.119.117.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.119.117.45"; classtype:trojan-activity; sid:37609111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.94.146.57 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.146.57"; classtype:trojan-activity; sid:37579661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.251.67.175 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.251.67.175"; classtype:trojan-activity; sid:37576541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 129.226.221.72 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.221.72"; classtype:trojan-activity; sid:37609121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.106.195.8 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.195.8"; classtype:trojan-activity; sid:37609131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.248.25.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.25.154"; classtype:trojan-activity; sid:37609141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.7.94 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.7.94"; classtype:trojan-activity; sid:37609151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.128.160.131 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.160.131"; classtype:trojan-activity; sid:37609161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.107 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.107"; classtype:trojan-activity; sid:37609171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.118 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.118"; classtype:trojan-activity; sid:37593901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.62.244 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.244"; classtype:trojan-activity; sid:37576551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 14.116.191.92 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.116.191.92"; classtype:trojan-activity; sid:37609181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.198.6 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.198.6"; classtype:trojan-activity; sid:37609191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.56.93.138 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.56.93.138"; classtype:trojan-activity; sid:37593911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.196.136.5 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.196.136.5"; classtype:trojan-activity; sid:37609201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.245.99.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.245.99.82"; classtype:trojan-activity; sid:37593921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.128.116.24 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.116.24"; classtype:trojan-activity; sid:37609211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.199.93.93 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.93.93"; classtype:trojan-activity; sid:37576561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 118.24.117.44 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.24.117.44"; classtype:trojan-activity; sid:37609221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.251.219.22 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.251.219.22"; classtype:trojan-activity; sid:37593931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.159.133.39 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.133.39"; classtype:trojan-activity; sid:37609231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip $HOME_NET any -> 87.98.177.182 3131 (msg: "MISP e26842 [BitRAT,RAT] Outgoing To IP: 87.98.177.182|3131"; classtype:trojan-activity; sid:37561781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 139.59.245.64 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.245.64"; classtype:trojan-activity; sid:37609241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.58 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.58"; classtype:trojan-activity; sid:37609251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.228.44.91 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.228.44.91"; classtype:trojan-activity; sid:37593941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 157.230.21.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.21.139"; classtype:trojan-activity; sid:37609261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.39.228.227 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.39.228.227"; classtype:trojan-activity; sid:37609271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.189.91.98 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.189.91.98"; classtype:trojan-activity; sid:37593951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.205 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.205"; classtype:trojan-activity; sid:37579671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 119.203.200.111 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.203.200.111"; classtype:trojan-activity; sid:37593961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.157.138.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.138.65"; classtype:trojan-activity; sid:37609281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.142.68.215 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.142.68.215"; classtype:trojan-activity; sid:37593971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.150.110.79 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.150.110.79"; classtype:trojan-activity; sid:37593981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 50.31.21.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.31.21.4"; classtype:trojan-activity; sid:37593991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 129.226.155.143 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.155.143"; classtype:trojan-activity; sid:37609291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.248.53.142 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.248.53.142"; classtype:trojan-activity; sid:37594001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.61.141.41 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.141.41"; classtype:trojan-activity; sid:37594011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.136.98.3 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.98.3"; classtype:trojan-activity; sid:37609301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.234.168.23 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.234.168.23"; classtype:trojan-activity; sid:37594021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.62.197.128 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.128"; classtype:trojan-activity; sid:37609311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.150.190 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.150.190"; classtype:trojan-activity; sid:37609321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.98.119.245 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.98.119.245"; classtype:trojan-activity; sid:37594031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 161.35.66.63 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.66.63"; classtype:trojan-activity; sid:37609331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.240.109.35 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.240.109.35"; classtype:trojan-activity; sid:37576571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 179.176.57.187 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.176.57.187"; classtype:trojan-activity; sid:37594041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 179.106.17.151 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.106.17.151"; classtype:trojan-activity; sid:37594051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 187.18.155.145 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.18.155.145"; classtype:trojan-activity; sid:37594061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.13.190.175 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.13.190.175"; classtype:trojan-activity; sid:37594071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.214.54.136 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.214.54.136"; classtype:trojan-activity; sid:37594081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 137.184.12.233 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.12.233"; classtype:trojan-activity; sid:37609341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.158 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.158"; classtype:trojan-activity; sid:37579681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 218.63.230.230 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.63.230.230"; classtype:trojan-activity; sid:37594091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 31.191.30.68 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.191.30.68"; classtype:trojan-activity; sid:37594101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.123.72.63 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.123.72.63"; classtype:trojan-activity; sid:37594111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 98.53.127.63 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 98.53.127.63"; classtype:trojan-activity; sid:37594121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.64.130.197 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.130.197"; classtype:trojan-activity; sid:37579691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 27.184.195.229 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.184.195.229"; classtype:trojan-activity; sid:37579701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 89.187.178.104 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.187.178.104"; classtype:trojan-activity; sid:37576581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 112.102.168.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.168.34"; classtype:trojan-activity; sid:37594131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.14.31.235 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.31.235"; classtype:trojan-activity; sid:37609351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.172.30.221 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.172.30.221"; classtype:trojan-activity; sid:37594141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.172.167.11 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.167.11"; classtype:trojan-activity; sid:37594151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 219.85.158.124 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.85.158.124"; classtype:trojan-activity; sid:37594161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.35.56.189 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.56.189"; classtype:trojan-activity; sid:37609361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 186.155.227.234 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.155.227.234"; classtype:trojan-activity; sid:37609371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.92.244.147 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.244.147"; classtype:trojan-activity; sid:37594171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 87.98.177.182 3131 (msg: "MISP e27167 [] Outgoing To IP: 87.98.177.182|3131"; classtype:trojan-activity; sid:37854091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 101.36.105.7 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.36.105.7"; classtype:trojan-activity; sid:37609381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 194.165.16.76 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.165.16.76"; classtype:trojan-activity; sid:37747891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 205.210.31.134 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.134"; classtype:trojan-activity; sid:37579711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 107.170.255.35 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.255.35"; classtype:trojan-activity; sid:37579721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 220.93.167.144 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.93.167.144"; classtype:trojan-activity; sid:37609391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 143.198.223.22 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.223.22"; classtype:trojan-activity; sid:37609401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 137.184.106.160 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.106.160"; classtype:trojan-activity; sid:37609411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.113.47.228 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.113.47.228"; classtype:trojan-activity; sid:37594181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.221.222.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.221.222.203"; classtype:trojan-activity; sid:37594191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.181.4.12 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.181.4.12"; classtype:trojan-activity; sid:37609421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 144.0.250.127 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.0.250.127"; classtype:trojan-activity; sid:37594201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 14.63.224.17 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.63.224.17"; classtype:trojan-activity; sid:37609431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 47.242.5.165 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.5.165"; classtype:trojan-activity; sid:37747901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 111.220.207.182 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.220.207.182"; classtype:trojan-activity; sid:37594211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.94.7.122 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.94.7.122"; classtype:trojan-activity; sid:37594221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 14.201.117.148 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.201.117.148"; classtype:trojan-activity; sid:37594231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.172.146.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.172.146.128"; classtype:trojan-activity; sid:37594241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 141.95.57.77 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.95.57.77"; classtype:trojan-activity; sid:37576591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 114.33.208.167 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.33.208.167"; classtype:trojan-activity; sid:37594251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.18 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.18"; classtype:trojan-activity; sid:37747911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 42.202.17.37 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.202.17.37"; classtype:trojan-activity; sid:37594261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 177.52.232.17 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.52.232.17"; classtype:trojan-activity; sid:37576601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 154.244.3.185 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.244.3.185"; classtype:trojan-activity; sid:37576611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 151.80.47.2 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.80.47.2"; classtype:trojan-activity; sid:37579731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 182.178.200.219 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.178.200.219"; classtype:trojan-activity; sid:37576621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 221.151.83.83 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.151.83.83"; classtype:trojan-activity; sid:37609441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 78.186.201.48 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.186.201.48"; classtype:trojan-activity; sid:37594271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.209.96.38 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.209.96.38"; classtype:trojan-activity; sid:37594281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 184.170.79.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.170.79.34"; classtype:trojan-activity; sid:37594291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 92.63.204.182 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.63.204.182"; classtype:trojan-activity; sid:37576631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.153.194.238 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.194.238"; classtype:trojan-activity; sid:37609451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.112.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.112.182"; classtype:trojan-activity; sid:37609461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.43.6.172 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.6.172"; classtype:trojan-activity; sid:37609471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.69.97.45 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.69.97.45"; classtype:trojan-activity; sid:37594301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.109.22.32 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.22.32"; classtype:trojan-activity; sid:37609481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.118.49.76 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.118.49.76"; classtype:trojan-activity; sid:37609491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.109 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.109"; classtype:trojan-activity; sid:37579741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 178.64.201.250 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.64.201.250"; classtype:trojan-activity; sid:37594311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.172.48.15 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.48.15"; classtype:trojan-activity; sid:37594321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.240 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.240"; classtype:trojan-activity; sid:37747921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 203.215.32.14 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.215.32.14"; classtype:trojan-activity; sid:37576641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 27.25.112.214 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.25.112.214"; classtype:trojan-activity; sid:37594331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 181.191.130.221 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.191.130.221"; classtype:trojan-activity; sid:37594341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 107.174.252.17 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.252.17"; classtype:trojan-activity; sid:37609501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.50.136.136 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.50.136.136"; classtype:trojan-activity; sid:37594351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.165.16.73 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.165.16.73"; classtype:trojan-activity; sid:37576651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 185.129.51.9 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.129.51.9"; classtype:trojan-activity; sid:37579751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 59.36.168.4 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.36.168.4"; classtype:trojan-activity; sid:37576661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 94.232.45.92 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.232.45.92"; classtype:trojan-activity; sid:37579761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 216.158.106.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.158.106.82"; classtype:trojan-activity; sid:37594361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.159.32.200 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.32.200"; classtype:trojan-activity; sid:37609511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.91.208.84 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.208.84"; classtype:trojan-activity; sid:37609521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.196.195.79 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.196.195.79"; classtype:trojan-activity; sid:37594371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.102.214.75 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.102.214.75"; classtype:trojan-activity; sid:37609531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 93.71.9.21 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.71.9.21"; classtype:trojan-activity; sid:37594381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.76.50.53 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.76.50.53"; classtype:trojan-activity; sid:37747931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 223.151.249.95 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.249.95"; classtype:trojan-activity; sid:37594391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.223.197.223 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.197.223"; classtype:trojan-activity; sid:37609541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.42.143.184 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.42.143.184"; classtype:trojan-activity; sid:37609551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 172.81.62.243 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.243"; classtype:trojan-activity; sid:37576671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.131.249.230 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.249.230"; classtype:trojan-activity; sid:37609561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.52.75.155 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.52.75.155"; classtype:trojan-activity; sid:37594401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.35.7.122 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.35.7.122"; classtype:trojan-activity; sid:37594411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.92.209.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.92.209.85"; classtype:trojan-activity; sid:37594421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 34.69.39.31 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.69.39.31"; classtype:trojan-activity; sid:37609571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.56.83.110 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.56.83.110"; classtype:trojan-activity; sid:37576681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 42.200.168.236 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.200.168.236"; classtype:trojan-activity; sid:37594431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 201.248.21.89 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.248.21.89"; classtype:trojan-activity; sid:37594441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.65.157.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.65.157.90"; classtype:trojan-activity; sid:37594451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 60.160.170.143 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.160.170.143"; classtype:trojan-activity; sid:37594461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.61.24.251 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.24.251"; classtype:trojan-activity; sid:37594471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.196.10.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.196.10.93"; classtype:trojan-activity; sid:37609581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.200.137.8 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.8"; classtype:trojan-activity; sid:37594481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 192.227.231.198 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.227.231.198"; classtype:trojan-activity; sid:37609591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.14.198.183 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.14.198.183"; classtype:trojan-activity; sid:37594491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 208.73.204.245 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.73.204.245"; classtype:trojan-activity; sid:37579771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.73.124.154 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.73.124.154"; classtype:trojan-activity; sid:37576691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 58.46.171.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.46.171.114"; classtype:trojan-activity; sid:37594501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 176.8.23.42 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.8.23.42"; classtype:trojan-activity; sid:37594511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.41.184.61 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.41.184.61"; classtype:trojan-activity; sid:37594521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.194.11.76 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.194.11.76"; classtype:trojan-activity; sid:37594531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.35.134.111 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.35.134.111"; classtype:trojan-activity; sid:37594541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.57.95.79 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.57.95.79"; classtype:trojan-activity; sid:37594551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.247.1.104 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.247.1.104"; classtype:trojan-activity; sid:37594561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.144.167.68 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.144.167.68"; classtype:trojan-activity; sid:37594571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.227.203.92 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.227.203.92"; classtype:trojan-activity; sid:37594581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.56.170.14 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.56.170.14"; classtype:trojan-activity; sid:37594591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.42.179.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.42.179.139"; classtype:trojan-activity; sid:37594601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 187.49.18.135 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.49.18.135"; classtype:trojan-activity; sid:37594611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.209.235.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.209.235.130"; classtype:trojan-activity; sid:37594621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 90.227.93.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.227.93.220"; classtype:trojan-activity; sid:37594631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.19.77.146 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.19.77.146"; classtype:trojan-activity; sid:37609601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.8.192.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.192.166"; classtype:trojan-activity; sid:37594641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.215.2.80 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.215.2.80"; classtype:trojan-activity; sid:37594651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.153.246.157 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.153.246.157"; classtype:trojan-activity; sid:37594661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.28 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.28"; classtype:trojan-activity; sid:37747941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 151.14.197.106 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.14.197.106"; classtype:trojan-activity; sid:37594671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.239.91.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.91.154"; classtype:trojan-activity; sid:37594681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.223.230.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.230.65"; classtype:trojan-activity; sid:37609611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.142.125.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.220"; classtype:trojan-activity; sid:37594691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 104.129.55.103 2224 (msg: "MISP e27175 [] Outgoing To IP: 104.129.55.103|2224"; classtype:trojan-activity; sid:37863891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 178.18.246.136 2078 (msg: "MISP e27175 [] Outgoing To IP: 178.18.246.136|2078"; classtype:trojan-activity; sid:37863901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 158.220.80.167 2967 (msg: "MISP e27175 [] Outgoing To IP: 158.220.80.167|2967"; classtype:trojan-activity; sid:37863911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 104.129.55.104 2223 (msg: "MISP e27175 [] Outgoing To IP: 104.129.55.104|2223"; classtype:trojan-activity; sid:37863921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 23.226.138.161 5242 (msg: "MISP e27175 [] Outgoing To IP: 23.226.138.161|5242"; classtype:trojan-activity; sid:37863931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 37.60.242.85 9785 (msg: "MISP e27175 [] Outgoing To IP: 37.60.242.85|9785"; classtype:trojan-activity; sid:37863941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 23.226.138.143 2083 (msg: "MISP e27175 [] Outgoing To IP: 23.226.138.143|2083"; classtype:trojan-activity; sid:37863951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 37.60.242.86 2967 (msg: "MISP e27175 [] Outgoing To IP: 37.60.242.86|2967"; classtype:trojan-activity; sid:37863961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 85.239.243.155 5000 (msg: "MISP e27175 [] Outgoing To IP: 85.239.243.155|5000"; classtype:trojan-activity; sid:37863971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 158.220.80.157 9785 (msg: "MISP e27175 [] Outgoing To IP: 158.220.80.157|9785"; classtype:trojan-activity; sid:37863981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 65.20.66.218 5938 (msg: "MISP e27175 [] Outgoing To IP: 65.20.66.218|5938"; classtype:trojan-activity; sid:37863991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 95.179.191.137 5938 (msg: "MISP e27175 [] Outgoing To IP: 95.179.191.137|5938"; classtype:trojan-activity; sid:37864001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert ip $HOME_NET any -> 139.84.237.229 2967 (msg: "MISP e27175 [] Outgoing To IP: 139.84.237.229|2967"; classtype:trojan-activity; sid:37864011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27175;) alert dns any any -> any any (msg: "MISP e27172 [] Domain fxbulls.ru"; dns.query; content:"fxbulls.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])fxbulls\.ru$/i"; classtype:trojan-activity; sid:37862051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27172 [] Outgoing HTTP Domain fxbulls.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fxbulls.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fxbulls\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37862052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert dns any any -> any any (msg: "MISP e27172 [] Domain 87iavv.com"; dns.query; content:"87iavv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])87iavv\.com$/i"; classtype:trojan-activity; sid:37862061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27172 [] Outgoing HTTP Domain 87iavv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"87iavv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])87iavv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37862062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert dns any any -> any any (msg: "MISP e27172 [] Domain unfawjelesst322.com"; dns.query; content:"unfawjelesst322.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])unfawjelesst322\.com$/i"; classtype:trojan-activity; sid:37862071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27172 [] Outgoing HTTP Domain unfawjelesst322.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"unfawjelesst322.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])unfawjelesst322\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37862072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert dns any any -> any any (msg: "MISP e27172 [] Domain p2oaviwt39ui.com"; dns.query; content:"p2oaviwt39ui.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])p2oaviwt39ui\.com$/i"; classtype:trojan-activity; sid:37862081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27172 [] Outgoing HTTP Domain p2oaviwt39ui.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"p2oaviwt39ui.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])p2oaviwt39ui\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37862082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert ip $HOME_NET any -> 84.32.189.74 any (msg: "MISP e27172 [] Outgoing To IP: 84.32.189.74"; classtype:trojan-activity; sid:37862091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert ip $HOME_NET any -> 179.43.172.127 any (msg: "MISP e27172 [] Outgoing To IP: 179.43.172.127"; classtype:trojan-activity; sid:37862101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert ip $HOME_NET any -> 179.43.172.191 any (msg: "MISP e27172 [] Outgoing To IP: 179.43.172.191"; classtype:trojan-activity; sid:37862111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert ip $HOME_NET any -> 64.31.63.70 any (msg: "MISP e27172 [] Outgoing To IP: 64.31.63.70"; classtype:trojan-activity; sid:37862121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert ip $HOME_NET any -> 64.31.63.194 any (msg: "MISP e27172 [] Outgoing To IP: 64.31.63.194"; classtype:trojan-activity; sid:37862131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27172;) alert ip 190.144.14.170 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.144.14.170"; classtype:trojan-activity; sid:37609621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.92 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.92"; classtype:trojan-activity; sid:37579781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 178.91.13.158 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.91.13.158"; classtype:trojan-activity; sid:37576701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 117.248.113.57 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.248.113.57"; classtype:trojan-activity; sid:37594701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.127.97.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.127.97.53"; classtype:trojan-activity; sid:37594711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 70.183.108.219 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 70.183.108.219"; classtype:trojan-activity; sid:37594721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.42.52.152 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.52.152"; classtype:trojan-activity; sid:37594731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.94.154.38 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.94.154.38"; classtype:trojan-activity; sid:37594741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 141.98.10.59 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.10.59"; classtype:trojan-activity; sid:37609631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.251.67.216 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.251.67.216"; classtype:trojan-activity; sid:37576711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 177.22.46.109 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.22.46.109"; classtype:trojan-activity; sid:37594751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.100.99.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.100.99.3"; classtype:trojan-activity; sid:37594761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.226.213.81 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.226.213.81"; classtype:trojan-activity; sid:37594771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.196.220.41 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.196.220.41"; classtype:trojan-activity; sid:37579791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 52.14.84.44 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.14.84.44"; classtype:trojan-activity; sid:37576721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 36.133.201.32 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.201.32"; classtype:trojan-activity; sid:37609641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.151.228.40 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.228.40"; classtype:trojan-activity; sid:37594781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.141.31.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.141.31.3"; classtype:trojan-activity; sid:37594791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.239.125.81 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.125.81"; classtype:trojan-activity; sid:37594801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.97.90.143 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.97.90.143"; classtype:trojan-activity; sid:37594811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.116.126.206 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.116.126.206"; classtype:trojan-activity; sid:37594821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.193.43.198 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.43.198"; classtype:trojan-activity; sid:37576731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 66.240.236.116 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.240.236.116"; classtype:trojan-activity; sid:37594831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.118.147.68 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.118.147.68"; classtype:trojan-activity; sid:37594841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 192.241.201.6 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.201.6"; classtype:trojan-activity; sid:37747951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 207.90.244.6 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.90.244.6"; classtype:trojan-activity; sid:37576741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 18.222.35.37 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 18.222.35.37"; classtype:trojan-activity; sid:37579801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 176.113.141.34 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.113.141.34"; classtype:trojan-activity; sid:37576751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 130.61.35.0 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 130.61.35.0"; classtype:trojan-activity; sid:37609651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 23.224.174.113 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.224.174.113"; classtype:trojan-activity; sid:37609661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 73.152.118.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 73.152.118.75"; classtype:trojan-activity; sid:37594851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.23.163 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.23.163"; classtype:trojan-activity; sid:37609671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.28.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.28.37"; classtype:trojan-activity; sid:37609681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 195.33.237.83 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.33.237.83"; classtype:trojan-activity; sid:37609691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.25.97.241 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.25.97.241"; classtype:trojan-activity; sid:37594861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.177.151.43 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.177.151.43"; classtype:trojan-activity; sid:37594871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.26.140.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.140.158"; classtype:trojan-activity; sid:37594881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 84.54.72.60 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.54.72.60"; classtype:trojan-activity; sid:37576761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 46.161.198.241 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.161.198.241"; classtype:trojan-activity; sid:37576771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 198.74.56.46 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.74.56.46"; classtype:trojan-activity; sid:37579811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 150.158.47.202 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.47.202"; classtype:trojan-activity; sid:37609701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 84.54.51.188 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.54.51.188"; classtype:trojan-activity; sid:37594891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 95.132.253.84 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.132.253.84"; classtype:trojan-activity; sid:37594901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 2.182.2.171 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.182.2.171"; classtype:trojan-activity; sid:37576781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 194.48.250.125 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.125"; classtype:trojan-activity; sid:37594911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 184.168.31.172 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.168.31.172"; classtype:trojan-activity; sid:37609711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 193.37.69.213 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.37.69.213"; classtype:trojan-activity; sid:37579821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.159.194.101 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.194.101"; classtype:trojan-activity; sid:37609721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.254.95.86 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.254.95.86"; classtype:trojan-activity; sid:37609731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.37.157.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.37.157.60"; classtype:trojan-activity; sid:37594921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.89.80.97 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.80.97"; classtype:trojan-activity; sid:37594931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.58.207.81 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.58.207.81"; classtype:trojan-activity; sid:37609741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.229 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.229"; classtype:trojan-activity; sid:37747961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 1.12.69.97 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.69.97"; classtype:trojan-activity; sid:37609751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.34.62.214 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.62.214"; classtype:trojan-activity; sid:37576791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 45.87.212.180 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.87.212.180"; classtype:trojan-activity; sid:37579831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 106.111.196.57 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.111.196.57"; classtype:trojan-activity; sid:37594941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.6.146.212 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.146.212"; classtype:trojan-activity; sid:37609761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.229.25.192 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.25.192"; classtype:trojan-activity; sid:37609771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 41.200.248.160 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.200.248.160"; classtype:trojan-activity; sid:37594951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.221.255.105 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.221.255.105"; classtype:trojan-activity; sid:37609781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.166.199.198 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.166.199.198"; classtype:trojan-activity; sid:37594961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.34.159.39 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.34.159.39"; classtype:trojan-activity; sid:37594971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.99.163.171 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.99.163.171"; classtype:trojan-activity; sid:37609791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.0.248.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.0.248.88"; classtype:trojan-activity; sid:37594981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.170.127.119 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.170.127.119"; classtype:trojan-activity; sid:37594991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.167.194.245 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.167.194.245"; classtype:trojan-activity; sid:37595001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 161.132.39.55 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.132.39.55"; classtype:trojan-activity; sid:37609801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.37.125 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.37.125"; classtype:trojan-activity; sid:37609811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.196.1.167 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.196.1.167"; classtype:trojan-activity; sid:37609821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 220.132.22.238 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.132.22.238"; classtype:trojan-activity; sid:37595011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 209.141.55.77 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.141.55.77"; classtype:trojan-activity; sid:37609831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.163.237.70 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.237.70"; classtype:trojan-activity; sid:37609841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 154.222.225.117 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.222.225.117"; classtype:trojan-activity; sid:37609851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 37.44.238.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.44.238.204"; classtype:trojan-activity; sid:37609861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.112.191.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.112.191.34"; classtype:trojan-activity; sid:37595021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 193.43.72.78 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.43.72.78"; classtype:trojan-activity; sid:37609871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.225.23.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.225.23.2"; classtype:trojan-activity; sid:37609881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 216.73.161.153 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.73.161.153"; classtype:trojan-activity; sid:37579841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.215.216.63 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.215.216.63"; classtype:trojan-activity; sid:37595031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.253.43.236 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.253.43.236"; classtype:trojan-activity; sid:37609891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.41.162.41 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.162.41"; classtype:trojan-activity; sid:37595041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 75.74.156.207 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.74.156.207"; classtype:trojan-activity; sid:37579851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.48.28.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.48.28.60"; classtype:trojan-activity; sid:37595051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.227.91.167 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.227.91.167"; classtype:trojan-activity; sid:37595061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.33.59.123 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.33.59.123"; classtype:trojan-activity; sid:37579861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.133.35.150 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.35.150"; classtype:trojan-activity; sid:37609901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.128.97.141 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.97.141"; classtype:trojan-activity; sid:37609911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 78.134.11.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.134.11.130"; classtype:trojan-activity; sid:37595071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 200.55.247.245 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.55.247.245"; classtype:trojan-activity; sid:37609921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 88.247.91.224 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.247.91.224"; classtype:trojan-activity; sid:37595081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.173.91.173 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.173.91.173"; classtype:trojan-activity; sid:37595091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.254.158.185 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.254.158.185"; classtype:trojan-activity; sid:37609931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.89.215.129 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.215.129"; classtype:trojan-activity; sid:37609941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 165.227.101.226 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.101.226"; classtype:trojan-activity; sid:37609951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.11.61.234 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.11.61.234"; classtype:trojan-activity; sid:37609961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 190.109.228.143 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.228.143"; classtype:trojan-activity; sid:37595101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.172.184.189 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.172.184.189"; classtype:trojan-activity; sid:37609971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.11.240.138 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.240.138"; classtype:trojan-activity; sid:37595111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.14.17.210 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.17.210"; classtype:trojan-activity; sid:37609981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.223.98.123 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.98.123"; classtype:trojan-activity; sid:37579871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 121.237.45.230 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.237.45.230"; classtype:trojan-activity; sid:37595121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.109.228.162 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.228.162"; classtype:trojan-activity; sid:37595131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.199 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.199"; classtype:trojan-activity; sid:37579881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 194.165.17.21 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.165.17.21"; classtype:trojan-activity; sid:37579891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 120.53.108.252 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.108.252"; classtype:trojan-activity; sid:37609991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.74.4.17 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.74.4.17"; classtype:trojan-activity; sid:37610001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.153.203.84 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.153.203.84"; classtype:trojan-activity; sid:37610011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.200.137.71 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.71"; classtype:trojan-activity; sid:37595141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.255 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.255"; classtype:trojan-activity; sid:37610021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 194.145.208.178 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.145.208.178"; classtype:trojan-activity; sid:37610031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.124.98.200 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.124.98.200"; classtype:trojan-activity; sid:37610041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 79.175.129.177 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.175.129.177"; classtype:trojan-activity; sid:37610051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 74.121.149.150 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.121.149.150"; classtype:trojan-activity; sid:37610061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.94.145.53 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.145.53"; classtype:trojan-activity; sid:37579901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 137.184.153.174 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.153.174"; classtype:trojan-activity; sid:37576801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 185.139.138.113 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.139.138.113"; classtype:trojan-activity; sid:37576811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 5.125.99.114 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.125.99.114"; classtype:trojan-activity; sid:37576821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.146.170.55 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.146.170.55"; classtype:trojan-activity; sid:37576831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.134.121.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.121.244"; classtype:trojan-activity; sid:37610071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.157.79.252 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.79.252"; classtype:trojan-activity; sid:37610081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.192.8.64 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.8.64"; classtype:trojan-activity; sid:37610091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.6.73 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.6.73"; classtype:trojan-activity; sid:37610101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.157.168.157 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.168.157"; classtype:trojan-activity; sid:37610111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 190.103.240.121 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.103.240.121"; classtype:trojan-activity; sid:37610121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.156.192.13 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.192.13"; classtype:trojan-activity; sid:37610131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.75.127.125 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.127.125"; classtype:trojan-activity; sid:37610141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.15.105 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.15.105"; classtype:trojan-activity; sid:37610151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.15.133 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.15.133"; classtype:trojan-activity; sid:37610161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.179.170.78 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.179.170.78"; classtype:trojan-activity; sid:37595151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.53.17.76 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.53.17.76"; classtype:trojan-activity; sid:37595161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.106 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.106"; classtype:trojan-activity; sid:37579911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 51.83.72.156 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.83.72.156"; classtype:trojan-activity; sid:37610171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.232 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.232"; classtype:trojan-activity; sid:37747971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 45.128.232.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.128.232.62"; classtype:trojan-activity; sid:37595171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.121.5.130 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.121.5.130"; classtype:trojan-activity; sid:37576841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 3.142.222.129 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 3.142.222.129"; classtype:trojan-activity; sid:37576851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.138.189.111 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.189.111"; classtype:trojan-activity; sid:37610181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.10.65.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.10.65.158"; classtype:trojan-activity; sid:37595181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.119 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.119"; classtype:trojan-activity; sid:37579921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.180.140.5 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.180.140.5"; classtype:trojan-activity; sid:37579931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 101.34.148.151 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.148.151"; classtype:trojan-activity; sid:37610191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.155.15.109 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.155.15.109"; classtype:trojan-activity; sid:37610201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.108.241.86 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.108.241.86"; classtype:trojan-activity; sid:37595191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.103.236.31 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.103.236.31"; classtype:trojan-activity; sid:37610211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 147.182.141.239 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.182.141.239"; classtype:trojan-activity; sid:37610221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.243.143.51 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.143.51"; classtype:trojan-activity; sid:37579941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.134.240.109 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.240.109"; classtype:trojan-activity; sid:37610231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.127.43.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.127.43.139"; classtype:trojan-activity; sid:37595201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.223.26.253 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.26.253"; classtype:trojan-activity; sid:37610241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 219.152.51.148 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.152.51.148"; classtype:trojan-activity; sid:37610251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.135.201.151 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.135.201.151"; classtype:trojan-activity; sid:37579951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 196.190.117.7 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.190.117.7"; classtype:trojan-activity; sid:37579961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 162.55.128.58 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.55.128.58"; classtype:trojan-activity; sid:37579971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 8.210.135.95 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.210.135.95"; classtype:trojan-activity; sid:37747981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 111.61.92.194 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.61.92.194"; classtype:trojan-activity; sid:37595211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.157.105.141 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.105.141"; classtype:trojan-activity; sid:37610261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.127.95.63 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.127.95.63"; classtype:trojan-activity; sid:37595221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.62.61.194 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.62.61.194"; classtype:trojan-activity; sid:37610271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.222.97.136 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.222.97.136"; classtype:trojan-activity; sid:37595231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 93.148.189.146 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.148.189.146"; classtype:trojan-activity; sid:37595241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.135.13.44 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.13.44"; classtype:trojan-activity; sid:37595251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.230.178.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.230.178.244"; classtype:trojan-activity; sid:37610281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.231 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.231"; classtype:trojan-activity; sid:37747991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 114.218.147.113 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.218.147.113"; classtype:trojan-activity; sid:37595261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.211.255.250 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.211.255.250"; classtype:trojan-activity; sid:37595271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 108.30.132.95 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.30.132.95"; classtype:trojan-activity; sid:37595281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.177.96.84 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.177.96.84"; classtype:trojan-activity; sid:37595291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.72.161.191 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.72.161.191"; classtype:trojan-activity; sid:37595301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.42.52.240 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.52.240"; classtype:trojan-activity; sid:37610291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.95.146.13 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.95.146.13"; classtype:trojan-activity; sid:37595311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.92.243.138 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.243.138"; classtype:trojan-activity; sid:37610301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.52.223.109 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.223.109"; classtype:trojan-activity; sid:37610311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.10.198.5 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.10.198.5"; classtype:trojan-activity; sid:37576861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.134.91.212 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.91.212"; classtype:trojan-activity; sid:37610321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 189.195.123.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.195.123.54"; classtype:trojan-activity; sid:37610331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 190.36.85.44 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.36.85.44"; classtype:trojan-activity; sid:37595321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.61.43 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.61.43"; classtype:trojan-activity; sid:37610341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.69.80.75 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.69.80.75"; classtype:trojan-activity; sid:37610351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.32.246.205 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.246.205"; classtype:trojan-activity; sid:37595331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.47.161 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.47.161"; classtype:trojan-activity; sid:37610361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.233.217.8 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.217.8"; classtype:trojan-activity; sid:37595341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.136.19.130 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.19.130"; classtype:trojan-activity; sid:37610371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.209.63 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.209.63"; classtype:trojan-activity; sid:37610381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.182.112.12 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.182.112.12"; classtype:trojan-activity; sid:37595351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.252.164.178 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.252.164.178"; classtype:trojan-activity; sid:37595361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.254.178.55 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.254.178.55"; classtype:trojan-activity; sid:37595371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.7 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.7"; classtype:trojan-activity; sid:37579981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 103.42.243.2 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.42.243.2"; classtype:trojan-activity; sid:37595381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.78.85.165 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.78.85.165"; classtype:trojan-activity; sid:37576871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 142.202.188.175 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.202.188.175"; classtype:trojan-activity; sid:37576881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 192.241.222.70 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.222.70"; classtype:trojan-activity; sid:37576891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 31.43.185.65 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.43.185.65"; classtype:trojan-activity; sid:37576901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 37.46.115.20 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.46.115.20"; classtype:trojan-activity; sid:37576911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.79.118.221 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.79.118.221"; classtype:trojan-activity; sid:37748001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 104.28.238.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.238.182"; classtype:trojan-activity; sid:37610391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.94.138.36 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.36"; classtype:trojan-activity; sid:37748011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 47.242.180.196 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.180.196"; classtype:trojan-activity; sid:37748021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.236.176.41 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.41"; classtype:trojan-activity; sid:37748031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.236.176.49 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.49"; classtype:trojan-activity; sid:37748041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.236.176.58 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.58"; classtype:trojan-activity; sid:37748051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.236.176.71 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.71"; classtype:trojan-activity; sid:37748061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 1.70.18.234 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.70.18.234"; classtype:trojan-activity; sid:37595391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.26.62.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.26.62.128"; classtype:trojan-activity; sid:37595401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.108.12.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.108.12.150"; classtype:trojan-activity; sid:37595411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.51.48.177 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.48.177"; classtype:trojan-activity; sid:37610401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.175.75.254 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.175.75.254"; classtype:trojan-activity; sid:37610411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.22.118.76 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.22.118.76"; classtype:trojan-activity; sid:37595421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.50.84.132 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.50.84.132"; classtype:trojan-activity; sid:37595431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.12 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.12"; classtype:trojan-activity; sid:37748071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 104.140.148.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.140.148.62"; classtype:trojan-activity; sid:37595441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 74.197.114.182 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.197.114.182"; classtype:trojan-activity; sid:37595451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.2.233.237 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.2.233.237"; classtype:trojan-activity; sid:37610421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.250.196.10 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.250.196.10"; classtype:trojan-activity; sid:37610431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.208.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.208.154"; classtype:trojan-activity; sid:37610441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 187.62.88.130 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.62.88.130"; classtype:trojan-activity; sid:37610451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 202.72.235.223 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.72.235.223"; classtype:trojan-activity; sid:37610461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.193.51.17 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.51.17"; classtype:trojan-activity; sid:37610471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.210.31.199 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.199"; classtype:trojan-activity; sid:37610481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.34.99.135 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.34.99.135"; classtype:trojan-activity; sid:37610491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.66.78 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.66.78"; classtype:trojan-activity; sid:37610501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 84.252.157.155 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.252.157.155"; classtype:trojan-activity; sid:37610511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 105.159.123.100 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 105.159.123.100"; classtype:trojan-activity; sid:37595461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 88.135.61.38 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.135.61.38"; classtype:trojan-activity; sid:37576921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 107.174.45.18 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.45.18"; classtype:trojan-activity; sid:37576931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.249 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.249"; classtype:trojan-activity; sid:37748081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 112.164.236.13 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.164.236.13"; classtype:trojan-activity; sid:37610521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 213.232.246.5 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.232.246.5"; classtype:trojan-activity; sid:37576941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.153.214.116 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.214.116"; classtype:trojan-activity; sid:37610531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 190.109.227.195 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.195"; classtype:trojan-activity; sid:37595471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 197.5.145.121 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.5.145.121"; classtype:trojan-activity; sid:37610541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 79.175.132.19 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.175.132.19"; classtype:trojan-activity; sid:37610551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.119.53.206 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.119.53.206"; classtype:trojan-activity; sid:37595481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 188.254.0.138 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.254.0.138"; classtype:trojan-activity; sid:37610561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.166.30.200 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.166.30.200"; classtype:trojan-activity; sid:37595491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.73.101.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.73.101.3"; classtype:trojan-activity; sid:37595501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 23.94.212.33 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.212.33"; classtype:trojan-activity; sid:37610571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.226 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.226"; classtype:trojan-activity; sid:37748091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 45.93.20.204 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.93.20.204"; classtype:trojan-activity; sid:37579991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 139.150.69.56 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.150.69.56"; classtype:trojan-activity; sid:37610581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.79.181.104 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.181.104"; classtype:trojan-activity; sid:37610591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.185.91.235 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.185.91.235"; classtype:trojan-activity; sid:37595511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 158.51.99.81 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.51.99.81"; classtype:trojan-activity; sid:37610601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.157.215.31 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.157.215.31"; classtype:trojan-activity; sid:37610611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 146.190.107.30 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.107.30"; classtype:trojan-activity; sid:37610621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.209.86.243 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.209.86.243"; classtype:trojan-activity; sid:37595521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.50.176.151 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.176.151"; classtype:trojan-activity; sid:37610631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.156.201.50 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.201.50"; classtype:trojan-activity; sid:37610641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.185.106.91 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.185.106.91"; classtype:trojan-activity; sid:37610651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.100.59.49 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.59.49"; classtype:trojan-activity; sid:37595531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 200.59.72.214 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.59.72.214"; classtype:trojan-activity; sid:37595541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 88.208.209.234 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.208.209.234"; classtype:trojan-activity; sid:37610661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.228.17.202 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.228.17.202"; classtype:trojan-activity; sid:37595551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 86.245.111.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.245.111.225"; classtype:trojan-activity; sid:37595561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.171.80.198 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.171.80.198"; classtype:trojan-activity; sid:37610671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.142 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.142"; classtype:trojan-activity; sid:37580001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 94.247.130.35 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.247.130.35"; classtype:trojan-activity; sid:37610681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.128.221.83 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.128.221.83"; classtype:trojan-activity; sid:37595571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.111.4.162 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.111.4.162"; classtype:trojan-activity; sid:37595581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 14.207.119.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.207.119.231"; classtype:trojan-activity; sid:37595591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.35.172.81 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.35.172.81"; classtype:trojan-activity; sid:37595601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.122.204.98 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.122.204.98"; classtype:trojan-activity; sid:37580011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 180.95.231.223 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.95.231.223"; classtype:trojan-activity; sid:37748101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 103.56.61.130 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.56.61.130"; classtype:trojan-activity; sid:37580021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 2.63.104.205 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.63.104.205"; classtype:trojan-activity; sid:37580031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 171.125.85.178 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.125.85.178"; classtype:trojan-activity; sid:37595611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.25.128.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.25.128.225"; classtype:trojan-activity; sid:37595621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.215.203.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.215.203.139"; classtype:trojan-activity; sid:37610691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.160.175 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.160.175"; classtype:trojan-activity; sid:37610701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 165.22.160.184 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.160.184"; classtype:trojan-activity; sid:37576951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 218.15.131.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.15.131.154"; classtype:trojan-activity; sid:37610711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.232.31.51 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.31.51"; classtype:trojan-activity; sid:37610721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.143.142.173 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.142.173"; classtype:trojan-activity; sid:37610731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 34.92.143.190 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.92.143.190"; classtype:trojan-activity; sid:37610741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 165.227.87.78 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.87.78"; classtype:trojan-activity; sid:37610751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 81.69.249.202 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.249.202"; classtype:trojan-activity; sid:37610761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 161.35.185.110 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.185.110"; classtype:trojan-activity; sid:37610771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 128.199.243.189 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.243.189"; classtype:trojan-activity; sid:37610781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.240.27.196 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.27.196"; classtype:trojan-activity; sid:37595631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.151.48.225 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.151.48.225"; classtype:trojan-activity; sid:37610791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.89.122.34 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.122.34"; classtype:trojan-activity; sid:37610801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 213.147.207.68 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.147.207.68"; classtype:trojan-activity; sid:37595641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.16.226.101 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.16.226.101"; classtype:trojan-activity; sid:37595651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.176.213.94 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.176.213.94"; classtype:trojan-activity; sid:37595661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 109.127.180.61 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.127.180.61"; classtype:trojan-activity; sid:37595671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 157.230.160.227 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.160.227"; classtype:trojan-activity; sid:37580041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.43 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.43"; classtype:trojan-activity; sid:37580051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 192.227.187.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.227.187.45"; classtype:trojan-activity; sid:37610811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.134.5.125 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.134.5.125"; classtype:trojan-activity; sid:37610821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.14.82.27 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.82.27"; classtype:trojan-activity; sid:37610831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.209.229.179 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.209.229.179"; classtype:trojan-activity; sid:37576961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 113.200.137.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.17"; classtype:trojan-activity; sid:37595681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.25.59.217 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.25.59.217"; classtype:trojan-activity; sid:37595691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 219.83.191.178 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.83.191.178"; classtype:trojan-activity; sid:37610841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.96.76.242 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.96.76.242"; classtype:trojan-activity; sid:37576971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 113.221.46.55 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.221.46.55"; classtype:trojan-activity; sid:37595701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.217.109.154 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.217.109.154"; classtype:trojan-activity; sid:37576981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.135.172.127 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.172.127"; classtype:trojan-activity; sid:37610851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.43.153.198 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.43.153.198"; classtype:trojan-activity; sid:37576991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 124.219.161.88 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.219.161.88"; classtype:trojan-activity; sid:37577001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 129.226.189.223 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.189.223"; classtype:trojan-activity; sid:37577011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 180.182.93.95 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.182.93.95"; classtype:trojan-activity; sid:37577021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.153.82.108 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.82.108"; classtype:trojan-activity; sid:37610861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.179.165.37 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.179.165.37"; classtype:trojan-activity; sid:37577031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 193.138.218.160 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.138.218.160"; classtype:trojan-activity; sid:37577041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.108.4.18 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.108.4.18"; classtype:trojan-activity; sid:37577051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 2.57.122.89 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.57.122.89"; classtype:trojan-activity; sid:37577061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 178.124.176.193 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.124.176.193"; classtype:trojan-activity; sid:37577071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 222.246.20.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.20.180"; classtype:trojan-activity; sid:37595711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 37.229.84.244 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.229.84.244"; classtype:trojan-activity; sid:37595721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 188.151.54.214 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.151.54.214"; classtype:trojan-activity; sid:37595731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 217.218.35.97 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.218.35.97"; classtype:trojan-activity; sid:37577081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 178.75.123.153 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.75.123.153"; classtype:trojan-activity; sid:37595741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.108.1.23 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.108.1.23"; classtype:trojan-activity; sid:37595751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.11.62.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.11.62.107"; classtype:trojan-activity; sid:37595761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.90.140.31 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.90.140.31"; classtype:trojan-activity; sid:37595771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.117.13.68 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.117.13.68"; classtype:trojan-activity; sid:37595781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.3.24.169 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.3.24.169"; classtype:trojan-activity; sid:37595791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.109.227.235 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.235"; classtype:trojan-activity; sid:37595801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.79.172.21 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.172.21"; classtype:trojan-activity; sid:37595811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 203.138.98.222 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.138.98.222"; classtype:trojan-activity; sid:37577091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 168.232.12.84 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.232.12.84"; classtype:trojan-activity; sid:37595821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.177.167.122 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.177.167.122"; classtype:trojan-activity; sid:37595831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.251.43.81 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.251.43.81"; classtype:trojan-activity; sid:37595841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.81.92.227 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.81.92.227"; classtype:trojan-activity; sid:37595851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 94.180.114.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.180.114.203"; classtype:trojan-activity; sid:37595861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.43.120.153 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.120.153"; classtype:trojan-activity; sid:37610871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.162.162.2 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.162.162.2"; classtype:trojan-activity; sid:37595871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.126.65.80 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.65.80"; classtype:trojan-activity; sid:37610881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 95.47.251.89 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.47.251.89"; classtype:trojan-activity; sid:37595881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.12.139.246 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.139.246"; classtype:trojan-activity; sid:37610891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.138.96.201 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.138.96.201"; classtype:trojan-activity; sid:37610901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 93.40.14.42 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.40.14.42"; classtype:trojan-activity; sid:37595891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.140.203.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.140.203.114"; classtype:trojan-activity; sid:37595901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.42.51.73 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.51.73"; classtype:trojan-activity; sid:37610911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.2.105.45 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.2.105.45"; classtype:trojan-activity; sid:37595911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 63.47.119.117 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 63.47.119.117"; classtype:trojan-activity; sid:37595921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.66.88.215 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.88.215"; classtype:trojan-activity; sid:37595931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.11.166.146 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.11.166.146"; classtype:trojan-activity; sid:37595941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 8.222.170.38 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.170.38"; classtype:trojan-activity; sid:37748111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 175.178.95.122 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.95.122"; classtype:trojan-activity; sid:37610921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 129.226.221.96 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.221.96"; classtype:trojan-activity; sid:37610931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 150.109.203.100 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.203.100"; classtype:trojan-activity; sid:37610941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.89.136.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.89.136.193"; classtype:trojan-activity; sid:37595951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.88.29.26 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.88.29.26"; classtype:trojan-activity; sid:37577101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 167.248.133.33 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.33"; classtype:trojan-activity; sid:37580061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 159.223.105.130 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.105.130"; classtype:trojan-activity; sid:37610951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 176.65.240.102 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.65.240.102"; classtype:trojan-activity; sid:37610961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.69.87.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.69.87.204"; classtype:trojan-activity; sid:37610971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.178.108.52 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.108.52"; classtype:trojan-activity; sid:37610981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 177.229.134.50 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.229.134.50"; classtype:trojan-activity; sid:37610991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.160.48.252 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.160.48.252"; classtype:trojan-activity; sid:37611001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 137.184.228.187 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.228.187"; classtype:trojan-activity; sid:37611011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.89.164.64 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.164.64"; classtype:trojan-activity; sid:37611021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.224.235.122 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.224.235.122"; classtype:trojan-activity; sid:37611031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.94.145.60 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.145.60"; classtype:trojan-activity; sid:37580071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 119.5.157.124 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.5.157.124"; classtype:trojan-activity; sid:37611041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.2.114 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.2.114"; classtype:trojan-activity; sid:37611051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 20.106.216.151 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.106.216.151"; classtype:trojan-activity; sid:37580081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 149.34.246.34 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.34.246.34"; classtype:trojan-activity; sid:37580091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 79.137.227.29 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.137.227.29"; classtype:trojan-activity; sid:37611061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.34.125.66 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.34.125.66"; classtype:trojan-activity; sid:37611071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 94.181.191.24 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.181.191.24"; classtype:trojan-activity; sid:37611081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.132.170.62 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.170.62"; classtype:trojan-activity; sid:37611091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.129.107 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.129.107"; classtype:trojan-activity; sid:37611101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 211.149.129.219 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.149.129.219"; classtype:trojan-activity; sid:37611111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 206.189.153.223 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.153.223"; classtype:trojan-activity; sid:37611121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.93.108.210 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.108.210"; classtype:trojan-activity; sid:37577111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 119.114.140.124 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.114.140.124"; classtype:trojan-activity; sid:37595961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.234.182.120 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.234.182.120"; classtype:trojan-activity; sid:37595971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.62.197.212 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.212"; classtype:trojan-activity; sid:37748121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 198.235.24.24 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.24"; classtype:trojan-activity; sid:37611131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 62.84.126.112 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.84.126.112"; classtype:trojan-activity; sid:37611141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.61.104.218 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.104.218"; classtype:trojan-activity; sid:37595981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.214.76.162 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.76.162"; classtype:trojan-activity; sid:37595991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.93.121.186 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.121.186"; classtype:trojan-activity; sid:37577121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 100.15.97.125 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 100.15.97.125"; classtype:trojan-activity; sid:37596001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.93.242.50 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.242.50"; classtype:trojan-activity; sid:37577131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 223.8.196.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.196.203"; classtype:trojan-activity; sid:37596011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.229.88.177 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.229.88.177"; classtype:trojan-activity; sid:37596021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.32.1.46 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.1.46"; classtype:trojan-activity; sid:37596031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 126.61.32.135 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.61.32.135"; classtype:trojan-activity; sid:37596041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.100.24.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.24.139"; classtype:trojan-activity; sid:37596051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.193.16.50 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.16.50"; classtype:trojan-activity; sid:37611151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.240.62.155 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.62.155"; classtype:trojan-activity; sid:37596061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 177.82.180.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.82.180.139"; classtype:trojan-activity; sid:37596071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.189.84.73 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.189.84.73"; classtype:trojan-activity; sid:37596081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.162.207.118 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.162.207.118"; classtype:trojan-activity; sid:37596091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.242.94.170 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.242.94.170"; classtype:trojan-activity; sid:37596101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 72.105.221.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.105.221.231"; classtype:trojan-activity; sid:37596111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.202.11.112 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.202.11.112"; classtype:trojan-activity; sid:37596121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.210.31.64 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.64"; classtype:trojan-activity; sid:37611161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.170.208.37 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.208.37"; classtype:trojan-activity; sid:37596131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.211 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.211"; classtype:trojan-activity; sid:37596141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.244.51.190 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.244.51.190"; classtype:trojan-activity; sid:37611171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 60.161.23.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.161.23.197"; classtype:trojan-activity; sid:37596151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.48.92.138 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.92.138"; classtype:trojan-activity; sid:37611181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 194.33.191.178 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.33.191.178"; classtype:trojan-activity; sid:37580101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 180.76.96.77 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.96.77"; classtype:trojan-activity; sid:37611191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.154.63.190 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.154.63.190"; classtype:trojan-activity; sid:37611201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.181.235.231 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.181.235.231"; classtype:trojan-activity; sid:37596161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.9.11.251 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.9.11.251"; classtype:trojan-activity; sid:37611211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.210.31.152 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.152"; classtype:trojan-activity; sid:37580111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 128.201.78.253 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.201.78.253"; classtype:trojan-activity; sid:37611221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.216.150.52 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.216.150.52"; classtype:trojan-activity; sid:37596171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.35.239.200 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.35.239.200"; classtype:trojan-activity; sid:37596181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 95.81.95.180 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.81.95.180"; classtype:trojan-activity; sid:37611231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.132.64.11 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.132.64.11"; classtype:trojan-activity; sid:37596191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.40.136.42 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.40.136.42"; classtype:trojan-activity; sid:37596201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.156.91.222 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.91.222"; classtype:trojan-activity; sid:37611241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.151.225.246 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.225.246"; classtype:trojan-activity; sid:37596211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.145.146.29 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.145.146.29"; classtype:trojan-activity; sid:37596221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.26.39.172 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.26.39.172"; classtype:trojan-activity; sid:37596231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.126.70.191 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.70.191"; classtype:trojan-activity; sid:37611251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.219.74.157 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.219.74.157"; classtype:trojan-activity; sid:37596241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 99.122.11.106 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 99.122.11.106"; classtype:trojan-activity; sid:37596251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.138.111.15 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.138.111.15"; classtype:trojan-activity; sid:37596261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.103.201.115 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.103.201.115"; classtype:trojan-activity; sid:37611261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.240.37.100 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.37.100"; classtype:trojan-activity; sid:37596271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.98.36.10 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.98.36.10"; classtype:trojan-activity; sid:37580121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 103.167.89.210 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.167.89.210"; classtype:trojan-activity; sid:37611271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.120.134.80 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.120.134.80"; classtype:trojan-activity; sid:37580131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 182.52.103.171 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.52.103.171"; classtype:trojan-activity; sid:37580141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 183.134.89.41 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.134.89.41"; classtype:trojan-activity; sid:37580151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.106.176.8 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.106.176.8"; classtype:trojan-activity; sid:37580161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 188.125.224.90 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.125.224.90"; classtype:trojan-activity; sid:37580171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 193.237.214.102 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.237.214.102"; classtype:trojan-activity; sid:37580181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 197.254.49.158 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.254.49.158"; classtype:trojan-activity; sid:37580191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 198.199.107.20 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.107.20"; classtype:trojan-activity; sid:37580201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 124.222.32.114 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.32.114"; classtype:trojan-activity; sid:37611281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 171.11.74.61 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.11.74.61"; classtype:trojan-activity; sid:37611291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.53.160.61 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.53.160.61"; classtype:trojan-activity; sid:37611301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.250.49.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.65"; classtype:trojan-activity; sid:37611311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.72.86.39 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.72.86.39"; classtype:trojan-activity; sid:37611321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.128 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.128"; classtype:trojan-activity; sid:37580211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 211.195.100.243 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.195.100.243"; classtype:trojan-activity; sid:37611331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 203.56.4.242 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.56.4.242"; classtype:trojan-activity; sid:37580221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.131.226.241 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.226.241"; classtype:trojan-activity; sid:37611341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 220.179.198.25 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.179.198.25"; classtype:trojan-activity; sid:37611351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.133.82.136 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.82.136"; classtype:trojan-activity; sid:37611361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 203.196.8.148 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.196.8.148"; classtype:trojan-activity; sid:37611371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 203.56.40.167 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.56.40.167"; classtype:trojan-activity; sid:37580231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 147.45.78.143 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.45.78.143"; classtype:trojan-activity; sid:37580241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 23.126.62.36 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.126.62.36"; classtype:trojan-activity; sid:37611381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 165.232.130.69 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.130.69"; classtype:trojan-activity; sid:37577141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 8.142.142.89 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.142.142.89"; classtype:trojan-activity; sid:37611391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 92.63.204.70 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.63.204.70"; classtype:trojan-activity; sid:37577151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 61.91.43.232 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.91.43.232"; classtype:trojan-activity; sid:37580251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 192.15.45.196 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.15.45.196"; classtype:trojan-activity; sid:37577161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.156.114.76 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.114.76"; classtype:trojan-activity; sid:37611401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 38.130.226.109 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.130.226.109"; classtype:trojan-activity; sid:37580261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 178.131.66.100 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.131.66.100"; classtype:trojan-activity; sid:37577171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 203.57.39.224 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.57.39.224"; classtype:trojan-activity; sid:37580271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 116.248.101.122 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.248.101.122"; classtype:trojan-activity; sid:37596281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.124.18.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.124.18.88"; classtype:trojan-activity; sid:37596291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.70.253.229 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.70.253.229"; classtype:trojan-activity; sid:37596301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.215.196.121 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.215.196.121"; classtype:trojan-activity; sid:37596311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.108.88.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.108.88.247"; classtype:trojan-activity; sid:37596321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 203.57.46.218 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.57.46.218"; classtype:trojan-activity; sid:37580281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 178.212.221.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.212.221.60"; classtype:trojan-activity; sid:37596331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.65.224.161 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.224.161"; classtype:trojan-activity; sid:37611411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 212.186.143.100 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.186.143.100"; classtype:trojan-activity; sid:37580291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 175.178.228.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.228.2"; classtype:trojan-activity; sid:37611421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 216.202.197.116 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.202.197.116"; classtype:trojan-activity; sid:37580301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 218.90.120.19 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.90.120.19"; classtype:trojan-activity; sid:37580311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 222.219.129.74 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.219.129.74"; classtype:trojan-activity; sid:37580321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 222.219.240.13 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.219.240.13"; classtype:trojan-activity; sid:37580331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 222.93.104.67 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.93.104.67"; classtype:trojan-activity; sid:37580341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 223.240.87.62 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.240.87.62"; classtype:trojan-activity; sid:37580351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.111.174.56 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.111.174.56"; classtype:trojan-activity; sid:37580361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.137 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.137"; classtype:trojan-activity; sid:37580371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 45.227.254.8 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.227.254.8"; classtype:trojan-activity; sid:37580381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 85.9.140.45 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.9.140.45"; classtype:trojan-activity; sid:37577181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 162.142.125.11 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.11"; classtype:trojan-activity; sid:37611431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 181.164.165.19 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.164.165.19"; classtype:trojan-activity; sid:37611441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 85.105.81.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.105.81.180"; classtype:trojan-activity; sid:37596341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.236.234.196 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.236.234.196"; classtype:trojan-activity; sid:37596351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.168.239.210 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.168.239.210"; classtype:trojan-activity; sid:37596361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.31.30.115 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.30.115"; classtype:trojan-activity; sid:37596371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 71.183.150.248 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.183.150.248"; classtype:trojan-activity; sid:37596381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.190.57 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.190.57"; classtype:trojan-activity; sid:37611451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.124.63.63 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.124.63.63"; classtype:trojan-activity; sid:37580391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip $HOME_NET any -> 88.214.25.235 443 (msg: "MISP e26842 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing To IP: 88.214.25.235|443"; classtype:trojan-activity; sid:37561821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26842;) alert ip 81.70.90.135 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.90.135"; classtype:trojan-activity; sid:37611461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.157.57.113 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.57.113"; classtype:trojan-activity; sid:37611471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.33.206.133 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.33.206.133"; classtype:trojan-activity; sid:37596391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.122.204.81 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.122.204.81"; classtype:trojan-activity; sid:37580401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.139.61.15 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.139.61.15"; classtype:trojan-activity; sid:37580411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 170.106.141.253 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.141.253"; classtype:trojan-activity; sid:37611481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 219.142.106.167 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.142.106.167"; classtype:trojan-activity; sid:37611491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 187.107.65.138 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.107.65.138"; classtype:trojan-activity; sid:37596401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.245.97.61 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.245.97.61"; classtype:trojan-activity; sid:37596411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.253.244.171 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.253.244.171"; classtype:trojan-activity; sid:37611501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.101 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.101"; classtype:trojan-activity; sid:37611511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.26.235.49 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.26.235.49"; classtype:trojan-activity; sid:37611521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.142.29.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.142.29.17"; classtype:trojan-activity; sid:37596421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.231.132.56 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.132.56"; classtype:trojan-activity; sid:37611531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.25.99.6 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.25.99.6"; classtype:trojan-activity; sid:37596431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 203.55.196.146 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.55.196.146"; classtype:trojan-activity; sid:37611541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.142.30.225 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.142.30.225"; classtype:trojan-activity; sid:37611551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 152.228.164.249 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.228.164.249"; classtype:trojan-activity; sid:37611561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.26.76.51 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.26.76.51"; classtype:trojan-activity; sid:37580421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 153.131.180.171 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.131.180.171"; classtype:trojan-activity; sid:37596441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.155.141.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.141.65"; classtype:trojan-activity; sid:37611571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 109.228.137.87 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.228.137.87"; classtype:trojan-activity; sid:37596451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 219.145.103.61 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.145.103.61"; classtype:trojan-activity; sid:37596461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.195.128.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.195.128.54"; classtype:trojan-activity; sid:37611581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.105.228.176 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.105.228.176"; classtype:trojan-activity; sid:37596471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.26.90.235 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.26.90.235"; classtype:trojan-activity; sid:37580431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 27.140.186.16 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.140.186.16"; classtype:trojan-activity; sid:37596481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.175.37.20 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.175.37.20"; classtype:trojan-activity; sid:37596491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 115.92.155.19 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.92.155.19"; classtype:trojan-activity; sid:37580441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 117.215.236.206 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.215.236.206"; classtype:trojan-activity; sid:37596501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.42.135.224 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.135.224"; classtype:trojan-activity; sid:37611591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.203.128.174 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.128.174"; classtype:trojan-activity; sid:37611601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.60.35.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.60.35.88"; classtype:trojan-activity; sid:37596511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.165.194.124 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.165.194.124"; classtype:trojan-activity; sid:37611611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 41.38.28.21 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.38.28.21"; classtype:trojan-activity; sid:37580451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 121.178.36.107 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.178.36.107"; classtype:trojan-activity; sid:37611621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.193.192.91 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.192.91"; classtype:trojan-activity; sid:37580461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.134.7.162 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.7.162"; classtype:trojan-activity; sid:37611631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.103.94.156 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.94.156"; classtype:trojan-activity; sid:37596521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.51.32.154 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.32.154"; classtype:trojan-activity; sid:37580471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.213 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.213"; classtype:trojan-activity; sid:37580481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 42.51.39.209 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.39.209"; classtype:trojan-activity; sid:37580491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.134.0.225 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.0.225"; classtype:trojan-activity; sid:37580501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 117.241.175.84 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.241.175.84"; classtype:trojan-activity; sid:37596531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.139.115.6 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.115.6"; classtype:trojan-activity; sid:37580511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 49.250.147.178 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.250.147.178"; classtype:trojan-activity; sid:37596541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.141.26.68 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.141.26.68"; classtype:trojan-activity; sid:37580521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 89.147.193.145 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.147.193.145"; classtype:trojan-activity; sid:37596551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.51.187.174 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.187.174"; classtype:trojan-activity; sid:37580531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 117.158.103.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.158.103.107"; classtype:trojan-activity; sid:37596561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.171.113.104 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.171.113.104"; classtype:trojan-activity; sid:37580541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 101.91.210.132 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.91.210.132"; classtype:trojan-activity; sid:37611641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.94.145.56 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.145.56"; classtype:trojan-activity; sid:37748131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 121.4.89.191 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.89.191"; classtype:trojan-activity; sid:37611651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 23.251.102.251 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.251.102.251"; classtype:trojan-activity; sid:37611661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 78.157.221.232 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.157.221.232"; classtype:trojan-activity; sid:37580551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 203.215.173.124 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.215.173.124"; classtype:trojan-activity; sid:37611671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.115.81.27 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.115.81.27"; classtype:trojan-activity; sid:37596571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.117.44.205 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.44.205"; classtype:trojan-activity; sid:37596581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.151.251.216 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.151.251.216"; classtype:trojan-activity; sid:37580561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 49.51.196.102 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.196.102"; classtype:trojan-activity; sid:37611681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.132 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.132"; classtype:trojan-activity; sid:37580571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 91.143.83.55 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.143.83.55"; classtype:trojan-activity; sid:37580581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 94.102.61.23 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.102.61.23"; classtype:trojan-activity; sid:37580591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 95.181.173.81 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.181.173.81"; classtype:trojan-activity; sid:37580601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 1.183.1.94 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.183.1.94"; classtype:trojan-activity; sid:37596591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.99.111.141 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.111.141"; classtype:trojan-activity; sid:37577191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 1.162.25.10 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.162.25.10"; classtype:trojan-activity; sid:37596601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.130.73.57 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.130.73.57"; classtype:trojan-activity; sid:37577201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.153.168.50 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.168.50"; classtype:trojan-activity; sid:37611691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 14.155.206.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.155.206.180"; classtype:trojan-activity; sid:37596611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.31.116.234 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.31.116.234"; classtype:trojan-activity; sid:37611701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.134.174.128 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.134.174.128"; classtype:trojan-activity; sid:37596621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.16.9.208 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.16.9.208"; classtype:trojan-activity; sid:37596631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.230.62.85 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.230.62.85"; classtype:trojan-activity; sid:37611711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 139.198.35.186 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.198.35.186"; classtype:trojan-activity; sid:37611721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.201.41.148 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.201.41.148"; classtype:trojan-activity; sid:37611731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 79.167.163.216 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.167.163.216"; classtype:trojan-activity; sid:37596641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.176.253 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.176.253"; classtype:trojan-activity; sid:37611741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 202.21.123.196 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.21.123.196"; classtype:trojan-activity; sid:37611751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 179.1.85.124 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.1.85.124"; classtype:trojan-activity; sid:37611761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.24.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.24.65"; classtype:trojan-activity; sid:37611771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.155.175.9 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.175.9"; classtype:trojan-activity; sid:37611781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip $HOME_NET any -> 88.214.25.235 443 (msg: "MISP e27167 [] Outgoing To IP: 88.214.25.235|443"; classtype:trojan-activity; sid:37854141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27167;) alert ip 51.38.46.250 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.38.46.250"; classtype:trojan-activity; sid:37611791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.253 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.253"; classtype:trojan-activity; sid:37748141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 61.222.94.148 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.222.94.148"; classtype:trojan-activity; sid:37611801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.96 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.96"; classtype:trojan-activity; sid:37580611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.190.24.54 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.190.24.54"; classtype:trojan-activity; sid:37580621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 162.243.144.31 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.144.31"; classtype:trojan-activity; sid:37577211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 121.5.70.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.5.70.182"; classtype:trojan-activity; sid:37611811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 83.111.121.102 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.111.121.102"; classtype:trojan-activity; sid:37611821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 216.115.129.206 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.115.129.206"; classtype:trojan-activity; sid:37596651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.139.214.42 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.139.214.42"; classtype:trojan-activity; sid:37596661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.168 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.168"; classtype:trojan-activity; sid:37611831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 85.230.203.27 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.230.203.27"; classtype:trojan-activity; sid:37611841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.167.96.138 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.167.96.138"; classtype:trojan-activity; sid:37580631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 49.51.160.122 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.160.122"; classtype:trojan-activity; sid:37611851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.170.158.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.170.158.197"; classtype:trojan-activity; sid:37596671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 77.92.42.6 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.92.42.6"; classtype:trojan-activity; sid:37596681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 192.3.101.25 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.3.101.25"; classtype:trojan-activity; sid:37580641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 192.72.105.47 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.72.105.47"; classtype:trojan-activity; sid:37611861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.140.188.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.140.188.34"; classtype:trojan-activity; sid:37596691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.141.87.180 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.141.87.180"; classtype:trojan-activity; sid:37580651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 123.185.109.174 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.185.109.174"; classtype:trojan-activity; sid:37596701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.28.158.97 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.158.97"; classtype:trojan-activity; sid:37611871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.132.171.59 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.171.59"; classtype:trojan-activity; sid:37596711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.115.104.38 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.115.104.38"; classtype:trojan-activity; sid:37611881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.106.177.167 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.177.167"; classtype:trojan-activity; sid:37611891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 200.53.26.251 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.53.26.251"; classtype:trojan-activity; sid:37596721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.239.84.238 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.239.84.238"; classtype:trojan-activity; sid:37596731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.105 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.105"; classtype:trojan-activity; sid:37580661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 118.71.106.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.71.106.197"; classtype:trojan-activity; sid:37596741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.68.121.194 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.121.194"; classtype:trojan-activity; sid:37611901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 14.241.73.109 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.241.73.109"; classtype:trojan-activity; sid:37596751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.89.199.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.199.244"; classtype:trojan-activity; sid:37611911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 131.72.65.20 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 131.72.65.20"; classtype:trojan-activity; sid:37596761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 71.6.232.24 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.6.232.24"; classtype:trojan-activity; sid:37748151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 223.115.88.25 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.115.88.25"; classtype:trojan-activity; sid:37577221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 80.75.212.43 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.75.212.43"; classtype:trojan-activity; sid:37580671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.24.190.160 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.24.190.160"; classtype:trojan-activity; sid:37596771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 164.90.212.81 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.212.81"; classtype:trojan-activity; sid:37577231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 51.77.202.84 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.77.202.84"; classtype:trojan-activity; sid:37611921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.19.139.234 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.19.139.234"; classtype:trojan-activity; sid:37580681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 193.35.18.223 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.35.18.223"; classtype:trojan-activity; sid:37611931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 96.88.110.206 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.88.110.206"; classtype:trojan-activity; sid:37596781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 210.68.6.48 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.68.6.48"; classtype:trojan-activity; sid:37611941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.157.163.203 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.157.163.203"; classtype:trojan-activity; sid:37611951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.57.217.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.57.217.74"; classtype:trojan-activity; sid:37596791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.2.92.72 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.2.92.72"; classtype:trojan-activity; sid:37596801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.178.118.73 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.178.118.73"; classtype:trojan-activity; sid:37596811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.182 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.182"; classtype:trojan-activity; sid:37748161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 112.120.122.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.120.122.181"; classtype:trojan-activity; sid:37596821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.171.201.229 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.171.201.229"; classtype:trojan-activity; sid:37596831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.106.161.88 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.106.161.88"; classtype:trojan-activity; sid:37580691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.200.137.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.62"; classtype:trojan-activity; sid:37596841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.154.223.168 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.223.168"; classtype:trojan-activity; sid:37611961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 138.97.241.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.97.241.193"; classtype:trojan-activity; sid:37596851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 153.230.147.228 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.230.147.228"; classtype:trojan-activity; sid:37596861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.69.78.28 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.69.78.28"; classtype:trojan-activity; sid:37596871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.248.248.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.248.248.130"; classtype:trojan-activity; sid:37596881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 88.90.90.41 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.90.90.41"; classtype:trojan-activity; sid:37611971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 197.134.252.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.134.252.37"; classtype:trojan-activity; sid:37611981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.193.59.142 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.59.142"; classtype:trojan-activity; sid:37580701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.136.100.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.100.65"; classtype:trojan-activity; sid:37611991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.156.22.73 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.156.22.73"; classtype:trojan-activity; sid:37612001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 204.76.203.131 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.76.203.131"; classtype:trojan-activity; sid:37596891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.143.231.89 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.231.89"; classtype:trojan-activity; sid:37612011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.231.46 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.231.46"; classtype:trojan-activity; sid:37612021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 47.94.249.52 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.94.249.52"; classtype:trojan-activity; sid:37612031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 78.70.203.243 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.70.203.243"; classtype:trojan-activity; sid:37596901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.43.137.100 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.137.100"; classtype:trojan-activity; sid:37612041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 212.87.215.96 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.87.215.96"; classtype:trojan-activity; sid:37612051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.75.166.242 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.166.242"; classtype:trojan-activity; sid:37612061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.223.164.41 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.164.41"; classtype:trojan-activity; sid:37612071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.72.17.146 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.17.146"; classtype:trojan-activity; sid:37612081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.234.208.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.234.208.54"; classtype:trojan-activity; sid:37612091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.130.213.118 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.213.118"; classtype:trojan-activity; sid:37612101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 24.133.64.29 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.133.64.29"; classtype:trojan-activity; sid:37596911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.236.249.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.236.249.90"; classtype:trojan-activity; sid:37596921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.44.14.24 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.44.14.24"; classtype:trojan-activity; sid:37612111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.161.163.113 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.161.163.113"; classtype:trojan-activity; sid:37596931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.1.215.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.1.215.34"; classtype:trojan-activity; sid:37596941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.172.242.19 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.172.242.19"; classtype:trojan-activity; sid:37596951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.144.4.227 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.144.4.227"; classtype:trojan-activity; sid:37596961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.14.169.189 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.14.169.189"; classtype:trojan-activity; sid:37596971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.126.202.253 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.126.202.253"; classtype:trojan-activity; sid:37596981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.72.44.30 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.44.30"; classtype:trojan-activity; sid:37612121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert dns any any -> any any (msg: "MISP e27174 [] Domain ivibers.com"; dns.query; content:"ivibers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ivibers\.com$/i"; classtype:trojan-activity; sid:37863571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27174 [] Outgoing HTTP Domain ivibers.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ivibers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ivibers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37863572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert dns any any -> any any (msg: "MISP e27174 [] Domain meetviberapi.com"; dns.query; content:"meetviberapi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])meetviberapi\.com$/i"; classtype:trojan-activity; sid:37863581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27174 [] Outgoing HTTP Domain meetviberapi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"meetviberapi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])meetviberapi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37863582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert dns any any -> any any (msg: "MISP e27174 [] Domain iamc2c2.com"; dns.query; content:"iamc2c2.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])iamc2c2\.com$/i"; classtype:trojan-activity; sid:37863591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27174 [] Outgoing HTTP Domain iamc2c2.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"iamc2c2.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])iamc2c2\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37863592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert dns any any -> any any (msg: "MISP e27174 [] Domain thisistestc2.com"; dns.query; content:"thisistestc2.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thisistestc2\.com$/i"; classtype:trojan-activity; sid:37863601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27174 [] Outgoing HTTP Domain thisistestc2.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thisistestc2.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thisistestc2\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37863602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert dns any any -> any any (msg: "MISP e27174 [] Domain electrictulsa.com"; dns.query; content:"electrictulsa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])electrictulsa\.com$/i"; classtype:trojan-activity; sid:37863611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27174 [] Outgoing HTTP Domain electrictulsa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"electrictulsa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])electrictulsa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37863612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert dns any any -> any any (msg: "MISP e27174 [] Domain mongolianshipregistrar.com"; dns.query; content:"mongolianshipregistrar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mongolianshipregistrar\.com$/i"; classtype:trojan-activity; sid:37863621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27174 [] Outgoing HTTP Domain mongolianshipregistrar.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mongolianshipregistrar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mongolianshipregistrar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37863622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 103.107.104.37 443 (msg: "MISP e27174 [] Outgoing To IP: 103.107.104.37|443"; classtype:trojan-activity; sid:37863631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 149.104.12.64 443 (msg: "MISP e27174 [] Outgoing To IP: 149.104.12.64|443"; classtype:trojan-activity; sid:37863641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 185.82.216.184 443 (msg: "MISP e27174 [] Outgoing To IP: 185.82.216.184|443"; classtype:trojan-activity; sid:37863651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 195.211.96.99 443 (msg: "MISP e27174 [] Outgoing To IP: 195.211.96.99|443"; classtype:trojan-activity; sid:37863661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 195.123.246.26 22 (msg: "MISP e27174 [] Outgoing To IP: 195.123.246.26|22"; classtype:trojan-activity; sid:37863671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 45.83.236.105 443 (msg: "MISP e27174 [] Outgoing To IP: 45.83.236.105|443"; classtype:trojan-activity; sid:37863681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 45.131.179.179 22 (msg: "MISP e27174 [] Outgoing To IP: 45.131.179.179|22"; classtype:trojan-activity; sid:37863691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 45.131.179.179 443 (msg: "MISP e27174 [] Outgoing To IP: 45.131.179.179|443"; classtype:trojan-activity; sid:37863701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 45.131.179.179 5938 (msg: "MISP e27174 [] Outgoing To IP: 45.131.179.179|5938"; classtype:trojan-activity; sid:37863711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 103.192.226.46 443 (msg: "MISP e27174 [] Outgoing To IP: 103.192.226.46|443"; classtype:trojan-activity; sid:37863721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 154.204.27.181 80 (msg: "MISP e27174 [] Outgoing To IP: 154.204.27.181|80"; classtype:trojan-activity; sid:37863731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 154.204.27.181 110 (msg: "MISP e27174 [] Outgoing To IP: 154.204.27.181|110"; classtype:trojan-activity; sid:37863741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 103.56.53.120 80 (msg: "MISP e27174 [] Outgoing To IP: 103.56.53.120|80"; classtype:trojan-activity; sid:37863751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 103.56.53.120 8080 (msg: "MISP e27174 [] Outgoing To IP: 103.56.53.120|8080"; classtype:trojan-activity; sid:37863761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 176.113.69.91 443 (msg: "MISP e27174 [] Outgoing To IP: 176.113.69.91|443"; classtype:trojan-activity; sid:37863771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 45.251.240.55 443 (msg: "MISP e27174 [] Outgoing To IP: 45.251.240.55|443"; classtype:trojan-activity; sid:37863781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 45.251.240.55 8080 (msg: "MISP e27174 [] Outgoing To IP: 45.251.240.55|8080"; classtype:trojan-activity; sid:37863791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip $HOME_NET any -> 149.104.11.29 443 (msg: "MISP e27174 [] Outgoing To IP: 149.104.11.29|443"; classtype:trojan-activity; sid:37863801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert dns any any -> any any (msg: "MISP e27174 [] Hostname web.bonuscave.com"; dns.query; content:"web.bonuscave.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.bonuscave\.com$/i"; classtype:trojan-activity; sid:37863811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27174 [] Outgoing HTTP Hostname web.bonuscave.com"; flow:to_server,established; http.header; content: "Host|3a| web.bonuscave.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\.bonuscave\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37863812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert dns any any -> any any (msg: "MISP e27174 [] Hostname www.markplay.net"; dns.query; content:"www.markplay.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.markplay\.net$/i"; classtype:trojan-activity; sid:37863821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27174 [] Outgoing HTTP Hostname www.markplay.net"; flow:to_server,established; http.header; content: "Host|3a| www.markplay.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.markplay\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37863822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert dns any any -> any any (msg: "MISP e27174 [] Hostname images.markplay.net"; dns.query; content:"images.markplay.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])images\.markplay\.net$/i"; classtype:trojan-activity; sid:37863831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27174 [] Outgoing HTTP Hostname images.markplay.net"; flow:to_server,established; http.header; content: "Host|3a| images.markplay.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])images\.markplay\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37863832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert dns any any -> any any (msg: "MISP e27174 [] Hostname news.comsnews.com"; dns.query; content:"news.comsnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])news\.comsnews\.com$/i"; classtype:trojan-activity; sid:37863841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27174 [] Outgoing HTTP Hostname news.comsnews.com"; flow:to_server,established; http.header; content: "Host|3a| news.comsnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])news\.comsnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37863842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert dns any any -> any any (msg: "MISP e27174 [] Hostname images.kiidcloud.com"; dns.query; content:"images.kiidcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])images\.kiidcloud\.com$/i"; classtype:trojan-activity; sid:37863851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27174 [] Outgoing HTTP Hostname images.kiidcloud.com"; flow:to_server,established; http.header; content: "Host|3a| images.kiidcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])images\.kiidcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37863852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27174;) alert ip 111.161.41.132 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.161.41.132"; classtype:trojan-activity; sid:37580711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 14.103.44.227 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.44.227"; classtype:trojan-activity; sid:37612131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.229.232.159 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.232.159"; classtype:trojan-activity; sid:37580721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.108.8.125 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.108.8.125"; classtype:trojan-activity; sid:37580731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 116.73.243.187 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.73.243.187"; classtype:trojan-activity; sid:37580741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 117.33.174.14 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.33.174.14"; classtype:trojan-activity; sid:37580751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 122.227.146.74 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.227.146.74"; classtype:trojan-activity; sid:37580761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 124.221.102.186 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.102.186"; classtype:trojan-activity; sid:37580771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 124.221.203.36 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.203.36"; classtype:trojan-activity; sid:37580781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 124.67.115.210 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.67.115.210"; classtype:trojan-activity; sid:37580791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 125.230.233.202 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.230.233.202"; classtype:trojan-activity; sid:37580801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 125.88.211.59 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.88.211.59"; classtype:trojan-activity; sid:37580811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.133.69.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.69.244"; classtype:trojan-activity; sid:37612141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 195.19.97.157 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.19.97.157"; classtype:trojan-activity; sid:37612151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.89.52.225 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.89.52.225"; classtype:trojan-activity; sid:37577241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.157.10.176 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.10.176"; classtype:trojan-activity; sid:37612161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 150.223.32.106 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.223.32.106"; classtype:trojan-activity; sid:37580821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 47.94.3.123 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.94.3.123"; classtype:trojan-activity; sid:37612171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.210.31.102 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.102"; classtype:trojan-activity; sid:37580831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 150.223.66.55 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.223.66.55"; classtype:trojan-activity; sid:37580841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 59.2.248.84 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.2.248.84"; classtype:trojan-activity; sid:37612181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 150.223.76.57 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.223.76.57"; classtype:trojan-activity; sid:37580851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 65.109.108.161 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.109.108.161"; classtype:trojan-activity; sid:37580861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 182.253.124.103 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.253.124.103"; classtype:trojan-activity; sid:37577251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 179.0.113.244 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.0.113.244"; classtype:trojan-activity; sid:37596991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 152.136.156.63 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.156.63"; classtype:trojan-activity; sid:37580871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 112.74.113.120 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.74.113.120"; classtype:trojan-activity; sid:37597001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.34.159.111 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.34.159.111"; classtype:trojan-activity; sid:37597011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.27.162.178 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.27.162.178"; classtype:trojan-activity; sid:37597021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.75.129.201 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.129.201"; classtype:trojan-activity; sid:37580881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 129.226.150.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.150.54"; classtype:trojan-activity; sid:37612191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 195.210.47.41 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.210.47.41"; classtype:trojan-activity; sid:37612201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.34.244.227 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.34.244.227"; classtype:trojan-activity; sid:37597031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 23.227.203.251 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.227.203.251"; classtype:trojan-activity; sid:37580891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 89.237.203.223 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.237.203.223"; classtype:trojan-activity; sid:37577261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.42.31.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.42.31.244"; classtype:trojan-activity; sid:37612211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.226.109.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.226.109.166"; classtype:trojan-activity; sid:37597041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.112.198.213 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.112.198.213"; classtype:trojan-activity; sid:37597051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.185.242.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.185.242.107"; classtype:trojan-activity; sid:37597061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.242.28.249 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.28.249"; classtype:trojan-activity; sid:37612221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.71.160.126 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.160.126"; classtype:trojan-activity; sid:37577271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.130.246.156 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.246.156"; classtype:trojan-activity; sid:37612231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.205.254 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.205.254"; classtype:trojan-activity; sid:37612241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 15.235.2.68 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.235.2.68"; classtype:trojan-activity; sid:37612251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.157.90.19 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.90.19"; classtype:trojan-activity; sid:37612261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 34.140.248.32 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.140.248.32"; classtype:trojan-activity; sid:37577281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 43.153.65.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.65.54"; classtype:trojan-activity; sid:37612271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.80.23.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.80.23.154"; classtype:trojan-activity; sid:37612281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.114.152.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.114.152.197"; classtype:trojan-activity; sid:37597071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 66.94.114.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.94.114.18"; classtype:trojan-activity; sid:37612291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.255.20.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.255.20.34"; classtype:trojan-activity; sid:37597081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.180.166.44 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.180.166.44"; classtype:trojan-activity; sid:37597091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.190.202.71 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.190.202.71"; classtype:trojan-activity; sid:37597101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 12.36.54.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 12.36.54.51"; classtype:trojan-activity; sid:37597111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.128.81.123 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.81.123"; classtype:trojan-activity; sid:37612301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 81.70.94.21 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.94.21"; classtype:trojan-activity; sid:37612311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.186.13.131 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.186.13.131"; classtype:trojan-activity; sid:37580901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 182.158.91.132 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.158.91.132"; classtype:trojan-activity; sid:37597121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.222.213.186 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.213.186"; classtype:trojan-activity; sid:37612321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.138.139.118 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.139.118"; classtype:trojan-activity; sid:37612331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.91.225.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.91.225.182"; classtype:trojan-activity; sid:37612341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.210.31.105 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.105"; classtype:trojan-activity; sid:37580911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 47.106.126.55 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.106.126.55"; classtype:trojan-activity; sid:37612351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 181.115.157.132 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.115.157.132"; classtype:trojan-activity; sid:37612361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 74.208.224.38 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.208.224.38"; classtype:trojan-activity; sid:37612371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.143.200.124 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.200.124"; classtype:trojan-activity; sid:37612381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.163.119.229 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.163.119.229"; classtype:trojan-activity; sid:37612391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.8.244 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.8.244"; classtype:trojan-activity; sid:37612401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.162 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.162"; classtype:trojan-activity; sid:37748171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 47.104.209.172 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.104.209.172"; classtype:trojan-activity; sid:37597131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.185.3.162 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.185.3.162"; classtype:trojan-activity; sid:37597141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.138.70.229 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.70.229"; classtype:trojan-activity; sid:37612411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.82.231.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.82.231.4"; classtype:trojan-activity; sid:37597151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 204.76.203.96 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.76.203.96"; classtype:trojan-activity; sid:37597161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.50.187.208 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.187.208"; classtype:trojan-activity; sid:37612421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.92.255.6 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.255.6"; classtype:trojan-activity; sid:37597171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.165.16.10 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.165.16.10"; classtype:trojan-activity; sid:37577291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 171.224.9.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.224.9.32"; classtype:trojan-activity; sid:37597181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 95.9.200.155 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.9.200.155"; classtype:trojan-activity; sid:37597191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.161.74.199 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.161.74.199"; classtype:trojan-activity; sid:37597201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.130.115.238 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.130.115.238"; classtype:trojan-activity; sid:37597211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.233.211.7 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.233.211.7"; classtype:trojan-activity; sid:37597221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 85.209.11.226 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.209.11.226"; classtype:trojan-activity; sid:37612431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.62.150.156 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.62.150.156"; classtype:trojan-activity; sid:37612441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.106.119.170 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.119.170"; classtype:trojan-activity; sid:37612451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.170.250.10 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.250.10"; classtype:trojan-activity; sid:37597231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 75.60.0.251 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.60.0.251"; classtype:trojan-activity; sid:37597241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 85.27.223.86 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.27.223.86"; classtype:trojan-activity; sid:37597251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 153.222.99.24 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.222.99.24"; classtype:trojan-activity; sid:37597261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.229.175.156 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.229.175.156"; classtype:trojan-activity; sid:37597271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.4.211.110 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.4.211.110"; classtype:trojan-activity; sid:37580921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 103.62.233.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.62.233.45"; classtype:trojan-activity; sid:37612461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 219.98.205.110 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.98.205.110"; classtype:trojan-activity; sid:37597281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.70.175.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.70.175.193"; classtype:trojan-activity; sid:37597291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.153.216.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.153.216.150"; classtype:trojan-activity; sid:37597301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.74.60 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.74.60"; classtype:trojan-activity; sid:37612471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.170.245.12 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.245.12"; classtype:trojan-activity; sid:37748181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 162.142.125.224 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.224"; classtype:trojan-activity; sid:37748191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 192.241.229.19 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.229.19"; classtype:trojan-activity; sid:37748201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 111.70.9.92 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.9.92"; classtype:trojan-activity; sid:37597311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 195.110.52.174 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.110.52.174"; classtype:trojan-activity; sid:37597321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 24.152.82.120 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.152.82.120"; classtype:trojan-activity; sid:37597331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.54.205.31 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.205.31"; classtype:trojan-activity; sid:37597341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.116 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.116"; classtype:trojan-activity; sid:37580931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 198.235.24.203 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.203"; classtype:trojan-activity; sid:37748211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 85.113.14.18 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.113.14.18"; classtype:trojan-activity; sid:37577301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.121 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.121"; classtype:trojan-activity; sid:37580941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 79.124.59.166 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.124.59.166"; classtype:trojan-activity; sid:37577311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 119.91.209.209 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.209.209"; classtype:trojan-activity; sid:37612481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.128.71.129 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.71.129"; classtype:trojan-activity; sid:37612491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 47.76.173.157 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.76.173.157"; classtype:trojan-activity; sid:37612501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.143.243.149 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.243.149"; classtype:trojan-activity; sid:37612511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 143.255.140.129 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.255.140.129"; classtype:trojan-activity; sid:37612521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 186.96.139.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.96.139.154"; classtype:trojan-activity; sid:37612531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.48.129.249 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.48.129.249"; classtype:trojan-activity; sid:37580951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 154.68.39.6 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.68.39.6"; classtype:trojan-activity; sid:37612541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.118.142 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.118.142"; classtype:trojan-activity; sid:37612551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.244 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.244"; classtype:trojan-activity; sid:37748221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 43.156.70.152 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.70.152"; classtype:trojan-activity; sid:37612561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.190.114.203 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.190.114.203"; classtype:trojan-activity; sid:37612571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.228.151.132 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.228.151.132"; classtype:trojan-activity; sid:37597351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.156.225.133 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.225.133"; classtype:trojan-activity; sid:37612581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.103.75.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.75.51"; classtype:trojan-activity; sid:37597361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.82.77.33 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.82.77.33"; classtype:trojan-activity; sid:37577321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 154.211.15.217 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.211.15.217"; classtype:trojan-activity; sid:37612591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.15.253 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.15.253"; classtype:trojan-activity; sid:37612601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 20.127.224.153 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.127.224.153"; classtype:trojan-activity; sid:37612611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 164.90.211.134 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.211.134"; classtype:trojan-activity; sid:37612621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 60.247.225.32 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.247.225.32"; classtype:trojan-activity; sid:37612631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 154.209.5.132 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.209.5.132"; classtype:trojan-activity; sid:37612641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 126.83.109.148 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.83.109.148"; classtype:trojan-activity; sid:37597371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 62.234.168.17 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.168.17"; classtype:trojan-activity; sid:37612651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.2.207.187 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.2.207.187"; classtype:trojan-activity; sid:37597381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.201.123.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.201.123.60"; classtype:trojan-activity; sid:37597391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.22.120.71 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.22.120.71"; classtype:trojan-activity; sid:37612661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.234.22.193 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.22.193"; classtype:trojan-activity; sid:37612671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 105.96.11.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 105.96.11.65"; classtype:trojan-activity; sid:37612681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.221.121.222 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.121.222"; classtype:trojan-activity; sid:37612691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.96.132.178 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.96.132.178"; classtype:trojan-activity; sid:37597401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 107.170.240.39 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.240.39"; classtype:trojan-activity; sid:37580961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 1.14.76.91 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.76.91"; classtype:trojan-activity; sid:37748231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 178.62.66.67 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.66.67"; classtype:trojan-activity; sid:37612701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 132.255.50.81 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.255.50.81"; classtype:trojan-activity; sid:37612711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.154.97.145 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.97.145"; classtype:trojan-activity; sid:37612721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.65.235.21 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.65.235.21"; classtype:trojan-activity; sid:37597411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.28.167.30 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.28.167.30"; classtype:trojan-activity; sid:37612731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.51.22.121 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.22.121"; classtype:trojan-activity; sid:37612741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 8.222.172.255 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.172.255"; classtype:trojan-activity; sid:37748241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 49.235.142.220 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.142.220"; classtype:trojan-activity; sid:37612751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 220.197.164.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.197.164.74"; classtype:trojan-activity; sid:37597421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 177.81.244.70 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.81.244.70"; classtype:trojan-activity; sid:37597431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.83.216.133 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.83.216.133"; classtype:trojan-activity; sid:37597441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.54.41.40 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.41.40"; classtype:trojan-activity; sid:37597451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.231.46.66 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.231.46.66"; classtype:trojan-activity; sid:37612761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 152.32.209.108 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.209.108"; classtype:trojan-activity; sid:37612771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.69 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.69"; classtype:trojan-activity; sid:37612781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.248.132.186 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.248.132.186"; classtype:trojan-activity; sid:37597461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.131.179.106 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.179.106"; classtype:trojan-activity; sid:37612791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 202.139.196.200 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.139.196.200"; classtype:trojan-activity; sid:37612801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 85.99.126.156 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.99.126.156"; classtype:trojan-activity; sid:37597471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 211.195.230.39 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.195.230.39"; classtype:trojan-activity; sid:37597481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.172.1.224 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.172.1.224"; classtype:trojan-activity; sid:37597491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 181.17.54.40 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.17.54.40"; classtype:trojan-activity; sid:37597501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 115.159.76.84 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.76.84"; classtype:trojan-activity; sid:37612811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.222.50.131 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.50.131"; classtype:trojan-activity; sid:37612821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 51.142.182.209 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.142.182.209"; classtype:trojan-activity; sid:37612831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.210.31.243 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.243"; classtype:trojan-activity; sid:37580971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.200.79.70 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.79.70"; classtype:trojan-activity; sid:37580981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 179.43.133.211 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.43.133.211"; classtype:trojan-activity; sid:37580991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.246.50.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.246.50.62"; classtype:trojan-activity; sid:37597511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.240.23.37 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.23.37"; classtype:trojan-activity; sid:37597521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.35.33.221 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.35.33.221"; classtype:trojan-activity; sid:37597531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 108.21.89.29 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.21.89.29"; classtype:trojan-activity; sid:37597541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.239.83.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.83.150"; classtype:trojan-activity; sid:37597551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.210.31.213 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.213"; classtype:trojan-activity; sid:37612841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.25.208.26 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.25.208.26"; classtype:trojan-activity; sid:37597561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 157.245.113.166 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.113.166"; classtype:trojan-activity; sid:37612851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.93.205.217 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.217"; classtype:trojan-activity; sid:37597571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.172.26.5 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.172.26.5"; classtype:trojan-activity; sid:37581001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 106.116.169.71 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.116.169.71"; classtype:trojan-activity; sid:37581011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 181.209.80.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.209.80.114"; classtype:trojan-activity; sid:37597581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.30.150.23 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.30.150.23"; classtype:trojan-activity; sid:37581021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 103.100.210.163 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.100.210.163"; classtype:trojan-activity; sid:37612861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 152.32.227.252 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.227.252"; classtype:trojan-activity; sid:37581031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 198.235.24.198 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.198"; classtype:trojan-activity; sid:37581041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.134.230.140 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.230.140"; classtype:trojan-activity; sid:37612871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.134.117.38 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.134.117.38"; classtype:trojan-activity; sid:37597591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.57.197.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.57.197.90"; classtype:trojan-activity; sid:37597601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 189.181.30.59 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.181.30.59"; classtype:trojan-activity; sid:37597611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 195.140.225.108 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.140.225.108"; classtype:trojan-activity; sid:37597621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.244.1.165 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.244.1.165"; classtype:trojan-activity; sid:37597631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.25.7.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.25.7.168"; classtype:trojan-activity; sid:37597641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.75.54.210 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.75.54.210"; classtype:trojan-activity; sid:37597651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.210.253.127 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.210.253.127"; classtype:trojan-activity; sid:37597661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 217.131.60.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.131.60.158"; classtype:trojan-activity; sid:37597671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.160.30.244 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.160.30.244"; classtype:trojan-activity; sid:37597681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.8.204.115 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.204.115"; classtype:trojan-activity; sid:37597691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.18.6.109 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.18.6.109"; classtype:trojan-activity; sid:37597701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.52.98.184 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.52.98.184"; classtype:trojan-activity; sid:37597711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.250.190.236 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.250.190.236"; classtype:trojan-activity; sid:37597721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.111.128.243 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.111.128.243"; classtype:trojan-activity; sid:37597731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 5.227.254.43 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.227.254.43"; classtype:trojan-activity; sid:37597741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.33.31.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.33.31.247"; classtype:trojan-activity; sid:37597751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.142.155.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.142.155.166"; classtype:trojan-activity; sid:37597761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.114.159.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.114.159.107"; classtype:trojan-activity; sid:37597771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.66.88.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.88.204"; classtype:trojan-activity; sid:37612881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 81.70.4.105 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.4.105"; classtype:trojan-activity; sid:37612891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.200.137.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.60"; classtype:trojan-activity; sid:37597781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.70.136.155 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.70.136.155"; classtype:trojan-activity; sid:37597791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.47.92.251 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.47.92.251"; classtype:trojan-activity; sid:37597801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.211.252.66 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.211.252.66"; classtype:trojan-activity; sid:37597811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.119.8.204 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.119.8.204"; classtype:trojan-activity; sid:37597821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 8.131.244.22 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.131.244.22"; classtype:trojan-activity; sid:37597831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.99.184.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.99.184.154"; classtype:trojan-activity; sid:37597841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 78.187.79.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.187.79.32"; classtype:trojan-activity; sid:37597851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 211.244.200.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.244.200.220"; classtype:trojan-activity; sid:37597861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 83.239.58.190 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.239.58.190"; classtype:trojan-activity; sid:37597871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 83.227.57.24 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.227.57.24"; classtype:trojan-activity; sid:37597881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.172.182.99 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.182.99"; classtype:trojan-activity; sid:37612901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.172.32.129 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.32.129"; classtype:trojan-activity; sid:37612911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.165.243.144 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.165.243.144"; classtype:trojan-activity; sid:37577331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 186.13.43.10 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.13.43.10"; classtype:trojan-activity; sid:37612921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 165.22.51.149 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.51.149"; classtype:trojan-activity; sid:37612931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.92.244.104 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.244.104"; classtype:trojan-activity; sid:37597891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 94.126.201.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.126.201.4"; classtype:trojan-activity; sid:37597901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.155.91.99 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.155.91.99"; classtype:trojan-activity; sid:37597911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 60.251.120.199 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.251.120.199"; classtype:trojan-activity; sid:37612941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 81.19.135.2 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.19.135.2"; classtype:trojan-activity; sid:37581051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 95.158.182.200 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.158.182.200"; classtype:trojan-activity; sid:37597921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.92.240.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.240.150"; classtype:trojan-activity; sid:37597931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.224.234.167 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.224.234.167"; classtype:trojan-activity; sid:37612951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.163.238.106 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.238.106"; classtype:trojan-activity; sid:37612961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.250.49.237 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.237"; classtype:trojan-activity; sid:37612971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 203.228.7.104 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.228.7.104"; classtype:trojan-activity; sid:37612981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.229.16.24 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.16.24"; classtype:trojan-activity; sid:37612991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.1.48.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.1.48.150"; classtype:trojan-activity; sid:37597941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.19.143.42 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.19.143.42"; classtype:trojan-activity; sid:37581061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 45.168.176.35 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.168.176.35"; classtype:trojan-activity; sid:37613001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.237.87.240 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.237.87.240"; classtype:trojan-activity; sid:37613011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 134.17.17.32 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.17.17.32"; classtype:trojan-activity; sid:37613021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.87.233.211 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.87.233.211"; classtype:trojan-activity; sid:37597951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.53.188.9 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.188.9"; classtype:trojan-activity; sid:37597961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.4.180.163 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.4.180.163"; classtype:trojan-activity; sid:37613031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.36.253.226 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.36.253.226"; classtype:trojan-activity; sid:37613041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.201.125.75 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.201.125.75"; classtype:trojan-activity; sid:37613051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.32.80.123 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.32.80.123"; classtype:trojan-activity; sid:37613061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.173.203.123 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.203.123"; classtype:trojan-activity; sid:37613071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.36.81.28 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.36.81.28"; classtype:trojan-activity; sid:37581071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 178.128.219.157 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.219.157"; classtype:trojan-activity; sid:37613081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.195.108.230 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.195.108.230"; classtype:trojan-activity; sid:37597971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.142.145.95 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.142.145.95"; classtype:trojan-activity; sid:37597981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 144.217.16.12 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.217.16.12"; classtype:trojan-activity; sid:37581081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 223.15.11.190 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.15.11.190"; classtype:trojan-activity; sid:37597991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.128.232.40 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.128.232.40"; classtype:trojan-activity; sid:37598001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 154.72.194.207 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.72.194.207"; classtype:trojan-activity; sid:37613091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.24.203.218 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.24.203.218"; classtype:trojan-activity; sid:37613101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.28.111.112 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.111.112"; classtype:trojan-activity; sid:37613111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.178.210.227 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.178.210.227"; classtype:trojan-activity; sid:37613121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 223.8.193.248 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.193.248"; classtype:trojan-activity; sid:37598011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 8.218.88.59 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.218.88.59"; classtype:trojan-activity; sid:37613131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 221.213.12.117 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.213.12.117"; classtype:trojan-activity; sid:37613141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.152.52.100 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.152.52.100"; classtype:trojan-activity; sid:37598021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.215.2.145 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.215.2.145"; classtype:trojan-activity; sid:37598031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.9.161.244 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.9.161.244"; classtype:trojan-activity; sid:37598041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.126.70.173 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.126.70.173"; classtype:trojan-activity; sid:37598051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.130.126.192 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.130.126.192"; classtype:trojan-activity; sid:37598061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.6.72.53 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.6.72.53"; classtype:trojan-activity; sid:37598071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 212.233.136.201 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.233.136.201"; classtype:trojan-activity; sid:37613151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.137.139.210 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.137.139.210"; classtype:trojan-activity; sid:37613161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.37.119.178 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.37.119.178"; classtype:trojan-activity; sid:37598081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.226.63.67 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.226.63.67"; classtype:trojan-activity; sid:37598091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.117.15.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.15.166"; classtype:trojan-activity; sid:37598101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.6.250.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.6.250.168"; classtype:trojan-activity; sid:37598111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 139.155.2.40 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.155.2.40"; classtype:trojan-activity; sid:37613171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 168.196.165.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.196.165.220"; classtype:trojan-activity; sid:37598121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.53.241.146 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.53.241.146"; classtype:trojan-activity; sid:37598131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.31.113.197 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.31.113.197"; classtype:trojan-activity; sid:37613181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 146.190.136.122 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.136.122"; classtype:trojan-activity; sid:37613191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.107.4.156 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.107.4.156"; classtype:trojan-activity; sid:37613201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.69.126 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.69.126"; classtype:trojan-activity; sid:37613211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.155.147.150 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.147.150"; classtype:trojan-activity; sid:37613221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 93.34.18.66 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.34.18.66"; classtype:trojan-activity; sid:37613231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 186.108.152.69 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.108.152.69"; classtype:trojan-activity; sid:37613241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.131.39.113 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.39.113"; classtype:trojan-activity; sid:37613251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.111.177 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.111.177"; classtype:trojan-activity; sid:37613261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.210.31.186 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.186"; classtype:trojan-activity; sid:37581091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.158.216.231 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.158.216.231"; classtype:trojan-activity; sid:37613271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.170.205.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.170.205.225"; classtype:trojan-activity; sid:37598141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 1.198.107.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.198.107.62"; classtype:trojan-activity; sid:37598151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.115.160.176 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.115.160.176"; classtype:trojan-activity; sid:37598161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.81.31.29 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.81.31.29"; classtype:trojan-activity; sid:37598171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.230.248.153 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.248.153"; classtype:trojan-activity; sid:37613281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 172.81.60.236 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.60.236"; classtype:trojan-activity; sid:37577341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.92.101.115 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.92.101.115"; classtype:trojan-activity; sid:37613291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 213.113.8.237 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.113.8.237"; classtype:trojan-activity; sid:37598181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.56.249.42 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.249.42"; classtype:trojan-activity; sid:37613301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.54.205.191 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.205.191"; classtype:trojan-activity; sid:37598191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.122.198.156 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.122.198.156"; classtype:trojan-activity; sid:37613311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.155.184.159 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.184.159"; classtype:trojan-activity; sid:37613321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 91.92.241.224 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.241.224"; classtype:trojan-activity; sid:37598201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.169.41.7 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.169.41.7"; classtype:trojan-activity; sid:37598211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.63.36.163 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.63.36.163"; classtype:trojan-activity; sid:37598221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.248.170.133 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.248.170.133"; classtype:trojan-activity; sid:37598231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.13 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.13"; classtype:trojan-activity; sid:37613331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.243.138.50 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.138.50"; classtype:trojan-activity; sid:37613341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 137.184.0.177 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.0.177"; classtype:trojan-activity; sid:37613351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.30.68.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.68.60"; classtype:trojan-activity; sid:37598241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.106.221.137 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.106.221.137"; classtype:trojan-activity; sid:37598251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 205.210.31.165 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.165"; classtype:trojan-activity; sid:37581101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 149.87.38.199 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.87.38.199"; classtype:trojan-activity; sid:37598261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.49.152.56 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.49.152.56"; classtype:trojan-activity; sid:37598271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.31.104.225 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.31.104.225"; classtype:trojan-activity; sid:37613361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 109.78.14.102 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.78.14.102"; classtype:trojan-activity; sid:37598281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.251.49.14 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.251.49.14"; classtype:trojan-activity; sid:37598291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.147.91.116 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.147.91.116"; classtype:trojan-activity; sid:37598301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.133.115.88 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.133.115.88"; classtype:trojan-activity; sid:37613371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.91.78.12 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.78.12"; classtype:trojan-activity; sid:37613381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.53.178.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.178.180"; classtype:trojan-activity; sid:37598311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.186.4.56 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.186.4.56"; classtype:trojan-activity; sid:37598321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.37.115.226 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.37.115.226"; classtype:trojan-activity; sid:37598331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.240.157.179 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.240.157.179"; classtype:trojan-activity; sid:37598341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.84.238.87 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.84.238.87"; classtype:trojan-activity; sid:37598351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 139.155.30.57 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.155.30.57"; classtype:trojan-activity; sid:37613391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.43.75.99 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.43.75.99"; classtype:trojan-activity; sid:37613401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.75.107.180 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.75.107.180"; classtype:trojan-activity; sid:37598361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 77.230.145.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.230.145.139"; classtype:trojan-activity; sid:37598371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.118.85.135 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.118.85.135"; classtype:trojan-activity; sid:37598381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.128.212.19 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.212.19"; classtype:trojan-activity; sid:37613411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.31.210.14 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.31.210.14"; classtype:trojan-activity; sid:37613421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 190.1.41.91 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.1.41.91"; classtype:trojan-activity; sid:37598391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.11.233.126 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.233.126"; classtype:trojan-activity; sid:37598401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.172.103.180 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.103.180"; classtype:trojan-activity; sid:37613431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.250.49.150 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.150"; classtype:trojan-activity; sid:37613441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.193.148.12 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.148.12"; classtype:trojan-activity; sid:37613451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.109.176.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.109.176.4"; classtype:trojan-activity; sid:37598411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.116.252.22 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.116.252.22"; classtype:trojan-activity; sid:37598421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.16.196.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.16.196.75"; classtype:trojan-activity; sid:37598431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.135.166.230 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.166.230"; classtype:trojan-activity; sid:37613461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.38 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.38"; classtype:trojan-activity; sid:37748251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 58.186.161.180 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.186.161.180"; classtype:trojan-activity; sid:37613471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 177.163.252.169 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.163.252.169"; classtype:trojan-activity; sid:37598441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.244.153.232 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.244.153.232"; classtype:trojan-activity; sid:37598451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.99.159.235 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.159.235"; classtype:trojan-activity; sid:37613481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 52.55.52.232 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.55.52.232"; classtype:trojan-activity; sid:37748261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 186.123.148.61 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.123.148.61"; classtype:trojan-activity; sid:37598461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.195 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.195"; classtype:trojan-activity; sid:37613491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 109.92.31.52 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.92.31.52"; classtype:trojan-activity; sid:37598471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.26.229.100 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.229.100"; classtype:trojan-activity; sid:37598481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.153.81.58 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.153.81.58"; classtype:trojan-activity; sid:37613501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 138.197.15.182 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.15.182"; classtype:trojan-activity; sid:37581111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 110.183.59.31 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.183.59.31"; classtype:trojan-activity; sid:37598491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.56.116.172 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.56.116.172"; classtype:trojan-activity; sid:37581121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 167.248.133.183 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.183"; classtype:trojan-activity; sid:37748271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 108.189.21.173 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.189.21.173"; classtype:trojan-activity; sid:37598501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 211.199.69.236 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.199.69.236"; classtype:trojan-activity; sid:37598511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.243.135.36 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.135.36"; classtype:trojan-activity; sid:37581131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 140.118.102.99 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.118.102.99"; classtype:trojan-activity; sid:37581141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 111.230.198.114 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.198.114"; classtype:trojan-activity; sid:37613511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.173.74.218 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.173.74.218"; classtype:trojan-activity; sid:37598521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.78.236.185 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.78.236.185"; classtype:trojan-activity; sid:37613521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.33.103.178 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.33.103.178"; classtype:trojan-activity; sid:37598531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.221.211.44 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.221.211.44"; classtype:trojan-activity; sid:37598541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 73.102.224.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 73.102.224.54"; classtype:trojan-activity; sid:37598551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.68.52.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.68.52.32"; classtype:trojan-activity; sid:37598561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.111.113.43 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.111.113.43"; classtype:trojan-activity; sid:37598571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 199.127.109.85 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 199.127.109.85"; classtype:trojan-activity; sid:37613531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 150.91.144.239 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.91.144.239"; classtype:trojan-activity; sid:37598581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.168.240.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.168.240.107"; classtype:trojan-activity; sid:37598591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.200.137.46 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.46"; classtype:trojan-activity; sid:37598601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.140.120.198 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.140.120.198"; classtype:trojan-activity; sid:37598611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.126.67.173 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.67.173"; classtype:trojan-activity; sid:37613541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.117.147.119 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.147.119"; classtype:trojan-activity; sid:37613551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.200.66.164 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.200.66.164"; classtype:trojan-activity; sid:37613561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.43.211.196 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.211.196"; classtype:trojan-activity; sid:37613571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.20.144.9 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.20.144.9"; classtype:trojan-activity; sid:37598621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.48.175.69 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.175.69"; classtype:trojan-activity; sid:37613581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.222.69.21 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.69.21"; classtype:trojan-activity; sid:37613591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 213.153.152.34 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.153.152.34"; classtype:trojan-activity; sid:37598631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.136.43.235 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.136.43.235"; classtype:trojan-activity; sid:37613601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 78.188.6.251 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.188.6.251"; classtype:trojan-activity; sid:37598641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.48.250.124 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.124"; classtype:trojan-activity; sid:37598651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.75.254.202 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.254.202"; classtype:trojan-activity; sid:37613611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.152.123.90 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.152.123.90"; classtype:trojan-activity; sid:37613621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.204.171.82 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.204.171.82"; classtype:trojan-activity; sid:37613631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.89.169.69 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.169.69"; classtype:trojan-activity; sid:37613641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 219.152.168.133 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.152.168.133"; classtype:trojan-activity; sid:37613651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.43.75.97 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.43.75.97"; classtype:trojan-activity; sid:37613661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.14.153.90 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.153.90"; classtype:trojan-activity; sid:37613671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.156.128.13 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.128.13"; classtype:trojan-activity; sid:37613681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 84.22.158.217 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.22.158.217"; classtype:trojan-activity; sid:37613691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 211.20.10.199 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.20.10.199"; classtype:trojan-activity; sid:37613701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.32.3.95 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.32.3.95"; classtype:trojan-activity; sid:37613711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.106.100.84 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.100.84"; classtype:trojan-activity; sid:37613721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 15.204.211.99 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.204.211.99"; classtype:trojan-activity; sid:37613731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 41.215.130.247 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.215.130.247"; classtype:trojan-activity; sid:37613741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.55.34.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.55.34.75"; classtype:trojan-activity; sid:37598661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 129.151.119.28 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.151.119.28"; classtype:trojan-activity; sid:37613751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.51.46.161 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.46.161"; classtype:trojan-activity; sid:37613761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.172.54.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.172.54.2"; classtype:trojan-activity; sid:37613771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.32.242.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.32.242.158"; classtype:trojan-activity; sid:37598671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.235.238.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.235.238.225"; classtype:trojan-activity; sid:37598681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.64.49 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.64.49"; classtype:trojan-activity; sid:37613781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 212.129.249.68 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.129.249.68"; classtype:trojan-activity; sid:37613791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.220.130.115 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.220.130.115"; classtype:trojan-activity; sid:37598691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 202.83.16.8 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.83.16.8"; classtype:trojan-activity; sid:37613801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.196.148.25 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.196.148.25"; classtype:trojan-activity; sid:37598701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 14.181.67.224 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.181.67.224"; classtype:trojan-activity; sid:37598711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.47.15.165 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.47.15.165"; classtype:trojan-activity; sid:37613811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.3.181.249 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.3.181.249"; classtype:trojan-activity; sid:37598721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 190.109.229.216 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.229.216"; classtype:trojan-activity; sid:37598731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.143.175.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.143.175.220"; classtype:trojan-activity; sid:37598741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.248.157.53 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.157.53"; classtype:trojan-activity; sid:37613821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 71.6.134.230 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.6.134.230"; classtype:trojan-activity; sid:37598751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.112.156.59 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.112.156.59"; classtype:trojan-activity; sid:37598761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.92.82.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.92.82.90"; classtype:trojan-activity; sid:37598771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.213.28.63 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.213.28.63"; classtype:trojan-activity; sid:37598781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.150.133.93 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.150.133.93"; classtype:trojan-activity; sid:37598791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.175.47.216 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.175.47.216"; classtype:trojan-activity; sid:37598801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 73.139.114.233 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 73.139.114.233"; classtype:trojan-activity; sid:37598811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 202.51.74.123 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.51.74.123"; classtype:trojan-activity; sid:37613831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 88.129.112.5 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.129.112.5"; classtype:trojan-activity; sid:37598821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.221.127.174 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.127.174"; classtype:trojan-activity; sid:37613841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.237.99.187 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.237.99.187"; classtype:trojan-activity; sid:37613851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.236.187.5 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.236.187.5"; classtype:trojan-activity; sid:37613861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.109.208.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.109.208.37"; classtype:trojan-activity; sid:37613871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.19.192.162 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.19.192.162"; classtype:trojan-activity; sid:37598831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.152.212.29 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.152.212.29"; classtype:trojan-activity; sid:37613881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 62.138.26.116 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.138.26.116"; classtype:trojan-activity; sid:37613891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.192.123.63 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.123.63"; classtype:trojan-activity; sid:37613901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.214 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.214"; classtype:trojan-activity; sid:37581151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 5.249.144.19 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.249.144.19"; classtype:trojan-activity; sid:37581161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 101.109.255.239 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.109.255.239"; classtype:trojan-activity; sid:37598841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.175.29.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.175.29.181"; classtype:trojan-activity; sid:37598851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.91.156.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.91.156.203"; classtype:trojan-activity; sid:37598861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 146.56.213.161 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.56.213.161"; classtype:trojan-activity; sid:37613911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 27.17.150.198 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.17.150.198"; classtype:trojan-activity; sid:37598871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 47.115.208.108 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.115.208.108"; classtype:trojan-activity; sid:37744011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.95.156.130 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.95.156.130"; classtype:trojan-activity; sid:37744021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.61.34.131 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.34.131"; classtype:trojan-activity; sid:37744031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.207.17.102 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.207.17.102"; classtype:trojan-activity; sid:37598881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.219.131.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.219.131.45"; classtype:trojan-activity; sid:37744041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.189.255.111 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.189.255.111"; classtype:trojan-activity; sid:37598891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.141.20.117 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.141.20.117"; classtype:trojan-activity; sid:37739921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.117.255.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.117.255.62"; classtype:trojan-activity; sid:37739931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.29.33.2 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.29.33.2"; classtype:trojan-activity; sid:37739941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.224.116.208 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.224.116.208"; classtype:trojan-activity; sid:37744051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 150.109.93.69 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.93.69"; classtype:trojan-activity; sid:37744061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.98.107.63 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.98.107.63"; classtype:trojan-activity; sid:37744071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 221.133.36.226 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.133.36.226"; classtype:trojan-activity; sid:37744081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 211.252.27.38 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.252.27.38"; classtype:trojan-activity; sid:37744091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.155.166.220 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.166.220"; classtype:trojan-activity; sid:37744101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 81.69.38.117 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.38.117"; classtype:trojan-activity; sid:37744111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.136.160.74 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.136.160.74"; classtype:trojan-activity; sid:37744121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.101.142.114 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.142.114"; classtype:trojan-activity; sid:37744131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 95.85.15.212 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.85.15.212"; classtype:trojan-activity; sid:37744141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.216 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.216"; classtype:trojan-activity; sid:37748281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.236.176.191 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.191"; classtype:trojan-activity; sid:37748291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 123.126.5.250 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.126.5.250"; classtype:trojan-activity; sid:37739951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.89.86.249 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.89.86.249"; classtype:trojan-activity; sid:37739961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.0.39.141 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.0.39.141"; classtype:trojan-activity; sid:37739971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 31.200.235.42 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.200.235.42"; classtype:trojan-activity; sid:37739981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 151.242.95.182 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.242.95.182"; classtype:trojan-activity; sid:37739991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.210.101.58 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.210.101.58"; classtype:trojan-activity; sid:37740001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 63.47.105.105 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 63.47.105.105"; classtype:trojan-activity; sid:37740011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.129.37.236 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.129.37.236"; classtype:trojan-activity; sid:37744151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.193.58.20 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.58.20"; classtype:trojan-activity; sid:37748301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 23.92.27.111 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.92.27.111"; classtype:trojan-activity; sid:37743011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 167.172.141.83 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.141.83"; classtype:trojan-activity; sid:37743021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 211.196.120.196 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.196.120.196"; classtype:trojan-activity; sid:37744161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.55.33.86 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.55.33.86"; classtype:trojan-activity; sid:37744171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.90.139.4 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.90.139.4"; classtype:trojan-activity; sid:37740021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 206.189.229.70 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.229.70"; classtype:trojan-activity; sid:37744181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 181.17.171.191 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.17.171.191"; classtype:trojan-activity; sid:37740031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.14.185.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.14.185.88"; classtype:trojan-activity; sid:37740041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 76.164.114.140 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.164.114.140"; classtype:trojan-activity; sid:37740051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.184.119.232 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.184.119.232"; classtype:trojan-activity; sid:37740061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 62.234.39.158 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.39.158"; classtype:trojan-activity; sid:37744191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.152.201.242 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.152.201.242"; classtype:trojan-activity; sid:37744201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 208.100.26.231 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.100.26.231"; classtype:trojan-activity; sid:37744211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.48.164.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.48.164.168"; classtype:trojan-activity; sid:37740071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.91.241.138 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.91.241.138"; classtype:trojan-activity; sid:37740081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 150.109.18.77 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.18.77"; classtype:trojan-activity; sid:37744221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.242 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.242"; classtype:trojan-activity; sid:37744231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.142.125.13 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.13"; classtype:trojan-activity; sid:37743031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.48.28.131 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.48.28.131"; classtype:trojan-activity; sid:37740091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.29.196.162 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.29.196.162"; classtype:trojan-activity; sid:37740101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.52 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.52"; classtype:trojan-activity; sid:37748311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 114.223.18.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.223.18.150"; classtype:trojan-activity; sid:37740111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.229.102.40 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.229.102.40"; classtype:trojan-activity; sid:37740121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.243.176.45 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.243.176.45"; classtype:trojan-activity; sid:37740131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 179.60.147.122 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.60.147.122"; classtype:trojan-activity; sid:37743041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 110.182.243.102 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.182.243.102"; classtype:trojan-activity; sid:37740141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.230.228.172 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.230.228.172"; classtype:trojan-activity; sid:37740151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 200.10.96.115 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.10.96.115"; classtype:trojan-activity; sid:37744241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.131.235.203 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.131.235.203"; classtype:trojan-activity; sid:37744251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 109.195.148.73 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.195.148.73"; classtype:trojan-activity; sid:37744261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.150.249.41 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.150.249.41"; classtype:trojan-activity; sid:37740161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.229.99.188 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.229.99.188"; classtype:trojan-activity; sid:37744271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.19.139.138 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.19.139.138"; classtype:trojan-activity; sid:37740171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.99.49.208 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.49.208"; classtype:trojan-activity; sid:37743771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 59.173.81.109 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.173.81.109"; classtype:trojan-activity; sid:37740181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.125.13.73 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.125.13.73"; classtype:trojan-activity; sid:37744281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.225.44.22 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.225.44.22"; classtype:trojan-activity; sid:37740191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 129.159.41.106 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.159.41.106"; classtype:trojan-activity; sid:37744291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.199.110.67 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.110.67"; classtype:trojan-activity; sid:37744301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.56.139.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.56.139.17"; classtype:trojan-activity; sid:37740201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.241.121.220 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.241.121.220"; classtype:trojan-activity; sid:37744311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 23.94.182.45 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.182.45"; classtype:trojan-activity; sid:37744321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.7.227.136 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.7.227.136"; classtype:trojan-activity; sid:37744331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.187.147.35 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.187.147.35"; classtype:trojan-activity; sid:37744341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 78.22.165.78 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.22.165.78"; classtype:trojan-activity; sid:37740211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.199.104.83 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.104.83"; classtype:trojan-activity; sid:37744351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.105.92.118 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.105.92.118"; classtype:trojan-activity; sid:37744361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 89.240.11.131 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.240.11.131"; classtype:trojan-activity; sid:37740221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 93.41.166.10 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.41.166.10"; classtype:trojan-activity; sid:37740231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.243.142.42 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.142.42"; classtype:trojan-activity; sid:37744371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.134.66.105 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.66.105"; classtype:trojan-activity; sid:37744381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.167 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.167"; classtype:trojan-activity; sid:37744391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 38.25.39.212 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.25.39.212"; classtype:trojan-activity; sid:37744401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.96 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.96"; classtype:trojan-activity; sid:37743051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 203.190.53.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.190.53.154"; classtype:trojan-activity; sid:37744411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.101.88.222 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.222"; classtype:trojan-activity; sid:37744421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.234.134.238 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.134.238"; classtype:trojan-activity; sid:37744431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 128.199.5.196 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.5.196"; classtype:trojan-activity; sid:37744441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.225 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.225"; classtype:trojan-activity; sid:37748321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 121.40.78.149 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.78.149"; classtype:trojan-activity; sid:37744451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 157.245.248.106 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.248.106"; classtype:trojan-activity; sid:37744461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.173.5.92 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.173.5.92"; classtype:trojan-activity; sid:37740241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.93.205.199 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.199"; classtype:trojan-activity; sid:37740251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.179.78.172 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.179.78.172"; classtype:trojan-activity; sid:37744471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 167.248.133.50 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.50"; classtype:trojan-activity; sid:37740261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 37.229.163.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.229.163.88"; classtype:trojan-activity; sid:37740271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.95.146.126 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.95.146.126"; classtype:trojan-activity; sid:37740281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.140.17.52 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.140.17.52"; classtype:trojan-activity; sid:37743061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 146.70.158.206 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.70.158.206"; classtype:trojan-activity; sid:37743071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.233.19.217 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.233.19.217"; classtype:trojan-activity; sid:37743081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 121.229.54.219 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.229.54.219"; classtype:trojan-activity; sid:37744481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.138.50.202 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.50.202"; classtype:trojan-activity; sid:37744491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.206.80.31 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.206.80.31"; classtype:trojan-activity; sid:37744501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.10.178.118 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.10.178.118"; classtype:trojan-activity; sid:37744511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.10.81.144 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.10.81.144"; classtype:trojan-activity; sid:37740291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 181.37.152.47 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.37.152.47"; classtype:trojan-activity; sid:37740301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.150.67.159 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.150.67.159"; classtype:trojan-activity; sid:37740311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.106.98.234 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.98.234"; classtype:trojan-activity; sid:37744521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.234.6.1 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.234.6.1"; classtype:trojan-activity; sid:37744531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.143.233.205 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.233.205"; classtype:trojan-activity; sid:37744541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.137.92.167 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.92.167"; classtype:trojan-activity; sid:37744551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.42.140.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.42.140.54"; classtype:trojan-activity; sid:37740321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.228.56.10 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.228.56.10"; classtype:trojan-activity; sid:37740331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 83.179.33.22 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.179.33.22"; classtype:trojan-activity; sid:37740341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.222.92.224 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.222.92.224"; classtype:trojan-activity; sid:37740351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.89.40.5 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.89.40.5"; classtype:trojan-activity; sid:37740361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.202.103.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.202.103.220"; classtype:trojan-activity; sid:37740371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.192.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.192.182"; classtype:trojan-activity; sid:37744561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.186.69.133 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.186.69.133"; classtype:trojan-activity; sid:37740381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 212.129.223.131 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.129.223.131"; classtype:trojan-activity; sid:37744571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.127.14.28 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.127.14.28"; classtype:trojan-activity; sid:37740391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.252.187.117 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.252.187.117"; classtype:trojan-activity; sid:37740401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 197.146.3.105 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.146.3.105"; classtype:trojan-activity; sid:37743091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 77.239.211.222 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.239.211.222"; classtype:trojan-activity; sid:37740411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.87.21.100 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.87.21.100"; classtype:trojan-activity; sid:37740421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 137.184.92.227 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.92.227"; classtype:trojan-activity; sid:37744581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.181.232.3 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.181.232.3"; classtype:trojan-activity; sid:37740431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.172.149.253 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.149.253"; classtype:trojan-activity; sid:37740441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.48.160 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.48.160"; classtype:trojan-activity; sid:37744591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.82.133.93 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.82.133.93"; classtype:trojan-activity; sid:37743101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 2.34.180.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.34.180.82"; classtype:trojan-activity; sid:37740451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 68.183.126.228 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.126.228"; classtype:trojan-activity; sid:37744601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 181.34.128.188 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.34.128.188"; classtype:trojan-activity; sid:37740461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.250.219.94 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.250.219.94"; classtype:trojan-activity; sid:37740471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 14.186.127.126 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.186.127.126"; classtype:trojan-activity; sid:37740481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.60.82 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.60.82"; classtype:trojan-activity; sid:37743781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 113.128.39.7 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.128.39.7"; classtype:trojan-activity; sid:37740491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.7.166.135 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.7.166.135"; classtype:trojan-activity; sid:37744611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.250.48.43 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.250.48.43"; classtype:trojan-activity; sid:37740501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 12.193.127.18 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 12.193.127.18"; classtype:trojan-activity; sid:37743111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 1.69.22.119 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.69.22.119"; classtype:trojan-activity; sid:37740511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 181.143.225.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.143.225.2"; classtype:trojan-activity; sid:37744621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 193.149.176.68 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.149.176.68"; classtype:trojan-activity; sid:37744631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.217.91.116 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.217.91.116"; classtype:trojan-activity; sid:37740521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.48.185.222 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.48.185.222"; classtype:trojan-activity; sid:37740531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.216.243.57 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.216.243.57"; classtype:trojan-activity; sid:37743791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 118.26.39.179 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.26.39.179"; classtype:trojan-activity; sid:37744641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.87.16 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.87.16"; classtype:trojan-activity; sid:37744651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.202.15.32 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.202.15.32"; classtype:trojan-activity; sid:37740541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 201.204.168.47 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.204.168.47"; classtype:trojan-activity; sid:37740551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.168.40.238 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.168.40.238"; classtype:trojan-activity; sid:37740561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.217.217.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.217.217.107"; classtype:trojan-activity; sid:37740571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.50.118.58 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.50.118.58"; classtype:trojan-activity; sid:37740581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 120.192.58.104 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.192.58.104"; classtype:trojan-activity; sid:37740591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 154.83.14.251 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.83.14.251"; classtype:trojan-activity; sid:37744661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.25 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.25"; classtype:trojan-activity; sid:37743121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 82.207.8.218 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.207.8.218"; classtype:trojan-activity; sid:37744671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 173.242.140.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.242.140.51"; classtype:trojan-activity; sid:37740601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 24.199.90.89 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.199.90.89"; classtype:trojan-activity; sid:37743801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 165.154.105.128 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.105.128"; classtype:trojan-activity; sid:37744681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.103.94.37 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.94.37"; classtype:trojan-activity; sid:37740611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.78.98.151 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.78.98.151"; classtype:trojan-activity; sid:37744691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 128.199.151.137 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.151.137"; classtype:trojan-activity; sid:37744701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.10.247.77 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.10.247.77"; classtype:trojan-activity; sid:37740621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.165.4.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.165.4.225"; classtype:trojan-activity; sid:37740631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.82.140.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.82.140.154"; classtype:trojan-activity; sid:37744711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.216.69.87 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.216.69.87"; classtype:trojan-activity; sid:37740641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.181.43.28 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.181.43.28"; classtype:trojan-activity; sid:37740651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 8.141.54.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.141.54.182"; classtype:trojan-activity; sid:37744721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 109.154.230.163 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.154.230.163"; classtype:trojan-activity; sid:37740661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.152.52.210 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.152.52.210"; classtype:trojan-activity; sid:37740671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.244.42.87 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.244.42.87"; classtype:trojan-activity; sid:37740681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.92.120.113 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.120.113"; classtype:trojan-activity; sid:37743131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 60.36.160.35 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.36.160.35"; classtype:trojan-activity; sid:37740691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.61.68.43 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.61.68.43"; classtype:trojan-activity; sid:37740701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.33.237.209 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.237.209"; classtype:trojan-activity; sid:37743141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.153.60.195 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.60.195"; classtype:trojan-activity; sid:37744731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.58.164.95 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.164.95"; classtype:trojan-activity; sid:37743151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 223.10.70.64 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.10.70.64"; classtype:trojan-activity; sid:37740711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.93.205.230 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.230"; classtype:trojan-activity; sid:37740721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.2.132.218 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.2.132.218"; classtype:trojan-activity; sid:37740731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.14.24 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.14.24"; classtype:trojan-activity; sid:37744741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.12.224.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.12.224.158"; classtype:trojan-activity; sid:37740741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.13.1.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.13.1.54"; classtype:trojan-activity; sid:37740751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.231.5.97 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.5.97"; classtype:trojan-activity; sid:37744751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.128.73.254 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.73.254"; classtype:trojan-activity; sid:37744761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 38.7.207.97 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.207.97"; classtype:trojan-activity; sid:37744771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.96.46.204 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.96.46.204"; classtype:trojan-activity; sid:37744781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 137.59.47.227 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.59.47.227"; classtype:trojan-activity; sid:37744791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 162.142.125.14 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.14"; classtype:trojan-activity; sid:37748331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 45.227.254.9 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.227.254.9"; classtype:trojan-activity; sid:37743161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 101.126.68.152 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.68.152"; classtype:trojan-activity; sid:37744801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.178.228.147 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.228.147"; classtype:trojan-activity; sid:37744811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 218.78.60.105 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.78.60.105"; classtype:trojan-activity; sid:37744821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.251.160.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.251.160.181"; classtype:trojan-activity; sid:37740761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.116.210.212 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.116.210.212"; classtype:trojan-activity; sid:37740771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.218.196.72 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.218.196.72"; classtype:trojan-activity; sid:37740781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 23.92.27.41 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.92.27.41"; classtype:trojan-activity; sid:37743171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.134.103.193 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.103.193"; classtype:trojan-activity; sid:37744831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.144.50.89 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.144.50.89"; classtype:trojan-activity; sid:37740791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.76.228.194 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.76.228.194"; classtype:trojan-activity; sid:37744841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 181.113.21.163 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.113.21.163"; classtype:trojan-activity; sid:37744851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 64.23.169.130 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.169.130"; classtype:trojan-activity; sid:37744861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 147.78.47.57 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.78.47.57"; classtype:trojan-activity; sid:37743181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 194.187.176.44 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.44"; classtype:trojan-activity; sid:37743191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 104.186.204.146 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.186.204.146"; classtype:trojan-activity; sid:37744871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.48.146.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.48.146.75"; classtype:trojan-activity; sid:37740801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.244.19.18 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.244.19.18"; classtype:trojan-activity; sid:37740811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 161.35.6.165 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.6.165"; classtype:trojan-activity; sid:37743201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.11.61.179 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.11.61.179"; classtype:trojan-activity; sid:37743811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 37.115.189.52 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.115.189.52"; classtype:trojan-activity; sid:37740821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.56.221.75 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.56.221.75"; classtype:trojan-activity; sid:37740831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 72.26.3.175 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.26.3.175"; classtype:trojan-activity; sid:37740841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.3.162.186 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.3.162.186"; classtype:trojan-activity; sid:37740851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 62.74.140.248 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.74.140.248"; classtype:trojan-activity; sid:37744881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.236.128.35 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.128.35"; classtype:trojan-activity; sid:37748341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 175.31.246.216 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.246.216"; classtype:trojan-activity; sid:37740861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 27.8.44.19 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.8.44.19"; classtype:trojan-activity; sid:37743211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.66 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.66"; classtype:trojan-activity; sid:37748351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 58.222.103.38 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.222.103.38"; classtype:trojan-activity; sid:37744891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 126.117.105.160 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.117.105.160"; classtype:trojan-activity; sid:37740871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 31.208.204.172 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.208.204.172"; classtype:trojan-activity; sid:37740881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.153.171.228 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.153.171.228"; classtype:trojan-activity; sid:37740891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 211.199.178.65 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.199.178.65"; classtype:trojan-activity; sid:37740901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.116 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.116"; classtype:trojan-activity; sid:37743221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 220.240.24.84 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.240.24.84"; classtype:trojan-activity; sid:37740911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.25.37.115 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.25.37.115"; classtype:trojan-activity; sid:37740921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 191.14.147.219 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.14.147.219"; classtype:trojan-activity; sid:37740931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 35.131.2.104 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.131.2.104"; classtype:trojan-activity; sid:37744901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.205.58.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.205.58.247"; classtype:trojan-activity; sid:37740941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 218.62.139.65 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.62.139.65"; classtype:trojan-activity; sid:37740951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.227.126.250 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.126.250"; classtype:trojan-activity; sid:37744911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 170.106.195.172 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.195.172"; classtype:trojan-activity; sid:37744921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.24 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.24"; classtype:trojan-activity; sid:37743231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 122.191.115.219 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.191.115.219"; classtype:trojan-activity; sid:37748361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 220.135.41.206 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.41.206"; classtype:trojan-activity; sid:37740961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26841 [] Outgoing URL http|3a|//prestamo-consulta.replit.app"; flow:to_server,established; http.header; content:"prestamo-consulta.replit.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37560711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26841;) alert dns any any -> any any (msg: "MISP e26841 [] Domain prestamo-consulta.replit.app"; dns.query; content:"prestamo-consulta.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])prestamo\-consulta\.replit\.app$/i"; classtype:trojan-activity; sid:37560731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26841;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26841 [] Outgoing HTTP Domain prestamo-consulta.replit.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"prestamo-consulta.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])prestamo\-consulta\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37560732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26841;) alert ip 117.89.50.113 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.89.50.113"; classtype:trojan-activity; sid:37744931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 156.236.75.61 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.75.61"; classtype:trojan-activity; sid:37744941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.220.35.47 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.35.47"; classtype:trojan-activity; sid:37744951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.75.161.40 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.161.40"; classtype:trojan-activity; sid:37744961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.159.80.91 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.159.80.91"; classtype:trojan-activity; sid:37744971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 219.127.25.162 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.127.25.162"; classtype:trojan-activity; sid:37744981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.135.146.161 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.146.161"; classtype:trojan-activity; sid:37744991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 93.113.233.59 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.113.233.59"; classtype:trojan-activity; sid:37745001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.156.206.112 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.206.112"; classtype:trojan-activity; sid:37745011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.202 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.202"; classtype:trojan-activity; sid:37748371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 82.156.177.193 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.177.193"; classtype:trojan-activity; sid:37745021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.114.104.201 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.114.104.201"; classtype:trojan-activity; sid:37743241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 1.170.198.109 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.170.198.109"; classtype:trojan-activity; sid:37740971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.99.49.215 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.49.215"; classtype:trojan-activity; sid:37743821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 182.151.3.137 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.151.3.137"; classtype:trojan-activity; sid:37745031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.193.230.58 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.193.230.58"; classtype:trojan-activity; sid:37740981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.127.102.7 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.127.102.7"; classtype:trojan-activity; sid:37740991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.252.162.43 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.252.162.43"; classtype:trojan-activity; sid:37741001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.98.160.34 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.98.160.34"; classtype:trojan-activity; sid:37743251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 100.10.2.144 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 100.10.2.144"; classtype:trojan-activity; sid:37741011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.56 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.56"; classtype:trojan-activity; sid:37743261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.134.231.178 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.231.178"; classtype:trojan-activity; sid:37745041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.45.212.231 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.45.212.231"; classtype:trojan-activity; sid:37745051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 138.197.40.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.40.139"; classtype:trojan-activity; sid:37745061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 196.188.80.20 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.188.80.20"; classtype:trojan-activity; sid:37741021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.232.235.20 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.232.235.20"; classtype:trojan-activity; sid:37741031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.30.72.137 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.72.137"; classtype:trojan-activity; sid:37741041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 187.23.22.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.23.22.150"; classtype:trojan-activity; sid:37741051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.21.71.253 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.21.71.253"; classtype:trojan-activity; sid:37741061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.47 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.47"; classtype:trojan-activity; sid:37748381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 43.153.17.152 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.17.152"; classtype:trojan-activity; sid:37745071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.134.138.153 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.134.138.153"; classtype:trojan-activity; sid:37745081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.25.193.201 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.193.201"; classtype:trojan-activity; sid:37745091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.164.96.157 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.164.96.157"; classtype:trojan-activity; sid:37745101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 126.130.156.191 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.130.156.191"; classtype:trojan-activity; sid:37741071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.187.176.116 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.116"; classtype:trojan-activity; sid:37743271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 185.234.216.125 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.234.216.125"; classtype:trojan-activity; sid:37743281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 104.152.52.238 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.152.52.238"; classtype:trojan-activity; sid:37741081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.243.206.59 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.243.206.59"; classtype:trojan-activity; sid:37741091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 142.93.111.56 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.111.56"; classtype:trojan-activity; sid:37745111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.0.139.93 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.0.139.93"; classtype:trojan-activity; sid:37741101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 20.102.5.95 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.102.5.95"; classtype:trojan-activity; sid:37743291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 167.94.138.126 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.126"; classtype:trojan-activity; sid:37748391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 182.240.9.14 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.9.14"; classtype:trojan-activity; sid:37741111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 194.187.176.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.18"; classtype:trojan-activity; sid:37745121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.163.212.214 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.212.214"; classtype:trojan-activity; sid:37745131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.52.111.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.52.111.158"; classtype:trojan-activity; sid:37741121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.161.145.223 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.161.145.223"; classtype:trojan-activity; sid:37741131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 147.182.166.9 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.182.166.9"; classtype:trojan-activity; sid:37743831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 8.219.79.23 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.219.79.23"; classtype:trojan-activity; sid:37745141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.43.47.157 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.47.157"; classtype:trojan-activity; sid:37745151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.125.45.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.125.45.139"; classtype:trojan-activity; sid:37741141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 201.234.227.140 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.234.227.140"; classtype:trojan-activity; sid:37745161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.81 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.81"; classtype:trojan-activity; sid:37745171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 64.23.158.228 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.158.228"; classtype:trojan-activity; sid:37745181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.91.67.198 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.91.67.198"; classtype:trojan-activity; sid:37745191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 110.144.133.250 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.144.133.250"; classtype:trojan-activity; sid:37741151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.250.153.120 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.250.153.120"; classtype:trojan-activity; sid:37741161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 84.192.14.244 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.192.14.244"; classtype:trojan-activity; sid:37741171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 162.14.81.137 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.81.137"; classtype:trojan-activity; sid:37745201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 81.69.21.177 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.21.177"; classtype:trojan-activity; sid:37745211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 60.101.90.93 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.101.90.93"; classtype:trojan-activity; sid:37741181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.248.139.88 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.248.139.88"; classtype:trojan-activity; sid:37745221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 207.154.214.89 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.154.214.89"; classtype:trojan-activity; sid:37745231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 1.10.182.236 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.10.182.236"; classtype:trojan-activity; sid:37741191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 14.1.210.139 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.1.210.139"; classtype:trojan-activity; sid:37741201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.40.192.96 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.192.96"; classtype:trojan-activity; sid:37745241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.31 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.31"; classtype:trojan-activity; sid:37743301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 103.255.216.43 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.255.216.43"; classtype:trojan-activity; sid:37745251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.240.229.239 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.229.239"; classtype:trojan-activity; sid:37741211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 187.191.99.99 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.191.99.99"; classtype:trojan-activity; sid:37745261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.33.34.2 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.33.34.2"; classtype:trojan-activity; sid:37741221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.219 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.219"; classtype:trojan-activity; sid:37745271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.139.230.102 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.139.230.102"; classtype:trojan-activity; sid:37741231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 202.131.233.35 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.131.233.35"; classtype:trojan-activity; sid:37745281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.255.132.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.255.132.203"; classtype:trojan-activity; sid:37741241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.218.139.28 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.218.139.28"; classtype:trojan-activity; sid:37741251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.66.75.226 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.66.75.226"; classtype:trojan-activity; sid:37741261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 204.13.154.66 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.13.154.66"; classtype:trojan-activity; sid:37745291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.150.7.182 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.150.7.182"; classtype:trojan-activity; sid:37743311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.156.0.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.0.2"; classtype:trojan-activity; sid:37745301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 59.0.78.72 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.0.78.72"; classtype:trojan-activity; sid:37745311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 51.68.224.126 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.68.224.126"; classtype:trojan-activity; sid:37745321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.198 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.198"; classtype:trojan-activity; sid:37743321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.183 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.183"; classtype:trojan-activity; sid:37743331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 183.138.75.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.138.75.85"; classtype:trojan-activity; sid:37741271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.176.105.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.176.105.74"; classtype:trojan-activity; sid:37741281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 115.132.182.218 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.132.182.218"; classtype:trojan-activity; sid:37741291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.166.5.165 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.166.5.165"; classtype:trojan-activity; sid:37741301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 68.178.175.174 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.178.175.174"; classtype:trojan-activity; sid:37745331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.199.97.58 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.97.58"; classtype:trojan-activity; sid:37743341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.57 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.57"; classtype:trojan-activity; sid:37743351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 119.91.207.120 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.207.120"; classtype:trojan-activity; sid:37745341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 190.158.9.124 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.158.9.124"; classtype:trojan-activity; sid:37745351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.220.48.30 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.48.30"; classtype:trojan-activity; sid:37745361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.197.157.172 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.197.157.172"; classtype:trojan-activity; sid:37741311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.246.41.95 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.41.95"; classtype:trojan-activity; sid:37741321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 211.248.131.133 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.248.131.133"; classtype:trojan-activity; sid:37741331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 122.19.153.47 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.19.153.47"; classtype:trojan-activity; sid:37741341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.194.196.180 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.196.180"; classtype:trojan-activity; sid:37745371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.240.22.85 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.22.85"; classtype:trojan-activity; sid:37741351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 115.96.79.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.96.79.181"; classtype:trojan-activity; sid:37741361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.113.125.16 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.113.125.16"; classtype:trojan-activity; sid:37745381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 112.132.249.164 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.132.249.164"; classtype:trojan-activity; sid:37745391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.132.252.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.132.252.2"; classtype:trojan-activity; sid:37745401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 216.98.13.217 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.98.13.217"; classtype:trojan-activity; sid:37743361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 45.55.68.101 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.55.68.101"; classtype:trojan-activity; sid:37743841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 87.236.176.40 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.40"; classtype:trojan-activity; sid:37743371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.140 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.140"; classtype:trojan-activity; sid:37741371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.128.176.229 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.176.229"; classtype:trojan-activity; sid:37743381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 78.162.201.204 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.162.201.204"; classtype:trojan-activity; sid:37741381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.95.54.147 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.95.54.147"; classtype:trojan-activity; sid:37741391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.245.246.78 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.245.246.78"; classtype:trojan-activity; sid:37741401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.223.66.226 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.66.226"; classtype:trojan-activity; sid:37745411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 150.109.25.24 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.25.24"; classtype:trojan-activity; sid:37745421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.110.183.28 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.110.183.28"; classtype:trojan-activity; sid:37741411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.47.57.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.47.57.51"; classtype:trojan-activity; sid:37741421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 108.170.148.48 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.170.148.48"; classtype:trojan-activity; sid:37743391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 123.166.66.10 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.166.66.10"; classtype:trojan-activity; sid:37741431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 91.92.244.67 50500 (msg: "MISP e26847 [RiseProStealer] Outgoing To IP: 91.92.244.67|50500"; classtype:trojan-activity; sid:37562241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip 112.111.27.27 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.111.27.27"; classtype:trojan-activity; sid:37741441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.26.48.240 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.26.48.240"; classtype:trojan-activity; sid:37741451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.234.198.218 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.234.198.218"; classtype:trojan-activity; sid:37741461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.99.1.98 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.1.98"; classtype:trojan-activity; sid:37745431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.43.180.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.180.54"; classtype:trojan-activity; sid:37745441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 80.66.88.145 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.88.145"; classtype:trojan-activity; sid:37743851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 218.78.78.102 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.78.78.102"; classtype:trojan-activity; sid:37745451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 152.242.48.191 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.242.48.191"; classtype:trojan-activity; sid:37741471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.35.19.119 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.19.119"; classtype:trojan-activity; sid:37745461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.233.136.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.136.193"; classtype:trojan-activity; sid:37741481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.156.129.7 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.156.129.7"; classtype:trojan-activity; sid:37748401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 85.198.8.127 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.198.8.127"; classtype:trojan-activity; sid:37745471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 62.105.137.105 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.105.137.105"; classtype:trojan-activity; sid:37745481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.22.74.155 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.22.74.155"; classtype:trojan-activity; sid:37741491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.56.110 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.56.110"; classtype:trojan-activity; sid:37745491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.130.238.205 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.238.205"; classtype:trojan-activity; sid:37745501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.75.185.71 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.75.185.71"; classtype:trojan-activity; sid:37745511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 109.107.181.234 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.107.181.234"; classtype:trojan-activity; sid:37745521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.57.201.178 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.57.201.178"; classtype:trojan-activity; sid:37741501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.201.24.188 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.201.24.188"; classtype:trojan-activity; sid:37741511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.237.254.135 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.237.254.135"; classtype:trojan-activity; sid:37741521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 34.101.103.127 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.101.103.127"; classtype:trojan-activity; sid:37745531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 193.37.69.58 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.37.69.58"; classtype:trojan-activity; sid:37743401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 205.210.31.226 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.226"; classtype:trojan-activity; sid:37743411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 194.187.176.62 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.62"; classtype:trojan-activity; sid:37743421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 203.33.207.66 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.33.207.66"; classtype:trojan-activity; sid:37743431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 47.108.221.28 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.108.221.28"; classtype:trojan-activity; sid:37745541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 163.172.229.45 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.172.229.45"; classtype:trojan-activity; sid:37743441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.133.200.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.200.93"; classtype:trojan-activity; sid:37745551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 135.0.208.122 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 135.0.208.122"; classtype:trojan-activity; sid:37745561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 8.212.176.240 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.212.176.240"; classtype:trojan-activity; sid:37743451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 143.110.220.40 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.220.40"; classtype:trojan-activity; sid:37745571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 153.144.79.150 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.144.79.150"; classtype:trojan-activity; sid:37741531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 115.85.18.78 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.85.18.78"; classtype:trojan-activity; sid:37745581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 120.48.48.65 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.48.65"; classtype:trojan-activity; sid:37745591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.138.216.217 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.216.217"; classtype:trojan-activity; sid:37745601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.30.110.87 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.110.87"; classtype:trojan-activity; sid:37741541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 223.151.254.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.254.114"; classtype:trojan-activity; sid:37741551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.240.238.88 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.238.88"; classtype:trojan-activity; sid:37741561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.221.25.247 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.221.25.247"; classtype:trojan-activity; sid:37741571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 66.23.131.29 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.23.131.29"; classtype:trojan-activity; sid:37741581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 183.240.157.2 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.240.157.2"; classtype:trojan-activity; sid:37745611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 123.205.130.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.205.130.17"; classtype:trojan-activity; sid:37741591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.99.65.96 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.65.96"; classtype:trojan-activity; sid:37745621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.236.38.130 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.236.38.130"; classtype:trojan-activity; sid:37743461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 61.154.11.185 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.154.11.185"; classtype:trojan-activity; sid:37745631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 122.13.25.214 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.13.25.214"; classtype:trojan-activity; sid:37745641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 132.145.109.41 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.145.109.41"; classtype:trojan-activity; sid:37745651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.16.245.85 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.16.245.85"; classtype:trojan-activity; sid:37745661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.9.184.79 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.9.184.79"; classtype:trojan-activity; sid:37745671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 24.47.84.96 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.47.84.96"; classtype:trojan-activity; sid:37741601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.190.211.80 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.190.211.80"; classtype:trojan-activity; sid:37741611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.45.136.95 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.45.136.95"; classtype:trojan-activity; sid:37741621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.255.152.108 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.255.152.108"; classtype:trojan-activity; sid:37741631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.24.135.208 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.24.135.208"; classtype:trojan-activity; sid:37741641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 178.62.12.246 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.12.246"; classtype:trojan-activity; sid:37745681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.181.172.66 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.181.172.66"; classtype:trojan-activity; sid:37743471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 117.63.36.166 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.63.36.166"; classtype:trojan-activity; sid:37741651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 64.227.132.14 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.132.14"; classtype:trojan-activity; sid:37743481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.136 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.136"; classtype:trojan-activity; sid:37741661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 74.40.19.68 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.40.19.68"; classtype:trojan-activity; sid:37745691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 135.148.144.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 135.148.144.169"; classtype:trojan-activity; sid:37745701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.227.130.233 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.227.130.233"; classtype:trojan-activity; sid:37745711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.35.179.218 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.35.179.218"; classtype:trojan-activity; sid:37741671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 159.89.94.43 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.94.43"; classtype:trojan-activity; sid:37745721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.125 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.125"; classtype:trojan-activity; sid:37741681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 185.126.1.143 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.126.1.143"; classtype:trojan-activity; sid:37745731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.141 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.141"; classtype:trojan-activity; sid:37741691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 107.170.247.34 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.247.34"; classtype:trojan-activity; sid:37743491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.156.150.246 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.150.246"; classtype:trojan-activity; sid:37745741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 47.98.174.134 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.98.174.134"; classtype:trojan-activity; sid:37745751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 197.48.35.200 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.48.35.200"; classtype:trojan-activity; sid:37741701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.48.133.163 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.48.133.163"; classtype:trojan-activity; sid:37745761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 118.25.51.102 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.51.102"; classtype:trojan-activity; sid:37745771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 115.159.25.59 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.25.59"; classtype:trojan-activity; sid:37745781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.61.203.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.203.82"; classtype:trojan-activity; sid:37741711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.157.55.94 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.55.94"; classtype:trojan-activity; sid:37745791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 14.29.240.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.29.240.154"; classtype:trojan-activity; sid:37745801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.67.221.40 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.67.221.40"; classtype:trojan-activity; sid:37745811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 220.87.14.28 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.87.14.28"; classtype:trojan-activity; sid:37745821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 188.138.130.54 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.138.130.54"; classtype:trojan-activity; sid:37743501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 118.25.18.142 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.18.142"; classtype:trojan-activity; sid:37745831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.42.249.74 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.249.74"; classtype:trojan-activity; sid:37745841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 82.157.154.187 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.154.187"; classtype:trojan-activity; sid:37745851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 101.34.78.88 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.78.88"; classtype:trojan-activity; sid:37745861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 116.206.239.178 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.206.239.178"; classtype:trojan-activity; sid:37745871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 186.206.171.126 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.206.171.126"; classtype:trojan-activity; sid:37745881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.36 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.36"; classtype:trojan-activity; sid:37743511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 85.175.102.14 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.175.102.14"; classtype:trojan-activity; sid:37741721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 199.45.154.17 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 199.45.154.17"; classtype:trojan-activity; sid:37743521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 113.254.6.250 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.254.6.250"; classtype:trojan-activity; sid:37741731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.75.232.188 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.232.188"; classtype:trojan-activity; sid:37745891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 99.60.19.149 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 99.60.19.149"; classtype:trojan-activity; sid:37741741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 167.71.54.30 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.54.30"; classtype:trojan-activity; sid:37745901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.113.93.82 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.113.93.82"; classtype:trojan-activity; sid:37745911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.48.28.169 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.48.28.169"; classtype:trojan-activity; sid:37741751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 123.165.154.197 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.165.154.197"; classtype:trojan-activity; sid:37741761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.104.210.105 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.104.210.105"; classtype:trojan-activity; sid:37745921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.183.245.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.183.245.62"; classtype:trojan-activity; sid:37741771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.93.4.38 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.93.4.38"; classtype:trojan-activity; sid:37741781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 179.95.180.141 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.95.180.141"; classtype:trojan-activity; sid:37745931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.180.105.183 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.180.105.183"; classtype:trojan-activity; sid:37745941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.47.36.58 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.47.36.58"; classtype:trojan-activity; sid:37745951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 36.10.255.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.10.255.107"; classtype:trojan-activity; sid:37741791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.79.83.67 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.83.67"; classtype:trojan-activity; sid:37743531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 79.127.11.60 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.127.11.60"; classtype:trojan-activity; sid:37745961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.53.84.39 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.53.84.39"; classtype:trojan-activity; sid:37741801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip $HOME_NET any -> 91.92.244.67 50500 (msg: "MISP e26873 [] Outgoing To IP: 91.92.244.67|50500"; classtype:trojan-activity; sid:37572381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip 125.59.62.168 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.59.62.168"; classtype:trojan-activity; sid:37741811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.93.6.124 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.93.6.124"; classtype:trojan-activity; sid:37741821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 42.100.56.242 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.56.242"; classtype:trojan-activity; sid:37741831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.230 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.230"; classtype:trojan-activity; sid:37748411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 124.221.186.50 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.186.50"; classtype:trojan-activity; sid:37745971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 94.60.254.225 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.60.254.225"; classtype:trojan-activity; sid:37741841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.180.53.103 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.180.53.103"; classtype:trojan-activity; sid:37741851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.156.11.162 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.11.162"; classtype:trojan-activity; sid:37745981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.255.241.46 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.255.241.46"; classtype:trojan-activity; sid:37743541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 212.227.238.135 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.227.238.135"; classtype:trojan-activity; sid:37743551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 27.24.55.25 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.24.55.25"; classtype:trojan-activity; sid:37741861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 111.170.105.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.170.105.154"; classtype:trojan-activity; sid:37741871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.218.235.30 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.218.235.30"; classtype:trojan-activity; sid:37741881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.134.68.235 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.68.235"; classtype:trojan-activity; sid:37745991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 212.251.106.22 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.251.106.22"; classtype:trojan-activity; sid:37741891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 182.38.191.105 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.38.191.105"; classtype:trojan-activity; sid:37741901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.33.127.47 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.33.127.47"; classtype:trojan-activity; sid:37743561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 59.126.121.207 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.126.121.207"; classtype:trojan-activity; sid:37741911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.106.67.80 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.67.80"; classtype:trojan-activity; sid:37746001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.142.150.74 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.142.150.74"; classtype:trojan-activity; sid:37746011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 23.92.20.83 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.92.20.83"; classtype:trojan-activity; sid:37743571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 43.156.122.96 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.122.96"; classtype:trojan-activity; sid:37746021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 211.228.234.90 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.228.234.90"; classtype:trojan-activity; sid:37741921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 59.183.245.240 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.183.245.240"; classtype:trojan-activity; sid:37741931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.75.254.91 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.254.91"; classtype:trojan-activity; sid:37746031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 219.148.31.135 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.148.31.135"; classtype:trojan-activity; sid:37746041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.116.149.108 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.116.149.108"; classtype:trojan-activity; sid:37741941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.234.252.98 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.234.252.98"; classtype:trojan-activity; sid:37741951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.190.156.158 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.190.156.158"; classtype:trojan-activity; sid:37741961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 58.50.119.94 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.50.119.94"; classtype:trojan-activity; sid:37741971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.191.135.56 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.191.135.56"; classtype:trojan-activity; sid:37741981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.64.194.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.64.194.60"; classtype:trojan-activity; sid:37741991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 129.226.209.202 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.209.202"; classtype:trojan-activity; sid:37746051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.168.100.175 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.168.100.175"; classtype:trojan-activity; sid:37746061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 194.187.176.42 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.187.176.42"; classtype:trojan-activity; sid:37743581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 146.190.60.168 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.60.168"; classtype:trojan-activity; sid:37746071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 140.249.20.113 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.249.20.113"; classtype:trojan-activity; sid:37746081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 193.70.85.215 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.70.85.215"; classtype:trojan-activity; sid:37746091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 39.105.212.205 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.105.212.205"; classtype:trojan-activity; sid:37746101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.169.56.82 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.169.56.82"; classtype:trojan-activity; sid:37742001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.234.202.56 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.234.202.56"; classtype:trojan-activity; sid:37742011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.40.149.117 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.40.149.117"; classtype:trojan-activity; sid:37742021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.234.127.250 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.127.250"; classtype:trojan-activity; sid:37746111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 193.233.132.144 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.233.132.144"; classtype:trojan-activity; sid:37743591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 51.162.190.161 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.162.190.161"; classtype:trojan-activity; sid:37746121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.89.86.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.89.86.181"; classtype:trojan-activity; sid:37742031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.103.248.59 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.248.59"; classtype:trojan-activity; sid:37742041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 96.29.129.60 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.29.129.60"; classtype:trojan-activity; sid:37742051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 34.85.163.94 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.85.163.94"; classtype:trojan-activity; sid:37746131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 46.36.23.81 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.36.23.81"; classtype:trojan-activity; sid:37742061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.251.111.197 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.251.111.197"; classtype:trojan-activity; sid:37746141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 14.63.221.137 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.63.221.137"; classtype:trojan-activity; sid:37746151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 107.140.211.69 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.140.211.69"; classtype:trojan-activity; sid:37742071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 31.200.234.27 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.200.234.27"; classtype:trojan-activity; sid:37742081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 189.7.17.61 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.7.17.61"; classtype:trojan-activity; sid:37746161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 179.112.177.184 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.112.177.184"; classtype:trojan-activity; sid:37742091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.28.206.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.206.182"; classtype:trojan-activity; sid:37746171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 120.48.33.71 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.33.71"; classtype:trojan-activity; sid:37746181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.234.218.48 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.234.218.48"; classtype:trojan-activity; sid:37742101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.128.232.67 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.128.232.67"; classtype:trojan-activity; sid:37746191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.233.154.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.154.203"; classtype:trojan-activity; sid:37742111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.173.67.144 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.173.67.144"; classtype:trojan-activity; sid:37742121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.221.23.193 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.23.193"; classtype:trojan-activity; sid:37746201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 175.0.62.1 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.0.62.1"; classtype:trojan-activity; sid:37742131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.126.3.67 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.3.67"; classtype:trojan-activity; sid:37746211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.65.180.113 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.180.113"; classtype:trojan-activity; sid:37746221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 35.203.211.165 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.203.211.165"; classtype:trojan-activity; sid:37743601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 36.137.4.37 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.4.37"; classtype:trojan-activity; sid:37743861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 210.16.189.143 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.16.189.143"; classtype:trojan-activity; sid:37746231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 222.246.109.144 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.109.144"; classtype:trojan-activity; sid:37742141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 82.8.213.233 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.8.213.233"; classtype:trojan-activity; sid:37742151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 129.226.215.132 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.215.132"; classtype:trojan-activity; sid:37746241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 45.67.216.98 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.67.216.98"; classtype:trojan-activity; sid:37743611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 110.172.170.102 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.172.170.102"; classtype:trojan-activity; sid:37742161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 20.121.54.174 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.121.54.174"; classtype:trojan-activity; sid:37743621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 170.64.222.181 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.222.181"; classtype:trojan-activity; sid:37746251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.127.112.24 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.127.112.24"; classtype:trojan-activity; sid:37742171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.32.34.121 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.34.121"; classtype:trojan-activity; sid:37742181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.221.208.195 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.208.195"; classtype:trojan-activity; sid:37743871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 115.55.238.222 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.55.238.222"; classtype:trojan-activity; sid:37742191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.82.175 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.82.175"; classtype:trojan-activity; sid:37746261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.89.250.248 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.89.250.248"; classtype:trojan-activity; sid:37746271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 96.81.211.157 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.81.211.157"; classtype:trojan-activity; sid:37742201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 45.236.249.52 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.236.249.52"; classtype:trojan-activity; sid:37742211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 46.229.189.200 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.229.189.200"; classtype:trojan-activity; sid:37742221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 36.41.184.136 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.41.184.136"; classtype:trojan-activity; sid:37746281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 165.154.33.72 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.33.72"; classtype:trojan-activity; sid:37746291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 38.7.199.5 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.199.5"; classtype:trojan-activity; sid:37746301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 64.23.138.110 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.138.110"; classtype:trojan-activity; sid:37746311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.98.62.220 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.98.62.220"; classtype:trojan-activity; sid:37742231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.20.199.79 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.20.199.79"; classtype:trojan-activity; sid:37742241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 81.70.117.182 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.117.182"; classtype:trojan-activity; sid:37746321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 196.0.120.6 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.0.120.6"; classtype:trojan-activity; sid:37746331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 125.25.183.237 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.25.183.237"; classtype:trojan-activity; sid:37742251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 134.236.19.49 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.236.19.49"; classtype:trojan-activity; sid:37742261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 118.123.105.92 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.123.105.92"; classtype:trojan-activity; sid:37742271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 110.7.52.148 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.7.52.148"; classtype:trojan-activity; sid:37742281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.200.137.123 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.123"; classtype:trojan-activity; sid:37742291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.132.45.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.132.45.154"; classtype:trojan-activity; sid:37742301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 170.106.193.230 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.193.230"; classtype:trojan-activity; sid:37746341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.212.136.189 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.212.136.189"; classtype:trojan-activity; sid:37746351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 58.47.65.244 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.65.244"; classtype:trojan-activity; sid:37742311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 39.51.172.164 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.51.172.164"; classtype:trojan-activity; sid:37742321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 91.93.138.110 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.93.138.110"; classtype:trojan-activity; sid:37742331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 176.99.2.248 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.99.2.248"; classtype:trojan-activity; sid:37746361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 185.196.9.199 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.196.9.199"; classtype:trojan-activity; sid:37746371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 87.236.176.42 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.42"; classtype:trojan-activity; sid:37748421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 59.174.50.163 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.174.50.163"; classtype:trojan-activity; sid:37742341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.215.115.203 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.215.115.203"; classtype:trojan-activity; sid:37742351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.69 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.69"; classtype:trojan-activity; sid:37748431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 115.84.249.140 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.84.249.140"; classtype:trojan-activity; sid:37746381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 201.163.162.179 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.163.162.179"; classtype:trojan-activity; sid:37746391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 171.109.157.13 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.109.157.13"; classtype:trojan-activity; sid:37742361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 107.170.228.41 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.228.41"; classtype:trojan-activity; sid:37743631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 60.103.32.23 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.103.32.23"; classtype:trojan-activity; sid:37742371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 124.222.121.4 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.121.4"; classtype:trojan-activity; sid:37746401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.47.81 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.47.81"; classtype:trojan-activity; sid:37746411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 186.154.90.114 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.154.90.114"; classtype:trojan-activity; sid:37746421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.235.24.113 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.113"; classtype:trojan-activity; sid:37746431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 187.251.123.99 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.251.123.99"; classtype:trojan-activity; sid:37746441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 206.189.59.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.59.169"; classtype:trojan-activity; sid:37746451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 197.39.2.80 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.39.2.80"; classtype:trojan-activity; sid:37743641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 27.110.167.245 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.110.167.245"; classtype:trojan-activity; sid:37746461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 161.35.109.85 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.109.85"; classtype:trojan-activity; sid:37743881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 223.15.54.2 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.15.54.2"; classtype:trojan-activity; sid:37742381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 172.81.62.169 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.169"; classtype:trojan-activity; sid:37743891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 103.102.56.188 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.102.56.188"; classtype:trojan-activity; sid:37742391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 203.12.200.41 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.12.200.41"; classtype:trojan-activity; sid:37743651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 81.68.131.169 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.131.169"; classtype:trojan-activity; sid:37746471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 150.158.77.82 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.77.82"; classtype:trojan-activity; sid:37746481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.234.118.154 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.118.154"; classtype:trojan-activity; sid:37746491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 111.132.4.210 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.132.4.210"; classtype:trojan-activity; sid:37743901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 189.178.50.118 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.178.50.118"; classtype:trojan-activity; sid:37742401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.41.34.18 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.41.34.18"; classtype:trojan-activity; sid:37742411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 117.215.216.252 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.215.216.252"; classtype:trojan-activity; sid:37742421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 171.112.90.80 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.112.90.80"; classtype:trojan-activity; sid:37742431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.230.26.204 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.230.26.204"; classtype:trojan-activity; sid:37742441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 31.191.59.83 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.191.59.83"; classtype:trojan-activity; sid:37742451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 89.215.136.136 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.215.136.136"; classtype:trojan-activity; sid:37742461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 109.122.22.16 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.122.22.16"; classtype:trojan-activity; sid:37742471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 153.3.139.130 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.3.139.130"; classtype:trojan-activity; sid:37742481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.167.89.4 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.167.89.4"; classtype:trojan-activity; sid:37746501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 37.115.77.227 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.115.77.227"; classtype:trojan-activity; sid:37742491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 77.74.205.213 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.74.205.213"; classtype:trojan-activity; sid:37742501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 85.209.11.242 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.209.11.242"; classtype:trojan-activity; sid:37746511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 198.199.111.115 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.111.115"; classtype:trojan-activity; sid:37743661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 54.151.84.21 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.151.84.21"; classtype:trojan-activity; sid:37746521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 61.192.207.133 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.192.207.133"; classtype:trojan-activity; sid:37742511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.33.204.231 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.204.231"; classtype:trojan-activity; sid:37743671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 115.165.210.5 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.165.210.5"; classtype:trojan-activity; sid:37742521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 112.102.170.148 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.170.148"; classtype:trojan-activity; sid:37742531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 210.20.151.227 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.20.151.227"; classtype:trojan-activity; sid:37742541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 116.172.184.223 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.172.184.223"; classtype:trojan-activity; sid:37746531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 114.35.32.188 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.35.32.188"; classtype:trojan-activity; sid:37742551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.247.124.173 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.247.124.173"; classtype:trojan-activity; sid:37742561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.67.251.222 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.67.251.222"; classtype:trojan-activity; sid:37746541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.40.241.200 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.40.241.200"; classtype:trojan-activity; sid:37742571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.32.62.79 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.62.79"; classtype:trojan-activity; sid:37742581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 35.203.211.114 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.203.211.114"; classtype:trojan-activity; sid:37742591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 80.82.77.202 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.82.77.202"; classtype:trojan-activity; sid:37742601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 43.153.43.196 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.43.196"; classtype:trojan-activity; sid:37746551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 20.71.215.181 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.71.215.181"; classtype:trojan-activity; sid:37746561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 14.18.40.91 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.18.40.91"; classtype:trojan-activity; sid:37746571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.233.137.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.137.51"; classtype:trojan-activity; sid:37742611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 179.173.23.215 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.173.23.215"; classtype:trojan-activity; sid:37742621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 104.175.38.152 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.175.38.152"; classtype:trojan-activity; sid:37742631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.245.195.202 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.245.195.202"; classtype:trojan-activity; sid:37743681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 175.31.126.240 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.126.240"; classtype:trojan-activity; sid:37742641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 180.44.59.181 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.44.59.181"; classtype:trojan-activity; sid:37742651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 23.224.95.147 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.224.95.147"; classtype:trojan-activity; sid:37746581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 49.130.14.68 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.130.14.68"; classtype:trojan-activity; sid:37742661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.235.3.252 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.235.3.252"; classtype:trojan-activity; sid:37743691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 221.232.31.7 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.232.31.7"; classtype:trojan-activity; sid:37742671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 34.150.119.172 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.150.119.172"; classtype:trojan-activity; sid:37746591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 177.84.209.193 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.84.209.193"; classtype:trojan-activity; sid:37742681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.99.200.17 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.99.200.17"; classtype:trojan-activity; sid:37742691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 209.54.46.14 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.54.46.14"; classtype:trojan-activity; sid:37743911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip 152.32.226.155 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.226.155"; classtype:trojan-activity; sid:37748441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 120.194.198.79 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.194.198.79"; classtype:trojan-activity; sid:37742701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 87.236.176.192 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.192"; classtype:trojan-activity; sid:37748451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.236.176.201 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.201"; classtype:trojan-activity; sid:37748461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 87.236.176.60 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.60"; classtype:trojan-activity; sid:37748471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 223.9.41.140 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.9.41.140"; classtype:trojan-activity; sid:37742711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 77.91.84.54 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.91.84.54"; classtype:trojan-activity; sid:37746601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 103.147.242.68 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.147.242.68"; classtype:trojan-activity; sid:37746611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 180.184.176.139 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.184.176.139"; classtype:trojan-activity; sid:37746621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 106.43.102.161 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.43.102.161"; classtype:trojan-activity; sid:37742721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 109.69.7.157 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.69.7.157"; classtype:trojan-activity; sid:37743701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 101.37.33.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.37.33.93"; classtype:trojan-activity; sid:37746631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.130.34.28 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.34.28"; classtype:trojan-activity; sid:37746641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 178.32.170.25 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.32.170.25"; classtype:trojan-activity; sid:37746651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 151.177.119.229 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.177.119.229"; classtype:trojan-activity; sid:37742731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 181.106.238.70 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.106.238.70"; classtype:trojan-activity; sid:37742741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 101.227.203.162 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.227.203.162"; classtype:trojan-activity; sid:37746661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 200.40.61.38 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.40.61.38"; classtype:trojan-activity; sid:37742751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 106.43.91.7 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.43.91.7"; classtype:trojan-activity; sid:37742761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.229.72.221 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.229.72.221"; classtype:trojan-activity; sid:37742771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 213.109.202.232 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.109.202.232"; classtype:trojan-activity; sid:37743711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 91.107.19.160 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.107.19.160"; classtype:trojan-activity; sid:37742781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 61.75.251.95 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.75.251.95"; classtype:trojan-activity; sid:37746671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 119.27.181.250 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.27.181.250"; classtype:trojan-activity; sid:37746681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 113.236.95.154 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.236.95.154"; classtype:trojan-activity; sid:37742791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 176.109.191.35 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.109.191.35"; classtype:trojan-activity; sid:37742801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.167.106.149 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.167.106.149"; classtype:trojan-activity; sid:37742811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 202.189.245.244 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.189.245.244"; classtype:trojan-activity; sid:37742821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 221.14.122.62 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.14.122.62"; classtype:trojan-activity; sid:37742831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 125.20.225.86 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.20.225.86"; classtype:trojan-activity; sid:37742841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.74 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.74"; classtype:trojan-activity; sid:37743721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 104.131.144.41 any -> $HOME_NET any (msg: "MISP e26957 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.144.41"; classtype:trojan-activity; sid:37748481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26957;) alert ip 42.228.34.74 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.228.34.74"; classtype:trojan-activity; sid:37742851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 222.222.191.132 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.222.191.132"; classtype:trojan-activity; sid:37742861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 119.1.121.47 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.1.121.47"; classtype:trojan-activity; sid:37742871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 220.250.41.11 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.250.41.11"; classtype:trojan-activity; sid:37746691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 182.242.25.80 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.242.25.80"; classtype:trojan-activity; sid:37742881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 113.59.187.111 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.59.187.111"; classtype:trojan-activity; sid:37742891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 49.51.178.186 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.178.186"; classtype:trojan-activity; sid:37746701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 149.50.96.45 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.50.96.45"; classtype:trojan-activity; sid:37742901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 103.54.26.51 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.54.26.51"; classtype:trojan-activity; sid:37742911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 175.13.4.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.13.4.54"; classtype:trojan-activity; sid:37742921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 73.15.203.143 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 73.15.203.143"; classtype:trojan-activity; sid:37746711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 194.169.175.21 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.169.175.21"; classtype:trojan-activity; sid:37743731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 87.236.176.233 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.233"; classtype:trojan-activity; sid:37743741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 138.2.161.89 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.2.161.89"; classtype:trojan-activity; sid:37746721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 124.156.181.50 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.181.50"; classtype:trojan-activity; sid:37746731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 183.93.205.236 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.236"; classtype:trojan-activity; sid:37742931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 60.220.185.149 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.220.185.149"; classtype:trojan-activity; sid:37746741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 205.185.127.240 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.185.127.240"; classtype:trojan-activity; sid:37746751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 200.122.249.203 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.122.249.203"; classtype:trojan-activity; sid:37746761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 159.65.220.18 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.220.18"; classtype:trojan-activity; sid:37746771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 194.152.206.17 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.152.206.17"; classtype:trojan-activity; sid:37746781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 42.202.21.241 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.202.21.241"; classtype:trojan-activity; sid:37742941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 39.109.117.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.109.117.37"; classtype:trojan-activity; sid:37746791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 121.107.184.16 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.107.184.16"; classtype:trojan-activity; sid:37742951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 121.146.142.226 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.146.142.226"; classtype:trojan-activity; sid:37746801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 43.153.8.212 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.8.212"; classtype:trojan-activity; sid:37746811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 104.250.50.93 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.93"; classtype:trojan-activity; sid:37746821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 220.93.247.54 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.93.247.54"; classtype:trojan-activity; sid:37742961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 2.181.117.107 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.181.117.107"; classtype:trojan-activity; sid:37742971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 114.228.88.228 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.228.88.228"; classtype:trojan-activity; sid:37742981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 156.236.66.37 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.66.37"; classtype:trojan-activity; sid:37746831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 210.212.99.168 any -> $HOME_NET any (msg: "MISP e26886 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.212.99.168"; classtype:trojan-activity; sid:37746841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26886;) alert ip 117.197.251.254 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.197.251.254"; classtype:trojan-activity; sid:37742991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 198.235.24.49 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.49"; classtype:trojan-activity; sid:37743751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 42.242.79.58 any -> $HOME_NET any (msg: "MISP e26882 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.242.79.58"; classtype:trojan-activity; sid:37743001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26882;) alert ip 79.124.58.86 any -> $HOME_NET any (msg: "MISP e26878 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.124.58.86"; classtype:trojan-activity; sid:37743761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26878;) alert ip 125.124.91.68 any -> $HOME_NET any (msg: "MISP e26875 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.124.91.68"; classtype:trojan-activity; sid:37743921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26875;) alert ip $HOME_NET any -> 91.92.244.67 8081 (msg: "MISP e26847 [Risepro,ViriBack] Outgoing To IP: 91.92.244.67|8081"; classtype:trojan-activity; sid:37562251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 91.92.244.67 8081 (msg: "MISP e26873 [] Outgoing To IP: 91.92.244.67|8081"; classtype:trojan-activity; sid:37572391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26843 [] Domain mi-tarjetacencosud-cl.cmmenterprises.com.pk"; dns.query; content:"mi-tarjetacencosud-cl.cmmenterprises.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.cmmenterprises\.com\.pk$/i"; classtype:trojan-activity; sid:37561861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26843;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26843 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.cmmenterprises.com.pk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.cmmenterprises.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.cmmenterprises\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26843;) alert ip $HOME_NET any -> 45.92.179.244 15647 (msg: "MISP e26847 [Arechclient2] Outgoing To IP: 45.92.179.244|15647"; classtype:trojan-activity; sid:37562261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 45.92.179.244 15647 (msg: "MISP e26873 [] Outgoing To IP: 45.92.179.244|15647"; classtype:trojan-activity; sid:37572401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26847 [dcrat] Outgoing URL http|3a|//785319cm.nyashsens.top/vmcpuprocessgenerator.php"; flow:to_server,established; http.header; content:"785319cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/vmcpuprocessgenerator.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//785319cm.nyashsens.top/vmCpuProcessgenerator.php"; flow:to_server,established; http.header; content:"785319cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/vmCpuProcessgenerator.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26847 [dcrat] Outgoing URL http|3a|//gp104995g2.temp.swtest.ru/image_securecpugamelongpollmulticentral.php"; flow:to_server,established; http.header; content:"gp104995g2.temp.swtest.ru"; fast_pattern; nocase; http.uri; content:"/image_securecpugamelongpollmulticentral.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//gp104995g2.temp.swtest.ru/image_secureCpugamelongpollMultiCentral.php"; flow:to_server,established; http.header; content:"gp104995g2.temp.swtest.ru"; fast_pattern; nocase; http.uri; content:"/image_secureCpugamelongpollMultiCentral.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 156.236.72.163 8000 (msg: "MISP e26847 [Gh0stRAT] Outgoing To IP: 156.236.72.163|8000"; classtype:trojan-activity; sid:37562301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 156.236.72.163 8000 (msg: "MISP e26873 [] Outgoing To IP: 156.236.72.163|8000"; classtype:trojan-activity; sid:37572431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 82.115.223.136 $HTTP_PORTS (msg: "MISP e26847 [dcrat] Outgoing URL http|3a|//82.115.223.136/externallinephpjavascriptsecureauthprotectlinuxuniversal.php"; flow:to_server,established; http.header; content:"82.115.223.136"; fast_pattern; nocase; http.uri; content:"/externallinephpjavascriptsecureauthprotectlinuxuniversal.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 185.198.57.41 7443 (msg: "MISP e26847 [Covenant,HS] Outgoing To IP: 185.198.57.41|7443"; classtype:trojan-activity; sid:37562321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 35.193.229.206 443 (msg: "MISP e26847 [GOOGLE-CLOUD-PLATFORM,Havoc] Outgoing To IP: 35.193.229.206|443"; classtype:trojan-activity; sid:37562331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 78.40.117.84 443 (msg: "MISP e26847 [ALEXHOST,Havoc] Outgoing To IP: 78.40.117.84|443"; classtype:trojan-activity; sid:37562341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 167.56.121.249 995 (msg: "MISP e26847 [Administracion Nacional de Telecomunicaciones,QakBot] Outgoing To IP: 167.56.121.249|995"; classtype:trojan-activity; sid:37562351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 71.88.241.194 443 (msg: "MISP e26847 [CHARTER-20115,QakBot] Outgoing To IP: 71.88.241.194|443"; classtype:trojan-activity; sid:37562361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 77.105.147.157 80 (msg: "MISP e26847 [AEZA-AS,Meduza Stealer] Outgoing To IP: 77.105.147.157|80"; classtype:trojan-activity; sid:37562371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 82.115.223.136 $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//82.115.223.136/externalLinephpJavascriptSecureAuthProtectlinuxuniversal.php"; flow:to_server,established; http.header; content:"82.115.223.136"; fast_pattern; nocase; http.uri; content:"/externalLinephpJavascriptSecureAuthProtectlinuxuniversal.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 71.88.241.194 443 (msg: "MISP e26873 [] Outgoing To IP: 71.88.241.194|443"; classtype:trojan-activity; sid:37572451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 167.56.121.249 995 (msg: "MISP e26873 [] Outgoing To IP: 167.56.121.249|995"; classtype:trojan-activity; sid:37572461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 78.40.117.84 443 (msg: "MISP e26873 [] Outgoing To IP: 78.40.117.84|443"; classtype:trojan-activity; sid:37572471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 35.193.229.206 443 (msg: "MISP e26873 [] Outgoing To IP: 35.193.229.206|443"; classtype:trojan-activity; sid:37572481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 185.198.57.41 7443 (msg: "MISP e26873 [] Outgoing To IP: 185.198.57.41|7443"; classtype:trojan-activity; sid:37572491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 77.105.147.157 80 (msg: "MISP e26873 [] Outgoing To IP: 77.105.147.157|80"; classtype:trojan-activity; sid:37572501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 20.218.68.91 23100 (msg: "MISP e26847 [infostealer,RedLine,stealer] Outgoing To IP: 20.218.68.91|23100"; classtype:trojan-activity; sid:37562271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 147.185.221.17 80 (msg: "MISP e26847 [njrat,RAT] Outgoing To IP: 147.185.221.17|80"; classtype:trojan-activity; sid:37562221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26847 [njrat,RAT] Domain conference-cal.gl.at.ply.gg"; dns.query; content:"conference-cal.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])conference\-cal\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37562231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [njrat,RAT] Outgoing HTTP Domain conference-cal.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"conference-cal.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])conference\-cal\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26873 [] Domain conference-cal.gl.at.ply.gg"; dns.query; content:"conference-cal.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])conference\-cal\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37572511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain conference-cal.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"conference-cal.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])conference\-cal\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 147.185.221.17 80 (msg: "MISP e26873 [] Outgoing To IP: 147.185.221.17|80"; classtype:trojan-activity; sid:37572531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 20.218.68.91 23100 (msg: "MISP e26873 [] Outgoing To IP: 20.218.68.91|23100"; classtype:trojan-activity; sid:37572541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26847 [moobot] Domain botnet.loadbalance.click"; dns.query; content:"botnet.loadbalance.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.loadbalance\.click$/i"; classtype:trojan-activity; sid:37562391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [moobot] Outgoing HTTP Domain botnet.loadbalance.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.loadbalance.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.loadbalance\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 93.123.85.142 43957 (msg: "MISP e26847 [moobot] Outgoing To IP: 93.123.85.142|43957"; classtype:trojan-activity; sid:37562401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 15.235.131.20 44647 (msg: "MISP e26847 [infostealer,RedLine,stealer] Outgoing To IP: 15.235.131.20|44647"; classtype:trojan-activity; sid:37562381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26873 [] Domain botnet.loadbalance.click"; dns.query; content:"botnet.loadbalance.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.loadbalance\.click$/i"; classtype:trojan-activity; sid:37572551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain botnet.loadbalance.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.loadbalance.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.loadbalance\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 15.235.131.20 44647 (msg: "MISP e26873 [] Outgoing To IP: 15.235.131.20|44647"; classtype:trojan-activity; sid:37572561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 93.123.85.142 43957 (msg: "MISP e26873 [] Outgoing To IP: 93.123.85.142|43957"; classtype:trojan-activity; sid:37572571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26847 [Mirai] Domain rebirthbot.icu"; dns.query; content:"rebirthbot.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-])rebirthbot\.icu$/i"; classtype:trojan-activity; sid:37562411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [Mirai] Outgoing HTTP Domain rebirthbot.icu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rebirthbot.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rebirthbot\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26873 [] Domain rebirthbot.icu"; dns.query; content:"rebirthbot.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-])rebirthbot\.icu$/i"; classtype:trojan-activity; sid:37572581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain rebirthbot.icu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rebirthbot.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rebirthbot\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26847 [BankBot,Hydra] Domain fewjfhwefhwegfgwey344.cfd"; dns.query; content:"fewjfhwefhwegfgwey344.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])fewjfhwefhwegfgwey344\.cfd$/i"; classtype:trojan-activity; sid:37562421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [BankBot,Hydra] Outgoing HTTP Domain fewjfhwefhwegfgwey344.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fewjfhwefhwegfgwey344.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fewjfhwefhwegfgwey344\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26847 [BankBot,Hydra] Domain fhfhreeruu334345432.cfd"; dns.query; content:"fhfhreeruu334345432.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])fhfhreeruu334345432\.cfd$/i"; classtype:trojan-activity; sid:37562431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [BankBot,Hydra] Outgoing HTTP Domain fhfhreeruu334345432.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fhfhreeruu334345432.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fhfhreeruu334345432\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26847 [BankBot,Hydra] Domain gftfttdrtdrrttgfderrt654.cfd"; dns.query; content:"gftfttdrtdrrttgfderrt654.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])gftfttdrtdrrttgfderrt654\.cfd$/i"; classtype:trojan-activity; sid:37562441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [BankBot,Hydra] Outgoing HTTP Domain gftfttdrtdrrttgfderrt654.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gftfttdrtdrrttgfderrt654.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gftfttdrtdrrttgfderrt654\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26847 [BankBot,Hydra] Domain htyfdsdghfr65443.cfd"; dns.query; content:"htyfdsdghfr65443.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])htyfdsdghfr65443\.cfd$/i"; classtype:trojan-activity; sid:37562451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [BankBot,Hydra] Outgoing HTTP Domain htyfdsdghfr65443.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"htyfdsdghfr65443.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])htyfdsdghfr65443\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26847 [BankBot,Hydra] Domain iefijweijfiwefiue9877.cfd"; dns.query; content:"iefijweijfiwefiue9877.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])iefijweijfiwefiue9877\.cfd$/i"; classtype:trojan-activity; sid:37562461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [BankBot,Hydra] Outgoing HTTP Domain iefijweijfiwefiue9877.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"iefijweijfiwefiue9877.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])iefijweijfiwefiue9877\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26847 [BankBot,Hydra] Domain woolyboolydoolykooly.com"; dns.query; content:"woolyboolydoolykooly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])woolyboolydoolykooly\.com$/i"; classtype:trojan-activity; sid:37562471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [BankBot,Hydra] Outgoing HTTP Domain woolyboolydoolykooly.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"woolyboolydoolykooly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])woolyboolydoolykooly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26873 [] Domain fewjfhwefhwegfgwey344.cfd"; dns.query; content:"fewjfhwefhwegfgwey344.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])fewjfhwefhwegfgwey344\.cfd$/i"; classtype:trojan-activity; sid:37572591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain fewjfhwefhwegfgwey344.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fewjfhwefhwegfgwey344.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fewjfhwefhwegfgwey344\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26873 [] Domain fhfhreeruu334345432.cfd"; dns.query; content:"fhfhreeruu334345432.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])fhfhreeruu334345432\.cfd$/i"; classtype:trojan-activity; sid:37572601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain fhfhreeruu334345432.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fhfhreeruu334345432.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fhfhreeruu334345432\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26873 [] Domain gftfttdrtdrrttgfderrt654.cfd"; dns.query; content:"gftfttdrtdrrttgfderrt654.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])gftfttdrtdrrttgfderrt654\.cfd$/i"; classtype:trojan-activity; sid:37572611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain gftfttdrtdrrttgfderrt654.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gftfttdrtdrrttgfderrt654.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gftfttdrtdrrttgfderrt654\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26873 [] Domain htyfdsdghfr65443.cfd"; dns.query; content:"htyfdsdghfr65443.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])htyfdsdghfr65443\.cfd$/i"; classtype:trojan-activity; sid:37572621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain htyfdsdghfr65443.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"htyfdsdghfr65443.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])htyfdsdghfr65443\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26873 [] Domain iefijweijfiwefiue9877.cfd"; dns.query; content:"iefijweijfiwefiue9877.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])iefijweijfiwefiue9877\.cfd$/i"; classtype:trojan-activity; sid:37572631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain iefijweijfiwefiue9877.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"iefijweijfiwefiue9877.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])iefijweijfiwefiue9877\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26873 [] Domain woolyboolydoolykooly.com"; dns.query; content:"woolyboolydoolykooly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])woolyboolydoolykooly\.com$/i"; classtype:trojan-activity; sid:37572641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain woolyboolydoolykooly.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"woolyboolydoolykooly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])woolyboolydoolykooly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 20.106.175.213 81 (msg: "MISP e26847 [CobaltStrike,cs-watermark-987654321,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing URL http|3a|//20.106.175.213|3a|81/microcoft-gettask.html"; flow:to_server,established; http.header; content:"20.106.175.213"; fast_pattern; nocase; http.uri; content:"/microcoft-gettask.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 20.106.175.213 81 (msg: "MISP e26873 [] Outgoing URL http|3a|//20.106.175.213|3a|81/microcoft-gettask.html"; flow:to_server,established; http.header; content:"20.106.175.213"; fast_pattern; nocase; http.uri; content:"/microcoft-gettask.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26847 [dcrat] Outgoing URL http|3a|//cz13602.tw1.ru/_defaultwindows.php"; flow:to_server,established; http.header; content:"cz13602.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e26847 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.110.130|3a|808/dpixel"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//cz13602.tw1.ru/_Defaultwindows.php"; flow:to_server,established; http.header; content:"cz13602.tw1.ru"; fast_pattern; nocase; http.uri; content:"/_Defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 120.26.196.41 2222 (msg: "MISP e26847 [CobaltStrike,cs-watermark-6,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//120.26.196.41|3a|2222/updates.rss"; flow:to_server,established; http.header; content:"120.26.196.41"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 43.139.177.77 88 (msg: "MISP e26847 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//43.139.177.77|3a|88/api/x"; flow:to_server,established; http.header; content:"43.139.177.77"; fast_pattern; nocase; http.uri; content:"/api/x"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26847 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn/api/x"; flow:to_server,established; http.header; content:"service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn"; fast_pattern; nocase; http.uri; content:"/api/x"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26847 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Domain service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn"; dns.query; content:"service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-2kd9w0iu\-1302672236\.gz\.tencentapigw\.com\.cn$/i"; classtype:trojan-activity; sid:37562591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-2kd9w0iu\-1302672236\.gz\.tencentapigw\.com\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 101.43.12.111 9999 (msg: "MISP e26847 [CobaltStrike,cs-watermark-1873433027,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//101.43.12.111|3a|9999/cx"; flow:to_server,established; http.header; content:"101.43.12.111"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 120.26.196.41 2222 (msg: "MISP e26873 [] Outgoing URL http|3a|//120.26.196.41|3a|2222/updates.rss"; flow:to_server,established; http.header; content:"120.26.196.41"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e26873 [] Outgoing URL http|3a|//1.94.110.130|3a|808/dpixel"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 101.43.12.111 9999 (msg: "MISP e26873 [] Outgoing URL http|3a|//101.43.12.111|3a|9999/cx"; flow:to_server,established; http.header; content:"101.43.12.111"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26873 [] Domain service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn"; dns.query; content:"service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-2kd9w0iu\-1302672236\.gz\.tencentapigw\.com\.cn$/i"; classtype:trojan-activity; sid:37572711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-2kd9w0iu\-1302672236\.gz\.tencentapigw\.com\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn/api/x"; flow:to_server,established; http.header; content:"service-2kd9w0iu-1302672236.gz.tencentapigw.com.cn"; fast_pattern; nocase; http.uri; content:"/api/x"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 43.139.177.77 88 (msg: "MISP e26873 [] Outgoing URL http|3a|//43.139.177.77|3a|88/api/x"; flow:to_server,established; http.header; content:"43.139.177.77"; fast_pattern; nocase; http.uri; content:"/api/x"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 42.237.24.42 7899 (msg: "MISP e26847 [Gh0stRAT] Outgoing To IP: 42.237.24.42|7899"; classtype:trojan-activity; sid:37562611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 5.182.87.104 $HTTP_PORTS (msg: "MISP e26847 [dcrat] Outgoing URL http|3a|//5.182.87.104/1/eternalrequestlowtestdle.php"; flow:to_server,established; http.header; content:"5.182.87.104"; fast_pattern; nocase; http.uri; content:"/1/eternalrequestlowtestdle.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 5.182.87.104 $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//5.182.87.104/1/EternalRequestLowTestDle.php"; flow:to_server,established; http.header; content:"5.182.87.104"; fast_pattern; nocase; http.uri; content:"/1/EternalRequestLowTestDle.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 42.237.24.42 7899 (msg: "MISP e26873 [] Outgoing To IP: 42.237.24.42|7899"; classtype:trojan-activity; sid:37572791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26847 [Aixit GmbH,CobaltStrike,cs-watermark-987654321] Domain a.pain.capetown"; dns.query; content:"a.pain.capetown"; nocase; pcre: "/(^|[^A-Za-z0-9-])a\.pain\.capetown$/i"; classtype:trojan-activity; sid:37562631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [Aixit GmbH,CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain a.pain.capetown"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"a.pain.capetown"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])a\.pain\.capetown[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 88.214.25.36 53 (msg: "MISP e26847 [Aixit GmbH,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 88.214.25.36|53"; classtype:trojan-activity; sid:37562641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26873 [] Domain a.pain.capetown"; dns.query; content:"a.pain.capetown"; nocase; pcre: "/(^|[^A-Za-z0-9-])a\.pain\.capetown$/i"; classtype:trojan-activity; sid:37572801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain a.pain.capetown"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"a.pain.capetown"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])a\.pain\.capetown[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 88.214.25.36 53 (msg: "MISP e26873 [] Outgoing To IP: 88.214.25.36|53"; classtype:trojan-activity; sid:37572811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 154.197.98.85 $HTTP_PORTS (msg: "MISP e26847 [CobaltStrike,cs-watermark-391144938,Gigabitbank Global] Outgoing URL http|3a|//154.197.98.85/ca"; flow:to_server,established; http.header; content:"154.197.98.85"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 43.136.71.208 8085 (msg: "MISP e26847 [CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//43.136.71.208|3a|8085/api/methon/scan"; flow:to_server,established; http.header; content:"43.136.71.208"; fast_pattern; nocase; http.uri; content:"/api/methon/scan"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26847 [CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.] Domain www.sonystore.xyz"; dns.query; content:"www.sonystore.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sonystore\.xyz$/i"; classtype:trojan-activity; sid:37562681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing HTTP Domain www.sonystore.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.sonystore.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sonystore\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 39.98.192.104 8443 (msg: "MISP e26847 [CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing To IP: 39.98.192.104|8443"; classtype:trojan-activity; sid:37562691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg: "MISP e26847 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//www.baidu12366.xyz|3a|8080/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"www.baidu12366.xyz"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26847 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Domain www.baidu12366.xyz"; dns.query; content:"www.baidu12366.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.baidu12366\.xyz$/i"; classtype:trojan-activity; sid:37562711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26847 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain www.baidu12366.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.baidu12366.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.baidu12366\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 106.54.228.198 8080 (msg: "MISP e26847 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 106.54.228.198|8080"; classtype:trojan-activity; sid:37562721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 121.43.58.124 5555 (msg: "MISP e26847 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//121.43.58.124|3a|5555/en_us/all.js"; flow:to_server,established; http.header; content:"121.43.58.124"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 45.134.225.245 $HTTP_PORTS (msg: "MISP e26847 [CobaltStrike,ColocationX Ltd.,cs-watermark-987654321] Outgoing URL http|3a|//45.134.225.245/en_us/all.js"; flow:to_server,established; http.header; content:"45.134.225.245"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 106.54.228.198 8081 (msg: "MISP e26847 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//106.54.228.198|3a|8081/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"106.54.228.198"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 106.54.228.198 8081 (msg: "MISP e26873 [] Outgoing URL http|3a|//106.54.228.198|3a|8081/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"106.54.228.198"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 45.134.225.245 $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//45.134.225.245/en_US/all.js"; flow:to_server,established; http.header; content:"45.134.225.245"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 121.43.58.124 5555 (msg: "MISP e26873 [] Outgoing URL http|3a|//121.43.58.124|3a|5555/en_US/all.js"; flow:to_server,established; http.header; content:"121.43.58.124"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26873 [] Domain www.baidu12366.xyz"; dns.query; content:"www.baidu12366.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.baidu12366\.xyz$/i"; classtype:trojan-activity; sid:37572851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain www.baidu12366.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.baidu12366.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.baidu12366\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg: "MISP e26873 [] Outgoing URL http|3a|//www.baidu12366.xyz|3a|8080/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"www.baidu12366.xyz"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert dns any any -> any any (msg: "MISP e26873 [] Domain www.sonystore.xyz"; dns.query; content:"www.sonystore.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sonystore\.xyz$/i"; classtype:trojan-activity; sid:37572871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26873 [] Outgoing HTTP Domain www.sonystore.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.sonystore.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.sonystore\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 43.136.71.208 8085 (msg: "MISP e26873 [] Outgoing URL http|3a|//43.136.71.208|3a|8085/api/methon/scan"; flow:to_server,established; http.header; content:"43.136.71.208"; fast_pattern; nocase; http.uri; content:"/api/methon/scan"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 154.197.98.85 $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//154.197.98.85/ca"; flow:to_server,established; http.header; content:"154.197.98.85"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 106.54.228.198 8080 (msg: "MISP e26873 [] Outgoing To IP: 106.54.228.198|8080"; classtype:trojan-activity; sid:37572911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 39.98.192.104 8443 (msg: "MISP e26873 [] Outgoing To IP: 39.98.192.104|8443"; classtype:trojan-activity; sid:37572921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 34.86.252.187 5050 (msg: "MISP e26847 [njrat] Outgoing To IP: 34.86.252.187|5050"; classtype:trojan-activity; sid:37562761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26870 [] Domain mail.wasstech.com"; dns.query; content:"mail.wasstech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.wasstech\.com$/i"; classtype:trojan-activity; sid:37572211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26870;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26870 [] Outgoing HTTP Domain mail.wasstech.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.wasstech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.wasstech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37572212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26870;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26870 [] Source Email Address: wassteam@wasstech.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"wassteam@wasstech.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37572221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26870;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e26870 [] Destination Email Address: companylee199@gmail.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"companylee199@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37572231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26870;) alert ip $HOME_NET any -> 34.86.252.187 5050 (msg: "MISP e26873 [] Outgoing To IP: 34.86.252.187|5050"; classtype:trojan-activity; sid:37572931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 5.75.215.159 9001 (msg: "MISP e26847 [Vidar] Outgoing To IP: 5.75.215.159|9001"; classtype:trojan-activity; sid:37562771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 95.217.240.44 443 (msg: "MISP e26847 [Vidar] Outgoing To IP: 95.217.240.44|443"; classtype:trojan-activity; sid:37562781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 65.109.172.49 443 (msg: "MISP e26847 [Vidar] Outgoing To IP: 65.109.172.49|443"; classtype:trojan-activity; sid:37562791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 5.75.215.159 9001 (msg: "MISP e26873 [] Outgoing To IP: 5.75.215.159|9001"; classtype:trojan-activity; sid:37572981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 95.217.240.44 443 (msg: "MISP e26873 [] Outgoing To IP: 95.217.240.44|443"; classtype:trojan-activity; sid:37572991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 65.109.172.49 443 (msg: "MISP e26873 [] Outgoing To IP: 65.109.172.49|443"; classtype:trojan-activity; sid:37573001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 87.88.94.223 54984 (msg: "MISP e26847 [NanoCore,RAT] Outgoing To IP: 87.88.94.223|54984"; classtype:trojan-activity; sid:37562841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 87.88.94.223 54984 (msg: "MISP e26873 [] Outgoing To IP: 87.88.94.223|54984"; classtype:trojan-activity; sid:37573011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 121.43.58.124 4444 (msg: "MISP e26847 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//121.43.58.124|3a|4444/dot.gif"; flow:to_server,established; http.header; content:"121.43.58.124"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 121.43.58.124 4444 (msg: "MISP e26873 [] Outgoing URL http|3a|//121.43.58.124|3a|4444/dot.gif"; flow:to_server,established; http.header; content:"121.43.58.124"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37573021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 147.185.221.17 55430 (msg: "MISP e26847 [njrat] Outgoing To IP: 147.185.221.17|55430"; classtype:trojan-activity; sid:37562861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 147.185.221.17 55430 (msg: "MISP e26873 [] Outgoing To IP: 147.185.221.17|55430"; classtype:trojan-activity; sid:37573031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26868 [] Outgoing URL http|3a|//tinyurl.com/dfsgswefwf25?xmk=EyVeXMW1sd"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/dfsgswefwf25"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37572181; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/26868;) alert ip $HOME_NET any -> 185.250.151.246 8443 (msg: "MISP e26847 [Brute Ratel C4,STARK-INDUSTRIES] Outgoing To IP: 185.250.151.246|8443"; classtype:trojan-activity; sid:37562871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 47.98.126.140 10000 (msg: "MISP e26847 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Deimos] Outgoing To IP: 47.98.126.140|10000"; classtype:trojan-activity; sid:37562881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 136.0.3.71 5671 (msg: "MISP e26847 [Bianlian Go Trojan,EVOXTENTERPRISE-AS-AP Evoxt Enterprise] Outgoing To IP: 136.0.3.71|5671"; classtype:trojan-activity; sid:37562891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 20.80.88.247 445 (msg: "MISP e26847 [MICROSOFT-CORP-MSN-AS-BLOCK,Responder] Outgoing To IP: 20.80.88.247|445"; classtype:trojan-activity; sid:37562901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 2.91.177.204 443 (msg: "MISP e26847 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 2.91.177.204|443"; classtype:trojan-activity; sid:37562911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 154.247.237.145 2078 (msg: "MISP e26847 [ALGTEL-AS,QakBot] Outgoing To IP: 154.247.237.145|2078"; classtype:trojan-activity; sid:37562921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 79.107.151.150 995 (msg: "MISP e26847 [QakBot,WIND-AS] Outgoing To IP: 79.107.151.150|995"; classtype:trojan-activity; sid:37562931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 105.108.32.227 2078 (msg: "MISP e26847 [ALGTEL-AS,QakBot] Outgoing To IP: 105.108.32.227|2078"; classtype:trojan-activity; sid:37562941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 41.96.125.98 443 (msg: "MISP e26847 [ALGTEL-AS,QakBot] Outgoing To IP: 41.96.125.98|443"; classtype:trojan-activity; sid:37562951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 79.137.202.68 80 (msg: "MISP e26847 [AEZA-AS,Meduza Stealer] Outgoing To IP: 79.137.202.68|80"; classtype:trojan-activity; sid:37562961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 105.108.32.227 2078 (msg: "MISP e26873 [] Outgoing To IP: 105.108.32.227|2078"; classtype:trojan-activity; sid:37573041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 79.107.151.150 995 (msg: "MISP e26873 [] Outgoing To IP: 79.107.151.150|995"; classtype:trojan-activity; sid:37573051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 154.247.237.145 2078 (msg: "MISP e26873 [] Outgoing To IP: 154.247.237.145|2078"; classtype:trojan-activity; sid:37573061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 2.91.177.204 443 (msg: "MISP e26873 [] Outgoing To IP: 2.91.177.204|443"; classtype:trojan-activity; sid:37573071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 20.80.88.247 445 (msg: "MISP e26873 [] Outgoing To IP: 20.80.88.247|445"; classtype:trojan-activity; sid:37573081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 136.0.3.71 5671 (msg: "MISP e26873 [] Outgoing To IP: 136.0.3.71|5671"; classtype:trojan-activity; sid:37573091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 47.98.126.140 10000 (msg: "MISP e26873 [] Outgoing To IP: 47.98.126.140|10000"; classtype:trojan-activity; sid:37573101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 185.250.151.246 8443 (msg: "MISP e26873 [] Outgoing To IP: 185.250.151.246|8443"; classtype:trojan-activity; sid:37573111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 79.137.202.68 80 (msg: "MISP e26873 [] Outgoing To IP: 79.137.202.68|80"; classtype:trojan-activity; sid:37573121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 41.96.125.98 443 (msg: "MISP e26873 [] Outgoing To IP: 41.96.125.98|443"; classtype:trojan-activity; sid:37573131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26847 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing URL http|3a|//microsoftsyst3m.com/enable/v9/wdoblgwr0s"; flow:to_server,established; http.header; content:"microsoftsyst3m.com"; fast_pattern; nocase; http.uri; content:"/enable/v9/wdoblgwr0s"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26847 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing URL http|3a|//igo0gle.com/enable/v9/wdoblgwr0s"; flow:to_server,established; http.header; content:"igo0gle.com"; fast_pattern; nocase; http.uri; content:"/enable/v9/wdoblgwr0s"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 88.214.25.235 $HTTP_PORTS (msg: "MISP e26847 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing URL http|3a|//88.214.25.235/enable/v9/wdoblgwr0s"; flow:to_server,established; http.header; content:"88.214.25.235"; fast_pattern; nocase; http.uri; content:"/enable/v9/wdoblgwr0s"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert ip $HOME_NET any -> 88.214.25.235 80 (msg: "MISP e26847 [CobaltStrike,cs-watermark-674054486,HGCOMP-ASN] Outgoing To IP: 88.214.25.235|80"; classtype:trojan-activity; sid:37563001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 80.85.246.217 $HTTP_PORTS (msg: "MISP e26847 [dcrat] Outgoing URL http|3a|//80.85.246.217/externalpipetosecureasynctrackuploads.php"; flow:to_server,established; http.header; content:"80.85.246.217"; fast_pattern; nocase; http.uri; content:"/externalpipetosecureasynctrackuploads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> 80.85.246.217 $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//80.85.246.217/externalpipeToSecureasynctrackUploads.php"; flow:to_server,established; http.header; content:"80.85.246.217"; fast_pattern; nocase; http.uri; content:"/externalpipeToSecureasynctrackUploads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37573141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> 88.214.25.235 $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//88.214.25.235/Enable/v9/WDOBLGWR0S"; flow:to_server,established; http.header; content:"88.214.25.235"; fast_pattern; nocase; http.uri; content:"/Enable/v9/WDOBLGWR0S"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37573151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//igo0gle.com/Enable/v9/WDOBLGWR0S"; flow:to_server,established; http.header; content:"igo0gle.com"; fast_pattern; nocase; http.uri; content:"/Enable/v9/WDOBLGWR0S"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37573161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26873 [] Outgoing URL http|3a|//MicrosoftSyst3m.com/Enable/v9/WDOBLGWR0S"; flow:to_server,established; http.header; content:"MicrosoftSyst3m.com"; fast_pattern; nocase; http.uri; content:"/Enable/v9/WDOBLGWR0S"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37573171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 88.214.25.235 80 (msg: "MISP e26873 [] Outgoing To IP: 88.214.25.235|80"; classtype:trojan-activity; sid:37573181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26873;) alert ip $HOME_NET any -> 159.223.220.165 80 (msg: "MISP e26847 [CobaltStrike,cs-watermark-1727139162,DIGITALOCEAN-ASN] Outgoing To IP: 159.223.220.165|80"; classtype:trojan-activity; sid:37563021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert dns any any -> any any (msg: "MISP e26862 [] Domain venipak.safeordertrust.ee"; dns.query; content:"venipak.safeordertrust.ee"; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safeordertrust\.ee$/i"; classtype:trojan-activity; sid:37571891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26862;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26862 [] Outgoing HTTP Domain venipak.safeordertrust.ee"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"venipak.safeordertrust.ee"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safeordertrust\.ee[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26862;) alert ip $HOME_NET any -> 159.223.220.165 80 (msg: "MISP e26866 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing To IP: 159.223.220.165|80"; classtype:trojan-activity; sid:37572151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26847 [dcrat] Outgoing URL http|3a|//a0923400.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0923400.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37563031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26847;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//a0923400.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0923400.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37846371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26844 [] Domain personas.milab.digital"; dns.query; content:"personas.milab.digital"; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital$/i"; classtype:trojan-activity; sid:37561961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26844;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26844 [] Outgoing HTTP Domain personas.milab.digital"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"personas.milab.digital"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37561962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26844;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26845 [] Outgoing URL http|3a|//dev-site-continuar-acceso-app.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-site-continuar-acceso-app.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26845;) alert dns any any -> any any (msg: "MISP e26845 [] Domain dev-site-continuar-acceso-app.pantheonsite.io"; dns.query; content:"dev-site-continuar-acceso-app.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-site\-continuar\-acceso\-app\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37562051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26845;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26845 [] Outgoing HTTP Domain dev-site-continuar-acceso-app.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-site-continuar-acceso-app.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-site\-continuar\-acceso\-app\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26845;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26846 [] Outgoing URL http|3a|//credi-agil-bancolombia-app-personas.replit.app"; flow:to_server,established; http.header; content:"credi-agil-bancolombia-app-personas.replit.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37562121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26846;) alert dns any any -> any any (msg: "MISP e26846 [] Domain credi-agil-bancolombia-app-personas.replit.app"; dns.query; content:"credi-agil-bancolombia-app-personas.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])credi\-agil\-bancolombia\-app\-personas\.replit\.app$/i"; classtype:trojan-activity; sid:37562141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26846;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26846 [] Outgoing HTTP Domain credi-agil-bancolombia-app-personas.replit.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"credi-agil-bancolombia-app-personas.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])credi\-agil\-bancolombia\-app\-personas\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37562142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26846;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [dcrat] Outgoing URL http|3a|//a0914958.xsph.ru/8a45dff2.php"; flow:to_server,established; http.header; content:"a0914958.xsph.ru"; fast_pattern; nocase; http.uri; content:"/8a45dff2.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//a0914958.xsph.ru/8a45dff2.php"; flow:to_server,established; http.header; content:"a0914958.xsph.ru"; fast_pattern; nocase; http.uri; content:"/8a45dff2.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37846381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26859 [] Domain mi-tarjetacencosud-cl.gulcecevre.com"; dns.query; content:"mi-tarjetacencosud-cl.gulcecevre.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.gulcecevre\.com$/i"; classtype:trojan-activity; sid:37571801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26859;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26859 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.gulcecevre.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.gulcecevre.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.gulcecevre\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37571802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26859;) alert dns any any -> any any (msg: "MISP e27012 [] Hostname wb16.cpserver.net"; dns.query; content:"wb16.cpserver.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wb16\.cpserver\.net$/i"; classtype:trojan-activity; sid:37763681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27012;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27012 [] Outgoing HTTP Hostname wb16.cpserver.net"; flow:to_server,established; http.header; content: "Host|3a| wb16.cpserver.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wb16\.cpserver\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763682; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27012;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27020 [] Outgoing URL http|3a|//mimorvrste.com/si.html"; flow:to_server,established; http.header; content:"mimorvrste.com"; fast_pattern; nocase; http.uri; content:"/si.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37766581; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27020;) alert dns any any -> any any (msg: "MISP e28731 [] Domain updateservice.store"; dns.query; content:"updateservice.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])updateservice\.store$/i"; classtype:trojan-activity; sid:38702361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28731;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28731 [] Outgoing HTTP Domain updateservice.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"updateservice.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])updateservice\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28731;) alert dns any any -> any any (msg: "MISP e28731 [] Domain cybereason.xyz"; dns.query; content:"cybereason.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])cybereason\.xyz$/i"; classtype:trojan-activity; sid:38702371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28731;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28731 [] Outgoing HTTP Domain cybereason.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cybereason.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cybereason\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28731;) alert dns any any -> any any (msg: "MISP e28731 [] Domain upserver.updateservice.store"; dns.query; content:"upserver.updateservice.store"; nocase; pcre: "/(^|[^A-Za-z0-9-])upserver\.updateservice\.store$/i"; classtype:trojan-activity; sid:38702381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28731;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28731 [] Outgoing HTTP Domain upserver.updateservice.store"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"upserver.updateservice.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])upserver\.updateservice\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38702382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28731;) alert ip $HOME_NET any -> 185.196.9.214 80 (msg: "MISP e26903 [SIMPLECARRIER,sliver] Outgoing To IP: 185.196.9.214|80"; classtype:trojan-activity; sid:37615411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 94.156.67.244 443 (msg: "MISP e26903 [Havoc,LIMENET] Outgoing To IP: 94.156.67.244|443"; classtype:trojan-activity; sid:37615421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 82.67.60.21 80 (msg: "MISP e26903 [Havoc,PROXAD] Outgoing To IP: 82.67.60.21|80"; classtype:trojan-activity; sid:37615431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 154.247.237.145 993 (msg: "MISP e26903 [ALGTEL-AS,QakBot] Outgoing To IP: 154.247.237.145|993"; classtype:trojan-activity; sid:37615441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 41.230.86.197 443 (msg: "MISP e26903 [QakBot,TOPNET] Outgoing To IP: 41.230.86.197|443"; classtype:trojan-activity; sid:37615451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.159.0.252 2222 (msg: "MISP e26903 [BACOM,QakBot] Outgoing To IP: 69.159.0.252|2222"; classtype:trojan-activity; sid:37615461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 149.104.27.224 8888 (msg: "MISP e26903 [LUCID-AS-AP LUCIDACLOUD LIMITED,Supershell] Outgoing To IP: 149.104.27.224|8888"; classtype:trojan-activity; sid:37615471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 45.152.65.230 8888 (msg: "MISP e26903 [LUCID-AS-AP LUCIDACLOUD LIMITED,Supershell] Outgoing To IP: 45.152.65.230|8888"; classtype:trojan-activity; sid:37615481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 137.220.197.175 8888 (msg: "MISP e26903 [BCPL-SG BGPNET Global ASN,Supershell] Outgoing To IP: 137.220.197.175|8888"; classtype:trojan-activity; sid:37615491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 198.44.171.3 80 (msg: "MISP e26903 [Meduza Stealer,SNOTIONPTELTD-AS-AP S NOTION PTE. LTD] Outgoing To IP: 198.44.171.3|80"; classtype:trojan-activity; sid:37615501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.159.0.252 2222 (msg: "MISP e26866 [] Outgoing To IP: 69.159.0.252|2222"; classtype:trojan-activity; sid:37846391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 41.230.86.197 443 (msg: "MISP e26866 [] Outgoing To IP: 41.230.86.197|443"; classtype:trojan-activity; sid:37846401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 154.247.237.145 993 (msg: "MISP e26866 [] Outgoing To IP: 154.247.237.145|993"; classtype:trojan-activity; sid:37846411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 82.67.60.21 80 (msg: "MISP e26866 [] Outgoing To IP: 82.67.60.21|80"; classtype:trojan-activity; sid:37846421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 94.156.67.244 443 (msg: "MISP e26866 [] Outgoing To IP: 94.156.67.244|443"; classtype:trojan-activity; sid:37846431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 185.196.9.214 80 (msg: "MISP e26866 [] Outgoing To IP: 185.196.9.214|80"; classtype:trojan-activity; sid:37846441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e27013 [] Domain sslout.de"; dns.query; content:"sslout.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])sslout\.de$/i"; classtype:trojan-activity; sid:37763841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27013;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27013 [] Outgoing HTTP Domain sslout.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sslout.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sslout\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37763842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27013;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27013 [] Source Email Address: service@cosmedicus.de"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"service@cosmedicus.de"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37763851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27013;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27013 [] Destination Email Address: service2@cosmedicus.de"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"service2@cosmedicus.de"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37763861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27013;) alert ip $HOME_NET any -> 198.44.171.3 80 (msg: "MISP e26866 [] Outgoing To IP: 198.44.171.3|80"; classtype:trojan-activity; sid:37846451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 137.220.197.175 8888 (msg: "MISP e26866 [] Outgoing To IP: 137.220.197.175|8888"; classtype:trojan-activity; sid:37846461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 45.152.65.230 8888 (msg: "MISP e26866 [] Outgoing To IP: 45.152.65.230|8888"; classtype:trojan-activity; sid:37846471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 149.104.27.224 8888 (msg: "MISP e26866 [] Outgoing To IP: 149.104.27.224|8888"; classtype:trojan-activity; sid:37846481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26897 [] Outgoing URL http|3a|//dev-ingresa-usuario-appx.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-ingresa-usuario-appx.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37614731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26897;) alert dns any any -> any any (msg: "MISP e26897 [] Domain dev-ingresa-usuario-appx.pantheonsite.io"; dns.query; content:"dev-ingresa-usuario-appx.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-ingresa\-usuario\-appx\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37614751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26897;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26897 [] Outgoing HTTP Domain dev-ingresa-usuario-appx.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-ingresa-usuario-appx.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-ingresa\-usuario\-appx\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37614752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26897;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27014 [] Source Email Address: johnsong@amtechprinting.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"johnsong@amtechprinting.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37764061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27014;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27014 [] Destination Email Address: johnsong@amtechprinting.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"johnsong@amtechprinting.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37764062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27014;) alert dns any any -> any any (msg: "MISP e27014 [] Domain ftp.amtechprinting.com"; dns.query; content:"ftp.amtechprinting.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.amtechprinting\.com$/i"; classtype:trojan-activity; sid:37764051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27014;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27014 [] Outgoing HTTP Domain ftp.amtechprinting.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ftp.amtechprinting.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.amtechprinting\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37764052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27014;) alert dns any any -> any any (msg: "MISP e24600 [] Domain webmailp0stluxmbrg.weebly.com"; dns.query; content:"webmailp0stluxmbrg.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])webmailp0stluxmbrg\.weebly\.com$/i"; classtype:trojan-activity; sid:37766261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain webmailp0stluxmbrg.weebly.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webmailp0stluxmbrg.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webmailp0stluxmbrg\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766262; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 104.156.140.58 $HTTP_PORTS (msg: "MISP e26903 [CobaltStrike,cs-watermark-100000000,MULTA-ASN1] Outgoing URL http|3a|//104.156.140.58/ca"; flow:to_server,established; http.header; content:"104.156.140.58"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 9862459092oobe092662324.from-ga.com"; dns.query; content:"9862459092oobe092662324.from-ga.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])9862459092oobe092662324\.from\-ga\.com$/i"; classtype:trojan-activity; sid:37766321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 9862459092oobe092662324.from-ga.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"9862459092oobe092662324.from-ga.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])9862459092oobe092662324\.from\-ga\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766322; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain infomat2024.is-an-engineer.com"; dns.query; content:"infomat2024.is-an-engineer.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])infomat2024\.is\-an\-engineer\.com$/i"; classtype:trojan-activity; sid:37766361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain infomat2024.is-an-engineer.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"infomat2024.is-an-engineer.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])infomat2024\.is\-an\-engineer\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766362; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 104.156.140.58 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//104.156.140.58/ca"; flow:to_server,established; http.header; content:"104.156.140.58"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37846491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e27109 [] Domain mylatvijaspasts.top"; dns.query; content:"mylatvijaspasts.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])mylatvijaspasts\.top$/i"; classtype:trojan-activity; sid:37775491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27109 [] Outgoing HTTP Domain mylatvijaspasts.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mylatvijaspasts.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mylatvijaspasts\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert dns any any -> any any (msg: "MISP e27015 [] Domain boydjackson.org"; dns.query; content:"boydjackson.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])boydjackson\.org$/i"; classtype:trojan-activity; sid:37764221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27015;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27015 [] Outgoing HTTP Domain boydjackson.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boydjackson.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boydjackson\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37764222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27015;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27015 [] Source Email Address: biz@boydjackson.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"biz@boydjackson.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37764231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27015;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27015 [] Destination Email Address: me@boydjackson.org"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"me@boydjackson.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37764241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27015;) alert dns any any -> any any (msg: "MISP e27109 [] Hostname www.mylatvijaspasts.top"; dns.query; content:"www.mylatvijaspasts.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.mylatvijaspasts\.top$/i"; classtype:trojan-activity; sid:37775501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27109 [] Outgoing HTTP Hostname www.mylatvijaspasts.top"; flow:to_server,established; http.header; content: "Host|3a| www.mylatvijaspasts.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.mylatvijaspasts\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27016 [] Source Email Address: procode@bezelety.top"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"procode@bezelety.top"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37764501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27016;) alert dns any any -> any any (msg: "MISP e27016 [] Domain bezelety.top"; dns.query; content:"bezelety.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])bezelety\.top$/i"; classtype:trojan-activity; sid:37764491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27016;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27016 [] Outgoing HTTP Domain bezelety.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bezelety.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bezelety\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37764492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27016;) alert dns any any -> any any (msg: "MISP e27109 [] Domain latvijaspastsonline.xyz"; dns.query; content:"latvijaspastsonline.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])latvijaspastsonline\.xyz$/i"; classtype:trojan-activity; sid:37775511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27109 [] Outgoing HTTP Domain latvijaspastsonline.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"latvijaspastsonline.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])latvijaspastsonline\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert dns any any -> any any (msg: "MISP e27109 [] Hostname www.latvijaspastsonline.xyz"; dns.query; content:"www.latvijaspastsonline.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.latvijaspastsonline\.xyz$/i"; classtype:trojan-activity; sid:37775521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27109 [] Outgoing HTTP Hostname www.latvijaspastsonline.xyz"; flow:to_server,established; http.header; content: "Host|3a| www.latvijaspastsonline.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\.latvijaspastsonline\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert dns any any -> any any (msg: "MISP e27109 [] Domain ptt-88.top"; dns.query; content:"ptt-88.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ptt\-88\.top$/i"; classtype:trojan-activity; sid:37775531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27109 [] Outgoing HTTP Domain ptt-88.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ptt-88.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ptt\-88\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert dns any any -> any any (msg: "MISP e27109 [] Hostname inbox-100048.square.site"; dns.query; content:"inbox-100048.square.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inbox\-100048\.square\.site$/i"; classtype:trojan-activity; sid:37775541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27109 [] Outgoing HTTP Hostname inbox-100048.square.site"; flow:to_server,established; http.header; content: "Host|3a| inbox-100048.square.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inbox\-100048\.square\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert dns any any -> any any (msg: "MISP e27021 [] Domain gracije.rs"; dns.query; content:"gracije.rs"; nocase; pcre: "/(^|[^A-Za-z0-9-])gracije\.rs$/i"; classtype:trojan-activity; sid:37766611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27021;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27021 [] Outgoing HTTP Domain gracije.rs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gracije.rs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gracije\.rs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27021;) alert ip $HOME_NET any -> 185.119.89.212 any (msg: "MISP e27021 [] Outgoing To IP: 185.119.89.212"; classtype:trojan-activity; sid:37766613; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27021;) alert ip 185.119.89.212 any -> $HOME_NET any (msg: "MISP e27021 [] Incoming From IP: 185.119.89.212"; classtype:trojan-activity; sid:37766614; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27021;) alert dns any any -> any any (msg: "MISP e27021 [] Hostname sslout.de"; dns.query; content:"sslout.de"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sslout\.de$/i"; classtype:trojan-activity; sid:37766621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27021;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27021 [] Outgoing HTTP Hostname sslout.de"; flow:to_server,established; http.header; content: "Host|3a| sslout.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sslout\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37766622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27021;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27021 [] Source Email Address: service@cosmedicus.de"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"service@cosmedicus.de"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37766631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27021;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27021 [] Destination Email Address: service2@cosmedicus.de"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"service2@cosmedicus.de"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37766641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27021;) alert ip $HOME_NET any -> 93.123.39.219 80 (msg: "MISP e26903 [Socks5Systemz] Outgoing To IP: 93.123.39.219|80"; classtype:trojan-activity; sid:37615521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 93.123.39.219 80 (msg: "MISP e26866 [] Outgoing To IP: 93.123.39.219|80"; classtype:trojan-activity; sid:37846501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 185.117.250.169 4483 (msg: "MISP e26903 [RedLineStealer] Outgoing To IP: 185.117.250.169|4483"; classtype:trojan-activity; sid:37615531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 185.117.250.169 4483 (msg: "MISP e26866 [] Outgoing To IP: 185.117.250.169|4483"; classtype:trojan-activity; sid:37846511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26898 [] Domain bancoestado-cuentarut.pages.dev"; dns.query; content:"bancoestado-cuentarut.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-cuentarut\.pages\.dev$/i"; classtype:trojan-activity; sid:37614831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26898;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26898 [] Outgoing HTTP Domain bancoestado-cuentarut.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancoestado-cuentarut.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-cuentarut\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37614832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26898;) alert dns any any -> any any (msg: "MISP e26899 [] Domain bancoestado-cuentarut.pages.dev"; dns.query; content:"bancoestado-cuentarut.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-cuentarut\.pages\.dev$/i"; classtype:trojan-activity; sid:37614911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26899;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26899 [] Outgoing HTTP Domain bancoestado-cuentarut.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancoestado-cuentarut.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-cuentarut\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37614912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26899;) alert dns any any -> any any (msg: "MISP e26900 [] Domain bancoestado-cuentarut.pages.dev"; dns.query; content:"bancoestado-cuentarut.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-cuentarut\.pages\.dev$/i"; classtype:trojan-activity; sid:37614991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26900;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26900 [] Outgoing HTTP Domain bancoestado-cuentarut.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancoestado-cuentarut.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-cuentarut\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37614992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26900;) alert dns any any -> any any (msg: "MISP e27054 [] Domain letunderwear.top"; dns.query; content:"letunderwear.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])letunderwear\.top$/i"; classtype:trojan-activity; sid:37773701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27054;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27054 [] Outgoing HTTP Domain letunderwear.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"letunderwear.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])letunderwear\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37773702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27054;) alert dns any any -> any any (msg: "MISP e26903 [CobaltStrike,cs-watermark-1357776117,SERVER4-AS] Domain firmwarefusion.com"; dns.query; content:"firmwarefusion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])firmwarefusion\.com$/i"; classtype:trojan-activity; sid:37615551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [CobaltStrike,cs-watermark-1357776117,SERVER4-AS] Outgoing HTTP Domain firmwarefusion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"firmwarefusion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])firmwarefusion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 5.42.66.14 443 (msg: "MISP e26903 [CobaltStrike,cs-watermark-1357776117,SERVER4-AS] Outgoing To IP: 5.42.66.14|443"; classtype:trojan-activity; sid:37615561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 154.90.62.138 443 (msg: "MISP e26903 [CobaltStrike,cs-watermark-987654321,KAOPU-HK Kaopu Cloud HK Limited] Outgoing To IP: 154.90.62.138|443"; classtype:trojan-activity; sid:37615581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [CobaltStrike,cs-watermark-1727139162,DIGITALOCEAN-ASN] Domain o.cirt.pro"; dns.query; content:"o.cirt.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-])o\.cirt\.pro$/i"; classtype:trojan-activity; sid:37615601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [CobaltStrike,cs-watermark-1727139162,DIGITALOCEAN-ASN] Outgoing HTTP Domain o.cirt.pro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"o.cirt.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])o\.cirt\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26866 [] Domain firmwarefusion.com"; dns.query; content:"firmwarefusion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])firmwarefusion\.com$/i"; classtype:trojan-activity; sid:37846541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain firmwarefusion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"firmwarefusion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])firmwarefusion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37846542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 154.90.62.138 443 (msg: "MISP e26866 [] Outgoing To IP: 154.90.62.138|443"; classtype:trojan-activity; sid:37846551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 5.42.66.14 443 (msg: "MISP e26866 [] Outgoing To IP: 5.42.66.14|443"; classtype:trojan-activity; sid:37846561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain o.cirt.pro"; dns.query; content:"o.cirt.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-])o\.cirt\.pro$/i"; classtype:trojan-activity; sid:37846581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain o.cirt.pro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"o.cirt.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])o\.cirt\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37846582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 43.153.222.28 4646 (msg: "MISP e26903 [CobaltStrike,cs-watermark-100000,Tencent Building Kejizhongyi Avenue] Outgoing URL http|3a|//43.153.222.28|3a|4646/fwlink"; flow:to_server,established; http.header; content:"43.153.222.28"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 106.52.244.189 81 (msg: "MISP e26903 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//106.52.244.189|3a|81/__utm.gif"; flow:to_server,established; http.header; content:"106.52.244.189"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 43.251.159.58 8637 (msg: "MISP e26903 [CobaltStrike,cs-watermark-305419896,IPTELECOM ASIA] Outgoing URL http|3a|//43.251.159.58|3a|8637/ptj"; flow:to_server,established; http.header; content:"43.251.159.58"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 43.153.222.28 4646 (msg: "MISP e26866 [] Outgoing URL http|3a|//43.153.222.28|3a|4646/fwlink"; flow:to_server,established; http.header; content:"43.153.222.28"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37848781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 106.52.244.189 81 (msg: "MISP e26866 [] Outgoing URL http|3a|//106.52.244.189|3a|81/__utm.gif"; flow:to_server,established; http.header; content:"106.52.244.189"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37848731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 43.251.159.58 8637 (msg: "MISP e26866 [] Outgoing URL http|3a|//43.251.159.58|3a|8637/ptj"; flow:to_server,established; http.header; content:"43.251.159.58"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37848771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e27057 [] Domain bolt-food.sanally.pt"; dns.query; content:"bolt-food.sanally.pt"; nocase; pcre: "/(^|[^A-Za-z0-9-])bolt\-food\.sanally\.pt$/i"; classtype:trojan-activity; sid:37773751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27057;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27057 [] Outgoing HTTP Domain bolt-food.sanally.pt"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bolt-food.sanally.pt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bolt\-food\.sanally\.pt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37773752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27057;) alert ip $HOME_NET any -> 91.92.252.110 7888 (msg: "MISP e26903 [STRRAT] Outgoing To IP: 91.92.252.110|7888"; classtype:trojan-activity; sid:37615671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e27058 [] Domain bolt-food.sanally.pt"; dns.query; content:"bolt-food.sanally.pt"; nocase; pcre: "/(^|[^A-Za-z0-9-])bolt\-food\.sanally\.pt$/i"; classtype:trojan-activity; sid:37773801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27058;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27058 [] Outgoing HTTP Domain bolt-food.sanally.pt"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bolt-food.sanally.pt"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bolt\-food\.sanally\.pt[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37773802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27058;) alert ip $HOME_NET any -> 91.92.252.110 7888 (msg: "MISP e26866 [] Outgoing To IP: 91.92.252.110|7888"; classtype:trojan-activity; sid:37848741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksfootwear-ireland.com"; dns.query; content:"clarksfootwear-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksfootwear\-ireland\.com$/i"; classtype:trojan-activity; sid:37761741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksfootwear-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksfootwear-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksfootwear\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksshoeireland.com"; dns.query; content:"clarksshoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksshoeireland\.com$/i"; classtype:trojan-activity; sid:37761751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksshoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksshoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksshoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain barbourirelandstores.com"; dns.query; content:"barbourirelandstores.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])barbourirelandstores\.com$/i"; classtype:trojan-activity; sid:37761761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain barbourirelandstores.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"barbourirelandstores.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])barbourirelandstores\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stevemaddenshoesireland.com"; dns.query; content:"stevemaddenshoesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stevemaddenshoesireland\.com$/i"; classtype:trojan-activity; sid:37761771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stevemaddenshoesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stevemaddenshoesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stevemaddenshoesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain everlaneirelandonline.com"; dns.query; content:"everlaneirelandonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])everlaneirelandonline\.com$/i"; classtype:trojan-activity; sid:37761781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain everlaneirelandonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"everlaneirelandonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])everlaneirelandonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain zara-ireland.com"; dns.query; content:"zara-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zara\-ireland\.com$/i"; classtype:trojan-activity; sid:37761791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain zara-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zara-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zara\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechershoesireland.com"; dns.query; content:"skechershoesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechershoesireland\.com$/i"; classtype:trojan-activity; sid:37761801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechershoesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechershoesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechershoesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain uggsdublin.com"; dns.query; content:"uggsdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])uggsdublin\.com$/i"; classtype:trojan-activity; sid:37761811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain uggsdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uggsdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uggsdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain salomomireland.com"; dns.query; content:"salomomireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salomomireland\.com$/i"; classtype:trojan-activity; sid:37761821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain salomomireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salomomireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salomomireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onclouddublin.com"; dns.query; content:"onclouddublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onclouddublin\.com$/i"; classtype:trojan-activity; sid:37761831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onclouddublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onclouddublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onclouddublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lulu-emon-ireland.com"; dns.query; content:"lulu-emon-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-emon\-ireland\.com$/i"; classtype:trojan-activity; sid:37761841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lulu-emon-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lulu-emon-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-emon\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain eccoshoes-ireland.com"; dns.query; content:"eccoshoes-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eccoshoes\-ireland\.com$/i"; classtype:trojan-activity; sid:37761851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain eccoshoes-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eccoshoes-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eccoshoes\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arena-ireland.com"; dns.query; content:"arena-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arena\-ireland\.com$/i"; classtype:trojan-activity; sid:37761861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arena-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arena-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arena\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boy-london-ireland.com"; dns.query; content:"boy-london-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boy\-london\-ireland\.com$/i"; classtype:trojan-activity; sid:37761871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boy-london-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boy-london-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boy\-london\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain charleskeithireland.com"; dns.query; content:"charleskeithireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])charleskeithireland\.com$/i"; classtype:trojan-activity; sid:37761881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain charleskeithireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"charleskeithireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])charleskeithireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dagnedoverireland.com"; dns.query; content:"dagnedoverireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dagnedoverireland\.com$/i"; classtype:trojan-activity; sid:37761891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dagnedoverireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dagnedoverireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dagnedoverireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dakineireland.com"; dns.query; content:"dakineireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dakineireland\.com$/i"; classtype:trojan-activity; sid:37761901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dakineireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dakineireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dakineireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain desigual-ireland.com"; dns.query; content:"desigual-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])desigual\-ireland\.com$/i"; classtype:trojan-activity; sid:37761911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain desigual-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"desigual-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])desigual\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain katespadeirelandsale.com"; dns.query; content:"katespadeirelandsale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])katespadeirelandsale\.com$/i"; classtype:trojan-activity; sid:37761921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain katespadeirelandsale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"katespadeirelandsale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])katespadeirelandsale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hobbsireland.com"; dns.query; content:"hobbsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hobbsireland\.com$/i"; classtype:trojan-activity; sid:37761931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hobbsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hobbsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hobbsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain katespadeoutletireland.com"; dns.query; content:"katespadeoutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])katespadeoutletireland\.com$/i"; classtype:trojan-activity; sid:37761941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain katespadeoutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"katespadeoutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])katespadeoutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kipling-bags-ireland.com"; dns.query; content:"kipling-bags-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kipling\-bags\-ireland\.com$/i"; classtype:trojan-activity; sid:37761951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kipling-bags-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kipling-bags-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kipling\-bags\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kipling-ireland.com"; dns.query; content:"kipling-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kipling\-ireland\.com$/i"; classtype:trojan-activity; sid:37761961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kipling-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kipling-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kipling\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkirelandleggings.com"; dns.query; content:"gymsharkirelandleggings.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkirelandleggings\.com$/i"; classtype:trojan-activity; sid:37761971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkirelandleggings.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkirelandleggings.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkirelandleggings\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27109 [] Domain edeaskates.co"; dns.query; content:"edeaskates.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])edeaskates\.co$/i"; classtype:trojan-activity; sid:37775551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27109 [] Outgoing HTTP Domain edeaskates.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edeaskates.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edeaskates\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert dns any any -> any any (msg: "MISP e27109 [] Hostname superapp-verify.dream.press"; dns.query; content:"superapp-verify.dream.press"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])superapp\-verify\.dream\.press$/i"; classtype:trojan-activity; sid:37775601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27109 [] Outgoing HTTP Hostname superapp-verify.dream.press"; flow:to_server,established; http.header; content: "Host|3a| superapp-verify.dream.press"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])superapp\-verify\.dream\.press[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert http $HOME_NET any -> 101.133.164.210 10001 (msg: "MISP e26903 [CobaltStrike,cs-watermark-305419896,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//101.133.164.210|3a|10001/cm"; flow:to_server,established; http.header; content:"101.133.164.210"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 124.71.9.23 8500 (msg: "MISP e26903 [CobaltStrike,cs-watermark-987654321,Huawei Cloud Service data center] Outgoing URL http|3a|//124.71.9.23|3a|8500/g.pixel"; flow:to_server,established; http.header; content:"124.71.9.23"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 1.14.69.16 $HTTP_PORTS (msg: "MISP e26903 [CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//1.14.69.16/wp06/wp-includes/po.php"; flow:to_server,established; http.header; content:"1.14.69.16"; fast_pattern; nocase; http.uri; content:"/wp06/wp-includes/po.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 49.234.185.12 $HTTP_PORTS (msg: "MISP e26903 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//49.234.185.12/activity"; flow:to_server,established; http.header; content:"49.234.185.12"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 49.234.185.12 80 (msg: "MISP e26903 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 49.234.185.12|80"; classtype:trojan-activity; sid:37615721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 101.133.164.210 10001 (msg: "MISP e26866 [] Outgoing URL http|3a|//101.133.164.210|3a|10001/cm"; flow:to_server,established; http.header; content:"101.133.164.210"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37848751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 49.234.185.12 80 (msg: "MISP e26866 [] Outgoing To IP: 49.234.185.12|80"; classtype:trojan-activity; sid:37848681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 49.234.185.12 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//49.234.185.12/activity"; flow:to_server,established; http.header; content:"49.234.185.12"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37848701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 1.14.69.16 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//1.14.69.16/wp06/wp-includes/po.php"; flow:to_server,established; http.header; content:"1.14.69.16"; fast_pattern; nocase; http.uri; content:"/wp06/wp-includes/po.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37848711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 124.71.9.23 8500 (msg: "MISP e26866 [] Outgoing URL http|3a|//124.71.9.23|3a|8500/g.pixel"; flow:to_server,established; http.header; content:"124.71.9.23"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37848721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 104.209.128.50 4444 (msg: "MISP e26903 [c2,Venom] Outgoing To IP: 104.209.128.50|4444"; classtype:trojan-activity; sid:37616611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 136.0.3.250 4444 (msg: "MISP e26903 [c2,Venom] Outgoing To IP: 136.0.3.250|4444"; classtype:trojan-activity; sid:37616621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 83.242.63.186 80 (msg: "MISP e26903 [c2,Venom] Outgoing To IP: 83.242.63.186|80"; classtype:trojan-activity; sid:37616631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 37.27.36.6 9000 (msg: "MISP e26903 [c2,Vidar] Outgoing To IP: 37.27.36.6|9000"; classtype:trojan-activity; sid:37616641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 65.109.172.49 80 (msg: "MISP e26903 [c2,Vidar] Outgoing To IP: 65.109.172.49|80"; classtype:trojan-activity; sid:37616651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 95.217.240.44 80 (msg: "MISP e26903 [c2,Vidar] Outgoing To IP: 95.217.240.44|80"; classtype:trojan-activity; sid:37616661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 65.109.242.97 9000 (msg: "MISP e26903 [c2,Vidar] Outgoing To IP: 65.109.242.97|9000"; classtype:trojan-activity; sid:37616671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 195.2.81.45 80 (msg: "MISP e26903 [c2,recordbreaker] Outgoing To IP: 195.2.81.45|80"; classtype:trojan-activity; sid:37616681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 42.117.36.184 4444 (msg: "MISP e26903 [c2,orcus_rat] Outgoing To IP: 42.117.36.184|4444"; classtype:trojan-activity; sid:37616691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 154.245.141.251 80 (msg: "MISP e26903 [c2,orcus_rat] Outgoing To IP: 154.245.141.251|80"; classtype:trojan-activity; sid:37616701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 197.119.73.234 80 (msg: "MISP e26903 [c2,orcus_rat] Outgoing To IP: 197.119.73.234|80"; classtype:trojan-activity; sid:37616711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 193.181.23.156 8081 (msg: "MISP e26903 [c2,Risepro] Outgoing To IP: 193.181.23.156|8081"; classtype:trojan-activity; sid:37616721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 114.132.41.186 82 (msg: "MISP e26903 [c2,cobalt_strike] Outgoing To IP: 114.132.41.186|82"; classtype:trojan-activity; sid:37616731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27057 [] Source Email Address: bolteestisee@bolteestisee.freshdesk.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"bolteestisee@bolteestisee.freshdesk.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37773761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27057;) alert ip $HOME_NET any -> 39.108.229.236 80 (msg: "MISP e26903 [c2,cobalt_strike] Outgoing To IP: 39.108.229.236|80"; classtype:trojan-activity; sid:37616741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 91.92.243.141 80 (msg: "MISP e26903 [c2,hook] Outgoing To IP: 91.92.243.141|80"; classtype:trojan-activity; sid:37616751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 159.100.14.197 80 (msg: "MISP e26903 [c2,hook] Outgoing To IP: 159.100.14.197|80"; classtype:trojan-activity; sid:37616761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 89.23.98.34 80 (msg: "MISP e26903 [c2,hook] Outgoing To IP: 89.23.98.34|80"; classtype:trojan-activity; sid:37616771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 18.156.13.209 15443 (msg: "MISP e26903 [c2,darkcomet] Outgoing To IP: 18.156.13.209|15443"; classtype:trojan-activity; sid:37616781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 3.127.138.57 15443 (msg: "MISP e26903 [c2,darkcomet] Outgoing To IP: 3.127.138.57|15443"; classtype:trojan-activity; sid:37616791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 187.135.84.81 2083 (msg: "MISP e26903 [c2,darkcomet] Outgoing To IP: 187.135.84.81|2083"; classtype:trojan-activity; sid:37616801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 187.135.84.81 2086 (msg: "MISP e26903 [c2,darkcomet] Outgoing To IP: 187.135.84.81|2086"; classtype:trojan-activity; sid:37616811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 187.135.84.81 2087 (msg: "MISP e26903 [c2,darkcomet] Outgoing To IP: 187.135.84.81|2087"; classtype:trojan-activity; sid:37616821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 187.135.84.81 2095 (msg: "MISP e26903 [c2,darkcomet] Outgoing To IP: 187.135.84.81|2095"; classtype:trojan-activity; sid:37616831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 187.135.84.81 1883 (msg: "MISP e26903 [c2,darkcomet] Outgoing To IP: 187.135.84.81|1883"; classtype:trojan-activity; sid:37616841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 187.135.84.81 1962 (msg: "MISP e26903 [c2,darkcomet] Outgoing To IP: 187.135.84.81|1962"; classtype:trojan-activity; sid:37616851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 187.135.84.81 2004 (msg: "MISP e26903 [c2,darkcomet] Outgoing To IP: 187.135.84.81|2004"; classtype:trojan-activity; sid:37616861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 187.135.84.81 2052 (msg: "MISP e26903 [c2,darkcomet] Outgoing To IP: 187.135.84.81|2052"; classtype:trojan-activity; sid:37616871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 87.98.233.247 443 (msg: "MISP e26903 [c2,sliver] Outgoing To IP: 87.98.233.247|443"; classtype:trojan-activity; sid:37616881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 207.174.3.213 443 (msg: "MISP e26903 [c2,sliver] Outgoing To IP: 207.174.3.213|443"; classtype:trojan-activity; sid:37616891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 43.156.27.199 50050 (msg: "MISP e26903 [c2,cobalt_strike] Outgoing To IP: 43.156.27.199|50050"; classtype:trojan-activity; sid:37616901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 111.231.146.154 50050 (msg: "MISP e26903 [c2,cobalt_strike] Outgoing To IP: 111.231.146.154|50050"; classtype:trojan-activity; sid:37616911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 147.45.78.13 80 (msg: "MISP e26903 [c2,cobalt_strike] Outgoing To IP: 147.45.78.13|80"; classtype:trojan-activity; sid:37616921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 45.9.188.11 47134 (msg: "MISP e26903 [c2,cobalt_strike] Outgoing To IP: 45.9.188.11|47134"; classtype:trojan-activity; sid:37616931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 47.100.101.198 50050 (msg: "MISP e26903 [c2,cobalt_strike] Outgoing To IP: 47.100.101.198|50050"; classtype:trojan-activity; sid:37616941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 192.144.219.118 44343 (msg: "MISP e26903 [c2,cobalt_strike] Outgoing To IP: 192.144.219.118|44343"; classtype:trojan-activity; sid:37616951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 27.102.66.59 35201 (msg: "MISP e26903 [c2,cobalt_strike] Outgoing To IP: 27.102.66.59|35201"; classtype:trojan-activity; sid:37616961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 83.97.20.183 50050 (msg: "MISP e26903 [c2,cobalt_strike] Outgoing To IP: 83.97.20.183|50050"; classtype:trojan-activity; sid:37616971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 213.252.246.185 50050 (msg: "MISP e26903 [c2,cobalt_strike] Outgoing To IP: 213.252.246.185|50050"; classtype:trojan-activity; sid:37616981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 39.40.183.67 995 (msg: "MISP e26903 [c2,QakBot] Outgoing To IP: 39.40.183.67|995"; classtype:trojan-activity; sid:37616991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 168.149.16.139 443 (msg: "MISP e26903 [c2,QakBot] Outgoing To IP: 168.149.16.139|443"; classtype:trojan-activity; sid:37617001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 95.116.67.173 443 (msg: "MISP e26903 [c2,QakBot] Outgoing To IP: 95.116.67.173|443"; classtype:trojan-activity; sid:37617011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 91.92.253.59 443 (msg: "MISP e26903 [c2,Havoc] Outgoing To IP: 91.92.253.59|443"; classtype:trojan-activity; sid:37617051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 91.92.246.48 443 (msg: "MISP e26903 [c2,Havoc] Outgoing To IP: 91.92.246.48|443"; classtype:trojan-activity; sid:37617061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 185.44.71.197 3790 (msg: "MISP e26903 [c2,Meterpreter] Outgoing To IP: 185.44.71.197|3790"; classtype:trojan-activity; sid:37617071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS208046,c2,censys] Domain cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37617081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS208046,c2,censys] Outgoing HTTP Domain cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37617082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS208046,c2,censys] Domain region1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"region1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])region1\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37617091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS208046,c2,censys] Outgoing HTTP Domain region1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"region1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])region1\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37617092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 120.48.5.80 6001 (msg: "MISP e26903 [AS38365,c2,censys] Outgoing To IP: 120.48.5.80|6001"; classtype:trojan-activity; sid:37617101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 43.142.90.7 443 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 43.142.90.7|443"; classtype:trojan-activity; sid:37617111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS208046,c2,censys] Domain visitor-service-eu-central-1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"visitor-service-eu-central-1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])visitor\-service\-eu\-central\-1\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37617121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS208046,c2,censys] Outgoing HTTP Domain visitor-service-eu-central-1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"visitor-service-eu-central-1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])visitor\-service\-eu\-central\-1\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37617122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 118.194.233.185 80 (msg: "MISP e26903 [AS135377,c2,censys] Outgoing To IP: 118.194.233.185|80"; classtype:trojan-activity; sid:37617131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 134.122.20.117 80 (msg: "MISP e26903 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 134.122.20.117|80"; classtype:trojan-activity; sid:37617141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 101.42.35.218 60020 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 101.42.35.218|60020"; classtype:trojan-activity; sid:37617151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 82.157.177.73 2095 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 82.157.177.73|2095"; classtype:trojan-activity; sid:37617161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 82.157.177.73 8081 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 82.157.177.73|8081"; classtype:trojan-activity; sid:37617171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 82.157.177.73 2086 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 82.157.177.73|2086"; classtype:trojan-activity; sid:37617181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 193.112.79.19 443 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 193.112.79.19|443"; classtype:trojan-activity; sid:37617191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 206.237.21.85 80 (msg: "MISP e26903 [AS55933,c2,censys] Outgoing To IP: 206.237.21.85|80"; classtype:trojan-activity; sid:37617201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 1.12.231.99 443 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 1.12.231.99|443"; classtype:trojan-activity; sid:37617211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS-COLOCROSSING,AS36352,c2,censys] Domain 104-168-102-175.plesk.page"; dns.query; content:"104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37617221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain 104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37617222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 118.25.173.248 80 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 118.25.173.248|80"; classtype:trojan-activity; sid:37617231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 175.178.124.71 8000 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 175.178.124.71|8000"; classtype:trojan-activity; sid:37617241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 175.178.124.71 2083 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 175.178.124.71|2083"; classtype:trojan-activity; sid:37617251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 175.178.124.71 2087 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 175.178.124.71|2087"; classtype:trojan-activity; sid:37617261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 38.6.177.108 8088 (msg: "MISP e26903 [AS40065,c2,censys,CNSERVERS] Outgoing To IP: 38.6.177.108|8088"; classtype:trojan-activity; sid:37617271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 47.120.1.107 443 (msg: "MISP e26903 [AS37963,c2,censys] Outgoing To IP: 47.120.1.107|443"; classtype:trojan-activity; sid:37617281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 103.191.15.10 80 (msg: "MISP e26903 [AS38513,c2,censys] Outgoing To IP: 103.191.15.10|80"; classtype:trojan-activity; sid:37617291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 8.219.189.106 5060 (msg: "MISP e26903 [AS45102,c2,censys] Outgoing To IP: 8.219.189.106|5060"; classtype:trojan-activity; sid:37617301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 20.106.175.213 80 (msg: "MISP e26903 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.106.175.213|80"; classtype:trojan-activity; sid:37617311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 20.106.175.213 443 (msg: "MISP e26903 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.106.175.213|443"; classtype:trojan-activity; sid:37617321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 182.149.199.245 8123 (msg: "MISP e26903 [AS4134,c2,censys] Outgoing To IP: 182.149.199.245|8123"; classtype:trojan-activity; sid:37617331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 165.227.172.31 8090 (msg: "MISP e26903 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 165.227.172.31|8090"; classtype:trojan-activity; sid:37617341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.kind-villani.104-168-102-175.plesk.page"; dns.query; content:"www.kind-villani.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kind\-villani\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37617351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.kind-villani.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.kind-villani.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kind\-villani\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37617352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 111.231.74.147 888 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 111.231.74.147|888"; classtype:trojan-activity; sid:37617361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 47.108.153.69 7777 (msg: "MISP e26903 [AS37963,c2,censys] Outgoing To IP: 47.108.153.69|7777"; classtype:trojan-activity; sid:37617371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 8.217.132.202 4443 (msg: "MISP e26903 [AS45102,c2,censys] Outgoing To IP: 8.217.132.202|4443"; classtype:trojan-activity; sid:37617381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 124.70.180.22 89 (msg: "MISP e26903 [AS55990,c2,censys] Outgoing To IP: 124.70.180.22|89"; classtype:trojan-activity; sid:37617391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 101.133.164.210 10001 (msg: "MISP e26903 [AS37963,c2,censys] Outgoing To IP: 101.133.164.210|10001"; classtype:trojan-activity; sid:37617401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 58.87.94.238 81 (msg: "MISP e26903 [AS45090,c2,censys] Outgoing To IP: 58.87.94.238|81"; classtype:trojan-activity; sid:37617411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 91.92.241.199 4433 (msg: "MISP e26903 [AS394711,c2,censys,LIMENET] Outgoing To IP: 91.92.241.199|4433"; classtype:trojan-activity; sid:37617421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 116.62.130.96 5555 (msg: "MISP e26903 [AS37963,c2,censys] Outgoing To IP: 116.62.130.96|5555"; classtype:trojan-activity; sid:37617431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 121.41.75.23 8888 (msg: "MISP e26903 [AS37963,c2,censys] Outgoing To IP: 121.41.75.23|8888"; classtype:trojan-activity; sid:37617441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 8.130.79.120 8787 (msg: "MISP e26903 [AS37963,c2,censys] Outgoing To IP: 8.130.79.120|8787"; classtype:trojan-activity; sid:37617451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 120.24.38.217 80 (msg: "MISP e26903 [AS37963,c2,censys] Outgoing To IP: 120.24.38.217|80"; classtype:trojan-activity; sid:37617461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 38.55.197.151 2077 (msg: "MISP e26903 [AS55020,c2,censys,IDCCLOUD] Outgoing To IP: 38.55.197.151|2077"; classtype:trojan-activity; sid:37617471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 47.236.86.239 8088 (msg: "MISP e26903 [AS45102,c2,censys] Outgoing To IP: 47.236.86.239|8088"; classtype:trojan-activity; sid:37617481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 209.141.46.45 443 (msg: "MISP e26903 [AS53667,c2,censys,PONYNET] Outgoing To IP: 209.141.46.45|443"; classtype:trojan-activity; sid:37617491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 185.196.10.62 80 (msg: "MISP e26903 [AS42624,c2,censys,SIMPLECARRIER] Outgoing To IP: 185.196.10.62|80"; classtype:trojan-activity; sid:37617501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 154.211.15.205 4444 (msg: "MISP e26903 [AS138152,c2,censys] Outgoing To IP: 154.211.15.205|4444"; classtype:trojan-activity; sid:37617511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 8.130.11.62 8000 (msg: "MISP e26903 [AS37963,c2,censys,RAT] Outgoing To IP: 8.130.11.62|8000"; classtype:trojan-activity; sid:37617521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 109.107.161.51 443 (msg: "MISP e26903 [AS216334,c2,censys,LANDVPS-AS] Outgoing To IP: 109.107.161.51|443"; classtype:trojan-activity; sid:37617531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 198.13.57.34 8443 (msg: "MISP e26903 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 198.13.57.34|8443"; classtype:trojan-activity; sid:37617541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 44.221.44.220 31337 (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys] Outgoing To IP: 44.221.44.220|31337"; classtype:trojan-activity; sid:37617551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 130.193.34.93 31337 (msg: "MISP e26903 [AS200350,c2,censys,YANDEXCLOUD] Outgoing To IP: 130.193.34.93|31337"; classtype:trojan-activity; sid:37617561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 151.106.125.157 443 (msg: "MISP e26903 [AS-HOSTINGER,AS47583,c2,censys] Outgoing To IP: 151.106.125.157|443"; classtype:trojan-activity; sid:37617571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 199.248.230.106 443 (msg: "MISP e26903 [AS29909,c2,censys,LESSE] Outgoing To IP: 199.248.230.106|443"; classtype:trojan-activity; sid:37617581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.46.36.218 31337 (msg: "MISP e26903 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.218|31337"; classtype:trojan-activity; sid:37617591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.46.36.209 31337 (msg: "MISP e26903 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.209|31337"; classtype:trojan-activity; sid:37617601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.46.36.217 31337 (msg: "MISP e26903 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.217|31337"; classtype:trojan-activity; sid:37617611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 91.92.243.149 31337 (msg: "MISP e26903 [AS394711,c2,censys,LIMENET] Outgoing To IP: 91.92.243.149|31337"; classtype:trojan-activity; sid:37617621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.46.36.219 31337 (msg: "MISP e26903 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.219|31337"; classtype:trojan-activity; sid:37617631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.46.36.208 31337 (msg: "MISP e26903 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.208|31337"; classtype:trojan-activity; sid:37617641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.46.36.215 443 (msg: "MISP e26903 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.215|443"; classtype:trojan-activity; sid:37617651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.46.36.215 31337 (msg: "MISP e26903 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.215|31337"; classtype:trojan-activity; sid:37617661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.46.36.220 53 (msg: "MISP e26903 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.220|53"; classtype:trojan-activity; sid:37617671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.46.36.220 31337 (msg: "MISP e26903 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.220|31337"; classtype:trojan-activity; sid:37617681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.46.36.211 53 (msg: "MISP e26903 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.211|53"; classtype:trojan-activity; sid:37617691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 69.46.36.211 31337 (msg: "MISP e26903 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.211|31337"; classtype:trojan-activity; sid:37617701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 137.220.197.236 8888 (msg: "MISP e26903 [AS64050,c2,censys,Supershell] Outgoing To IP: 137.220.197.236|8888"; classtype:trojan-activity; sid:37617711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 23.251.37.231 8888 (msg: "MISP e26903 [AS21859,c2,censys,Supershell,ZEN-ECN] Outgoing To IP: 23.251.37.231|8888"; classtype:trojan-activity; sid:37617721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 187.24.4.94 9999 (msg: "MISP e26903 [AS22085,c2,censys,RAT] Outgoing To IP: 187.24.4.94|9999"; classtype:trojan-activity; sid:37617731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 203.30.9.90 443 (msg: "MISP e26903 [AS136994,c2,censys,RAT] Outgoing To IP: 203.30.9.90|443"; classtype:trojan-activity; sid:37617741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 184.147.209.221 8080 (msg: "MISP e26903 [AS577,BACOM,c2,censys,RAT] Outgoing To IP: 184.147.209.221|8080"; classtype:trojan-activity; sid:37617751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 185.117.250.169 3393 (msg: "MISP e26903 [AS8648,c2,censys,ONE-NETWORK,RAT] Outgoing To IP: 185.117.250.169|3393"; classtype:trojan-activity; sid:37617761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 45.138.16.228 9090 (msg: "MISP e26903 [AS210558,c2,censys,RAT] Outgoing To IP: 45.138.16.228|9090"; classtype:trojan-activity; sid:37617771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 142.113.120.107 8080 (msg: "MISP e26903 [AS577,BACOM,c2,censys,RAT] Outgoing To IP: 142.113.120.107|8080"; classtype:trojan-activity; sid:37617781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 45.240.136.144 5055 (msg: "MISP e26903 [AS24863,c2,censys,LINKdotNET-AS,RAT] Outgoing To IP: 45.240.136.144|5055"; classtype:trojan-activity; sid:37617791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 66.94.120.244 9999 (msg: "MISP e26903 [AS40021,c2,censys,NL-811-40021,RAT] Outgoing To IP: 66.94.120.244|9999"; classtype:trojan-activity; sid:37617801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 193.32.162.198 8808 (msg: "MISP e26903 [AS47890,c2,censys,RAT,UNMANAGED-DEDICATED-SERVERS] Outgoing To IP: 193.32.162.198|8808"; classtype:trojan-activity; sid:37617811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 23.26.201.73 8888 (msg: "MISP e26903 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 23.26.201.73|8888"; classtype:trojan-activity; sid:37617821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 51.161.107.68 8808 (msg: "MISP e26903 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 51.161.107.68|8808"; classtype:trojan-activity; sid:37617831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 45.134.83.162 7707 (msg: "MISP e26903 [AS6134,c2,censys,RAT,XNNET] Outgoing To IP: 45.134.83.162|7707"; classtype:trojan-activity; sid:37617841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 51.77.68.50 1231 (msg: "MISP e26903 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 51.77.68.50|1231"; classtype:trojan-activity; sid:37617851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 213.195.119.244 4001 (msg: "MISP e26903 [AS15704,c2,censys,RAT] Outgoing To IP: 213.195.119.244|4001"; classtype:trojan-activity; sid:37617861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 154.16.67.94 4242 (msg: "MISP e26903 [AS397423,c2,censys,RAT,TIER-NET] Outgoing To IP: 154.16.67.94|4242"; classtype:trojan-activity; sid:37617871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 154.16.67.94 4444 (msg: "MISP e26903 [AS397423,c2,censys,RAT,TIER-NET] Outgoing To IP: 154.16.67.94|4444"; classtype:trojan-activity; sid:37617881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 136.243.151.21 63 (msg: "MISP e26903 [AS24940,c2,censys,HETZNER-AS,RAT] Outgoing To IP: 136.243.151.21|63"; classtype:trojan-activity; sid:37617891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 209.38.188.72 7443 (msg: "MISP e26903 [AS14061,c2,censys,DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 209.38.188.72|7443"; classtype:trojan-activity; sid:37617901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 86.110.194.106 80 (msg: "MISP e26903 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 86.110.194.106|80"; classtype:trojan-activity; sid:37617911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 20.199.42.249 80 (msg: "MISP e26903 [AS8075,c2,censys,HookBot,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.199.42.249|80"; classtype:trojan-activity; sid:37617921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 94.250.252.66 80 (msg: "MISP e26903 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing To IP: 94.250.252.66|80"; classtype:trojan-activity; sid:37617931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 103.253.17.111 8081 (msg: "MISP e26903 [AS140815,c2,censys] Outgoing To IP: 103.253.17.111|8081"; classtype:trojan-activity; sid:37617941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 191.82.215.55 2000 (msg: "MISP e26903 [AS22927,c2,censys,RAT] Outgoing To IP: 191.82.215.55|2000"; classtype:trojan-activity; sid:37617951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 91.134.187.25 3336 (msg: "MISP e26903 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 91.134.187.25|3336"; classtype:trojan-activity; sid:37617961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 181.161.4.80 8080 (msg: "MISP e26903 [AS7418,c2,censys,RAT] Outgoing To IP: 181.161.4.80|8080"; classtype:trojan-activity; sid:37617971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 191.82.221.165 2000 (msg: "MISP e26903 [AS22927,c2,censys,RAT] Outgoing To IP: 191.82.221.165|2000"; classtype:trojan-activity; sid:37617981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 35.137.73.119 22222 (msg: "MISP e26903 [AS33363,BHN-33363,c2,censys,RAT] Outgoing To IP: 35.137.73.119|22222"; classtype:trojan-activity; sid:37617991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [ALEXHOST,AS200019,c2,censys] Domain smtracking.web_hassinezarrat.swp23.com"; dns.query; content:"smtracking.web_hassinezarrat.swp23.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])smtracking\.web_hassinezarrat\.swp23\.com$/i"; classtype:trojan-activity; sid:37618001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [ALEXHOST,AS200019,c2,censys] Outgoing HTTP Domain smtracking.web_hassinezarrat.swp23.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smtracking.web_hassinezarrat.swp23.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smtracking\.web_hassinezarrat\.swp23\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS13335,c2,censys,CLOUDFLARENET] Domain time.vmupdate.org"; dns.query; content:"time.vmupdate.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])time\.vmupdate\.org$/i"; classtype:trojan-activity; sid:37618011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS13335,c2,censys,CLOUDFLARENET] Outgoing HTTP Domain time.vmupdate.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"time.vmupdate.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])time\.vmupdate\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [ALEXHOST,AS200019,c2,censys] Domain gbdvs.shop"; dns.query; content:"gbdvs.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])gbdvs\.shop$/i"; classtype:trojan-activity; sid:37618021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [ALEXHOST,AS200019,c2,censys] Outgoing HTTP Domain gbdvs.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gbdvs.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gbdvs\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [ALEXHOST,AS200019,c2,censys] Domain accept.gbdvs.shop"; dns.query; content:"accept.gbdvs.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])accept\.gbdvs\.shop$/i"; classtype:trojan-activity; sid:37618031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [ALEXHOST,AS200019,c2,censys] Outgoing HTTP Domain accept.gbdvs.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"accept.gbdvs.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])accept\.gbdvs\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain dev2.stocktok.io"; dns.query; content:"dev2.stocktok.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev2\.stocktok\.io$/i"; classtype:trojan-activity; sid:37618041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain dev2.stocktok.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev2.stocktok.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev2\.stocktok\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [ALEXHOST,AS200019,c2,censys] Domain www.gbdvs.shop"; dns.query; content:"www.gbdvs.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gbdvs\.shop$/i"; classtype:trojan-activity; sid:37618051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [ALEXHOST,AS200019,c2,censys] Outgoing HTTP Domain www.gbdvs.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.gbdvs.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gbdvs\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys] Domain mail.3-84-126-255.cprapid.com"; dns.query; content:"mail.3-84-126-255.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.3\-84\-126\-255\.cprapid\.com$/i"; classtype:trojan-activity; sid:37618061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys] Outgoing HTTP Domain mail.3-84-126-255.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.3-84-126-255.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.3\-84\-126\-255\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 43.204.230.44 80 (msg: "MISP e26903 [AMAZON-02,AS16509,c2,censys,L3MON] Outgoing To IP: 43.204.230.44|80"; classtype:trojan-activity; sid:37618071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 78.141.216.219 22533 (msg: "MISP e26903 [AS-CHOOPA,AS20473,c2,censys,L3MON] Outgoing To IP: 78.141.216.219|22533"; classtype:trojan-activity; sid:37618081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 91.92.245.119 443 (msg: "MISP e26903 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.245.119|443"; classtype:trojan-activity; sid:37618091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 110.173.54.194 80 (msg: "MISP e26903 [AS45753,c2,censys] Outgoing To IP: 110.173.54.194|80"; classtype:trojan-activity; sid:37618101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 20.121.42.245 80 (msg: "MISP e26903 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.121.42.245|80"; classtype:trojan-activity; sid:37618111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 213.166.68.24 80 (msg: "MISP e26903 [AS204601,c2,censys] Outgoing To IP: 213.166.68.24|80"; classtype:trojan-activity; sid:37618121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 40.119.24.133 80 (msg: "MISP e26903 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 40.119.24.133|80"; classtype:trojan-activity; sid:37618131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 110.173.54.198 80 (msg: "MISP e26903 [AS45753,c2,censys] Outgoing To IP: 110.173.54.198|80"; classtype:trojan-activity; sid:37618141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 104.43.89.110 80 (msg: "MISP e26903 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 104.43.89.110|80"; classtype:trojan-activity; sid:37618151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 5.199.169.206 80 (msg: "MISP e26903 [AS16125,c2,censys,CHERRYSERVERS1-AS] Outgoing To IP: 5.199.169.206|80"; classtype:trojan-activity; sid:37618161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 110.173.54.197 80 (msg: "MISP e26903 [AS45753,c2,censys] Outgoing To IP: 110.173.54.197|80"; classtype:trojan-activity; sid:37618171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 110.173.54.196 80 (msg: "MISP e26903 [AS45753,c2,censys] Outgoing To IP: 110.173.54.196|80"; classtype:trojan-activity; sid:37618181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 20.166.248.109 80 (msg: "MISP e26903 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.166.248.109|80"; classtype:trojan-activity; sid:37618191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 52.22.239.204 443 (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 52.22.239.204|443"; classtype:trojan-activity; sid:37618201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 52.205.60.154 443 (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 52.205.60.154|443"; classtype:trojan-activity; sid:37618211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 34.197.122.235 443 (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 34.197.122.235|443"; classtype:trojan-activity; sid:37618221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-52-22-239-204.compute-1.amazonaws.com"; dns.query; content:"ec2-52-22-239-204.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-22\-239\-204\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37618231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-52-22-239-204.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-52-22-239-204.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-22\-239\-204\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain maps.attuneiot.com"; dns.query; content:"maps.attuneiot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])maps\.attuneiot\.com$/i"; classtype:trojan-activity; sid:37618241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain maps.attuneiot.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maps.attuneiot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maps\.attuneiot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-34-197-122-235.compute-1.amazonaws.com"; dns.query; content:"ec2-34-197-122-235.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-197\-122\-235\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37618251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-34-197-122-235.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-34-197-122-235.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-197\-122\-235\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain my.attuneiot.com"; dns.query; content:"my.attuneiot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])my\.attuneiot\.com$/i"; classtype:trojan-activity; sid:37618261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain my.attuneiot.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"my.attuneiot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])my\.attuneiot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-52-23-117-205.compute-1.amazonaws.com"; dns.query; content:"ec2-52-23-117-205.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-23\-117\-205\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37618271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-52-23-117-205.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-52-23-117-205.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-23\-117\-205\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Domain dhjkfgdfkhjghdfjkgjdfoigjpi.ru"; dns.query; content:"dhjkfgdfkhjghdfjkgjdfoigjpi.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])dhjkfgdfkhjghdfjkgjdfoigjpi\.ru$/i"; classtype:trojan-activity; sid:37618281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Outgoing HTTP Domain dhjkfgdfkhjghdfjkgjdfoigjpi.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dhjkfgdfkhjghdfjkgjdfoigjpi.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dhjkfgdfkhjghdfjkgjdfoigjpi\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Domain epsilonyouknow.party"; dns.query; content:"epsilonyouknow.party"; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilonyouknow\.party$/i"; classtype:trojan-activity; sid:37618291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Outgoing HTTP Domain epsilonyouknow.party"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"epsilonyouknow.party"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilonyouknow\.party[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 51.195.83.140 80 (msg: "MISP e26903 [AS16276,c2,censys,EpsilonStealer,OVH,stealer] Outgoing To IP: 51.195.83.140|80"; classtype:trojan-activity; sid:37618301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 51.195.83.140 443 (msg: "MISP e26903 [AS16276,c2,censys,EpsilonStealer,OVH,stealer] Outgoing To IP: 51.195.83.140|443"; classtype:trojan-activity; sid:37618311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 51.195.83.140 8888 (msg: "MISP e26903 [AS16276,c2,censys,EpsilonStealer,OVH,stealer] Outgoing To IP: 51.195.83.140|8888"; classtype:trojan-activity; sid:37618321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 93.123.85.142 80 (msg: "MISP e26903 [AS216240,c2,censys,MORTALSOFT] Outgoing To IP: 93.123.85.142|80"; classtype:trojan-activity; sid:37618331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 91.208.92.66 80 (msg: "MISP e26903 [AS212027,c2,censys,PEBBLEHOST,UNAM] Outgoing To IP: 91.208.92.66|80"; classtype:trojan-activity; sid:37618341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS216289,c2,censys,SIRCROSAR-NET,UNAM] Domain telligenc.rest"; dns.query; content:"telligenc.rest"; nocase; pcre: "/(^|[^A-Za-z0-9-])telligenc\.rest$/i"; classtype:trojan-activity; sid:37618351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS216289,c2,censys,SIRCROSAR-NET,UNAM] Outgoing HTTP Domain telligenc.rest"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"telligenc.rest"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])telligenc\.rest[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS62005,BV-EU-AS,c2,censys,RedWarden] Domain nic-ns3-153548.net"; dns.query; content:"nic-ns3-153548.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])nic\-ns3\-153548\.net$/i"; classtype:trojan-activity; sid:37618361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS62005,BV-EU-AS,c2,censys,RedWarden] Outgoing HTTP Domain nic-ns3-153548.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nic-ns3-153548.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nic\-ns3\-153548\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AMAZON-02,AS16509,c2,censys,RedWarden] Domain ec2-16-62-149-189.eu-central-2.compute.amazonaws.com"; dns.query; content:"ec2-16-62-149-189.eu-central-2.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-16\-62\-149\-189\.eu\-central\-2\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37618371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AMAZON-02,AS16509,c2,censys,RedWarden] Outgoing HTTP Domain ec2-16-62-149-189.eu-central-2.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-16-62-149-189.eu-central-2.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-16\-62\-149\-189\.eu\-central\-2\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 18.183.219.84 60000 (msg: "MISP e26903 [AMAZON-02,AS16509,censys,Viper] Outgoing To IP: 18.183.219.84|60000"; classtype:trojan-activity; sid:37618381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 152.42.162.0 60000 (msg: "MISP e26903 [AS14061,censys,DIGITALOCEAN-ASN,Viper] Outgoing To IP: 152.42.162.0|60000"; classtype:trojan-activity; sid:37618391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 117.84.36.29 8008 (msg: "MISP e26903 [AS4134,censys,Viper] Outgoing To IP: 117.84.36.29|8008"; classtype:trojan-activity; sid:37618401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 103.118.41.127 60000 (msg: "MISP e26903 [AS7586,censys,Viper] Outgoing To IP: 103.118.41.127|60000"; classtype:trojan-activity; sid:37618411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 123.60.16.239 60000 (msg: "MISP e26903 [AS55990,censys,Viper] Outgoing To IP: 123.60.16.239|60000"; classtype:trojan-activity; sid:37618421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 118.89.91.229 60000 (msg: "MISP e26903 [AS45090,censys,Viper] Outgoing To IP: 118.89.91.229|60000"; classtype:trojan-activity; sid:37618431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 47.109.142.156 60000 (msg: "MISP e26903 [AS37963,censys,Viper] Outgoing To IP: 47.109.142.156|60000"; classtype:trojan-activity; sid:37618441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 103.118.41.143 60000 (msg: "MISP e26903 [AS7586,censys,Viper] Outgoing To IP: 103.118.41.143|60000"; classtype:trojan-activity; sid:37618451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain www3.deenpel.com"; dns.query; content:"www3.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www3\.deenpel\.com$/i"; classtype:trojan-activity; sid:37618461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain www3.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www3.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www3\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain port.deenpel.com"; dns.query; content:"port.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])port\.deenpel\.com$/i"; classtype:trojan-activity; sid:37618471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain port.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"port.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])port\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain ogs.deenpel.com"; dns.query; content:"ogs.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ogs\.deenpel\.com$/i"; classtype:trojan-activity; sid:37618481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain ogs.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ogs.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ogs\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain accounts.deenpel.com"; dns.query; content:"accounts.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])accounts\.deenpel\.com$/i"; classtype:trojan-activity; sid:37618491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain accounts.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"accounts.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])accounts\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 178.128.212.97 8443 (msg: "MISP e26903 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 178.128.212.97|8443"; classtype:trojan-activity; sid:37618501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 64.227.66.1 3333 (msg: "MISP e26903 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 64.227.66.1|3333"; classtype:trojan-activity; sid:37618511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 178.154.201.213 3333 (msg: "MISP e26903 [AS200350,censys,GoPhish,phishing,YANDEXCLOUD] Outgoing To IP: 178.154.201.213|3333"; classtype:trojan-activity; sid:37618521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 34.250.158.249 443 (msg: "MISP e26903 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 34.250.158.249|443"; classtype:trojan-activity; sid:37618531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 185.43.222.163 3333 (msg: "MISP e26903 [AS59939,censys,GoPhish,phishing,WIBO-AS] Outgoing To IP: 185.43.222.163|3333"; classtype:trojan-activity; sid:37618541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 107.174.250.230 3333 (msg: "MISP e26903 [AS-COLOCROSSING,AS36352,censys,GoPhish,phishing] Outgoing To IP: 107.174.250.230|3333"; classtype:trojan-activity; sid:37618551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 196.50.10.35 443 (msg: "MISP e26903 [AS37649,censys,GoPhish,phishing,Tigo] Outgoing To IP: 196.50.10.35|443"; classtype:trojan-activity; sid:37618561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 206.221.176.188 10718 (msg: "MISP e26903 [AS23470,censys,GoPhish,phishing,RELIABLESITE] Outgoing To IP: 206.221.176.188|10718"; classtype:trojan-activity; sid:37618571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 89.26.253.61 3333 (msg: "MISP e26903 [AS5626,censys,GoPhish,phishing] Outgoing To IP: 89.26.253.61|3333"; classtype:trojan-activity; sid:37618581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 3.231.20.29 443 (msg: "MISP e26903 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 3.231.20.29|443"; classtype:trojan-activity; sid:37618591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 18.156.23.188 443 (msg: "MISP e26903 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 18.156.23.188|443"; classtype:trojan-activity; sid:37618601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 54.194.190.84 443 (msg: "MISP e26903 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 54.194.190.84|443"; classtype:trojan-activity; sid:37618611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 20.88.9.79 3333 (msg: "MISP e26903 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.88.9.79|3333"; classtype:trojan-activity; sid:37618621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 157.230.24.185 3333 (msg: "MISP e26903 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 157.230.24.185|3333"; classtype:trojan-activity; sid:37618631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 43.136.182.96 3333 (msg: "MISP e26903 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 43.136.182.96|3333"; classtype:trojan-activity; sid:37618641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 34.125.92.141 443 (msg: "MISP e26903 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.125.92.141|443"; classtype:trojan-activity; sid:37618651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 165.22.73.33 3333 (msg: "MISP e26903 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 165.22.73.33|3333"; classtype:trojan-activity; sid:37618661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 80.249.164.234 3333 (msg: "MISP e26903 [AS5483,censys,GoPhish,phishing] Outgoing To IP: 80.249.164.234|3333"; classtype:trojan-activity; sid:37618671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 128.199.141.212 3333 (msg: "MISP e26903 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 128.199.141.212|3333"; classtype:trojan-activity; sid:37618681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 167.71.231.127 3333 (msg: "MISP e26903 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 167.71.231.127|3333"; classtype:trojan-activity; sid:37618691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 139.196.100.176 60080 (msg: "MISP e26903 [AS37963,censys,GoPhish,phishing] Outgoing To IP: 139.196.100.176|60080"; classtype:trojan-activity; sid:37618701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 3.28.252.232 4444 (msg: "MISP e26903 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.28.252.232|4444"; classtype:trojan-activity; sid:37618711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 20.161.150.170 3333 (msg: "MISP e26903 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.161.150.170|3333"; classtype:trojan-activity; sid:37618721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 128.199.23.68 9999 (msg: "MISP e26903 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 128.199.23.68|9999"; classtype:trojan-activity; sid:37618731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e27109 [] Domain nnmtb.com"; dns.query; content:"nnmtb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nnmtb\.com$/i"; classtype:trojan-activity; sid:37775561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27109 [] Outgoing HTTP Domain nnmtb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nnmtb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nnmtb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27109;) alert ip $HOME_NET any -> 104.209.128.50 4444 (msg: "MISP e26866 [] Outgoing To IP: 104.209.128.50|4444"; classtype:trojan-activity; sid:37848151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 37.27.36.6 9000 (msg: "MISP e26866 [] Outgoing To IP: 37.27.36.6|9000"; classtype:trojan-activity; sid:37848171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 83.242.63.186 80 (msg: "MISP e26866 [] Outgoing To IP: 83.242.63.186|80"; classtype:trojan-activity; sid:37848181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 136.0.3.250 4444 (msg: "MISP e26866 [] Outgoing To IP: 136.0.3.250|4444"; classtype:trojan-activity; sid:37848191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 65.109.242.97 9000 (msg: "MISP e26866 [] Outgoing To IP: 65.109.242.97|9000"; classtype:trojan-activity; sid:37848201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 95.217.240.44 80 (msg: "MISP e26866 [] Outgoing To IP: 95.217.240.44|80"; classtype:trojan-activity; sid:37848211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 65.109.172.49 80 (msg: "MISP e26866 [] Outgoing To IP: 65.109.172.49|80"; classtype:trojan-activity; sid:37848221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 154.245.141.251 80 (msg: "MISP e26866 [] Outgoing To IP: 154.245.141.251|80"; classtype:trojan-activity; sid:37848231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 42.117.36.184 4444 (msg: "MISP e26866 [] Outgoing To IP: 42.117.36.184|4444"; classtype:trojan-activity; sid:37848241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 195.2.81.45 80 (msg: "MISP e26866 [] Outgoing To IP: 195.2.81.45|80"; classtype:trojan-activity; sid:37848251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 193.181.23.156 8081 (msg: "MISP e26866 [] Outgoing To IP: 193.181.23.156|8081"; classtype:trojan-activity; sid:37848261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 197.119.73.234 80 (msg: "MISP e26866 [] Outgoing To IP: 197.119.73.234|80"; classtype:trojan-activity; sid:37848271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 91.92.243.141 80 (msg: "MISP e26866 [] Outgoing To IP: 91.92.243.141|80"; classtype:trojan-activity; sid:37848281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 39.108.229.236 80 (msg: "MISP e26866 [] Outgoing To IP: 39.108.229.236|80"; classtype:trojan-activity; sid:37848291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 114.132.41.186 82 (msg: "MISP e26866 [] Outgoing To IP: 114.132.41.186|82"; classtype:trojan-activity; sid:37848301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 18.156.13.209 15443 (msg: "MISP e26866 [] Outgoing To IP: 18.156.13.209|15443"; classtype:trojan-activity; sid:37848311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 89.23.98.34 80 (msg: "MISP e26866 [] Outgoing To IP: 89.23.98.34|80"; classtype:trojan-activity; sid:37848321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 159.100.14.197 80 (msg: "MISP e26866 [] Outgoing To IP: 159.100.14.197|80"; classtype:trojan-activity; sid:37848331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 187.135.84.81 2086 (msg: "MISP e26866 [] Outgoing To IP: 187.135.84.81|2086"; classtype:trojan-activity; sid:37848341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 187.135.84.81 2083 (msg: "MISP e26866 [] Outgoing To IP: 187.135.84.81|2083"; classtype:trojan-activity; sid:37848351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 3.127.138.57 15443 (msg: "MISP e26866 [] Outgoing To IP: 3.127.138.57|15443"; classtype:trojan-activity; sid:37848361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 187.135.84.81 1883 (msg: "MISP e26866 [] Outgoing To IP: 187.135.84.81|1883"; classtype:trojan-activity; sid:37848371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 187.135.84.81 2095 (msg: "MISP e26866 [] Outgoing To IP: 187.135.84.81|2095"; classtype:trojan-activity; sid:37848381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 187.135.84.81 2087 (msg: "MISP e26866 [] Outgoing To IP: 187.135.84.81|2087"; classtype:trojan-activity; sid:37848391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 187.135.84.81 2052 (msg: "MISP e26866 [] Outgoing To IP: 187.135.84.81|2052"; classtype:trojan-activity; sid:37848401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 187.135.84.81 2004 (msg: "MISP e26866 [] Outgoing To IP: 187.135.84.81|2004"; classtype:trojan-activity; sid:37848411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 187.135.84.81 1962 (msg: "MISP e26866 [] Outgoing To IP: 187.135.84.81|1962"; classtype:trojan-activity; sid:37848421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 43.156.27.199 50050 (msg: "MISP e26866 [] Outgoing To IP: 43.156.27.199|50050"; classtype:trojan-activity; sid:37848431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 207.174.3.213 443 (msg: "MISP e26866 [] Outgoing To IP: 207.174.3.213|443"; classtype:trojan-activity; sid:37848441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 87.98.233.247 443 (msg: "MISP e26866 [] Outgoing To IP: 87.98.233.247|443"; classtype:trojan-activity; sid:37848451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 45.9.188.11 47134 (msg: "MISP e26866 [] Outgoing To IP: 45.9.188.11|47134"; classtype:trojan-activity; sid:37848461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 147.45.78.13 80 (msg: "MISP e26866 [] Outgoing To IP: 147.45.78.13|80"; classtype:trojan-activity; sid:37848471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 111.231.146.154 50050 (msg: "MISP e26866 [] Outgoing To IP: 111.231.146.154|50050"; classtype:trojan-activity; sid:37848481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 27.102.66.59 35201 (msg: "MISP e26866 [] Outgoing To IP: 27.102.66.59|35201"; classtype:trojan-activity; sid:37848491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 192.144.219.118 44343 (msg: "MISP e26866 [] Outgoing To IP: 192.144.219.118|44343"; classtype:trojan-activity; sid:37848501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 47.100.101.198 50050 (msg: "MISP e26866 [] Outgoing To IP: 47.100.101.198|50050"; classtype:trojan-activity; sid:37848511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 213.252.246.185 50050 (msg: "MISP e26866 [] Outgoing To IP: 213.252.246.185|50050"; classtype:trojan-activity; sid:37848521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 83.97.20.183 50050 (msg: "MISP e26866 [] Outgoing To IP: 83.97.20.183|50050"; classtype:trojan-activity; sid:37848531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 95.116.67.173 443 (msg: "MISP e26866 [] Outgoing To IP: 95.116.67.173|443"; classtype:trojan-activity; sid:37848541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 168.149.16.139 443 (msg: "MISP e26866 [] Outgoing To IP: 168.149.16.139|443"; classtype:trojan-activity; sid:37848551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 39.40.183.67 995 (msg: "MISP e26866 [] Outgoing To IP: 39.40.183.67|995"; classtype:trojan-activity; sid:37848561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 185.44.71.197 3790 (msg: "MISP e26866 [] Outgoing To IP: 185.44.71.197|3790"; classtype:trojan-activity; sid:37848571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 91.92.246.48 443 (msg: "MISP e26866 [] Outgoing To IP: 91.92.246.48|443"; classtype:trojan-activity; sid:37848581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 91.92.253.59 443 (msg: "MISP e26866 [] Outgoing To IP: 91.92.253.59|443"; classtype:trojan-activity; sid:37848591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 120.48.5.80 6001 (msg: "MISP e26866 [] Outgoing To IP: 120.48.5.80|6001"; classtype:trojan-activity; sid:37848601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 118.194.233.185 80 (msg: "MISP e26866 [] Outgoing To IP: 118.194.233.185|80"; classtype:trojan-activity; sid:37848611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 43.142.90.7 443 (msg: "MISP e26866 [] Outgoing To IP: 43.142.90.7|443"; classtype:trojan-activity; sid:37848621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 101.42.35.218 60020 (msg: "MISP e26866 [] Outgoing To IP: 101.42.35.218|60020"; classtype:trojan-activity; sid:37848631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 134.122.20.117 80 (msg: "MISP e26866 [] Outgoing To IP: 134.122.20.117|80"; classtype:trojan-activity; sid:37848641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37848651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 82.157.177.73 2095 (msg: "MISP e26866 [] Outgoing To IP: 82.157.177.73|2095"; classtype:trojan-activity; sid:37848661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain region1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"region1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])region1\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37848671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain region1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"region1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])region1\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain visitor-service-eu-central-1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"visitor-service-eu-central-1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])visitor\-service\-eu\-central\-1\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37848691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain visitor-service-eu-central-1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"visitor-service-eu-central-1.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])visitor\-service\-eu\-central\-1\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 82.157.177.73 2086 (msg: "MISP e26866 [] Outgoing To IP: 82.157.177.73|2086"; classtype:trojan-activity; sid:37846591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 193.112.79.19 443 (msg: "MISP e26866 [] Outgoing To IP: 193.112.79.19|443"; classtype:trojan-activity; sid:37846601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 82.157.177.73 8081 (msg: "MISP e26866 [] Outgoing To IP: 82.157.177.73|8081"; classtype:trojan-activity; sid:37846611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 1.12.231.99 443 (msg: "MISP e26866 [] Outgoing To IP: 1.12.231.99|443"; classtype:trojan-activity; sid:37846621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 206.237.21.85 80 (msg: "MISP e26866 [] Outgoing To IP: 206.237.21.85|80"; classtype:trojan-activity; sid:37846631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 118.25.173.248 80 (msg: "MISP e26866 [] Outgoing To IP: 118.25.173.248|80"; classtype:trojan-activity; sid:37846641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 175.178.124.71 8000 (msg: "MISP e26866 [] Outgoing To IP: 175.178.124.71|8000"; classtype:trojan-activity; sid:37846651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 175.178.124.71 2083 (msg: "MISP e26866 [] Outgoing To IP: 175.178.124.71|2083"; classtype:trojan-activity; sid:37846661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 47.120.1.107 443 (msg: "MISP e26866 [] Outgoing To IP: 47.120.1.107|443"; classtype:trojan-activity; sid:37846671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 175.178.124.71 2087 (msg: "MISP e26866 [] Outgoing To IP: 175.178.124.71|2087"; classtype:trojan-activity; sid:37846681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 103.191.15.10 80 (msg: "MISP e26866 [] Outgoing To IP: 103.191.15.10|80"; classtype:trojan-activity; sid:37846691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 38.6.177.108 8088 (msg: "MISP e26866 [] Outgoing To IP: 38.6.177.108|8088"; classtype:trojan-activity; sid:37846701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 20.106.175.213 443 (msg: "MISP e26866 [] Outgoing To IP: 20.106.175.213|443"; classtype:trojan-activity; sid:37846711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 8.219.189.106 5060 (msg: "MISP e26866 [] Outgoing To IP: 8.219.189.106|5060"; classtype:trojan-activity; sid:37846721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 182.149.199.245 8123 (msg: "MISP e26866 [] Outgoing To IP: 182.149.199.245|8123"; classtype:trojan-activity; sid:37846731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 20.106.175.213 80 (msg: "MISP e26866 [] Outgoing To IP: 20.106.175.213|80"; classtype:trojan-activity; sid:37846741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 111.231.74.147 888 (msg: "MISP e26866 [] Outgoing To IP: 111.231.74.147|888"; classtype:trojan-activity; sid:37846751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 165.227.172.31 8090 (msg: "MISP e26866 [] Outgoing To IP: 165.227.172.31|8090"; classtype:trojan-activity; sid:37846761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 124.70.180.22 89 (msg: "MISP e26866 [] Outgoing To IP: 124.70.180.22|89"; classtype:trojan-activity; sid:37846771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 47.108.153.69 7777 (msg: "MISP e26866 [] Outgoing To IP: 47.108.153.69|7777"; classtype:trojan-activity; sid:37846781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 101.133.164.210 10001 (msg: "MISP e26866 [] Outgoing To IP: 101.133.164.210|10001"; classtype:trojan-activity; sid:37846791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 8.217.132.202 4443 (msg: "MISP e26866 [] Outgoing To IP: 8.217.132.202|4443"; classtype:trojan-activity; sid:37846801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 116.62.130.96 5555 (msg: "MISP e26866 [] Outgoing To IP: 116.62.130.96|5555"; classtype:trojan-activity; sid:37846811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 58.87.94.238 81 (msg: "MISP e26866 [] Outgoing To IP: 58.87.94.238|81"; classtype:trojan-activity; sid:37846821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 121.41.75.23 8888 (msg: "MISP e26866 [] Outgoing To IP: 121.41.75.23|8888"; classtype:trojan-activity; sid:37846831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 91.92.241.199 4433 (msg: "MISP e26866 [] Outgoing To IP: 91.92.241.199|4433"; classtype:trojan-activity; sid:37846841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 120.24.38.217 80 (msg: "MISP e26866 [] Outgoing To IP: 120.24.38.217|80"; classtype:trojan-activity; sid:37846851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 8.130.79.120 8787 (msg: "MISP e26866 [] Outgoing To IP: 8.130.79.120|8787"; classtype:trojan-activity; sid:37846861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 185.196.10.62 80 (msg: "MISP e26866 [] Outgoing To IP: 185.196.10.62|80"; classtype:trojan-activity; sid:37846871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 38.55.197.151 2077 (msg: "MISP e26866 [] Outgoing To IP: 38.55.197.151|2077"; classtype:trojan-activity; sid:37846881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 47.236.86.239 8088 (msg: "MISP e26866 [] Outgoing To IP: 47.236.86.239|8088"; classtype:trojan-activity; sid:37846891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 154.211.15.205 4444 (msg: "MISP e26866 [] Outgoing To IP: 154.211.15.205|4444"; classtype:trojan-activity; sid:37846901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 209.141.46.45 443 (msg: "MISP e26866 [] Outgoing To IP: 209.141.46.45|443"; classtype:trojan-activity; sid:37846911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 8.130.11.62 8000 (msg: "MISP e26866 [] Outgoing To IP: 8.130.11.62|8000"; classtype:trojan-activity; sid:37846921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 44.221.44.220 31337 (msg: "MISP e26866 [] Outgoing To IP: 44.221.44.220|31337"; classtype:trojan-activity; sid:37846931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 198.13.57.34 8443 (msg: "MISP e26866 [] Outgoing To IP: 198.13.57.34|8443"; classtype:trojan-activity; sid:37846941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 109.107.161.51 443 (msg: "MISP e26866 [] Outgoing To IP: 109.107.161.51|443"; classtype:trojan-activity; sid:37846951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 130.193.34.93 31337 (msg: "MISP e26866 [] Outgoing To IP: 130.193.34.93|31337"; classtype:trojan-activity; sid:37846961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 199.248.230.106 443 (msg: "MISP e26866 [] Outgoing To IP: 199.248.230.106|443"; classtype:trojan-activity; sid:37846971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 69.46.36.218 31337 (msg: "MISP e26866 [] Outgoing To IP: 69.46.36.218|31337"; classtype:trojan-activity; sid:37846981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 151.106.125.157 443 (msg: "MISP e26866 [] Outgoing To IP: 151.106.125.157|443"; classtype:trojan-activity; sid:37846991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 91.92.243.149 31337 (msg: "MISP e26866 [] Outgoing To IP: 91.92.243.149|31337"; classtype:trojan-activity; sid:37847001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 69.46.36.209 31337 (msg: "MISP e26866 [] Outgoing To IP: 69.46.36.209|31337"; classtype:trojan-activity; sid:37847011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 69.46.36.219 31337 (msg: "MISP e26866 [] Outgoing To IP: 69.46.36.219|31337"; classtype:trojan-activity; sid:37847021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 69.46.36.217 31337 (msg: "MISP e26866 [] Outgoing To IP: 69.46.36.217|31337"; classtype:trojan-activity; sid:37847031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 69.46.36.215 31337 (msg: "MISP e26866 [] Outgoing To IP: 69.46.36.215|31337"; classtype:trojan-activity; sid:37847041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 69.46.36.208 31337 (msg: "MISP e26866 [] Outgoing To IP: 69.46.36.208|31337"; classtype:trojan-activity; sid:37847051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 69.46.36.220 53 (msg: "MISP e26866 [] Outgoing To IP: 69.46.36.220|53"; classtype:trojan-activity; sid:37847061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 69.46.36.215 443 (msg: "MISP e26866 [] Outgoing To IP: 69.46.36.215|443"; classtype:trojan-activity; sid:37847071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 69.46.36.220 31337 (msg: "MISP e26866 [] Outgoing To IP: 69.46.36.220|31337"; classtype:trojan-activity; sid:37847081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 69.46.36.211 53 (msg: "MISP e26866 [] Outgoing To IP: 69.46.36.211|53"; classtype:trojan-activity; sid:37847091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 69.46.36.211 31337 (msg: "MISP e26866 [] Outgoing To IP: 69.46.36.211|31337"; classtype:trojan-activity; sid:37847101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 23.251.37.231 8888 (msg: "MISP e26866 [] Outgoing To IP: 23.251.37.231|8888"; classtype:trojan-activity; sid:37847111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 137.220.197.236 8888 (msg: "MISP e26866 [] Outgoing To IP: 137.220.197.236|8888"; classtype:trojan-activity; sid:37847121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 184.147.209.221 8080 (msg: "MISP e26866 [] Outgoing To IP: 184.147.209.221|8080"; classtype:trojan-activity; sid:37847131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 187.24.4.94 9999 (msg: "MISP e26866 [] Outgoing To IP: 187.24.4.94|9999"; classtype:trojan-activity; sid:37847141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 185.117.250.169 3393 (msg: "MISP e26866 [] Outgoing To IP: 185.117.250.169|3393"; classtype:trojan-activity; sid:37847151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 203.30.9.90 443 (msg: "MISP e26866 [] Outgoing To IP: 203.30.9.90|443"; classtype:trojan-activity; sid:37847161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 45.138.16.228 9090 (msg: "MISP e26866 [] Outgoing To IP: 45.138.16.228|9090"; classtype:trojan-activity; sid:37847171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 142.113.120.107 8080 (msg: "MISP e26866 [] Outgoing To IP: 142.113.120.107|8080"; classtype:trojan-activity; sid:37847181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 66.94.120.244 9999 (msg: "MISP e26866 [] Outgoing To IP: 66.94.120.244|9999"; classtype:trojan-activity; sid:37847191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 45.240.136.144 5055 (msg: "MISP e26866 [] Outgoing To IP: 45.240.136.144|5055"; classtype:trojan-activity; sid:37847201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 193.32.162.198 8808 (msg: "MISP e26866 [] Outgoing To IP: 193.32.162.198|8808"; classtype:trojan-activity; sid:37847211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 23.26.201.73 8888 (msg: "MISP e26866 [] Outgoing To IP: 23.26.201.73|8888"; classtype:trojan-activity; sid:37847221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 45.134.83.162 7707 (msg: "MISP e26866 [] Outgoing To IP: 45.134.83.162|7707"; classtype:trojan-activity; sid:37847231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 51.161.107.68 8808 (msg: "MISP e26866 [] Outgoing To IP: 51.161.107.68|8808"; classtype:trojan-activity; sid:37847241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 154.16.67.94 4242 (msg: "MISP e26866 [] Outgoing To IP: 154.16.67.94|4242"; classtype:trojan-activity; sid:37847251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 51.77.68.50 1231 (msg: "MISP e26866 [] Outgoing To IP: 51.77.68.50|1231"; classtype:trojan-activity; sid:37847261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 154.16.67.94 4444 (msg: "MISP e26866 [] Outgoing To IP: 154.16.67.94|4444"; classtype:trojan-activity; sid:37847271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 213.195.119.244 4001 (msg: "MISP e26866 [] Outgoing To IP: 213.195.119.244|4001"; classtype:trojan-activity; sid:37847281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 209.38.188.72 7443 (msg: "MISP e26866 [] Outgoing To IP: 209.38.188.72|7443"; classtype:trojan-activity; sid:37847291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 136.243.151.21 63 (msg: "MISP e26866 [] Outgoing To IP: 136.243.151.21|63"; classtype:trojan-activity; sid:37847301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 86.110.194.106 80 (msg: "MISP e26866 [] Outgoing To IP: 86.110.194.106|80"; classtype:trojan-activity; sid:37847311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 103.253.17.111 8081 (msg: "MISP e26866 [] Outgoing To IP: 103.253.17.111|8081"; classtype:trojan-activity; sid:37847321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 94.250.252.66 80 (msg: "MISP e26866 [] Outgoing To IP: 94.250.252.66|80"; classtype:trojan-activity; sid:37847331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 20.199.42.249 80 (msg: "MISP e26866 [] Outgoing To IP: 20.199.42.249|80"; classtype:trojan-activity; sid:37847341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 91.134.187.25 3336 (msg: "MISP e26866 [] Outgoing To IP: 91.134.187.25|3336"; classtype:trojan-activity; sid:37847351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 191.82.215.55 2000 (msg: "MISP e26866 [] Outgoing To IP: 191.82.215.55|2000"; classtype:trojan-activity; sid:37847361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 191.82.221.165 2000 (msg: "MISP e26866 [] Outgoing To IP: 191.82.221.165|2000"; classtype:trojan-activity; sid:37847371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 35.137.73.119 22222 (msg: "MISP e26866 [] Outgoing To IP: 35.137.73.119|22222"; classtype:trojan-activity; sid:37847381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 181.161.4.80 8080 (msg: "MISP e26866 [] Outgoing To IP: 181.161.4.80|8080"; classtype:trojan-activity; sid:37847391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 78.141.216.219 22533 (msg: "MISP e26866 [] Outgoing To IP: 78.141.216.219|22533"; classtype:trojan-activity; sid:37847401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 91.92.245.119 443 (msg: "MISP e26866 [] Outgoing To IP: 91.92.245.119|443"; classtype:trojan-activity; sid:37847411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 43.204.230.44 80 (msg: "MISP e26866 [] Outgoing To IP: 43.204.230.44|80"; classtype:trojan-activity; sid:37847421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 110.173.54.194 80 (msg: "MISP e26866 [] Outgoing To IP: 110.173.54.194|80"; classtype:trojan-activity; sid:37847431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 40.119.24.133 80 (msg: "MISP e26866 [] Outgoing To IP: 40.119.24.133|80"; classtype:trojan-activity; sid:37847441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 20.121.42.245 80 (msg: "MISP e26866 [] Outgoing To IP: 20.121.42.245|80"; classtype:trojan-activity; sid:37847451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 110.173.54.198 80 (msg: "MISP e26866 [] Outgoing To IP: 110.173.54.198|80"; classtype:trojan-activity; sid:37847461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 213.166.68.24 80 (msg: "MISP e26866 [] Outgoing To IP: 213.166.68.24|80"; classtype:trojan-activity; sid:37847471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 104.43.89.110 80 (msg: "MISP e26866 [] Outgoing To IP: 104.43.89.110|80"; classtype:trojan-activity; sid:37847481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 5.199.169.206 80 (msg: "MISP e26866 [] Outgoing To IP: 5.199.169.206|80"; classtype:trojan-activity; sid:37847491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 20.166.248.109 80 (msg: "MISP e26866 [] Outgoing To IP: 20.166.248.109|80"; classtype:trojan-activity; sid:37847501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 110.173.54.197 80 (msg: "MISP e26866 [] Outgoing To IP: 110.173.54.197|80"; classtype:trojan-activity; sid:37847511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 52.22.239.204 443 (msg: "MISP e26866 [] Outgoing To IP: 52.22.239.204|443"; classtype:trojan-activity; sid:37847521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 110.173.54.196 80 (msg: "MISP e26866 [] Outgoing To IP: 110.173.54.196|80"; classtype:trojan-activity; sid:37847531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 52.205.60.154 443 (msg: "MISP e26866 [] Outgoing To IP: 52.205.60.154|443"; classtype:trojan-activity; sid:37847541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 34.197.122.235 443 (msg: "MISP e26866 [] Outgoing To IP: 34.197.122.235|443"; classtype:trojan-activity; sid:37847551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 51.195.83.140 8888 (msg: "MISP e26866 [] Outgoing To IP: 51.195.83.140|8888"; classtype:trojan-activity; sid:37847561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 51.195.83.140 80 (msg: "MISP e26866 [] Outgoing To IP: 51.195.83.140|80"; classtype:trojan-activity; sid:37847571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 51.195.83.140 443 (msg: "MISP e26866 [] Outgoing To IP: 51.195.83.140|443"; classtype:trojan-activity; sid:37847581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 91.208.92.66 80 (msg: "MISP e26866 [] Outgoing To IP: 91.208.92.66|80"; classtype:trojan-activity; sid:37847591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 93.123.85.142 80 (msg: "MISP e26866 [] Outgoing To IP: 93.123.85.142|80"; classtype:trojan-activity; sid:37847601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 117.84.36.29 8008 (msg: "MISP e26866 [] Outgoing To IP: 117.84.36.29|8008"; classtype:trojan-activity; sid:37847611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 18.183.219.84 60000 (msg: "MISP e26866 [] Outgoing To IP: 18.183.219.84|60000"; classtype:trojan-activity; sid:37847621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 103.118.41.127 60000 (msg: "MISP e26866 [] Outgoing To IP: 103.118.41.127|60000"; classtype:trojan-activity; sid:37847631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 152.42.162.0 60000 (msg: "MISP e26866 [] Outgoing To IP: 152.42.162.0|60000"; classtype:trojan-activity; sid:37847641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 118.89.91.229 60000 (msg: "MISP e26866 [] Outgoing To IP: 118.89.91.229|60000"; classtype:trojan-activity; sid:37847651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 123.60.16.239 60000 (msg: "MISP e26866 [] Outgoing To IP: 123.60.16.239|60000"; classtype:trojan-activity; sid:37847661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 103.118.41.143 60000 (msg: "MISP e26866 [] Outgoing To IP: 103.118.41.143|60000"; classtype:trojan-activity; sid:37847671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 47.109.142.156 60000 (msg: "MISP e26866 [] Outgoing To IP: 47.109.142.156|60000"; classtype:trojan-activity; sid:37847681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 64.227.66.1 3333 (msg: "MISP e26866 [] Outgoing To IP: 64.227.66.1|3333"; classtype:trojan-activity; sid:37847691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 178.128.212.97 8443 (msg: "MISP e26866 [] Outgoing To IP: 178.128.212.97|8443"; classtype:trojan-activity; sid:37847701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 185.43.222.163 3333 (msg: "MISP e26866 [] Outgoing To IP: 185.43.222.163|3333"; classtype:trojan-activity; sid:37847711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 178.154.201.213 3333 (msg: "MISP e26866 [] Outgoing To IP: 178.154.201.213|3333"; classtype:trojan-activity; sid:37847721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 34.250.158.249 443 (msg: "MISP e26866 [] Outgoing To IP: 34.250.158.249|443"; classtype:trojan-activity; sid:37847731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 206.221.176.188 10718 (msg: "MISP e26866 [] Outgoing To IP: 206.221.176.188|10718"; classtype:trojan-activity; sid:37847741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 196.50.10.35 443 (msg: "MISP e26866 [] Outgoing To IP: 196.50.10.35|443"; classtype:trojan-activity; sid:37847751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 107.174.250.230 3333 (msg: "MISP e26866 [] Outgoing To IP: 107.174.250.230|3333"; classtype:trojan-activity; sid:37847761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 89.26.253.61 3333 (msg: "MISP e26866 [] Outgoing To IP: 89.26.253.61|3333"; classtype:trojan-activity; sid:37847771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 18.156.23.188 443 (msg: "MISP e26866 [] Outgoing To IP: 18.156.23.188|443"; classtype:trojan-activity; sid:37847781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 3.231.20.29 443 (msg: "MISP e26866 [] Outgoing To IP: 3.231.20.29|443"; classtype:trojan-activity; sid:37847791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 54.194.190.84 443 (msg: "MISP e26866 [] Outgoing To IP: 54.194.190.84|443"; classtype:trojan-activity; sid:37847801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 157.230.24.185 3333 (msg: "MISP e26866 [] Outgoing To IP: 157.230.24.185|3333"; classtype:trojan-activity; sid:37847811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 20.88.9.79 3333 (msg: "MISP e26866 [] Outgoing To IP: 20.88.9.79|3333"; classtype:trojan-activity; sid:37847821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 34.125.92.141 443 (msg: "MISP e26866 [] Outgoing To IP: 34.125.92.141|443"; classtype:trojan-activity; sid:37847831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 43.136.182.96 3333 (msg: "MISP e26866 [] Outgoing To IP: 43.136.182.96|3333"; classtype:trojan-activity; sid:37847841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 165.22.73.33 3333 (msg: "MISP e26866 [] Outgoing To IP: 165.22.73.33|3333"; classtype:trojan-activity; sid:37847851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 80.249.164.234 3333 (msg: "MISP e26866 [] Outgoing To IP: 80.249.164.234|3333"; classtype:trojan-activity; sid:37847861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 128.199.141.212 3333 (msg: "MISP e26866 [] Outgoing To IP: 128.199.141.212|3333"; classtype:trojan-activity; sid:37847871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 167.71.231.127 3333 (msg: "MISP e26866 [] Outgoing To IP: 167.71.231.127|3333"; classtype:trojan-activity; sid:37847881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 139.196.100.176 60080 (msg: "MISP e26866 [] Outgoing To IP: 139.196.100.176|60080"; classtype:trojan-activity; sid:37847891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 20.161.150.170 3333 (msg: "MISP e26866 [] Outgoing To IP: 20.161.150.170|3333"; classtype:trojan-activity; sid:37847901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 3.28.252.232 4444 (msg: "MISP e26866 [] Outgoing To IP: 3.28.252.232|4444"; classtype:trojan-activity; sid:37847911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain 104-168-102-175.plesk.page"; dns.query; content:"104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37847921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain 104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37847922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 128.199.23.68 9999 (msg: "MISP e26866 [] Outgoing To IP: 128.199.23.68|9999"; classtype:trojan-activity; sid:37847931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain www.kind-villani.104-168-102-175.plesk.page"; dns.query; content:"www.kind-villani.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kind\-villani\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37847941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain www.kind-villani.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.kind-villani.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.kind\-villani\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37847942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain time.vmupdate.org"; dns.query; content:"time.vmupdate.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])time\.vmupdate\.org$/i"; classtype:trojan-activity; sid:37847951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain time.vmupdate.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"time.vmupdate.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])time\.vmupdate\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37847952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain smtracking.web_hassinezarrat.swp23.com"; dns.query; content:"smtracking.web_hassinezarrat.swp23.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])smtracking\.web_hassinezarrat\.swp23\.com$/i"; classtype:trojan-activity; sid:37847961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain smtracking.web_hassinezarrat.swp23.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smtracking.web_hassinezarrat.swp23.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smtracking\.web_hassinezarrat\.swp23\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37847962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain accept.gbdvs.shop"; dns.query; content:"accept.gbdvs.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])accept\.gbdvs\.shop$/i"; classtype:trojan-activity; sid:37847971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain accept.gbdvs.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"accept.gbdvs.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])accept\.gbdvs\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37847972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain gbdvs.shop"; dns.query; content:"gbdvs.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])gbdvs\.shop$/i"; classtype:trojan-activity; sid:37847981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain gbdvs.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gbdvs.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gbdvs\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37847982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain dev2.stocktok.io"; dns.query; content:"dev2.stocktok.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev2\.stocktok\.io$/i"; classtype:trojan-activity; sid:37847991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain dev2.stocktok.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev2.stocktok.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev2\.stocktok\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37847992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain www.gbdvs.shop"; dns.query; content:"www.gbdvs.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gbdvs\.shop$/i"; classtype:trojan-activity; sid:37848001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain www.gbdvs.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.gbdvs.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gbdvs\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail.3-84-126-255.cprapid.com"; dns.query; content:"mail.3-84-126-255.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.3\-84\-126\-255\.cprapid\.com$/i"; classtype:trojan-activity; sid:37848011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail.3-84-126-255.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.3-84-126-255.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.3\-84\-126\-255\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain maps.attuneiot.com"; dns.query; content:"maps.attuneiot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])maps\.attuneiot\.com$/i"; classtype:trojan-activity; sid:37848021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain maps.attuneiot.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maps.attuneiot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maps\.attuneiot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain ec2-52-22-239-204.compute-1.amazonaws.com"; dns.query; content:"ec2-52-22-239-204.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-22\-239\-204\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37848031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain ec2-52-22-239-204.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-52-22-239-204.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-22\-239\-204\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain ec2-52-23-117-205.compute-1.amazonaws.com"; dns.query; content:"ec2-52-23-117-205.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-23\-117\-205\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37848041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain ec2-52-23-117-205.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-52-23-117-205.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-52\-23\-117\-205\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain ec2-34-197-122-235.compute-1.amazonaws.com"; dns.query; content:"ec2-34-197-122-235.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-197\-122\-235\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37848051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain ec2-34-197-122-235.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-34-197-122-235.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-197\-122\-235\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain epsilonyouknow.party"; dns.query; content:"epsilonyouknow.party"; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilonyouknow\.party$/i"; classtype:trojan-activity; sid:37848061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain epsilonyouknow.party"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"epsilonyouknow.party"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])epsilonyouknow\.party[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain my.attuneiot.com"; dns.query; content:"my.attuneiot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])my\.attuneiot\.com$/i"; classtype:trojan-activity; sid:37848071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain my.attuneiot.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"my.attuneiot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])my\.attuneiot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain dhjkfgdfkhjghdfjkgjdfoigjpi.ru"; dns.query; content:"dhjkfgdfkhjghdfjkgjdfoigjpi.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])dhjkfgdfkhjghdfjkgjdfoigjpi\.ru$/i"; classtype:trojan-activity; sid:37848081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain dhjkfgdfkhjghdfjkgjdfoigjpi.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dhjkfgdfkhjghdfjkgjdfoigjpi.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dhjkfgdfkhjghdfjkgjdfoigjpi\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain nic-ns3-153548.net"; dns.query; content:"nic-ns3-153548.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])nic\-ns3\-153548\.net$/i"; classtype:trojan-activity; sid:37848091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain nic-ns3-153548.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nic-ns3-153548.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nic\-ns3\-153548\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain telligenc.rest"; dns.query; content:"telligenc.rest"; nocase; pcre: "/(^|[^A-Za-z0-9-])telligenc\.rest$/i"; classtype:trojan-activity; sid:37848101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain telligenc.rest"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"telligenc.rest"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])telligenc\.rest[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain www3.deenpel.com"; dns.query; content:"www3.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www3\.deenpel\.com$/i"; classtype:trojan-activity; sid:37848111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain www3.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www3.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www3\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain ec2-16-62-149-189.eu-central-2.compute.amazonaws.com"; dns.query; content:"ec2-16-62-149-189.eu-central-2.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-16\-62\-149\-189\.eu\-central\-2\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37848121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain ec2-16-62-149-189.eu-central-2.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-16-62-149-189.eu-central-2.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-16\-62\-149\-189\.eu\-central\-2\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain port.deenpel.com"; dns.query; content:"port.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])port\.deenpel\.com$/i"; classtype:trojan-activity; sid:37848131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain port.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"port.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])port\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain ogs.deenpel.com"; dns.query; content:"ogs.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ogs\.deenpel\.com$/i"; classtype:trojan-activity; sid:37848141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain ogs.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ogs.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ogs\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain accounts.deenpel.com"; dns.query; content:"accounts.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])accounts\.deenpel\.com$/i"; classtype:trojan-activity; sid:37848161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain accounts.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"accounts.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])accounts\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37848162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 146.19.213.36 445 (msg: "MISP e26903 [] Outgoing To IP: 146.19.213.36|445"; classtype:trojan-activity; sid:37618841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 89.117.2.33 445 (msg: "MISP e26903 [] Outgoing To IP: 89.117.2.33|445"; classtype:trojan-activity; sid:37618851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 176.123.2.146 445 (msg: "MISP e26903 [] Outgoing To IP: 176.123.2.146|445"; classtype:trojan-activity; sid:37618861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 89.117.1.161 445 (msg: "MISP e26903 [] Outgoing To IP: 89.117.1.161|445"; classtype:trojan-activity; sid:37618871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 89.117.2.34 445 (msg: "MISP e26903 [] Outgoing To IP: 89.117.2.34|445"; classtype:trojan-activity; sid:37618881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 89.117.1.160 445 (msg: "MISP e26903 [] Outgoing To IP: 89.117.1.160|445"; classtype:trojan-activity; sid:37618891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 103.124.104.76 445 (msg: "MISP e26903 [] Outgoing To IP: 103.124.104.76|445"; classtype:trojan-activity; sid:37618901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 104.129.20.167 445 (msg: "MISP e26903 [] Outgoing To IP: 104.129.20.167|445"; classtype:trojan-activity; sid:37618911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 103.124.104.22 445 (msg: "MISP e26903 [] Outgoing To IP: 103.124.104.22|445"; classtype:trojan-activity; sid:37618921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 204.44.125.68 445 (msg: "MISP e26903 [] Outgoing To IP: 204.44.125.68|445"; classtype:trojan-activity; sid:37618931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 66.63.188.19 445 (msg: "MISP e26903 [] Outgoing To IP: 66.63.188.19|445"; classtype:trojan-activity; sid:37618941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bloch-ireland.com"; dns.query; content:"bloch-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bloch\-ireland\.com$/i"; classtype:trojan-activity; sid:37762011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bloch-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bloch-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bloch\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemaflipflopireland.com"; dns.query; content:"ipanemaflipflopireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemaflipflopireland\.com$/i"; classtype:trojan-activity; sid:37762001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemaflipflopireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemaflipflopireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemaflipflopireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain redwingsdublin.com"; dns.query; content:"redwingsdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])redwingsdublin\.com$/i"; classtype:trojan-activity; sid:37761991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain redwingsdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"redwingsdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])redwingsdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vivobarefootshoeireland.com"; dns.query; content:"vivobarefootshoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefootshoeireland\.com$/i"; classtype:trojan-activity; sid:37761981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vivobarefootshoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vivobarefootshoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefootshoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37761982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 103.124.104.76 445 (msg: "MISP e26866 [] Outgoing To IP: 103.124.104.76|445"; classtype:trojan-activity; sid:37852891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 89.117.1.160 445 (msg: "MISP e26866 [] Outgoing To IP: 89.117.1.160|445"; classtype:trojan-activity; sid:37852901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 89.117.2.34 445 (msg: "MISP e26866 [] Outgoing To IP: 89.117.2.34|445"; classtype:trojan-activity; sid:37852911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 89.117.1.161 445 (msg: "MISP e26866 [] Outgoing To IP: 89.117.1.161|445"; classtype:trojan-activity; sid:37852921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 176.123.2.146 445 (msg: "MISP e26866 [] Outgoing To IP: 176.123.2.146|445"; classtype:trojan-activity; sid:37852931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 89.117.2.33 445 (msg: "MISP e26866 [] Outgoing To IP: 89.117.2.33|445"; classtype:trojan-activity; sid:37852941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 146.19.213.36 445 (msg: "MISP e26866 [] Outgoing To IP: 146.19.213.36|445"; classtype:trojan-activity; sid:37852951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 66.63.188.19 445 (msg: "MISP e26866 [] Outgoing To IP: 66.63.188.19|445"; classtype:trojan-activity; sid:37852961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 204.44.125.68 445 (msg: "MISP e26866 [] Outgoing To IP: 204.44.125.68|445"; classtype:trojan-activity; sid:37852971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 103.124.104.22 445 (msg: "MISP e26866 [] Outgoing To IP: 103.124.104.22|445"; classtype:trojan-activity; sid:37852981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 104.129.20.167 445 (msg: "MISP e26866 [] Outgoing To IP: 104.129.20.167|445"; classtype:trojan-activity; sid:37852991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calzasgymshark-argentina.com"; dns.query; content:"calzasgymshark-argentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calzasgymshark\-argentina\.com$/i"; classtype:trojan-activity; sid:37762021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calzasgymshark-argentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calzasgymshark-argentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calzasgymshark\-argentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarkscevljislovenija.com"; dns.query; content:"clarkscevljislovenija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkscevljislovenija\.com$/i"; classtype:trojan-activity; sid:37762031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarkscevljislovenija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarkscevljislovenija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkscevljislovenija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarks-croatia.com"; dns.query; content:"clarks-croatia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-croatia\.com$/i"; classtype:trojan-activity; sid:37762041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarks-croatia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarks-croatia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-croatia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarks-fr.com"; dns.query; content:"clarks-fr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-fr\.com$/i"; classtype:trojan-activity; sid:37762051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarks-fr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarks-fr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-fr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarkskorstockholm.com"; dns.query; content:"clarkskorstockholm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkskorstockholm\.com$/i"; classtype:trojan-activity; sid:37762061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarkskorstockholm.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarkskorstockholm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkskorstockholm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarks-newzealand.com"; dns.query; content:"clarks-newzealand.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-newzealand\.com$/i"; classtype:trojan-activity; sid:37762071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarks-newzealand.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarks-newzealand.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-newzealand\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksquito.com"; dns.query; content:"clarksquito.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksquito\.com$/i"; classtype:trojan-activity; sid:37762081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksquito.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksquito.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksquito\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksshoesdubai.com"; dns.query; content:"clarksshoesdubai.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksshoesdubai\.com$/i"; classtype:trojan-activity; sid:37762091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksshoesdubai.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksshoesdubai.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksshoesdubai\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarks-slovakia.com"; dns.query; content:"clarks-slovakia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-slovakia\.com$/i"; classtype:trojan-activity; sid:37762101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarks-slovakia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarks-slovakia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-slovakia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarkssrbijaonline.com"; dns.query; content:"clarkssrbijaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkssrbijaonline\.com$/i"; classtype:trojan-activity; sid:37762111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarkssrbijaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarkssrbijaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkssrbijaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksturkiyemagazalar.com"; dns.query; content:"clarksturkiyemagazalar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksturkiyemagazalar\.com$/i"; classtype:trojan-activity; sid:37762121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksturkiyemagazalar.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksturkiyemagazalar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksturkiyemagazalar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksve.com"; dns.query; content:"clarksve.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksve\.com$/i"; classtype:trojan-activity; sid:37762131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksve.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksve.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksve\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarkswinkels.com"; dns.query; content:"clarkswinkels.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkswinkels\.com$/i"; classtype:trojan-activity; sid:37762141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarkswinkels.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarkswinkels.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkswinkels\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain colantigymshark-romania.com"; dns.query; content:"colantigymshark-romania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])colantigymshark\-romania\.com$/i"; classtype:trojan-activity; sid:37762151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain colantigymshark-romania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"colantigymshark-romania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])colantigymshark\-romania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymshark-espanaoutlet.com"; dns.query; content:"gymshark-espanaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-espanaoutlet\.com$/i"; classtype:trojan-activity; sid:37762161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymshark-espanaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymshark-espanaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-espanaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymshark-greeceshop.com"; dns.query; content:"gymshark-greeceshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-greeceshop\.com$/i"; classtype:trojan-activity; sid:37762171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymshark-greeceshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymshark-greeceshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-greeceshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkleggings-deutschland.com"; dns.query; content:"gymsharkleggings-deutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggings\-deutschland\.com$/i"; classtype:trojan-activity; sid:37762181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkleggings-deutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkleggings-deutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggings\-deutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkleggingshu.com"; dns.query; content:"gymsharkleggingshu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggingshu\.com$/i"; classtype:trojan-activity; sid:37762191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkleggingshu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkleggingshu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggingshu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkleggingsportugal.com"; dns.query; content:"gymsharkleggingsportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggingsportugal\.com$/i"; classtype:trojan-activity; sid:37762201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkleggingsportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkleggingsportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggingsportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkleggingssalenz.com"; dns.query; content:"gymsharkleggingssalenz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggingssalenz\.com$/i"; classtype:trojan-activity; sid:37762211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkleggingssalenz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkleggingssalenz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggingssalenz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkleggingssaleuk.com"; dns.query; content:"gymsharkleggingssaleuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggingssaleuk\.com$/i"; classtype:trojan-activity; sid:37762221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkleggingssaleuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkleggingssaleuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggingssaleuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkleggings-suomi.com"; dns.query; content:"gymsharkleggings-suomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggings\-suomi\.com$/i"; classtype:trojan-activity; sid:37762231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkleggings-suomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkleggings-suomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggings\-suomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkleginy-sk.com"; dns.query; content:"gymsharkleginy-sk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleginy\-sk\.com$/i"; classtype:trojan-activity; sid:37762241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkleginy-sk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkleginy-sk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleginy\-sk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkleglnycz.com"; dns.query; content:"gymsharkleglnycz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleglnycz\.com$/i"; classtype:trojan-activity; sid:37762251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkleglnycz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkleglnycz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleglnycz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymshark-morocco.com"; dns.query; content:"gymshark-morocco.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-morocco\.com$/i"; classtype:trojan-activity; sid:37762261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymshark-morocco.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymshark-morocco.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-morocco\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkpolskalegginsy.com"; dns.query; content:"gymsharkpolskalegginsy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkpolskalegginsy\.com$/i"; classtype:trojan-activity; sid:37762271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkpolskalegginsy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkpolskalegginsy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkpolskalegginsy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharksale-australia.com"; dns.query; content:"gymsharksale-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharksale\-australia\.com$/i"; classtype:trojan-activity; sid:37762281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharksale-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharksale-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharksale\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharksrbijashop.com"; dns.query; content:"gymsharksrbijashop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharksrbijashop\.com$/i"; classtype:trojan-activity; sid:37762291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharksrbijashop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharksrbijashop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharksrbijashop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkturkiyesatis.com"; dns.query; content:"gymsharkturkiyesatis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkturkiyesatis\.com$/i"; classtype:trojan-activity; sid:37762301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkturkiyesatis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkturkiyesatis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkturkiyesatis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain leggingsgymshark-mexico.com"; dns.query; content:"leggingsgymshark-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])leggingsgymshark\-mexico\.com$/i"; classtype:trojan-activity; sid:37762311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain leggingsgymshark-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"leggingsgymshark-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])leggingsgymshark\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain magazineclarksromania.com"; dns.query; content:"magazineclarksromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])magazineclarksromania\.com$/i"; classtype:trojan-activity; sid:37762321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain magazineclarksromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"magazineclarksromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])magazineclarksromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain norgeclarks.com"; dns.query; content:"norgeclarks.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])norgeclarks\.com$/i"; classtype:trojan-activity; sid:37762331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain norgeclarks.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"norgeclarks.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])norgeclarks\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ropagymshark-colombia.com"; dns.query; content:"ropagymshark-colombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ropagymshark\-colombia\.com$/i"; classtype:trojan-activity; sid:37762341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ropagymshark-colombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ropagymshark-colombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ropagymshark\-colombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sandaliasclarkschile.com"; dns.query; content:"sandaliasclarkschile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sandaliasclarkschile\.com$/i"; classtype:trojan-activity; sid:37762351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sandaliasclarkschile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sandaliasclarkschile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sandaliasclarkschile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tescopro.com"; dns.query; content:"tescopro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tescopro\.com$/i"; classtype:trojan-activity; sid:37762361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tescopro.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tescopro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tescopro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e26903 [Mirai] Domain nxsisgod.com"; dns.query; content:"nxsisgod.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nxsisgod\.com$/i"; classtype:trojan-activity; sid:37618951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [Mirai] Outgoing HTTP Domain nxsisgod.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nxsisgod.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nxsisgod\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37618952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 88.198.112.251 10050 (msg: "MISP e26903 [Vidar] Outgoing To IP: 88.198.112.251|10050"; classtype:trojan-activity; sid:37618961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 95.217.240.158 443 (msg: "MISP e26903 [Vidar] Outgoing To IP: 95.217.240.158|443"; classtype:trojan-activity; sid:37618971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26866 [] Domain nxsisgod.com"; dns.query; content:"nxsisgod.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nxsisgod\.com$/i"; classtype:trojan-activity; sid:37852881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain nxsisgod.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nxsisgod.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nxsisgod\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26903 [Mirai] Domain wwv.bmjz.vip"; dns.query; content:"wwv.bmjz.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwv\.bmjz\.vip$/i"; classtype:trojan-activity; sid:37615361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [Mirai] Outgoing HTTP Domain wwv.bmjz.vip"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwv.bmjz.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwv\.bmjz\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [Mirai] Domain route.qyhgroup.com"; dns.query; content:"route.qyhgroup.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])route\.qyhgroup\.com$/i"; classtype:trojan-activity; sid:37615341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [Mirai] Outgoing HTTP Domain route.qyhgroup.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"route.qyhgroup.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])route\.qyhgroup\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [njrat,RAT] Domain multi-bidding.gl.at.ply.gg"; dns.query; content:"multi-bidding.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])multi\-bidding\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37615351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [njrat,RAT] Outgoing HTTP Domain multi-bidding.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"multi-bidding.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])multi\-bidding\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [Mirai] Domain mnmn.espontaneo.cc"; dns.query; content:"mnmn.espontaneo.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])mnmn\.espontaneo\.cc$/i"; classtype:trojan-activity; sid:37615331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [Mirai] Outgoing HTTP Domain mnmn.espontaneo.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mnmn.espontaneo.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mnmn\.espontaneo\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 185.196.9.97 38241 (msg: "MISP e26903 [Mirai] Outgoing To IP: 185.196.9.97|38241"; classtype:trojan-activity; sid:37615321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [NanoCore,RAT] Domain pve.pezow.ovh"; dns.query; content:"pve.pezow.ovh"; nocase; pcre: "/(^|[^A-Za-z0-9-])pve\.pezow\.ovh$/i"; classtype:trojan-activity; sid:37615311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [NanoCore,RAT] Outgoing HTTP Domain pve.pezow.ovh"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pve.pezow.ovh"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pve\.pezow\.ovh[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [BbyStealer] Domain refinedruffles.com"; dns.query; content:"refinedruffles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])refinedruffles\.com$/i"; classtype:trojan-activity; sid:37615291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [BbyStealer] Outgoing HTTP Domain refinedruffles.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"refinedruffles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])refinedruffles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [BbyStealer] Domain q65fpfr2wpjugu7y3ldvjjdgz8uzqak2.nl"; dns.query; content:"q65fpfr2wpjugu7y3ldvjjdgz8uzqak2.nl"; nocase; pcre: "/(^|[^A-Za-z0-9-])q65fpfr2wpjugu7y3ldvjjdgz8uzqak2\.nl$/i"; classtype:trojan-activity; sid:37615301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [BbyStealer] Outgoing HTTP Domain q65fpfr2wpjugu7y3ldvjjdgz8uzqak2.nl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"q65fpfr2wpjugu7y3ldvjjdgz8uzqak2.nl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])q65fpfr2wpjugu7y3ldvjjdgz8uzqak2\.nl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [BbyStealer] Domain 4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb.nl"; dns.query; content:"4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb.nl"; nocase; pcre: "/(^|[^A-Za-z0-9-])4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb\.nl$/i"; classtype:trojan-activity; sid:37615281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [BbyStealer] Outgoing HTTP Domain 4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb.nl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb.nl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb\.nl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 185.91.127.216 5555 (msg: "MISP e26903 [c2,elf,moobot] Outgoing To IP: 185.91.127.216|5555"; classtype:trojan-activity; sid:37615621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 192.151.243.135 55650 (msg: "MISP e26903 [c2,elf,moobot] Outgoing To IP: 192.151.243.135|55650"; classtype:trojan-activity; sid:37615611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 5.161.113.150 25658 (msg: "MISP e26903 [] Outgoing To IP: 5.161.113.150|25658"; classtype:trojan-activity; sid:37618741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 52.205.60.154 80 (msg: "MISP e26903 [] Outgoing To IP: 52.205.60.154|80"; classtype:trojan-activity; sid:37618751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 34.197.122.235 80 (msg: "MISP e26903 [] Outgoing To IP: 34.197.122.235|80"; classtype:trojan-activity; sid:37618761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 44.196.101.127 80 (msg: "MISP e26903 [] Outgoing To IP: 44.196.101.127|80"; classtype:trojan-activity; sid:37618771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 52.22.239.204 80 (msg: "MISP e26903 [] Outgoing To IP: 52.22.239.204|80"; classtype:trojan-activity; sid:37618781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 52.23.117.205 80 (msg: "MISP e26903 [] Outgoing To IP: 52.23.117.205|80"; classtype:trojan-activity; sid:37618791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 54.237.138.159 80 (msg: "MISP e26903 [] Outgoing To IP: 54.237.138.159|80"; classtype:trojan-activity; sid:37618801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 34.207.38.46 80 (msg: "MISP e26903 [] Outgoing To IP: 34.207.38.46|80"; classtype:trojan-activity; sid:37618811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 34.230.177.18 80 (msg: "MISP e26903 [] Outgoing To IP: 34.230.177.18|80"; classtype:trojan-activity; sid:37618821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 54.234.189.192 80 (msg: "MISP e26903 [] Outgoing To IP: 54.234.189.192|80"; classtype:trojan-activity; sid:37618831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 172.67.192.204 80 (msg: "MISP e26903 [panel] Outgoing To IP: 172.67.192.204|80"; classtype:trojan-activity; sid:37616601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 172.67.152.71 80 (msg: "MISP e26903 [panel] Outgoing To IP: 172.67.152.71|80"; classtype:trojan-activity; sid:37616591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 104.21.44.13 80 (msg: "MISP e26903 [panel] Outgoing To IP: 104.21.44.13|80"; classtype:trojan-activity; sid:37616581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 104.21.12.116 80 (msg: "MISP e26903 [panel] Outgoing To IP: 104.21.12.116|80"; classtype:trojan-activity; sid:37616571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 198.44.171.3 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//198.44.171.3/auth/login"; flow:to_server,established; http.header; content:"198.44.171.3"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 175.110.115.65 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//175.110.115.65/auth/login"; flow:to_server,established; http.header; content:"175.110.115.65"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 172.67.192.204 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//172.67.192.204/auth/login"; flow:to_server,established; http.header; content:"172.67.192.204"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 172.67.152.71 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//172.67.152.71/auth/login"; flow:to_server,established; http.header; content:"172.67.152.71"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 104.21.44.13 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//104.21.44.13/auth/login"; flow:to_server,established; http.header; content:"104.21.44.13"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 104.21.12.116 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//104.21.12.116/auth/login"; flow:to_server,established; http.header; content:"104.21.12.116"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 94.228.162.149 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//94.228.162.149/auth/login"; flow:to_server,established; http.header; content:"94.228.162.149"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 92.246.136.161 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//92.246.136.161/auth/login"; flow:to_server,established; http.header; content:"92.246.136.161"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 5.42.73.150 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//5.42.73.150/auth/login"; flow:to_server,established; http.header; content:"5.42.73.150"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 45.138.16.132 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//45.138.16.132/auth/login"; flow:to_server,established; http.header; content:"45.138.16.132"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 79.137.202.68 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//79.137.202.68/auth/login"; flow:to_server,established; http.header; content:"79.137.202.68"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 109.107.181.83 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//109.107.181.83/auth/login"; flow:to_server,established; http.header; content:"109.107.181.83"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 147.45.42.25 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//147.45.42.25/auth/login"; flow:to_server,established; http.header; content:"147.45.42.25"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 45.138.74.228 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//45.138.74.228/auth/login"; flow:to_server,established; http.header; content:"45.138.74.228"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 77.105.147.157 $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//77.105.147.157/auth/login"; flow:to_server,established; http.header; content:"77.105.147.157"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain yes1.homeshopdigital.site"; dns.query; content:"yes1.homeshopdigital.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])yes1\.homeshopdigital\.site$/i"; classtype:trojan-activity; sid:37616411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain yes1.homeshopdigital.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yes1.homeshopdigital.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yes1\.homeshopdigital\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain yes.homeshopdigital.site"; dns.query; content:"yes.homeshopdigital.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])yes\.homeshopdigital\.site$/i"; classtype:trojan-activity; sid:37616401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain yes.homeshopdigital.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yes.homeshopdigital.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yes\.homeshopdigital\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain www.mzile.com"; dns.query; content:"www.mzile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mzile\.com$/i"; classtype:trojan-activity; sid:37616391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain www.mzile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.mzile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mzile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain www.mg.inspirestudiosteam.com"; dns.query; content:"www.mg.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mg\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37616381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain www.mg.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.mg.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mg\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain www.inspirestudiosteam.com"; dns.query; content:"www.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37616371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain www.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain www.gulfcoastcoffeeroasters.com"; dns.query; content:"www.gulfcoastcoffeeroasters.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gulfcoastcoffeeroasters\.com$/i"; classtype:trojan-activity; sid:37616361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain www.gulfcoastcoffeeroasters.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.gulfcoastcoffeeroasters.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gulfcoastcoffeeroasters\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain www.fleekbusiness.com"; dns.query; content:"www.fleekbusiness.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fleekbusiness\.com$/i"; classtype:trojan-activity; sid:37616341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain www.fleekbusiness.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.fleekbusiness.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fleekbusiness\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain www.garciaprints.com"; dns.query; content:"www.garciaprints.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.garciaprints\.com$/i"; classtype:trojan-activity; sid:37616351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain www.garciaprints.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.garciaprints.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.garciaprints\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain www.ebookza.com"; dns.query; content:"www.ebookza.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ebookza\.com$/i"; classtype:trojan-activity; sid:37616331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain www.ebookza.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.ebookza.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ebookza\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain webmail.inspirestudiosteam.com"; dns.query; content:"webmail.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37616321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain webmail.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webmail.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain webdisk.inspirestudiosteam.com"; dns.query; content:"webdisk.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])webdisk\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37616311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain webdisk.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webdisk.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webdisk\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain vpnu.top"; dns.query; content:"vpnu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])vpnu\.top$/i"; classtype:trojan-activity; sid:37616301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain vpnu.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vpnu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vpnu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain skinsmonkey.complete.homsiknet.com"; dns.query; content:"skinsmonkey.complete.homsiknet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skinsmonkey\.complete\.homsiknet\.com$/i"; classtype:trojan-activity; sid:37616291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain skinsmonkey.complete.homsiknet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skinsmonkey.complete.homsiknet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skinsmonkey\.complete\.homsiknet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain pars.northpm.xyz"; dns.query; content:"pars.northpm.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])pars\.northpm\.xyz$/i"; classtype:trojan-activity; sid:37616281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain pars.northpm.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pars.northpm.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pars\.northpm\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain panel.swain.ir"; dns.query; content:"panel.swain.ir"; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.swain\.ir$/i"; classtype:trojan-activity; sid:37616271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain panel.swain.ir"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"panel.swain.ir"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.swain\.ir[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain blazebit.bet"; dns.query; content:"blazebit.bet"; nocase; pcre: "/(^|[^A-Za-z0-9-])blazebit\.bet$/i"; classtype:trojan-activity; sid:37616131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain blazebit.bet"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blazebit.bet"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blazebit\.bet[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain buygamingnfts.com"; dns.query; content:"buygamingnfts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])buygamingnfts\.com$/i"; classtype:trojan-activity; sid:37616141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain buygamingnfts.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"buygamingnfts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])buygamingnfts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain cpanel.garciaprints.com"; dns.query; content:"cpanel.garciaprints.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cpanel\.garciaprints\.com$/i"; classtype:trojan-activity; sid:37616151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain cpanel.garciaprints.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cpanel.garciaprints.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cpanel\.garciaprints\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain cpanel.inspirestudiosteam.com"; dns.query; content:"cpanel.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cpanel\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37616161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain cpanel.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cpanel.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cpanel\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain cpcontacts.inspirestudiosteam.com"; dns.query; content:"cpcontacts.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cpcontacts\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37616171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain cpcontacts.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cpcontacts.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cpcontacts\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain ebookza.com"; dns.query; content:"ebookza.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ebookza\.com$/i"; classtype:trojan-activity; sid:37616181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain ebookza.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ebookza.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ebookza\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain eloquent-germain.45-138-16-132.plesk.page"; dns.query; content:"eloquent-germain.45-138-16-132.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])eloquent\-germain\.45\-138\-16\-132\.plesk\.page$/i"; classtype:trojan-activity; sid:37616191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain eloquent-germain.45-138-16-132.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eloquent-germain.45-138-16-132.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eloquent\-germain\.45\-138\-16\-132\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain fleekbusiness.com"; dns.query; content:"fleekbusiness.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fleekbusiness\.com$/i"; classtype:trojan-activity; sid:37616201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain fleekbusiness.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fleekbusiness.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fleekbusiness\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain garciaprints.com"; dns.query; content:"garciaprints.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])garciaprints\.com$/i"; classtype:trojan-activity; sid:37616211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain garciaprints.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"garciaprints.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])garciaprints\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain gulfcoastcoffeeroasters.com"; dns.query; content:"gulfcoastcoffeeroasters.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gulfcoastcoffeeroasters\.com$/i"; classtype:trojan-activity; sid:37616221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain gulfcoastcoffeeroasters.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gulfcoastcoffeeroasters.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gulfcoastcoffeeroasters\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain inc.sshadowso.ru"; dns.query; content:"inc.sshadowso.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])inc\.sshadowso\.ru$/i"; classtype:trojan-activity; sid:37616231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain inc.sshadowso.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"inc.sshadowso.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])inc\.sshadowso\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain mail.inspirestudiosteam.com"; dns.query; content:"mail.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37616251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain mail.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain mail.garciaprints.com"; dns.query; content:"mail.garciaprints.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.garciaprints\.com$/i"; classtype:trojan-activity; sid:37616241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain mail.garciaprints.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.garciaprints.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.garciaprints\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain nice-margulis.45-138-16-132.plesk.page"; dns.query; content:"nice-margulis.45-138-16-132.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-margulis\.45\-138\-16\-132\.plesk\.page$/i"; classtype:trojan-activity; sid:37616261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain nice-margulis.45-138-16-132.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nice-margulis.45-138-16-132.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-margulis\.45\-138\-16\-132\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain autodiscover.inspirestudiosteam.com"; dns.query; content:"autodiscover.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])autodiscover\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37616121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain autodiscover.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"autodiscover.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])autodiscover\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain 89.208.103.177.sslip.io"; dns.query; content:"89.208.103.177.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])89\.208\.103\.177\.sslip\.io$/i"; classtype:trojan-activity; sid:37616111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain 89.208.103.177.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"89.208.103.177.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])89\.208\.103\.177\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain 5.42.73.150.sslip.io"; dns.query; content:"5.42.73.150.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])5\.42\.73\.150\.sslip\.io$/i"; classtype:trojan-activity; sid:37616101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain 5.42.73.150.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"5.42.73.150.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])5\.42\.73\.150\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26903 [] Domain 45.138.74.228.sslip.io"; dns.query; content:"45.138.74.228.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])45\.138\.74\.228\.sslip\.io$/i"; classtype:trojan-activity; sid:37616091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26903 [] Outgoing HTTP Domain 45.138.74.228.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"45.138.74.228.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])45\.138\.74\.228\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37616092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 3.126.37.18 16653 (msg: "MISP e26903 [njrat,RAT] Outgoing To IP: 3.126.37.18|16653"; classtype:trojan-activity; sid:37615271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//yes1.homeshopdigital.site/auth/login"; flow:to_server,established; http.header; content:"yes1.homeshopdigital.site"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//yes.homeshopdigital.site/auth/login"; flow:to_server,established; http.header; content:"yes.homeshopdigital.site"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//www.mzile.com/auth/login"; flow:to_server,established; http.header; content:"www.mzile.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//www.mg.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"www.mg.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//www.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"www.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//www.gulfcoastcoffeeroasters.com/auth/login"; flow:to_server,established; http.header; content:"www.gulfcoastcoffeeroasters.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//www.garciaprints.com/auth/login"; flow:to_server,established; http.header; content:"www.garciaprints.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//www.fleekbusiness.com/auth/login"; flow:to_server,established; http.header; content:"www.fleekbusiness.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//www.ebookza.com/auth/login"; flow:to_server,established; http.header; content:"www.ebookza.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37616001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//webmail.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"webmail.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//webdisk.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"webdisk.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//vpnu.top/auth/login"; flow:to_server,established; http.header; content:"vpnu.top"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//109.107.181.83.sslip.io/auth/login"; flow:to_server,established; http.header; content:"109.107.181.83.sslip.io"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//147.45.42.25.sslip.io/auth/login"; flow:to_server,established; http.header; content:"147.45.42.25.sslip.io"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//45.138.74.228.sslip.io/auth/login"; flow:to_server,established; http.header; content:"45.138.74.228.sslip.io"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//5.42.73.150.sslip.io/auth/login"; flow:to_server,established; http.header; content:"5.42.73.150.sslip.io"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//89.208.103.177.sslip.io/auth/login"; flow:to_server,established; http.header; content:"89.208.103.177.sslip.io"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//autodiscover.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"autodiscover.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//blazebit.bet/auth/login"; flow:to_server,established; http.header; content:"blazebit.bet"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//buygamingnfts.com/auth/login"; flow:to_server,established; http.header; content:"buygamingnfts.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//cpanel.garciaprints.com/auth/login"; flow:to_server,established; http.header; content:"cpanel.garciaprints.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//cpanel.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"cpanel.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//cpcontacts.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"cpcontacts.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//ebookza.com/auth/login"; flow:to_server,established; http.header; content:"ebookza.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//eloquent-germain.45-138-16-132.plesk.page/auth/login"; flow:to_server,established; http.header; content:"eloquent-germain.45-138-16-132.plesk.page"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//fleekbusiness.com/auth/login"; flow:to_server,established; http.header; content:"fleekbusiness.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//garciaprints.com/auth/login"; flow:to_server,established; http.header; content:"garciaprints.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//sw.sono.pw/auth/login"; flow:to_server,established; http.header; content:"sw.sono.pw"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//skinsmonkey.complete.homsiknet.com/auth/login"; flow:to_server,established; http.header; content:"skinsmonkey.complete.homsiknet.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//panel.swain.ir/auth/login"; flow:to_server,established; http.header; content:"panel.swain.ir"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//pars.northpm.xyz/auth/login"; flow:to_server,established; http.header; content:"pars.northpm.xyz"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//nice-margulis.45-138-16-132.plesk.page/auth/login"; flow:to_server,established; http.header; content:"nice-margulis.45-138-16-132.plesk.page"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//mail.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"mail.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//mail.garciaprints.com/auth/login"; flow:to_server,established; http.header; content:"mail.garciaprints.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//inc.sshadowso.ru/auth/login"; flow:to_server,established; http.header; content:"inc.sshadowso.ru"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [panel] Outgoing URL http|3a|//gulfcoastcoffeeroasters.com/auth/login"; flow:to_server,established; http.header; content:"gulfcoastcoffeeroasters.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37615881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 88.198.112.251 10050 (msg: "MISP e26866 [] Outgoing To IP: 88.198.112.251|10050"; classtype:trojan-activity; sid:37852801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 95.217.240.158 443 (msg: "MISP e26866 [] Outgoing To IP: 95.217.240.158|443"; classtype:trojan-activity; sid:37852811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 5.161.113.150 25658 (msg: "MISP e26866 [] Outgoing To IP: 5.161.113.150|25658"; classtype:trojan-activity; sid:37848971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 185.91.127.216 5555 (msg: "MISP e26866 [] Outgoing To IP: 185.91.127.216|5555"; classtype:trojan-activity; sid:37848981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 44.196.101.127 80 (msg: "MISP e26866 [] Outgoing To IP: 44.196.101.127|80"; classtype:trojan-activity; sid:37848991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 52.205.60.154 80 (msg: "MISP e26866 [] Outgoing To IP: 52.205.60.154|80"; classtype:trojan-activity; sid:37849001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 34.197.122.235 80 (msg: "MISP e26866 [] Outgoing To IP: 34.197.122.235|80"; classtype:trojan-activity; sid:37849011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 54.237.138.159 80 (msg: "MISP e26866 [] Outgoing To IP: 54.237.138.159|80"; classtype:trojan-activity; sid:37849021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 52.23.117.205 80 (msg: "MISP e26866 [] Outgoing To IP: 52.23.117.205|80"; classtype:trojan-activity; sid:37849031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 52.22.239.204 80 (msg: "MISP e26866 [] Outgoing To IP: 52.22.239.204|80"; classtype:trojan-activity; sid:37849041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 34.230.177.18 80 (msg: "MISP e26866 [] Outgoing To IP: 34.230.177.18|80"; classtype:trojan-activity; sid:37849051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 34.207.38.46 80 (msg: "MISP e26866 [] Outgoing To IP: 34.207.38.46|80"; classtype:trojan-activity; sid:37849061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 172.67.192.204 80 (msg: "MISP e26866 [] Outgoing To IP: 172.67.192.204|80"; classtype:trojan-activity; sid:37849071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 54.234.189.192 80 (msg: "MISP e26866 [] Outgoing To IP: 54.234.189.192|80"; classtype:trojan-activity; sid:37849081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 104.21.44.13 80 (msg: "MISP e26866 [] Outgoing To IP: 104.21.44.13|80"; classtype:trojan-activity; sid:37849091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 172.67.152.71 80 (msg: "MISP e26866 [] Outgoing To IP: 172.67.152.71|80"; classtype:trojan-activity; sid:37849101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 3.126.37.18 16653 (msg: "MISP e26866 [] Outgoing To IP: 3.126.37.18|16653"; classtype:trojan-activity; sid:37849121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 104.21.12.116 80 (msg: "MISP e26866 [] Outgoing To IP: 104.21.12.116|80"; classtype:trojan-activity; sid:37849131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi445444.site"; dns.query; content:"fulllhdvideoizlemeservisi445444.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi445444\.site$/i"; classtype:trojan-activity; sid:37849221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi445444.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi445444.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi445444\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi4583.site"; dns.query; content:"fulllhdvideoizlemeservisi4583.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi4583\.site$/i"; classtype:trojan-activity; sid:37849231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi4583.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi4583.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi4583\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi46793.site"; dns.query; content:"fulllhdvideoizlemeservisi46793.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi46793\.site$/i"; classtype:trojan-activity; sid:37849241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi46793.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi46793.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi46793\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi3969.site"; dns.query; content:"fulllhdvideoizlemeservisi3969.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi3969\.site$/i"; classtype:trojan-activity; sid:37849251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi3969.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi3969.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi3969\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi437.site"; dns.query; content:"fulllhdvideoizlemeservisi437.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi437\.site$/i"; classtype:trojan-activity; sid:37849261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi437.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi437.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi437\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi289.site"; dns.query; content:"fulllhdvideoizlemeservisi289.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi289\.site$/i"; classtype:trojan-activity; sid:37849271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi289.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi289.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi289\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi34776.site"; dns.query; content:"fulllhdvideoizlemeservisi34776.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi34776\.site$/i"; classtype:trojan-activity; sid:37849281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi34776.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi34776.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi34776\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi2246.site"; dns.query; content:"fulllhdvideoizlemeservisi2246.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi2246\.site$/i"; classtype:trojan-activity; sid:37849291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi2246.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi2246.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi2246\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi2548.site"; dns.query; content:"fulllhdvideoizlemeservisi2548.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi2548\.site$/i"; classtype:trojan-activity; sid:37849301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi2548.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi2548.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi2548\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi0474.site"; dns.query; content:"fulllhdvideoizlemeservisi0474.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi0474\.site$/i"; classtype:trojan-activity; sid:37849311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi0474.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi0474.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi0474\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi124.site"; dns.query; content:"fulllhdvideoizlemeservisi124.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi124\.site$/i"; classtype:trojan-activity; sid:37849321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi124.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi124.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi124\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi78123.site"; dns.query; content:"fullhdvideositeresmi78123.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi78123\.site$/i"; classtype:trojan-activity; sid:37849331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi78123.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi78123.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi78123\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi993150.site"; dns.query; content:"fullhdvideositeresmi993150.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi993150\.site$/i"; classtype:trojan-activity; sid:37849341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi993150.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi993150.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi993150\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi4321.site"; dns.query; content:"fullhdvideositeresmi4321.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi4321\.site$/i"; classtype:trojan-activity; sid:37849351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi4321.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi4321.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi4321\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi43464.site"; dns.query; content:"fullhdvideositeresmi43464.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi43464\.site$/i"; classtype:trojan-activity; sid:37849361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi43464.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi43464.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi43464\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi6170.site"; dns.query; content:"fullhdvideositeresmi6170.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi6170\.site$/i"; classtype:trojan-activity; sid:37849371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi6170.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi6170.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi6170\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi23562.site"; dns.query; content:"fullhdvideositeresmi23562.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi23562\.site$/i"; classtype:trojan-activity; sid:37849381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi23562.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi23562.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi23562\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi3215.site"; dns.query; content:"fullhdvideositeresmi3215.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi3215\.site$/i"; classtype:trojan-activity; sid:37849391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi3215.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi3215.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi3215\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi2213.site"; dns.query; content:"fullhdvideositeresmi2213.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi2213\.site$/i"; classtype:trojan-activity; sid:37849401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi2213.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi2213.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi2213\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi2324.site"; dns.query; content:"fullhdvideositeresmi2324.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi2324\.site$/i"; classtype:trojan-activity; sid:37849411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi2324.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi2324.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi2324\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi0513.site"; dns.query; content:"fullhdvideositeresmi0513.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi0513\.site$/i"; classtype:trojan-activity; sid:37849421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi0513.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi0513.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi0513\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi11234.site"; dns.query; content:"fullhdvideositeresmi11234.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi11234\.site$/i"; classtype:trojan-activity; sid:37849431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi11234.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi11234.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi11234\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi12143.site"; dns.query; content:"fullhdvideositeresmi12143.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi12143\.site$/i"; classtype:trojan-activity; sid:37849441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi12143.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi12143.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi12143\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullhdvideositeresmi01234.site"; dns.query; content:"fullhdvideositeresmi01234.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi01234\.site$/i"; classtype:trojan-activity; sid:37849461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullhdvideositeresmi01234.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullhdvideositeresmi01234.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullhdvideositeresmi01234\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fullvehdvideopleyerkurulumu243667.xyz"; dns.query; content:"fullvehdvideopleyerkurulumu243667.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])fullvehdvideopleyerkurulumu243667\.xyz$/i"; classtype:trojan-activity; sid:37849611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fullvehdvideopleyerkurulumu243667.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fullvehdvideopleyerkurulumu243667.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fullvehdvideopleyerkurulumu243667\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi9034.site"; dns.query; content:"fulllhdvideoizlemeservisi9034.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi9034\.site$/i"; classtype:trojan-activity; sid:37849671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi9034.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi9034.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi9034\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi86598.site"; dns.query; content:"fulllhdvideoizlemeservisi86598.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi86598\.site$/i"; classtype:trojan-activity; sid:37849691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi86598.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi86598.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi86598\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi882.site"; dns.query; content:"fulllhdvideoizlemeservisi882.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi882\.site$/i"; classtype:trojan-activity; sid:37849701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi882.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi882.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi882\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi6263.site"; dns.query; content:"fulllhdvideoizlemeservisi6263.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi6263\.site$/i"; classtype:trojan-activity; sid:37849711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi6263.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi6263.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi6263\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi66376.site"; dns.query; content:"fulllhdvideoizlemeservisi66376.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi66376\.site$/i"; classtype:trojan-activity; sid:37849721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi66376.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi66376.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi66376\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi482.site"; dns.query; content:"fulllhdvideoizlemeservisi482.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi482\.site$/i"; classtype:trojan-activity; sid:37849731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi482.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi482.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi482\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi546754.site"; dns.query; content:"fulllhdvideoizlemeservisi546754.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi546754\.site$/i"; classtype:trojan-activity; sid:37849741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi546754.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi546754.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi546754\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fulllhdvideoizlemeservisi5684.site"; dns.query; content:"fulllhdvideoizlemeservisi5684.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi5684\.site$/i"; classtype:trojan-activity; sid:37849751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fulllhdvideoizlemeservisi5684.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fulllhdvideoizlemeservisi5684.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fulllhdvideoizlemeservisi5684\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37849752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri2342.xyz"; dns.query; content:"hdvideoplayersistemleri2342.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri2342\.xyz$/i"; classtype:trojan-activity; sid:37850071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri2342.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri2342.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri2342\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri15.xyz"; dns.query; content:"hdvideoplayersistemleri15.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri15\.xyz$/i"; classtype:trojan-activity; sid:37850091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri15.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri15.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri15\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri234.xyz"; dns.query; content:"hdvideoplayersistemleri234.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri234\.xyz$/i"; classtype:trojan-activity; sid:37850101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri234.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri234.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri234\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi77458.website"; dns.query; content:"hdvideoizleresmi77458.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi77458\.website$/i"; classtype:trojan-activity; sid:37850111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi77458.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi77458.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi77458\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri009.xyz"; dns.query; content:"hdvideoplayersistemleri009.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri009\.xyz$/i"; classtype:trojan-activity; sid:37850121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri009.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri009.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri009\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri123.xyz"; dns.query; content:"hdvideoplayersistemleri123.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri123\.xyz$/i"; classtype:trojan-activity; sid:37850131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri123.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri123.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri123\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi6395456.website"; dns.query; content:"hdvideoizleresmi6395456.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi6395456\.website$/i"; classtype:trojan-activity; sid:37850141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi6395456.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi6395456.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi6395456\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi6458.website"; dns.query; content:"hdvideoizleresmi6458.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi6458\.website$/i"; classtype:trojan-activity; sid:37850151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi6458.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi6458.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi6458\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi456754.website"; dns.query; content:"hdvideoizleresmi456754.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi456754\.website$/i"; classtype:trojan-activity; sid:37850161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi456754.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi456754.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi456754\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi5236.website"; dns.query; content:"hdvideoizleresmi5236.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi5236\.website$/i"; classtype:trojan-activity; sid:37850171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi5236.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi5236.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi5236\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi345738.website"; dns.query; content:"hdvideoizleresmi345738.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi345738\.website$/i"; classtype:trojan-activity; sid:37850181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi345738.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi345738.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi345738\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi347583.website"; dns.query; content:"hdvideoizleresmi347583.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi347583\.website$/i"; classtype:trojan-activity; sid:37850191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi347583.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi347583.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi347583\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi43435546.website"; dns.query; content:"hdvideoizleresmi43435546.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi43435546\.website$/i"; classtype:trojan-activity; sid:37850201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi43435546.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi43435546.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi43435546\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi2356.website"; dns.query; content:"hdvideoizleresmi2356.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi2356\.website$/i"; classtype:trojan-activity; sid:37850211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi2356.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi2356.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi2356\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi326471.website"; dns.query; content:"hdvideoizleresmi326471.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi326471\.website$/i"; classtype:trojan-activity; sid:37850221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi326471.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi326471.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi326471\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi345.website"; dns.query; content:"hdvideoizleresmi345.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi345\.website$/i"; classtype:trojan-activity; sid:37850231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi345.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi345.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi345\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi125.website"; dns.query; content:"hdvideoizleresmi125.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi125\.website$/i"; classtype:trojan-activity; sid:37850241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi125.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi125.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi125\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi2334.website"; dns.query; content:"hdvideoizleresmi2334.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi2334\.website$/i"; classtype:trojan-activity; sid:37850251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi2334.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi2334.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi2334\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi235.website"; dns.query; content:"hdvideoizleresmi235.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi235\.website$/i"; classtype:trojan-activity; sid:37850261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi235.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi235.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi235\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizlemesistemi956735.site"; dns.query; content:"hdvideoizlemesistemi956735.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizlemesistemi956735\.site$/i"; classtype:trojan-activity; sid:37850271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizlemesistemi956735.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizlemesistemi956735.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizlemesistemi956735\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoizleresmi124526.website"; dns.query; content:"hdvideoizleresmi124526.website"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi124526\.website$/i"; classtype:trojan-activity; sid:37850281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoizleresmi124526.website"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoizleresmi124526.website"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoizleresmi124526\.website[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri67.xyz"; dns.query; content:"hdvideoplayersistemleri67.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri67\.xyz$/i"; classtype:trojan-activity; sid:37850331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri67.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri67.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri67\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri675.xyz"; dns.query; content:"hdvideoplayersistemleri675.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri675\.xyz$/i"; classtype:trojan-activity; sid:37850341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri675.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri675.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri675\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri6799.xyz"; dns.query; content:"hdvideoplayersistemleri6799.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri6799\.xyz$/i"; classtype:trojan-activity; sid:37850351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri6799.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri6799.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri6799\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri554.xyz"; dns.query; content:"hdvideoplayersistemleri554.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri554\.xyz$/i"; classtype:trojan-activity; sid:37850361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri554.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri554.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri554\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri609.xyz"; dns.query; content:"hdvideoplayersistemleri609.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri609\.xyz$/i"; classtype:trojan-activity; sid:37850371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri609.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri609.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri609\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri632.xyz"; dns.query; content:"hdvideoplayersistemleri632.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri632\.xyz$/i"; classtype:trojan-activity; sid:37850381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri632.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri632.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri632\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri4579.xyz"; dns.query; content:"hdvideoplayersistemleri4579.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri4579\.xyz$/i"; classtype:trojan-activity; sid:37850391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri4579.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri4579.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri4579\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri458.xyz"; dns.query; content:"hdvideoplayersistemleri458.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri458\.xyz$/i"; classtype:trojan-activity; sid:37850401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri458.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri458.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri458\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri456.xyz"; dns.query; content:"hdvideoplayersistemleri456.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri456\.xyz$/i"; classtype:trojan-activity; sid:37850411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri456.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri456.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri456\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri457.xyz"; dns.query; content:"hdvideoplayersistemleri457.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri457\.xyz$/i"; classtype:trojan-activity; sid:37850421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri457.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri457.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri457\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri427.xyz"; dns.query; content:"hdvideoplayersistemleri427.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri427\.xyz$/i"; classtype:trojan-activity; sid:37850431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri427.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri427.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri427\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri4537.xyz"; dns.query; content:"hdvideoplayersistemleri4537.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri4537\.xyz$/i"; classtype:trojan-activity; sid:37850441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri4537.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri4537.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri4537\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri393.xyz"; dns.query; content:"hdvideoplayersistemleri393.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri393\.xyz$/i"; classtype:trojan-activity; sid:37850451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri393.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri393.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri393\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri26.xyz"; dns.query; content:"hdvideoplayersistemleri26.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri26\.xyz$/i"; classtype:trojan-activity; sid:37850461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri26.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri26.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri26\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri27.xyz"; dns.query; content:"hdvideoplayersistemleri27.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri27\.xyz$/i"; classtype:trojan-activity; sid:37850471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri27.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri27.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri27\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri342.xyz"; dns.query; content:"hdvideoplayersistemleri342.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri342\.xyz$/i"; classtype:trojan-activity; sid:37850481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri342.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri342.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri342\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri247.xyz"; dns.query; content:"hdvideoplayersistemleri247.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri247\.xyz$/i"; classtype:trojan-activity; sid:37850491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri247.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri247.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri247\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri258.xyz"; dns.query; content:"hdvideoplayersistemleri258.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri258\.xyz$/i"; classtype:trojan-activity; sid:37850501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri258.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri258.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri258\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz1245.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz1245.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz1245\.xyz$/i"; classtype:trojan-activity; sid:37850511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz1245.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz1245.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz1245\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz1323.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz1323.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz1323\.xyz$/i"; classtype:trojan-activity; sid:37850521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz1323.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz1323.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz1323\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz1235.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz1235.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz1235\.xyz$/i"; classtype:trojan-activity; sid:37850541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz1235.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz1235.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz1235\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz124.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz124.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz124\.xyz$/i"; classtype:trojan-activity; sid:37850551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz124.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz124.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz124\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videofullizlesite8368.site"; dns.query; content:"videofullizlesite8368.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite8368\.site$/i"; classtype:trojan-activity; sid:37850571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videofullizlesite8368.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videofullizlesite8368.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite8368\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videofullizlesite7865.site"; dns.query; content:"videofullizlesite7865.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite7865\.site$/i"; classtype:trojan-activity; sid:37850601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videofullizlesite7865.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videofullizlesite7865.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite7865\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videofullizlesite64378.site"; dns.query; content:"videofullizlesite64378.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite64378\.site$/i"; classtype:trojan-activity; sid:37850611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videofullizlesite64378.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videofullizlesite64378.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite64378\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videofullizlesite6473.site"; dns.query; content:"videofullizlesite6473.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite6473\.site$/i"; classtype:trojan-activity; sid:37850621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videofullizlesite6473.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videofullizlesite6473.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite6473\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videofullizlesite4352.site"; dns.query; content:"videofullizlesite4352.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite4352\.site$/i"; classtype:trojan-activity; sid:37850631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videofullizlesite4352.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videofullizlesite4352.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite4352\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videofullizlesite5436.site"; dns.query; content:"videofullizlesite5436.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite5436\.site$/i"; classtype:trojan-activity; sid:37850641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videofullizlesite5436.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videofullizlesite5436.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite5436\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videofullizlesite14325.site"; dns.query; content:"videofullizlesite14325.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite14325\.site$/i"; classtype:trojan-activity; sid:37850651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videofullizlesite14325.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videofullizlesite14325.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite14325\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videofullizlesite2432.site"; dns.query; content:"videofullizlesite2432.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite2432\.site$/i"; classtype:trojan-activity; sid:37850661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videofullizlesite2432.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videofullizlesite2432.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite2432\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videofullizlesite345436.site"; dns.query; content:"videofullizlesite345436.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite345436\.site$/i"; classtype:trojan-activity; sid:37850671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videofullizlesite345436.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videofullizlesite345436.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videofullizlesite345436\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri94.xyz"; dns.query; content:"hdvideoplayersistemleri94.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri94\.xyz$/i"; classtype:trojan-activity; sid:37850681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri94.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri94.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri94\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri965.xyz"; dns.query; content:"hdvideoplayersistemleri965.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri965\.xyz$/i"; classtype:trojan-activity; sid:37850691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri965.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri965.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri965\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri8358.xyz"; dns.query; content:"hdvideoplayersistemleri8358.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri8358\.xyz$/i"; classtype:trojan-activity; sid:37850701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri8358.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri8358.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri8358\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri89.xyz"; dns.query; content:"hdvideoplayersistemleri89.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri89\.xyz$/i"; classtype:trojan-activity; sid:37850711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri89.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri89.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri89\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri893.xyz"; dns.query; content:"hdvideoplayersistemleri893.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri893\.xyz$/i"; classtype:trojan-activity; sid:37850721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri893.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri893.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri893\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri689.xyz"; dns.query; content:"hdvideoplayersistemleri689.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri689\.xyz$/i"; classtype:trojan-activity; sid:37850731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri689.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri689.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri689\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain hdvideoplayersistemleri775.xyz"; dns.query; content:"hdvideoplayersistemleri775.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri775\.xyz$/i"; classtype:trojan-activity; sid:37850741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain hdvideoplayersistemleri775.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hdvideoplayersistemleri775.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hdvideoplayersistemleri775\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz3245.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz3245.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz3245\.xyz$/i"; classtype:trojan-activity; sid:37850751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz3245.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz3245.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz3245\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz325.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz325.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz325\.xyz$/i"; classtype:trojan-activity; sid:37850761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz325.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz325.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz325\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz325336.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz325336.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz325336\.xyz$/i"; classtype:trojan-activity; sid:37850771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz325336.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz325336.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz325336\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz2612.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz2612.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2612\.xyz$/i"; classtype:trojan-activity; sid:37850781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz2612.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz2612.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2612\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz3215.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz3215.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz3215\.xyz$/i"; classtype:trojan-activity; sid:37850791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz3215.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz3215.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz3215\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz2452.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz2452.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2452\.xyz$/i"; classtype:trojan-activity; sid:37850801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz2452.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz2452.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2452\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz25.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz25.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz25\.xyz$/i"; classtype:trojan-activity; sid:37850811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz25.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz25.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz25\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz2356.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz2356.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2356\.xyz$/i"; classtype:trojan-activity; sid:37850821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz2356.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz2356.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2356\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz241.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz241.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz241\.xyz$/i"; classtype:trojan-activity; sid:37850831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz241.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz241.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz241\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz235.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz235.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz235\.xyz$/i"; classtype:trojan-activity; sid:37850841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz235.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz235.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz235\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz2355.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz2355.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2355\.xyz$/i"; classtype:trojan-activity; sid:37850851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz2355.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz2355.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2355\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz2346.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz2346.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2346\.xyz$/i"; classtype:trojan-activity; sid:37850861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz2346.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz2346.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2346\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz2245.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz2245.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2245\.xyz$/i"; classtype:trojan-activity; sid:37850871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz2245.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz2245.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2245\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz23.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz23.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz23\.xyz$/i"; classtype:trojan-activity; sid:37850881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz23.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz23.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz23\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz234.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz234.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz234\.xyz$/i"; classtype:trojan-activity; sid:37850891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz234.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz234.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz234\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz138.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz138.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz138\.xyz$/i"; classtype:trojan-activity; sid:37850901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz138.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz138.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz138\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz2145vvv.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz2145vvv.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2145vvv\.xyz$/i"; classtype:trojan-activity; sid:37850911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz2145vvv.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz2145vvv.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz2145vvv\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz525.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz525.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz525\.xyz$/i"; classtype:trojan-activity; sid:37850921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz525.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz525.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz525\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz532.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz532.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz532\.xyz$/i"; classtype:trojan-activity; sid:37850931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz532.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz532.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz532\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz45678.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz45678.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz45678\.xyz$/i"; classtype:trojan-activity; sid:37850941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz45678.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz45678.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz45678\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz4567.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz4567.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz4567\.xyz$/i"; classtype:trojan-activity; sid:37850951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz4567.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz4567.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz4567\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz45676.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz45676.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz45676\.xyz$/i"; classtype:trojan-activity; sid:37850961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz45676.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz45676.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz45676\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz453.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz453.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz453\.xyz$/i"; classtype:trojan-activity; sid:37850971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz453.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz453.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz453\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz4533.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz4533.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz4533\.xyz$/i"; classtype:trojan-activity; sid:37850981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz4533.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz4533.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz4533\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz45436.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz45436.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz45436\.xyz$/i"; classtype:trojan-activity; sid:37850991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz45436.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz45436.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz45436\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37850992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz4378.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz4378.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz4378\.xyz$/i"; classtype:trojan-activity; sid:37851001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz4378.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz4378.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz4378\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz4432.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz4432.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz4432\.xyz$/i"; classtype:trojan-activity; sid:37851011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz4432.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz4432.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz4432\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz4367.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz4367.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz4367\.xyz$/i"; classtype:trojan-activity; sid:37851021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz4367.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz4367.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz4367\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz3786.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz3786.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz3786\.xyz$/i"; classtype:trojan-activity; sid:37851031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz3786.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz3786.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz3786\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz43.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz43.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz43\.xyz$/i"; classtype:trojan-activity; sid:37851041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz43.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz43.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz43\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz436.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz436.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz436\.xyz$/i"; classtype:trojan-activity; sid:37851051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz436.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz436.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz436\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz3466.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz3466.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz3466\.xyz$/i"; classtype:trojan-activity; sid:37851061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz3466.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz3466.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz3466\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz36357.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz36357.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz36357\.xyz$/i"; classtype:trojan-activity; sid:37851071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz36357.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz36357.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz36357\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz345.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz345.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz345\.xyz$/i"; classtype:trojan-activity; sid:37851081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz345.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz345.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz345\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz34616.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz34616.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz34616\.xyz$/i"; classtype:trojan-activity; sid:37851091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz34616.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz34616.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz34616\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz7786.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz7786.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz7786\.xyz$/i"; classtype:trojan-activity; sid:37851101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz7786.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz7786.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz7786\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz3256.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz3256.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz3256\.xyz$/i"; classtype:trojan-activity; sid:37851111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz3256.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz3256.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz3256\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz766.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz766.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz766\.xyz$/i"; classtype:trojan-activity; sid:37851121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz766.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz766.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz766\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz7693.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz7693.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz7693\.xyz$/i"; classtype:trojan-activity; sid:37851131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz7693.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz7693.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz7693\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz7554.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz7554.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz7554\.xyz$/i"; classtype:trojan-activity; sid:37851141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz7554.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz7554.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz7554\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz76342.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz76342.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz76342\.xyz$/i"; classtype:trojan-activity; sid:37851151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz76342.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz76342.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz76342\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz677.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz677.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz677\.xyz$/i"; classtype:trojan-activity; sid:37851161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz677.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz677.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz677\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz685.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz685.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz685\.xyz$/i"; classtype:trojan-activity; sid:37851171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz685.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz685.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz685\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz657.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz657.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz657\.xyz$/i"; classtype:trojan-activity; sid:37851181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz657.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz657.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz657\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz676.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz676.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz676\.xyz$/i"; classtype:trojan-activity; sid:37851191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz676.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz676.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz676\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz6766.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz6766.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz6766\.xyz$/i"; classtype:trojan-activity; sid:37851201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz6766.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz6766.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz6766\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz5736.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz5736.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz5736\.xyz$/i"; classtype:trojan-activity; sid:37851211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz5736.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz5736.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz5736\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz576.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz576.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz576\.xyz$/i"; classtype:trojan-activity; sid:37851221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz576.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz576.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz576\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz5516.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz5516.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz5516\.xyz$/i"; classtype:trojan-activity; sid:37851231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz5516.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz5516.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz5516\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz5646.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz5646.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz5646\.xyz$/i"; classtype:trojan-activity; sid:37851241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz5646.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz5646.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz5646\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz54453.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz54453.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz54453\.xyz$/i"; classtype:trojan-activity; sid:37851251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz54453.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz54453.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz54453\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz54748.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz54748.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz54748\.xyz$/i"; classtype:trojan-activity; sid:37851261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz54748.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz54748.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz54748\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayserhdguncelleme547.xyz"; dns.query; content:"videoplayserhdguncelleme547.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme547\.xyz$/i"; classtype:trojan-activity; sid:37851271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayserhdguncelleme547.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayserhdguncelleme547.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme547\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayserhdguncelleme82.xyz"; dns.query; content:"videoplayserhdguncelleme82.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme82\.xyz$/i"; classtype:trojan-activity; sid:37851281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayserhdguncelleme82.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayserhdguncelleme82.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme82\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz543.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz543.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz543\.xyz$/i"; classtype:trojan-activity; sid:37851291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz543.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz543.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz543\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayserhdguncelleme53.xyz"; dns.query; content:"videoplayserhdguncelleme53.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme53\.xyz$/i"; classtype:trojan-activity; sid:37851301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayserhdguncelleme53.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayserhdguncelleme53.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme53\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayserhdguncelleme5427.xyz"; dns.query; content:"videoplayserhdguncelleme5427.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme5427\.xyz$/i"; classtype:trojan-activity; sid:37851311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayserhdguncelleme5427.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayserhdguncelleme5427.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme5427\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayserhdguncelleme437.xyz"; dns.query; content:"videoplayserhdguncelleme437.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme437\.xyz$/i"; classtype:trojan-activity; sid:37851321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayserhdguncelleme437.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayserhdguncelleme437.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme437\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayserhdguncelleme46.xyz"; dns.query; content:"videoplayserhdguncelleme46.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme46\.xyz$/i"; classtype:trojan-activity; sid:37851331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayserhdguncelleme46.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayserhdguncelleme46.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme46\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayserhdguncelleme12.xyz"; dns.query; content:"videoplayserhdguncelleme12.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme12\.xyz$/i"; classtype:trojan-activity; sid:37851341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayserhdguncelleme12.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayserhdguncelleme12.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme12\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayserhdguncelleme34.xyz"; dns.query; content:"videoplayserhdguncelleme34.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme34\.xyz$/i"; classtype:trojan-activity; sid:37851351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayserhdguncelleme34.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayserhdguncelleme34.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme34\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayserhdguncelleme39.xyz"; dns.query; content:"videoplayserhdguncelleme39.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme39\.xyz$/i"; classtype:trojan-activity; sid:37851361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayserhdguncelleme39.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayserhdguncelleme39.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme39\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayersistemleri15547.site"; dns.query; content:"videoplayersistemleri15547.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayersistemleri15547\.site$/i"; classtype:trojan-activity; sid:37851371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayersistemleri15547.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayersistemleri15547.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayersistemleri15547\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayersistemleri23547.site"; dns.query; content:"videoplayersistemleri23547.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayersistemleri23547\.site$/i"; classtype:trojan-activity; sid:37851381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayersistemleri23547.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayersistemleri23547.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayersistemleri23547\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz9856.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz9856.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz9856\.xyz$/i"; classtype:trojan-activity; sid:37851391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz9856.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz9856.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz9856\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz986.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz986.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz986\.xyz$/i"; classtype:trojan-activity; sid:37851401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz986.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz986.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz986\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz9872.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz9872.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz9872\.xyz$/i"; classtype:trojan-activity; sid:37851411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz9872.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz9872.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz9872\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz87636.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz87636.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz87636\.xyz$/i"; classtype:trojan-activity; sid:37851421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz87636.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz87636.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz87636\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz8798.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz8798.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz8798\.xyz$/i"; classtype:trojan-activity; sid:37851431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz8798.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz8798.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz8798\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz7963.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz7963.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz7963\.xyz$/i"; classtype:trojan-activity; sid:37851441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz7963.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz7963.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz7963\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz8456.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz8456.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz8456\.xyz$/i"; classtype:trojan-activity; sid:37851451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz8456.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz8456.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz8456\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain crypton0019.workers.dev"; dns.query; content:"crypton0019.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crypton0019\.workers\.dev$/i"; classtype:trojan-activity; sid:37851461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain crypton0019.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crypton0019.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crypton0019\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayserhdguncelleme89.xyz"; dns.query; content:"videoplayserhdguncelleme89.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme89\.xyz$/i"; classtype:trojan-activity; sid:37851471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayserhdguncelleme89.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayserhdguncelleme89.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayserhdguncelleme89\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain videoplayerizlemehdvefullucretsiz78543.xyz"; dns.query; content:"videoplayerizlemehdvefullucretsiz78543.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz78543\.xyz$/i"; classtype:trojan-activity; sid:37851481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain videoplayerizlemehdvefullucretsiz78543.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"videoplayerizlemehdvefullucretsiz78543.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])videoplayerizlemehdvefullucretsiz78543\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-dgdp-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-dgdp-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-dgdp\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37851491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-dgdp-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-dgdp-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-dgdp\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain 203-124351878443.hopto.org"; dns.query; content:"203-124351878443.hopto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])203\-124351878443\.hopto\.org$/i"; classtype:trojan-activity; sid:37851501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain 203-124351878443.hopto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"203-124351878443.hopto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])203\-124351878443\.hopto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-bafmilbd.myvnc.com"; dns.query; content:"mail-bafmilbd.myvnc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-bafmilbd\.myvnc\.com$/i"; classtype:trojan-activity; sid:37851511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-bafmilbd.myvnc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-bafmilbd.myvnc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-bafmilbd\.myvnc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-depo-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-depo-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-depo\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37851521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-depo-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-depo-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-depo\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-depogovpk.myvnc.com"; dns.query; content:"mail-depogovpk.myvnc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-depogovpk\.myvnc\.com$/i"; classtype:trojan-activity; sid:37851531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-depogovpk.myvnc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-depogovpk.myvnc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-depogovpk\.myvnc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-armylk.myvnc.com"; dns.query; content:"mail-armylk.myvnc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-armylk\.myvnc\.com$/i"; classtype:trojan-activity; sid:37851541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-armylk.myvnc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-armylk.myvnc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-armylk\.myvnc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-armylk.servehalflife.com"; dns.query; content:"mail-armylk.servehalflife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-armylk\.servehalflife\.com$/i"; classtype:trojan-activity; sid:37851551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-armylk.servehalflife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-armylk.servehalflife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-armylk\.servehalflife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain ideas2024-pakistan.myvnc.com"; dns.query; content:"ideas2024-pakistan.myvnc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ideas2024\-pakistan\.myvnc\.com$/i"; classtype:trojan-activity; sid:37851561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain ideas2024-pakistan.myvnc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ideas2024-pakistan.myvnc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ideas2024\-pakistan\.myvnc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain ideaspakistan-govpk.myvnc.com"; dns.query; content:"ideaspakistan-govpk.myvnc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ideaspakistan\-govpk\.myvnc\.com$/i"; classtype:trojan-activity; sid:37851571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain ideaspakistan-govpk.myvnc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ideaspakistan-govpk.myvnc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ideaspakistan\-govpk\.myvnc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain iportal-ntdcgovpk.myvnc.com"; dns.query; content:"iportal-ntdcgovpk.myvnc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])iportal\-ntdcgovpk\.myvnc\.com$/i"; classtype:trojan-activity; sid:37851581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain iportal-ntdcgovpk.myvnc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"iportal-ntdcgovpk.myvnc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])iportal\-ntdcgovpk\.myvnc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain ethanhunthero125.workers.dev"; dns.query; content:"ethanhunthero125.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])ethanhunthero125\.workers\.dev$/i"; classtype:trojan-activity; sid:37851591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain ethanhunthero125.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ethanhunthero125.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ethanhunthero125\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain govaruba.duckdns.org"; dns.query; content:"govaruba.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])govaruba\.duckdns\.org$/i"; classtype:trojan-activity; sid:37851601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain govaruba.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"govaruba.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])govaruba\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain government-pak.workers.dev"; dns.query; content:"government-pak.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])government\-pak\.workers\.dev$/i"; classtype:trojan-activity; sid:37851611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain government-pak.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"government-pak.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])government\-pak\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mailhit-govpk.hopto.org"; dns.query; content:"mailhit-govpk.hopto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mailhit\-govpk\.hopto\.org$/i"; classtype:trojan-activity; sid:37851621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mailhit-govpk.hopto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mailhit-govpk.hopto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mailhit\-govpk\.hopto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain diagov.ddns.net"; dns.query; content:"diagov.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])diagov\.ddns\.net$/i"; classtype:trojan-activity; sid:37851631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain diagov.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"diagov.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])diagov\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-pofgovpk.3utilities.com"; dns.query; content:"mail-pofgovpk.3utilities.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-pofgovpk\.3utilities\.com$/i"; classtype:trojan-activity; sid:37851641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-pofgovpk.3utilities.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-pofgovpk.3utilities.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-pofgovpk\.3utilities\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-pofgovpk.sytes.net"; dns.query; content:"mail-pofgovpk.sytes.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-pofgovpk\.sytes\.net$/i"; classtype:trojan-activity; sid:37851651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-pofgovpk.sytes.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-pofgovpk.sytes.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-pofgovpk\.sytes\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-sco-gov-pk.crypton0019.workers.dev"; dns.query; content:"mail-sco-gov-pk.crypton0019.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-sco\-gov\-pk\.crypton0019\.workers\.dev$/i"; classtype:trojan-activity; sid:37851661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-sco-gov-pk.crypton0019.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-sco-gov-pk.crypton0019.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-sco\-gov\-pk\.crypton0019\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-paf-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-paf-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-paf\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37851671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-paf-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-paf-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-paf\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-pc-gov-pk-login.ethanhunthero125.workers.dev"; dns.query; content:"mail-pc-gov-pk-login.ethanhunthero125.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-pc\-gov\-pk\-login\.ethanhunthero125\.workers\.dev$/i"; classtype:trojan-activity; sid:37851681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-pc-gov-pk-login.ethanhunthero125.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-pc-gov-pk-login.ethanhunthero125.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-pc\-gov\-pk\-login\.ethanhunthero125\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-modp-gov-pk.pak-gov-pk.workers.dev"; dns.query; content:"mail-modp-gov-pk.pak-gov-pk.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modp\-gov\-pk\.pak\-gov\-pk\.workers\.dev$/i"; classtype:trojan-activity; sid:37851691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-modp-gov-pk.pak-gov-pk.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-modp-gov-pk.pak-gov-pk.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modp\-gov\-pk\.pak\-gov\-pk\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-nespak-com-pk.gwadarportt.workers.dev"; dns.query; content:"mail-nespak-com-pk.gwadarportt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-nespak\-com\-pk\.gwadarportt\.workers\.dev$/i"; classtype:trojan-activity; sid:37851701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-nespak-com-pk.gwadarportt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-nespak-com-pk.gwadarportt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-nespak\-com\-pk\.gwadarportt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-modp-gov-pk.government-pak.workers.dev"; dns.query; content:"mail-modp-gov-pk.government-pak.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modp\-gov\-pk\.government\-pak\.workers\.dev$/i"; classtype:trojan-activity; sid:37851711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-modp-gov-pk.government-pak.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-modp-gov-pk.government-pak.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modp\-gov\-pk\.government\-pak\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-modp-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-modp-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modp\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37851721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-modp-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-modp-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-modp\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-invest-gov-pk.gwadarportt.workers.dev"; dns.query; content:"mail-invest-gov-pk.gwadarportt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-invest\-gov\-pk\.gwadarportt\.workers\.dev$/i"; classtype:trojan-activity; sid:37851731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-invest-gov-pk.gwadarportt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-invest-gov-pk.gwadarportt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-invest\-gov\-pk\.gwadarportt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-mod-gov-pk.pakistan-gov-pk.workers.dev"; dns.query; content:"mail-mod-gov-pk.pakistan-gov-pk.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mod\-gov\-pk\.pakistan\-gov\-pk\.workers\.dev$/i"; classtype:trojan-activity; sid:37851741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-mod-gov-pk.pakistan-gov-pk.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-mod-gov-pk.pakistan-gov-pk.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-mod\-gov\-pk\.pakistan\-gov\-pk\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-hitgovpk.myvnc.com"; dns.query; content:"mail-hitgovpk.myvnc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-hitgovpk\.myvnc\.com$/i"; classtype:trojan-activity; sid:37851751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-hitgovpk.myvnc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-hitgovpk.myvnc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-hitgovpk\.myvnc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-hitgovpk.servegame.com"; dns.query; content:"mail-hitgovpk.servegame.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-hitgovpk\.servegame\.com$/i"; classtype:trojan-activity; sid:37851761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-hitgovpk.servegame.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-hitgovpk.servegame.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-hitgovpk\.servegame\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-hitgovpk.servehttp.com"; dns.query; content:"mail-hitgovpk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-hitgovpk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37851771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-hitgovpk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-hitgovpk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-hitgovpk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain worker-crimson-bread-052d.crypton0019.workers.dev"; dns.query; content:"worker-crimson-bread-052d.crypton0019.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])worker\-crimson\-bread\-052d\.crypton0019\.workers\.dev$/i"; classtype:trojan-activity; sid:37851781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain worker-crimson-bread-052d.crypton0019.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"worker-crimson-bread-052d.crypton0019.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])worker\-crimson\-bread\-052d\.crypton0019\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail-hit-gov-pk.ntc-telecomcorporation.workers.dev"; dns.query; content:"mail-hit-gov-pk.ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-hit\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37851791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail-hit-gov-pk.ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail-hit-gov-pk.ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\-hit\-gov\-pk\.ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain pakistan-gov-pk.workers.dev"; dns.query; content:"pakistan-gov-pk.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pakistan\-gov\-pk\.workers\.dev$/i"; classtype:trojan-activity; sid:37851801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain pakistan-gov-pk.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pakistan-gov-pk.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pakistan\-gov\-pk\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain pertest-ntdccompk.ddnsking.com"; dns.query; content:"pertest-ntdccompk.ddnsking.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pertest\-ntdccompk\.ddnsking\.com$/i"; classtype:trojan-activity; sid:37851811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain pertest-ntdccompk.ddnsking.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pertest-ntdccompk.ddnsking.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pertest\-ntdccompk\.ddnsking\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain webmail-gda-gov-pk.gwadarportt.workers.dev"; dns.query; content:"webmail-gda-gov-pk.gwadarportt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\-gda\-gov\-pk\.gwadarportt\.workers\.dev$/i"; classtype:trojan-activity; sid:37851821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain webmail-gda-gov-pk.gwadarportt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webmail-gda-gov-pk.gwadarportt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\-gda\-gov\-pk\.gwadarportt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain ntc-telecomcorporation.workers.dev"; dns.query; content:"ntc-telecomcorporation.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])ntc\-telecomcorporation\.workers\.dev$/i"; classtype:trojan-activity; sid:37851831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain ntc-telecomcorporation.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ntc-telecomcorporation.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ntc\-telecomcorporation\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain pak-gov-pk.workers.dev"; dns.query; content:"pak-gov-pk.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pak\-gov\-pk\.workers\.dev$/i"; classtype:trojan-activity; sid:37851841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain pak-gov-pk.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pak-gov-pk.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pak\-gov\-pk\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mailsco-govpk.myvnc.com"; dns.query; content:"mailsco-govpk.myvnc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mailsco\-govpk\.myvnc\.com$/i"; classtype:trojan-activity; sid:37851851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mailsco-govpk.myvnc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mailsco-govpk.myvnc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mailsco\-govpk\.myvnc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain meter-ntdccompk.myvnc.com"; dns.query; content:"meter-ntdccompk.myvnc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])meter\-ntdccompk\.myvnc\.com$/i"; classtype:trojan-activity; sid:37851861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain meter-ntdccompk.myvnc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"meter-ntdccompk.myvnc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])meter\-ntdccompk\.myvnc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain meter-ntdccompk.servehttp.com"; dns.query; content:"meter-ntdccompk.servehttp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])meter\-ntdccompk\.servehttp\.com$/i"; classtype:trojan-activity; sid:37851871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain meter-ntdccompk.servehttp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"meter-ntdccompk.servehttp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])meter\-ntdccompk\.servehttp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain worker-orange-unit-abfb.gwadarportt.workers.dev"; dns.query; content:"worker-orange-unit-abfb.gwadarportt.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])worker\-orange\-unit\-abfb\.gwadarportt\.workers\.dev$/i"; classtype:trojan-activity; sid:37851881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain worker-orange-unit-abfb.gwadarportt.workers.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"worker-orange-unit-abfb.gwadarportt.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])worker\-orange\-unit\-abfb\.gwadarportt\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mailpsab-modgovpk.hopto.org"; dns.query; content:"mailpsab-modgovpk.hopto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mailpsab\-modgovpk\.hopto\.org$/i"; classtype:trojan-activity; sid:37851891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mailpsab-modgovpk.hopto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mailpsab-modgovpk.hopto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mailpsab\-modgovpk\.hopto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mailsco-govpk.hopto.org"; dns.query; content:"mailsco-govpk.hopto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mailsco\-govpk\.hopto\.org$/i"; classtype:trojan-activity; sid:37851901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mailsco-govpk.hopto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mailsco-govpk.hopto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mailsco\-govpk\.hopto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain route.qyhgroup.com"; dns.query; content:"route.qyhgroup.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])route\.qyhgroup\.com$/i"; classtype:trojan-activity; sid:37851911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain route.qyhgroup.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"route.qyhgroup.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])route\.qyhgroup\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain multi-bidding.gl.at.ply.gg"; dns.query; content:"multi-bidding.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])multi\-bidding\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37851921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain multi-bidding.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"multi-bidding.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])multi\-bidding\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain wwv.bmjz.vip"; dns.query; content:"wwv.bmjz.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwv\.bmjz\.vip$/i"; classtype:trojan-activity; sid:37851931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain wwv.bmjz.vip"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwv.bmjz.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwv\.bmjz\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain pve.pezow.ovh"; dns.query; content:"pve.pezow.ovh"; nocase; pcre: "/(^|[^A-Za-z0-9-])pve\.pezow\.ovh$/i"; classtype:trojan-activity; sid:37851941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain pve.pezow.ovh"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pve.pezow.ovh"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pve\.pezow\.ovh[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mnmn.espontaneo.cc"; dns.query; content:"mnmn.espontaneo.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])mnmn\.espontaneo\.cc$/i"; classtype:trojan-activity; sid:37851951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mnmn.espontaneo.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mnmn.espontaneo.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mnmn\.espontaneo\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain refinedruffles.com"; dns.query; content:"refinedruffles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])refinedruffles\.com$/i"; classtype:trojan-activity; sid:37851961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain refinedruffles.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"refinedruffles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])refinedruffles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain q65fpfr2wpjugu7y3ldvjjdgz8uzqak2.nl"; dns.query; content:"q65fpfr2wpjugu7y3ldvjjdgz8uzqak2.nl"; nocase; pcre: "/(^|[^A-Za-z0-9-])q65fpfr2wpjugu7y3ldvjjdgz8uzqak2\.nl$/i"; classtype:trojan-activity; sid:37851971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain q65fpfr2wpjugu7y3ldvjjdgz8uzqak2.nl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"q65fpfr2wpjugu7y3ldvjjdgz8uzqak2.nl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])q65fpfr2wpjugu7y3ldvjjdgz8uzqak2\.nl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain 4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb.nl"; dns.query; content:"4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb.nl"; nocase; pcre: "/(^|[^A-Za-z0-9-])4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb\.nl$/i"; classtype:trojan-activity; sid:37851991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain 4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb.nl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb.nl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])4stvghabsy3dg893uhszgtyerecs44axutq5unuvsa7u8833eb\.nl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37851992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 198.44.171.3 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//198.44.171.3/auth/login"; flow:to_server,established; http.header; content:"198.44.171.3"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 172.67.192.204 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//172.67.192.204/auth/login"; flow:to_server,established; http.header; content:"172.67.192.204"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 175.110.115.65 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//175.110.115.65/auth/login"; flow:to_server,established; http.header; content:"175.110.115.65"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 104.21.12.116 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//104.21.12.116/auth/login"; flow:to_server,established; http.header; content:"104.21.12.116"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 104.21.44.13 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//104.21.44.13/auth/login"; flow:to_server,established; http.header; content:"104.21.44.13"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 172.67.152.71 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//172.67.152.71/auth/login"; flow:to_server,established; http.header; content:"172.67.152.71"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 92.246.136.161 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//92.246.136.161/auth/login"; flow:to_server,established; http.header; content:"92.246.136.161"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 94.228.162.149 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//94.228.162.149/auth/login"; flow:to_server,established; http.header; content:"94.228.162.149"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 79.137.202.68 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//79.137.202.68/auth/login"; flow:to_server,established; http.header; content:"79.137.202.68"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 45.138.16.132 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//45.138.16.132/auth/login"; flow:to_server,established; http.header; content:"45.138.16.132"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 5.42.73.150 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//5.42.73.150/auth/login"; flow:to_server,established; http.header; content:"5.42.73.150"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 147.45.42.25 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//147.45.42.25/auth/login"; flow:to_server,established; http.header; content:"147.45.42.25"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 109.107.181.83 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//109.107.181.83/auth/login"; flow:to_server,established; http.header; content:"109.107.181.83"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain yes1.homeshopdigital.site"; dns.query; content:"yes1.homeshopdigital.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])yes1\.homeshopdigital\.site$/i"; classtype:trojan-activity; sid:37852181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain yes1.homeshopdigital.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yes1.homeshopdigital.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yes1\.homeshopdigital\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 77.105.147.157 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//77.105.147.157/auth/login"; flow:to_server,established; http.header; content:"77.105.147.157"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 45.138.74.228 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//45.138.74.228/auth/login"; flow:to_server,established; http.header; content:"45.138.74.228"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain www.mg.inspirestudiosteam.com"; dns.query; content:"www.mg.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mg\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37852211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain www.mg.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.mg.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mg\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain www.mzile.com"; dns.query; content:"www.mzile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mzile\.com$/i"; classtype:trojan-activity; sid:37852221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain www.mzile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.mzile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.mzile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain yes.homeshopdigital.site"; dns.query; content:"yes.homeshopdigital.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])yes\.homeshopdigital\.site$/i"; classtype:trojan-activity; sid:37852231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain yes.homeshopdigital.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yes.homeshopdigital.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yes\.homeshopdigital\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain www.garciaprints.com"; dns.query; content:"www.garciaprints.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.garciaprints\.com$/i"; classtype:trojan-activity; sid:37852241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain www.garciaprints.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.garciaprints.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.garciaprints\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain www.gulfcoastcoffeeroasters.com"; dns.query; content:"www.gulfcoastcoffeeroasters.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gulfcoastcoffeeroasters\.com$/i"; classtype:trojan-activity; sid:37852251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain www.gulfcoastcoffeeroasters.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.gulfcoastcoffeeroasters.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.gulfcoastcoffeeroasters\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain www.inspirestudiosteam.com"; dns.query; content:"www.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37852261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain www.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain www.ebookza.com"; dns.query; content:"www.ebookza.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ebookza\.com$/i"; classtype:trojan-activity; sid:37852271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain www.ebookza.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.ebookza.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ebookza\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain www.fleekbusiness.com"; dns.query; content:"www.fleekbusiness.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fleekbusiness\.com$/i"; classtype:trojan-activity; sid:37852281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain www.fleekbusiness.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.fleekbusiness.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fleekbusiness\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain vpnu.top"; dns.query; content:"vpnu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])vpnu\.top$/i"; classtype:trojan-activity; sid:37852291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain vpnu.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vpnu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vpnu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain webdisk.inspirestudiosteam.com"; dns.query; content:"webdisk.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])webdisk\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37852301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain webdisk.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webdisk.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webdisk\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain webmail.inspirestudiosteam.com"; dns.query; content:"webmail.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37852311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain webmail.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webmail.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain cpanel.garciaprints.com"; dns.query; content:"cpanel.garciaprints.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cpanel\.garciaprints\.com$/i"; classtype:trojan-activity; sid:37852321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain cpanel.garciaprints.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cpanel.garciaprints.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cpanel\.garciaprints\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain blazebit.bet"; dns.query; content:"blazebit.bet"; nocase; pcre: "/(^|[^A-Za-z0-9-])blazebit\.bet$/i"; classtype:trojan-activity; sid:37852331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain blazebit.bet"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blazebit.bet"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blazebit\.bet[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain pars.northpm.xyz"; dns.query; content:"pars.northpm.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])pars\.northpm\.xyz$/i"; classtype:trojan-activity; sid:37852341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain pars.northpm.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pars.northpm.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pars\.northpm\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain eloquent-germain.45-138-16-132.plesk.page"; dns.query; content:"eloquent-germain.45-138-16-132.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])eloquent\-germain\.45\-138\-16\-132\.plesk\.page$/i"; classtype:trojan-activity; sid:37852351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain eloquent-germain.45-138-16-132.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eloquent-germain.45-138-16-132.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eloquent\-germain\.45\-138\-16\-132\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain cpcontacts.inspirestudiosteam.com"; dns.query; content:"cpcontacts.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cpcontacts\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37852361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain cpcontacts.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cpcontacts.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cpcontacts\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain inc.sshadowso.ru"; dns.query; content:"inc.sshadowso.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])inc\.sshadowso\.ru$/i"; classtype:trojan-activity; sid:37852371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain inc.sshadowso.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"inc.sshadowso.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])inc\.sshadowso\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain gulfcoastcoffeeroasters.com"; dns.query; content:"gulfcoastcoffeeroasters.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gulfcoastcoffeeroasters\.com$/i"; classtype:trojan-activity; sid:37852381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain gulfcoastcoffeeroasters.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gulfcoastcoffeeroasters.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gulfcoastcoffeeroasters\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain fleekbusiness.com"; dns.query; content:"fleekbusiness.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fleekbusiness\.com$/i"; classtype:trojan-activity; sid:37852391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain fleekbusiness.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fleekbusiness.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fleekbusiness\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain autodiscover.inspirestudiosteam.com"; dns.query; content:"autodiscover.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])autodiscover\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37852401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain autodiscover.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"autodiscover.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])autodiscover\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain mail.inspirestudiosteam.com"; dns.query; content:"mail.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37852411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain mail.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain 5.42.73.150.sslip.io"; dns.query; content:"5.42.73.150.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])5\.42\.73\.150\.sslip\.io$/i"; classtype:trojan-activity; sid:37852421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain 5.42.73.150.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"5.42.73.150.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])5\.42\.73\.150\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain 89.208.103.177.sslip.io"; dns.query; content:"89.208.103.177.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])89\.208\.103\.177\.sslip\.io$/i"; classtype:trojan-activity; sid:37852431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain 89.208.103.177.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"89.208.103.177.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])89\.208\.103\.177\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//yes.homeshopdigital.site/auth/login"; flow:to_server,established; http.header; content:"yes.homeshopdigital.site"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//yes1.homeshopdigital.site/auth/login"; flow:to_server,established; http.header; content:"yes1.homeshopdigital.site"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26866 [] Domain 45.138.74.228.sslip.io"; dns.query; content:"45.138.74.228.sslip.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])45\.138\.74\.228\.sslip\.io$/i"; classtype:trojan-activity; sid:37852461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26866 [] Outgoing HTTP Domain 45.138.74.228.sslip.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"45.138.74.228.sslip.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])45\.138\.74\.228\.sslip\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37852462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//www.mg.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"www.mg.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//www.mzile.com/auth/login"; flow:to_server,established; http.header; content:"www.mzile.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//www.garciaprints.com/auth/login"; flow:to_server,established; http.header; content:"www.garciaprints.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//www.gulfcoastcoffeeroasters.com/auth/login"; flow:to_server,established; http.header; content:"www.gulfcoastcoffeeroasters.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//www.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"www.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//www.ebookza.com/auth/login"; flow:to_server,established; http.header; content:"www.ebookza.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//www.fleekbusiness.com/auth/login"; flow:to_server,established; http.header; content:"www.fleekbusiness.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//webdisk.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"webdisk.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//webmail.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"webmail.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//147.45.42.25.sslip.io/auth/login"; flow:to_server,established; http.header; content:"147.45.42.25.sslip.io"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//109.107.181.83.sslip.io/auth/login"; flow:to_server,established; http.header; content:"109.107.181.83.sslip.io"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//vpnu.top/auth/login"; flow:to_server,established; http.header; content:"vpnu.top"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//89.208.103.177.sslip.io/auth/login"; flow:to_server,established; http.header; content:"89.208.103.177.sslip.io"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//5.42.73.150.sslip.io/auth/login"; flow:to_server,established; http.header; content:"5.42.73.150.sslip.io"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//45.138.74.228.sslip.io/auth/login"; flow:to_server,established; http.header; content:"45.138.74.228.sslip.io"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//blazebit.bet/auth/login"; flow:to_server,established; http.header; content:"blazebit.bet"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//autodiscover.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"autodiscover.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//cpanel.garciaprints.com/auth/login"; flow:to_server,established; http.header; content:"cpanel.garciaprints.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//buygamingnfts.com/auth/login"; flow:to_server,established; http.header; content:"buygamingnfts.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//ebookza.com/auth/login"; flow:to_server,established; http.header; content:"ebookza.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//cpcontacts.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"cpcontacts.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//cpanel.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"cpanel.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//garciaprints.com/auth/login"; flow:to_server,established; http.header; content:"garciaprints.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//eloquent-germain.45-138-16-132.plesk.page/auth/login"; flow:to_server,established; http.header; content:"eloquent-germain.45-138-16-132.plesk.page"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//sw.sono.pw/auth/login"; flow:to_server,established; http.header; content:"sw.sono.pw"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//fleekbusiness.com/auth/login"; flow:to_server,established; http.header; content:"fleekbusiness.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//panel.swain.ir/auth/login"; flow:to_server,established; http.header; content:"panel.swain.ir"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//pars.northpm.xyz/auth/login"; flow:to_server,established; http.header; content:"pars.northpm.xyz"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//skinsmonkey.complete.homsiknet.com/auth/login"; flow:to_server,established; http.header; content:"skinsmonkey.complete.homsiknet.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//mail.inspirestudiosteam.com/auth/login"; flow:to_server,established; http.header; content:"mail.inspirestudiosteam.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//nice-margulis.45-138-16-132.plesk.page/auth/login"; flow:to_server,established; http.header; content:"nice-margulis.45-138-16-132.plesk.page"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//inc.sshadowso.ru/auth/login"; flow:to_server,established; http.header; content:"inc.sshadowso.ru"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//mail.garciaprints.com/auth/login"; flow:to_server,established; http.header; content:"mail.garciaprints.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//gulfcoastcoffeeroasters.com/auth/login"; flow:to_server,established; http.header; content:"gulfcoastcoffeeroasters.com"; fast_pattern; nocase; http.uri; content:"/auth/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37852821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 18.229.248.167 12778 (msg: "MISP e26903 [njrat] Outgoing To IP: 18.229.248.167|12778"; classtype:trojan-activity; sid:37619031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 18.228.115.60 12778 (msg: "MISP e26903 [njrat] Outgoing To IP: 18.228.115.60|12778"; classtype:trojan-activity; sid:37619041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 18.229.146.63 12778 (msg: "MISP e26903 [njrat] Outgoing To IP: 18.229.146.63|12778"; classtype:trojan-activity; sid:37619051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 18.231.93.153 12778 (msg: "MISP e26903 [njrat] Outgoing To IP: 18.231.93.153|12778"; classtype:trojan-activity; sid:37619061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 18.228.115.60 12778 (msg: "MISP e26866 [] Outgoing To IP: 18.228.115.60|12778"; classtype:trojan-activity; sid:37848921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 18.229.248.167 12778 (msg: "MISP e26866 [] Outgoing To IP: 18.229.248.167|12778"; classtype:trojan-activity; sid:37848931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 18.229.146.63 12778 (msg: "MISP e26866 [] Outgoing To IP: 18.229.146.63|12778"; classtype:trojan-activity; sid:37848951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 18.231.93.153 12778 (msg: "MISP e26866 [] Outgoing To IP: 18.231.93.153|12778"; classtype:trojan-activity; sid:37848961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 204.44.127.146 20188 (msg: "MISP e26903 [Adwind] Outgoing To IP: 204.44.127.146|20188"; classtype:trojan-activity; sid:37619081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 54.94.248.37 12778 (msg: "MISP e26903 [njrat,RAT] Outgoing To IP: 54.94.248.37|12778"; classtype:trojan-activity; sid:37619071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 204.44.127.146 20188 (msg: "MISP e26866 [] Outgoing To IP: 204.44.127.146|20188"; classtype:trojan-activity; sid:37848941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert dns any any -> any any (msg: "MISP e26901 [] Domain banco.estadosoporte.info"; dns.query; content:"banco.estadosoporte.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estadosoporte\.info$/i"; classtype:trojan-activity; sid:37615081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26901;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26901 [] Outgoing HTTP Domain banco.estadosoporte.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banco.estadosoporte.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estadosoporte\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26901;) alert ip $HOME_NET any -> 54.94.248.37 12778 (msg: "MISP e26866 [] Outgoing To IP: 54.94.248.37|12778"; classtype:trojan-activity; sid:37848901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 45.134.225.247 $HTTP_PORTS (msg: "MISP e26903 [CobaltStrike,ColocationX Ltd.,cs-watermark-987654321] Outgoing URL http|3a|//45.134.225.247/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"45.134.225.247"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37619091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 45.134.225.247 443 (msg: "MISP e26903 [CobaltStrike,ColocationX Ltd.,cs-watermark-987654321] Outgoing To IP: 45.134.225.247|443"; classtype:trojan-activity; sid:37619101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 47.109.102.98 $HTTP_PORTS (msg: "MISP e26903 [CobaltStrike,cs-watermark-100000,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.109.102.98/ptj"; flow:to_server,established; http.header; content:"47.109.102.98"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37619111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 45.134.225.247 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//45.134.225.247/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"45.134.225.247"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37848881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 45.134.225.247 443 (msg: "MISP e26866 [] Outgoing To IP: 45.134.225.247|443"; classtype:trojan-activity; sid:37848891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 47.109.102.98 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//47.109.102.98/ptj"; flow:to_server,established; http.header; content:"47.109.102.98"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37848911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 103.139.93.20 3306 (msg: "MISP e26903 [ANCHGLOBAL-AS-AP Anchnet Asia Limited,Havoc] Outgoing To IP: 103.139.93.20|3306"; classtype:trojan-activity; sid:37619121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 143.110.250.237 443 (msg: "MISP e26903 [DIGITALOCEAN-ASN,Responder] Outgoing To IP: 143.110.250.237|443"; classtype:trojan-activity; sid:37619131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 154.247.5.62 993 (msg: "MISP e26903 [ALGTEL-AS,QakBot] Outgoing To IP: 154.247.5.62|993"; classtype:trojan-activity; sid:37619141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 31.117.7.53 2222 (msg: "MISP e26903 [BT-UK-AS BTnet UK Regional network,QakBot] Outgoing To IP: 31.117.7.53|2222"; classtype:trojan-activity; sid:37619151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 78.166.15.66 443 (msg: "MISP e26903 [QakBot,TTNET] Outgoing To IP: 78.166.15.66|443"; classtype:trojan-activity; sid:37619161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 94.49.209.30 443 (msg: "MISP e26903 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 94.49.209.30|443"; classtype:trojan-activity; sid:37619171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 2.88.117.178 443 (msg: "MISP e26903 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 2.88.117.178|443"; classtype:trojan-activity; sid:37619181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 191.88.249.121 4433 (msg: "MISP e26903 [Colombia Movil,dcrat] Outgoing To IP: 191.88.249.121|4433"; classtype:trojan-activity; sid:37619191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert dns any any -> any any (msg: "MISP e26902 [] Domain cuentarut-bancoestado.pages.dev"; dns.query; content:"cuentarut-bancoestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-bancoestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37615201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26902;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26902 [] Outgoing HTTP Domain cuentarut-bancoestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cuentarut-bancoestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-bancoestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37615202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26902;) alert ip $HOME_NET any -> 103.139.93.20 3306 (msg: "MISP e26866 [] Outgoing To IP: 103.139.93.20|3306"; classtype:trojan-activity; sid:37848791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 154.247.5.62 993 (msg: "MISP e26866 [] Outgoing To IP: 154.247.5.62|993"; classtype:trojan-activity; sid:37848811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 143.110.250.237 443 (msg: "MISP e26866 [] Outgoing To IP: 143.110.250.237|443"; classtype:trojan-activity; sid:37848821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 78.166.15.66 443 (msg: "MISP e26866 [] Outgoing To IP: 78.166.15.66|443"; classtype:trojan-activity; sid:37848831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 31.117.7.53 2222 (msg: "MISP e26866 [] Outgoing To IP: 31.117.7.53|2222"; classtype:trojan-activity; sid:37848841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 191.88.249.121 4433 (msg: "MISP e26866 [] Outgoing To IP: 191.88.249.121|4433"; classtype:trojan-activity; sid:37848851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 2.88.117.178 443 (msg: "MISP e26866 [] Outgoing To IP: 2.88.117.178|443"; classtype:trojan-activity; sid:37848861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 94.49.209.30 443 (msg: "MISP e26866 [] Outgoing To IP: 94.49.209.30|443"; classtype:trojan-activity; sid:37848871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 185.195.24.252 $HTTP_PORTS (msg: "MISP e26903 [dcrat] Outgoing URL http|3a|//185.195.24.252/l1nc0in.php"; flow:to_server,established; http.header; content:"185.195.24.252"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37619201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 185.195.24.252 $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//185.195.24.252/L1nc0In.php"; flow:to_server,established; http.header; content:"185.195.24.252"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37848801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [dcrat] Outgoing URL http|3a|//597359lm.nyashsens.top/pythonwindows.php"; flow:to_server,established; http.header; content:"597359lm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/pythonwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37619211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//597359lm.nyashsens.top/Pythonwindows.php"; flow:to_server,established; http.header; content:"597359lm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/Pythonwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 149.102.235.115 3000 (msg: "MISP e26903 [njrat] Outgoing To IP: 149.102.235.115|3000"; classtype:trojan-activity; sid:37619221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 149.102.235.115 3000 (msg: "MISP e26866 [] Outgoing To IP: 149.102.235.115|3000"; classtype:trojan-activity; sid:37853011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip 114.32.98.163 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.98.163"; classtype:trojan-activity; sid:37726831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert http $HOME_NET any -> 192.151.244.144 4315 (msg: "MISP e26944 [kill-chain:Command and Control,misp-galaxy:tool="Gh0st Rat"] Outgoing URL http|3a|//192.151.244.144|3a|4315/MS.exe"; flow:to_server,established; http.header; content:"192.151.244.144"; fast_pattern; nocase; http.uri; content:"/MS.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37726731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26944;) alert ip 156.205.126.200 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.205.126.200"; classtype:trojan-activity; sid:37726841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 197.48.35.200 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.48.35.200"; classtype:trojan-activity; sid:37726851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert http $HOME_NET any -> 23.224.102.6 8001 (msg: "MISP e26949 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//23.224.102.6|3a|8001/StiHjCd8XI/RuntimeBroker.exe"; flow:to_server,established; http.header; content:"23.224.102.6"; fast_pattern; nocase; http.uri; content:"/StiHjCd8XI/RuntimeBroker.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37733451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26949;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26947 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//uhfbncvzxasqwpolgkhbn.ydns.eu/EGF.exe"; flow:to_server,established; http.header; content:"uhfbncvzxasqwpolgkhbn.ydns.eu"; fast_pattern; nocase; http.uri; content:"/EGF.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37726821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26947;) alert ip 49.64.181.49 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.64.181.49"; classtype:trojan-activity; sid:37726861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 49.73.4.110 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.73.4.110"; classtype:trojan-activity; sid:37726871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 58.50.117.86 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.50.117.86"; classtype:trojan-activity; sid:37726881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 77.74.205.213 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.74.205.213"; classtype:trojan-activity; sid:37726891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 87.236.176.144 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.144"; classtype:trojan-activity; sid:37726901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 88.249.80.139 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.249.80.139"; classtype:trojan-activity; sid:37726911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 104.168.100.175 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.168.100.175"; classtype:trojan-activity; sid:37733911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 112.217.207.26 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.217.207.26"; classtype:trojan-activity; sid:37733921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 124.223.78.215 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.78.215"; classtype:trojan-activity; sid:37733931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 150.158.38.150 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.38.150"; classtype:trojan-activity; sid:37733941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 184.18.211.199 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.18.211.199"; classtype:trojan-activity; sid:37733951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 192.155.88.231 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.155.88.231"; classtype:trojan-activity; sid:37733961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 205.210.31.59 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.59"; classtype:trojan-activity; sid:37733971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 23.224.95.147 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.224.95.147"; classtype:trojan-activity; sid:37733981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.134.101.44 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.101.44"; classtype:trojan-activity; sid:37733991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.248.139.88 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.248.139.88"; classtype:trojan-activity; sid:37734001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 69.164.217.245 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.164.217.245"; classtype:trojan-activity; sid:37734011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 77.183.105.225 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.183.105.225"; classtype:trojan-activity; sid:37734021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 165.154.12.139 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.12.139"; classtype:trojan-activity; sid:37724821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 167.248.133.182 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.182"; classtype:trojan-activity; sid:37724831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 172.81.60.84 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.60.84"; classtype:trojan-activity; sid:37726341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 110.181.110.51 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.181.110.51"; classtype:trojan-activity; sid:37726921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarks-czechrepublic.com"; dns.query; content:"clarks-czechrepublic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-czechrepublic\.com$/i"; classtype:trojan-activity; sid:37762371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarks-czechrepublic.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarks-czechrepublic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-czechrepublic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain colantigymsharke.com"; dns.query; content:"colantigymsharke.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])colantigymsharke\.com$/i"; classtype:trojan-activity; sid:37762381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain colantigymsharke.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"colantigymsharke.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])colantigymsharke\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37762382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip 111.73.176.186 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.73.176.186"; classtype:trojan-activity; sid:37726931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 112.184.223.171 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.184.223.171"; classtype:trojan-activity; sid:37726941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.59.187.111 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.59.187.111"; classtype:trojan-activity; sid:37726951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 118.172.204.108 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.172.204.108"; classtype:trojan-activity; sid:37726961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.61.203.82 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.203.82"; classtype:trojan-activity; sid:37726971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.153.246.157 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.153.246.157"; classtype:trojan-activity; sid:37726981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 152.32.72.55 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.72.55"; classtype:trojan-activity; sid:37726991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 176.122.255.155 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.122.255.155"; classtype:trojan-activity; sid:37727001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 178.217.142.243 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.217.142.243"; classtype:trojan-activity; sid:37727011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 181.126.96.154 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.126.96.154"; classtype:trojan-activity; sid:37727021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.240.23.37 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.23.37"; classtype:trojan-activity; sid:37727031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.86.130.27 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.86.130.27"; classtype:trojan-activity; sid:37727041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 191.194.146.94 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.194.146.94"; classtype:trojan-activity; sid:37727051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 219.140.30.21 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.140.30.21"; classtype:trojan-activity; sid:37727061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 221.156.245.65 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.156.245.65"; classtype:trojan-activity; sid:37727071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 222.87.68.215 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.87.68.215"; classtype:trojan-activity; sid:37727081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 24.109.128.254 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.109.128.254"; classtype:trojan-activity; sid:37727091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 49.130.14.68 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.130.14.68"; classtype:trojan-activity; sid:37727101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 50.65.85.123 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.65.85.123"; classtype:trojan-activity; sid:37727111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 62.89.29.52 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.89.29.52"; classtype:trojan-activity; sid:37727121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 94.153.196.78 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.153.196.78"; classtype:trojan-activity; sid:37727131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 104.250.50.71 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.71"; classtype:trojan-activity; sid:37734031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.75.237.232 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.237.232"; classtype:trojan-activity; sid:37734041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 110.40.192.96 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.192.96"; classtype:trojan-activity; sid:37734051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 111.229.23.25 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.23.25"; classtype:trojan-activity; sid:37734061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 124.220.35.47 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.35.47"; classtype:trojan-activity; sid:37734071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 152.136.41.37 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.41.37"; classtype:trojan-activity; sid:37734081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 158.160.6.234 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.160.6.234"; classtype:trojan-activity; sid:37734091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 159.75.161.40 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.161.40"; classtype:trojan-activity; sid:37734101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 167.99.182.235 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.182.235"; classtype:trojan-activity; sid:37734111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 170.106.181.46 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.181.46"; classtype:trojan-activity; sid:37734121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 186.31.189.222 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.31.189.222"; classtype:trojan-activity; sid:37734131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 193.149.176.68 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.149.176.68"; classtype:trojan-activity; sid:37734141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 41.111.218.206 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.111.218.206"; classtype:trojan-activity; sid:37734151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 42.159.80.91 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.159.80.91"; classtype:trojan-activity; sid:37734161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 42.192.183.78 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.183.78"; classtype:trojan-activity; sid:37734171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 42.193.239.76 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.239.76"; classtype:trojan-activity; sid:37734181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.128.99.191 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.99.191"; classtype:trojan-activity; sid:37734191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.153.43.196 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.43.196"; classtype:trojan-activity; sid:37734201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.143.87.41 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.87.41"; classtype:trojan-activity; sid:37734211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.156.1.159 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.1.159"; classtype:trojan-activity; sid:37734221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.156.149.50 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.149.50"; classtype:trojan-activity; sid:37734231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 81.69.23.141 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.23.141"; classtype:trojan-activity; sid:37734241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 64.227.126.250 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.126.250"; classtype:trojan-activity; sid:37734251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 65.49.20.66 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.49.20.66"; classtype:trojan-activity; sid:37724841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 64.227.88.96 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.88.96"; classtype:trojan-activity; sid:37724851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 110.180.154.122 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.180.154.122"; classtype:trojan-activity; sid:37727141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 109.92.31.52 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.92.31.52"; classtype:trojan-activity; sid:37727151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.25.208.26 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.25.208.26"; classtype:trojan-activity; sid:37727161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.111.104.57 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.111.104.57"; classtype:trojan-activity; sid:37727171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 119.165.141.23 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.165.141.23"; classtype:trojan-activity; sid:37727181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 118.179.183.20 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.179.183.20"; classtype:trojan-activity; sid:37727191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 123.245.25.81 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.245.25.81"; classtype:trojan-activity; sid:37727201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 122.116.53.203 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.116.53.203"; classtype:trojan-activity; sid:37727211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 125.47.194.41 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.47.194.41"; classtype:trojan-activity; sid:37727221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 165.211.22.58 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.211.22.58"; classtype:trojan-activity; sid:37727231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.11.10.42 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.10.42"; classtype:trojan-activity; sid:37727241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.204.138.26 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.204.138.26"; classtype:trojan-activity; sid:37727251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 177.84.209.193 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.84.209.193"; classtype:trojan-activity; sid:37727261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 180.1.226.41 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.1.226.41"; classtype:trojan-activity; sid:37727271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 31.59.15.223 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.59.15.223"; classtype:trojan-activity; sid:37727281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 46.173.67.144 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.173.67.144"; classtype:trojan-activity; sid:37727291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 61.192.207.133 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.192.207.133"; classtype:trojan-activity; sid:37727301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 77.81.87.111 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.81.87.111"; classtype:trojan-activity; sid:37727311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 87.244.16.114 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.244.16.114"; classtype:trojan-activity; sid:37727321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 91.114.203.115 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.114.203.115"; classtype:trojan-activity; sid:37727331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 111.224.234.167 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.224.234.167"; classtype:trojan-activity; sid:37734261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 111.89.112.77 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.89.112.77"; classtype:trojan-activity; sid:37734271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 143.198.46.19 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.46.19"; classtype:trojan-activity; sid:37734281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 125.36.253.226 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.36.253.226"; classtype:trojan-activity; sid:37734291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 157.245.121.5 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.121.5"; classtype:trojan-activity; sid:37734301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 150.158.102.192 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.102.192"; classtype:trojan-activity; sid:37734311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 164.92.70.251 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.70.251"; classtype:trojan-activity; sid:37734321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 160.251.139.14 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 160.251.139.14"; classtype:trojan-activity; sid:37734331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 170.64.185.76 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.185.76"; classtype:trojan-activity; sid:37734341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 36.32.3.102 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.32.3.102"; classtype:trojan-activity; sid:37734351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 49.113.93.82 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.113.93.82"; classtype:trojan-activity; sid:37734361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 85.133.222.222 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.133.222.222"; classtype:trojan-activity; sid:37734371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 185.36.81.42 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.36.81.42"; classtype:trojan-activity; sid:37734381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.22 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.22"; classtype:trojan-activity; sid:37724861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 43.139.148.134 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.148.134"; classtype:trojan-activity; sid:37734391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 49.7.154.220 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.7.154.220"; classtype:trojan-activity; sid:37734401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 95.90.12.120 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.90.12.120"; classtype:trojan-activity; sid:37734411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.29 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.29"; classtype:trojan-activity; sid:37724871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 106.41.75.212 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.75.212"; classtype:trojan-activity; sid:37727341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 110.181.237.122 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.181.237.122"; classtype:trojan-activity; sid:37727351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 112.103.94.37 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.94.37"; classtype:trojan-activity; sid:37727361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.236.95.154 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.236.95.154"; classtype:trojan-activity; sid:37727371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.233.140.81 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.140.81"; classtype:trojan-activity; sid:37727381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.233.154.203 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.154.203"; classtype:trojan-activity; sid:37727391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 120.224.245.70 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.224.245.70"; classtype:trojan-activity; sid:37727401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 123.172.70.121 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.70.121"; classtype:trojan-activity; sid:37727411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 136.143.140.221 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 136.143.140.221"; classtype:trojan-activity; sid:37727421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 177.199.195.48 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.199.195.48"; classtype:trojan-activity; sid:37727431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 119.1.121.47 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.1.121.47"; classtype:trojan-activity; sid:37727441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.117.124.76 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.117.124.76"; classtype:trojan-activity; sid:37727451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 122.117.254.61 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.254.61"; classtype:trojan-activity; sid:37727461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.177.245.7 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.177.245.7"; classtype:trojan-activity; sid:37727471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 134.236.23.192 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.236.23.192"; classtype:trojan-activity; sid:37727481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 204.199.84.2 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.199.84.2"; classtype:trojan-activity; sid:37727491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.31.246.126 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.246.126"; classtype:trojan-activity; sid:37727501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 180.107.168.80 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.107.168.80"; classtype:trojan-activity; sid:37727511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 220.93.247.54 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.93.247.54"; classtype:trojan-activity; sid:37727521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.247.148.253 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.247.148.253"; classtype:trojan-activity; sid:37727531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 222.140.89.8 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.140.89.8"; classtype:trojan-activity; sid:37727541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 194.48.250.40 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.40"; classtype:trojan-activity; sid:37727551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 27.29.189.125 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.29.189.125"; classtype:trojan-activity; sid:37727561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 220.147.125.223 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.147.125.223"; classtype:trojan-activity; sid:37727571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 45.162.12.26 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.162.12.26"; classtype:trojan-activity; sid:37727581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 221.237.34.190 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.237.34.190"; classtype:trojan-activity; sid:37727591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 59.89.201.173 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.89.201.173"; classtype:trojan-activity; sid:37727601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 27.190.120.217 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.190.120.217"; classtype:trojan-activity; sid:37727611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 79.56.172.159 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.56.172.159"; classtype:trojan-activity; sid:37727621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 42.228.34.74 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.228.34.74"; classtype:trojan-activity; sid:37727631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 89.240.11.131 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.240.11.131"; classtype:trojan-activity; sid:37727641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 59.10.250.122 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.10.250.122"; classtype:trojan-activity; sid:37727651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 99.60.19.149 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 99.60.19.149"; classtype:trojan-activity; sid:37727661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 60.45.107.27 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.45.107.27"; classtype:trojan-activity; sid:37727671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.75.232.188 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.232.188"; classtype:trojan-activity; sid:37734421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 89.169.41.209 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.169.41.209"; classtype:trojan-activity; sid:37727681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 95.250.145.237 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.250.145.237"; classtype:trojan-activity; sid:37727691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.12.197.155 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.197.155"; classtype:trojan-activity; sid:37734431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 114.117.195.186 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.117.195.186"; classtype:trojan-activity; sid:37734441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 111.88.4.68 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.88.4.68"; classtype:trojan-activity; sid:37734451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 121.40.78.149 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.78.149"; classtype:trojan-activity; sid:37734461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 120.24.229.196 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.24.229.196"; classtype:trojan-activity; sid:37734471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 124.222.156.244 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.156.244"; classtype:trojan-activity; sid:37734481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 132.145.208.65 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.145.208.65"; classtype:trojan-activity; sid:37734491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 141.147.180.0 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.147.180.0"; classtype:trojan-activity; sid:37734501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 172.104.210.105 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.104.210.105"; classtype:trojan-activity; sid:37734511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 124.223.85.21 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.85.21"; classtype:trojan-activity; sid:37734521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 181.130.202.32 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.130.202.32"; classtype:trojan-activity; sid:37734531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 138.2.161.89 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.2.161.89"; classtype:trojan-activity; sid:37734541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 183.245.16.37 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.245.16.37"; classtype:trojan-activity; sid:37734551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 150.109.11.104 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.11.104"; classtype:trojan-activity; sid:37734561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 2.57.122.122 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.57.122.122"; classtype:trojan-activity; sid:37734571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 174.138.54.13 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.54.13"; classtype:trojan-activity; sid:37734581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 210.0.133.126 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.0.133.126"; classtype:trojan-activity; sid:37734591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 181.143.225.2 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.143.225.2"; classtype:trojan-activity; sid:37734601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 220.250.41.11 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.250.41.11"; classtype:trojan-activity; sid:37734611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 198.199.109.7 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.109.7"; classtype:trojan-activity; sid:37734621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 36.94.95.210 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.94.95.210"; classtype:trojan-activity; sid:37734631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 203.172.76.4 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.172.76.4"; classtype:trojan-activity; sid:37734641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.134.230.178 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.230.178"; classtype:trojan-activity; sid:37734651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 210.16.189.143 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.16.189.143"; classtype:trojan-activity; sid:37734661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 46.191.141.152 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.191.141.152"; classtype:trojan-activity; sid:37734671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 221.229.103.137 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.229.103.137"; classtype:trojan-activity; sid:37734681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 49.51.178.186 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.178.186"; classtype:trojan-activity; sid:37734691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 42.123.115.126 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.123.115.126"; classtype:trojan-activity; sid:37734701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 64.225.48.214 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.225.48.214"; classtype:trojan-activity; sid:37734711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.153.106.20 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.106.20"; classtype:trojan-activity; sid:37734721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 79.127.11.63 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.127.11.63"; classtype:trojan-activity; sid:37734731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 47.102.130.12 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.102.130.12"; classtype:trojan-activity; sid:37734741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 84.196.197.91 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.196.197.91"; classtype:trojan-activity; sid:37734751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 5.42.80.189 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.80.189"; classtype:trojan-activity; sid:37734761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 141.98.11.156 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.156"; classtype:trojan-activity; sid:37724881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 65.21.244.42 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.21.244.42"; classtype:trojan-activity; sid:37734771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 8.141.54.182 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.141.54.182"; classtype:trojan-activity; sid:37734781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 102.135.163.143 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.135.163.143"; classtype:trojan-activity; sid:37724891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 178.236.247.189 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.236.247.189"; classtype:trojan-activity; sid:37724901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 167.248.133.190 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.190"; classtype:trojan-activity; sid:37724911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 35.208.127.221 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.208.127.221"; classtype:trojan-activity; sid:37724921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 194.26.29.48 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.26.29.48"; classtype:trojan-activity; sid:37724931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 5.9.239.21 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.9.239.21"; classtype:trojan-activity; sid:37724941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 43.245.205.25 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.245.205.25"; classtype:trojan-activity; sid:37724951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 65.49.1.10 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.49.1.10"; classtype:trojan-activity; sid:37724961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 142.202.191.209 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.202.191.209"; classtype:trojan-activity; sid:37726351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 167.99.127.131 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.127.131"; classtype:trojan-activity; sid:37726361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 1.183.1.94 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.183.1.94"; classtype:trojan-activity; sid:37727701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 120.233.203.101 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.233.203.101"; classtype:trojan-activity; sid:37739711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 111.70.3.24 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.3.24"; classtype:trojan-activity; sid:37727711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 103.39.51.42 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.39.51.42"; classtype:trojan-activity; sid:37727721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 112.26.153.184 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.26.153.184"; classtype:trojan-activity; sid:37727731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 112.132.14.248 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.132.14.248"; classtype:trojan-activity; sid:37727741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.138.106.127 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.138.106.127"; classtype:trojan-activity; sid:37727751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 116.55.141.246 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.55.141.246"; classtype:trojan-activity; sid:37727761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.118.167.64 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.118.167.64"; classtype:trojan-activity; sid:37727771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.255.20.48 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.255.20.48"; classtype:trojan-activity; sid:37727781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.53.84.39 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.53.84.39"; classtype:trojan-activity; sid:37727791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.199.164.16 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.199.164.16"; classtype:trojan-activity; sid:37727801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 179.87.32.156 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.87.32.156"; classtype:trojan-activity; sid:37727811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 115.219.121.239 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.219.121.239"; classtype:trojan-activity; sid:37727821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.21.63.206 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.21.63.206"; classtype:trojan-activity; sid:37727831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.93.205.194 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.194"; classtype:trojan-activity; sid:37727841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 119.1.120.92 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.1.120.92"; classtype:trojan-activity; sid:37727851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.93.205.206 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.206"; classtype:trojan-activity; sid:37727861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.93.205.228 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.228"; classtype:trojan-activity; sid:37727871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 122.180.254.117 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.180.254.117"; classtype:trojan-activity; sid:37727881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.93.205.236 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.236"; classtype:trojan-activity; sid:37727891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.167.107.156 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.167.107.156"; classtype:trojan-activity; sid:37727901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 179.241.92.194 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.241.92.194"; classtype:trojan-activity; sid:37727911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 221.144.248.17 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.144.248.17"; classtype:trojan-activity; sid:37727921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 222.246.109.144 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.109.144"; classtype:trojan-activity; sid:37727931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 181.17.168.130 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.17.168.130"; classtype:trojan-activity; sid:37727941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.93.205.190 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.190"; classtype:trojan-activity; sid:37727951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 223.16.108.150 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.16.108.150"; classtype:trojan-activity; sid:37727961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 27.25.72.19 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.25.72.19"; classtype:trojan-activity; sid:37727971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.93.205.203 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.203"; classtype:trojan-activity; sid:37727981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.93.205.217 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.217"; classtype:trojan-activity; sid:37727991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 42.233.106.160 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.233.106.160"; classtype:trojan-activity; sid:37728001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 59.88.191.99 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.88.191.99"; classtype:trojan-activity; sid:37728011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.93.205.230 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.230"; classtype:trojan-activity; sid:37728021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 220.135.153.151 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.153.151"; classtype:trojan-activity; sid:37728031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 82.8.213.233 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.8.213.233"; classtype:trojan-activity; sid:37728041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 222.229.41.224 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.229.41.224"; classtype:trojan-activity; sid:37728051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 103.14.33.106 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.14.33.106"; classtype:trojan-activity; sid:37734791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 223.12.176.29 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.12.176.29"; classtype:trojan-activity; sid:37728061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 109.248.212.17 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.248.212.17"; classtype:trojan-activity; sid:37734801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 27.156.123.150 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.156.123.150"; classtype:trojan-activity; sid:37728071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 134.209.90.85 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.90.85"; classtype:trojan-activity; sid:37734811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 36.49.35.147 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.49.35.147"; classtype:trojan-activity; sid:37728081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 156.236.66.37 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.66.37"; classtype:trojan-activity; sid:37734821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 58.39.196.157 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.39.196.157"; classtype:trojan-activity; sid:37728091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 87.236.176.220 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.220"; classtype:trojan-activity; sid:37724971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 123.54.95.13 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.54.95.13"; classtype:trojan-activity; sid:37728101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.26.155.228 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.26.155.228"; classtype:trojan-activity; sid:37728111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.31.12.233 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.12.233"; classtype:trojan-activity; sid:37728121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 80.82.77.139 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.82.77.139"; classtype:trojan-activity; sid:37724981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 170.106.195.172 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.195.172"; classtype:trojan-activity; sid:37734831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 179.221.100.183 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.221.100.183"; classtype:trojan-activity; sid:37728131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 110.67.139.85 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.67.139.85"; classtype:trojan-activity; sid:37734841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.128.228.76 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.228.76"; classtype:trojan-activity; sid:37734851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 150.109.10.166 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.10.166"; classtype:trojan-activity; sid:37734861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 101.108.129.124 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.108.129.124"; classtype:trojan-activity; sid:37728141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 47.236.21.181 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.21.181"; classtype:trojan-activity; sid:37734871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 221.230.197.6 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.230.197.6"; classtype:trojan-activity; sid:37728151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 194.48.250.112 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.48.250.112"; classtype:trojan-activity; sid:37728161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 125.20.225.86 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.20.225.86"; classtype:trojan-activity; sid:37728171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.93.205.229 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.229"; classtype:trojan-activity; sid:37728181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 122.194.12.206 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.194.12.206"; classtype:trojan-activity; sid:37734881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 139.99.200.254 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.99.200.254"; classtype:trojan-activity; sid:37734891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 73.15.203.143 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 73.15.203.143"; classtype:trojan-activity; sid:37734901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 60.31.206.18 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.31.206.18"; classtype:trojan-activity; sid:37734911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 90.226.97.17 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.226.97.17"; classtype:trojan-activity; sid:37728191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 47.93.185.188 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.93.185.188"; classtype:trojan-activity; sid:37734921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 118.123.105.93 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.123.105.93"; classtype:trojan-activity; sid:37739721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 117.82.189.103 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.82.189.103"; classtype:trojan-activity; sid:37728201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 218.78.98.151 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.78.98.151"; classtype:trojan-activity; sid:37734931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 223.8.235.79 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.235.79"; classtype:trojan-activity; sid:37728211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.214.56.122 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.214.56.122"; classtype:trojan-activity; sid:37728221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 221.225.50.178 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.225.50.178"; classtype:trojan-activity; sid:37728231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.223.57.237 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.57.237"; classtype:trojan-activity; sid:37726371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 174.138.26.173 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.26.173"; classtype:trojan-activity; sid:37734941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 163.44.196.215 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.44.196.215"; classtype:trojan-activity; sid:37734951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 199.45.154.18 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 199.45.154.18"; classtype:trojan-activity; sid:37724991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 74.48.124.36 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.124.36"; classtype:trojan-activity; sid:37734961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 111.22.74.150 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.22.74.150"; classtype:trojan-activity; sid:37728241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 103.88.236.51 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.88.236.51"; classtype:trojan-activity; sid:37728251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 116.65.174.248 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.65.174.248"; classtype:trojan-activity; sid:37728261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 120.196.217.126 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.196.217.126"; classtype:trojan-activity; sid:37728271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.205.92.137 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.205.92.137"; classtype:trojan-activity; sid:37728281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 189.162.67.7 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.162.67.7"; classtype:trojan-activity; sid:37728291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.32.211.72 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.32.211.72"; classtype:trojan-activity; sid:37728301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 39.40.226.77 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.40.226.77"; classtype:trojan-activity; sid:37728311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 49.70.10.60 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.70.10.60"; classtype:trojan-activity; sid:37728321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.31.170.25 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.170.25"; classtype:trojan-activity; sid:37728331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 91.92.244.132 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.244.132"; classtype:trojan-activity; sid:37728341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 95.132.80.231 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.132.80.231"; classtype:trojan-activity; sid:37728351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 37.235.191.77 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.235.191.77"; classtype:trojan-activity; sid:37728361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.93.205.196 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.196"; classtype:trojan-activity; sid:37728371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 120.48.56.8 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.56.8"; classtype:trojan-activity; sid:37734971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 128.199.148.185 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.148.185"; classtype:trojan-activity; sid:37734981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 91.224.92.42 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.224.92.42"; classtype:trojan-activity; sid:37728381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 120.48.59.215 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.59.215"; classtype:trojan-activity; sid:37734991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 198.235.24.233 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.233"; classtype:trojan-activity; sid:37735001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 119.91.206.108 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.206.108"; classtype:trojan-activity; sid:37735011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.153.60.195 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.60.195"; classtype:trojan-activity; sid:37735021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.226.39.20 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.226.39.20"; classtype:trojan-activity; sid:37735031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 177.126.111.109 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.126.111.109"; classtype:trojan-activity; sid:37726381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 175.6.129.140 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.129.140"; classtype:trojan-activity; sid:37735041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 154.8.158.200 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.8.158.200"; classtype:trojan-activity; sid:37735051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 141.98.11.162 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.162"; classtype:trojan-activity; sid:37725001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 43.134.66.51 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.66.51"; classtype:trojan-activity; sid:37735061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.134.123.156 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.123.156"; classtype:trojan-activity; sid:37735071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 89.208.103.50 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.208.103.50"; classtype:trojan-activity; sid:37735081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 103.56.55.96 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.56.55.96"; classtype:trojan-activity; sid:37725011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 107.170.247.46 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.247.46"; classtype:trojan-activity; sid:37739731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 172.81.60.91 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.60.91"; classtype:trojan-activity; sid:37726391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 114.138.98.150 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.138.98.150"; classtype:trojan-activity; sid:37728391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 162.243.138.58 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.138.58"; classtype:trojan-activity; sid:37726401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 111.22.74.164 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.22.74.164"; classtype:trojan-activity; sid:37728401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.57.201.178 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.57.201.178"; classtype:trojan-activity; sid:37728411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 14.153.213.197 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.153.213.197"; classtype:trojan-activity; sid:37728421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.41.167.175 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.167.175"; classtype:trojan-activity; sid:37728431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.175.242.80 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.175.242.80"; classtype:trojan-activity; sid:37728441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.4.104.190 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.4.104.190"; classtype:trojan-activity; sid:37728451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 221.202.19.92 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.202.19.92"; classtype:trojan-activity; sid:37728461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.197.251.254 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.197.251.254"; classtype:trojan-activity; sid:37728471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 162.216.149.205 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.216.149.205"; classtype:trojan-activity; sid:37728481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 162.142.125.222 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.222"; classtype:trojan-activity; sid:37728491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 188.13.98.134 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.13.98.134"; classtype:trojan-activity; sid:37728501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 221.235.43.159 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.235.43.159"; classtype:trojan-activity; sid:37728511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 60.248.126.148 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.248.126.148"; classtype:trojan-activity; sid:37728521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 45.160.2.43 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.160.2.43"; classtype:trojan-activity; sid:37728531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 111.229.243.220 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.243.220"; classtype:trojan-activity; sid:37735091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 153.169.21.172 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.169.21.172"; classtype:trojan-activity; sid:37728541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 2.187.36.184 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.187.36.184"; classtype:trojan-activity; sid:37728551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 147.78.175.176 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.78.175.176"; classtype:trojan-activity; sid:37735101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 79.120.105.146 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.120.105.146"; classtype:trojan-activity; sid:37728561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 187.116.231.225 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.116.231.225"; classtype:trojan-activity; sid:37728571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 220.77.168.144 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.77.168.144"; classtype:trojan-activity; sid:37728581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 128.199.161.57 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.161.57"; classtype:trojan-activity; sid:37735111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 223.10.62.222 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.10.62.222"; classtype:trojan-activity; sid:37728591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 39.103.210.172 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.103.210.172"; classtype:trojan-activity; sid:37735121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 49.70.151.101 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.70.151.101"; classtype:trojan-activity; sid:37728601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 60.48.253.185 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.48.253.185"; classtype:trojan-activity; sid:37735131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 42.178.30.59 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.178.30.59"; classtype:trojan-activity; sid:37728611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 206.81.4.22 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.81.4.22"; classtype:trojan-activity; sid:37735141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 142.202.188.188 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.202.188.188"; classtype:trojan-activity; sid:37726411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 78.25.177.223 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.25.177.223"; classtype:trojan-activity; sid:37728621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 51.250.93.114 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.250.93.114"; classtype:trojan-activity; sid:37735151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 91.117.233.124 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.117.233.124"; classtype:trojan-activity; sid:37728631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.222.35.191 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.35.191"; classtype:trojan-activity; sid:37735161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 103.165.81.98 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.165.81.98"; classtype:trojan-activity; sid:37725021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 198.235.24.223 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.223"; classtype:trojan-activity; sid:37735171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 159.192.143.249 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.192.143.249"; classtype:trojan-activity; sid:37735181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 216.172.151.1 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.172.151.1"; classtype:trojan-activity; sid:37735191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 5.196.22.125 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.196.22.125"; classtype:trojan-activity; sid:37735201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 81.30.162.18 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.30.162.18"; classtype:trojan-activity; sid:37735211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 103.240.84.186 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.240.84.186"; classtype:trojan-activity; sid:37725031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 1.82.238.130 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.82.238.130"; classtype:trojan-activity; sid:37725041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 71.6.134.235 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.6.134.235"; classtype:trojan-activity; sid:37739741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 103.49.255.182 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.49.255.182"; classtype:trojan-activity; sid:37728641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.239.72.215 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.72.215"; classtype:trojan-activity; sid:37728651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.138.136.41 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.138.136.41"; classtype:trojan-activity; sid:37728661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 167.94.138.33 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.33"; classtype:trojan-activity; sid:37728671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 190.75.56.4 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.75.56.4"; classtype:trojan-activity; sid:37728681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 107.182.19.250 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.182.19.250"; classtype:trojan-activity; sid:37728691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.133.175.138 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.175.138"; classtype:trojan-activity; sid:37728701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.35.155.115 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.35.155.115"; classtype:trojan-activity; sid:37728711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 1.87.219.127 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.87.219.127"; classtype:trojan-activity; sid:37728721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.237.254.135 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.237.254.135"; classtype:trojan-activity; sid:37728731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.33.242.246 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.33.242.246"; classtype:trojan-activity; sid:37728741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.30.80.153 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.80.153"; classtype:trojan-activity; sid:37728751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.27.39.169 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.27.39.169"; classtype:trojan-activity; sid:37728761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 122.96.31.188 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.96.31.188"; classtype:trojan-activity; sid:37728771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 85.97.188.125 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.97.188.125"; classtype:trojan-activity; sid:37728781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 20.127.55.32 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.127.55.32"; classtype:trojan-activity; sid:37728791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 119.77.134.56 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.77.134.56"; classtype:trojan-activity; sid:37728801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.100.40.242 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.100.40.242"; classtype:trojan-activity; sid:37728811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 103.47.51.215 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.47.51.215"; classtype:trojan-activity; sid:37735221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 49.87.225.112 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.87.225.112"; classtype:trojan-activity; sid:37728821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 153.204.73.121 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.204.73.121"; classtype:trojan-activity; sid:37728831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 218.104.100.240 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.104.100.240"; classtype:trojan-activity; sid:37728841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 88.240.238.89 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.240.238.89"; classtype:trojan-activity; sid:37728851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 104.250.50.140 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.140"; classtype:trojan-activity; sid:37735231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 188.94.172.238 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.94.172.238"; classtype:trojan-activity; sid:37728861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 38.41.27.118 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.41.27.118"; classtype:trojan-activity; sid:37728871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 59.17.94.225 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.17.94.225"; classtype:trojan-activity; sid:37728881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 36.93.138.211 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.138.211"; classtype:trojan-activity; sid:37728891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 118.145.147.82 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.145.147.82"; classtype:trojan-activity; sid:37735241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 124.222.92.202 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.92.202"; classtype:trojan-activity; sid:37735251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 81.213.26.82 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.213.26.82"; classtype:trojan-activity; sid:37728901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 103.130.145.234 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.145.234"; classtype:trojan-activity; sid:37735261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 129.204.9.15 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.204.9.15"; classtype:trojan-activity; sid:37735271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 186.225.145.38 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.225.145.38"; classtype:trojan-activity; sid:37735281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 211.91.60.69 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.91.60.69"; classtype:trojan-activity; sid:37725051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 124.207.165.138 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.207.165.138"; classtype:trojan-activity; sid:37735291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 217.248.237.24 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.248.237.24"; classtype:trojan-activity; sid:37725061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 124.221.17.244 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.17.244"; classtype:trojan-activity; sid:37726421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 43.156.225.149 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.225.149"; classtype:trojan-activity; sid:37735301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.37 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.37"; classtype:trojan-activity; sid:37725071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 182.242.25.80 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.242.25.80"; classtype:trojan-activity; sid:37728911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 112.103.128.223 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.128.223"; classtype:trojan-activity; sid:37728921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 20.193.157.124 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.193.157.124"; classtype:trojan-activity; sid:37725081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 172.81.62.187 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.187"; classtype:trojan-activity; sid:37726431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 106.58.212.201 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.212.201"; classtype:trojan-activity; sid:37725091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 111.172.56.33 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.172.56.33"; classtype:trojan-activity; sid:37728931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.233.190.37 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.190.37"; classtype:trojan-activity; sid:37728941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 126.37.93.22 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.37.93.22"; classtype:trojan-activity; sid:37728951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.251.105.176 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.251.105.176"; classtype:trojan-activity; sid:37728961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.40.164.100 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.40.164.100"; classtype:trojan-activity; sid:37728971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 61.183.234.150 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.183.234.150"; classtype:trojan-activity; sid:37735311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 36.255.3.203 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.255.3.203"; classtype:trojan-activity; sid:37735321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 14.103.42.187 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.42.187"; classtype:trojan-activity; sid:37735331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 114.218.151.135 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.218.151.135"; classtype:trojan-activity; sid:37728981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 1.9.78.242 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.9.78.242"; classtype:trojan-activity; sid:37735341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 111.70.17.155 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.70.17.155"; classtype:trojan-activity; sid:37728991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 123.156.50.143 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.156.50.143"; classtype:trojan-activity; sid:37729001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 103.245.109.37 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.245.109.37"; classtype:trojan-activity; sid:37735351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.153.67.126 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.67.126"; classtype:trojan-activity; sid:37735361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 223.223.134.113 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.223.134.113"; classtype:trojan-activity; sid:37729011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.195.166.229 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.195.166.229"; classtype:trojan-activity; sid:37729021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert dns any any -> any any (msg: "MISP e24599 [] Domain mimovrsle.com"; dns.query; content:"mimovrsle.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mimovrsle\.com$/i"; classtype:trojan-activity; sid:37765571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24599 [] Outgoing HTTP Domain mimovrsle.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mimovrsle.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mimovrsle\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37765572; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert ip 113.233.50.146 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.233.50.146"; classtype:trojan-activity; sid:37729031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 59.178.126.20 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.178.126.20"; classtype:trojan-activity; sid:37729041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 58.98.66.89 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.98.66.89"; classtype:trojan-activity; sid:37729051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 68.83.60.173 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.83.60.173"; classtype:trojan-activity; sid:37729061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 213.154.13.208 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance] Incoming From IP: 213.154.13.208"; classtype:trojan-activity; sid:37729071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 115.221.242.50 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.221.242.50"; classtype:trojan-activity; sid:37729081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 37.187.1.241 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.187.1.241"; classtype:trojan-activity; sid:37735371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 118.249.40.230 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.249.40.230"; classtype:trojan-activity; sid:37729091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 217.219.61.14 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.219.61.14"; classtype:trojan-activity; sid:37735381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 122.148.16.162 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.148.16.162"; classtype:trojan-activity; sid:37729101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 101.254.166.52 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.254.166.52"; classtype:trojan-activity; sid:37735391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 104.248.50.109 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.50.109"; classtype:trojan-activity; sid:37735401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 170.64.214.236 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.214.236"; classtype:trojan-activity; sid:37729111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 186.233.73.203 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.233.73.203"; classtype:trojan-activity; sid:37729121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 49.130.50.232 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.130.50.232"; classtype:trojan-activity; sid:37729131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 107.170.240.31 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.240.31"; classtype:trojan-activity; sid:37729141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 167.248.133.51 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.51"; classtype:trojan-activity; sid:37739751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 186.94.182.72 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.94.182.72"; classtype:trojan-activity; sid:37729151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 79.55.179.168 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.55.179.168"; classtype:trojan-activity; sid:37729161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 61.244.42.87 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.244.42.87"; classtype:trojan-activity; sid:37729171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 118.31.51.38 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.31.51.38"; classtype:trojan-activity; sid:37735411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 118.97.27.98 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.97.27.98"; classtype:trojan-activity; sid:37735421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.130.42.163 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.42.163"; classtype:trojan-activity; sid:37735431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.103 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.103"; classtype:trojan-activity; sid:37735441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 2.56.58.177 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.56.58.177"; classtype:trojan-activity; sid:37725101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 81.19.135.125 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.19.135.125"; classtype:trojan-activity; sid:37725111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 116.249.149.160 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.249.149.160"; classtype:trojan-activity; sid:37729181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 101.200.58.70 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.200.58.70"; classtype:trojan-activity; sid:37729191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 220.87.195.222 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.87.195.222"; classtype:trojan-activity; sid:37729201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 112.102.84.149 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.84.149"; classtype:trojan-activity; sid:37729211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.161.158.12 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.161.158.12"; classtype:trojan-activity; sid:37735451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 114.186.16.101 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.186.16.101"; classtype:trojan-activity; sid:37729221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.233.188.248 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.188.248"; classtype:trojan-activity; sid:37729231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.236.238.94 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.236.238.94"; classtype:trojan-activity; sid:37729241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 168.196.165.141 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.196.165.141"; classtype:trojan-activity; sid:37729251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 156.223.176.49 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.223.176.49"; classtype:trojan-activity; sid:37729261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 49.71.27.159 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.71.27.159"; classtype:trojan-activity; sid:37729271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 178.242.188.201 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.242.188.201"; classtype:trojan-activity; sid:37729281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 41.95.192.72 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.95.192.72"; classtype:trojan-activity; sid:37735461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 150.158.76.156 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.76.156"; classtype:trojan-activity; sid:37735471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 221.10.17.57 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.10.17.57"; classtype:trojan-activity; sid:37729291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 172.81.62.184 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.184"; classtype:trojan-activity; sid:37726441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 111.170.124.243 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.170.124.243"; classtype:trojan-activity; sid:37729301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 75.140.216.125 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.140.216.125"; classtype:trojan-activity; sid:37729311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 110.183.48.254 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.183.48.254"; classtype:trojan-activity; sid:37729321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 2.204.196.255 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.204.196.255"; classtype:trojan-activity; sid:37729331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 101.43.243.60 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.243.60"; classtype:trojan-activity; sid:37735481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 181.17.7.104 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.17.7.104"; classtype:trojan-activity; sid:37729341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 103.19.166.172 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.19.166.172"; classtype:trojan-activity; sid:37735491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 90.188.6.195 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.188.6.195"; classtype:trojan-activity; sid:37729351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 165.22.209.238 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.209.238"; classtype:trojan-activity; sid:37735501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 14.18.40.91 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.18.40.91"; classtype:trojan-activity; sid:37735511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 159.75.241.12 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.241.12"; classtype:trojan-activity; sid:37735521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 52.80.19.192 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.80.19.192"; classtype:trojan-activity; sid:37725121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 85.215.54.125 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.215.54.125"; classtype:trojan-activity; sid:37735531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.58.217.61 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.217.61"; classtype:trojan-activity; sid:37725131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 116.73.211.238 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.73.211.238"; classtype:trojan-activity; sid:37729361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 1.205.178.226 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.205.178.226"; classtype:trojan-activity; sid:37729371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 87.236.176.79 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.79"; classtype:trojan-activity; sid:37739761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 107.170.255.4 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.255.4"; classtype:trojan-activity; sid:37739771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 113.26.95.156 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.26.95.156"; classtype:trojan-activity; sid:37729381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 119.230.104.16 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.230.104.16"; classtype:trojan-activity; sid:37729391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 191.211.210.146 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.211.210.146"; classtype:trojan-activity; sid:37729401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 202.134.25.129 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.134.25.129"; classtype:trojan-activity; sid:37729411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.238.216.201 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.238.216.201"; classtype:trojan-activity; sid:37729421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 116.59.27.255 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.59.27.255"; classtype:trojan-activity; sid:37729431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 88.112.196.71 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.112.196.71"; classtype:trojan-activity; sid:37729441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 88.247.129.210 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.247.129.210"; classtype:trojan-activity; sid:37729451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.243.63.199 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.243.63.199"; classtype:trojan-activity; sid:37729461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 118.238.66.9 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.238.66.9"; classtype:trojan-activity; sid:37729471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 165.154.236.21 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.236.21"; classtype:trojan-activity; sid:37735541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 182.254.141.117 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.254.141.117"; classtype:trojan-activity; sid:37735551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 124.234.254.156 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.234.254.156"; classtype:trojan-activity; sid:37729481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 51.195.138.37 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.195.138.37"; classtype:trojan-activity; sid:37735561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 119.98.244.139 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.98.244.139"; classtype:trojan-activity; sid:37729491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.172.227.251 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.172.227.251"; classtype:trojan-activity; sid:37729501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 14.189.246.59 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.189.246.59"; classtype:trojan-activity; sid:37729511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 178.137.85.103 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.137.85.103"; classtype:trojan-activity; sid:37729521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 180.114.89.241 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.114.89.241"; classtype:trojan-activity; sid:37729531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.247.142.161 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.247.142.161"; classtype:trojan-activity; sid:37729541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 2.183.97.237 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.183.97.237"; classtype:trojan-activity; sid:37729551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.163.198.125 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.198.125"; classtype:trojan-activity; sid:37735571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 190.204.196.84 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.204.196.84"; classtype:trojan-activity; sid:37729561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 221.153.5.102 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.153.5.102"; classtype:trojan-activity; sid:37729571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 220.134.119.60 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.134.119.60"; classtype:trojan-activity; sid:37729581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 37.44.47.19 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.44.47.19"; classtype:trojan-activity; sid:37729591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 45.141.26.152 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.141.26.152"; classtype:trojan-activity; sid:37725141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 59.174.95.251 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.174.95.251"; classtype:trojan-activity; sid:37729601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.81.3.31 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.81.3.31"; classtype:trojan-activity; sid:37729611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 67.20.227.149 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 67.20.227.149"; classtype:trojan-activity; sid:37729621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 185.233.19.153 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.233.19.153"; classtype:trojan-activity; sid:37729631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 27.31.23.237 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.31.23.237"; classtype:trojan-activity; sid:37729641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 95.158.161.35 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.158.161.35"; classtype:trojan-activity; sid:37729651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 60.160.171.131 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.160.171.131"; classtype:trojan-activity; sid:37729661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 58.183.56.7 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.183.56.7"; classtype:trojan-activity; sid:37729671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.50.51.198 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.51.198"; classtype:trojan-activity; sid:37735581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 124.221.63.147 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.63.147"; classtype:trojan-activity; sid:37735591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 61.79.48.55 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.79.48.55"; classtype:trojan-activity; sid:37729681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 218.78.91.160 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.78.91.160"; classtype:trojan-activity; sid:37735601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 92.26.229.31 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.26.229.31"; classtype:trojan-activity; sid:37729691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.134.83.223 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.83.223"; classtype:trojan-activity; sid:37725151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 106.12.168.233 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.168.233"; classtype:trojan-activity; sid:37735611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 103.44.237.12 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.44.237.12"; classtype:trojan-activity; sid:37725161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 120.48.9.61 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.9.61"; classtype:trojan-activity; sid:37735621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 110.4.252.249 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.4.252.249"; classtype:trojan-activity; sid:37729701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 125.88.221.205 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.88.221.205"; classtype:trojan-activity; sid:37735631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 171.41.146.20 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.41.146.20"; classtype:trojan-activity; sid:37729711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 24.164.134.156 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.164.134.156"; classtype:trojan-activity; sid:37729721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 116.63.162.200 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.63.162.200"; classtype:trojan-activity; sid:37735641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 103.183.121.87 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.183.121.87"; classtype:trojan-activity; sid:37729731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.165.200.246 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.165.200.246"; classtype:trojan-activity; sid:37735651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 112.103.62.175 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.62.175"; classtype:trojan-activity; sid:37729741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 219.144.67.36 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.144.67.36"; classtype:trojan-activity; sid:37725171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 43.138.109.98 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.109.98"; classtype:trojan-activity; sid:37735661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 117.214.11.226 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.11.226"; classtype:trojan-activity; sid:37729751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.251.167.127 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.251.167.127"; classtype:trojan-activity; sid:37729761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 142.202.188.187 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.202.188.187"; classtype:trojan-activity; sid:37726451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 180.105.170.190 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.105.170.190"; classtype:trojan-activity; sid:37729771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 123.97.72.62 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.97.72.62"; classtype:trojan-activity; sid:37735671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 101.43.149.225 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.149.225"; classtype:trojan-activity; sid:37735681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 83.253.191.171 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.253.191.171"; classtype:trojan-activity; sid:37729781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 45.170.221.247 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.170.221.247"; classtype:trojan-activity; sid:37729791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 60.138.244.80 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.138.244.80"; classtype:trojan-activity; sid:37729801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 68.178.168.70 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.178.168.70"; classtype:trojan-activity; sid:37735691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 125.228.185.131 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.228.185.131"; classtype:trojan-activity; sid:37735701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 175.201.30.227 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.201.30.227"; classtype:trojan-activity; sid:37729811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 153.202.61.13 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.202.61.13"; classtype:trojan-activity; sid:37729821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.61.194.97 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.194.97"; classtype:trojan-activity; sid:37729831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.31.12.165 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.12.165"; classtype:trojan-activity; sid:37729841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 139.59.169.54 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.169.54"; classtype:trojan-activity; sid:37735711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 103.217.150.171 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.217.150.171"; classtype:trojan-activity; sid:37735721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 223.10.70.64 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.10.70.64"; classtype:trojan-activity; sid:37729851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 78.25.182.87 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.25.182.87"; classtype:trojan-activity; sid:37729861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 91.92.120.113 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.120.113"; classtype:trojan-activity; sid:37725181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 5.101.133.5 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.101.133.5"; classtype:trojan-activity; sid:37726461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 182.59.216.90 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.59.216.90"; classtype:trojan-activity; sid:37729871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 66.96.243.126 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.96.243.126"; classtype:trojan-activity; sid:37726471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 124.38.207.188 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.38.207.188"; classtype:trojan-activity; sid:37729881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 123.173.76.16 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.173.76.16"; classtype:trojan-activity; sid:37729891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.239.234.224 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.239.234.224"; classtype:trojan-activity; sid:37729901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.13.237.66 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.237.66"; classtype:trojan-activity; sid:37735731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 124.221.113.44 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.113.44"; classtype:trojan-activity; sid:37735741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 113.87.227.86 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.87.227.86"; classtype:trojan-activity; sid:37729911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 139.150.83.178 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.150.83.178"; classtype:trojan-activity; sid:37735751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 45.79.5.79 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.5.79"; classtype:trojan-activity; sid:37725191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 120.78.138.48 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.78.138.48"; classtype:trojan-activity; sid:37739781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 43.134.232.8 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.232.8"; classtype:trojan-activity; sid:37739791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 106.254.1.73 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.254.1.73"; classtype:trojan-activity; sid:37726481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 103.203.224.181 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.203.224.181"; classtype:trojan-activity; sid:37735761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 58.47.105.255 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.105.255"; classtype:trojan-activity; sid:37729921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 104.156.155.26 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.156.155.26"; classtype:trojan-activity; sid:37725201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 150.95.30.155 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.30.155"; classtype:trojan-activity; sid:37735771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.245 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.245"; classtype:trojan-activity; sid:37739801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 175.11.169.33 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.169.33"; classtype:trojan-activity; sid:37729931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 116.203.220.115 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.203.220.115"; classtype:trojan-activity; sid:37735781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 213.149.145.138 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.149.145.138"; classtype:trojan-activity; sid:37729941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 185.9.73.67 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.9.73.67"; classtype:trojan-activity; sid:37729951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 217.13.217.205 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.13.217.205"; classtype:trojan-activity; sid:37729961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.33.131.6 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.33.131.6"; classtype:trojan-activity; sid:37735791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 139.217.232.49 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.217.232.49"; classtype:trojan-activity; sid:37735801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 1.34.244.227 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.34.244.227"; classtype:trojan-activity; sid:37729971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 94.154.16.1 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.154.16.1"; classtype:trojan-activity; sid:37729981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 79.127.11.60 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.127.11.60"; classtype:trojan-activity; sid:37735811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.27 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.27"; classtype:trojan-activity; sid:37735821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 186.18.186.4 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.18.186.4"; classtype:trojan-activity; sid:37729991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 24.163.79.218 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.163.79.218"; classtype:trojan-activity; sid:37730001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 162.203.144.197 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.203.144.197"; classtype:trojan-activity; sid:37730011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 69.164.194.229 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.164.194.229"; classtype:trojan-activity; sid:37725211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 213.57.175.148 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.57.175.148"; classtype:trojan-activity; sid:37735831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 104.250.34.226 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.34.226"; classtype:trojan-activity; sid:37735841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.58.210.135 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.210.135"; classtype:trojan-activity; sid:37725221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 134.122.8.241 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.122.8.241"; classtype:trojan-activity; sid:37735851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 196.49.0.60 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.49.0.60"; classtype:trojan-activity; sid:37735861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 101.36.108.9 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.36.108.9"; classtype:trojan-activity; sid:37735871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 198.199.115.112 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.115.112"; classtype:trojan-activity; sid:37730021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 82.157.80.60 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.80.60"; classtype:trojan-activity; sid:37735881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 185.91.127.218 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.91.127.218"; classtype:trojan-activity; sid:37730031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 111.124.99.53 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.124.99.53"; classtype:trojan-activity; sid:37730041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 115.227.54.167 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.227.54.167"; classtype:trojan-activity; sid:37735891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 223.13.62.63 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.13.62.63"; classtype:trojan-activity; sid:37730051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 103.53.231.139 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.53.231.139"; classtype:trojan-activity; sid:37730061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.156.194.47 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.194.47"; classtype:trojan-activity; sid:37735901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 138.217.219.174 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.217.219.174"; classtype:trojan-activity; sid:37735911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.58.178.111 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.178.111"; classtype:trojan-activity; sid:37725231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 122.156.143.62 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.156.143.62"; classtype:trojan-activity; sid:37730071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 59.93.191.203 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.93.191.203"; classtype:trojan-activity; sid:37730081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.209.122.47 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.209.122.47"; classtype:trojan-activity; sid:37730091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 196.188.237.42 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.188.237.42"; classtype:trojan-activity; sid:37735921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 117.242.240.114 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.242.240.114"; classtype:trojan-activity; sid:37730101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 93.186.43.110 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.186.43.110"; classtype:trojan-activity; sid:37730111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 1.117.40.238 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.40.238"; classtype:trojan-activity; sid:37725241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 103.215.81.133 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.215.81.133"; classtype:trojan-activity; sid:37725251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 77.120.141.36 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.120.141.36"; classtype:trojan-activity; sid:37730121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.35.1.188 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.35.1.188"; classtype:trojan-activity; sid:37730131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 59.127.197.153 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.127.197.153"; classtype:trojan-activity; sid:37730141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 207.154.228.21 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.154.228.21"; classtype:trojan-activity; sid:37735931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 182.240.231.10 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.231.10"; classtype:trojan-activity; sid:37730151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 27.19.73.248 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.19.73.248"; classtype:trojan-activity; sid:37730161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 165.154.199.71 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.199.71"; classtype:trojan-activity; sid:37735941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 113.200.222.57 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.222.57"; classtype:trojan-activity; sid:37725261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 5.157.10.83 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.157.10.83"; classtype:trojan-activity; sid:37735951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 113.142.54.163 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.142.54.163"; classtype:trojan-activity; sid:37735961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 175.8.114.209 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.8.114.209"; classtype:trojan-activity; sid:37730171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 152.53.22.44 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.53.22.44"; classtype:trojan-activity; sid:37735971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 185.180.143.9 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.180.143.9"; classtype:trojan-activity; sid:37725271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 43.135.26.50 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.26.50"; classtype:trojan-activity; sid:37735981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 103.93.97.209 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.93.97.209"; classtype:trojan-activity; sid:37735991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 111.230.10.59 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.10.59"; classtype:trojan-activity; sid:37725281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 1.34.236.199 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.34.236.199"; classtype:trojan-activity; sid:37730181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 110.178.47.252 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.178.47.252"; classtype:trojan-activity; sid:37730191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 12.3.142.154 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 12.3.142.154"; classtype:trojan-activity; sid:37730201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 185.40.177.44 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.40.177.44"; classtype:trojan-activity; sid:37730211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.135.140.48 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.140.48"; classtype:trojan-activity; sid:37736001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 117.81.195.49 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.81.195.49"; classtype:trojan-activity; sid:37730221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 192.241.233.36 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.233.36"; classtype:trojan-activity; sid:37725291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 58.47.86.231 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.86.231"; classtype:trojan-activity; sid:37730231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 221.233.98.86 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.233.98.86"; classtype:trojan-activity; sid:37730241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 101.43.212.141 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.212.141"; classtype:trojan-activity; sid:37736011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 14.33.199.160 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.33.199.160"; classtype:trojan-activity; sid:37736021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 201.234.71.160 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.234.71.160"; classtype:trojan-activity; sid:37739811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 88.248.2.113 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.248.2.113"; classtype:trojan-activity; sid:37730251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 180.95.238.149 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.95.238.149"; classtype:trojan-activity; sid:37736031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 35.243.208.234 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.243.208.234"; classtype:trojan-activity; sid:37736041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.154.237.136 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.237.136"; classtype:trojan-activity; sid:37736051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 137.184.16.238 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.16.238"; classtype:trojan-activity; sid:37736061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.225.199.92 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.225.199.92"; classtype:trojan-activity; sid:37725301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 106.58.219.212 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.219.212"; classtype:trojan-activity; sid:37725311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 36.111.166.97 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.111.166.97"; classtype:trojan-activity; sid:37725321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 34.101.103.127 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.101.103.127"; classtype:trojan-activity; sid:37736071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.55.54.44 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.54.44"; classtype:trojan-activity; sid:37725331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 36.111.146.78 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.111.146.78"; classtype:trojan-activity; sid:37725341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 113.232.139.178 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.232.139.178"; classtype:trojan-activity; sid:37730261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 58.34.140.178 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.34.140.178"; classtype:trojan-activity; sid:37730271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 160.248.46.83 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 160.248.46.83"; classtype:trojan-activity; sid:37730281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 216.244.247.238 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.244.247.238"; classtype:trojan-activity; sid:37730291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 163.228.226.161 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.228.226.161"; classtype:trojan-activity; sid:37736081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 2.63.188.32 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.63.188.32"; classtype:trojan-activity; sid:37730301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 148.113.15.212 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.113.15.212"; classtype:trojan-activity; sid:37736091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 111.235.250.181 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.235.250.181"; classtype:trojan-activity; sid:37736101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 110.183.48.51 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.183.48.51"; classtype:trojan-activity; sid:37730311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 58.209.83.81 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.209.83.81"; classtype:trojan-activity; sid:37736111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 23.105.192.215 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.105.192.215"; classtype:trojan-activity; sid:37736121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 91.234.195.68 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.234.195.68"; classtype:trojan-activity; sid:37736131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 120.48.82.40 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.82.40"; classtype:trojan-activity; sid:37736141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 118.163.176.115 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.163.176.115"; classtype:trojan-activity; sid:37725351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 118.89.144.124 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.144.124"; classtype:trojan-activity; sid:37726491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 14.231.248.83 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.231.248.83"; classtype:trojan-activity; sid:37730321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.63.229.231 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.63.229.231"; classtype:trojan-activity; sid:37730331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 61.216.106.87 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.216.106.87"; classtype:trojan-activity; sid:37730341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 198.235.24.248 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.248"; classtype:trojan-activity; sid:37736151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 101.33.237.30 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.237.30"; classtype:trojan-activity; sid:37736161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 223.151.227.44 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.227.44"; classtype:trojan-activity; sid:37730351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 120.202.49.41 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.202.49.41"; classtype:trojan-activity; sid:37725361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 113.200.137.63 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.63"; classtype:trojan-activity; sid:37730361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 213.6.8.237 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.6.8.237"; classtype:trojan-activity; sid:37736171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 162.62.63.222 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.63.222"; classtype:trojan-activity; sid:37736181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 66.29.128.85 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.29.128.85"; classtype:trojan-activity; sid:37725371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 190.124.32.18 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.124.32.18"; classtype:trojan-activity; sid:37725381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 190.109.227.248 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.248"; classtype:trojan-activity; sid:37730371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 201.80.125.11 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.80.125.11"; classtype:trojan-activity; sid:37730381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 119.114.226.97 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.114.226.97"; classtype:trojan-activity; sid:37730391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 146.190.125.169 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.125.169"; classtype:trojan-activity; sid:37736191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 121.236.99.32 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.236.99.32"; classtype:trojan-activity; sid:37730401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 65.73.231.122 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.73.231.122"; classtype:trojan-activity; sid:37736201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 192.241.236.11 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.236.11"; classtype:trojan-activity; sid:37730411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 116.171.1.137 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.171.1.137"; classtype:trojan-activity; sid:37730421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 101.91.181.235 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.91.181.235"; classtype:trojan-activity; sid:37736211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 220.134.13.107 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.134.13.107"; classtype:trojan-activity; sid:37736221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.187 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.187"; classtype:trojan-activity; sid:37725391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 222.246.113.120 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.113.120"; classtype:trojan-activity; sid:37730431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 144.76.105.86 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.76.105.86"; classtype:trojan-activity; sid:37736231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 116.207.23.195 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.207.23.195"; classtype:trojan-activity; sid:37730441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 50.215.29.170 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.215.29.170"; classtype:trojan-activity; sid:37736241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 123.149.76.249 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.149.76.249"; classtype:trojan-activity; sid:37730451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 171.112.87.155 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.112.87.155"; classtype:trojan-activity; sid:37730461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.41.51.94 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.51.94"; classtype:trojan-activity; sid:37730471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 103.164.77.254 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.164.77.254"; classtype:trojan-activity; sid:37736251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 82.156.34.229 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.34.229"; classtype:trojan-activity; sid:37736261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 114.216.24.48 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.216.24.48"; classtype:trojan-activity; sid:37730481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 93.182.64.181 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.182.64.181"; classtype:trojan-activity; sid:37730491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 115.77.52.189 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.77.52.189"; classtype:trojan-activity; sid:37736271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 112.102.85.55 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.85.55"; classtype:trojan-activity; sid:37730501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 200.84.135.150 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.84.135.150"; classtype:trojan-activity; sid:37730511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 36.133.115.2 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.115.2"; classtype:trojan-activity; sid:37736281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.254.1.86 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.254.1.86"; classtype:trojan-activity; sid:37726501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 220.132.248.98 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.132.248.98"; classtype:trojan-activity; sid:37730521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 125.19.112.52 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.19.112.52"; classtype:trojan-activity; sid:37736291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 182.240.11.129 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.11.129"; classtype:trojan-activity; sid:37730531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 185.233.19.134 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.233.19.134"; classtype:trojan-activity; sid:37730541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 212.33.26.198 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.33.26.198"; classtype:trojan-activity; sid:37736301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 182.240.62.254 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.240.62.254"; classtype:trojan-activity; sid:37730551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 103.83.10.254 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.83.10.254"; classtype:trojan-activity; sid:37736311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 123.201.24.188 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.201.24.188"; classtype:trojan-activity; sid:37730561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.222.155.211 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.155.211"; classtype:trojan-activity; sid:37736321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 41.175.18.170 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.175.18.170"; classtype:trojan-activity; sid:37736331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 88.247.22.157 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.247.22.157"; classtype:trojan-activity; sid:37730571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 101.43.34.82 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.34.82"; classtype:trojan-activity; sid:37736341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 62.6.252.50 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.6.252.50"; classtype:trojan-activity; sid:37725401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 45.142.182.109 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.142.182.109"; classtype:trojan-activity; sid:37736351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 1.48.182.131 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.48.182.131"; classtype:trojan-activity; sid:37730581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 91.244.210.240 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.244.210.240"; classtype:trojan-activity; sid:37730591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 186.10.125.209 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.10.125.209"; classtype:trojan-activity; sid:37736361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 59.125.160.226 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.125.160.226"; classtype:trojan-activity; sid:37736371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 195.19.123.3 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.19.123.3"; classtype:trojan-activity; sid:37730601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 138.197.24.249 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.24.249"; classtype:trojan-activity; sid:37725411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 177.12.95.120 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.12.95.120"; classtype:trojan-activity; sid:37730611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.200.137.83 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.137.83"; classtype:trojan-activity; sid:37730621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 78.165.16.255 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.165.16.255"; classtype:trojan-activity; sid:37730631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.190.65.48 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.190.65.48"; classtype:trojan-activity; sid:37730641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 37.229.163.88 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.229.163.88"; classtype:trojan-activity; sid:37730651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 212.92.232.101 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.92.232.101"; classtype:trojan-activity; sid:37730661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 41.43.237.71 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.43.237.71"; classtype:trojan-activity; sid:37730671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 2.192.229.248 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.192.229.248"; classtype:trojan-activity; sid:37730681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 181.94.215.202 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.94.215.202"; classtype:trojan-activity; sid:37736381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.130.203.240 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.203.240"; classtype:trojan-activity; sid:37736391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.167 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.167"; classtype:trojan-activity; sid:37730691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.57.209.166 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.57.209.166"; classtype:trojan-activity; sid:37730701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.13.222.172 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.222.172"; classtype:trojan-activity; sid:37736401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 61.136.164.94 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.136.164.94"; classtype:trojan-activity; sid:37725421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 182.53.69.55 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.69.55"; classtype:trojan-activity; sid:37730711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.241.54.211 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.241.54.211"; classtype:trojan-activity; sid:37736411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 164.92.117.229 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.117.229"; classtype:trojan-activity; sid:37725431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 111.178.116.191 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.178.116.191"; classtype:trojan-activity; sid:37730721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 81.226.88.121 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.226.88.121"; classtype:trojan-activity; sid:37730731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 185.11.61.106 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.11.61.106"; classtype:trojan-activity; sid:37730741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 179.62.89.72 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.62.89.72"; classtype:trojan-activity; sid:37736421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 62.99.74.174 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.99.74.174"; classtype:trojan-activity; sid:37736431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 103.170.255.230 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.170.255.230"; classtype:trojan-activity; sid:37725441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 45.184.108.111 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.184.108.111"; classtype:trojan-activity; sid:37736441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.116.3.38 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.116.3.38"; classtype:trojan-activity; sid:37730751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 83.250.175.207 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.250.175.207"; classtype:trojan-activity; sid:37730761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 193.176.158.189 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.176.158.189"; classtype:trojan-activity; sid:37736451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 181.115.145.34 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.115.145.34"; classtype:trojan-activity; sid:37736461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 54.39.98.5 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.39.98.5"; classtype:trojan-activity; sid:37736471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 23.164.56.239 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.164.56.239"; classtype:trojan-activity; sid:37736481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 45.119.210.146 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.119.210.146"; classtype:trojan-activity; sid:37725451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 59.28.44.199 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.28.44.199"; classtype:trojan-activity; sid:37736491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 58.47.10.146 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.47.10.146"; classtype:trojan-activity; sid:37730771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.32.188.75 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.32.188.75"; classtype:trojan-activity; sid:37730781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 181.230.112.197 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.230.112.197"; classtype:trojan-activity; sid:37730791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 180.130.175.64 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.130.175.64"; classtype:trojan-activity; sid:37730801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 205.210.31.69 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.69"; classtype:trojan-activity; sid:37736501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 104.131.144.35 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.144.35"; classtype:trojan-activity; sid:37726511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 71.128.32.25 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.128.32.25"; classtype:trojan-activity; sid:37736511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 61.220.227.165 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.220.227.165"; classtype:trojan-activity; sid:37730811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 81.225.39.194 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.225.39.194"; classtype:trojan-activity; sid:37730821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 87.236.176.107 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.107"; classtype:trojan-activity; sid:37736521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 49.64.189.104 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.64.189.104"; classtype:trojan-activity; sid:37730831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 222.118.160.227 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.118.160.227"; classtype:trojan-activity; sid:37736531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 124.89.86.136 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.89.86.136"; classtype:trojan-activity; sid:37730841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.143.226.195 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.226.195"; classtype:trojan-activity; sid:37736541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 114.228.88.228 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.228.88.228"; classtype:trojan-activity; sid:37730851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 198.235.24.23 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.23"; classtype:trojan-activity; sid:37736561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 115.210.234.124 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.210.234.124"; classtype:trojan-activity; sid:37730861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.35.240.78 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.35.240.78"; classtype:trojan-activity; sid:37730871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 174.138.55.89 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.55.89"; classtype:trojan-activity; sid:37730881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.246.205.116 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.246.205.116"; classtype:trojan-activity; sid:37730891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 137.184.38.254 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.38.254"; classtype:trojan-activity; sid:37736571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 222.246.111.250 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.111.250"; classtype:trojan-activity; sid:37730901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 207.90.244.3 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.90.244.3"; classtype:trojan-activity; sid:37739821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 175.199.116.161 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.199.116.161"; classtype:trojan-activity; sid:37736581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 183.129.178.206 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.129.178.206"; classtype:trojan-activity; sid:37730911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.156.80.15 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.80.15"; classtype:trojan-activity; sid:37736591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 117.219.88.26 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.219.88.26"; classtype:trojan-activity; sid:37730921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 5.9.239.19 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.9.239.19"; classtype:trojan-activity; sid:37725461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 190.109.228.131 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.228.131"; classtype:trojan-activity; sid:37730931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 158.220.87.235 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.220.87.235"; classtype:trojan-activity; sid:37736601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 61.210.162.232 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.210.162.232"; classtype:trojan-activity; sid:37730941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 190.9.23.205 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.9.23.205"; classtype:trojan-activity; sid:37730951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.126.121.131 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.126.121.131"; classtype:trojan-activity; sid:37730961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 42.51.227.67 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.227.67"; classtype:trojan-activity; sid:37736611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.154.175.10 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.175.10"; classtype:trojan-activity; sid:37736621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 50.66.82.156 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.66.82.156"; classtype:trojan-activity; sid:37730971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 45.201.204.198 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.201.204.198"; classtype:trojan-activity; sid:37736631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 192.141.148.99 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.141.148.99"; classtype:trojan-activity; sid:37736641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 45.125.66.26 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.125.66.26"; classtype:trojan-activity; sid:37726521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 47.98.218.155 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.98.218.155"; classtype:trojan-activity; sid:37736651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.58.178.2 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.178.2"; classtype:trojan-activity; sid:37725471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 60.199.224.55 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.199.224.55"; classtype:trojan-activity; sid:37736661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 103.113.104.49 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.113.104.49"; classtype:trojan-activity; sid:37736671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 185.165.190.17 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.165.190.17"; classtype:trojan-activity; sid:37736681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 223.221.36.104 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.221.36.104"; classtype:trojan-activity; sid:37739831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 134.175.89.91 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.175.89.91"; classtype:trojan-activity; sid:37725481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 122.254.96.100 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.254.96.100"; classtype:trojan-activity; sid:37736691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 36.103.243.179 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.103.243.179"; classtype:trojan-activity; sid:37736701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 37.194.206.12 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.194.206.12"; classtype:trojan-activity; sid:37736711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 61.191.153.150 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.191.153.150"; classtype:trojan-activity; sid:37730981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 54.37.73.222 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.37.73.222"; classtype:trojan-activity; sid:37730991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 150.223.13.195 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.223.13.195"; classtype:trojan-activity; sid:37725491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 182.254.135.197 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.254.135.197"; classtype:trojan-activity; sid:37736721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 172.81.62.189 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.189"; classtype:trojan-activity; sid:37726531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 159.203.44.43 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.44.43"; classtype:trojan-activity; sid:37731001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.214.64.254 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.64.254"; classtype:trojan-activity; sid:37731011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 205.210.31.106 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.106"; classtype:trojan-activity; sid:37725501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 119.100.164.16 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.100.164.16"; classtype:trojan-activity; sid:37731021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.134.185.197 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.185.197"; classtype:trojan-activity; sid:37736731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 67.216.211.177 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 67.216.211.177"; classtype:trojan-activity; sid:37736741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 109.94.172.86 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.94.172.86"; classtype:trojan-activity; sid:37736751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 162.142.125.212 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.212"; classtype:trojan-activity; sid:37736761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 191.242.105.133 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.242.105.133"; classtype:trojan-activity; sid:37736771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 139.212.71.77 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.212.71.77"; classtype:trojan-activity; sid:37736781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 89.46.223.32 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.46.223.32"; classtype:trojan-activity; sid:37736791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 178.128.233.199 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.233.199"; classtype:trojan-activity; sid:37736801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 126.51.191.106 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.51.191.106"; classtype:trojan-activity; sid:37731031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.228.162.184 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.228.162.184"; classtype:trojan-activity; sid:37731041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.156.237.124 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.237.124"; classtype:trojan-activity; sid:37736811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 79.41.209.184 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.41.209.184"; classtype:trojan-activity; sid:37731051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 85.99.100.79 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.99.100.79"; classtype:trojan-activity; sid:37731061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.138.31.20 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.31.20"; classtype:trojan-activity; sid:37725511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 43.133.68.224 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.68.224"; classtype:trojan-activity; sid:37731071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 5.58.75.56 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.58.75.56"; classtype:trojan-activity; sid:37731081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 87.236.176.222 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.222"; classtype:trojan-activity; sid:37739841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 207.90.244.14 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.90.244.14"; classtype:trojan-activity; sid:37725521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 183.14.213.138 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.14.213.138"; classtype:trojan-activity; sid:37731091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 159.65.0.189 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.0.189"; classtype:trojan-activity; sid:37736821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 34.91.0.68 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.91.0.68"; classtype:trojan-activity; sid:37731101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.153.67.222 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.67.222"; classtype:trojan-activity; sid:37736831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 201.216.68.130 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.216.68.130"; classtype:trojan-activity; sid:37736841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 82.64.11.95 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.64.11.95"; classtype:trojan-activity; sid:37736851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 128.199.179.8 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.179.8"; classtype:trojan-activity; sid:37736861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 166.159.41.147 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 166.159.41.147"; classtype:trojan-activity; sid:37736871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 123.165.152.227 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.165.152.227"; classtype:trojan-activity; sid:37731111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 125.43.73.215 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.43.73.215"; classtype:trojan-activity; sid:37731121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 64.227.139.218 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.139.218"; classtype:trojan-activity; sid:37731131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 109.154.230.163 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.154.230.163"; classtype:trojan-activity; sid:37731141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 101.71.210.99 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.71.210.99"; classtype:trojan-activity; sid:37731151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.217.72.24 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.217.72.24"; classtype:trojan-activity; sid:37731161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 115.159.51.34 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.51.34"; classtype:trojan-activity; sid:37725531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 197.146.53.204 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.146.53.204"; classtype:trojan-activity; sid:37725541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 106.58.211.156 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.211.156"; classtype:trojan-activity; sid:37725551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 185.242.235.113 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.242.235.113"; classtype:trojan-activity; sid:37725561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 87.236.176.93 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.93"; classtype:trojan-activity; sid:37739851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 42.242.119.5 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.242.119.5"; classtype:trojan-activity; sid:37731171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 168.232.165.39 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.232.165.39"; classtype:trojan-activity; sid:37736881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 113.81.114.23 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.81.114.23"; classtype:trojan-activity; sid:37731181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 213.14.135.194 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.14.135.194"; classtype:trojan-activity; sid:37731191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 66.190.154.81 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.190.154.81"; classtype:trojan-activity; sid:37731201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 45.128.96.200 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.128.96.200"; classtype:trojan-activity; sid:37736891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.154.207.124 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.207.124"; classtype:trojan-activity; sid:37736901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 183.56.206.27 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.206.27"; classtype:trojan-activity; sid:37736911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.188 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.188"; classtype:trojan-activity; sid:37725571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 91.197.88.183 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.197.88.183"; classtype:trojan-activity; sid:37731211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.33.19.198 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.33.19.198"; classtype:trojan-activity; sid:37731221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 122.187.229.87 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.187.229.87"; classtype:trojan-activity; sid:37731231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 68.168.135.77 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.168.135.77"; classtype:trojan-activity; sid:37736921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.135.149.200 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.149.200"; classtype:trojan-activity; sid:37736931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 180.103.52.94 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.103.52.94"; classtype:trojan-activity; sid:37731241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 185.196.9.96 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.196.9.96"; classtype:trojan-activity; sid:37731251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 103.85.85.28 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.85.85.28"; classtype:trojan-activity; sid:37736941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 51.178.136.185 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.178.136.185"; classtype:trojan-activity; sid:37736951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 116.108.52.40 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.108.52.40"; classtype:trojan-activity; sid:37736961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 122.96.31.210 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.96.31.210"; classtype:trojan-activity; sid:37731261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 111.207.231.65 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.207.231.65"; classtype:trojan-activity; sid:37731271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 191.58.30.60 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.58.30.60"; classtype:trojan-activity; sid:37731281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 196.189.69.217 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.189.69.217"; classtype:trojan-activity; sid:37731291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 70.248.23.96 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 70.248.23.96"; classtype:trojan-activity; sid:37731301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.147.226.138 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.147.226.138"; classtype:trojan-activity; sid:37731311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 123.173.6.28 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.173.6.28"; classtype:trojan-activity; sid:37731321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 198.235.24.86 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.86"; classtype:trojan-activity; sid:37736971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 111.231.15.224 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.15.224"; classtype:trojan-activity; sid:37725581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 49.169.77.4 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.169.77.4"; classtype:trojan-activity; sid:37731331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.156.211.246 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.211.246"; classtype:trojan-activity; sid:37736981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 172.104.131.24 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.104.131.24"; classtype:trojan-activity; sid:37736991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 117.72.14.206 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.14.206"; classtype:trojan-activity; sid:37739861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 172.104.4.17 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.104.4.17"; classtype:trojan-activity; sid:37731341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 220.142.201.239 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.142.201.239"; classtype:trojan-activity; sid:37731351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 84.54.51.220 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.54.51.220"; classtype:trojan-activity; sid:37731361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.98.224.15 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.98.224.15"; classtype:trojan-activity; sid:37737001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 167.71.254.138 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.254.138"; classtype:trojan-activity; sid:37737011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.55.100.84 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.100.84"; classtype:trojan-activity; sid:37737021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 221.181.232.231 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.181.232.231"; classtype:trojan-activity; sid:37731371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 107.164.78.174 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.164.78.174"; classtype:trojan-activity; sid:37726541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 124.230.124.250 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.230.124.250"; classtype:trojan-activity; sid:37737031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.128.88.244 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.88.244"; classtype:trojan-activity; sid:37737041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 45.79.28.243 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.28.243"; classtype:trojan-activity; sid:37725591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 167.94.145.55 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.145.55"; classtype:trojan-activity; sid:37731381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.78.142.4 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.78.142.4"; classtype:trojan-activity; sid:37737051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 27.203.239.74 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.203.239.74"; classtype:trojan-activity; sid:37731391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 37.25.34.168 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.25.34.168"; classtype:trojan-activity; sid:37731401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 46.186.229.247 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.186.229.247"; classtype:trojan-activity; sid:37731411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 220.137.109.146 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.137.109.146"; classtype:trojan-activity; sid:37731421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 118.173.61.146 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.173.61.146"; classtype:trojan-activity; sid:37731431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.0.135.130 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.0.135.130"; classtype:trojan-activity; sid:37731441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 23.94.214.145 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.214.145"; classtype:trojan-activity; sid:37737061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.139.102.65 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.102.65"; classtype:trojan-activity; sid:37737071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 101.32.141.93 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.141.93"; classtype:trojan-activity; sid:37737081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 140.246.215.173 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.246.215.173"; classtype:trojan-activity; sid:37725601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 124.103.224.63 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.103.224.63"; classtype:trojan-activity; sid:37731451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 120.57.215.82 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.57.215.82"; classtype:trojan-activity; sid:37731461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 77.120.135.25 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.120.135.25"; classtype:trojan-activity; sid:37731471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 185.106.94.130 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.106.94.130"; classtype:trojan-activity; sid:37725611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 113.25.223.166 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.25.223.166"; classtype:trojan-activity; sid:37731481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 153.160.79.135 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.160.79.135"; classtype:trojan-activity; sid:37731491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 27.29.123.6 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.29.123.6"; classtype:trojan-activity; sid:37731501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 123.172.67.54 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.67.54"; classtype:trojan-activity; sid:37731511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.156.194.51 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.194.51"; classtype:trojan-activity; sid:37737091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 167.172.108.14 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.108.14"; classtype:trojan-activity; sid:37726551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 121.224.217.69 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.224.217.69"; classtype:trojan-activity; sid:37731521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 112.68.22.93 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.68.22.93"; classtype:trojan-activity; sid:37731531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 158.101.127.60 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.101.127.60"; classtype:trojan-activity; sid:37737101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.155.163.36 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.163.36"; classtype:trojan-activity; sid:37737111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 61.156.26.234 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.156.26.234"; classtype:trojan-activity; sid:37731541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 91.10.179.74 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.10.179.74"; classtype:trojan-activity; sid:37731551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 123.179.156.46 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.179.156.46"; classtype:trojan-activity; sid:37731561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.16.41.194 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.16.41.194"; classtype:trojan-activity; sid:37737121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 201.168.155.16 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.168.155.16"; classtype:trojan-activity; sid:37737131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.75.20.182 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.20.182"; classtype:trojan-activity; sid:37725621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 113.24.161.248 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.24.161.248"; classtype:trojan-activity; sid:37731571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.89.103.161 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.89.103.161"; classtype:trojan-activity; sid:37731581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 45.136.254.245 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.136.254.245"; classtype:trojan-activity; sid:37737141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 144.217.248.105 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.217.248.105"; classtype:trojan-activity; sid:37737151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 80.91.223.58 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.91.223.58"; classtype:trojan-activity; sid:37725631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 182.31.62.100 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.31.62.100"; classtype:trojan-activity; sid:37737161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.153.219.239 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.219.239"; classtype:trojan-activity; sid:37737171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 58.54.163.50 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.54.163.50"; classtype:trojan-activity; sid:37731591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 111.123.95.45 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.123.95.45"; classtype:trojan-activity; sid:37731601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 115.218.122.119 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.218.122.119"; classtype:trojan-activity; sid:37731611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 42.180.187.138 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.180.187.138"; classtype:trojan-activity; sid:37731621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 162.62.218.43 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.218.43"; classtype:trojan-activity; sid:37737181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 117.190.224.44 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.190.224.44"; classtype:trojan-activity; sid:37731631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 198.235.24.2 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.2"; classtype:trojan-activity; sid:37725641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 191.55.195.9 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.55.195.9"; classtype:trojan-activity; sid:37731641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.226.234.235 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.226.234.235"; classtype:trojan-activity; sid:37731651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 107.172.157.203 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.157.203"; classtype:trojan-activity; sid:37737191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 119.73.179.114 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.73.179.114"; classtype:trojan-activity; sid:37737201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 140.246.121.17 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.246.121.17"; classtype:trojan-activity; sid:37737211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 144.34.171.163 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.34.171.163"; classtype:trojan-activity; sid:37737221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 68.183.136.228 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.136.228"; classtype:trojan-activity; sid:37726561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 62.16.131.101 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.16.131.101"; classtype:trojan-activity; sid:37731661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 198.235.24.221 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.221"; classtype:trojan-activity; sid:37725651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 82.223.249.206 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.223.249.206"; classtype:trojan-activity; sid:37737231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 49.86.88.177 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.86.88.177"; classtype:trojan-activity; sid:37731671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 153.129.228.188 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.129.228.188"; classtype:trojan-activity; sid:37731681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 190.109.227.81 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.81"; classtype:trojan-activity; sid:37731691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 91.103.252.174 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.103.252.174"; classtype:trojan-activity; sid:37737241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 125.230.236.203 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.230.236.203"; classtype:trojan-activity; sid:37725661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 162.221.192.58 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.221.192.58"; classtype:trojan-activity; sid:37737251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 167.94.146.53 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.146.53"; classtype:trojan-activity; sid:37725671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 120.48.164.59 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.164.59"; classtype:trojan-activity; sid:37737261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 159.223.148.156 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.148.156"; classtype:trojan-activity; sid:37737271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 211.194.93.129 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.194.93.129"; classtype:trojan-activity; sid:37731701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 142.202.188.189 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.202.188.189"; classtype:trojan-activity; sid:37726571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 179.95.180.141 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.95.180.141"; classtype:trojan-activity; sid:37737281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 118.250.106.85 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.250.106.85"; classtype:trojan-activity; sid:37731711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 1.33.229.83 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.33.229.83"; classtype:trojan-activity; sid:37731721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 222.135.11.55 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.135.11.55"; classtype:trojan-activity; sid:37731731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 181.224.94.116 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.224.94.116"; classtype:trojan-activity; sid:37737291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 223.151.251.177 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.251.177"; classtype:trojan-activity; sid:37731741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 213.5.130.57 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.5.130.57"; classtype:trojan-activity; sid:37737301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 180.114.108.148 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.114.108.148"; classtype:trojan-activity; sid:37731751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.61.132.202 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.132.202"; classtype:trojan-activity; sid:37731761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.61.136.205 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.136.205"; classtype:trojan-activity; sid:37731771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 104.234.30.190 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.234.30.190"; classtype:trojan-activity; sid:37737311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.155.161.84 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.161.84"; classtype:trojan-activity; sid:37737321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 153.172.145.37 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.172.145.37"; classtype:trojan-activity; sid:37731781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 112.72.209.125 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.72.209.125"; classtype:trojan-activity; sid:37731791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 135.125.161.64 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 135.125.161.64"; classtype:trojan-activity; sid:37737331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.136.65.155 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.65.155"; classtype:trojan-activity; sid:37737341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 85.175.102.14 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.175.102.14"; classtype:trojan-activity; sid:37731801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 221.235.201.84 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.235.201.84"; classtype:trojan-activity; sid:37731811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 138.97.64.134 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.97.64.134"; classtype:trojan-activity; sid:37737351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 5.158.126.127 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.158.126.127"; classtype:trojan-activity; sid:37731821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 187.200.56.18 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.200.56.18"; classtype:trojan-activity; sid:37737361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 222.189.192.28 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.189.192.28"; classtype:trojan-activity; sid:37731831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 206.189.79.164 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.79.164"; classtype:trojan-activity; sid:37725681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 198.16.63.237 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.16.63.237"; classtype:trojan-activity; sid:37737371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 35.131.2.104 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.131.2.104"; classtype:trojan-activity; sid:37737381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 178.46.156.19 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.46.156.19"; classtype:trojan-activity; sid:37731841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.200.197.56 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.200.197.56"; classtype:trojan-activity; sid:37731851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.140.209.68 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.140.209.68"; classtype:trojan-activity; sid:37737391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 167.99.117.16 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.117.16"; classtype:trojan-activity; sid:37737401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 175.104.21.43 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.104.21.43"; classtype:trojan-activity; sid:37731861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 183.93.205.209 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.93.205.209"; classtype:trojan-activity; sid:37731871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.26.181.45 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.26.181.45"; classtype:trojan-activity; sid:37731881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.67.112.190 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.67.112.190"; classtype:trojan-activity; sid:37737411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 47.104.0.145 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.104.0.145"; classtype:trojan-activity; sid:37737421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 5.11.65.248 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.11.65.248"; classtype:trojan-activity; sid:37731891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 82.207.8.218 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.207.8.218"; classtype:trojan-activity; sid:37737431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 118.174.196.184 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.174.196.184"; classtype:trojan-activity; sid:37731901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 122.13.25.186 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.13.25.186"; classtype:trojan-activity; sid:37737441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 47.236.111.119 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.111.119"; classtype:trojan-activity; sid:37731911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 50.79.90.237 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.79.90.237"; classtype:trojan-activity; sid:37731921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 178.166.118.173 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.166.118.173"; classtype:trojan-activity; sid:37737451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 186.121.203.115 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.121.203.115"; classtype:trojan-activity; sid:37737461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 205.210.31.219 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.219"; classtype:trojan-activity; sid:37737471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 71.132.41.91 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 71.132.41.91"; classtype:trojan-activity; sid:37737481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 58.48.239.153 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.48.239.153"; classtype:trojan-activity; sid:37737491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 89.218.108.122 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.218.108.122"; classtype:trojan-activity; sid:37731931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 49.70.95.53 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.70.95.53"; classtype:trojan-activity; sid:37731941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 157.7.68.28 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.7.68.28"; classtype:trojan-activity; sid:37725691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 123.53.56.92 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.53.56.92"; classtype:trojan-activity; sid:37726581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 150.109.20.83 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.20.83"; classtype:trojan-activity; sid:37737501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 2.181.122.49 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.181.122.49"; classtype:trojan-activity; sid:37731951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 104.250.50.224 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.224"; classtype:trojan-activity; sid:37737511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.83 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.83"; classtype:trojan-activity; sid:37737521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 112.116.218.120 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.116.218.120"; classtype:trojan-activity; sid:37731961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 200.59.114.93 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.59.114.93"; classtype:trojan-activity; sid:37731971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.214.74.14 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.74.14"; classtype:trojan-activity; sid:37731981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 220.135.41.206 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.135.41.206"; classtype:trojan-activity; sid:37731991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.156.225.179 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.225.179"; classtype:trojan-activity; sid:37737531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 205.210.31.17 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.17"; classtype:trojan-activity; sid:37737541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 205.210.31.88 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.88"; classtype:trojan-activity; sid:37725701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 15.204.199.92 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.204.199.92"; classtype:trojan-activity; sid:37725711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 106.75.245.66 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.245.66"; classtype:trojan-activity; sid:37725721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 165.227.82.53 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.82.53"; classtype:trojan-activity; sid:37725731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 103.191.178.123 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.191.178.123"; classtype:trojan-activity; sid:37737551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 167.71.251.105 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.251.105"; classtype:trojan-activity; sid:37737561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 186.10.86.130 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.10.86.130"; classtype:trojan-activity; sid:37737571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 120.92.21.18 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.92.21.18"; classtype:trojan-activity; sid:37737581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.134.226.192 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.226.192"; classtype:trojan-activity; sid:37737591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.159.51.114 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.51.114"; classtype:trojan-activity; sid:37737601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 117.233.167.114 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.167.114"; classtype:trojan-activity; sid:37732001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 114.134.90.154 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.134.90.154"; classtype:trojan-activity; sid:37732011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 81.234.206.143 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.234.206.143"; classtype:trojan-activity; sid:37732021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 58.209.149.19 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.209.149.19"; classtype:trojan-activity; sid:37732031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.221.208.41 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.208.41"; classtype:trojan-activity; sid:37737611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 42.193.228.118 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.228.118"; classtype:trojan-activity; sid:37737621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 46.118.163.31 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.118.163.31"; classtype:trojan-activity; sid:37732041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 119.64.179.29 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.64.179.29"; classtype:trojan-activity; sid:37732051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 218.18.5.222 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.18.5.222"; classtype:trojan-activity; sid:37732061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 153.160.46.149 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.160.46.149"; classtype:trojan-activity; sid:37732071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 47.92.93.30 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.92.93.30"; classtype:trojan-activity; sid:37737631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 172.81.60.83 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.60.83"; classtype:trojan-activity; sid:37726591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 141.98.11.40 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.40"; classtype:trojan-activity; sid:37732081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.140.221.64 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.221.64"; classtype:trojan-activity; sid:37737641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.104 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.104"; classtype:trojan-activity; sid:37737651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 134.122.17.178 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.122.17.178"; classtype:trojan-activity; sid:37737661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 45.55.194.66 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.55.194.66"; classtype:trojan-activity; sid:37737671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 58.52.98.184 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.52.98.184"; classtype:trojan-activity; sid:37732091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 202.157.186.28 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.186.28"; classtype:trojan-activity; sid:37737681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.139.67.191 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.67.191"; classtype:trojan-activity; sid:37737691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 198.199.97.24 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.97.24"; classtype:trojan-activity; sid:37737701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 172.247.44.221 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.247.44.221"; classtype:trojan-activity; sid:37737711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 112.113.130.99 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.113.130.99"; classtype:trojan-activity; sid:37732101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 174.176.144.111 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.176.144.111"; classtype:trojan-activity; sid:37732111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.220.23.48 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.23.48"; classtype:trojan-activity; sid:37732121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 41.44.174.92 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.44.174.92"; classtype:trojan-activity; sid:37732131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 112.185.143.33 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.185.143.33"; classtype:trojan-activity; sid:37732141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 91.150.126.124 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.150.126.124"; classtype:trojan-activity; sid:37725741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 111.42.128.52 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.42.128.52"; classtype:trojan-activity; sid:37732151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 157.7.213.204 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.7.213.204"; classtype:trojan-activity; sid:37737721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 128.14.209.38 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.14.209.38"; classtype:trojan-activity; sid:37737731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 116.53.43.167 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.53.43.167"; classtype:trojan-activity; sid:37732161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.201.229.7 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.201.229.7"; classtype:trojan-activity; sid:37737741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 68.178.160.133 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.178.160.133"; classtype:trojan-activity; sid:37737751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.32.144.10 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.32.144.10"; classtype:trojan-activity; sid:37732171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.6.209.225 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.209.225"; classtype:trojan-activity; sid:37737761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 206.189.39.235 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.39.235"; classtype:trojan-activity; sid:37732181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 196.219.167.130 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.219.167.130"; classtype:trojan-activity; sid:37732191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 61.39.99.74 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.39.99.74"; classtype:trojan-activity; sid:37732201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 210.68.203.240 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.68.203.240"; classtype:trojan-activity; sid:37737771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 70.95.68.137 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 70.95.68.137"; classtype:trojan-activity; sid:37732211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 41.86.21.13 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.86.21.13"; classtype:trojan-activity; sid:37732221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 47.245.4.154 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.245.4.154"; classtype:trojan-activity; sid:37737781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 59.99.32.125 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.99.32.125"; classtype:trojan-activity; sid:37732231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.153.14.24 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.14.24"; classtype:trojan-activity; sid:37737791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 118.163.247.235 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.163.247.235"; classtype:trojan-activity; sid:37725751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 191.246.113.106 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.246.113.106"; classtype:trojan-activity; sid:37732241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 202.154.55.70 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.154.55.70"; classtype:trojan-activity; sid:37732251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 223.83.154.212 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.83.154.212"; classtype:trojan-activity; sid:37732261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 70.77.5.174 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 70.77.5.174"; classtype:trojan-activity; sid:37737801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 156.232.6.238 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.232.6.238"; classtype:trojan-activity; sid:37737811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 49.70.117.68 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.70.117.68"; classtype:trojan-activity; sid:37732271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 185.190.42.113 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.190.42.113"; classtype:trojan-activity; sid:37732281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 162.243.147.18 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.147.18"; classtype:trojan-activity; sid:37737821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 103.44.61.94 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.44.61.94"; classtype:trojan-activity; sid:37737831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 121.25.172.168 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.25.172.168"; classtype:trojan-activity; sid:37732291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 220.203.12.53 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.203.12.53"; classtype:trojan-activity; sid:37737841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 24.197.202.219 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.197.202.219"; classtype:trojan-activity; sid:37732301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 111.231.165.19 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.165.19"; classtype:trojan-activity; sid:37725761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 164.163.25.146 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.163.25.146"; classtype:trojan-activity; sid:37732311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.75.254.159 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.254.159"; classtype:trojan-activity; sid:37725771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 74.235.128.225 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.235.128.225"; classtype:trojan-activity; sid:37725781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 189.0.54.52 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.0.54.52"; classtype:trojan-activity; sid:37732321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 152.32.226.155 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.226.155"; classtype:trojan-activity; sid:37739871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 91.92.191.64 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.191.64"; classtype:trojan-activity; sid:37732331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 49.74.112.181 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.74.112.181"; classtype:trojan-activity; sid:37732341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 218.211.33.133 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.211.33.133"; classtype:trojan-activity; sid:37737851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 184.105.247.252 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.105.247.252"; classtype:trojan-activity; sid:37725791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 88.248.102.172 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.248.102.172"; classtype:trojan-activity; sid:37732351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.163.222.85 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.222.85"; classtype:trojan-activity; sid:37737861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 176.118.122.173 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.118.122.173"; classtype:trojan-activity; sid:37732361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 36.49.58.164 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.49.58.164"; classtype:trojan-activity; sid:37732371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 70.169.34.186 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 70.169.34.186"; classtype:trojan-activity; sid:37732381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 49.88.218.94 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.88.218.94"; classtype:trojan-activity; sid:37732391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 61.219.51.200 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.219.51.200"; classtype:trojan-activity; sid:37732401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 39.59.66.157 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.59.66.157"; classtype:trojan-activity; sid:37732411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 39.126.168.24 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.126.168.24"; classtype:trojan-activity; sid:37732421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.195.177.32 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.195.177.32"; classtype:trojan-activity; sid:37732431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 150.95.81.235 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.81.235"; classtype:trojan-activity; sid:37737871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 178.22.122.66 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.22.122.66"; classtype:trojan-activity; sid:37737881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 1.197.78.123 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.197.78.123"; classtype:trojan-activity; sid:37737891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.136.84.236 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.84.236"; classtype:trojan-activity; sid:37737901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 142.202.188.236 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.202.188.236"; classtype:trojan-activity; sid:37726601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 117.160.164.144 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.160.164.144"; classtype:trojan-activity; sid:37732441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 172.245.45.139 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.245.45.139"; classtype:trojan-activity; sid:37737911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.204 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.204"; classtype:trojan-activity; sid:37725801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 43.163.246.85 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.246.85"; classtype:trojan-activity; sid:37737921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 74.94.32.45 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.94.32.45"; classtype:trojan-activity; sid:37725811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 182.127.178.85 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.127.178.85"; classtype:trojan-activity; sid:37732451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 150.223.35.239 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.223.35.239"; classtype:trojan-activity; sid:37725821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 47.105.93.195 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.105.93.195"; classtype:trojan-activity; sid:37737931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 61.62.192.232 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.62.192.232"; classtype:trojan-activity; sid:37732461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 101.126.69.75 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.69.75"; classtype:trojan-activity; sid:37737941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 124.89.86.203 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.89.86.203"; classtype:trojan-activity; sid:37732471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 36.138.114.20 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.138.114.20"; classtype:trojan-activity; sid:37737951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 188.132.178.56 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.132.178.56"; classtype:trojan-activity; sid:37737961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 171.38.246.77 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.38.246.77"; classtype:trojan-activity; sid:37732481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 205.210.31.142 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.142"; classtype:trojan-activity; sid:37737971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 102.222.7.241 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.222.7.241"; classtype:trojan-activity; sid:37732491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 47.243.98.33 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.243.98.33"; classtype:trojan-activity; sid:37739881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 219.140.205.167 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.140.205.167"; classtype:trojan-activity; sid:37732501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 49.7.216.83 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.7.216.83"; classtype:trojan-activity; sid:37739891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 106.58.118.128 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.118.128"; classtype:trojan-activity; sid:37732511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 118.33.167.186 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.33.167.186"; classtype:trojan-activity; sid:37737981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 219.80.213.32 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.80.213.32"; classtype:trojan-activity; sid:37732521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.131.235.43 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.235.43"; classtype:trojan-activity; sid:37737991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 124.235.114.21 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.235.114.21"; classtype:trojan-activity; sid:37732531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 60.191.59.10 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.191.59.10"; classtype:trojan-activity; sid:37738001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 45.232.244.5 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.232.244.5"; classtype:trojan-activity; sid:37738011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 77.91.78.137 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.91.78.137"; classtype:trojan-activity; sid:37726611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 36.93.130.162 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.130.162"; classtype:trojan-activity; sid:37732541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 149.76.196.41 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.76.196.41"; classtype:trojan-activity; sid:37732551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.138.162.136 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.162.136"; classtype:trojan-activity; sid:37738021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 47.98.152.1 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.98.152.1"; classtype:trojan-activity; sid:37738031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 87.236.176.77 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.77"; classtype:trojan-activity; sid:37739901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 106.58.184.58 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.184.58"; classtype:trojan-activity; sid:37725831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 172.81.60.81 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.60.81"; classtype:trojan-activity; sid:37726621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 175.9.133.113 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.9.133.113"; classtype:trojan-activity; sid:37732561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 104.11.151.233 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.11.151.233"; classtype:trojan-activity; sid:37732571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.153.180.160 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.180.160"; classtype:trojan-activity; sid:37738041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 59.151.245.73 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.151.245.73"; classtype:trojan-activity; sid:37732581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 95.69.162.229 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.69.162.229"; classtype:trojan-activity; sid:37732591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 199.115.228.186 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 199.115.228.186"; classtype:trojan-activity; sid:37738051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 162.243.151.35 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.151.35"; classtype:trojan-activity; sid:37725841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 43.128.107.195 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.107.195"; classtype:trojan-activity; sid:37738061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 180.109.252.41 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.109.252.41"; classtype:trojan-activity; sid:37738071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 75.248.175.24 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.248.175.24"; classtype:trojan-activity; sid:37732601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.163.195.237 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.195.237"; classtype:trojan-activity; sid:37738081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 134.209.144.194 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.144.194"; classtype:trojan-activity; sid:37738091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 123.173.90.13 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.173.90.13"; classtype:trojan-activity; sid:37732611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.31.13.125 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.31.13.125"; classtype:trojan-activity; sid:37732621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 47.96.179.172 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.96.179.172"; classtype:trojan-activity; sid:37732631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 222.124.214.10 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.124.214.10"; classtype:trojan-activity; sid:37738101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.58.166.180 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.166.180"; classtype:trojan-activity; sid:37725851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 87.236.176.4 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.4"; classtype:trojan-activity; sid:37725861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 101.43.174.224 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.174.224"; classtype:trojan-activity; sid:37725871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 1.12.220.34 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.220.34"; classtype:trojan-activity; sid:37738111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 220.125.240.69 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.125.240.69"; classtype:trojan-activity; sid:37738121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 14.194.142.238 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.194.142.238"; classtype:trojan-activity; sid:37738131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.54.23.127 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.23.127"; classtype:trojan-activity; sid:37738141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 49.143.54.188 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.143.54.188"; classtype:trojan-activity; sid:37732641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 23.95.215.233 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.95.215.233"; classtype:trojan-activity; sid:37738151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 110.0.242.193 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.0.242.193"; classtype:trojan-activity; sid:37732651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.56.179.20 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.56.179.20"; classtype:trojan-activity; sid:37732661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.68.195.88 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.68.195.88"; classtype:trojan-activity; sid:37738161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 179.87.229.175 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.87.229.175"; classtype:trojan-activity; sid:37738171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 142.202.189.44 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.202.189.44"; classtype:trojan-activity; sid:37726631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 218.7.208.244 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.7.208.244"; classtype:trojan-activity; sid:37732671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 115.236.21.242 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.236.21.242"; classtype:trojan-activity; sid:37732681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 46.181.148.211 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.181.148.211"; classtype:trojan-activity; sid:37732691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 205.210.31.41 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.41"; classtype:trojan-activity; sid:37738181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 88.33.47.94 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.33.47.94"; classtype:trojan-activity; sid:37732701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.128.56.230 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.56.230"; classtype:trojan-activity; sid:37738191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 180.101.143.30 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.143.30"; classtype:trojan-activity; sid:37738201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 185.247.224.176 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.247.224.176"; classtype:trojan-activity; sid:37738211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 112.103.129.174 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.129.174"; classtype:trojan-activity; sid:37732711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.153.112.89 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.112.89"; classtype:trojan-activity; sid:37738221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 185.106.94.117 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.106.94.117"; classtype:trojan-activity; sid:37725881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 221.150.254.25 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.150.254.25"; classtype:trojan-activity; sid:37732721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.153.59.109 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.59.109"; classtype:trojan-activity; sid:37738231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 47.236.12.48 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.12.48"; classtype:trojan-activity; sid:37738241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 119.178.56.164 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.178.56.164"; classtype:trojan-activity; sid:37732731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 129.226.215.132 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.215.132"; classtype:trojan-activity; sid:37738251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 171.38.217.227 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.38.217.227"; classtype:trojan-activity; sid:37732741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.60.40.15 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.60.40.15"; classtype:trojan-activity; sid:37732751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 188.166.160.119 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.160.119"; classtype:trojan-activity; sid:37738261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 112.165.212.156 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.165.212.156"; classtype:trojan-activity; sid:37738271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 154.85.44.227 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.85.44.227"; classtype:trojan-activity; sid:37725901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 91.108.149.65 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.108.149.65"; classtype:trojan-activity; sid:37732761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 47.206.8.85 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.206.8.85"; classtype:trojan-activity; sid:37732771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 221.225.122.193 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.225.122.193"; classtype:trojan-activity; sid:37732781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 171.118.189.205 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.118.189.205"; classtype:trojan-activity; sid:37732791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.144.173.46 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.144.173.46"; classtype:trojan-activity; sid:37732801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 120.24.49.77 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.24.49.77"; classtype:trojan-activity; sid:37738281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 142.129.95.115 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.129.95.115"; classtype:trojan-activity; sid:37732811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 61.112.162.71 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.112.162.71"; classtype:trojan-activity; sid:37732821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 117.81.95.114 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.81.95.114"; classtype:trojan-activity; sid:37732831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 216.131.86.161 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.131.86.161"; classtype:trojan-activity; sid:37725911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 121.11.103.144 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.11.103.144"; classtype:trojan-activity; sid:37738291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 81.19.135.147 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.19.135.147"; classtype:trojan-activity; sid:37725921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 121.234.229.40 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.234.229.40"; classtype:trojan-activity; sid:37732841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 116.62.242.184 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.62.242.184"; classtype:trojan-activity; sid:37726641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 223.151.75.195 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.151.75.195"; classtype:trojan-activity; sid:37732851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 122.51.220.87 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.220.87"; classtype:trojan-activity; sid:37738301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 199.45.155.18 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 199.45.155.18"; classtype:trojan-activity; sid:37725931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 110.181.237.192 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.181.237.192"; classtype:trojan-activity; sid:37732861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 123.168.180.190 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.168.180.190"; classtype:trojan-activity; sid:37732871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 113.219.62.50 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.219.62.50"; classtype:trojan-activity; sid:37732881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.254.1.79 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.254.1.79"; classtype:trojan-activity; sid:37726651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 157.230.210.220 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.210.220"; classtype:trojan-activity; sid:37726661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 124.234.185.243 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.234.185.243"; classtype:trojan-activity; sid:37732891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 112.102.169.53 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.169.53"; classtype:trojan-activity; sid:37732901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 177.86.70.198 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.86.70.198"; classtype:trojan-activity; sid:37732911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 65.49.1.38 any -> $HOME_NET any (msg: "MISP e26955 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.49.1.38"; classtype:trojan-activity; sid:37739911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26955;) alert ip 78.36.245.96 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.36.245.96"; classtype:trojan-activity; sid:37732921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 5.239.241.247 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.239.241.247"; classtype:trojan-activity; sid:37732931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 137.184.255.52 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.255.52"; classtype:trojan-activity; sid:37738311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 220.92.14.245 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.92.14.245"; classtype:trojan-activity; sid:37738321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 222.246.126.36 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.126.36"; classtype:trojan-activity; sid:37732941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 14.18.41.26 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.18.41.26"; classtype:trojan-activity; sid:37725941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 162.243.134.9 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.134.9"; classtype:trojan-activity; sid:37725951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 128.199.95.60 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.95.60"; classtype:trojan-activity; sid:37738331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 128.14.173.90 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.14.173.90"; classtype:trojan-activity; sid:37738341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 161.35.50.225 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.50.225"; classtype:trojan-activity; sid:37738351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 5.11.145.151 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.11.145.151"; classtype:trojan-activity; sid:37738361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 117.214.76.68 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.76.68"; classtype:trojan-activity; sid:37732951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 82.157.136.201 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.136.201"; classtype:trojan-activity; sid:37738371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 118.145.151.149 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.145.151.149"; classtype:trojan-activity; sid:37738381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 139.59.30.174 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.30.174"; classtype:trojan-activity; sid:37738391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 172.173.138.110 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.173.138.110"; classtype:trojan-activity; sid:37738401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 45.125.66.23 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.125.66.23"; classtype:trojan-activity; sid:37725961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 195.97.20.99 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.97.20.99"; classtype:trojan-activity; sid:37725971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 42.242.90.153 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.242.90.153"; classtype:trojan-activity; sid:37732961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.110.219.63 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.110.219.63"; classtype:trojan-activity; sid:37732971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 61.46.16.96 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.46.16.96"; classtype:trojan-activity; sid:37732981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 115.96.31.90 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.96.31.90"; classtype:trojan-activity; sid:37732991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 36.139.182.150 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.139.182.150"; classtype:trojan-activity; sid:37738411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 203.192.91.41 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.192.91.41"; classtype:trojan-activity; sid:37738421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 80.66.76.126 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.76.126"; classtype:trojan-activity; sid:37726671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 107.180.73.148 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.180.73.148"; classtype:trojan-activity; sid:37738431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 36.48.18.175 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.48.18.175"; classtype:trojan-activity; sid:37733001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 125.26.159.214 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.159.214"; classtype:trojan-activity; sid:37733011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.156.134.43 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.134.43"; classtype:trojan-activity; sid:37738441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 116.75.130.97 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.75.130.97"; classtype:trojan-activity; sid:37733021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 202.169.113.185 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.169.113.185"; classtype:trojan-activity; sid:37733031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 179.176.210.46 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.176.210.46"; classtype:trojan-activity; sid:37738451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 139.162.167.169 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.162.167.169"; classtype:trojan-activity; sid:37726681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 182.53.71.134 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.71.134"; classtype:trojan-activity; sid:37733041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 222.141.89.188 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.141.89.188"; classtype:trojan-activity; sid:37733051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 20.123.24.81 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.123.24.81"; classtype:trojan-activity; sid:37738461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 49.235.95.116 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.95.116"; classtype:trojan-activity; sid:37738471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 59.91.226.89 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.91.226.89"; classtype:trojan-activity; sid:37733061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 119.255.245.44 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.255.245.44"; classtype:trojan-activity; sid:37738481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 64.112.41.232 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.112.41.232"; classtype:trojan-activity; sid:37738491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 114.226.169.100 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.226.169.100"; classtype:trojan-activity; sid:37733071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.134.29.242 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.29.242"; classtype:trojan-activity; sid:37738501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 5.195.105.98 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.195.105.98"; classtype:trojan-activity; sid:37738511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 42.55.7.212 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.55.7.212"; classtype:trojan-activity; sid:37733081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 95.156.72.34 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.156.72.34"; classtype:trojan-activity; sid:37738521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 172.81.62.202 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.202"; classtype:trojan-activity; sid:37726691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 185.150.26.240 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.150.26.240"; classtype:trojan-activity; sid:37738531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 68.44.118.28 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.44.118.28"; classtype:trojan-activity; sid:37733091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 139.198.38.106 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.198.38.106"; classtype:trojan-activity; sid:37738541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 200.90.0.10 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.90.0.10"; classtype:trojan-activity; sid:37738551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 125.118.99.73 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.118.99.73"; classtype:trojan-activity; sid:37738561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 222.230.102.236 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.230.102.236"; classtype:trojan-activity; sid:37733101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 61.115.180.68 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.115.180.68"; classtype:trojan-activity; sid:37733111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 104.131.128.19 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.128.19"; classtype:trojan-activity; sid:37726701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 91.233.183.168 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.233.183.168"; classtype:trojan-activity; sid:37733121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 116.55.180.35 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.55.180.35"; classtype:trojan-activity; sid:37733131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 185.91.127.235 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.91.127.235"; classtype:trojan-activity; sid:37733141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 150.223.46.21 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.223.46.21"; classtype:trojan-activity; sid:37725981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 178.72.69.122 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.72.69.122"; classtype:trojan-activity; sid:37733151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 83.12.55.134 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.12.55.134"; classtype:trojan-activity; sid:37733161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 198.235.24.104 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.104"; classtype:trojan-activity; sid:37725991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 180.107.140.175 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.107.140.175"; classtype:trojan-activity; sid:37738571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 97.130.199.189 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 97.130.199.189"; classtype:trojan-activity; sid:37733171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 191.14.11.64 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.14.11.64"; classtype:trojan-activity; sid:37733181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 218.73.51.137 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.73.51.137"; classtype:trojan-activity; sid:37733191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 112.103.94.213 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.94.213"; classtype:trojan-activity; sid:37733201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.34.148.238 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.34.148.238"; classtype:trojan-activity; sid:37733211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 111.229.180.133 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.180.133"; classtype:trojan-activity; sid:37738581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 24.199.115.168 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.199.115.168"; classtype:trojan-activity; sid:37738591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 106.225.199.24 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.225.199.24"; classtype:trojan-activity; sid:37726001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 125.74.116.189 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.74.116.189"; classtype:trojan-activity; sid:37733221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 60.20.93.160 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.20.93.160"; classtype:trojan-activity; sid:37733231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 47.99.80.86 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.99.80.86"; classtype:trojan-activity; sid:37738601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.155.163.177 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.163.177"; classtype:trojan-activity; sid:37738611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 120.48.64.183 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.64.183"; classtype:trojan-activity; sid:37738621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 43.128.88.58 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.88.58"; classtype:trojan-activity; sid:37738631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 118.89.60.27 any -> $HOME_NET any (msg: "MISP e26940 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.60.27"; classtype:trojan-activity; sid:37726011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26940;) alert ip 212.27.30.5 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.27.30.5"; classtype:trojan-activity; sid:37733241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.143.228.122 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.228.122"; classtype:trojan-activity; sid:37738641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 113.221.16.60 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.221.16.60"; classtype:trojan-activity; sid:37733251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 205.210.31.23 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.23"; classtype:trojan-activity; sid:37738651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 171.41.128.106 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.41.128.106"; classtype:trojan-activity; sid:37733261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.58.133.123 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.133.123"; classtype:trojan-activity; sid:37733271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 43.154.35.81 any -> $HOME_NET any (msg: "MISP e26952 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.35.81"; classtype:trojan-activity; sid:37738661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26952;) alert ip 94.190.78.46 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.190.78.46"; classtype:trojan-activity; sid:37733281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 81.232.105.162 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.232.105.162"; classtype:trojan-activity; sid:37733291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 121.147.105.207 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.147.105.207"; classtype:trojan-activity; sid:37733301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 106.41.109.33 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.109.33"; classtype:trojan-activity; sid:37733311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 125.229.193.29 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.229.193.29"; classtype:trojan-activity; sid:37733321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 124.89.86.132 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.89.86.132"; classtype:trojan-activity; sid:37733331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 175.9.246.252 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.9.246.252"; classtype:trojan-activity; sid:37733341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 172.81.62.197 any -> $HOME_NET any (msg: "MISP e26942 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.197"; classtype:trojan-activity; sid:37726711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26942;) alert ip 193.35.18.127 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.35.18.127"; classtype:trojan-activity; sid:37733351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 122.96.31.85 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.96.31.85"; classtype:trojan-activity; sid:37733361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 111.177.98.7 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.177.98.7"; classtype:trojan-activity; sid:37733371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 182.241.136.209 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.241.136.209"; classtype:trojan-activity; sid:37733381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 61.220.216.219 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.220.216.219"; classtype:trojan-activity; sid:37733391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 153.164.185.138 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.164.185.138"; classtype:trojan-activity; sid:37733401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 220.134.75.205 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.134.75.205"; classtype:trojan-activity; sid:37733411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 122.96.31.92 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.96.31.92"; classtype:trojan-activity; sid:37733421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 201.26.194.110 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.26.194.110"; classtype:trojan-activity; sid:37733431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert ip 180.32.50.181 any -> $HOME_NET any (msg: "MISP e26948 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.32.50.181"; classtype:trojan-activity; sid:37733441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26948;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [dcrat] Outgoing URL http|3a|//825947295cm.whiteproducts.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"825947295cm.whiteproducts.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37619231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 147.185.221.18 43389 (msg: "MISP e26903 [njrat] Outgoing To IP: 147.185.221.18|43389"; classtype:trojan-activity; sid:37619241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//825947295cm.whiteproducts.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"825947295cm.whiteproducts.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 147.185.221.18 43389 (msg: "MISP e26866 [] Outgoing To IP: 147.185.221.18|43389"; classtype:trojan-activity; sid:37853031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 111.92.243.236 8443 (msg: "MISP e26903 [CobaltStrike,cs-watermark-666666666,HFTCL-AS-AP High Family Technology Co. Limited] Outgoing URL http|3a|//111.92.243.236|3a|8443/claim/servlets-examples/i2i52xqkqqzf"; flow:to_server,established; http.header; content:"111.92.243.236"; fast_pattern; nocase; http.uri; content:"/claim/servlets-examples/i2i52xqkqqzf"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37619251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 47.92.99.156 443 (msg: "MISP e26903 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938] Outgoing To IP: 47.92.99.156|443"; classtype:trojan-activity; sid:37619271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 84.32.188.104 81 (msg: "MISP e26903 [CHERRYSERVERS2-AS,CobaltStrike,cs-watermark-100000] Outgoing URL http|3a|//84.32.188.104|3a|81/checkin"; flow:to_server,established; http.header; content:"84.32.188.104"; fast_pattern; nocase; http.uri; content:"/checkin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37619281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert http $HOME_NET any -> 84.32.188.104 81 (msg: "MISP e26866 [] Outgoing URL http|3a|//84.32.188.104|3a|81/checkin"; flow:to_server,established; http.header; content:"84.32.188.104"; fast_pattern; nocase; http.uri; content:"/checkin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> 111.92.243.236 8443 (msg: "MISP e26866 [] Outgoing URL http|3a|//111.92.243.236|3a|8443/claim/servlets-examples/I2I52XQKQQZF"; flow:to_server,established; http.header; content:"111.92.243.236"; fast_pattern; nocase; http.uri; content:"/claim/servlets-examples/I2I52XQKQQZF"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 47.92.99.156 443 (msg: "MISP e26866 [] Outgoing To IP: 47.92.99.156|443"; classtype:trojan-activity; sid:37853071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26903 [dcrat] Outgoing URL http|3a|//cs52256.tw1.ru/cce379fc.php"; flow:to_server,established; http.header; content:"cs52256.tw1.ru"; fast_pattern; nocase; http.uri; content:"/cce379fc.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37619291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 18.220.135.251 3081 (msg: "MISP e27038 [diamond-model:Infrastructure,kill-chain:Command and Control] Outgoing To IP: 18.220.135.251|3081"; classtype:trojan-activity; sid:37768971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27038;) alert dns any any -> any any (msg: "MISP e27038 [diamond-model:Infrastructure,kill-chain:Command and Control] Hostname ellokodell00.hopto.org"; dns.query; content:"ellokodell00.hopto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellokodell00\.hopto\.org$/i"; classtype:trojan-activity; sid:37768961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27038;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27038 [diamond-model:Infrastructure,kill-chain:Command and Control] Outgoing HTTP Hostname ellokodell00.hopto.org"; flow:to_server,established; http.header; content: "Host|3a| ellokodell00.hopto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ellokodell00\.hopto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37768962; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27038;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26866 [] Outgoing URL http|3a|//cs52256.tw1.ru/cce379fc.php"; flow:to_server,established; http.header; content:"cs52256.tw1.ru"; fast_pattern; nocase; http.uri; content:"/cce379fc.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37853081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26866;) alert ip $HOME_NET any -> 34.86.252.187 1177 (msg: "MISP e26903 [njrat] Outgoing To IP: 34.86.252.187|1177"; classtype:trojan-activity; sid:37619311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 182.18.90.146 34444 (msg: "MISP e26903 [Meterpreter] Outgoing To IP: 182.18.90.146|34444"; classtype:trojan-activity; sid:37619321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/26903;) alert ip $HOME_NET any -> 34.86.252.187 1177 (msg: "MISP e27166 [] Outgoing To IP: 34.86.252.187|1177"; classtype:trojan-activity; sid:37844591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 182.18.90.146 34444 (msg: "MISP e27166 [] Outgoing To IP: 182.18.90.146|34444"; classtype:trojan-activity; sid:37844601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.133.40.68 7108 (msg: "MISP e27177 [RedLineStealer] Outgoing To IP: 185.133.40.68|7108"; classtype:trojan-activity; sid:37864321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.133.40.68 7108 (msg: "MISP e27166 [] Outgoing To IP: 185.133.40.68|7108"; classtype:trojan-activity; sid:37844611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 103.108.41.243 443 (msg: "MISP e27177 [c2,cobalt_strike] Outgoing To IP: 103.108.41.243|443"; classtype:trojan-activity; sid:37864331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 66.225.254.138 7707 (msg: "MISP e27177 [asyncrat,RAT] Outgoing To IP: 66.225.254.138|7707"; classtype:trojan-activity; sid:37864341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 18.192.93.86 15443 (msg: "MISP e27177 [c2,darkcomet] Outgoing To IP: 18.192.93.86|15443"; classtype:trojan-activity; sid:37864351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 187.135.142.198 1962 (msg: "MISP e27177 [c2,darkcomet] Outgoing To IP: 187.135.142.198|1962"; classtype:trojan-activity; sid:37864361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 187.135.142.198 2087 (msg: "MISP e27177 [c2,darkcomet] Outgoing To IP: 187.135.142.198|2087"; classtype:trojan-activity; sid:37864371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 187.135.94.233 2003 (msg: "MISP e27177 [c2,darkcomet] Outgoing To IP: 187.135.94.233|2003"; classtype:trojan-activity; sid:37864381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 187.135.94.233 2080 (msg: "MISP e27177 [c2,darkcomet] Outgoing To IP: 187.135.94.233|2080"; classtype:trojan-activity; sid:37864391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 187.135.94.233 2095 (msg: "MISP e27177 [c2,darkcomet] Outgoing To IP: 187.135.94.233|2095"; classtype:trojan-activity; sid:37864401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 187.135.94.233 2000 (msg: "MISP e27177 [c2,darkcomet] Outgoing To IP: 187.135.94.233|2000"; classtype:trojan-activity; sid:37864411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 124.223.200.131 10010 (msg: "MISP e27177 [c2,cobalt_strike] Outgoing To IP: 124.223.200.131|10010"; classtype:trojan-activity; sid:37864421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 107.172.5.67 50050 (msg: "MISP e27177 [c2,cobalt_strike] Outgoing To IP: 107.172.5.67|50050"; classtype:trojan-activity; sid:37864431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 120.46.69.230 65500 (msg: "MISP e27177 [c2,cobalt_strike] Outgoing To IP: 120.46.69.230|65500"; classtype:trojan-activity; sid:37864441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 124.70.208.179 50050 (msg: "MISP e27177 [c2,cobalt_strike] Outgoing To IP: 124.70.208.179|50050"; classtype:trojan-activity; sid:37864451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 124.70.208.179 50050 (msg: "MISP e27166 [] Outgoing To IP: 124.70.208.179|50050"; classtype:trojan-activity; sid:37844621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 120.46.69.230 65500 (msg: "MISP e27166 [] Outgoing To IP: 120.46.69.230|65500"; classtype:trojan-activity; sid:37844631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 107.172.5.67 50050 (msg: "MISP e27166 [] Outgoing To IP: 107.172.5.67|50050"; classtype:trojan-activity; sid:37844641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 124.223.200.131 10010 (msg: "MISP e27166 [] Outgoing To IP: 124.223.200.131|10010"; classtype:trojan-activity; sid:37844651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 187.135.94.233 2000 (msg: "MISP e27166 [] Outgoing To IP: 187.135.94.233|2000"; classtype:trojan-activity; sid:37844661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 187.135.94.233 2095 (msg: "MISP e27166 [] Outgoing To IP: 187.135.94.233|2095"; classtype:trojan-activity; sid:37844671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 187.135.94.233 2080 (msg: "MISP e27166 [] Outgoing To IP: 187.135.94.233|2080"; classtype:trojan-activity; sid:37844681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 187.135.94.233 2003 (msg: "MISP e27166 [] Outgoing To IP: 187.135.94.233|2003"; classtype:trojan-activity; sid:37844691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 187.135.142.198 2087 (msg: "MISP e27166 [] Outgoing To IP: 187.135.142.198|2087"; classtype:trojan-activity; sid:37844701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 187.135.142.198 1962 (msg: "MISP e27166 [] Outgoing To IP: 187.135.142.198|1962"; classtype:trojan-activity; sid:37844711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 66.225.254.138 7707 (msg: "MISP e27166 [] Outgoing To IP: 66.225.254.138|7707"; classtype:trojan-activity; sid:37844721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 18.192.93.86 15443 (msg: "MISP e27166 [] Outgoing To IP: 18.192.93.86|15443"; classtype:trojan-activity; sid:37844731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 103.108.41.243 443 (msg: "MISP e27166 [] Outgoing To IP: 103.108.41.243|443"; classtype:trojan-activity; sid:37844741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26904 [] Outgoing URL http|3a|//dev-romjansiam.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-romjansiam.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37619331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26904;) alert dns any any -> any any (msg: "MISP e26904 [] Domain discountdays.ru"; dns.query; content:"discountdays.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])discountdays\.ru$/i"; classtype:trojan-activity; sid:37619361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26904;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26904 [] Outgoing HTTP Domain discountdays.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"discountdays.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])discountdays\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37619362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26904;) alert dns any any -> any any (msg: "MISP e26905 [] Domain mi-tarjetacencosud-cl.therabuana.com"; dns.query; content:"mi-tarjetacencosud-cl.therabuana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.therabuana\.com$/i"; classtype:trojan-activity; sid:37619451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26905;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26905 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.therabuana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.therabuana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.therabuana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37619452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26905;) alert dns any any -> any any (msg: "MISP e26906 [] Domain hibudy.com"; dns.query; content:"hibudy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hibudy\.com$/i"; classtype:trojan-activity; sid:37619541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26906;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26906 [] Outgoing HTTP Domain hibudy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hibudy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hibudy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37619542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26906;) alert dns any any -> any any (msg: "MISP e26907 [] Domain hibudy.com"; dns.query; content:"hibudy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hibudy\.com$/i"; classtype:trojan-activity; sid:37619631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26907;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26907 [] Outgoing HTTP Domain hibudy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hibudy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hibudy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37619632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26907;) alert ip $HOME_NET any -> 131.186.22.89 443 (msg: "MISP e27177 [Deimos,ORACLE-BMC-31898] Outgoing To IP: 131.186.22.89|443"; classtype:trojan-activity; sid:37864471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 94.103.87.88 1433 (msg: "MISP e27177 [Bianlian Go Trojan,VDSINA-AS] Outgoing To IP: 94.103.87.88|1433"; classtype:trojan-activity; sid:37864481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 164.92.243.255 42691 (msg: "MISP e27177 [Bianlian Go Trojan,DIGITALOCEAN-ASN] Outgoing To IP: 164.92.243.255|42691"; classtype:trojan-activity; sid:37864491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 93.185.167.79 443 (msg: "MISP e27177 [ALEXHOST,Havoc] Outgoing To IP: 93.185.167.79|443"; classtype:trojan-activity; sid:37864501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 103.139.93.20 80 (msg: "MISP e27177 [ANCHGLOBAL-AS-AP Anchnet Asia Limited,Havoc] Outgoing To IP: 103.139.93.20|80"; classtype:trojan-activity; sid:37864511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27268 [kill-chain:Delivery,kill-chain:Command and Control] Hostname f176-or-exit.jackanders.me"; dns.query; content:"f176-or-exit.jackanders.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f176\-or\-exit\.jackanders\.me$/i"; classtype:trojan-activity; sid:37900871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27268;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27268 [kill-chain:Delivery,kill-chain:Command and Control] Outgoing HTTP Hostname f176-or-exit.jackanders.me"; flow:to_server,established; http.header; content: "Host|3a| f176-or-exit.jackanders.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f176\-or\-exit\.jackanders\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37900872; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27268;) alert ip $HOME_NET any -> 161.35.79.43 443 (msg: "MISP e27177 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 161.35.79.43|443"; classtype:trojan-activity; sid:37864521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.17.105.152 443 (msg: "MISP e27177 [QakBot,WIGATE-AS] Outgoing To IP: 185.17.105.152|443"; classtype:trojan-activity; sid:37864531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 201.124.231.216 995 (msg: "MISP e27177 [QakBot,UNINET] Outgoing To IP: 201.124.231.216|995"; classtype:trojan-activity; sid:37864541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 20.197.231.238 8848 (msg: "MISP e27177 [dcrat,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.197.231.238|8848"; classtype:trojan-activity; sid:37864551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 38.54.108.163 8888 (msg: "MISP e27177 [KAOPU-HK Kaopu Cloud HK Limited,Supershell] Outgoing To IP: 38.54.108.163|8888"; classtype:trojan-activity; sid:37864561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 123.253.108.241 8888 (msg: "MISP e27177 [EDGENAP,Supershell] Outgoing To IP: 123.253.108.241|8888"; classtype:trojan-activity; sid:37864571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 43.136.20.206 8888 (msg: "MISP e27177 [Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 43.136.20.206|8888"; classtype:trojan-activity; sid:37864581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 201.124.231.216 995 (msg: "MISP e27166 [] Outgoing To IP: 201.124.231.216|995"; classtype:trojan-activity; sid:37844751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.17.105.152 443 (msg: "MISP e27166 [] Outgoing To IP: 185.17.105.152|443"; classtype:trojan-activity; sid:37844761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 161.35.79.43 443 (msg: "MISP e27166 [] Outgoing To IP: 161.35.79.43|443"; classtype:trojan-activity; sid:37844771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 103.139.93.20 80 (msg: "MISP e27166 [] Outgoing To IP: 103.139.93.20|80"; classtype:trojan-activity; sid:37844781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 93.185.167.79 443 (msg: "MISP e27166 [] Outgoing To IP: 93.185.167.79|443"; classtype:trojan-activity; sid:37844791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 164.92.243.255 42691 (msg: "MISP e27166 [] Outgoing To IP: 164.92.243.255|42691"; classtype:trojan-activity; sid:37844801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 94.103.87.88 1433 (msg: "MISP e27166 [] Outgoing To IP: 94.103.87.88|1433"; classtype:trojan-activity; sid:37844811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 131.186.22.89 443 (msg: "MISP e27166 [] Outgoing To IP: 131.186.22.89|443"; classtype:trojan-activity; sid:37844821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 43.136.20.206 8888 (msg: "MISP e27166 [] Outgoing To IP: 43.136.20.206|8888"; classtype:trojan-activity; sid:37844831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 123.253.108.241 8888 (msg: "MISP e27166 [] Outgoing To IP: 123.253.108.241|8888"; classtype:trojan-activity; sid:37844841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 38.54.108.163 8888 (msg: "MISP e27166 [] Outgoing To IP: 38.54.108.163|8888"; classtype:trojan-activity; sid:37844851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 20.197.231.238 8848 (msg: "MISP e27166 [] Outgoing To IP: 20.197.231.238|8848"; classtype:trojan-activity; sid:37844861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27177 [dcrat] Outgoing URL http|3a|//767163cm.nyashsens.top/nyashsupport.php"; flow:to_server,established; http.header; content:"767163cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/nyashsupport.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37864591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27166 [] Outgoing URL http|3a|//767163cm.nyashsens.top/nyashsupport.php"; flow:to_server,established; http.header; content:"767163cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/nyashsupport.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37844871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27177 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Domain www.cdnyychanlun.com.w.kunlunpi.com"; dns.query; content:"www.cdnyychanlun.com.w.kunlunpi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cdnyychanlun\.com\.w\.kunlunpi\.com$/i"; classtype:trojan-activity; sid:37864611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing HTTP Domain www.cdnyychanlun.com.w.kunlunpi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.cdnyychanlun.com.w.kunlunpi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cdnyychanlun\.com\.w\.kunlunpi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37864612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27177 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Domain ss.wfpay.xyz.w.kunlunpi.com"; dns.query; content:"ss.wfpay.xyz.w.kunlunpi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ss\.wfpay\.xyz\.w\.kunlunpi\.com$/i"; classtype:trojan-activity; sid:37864631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing HTTP Domain ss.wfpay.xyz.w.kunlunpi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ss.wfpay.xyz.w.kunlunpi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ss\.wfpay\.xyz\.w\.kunlunpi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37864632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27177 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Domain sfzd.tianxuesong.com.w.kunlunpi.com"; dns.query; content:"sfzd.tianxuesong.com.w.kunlunpi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sfzd\.tianxuesong\.com\.w\.kunlunpi\.com$/i"; classtype:trojan-activity; sid:37864651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing HTTP Domain sfzd.tianxuesong.com.w.kunlunpi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sfzd.tianxuesong.com.w.kunlunpi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sfzd\.tianxuesong\.com\.w\.kunlunpi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37864652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27177 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Domain www.hotzhuan.com.w.kunlunpi.com"; dns.query; content:"www.hotzhuan.com.w.kunlunpi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hotzhuan\.com\.w\.kunlunpi\.com$/i"; classtype:trojan-activity; sid:37864671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing HTTP Domain www.hotzhuan.com.w.kunlunpi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.hotzhuan.com.w.kunlunpi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hotzhuan\.com\.w\.kunlunpi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37864672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 47.92.146.233 443 (msg: "MISP e27177 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing To IP: 47.92.146.233|443"; classtype:trojan-activity; sid:37864681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27166 [] Domain www.hotzhuan.com.w.kunlunpi.com"; dns.query; content:"www.hotzhuan.com.w.kunlunpi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hotzhuan\.com\.w\.kunlunpi\.com$/i"; classtype:trojan-activity; sid:37844881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain www.hotzhuan.com.w.kunlunpi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.hotzhuan.com.w.kunlunpi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hotzhuan\.com\.w\.kunlunpi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37844882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27166 [] Domain sfzd.tianxuesong.com.w.kunlunpi.com"; dns.query; content:"sfzd.tianxuesong.com.w.kunlunpi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sfzd\.tianxuesong\.com\.w\.kunlunpi\.com$/i"; classtype:trojan-activity; sid:37844911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain sfzd.tianxuesong.com.w.kunlunpi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sfzd.tianxuesong.com.w.kunlunpi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sfzd\.tianxuesong\.com\.w\.kunlunpi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37844912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27166 [] Domain ss.wfpay.xyz.w.kunlunpi.com"; dns.query; content:"ss.wfpay.xyz.w.kunlunpi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ss\.wfpay\.xyz\.w\.kunlunpi\.com$/i"; classtype:trojan-activity; sid:37844931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain ss.wfpay.xyz.w.kunlunpi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ss.wfpay.xyz.w.kunlunpi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ss\.wfpay\.xyz\.w\.kunlunpi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37844932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27166 [] Domain www.cdnyychanlun.com.w.kunlunpi.com"; dns.query; content:"www.cdnyychanlun.com.w.kunlunpi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cdnyychanlun\.com\.w\.kunlunpi\.com$/i"; classtype:trojan-activity; sid:37844941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain www.cdnyychanlun.com.w.kunlunpi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.cdnyychanlun.com.w.kunlunpi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cdnyychanlun\.com\.w\.kunlunpi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37844942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 47.92.146.233 443 (msg: "MISP e27166 [] Outgoing To IP: 47.92.146.233|443"; classtype:trojan-activity; sid:37844961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksschoenenwinkels.com"; dns.query; content:"clarksschoenenwinkels.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksschoenenwinkels\.com$/i"; classtype:trojan-activity; sid:38136411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksschoenenwinkels.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksschoenenwinkels.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksschoenenwinkels\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkleggings-schweiz.com"; dns.query; content:"gymsharkleggings-schweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggings\-schweiz\.com$/i"; classtype:trojan-activity; sid:38136421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkleggings-schweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkleggings-schweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkleggings\-schweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 195.16.74.230 80 (msg: "MISP e27177 [Socks5Systemz] Outgoing To IP: 195.16.74.230|80"; classtype:trojan-activity; sid:37864691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27273 [] Outgoing URL http|3a|//rabotadlyavseh2.ru/4624334243755347653457547635/"; flow:to_server,established; http.header; content:"rabotadlyavseh2.ru"; fast_pattern; nocase; http.uri; content:"/4624334243755347653457547635/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37901661; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27273;) alert ip $HOME_NET any -> 195.16.74.230 80 (msg: "MISP e27166 [] Outgoing To IP: 195.16.74.230|80"; classtype:trojan-activity; sid:37844971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 65.109.240.92 443 (msg: "MISP e27177 [Vidar] Outgoing To IP: 65.109.240.92|443"; classtype:trojan-activity; sid:37864711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 5.75.211.82 443 (msg: "MISP e27177 [Vidar] Outgoing To IP: 5.75.211.82|443"; classtype:trojan-activity; sid:37864721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e26908 [] Domain bancoestado-solicita.pages.dev"; dns.query; content:"bancoestado-solicita.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-solicita\.pages\.dev$/i"; classtype:trojan-activity; sid:37619711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26908;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26908 [] Outgoing HTTP Domain bancoestado-solicita.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancoestado-solicita.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-solicita\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37619712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26908;) alert ip $HOME_NET any -> 65.109.240.92 443 (msg: "MISP e27166 [] Outgoing To IP: 65.109.240.92|443"; classtype:trojan-activity; sid:37845001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 5.75.211.82 443 (msg: "MISP e27166 [] Outgoing To IP: 5.75.211.82|443"; classtype:trojan-activity; sid:37845011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27263 [] Source Email Address: relation.clients@credit-agricole-ca.fr"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"relation.clients@credit-agricole-ca.fr"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37890181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27263;) alert dns any any -> any any (msg: "MISP e27263 [] Domain etrg-e59c95.ingress-earth.ewp.live"; dns.query; content:"etrg-e59c95.ingress-earth.ewp.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])etrg\-e59c95\.ingress\-earth\.ewp\.live$/i"; classtype:trojan-activity; sid:37890241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27263;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27263 [] Outgoing HTTP Domain etrg-e59c95.ingress-earth.ewp.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"etrg-e59c95.ingress-earth.ewp.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])etrg\-e59c95\.ingress\-earth\.ewp\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37890242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27263;) alert dns any any -> any any (msg: "MISP e27276 [] Hostname futurist2.ddns.net"; dns.query; content:"futurist2.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])futurist2\.ddns\.net$/i"; classtype:trojan-activity; sid:37901841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27276;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27276 [] Outgoing HTTP Hostname futurist2.ddns.net"; flow:to_server,established; http.header; content: "Host|3a| futurist2.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])futurist2\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37901842; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27276;) alert ip $HOME_NET any -> 85.239.33.149 445 (msg: "MISP e27177 [Pikabot] Outgoing To IP: 85.239.33.149|445"; classtype:trojan-activity; sid:37864771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 91.92.252.146 8004 (msg: "MISP e27177 [infostealer,LokiBot,stealer] Outgoing To IP: 91.92.252.146|8004"; classtype:trojan-activity; sid:37864701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 155.94.208.137 445 (msg: "MISP e27177 [Pikabot] Outgoing To IP: 155.94.208.137|445"; classtype:trojan-activity; sid:37864761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> 43.129.239.195 8999 (msg: "MISP e27177 [CobaltStrike] Outgoing URL http|3a|//43.129.239.195|3a|8999/beacon.bin"; flow:to_server,established; http.header; content:"43.129.239.195"; fast_pattern; nocase; http.uri; content:"/beacon.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37864751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 20.218.68.91 7690 (msg: "MISP e27177 [infostealer,RedLine,stealer] Outgoing To IP: 20.218.68.91|7690"; classtype:trojan-activity; sid:37864461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27177 [infostealer,LokiBot,stealer] Domain blesblochem.com"; dns.query; content:"blesblochem.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])blesblochem\.com$/i"; classtype:trojan-activity; sid:37864311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [infostealer,LokiBot,stealer] Outgoing HTTP Domain blesblochem.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blesblochem.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blesblochem\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37864312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 34.174.78.212 80 (msg: "MISP e27177 [infostealer,LokiBot,stealer] Outgoing To IP: 34.174.78.212|80"; classtype:trojan-activity; sid:37864301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 67.203.7.148 2909 (msg: "MISP e27177 [infostealer,RedLine,stealer] Outgoing To IP: 67.203.7.148|2909"; classtype:trojan-activity; sid:37864291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 91.92.252.146 8004 (msg: "MISP e27166 [] Outgoing To IP: 91.92.252.146|8004"; classtype:trojan-activity; sid:37845021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 155.94.208.137 445 (msg: "MISP e27166 [] Outgoing To IP: 155.94.208.137|445"; classtype:trojan-activity; sid:37845031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 85.239.33.149 445 (msg: "MISP e27166 [] Outgoing To IP: 85.239.33.149|445"; classtype:trojan-activity; sid:37845041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27166 [] Domain blesblochem.com"; dns.query; content:"blesblochem.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])blesblochem\.com$/i"; classtype:trojan-activity; sid:37845121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain blesblochem.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blesblochem.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blesblochem\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37845122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> 43.129.239.195 8999 (msg: "MISP e27166 [] Outgoing URL http|3a|//43.129.239.195|3a|8999/beacon.bin"; flow:to_server,established; http.header; content:"43.129.239.195"; fast_pattern; nocase; http.uri; content:"/beacon.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37845131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 67.203.7.148 2909 (msg: "MISP e27166 [] Outgoing To IP: 67.203.7.148|2909"; classtype:trojan-activity; sid:37845141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 34.174.78.212 80 (msg: "MISP e27166 [] Outgoing To IP: 34.174.78.212|80"; classtype:trojan-activity; sid:37845151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 20.218.68.91 7690 (msg: "MISP e27166 [] Outgoing To IP: 20.218.68.91|7690"; classtype:trojan-activity; sid:37845161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 47.76.78.183 443 (msg: "MISP e27177 [Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-1234567890] Outgoing To IP: 47.76.78.183|443"; classtype:trojan-activity; sid:37864781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> 101.43.191.108 9998 (msg: "MISP e27177 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//101.43.191.108|3a|9998/visit.js"; flow:to_server,established; http.header; content:"101.43.191.108"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37864791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27177 [CobaltStrike,cs-watermark-461757853,DigitalOcean LLC] Domain 3gjanc04hk.execute-api.us-east-2.amazonaws.com"; dns.query; content:"3gjanc04hk.execute-api.us-east-2.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])3gjanc04hk\.execute\-api\.us\-east\-2\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37864811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [CobaltStrike,cs-watermark-461757853,DigitalOcean LLC] Outgoing HTTP Domain 3gjanc04hk.execute-api.us-east-2.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"3gjanc04hk.execute-api.us-east-2.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])3gjanc04hk\.execute\-api\.us\-east\-2\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37864812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27283 [] Domain lhv.wbits.ae"; dns.query; content:"lhv.wbits.ae"; nocase; pcre: "/(^|[^A-Za-z0-9-])lhv\.wbits\.ae$/i"; classtype:trojan-activity; sid:37904311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27283;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27283 [] Outgoing HTTP Domain lhv.wbits.ae"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lhv.wbits.ae"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lhv\.wbits\.ae[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37904312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27283;) alert http $HOME_NET any -> 47.99.182.25 8888 (msg: "MISP e27177 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-666666666] Outgoing URL http|3a|//47.99.182.25|3a|8888/mod/layout/fd6pr1n8lq5h"; flow:to_server,established; http.header; content:"47.99.182.25"; fast_pattern; nocase; http.uri; content:"/mod/layout/fd6pr1n8lq5h"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37864821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> 185.11.61.124 $HTTP_PORTS (msg: "MISP e27177 [CHANGWAY-AS,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//185.11.61.124/ku.css"; flow:to_server,established; http.header; content:"185.11.61.124"; fast_pattern; nocase; http.uri; content:"/ku.css"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37864831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.11.61.124 80 (msg: "MISP e27177 [CHANGWAY-AS,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 185.11.61.124|80"; classtype:trojan-activity; sid:37864841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> 185.11.61.124 $HTTP_PORTS (msg: "MISP e27166 [] Outgoing URL http|3a|//185.11.61.124/ku.css"; flow:to_server,established; http.header; content:"185.11.61.124"; fast_pattern; nocase; http.uri; content:"/ku.css"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37845181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> 47.99.182.25 8888 (msg: "MISP e27166 [] Outgoing URL http|3a|//47.99.182.25|3a|8888/mod/layout/FD6PR1N8LQ5H"; flow:to_server,established; http.header; content:"47.99.182.25"; fast_pattern; nocase; http.uri; content:"/mod/layout/FD6PR1N8LQ5H"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37845191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27166 [] Domain 3gjanc04hk.execute-api.us-east-2.amazonaws.com"; dns.query; content:"3gjanc04hk.execute-api.us-east-2.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])3gjanc04hk\.execute\-api\.us\-east\-2\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37845211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain 3gjanc04hk.execute-api.us-east-2.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"3gjanc04hk.execute-api.us-east-2.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])3gjanc04hk\.execute\-api\.us\-east\-2\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37845212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> 101.43.191.108 9998 (msg: "MISP e27166 [] Outgoing URL http|3a|//101.43.191.108|3a|9998/visit.js"; flow:to_server,established; http.header; content:"101.43.191.108"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37845221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.11.61.124 80 (msg: "MISP e27166 [] Outgoing To IP: 185.11.61.124|80"; classtype:trojan-activity; sid:37845231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 47.76.78.183 443 (msg: "MISP e27166 [] Outgoing To IP: 47.76.78.183|443"; classtype:trojan-activity; sid:37845241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bapeoutletireland.com"; dns.query; content:"bapeoutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletireland\.com$/i"; classtype:trojan-activity; sid:38136431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bapeoutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bapeoutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakerireland.com"; dns.query; content:"ted-bakerireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerireland\.com$/i"; classtype:trojan-activity; sid:38136441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakerireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakerireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> 79.124.40.106 81 (msg: "MISP e27177 [CobaltStrike,cs-watermark-987654321,Tamatiya EOOD] Outgoing URL http|3a|//79.124.40.106|3a|81/load"; flow:to_server,established; http.header; content:"79.124.40.106"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37864881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> 47.120.37.45 8081 (msg: "MISP e27177 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.120.37.45|3a|8081/visit.js"; flow:to_server,established; http.header; content:"47.120.37.45"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37864891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> 20.107.244.135 $HTTP_PORTS (msg: "MISP e27177 [CobaltStrike,cs-watermark-433086427,Microsoft Corporation] Outgoing URL http|3a|//20.107.244.135/visit.js"; flow:to_server,established; http.header; content:"20.107.244.135"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37864921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> 43.251.159.58 8637 (msg: "MISP e27177 [CobaltStrike,cs-watermark-305419896,IPTELECOM ASIA] Outgoing URL http|3a|//43.251.159.58|3a|8637/pixel.gif"; flow:to_server,established; http.header; content:"43.251.159.58"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37864931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27271 [] Domain lhv.orientintl.com.pk"; dns.query; content:"lhv.orientintl.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-])lhv\.orientintl\.com\.pk$/i"; classtype:trojan-activity; sid:37900971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27271;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27271 [] Outgoing HTTP Domain lhv.orientintl.com.pk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lhv.orientintl.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lhv\.orientintl\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37900972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27271;) alert http $HOME_NET any -> 47.120.37.45 8081 (msg: "MISP e27166 [] Outgoing URL http|3a|//47.120.37.45|3a|8081/visit.js"; flow:to_server,established; http.header; content:"47.120.37.45"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37845261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> 79.124.40.106 81 (msg: "MISP e27166 [] Outgoing URL http|3a|//79.124.40.106|3a|81/load"; flow:to_server,established; http.header; content:"79.124.40.106"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37845271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e27177 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.110.130|3a|808/visit.js"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37864951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e27166 [] Outgoing URL http|3a|//1.94.110.130|3a|808/visit.js"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37845281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> 43.251.159.58 8637 (msg: "MISP e27166 [] Outgoing URL http|3a|//43.251.159.58|3a|8637/pixel.gif"; flow:to_server,established; http.header; content:"43.251.159.58"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37845301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> 20.107.244.135 $HTTP_PORTS (msg: "MISP e27166 [] Outgoing URL http|3a|//20.107.244.135/visit.js"; flow:to_server,established; http.header; content:"20.107.244.135"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37845311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 194.26.192.57 443 (msg: "MISP e27177 [Havoc,SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK] Outgoing To IP: 194.26.192.57|443"; classtype:trojan-activity; sid:37864961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 70.27.138.200 2078 (msg: "MISP e27177 [BACOM,QakBot] Outgoing To IP: 70.27.138.200|2078"; classtype:trojan-activity; sid:37864971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 70.27.138.200 2078 (msg: "MISP e27166 [] Outgoing To IP: 70.27.138.200|2078"; classtype:trojan-activity; sid:37845331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 194.26.192.57 443 (msg: "MISP e27166 [] Outgoing To IP: 194.26.192.57|443"; classtype:trojan-activity; sid:37845341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e26909 [] Domain banco.estado-acceso.info"; dns.query; content:"banco.estado-acceso.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estado\-acceso\.info$/i"; classtype:trojan-activity; sid:37619801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26909;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26909 [] Outgoing HTTP Domain banco.estado-acceso.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banco.estado-acceso.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estado\-acceso\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37619802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26909;) alert dns any any -> any any (msg: "MISP e26910 [] Domain cuentarut-bancoestado.pages.dev"; dns.query; content:"cuentarut-bancoestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-bancoestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37619921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26910;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26910 [] Outgoing HTTP Domain cuentarut-bancoestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cuentarut-bancoestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-bancoestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37619922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26910;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 20898652directsmdy99200.sells-for-u.com"; dns.query; content:"20898652directsmdy99200.sells-for-u.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])20898652directsmdy99200\.sells\-for\-u\.com$/i"; classtype:trojan-activity; sid:38179211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 20898652directsmdy99200.sells-for-u.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"20898652directsmdy99200.sells-for-u.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])20898652directsmdy99200\.sells\-for\-u\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e26917 [] Outgoing URL http|3a|//mi-tarjetacencosud-cl.marahmedia.co.zw/"; flow:to_server,established; http.header; content:"mi-tarjetacencosud-cl.marahmedia.co.zw"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37721271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26917;) alert dns any any -> any any (msg: "MISP e26917 [] Domain mi-tarjetacencosud-cl.marahmedia.co.zw"; dns.query; content:"mi-tarjetacencosud-cl.marahmedia.co.zw"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.marahmedia\.co\.zw$/i"; classtype:trojan-activity; sid:37721281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26917;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26917 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.marahmedia.co.zw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.marahmedia.co.zw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.marahmedia\.co\.zw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37721282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26917;) alert http $HOME_NET any -> 49.234.185.12 $HTTP_PORTS (msg: "MISP e27177 [CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//49.234.185.12/updates.rss"; flow:to_server,established; http.header; content:"49.234.185.12"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37865011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e26922 [] Domain app-express-estado.pages.dev"; dns.query; content:"app-express-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-express\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37722191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26922;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26922 [] Outgoing HTTP Domain app-express-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-express-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-express\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37722192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26922;) alert ip $HOME_NET any -> 3.124.142.205 12780 (msg: "MISP e27177 [njrat] Outgoing To IP: 3.124.142.205|12780"; classtype:trojan-activity; sid:37865021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 3.125.209.94 12780 (msg: "MISP e27177 [njrat] Outgoing To IP: 3.125.209.94|12780"; classtype:trojan-activity; sid:37865031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 3.125.102.39 12780 (msg: "MISP e27177 [njrat] Outgoing To IP: 3.125.102.39|12780"; classtype:trojan-activity; sid:37865041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 18.158.249.75 12780 (msg: "MISP e27177 [njrat] Outgoing To IP: 18.158.249.75|12780"; classtype:trojan-activity; sid:37865051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 3.125.223.134 12780 (msg: "MISP e27177 [njrat] Outgoing To IP: 3.125.223.134|12780"; classtype:trojan-activity; sid:37865061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> 49.234.185.12 $HTTP_PORTS (msg: "MISP e27166 [] Outgoing URL http|3a|//49.234.185.12/updates.rss"; flow:to_server,established; http.header; content:"49.234.185.12"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37845351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 3.125.223.134 12780 (msg: "MISP e27166 [] Outgoing To IP: 3.125.223.134|12780"; classtype:trojan-activity; sid:37845371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 18.158.249.75 12780 (msg: "MISP e27166 [] Outgoing To IP: 18.158.249.75|12780"; classtype:trojan-activity; sid:37845381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 3.125.102.39 12780 (msg: "MISP e27166 [] Outgoing To IP: 3.125.102.39|12780"; classtype:trojan-activity; sid:37845391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 3.125.209.94 12780 (msg: "MISP e27166 [] Outgoing To IP: 3.125.209.94|12780"; classtype:trojan-activity; sid:37845401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 3.124.142.205 12780 (msg: "MISP e27166 [] Outgoing To IP: 3.124.142.205|12780"; classtype:trojan-activity; sid:37845411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27177 [VexTrio] Domain goalmikeas.live"; dns.query; content:"goalmikeas.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])goalmikeas\.live$/i"; classtype:trojan-activity; sid:37864981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [VexTrio] Outgoing HTTP Domain goalmikeas.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"goalmikeas.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])goalmikeas\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37864982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27177 [VexTrio] Domain wedshotrag.live"; dns.query; content:"wedshotrag.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])wedshotrag\.live$/i"; classtype:trojan-activity; sid:37864991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [VexTrio] Outgoing HTTP Domain wedshotrag.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wedshotrag.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wedshotrag\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37864992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 104.21.13.74 80 (msg: "MISP e27177 [infostealer,Lumma,stealer] Outgoing To IP: 104.21.13.74|80"; classtype:trojan-activity; sid:37864871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.244.150.230 443 (msg: "MISP e27177 [] Outgoing To IP: 185.244.150.230|443"; classtype:trojan-activity; sid:37864861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27177 [dcrat] Outgoing URL http|3a|//f0924067.xsph.ru/665cf811.php"; flow:to_server,established; http.header; content:"f0924067.xsph.ru"; fast_pattern; nocase; http.uri; content:"/665cf811.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37865071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27177 [njrat,RAT] Domain clarosecurity-com.duckdns.org"; dns.query; content:"clarosecurity-com.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarosecurity\-com\.duckdns\.org$/i"; classtype:trojan-activity; sid:37865091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [njrat,RAT] Outgoing HTTP Domain clarosecurity-com.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarosecurity-com.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarosecurity\-com\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37865092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 46.246.84.5 2054 (msg: "MISP e27177 [njrat,RAT] Outgoing To IP: 46.246.84.5|2054"; classtype:trojan-activity; sid:37865081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27166 [] Outgoing URL http|3a|//f0924067.xsph.ru/665cf811.php"; flow:to_server,established; http.header; content:"f0924067.xsph.ru"; fast_pattern; nocase; http.uri; content:"/665cf811.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37845421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27166 [] Domain goalmikeas.live"; dns.query; content:"goalmikeas.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])goalmikeas\.live$/i"; classtype:trojan-activity; sid:37845431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain goalmikeas.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"goalmikeas.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])goalmikeas\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37845432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27166 [] Domain wedshotrag.live"; dns.query; content:"wedshotrag.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])wedshotrag\.live$/i"; classtype:trojan-activity; sid:37845441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain wedshotrag.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wedshotrag.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wedshotrag\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37845442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.244.150.230 443 (msg: "MISP e27166 [] Outgoing To IP: 185.244.150.230|443"; classtype:trojan-activity; sid:37845451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 104.21.13.74 80 (msg: "MISP e27166 [] Outgoing To IP: 104.21.13.74|80"; classtype:trojan-activity; sid:37845461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e24600 [] Domain ishtrelly.com"; dns.query; content:"ishtrelly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ishtrelly\.com$/i"; classtype:trojan-activity; sid:38179261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain ishtrelly.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ishtrelly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ishtrelly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179262; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain r20.rs6.net"; dns.query; content:"r20.rs6.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])r20\.rs6\.net$/i"; classtype:trojan-activity; sid:38179311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain r20.rs6.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"r20.rs6.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])r20\.rs6\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179312; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e27166 [] Domain clarosecurity-com.duckdns.org"; dns.query; content:"clarosecurity-com.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarosecurity\-com\.duckdns\.org$/i"; classtype:trojan-activity; sid:37845471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain clarosecurity-com.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarosecurity-com.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarosecurity\-com\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37845472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 46.246.84.5 2054 (msg: "MISP e27166 [] Outgoing To IP: 46.246.84.5|2054"; classtype:trojan-activity; sid:37845481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27279 [] Domain ftp.experthvac.ro"; dns.query; content:"ftp.experthvac.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.experthvac\.ro$/i"; classtype:trojan-activity; sid:37902301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27279;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27279 [] Outgoing HTTP Domain ftp.experthvac.ro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ftp.experthvac.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ftp\.experthvac\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37902302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27279;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27279 [] Destination Email Address: ftpadmon@experthvac.ro"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"ftpadmon@experthvac.ro"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37902311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27279;) alert ip $HOME_NET any -> 85.239.33.149 445 (msg: "MISP e27177 [] Outgoing To IP: 85.239.33.149|445"; classtype:trojan-activity; sid:37865121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 155.94.208.137 445 (msg: "MISP e27177 [] Outgoing To IP: 155.94.208.137|445"; classtype:trojan-activity; sid:37865131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakeraustralla.com"; dns.query; content:"ted-bakeraustralla.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakeraustralla\.com$/i"; classtype:trojan-activity; sid:38136451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakeraustralla.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakeraustralla.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakeraustralla\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakerchile.com"; dns.query; content:"ted-bakerchile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerchile\.com$/i"; classtype:trojan-activity; sid:38136461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakerchile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakerchile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerchile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-egypt.com"; dns.query; content:"tedbaker-egypt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-egypt\.com$/i"; classtype:trojan-activity; sid:38136471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-egypt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-egypt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-egypt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-baker-espana.com"; dns.query; content:"ted-baker-espana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-baker\-espana\.com$/i"; classtype:trojan-activity; sid:38136481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-baker-espana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-baker-espana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-baker\-espana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerhuwebshop.com"; dns.query; content:"tedbakerhuwebshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerhuwebshop\.com$/i"; classtype:trojan-activity; sid:38136491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerhuwebshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerhuwebshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerhuwebshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeristanbul.com"; dns.query; content:"tedbakeristanbul.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeristanbul\.com$/i"; classtype:trojan-activity; sid:38136501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeristanbul.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeristanbul.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeristanbul\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-baker-ksa.com"; dns.query; content:"ted-baker-ksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-baker\-ksa\.com$/i"; classtype:trojan-activity; sid:38136511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-baker-ksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-baker-ksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-baker\-ksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakernetherlands.com"; dns.query; content:"ted-bakernetherlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakernetherlands\.com$/i"; classtype:trojan-activity; sid:38136521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakernetherlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakernetherlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakernetherlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakernorway.com"; dns.query; content:"tedbakernorway.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakernorway\.com$/i"; classtype:trojan-activity; sid:38136531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakernorway.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakernorway.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakernorway\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakerphilippines.com"; dns.query; content:"ted-bakerphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerphilippines\.com$/i"; classtype:trojan-activity; sid:38136541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakerphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakerphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerportugalpt.com"; dns.query; content:"tedbakerportugalpt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerportugalpt\.com$/i"; classtype:trojan-activity; sid:38136551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerportugalpt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerportugalpt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerportugalpt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-ro.com"; dns.query; content:"tedbaker-ro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-ro\.com$/i"; classtype:trojan-activity; sid:38136561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-ro.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-ro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-ro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakersdenmark.com"; dns.query; content:"tedbakersdenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersdenmark\.com$/i"; classtype:trojan-activity; sid:38136571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakersdenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakersdenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersdenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakersingapore-sg.com"; dns.query; content:"tedbakersingapore-sg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersingapore\-sg\.com$/i"; classtype:trojan-activity; sid:38136581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakersingapore-sg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakersingapore-sg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersingapore\-sg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerturkiye-tr.com"; dns.query; content:"tedbakerturkiye-tr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerturkiye\-tr\.com$/i"; classtype:trojan-activity; sid:38136591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerturkiye-tr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerturkiye-tr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerturkiye\-tr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakeruk.com"; dns.query; content:"ted-bakeruk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakeruk\.com$/i"; classtype:trojan-activity; sid:38136601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakeruk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakeruk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakeruk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-us.com"; dns.query; content:"tedbaker-us.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-us\.com$/i"; classtype:trojan-activity; sid:38136611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-us.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-us.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-us\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerwinkels.com"; dns.query; content:"tedbakerwinkels.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerwinkels\.com$/i"; classtype:trojan-activity; sid:38136621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerwinkels.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerwinkels.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerwinkels\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e26956 [] Domain estado.accesoclientes.info"; dns.query; content:"estado.accesoclientes.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info$/i"; classtype:trojan-activity; sid:37743941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26956;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26956 [] Outgoing HTTP Domain estado.accesoclientes.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado.accesoclientes.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37743942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/26956;) alert dns any any -> any any (msg: "MISP e27177 [AS208046,c2,censys] Domain was.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"was.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])was\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37865301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [AS208046,c2,censys] Outgoing HTTP Domain was.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"was.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])was\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37865302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27177 [AS-COLOCROSSING,AS36352,c2,censys] Domain bh8bwt.link"; dns.query; content:"bh8bwt.link"; nocase; pcre: "/(^|[^A-Za-z0-9-])bh8bwt\.link$/i"; classtype:trojan-activity; sid:37865311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain bh8bwt.link"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bh8bwt.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bh8bwt\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37865312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 103.142.146.5 443 (msg: "MISP e27177 [AS135581,c2,censys] Outgoing To IP: 103.142.146.5|443"; classtype:trojan-activity; sid:37865321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 121.196.221.250 8888 (msg: "MISP e27177 [AS37963,c2,censys] Outgoing To IP: 121.196.221.250|8888"; classtype:trojan-activity; sid:37865331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 103.142.146.6 443 (msg: "MISP e27177 [AS135581,c2,censys] Outgoing To IP: 103.142.146.6|443"; classtype:trojan-activity; sid:37865341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 120.48.5.80 6009 (msg: "MISP e27177 [AS38365,c2,censys] Outgoing To IP: 120.48.5.80|6009"; classtype:trojan-activity; sid:37865351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 23.94.240.216 443 (msg: "MISP e27177 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 23.94.240.216|443"; classtype:trojan-activity; sid:37865361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 136.144.240.165 443 (msg: "MISP e27177 [AS20857,c2,censys] Outgoing To IP: 136.144.240.165|443"; classtype:trojan-activity; sid:37865371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 149.104.27.205 80 (msg: "MISP e27177 [AS139659,c2,censys] Outgoing To IP: 149.104.27.205|80"; classtype:trojan-activity; sid:37865381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 43.138.101.9 80 (msg: "MISP e27177 [AS45090,c2,censys] Outgoing To IP: 43.138.101.9|80"; classtype:trojan-activity; sid:37865391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 23.94.240.215 443 (msg: "MISP e27177 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 23.94.240.215|443"; classtype:trojan-activity; sid:37865401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.196.10.217 80 (msg: "MISP e27177 [AS42624,c2,censys,SIMPLECARRIER] Outgoing To IP: 185.196.10.217|80"; classtype:trojan-activity; sid:37865411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 213.252.246.7 8443 (msg: "MISP e27177 [AS61272,c2,censys,IST-AS] Outgoing To IP: 213.252.246.7|8443"; classtype:trojan-activity; sid:37865421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 8.222.150.46 80 (msg: "MISP e27177 [AS45102,c2,censys] Outgoing To IP: 8.222.150.46|80"; classtype:trojan-activity; sid:37865431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 4.210.191.162 8443 (msg: "MISP e27177 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 4.210.191.162|8443"; classtype:trojan-activity; sid:37865441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 103.142.146.7 443 (msg: "MISP e27177 [AS135581,c2,censys] Outgoing To IP: 103.142.146.7|443"; classtype:trojan-activity; sid:37865451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 103.108.41.242 443 (msg: "MISP e27177 [AS135581,c2,censys] Outgoing To IP: 103.108.41.242|443"; classtype:trojan-activity; sid:37865461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 1.92.90.232 8000 (msg: "MISP e27177 [AS55990,c2,censys,RAT] Outgoing To IP: 1.92.90.232|8000"; classtype:trojan-activity; sid:37865471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 88.214.25.240 31337 (msg: "MISP e27177 [AS29551,c2,censys,HGCOMP-ASN] Outgoing To IP: 88.214.25.240|31337"; classtype:trojan-activity; sid:37865481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 69.46.36.216 31337 (msg: "MISP e27177 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.216|31337"; classtype:trojan-activity; sid:37865491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 69.46.36.210 31337 (msg: "MISP e27177 [AS19528,c2,censys,MPDCOL] Outgoing To IP: 69.46.36.210|31337"; classtype:trojan-activity; sid:37865501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 192.210.140.35 31337 (msg: "MISP e27177 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 192.210.140.35|31337"; classtype:trojan-activity; sid:37865511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.142.184.93 443 (msg: "MISP e27177 [AS203132,c2,censys,SYSS] Outgoing To IP: 185.142.184.93|443"; classtype:trojan-activity; sid:37865521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 195.123.217.139 443 (msg: "MISP e27177 [AS21100,c2,censys,ITLDC-NL,RAT] Outgoing To IP: 195.123.217.139|443"; classtype:trojan-activity; sid:37865531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 2.58.85.145 6004 (msg: "MISP e27177 [AS47436,c2,censys,OMER-FARUK-DEMIRCI,RAT] Outgoing To IP: 2.58.85.145|6004"; classtype:trojan-activity; sid:37865541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 85.99.80.60 888 (msg: "MISP e27177 [AS9121,c2,censys,RAT,TTNET] Outgoing To IP: 85.99.80.60|888"; classtype:trojan-activity; sid:37865551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 128.90.113.242 9999 (msg: "MISP e27177 [AS40861,c2,censys,PARAD-40-ASN,RAT] Outgoing To IP: 128.90.113.242|9999"; classtype:trojan-activity; sid:37865561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 191.88.250.63 4208 (msg: "MISP e27177 [AS27831,c2,censys,RAT] Outgoing To IP: 191.88.250.63|4208"; classtype:trojan-activity; sid:37865571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 46.246.84.11 2000 (msg: "MISP e27177 [AS42708,c2,censys,RAT] Outgoing To IP: 46.246.84.11|2000"; classtype:trojan-activity; sid:37865581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 45.134.83.165 7707 (msg: "MISP e27177 [AS6134,c2,censys,RAT,XNNET] Outgoing To IP: 45.134.83.165|7707"; classtype:trojan-activity; sid:37865591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 45.134.83.162 6606 (msg: "MISP e27177 [AS6134,c2,censys,RAT,XNNET] Outgoing To IP: 45.134.83.162|6606"; classtype:trojan-activity; sid:37865601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 23.26.201.73 6666 (msg: "MISP e27177 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 23.26.201.73|6666"; classtype:trojan-activity; sid:37865611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 51.89.109.154 6606 (msg: "MISP e27177 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 51.89.109.154|6606"; classtype:trojan-activity; sid:37865621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 91.142.74.218 80 (msg: "MISP e27177 [AS48282,c2,censys,HookBot,VDSINA-AS] Outgoing To IP: 91.142.74.218|80"; classtype:trojan-activity; sid:37865631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27177 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Domain cenixcrypto.com"; dns.query; content:"cenixcrypto.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cenixcrypto\.com$/i"; classtype:trojan-activity; sid:37865641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Outgoing HTTP Domain cenixcrypto.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cenixcrypto.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cenixcrypto\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37865642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 193.233.132.32 8081 (msg: "MISP e27177 [AS216319,c2,censys,SUNHOST-AS] Outgoing To IP: 193.233.132.32|8081"; classtype:trojan-activity; sid:37865651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 223.155.16.58 23333 (msg: "MISP e27177 [AS4134,c2,censys,RAT] Outgoing To IP: 223.155.16.58|23333"; classtype:trojan-activity; sid:37865661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 181.162.154.20 8080 (msg: "MISP e27177 [AS7418,c2,censys,RAT] Outgoing To IP: 181.162.154.20|8080"; classtype:trojan-activity; sid:37865671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 223.155.16.52 23333 (msg: "MISP e27177 [AS4134,c2,censys,RAT] Outgoing To IP: 223.155.16.52|23333"; classtype:trojan-activity; sid:37865681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.16.39.117 4449 (msg: "MISP e27177 [AS201814,c2,censys,MEVSPACE,RAT] Outgoing To IP: 185.16.39.117|4449"; classtype:trojan-activity; sid:37865691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 124.156.162.114 80 (msg: "MISP e27177 [AS132203,c2,censys] Outgoing To IP: 124.156.162.114|80"; classtype:trojan-activity; sid:37865701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 45.15.159.44 80 (msg: "MISP e27177 [AEZA-AS,AS210644,c2,censys] Outgoing To IP: 45.15.159.44|80"; classtype:trojan-activity; sid:37865711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 20.0.153.70 80 (msg: "MISP e27177 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.0.153.70|80"; classtype:trojan-activity; sid:37865721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 5.199.162.93 80 (msg: "MISP e27177 [AS16125,c2,censys,CHERRYSERVERS1-AS] Outgoing To IP: 5.199.162.93|80"; classtype:trojan-activity; sid:37865731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27177 [AEZA-AS,AS210644,c2,censys,stealer] Domain asqrecruitment.com"; dns.query; content:"asqrecruitment.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asqrecruitment\.com$/i"; classtype:trojan-activity; sid:37865741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27177 [AEZA-AS,AS210644,c2,censys,stealer] Outgoing HTTP Domain asqrecruitment.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asqrecruitment.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asqrecruitment\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37865742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 18.204.80.51 443 (msg: "MISP e27177 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 18.204.80.51|443"; classtype:trojan-activity; sid:37865751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.36.81.46 80 (msg: "MISP e27177 [AS209605,c2,censys,HOSTBALTIC] Outgoing To IP: 185.36.81.46|80"; classtype:trojan-activity; sid:37865761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 93.123.85.60 80 (msg: "MISP e27177 [AS216240,c2,censys,MORTALSOFT] Outgoing To IP: 93.123.85.60|80"; classtype:trojan-activity; sid:37865771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 91.208.92.66 443 (msg: "MISP e27177 [AS212027,c2,censys,PEBBLEHOST,UNAM] Outgoing To IP: 91.208.92.66|443"; classtype:trojan-activity; sid:37865781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 91.92.251.210 80 (msg: "MISP e27177 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.251.210|80"; classtype:trojan-activity; sid:37865791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 123.254.104.237 60000 (msg: "MISP e27177 [AS55933,censys,Viper] Outgoing To IP: 123.254.104.237|60000"; classtype:trojan-activity; sid:37865801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 154.201.80.138 60000 (msg: "MISP e27177 [AS142032,censys,Viper] Outgoing To IP: 154.201.80.138|60000"; classtype:trojan-activity; sid:37865811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 124.222.124.9 60000 (msg: "MISP e27177 [AS45090,censys,Viper] Outgoing To IP: 124.222.124.9|60000"; classtype:trojan-activity; sid:37865821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 64.23.179.200 4000 (msg: "MISP e27177 [AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,phishing] Outgoing To IP: 64.23.179.200|4000"; classtype:trojan-activity; sid:37865831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 20.96.212.59 3333 (msg: "MISP e27177 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.96.212.59|3333"; classtype:trojan-activity; sid:37865841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 128.199.108.110 2087 (msg: "MISP e27177 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 128.199.108.110|2087"; classtype:trojan-activity; sid:37865851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 64.23.182.218 3443 (msg: "MISP e27177 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 64.23.182.218|3443"; classtype:trojan-activity; sid:37865861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 20.56.21.162 3333 (msg: "MISP e27177 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.56.21.162|3333"; classtype:trojan-activity; sid:37865871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 93.185.167.79 8888 (msg: "MISP e27177 [ALEXHOST,AS200019,censys,GoPhish,phishing] Outgoing To IP: 93.185.167.79|8888"; classtype:trojan-activity; sid:37865881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 8.222.199.64 3333 (msg: "MISP e27177 [AS45102,censys,GoPhish,phishing] Outgoing To IP: 8.222.199.64|3333"; classtype:trojan-activity; sid:37865891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 52.0.178.227 443 (msg: "MISP e27177 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 52.0.178.227|443"; classtype:trojan-activity; sid:37865901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 91.221.22.159 80 (msg: "MISP e27177 [AS51670,censys,GoPhish,phishing,TVTC-AS] Outgoing To IP: 91.221.22.159|80"; classtype:trojan-activity; sid:37865911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 3.131.21.160 8443 (msg: "MISP e27177 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.131.21.160|8443"; classtype:trojan-activity; sid:37865921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 79.174.2.133 3333 (msg: "MISP e27177 [ADMINOS,AS212586,censys,GoPhish,phishing] Outgoing To IP: 79.174.2.133|3333"; classtype:trojan-activity; sid:37865931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 193.203.238.147 443 (msg: "MISP e27177 [AS30823,AveMariaRAT,c2,censys,RAT] Outgoing To IP: 193.203.238.147|443"; classtype:trojan-activity; sid:37865941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert dns any any -> any any (msg: "MISP e27166 [] Domain bh8bwt.link"; dns.query; content:"bh8bwt.link"; nocase; pcre: "/(^|[^A-Za-z0-9-])bh8bwt\.link$/i"; classtype:trojan-activity; sid:37845491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain bh8bwt.link"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bh8bwt.link"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bh8bwt\.link[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37845492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27166 [] Domain was.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"was.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])was\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37845501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain was.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"was.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])was\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37845502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 195.123.217.139 443 (msg: "MISP e27166 [] Outgoing To IP: 195.123.217.139|443"; classtype:trojan-activity; sid:37845511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.142.184.93 443 (msg: "MISP e27166 [] Outgoing To IP: 185.142.184.93|443"; classtype:trojan-activity; sid:37845521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 192.210.140.35 31337 (msg: "MISP e27166 [] Outgoing To IP: 192.210.140.35|31337"; classtype:trojan-activity; sid:37845531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 69.46.36.210 31337 (msg: "MISP e27166 [] Outgoing To IP: 69.46.36.210|31337"; classtype:trojan-activity; sid:37845541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 69.46.36.216 31337 (msg: "MISP e27166 [] Outgoing To IP: 69.46.36.216|31337"; classtype:trojan-activity; sid:37845551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 88.214.25.240 31337 (msg: "MISP e27166 [] Outgoing To IP: 88.214.25.240|31337"; classtype:trojan-activity; sid:37845561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 1.92.90.232 8000 (msg: "MISP e27166 [] Outgoing To IP: 1.92.90.232|8000"; classtype:trojan-activity; sid:37845571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 103.108.41.242 443 (msg: "MISP e27166 [] Outgoing To IP: 103.108.41.242|443"; classtype:trojan-activity; sid:37845581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 103.142.146.7 443 (msg: "MISP e27166 [] Outgoing To IP: 103.142.146.7|443"; classtype:trojan-activity; sid:37845591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 4.210.191.162 8443 (msg: "MISP e27166 [] Outgoing To IP: 4.210.191.162|8443"; classtype:trojan-activity; sid:37845601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 8.222.150.46 80 (msg: "MISP e27166 [] Outgoing To IP: 8.222.150.46|80"; classtype:trojan-activity; sid:37845611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 213.252.246.7 8443 (msg: "MISP e27166 [] Outgoing To IP: 213.252.246.7|8443"; classtype:trojan-activity; sid:37845621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.196.10.217 80 (msg: "MISP e27166 [] Outgoing To IP: 185.196.10.217|80"; classtype:trojan-activity; sid:37845631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 23.94.240.215 443 (msg: "MISP e27166 [] Outgoing To IP: 23.94.240.215|443"; classtype:trojan-activity; sid:37845641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 43.138.101.9 80 (msg: "MISP e27166 [] Outgoing To IP: 43.138.101.9|80"; classtype:trojan-activity; sid:37845651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 136.144.240.165 443 (msg: "MISP e27166 [] Outgoing To IP: 136.144.240.165|443"; classtype:trojan-activity; sid:37845661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 149.104.27.205 80 (msg: "MISP e27166 [] Outgoing To IP: 149.104.27.205|80"; classtype:trojan-activity; sid:37845671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 23.94.240.216 443 (msg: "MISP e27166 [] Outgoing To IP: 23.94.240.216|443"; classtype:trojan-activity; sid:37845681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 120.48.5.80 6009 (msg: "MISP e27166 [] Outgoing To IP: 120.48.5.80|6009"; classtype:trojan-activity; sid:37845691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 121.196.221.250 8888 (msg: "MISP e27166 [] Outgoing To IP: 121.196.221.250|8888"; classtype:trojan-activity; sid:37845701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 103.142.146.6 443 (msg: "MISP e27166 [] Outgoing To IP: 103.142.146.6|443"; classtype:trojan-activity; sid:37845711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 103.142.146.5 443 (msg: "MISP e27166 [] Outgoing To IP: 103.142.146.5|443"; classtype:trojan-activity; sid:37845721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27166 [] Domain asqrecruitment.com"; dns.query; content:"asqrecruitment.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asqrecruitment\.com$/i"; classtype:trojan-activity; sid:37845731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain asqrecruitment.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asqrecruitment.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asqrecruitment\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37845732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27166 [] Domain cenixcrypto.com"; dns.query; content:"cenixcrypto.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cenixcrypto\.com$/i"; classtype:trojan-activity; sid:37845741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27166 [] Outgoing HTTP Domain cenixcrypto.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cenixcrypto.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cenixcrypto\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37845742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 193.203.238.147 443 (msg: "MISP e27166 [] Outgoing To IP: 193.203.238.147|443"; classtype:trojan-activity; sid:37845751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 79.174.2.133 3333 (msg: "MISP e27166 [] Outgoing To IP: 79.174.2.133|3333"; classtype:trojan-activity; sid:37845761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 3.131.21.160 8443 (msg: "MISP e27166 [] Outgoing To IP: 3.131.21.160|8443"; classtype:trojan-activity; sid:37845771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 91.221.22.159 80 (msg: "MISP e27166 [] Outgoing To IP: 91.221.22.159|80"; classtype:trojan-activity; sid:37845781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 52.0.178.227 443 (msg: "MISP e27166 [] Outgoing To IP: 52.0.178.227|443"; classtype:trojan-activity; sid:37845791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 93.185.167.79 8888 (msg: "MISP e27166 [] Outgoing To IP: 93.185.167.79|8888"; classtype:trojan-activity; sid:37845801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 8.222.199.64 3333 (msg: "MISP e27166 [] Outgoing To IP: 8.222.199.64|3333"; classtype:trojan-activity; sid:37845811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 20.56.21.162 3333 (msg: "MISP e27166 [] Outgoing To IP: 20.56.21.162|3333"; classtype:trojan-activity; sid:37845821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 64.23.182.218 3443 (msg: "MISP e27166 [] Outgoing To IP: 64.23.182.218|3443"; classtype:trojan-activity; sid:37845831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 128.199.108.110 2087 (msg: "MISP e27166 [] Outgoing To IP: 128.199.108.110|2087"; classtype:trojan-activity; sid:37845841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 20.96.212.59 3333 (msg: "MISP e27166 [] Outgoing To IP: 20.96.212.59|3333"; classtype:trojan-activity; sid:37845851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 64.23.179.200 4000 (msg: "MISP e27166 [] Outgoing To IP: 64.23.179.200|4000"; classtype:trojan-activity; sid:37845861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 124.222.124.9 60000 (msg: "MISP e27166 [] Outgoing To IP: 124.222.124.9|60000"; classtype:trojan-activity; sid:37845871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 154.201.80.138 60000 (msg: "MISP e27166 [] Outgoing To IP: 154.201.80.138|60000"; classtype:trojan-activity; sid:37845881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 123.254.104.237 60000 (msg: "MISP e27166 [] Outgoing To IP: 123.254.104.237|60000"; classtype:trojan-activity; sid:37845891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 91.92.251.210 80 (msg: "MISP e27166 [] Outgoing To IP: 91.92.251.210|80"; classtype:trojan-activity; sid:37845901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 91.208.92.66 443 (msg: "MISP e27166 [] Outgoing To IP: 91.208.92.66|443"; classtype:trojan-activity; sid:37845911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 93.123.85.60 80 (msg: "MISP e27166 [] Outgoing To IP: 93.123.85.60|80"; classtype:trojan-activity; sid:37845921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.36.81.46 80 (msg: "MISP e27166 [] Outgoing To IP: 185.36.81.46|80"; classtype:trojan-activity; sid:37845931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 18.204.80.51 443 (msg: "MISP e27166 [] Outgoing To IP: 18.204.80.51|443"; classtype:trojan-activity; sid:37845941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 5.199.162.93 80 (msg: "MISP e27166 [] Outgoing To IP: 5.199.162.93|80"; classtype:trojan-activity; sid:37845951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 45.15.159.44 80 (msg: "MISP e27166 [] Outgoing To IP: 45.15.159.44|80"; classtype:trojan-activity; sid:37845961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 20.0.153.70 80 (msg: "MISP e27166 [] Outgoing To IP: 20.0.153.70|80"; classtype:trojan-activity; sid:37845971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 124.156.162.114 80 (msg: "MISP e27166 [] Outgoing To IP: 124.156.162.114|80"; classtype:trojan-activity; sid:37845981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.16.39.117 4449 (msg: "MISP e27166 [] Outgoing To IP: 185.16.39.117|4449"; classtype:trojan-activity; sid:37845991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 223.155.16.52 23333 (msg: "MISP e27166 [] Outgoing To IP: 223.155.16.52|23333"; classtype:trojan-activity; sid:37846001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 181.162.154.20 8080 (msg: "MISP e27166 [] Outgoing To IP: 181.162.154.20|8080"; classtype:trojan-activity; sid:37846011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 223.155.16.58 23333 (msg: "MISP e27166 [] Outgoing To IP: 223.155.16.58|23333"; classtype:trojan-activity; sid:37846021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 193.233.132.32 8081 (msg: "MISP e27166 [] Outgoing To IP: 193.233.132.32|8081"; classtype:trojan-activity; sid:37846031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 91.142.74.218 80 (msg: "MISP e27166 [] Outgoing To IP: 91.142.74.218|80"; classtype:trojan-activity; sid:37846041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 23.26.201.73 6666 (msg: "MISP e27166 [] Outgoing To IP: 23.26.201.73|6666"; classtype:trojan-activity; sid:37846051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 51.89.109.154 6606 (msg: "MISP e27166 [] Outgoing To IP: 51.89.109.154|6606"; classtype:trojan-activity; sid:37846061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 45.134.83.162 6606 (msg: "MISP e27166 [] Outgoing To IP: 45.134.83.162|6606"; classtype:trojan-activity; sid:37846071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 45.134.83.165 7707 (msg: "MISP e27166 [] Outgoing To IP: 45.134.83.165|7707"; classtype:trojan-activity; sid:37846081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 46.246.84.11 2000 (msg: "MISP e27166 [] Outgoing To IP: 46.246.84.11|2000"; classtype:trojan-activity; sid:37846091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 191.88.250.63 4208 (msg: "MISP e27166 [] Outgoing To IP: 191.88.250.63|4208"; classtype:trojan-activity; sid:37846101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 128.90.113.242 9999 (msg: "MISP e27166 [] Outgoing To IP: 128.90.113.242|9999"; classtype:trojan-activity; sid:37846111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 85.99.80.60 888 (msg: "MISP e27166 [] Outgoing To IP: 85.99.80.60|888"; classtype:trojan-activity; sid:37846121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 2.58.85.145 6004 (msg: "MISP e27166 [] Outgoing To IP: 2.58.85.145|6004"; classtype:trojan-activity; sid:37846131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.155.184.55 443 (msg: "MISP e27177 [DDGA,Server,VexTrio] Outgoing To IP: 185.155.184.55|443"; classtype:trojan-activity; sid:37865101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.155.186.25 443 (msg: "MISP e27177 [DDGA,Server,VexTrio] Outgoing To IP: 185.155.186.25|443"; classtype:trojan-activity; sid:37865111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.196.11.28 51231 (msg: "MISP e27177 [c2,moobot] Outgoing To IP: 185.196.11.28|51231"; classtype:trojan-activity; sid:37865141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.196.9.14 23213 (msg: "MISP e27177 [c2,moobot] Outgoing To IP: 185.196.9.14|23213"; classtype:trojan-activity; sid:37865151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 91.92.254.43 6666 (msg: "MISP e27177 [c2,moobot] Outgoing To IP: 91.92.254.43|6666"; classtype:trojan-activity; sid:37865161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 185.196.10.231 1312 (msg: "MISP e27177 [c2,elf,Mirai] Outgoing To IP: 185.196.10.231|1312"; classtype:trojan-activity; sid:37865171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 193.35.18.164 60195 (msg: "MISP e27177 [c2,elf,Mirai] Outgoing To IP: 193.35.18.164|60195"; classtype:trojan-activity; sid:37865181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 94.156.66.229 1312 (msg: "MISP e27177 [c2,elf,Mirai] Outgoing To IP: 94.156.66.229|1312"; classtype:trojan-activity; sid:37865191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 94.156.71.59 13 (msg: "MISP e27177 [c2,elf,Mirai] Outgoing To IP: 94.156.71.59|13"; classtype:trojan-activity; sid:37865201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 91.92.253.46 59962 (msg: "MISP e27177 [c2,elf,Mirai] Outgoing To IP: 91.92.253.46|59962"; classtype:trojan-activity; sid:37865211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 176.123.2.50 8872 (msg: "MISP e27177 [elf,Mirai] Outgoing To IP: 176.123.2.50|8872"; classtype:trojan-activity; sid:37865291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 94.156.8.179 1312 (msg: "MISP e27177 [Mirai] Outgoing To IP: 94.156.8.179|1312"; classtype:trojan-activity; sid:37865951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 45.86.86.176 1312 (msg: "MISP e27177 [c2,Mirai] Outgoing To IP: 45.86.86.176|1312"; classtype:trojan-activity; sid:37865271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 94.103.188.45 1312 (msg: "MISP e27177 [c2,Mirai] Outgoing To IP: 94.103.188.45|1312"; classtype:trojan-activity; sid:37865281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 94.156.71.29 60195 (msg: "MISP e27177 [c2,elf,Mirai] Outgoing To IP: 94.156.71.29|60195"; classtype:trojan-activity; sid:37865241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 37.221.92.112 5555 (msg: "MISP e27177 [c2,elf,Mirai] Outgoing To IP: 37.221.92.112|5555"; classtype:trojan-activity; sid:37865251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 94.156.71.220 2821 (msg: "MISP e27177 [c2,Mirai] Outgoing To IP: 94.156.71.220|2821"; classtype:trojan-activity; sid:37865261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 91.92.240.190 5525 (msg: "MISP e27177 [c2,elf,Mirai] Outgoing To IP: 91.92.240.190|5525"; classtype:trojan-activity; sid:37865221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 91.92.244.84 9511 (msg: "MISP e27177 [c2,elf,Mirai] Outgoing To IP: 91.92.244.84|9511"; classtype:trojan-activity; sid:37865231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 2.57.149.235 15647 (msg: "MISP e27177 [Arechclient2] Outgoing To IP: 2.57.149.235|15647"; classtype:trojan-activity; sid:37865961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 91.92.240.190 5525 (msg: "MISP e27166 [] Outgoing To IP: 91.92.240.190|5525"; classtype:trojan-activity; sid:37846141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 91.92.244.84 9511 (msg: "MISP e27166 [] Outgoing To IP: 91.92.244.84|9511"; classtype:trojan-activity; sid:37846151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 94.156.71.29 60195 (msg: "MISP e27166 [] Outgoing To IP: 94.156.71.29|60195"; classtype:trojan-activity; sid:37846161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 37.221.92.112 5555 (msg: "MISP e27166 [] Outgoing To IP: 37.221.92.112|5555"; classtype:trojan-activity; sid:37846171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 94.156.71.220 2821 (msg: "MISP e27166 [] Outgoing To IP: 94.156.71.220|2821"; classtype:trojan-activity; sid:37846181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 94.103.188.45 1312 (msg: "MISP e27166 [] Outgoing To IP: 94.103.188.45|1312"; classtype:trojan-activity; sid:37846191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 176.123.2.50 8872 (msg: "MISP e27166 [] Outgoing To IP: 176.123.2.50|8872"; classtype:trojan-activity; sid:37846201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 94.156.8.179 1312 (msg: "MISP e27166 [] Outgoing To IP: 94.156.8.179|1312"; classtype:trojan-activity; sid:37846211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 91.92.253.46 59962 (msg: "MISP e27166 [] Outgoing To IP: 91.92.253.46|59962"; classtype:trojan-activity; sid:37846221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 94.156.71.59 13 (msg: "MISP e27166 [] Outgoing To IP: 94.156.71.59|13"; classtype:trojan-activity; sid:37846231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 94.156.66.229 1312 (msg: "MISP e27166 [] Outgoing To IP: 94.156.66.229|1312"; classtype:trojan-activity; sid:37846241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 193.35.18.164 60195 (msg: "MISP e27166 [] Outgoing To IP: 193.35.18.164|60195"; classtype:trojan-activity; sid:37846251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 91.92.254.43 6666 (msg: "MISP e27166 [] Outgoing To IP: 91.92.254.43|6666"; classtype:trojan-activity; sid:37846261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.196.10.231 1312 (msg: "MISP e27166 [] Outgoing To IP: 185.196.10.231|1312"; classtype:trojan-activity; sid:37846271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.196.11.28 51231 (msg: "MISP e27166 [] Outgoing To IP: 185.196.11.28|51231"; classtype:trojan-activity; sid:37846281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.196.9.14 23213 (msg: "MISP e27166 [] Outgoing To IP: 185.196.9.14|23213"; classtype:trojan-activity; sid:37846291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.155.186.25 443 (msg: "MISP e27166 [] Outgoing To IP: 185.155.186.25|443"; classtype:trojan-activity; sid:37846301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 185.155.184.55 443 (msg: "MISP e27166 [] Outgoing To IP: 185.155.184.55|443"; classtype:trojan-activity; sid:37846311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 2.57.149.235 15647 (msg: "MISP e27166 [] Outgoing To IP: 2.57.149.235|15647"; classtype:trojan-activity; sid:37846321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 103.179.188.223 19990 (msg: "MISP e27177 [c2,moobot] Outgoing To IP: 103.179.188.223|19990"; classtype:trojan-activity; sid:37865971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 103.179.188.223 19990 (msg: "MISP e27166 [] Outgoing To IP: 103.179.188.223|19990"; classtype:trojan-activity; sid:37846331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27280 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"1f34b38854cd32c264c7050a8d36d9ddb7c07c2505158818907c1ed0c513a108|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37902351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27280;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27280 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"3797a88cd64660a4929e389be0d698d39d2eb0bb9ee57e0d0711aa3f0eed8472|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37902361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27280;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27280 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"648492c24c78bb3ac228c8587e64a61c4853b9309b03896c47d01791584051b4|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37902371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27280;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27280 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"a9e4d2b7a450d82fa25c22514077eb82d4c6bfa766d789842718b686a3e0c0b8|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37902381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27280;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27280 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"ac4c0ea8269782fd35855d906fb5ba1c27a6bd36c63a28a29339afed1d1f387b|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37902391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27280;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27280 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"ba100205cbb4715535f53664dd01b49b7ec65fd26e26cc2ae52d7d041ef41f60|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37902401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27280;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27280 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"d09246394740ef99b250c99bc232890fe22b2c301d518344c1799bfd0d67f44c|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37902411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27280;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27280 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"d658797efa58a59b20d53dab214edb09e2bda30356f8b8bc5a043e210491be25|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37902421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27280;) alert dns any any -> any any (msg: "MISP e27278 [] Domain halconstore.com"; dns.query; content:"halconstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])halconstore\.com$/i"; classtype:trojan-activity; sid:37901891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27278;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27278 [] Outgoing HTTP Domain halconstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"halconstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])halconstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37901892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27278;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27278 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"77f17f115d0b3269527130735465ab8ec83e9b13b6b437a5de0b3ee11468b991|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37901901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27278;) alert dns any any -> any any (msg: "MISP e27037 [] Domain mi-tarjetacencosud-cl.slcomerciodevidros.com.br"; dns.query; content:"mi-tarjetacencosud-cl.slcomerciodevidros.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.slcomerciodevidros\.com\.br$/i"; classtype:trojan-activity; sid:37768191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27037;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27037 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.slcomerciodevidros.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.slcomerciodevidros.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.slcomerciodevidros\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37768192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27037;) alert ip 94.156.67.62 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.156.67.62"; classtype:trojan-activity; sid:37901001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 94.156.66.125 any -> $HOME_NET any (msg: "MISP e27287 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.156.66.125"; classtype:trojan-activity; sid:37904401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27287;) alert ip 91.92.247.195 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.247.195"; classtype:trojan-activity; sid:37901011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 91.92.244.152 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.92.244.152"; classtype:trojan-activity; sid:37901021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 89.147.227.136 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.147.227.136"; classtype:trojan-activity; sid:37901031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 91.224.92.14 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.224.92.14"; classtype:trojan-activity; sid:37901041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 88.129.112.11 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.129.112.11"; classtype:trojan-activity; sid:37901051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 69.165.169.12 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.165.169.12"; classtype:trojan-activity; sid:37901061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 61.136.150.98 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.136.150.98"; classtype:trojan-activity; sid:37901071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 36.224.236.126 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.224.236.126"; classtype:trojan-activity; sid:37901081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 49.72.108.174 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.72.108.174"; classtype:trojan-activity; sid:37901091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 221.150.66.95 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.150.66.95"; classtype:trojan-activity; sid:37901101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 200.91.207.83 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.91.207.83"; classtype:trojan-activity; sid:37901111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 180.103.152.235 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.103.152.235"; classtype:trojan-activity; sid:37901121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 162.191.93.95 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.191.93.95"; classtype:trojan-activity; sid:37901131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 121.238.196.173 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.238.196.173"; classtype:trojan-activity; sid:37901141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 222.90.4.148 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.90.4.148"; classtype:trojan-activity; sid:37901151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 117.82.118.238 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.82.118.238"; classtype:trojan-activity; sid:37901161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 212.225.221.252 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.225.221.252"; classtype:trojan-activity; sid:37901171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 113.120.189.226 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.120.189.226"; classtype:trojan-activity; sid:37901181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 183.69.148.18 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.69.148.18"; classtype:trojan-activity; sid:37901191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 175.153.176.178 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.153.176.178"; classtype:trojan-activity; sid:37901201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 1.53.37.209 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.53.37.209"; classtype:trojan-activity; sid:37901211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 123.254.109.66 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.254.109.66"; classtype:trojan-activity; sid:37901221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 119.117.253.226 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.117.253.226"; classtype:trojan-activity; sid:37901231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 68.198.190.131 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.198.190.131"; classtype:trojan-activity; sid:37890261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 116.54.44.224 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.54.44.224"; classtype:trojan-activity; sid:37901241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 103.141.144.175 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.141.144.175"; classtype:trojan-activity; sid:37901251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 8.208.76.146 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.208.76.146"; classtype:trojan-activity; sid:37890271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.248.139.106 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.248.139.106"; classtype:trojan-activity; sid:37890281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 59.4.9.69 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.4.9.69"; classtype:trojan-activity; sid:37890291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.113.234 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.113.234"; classtype:trojan-activity; sid:37890301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.102.38 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.102.38"; classtype:trojan-activity; sid:37890311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 220.118.147.50 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.118.147.50"; classtype:trojan-activity; sid:37890321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 24.144.95.224 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.144.95.224"; classtype:trojan-activity; sid:37890331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 198.199.111.219 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.111.219"; classtype:trojan-activity; sid:37890341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 167.248.133.36 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.36"; classtype:trojan-activity; sid:37890351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 118.193.34.14 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.34.14"; classtype:trojan-activity; sid:37890361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 2.33.13.146 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.33.13.146"; classtype:trojan-activity; sid:37890371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.227.136.16 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.227.136.16"; classtype:trojan-activity; sid:37890381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 130.162.42.103 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 130.162.42.103"; classtype:trojan-activity; sid:37890391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.160.37.197 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.160.37.197"; classtype:trojan-activity; sid:37890401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip $HOME_NET any -> 154.246.13.166 2078 (msg: "MISP e27177 [ALGTEL-AS,QakBot] Outgoing To IP: 154.246.13.166|2078"; classtype:trojan-activity; sid:37865981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip 222.179.86.126 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.179.86.126"; classtype:trojan-activity; sid:37904451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 172.81.62.205 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.205"; classtype:trojan-activity; sid:37904461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 124.220.234.46 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.234.46"; classtype:trojan-activity; sid:37904471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 120.76.248.117 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.76.248.117"; classtype:trojan-activity; sid:37904481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 112.124.30.24 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.124.30.24"; classtype:trojan-activity; sid:37904491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 106.54.17.91 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.17.91"; classtype:trojan-activity; sid:37904501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 184.105.247.254 any -> $HOME_NET any (msg: "MISP e27285 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.105.247.254"; classtype:trojan-activity; sid:37904371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27285;) alert ip 64.121.4.228 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.121.4.228"; classtype:trojan-activity; sid:37901261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert dns any any -> any any (msg: "MISP e27007 [] Domain furlabags-ireland.com"; dns.query; content:"furlabags-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])furlabags\-ireland\.com$/i"; classtype:trojan-activity; sid:38136631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain furlabags-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"furlabags-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])furlabags\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyirelandoutlet.com"; dns.query; content:"dknyirelandoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyirelandoutlet\.com$/i"; classtype:trojan-activity; sid:38136641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyirelandoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyirelandoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyirelandoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tevashoes-ireland.com"; dns.query; content:"tevashoes-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tevashoes\-ireland\.com$/i"; classtype:trojan-activity; sid:38136651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tevashoes-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tevashoes-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tevashoes\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip 88.203.22.234 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.203.22.234"; classtype:trojan-activity; sid:37901271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 59.96.134.231 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.96.134.231"; classtype:trojan-activity; sid:37901281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip $HOME_NET any -> 154.246.13.166 2078 (msg: "MISP e27166 [] Outgoing To IP: 154.246.13.166|2078"; classtype:trojan-activity; sid:37846341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip 69.75.14.26 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.75.14.26"; classtype:trojan-activity; sid:37901291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 39.171.253.85 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.171.253.85"; classtype:trojan-activity; sid:37901301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 27.150.194.152 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.150.194.152"; classtype:trojan-activity; sid:37901311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 60.16.13.34 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.16.13.34"; classtype:trojan-activity; sid:37901321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 213.32.39.42 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.32.39.42"; classtype:trojan-activity; sid:37901331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 58.208.196.61 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.208.196.61"; classtype:trojan-activity; sid:37901341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 190.4.204.133 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.4.204.133"; classtype:trojan-activity; sid:37901351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 27.16.217.5 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.16.217.5"; classtype:trojan-activity; sid:37901361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 178.32.197.93 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.32.197.93"; classtype:trojan-activity; sid:37901371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 223.13.81.119 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.13.81.119"; classtype:trojan-activity; sid:37901381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 220.134.188.181 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.134.188.181"; classtype:trojan-activity; sid:37901391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 153.204.104.7 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.204.104.7"; classtype:trojan-activity; sid:37901401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 213.251.242.48 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.251.242.48"; classtype:trojan-activity; sid:37901411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 121.228.197.218 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.228.197.218"; classtype:trojan-activity; sid:37901421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 198.235.24.55 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.55"; classtype:trojan-activity; sid:37901431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 117.220.144.42 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.220.144.42"; classtype:trojan-activity; sid:37901441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 179.98.252.243 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.98.252.243"; classtype:trojan-activity; sid:37901451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 111.123.74.208 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.123.74.208"; classtype:trojan-activity; sid:37901461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 176.197.74.188 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.197.74.188"; classtype:trojan-activity; sid:37901471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 89.152.169.44 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.152.169.44"; classtype:trojan-activity; sid:37890411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.224.96.143 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.224.96.143"; classtype:trojan-activity; sid:37901481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 125.228.80.213 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.228.80.213"; classtype:trojan-activity; sid:37901491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 121.236.191.93 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.236.191.93"; classtype:trojan-activity; sid:37901501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 119.51.27.23 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.51.27.23"; classtype:trojan-activity; sid:37901511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 117.243.207.58 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.243.207.58"; classtype:trojan-activity; sid:37901521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 61.75.106.26 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.75.106.26"; classtype:trojan-activity; sid:37890421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 117.215.211.179 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.215.211.179"; classtype:trojan-activity; sid:37901531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 43.153.102.234 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.102.234"; classtype:trojan-activity; sid:37890431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 112.103.129.13 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.129.13"; classtype:trojan-activity; sid:37901541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 39.107.154.222 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.107.154.222"; classtype:trojan-activity; sid:37890441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.228.37.236 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.228.37.236"; classtype:trojan-activity; sid:37901551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 210.16.188.56 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.16.188.56"; classtype:trojan-activity; sid:37890451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 1.20.157.37 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.20.157.37"; classtype:trojan-activity; sid:37901561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 185.242.226.20 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.242.226.20"; classtype:trojan-activity; sid:37890461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.27.85.10 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.27.85.10"; classtype:trojan-activity; sid:37890471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 113.104.23.62 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.104.23.62"; classtype:trojan-activity; sid:37890481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 82.157.166.180 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.166.180"; classtype:trojan-activity; sid:37890491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 64.121.4.230 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.121.4.230"; classtype:trojan-activity; sid:37890501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 60.50.114.236 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.50.114.236"; classtype:trojan-activity; sid:37890511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.155.186.52 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.186.52"; classtype:trojan-activity; sid:37890521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.39.214 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.39.214"; classtype:trojan-activity; sid:37890531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 42.200.149.223 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.200.149.223"; classtype:trojan-activity; sid:37890541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 38.83.108.10 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.83.108.10"; classtype:trojan-activity; sid:37890551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 220.117.6.153 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.117.6.153"; classtype:trojan-activity; sid:37890561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 172.81.60.88 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.60.88"; classtype:trojan-activity; sid:37904511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 205.210.31.247 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.247"; classtype:trojan-activity; sid:37890571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 194.169.175.38 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.169.175.38"; classtype:trojan-activity; sid:37890581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.147.211.10 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.147.211.10"; classtype:trojan-activity; sid:37904521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 185.231.182.142 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.231.182.142"; classtype:trojan-activity; sid:37890591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.132.238.65 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.132.238.65"; classtype:trojan-activity; sid:37904531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 159.65.176.56 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.176.56"; classtype:trojan-activity; sid:37890601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 210.209.145.78 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.209.145.78"; classtype:trojan-activity; sid:37901571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 182.136.216.26 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.136.216.26"; classtype:trojan-activity; sid:37901581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 221.232.0.225 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.232.0.225"; classtype:trojan-activity; sid:37901591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 171.80.127.90 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.80.127.90"; classtype:trojan-activity; sid:37901601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 113.218.205.59 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.218.205.59"; classtype:trojan-activity; sid:37901611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 43.130.16.190 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.16.190"; classtype:trojan-activity; sid:37890611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 123.172.48.53 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.48.53"; classtype:trojan-activity; sid:37901621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 118.174.49.52 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.174.49.52"; classtype:trojan-activity; sid:37901631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 101.71.39.122 any -> $HOME_NET any (msg: "MISP e27272 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.71.39.122"; classtype:trojan-activity; sid:37901641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27272;) alert ip 103.47.184.2 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.47.184.2"; classtype:trojan-activity; sid:37890621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 79.172.210.153 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.172.210.153"; classtype:trojan-activity; sid:37890631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 198.199.114.8 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.114.8"; classtype:trojan-activity; sid:37890641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 172.81.62.124 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.124"; classtype:trojan-activity; sid:37904541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 124.223.115.184 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.115.184"; classtype:trojan-activity; sid:37890651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 118.25.172.143 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.172.143"; classtype:trojan-activity; sid:37904551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 49.51.107.203 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.107.203"; classtype:trojan-activity; sid:37890661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 223.166.248.205 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.166.248.205"; classtype:trojan-activity; sid:37890671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.64.159.13 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.159.13"; classtype:trojan-activity; sid:37890681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.138.113.196 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.138.113.196"; classtype:trojan-activity; sid:37890691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 115.58.130.148 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.58.130.148"; classtype:trojan-activity; sid:37890701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.126.70.112 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.70.112"; classtype:trojan-activity; sid:37890711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.216.70.62 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.216.70.62"; classtype:trojan-activity; sid:37904561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 119.29.247.98 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.247.98"; classtype:trojan-activity; sid:37904571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 97.103.12.220 any -> $HOME_NET any (msg: "MISP e27285 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 97.103.12.220"; classtype:trojan-activity; sid:37904381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27285;) alert ip 125.65.173.8 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.65.173.8"; classtype:trojan-activity; sid:37904581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 121.40.73.234 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.73.234"; classtype:trojan-activity; sid:37904591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 111.229.178.148 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.178.148"; classtype:trojan-activity; sid:37904601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip 103.159.132.180 any -> $HOME_NET any (msg: "MISP e27289 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.159.132.180"; classtype:trojan-activity; sid:37904611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27289;) alert ip $HOME_NET any -> 65.21.101.232 6392 (msg: "MISP e27177 [RedLineStealer] Outgoing To IP: 65.21.101.232|6392"; classtype:trojan-activity; sid:37865991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 65.21.101.232 6392 (msg: "MISP e27166 [] Outgoing To IP: 65.21.101.232|6392"; classtype:trojan-activity; sid:37846351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert dns any any -> any any (msg: "MISP e27079 [] Domain personas.milab.digital"; dns.query; content:"personas.milab.digital"; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital$/i"; classtype:trojan-activity; sid:37774611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27079;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27079 [] Outgoing HTTP Domain personas.milab.digital"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"personas.milab.digital"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])personas\.milab\.digital[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37774612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27079;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27105 [] Outgoing URL http|3a|//mi-tarjetacencosud-cl.marahmedia.co.zw/"; flow:to_server,established; http.header; content:"mi-tarjetacencosud-cl.marahmedia.co.zw"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37775331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27105;) alert dns any any -> any any (msg: "MISP e27105 [] Domain mi-tarjetacencosud-cl.marahmedia.co.zw"; dns.query; content:"mi-tarjetacencosud-cl.marahmedia.co.zw"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.marahmedia\.co\.zw$/i"; classtype:trojan-activity; sid:37775341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27105;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27105 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.marahmedia.co.zw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.marahmedia.co.zw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.marahmedia\.co\.zw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37775342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27105;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27286 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//ricohltd.top/pages/microzx.scr"; flow:to_server,established; http.header; content:"ricohltd.top"; fast_pattern; nocase; http.uri; content:"/pages/microzx.scr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37904391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27286;) alert ip $HOME_NET any -> 191.88.250.63 4203 (msg: "MISP e27177 [asyncrat,RAT] Outgoing To IP: 191.88.250.63|4203"; classtype:trojan-activity; sid:37866001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert ip $HOME_NET any -> 191.88.250.63 4203 (msg: "MISP e27166 [] Outgoing To IP: 191.88.250.63|4203"; classtype:trojan-activity; sid:37846361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27166;) alert ip $HOME_NET any -> 49.234.185.12 443 (msg: "MISP e27177 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 49.234.185.12|443"; classtype:trojan-activity; sid:37866021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e27177 [CobaltStrike] Outgoing URL http|3a|//pickilish.com|3a|443/wp-content/chunky/"; flow:to_server,established; http.header; content:"pickilish.com"; fast_pattern; nocase; http.uri; content:"/wp-content/chunky/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37866031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e27177 [CobaltStrike] Outgoing URL http|3a|//pickilish.com|3a|443/wp-content/unsalted-condensed-soups/"; flow:to_server,established; http.header; content:"pickilish.com"; fast_pattern; nocase; http.uri; content:"/wp-content/unsalted-condensed-soups/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37866041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27177;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e27262 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing URL http|3a|//pickilish.com|3a|443/wp-content/unsalted-condensed-soups/"; flow:to_server,established; http.header; content:"pickilish.com"; fast_pattern; nocase; http.uri; content:"/wp-content/unsalted-condensed-soups/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37890141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27262;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e27262 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing URL http|3a|//pickilish.com|3a|443/wp-content/chunky/"; flow:to_server,established; http.header; content:"pickilish.com"; fast_pattern; nocase; http.uri; content:"/wp-content/chunky/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37890151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27262;) alert ip $HOME_NET any -> 49.234.185.12 443 (msg: "MISP e27262 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing To IP: 49.234.185.12|443"; classtype:trojan-activity; sid:37890171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27262;) alert ip 181.127.135.242 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.127.135.242"; classtype:trojan-activity; sid:37890721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 206.189.137.254 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.137.254"; classtype:trojan-activity; sid:37890731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 82.165.73.209 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.165.73.209"; classtype:trojan-activity; sid:37890741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.125.66.106 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.125.66.106"; classtype:trojan-activity; sid:37890751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 5.196.14.147 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.196.14.147"; classtype:trojan-activity; sid:37890761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 180.101.88.201 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.201"; classtype:trojan-activity; sid:37890771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.44.169 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.44.169"; classtype:trojan-activity; sid:37890781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 213.6.49.84 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.6.49.84"; classtype:trojan-activity; sid:37890791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.55.199.208 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.55.199.208"; classtype:trojan-activity; sid:37890801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.32.31.213 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.31.213"; classtype:trojan-activity; sid:37890811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.131.10.72 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.10.72"; classtype:trojan-activity; sid:37890821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.134.245.91 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.134.245.91"; classtype:trojan-activity; sid:37890831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 147.78.102.96 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.78.102.96"; classtype:trojan-activity; sid:37890841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 197.153.57.103 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.153.57.103"; classtype:trojan-activity; sid:37890851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.69.84.170 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.69.84.170"; classtype:trojan-activity; sid:37890861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 154.68.18.82 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.68.18.82"; classtype:trojan-activity; sid:37890871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.28.122.154 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.122.154"; classtype:trojan-activity; sid:37890881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.59.228 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.59.228"; classtype:trojan-activity; sid:37890891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 123.200.17.60 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.200.17.60"; classtype:trojan-activity; sid:37890901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 125.20.39.107 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.20.39.107"; classtype:trojan-activity; sid:37890911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 123.24.206.100 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.24.206.100"; classtype:trojan-activity; sid:37890921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 20.141.110.74 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.141.110.74"; classtype:trojan-activity; sid:37890931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 116.67.215.15 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.67.215.15"; classtype:trojan-activity; sid:37890941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.157.43.162 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.43.162"; classtype:trojan-activity; sid:37890951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 206.189.25.203 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.25.203"; classtype:trojan-activity; sid:37890961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 212.70.149.150 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.70.149.150"; classtype:trojan-activity; sid:37890971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.135.145.141 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.145.141"; classtype:trojan-activity; sid:37890981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 180.151.42.94 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.151.42.94"; classtype:trojan-activity; sid:37890991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 109.167.197.20 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.167.197.20"; classtype:trojan-activity; sid:37891001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 143.110.230.140 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.230.140"; classtype:trojan-activity; sid:37891011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 152.42.168.228 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.42.168.228"; classtype:trojan-activity; sid:37891021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 187.190.112.180 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.190.112.180"; classtype:trojan-activity; sid:37891031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.129.26.14 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.26.14"; classtype:trojan-activity; sid:37891041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 161.35.30.182 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.30.182"; classtype:trojan-activity; sid:37891051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 98.142.141.184 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 98.142.141.184"; classtype:trojan-activity; sid:37891061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.9.174 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.9.174"; classtype:trojan-activity; sid:37891071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 2.189.254.139 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.189.254.139"; classtype:trojan-activity; sid:37891081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 20.232.18.198 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.232.18.198"; classtype:trojan-activity; sid:37891091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 20.107.203.197 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.107.203.197"; classtype:trojan-activity; sid:37891101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 46.41.143.77 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.41.143.77"; classtype:trojan-activity; sid:37891111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 203.195.195.147 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.195.195.147"; classtype:trojan-activity; sid:37891121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.135.162.50 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.162.50"; classtype:trojan-activity; sid:37891131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 115.243.51.155 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.243.51.155"; classtype:trojan-activity; sid:37891141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 54.39.144.25 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.39.144.25"; classtype:trojan-activity; sid:37891151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.221.76.125 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.221.76.125"; classtype:trojan-activity; sid:37891161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 177.242.148.126 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.242.148.126"; classtype:trojan-activity; sid:37891171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.45.237.141 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.237.141"; classtype:trojan-activity; sid:37891181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.100.53.72 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.100.53.72"; classtype:trojan-activity; sid:37891191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 168.187.166.250 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.187.166.250"; classtype:trojan-activity; sid:37891201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.218.44 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.218.44"; classtype:trojan-activity; sid:37891211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.94.198 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.94.198"; classtype:trojan-activity; sid:37891221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 156.236.73.30 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.73.30"; classtype:trojan-activity; sid:37891231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.42.25.231 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.25.231"; classtype:trojan-activity; sid:37891241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 146.19.191.21 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.19.191.21"; classtype:trojan-activity; sid:37891251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 221.229.99.137 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.229.99.137"; classtype:trojan-activity; sid:37891261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 186.83.56.75 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.83.56.75"; classtype:trojan-activity; sid:37891271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 77.231.23.91 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.231.23.91"; classtype:trojan-activity; sid:37891281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 111.92.240.206 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.92.240.206"; classtype:trojan-activity; sid:37891291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 50.223.37.170 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.223.37.170"; classtype:trojan-activity; sid:37891301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.151.35 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.151.35"; classtype:trojan-activity; sid:37891311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 79.124.62.59 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.124.62.59"; classtype:trojan-activity; sid:37891321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 64.226.117.7 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.226.117.7"; classtype:trojan-activity; sid:37891331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.126.35.124 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.35.124"; classtype:trojan-activity; sid:37891341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.247.31.251 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.247.31.251"; classtype:trojan-activity; sid:37891351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.75.240.229 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.240.229"; classtype:trojan-activity; sid:37891361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.10.44.7 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.10.44.7"; classtype:trojan-activity; sid:37891371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.64.184.248 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.184.248"; classtype:trojan-activity; sid:37891381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.193.248 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.193.248"; classtype:trojan-activity; sid:37891391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 183.88.237.149 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.88.237.149"; classtype:trojan-activity; sid:37891401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 79.101.52.185 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.101.52.185"; classtype:trojan-activity; sid:37891411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.28.233.250 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.233.250"; classtype:trojan-activity; sid:37891421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 68.183.223.68 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.223.68"; classtype:trojan-activity; sid:37891431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.204.74.149 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.204.74.149"; classtype:trojan-activity; sid:37891441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.226.217.227 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.226.217.227"; classtype:trojan-activity; sid:37891451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.130.219.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.219.202"; classtype:trojan-activity; sid:37891461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 105.174.43.194 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 105.174.43.194"; classtype:trojan-activity; sid:37891471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 186.75.154.14 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.75.154.14"; classtype:trojan-activity; sid:37891481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 221.237.29.4 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.237.29.4"; classtype:trojan-activity; sid:37891491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 154.8.163.253 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.8.163.253"; classtype:trojan-activity; sid:37891501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 95.130.227.116 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.130.227.116"; classtype:trojan-activity; sid:37891511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.210.207 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.210.207"; classtype:trojan-activity; sid:37891521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 38.7.14.118 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.7.14.118"; classtype:trojan-activity; sid:37891531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 117.102.82.13 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.102.82.13"; classtype:trojan-activity; sid:37891541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 195.24.66.58 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.24.66.58"; classtype:trojan-activity; sid:37891551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 65.108.244.210 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.108.244.210"; classtype:trojan-activity; sid:37891561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 156.232.11.32 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.232.11.32"; classtype:trojan-activity; sid:37891571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 162.62.61.159 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.61.159"; classtype:trojan-activity; sid:37891581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 174.138.29.148 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.29.148"; classtype:trojan-activity; sid:37891591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 62.193.106.227 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.193.106.227"; classtype:trojan-activity; sid:37891601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 209.38.242.40 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.38.242.40"; classtype:trojan-activity; sid:37891611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 152.32.207.115 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.207.115"; classtype:trojan-activity; sid:37891621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.170.5.101 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.170.5.101"; classtype:trojan-activity; sid:37891631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 13.88.11.95 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.88.11.95"; classtype:trojan-activity; sid:37891641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 222.77.96.62 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.77.96.62"; classtype:trojan-activity; sid:37891651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.248.41.218 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.41.218"; classtype:trojan-activity; sid:37891661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.141.215.21 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.141.215.21"; classtype:trojan-activity; sid:37891671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 146.59.233.75 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.59.233.75"; classtype:trojan-activity; sid:37891681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 50.173.49.248 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.173.49.248"; classtype:trojan-activity; sid:37891691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 112.196.70.142 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.196.70.142"; classtype:trojan-activity; sid:37891701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.176.78.125 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.176.78.125"; classtype:trojan-activity; sid:37891711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 114.132.175.10 any -> $HOME_NET any (msg: "MISP e27265 [] Incoming From IP: 114.132.175.10"; classtype:trojan-activity; sid:37891721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.51.178.89 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.178.89"; classtype:trojan-activity; sid:37891731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 82.67.7.178 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.67.7.178"; classtype:trojan-activity; sid:37891741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 77.87.122.117 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.87.122.117"; classtype:trojan-activity; sid:37891751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.157.47.7 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.47.7"; classtype:trojan-activity; sid:37891761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 202.51.214.99 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.51.214.99"; classtype:trojan-activity; sid:37891771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.94.187 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.94.187"; classtype:trojan-activity; sid:37891781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 143.110.225.182 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.225.182"; classtype:trojan-activity; sid:37891791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 111.43.75.100 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.43.75.100"; classtype:trojan-activity; sid:37891801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 212.83.144.11 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.83.144.11"; classtype:trojan-activity; sid:37891811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.33.79.47 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.79.47"; classtype:trojan-activity; sid:37891821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.52.94 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.52.94"; classtype:trojan-activity; sid:37891831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 139.177.99.235 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.177.99.235"; classtype:trojan-activity; sid:37891841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 128.199.161.227 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.161.227"; classtype:trojan-activity; sid:37891851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 59.152.52.156 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.152.52.156"; classtype:trojan-activity; sid:37891861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.114.233 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.114.233"; classtype:trojan-activity; sid:37891871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 61.95.138.227 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.95.138.227"; classtype:trojan-activity; sid:37891881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 187.95.160.53 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.95.160.53"; classtype:trojan-activity; sid:37891891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 1.14.20.112 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.20.112"; classtype:trojan-activity; sid:37891901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.64.159.16 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.159.16"; classtype:trojan-activity; sid:37891911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.109.196.39 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.196.39"; classtype:trojan-activity; sid:37891921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 89.23.113.191 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.23.113.191"; classtype:trojan-activity; sid:37891931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 154.211.12.218 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.211.12.218"; classtype:trojan-activity; sid:37891941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 51.178.41.226 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.178.41.226"; classtype:trojan-activity; sid:37891951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 167.172.112.115 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.112.115"; classtype:trojan-activity; sid:37891961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 117.50.185.16 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.185.16"; classtype:trojan-activity; sid:37891971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 115.20.185.86 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.20.185.86"; classtype:trojan-activity; sid:37891981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.130.244.94 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.244.94"; classtype:trojan-activity; sid:37891991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 85.73.86.117 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.73.86.117"; classtype:trojan-activity; sid:37892001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.126.8.102 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.126.8.102"; classtype:trojan-activity; sid:37892011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 175.178.153.135 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.153.135"; classtype:trojan-activity; sid:37892021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.233.205 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.233.205"; classtype:trojan-activity; sid:37892031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 89.232.73.146 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.232.73.146"; classtype:trojan-activity; sid:37892041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.220.101.110 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.110"; classtype:trojan-activity; sid:37892051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.100.209.231 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.100.209.231"; classtype:trojan-activity; sid:37892061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 154.201.81.214 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.201.81.214"; classtype:trojan-activity; sid:37892071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.13.139.52 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.13.139.52"; classtype:trojan-activity; sid:37892081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 1.14.207.100 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.207.100"; classtype:trojan-activity; sid:37892091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.200.8 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.200.8"; classtype:trojan-activity; sid:37892101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 106.52.60.29 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.60.29"; classtype:trojan-activity; sid:37892111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.60.228 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.60.228"; classtype:trojan-activity; sid:37892121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 209.250.233.253 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.250.233.253"; classtype:trojan-activity; sid:37892131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.198.112 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.198.112"; classtype:trojan-activity; sid:37892141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.114.18 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.114.18"; classtype:trojan-activity; sid:37892151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 39.184.216.4 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.184.216.4"; classtype:trojan-activity; sid:37892161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 125.63.54.20 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.63.54.20"; classtype:trojan-activity; sid:37892171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.32.241.188 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.241.188"; classtype:trojan-activity; sid:37892181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.140.194.115 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.140.194.115"; classtype:trojan-activity; sid:37892191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.248.150.105 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.150.105"; classtype:trojan-activity; sid:37892201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 23.224.198.76 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.224.198.76"; classtype:trojan-activity; sid:37892211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.229.30 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.229.30"; classtype:trojan-activity; sid:37892221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 106.13.206.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.206.202"; classtype:trojan-activity; sid:37892231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.250.50.16 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.16"; classtype:trojan-activity; sid:37892241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 180.76.139.58 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.139.58"; classtype:trojan-activity; sid:37892251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 219.144.67.60 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.144.67.60"; classtype:trojan-activity; sid:37892261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.205.110 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.205.110"; classtype:trojan-activity; sid:37892271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 162.247.74.200 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.247.74.200"; classtype:trojan-activity; sid:37892281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 221.159.122.180 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.159.122.180"; classtype:trojan-activity; sid:37892291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 178.33.138.237 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.33.138.237"; classtype:trojan-activity; sid:37892301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 196.0.120.211 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.0.120.211"; classtype:trojan-activity; sid:37892311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 128.199.202.79 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.202.79"; classtype:trojan-activity; sid:37892321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.64.217.126 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.217.126"; classtype:trojan-activity; sid:37892331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.41.93 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.41.93"; classtype:trojan-activity; sid:37892341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.196.145 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.196.145"; classtype:trojan-activity; sid:37892351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 162.14.82.214 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.82.214"; classtype:trojan-activity; sid:37892361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 162.62.53.228 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.53.228"; classtype:trojan-activity; sid:37892371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 42.96.47.162 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.96.47.162"; classtype:trojan-activity; sid:37892381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.106.101.133 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.101.133"; classtype:trojan-activity; sid:37892391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.131.25.135 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.25.135"; classtype:trojan-activity; sid:37892401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 177.38.10.144 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.38.10.144"; classtype:trojan-activity; sid:37892411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 148.135.118.84 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.135.118.84"; classtype:trojan-activity; sid:37892421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.145.4.35 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.145.4.35"; classtype:trojan-activity; sid:37892431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 178.128.103.149 any -> $HOME_NET any (msg: "MISP e27265 [] Incoming From IP: 178.128.103.149"; classtype:trojan-activity; sid:37892441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 84.215.9.161 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.215.9.161"; classtype:trojan-activity; sid:37892451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.131.234.198 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.234.198"; classtype:trojan-activity; sid:37892461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 218.149.19.39 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.149.19.39"; classtype:trojan-activity; sid:37892471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.161.248.183 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.161.248.183"; classtype:trojan-activity; sid:37892481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.194.50 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.194.50"; classtype:trojan-activity; sid:37892491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.28.201.74 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.201.74"; classtype:trojan-activity; sid:37892501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 202.185.181.42 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.185.181.42"; classtype:trojan-activity; sid:37892511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 195.19.97.203 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.19.97.203"; classtype:trojan-activity; sid:37892521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.231.0.115 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.231.0.115"; classtype:trojan-activity; sid:37892531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.64.3.61 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.64.3.61"; classtype:trojan-activity; sid:37892541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 181.114.109.54 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.114.109.54"; classtype:trojan-activity; sid:37892551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.145.89 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.145.89"; classtype:trojan-activity; sid:37892561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.139.58.173 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.139.58.173"; classtype:trojan-activity; sid:37892571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 192.34.85.157 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.34.85.157"; classtype:trojan-activity; sid:37892581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.172.221 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.172.221"; classtype:trojan-activity; sid:37892591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 94.103.124.74 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.103.124.74"; classtype:trojan-activity; sid:37892601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.241.208.204 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.241.208.204"; classtype:trojan-activity; sid:37892611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 120.48.162.75 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.162.75"; classtype:trojan-activity; sid:37892621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 162.62.53.103 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.53.103"; classtype:trojan-activity; sid:37892631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.97.219 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.97.219"; classtype:trojan-activity; sid:37892641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 156.236.71.21 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.71.21"; classtype:trojan-activity; sid:37892651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 14.224.160.150 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.224.160.150"; classtype:trojan-activity; sid:37892661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.109.13.165 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.13.165"; classtype:trojan-activity; sid:37892671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.213.118 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.213.118"; classtype:trojan-activity; sid:37892681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 157.245.48.250 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.48.250"; classtype:trojan-activity; sid:37892691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.245.206 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.245.206"; classtype:trojan-activity; sid:37892701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.103.182 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.103.182"; classtype:trojan-activity; sid:37892711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 192.81.211.213 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.81.211.213"; classtype:trojan-activity; sid:37892721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 27.128.113.214 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.113.214"; classtype:trojan-activity; sid:37892731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 1.212.197.132 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.212.197.132"; classtype:trojan-activity; sid:37892741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 122.194.9.235 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.194.9.235"; classtype:trojan-activity; sid:37892751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.174.114.206 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.174.114.206"; classtype:trojan-activity; sid:37892761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.29.252.197 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.252.197"; classtype:trojan-activity; sid:37892771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 14.51.236.218 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.51.236.218"; classtype:trojan-activity; sid:37892781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 78.47.68.20 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.47.68.20"; classtype:trojan-activity; sid:37892791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 164.90.236.141 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.236.141"; classtype:trojan-activity; sid:37892801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 198.20.246.131 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.20.246.131"; classtype:trojan-activity; sid:37892811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 51.77.245.237 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.77.245.237"; classtype:trojan-activity; sid:37892821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.208.45 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.208.45"; classtype:trojan-activity; sid:37892831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 115.241.83.2 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.241.83.2"; classtype:trojan-activity; sid:37892841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.101.97 any -> $HOME_NET any (msg: "MISP e27265 [] Incoming From IP: 43.128.101.97"; classtype:trojan-activity; sid:37892851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.64.193.46 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.193.46"; classtype:trojan-activity; sid:37892861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 183.56.226.5 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.226.5"; classtype:trojan-activity; sid:37892871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.41.124 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.41.124"; classtype:trojan-activity; sid:37892881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.203.170.197 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.170.197"; classtype:trojan-activity; sid:37892891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 68.168.142.91 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.168.142.91"; classtype:trojan-activity; sid:37892901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.129.185.108 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.185.108"; classtype:trojan-activity; sid:37892911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.33.241.242 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.241.242"; classtype:trojan-activity; sid:37892921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.223.193.55 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.193.55"; classtype:trojan-activity; sid:37892931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.176.71 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.176.71"; classtype:trojan-activity; sid:37892941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 81.170.198.226 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.170.198.226"; classtype:trojan-activity; sid:37892951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 157.230.60.143 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.60.143"; classtype:trojan-activity; sid:37892961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 121.156.118.253 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.156.118.253"; classtype:trojan-activity; sid:37892971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 121.229.27.236 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.229.27.236"; classtype:trojan-activity; sid:37892981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.18.214 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.18.214"; classtype:trojan-activity; sid:37892991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.206.47 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.47"; classtype:trojan-activity; sid:37893001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 206.189.137.237 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.137.237"; classtype:trojan-activity; sid:37893011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 137.184.185.209 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.185.209"; classtype:trojan-activity; sid:37893021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 110.153.50.19 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.153.50.19"; classtype:trojan-activity; sid:37893031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 40.83.182.122 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 40.83.182.122"; classtype:trojan-activity; sid:37893041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 118.89.122.204 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.122.204"; classtype:trojan-activity; sid:37893051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 83.142.225.116 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.142.225.116"; classtype:trojan-activity; sid:37893061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.120.69.236 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.120.69.236"; classtype:trojan-activity; sid:37893071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 200.98.136.42 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.98.136.42"; classtype:trojan-activity; sid:37893081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.155.169.70 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.169.70"; classtype:trojan-activity; sid:37893091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 122.194.9.201 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.194.9.201"; classtype:trojan-activity; sid:37893101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.225.195 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.225.195"; classtype:trojan-activity; sid:37893111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.109.18.29 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.18.29"; classtype:trojan-activity; sid:37893121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 109.71.254.6 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.71.254.6"; classtype:trojan-activity; sid:37893131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 95.164.19.78 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.164.19.78"; classtype:trojan-activity; sid:37893141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 116.98.167.116 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.98.167.116"; classtype:trojan-activity; sid:37893151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 37.152.183.13 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.152.183.13"; classtype:trojan-activity; sid:37893161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 1.234.31.121 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.234.31.121"; classtype:trojan-activity; sid:37893171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.28.119.42 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.119.42"; classtype:trojan-activity; sid:37893181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.84.162.27 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.84.162.27"; classtype:trojan-activity; sid:37893191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 89.144.202.171 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.144.202.171"; classtype:trojan-activity; sid:37893201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.162.193 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.162.193"; classtype:trojan-activity; sid:37893211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.238.70 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.238.70"; classtype:trojan-activity; sid:37893221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.131.251.247 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.251.247"; classtype:trojan-activity; sid:37893231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 190.147.213.31 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.147.213.31"; classtype:trojan-activity; sid:37893241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 122.114.113.177 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.113.177"; classtype:trojan-activity; sid:37893251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 27.254.235.13 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.254.235.13"; classtype:trojan-activity; sid:37893261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 24.49.234.209 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.49.234.209"; classtype:trojan-activity; sid:37893271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 137.184.123.14 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.123.14"; classtype:trojan-activity; sid:37893281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.168.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.168.202"; classtype:trojan-activity; sid:37893291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 146.59.80.142 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.59.80.142"; classtype:trojan-activity; sid:37893301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 85.193.83.131 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.193.83.131"; classtype:trojan-activity; sid:37893311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.201.25 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.201.25"; classtype:trojan-activity; sid:37893321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.102.58 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.102.58"; classtype:trojan-activity; sid:37893331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 180.101.88.223 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.223"; classtype:trojan-activity; sid:37893341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.73.172 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.73.172"; classtype:trojan-activity; sid:37893351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.222.229.134 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.229.134"; classtype:trojan-activity; sid:37893361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 152.32.188.4 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.188.4"; classtype:trojan-activity; sid:37893371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.4.194 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.4.194"; classtype:trojan-activity; sid:37893381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.95.72 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.95.72"; classtype:trojan-activity; sid:37893391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 157.230.29.147 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.29.147"; classtype:trojan-activity; sid:37893401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.215.182 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.215.182"; classtype:trojan-activity; sid:37893411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 210.91.73.167 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.91.73.167"; classtype:trojan-activity; sid:37893421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 82.207.9.150 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.207.9.150"; classtype:trojan-activity; sid:37893431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.155.170.94 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.170.94"; classtype:trojan-activity; sid:37893441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.164.76.148 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.164.76.148"; classtype:trojan-activity; sid:37893451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 144.24.0.226 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.24.0.226"; classtype:trojan-activity; sid:37893461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.241.129 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.241.129"; classtype:trojan-activity; sid:37893471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 149.56.45.104 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.56.45.104"; classtype:trojan-activity; sid:37893481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.92.4 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.92.4"; classtype:trojan-activity; sid:37893491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 120.77.170.213 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.77.170.213"; classtype:trojan-activity; sid:37893501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 206.189.80.114 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.80.114"; classtype:trojan-activity; sid:37893511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 24.185.157.205 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.185.157.205"; classtype:trojan-activity; sid:37893521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.122.147 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.122.147"; classtype:trojan-activity; sid:37893531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.46.253 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.46.253"; classtype:trojan-activity; sid:37893541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 203.190.55.194 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.190.55.194"; classtype:trojan-activity; sid:37893551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 162.19.208.138 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.19.208.138"; classtype:trojan-activity; sid:37893561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.237.73 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.237.73"; classtype:trojan-activity; sid:37893571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.170.8.134 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.170.8.134"; classtype:trojan-activity; sid:37893581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.29.233.11 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.233.11"; classtype:trojan-activity; sid:37893591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.213.167.10 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.213.167.10"; classtype:trojan-activity; sid:37893601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.109.196.241 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.196.241"; classtype:trojan-activity; sid:37893611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.220.63.230 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.63.230"; classtype:trojan-activity; sid:37893621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.171.118 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.171.118"; classtype:trojan-activity; sid:37893631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.62.96 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.62.96"; classtype:trojan-activity; sid:37893641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.164.198 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.164.198"; classtype:trojan-activity; sid:37893651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.245.37 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.245.37"; classtype:trojan-activity; sid:37893661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.213.53 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.213.53"; classtype:trojan-activity; sid:37893671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 217.196.103.125 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.196.103.125"; classtype:trojan-activity; sid:37893681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 31.24.200.23 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.24.200.23"; classtype:trojan-activity; sid:37893691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.157.252 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.157.252"; classtype:trojan-activity; sid:37893701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.26.136.173 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.26.136.173"; classtype:trojan-activity; sid:37893711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.139.131 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.139.131"; classtype:trojan-activity; sid:37893721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 113.17.16.181 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.17.16.181"; classtype:trojan-activity; sid:37893731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.223.219.9 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.219.9"; classtype:trojan-activity; sid:37893741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.163.119.106 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.163.119.106"; classtype:trojan-activity; sid:37893751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 97.107.139.64 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 97.107.139.64"; classtype:trojan-activity; sid:37893761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.20.209.253 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.20.209.253"; classtype:trojan-activity; sid:37893771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 91.199.27.148 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.199.27.148"; classtype:trojan-activity; sid:37893781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 106.55.14.235 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.14.235"; classtype:trojan-activity; sid:37893791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 180.76.124.150 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.124.150"; classtype:trojan-activity; sid:37893801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.3.137 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.3.137"; classtype:trojan-activity; sid:37893811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.73.126 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.73.126"; classtype:trojan-activity; sid:37893821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 27.254.235.12 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.254.235.12"; classtype:trojan-activity; sid:37893831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 89.208.105.254 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.208.105.254"; classtype:trojan-activity; sid:37893841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.197.170 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.197.170"; classtype:trojan-activity; sid:37893851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 61.246.80.58 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.246.80.58"; classtype:trojan-activity; sid:37893861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.136.21.205 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.21.205"; classtype:trojan-activity; sid:37893871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 34.16.124.243 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.16.124.243"; classtype:trojan-activity; sid:37893881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 59.12.160.91 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.12.160.91"; classtype:trojan-activity; sid:37893891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.148.13.227 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.148.13.227"; classtype:trojan-activity; sid:37893901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.235.224.14 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.235.224.14"; classtype:trojan-activity; sid:37893911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.140.50 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.140.50"; classtype:trojan-activity; sid:37893921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 42.192.40.17 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.40.17"; classtype:trojan-activity; sid:37893931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 193.141.126.246 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.141.126.246"; classtype:trojan-activity; sid:37893941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 86.104.14.67 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.104.14.67"; classtype:trojan-activity; sid:37893951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.3.210 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.3.210"; classtype:trojan-activity; sid:37893961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.80.253 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.80.253"; classtype:trojan-activity; sid:37893971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 61.185.15.118 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.185.15.118"; classtype:trojan-activity; sid:37893981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 113.125.180.33 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.125.180.33"; classtype:trojan-activity; sid:37893991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.126.69.176 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.69.176"; classtype:trojan-activity; sid:37894001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 201.149.49.146 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.149.49.146"; classtype:trojan-activity; sid:37894011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 106.228.23.198 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.228.23.198"; classtype:trojan-activity; sid:37894021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 176.109.70.8 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.109.70.8"; classtype:trojan-activity; sid:37894031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.126.69.200 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.69.200"; classtype:trojan-activity; sid:37894041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 161.35.2.108 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.2.108"; classtype:trojan-activity; sid:37894051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.137.75.74 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.137.75.74"; classtype:trojan-activity; sid:37894061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.155.164.53 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.164.53"; classtype:trojan-activity; sid:37894071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 210.18.176.95 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.18.176.95"; classtype:trojan-activity; sid:37894081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 77.91.78.115 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.91.78.115"; classtype:trojan-activity; sid:37894091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.135.176.22 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.176.22"; classtype:trojan-activity; sid:37894101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 175.6.141.237 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.141.237"; classtype:trojan-activity; sid:37894111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.64.159.121 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.159.121"; classtype:trojan-activity; sid:37894121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 59.110.172.170 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.110.172.170"; classtype:trojan-activity; sid:37894131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.158.45.102 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.45.102"; classtype:trojan-activity; sid:37894141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 20.172.209.224 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.172.209.224"; classtype:trojan-activity; sid:37894151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.250.50.97 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.97"; classtype:trojan-activity; sid:37894161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 183.56.167.10 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.167.10"; classtype:trojan-activity; sid:37894171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.93.85 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.93.85"; classtype:trojan-activity; sid:37894181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 117.50.184.163 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.184.163"; classtype:trojan-activity; sid:37894191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.130.44.53 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.44.53"; classtype:trojan-activity; sid:37894201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.153.104.129 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.153.104.129"; classtype:trojan-activity; sid:37894211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.176.238 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.176.238"; classtype:trojan-activity; sid:37894221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.42.22.126 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.22.126"; classtype:trojan-activity; sid:37894231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 54.38.243.250 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.38.243.250"; classtype:trojan-activity; sid:37894241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 157.230.44.66 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.44.66"; classtype:trojan-activity; sid:37894251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 158.51.96.38 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.51.96.38"; classtype:trojan-activity; sid:37894261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 213.96.247.143 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.96.247.143"; classtype:trojan-activity; sid:37894271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 46.101.200.26 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.200.26"; classtype:trojan-activity; sid:37894281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 154.221.19.48 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.221.19.48"; classtype:trojan-activity; sid:37894291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.234.47 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.234.47"; classtype:trojan-activity; sid:37894301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 155.248.240.112 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 155.248.240.112"; classtype:trojan-activity; sid:37894311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.102.172 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.102.172"; classtype:trojan-activity; sid:37894321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.210.40 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.210.40"; classtype:trojan-activity; sid:37894331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 14.225.239.78 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.225.239.78"; classtype:trojan-activity; sid:37894341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.97.98 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.97.98"; classtype:trojan-activity; sid:37894351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 115.91.84.132 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.91.84.132"; classtype:trojan-activity; sid:37894361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 20.240.160.240 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.240.160.240"; classtype:trojan-activity; sid:37894371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.131.235.215 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.235.215"; classtype:trojan-activity; sid:37894381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 64.227.133.133 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.133.133"; classtype:trojan-activity; sid:37894391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 158.180.65.241 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.180.65.241"; classtype:trojan-activity; sid:37894401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.193.45 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.193.45"; classtype:trojan-activity; sid:37894411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 128.199.224.131 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.224.131"; classtype:trojan-activity; sid:37894421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 37.47.245.209 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.47.245.209"; classtype:trojan-activity; sid:37894431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 157.230.185.9 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.185.9"; classtype:trojan-activity; sid:37894441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 190.12.52.199 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.12.52.199"; classtype:trojan-activity; sid:37894451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 154.209.4.193 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.209.4.193"; classtype:trojan-activity; sid:37894461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 54.37.11.85 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.37.11.85"; classtype:trojan-activity; sid:37894471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.81.19.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.81.19.202"; classtype:trojan-activity; sid:37894481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 107.175.219.29 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.175.219.29"; classtype:trojan-activity; sid:37894491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 134.209.100.51 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.100.51"; classtype:trojan-activity; sid:37894501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.183.213 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.183.213"; classtype:trojan-activity; sid:37894511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.3.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.3.202"; classtype:trojan-activity; sid:37894521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.250.37.159 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.250.37.159"; classtype:trojan-activity; sid:37894531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.63.131 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.63.131"; classtype:trojan-activity; sid:37894541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.118.146.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.118.146.202"; classtype:trojan-activity; sid:37894551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.143.72.99 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.72.99"; classtype:trojan-activity; sid:37894561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 69.49.231.8 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.49.231.8"; classtype:trojan-activity; sid:37894571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 36.137.0.106 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.0.106"; classtype:trojan-activity; sid:37894581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 70.54.182.130 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 70.54.182.130"; classtype:trojan-activity; sid:37894591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.170.246 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.170.246"; classtype:trojan-activity; sid:37894601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 31.173.15.220 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.173.15.220"; classtype:trojan-activity; sid:37894611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 143.198.87.223 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.87.223"; classtype:trojan-activity; sid:37894621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 106.240.228.244 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.240.228.244"; classtype:trojan-activity; sid:37894631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 106.51.254.230 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.51.254.230"; classtype:trojan-activity; sid:37894641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.224.177.195 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.224.177.195"; classtype:trojan-activity; sid:37894651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.145.162 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.145.162"; classtype:trojan-activity; sid:37894661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.131.254.59 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.254.59"; classtype:trojan-activity; sid:37894671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.115.217.106 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.115.217.106"; classtype:trojan-activity; sid:37894681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.124.189 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.124.189"; classtype:trojan-activity; sid:37894691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.248.54.24 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.54.24"; classtype:trojan-activity; sid:37894701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 162.62.225.51 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.225.51"; classtype:trojan-activity; sid:37894711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 133.18.229.190 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 133.18.229.190"; classtype:trojan-activity; sid:37894721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 146.19.207.155 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.19.207.155"; classtype:trojan-activity; sid:37894731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 190.104.3.139 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.104.3.139"; classtype:trojan-activity; sid:37894741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 165.154.170.163 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.170.163"; classtype:trojan-activity; sid:37894751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 118.33.118.122 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.33.118.122"; classtype:trojan-activity; sid:37894761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.70.4 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.70.4"; classtype:trojan-activity; sid:37894771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.115.131.115 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.115.131.115"; classtype:trojan-activity; sid:37894781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.117.99 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.117.99"; classtype:trojan-activity; sid:37894791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.64.85 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.64.85"; classtype:trojan-activity; sid:37894801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.39.100 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.39.100"; classtype:trojan-activity; sid:37894811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 120.28.109.188 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.28.109.188"; classtype:trojan-activity; sid:37894821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 146.56.46.76 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.56.46.76"; classtype:trojan-activity; sid:37894831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.26.106 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.26.106"; classtype:trojan-activity; sid:37894841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.48.7 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.48.7"; classtype:trojan-activity; sid:37894851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 193.151.141.108 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.141.108"; classtype:trojan-activity; sid:37894861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.15.193 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.15.193"; classtype:trojan-activity; sid:37894871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 196.127.18.191 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.127.18.191"; classtype:trojan-activity; sid:37894881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.48.222 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.48.222"; classtype:trojan-activity; sid:37894891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.188.222 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.188.222"; classtype:trojan-activity; sid:37894901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 206.189.102.172 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.102.172"; classtype:trojan-activity; sid:37894911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 162.62.119.96 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.119.96"; classtype:trojan-activity; sid:37894921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 192.241.171.230 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.171.230"; classtype:trojan-activity; sid:37894931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 178.128.30.106 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.30.106"; classtype:trojan-activity; sid:37894941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.93.69 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.93.69"; classtype:trojan-activity; sid:37894951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.39.136 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.39.136"; classtype:trojan-activity; sid:37894961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 179.1.85.121 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.1.85.121"; classtype:trojan-activity; sid:37894971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.206.226.51 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.206.226.51"; classtype:trojan-activity; sid:37894981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 210.87.195.112 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.87.195.112"; classtype:trojan-activity; sid:37894991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.214.214 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.214.214"; classtype:trojan-activity; sid:37895001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 182.44.26.149 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.44.26.149"; classtype:trojan-activity; sid:37895011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.109.196.7 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.196.7"; classtype:trojan-activity; sid:37895021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 68.178.200.48 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.178.200.48"; classtype:trojan-activity; sid:37895031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.81.137 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.81.137"; classtype:trojan-activity; sid:37895041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 200.69.236.207 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.69.236.207"; classtype:trojan-activity; sid:37895051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 139.59.27.154 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.27.154"; classtype:trojan-activity; sid:37895061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 123.160.164.43 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.160.164.43"; classtype:trojan-activity; sid:37895071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.81.164 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.81.164"; classtype:trojan-activity; sid:37895081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 122.54.18.220 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.54.18.220"; classtype:trojan-activity; sid:37895091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.226.102 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.226.102"; classtype:trojan-activity; sid:37895101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 181.28.101.14 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.28.101.14"; classtype:trojan-activity; sid:37895111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 167.172.82.57 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.82.57"; classtype:trojan-activity; sid:37895121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 114.129.28.238 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.129.28.238"; classtype:trojan-activity; sid:37895131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 112.221.4.3 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.221.4.3"; classtype:trojan-activity; sid:37895141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.109.5.130 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.5.130"; classtype:trojan-activity; sid:37895151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.106.170.64 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.170.64"; classtype:trojan-activity; sid:37895161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.139.163.77 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.163.77"; classtype:trojan-activity; sid:37895171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 46.105.50.96 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.105.50.96"; classtype:trojan-activity; sid:37895181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.92.107 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.92.107"; classtype:trojan-activity; sid:37895191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.211.223 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.211.223"; classtype:trojan-activity; sid:37895201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.135.176 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.135.176"; classtype:trojan-activity; sid:37895211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 139.155.93.83 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.155.93.83"; classtype:trojan-activity; sid:37895221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 138.68.64.129 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.64.129"; classtype:trojan-activity; sid:37895231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 78.135.80.206 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.135.80.206"; classtype:trojan-activity; sid:37895241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 5.228.88.146 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.228.88.146"; classtype:trojan-activity; sid:37895251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 27.150.26.228 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.150.26.228"; classtype:trojan-activity; sid:37895261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.46.48 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.46.48"; classtype:trojan-activity; sid:37895271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 23.95.96.205 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.95.96.205"; classtype:trojan-activity; sid:37895281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 217.196.103.203 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.196.103.203"; classtype:trojan-activity; sid:37895291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 139.215.195.61 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.215.195.61"; classtype:trojan-activity; sid:37895301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.118.97 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.118.97"; classtype:trojan-activity; sid:37895311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.196.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.196.202"; classtype:trojan-activity; sid:37895321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.232.244.122 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.232.244.122"; classtype:trojan-activity; sid:37895331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.77.215 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.77.215"; classtype:trojan-activity; sid:37895341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 4.78.197.104 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 4.78.197.104"; classtype:trojan-activity; sid:37895351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 222.186.57.226 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.186.57.226"; classtype:trojan-activity; sid:37895361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 39.156.151.244 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.156.151.244"; classtype:trojan-activity; sid:37895371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 123.253.162.254 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.253.162.254"; classtype:trojan-activity; sid:37895381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.250.50.245 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.245"; classtype:trojan-activity; sid:37895391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.131.244.184 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.244.184"; classtype:trojan-activity; sid:37895401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.35.48.92 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.48.92"; classtype:trojan-activity; sid:37895411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 36.93.168.186 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.168.186"; classtype:trojan-activity; sid:37895421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.40.6 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.40.6"; classtype:trojan-activity; sid:37895431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 115.23.75.168 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.23.75.168"; classtype:trojan-activity; sid:37895441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 106.58.179.130 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.179.130"; classtype:trojan-activity; sid:37895451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.51.248.225 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.248.225"; classtype:trojan-activity; sid:37895461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 117.212.89.198 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.212.89.198"; classtype:trojan-activity; sid:37895471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 72.167.42.160 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.167.42.160"; classtype:trojan-activity; sid:37895481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 180.110.205.137 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.110.205.137"; classtype:trojan-activity; sid:37895491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 42.51.22.119 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.22.119"; classtype:trojan-activity; sid:37895501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 222.119.169.1 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.119.169.1"; classtype:trojan-activity; sid:37895511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.220.182.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.182.202"; classtype:trojan-activity; sid:37895521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 190.146.39.57 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.146.39.57"; classtype:trojan-activity; sid:37895531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.43.29.122 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.29.122"; classtype:trojan-activity; sid:37895541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.51.74.79 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.74.79"; classtype:trojan-activity; sid:37895551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 106.58.175.97 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.175.97"; classtype:trojan-activity; sid:37895561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 167.71.255.177 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.255.177"; classtype:trojan-activity; sid:37895571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.89.45.220 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.45.220"; classtype:trojan-activity; sid:37895581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 201.6.220.16 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.6.220.16"; classtype:trojan-activity; sid:37895591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.43.77.231 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.77.231"; classtype:trojan-activity; sid:37895601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 122.3.79.91 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.3.79.91"; classtype:trojan-activity; sid:37895611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 178.128.121.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.121.202"; classtype:trojan-activity; sid:37895621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.157.28.229 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.28.229"; classtype:trojan-activity; sid:37895631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.181.196 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.181.196"; classtype:trojan-activity; sid:37895641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 207.180.199.237 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.180.199.237"; classtype:trojan-activity; sid:37895651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.178.163 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.178.163"; classtype:trojan-activity; sid:37895661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 142.44.247.114 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.44.247.114"; classtype:trojan-activity; sid:37895671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.95.83.149 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.83.149"; classtype:trojan-activity; sid:37895681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 165.154.183.18 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.183.18"; classtype:trojan-activity; sid:37895691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 164.90.207.66 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.207.66"; classtype:trojan-activity; sid:37895701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.223.192.90 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.192.90"; classtype:trojan-activity; sid:37895711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 128.199.179.36 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.179.36"; classtype:trojan-activity; sid:37895721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.74.235 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.74.235"; classtype:trojan-activity; sid:37895731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.95.25.229 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.25.229"; classtype:trojan-activity; sid:37895741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 172.104.97.199 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.104.97.199"; classtype:trojan-activity; sid:37895751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 134.122.49.166 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.122.49.166"; classtype:trojan-activity; sid:37895761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 223.247.218.112 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.247.218.112"; classtype:trojan-activity; sid:37895771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 147.45.43.110 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.45.43.110"; classtype:trojan-activity; sid:37895781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 198.12.116.68 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.12.116.68"; classtype:trojan-activity; sid:37895791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 189.50.97.135 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.50.97.135"; classtype:trojan-activity; sid:37895801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.247.48 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.247.48"; classtype:trojan-activity; sid:37895811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 191.8.166.185 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.8.166.185"; classtype:trojan-activity; sid:37895821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 34.81.69.1 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.81.69.1"; classtype:trojan-activity; sid:37895831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 38.62.230.161 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.62.230.161"; classtype:trojan-activity; sid:37895841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.106.110.102 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.110.102"; classtype:trojan-activity; sid:37895851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.204.144 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.204.144"; classtype:trojan-activity; sid:37895861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 118.122.147.195 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.122.147.195"; classtype:trojan-activity; sid:37895871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.131.242.181 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.242.181"; classtype:trojan-activity; sid:37895881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.81.92 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.81.92"; classtype:trojan-activity; sid:37895891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 62.138.0.19 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.138.0.19"; classtype:trojan-activity; sid:37895901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 118.25.182.143 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.182.143"; classtype:trojan-activity; sid:37895911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.126.43.40 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.43.40"; classtype:trojan-activity; sid:37895921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.109.21.98 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.21.98"; classtype:trojan-activity; sid:37895931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.196.136 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.196.136"; classtype:trojan-activity; sid:37895941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 161.10.232.214 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.10.232.214"; classtype:trojan-activity; sid:37895951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 180.76.164.4 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.164.4"; classtype:trojan-activity; sid:37895961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 36.99.116.189 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.99.116.189"; classtype:trojan-activity; sid:37895971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.51.72.84 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.72.84"; classtype:trojan-activity; sid:37895981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 5.150.254.239 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.150.254.239"; classtype:trojan-activity; sid:37895991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 91.151.128.225 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.151.128.225"; classtype:trojan-activity; sid:37896001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.191.71 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.191.71"; classtype:trojan-activity; sid:37896011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.101.205 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.101.205"; classtype:trojan-activity; sid:37896021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 20.216.26.81 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.216.26.81"; classtype:trojan-activity; sid:37896031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.45.45 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.45.45"; classtype:trojan-activity; sid:37896041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.206.231.29 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.206.231.29"; classtype:trojan-activity; sid:37896051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.171.66 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.171.66"; classtype:trojan-activity; sid:37896061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 167.71.187.41 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.187.41"; classtype:trojan-activity; sid:37896071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 27.128.174.164 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.174.164"; classtype:trojan-activity; sid:37896081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 61.72.41.94 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.72.41.94"; classtype:trojan-activity; sid:37896091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 96.84.198.29 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.84.198.29"; classtype:trojan-activity; sid:37896101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.36.93 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.36.93"; classtype:trojan-activity; sid:37896111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 20.243.1.14 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.243.1.14"; classtype:trojan-activity; sid:37896121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 83.252.164.25 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.252.164.25"; classtype:trojan-activity; sid:37896131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 195.228.231.116 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.228.231.116"; classtype:trojan-activity; sid:37896141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.243.231 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.243.231"; classtype:trojan-activity; sid:37896151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.142.87.177 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.142.87.177"; classtype:trojan-activity; sid:37896161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.51.51.146 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.51.146"; classtype:trojan-activity; sid:37896171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 80.255.150.171 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.255.150.171"; classtype:trojan-activity; sid:37896181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 161.82.221.178 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.82.221.178"; classtype:trojan-activity; sid:37896191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.221.182.27 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.182.27"; classtype:trojan-activity; sid:37896201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.75.132.188 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.132.188"; classtype:trojan-activity; sid:37896211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 64.23.200.49 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.200.49"; classtype:trojan-activity; sid:37896221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 191.98.191.87 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.98.191.87"; classtype:trojan-activity; sid:37896231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.33.79.22 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.79.22"; classtype:trojan-activity; sid:37896241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.106.77 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.106.77"; classtype:trojan-activity; sid:37896251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.129.59 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.129.59"; classtype:trojan-activity; sid:37896261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.146.4.225 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.146.4.225"; classtype:trojan-activity; sid:37896271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.105.131 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.105.131"; classtype:trojan-activity; sid:37896281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.193.71 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.193.71"; classtype:trojan-activity; sid:37896291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.223.41.133 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.41.133"; classtype:trojan-activity; sid:37896301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.36.111.53 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.36.111.53"; classtype:trojan-activity; sid:37896311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 165.22.214.99 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.214.99"; classtype:trojan-activity; sid:37896321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.34.53.158 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.53.158"; classtype:trojan-activity; sid:37896331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.142.120.135 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.120.135"; classtype:trojan-activity; sid:37896341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 62.234.193.84 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.193.84"; classtype:trojan-activity; sid:37896351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 142.44.242.147 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.44.242.147"; classtype:trojan-activity; sid:37896361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 50.65.6.68 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.65.6.68"; classtype:trojan-activity; sid:37896371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.130.215.106 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.215.106"; classtype:trojan-activity; sid:37896381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 62.234.119.96 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.119.96"; classtype:trojan-activity; sid:37896391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 89.252.146.147 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.252.146.147"; classtype:trojan-activity; sid:37896401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.157.53.144 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.53.144"; classtype:trojan-activity; sid:37896411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 24.164.127.118 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.164.127.118"; classtype:trojan-activity; sid:37896421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.64.217.121 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.217.121"; classtype:trojan-activity; sid:37896431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 117.83.178.140 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.83.178.140"; classtype:trojan-activity; sid:37896441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 114.132.248.43 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.248.43"; classtype:trojan-activity; sid:37896451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.193.179.120 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.193.179.120"; classtype:trojan-activity; sid:37896461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.171.84.191 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.171.84.191"; classtype:trojan-activity; sid:37896471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.139.207.11 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.207.11"; classtype:trojan-activity; sid:37896481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 189.174.158.14 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.174.158.14"; classtype:trojan-activity; sid:37896491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 79.143.86.226 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.143.86.226"; classtype:trojan-activity; sid:37896501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 187.75.159.201 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.75.159.201"; classtype:trojan-activity; sid:37896511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.36.244 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.36.244"; classtype:trojan-activity; sid:37896521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 156.236.73.14 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.73.14"; classtype:trojan-activity; sid:37896531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 51.79.156.153 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.79.156.153"; classtype:trojan-activity; sid:37896541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 195.24.56.135 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.24.56.135"; classtype:trojan-activity; sid:37896551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.197.154 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.197.154"; classtype:trojan-activity; sid:37896561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.222.51.45 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.51.45"; classtype:trojan-activity; sid:37896571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 8.210.174.140 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.210.174.140"; classtype:trojan-activity; sid:37896581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.100.208.59 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.100.208.59"; classtype:trojan-activity; sid:37896591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.199.39 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.199.39"; classtype:trojan-activity; sid:37896601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 161.35.78.86 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.78.86"; classtype:trojan-activity; sid:37896611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.221.179.42 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.179.42"; classtype:trojan-activity; sid:37896621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.143.230.237 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.230.237"; classtype:trojan-activity; sid:37896631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.39.35 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.39.35"; classtype:trojan-activity; sid:37896641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.130.212.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.212.202"; classtype:trojan-activity; sid:37896651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.143.164.246 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.164.246"; classtype:trojan-activity; sid:37896661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.28.233.73 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.233.73"; classtype:trojan-activity; sid:37896671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.246.194.229 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.246.194.229"; classtype:trojan-activity; sid:37896681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.180.106 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.180.106"; classtype:trojan-activity; sid:37896691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.27.220 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.27.220"; classtype:trojan-activity; sid:37896701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 178.128.111.46 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.111.46"; classtype:trojan-activity; sid:37896711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.158.80.73 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.80.73"; classtype:trojan-activity; sid:37896721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.33.81.93 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.81.93"; classtype:trojan-activity; sid:37896731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.66.73 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.66.73"; classtype:trojan-activity; sid:37896741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 20.40.73.192 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.40.73.192"; classtype:trojan-activity; sid:37896751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 1.117.73.36 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.73.36"; classtype:trojan-activity; sid:37896761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 36.111.149.33 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.111.149.33"; classtype:trojan-activity; sid:37896771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 34.176.48.134 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.176.48.134"; classtype:trojan-activity; sid:37896781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.29.233.227 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.233.227"; classtype:trojan-activity; sid:37896791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 82.156.153.55 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.153.55"; classtype:trojan-activity; sid:37896801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 186.121.205.66 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.121.205.66"; classtype:trojan-activity; sid:37896811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 68.183.19.141 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.19.141"; classtype:trojan-activity; sid:37896821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 34.92.18.156 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.92.18.156"; classtype:trojan-activity; sid:37896831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 178.128.11.240 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.11.240"; classtype:trojan-activity; sid:37896841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 51.210.183.250 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.210.183.250"; classtype:trojan-activity; sid:37896851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 80.78.255.223 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.78.255.223"; classtype:trojan-activity; sid:37896861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 193.112.221.161 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.112.221.161"; classtype:trojan-activity; sid:37896871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 114.117.165.114 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.117.165.114"; classtype:trojan-activity; sid:37896881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 195.158.24.42 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.158.24.42"; classtype:trojan-activity; sid:37896891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.157.14.23 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.14.23"; classtype:trojan-activity; sid:37896901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.145.48 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.145.48"; classtype:trojan-activity; sid:37896911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.95.196 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.95.196"; classtype:trojan-activity; sid:37896921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 35.229.64.102 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance] Incoming From IP: 35.229.64.102"; classtype:trojan-activity; sid:37896931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.228.179 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.228.179"; classtype:trojan-activity; sid:37896941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 188.166.211.7 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.211.7"; classtype:trojan-activity; sid:37896951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.157.29.75 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.29.75"; classtype:trojan-activity; sid:37896961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.243.125 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.243.125"; classtype:trojan-activity; sid:37896971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.145.70 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.145.70"; classtype:trojan-activity; sid:37896981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 18.118.64.178 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 18.118.64.178"; classtype:trojan-activity; sid:37896991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 175.178.189.234 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.189.234"; classtype:trojan-activity; sid:37897001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.157.48.47 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.48.47"; classtype:trojan-activity; sid:37897011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 191.80.67.229 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.80.67.229"; classtype:trojan-activity; sid:37897021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 182.61.60.51 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.60.51"; classtype:trojan-activity; sid:37897031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 52.160.46.145 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.160.46.145"; classtype:trojan-activity; sid:37897041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.67.44 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.67.44"; classtype:trojan-activity; sid:37897051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.223.67.108 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.67.108"; classtype:trojan-activity; sid:37897061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 154.221.22.200 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.221.22.200"; classtype:trojan-activity; sid:37897071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.42.19.4 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.19.4"; classtype:trojan-activity; sid:37897081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 146.190.50.37 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.50.37"; classtype:trojan-activity; sid:37897091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.250.49.104 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.104"; classtype:trojan-activity; sid:37897101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.250.49.220 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.220"; classtype:trojan-activity; sid:37897111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.44.194.113 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.44.194.113"; classtype:trojan-activity; sid:37897121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.219.166 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.219.166"; classtype:trojan-activity; sid:37897131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.221.102.77 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.102.77"; classtype:trojan-activity; sid:37897141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.236.104.29 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.104.29"; classtype:trojan-activity; sid:37897151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.103.178 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.103.178"; classtype:trojan-activity; sid:37897161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 64.226.94.253 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.226.94.253"; classtype:trojan-activity; sid:37897171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 114.217.33.167 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.217.33.167"; classtype:trojan-activity; sid:37897181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.51.173.123 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.173.123"; classtype:trojan-activity; sid:37897191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.28.233.74 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.233.74"; classtype:trojan-activity; sid:37897201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 104.28.201.75 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.201.75"; classtype:trojan-activity; sid:37897211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 36.155.92.200 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.155.92.200"; classtype:trojan-activity; sid:37897221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 60.108.212.174 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.108.212.174"; classtype:trojan-activity; sid:37897231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 190.16.57.65 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.16.57.65"; classtype:trojan-activity; sid:37897241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.67.216.151 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.67.216.151"; classtype:trojan-activity; sid:37897251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 139.186.168.67 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.186.168.67"; classtype:trojan-activity; sid:37897261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 192.253.238.70 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.253.238.70"; classtype:trojan-activity; sid:37897271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.64.159.41 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.159.41"; classtype:trojan-activity; sid:37897281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.155.165.55 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.165.55"; classtype:trojan-activity; sid:37897291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.212.228 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.212.228"; classtype:trojan-activity; sid:37897301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.36.108.160 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.36.108.160"; classtype:trojan-activity; sid:37897311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.40.163 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.40.163"; classtype:trojan-activity; sid:37897321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.237.227 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.237.227"; classtype:trojan-activity; sid:37897331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.20.231 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.20.231"; classtype:trojan-activity; sid:37897341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 213.219.212.106 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.219.212.106"; classtype:trojan-activity; sid:37897351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.177.216.237 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.177.216.237"; classtype:trojan-activity; sid:37897361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.222.137 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.222.137"; classtype:trojan-activity; sid:37897371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 192.226.241.224 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.226.241.224"; classtype:trojan-activity; sid:37897381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 84.247.142.82 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.247.142.82"; classtype:trojan-activity; sid:37897391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.91.40.249 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.40.249"; classtype:trojan-activity; sid:37897401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.54.137 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.54.137"; classtype:trojan-activity; sid:37897411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 66.179.250.127 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.179.250.127"; classtype:trojan-activity; sid:37897421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 36.138.116.248 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.138.116.248"; classtype:trojan-activity; sid:37897431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.107.125 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.107.125"; classtype:trojan-activity; sid:37897441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.147.70 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.147.70"; classtype:trojan-activity; sid:37897451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.131.61.31 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.61.31"; classtype:trojan-activity; sid:37897461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 118.70.170.120 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.70.170.120"; classtype:trojan-activity; sid:37897471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.63.221 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.63.221"; classtype:trojan-activity; sid:37897481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.157.226 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.157.226"; classtype:trojan-activity; sid:37897491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 79.8.11.76 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.8.11.76"; classtype:trojan-activity; sid:37897501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.143.248.87 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.248.87"; classtype:trojan-activity; sid:37897511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.28.90.118 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.28.90.118"; classtype:trojan-activity; sid:37897521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.105.47 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.105.47"; classtype:trojan-activity; sid:37897531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.210.81.125 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.210.81.125"; classtype:trojan-activity; sid:37897541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 198.211.124.50 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.211.124.50"; classtype:trojan-activity; sid:37897551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 118.193.62.104 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.62.104"; classtype:trojan-activity; sid:37897561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.221.230.149 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.230.149"; classtype:trojan-activity; sid:37897571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.52.218 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.52.218"; classtype:trojan-activity; sid:37897581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.8.254 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.8.254"; classtype:trojan-activity; sid:37897591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 82.212.74.2 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.212.74.2"; classtype:trojan-activity; sid:37897601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 180.101.88.236 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.236"; classtype:trojan-activity; sid:37897611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 96.78.175.39 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.78.175.39"; classtype:trojan-activity; sid:37897621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 180.101.88.225 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.225"; classtype:trojan-activity; sid:37897631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 210.18.138.41 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.18.138.41"; classtype:trojan-activity; sid:37897641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.159.207.70 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.159.207.70"; classtype:trojan-activity; sid:37897651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.42.52 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.42.52"; classtype:trojan-activity; sid:37897661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.181.61.160 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.181.61.160"; classtype:trojan-activity; sid:37897671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.210.57 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.210.57"; classtype:trojan-activity; sid:37897681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.185.68.238 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.185.68.238"; classtype:trojan-activity; sid:37897691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 102.128.78.77 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.128.78.77"; classtype:trojan-activity; sid:37897701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.218.90 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.218.90"; classtype:trojan-activity; sid:37897711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.135.161.130 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.161.130"; classtype:trojan-activity; sid:37897721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.131.159 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.131.159"; classtype:trojan-activity; sid:37897731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.66.49.166 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.66.49.166"; classtype:trojan-activity; sid:37897741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.186.119 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.186.119"; classtype:trojan-activity; sid:37897751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.206.251 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.251"; classtype:trojan-activity; sid:37897761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 36.133.34.233 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.34.233"; classtype:trojan-activity; sid:37897771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.130.17.134 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.17.134"; classtype:trojan-activity; sid:37897781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.143.73.71 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.73.71"; classtype:trojan-activity; sid:37897791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.106.65.5 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.65.5"; classtype:trojan-activity; sid:37897801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.11.155 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.11.155"; classtype:trojan-activity; sid:37897811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 37.58.18.216 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.58.18.216"; classtype:trojan-activity; sid:37897821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.222.146.116 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.146.116"; classtype:trojan-activity; sid:37897831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 203.145.143.163 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.145.143.163"; classtype:trojan-activity; sid:37897841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.109.23.186 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.23.186"; classtype:trojan-activity; sid:37897851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.201.224 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.201.224"; classtype:trojan-activity; sid:37897861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.232.53.209 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.53.209"; classtype:trojan-activity; sid:37897871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 122.254.92.216 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.254.92.216"; classtype:trojan-activity; sid:37897881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 177.87.83.170 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.87.83.170"; classtype:trojan-activity; sid:37897891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.42.248.218 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.248.218"; classtype:trojan-activity; sid:37897901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 106.225.192.103 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.225.192.103"; classtype:trojan-activity; sid:37897911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.126.70.135 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.70.135"; classtype:trojan-activity; sid:37897921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.10.47.20 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.10.47.20"; classtype:trojan-activity; sid:37897931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 120.253.186.82 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.253.186.82"; classtype:trojan-activity; sid:37897941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.183.21 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.183.21"; classtype:trojan-activity; sid:37897951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 203.222.12.217 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.222.12.217"; classtype:trojan-activity; sid:37897961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.81.234 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.81.234"; classtype:trojan-activity; sid:37897971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.233.36.199 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.233.36.199"; classtype:trojan-activity; sid:37897981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.205.52 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.205.52"; classtype:trojan-activity; sid:37897991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 141.94.26.113 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.94.26.113"; classtype:trojan-activity; sid:37898001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.212.215 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.212.215"; classtype:trojan-activity; sid:37898011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 23.94.213.160 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.213.160"; classtype:trojan-activity; sid:37898021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 193.70.1.27 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.70.1.27"; classtype:trojan-activity; sid:37898031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 182.61.60.71 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.60.71"; classtype:trojan-activity; sid:37898041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 117.50.51.154 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.51.154"; classtype:trojan-activity; sid:37898051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 148.135.12.30 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.135.12.30"; classtype:trojan-activity; sid:37898061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.95.64.112 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.64.112"; classtype:trojan-activity; sid:37898071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 84.247.168.116 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.247.168.116"; classtype:trojan-activity; sid:37898081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.151.30 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.151.30"; classtype:trojan-activity; sid:37898091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.92.252 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.92.252"; classtype:trojan-activity; sid:37898101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 220.134.113.188 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.134.113.188"; classtype:trojan-activity; sid:37898111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.155.138.135 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.138.135"; classtype:trojan-activity; sid:37898121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 125.209.85.187 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.209.85.187"; classtype:trojan-activity; sid:37898131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 116.196.73.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.196.73.202"; classtype:trojan-activity; sid:37898141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.32.168.130 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.168.130"; classtype:trojan-activity; sid:37898151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 211.245.106.55 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.245.106.55"; classtype:trojan-activity; sid:37898161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.254.158.183 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.254.158.183"; classtype:trojan-activity; sid:37898171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 85.221.209.226 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.221.209.226"; classtype:trojan-activity; sid:37898181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.111.82 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.111.82"; classtype:trojan-activity; sid:37898191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.1.222 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.1.222"; classtype:trojan-activity; sid:37898201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.194.131 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.194.131"; classtype:trojan-activity; sid:37898211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.186.82 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.186.82"; classtype:trojan-activity; sid:37898221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.106.197.113 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.197.113"; classtype:trojan-activity; sid:37898231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 117.232.107.107 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.232.107.107"; classtype:trojan-activity; sid:37898241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 202.185.12.124 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.185.12.124"; classtype:trojan-activity; sid:37898251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.226.222 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.226.222"; classtype:trojan-activity; sid:37898261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 66.179.253.83 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.179.253.83"; classtype:trojan-activity; sid:37898271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.34.210.142 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.210.142"; classtype:trojan-activity; sid:37898281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 178.32.136.118 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.32.136.118"; classtype:trojan-activity; sid:37898291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.91.136.18 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.91.136.18"; classtype:trojan-activity; sid:37898301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 91.226.93.234 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.226.93.234"; classtype:trojan-activity; sid:37898311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 121.13.219.194 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.13.219.194"; classtype:trojan-activity; sid:37898321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 82.157.22.34 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.22.34"; classtype:trojan-activity; sid:37898331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 153.120.83.187 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.120.83.187"; classtype:trojan-activity; sid:37898341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.199.124 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.199.124"; classtype:trojan-activity; sid:37898351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 109.167.200.10 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.167.200.10"; classtype:trojan-activity; sid:37898361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.210.103 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.210.103"; classtype:trojan-activity; sid:37898371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 121.5.151.124 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.5.151.124"; classtype:trojan-activity; sid:37898381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 113.66.7.156 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.66.7.156"; classtype:trojan-activity; sid:37898391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.133.58.10 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.58.10"; classtype:trojan-activity; sid:37898401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.194.6 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.194.6"; classtype:trojan-activity; sid:37898411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.155.144.191 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.144.191"; classtype:trojan-activity; sid:37898421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 203.195.173.239 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.195.173.239"; classtype:trojan-activity; sid:37898431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 162.62.135.19 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.135.19"; classtype:trojan-activity; sid:37898441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 178.128.102.141 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.102.141"; classtype:trojan-activity; sid:37898451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.223.10.151 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.10.151"; classtype:trojan-activity; sid:37898461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 187.190.112.181 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.190.112.181"; classtype:trojan-activity; sid:37898471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.64.217.89 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.217.89"; classtype:trojan-activity; sid:37898491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 148.72.244.123 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.72.244.123"; classtype:trojan-activity; sid:37898501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.146.232.157 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.146.232.157"; classtype:trojan-activity; sid:37898511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 122.51.33.221 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.33.221"; classtype:trojan-activity; sid:37898521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.157.112.247 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.112.247"; classtype:trojan-activity; sid:37898531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 152.32.145.102 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.145.102"; classtype:trojan-activity; sid:37898541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.203.135 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.203.135"; classtype:trojan-activity; sid:37898551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.213.47 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.213.47"; classtype:trojan-activity; sid:37898561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 211.253.37.225 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.253.37.225"; classtype:trojan-activity; sid:37898571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 94.191.111.101 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.191.111.101"; classtype:trojan-activity; sid:37898581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.132.231 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.132.231"; classtype:trojan-activity; sid:37898591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.173.92 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.173.92"; classtype:trojan-activity; sid:37898601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.174.248 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.174.248"; classtype:trojan-activity; sid:37898611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 91.208.75.3 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.208.75.3"; classtype:trojan-activity; sid:37898621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.226.21 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.226.21"; classtype:trojan-activity; sid:37898631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 143.110.229.68 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.229.68"; classtype:trojan-activity; sid:37898641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 165.227.82.150 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.82.150"; classtype:trojan-activity; sid:37898651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.162.235.231 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.162.235.231"; classtype:trojan-activity; sid:37898661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 192.169.201.6 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.169.201.6"; classtype:trojan-activity; sid:37898671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 80.85.242.255 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.85.242.255"; classtype:trojan-activity; sid:37898681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 85.133.199.141 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.133.199.141"; classtype:trojan-activity; sid:37898691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 218.206.136.24 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.206.136.24"; classtype:trojan-activity; sid:37898701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.157.6.144 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.6.144"; classtype:trojan-activity; sid:37898711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.119.9.158 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.119.9.158"; classtype:trojan-activity; sid:37898721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.231.182.249 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.231.182.249"; classtype:trojan-activity; sid:37898731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 110.239.94.63 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.239.94.63"; classtype:trojan-activity; sid:37898741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 139.59.117.205 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.117.205"; classtype:trojan-activity; sid:37898751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.157.29.245 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.29.245"; classtype:trojan-activity; sid:37898761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.133.36.6 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.133.36.6"; classtype:trojan-activity; sid:37898771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 147.45.71.98 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.45.71.98"; classtype:trojan-activity; sid:37898781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 202.5.26.51 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.5.26.51"; classtype:trojan-activity; sid:37898791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 218.255.103.194 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.255.103.194"; classtype:trojan-activity; sid:37898801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 183.36.126.68 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.36.126.68"; classtype:trojan-activity; sid:37898811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.239.251 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.239.251"; classtype:trojan-activity; sid:37898821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.131.9.186 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.9.186"; classtype:trojan-activity; sid:37898831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.28.112.219 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.112.219"; classtype:trojan-activity; sid:37898841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.106.83.144 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.83.144"; classtype:trojan-activity; sid:37898851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.89.113.198 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.113.198"; classtype:trojan-activity; sid:37898861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.220.3.250 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.3.250"; classtype:trojan-activity; sid:37898871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.22.117 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.22.117"; classtype:trojan-activity; sid:37898881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 81.70.33.129 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.33.129"; classtype:trojan-activity; sid:37898891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 14.63.160.31 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.63.160.31"; classtype:trojan-activity; sid:37898901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 192.34.85.155 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.34.85.155"; classtype:trojan-activity; sid:37898911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.221.90.10 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.90.10"; classtype:trojan-activity; sid:37898921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.110.25.213 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.110.25.213"; classtype:trojan-activity; sid:37898931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.249.84.155 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.249.84.155"; classtype:trojan-activity; sid:37898941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 85.18.236.229 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.18.236.229"; classtype:trojan-activity; sid:37898951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.26.40 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.26.40"; classtype:trojan-activity; sid:37898961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.237.144.204 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.237.144.204"; classtype:trojan-activity; sid:37898971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 81.70.42.224 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.42.224"; classtype:trojan-activity; sid:37898981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.64.213.86 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.213.86"; classtype:trojan-activity; sid:37898991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 122.226.223.254 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.226.223.254"; classtype:trojan-activity; sid:37899001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 179.33.186.151 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.33.186.151"; classtype:trojan-activity; sid:37899011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.109.247.189 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.247.189"; classtype:trojan-activity; sid:37899021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 85.193.87.71 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.193.87.71"; classtype:trojan-activity; sid:37899031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.199.57 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.199.57"; classtype:trojan-activity; sid:37899041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.234.125.168 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.125.168"; classtype:trojan-activity; sid:37899051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.237.109 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.237.109"; classtype:trojan-activity; sid:37899061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.158.101.234 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.101.234"; classtype:trojan-activity; sid:37899071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.126.67.226 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.67.226"; classtype:trojan-activity; sid:37899081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.221.98.177 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.98.177"; classtype:trojan-activity; sid:37899091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 116.110.73.126 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.110.73.126"; classtype:trojan-activity; sid:37899101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 107.173.85.161 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.85.161"; classtype:trojan-activity; sid:37899111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 180.74.243.20 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.74.243.20"; classtype:trojan-activity; sid:37899121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 144.76.204.126 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.76.204.126"; classtype:trojan-activity; sid:37899131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 207.154.233.236 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.154.233.236"; classtype:trojan-activity; sid:37899141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 190.55.103.66 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.55.103.66"; classtype:trojan-activity; sid:37899151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 91.107.182.58 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.107.182.58"; classtype:trojan-activity; sid:37899161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 193.151.150.210 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.150.210"; classtype:trojan-activity; sid:37899171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.34.165 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.34.165"; classtype:trojan-activity; sid:37899181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 109.194.17.175 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.194.17.175"; classtype:trojan-activity; sid:37899191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 178.128.125.38 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.125.38"; classtype:trojan-activity; sid:37899201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.220.186.190 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.186.190"; classtype:trojan-activity; sid:37899211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 81.70.185.251 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.185.251"; classtype:trojan-activity; sid:37899221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 64.23.130.207 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.130.207"; classtype:trojan-activity; sid:37899231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.27.172.219 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.27.172.219"; classtype:trojan-activity; sid:37899241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 185.161.248.218 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.161.248.218"; classtype:trojan-activity; sid:37899251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 146.59.144.141 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.59.144.141"; classtype:trojan-activity; sid:37899261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.43.188.96 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.188.96"; classtype:trojan-activity; sid:37899271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 137.220.190.31 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.220.190.31"; classtype:trojan-activity; sid:37899281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 178.20.55.182 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.20.55.182"; classtype:trojan-activity; sid:37899291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.130.251.49 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.251.49"; classtype:trojan-activity; sid:37899301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 149.129.174.11 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.129.174.11"; classtype:trojan-activity; sid:37899311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.222.82.244 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.82.244"; classtype:trojan-activity; sid:37899321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 144.34.174.80 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.34.174.80"; classtype:trojan-activity; sid:37899331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.109.32 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.109.32"; classtype:trojan-activity; sid:37899341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.136.168.125 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.168.125"; classtype:trojan-activity; sid:37899351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.171.46 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.171.46"; classtype:trojan-activity; sid:37899361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.194.172.169 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.194.172.169"; classtype:trojan-activity; sid:37899371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 119.45.146.17 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.146.17"; classtype:trojan-activity; sid:37899381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.66.16 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.66.16"; classtype:trojan-activity; sid:37899391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.128.72.62 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.72.62"; classtype:trojan-activity; sid:37899401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 175.178.229.7 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.229.7"; classtype:trojan-activity; sid:37899411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.27.134 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.27.134"; classtype:trojan-activity; sid:37899421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 51.68.126.207 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.68.126.207"; classtype:trojan-activity; sid:37899431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.130.232.195 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.232.195"; classtype:trojan-activity; sid:37899441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 222.186.172.46 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.186.172.46"; classtype:trojan-activity; sid:37899451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.153.110.76 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.110.76"; classtype:trojan-activity; sid:37899461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 203.194.106.73 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.194.106.73"; classtype:trojan-activity; sid:37899471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 107.151.253.151 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.151.253.151"; classtype:trojan-activity; sid:37899481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.196.78 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.196.78"; classtype:trojan-activity; sid:37899491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.95.40 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.95.40"; classtype:trojan-activity; sid:37899501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 223.113.222.158 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.113.222.158"; classtype:trojan-activity; sid:37899511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 78.153.130.75 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.153.130.75"; classtype:trojan-activity; sid:37899521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 107.150.4.85 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.150.4.85"; classtype:trojan-activity; sid:37899531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.224.208 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.224.208"; classtype:trojan-activity; sid:37899541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 122.51.220.44 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.220.44"; classtype:trojan-activity; sid:37899551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 51.75.120.93 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.75.120.93"; classtype:trojan-activity; sid:37899561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.132.248.189 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.248.189"; classtype:trojan-activity; sid:37899571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 81.170.214.174 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.170.214.174"; classtype:trojan-activity; sid:37899581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.154.77.6 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.154.77.6"; classtype:trojan-activity; sid:37899591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 68.183.88.186 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.88.186"; classtype:trojan-activity; sid:37899601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.155.158.19 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.158.19"; classtype:trojan-activity; sid:37899611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.155.246 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.155.246"; classtype:trojan-activity; sid:37899621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 103.200.113.73 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.200.113.73"; classtype:trojan-activity; sid:37899631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 137.184.226.1 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.226.1"; classtype:trojan-activity; sid:37899641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 52.131.228.222 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.131.228.222"; classtype:trojan-activity; sid:37899651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 47.113.207.206 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.113.207.206"; classtype:trojan-activity; sid:37899661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.154.219 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.154.219"; classtype:trojan-activity; sid:37899671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 20.127.74.114 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.127.74.114"; classtype:trojan-activity; sid:37899681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 147.182.197.202 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.182.197.202"; classtype:trojan-activity; sid:37899691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 13.68.156.100 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.68.156.100"; classtype:trojan-activity; sid:37899701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 188.226.207.26 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.226.207.26"; classtype:trojan-activity; sid:37899711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.240.155 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.240.155"; classtype:trojan-activity; sid:37899721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 45.184.44.174 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.184.44.174"; classtype:trojan-activity; sid:37899731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.90.187 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.90.187"; classtype:trojan-activity; sid:37899741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 79.106.73.114 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.106.73.114"; classtype:trojan-activity; sid:37899751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.223.6.35 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.6.35"; classtype:trojan-activity; sid:37899761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 2.82.168.176 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.82.168.176"; classtype:trojan-activity; sid:37899771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 36.94.224.175 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.94.224.175"; classtype:trojan-activity; sid:37899781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 80.229.18.62 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.229.18.62"; classtype:trojan-activity; sid:37899791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 143.198.197.81 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.197.81"; classtype:trojan-activity; sid:37899801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 171.220.244.134 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.220.244.134"; classtype:trojan-activity; sid:37899811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 221.149.20.218 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.149.20.218"; classtype:trojan-activity; sid:37899821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 138.99.6.74 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.99.6.74"; classtype:trojan-activity; sid:37899831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 222.111.179.159 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.111.179.159"; classtype:trojan-activity; sid:37899841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.135.134.244 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.134.244"; classtype:trojan-activity; sid:37899851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 164.92.157.100 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.157.100"; classtype:trojan-activity; sid:37899861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 117.50.165.62 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.165.62"; classtype:trojan-activity; sid:37899871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 149.78.186.171 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.78.186.171"; classtype:trojan-activity; sid:37899881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 144.217.89.216 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.217.89.216"; classtype:trojan-activity; sid:37899891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 36.137.0.82 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.0.82"; classtype:trojan-activity; sid:37899901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.223.166.172 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.166.172"; classtype:trojan-activity; sid:37899911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.183.194 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.183.194"; classtype:trojan-activity; sid:37899921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.130.26.150 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.26.150"; classtype:trojan-activity; sid:37899931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 101.34.207.180 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.207.180"; classtype:trojan-activity; sid:37899941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 170.64.131.63 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.131.63"; classtype:trojan-activity; sid:37899951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 106.55.57.164 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.57.164"; classtype:trojan-activity; sid:37899961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 50.225.176.238 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.225.176.238"; classtype:trojan-activity; sid:37899971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 183.56.246.71 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.246.71"; classtype:trojan-activity; sid:37899981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.245.223 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.245.223"; classtype:trojan-activity; sid:37899991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.223.65.33 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.65.33"; classtype:trojan-activity; sid:37900001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 187.34.38.247 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.34.38.247"; classtype:trojan-activity; sid:37900011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.158.88.86 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.88.86"; classtype:trojan-activity; sid:37900021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 84.247.173.59 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.247.173.59"; classtype:trojan-activity; sid:37900031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 116.198.46.25 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.198.46.25"; classtype:trojan-activity; sid:37900041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.153.89.168 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.153.89.168"; classtype:trojan-activity; sid:37900051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.159.32.231 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.32.231"; classtype:trojan-activity; sid:37900061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 165.154.43.143 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.43.143"; classtype:trojan-activity; sid:37900071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 116.197.129.199 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.197.129.199"; classtype:trojan-activity; sid:37900081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 223.15.246.49 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.15.246.49"; classtype:trojan-activity; sid:37900091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.60.152 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.60.152"; classtype:trojan-activity; sid:37900101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 111.229.171.75 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.171.75"; classtype:trojan-activity; sid:37900111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 137.184.76.77 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.76.77"; classtype:trojan-activity; sid:37900121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 49.51.243.23 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.243.23"; classtype:trojan-activity; sid:37900131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 152.136.49.35 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.49.35"; classtype:trojan-activity; sid:37900141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.8.66 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.8.66"; classtype:trojan-activity; sid:37900151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.131.44.196 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.44.196"; classtype:trojan-activity; sid:37900161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 159.203.91.157 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.91.157"; classtype:trojan-activity; sid:37900171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.219.137 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.219.137"; classtype:trojan-activity; sid:37900181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.157.39.94 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.39.94"; classtype:trojan-activity; sid:37900191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.163.242.250 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.242.250"; classtype:trojan-activity; sid:37900201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 118.195.136.86 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.136.86"; classtype:trojan-activity; sid:37900211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 92.205.108.83 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.205.108.83"; classtype:trojan-activity; sid:37900221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 121.4.137.243 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.137.243"; classtype:trojan-activity; sid:37900231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.155.133.214 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.133.214"; classtype:trojan-activity; sid:37900241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.104.64 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.104.64"; classtype:trojan-activity; sid:37900251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 129.226.201.160 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.201.160"; classtype:trojan-activity; sid:37900261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 15.235.162.5 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.235.162.5"; classtype:trojan-activity; sid:37900271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.135.160.254 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.160.254"; classtype:trojan-activity; sid:37900281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.191.201 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.191.201"; classtype:trojan-activity; sid:37900291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.156.137.139 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.137.139"; classtype:trojan-activity; sid:37900301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 42.81.140.222 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.81.140.222"; classtype:trojan-activity; sid:37900311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 204.44.92.96 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.44.92.96"; classtype:trojan-activity; sid:37900321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.179.194 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.179.194"; classtype:trojan-activity; sid:37900331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 43.134.91.84 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.91.84"; classtype:trojan-activity; sid:37900341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 150.109.252.243 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.252.243"; classtype:trojan-activity; sid:37900351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 62.84.122.203 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.84.122.203"; classtype:trojan-activity; sid:37900361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 124.156.211.115 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.211.115"; classtype:trojan-activity; sid:37900371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 91.202.5.31 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.202.5.31"; classtype:trojan-activity; sid:37900381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert ip 152.136.157.226 any -> $HOME_NET any (msg: "MISP e27265 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.157.226"; classtype:trojan-activity; sid:37900391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27265;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27244 [] Outgoing URL http|3a|//vinted.id765019834.com/order/247946731"; flow:to_server,established; http.header; content:"vinted.id765019834.com"; fast_pattern; nocase; http.uri; content:"/order/247946731"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37889441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27244;) alert ip $HOME_NET any -> 122.52.26.100 1818 (msg: "MISP e27195 [Meterpreter] Outgoing To IP: 122.52.26.100|1818"; classtype:trojan-activity; sid:37867431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 155.94.211.9 42119 (msg: "MISP e27195 [Adwind] Outgoing To IP: 155.94.211.9|42119"; classtype:trojan-activity; sid:37867441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 43.134.191.184 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.191.184"; classtype:trojan-activity; sid:37871881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 156.0.255.33 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.0.255.33"; classtype:trojan-activity; sid:37871891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 202.157.176.29 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.176.29"; classtype:trojan-activity; sid:37871901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.35.61 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.35.61"; classtype:trojan-activity; sid:37871911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.250.34.21 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.34.21"; classtype:trojan-activity; sid:37871921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 138.68.58.124 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.58.124"; classtype:trojan-activity; sid:37871931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.243.133.199 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.133.199"; classtype:trojan-activity; sid:37871941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 87.201.127.150 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.201.127.150"; classtype:trojan-activity; sid:37871951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 52.14.37.113 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.14.37.113"; classtype:trojan-activity; sid:37871961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 120.48.36.175 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.36.175"; classtype:trojan-activity; sid:37871971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 112.6.142.59 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.6.142.59"; classtype:trojan-activity; sid:37871981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.82.202.185 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.82.202.185"; classtype:trojan-activity; sid:37871991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.223.53.149 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.53.149"; classtype:trojan-activity; sid:37872001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.145.176 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.145.176"; classtype:trojan-activity; sid:37872011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.175.81 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.175.81"; classtype:trojan-activity; sid:37872021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.108.174 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.108.174"; classtype:trojan-activity; sid:37872031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.106.243 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.106.243"; classtype:trojan-activity; sid:37872041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.29.254 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.29.254"; classtype:trojan-activity; sid:37872051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 222.234.220.145 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.234.220.145"; classtype:trojan-activity; sid:37872061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.241.69.168 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.241.69.168"; classtype:trojan-activity; sid:37872071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.116.107 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.116.107"; classtype:trojan-activity; sid:37872081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 196.189.21.247 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.189.21.247"; classtype:trojan-activity; sid:37872091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.15.152 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.15.152"; classtype:trojan-activity; sid:37872101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.250.187.83 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.250.187.83"; classtype:trojan-activity; sid:37872111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 121.149.208.117 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.149.208.117"; classtype:trojan-activity; sid:37872121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.122.198.75 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.122.198.75"; classtype:trojan-activity; sid:37872131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.7.206.13 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.7.206.13"; classtype:trojan-activity; sid:37872141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 152.32.243.231 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.243.231"; classtype:trojan-activity; sid:37872151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 37.27.44.93 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.27.44.93"; classtype:trojan-activity; sid:37872161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.253.9 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.253.9"; classtype:trojan-activity; sid:37872171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 183.251.101.246 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.251.101.246"; classtype:trojan-activity; sid:37872181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.65.151.241 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.151.241"; classtype:trojan-activity; sid:37872191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.105.59 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.105.59"; classtype:trojan-activity; sid:37872201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.153.29 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.153.29"; classtype:trojan-activity; sid:37872211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.122.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.122.54"; classtype:trojan-activity; sid:37872221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 23.94.43.131 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.43.131"; classtype:trojan-activity; sid:37872231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 110.137.195.137 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.137.195.137"; classtype:trojan-activity; sid:37872241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 117.185.38.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.185.38.2"; classtype:trojan-activity; sid:37872251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 36.64.217.27 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.64.217.27"; classtype:trojan-activity; sid:37872261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.12.189.70 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.189.70"; classtype:trojan-activity; sid:37872271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 222.120.84.218 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.120.84.218"; classtype:trojan-activity; sid:37872281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 223.247.145.225 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.247.145.225"; classtype:trojan-activity; sid:37872291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 123.150.9.164 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.150.9.164"; classtype:trojan-activity; sid:37872301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.223.162.68 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.162.68"; classtype:trojan-activity; sid:37872311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 60.170.105.154 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.170.105.154"; classtype:trojan-activity; sid:37872321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.180.207 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.180.207"; classtype:trojan-activity; sid:37872331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.228.181 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.228.181"; classtype:trojan-activity; sid:37872341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 23.95.213.146 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.95.213.146"; classtype:trojan-activity; sid:37872351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 47.94.88.116 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.94.88.116"; classtype:trojan-activity; sid:37872361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 202.51.214.98 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.51.214.98"; classtype:trojan-activity; sid:37872371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.51.149 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.51.149"; classtype:trojan-activity; sid:37872381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.154.139.41 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.154.139.41"; classtype:trojan-activity; sid:37872391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 188.166.236.219 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.236.219"; classtype:trojan-activity; sid:37872401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 89.132.167.147 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.132.167.147"; classtype:trojan-activity; sid:37872411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 186.96.156.95 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.96.156.95"; classtype:trojan-activity; sid:37872421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.214.116 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.214.116"; classtype:trojan-activity; sid:37872431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.165.37 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.165.37"; classtype:trojan-activity; sid:37872441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 223.240.93.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.240.93.54"; classtype:trojan-activity; sid:37872451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 35.199.95.142 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.199.95.142"; classtype:trojan-activity; sid:37872461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 108.165.94.169 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.165.94.169"; classtype:trojan-activity; sid:37872471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 137.184.226.1 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.226.1"; classtype:trojan-activity; sid:37872481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.216.46 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.216.46"; classtype:trojan-activity; sid:37872491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.210.67 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.210.67"; classtype:trojan-activity; sid:37872501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.133.217 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.133.217"; classtype:trojan-activity; sid:37872511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 138.197.95.198 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.95.198"; classtype:trojan-activity; sid:37872521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 143.198.137.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.137.192"; classtype:trojan-activity; sid:37872531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.130.242.4 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.242.4"; classtype:trojan-activity; sid:37872541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.212.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.212.126"; classtype:trojan-activity; sid:37872551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 142.93.217.8 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.217.8"; classtype:trojan-activity; sid:37872561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 121.183.30.17 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.183.30.17"; classtype:trojan-activity; sid:37872571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 171.248.161.58 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.248.161.58"; classtype:trojan-activity; sid:37872581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.109.24.150 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.24.150"; classtype:trojan-activity; sid:37872591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.207.113.73 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.207.113.73"; classtype:trojan-activity; sid:37872601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.171.131 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.171.131"; classtype:trojan-activity; sid:37872611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.223.130.202 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.130.202"; classtype:trojan-activity; sid:37872621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.51.206.48 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.206.48"; classtype:trojan-activity; sid:37872631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 62.72.46.45 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.72.46.45"; classtype:trojan-activity; sid:37872641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.212.74.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.212.74.3"; classtype:trojan-activity; sid:37872651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.250.49.188 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.188"; classtype:trojan-activity; sid:37872661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.112.121 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.112.121"; classtype:trojan-activity; sid:37872671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 139.198.174.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.198.174.192"; classtype:trojan-activity; sid:37872681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 23.94.43.59 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.43.59"; classtype:trojan-activity; sid:37872691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 213.170.91.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.170.91.2"; classtype:trojan-activity; sid:37872701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 110.45.145.182 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.45.145.182"; classtype:trojan-activity; sid:37872711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.174.134.189 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.174.134.189"; classtype:trojan-activity; sid:37872721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.105.212.59 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.105.212.59"; classtype:trojan-activity; sid:37872731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 36.81.64.204 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.81.64.204"; classtype:trojan-activity; sid:37872741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.214.53 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.214.53"; classtype:trojan-activity; sid:37872751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.144.87.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.144.87.192"; classtype:trojan-activity; sid:37872761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.154.14.47 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.154.14.47"; classtype:trojan-activity; sid:37872771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 137.184.3.252 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.3.252"; classtype:trojan-activity; sid:37872791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 151.177.201.230 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.177.201.230"; classtype:trojan-activity; sid:37872801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.145.67 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.145.67"; classtype:trojan-activity; sid:37872811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.55.64.140 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.55.64.140"; classtype:trojan-activity; sid:37872821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 157.245.219.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.219.192"; classtype:trojan-activity; sid:37872831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 183.105.71.89 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.105.71.89"; classtype:trojan-activity; sid:37872841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.63.76 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.63.76"; classtype:trojan-activity; sid:37872851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.108.32 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.108.32"; classtype:trojan-activity; sid:37872861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 52.187.9.8 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.187.9.8"; classtype:trojan-activity; sid:37872871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.90.130 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.90.130"; classtype:trojan-activity; sid:37872881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 179.107.107.139 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.107.107.139"; classtype:trojan-activity; sid:37872891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 128.199.113.236 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.113.236"; classtype:trojan-activity; sid:37872901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.178.97.212 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.97.212"; classtype:trojan-activity; sid:37872911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.240.198 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.240.198"; classtype:trojan-activity; sid:37872921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.184.29 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.184.29"; classtype:trojan-activity; sid:37872931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 152.32.156.127 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.156.127"; classtype:trojan-activity; sid:37872941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.109.198.141 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.198.141"; classtype:trojan-activity; sid:37872951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.39.184.131 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.39.184.131"; classtype:trojan-activity; sid:37872961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.159.62.162 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.62.162"; classtype:trojan-activity; sid:37872971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.227.232 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.227.232"; classtype:trojan-activity; sid:37872981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.114.197 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.114.197"; classtype:trojan-activity; sid:37872991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 85.164.252.170 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.164.252.170"; classtype:trojan-activity; sid:37873001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.229.65.26 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.229.65.26"; classtype:trojan-activity; sid:37873011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.208.175 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.208.175"; classtype:trojan-activity; sid:37873021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.209.230.167 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.209.230.167"; classtype:trojan-activity; sid:37873031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 144.172.83.85 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.172.83.85"; classtype:trojan-activity; sid:37873041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.195.123 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.195.123"; classtype:trojan-activity; sid:37873051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 189.124.17.190 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.124.17.190"; classtype:trojan-activity; sid:37873061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.234.182 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.234.182"; classtype:trojan-activity; sid:37873071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.85.155.236 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.85.155.236"; classtype:trojan-activity; sid:37873081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 95.173.191.84 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.173.191.84"; classtype:trojan-activity; sid:37873091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.102.169 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.102.169"; classtype:trojan-activity; sid:37873101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 64.227.185.138 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.185.138"; classtype:trojan-activity; sid:37873111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 34.66.142.113 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.66.142.113"; classtype:trojan-activity; sid:37873121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 189.251.201.244 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.251.201.244"; classtype:trojan-activity; sid:37873131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.226.92 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.226.92"; classtype:trojan-activity; sid:37873141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 117.50.118.202 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.118.202"; classtype:trojan-activity; sid:37873151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.223.49.236 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.49.236"; classtype:trojan-activity; sid:37873161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 128.199.15.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.15.54"; classtype:trojan-activity; sid:37873171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 114.132.87.249 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.87.249"; classtype:trojan-activity; sid:37873181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.18.118.44 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.18.118.44"; classtype:trojan-activity; sid:37873191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 207.154.228.74 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.154.228.74"; classtype:trojan-activity; sid:37873201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 121.162.221.103 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.162.221.103"; classtype:trojan-activity; sid:37873211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 171.244.42.244 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.244.42.244"; classtype:trojan-activity; sid:37873221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.105 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.105"; classtype:trojan-activity; sid:37873231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.103.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.103.5"; classtype:trojan-activity; sid:37873241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 152.89.233.169 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.89.233.169"; classtype:trojan-activity; sid:37873251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 193.239.232.228 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.239.232.228"; classtype:trojan-activity; sid:37873261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.67.82.114 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.67.82.114"; classtype:trojan-activity; sid:37873271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.101 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.101"; classtype:trojan-activity; sid:37873281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.247.74.27 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.247.74.27"; classtype:trojan-activity; sid:37873291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 143.92.62.29 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.92.62.29"; classtype:trojan-activity; sid:37873301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.176 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.176"; classtype:trojan-activity; sid:37873311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 54.38.55.13 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.38.55.13"; classtype:trojan-activity; sid:37873321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.51.75.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.75.178"; classtype:trojan-activity; sid:37873331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 193.112.106.70 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.112.106.70"; classtype:trojan-activity; sid:37873341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.216.159.62 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.216.159.62"; classtype:trojan-activity; sid:37873351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.106.195.38 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.195.38"; classtype:trojan-activity; sid:37873361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.4.110 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.4.110"; classtype:trojan-activity; sid:37873371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.203.153 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.203.153"; classtype:trojan-activity; sid:37873381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.69.180 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.69.180"; classtype:trojan-activity; sid:37873391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.241.157.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.157.126"; classtype:trojan-activity; sid:37873401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 89.132.160.252 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.132.160.252"; classtype:trojan-activity; sid:37873411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 139.59.226.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.226.77"; classtype:trojan-activity; sid:37873421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.214.247 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.214.247"; classtype:trojan-activity; sid:37873431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.136.115.167 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.115.167"; classtype:trojan-activity; sid:37873441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.227.224.30 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.224.30"; classtype:trojan-activity; sid:37873451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.81.201 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.81.201"; classtype:trojan-activity; sid:37873461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.230.235.117 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.230.235.117"; classtype:trojan-activity; sid:37873471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 35.219.62.194 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.219.62.194"; classtype:trojan-activity; sid:37873481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.25.47.94 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.25.47.94"; classtype:trojan-activity; sid:37873491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.133.214.231 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.133.214.231"; classtype:trojan-activity; sid:37873501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.28.156.59 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.156.59"; classtype:trojan-activity; sid:37873511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.136.76.241 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.76.241"; classtype:trojan-activity; sid:37873521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.37.230 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.37.230"; classtype:trojan-activity; sid:37873531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 222.70.240.152 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.70.240.152"; classtype:trojan-activity; sid:37873541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.93.23 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.93.23"; classtype:trojan-activity; sid:37873551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 113.52.149.247 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.52.149.247"; classtype:trojan-activity; sid:37873561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 178.208.132.38 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.208.132.38"; classtype:trojan-activity; sid:37873571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.90.225.4 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.90.225.4"; classtype:trojan-activity; sid:37873581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 84.42.28.190 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.42.28.190"; classtype:trojan-activity; sid:37873591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.201.222 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.201.222"; classtype:trojan-activity; sid:37873601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 50.116.24.112 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.116.24.112"; classtype:trojan-activity; sid:37873611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.34.105 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.34.105"; classtype:trojan-activity; sid:37873621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.210.137.200 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.210.137.200"; classtype:trojan-activity; sid:37873631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.250.49.72 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.72"; classtype:trojan-activity; sid:37873641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 61.72.55.130 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.72.55.130"; classtype:trojan-activity; sid:37873651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.101.160.198 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.101.160.198"; classtype:trojan-activity; sid:37873661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 222.240.1.12 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.240.1.12"; classtype:trojan-activity; sid:37873671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 46.101.146.252 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.146.252"; classtype:trojan-activity; sid:37873681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.12.63 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.12.63"; classtype:trojan-activity; sid:37873691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 138.204.127.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.204.127.54"; classtype:trojan-activity; sid:37873701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.254.28 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.254.28"; classtype:trojan-activity; sid:37873711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 94.103.124.97 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.103.124.97"; classtype:trojan-activity; sid:37873721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 1.116.182.250 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.116.182.250"; classtype:trojan-activity; sid:37873731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 64.226.70.129 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.226.70.129"; classtype:trojan-activity; sid:37873741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 174.138.72.191 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.72.191"; classtype:trojan-activity; sid:37873751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 47.234.143.55 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.234.143.55"; classtype:trojan-activity; sid:37873761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 217.199.4.106 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.199.4.106"; classtype:trojan-activity; sid:37873771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.26.36.15 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.26.36.15"; classtype:trojan-activity; sid:37873781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.157.181 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.157.181"; classtype:trojan-activity; sid:37873791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.0.200.227 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.0.200.227"; classtype:trojan-activity; sid:37873801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.62.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.62.192"; classtype:trojan-activity; sid:37873811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 152.136.23.181 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.23.181"; classtype:trojan-activity; sid:37873821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.165.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.165.54"; classtype:trojan-activity; sid:37873831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 78.47.129.226 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.47.129.226"; classtype:trojan-activity; sid:37873841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.13.117.39 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.13.117.39"; classtype:trojan-activity; sid:37873851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.78.165.229 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.78.165.229"; classtype:trojan-activity; sid:37873861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.246.113 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.246.113"; classtype:trojan-activity; sid:37873871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.250.49.108 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.108"; classtype:trojan-activity; sid:37873881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.178.114.15 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.114.15"; classtype:trojan-activity; sid:37873891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 218.78.87.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.78.87.195"; classtype:trojan-activity; sid:37873901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 113.132.215.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.132.215.3"; classtype:trojan-activity; sid:37873911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.138.205.16 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.205.16"; classtype:trojan-activity; sid:37873921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.34.210.142 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.210.142"; classtype:trojan-activity; sid:37873931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 72.83.65.190 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.83.65.190"; classtype:trojan-activity; sid:37873941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.109.246.107 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.246.107"; classtype:trojan-activity; sid:37873951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.124.98 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.124.98"; classtype:trojan-activity; sid:37873961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.139.247.180 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.247.180"; classtype:trojan-activity; sid:37873971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.174.31 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.174.31"; classtype:trojan-activity; sid:37873981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.65.21 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.65.21"; classtype:trojan-activity; sid:37873991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.159.36.174 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.36.174"; classtype:trojan-activity; sid:37874001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.152.148 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.152.148"; classtype:trojan-activity; sid:37874011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.158.94.132 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.94.132"; classtype:trojan-activity; sid:37874021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 114.206.23.151 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.206.23.151"; classtype:trojan-activity; sid:37874031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.204.208 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.204.208"; classtype:trojan-activity; sid:37874041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.195.243.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.243.192"; classtype:trojan-activity; sid:37874051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.248.120.6 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.248.120.6"; classtype:trojan-activity; sid:37874061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.113.241 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.113.241"; classtype:trojan-activity; sid:37874071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.222.137.19 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.137.19"; classtype:trojan-activity; sid:37874081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.168.103 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.168.103"; classtype:trojan-activity; sid:37874091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.207.8.154 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.207.8.154"; classtype:trojan-activity; sid:37874101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.37.160 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.37.160"; classtype:trojan-activity; sid:37874111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.219.123 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.219.123"; classtype:trojan-activity; sid:37874121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.139.203.204 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.203.204"; classtype:trojan-activity; sid:37874131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 5.75.151.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.75.151.5"; classtype:trojan-activity; sid:37874141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 84.2.226.70 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.2.226.70"; classtype:trojan-activity; sid:37874151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 75.51.10.234 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.51.10.234"; classtype:trojan-activity; sid:37874161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.145.61 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.145.61"; classtype:trojan-activity; sid:37874171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 152.32.199.26 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.199.26"; classtype:trojan-activity; sid:37874181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 151.232.68.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.232.68.54"; classtype:trojan-activity; sid:37874191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.3.149 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.3.149"; classtype:trojan-activity; sid:37874201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.232.217.10 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.217.10"; classtype:trojan-activity; sid:37874211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.204.176 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.204.176"; classtype:trojan-activity; sid:37874221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 5.141.138.6 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.141.138.6"; classtype:trojan-activity; sid:37874231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.154.89.250 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.154.89.250"; classtype:trojan-activity; sid:37874241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 153.231.233.76 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.231.233.76"; classtype:trojan-activity; sid:37874251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 202.53.175.36 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.53.175.36"; classtype:trojan-activity; sid:37874261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 194.36.209.189 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.36.209.189"; classtype:trojan-activity; sid:37874271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 105.27.124.166 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 105.27.124.166"; classtype:trojan-activity; sid:37874281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.62.126.85 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.126.85"; classtype:trojan-activity; sid:37874291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 58.222.244.226 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.222.244.226"; classtype:trojan-activity; sid:37874301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 74.48.173.190 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.173.190"; classtype:trojan-activity; sid:37874311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 64.227.149.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.149.3"; classtype:trojan-activity; sid:37874321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.178.120.91 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.120.91"; classtype:trojan-activity; sid:37874331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 218.156.108.222 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.156.108.222"; classtype:trojan-activity; sid:37874341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.154.89.255 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.154.89.255"; classtype:trojan-activity; sid:37874351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 128.199.154.13 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.154.13"; classtype:trojan-activity; sid:37874361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 35.194.159.73 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.194.159.73"; classtype:trojan-activity; sid:37874371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.239.153.131 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.239.153.131"; classtype:trojan-activity; sid:37874381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 134.209.157.237 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.157.237"; classtype:trojan-activity; sid:37874391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 172.191.115.117 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.191.115.117"; classtype:trojan-activity; sid:37874401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 220.180.112.208 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.180.112.208"; classtype:trojan-activity; sid:37874411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 8.210.81.228 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.210.81.228"; classtype:trojan-activity; sid:37874421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.255.90.70 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.255.90.70"; classtype:trojan-activity; sid:37874431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 110.42.192.78 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.192.78"; classtype:trojan-activity; sid:37874441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 142.93.229.57 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.229.57"; classtype:trojan-activity; sid:37874451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 204.48.20.55 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.48.20.55"; classtype:trojan-activity; sid:37874461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 54.234.51.143 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.234.51.143"; classtype:trojan-activity; sid:37874471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 195.209.55.56 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.209.55.56"; classtype:trojan-activity; sid:37874481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.59.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.59.126"; classtype:trojan-activity; sid:37874491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.154.89.245 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.154.89.245"; classtype:trojan-activity; sid:37874501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 46.101.127.228 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.127.228"; classtype:trojan-activity; sid:37874511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.25.138.222 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.138.222"; classtype:trojan-activity; sid:37874521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.13.252 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.13.252"; classtype:trojan-activity; sid:37874531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 96.71.234.189 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.71.234.189"; classtype:trojan-activity; sid:37874541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 37.58.18.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.58.18.178"; classtype:trojan-activity; sid:37874551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.171.162.91 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.171.162.91"; classtype:trojan-activity; sid:37874561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.229.145.144 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.145.144"; classtype:trojan-activity; sid:37874571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 158.101.233.67 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.101.233.67"; classtype:trojan-activity; sid:37874581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.109.195.48 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.195.48"; classtype:trojan-activity; sid:37874591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 218.7.217.229 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.7.217.229"; classtype:trojan-activity; sid:37874601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 202.51.208.170 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.51.208.170"; classtype:trojan-activity; sid:37874611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.144.58 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.144.58"; classtype:trojan-activity; sid:37874621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.14.20 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.14.20"; classtype:trojan-activity; sid:37874631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 36.99.47.28 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.99.47.28"; classtype:trojan-activity; sid:37874641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 173.230.132.92 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.230.132.92"; classtype:trojan-activity; sid:37874651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 137.184.76.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.76.77"; classtype:trojan-activity; sid:37874661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.220.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.220.126"; classtype:trojan-activity; sid:37874671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 117.72.12.95 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.12.95"; classtype:trojan-activity; sid:37874681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.51.40.229 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.40.229"; classtype:trojan-activity; sid:37874691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.206.252.16 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.206.252.16"; classtype:trojan-activity; sid:37874701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.144.232.65 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.144.232.65"; classtype:trojan-activity; sid:37874711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.193.78.227 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.78.227"; classtype:trojan-activity; sid:37874721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.227.64.197 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.227.64.197"; classtype:trojan-activity; sid:37874731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 84.247.177.215 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.247.177.215"; classtype:trojan-activity; sid:37874741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 122.51.116.27 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.116.27"; classtype:trojan-activity; sid:37874751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.200.144 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.200.144"; classtype:trojan-activity; sid:37874761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.30.179 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.30.179"; classtype:trojan-activity; sid:37874771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 183.129.205.118 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.129.205.118"; classtype:trojan-activity; sid:37874781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 123.207.74.26 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.74.26"; classtype:trojan-activity; sid:37874791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.75.126.13 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.126.13"; classtype:trojan-activity; sid:37874801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.138.201.168 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.201.168"; classtype:trojan-activity; sid:37874811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 121.204.164.96 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.204.164.96"; classtype:trojan-activity; sid:37874821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 50.58.197.247 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.58.197.247"; classtype:trojan-activity; sid:37874831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.222.156.161 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.156.161"; classtype:trojan-activity; sid:37874841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.42.133.43 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.42.133.43"; classtype:trojan-activity; sid:37874851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.22.108.43 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.108.43"; classtype:trojan-activity; sid:37874861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.23.218.163 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.23.218.163"; classtype:trojan-activity; sid:37874871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.28.157.22 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.157.22"; classtype:trojan-activity; sid:37874881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.140.198.70 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.198.70"; classtype:trojan-activity; sid:37874891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 167.71.196.217 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.196.217"; classtype:trojan-activity; sid:37874901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.112.82 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.112.82"; classtype:trojan-activity; sid:37874911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 37.32.31.116 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.32.31.116"; classtype:trojan-activity; sid:37874921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 190.57.141.122 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.57.141.122"; classtype:trojan-activity; sid:37874931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.44.198 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.44.198"; classtype:trojan-activity; sid:37874941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.223.69.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.69.2"; classtype:trojan-activity; sid:37874951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 120.48.45.8 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.45.8"; classtype:trojan-activity; sid:37874961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 190.120.231.29 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.120.231.29"; classtype:trojan-activity; sid:37874971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.110.228 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.110.228"; classtype:trojan-activity; sid:37874981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 157.245.153.236 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.153.236"; classtype:trojan-activity; sid:37874991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 140.246.72.37 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.246.72.37"; classtype:trojan-activity; sid:37875001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.159.45.36 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.45.36"; classtype:trojan-activity; sid:37875011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.184.44.169 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.184.44.169"; classtype:trojan-activity; sid:37875021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.71.29 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.71.29"; classtype:trojan-activity; sid:37875031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.229.141.41 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.141.41"; classtype:trojan-activity; sid:37875041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.244.31 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.244.31"; classtype:trojan-activity; sid:37875051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.52.219.95 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.219.95"; classtype:trojan-activity; sid:37875061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.54.223.124 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.223.124"; classtype:trojan-activity; sid:37875071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.158.80.130 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.158.80.130"; classtype:trojan-activity; sid:37875081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.42.254.78 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.254.78"; classtype:trojan-activity; sid:37875091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.149.36 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.149.36"; classtype:trojan-activity; sid:37875101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 47.102.147.59 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.102.147.59"; classtype:trojan-activity; sid:37875111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.51.242.95 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.242.95"; classtype:trojan-activity; sid:37875121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.182.25 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.182.25"; classtype:trojan-activity; sid:37875131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 189.6.45.130 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.6.45.130"; classtype:trojan-activity; sid:37875141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 203.195.157.137 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.195.157.137"; classtype:trojan-activity; sid:37875151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 186.67.248.6 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.67.248.6"; classtype:trojan-activity; sid:37875161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.70.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.70.178"; classtype:trojan-activity; sid:37875171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.90.173.220 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.90.173.220"; classtype:trojan-activity; sid:37875181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 128.199.148.220 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.148.220"; classtype:trojan-activity; sid:37875191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 36.134.203.34 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.134.203.34"; classtype:trojan-activity; sid:37875201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 79.137.198.67 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.137.198.67"; classtype:trojan-activity; sid:37875211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.179.106 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.179.106"; classtype:trojan-activity; sid:37875221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.180.115 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.180.115"; classtype:trojan-activity; sid:37875231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 65.49.219.68 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.49.219.68"; classtype:trojan-activity; sid:37875241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.75.169.59 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.169.59"; classtype:trojan-activity; sid:37875251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.139.203.67 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.203.67"; classtype:trojan-activity; sid:37875261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.227.89.165 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.227.89.165"; classtype:trojan-activity; sid:37875271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 89.252.131.116 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.252.131.116"; classtype:trojan-activity; sid:37875281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 174.138.10.205 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.10.205"; classtype:trojan-activity; sid:37875291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.248.144.252 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.144.252"; classtype:trojan-activity; sid:37875301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 27.254.149.199 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.254.149.199"; classtype:trojan-activity; sid:37875311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.35.181.230 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.181.230"; classtype:trojan-activity; sid:37875321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.51.48.209 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.48.209"; classtype:trojan-activity; sid:37875331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 114.132.236.95 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.236.95"; classtype:trojan-activity; sid:37875341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 128.199.33.46 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.33.46"; classtype:trojan-activity; sid:37875351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 121.5.224.11 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.5.224.11"; classtype:trojan-activity; sid:37875361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 139.135.127.212 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.135.127.212"; classtype:trojan-activity; sid:37875371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 79.174.36.193 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.174.36.193"; classtype:trojan-activity; sid:37875381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 186.67.248.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.67.248.5"; classtype:trojan-activity; sid:37875391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 20.223.180.182 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.223.180.182"; classtype:trojan-activity; sid:37875401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.194.226.212 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.226.212"; classtype:trojan-activity; sid:37875411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.83.137 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.83.137"; classtype:trojan-activity; sid:37875421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.230.115.124 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.115.124"; classtype:trojan-activity; sid:37875431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.108.108 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.108.108"; classtype:trojan-activity; sid:37875441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.130.11.200 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.11.200"; classtype:trojan-activity; sid:37875451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.232.214.57 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.214.57"; classtype:trojan-activity; sid:37875461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.170.69 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.170.69"; classtype:trojan-activity; sid:37875471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 188.166.58.249 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.58.249"; classtype:trojan-activity; sid:37875481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.174.176 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.174.176"; classtype:trojan-activity; sid:37875491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.244.252 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.244.252"; classtype:trojan-activity; sid:37875501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.136.59.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.59.77"; classtype:trojan-activity; sid:37875511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.236.253.20 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.253.20"; classtype:trojan-activity; sid:37875521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 2.42.197.250 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.42.197.250"; classtype:trojan-activity; sid:37875531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.130.249.142 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.249.142"; classtype:trojan-activity; sid:37875541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.155.251 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.155.251"; classtype:trojan-activity; sid:37875551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 143.198.146.239 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.146.239"; classtype:trojan-activity; sid:37875561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 128.199.194.1 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.194.1"; classtype:trojan-activity; sid:37875571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 122.166.156.246 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.166.156.246"; classtype:trojan-activity; sid:37875581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.184.190 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.184.190"; classtype:trojan-activity; sid:37875591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 195.211.124.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.211.124.77"; classtype:trojan-activity; sid:37875601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 64.23.204.29 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.204.29"; classtype:trojan-activity; sid:37875611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 193.233.133.154 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.233.133.154"; classtype:trojan-activity; sid:37875621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 137.184.20.205 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.20.205"; classtype:trojan-activity; sid:37875631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.255.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.255.3"; classtype:trojan-activity; sid:37875641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 218.245.5.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.245.5.178"; classtype:trojan-activity; sid:37875651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.146.140.79 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.146.140.79"; classtype:trojan-activity; sid:37875661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.130.246.13 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.246.13"; classtype:trojan-activity; sid:37875671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.33.252 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.33.252"; classtype:trojan-activity; sid:37875681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 221.161.235.166 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.161.235.166"; classtype:trojan-activity; sid:37875691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.227.2.84 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.227.2.84"; classtype:trojan-activity; sid:37875701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 84.227.185.213 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.227.185.213"; classtype:trojan-activity; sid:37875711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.220.178.123 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.220.178.123"; classtype:trojan-activity; sid:37875721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 164.90.199.99 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.199.99"; classtype:trojan-activity; sid:37875731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 201.234.66.133 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.234.66.133"; classtype:trojan-activity; sid:37875741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.238.81.40 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.238.81.40"; classtype:trojan-activity; sid:37875751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.62.225.170 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.225.170"; classtype:trojan-activity; sid:37875761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 168.75.69.53 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.75.69.53"; classtype:trojan-activity; sid:37875771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 180.118.219.59 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.118.219.59"; classtype:trojan-activity; sid:37875781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 81.70.100.245 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.100.245"; classtype:trojan-activity; sid:37875791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.109.215 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.109.215"; classtype:trojan-activity; sid:37875801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 223.26.75.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.26.75.126"; classtype:trojan-activity; sid:37875811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.102.12.130 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.102.12.130"; classtype:trojan-activity; sid:37875821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.181.149 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.181.149"; classtype:trojan-activity; sid:37875831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 149.104.28.31 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.104.28.31"; classtype:trojan-activity; sid:37875841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.216.221 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.216.221"; classtype:trojan-activity; sid:37875851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 188.128.82.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.128.82.178"; classtype:trojan-activity; sid:37875861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.250.34.202 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.34.202"; classtype:trojan-activity; sid:37875871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 146.190.97.88 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.97.88"; classtype:trojan-activity; sid:37875881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 125.124.64.40 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.124.64.40"; classtype:trojan-activity; sid:37875891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.67.75 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.67.75"; classtype:trojan-activity; sid:37875901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 125.124.113.133 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.124.113.133"; classtype:trojan-activity; sid:37875911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.126.143 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.126.143"; classtype:trojan-activity; sid:37875921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 114.67.94.113 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.67.94.113"; classtype:trojan-activity; sid:37875931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.132.192.111 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.192.111"; classtype:trojan-activity; sid:37875941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 102.220.23.104 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.220.23.104"; classtype:trojan-activity; sid:37875951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 51.178.43.161 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.178.43.161"; classtype:trojan-activity; sid:37875961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 137.220.228.67 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.220.228.67"; classtype:trojan-activity; sid:37875971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.52.250.180 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.250.180"; classtype:trojan-activity; sid:37875981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 222.211.70.48 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.211.70.48"; classtype:trojan-activity; sid:37875991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 135.181.249.42 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 135.181.249.42"; classtype:trojan-activity; sid:37876001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.89.132.160 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.132.160"; classtype:trojan-activity; sid:37876011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.223.20.12 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.223.20.12"; classtype:trojan-activity; sid:37876021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 77.232.130.185 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.232.130.185"; classtype:trojan-activity; sid:37876031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.178.28.53 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.28.53"; classtype:trojan-activity; sid:37876041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.43.112.89 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.112.89"; classtype:trojan-activity; sid:37876051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.207.142 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.207.142"; classtype:trojan-activity; sid:37876061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.194.200.114 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.200.114"; classtype:trojan-activity; sid:37876071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 197.157.17.151 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.157.17.151"; classtype:trojan-activity; sid:37876081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 203.135.50.45 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.135.50.45"; classtype:trojan-activity; sid:37876091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 152.136.49.35 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.49.35"; classtype:trojan-activity; sid:37876101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 93.84.100.70 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.84.100.70"; classtype:trojan-activity; sid:37876111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 206.238.76.92 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.238.76.92"; classtype:trojan-activity; sid:37876121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 193.151.140.145 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.140.145"; classtype:trojan-activity; sid:37876131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.206.232.123 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.206.232.123"; classtype:trojan-activity; sid:37876141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.142.61.21 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.61.21"; classtype:trojan-activity; sid:37876151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 178.128.92.6 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.92.6"; classtype:trojan-activity; sid:37876161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 51.79.230.233 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.79.230.233"; classtype:trojan-activity; sid:37876171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 173.212.202.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.212.202.192"; classtype:trojan-activity; sid:37876181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.88.68 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.88.68"; classtype:trojan-activity; sid:37876191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.222.14.83 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.14.83"; classtype:trojan-activity; sid:37876201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.219.74 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.219.74"; classtype:trojan-activity; sid:37876211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 178.176.250.39 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.176.250.39"; classtype:trojan-activity; sid:37876221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 84.247.179.0 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.247.179.0"; classtype:trojan-activity; sid:37876231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 203.161.59.133 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.161.59.133"; classtype:trojan-activity; sid:37876241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 86.57.244.81 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.57.244.81"; classtype:trojan-activity; sid:37876251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 31.210.220.97 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.210.220.97"; classtype:trojan-activity; sid:37876261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.32.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.32.77"; classtype:trojan-activity; sid:37876271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.154.179.9 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.179.9"; classtype:trojan-activity; sid:37876281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.106.52.56 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.52.56"; classtype:trojan-activity; sid:37876291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 138.197.28.52 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.28.52"; classtype:trojan-activity; sid:37876301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 161.10.247.113 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.10.247.113"; classtype:trojan-activity; sid:37876311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.72.146 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.72.146"; classtype:trojan-activity; sid:37876321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.177.131 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.177.131"; classtype:trojan-activity; sid:37876331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 62.60.143.27 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.60.143.27"; classtype:trojan-activity; sid:37876341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 187.189.221.60 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.189.221.60"; classtype:trojan-activity; sid:37876351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 122.155.197.128 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.155.197.128"; classtype:trojan-activity; sid:37876361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.221.152.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.152.3"; classtype:trojan-activity; sid:37876371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.81.223.81 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.81.223.81"; classtype:trojan-activity; sid:37876381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.238.199.145 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.238.199.145"; classtype:trojan-activity; sid:37876391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.252.31.99 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.252.31.99"; classtype:trojan-activity; sid:37876401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 35.238.79.207 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.238.79.207"; classtype:trojan-activity; sid:37876411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.155.43 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.155.43"; classtype:trojan-activity; sid:37876421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.56.88.203 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.56.88.203"; classtype:trojan-activity; sid:37876431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 76.191.33.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 76.191.33.5"; classtype:trojan-activity; sid:37876441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 120.232.250.219 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.232.250.219"; classtype:trojan-activity; sid:37876451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.35.45.55 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.45.55"; classtype:trojan-activity; sid:37876461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 180.76.119.251 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.119.251"; classtype:trojan-activity; sid:37876471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 174.138.24.127 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.24.127"; classtype:trojan-activity; sid:37876481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.101.4 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.101.4"; classtype:trojan-activity; sid:37876491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.32.11 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.32.11"; classtype:trojan-activity; sid:37876501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 113.31.124.153 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.31.124.153"; classtype:trojan-activity; sid:37876511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.227.163 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.227.163"; classtype:trojan-activity; sid:37876521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.195.36 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.195.36"; classtype:trojan-activity; sid:37876531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.229.162.163 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.162.163"; classtype:trojan-activity; sid:37876541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.250.185.154 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.250.185.154"; classtype:trojan-activity; sid:37876551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 77.125.144.232 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.125.144.232"; classtype:trojan-activity; sid:37876561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 122.51.230.162 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.230.162"; classtype:trojan-activity; sid:37876571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.207.28 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.207.28"; classtype:trojan-activity; sid:37876581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 114.132.247.110 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.247.110"; classtype:trojan-activity; sid:37876591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.1.2.139 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.1.2.139"; classtype:trojan-activity; sid:37876601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.96.73.135 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.96.73.135"; classtype:trojan-activity; sid:37876611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 143.244.144.227 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.244.144.227"; classtype:trojan-activity; sid:37876621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.16.114 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.16.114"; classtype:trojan-activity; sid:37876631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.137.42.43 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.137.42.43"; classtype:trojan-activity; sid:37876641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.158.7.254 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.7.254"; classtype:trojan-activity; sid:37876651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.33.213.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.213.195"; classtype:trojan-activity; sid:37876661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.229.67.80 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.67.80"; classtype:trojan-activity; sid:37876671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.75.81.177 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.81.177"; classtype:trojan-activity; sid:37876681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.200.213 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.200.213"; classtype:trojan-activity; sid:37876691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 89.208.104.147 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.208.104.147"; classtype:trojan-activity; sid:37876701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.75.177 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.75.177"; classtype:trojan-activity; sid:37876711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.138.226.122 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.226.122"; classtype:trojan-activity; sid:37876721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.136.121.226 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.121.226"; classtype:trojan-activity; sid:37876731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 97.74.85.237 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 97.74.85.237"; classtype:trojan-activity; sid:37876741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.146.149 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.146.149"; classtype:trojan-activity; sid:37876751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.199.31 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.199.31"; classtype:trojan-activity; sid:37876761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 188.166.105.120 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.105.120"; classtype:trojan-activity; sid:37876771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.100.24.139 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.100.24.139"; classtype:trojan-activity; sid:37876781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 139.224.69.233 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.224.69.233"; classtype:trojan-activity; sid:37876791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.153.54.88 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.153.54.88"; classtype:trojan-activity; sid:37876801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.96.159.237 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.159.237"; classtype:trojan-activity; sid:37876811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.79.95 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.79.95"; classtype:trojan-activity; sid:37876821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.131.63 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.131.63"; classtype:trojan-activity; sid:37876831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 186.233.204.9 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.233.204.9"; classtype:trojan-activity; sid:37876841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.91.153.104 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.153.104"; classtype:trojan-activity; sid:37876851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.25.182.157 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.182.157"; classtype:trojan-activity; sid:37876861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 37.120.222.224 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.120.222.224"; classtype:trojan-activity; sid:37876871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.77.240.250 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.77.240.250"; classtype:trojan-activity; sid:37876881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.122.96.203 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.122.96.203"; classtype:trojan-activity; sid:37876891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.75.74.120 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.74.120"; classtype:trojan-activity; sid:37876901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.139.216.197 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.216.197"; classtype:trojan-activity; sid:37876911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.67.85 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.67.85"; classtype:trojan-activity; sid:37876921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 206.189.141.87 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.141.87"; classtype:trojan-activity; sid:37876931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 62.234.2.105 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.2.105"; classtype:trojan-activity; sid:37876941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 5.255.115.228 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.255.115.228"; classtype:trojan-activity; sid:37876951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.193.140.169 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.140.169"; classtype:trojan-activity; sid:37876961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 90.156.226.110 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.156.226.110"; classtype:trojan-activity; sid:37876971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 178.22.168.219 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.22.168.219"; classtype:trojan-activity; sid:37876981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.38.187 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.38.187"; classtype:trojan-activity; sid:37876991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 186.139.227.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.139.227.195"; classtype:trojan-activity; sid:37877001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 202.157.185.152 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.185.152"; classtype:trojan-activity; sid:37877011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 95.165.89.212 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.165.89.212"; classtype:trojan-activity; sid:37877021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.62.132.206 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.132.206"; classtype:trojan-activity; sid:37877031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.192.131.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.131.77"; classtype:trojan-activity; sid:37877051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 193.151.143.101 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.143.101"; classtype:trojan-activity; sid:37877061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.174.43 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.174.43"; classtype:trojan-activity; sid:37877071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 200.174.198.155 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.174.198.155"; classtype:trojan-activity; sid:37877081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 5.34.198.88 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.34.198.88"; classtype:trojan-activity; sid:37877091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 89.185.85.104 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.185.85.104"; classtype:trojan-activity; sid:37877101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 184.168.121.83 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.168.121.83"; classtype:trojan-activity; sid:37877111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.237.143 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.237.143"; classtype:trojan-activity; sid:37877121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 20.206.107.214 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.206.107.214"; classtype:trojan-activity; sid:37877131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 167.99.243.125 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.243.125"; classtype:trojan-activity; sid:37877141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.12.131.244 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.131.244"; classtype:trojan-activity; sid:37877151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 195.161.62.95 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.161.62.95"; classtype:trojan-activity; sid:37877161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.154.93.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.93.77"; classtype:trojan-activity; sid:37877171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.42.60 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.42.60"; classtype:trojan-activity; sid:37877181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 161.132.48.76 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.132.48.76"; classtype:trojan-activity; sid:37877191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 37.114.37.101 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.114.37.101"; classtype:trojan-activity; sid:37877201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.116.146.20 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.116.146.20"; classtype:trojan-activity; sid:37877211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 200.85.58.110 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.85.58.110"; classtype:trojan-activity; sid:37877221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 34.92.176.182 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.92.176.182"; classtype:trojan-activity; sid:37877231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 201.185.13.185 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.185.13.185"; classtype:trojan-activity; sid:37877241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.154.154.86 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.154.86"; classtype:trojan-activity; sid:37877251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.178.20.245 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.20.245"; classtype:trojan-activity; sid:37877261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 102.220.23.249 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.220.23.249"; classtype:trojan-activity; sid:37877271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.32.32.56 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.32.56"; classtype:trojan-activity; sid:37877281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.136.133.141 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.133.141"; classtype:trojan-activity; sid:37877291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.52.75 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.52.75"; classtype:trojan-activity; sid:37877301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.130.57.4 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.57.4"; classtype:trojan-activity; sid:37877311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.250.49.125 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.125"; classtype:trojan-activity; sid:37877321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 194.120.24.196 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.120.24.196"; classtype:trojan-activity; sid:37877331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.89.198.75 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.198.75"; classtype:trojan-activity; sid:37877341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 87.255.193.50 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.255.193.50"; classtype:trojan-activity; sid:37877351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 146.190.42.4 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.42.4"; classtype:trojan-activity; sid:37877361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 184.168.122.180 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.168.122.180"; classtype:trojan-activity; sid:37877371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.33.78 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.33.78"; classtype:trojan-activity; sid:37877381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 171.244.37.97 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.244.37.97"; classtype:trojan-activity; sid:37877391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 59.26.208.157 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.26.208.157"; classtype:trojan-activity; sid:37877401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.45.205.44 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.45.205.44"; classtype:trojan-activity; sid:37877411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 20.98.66.34 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.98.66.34"; classtype:trojan-activity; sid:37877421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 143.198.72.243 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.72.243"; classtype:trojan-activity; sid:37877431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 178.39.208.10 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.39.208.10"; classtype:trojan-activity; sid:37877441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.211.92 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.211.92"; classtype:trojan-activity; sid:37877451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 221.194.144.142 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.194.144.142"; classtype:trojan-activity; sid:37877461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.177.142 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.177.142"; classtype:trojan-activity; sid:37877471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.172.216.177 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.216.177"; classtype:trojan-activity; sid:37877481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 61.79.189.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.79.189.3"; classtype:trojan-activity; sid:37877491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.63.170 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.63.170"; classtype:trojan-activity; sid:37877501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 117.158.163.235 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.158.163.235"; classtype:trojan-activity; sid:37877511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 154.38.224.152 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.38.224.152"; classtype:trojan-activity; sid:37877521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 123.253.32.30 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.253.32.30"; classtype:trojan-activity; sid:37877531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 139.59.90.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.90.195"; classtype:trojan-activity; sid:37877541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 117.50.210.157 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.210.157"; classtype:trojan-activity; sid:37877551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 189.77.27.193 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.77.27.193"; classtype:trojan-activity; sid:37877561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 40.115.18.231 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 40.115.18.231"; classtype:trojan-activity; sid:37877571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 121.201.125.243 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.201.125.243"; classtype:trojan-activity; sid:37877581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 64.23.204.108 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.204.108"; classtype:trojan-activity; sid:37877591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 167.99.211.152 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.211.152"; classtype:trojan-activity; sid:37877601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 154.222.226.137 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.222.226.137"; classtype:trojan-activity; sid:37877611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.25.193 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.25.193"; classtype:trojan-activity; sid:37877621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.202.245 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.202.245"; classtype:trojan-activity; sid:37877631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.84.236.242 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.84.236.242"; classtype:trojan-activity; sid:37877641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.203.3.149 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.3.149"; classtype:trojan-activity; sid:37877651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 222.186.160.114 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.186.160.114"; classtype:trojan-activity; sid:37877661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.136.203 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.136.203"; classtype:trojan-activity; sid:37877671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.132.210 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.132.210"; classtype:trojan-activity; sid:37877681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.159.37.80 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.37.80"; classtype:trojan-activity; sid:37877691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 108.165.166.138 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.165.166.138"; classtype:trojan-activity; sid:37877701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 88.151.192.40 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.151.192.40"; classtype:trojan-activity; sid:37877711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.109.204.117 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.204.117"; classtype:trojan-activity; sid:37877721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 146.190.85.49 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.85.49"; classtype:trojan-activity; sid:37877731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 47.242.81.79 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.81.79"; classtype:trojan-activity; sid:37877741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.212.209 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.212.209"; classtype:trojan-activity; sid:37877751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.208.148 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.208.148"; classtype:trojan-activity; sid:37877761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 206.189.154.226 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.154.226"; classtype:trojan-activity; sid:37877771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.232.74 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.232.74"; classtype:trojan-activity; sid:37877781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.235.93.47 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.93.47"; classtype:trojan-activity; sid:37877791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.12.167.196 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.167.196"; classtype:trojan-activity; sid:37877801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.183.122 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.183.122"; classtype:trojan-activity; sid:37877811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.210.83 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.210.83"; classtype:trojan-activity; sid:37877821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.138.69.176 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.69.176"; classtype:trojan-activity; sid:37877831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 193.35.18.104 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.35.18.104"; classtype:trojan-activity; sid:37877841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 109.166.171.93 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.166.171.93"; classtype:trojan-activity; sid:37877851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.39.85 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.39.85"; classtype:trojan-activity; sid:37877861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.102.228.26 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.102.228.26"; classtype:trojan-activity; sid:37877871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.1.156 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.1.156"; classtype:trojan-activity; sid:37877881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 134.175.129.189 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.175.129.189"; classtype:trojan-activity; sid:37877891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.140.76 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.140.76"; classtype:trojan-activity; sid:37877901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.230.57.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.57.77"; classtype:trojan-activity; sid:37877911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.11.127 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.11.127"; classtype:trojan-activity; sid:37877921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.243.234 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.243.234"; classtype:trojan-activity; sid:37877931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.154.63.174 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.154.63.174"; classtype:trojan-activity; sid:37877941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 20.204.165.90 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.204.165.90"; classtype:trojan-activity; sid:37877951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.91.116 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.91.116"; classtype:trojan-activity; sid:37877961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.232.53.248 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.53.248"; classtype:trojan-activity; sid:37877971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 128.199.157.145 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.157.145"; classtype:trojan-activity; sid:37877981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.212.131 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.212.131"; classtype:trojan-activity; sid:37877991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.12.133.92 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.133.92"; classtype:trojan-activity; sid:37878001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.108.58 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.108.58"; classtype:trojan-activity; sid:37878011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.51.164.159 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.164.159"; classtype:trojan-activity; sid:37878021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.109.205.82 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.205.82"; classtype:trojan-activity; sid:37878031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 51.161.52.71 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.161.52.71"; classtype:trojan-activity; sid:37878041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.105.217.15 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.105.217.15"; classtype:trojan-activity; sid:37878051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.8.108.115 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.8.108.115"; classtype:trojan-activity; sid:37878061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 93.118.106.118 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.118.106.118"; classtype:trojan-activity; sid:37878071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 174.138.19.131 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.19.131"; classtype:trojan-activity; sid:37878081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.39.228 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.39.228"; classtype:trojan-activity; sid:37878091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.15.205 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.15.205"; classtype:trojan-activity; sid:37878101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 122.51.114.214 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.114.214"; classtype:trojan-activity; sid:37878111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 51.91.103.16 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.91.103.16"; classtype:trojan-activity; sid:37878121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.129.54.240 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.54.240"; classtype:trojan-activity; sid:37878131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 113.190.252.110 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.190.252.110"; classtype:trojan-activity; sid:37878141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.220.179.246 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.179.246"; classtype:trojan-activity; sid:37878151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.161.21 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.161.21"; classtype:trojan-activity; sid:37878161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.91.12 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.91.12"; classtype:trojan-activity; sid:37878171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.231.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.231.126"; classtype:trojan-activity; sid:37878181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.42.31.228 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.42.31.228"; classtype:trojan-activity; sid:37878191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 62.234.29.57 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.29.57"; classtype:trojan-activity; sid:37878201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 134.175.231.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.175.231.192"; classtype:trojan-activity; sid:37878211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.165.106 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.165.106"; classtype:trojan-activity; sid:37878221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.129.61.1 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.129.61.1"; classtype:trojan-activity; sid:37878231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.88.90.160 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.88.90.160"; classtype:trojan-activity; sid:37878241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.231.245.107 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.245.107"; classtype:trojan-activity; sid:37878251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.240.202 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.240.202"; classtype:trojan-activity; sid:37878261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 120.53.119.150 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.119.150"; classtype:trojan-activity; sid:37878271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.116.190.92 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.116.190.92"; classtype:trojan-activity; sid:37878281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.244.232.110 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.244.232.110"; classtype:trojan-activity; sid:37878291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.8.12 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.8.12"; classtype:trojan-activity; sid:37878301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.154.85 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.154.85"; classtype:trojan-activity; sid:37878311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.100.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.100.126"; classtype:trojan-activity; sid:37878321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 36.95.221.140 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.95.221.140"; classtype:trojan-activity; sid:37878331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.118.49 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.118.49"; classtype:trojan-activity; sid:37878341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 117.6.44.221 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.6.44.221"; classtype:trojan-activity; sid:37878351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 212.80.219.37 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.80.219.37"; classtype:trojan-activity; sid:37878361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.106.66 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.106.66"; classtype:trojan-activity; sid:37878371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.237.140 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.237.140"; classtype:trojan-activity; sid:37878381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 94.155.35.241 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.155.35.241"; classtype:trojan-activity; sid:37878391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.246.255.83 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.246.255.83"; classtype:trojan-activity; sid:37878401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 68.183.108.31 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.108.31"; classtype:trojan-activity; sid:37878411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 81.69.38.158 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.38.158"; classtype:trojan-activity; sid:37878421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.62.125.241 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.125.241"; classtype:trojan-activity; sid:37878431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 114.55.89.231 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.55.89.231"; classtype:trojan-activity; sid:37878441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 180.101.202.30 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.202.30"; classtype:trojan-activity; sid:37878451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 193.104.57.141 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.104.57.141"; classtype:trojan-activity; sid:37878461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.176.78.193 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.176.78.193"; classtype:trojan-activity; sid:37878471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 123.207.178.123 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.178.123"; classtype:trojan-activity; sid:37878481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 152.32.210.171 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.210.171"; classtype:trojan-activity; sid:37878491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.159.32.231 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.32.231"; classtype:trojan-activity; sid:37878501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 123.31.29.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.31.29.192"; classtype:trojan-activity; sid:37878511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.147.230 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.147.230"; classtype:trojan-activity; sid:37878521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 161.132.48.82 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.132.48.82"; classtype:trojan-activity; sid:37878531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 161.35.122.26 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.122.26"; classtype:trojan-activity; sid:37878541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.109.248 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.109.248"; classtype:trojan-activity; sid:37878551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.235.224 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.235.224"; classtype:trojan-activity; sid:37878561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.148.142 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.148.142"; classtype:trojan-activity; sid:37878571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 128.199.22.222 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.22.222"; classtype:trojan-activity; sid:37878581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.153.27 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.153.27"; classtype:trojan-activity; sid:37878591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 35.247.104.225 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.247.104.225"; classtype:trojan-activity; sid:37878601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.19.40 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.19.40"; classtype:trojan-activity; sid:37878611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.136.129.10 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.136.129.10"; classtype:trojan-activity; sid:37878621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 128.199.58.12 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.58.12"; classtype:trojan-activity; sid:37878631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 62.234.30.213 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.30.213"; classtype:trojan-activity; sid:37878641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.242.199.234 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.242.199.234"; classtype:trojan-activity; sid:37878651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.67.196.175 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.67.196.175"; classtype:trojan-activity; sid:37878661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.95.81.133 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.81.133"; classtype:trojan-activity; sid:37878671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.73.137 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.73.137"; classtype:trojan-activity; sid:37878681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 62.234.36.98 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.36.98"; classtype:trojan-activity; sid:37878691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.19.167 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.19.167"; classtype:trojan-activity; sid:37878701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 1.117.239.152 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.239.152"; classtype:trojan-activity; sid:37878711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 112.4.238.226 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.4.238.226"; classtype:trojan-activity; sid:37878721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 180.178.94.216 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.178.94.216"; classtype:trojan-activity; sid:37878731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 223.15.246.49 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.15.246.49"; classtype:trojan-activity; sid:37878741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 220.81.148.74 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.81.148.74"; classtype:trojan-activity; sid:37878751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.166.234 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.166.234"; classtype:trojan-activity; sid:37878761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.34.222.229 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.222.229"; classtype:trojan-activity; sid:37878771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.158.3.9 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.3.9"; classtype:trojan-activity; sid:37878781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.159.130.168 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.130.168"; classtype:trojan-activity; sid:37878791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.152.118.194 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.152.118.194"; classtype:trojan-activity; sid:37878801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.55.57.164 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.57.164"; classtype:trojan-activity; sid:37878811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 78.73.77.57 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.73.77.57"; classtype:trojan-activity; sid:37878821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 138.2.50.218 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.2.50.218"; classtype:trojan-activity; sid:37878831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.208.217 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.208.217"; classtype:trojan-activity; sid:37878841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 152.136.126.53 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.126.53"; classtype:trojan-activity; sid:37878851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 149.62.187.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.62.187.192"; classtype:trojan-activity; sid:37878861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 79.137.202.87 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.137.202.87"; classtype:trojan-activity; sid:37878871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 178.128.223.53 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.223.53"; classtype:trojan-activity; sid:37878881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.223.190.92 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.190.92"; classtype:trojan-activity; sid:37878891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.220.41.130 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.41.130"; classtype:trojan-activity; sid:37878901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 223.247.213.152 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.247.213.152"; classtype:trojan-activity; sid:37878911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 164.177.31.66 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.177.31.66"; classtype:trojan-activity; sid:37878921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.133.8 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.133.8"; classtype:trojan-activity; sid:37878931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.220.76.82 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.76.82"; classtype:trojan-activity; sid:37878941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 23.247.129.61 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.247.129.61"; classtype:trojan-activity; sid:37878951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.14.31 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.14.31"; classtype:trojan-activity; sid:37878961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 121.4.38.160 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.38.160"; classtype:trojan-activity; sid:37878971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.154.63.71 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.154.63.71"; classtype:trojan-activity; sid:37878981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 190.114.253.211 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.114.253.211"; classtype:trojan-activity; sid:37878991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 143.198.203.98 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.203.98"; classtype:trojan-activity; sid:37879001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 198.23.174.113 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.23.174.113"; classtype:trojan-activity; sid:37879011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.65.43.136 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.65.43.136"; classtype:trojan-activity; sid:37879021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 120.48.124.172 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.124.172"; classtype:trojan-activity; sid:37879031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.159.207.40 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.159.207.40"; classtype:trojan-activity; sid:37879041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.184.161 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.184.161"; classtype:trojan-activity; sid:37879051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 198.12.80.190 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.12.80.190"; classtype:trojan-activity; sid:37879061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.42.250.241 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.250.241"; classtype:trojan-activity; sid:37879071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.22.168 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.22.168"; classtype:trojan-activity; sid:37879081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 113.254.241.79 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.254.241.79"; classtype:trojan-activity; sid:37879091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.89.235.169 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.235.169"; classtype:trojan-activity; sid:37879101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 167.71.202.205 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.202.205"; classtype:trojan-activity; sid:37879111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.130.16.117 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.16.117"; classtype:trojan-activity; sid:37879121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.34.44.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.44.3"; classtype:trojan-activity; sid:37879131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 141.98.10.153 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.10.153"; classtype:trojan-activity; sid:37879141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 61.191.103.17 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.191.103.17"; classtype:trojan-activity; sid:37879151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 12.21.5.10 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 12.21.5.10"; classtype:trojan-activity; sid:37879161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.54.210 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.54.210"; classtype:trojan-activity; sid:37879171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.101.56 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.101.56"; classtype:trojan-activity; sid:37879181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.68.235 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.68.235"; classtype:trojan-activity; sid:37879191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.182.60.140 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.182.60.140"; classtype:trojan-activity; sid:37879201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.232.250.235 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.232.250.235"; classtype:trojan-activity; sid:37879211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 23.142.136.91 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.142.136.91"; classtype:trojan-activity; sid:37879221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.90.12.149 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.90.12.149"; classtype:trojan-activity; sid:37879231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.23.198 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.23.198"; classtype:trojan-activity; sid:37879241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 58.220.39.220 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.220.39.220"; classtype:trojan-activity; sid:37879251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 46.4.162.63 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.4.162.63"; classtype:trojan-activity; sid:37879261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 139.224.253.112 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.224.253.112"; classtype:trojan-activity; sid:37879271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 190.129.122.81 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.129.122.81"; classtype:trojan-activity; sid:37879281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.157.14 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.157.14"; classtype:trojan-activity; sid:37879291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.11.93.40 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.11.93.40"; classtype:trojan-activity; sid:37879301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 160.119.251.212 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 160.119.251.212"; classtype:trojan-activity; sid:37879311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.35.252.51 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.252.51"; classtype:trojan-activity; sid:37879321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.240.98.245 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.240.98.245"; classtype:trojan-activity; sid:37879331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.112.229 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.112.229"; classtype:trojan-activity; sid:37879341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.74.6.243 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.74.6.243"; classtype:trojan-activity; sid:37879351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.232.88.22 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.88.22"; classtype:trojan-activity; sid:37879361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.91.193.96 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.193.96"; classtype:trojan-activity; sid:37879371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.68.36 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.68.36"; classtype:trojan-activity; sid:37879381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.208.21 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.208.21"; classtype:trojan-activity; sid:37879391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.158.54.252 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.54.252"; classtype:trojan-activity; sid:37879401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 58.136.162.104 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.136.162.104"; classtype:trojan-activity; sid:37879411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 213.136.77.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.136.77.195"; classtype:trojan-activity; sid:37879421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.223.195.251 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.195.251"; classtype:trojan-activity; sid:37879431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.8.24 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.8.24"; classtype:trojan-activity; sid:37879441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 136.228.161.66 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 136.228.161.66"; classtype:trojan-activity; sid:37879451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.7.168 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.7.168"; classtype:trojan-activity; sid:37879461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.177.239.168 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.177.239.168"; classtype:trojan-activity; sid:37879471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 223.240.105.90 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.240.105.90"; classtype:trojan-activity; sid:37879481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 92.205.111.173 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.205.111.173"; classtype:trojan-activity; sid:37879491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 114.132.247.79 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.247.79"; classtype:trojan-activity; sid:37879501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 34.81.214.64 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.81.214.64"; classtype:trojan-activity; sid:37879511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 2.50.14.134 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.50.14.134"; classtype:trojan-activity; sid:37879521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.144 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.144"; classtype:trojan-activity; sid:37879531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 1.178.46.235 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.178.46.235"; classtype:trojan-activity; sid:37879541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 183.203.132.229 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.203.132.229"; classtype:trojan-activity; sid:37879551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 80.67.167.81 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.67.167.81"; classtype:trojan-activity; sid:37879561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 132.232.109.12 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.232.109.12"; classtype:trojan-activity; sid:37879571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.166.245 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.166.245"; classtype:trojan-activity; sid:37879581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.242.147 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.242.147"; classtype:trojan-activity; sid:37879591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 78.25.105.127 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.25.105.127"; classtype:trojan-activity; sid:37879601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 167.71.229.36 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.229.36"; classtype:trojan-activity; sid:37879611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.68.233 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.68.233"; classtype:trojan-activity; sid:37879621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 203.176.92.30 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.176.92.30"; classtype:trojan-activity; sid:37879631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.197.122.4 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.197.122.4"; classtype:trojan-activity; sid:37879641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.157.169 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.157.169"; classtype:trojan-activity; sid:37879651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 47.96.36.95 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.96.36.95"; classtype:trojan-activity; sid:37879661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 50.47.194.197 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.47.194.197"; classtype:trojan-activity; sid:37879671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.160.0.76 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.160.0.76"; classtype:trojan-activity; sid:37879681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.80.138 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.80.138"; classtype:trojan-activity; sid:37879691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.100 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.100"; classtype:trojan-activity; sid:37879701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.222.244.189 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.244.189"; classtype:trojan-activity; sid:37879711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.109.173 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.109.173"; classtype:trojan-activity; sid:37879721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.56.21 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.56.21"; classtype:trojan-activity; sid:37879731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.227.90.11 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.90.11"; classtype:trojan-activity; sid:37879741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 182.61.147.79 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.147.79"; classtype:trojan-activity; sid:37879751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.92.236 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.92.236"; classtype:trojan-activity; sid:37879761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.110.120.217 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.110.120.217"; classtype:trojan-activity; sid:37879771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 34.93.7.217 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.93.7.217"; classtype:trojan-activity; sid:37879781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.196.27 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.196.27"; classtype:trojan-activity; sid:37879791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.135.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.135.5"; classtype:trojan-activity; sid:37879801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.42.116.24 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.42.116.24"; classtype:trojan-activity; sid:37879811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.129.62.62 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.129.62.62"; classtype:trojan-activity; sid:37879821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.231.182.152 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.231.182.152"; classtype:trojan-activity; sid:37879831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.62.57.186 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.57.186"; classtype:trojan-activity; sid:37879841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.16.78 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.16.78"; classtype:trojan-activity; sid:37879851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.159.102 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.159.102"; classtype:trojan-activity; sid:37879861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 219.250.188.143 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.250.188.143"; classtype:trojan-activity; sid:37879871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.69.129 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.69.129"; classtype:trojan-activity; sid:37879881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 190.129.122.95 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.129.122.95"; classtype:trojan-activity; sid:37879891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.75.206 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.75.206"; classtype:trojan-activity; sid:37879901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.134.61 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.134.61"; classtype:trojan-activity; sid:37879911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.227.85.21 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.85.21"; classtype:trojan-activity; sid:37879921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.142.87.223 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.87.223"; classtype:trojan-activity; sid:37879931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 143.198.217.107 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.217.107"; classtype:trojan-activity; sid:37879941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.43.18.72 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.18.72"; classtype:trojan-activity; sid:37879951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 34.75.26.147 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.75.26.147"; classtype:trojan-activity; sid:37879961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 157.90.250.60 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.90.250.60"; classtype:trojan-activity; sid:37879971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 194.163.187.249 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.163.187.249"; classtype:trojan-activity; sid:37879981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.28.105.34 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.105.34"; classtype:trojan-activity; sid:37879991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.235.207 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.235.207"; classtype:trojan-activity; sid:37880001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.143.218.171 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.218.171"; classtype:trojan-activity; sid:37880011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.183.247.34 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.183.247.34"; classtype:trojan-activity; sid:37880021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.140.194.80 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.140.194.80"; classtype:trojan-activity; sid:37880031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 211.149.177.131 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.149.177.131"; classtype:trojan-activity; sid:37880041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 122.176.122.24 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.176.122.24"; classtype:trojan-activity; sid:37880051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.42.116.22 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.42.116.22"; classtype:trojan-activity; sid:37880061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 36.88.46.154 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.88.46.154"; classtype:trojan-activity; sid:37880071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.114.146.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.114.146.178"; classtype:trojan-activity; sid:37880081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.12.131.51 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.12.131.51"; classtype:trojan-activity; sid:37880091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 161.35.182.145 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.182.145"; classtype:trojan-activity; sid:37880101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 179.43.159.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.43.159.195"; classtype:trojan-activity; sid:37880111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.250.49.116 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.116"; classtype:trojan-activity; sid:37880121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 203.161.59.21 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.161.59.21"; classtype:trojan-activity; sid:37880131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.130.44.59 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.130.44.59"; classtype:trojan-activity; sid:37880141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 99.237.238.131 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 99.237.238.131"; classtype:trojan-activity; sid:37880151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.196.83 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.196.83"; classtype:trojan-activity; sid:37880161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 93.67.196.70 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.67.196.70"; classtype:trojan-activity; sid:37880171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.106.71 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.106.71"; classtype:trojan-activity; sid:37880181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 117.212.91.153 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.212.91.153"; classtype:trojan-activity; sid:37880191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.130.15.112 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.15.112"; classtype:trojan-activity; sid:37880201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 113.141.166.197 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.141.166.197"; classtype:trojan-activity; sid:37880211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 180.247.1.31 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.247.1.31"; classtype:trojan-activity; sid:37880221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.133.62.244 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.133.62.244"; classtype:trojan-activity; sid:37880231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 38.60.199.43 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.60.199.43"; classtype:trojan-activity; sid:37880241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.36.84.107 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.36.84.107"; classtype:trojan-activity; sid:37880251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.231.171.49 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.171.49"; classtype:trojan-activity; sid:37880261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 31.46.16.122 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.46.16.122"; classtype:trojan-activity; sid:37880271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 208.109.188.104 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.109.188.104"; classtype:trojan-activity; sid:37880281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 136.233.27.164 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 136.233.27.164"; classtype:trojan-activity; sid:37880291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.245.251.16 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.245.251.16"; classtype:trojan-activity; sid:37880301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 20.204.98.63 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.204.98.63"; classtype:trojan-activity; sid:37880311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 203.150.107.120 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.150.107.120"; classtype:trojan-activity; sid:37880321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 141.98.168.135 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.168.135"; classtype:trojan-activity; sid:37880331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 182.151.37.230 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.151.37.230"; classtype:trojan-activity; sid:37880341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.138.15.102 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.15.102"; classtype:trojan-activity; sid:37880351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.88.81 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.88.81"; classtype:trojan-activity; sid:37880361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 177.22.120.110 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.22.120.110"; classtype:trojan-activity; sid:37880371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 134.122.14.215 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.122.14.215"; classtype:trojan-activity; sid:37880381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 122.224.240.101 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.224.240.101"; classtype:trojan-activity; sid:37880391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.10.157 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.10.157"; classtype:trojan-activity; sid:37880401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.70.49.114 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.70.49.114"; classtype:trojan-activity; sid:37880411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.96.229.45 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.229.45"; classtype:trojan-activity; sid:37880421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.159.72 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.159.72"; classtype:trojan-activity; sid:37880431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.242.140.105 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.242.140.105"; classtype:trojan-activity; sid:37880441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 67.207.94.128 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 67.207.94.128"; classtype:trojan-activity; sid:37880451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.156.194 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.156.194"; classtype:trojan-activity; sid:37880461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 94.46.25.49 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.46.25.49"; classtype:trojan-activity; sid:37880471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 151.80.56.52 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.80.56.52"; classtype:trojan-activity; sid:37880481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.174.138.172 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.138.172"; classtype:trojan-activity; sid:37880491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 210.113.92.59 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.113.92.59"; classtype:trojan-activity; sid:37880501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.61.215 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.61.215"; classtype:trojan-activity; sid:37880511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 125.74.196.15 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.74.196.15"; classtype:trojan-activity; sid:37880521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.194.242 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.194.242"; classtype:trojan-activity; sid:37880531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 183.134.89.216 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.134.89.216"; classtype:trojan-activity; sid:37880541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 202.73.99.196 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.73.99.196"; classtype:trojan-activity; sid:37880551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 24.69.190.84 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.69.190.84"; classtype:trojan-activity; sid:37880561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 81.173.114.32 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.173.114.32"; classtype:trojan-activity; sid:37880571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 195.239.91.210 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.239.91.210"; classtype:trojan-activity; sid:37880581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 137.184.195.142 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.195.142"; classtype:trojan-activity; sid:37880591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.68.232 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.68.232"; classtype:trojan-activity; sid:37880601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.35.168.108 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.168.108"; classtype:trojan-activity; sid:37880611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.209.173 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.209.173"; classtype:trojan-activity; sid:37880621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.19.56 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.19.56"; classtype:trojan-activity; sid:37880631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 212.49.70.200 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.49.70.200"; classtype:trojan-activity; sid:37880641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 69.49.247.81 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.49.247.81"; classtype:trojan-activity; sid:37880651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.186.231 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.186.231"; classtype:trojan-activity; sid:37880661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 94.75.225.81 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.75.225.81"; classtype:trojan-activity; sid:37880671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 83.224.160.165 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.224.160.165"; classtype:trojan-activity; sid:37880681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.194.186 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.194.186"; classtype:trojan-activity; sid:37880691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 61.220.44.44 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.220.44.44"; classtype:trojan-activity; sid:37880701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.104 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.104"; classtype:trojan-activity; sid:37880711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.32.254.152 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.254.152"; classtype:trojan-activity; sid:37880721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 64.23.163.133 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.163.133"; classtype:trojan-activity; sid:37880731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.172.137.4 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.137.4"; classtype:trojan-activity; sid:37880741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.202.236.60 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.202.236.60"; classtype:trojan-activity; sid:37880751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 221.156.105.215 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.156.105.215"; classtype:trojan-activity; sid:37880761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.234.67 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.234.67"; classtype:trojan-activity; sid:37880771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.227.33.108 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.33.108"; classtype:trojan-activity; sid:37880781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.220.74.234 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.74.234"; classtype:trojan-activity; sid:37880791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.250.49.238 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.238"; classtype:trojan-activity; sid:37880801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 47.98.197.157 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.98.197.157"; classtype:trojan-activity; sid:37880811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.63.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.63.2"; classtype:trojan-activity; sid:37880821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.33.75 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.33.75"; classtype:trojan-activity; sid:37880831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.179.224 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.179.224"; classtype:trojan-activity; sid:37880841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.143.145.41 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.143.145.41"; classtype:trojan-activity; sid:37880851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 34.86.20.159 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.86.20.159"; classtype:trojan-activity; sid:37880861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 203.104.36.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.104.36.3"; classtype:trojan-activity; sid:37880871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 194.209.191.243 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.209.191.243"; classtype:trojan-activity; sid:37880881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 122.51.229.210 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.229.210"; classtype:trojan-activity; sid:37880891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.106.178.136 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.178.136"; classtype:trojan-activity; sid:37880901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 93.93.119.241 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.93.119.241"; classtype:trojan-activity; sid:37880911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 46.101.144.156 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.144.156"; classtype:trojan-activity; sid:37880921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.225.90 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.225.90"; classtype:trojan-activity; sid:37880931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 58.222.49.51 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.222.49.51"; classtype:trojan-activity; sid:37880941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 139.59.39.160 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.39.160"; classtype:trojan-activity; sid:37880951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.30.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.30.2"; classtype:trojan-activity; sid:37880961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.13.213.186 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.213.186"; classtype:trojan-activity; sid:37880971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.201.86 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.201.86"; classtype:trojan-activity; sid:37880981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.51.60.243 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.51.60.243"; classtype:trojan-activity; sid:37880991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 51.83.27.205 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.83.27.205"; classtype:trojan-activity; sid:37881001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 180.149.241.207 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.149.241.207"; classtype:trojan-activity; sid:37881011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.175.28 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.175.28"; classtype:trojan-activity; sid:37881021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.51.49.150 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.49.150"; classtype:trojan-activity; sid:37881031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.10.44.104 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.10.44.104"; classtype:trojan-activity; sid:37881041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.132.148.144 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.148.144"; classtype:trojan-activity; sid:37881051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.223.45.64 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.45.64"; classtype:trojan-activity; sid:37881061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 189.177.184.154 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.177.184.154"; classtype:trojan-activity; sid:37881071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 157.230.250.73 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.250.73"; classtype:trojan-activity; sid:37881081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.51.200.91 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.200.91"; classtype:trojan-activity; sid:37881091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.192.26 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.192.26"; classtype:trojan-activity; sid:37881101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.17.48.8 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.17.48.8"; classtype:trojan-activity; sid:37881111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.0.11 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.0.11"; classtype:trojan-activity; sid:37881121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 212.233.98.205 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.233.98.205"; classtype:trojan-activity; sid:37881131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.133.239 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.133.239"; classtype:trojan-activity; sid:37881141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.70.144 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.70.144"; classtype:trojan-activity; sid:37881151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 24.144.88.16 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.144.88.16"; classtype:trojan-activity; sid:37881161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.70.35 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.70.35"; classtype:trojan-activity; sid:37881171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 210.61.180.175 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.61.180.175"; classtype:trojan-activity; sid:37881181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.37.57.49 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.37.57.49"; classtype:trojan-activity; sid:37881191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 212.113.106.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.113.106.126"; classtype:trojan-activity; sid:37881201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.211.8.22 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.211.8.22"; classtype:trojan-activity; sid:37881211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.178.123.17 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.123.17"; classtype:trojan-activity; sid:37881221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.62.234 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.62.234"; classtype:trojan-activity; sid:37881231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 200.55.196.194 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.55.196.194"; classtype:trojan-activity; sid:37881241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.24.59 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.24.59"; classtype:trojan-activity; sid:37881251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.183 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.183"; classtype:trojan-activity; sid:37881261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.42.116.20 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.42.116.20"; classtype:trojan-activity; sid:37881271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.203.40.79 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.40.79"; classtype:trojan-activity; sid:37881281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.30.117.49 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.30.117.49"; classtype:trojan-activity; sid:37881291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.126.3.158 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.126.3.158"; classtype:trojan-activity; sid:37881301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.130.47.58 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.130.47.58"; classtype:trojan-activity; sid:37881311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 46.183.119.207 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.183.119.207"; classtype:trojan-activity; sid:37881321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 202.165.22.86 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.165.22.86"; classtype:trojan-activity; sid:37881331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.29.198.130 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.29.198.130"; classtype:trojan-activity; sid:37881341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.55.199 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.55.199"; classtype:trojan-activity; sid:37881351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.222.174.233 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.174.233"; classtype:trojan-activity; sid:37881361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 188.226.158.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.226.158.5"; classtype:trojan-activity; sid:37881371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 117.50.186.196 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.186.196"; classtype:trojan-activity; sid:37881381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 178.62.21.112 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.21.112"; classtype:trojan-activity; sid:37881391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 154.92.110.140 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.92.110.140"; classtype:trojan-activity; sid:37881401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.169.210 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.169.210"; classtype:trojan-activity; sid:37881411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.237.72.45 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.237.72.45"; classtype:trojan-activity; sid:37881421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 117.50.179.82 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.179.82"; classtype:trojan-activity; sid:37881431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 58.34.180.42 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.34.180.42"; classtype:trojan-activity; sid:37881441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.153.102 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.153.102"; classtype:trojan-activity; sid:37881451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.174.205.10 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.205.10"; classtype:trojan-activity; sid:37881461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.86.209.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.86.209.54"; classtype:trojan-activity; sid:37881471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.136.155 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.136.155"; classtype:trojan-activity; sid:37881481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.81.236 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.81.236"; classtype:trojan-activity; sid:37881491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 5.42.82.144 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.82.144"; classtype:trojan-activity; sid:37881501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.99.247.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.99.247.77"; classtype:trojan-activity; sid:37881511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.193.41.241 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.41.241"; classtype:trojan-activity; sid:37881521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 181.48.187.202 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.48.187.202"; classtype:trojan-activity; sid:37881531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.70.180.188 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.70.180.188"; classtype:trojan-activity; sid:37881541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.51.204.89 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.204.89"; classtype:trojan-activity; sid:37881551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 202.157.177.213 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.177.213"; classtype:trojan-activity; sid:37881561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.220.81.132 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.81.132"; classtype:trojan-activity; sid:37881571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 178.20.55.16 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.20.55.16"; classtype:trojan-activity; sid:37881581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 206.189.226.13 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.226.13"; classtype:trojan-activity; sid:37881591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.227.84.172 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.84.172"; classtype:trojan-activity; sid:37881601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.158.14.145 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.158.14.145"; classtype:trojan-activity; sid:37881611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 37.60.244.16 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.60.244.16"; classtype:trojan-activity; sid:37881621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 69.49.245.160 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.49.245.160"; classtype:trojan-activity; sid:37881631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.32.141.19 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.141.19"; classtype:trojan-activity; sid:37881641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.223.220.56 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.220.56"; classtype:trojan-activity; sid:37881651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 157.254.21.142 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.254.21.142"; classtype:trojan-activity; sid:37881661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.152.121 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.152.121"; classtype:trojan-activity; sid:37881671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.119.86.7 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.119.86.7"; classtype:trojan-activity; sid:37881681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 5.42.73.97 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.73.97"; classtype:trojan-activity; sid:37881691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.69.7 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.69.7"; classtype:trojan-activity; sid:37881701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 36.133.34.221 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.133.34.221"; classtype:trojan-activity; sid:37881711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.3.81.232 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.3.81.232"; classtype:trojan-activity; sid:37881721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 68.183.91.213 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.91.213"; classtype:trojan-activity; sid:37881731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 117.201.93.186 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.201.93.186"; classtype:trojan-activity; sid:37881741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 20.244.178.58 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.244.178.58"; classtype:trojan-activity; sid:37881751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 1.117.153.134 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.153.134"; classtype:trojan-activity; sid:37881761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.213.112 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.213.112"; classtype:trojan-activity; sid:37881771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 20.185.193.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.185.193.178"; classtype:trojan-activity; sid:37881781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.172.6 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.172.6"; classtype:trojan-activity; sid:37881791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.227.146 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.227.146"; classtype:trojan-activity; sid:37881801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.232.190.153 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.190.153"; classtype:trojan-activity; sid:37881811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.127.46 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.127.46"; classtype:trojan-activity; sid:37881821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.133.155 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.133.155"; classtype:trojan-activity; sid:37881831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.23.25 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.23.25"; classtype:trojan-activity; sid:37881841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.66.25 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.66.25"; classtype:trojan-activity; sid:37881851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.36.116.26 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.36.116.26"; classtype:trojan-activity; sid:37881861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.10.44.45 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.10.44.45"; classtype:trojan-activity; sid:37881871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.213.247 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.213.247"; classtype:trojan-activity; sid:37881881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 64.23.208.56 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.208.56"; classtype:trojan-activity; sid:37881891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.206.248 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.248"; classtype:trojan-activity; sid:37881901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 61.76.169.138 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.76.169.138"; classtype:trojan-activity; sid:37881911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 183.56.235.86 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.235.86"; classtype:trojan-activity; sid:37881921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.255.209.48 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.255.209.48"; classtype:trojan-activity; sid:37881931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.86.22 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.86.22"; classtype:trojan-activity; sid:37881941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.65.171.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.171.54"; classtype:trojan-activity; sid:37881951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.194.176.212 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.176.212"; classtype:trojan-activity; sid:37881961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.223.43 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.223.43"; classtype:trojan-activity; sid:37881971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.156.178.118 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.178.118"; classtype:trojan-activity; sid:37881981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.79.160 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.79.160"; classtype:trojan-activity; sid:37881991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.65.143.219 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.65.143.219"; classtype:trojan-activity; sid:37882001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.215.46.149 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.215.46.149"; classtype:trojan-activity; sid:37882011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.248.124.215 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.248.124.215"; classtype:trojan-activity; sid:37882021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.197.109 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.197.109"; classtype:trojan-activity; sid:37882031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.172.143.141 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.143.141"; classtype:trojan-activity; sid:37882041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 65.108.246.145 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.108.246.145"; classtype:trojan-activity; sid:37882051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 141.94.23.12 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.94.23.12"; classtype:trojan-activity; sid:37882061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 61.231.79.34 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.231.79.34"; classtype:trojan-activity; sid:37882071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 74.208.119.157 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.208.119.157"; classtype:trojan-activity; sid:37882081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.156.139.125 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.139.125"; classtype:trojan-activity; sid:37882091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 36.134.23.100 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.134.23.100"; classtype:trojan-activity; sid:37882101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.106.29 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.106.29"; classtype:trojan-activity; sid:37882111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 80.68.7.50 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.68.7.50"; classtype:trojan-activity; sid:37882121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.81.44 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.81.44"; classtype:trojan-activity; sid:37882131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.154.25.158 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.25.158"; classtype:trojan-activity; sid:37882141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.97.228 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.97.228"; classtype:trojan-activity; sid:37882151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 68.183.95.56 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.95.56"; classtype:trojan-activity; sid:37882161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.118.145.213 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.118.145.213"; classtype:trojan-activity; sid:37882171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.146.189.13 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.146.189.13"; classtype:trojan-activity; sid:37882181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 195.226.223.196 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.226.223.196"; classtype:trojan-activity; sid:37882191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.204.115 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.204.115"; classtype:trojan-activity; sid:37882201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 1.116.44.120 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.116.44.120"; classtype:trojan-activity; sid:37882211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.130.16.107 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.16.107"; classtype:trojan-activity; sid:37882221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.132.217 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.132.217"; classtype:trojan-activity; sid:37882231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 61.165.26.45 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.165.26.45"; classtype:trojan-activity; sid:37882241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.18.172 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.18.172"; classtype:trojan-activity; sid:37882251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.229.0.188 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.229.0.188"; classtype:trojan-activity; sid:37882261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 52.244.231.202 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.244.231.202"; classtype:trojan-activity; sid:37882271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.61.127 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.61.127"; classtype:trojan-activity; sid:37882281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 115.249.54.91 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.249.54.91"; classtype:trojan-activity; sid:37882291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.152.114.164 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.152.114.164"; classtype:trojan-activity; sid:37882301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 51.89.254.170 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.89.254.170"; classtype:trojan-activity; sid:37882311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.140.239.177 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.140.239.177"; classtype:trojan-activity; sid:37882321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 20.151.233.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.151.233.126"; classtype:trojan-activity; sid:37882331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 96.69.13.140 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.69.13.140"; classtype:trojan-activity; sid:37882341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.196.168.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.196.168.3"; classtype:trojan-activity; sid:37882351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 91.150.84.201 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.150.84.201"; classtype:trojan-activity; sid:37882361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.248.133 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.248.133"; classtype:trojan-activity; sid:37882371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.230.193.35 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.230.193.35"; classtype:trojan-activity; sid:37882381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 134.209.251.215 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.251.215"; classtype:trojan-activity; sid:37882391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.248.241.203 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.241.203"; classtype:trojan-activity; sid:37882401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 167.172.157.140 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.157.140"; classtype:trojan-activity; sid:37882411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.119.233 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.119.233"; classtype:trojan-activity; sid:37882421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 200.11.141.86 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.11.141.86"; classtype:trojan-activity; sid:37882431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 217.198.190.189 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.198.190.189"; classtype:trojan-activity; sid:37882441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.51.230.79 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.230.79"; classtype:trojan-activity; sid:37882451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.104.206 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.104.206"; classtype:trojan-activity; sid:37882461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.51.50.120 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.50.120"; classtype:trojan-activity; sid:37882471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.42.63.69 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.42.63.69"; classtype:trojan-activity; sid:37882481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 121.183.20.170 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.183.20.170"; classtype:trojan-activity; sid:37882491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.89.233.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.233.77"; classtype:trojan-activity; sid:37882501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.29.99.72 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.29.99.72"; classtype:trojan-activity; sid:37882511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 13.70.39.68 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.70.39.68"; classtype:trojan-activity; sid:37882521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 36.40.79.122 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.40.79.122"; classtype:trojan-activity; sid:37882531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.136.188 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.136.188"; classtype:trojan-activity; sid:37882541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 143.110.152.23 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.152.23"; classtype:trojan-activity; sid:37882551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 34.175.118.185 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.175.118.185"; classtype:trojan-activity; sid:37882561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 134.209.237.232 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.237.232"; classtype:trojan-activity; sid:37882571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.188.113.227 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.188.113.227"; classtype:trojan-activity; sid:37882581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.38.181.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.38.181.195"; classtype:trojan-activity; sid:37882591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 114.216.7.100 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.216.7.100"; classtype:trojan-activity; sid:37882601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.203.80 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.203.80"; classtype:trojan-activity; sid:37882611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.222.36.6 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.36.6"; classtype:trojan-activity; sid:37882621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 181.78.77.228 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.78.77.228"; classtype:trojan-activity; sid:37882631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.194.29 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.194.29"; classtype:trojan-activity; sid:37882641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.240.205.212 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.240.205.212"; classtype:trojan-activity; sid:37882651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.132.250 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.132.250"; classtype:trojan-activity; sid:37882661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 197.5.145.102 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.5.145.102"; classtype:trojan-activity; sid:37882671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.156.174.109 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.174.109"; classtype:trojan-activity; sid:37882681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 109.75.33.121 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.75.33.121"; classtype:trojan-activity; sid:37882691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 27.131.61.211 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.131.61.211"; classtype:trojan-activity; sid:37882701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 46.126.161.197 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.126.161.197"; classtype:trojan-activity; sid:37882711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.223.196.244 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.196.244"; classtype:trojan-activity; sid:37882721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.142.87.231 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.142.87.231"; classtype:trojan-activity; sid:37882731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.221.171.19 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.171.19"; classtype:trojan-activity; sid:37882741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.206.230 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.230"; classtype:trojan-activity; sid:37882751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.172.35 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.172.35"; classtype:trojan-activity; sid:37882761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.47.170 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.47.170"; classtype:trojan-activity; sid:37882771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 68.178.174.221 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.178.174.221"; classtype:trojan-activity; sid:37882781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 154.176.122.238 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.176.122.238"; classtype:trojan-activity; sid:37882791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.154.180.155 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.180.155"; classtype:trojan-activity; sid:37882801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.246.112 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.246.112"; classtype:trojan-activity; sid:37882811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.43.181.213 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.181.213"; classtype:trojan-activity; sid:37882821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 205.234.252.127 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.234.252.127"; classtype:trojan-activity; sid:37882831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.229.92 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.229.92"; classtype:trojan-activity; sid:37882841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 213.74.115.162 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.74.115.162"; classtype:trojan-activity; sid:37882851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.221.205.17 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.205.17"; classtype:trojan-activity; sid:37882861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.125.255.243 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.125.255.243"; classtype:trojan-activity; sid:37882871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 171.244.37.93 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.244.37.93"; classtype:trojan-activity; sid:37882881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 110.172.191.114 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.172.191.114"; classtype:trojan-activity; sid:37882891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.174.11.33 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.11.33"; classtype:trojan-activity; sid:37882901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.32.18 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.32.18"; classtype:trojan-activity; sid:37882911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 194.36.209.247 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.36.209.247"; classtype:trojan-activity; sid:37882921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 137.184.5.137 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.5.137"; classtype:trojan-activity; sid:37882931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 179.61.226.20 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.61.226.20"; classtype:trojan-activity; sid:37882941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.233.210 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.233.210"; classtype:trojan-activity; sid:37882951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.174.95.217 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.174.95.217"; classtype:trojan-activity; sid:37882961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 72.240.125.133 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.240.125.133"; classtype:trojan-activity; sid:37882971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.81.30.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.81.30.178"; classtype:trojan-activity; sid:37882981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 66.70.225.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.70.225.192"; classtype:trojan-activity; sid:37882991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.88.129 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.88.129"; classtype:trojan-activity; sid:37883001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 20.249.88.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.249.88.2"; classtype:trojan-activity; sid:37883011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.204.64.207 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.204.64.207"; classtype:trojan-activity; sid:37883021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.202.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.202.126"; classtype:trojan-activity; sid:37883031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.145.252 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.145.252"; classtype:trojan-activity; sid:37883041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.178.64.90 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.64.90"; classtype:trojan-activity; sid:37883051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 5.180.181.208 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.180.181.208"; classtype:trojan-activity; sid:37883061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 41.72.219.102 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.72.219.102"; classtype:trojan-activity; sid:37883071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.56.90 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.56.90"; classtype:trojan-activity; sid:37883081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.220.186.190 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.186.190"; classtype:trojan-activity; sid:37883091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.29.99.183 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.29.99.183"; classtype:trojan-activity; sid:37883101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.202.243 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.202.243"; classtype:trojan-activity; sid:37883111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 198.12.120.169 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.12.120.169"; classtype:trojan-activity; sid:37883121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 182.151.25.177 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.151.25.177"; classtype:trojan-activity; sid:37883131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 167.172.149.43 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.149.43"; classtype:trojan-activity; sid:37883141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.157 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.157"; classtype:trojan-activity; sid:37883151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 149.104.26.165 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.104.26.165"; classtype:trojan-activity; sid:37883161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 114.132.156.57 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.156.57"; classtype:trojan-activity; sid:37883171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 201.226.239.98 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.226.239.98"; classtype:trojan-activity; sid:37883181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.75.15.223 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.15.223"; classtype:trojan-activity; sid:37883191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 139.150.74.245 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.150.74.245"; classtype:trojan-activity; sid:37883201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 91.203.5.115 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.203.5.115"; classtype:trojan-activity; sid:37883211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 188.17.148.221 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.17.148.221"; classtype:trojan-activity; sid:37883221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.222.89.71 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.89.71"; classtype:trojan-activity; sid:37883231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 198.98.48.33 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.98.48.33"; classtype:trojan-activity; sid:37883241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.35.239 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.35.239"; classtype:trojan-activity; sid:37883251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.51.45.130 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.45.130"; classtype:trojan-activity; sid:37883261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.18.206 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.18.206"; classtype:trojan-activity; sid:37883271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.161.82 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.161.82"; classtype:trojan-activity; sid:37883281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.238.152 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.238.152"; classtype:trojan-activity; sid:37883291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.28.195.106 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.195.106"; classtype:trojan-activity; sid:37883301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.201.79 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.201.79"; classtype:trojan-activity; sid:37883311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.63.206 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.63.206"; classtype:trojan-activity; sid:37883321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 208.65.84.203 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.65.84.203"; classtype:trojan-activity; sid:37883331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.19.130.111 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.19.130.111"; classtype:trojan-activity; sid:37883341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.124.74 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.124.74"; classtype:trojan-activity; sid:37883351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 86.84.37.75 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.84.37.75"; classtype:trojan-activity; sid:37883361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.250.50.151 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.151"; classtype:trojan-activity; sid:37883371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 182.44.9.66 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.44.9.66"; classtype:trojan-activity; sid:37883381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 52.227.167.147 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.227.167.147"; classtype:trojan-activity; sid:37883391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 179.131.10.103 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.131.10.103"; classtype:trojan-activity; sid:37883401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.168.153 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.168.153"; classtype:trojan-activity; sid:37883411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.157.183 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.157.183"; classtype:trojan-activity; sid:37883421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 123.30.157.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.30.157.54"; classtype:trojan-activity; sid:37883431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 149.200.13.160 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.200.13.160"; classtype:trojan-activity; sid:37883441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 197.248.56.39 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.248.56.39"; classtype:trojan-activity; sid:37883451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.154.57.237 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.57.237"; classtype:trojan-activity; sid:37883461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.76.36 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.76.36"; classtype:trojan-activity; sid:37883471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.28.153.121 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.153.121"; classtype:trojan-activity; sid:37883481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.222.129 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.222.129"; classtype:trojan-activity; sid:37883491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.94.24 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.94.24"; classtype:trojan-activity; sid:37883501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 51.195.248.144 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.195.248.144"; classtype:trojan-activity; sid:37883511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.195.180.63 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.180.63"; classtype:trojan-activity; sid:37883521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 138.197.65.170 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.197.65.170"; classtype:trojan-activity; sid:37883531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.207.13.22 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.207.13.22"; classtype:trojan-activity; sid:37883541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.223.223.233 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.223.233"; classtype:trojan-activity; sid:37883551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.189.29 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.189.29"; classtype:trojan-activity; sid:37883561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.65.101 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.65.101"; classtype:trojan-activity; sid:37883571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.168.165 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.168.165"; classtype:trojan-activity; sid:37883581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.192.109 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.192.109"; classtype:trojan-activity; sid:37883591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 20.29.186.248 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.29.186.248"; classtype:trojan-activity; sid:37883601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 37.60.229.49 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.60.229.49"; classtype:trojan-activity; sid:37883611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 1.164.125.18 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.164.125.18"; classtype:trojan-activity; sid:37883621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.172.58 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.172.58"; classtype:trojan-activity; sid:37883631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 212.99.219.38 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.99.219.38"; classtype:trojan-activity; sid:37883641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 61.153.220.165 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.153.220.165"; classtype:trojan-activity; sid:37883651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.48.212 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.48.212"; classtype:trojan-activity; sid:37883661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 46.101.206.245 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.101.206.245"; classtype:trojan-activity; sid:37883671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 158.140.133.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.140.133.54"; classtype:trojan-activity; sid:37883681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.41.206.246 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.41.206.246"; classtype:trojan-activity; sid:37883691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.201.113 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.201.113"; classtype:trojan-activity; sid:37883701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 143.198.151.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.151.5"; classtype:trojan-activity; sid:37883711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.61.208 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.61.208"; classtype:trojan-activity; sid:37883721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 74.48.81.180 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.81.180"; classtype:trojan-activity; sid:37883731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.173.83.65 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.173.83.65"; classtype:trojan-activity; sid:37883741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 161.132.219.115 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.132.219.115"; classtype:trojan-activity; sid:37883751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.106.76.62 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.76.62"; classtype:trojan-activity; sid:37883761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.98.122 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.98.122"; classtype:trojan-activity; sid:37883771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 195.95.200.216 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.95.200.216"; classtype:trojan-activity; sid:37883781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.58.213.152 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.213.152"; classtype:trojan-activity; sid:37883791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 161.35.221.197 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.221.197"; classtype:trojan-activity; sid:37883801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 23.26.98.51 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.26.98.51"; classtype:trojan-activity; sid:37883811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 81.71.70.207 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.71.70.207"; classtype:trojan-activity; sid:37883821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 217.71.253.1 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.71.253.1"; classtype:trojan-activity; sid:37883831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.45.1.197 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.1.197"; classtype:trojan-activity; sid:37883841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.198.205.107 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.198.205.107"; classtype:trojan-activity; sid:37883851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 200.100.255.30 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.100.255.30"; classtype:trojan-activity; sid:37883861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.248.67.110 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.248.67.110"; classtype:trojan-activity; sid:37883871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.123.253.229 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.123.253.229"; classtype:trojan-activity; sid:37883881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 31.179.234.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.179.234.178"; classtype:trojan-activity; sid:37883891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 122.247.11.52 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.247.11.52"; classtype:trojan-activity; sid:37883901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 35.227.114.241 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.227.114.241"; classtype:trojan-activity; sid:37883911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.227.249.190 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.227.249.190"; classtype:trojan-activity; sid:37883921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.82.243.76 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.82.243.76"; classtype:trojan-activity; sid:37883931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 81.133.106.57 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.133.106.57"; classtype:trojan-activity; sid:37883941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.146.38.27 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.146.38.27"; classtype:trojan-activity; sid:37883951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.202.40.14 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.202.40.14"; classtype:trojan-activity; sid:37883961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.186.220 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.186.220"; classtype:trojan-activity; sid:37883971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.107.63 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.107.63"; classtype:trojan-activity; sid:37883981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 74.48.30.70 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.30.70"; classtype:trojan-activity; sid:37883991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.163.244 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.163.244"; classtype:trojan-activity; sid:37884001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 179.43.159.196 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.43.159.196"; classtype:trojan-activity; sid:37884011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.174.180 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.174.180"; classtype:trojan-activity; sid:37884021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 40.80.95.32 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 40.80.95.32"; classtype:trojan-activity; sid:37884031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 147.91.231.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.91.231.5"; classtype:trojan-activity; sid:37884041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 93.120.240.202 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.120.240.202"; classtype:trojan-activity; sid:37884051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.159.144.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.144.178"; classtype:trojan-activity; sid:37884061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.32.118 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.32.118"; classtype:trojan-activity; sid:37884071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.117.64.242 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.117.64.242"; classtype:trojan-activity; sid:37884081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.187 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.187"; classtype:trojan-activity; sid:37884091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 197.227.8.186 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.227.8.186"; classtype:trojan-activity; sid:37884101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 113.106.63.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.106.63.54"; classtype:trojan-activity; sid:37884111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.34.61.37 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.61.37"; classtype:trojan-activity; sid:37884121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 64.23.187.222 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.187.222"; classtype:trojan-activity; sid:37884131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.98 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.98"; classtype:trojan-activity; sid:37884141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 62.234.204.162 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.204.162"; classtype:trojan-activity; sid:37884151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.232.184.225 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.184.225"; classtype:trojan-activity; sid:37884161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.103 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.103"; classtype:trojan-activity; sid:37884171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.126.3.175 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.3.175"; classtype:trojan-activity; sid:37884181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.55.49 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.55.49"; classtype:trojan-activity; sid:37884191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.170.86.98 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.170.86.98"; classtype:trojan-activity; sid:37884201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.100.53.113 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.100.53.113"; classtype:trojan-activity; sid:37884211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 202.155.200.94 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.155.200.94"; classtype:trojan-activity; sid:37884221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.5.159.36 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.5.159.36"; classtype:trojan-activity; sid:37884231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.106.209 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.106.209"; classtype:trojan-activity; sid:37884241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.26.86 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.26.86"; classtype:trojan-activity; sid:37884251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.110.93.109 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.110.93.109"; classtype:trojan-activity; sid:37884261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 182.61.32.26 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.32.26"; classtype:trojan-activity; sid:37884271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 164.92.78.132 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.78.132"; classtype:trojan-activity; sid:37884281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.43.83.74 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.83.74"; classtype:trojan-activity; sid:37884291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 178.128.97.197 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.97.197"; classtype:trojan-activity; sid:37884301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.65.143.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.143.77"; classtype:trojan-activity; sid:37884311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 64.23.175.231 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.175.231"; classtype:trojan-activity; sid:37884321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.25.151.175 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.151.175"; classtype:trojan-activity; sid:37884331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 59.61.82.66 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.61.82.66"; classtype:trojan-activity; sid:37884341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 180.184.65.71 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.184.65.71"; classtype:trojan-activity; sid:37884351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.223.66.244 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.66.244"; classtype:trojan-activity; sid:37884361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.70.48.219 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.70.48.219"; classtype:trojan-activity; sid:37884371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.229.98.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.98.54"; classtype:trojan-activity; sid:37884381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.236.223 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.236.223"; classtype:trojan-activity; sid:37884391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.29.64.91 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.29.64.91"; classtype:trojan-activity; sid:37884401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.160.46 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.160.46"; classtype:trojan-activity; sid:37884411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 60.244.70.4 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.244.70.4"; classtype:trojan-activity; sid:37884421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 219.152.55.76 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.152.55.76"; classtype:trojan-activity; sid:37884431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.32.66 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.32.66"; classtype:trojan-activity; sid:37884441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 139.224.32.239 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.224.32.239"; classtype:trojan-activity; sid:37884451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.208.208 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.208.208"; classtype:trojan-activity; sid:37884461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 152.42.136.139 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.42.136.139"; classtype:trojan-activity; sid:37884471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 46.28.24.130 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.28.24.130"; classtype:trojan-activity; sid:37884481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 140.143.143.246 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.143.143.246"; classtype:trojan-activity; sid:37884491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 27.128.229.223 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.229.223"; classtype:trojan-activity; sid:37884501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 218.55.114.52 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.55.114.52"; classtype:trojan-activity; sid:37884511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 203.130.248.211 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.130.248.211"; classtype:trojan-activity; sid:37884521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.75.90.220 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.90.220"; classtype:trojan-activity; sid:37884531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 190.12.102.58 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.12.102.58"; classtype:trojan-activity; sid:37884541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 90.27.3.185 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.27.3.185"; classtype:trojan-activity; sid:37884551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.132.42.220 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.132.42.220"; classtype:trojan-activity; sid:37884561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 207.154.240.124 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.154.240.124"; classtype:trojan-activity; sid:37884571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.207.13.86 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.207.13.86"; classtype:trojan-activity; sid:37884581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 81.192.46.48 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.192.46.48"; classtype:trojan-activity; sid:37884591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.89.165.88 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.165.88"; classtype:trojan-activity; sid:37884601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.70.239 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.70.239"; classtype:trojan-activity; sid:37884611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 122.156.247.54 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.156.247.54"; classtype:trojan-activity; sid:37884621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 190.121.9.124 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.121.9.124"; classtype:trojan-activity; sid:37884631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 144.126.192.64 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.126.192.64"; classtype:trojan-activity; sid:37884641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.219.232 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.219.232"; classtype:trojan-activity; sid:37884651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 95.24.10.255 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.24.10.255"; classtype:trojan-activity; sid:37884661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.240.67.155 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.240.67.155"; classtype:trojan-activity; sid:37884671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.54.3.193 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.3.193"; classtype:trojan-activity; sid:37884681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.250.213 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.250.213"; classtype:trojan-activity; sid:37884691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 112.168.248.149 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.168.248.149"; classtype:trojan-activity; sid:37884701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.62.229.246 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.229.246"; classtype:trojan-activity; sid:37884711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.170.43.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.170.43.2"; classtype:trojan-activity; sid:37884721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.186.141 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.186.141"; classtype:trojan-activity; sid:37884731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.33.80.18 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.80.18"; classtype:trojan-activity; sid:37884741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 211.159.177.249 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.159.177.249"; classtype:trojan-activity; sid:37884751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 197.241.36.74 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.241.36.74"; classtype:trojan-activity; sid:37884761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 58.209.80.228 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.209.80.228"; classtype:trojan-activity; sid:37884771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 213.232.217.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.232.217.2"; classtype:trojan-activity; sid:37884781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 1.52.248.218 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.52.248.218"; classtype:trojan-activity; sid:37884791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.83.41 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.83.41"; classtype:trojan-activity; sid:37884801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.240.146.93 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.240.146.93"; classtype:trojan-activity; sid:37884811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 193.27.228.61 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.27.228.61"; classtype:trojan-activity; sid:37884821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.113.111 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.113.111"; classtype:trojan-activity; sid:37884831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.129.200.53 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.129.200.53"; classtype:trojan-activity; sid:37884841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 222.121.250.116 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.121.250.116"; classtype:trojan-activity; sid:37884851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 132.145.202.183 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.145.202.183"; classtype:trojan-activity; sid:37884861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.157.246.203 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.246.203"; classtype:trojan-activity; sid:37884871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.67.58.101 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.67.58.101"; classtype:trojan-activity; sid:37884881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 200.129.69.7 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.129.69.7"; classtype:trojan-activity; sid:37884891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.209.101 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.209.101"; classtype:trojan-activity; sid:37884901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 196.203.207.166 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.203.207.166"; classtype:trojan-activity; sid:37884911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 201.184.50.251 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.184.50.251"; classtype:trojan-activity; sid:37884921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.103.40.157 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.40.157"; classtype:trojan-activity; sid:37884931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 39.103.98.192 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.103.98.192"; classtype:trojan-activity; sid:37884941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 167.172.97.39 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.97.39"; classtype:trojan-activity; sid:37884951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 79.137.198.108 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.137.198.108"; classtype:trojan-activity; sid:37884961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.113.0.122 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.113.0.122"; classtype:trojan-activity; sid:37884971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 5.250.179.93 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.250.179.93"; classtype:trojan-activity; sid:37884981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 91.199.27.116 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.199.27.116"; classtype:trojan-activity; sid:37884991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.201.97 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.201.97"; classtype:trojan-activity; sid:37885001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 115.159.224.49 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.224.49"; classtype:trojan-activity; sid:37885011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 220.80.223.144 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.80.223.144"; classtype:trojan-activity; sid:37885021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 218.255.179.162 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.255.179.162"; classtype:trojan-activity; sid:37885031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.147.243 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.147.243"; classtype:trojan-activity; sid:37885041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 85.72.55.82 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.72.55.82"; classtype:trojan-activity; sid:37885051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.86.122 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.86.122"; classtype:trojan-activity; sid:37885061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.159.211.119 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.159.211.119"; classtype:trojan-activity; sid:37885071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 190.153.249.99 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.153.249.99"; classtype:trojan-activity; sid:37885081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 206.189.158.144 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.158.144"; classtype:trojan-activity; sid:37885091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 206.125.129.82 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.125.129.82"; classtype:trojan-activity; sid:37885101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 195.72.145.14 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.72.145.14"; classtype:trojan-activity; sid:37885111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.156.171.188 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.171.188"; classtype:trojan-activity; sid:37885121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 15.235.215.159 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.235.215.159"; classtype:trojan-activity; sid:37885131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.109.154 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.109.154"; classtype:trojan-activity; sid:37885141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.188.74 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.188.74"; classtype:trojan-activity; sid:37885151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.241.203 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.241.203"; classtype:trojan-activity; sid:37885161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.242.237 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.242.237"; classtype:trojan-activity; sid:37885171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.73.181 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.73.181"; classtype:trojan-activity; sid:37885181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 1.164.126.206 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.164.126.206"; classtype:trojan-activity; sid:37885191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.210.155.249 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.210.155.249"; classtype:trojan-activity; sid:37885201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 181.123.12.32 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.123.12.32"; classtype:trojan-activity; sid:37885211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 191.100.25.45 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.100.25.45"; classtype:trojan-activity; sid:37885221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.215.238 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.215.238"; classtype:trojan-activity; sid:37885231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 198.44.170.159 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.44.170.159"; classtype:trojan-activity; sid:37885241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.230.39.165 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.230.39.165"; classtype:trojan-activity; sid:37885251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.121.48.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.121.48.3"; classtype:trojan-activity; sid:37885261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 132.148.165.220 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.148.165.220"; classtype:trojan-activity; sid:37885271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.175.30.230 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.175.30.230"; classtype:trojan-activity; sid:37885281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 103.198.26.210 1902 (msg: "MISP e27195 [RAT,RemcosRAT] Outgoing To IP: 103.198.26.210|1902"; classtype:trojan-activity; sid:37867451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 65.190.102.226 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.190.102.226"; classtype:trojan-activity; sid:37885291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.60.220 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.60.220"; classtype:trojan-activity; sid:37885301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 85.215.69.131 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.215.69.131"; classtype:trojan-activity; sid:37885311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 1.180.219.210 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.180.219.210"; classtype:trojan-activity; sid:37885321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.204.102 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.204.102"; classtype:trojan-activity; sid:37885331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 158.140.138.86 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.140.138.86"; classtype:trojan-activity; sid:37885341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 154.221.16.10 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.221.16.10"; classtype:trojan-activity; sid:37885351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 208.125.75.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.125.75.178"; classtype:trojan-activity; sid:37885361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 155.248.215.65 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 155.248.215.65"; classtype:trojan-activity; sid:37885371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.70.178.158 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.70.178.158"; classtype:trojan-activity; sid:37885381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 193.119.99.234 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.119.99.234"; classtype:trojan-activity; sid:37885391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.43.37.115 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.37.115"; classtype:trojan-activity; sid:37885401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.118.242.16 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.118.242.16"; classtype:trojan-activity; sid:37885411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 222.96.14.76 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.96.14.76"; classtype:trojan-activity; sid:37885421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 1.12.75.55 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.75.55"; classtype:trojan-activity; sid:37885431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 139.199.132.36 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.199.132.36"; classtype:trojan-activity; sid:37885441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.106.176.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.176.3"; classtype:trojan-activity; sid:37885451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.159.51.7 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.51.7"; classtype:trojan-activity; sid:37885461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.241.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.241.2"; classtype:trojan-activity; sid:37885471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 93.121.189.46 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.121.189.46"; classtype:trojan-activity; sid:37885481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.109.84.157 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.84.157"; classtype:trojan-activity; sid:37885491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 121.164.71.235 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.164.71.235"; classtype:trojan-activity; sid:37885501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.226.194.95 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.194.95"; classtype:trojan-activity; sid:37885511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.232.90 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.232.90"; classtype:trojan-activity; sid:37885521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 27.25.138.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.25.138.5"; classtype:trojan-activity; sid:37885531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 120.48.98.154 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.98.154"; classtype:trojan-activity; sid:37885541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 140.83.48.132 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.83.48.132"; classtype:trojan-activity; sid:37885551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 134.209.27.56 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.27.56"; classtype:trojan-activity; sid:37885561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.208.108.166 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.208.108.166"; classtype:trojan-activity; sid:37885571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.126.24.19 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.24.19"; classtype:trojan-activity; sid:37885581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 187.74.91.124 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.74.91.124"; classtype:trojan-activity; sid:37885591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 91.215.147.69 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.215.147.69"; classtype:trojan-activity; sid:37885601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 152.136.157.226 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.157.226"; classtype:trojan-activity; sid:37885611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.181.188 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.181.188"; classtype:trojan-activity; sid:37885621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.216.43 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.216.43"; classtype:trojan-activity; sid:37885631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.167.125 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.167.125"; classtype:trojan-activity; sid:37885641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 202.157.189.179 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.189.179"; classtype:trojan-activity; sid:37885651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 144.48.240.23 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.48.240.23"; classtype:trojan-activity; sid:37885661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 82.157.187.11 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.187.11"; classtype:trojan-activity; sid:37885671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.179.71 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.179.71"; classtype:trojan-activity; sid:37885681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.201.115 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.201.115"; classtype:trojan-activity; sid:37885691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.70.124 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.70.124"; classtype:trojan-activity; sid:37885701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.232.153.88 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.153.88"; classtype:trojan-activity; sid:37885711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.40.248.20 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.40.248.20"; classtype:trojan-activity; sid:37885721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.8.118 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.8.118"; classtype:trojan-activity; sid:37885731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.231.174.116 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.174.116"; classtype:trojan-activity; sid:37885741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.221.10.200 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.10.200"; classtype:trojan-activity; sid:37885751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.129.61.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.129.61.3"; classtype:trojan-activity; sid:37885761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.167.88.254 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.167.88.254"; classtype:trojan-activity; sid:37885771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 113.254.237.169 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.254.237.169"; classtype:trojan-activity; sid:37885781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.89.92.231 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.92.231"; classtype:trojan-activity; sid:37885791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.128.111.113 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.111.113"; classtype:trojan-activity; sid:37885801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 125.164.4.19 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.164.4.19"; classtype:trojan-activity; sid:37885811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.160.119 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.160.119"; classtype:trojan-activity; sid:37885821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 190.0.63.226 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.0.63.226"; classtype:trojan-activity; sid:37885831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.248.172.221 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.172.221"; classtype:trojan-activity; sid:37885841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.110.28 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.110.28"; classtype:trojan-activity; sid:37885851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.86.197 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.86.197"; classtype:trojan-activity; sid:37885861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 39.105.117.249 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.105.117.249"; classtype:trojan-activity; sid:37885871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.70.191 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.70.191"; classtype:trojan-activity; sid:37885881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.24.199.106 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.24.199.106"; classtype:trojan-activity; sid:37885891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 95.165.26.166 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.165.26.166"; classtype:trojan-activity; sid:37885901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.101.180 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.101.180"; classtype:trojan-activity; sid:37885911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27195 [dcrat] Outgoing URL http|3a|//a0923769.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0923769.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 103.146.50.194 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.146.50.194"; classtype:trojan-activity; sid:37885921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.210.233 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.210.233"; classtype:trojan-activity; sid:37885931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.139.111 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.139.111"; classtype:trojan-activity; sid:37885941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.28.233.55 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.233.55"; classtype:trojan-activity; sid:37885951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.120.154.21 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.120.154.21"; classtype:trojan-activity; sid:37885961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 112.163.141.20 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.163.141.20"; classtype:trojan-activity; sid:37885971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.211.46 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.211.46"; classtype:trojan-activity; sid:37885981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.254.218 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.254.218"; classtype:trojan-activity; sid:37885991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.89.229.254 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.229.254"; classtype:trojan-activity; sid:37886001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.18.40 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.18.40"; classtype:trojan-activity; sid:37886011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27178 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37866061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27178;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27178 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37866062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27178;) alert ip 43.157.45.202 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.45.202"; classtype:trojan-activity; sid:37886021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27179 [] Domain bepass-bestado.pages.dev"; dns.query; content:"bepass-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37866141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27179;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27179 [] Outgoing HTTP Domain bepass-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bepass-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37866142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27179;) alert dns any any -> any any (msg: "MISP e27180 [] Domain portal-estado.pages.dev"; dns.query; content:"portal-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37866221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27180;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27180 [] Outgoing HTTP Domain portal-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37866222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27180;) alert dns any any -> any any (msg: "MISP e27181 [] Domain portal-banestado.pages.dev"; dns.query; content:"portal-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37866301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27181;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27181 [] Outgoing HTTP Domain portal-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37866302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27181;) alert dns any any -> any any (msg: "MISP e27182 [] Domain simula-banestado.pages.dev"; dns.query; content:"simula-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])simula\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37866381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27182;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27182 [] Outgoing HTTP Domain simula-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"simula-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])simula\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37866382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27182;) alert ip $HOME_NET any -> 147.124.208.234 4483 (msg: "MISP e27195 [RedLineStealer] Outgoing To IP: 147.124.208.234|4483"; classtype:trojan-activity; sid:37867491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 179.225.152.156 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.225.152.156"; classtype:trojan-activity; sid:37886031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27183 [] Domain micro-bancaestado.pages.dev"; dns.query; content:"micro-bancaestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37866461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27183;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27183 [] Outgoing HTTP Domain micro-bancaestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"micro-bancaestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37866462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27183;) alert dns any any -> any any (msg: "MISP e27184 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:37866541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27184;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27184 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37866542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27184;) alert ip 36.26.2.236 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.26.2.236"; classtype:trojan-activity; sid:37886041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.154.145.233 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.145.233"; classtype:trojan-activity; sid:37886051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.157.92.88 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.92.88"; classtype:trojan-activity; sid:37886061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 212.192.15.103 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.192.15.103"; classtype:trojan-activity; sid:37886071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.33.136 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.33.136"; classtype:trojan-activity; sid:37886081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27185 [] Domain ingreso-banestado.pages.dev"; dns.query; content:"ingreso-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])ingreso\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37866621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27185;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27185 [] Outgoing HTTP Domain ingreso-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ingreso-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ingreso\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37866622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27185;) alert ip 87.103.175.140 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.103.175.140"; classtype:trojan-activity; sid:37886091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 117.50.177.90 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.177.90"; classtype:trojan-activity; sid:37886101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.240.110.130 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.240.110.130"; classtype:trojan-activity; sid:37886111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 128.199.150.10 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.150.10"; classtype:trojan-activity; sid:37886121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.245.246 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.245.246"; classtype:trojan-activity; sid:37886131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 157.230.246.220 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.246.220"; classtype:trojan-activity; sid:37886141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 144.217.173.156 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.217.173.156"; classtype:trojan-activity; sid:37886151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 120.39.211.167 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.39.211.167"; classtype:trojan-activity; sid:37886161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.68.31 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.68.31"; classtype:trojan-activity; sid:37886171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 20.127.57.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.127.57.126"; classtype:trojan-activity; sid:37886181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 120.48.122.45 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.122.45"; classtype:trojan-activity; sid:37886191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 99.237.237.173 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 99.237.237.173"; classtype:trojan-activity; sid:37886201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 146.190.162.83 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.162.83"; classtype:trojan-activity; sid:37886211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.3.176.170 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.3.176.170"; classtype:trojan-activity; sid:37886221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 50.27.184.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.27.184.5"; classtype:trojan-activity; sid:37886231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.143.132 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.143.132"; classtype:trojan-activity; sid:37886241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.175.111.183 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.175.111.183"; classtype:trojan-activity; sid:37886251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.130.62.221 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.62.221"; classtype:trojan-activity; sid:37886261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.106.74.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.74.178"; classtype:trojan-activity; sid:37886271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 114.34.106.146 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.34.106.146"; classtype:trojan-activity; sid:37886281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 213.226.100.35 53 (msg: "MISP e27195 [Bianlian Go Trojan,STARK-INDUSTRIES] Outgoing To IP: 213.226.100.35|53"; classtype:trojan-activity; sid:37867501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27251 [] Domain digitalcrossways.com"; dns.query; content:"digitalcrossways.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])digitalcrossways\.com$/i"; classtype:trojan-activity; sid:37889561; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27251;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27251 [] Outgoing HTTP Domain digitalcrossways.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"digitalcrossways.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])digitalcrossways\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37889562; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27251;) alert ip 43.134.168.209 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.168.209"; classtype:trojan-activity; sid:37886291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.216.43 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.216.43"; classtype:trojan-activity; sid:37886301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 23.227.194.232 443 (msg: "MISP e27195 [Havoc,HVC-AS] Outgoing To IP: 23.227.194.232|443"; classtype:trojan-activity; sid:37867511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 15.228.57.29 443 (msg: "MISP e27195 [AMAZON-02,Havoc] Outgoing To IP: 15.228.57.29|443"; classtype:trojan-activity; sid:37867521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 172.181.54.61 80 (msg: "MISP e27195 [MICROSOFT-CORP-MSN-AS-BLOCK,Responder] Outgoing To IP: 172.181.54.61|80"; classtype:trojan-activity; sid:37867531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 94.237.63.16 445 (msg: "MISP e27195 [Responder,UPCLOUD] Outgoing To IP: 94.237.63.16|445"; classtype:trojan-activity; sid:37867541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 73.155.10.152 443 (msg: "MISP e27195 [CMCS,QakBot] Outgoing To IP: 73.155.10.152|443"; classtype:trojan-activity; sid:37867551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 70.27.138.200 2222 (msg: "MISP e27195 [BACOM,QakBot] Outgoing To IP: 70.27.138.200|2222"; classtype:trojan-activity; sid:37867561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 75.164.85.121 995 (msg: "MISP e27195 [CENTURYLINK-US-LEGACY-QWEST,QakBot] Outgoing To IP: 75.164.85.121|995"; classtype:trojan-activity; sid:37867571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 37.211.19.15 443 (msg: "MISP e27195 [GCC-MPLS-PEERING GCC MPLS peering,QakBot] Outgoing To IP: 37.211.19.15|443"; classtype:trojan-activity; sid:37867581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 46.246.6.6 6000 (msg: "MISP e27195 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.6.6|6000"; classtype:trojan-activity; sid:37867591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 147.135.85.114 8000 (msg: "MISP e27195 [dcrat,OVH] Outgoing To IP: 147.135.85.114|8000"; classtype:trojan-activity; sid:37867601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27235 [] Outgoing URL http|3a|//tinyurl.com/b1jk91"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/b1jk91"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37889271; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27235;) alert dns any any -> any any (msg: "MISP e27235 [] Domain alshafaf.ae"; dns.query; content:"alshafaf.ae"; nocase; pcre: "/(^|[^A-Za-z0-9-])alshafaf\.ae$/i"; classtype:trojan-activity; sid:37889291; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27235;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27235 [] Outgoing HTTP Domain alshafaf.ae"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"alshafaf.ae"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])alshafaf\.ae[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37889292; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27235;) alert ip $HOME_NET any -> 185.161.248.199 80 (msg: "MISP e27195 [KISARA-AS,Meduza Stealer] Outgoing To IP: 185.161.248.199|80"; classtype:trojan-activity; sid:37867611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27207 [] Domain nova-ljubljanska.com"; dns.query; content:"nova-ljubljanska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nova\-ljubljanska\.com$/i"; classtype:trojan-activity; sid:37869821; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27207;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27207 [] Outgoing HTTP Domain nova-ljubljanska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nova-ljubljanska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nova\-ljubljanska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37869822; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27207;) alert ip 106.12.121.28 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.121.28"; classtype:trojan-activity; sid:37886311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.206.115.42 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.206.115.42"; classtype:trojan-activity; sid:37886321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27247 [] Domain nllb-klikc.com"; dns.query; content:"nllb-klikc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nllb\-klikc\.com$/i"; classtype:trojan-activity; sid:37889521; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27247;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27247 [] Outgoing HTTP Domain nllb-klikc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nllb-klikc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nllb\-klikc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37889522; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27247;) alert ip 113.31.126.124 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.31.126.124"; classtype:trojan-activity; sid:37886331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27230 [] Domain nlib-klik.com"; dns.query; content:"nlib-klik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nlib\-klik\.com$/i"; classtype:trojan-activity; sid:37871851; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27230;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27230 [] Outgoing HTTP Domain nlib-klik.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nlib-klik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nlib\-klik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37871852; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27230;) alert ip 110.11.234.8 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.11.234.8"; classtype:trojan-activity; sid:37886341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.135.250 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.135.250"; classtype:trojan-activity; sid:37886351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27256 [] Domain nllb-klick.com"; dns.query; content:"nllb-klick.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nllb\-klick\.com$/i"; classtype:trojan-activity; sid:37889711; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27256;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27256 [] Outgoing HTTP Domain nllb-klick.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nllb-klick.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nllb\-klick\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37889712; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27256;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27256 [] Outgoing URL http|3a|//nllb-klick.com"; flow:to_server,established; http.header; content:"nllb-klick.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37889721; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27256;) alert ip 46.47.255.114 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.47.255.114"; classtype:trojan-activity; sid:37886361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 164.163.98.49 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.163.98.49"; classtype:trojan-activity; sid:37886371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.110.121.41 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.110.121.41"; classtype:trojan-activity; sid:37886381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 221.150.111.121 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.150.111.121"; classtype:trojan-activity; sid:37886391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 181.214.231.232 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.214.231.232"; classtype:trojan-activity; sid:37886401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.143.215.168 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.215.168"; classtype:trojan-activity; sid:37886411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.62.65 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.62.65"; classtype:trojan-activity; sid:37886421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 218.75.136.139 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.75.136.139"; classtype:trojan-activity; sid:37886431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.143.254.118 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.254.118"; classtype:trojan-activity; sid:37886441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.62.133.214 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.133.214"; classtype:trojan-activity; sid:37886451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 61.157.177.227 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.157.177.227"; classtype:trojan-activity; sid:37886461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.53.219.225 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.219.225"; classtype:trojan-activity; sid:37886471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.109.245.123 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.245.123"; classtype:trojan-activity; sid:37886481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 172.174.5.146 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.174.5.146"; classtype:trojan-activity; sid:37886491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.3.155.128 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.3.155.128"; classtype:trojan-activity; sid:37886501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.43.6.203 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.6.203"; classtype:trojan-activity; sid:37886511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 31.41.44.129 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.41.44.129"; classtype:trojan-activity; sid:37886521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 162.62.133.248 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.133.248"; classtype:trojan-activity; sid:37886531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 47.242.71.147 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.71.147"; classtype:trojan-activity; sid:37886541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 47.243.49.239 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.243.49.239"; classtype:trojan-activity; sid:37886551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 58.215.45.187 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.215.45.187"; classtype:trojan-activity; sid:37886561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 167.172.171.116 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.171.116"; classtype:trojan-activity; sid:37886571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.109.18.87 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.18.87"; classtype:trojan-activity; sid:37886581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27228 [] Outgoing URL http|3a|//tinyurl.com/3cr52jpe"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/3cr52jpe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37871721; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27228;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27243 [] Outgoing URL http|3a|//tinyurl.com/y3dxmnwz?il9qgk8"; flow:to_server,established; http.header; content:"tinyurl.com"; fast_pattern; nocase; http.uri; content:"/y3dxmnwz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37889431; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27243;) alert dns any any -> any any (msg: "MISP e27220 [] Domain savme.xyz"; dns.query; content:"savme.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])savme\.xyz$/i"; classtype:trojan-activity; sid:37870231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27220;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27220 [] Outgoing HTTP Domain savme.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"savme.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])savme\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37870232; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27220;) alert ip 149.202.55.133 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.202.55.133"; classtype:trojan-activity; sid:37886591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27249 [] Outgoing URL http|3a|//servico-secured2-caitlinaloisio91163387.codeanyapp.com/NLB"; flow:to_server,established; http.header; content:"servico-secured2-caitlinaloisio91163387.codeanyapp.com"; fast_pattern; nocase; http.uri; content:"/NLB"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37889541; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27249;) alert ip 162.14.102.43 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.102.43"; classtype:trojan-activity; sid:37886601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.199.62 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.199.62"; classtype:trojan-activity; sid:37886611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27206 [] Outgoing URL http|3a|//service-secured-caitlinaloisio91163387.codeanyapp.com/NLB"; flow:to_server,established; http.header; content:"service-secured-caitlinaloisio91163387.codeanyapp.com"; fast_pattern; nocase; http.uri; content:"/NLB"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37869801; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27206;) alert ip 97.68.57.241 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 97.68.57.241"; classtype:trojan-activity; sid:37886621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27217 [] Domain nlbklikl.click"; dns.query; content:"nlbklikl.click"; nocase; pcre: "/(^|[^A-Za-z0-9-])nlbklikl\.click$/i"; classtype:trojan-activity; sid:37870111; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27217;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27217 [] Outgoing HTTP Domain nlbklikl.click"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nlbklikl.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nlbklikl\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37870112; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27217;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27217 [] Outgoing URL http|3a|//nlbklikl.click"; flow:to_server,established; http.header; content:"nlbklikl.click"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37870121; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27217;) alert ip 167.71.173.117 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.173.117"; classtype:trojan-activity; sid:37886631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> 141.98.10.21 $HTTP_PORTS (msg: "MISP e27236 [] Outgoing URL http|3a|//141.98.10.21/NlbKlik1/a1b2c3/302e57b82018b16524936bb5015ca45c/login"; flow:to_server,established; http.header; content:"141.98.10.21"; fast_pattern; nocase; http.uri; content:"/NlbKlik1/a1b2c3/302e57b82018b16524936bb5015ca45c/login"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37889301; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27236;) alert dns any any -> any any (msg: "MISP e27203 [] Domain nib-klick.com"; dns.query; content:"nib-klick.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nib\-klick\.com$/i"; classtype:trojan-activity; sid:37869701; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27203;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27203 [] Outgoing HTTP Domain nib-klick.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nib-klick.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nib\-klick\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37869702; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27203;) alert ip 45.125.66.91 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.125.66.91"; classtype:trojan-activity; sid:37886641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 1.15.80.32 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.15.80.32"; classtype:trojan-activity; sid:37886651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 161.35.52.191 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.52.191"; classtype:trojan-activity; sid:37886661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.189.1.96 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.189.1.96"; classtype:trojan-activity; sid:37886671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27245 [] Outgoing URL http|3a|//wiz-nethelpteamt960430.codeanyapp.com/slovi/NLB"; flow:to_server,established; http.header; content:"wiz-nethelpteamt960430.codeanyapp.com"; fast_pattern; nocase; http.uri; content:"/slovi/NLB"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37889451; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27245;) alert dns any any -> any any (msg: "MISP e27227 [] Domain nib-klik.com"; dns.query; content:"nib-klik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nib\-klik\.com$/i"; classtype:trojan-activity; sid:37871701; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27227;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27227 [] Outgoing HTTP Domain nib-klik.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nib-klik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nib\-klik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37871702; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27227;) alert ip 89.147.109.226 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.147.109.226"; classtype:trojan-activity; sid:37886681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 157.230.102.185 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.102.185"; classtype:trojan-activity; sid:37886691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.159.226.151 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.159.226.151"; classtype:trojan-activity; sid:37886701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 141.239.149.94 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.239.149.94"; classtype:trojan-activity; sid:37886711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 37.120.166.23 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.120.166.23"; classtype:trojan-activity; sid:37886721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27233 [] Outgoing URL http|3a|//nlbklik-14-02-si.ni-sy.icu/nlbpay"; flow:to_server,established; http.header; content:"nlbklik-14-02-si.ni-sy.icu"; fast_pattern; nocase; http.uri; content:"/nlbpay"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37889221; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27233;) alert ip 103.163.215.12 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.163.215.12"; classtype:trojan-activity; sid:37886731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 23.137.249.62 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.137.249.62"; classtype:trojan-activity; sid:37886741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.220.101.167 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.167"; classtype:trojan-activity; sid:37886751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 51.89.138.51 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.89.138.51"; classtype:trojan-activity; sid:37886761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 200.148.153.172 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.148.153.172"; classtype:trojan-activity; sid:37886771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 115.247.46.122 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.247.46.122"; classtype:trojan-activity; sid:37886781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 72.167.55.58 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.167.55.58"; classtype:trojan-activity; sid:37886791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 85.198.14.14 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.198.14.14"; classtype:trojan-activity; sid:37886801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 13.250.46.115 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.250.46.115"; classtype:trojan-activity; sid:37886811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.61.120 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.61.120"; classtype:trojan-activity; sid:37886821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 200.142.121.186 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.142.121.186"; classtype:trojan-activity; sid:37886831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 75.180.205.118 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.180.205.118"; classtype:trojan-activity; sid:37886841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.36.216.132 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.36.216.132"; classtype:trojan-activity; sid:37886851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.38.205.224 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.38.205.224"; classtype:trojan-activity; sid:37886861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 72.167.46.119 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.167.46.119"; classtype:trojan-activity; sid:37886871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27195 [KeitaroTDS,SocGholish] Domain asyncfunctionapi.com"; dns.query; content:"asyncfunctionapi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asyncfunctionapi\.com$/i"; classtype:trojan-activity; sid:37867671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [KeitaroTDS,SocGholish] Outgoing HTTP Domain asyncfunctionapi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asyncfunctionapi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asyncfunctionapi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37867672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 83.69.236.128 443 (msg: "MISP e27195 [KeitaroTDS,SocGholish] Outgoing To IP: 83.69.236.128|443"; classtype:trojan-activity; sid:37867661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 103.173.254.239 42516 (msg: "MISP e27195 [c2,Gafgyt,Mirai] Outgoing To IP: 103.173.254.239|42516"; classtype:trojan-activity; sid:37867351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [] Domain brainyworkslogos.com"; dns.query; content:"brainyworkslogos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])brainyworkslogos\.com$/i"; classtype:trojan-activity; sid:37867361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [] Outgoing HTTP Domain brainyworkslogos.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brainyworkslogos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brainyworkslogos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37867362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 45.95.169.102 4258 (msg: "MISP e27195 [Gafgyt] Outgoing To IP: 45.95.169.102|4258"; classtype:trojan-activity; sid:37867371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [njrat,RAT] Domain ronymahmoud.casacam.net"; dns.query; content:"ronymahmoud.casacam.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ronymahmoud\.casacam\.net$/i"; classtype:trojan-activity; sid:37867381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [njrat,RAT] Outgoing HTTP Domain ronymahmoud.casacam.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ronymahmoud.casacam.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ronymahmoud\.casacam\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37867382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 91.92.252.146 8008 (msg: "MISP e27195 [infostealer,LokiBot,stealer] Outgoing To IP: 91.92.252.146|8008"; classtype:trojan-activity; sid:37867391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 192.169.69.26 8651 (msg: "MISP e27195 [njrat,RAT] Outgoing To IP: 192.169.69.26|8651"; classtype:trojan-activity; sid:37867421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 46.246.14.67 7771 (msg: "MISP e27195 [njrat,RAT] Outgoing To IP: 46.246.14.67|7771"; classtype:trojan-activity; sid:37867461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [njrat,RAT] Domain berlyndinero.duckdns.org"; dns.query; content:"berlyndinero.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])berlyndinero\.duckdns\.org$/i"; classtype:trojan-activity; sid:37867471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [njrat,RAT] Outgoing HTTP Domain berlyndinero.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"berlyndinero.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])berlyndinero\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37867472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 118.31.75.32 1145 (msg: "MISP e27195 [Meterpreter] Outgoing To IP: 118.31.75.32|1145"; classtype:trojan-activity; sid:37867681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27213 [] Source Email Address: emiranda@proyecta.net.pe"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"emiranda@proyecta.net.pe"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37869921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27213;) alert http $HOME_NET any -> 118.31.75.32 1145 (msg: "MISP e27195 [CobaltStrike] Outgoing URL http|3a|//118.31.75.32|3a|1145/nl7l"; flow:to_server,established; http.header; content:"118.31.75.32"; fast_pattern; nocase; http.uri; content:"/nl7l"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 117.50.173.253 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.173.253"; classtype:trojan-activity; sid:37886881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27213 [] Source Email Address: prabodh.singh1@outlook.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"prabodh.singh1@outlook.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37869931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27213;) alert ip 43.134.250.160 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.250.160"; classtype:trojan-activity; sid:37886891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.132.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.132.2"; classtype:trojan-activity; sid:37886901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.201.79.222 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.201.79.222"; classtype:trojan-activity; sid:37886911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.221.128.115 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.128.115"; classtype:trojan-activity; sid:37886921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 166.1.173.27 443 (msg: "MISP e27195 [SocGholish] Outgoing To IP: 166.1.173.27|443"; classtype:trojan-activity; sid:37867711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 199.250.194.144 443 (msg: "MISP e27195 [SocGholish] Outgoing To IP: 199.250.194.144|443"; classtype:trojan-activity; sid:37867691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 119.96.157.188 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.157.188"; classtype:trojan-activity; sid:37886931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.0.176 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.0.176"; classtype:trojan-activity; sid:37886941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.241.156.218 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.156.218"; classtype:trojan-activity; sid:37886951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 204.145.0.177 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.145.0.177"; classtype:trojan-activity; sid:37886961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27200 [] Domain ldepnadorabe.flazio.com"; dns.query; content:"ldepnadorabe.flazio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ldepnadorabe\.flazio\.com$/i"; classtype:trojan-activity; sid:37869611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27200;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27200 [] Outgoing HTTP Domain ldepnadorabe.flazio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ldepnadorabe.flazio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ldepnadorabe\.flazio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37869612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27200;) alert ip 43.163.202.171 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.202.171"; classtype:trojan-activity; sid:37886971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 185.217.197.52 443 (msg: "MISP e27195 [SocGholish] Outgoing To IP: 185.217.197.52|443"; classtype:trojan-activity; sid:37867721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 65.109.242.251 443 (msg: "MISP e27195 [Vidar] Outgoing To IP: 65.109.242.251|443"; classtype:trojan-activity; sid:37867731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 5.75.209.178 443 (msg: "MISP e27195 [Vidar] Outgoing To IP: 5.75.209.178|443"; classtype:trojan-activity; sid:37867741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 170.64.217.68 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.217.68"; classtype:trojan-activity; sid:37886981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 121.229.98.52 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.229.98.52"; classtype:trojan-activity; sid:37886991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.159.129 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.159.129"; classtype:trojan-activity; sid:37887001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.237.103 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.237.103"; classtype:trojan-activity; sid:37887011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 85.133.178.252 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.133.178.252"; classtype:trojan-activity; sid:37887021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.222.70.179 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.70.179"; classtype:trojan-activity; sid:37887031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 80.66.75.106 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.75.106"; classtype:trojan-activity; sid:37887041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.232.80.69 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.80.69"; classtype:trojan-activity; sid:37887051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.24.138.157 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.24.138.157"; classtype:trojan-activity; sid:37887061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.28.156.175 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.156.175"; classtype:trojan-activity; sid:37887071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27260 [] Domain lhv-ee.unipronetwork.com.br"; dns.query; content:"lhv-ee.unipronetwork.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])lhv\-ee\.unipronetwork\.com\.br$/i"; classtype:trojan-activity; sid:37889941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27260;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27260 [] Outgoing HTTP Domain lhv-ee.unipronetwork.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lhv-ee.unipronetwork.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lhv\-ee\.unipronetwork\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37889942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27260;) alert ip 103.164.204.212 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.164.204.212"; classtype:trojan-activity; sid:37887081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.225.254 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.225.254"; classtype:trojan-activity; sid:37887091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.159.108 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.159.108"; classtype:trojan-activity; sid:37887101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.19.22 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.19.22"; classtype:trojan-activity; sid:37887111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 134.122.62.189 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.122.62.189"; classtype:trojan-activity; sid:37887121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e26936 [Take Down] Domain mr-madsal.top"; dns.query; content:"mr-madsal.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])mr\-madsal\.top$/i"; classtype:trojan-activity; sid:37724071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26936;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e26936 [Take Down] Outgoing HTTP Domain mr-madsal.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mr-madsal.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mr\-madsal\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37724072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/26936;) alert http $HOME_NET any -> 118.31.75.32 1145 (msg: "MISP e27195 [CobaltStrike] Outgoing URL http|3a|//118.31.75.32|3a|1145/xlvc"; flow:to_server,established; http.header; content:"118.31.75.32"; fast_pattern; nocase; http.uri; content:"/xlvc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 43.153.27.98 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.27.98"; classtype:trojan-activity; sid:37887131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.107.205 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.107.205"; classtype:trojan-activity; sid:37887141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.109.205.114 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.205.114"; classtype:trojan-activity; sid:37887151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.203.19.56 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.19.56"; classtype:trojan-activity; sid:37887161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 178.62.222.107 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.222.107"; classtype:trojan-activity; sid:37887171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27218 [] Outgoing URL http|3a|//chopefoundation.co.za/shims/index.php"; flow:to_server,established; http.header; content:"chopefoundation.co.za"; fast_pattern; nocase; http.uri; content:"/shims/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37870131; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27218;) alert ip 107.172.132.142 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.132.142"; classtype:trojan-activity; sid:37887181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.210.225.48 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.210.225.48"; classtype:trojan-activity; sid:37887191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.251.147 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.251.147"; classtype:trojan-activity; sid:37887201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.114.171.86 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.114.171.86"; classtype:trojan-activity; sid:37887211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 122.51.118.39 443 (msg: "MISP e27195 [CobaltStrike,cs-watermark-100000,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 122.51.118.39|443"; classtype:trojan-activity; sid:37867791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 159.65.163.216 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.163.216"; classtype:trojan-activity; sid:37887221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaborshoeireland.com"; dns.query; content:"gaborshoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoeireland\.com$/i"; classtype:trojan-activity; sid:38136661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaborshoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaborshoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aerieleggingsireland.com"; dns.query; content:"aerieleggingsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aerieleggingsireland\.com$/i"; classtype:trojan-activity; sid:38136671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aerieleggingsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aerieleggingsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aerieleggingsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aerieleggingscanada.com"; dns.query; content:"aerieleggingscanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aerieleggingscanada\.com$/i"; classtype:trojan-activity; sid:38136681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aerieleggingscanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aerieleggingscanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aerieleggingscanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aerieleggingsuk.com"; dns.query; content:"aerieleggingsuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aerieleggingsuk\.com$/i"; classtype:trojan-activity; sid:38136691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aerieleggingsuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aerieleggingsuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aerieleggingsuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bapeoutletaustralia.com"; dns.query; content:"bapeoutletaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletaustralia\.com$/i"; classtype:trojan-activity; sid:38136701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bapeoutletaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bapeoutletaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyaustraliaoutlet.com"; dns.query; content:"dknyaustraliaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyaustraliaoutlet\.com$/i"; classtype:trojan-activity; sid:38136711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyaustraliaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyaustraliaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyaustraliaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknycantaturkiye.com"; dns.query; content:"dknycantaturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknycantaturkiye\.com$/i"; classtype:trojan-activity; sid:38136721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknycantaturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknycantaturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknycantaturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyfactoryoutletusa.com"; dns.query; content:"dknyfactoryoutletusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyfactoryoutletusa\.com$/i"; classtype:trojan-activity; sid:38136731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyfactoryoutletusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyfactoryoutletusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyfactoryoutletusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dkny-italy.com"; dns.query; content:"dkny-italy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dkny\-italy\.com$/i"; classtype:trojan-activity; sid:38136741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dkny-italy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dkny-italy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dkny\-italy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknymexicooutlet.com"; dns.query; content:"dknymexicooutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknymexicooutlet\.com$/i"; classtype:trojan-activity; sid:38136751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknymexicooutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknymexicooutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknymexicooutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dkny-nl.com"; dns.query; content:"dkny-nl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dkny\-nl\.com$/i"; classtype:trojan-activity; sid:38136761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dkny-nl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dkny-nl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dkny\-nl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknynorway.com"; dns.query; content:"dknynorway.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknynorway\.com$/i"; classtype:trojan-activity; sid:38136771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknynorway.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknynorway.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknynorway\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyoutletcanada.com"; dns.query; content:"dknyoutletcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyoutletcanada\.com$/i"; classtype:trojan-activity; sid:38136781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyoutletcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyoutletcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyoutletcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyoutletespana.com"; dns.query; content:"dknyoutletespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyoutletespana\.com$/i"; classtype:trojan-activity; sid:38136791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyoutletespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyoutletespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyoutletespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyoutletstore.com"; dns.query; content:"dknyoutletstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyoutletstore\.com$/i"; classtype:trojan-activity; sid:38136801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyoutletstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyoutletstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyoutletstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dkny-pl.com"; dns.query; content:"dkny-pl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dkny\-pl\.com$/i"; classtype:trojan-activity; sid:38136811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dkny-pl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dkny-pl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dkny\-pl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknysiteofficiel.com"; dns.query; content:"dknysiteofficiel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknysiteofficiel\.com$/i"; classtype:trojan-activity; sid:38136821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknysiteofficiel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknysiteofficiel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknysiteofficiel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyuaewebsite.com"; dns.query; content:"dknyuaewebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyuaewebsite\.com$/i"; classtype:trojan-activity; sid:38136831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyuaewebsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyuaewebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyuaewebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyukwebsite.com"; dns.query; content:"dknyukwebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyukwebsite\.com$/i"; classtype:trojan-activity; sid:38136841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyukwebsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyukwebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyukwebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain furlabagsoutletusa.com"; dns.query; content:"furlabagsoutletusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])furlabagsoutletusa\.com$/i"; classtype:trojan-activity; sid:38136851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain furlabagsoutletusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"furlabagsoutletusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])furlabagsoutletusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain furlabagsuae.com"; dns.query; content:"furlabagsuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])furlabagsuae\.com$/i"; classtype:trojan-activity; sid:38136861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain furlabagsuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"furlabagsuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])furlabagsuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaborshoescanada.com"; dns.query; content:"gaborshoescanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoescanada\.com$/i"; classtype:trojan-activity; sid:38136871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaborshoescanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaborshoescanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoescanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaborshoesonlinecanada.com"; dns.query; content:"gaborshoesonlinecanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoesonlinecanada\.com$/i"; classtype:trojan-activity; sid:38136881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaborshoesonlinecanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaborshoesonlinecanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoesonlinecanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaborshoessouthafrica.com"; dns.query; content:"gaborshoessouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoessouthafrica\.com$/i"; classtype:trojan-activity; sid:38136891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaborshoessouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaborshoessouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoessouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaborshoeuk.com"; dns.query; content:"gaborshoeuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoeuk\.com$/i"; classtype:trojan-activity; sid:38136901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaborshoeuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaborshoeuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoeuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharks-egypt.com"; dns.query; content:"gymsharks-egypt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharks\-egypt\.com$/i"; classtype:trojan-activity; sid:38136911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharks-egypt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharks-egypt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharks\-egypt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendadknyespana.com"; dns.query; content:"tiendadknyespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendadknyespana\.com$/i"; classtype:trojan-activity; sid:38136921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendadknyespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendadknyespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendadknyespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip 190.111.249.136 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.111.249.136"; classtype:trojan-activity; sid:37887231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 94.179.109.66 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.179.109.66"; classtype:trojan-activity; sid:37887241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.156.80.60 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.80.60"; classtype:trojan-activity; sid:37887251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.203.19.236 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.19.236"; classtype:trojan-activity; sid:37887261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.14.22 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.14.22"; classtype:trojan-activity; sid:37887271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.169.224 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.169.224"; classtype:trojan-activity; sid:37887281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 164.92.224.40 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.224.40"; classtype:trojan-activity; sid:37887291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.186.17 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.186.17"; classtype:trojan-activity; sid:37887301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.148.43.133 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.148.43.133"; classtype:trojan-activity; sid:37887311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 107.173.179.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.179.195"; classtype:trojan-activity; sid:37887321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 84.39.252.141 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.39.252.141"; classtype:trojan-activity; sid:37887331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.235.218 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.235.218"; classtype:trojan-activity; sid:37887341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27195 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//ssjcw.com.w.kunlunpi.com/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"ssjcw.com.w.kunlunpi.com"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Domain ssjcw.com.w.kunlunpi.com"; dns.query; content:"ssjcw.com.w.kunlunpi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ssjcw\.com\.w\.kunlunpi\.com$/i"; classtype:trojan-activity; sid:37867811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing HTTP Domain ssjcw.com.w.kunlunpi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ssjcw.com.w.kunlunpi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ssjcw\.com\.w\.kunlunpi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37867812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 101.32.247.33 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.247.33"; classtype:trojan-activity; sid:37887351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> 79.124.40.106 81 (msg: "MISP e27195 [CobaltStrike,cs-watermark-987654321,Tamatiya EOOD] Outgoing URL http|3a|//79.124.40.106|3a|81/cm"; flow:to_server,established; http.header; content:"79.124.40.106"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 164.90.182.73 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.182.73"; classtype:trojan-activity; sid:37887361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> 159.223.220.165 $HTTP_PORTS (msg: "MISP e27195 [CobaltStrike,cs-watermark-1727139162,DIGITALOCEAN-ASN] Outgoing URL http|3a|//159.223.220.165/owa/"; flow:to_server,established; http.header; content:"159.223.220.165"; fast_pattern; nocase; http.uri; content:"/owa/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 64.23.177.48 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.177.48"; classtype:trojan-activity; sid:37887371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e27195 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.110.130|3a|808/dot.gif"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> 154.8.157.205 8999 (msg: "MISP e27195 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//154.8.157.205|3a|8999/j.ad"; flow:to_server,established; http.header; content:"154.8.157.205"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> 175.24.130.231 9000 (msg: "MISP e27195 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//175.24.130.231|3a|9000/load"; flow:to_server,established; http.header; content:"175.24.130.231"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 43.159.149.240 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.149.240"; classtype:trojan-activity; sid:37887381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.44.250.150 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.44.250.150"; classtype:trojan-activity; sid:37887391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.53.66.110 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.66.110"; classtype:trojan-activity; sid:37887401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.154.68 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.154.68"; classtype:trojan-activity; sid:37887411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.139.225.166 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.139.225.166"; classtype:trojan-activity; sid:37887421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 124.223.215.119 443 (msg: "MISP e27195 [Havoc,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 124.223.215.119|443"; classtype:trojan-activity; sid:37867901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 119.202.128.28 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.202.128.28"; classtype:trojan-activity; sid:37887431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 154.221.25.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.221.25.195"; classtype:trojan-activity; sid:37887441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.203.79.94 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.79.94"; classtype:trojan-activity; sid:37887451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.162.117 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.162.117"; classtype:trojan-activity; sid:37887461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 165.22.196.191 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.196.191"; classtype:trojan-activity; sid:37887471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27204 [] Source Email Address: ann@pobox.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"ann@pobox.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37869711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27204;) alert ip $HOME_NET any -> 129.213.191.121 any (msg: "MISP e27204 [] Outgoing To IP: 129.213.191.121"; classtype:trojan-activity; sid:37869721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27204;) alert dns any any -> any any (msg: "MISP e27204 [] Domain sithchibb.com"; dns.query; content:"sithchibb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sithchibb\.com$/i"; classtype:trojan-activity; sid:37869751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27204;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27204 [] Outgoing HTTP Domain sithchibb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sithchibb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sithchibb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37869752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27204;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27246 [] Source Email Address: relation.clients@credit-agricole-ca.fr"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"relation.clients@credit-agricole-ca.fr"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37889461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27246;) alert dns any any -> any any (msg: "MISP e27246 [] Domain fvfdc-e59c95.ingress-daribow.ewp.live"; dns.query; content:"fvfdc-e59c95.ingress-daribow.ewp.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])fvfdc\-e59c95\.ingress\-daribow\.ewp\.live$/i"; classtype:trojan-activity; sid:37889501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27246;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27246 [] Outgoing HTTP Domain fvfdc-e59c95.ingress-daribow.ewp.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fvfdc-e59c95.ingress-daribow.ewp.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fvfdc\-e59c95\.ingress\-daribow\.ewp\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37889502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27246;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27237 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"b4d4d7e4670d78d942ba4c4ad946fbbf17a3a41ae469f4c498265fda9fca0ecc|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37889331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27237;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27237 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"d09246394740ef99b250c99bc232890fe22b2c301d518344c1799bfd0d67f44c|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37889341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27237;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27257 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"bd651a75f90596de7ae567fa35ef789b76f6d1368c21ac48f7c0fc23985cbee7|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37889751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27257;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27257 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"d09246394740ef99b250c99bc232890fe22b2c301d518344c1799bfd0d67f44c|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37889761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27257;) alert ip 96.44.153.173 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.44.153.173"; classtype:trojan-activity; sid:37887481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.79.37.82 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.79.37.82"; classtype:trojan-activity; sid:37887491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 218.70.106.202 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.70.106.202"; classtype:trojan-activity; sid:37887501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 8.210.67.251 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.210.67.251"; classtype:trojan-activity; sid:37887511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.134.112.4 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.112.4"; classtype:trojan-activity; sid:37887521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.106.152.162 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.152.162"; classtype:trojan-activity; sid:37887531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 161.35.108.241 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.35.108.241"; classtype:trojan-activity; sid:37887541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.44.237.68 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.44.237.68"; classtype:trojan-activity; sid:37887551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.32.240.56 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.240.56"; classtype:trojan-activity; sid:37887561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 94.125.165.89 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.125.165.89"; classtype:trojan-activity; sid:37887571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 220.169.107.60 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.169.107.60"; classtype:trojan-activity; sid:37887581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 77.37.168.42 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.37.168.42"; classtype:trojan-activity; sid:37887591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 122.152.225.94 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.152.225.94"; classtype:trojan-activity; sid:37887601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 68.183.10.68 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.10.68"; classtype:trojan-activity; sid:37887611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.43.32.155 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.32.155"; classtype:trojan-activity; sid:37887621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.155.161.230 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.161.230"; classtype:trojan-activity; sid:37887631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.132.206.113 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.206.113"; classtype:trojan-activity; sid:37887641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.103.35.129 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.35.129"; classtype:trojan-activity; sid:37887651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 217.234.167.178 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.234.167.178"; classtype:trojan-activity; sid:37887661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 95.78.254.210 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.78.254.210"; classtype:trojan-activity; sid:37887671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> 89.23.98.146 $HTTP_PORTS (msg: "MISP e27195 [dcrat] Outgoing URL http|3a|//89.23.98.146/linux/lineupdateprocessordefaultdleprivate.php"; flow:to_server,established; http.header; content:"89.23.98.146"; fast_pattern; nocase; http.uri; content:"/linux/lineupdateprocessordefaultdleprivate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 150.109.255.189 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.255.189"; classtype:trojan-activity; sid:37887681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.21.99.227 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.21.99.227"; classtype:trojan-activity; sid:37887691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 183.82.3.219 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.82.3.219"; classtype:trojan-activity; sid:37887701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 176.10.98.242 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.10.98.242"; classtype:trojan-activity; sid:37887711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 84.201.143.26 80 (msg: "MISP e27195 [Hookbot Pegasus,YANDEXCLOUD] Outgoing To IP: 84.201.143.26|80"; classtype:trojan-activity; sid:37867921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 62.217.179.132 80 (msg: "MISP e27195 [BEGET-AS,Hookbot Pegasus] Outgoing To IP: 62.217.179.132|80"; classtype:trojan-activity; sid:37867931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 87.120.84.190 80 (msg: "MISP e27195 [Hookbot Pegasus,UNKNOW] Outgoing To IP: 87.120.84.190|80"; classtype:trojan-activity; sid:37867941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 99.43.134.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 99.43.134.195"; classtype:trojan-activity; sid:37887721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 62.109.15.31 80 (msg: "MISP e27195 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 62.109.15.31|80"; classtype:trojan-activity; sid:37867951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 178.250.156.165 80 (msg: "MISP e27195 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 178.250.156.165|80"; classtype:trojan-activity; sid:37867961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 104.250.50.210 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.210"; classtype:trojan-activity; sid:37887731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 108.181.0.232 58049 (msg: "MISP e27195 [AS40676,Bianlian Go Trojan] Outgoing To IP: 108.181.0.232|58049"; classtype:trojan-activity; sid:37867971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 59.17.44.48 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.17.44.48"; classtype:trojan-activity; sid:37887741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 186.96.151.198 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.96.151.198"; classtype:trojan-activity; sid:37887751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.10.44.3 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.10.44.3"; classtype:trojan-activity; sid:37887761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 181.174.224.99 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.174.224.99"; classtype:trojan-activity; sid:37887771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 2.88.198.236 443 (msg: "MISP e27195 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 2.88.198.236|443"; classtype:trojan-activity; sid:37867981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 39.40.128.22 995 (msg: "MISP e27195 [PKTELECOM-AS-PK Pakistan Telecommunication Company Limited,QakBot] Outgoing To IP: 39.40.128.22|995"; classtype:trojan-activity; sid:37867991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 172.174.236.21 1337 (msg: "MISP e27195 [dcrat,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 172.174.236.21|1337"; classtype:trojan-activity; sid:37868001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 89.185.85.207 80 (msg: "MISP e27195 [AEZA-AS,Meduza Stealer] Outgoing To IP: 89.185.85.207|80"; classtype:trojan-activity; sid:37868011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 170.64.135.254 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.135.254"; classtype:trojan-activity; sid:37887781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.153.68.200 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.68.200"; classtype:trojan-activity; sid:37887791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 180.76.144.128 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.144.128"; classtype:trojan-activity; sid:37887801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 200.45.187.68 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.45.187.68"; classtype:trojan-activity; sid:37887811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 183.47.14.74 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.47.14.74"; classtype:trojan-activity; sid:37887821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> 118.24.128.204 8086 (msg: "MISP e27195 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//118.24.128.204|3a|8086/dpixel"; flow:to_server,established; http.header; content:"118.24.128.204"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37868021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> 121.43.62.136 5000 (msg: "MISP e27195 [CobaltStrike,cs-watermark-1234567890,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//121.43.62.136|3a|5000/load"; flow:to_server,established; http.header; content:"121.43.62.136"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37868031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> 111.231.74.147 808 (msg: "MISP e27195 [CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//111.231.74.147|3a|808/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"111.231.74.147"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37868041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> 45.76.196.30 9999 (msg: "MISP e27195 [CobaltStrike,cs-watermark-987654321,The Constant Company LLC] Outgoing URL http|3a|//45.76.196.30|3a|9999/dot.gif"; flow:to_server,established; http.header; content:"45.76.196.30"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37868051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> 106.52.244.189 8000 (msg: "MISP e27195 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//106.52.244.189|3a|8000/visit.js"; flow:to_server,established; http.header; content:"106.52.244.189"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37868061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 14.103.39.57 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.39.57"; classtype:trojan-activity; sid:37887831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 167.172.75.217 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.75.217"; classtype:trojan-activity; sid:37887841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 1drop.from-wv.com"; dns.query; content:"1drop.from-wv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])1drop\.from\-wv\.com$/i"; classtype:trojan-activity; sid:38179351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 1drop.from-wv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"1drop.from-wv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])1drop\.from\-wv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179352; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip 217.182.73.127 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.182.73.127"; classtype:trojan-activity; sid:37887851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.196.244 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.196.244"; classtype:trojan-activity; sid:37887861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27195 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Domain dns.trailcosolutions.com"; dns.query; content:"dns.trailcosolutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.trailcosolutions\.com$/i"; classtype:trojan-activity; sid:37868071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing HTTP Domain dns.trailcosolutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.trailcosolutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.trailcosolutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 78.141.217.186 53 (msg: "MISP e27195 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing To IP: 78.141.217.186|53"; classtype:trojan-activity; sid:37868081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 159.223.220.165 53 (msg: "MISP e27195 [CobaltStrike,cs-watermark-1727139162,DIGITALOCEAN-ASN] Outgoing To IP: 159.223.220.165|53"; classtype:trojan-activity; sid:37868091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [CobaltStrike,cs-watermark-509597423,DigitalOcean LLC] Domain assets.samfund.co"; dns.query; content:"assets.samfund.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])assets\.samfund\.co$/i"; classtype:trojan-activity; sid:37868101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [CobaltStrike,cs-watermark-509597423,DigitalOcean LLC] Outgoing HTTP Domain assets.samfund.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"assets.samfund.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])assets\.samfund\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 159.223.86.140 53 (msg: "MISP e27195 [CobaltStrike,cs-watermark-509597423,DigitalOcean LLC] Outgoing To IP: 159.223.86.140|53"; classtype:trojan-activity; sid:37868111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 119.23.251.77 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.23.251.77"; classtype:trojan-activity; sid:37887871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27253 [] Outgoing URL http|3a|//seriesandtv.com/?wptouch_switch=desktop&redirect=https|3a|//pi052e.com/onedrivedoc/doc.html#cert@cert.si"; flow:to_server,established; http.header; content:"seriesandtv.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37889591; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27253;) alert ip 183.131.22.164 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.131.22.164"; classtype:trojan-activity; sid:37887881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.133.33.168 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.33.168"; classtype:trojan-activity; sid:37887891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.161.248.184 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.161.248.184"; classtype:trojan-activity; sid:37887901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 2.83.61.37 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.83.61.37"; classtype:trojan-activity; sid:37887911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 219.150.93.157 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.150.93.157"; classtype:trojan-activity; sid:37887921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 115.23.23.90 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.23.23.90"; classtype:trojan-activity; sid:37887931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 13.57.203.94 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.57.203.94"; classtype:trojan-activity; sid:37887941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.169.156.205 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.169.156.205"; classtype:trojan-activity; sid:37887951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.230.97.51 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.230.97.51"; classtype:trojan-activity; sid:37887961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 46.183.223.64 22364 (msg: "MISP e27195 [Adwind] Outgoing To IP: 46.183.223.64|22364"; classtype:trojan-activity; sid:37868121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 14.103.34.64 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.34.64"; classtype:trojan-activity; sid:37887971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 129.151.231.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.151.231.5"; classtype:trojan-activity; sid:37887981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.106.105.245 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.105.245"; classtype:trojan-activity; sid:37887991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 171.244.37.96 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.244.37.96"; classtype:trojan-activity; sid:37888001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 47.200.113.85 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.200.113.85"; classtype:trojan-activity; sid:37888011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 38.41.24.36 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.41.24.36"; classtype:trojan-activity; sid:37888021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 45.55.132.185 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.55.132.185"; classtype:trojan-activity; sid:37888031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.136.118.68 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.118.68"; classtype:trojan-activity; sid:37888041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 116.39.142.26 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.39.142.26"; classtype:trojan-activity; sid:37888051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.227.248.232 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.227.248.232"; classtype:trojan-activity; sid:37888061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 152.42.160.179 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.42.160.179"; classtype:trojan-activity; sid:37888071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.128.239 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.128.239"; classtype:trojan-activity; sid:37888081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27195 [AMAZON-AES,AS14618,c2,censys] Domain ec2-3-91-59-255.compute-1.amazonaws.com"; dns.query; content:"ec2-3-91-59-255.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-91\-59\-255\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37868131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AMAZON-AES,AS14618,c2,censys] Outgoing HTTP Domain ec2-3-91-59-255.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-91-59-255.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-91\-59\-255\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS208046,c2,censys] Domain dyn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"dyn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])dyn\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37868141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS208046,c2,censys] Outgoing HTTP Domain dyn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dyn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dyn\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS-COLOCROSSING,AS36352,c2,censys] Domain practical-black.104-168-102-175.plesk.page"; dns.query; content:"practical-black.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])practical\-black\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37868151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain practical-black.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"practical-black.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])practical\-black\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS208046,c2,censys] Domain www.dirapushka.com"; dns.query; content:"www.dirapushka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.dirapushka\.com$/i"; classtype:trojan-activity; sid:37868161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS208046,c2,censys] Outgoing HTTP Domain www.dirapushka.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.dirapushka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.dirapushka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 52.190.15.163 80 (msg: "MISP e27195 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 52.190.15.163|80"; classtype:trojan-activity; sid:37868171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS9009,c2,censys,M247] Domain fairyfoxgames.com"; dns.query; content:"fairyfoxgames.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fairyfoxgames\.com$/i"; classtype:trojan-activity; sid:37868181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS9009,c2,censys,M247] Outgoing HTTP Domain fairyfoxgames.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fairyfoxgames.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fairyfoxgames\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain 167-71-186-178.ipv4.staticdns3.io"; dns.query; content:"167-71-186-178.ipv4.staticdns3.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])167\-71\-186\-178\.ipv4\.staticdns3\.io$/i"; classtype:trojan-activity; sid:37868191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain 167-71-186-178.ipv4.staticdns3.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"167-71-186-178.ipv4.staticdns3.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])167\-71\-186\-178\.ipv4\.staticdns3\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.practical-black.104-168-102-175.plesk.page"; dns.query; content:"www.practical-black.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.practical\-black\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37868201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.practical-black.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.practical-black.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.practical\-black\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 114.116.224.74 8888 (msg: "MISP e27195 [AS55990,c2,censys] Outgoing To IP: 114.116.224.74|8888"; classtype:trojan-activity; sid:37868211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS208046,c2,censys] Domain rns.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"rns.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])rns\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37868221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS208046,c2,censys] Outgoing HTTP Domain rns.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rns.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rns\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS-COLOCROSSING,AS36352,c2,censys] Domain distracted-cannon.104-168-102-175.plesk.page"; dns.query; content:"distracted-cannon.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])distracted\-cannon\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37868231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain distracted-cannon.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"distracted-cannon.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])distracted\-cannon\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 91.245.253.85 443 (msg: "MISP e27195 [AS9009,c2,censys,M247] Outgoing To IP: 91.245.253.85|443"; classtype:trojan-activity; sid:37868241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 122.51.118.39 81 (msg: "MISP e27195 [AS45090,c2,censys] Outgoing To IP: 122.51.118.39|81"; classtype:trojan-activity; sid:37868251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 3.75.210.134 443 (msg: "MISP e27195 [AMAZON-02,AS16509,c2,censys] Outgoing To IP: 3.75.210.134|443"; classtype:trojan-activity; sid:37868261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 1.14.64.150 80 (msg: "MISP e27195 [AS45090,c2,censys] Outgoing To IP: 1.14.64.150|80"; classtype:trojan-activity; sid:37868271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 150.158.137.47 4433 (msg: "MISP e27195 [AS45090,c2,censys] Outgoing To IP: 150.158.137.47|4433"; classtype:trojan-activity; sid:37868281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 185.11.61.168 80 (msg: "MISP e27195 [AS57523,c2,censys,CHANGWAY-AS] Outgoing To IP: 185.11.61.168|80"; classtype:trojan-activity; sid:37868291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 185.11.61.168 443 (msg: "MISP e27195 [AS57523,c2,censys,CHANGWAY-AS] Outgoing To IP: 185.11.61.168|443"; classtype:trojan-activity; sid:37868301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 143.110.176.113 443 (msg: "MISP e27195 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 143.110.176.113|443"; classtype:trojan-activity; sid:37868311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 106.52.244.189 8000 (msg: "MISP e27195 [AS45090,c2,censys] Outgoing To IP: 106.52.244.189|8000"; classtype:trojan-activity; sid:37868321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 47.98.168.171 80 (msg: "MISP e27195 [AS37963,c2,censys] Outgoing To IP: 47.98.168.171|80"; classtype:trojan-activity; sid:37868331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 119.28.105.239 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.28.105.239"; classtype:trojan-activity; sid:37888091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 124.222.51.98 60081 (msg: "MISP e27195 [AS45090,c2,censys] Outgoing To IP: 124.222.51.98|60081"; classtype:trojan-activity; sid:37868341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 62.234.32.192 8085 (msg: "MISP e27195 [AS45090,c2,censys] Outgoing To IP: 62.234.32.192|8085"; classtype:trojan-activity; sid:37868351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 120.27.131.3 80 (msg: "MISP e27195 [AS37963,c2,censys] Outgoing To IP: 120.27.131.3|80"; classtype:trojan-activity; sid:37868361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 218.93.206.191 8443 (msg: "MISP e27195 [AS4134,c2,censys] Outgoing To IP: 218.93.206.191|8443"; classtype:trojan-activity; sid:37868371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 23.224.176.9 443 (msg: "MISP e27195 [AS40065,c2,censys,CNSERVERS] Outgoing To IP: 23.224.176.9|443"; classtype:trojan-activity; sid:37868381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 1.14.69.16 2096 (msg: "MISP e27195 [AS45090,c2,censys] Outgoing To IP: 1.14.69.16|2096"; classtype:trojan-activity; sid:37868391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 1.14.69.16 8080 (msg: "MISP e27195 [AS45090,c2,censys] Outgoing To IP: 1.14.69.16|8080"; classtype:trojan-activity; sid:37868401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 1.14.69.16 8880 (msg: "MISP e27195 [AS45090,c2,censys] Outgoing To IP: 1.14.69.16|8880"; classtype:trojan-activity; sid:37868411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 124.156.162.162 8888 (msg: "MISP e27195 [AS132203,c2,censys] Outgoing To IP: 124.156.162.162|8888"; classtype:trojan-activity; sid:37868421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 105.102.242.10 6001 (msg: "MISP e27195 [ALGTEL-AS,AS36947,c2,censys] Outgoing To IP: 105.102.242.10|6001"; classtype:trojan-activity; sid:37868431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 18.197.239.5 15443 (msg: "MISP e27195 [AMAZON-02,AS16509,c2,censys] Outgoing To IP: 18.197.239.5|15443"; classtype:trojan-activity; sid:37868441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 187.135.83.7 1962 (msg: "MISP e27195 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.7|1962"; classtype:trojan-activity; sid:37868451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 187.135.83.7 2053 (msg: "MISP e27195 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.7|2053"; classtype:trojan-activity; sid:37868461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 187.135.83.7 2083 (msg: "MISP e27195 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.7|2083"; classtype:trojan-activity; sid:37868471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 187.135.83.7 2086 (msg: "MISP e27195 [AS8151,c2,censys,UNINET] Outgoing To IP: 187.135.83.7|2086"; classtype:trojan-activity; sid:37868481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 23.227.194.232 31337 (msg: "MISP e27195 [AS29802,c2,censys,HVC-AS] Outgoing To IP: 23.227.194.232|31337"; classtype:trojan-activity; sid:37868491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 206.123.132.164 2000 (msg: "MISP e27195 [AS212238,c2,CDNEXT,censys,RAT] Outgoing To IP: 206.123.132.164|2000"; classtype:trojan-activity; sid:37868501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 114.36.107.74 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.36.107.74"; classtype:trojan-activity; sid:37888101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 178.73.192.17 2000 (msg: "MISP e27195 [AS42708,c2,censys,RAT] Outgoing To IP: 178.73.192.17|2000"; classtype:trojan-activity; sid:37868511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 128.90.113.56 9999 (msg: "MISP e27195 [AS40861,c2,censys,PARAD-40-ASN,RAT] Outgoing To IP: 128.90.113.56|9999"; classtype:trojan-activity; sid:37868521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 191.88.250.63 4210 (msg: "MISP e27195 [AS27831,c2,censys,RAT] Outgoing To IP: 191.88.250.63|4210"; classtype:trojan-activity; sid:37868531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 172.111.148.61 222 (msg: "MISP e27195 [AS9009,c2,censys,M247,RAT] Outgoing To IP: 172.111.148.61|222"; classtype:trojan-activity; sid:37868541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 45.134.83.165 6606 (msg: "MISP e27195 [AS6134,c2,censys,RAT,XNNET] Outgoing To IP: 45.134.83.165|6606"; classtype:trojan-activity; sid:37868551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 216.250.255.99 6606 (msg: "MISP e27195 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 216.250.255.99|6606"; classtype:trojan-activity; sid:37868561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 151.81.14.228 8080 (msg: "MISP e27195 [AS1267,c2,censys,RAT] Outgoing To IP: 151.81.14.228|8080"; classtype:trojan-activity; sid:37868571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 3.132.184.13 443 (msg: "MISP e27195 [AMAZON-02,AS16509,c2,censys,Mythic] Outgoing To IP: 3.132.184.13|443"; classtype:trojan-activity; sid:37868581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS204428,c2,censys,HookBot,SS-Net] Domain 212-70-149-199.cprapid.com"; dns.query; content:"212-70-149-199.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])212\-70\-149\-199\.cprapid\.com$/i"; classtype:trojan-activity; sid:37868591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS204428,c2,censys,HookBot,SS-Net] Outgoing HTTP Domain 212-70-149-199.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"212-70-149-199.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])212\-70\-149\-199\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Domain cryptobetix.com"; dns.query; content:"cryptobetix.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cryptobetix\.com$/i"; classtype:trojan-activity; sid:37868601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Outgoing HTTP Domain cryptobetix.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cryptobetix.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cryptobetix\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 107.155.112.166 8081 (msg: "MISP e27195 [AS29802,c2,censys,HVC-AS] Outgoing To IP: 107.155.112.166|8081"; classtype:trojan-activity; sid:37868611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 213.183.63.187 8081 (msg: "MISP e27195 [AS56630,c2,censys] Outgoing To IP: 213.183.63.187|8081"; classtype:trojan-activity; sid:37868621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 194.33.191.159 8081 (msg: "MISP e27195 [AS203168,c2,censys,UNKNOW] Outgoing To IP: 194.33.191.159|8081"; classtype:trojan-activity; sid:37868631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 5.144.177.67 6090 (msg: "MISP e27195 [AS44620,c2,censys,RAT,TRES] Outgoing To IP: 5.144.177.67|6090"; classtype:trojan-activity; sid:37868641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 223.155.16.116 23333 (msg: "MISP e27195 [AS4134,c2,censys,RAT] Outgoing To IP: 223.155.16.116|23333"; classtype:trojan-activity; sid:37868651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 68.183.232.239 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.232.239"; classtype:trojan-activity; sid:37888111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27195 [AS29802,c2,censys,HVC-AS] Domain 23-227-193-214.static.hvvc.us"; dns.query; content:"23-227-193-214.static.hvvc.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])23\-227\-193\-214\.static\.hvvc\.us$/i"; classtype:trojan-activity; sid:37868661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS29802,c2,censys,HVC-AS] Outgoing HTTP Domain 23-227-193-214.static.hvvc.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"23-227-193-214.static.hvvc.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])23\-227\-193\-214\.static\.hvvc\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AMAZON-AES,AS14618,c2,censys] Domain ec2-3-84-126-255.compute-1.amazonaws.com"; dns.query; content:"ec2-3-84-126-255.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-84\-126\-255\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37868671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AMAZON-AES,AS14618,c2,censys] Outgoing HTTP Domain ec2-3-84-126-255.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-84-126-255.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-84\-126\-255\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [ALEXHOST,AS200019,c2,censys] Domain bignas.shop"; dns.query; content:"bignas.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])bignas\.shop$/i"; classtype:trojan-activity; sid:37868681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [ALEXHOST,AS200019,c2,censys] Outgoing HTTP Domain bignas.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bignas.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bignas\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain cardiochallenge.at"; dns.query; content:"cardiochallenge.at"; nocase; pcre: "/(^|[^A-Za-z0-9-])cardiochallenge\.at$/i"; classtype:trojan-activity; sid:37868691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain cardiochallenge.at"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cardiochallenge.at"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cardiochallenge\.at[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS133800,c2,censys,L3MON] Domain lemon.haryadi.my.id"; dns.query; content:"lemon.haryadi.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])lemon\.haryadi\.my\.id$/i"; classtype:trojan-activity; sid:37868701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS133800,c2,censys,L3MON] Outgoing HTTP Domain lemon.haryadi.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lemon.haryadi.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lemon\.haryadi\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 188.27.189.235 8080 (msg: "MISP e27195 [AS8708,c2,censys,RAT] Outgoing To IP: 188.27.189.235|8080"; classtype:trojan-activity; sid:37868711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 20.251.169.136 80 (msg: "MISP e27195 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.251.169.136|80"; classtype:trojan-activity; sid:37868721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 20.82.182.10 8080 (msg: "MISP e27195 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.82.182.10|8080"; classtype:trojan-activity; sid:37868731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 20.65.178.69 80 (msg: "MISP e27195 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.65.178.69|80"; classtype:trojan-activity; sid:37868741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 193.222.96.238 80 (msg: "MISP e27195 [AS203168,c2,censys,UNKNOW] Outgoing To IP: 193.222.96.238|80"; classtype:trojan-activity; sid:37868751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 154.8.204.75 58082 (msg: "MISP e27195 [AS45090,c2,censys,Vshell] Outgoing To IP: 154.8.204.75|58082"; classtype:trojan-activity; sid:37868761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AEZA-AS,AS210644,c2,censys,stealer] Domain mg.inspirestudiosteam.com"; dns.query; content:"mg.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mg\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37868771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AEZA-AS,AS210644,c2,censys,stealer] Outgoing HTTP Domain mg.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mg.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mg\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AEZA-AS,AS210644,c2,censys,stealer] Domain cpcalendars.inspirestudiosteam.com"; dns.query; content:"cpcalendars.inspirestudiosteam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cpcalendars\.inspirestudiosteam\.com$/i"; classtype:trojan-activity; sid:37868781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AEZA-AS,AS210644,c2,censys,stealer] Outgoing HTTP Domain cpcalendars.inspirestudiosteam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cpcalendars.inspirestudiosteam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cpcalendars\.inspirestudiosteam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-34-230-177-18.compute-1.amazonaws.com"; dns.query; content:"ec2-34-230-177-18.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-230\-177\-18\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37868791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-34-230-177-18.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-34-230-177-18.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-230\-177\-18\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Domain gfdjlgkdjfgkdfjgkml.top"; dns.query; content:"gfdjlgkdjfgkdfjgkml.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])gfdjlgkdjfgkdfjgkml\.top$/i"; classtype:trojan-activity; sid:37868801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Outgoing HTTP Domain gfdjlgkdjfgkdfjgkml.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gfdjlgkdjfgkdfjgkml.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gfdjlgkdjfgkdfjgkml\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS6724,c2,censys,UNAM] Domain trustabletechsupport.com"; dns.query; content:"trustabletechsupport.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])trustabletechsupport\.com$/i"; classtype:trojan-activity; sid:37868811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS6724,c2,censys,UNAM] Outgoing HTTP Domain trustabletechsupport.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trustabletechsupport.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trustabletechsupport\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 150.158.137.47 443 (msg: "MISP e27195 [AS45090,c2,censys,RedGuard] Outgoing To IP: 150.158.137.47|443"; classtype:trojan-activity; sid:37868821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 154.201.66.219 60000 (msg: "MISP e27195 [AS142032,censys,Viper] Outgoing To IP: 154.201.66.219|60000"; classtype:trojan-activity; sid:37868831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 49.51.68.151 60000 (msg: "MISP e27195 [AS132203,censys,Viper] Outgoing To IP: 49.51.68.151|60000"; classtype:trojan-activity; sid:37868841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 1.117.229.230 60000 (msg: "MISP e27195 [AS45090,censys,Viper] Outgoing To IP: 1.117.229.230|60000"; classtype:trojan-activity; sid:37868851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27195 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain ssl.deenpel.com"; dns.query; content:"ssl.deenpel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ssl\.deenpel\.com$/i"; classtype:trojan-activity; sid:37868861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27195 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain ssl.deenpel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ssl.deenpel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ssl\.deenpel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37868862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 34.101.73.141 3333 (msg: "MISP e27195 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.101.73.141|3333"; classtype:trojan-activity; sid:37868871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 135.181.16.103 3333 (msg: "MISP e27195 [AS24940,censys,GoPhish,HETZNER-AS,phishing] Outgoing To IP: 135.181.16.103|3333"; classtype:trojan-activity; sid:37868881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 124.220.97.65 3333 (msg: "MISP e27195 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 124.220.97.65|3333"; classtype:trojan-activity; sid:37868891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 37.251.160.104 54043 (msg: "MISP e27195 [AS34358,censys,GoPhish,H88_WEB_HOSTING_DC_FLO,phishing] Outgoing To IP: 37.251.160.104|54043"; classtype:trojan-activity; sid:37868901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 123.60.185.117 8443 (msg: "MISP e27195 [AS55990,censys,GoPhish,phishing] Outgoing To IP: 123.60.185.117|8443"; classtype:trojan-activity; sid:37868911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 170.64.213.114 443 (msg: "MISP e27195 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 170.64.213.114|443"; classtype:trojan-activity; sid:37868921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 159.138.58.51 8888 (msg: "MISP e27195 [AS136907,censys,GoPhish,phishing] Outgoing To IP: 159.138.58.51|8888"; classtype:trojan-activity; sid:37868931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 124.71.205.116 13333 (msg: "MISP e27195 [AS55990,censys,GoPhish,phishing] Outgoing To IP: 124.71.205.116|13333"; classtype:trojan-activity; sid:37868941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 213.171.15.75 3333 (msg: "MISP e27195 [ADMAN-AS,AS57494,censys,GoPhish,phishing] Outgoing To IP: 213.171.15.75|3333"; classtype:trojan-activity; sid:37868951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 172.201.219.183 3333 (msg: "MISP e27195 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 172.201.219.183|3333"; classtype:trojan-activity; sid:37868961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 3.65.151.202 80 (msg: "MISP e27195 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.65.151.202|80"; classtype:trojan-activity; sid:37868971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 185.43.221.137 3333 (msg: "MISP e27195 [AS59939,censys,GoPhish,phishing,WIBO-AS] Outgoing To IP: 185.43.221.137|3333"; classtype:trojan-activity; sid:37868981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 185.43.222.193 3333 (msg: "MISP e27195 [AS59939,censys,GoPhish,phishing,WIBO-AS] Outgoing To IP: 185.43.222.193|3333"; classtype:trojan-activity; sid:37868991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 123.206.115.56 9999 (msg: "MISP e27195 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 123.206.115.56|9999"; classtype:trojan-activity; sid:37869001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 143.110.247.233 8008 (msg: "MISP e27195 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 143.110.247.233|8008"; classtype:trojan-activity; sid:37869011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 45.32.7.25 3333 (msg: "MISP e27195 [AS-CHOOPA,AS20473,censys,GoPhish,phishing] Outgoing To IP: 45.32.7.25|3333"; classtype:trojan-activity; sid:37869021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 36.137.186.182 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.186.182"; classtype:trojan-activity; sid:37888121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 186.64.123.164 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.64.123.164"; classtype:trojan-activity; sid:37888131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 176.110.245.202 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.110.245.202"; classtype:trojan-activity; sid:37888141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 118.71.78.237 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.71.78.237"; classtype:trojan-activity; sid:37888151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.206.84 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.206.84"; classtype:trojan-activity; sid:37888161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoesireland.com"; dns.query; content:"dcskateshoesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesireland\.com$/i"; classtype:trojan-activity; sid:38136931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bapeoutletsuomi.com"; dns.query; content:"bapeoutletsuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletsuomi\.com$/i"; classtype:trojan-activity; sid:38136941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bapeoutletsuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bapeoutletsuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletsuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksscarpeitalia.com"; dns.query; content:"clarksscarpeitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksscarpeitalia\.com$/i"; classtype:trojan-activity; sid:38136951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksscarpeitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksscarpeitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksscarpeitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarkssverige-se.com"; dns.query; content:"clarkssverige-se.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkssverige\-se\.com$/i"; classtype:trojan-activity; sid:38136961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarkssverige-se.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarkssverige-se.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkssverige\-se\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoesphilippines.com"; dns.query; content:"dcskateshoesphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesphilippines\.com$/i"; classtype:trojan-activity; sid:38136971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoesphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoesphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoessouthafrica.com"; dns.query; content:"dcskateshoessouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoessouthafrica\.com$/i"; classtype:trojan-activity; sid:38136981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoessouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoessouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoessouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyfranceoutlet.com"; dns.query; content:"dknyfranceoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyfranceoutlet\.com$/i"; classtype:trojan-activity; sid:38136991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyfranceoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyfranceoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyfranceoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38136992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyportugaloutlet.com"; dns.query; content:"dknyportugaloutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyportugaloutlet\.com$/i"; classtype:trojan-activity; sid:38137001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyportugaloutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyportugaloutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyportugaloutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27189 [] Domain www-tarjetacencosud-cl.slcomerciodevidros.com.br"; dns.query; content:"www-tarjetacencosud-cl.slcomerciodevidros.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-tarjetacencosud\-cl\.slcomerciodevidros\.com\.br$/i"; classtype:trojan-activity; sid:37866921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27189;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27189 [] Outgoing HTTP Domain www-tarjetacencosud-cl.slcomerciodevidros.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www-tarjetacencosud-cl.slcomerciodevidros.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\-tarjetacencosud\-cl\.slcomerciodevidros\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37866922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27189;) alert ip 190.13.130.34 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.13.130.34"; classtype:trojan-activity; sid:37888171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 181.212.81.229 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.212.81.229"; classtype:trojan-activity; sid:37888181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 51.255.51.97 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.255.51.97"; classtype:trojan-activity; sid:37888191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 112.185.18.150 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.185.18.150"; classtype:trojan-activity; sid:37888201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.163.208.88 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.208.88"; classtype:trojan-activity; sid:37888211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.83.183.243 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.83.183.243"; classtype:trojan-activity; sid:37888221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 90.170.83.22 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.170.83.22"; classtype:trojan-activity; sid:37888231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 97.74.83.185 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 97.74.83.185"; classtype:trojan-activity; sid:37888241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 167.172.85.5 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.85.5"; classtype:trojan-activity; sid:37888251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.135.176.202 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.176.202"; classtype:trojan-activity; sid:37888261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> 118.89.124.242 1234 (msg: "MISP e27195 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//118.89.124.242|3a|1234/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"118.89.124.242"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37869031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> 118.89.124.242 2121 (msg: "MISP e27195 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//118.89.124.242|3a|2121/__utm.gif"; flow:to_server,established; http.header; content:"118.89.124.242"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37869061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 164.92.134.187 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.134.187"; classtype:trojan-activity; sid:37888271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 78.67.38.162 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.67.38.162"; classtype:trojan-activity; sid:37888281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 178.79.108.163 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.79.108.163"; classtype:trojan-activity; sid:37888291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.96.221.147 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.221.147"; classtype:trojan-activity; sid:37888301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 143.47.37.197 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.47.37.197"; classtype:trojan-activity; sid:37888311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.222.51.236 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.51.236"; classtype:trojan-activity; sid:37888321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27213 [] Source Email Address: contact.beckybell@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"contact.beckybell@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37869941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27213;) alert ip 94.131.102.134 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.131.102.134"; classtype:trojan-activity; sid:37888331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.201.194.213 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.201.194.213"; classtype:trojan-activity; sid:37888341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 84.0.255.85 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.0.255.85"; classtype:trojan-activity; sid:37888351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 12.156.67.18 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 12.156.67.18"; classtype:trojan-activity; sid:37888361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 125.164.5.149 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.164.5.149"; classtype:trojan-activity; sid:37888371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 219.147.125.118 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.147.125.118"; classtype:trojan-activity; sid:37888381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 171.251.25.160 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.251.25.160"; classtype:trojan-activity; sid:37888391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 175.206.107.100 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.206.107.100"; classtype:trojan-activity; sid:37888401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 151.177.15.89 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.177.15.89"; classtype:trojan-activity; sid:37888411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 54.177.27.232 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.177.27.232"; classtype:trojan-activity; sid:37888421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e24600 [] Domain etisalatae.space"; dns.query; content:"etisalatae.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])etisalatae\.space$/i"; classtype:trojan-activity; sid:38179391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain etisalatae.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"etisalatae.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])etisalatae\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179392; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip 124.222.159.25 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.159.25"; classtype:trojan-activity; sid:37888431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 183.136.223.145 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.136.223.145"; classtype:trojan-activity; sid:37888441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 192.250.198.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.250.198.2"; classtype:trojan-activity; sid:37888451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 36.139.5.159 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.139.5.159"; classtype:trojan-activity; sid:37888461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 93.121.177.72 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.121.177.72"; classtype:trojan-activity; sid:37888471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 186.224.22.90 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.224.22.90"; classtype:trojan-activity; sid:37888481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 158.178.232.193 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.178.232.193"; classtype:trojan-activity; sid:37888491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.138.16.187 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.16.187"; classtype:trojan-activity; sid:37888501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 89.185.85.151 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.185.85.151"; classtype:trojan-activity; sid:37888511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27238 [] Domain lhv-ee.unipronetwork.com.br"; dns.query; content:"lhv-ee.unipronetwork.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])lhv\-ee\.unipronetwork\.com\.br$/i"; classtype:trojan-activity; sid:37889351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27238;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27238 [] Outgoing HTTP Domain lhv-ee.unipronetwork.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lhv-ee.unipronetwork.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lhv\-ee\.unipronetwork\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37889352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27238;) alert ip 111.123.59.36 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.123.59.36"; classtype:trojan-activity; sid:37888521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 177.191.161.218 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.191.161.218"; classtype:trojan-activity; sid:37888531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 182.42.27.129 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.42.27.129"; classtype:trojan-activity; sid:37888541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 87.107.188.186 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.107.188.186"; classtype:trojan-activity; sid:37888551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 137.184.229.130 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.229.130"; classtype:trojan-activity; sid:37888561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 111.230.246.33 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.246.33"; classtype:trojan-activity; sid:37888571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 113.88.14.208 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.88.14.208"; classtype:trojan-activity; sid:37888581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 195.204.228.17 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.204.228.17"; classtype:trojan-activity; sid:37888591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 8.222.139.63 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.222.139.63"; classtype:trojan-activity; sid:37888601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 113.141.94.171 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.141.94.171"; classtype:trojan-activity; sid:37888611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 96.78.175.45 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.78.175.45"; classtype:trojan-activity; sid:37888621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 189.47.76.233 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.47.76.233"; classtype:trojan-activity; sid:37888631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.197.255 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.197.255"; classtype:trojan-activity; sid:37888641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 74.81.46.139 44085 (msg: "MISP e27195 [RedLineStealer] Outgoing To IP: 74.81.46.139|44085"; classtype:trojan-activity; sid:37869081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 14.103.35.78 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.35.78"; classtype:trojan-activity; sid:37888651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 194.113.236.177 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.113.236.177"; classtype:trojan-activity; sid:37888661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 222.107.110.168 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.107.110.168"; classtype:trojan-activity; sid:37888671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 42.194.247.28 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.194.247.28"; classtype:trojan-activity; sid:37888681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 210.183.161.61 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.183.161.61"; classtype:trojan-activity; sid:37888691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 158.220.116.248 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.220.116.248"; classtype:trojan-activity; sid:37888701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 210.48.146.14 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.48.146.14"; classtype:trojan-activity; sid:37888711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 184.168.125.143 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.168.125.143"; classtype:trojan-activity; sid:37888721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 91.224.92.97 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.224.92.97"; classtype:trojan-activity; sid:37888731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 14.46.173.248 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.46.173.248"; classtype:trojan-activity; sid:37888741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.252.90.216 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.252.90.216"; classtype:trojan-activity; sid:37888751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 120.53.251.121 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.251.121"; classtype:trojan-activity; sid:37888761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 217.182.253.127 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.182.253.127"; classtype:trojan-activity; sid:37888771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bapeoutletschweiz.com"; dns.query; content:"bapeoutletschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletschweiz\.com$/i"; classtype:trojan-activity; sid:38137011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bapeoutletschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bapeoutletschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksnederlandwinkels.com"; dns.query; content:"clarksnederlandwinkels.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksnederlandwinkels\.com$/i"; classtype:trojan-activity; sid:38137021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksnederlandwinkels.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksnederlandwinkels.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksnederlandwinkels\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksnorgetilbud.com"; dns.query; content:"clarksnorgetilbud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksnorgetilbud\.com$/i"; classtype:trojan-activity; sid:38137031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksnorgetilbud.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksnorgetilbud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksnorgetilbud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoesgreece.com"; dns.query; content:"dcskateshoesgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesgreece\.com$/i"; classtype:trojan-activity; sid:38137041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoesgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoesgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoesindia.com"; dns.query; content:"dcskateshoesindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesindia\.com$/i"; classtype:trojan-activity; sid:38137051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoesindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoesindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoesjapan.com"; dns.query; content:"dcskateshoesjapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesjapan\.com$/i"; classtype:trojan-activity; sid:38137061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoesjapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoesjapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesjapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoesoutlet.com"; dns.query; content:"dcskateshoesoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesoutlet\.com$/i"; classtype:trojan-activity; sid:38137071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoesoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoesoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyoutletsuk.com"; dns.query; content:"dknyoutletsuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyoutletsuk\.com$/i"; classtype:trojan-activity; sid:38137081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyoutletsuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyoutletsuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyoutletsuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknysverigebutik.com"; dns.query; content:"dknysverigebutik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknysverigebutik\.com$/i"; classtype:trojan-activity; sid:38137091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknysverigebutik.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknysverigebutik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknysverigebutik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lojasdknyportugal.com"; dns.query; content:"lojasdknyportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lojasdknyportugal\.com$/i"; classtype:trojan-activity; sid:38137101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lojasdknyportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lojasdknyportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lojasdknyportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomdanmark.com"; dns.query; content:"fruitoftheloomdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomdanmark\.com$/i"; classtype:trojan-activity; sid:38137111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomireland.com"; dns.query; content:"fruitoftheloomireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomireland\.com$/i"; classtype:trojan-activity; sid:38137121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomnederland.com"; dns.query; content:"fruitoftheloomnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomnederland\.com$/i"; classtype:trojan-activity; sid:38137131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomoutlets.com"; dns.query; content:"fruitoftheloomoutlets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomoutlets\.com$/i"; classtype:trojan-activity; sid:38137141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomoutlets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomoutlets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomoutlets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomphilippines.com"; dns.query; content:"fruitoftheloomphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomphilippines\.com$/i"; classtype:trojan-activity; sid:38137151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomusa.com"; dns.query; content:"fruitoftheloomusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomusa\.com$/i"; classtype:trojan-activity; sid:38137161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27255 [] Domain omniva.safeordertrust.eu"; dns.query; content:"omniva.safeordertrust.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.safeordertrust\.eu$/i"; classtype:trojan-activity; sid:37889681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27255;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27255 [] Outgoing HTTP Domain omniva.safeordertrust.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omniva.safeordertrust.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omniva\.safeordertrust\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37889682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27255;) alert http $HOME_NET any -> 122.51.118.39 81 (msg: "MISP e27195 [CobaltStrike,cs-watermark-100000,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//122.51.118.39|3a|81/ca"; flow:to_server,established; http.header; content:"122.51.118.39"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37869091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 45.61.138.43 80 (msg: "MISP e27195 [Bianlian Go Trojan,BLNWX] Outgoing To IP: 45.61.138.43|80"; classtype:trojan-activity; sid:37869101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 5.161.64.218 443 (msg: "MISP e27195 [Havoc,HETZNER-CLOUD2-AS] Outgoing To IP: 5.161.64.218|443"; classtype:trojan-activity; sid:37869111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 45.120.106.149 445 (msg: "MISP e27195 [Responder,SKYTAP-TUK] Outgoing To IP: 45.120.106.149|445"; classtype:trojan-activity; sid:37869121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 105.102.19.215 443 (msg: "MISP e27195 [ALGTEL-AS,QakBot] Outgoing To IP: 105.102.19.215|443"; classtype:trojan-activity; sid:37869131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 187.213.196.57 443 (msg: "MISP e27195 [QakBot,UNINET] Outgoing To IP: 187.213.196.57|443"; classtype:trojan-activity; sid:37869141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip $HOME_NET any -> 147.45.68.159 80 (msg: "MISP e27195 [AEZA-AS,Hookbot Pegasus] Outgoing To IP: 147.45.68.159|80"; classtype:trojan-activity; sid:37869151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27190 [] Outgoing URL http|3a|//dev-cancelarsuscripcion.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-cancelarsuscripcion.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37866991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27190;) alert dns any any -> any any (msg: "MISP e27190 [] Domain dev-cancelarsuscripcion.pantheonsite.io"; dns.query; content:"dev-cancelarsuscripcion.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-cancelarsuscripcion\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37867011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27190;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27190 [] Outgoing HTTP Domain dev-cancelarsuscripcion.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-cancelarsuscripcion.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-cancelarsuscripcion\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37867012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27190;) alert ip 43.153.38.127 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.38.127"; classtype:trojan-activity; sid:37888781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 49.205.217.208 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.205.217.208"; classtype:trojan-activity; sid:37888791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 79.174.186.212 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.174.186.212"; classtype:trojan-activity; sid:37888801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 83.213.157.103 1515 (msg: "MISP e27195 [NanoCore,RAT] Outgoing To IP: 83.213.157.103|1515"; classtype:trojan-activity; sid:37869161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 121.183.49.87 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.183.49.87"; classtype:trojan-activity; sid:37888811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 103.252.90.237 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.252.90.237"; classtype:trojan-activity; sid:37888821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 34.41.17.26 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.41.17.26"; classtype:trojan-activity; sid:37888831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 24.199.100.14 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.199.100.14"; classtype:trojan-activity; sid:37888841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.203.40.33 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.40.33"; classtype:trojan-activity; sid:37888851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 24.199.108.98 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.199.108.98"; classtype:trojan-activity; sid:37888861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 180.101.88.200 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.200"; classtype:trojan-activity; sid:37888871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 150.109.14.149 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.14.149"; classtype:trojan-activity; sid:37888881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.199.170.135 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.199.170.135"; classtype:trojan-activity; sid:37888891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 198.211.100.121 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.211.100.121"; classtype:trojan-activity; sid:37888901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 222.77.96.50 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.77.96.50"; classtype:trojan-activity; sid:37888911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 134.209.34.154 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.34.154"; classtype:trojan-activity; sid:37888921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.190.88 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.190.88"; classtype:trojan-activity; sid:37888931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 185.246.188.140 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.246.188.140"; classtype:trojan-activity; sid:37888941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 180.232.148.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.232.148.195"; classtype:trojan-activity; sid:37888951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27191 [] Outgoing URL http|3a|//patito.larissakovalchuk.com/"; flow:to_server,established; http.header; content:"patito.larissakovalchuk.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27191;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27191 [] Outgoing URL http|3a|//patito.larissakovalchuk.com/1709150768/imagenes/_personas/home/default.asp"; flow:to_server,established; http.header; content:"patito.larissakovalchuk.com"; fast_pattern; nocase; http.uri; content:"/1709150768/imagenes/_personas/home/default.asp"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37867091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27191;) alert dns any any -> any any (msg: "MISP e27191 [] Domain patito.larissakovalchuk.com"; dns.query; content:"patito.larissakovalchuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.larissakovalchuk\.com$/i"; classtype:trojan-activity; sid:37867101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27191;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27191 [] Outgoing HTTP Domain patito.larissakovalchuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patito.larissakovalchuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.larissakovalchuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37867102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27191;) alert ip $HOME_NET any -> 186.170.114.55 1111 (msg: "MISP e27195 [asyncrat,RAT] Outgoing To IP: 186.170.114.55|1111"; classtype:trojan-activity; sid:37869171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 99.52.76.93 any -> $HOME_NET any (msg: "MISP e27219 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 99.52.76.93"; classtype:trojan-activity; sid:37870141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27219;) alert ip 77.239.215.133 any -> $HOME_NET any (msg: "MISP e27219 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.239.215.133"; classtype:trojan-activity; sid:37870151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27219;) alert ip 90.224.90.215 any -> $HOME_NET any (msg: "MISP e27219 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.224.90.215"; classtype:trojan-activity; sid:37870161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27219;) alert ip 59.180.184.179 any -> $HOME_NET any (msg: "MISP e27219 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.180.184.179"; classtype:trojan-activity; sid:37870171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27219;) alert ip 31.13.220.120 any -> $HOME_NET any (msg: "MISP e27219 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.13.220.120"; classtype:trojan-activity; sid:37870181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27219;) alert ip 74.62.145.76 any -> $HOME_NET any (msg: "MISP e27219 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.62.145.76"; classtype:trojan-activity; sid:37870191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27219;) alert ip 220.249.189.53 any -> $HOME_NET any (msg: "MISP e27219 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.249.189.53"; classtype:trojan-activity; sid:37870201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27219;) alert ip 45.227.193.112 any -> $HOME_NET any (msg: "MISP e27219 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.227.193.112"; classtype:trojan-activity; sid:37870211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27219;) alert ip 202.186.34.222 any -> $HOME_NET any (msg: "MISP e27219 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.186.34.222"; classtype:trojan-activity; sid:37870221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27219;) alert ip 221.229.103.87 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.229.103.87"; classtype:trojan-activity; sid:37888961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 90.186.80.233 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.186.80.233"; classtype:trojan-activity; sid:37888971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 180.118.243.205 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.118.243.205"; classtype:trojan-activity; sid:37888981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 119.23.43.196 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.23.43.196"; classtype:trojan-activity; sid:37888991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 106.54.230.212 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.230.212"; classtype:trojan-activity; sid:37889001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 104.140.188.2 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.140.188.2"; classtype:trojan-activity; sid:37889011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.35.234.126 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.234.126"; classtype:trojan-activity; sid:37889021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 80.94.95.123 any -> $HOME_NET any (msg: "MISP e27258 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.94.95.123"; classtype:trojan-activity; sid:37889771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27258;) alert ip 198.235.24.5 any -> $HOME_NET any (msg: "MISP e27258 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.5"; classtype:trojan-activity; sid:37889781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27258;) alert ip 193.56.113.24 any -> $HOME_NET any (msg: "MISP e27258 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.56.113.24"; classtype:trojan-activity; sid:37889791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27258;) alert ip 185.234.216.127 any -> $HOME_NET any (msg: "MISP e27258 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.234.216.127"; classtype:trojan-activity; sid:37889801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27258;) alert ip 185.129.51.53 any -> $HOME_NET any (msg: "MISP e27258 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.129.51.53"; classtype:trojan-activity; sid:37889811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27258;) alert ip 179.43.188.210 any -> $HOME_NET any (msg: "MISP e27258 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.43.188.210"; classtype:trojan-activity; sid:37889821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27258;) alert ip 157.245.69.67 any -> $HOME_NET any (msg: "MISP e27258 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.69.67"; classtype:trojan-activity; sid:37889831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27258;) alert ip 137.184.255.41 any -> $HOME_NET any (msg: "MISP e27258 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.255.41"; classtype:trojan-activity; sid:37889841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27258;) alert ip 103.176.111.235 any -> $HOME_NET any (msg: "MISP e27258 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.176.111.235"; classtype:trojan-activity; sid:37889851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27258;) alert ip 87.250.3.28 any -> $HOME_NET any (msg: "MISP e27254 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.250.3.28"; classtype:trojan-activity; sid:37889611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27254;) alert ip 81.31.170.17 any -> $HOME_NET any (msg: "MISP e27254 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.31.170.17"; classtype:trojan-activity; sid:37889621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27254;) alert ip 219.100.37.246 any -> $HOME_NET any (msg: "MISP e27254 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.100.37.246"; classtype:trojan-activity; sid:37889631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27254;) alert ip 211.21.120.132 any -> $HOME_NET any (msg: "MISP e27254 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.21.120.132"; classtype:trojan-activity; sid:37889641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27254;) alert ip 193.37.69.68 any -> $HOME_NET any (msg: "MISP e27254 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.37.69.68"; classtype:trojan-activity; sid:37889651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27254;) alert ip 178.150.135.19 any -> $HOME_NET any (msg: "MISP e27254 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.150.135.19"; classtype:trojan-activity; sid:37889661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27254;) alert ip 103.204.209.210 any -> $HOME_NET any (msg: "MISP e27254 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.204.209.210"; classtype:trojan-activity; sid:37889671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27254;) alert ip 8.142.101.189 any -> $HOME_NET any (msg: "MISP e27201 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.142.101.189"; classtype:trojan-activity; sid:37869641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27201;) alert ip 198.199.103.75 any -> $HOME_NET any (msg: "MISP e27201 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.103.75"; classtype:trojan-activity; sid:37869651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27201;) alert ip 192.241.214.12 any -> $HOME_NET any (msg: "MISP e27201 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.214.12"; classtype:trojan-activity; sid:37869661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27201;) alert ip 162.142.125.214 any -> $HOME_NET any (msg: "MISP e27201 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.214"; classtype:trojan-activity; sid:37869671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27201;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoescanada.com"; dns.query; content:"dcskateshoescanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoescanada\.com$/i"; classtype:trojan-activity; sid:38137171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoescanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoescanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoescanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoesmalaysia.com"; dns.query; content:"dcskateshoesmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesmalaysia\.com$/i"; classtype:trojan-activity; sid:38137181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoesmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoesmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoesnz.com"; dns.query; content:"dcskateshoesnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesnz\.com$/i"; classtype:trojan-activity; sid:38137191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoesnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoesnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoessingapore.com"; dns.query; content:"dcskateshoessingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoessingapore\.com$/i"; classtype:trojan-activity; sid:38137201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoessingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoessingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoessingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoesuae.com"; dns.query; content:"dcskateshoesuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesuae\.com$/i"; classtype:trojan-activity; sid:38137211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoesuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoesuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoesuk.com"; dns.query; content:"dcskateshoesuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesuk\.com$/i"; classtype:trojan-activity; sid:38137221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoesuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoesuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dknyuaestore.com"; dns.query; content:"dknyuaestore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyuaestore\.com$/i"; classtype:trojan-activity; sid:38137231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dknyuaestore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dknyuaestore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dknyuaestore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomaustralia.com"; dns.query; content:"fruitoftheloomaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomaustralia\.com$/i"; classtype:trojan-activity; sid:38137241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloombelgie.com"; dns.query; content:"fruitoftheloombelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloombelgie\.com$/i"; classtype:trojan-activity; sid:38137251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloombelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloombelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloombelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomcanada.com"; dns.query; content:"fruitoftheloomcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomcanada\.com$/i"; classtype:trojan-activity; sid:38137261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomdeutschland.com"; dns.query; content:"fruitoftheloomdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomdeutschland\.com$/i"; classtype:trojan-activity; sid:38137271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomespana.com"; dns.query; content:"fruitoftheloomespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomespana\.com$/i"; classtype:trojan-activity; sid:38137281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomindonesia.com"; dns.query; content:"fruitoftheloomindonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomindonesia\.com$/i"; classtype:trojan-activity; sid:38137291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomindonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomindonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomindonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloommalaysia.com"; dns.query; content:"fruitoftheloommalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloommalaysia\.com$/i"; classtype:trojan-activity; sid:38137301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloommalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloommalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloommalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloommexico.com"; dns.query; content:"fruitoftheloommexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloommexico\.com$/i"; classtype:trojan-activity; sid:38137311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloommexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloommexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloommexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomparis.com"; dns.query; content:"fruitoftheloomparis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomparis\.com$/i"; classtype:trojan-activity; sid:38137321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomparis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomparis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomparis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloompolska.com"; dns.query; content:"fruitoftheloompolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloompolska\.com$/i"; classtype:trojan-activity; sid:38137331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloompolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloompolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloompolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomschweiz.com"; dns.query; content:"fruitoftheloomschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomschweiz\.com$/i"; classtype:trojan-activity; sid:38137341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomsingapore.com"; dns.query; content:"fruitoftheloomsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomsingapore\.com$/i"; classtype:trojan-activity; sid:38137351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomuk.com"; dns.query; content:"fruitoftheloomuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomuk\.com$/i"; classtype:trojan-activity; sid:38137361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 15.228.170.102 5000 (msg: "MISP e27195 [asyncrat] Outgoing To IP: 15.228.170.102|5000"; classtype:trojan-activity; sid:37869181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimmexico.com"; dns.query; content:"arenaswimmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimmexico\.com$/i"; classtype:trojan-activity; sid:38137371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimwearaustralia.com"; dns.query; content:"arenaswimwearaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearaustralia\.com$/i"; classtype:trojan-activity; sid:38137381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimwearaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimwearaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimwearcanada.com"; dns.query; content:"arenaswimwearcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearcanada\.com$/i"; classtype:trojan-activity; sid:38137391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimwearcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimwearcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimweardubai.com"; dns.query; content:"arenaswimweardubai.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimweardubai\.com$/i"; classtype:trojan-activity; sid:38137401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimweardubai.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimweardubai.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimweardubai\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimwearegypt.com"; dns.query; content:"arenaswimwearegypt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearegypt\.com$/i"; classtype:trojan-activity; sid:38137411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimwearegypt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimwearegypt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearegypt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimweargreece.com"; dns.query; content:"arenaswimweargreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimweargreece\.com$/i"; classtype:trojan-activity; sid:38137421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimweargreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimweargreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimweargreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimwearireland.com"; dns.query; content:"arenaswimwearireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearireland\.com$/i"; classtype:trojan-activity; sid:38137431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimwearireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimwearireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimwearisrael.com"; dns.query; content:"arenaswimwearisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearisrael\.com$/i"; classtype:trojan-activity; sid:38137441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimwearisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimwearisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimwearksa.com"; dns.query; content:"arenaswimwearksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearksa\.com$/i"; classtype:trojan-activity; sid:38137451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimwearksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimwearksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimwearmalaysia.com"; dns.query; content:"arenaswimwearmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearmalaysia\.com$/i"; classtype:trojan-activity; sid:38137461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimwearmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimwearmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimwearnz.com"; dns.query; content:"arenaswimwearnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearnz\.com$/i"; classtype:trojan-activity; sid:38137471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimwearnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimwearnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimwearsingapore.com"; dns.query; content:"arenaswimwearsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearsingapore\.com$/i"; classtype:trojan-activity; sid:38137481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimwearsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimwearsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimwearuae.com"; dns.query; content:"arenaswimwearuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearuae\.com$/i"; classtype:trojan-activity; sid:38137491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimwearuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimwearuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcrunners-ireland.com"; dns.query; content:"dcrunners-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcrunners\-ireland\.com$/i"; classtype:trojan-activity; sid:38137501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcrunners-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcrunners-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcrunners\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportbelgie.com"; dns.query; content:"lottosportbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportbelgie\.com$/i"; classtype:trojan-activity; sid:38137511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportdanmark.com"; dns.query; content:"lottosportdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportdanmark\.com$/i"; classtype:trojan-activity; sid:38137521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportfootwearusa.com"; dns.query; content:"lottosportfootwearusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportfootwearusa\.com$/i"; classtype:trojan-activity; sid:38137531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportfootwearusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportfootwearusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportfootwearusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportireland.com"; dns.query; content:"lottosportireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportireland\.com$/i"; classtype:trojan-activity; sid:38137541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportisrael.com"; dns.query; content:"lottosportisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportisrael\.com$/i"; classtype:trojan-activity; sid:38137551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportmalaysia.com"; dns.query; content:"lottosportmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportmalaysia\.com$/i"; classtype:trojan-activity; sid:38137561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportosterreich.com"; dns.query; content:"lottosportosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportosterreich\.com$/i"; classtype:trojan-activity; sid:38137571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportphilippines.com"; dns.query; content:"lottosportphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportphilippines\.com$/i"; classtype:trojan-activity; sid:38137581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportscanadas.com"; dns.query; content:"lottosportscanadas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportscanadas\.com$/i"; classtype:trojan-activity; sid:38137591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportscanadas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportscanadas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportscanadas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportschile.com"; dns.query; content:"lottosportschile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportschile\.com$/i"; classtype:trojan-activity; sid:38137601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportschile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportschile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportschile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportsespana.com"; dns.query; content:"lottosportsespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsespana\.com$/i"; classtype:trojan-activity; sid:38137611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportsespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportsespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportsingapore.com"; dns.query; content:"lottosportsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsingapore\.com$/i"; classtype:trojan-activity; sid:38137621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportsitalia.com"; dns.query; content:"lottosportsitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsitalia\.com$/i"; classtype:trojan-activity; sid:38137631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportsitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportsitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportsnederland.com"; dns.query; content:"lottosportsnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsnederland\.com$/i"; classtype:trojan-activity; sid:38137641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportsnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportsnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportsnewzealand.com"; dns.query; content:"lottosportsnewzealand.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsnewzealand\.com$/i"; classtype:trojan-activity; sid:38137651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportsnewzealand.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportsnewzealand.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsnewzealand\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportspolska.com"; dns.query; content:"lottosportspolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportspolska\.com$/i"; classtype:trojan-activity; sid:38137661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportspolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportspolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportspolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportsportugal.com"; dns.query; content:"lottosportsportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsportugal\.com$/i"; classtype:trojan-activity; sid:38137671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportsportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportsportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportssouthafrica.com"; dns.query; content:"lottosportssouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportssouthafrica\.com$/i"; classtype:trojan-activity; sid:38137681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportssouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportssouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportssouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lottosportsukonline.com"; dns.query; content:"lottosportsukonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsukonline\.com$/i"; classtype:trojan-activity; sid:38137691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lottosportsukonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lottosportsukonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lottosportsukonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain luluireland.com"; dns.query; content:"luluireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])luluireland\.com$/i"; classtype:trojan-activity; sid:38137701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain luluireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luluireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luluireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonathleticaaustralia.com"; dns.query; content:"lululemonathleticaaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonathleticaaustralia\.com$/i"; classtype:trojan-activity; sid:38137711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonathleticaaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonathleticaaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonathleticaaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonathleticaoutlet.com"; dns.query; content:"lululemonathleticaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonathleticaoutlet\.com$/i"; classtype:trojan-activity; sid:38137721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonathleticaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonathleticaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonathleticaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lulu-lemonbrasil.com"; dns.query; content:"lulu-lemonbrasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemonbrasil\.com$/i"; classtype:trojan-activity; sid:38137731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lulu-lemonbrasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lulu-lemonbrasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemonbrasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonleggingscanada.com"; dns.query; content:"lululemonleggingscanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonleggingscanada\.com$/i"; classtype:trojan-activity; sid:38137741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonleggingscanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonleggingscanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonleggingscanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonleggingsindia.com"; dns.query; content:"lululemonleggingsindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonleggingsindia\.com$/i"; classtype:trojan-activity; sid:38137751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonleggingsindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonleggingsindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonleggingsindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonleggingssouthafrica.com"; dns.query; content:"lululemonleggingssouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonleggingssouthafrica\.com$/i"; classtype:trojan-activity; sid:38137761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonleggingssouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonleggingssouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonleggingssouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonoutletnz.com"; dns.query; content:"lululemonoutletnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonoutletnz\.com$/i"; classtype:trojan-activity; sid:38137771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonoutletnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonoutletnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonoutletnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonshopsuk.com"; dns.query; content:"lululemonshopsuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonshopsuk\.com$/i"; classtype:trojan-activity; sid:38137781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonshopsuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonshopsuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonshopsuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lulusingapore.com"; dns.query; content:"lulusingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lulusingapore\.com$/i"; classtype:trojan-activity; sid:38137791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lulusingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lulusingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lulusingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 175.197.65.135 443 (msg: "MISP e27195 [CobaltStrike,cs-watermark-987654321,KIXS-AS-KR Korea Telecom] Outgoing To IP: 175.197.65.135|443"; classtype:trojan-activity; sid:37869201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27195;) alert ip 117.36.231.242 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.36.231.242"; classtype:trojan-activity; sid:37889031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 85.193.255.144 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.193.255.144"; classtype:trojan-activity; sid:37889041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 223.16.78.147 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.16.78.147"; classtype:trojan-activity; sid:37889051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 34.92.81.41 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.92.81.41"; classtype:trojan-activity; sid:37889061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.212.213 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.212.213"; classtype:trojan-activity; sid:37889071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 84.73.67.17 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.73.67.17"; classtype:trojan-activity; sid:37889081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 159.223.13.196 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.13.196"; classtype:trojan-activity; sid:37889091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 51.77.116.35 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.77.116.35"; classtype:trojan-activity; sid:37889101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 170.64.172.201 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.172.201"; classtype:trojan-activity; sid:37889111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.32.115.195 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.115.195"; classtype:trojan-activity; sid:37889121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 43.131.232.11 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.232.11"; classtype:trojan-activity; sid:37889131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 101.42.40.47 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.40.47"; classtype:trojan-activity; sid:37889141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 75.87.63.196 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 75.87.63.196"; classtype:trojan-activity; sid:37889151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 220.83.208.16 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.83.208.16"; classtype:trojan-activity; sid:37889161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 144.48.80.109 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.48.80.109"; classtype:trojan-activity; sid:37889171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 113.22.76.161 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.22.76.161"; classtype:trojan-activity; sid:37889181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 124.156.203.50 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.203.50"; classtype:trojan-activity; sid:37889191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 188.151.29.133 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.151.29.133"; classtype:trojan-activity; sid:37889201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip 195.238.191.229 any -> $HOME_NET any (msg: "MISP e27232 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.238.191.229"; classtype:trojan-activity; sid:37889211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27232;) alert ip $HOME_NET any -> 103.74.172.161 4444 (msg: "MISP e27299 [c2,Venom] Outgoing To IP: 103.74.172.161|4444"; classtype:trojan-activity; sid:37906221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 110.41.44.130 8888 (msg: "MISP e27299 [c2,Venom] Outgoing To IP: 110.41.44.130|8888"; classtype:trojan-activity; sid:37906231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 128.90.108.211 4433 (msg: "MISP e27299 [c2,Venom] Outgoing To IP: 128.90.108.211|4433"; classtype:trojan-activity; sid:37906241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 5.75.209.178 80 (msg: "MISP e27299 [c2,Vidar] Outgoing To IP: 5.75.209.178|80"; classtype:trojan-activity; sid:37906251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 65.109.242.251 80 (msg: "MISP e27299 [c2,Vidar] Outgoing To IP: 65.109.242.251|80"; classtype:trojan-activity; sid:37906261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 95.217.240.158 80 (msg: "MISP e27299 [c2,Vidar] Outgoing To IP: 95.217.240.158|80"; classtype:trojan-activity; sid:37906271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 65.109.240.92 80 (msg: "MISP e27299 [c2,Vidar] Outgoing To IP: 65.109.240.92|80"; classtype:trojan-activity; sid:37906281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 5.75.211.82 80 (msg: "MISP e27299 [c2,Vidar] Outgoing To IP: 5.75.211.82|80"; classtype:trojan-activity; sid:37906291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 41.216.183.184 80 (msg: "MISP e27299 [c2,recordbreaker] Outgoing To IP: 41.216.183.184|80"; classtype:trojan-activity; sid:37906301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 193.233.132.10 8081 (msg: "MISP e27299 [c2,Risepro] Outgoing To IP: 193.233.132.10|8081"; classtype:trojan-activity; sid:37906311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 193.233.132.48 8081 (msg: "MISP e27299 [c2,Risepro] Outgoing To IP: 193.233.132.48|8081"; classtype:trojan-activity; sid:37906321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 8.218.157.182 4488 (msg: "MISP e27299 [c2,cobalt_strike] Outgoing To IP: 8.218.157.182|4488"; classtype:trojan-activity; sid:37906331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 139.196.191.50 3389 (msg: "MISP e27299 [c2,cobalt_strike] Outgoing To IP: 139.196.191.50|3389"; classtype:trojan-activity; sid:37906341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 43.139.235.226 5003 (msg: "MISP e27299 [c2,cobalt_strike] Outgoing To IP: 43.139.235.226|5003"; classtype:trojan-activity; sid:37906351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 41.96.34.101 443 (msg: "MISP e27299 [c2,QakBot] Outgoing To IP: 41.96.34.101|443"; classtype:trojan-activity; sid:37906361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 70.31.125.177 2222 (msg: "MISP e27299 [c2,QakBot] Outgoing To IP: 70.31.125.177|2222"; classtype:trojan-activity; sid:37906371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 82.97.251.102 7443 (msg: "MISP e27299 [Mythic,TIMEWEB-AS] Outgoing To IP: 82.97.251.102|7443"; classtype:trojan-activity; sid:37906381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 94.156.67.85 443 (msg: "MISP e27299 [Havoc,LIMENET] Outgoing To IP: 94.156.67.85|443"; classtype:trojan-activity; sid:37906391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 43.138.70.217 443 (msg: "MISP e27299 [Havoc,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 43.138.70.217|443"; classtype:trojan-activity; sid:37906401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 173.249.27.72 443 (msg: "MISP e27299 [CONTABO,Havoc] Outgoing To IP: 173.249.27.72|443"; classtype:trojan-activity; sid:37906411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27299 [dcrat] Outgoing URL http|3a|//a0922949.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0922949.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 24.177.42.139 443 (msg: "MISP e27299 [CHARTER-20115,QakBot] Outgoing To IP: 24.177.42.139|443"; classtype:trojan-activity; sid:37906431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 50.35.137.22 443 (msg: "MISP e27299 [AS-WHOLESAIL,QakBot] Outgoing To IP: 50.35.137.22|443"; classtype:trojan-activity; sid:37906441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 139.9.65.87 8888 (msg: "MISP e27299 [HWCSNET Huawei Cloud Service data center,Supershell] Outgoing To IP: 139.9.65.87|8888"; classtype:trojan-activity; sid:37906451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 106.75.66.128 8888 (msg: "MISP e27299 [CHINA169-BJ China Unicom Beijing Province Network,Supershell] Outgoing To IP: 106.75.66.128|8888"; classtype:trojan-activity; sid:37906461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 46.226.164.18 50555 (msg: "MISP e27299 [AEZA-AS,Hookbot Pegasus] Outgoing To IP: 46.226.164.18|50555"; classtype:trojan-activity; sid:37906471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27299 [dcrat] Outgoing URL http|3a|//a0923143.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0923143.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 103.114.104.158 7800 (msg: "MISP e27299 [STRRAT] Outgoing To IP: 103.114.104.158|7800"; classtype:trojan-activity; sid:37906491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27323 [] Domain parceldelivery.info"; dns.query; content:"parceldelivery.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])parceldelivery\.info$/i"; classtype:trojan-activity; sid:37915541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27323;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27323 [] Outgoing HTTP Domain parceldelivery.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"parceldelivery.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])parceldelivery\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27323;) alert ip $HOME_NET any -> 185.172.129.234 34244 (msg: "MISP e27299 [RedLineStealer] Outgoing To IP: 185.172.129.234|34244"; classtype:trojan-activity; sid:37906501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e24600 [] Domain a243boo2024.from-sd.com"; dns.query; content:"a243boo2024.from-sd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])a243boo2024\.from\-sd\.com$/i"; classtype:trojan-activity; sid:38179441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain a243boo2024.from-sd.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"a243boo2024.from-sd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])a243boo2024\.from\-sd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 9972553b0024.dyndns-office.com"; dns.query; content:"9972553b0024.dyndns-office.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])9972553b0024\.dyndns\-office\.com$/i"; classtype:trojan-activity; sid:38179491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 9972553b0024.dyndns-office.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"9972553b0024.dyndns-office.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])9972553b0024\.dyndns\-office\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179492; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e27319 [] Hostname ii.nggg.fun"; dns.query; content:"ii.nggg.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ii\.nggg\.fun$/i"; classtype:trojan-activity; sid:37915291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27319;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27319 [] Outgoing HTTP Hostname ii.nggg.fun"; flow:to_server,established; http.header; content: "Host|3a| ii.nggg.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ii\.nggg\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27319;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27320 [] Source Email Address: /tmp/eb815813-03f2-4767-b2bf-05170a455897/@abcnp.exe"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"/tmp/eb815813-03f2-4767-b2bf-05170a455897/@abcnp.exe"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37915371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27320;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27320 [] Source Email Address: /tmp/279b6acf-24a8-4964-a0f4-909bbf794bb9/@abcnp.exe"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"/tmp/279b6acf-24a8-4964-a0f4-909bbf794bb9/@abcnp.exe"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37915381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27320;) alert dns any any -> any any (msg: "MISP e27320 [] Domain alternativebehavioralconcepts.org"; dns.query; content:"alternativebehavioralconcepts.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])alternativebehavioralconcepts\.org$/i"; classtype:trojan-activity; sid:37915421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27320;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27320 [] Outgoing HTTP Domain alternativebehavioralconcepts.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"alternativebehavioralconcepts.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])alternativebehavioralconcepts\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27320;) alert dns any any -> any any (msg: "MISP e27320 [] Domain cerisico.net"; dns.query; content:"cerisico.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])cerisico\.net$/i"; classtype:trojan-activity; sid:37915431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27320;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27320 [] Outgoing HTTP Domain cerisico.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cerisico.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cerisico\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27320;) alert ip $HOME_NET any -> 185.172.128.170 any (msg: "MISP e27320 [] Outgoing To IP: 185.172.128.170"; classtype:trojan-activity; sid:37915441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27320;) alert dns any any -> any any (msg: "MISP e27299 [SocGholish] Domain visitclouds.com"; dns.query; content:"visitclouds.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])visitclouds\.com$/i"; classtype:trojan-activity; sid:37905881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [SocGholish] Outgoing HTTP Domain visitclouds.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"visitclouds.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])visitclouds\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain lkk.collection.aixpirts.com"; dns.query; content:"lkk.collection.aixpirts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lkk\.collection\.aixpirts\.com$/i"; classtype:trojan-activity; sid:37905891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain lkk.collection.aixpirts.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lkk.collection.aixpirts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lkk\.collection\.aixpirts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain collection.aixpirts.com"; dns.query; content:"collection.aixpirts.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])collection\.aixpirts\.com$/i"; classtype:trojan-activity; sid:37905901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain collection.aixpirts.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"collection.aixpirts.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])collection\.aixpirts\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain advertsp74.xyz"; dns.query; content:"advertsp74.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])advertsp74\.xyz$/i"; classtype:trojan-activity; sid:37905911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain advertsp74.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"advertsp74.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])advertsp74\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain gam0ver.ru"; dns.query; content:"gam0ver.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])gam0ver\.ru$/i"; classtype:trojan-activity; sid:37905921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain gam0ver.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gam0ver.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gam0ver\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain leadsoftware.top"; dns.query; content:"leadsoftware.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])leadsoftware\.top$/i"; classtype:trojan-activity; sid:37905931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain leadsoftware.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"leadsoftware.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])leadsoftware\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> 45.11.93.150 8964 (msg: "MISP e27299 [c2,moobot] Outgoing URL http|3a|//45.11.93.150|3a|8964"; flow:to_server,established; http.header; content:"45.11.93.150"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 147.45.197.186 445 (msg: "MISP e27299 [Pikabot] Outgoing To IP: 147.45.197.186|445"; classtype:trojan-activity; sid:37906511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET 8964 (msg: "MISP e27299 [c2,moobot] Outgoing URL http|3a|//mainnetwork.sysromeu.eu.org|3a|8964"; flow:to_server,established; http.header; content:"mainnetwork.sysromeu.eu.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 79.228.201.177 666 (msg: "MISP e27299 [njrat,RAT] Outgoing To IP: 79.228.201.177|666"; classtype:trojan-activity; sid:37906201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 15.204.223.194 23 (msg: "MISP e27299 [Gafgyt] Outgoing To IP: 15.204.223.194|23"; classtype:trojan-activity; sid:37906191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 94.198.55.181 4337 (msg: "MISP e27299 [] Outgoing To IP: 94.198.55.181|4337"; classtype:trojan-activity; sid:37906171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 82.153.138.25 13338 (msg: "MISP e27299 [] Outgoing To IP: 82.153.138.25|13338"; classtype:trojan-activity; sid:37906181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 94.156.69.109 4372 (msg: "MISP e27299 [] Outgoing To IP: 94.156.69.109|4372"; classtype:trojan-activity; sid:37906151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 89.187.184.206 4299 (msg: "MISP e27299 [] Outgoing To IP: 89.187.184.206|4299"; classtype:trojan-activity; sid:37906141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 94.198.51.247 4337 (msg: "MISP e27299 [] Outgoing To IP: 94.198.51.247|4337"; classtype:trojan-activity; sid:37906161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 80.85.84.79 4001 (msg: "MISP e27299 [] Outgoing To IP: 80.85.84.79|4001"; classtype:trojan-activity; sid:37906131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 45.147.231.86 4254 (msg: "MISP e27299 [] Outgoing To IP: 45.147.231.86|4254"; classtype:trojan-activity; sid:37906081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 69.10.60.115 4018 (msg: "MISP e27299 [] Outgoing To IP: 69.10.60.115|4018"; classtype:trojan-activity; sid:37906121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 45.63.66.10 443 (msg: "MISP e27299 [] Outgoing To IP: 45.63.66.10|443"; classtype:trojan-activity; sid:37906101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 64.176.214.51 443 (msg: "MISP e27299 [] Outgoing To IP: 64.176.214.51|443"; classtype:trojan-activity; sid:37906111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 45.15.159.28 8080 (msg: "MISP e27299 [] Outgoing To IP: 45.15.159.28|8080"; classtype:trojan-activity; sid:37906091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27317 [] Domain walkudog.ink"; dns.query; content:"walkudog.ink"; nocase; pcre: "/(^|[^A-Za-z0-9-])walkudog\.ink$/i"; classtype:trojan-activity; sid:37915191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27317;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27317 [] Outgoing HTTP Domain walkudog.ink"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"walkudog.ink"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])walkudog\.ink[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27317;) alert ip $HOME_NET any -> 192.53.123.202 8080 (msg: "MISP e27299 [] Outgoing To IP: 192.53.123.202|8080"; classtype:trojan-activity; sid:37906071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 185.236.232.20 445 (msg: "MISP e27299 [] Outgoing To IP: 185.236.232.20|445"; classtype:trojan-activity; sid:37906051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 185.73.124.42 4001 (msg: "MISP e27299 [] Outgoing To IP: 185.73.124.42|4001"; classtype:trojan-activity; sid:37906061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 153.92.222.162 4001 (msg: "MISP e27299 [] Outgoing To IP: 153.92.222.162|4001"; classtype:trojan-activity; sid:37906041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain zl0yy.ru"; dns.query; content:"zl0yy.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])zl0yy\.ru$/i"; classtype:trojan-activity; sid:37906021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain zl0yy.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zl0yy.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zl0yy\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37906022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 138.201.196.90 443 (msg: "MISP e27299 [] Outgoing To IP: 138.201.196.90|443"; classtype:trojan-activity; sid:37906031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain yan0212.net"; dns.query; content:"yan0212.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])yan0212\.net$/i"; classtype:trojan-activity; sid:37906011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain yan0212.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yan0212.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yan0212\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37906012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain wprogs.top"; dns.query; content:"wprogs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])wprogs\.top$/i"; classtype:trojan-activity; sid:37905991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain wprogs.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wprogs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wprogs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain yan0212.com"; dns.query; content:"yan0212.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])yan0212\.com$/i"; classtype:trojan-activity; sid:37906001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain yan0212.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yan0212.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yan0212\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37906002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain ventafones.com"; dns.query; content:"ventafones.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ventafones\.com$/i"; classtype:trojan-activity; sid:37905981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain ventafones.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ventafones.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ventafones\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain straightsboycott.com"; dns.query; content:"straightsboycott.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])straightsboycott\.com$/i"; classtype:trojan-activity; sid:37905971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain straightsboycott.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"straightsboycott.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])straightsboycott\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain pzlkxadvert475.xyz"; dns.query; content:"pzlkxadvert475.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])pzlkxadvert475\.xyz$/i"; classtype:trojan-activity; sid:37905951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain pzlkxadvert475.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pzlkxadvert475.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pzlkxadvert475\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain shopweb95.xyz"; dns.query; content:"shopweb95.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])shopweb95\.xyz$/i"; classtype:trojan-activity; sid:37905961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain shopweb95.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"shopweb95.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])shopweb95\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [] Domain pzfdmserv275.xyz"; dns.query; content:"pzfdmserv275.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])pzfdmserv275\.xyz$/i"; classtype:trojan-activity; sid:37905941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [] Outgoing HTTP Domain pzfdmserv275.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pzfdmserv275.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pzfdmserv275\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bapeoutletnorge.com"; dns.query; content:"bapeoutletnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletnorge\.com$/i"; classtype:trojan-activity; sid:38137801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bapeoutletnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bapeoutletnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksfactorystores.com"; dns.query; content:"clarksfactorystores.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksfactorystores\.com$/i"; classtype:trojan-activity; sid:38137811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksfactorystores.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksfactorystores.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksfactorystores\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomitalia.com"; dns.query; content:"fruitoftheloomitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomitalia\.com$/i"; classtype:trojan-activity; sid:38137821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymshark-romania.com"; dns.query; content:"gymshark-romania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-romania\.com$/i"; classtype:trojan-activity; sid:38137831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymshark-romania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymshark-romania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-romania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonmalaysiaonline.com"; dns.query; content:"lululemonmalaysiaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonmalaysiaonline\.com$/i"; classtype:trojan-activity; sid:38137841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonmalaysiaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonmalaysiaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonmalaysiaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tescovip.com"; dns.query; content:"tescovip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tescovip\.com$/i"; classtype:trojan-activity; sid:38137851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tescovip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tescovip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tescovip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27324 [] Domain emta.ee-control.live"; dns.query; content:"emta.ee-control.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\.ee\-control\.live$/i"; classtype:trojan-activity; sid:37915571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27324 [] Outgoing HTTP Domain emta.ee-control.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"emta.ee-control.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\.ee\-control\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27324;) alert dns any any -> any any (msg: "MISP e27196 [] Domain banco.estadosoporte.info"; dns.query; content:"banco.estadosoporte.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estadosoporte\.info$/i"; classtype:trojan-activity; sid:37869221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27196;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27196 [] Outgoing HTTP Domain banco.estadosoporte.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banco.estadosoporte.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estadosoporte\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37869222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27196;) alert http $HOME_NET any -> 121.43.62.136 5000 (msg: "MISP e27299 [CobaltStrike,cs-watermark-1234567890,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//121.43.62.136|3a|5000/visit.js"; flow:to_server,established; http.header; content:"121.43.62.136"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 103.77.243.215 2404 (msg: "MISP e27299 [remcos] Outgoing To IP: 103.77.243.215|2404"; classtype:trojan-activity; sid:37906571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [njrat,RAT] Domain mrado.kozow.com"; dns.query; content:"mrado.kozow.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mrado\.kozow\.com$/i"; classtype:trojan-activity; sid:37906561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [njrat,RAT] Outgoing HTTP Domain mrado.kozow.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mrado.kozow.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mrado\.kozow\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37906562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 162.19.25.207 8080 (msg: "MISP e27299 [njrat,RAT] Outgoing To IP: 162.19.25.207|8080"; classtype:trojan-activity; sid:37906551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 107.175.113.194 2404 (msg: "MISP e27299 [RAT,RemcosRAT] Outgoing To IP: 107.175.113.194|2404"; classtype:trojan-activity; sid:37906581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27197 [] Domain wwwstcursomasxfors.com"; dns.query; content:"wwwstcursomasxfors.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwstcursomasxfors\.com$/i"; classtype:trojan-activity; sid:37869321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27197;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27197 [] Outgoing HTTP Domain wwwstcursomasxfors.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwstcursomasxfors.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwstcursomasxfors\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37869322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27197;) alert http $HOME_NET any -> 188.120.229.213 $HTTP_PORTS (msg: "MISP e27299 [dcrat] Outgoing URL http|3a|//188.120.229.213/eternal3/0server/downloads/better/7linuxdle/traffic/processorto4default/external/wordpressimage/phpwp/lowuploads0/6processorsql/updateprocessortest/packetbigload.php"; flow:to_server,established; http.header; content:"188.120.229.213"; fast_pattern; nocase; http.uri; content:"/eternal3/0server/downloads/better/7linuxdle/traffic/processorto4default/external/wordpressimage/phpwp/lowuploads0/6processorsql/updateprocessortest/packetbigload.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27198 [] Domain banestado-beneficio.pages.dev"; dns.query; content:"banestado-beneficio.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-beneficio\.pages\.dev$/i"; classtype:trojan-activity; sid:37869401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27198;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27198 [] Outgoing HTTP Domain banestado-beneficio.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-beneficio.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-beneficio\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37869402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27198;) alert dns any any -> any any (msg: "MISP e27342 [] Domain amazon-aws-01.wnyprintandpromotion.biz"; dns.query; content:"amazon-aws-01.wnyprintandpromotion.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-])amazon\-aws\-01\.wnyprintandpromotion\.biz$/i"; classtype:trojan-activity; sid:37916711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27342;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27342 [] Outgoing HTTP Domain amazon-aws-01.wnyprintandpromotion.biz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"amazon-aws-01.wnyprintandpromotion.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])amazon\-aws\-01\.wnyprintandpromotion\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37916712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27342;) alert ip $HOME_NET any -> 154.38.160.55 35888 (msg: "MISP e27299 [njrat] Outgoing To IP: 154.38.160.55|35888"; classtype:trojan-activity; sid:37906601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27199 [] Domain banestado-cuentapro.pages.dev"; dns.query; content:"banestado-cuentapro.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuentapro\.pages\.dev$/i"; classtype:trojan-activity; sid:37869521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27199;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27199 [] Outgoing HTTP Domain banestado-cuentapro.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-cuentapro.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuentapro\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37869522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27199;) alert dns any any -> any any (msg: "MISP e27299 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Domain udptestsh6062.ialicdn.com.w.cdngslb.com"; dns.query; content:"udptestsh6062.ialicdn.com.w.cdngslb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])udptestsh6062\.ialicdn\.com\.w\.cdngslb\.com$/i"; classtype:trojan-activity; sid:37906671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing HTTP Domain udptestsh6062.ialicdn.com.w.cdngslb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"udptestsh6062.ialicdn.com.w.cdngslb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])udptestsh6062\.ialicdn\.com\.w\.cdngslb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37906672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Domain all.mbblitz.net.w.cdngslb.com"; dns.query; content:"all.mbblitz.net.w.cdngslb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])all\.mbblitz\.net\.w\.cdngslb\.com$/i"; classtype:trojan-activity; sid:37906691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing HTTP Domain all.mbblitz.net.w.cdngslb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"all.mbblitz.net.w.cdngslb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])all\.mbblitz\.net\.w\.cdngslb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37906692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Domain intl.ccb.com.w.cdngslb.com"; dns.query; content:"intl.ccb.com.w.cdngslb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])intl\.ccb\.com\.w\.cdngslb\.com$/i"; classtype:trojan-activity; sid:37906711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing HTTP Domain intl.ccb.com.w.cdngslb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"intl.ccb.com.w.cdngslb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])intl\.ccb\.com\.w\.cdngslb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37906712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27299 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//service-f8oy6qld-1322248009.sh.tencentapigw.com/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"service-f8oy6qld-1322248009.sh.tencentapigw.com"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Domain service-f8oy6qld-1322248009.sh.tencentapigw.com"; dns.query; content:"service-f8oy6qld-1322248009.sh.tencentapigw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-f8oy6qld\-1322248009\.sh\.tencentapigw\.com$/i"; classtype:trojan-activity; sid:37906731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing HTTP Domain service-f8oy6qld-1322248009.sh.tencentapigw.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-f8oy6qld-1322248009.sh.tencentapigw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-f8oy6qld\-1322248009\.sh\.tencentapigw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37906732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 18.231.151.211 333 (msg: "MISP e27299 [RevengeRAT] Outgoing To IP: 18.231.151.211|333"; classtype:trojan-activity; sid:37906741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip 159.203.192.33 any -> $HOME_NET any (msg: "MISP e27379 [] Incoming From IP: 159.203.192.33"; classtype:trojan-activity; sid:37924611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27379;) alert dns any any -> any any (msg: "MISP e27342 [] Domain bnbbott1011.hopto.org"; dns.query; content:"bnbbott1011.hopto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])bnbbott1011\.hopto\.org$/i"; classtype:trojan-activity; sid:37916721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27342;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27342 [] Outgoing HTTP Domain bnbbott1011.hopto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bnbbott1011.hopto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bnbbott1011\.hopto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37916722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27342;) alert dns any any -> any any (msg: "MISP e27342 [] Domain hwzpgovt.nsupdate.info"; dns.query; content:"hwzpgovt.nsupdate.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])hwzpgovt\.nsupdate\.info$/i"; classtype:trojan-activity; sid:37916791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27342;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27342 [] Outgoing HTTP Domain hwzpgovt.nsupdate.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hwzpgovt.nsupdate.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hwzpgovt\.nsupdate\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37916792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27342;) alert http $HOME_NET any -> 121.43.62.136 5000 (msg: "MISP e27299 [CobaltStrike,cs-watermark-1234567890,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//121.43.62.136|3a|5000/push"; flow:to_server,established; http.header; content:"121.43.62.136"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e24599 [] Outgoing URL http|3a|//chopefoundation.co.za/shims/index.php"; flow:to_server,established; http.header; content:"chopefoundation.co.za"; fast_pattern; nocase; http.uri; content:"/shims/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38178411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27215 [] Source Email Address: contabilidadpagos@vifrio.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"contabilidadpagos@vifrio.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37869981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27215;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27215 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"orden de compra 0550301-0025545456745869768968.uu|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37870001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27215;) alert ip 44.209.61.163 any -> $HOME_NET any (msg: "MISP e27215 [] Incoming From IP: 44.209.61.163"; classtype:trojan-activity; sid:37870021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27215;) alert dns any any -> any any (msg: "MISP e27215 [] Domain mail.vifrio.com"; dns.query; content:"mail.vifrio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.vifrio\.com$/i"; classtype:trojan-activity; sid:37870031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27215;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27215 [] Outgoing HTTP Domain mail.vifrio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.vifrio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.vifrio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37870032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27215;) alert http $HOME_NET any -> 43.159.136.92 $HTTP_PORTS (msg: "MISP e27299 [CobaltStrike,cs-watermark-987654321,Tencent Building Kejizhongyi Avenue] Outgoing URL http|3a|//43.159.136.92/j.ad"; flow:to_server,established; http.header; content:"43.159.136.92"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> 47.100.170.9 $HTTP_PORTS (msg: "MISP e27299 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.100.170.9/updates.rss"; flow:to_server,established; http.header; content:"47.100.170.9"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27229 [] Source Email Address: contabilidadpagos@vifrio.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"contabilidadpagos@vifrio.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37871741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27229;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27229 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"cotización.xlam|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37871761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27229;) alert ip 44.209.61.163 any -> $HOME_NET any (msg: "MISP e27229 [] Incoming From IP: 44.209.61.163"; classtype:trojan-activity; sid:37871771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27229;) alert dns any any -> any any (msg: "MISP e27229 [] Domain mail.vifrio.com"; dns.query; content:"mail.vifrio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.vifrio\.com$/i"; classtype:trojan-activity; sid:37871781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27229;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27229 [] Outgoing HTTP Domain mail.vifrio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.vifrio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.vifrio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37871782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27229;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27299 [CobaltStrike,cs-watermark-1629378311,Microsoft Corporation] Outgoing URL http|3a|//d9msk9dy9tbnk.cloudfront.net/jquery-2.8.4.min.js"; flow:to_server,established; http.header; content:"d9msk9dy9tbnk.cloudfront.net"; fast_pattern; nocase; http.uri; content:"/jquery-2.8.4.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [CobaltStrike,cs-watermark-1629378311,Microsoft Corporation] Domain d9msk9dy9tbnk.cloudfront.net"; dns.query; content:"d9msk9dy9tbnk.cloudfront.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])d9msk9dy9tbnk\.cloudfront\.net$/i"; classtype:trojan-activity; sid:37906791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [CobaltStrike,cs-watermark-1629378311,Microsoft Corporation] Outgoing HTTP Domain d9msk9dy9tbnk.cloudfront.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"d9msk9dy9tbnk.cloudfront.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])d9msk9dy9tbnk\.cloudfront\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37906792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 4.158.105.167 80 (msg: "MISP e27299 [CobaltStrike,cs-watermark-1629378311,Microsoft Corporation] Outgoing To IP: 4.158.105.167|80"; classtype:trojan-activity; sid:37906801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 18.162.156.152 443 (msg: "MISP e27299 [Amazon.com Inc.,CobaltStrike,cs-watermark-518482449] Outgoing To IP: 18.162.156.152|443"; classtype:trojan-activity; sid:37906811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 198.44.174.170 10086 (msg: "MISP e27299 [Gh0stRAT] Outgoing To IP: 198.44.174.170|10086"; classtype:trojan-activity; sid:37906821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e24600 [] Domain lu-post.shop"; dns.query; content:"lu-post.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])lu\-post\.shop$/i"; classtype:trojan-activity; sid:38179531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain lu-post.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lu-post.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lu\-post\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179532; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bapeoutletdanmark.com"; dns.query; content:"bapeoutletdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletdanmark\.com$/i"; classtype:trojan-activity; sid:38137861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bapeoutletdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bapeoutletdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bapeoutletdeutschland.com"; dns.query; content:"bapeoutletdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletdeutschland\.com$/i"; classtype:trojan-activity; sid:38137871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bapeoutletdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bapeoutletdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bapeoutletitalia.com"; dns.query; content:"bapeoutletitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletitalia\.com$/i"; classtype:trojan-activity; sid:38137881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bapeoutletitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bapeoutletitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bapeoutletnederland.com"; dns.query; content:"bapeoutletnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletnederland\.com$/i"; classtype:trojan-activity; sid:38137891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bapeoutletnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bapeoutletnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bapeoutletturkiye.com"; dns.query; content:"bapeoutletturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletturkiye\.com$/i"; classtype:trojan-activity; sid:38137901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bapeoutletturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bapeoutletturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcskateshoesksa.com"; dns.query; content:"dcskateshoesksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesksa\.com$/i"; classtype:trojan-activity; sid:38137911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcskateshoesksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcskateshoesksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcskateshoesksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomslovenija.com"; dns.query; content:"fruitoftheloomslovenija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomslovenija\.com$/i"; classtype:trojan-activity; sid:38137921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomslovenija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomslovenija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomslovenija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomuae.com"; dns.query; content:"fruitoftheloomuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomuae\.com$/i"; classtype:trojan-activity; sid:38137931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain furlabagsksa.com"; dns.query; content:"furlabagsksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])furlabagsksa\.com$/i"; classtype:trojan-activity; sid:38137941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain furlabagsksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"furlabagsksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])furlabagsksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-baker-belgium.com"; dns.query; content:"ted-baker-belgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-baker\-belgium\.com$/i"; classtype:trojan-activity; sid:38137951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-baker-belgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-baker-belgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-baker\-belgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakersaudiarabia.com"; dns.query; content:"tedbakersaudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersaudiarabia\.com$/i"; classtype:trojan-activity; sid:38137961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakersaudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakersaudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersaudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakersrbija-rs.com"; dns.query; content:"tedbakersrbija-rs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersrbija\-rs\.com$/i"; classtype:trojan-activity; sid:38137971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakersrbija-rs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakersrbija-rs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersrbija\-rs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashaustralia.com"; dns.query; content:"bashaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashaustralia\.com$/i"; classtype:trojan-activity; sid:38137981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashbelgie.com"; dns.query; content:"bashbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashbelgie\.com$/i"; classtype:trojan-activity; sid:38137991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38137992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashcanada.com"; dns.query; content:"bashcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashcanada\.com$/i"; classtype:trojan-activity; sid:38138001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashdeutschland.com"; dns.query; content:"bashdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashdeutschland\.com$/i"; classtype:trojan-activity; sid:38138011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashespana.com"; dns.query; content:"bashespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashespana\.com$/i"; classtype:trojan-activity; sid:38138021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashgreece.com"; dns.query; content:"bashgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashgreece\.com$/i"; classtype:trojan-activity; sid:38138031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashireland.com"; dns.query; content:"bashireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashireland\.com$/i"; classtype:trojan-activity; sid:38138041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashitalia.com"; dns.query; content:"bashitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashitalia\.com$/i"; classtype:trojan-activity; sid:38138051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashnederland.com"; dns.query; content:"bashnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashnederland\.com$/i"; classtype:trojan-activity; sid:38138061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashnorge.com"; dns.query; content:"bashnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashnorge\.com$/i"; classtype:trojan-activity; sid:38138071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashportugal.com"; dns.query; content:"bashportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashportugal\.com$/i"; classtype:trojan-activity; sid:38138081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashschweiz.com"; dns.query; content:"bashschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashschweiz\.com$/i"; classtype:trojan-activity; sid:38138091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashsouthafrica.com"; dns.query; content:"bashsouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashsouthafrica\.com$/i"; classtype:trojan-activity; sid:38138101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashsouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashsouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashsouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashsverige.com"; dns.query; content:"bashsverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashsverige\.com$/i"; classtype:trojan-activity; sid:38138111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashsverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashsverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashsverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashturkiye.com"; dns.query; content:"bashturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashturkiye\.com$/i"; classtype:trojan-activity; sid:38138121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashuae.com"; dns.query; content:"bashuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashuae\.com$/i"; classtype:trojan-activity; sid:38138131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenhungary.com"; dns.query; content:"bodenhungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenhungary\.com$/i"; classtype:trojan-activity; sid:38138141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenhungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenhungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenhungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenirelandsale.com"; dns.query; content:"bodenirelandsale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenirelandsale\.com$/i"; classtype:trojan-activity; sid:38138151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenirelandsale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenirelandsale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenirelandsale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenportugallojas.com"; dns.query; content:"bodenportugallojas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenportugallojas\.com$/i"; classtype:trojan-activity; sid:38138161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenportugallojas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenportugallojas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenportugallojas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenromaniaonline.com"; dns.query; content:"bodenromaniaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenromaniaonline\.com$/i"; classtype:trojan-activity; sid:38138171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenromaniaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenromaniaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenromaniaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodensaudiarabia.com"; dns.query; content:"bodensaudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodensaudiarabia\.com$/i"; classtype:trojan-activity; sid:38138181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodensaudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodensaudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodensaudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain caterpillarirelands.com"; dns.query; content:"caterpillarirelands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillarirelands\.com$/i"; classtype:trojan-activity; sid:38138191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain caterpillarirelands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caterpillarirelands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillarirelands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain caterpillarmalaysiaonline.com"; dns.query; content:"caterpillarmalaysiaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillarmalaysiaonline\.com$/i"; classtype:trojan-activity; sid:38138201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain caterpillarmalaysiaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caterpillarmalaysiaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillarmalaysiaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain caterpillarscanberra.com"; dns.query; content:"caterpillarscanberra.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillarscanberra\.com$/i"; classtype:trojan-activity; sid:38138211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain caterpillarscanberra.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caterpillarscanberra.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillarscanberra\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dannerboot-ireland.com"; dns.query; content:"dannerboot-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dannerboot\-ireland\.com$/i"; classtype:trojan-activity; sid:38138221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dannerboot-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dannerboot-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dannerboot\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dannerbootsespana.com"; dns.query; content:"dannerbootsespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dannerbootsespana\.com$/i"; classtype:trojan-activity; sid:38138231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dannerbootsespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dannerbootsespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dannerbootsespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dannerboots-usa.com"; dns.query; content:"dannerboots-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dannerboots\-usa\.com$/i"; classtype:trojan-activity; sid:38138241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dannerboots-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dannerboots-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dannerboots\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dannerbootus.com"; dns.query; content:"dannerbootus.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dannerbootus\.com$/i"; classtype:trojan-activity; sid:38138251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dannerbootus.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dannerbootus.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dannerbootus\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomgreece.com"; dns.query; content:"fruitoftheloomgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomgreece\.com$/i"; classtype:trojan-activity; sid:38138261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomhungary.com"; dns.query; content:"fruitoftheloomhungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomhungary\.com$/i"; classtype:trojan-activity; sid:38138271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomhungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomhungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomhungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomnz.com"; dns.query; content:"fruitoftheloomnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomnz\.com$/i"; classtype:trojan-activity; sid:38138281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomromania.com"; dns.query; content:"fruitoftheloomromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomromania\.com$/i"; classtype:trojan-activity; sid:38138291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jeansytruereligion.com"; dns.query; content:"jeansytruereligion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jeansytruereligion\.com$/i"; classtype:trojan-activity; sid:38138301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jeansytruereligion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jeansytruereligion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jeansytruereligion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungefly-australia.com"; dns.query; content:"loungefly-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungefly\-australia\.com$/i"; classtype:trojan-activity; sid:38138311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungefly-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungefly-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungefly\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflyaustralia.com"; dns.query; content:"loungeflyaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyaustralia\.com$/i"; classtype:trojan-activity; sid:38138321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflyaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflyaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflybagsuk.com"; dns.query; content:"loungeflybagsuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflybagsuk\.com$/i"; classtype:trojan-activity; sid:38138331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflybagsuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflybagsuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflybagsuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungefly-canada.com"; dns.query; content:"loungefly-canada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungefly\-canada\.com$/i"; classtype:trojan-activity; sid:38138341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungefly-canada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungefly-canada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungefly\-canada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflycanada.com"; dns.query; content:"loungeflycanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflycanada\.com$/i"; classtype:trojan-activity; sid:38138351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflycanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflycanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflycanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflydeutschland.com"; dns.query; content:"loungeflydeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflydeutschland\.com$/i"; classtype:trojan-activity; sid:38138361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflydeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflydeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflydeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflyespana.com"; dns.query; content:"loungeflyespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyespana\.com$/i"; classtype:trojan-activity; sid:38138371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflyespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflyespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflyfactoryoutlet.com"; dns.query; content:"loungeflyfactoryoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyfactoryoutlet\.com$/i"; classtype:trojan-activity; sid:38138381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflyfactoryoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflyfactoryoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyfactoryoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflyfrance.com"; dns.query; content:"loungeflyfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyfrance\.com$/i"; classtype:trojan-activity; sid:38138391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflyfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflyfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflyireland.com"; dns.query; content:"loungeflyireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyireland\.com$/i"; classtype:trojan-activity; sid:38138401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflyireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflyireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungefly-italia.com"; dns.query; content:"loungefly-italia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungefly\-italia\.com$/i"; classtype:trojan-activity; sid:38138411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungefly-italia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungefly-italia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungefly\-italia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflymexico.com"; dns.query; content:"loungeflymexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflymexico\.com$/i"; classtype:trojan-activity; sid:38138421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflymexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflymexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflymexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflynederland.com"; dns.query; content:"loungeflynederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflynederland\.com$/i"; classtype:trojan-activity; sid:38138431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflynederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflynederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflynederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflynorge.com"; dns.query; content:"loungeflynorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflynorge\.com$/i"; classtype:trojan-activity; sid:38138441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflynorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflynorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflynorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflynz.com"; dns.query; content:"loungeflynz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflynz\.com$/i"; classtype:trojan-activity; sid:38138451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflynz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflynz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflynz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungefly-outlet.com"; dns.query; content:"loungefly-outlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungefly\-outlet\.com$/i"; classtype:trojan-activity; sid:38138461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungefly-outlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungefly-outlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungefly\-outlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflyportugal.com"; dns.query; content:"loungeflyportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyportugal\.com$/i"; classtype:trojan-activity; sid:38138471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflyportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflyportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflysiteofficiel.com"; dns.query; content:"loungeflysiteofficiel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflysiteofficiel\.com$/i"; classtype:trojan-activity; sid:38138481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflysiteofficiel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflysiteofficiel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflysiteofficiel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pantalonestruereligion.com"; dns.query; content:"pantalonestruereligion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pantalonestruereligion\.com$/i"; classtype:trojan-activity; sid:38138491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pantalonestruereligion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pantalonestruereligion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pantalonestruereligion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithbelgie.com"; dns.query; content:"paulsmithbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithbelgie\.com$/i"; classtype:trojan-activity; sid:38138501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithclothinguk.com"; dns.query; content:"paulsmithclothinguk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithclothinguk\.com$/i"; classtype:trojan-activity; sid:38138511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithclothinguk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithclothinguk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithclothinguk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithdublin.com"; dns.query; content:"paulsmithdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithdublin\.com$/i"; classtype:trojan-activity; sid:38138521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithnewzealand.com"; dns.query; content:"paulsmithnewzealand.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithnewzealand\.com$/i"; classtype:trojan-activity; sid:38138531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithnewzealand.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithnewzealand.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithnewzealand\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithoutletitalia.com"; dns.query; content:"paulsmithoutletitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithoutletitalia\.com$/i"; classtype:trojan-activity; sid:38138541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithoutletitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithoutletitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithoutletitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithparisboutique.com"; dns.query; content:"paulsmithparisboutique.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithparisboutique\.com$/i"; classtype:trojan-activity; sid:38138551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithparisboutique.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithparisboutique.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithparisboutique\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithschweiz.com"; dns.query; content:"paulsmithschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithschweiz\.com$/i"; classtype:trojan-activity; sid:38138561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithsg.com"; dns.query; content:"paulsmithsg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithsg\.com$/i"; classtype:trojan-activity; sid:38138571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithsg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithsg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithsg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithstockholm.com"; dns.query; content:"paulsmithstockholm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithstockholm\.com$/i"; classtype:trojan-activity; sid:38138581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithstockholm.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithstockholm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithstockholm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithusasale.com"; dns.query; content:"paulsmithusasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithusasale\.com$/i"; classtype:trojan-activity; sid:38138591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithusasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithusasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithusasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain schollshoesireland.com"; dns.query; content:"schollshoesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])schollshoesireland\.com$/i"; classtype:trojan-activity; sid:38138601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain schollshoesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"schollshoesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])schollshoesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeregyptwebsite.com"; dns.query; content:"tedbakeregyptwebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeregyptwebsite\.com$/i"; classtype:trojan-activity; sid:38138611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeregyptwebsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeregyptwebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeregyptwebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakersouth-africa.com"; dns.query; content:"tedbakersouth-africa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersouth\-africa\.com$/i"; classtype:trojan-activity; sid:38138621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakersouth-africa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakersouth-africa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersouth\-africa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligion-chile.com"; dns.query; content:"truereligion-chile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligion\-chile\.com$/i"; classtype:trojan-activity; sid:38138631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligion-chile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligion-chile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligion\-chile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligioncolombia.com"; dns.query; content:"truereligioncolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligioncolombia\.com$/i"; classtype:trojan-activity; sid:38138641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligioncolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligioncolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligioncolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligiondublin.com"; dns.query; content:"truereligiondublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligiondublin\.com$/i"; classtype:trojan-activity; sid:38138651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligiondublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligiondublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligiondublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionenmexico.com"; dns.query; content:"truereligionenmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionenmexico\.com$/i"; classtype:trojan-activity; sid:38138661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionenmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionenmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionenmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionindia.com"; dns.query; content:"truereligionindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionindia\.com$/i"; classtype:trojan-activity; sid:38138671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansnz.com"; dns.query; content:"truereligionjeansnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansnz\.com$/i"; classtype:trojan-activity; sid:38138681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionperu.com"; dns.query; content:"truereligionperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionperu\.com$/i"; classtype:trojan-activity; sid:38138691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionukstore.com"; dns.query; content:"truereligionukstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionukstore\.com$/i"; classtype:trojan-activity; sid:38138701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionukstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionukstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionukstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain varleyaustralia.com"; dns.query; content:"varleyaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])varleyaustralia\.com$/i"; classtype:trojan-activity; sid:38138711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain varleyaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"varleyaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])varleyaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain varleyfrance.com"; dns.query; content:"varleyfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])varleyfrance\.com$/i"; classtype:trojan-activity; sid:38138721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain varleyfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"varleyfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])varleyfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain varleyireland.com"; dns.query; content:"varleyireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])varleyireland\.com$/i"; classtype:trojan-activity; sid:38138731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain varleyireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"varleyireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])varleyireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27378 [] Outgoing URL http|3a|//unassigned.142-202-189-121.spryt.net/t/4/0/661/0/0/16226/0/2mbw4rh5us"; flow:to_server,established; http.header; content:"unassigned.142-202-189-121.spryt.net"; fast_pattern; nocase; http.uri; content:"/t/4/0/661/0/0/16226/0/2mbw4rh5us"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37924491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27378;) alert dns any any -> any any (msg: "MISP e27378 [] Domain spryt.net"; dns.query; content:"spryt.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])spryt\.net$/i"; classtype:trojan-activity; sid:37924501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27378;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27378 [] Outgoing HTTP Domain spryt.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"spryt.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])spryt\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37924502; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27378;) alert dns any any -> any any (msg: "MISP e27378 [] Hostname unassigned.142-202-189-121.spryt.net"; dns.query; content:"unassigned.142-202-189-121.spryt.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unassigned\.142\-202\-189\-121\.spryt\.net$/i"; classtype:trojan-activity; sid:37924511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27378;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27378 [] Outgoing HTTP Hostname unassigned.142-202-189-121.spryt.net"; flow:to_server,established; http.header; content: "Host|3a| unassigned.142-202-189-121.spryt.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unassigned\.142\-202\-189\-121\.spryt\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37924512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27378;) alert ip $HOME_NET any -> 209.99.40.223 any (msg: "MISP e27378 [] Outgoing To IP: 209.99.40.223"; classtype:trojan-activity; sid:37924531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27378;) alert ip $HOME_NET any -> 209.99.40.222 any (msg: "MISP e27378 [] Outgoing To IP: 209.99.40.222"; classtype:trojan-activity; sid:37924601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27378;) alert http $HOME_NET any -> 147.45.197.82 $HTTP_PORTS (msg: "MISP e27299 [dcrat] Outgoing URL http|3a|//147.45.197.82/providerpythonhttplowupdateflowertrackwordpress.php"; flow:to_server,established; http.header; content:"147.45.197.82"; fast_pattern; nocase; http.uri; content:"/providerpythonhttplowupdateflowertrackwordpress.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 18.192.31.165 12607 (msg: "MISP e27299 [njrat] Outgoing To IP: 18.192.31.165|12607"; classtype:trojan-activity; sid:37906841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 18.158.249.75 12607 (msg: "MISP e27299 [njrat] Outgoing To IP: 18.158.249.75|12607"; classtype:trojan-activity; sid:37906851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27292 [] Outgoing URL http|3a|//dev-mambcrama.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-mambcrama.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37905281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27292;) alert dns any any -> any any (msg: "MISP e27292 [] Domain dev-mambcrama.pantheonsite.io"; dns.query; content:"dev-mambcrama.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-mambcrama\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37905321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27292;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27292 [] Outgoing HTTP Domain dev-mambcrama.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-mambcrama.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-mambcrama\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27292;) alert http $HOME_NET any -> 193.233.255.228 $HTTP_PORTS (msg: "MISP e27299 [dcrat] Outgoing URL http|3a|//193.233.255.228/0/central3cputemp/6trafficeternalgeo/dump4requestmariadb/dbexternal/cpuprotonpoll4/longpollmariadb/dlejsauthrequest/cdn/1cpubasedle/36/external9traffic/7/update/lowlocalpython/videojs_updatedefaultgeneratorwordpress.php"; flow:to_server,established; http.header; content:"193.233.255.228"; fast_pattern; nocase; http.uri; content:"/0/central3cputemp/6trafficeternalgeo/dump4requestmariadb/dbexternal/cpuprotonpoll4/longpollmariadb/dlejsauthrequest/cdn/1cpubasedle/36/external9traffic/7/update/lowlocalpython/videojs_updatedefaultgeneratorwordpress.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37906861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27293 [] Domain mitarjetacencosud-cl.slcomerciodevidros.com.br"; dns.query; content:"mitarjetacencosud-cl.slcomerciodevidros.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencosud\-cl\.slcomerciodevidros\.com\.br$/i"; classtype:trojan-activity; sid:37905411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27293;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27293 [] Outgoing HTTP Domain mitarjetacencosud-cl.slcomerciodevidros.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mitarjetacencosud-cl.slcomerciodevidros.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencosud\-cl\.slcomerciodevidros\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27293;) alert dns any any -> any any (msg: "MISP e27294 [] Domain wwwstcursomasxfors.com"; dns.query; content:"wwwstcursomasxfors.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwstcursomasxfors\.com$/i"; classtype:trojan-activity; sid:37905511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27294;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27294 [] Outgoing HTTP Domain wwwstcursomasxfors.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwstcursomasxfors.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwstcursomasxfors\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27294;) alert dns any any -> any any (msg: "MISP e27326 [] Domain vid-atmaksas-parskats-lv.com"; dns.query; content:"vid-atmaksas-parskats-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com$/i"; classtype:trojan-activity; sid:37915621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27326;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27326 [] Outgoing HTTP Domain vid-atmaksas-parskats-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-atmaksas-parskats-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27326;) alert dns any any -> any any (msg: "MISP e27327 [] Domain vid-atmaksas-parskats-lv.com"; dns.query; content:"vid-atmaksas-parskats-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com$/i"; classtype:trojan-activity; sid:37915651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27327;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27327 [] Outgoing HTTP Domain vid-atmaksas-parskats-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-atmaksas-parskats-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27327;) alert dns any any -> any any (msg: "MISP e27328 [] Domain vid-atmaksas-parskats-lv.com"; dns.query; content:"vid-atmaksas-parskats-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com$/i"; classtype:trojan-activity; sid:37915681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27328;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27328 [] Outgoing HTTP Domain vid-atmaksas-parskats-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-atmaksas-parskats-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27328;) alert dns any any -> any any (msg: "MISP e27330 [] Domain vid-atmaksas-parskats-lv.com"; dns.query; content:"vid-atmaksas-parskats-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com$/i"; classtype:trojan-activity; sid:37915741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27330;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27330 [] Outgoing HTTP Domain vid-atmaksas-parskats-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-atmaksas-parskats-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27330;) alert dns any any -> any any (msg: "MISP e27332 [] Domain vid-atmaksas-parskats-lv.com"; dns.query; content:"vid-atmaksas-parskats-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com$/i"; classtype:trojan-activity; sid:37915801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27332;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27332 [] Outgoing HTTP Domain vid-atmaksas-parskats-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-atmaksas-parskats-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27332;) alert dns any any -> any any (msg: "MISP e27333 [] Domain vid-atmaksas-parskats-lv.com"; dns.query; content:"vid-atmaksas-parskats-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com$/i"; classtype:trojan-activity; sid:37915831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27333;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27333 [] Outgoing HTTP Domain vid-atmaksas-parskats-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-atmaksas-parskats-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27333;) alert dns any any -> any any (msg: "MISP e27334 [] Domain vid-atmaksas-parskats-lv.com"; dns.query; content:"vid-atmaksas-parskats-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com$/i"; classtype:trojan-activity; sid:37915861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27334;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27334 [] Outgoing HTTP Domain vid-atmaksas-parskats-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-atmaksas-parskats-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27334;) alert dns any any -> any any (msg: "MISP e27331 [] Domain vid-atmaksas-parskats-lv.com"; dns.query; content:"vid-atmaksas-parskats-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com$/i"; classtype:trojan-activity; sid:37915771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27331;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27331 [] Outgoing HTTP Domain vid-atmaksas-parskats-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-atmaksas-parskats-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27331;) alert dns any any -> any any (msg: "MISP e27329 [] Domain vid-atmaksas-parskats-lv.com"; dns.query; content:"vid-atmaksas-parskats-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com$/i"; classtype:trojan-activity; sid:37915711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27329;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27329 [] Outgoing HTTP Domain vid-atmaksas-parskats-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-atmaksas-parskats-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-atmaksas\-parskats\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27329;) alert dns any any -> any any (msg: "MISP e27295 [] Domain comunicaciones.top"; dns.query; content:"comunicaciones.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])comunicaciones\.top$/i"; classtype:trojan-activity; sid:37905601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27295;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27295 [] Outgoing HTTP Domain comunicaciones.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comunicaciones.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comunicaciones\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27295;) alert ip $HOME_NET any -> 128.14.226.110 143 (msg: "MISP e27299 [Bianlian Go Trojan,UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED] Outgoing To IP: 128.14.226.110|143"; classtype:trojan-activity; sid:37906871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 151.236.16.11 80 (msg: "MISP e27299 [Bianlian Go Trojan,M247] Outgoing To IP: 151.236.16.11|80"; classtype:trojan-activity; sid:37906881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 198.13.47.158 443 (msg: "MISP e27299 [AS-CHOOPA,Havoc] Outgoing To IP: 198.13.47.158|443"; classtype:trojan-activity; sid:37906891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 206.81.31.145 443 (msg: "MISP e27299 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 206.81.31.145|443"; classtype:trojan-activity; sid:37906901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 86.225.209.225 2222 (msg: "MISP e27299 [France Telecom - Orange,QakBot] Outgoing To IP: 86.225.209.225|2222"; classtype:trojan-activity; sid:37906911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 39.40.163.25 995 (msg: "MISP e27299 [PKTELECOM-AS-PK Pakistan Telecommunication Company Limited,QakBot] Outgoing To IP: 39.40.163.25|995"; classtype:trojan-activity; sid:37906921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 23.95.44.73 65535 (msg: "MISP e27299 [AS-COLOCROSSING,Supershell] Outgoing To IP: 23.95.44.73|65535"; classtype:trojan-activity; sid:37906931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 192.248.159.76 2222 (msg: "MISP e27299 [AS-CHOOPA,Pikabot] Outgoing To IP: 192.248.159.76|2222"; classtype:trojan-activity; sid:37906941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 46.250.238.168 80 (msg: "MISP e27299 [CAPL-AS-AP Contabo Asia Private Limited,Hookbot Pegasus] Outgoing To IP: 46.250.238.168|80"; classtype:trojan-activity; sid:37906951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 191.89.247.6 5552 (msg: "MISP e27299 [njrat] Outgoing To IP: 191.89.247.6|5552"; classtype:trojan-activity; sid:37906961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27335 [] Domain alandre.top"; dns.query; content:"alandre.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])alandre\.top$/i"; classtype:trojan-activity; sid:37915891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27335;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27335 [] Outgoing HTTP Domain alandre.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"alandre.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])alandre\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27335;) alert ip $HOME_NET any -> 39.100.103.225 443 (msg: "MISP e27299 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-666666666] Outgoing To IP: 39.100.103.225|443"; classtype:trojan-activity; sid:37906971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 39.108.147.5 443 (msg: "MISP e27299 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-666666] Outgoing To IP: 39.108.147.5|443"; classtype:trojan-activity; sid:37906991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27299 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-666666666] Outgoing URL http|3a|//30ht.com.w.kunlunpi.com/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"30ht.com.w.kunlunpi.com"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37907001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27299 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-666666666] Domain 30ht.com.w.kunlunpi.com"; dns.query; content:"30ht.com.w.kunlunpi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])30ht\.com\.w\.kunlunpi\.com$/i"; classtype:trojan-activity; sid:37907011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27299 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-666666666] Outgoing HTTP Domain 30ht.com.w.kunlunpi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"30ht.com.w.kunlunpi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])30ht\.com\.w\.kunlunpi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37907012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert ip $HOME_NET any -> 39.100.103.225 80 (msg: "MISP e27299 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-666666666] Outgoing To IP: 39.100.103.225|80"; classtype:trojan-activity; sid:37907021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27299;) alert dns any any -> any any (msg: "MISP e27298 [] Domain mi-tarjetacencosud.cl.maypublishingltd.com.ng"; dns.query; content:"mi-tarjetacencosud.cl.maypublishingltd.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\.cl\.maypublishingltd\.com\.ng$/i"; classtype:trojan-activity; sid:37905811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27298;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27298 [] Outgoing HTTP Domain mi-tarjetacencosud.cl.maypublishingltd.com.ng"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud.cl.maypublishingltd.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\.cl\.maypublishingltd\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37905812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27298;) alert ip $HOME_NET any -> 193.178.147.164 80 (msg: "MISP e27311 [c2,Havoc] Outgoing To IP: 193.178.147.164|80"; classtype:trojan-activity; sid:37907731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 89.23.107.13 443 (msg: "MISP e27311 [c2,Havoc] Outgoing To IP: 89.23.107.13|443"; classtype:trojan-activity; sid:37907741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 171.80.216.99 25565 (msg: "MISP e27311 [c2,dcrat] Outgoing To IP: 171.80.216.99|25565"; classtype:trojan-activity; sid:37907751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 5.42.65.107 5000 (msg: "MISP e27311 [Amos,c2] Outgoing To IP: 5.42.65.107|5000"; classtype:trojan-activity; sid:37907761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 5.42.65.55 5000 (msg: "MISP e27311 [Amos,c2] Outgoing To IP: 5.42.65.55|5000"; classtype:trojan-activity; sid:37907771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 5.42.65.55 5000 (msg: "MISP e27520 [c2] Outgoing To IP: 5.42.65.55|5000"; classtype:trojan-activity; sid:37947841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 5.42.65.107 5000 (msg: "MISP e27520 [c2] Outgoing To IP: 5.42.65.107|5000"; classtype:trojan-activity; sid:37947851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 171.80.216.99 25565 (msg: "MISP e27520 [c2,dcrat] Outgoing To IP: 171.80.216.99|25565"; classtype:trojan-activity; sid:37947861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 89.23.107.13 443 (msg: "MISP e27520 [c2] Outgoing To IP: 89.23.107.13|443"; classtype:trojan-activity; sid:37947871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 193.178.147.164 80 (msg: "MISP e27520 [c2] Outgoing To IP: 193.178.147.164|80"; classtype:trojan-activity; sid:37947881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27300 [] Domain idowall.com"; dns.query; content:"idowall.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])idowall\.com$/i"; classtype:trojan-activity; sid:37907031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27300;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27300 [] Outgoing HTTP Domain idowall.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"idowall.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])idowall\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37907032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27300;) alert ip $HOME_NET any -> 198.244.174.214 any (msg: "MISP e27300 [] Outgoing To IP: 198.244.174.214"; classtype:trojan-activity; sid:37907041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27300;) alert dns any any -> any any (msg: "MISP e27305 [] Domain plinqok.com"; dns.query; content:"plinqok.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])plinqok\.com$/i"; classtype:trojan-activity; sid:37907151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27305;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27305 [] Outgoing HTTP Domain plinqok.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"plinqok.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])plinqok\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37907152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27305;) alert http $HOME_NET any -> 103.191.15.10 80 (msg: "MISP e27311 [CobaltStrike] Outgoing URL http|3a|//103.191.15.10|3a|80/v5jh"; flow:to_server,established; http.header; content:"103.191.15.10"; fast_pattern; nocase; http.uri; content:"/v5jh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37907781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 103.191.15.10 80 (msg: "MISP e27520 [] Outgoing URL http|3a|//103.191.15.10|3a|80/V5jh"; flow:to_server,established; http.header; content:"103.191.15.10"; fast_pattern; nocase; http.uri; content:"/V5jh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37947891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e24600 [] Domain www.post-lu.fun"; dns.query; content:"www.post-lu.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.post\-lu\.fun$/i"; classtype:trojan-activity; sid:38179581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain www.post-lu.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.post-lu.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.post\-lu\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179582; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 103.150.208.227 443 (msg: "MISP e27311 [Deimos,KKNETWROK-AS-AP KK Networks Pvt Ltd.] Outgoing To IP: 103.150.208.227|443"; classtype:trojan-activity; sid:37907801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27352 [] Domain arboreaperu.com"; dns.query; content:"arboreaperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arboreaperu\.com$/i"; classtype:trojan-activity; sid:37917401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27352;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27352 [] Outgoing HTTP Domain arboreaperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arboreaperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arboreaperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37917402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27352;) alert ip $HOME_NET any -> 37.1.208.20 443 (msg: "MISP e27311 [Havoc,HVC-AS] Outgoing To IP: 37.1.208.20|443"; classtype:trojan-activity; sid:37907811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 170.187.200.132 443 (msg: "MISP e27311 [AKAMAI-LINODE-AP Akamai Connected Cloud,Havoc] Outgoing To IP: 170.187.200.132|443"; classtype:trojan-activity; sid:37907821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 35.193.229.206 60000 (msg: "MISP e27311 [GOOGLE-CLOUD-PLATFORM,Havoc] Outgoing To IP: 35.193.229.206|60000"; classtype:trojan-activity; sid:37907831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 92.39.211.142 4444 (msg: "MISP e27311 [Havoc,MTS] Outgoing To IP: 92.39.211.142|4444"; classtype:trojan-activity; sid:37907841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 201.174.9.2 3392 (msg: "MISP e27311 [Responder,TRANSTELCO-INC] Outgoing To IP: 201.174.9.2|3392"; classtype:trojan-activity; sid:37907851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 130.193.40.155 443 (msg: "MISP e27311 [Responder,YANDEXCLOUD] Outgoing To IP: 130.193.40.155|443"; classtype:trojan-activity; sid:37907861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 106.75.66.128 53 (msg: "MISP e27311 [CHINA169-BJ China Unicom Beijing Province Network,Pupy RAT] Outgoing To IP: 106.75.66.128|53"; classtype:trojan-activity; sid:37907871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 72.27.146.121 443 (msg: "MISP e27311 [FLOW-NET,QakBot] Outgoing To IP: 72.27.146.121|443"; classtype:trojan-activity; sid:37907881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 175.13.35.124 4432 (msg: "MISP e27311 [CHINANET-BACKBONE No.31Jin-rong Street,QakBot] Outgoing To IP: 175.13.35.124|4432"; classtype:trojan-activity; sid:37907891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 41.97.68.49 443 (msg: "MISP e27311 [ALGTEL-AS,QakBot] Outgoing To IP: 41.97.68.49|443"; classtype:trojan-activity; sid:37907901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 173.207.111.8 443 (msg: "MISP e27311 [CABLEONE,QakBot] Outgoing To IP: 173.207.111.8|443"; classtype:trojan-activity; sid:37907911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 90.52.128.121 2222 (msg: "MISP e27311 [France Telecom - Orange,QakBot] Outgoing To IP: 90.52.128.121|2222"; classtype:trojan-activity; sid:37907921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 46.246.4.11 6000 (msg: "MISP e27311 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.4.11|6000"; classtype:trojan-activity; sid:37907931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 45.32.31.179 8888 (msg: "MISP e27311 [AS-CHOOPA,Supershell] Outgoing To IP: 45.32.31.179|8888"; classtype:trojan-activity; sid:37907941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 92.39.211.142 4444 (msg: "MISP e27520 [] Outgoing To IP: 92.39.211.142|4444"; classtype:trojan-activity; sid:37947901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 35.193.229.206 60000 (msg: "MISP e27520 [] Outgoing To IP: 35.193.229.206|60000"; classtype:trojan-activity; sid:37947911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 170.187.200.132 443 (msg: "MISP e27520 [] Outgoing To IP: 170.187.200.132|443"; classtype:trojan-activity; sid:37947921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 37.1.208.20 443 (msg: "MISP e27520 [] Outgoing To IP: 37.1.208.20|443"; classtype:trojan-activity; sid:37947931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 103.150.208.227 443 (msg: "MISP e27520 [] Outgoing To IP: 103.150.208.227|443"; classtype:trojan-activity; sid:37947941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 65.20.73.169 13783 (msg: "MISP e27311 [AS-CHOOPA,Pikabot] Outgoing To IP: 65.20.73.169|13783"; classtype:trojan-activity; sid:37907951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 46.226.164.60 50555 (msg: "MISP e27311 [AEZA-AS,Hookbot Pegasus] Outgoing To IP: 46.226.164.60|50555"; classtype:trojan-activity; sid:37907961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 104.194.157.55 80 (msg: "MISP e27311 [Hookbot Pegasus,ROUTERHOSTING] Outgoing To IP: 104.194.157.55|80"; classtype:trojan-activity; sid:37907971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 104.194.157.55 8082 (msg: "MISP e27311 [Hookbot Pegasus,ROUTERHOSTING] Outgoing To IP: 104.194.157.55|8082"; classtype:trojan-activity; sid:37907981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 104.194.157.55 8082 (msg: "MISP e27520 [] Outgoing To IP: 104.194.157.55|8082"; classtype:trojan-activity; sid:37947951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 104.194.157.55 80 (msg: "MISP e27520 [] Outgoing To IP: 104.194.157.55|80"; classtype:trojan-activity; sid:37947961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 46.226.164.60 50555 (msg: "MISP e27520 [] Outgoing To IP: 46.226.164.60|50555"; classtype:trojan-activity; sid:37947971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 65.20.73.169 13783 (msg: "MISP e27520 [] Outgoing To IP: 65.20.73.169|13783"; classtype:trojan-activity; sid:37947981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 45.32.31.179 8888 (msg: "MISP e27520 [] Outgoing To IP: 45.32.31.179|8888"; classtype:trojan-activity; sid:37947991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 46.246.4.11 6000 (msg: "MISP e27520 [] Outgoing To IP: 46.246.4.11|6000"; classtype:trojan-activity; sid:37948001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 90.52.128.121 2222 (msg: "MISP e27520 [] Outgoing To IP: 90.52.128.121|2222"; classtype:trojan-activity; sid:37948011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 173.207.111.8 443 (msg: "MISP e27520 [] Outgoing To IP: 173.207.111.8|443"; classtype:trojan-activity; sid:37948021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 41.97.68.49 443 (msg: "MISP e27520 [] Outgoing To IP: 41.97.68.49|443"; classtype:trojan-activity; sid:37948031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 175.13.35.124 4432 (msg: "MISP e27520 [] Outgoing To IP: 175.13.35.124|4432"; classtype:trojan-activity; sid:37948041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 72.27.146.121 443 (msg: "MISP e27520 [] Outgoing To IP: 72.27.146.121|443"; classtype:trojan-activity; sid:37948051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 106.75.66.128 53 (msg: "MISP e27520 [] Outgoing To IP: 106.75.66.128|53"; classtype:trojan-activity; sid:37948061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 130.193.40.155 443 (msg: "MISP e27520 [] Outgoing To IP: 130.193.40.155|443"; classtype:trojan-activity; sid:37948071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 201.174.9.2 3392 (msg: "MISP e27520 [] Outgoing To IP: 201.174.9.2|3392"; classtype:trojan-activity; sid:37948081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e24600 [] Domain schnellelieferung.info"; dns.query; content:"schnellelieferung.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])schnellelieferung\.info$/i"; classtype:trojan-activity; sid:38179621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain schnellelieferung.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"schnellelieferung.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])schnellelieferung\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179622; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e27306 [] Domain wwwstcursomasxfors.com"; dns.query; content:"wwwstcursomasxfors.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwstcursomasxfors\.com$/i"; classtype:trojan-activity; sid:37907171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27306;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27306 [] Outgoing HTTP Domain wwwstcursomasxfors.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwstcursomasxfors.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwstcursomasxfors\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37907172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27306;) alert ip $HOME_NET any -> 103.124.104.22 any (msg: "MISP e27318 [] Outgoing To IP: 103.124.104.22"; classtype:trojan-activity; sid:37915211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27318;) alert ip $HOME_NET any -> 155.94.208.137 any (msg: "MISP e27318 [] Outgoing To IP: 155.94.208.137"; classtype:trojan-activity; sid:37915221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27318;) alert ip $HOME_NET any -> 204.44.125.68 any (msg: "MISP e27318 [] Outgoing To IP: 204.44.125.68"; classtype:trojan-activity; sid:37915231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27318;) alert ip $HOME_NET any -> 85.239.33.149 any (msg: "MISP e27318 [] Outgoing To IP: 85.239.33.149"; classtype:trojan-activity; sid:37915241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27318;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27318 [] Outgoing URL file|3a|//103.124.104.22/zjxb/bO.txt"; flow:to_server,established; http.uri; content:"file|3a|//103.124.104.22/zjxb/bO.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37915251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27318;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27318 [] Outgoing URL file|3a|//204.44.125.68/mcqef/yPXpC.txt"; flow:to_server,established; http.uri; content:"file|3a|//204.44.125.68/mcqef/yPXpC.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37915261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27318;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27318 [] Outgoing URL file|3a|//155.94.208.137/tgnd/zH9.txt"; flow:to_server,established; http.uri; content:"file|3a|//155.94.208.137/tgnd/zH9.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37915271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27318;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27318 [] Outgoing URL file|3a|//85.239.33.149/naams/p3aV.txt"; flow:to_server,established; http.uri; content:"file|3a|//85.239.33.149/naams/p3aV.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37915281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27318;) alert dns any any -> any any (msg: "MISP e27337 [] Domain postsaees.top"; dns.query; content:"postsaees.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])postsaees\.top$/i"; classtype:trojan-activity; sid:37915951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27337;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27337 [] Outgoing HTTP Domain postsaees.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"postsaees.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])postsaees\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37915952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27337;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arenaswimwearindia.com"; dns.query; content:"arenaswimwearindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearindia\.com$/i"; classtype:trojan-activity; sid:38138741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arenaswimwearindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arenaswimwearindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arenaswimwearindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashdanmark.com"; dns.query; content:"bashdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashdanmark\.com$/i"; classtype:trojan-activity; sid:38138751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashisrael.com"; dns.query; content:"bashisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashisrael\.com$/i"; classtype:trojan-activity; sid:38138761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashsingapore.com"; dns.query; content:"bashsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashsingapore\.com$/i"; classtype:trojan-activity; sid:38138771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodendanmark.com"; dns.query; content:"bodendanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodendanmark\.com$/i"; classtype:trojan-activity; sid:38138781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodendanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodendanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodendanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenslovensko.com"; dns.query; content:"bodenslovensko.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenslovensko\.com$/i"; classtype:trojan-activity; sid:38138791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenslovensko.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenslovensko.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenslovensko\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksdk.com"; dns.query; content:"clarksdk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksdk\.com$/i"; classtype:trojan-activity; sid:38138801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksdk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksdk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksdk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloombrasil.com"; dns.query; content:"fruitoftheloombrasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloombrasil\.com$/i"; classtype:trojan-activity; sid:38138811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloombrasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloombrasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloombrasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomegypt.com"; dns.query; content:"fruitoftheloomegypt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomegypt\.com$/i"; classtype:trojan-activity; sid:38138821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomegypt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomegypt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomegypt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomhrvatska.com"; dns.query; content:"fruitoftheloomhrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomhrvatska\.com$/i"; classtype:trojan-activity; sid:38138831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomhrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomhrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomhrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomisrael.com"; dns.query; content:"fruitoftheloomisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomisrael\.com$/i"; classtype:trojan-activity; sid:38138841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomnorge.com"; dns.query; content:"fruitoftheloomnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomnorge\.com$/i"; classtype:trojan-activity; sid:38138851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomsouthafrica.com"; dns.query; content:"fruitoftheloomsouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomsouthafrica\.com$/i"; classtype:trojan-activity; sid:38138861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomsouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomsouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomsouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomsuomi.com"; dns.query; content:"fruitoftheloomsuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomsuomi\.com$/i"; classtype:trojan-activity; sid:38138871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomsuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomsuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomsuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkchile.com"; dns.query; content:"gymsharkchile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkchile\.com$/i"; classtype:trojan-activity; sid:38138881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkchile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkchile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkchile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithamsterdam.com"; dns.query; content:"paulsmithamsterdam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithamsterdam\.com$/i"; classtype:trojan-activity; sid:38138891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithamsterdam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithamsterdam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithamsterdam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithcanadaonline.com"; dns.query; content:"paulsmithcanadaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithcanadaonline\.com$/i"; classtype:trojan-activity; sid:38138901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithcanadaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithcanadaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithcanadaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithdenmark.com"; dns.query; content:"paulsmithdenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithdenmark\.com$/i"; classtype:trojan-activity; sid:38138911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithdenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithdenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithdenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithdeutschland.com"; dns.query; content:"paulsmithdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithdeutschland\.com$/i"; classtype:trojan-activity; sid:38138921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithgreece.com"; dns.query; content:"paulsmithgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithgreece\.com$/i"; classtype:trojan-activity; sid:38138931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithmalaysiaonline.com"; dns.query; content:"paulsmithmalaysiaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithmalaysiaonline\.com$/i"; classtype:trojan-activity; sid:38138941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithmalaysiaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithmalaysiaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithmalaysiaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithromania.com"; dns.query; content:"paulsmithromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithromania\.com$/i"; classtype:trojan-activity; sid:38138951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithsaleaustralia.com"; dns.query; content:"paulsmithsaleaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithsaleaustralia\.com$/i"; classtype:trojan-activity; sid:38138961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithsaleaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithsaleaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithsaleaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithtokyo.com"; dns.query; content:"paulsmithtokyo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithtokyo\.com$/i"; classtype:trojan-activity; sid:38138971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithtokyo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithtokyo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithtokyo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithturkiye.com"; dns.query; content:"paulsmithturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithturkiye\.com$/i"; classtype:trojan-activity; sid:38138981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-australia.com"; dns.query; content:"tedbaker-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-australia\.com$/i"; classtype:trojan-activity; sid:38138991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38138992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-brasil.com"; dns.query; content:"tedbaker-brasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-brasil\.com$/i"; classtype:trojan-activity; sid:38139001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-brasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-brasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-brasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerdanmark.com"; dns.query; content:"tedbakerdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerdanmark\.com$/i"; classtype:trojan-activity; sid:38139011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerfr.com"; dns.query; content:"tedbakerfr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerfr\.com$/i"; classtype:trojan-activity; sid:38139021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerfr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerfr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerfr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakerjapan.com"; dns.query; content:"ted-bakerjapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerjapan\.com$/i"; classtype:trojan-activity; sid:38139031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakerjapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakerjapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerjapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerjp.com"; dns.query; content:"tedbakerjp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerjp\.com$/i"; classtype:trojan-activity; sid:38139041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerjp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerjp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerjp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-magyarorszag.com"; dns.query; content:"tedbaker-magyarorszag.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-magyarorszag\.com$/i"; classtype:trojan-activity; sid:38139051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-magyarorszag.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-magyarorszag.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-magyarorszag\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeroutletca.com"; dns.query; content:"tedbakeroutletca.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletca\.com$/i"; classtype:trojan-activity; sid:38139061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeroutletca.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeroutletca.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletca\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-outletuk.com"; dns.query; content:"tedbaker-outletuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-outletuk\.com$/i"; classtype:trojan-activity; sid:38139071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-outletuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-outletuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-outletuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjapan.com"; dns.query; content:"truereligionjapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjapan\.com$/i"; classtype:trojan-activity; sid:38139081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 147.124.205.158 9561 (msg: "MISP e27311 [njrat,RAT] Outgoing To IP: 147.124.205.158|9561"; classtype:trojan-activity; sid:37907791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 3.124.142.205 18909 (msg: "MISP e27311 [njrat,RAT] Outgoing To IP: 3.124.142.205|18909"; classtype:trojan-activity; sid:37907711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [njrat,RAT] Domain 888juantriana88.dynuddns.net"; dns.query; content:"888juantriana88.dynuddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])888juantriana88\.dynuddns\.net$/i"; classtype:trojan-activity; sid:37907721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [njrat,RAT] Outgoing HTTP Domain 888juantriana88.dynuddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"888juantriana88.dynuddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])888juantriana88\.dynuddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37907722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [SocGholish] Domain varinspector.com"; dns.query; content:"varinspector.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])varinspector\.com$/i"; classtype:trojan-activity; sid:37907701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [SocGholish] Outgoing HTTP Domain varinspector.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"varinspector.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])varinspector\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37907702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 45.142.182.90 9931 (msg: "MISP e27311 [Mirai] Outgoing To IP: 45.142.182.90|9931"; classtype:trojan-activity; sid:37907691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 88.198.112.251 443 (msg: "MISP e27311 [Vidar] Outgoing To IP: 88.198.112.251|443"; classtype:trojan-activity; sid:37907991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 95.217.28.14 5432 (msg: "MISP e27311 [Vidar] Outgoing To IP: 95.217.28.14|5432"; classtype:trojan-activity; sid:37908001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27520 [] Domain varinspector.com"; dns.query; content:"varinspector.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])varinspector\.com$/i"; classtype:trojan-activity; sid:37948121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain varinspector.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"varinspector.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])varinspector\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain 888juantriana88.dynuddns.net"; dns.query; content:"888juantriana88.dynuddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])888juantriana88\.dynuddns\.net$/i"; classtype:trojan-activity; sid:37948131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain 888juantriana88.dynuddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"888juantriana88.dynuddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])888juantriana88\.dynuddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 45.142.182.90 9931 (msg: "MISP e27520 [] Outgoing To IP: 45.142.182.90|9931"; classtype:trojan-activity; sid:37948141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 3.124.142.205 18909 (msg: "MISP e27520 [] Outgoing To IP: 3.124.142.205|18909"; classtype:trojan-activity; sid:37948151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 147.124.205.158 9561 (msg: "MISP e27520 [] Outgoing To IP: 147.124.205.158|9561"; classtype:trojan-activity; sid:37948161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27007 [] Domain docmartensireland.com"; dns.query; content:"docmartensireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])docmartensireland\.com$/i"; classtype:trojan-activity; sid:38139091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain docmartensireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"docmartensireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])docmartensireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skimsdublin.com"; dns.query; content:"skimsdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skimsdublin\.com$/i"; classtype:trojan-activity; sid:38139101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skimsdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skimsdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skimsdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aeriesaleireland.com"; dns.query; content:"aeriesaleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aeriesaleireland\.com$/i"; classtype:trojan-activity; sid:38139111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aeriesaleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aeriesaleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aeriesaleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 88.198.112.251 443 (msg: "MISP e27520 [] Outgoing To IP: 88.198.112.251|443"; classtype:trojan-activity; sid:37948191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 95.217.28.14 5432 (msg: "MISP e27520 [] Outgoing To IP: 95.217.28.14|5432"; classtype:trojan-activity; sid:37948201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 47.92.171.109 443 (msg: "MISP e27311 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938] Outgoing To IP: 47.92.171.109|443"; classtype:trojan-activity; sid:37908041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 45.148.120.115 2589 (msg: "MISP e27311 [CobaltStrike,cs-watermark-1234567890,PHANES-NETWORKS] Outgoing URL http|3a|//45.148.120.115|3a|2589/nv"; flow:to_server,established; http.header; content:"45.148.120.115"; fast_pattern; nocase; http.uri; content:"/nv"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [CobaltStrike,cs-watermark-204342851,DIGITALOCEAN-ASN] Domain cdn043sc.azureedge.net"; dns.query; content:"cdn043sc.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn043sc\.azureedge\.net$/i"; classtype:trojan-activity; sid:37908071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [CobaltStrike,cs-watermark-204342851,DIGITALOCEAN-ASN] Outgoing HTTP Domain cdn043sc.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn043sc.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn043sc\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 143.244.186.189 443 (msg: "MISP e27311 [CobaltStrike,cs-watermark-204342851,DIGITALOCEAN-ASN] Outgoing To IP: 143.244.186.189|443"; classtype:trojan-activity; sid:37908081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 117.50.47.141 51894 (msg: "MISP e27311 [CHINA169-BJ China Unicom Beijing Province Network,CobaltStrike,cs-watermark-666666666] Outgoing URL http|3a|//117.50.47.141|3a|51894/admin/facvicon.jpg"; flow:to_server,established; http.header; content:"117.50.47.141"; fast_pattern; nocase; http.uri; content:"/admin/facvicon.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 118.89.124.242 $HTTP_PORTS (msg: "MISP e27311 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//118.89.124.242/dpixel"; flow:to_server,established; http.header; content:"118.89.124.242"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 118.89.124.242 80 (msg: "MISP e27311 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 118.89.124.242|80"; classtype:trojan-activity; sid:37908111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 117.50.47.141 51894 (msg: "MISP e27520 [] Outgoing URL http|3a|//117.50.47.141|3a|51894/admin/facvicon.jpg"; flow:to_server,established; http.header; content:"117.50.47.141"; fast_pattern; nocase; http.uri; content:"/admin/facvicon.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain cdn043sc.azureedge.net"; dns.query; content:"cdn043sc.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn043sc\.azureedge\.net$/i"; classtype:trojan-activity; sid:37948221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain cdn043sc.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn043sc.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn043sc\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 45.148.120.115 2589 (msg: "MISP e27520 [] Outgoing URL http|3a|//45.148.120.115|3a|2589/nv"; flow:to_server,established; http.header; content:"45.148.120.115"; fast_pattern; nocase; http.uri; content:"/nv"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 143.244.186.189 443 (msg: "MISP e27520 [] Outgoing To IP: 143.244.186.189|443"; classtype:trojan-activity; sid:37948261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 47.92.171.109 443 (msg: "MISP e27520 [] Outgoing To IP: 47.92.171.109|443"; classtype:trojan-activity; sid:37948271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 118.89.124.242 $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//118.89.124.242/dpixel"; flow:to_server,established; http.header; content:"118.89.124.242"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 118.89.124.242 80 (msg: "MISP e27520 [] Outgoing To IP: 118.89.124.242|80"; classtype:trojan-activity; sid:37948291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 118.89.124.242 2121 (msg: "MISP e27311 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//118.89.124.242|3a|2121/g.pixel"; flow:to_server,established; http.header; content:"118.89.124.242"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 147.78.47.183 81 (msg: "MISP e27311 [CobaltStrike,cs-watermark-987654321,Flyservers S.A.] Outgoing URL http|3a|//147.78.47.183|3a|81/en_us/all.js"; flow:to_server,established; http.header; content:"147.78.47.183"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 118.89.124.242 1234 (msg: "MISP e27311 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//118.89.124.242|3a|1234/visit.js"; flow:to_server,established; http.header; content:"118.89.124.242"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 118.89.124.242 1234 (msg: "MISP e27520 [] Outgoing URL http|3a|//118.89.124.242|3a|1234/visit.js"; flow:to_server,established; http.header; content:"118.89.124.242"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 147.78.47.183 81 (msg: "MISP e27520 [] Outgoing URL http|3a|//147.78.47.183|3a|81/en_US/all.js"; flow:to_server,established; http.header; content:"147.78.47.183"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 118.89.124.242 2121 (msg: "MISP e27520 [] Outgoing URL http|3a|//118.89.124.242|3a|2121/g.pixel"; flow:to_server,established; http.header; content:"118.89.124.242"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 162.14.107.218 $HTTP_PORTS (msg: "MISP e27311 [CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//162.14.107.218/g.pixel"; flow:to_server,established; http.header; content:"162.14.107.218"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 43.134.183.43 9999 (msg: "MISP e27311 [CobaltStrike,cs-watermark-1359593325,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue] Outgoing URL http|3a|//43.134.183.43|3a|9999/metro91/admin/1/ppptp.jpg"; flow:to_server,established; http.header; content:"43.134.183.43"; fast_pattern; nocase; http.uri; content:"/metro91/admin/1/ppptp.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e27311 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.110.130|3a|808/__utm.gif"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e27520 [] Outgoing URL http|3a|//1.94.110.130|3a|808/__utm.gif"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 43.134.183.43 9999 (msg: "MISP e27520 [] Outgoing URL http|3a|//43.134.183.43|3a|9999/metro91/admin/1/ppptp.jpg"; flow:to_server,established; http.header; content:"43.134.183.43"; fast_pattern; nocase; http.uri; content:"/metro91/admin/1/ppptp.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 162.14.107.218 $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//162.14.107.218/g.pixel"; flow:to_server,established; http.header; content:"162.14.107.218"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27343 [] Domain cert.pioneerprinters.co.uk"; dns.query; content:"cert.pioneerprinters.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])cert\.pioneerprinters\.co\.uk$/i"; classtype:trojan-activity; sid:37917011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27343;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27343 [] Outgoing HTTP Domain cert.pioneerprinters.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cert.pioneerprinters.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cert\.pioneerprinters\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37917012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27343;) alert ip $HOME_NET any -> 139.64.172.17 2404 (msg: "MISP e27311 [remcos] Outgoing To IP: 139.64.172.17|2404"; classtype:trojan-activity; sid:37908221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27307 [] Source Email Address: seguridadysalud@reciclajetecnologico.es"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"seguridadysalud@reciclajetecnologico.es"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37907281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27307;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27307 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"informe bancario y motivo del pago rechazado.xla|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37907301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27307;) alert ip 82.223.204.67 any -> $HOME_NET any (msg: "MISP e27307 [] Incoming From IP: 82.223.204.67"; classtype:trojan-activity; sid:37907311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27307;) alert dns any any -> any any (msg: "MISP e27307 [] Domain davinci.covent.es"; dns.query; content:"davinci.covent.es"; nocase; pcre: "/(^|[^A-Za-z0-9-])davinci\.covent\.es$/i"; classtype:trojan-activity; sid:37907321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27307;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27307 [] Outgoing HTTP Domain davinci.covent.es"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"davinci.covent.es"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])davinci\.covent\.es[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37907322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27307;) alert ip $HOME_NET any -> 139.64.172.17 2404 (msg: "MISP e27520 [] Outgoing To IP: 139.64.172.17|2404"; classtype:trojan-activity; sid:37948391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET 8880 (msg: "MISP e27311 [CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//test.qqweixinzhuce.top|3a|8880/wp08/wp-includes/dtcla.php"; flow:to_server,established; http.header; content:"test.qqweixinzhuce.top"; fast_pattern; nocase; http.uri; content:"/wp08/wp-includes/dtcla.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited] Domain test.qqweixinzhuce.top"; dns.query; content:"test.qqweixinzhuce.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])test\.qqweixinzhuce\.top$/i"; classtype:trojan-activity; sid:37908241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain test.qqweixinzhuce.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"test.qqweixinzhuce.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])test\.qqweixinzhuce\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 18.192.209.34 $HTTP_PORTS (msg: "MISP e27311 [Amazon.com Inc.,CobaltStrike,cs-watermark-2066386939] Outgoing URL http|3a|//18.192.209.34/accelerate/v3.33/1f7jw12fqr2v"; flow:to_server,established; http.header; content:"18.192.209.34"; fast_pattern; nocase; http.uri; content:"/accelerate/v3.33/1f7jw12fqr2v"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 18.192.209.34 80 (msg: "MISP e27311 [Amazon.com Inc.,CobaltStrike,cs-watermark-2066386939] Outgoing To IP: 18.192.209.34|80"; classtype:trojan-activity; sid:37908261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 47.113.195.22 $HTTP_PORTS (msg: "MISP e27311 [CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.113.195.22/pixel"; flow:to_server,established; http.header; content:"47.113.195.22"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [ChangLian Network Technology Co. Limited,CobaltStrike,cs-watermark-987654321] Domain www.micshcnds.top"; dns.query; content:"www.micshcnds.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.micshcnds\.top$/i"; classtype:trojan-activity; sid:37908291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [ChangLian Network Technology Co. Limited,CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain www.micshcnds.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.micshcnds.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.micshcnds\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 107.151.246.236 443 (msg: "MISP e27311 [ChangLian Network Technology Co. Limited,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 107.151.246.236|443"; classtype:trojan-activity; sid:37908301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 101.201.46.105 8888 (msg: "MISP e27311 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-666666] Outgoing URL http|3a|//101.201.46.105|3a|8888/g.pixel"; flow:to_server,established; http.header; content:"101.201.46.105"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 120.27.131.3 $HTTP_PORTS (msg: "MISP e27311 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//120.27.131.3/cx"; flow:to_server,established; http.header; content:"120.27.131.3"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 8.222.150.46 $HTTP_PORTS (msg: "MISP e27311 [Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//8.222.150.46/updates"; flow:to_server,established; http.header; content:"8.222.150.46"; fast_pattern; nocase; http.uri; content:"/updates"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 111.229.198.177 $HTTP_PORTS (msg: "MISP e27311 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//111.229.198.177/ptj"; flow:to_server,established; http.header; content:"111.229.198.177"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 111.229.198.177 80 (msg: "MISP e27311 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 111.229.198.177|80"; classtype:trojan-activity; sid:37908351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg: "MISP e27311 [CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//qq.qqweixinzhuce.top|3a|8080/include/template/isx.php"; flow:to_server,established; http.header; content:"qq.qqweixinzhuce.top"; fast_pattern; nocase; http.uri; content:"/include/template/isx.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited] Domain qq.qqweixinzhuce.top"; dns.query; content:"qq.qqweixinzhuce.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])qq\.qqweixinzhuce\.top$/i"; classtype:trojan-activity; sid:37908381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain qq.qqweixinzhuce.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qq.qqweixinzhuce.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qq\.qqweixinzhuce\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg: "MISP e27520 [] Outgoing URL http|3a|//qq.qqweixinzhuce.top|3a|8080/include/template/isx.php"; flow:to_server,established; http.header; content:"qq.qqweixinzhuce.top"; fast_pattern; nocase; http.uri; content:"/include/template/isx.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain qq.qqweixinzhuce.top"; dns.query; content:"qq.qqweixinzhuce.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])qq\.qqweixinzhuce\.top$/i"; classtype:trojan-activity; sid:37948411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain qq.qqweixinzhuce.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qq.qqweixinzhuce.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qq\.qqweixinzhuce\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 111.229.198.177 $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//111.229.198.177/ptj"; flow:to_server,established; http.header; content:"111.229.198.177"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 8.222.150.46 $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//8.222.150.46/updates"; flow:to_server,established; http.header; content:"8.222.150.46"; fast_pattern; nocase; http.uri; content:"/updates"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 120.27.131.3 $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//120.27.131.3/cx"; flow:to_server,established; http.header; content:"120.27.131.3"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 101.201.46.105 8888 (msg: "MISP e27520 [] Outgoing URL http|3a|//101.201.46.105|3a|8888/g.pixel"; flow:to_server,established; http.header; content:"101.201.46.105"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain www.micshcnds.top"; dns.query; content:"www.micshcnds.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.micshcnds\.top$/i"; classtype:trojan-activity; sid:37948481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain www.micshcnds.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.micshcnds.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.micshcnds\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 47.113.195.22 $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//47.113.195.22/pixel"; flow:to_server,established; http.header; content:"47.113.195.22"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 18.192.209.34 $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//18.192.209.34/accelerate/v3.33/1F7JW12FQR2V"; flow:to_server,established; http.header; content:"18.192.209.34"; fast_pattern; nocase; http.uri; content:"/accelerate/v3.33/1F7JW12FQR2V"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET 8880 (msg: "MISP e27520 [] Outgoing URL http|3a|//test.qqweixinzhuce.top|3a|8880/wp08/wp-includes/dtcla.php"; flow:to_server,established; http.header; content:"test.qqweixinzhuce.top"; fast_pattern; nocase; http.uri; content:"/wp08/wp-includes/dtcla.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain test.qqweixinzhuce.top"; dns.query; content:"test.qqweixinzhuce.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])test\.qqweixinzhuce\.top$/i"; classtype:trojan-activity; sid:37948521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain test.qqweixinzhuce.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"test.qqweixinzhuce.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])test\.qqweixinzhuce\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 111.229.198.177 80 (msg: "MISP e27520 [] Outgoing To IP: 111.229.198.177|80"; classtype:trojan-activity; sid:37948531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 107.151.246.236 443 (msg: "MISP e27520 [] Outgoing To IP: 107.151.246.236|443"; classtype:trojan-activity; sid:37948541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 18.192.209.34 80 (msg: "MISP e27520 [] Outgoing To IP: 18.192.209.34|80"; classtype:trojan-activity; sid:37948551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 43.249.193.230 8712 (msg: "MISP e27311 [N-W0rm] Outgoing To IP: 43.249.193.230|8712"; classtype:trojan-activity; sid:37908411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [moobot] Domain srophuchung.com"; dns.query; content:"srophuchung.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])srophuchung\.com$/i"; classtype:trojan-activity; sid:37908401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [moobot] Outgoing HTTP Domain srophuchung.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"srophuchung.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])srophuchung\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 103.173.255.143 42597 (msg: "MISP e27311 [moobot] Outgoing To IP: 103.173.255.143|42597"; classtype:trojan-activity; sid:37908391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 91.92.244.104 655 (msg: "MISP e27311 [Gafgyt] Outgoing To IP: 91.92.244.104|655"; classtype:trojan-activity; sid:37908211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 43.249.193.230 8712 (msg: "MISP e27520 [] Outgoing To IP: 43.249.193.230|8712"; classtype:trojan-activity; sid:37948561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e24600 [] Domain gamma.app"; dns.query; content:"gamma.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])gamma\.app$/i"; classtype:trojan-activity; sid:38179661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain gamma.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gamma.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gamma\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain public-lu.com"; dns.query; content:"public-lu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])public\-lu\.com$/i"; classtype:trojan-activity; sid:38179701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain public-lu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"public-lu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])public\-lu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain post-luxemburg.com"; dns.query; content:"post-luxemburg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-luxemburg\.com$/i"; classtype:trojan-activity; sid:38179751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain post-luxemburg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"post-luxemburg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-luxemburg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e27520 [] Domain srophuchung.com"; dns.query; content:"srophuchung.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])srophuchung\.com$/i"; classtype:trojan-activity; sid:37948571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain srophuchung.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"srophuchung.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])srophuchung\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 91.92.244.104 655 (msg: "MISP e27520 [] Outgoing To IP: 91.92.244.104|655"; classtype:trojan-activity; sid:37948581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 103.173.255.143 42597 (msg: "MISP e27520 [] Outgoing To IP: 103.173.255.143|42597"; classtype:trojan-activity; sid:37948591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27311 [dcrat] Outgoing URL http|3a|//a0924648.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0924648.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 185.130.46.46 $HTTP_PORTS (msg: "MISP e27311 [dcrat] Outgoing URL http|3a|//185.130.46.46/pollsql.php"; flow:to_server,established; http.header; content:"185.130.46.46"; fast_pattern; nocase; http.uri; content:"/pollsql.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//a0924648.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0924648.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 185.130.46.46 $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//185.130.46.46/pollSql.php"; flow:to_server,established; http.header; content:"185.130.46.46"; fast_pattern; nocase; http.uri; content:"/pollSql.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 42.237.25.52 7899 (msg: "MISP e27311 [Gh0stRAT] Outgoing To IP: 42.237.25.52|7899"; classtype:trojan-activity; sid:37908451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 42.237.25.52 7899 (msg: "MISP e27520 [] Outgoing To IP: 42.237.25.52|7899"; classtype:trojan-activity; sid:37948631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27340 [] Domain online-citadele-lv1.com"; dns.query; content:"online-citadele-lv1.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])online\-citadele\-lv1\.com$/i"; classtype:trojan-activity; sid:37916001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27340;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27340 [] Outgoing HTTP Domain online-citadele-lv1.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"online-citadele-lv1.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])online\-citadele\-lv1\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37916002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27340;) alert ip 34.135.1.100 any -> $HOME_NET any (msg: "MISP e27360 [] Incoming From IP: 34.135.1.100"; classtype:trojan-activity; sid:37918381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain arr-wd3463btrq-uc.a.run.app"; dns.query; content:"arr-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])arr\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:37918391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain arr-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arr-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arr\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918392; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain portu-wd3463btrq-uc.a.run.app"; dns.query; content:"portu-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])portu\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:37918401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain portu-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portu-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portu\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918402; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain xwago.creativeplus.my.id"; dns.query; content:"xwago.creativeplus.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])xwago\.creativeplus\.my\.id$/i"; classtype:trojan-activity; sid:37918411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain xwago.creativeplus.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xwago.creativeplus.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xwago\.creativeplus\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918412; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain wae4w.mariomanagement.biz.id"; dns.query; content:"wae4w.mariomanagement.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])wae4w\.mariomanagement\.biz\.id$/i"; classtype:trojan-activity; sid:37918421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain wae4w.mariomanagement.biz.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wae4w\.mariomanagement\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918422; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain h4aowa.mariostrategy.my.id"; dns.query; content:"h4aowa.mariostrategy.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])h4aowa\.mariostrategy\.my\.id$/i"; classtype:trojan-activity; sid:37918431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain h4aowa.mariostrategy.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"h4aowa.mariostrategy.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])h4aowa\.mariostrategy\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918432; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain yaiinr.actiongroup.my.id"; dns.query; content:"yaiinr.actiongroup.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])yaiinr\.actiongroup\.my\.id$/i"; classtype:trojan-activity; sid:37918441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain yaiinr.actiongroup.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yaiinr.actiongroup.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yaiinr\.actiongroup\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain e0aonr.creativeplus.my.id"; dns.query; content:"e0aonr.creativeplus.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])e0aonr\.creativeplus\.my\.id$/i"; classtype:trojan-activity; sid:37918451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain e0aonr.creativeplus.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e0aonr.creativeplus.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e0aonr\.creativeplus\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918452; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain wiae5.marioadvisory.my.id"; dns.query; content:"wiae5.marioadvisory.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])wiae5\.marioadvisory\.my\.id$/i"; classtype:trojan-activity; sid:37918461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain wiae5.marioadvisory.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wiae5.marioadvisory.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wiae5\.marioadvisory\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918462; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain caiiaf.businesswise.biz.id"; dns.query; content:"caiiaf.businesswise.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])caiiaf\.businesswise\.biz\.id$/i"; classtype:trojan-activity; sid:37918471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain caiiaf.businesswise.biz.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caiiaf.businesswise.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caiiaf\.businesswise\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain 2joafm.marioanalytics.my.id"; dns.query; content:"2joafm.marioanalytics.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])2joafm\.marioanalytics\.my\.id$/i"; classtype:trojan-activity; sid:37918481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain 2joafm.marioanalytics.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"2joafm.marioanalytics.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])2joafm\.marioanalytics\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918482; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain nqaa8e.businesswise.biz.id"; dns.query; content:"nqaa8e.businesswise.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])nqaa8e\.businesswise\.biz\.id$/i"; classtype:trojan-activity; sid:37918491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain nqaa8e.businesswise.biz.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nqaa8e.businesswise.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nqaa8e\.businesswise\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918492; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain nweow8.mariostrategy.my.id"; dns.query; content:"nweow8.mariostrategy.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])nweow8\.mariostrategy\.my\.id$/i"; classtype:trojan-activity; sid:37918501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain nweow8.mariostrategy.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nweow8.mariostrategy.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nweow8\.mariostrategy\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918502; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain wba0s.produtoeletro.my.id"; dns.query; content:"wba0s.produtoeletro.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])wba0s\.produtoeletro\.my\.id$/i"; classtype:trojan-activity; sid:37918511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain wba0s.produtoeletro.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wba0s.produtoeletro.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wba0s\.produtoeletro\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain 4hawb.produtoeletro.my.id"; dns.query; content:"4hawb.produtoeletro.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])4hawb\.produtoeletro\.my\.id$/i"; classtype:trojan-activity; sid:37918521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain 4hawb.produtoeletro.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"4hawb.produtoeletro.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])4hawb\.produtoeletro\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918522; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain cua3e.mariosolutions.biz.id"; dns.query; content:"cua3e.mariosolutions.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])cua3e\.mariosolutions\.biz\.id$/i"; classtype:trojan-activity; sid:37918531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain cua3e.mariosolutions.biz.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cua3e.mariosolutions.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cua3e\.mariosolutions\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918532; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain eeiul.marioadvisory.my.id"; dns.query; content:"eeiul.marioadvisory.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])eeiul\.marioadvisory\.my\.id$/i"; classtype:trojan-activity; sid:37918541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain eeiul.marioadvisory.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eeiul.marioadvisory.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eeiul\.marioadvisory\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918542; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain kka5c.marioanalytics.my.id"; dns.query; content:"kka5c.marioanalytics.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])kka5c\.marioanalytics\.my\.id$/i"; classtype:trojan-activity; sid:37918551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain kka5c.marioanalytics.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kka5c.marioanalytics.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kka5c\.marioanalytics\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918552; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain w8oaa0.mariosolutions.biz.id"; dns.query; content:"w8oaa0.mariosolutions.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])w8oaa0\.mariosolutions\.biz\.id$/i"; classtype:trojan-activity; sid:37918561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain w8oaa0.mariosolutions.biz.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"w8oaa0.mariosolutions.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])w8oaa0\.mariosolutions\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918562; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain 0tuiwp.mariomanagement.biz.id"; dns.query; content:"0tuiwp.mariomanagement.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])0tuiwp\.mariomanagement\.biz\.id$/i"; classtype:trojan-activity; sid:37918571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain 0tuiwp.mariomanagement.biz.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"0tuiwp.mariomanagement.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])0tuiwp\.mariomanagement\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918572; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain lwafa.actiongroup.my.id"; dns.query; content:"lwafa.actiongroup.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-])lwafa\.actiongroup\.my\.id$/i"; classtype:trojan-activity; sid:37918581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain lwafa.actiongroup.my.id"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lwafa.actiongroup.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lwafa\.actiongroup\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918582; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain avfa-wd3463btrq-uc.a.run.app"; dns.query; content:"avfa-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])avfa\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:37918591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain avfa-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"avfa-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])avfa\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918592; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain factalia-ofh2cutija-uc.a.run.app"; dns.query; content:"factalia-ofh2cutija-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])factalia\-ofh2cutija\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:37918601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain factalia-ofh2cutija-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factalia-ofh2cutija-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factalia\-ofh2cutija\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918602; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain gasgas-wd3463btrq-uc.a.run.app"; dns.query; content:"gasgas-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])gasgas\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:37918611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain gasgas-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gasgas-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gasgas\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918612; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain haergsd-wd3463btrq-uc.a.run.app"; dns.query; content:"haergsd-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])haergsd\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:37918621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain haergsd-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haergsd-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haergsd\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918622; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain jx-krrdbo6imq-uc.a.run.app"; dns.query; content:"jx-krrdbo6imq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])jx\-krrdbo6imq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:37918631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain jx-krrdbo6imq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jx-krrdbo6imq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jx\-krrdbo6imq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918632; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain ptb-wd3463btrq-uc.a.run.app"; dns.query; content:"ptb-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])ptb\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:37918641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain ptb-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ptb-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ptb\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918642; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain ptm-wd3463btrq-uc.a.run.app"; dns.query; content:"ptm-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])ptm\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:37918651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain ptm-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ptm-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ptm\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain pto-wd3463btrq-uc.a.run.app"; dns.query; content:"pto-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])pto\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:37918661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain pto-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pto-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pto\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27360 [] Domain 1.tcp.sa.ngrok.io"; dns.query; content:"1.tcp.sa.ngrok.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])1\.tcp\.sa\.ngrok\.io$/i"; classtype:trojan-activity; sid:37918671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27360 [] Outgoing HTTP Domain 1.tcp.sa.ngrok.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"1.tcp.sa.ngrok.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])1\.tcp\.sa\.ngrok\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37918672; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//avfa-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"avfa-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37918901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//factalia-ofh2cutija-uc.a.run.app"; flow:to_server,established; http.header; content:"factalia-ofh2cutija-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37918911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//gasgas-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"gasgas-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37918921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//haergsd-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"haergsd-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37918931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//jx-krrdbo6imq-uc.a.run.app"; flow:to_server,established; http.header; content:"jx-krrdbo6imq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37918941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//ptb-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"ptb-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37918951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//ptm-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"ptm-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37918961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//pto-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"pto-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37918971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//w3iuwl.nextmax.my.id/?5/"; flow:to_server,established; http.header; content:"w3iuwl.nextmax.my.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37918981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?76849368130628733"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37918991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?39829895502632947"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37919001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?61694995802639066"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37919011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?41991463280678058"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37919021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?51999170290693658"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37919031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27360 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?75129547751613994"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37919041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27360;) alert dns any any -> any any (msg: "MISP e27308 [] Domain mi-tarjetacencosud-cl.itsdjlucky.com"; dns.query; content:"mi-tarjetacencosud-cl.itsdjlucky.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.itsdjlucky\.com$/i"; classtype:trojan-activity; sid:37907411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27308;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27308 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.itsdjlucky.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.itsdjlucky.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.itsdjlucky\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37907412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27308;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27309 [] Outgoing URL http|3a|//unloackrtmconders.com"; flow:to_server,established; http.header; content:"unloackrtmconders.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37907481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27309;) alert dns any any -> any any (msg: "MISP e27309 [] Domain unloackrtmconders.com"; dns.query; content:"unloackrtmconders.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])unloackrtmconders\.com$/i"; classtype:trojan-activity; sid:37907491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27309;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27309 [] Outgoing HTTP Domain unloackrtmconders.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"unloackrtmconders.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])unloackrtmconders\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37907492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27309;) alert ip 194.87.31.181 any -> $HOME_NET any (msg: "MISP e27361 [] Incoming From IP: 194.87.31.181"; classtype:trojan-activity; sid:37919211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27361;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27310 [] Outgoing URL http|3a|//unloackrtmconders.com/cuenta/cuenta-test/"; flow:to_server,established; http.header; content:"unloackrtmconders.com"; fast_pattern; nocase; http.uri; content:"/cuenta/cuenta-test/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37907561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27310;) alert dns any any -> any any (msg: "MISP e27310 [] Domain wwwstcursomasxfors.com"; dns.query; content:"wwwstcursomasxfors.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwstcursomasxfors\.com$/i"; classtype:trojan-activity; sid:37907591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27310;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27310 [] Outgoing HTTP Domain wwwstcursomasxfors.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwstcursomasxfors.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwstcursomasxfors\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37907592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27310;) alert ip 155.133.5.15 any -> $HOME_NET any (msg: "MISP e27362 [] Incoming From IP: 155.133.5.15"; classtype:trojan-activity; sid:37919261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27362;) alert ip 155.133.5.14 any -> $HOME_NET any (msg: "MISP e27362 [] Incoming From IP: 155.133.5.14"; classtype:trojan-activity; sid:37919271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27362;) alert ip 118.69.65.60 any -> $HOME_NET any (msg: "MISP e27362 [] Incoming From IP: 118.69.65.60"; classtype:trojan-activity; sid:37919281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27362;) alert ip 45.61.139.51 any -> $HOME_NET any (msg: "MISP e27363 [] Incoming From IP: 45.61.139.51"; classtype:trojan-activity; sid:37919321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert dns any any -> any any (msg: "MISP e27363 [] Domain internal-liveapps.online"; dns.query; content:"internal-liveapps.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])internal\-liveapps\.online$/i"; classtype:trojan-activity; sid:37919331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27363 [] Outgoing HTTP Domain internal-liveapps.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"internal-liveapps.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])internal\-liveapps\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37919332; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert dns any any -> any any (msg: "MISP e27363 [] Domain 45-61-139-51.cprapid.com"; dns.query; content:"45-61-139-51.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])45\-61\-139\-51\.cprapid\.com$/i"; classtype:trojan-activity; sid:37919341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27363 [] Outgoing HTTP Domain 45-61-139-51.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"45-61-139-51.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])45\-61\-139\-51\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37919342; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert dns any any -> any any (msg: "MISP e27363 [] Domain cprapid.com"; dns.query; content:"cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cprapid\.com$/i"; classtype:trojan-activity; sid:37919351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27363 [] Outgoing HTTP Domain cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37919352; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert dns any any -> any any (msg: "MISP e27363 [] Domain vendsloc.pro"; dns.query; content:"vendsloc.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-])vendsloc\.pro$/i"; classtype:trojan-activity; sid:37919361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27363 [] Outgoing HTTP Domain vendsloc.pro"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vendsloc.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vendsloc\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37919362; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert dns any any -> any any (msg: "MISP e27363 [] Domain virtualcapeverde.xyz"; dns.query; content:"virtualcapeverde.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])virtualcapeverde\.xyz$/i"; classtype:trojan-activity; sid:37919371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27363 [] Outgoing HTTP Domain virtualcapeverde.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"virtualcapeverde.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])virtualcapeverde\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37919372; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27363 [] Outgoing URL http|3a|//45-61-139-51.cprapid.com/"; flow:to_server,established; http.header; content:"45-61-139-51.cprapid.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37919381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert http $HOME_NET any -> 45.61.139.51 $HTTP_PORTS (msg: "MISP e27363 [] Outgoing URL http|3a|//45.61.139.51"; flow:to_server,established; http.header; content:"45.61.139.51"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37919391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27363 [] Outgoing URL http|3a|//vendsloc.pro/"; flow:to_server,established; http.header; content:"vendsloc.pro"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37919401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27363 [] Outgoing URL http|3a|//virtualcapeverde.xyz/"; flow:to_server,established; http.header; content:"virtualcapeverde.xyz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37919411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27363 [] Outgoing URL http|3a|//www.45-61-139-51.cprapid.com/"; flow:to_server,established; http.header; content:"www.45-61-139-51.cprapid.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37919421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27363;) alert ip 43.156.118.72 any -> $HOME_NET any (msg: "MISP e27364 [] Incoming From IP: 43.156.118.72"; classtype:trojan-activity; sid:37919541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert ip 42.51.40.184 any -> $HOME_NET any (msg: "MISP e27364 [] Incoming From IP: 42.51.40.184"; classtype:trojan-activity; sid:37919551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert ip 13.214.222.35 any -> $HOME_NET any (msg: "MISP e27364 [] Incoming From IP: 13.214.222.35"; classtype:trojan-activity; sid:37919561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert ip 43.140.251.218 any -> $HOME_NET any (msg: "MISP e27364 [] Incoming From IP: 43.140.251.218"; classtype:trojan-activity; sid:37919571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert ip 101.42.139.110 any -> $HOME_NET any (msg: "MISP e27364 [] Incoming From IP: 101.42.139.110"; classtype:trojan-activity; sid:37919581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert ip 81.68.143.132 any -> $HOME_NET any (msg: "MISP e27364 [] Incoming From IP: 81.68.143.132"; classtype:trojan-activity; sid:37919591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert ip 194.36.191.75 any -> $HOME_NET any (msg: "MISP e27364 [] Incoming From IP: 194.36.191.75"; classtype:trojan-activity; sid:37919601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert ip 1.117.165.141 any -> $HOME_NET any (msg: "MISP e27364 [] Incoming From IP: 1.117.165.141"; classtype:trojan-activity; sid:37919611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert ip 23.100.88.61 any -> $HOME_NET any (msg: "MISP e27364 [] Incoming From IP: 23.100.88.61"; classtype:trojan-activity; sid:37919621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert dns any any -> any any (msg: "MISP e27364 [] Domain b.niupilao.vip"; dns.query; content:"b.niupilao.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-])b\.niupilao\.vip$/i"; classtype:trojan-activity; sid:37919631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27364 [] Outgoing HTTP Domain b.niupilao.vip"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"b.niupilao.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])b\.niupilao\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37919632; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert dns any any -> any any (msg: "MISP e27364 [] Domain update.kworker.net"; dns.query; content:"update.kworker.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])update\.kworker\.net$/i"; classtype:trojan-activity; sid:37919641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27364 [] Outgoing HTTP Domain update.kworker.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"update.kworker.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])update\.kworker\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37919642; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert dns any any -> any any (msg: "MISP e27364 [] Domain check.snapupdate.org"; dns.query; content:"check.snapupdate.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])check\.snapupdate\.org$/i"; classtype:trojan-activity; sid:37919651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27364 [] Outgoing HTTP Domain check.snapupdate.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"check.snapupdate.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])check\.snapupdate\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37919652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert dns any any -> any any (msg: "MISP e27364 [] Domain cloud.awsxtd.com"; dns.query; content:"cloud.awsxtd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cloud\.awsxtd\.com$/i"; classtype:trojan-activity; sid:37919661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27364 [] Outgoing HTTP Domain cloud.awsxtd.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cloud.awsxtd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cloud\.awsxtd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37919662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27364;) alert ip 185.215.113.31 any -> $HOME_NET any (msg: "MISP e27365 [] Incoming From IP: 185.215.113.31"; classtype:trojan-activity; sid:37919811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27365;) alert ip 91.215.85.55 any -> $HOME_NET any (msg: "MISP e27365 [] Incoming From IP: 91.215.85.55"; classtype:trojan-activity; sid:37919821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27365;) alert ip 24.199.98.128 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 24.199.98.128"; classtype:trojan-activity; sid:37919881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 159.89.50.225 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 159.89.50.225"; classtype:trojan-activity; sid:37919891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 104.131.169.252 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 104.131.169.252"; classtype:trojan-activity; sid:37919901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 104.131.67.109 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 104.131.67.109"; classtype:trojan-activity; sid:37919911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 137.184.108.25 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 137.184.108.25"; classtype:trojan-activity; sid:37919921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 137.184.115.230 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 137.184.115.230"; classtype:trojan-activity; sid:37919931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 138.197.34.162 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 138.197.34.162"; classtype:trojan-activity; sid:37919941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 142.93.50.216 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 142.93.50.216"; classtype:trojan-activity; sid:37919951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 143.244.144.166 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 143.244.144.166"; classtype:trojan-activity; sid:37919961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 143.244.160.115 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 143.244.160.115"; classtype:trojan-activity; sid:37919971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 146.190.208.30 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 146.190.208.30"; classtype:trojan-activity; sid:37919981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 157.230.238.116 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 157.230.238.116"; classtype:trojan-activity; sid:37919991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 157.245.8.79 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 157.245.8.79"; classtype:trojan-activity; sid:37920001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 159.223.96.160 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 159.223.96.160"; classtype:trojan-activity; sid:37920011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 159.89.226.127 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 159.89.226.127"; classtype:trojan-activity; sid:37920021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 159.89.90.109 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 159.89.90.109"; classtype:trojan-activity; sid:37920031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 162.243.171.207 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 162.243.171.207"; classtype:trojan-activity; sid:37920041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 167.71.24.13 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 167.71.24.13"; classtype:trojan-activity; sid:37920051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 167.71.245.175 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 167.71.245.175"; classtype:trojan-activity; sid:37920061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 167.71.246.120 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 167.71.246.120"; classtype:trojan-activity; sid:37920071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 192.241.141.137 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 192.241.141.137"; classtype:trojan-activity; sid:37920081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 24.144.96.15 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 24.144.96.15"; classtype:trojan-activity; sid:37920091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 45.55.65.159 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 45.55.65.159"; classtype:trojan-activity; sid:37920101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 64.225.29.249 any -> $HOME_NET any (msg: "MISP e27366 [] Incoming From IP: 64.225.29.249"; classtype:trojan-activity; sid:37920111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain trilivok.com"; dns.query; content:"trilivok.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])trilivok\.com$/i"; classtype:trojan-activity; sid:37920121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain trilivok.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trilivok.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trilivok\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920122; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain chidoriland.com"; dns.query; content:"chidoriland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])chidoriland\.com$/i"; classtype:trojan-activity; sid:37920131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain chidoriland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chidoriland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chidoriland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920132; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain manderlyx.com"; dns.query; content:"manderlyx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])manderlyx\.com$/i"; classtype:trojan-activity; sid:37920141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain manderlyx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"manderlyx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])manderlyx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920142; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain bailandolambada.com"; dns.query; content:"bailandolambada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bailandolambada\.com$/i"; classtype:trojan-activity; sid:37920151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain bailandolambada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bailandolambada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bailandolambada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920152; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain 0.solucionegos.top"; dns.query; content:"0.solucionegos.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])0\.solucionegos\.top$/i"; classtype:trojan-activity; sid:37920161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain 0.solucionegos.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"0.solucionegos.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])0\.solucionegos\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920162; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain auditoria38.meinastrohoroskop.com"; dns.query; content:"auditoria38.meinastrohoroskop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria38\.meinastrohoroskop\.com$/i"; classtype:trojan-activity; sid:37920171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain auditoria38.meinastrohoroskop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auditoria38.meinastrohoroskop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria38\.meinastrohoroskop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920172; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain auditoria42.altavista100.com"; dns.query; content:"auditoria42.altavista100.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria42\.altavista100\.com$/i"; classtype:trojan-activity; sid:37920181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain auditoria42.altavista100.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auditoria42.altavista100.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria42\.altavista100\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain auditoria67.mariageorgina.com"; dns.query; content:"auditoria67.mariageorgina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria67\.mariageorgina\.com$/i"; classtype:trojan-activity; sid:37920191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain auditoria67.mariageorgina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auditoria67.mariageorgina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria67\.mariageorgina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920192; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain auditoria7.miramantolama.com"; dns.query; content:"auditoria7.miramantolama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria7\.miramantolama\.com$/i"; classtype:trojan-activity; sid:37920201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain auditoria7.miramantolama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auditoria7.miramantolama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria7\.miramantolama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920202; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain auditoria82.taoshome4sale.com"; dns.query; content:"auditoria82.taoshome4sale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria82\.taoshome4sale\.com$/i"; classtype:trojan-activity; sid:37920211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain auditoria82.taoshome4sale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auditoria82.taoshome4sale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria82\.taoshome4sale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain auditoria84.meinastrohoroskop.com"; dns.query; content:"auditoria84.meinastrohoroskop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria84\.meinastrohoroskop\.com$/i"; classtype:trojan-activity; sid:37920221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain auditoria84.meinastrohoroskop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auditoria84.meinastrohoroskop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria84\.meinastrohoroskop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920222; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain auditoria88.mariageorgina.com"; dns.query; content:"auditoria88.mariageorgina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria88\.mariageorgina\.com$/i"; classtype:trojan-activity; sid:37920231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain auditoria88.mariageorgina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auditoria88.mariageorgina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria88\.mariageorgina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920232; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain auditoria89.venagard.com"; dns.query; content:"auditoria89.venagard.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria89\.venagard\.com$/i"; classtype:trojan-activity; sid:37920241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain auditoria89.venagard.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auditoria89.venagard.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria89\.venagard\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920242; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain auditoria92.venagard.com"; dns.query; content:"auditoria92.venagard.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria92\.venagard\.com$/i"; classtype:trojan-activity; sid:37920251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain auditoria92.venagard.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auditoria92.venagard.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria92\.venagard\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920252; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain auditoria93.serragrandreunion.com"; dns.query; content:"auditoria93.serragrandreunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria93\.serragrandreunion\.com$/i"; classtype:trojan-activity; sid:37920261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain auditoria93.serragrandreunion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"auditoria93.serragrandreunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])auditoria93\.serragrandreunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920262; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante14.miramantolama.com"; dns.query; content:"comprobante14.miramantolama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante14\.miramantolama\.com$/i"; classtype:trojan-activity; sid:37920271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante14.miramantolama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante14.miramantolama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante14\.miramantolama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920272; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante2.marcialledo.com"; dns.query; content:"comprobante2.marcialledo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante2\.marcialledo\.com$/i"; classtype:trojan-activity; sid:37920281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante2.marcialledo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante2.marcialledo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante2\.marcialledo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920282; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante27.mariageorgina.com"; dns.query; content:"comprobante27.mariageorgina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante27\.mariageorgina\.com$/i"; classtype:trojan-activity; sid:37920291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante27.mariageorgina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante27.mariageorgina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante27\.mariageorgina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920292; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante27.serragrandreunion.com"; dns.query; content:"comprobante27.serragrandreunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante27\.serragrandreunion\.com$/i"; classtype:trojan-activity; sid:37920301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante27.serragrandreunion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante27.serragrandreunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante27\.serragrandreunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920302; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante27.servicioslocomer.online"; dns.query; content:"comprobante27.servicioslocomer.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante27\.servicioslocomer\.online$/i"; classtype:trojan-activity; sid:37920311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante27.servicioslocomer.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante27.servicioslocomer.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante27\.servicioslocomer\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920312; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante45.altavista100.com"; dns.query; content:"comprobante45.altavista100.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante45\.altavista100\.com$/i"; classtype:trojan-activity; sid:37920321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante45.altavista100.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante45.altavista100.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante45\.altavista100\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920322; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante51.meinastrohoroskop.com"; dns.query; content:"comprobante51.meinastrohoroskop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante51\.meinastrohoroskop\.com$/i"; classtype:trojan-activity; sid:37920331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante51.meinastrohoroskop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante51.meinastrohoroskop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante51\.meinastrohoroskop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920332; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante63.serragrandreunion.com"; dns.query; content:"comprobante63.serragrandreunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante63\.serragrandreunion\.com$/i"; classtype:trojan-activity; sid:37920341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante63.serragrandreunion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante63.serragrandreunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante63\.serragrandreunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920342; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante68.portafoliocfdi.com"; dns.query; content:"comprobante68.portafoliocfdi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante68\.portafoliocfdi\.com$/i"; classtype:trojan-activity; sid:37920351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante68.portafoliocfdi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante68.portafoliocfdi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante68\.portafoliocfdi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920352; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante70.miramantolama.com"; dns.query; content:"comprobante70.miramantolama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante70\.miramantolama\.com$/i"; classtype:trojan-activity; sid:37920361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante70.miramantolama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante70.miramantolama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante70\.miramantolama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920362; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante75.meinastrohoroskop.com"; dns.query; content:"comprobante75.meinastrohoroskop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante75\.meinastrohoroskop\.com$/i"; classtype:trojan-activity; sid:37920371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante75.meinastrohoroskop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante75.meinastrohoroskop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante75\.meinastrohoroskop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920372; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante80.serragrandreunion.com"; dns.query; content:"comprobante80.serragrandreunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante80\.serragrandreunion\.com$/i"; classtype:trojan-activity; sid:37920381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante80.serragrandreunion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante80.serragrandreunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante80\.serragrandreunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920382; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante91.servicioslocomer.online"; dns.query; content:"comprobante91.servicioslocomer.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante91\.servicioslocomer\.online$/i"; classtype:trojan-activity; sid:37920391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante91.servicioslocomer.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante91.servicioslocomer.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante91\.servicioslocomer\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920392; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain comprobante93.venagard.com"; dns.query; content:"comprobante93.venagard.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante93\.venagard\.com$/i"; classtype:trojan-activity; sid:37920401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain comprobante93.venagard.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprobante93.venagard.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprobante93\.venagard\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920402; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento19.altavista100.com"; dns.query; content:"cumplimiento19.altavista100.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento19\.altavista100\.com$/i"; classtype:trojan-activity; sid:37920411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento19.altavista100.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento19.altavista100.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento19\.altavista100\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920412; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento35.solucionegos.top"; dns.query; content:"cumplimiento35.solucionegos.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento35\.solucionegos\.top$/i"; classtype:trojan-activity; sid:37920421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento35.solucionegos.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento35.solucionegos.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento35\.solucionegos\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920422; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento39.meinastrohoroskop.com"; dns.query; content:"cumplimiento39.meinastrohoroskop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento39\.meinastrohoroskop\.com$/i"; classtype:trojan-activity; sid:37920431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento39.meinastrohoroskop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento39.meinastrohoroskop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento39\.meinastrohoroskop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920432; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento43.commerxion.buzz"; dns.query; content:"cumplimiento43.commerxion.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento43\.commerxion\.buzz$/i"; classtype:trojan-activity; sid:37920441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento43.commerxion.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento43.commerxion.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento43\.commerxion\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento47.solucionegos.top"; dns.query; content:"cumplimiento47.solucionegos.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento47\.solucionegos\.top$/i"; classtype:trojan-activity; sid:37920451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento47.solucionegos.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento47.solucionegos.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento47\.solucionegos\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920452; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento48.callarlene.net"; dns.query; content:"cumplimiento48.callarlene.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento48\.callarlene\.net$/i"; classtype:trojan-activity; sid:37920461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento48.callarlene.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento48.callarlene.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento48\.callarlene\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920462; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento56.timbradoelectronico.com"; dns.query; content:"cumplimiento56.timbradoelectronico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento56\.timbradoelectronico\.com$/i"; classtype:trojan-activity; sid:37920471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento56.timbradoelectronico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento56.timbradoelectronico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento56\.timbradoelectronico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento72.serragrandreunion.com"; dns.query; content:"cumplimiento72.serragrandreunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento72\.serragrandreunion\.com$/i"; classtype:trojan-activity; sid:37920481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento72.serragrandreunion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento72.serragrandreunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento72\.serragrandreunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920482; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento81.paulfenelon.com"; dns.query; content:"cumplimiento81.paulfenelon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento81\.paulfenelon\.com$/i"; classtype:trojan-activity; sid:37920491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento81.paulfenelon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento81.paulfenelon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento81\.paulfenelon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920492; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento91.miramantolama.com"; dns.query; content:"cumplimiento91.miramantolama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento91\.miramantolama\.com$/i"; classtype:trojan-activity; sid:37920501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento91.miramantolama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento91.miramantolama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento91\.miramantolama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920502; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento94.meinastrohoroskop.com"; dns.query; content:"cumplimiento94.meinastrohoroskop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento94\.meinastrohoroskop\.com$/i"; classtype:trojan-activity; sid:37920511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento94.meinastrohoroskop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento94.meinastrohoroskop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento94\.meinastrohoroskop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain cumplimiento98.serragrandreunion.com"; dns.query; content:"cumplimiento98.serragrandreunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento98\.serragrandreunion\.com$/i"; classtype:trojan-activity; sid:37920521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain cumplimiento98.serragrandreunion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cumplimiento98.serragrandreunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cumplimiento98\.serragrandreunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920522; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura10.miramantolama.com"; dns.query; content:"factura10.miramantolama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura10\.miramantolama\.com$/i"; classtype:trojan-activity; sid:37920531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura10.miramantolama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura10.miramantolama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura10\.miramantolama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920532; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura20.facturascorporativas.com"; dns.query; content:"factura20.facturascorporativas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura20\.facturascorporativas\.com$/i"; classtype:trojan-activity; sid:37920541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura20.facturascorporativas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura20.facturascorporativas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura20\.facturascorporativas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920542; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura20.solunline.top"; dns.query; content:"factura20.solunline.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura20\.solunline\.top$/i"; classtype:trojan-activity; sid:37920551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura20.solunline.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura20.solunline.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura20\.solunline\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920552; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura34.changjiangys.net"; dns.query; content:"factura34.changjiangys.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura34\.changjiangys\.net$/i"; classtype:trojan-activity; sid:37920561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura34.changjiangys.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura34.changjiangys.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura34\.changjiangys\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920562; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura4.servicioslocomer.online"; dns.query; content:"factura4.servicioslocomer.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura4\.servicioslocomer\.online$/i"; classtype:trojan-activity; sid:37920571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura4.servicioslocomer.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura4.servicioslocomer.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura4\.servicioslocomer\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920572; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura40.miramantolama.com"; dns.query; content:"factura40.miramantolama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura40\.miramantolama\.com$/i"; classtype:trojan-activity; sid:37920581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura40.miramantolama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura40.miramantolama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura40\.miramantolama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920582; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura44.servicioslocales.online"; dns.query; content:"factura44.servicioslocales.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura44\.servicioslocales\.online$/i"; classtype:trojan-activity; sid:37920591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura44.servicioslocales.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura44.servicioslocales.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura44\.servicioslocales\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920592; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura46.facturasfiel.com"; dns.query; content:"factura46.facturasfiel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura46\.facturasfiel\.com$/i"; classtype:trojan-activity; sid:37920601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura46.facturasfiel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura46.facturasfiel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura46\.facturasfiel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920602; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura49.marcialledo.com"; dns.query; content:"factura49.marcialledo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura49\.marcialledo\.com$/i"; classtype:trojan-activity; sid:37920611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura49.marcialledo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura49.marcialledo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura49\.marcialledo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920612; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura50.callarlene.net"; dns.query; content:"factura50.callarlene.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura50\.callarlene\.net$/i"; classtype:trojan-activity; sid:37920621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura50.callarlene.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura50.callarlene.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura50\.callarlene\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920622; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura59.altavista100.com"; dns.query; content:"factura59.altavista100.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura59\.altavista100\.com$/i"; classtype:trojan-activity; sid:37920631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura59.altavista100.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura59.altavista100.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura59\.altavista100\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920632; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura7.taoshome4sale.com"; dns.query; content:"factura7.taoshome4sale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura7\.taoshome4sale\.com$/i"; classtype:trojan-activity; sid:37920641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura7.taoshome4sale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura7.taoshome4sale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura7\.taoshome4sale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920642; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura71.servicioslomex.online"; dns.query; content:"factura71.servicioslomex.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura71\.servicioslomex\.online$/i"; classtype:trojan-activity; sid:37920651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura71.servicioslomex.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura71.servicioslomex.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura71\.servicioslomex\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura72.serragrandreunion.com"; dns.query; content:"factura72.serragrandreunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura72\.serragrandreunion\.com$/i"; classtype:trojan-activity; sid:37920661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura72.serragrandreunion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura72.serragrandreunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura72\.serragrandreunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura73.mariageorgina.com"; dns.query; content:"factura73.mariageorgina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura73\.mariageorgina\.com$/i"; classtype:trojan-activity; sid:37920671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura73.mariageorgina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura73.mariageorgina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura73\.mariageorgina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920672; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura81.altavista100.com"; dns.query; content:"factura81.altavista100.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura81\.altavista100\.com$/i"; classtype:trojan-activity; sid:37920681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura81.altavista100.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura81.altavista100.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura81\.altavista100\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920682; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura90.changjiangys.net"; dns.query; content:"factura90.changjiangys.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura90\.changjiangys\.net$/i"; classtype:trojan-activity; sid:37920691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura90.changjiangys.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura90.changjiangys.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura90\.changjiangys\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920692; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain factura91.servicioslocomer.online"; dns.query; content:"factura91.servicioslocomer.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])factura91\.servicioslocomer\.online$/i"; classtype:trojan-activity; sid:37920701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain factura91.servicioslocomer.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"factura91.servicioslocomer.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])factura91\.servicioslocomer\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio24.serragrandreunion.com"; dns.query; content:"folio24.serragrandreunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio24\.serragrandreunion\.com$/i"; classtype:trojan-activity; sid:37920711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio24.serragrandreunion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio24.serragrandreunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio24\.serragrandreunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio24.spacefordailyrituals.com"; dns.query; content:"folio24.spacefordailyrituals.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio24\.spacefordailyrituals\.com$/i"; classtype:trojan-activity; sid:37920721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio24.spacefordailyrituals.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio24.spacefordailyrituals.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio24\.spacefordailyrituals\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920722; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio47.marcialledo.com"; dns.query; content:"folio47.marcialledo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio47\.marcialledo\.com$/i"; classtype:trojan-activity; sid:37920731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio47.marcialledo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio47.marcialledo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio47\.marcialledo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920732; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio53.mariageorgina.com"; dns.query; content:"folio53.mariageorgina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio53\.mariageorgina\.com$/i"; classtype:trojan-activity; sid:37920741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio53.mariageorgina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio53.mariageorgina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio53\.mariageorgina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio60.callarlene.net"; dns.query; content:"folio60.callarlene.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio60\.callarlene\.net$/i"; classtype:trojan-activity; sid:37920751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio60.callarlene.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio60.callarlene.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio60\.callarlene\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio75.taoshome4sale.com"; dns.query; content:"folio75.taoshome4sale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio75\.taoshome4sale\.com$/i"; classtype:trojan-activity; sid:37920761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio75.taoshome4sale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio75.taoshome4sale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio75\.taoshome4sale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio75.venagard.com"; dns.query; content:"folio75.venagard.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio75\.venagard\.com$/i"; classtype:trojan-activity; sid:37920771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio75.venagard.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio75.venagard.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio75\.venagard\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio76.miramantolama.com"; dns.query; content:"folio76.miramantolama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio76\.miramantolama\.com$/i"; classtype:trojan-activity; sid:37920781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio76.miramantolama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio76.miramantolama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio76\.miramantolama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920782; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio83.altavista100.com"; dns.query; content:"folio83.altavista100.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio83\.altavista100\.com$/i"; classtype:trojan-activity; sid:37920791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio83.altavista100.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio83.altavista100.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio83\.altavista100\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio89.changjiangys.net"; dns.query; content:"folio89.changjiangys.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio89\.changjiangys\.net$/i"; classtype:trojan-activity; sid:37920801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio89.changjiangys.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio89.changjiangys.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio89\.changjiangys\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920802; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio90.servicioslocomer.online"; dns.query; content:"folio90.servicioslocomer.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio90\.servicioslocomer\.online$/i"; classtype:trojan-activity; sid:37920811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio90.servicioslocomer.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio90.servicioslocomer.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio90\.servicioslocomer\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920812; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain folio99.solunline.top"; dns.query; content:"folio99.solunline.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])folio99\.solunline\.top$/i"; classtype:trojan-activity; sid:37920821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain folio99.solunline.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"folio99.solunline.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])folio99\.solunline\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920822; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf21.changjiangys.net"; dns.query; content:"pdf21.changjiangys.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf21\.changjiangys\.net$/i"; classtype:trojan-activity; sid:37920831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf21.changjiangys.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf21.changjiangys.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf21\.changjiangys\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920832; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf33.venagard.com"; dns.query; content:"pdf33.venagard.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf33\.venagard\.com$/i"; classtype:trojan-activity; sid:37920841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf33.venagard.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf33.venagard.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf33\.venagard\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920842; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf34.solucionpiens.top"; dns.query; content:"pdf34.solucionpiens.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf34\.solucionpiens\.top$/i"; classtype:trojan-activity; sid:37920851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf34.solucionpiens.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf34.solucionpiens.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf34\.solucionpiens\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920852; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf39.facturasonlinemx.com"; dns.query; content:"pdf39.facturasonlinemx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf39\.facturasonlinemx\.com$/i"; classtype:trojan-activity; sid:37920861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf39.facturasonlinemx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf39.facturasonlinemx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf39\.facturasonlinemx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920862; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf43.marcialledo.com"; dns.query; content:"pdf43.marcialledo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf43\.marcialledo\.com$/i"; classtype:trojan-activity; sid:37920871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf43.marcialledo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf43.marcialledo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf43\.marcialledo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920872; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf49.marcialledo.com"; dns.query; content:"pdf49.marcialledo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf49\.marcialledo\.com$/i"; classtype:trojan-activity; sid:37920881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf49.marcialledo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf49.marcialledo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf49\.marcialledo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf50.changjiangys.net"; dns.query; content:"pdf50.changjiangys.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf50\.changjiangys\.net$/i"; classtype:trojan-activity; sid:37920891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf50.changjiangys.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf50.changjiangys.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf50\.changjiangys\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920892; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf57.visual8298.top"; dns.query; content:"pdf57.visual8298.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf57\.visual8298\.top$/i"; classtype:trojan-activity; sid:37920901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf57.visual8298.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf57.visual8298.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf57\.visual8298\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920902; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf59.venagard.com"; dns.query; content:"pdf59.venagard.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf59\.venagard\.com$/i"; classtype:trojan-activity; sid:37920911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf59.venagard.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf59.venagard.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf59\.venagard\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920912; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf63.paulfenelon.com"; dns.query; content:"pdf63.paulfenelon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf63\.paulfenelon\.com$/i"; classtype:trojan-activity; sid:37920921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf63.paulfenelon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf63.paulfenelon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf63\.paulfenelon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920922; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf65.verificatutramite.com"; dns.query; content:"pdf65.verificatutramite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf65\.verificatutramite\.com$/i"; classtype:trojan-activity; sid:37920931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf65.verificatutramite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf65.verificatutramite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf65\.verificatutramite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920932; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf70.mariageorgina.com"; dns.query; content:"pdf70.mariageorgina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf70\.mariageorgina\.com$/i"; classtype:trojan-activity; sid:37920941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf70.mariageorgina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf70.mariageorgina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf70\.mariageorgina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920942; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf81.photographyride.com"; dns.query; content:"pdf81.photographyride.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf81\.photographyride\.com$/i"; classtype:trojan-activity; sid:37920951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf81.photographyride.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf81.photographyride.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf81\.photographyride\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920952; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf85.miramantolama.com"; dns.query; content:"pdf85.miramantolama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf85\.miramantolama\.com$/i"; classtype:trojan-activity; sid:37920961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf85.miramantolama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf85.miramantolama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf85\.miramantolama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920962; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf93.venagard.com"; dns.query; content:"pdf93.venagard.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf93\.venagard\.com$/i"; classtype:trojan-activity; sid:37920971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf93.venagard.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf93.venagard.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf93\.venagard\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920972; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain pdf98.solunline.top"; dns.query; content:"pdf98.solunline.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf98\.solunline\.top$/i"; classtype:trojan-activity; sid:37920981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain pdf98.solunline.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pdf98.solunline.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pdf98\.solunline\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain portal27.marcialledo.com"; dns.query; content:"portal27.marcialledo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal27\.marcialledo\.com$/i"; classtype:trojan-activity; sid:37920991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain portal27.marcialledo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal27.marcialledo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal27\.marcialledo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37920992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain portal34.solunline.top"; dns.query; content:"portal34.solunline.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal34\.solunline\.top$/i"; classtype:trojan-activity; sid:37921001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain portal34.solunline.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal34.solunline.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal34\.solunline\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain portal48.solucionpiens.top"; dns.query; content:"portal48.solucionpiens.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal48\.solucionpiens\.top$/i"; classtype:trojan-activity; sid:37921011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain portal48.solucionpiens.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal48.solucionpiens.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal48\.solucionpiens\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain portal50.solucionegos.top"; dns.query; content:"portal50.solucionegos.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal50\.solucionegos\.top$/i"; classtype:trojan-activity; sid:37921021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain portal50.solucionegos.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal50.solucionegos.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal50\.solucionegos\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain portal55.solucionegos.top"; dns.query; content:"portal55.solucionegos.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal55\.solucionegos\.top$/i"; classtype:trojan-activity; sid:37921031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain portal55.solucionegos.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal55.solucionegos.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal55\.solucionegos\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921032; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain portal63.paulfenelon.com"; dns.query; content:"portal63.paulfenelon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal63\.paulfenelon\.com$/i"; classtype:trojan-activity; sid:37921041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain portal63.paulfenelon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal63.paulfenelon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal63\.paulfenelon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921042; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain portal70.solunline.top"; dns.query; content:"portal70.solunline.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal70\.solunline\.top$/i"; classtype:trojan-activity; sid:37921051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain portal70.solunline.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal70.solunline.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal70\.solunline\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921052; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain portal80.changjiangys.net"; dns.query; content:"portal80.changjiangys.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal80\.changjiangys\.net$/i"; classtype:trojan-activity; sid:37921061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain portal80.changjiangys.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal80.changjiangys.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal80\.changjiangys\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921062; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain portal86.serragrandreunion.com"; dns.query; content:"portal86.serragrandreunion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal86\.serragrandreunion\.com$/i"; classtype:trojan-activity; sid:37921071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain portal86.serragrandreunion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal86.serragrandreunion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal86\.serragrandreunion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain portal90.meinastrohoroskop.com"; dns.query; content:"portal90.meinastrohoroskop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal90\.meinastrohoroskop\.com$/i"; classtype:trojan-activity; sid:37921081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain portal90.meinastrohoroskop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal90.meinastrohoroskop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal90\.meinastrohoroskop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921082; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain portal92.solucionpiens.top"; dns.query; content:"portal92.solucionpiens.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal92\.solucionpiens\.top$/i"; classtype:trojan-activity; sid:37921091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain portal92.solucionpiens.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal92.solucionpiens.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal92\.solucionpiens\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921092; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain suscripcion0.venagard.com"; dns.query; content:"suscripcion0.venagard.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion0\.venagard\.com$/i"; classtype:trojan-activity; sid:37921101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain suscripcion0.venagard.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suscripcion0.venagard.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion0\.venagard\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921102; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain suscripcion10.solunline.xyz"; dns.query; content:"suscripcion10.solunline.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion10\.solunline\.xyz$/i"; classtype:trojan-activity; sid:37921111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain suscripcion10.solunline.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suscripcion10.solunline.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion10\.solunline\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921112; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain suscripcion24.facturasonlinemx.com"; dns.query; content:"suscripcion24.facturasonlinemx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion24\.facturasonlinemx\.com$/i"; classtype:trojan-activity; sid:37921121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain suscripcion24.facturasonlinemx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suscripcion24.facturasonlinemx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion24\.facturasonlinemx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921122; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain suscripcion24.venagard.com"; dns.query; content:"suscripcion24.venagard.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion24\.venagard\.com$/i"; classtype:trojan-activity; sid:37921131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain suscripcion24.venagard.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suscripcion24.venagard.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion24\.venagard\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921132; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain suscripcion32.servicioslocomer.online"; dns.query; content:"suscripcion32.servicioslocomer.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion32\.servicioslocomer\.online$/i"; classtype:trojan-activity; sid:37921141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain suscripcion32.servicioslocomer.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suscripcion32.servicioslocomer.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion32\.servicioslocomer\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921142; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain suscripcion38.eagleservice.buzz"; dns.query; content:"suscripcion38.eagleservice.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion38\.eagleservice\.buzz$/i"; classtype:trojan-activity; sid:37921151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain suscripcion38.eagleservice.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suscripcion38.eagleservice.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion38\.eagleservice\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921152; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain suscripcion38.mariageorgina.com"; dns.query; content:"suscripcion38.mariageorgina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion38\.mariageorgina\.com$/i"; classtype:trojan-activity; sid:37921161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain suscripcion38.mariageorgina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suscripcion38.mariageorgina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion38\.mariageorgina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921162; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain suscripcion57.changjiangys.net"; dns.query; content:"suscripcion57.changjiangys.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion57\.changjiangys\.net$/i"; classtype:trojan-activity; sid:37921171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain suscripcion57.changjiangys.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suscripcion57.changjiangys.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion57\.changjiangys\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921172; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain suscripcion65.g1ooseradas.buzz"; dns.query; content:"suscripcion65.g1ooseradas.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion65\.g1ooseradas\.buzz$/i"; classtype:trojan-activity; sid:37921181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain suscripcion65.g1ooseradas.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suscripcion65.g1ooseradas.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion65\.g1ooseradas\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain suscripcion84.taoshome4sale.com"; dns.query; content:"suscripcion84.taoshome4sale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion84\.taoshome4sale\.com$/i"; classtype:trojan-activity; sid:37921191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain suscripcion84.taoshome4sale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suscripcion84.taoshome4sale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion84\.taoshome4sale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921192; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain suscripcion95.servicioslomex.online"; dns.query; content:"suscripcion95.servicioslomex.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion95\.servicioslomex\.online$/i"; classtype:trojan-activity; sid:37921201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain suscripcion95.servicioslomex.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suscripcion95.servicioslomex.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suscripcion95\.servicioslomex\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921202; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado0.meinastrohoroskop.com"; dns.query; content:"timbrado0.meinastrohoroskop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado0\.meinastrohoroskop\.com$/i"; classtype:trojan-activity; sid:37921211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado0.meinastrohoroskop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado0.meinastrohoroskop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado0\.meinastrohoroskop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado11.verificatutramite.com"; dns.query; content:"timbrado11.verificatutramite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado11\.verificatutramite\.com$/i"; classtype:trojan-activity; sid:37921221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado11.verificatutramite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado11.verificatutramite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado11\.verificatutramite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921222; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado16.taoshome4sale.com"; dns.query; content:"timbrado16.taoshome4sale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado16\.taoshome4sale\.com$/i"; classtype:trojan-activity; sid:37921231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado16.taoshome4sale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado16.taoshome4sale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado16\.taoshome4sale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921232; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado17.marcialledo.com"; dns.query; content:"timbrado17.marcialledo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado17\.marcialledo\.com$/i"; classtype:trojan-activity; sid:37921241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado17.marcialledo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado17.marcialledo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado17\.marcialledo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921242; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado17.mariageorgina.com"; dns.query; content:"timbrado17.mariageorgina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado17\.mariageorgina\.com$/i"; classtype:trojan-activity; sid:37921251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado17.mariageorgina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado17.mariageorgina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado17\.mariageorgina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921252; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado2.serviciosna.top"; dns.query; content:"timbrado2.serviciosna.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado2\.serviciosna\.top$/i"; classtype:trojan-activity; sid:37921261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado2.serviciosna.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado2.serviciosna.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado2\.serviciosna\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921262; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado2.solucionegos.top"; dns.query; content:"timbrado2.solucionegos.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado2\.solucionegos\.top$/i"; classtype:trojan-activity; sid:37921271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado2.solucionegos.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado2.solucionegos.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado2\.solucionegos\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921272; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado33.meinastrohoroskop.com"; dns.query; content:"timbrado33.meinastrohoroskop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado33\.meinastrohoroskop\.com$/i"; classtype:trojan-activity; sid:37921281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado33.meinastrohoroskop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado33.meinastrohoroskop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado33\.meinastrohoroskop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921282; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado42.mariageorgina.com"; dns.query; content:"timbrado42.mariageorgina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado42\.mariageorgina\.com$/i"; classtype:trojan-activity; sid:37921291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado42.mariageorgina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado42.mariageorgina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado42\.mariageorgina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921292; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado54.changjiangys.net"; dns.query; content:"timbrado54.changjiangys.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado54\.changjiangys\.net$/i"; classtype:trojan-activity; sid:37921301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado54.changjiangys.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado54.changjiangys.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado54\.changjiangys\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921302; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado6.meinastrohoroskop.com"; dns.query; content:"timbrado6.meinastrohoroskop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado6\.meinastrohoroskop\.com$/i"; classtype:trojan-activity; sid:37921311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado6.meinastrohoroskop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado6.meinastrohoroskop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado6\.meinastrohoroskop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921312; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado73.mariageorgina.com"; dns.query; content:"timbrado73.mariageorgina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado73\.mariageorgina\.com$/i"; classtype:trojan-activity; sid:37921321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado73.mariageorgina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado73.mariageorgina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado73\.mariageorgina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921322; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado74.callarlene.net"; dns.query; content:"timbrado74.callarlene.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado74\.callarlene\.net$/i"; classtype:trojan-activity; sid:37921331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado74.callarlene.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado74.callarlene.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado74\.callarlene\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921332; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado74.mexicofacturacion.com"; dns.query; content:"timbrado74.mexicofacturacion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado74\.mexicofacturacion\.com$/i"; classtype:trojan-activity; sid:37921341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado74.mexicofacturacion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado74.mexicofacturacion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado74\.mexicofacturacion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921342; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado80.paulfenelon.com"; dns.query; content:"timbrado80.paulfenelon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado80\.paulfenelon\.com$/i"; classtype:trojan-activity; sid:37921351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado80.paulfenelon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado80.paulfenelon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado80\.paulfenelon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921352; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado84.miramantolama.com"; dns.query; content:"timbrado84.miramantolama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado84\.miramantolama\.com$/i"; classtype:trojan-activity; sid:37921361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado84.miramantolama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado84.miramantolama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado84\.miramantolama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921362; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado90.porcesososo.online"; dns.query; content:"timbrado90.porcesososo.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado90\.porcesososo\.online$/i"; classtype:trojan-activity; sid:37921371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado90.porcesososo.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado90.porcesososo.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado90\.porcesososo\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921372; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain timbrado96.paulfenelon.com"; dns.query; content:"timbrado96.paulfenelon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado96\.paulfenelon\.com$/i"; classtype:trojan-activity; sid:37921381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain timbrado96.paulfenelon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timbrado96.paulfenelon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timbrado96\.paulfenelon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921382; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert dns any any -> any any (msg: "MISP e27366 [] Domain validacion22.hb56.cc"; dns.query; content:"validacion22.hb56.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])validacion22\.hb56\.cc$/i"; classtype:trojan-activity; sid:37921391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27366 [] Outgoing HTTP Domain validacion22.hb56.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"validacion22.hb56.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])validacion22\.hb56\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37921392; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27366 [] Outgoing URL http|3a|//folio24.spacefordailyrituals.com/facdigital/55ae12184283dc"; flow:to_server,established; http.header; content:"folio24.spacefordailyrituals.com"; fast_pattern; nocase; http.uri; content:"/facdigital/55ae12184283dc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37921431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27366 [] Outgoing URL http|3a|//folio47.marcialledo.com/seg_factura/e6bab6d032e282"; flow:to_server,established; http.header; content:"folio47.marcialledo.com"; fast_pattern; nocase; http.uri; content:"/seg_factura/e6bab6d032e282"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37921441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27366 [] Outgoing URL http|3a|//pdf43.marcialledo.com/factura/50e1e86db86ff2"; flow:to_server,established; http.header; content:"pdf43.marcialledo.com"; fast_pattern; nocase; http.uri; content:"/factura/50e1e86db86ff2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37921451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27366 [] Outgoing URL http|3a|//suscripcion95.servicioslomex.online/cfdi/0faa4a21fff2bb"; flow:to_server,established; http.header; content:"suscripcion95.servicioslomex.online"; fast_pattern; nocase; http.uri; content:"/cfdi/0faa4a21fff2bb"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37921461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27366;) alert ip 5.199.168.24 any -> $HOME_NET any (msg: "MISP e27358 [] Incoming From IP: 5.199.168.24"; classtype:trojan-activity; sid:37917871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27358;) alert ip 91.92.254.193 any -> $HOME_NET any (msg: "MISP e27358 [] Incoming From IP: 91.92.254.193"; classtype:trojan-activity; sid:37917881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27358;) alert dns any any -> any any (msg: "MISP e27358 [] Domain resources.docusong.com"; dns.query; content:"resources.docusong.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])resources\.docusong\.com$/i"; classtype:trojan-activity; sid:37917891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27358;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27358 [] Outgoing HTTP Domain resources.docusong.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"resources.docusong.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])resources\.docusong\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37917892; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27358;) alert dns any any -> any any (msg: "MISP e27358 [] Domain fisa99.screenconnect.com"; dns.query; content:"fisa99.screenconnect.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fisa99\.screenconnect\.com$/i"; classtype:trojan-activity; sid:37917901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27358;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27358 [] Outgoing HTTP Domain fisa99.screenconnect.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fisa99.screenconnect.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fisa99\.screenconnect\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37917902; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27358;) alert ip $HOME_NET any -> 185.222.58.81 55615 (msg: "MISP e27311 [RedLineStealer] Outgoing To IP: 185.222.58.81|55615"; classtype:trojan-activity; sid:37908461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 91.206.178.125 $HTTP_PORTS (msg: "MISP e27359 [] Outgoing URL http|3a|//91.206.178.125/upload/upload.asp"; flow:to_server,established; http.header; content:"91.206.178.125"; fast_pattern; nocase; http.uri; content:"/upload/upload.asp"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37918191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27359;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenbrazil.com"; dns.query; content:"bodenbrazil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenbrazil\.com$/i"; classtype:trojan-activity; sid:38139121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenbrazil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenbrazil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenbrazil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenczeshop.com"; dns.query; content:"bodenczeshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenczeshop\.com$/i"; classtype:trojan-activity; sid:38139131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenczeshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenczeshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenczeshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenfrancesoldes.com"; dns.query; content:"bodenfrancesoldes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenfrancesoldes\.com$/i"; classtype:trojan-activity; sid:38139141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenfrancesoldes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenfrancesoldes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenfrancesoldes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodengreeceeshop.com"; dns.query; content:"bodengreeceeshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodengreeceeshop\.com$/i"; classtype:trojan-activity; sid:38139151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodengreeceeshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodengreeceeshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodengreeceeshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodennetherlands.com"; dns.query; content:"bodennetherlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodennetherlands\.com$/i"; classtype:trojan-activity; sid:38139161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodennetherlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodennetherlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodennetherlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenoutletitalia.com"; dns.query; content:"bodenoutletitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenoutletitalia\.com$/i"; classtype:trojan-activity; sid:38139171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenoutletitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenoutletitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenoutletitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenoutletnorge.com"; dns.query; content:"bodenoutletnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenoutletnorge\.com$/i"; classtype:trojan-activity; sid:38139181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenoutletnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenoutletnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenoutletnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenpolska.com"; dns.query; content:"bodenpolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenpolska\.com$/i"; classtype:trojan-activity; sid:38139191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenpolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenpolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenpolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodensuomi.com"; dns.query; content:"bodensuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodensuomi\.com$/i"; classtype:trojan-activity; sid:38139201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodensuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodensuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodensuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boden-sverige.com"; dns.query; content:"boden-sverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-sverige\.com$/i"; classtype:trojan-activity; sid:38139211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boden-sverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boden-sverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-sverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenturkiye.com"; dns.query; content:"bodenturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenturkiye\.com$/i"; classtype:trojan-activity; sid:38139221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenwinkelbelgium.com"; dns.query; content:"bodenwinkelbelgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenwinkelbelgium\.com$/i"; classtype:trojan-activity; sid:38139231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenwinkelbelgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenwinkelbelgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenwinkelbelgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loungeflyoutletuk.com"; dns.query; content:"loungeflyoutletuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyoutletuk\.com$/i"; classtype:trojan-activity; sid:38139241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loungeflyoutletuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loungeflyoutletuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loungeflyoutletuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain luluesfactoryoutlet.com"; dns.query; content:"luluesfactoryoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])luluesfactoryoutlet\.com$/i"; classtype:trojan-activity; sid:38139251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain luluesfactoryoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luluesfactoryoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luluesfactoryoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lulu-lemoncostarica.com"; dns.query; content:"lulu-lemoncostarica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemoncostarica\.com$/i"; classtype:trojan-activity; sid:38139261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lulu-lemoncostarica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lulu-lemoncostarica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemoncostarica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lulu-lemonecuador.com"; dns.query; content:"lulu-lemonecuador.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemonecuador\.com$/i"; classtype:trojan-activity; sid:38139271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lulu-lemonecuador.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lulu-lemonecuador.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemonecuador\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lulu-lemonguatemala.com"; dns.query; content:"lulu-lemonguatemala.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemonguatemala\.com$/i"; classtype:trojan-activity; sid:38139281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lulu-lemonguatemala.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lulu-lemonguatemala.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemonguatemala\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lulu-lemonpanama.com"; dns.query; content:"lulu-lemonpanama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemonpanama\.com$/i"; classtype:trojan-activity; sid:38139291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lulu-lemonpanama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lulu-lemonpanama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemonpanama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lulu-lemonperu.com"; dns.query; content:"lulu-lemonperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemonperu\.com$/i"; classtype:trojan-activity; sid:38139301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lulu-lemonperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lulu-lemonperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lulu\-lemonperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsbagcanada.com"; dns.query; content:"marcjacobsbagcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsbagcanada\.com$/i"; classtype:trojan-activity; sid:38139311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsbagcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsbagcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsbagcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsbolsoscolombia.com"; dns.query; content:"marcjacobsbolsoscolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsbolsoscolombia\.com$/i"; classtype:trojan-activity; sid:38139321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsbolsoscolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsbolsoscolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsbolsoscolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsde.com"; dns.query; content:"marcjacobsde.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsde\.com$/i"; classtype:trojan-activity; sid:38139331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsde.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsde.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsde\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsespanatiendas.com"; dns.query; content:"marcjacobsespanatiendas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsespanatiendas\.com$/i"; classtype:trojan-activity; sid:38139341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsespanatiendas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsespanatiendas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsespanatiendas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsfranceonline.com"; dns.query; content:"marcjacobsfranceonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsfranceonline\.com$/i"; classtype:trojan-activity; sid:38139351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsfranceonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsfranceonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsfranceonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsgreecetotebag.com"; dns.query; content:"marcjacobsgreecetotebag.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsgreecetotebag\.com$/i"; classtype:trojan-activity; sid:38139361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsgreecetotebag.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsgreecetotebag.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsgreecetotebag\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobshu.com"; dns.query; content:"marcjacobshu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobshu\.com$/i"; classtype:trojan-activity; sid:38139371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobshu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobshu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobshu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsindiaonline.com"; dns.query; content:"marcjacobsindiaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsindiaonline\.com$/i"; classtype:trojan-activity; sid:38139381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsindiaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsindiaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsindiaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsirelandsale.com"; dns.query; content:"marcjacobsirelandsale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsirelandsale\.com$/i"; classtype:trojan-activity; sid:38139391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsirelandsale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsirelandsale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsirelandsale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsisraelstore.com"; dns.query; content:"marcjacobsisraelstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsisraelstore\.com$/i"; classtype:trojan-activity; sid:38139401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsisraelstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsisraelstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsisraelstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsitalyonline.com"; dns.query; content:"marcjacobsitalyonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsitalyonline\.com$/i"; classtype:trojan-activity; sid:38139411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsitalyonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsitalyonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsitalyonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsmalaysiastore.com"; dns.query; content:"marcjacobsmalaysiastore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsmalaysiastore\.com$/i"; classtype:trojan-activity; sid:38139421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsmalaysiastore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsmalaysiastore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsmalaysiastore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsmexicotienda.com"; dns.query; content:"marcjacobsmexicotienda.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsmexicotienda\.com$/i"; classtype:trojan-activity; sid:38139431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsmexicotienda.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsmexicotienda.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsmexicotienda\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsphprice.com"; dns.query; content:"marcjacobsphprice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsphprice\.com$/i"; classtype:trojan-activity; sid:38139441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsphprice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsphprice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsphprice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsshoposterreich.com"; dns.query; content:"marcjacobsshoposterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsshoposterreich\.com$/i"; classtype:trojan-activity; sid:38139451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsshoposterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsshoposterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsshoposterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsskleppolska.com"; dns.query; content:"marcjacobsskleppolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsskleppolska\.com$/i"; classtype:trojan-activity; sid:38139461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsskleppolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsskleppolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsskleppolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobssouthafricasale.com"; dns.query; content:"marcjacobssouthafricasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobssouthafricasale\.com$/i"; classtype:trojan-activity; sid:38139471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobssouthafricasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobssouthafricasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobssouthafricasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobstascheschweiz.com"; dns.query; content:"marcjacobstascheschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstascheschweiz\.com$/i"; classtype:trojan-activity; sid:38139481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobstascheschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobstascheschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstascheschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobstorbicesrbija.com"; dns.query; content:"marcjacobstorbicesrbija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstorbicesrbija\.com$/i"; classtype:trojan-activity; sid:38139491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobstorbicesrbija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobstorbicesrbija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstorbicesrbija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobstotebagargentina.com"; dns.query; content:"marcjacobstotebagargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagargentina\.com$/i"; classtype:trojan-activity; sid:38139501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobstotebagargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobstotebagargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobstotebagbelgium.com"; dns.query; content:"marcjacobstotebagbelgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagbelgium\.com$/i"; classtype:trojan-activity; sid:38139511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobstotebagbelgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobstotebagbelgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagbelgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobstotebagdk.com"; dns.query; content:"marcjacobstotebagdk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagdk\.com$/i"; classtype:trojan-activity; sid:38139521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobstotebagdk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobstotebagdk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagdk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobstotebagjapan.com"; dns.query; content:"marcjacobstotebagjapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagjapan\.com$/i"; classtype:trojan-activity; sid:38139531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobstotebagjapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobstotebagjapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagjapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobstotebagnorge.com"; dns.query; content:"marcjacobstotebagnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagnorge\.com$/i"; classtype:trojan-activity; sid:38139541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobstotebagnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobstotebagnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobstotebagsuomi.com"; dns.query; content:"marcjacobstotebagsuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagsuomi\.com$/i"; classtype:trojan-activity; sid:38139551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobstotebagsuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobstotebagsuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebagsuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsturkiyecanta.com"; dns.query; content:"marcjacobsturkiyecanta.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsturkiyecanta\.com$/i"; classtype:trojan-activity; sid:38139561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsturkiyecanta.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsturkiyecanta.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsturkiyecanta\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsvaskasverige.com"; dns.query; content:"marcjacobsvaskasverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsvaskasverige\.com$/i"; classtype:trojan-activity; sid:38139571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsvaskasverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsvaskasverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsvaskasverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onrunningsdublin.com"; dns.query; content:"onrunningsdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onrunningsdublin\.com$/i"; classtype:trojan-activity; sid:38139581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onrunningsdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onrunningsdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onrunningsdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain outlettruereligion.com"; dns.query; content:"outlettruereligion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])outlettruereligion\.com$/i"; classtype:trojan-activity; sid:38139591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain outlettruereligion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"outlettruereligion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])outlettruereligion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithmexico.com"; dns.query; content:"paulsmithmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithmexico\.com$/i"; classtype:trojan-activity; sid:38139601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithportugal.com"; dns.query; content:"paulsmithportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithportugal\.com$/i"; classtype:trojan-activity; sid:38139611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skimsmilano.com"; dns.query; content:"skimsmilano.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skimsmilano\.com$/i"; classtype:trojan-activity; sid:38139621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skimsmilano.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skimsmilano.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skimsmilano\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerau.com"; dns.query; content:"tedbakerau.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerau\.com$/i"; classtype:trojan-activity; sid:38139631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerau.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerau.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerau\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakercanada.com"; dns.query; content:"tedbakercanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakercanada\.com$/i"; classtype:trojan-activity; sid:38139641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakercanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakercanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakercanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakercanadaoutlets.com"; dns.query; content:"tedbakercanadaoutlets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakercanadaoutlets\.com$/i"; classtype:trojan-activity; sid:38139651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakercanadaoutlets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakercanadaoutlets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakercanadaoutlets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakercanadawebsite.com"; dns.query; content:"tedbakercanadawebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakercanadawebsite\.com$/i"; classtype:trojan-activity; sid:38139661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakercanadawebsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakercanadawebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakercanadawebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-denmark.com"; dns.query; content:"tedbaker-denmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-denmark\.com$/i"; classtype:trojan-activity; sid:38139671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-denmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-denmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-denmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerdeutschlandshop.com"; dns.query; content:"tedbakerdeutschlandshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerdeutschlandshop\.com$/i"; classtype:trojan-activity; sid:38139681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerdeutschlandshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerdeutschlandshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerdeutschlandshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerhrvatska.com"; dns.query; content:"tedbakerhrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerhrvatska\.com$/i"; classtype:trojan-activity; sid:38139691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerhrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerhrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerhrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-ireland.com"; dns.query; content:"tedbaker-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-ireland\.com$/i"; classtype:trojan-activity; sid:38139701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerirelandoutlet.com"; dns.query; content:"tedbakerirelandoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerirelandoutlet\.com$/i"; classtype:trojan-activity; sid:38139711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerirelandoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerirelandoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerirelandoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeritalia.com"; dns.query; content:"tedbakeritalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeritalia\.com$/i"; classtype:trojan-activity; sid:38139721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeritalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeritalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeritalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakermalaysia.com"; dns.query; content:"tedbakermalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakermalaysia\.com$/i"; classtype:trojan-activity; sid:38139731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakermalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakermalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakermalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakernederland.com"; dns.query; content:"tedbakernederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakernederland\.com$/i"; classtype:trojan-activity; sid:38139741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakernederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakernederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakernederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-nz.com"; dns.query; content:"tedbaker-nz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-nz\.com$/i"; classtype:trojan-activity; sid:38139751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-nz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-nz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-nz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeronlineuae.com"; dns.query; content:"tedbakeronlineuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeronlineuae\.com$/i"; classtype:trojan-activity; sid:38139761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeronlineuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeronlineuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeronlineuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeroutletespana.com"; dns.query; content:"tedbakeroutletespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletespana\.com$/i"; classtype:trojan-activity; sid:38139771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeroutletespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeroutletespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerpolska.com"; dns.query; content:"tedbakerpolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerpolska\.com$/i"; classtype:trojan-activity; sid:38139781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerpolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerpolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerpolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerportugal.com"; dns.query; content:"tedbakerportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerportugal\.com$/i"; classtype:trojan-activity; sid:38139791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerschweiz.com"; dns.query; content:"tedbakerschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerschweiz\.com$/i"; classtype:trojan-activity; sid:38139801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakersrbija.com"; dns.query; content:"ted-bakersrbija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakersrbija\.com$/i"; classtype:trojan-activity; sid:38139811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakersrbija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakersrbija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakersrbija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-turkiye.com"; dns.query; content:"tedbaker-turkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-turkiye\.com$/i"; classtype:trojan-activity; sid:38139821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-turkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-turkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-turkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendasmarcjacobschile.com"; dns.query; content:"tiendasmarcjacobschile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendasmarcjacobschile\.com$/i"; classtype:trojan-activity; sid:38139831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendasmarcjacobschile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendasmarcjacobschile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendasmarcjacobschile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendatedbakerespana.com"; dns.query; content:"tiendatedbakerespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendatedbakerespana\.com$/i"; classtype:trojan-activity; sid:38139841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendatedbakerespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendatedbakerespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendatedbakerespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligiononlineshop.com"; dns.query; content:"truereligiononlineshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligiononlineshop\.com$/i"; classtype:trojan-activity; sid:38139851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligiononlineshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligiononlineshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligiononlineshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionsg.com"; dns.query; content:"truereligionsg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionsg\.com$/i"; classtype:trojan-activity; sid:38139861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionsg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionsg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionsg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 185.222.58.81 55615 (msg: "MISP e27520 [] Outgoing To IP: 185.222.58.81|55615"; classtype:trojan-activity; sid:37948641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 94.131.11.34 10006 (msg: "MISP e27311 [RedLineStealer] Outgoing To IP: 94.131.11.34|10006"; classtype:trojan-activity; sid:37908471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 94.131.11.34 10006 (msg: "MISP e27520 [] Outgoing To IP: 94.131.11.34|10006"; classtype:trojan-activity; sid:37948651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 162.19.208.109 443 (msg: "MISP e27311 [RedLineStealer] Outgoing To IP: 162.19.208.109|443"; classtype:trojan-activity; sid:37908481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27311 [dcrat] Outgoing URL http|3a|//pipikaka-ggg.000webhostapp.com/9cf11b76.php"; flow:to_server,established; http.header; content:"pipikaka-ggg.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/9cf11b76.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 185.161.208.123 8763 (msg: "MISP e27311 [NanoCore,RAT] Outgoing To IP: 185.161.208.123|8763"; classtype:trojan-activity; sid:37908501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//pipikaka-ggg.000webhostapp.com/9cf11b76.php"; flow:to_server,established; http.header; content:"pipikaka-ggg.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/9cf11b76.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 162.19.208.109 443 (msg: "MISP e27520 [] Outgoing To IP: 162.19.208.109|443"; classtype:trojan-activity; sid:37948671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 185.161.208.123 8763 (msg: "MISP e27520 [] Outgoing To IP: 185.161.208.123|8763"; classtype:trojan-activity; sid:37948681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 176.124.192.196 $HTTP_PORTS (msg: "MISP e27311 [dcrat] Outgoing URL http|3a|//176.124.192.196/httpserver0windows/wppublicjs/proton_vmpacket/generator8wpbase/external_/_wplow8/universalflower/3/line62/7publicpacket/geocpuupdatedefaultasyncpublicprivateuploadsdownloads.php"; flow:to_server,established; http.header; content:"176.124.192.196"; fast_pattern; nocase; http.uri; content:"/httpserver0windows/wppublicjs/proton_vmpacket/generator8wpbase/external_/_wplow8/universalflower/3/line62/7publicpacket/geocpuupdatedefaultasyncpublicprivateuploadsdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37908511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 194.87.252.184 4782 (msg: "MISP e27311 [QuasarRAT,RAT] Outgoing To IP: 194.87.252.184|4782"; classtype:trojan-activity; sid:37908521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 176.124.192.196 $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//176.124.192.196/Httpserver0Windows/WpPublicJs/Proton_VmPacket/Generator8wpBase/External_/_wpLow8/universalFlower/3/Line62/7PublicPacket/geoCpuUpdateDefaultAsyncpublicPrivateUploadsDownloads.php"; flow:to_server,established; http.header; content:"176.124.192.196"; fast_pattern; nocase; http.uri; content:"/Httpserver0Windows/WpPublicJs/Proton_VmPacket/Generator8wpBase/External_/_wpLow8/universalFlower/3/Line62/7PublicPacket/geoCpuUpdateDefaultAsyncpublicPrivateUploadsDownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37948691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 2.58.85.145 8808 (msg: "MISP e27311 [asyncrat,RAT] Outgoing To IP: 2.58.85.145|8808"; classtype:trojan-activity; sid:37908531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 45.137.22.156 55615 (msg: "MISP e27311 [RedLineStealer] Outgoing To IP: 45.137.22.156|55615"; classtype:trojan-activity; sid:37908541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 194.87.252.184 4782 (msg: "MISP e27520 [] Outgoing To IP: 194.87.252.184|4782"; classtype:trojan-activity; sid:37948701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 45.137.22.156 55615 (msg: "MISP e27520 [] Outgoing To IP: 45.137.22.156|55615"; classtype:trojan-activity; sid:37948711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 2.58.85.145 8808 (msg: "MISP e27520 [] Outgoing To IP: 2.58.85.145|8808"; classtype:trojan-activity; sid:37948721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 157.230.175.190 49553 (msg: "MISP e27311 [Bianlian Go Trojan,DIGITALOCEAN-ASN] Outgoing To IP: 157.230.175.190|49553"; classtype:trojan-activity; sid:37908551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 64.74.160.238 3306 (msg: "MISP e27311 [Bianlian Go Trojan,DEDICATED] Outgoing To IP: 64.74.160.238|3306"; classtype:trojan-activity; sid:37908561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 104.200.72.113 40484 (msg: "MISP e27311 [ASN-QUADRANET-GLOBAL,Bianlian Go Trojan] Outgoing To IP: 104.200.72.113|40484"; classtype:trojan-activity; sid:37908571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 185.225.70.160 27311 (msg: "MISP e27311 [Bianlian Go Trojan,NET23-AS] Outgoing To IP: 185.225.70.160|27311"; classtype:trojan-activity; sid:37908581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 200.234.235.200 443 (msg: "MISP e27311 [CLOUDING,Havoc] Outgoing To IP: 200.234.235.200|443"; classtype:trojan-activity; sid:37908591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 185.174.8.138 8080 (msg: "MISP e27311 [Havoc,PROFITBYTE] Outgoing To IP: 185.174.8.138|8080"; classtype:trojan-activity; sid:37908601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 176.44.108.225 443 (msg: "MISP e27311 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 176.44.108.225|443"; classtype:trojan-activity; sid:37908611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 167.56.207.87 995 (msg: "MISP e27311 [Administracion Nacional de Telecomunicaciones,QakBot] Outgoing To IP: 167.56.207.87|995"; classtype:trojan-activity; sid:37908621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 193.92.248.35 995 (msg: "MISP e27311 [FORTHNET-GR Forthnet,QakBot] Outgoing To IP: 193.92.248.35|995"; classtype:trojan-activity; sid:37908631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 180.140.129.152 8848 (msg: "MISP e27311 [CHINANET-BACKBONE No.31Jin-rong Street,dcrat] Outgoing To IP: 180.140.129.152|8848"; classtype:trojan-activity; sid:37908641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 65.20.69.208 5000 (msg: "MISP e27311 [AS-CHOOPA,Pikabot] Outgoing To IP: 65.20.69.208|5000"; classtype:trojan-activity; sid:37908651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 217.197.107.145 80 (msg: "MISP e27311 [AEZA-AS,Meduza Stealer] Outgoing To IP: 217.197.107.145|80"; classtype:trojan-activity; sid:37908661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 80.253.246.232 80 (msg: "MISP e27311 [Hookbot Pegasus,HOSTINGDUNYAM HOSTING DUNYAM] Outgoing To IP: 80.253.246.232|80"; classtype:trojan-activity; sid:37908671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 193.176.79.54 80 (msg: "MISP e27311 [BEGET-AS,Hookbot Pegasus] Outgoing To IP: 193.176.79.54|80"; classtype:trojan-activity; sid:37908681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 5.35.99.203 80 (msg: "MISP e27311 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 5.35.99.203|80"; classtype:trojan-activity; sid:37908691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 5.35.99.203 80 (msg: "MISP e27520 [] Outgoing To IP: 5.35.99.203|80"; classtype:trojan-activity; sid:37948731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 193.176.79.54 80 (msg: "MISP e27520 [] Outgoing To IP: 193.176.79.54|80"; classtype:trojan-activity; sid:37948741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 80.253.246.232 80 (msg: "MISP e27520 [] Outgoing To IP: 80.253.246.232|80"; classtype:trojan-activity; sid:37948751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 217.197.107.145 80 (msg: "MISP e27520 [] Outgoing To IP: 217.197.107.145|80"; classtype:trojan-activity; sid:37948761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 65.20.69.208 5000 (msg: "MISP e27520 [] Outgoing To IP: 65.20.69.208|5000"; classtype:trojan-activity; sid:37948771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 180.140.129.152 8848 (msg: "MISP e27520 [] Outgoing To IP: 180.140.129.152|8848"; classtype:trojan-activity; sid:37948781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 193.92.248.35 995 (msg: "MISP e27520 [] Outgoing To IP: 193.92.248.35|995"; classtype:trojan-activity; sid:37948791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 167.56.207.87 995 (msg: "MISP e27520 [] Outgoing To IP: 167.56.207.87|995"; classtype:trojan-activity; sid:37948801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 176.44.108.225 443 (msg: "MISP e27520 [] Outgoing To IP: 176.44.108.225|443"; classtype:trojan-activity; sid:37948811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 185.174.8.138 8080 (msg: "MISP e27520 [] Outgoing To IP: 185.174.8.138|8080"; classtype:trojan-activity; sid:37948821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 200.234.235.200 443 (msg: "MISP e27520 [] Outgoing To IP: 200.234.235.200|443"; classtype:trojan-activity; sid:37948831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 185.225.70.160 27311 (msg: "MISP e27520 [] Outgoing To IP: 185.225.70.160|27311"; classtype:trojan-activity; sid:37948841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 104.200.72.113 40484 (msg: "MISP e27520 [] Outgoing To IP: 104.200.72.113|40484"; classtype:trojan-activity; sid:37948851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 64.74.160.238 3306 (msg: "MISP e27520 [] Outgoing To IP: 64.74.160.238|3306"; classtype:trojan-activity; sid:37948861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 157.230.175.190 49553 (msg: "MISP e27520 [] Outgoing To IP: 157.230.175.190|49553"; classtype:trojan-activity; sid:37948871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 185.216.70.30 $HTTP_PORTS (msg: "MISP e27524 [] Outgoing URL http|3a|//185.216.70.30/bins/kirin.mips"; flow:to_server,established; http.header; content:"185.216.70.30"; fast_pattern; nocase; http.uri; content:"/bins/kirin.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37951141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27524;) alert ip 185.216.70.30 any -> $HOME_NET any (msg: "MISP e27524 [] Incoming From IP: 185.216.70.30"; classtype:trojan-activity; sid:37951151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27524;) alert ip $HOME_NET any -> 185.216.70.30 10 (msg: "MISP e27524 [] Outgoing To IP: 185.216.70.30|10"; classtype:trojan-activity; sid:37951161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27524;) alert http $HOME_NET any -> 93.123.85.111 $HTTP_PORTS (msg: "MISP e27522 [] Outgoing URL http|3a|//93.123.85.111/d00msd4y.mips"; flow:to_server,established; http.header; content:"93.123.85.111"; fast_pattern; nocase; http.uri; content:"/d00msd4y.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37950861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27522;) alert ip 93.123.85.111 any -> $HOME_NET any (msg: "MISP e27522 [] Incoming From IP: 93.123.85.111"; classtype:trojan-activity; sid:37950871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27522;) alert ip $HOME_NET any -> 194.48.250.26 32826 (msg: "MISP e27522 [] Outgoing To IP: 194.48.250.26|32826"; classtype:trojan-activity; sid:37950881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27522;) alert http $HOME_NET any -> 94.156.71.230 $HTTP_PORTS (msg: "MISP e27521 [] Outgoing URL http|3a|//94.156.71.230/bins/mips"; flow:to_server,established; http.header; content:"94.156.71.230"; fast_pattern; nocase; http.uri; content:"/bins/mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37950721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27521;) alert ip 94.156.71.230 any -> $HOME_NET any (msg: "MISP e27521 [] Incoming From IP: 94.156.71.230"; classtype:trojan-activity; sid:37950731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27521;) alert ip $HOME_NET any -> 94.156.71.230 5555 (msg: "MISP e27521 [] Outgoing To IP: 94.156.71.230|5555"; classtype:trojan-activity; sid:37950741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27521;) alert http $HOME_NET any -> 45.142.182.90 $HTTP_PORTS (msg: "MISP e27525 [] Outgoing URL http|3a|//45.142.182.90/kira.mips"; flow:to_server,established; http.header; content:"45.142.182.90"; fast_pattern; nocase; http.uri; content:"/kira.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37951281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27525;) alert ip 45.142.182.90 any -> $HOME_NET any (msg: "MISP e27525 [] Incoming From IP: 45.142.182.90"; classtype:trojan-activity; sid:37951291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27525;) alert ip $HOME_NET any -> 45.142.182.90 9931 (msg: "MISP e27525 [] Outgoing To IP: 45.142.182.90|9931"; classtype:trojan-activity; sid:37951301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27525;) alert http $HOME_NET any -> 216.219.94.57 $HTTP_PORTS (msg: "MISP e27523 [] Outgoing URL http|3a|//216.219.94.57/bins/chary.mips"; flow:to_server,established; http.header; content:"216.219.94.57"; fast_pattern; nocase; http.uri; content:"/bins/chary.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37951001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27523;) alert ip 216.219.94.57 any -> $HOME_NET any (msg: "MISP e27523 [] Incoming From IP: 216.219.94.57"; classtype:trojan-activity; sid:37951011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27523;) alert ip $HOME_NET any -> 216.219.94.57 59666 (msg: "MISP e27523 [] Outgoing To IP: 216.219.94.57|59666"; classtype:trojan-activity; sid:37951021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27523;) alert http $HOME_NET any -> 93.123.85.61 $HTTP_PORTS (msg: "MISP e27526 [] Outgoing URL http|3a|//93.123.85.61/hiddenbin/boatnet.mips"; flow:to_server,established; http.header; content:"93.123.85.61"; fast_pattern; nocase; http.uri; content:"/hiddenbin/boatnet.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37951421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27526;) alert ip 93.123.85.61 any -> $HOME_NET any (msg: "MISP e27526 [] Incoming From IP: 93.123.85.61"; classtype:trojan-activity; sid:37951431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27526;) alert ip $HOME_NET any -> 93.123.85.61 3778 (msg: "MISP e27526 [] Outgoing To IP: 93.123.85.61|3778"; classtype:trojan-activity; sid:37951441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27526;) alert http $HOME_NET any -> 94.156.69.47 80 (msg: "MISP e27527 [] Outgoing URL http|3a|//94.156.69.47|3a|80/skid.mips"; flow:to_server,established; http.header; content:"94.156.69.47"; fast_pattern; nocase; http.uri; content:"/skid.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37951561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27527;) alert ip 94.156.69.47 any -> $HOME_NET any (msg: "MISP e27527 [] Incoming From IP: 94.156.69.47"; classtype:trojan-activity; sid:37951571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27527;) alert ip $HOME_NET any -> 176.123.2.50 8872 (msg: "MISP e27527 [] Outgoing To IP: 176.123.2.50|8872"; classtype:trojan-activity; sid:37951581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27527;) alert http $HOME_NET any -> 94.156.8.179 $HTTP_PORTS (msg: "MISP e27528 [] Outgoing URL http|3a|//94.156.8.179/bins/sora.mips"; flow:to_server,established; http.header; content:"94.156.8.179"; fast_pattern; nocase; http.uri; content:"/bins/sora.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37951701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27528;) alert ip 94.156.8.179 any -> $HOME_NET any (msg: "MISP e27528 [] Incoming From IP: 94.156.8.179"; classtype:trojan-activity; sid:37951711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27528;) alert ip $HOME_NET any -> 94.156.8.179 1312 (msg: "MISP e27528 [] Outgoing To IP: 94.156.8.179|1312"; classtype:trojan-activity; sid:37951721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27528;) alert http $HOME_NET any -> 94.156.67.62 $HTTP_PORTS (msg: "MISP e27515 [] Outgoing URL http|3a|//94.156.67.62/nabmips"; flow:to_server,established; http.header; content:"94.156.67.62"; fast_pattern; nocase; http.uri; content:"/nabmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37947021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27515;) alert ip 94.156.67.62 any -> $HOME_NET any (msg: "MISP e27515 [] Incoming From IP: 94.156.67.62"; classtype:trojan-activity; sid:37947031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27515;) alert ip $HOME_NET any -> 46.23.108.250 38241 (msg: "MISP e27515 [] Outgoing To IP: 46.23.108.250|38241"; classtype:trojan-activity; sid:37947041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27515;) alert http $HOME_NET any -> 103.28.33.96 $HTTP_PORTS (msg: "MISP e27516 [] Outgoing URL http|3a|//103.28.33.96/most-mips"; flow:to_server,established; http.header; content:"103.28.33.96"; fast_pattern; nocase; http.uri; content:"/most-mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37947161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27516;) alert ip 103.28.33.96 any -> $HOME_NET any (msg: "MISP e27516 [] Incoming From IP: 103.28.33.96"; classtype:trojan-activity; sid:37947171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27516;) alert ip $HOME_NET any -> 103.28.33.96 2023 (msg: "MISP e27516 [] Outgoing To IP: 103.28.33.96|2023"; classtype:trojan-activity; sid:37947181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27516;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27517 [] Outgoing URL http|3a|//cnc.vmwall.me/bins/VRmips"; flow:to_server,established; http.header; content:"cnc.vmwall.me"; fast_pattern; nocase; http.uri; content:"/bins/VRmips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37947301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27517;) alert dns any any -> any any (msg: "MISP e27517 [] Domain cnc.vmwall.me"; dns.query; content:"cnc.vmwall.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.vmwall\.me$/i"; classtype:trojan-activity; sid:37947311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27517;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27517 [] Outgoing HTTP Domain cnc.vmwall.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cnc.vmwall.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.vmwall\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37947312; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27517;) alert ip $HOME_NET any -> 45.95.146.125 1337 (msg: "MISP e27517 [] Outgoing To IP: 45.95.146.125|1337"; classtype:trojan-activity; sid:37947321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27517;) alert http $HOME_NET any -> 31.220.3.140 $HTTP_PORTS (msg: "MISP e27518 [] Outgoing URL http|3a|//31.220.3.140/ri/la.bot.mips"; flow:to_server,established; http.header; content:"31.220.3.140"; fast_pattern; nocase; http.uri; content:"/ri/la.bot.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37947441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27518;) alert ip 31.220.3.140 any -> $HOME_NET any (msg: "MISP e27518 [] Incoming From IP: 31.220.3.140"; classtype:trojan-activity; sid:37947451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27518;) alert ip $HOME_NET any -> 174.138.7.9 42061 (msg: "MISP e27518 [] Outgoing To IP: 174.138.7.9|42061"; classtype:trojan-activity; sid:37947461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27518;) alert dns any any -> any any (msg: "MISP e27398 [] Domain world-drugs-online.com"; dns.query; content:"world-drugs-online.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])world\-drugs\-online\.com$/i"; classtype:trojan-activity; sid:37931321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27398;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27398 [] Outgoing HTTP Domain world-drugs-online.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"world-drugs-online.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])world\-drugs\-online\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27398;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsnztote.com"; dns.query; content:"marcjacobsnztote.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsnztote\.com$/i"; classtype:trojan-activity; sid:38139871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsnztote.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsnztote.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsnztote\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsoutletnetherland.com"; dns.query; content:"marcjacobsoutletnetherland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsoutletnetherland\.com$/i"; classtype:trojan-activity; sid:38139881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsoutletnetherland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsoutletnetherland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsoutletnetherland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsperutienda.com"; dns.query; content:"marcjacobsperutienda.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsperutienda\.com$/i"; classtype:trojan-activity; sid:38139891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsperutienda.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsperutienda.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsperutienda\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobs-romaniaoutlet.com"; dns.query; content:"marcjacobs-romaniaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobs\-romaniaoutlet\.com$/i"; classtype:trojan-activity; sid:38139901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobs-romaniaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobs-romaniaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobs\-romaniaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobssgoutlet.com"; dns.query; content:"marcjacobssgoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobssgoutlet\.com$/i"; classtype:trojan-activity; sid:38139911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobssgoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobssgoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobssgoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobstotebaghrvatska.com"; dns.query; content:"marcjacobstotebaghrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebaghrvatska\.com$/i"; classtype:trojan-activity; sid:38139921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobstotebaghrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobstotebaghrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstotebaghrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobstoteuae.com"; dns.query; content:"marcjacobstoteuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstoteuae\.com$/i"; classtype:trojan-activity; sid:38139931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobstoteuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobstoteuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobstoteuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakercz.com"; dns.query; content:"tedbakercz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakercz\.com$/i"; classtype:trojan-activity; sid:38139941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakercz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakercz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakercz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerdeutschland.com"; dns.query; content:"tedbakerdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerdeutschland\.com$/i"; classtype:trojan-activity; sid:38139951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakermelbourne.com"; dns.query; content:"tedbakermelbourne.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakermelbourne\.com$/i"; classtype:trojan-activity; sid:38139961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakermelbourne.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakermelbourne.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakermelbourne\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeroutletfrance.com"; dns.query; content:"tedbakeroutletfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletfrance\.com$/i"; classtype:trojan-activity; sid:38139971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeroutletfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeroutletfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeroutletparis.com"; dns.query; content:"tedbakeroutletparis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletparis\.com$/i"; classtype:trojan-activity; sid:38139981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeroutletparis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeroutletparis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletparis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendasmarcjacobsecuador.com"; dns.query; content:"tiendasmarcjacobsecuador.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendasmarcjacobsecuador\.com$/i"; classtype:trojan-activity; sid:38139991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendasmarcjacobsecuador.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendasmarcjacobsecuador.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendasmarcjacobsecuador\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38139992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain totebagmarcjacobscostarica.com"; dns.query; content:"totebagmarcjacobscostarica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])totebagmarcjacobscostarica\.com$/i"; classtype:trojan-activity; sid:38140001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain totebagmarcjacobscostarica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"totebagmarcjacobscostarica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])totebagmarcjacobscostarica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Domain friendly-dirac.104-168-102-175.plesk.page"; dns.query; content:"friendly-dirac.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])friendly\-dirac\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37908701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain friendly-dirac.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"friendly-dirac.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])friendly\-dirac\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.vigilant-kare.104-168-102-175.plesk.page"; dns.query; content:"www.vigilant-kare.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.vigilant\-kare\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37908711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.vigilant-kare.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.vigilant-kare.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.vigilant\-kare\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Domain nice-torvalds.104-168-102-175.plesk.page"; dns.query; content:"nice-torvalds.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-torvalds\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37908721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain nice-torvalds.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nice-torvalds.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-torvalds\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AMAZON-02,AS16509,c2,censys] Domain ec2-3-75-210-134.eu-central-1.compute.amazonaws.com"; dns.query; content:"ec2-3-75-210-134.eu-central-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-75\-210\-134\.eu\-central\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37908731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-3-75-210-134.eu-central-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-75-210-134.eu-central-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-75\-210\-134\.eu\-central\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS208046,c2,censys] Domain fra-col.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"fra-col.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])fra\-col\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37908741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS208046,c2,censys] Outgoing HTTP Domain fra-col.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fra-col.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fra\-col\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Domain optimistic-rubin.104-168-102-175.plesk.page"; dns.query; content:"optimistic-rubin.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])optimistic\-rubin\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37908751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain optimistic-rubin.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"optimistic-rubin.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])optimistic\-rubin\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.friendly-dirac.104-168-102-175.plesk.page"; dns.query; content:"www.friendly-dirac.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.friendly\-dirac\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37908761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.friendly-dirac.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.friendly-dirac.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.friendly\-dirac\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AMAZON-02,AS16509,c2,censys] Domain ec2-18-116-36-101.us-east-2.compute.amazonaws.com"; dns.query; content:"ec2-18-116-36-101.us-east-2.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-116\-36\-101\.us\-east\-2\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37908771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-18-116-36-101.us-east-2.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-18-116-36-101.us-east-2.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-116\-36\-101\.us\-east\-2\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.confident-bouman.104-168-102-175.plesk.page"; dns.query; content:"www.confident-bouman.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.confident\-bouman\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37908781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.confident-bouman.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.confident-bouman.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.confident\-bouman\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 120.79.44.225 2222 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 120.79.44.225|2222"; classtype:trojan-activity; sid:37908791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.hungry-dijkstra.104-168-102-175.plesk.page"; dns.query; content:"www.hungry-dijkstra.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hungry\-dijkstra\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37908801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.hungry-dijkstra.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.hungry-dijkstra.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hungry\-dijkstra\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.adoring-hellman.104-168-102-175.plesk.page"; dns.query; content:"www.adoring-hellman.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.adoring\-hellman\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37908811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.adoring-hellman.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.adoring-hellman.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.adoring\-hellman\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.distracted-cannon.104-168-102-175.plesk.page"; dns.query; content:"www.distracted-cannon.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.distracted\-cannon\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37908821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.distracted-cannon.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.distracted-cannon.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.distracted\-cannon\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Domain pensive-cerf.104-168-102-175.plesk.page"; dns.query; content:"pensive-cerf.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])pensive\-cerf\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37908831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain pensive-cerf.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pensive-cerf.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pensive\-cerf\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 118.89.124.242 1234 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 118.89.124.242|1234"; classtype:trojan-activity; sid:37908841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 74.235.140.183 443 (msg: "MISP e27311 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 74.235.140.183|443"; classtype:trojan-activity; sid:37908851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 141.98.81.98 444 (msg: "MISP e27311 [AS209588,c2,censys,FLYSERVERS-ASN] Outgoing To IP: 141.98.81.98|444"; classtype:trojan-activity; sid:37908861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 8.217.186.171 8888 (msg: "MISP e27311 [AS45102,c2,censys] Outgoing To IP: 8.217.186.171|8888"; classtype:trojan-activity; sid:37908871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain odoo.tendadaalma.com"; dns.query; content:"odoo.tendadaalma.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])odoo\.tendadaalma\.com$/i"; classtype:trojan-activity; sid:37908881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain odoo.tendadaalma.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"odoo.tendadaalma.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])odoo\.tendadaalma\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37908882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 103.243.212.108 8080 (msg: "MISP e27311 [AS55720,c2,censys] Outgoing To IP: 103.243.212.108|8080"; classtype:trojan-activity; sid:37908891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 172.105.37.93 443 (msg: "MISP e27311 [AS63949,c2,censys] Outgoing To IP: 172.105.37.93|443"; classtype:trojan-activity; sid:37908901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 8.134.221.219 443 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 8.134.221.219|443"; classtype:trojan-activity; sid:37908911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 119.91.214.99 2096 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 119.91.214.99|2096"; classtype:trojan-activity; sid:37908921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 119.91.214.99 8880 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 119.91.214.99|8880"; classtype:trojan-activity; sid:37908931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 47.245.122.5 2052 (msg: "MISP e27311 [AS45102,c2,censys] Outgoing To IP: 47.245.122.5|2052"; classtype:trojan-activity; sid:37908941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 47.98.120.157 8080 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 47.98.120.157|8080"; classtype:trojan-activity; sid:37908951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 117.72.46.146 9999 (msg: "MISP e27311 [AS141679,c2,censys] Outgoing To IP: 117.72.46.146|9999"; classtype:trojan-activity; sid:37908961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 159.75.104.8 443 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 159.75.104.8|443"; classtype:trojan-activity; sid:37908971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 39.109.127.135 443 (msg: "MISP e27311 [AS142403,c2,censys] Outgoing To IP: 39.109.127.135|443"; classtype:trojan-activity; sid:37908981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 43.153.228.97 8080 (msg: "MISP e27311 [AS132203,c2,censys] Outgoing To IP: 43.153.228.97|8080"; classtype:trojan-activity; sid:37908991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 43.153.228.97 8880 (msg: "MISP e27311 [AS132203,c2,censys] Outgoing To IP: 43.153.228.97|8880"; classtype:trojan-activity; sid:37909001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 123.56.251.159 80 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 123.56.251.159|80"; classtype:trojan-activity; sid:37909011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS208046,c2,censys] Domain nebula-cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"nebula-cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])nebula\-cdn\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37909021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS208046,c2,censys] Outgoing HTTP Domain nebula-cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nebula-cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nebula\-cdn\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 39.105.204.175 80 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 39.105.204.175|80"; classtype:trojan-activity; sid:37909031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 39.107.89.22 4443 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 39.107.89.22|4443"; classtype:trojan-activity; sid:37909041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 175.27.162.205 443 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 175.27.162.205|443"; classtype:trojan-activity; sid:37909051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 60.204.151.115 3214 (msg: "MISP e27311 [AS55990,c2,censys] Outgoing To IP: 60.204.151.115|3214"; classtype:trojan-activity; sid:37909061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 8.130.95.105 8888 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 8.130.95.105|8888"; classtype:trojan-activity; sid:37909071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 111.229.213.107 80 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 111.229.213.107|80"; classtype:trojan-activity; sid:37909081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 154.3.1.95 80 (msg: "MISP e27311 [AS63916,c2,censys] Outgoing To IP: 154.3.1.95|80"; classtype:trojan-activity; sid:37909091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 185.204.0.115 82 (msg: "MISP e27311 [AS204997,c2,censys,FIRSTBYTE-AS] Outgoing To IP: 185.204.0.115|82"; classtype:trojan-activity; sid:37909101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 138.201.132.254 4443 (msg: "MISP e27311 [AS24940,c2,censys,HETZNER-AS] Outgoing To IP: 138.201.132.254|4443"; classtype:trojan-activity; sid:37909111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 118.24.128.204 8086 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 118.24.128.204|8086"; classtype:trojan-activity; sid:37909121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 121.36.77.90 81 (msg: "MISP e27311 [AS55990,c2,censys] Outgoing To IP: 121.36.77.90|81"; classtype:trojan-activity; sid:37909131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 111.231.74.147 8888 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 111.231.74.147|8888"; classtype:trojan-activity; sid:37909141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 124.71.9.23 8500 (msg: "MISP e27311 [AS55990,c2,censys] Outgoing To IP: 124.71.9.23|8500"; classtype:trojan-activity; sid:37909151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 123.57.186.159 80 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 123.57.186.159|80"; classtype:trojan-activity; sid:37909161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 114.116.18.42 2087 (msg: "MISP e27311 [AS4808,c2,censys] Outgoing To IP: 114.116.18.42|2087"; classtype:trojan-activity; sid:37909171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 43.139.122.66 80 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 43.139.122.66|80"; classtype:trojan-activity; sid:37909181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 23.26.137.225 8080 (msg: "MISP e27311 [AS25846,c2,censys,US-CLOUDNIUM-01] Outgoing To IP: 23.26.137.225|8080"; classtype:trojan-activity; sid:37909191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 182.149.199.249 8123 (msg: "MISP e27311 [AS4134,c2,censys] Outgoing To IP: 182.149.199.249|8123"; classtype:trojan-activity; sid:37909201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 43.140.250.89 80 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 43.140.250.89|80"; classtype:trojan-activity; sid:37909211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 43.140.250.89 4444 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 43.140.250.89|4444"; classtype:trojan-activity; sid:37909221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 47.109.106.162 9999 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 47.109.106.162|9999"; classtype:trojan-activity; sid:37909231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 94.156.67.192 443 (msg: "MISP e27311 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.67.192|443"; classtype:trojan-activity; sid:37909241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 119.91.209.244 8088 (msg: "MISP e27311 [AS45090,c2,censys] Outgoing To IP: 119.91.209.244|8088"; classtype:trojan-activity; sid:37909251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 47.98.232.222 22311 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 47.98.232.222|22311"; classtype:trojan-activity; sid:37909261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 107.172.196.196 4433 (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 107.172.196.196|4433"; classtype:trojan-activity; sid:37909271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 101.36.111.175 443 (msg: "MISP e27311 [AS135377,c2,censys] Outgoing To IP: 101.36.111.175|443"; classtype:trojan-activity; sid:37909281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 43.134.20.68 9520 (msg: "MISP e27311 [AS132203,c2,censys] Outgoing To IP: 43.134.20.68|9520"; classtype:trojan-activity; sid:37909291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 185.81.68.249 445 (msg: "MISP e27311 [AS57523,c2,censys,CHANGWAY-AS] Outgoing To IP: 185.81.68.249|445"; classtype:trojan-activity; sid:37909301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 185.81.68.249 80 (msg: "MISP e27311 [AS57523,c2,censys,CHANGWAY-AS] Outgoing To IP: 185.81.68.249|80"; classtype:trojan-activity; sid:37909311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 185.81.68.249 443 (msg: "MISP e27311 [AS57523,c2,censys,CHANGWAY-AS] Outgoing To IP: 185.81.68.249|443"; classtype:trojan-activity; sid:37909321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 47.109.149.105 8085 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 47.109.149.105|8085"; classtype:trojan-activity; sid:37909331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 176.32.38.186 80 (msg: "MISP e27311 [AS49392,ASBAXETN,c2,censys] Outgoing To IP: 176.32.38.186|80"; classtype:trojan-activity; sid:37909341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 149.28.155.53 80 (msg: "MISP e27311 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 149.28.155.53|80"; classtype:trojan-activity; sid:37909351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 105.100.30.87 1001 (msg: "MISP e27311 [ALGTEL-AS,AS36947,c2,censys] Outgoing To IP: 105.100.30.87|1001"; classtype:trojan-activity; sid:37909361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 195.201.223.219 443 (msg: "MISP e27311 [AS24940,c2,censys,HETZNER-AS] Outgoing To IP: 195.201.223.219|443"; classtype:trojan-activity; sid:37909371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 137.184.114.2 443 (msg: "MISP e27311 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 137.184.114.2|443"; classtype:trojan-activity; sid:37909381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 104.40.132.124 443 (msg: "MISP e27311 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 104.40.132.124|443"; classtype:trojan-activity; sid:37909391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 121.43.52.194 8443 (msg: "MISP e27311 [AS37963,c2,censys] Outgoing To IP: 121.43.52.194|8443"; classtype:trojan-activity; sid:37909401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 78.129.165.233 31337 (msg: "MISP e27311 [AS20860,c2,censys,IOMART-AS] Outgoing To IP: 78.129.165.233|31337"; classtype:trojan-activity; sid:37909411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 45.10.246.27 443 (msg: "MISP e27311 [AS29470,c2,censys,RETNNET-AS] Outgoing To IP: 45.10.246.27|443"; classtype:trojan-activity; sid:37909421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 78.89.158.155 8888 (msg: "MISP e27311 [AS29357,c2,censys,WATANIYATELECOM-AS] Outgoing To IP: 78.89.158.155|8888"; classtype:trojan-activity; sid:37909431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 38.55.204.19 80 (msg: "MISP e27311 [AS55020,c2,censys,IDCCLOUD,RAT] Outgoing To IP: 38.55.204.19|80"; classtype:trojan-activity; sid:37909441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 172.245.134.75 8888 (msg: "MISP e27311 [AS-COLOCROSSING,AS36352,c2,censys,Supershell] Outgoing To IP: 172.245.134.75|8888"; classtype:trojan-activity; sid:37909451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 192.159.99.54 8888 (msg: "MISP e27311 [1GSERVERS,AS14315,c2,censys,RAT] Outgoing To IP: 192.159.99.54|8888"; classtype:trojan-activity; sid:37909461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 128.90.122.163 9999 (msg: "MISP e27311 [AS40861,c2,censys,PARAD-40-ASN,RAT] Outgoing To IP: 128.90.122.163|9999"; classtype:trojan-activity; sid:37909471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 193.124.205.80 80 (msg: "MISP e27311 [AS207994,c2,censys,RAT] Outgoing To IP: 193.124.205.80|80"; classtype:trojan-activity; sid:37909481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 188.126.90.14 2000 (msg: "MISP e27311 [AS42708,c2,censys,RAT] Outgoing To IP: 188.126.90.14|2000"; classtype:trojan-activity; sid:37909491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 94.156.69.251 6606 (msg: "MISP e27311 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 94.156.69.251|6606"; classtype:trojan-activity; sid:37909501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 69.64.95.233 7707 (msg: "MISP e27311 [AS18501,c2,censys,CODERO-DFW,RAT] Outgoing To IP: 69.64.95.233|7707"; classtype:trojan-activity; sid:37909511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 89.117.49.133 2000 (msg: "MISP e27311 [AS51167,c2,censys,CONTABO,RAT] Outgoing To IP: 89.117.49.133|2000"; classtype:trojan-activity; sid:37909521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 89.117.49.133 6006 (msg: "MISP e27311 [AS51167,c2,censys,CONTABO,RAT] Outgoing To IP: 89.117.49.133|6006"; classtype:trojan-activity; sid:37909531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 142.11.201.125 8712 (msg: "MISP e27311 [AS54290,c2,censys,HOSTWINDS,RAT] Outgoing To IP: 142.11.201.125|8712"; classtype:trojan-activity; sid:37909541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 94.156.69.174 6606 (msg: "MISP e27311 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 94.156.69.174|6606"; classtype:trojan-activity; sid:37909551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 91.92.246.134 8808 (msg: "MISP e27311 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.246.134|8808"; classtype:trojan-activity; sid:37909561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 91.92.246.152 4747 (msg: "MISP e27311 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 91.92.246.152|4747"; classtype:trojan-activity; sid:37909571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 147.124.217.110 8888 (msg: "MISP e27311 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 147.124.217.110|8888"; classtype:trojan-activity; sid:37909581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 147.124.217.110 9999 (msg: "MISP e27311 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 147.124.217.110|9999"; classtype:trojan-activity; sid:37909591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 51.89.109.154 7707 (msg: "MISP e27311 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 51.89.109.154|7707"; classtype:trojan-activity; sid:37909601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 51.89.109.154 8808 (msg: "MISP e27311 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 51.89.109.154|8808"; classtype:trojan-activity; sid:37909611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 38.180.30.53 8080 (msg: "MISP e27311 [AS9009,c2,censys,M247,RAT] Outgoing To IP: 38.180.30.53|8080"; classtype:trojan-activity; sid:37909621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 216.250.255.99 7707 (msg: "MISP e27311 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 216.250.255.99|7707"; classtype:trojan-activity; sid:37909631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 216.250.255.99 8808 (msg: "MISP e27311 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 216.250.255.99|8808"; classtype:trojan-activity; sid:37909641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 185.174.101.80 6606 (msg: "MISP e27311 [AS8100,ASN-QUADRANET-GLOBAL,c2,censys,RAT] Outgoing To IP: 185.174.101.80|6606"; classtype:trojan-activity; sid:37909651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 172.111.148.11 222 (msg: "MISP e27311 [AS9009,c2,censys,M247,RAT] Outgoing To IP: 172.111.148.11|222"; classtype:trojan-activity; sid:37909661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 51.195.231.121 7707 (msg: "MISP e27311 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 51.195.231.121|7707"; classtype:trojan-activity; sid:37909671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 93.148.180.205 443 (msg: "MISP e27311 [AS30722,c2,censys,Mythic,VODAFONE-IT-ASN] Outgoing To IP: 93.148.180.205|443"; classtype:trojan-activity; sid:37909681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS16276,c2,censys,Mythic,OVH] Domain ip181.ip-51-81-90.us"; dns.query; content:"ip181.ip-51-81-90.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])ip181\.ip\-51\-81\-90\.us$/i"; classtype:trojan-activity; sid:37909691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS16276,c2,censys,Mythic,OVH] Outgoing HTTP Domain ip181.ip-51-81-90.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ip181.ip-51-81-90.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ip181\.ip\-51\-81\-90\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 109.116.212.249 443 (msg: "MISP e27311 [AS30722,c2,censys,Mythic,VODAFONE-IT-ASN] Outgoing To IP: 109.116.212.249|443"; classtype:trojan-activity; sid:37909701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 103.114.163.214 80 (msg: "MISP e27311 [AS142036,c2,censys,HookBot] Outgoing To IP: 103.114.163.214|80"; classtype:trojan-activity; sid:37909711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain grinevitchnicolas3.fvds.ru"; dns.query; content:"grinevitchnicolas3.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas3\.fvds\.ru$/i"; classtype:trojan-activity; sid:37909721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain grinevitchnicolas3.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grinevitchnicolas3.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas3\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Domain coinprime.net"; dns.query; content:"coinprime.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])coinprime\.net$/i"; classtype:trojan-activity; sid:37909731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Outgoing HTTP Domain coinprime.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"coinprime.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])coinprime\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 181.161.15.137 8080 (msg: "MISP e27311 [AS7418,c2,censys,RAT] Outgoing To IP: 181.161.15.137|8080"; classtype:trojan-activity; sid:37909741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 51.178.185.143 443 (msg: "MISP e27311 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 51.178.185.143|443"; classtype:trojan-activity; sid:37909751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 195.214.254.161 4444 (msg: "MISP e27311 [AS35773,c2,censys,RAT] Outgoing To IP: 195.214.254.161|4444"; classtype:trojan-activity; sid:37909761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS28907,c2,censys] Domain test-control.rnb-team.com"; dns.query; content:"test-control.rnb-team.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])test\-control\.rnb\-team\.com$/i"; classtype:trojan-activity; sid:37909771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS28907,c2,censys] Outgoing HTTP Domain test-control.rnb-team.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"test-control.rnb-team.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])test\-control\.rnb\-team\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS9009,c2,censys,M247] Domain 211.20.97.83.ro.ovo.sc"; dns.query; content:"211.20.97.83.ro.ovo.sc"; nocase; pcre: "/(^|[^A-Za-z0-9-])211\.20\.97\.83\.ro\.ovo\.sc$/i"; classtype:trojan-activity; sid:37909781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS9009,c2,censys,M247] Outgoing HTTP Domain 211.20.97.83.ro.ovo.sc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"211.20.97.83.ro.ovo.sc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])211\.20\.97\.83\.ro\.ovo\.sc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain kcrn.sk"; dns.query; content:"kcrn.sk"; nocase; pcre: "/(^|[^A-Za-z0-9-])kcrn\.sk$/i"; classtype:trojan-activity; sid:37909791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain kcrn.sk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kcrn.sk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kcrn\.sk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 181.215.4.52 6000 (msg: "MISP e27311 [AS272696,c2,censys,RAT] Outgoing To IP: 181.215.4.52|6000"; classtype:trojan-activity; sid:37909801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 103.155.214.134 443 (msg: "MISP e27311 [AS136778,c2,censys,RAT] Outgoing To IP: 103.155.214.134|443"; classtype:trojan-activity; sid:37909811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 94.156.8.224 80 (msg: "MISP e27311 [AS216289,c2,censys,SIRCROSAR-NET] Outgoing To IP: 94.156.8.224|80"; classtype:trojan-activity; sid:37909821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 188.119.112.64 80 (msg: "MISP e27311 [AS44477,c2,censys,STARK-INDUSTRIES] Outgoing To IP: 188.119.112.64|80"; classtype:trojan-activity; sid:37909831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 111.90.145.26 80 (msg: "MISP e27311 [AS45839,c2,censys] Outgoing To IP: 111.90.145.26|80"; classtype:trojan-activity; sid:37909841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 103.215.124.60 80 (msg: "MISP e27311 [AS137451,c2,censys] Outgoing To IP: 103.215.124.60|80"; classtype:trojan-activity; sid:37909851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 103.215.124.119 80 (msg: "MISP e27311 [AS137451,c2,censys] Outgoing To IP: 103.215.124.119|80"; classtype:trojan-activity; sid:37909861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 20.0.153.70 8080 (msg: "MISP e27311 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.0.153.70|8080"; classtype:trojan-activity; sid:37909871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 94.156.69.44 80 (msg: "MISP e27311 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.69.44|80"; classtype:trojan-activity; sid:37909881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 94.156.69.44 8080 (msg: "MISP e27311 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.69.44|8080"; classtype:trojan-activity; sid:37909891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 158.255.74.150 7443 (msg: "MISP e27311 [AS60631,c2,censys,Covenant,PARVASYSTEM] Outgoing To IP: 158.255.74.150|7443"; classtype:trojan-activity; sid:37909901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 89.73.53.34 443 (msg: "MISP e27311 [AS6830,c2,censys] Outgoing To IP: 89.73.53.34|443"; classtype:trojan-activity; sid:37909911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS6830,c2,censys] Domain 89-73-53-34.dynamic.chello.pl"; dns.query; content:"89-73-53-34.dynamic.chello.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-])89\-73\-53\-34\.dynamic\.chello\.pl$/i"; classtype:trojan-activity; sid:37909921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS6830,c2,censys] Outgoing HTTP Domain 89-73-53-34.dynamic.chello.pl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"89-73-53-34.dynamic.chello.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])89\-73\-53\-34\.dynamic\.chello\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS6830,c2,censys] Domain www.onceuponatimeiwent.online"; dns.query; content:"www.onceuponatimeiwent.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.onceuponatimeiwent\.online$/i"; classtype:trojan-activity; sid:37909931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS6830,c2,censys] Outgoing HTTP Domain www.onceuponatimeiwent.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.onceuponatimeiwent.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.onceuponatimeiwent\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-54-234-189-192.compute-1.amazonaws.com"; dns.query; content:"ec2-54-234-189-192.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-234\-189\-192\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37909941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-54-234-189-192.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-234-189-192.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-234\-189\-192\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Domain dqspduqsfjksdfhgjks.com"; dns.query; content:"dqspduqsfjksdfhgjks.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dqspduqsfjksdfhgjks\.com$/i"; classtype:trojan-activity; sid:37909951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Outgoing HTTP Domain dqspduqsfjksdfhgjks.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dqspduqsfjksdfhgjks.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dqspduqsfjksdfhgjks\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Domain fsdjkhfkjsdhfkjdhfgg.cfd"; dns.query; content:"fsdjkhfkjsdhfkjdhfgg.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])fsdjkhfkjsdhfkjdhfgg\.cfd$/i"; classtype:trojan-activity; sid:37909961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS13335,c2,censys,CLOUDFLARENET,EpsilonStealer,stealer] Outgoing HTTP Domain fsdjkhfkjsdhfkjdhfgg.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fsdjkhfkjsdhfkjdhfgg.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fsdjkhfkjsdhfkjdhfgg\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37909962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 194.116.216.83 80 (msg: "MISP e27311 [AS56971,c2,censys,CLOUDBACKBONE] Outgoing To IP: 194.116.216.83|80"; classtype:trojan-activity; sid:37909971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 194.48.250.11 80 (msg: "MISP e27311 [AS216078,c2,censys,KREMER-AS] Outgoing To IP: 194.48.250.11|80"; classtype:trojan-activity; sid:37909981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 137.175.17.137 80 (msg: "MISP e27311 [AS54600,c2,censys,PEG-SV] Outgoing To IP: 137.175.17.137|80"; classtype:trojan-activity; sid:37909991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 144.172.73.36 80 (msg: "MISP e27311 [AS49581,c2,censys,FERDINANDZINK] Outgoing To IP: 144.172.73.36|80"; classtype:trojan-activity; sid:37910001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 94.156.65.239 80 (msg: "MISP e27311 [AS394711,c2,censys,LIMENET,UNAM] Outgoing To IP: 94.156.65.239|80"; classtype:trojan-activity; sid:37910011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 94.156.65.239 443 (msg: "MISP e27311 [AS394711,c2,censys,LIMENET,UNAM] Outgoing To IP: 94.156.65.239|443"; classtype:trojan-activity; sid:37910021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS24940,c2,censys,HETZNER-AS,UNAM] Domain static.55.253.216.95.clients.your-server.de"; dns.query; content:"static.55.253.216.95.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.55\.253\.216\.95\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37910031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS24940,c2,censys,HETZNER-AS,UNAM] Outgoing HTTP Domain static.55.253.216.95.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.55.253.216.95.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.55\.253\.216\.95\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37910032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS50113,c2,censys,SUPERSERVERSDATACENTER,UNAM] Domain www.telefonemusk.ru"; dns.query; content:"www.telefonemusk.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.telefonemusk\.ru$/i"; classtype:trojan-activity; sid:37910041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS50113,c2,censys,SUPERSERVERSDATACENTER,UNAM] Outgoing HTTP Domain www.telefonemusk.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.telefonemusk.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.telefonemusk\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37910042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 209.141.35.155 60000 (msg: "MISP e27311 [AS53667,censys,PONYNET,Viper] Outgoing To IP: 209.141.35.155|60000"; classtype:trojan-activity; sid:37910051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 124.223.60.44 59988 (msg: "MISP e27311 [AS45090,censys,Viper] Outgoing To IP: 124.223.60.44|59988"; classtype:trojan-activity; sid:37910061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 38.6.217.139 60000 (msg: "MISP e27311 [AS55020,censys,IDCCLOUD,Viper] Outgoing To IP: 38.6.217.139|60000"; classtype:trojan-activity; sid:37910071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 120.27.130.110 60000 (msg: "MISP e27311 [AS37963,censys,Viper] Outgoing To IP: 120.27.130.110|60000"; classtype:trojan-activity; sid:37910081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS16276,censys,EvilGinx,OVH,phishing] Domain mehdi.fargan.fun"; dns.query; content:"mehdi.fargan.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])mehdi\.fargan\.fun$/i"; classtype:trojan-activity; sid:37910091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS16276,censys,EvilGinx,OVH,phishing] Outgoing HTTP Domain mehdi.fargan.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mehdi.fargan.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mehdi\.fargan\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37910092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS16276,censys,EvilGinx,OVH,phishing] Domain webmail.afld.afld.email"; dns.query; content:"webmail.afld.afld.email"; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\.afld\.afld\.email$/i"; classtype:trojan-activity; sid:37910101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS16276,censys,EvilGinx,OVH,phishing] Outgoing HTTP Domain webmail.afld.afld.email"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webmail.afld.afld.email"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\.afld\.afld\.email[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37910102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27311 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Domain louiseanderson.top"; dns.query; content:"louiseanderson.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])louiseanderson\.top$/i"; classtype:trojan-activity; sid:37910111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27311 [AS54290,censys,EvilGinx,HOSTWINDS,phishing] Outgoing HTTP Domain louiseanderson.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"louiseanderson.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])louiseanderson\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37910112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 20.197.1.237 3333 (msg: "MISP e27311 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.197.1.237|3333"; classtype:trojan-activity; sid:37910121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 52.91.198.222 3333 (msg: "MISP e27311 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 52.91.198.222|3333"; classtype:trojan-activity; sid:37910131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 34.16.179.120 443 (msg: "MISP e27311 [AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,phishing] Outgoing To IP: 34.16.179.120|443"; classtype:trojan-activity; sid:37910141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 148.251.70.245 3333 (msg: "MISP e27311 [AS24940,censys,GoPhish,HETZNER-AS,phishing] Outgoing To IP: 148.251.70.245|3333"; classtype:trojan-activity; sid:37910151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 79.136.1.62 3333 (msg: "MISP e27311 [AS8473,BAHNHOF,censys,GoPhish,phishing] Outgoing To IP: 79.136.1.62|3333"; classtype:trojan-activity; sid:37910161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 172.166.104.143 3333 (msg: "MISP e27311 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 172.166.104.143|3333"; classtype:trojan-activity; sid:37910171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 185.67.144.27 3333 (msg: "MISP e27311 [AS201675,censys,GoPhish,phishing,SACLAK-NETWORK] Outgoing To IP: 185.67.144.27|3333"; classtype:trojan-activity; sid:37910181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 143.198.142.205 443 (msg: "MISP e27311 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 143.198.142.205|443"; classtype:trojan-activity; sid:37910191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 46.101.67.13 3333 (msg: "MISP e27311 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 46.101.67.13|3333"; classtype:trojan-activity; sid:37910201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 139.224.226.16 80 (msg: "MISP e27311 [AS37963,censys,GoPhish,phishing] Outgoing To IP: 139.224.226.16|80"; classtype:trojan-activity; sid:37910211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 164.90.225.172 3333 (msg: "MISP e27311 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 164.90.225.172|3333"; classtype:trojan-activity; sid:37910221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 35.91.72.47 443 (msg: "MISP e27311 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 35.91.72.47|443"; classtype:trojan-activity; sid:37910231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 172.105.90.105 3333 (msg: "MISP e27311 [AS63949,censys,GoPhish,phishing] Outgoing To IP: 172.105.90.105|3333"; classtype:trojan-activity; sid:37910241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 3.17.238.239 8443 (msg: "MISP e27311 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.17.238.239|8443"; classtype:trojan-activity; sid:37910251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 141.95.103.204 3333 (msg: "MISP e27311 [AS16276,censys,GoPhish,OVH,phishing] Outgoing To IP: 141.95.103.204|3333"; classtype:trojan-activity; sid:37910261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 52.230.156.245 3333 (msg: "MISP e27311 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 52.230.156.245|3333"; classtype:trojan-activity; sid:37910271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 209.126.11.205 3333 (msg: "MISP e27311 [AS40021,censys,GoPhish,NL-811-40021,phishing] Outgoing To IP: 209.126.11.205|3333"; classtype:trojan-activity; sid:37910281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 3.248.97.215 443 (msg: "MISP e27311 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.248.97.215|443"; classtype:trojan-activity; sid:37910291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 4.195.13.65 3333 (msg: "MISP e27311 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 4.195.13.65|3333"; classtype:trojan-activity; sid:37910301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 52.21.238.43 3333 (msg: "MISP e27311 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 52.21.238.43|3333"; classtype:trojan-activity; sid:37910311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 64.23.192.202 443 (msg: "MISP e27311 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 64.23.192.202|443"; classtype:trojan-activity; sid:37910321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 159.65.154.173 9999 (msg: "MISP e27311 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 159.65.154.173|9999"; classtype:trojan-activity; sid:37910331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 13.246.74.195 443 (msg: "MISP e27311 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 13.246.74.195|443"; classtype:trojan-activity; sid:37910341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 23.102.177.73 3333 (msg: "MISP e27311 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 23.102.177.73|3333"; classtype:trojan-activity; sid:37910351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 47.101.199.4 3333 (msg: "MISP e27311 [AS37963,censys,GoPhish,phishing] Outgoing To IP: 47.101.199.4|3333"; classtype:trojan-activity; sid:37910361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 20.96.214.209 3333 (msg: "MISP e27311 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.96.214.209|3333"; classtype:trojan-activity; sid:37910371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 203.150.107.51 443 (msg: "MISP e27311 [AS4618,censys,GoPhish,phishing] Outgoing To IP: 203.150.107.51|443"; classtype:trojan-activity; sid:37910381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 88.92.248.233 443 (msg: "MISP e27311 [AS2119,censys,GoPhish,phishing] Outgoing To IP: 88.92.248.233|443"; classtype:trojan-activity; sid:37910391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 20.246.36.189 3333 (msg: "MISP e27311 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.246.36.189|3333"; classtype:trojan-activity; sid:37910401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 148.135.18.146 80 (msg: "MISP e27311 [AS35916,censys,GoPhish,MULTA-ASN1,phishing] Outgoing To IP: 148.135.18.146|80"; classtype:trojan-activity; sid:37910411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 172.166.109.238 3333 (msg: "MISP e27311 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 172.166.109.238|3333"; classtype:trojan-activity; sid:37910421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 3.230.227.93 443 (msg: "MISP e27311 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 3.230.227.93|443"; classtype:trojan-activity; sid:37910431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 40.124.178.11 3333 (msg: "MISP e27311 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 40.124.178.11|3333"; classtype:trojan-activity; sid:37910441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 20.161.143.69 3333 (msg: "MISP e27311 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.161.143.69|3333"; classtype:trojan-activity; sid:37910451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 20.53.122.123 3333 (msg: "MISP e27311 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.53.122.123|3333"; classtype:trojan-activity; sid:37910461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 185.45.195.223 44133 (msg: "MISP e27311 [AS60117,censys,GoPhish,HS,phishing] Outgoing To IP: 185.45.195.223|44133"; classtype:trojan-activity; sid:37910471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 185.84.162.165 3333 (msg: "MISP e27311 [AS9123,censys,GoPhish,phishing,TIMEWEB-AS] Outgoing To IP: 185.84.162.165|3333"; classtype:trojan-activity; sid:37910481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 34.246.235.101 443 (msg: "MISP e27311 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 34.246.235.101|443"; classtype:trojan-activity; sid:37910491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert ip $HOME_NET any -> 52.57.248.145 80 (msg: "MISP e27311 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 52.57.248.145|80"; classtype:trojan-activity; sid:37910501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert dns any any -> any any (msg: "MISP e27520 [] Domain louiseanderson.top"; dns.query; content:"louiseanderson.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])louiseanderson\.top$/i"; classtype:trojan-activity; sid:37948881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain louiseanderson.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"louiseanderson.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])louiseanderson\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain webmail.afld.afld.email"; dns.query; content:"webmail.afld.afld.email"; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\.afld\.afld\.email$/i"; classtype:trojan-activity; sid:37948891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain webmail.afld.afld.email"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"webmail.afld.afld.email"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])webmail\.afld\.afld\.email[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain mehdi.fargan.fun"; dns.query; content:"mehdi.fargan.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])mehdi\.fargan\.fun$/i"; classtype:trojan-activity; sid:37948901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain mehdi.fargan.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mehdi.fargan.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mehdi\.fargan\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain www.telefonemusk.ru"; dns.query; content:"www.telefonemusk.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.telefonemusk\.ru$/i"; classtype:trojan-activity; sid:37948911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain www.telefonemusk.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.telefonemusk.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.telefonemusk\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain static.55.253.216.95.clients.your-server.de"; dns.query; content:"static.55.253.216.95.clients.your-server.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.55\.253\.216\.95\.clients\.your\-server\.de$/i"; classtype:trojan-activity; sid:37948921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain static.55.253.216.95.clients.your-server.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.55.253.216.95.clients.your-server.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.55\.253\.216\.95\.clients\.your\-server\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain fsdjkhfkjsdhfkjdhfgg.cfd"; dns.query; content:"fsdjkhfkjsdhfkjdhfgg.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])fsdjkhfkjsdhfkjdhfgg\.cfd$/i"; classtype:trojan-activity; sid:37948931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain fsdjkhfkjsdhfkjdhfgg.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fsdjkhfkjsdhfkjdhfgg.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fsdjkhfkjsdhfkjdhfgg\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain dqspduqsfjksdfhgjks.com"; dns.query; content:"dqspduqsfjksdfhgjks.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dqspduqsfjksdfhgjks\.com$/i"; classtype:trojan-activity; sid:37948941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain dqspduqsfjksdfhgjks.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dqspduqsfjksdfhgjks.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dqspduqsfjksdfhgjks\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain ec2-54-234-189-192.compute-1.amazonaws.com"; dns.query; content:"ec2-54-234-189-192.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-234\-189\-192\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37948951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain ec2-54-234-189-192.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-234-189-192.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-234\-189\-192\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain www.onceuponatimeiwent.online"; dns.query; content:"www.onceuponatimeiwent.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.onceuponatimeiwent\.online$/i"; classtype:trojan-activity; sid:37948961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain www.onceuponatimeiwent.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.onceuponatimeiwent.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.onceuponatimeiwent\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain 89-73-53-34.dynamic.chello.pl"; dns.query; content:"89-73-53-34.dynamic.chello.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-])89\-73\-53\-34\.dynamic\.chello\.pl$/i"; classtype:trojan-activity; sid:37948971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain 89-73-53-34.dynamic.chello.pl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"89-73-53-34.dynamic.chello.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])89\-73\-53\-34\.dynamic\.chello\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain kcrn.sk"; dns.query; content:"kcrn.sk"; nocase; pcre: "/(^|[^A-Za-z0-9-])kcrn\.sk$/i"; classtype:trojan-activity; sid:37948981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain kcrn.sk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kcrn.sk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kcrn\.sk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain test-control.rnb-team.com"; dns.query; content:"test-control.rnb-team.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])test\-control\.rnb\-team\.com$/i"; classtype:trojan-activity; sid:37948991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain test-control.rnb-team.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"test-control.rnb-team.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])test\-control\.rnb\-team\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37948992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain 211.20.97.83.ro.ovo.sc"; dns.query; content:"211.20.97.83.ro.ovo.sc"; nocase; pcre: "/(^|[^A-Za-z0-9-])211\.20\.97\.83\.ro\.ovo\.sc$/i"; classtype:trojan-activity; sid:37949001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain 211.20.97.83.ro.ovo.sc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"211.20.97.83.ro.ovo.sc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])211\.20\.97\.83\.ro\.ovo\.sc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain coinprime.net"; dns.query; content:"coinprime.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])coinprime\.net$/i"; classtype:trojan-activity; sid:37949011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain coinprime.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"coinprime.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])coinprime\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain grinevitchnicolas3.fvds.ru"; dns.query; content:"grinevitchnicolas3.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas3\.fvds\.ru$/i"; classtype:trojan-activity; sid:37949021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain grinevitchnicolas3.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grinevitchnicolas3.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas3\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain ip181.ip-51-81-90.us"; dns.query; content:"ip181.ip-51-81-90.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])ip181\.ip\-51\-81\-90\.us$/i"; classtype:trojan-activity; sid:37949031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain ip181.ip-51-81-90.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ip181.ip-51-81-90.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ip181\.ip\-51\-81\-90\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain nebula-cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"nebula-cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])nebula\-cdn\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37949041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain nebula-cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nebula-cdn.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nebula\-cdn\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain odoo.tendadaalma.com"; dns.query; content:"odoo.tendadaalma.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])odoo\.tendadaalma\.com$/i"; classtype:trojan-activity; sid:37949051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain odoo.tendadaalma.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"odoo.tendadaalma.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])odoo\.tendadaalma\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain www.distracted-cannon.104-168-102-175.plesk.page"; dns.query; content:"www.distracted-cannon.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.distracted\-cannon\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37949061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain www.distracted-cannon.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.distracted-cannon.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.distracted\-cannon\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain pensive-cerf.104-168-102-175.plesk.page"; dns.query; content:"pensive-cerf.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])pensive\-cerf\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37949071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain pensive-cerf.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pensive-cerf.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pensive\-cerf\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain www.hungry-dijkstra.104-168-102-175.plesk.page"; dns.query; content:"www.hungry-dijkstra.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hungry\-dijkstra\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37949081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain www.hungry-dijkstra.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.hungry-dijkstra.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hungry\-dijkstra\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain www.adoring-hellman.104-168-102-175.plesk.page"; dns.query; content:"www.adoring-hellman.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.adoring\-hellman\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37949091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain www.adoring-hellman.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.adoring-hellman.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.adoring\-hellman\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain ec2-18-116-36-101.us-east-2.compute.amazonaws.com"; dns.query; content:"ec2-18-116-36-101.us-east-2.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-116\-36\-101\.us\-east\-2\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37949101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain ec2-18-116-36-101.us-east-2.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-18-116-36-101.us-east-2.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-18\-116\-36\-101\.us\-east\-2\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain www.confident-bouman.104-168-102-175.plesk.page"; dns.query; content:"www.confident-bouman.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.confident\-bouman\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37949111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain www.confident-bouman.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.confident-bouman.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.confident\-bouman\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain www.friendly-dirac.104-168-102-175.plesk.page"; dns.query; content:"www.friendly-dirac.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.friendly\-dirac\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37949121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain www.friendly-dirac.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.friendly-dirac.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.friendly\-dirac\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain fra-col.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"fra-col.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])fra\-col\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37949131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain fra-col.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fra-col.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fra\-col\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain optimistic-rubin.104-168-102-175.plesk.page"; dns.query; content:"optimistic-rubin.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])optimistic\-rubin\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37949141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain optimistic-rubin.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"optimistic-rubin.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])optimistic\-rubin\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain nice-torvalds.104-168-102-175.plesk.page"; dns.query; content:"nice-torvalds.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-torvalds\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37949151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain nice-torvalds.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nice-torvalds.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nice\-torvalds\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain ec2-3-75-210-134.eu-central-1.compute.amazonaws.com"; dns.query; content:"ec2-3-75-210-134.eu-central-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-75\-210\-134\.eu\-central\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37949161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain ec2-3-75-210-134.eu-central-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-3-75-210-134.eu-central-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-3\-75\-210\-134\.eu\-central\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain www.vigilant-kare.104-168-102-175.plesk.page"; dns.query; content:"www.vigilant-kare.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.vigilant\-kare\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37949171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain www.vigilant-kare.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.vigilant-kare.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.vigilant\-kare\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert dns any any -> any any (msg: "MISP e27520 [] Domain friendly-dirac.104-168-102-175.plesk.page"; dns.query; content:"friendly-dirac.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])friendly\-dirac\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37949181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27520 [] Outgoing HTTP Domain friendly-dirac.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"friendly-dirac.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])friendly\-dirac\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37949182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 52.57.248.145 80 (msg: "MISP e27520 [] Outgoing To IP: 52.57.248.145|80"; classtype:trojan-activity; sid:37949191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 34.246.235.101 443 (msg: "MISP e27520 [] Outgoing To IP: 34.246.235.101|443"; classtype:trojan-activity; sid:37949201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 185.84.162.165 3333 (msg: "MISP e27520 [] Outgoing To IP: 185.84.162.165|3333"; classtype:trojan-activity; sid:37949211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 185.45.195.223 44133 (msg: "MISP e27520 [] Outgoing To IP: 185.45.195.223|44133"; classtype:trojan-activity; sid:37949221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 20.161.143.69 3333 (msg: "MISP e27520 [] Outgoing To IP: 20.161.143.69|3333"; classtype:trojan-activity; sid:37949231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 20.53.122.123 3333 (msg: "MISP e27520 [] Outgoing To IP: 20.53.122.123|3333"; classtype:trojan-activity; sid:37949241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 40.124.178.11 3333 (msg: "MISP e27520 [] Outgoing To IP: 40.124.178.11|3333"; classtype:trojan-activity; sid:37949251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 3.230.227.93 443 (msg: "MISP e27520 [] Outgoing To IP: 3.230.227.93|443"; classtype:trojan-activity; sid:37949261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 172.166.109.238 3333 (msg: "MISP e27520 [] Outgoing To IP: 172.166.109.238|3333"; classtype:trojan-activity; sid:37949271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 20.246.36.189 3333 (msg: "MISP e27520 [] Outgoing To IP: 20.246.36.189|3333"; classtype:trojan-activity; sid:37949281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 148.135.18.146 80 (msg: "MISP e27520 [] Outgoing To IP: 148.135.18.146|80"; classtype:trojan-activity; sid:37949291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 88.92.248.233 443 (msg: "MISP e27520 [] Outgoing To IP: 88.92.248.233|443"; classtype:trojan-activity; sid:37949301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 203.150.107.51 443 (msg: "MISP e27520 [] Outgoing To IP: 203.150.107.51|443"; classtype:trojan-activity; sid:37949311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 20.96.214.209 3333 (msg: "MISP e27520 [] Outgoing To IP: 20.96.214.209|3333"; classtype:trojan-activity; sid:37949321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 47.101.199.4 3333 (msg: "MISP e27520 [] Outgoing To IP: 47.101.199.4|3333"; classtype:trojan-activity; sid:37949331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 23.102.177.73 3333 (msg: "MISP e27520 [] Outgoing To IP: 23.102.177.73|3333"; classtype:trojan-activity; sid:37949341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 13.246.74.195 443 (msg: "MISP e27520 [] Outgoing To IP: 13.246.74.195|443"; classtype:trojan-activity; sid:37949351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 159.65.154.173 9999 (msg: "MISP e27520 [] Outgoing To IP: 159.65.154.173|9999"; classtype:trojan-activity; sid:37949361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 64.23.192.202 443 (msg: "MISP e27520 [] Outgoing To IP: 64.23.192.202|443"; classtype:trojan-activity; sid:37949371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 52.21.238.43 3333 (msg: "MISP e27520 [] Outgoing To IP: 52.21.238.43|3333"; classtype:trojan-activity; sid:37949381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 3.248.97.215 443 (msg: "MISP e27520 [] Outgoing To IP: 3.248.97.215|443"; classtype:trojan-activity; sid:37949391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 4.195.13.65 3333 (msg: "MISP e27520 [] Outgoing To IP: 4.195.13.65|3333"; classtype:trojan-activity; sid:37949401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 209.126.11.205 3333 (msg: "MISP e27520 [] Outgoing To IP: 209.126.11.205|3333"; classtype:trojan-activity; sid:37949411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 52.230.156.245 3333 (msg: "MISP e27520 [] Outgoing To IP: 52.230.156.245|3333"; classtype:trojan-activity; sid:37949421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 141.95.103.204 3333 (msg: "MISP e27520 [] Outgoing To IP: 141.95.103.204|3333"; classtype:trojan-activity; sid:37949431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 3.17.238.239 8443 (msg: "MISP e27520 [] Outgoing To IP: 3.17.238.239|8443"; classtype:trojan-activity; sid:37949441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 172.105.90.105 3333 (msg: "MISP e27520 [] Outgoing To IP: 172.105.90.105|3333"; classtype:trojan-activity; sid:37949451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 35.91.72.47 443 (msg: "MISP e27520 [] Outgoing To IP: 35.91.72.47|443"; classtype:trojan-activity; sid:37949461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 164.90.225.172 3333 (msg: "MISP e27520 [] Outgoing To IP: 164.90.225.172|3333"; classtype:trojan-activity; sid:37949471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 139.224.226.16 80 (msg: "MISP e27520 [] Outgoing To IP: 139.224.226.16|80"; classtype:trojan-activity; sid:37949481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 46.101.67.13 3333 (msg: "MISP e27520 [] Outgoing To IP: 46.101.67.13|3333"; classtype:trojan-activity; sid:37949491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 143.198.142.205 443 (msg: "MISP e27520 [] Outgoing To IP: 143.198.142.205|443"; classtype:trojan-activity; sid:37949501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 185.67.144.27 3333 (msg: "MISP e27520 [] Outgoing To IP: 185.67.144.27|3333"; classtype:trojan-activity; sid:37949511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 172.166.104.143 3333 (msg: "MISP e27520 [] Outgoing To IP: 172.166.104.143|3333"; classtype:trojan-activity; sid:37949521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 79.136.1.62 3333 (msg: "MISP e27520 [] Outgoing To IP: 79.136.1.62|3333"; classtype:trojan-activity; sid:37949531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 148.251.70.245 3333 (msg: "MISP e27520 [] Outgoing To IP: 148.251.70.245|3333"; classtype:trojan-activity; sid:37949541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 34.16.179.120 443 (msg: "MISP e27520 [] Outgoing To IP: 34.16.179.120|443"; classtype:trojan-activity; sid:37949551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 52.91.198.222 3333 (msg: "MISP e27520 [] Outgoing To IP: 52.91.198.222|3333"; classtype:trojan-activity; sid:37949561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 20.197.1.237 3333 (msg: "MISP e27520 [] Outgoing To IP: 20.197.1.237|3333"; classtype:trojan-activity; sid:37949571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 120.27.130.110 60000 (msg: "MISP e27520 [] Outgoing To IP: 120.27.130.110|60000"; classtype:trojan-activity; sid:37949581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 38.6.217.139 60000 (msg: "MISP e27520 [] Outgoing To IP: 38.6.217.139|60000"; classtype:trojan-activity; sid:37949591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 124.223.60.44 59988 (msg: "MISP e27520 [] Outgoing To IP: 124.223.60.44|59988"; classtype:trojan-activity; sid:37949601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 209.141.35.155 60000 (msg: "MISP e27520 [] Outgoing To IP: 209.141.35.155|60000"; classtype:trojan-activity; sid:37949611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 94.156.65.239 443 (msg: "MISP e27520 [] Outgoing To IP: 94.156.65.239|443"; classtype:trojan-activity; sid:37949621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 94.156.65.239 80 (msg: "MISP e27520 [] Outgoing To IP: 94.156.65.239|80"; classtype:trojan-activity; sid:37949631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 144.172.73.36 80 (msg: "MISP e27520 [] Outgoing To IP: 144.172.73.36|80"; classtype:trojan-activity; sid:37949641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 137.175.17.137 80 (msg: "MISP e27520 [] Outgoing To IP: 137.175.17.137|80"; classtype:trojan-activity; sid:37949651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 194.116.216.83 80 (msg: "MISP e27520 [] Outgoing To IP: 194.116.216.83|80"; classtype:trojan-activity; sid:37949661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 194.48.250.11 80 (msg: "MISP e27520 [] Outgoing To IP: 194.48.250.11|80"; classtype:trojan-activity; sid:37949671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 89.73.53.34 443 (msg: "MISP e27520 [] Outgoing To IP: 89.73.53.34|443"; classtype:trojan-activity; sid:37949681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 158.255.74.150 7443 (msg: "MISP e27520 [] Outgoing To IP: 158.255.74.150|7443"; classtype:trojan-activity; sid:37949691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 94.156.69.44 8080 (msg: "MISP e27520 [] Outgoing To IP: 94.156.69.44|8080"; classtype:trojan-activity; sid:37949701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 94.156.69.44 80 (msg: "MISP e27520 [] Outgoing To IP: 94.156.69.44|80"; classtype:trojan-activity; sid:37949711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 20.0.153.70 8080 (msg: "MISP e27520 [] Outgoing To IP: 20.0.153.70|8080"; classtype:trojan-activity; sid:37949721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 103.215.124.119 80 (msg: "MISP e27520 [] Outgoing To IP: 103.215.124.119|80"; classtype:trojan-activity; sid:37949731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 111.90.145.26 80 (msg: "MISP e27520 [] Outgoing To IP: 111.90.145.26|80"; classtype:trojan-activity; sid:37949741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 103.215.124.60 80 (msg: "MISP e27520 [] Outgoing To IP: 103.215.124.60|80"; classtype:trojan-activity; sid:37949751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 188.119.112.64 80 (msg: "MISP e27520 [] Outgoing To IP: 188.119.112.64|80"; classtype:trojan-activity; sid:37949761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 94.156.8.224 80 (msg: "MISP e27520 [] Outgoing To IP: 94.156.8.224|80"; classtype:trojan-activity; sid:37949771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 103.155.214.134 443 (msg: "MISP e27520 [] Outgoing To IP: 103.155.214.134|443"; classtype:trojan-activity; sid:37949781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 181.215.4.52 6000 (msg: "MISP e27520 [] Outgoing To IP: 181.215.4.52|6000"; classtype:trojan-activity; sid:37949791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 195.214.254.161 4444 (msg: "MISP e27520 [] Outgoing To IP: 195.214.254.161|4444"; classtype:trojan-activity; sid:37949801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 181.161.15.137 8080 (msg: "MISP e27520 [] Outgoing To IP: 181.161.15.137|8080"; classtype:trojan-activity; sid:37949811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 51.178.185.143 443 (msg: "MISP e27520 [] Outgoing To IP: 51.178.185.143|443"; classtype:trojan-activity; sid:37949821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 103.114.163.214 80 (msg: "MISP e27520 [] Outgoing To IP: 103.114.163.214|80"; classtype:trojan-activity; sid:37949831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 109.116.212.249 443 (msg: "MISP e27520 [] Outgoing To IP: 109.116.212.249|443"; classtype:trojan-activity; sid:37949841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 93.148.180.205 443 (msg: "MISP e27520 [] Outgoing To IP: 93.148.180.205|443"; classtype:trojan-activity; sid:37949851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 51.195.231.121 7707 (msg: "MISP e27520 [] Outgoing To IP: 51.195.231.121|7707"; classtype:trojan-activity; sid:37949861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 185.174.101.80 6606 (msg: "MISP e27520 [] Outgoing To IP: 185.174.101.80|6606"; classtype:trojan-activity; sid:37949871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 172.111.148.11 222 (msg: "MISP e27520 [] Outgoing To IP: 172.111.148.11|222"; classtype:trojan-activity; sid:37949881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 216.250.255.99 8808 (msg: "MISP e27520 [] Outgoing To IP: 216.250.255.99|8808"; classtype:trojan-activity; sid:37949891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 216.250.255.99 7707 (msg: "MISP e27520 [] Outgoing To IP: 216.250.255.99|7707"; classtype:trojan-activity; sid:37949901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 38.180.30.53 8080 (msg: "MISP e27520 [] Outgoing To IP: 38.180.30.53|8080"; classtype:trojan-activity; sid:37949911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 51.89.109.154 7707 (msg: "MISP e27520 [] Outgoing To IP: 51.89.109.154|7707"; classtype:trojan-activity; sid:37949921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 51.89.109.154 8808 (msg: "MISP e27520 [] Outgoing To IP: 51.89.109.154|8808"; classtype:trojan-activity; sid:37949931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 147.124.217.110 9999 (msg: "MISP e27520 [] Outgoing To IP: 147.124.217.110|9999"; classtype:trojan-activity; sid:37949941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 147.124.217.110 8888 (msg: "MISP e27520 [] Outgoing To IP: 147.124.217.110|8888"; classtype:trojan-activity; sid:37949951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 91.92.246.152 4747 (msg: "MISP e27520 [] Outgoing To IP: 91.92.246.152|4747"; classtype:trojan-activity; sid:37949961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 91.92.246.134 8808 (msg: "MISP e27520 [] Outgoing To IP: 91.92.246.134|8808"; classtype:trojan-activity; sid:37949971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 142.11.201.125 8712 (msg: "MISP e27520 [] Outgoing To IP: 142.11.201.125|8712"; classtype:trojan-activity; sid:37949981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 94.156.69.174 6606 (msg: "MISP e27520 [] Outgoing To IP: 94.156.69.174|6606"; classtype:trojan-activity; sid:37949991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 89.117.49.133 6006 (msg: "MISP e27520 [] Outgoing To IP: 89.117.49.133|6006"; classtype:trojan-activity; sid:37950001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 89.117.49.133 2000 (msg: "MISP e27520 [] Outgoing To IP: 89.117.49.133|2000"; classtype:trojan-activity; sid:37950011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 69.64.95.233 7707 (msg: "MISP e27520 [] Outgoing To IP: 69.64.95.233|7707"; classtype:trojan-activity; sid:37950021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 94.156.69.251 6606 (msg: "MISP e27520 [] Outgoing To IP: 94.156.69.251|6606"; classtype:trojan-activity; sid:37950031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 193.124.205.80 80 (msg: "MISP e27520 [] Outgoing To IP: 193.124.205.80|80"; classtype:trojan-activity; sid:37950041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 188.126.90.14 2000 (msg: "MISP e27520 [] Outgoing To IP: 188.126.90.14|2000"; classtype:trojan-activity; sid:37950051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 128.90.122.163 9999 (msg: "MISP e27520 [] Outgoing To IP: 128.90.122.163|9999"; classtype:trojan-activity; sid:37950061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 192.159.99.54 8888 (msg: "MISP e27520 [] Outgoing To IP: 192.159.99.54|8888"; classtype:trojan-activity; sid:37950071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 172.245.134.75 8888 (msg: "MISP e27520 [] Outgoing To IP: 172.245.134.75|8888"; classtype:trojan-activity; sid:37950081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 38.55.204.19 80 (msg: "MISP e27520 [] Outgoing To IP: 38.55.204.19|80"; classtype:trojan-activity; sid:37950091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 78.89.158.155 8888 (msg: "MISP e27520 [] Outgoing To IP: 78.89.158.155|8888"; classtype:trojan-activity; sid:37950101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 78.129.165.233 31337 (msg: "MISP e27520 [] Outgoing To IP: 78.129.165.233|31337"; classtype:trojan-activity; sid:37950111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 45.10.246.27 443 (msg: "MISP e27520 [] Outgoing To IP: 45.10.246.27|443"; classtype:trojan-activity; sid:37950121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 121.43.52.194 8443 (msg: "MISP e27520 [] Outgoing To IP: 121.43.52.194|8443"; classtype:trojan-activity; sid:37950131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 104.40.132.124 443 (msg: "MISP e27520 [] Outgoing To IP: 104.40.132.124|443"; classtype:trojan-activity; sid:37950141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 137.184.114.2 443 (msg: "MISP e27520 [] Outgoing To IP: 137.184.114.2|443"; classtype:trojan-activity; sid:37950151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 195.201.223.219 443 (msg: "MISP e27520 [] Outgoing To IP: 195.201.223.219|443"; classtype:trojan-activity; sid:37950161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 105.100.30.87 1001 (msg: "MISP e27520 [] Outgoing To IP: 105.100.30.87|1001"; classtype:trojan-activity; sid:37950171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 149.28.155.53 80 (msg: "MISP e27520 [] Outgoing To IP: 149.28.155.53|80"; classtype:trojan-activity; sid:37950181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 176.32.38.186 80 (msg: "MISP e27520 [] Outgoing To IP: 176.32.38.186|80"; classtype:trojan-activity; sid:37950191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 185.81.68.249 443 (msg: "MISP e27520 [] Outgoing To IP: 185.81.68.249|443"; classtype:trojan-activity; sid:37950201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 47.109.149.105 8085 (msg: "MISP e27520 [] Outgoing To IP: 47.109.149.105|8085"; classtype:trojan-activity; sid:37950211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 185.81.68.249 80 (msg: "MISP e27520 [] Outgoing To IP: 185.81.68.249|80"; classtype:trojan-activity; sid:37950221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 185.81.68.249 445 (msg: "MISP e27520 [] Outgoing To IP: 185.81.68.249|445"; classtype:trojan-activity; sid:37950231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 101.36.111.175 443 (msg: "MISP e27520 [] Outgoing To IP: 101.36.111.175|443"; classtype:trojan-activity; sid:37950241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 43.134.20.68 9520 (msg: "MISP e27520 [] Outgoing To IP: 43.134.20.68|9520"; classtype:trojan-activity; sid:37950251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 107.172.196.196 4433 (msg: "MISP e27520 [] Outgoing To IP: 107.172.196.196|4433"; classtype:trojan-activity; sid:37950261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 47.98.232.222 22311 (msg: "MISP e27520 [] Outgoing To IP: 47.98.232.222|22311"; classtype:trojan-activity; sid:37950271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 119.91.209.244 8088 (msg: "MISP e27520 [] Outgoing To IP: 119.91.209.244|8088"; classtype:trojan-activity; sid:37950281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 47.109.106.162 9999 (msg: "MISP e27520 [] Outgoing To IP: 47.109.106.162|9999"; classtype:trojan-activity; sid:37950291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 94.156.67.192 443 (msg: "MISP e27520 [] Outgoing To IP: 94.156.67.192|443"; classtype:trojan-activity; sid:37950301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 43.140.250.89 4444 (msg: "MISP e27520 [] Outgoing To IP: 43.140.250.89|4444"; classtype:trojan-activity; sid:37950311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 43.140.250.89 80 (msg: "MISP e27520 [] Outgoing To IP: 43.140.250.89|80"; classtype:trojan-activity; sid:37950321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 182.149.199.249 8123 (msg: "MISP e27520 [] Outgoing To IP: 182.149.199.249|8123"; classtype:trojan-activity; sid:37950331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 23.26.137.225 8080 (msg: "MISP e27520 [] Outgoing To IP: 23.26.137.225|8080"; classtype:trojan-activity; sid:37950341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 114.116.18.42 2087 (msg: "MISP e27520 [] Outgoing To IP: 114.116.18.42|2087"; classtype:trojan-activity; sid:37950351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 43.139.122.66 80 (msg: "MISP e27520 [] Outgoing To IP: 43.139.122.66|80"; classtype:trojan-activity; sid:37950361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 123.57.186.159 80 (msg: "MISP e27520 [] Outgoing To IP: 123.57.186.159|80"; classtype:trojan-activity; sid:37950371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 124.71.9.23 8500 (msg: "MISP e27520 [] Outgoing To IP: 124.71.9.23|8500"; classtype:trojan-activity; sid:37950381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 111.231.74.147 8888 (msg: "MISP e27520 [] Outgoing To IP: 111.231.74.147|8888"; classtype:trojan-activity; sid:37950391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 121.36.77.90 81 (msg: "MISP e27520 [] Outgoing To IP: 121.36.77.90|81"; classtype:trojan-activity; sid:37950401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 118.24.128.204 8086 (msg: "MISP e27520 [] Outgoing To IP: 118.24.128.204|8086"; classtype:trojan-activity; sid:37950411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 138.201.132.254 4443 (msg: "MISP e27520 [] Outgoing To IP: 138.201.132.254|4443"; classtype:trojan-activity; sid:37950421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 185.204.0.115 82 (msg: "MISP e27520 [] Outgoing To IP: 185.204.0.115|82"; classtype:trojan-activity; sid:37950431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 154.3.1.95 80 (msg: "MISP e27520 [] Outgoing To IP: 154.3.1.95|80"; classtype:trojan-activity; sid:37950441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 111.229.213.107 80 (msg: "MISP e27520 [] Outgoing To IP: 111.229.213.107|80"; classtype:trojan-activity; sid:37950451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 60.204.151.115 3214 (msg: "MISP e27520 [] Outgoing To IP: 60.204.151.115|3214"; classtype:trojan-activity; sid:37950461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 8.130.95.105 8888 (msg: "MISP e27520 [] Outgoing To IP: 8.130.95.105|8888"; classtype:trojan-activity; sid:37950471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 175.27.162.205 443 (msg: "MISP e27520 [] Outgoing To IP: 175.27.162.205|443"; classtype:trojan-activity; sid:37950481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 39.107.89.22 4443 (msg: "MISP e27520 [] Outgoing To IP: 39.107.89.22|4443"; classtype:trojan-activity; sid:37950491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 39.105.204.175 80 (msg: "MISP e27520 [] Outgoing To IP: 39.105.204.175|80"; classtype:trojan-activity; sid:37950501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 123.56.251.159 80 (msg: "MISP e27520 [] Outgoing To IP: 123.56.251.159|80"; classtype:trojan-activity; sid:37950511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 43.153.228.97 8080 (msg: "MISP e27520 [] Outgoing To IP: 43.153.228.97|8080"; classtype:trojan-activity; sid:37950521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 43.153.228.97 8880 (msg: "MISP e27520 [] Outgoing To IP: 43.153.228.97|8880"; classtype:trojan-activity; sid:37950531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 39.109.127.135 443 (msg: "MISP e27520 [] Outgoing To IP: 39.109.127.135|443"; classtype:trojan-activity; sid:37950541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 159.75.104.8 443 (msg: "MISP e27520 [] Outgoing To IP: 159.75.104.8|443"; classtype:trojan-activity; sid:37950551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 47.98.120.157 8080 (msg: "MISP e27520 [] Outgoing To IP: 47.98.120.157|8080"; classtype:trojan-activity; sid:37950561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 117.72.46.146 9999 (msg: "MISP e27520 [] Outgoing To IP: 117.72.46.146|9999"; classtype:trojan-activity; sid:37950571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 47.245.122.5 2052 (msg: "MISP e27520 [] Outgoing To IP: 47.245.122.5|2052"; classtype:trojan-activity; sid:37950581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 119.91.214.99 8880 (msg: "MISP e27520 [] Outgoing To IP: 119.91.214.99|8880"; classtype:trojan-activity; sid:37950591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 8.134.221.219 443 (msg: "MISP e27520 [] Outgoing To IP: 8.134.221.219|443"; classtype:trojan-activity; sid:37950601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 119.91.214.99 2096 (msg: "MISP e27520 [] Outgoing To IP: 119.91.214.99|2096"; classtype:trojan-activity; sid:37950611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 172.105.37.93 443 (msg: "MISP e27520 [] Outgoing To IP: 172.105.37.93|443"; classtype:trojan-activity; sid:37950621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 103.243.212.108 8080 (msg: "MISP e27520 [] Outgoing To IP: 103.243.212.108|8080"; classtype:trojan-activity; sid:37950631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 8.217.186.171 8888 (msg: "MISP e27520 [] Outgoing To IP: 8.217.186.171|8888"; classtype:trojan-activity; sid:37950641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 141.98.81.98 444 (msg: "MISP e27520 [] Outgoing To IP: 141.98.81.98|444"; classtype:trojan-activity; sid:37950651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 74.235.140.183 443 (msg: "MISP e27520 [] Outgoing To IP: 74.235.140.183|443"; classtype:trojan-activity; sid:37950661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 118.89.124.242 1234 (msg: "MISP e27520 [] Outgoing To IP: 118.89.124.242|1234"; classtype:trojan-activity; sid:37950671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 120.79.44.225 2222 (msg: "MISP e27520 [] Outgoing To IP: 120.79.44.225|2222"; classtype:trojan-activity; sid:37950681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27311 [dcrat] Outgoing URL http|3a|//a0922009.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0922009.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37910511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27520 [] Outgoing URL http|3a|//a0922009.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"a0922009.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37950691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert http $HOME_NET any -> 47.94.138.63 10001 (msg: "MISP e27311 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//47.94.138.63|3a|10001/calculate/in/s94apdy8m"; flow:to_server,established; http.header; content:"47.94.138.63"; fast_pattern; nocase; http.uri; content:"/calculate/in/s94apdy8m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37910521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27311;) alert http $HOME_NET any -> 47.94.138.63 10001 (msg: "MISP e27520 [] Outgoing URL http|3a|//47.94.138.63|3a|10001/Calculate/in/S94APDY8M"; flow:to_server,established; http.header; content:"47.94.138.63"; fast_pattern; nocase; http.uri; content:"/Calculate/in/S94APDY8M"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37950701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27520;) alert ip $HOME_NET any -> 45.137.22.243 55615 (msg: "MISP e27313 [RedLineStealer] Outgoing To IP: 45.137.22.243|55615"; classtype:trojan-activity; sid:37910731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 45.137.22.243 55615 (msg: "MISP e27513 [RedLineStealer] Outgoing To IP: 45.137.22.243|55615"; classtype:trojan-activity; sid:37943511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 94.131.106.24 80 (msg: "MISP e27313 [c2,recordbreaker] Outgoing To IP: 94.131.106.24|80"; classtype:trojan-activity; sid:37910741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 185.142.238.152 80 (msg: "MISP e27313 [c2,recordbreaker] Outgoing To IP: 185.142.238.152|80"; classtype:trojan-activity; sid:37910751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 82.146.45.177 80 (msg: "MISP e27313 [c2,SolarMarker] Outgoing To IP: 82.146.45.177|80"; classtype:trojan-activity; sid:37910761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 193.233.132.67 666 (msg: "MISP e27313 [c2,Risepro] Outgoing To IP: 193.233.132.67|666"; classtype:trojan-activity; sid:37910771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 134.209.106.235 80 (msg: "MISP e27313 [c2,cobalt_strike] Outgoing To IP: 134.209.106.235|80"; classtype:trojan-activity; sid:37910781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 81.161.238.67 8443 (msg: "MISP e27313 [c2,cobalt_strike] Outgoing To IP: 81.161.238.67|8443"; classtype:trojan-activity; sid:37910791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 138.2.37.89 36541 (msg: "MISP e27313 [c2,cobalt_strike] Outgoing To IP: 138.2.37.89|36541"; classtype:trojan-activity; sid:37910801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 43.245.199.191 10 (msg: "MISP e27313 [c2,cobalt_strike] Outgoing To IP: 43.245.199.191|10"; classtype:trojan-activity; sid:37910811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 45.77.72.150 13917 (msg: "MISP e27313 [c2,cobalt_strike] Outgoing To IP: 45.77.72.150|13917"; classtype:trojan-activity; sid:37910821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 45.77.72.150 13917 (msg: "MISP e27513 [] Outgoing To IP: 45.77.72.150|13917"; classtype:trojan-activity; sid:37943521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 43.245.199.191 10 (msg: "MISP e27513 [] Outgoing To IP: 43.245.199.191|10"; classtype:trojan-activity; sid:37943531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 138.2.37.89 36541 (msg: "MISP e27513 [] Outgoing To IP: 138.2.37.89|36541"; classtype:trojan-activity; sid:37943541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 81.161.238.67 8443 (msg: "MISP e27513 [] Outgoing To IP: 81.161.238.67|8443"; classtype:trojan-activity; sid:37943551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 134.209.106.235 80 (msg: "MISP e27513 [] Outgoing To IP: 134.209.106.235|80"; classtype:trojan-activity; sid:37943561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 193.233.132.67 666 (msg: "MISP e27513 [] Outgoing To IP: 193.233.132.67|666"; classtype:trojan-activity; sid:37943571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 82.146.45.177 80 (msg: "MISP e27513 [] Outgoing To IP: 82.146.45.177|80"; classtype:trojan-activity; sid:37943581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 185.142.238.152 80 (msg: "MISP e27513 [] Outgoing To IP: 185.142.238.152|80"; classtype:trojan-activity; sid:37943591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 94.131.106.24 80 (msg: "MISP e27513 [] Outgoing To IP: 94.131.106.24|80"; classtype:trojan-activity; sid:37943601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27312 [] Domain wwwhomstadosms.info"; dns.query; content:"wwwhomstadosms.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwhomstadosms\.info$/i"; classtype:trojan-activity; sid:37910561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27312;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27312 [] Outgoing HTTP Domain wwwhomstadosms.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwhomstadosms.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwhomstadosms\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37910562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27312;) alert ip $HOME_NET any -> 45.144.166.168 1234 (msg: "MISP e27313 [njrat] Outgoing To IP: 45.144.166.168|1234"; classtype:trojan-activity; sid:37910831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 45.144.166.168 1234 (msg: "MISP e27513 [] Outgoing To IP: 45.144.166.168|1234"; classtype:trojan-activity; sid:37943611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 18.192.31.165 19080 (msg: "MISP e27313 [njrat] Outgoing To IP: 18.192.31.165|19080"; classtype:trojan-activity; sid:37910891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 18.158.249.75 19080 (msg: "MISP e27313 [njrat] Outgoing To IP: 18.158.249.75|19080"; classtype:trojan-activity; sid:37910901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 3.125.102.39 19080 (msg: "MISP e27313 [njrat] Outgoing To IP: 3.125.102.39|19080"; classtype:trojan-activity; sid:37910911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 3.124.142.205 19080 (msg: "MISP e27313 [njrat] Outgoing To IP: 3.124.142.205|19080"; classtype:trojan-activity; sid:37910921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 3.124.142.205 19080 (msg: "MISP e27513 [] Outgoing To IP: 3.124.142.205|19080"; classtype:trojan-activity; sid:37943621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 18.158.249.75 19080 (msg: "MISP e27513 [] Outgoing To IP: 18.158.249.75|19080"; classtype:trojan-activity; sid:37943631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 3.125.102.39 19080 (msg: "MISP e27513 [] Outgoing To IP: 3.125.102.39|19080"; classtype:trojan-activity; sid:37943641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 18.192.31.165 19080 (msg: "MISP e27513 [] Outgoing To IP: 18.192.31.165|19080"; classtype:trojan-activity; sid:37943651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27399 [] Domain lt-skolu.com"; dns.query; content:"lt-skolu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lt\-skolu\.com$/i"; classtype:trojan-activity; sid:37931351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27399;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27399 [] Outgoing HTTP Domain lt-skolu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lt-skolu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lt\-skolu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27399;) alert dns any any -> any any (msg: "MISP e27400 [] Domain lt-skolu.com"; dns.query; content:"lt-skolu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lt\-skolu\.com$/i"; classtype:trojan-activity; sid:37931381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27400;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27400 [] Outgoing HTTP Domain lt-skolu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lt-skolu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lt\-skolu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27400;) alert dns any any -> any any (msg: "MISP e27401 [] Domain lt-skolu.com"; dns.query; content:"lt-skolu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lt\-skolu\.com$/i"; classtype:trojan-activity; sid:37931411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27401;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27401 [] Outgoing HTTP Domain lt-skolu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lt-skolu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lt\-skolu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27401;) alert dns any any -> any any (msg: "MISP e27313 [CobaltStrike,cs-watermark-333564175,MICROSOFT-CORP-MSN-AS-BLOCK] Domain www.shelter-paws.com"; dns.query; content:"www.shelter-paws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.shelter\-paws\.com$/i"; classtype:trojan-activity; sid:37910971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [CobaltStrike,cs-watermark-333564175,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain www.shelter-paws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.shelter-paws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.shelter\-paws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37910972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 159.203.25.245 443 (msg: "MISP e27313 [CobaltStrike,cs-watermark-951028525,DIGITALOCEAN-ASN] Outgoing To IP: 159.203.25.245|443"; classtype:trojan-activity; sid:37910991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 64.74.160.238 1433 (msg: "MISP e27313 [Bianlian Go Trojan,DEDICATED] Outgoing To IP: 64.74.160.238|1433"; classtype:trojan-activity; sid:37911001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 124.168.78.165 443 (msg: "MISP e27313 [QakBot,TPG-INTERNET-AP TPG Telecom Limited] Outgoing To IP: 124.168.78.165|443"; classtype:trojan-activity; sid:37911011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 47.96.143.115 8888 (msg: "MISP e27313 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Supershell] Outgoing To IP: 47.96.143.115|8888"; classtype:trojan-activity; sid:37911021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 186.195.175.239 80 (msg: "MISP e27313 [Hookbot Pegasus,PAPA TECNOLOGIA LTDA] Outgoing To IP: 186.195.175.239|80"; classtype:trojan-activity; sid:37911031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27513 [] Domain www.shelter-paws.com"; dns.query; content:"www.shelter-paws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.shelter\-paws\.com$/i"; classtype:trojan-activity; sid:37943671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain www.shelter-paws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.shelter-paws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.shelter\-paws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 47.96.143.115 8888 (msg: "MISP e27513 [] Outgoing To IP: 47.96.143.115|8888"; classtype:trojan-activity; sid:37943691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 124.168.78.165 443 (msg: "MISP e27513 [] Outgoing To IP: 124.168.78.165|443"; classtype:trojan-activity; sid:37943701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 64.74.160.238 1433 (msg: "MISP e27513 [] Outgoing To IP: 64.74.160.238|1433"; classtype:trojan-activity; sid:37943711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 159.203.25.245 443 (msg: "MISP e27513 [] Outgoing To IP: 159.203.25.245|443"; classtype:trojan-activity; sid:37943721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 186.195.175.239 80 (msg: "MISP e27513 [] Outgoing To IP: 186.195.175.239|80"; classtype:trojan-activity; sid:37943731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 101.34.83.35 443 (msg: "MISP e27313 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 101.34.83.35|443"; classtype:trojan-activity; sid:37911071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> 107.174.241.206 9999 (msg: "MISP e27313 [CobaltStrike,cs-watermark-987654321,HostPapa] Outgoing URL http|3a|//107.174.241.206|3a|9999/__utm.gif"; flow:to_server,established; http.header; content:"107.174.241.206"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 38.181.70.150 443 (msg: "MISP e27313 [CobaltStrike,cs-watermark-987654321,Eons Data Communications Limited] Outgoing To IP: 38.181.70.150|443"; classtype:trojan-activity; sid:37911111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> 47.96.174.24 8060 (msg: "MISP e27313 [CobaltStrike,cs-watermark-100000,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.96.174.24|3a|8060/image/"; flow:to_server,established; http.header; content:"47.96.174.24"; fast_pattern; nocase; http.uri; content:"/image/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> 185.11.61.168 $HTTP_PORTS (msg: "MISP e27313 [Chang Way Technologies Co. Limited,CobaltStrike,cs-watermark-1580103824] Outgoing URL http|3a|//185.11.61.168/j.ad"; flow:to_server,established; http.header; content:"185.11.61.168"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> 47.92.146.233 8888 (msg: "MISP e27313 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.92.146.233|3a|8888/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"47.92.146.233"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27313 [CobaltStrike,cs-watermark-1551089073,DigitalOcean LLC] Domain aerh.azureedge.net"; dns.query; content:"aerh.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])aerh\.azureedge\.net$/i"; classtype:trojan-activity; sid:37911171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [CobaltStrike,cs-watermark-1551089073,DigitalOcean LLC] Outgoing HTTP Domain aerh.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aerh.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aerh\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 159.89.187.246 443 (msg: "MISP e27313 [CobaltStrike,cs-watermark-1551089073,DigitalOcean LLC] Outgoing To IP: 159.89.187.246|443"; classtype:trojan-activity; sid:37911181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> 18.116.36.101 $HTTP_PORTS (msg: "MISP e27313 [Amazon.com Inc.,CobaltStrike,cs-watermark-988006783] Outgoing URL http|3a|//18.116.36.101/g.pixel"; flow:to_server,established; http.header; content:"18.116.36.101"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 18.116.36.101 80 (msg: "MISP e27313 [Amazon.com Inc.,CobaltStrike,cs-watermark-988006783] Outgoing To IP: 18.116.36.101|80"; classtype:trojan-activity; sid:37911211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> 107.174.241.206 7989 (msg: "MISP e27313 [CobaltStrike,cs-watermark-987654321,HostPapa] Outgoing URL http|3a|//107.174.241.206|3a|7989/push"; flow:to_server,established; http.header; content:"107.174.241.206"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> 107.174.241.206 7989 (msg: "MISP e27513 [] Outgoing URL http|3a|//107.174.241.206|3a|7989/push"; flow:to_server,established; http.header; content:"107.174.241.206"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> 18.116.36.101 $HTTP_PORTS (msg: "MISP e27513 [] Outgoing URL http|3a|//18.116.36.101/g.pixel"; flow:to_server,established; http.header; content:"18.116.36.101"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27513 [] Domain aerh.azureedge.net"; dns.query; content:"aerh.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])aerh\.azureedge\.net$/i"; classtype:trojan-activity; sid:37943771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain aerh.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aerh.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aerh\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> 47.92.146.233 8888 (msg: "MISP e27513 [] Outgoing URL http|3a|//47.92.146.233|3a|8888/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"47.92.146.233"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> 185.11.61.168 $HTTP_PORTS (msg: "MISP e27513 [] Outgoing URL http|3a|//185.11.61.168/j.ad"; flow:to_server,established; http.header; content:"185.11.61.168"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> 47.96.174.24 8060 (msg: "MISP e27513 [] Outgoing URL http|3a|//47.96.174.24|3a|8060/image/"; flow:to_server,established; http.header; content:"47.96.174.24"; fast_pattern; nocase; http.uri; content:"/image/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> 107.174.241.206 9999 (msg: "MISP e27513 [] Outgoing URL http|3a|//107.174.241.206|3a|9999/__utm.gif"; flow:to_server,established; http.header; content:"107.174.241.206"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 18.116.36.101 80 (msg: "MISP e27513 [] Outgoing To IP: 18.116.36.101|80"; classtype:trojan-activity; sid:37943871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 159.89.187.246 443 (msg: "MISP e27513 [] Outgoing To IP: 159.89.187.246|443"; classtype:trojan-activity; sid:37943881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 38.181.70.150 443 (msg: "MISP e27513 [] Outgoing To IP: 38.181.70.150|443"; classtype:trojan-activity; sid:37943891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 101.34.83.35 443 (msg: "MISP e27513 [] Outgoing To IP: 101.34.83.35|443"; classtype:trojan-activity; sid:37943901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> 47.93.216.2 8055 (msg: "MISP e27313 [CobaltStrike,cs-watermark-1234567890,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.93.216.2|3a|8055/visit.js"; flow:to_server,established; http.header; content:"47.93.216.2"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> 101.43.191.108 9998 (msg: "MISP e27313 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//101.43.191.108|3a|9998/load"; flow:to_server,established; http.header; content:"101.43.191.108"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> 43.143.143.195 6666 (msg: "MISP e27313 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//43.143.143.195|3a|6666/load"; flow:to_server,established; http.header; content:"43.143.143.195"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> 124.71.130.71 $HTTP_PORTS (msg: "MISP e27313 [CobaltStrike,cs-watermark-305419896,Huawei Cloud Service data center] Outgoing URL http|3a|//124.71.130.71/push"; flow:to_server,established; http.header; content:"124.71.130.71"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> 101.43.191.108 9998 (msg: "MISP e27513 [] Outgoing URL http|3a|//101.43.191.108|3a|9998/load"; flow:to_server,established; http.header; content:"101.43.191.108"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> 47.93.216.2 8055 (msg: "MISP e27513 [] Outgoing URL http|3a|//47.93.216.2|3a|8055/visit.js"; flow:to_server,established; http.header; content:"47.93.216.2"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> 124.71.130.71 $HTTP_PORTS (msg: "MISP e27513 [] Outgoing URL http|3a|//124.71.130.71/push"; flow:to_server,established; http.header; content:"124.71.130.71"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> 43.143.143.195 6666 (msg: "MISP e27513 [] Outgoing URL http|3a|//43.143.143.195|3a|6666/load"; flow:to_server,established; http.header; content:"43.143.143.195"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27313 [dcrat] Outgoing URL http|3a|//007017cm.nyashsens.top/tempdownloads.php"; flow:to_server,established; http.header; content:"007017cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/tempdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27513 [] Outgoing URL http|3a|//007017cm.nyashsens.top/Tempdownloads.php"; flow:to_server,established; http.header; content:"007017cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/Tempdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 210.117.212.93 4242 (msg: "MISP e27313 [] Outgoing To IP: 210.117.212.93|4242"; classtype:trojan-activity; sid:37911051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 94.156.8.116 80 (msg: "MISP e27313 [c2,moobot] Outgoing To IP: 94.156.8.116|80"; classtype:trojan-activity; sid:37910941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 94.156.8.80 80 (msg: "MISP e27313 [c2,moobot] Outgoing To IP: 94.156.8.80|80"; classtype:trojan-activity; sid:37910951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 136.243.156.120 53252 (msg: "MISP e27313 [] Outgoing To IP: 136.243.156.120|53252"; classtype:trojan-activity; sid:37911041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 91.92.242.8 6996 (msg: "MISP e27313 [c2,moobot] Outgoing To IP: 91.92.242.8|6996"; classtype:trojan-activity; sid:37910881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 91.92.253.177 5555 (msg: "MISP e27313 [c2,elf,Mirai] Outgoing To IP: 91.92.253.177|5555"; classtype:trojan-activity; sid:37910871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 91.92.254.23 5656 (msg: "MISP e27313 [c2,elf,Mirai] Outgoing To IP: 91.92.254.23|5656"; classtype:trojan-activity; sid:37910861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 3.125.223.134 19080 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 3.125.223.134|19080"; classtype:trojan-activity; sid:37910931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 198.46.203.232 8723 (msg: "MISP e27313 [c2,elf,Mirai] Outgoing To IP: 198.46.203.232|8723"; classtype:trojan-activity; sid:37910851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 91.92.252.32 2112 (msg: "MISP e27313 [c2,Mirai] Outgoing To IP: 91.92.252.32|2112"; classtype:trojan-activity; sid:37910641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 198.27.120.241 1337 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 198.27.120.241|1337"; classtype:trojan-activity; sid:37910631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 144.172.73.36 43957 (msg: "MISP e27313 [c2,elf,moobot] Outgoing To IP: 144.172.73.36|43957"; classtype:trojan-activity; sid:37910651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 18.198.77.177 17526 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 18.198.77.177|17526"; classtype:trojan-activity; sid:37910661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 18.197.239.109 12765 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 18.197.239.109|12765"; classtype:trojan-activity; sid:37910671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 3.69.157.220 12765 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 3.69.157.220|12765"; classtype:trojan-activity; sid:37910681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 3.66.38.117 12765 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 3.66.38.117|12765"; classtype:trojan-activity; sid:37910691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 3.68.171.119 12765 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 3.68.171.119|12765"; classtype:trojan-activity; sid:37910701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 89.117.23.25 35888 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 89.117.23.25|35888"; classtype:trojan-activity; sid:37910721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 198.46.176.140 666 (msg: "MISP e27313 [c2,elf,Mirai] Outgoing To IP: 198.46.176.140|666"; classtype:trojan-activity; sid:37910841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27313 [6.2.11,admin888,DarkGate] Domain porsherses.com"; dns.query; content:"porsherses.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])porsherses\.com$/i"; classtype:trojan-activity; sid:37911351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [6.2.11,admin888,DarkGate] Outgoing HTTP Domain porsherses.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"porsherses.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])porsherses\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27313 [6.2.11,admin888,DarkGate] Domain remasterprodelherskjs.com"; dns.query; content:"remasterprodelherskjs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])remasterprodelherskjs\.com$/i"; classtype:trojan-activity; sid:37911331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [6.2.11,admin888,DarkGate] Outgoing HTTP Domain remasterprodelherskjs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"remasterprodelherskjs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])remasterprodelherskjs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27313 [6.2.11,admin888,DarkGate] Domain cayennesxque.boo"; dns.query; content:"cayennesxque.boo"; nocase; pcre: "/(^|[^A-Za-z0-9-])cayennesxque\.boo$/i"; classtype:trojan-activity; sid:37911341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [6.2.11,admin888,DarkGate] Outgoing HTTP Domain cayennesxque.boo"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cayennesxque.boo"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cayennesxque\.boo[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg: "MISP e27313 [6.2.11,admin888,DarkGate] Outgoing URL http|3a|//remasterprodelherskjs.com|3a|80"; flow:to_server,established; http.header; content:"remasterprodelherskjs.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg: "MISP e27313 [6.2.11,admin888,DarkGate] Outgoing URL http|3a|//cayennesxque.boo|3a|80"; flow:to_server,established; http.header; content:"cayennesxque.boo"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg: "MISP e27313 [6.2.11,admin888,DarkGate] Outgoing URL http|3a|//porsherses.com|3a|80"; flow:to_server,established; http.header; content:"porsherses.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg: "MISP e27513 [] Outgoing URL http|3a|//remasterprodelherskjs.com|3a|80"; flow:to_server,established; http.header; content:"remasterprodelherskjs.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg: "MISP e27513 [] Outgoing URL http|3a|//cayennesxque.boo|3a|80"; flow:to_server,established; http.header; content:"cayennesxque.boo"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37943991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg: "MISP e27513 [] Outgoing URL http|3a|//porsherses.com|3a|80"; flow:to_server,established; http.header; content:"porsherses.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27513 [] Domain remasterprodelherskjs.com"; dns.query; content:"remasterprodelherskjs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])remasterprodelherskjs\.com$/i"; classtype:trojan-activity; sid:37944011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain remasterprodelherskjs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"remasterprodelherskjs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])remasterprodelherskjs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27513 [] Domain cayennesxque.boo"; dns.query; content:"cayennesxque.boo"; nocase; pcre: "/(^|[^A-Za-z0-9-])cayennesxque\.boo$/i"; classtype:trojan-activity; sid:37944021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain cayennesxque.boo"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cayennesxque.boo"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cayennesxque\.boo[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27513 [] Domain porsherses.com"; dns.query; content:"porsherses.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])porsherses\.com$/i"; classtype:trojan-activity; sid:37944031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain porsherses.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"porsherses.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])porsherses\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 89.117.23.25 35888 (msg: "MISP e27513 [] Outgoing To IP: 89.117.23.25|35888"; classtype:trojan-activity; sid:37944051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 198.46.176.140 666 (msg: "MISP e27513 [] Outgoing To IP: 198.46.176.140|666"; classtype:trojan-activity; sid:37944061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 3.68.171.119 12765 (msg: "MISP e27513 [] Outgoing To IP: 3.68.171.119|12765"; classtype:trojan-activity; sid:37944071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 3.66.38.117 12765 (msg: "MISP e27513 [] Outgoing To IP: 3.66.38.117|12765"; classtype:trojan-activity; sid:37944081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 18.197.239.109 12765 (msg: "MISP e27513 [] Outgoing To IP: 18.197.239.109|12765"; classtype:trojan-activity; sid:37944091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 3.69.157.220 12765 (msg: "MISP e27513 [] Outgoing To IP: 3.69.157.220|12765"; classtype:trojan-activity; sid:37944101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 18.198.77.177 17526 (msg: "MISP e27513 [] Outgoing To IP: 18.198.77.177|17526"; classtype:trojan-activity; sid:37944111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 198.27.120.241 1337 (msg: "MISP e27513 [] Outgoing To IP: 198.27.120.241|1337"; classtype:trojan-activity; sid:37944121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 144.172.73.36 43957 (msg: "MISP e27513 [] Outgoing To IP: 144.172.73.36|43957"; classtype:trojan-activity; sid:37944131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 91.92.252.32 2112 (msg: "MISP e27513 [] Outgoing To IP: 91.92.252.32|2112"; classtype:trojan-activity; sid:37944141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 198.46.203.232 8723 (msg: "MISP e27513 [] Outgoing To IP: 198.46.203.232|8723"; classtype:trojan-activity; sid:37944151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 91.92.254.23 5656 (msg: "MISP e27513 [] Outgoing To IP: 91.92.254.23|5656"; classtype:trojan-activity; sid:37944161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 3.125.223.134 19080 (msg: "MISP e27513 [] Outgoing To IP: 3.125.223.134|19080"; classtype:trojan-activity; sid:37944171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 91.92.253.177 5555 (msg: "MISP e27513 [] Outgoing To IP: 91.92.253.177|5555"; classtype:trojan-activity; sid:37944181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 91.92.242.8 6996 (msg: "MISP e27513 [] Outgoing To IP: 91.92.242.8|6996"; classtype:trojan-activity; sid:37944191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 94.156.8.116 80 (msg: "MISP e27513 [] Outgoing To IP: 94.156.8.116|80"; classtype:trojan-activity; sid:37944201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 94.156.8.80 80 (msg: "MISP e27513 [] Outgoing To IP: 94.156.8.80|80"; classtype:trojan-activity; sid:37944211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 136.243.156.120 53252 (msg: "MISP e27513 [] Outgoing To IP: 136.243.156.120|53252"; classtype:trojan-activity; sid:37944221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 210.117.212.93 4242 (msg: "MISP e27513 [] Outgoing To IP: 210.117.212.93|4242"; classtype:trojan-activity; sid:37944231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 209.25.141.2 43778 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 209.25.141.2|43778"; classtype:trojan-activity; sid:37911391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 209.25.141.2 41730 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 209.25.141.2|41730"; classtype:trojan-activity; sid:37911401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 209.25.141.2 41735 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 209.25.141.2|41735"; classtype:trojan-activity; sid:37911411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 3.125.102.39 10202 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 3.125.102.39|10202"; classtype:trojan-activity; sid:37911361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 147.185.221.18 49833 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 147.185.221.18|49833"; classtype:trojan-activity; sid:37911371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 209.25.141.2 42754 (msg: "MISP e27313 [njrat,RAT] Outgoing To IP: 209.25.141.2|42754"; classtype:trojan-activity; sid:37911381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 3.125.102.39 10202 (msg: "MISP e27513 [] Outgoing To IP: 3.125.102.39|10202"; classtype:trojan-activity; sid:37944241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 147.185.221.18 49833 (msg: "MISP e27513 [] Outgoing To IP: 147.185.221.18|49833"; classtype:trojan-activity; sid:37944251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 209.25.141.2 42754 (msg: "MISP e27513 [] Outgoing To IP: 209.25.141.2|42754"; classtype:trojan-activity; sid:37944261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 209.25.141.2 43778 (msg: "MISP e27513 [] Outgoing To IP: 209.25.141.2|43778"; classtype:trojan-activity; sid:37944271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 209.25.141.2 41730 (msg: "MISP e27513 [] Outgoing To IP: 209.25.141.2|41730"; classtype:trojan-activity; sid:37944281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 209.25.141.2 41735 (msg: "MISP e27513 [] Outgoing To IP: 209.25.141.2|41735"; classtype:trojan-activity; sid:37944291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenmexico.com"; dns.query; content:"bodenmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenmexico\.com$/i"; classtype:trojan-activity; sid:38140011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain docmartenfactoryoutlet.com"; dns.query; content:"docmartenfactoryoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])docmartenfactoryoutlet\.com$/i"; classtype:trojan-activity; sid:38140021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain docmartenfactoryoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"docmartenfactoryoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])docmartenfactoryoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain drdocmartensireland.com"; dns.query; content:"drdocmartensireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drdocmartensireland\.com$/i"; classtype:trojan-activity; sid:38140031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain drdocmartensireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drdocmartensireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drdocmartensireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomchile.com"; dns.query; content:"fruitoftheloomchile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomchile\.com$/i"; classtype:trojan-activity; sid:38140041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomchile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomchile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomchile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomcolombia.com"; dns.query; content:"fruitoftheloomcolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomcolombia\.com$/i"; classtype:trojan-activity; sid:38140051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomcolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomcolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomcolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gym-sharkdeutschland.com"; dns.query; content:"gym-sharkdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gym\-sharkdeutschland\.com$/i"; classtype:trojan-activity; sid:38140061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gym-sharkdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gym-sharkdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gym\-sharkdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lojastedbakerportugal.com"; dns.query; content:"lojastedbakerportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lojastedbakerportugal\.com$/i"; classtype:trojan-activity; sid:38140071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lojastedbakerportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lojastedbakerportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lojastedbakerportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsaustraliasale.com"; dns.query; content:"marcjacobsaustraliasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsaustraliasale\.com$/i"; classtype:trojan-activity; sid:38140081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsaustraliasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsaustraliasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsaustraliasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsbagportugal.com"; dns.query; content:"marcjacobsbagportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsbagportugal\.com$/i"; classtype:trojan-activity; sid:38140091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsbagportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsbagportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsbagportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsukbag.com"; dns.query; content:"marcjacobsukbag.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsukbag\.com$/i"; classtype:trojan-activity; sid:38140101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsukbag.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsukbag.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsukbag\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onrunningswien.com"; dns.query; content:"onrunningswien.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onrunningswien\.com$/i"; classtype:trojan-activity; sid:38140111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onrunningswien.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onrunningswien.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onrunningswien\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain paulsmithsuomi.com"; dns.query; content:"paulsmithsuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithsuomi\.com$/i"; classtype:trojan-activity; sid:38140121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain paulsmithsuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"paulsmithsuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])paulsmithsuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerbagssouthafrica.com"; dns.query; content:"tedbakerbagssouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerbagssouthafrica\.com$/i"; classtype:trojan-activity; sid:38140131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerbagssouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerbagssouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerbagssouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-dublin.com"; dns.query; content:"tedbaker-dublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-dublin\.com$/i"; classtype:trojan-activity; sid:38140141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-dublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-dublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-dublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerfactoryoutletuk.com"; dns.query; content:"tedbakerfactoryoutletuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerfactoryoutletuk\.com$/i"; classtype:trojan-activity; sid:38140151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerfactoryoutletuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerfactoryoutletuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerfactoryoutletuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-finland.com"; dns.query; content:"tedbaker-finland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-finland\.com$/i"; classtype:trojan-activity; sid:38140161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-finland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-finland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-finland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeritaliashop.com"; dns.query; content:"tedbakeritaliashop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeritaliashop\.com$/i"; classtype:trojan-activity; sid:38140171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeritaliashop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeritaliashop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeritaliashop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakermilano.com"; dns.query; content:"tedbakermilano.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakermilano\.com$/i"; classtype:trojan-activity; sid:38140181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakermilano.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakermilano.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakermilano\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbaker-nl.com"; dns.query; content:"tedbaker-nl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-nl\.com$/i"; classtype:trojan-activity; sid:38140191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbaker-nl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbaker-nl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbaker\-nl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeroutletde.com"; dns.query; content:"tedbakeroutletde.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletde\.com$/i"; classtype:trojan-activity; sid:38140201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeroutletde.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeroutletde.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletde\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeroutletsmexico.com"; dns.query; content:"tedbakeroutletsmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletsmexico\.com$/i"; classtype:trojan-activity; sid:38140211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeroutletsmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeroutletsmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletsmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerpt.com"; dns.query; content:"tedbakerpt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerpt\.com$/i"; classtype:trojan-activity; sid:38140221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerpt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerpt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerpt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakersverigeoutlet.com"; dns.query; content:"tedbakersverigeoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersverigeoutlet\.com$/i"; classtype:trojan-activity; sid:38140231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakersverigeoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakersverigeoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersverigeoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeruaeoutlet.com"; dns.query; content:"tedbakeruaeoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeruaeoutlet\.com$/i"; classtype:trojan-activity; sid:38140241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeruaeoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeruaeoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeruaeoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeruaewebsite.com"; dns.query; content:"tedbakeruaewebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeruaewebsite\.com$/i"; classtype:trojan-activity; sid:38140251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeruaewebsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeruaewebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeruaewebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerukwebsite.com"; dns.query; content:"tedbakerukwebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerukwebsite\.com$/i"; classtype:trojan-activity; sid:38140261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerukwebsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerukwebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerukwebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerusoutlet.com"; dns.query; content:"tedbakerusoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerusoutlet\.com$/i"; classtype:trojan-activity; sid:38140271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerusoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerusoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerusoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendatedbakermexico.com"; dns.query; content:"tiendatedbakermexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendatedbakermexico\.com$/i"; classtype:trojan-activity; sid:38140281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendatedbakermexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendatedbakermexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendatedbakermexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27313 [Mirai] Domain botce.heihuo8.top"; dns.query; content:"botce.heihuo8.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])botce\.heihuo8\.top$/i"; classtype:trojan-activity; sid:37911421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [Mirai] Outgoing HTTP Domain botce.heihuo8.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botce.heihuo8.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botce\.heihuo8\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27313 [Mirai] Domain heihuo8.top"; dns.query; content:"heihuo8.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])heihuo8\.top$/i"; classtype:trojan-activity; sid:37911431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [Mirai] Outgoing HTTP Domain heihuo8.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"heihuo8.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])heihuo8\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27313 [Mirai,moobot] Domain what.ravec2.xyz"; dns.query; content:"what.ravec2.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])what\.ravec2\.xyz$/i"; classtype:trojan-activity; sid:37911441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [Mirai,moobot] Outgoing HTTP Domain what.ravec2.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"what.ravec2.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])what\.ravec2\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27313 [Mirai,moobot] Domain ravec2.xyz"; dns.query; content:"ravec2.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])ravec2\.xyz$/i"; classtype:trojan-activity; sid:37911451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [Mirai,moobot] Outgoing HTTP Domain ravec2.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ravec2.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ravec2\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27409 [] Domain vid-gov-lv.com"; dns.query; content:"vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37931651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27409;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27409 [] Outgoing HTTP Domain vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27409;) alert dns any any -> any any (msg: "MISP e27408 [] Domain vid-gov-lv.com"; dns.query; content:"vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37931621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27408;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27408 [] Outgoing HTTP Domain vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27408;) alert dns any any -> any any (msg: "MISP e27407 [] Domain vid-gov-lv.com"; dns.query; content:"vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37931591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27407;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27407 [] Outgoing HTTP Domain vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27407;) alert dns any any -> any any (msg: "MISP e27406 [] Domain vid-gov-lv.com"; dns.query; content:"vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37931561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27406;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27406 [] Outgoing HTTP Domain vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27406;) alert dns any any -> any any (msg: "MISP e27404 [] Domain vid-gov-lv.com"; dns.query; content:"vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37931501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27404;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27404 [] Outgoing HTTP Domain vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27404;) alert dns any any -> any any (msg: "MISP e27313 [Mirai,moobot] Domain who.juniorfoxy.ooo"; dns.query; content:"who.juniorfoxy.ooo"; nocase; pcre: "/(^|[^A-Za-z0-9-])who\.juniorfoxy\.ooo$/i"; classtype:trojan-activity; sid:37911461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [Mirai,moobot] Outgoing HTTP Domain who.juniorfoxy.ooo"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"who.juniorfoxy.ooo"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])who\.juniorfoxy\.ooo[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27313 [Mirai,moobot] Domain juniorfoxy.ooo"; dns.query; content:"juniorfoxy.ooo"; nocase; pcre: "/(^|[^A-Za-z0-9-])juniorfoxy\.ooo$/i"; classtype:trojan-activity; sid:37911471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [Mirai,moobot] Outgoing HTTP Domain juniorfoxy.ooo"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juniorfoxy.ooo"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juniorfoxy\.ooo[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27403 [] Domain vid-gov-lv.com"; dns.query; content:"vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37931471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27403;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27403 [] Outgoing HTTP Domain vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27403;) alert dns any any -> any any (msg: "MISP e27405 [] Domain vid-gov-lv.com"; dns.query; content:"vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37931531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27405;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27405 [] Outgoing HTTP Domain vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27405;) alert dns any any -> any any (msg: "MISP e27402 [] Domain vid-gov-lv.com"; dns.query; content:"vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37931441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27402 [] Outgoing HTTP Domain vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27402;) alert dns any any -> any any (msg: "MISP e27418 [] Domain vid-gov-lv.com"; dns.query; content:"vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37931921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27418;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27418 [] Outgoing HTTP Domain vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27418;) alert dns any any -> any any (msg: "MISP e27513 [] Domain ravec2.xyz"; dns.query; content:"ravec2.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])ravec2\.xyz$/i"; classtype:trojan-activity; sid:37944301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain ravec2.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ravec2.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ravec2\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27513 [] Domain what.ravec2.xyz"; dns.query; content:"what.ravec2.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])what\.ravec2\.xyz$/i"; classtype:trojan-activity; sid:37944311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain what.ravec2.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"what.ravec2.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])what\.ravec2\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27513 [] Domain heihuo8.top"; dns.query; content:"heihuo8.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])heihuo8\.top$/i"; classtype:trojan-activity; sid:37944321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain heihuo8.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"heihuo8.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])heihuo8\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27513 [] Domain botce.heihuo8.top"; dns.query; content:"botce.heihuo8.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])botce\.heihuo8\.top$/i"; classtype:trojan-activity; sid:37944331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain botce.heihuo8.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botce.heihuo8.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botce\.heihuo8\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27417 [] Domain e-parads.com"; dns.query; content:"e-parads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com$/i"; classtype:trojan-activity; sid:37931891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27417;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27417 [] Outgoing HTTP Domain e-parads.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-parads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27417;) alert dns any any -> any any (msg: "MISP e27313 [Mirai,moobot] Domain metis-info.com"; dns.query; content:"metis-info.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])metis\-info\.com$/i"; classtype:trojan-activity; sid:37911481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [Mirai,moobot] Outgoing HTTP Domain metis-info.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"metis-info.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])metis\-info\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27416 [] Domain e-parads.com"; dns.query; content:"e-parads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com$/i"; classtype:trojan-activity; sid:37931861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27416;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27416 [] Outgoing HTTP Domain e-parads.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-parads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27416;) alert ip $HOME_NET any -> 91.92.253.185 6996 (msg: "MISP e27313 [Mirai,moobot] Outgoing To IP: 91.92.253.185|6996"; classtype:trojan-activity; sid:37911491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27415 [] Domain e-parads.com"; dns.query; content:"e-parads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com$/i"; classtype:trojan-activity; sid:37931831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27415;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27415 [] Outgoing HTTP Domain e-parads.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-parads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27415;) alert dns any any -> any any (msg: "MISP e27414 [] Domain e-parads.com"; dns.query; content:"e-parads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com$/i"; classtype:trojan-activity; sid:37931801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27414;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27414 [] Outgoing HTTP Domain e-parads.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-parads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27414;) alert dns any any -> any any (msg: "MISP e27413 [] Domain e-parads.com"; dns.query; content:"e-parads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com$/i"; classtype:trojan-activity; sid:37931771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27413;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27413 [] Outgoing HTTP Domain e-parads.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-parads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27413;) alert dns any any -> any any (msg: "MISP e27412 [] Domain e-parads.com"; dns.query; content:"e-parads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com$/i"; classtype:trojan-activity; sid:37931741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27412;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27412 [] Outgoing HTTP Domain e-parads.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-parads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27412;) alert dns any any -> any any (msg: "MISP e27513 [] Domain who.juniorfoxy.ooo"; dns.query; content:"who.juniorfoxy.ooo"; nocase; pcre: "/(^|[^A-Za-z0-9-])who\.juniorfoxy\.ooo$/i"; classtype:trojan-activity; sid:37944341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain who.juniorfoxy.ooo"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"who.juniorfoxy.ooo"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])who\.juniorfoxy\.ooo[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27513 [] Domain juniorfoxy.ooo"; dns.query; content:"juniorfoxy.ooo"; nocase; pcre: "/(^|[^A-Za-z0-9-])juniorfoxy\.ooo$/i"; classtype:trojan-activity; sid:37944351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain juniorfoxy.ooo"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juniorfoxy.ooo"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juniorfoxy\.ooo[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27411 [] Domain e-parads.com"; dns.query; content:"e-parads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com$/i"; classtype:trojan-activity; sid:37931711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27411;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27411 [] Outgoing HTTP Domain e-parads.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-parads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27411;) alert dns any any -> any any (msg: "MISP e27410 [] Domain e-parads.com"; dns.query; content:"e-parads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com$/i"; classtype:trojan-activity; sid:37931681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27410;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27410 [] Outgoing HTTP Domain e-parads.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-parads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27410;) alert dns any any -> any any (msg: "MISP e27419 [] Domain e-parads.com"; dns.query; content:"e-parads.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com$/i"; classtype:trojan-activity; sid:37931951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27419;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27419 [] Outgoing HTTP Domain e-parads.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-parads.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-parads\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27419;) alert ip $HOME_NET any -> 218.28.172.4 80 (msg: "MISP e27313 [CHINA169-BACKBONE CHINA UNICOM China169 Backbone,Deimos] Outgoing To IP: 218.28.172.4|80"; classtype:trojan-activity; sid:37911501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 45.55.128.82 443 (msg: "MISP e27313 [Bianlian Go Trojan,DIGITALOCEAN-ASN] Outgoing To IP: 45.55.128.82|443"; classtype:trojan-activity; sid:37911511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 64.74.160.238 5432 (msg: "MISP e27313 [Bianlian Go Trojan,DEDICATED] Outgoing To IP: 64.74.160.238|5432"; classtype:trojan-activity; sid:37911521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 31.190.68.42 443 (msg: "MISP e27313 [ASN-WINDTRE IUNET,QakBot] Outgoing To IP: 31.190.68.42|443"; classtype:trojan-activity; sid:37911531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 51.250.20.138 80 (msg: "MISP e27313 [Hookbot Pegasus,YANDEXCLOUD] Outgoing To IP: 51.250.20.138|80"; classtype:trojan-activity; sid:37911541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27513 [] Domain metis-info.com"; dns.query; content:"metis-info.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])metis\-info\.com$/i"; classtype:trojan-activity; sid:37944361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain metis-info.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"metis-info.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])metis\-info\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 91.92.253.185 6996 (msg: "MISP e27513 [] Outgoing To IP: 91.92.253.185|6996"; classtype:trojan-activity; sid:37944371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 104.167.221.222 555 (msg: "MISP e27313 [Gafgyt] Outgoing To IP: 104.167.221.222|555"; classtype:trojan-activity; sid:37911551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 104.167.221.222 555 (msg: "MISP e27513 [] Outgoing To IP: 104.167.221.222|555"; classtype:trojan-activity; sid:37944381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 51.250.20.138 80 (msg: "MISP e27513 [] Outgoing To IP: 51.250.20.138|80"; classtype:trojan-activity; sid:37944391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 31.190.68.42 443 (msg: "MISP e27513 [] Outgoing To IP: 31.190.68.42|443"; classtype:trojan-activity; sid:37944401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 64.74.160.238 5432 (msg: "MISP e27513 [] Outgoing To IP: 64.74.160.238|5432"; classtype:trojan-activity; sid:37944411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 45.55.128.82 443 (msg: "MISP e27513 [] Outgoing To IP: 45.55.128.82|443"; classtype:trojan-activity; sid:37944421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 218.28.172.4 80 (msg: "MISP e27513 [] Outgoing To IP: 218.28.172.4|80"; classtype:trojan-activity; sid:37944431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunners-ireland.com"; dns.query; content:"altrarunners-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunners\-ireland\.com$/i"; classtype:trojan-activity; sid:38140291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunners-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunners-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunners\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ba-shaustralia.com"; dns.query; content:"ba-shaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-shaustralia\.com$/i"; classtype:trojan-activity; sid:38140301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ba-shaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ba-shaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-shaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ba-shcanada.com"; dns.query; content:"ba-shcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-shcanada\.com$/i"; classtype:trojan-activity; sid:38140311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ba-shcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ba-shcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-shcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ba-shireland.com"; dns.query; content:"ba-shireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-shireland\.com$/i"; classtype:trojan-activity; sid:38140321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ba-shireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ba-shireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-shireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bashmalaysia.com"; dns.query; content:"bashmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bashmalaysia\.com$/i"; classtype:trojan-activity; sid:38140331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bashmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bashmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bashmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ba-shnederland.com"; dns.query; content:"ba-shnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-shnederland\.com$/i"; classtype:trojan-activity; sid:38140341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ba-shnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ba-shnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-shnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ba-shsingapore.com"; dns.query; content:"ba-shsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-shsingapore\.com$/i"; classtype:trojan-activity; sid:38140351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ba-shsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ba-shsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-shsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ba-sh-usa.com"; dns.query; content:"ba-sh-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-sh\-usa\.com$/i"; classtype:trojan-activity; sid:38140361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ba-sh-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ba-sh-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ba\-sh\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doc-martensoutlet.com"; dns.query; content:"doc-martensoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doc\-martensoutlet\.com$/i"; classtype:trojan-activity; sid:38140371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doc-martensoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doc-martensoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doc\-martensoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doctormartensbogota.com"; dns.query; content:"doctormartensbogota.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doctormartensbogota\.com$/i"; classtype:trojan-activity; sid:38140381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doctormartensbogota.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doctormartensbogota.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doctormartensbogota\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doctor-martens-chile.com"; dns.query; content:"doctor-martens-chile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doctor\-martens\-chile\.com$/i"; classtype:trojan-activity; sid:38140391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doctor-martens-chile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doctor-martens-chile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doctor\-martens\-chile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doctor-martens-ireland.com"; dns.query; content:"doctor-martens-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doctor\-martens\-ireland\.com$/i"; classtype:trojan-activity; sid:38140401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doctor-martens-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doctor-martens-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doctor\-martens\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doctor-martensmexico.com"; dns.query; content:"doctor-martensmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doctor\-martensmexico\.com$/i"; classtype:trojan-activity; sid:38140411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doctor-martensmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doctor-martensmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doctor\-martensmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain drmartensboty-cz.com"; dns.query; content:"drmartensboty-cz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartensboty\-cz\.com$/i"; classtype:trojan-activity; sid:38140421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain drmartensboty-cz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drmartensboty-cz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartensboty\-cz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martens-ca.com"; dns.query; content:"dr-martens-ca.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-ca\.com$/i"; classtype:trojan-activity; sid:38140431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martens-ca.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martens-ca.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-ca\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain drmartensmalaysiasale.com"; dns.query; content:"drmartensmalaysiasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartensmalaysiasale\.com$/i"; classtype:trojan-activity; sid:38140441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain drmartensmalaysiasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drmartensmalaysiasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartensmalaysiasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain drmartenssinclairmagyarorszag.com"; dns.query; content:"drmartenssinclairmagyarorszag.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartenssinclairmagyarorszag\.com$/i"; classtype:trojan-activity; sid:38140451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain drmartenssinclairmagyarorszag.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drmartenssinclairmagyarorszag.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartenssinclairmagyarorszag\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain drmartenssingapore-sg.com"; dns.query; content:"drmartenssingapore-sg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartenssingapore\-sg\.com$/i"; classtype:trojan-activity; sid:38140461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain drmartenssingapore-sg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drmartenssingapore-sg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartenssingapore\-sg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martens-uk.com"; dns.query; content:"dr-martens-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-uk\.com$/i"; classtype:trojan-activity; sid:38140471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martens-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martens-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martensuk.com"; dns.query; content:"dr-martensuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martensuk\.com$/i"; classtype:trojan-activity; sid:38140481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martensuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martensuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martensuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain grensonstockistsireland.com"; dns.query; content:"grensonstockistsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])grensonstockistsireland\.com$/i"; classtype:trojan-activity; sid:38140491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain grensonstockistsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grensonstockistsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grensonstockistsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain heydudesshoesireland.com"; dns.query; content:"heydudesshoesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])heydudesshoesireland\.com$/i"; classtype:trojan-activity; sid:38140501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain heydudesshoesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"heydudesshoesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])heydudesshoesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain martensmalayisa.com"; dns.query; content:"martensmalayisa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])martensmalayisa\.com$/i"; classtype:trojan-activity; sid:38140511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain martensmalayisa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"martensmalayisa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])martensmalayisa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain martenssmalayisa.com"; dns.query; content:"martenssmalayisa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])martenssmalayisa\.com$/i"; classtype:trojan-activity; sid:38140521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain martenssmalayisa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"martenssmalayisa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])martenssmalayisa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletaustralia.com"; dns.query; content:"melissaoutletaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletaustralia\.com$/i"; classtype:trojan-activity; sid:38140531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletcanada.com"; dns.query; content:"melissaoutletcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletcanada\.com$/i"; classtype:trojan-activity; sid:38140541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletireland.com"; dns.query; content:"melissaoutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletireland\.com$/i"; classtype:trojan-activity; sid:38140551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletsingapore.com"; dns.query; content:"melissaoutletsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletsingapore\.com$/i"; classtype:trojan-activity; sid:38140561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansae.com"; dns.query; content:"nudiejeansae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansae\.com$/i"; classtype:trojan-activity; sid:38140571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansamsterdam.com"; dns.query; content:"nudiejeansamsterdam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansamsterdam\.com$/i"; classtype:trojan-activity; sid:38140581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansamsterdam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansamsterdam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansamsterdam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansaustraliasale.com"; dns.query; content:"nudiejeansaustraliasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansaustraliasale\.com$/i"; classtype:trojan-activity; sid:38140591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansaustraliasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansaustraliasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansaustraliasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansbelgie.com"; dns.query; content:"nudiejeansbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansbelgie\.com$/i"; classtype:trojan-activity; sid:38140601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-canada.com"; dns.query; content:"nudiejeans-canada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-canada\.com$/i"; classtype:trojan-activity; sid:38140611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-canada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-canada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-canada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-danmark.com"; dns.query; content:"nudiejeans-danmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-danmark\.com$/i"; classtype:trojan-activity; sid:38140621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-danmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-danmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-danmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-deutschland.com"; dns.query; content:"nudiejeans-deutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-deutschland\.com$/i"; classtype:trojan-activity; sid:38140631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-deutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-deutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-deutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansdk.com"; dns.query; content:"nudiejeansdk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansdk\.com$/i"; classtype:trojan-activity; sid:38140641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansdk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansdk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansdk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansgrimtimno.com"; dns.query; content:"nudiejeansgrimtimno.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansgrimtimno\.com$/i"; classtype:trojan-activity; sid:38140651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansgrimtimno.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansgrimtimno.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansgrimtimno\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeanshelsinki.com"; dns.query; content:"nudiejeanshelsinki.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanshelsinki\.com$/i"; classtype:trojan-activity; sid:38140661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeanshelsinki.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeanshelsinki.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanshelsinki\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansie.com"; dns.query; content:"nudiejeansie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansie\.com$/i"; classtype:trojan-activity; sid:38140671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-india.com"; dns.query; content:"nudiejeans-india.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-india\.com$/i"; classtype:trojan-activity; sid:38140681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-india.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-india.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-india\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-ireland.com"; dns.query; content:"nudiejeans-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-ireland\.com$/i"; classtype:trojan-activity; sid:38140691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-israel.com"; dns.query; content:"nudiejeans-israel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-israel\.com$/i"; classtype:trojan-activity; sid:38140701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-israel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-israel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-israel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-italia.com"; dns.query; content:"nudiejeans-italia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-italia\.com$/i"; classtype:trojan-activity; sid:38140711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-italia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-italia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-italia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-japan.com"; dns.query; content:"nudiejeans-japan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-japan\.com$/i"; classtype:trojan-activity; sid:38140721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-japan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-japan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-japan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansleandeannl.com"; dns.query; content:"nudiejeansleandeannl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansleandeannl\.com$/i"; classtype:trojan-activity; sid:38140731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansleandeannl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansleandeannl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansleandeannl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansmadrid.com"; dns.query; content:"nudiejeansmadrid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansmadrid\.com$/i"; classtype:trojan-activity; sid:38140741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansmadrid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansmadrid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansmadrid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-malaysia.com"; dns.query; content:"nudiejeans-malaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-malaysia\.com$/i"; classtype:trojan-activity; sid:38140751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-malaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-malaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-malaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansmalaysiaprice.com"; dns.query; content:"nudiejeansmalaysiaprice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansmalaysiaprice\.com$/i"; classtype:trojan-activity; sid:38140761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansmalaysiaprice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansmalaysiaprice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansmalaysiaprice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-mexico.com"; dns.query; content:"nudiejeans-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-mexico\.com$/i"; classtype:trojan-activity; sid:38140771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-nz.com"; dns.query; content:"nudiejeans-nz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-nz\.com$/i"; classtype:trojan-activity; sid:38140781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-nz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-nz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-nz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-oslo.com"; dns.query; content:"nudiejeans-oslo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-oslo\.com$/i"; classtype:trojan-activity; sid:38140791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-oslo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-oslo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-oslo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansparis.com"; dns.query; content:"nudiejeansparis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansparis\.com$/i"; classtype:trojan-activity; sid:38140801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansparis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansparis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansparis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-philippines.com"; dns.query; content:"nudiejeans-philippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-philippines\.com$/i"; classtype:trojan-activity; sid:38140811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-philippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-philippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-philippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-polska.com"; dns.query; content:"nudiejeans-polska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-polska\.com$/i"; classtype:trojan-activity; sid:38140821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-polska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-polska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-polska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeanspricein.com"; dns.query; content:"nudiejeanspricein.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanspricein\.com$/i"; classtype:trojan-activity; sid:38140831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeanspricein.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeanspricein.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanspricein\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeanspricephilippines.com"; dns.query; content:"nudiejeanspricephilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanspricephilippines\.com$/i"; classtype:trojan-activity; sid:38140841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeanspricephilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeanspricephilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanspricephilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeanssaleaustralia.com"; dns.query; content:"nudiejeanssaleaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanssaleaustralia\.com$/i"; classtype:trojan-activity; sid:38140851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeanssaleaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeanssaleaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanssaleaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeanssalede.com"; dns.query; content:"nudiejeanssalede.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanssalede\.com$/i"; classtype:trojan-activity; sid:38140861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeanssalede.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeanssalede.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanssalede\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeanssaleus.com"; dns.query; content:"nudiejeanssaleus.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanssaleus\.com$/i"; classtype:trojan-activity; sid:38140871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeanssaleus.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeanssaleus.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanssaleus\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeanssaleza.com"; dns.query; content:"nudiejeanssaleza.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanssaleza\.com$/i"; classtype:trojan-activity; sid:38140881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeanssaleza.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeanssaleza.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanssaleza\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-singapore.com"; dns.query; content:"nudiejeans-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-singapore\.com$/i"; classtype:trojan-activity; sid:38140891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-southafrica.com"; dns.query; content:"nudiejeans-southafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-southafrica\.com$/i"; classtype:trojan-activity; sid:38140901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-southafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-southafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-southafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeanssverigeo.com"; dns.query; content:"nudiejeanssverigeo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanssverigeo\.com$/i"; classtype:trojan-activity; sid:38140911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeanssverigeo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeanssverigeo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanssverigeo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansturkey.com"; dns.query; content:"nudiejeansturkey.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansturkey\.com$/i"; classtype:trojan-activity; sid:38140921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansturkey.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansturkey.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansturkey\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-turkiye.com"; dns.query; content:"nudiejeans-turkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-turkiye\.com$/i"; classtype:trojan-activity; sid:38140931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-turkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-turkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-turkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-uae.com"; dns.query; content:"nudiejeans-uae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-uae\.com$/i"; classtype:trojan-activity; sid:38140941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-uae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-uae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-uae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-uk.com"; dns.query; content:"nudiejeans-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-uk\.com$/i"; classtype:trojan-activity; sid:38140951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeansuksale.com"; dns.query; content:"nudiejeansuksale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansuksale\.com$/i"; classtype:trojan-activity; sid:38140961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeansuksale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeansuksale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeansuksale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeans-usa.com"; dns.query; content:"nudiejeans-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-usa\.com$/i"; classtype:trojan-activity; sid:38140971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeans-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeans-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeans\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeanswien.com"; dns.query; content:"nudiejeanswien.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanswien\.com$/i"; classtype:trojan-activity; sid:38140981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeanswien.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeanswien.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanswien\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nudiejeanszurich.com"; dns.query; content:"nudiejeanszurich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanszurich\.com$/i"; classtype:trojan-activity; sid:38140991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nudiejeanszurich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nudiejeanszurich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nudiejeanszurich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38140992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowabelgium.com"; dns.query; content:"rimowabelgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowabelgium\.com$/i"; classtype:trojan-activity; sid:38141001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowabelgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowabelgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowabelgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-canada.com"; dns.query; content:"rimowa-canada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-canada\.com$/i"; classtype:trojan-activity; sid:38141011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-canada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-canada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-canada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowachile.com"; dns.query; content:"rimowachile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowachile\.com$/i"; classtype:trojan-activity; sid:38141021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowachile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowachile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowachile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowacolombia.com"; dns.query; content:"rimowacolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowacolombia\.com$/i"; classtype:trojan-activity; sid:38141031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowacolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowacolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowacolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowacz.com"; dns.query; content:"rimowacz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowacz\.com$/i"; classtype:trojan-activity; sid:38141041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowacz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowacz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowacz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowadanmark.com"; dns.query; content:"rimowadanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowadanmark\.com$/i"; classtype:trojan-activity; sid:38141051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowadanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowadanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowadanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-deutschland.com"; dns.query; content:"rimowa-deutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-deutschland\.com$/i"; classtype:trojan-activity; sid:38141061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-deutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-deutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-deutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowadeutschland.com"; dns.query; content:"rimowadeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowadeutschland\.com$/i"; classtype:trojan-activity; sid:38141071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowadeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowadeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowadeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaecuador.com"; dns.query; content:"rimowaecuador.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaecuador\.com$/i"; classtype:trojan-activity; sid:38141081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaecuador.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaecuador.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaecuador\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-espana.com"; dns.query; content:"rimowa-espana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-espana\.com$/i"; classtype:trojan-activity; sid:38141091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-espana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-espana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-espana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaespana.com"; dns.query; content:"rimowaespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaespana\.com$/i"; classtype:trojan-activity; sid:38141101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowafrance.com"; dns.query; content:"rimowafrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowafrance\.com$/i"; classtype:trojan-activity; sid:38141111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowafrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowafrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowafrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowagreece.com"; dns.query; content:"rimowagreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowagreece\.com$/i"; classtype:trojan-activity; sid:38141121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowagreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowagreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowagreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowahrvatska.com"; dns.query; content:"rimowahrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowahrvatska\.com$/i"; classtype:trojan-activity; sid:38141131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowahrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowahrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowahrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowahungary.com"; dns.query; content:"rimowahungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowahungary\.com$/i"; classtype:trojan-activity; sid:38141141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowahungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowahungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowahungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaindonesia.com"; dns.query; content:"rimowaindonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaindonesia\.com$/i"; classtype:trojan-activity; sid:38141151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaindonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaindonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaindonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaireland.com"; dns.query; content:"rimowaireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaireland\.com$/i"; classtype:trojan-activity; sid:38141161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaisrael.com"; dns.query; content:"rimowaisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaisrael\.com$/i"; classtype:trojan-activity; sid:38141171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaitalia.com"; dns.query; content:"rimowaitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaitalia\.com$/i"; classtype:trojan-activity; sid:38141181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowajapanstore.com"; dns.query; content:"rimowajapanstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowajapanstore\.com$/i"; classtype:trojan-activity; sid:38141191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowajapanstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowajapanstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowajapanstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaksa.com"; dns.query; content:"rimowaksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaksa\.com$/i"; classtype:trojan-activity; sid:38141201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-malaysia.com"; dns.query; content:"rimowa-malaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-malaysia\.com$/i"; classtype:trojan-activity; sid:38141211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-malaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-malaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-malaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowamalaysia.com"; dns.query; content:"rimowamalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowamalaysia\.com$/i"; classtype:trojan-activity; sid:38141221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowamalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowamalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowamalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-mexico.com"; dns.query; content:"rimowa-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-mexico\.com$/i"; classtype:trojan-activity; sid:38141231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowamexico.com"; dns.query; content:"rimowamexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowamexico\.com$/i"; classtype:trojan-activity; sid:38141241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowamexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowamexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowamexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowanederland.com"; dns.query; content:"rimowanederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowanederland\.com$/i"; classtype:trojan-activity; sid:38141251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowanederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowanederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowanederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowanorge.com"; dns.query; content:"rimowanorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowanorge\.com$/i"; classtype:trojan-activity; sid:38141261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowanorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowanorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowanorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-nz.com"; dns.query; content:"rimowa-nz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-nz\.com$/i"; classtype:trojan-activity; sid:38141271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-nz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-nz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-nz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowanz.com"; dns.query; content:"rimowanz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowanz\.com$/i"; classtype:trojan-activity; sid:38141281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowanz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowanz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowanz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaosterreich.com"; dns.query; content:"rimowaosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaosterreich\.com$/i"; classtype:trojan-activity; sid:38141291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-philippines.com"; dns.query; content:"rimowa-philippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-philippines\.com$/i"; classtype:trojan-activity; sid:38141301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-philippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-philippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-philippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaphilippines.com"; dns.query; content:"rimowaphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaphilippines\.com$/i"; classtype:trojan-activity; sid:38141311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowapolska.com"; dns.query; content:"rimowapolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowapolska\.com$/i"; classtype:trojan-activity; sid:38141321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowapolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowapolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowapolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-portugal.com"; dns.query; content:"rimowa-portugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-portugal\.com$/i"; classtype:trojan-activity; sid:38141331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-portugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-portugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-portugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaportugal.com"; dns.query; content:"rimowaportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaportugal\.com$/i"; classtype:trojan-activity; sid:38141341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaromania.com"; dns.query; content:"rimowaromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaromania\.com$/i"; classtype:trojan-activity; sid:38141351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-schweiz.com"; dns.query; content:"rimowa-schweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-schweiz\.com$/i"; classtype:trojan-activity; sid:38141361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-schweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-schweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-schweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaschweiz.com"; dns.query; content:"rimowaschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaschweiz\.com$/i"; classtype:trojan-activity; sid:38141371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-singapore.com"; dns.query; content:"rimowa-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-singapore\.com$/i"; classtype:trojan-activity; sid:38141381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowasingapore.com"; dns.query; content:"rimowasingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasingapore\.com$/i"; classtype:trojan-activity; sid:38141391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowasingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowasingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaslovenija.com"; dns.query; content:"rimowaslovenija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaslovenija\.com$/i"; classtype:trojan-activity; sid:38141401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaslovenija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaslovenija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaslovenija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowasouthafrica.com"; dns.query; content:"rimowasouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasouthafrica\.com$/i"; classtype:trojan-activity; sid:38141411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowasouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowasouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowasrbija.com"; dns.query; content:"rimowasrbija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasrbija\.com$/i"; classtype:trojan-activity; sid:38141421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowasrbija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowasrbija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasrbija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowasuomi.com"; dns.query; content:"rimowasuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasuomi\.com$/i"; classtype:trojan-activity; sid:38141431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowasuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowasuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-sverige.com"; dns.query; content:"rimowa-sverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-sverige\.com$/i"; classtype:trojan-activity; sid:38141441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-sverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-sverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-sverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowasverige.com"; dns.query; content:"rimowasverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasverige\.com$/i"; classtype:trojan-activity; sid:38141451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowasverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowasverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-turkiye.com"; dns.query; content:"rimowa-turkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-turkiye\.com$/i"; classtype:trojan-activity; sid:38141461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-turkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-turkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-turkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowauae.com"; dns.query; content:"rimowauae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowauae\.com$/i"; classtype:trojan-activity; sid:38141471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowauae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowauae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowauae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowauk.com"; dns.query; content:"rimowauk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowauk\.com$/i"; classtype:trojan-activity; sid:38141481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowauk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowauk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowauk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowausasale.com"; dns.query; content:"rimowausasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowausasale\.com$/i"; classtype:trojan-activity; sid:38141491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowausasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowausasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowausasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tomford-australia.com"; dns.query; content:"tomford-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-australia\.com$/i"; classtype:trojan-activity; sid:38141501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tomford-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomford-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tomfordespana.com"; dns.query; content:"tomfordespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomfordespana\.com$/i"; classtype:trojan-activity; sid:38141511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tomfordespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomfordespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomfordespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tomfordfactory.com"; dns.query; content:"tomfordfactory.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomfordfactory\.com$/i"; classtype:trojan-activity; sid:38141521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tomfordfactory.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomfordfactory.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomfordfactory\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tomford-ireland.com"; dns.query; content:"tomford-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-ireland\.com$/i"; classtype:trojan-activity; sid:38141531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tomford-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomford-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tomford-nederland.com"; dns.query; content:"tomford-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-nederland\.com$/i"; classtype:trojan-activity; sid:38141541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tomford-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomford-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tomford-romania.com"; dns.query; content:"tomford-romania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-romania\.com$/i"; classtype:trojan-activity; sid:38141551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tomford-romania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomford-romania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-romania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tomford-singapore.com"; dns.query; content:"tomford-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-singapore\.com$/i"; classtype:trojan-activity; sid:38141561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tomford-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomford-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tomford-suomi.com"; dns.query; content:"tomford-suomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-suomi\.com$/i"; classtype:trojan-activity; sid:38141571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tomford-suomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomford-suomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-suomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tomford-uae.com"; dns.query; content:"tomford-uae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-uae\.com$/i"; classtype:trojan-activity; sid:38141581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tomford-uae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomford-uae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-uae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-australia.com"; dns.query; content:"tumi-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-australia\.com$/i"; classtype:trojan-activity; sid:38141591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiaustraliaoutlet.com"; dns.query; content:"tumiaustraliaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiaustraliaoutlet\.com$/i"; classtype:trojan-activity; sid:38141601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiaustraliaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiaustraliaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiaustraliaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumibelgie.com"; dns.query; content:"tumibelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumibelgie\.com$/i"; classtype:trojan-activity; sid:38141611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumibelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumibelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumibelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-brasil.com"; dns.query; content:"tumi-brasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-brasil\.com$/i"; classtype:trojan-activity; sid:38141621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-brasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-brasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-brasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-canada.com"; dns.query; content:"tumi-canada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-canada\.com$/i"; classtype:trojan-activity; sid:38141631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-canada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-canada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-canada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumicanadaoutlet.com"; dns.query; content:"tumicanadaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumicanadaoutlet\.com$/i"; classtype:trojan-activity; sid:38141641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumicanadaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumicanadaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumicanadaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumichile.com"; dns.query; content:"tumichile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumichile\.com$/i"; classtype:trojan-activity; sid:38141651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumichile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumichile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumichile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-colombia.com"; dns.query; content:"tumi-colombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-colombia\.com$/i"; classtype:trojan-activity; sid:38141661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-colombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-colombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-colombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumicolombia.com"; dns.query; content:"tumicolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumicolombia\.com$/i"; classtype:trojan-activity; sid:38141671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumicolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumicolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumicolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumidanmark.com"; dns.query; content:"tumidanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumidanmark\.com$/i"; classtype:trojan-activity; sid:38141681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumidanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumidanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumidanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumideutschland.com"; dns.query; content:"tumideutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumideutschland\.com$/i"; classtype:trojan-activity; sid:38141691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumideutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumideutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumideutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiespana.com"; dns.query; content:"tumiespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiespana\.com$/i"; classtype:trojan-activity; sid:38141701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumifrance.com"; dns.query; content:"tumifrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumifrance\.com$/i"; classtype:trojan-activity; sid:38141711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumifrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumifrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumifrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumigreece.com"; dns.query; content:"tumigreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumigreece\.com$/i"; classtype:trojan-activity; sid:38141721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumigreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumigreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumigreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumihungary.com"; dns.query; content:"tumihungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumihungary\.com$/i"; classtype:trojan-activity; sid:38141731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumihungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumihungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumihungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-india.com"; dns.query; content:"tumi-india.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-india\.com$/i"; classtype:trojan-activity; sid:38141741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-india.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-india.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-india\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiindonesia.com"; dns.query; content:"tumiindonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiindonesia\.com$/i"; classtype:trojan-activity; sid:38141751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiindonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiindonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiindonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiireland.com"; dns.query; content:"tumiireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiireland\.com$/i"; classtype:trojan-activity; sid:38141761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiisrael.com"; dns.query; content:"tumiisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiisrael\.com$/i"; classtype:trojan-activity; sid:38141771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiitalia.com"; dns.query; content:"tumiitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiitalia\.com$/i"; classtype:trojan-activity; sid:38141781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumijapanstore.com"; dns.query; content:"tumijapanstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumijapanstore\.com$/i"; classtype:trojan-activity; sid:38141791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumijapanstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumijapanstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumijapanstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiksa.com"; dns.query; content:"tumiksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiksa\.com$/i"; classtype:trojan-activity; sid:38141801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumimalaysia.com"; dns.query; content:"tumimalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumimalaysia\.com$/i"; classtype:trojan-activity; sid:38141811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumimalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumimalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumimalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-mexico.com"; dns.query; content:"tumi-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-mexico\.com$/i"; classtype:trojan-activity; sid:38141821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tuminederland.com"; dns.query; content:"tuminederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tuminederland\.com$/i"; classtype:trojan-activity; sid:38141831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tuminederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tuminederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tuminederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tuminorge.com"; dns.query; content:"tuminorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tuminorge\.com$/i"; classtype:trojan-activity; sid:38141841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tuminorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tuminorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tuminorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-nz.com"; dns.query; content:"tumi-nz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-nz\.com$/i"; classtype:trojan-activity; sid:38141851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-nz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-nz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-nz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiosterreich.com"; dns.query; content:"tumiosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiosterreich\.com$/i"; classtype:trojan-activity; sid:38141861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiphilippines.com"; dns.query; content:"tumiphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiphilippines\.com$/i"; classtype:trojan-activity; sid:38141871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumipolska.com"; dns.query; content:"tumipolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumipolska\.com$/i"; classtype:trojan-activity; sid:38141881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumipolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumipolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumipolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiportugal.com"; dns.query; content:"tumiportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiportugal\.com$/i"; classtype:trojan-activity; sid:38141891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiromania.com"; dns.query; content:"tumiromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiromania\.com$/i"; classtype:trojan-activity; sid:38141901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumischweiz.com"; dns.query; content:"tumischweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumischweiz\.com$/i"; classtype:trojan-activity; sid:38141911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumischweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumischweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumischweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumisingapore.com"; dns.query; content:"tumisingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisingapore\.com$/i"; classtype:trojan-activity; sid:38141921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumisingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumisingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumisouthafrica.com"; dns.query; content:"tumisouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisouthafrica\.com$/i"; classtype:trojan-activity; sid:38141931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumisouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumisouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumisrbija.com"; dns.query; content:"tumisrbija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisrbija\.com$/i"; classtype:trojan-activity; sid:38141941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumisrbija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumisrbija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisrbija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumisuomi.com"; dns.query; content:"tumisuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisuomi\.com$/i"; classtype:trojan-activity; sid:38141951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumisuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumisuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumisverige.com"; dns.query; content:"tumisverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisverige\.com$/i"; classtype:trojan-activity; sid:38141961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumisverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumisverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiturkiye.com"; dns.query; content:"tumiturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiturkiye\.com$/i"; classtype:trojan-activity; sid:38141971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-uae.com"; dns.query; content:"tumi-uae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-uae\.com$/i"; classtype:trojan-activity; sid:38141981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-uae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-uae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-uae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiuae.com"; dns.query; content:"tumiuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiuae\.com$/i"; classtype:trojan-activity; sid:38141991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38141992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiuksale.com"; dns.query; content:"tumiuksale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiuksale\.com$/i"; classtype:trojan-activity; sid:38142001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiuksale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiuksale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiuksale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38142002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiusaoutlet.com"; dns.query; content:"tumiusaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiusaoutlet\.com$/i"; classtype:trojan-activity; sid:38142011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiusaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiusaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiusaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38142012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27396 [] Domain 1stemployer.com"; dns.query; content:"1stemployer.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])1stemployer\.com$/i"; classtype:trojan-activity; sid:37929661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Domain 1stemployer.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"1stemployer.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])1stemployer\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname birngthemhomenow.co.il"; dns.query; content:"birngthemhomenow.co.il"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])birngthemhomenow\.co\.il$/i"; classtype:trojan-activity; sid:37929671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname birngthemhomenow.co.il"; flow:to_server,established; http.header; content: "Host|3a| birngthemhomenow.co.il"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])birngthemhomenow\.co\.il[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929672; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Domain cashcloudservices.com"; dns.query; content:"cashcloudservices.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cashcloudservices\.com$/i"; classtype:trojan-activity; sid:37929681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Domain cashcloudservices.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cashcloudservices.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cashcloudservices\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929682; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Domain jupyternotebookcollections.com"; dns.query; content:"jupyternotebookcollections.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jupyternotebookcollections\.com$/i"; classtype:trojan-activity; sid:37929691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Domain jupyternotebookcollections.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jupyternotebookcollections.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jupyternotebookcollections\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929692; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Domain notebooktextcheckings.com"; dns.query; content:"notebooktextcheckings.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])notebooktextcheckings\.com$/i"; classtype:trojan-activity; sid:37929701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Domain notebooktextcheckings.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"notebooktextcheckings.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])notebooktextcheckings\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname teledyneflir.com.de"; dns.query; content:"teledyneflir.com.de"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teledyneflir\.com\.de$/i"; classtype:trojan-activity; sid:37929711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname teledyneflir.com.de"; flow:to_server,established; http.header; content: "Host|3a| teledyneflir.com.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teledyneflir\.com\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Domain vsliveagent.com"; dns.query; content:"vsliveagent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vsliveagent\.com$/i"; classtype:trojan-activity; sid:37929721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Domain vsliveagent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vsliveagent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vsliveagent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929722; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Domain xboxplayservice.com"; dns.query; content:"xboxplayservice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])xboxplayservice\.com$/i"; classtype:trojan-activity; sid:37929731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Domain xboxplayservice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xboxplayservice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xboxplayservice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929732; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname airconnectionapi.azurewebsites.net"; dns.query; content:"airconnectionapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airconnectionapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname airconnectionapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| airconnectionapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airconnectionapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname airconnectionsapi.azurewebsites.net"; dns.query; content:"airconnectionsapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airconnectionsapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname airconnectionsapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| airconnectionsapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airconnectionsapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname airconnectionsapijson.azurewebsites.net"; dns.query; content:"airconnectionsapijson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airconnectionsapijson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname airconnectionsapijson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| airconnectionsapijson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airconnectionsapijson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname airgadgetsolution.azurewebsites.net"; dns.query; content:"airgadgetsolution.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airgadgetsolution\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname airgadgetsolution.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| airgadgetsolution.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airgadgetsolution\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname airgadgetsolutions.azurewebsites.net"; dns.query; content:"airgadgetsolutions.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airgadgetsolutions\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname airgadgetsolutions.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| airgadgetsolutions.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])airgadgetsolutions\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929782; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname altnametestapi.azurewebsites.net"; dns.query; content:"altnametestapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])altnametestapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname altnametestapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| altnametestapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])altnametestapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname answerssurveytest.azurewebsites.net"; dns.query; content:"answerssurveytest.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])answerssurveytest\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname answerssurveytest.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| answerssurveytest.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])answerssurveytest\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929802; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname apphrquestion.azurewebsites.net"; dns.query; content:"apphrquestion.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apphrquestion\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname apphrquestion.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| apphrquestion.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apphrquestion\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929812; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname apphrquestions.azurewebsites.net"; dns.query; content:"apphrquestions.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apphrquestions\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname apphrquestions.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| apphrquestions.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apphrquestions\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929822; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname apphrquizapi.azurewebsites.net"; dns.query; content:"apphrquizapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apphrquizapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname apphrquizapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| apphrquizapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apphrquizapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929832; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname arquestionsapi.azurewebsites.net"; dns.query; content:"arquestionsapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arquestionsapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname arquestionsapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| arquestionsapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arquestionsapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929842; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname arquestions.azurewebsites.net"; dns.query; content:"arquestions.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arquestions\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname arquestions.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| arquestions.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arquestions\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929852; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname audiomanagerapi.azurewebsites.net"; dns.query; content:"audiomanagerapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])audiomanagerapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname audiomanagerapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| audiomanagerapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])audiomanagerapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929862; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname audioservicetestapi.azurewebsites.net"; dns.query; content:"audioservicetestapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])audioservicetestapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname audioservicetestapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| audioservicetestapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])audioservicetestapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929872; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname blognewsalphaapijson.azurewebsites.net"; dns.query; content:"blognewsalphaapijson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blognewsalphaapijson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname blognewsalphaapijson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| blognewsalphaapijson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blognewsalphaapijson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname blogvolleyballstatusapi.azurewebsites.net"; dns.query; content:"blogvolleyballstatusapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blogvolleyballstatusapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname blogvolleyballstatusapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| blogvolleyballstatusapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blogvolleyballstatusapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929892; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname blogvolleyballstatus.azurewebsites.net"; dns.query; content:"blogvolleyballstatus.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blogvolleyballstatus\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname blogvolleyballstatus.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| blogvolleyballstatus.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blogvolleyballstatus\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929902; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname boeisurveyapplications.azurewebsites.net"; dns.query; content:"boeisurveyapplications.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])boeisurveyapplications\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname boeisurveyapplications.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| boeisurveyapplications.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])boeisurveyapplications\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929912; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname browsercheckap.azurewebsites.net"; dns.query; content:"browsercheckap.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])browsercheckap\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname browsercheckap.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| browsercheckap.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])browsercheckap\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929922; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname browsercheckingapi.azurewebsites.net"; dns.query; content:"browsercheckingapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])browsercheckingapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname browsercheckingapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| browsercheckingapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])browsercheckingapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929932; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname browsercheckjson.azurewebsites.net"; dns.query; content:"browsercheckjson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])browsercheckjson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname browsercheckjson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| browsercheckjson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])browsercheckjson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929942; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname changequestionstypeapi.azurewebsites.net"; dns.query; content:"changequestionstypeapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])changequestionstypeapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname changequestionstypeapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| changequestionstypeapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])changequestionstypeapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929952; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname changequestionstypejsonapi.azurewebsites.net"; dns.query; content:"changequestionstypejsonapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])changequestionstypejsonapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname changequestionstypejsonapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| changequestionstypejsonapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])changequestionstypejsonapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929962; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname changequestiontypesapi.azurewebsites.net"; dns.query; content:"changequestiontypesapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])changequestiontypesapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname changequestiontypesapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| changequestiontypesapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])changequestiontypesapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929972; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname changequestiontypes.azurewebsites.net"; dns.query; content:"changequestiontypes.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])changequestiontypes\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname changequestiontypes.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| changequestiontypes.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])changequestiontypes\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname checkapicountryquestions.azurewebsites.net"; dns.query; content:"checkapicountryquestions.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])checkapicountryquestions\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37929991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname checkapicountryquestions.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| checkapicountryquestions.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])checkapicountryquestions\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname checkapicountryquestionsjson.azurewebsites.net"; dns.query; content:"checkapicountryquestionsjson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])checkapicountryquestionsjson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname checkapicountryquestionsjson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| checkapicountryquestionsjson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])checkapicountryquestionsjson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname checkservicecustomerapi.azurewebsites.net"; dns.query; content:"checkservicecustomerapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])checkservicecustomerapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname checkservicecustomerapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| checkservicecustomerapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])checkservicecustomerapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname coffeeonlineshop.azurewebsites.net"; dns.query; content:"coffeeonlineshop.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coffeeonlineshop\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname coffeeonlineshop.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| coffeeonlineshop.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coffeeonlineshop\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname coffeeonlineshoping.azurewebsites.net"; dns.query; content:"coffeeonlineshoping.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coffeeonlineshoping\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname coffeeonlineshoping.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| coffeeonlineshoping.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coffeeonlineshoping\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930032; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname connectairapijson.azurewebsites.net"; dns.query; content:"connectairapijson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])connectairapijson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname connectairapijson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| connectairapijson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])connectairapijson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930042; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname connectionhandlerapi.azurewebsites.net"; dns.query; content:"connectionhandlerapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])connectionhandlerapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname connectionhandlerapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| connectionhandlerapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])connectionhandlerapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930052; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname countrybasedquestions.azurewebsites.net"; dns.query; content:"countrybasedquestions.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])countrybasedquestions\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname countrybasedquestions.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| countrybasedquestions.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])countrybasedquestions\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930062; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname customercareserviceapi.azurewebsites.net"; dns.query; content:"customercareserviceapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])customercareserviceapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname customercareserviceapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| customercareserviceapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])customercareserviceapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname customercareservice.azurewebsites.net"; dns.query; content:"customercareservice.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])customercareservice\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname customercareservice.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| customercareservice.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])customercareservice\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930082; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname emiratescheckapi.azurewebsites.net"; dns.query; content:"emiratescheckapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emiratescheckapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname emiratescheckapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| emiratescheckapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emiratescheckapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930092; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname emiratescheckapijson.azurewebsites.net"; dns.query; content:"emiratescheckapijson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emiratescheckapijson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname emiratescheckapijson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| emiratescheckapijson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emiratescheckapijson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930102; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname engineeringrssfeed.azurewebsites.net"; dns.query; content:"engineeringrssfeed.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])engineeringrssfeed\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname engineeringrssfeed.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| engineeringrssfeed.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])engineeringrssfeed\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930112; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname engineeringssfeed.azurewebsites.net"; dns.query; content:"engineeringssfeed.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])engineeringssfeed\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname engineeringssfeed.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| engineeringssfeed.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])engineeringssfeed\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930122; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname exchtestcheckingapi.azurewebsites.net"; dns.query; content:"exchtestcheckingapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exchtestcheckingapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname exchtestcheckingapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| exchtestcheckingapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exchtestcheckingapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930132; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname exchtestcheckingapihealth.azurewebsites.net"; dns.query; content:"exchtestcheckingapihealth.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exchtestcheckingapihealth\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname exchtestcheckingapihealth.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| exchtestcheckingapihealth.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exchtestcheckingapihealth\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930142; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname flighthelicopterahtest.azurewebsites.net"; dns.query; content:"flighthelicopterahtest.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flighthelicopterahtest\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname flighthelicopterahtest.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| flighthelicopterahtest.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flighthelicopterahtest\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930152; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname helicopterahtest.azurewebsites.net"; dns.query; content:"helicopterahtest.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helicopterahtest\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname helicopterahtest.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| helicopterahtest.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helicopterahtest\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930162; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname helicopterahtests.azurewebsites.net"; dns.query; content:"helicopterahtests.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helicopterahtests\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname helicopterahtests.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| helicopterahtests.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helicopterahtests\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930172; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname helicoptersahtests.azurewebsites.net"; dns.query; content:"helicoptersahtests.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helicoptersahtests\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname helicoptersahtests.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| helicoptersahtests.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helicoptersahtests\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname hiringarabicregion.azurewebsites.net"; dns.query; content:"hiringarabicregion.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hiringarabicregion\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname hiringarabicregion.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| hiringarabicregion.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hiringarabicregion\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930192; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname homefurniture.azurewebsites.net"; dns.query; content:"homefurniture.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])homefurniture\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname homefurniture.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| homefurniture.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])homefurniture\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930202; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname hrapplicationtest.azurewebsites.net"; dns.query; content:"hrapplicationtest.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hrapplicationtest\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname hrapplicationtest.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| hrapplicationtest.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hrapplicationtest\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname humanresourcesapi.azurewebsites.net"; dns.query; content:"humanresourcesapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])humanresourcesapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname humanresourcesapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| humanresourcesapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])humanresourcesapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930222; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname humanresourcesapijson.azurewebsites.net"; dns.query; content:"humanresourcesapijson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])humanresourcesapijson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname humanresourcesapijson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| humanresourcesapijson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])humanresourcesapijson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930232; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname humanresourcesapiquiz.azurewebsites.net"; dns.query; content:"humanresourcesapiquiz.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])humanresourcesapiquiz\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname humanresourcesapiquiz.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| humanresourcesapiquiz.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])humanresourcesapiquiz\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930242; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname iaidevrssfeed.centralus.cloudapp.azure.com"; dns.query; content:"iaidevrssfeed.centralus.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iaidevrssfeed\.centralus\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37930251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname iaidevrssfeed.centralus.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a| iaidevrssfeed.centralus.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iaidevrssfeed\.centralus\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930252; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname iaidevrssfeed.centrualus.cloudapp.azure.com"; dns.query; content:"iaidevrssfeed.centrualus.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iaidevrssfeed\.centrualus\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37930261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname iaidevrssfeed.centrualus.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a| iaidevrssfeed.centrualus.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iaidevrssfeed\.centrualus\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930262; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname iaidevrssfeed.cloudapp.azure.com"; dns.query; content:"iaidevrssfeed.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iaidevrssfeed\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37930271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname iaidevrssfeed.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a| iaidevrssfeed.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iaidevrssfeed\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930272; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname iaidevrssfeedp.cloudapp.azure.com"; dns.query; content:"iaidevrssfeedp.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iaidevrssfeedp\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37930281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname iaidevrssfeedp.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a| iaidevrssfeedp.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iaidevrssfeedp\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930282; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname identifycheckapplication.azurewebsites.net"; dns.query; content:"identifycheckapplication.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifycheckapplication\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname identifycheckapplication.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| identifycheckapplication.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifycheckapplication\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930292; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname identifycheckapplications.azurewebsites.net"; dns.query; content:"identifycheckapplications.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifycheckapplications\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname identifycheckapplications.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| identifycheckapplications.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifycheckapplications\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930302; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname identifycheckingapplications.azurewebsites.net"; dns.query; content:"identifycheckingapplications.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifycheckingapplications\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname identifycheckingapplications.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| identifycheckingapplications.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])identifycheckingapplications\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930312; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname ilengineeringrssfeed.azurewebsites.net"; dns.query; content:"ilengineeringrssfeed.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ilengineeringrssfeed\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname ilengineeringrssfeed.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| ilengineeringrssfeed.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ilengineeringrssfeed\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930322; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname integratedblognewfeed.azurewebsites.net"; dns.query; content:"integratedblognewfeed.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])integratedblognewfeed\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname integratedblognewfeed.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| integratedblognewfeed.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])integratedblognewfeed\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930332; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname integratedblognewsapi.azurewebsites.com"; dns.query; content:"integratedblognewsapi.azurewebsites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])integratedblognewsapi\.azurewebsites\.com$/i"; classtype:trojan-activity; sid:37930341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname integratedblognewsapi.azurewebsites.com"; flow:to_server,established; http.header; content: "Host|3a| integratedblognewsapi.azurewebsites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])integratedblognewsapi\.azurewebsites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930342; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname integratedblognewsapi.azurewebsites.net"; dns.query; content:"integratedblognewsapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])integratedblognewsapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname integratedblognewsapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| integratedblognewsapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])integratedblognewsapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930352; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname integratedblognews.azurewebsites.net"; dns.query; content:"integratedblognews.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])integratedblognews\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname integratedblognews.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| integratedblognews.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])integratedblognews\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930362; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname intengineeringrssfeed.azurewebsites.net"; dns.query; content:"intengineeringrssfeed.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intengineeringrssfeed\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname intengineeringrssfeed.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| intengineeringrssfeed.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intengineeringrssfeed\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930372; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname intergratedblognewsapi.azurewebsites.net"; dns.query; content:"intergratedblognewsapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intergratedblognewsapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname intergratedblognewsapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| intergratedblognewsapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intergratedblognewsapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930382; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname javaruntime.azurewebsites.net"; dns.query; content:"javaruntime.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])javaruntime\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname javaruntime.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| javaruntime.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])javaruntime\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930392; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname javaruntimestestapi.azurewebsites.net"; dns.query; content:"javaruntimestestapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])javaruntimestestapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname javaruntimestestapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| javaruntimestestapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])javaruntimestestapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930402; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname javaruntimetestapi.azurewebsites.net"; dns.query; content:"javaruntimetestapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])javaruntimetestapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname javaruntimetestapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| javaruntimetestapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])javaruntimetestapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930412; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname javaruntimeversioncheckingapi.azurewebsites.net"; dns.query; content:"javaruntimeversioncheckingapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])javaruntimeversioncheckingapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname javaruntimeversioncheckingapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| javaruntimeversioncheckingapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])javaruntimeversioncheckingapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930422; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname javaruntimeversionchecking.azurewebsites.net"; dns.query; content:"javaruntimeversionchecking.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])javaruntimeversionchecking\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname javaruntimeversionchecking.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| javaruntimeversionchecking.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])javaruntimeversionchecking\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930432; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname jupyternotebookcollection.azurewebsites.net"; dns.query; content:"jupyternotebookcollection.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jupyternotebookcollection\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname jupyternotebookcollection.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| jupyternotebookcollection.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jupyternotebookcollection\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname jupyternotebookcollections.azurewebsites.net"; dns.query; content:"jupyternotebookcollections.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jupyternotebookcollections\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname jupyternotebookcollections.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| jupyternotebookcollections.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jupyternotebookcollections\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930452; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname jupyternotebookscollection.azurewebsites.net"; dns.query; content:"jupyternotebookscollection.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jupyternotebookscollection\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname jupyternotebookscollection.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| jupyternotebookscollection.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jupyternotebookscollection\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930462; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname logsapimanagement.azurewebsites.net"; dns.query; content:"logsapimanagement.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logsapimanagement\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname logsapimanagement.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| logsapimanagement.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logsapimanagement\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930472; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname logsapimanagements.azurewebsites.net"; dns.query; content:"logsapimanagements.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logsapimanagements\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname logsapimanagements.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| logsapimanagements.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logsapimanagements\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930482; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname logupdatemanagementapi.azurewebsites.net"; dns.query; content:"logupdatemanagementapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logupdatemanagementapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname logupdatemanagementapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| logupdatemanagementapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logupdatemanagementapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930492; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname logupdatemanagementapijson.azurewebsites.net"; dns.query; content:"logupdatemanagementapijson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logupdatemanagementapijson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname logupdatemanagementapijson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| logupdatemanagementapijson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])logupdatemanagementapijson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930502; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname manpowerfeedapi.azurewebsites.net"; dns.query; content:"manpowerfeedapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])manpowerfeedapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname manpowerfeedapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| manpowerfeedapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])manpowerfeedapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname manpowerfeedapijson.azurewebsites.net"; dns.query; content:"manpowerfeedapijson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])manpowerfeedapijson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname manpowerfeedapijson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| manpowerfeedapijson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])manpowerfeedapijson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930522; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname marineblogapi.azurewebsites.net"; dns.query; content:"marineblogapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marineblogapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname marineblogapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| marineblogapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marineblogapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930532; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname notebooktextchecking.azurewebsites.net"; dns.query; content:"notebooktextchecking.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])notebooktextchecking\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname notebooktextchecking.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| notebooktextchecking.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])notebooktextchecking\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930542; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname notebooktextcheckings.azurewebsites.net"; dns.query; content:"notebooktextcheckings.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])notebooktextcheckings\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname notebooktextcheckings.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| notebooktextcheckings.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])notebooktextcheckings\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930552; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname notebooktexts.azurewebsites.net"; dns.query; content:"notebooktexts.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])notebooktexts\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname notebooktexts.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| notebooktexts.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])notebooktexts\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930562; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname onequestionsapi.azurewebsites.net"; dns.query; content:"onequestionsapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onequestionsapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname onequestionsapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| onequestionsapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onequestionsapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930572; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname onequestionsapicheck.azurewebsites.net"; dns.query; content:"onequestionsapicheck.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onequestionsapicheck\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname onequestionsapicheck.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| onequestionsapicheck.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onequestionsapicheck\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930582; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname onequestions.azurewebsites.net"; dns.query; content:"onequestions.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onequestions\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname onequestions.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| onequestions.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onequestions\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930592; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname openapplicationcheck.azurewebsites.net"; dns.query; content:"openapplicationcheck.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])openapplicationcheck\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname openapplicationcheck.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| openapplicationcheck.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])openapplicationcheck\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930602; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname optionalapplication.azurewebsites.net"; dns.query; content:"optionalapplication.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])optionalapplication\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname optionalapplication.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| optionalapplication.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])optionalapplication\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930612; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname personalitytestquestionapi.azurewebsites.net"; dns.query; content:"personalitytestquestionapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])personalitytestquestionapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname personalitytestquestionapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| personalitytestquestionapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])personalitytestquestionapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930622; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname personalizationsurvey.azurewebsites.net"; dns.query; content:"personalizationsurvey.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])personalizationsurvey\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname personalizationsurvey.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| personalizationsurvey.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])personalizationsurvey\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930632; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname qaquestionapi.azurewebsites.net"; dns.query; content:"qaquestionapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qaquestionapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname qaquestionapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| qaquestionapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qaquestionapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930642; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname qaquestionsapi.azurewebsites.net"; dns.query; content:"qaquestionsapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qaquestionsapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname qaquestionsapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| qaquestionsapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qaquestionsapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname qaquestionsapijson.azurewebsites.net"; dns.query; content:"qaquestionsapijson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qaquestionsapijson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname qaquestionsapijson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| qaquestionsapijson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qaquestionsapijson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930662; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname qaquestions.azurewebsites.net"; dns.query; content:"qaquestions.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qaquestions\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname qaquestions.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| qaquestions.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qaquestions\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930672; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname queryfindquestions.azurewebsites.net"; dns.query; content:"queryfindquestions.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])queryfindquestions\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname queryfindquestions.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| queryfindquestions.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])queryfindquestions\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930682; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname queryquestions.azurewebsites.net"; dns.query; content:"queryquestions.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])queryquestions\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname queryquestions.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| queryquestions.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])queryquestions\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930692; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname questionsapplicationapi.azurewebsites.net"; dns.query; content:"questionsapplicationapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsapplicationapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname questionsapplicationapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| questionsapplicationapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsapplicationapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname questionsapplicationapijson.azurewebsites.net"; dns.query; content:"questionsapplicationapijson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsapplicationapijson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname questionsapplicationapijson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| questionsapplicationapijson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsapplicationapijson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930712; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname questionsapplicationbackup.azurewebsites.net"; dns.query; content:"questionsapplicationbackup.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsapplicationbackup\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname questionsapplicationbackup.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| questionsapplicationbackup.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsapplicationbackup\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930722; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname questionsdatabases.azurewebsites.net"; dns.query; content:"questionsdatabases.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsdatabases\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname questionsdatabases.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| questionsdatabases.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsdatabases\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930732; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname questionsurveyapp.azurewebsites.net"; dns.query; content:"questionsurveyapp.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsurveyapp\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname questionsurveyapp.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| questionsurveyapp.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsurveyapp\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname questionsurveyappserver.azurewebsites.net"; dns.query; content:"questionsurveyappserver.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsurveyappserver\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname questionsurveyappserver.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| questionsurveyappserver.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])questionsurveyappserver\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930752; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname quiztestapplication.azurewebsites.net"; dns.query; content:"quiztestapplication.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quiztestapplication\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname quiztestapplication.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| quiztestapplication.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quiztestapplication\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930762; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname refaeldevrssfeed.centralus.cloudapp.azure.com"; dns.query; content:"refaeldevrssfeed.centralus.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])refaeldevrssfeed\.centralus\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37930771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname refaeldevrssfeed.centralus.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a| refaeldevrssfeed.centralus.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])refaeldevrssfeed\.centralus\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930772; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname regionuaequestions.azurewebsites.net"; dns.query; content:"regionuaequestions.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])regionuaequestions\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname regionuaequestions.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| regionuaequestions.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])regionuaequestions\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930782; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname registerinsurance.azurewebsites.net"; dns.query; content:"registerinsurance.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])registerinsurance\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname registerinsurance.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| registerinsurance.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])registerinsurance\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname roadmapselectorapi.azurewebsites.net"; dns.query; content:"roadmapselectorapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])roadmapselectorapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname roadmapselectorapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| roadmapselectorapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])roadmapselectorapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930802; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname roadmapselector.azurewebsites.net"; dns.query; content:"roadmapselector.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])roadmapselector\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname roadmapselector.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| roadmapselector.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])roadmapselector\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930812; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname sportblogs.azurewebsites.net"; dns.query; content:"sportblogs.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sportblogs\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname sportblogs.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| sportblogs.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sportblogs\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930822; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname surveyappquery.azurewebsites.net"; dns.query; content:"surveyappquery.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])surveyappquery\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname surveyappquery.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| surveyappquery.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])surveyappquery\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930832; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname surveyonlinetestapi.azurewebsites.net"; dns.query; content:"surveyonlinetestapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])surveyonlinetestapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname surveyonlinetestapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| surveyonlinetestapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])surveyonlinetestapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930842; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname surveyonlinetest.azurewebsites.net"; dns.query; content:"surveyonlinetest.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])surveyonlinetest\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname surveyonlinetest.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| surveyonlinetest.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])surveyonlinetest\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930852; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname technewsblogapi.azurewebsites.net"; dns.query; content:"technewsblogapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])technewsblogapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname technewsblogapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| technewsblogapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])technewsblogapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930862; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname testmanagementapi1.azurewebsites.net"; dns.query; content:"testmanagementapi1.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testmanagementapi1\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname testmanagementapi1.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| testmanagementapi1.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testmanagementapi1\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930872; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname testmanagementapis.azurewebsites.net"; dns.query; content:"testmanagementapis.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testmanagementapis\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname testmanagementapis.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| testmanagementapis.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testmanagementapis\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname testmanagementapisjson.azurewebsites.net"; dns.query; content:"testmanagementapisjson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testmanagementapisjson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname testmanagementapisjson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| testmanagementapisjson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testmanagementapisjson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930892; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname testquestionapplicationapi.azurewebsites.net"; dns.query; content:"testquestionapplicationapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testquestionapplicationapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname testquestionapplicationapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| testquestionapplicationapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testquestionapplicationapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930902; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname testtesttes.azurewebsites.net"; dns.query; content:"testtesttes.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testtesttes\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname testtesttes.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| testtesttes.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])testtesttes\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930912; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname tiappschecktest.azurewebsites.net"; dns.query; content:"tiappschecktest.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tiappschecktest\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname tiappschecktest.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| tiappschecktest.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tiappschecktest\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930922; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname tnlsowkis.westus3.cloudapp.azure.com"; dns.query; content:"tnlsowkis.westus3.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tnlsowkis\.westus3\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37930931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname tnlsowkis.westus3.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a| tnlsowkis.westus3.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tnlsowkis\.westus3\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930932; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname tnlsowki.westus3.cloudapp.azure.com"; dns.query; content:"tnlsowki.westus3.cloudapp.azure.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tnlsowki\.westus3\.cloudapp\.azure\.com$/i"; classtype:trojan-activity; sid:37930941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname tnlsowki.westus3.cloudapp.azure.com"; flow:to_server,established; http.header; content: "Host|3a| tnlsowki.westus3.cloudapp.azure.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tnlsowki\.westus3\.cloudapp\.azure\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930942; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname turkairline.azurewebsites.net"; dns.query; content:"turkairline.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])turkairline\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname turkairline.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| turkairline.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])turkairline\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930952; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname uaeaircheckon.azurewebsites.net"; dns.query; content:"uaeaircheckon.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uaeaircheckon\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname uaeaircheckon.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| uaeaircheckon.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uaeaircheckon\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930962; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname uaeairchecks.azurewebsites.net"; dns.query; content:"uaeairchecks.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uaeairchecks\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname uaeairchecks.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| uaeairchecks.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uaeairchecks\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930972; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname vscodeupdater.azurewebsites.net"; dns.query; content:"vscodeupdater.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vscodeupdater\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname vscodeupdater.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| vscodeupdater.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vscodeupdater\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname workersquestionsapi.azurewebsites.net"; dns.query; content:"workersquestionsapi.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])workersquestionsapi\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37930991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname workersquestionsapi.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| workersquestionsapi.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])workersquestionsapi\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37930992; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname workersquestions.azurewebsites.net"; dns.query; content:"workersquestions.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])workersquestions\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37931001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname workersquestions.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| workersquestions.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])workersquestions\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931002; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert dns any any -> any any (msg: "MISP e27396 [] Hostname workersquestionsjson.azurewebsites.net"; dns.query; content:"workersquestionsjson.azurewebsites.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])workersquestionsjson\.azurewebsites\.net$/i"; classtype:trojan-activity; sid:37931011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27396 [] Outgoing HTTP Hostname workersquestionsjson.azurewebsites.net"; flow:to_server,established; http.header; content: "Host|3a| workersquestionsjson.azurewebsites.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])workersquestionsjson\.azurewebsites\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931012; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27396;) alert http $HOME_NET any -> 86.106.20.179 3389 (msg: "MISP e27313 [CobaltStrike,cs-watermark-987654321,HGCOMP-ASN] Outgoing URL http|3a|//86.106.20.179|3a|3389/ab.html"; flow:to_server,established; http.header; content:"86.106.20.179"; fast_pattern; nocase; http.uri; content:"/ab.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 88.214.25.254 3389 (msg: "MISP e27313 [CobaltStrike,cs-watermark-987654321,HGCOMP-ASN] Outgoing To IP: 88.214.25.254|3389"; classtype:trojan-activity; sid:37911571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27313 [AS62904,CobaltStrike,cs-watermark-1357776117] Domain realzoogroup.com"; dns.query; content:"realzoogroup.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])realzoogroup\.com$/i"; classtype:trojan-activity; sid:37911591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27313 [AS62904,CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain realzoogroup.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"realzoogroup.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])realzoogroup\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert ip $HOME_NET any -> 170.130.55.139 443 (msg: "MISP e27313 [AS62904,CobaltStrike,cs-watermark-1357776117] Outgoing To IP: 170.130.55.139|443"; classtype:trojan-activity; sid:37911601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert dns any any -> any any (msg: "MISP e27513 [] Domain realzoogroup.com"; dns.query; content:"realzoogroup.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])realzoogroup\.com$/i"; classtype:trojan-activity; sid:37944451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27513 [] Outgoing HTTP Domain realzoogroup.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"realzoogroup.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])realzoogroup\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> 86.106.20.179 3389 (msg: "MISP e27513 [] Outgoing URL http|3a|//86.106.20.179|3a|3389/ab.html"; flow:to_server,established; http.header; content:"86.106.20.179"; fast_pattern; nocase; http.uri; content:"/ab.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 170.130.55.139 443 (msg: "MISP e27513 [] Outgoing To IP: 170.130.55.139|443"; classtype:trojan-activity; sid:37944471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert ip $HOME_NET any -> 88.214.25.254 3389 (msg: "MISP e27513 [] Outgoing To IP: 88.214.25.254|3389"; classtype:trojan-activity; sid:37944481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27313 [dcrat] Outgoing URL http|3a|//a0922245.xsph.ru/ab3a3bb6.php"; flow:to_server,established; http.header; content:"a0922245.xsph.ru"; fast_pattern; nocase; http.uri; content:"/ab3a3bb6.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27313;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27513 [] Outgoing URL http|3a|//a0922245.xsph.ru/ab3a3bb6.php"; flow:to_server,established; http.header; content:"a0922245.xsph.ru"; fast_pattern; nocase; http.uri; content:"/ab3a3bb6.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27513;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27315 [dcrat] Outgoing URL http|3a|//a0925146.xsph.ru/9625229d.php"; flow:to_server,established; http.header; content:"a0925146.xsph.ru"; fast_pattern; nocase; http.uri; content:"/9625229d.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27514 [dcrat] Outgoing URL http|3a|//a0925146.xsph.ru/9625229d.php"; flow:to_server,established; http.header; content:"a0925146.xsph.ru"; fast_pattern; nocase; http.uri; content:"/9625229d.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 154.27.70.229 4449 (msg: "MISP e27315 [asyncrat] Outgoing To IP: 154.27.70.229|4449"; classtype:trojan-activity; sid:37911791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 154.27.70.229 4449 (msg: "MISP e27514 [] Outgoing To IP: 154.27.70.229|4449"; classtype:trojan-activity; sid:37944511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert dns any any -> any any (msg: "MISP e27314 [] Domain bancochile-cl-web-login-bancochile-cl-web-login-cl.fitenlinea.life"; dns.query; content:"bancochile-cl-web-login-bancochile-cl-web-login-cl.fitenlinea.life"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancochile\-cl\-web\-login\-bancochile\-cl\-web\-login\-cl\.fitenlinea\.life$/i"; classtype:trojan-activity; sid:37911631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27314 [] Outgoing HTTP Domain bancochile-cl-web-login-bancochile-cl-web-login-cl.fitenlinea.life"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancochile-cl-web-login-bancochile-cl-web-login-cl.fitenlinea.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancochile\-cl\-web\-login\-bancochile\-cl\-web\-login\-cl\.fitenlinea\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27314;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27315 [AgentTesla] Outgoing URL http|3a|//pushkinorigin.ydns.eu/wiz/inc/1d7c50187af637.php"; flow:to_server,established; http.header; content:"pushkinorigin.ydns.eu"; fast_pattern; nocase; http.uri; content:"/wiz/inc/1d7c50187af637.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//pushkinorigin.ydns.eu/wiz/inc/1d7c50187af637.php"; flow:to_server,established; http.header; content:"pushkinorigin.ydns.eu"; fast_pattern; nocase; http.uri; content:"/wiz/inc/1d7c50187af637.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert dns any any -> any any (msg: "MISP e27315 [AgentTesla,ViriBack] Domain pushkinorigin.ydns.eu"; dns.query; content:"pushkinorigin.ydns.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])pushkinorigin\.ydns\.eu$/i"; classtype:trojan-activity; sid:37911831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27315 [AgentTesla,ViriBack] Outgoing HTTP Domain pushkinorigin.ydns.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pushkinorigin.ydns.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pushkinorigin\.ydns\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37911832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 125.46.203.213 39644 (msg: "MISP e27315 [] Outgoing URL http|3a|//125.46.203.213|3a|39644/mozi.m"; flow:to_server,established; http.header; content:"125.46.203.213"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 34.124.224.8 10002 (msg: "MISP e27315 [Deimos,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.124.224.8|10002"; classtype:trojan-activity; sid:37911851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 142.129.135.121 443 (msg: "MISP e27315 [Bianlian Go Trojan,TWC-20001-PACWEST] Outgoing To IP: 142.129.135.121|443"; classtype:trojan-activity; sid:37911861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 104.238.60.87 5995 (msg: "MISP e27315 [ASN-QUADRANET-GLOBAL,Bianlian Go Trojan] Outgoing To IP: 104.238.60.87|5995"; classtype:trojan-activity; sid:37911871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 103.61.225.212 80 (msg: "MISP e27315 [FACTS-AS-IN Facts Online Pvt Ltd,Hookbot Pegasus] Outgoing To IP: 103.61.225.212|80"; classtype:trojan-activity; sid:37911881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 91.202.233.190 80 (msg: "MISP e27315 [Hookbot Pegasus,PROSPERO-AS] Outgoing To IP: 91.202.233.190|80"; classtype:trojan-activity; sid:37911891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 147.45.47.41 80 (msg: "MISP e27315 [Hookbot Pegasus,KARINAR] Outgoing To IP: 147.45.47.41|80"; classtype:trojan-activity; sid:37911901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 198.46.226.223 80 (msg: "MISP e27315 [AS-COLOCROSSING,Hookbot Pegasus] Outgoing To IP: 198.46.226.223|80"; classtype:trojan-activity; sid:37911911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 92.246.139.121 50555 (msg: "MISP e27315 [AEZA-AS,Hookbot Pegasus] Outgoing To IP: 92.246.139.121|50555"; classtype:trojan-activity; sid:37911921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 91.240.84.52 80 (msg: "MISP e27315 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 91.240.84.52|80"; classtype:trojan-activity; sid:37911931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 62.109.6.72 80 (msg: "MISP e27315 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 62.109.6.72|80"; classtype:trojan-activity; sid:37911941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 125.46.203.213 39644 (msg: "MISP e27514 [] Outgoing URL http|3a|//125.46.203.213|3a|39644/Mozi.m"; flow:to_server,established; http.header; content:"125.46.203.213"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert dns any any -> any any (msg: "MISP e27514 [] Domain pushkinorigin.ydns.eu"; dns.query; content:"pushkinorigin.ydns.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])pushkinorigin\.ydns\.eu$/i"; classtype:trojan-activity; sid:37944541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27514 [] Outgoing HTTP Domain pushkinorigin.ydns.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pushkinorigin.ydns.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pushkinorigin\.ydns\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 62.109.6.72 80 (msg: "MISP e27514 [] Outgoing To IP: 62.109.6.72|80"; classtype:trojan-activity; sid:37944551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 91.240.84.52 80 (msg: "MISP e27514 [] Outgoing To IP: 91.240.84.52|80"; classtype:trojan-activity; sid:37944561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 92.246.139.121 50555 (msg: "MISP e27514 [] Outgoing To IP: 92.246.139.121|50555"; classtype:trojan-activity; sid:37944571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 198.46.226.223 80 (msg: "MISP e27514 [] Outgoing To IP: 198.46.226.223|80"; classtype:trojan-activity; sid:37944581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 147.45.47.41 80 (msg: "MISP e27514 [] Outgoing To IP: 147.45.47.41|80"; classtype:trojan-activity; sid:37944591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 91.202.233.190 80 (msg: "MISP e27514 [] Outgoing To IP: 91.202.233.190|80"; classtype:trojan-activity; sid:37944601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 103.61.225.212 80 (msg: "MISP e27514 [] Outgoing To IP: 103.61.225.212|80"; classtype:trojan-activity; sid:37944611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 104.238.60.87 5995 (msg: "MISP e27514 [] Outgoing To IP: 104.238.60.87|5995"; classtype:trojan-activity; sid:37944621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 142.129.135.121 443 (msg: "MISP e27514 [] Outgoing To IP: 142.129.135.121|443"; classtype:trojan-activity; sid:37944631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 34.124.224.8 10002 (msg: "MISP e27514 [] Outgoing To IP: 34.124.224.8|10002"; classtype:trojan-activity; sid:37944641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 3.69.115.178 14744 (msg: "MISP e27315 [njrat,RAT] Outgoing To IP: 3.69.115.178|14744"; classtype:trojan-activity; sid:37911811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 3.69.157.220 14744 (msg: "MISP e27315 [njrat,RAT] Outgoing To IP: 3.69.157.220|14744"; classtype:trojan-activity; sid:37911801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 5.42.65.20 80 (msg: "MISP e27315 [] Outgoing To IP: 5.42.65.20|80"; classtype:trojan-activity; sid:37911761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 5.42.65.20 $HTTP_PORTS (msg: "MISP e27315 [] Outgoing URL http|3a|//5.42.65.20/sosorry.php"; flow:to_server,established; http.header; content:"5.42.65.20"; fast_pattern; nocase; http.uri; content:"/sosorry.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 5.42.65.20 $HTTP_PORTS (msg: "MISP e27315 [] Outgoing URL http|3a|//5.42.65.20/bebrik.php"; flow:to_server,established; http.header; content:"5.42.65.20"; fast_pattern; nocase; http.uri; content:"/bebrik.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 3.68.171.119 12125 (msg: "MISP e27315 [njrat,RAT] Outgoing To IP: 3.68.171.119|12125"; classtype:trojan-activity; sid:37911721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 5.42.65.20 $HTTP_PORTS (msg: "MISP e27315 [] Outgoing URL http|3a|//5.42.65.20/check.php"; flow:to_server,established; http.header; content:"5.42.65.20"; fast_pattern; nocase; http.uri; content:"/check.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 3.69.157.220 12125 (msg: "MISP e27315 [njrat,RAT] Outgoing To IP: 3.69.157.220|12125"; classtype:trojan-activity; sid:37911711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 135.181.241.148 49113 (msg: "MISP e27315 [infostealer,RedLine,stealer] Outgoing To IP: 135.181.241.148|49113"; classtype:trojan-activity; sid:37911701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 5.42.65.20 $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//5.42.65.20/CHECK.php"; flow:to_server,established; http.header; content:"5.42.65.20"; fast_pattern; nocase; http.uri; content:"/CHECK.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> 5.42.65.20 $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//5.42.65.20/SOSORRY.php"; flow:to_server,established; http.header; content:"5.42.65.20"; fast_pattern; nocase; http.uri; content:"/SOSORRY.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> 5.42.65.20 $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//5.42.65.20/BEBRIK.php"; flow:to_server,established; http.header; content:"5.42.65.20"; fast_pattern; nocase; http.uri; content:"/BEBRIK.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 3.69.157.220 12125 (msg: "MISP e27514 [] Outgoing To IP: 3.69.157.220|12125"; classtype:trojan-activity; sid:37944691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 3.68.171.119 12125 (msg: "MISP e27514 [] Outgoing To IP: 3.68.171.119|12125"; classtype:trojan-activity; sid:37944701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 5.42.65.20 80 (msg: "MISP e27514 [] Outgoing To IP: 5.42.65.20|80"; classtype:trojan-activity; sid:37944711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 3.69.157.220 14744 (msg: "MISP e27514 [] Outgoing To IP: 3.69.157.220|14744"; classtype:trojan-activity; sid:37944721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 3.69.115.178 14744 (msg: "MISP e27514 [] Outgoing To IP: 3.69.115.178|14744"; classtype:trojan-activity; sid:37944731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 135.181.241.148 49113 (msg: "MISP e27514 [] Outgoing To IP: 135.181.241.148|49113"; classtype:trojan-activity; sid:37944741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> 120.26.196.41 2222 (msg: "MISP e27315 [CobaltStrike,cs-watermark-6,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//120.26.196.41|3a|2222/__utm.gif"; flow:to_server,established; http.header; content:"120.26.196.41"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37911961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 107.148.1.128 443 (msg: "MISP e27315 [CobaltStrike,cs-watermark-987654321,PEG-TY] Outgoing To IP: 107.148.1.128|443"; classtype:trojan-activity; sid:37911991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 120.26.196.41 2222 (msg: "MISP e27514 [] Outgoing URL http|3a|//120.26.196.41|3a|2222/__utm.gif"; flow:to_server,established; http.header; content:"120.26.196.41"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 107.148.1.128 443 (msg: "MISP e27514 [] Outgoing To IP: 107.148.1.128|443"; classtype:trojan-activity; sid:37944791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 84.54.51.142 1337 (msg: "MISP e27315 [elf,Mirai] Outgoing To IP: 84.54.51.142|1337"; classtype:trojan-activity; sid:37912001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 84.54.51.142 1337 (msg: "MISP e27514 [] Outgoing To IP: 84.54.51.142|1337"; classtype:trojan-activity; sid:37944801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip 185.103.101.207 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.103.101.207"; classtype:trojan-activity; sid:37926071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 85.247.2.222 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.247.2.222"; classtype:trojan-activity; sid:37926081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.153.211.210 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.211.210"; classtype:trojan-activity; sid:37926091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.129.38.234 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.38.234"; classtype:trojan-activity; sid:37926101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 147.135.210.82 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.135.210.82"; classtype:trojan-activity; sid:37926111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.163.236.121 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.236.121"; classtype:trojan-activity; sid:37926121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.153.121.206 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.121.206"; classtype:trojan-activity; sid:37926131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 106.60.69.136 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.60.69.136"; classtype:trojan-activity; sid:37926141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 154.8.162.139 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.8.162.139"; classtype:trojan-activity; sid:37926151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 116.162.149.176 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.162.149.176"; classtype:trojan-activity; sid:37926161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 220.119.65.20 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.119.65.20"; classtype:trojan-activity; sid:37926171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 134.209.38.29 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.38.29"; classtype:trojan-activity; sid:37926181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.163.231.168 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.231.168"; classtype:trojan-activity; sid:37926191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 84.240.43.123 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.240.43.123"; classtype:trojan-activity; sid:37926201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 203.114.102.173 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.114.102.173"; classtype:trojan-activity; sid:37926211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 222.120.87.59 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.120.87.59"; classtype:trojan-activity; sid:37926221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 182.42.92.4 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.42.92.4"; classtype:trojan-activity; sid:37926231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 187.216.254.180 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.216.254.180"; classtype:trojan-activity; sid:37926241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.163.197.252 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.197.252"; classtype:trojan-activity; sid:37926251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 81.166.86.80 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.166.86.80"; classtype:trojan-activity; sid:37926261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.131.63.203 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.63.203"; classtype:trojan-activity; sid:37926271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.159.227.243 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.227.243"; classtype:trojan-activity; sid:37926281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.157.92.61 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.92.61"; classtype:trojan-activity; sid:37926291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 83.217.28.120 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.217.28.120"; classtype:trojan-activity; sid:37926301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 189.222.189.179 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.222.189.179"; classtype:trojan-activity; sid:37926311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 80.66.75.178 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.75.178"; classtype:trojan-activity; sid:37926321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.155.182.44 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.182.44"; classtype:trojan-activity; sid:37926331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 182.254.222.108 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.254.222.108"; classtype:trojan-activity; sid:37926341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 189.112.242.67 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.112.242.67"; classtype:trojan-activity; sid:37926351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.135.139.104 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.139.104"; classtype:trojan-activity; sid:37926361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.130.237.146 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.237.146"; classtype:trojan-activity; sid:37926371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.224.48.86 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.224.48.86"; classtype:trojan-activity; sid:37926381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 170.64.149.61 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.149.61"; classtype:trojan-activity; sid:37926391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 101.32.141.245 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.141.245"; classtype:trojan-activity; sid:37926401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.155.174.6 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.174.6"; classtype:trojan-activity; sid:37926411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 181.143.230.78 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.143.230.78"; classtype:trojan-activity; sid:37926421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 82.157.52.140 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.52.140"; classtype:trojan-activity; sid:37926431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 178.128.54.224 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.54.224"; classtype:trojan-activity; sid:37926441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.163.233.26 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.233.26"; classtype:trojan-activity; sid:37926451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 150.109.198.60 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.198.60"; classtype:trojan-activity; sid:37926461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 151.80.60.214 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.80.60.214"; classtype:trojan-activity; sid:37926471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 162.62.223.9 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.223.9"; classtype:trojan-activity; sid:37926481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 193.151.146.196 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.146.196"; classtype:trojan-activity; sid:37926491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 197.231.64.64 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.231.64.64"; classtype:trojan-activity; sid:37926501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 116.98.167.127 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.98.167.127"; classtype:trojan-activity; sid:37926511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 111.229.153.84 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.153.84"; classtype:trojan-activity; sid:37926521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 93.135.135.131 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.135.135.131"; classtype:trojan-activity; sid:37926531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 103.176.20.97 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.176.20.97"; classtype:trojan-activity; sid:37926541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 170.64.135.171 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.135.171"; classtype:trojan-activity; sid:37926551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 164.90.198.207 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.198.207"; classtype:trojan-activity; sid:37926561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 118.35.80.112 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.35.80.112"; classtype:trojan-activity; sid:37926571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 170.64.202.148 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.202.148"; classtype:trojan-activity; sid:37926581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 5.187.113.182 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.187.113.182"; classtype:trojan-activity; sid:37926591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 106.75.215.31 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.75.215.31"; classtype:trojan-activity; sid:37926601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 78.49.68.23 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.49.68.23"; classtype:trojan-activity; sid:37926611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 157.230.253.126 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.253.126"; classtype:trojan-activity; sid:37926621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 89.111.134.118 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.111.134.118"; classtype:trojan-activity; sid:37926631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 211.35.151.116 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.35.151.116"; classtype:trojan-activity; sid:37926641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.153.186.192 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.186.192"; classtype:trojan-activity; sid:37926651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.156.98.81 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.98.81"; classtype:trojan-activity; sid:37926661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 104.248.8.224 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.248.8.224"; classtype:trojan-activity; sid:37926671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 114.204.218.154 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.204.218.154"; classtype:trojan-activity; sid:37926681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 104.131.73.105 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.73.105"; classtype:trojan-activity; sid:37926691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.131.251.145 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.251.145"; classtype:trojan-activity; sid:37926701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.134.60.43 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.60.43"; classtype:trojan-activity; sid:37926711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.134.70.106 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.70.106"; classtype:trojan-activity; sid:37926721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 200.52.65.41 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.52.65.41"; classtype:trojan-activity; sid:37926731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 128.134.217.41 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.134.217.41"; classtype:trojan-activity; sid:37926741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 124.223.220.249 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.220.249"; classtype:trojan-activity; sid:37926751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 72.206.88.130 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.206.88.130"; classtype:trojan-activity; sid:37926761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.134.112.105 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.112.105"; classtype:trojan-activity; sid:37926771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 81.68.220.241 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.220.241"; classtype:trojan-activity; sid:37926781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 121.186.155.211 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.186.155.211"; classtype:trojan-activity; sid:37926791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 159.65.170.154 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.170.154"; classtype:trojan-activity; sid:37926801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 104.139.73.92 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.139.73.92"; classtype:trojan-activity; sid:37926811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 81.71.127.95 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.71.127.95"; classtype:trojan-activity; sid:37926821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 146.190.152.16 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.152.16"; classtype:trojan-activity; sid:37926831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 202.100.240.240 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.100.240.240"; classtype:trojan-activity; sid:37926841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 118.145.145.142 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.145.145.142"; classtype:trojan-activity; sid:37926851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 217.210.161.87 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.210.161.87"; classtype:trojan-activity; sid:37926861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 124.244.191.218 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.244.191.218"; classtype:trojan-activity; sid:37926871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 154.40.40.223 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.40.40.223"; classtype:trojan-activity; sid:37926881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 14.103.41.33 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.41.33"; classtype:trojan-activity; sid:37926891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 5.202.74.9 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.202.74.9"; classtype:trojan-activity; sid:37926901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 119.236.17.187 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.236.17.187"; classtype:trojan-activity; sid:37926911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 174.138.59.210 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.59.210"; classtype:trojan-activity; sid:37926921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 155.137.137.4 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 155.137.137.4"; classtype:trojan-activity; sid:37926931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 190.144.100.166 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.144.100.166"; classtype:trojan-activity; sid:37926941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 14.53.134.163 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.53.134.163"; classtype:trojan-activity; sid:37926951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 170.64.133.244 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.133.244"; classtype:trojan-activity; sid:37926961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 117.9.169.60 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.9.169.60"; classtype:trojan-activity; sid:37926971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 18.196.29.44 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 18.196.29.44"; classtype:trojan-activity; sid:37926981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert dns any any -> any any (msg: "MISP e27315 [APT,Lazarus,NukeSpeed] Domain jdkgradle.com"; dns.query; content:"jdkgradle.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jdkgradle\.com$/i"; classtype:trojan-activity; sid:37912011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27315 [APT,Lazarus,NukeSpeed] Outgoing HTTP Domain jdkgradle.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jdkgradle.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jdkgradle\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37912012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert dns any any -> any any (msg: "MISP e27514 [] Domain jdkgradle.com"; dns.query; content:"jdkgradle.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jdkgradle\.com$/i"; classtype:trojan-activity; sid:37944811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27514 [] Outgoing HTTP Domain jdkgradle.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jdkgradle.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jdkgradle\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37944812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert dns any any -> any any (msg: "MISP e27421 [] Domain vid-lv.com"; dns.query; content:"vid-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com$/i"; classtype:trojan-activity; sid:37932011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27421;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27421 [] Outgoing HTTP Domain vid-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27421;) alert dns any any -> any any (msg: "MISP e27420 [] Domain vid-lv.com"; dns.query; content:"vid-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com$/i"; classtype:trojan-activity; sid:37931981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27420;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27420 [] Outgoing HTTP Domain vid-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37931982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27420;) alert dns any any -> any any (msg: "MISP e27428 [] Domain vid-lv.com"; dns.query; content:"vid-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com$/i"; classtype:trojan-activity; sid:37932221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27428;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27428 [] Outgoing HTTP Domain vid-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27428;) alert dns any any -> any any (msg: "MISP e27427 [] Domain vid-lv.com"; dns.query; content:"vid-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com$/i"; classtype:trojan-activity; sid:37932191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27427;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27427 [] Outgoing HTTP Domain vid-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27427;) alert dns any any -> any any (msg: "MISP e27426 [] Domain vid-lv.com"; dns.query; content:"vid-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com$/i"; classtype:trojan-activity; sid:37932161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27426;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27426 [] Outgoing HTTP Domain vid-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27426;) alert dns any any -> any any (msg: "MISP e27425 [] Domain vid-lv.com"; dns.query; content:"vid-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com$/i"; classtype:trojan-activity; sid:37932131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27425;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27425 [] Outgoing HTTP Domain vid-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27425;) alert http $HOME_NET any -> 112.252.202.220 45339 (msg: "MISP e27315 [] Outgoing URL http|3a|//112.252.202.220|3a|45339/mozi.m"; flow:to_server,established; http.header; content:"112.252.202.220"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37912021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert dns any any -> any any (msg: "MISP e27424 [] Domain vid-lv.com"; dns.query; content:"vid-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com$/i"; classtype:trojan-activity; sid:37932101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27424;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27424 [] Outgoing HTTP Domain vid-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27424;) alert dns any any -> any any (msg: "MISP e27423 [] Domain vid-lv.com"; dns.query; content:"vid-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com$/i"; classtype:trojan-activity; sid:37932071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27423;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27423 [] Outgoing HTTP Domain vid-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27423;) alert dns any any -> any any (msg: "MISP e27422 [] Domain vid-lv.com"; dns.query; content:"vid-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com$/i"; classtype:trojan-activity; sid:37932041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27422;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27422 [] Outgoing HTTP Domain vid-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27422;) alert dns any any -> any any (msg: "MISP e27429 [] Domain vid-lv.com"; dns.query; content:"vid-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com$/i"; classtype:trojan-activity; sid:37932251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27429;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27429 [] Outgoing HTTP Domain vid-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vid-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vid\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27429;) alert http $HOME_NET any -> 112.252.202.220 45339 (msg: "MISP e27514 [] Outgoing URL http|3a|//112.252.202.220|3a|45339/Mozi.m"; flow:to_server,established; http.header; content:"112.252.202.220"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> 111.231.140.197 3333 (msg: "MISP e27315 [CobaltStrike,cs-watermark-1359593325,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//111.231.140.197|3a|3333/push"; flow:to_server,established; http.header; content:"111.231.140.197"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37912081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 46.23.108.250 61616 (msg: "MISP e27315 [TBOTNET] Outgoing To IP: 46.23.108.250|61616"; classtype:trojan-activity; sid:37912041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 46.23.108.251 61616 (msg: "MISP e27315 [TBOTNET] Outgoing To IP: 46.23.108.251|61616"; classtype:trojan-activity; sid:37912051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 45.125.66.100 61616 (msg: "MISP e27315 [TBOTNET] Outgoing To IP: 45.125.66.100|61616"; classtype:trojan-activity; sid:37912071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 45.125.66.102 61616 (msg: "MISP e27315 [TBOTNET] Outgoing To IP: 45.125.66.102|61616"; classtype:trojan-activity; sid:37912061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 46.23.108.249 61616 (msg: "MISP e27315 [TBOTNET] Outgoing To IP: 46.23.108.249|61616"; classtype:trojan-activity; sid:37912031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 111.231.140.197 3333 (msg: "MISP e27514 [] Outgoing URL http|3a|//111.231.140.197|3a|3333/push"; flow:to_server,established; http.header; content:"111.231.140.197"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> 80.78.243.170 $HTTP_PORTS (msg: "MISP e27315 [dcrat] Outgoing URL http|3a|//80.78.243.170/topipe3process/javascripttemporarytrackcdn/universaldb1process/uploadslocalcpu/windows/externalvmproviderline/linux/10sql/1authvoiddb/updatetraffic/pipe/generatorflowersql/trafficgamevideo/tracklocal3http/authpublicupdatewindows/geocpudatalifejs/geo/poll_cpuvm/cpuprocessordefaultdblinuxgeneratordownloadstemporary.php"; flow:to_server,established; http.header; content:"80.78.243.170"; fast_pattern; nocase; http.uri; content:"/topipe3process/javascripttemporarytrackcdn/universaldb1process/uploadslocalcpu/windows/externalvmproviderline/linux/10sql/1authvoiddb/updatetraffic/pipe/generatorflowersql/trafficgamevideo/tracklocal3http/authpublicupdatewindows/geocpudatalifejs/geo/poll_cpuvm/cpuprocessordefaultdblinuxgeneratordownloadstemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37912101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 94.156.64.143 9821 (msg: "MISP e27315 [Mirai] Outgoing To IP: 94.156.64.143|9821"; classtype:trojan-activity; sid:37912111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 80.78.243.170 $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//80.78.243.170/toPipe3Process/javascriptTemporaryTrackCdn/UniversalDb1process/UploadsLocalCpu/windows/ExternalVmProviderline/linux/10Sql/1Authvoiddb/updatetraffic/Pipe/generatorFlowersql/TrafficGameVideo/Tracklocal3http/authPublicUpdateWindows/GeoCpuDatalifejs/Geo/Poll_CpuVm/CpuProcessordefaultDblinuxgeneratorDownloadsTemporary.php"; flow:to_server,established; http.header; content:"80.78.243.170"; fast_pattern; nocase; http.uri; content:"/toPipe3Process/javascriptTemporaryTrackCdn/UniversalDb1process/UploadsLocalCpu/windows/ExternalVmProviderline/linux/10Sql/1Authvoiddb/updatetraffic/Pipe/generatorFlowersql/TrafficGameVideo/Tracklocal3http/authPublicUpdateWindows/GeoCpuDatalifejs/Geo/Poll_CpuVm/CpuProcessordefaultDblinuxgeneratorDownloadsTemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 46.23.108.249 61616 (msg: "MISP e27514 [] Outgoing To IP: 46.23.108.249|61616"; classtype:trojan-activity; sid:37944861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 45.125.66.102 61616 (msg: "MISP e27514 [] Outgoing To IP: 45.125.66.102|61616"; classtype:trojan-activity; sid:37944871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 46.23.108.250 61616 (msg: "MISP e27514 [] Outgoing To IP: 46.23.108.250|61616"; classtype:trojan-activity; sid:37944881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 46.23.108.251 61616 (msg: "MISP e27514 [] Outgoing To IP: 46.23.108.251|61616"; classtype:trojan-activity; sid:37944891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 45.125.66.100 61616 (msg: "MISP e27514 [] Outgoing To IP: 45.125.66.100|61616"; classtype:trojan-activity; sid:37944901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 94.156.64.143 9821 (msg: "MISP e27514 [] Outgoing To IP: 94.156.64.143|9821"; classtype:trojan-activity; sid:37944911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert dns any any -> any any (msg: "MISP e27430 [] Domain eds-vid-gov-lv.com"; dns.query; content:"eds-vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37932281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27430;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27430 [] Outgoing HTTP Domain eds-vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eds-vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27430;) alert dns any any -> any any (msg: "MISP e27431 [] Domain eds-vid-gov-lv.com"; dns.query; content:"eds-vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37932311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27431;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27431 [] Outgoing HTTP Domain eds-vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eds-vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27431;) alert ip $HOME_NET any -> 49.233.44.237 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 49.233.44.237|443"; classtype:trojan-activity; sid:37912121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 80.85.154.37 8000 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 80.85.154.37|8000"; classtype:trojan-activity; sid:37912131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 49.233.44.237 8000 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 49.233.44.237|8000"; classtype:trojan-activity; sid:37912141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 47.96.174.24 8060 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 47.96.174.24|8060"; classtype:trojan-activity; sid:37912151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 107.191.53.240 80 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 107.191.53.240|80"; classtype:trojan-activity; sid:37912161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 101.43.191.108 9998 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 101.43.191.108|9998"; classtype:trojan-activity; sid:37912171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 38.47.123.60 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 38.47.123.60|443"; classtype:trojan-activity; sid:37912181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 111.231.140.197 3333 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 111.231.140.197|3333"; classtype:trojan-activity; sid:37912191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 38.180.105.19 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 38.180.105.19|443"; classtype:trojan-activity; sid:37912201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 121.43.58.124 5555 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 121.43.58.124|5555"; classtype:trojan-activity; sid:37912211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 3.146.206.189 7777 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 3.146.206.189|7777"; classtype:trojan-activity; sid:37912221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 47.103.218.35 80 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 47.103.218.35|80"; classtype:trojan-activity; sid:37912231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 182.23.67.109 88 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 182.23.67.109|88"; classtype:trojan-activity; sid:37912241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 49.232.250.192 7777 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 49.232.250.192|7777"; classtype:trojan-activity; sid:37912251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 52.91.67.138 8084 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 52.91.67.138|8084"; classtype:trojan-activity; sid:37912261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 93.66.153.13 9002 (msg: "MISP e27315 [brute_ratel_c4,c2] Outgoing To IP: 93.66.153.13|9002"; classtype:trojan-activity; sid:37912271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 38.60.191.190 443 (msg: "MISP e27315 [c2,sliver] Outgoing To IP: 38.60.191.190|443"; classtype:trojan-activity; sid:37912281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 34.88.169.69 2376 (msg: "MISP e27315 [c2,sliver] Outgoing To IP: 34.88.169.69|2376"; classtype:trojan-activity; sid:37912291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 35.228.165.245 2376 (msg: "MISP e27315 [c2,sliver] Outgoing To IP: 35.228.165.245|2376"; classtype:trojan-activity; sid:37912301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 220.158.216.145 443 (msg: "MISP e27315 [c2,sliver] Outgoing To IP: 220.158.216.145|443"; classtype:trojan-activity; sid:37912311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 35.195.225.207 2376 (msg: "MISP e27315 [c2,sliver] Outgoing To IP: 35.195.225.207|2376"; classtype:trojan-activity; sid:37912321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 35.197.194.79 2376 (msg: "MISP e27315 [c2,sliver] Outgoing To IP: 35.197.194.79|2376"; classtype:trojan-activity; sid:37912331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27315 [dcrat] Outgoing URL http|3a|//058493cm.nyashsens.top/imagecpusql.php"; flow:to_server,established; http.header; content:"058493cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/imagecpusql.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37912341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert dns any any -> any any (msg: "MISP e27490 [] Domain eds-vid-gov-lv.com"; dns.query; content:"eds-vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37942661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27490;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27490 [] Outgoing HTTP Domain eds-vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eds-vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37942662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27490;) alert ip $HOME_NET any -> 138.201.10.112 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 138.201.10.112|3790"; classtype:trojan-activity; sid:37912351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 47.250.145.12 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 47.250.145.12|3790"; classtype:trojan-activity; sid:37912361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 130.51.22.23 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 130.51.22.23|3790"; classtype:trojan-activity; sid:37912371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 45.227.254.4 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 45.227.254.4|3790"; classtype:trojan-activity; sid:37912381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 95.216.221.12 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 95.216.221.12|3790"; classtype:trojan-activity; sid:37912391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 37.27.5.78 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 37.27.5.78|3790"; classtype:trojan-activity; sid:37912401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 88.119.167.206 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 88.119.167.206|3790"; classtype:trojan-activity; sid:37912411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 38.99.82.235 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 38.99.82.235|3790"; classtype:trojan-activity; sid:37912421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 83.41.137.16 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 83.41.137.16|3790"; classtype:trojan-activity; sid:37912431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 77.105.166.172 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 77.105.166.172|3790"; classtype:trojan-activity; sid:37912441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 108.30.148.85 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 108.30.148.85|3790"; classtype:trojan-activity; sid:37912451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 141.98.234.46 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 141.98.234.46|3790"; classtype:trojan-activity; sid:37912461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 185.158.248.34 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 185.158.248.34|3790"; classtype:trojan-activity; sid:37912471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 175.136.87.155 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 175.136.87.155|3790"; classtype:trojan-activity; sid:37912481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 158.255.1.15 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 158.255.1.15|3790"; classtype:trojan-activity; sid:37912491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 213.109.202.135 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 213.109.202.135|3790"; classtype:trojan-activity; sid:37912501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 107.175.0.200 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 107.175.0.200|3790"; classtype:trojan-activity; sid:37912511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 194.0.206.23 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 194.0.206.23|3790"; classtype:trojan-activity; sid:37912521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 49.13.130.177 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 49.13.130.177|3790"; classtype:trojan-activity; sid:37912531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 41.216.189.203 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 41.216.189.203|3790"; classtype:trojan-activity; sid:37912541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 152.89.198.72 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 152.89.198.72|3790"; classtype:trojan-activity; sid:37912551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 176.123.3.245 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 176.123.3.245|3790"; classtype:trojan-activity; sid:37912561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 60.204.215.22 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 60.204.215.22|3790"; classtype:trojan-activity; sid:37912571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert dns any any -> any any (msg: "MISP e27491 [] Domain eds-vid-gov-lv.com"; dns.query; content:"eds-vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37942691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27491;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27491 [] Outgoing HTTP Domain eds-vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eds-vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37942692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27491;) alert ip $HOME_NET any -> 78.38.80.242 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 78.38.80.242|3790"; classtype:trojan-activity; sid:37912581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 185.81.114.195 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 185.81.114.195|3790"; classtype:trojan-activity; sid:37912591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 193.32.162.64 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 193.32.162.64|3790"; classtype:trojan-activity; sid:37912601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 41.216.183.181 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 41.216.183.181|3790"; classtype:trojan-activity; sid:37912611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 51.116.102.221 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 51.116.102.221|3790"; classtype:trojan-activity; sid:37912621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 123.16.208.62 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 123.16.208.62|3790"; classtype:trojan-activity; sid:37912631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 34.16.167.198 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 34.16.167.198|3790"; classtype:trojan-activity; sid:37912641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 217.160.39.160 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 217.160.39.160|3790"; classtype:trojan-activity; sid:37912651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 173.249.11.184 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 173.249.11.184|3790"; classtype:trojan-activity; sid:37912661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 54.193.250.83 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 54.193.250.83|3790"; classtype:trojan-activity; sid:37912671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 64.190.113.198 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 64.190.113.198|3790"; classtype:trojan-activity; sid:37912681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 198.52.128.72 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 198.52.128.72|3790"; classtype:trojan-activity; sid:37912691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 5.255.102.67 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 5.255.102.67|3790"; classtype:trojan-activity; sid:37912701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 206.188.196.251 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 206.188.196.251|3790"; classtype:trojan-activity; sid:37912711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 45.134.225.247 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 45.134.225.247|3790"; classtype:trojan-activity; sid:37912721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 38.87.198.48 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 38.87.198.48|3790"; classtype:trojan-activity; sid:37912731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 108.59.196.9 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 108.59.196.9|3790"; classtype:trojan-activity; sid:37912741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 128.46.157.249 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 128.46.157.249|3790"; classtype:trojan-activity; sid:37912751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 201.230.41.153 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 201.230.41.153|3790"; classtype:trojan-activity; sid:37912761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 145.239.230.233 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 145.239.230.233|3790"; classtype:trojan-activity; sid:37912771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 38.92.97.13 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 38.92.97.13|3790"; classtype:trojan-activity; sid:37912781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 43.204.111.25 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 43.204.111.25|3790"; classtype:trojan-activity; sid:37912791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 207.154.218.205 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 207.154.218.205|3790"; classtype:trojan-activity; sid:37912801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//058493cm.nyashsens.top/imagecpusql.php"; flow:to_server,established; http.header; content:"058493cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/imagecpusql.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37944921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 35.197.194.79 2376 (msg: "MISP e27514 [] Outgoing To IP: 35.197.194.79|2376"; classtype:trojan-activity; sid:37944931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 35.195.225.207 2376 (msg: "MISP e27514 [] Outgoing To IP: 35.195.225.207|2376"; classtype:trojan-activity; sid:37944941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 220.158.216.145 443 (msg: "MISP e27514 [] Outgoing To IP: 220.158.216.145|443"; classtype:trojan-activity; sid:37944951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 35.228.165.245 2376 (msg: "MISP e27514 [] Outgoing To IP: 35.228.165.245|2376"; classtype:trojan-activity; sid:37944961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 34.88.169.69 2376 (msg: "MISP e27514 [] Outgoing To IP: 34.88.169.69|2376"; classtype:trojan-activity; sid:37944971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 38.60.191.190 443 (msg: "MISP e27514 [] Outgoing To IP: 38.60.191.190|443"; classtype:trojan-activity; sid:37944981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 93.66.153.13 9002 (msg: "MISP e27514 [] Outgoing To IP: 93.66.153.13|9002"; classtype:trojan-activity; sid:37944991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 52.91.67.138 8084 (msg: "MISP e27514 [] Outgoing To IP: 52.91.67.138|8084"; classtype:trojan-activity; sid:37945001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 49.232.250.192 7777 (msg: "MISP e27514 [] Outgoing To IP: 49.232.250.192|7777"; classtype:trojan-activity; sid:37945011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 182.23.67.109 88 (msg: "MISP e27514 [] Outgoing To IP: 182.23.67.109|88"; classtype:trojan-activity; sid:37945021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 47.103.218.35 80 (msg: "MISP e27514 [] Outgoing To IP: 47.103.218.35|80"; classtype:trojan-activity; sid:37945031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 3.146.206.189 7777 (msg: "MISP e27514 [] Outgoing To IP: 3.146.206.189|7777"; classtype:trojan-activity; sid:37945041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 121.43.58.124 5555 (msg: "MISP e27514 [] Outgoing To IP: 121.43.58.124|5555"; classtype:trojan-activity; sid:37945051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 38.180.105.19 443 (msg: "MISP e27514 [] Outgoing To IP: 38.180.105.19|443"; classtype:trojan-activity; sid:37945061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 111.231.140.197 3333 (msg: "MISP e27514 [] Outgoing To IP: 111.231.140.197|3333"; classtype:trojan-activity; sid:37945071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 38.47.123.60 443 (msg: "MISP e27514 [] Outgoing To IP: 38.47.123.60|443"; classtype:trojan-activity; sid:37945081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 101.43.191.108 9998 (msg: "MISP e27514 [] Outgoing To IP: 101.43.191.108|9998"; classtype:trojan-activity; sid:37945091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 107.191.53.240 80 (msg: "MISP e27514 [] Outgoing To IP: 107.191.53.240|80"; classtype:trojan-activity; sid:37945101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 47.96.174.24 8060 (msg: "MISP e27514 [] Outgoing To IP: 47.96.174.24|8060"; classtype:trojan-activity; sid:37945111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 49.233.44.237 8000 (msg: "MISP e27514 [] Outgoing To IP: 49.233.44.237|8000"; classtype:trojan-activity; sid:37945121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 80.85.154.37 8000 (msg: "MISP e27514 [] Outgoing To IP: 80.85.154.37|8000"; classtype:trojan-activity; sid:37945131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 49.233.44.237 443 (msg: "MISP e27514 [] Outgoing To IP: 49.233.44.237|443"; classtype:trojan-activity; sid:37945141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 46.4.162.29 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 46.4.162.29|3790"; classtype:trojan-activity; sid:37912811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 77.91.74.224 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 77.91.74.224|3790"; classtype:trojan-activity; sid:37912821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 159.223.86.91 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 159.223.86.91|3790"; classtype:trojan-activity; sid:37912831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 144.217.238.169 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 144.217.238.169|3790"; classtype:trojan-activity; sid:37912841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 109.123.247.164 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 109.123.247.164|3790"; classtype:trojan-activity; sid:37912851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 13.233.120.71 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 13.233.120.71|3790"; classtype:trojan-activity; sid:37912861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 91.92.241.10 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 91.92.241.10|3790"; classtype:trojan-activity; sid:37912871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 38.87.196.103 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 38.87.196.103|3790"; classtype:trojan-activity; sid:37912881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 175.136.80.148 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 175.136.80.148|3790"; classtype:trojan-activity; sid:37912891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 13.232.153.222 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 13.232.153.222|3790"; classtype:trojan-activity; sid:37912901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 4.245.215.11 3790 (msg: "MISP e27315 [c2,Meterpreter] Outgoing To IP: 4.245.215.11|3790"; classtype:trojan-activity; sid:37912911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 89.117.49.133 1337 (msg: "MISP e27315 [asyncrat,c2] Outgoing To IP: 89.117.49.133|1337"; classtype:trojan-activity; sid:37912921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 159.100.13.218 8889 (msg: "MISP e27315 [bit_rat,c2] Outgoing To IP: 159.100.13.218|8889"; classtype:trojan-activity; sid:37912931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 52.87.175.64 443 (msg: "MISP e27315 [c2,IcedID] Outgoing To IP: 52.87.175.64|443"; classtype:trojan-activity; sid:37912941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 172.233.33.155 443 (msg: "MISP e27315 [c2,IcedID] Outgoing To IP: 172.233.33.155|443"; classtype:trojan-activity; sid:37912951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 18.232.250.39 443 (msg: "MISP e27315 [c2,IcedID] Outgoing To IP: 18.232.250.39|443"; classtype:trojan-activity; sid:37912961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 45.67.231.21 1337 (msg: "MISP e27315 [c2,dcrat] Outgoing To IP: 45.67.231.21|1337"; classtype:trojan-activity; sid:37912971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 13.37.127.130 443 (msg: "MISP e27315 [BianLian,c2] Outgoing To IP: 13.37.127.130|443"; classtype:trojan-activity; sid:37912981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 103.86.131.60 443 (msg: "MISP e27315 [c2,Get2] Outgoing To IP: 103.86.131.60|443"; classtype:trojan-activity; sid:37912991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 220.69.33.81 443 (msg: "MISP e27315 [c2,Get2] Outgoing To IP: 220.69.33.81|443"; classtype:trojan-activity; sid:37913001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 103.86.131.147 443 (msg: "MISP e27315 [c2,Get2] Outgoing To IP: 103.86.131.147|443"; classtype:trojan-activity; sid:37913011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 103.86.130.78 443 (msg: "MISP e27315 [c2,Get2] Outgoing To IP: 103.86.130.78|443"; classtype:trojan-activity; sid:37913021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 103.86.130.103 443 (msg: "MISP e27315 [c2,Get2] Outgoing To IP: 103.86.130.103|443"; classtype:trojan-activity; sid:37913031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 54.221.151.132 443 (msg: "MISP e27315 [c2,Havoc] Outgoing To IP: 54.221.151.132|443"; classtype:trojan-activity; sid:37913041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 13.232.135.125 443 (msg: "MISP e27315 [c2,Havoc] Outgoing To IP: 13.232.135.125|443"; classtype:trojan-activity; sid:37913051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 54.221.151.132 80 (msg: "MISP e27315 [c2,Havoc] Outgoing To IP: 54.221.151.132|80"; classtype:trojan-activity; sid:37913061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 172.67.211.144 80 (msg: "MISP e27315 [c2,MintStealer] Outgoing To IP: 172.67.211.144|80"; classtype:trojan-activity; sid:37913071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 85.114.96.2 80 (msg: "MISP e27315 [c2,MintStealer] Outgoing To IP: 85.114.96.2|80"; classtype:trojan-activity; sid:37913081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 104.21.67.23 443 (msg: "MISP e27315 [c2,MintStealer] Outgoing To IP: 104.21.67.23|443"; classtype:trojan-activity; sid:37913091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 107.151.240.201 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 107.151.240.201|443"; classtype:trojan-activity; sid:37913101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 64.23.179.131 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 64.23.179.131|443"; classtype:trojan-activity; sid:37913111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 88.214.27.74 4443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 88.214.27.74|4443"; classtype:trojan-activity; sid:37913121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 45.86.162.149 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 45.86.162.149|443"; classtype:trojan-activity; sid:37913131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 103.163.208.121 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 103.163.208.121|443"; classtype:trojan-activity; sid:37913141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 107.172.196.196 2087 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 107.172.196.196|2087"; classtype:trojan-activity; sid:37913151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 15.168.110.184 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 15.168.110.184|443"; classtype:trojan-activity; sid:37913161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 47.76.140.200 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 47.76.140.200|443"; classtype:trojan-activity; sid:37913171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 204.93.201.161 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 204.93.201.161|443"; classtype:trojan-activity; sid:37913181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 149.88.75.24 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 149.88.75.24|443"; classtype:trojan-activity; sid:37913191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 81.19.138.57 4443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 81.19.138.57|4443"; classtype:trojan-activity; sid:37913201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 137.220.197.164 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 137.220.197.164|443"; classtype:trojan-activity; sid:37913211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 104.225.235.101 443 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 104.225.235.101|443"; classtype:trojan-activity; sid:37913221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 34.82.156.114 10000 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 34.82.156.114|10000"; classtype:trojan-activity; sid:37913231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 121.40.63.121 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 121.40.63.121|50050"; classtype:trojan-activity; sid:37913241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 39.104.230.184 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 39.104.230.184|50050"; classtype:trojan-activity; sid:37913251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 139.9.41.156 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 139.9.41.156|50050"; classtype:trojan-activity; sid:37913261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 114.132.218.55 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 114.132.218.55|50050"; classtype:trojan-activity; sid:37913271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 47.119.19.34 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 47.119.19.34|50050"; classtype:trojan-activity; sid:37913281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 43.136.71.208 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 43.136.71.208|50050"; classtype:trojan-activity; sid:37913291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 101.133.164.210 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 101.133.164.210|50050"; classtype:trojan-activity; sid:37913301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 119.3.220.200 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 119.3.220.200|50050"; classtype:trojan-activity; sid:37913311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 103.191.15.10 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 103.191.15.10|50050"; classtype:trojan-activity; sid:37913321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 110.41.134.233 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 110.41.134.233|50050"; classtype:trojan-activity; sid:37913331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 59.110.142.91 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 59.110.142.91|50050"; classtype:trojan-activity; sid:37913341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 101.43.161.148 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 101.43.161.148|50050"; classtype:trojan-activity; sid:37913351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 8.222.165.110 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 8.222.165.110|50050"; classtype:trojan-activity; sid:37913361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 39.105.101.138 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 39.105.101.138|50050"; classtype:trojan-activity; sid:37913371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 117.50.182.87 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 117.50.182.87|50050"; classtype:trojan-activity; sid:37913381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 81.70.0.37 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 81.70.0.37|50050"; classtype:trojan-activity; sid:37913391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 47.97.110.109 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 47.97.110.109|50050"; classtype:trojan-activity; sid:37913401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 42.193.16.213 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 42.193.16.213|50050"; classtype:trojan-activity; sid:37913411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 129.226.154.245 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 129.226.154.245|50050"; classtype:trojan-activity; sid:37913421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 47.92.246.30 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 47.92.246.30|50050"; classtype:trojan-activity; sid:37913431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 159.65.150.184 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 159.65.150.184|50050"; classtype:trojan-activity; sid:37913441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 87.121.87.101 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 87.121.87.101|50050"; classtype:trojan-activity; sid:37913451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 154.197.98.85 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 154.197.98.85|50050"; classtype:trojan-activity; sid:37913461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 108.165.106.7 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 108.165.106.7|50050"; classtype:trojan-activity; sid:37913471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 213.14.155.98 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 213.14.155.98|50050"; classtype:trojan-activity; sid:37913481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert dns any any -> any any (msg: "MISP e27492 [] Domain eds-vid-gov-lv.com"; dns.query; content:"eds-vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37942721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27492;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27492 [] Outgoing HTTP Domain eds-vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eds-vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37942722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27492;) alert ip $HOME_NET any -> 87.120.84.188 1604 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 87.120.84.188|1604"; classtype:trojan-activity; sid:37913491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 193.222.96.115 1604 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 193.222.96.115|1604"; classtype:trojan-activity; sid:37913501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 83.229.84.160 1604 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 83.229.84.160|1604"; classtype:trojan-activity; sid:37913511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 185.219.177.105 1604 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 185.219.177.105|1604"; classtype:trojan-activity; sid:37913521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.83.7 2002 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.83.7|2002"; classtype:trojan-activity; sid:37913531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 88.243.82.116 1604 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 88.243.82.116|1604"; classtype:trojan-activity; sid:37913541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 31.156.119.149 1604 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 31.156.119.149|1604"; classtype:trojan-activity; sid:37913551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.83.6 2121 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.83.6|2121"; classtype:trojan-activity; sid:37913561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.83.6 2222 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.83.6|2222"; classtype:trojan-activity; sid:37913571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 80.253.246.36 1604 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 80.253.246.36|1604"; classtype:trojan-activity; sid:37913581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 198.27.120.255 1604 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 198.27.120.255|1604"; classtype:trojan-activity; sid:37913591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 198.50.138.20 1604 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 198.50.138.20|1604"; classtype:trojan-activity; sid:37913601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.86.23 1801 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.86.23|1801"; classtype:trojan-activity; sid:37913611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.85.245 2121 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.85.245|2121"; classtype:trojan-activity; sid:37913621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.85.245 1911 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.85.245|1911"; classtype:trojan-activity; sid:37913631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.85.245 2222 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.85.245|2222"; classtype:trojan-activity; sid:37913641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.85.245 1604 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.85.245|1604"; classtype:trojan-activity; sid:37913651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.85.245 2081 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.85.245|2081"; classtype:trojan-activity; sid:37913661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.85.245 2154 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.85.245|2154"; classtype:trojan-activity; sid:37913671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.85.245 1925 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.85.245|1925"; classtype:trojan-activity; sid:37913681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 187.135.144.103 1741 (msg: "MISP e27315 [c2,darkcomet] Outgoing To IP: 187.135.144.103|1741"; classtype:trojan-activity; sid:37913691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 185.169.180.151 82 (msg: "MISP e27315 [c2,extreme_rat] Outgoing To IP: 185.169.180.151|82"; classtype:trojan-activity; sid:37913701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 45.88.186.108 54984 (msg: "MISP e27315 [c2,NanoCore] Outgoing To IP: 45.88.186.108|54984"; classtype:trojan-activity; sid:37913711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 50.3.70.191 54984 (msg: "MISP e27315 [c2,NanoCore] Outgoing To IP: 50.3.70.191|54984"; classtype:trojan-activity; sid:37913721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 38.146.219.232 54984 (msg: "MISP e27315 [c2,NanoCore] Outgoing To IP: 38.146.219.232|54984"; classtype:trojan-activity; sid:37913731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 41.68.133.39 54984 (msg: "MISP e27315 [c2,NanoCore] Outgoing To IP: 41.68.133.39|54984"; classtype:trojan-activity; sid:37913741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 185.29.11.37 54984 (msg: "MISP e27315 [c2,NanoCore] Outgoing To IP: 185.29.11.37|54984"; classtype:trojan-activity; sid:37913751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 45.74.60.199 54984 (msg: "MISP e27315 [c2,NanoCore] Outgoing To IP: 45.74.60.199|54984"; classtype:trojan-activity; sid:37913761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 140.82.54.39 54984 (msg: "MISP e27315 [c2,NanoCore] Outgoing To IP: 140.82.54.39|54984"; classtype:trojan-activity; sid:37913771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 41.109.32.78 1177 (msg: "MISP e27315 [c2,njrat] Outgoing To IP: 41.109.32.78|1177"; classtype:trojan-activity; sid:37913781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 64.237.212.192 1800 (msg: "MISP e27315 [c2,remcos] Outgoing To IP: 64.237.212.192|1800"; classtype:trojan-activity; sid:37913791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 94.49.180.101 3460 (msg: "MISP e27315 [c2,poison_ivy] Outgoing To IP: 94.49.180.101|3460"; classtype:trojan-activity; sid:37913801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 94.96.157.6 3460 (msg: "MISP e27315 [c2,poison_ivy] Outgoing To IP: 94.96.157.6|3460"; classtype:trojan-activity; sid:37913811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 94.98.194.203 3460 (msg: "MISP e27315 [c2,poison_ivy] Outgoing To IP: 94.98.194.203|3460"; classtype:trojan-activity; sid:37913821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 213.142.159.91 10134 (msg: "MISP e27315 [c2,orcus_rat] Outgoing To IP: 213.142.159.91|10134"; classtype:trojan-activity; sid:37913831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 184.144.200.107 10134 (msg: "MISP e27315 [c2,orcus_rat] Outgoing To IP: 184.144.200.107|10134"; classtype:trojan-activity; sid:37913841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 185.62.57.11 80 (msg: "MISP e27315 [c2,Responder] Outgoing To IP: 185.62.57.11|80"; classtype:trojan-activity; sid:37913851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 65.0.98.39 80 (msg: "MISP e27315 [c2,Responder] Outgoing To IP: 65.0.98.39|80"; classtype:trojan-activity; sid:37913861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert dns any any -> any any (msg: "MISP e27494 [] Domain eds-vid-gov-lv.com"; dns.query; content:"eds-vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37942781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27494 [] Outgoing HTTP Domain eds-vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eds-vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37942782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27494;) alert ip $HOME_NET any -> 87.241.217.87 4444 (msg: "MISP e27315 [c2,Venom] Outgoing To IP: 87.241.217.87|4444"; classtype:trojan-activity; sid:37913871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 193.233.132.194 8081 (msg: "MISP e27315 [c2,Risepro] Outgoing To IP: 193.233.132.194|8081"; classtype:trojan-activity; sid:37913881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 193.233.132.113 8081 (msg: "MISP e27315 [c2,Risepro] Outgoing To IP: 193.233.132.113|8081"; classtype:trojan-activity; sid:37913891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 38.6.164.8 80 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 38.6.164.8|80"; classtype:trojan-activity; sid:37913901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 88.243.82.116 1604 (msg: "MISP e27514 [] Outgoing To IP: 88.243.82.116|1604"; classtype:trojan-activity; sid:37945151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.83.7 2002 (msg: "MISP e27514 [] Outgoing To IP: 187.135.83.7|2002"; classtype:trojan-activity; sid:37945161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 185.219.177.105 1604 (msg: "MISP e27514 [] Outgoing To IP: 185.219.177.105|1604"; classtype:trojan-activity; sid:37945171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 83.229.84.160 1604 (msg: "MISP e27514 [] Outgoing To IP: 83.229.84.160|1604"; classtype:trojan-activity; sid:37945181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 193.222.96.115 1604 (msg: "MISP e27514 [] Outgoing To IP: 193.222.96.115|1604"; classtype:trojan-activity; sid:37945191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 87.120.84.188 1604 (msg: "MISP e27514 [] Outgoing To IP: 87.120.84.188|1604"; classtype:trojan-activity; sid:37945201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 213.14.155.98 50050 (msg: "MISP e27514 [] Outgoing To IP: 213.14.155.98|50050"; classtype:trojan-activity; sid:37945211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 108.165.106.7 50050 (msg: "MISP e27514 [] Outgoing To IP: 108.165.106.7|50050"; classtype:trojan-activity; sid:37945221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 154.197.98.85 50050 (msg: "MISP e27514 [] Outgoing To IP: 154.197.98.85|50050"; classtype:trojan-activity; sid:37945231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 87.121.87.101 50050 (msg: "MISP e27514 [] Outgoing To IP: 87.121.87.101|50050"; classtype:trojan-activity; sid:37945241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 159.65.150.184 50050 (msg: "MISP e27514 [] Outgoing To IP: 159.65.150.184|50050"; classtype:trojan-activity; sid:37945251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 47.92.246.30 50050 (msg: "MISP e27514 [] Outgoing To IP: 47.92.246.30|50050"; classtype:trojan-activity; sid:37945261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 129.226.154.245 50050 (msg: "MISP e27514 [] Outgoing To IP: 129.226.154.245|50050"; classtype:trojan-activity; sid:37945271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 42.193.16.213 50050 (msg: "MISP e27514 [] Outgoing To IP: 42.193.16.213|50050"; classtype:trojan-activity; sid:37945281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 47.97.110.109 50050 (msg: "MISP e27514 [] Outgoing To IP: 47.97.110.109|50050"; classtype:trojan-activity; sid:37945291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 81.70.0.37 50050 (msg: "MISP e27514 [] Outgoing To IP: 81.70.0.37|50050"; classtype:trojan-activity; sid:37945301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 117.50.182.87 50050 (msg: "MISP e27514 [] Outgoing To IP: 117.50.182.87|50050"; classtype:trojan-activity; sid:37945311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 39.105.101.138 50050 (msg: "MISP e27514 [] Outgoing To IP: 39.105.101.138|50050"; classtype:trojan-activity; sid:37945321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 8.222.165.110 50050 (msg: "MISP e27514 [] Outgoing To IP: 8.222.165.110|50050"; classtype:trojan-activity; sid:37945331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 101.43.161.148 50050 (msg: "MISP e27514 [] Outgoing To IP: 101.43.161.148|50050"; classtype:trojan-activity; sid:37945341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 59.110.142.91 50050 (msg: "MISP e27514 [] Outgoing To IP: 59.110.142.91|50050"; classtype:trojan-activity; sid:37945351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 110.41.134.233 50050 (msg: "MISP e27514 [] Outgoing To IP: 110.41.134.233|50050"; classtype:trojan-activity; sid:37945361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 103.191.15.10 50050 (msg: "MISP e27514 [] Outgoing To IP: 103.191.15.10|50050"; classtype:trojan-activity; sid:37945371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 119.3.220.200 50050 (msg: "MISP e27514 [] Outgoing To IP: 119.3.220.200|50050"; classtype:trojan-activity; sid:37945381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 101.133.164.210 50050 (msg: "MISP e27514 [] Outgoing To IP: 101.133.164.210|50050"; classtype:trojan-activity; sid:37945391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 43.136.71.208 50050 (msg: "MISP e27514 [] Outgoing To IP: 43.136.71.208|50050"; classtype:trojan-activity; sid:37945401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 47.119.19.34 50050 (msg: "MISP e27514 [] Outgoing To IP: 47.119.19.34|50050"; classtype:trojan-activity; sid:37945411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 114.132.218.55 50050 (msg: "MISP e27514 [] Outgoing To IP: 114.132.218.55|50050"; classtype:trojan-activity; sid:37945421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 139.9.41.156 50050 (msg: "MISP e27514 [] Outgoing To IP: 139.9.41.156|50050"; classtype:trojan-activity; sid:37945431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 39.104.230.184 50050 (msg: "MISP e27514 [] Outgoing To IP: 39.104.230.184|50050"; classtype:trojan-activity; sid:37945441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 121.40.63.121 50050 (msg: "MISP e27514 [] Outgoing To IP: 121.40.63.121|50050"; classtype:trojan-activity; sid:37945451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 34.82.156.114 10000 (msg: "MISP e27514 [] Outgoing To IP: 34.82.156.114|10000"; classtype:trojan-activity; sid:37945461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 104.225.235.101 443 (msg: "MISP e27514 [] Outgoing To IP: 104.225.235.101|443"; classtype:trojan-activity; sid:37945471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 137.220.197.164 443 (msg: "MISP e27514 [] Outgoing To IP: 137.220.197.164|443"; classtype:trojan-activity; sid:37945481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 81.19.138.57 4443 (msg: "MISP e27514 [] Outgoing To IP: 81.19.138.57|4443"; classtype:trojan-activity; sid:37945491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 149.88.75.24 443 (msg: "MISP e27514 [] Outgoing To IP: 149.88.75.24|443"; classtype:trojan-activity; sid:37945501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 204.93.201.161 443 (msg: "MISP e27514 [] Outgoing To IP: 204.93.201.161|443"; classtype:trojan-activity; sid:37945511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 47.76.140.200 443 (msg: "MISP e27514 [] Outgoing To IP: 47.76.140.200|443"; classtype:trojan-activity; sid:37945521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 15.168.110.184 443 (msg: "MISP e27514 [] Outgoing To IP: 15.168.110.184|443"; classtype:trojan-activity; sid:37945531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 107.172.196.196 2087 (msg: "MISP e27514 [] Outgoing To IP: 107.172.196.196|2087"; classtype:trojan-activity; sid:37945541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 103.163.208.121 443 (msg: "MISP e27514 [] Outgoing To IP: 103.163.208.121|443"; classtype:trojan-activity; sid:37945551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 45.86.162.149 443 (msg: "MISP e27514 [] Outgoing To IP: 45.86.162.149|443"; classtype:trojan-activity; sid:37945561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 88.214.27.74 4443 (msg: "MISP e27514 [] Outgoing To IP: 88.214.27.74|4443"; classtype:trojan-activity; sid:37945571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 64.23.179.131 443 (msg: "MISP e27514 [] Outgoing To IP: 64.23.179.131|443"; classtype:trojan-activity; sid:37945581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 107.151.240.201 443 (msg: "MISP e27514 [] Outgoing To IP: 107.151.240.201|443"; classtype:trojan-activity; sid:37945591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 104.21.67.23 443 (msg: "MISP e27514 [] Outgoing To IP: 104.21.67.23|443"; classtype:trojan-activity; sid:37945601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 85.114.96.2 80 (msg: "MISP e27514 [] Outgoing To IP: 85.114.96.2|80"; classtype:trojan-activity; sid:37945611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 172.67.211.144 80 (msg: "MISP e27514 [] Outgoing To IP: 172.67.211.144|80"; classtype:trojan-activity; sid:37945621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 54.221.151.132 80 (msg: "MISP e27514 [] Outgoing To IP: 54.221.151.132|80"; classtype:trojan-activity; sid:37945631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 13.232.135.125 443 (msg: "MISP e27514 [] Outgoing To IP: 13.232.135.125|443"; classtype:trojan-activity; sid:37945641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 54.221.151.132 443 (msg: "MISP e27514 [] Outgoing To IP: 54.221.151.132|443"; classtype:trojan-activity; sid:37945651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 103.86.130.103 443 (msg: "MISP e27514 [] Outgoing To IP: 103.86.130.103|443"; classtype:trojan-activity; sid:37945661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 103.86.130.78 443 (msg: "MISP e27514 [] Outgoing To IP: 103.86.130.78|443"; classtype:trojan-activity; sid:37945671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 103.86.131.147 443 (msg: "MISP e27514 [] Outgoing To IP: 103.86.131.147|443"; classtype:trojan-activity; sid:37945681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 220.69.33.81 443 (msg: "MISP e27514 [] Outgoing To IP: 220.69.33.81|443"; classtype:trojan-activity; sid:37945691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 103.86.131.60 443 (msg: "MISP e27514 [] Outgoing To IP: 103.86.131.60|443"; classtype:trojan-activity; sid:37945701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 13.37.127.130 443 (msg: "MISP e27514 [] Outgoing To IP: 13.37.127.130|443"; classtype:trojan-activity; sid:37945711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 45.67.231.21 1337 (msg: "MISP e27514 [] Outgoing To IP: 45.67.231.21|1337"; classtype:trojan-activity; sid:37945721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 18.232.250.39 443 (msg: "MISP e27514 [] Outgoing To IP: 18.232.250.39|443"; classtype:trojan-activity; sid:37945731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 172.233.33.155 443 (msg: "MISP e27514 [] Outgoing To IP: 172.233.33.155|443"; classtype:trojan-activity; sid:37945741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 52.87.175.64 443 (msg: "MISP e27514 [] Outgoing To IP: 52.87.175.64|443"; classtype:trojan-activity; sid:37945751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 159.100.13.218 8889 (msg: "MISP e27514 [] Outgoing To IP: 159.100.13.218|8889"; classtype:trojan-activity; sid:37945761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 89.117.49.133 1337 (msg: "MISP e27514 [] Outgoing To IP: 89.117.49.133|1337"; classtype:trojan-activity; sid:37945771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 4.245.215.11 3790 (msg: "MISP e27514 [] Outgoing To IP: 4.245.215.11|3790"; classtype:trojan-activity; sid:37945781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 13.232.153.222 3790 (msg: "MISP e27514 [] Outgoing To IP: 13.232.153.222|3790"; classtype:trojan-activity; sid:37945791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 175.136.80.148 3790 (msg: "MISP e27514 [] Outgoing To IP: 175.136.80.148|3790"; classtype:trojan-activity; sid:37945801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 38.87.196.103 3790 (msg: "MISP e27514 [] Outgoing To IP: 38.87.196.103|3790"; classtype:trojan-activity; sid:37945811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 91.92.241.10 3790 (msg: "MISP e27514 [] Outgoing To IP: 91.92.241.10|3790"; classtype:trojan-activity; sid:37945821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 13.233.120.71 3790 (msg: "MISP e27514 [] Outgoing To IP: 13.233.120.71|3790"; classtype:trojan-activity; sid:37945831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 109.123.247.164 3790 (msg: "MISP e27514 [] Outgoing To IP: 109.123.247.164|3790"; classtype:trojan-activity; sid:37945841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 144.217.238.169 3790 (msg: "MISP e27514 [] Outgoing To IP: 144.217.238.169|3790"; classtype:trojan-activity; sid:37945851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 159.223.86.91 3790 (msg: "MISP e27514 [] Outgoing To IP: 159.223.86.91|3790"; classtype:trojan-activity; sid:37945861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 77.91.74.224 3790 (msg: "MISP e27514 [] Outgoing To IP: 77.91.74.224|3790"; classtype:trojan-activity; sid:37945871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 46.4.162.29 3790 (msg: "MISP e27514 [] Outgoing To IP: 46.4.162.29|3790"; classtype:trojan-activity; sid:37945881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 207.154.218.205 3790 (msg: "MISP e27514 [] Outgoing To IP: 207.154.218.205|3790"; classtype:trojan-activity; sid:37945891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 43.204.111.25 3790 (msg: "MISP e27514 [] Outgoing To IP: 43.204.111.25|3790"; classtype:trojan-activity; sid:37945901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 38.92.97.13 3790 (msg: "MISP e27514 [] Outgoing To IP: 38.92.97.13|3790"; classtype:trojan-activity; sid:37945911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 145.239.230.233 3790 (msg: "MISP e27514 [] Outgoing To IP: 145.239.230.233|3790"; classtype:trojan-activity; sid:37945921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 201.230.41.153 3790 (msg: "MISP e27514 [] Outgoing To IP: 201.230.41.153|3790"; classtype:trojan-activity; sid:37945931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 128.46.157.249 3790 (msg: "MISP e27514 [] Outgoing To IP: 128.46.157.249|3790"; classtype:trojan-activity; sid:37945941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 108.59.196.9 3790 (msg: "MISP e27514 [] Outgoing To IP: 108.59.196.9|3790"; classtype:trojan-activity; sid:37945951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 38.87.198.48 3790 (msg: "MISP e27514 [] Outgoing To IP: 38.87.198.48|3790"; classtype:trojan-activity; sid:37945961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 45.134.225.247 3790 (msg: "MISP e27514 [] Outgoing To IP: 45.134.225.247|3790"; classtype:trojan-activity; sid:37945971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 206.188.196.251 3790 (msg: "MISP e27514 [] Outgoing To IP: 206.188.196.251|3790"; classtype:trojan-activity; sid:37945981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 5.255.102.67 3790 (msg: "MISP e27514 [] Outgoing To IP: 5.255.102.67|3790"; classtype:trojan-activity; sid:37945991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 198.52.128.72 3790 (msg: "MISP e27514 [] Outgoing To IP: 198.52.128.72|3790"; classtype:trojan-activity; sid:37946001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 64.190.113.198 3790 (msg: "MISP e27514 [] Outgoing To IP: 64.190.113.198|3790"; classtype:trojan-activity; sid:37946011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 54.193.250.83 3790 (msg: "MISP e27514 [] Outgoing To IP: 54.193.250.83|3790"; classtype:trojan-activity; sid:37946021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 173.249.11.184 3790 (msg: "MISP e27514 [] Outgoing To IP: 173.249.11.184|3790"; classtype:trojan-activity; sid:37946031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 217.160.39.160 3790 (msg: "MISP e27514 [] Outgoing To IP: 217.160.39.160|3790"; classtype:trojan-activity; sid:37946041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 34.16.167.198 3790 (msg: "MISP e27514 [] Outgoing To IP: 34.16.167.198|3790"; classtype:trojan-activity; sid:37946051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 123.16.208.62 3790 (msg: "MISP e27514 [] Outgoing To IP: 123.16.208.62|3790"; classtype:trojan-activity; sid:37946061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 51.116.102.221 3790 (msg: "MISP e27514 [] Outgoing To IP: 51.116.102.221|3790"; classtype:trojan-activity; sid:37946071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 41.216.183.181 3790 (msg: "MISP e27514 [] Outgoing To IP: 41.216.183.181|3790"; classtype:trojan-activity; sid:37946081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 193.32.162.64 3790 (msg: "MISP e27514 [] Outgoing To IP: 193.32.162.64|3790"; classtype:trojan-activity; sid:37946091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 185.81.114.195 3790 (msg: "MISP e27514 [] Outgoing To IP: 185.81.114.195|3790"; classtype:trojan-activity; sid:37946101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 78.38.80.242 3790 (msg: "MISP e27514 [] Outgoing To IP: 78.38.80.242|3790"; classtype:trojan-activity; sid:37946111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 60.204.215.22 3790 (msg: "MISP e27514 [] Outgoing To IP: 60.204.215.22|3790"; classtype:trojan-activity; sid:37946121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 176.123.3.245 3790 (msg: "MISP e27514 [] Outgoing To IP: 176.123.3.245|3790"; classtype:trojan-activity; sid:37946131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 152.89.198.72 3790 (msg: "MISP e27514 [] Outgoing To IP: 152.89.198.72|3790"; classtype:trojan-activity; sid:37946141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 41.216.189.203 3790 (msg: "MISP e27514 [] Outgoing To IP: 41.216.189.203|3790"; classtype:trojan-activity; sid:37946151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 49.13.130.177 3790 (msg: "MISP e27514 [] Outgoing To IP: 49.13.130.177|3790"; classtype:trojan-activity; sid:37946161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 194.0.206.23 3790 (msg: "MISP e27514 [] Outgoing To IP: 194.0.206.23|3790"; classtype:trojan-activity; sid:37946171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 107.175.0.200 3790 (msg: "MISP e27514 [] Outgoing To IP: 107.175.0.200|3790"; classtype:trojan-activity; sid:37946181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 213.109.202.135 3790 (msg: "MISP e27514 [] Outgoing To IP: 213.109.202.135|3790"; classtype:trojan-activity; sid:37946191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 158.255.1.15 3790 (msg: "MISP e27514 [] Outgoing To IP: 158.255.1.15|3790"; classtype:trojan-activity; sid:37946201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 175.136.87.155 3790 (msg: "MISP e27514 [] Outgoing To IP: 175.136.87.155|3790"; classtype:trojan-activity; sid:37946211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 185.158.248.34 3790 (msg: "MISP e27514 [] Outgoing To IP: 185.158.248.34|3790"; classtype:trojan-activity; sid:37946221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 141.98.234.46 3790 (msg: "MISP e27514 [] Outgoing To IP: 141.98.234.46|3790"; classtype:trojan-activity; sid:37946231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 108.30.148.85 3790 (msg: "MISP e27514 [] Outgoing To IP: 108.30.148.85|3790"; classtype:trojan-activity; sid:37946241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 77.105.166.172 3790 (msg: "MISP e27514 [] Outgoing To IP: 77.105.166.172|3790"; classtype:trojan-activity; sid:37946251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 83.41.137.16 3790 (msg: "MISP e27514 [] Outgoing To IP: 83.41.137.16|3790"; classtype:trojan-activity; sid:37946261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 38.99.82.235 3790 (msg: "MISP e27514 [] Outgoing To IP: 38.99.82.235|3790"; classtype:trojan-activity; sid:37946271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 88.119.167.206 3790 (msg: "MISP e27514 [] Outgoing To IP: 88.119.167.206|3790"; classtype:trojan-activity; sid:37946281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 37.27.5.78 3790 (msg: "MISP e27514 [] Outgoing To IP: 37.27.5.78|3790"; classtype:trojan-activity; sid:37946291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 95.216.221.12 3790 (msg: "MISP e27514 [] Outgoing To IP: 95.216.221.12|3790"; classtype:trojan-activity; sid:37946301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 45.227.254.4 3790 (msg: "MISP e27514 [] Outgoing To IP: 45.227.254.4|3790"; classtype:trojan-activity; sid:37946311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 130.51.22.23 3790 (msg: "MISP e27514 [] Outgoing To IP: 130.51.22.23|3790"; classtype:trojan-activity; sid:37946321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 47.250.145.12 3790 (msg: "MISP e27514 [] Outgoing To IP: 47.250.145.12|3790"; classtype:trojan-activity; sid:37946331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 138.201.10.112 3790 (msg: "MISP e27514 [] Outgoing To IP: 138.201.10.112|3790"; classtype:trojan-activity; sid:37946341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 89.208.253.204 4433 (msg: "MISP e27315 [c2,sliver] Outgoing To IP: 89.208.253.204|4433"; classtype:trojan-activity; sid:37913911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 114.215.183.77 10001 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 114.215.183.77|10001"; classtype:trojan-activity; sid:37913921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 119.29.225.65 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 119.29.225.65|50050"; classtype:trojan-activity; sid:37913931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 47.236.111.110 50050 (msg: "MISP e27315 [c2,cobalt_strike] Outgoing To IP: 47.236.111.110|50050"; classtype:trojan-activity; sid:37913941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert dns any any -> any any (msg: "MISP e27497 [] Domain eds-vid-gov-lv.com"; dns.query; content:"eds-vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37942971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27497;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27497 [] Outgoing HTTP Domain eds-vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eds-vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37942972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27497;) alert dns any any -> any any (msg: "MISP e27493 [] Domain eds-vid-gov-lv.com"; dns.query; content:"eds-vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37942751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27493;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27493 [] Outgoing HTTP Domain eds-vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eds-vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eds\-vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37942752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27493;) alert ip $HOME_NET any -> 47.236.111.110 50050 (msg: "MISP e27514 [] Outgoing To IP: 47.236.111.110|50050"; classtype:trojan-activity; sid:37946351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 119.29.225.65 50050 (msg: "MISP e27514 [] Outgoing To IP: 119.29.225.65|50050"; classtype:trojan-activity; sid:37946361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 114.215.183.77 10001 (msg: "MISP e27514 [] Outgoing To IP: 114.215.183.77|10001"; classtype:trojan-activity; sid:37946371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 89.208.253.204 4433 (msg: "MISP e27514 [] Outgoing To IP: 89.208.253.204|4433"; classtype:trojan-activity; sid:37946381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 38.6.164.8 80 (msg: "MISP e27514 [] Outgoing To IP: 38.6.164.8|80"; classtype:trojan-activity; sid:37946391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 193.233.132.113 8081 (msg: "MISP e27514 [] Outgoing To IP: 193.233.132.113|8081"; classtype:trojan-activity; sid:37946401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 193.233.132.194 8081 (msg: "MISP e27514 [] Outgoing To IP: 193.233.132.194|8081"; classtype:trojan-activity; sid:37946411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 87.241.217.87 4444 (msg: "MISP e27514 [] Outgoing To IP: 87.241.217.87|4444"; classtype:trojan-activity; sid:37946421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 65.0.98.39 80 (msg: "MISP e27514 [] Outgoing To IP: 65.0.98.39|80"; classtype:trojan-activity; sid:37946431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 185.62.57.11 80 (msg: "MISP e27514 [] Outgoing To IP: 185.62.57.11|80"; classtype:trojan-activity; sid:37946441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 184.144.200.107 10134 (msg: "MISP e27514 [] Outgoing To IP: 184.144.200.107|10134"; classtype:trojan-activity; sid:37946451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 213.142.159.91 10134 (msg: "MISP e27514 [] Outgoing To IP: 213.142.159.91|10134"; classtype:trojan-activity; sid:37946461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 94.98.194.203 3460 (msg: "MISP e27514 [] Outgoing To IP: 94.98.194.203|3460"; classtype:trojan-activity; sid:37946471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 94.96.157.6 3460 (msg: "MISP e27514 [] Outgoing To IP: 94.96.157.6|3460"; classtype:trojan-activity; sid:37946481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 94.49.180.101 3460 (msg: "MISP e27514 [] Outgoing To IP: 94.49.180.101|3460"; classtype:trojan-activity; sid:37946491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 64.237.212.192 1800 (msg: "MISP e27514 [] Outgoing To IP: 64.237.212.192|1800"; classtype:trojan-activity; sid:37946501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 41.109.32.78 1177 (msg: "MISP e27514 [] Outgoing To IP: 41.109.32.78|1177"; classtype:trojan-activity; sid:37946511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 140.82.54.39 54984 (msg: "MISP e27514 [] Outgoing To IP: 140.82.54.39|54984"; classtype:trojan-activity; sid:37946521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 45.74.60.199 54984 (msg: "MISP e27514 [] Outgoing To IP: 45.74.60.199|54984"; classtype:trojan-activity; sid:37946531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 185.29.11.37 54984 (msg: "MISP e27514 [] Outgoing To IP: 185.29.11.37|54984"; classtype:trojan-activity; sid:37946541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 41.68.133.39 54984 (msg: "MISP e27514 [] Outgoing To IP: 41.68.133.39|54984"; classtype:trojan-activity; sid:37946551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 38.146.219.232 54984 (msg: "MISP e27514 [] Outgoing To IP: 38.146.219.232|54984"; classtype:trojan-activity; sid:37946561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 50.3.70.191 54984 (msg: "MISP e27514 [] Outgoing To IP: 50.3.70.191|54984"; classtype:trojan-activity; sid:37946571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 45.88.186.108 54984 (msg: "MISP e27514 [] Outgoing To IP: 45.88.186.108|54984"; classtype:trojan-activity; sid:37946581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 185.169.180.151 82 (msg: "MISP e27514 [] Outgoing To IP: 185.169.180.151|82"; classtype:trojan-activity; sid:37946591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.144.103 1741 (msg: "MISP e27514 [] Outgoing To IP: 187.135.144.103|1741"; classtype:trojan-activity; sid:37946601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.85.245 1925 (msg: "MISP e27514 [] Outgoing To IP: 187.135.85.245|1925"; classtype:trojan-activity; sid:37946611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.85.245 2154 (msg: "MISP e27514 [] Outgoing To IP: 187.135.85.245|2154"; classtype:trojan-activity; sid:37946621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.85.245 2081 (msg: "MISP e27514 [] Outgoing To IP: 187.135.85.245|2081"; classtype:trojan-activity; sid:37946631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.85.245 1604 (msg: "MISP e27514 [] Outgoing To IP: 187.135.85.245|1604"; classtype:trojan-activity; sid:37946641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.85.245 2222 (msg: "MISP e27514 [] Outgoing To IP: 187.135.85.245|2222"; classtype:trojan-activity; sid:37946651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.85.245 1911 (msg: "MISP e27514 [] Outgoing To IP: 187.135.85.245|1911"; classtype:trojan-activity; sid:37946661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.85.245 2121 (msg: "MISP e27514 [] Outgoing To IP: 187.135.85.245|2121"; classtype:trojan-activity; sid:37946671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.86.23 1801 (msg: "MISP e27514 [] Outgoing To IP: 187.135.86.23|1801"; classtype:trojan-activity; sid:37946681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 198.50.138.20 1604 (msg: "MISP e27514 [] Outgoing To IP: 198.50.138.20|1604"; classtype:trojan-activity; sid:37946691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 198.27.120.255 1604 (msg: "MISP e27514 [] Outgoing To IP: 198.27.120.255|1604"; classtype:trojan-activity; sid:37946701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 80.253.246.36 1604 (msg: "MISP e27514 [] Outgoing To IP: 80.253.246.36|1604"; classtype:trojan-activity; sid:37946711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.83.6 2222 (msg: "MISP e27514 [] Outgoing To IP: 187.135.83.6|2222"; classtype:trojan-activity; sid:37946721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 187.135.83.6 2121 (msg: "MISP e27514 [] Outgoing To IP: 187.135.83.6|2121"; classtype:trojan-activity; sid:37946731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 31.156.119.149 1604 (msg: "MISP e27514 [] Outgoing To IP: 31.156.119.149|1604"; classtype:trojan-activity; sid:37946741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27315 [] Outgoing URL http|3a|//chessfang.online/pp.php"; flow:to_server,established; http.header; content:"chessfang.online"; fast_pattern; nocase; http.uri; content:"/pp.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37913961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert dns any any -> any any (msg: "MISP e27315 [51.195.83.140,AS16276,EpsilonStealer,OVH] Domain gdfjkghndfjkghdfjkghdf.com"; dns.query; content:"gdfjkghndfjkghdfjkghdf.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gdfjkghndfjkghdfjkghdf\.com$/i"; classtype:trojan-activity; sid:37913951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27315 [51.195.83.140,AS16276,EpsilonStealer,OVH] Outgoing HTTP Domain gdfjkghndfjkghdfjkghdf.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gdfjkghndfjkghdfjkghdf.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gdfjkghndfjkghdfjkghdf\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37913952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27315 [] Outgoing URL http|3a|//glovefire.site/dub.php"; flow:to_server,established; http.header; content:"glovefire.site"; fast_pattern; nocase; http.uri; content:"/dub.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37913971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27315 [] Outgoing URL http|3a|//glovefire.site/du.php"; flow:to_server,established; http.header; content:"glovefire.site"; fast_pattern; nocase; http.uri; content:"/du.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37913981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27315 [] Outgoing URL http|3a|//yarnglove.xyz/pe/build.php"; flow:to_server,established; http.header; content:"yarnglove.xyz"; fast_pattern; nocase; http.uri; content:"/pe/build.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37913991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27315 [] Outgoing URL http|3a|//pstbbk.com/"; flow:to_server,established; http.header; content:"pstbbk.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37914001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert dns any any -> any any (msg: "MISP e27514 [] Domain gdfjkghndfjkghdfjkghdf.com"; dns.query; content:"gdfjkghndfjkghdfjkghdf.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gdfjkghndfjkghdfjkghdf\.com$/i"; classtype:trojan-activity; sid:37946751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27514 [] Outgoing HTTP Domain gdfjkghndfjkghdfjkghdf.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gdfjkghndfjkghdfjkghdf.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gdfjkghndfjkghdfjkghdf\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37946752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//chessfang.online/pp.php"; flow:to_server,established; http.header; content:"chessfang.online"; fast_pattern; nocase; http.uri; content:"/pp.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//yarnglove.xyz/pe/build.php"; flow:to_server,established; http.header; content:"yarnglove.xyz"; fast_pattern; nocase; http.uri; content:"/pe/build.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//pstbbk.com/"; flow:to_server,established; http.header; content:"pstbbk.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//glovefire.site/du.php"; flow:to_server,established; http.header; content:"glovefire.site"; fast_pattern; nocase; http.uri; content:"/du.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//glovefire.site/dub.php"; flow:to_server,established; http.header; content:"glovefire.site"; fast_pattern; nocase; http.uri; content:"/dub.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> 136.244.118.172 $HTTP_PORTS (msg: "MISP e27315 [APT,gamaredon] Outgoing URL http|3a|//136.244.118.172/"; flow:to_server,established; http.header; content:"136.244.118.172"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37914011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 143.198.136.173 $HTTP_PORTS (msg: "MISP e27315 [APT,gamaredon] Outgoing URL http|3a|//143.198.136.173/"; flow:to_server,established; http.header; content:"143.198.136.173"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37914021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 146.190.128.252 $HTTP_PORTS (msg: "MISP e27315 [APT,gamaredon] Outgoing URL http|3a|//146.190.128.252/"; flow:to_server,established; http.header; content:"146.190.128.252"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37914031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 159.223.67.132 $HTTP_PORTS (msg: "MISP e27315 [APT,gamaredon] Outgoing URL http|3a|//159.223.67.132/"; flow:to_server,established; http.header; content:"159.223.67.132"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37914041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 78.141.224.44 $HTTP_PORTS (msg: "MISP e27315 [APT,gamaredon] Outgoing URL http|3a|//78.141.224.44/"; flow:to_server,established; http.header; content:"78.141.224.44"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37914051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 136.244.118.172 80 (msg: "MISP e27315 [APT,gamaredon] Outgoing To IP: 136.244.118.172|80"; classtype:trojan-activity; sid:37914061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 143.198.136.173 80 (msg: "MISP e27315 [APT,gamaredon] Outgoing To IP: 143.198.136.173|80"; classtype:trojan-activity; sid:37914071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 146.190.128.252 80 (msg: "MISP e27315 [APT,gamaredon] Outgoing To IP: 146.190.128.252|80"; classtype:trojan-activity; sid:37914081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 159.223.67.132 80 (msg: "MISP e27315 [APT,gamaredon] Outgoing To IP: 159.223.67.132|80"; classtype:trojan-activity; sid:37914091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 78.141.224.44 80 (msg: "MISP e27315 [APT,gamaredon] Outgoing To IP: 78.141.224.44|80"; classtype:trojan-activity; sid:37914101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 78.141.224.44 $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//78.141.224.44/"; flow:to_server,established; http.header; content:"78.141.224.44"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> 146.190.128.252 $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//146.190.128.252/"; flow:to_server,established; http.header; content:"146.190.128.252"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> 159.223.67.132 $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//159.223.67.132/"; flow:to_server,established; http.header; content:"159.223.67.132"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> 143.198.136.173 $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//143.198.136.173/"; flow:to_server,established; http.header; content:"143.198.136.173"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> 136.244.118.172 $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//136.244.118.172/"; flow:to_server,established; http.header; content:"136.244.118.172"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 136.244.118.172 80 (msg: "MISP e27514 [] Outgoing To IP: 136.244.118.172|80"; classtype:trojan-activity; sid:37946861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 143.198.136.173 80 (msg: "MISP e27514 [] Outgoing To IP: 143.198.136.173|80"; classtype:trojan-activity; sid:37946871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 146.190.128.252 80 (msg: "MISP e27514 [] Outgoing To IP: 146.190.128.252|80"; classtype:trojan-activity; sid:37946881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 159.223.67.132 80 (msg: "MISP e27514 [] Outgoing To IP: 159.223.67.132|80"; classtype:trojan-activity; sid:37946891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 78.141.224.44 80 (msg: "MISP e27514 [] Outgoing To IP: 78.141.224.44|80"; classtype:trojan-activity; sid:37946901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> 82.146.60.218 $HTTP_PORTS (msg: "MISP e27315 [dcrat] Outgoing URL http|3a|//82.146.60.218/eternalimagevideopipetempdownloads.php"; flow:to_server,established; http.header; content:"82.146.60.218"; fast_pattern; nocase; http.uri; content:"/eternalimagevideopipetempdownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37914111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 82.146.60.218 $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//82.146.60.218/EternalimageVideopipetempDownloads.php"; flow:to_server,established; http.header; content:"82.146.60.218"; fast_pattern; nocase; http.uri; content:"/EternalimageVideopipetempDownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert dns any any -> any any (msg: "MISP e27352 [] Hostname eds-vid-gov-lv.com"; dns.query; content:"eds-vid-gov-lv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eds\-vid\-gov\-lv\.com$/i"; classtype:trojan-activity; sid:37947831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27352;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27352 [] Outgoing HTTP Hostname eds-vid-gov-lv.com"; flow:to_server,established; http.header; content: "Host|3a| eds-vid-gov-lv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eds\-vid\-gov\-lv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37947832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27352;) alert ip $HOME_NET any -> 45.67.228.91 3666 (msg: "MISP e27315 [Mirai] Outgoing To IP: 45.67.228.91|3666"; classtype:trojan-activity; sid:37914121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert dns any any -> any any (msg: "MISP e27007 [] Domain adidasrunningireland.com"; dns.query; content:"adidasrunningireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])adidasrunningireland\.com$/i"; classtype:trojan-activity; sid:38143401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain adidasrunningireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adidasrunningireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adidasrunningireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain adidasrunningnz.com"; dns.query; content:"adidasrunningnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])adidasrunningnz\.com$/i"; classtype:trojan-activity; sid:38143411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain adidasrunningnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adidasrunningnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adidasrunningnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aeriesaudiarabia.com"; dns.query; content:"aeriesaudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aeriesaudiarabia\.com$/i"; classtype:trojan-activity; sid:38143421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aeriesaudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aeriesaudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aeriesaudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aibatephone.com"; dns.query; content:"aibatephone.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aibatephone\.com$/i"; classtype:trojan-activity; sid:38143491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aibatephone.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aibatephone.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aibatephone\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain allbirds-deutschland.com"; dns.query; content:"allbirds-deutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])allbirds\-deutschland\.com$/i"; classtype:trojan-activity; sid:38143771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain allbirds-deutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"allbirds-deutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])allbirds\-deutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain allbirdsnetherlands.com"; dns.query; content:"allbirdsnetherlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])allbirdsnetherlands\.com$/i"; classtype:trojan-activity; sid:38143781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain allbirdsnetherlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"allbirdsnetherlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])allbirdsnetherlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain allbirdsshoeschile.com"; dns.query; content:"allbirdsshoeschile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])allbirdsshoeschile\.com$/i"; classtype:trojan-activity; sid:38143791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain allbirdsshoeschile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"allbirdsshoeschile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])allbirdsshoeschile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain allbirdsshoes-india.com"; dns.query; content:"allbirdsshoes-india.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])allbirdsshoes\-india\.com$/i"; classtype:trojan-activity; sid:38143801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain allbirdsshoes-india.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"allbirdsshoes-india.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])allbirdsshoes\-india\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altra-egypt.com"; dns.query; content:"altra-egypt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-egypt\.com$/i"; classtype:trojan-activity; sid:38143841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altra-egypt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altra-egypt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-egypt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrafootwear-uk.com"; dns.query; content:"altrafootwear-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrafootwear\-uk\.com$/i"; classtype:trojan-activity; sid:38143851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrafootwear-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrafootwear-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrafootwear\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altra-nederland.com"; dns.query; content:"altra-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-nederland\.com$/i"; classtype:trojan-activity; sid:38143881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altra-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altra-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altra-newzealand.com"; dns.query; content:"altra-newzealand.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-newzealand\.com$/i"; classtype:trojan-activity; sid:38143891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altra-newzealand.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altra-newzealand.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-newzealand\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrannings-fr.com"; dns.query; content:"altrannings-fr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrannings\-fr\.com$/i"; classtype:trojan-activity; sid:38143901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrannings-fr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrannings-fr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrannings\-fr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrannings-nl.com"; dns.query; content:"altrannings-nl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrannings\-nl\.com$/i"; classtype:trojan-activity; sid:38143911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrannings-nl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrannings-nl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrannings\-nl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altraoutletstore.com"; dns.query; content:"altraoutletstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altraoutletstore\.com$/i"; classtype:trojan-activity; sid:38143921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altraoutletstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altraoutletstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altraoutletstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altra-paris.com"; dns.query; content:"altra-paris.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-paris\.com$/i"; classtype:trojan-activity; sid:38143931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altra-paris.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altra-paris.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-paris\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-colombia.com"; dns.query; content:"altrarunning-colombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-colombia\.com$/i"; classtype:trojan-activity; sid:38143941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-colombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-colombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-colombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-danmark.com"; dns.query; content:"altrarunning-danmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-danmark\.com$/i"; classtype:trojan-activity; sid:38143951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-danmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-danmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-danmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-greece.com"; dns.query; content:"altrarunning-greece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-greece\.com$/i"; classtype:trojan-activity; sid:38143961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-greece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-greece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-greece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunningisrael.com"; dns.query; content:"altrarunningisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunningisrael\.com$/i"; classtype:trojan-activity; sid:38143971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunningisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunningisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunningisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-italia.com"; dns.query; content:"altrarunning-italia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-italia\.com$/i"; classtype:trojan-activity; sid:38143981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-italia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-italia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-italia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-japan.com"; dns.query; content:"altrarunning-japan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-japan\.com$/i"; classtype:trojan-activity; sid:38143991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-japan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-japan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-japan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38143992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-malaysia.com"; dns.query; content:"altrarunning-malaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-malaysia\.com$/i"; classtype:trojan-activity; sid:38144001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-malaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-malaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-malaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-mexico.com"; dns.query; content:"altrarunning-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-mexico\.com$/i"; classtype:trojan-activity; sid:38144011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-nederland.com"; dns.query; content:"altrarunning-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-nederland\.com$/i"; classtype:trojan-activity; sid:38144021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-norge.com"; dns.query; content:"altrarunning-norge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-norge\.com$/i"; classtype:trojan-activity; sid:38144031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-norge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-norge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-norge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-ph.com"; dns.query; content:"altrarunning-ph.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-ph\.com$/i"; classtype:trojan-activity; sid:38144041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-ph.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-ph.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-ph\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-portugal.com"; dns.query; content:"altrarunning-portugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-portugal\.com$/i"; classtype:trojan-activity; sid:38144051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-portugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-portugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-portugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-suomi.com"; dns.query; content:"altrarunning-suomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-suomi\.com$/i"; classtype:trojan-activity; sid:38144061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-suomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-suomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-suomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altra-schweiz.com"; dns.query; content:"altra-schweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-schweiz\.com$/i"; classtype:trojan-activity; sid:38144101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altra-schweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altra-schweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-schweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrashoesdubai.com"; dns.query; content:"altrashoesdubai.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoesdubai\.com$/i"; classtype:trojan-activity; sid:38144111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrashoesdubai.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrashoesdubai.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoesdubai\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrashoesgermany.com"; dns.query; content:"altrashoesgermany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoesgermany\.com$/i"; classtype:trojan-activity; sid:38144121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrashoesgermany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrashoesgermany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoesgermany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrashoesindonesia.com"; dns.query; content:"altrashoesindonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoesindonesia\.com$/i"; classtype:trojan-activity; sid:38144131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrashoesindonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrashoesindonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoesindonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrashoespolska.com"; dns.query; content:"altrashoespolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoespolska\.com$/i"; classtype:trojan-activity; sid:38144151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrashoespolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrashoespolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoespolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrashoes-sg.com"; dns.query; content:"altrashoes-sg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoes\-sg\.com$/i"; classtype:trojan-activity; sid:38144171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrashoes-sg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrashoes-sg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoes\-sg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrashoesspain.com"; dns.query; content:"altrashoesspain.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoesspain\.com$/i"; classtype:trojan-activity; sid:38144181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrashoesspain.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrashoesspain.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrashoesspain\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altra-switzerland.com"; dns.query; content:"altra-switzerland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-switzerland\.com$/i"; classtype:trojan-activity; sid:38144201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altra-switzerland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altra-switzerland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altra\-switzerland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asics-canada-outlet.com"; dns.query; content:"asics-canada-outlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asics\-canada\-outlet\.com$/i"; classtype:trojan-activity; sid:38144431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asics-canada-outlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asics-canada-outlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asics\-canada\-outlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain benetton-colombia.com"; dns.query; content:"benetton-colombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])benetton\-colombia\.com$/i"; classtype:trojan-activity; sid:38144731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain benetton-colombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"benetton-colombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])benetton\-colombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyogadenmark.com"; dns.query; content:"beyondyogadenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogadenmark\.com$/i"; classtype:trojan-activity; sid:38144781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyogadenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyogadenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogadenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyoga-espana.com"; dns.query; content:"beyondyoga-espana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoga\-espana\.com$/i"; classtype:trojan-activity; sid:38144791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyoga-espana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyoga-espana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoga\-espana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyond-yoga-hungary.com"; dns.query; content:"beyond-yoga-hungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyond\-yoga\-hungary\.com$/i"; classtype:trojan-activity; sid:38144801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyond-yoga-hungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyond-yoga-hungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyond\-yoga\-hungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyogahungary.com"; dns.query; content:"beyondyogahungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogahungary\.com$/i"; classtype:trojan-activity; sid:38144811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyogahungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyogahungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogahungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyogaitalia.com"; dns.query; content:"beyondyogaitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogaitalia\.com$/i"; classtype:trojan-activity; sid:38144821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyogaitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyogaitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogaitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyoga-nederlands.com"; dns.query; content:"beyondyoga-nederlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoga\-nederlands\.com$/i"; classtype:trojan-activity; sid:38144831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyoga-nederlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyoga-nederlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoga\-nederlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyoga-portugal.com"; dns.query; content:"beyondyoga-portugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoga\-portugal\.com$/i"; classtype:trojan-activity; sid:38144841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyoga-portugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyoga-portugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoga\-portugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyond-yoga-sweden.com"; dns.query; content:"beyond-yoga-sweden.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyond\-yoga\-sweden\.com$/i"; classtype:trojan-activity; sid:38144851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyond-yoga-sweden.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyond-yoga-sweden.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyond\-yoga\-sweden\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyogasweden.com"; dns.query; content:"beyondyogasweden.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogasweden\.com$/i"; classtype:trojan-activity; sid:38144861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyogasweden.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyogasweden.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogasweden\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyoga-switzerland.com"; dns.query; content:"beyondyoga-switzerland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoga\-switzerland\.com$/i"; classtype:trojan-activity; sid:38144871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyoga-switzerland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyoga-switzerland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoga\-switzerland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyogaswitzerland.com"; dns.query; content:"beyondyogaswitzerland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogaswitzerland\.com$/i"; classtype:trojan-activity; sid:38144881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyogaswitzerland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyogaswitzerland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogaswitzerland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38144882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bombshellactivewearisrael.com"; dns.query; content:"bombshellactivewearisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bombshellactivewearisrael\.com$/i"; classtype:trojan-activity; sid:38145061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bombshellactivewearisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bombshellactivewearisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bombshellactivewearisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bombshellactivewearnederland.com"; dns.query; content:"bombshellactivewearnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bombshellactivewearnederland\.com$/i"; classtype:trojan-activity; sid:38145071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bombshellactivewearnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bombshellactivewearnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bombshellactivewearnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bombshellactivewearosterreich.com"; dns.query; content:"bombshellactivewearosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bombshellactivewearosterreich\.com$/i"; classtype:trojan-activity; sid:38145081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bombshellactivewearosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bombshellactivewearosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bombshellactivewearosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bombshellactivewearschweiz.com"; dns.query; content:"bombshellactivewearschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bombshellactivewearschweiz\.com$/i"; classtype:trojan-activity; sid:38145091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bombshellactivewearschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bombshellactivewearschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bombshellactivewearschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bombshellathleticwearespana.com"; dns.query; content:"bombshellathleticwearespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bombshellathleticwearespana\.com$/i"; classtype:trojan-activity; sid:38145101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bombshellathleticwearespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bombshellathleticwearespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bombshellathleticwearespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain brooksrunphilippines.com"; dns.query; content:"brooksrunphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])brooksrunphilippines\.com$/i"; classtype:trojan-activity; sid:38145231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain brooksrunphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brooksrunphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brooksrunphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvin-klein-argentina.com"; dns.query; content:"calvin-klein-argentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvin\-klein\-argentina\.com$/i"; classtype:trojan-activity; sid:38145671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvin-klein-argentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvin-klein-argentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvin\-klein\-argentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinklein-hrvatska.com"; dns.query; content:"calvinklein-hrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-hrvatska\.com$/i"; classtype:trojan-activity; sid:38145681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinklein-hrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinklein-hrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-hrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleiniesale.com"; dns.query; content:"calvinkleiniesale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleiniesale\.com$/i"; classtype:trojan-activity; sid:38145691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleiniesale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleiniesale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleiniesale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinklein-japan.com"; dns.query; content:"calvinklein-japan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-japan\.com$/i"; classtype:trojan-activity; sid:38145701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinklein-japan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinklein-japan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-japan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinklein-norge.com"; dns.query; content:"calvinklein-norge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-norge\.com$/i"; classtype:trojan-activity; sid:38145711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinklein-norge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinklein-norge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-norge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinklein-osterreich.com"; dns.query; content:"calvinklein-osterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-osterreich\.com$/i"; classtype:trojan-activity; sid:38145721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinklein-osterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinklein-osterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-osterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleinoutletch.com"; dns.query; content:"calvinkleinoutletch.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletch\.com$/i"; classtype:trojan-activity; sid:38145731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleinoutletch.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleinoutletch.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletch\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleinoutletcz.com"; dns.query; content:"calvinkleinoutletcz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletcz\.com$/i"; classtype:trojan-activity; sid:38145741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleinoutletcz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleinoutletcz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletcz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleinoutlet-de.com"; dns.query; content:"calvinkleinoutlet-de.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutlet\-de\.com$/i"; classtype:trojan-activity; sid:38145751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleinoutlet-de.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleinoutlet-de.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutlet\-de\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleinoutletfrance.com"; dns.query; content:"calvinkleinoutletfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletfrance\.com$/i"; classtype:trojan-activity; sid:38145761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleinoutletfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleinoutletfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleinoutletgreece.com"; dns.query; content:"calvinkleinoutletgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletgreece\.com$/i"; classtype:trojan-activity; sid:38145771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleinoutletgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleinoutletgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleinoutletisrael.com"; dns.query; content:"calvinkleinoutletisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletisrael\.com$/i"; classtype:trojan-activity; sid:38145781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleinoutletisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleinoutletisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleinoutletitalia.com"; dns.query; content:"calvinkleinoutletitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletitalia\.com$/i"; classtype:trojan-activity; sid:38145791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleinoutletitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleinoutletitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleinoutletperu.com"; dns.query; content:"calvinkleinoutletperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletperu\.com$/i"; classtype:trojan-activity; sid:38145801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleinoutletperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleinoutletperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleinoutletpolska.com"; dns.query; content:"calvinkleinoutletpolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletpolska\.com$/i"; classtype:trojan-activity; sid:38145811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleinoutletpolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleinoutletpolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletpolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleinoutletpt.com"; dns.query; content:"calvinkleinoutletpt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletpt\.com$/i"; classtype:trojan-activity; sid:38145821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleinoutletpt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleinoutletpt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinoutletpt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinklein-romania.com"; dns.query; content:"calvinklein-romania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-romania\.com$/i"; classtype:trojan-activity; sid:38145831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinklein-romania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinklein-romania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-romania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinkleinsaleuk.com"; dns.query; content:"calvinkleinsaleuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinsaleuk\.com$/i"; classtype:trojan-activity; sid:38145841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinkleinsaleuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinkleinsaleuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinkleinsaleuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinklein-slovensko.com"; dns.query; content:"calvinklein-slovensko.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-slovensko\.com$/i"; classtype:trojan-activity; sid:38145851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinklein-slovensko.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinklein-slovensko.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-slovensko\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinklein-south-africa.com"; dns.query; content:"calvinklein-south-africa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-south\-africa\.com$/i"; classtype:trojan-activity; sid:38145861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinklein-south-africa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinklein-south-africa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-south\-africa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain calvinklein-uae.com"; dns.query; content:"calvinklein-uae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-uae\.com$/i"; classtype:trojan-activity; sid:38145871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain calvinklein-uae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"calvinklein-uae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])calvinklein\-uae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain canadaipost.com"; dns.query; content:"canadaipost.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])canadaipost\.com$/i"; classtype:trojan-activity; sid:38145891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain canadaipost.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"canadaipost.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])canadaipost\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-argentina.com"; dns.query; content:"c-and-a-argentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-argentina\.com$/i"; classtype:trojan-activity; sid:38145901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-argentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-argentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-argentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-belgie.com"; dns.query; content:"c-and-a-belgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-belgie\.com$/i"; classtype:trojan-activity; sid:38145911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-belgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-belgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-belgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-deutschland.com"; dns.query; content:"c-and-a-deutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-deutschland\.com$/i"; classtype:trojan-activity; sid:38145921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-deutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-deutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-deutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-france.com"; dns.query; content:"c-and-a-france.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-france\.com$/i"; classtype:trojan-activity; sid:38145931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-france.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-france.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-france\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-nederland.com"; dns.query; content:"c-and-a-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-nederland\.com$/i"; classtype:trojan-activity; sid:38145941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-osterreich.com"; dns.query; content:"c-and-a-osterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-osterreich\.com$/i"; classtype:trojan-activity; sid:38145951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-osterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-osterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-osterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-usa.com"; dns.query; content:"c-and-a-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-usa\.com$/i"; classtype:trojan-activity; sid:38145961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38145962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesargentina.com"; dns.query; content:"dcshoesargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesargentina\.com$/i"; classtype:trojan-activity; sid:38146611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38146612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoes--hungary.com"; dns.query; content:"dcshoes--hungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-\-hungary\.com$/i"; classtype:trojan-activity; sid:38146621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoes--hungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoes--hungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-\-hungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38146622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoes--portugal.com"; dns.query; content:"dcshoes--portugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-\-portugal\.com$/i"; classtype:trojan-activity; sid:38146631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoes--portugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoes--portugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-\-portugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38146632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoessingapore.com"; dns.query; content:"dcshoessingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoessingapore\.com$/i"; classtype:trojan-activity; sid:38146641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoessingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoessingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoessingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38146642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesskleps.com"; dns.query; content:"dcshoesskleps.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesskleps\.com$/i"; classtype:trojan-activity; sid:38146651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesskleps.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesskleps.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesskleps\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38146652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain deichmannskechers.com"; dns.query; content:"deichmannskechers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])deichmannskechers\.com$/i"; classtype:trojan-activity; sid:38146701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain deichmannskechers.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"deichmannskechers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])deichmannskechers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38146702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain deichmannskechersslovenija.com"; dns.query; content:"deichmannskechersslovenija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])deichmannskechersslovenija\.com$/i"; classtype:trojan-activity; sid:38146711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain deichmannskechersslovenija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"deichmannskechersslovenija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])deichmannskechersslovenija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38146712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martenoutletshop.com"; dns.query; content:"dr-martenoutletshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martenoutletshop\.com$/i"; classtype:trojan-activity; sid:38146901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martenoutletshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martenoutletshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martenoutletshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38146902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martenschile.com"; dns.query; content:"dr-martenschile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martenschile\.com$/i"; classtype:trojan-activity; sid:38146911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martenschile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martenschile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martenschile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38146912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain drmartin-usa.com"; dns.query; content:"drmartin-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartin\-usa\.com$/i"; classtype:trojan-activity; sid:38146921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain drmartin-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drmartin-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartin\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38146922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitloomargentina.com"; dns.query; content:"fruitloomargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitloomargentina\.com$/i"; classtype:trojan-activity; sid:38147641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitloomargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitloomargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitloomargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38147642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaboritalia.com"; dns.query; content:"gaboritalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaboritalia\.com$/i"; classtype:trojan-activity; sid:38147841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaboritalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaboritalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaboritalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38147842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gabor-polska.com"; dns.query; content:"gabor-polska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gabor\-polska\.com$/i"; classtype:trojan-activity; sid:38147851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gabor-polska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gabor-polska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gabor\-polska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38147852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaborshoessingapore.com"; dns.query; content:"gaborshoessingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoessingapore\.com$/i"; classtype:trojan-activity; sid:38147861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaborshoessingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaborshoessingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborshoessingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38147862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaborskonorgesalg.com"; dns.query; content:"gaborskonorgesalg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborskonorgesalg\.com$/i"; classtype:trojan-activity; sid:38147871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaborskonorgesalg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaborskonorgesalg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborskonorgesalg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38147872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaborslovensko.com"; dns.query; content:"gaborslovensko.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborslovensko\.com$/i"; classtype:trojan-activity; sid:38147881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaborslovensko.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaborslovensko.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaborslovensko\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38147882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain g-ymsharkespana.com"; dns.query; content:"g-ymsharkespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])g\-ymsharkespana\.com$/i"; classtype:trojan-activity; sid:38148311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain g-ymsharkespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"g-ymsharkespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])g\-ymsharkespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymshark-spain.com"; dns.query; content:"gymshark-spain.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-spain\.com$/i"; classtype:trojan-activity; sid:38148321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymshark-spain.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymshark-spain.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-spain\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gym-shark-uae.com"; dns.query; content:"gym-shark-uae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gym\-shark\-uae\.com$/i"; classtype:trojan-activity; sid:38148331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gym-shark-uae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gym-shark-uae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gym\-shark\-uae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkuaestore.com"; dns.query; content:"gymsharkuaestore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkuaestore\.com$/i"; classtype:trojan-activity; sid:38148341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkuaestore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkuaestore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkuaestore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymssharkindiashop.com"; dns.query; content:"gymssharkindiashop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymssharkindiashop\.com$/i"; classtype:trojan-activity; sid:38148351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymssharkindiashop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymssharkindiashop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymssharkindiashop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymssharksindia.com"; dns.query; content:"gymssharksindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymssharksindia\.com$/i"; classtype:trojan-activity; sid:38148361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymssharksindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymssharksindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymssharksindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianasargentina.com"; dns.query; content:"havaianasargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasargentina\.com$/i"; classtype:trojan-activity; sid:38148541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianasargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianasargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianasbrazil.com"; dns.query; content:"havaianasbrazil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasbrazil\.com$/i"; classtype:trojan-activity; sid:38148551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianasbrazil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianasbrazil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasbrazil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianas-chile.com"; dns.query; content:"havaianas-chile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-chile\.com$/i"; classtype:trojan-activity; sid:38148561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianas-chile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianas-chile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-chile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianasflipflopscanada.com"; dns.query; content:"havaianasflipflopscanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasflipflopscanada\.com$/i"; classtype:trojan-activity; sid:38148571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianasflipflopscanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianasflipflopscanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasflipflopscanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianas-france.com"; dns.query; content:"havaianas-france.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-france\.com$/i"; classtype:trojan-activity; sid:38148581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianas-france.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianas-france.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-france\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianas-hrvatska.com"; dns.query; content:"havaianas-hrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-hrvatska\.com$/i"; classtype:trojan-activity; sid:38148591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianas-hrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianas-hrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-hrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianas-japan.com"; dns.query; content:"havaianas-japan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-japan\.com$/i"; classtype:trojan-activity; sid:38148601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianas-japan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianas-japan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-japan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianasklapki.com"; dns.query; content:"havaianasklapki.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasklapki\.com$/i"; classtype:trojan-activity; sid:38148611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianasklapki.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianasklapki.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasklapki\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianasklipklapper.com"; dns.query; content:"havaianasklipklapper.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasklipklapper\.com$/i"; classtype:trojan-activity; sid:38148621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianasklipklapper.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianasklipklapper.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasklipklapper\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianasnewzealand.com"; dns.query; content:"havaianasnewzealand.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasnewzealand\.com$/i"; classtype:trojan-activity; sid:38148631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianasnewzealand.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianasnewzealand.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasnewzealand\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianaspapucs.com"; dns.query; content:"havaianaspapucs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianaspapucs\.com$/i"; classtype:trojan-activity; sid:38148641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianaspapucs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianaspapucs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianaspapucs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianas-ph.com"; dns.query; content:"havaianas-ph.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-ph\.com$/i"; classtype:trojan-activity; sid:38148651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianas-ph.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianas-ph.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-ph\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianassingaporeoutlets.com"; dns.query; content:"havaianassingaporeoutlets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianassingaporeoutlets\.com$/i"; classtype:trojan-activity; sid:38148661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianassingaporeoutlets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianassingaporeoutlets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianassingaporeoutlets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianas-suomi.com"; dns.query; content:"havaianas-suomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-suomi\.com$/i"; classtype:trojan-activity; sid:38148671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianas-suomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianas-suomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-suomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianasturkiye.com"; dns.query; content:"havaianasturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasturkiye\.com$/i"; classtype:trojan-activity; sid:38148681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianasturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianasturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianasturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianas-uk.com"; dns.query; content:"havaianas-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-uk\.com$/i"; classtype:trojan-activity; sid:38148691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianas-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianas-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain havaianas-usa.com"; dns.query; content:"havaianas-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-usa\.com$/i"; classtype:trojan-activity; sid:38148701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain havaianas-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"havaianas-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])havaianas\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hey-dude-colombia.com"; dns.query; content:"hey-dude-colombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hey\-dude\-colombia\.com$/i"; classtype:trojan-activity; sid:38148871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hey-dude-colombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hey-dude-colombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hey\-dude\-colombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain heydudeshoescanadas.com"; dns.query; content:"heydudeshoescanadas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])heydudeshoescanadas\.com$/i"; classtype:trojan-activity; sid:38148881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain heydudeshoescanadas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"heydudeshoescanadas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])heydudeshoescanadas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38148882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain icebugfioutlets.com"; dns.query; content:"icebugfioutlets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])icebugfioutlets\.com$/i"; classtype:trojan-activity; sid:38149311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain icebugfioutlets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"icebugfioutlets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])icebugfioutlets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38149312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain icebugrunnercanada.com"; dns.query; content:"icebugrunnercanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])icebugrunnercanada\.com$/i"; classtype:trojan-activity; sid:38149321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain icebugrunnercanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"icebugrunnercanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])icebugrunnercanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38149322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain icebugrunningshoesuk.com"; dns.query; content:"icebugrunningshoesuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])icebugrunningshoesuk\.com$/i"; classtype:trojan-activity; sid:38149331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain icebugrunningshoesuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"icebugrunningshoesuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])icebugrunningshoesuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38149332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain icebugshoessale.com"; dns.query; content:"icebugshoessale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])icebugshoessale\.com$/i"; classtype:trojan-activity; sid:38149341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain icebugshoessale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"icebugshoessale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])icebugshoessale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38149342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jackwolfskindamen.com"; dns.query; content:"jackwolfskindamen.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jackwolfskindamen\.com$/i"; classtype:trojan-activity; sid:38149651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jackwolfskindamen.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jackwolfskindamen.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jackwolfskindamen\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38149652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jackwolfskin-osterreich.com"; dns.query; content:"jackwolfskin-osterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jackwolfskin\-osterreich\.com$/i"; classtype:trojan-activity; sid:38149661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jackwolfskin-osterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jackwolfskin-osterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jackwolfskin\-osterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38149662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jackwolfskin-se.com"; dns.query; content:"jackwolfskin-se.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jackwolfskin\-se\.com$/i"; classtype:trojan-activity; sid:38149671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jackwolfskin-se.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jackwolfskin-se.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jackwolfskin\-se\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38149672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonsaudiarabia.com"; dns.query; content:"lululemonsaudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonsaudiarabia\.com$/i"; classtype:trojan-activity; sid:38151141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonsaudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonsaudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonsaudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38151142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotargentina.com"; dns.query; content:"naotargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotargentina\.com$/i"; classtype:trojan-activity; sid:38151921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38151922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotchile.com"; dns.query; content:"naotchile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotchile\.com$/i"; classtype:trojan-activity; sid:38151941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotchile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotchile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotchile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38151942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotcolombia.com"; dns.query; content:"naotcolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotcolombia\.com$/i"; classtype:trojan-activity; sid:38151951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotcolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotcolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotcolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38151952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotdanmark.com"; dns.query; content:"naotdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotdanmark\.com$/i"; classtype:trojan-activity; sid:38151961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38151962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotireland.com"; dns.query; content:"naotireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotireland\.com$/i"; classtype:trojan-activity; sid:38151971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38151972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotmexico.com"; dns.query; content:"naotmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotmexico\.com$/i"; classtype:trojan-activity; sid:38151991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38151992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotnederland.com"; dns.query; content:"naotnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotnederland\.com$/i"; classtype:trojan-activity; sid:38152001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotnz.com"; dns.query; content:"naotnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotnz\.com$/i"; classtype:trojan-activity; sid:38152011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotosterreich.com"; dns.query; content:"naotosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotosterreich\.com$/i"; classtype:trojan-activity; sid:38152021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naot-philippines.com"; dns.query; content:"naot-philippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naot\-philippines\.com$/i"; classtype:trojan-activity; sid:38152031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naot-philippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naot-philippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naot\-philippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotphilippines.com"; dns.query; content:"naotphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotphilippines\.com$/i"; classtype:trojan-activity; sid:38152041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotportugal.com"; dns.query; content:"naotportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotportugal\.com$/i"; classtype:trojan-activity; sid:38152051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotsaustralia.com"; dns.query; content:"naotsaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotsaustralia\.com$/i"; classtype:trojan-activity; sid:38152061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotsaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotsaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotsaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotshoessouthafrica.com"; dns.query; content:"naotshoessouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotshoessouthafrica\.com$/i"; classtype:trojan-activity; sid:38152071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotshoessouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotshoessouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotshoessouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotsuomi.com"; dns.query; content:"naotsuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotsuomi\.com$/i"; classtype:trojan-activity; sid:38152081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotsuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotsuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotsuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotsusa.com"; dns.query; content:"naotsusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotsusa\.com$/i"; classtype:trojan-activity; sid:38152091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotsusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotsusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotsusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotsverige.com"; dns.query; content:"naotsverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotsverige\.com$/i"; classtype:trojan-activity; sid:38152101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotsverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotsverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotsverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naot-usa.com"; dns.query; content:"naot-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naot\-usa\.com$/i"; classtype:trojan-activity; sid:38152111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naot-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naot-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naot\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunooaustralia.com"; dns.query; content:"nunooaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooaustralia\.com$/i"; classtype:trojan-activity; sid:38152611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunooaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunooaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoobagsaustralia.com"; dns.query; content:"nunoobagsaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobagsaustralia\.com$/i"; classtype:trojan-activity; sid:38152621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoobagsaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoobagsaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobagsaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoobagscanada.com"; dns.query; content:"nunoobagscanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobagscanada\.com$/i"; classtype:trojan-activity; sid:38152631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoobagscanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoobagscanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobagscanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoobagsnz.com"; dns.query; content:"nunoobagsnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobagsnz\.com$/i"; classtype:trojan-activity; sid:38152641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoobagsnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoobagsnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobagsnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoobagsuk.com"; dns.query; content:"nunoobagsuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobagsuk\.com$/i"; classtype:trojan-activity; sid:38152651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoobagsuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoobagsuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobagsuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoobagsusa.com"; dns.query; content:"nunoobagsusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobagsusa\.com$/i"; classtype:trojan-activity; sid:38152661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoobagsusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoobagsusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobagsusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoobelgium.com"; dns.query; content:"nunoobelgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobelgium\.com$/i"; classtype:trojan-activity; sid:38152671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoobelgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoobelgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobelgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoobolsos.com"; dns.query; content:"nunoobolsos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobolsos\.com$/i"; classtype:trojan-activity; sid:38152681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoobolsos.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoobolsos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoobolsos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoocanada.com"; dns.query; content:"nunoocanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoocanada\.com$/i"; classtype:trojan-activity; sid:38152691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoocanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoocanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoocanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoodenmark.com"; dns.query; content:"nunoodenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoodenmark\.com$/i"; classtype:trojan-activity; sid:38152701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoodenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoodenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoodenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoodeutschland.com"; dns.query; content:"nunoodeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoodeutschland\.com$/i"; classtype:trojan-activity; sid:38152711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoodeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoodeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoodeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunooespana.com"; dns.query; content:"nunooespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooespana\.com$/i"; classtype:trojan-activity; sid:38152721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunooespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunooespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoofrance.com"; dns.query; content:"nunoofrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoofrance\.com$/i"; classtype:trojan-activity; sid:38152731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoofrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoofrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoofrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoogreece.com"; dns.query; content:"nunoogreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoogreece\.com$/i"; classtype:trojan-activity; sid:38152741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoogreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoogreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoogreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoohrvatska.com"; dns.query; content:"nunoohrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoohrvatska\.com$/i"; classtype:trojan-activity; sid:38152751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoohrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoohrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoohrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoohungary.com"; dns.query; content:"nunoohungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoohungary\.com$/i"; classtype:trojan-activity; sid:38152761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoohungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoohungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoohungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunooireland.com"; dns.query; content:"nunooireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooireland\.com$/i"; classtype:trojan-activity; sid:38152771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunooireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunooireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunooitalia.com"; dns.query; content:"nunooitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooitalia\.com$/i"; classtype:trojan-activity; sid:38152781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunooitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunooitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoojapan.com"; dns.query; content:"nunoojapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoojapan\.com$/i"; classtype:trojan-activity; sid:38152791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoojapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoojapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoojapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoomexico.com"; dns.query; content:"nunoomexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoomexico\.com$/i"; classtype:trojan-activity; sid:38152801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoomexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoomexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoomexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoonederland.com"; dns.query; content:"nunoonederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoonederland\.com$/i"; classtype:trojan-activity; sid:38152811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoonederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoonederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoonederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoonetherlands.com"; dns.query; content:"nunoonetherlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoonetherlands\.com$/i"; classtype:trojan-activity; sid:38152821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoonetherlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoonetherlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoonetherlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoonewzealand.com"; dns.query; content:"nunoonewzealand.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoonewzealand\.com$/i"; classtype:trojan-activity; sid:38152831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoonewzealand.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoonewzealand.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoonewzealand\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoonorge.com"; dns.query; content:"nunoonorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoonorge\.com$/i"; classtype:trojan-activity; sid:38152841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoonorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoonorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoonorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoopolska.com"; dns.query; content:"nunoopolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoopolska\.com$/i"; classtype:trojan-activity; sid:38152851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoopolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoopolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoopolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunooportugal.com"; dns.query; content:"nunooportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooportugal\.com$/i"; classtype:trojan-activity; sid:38152861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunooportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunooportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunooromania.com"; dns.query; content:"nunooromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooromania\.com$/i"; classtype:trojan-activity; sid:38152871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunooromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunooromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunooromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoosacs.com"; dns.query; content:"nunoosacs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoosacs\.com$/i"; classtype:trojan-activity; sid:38152881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoosacs.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoosacs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoosacs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoosaudiarabia.com"; dns.query; content:"nunoosaudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoosaudiarabia\.com$/i"; classtype:trojan-activity; sid:38152891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoosaudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoosaudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoosaudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoosingapore.com"; dns.query; content:"nunoosingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoosingapore\.com$/i"; classtype:trojan-activity; sid:38152901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoosingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoosingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoosingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoosuomi.com"; dns.query; content:"nunoosuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoosuomi\.com$/i"; classtype:trojan-activity; sid:38152911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoosuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoosuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoosuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunoosverige.com"; dns.query; content:"nunoosverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoosverige\.com$/i"; classtype:trojan-activity; sid:38152921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunoosverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunoosverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunoosverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunootaschen.com"; dns.query; content:"nunootaschen.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunootaschen\.com$/i"; classtype:trojan-activity; sid:38152931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunootaschen.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunootaschen.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunootaschen\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunootasker.com"; dns.query; content:"nunootasker.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunootasker\.com$/i"; classtype:trojan-activity; sid:38152941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunootasker.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunootasker.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunootasker\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nunootasky.com"; dns.query; content:"nunootasky.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nunootasky\.com$/i"; classtype:trojan-activity; sid:38152951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nunootasky.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nunootasky.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nunootasky\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38152952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaicanadaca.com"; dns.query; content:"olukaicanadaca.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaicanadaca\.com$/i"; classtype:trojan-activity; sid:38153271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaicanadaca.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaicanadaca.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaicanadaca\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaicanadaoutlets.com"; dns.query; content:"olukaicanadaoutlets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaicanadaoutlets\.com$/i"; classtype:trojan-activity; sid:38153281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaicanadaoutlets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaicanadaoutlets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaicanadaoutlets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaidenmark.com"; dns.query; content:"olukaidenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaidenmark\.com$/i"; classtype:trojan-activity; sid:38153291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaidenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaidenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaidenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaihungary.com"; dns.query; content:"olukaihungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaihungary\.com$/i"; classtype:trojan-activity; sid:38153301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaihungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaihungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaihungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaioutletsstores.com"; dns.query; content:"olukaioutletsstores.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaioutletsstores\.com$/i"; classtype:trojan-activity; sid:38153311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaioutletsstores.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaioutletsstores.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaioutletsstores\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaischweizch.com"; dns.query; content:"olukaischweizch.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaischweizch\.com$/i"; classtype:trojan-activity; sid:38153321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaischweizch.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaischweizch.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaischweizch\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaishoenz.com"; dns.query; content:"olukaishoenz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaishoenz\.com$/i"; classtype:trojan-activity; sid:38153331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaishoenz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaishoenz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaishoenz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaishoeuk.com"; dns.query; content:"olukaishoeuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaishoeuk\.com$/i"; classtype:trojan-activity; sid:38153341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaishoeuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaishoeuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaishoeuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaisingapore.com"; dns.query; content:"olukaisingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaisingapore\.com$/i"; classtype:trojan-activity; sid:38153351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaisingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaisingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaisingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain outletadidasdanmark.com"; dns.query; content:"outletadidasdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])outletadidasdanmark\.com$/i"; classtype:trojan-activity; sid:38153461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain outletadidasdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"outletadidasdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])outletadidasdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain outletsasics-argentina.com"; dns.query; content:"outletsasics-argentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])outletsasics\-argentina\.com$/i"; classtype:trojan-activity; sid:38153481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain outletsasics-argentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"outletsasics-argentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])outletsasics\-argentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pandorabutikdanmark.com"; dns.query; content:"pandorabutikdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pandorabutikdanmark\.com$/i"; classtype:trojan-activity; sid:38153741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pandorabutikdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pandorabutikdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pandorabutikdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pandora-canada.com"; dns.query; content:"pandora-canada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pandora\-canada\.com$/i"; classtype:trojan-activity; sid:38153751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pandora-canada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pandora-canada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pandora\-canada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pandoraekszer.com"; dns.query; content:"pandoraekszer.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pandoraekszer\.com$/i"; classtype:trojan-activity; sid:38153761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pandoraekszer.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pandoraekszer.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pandoraekszer\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pandora-philippines.com"; dns.query; content:"pandora-philippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pandora\-philippines\.com$/i"; classtype:trojan-activity; sid:38153771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pandora-philippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pandora-philippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pandora\-philippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pandora-uae.com"; dns.query; content:"pandora-uae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pandora\-uae\.com$/i"; classtype:trojan-activity; sid:38153791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pandora-uae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pandora-uae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pandora\-uae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pandora-usa.com"; dns.query; content:"pandora-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pandora\-usa\.com$/i"; classtype:trojan-activity; sid:38153801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pandora-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pandora-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pandora\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain parfois-slovenia.com"; dns.query; content:"parfois-slovenia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])parfois\-slovenia\.com$/i"; classtype:trojan-activity; sid:38153811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain parfois-slovenia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"parfois-slovenia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])parfois\-slovenia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain passengerclothing-uk.com"; dns.query; content:"passengerclothing-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])passengerclothing\-uk\.com$/i"; classtype:trojan-activity; sid:38153821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain passengerclothing-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"passengerclothing-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])passengerclothing\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38153822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain propetaustralia.com"; dns.query; content:"propetaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])propetaustralia\.com$/i"; classtype:trojan-activity; sid:38154181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain propetaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"propetaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])propetaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain propetportugalloja.com"; dns.query; content:"propetportugalloja.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])propetportugalloja\.com$/i"; classtype:trojan-activity; sid:38154191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain propetportugalloja.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"propetportugalloja.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])propetportugalloja\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain propetshoesaustralia.com"; dns.query; content:"propetshoesaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])propetshoesaustralia\.com$/i"; classtype:trojan-activity; sid:38154201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain propetshoesaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"propetshoesaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])propetshoesaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain propetshoesireland.com"; dns.query; content:"propetshoesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])propetshoesireland\.com$/i"; classtype:trojan-activity; sid:38154211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain propetshoesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"propetshoesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])propetshoesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain propetshoessingapore.com"; dns.query; content:"propetshoessingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])propetshoessingapore\.com$/i"; classtype:trojan-activity; sid:38154231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain propetshoessingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"propetshoessingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])propetshoessingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain propetshoesuk.com"; dns.query; content:"propetshoesuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])propetshoesuk\.com$/i"; classtype:trojan-activity; sid:38154241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain propetshoesuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"propetshoesuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])propetshoesuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rag-boneaustralia.com"; dns.query; content:"rag-boneaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rag\-boneaustralia\.com$/i"; classtype:trojan-activity; sid:38154681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rag-boneaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rag-boneaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rag\-boneaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ragbonedanmark.com"; dns.query; content:"ragbonedanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbonedanmark\.com$/i"; classtype:trojan-activity; sid:38154691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ragbonedanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ragbonedanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbonedanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rag-bonefactoryoutlet.com"; dns.query; content:"rag-bonefactoryoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rag\-bonefactoryoutlet\.com$/i"; classtype:trojan-activity; sid:38154701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rag-bonefactoryoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rag-bonefactoryoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rag\-bonefactoryoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ragbonefrance.com"; dns.query; content:"ragbonefrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbonefrance\.com$/i"; classtype:trojan-activity; sid:38154711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ragbonefrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ragbonefrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbonefrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ragboneisrael.com"; dns.query; content:"ragboneisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ragboneisrael\.com$/i"; classtype:trojan-activity; sid:38154721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ragboneisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ragboneisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ragboneisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ragbone-nederland.com"; dns.query; content:"ragbone-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbone\-nederland\.com$/i"; classtype:trojan-activity; sid:38154731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ragbone-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ragbone-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbone\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ragbonenorge.com"; dns.query; content:"ragbonenorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbonenorge\.com$/i"; classtype:trojan-activity; sid:38154741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ragbonenorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ragbonenorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbonenorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ragboneportugal.com"; dns.query; content:"ragboneportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ragboneportugal\.com$/i"; classtype:trojan-activity; sid:38154761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ragboneportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ragboneportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ragboneportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ragbonesitoufficiale.com"; dns.query; content:"ragbonesitoufficiale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbonesitoufficiale\.com$/i"; classtype:trojan-activity; sid:38154771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ragbonesitoufficiale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ragbonesitoufficiale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbonesitoufficiale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ragbone-turkiye.com"; dns.query; content:"ragbone-turkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbone\-turkiye\.com$/i"; classtype:trojan-activity; sid:38154781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ragbone-turkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ragbone-turkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ragbone\-turkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38154782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain salomoncapetown.com"; dns.query; content:"salomoncapetown.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salomoncapetown\.com$/i"; classtype:trojan-activity; sid:38155121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain salomoncapetown.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salomoncapetown.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salomoncapetown\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain salomonmagasinparis.com"; dns.query; content:"salomonmagasinparis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salomonmagasinparis\.com$/i"; classtype:trojan-activity; sid:38155131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain salomonmagasinparis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salomonmagasinparis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salomonmagasinparis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain salomon-se.com"; dns.query; content:"salomon-se.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salomon\-se\.com$/i"; classtype:trojan-activity; sid:38155151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain salomon-se.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salomon-se.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salomon\-se\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain salononitaliaonline.com"; dns.query; content:"salononitaliaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salononitaliaonline\.com$/i"; classtype:trojan-activity; sid:38155161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain salononitaliaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salononitaliaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salononitaliaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain samsungvnn.com"; dns.query; content:"samsungvnn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])samsungvnn\.com$/i"; classtype:trojan-activity; sid:38155171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain samsungvnn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"samsungvnn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])samsungvnn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sandaleskechersromania.com"; dns.query; content:"sandaleskechersromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sandaleskechersromania\.com$/i"; classtype:trojan-activity; sid:38155181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sandaleskechersromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sandaleskechersromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sandaleskechersromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sandaliasfitflopmexico.com"; dns.query; content:"sandaliasfitflopmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sandaliasfitflopmexico\.com$/i"; classtype:trojan-activity; sid:38155191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sandaliasfitflopmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sandaliasfitflopmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sandaliasfitflopmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sandaliasfitflopportugal.com"; dns.query; content:"sandaliasfitflopportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sandaliasfitflopportugal\.com$/i"; classtype:trojan-activity; sid:38155201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sandaliasfitflopportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sandaliasfitflopportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sandaliasfitflopportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain scarpagreeces.com"; dns.query; content:"scarpagreeces.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpagreeces\.com$/i"; classtype:trojan-activity; sid:38155311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain scarpagreeces.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"scarpagreeces.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpagreeces\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain scarpasalecanada.com"; dns.query; content:"scarpasalecanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpasalecanada\.com$/i"; classtype:trojan-activity; sid:38155321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain scarpasalecanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"scarpasalecanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpasalecanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain scarpa-sg.com"; dns.query; content:"scarpa-sg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpa\-sg\.com$/i"; classtype:trojan-activity; sid:38155331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain scarpa-sg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"scarpa-sg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpa\-sg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain scarpa-southafrica.com"; dns.query; content:"scarpa-southafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpa\-southafrica\.com$/i"; classtype:trojan-activity; sid:38155341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain scarpa-southafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"scarpa-southafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpa\-southafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain scarpenothingnew.com"; dns.query; content:"scarpenothingnew.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpenothingnew\.com$/i"; classtype:trojan-activity; sid:38155351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain scarpenothingnew.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"scarpenothingnew.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpenothingnew\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain schollchaussuressoldes.com"; dns.query; content:"schollchaussuressoldes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])schollchaussuressoldes\.com$/i"; classtype:trojan-activity; sid:38155361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain schollchaussuressoldes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"schollchaussuressoldes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])schollchaussuressoldes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain schollmalaysiasale.com"; dns.query; content:"schollmalaysiasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])schollmalaysiasale\.com$/i"; classtype:trojan-activity; sid:38155381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain schollmalaysiasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"schollmalaysiasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])schollmalaysiasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain schollshoesaustralia.com"; dns.query; content:"schollshoesaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])schollshoesaustralia\.com$/i"; classtype:trojan-activity; sid:38155391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain schollshoesaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"schollshoesaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])schollshoesaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain schollskonorge.com"; dns.query; content:"schollskonorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])schollskonorge\.com$/i"; classtype:trojan-activity; sid:38155401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain schollskonorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"schollskonorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])schollskonorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skecherbudapest.com"; dns.query; content:"skecherbudapest.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skecherbudapest\.com$/i"; classtype:trojan-activity; sid:38155811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skecherbudapest.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skecherbudapest.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skecherbudapest\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skecher-nederland.com"; dns.query; content:"skecher-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skecher\-nederland\.com$/i"; classtype:trojan-activity; sid:38155821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skecher-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skecher-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skecher\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechernorgesalg.com"; dns.query; content:"skechernorgesalg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechernorgesalg\.com$/i"; classtype:trojan-activity; sid:38155831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechernorgesalg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechernorgesalg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechernorgesalg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersandalerdk.com"; dns.query; content:"skechersandalerdk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersandalerdk\.com$/i"; classtype:trojan-activity; sid:38155841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersandalerdk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersandalerdk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersandalerdk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersbutikersverige.com"; dns.query; content:"skechersbutikersverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersbutikersverige\.com$/i"; classtype:trojan-activity; sid:38155851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersbutikersverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersbutikersverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersbutikersverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersceskarepublika.com"; dns.query; content:"skechersceskarepublika.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersceskarepublika\.com$/i"; classtype:trojan-activity; sid:38155861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersceskarepublika.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersceskarepublika.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersceskarepublika\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechers-gr.com"; dns.query; content:"skechers-gr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechers\-gr\.com$/i"; classtype:trojan-activity; sid:38155871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechers-gr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechers-gr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechers\-gr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechers-japanonline.com"; dns.query; content:"skechers-japanonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechers\-japanonline\.com$/i"; classtype:trojan-activity; sid:38155881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechers-japanonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechers-japanonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechers\-japanonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersjapantokyo.com"; dns.query; content:"skechersjapantokyo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersjapantokyo\.com$/i"; classtype:trojan-activity; sid:38155891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersjapantokyo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersjapantokyo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersjapantokyo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skecherskorsverige.com"; dns.query; content:"skecherskorsverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skecherskorsverige\.com$/i"; classtype:trojan-activity; sid:38155901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skecherskorsverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skecherskorsverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skecherskorsverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersmalaysiastore.com"; dns.query; content:"skechersmalaysiastore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersmalaysiastore\.com$/i"; classtype:trojan-activity; sid:38155911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersmalaysiastore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersmalaysiastore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersmalaysiastore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersonlinehrvatska.com"; dns.query; content:"skechersonlinehrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersonlinehrvatska\.com$/i"; classtype:trojan-activity; sid:38155921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersonlinehrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersonlinehrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersonlinehrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersoutletfrance.com"; dns.query; content:"skechersoutletfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersoutletfrance\.com$/i"; classtype:trojan-activity; sid:38155931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersoutletfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersoutletfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersoutletfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skecherssandaletturkiye.com"; dns.query; content:"skecherssandaletturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skecherssandaletturkiye\.com$/i"; classtype:trojan-activity; sid:38155941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skecherssandaletturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skecherssandaletturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skecherssandaletturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersshoespraha.com"; dns.query; content:"skechersshoespraha.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersshoespraha\.com$/i"; classtype:trojan-activity; sid:38155951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersshoespraha.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersshoespraha.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersshoespraha\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersskobutikk.com"; dns.query; content:"skechersskobutikk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersskobutikk\.com$/i"; classtype:trojan-activity; sid:38155961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersskobutikk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersskobutikk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersskobutikk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechers-slovenia.com"; dns.query; content:"skechers-slovenia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechers\-slovenia\.com$/i"; classtype:trojan-activity; sid:38155971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechers-slovenia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechers-slovenia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechers\-slovenia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skecherssrbijaonline.com"; dns.query; content:"skecherssrbijaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skecherssrbijaonline\.com$/i"; classtype:trojan-activity; sid:38155981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skecherssrbijaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skecherssrbijaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skecherssrbijaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersstoregreece.com"; dns.query; content:"skechersstoregreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersstoregreece\.com$/i"; classtype:trojan-activity; sid:38155991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersstoregreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersstoregreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersstoregreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38155992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skecherswinkelbelgie.com"; dns.query; content:"skecherswinkelbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skecherswinkelbelgie\.com$/i"; classtype:trojan-activity; sid:38156001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skecherswinkelbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skecherswinkelbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skecherswinkelbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38156002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stevemaddenaustraliau.com"; dns.query; content:"stevemaddenaustraliau.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stevemaddenaustraliau\.com$/i"; classtype:trojan-activity; sid:38156211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stevemaddenaustraliau.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stevemaddenaustraliau.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stevemaddenaustraliau\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38156212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stevemaddeninphilippines.com"; dns.query; content:"stevemaddeninphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stevemaddeninphilippines\.com$/i"; classtype:trojan-activity; sid:38156221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stevemaddeninphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stevemaddeninphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stevemaddeninphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38156222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stevemaddenoutletcanada.com"; dns.query; content:"stevemaddenoutletcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stevemaddenoutletcanada\.com$/i"; classtype:trojan-activity; sid:38156231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stevemaddenoutletcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stevemaddenoutletcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stevemaddenoutletcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38156232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain steve-maddenschweiz.com"; dns.query; content:"steve-maddenschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])steve\-maddenschweiz\.com$/i"; classtype:trojan-activity; sid:38156241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain steve-maddenschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"steve-maddenschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])steve\-maddenschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38156242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stevemaddenstoreusa.com"; dns.query; content:"stevemaddenstoreusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stevemaddenstoreusa\.com$/i"; classtype:trojan-activity; sid:38156251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stevemaddenstoreusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stevemaddenstoreusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stevemaddenstoreusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38156252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain suomiskechers.com"; dns.query; content:"suomiskechers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])suomiskechers\.com$/i"; classtype:trojan-activity; sid:38156321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain suomiskechers.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suomiskechers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suomiskechers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38156322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tomford-canada.com"; dns.query; content:"tomford-canada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-canada\.com$/i"; classtype:trojan-activity; sid:38156821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tomford-canada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomford-canada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-canada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38156822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tomford-hrvatska.com"; dns.query; content:"tomford-hrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-hrvatska\.com$/i"; classtype:trojan-activity; sid:38156831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tomford-hrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tomford-hrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tomford\-hrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38156832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tom-fordmalaysia.com"; dns.query; content:"tom-fordmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tom\-fordmalaysia\.com$/i"; classtype:trojan-activity; sid:38156851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tom-fordmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tom-fordmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tom\-fordmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38156852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tukcanadashoes.com"; dns.query; content:"tukcanadashoes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tukcanadashoes\.com$/i"; classtype:trojan-activity; sid:38157041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tukcanadashoes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tukcanadashoes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tukcanadashoes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38157042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tukshoesdeutschland.com"; dns.query; content:"tukshoesdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tukshoesdeutschland\.com$/i"; classtype:trojan-activity; sid:38157051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tukshoesdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tukshoesdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tukshoesdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38157052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tukshoesitalia.com"; dns.query; content:"tukshoesitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tukshoesitalia\.com$/i"; classtype:trojan-activity; sid:38157071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tukshoesitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tukshoesitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tukshoesitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38157072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tukshoesmexico.com"; dns.query; content:"tukshoesmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tukshoesmexico\.com$/i"; classtype:trojan-activity; sid:38157081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tukshoesmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tukshoesmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tukshoesmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38157082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain victoriassecret-uae.com"; dns.query; content:"victoriassecret-uae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])victoriassecret\-uae\.com$/i"; classtype:trojan-activity; sid:38157941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain victoriassecret-uae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"victoriassecret-uae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])victoriassecret\-uae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38157942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 45.67.228.91 3666 (msg: "MISP e27514 [] Outgoing To IP: 45.67.228.91|3666"; classtype:trojan-activity; sid:37946921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 74.48.220.34 443 (msg: "MISP e27315 [Deimos,MULTA-ASN1] Outgoing To IP: 74.48.220.34|443"; classtype:trojan-activity; sid:37914131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 216.238.83.84 8000 (msg: "MISP e27315 [AS-CHOOPA,Bianlian Go Trojan] Outgoing To IP: 216.238.83.84|8000"; classtype:trojan-activity; sid:37914141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 82.120.216.108 2222 (msg: "MISP e27315 [France Telecom - Orange,QakBot] Outgoing To IP: 82.120.216.108|2222"; classtype:trojan-activity; sid:37914151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 20.84.67.57 80 (msg: "MISP e27315 [Hookbot Pegasus,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.84.67.57|80"; classtype:trojan-activity; sid:37914161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert ip $HOME_NET any -> 20.84.67.57 80 (msg: "MISP e27514 [] Outgoing To IP: 20.84.67.57|80"; classtype:trojan-activity; sid:37946931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 82.120.216.108 2222 (msg: "MISP e27514 [] Outgoing To IP: 82.120.216.108|2222"; classtype:trojan-activity; sid:37946941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 216.238.83.84 8000 (msg: "MISP e27514 [] Outgoing To IP: 216.238.83.84|8000"; classtype:trojan-activity; sid:37946951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert ip $HOME_NET any -> 74.48.220.34 443 (msg: "MISP e27514 [] Outgoing To IP: 74.48.220.34|443"; classtype:trojan-activity; sid:37946961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert dns any any -> any any (msg: "MISP e27503 [] Domain vmi-deklaracija-lt.com"; dns.query; content:"vmi-deklaracija-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com$/i"; classtype:trojan-activity; sid:37943251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27503;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27503 [] Outgoing HTTP Domain vmi-deklaracija-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracija-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27503;) alert dns any any -> any any (msg: "MISP e27502 [] Domain vmi-deklaracija-lt.com"; dns.query; content:"vmi-deklaracija-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com$/i"; classtype:trojan-activity; sid:37943221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27502;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27502 [] Outgoing HTTP Domain vmi-deklaracija-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracija-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27502;) alert dns any any -> any any (msg: "MISP e27499 [] Domain vmi-deklaracija-lt.com"; dns.query; content:"vmi-deklaracija-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com$/i"; classtype:trojan-activity; sid:37943031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27499;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27499 [] Outgoing HTTP Domain vmi-deklaracija-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracija-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27499;) alert dns any any -> any any (msg: "MISP e27498 [] Domain vmi-deklaracija-lt.com"; dns.query; content:"vmi-deklaracija-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com$/i"; classtype:trojan-activity; sid:37943001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27498;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27498 [] Outgoing HTTP Domain vmi-deklaracija-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracija-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27498;) alert dns any any -> any any (msg: "MISP e27506 [] Domain vmi-deklaracija-lt.com"; dns.query; content:"vmi-deklaracija-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com$/i"; classtype:trojan-activity; sid:37943341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27506;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27506 [] Outgoing HTTP Domain vmi-deklaracija-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracija-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27506;) alert dns any any -> any any (msg: "MISP e27504 [] Domain vmi-deklaracija-lt.com"; dns.query; content:"vmi-deklaracija-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com$/i"; classtype:trojan-activity; sid:37943281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27504;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27504 [] Outgoing HTTP Domain vmi-deklaracija-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracija-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27504;) alert dns any any -> any any (msg: "MISP e27505 [] Domain vmi-deklaracija-lt.com"; dns.query; content:"vmi-deklaracija-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com$/i"; classtype:trojan-activity; sid:37943311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27505;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27505 [] Outgoing HTTP Domain vmi-deklaracija-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracija-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracija\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27505;) alert ip 90.188.45.155 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.188.45.155"; classtype:trojan-activity; sid:37925271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 87.236.176.175 any -> $HOME_NET any (msg: "MISP e27389 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.175"; classtype:trojan-activity; sid:37925861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27389;) alert ip 87.236.176.158 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.158"; classtype:trojan-activity; sid:37925281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 87.236.176.156 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.156"; classtype:trojan-activity; sid:37925291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 87.236.176.148 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.148"; classtype:trojan-activity; sid:37925301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 81.213.28.176 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.213.28.176"; classtype:trojan-activity; sid:37925311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 81.172.201.241 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.172.201.241"; classtype:trojan-activity; sid:37925321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 8.135.116.219 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.135.116.219"; classtype:trojan-activity; sid:37925331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 61.53.255.5 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.53.255.5"; classtype:trojan-activity; sid:37925341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 58.65.211.84 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.65.211.84"; classtype:trojan-activity; sid:37925351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 64.92.28.141 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.92.28.141"; classtype:trojan-activity; sid:37925361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 58.188.52.95 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.188.52.95"; classtype:trojan-activity; sid:37925371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 60.23.196.156 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.23.196.156"; classtype:trojan-activity; sid:37925381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 42.100.22.85 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.22.85"; classtype:trojan-activity; sid:37925391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 58.59.247.31 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.59.247.31"; classtype:trojan-activity; sid:37925401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 3.79.27.61 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 3.79.27.61"; classtype:trojan-activity; sid:37925411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 49.64.76.240 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.64.76.240"; classtype:trojan-activity; sid:37925421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 119.185.164.252 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.185.164.252"; classtype:trojan-activity; sid:37925431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 2.194.87.157 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.194.87.157"; classtype:trojan-activity; sid:37925441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 190.109.227.188 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.188"; classtype:trojan-activity; sid:37925451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 124.255.20.161 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.255.20.161"; classtype:trojan-activity; sid:37925461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 185.12.227.106 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.12.227.106"; classtype:trojan-activity; sid:37925471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 126.39.13.146 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 126.39.13.146"; classtype:trojan-activity; sid:37925481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 187.1.67.204 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.1.67.204"; classtype:trojan-activity; sid:37925491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 171.39.35.216 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.39.35.216"; classtype:trojan-activity; sid:37925501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 182.120.63.49 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.120.63.49"; classtype:trojan-activity; sid:37925511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 120.86.255.185 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.86.255.185"; classtype:trojan-activity; sid:37925521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 117.251.177.178 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.251.177.178"; classtype:trojan-activity; sid:37925531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 180.127.10.101 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.127.10.101"; classtype:trojan-activity; sid:37925541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 114.239.49.32 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.239.49.32"; classtype:trojan-activity; sid:37925551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 115.50.201.228 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.50.201.228"; classtype:trojan-activity; sid:37925561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 1.207.10.44 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.207.10.44"; classtype:trojan-activity; sid:37925571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 112.68.96.142 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.68.96.142"; classtype:trojan-activity; sid:37925581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 111.22.74.154 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.22.74.154"; classtype:trojan-activity; sid:37925591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 43.134.92.159 any -> $HOME_NET any (msg: "MISP e27390 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.92.159"; classtype:trojan-activity; sid:37925871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27390;) alert ip 43.143.147.122 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.147.122"; classtype:trojan-activity; sid:37926991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 219.243.212.124 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.243.212.124"; classtype:trojan-activity; sid:37927001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 154.201.78.57 any -> $HOME_NET any (msg: "MISP e27390 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.201.78.57"; classtype:trojan-activity; sid:37925881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27390;) alert ip 192.241.201.85 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.201.85"; classtype:trojan-activity; sid:37927011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 120.53.92.10 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.92.10"; classtype:trojan-activity; sid:37927021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 114.159.8.83 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.159.8.83"; classtype:trojan-activity; sid:37925601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 112.160.89.215 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.160.89.215"; classtype:trojan-activity; sid:37925611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 167.248.133.188 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.188"; classtype:trojan-activity; sid:37927031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 36.93.114.164 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.93.114.164"; classtype:trojan-activity; sid:37925621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 200.155.173.194 any -> $HOME_NET any (msg: "MISP e27390 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.155.173.194"; classtype:trojan-activity; sid:37925891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27390;) alert ip 47.243.125.9 any -> $HOME_NET any (msg: "MISP e27391 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.243.125.9"; classtype:trojan-activity; sid:37925971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27391;) alert ip 77.40.34.176 any -> $HOME_NET any (msg: "MISP e27392 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.40.34.176"; classtype:trojan-activity; sid:37926011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27392;) alert ip 192.241.201.86 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.201.86"; classtype:trojan-activity; sid:37925631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 121.142.149.82 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.142.149.82"; classtype:trojan-activity; sid:37925641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 178.62.73.12 any -> $HOME_NET any (msg: "MISP e27391 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.73.12"; classtype:trojan-activity; sid:37925981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27391;) alert ip 182.53.180.133 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.180.133"; classtype:trojan-activity; sid:37925651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 195.3.221.178 any -> $HOME_NET any (msg: "MISP e27390 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.3.221.178"; classtype:trojan-activity; sid:37925901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27390;) alert ip 218.92.200.242 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.92.200.242"; classtype:trojan-activity; sid:37925661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 104.156.155.22 any -> $HOME_NET any (msg: "MISP e27390 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.156.155.22"; classtype:trojan-activity; sid:37925911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27390;) alert ip 201.238.33.33 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.238.33.33"; classtype:trojan-activity; sid:37925671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 117.208.118.88 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.208.118.88"; classtype:trojan-activity; sid:37925681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 209.141.43.65 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.141.43.65"; classtype:trojan-activity; sid:37925691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 159.192.190.223 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.192.190.223"; classtype:trojan-activity; sid:37925701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 187.162.22.220 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.162.22.220"; classtype:trojan-activity; sid:37925711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 114.230.29.146 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.230.29.146"; classtype:trojan-activity; sid:37925721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 47.116.17.144 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.116.17.144"; classtype:trojan-activity; sid:37927041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 175.138.4.56 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.138.4.56"; classtype:trojan-activity; sid:37925731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 119.195.255.194 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.195.255.194"; classtype:trojan-activity; sid:37925741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 117.217.243.117 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.217.243.117"; classtype:trojan-activity; sid:37925751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 125.112.186.97 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.112.186.97"; classtype:trojan-activity; sid:37925761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 118.248.225.2 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.248.225.2"; classtype:trojan-activity; sid:37925771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 112.113.206.202 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.113.206.202"; classtype:trojan-activity; sid:37925781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 104.156.155.18 any -> $HOME_NET any (msg: "MISP e27390 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.156.155.18"; classtype:trojan-activity; sid:37925921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27390;) alert ip 117.205.90.117 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.205.90.117"; classtype:trojan-activity; sid:37925791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 165.22.18.95 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.18.95"; classtype:trojan-activity; sid:37927051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.150.26.223 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.150.26.223"; classtype:trojan-activity; sid:37925801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 165.154.164.79 any -> $HOME_NET any (msg: "MISP e27390 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.164.79"; classtype:trojan-activity; sid:37925931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27390;) alert ip 112.222.223.85 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.222.223.85"; classtype:trojan-activity; sid:37925811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 101.43.60.89 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.60.89"; classtype:trojan-activity; sid:37927061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 180.152.235.128 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.152.235.128"; classtype:trojan-activity; sid:37925821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 1.69.128.182 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.69.128.182"; classtype:trojan-activity; sid:37925831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 31.46.223.121 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.46.223.121"; classtype:trojan-activity; sid:37927071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 167.94.138.124 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.138.124"; classtype:trojan-activity; sid:37927081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 211.197.45.55 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.197.45.55"; classtype:trojan-activity; sid:37927091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 198.235.24.89 any -> $HOME_NET any (msg: "MISP e27390 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.89"; classtype:trojan-activity; sid:37925941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27390;) alert ip 110.42.200.114 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.200.114"; classtype:trojan-activity; sid:37927101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 115.48.35.27 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.48.35.27"; classtype:trojan-activity; sid:37925841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 107.173.18.50 any -> $HOME_NET any (msg: "MISP e27390 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.18.50"; classtype:trojan-activity; sid:37925951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27390;) alert ip 101.133.228.125 any -> $HOME_NET any (msg: "MISP e27391 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.133.228.125"; classtype:trojan-activity; sid:37925991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27391;) alert ip 113.218.158.156 any -> $HOME_NET any (msg: "MISP e27388 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.218.158.156"; classtype:trojan-activity; sid:37925851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27388;) alert ip 219.100.37.239 any -> $HOME_NET any (msg: "MISP e27392 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.100.37.239"; classtype:trojan-activity; sid:37926021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27392;) alert ip 195.144.21.56 any -> $HOME_NET any (msg: "MISP e27391 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.144.21.56"; classtype:trojan-activity; sid:37926001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27391;) alert ip 205.210.31.223 any -> $HOME_NET any (msg: "MISP e27390 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.223"; classtype:trojan-activity; sid:37925961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27390;) alert ip 103.193.179.52 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.193.179.52"; classtype:trojan-activity; sid:37927111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert http $HOME_NET any -> 89.105.201.132 $HTTP_PORTS (msg: "MISP e27315 [Stealc] Outgoing URL http|3a|//89.105.201.132/c44a765f550f6a2f.php"; flow:to_server,established; http.header; content:"89.105.201.132"; fast_pattern; nocase; http.uri; content:"/c44a765f550f6a2f.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37914171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> 89.105.201.132 $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//89.105.201.132/c44a765f550f6a2f.php"; flow:to_server,established; http.header; content:"89.105.201.132"; fast_pattern; nocase; http.uri; content:"/c44a765f550f6a2f.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27315 [BlackNET] Outgoing URL http|3a|//ct46452.tw1.ru/receive.php"; flow:to_server,established; http.header; content:"ct46452.tw1.ru"; fast_pattern; nocase; http.uri; content:"/receive.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37914191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//ct46452.tw1.ru/receive.php"; flow:to_server,established; http.header; content:"ct46452.tw1.ru"; fast_pattern; nocase; http.uri; content:"/receive.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37946981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27315 [AgentTesla] Outgoing URL http|3a|//originwealth.ydns.eu/sew/inc/10a5031d37bc79.php"; flow:to_server,established; http.header; content:"originwealth.ydns.eu"; fast_pattern; nocase; http.uri; content:"/sew/inc/10a5031d37bc79.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37914201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27315;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27514 [] Outgoing URL http|3a|//originwealth.ydns.eu/sew/inc/10a5031d37bc79.php"; flow:to_server,established; http.header; content:"originwealth.ydns.eu"; fast_pattern; nocase; http.uri; content:"/sew/inc/10a5031d37bc79.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37947001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27514;) alert dns any any -> any any (msg: "MISP e27434 [AgentTesla,ViriBack] Domain originwealth.ydns.eu"; dns.query; content:"originwealth.ydns.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])originwealth\.ydns\.eu$/i"; classtype:trojan-activity; sid:37932521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AgentTesla,ViriBack] Outgoing HTTP Domain originwealth.ydns.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"originwealth.ydns.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])originwealth\.ydns\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27478 [AgentTesla,misp-galaxy:malpedia="Agent Tesla"] Domain originwealth.ydns.eu"; dns.query; content:"originwealth.ydns.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])originwealth\.ydns\.eu$/i"; classtype:trojan-activity; sid:37938381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [AgentTesla,misp-galaxy:malpedia="Agent Tesla"] Outgoing HTTP Domain originwealth.ydns.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"originwealth.ydns.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])originwealth\.ydns\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip 117.222.212.173 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.222.212.173"; classtype:trojan-activity; sid:37927121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 206.189.34.157 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.34.157"; classtype:trojan-activity; sid:37927131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.134.108.110 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.108.110"; classtype:trojan-activity; sid:37927141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 27.150.188.112 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.150.188.112"; classtype:trojan-activity; sid:37927151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 184.22.68.177 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.22.68.177"; classtype:trojan-activity; sid:37927161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 91.107.127.201 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.107.127.201"; classtype:trojan-activity; sid:37927171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 200.158.89.83 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.158.89.83"; classtype:trojan-activity; sid:37927181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.172 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.172"; classtype:trojan-activity; sid:37927191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 23.129.64.216 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.216"; classtype:trojan-activity; sid:37927201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.145 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.145"; classtype:trojan-activity; sid:37927211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.175 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.175"; classtype:trojan-activity; sid:37927221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 103.239.171.137 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.239.171.137"; classtype:trojan-activity; sid:37927231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.103.7 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.103.7"; classtype:trojan-activity; sid:37927241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.146.232.234 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.146.232.234"; classtype:trojan-activity; sid:37927251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.133.58.65 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.58.65"; classtype:trojan-activity; sid:37927261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 186.52.178.104 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.52.178.104"; classtype:trojan-activity; sid:37927271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 175.6.95.220 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.95.220"; classtype:trojan-activity; sid:37927281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 49.51.178.130 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.178.130"; classtype:trojan-activity; sid:37927291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.246.188.74 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.246.188.74"; classtype:trojan-activity; sid:37927301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 23.129.64.149 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.149"; classtype:trojan-activity; sid:37927311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 188.165.200.97 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.165.200.97"; classtype:trojan-activity; sid:37927321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 190.202.124.93 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.202.124.93"; classtype:trojan-activity; sid:37927331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 210.6.251.86 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.6.251.86"; classtype:trojan-activity; sid:37927341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 177.67.232.158 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.67.232.158"; classtype:trojan-activity; sid:37927351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 1.116.27.174 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.116.27.174"; classtype:trojan-activity; sid:37927361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 223.111.251.197 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.111.251.197"; classtype:trojan-activity; sid:37927371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 176.118.30.11 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.118.30.11"; classtype:trojan-activity; sid:37927381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.153.75.47 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.75.47"; classtype:trojan-activity; sid:37927391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.160 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.160"; classtype:trojan-activity; sid:37927401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.156.3.145 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.3.145"; classtype:trojan-activity; sid:37927411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.161 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.161"; classtype:trojan-activity; sid:37927421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.130.49.137 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.49.137"; classtype:trojan-activity; sid:37927431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 181.143.195.18 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.143.195.18"; classtype:trojan-activity; sid:37927441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 165.192.138.45 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.192.138.45"; classtype:trojan-activity; sid:37927451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 181.224.7.246 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.224.7.246"; classtype:trojan-activity; sid:37927461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 74.207.248.172 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.207.248.172"; classtype:trojan-activity; sid:37927471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.174 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.174"; classtype:trojan-activity; sid:37927481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 1.12.251.165 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.251.165"; classtype:trojan-activity; sid:37927491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 186.16.42.74 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.16.42.74"; classtype:trojan-activity; sid:37927501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 124.222.110.32 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.110.32"; classtype:trojan-activity; sid:37927511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 27.109.187.192 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.109.187.192"; classtype:trojan-activity; sid:37927521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 87.163.101.8 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.163.101.8"; classtype:trojan-activity; sid:37927531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.249.184.62 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.249.184.62"; classtype:trojan-activity; sid:37927541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 129.226.211.164 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.211.164"; classtype:trojan-activity; sid:37927551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 179.43.182.58 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.43.182.58"; classtype:trojan-activity; sid:37927561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 107.189.2.108 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.189.2.108"; classtype:trojan-activity; sid:37927571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 104.28.157.23 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.157.23"; classtype:trojan-activity; sid:37927581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 51.195.122.206 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.195.122.206"; classtype:trojan-activity; sid:37927591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 200.123.210.20 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.123.210.20"; classtype:trojan-activity; sid:37927601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 49.0.87.123 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.0.87.123"; classtype:trojan-activity; sid:37927611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.159.35.254 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.35.254"; classtype:trojan-activity; sid:37927621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 31.222.235.217 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.222.235.217"; classtype:trojan-activity; sid:37927631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 34.92.247.119 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.92.247.119"; classtype:trojan-activity; sid:37927641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 35.220.138.45 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.220.138.45"; classtype:trojan-activity; sid:37927651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 118.184.153.254 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.184.153.254"; classtype:trojan-activity; sid:37927661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 172.105.9.230 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.105.9.230"; classtype:trojan-activity; sid:37927671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 159.223.45.100 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.45.100"; classtype:trojan-activity; sid:37927681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 34.84.82.194 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.84.82.194"; classtype:trojan-activity; sid:37927691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 143.244.162.174 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.244.162.174"; classtype:trojan-activity; sid:37927701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 20.169.248.82 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.169.248.82"; classtype:trojan-activity; sid:37927711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 64.227.153.204 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.153.204"; classtype:trojan-activity; sid:37927721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 163.171.195.7 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.171.195.7"; classtype:trojan-activity; sid:37927731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 1.15.170.158 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.15.170.158"; classtype:trojan-activity; sid:37927741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 107.150.4.132 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.150.4.132"; classtype:trojan-activity; sid:37927751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 206.189.55.247 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.55.247"; classtype:trojan-activity; sid:37927761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 109.123.255.3 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.123.255.3"; classtype:trojan-activity; sid:37927771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 101.91.206.247 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.91.206.247"; classtype:trojan-activity; sid:37927781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 101.42.47.225 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.47.225"; classtype:trojan-activity; sid:37927791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 138.68.163.39 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.163.39"; classtype:trojan-activity; sid:37927801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 34.126.160.149 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.126.160.149"; classtype:trojan-activity; sid:37927811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 96.78.175.38 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.78.175.38"; classtype:trojan-activity; sid:37927821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 81.69.185.88 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.185.88"; classtype:trojan-activity; sid:37927831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 103.45.245.152 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.45.245.152"; classtype:trojan-activity; sid:37927841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.128.108.38 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.108.38"; classtype:trojan-activity; sid:37927851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.16.114.146 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.16.114.146"; classtype:trojan-activity; sid:37927861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 81.71.88.224 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.71.88.224"; classtype:trojan-activity; sid:37927871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 200.232.232.9 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.232.232.9"; classtype:trojan-activity; sid:37927881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 132.147.109.181 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.147.109.181"; classtype:trojan-activity; sid:37927891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 118.26.194.190 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.26.194.190"; classtype:trojan-activity; sid:37927901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 68.183.80.132 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.80.132"; classtype:trojan-activity; sid:37927911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 81.70.133.50 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.133.50"; classtype:trojan-activity; sid:37927921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 149.200.12.11 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.200.12.11"; classtype:trojan-activity; sid:37927931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 124.244.78.84 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.244.78.84"; classtype:trojan-activity; sid:37927941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 191.242.105.131 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.242.105.131"; classtype:trojan-activity; sid:37927951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 68.183.187.197 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.187.197"; classtype:trojan-activity; sid:37927961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.139.254.181 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.254.181"; classtype:trojan-activity; sid:37927971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 155.248.243.251 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 155.248.243.251"; classtype:trojan-activity; sid:37927981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 91.208.75.153 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.208.75.153"; classtype:trojan-activity; sid:37927991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 124.222.73.67 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.73.67"; classtype:trojan-activity; sid:37928001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.146 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.146"; classtype:trojan-activity; sid:37928011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 192.210.255.52 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.210.255.52"; classtype:trojan-activity; sid:37928021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 5.196.23.151 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.196.23.151"; classtype:trojan-activity; sid:37928031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 36.255.3.117 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.255.3.117"; classtype:trojan-activity; sid:37928041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 170.210.53.217 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.210.53.217"; classtype:trojan-activity; sid:37928051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.107 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.107"; classtype:trojan-activity; sid:37928061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 162.247.74.7 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.247.74.7"; classtype:trojan-activity; sid:37928071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 104.250.50.49 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.49"; classtype:trojan-activity; sid:37928081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.163.3.91 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.3.91"; classtype:trojan-activity; sid:37928091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 49.247.214.126 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.247.214.126"; classtype:trojan-activity; sid:37928101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 37.245.36.175 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.245.36.175"; classtype:trojan-activity; sid:37928111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 45.164.39.253 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.164.39.253"; classtype:trojan-activity; sid:37928121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.156 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.156"; classtype:trojan-activity; sid:37928131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.136.107.134 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.107.134"; classtype:trojan-activity; sid:37928141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 200.155.147.10 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.155.147.10"; classtype:trojan-activity; sid:37928151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 104.28.235.57 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.235.57"; classtype:trojan-activity; sid:37928161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 190.149.6.86 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.149.6.86"; classtype:trojan-activity; sid:37928171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 181.90.218.235 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.90.218.235"; classtype:trojan-activity; sid:37928181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 114.35.112.170 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.35.112.170"; classtype:trojan-activity; sid:37928191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 143.47.36.252 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.47.36.252"; classtype:trojan-activity; sid:37928201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 192.42.116.19 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.42.116.19"; classtype:trojan-activity; sid:37928211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 103.39.214.83 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.39.214.83"; classtype:trojan-activity; sid:37928221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 124.221.224.199 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.224.199"; classtype:trojan-activity; sid:37928231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 124.222.166.169 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.166.169"; classtype:trojan-activity; sid:37928241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 139.59.47.172 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.47.172"; classtype:trojan-activity; sid:37928251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 106.54.208.38 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.208.38"; classtype:trojan-activity; sid:37928261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.133.62.215 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.62.215"; classtype:trojan-activity; sid:37928271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.138.191.5 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.191.5"; classtype:trojan-activity; sid:37928281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 103.130.214.72 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.214.72"; classtype:trojan-activity; sid:37928291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 124.221.215.102 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.215.102"; classtype:trojan-activity; sid:37928301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 4.224.253.96 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 4.224.253.96"; classtype:trojan-activity; sid:37928311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 118.89.58.133 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.58.133"; classtype:trojan-activity; sid:37928321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 103.130.212.167 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.130.212.167"; classtype:trojan-activity; sid:37928331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 111.231.101.19 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.101.19"; classtype:trojan-activity; sid:37928341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.134.185.214 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.185.214"; classtype:trojan-activity; sid:37928351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 222.127.153.161 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.127.153.161"; classtype:trojan-activity; sid:37928361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 104.28.153.10 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.28.153.10"; classtype:trojan-activity; sid:37928371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.170.10.247 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.170.10.247"; classtype:trojan-activity; sid:37928381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 103.142.21.195 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.142.21.195"; classtype:trojan-activity; sid:37928391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 5.255.106.166 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.255.106.166"; classtype:trojan-activity; sid:37928401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 213.47.15.100 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.47.15.100"; classtype:trojan-activity; sid:37928411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 95.179.148.89 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.179.148.89"; classtype:trojan-activity; sid:37928421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 179.1.85.123 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.1.85.123"; classtype:trojan-activity; sid:37928431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 64.23.168.19 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.168.19"; classtype:trojan-activity; sid:37928441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 120.53.94.178 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.53.94.178"; classtype:trojan-activity; sid:37928451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 5.42.87.41 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.87.41"; classtype:trojan-activity; sid:37928461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 121.54.165.49 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.54.165.49"; classtype:trojan-activity; sid:37928471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 101.126.69.23 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.69.23"; classtype:trojan-activity; sid:37928481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 165.227.228.212 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.228.212"; classtype:trojan-activity; sid:37928491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 178.128.220.223 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.220.223"; classtype:trojan-activity; sid:37928501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 141.94.106.15 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.94.106.15"; classtype:trojan-activity; sid:37928511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 152.136.48.82 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.48.82"; classtype:trojan-activity; sid:37928521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.155.166.136 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.166.136"; classtype:trojan-activity; sid:37928531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.156.64.128 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.64.128"; classtype:trojan-activity; sid:37928541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 143.198.140.13 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.140.13"; classtype:trojan-activity; sid:37928551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 86.63.218.110 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.63.218.110"; classtype:trojan-activity; sid:37928561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 194.163.170.212 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.163.170.212"; classtype:trojan-activity; sid:37928571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 78.135.104.52 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.135.104.52"; classtype:trojan-activity; sid:37928581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 201.99.120.13 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.99.120.13"; classtype:trojan-activity; sid:37928591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 207.154.241.179 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.154.241.179"; classtype:trojan-activity; sid:37928601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 177.220.181.8 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.220.181.8"; classtype:trojan-activity; sid:37928611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 45.238.232.2 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.238.232.2"; classtype:trojan-activity; sid:37928621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 77.232.142.150 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.232.142.150"; classtype:trojan-activity; sid:37928631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 124.221.136.242 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.136.242"; classtype:trojan-activity; sid:37928641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.153.188.226 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.188.226"; classtype:trojan-activity; sid:37928651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 187.188.240.7 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.188.240.7"; classtype:trojan-activity; sid:37928661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 165.227.245.17 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.245.17"; classtype:trojan-activity; sid:37928671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 42.192.53.183 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.53.183"; classtype:trojan-activity; sid:37928681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 36.112.138.237 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.112.138.237"; classtype:trojan-activity; sid:37928691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 212.64.193.222 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.64.193.222"; classtype:trojan-activity; sid:37928701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 45.117.153.69 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.117.153.69"; classtype:trojan-activity; sid:37928711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 181.94.225.93 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.94.225.93"; classtype:trojan-activity; sid:37928721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 4.227.147.131 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 4.227.147.131"; classtype:trojan-activity; sid:37928731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 162.243.163.241 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.163.241"; classtype:trojan-activity; sid:37928741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 172.245.214.201 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.245.214.201"; classtype:trojan-activity; sid:37928751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.128.86.28 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.86.28"; classtype:trojan-activity; sid:37928761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.128.29.161 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.29.161"; classtype:trojan-activity; sid:37928771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 179.26.84.34 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.26.84.34"; classtype:trojan-activity; sid:37928781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 124.222.50.239 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.50.239"; classtype:trojan-activity; sid:37928791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 208.65.84.32 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.65.84.32"; classtype:trojan-activity; sid:37928801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.156.48.140 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.48.140"; classtype:trojan-activity; sid:37928811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.153.1.47 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.1.47"; classtype:trojan-activity; sid:37928821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 222.188.130.141 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.188.130.141"; classtype:trojan-activity; sid:37928831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.164 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.164"; classtype:trojan-activity; sid:37928841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 164.90.142.242 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.142.242"; classtype:trojan-activity; sid:37928851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 161.132.38.125 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.132.38.125"; classtype:trojan-activity; sid:37928861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 14.103.44.104 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.44.104"; classtype:trojan-activity; sid:37928871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 84.94.122.161 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.94.122.161"; classtype:trojan-activity; sid:37928881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 223.113.54.184 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.113.54.184"; classtype:trojan-activity; sid:37928891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.179 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.179"; classtype:trojan-activity; sid:37928901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 85.133.217.151 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.133.217.151"; classtype:trojan-activity; sid:37928911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 23.129.64.224 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.224"; classtype:trojan-activity; sid:37928921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.108 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.108"; classtype:trojan-activity; sid:37928931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 45.137.181.64 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.137.181.64"; classtype:trojan-activity; sid:37928941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 181.94.237.129 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.94.237.129"; classtype:trojan-activity; sid:37928951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 170.64.153.98 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.153.98"; classtype:trojan-activity; sid:37928961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.135.145.46 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.145.46"; classtype:trojan-activity; sid:37928971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.156.33.183 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.33.183"; classtype:trojan-activity; sid:37928981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 107.189.30.69 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.189.30.69"; classtype:trojan-activity; sid:37928991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.156.45.171 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.45.171"; classtype:trojan-activity; sid:37929001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 171.25.193.25 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.25.193.25"; classtype:trojan-activity; sid:37929011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 18.134.121.225 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 18.134.121.225"; classtype:trojan-activity; sid:37929021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 84.247.165.52 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.247.165.52"; classtype:trojan-activity; sid:37929031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.103.9 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.103.9"; classtype:trojan-activity; sid:37929041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 162.62.232.71 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.232.71"; classtype:trojan-activity; sid:37929051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 49.84.213.111 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.84.213.111"; classtype:trojan-activity; sid:37929061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 170.78.24.134 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.78.24.134"; classtype:trojan-activity; sid:37929071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.129.61.2 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.129.61.2"; classtype:trojan-activity; sid:37929081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 51.15.116.168 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.15.116.168"; classtype:trojan-activity; sid:37929091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 49.235.157.59 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.157.59"; classtype:trojan-activity; sid:37929101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 107.189.13.180 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.189.13.180"; classtype:trojan-activity; sid:37929111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 142.4.222.188 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.4.222.188"; classtype:trojan-activity; sid:37929121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 180.101.88.224 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.101.88.224"; classtype:trojan-activity; sid:37929131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 43.133.159.180 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.159.180"; classtype:trojan-activity; sid:37929141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 193.35.18.105 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.35.18.105"; classtype:trojan-activity; sid:37929151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 193.142.146.165 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.142.146.165"; classtype:trojan-activity; sid:37929161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip 185.220.101.171 any -> $HOME_NET any (msg: "MISP e27394 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.171"; classtype:trojan-activity; sid:37929171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27394;) alert ip $HOME_NET any -> 103.186.117.243 1947 (msg: "MISP e27434 [RAT,RemcosRAT] Outgoing To IP: 103.186.117.243|1947"; classtype:trojan-activity; sid:37932531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 34.31.226.230 37558 (msg: "MISP e27434 [infostealer,RedLine,stealer] Outgoing To IP: 34.31.226.230|37558"; classtype:trojan-activity; sid:37932511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 34.31.226.230 37558 (msg: "MISP e27478 [] Outgoing To IP: 34.31.226.230|37558"; classtype:trojan-activity; sid:37938391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 103.186.117.243 1947 (msg: "MISP e27478 [] Outgoing To IP: 103.186.117.243|1947"; classtype:trojan-activity; sid:37938401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 109.248.150.210 50270 (msg: "MISP e27434 [remcos] Outgoing To IP: 109.248.150.210|50270"; classtype:trojan-activity; sid:37932541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 193.222.96.98 $HTTP_PORTS (msg: "MISP e27382 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//193.222.96.98/rRhpmdPuXcJBxmvHtUq56.bin"; flow:to_server,established; http.header; content:"193.222.96.98"; fast_pattern; nocase; http.uri; content:"/rRhpmdPuXcJBxmvHtUq56.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37924901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27382;) alert ip $HOME_NET any -> 109.248.150.210 50270 (msg: "MISP e27478 [] Outgoing To IP: 109.248.150.210|50270"; classtype:trojan-activity; sid:37938411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 185.203.116.51 443 (msg: "MISP e27434 [BELCLOUD,sliver] Outgoing To IP: 185.203.116.51|443"; classtype:trojan-activity; sid:37932551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 45.32.91.55 7443 (msg: "MISP e27434 [AS-CHOOPA,Covenant] Outgoing To IP: 45.32.91.55|7443"; classtype:trojan-activity; sid:37932561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 3.112.78.101 80 (msg: "MISP e27434 [AMAZON-02,Brute Ratel C4] Outgoing To IP: 3.112.78.101|80"; classtype:trojan-activity; sid:37932571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 78.129.165.233 80 (msg: "MISP e27434 [Havoc,IOMART-AS] Outgoing To IP: 78.129.165.233|80"; classtype:trojan-activity; sid:37932581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 79.137.207.163 80 (msg: "MISP e27434 [AEZA-AS,Meduza Stealer] Outgoing To IP: 79.137.207.163|80"; classtype:trojan-activity; sid:37932591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 142.171.8.138 80 (msg: "MISP e27434 [Hookbot Pegasus,MULTA-ASN1] Outgoing To IP: 142.171.8.138|80"; classtype:trojan-activity; sid:37932601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 142.171.8.138 80 (msg: "MISP e27478 [] Outgoing To IP: 142.171.8.138|80"; classtype:trojan-activity; sid:37938421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 79.137.207.163 80 (msg: "MISP e27478 [] Outgoing To IP: 79.137.207.163|80"; classtype:trojan-activity; sid:37938431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 78.129.165.233 80 (msg: "MISP e27478 [] Outgoing To IP: 78.129.165.233|80"; classtype:trojan-activity; sid:37938441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 3.112.78.101 80 (msg: "MISP e27478 [] Outgoing To IP: 3.112.78.101|80"; classtype:trojan-activity; sid:37938451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 45.32.91.55 7443 (msg: "MISP e27478 [] Outgoing To IP: 45.32.91.55|7443"; classtype:trojan-activity; sid:37938461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 185.203.116.51 443 (msg: "MISP e27478 [] Outgoing To IP: 185.203.116.51|443"; classtype:trojan-activity; sid:37938471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 103.183.115.241 $HTTP_PORTS (msg: "MISP e27482 [] Outgoing URL http|3a|//103.183.115.241/MTifYRAAGx67.bin"; flow:to_server,established; http.header; content:"103.183.115.241"; fast_pattern; nocase; http.uri; content:"/MTifYRAAGx67.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37941301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27482;) alert ip $HOME_NET any -> 185.167.61.159 2404 (msg: "MISP e27482 [] Outgoing To IP: 185.167.61.159|2404"; classtype:trojan-activity; sid:37941311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27482;) alert ip $HOME_NET any -> 185.167.61.159 2403 (msg: "MISP e27482 [] Outgoing To IP: 185.167.61.159|2403"; classtype:trojan-activity; sid:37941321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27482;) alert dns any any -> any any (msg: "MISP e27482 [] Domain jouramad288debou.duckdns.org"; dns.query; content:"jouramad288debou.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])jouramad288debou\.duckdns\.org$/i"; classtype:trojan-activity; sid:37941331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27482;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27482 [] Outgoing HTTP Domain jouramad288debou.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jouramad288debou.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jouramad288debou\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37941332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27482;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27459 [] Source Email Address: logistics@maerskline.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"logistics@maerskline.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37937211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27459;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27459 [] Bad Email Subject"; flow:established,to_server; content:"Subject|3a|"; nocase; content:"Shipping via DHL"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37937221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27459;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27459 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"SHIPPING DOCUMENT...CI,PL,BL.pdf.7z|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37937231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27459;) alert ip 64.188.21.217 any -> $HOME_NET any (msg: "MISP e27459 [] Incoming From IP: 64.188.21.217"; classtype:trojan-activity; sid:37937241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27459;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27484 [] Outgoing URL http|3a|//damaco.hr/V4.txt"; flow:to_server,established; http.header; content:"damaco.hr"; fast_pattern; nocase; http.uri; content:"/V4.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37941561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27484;) alert dns any any -> any any (msg: "MISP e27484 [] Domain sslout.de"; dns.query; content:"sslout.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])sslout\.de$/i"; classtype:trojan-activity; sid:37941571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27484;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27484 [] Outgoing HTTP Domain sslout.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sslout.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sslout\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37941572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27484;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27484 [] Destination Email Address: service2@cosmedicus.de"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"service2@cosmedicus.de"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37941591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27484;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27484 [] Source Email Address: service@cosmedicus.de"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"service@cosmedicus.de"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37941581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27484;) alert dns any any -> any any (msg: "MISP e27353 [] Domain banco.estadosoporte.info"; dns.query; content:"banco.estadosoporte.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estadosoporte\.info$/i"; classtype:trojan-activity; sid:37917431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27353;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27353 [] Outgoing HTTP Domain banco.estadosoporte.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banco.estadosoporte.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estadosoporte\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37917432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27353;) alert dns any any -> any any (msg: "MISP e27354 [] Domain estado.accesoclientes.info"; dns.query; content:"estado.accesoclientes.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info$/i"; classtype:trojan-activity; sid:37917511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27354;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27354 [] Outgoing HTTP Domain estado.accesoclientes.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado.accesoclientes.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37917512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27354;) alert dns any any -> any any (msg: "MISP e27355 [] Domain beneficio-banestado.pages.dev"; dns.query; content:"beneficio-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])beneficio\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37917591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27355;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27355 [] Outgoing HTTP Domain beneficio-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beneficio-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beneficio\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37917592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27355;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27467 [] Source Email Address: imports@gfagni.it"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"imports@gfagni.it"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37937621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27467;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27467 [] Bad Email Subject"; flow:established,to_server; content:"Subject|3a|"; nocase; content:"Pošiljanje spremnega naročila št. 20240403-70611 z dne 03.04.2024 - Atea d.o.o."; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37937631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27467;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27467 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"doc20240403125126.img|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37937641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27467;) alert http $HOME_NET any -> 192.151.244.144 57845 (msg: "MISP e27481 [kill-chain:Command and Control,misp-galaxy:tool="Gh0st Rat"] Outgoing URL http|3a|//192.151.244.144|3a|57845/MS.exe"; flow:to_server,established; http.header; content:"192.151.244.144"; fast_pattern; nocase; http.uri; content:"/MS.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37941291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27481;) alert ip $HOME_NET any -> 62.72.185.28 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 62.72.185.28|61616"; classtype:trojan-activity; sid:37932611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 62.72.185.34 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 62.72.185.34|61616"; classtype:trojan-activity; sid:37932621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 167.99.190.250 1311 (msg: "MISP e27434 [AS14061,Digitalocean,TBOTNET] Outgoing To IP: 167.99.190.250|1311"; classtype:trojan-activity; sid:37933071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 178.62.242.26 1311 (msg: "MISP e27434 [AS14061,Digitalocean,TBOTNET] Outgoing To IP: 178.62.242.26|1311"; classtype:trojan-activity; sid:37933081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 147.182.149.112 1311 (msg: "MISP e27434 [AS14061,Digitalocean,TBOTNET] Outgoing To IP: 147.182.149.112|1311"; classtype:trojan-activity; sid:37933041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 147.182.149.113 1311 (msg: "MISP e27434 [AS14061,Digitalocean,TBOTNET] Outgoing To IP: 147.182.149.113|1311"; classtype:trojan-activity; sid:37933051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 159.89.191.108 1311 (msg: "MISP e27434 [AS14061,Digitalocean,TBOTNET] Outgoing To IP: 159.89.191.108|1311"; classtype:trojan-activity; sid:37933061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 143.110.247.222 1311 (msg: "MISP e27434 [AS14061,Digitalocean,TBOTNET] Outgoing To IP: 143.110.247.222|1311"; classtype:trojan-activity; sid:37933031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 138.197.171.172 1311 (msg: "MISP e27434 [AS14061,Digitalocean,TBOTNET] Outgoing To IP: 138.197.171.172|1311"; classtype:trojan-activity; sid:37933021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.178 3090 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.178|3090"; classtype:trojan-activity; sid:37932991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.192 38421 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.192|38421"; classtype:trojan-activity; sid:37933001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 46.101.135.216 1311 (msg: "MISP e27434 [TBOTNET] Outgoing To IP: 46.101.135.216|1311"; classtype:trojan-activity; sid:37933011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.175 3090 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.175|3090"; classtype:trojan-activity; sid:37932971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.176 3090 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.176|3090"; classtype:trojan-activity; sid:37932981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.174 3090 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.174|3090"; classtype:trojan-activity; sid:37932961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.100 3090 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.100|3090"; classtype:trojan-activity; sid:37932911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.173 3090 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.173|3090"; classtype:trojan-activity; sid:37932951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.156 3090 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.156|3090"; classtype:trojan-activity; sid:37932941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.123 3090 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.123|3090"; classtype:trojan-activity; sid:37932931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.82 3090 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.82|3090"; classtype:trojan-activity; sid:37932891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.83 3090 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.83|3090"; classtype:trojan-activity; sid:37932901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.102 3090 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.102|3090"; classtype:trojan-activity; sid:37932921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.52 61616 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.52|61616"; classtype:trojan-activity; sid:37932871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.56 61616 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.56|61616"; classtype:trojan-activity; sid:37932881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.248 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.248|61616"; classtype:trojan-activity; sid:37932841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.49 61616 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.49|61616"; classtype:trojan-activity; sid:37932851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.181.80.50 61616 (msg: "MISP e27434 [AS50360,TAMATIYA-AS,TBOTNET] Outgoing To IP: 5.181.80.50|61616"; classtype:trojan-activity; sid:37932861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.242 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.242|61616"; classtype:trojan-activity; sid:37932821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.244 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.244|61616"; classtype:trojan-activity; sid:37932831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.31 1311 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.31|1311"; classtype:trojan-activity; sid:37932801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.34 1311 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.34|1311"; classtype:trojan-activity; sid:37932811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.30 1311 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.30|1311"; classtype:trojan-activity; sid:37932791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.29 1311 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.29|1311"; classtype:trojan-activity; sid:37932781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.27 1311 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.27|1311"; classtype:trojan-activity; sid:37932761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.28 1311 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.28|1311"; classtype:trojan-activity; sid:37932771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.25 1311 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.25|1311"; classtype:trojan-activity; sid:37932741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.26 1311 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.26|1311"; classtype:trojan-activity; sid:37932751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.23 1311 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.23|1311"; classtype:trojan-activity; sid:37932721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.24 1311 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.24|1311"; classtype:trojan-activity; sid:37932731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.22 1311 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.22|1311"; classtype:trojan-activity; sid:37932711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 62.72.185.110 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 62.72.185.110|61616"; classtype:trojan-activity; sid:37932681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.17 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.17|61616"; classtype:trojan-activity; sid:37932691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 204.76.203.18 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 204.76.203.18|61616"; classtype:trojan-activity; sid:37932701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 62.72.185.92 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 62.72.185.92|61616"; classtype:trojan-activity; sid:37932671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 62.72.185.58 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 62.72.185.58|61616"; classtype:trojan-activity; sid:37932651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 62.72.185.45 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 62.72.185.45|61616"; classtype:trojan-activity; sid:37932641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 62.72.185.68 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 62.72.185.68|61616"; classtype:trojan-activity; sid:37932661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 62.72.185.43 61616 (msg: "MISP e27434 [ASN400328,Intelligence-Hosting LLC,TBOTNET] Outgoing To IP: 62.72.185.43|61616"; classtype:trojan-activity; sid:37932631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 62.72.185.43 61616 (msg: "MISP e27478 [] Outgoing To IP: 62.72.185.43|61616"; classtype:trojan-activity; sid:37938481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 62.72.185.45 61616 (msg: "MISP e27478 [] Outgoing To IP: 62.72.185.45|61616"; classtype:trojan-activity; sid:37938491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 62.72.185.68 61616 (msg: "MISP e27478 [] Outgoing To IP: 62.72.185.68|61616"; classtype:trojan-activity; sid:37938501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 62.72.185.58 61616 (msg: "MISP e27478 [] Outgoing To IP: 62.72.185.58|61616"; classtype:trojan-activity; sid:37938511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 62.72.185.92 61616 (msg: "MISP e27478 [] Outgoing To IP: 62.72.185.92|61616"; classtype:trojan-activity; sid:37938521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.18 61616 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.18|61616"; classtype:trojan-activity; sid:37938531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 62.72.185.110 61616 (msg: "MISP e27478 [] Outgoing To IP: 62.72.185.110|61616"; classtype:trojan-activity; sid:37938541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.17 61616 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.17|61616"; classtype:trojan-activity; sid:37938551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.22 1311 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.22|1311"; classtype:trojan-activity; sid:37938561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.23 1311 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.23|1311"; classtype:trojan-activity; sid:37938571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.24 1311 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.24|1311"; classtype:trojan-activity; sid:37938581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.25 1311 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.25|1311"; classtype:trojan-activity; sid:37938591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.26 1311 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.26|1311"; classtype:trojan-activity; sid:37938601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.27 1311 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.27|1311"; classtype:trojan-activity; sid:37938611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.28 1311 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.28|1311"; classtype:trojan-activity; sid:37938621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.29 1311 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.29|1311"; classtype:trojan-activity; sid:37938631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.30 1311 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.30|1311"; classtype:trojan-activity; sid:37938641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.31 1311 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.31|1311"; classtype:trojan-activity; sid:37938651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.34 1311 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.34|1311"; classtype:trojan-activity; sid:37938661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.242 61616 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.242|61616"; classtype:trojan-activity; sid:37938671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.244 61616 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.244|61616"; classtype:trojan-activity; sid:37938681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.50 61616 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.50|61616"; classtype:trojan-activity; sid:37938691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 204.76.203.248 61616 (msg: "MISP e27478 [] Outgoing To IP: 204.76.203.248|61616"; classtype:trojan-activity; sid:37938701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.49 61616 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.49|61616"; classtype:trojan-activity; sid:37938711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.52 61616 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.52|61616"; classtype:trojan-activity; sid:37938721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.56 61616 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.56|61616"; classtype:trojan-activity; sid:37938731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.82 3090 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.82|3090"; classtype:trojan-activity; sid:37938741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.83 3090 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.83|3090"; classtype:trojan-activity; sid:37938751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.102 3090 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.102|3090"; classtype:trojan-activity; sid:37938761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.123 3090 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.123|3090"; classtype:trojan-activity; sid:37938771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.156 3090 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.156|3090"; classtype:trojan-activity; sid:37938781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.100 3090 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.100|3090"; classtype:trojan-activity; sid:37938791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.173 3090 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.173|3090"; classtype:trojan-activity; sid:37938801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.174 3090 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.174|3090"; classtype:trojan-activity; sid:37938811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.175 3090 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.175|3090"; classtype:trojan-activity; sid:37938821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.176 3090 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.176|3090"; classtype:trojan-activity; sid:37938831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.178 3090 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.178|3090"; classtype:trojan-activity; sid:37938841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.181.80.192 38421 (msg: "MISP e27478 [] Outgoing To IP: 5.181.80.192|38421"; classtype:trojan-activity; sid:37938851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 46.101.135.216 1311 (msg: "MISP e27478 [] Outgoing To IP: 46.101.135.216|1311"; classtype:trojan-activity; sid:37938861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 138.197.171.172 1311 (msg: "MISP e27478 [] Outgoing To IP: 138.197.171.172|1311"; classtype:trojan-activity; sid:37938871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 143.110.247.222 1311 (msg: "MISP e27478 [] Outgoing To IP: 143.110.247.222|1311"; classtype:trojan-activity; sid:37938881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 147.182.149.112 1311 (msg: "MISP e27478 [] Outgoing To IP: 147.182.149.112|1311"; classtype:trojan-activity; sid:37938891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 147.182.149.113 1311 (msg: "MISP e27478 [] Outgoing To IP: 147.182.149.113|1311"; classtype:trojan-activity; sid:37938901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 159.89.191.108 1311 (msg: "MISP e27478 [] Outgoing To IP: 159.89.191.108|1311"; classtype:trojan-activity; sid:37938911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 167.99.190.250 1311 (msg: "MISP e27478 [] Outgoing To IP: 167.99.190.250|1311"; classtype:trojan-activity; sid:37938921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 178.62.242.26 1311 (msg: "MISP e27478 [] Outgoing To IP: 178.62.242.26|1311"; classtype:trojan-activity; sid:37938931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 62.72.185.34 61616 (msg: "MISP e27478 [] Outgoing To IP: 62.72.185.34|61616"; classtype:trojan-activity; sid:37938941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 62.72.185.28 61616 (msg: "MISP e27478 [] Outgoing To IP: 62.72.185.28|61616"; classtype:trojan-activity; sid:37938951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27434 [AgentTesla] Outgoing URL http|3a|//www.texlandbd.com/vvs/inc/c874c1a5333207.php"; flow:to_server,established; http.header; content:"www.texlandbd.com"; fast_pattern; nocase; http.uri; content:"/vvs/inc/c874c1a5333207.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37933091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27356 [] Domain portal-estado.pages.dev"; dns.query; content:"portal-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37917671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27356;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27356 [] Outgoing HTTP Domain portal-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37917672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27356;) alert dns any any -> any any (msg: "MISP e24600 [] Domain www.post-lu.fun"; dns.query; content:"www.post-lu.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.post\-lu\.fun$/i"; classtype:trojan-activity; sid:38179791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain www.post-lu.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.post-lu.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.post\-lu\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27478 [] Outgoing URL http|3a|//www.texlandbd.com/vvs/inc/c874c1a5333207.php"; flow:to_server,established; http.header; content:"www.texlandbd.com"; fast_pattern; nocase; http.uri; content:"/vvs/inc/c874c1a5333207.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37938961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27486 [] Domain naswaam.com"; dns.query; content:"naswaam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naswaam\.com$/i"; classtype:trojan-activity; sid:37942481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27486;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27486 [] Outgoing HTTP Domain naswaam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naswaam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naswaam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37942482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27486;) alert ip 109.106.239.21 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.106.239.21"; classtype:trojan-activity; sid:37941841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 182.23.23.42 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.23.23.42"; classtype:trojan-activity; sid:37941851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 192.144.233.91 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.144.233.91"; classtype:trojan-activity; sid:37941861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 47.116.72.242 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.116.72.242"; classtype:trojan-activity; sid:37941871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 186.16.41.158 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.16.41.158"; classtype:trojan-activity; sid:37941881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 91.107.162.48 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.107.162.48"; classtype:trojan-activity; sid:37941891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 34.123.222.223 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.123.222.223"; classtype:trojan-activity; sid:37941901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 187.111.28.131 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.111.28.131"; classtype:trojan-activity; sid:37941911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 35.244.25.124 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.244.25.124"; classtype:trojan-activity; sid:37941921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.135.138.254 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.138.254"; classtype:trojan-activity; sid:37941931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.153.142.43 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.142.43"; classtype:trojan-activity; sid:37941941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 5.42.95.17 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.95.17"; classtype:trojan-activity; sid:37941951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 103.143.72.227 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.143.72.227"; classtype:trojan-activity; sid:37941961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 122.53.133.167 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.53.133.167"; classtype:trojan-activity; sid:37941971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 129.226.221.242 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.221.242"; classtype:trojan-activity; sid:37941981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.163.235.120 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.235.120"; classtype:trojan-activity; sid:37941991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.133.221.210 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.221.210"; classtype:trojan-activity; sid:37942001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 103.114.226.94 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.114.226.94"; classtype:trojan-activity; sid:37942011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 150.109.7.139 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.7.139"; classtype:trojan-activity; sid:37942021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 190.104.25.221 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.104.25.221"; classtype:trojan-activity; sid:37942031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 198.46.235.64 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.46.235.64"; classtype:trojan-activity; sid:37942041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.134.70.177 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.70.177"; classtype:trojan-activity; sid:37942051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 101.89.190.154 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.89.190.154"; classtype:trojan-activity; sid:37942061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 104.250.50.146 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.146"; classtype:trojan-activity; sid:37942071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 139.196.143.80 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.196.143.80"; classtype:trojan-activity; sid:37942081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.128.104.71 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.104.71"; classtype:trojan-activity; sid:37942091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 96.126.112.21 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.126.112.21"; classtype:trojan-activity; sid:37942101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 172.2.236.85 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.2.236.85"; classtype:trojan-activity; sid:37942111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.163.194.3 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.194.3"; classtype:trojan-activity; sid:37942121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.163.212.26 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.212.26"; classtype:trojan-activity; sid:37942131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 49.247.146.74 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.247.146.74"; classtype:trojan-activity; sid:37942141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.163.229.148 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.229.148"; classtype:trojan-activity; sid:37942151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 37.59.64.163 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.59.64.163"; classtype:trojan-activity; sid:37942161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.153.124.189 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.124.189"; classtype:trojan-activity; sid:37942171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 118.36.228.188 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.36.228.188"; classtype:trojan-activity; sid:37942181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.134.80.69 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.80.69"; classtype:trojan-activity; sid:37942191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 36.137.156.89 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.156.89"; classtype:trojan-activity; sid:37942201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.133.73.88 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.73.88"; classtype:trojan-activity; sid:37942211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.134.46.239 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.46.239"; classtype:trojan-activity; sid:37942221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.155.181.229 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.181.229"; classtype:trojan-activity; sid:37942231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.156.107.139 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.107.139"; classtype:trojan-activity; sid:37942241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 152.32.186.113 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.186.113"; classtype:trojan-activity; sid:37942251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 74.208.160.87 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.208.160.87"; classtype:trojan-activity; sid:37942261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 45.236.128.14 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.236.128.14"; classtype:trojan-activity; sid:37942271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 119.96.168.145 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.168.145"; classtype:trojan-activity; sid:37942281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 83.248.224.202 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.248.224.202"; classtype:trojan-activity; sid:37942291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.156.244.167 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.244.167"; classtype:trojan-activity; sid:37942301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 139.224.1.157 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.224.1.157"; classtype:trojan-activity; sid:37942311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 212.60.21.153 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.60.21.153"; classtype:trojan-activity; sid:37942321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 165.232.178.146 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.178.146"; classtype:trojan-activity; sid:37942331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 198.46.158.176 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.46.158.176"; classtype:trojan-activity; sid:37942341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 193.234.229.34 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.234.229.34"; classtype:trojan-activity; sid:37942351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 176.36.158.146 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.36.158.146"; classtype:trojan-activity; sid:37942361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 209.226.47.202 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.226.47.202"; classtype:trojan-activity; sid:37942371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 103.179.191.177 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.179.191.177"; classtype:trojan-activity; sid:37942381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 43.143.49.162 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.49.162"; classtype:trojan-activity; sid:37942391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert dns any any -> any any (msg: "MISP e24600 [] Domain post-lu.vip"; dns.query; content:"post-lu.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\.vip$/i"; classtype:trojan-activity; sid:38179831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain post-lu.vip"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"post-lu.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179832; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip 43.155.136.239 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.136.239"; classtype:trojan-activity; sid:37942401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 120.48.123.165 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.123.165"; classtype:trojan-activity; sid:37942411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 175.178.194.190 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.194.190"; classtype:trojan-activity; sid:37942421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 194.36.89.161 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.36.89.161"; classtype:trojan-activity; sid:37942431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 78.189.14.39 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.189.14.39"; classtype:trojan-activity; sid:37942441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 129.211.26.213 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.211.26.213"; classtype:trojan-activity; sid:37942451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 150.230.100.30 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.230.100.30"; classtype:trojan-activity; sid:37942461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert ip 20.0.163.235 any -> $HOME_NET any (msg: "MISP e27485 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.0.163.235"; classtype:trojan-activity; sid:37942471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27485;) alert dns any any -> any any (msg: "MISP e24600 [] Domain post-lu.fun"; dns.query; content:"post-lu.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\.fun$/i"; classtype:trojan-activity; sid:38179881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain post-lu.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"post-lu.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 206.238.199.68 48458 (msg: "MISP e27434 [RedLineStealer] Outgoing To IP: 206.238.199.68|48458"; classtype:trojan-activity; sid:37933101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 1drop.from-wv.com"; dns.query; content:"1drop.from-wv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])1drop\.from\-wv\.com$/i"; classtype:trojan-activity; sid:38179931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 1drop.from-wv.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"1drop.from-wv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])1drop\.from\-wv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179932; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain a243boo2024.from-sd.com"; dns.query; content:"a243boo2024.from-sd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])a243boo2024\.from\-sd\.com$/i"; classtype:trojan-activity; sid:38179981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain a243boo2024.from-sd.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"a243boo2024.from-sd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])a243boo2024\.from\-sd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38179982; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 34.16.47.102 80 (msg: "MISP e27478 [] Outgoing To IP: 34.16.47.102|80"; classtype:trojan-activity; sid:37938971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 206.238.199.68 48458 (msg: "MISP e27478 [] Outgoing To IP: 206.238.199.68|48458"; classtype:trojan-activity; sid:37938981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyogafrance.com"; dns.query; content:"beyondyogafrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogafrance\.com$/i"; classtype:trojan-activity; sid:38159911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyogafrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyogafrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogafrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38159912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyoga-italia.com"; dns.query; content:"beyondyoga-italia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoga\-italia\.com$/i"; classtype:trojan-activity; sid:38159921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyoga-italia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyoga-italia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoga\-italia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38159922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyoganederlands.com"; dns.query; content:"beyondyoganederlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoganederlands\.com$/i"; classtype:trojan-activity; sid:38159931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyoganederlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyoganederlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyoganederlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38159932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain beyondyogaspain.com"; dns.query; content:"beyondyogaspain.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogaspain\.com$/i"; classtype:trojan-activity; sid:38159941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain beyondyogaspain.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beyondyogaspain.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beyondyogaspain\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38159942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-canada.com"; dns.query; content:"c-and-a-canada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-canada\.com$/i"; classtype:trojan-activity; sid:38159951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-canada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-canada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-canada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38159952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-espana.com"; dns.query; content:"c-and-a-espana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-espana\.com$/i"; classtype:trojan-activity; sid:38159961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-espana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-espana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-espana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38159962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-india.com"; dns.query; content:"c-and-a-india.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-india\.com$/i"; classtype:trojan-activity; sid:38159971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-india.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-india.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-india\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38159972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-ireland.com"; dns.query; content:"c-and-a-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-ireland\.com$/i"; classtype:trojan-activity; sid:38159981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38159982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-italia.com"; dns.query; content:"c-and-a-italia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-italia\.com$/i"; classtype:trojan-activity; sid:38159991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-italia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-italia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-italia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38159992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-malaysia.com"; dns.query; content:"c-and-a-malaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-malaysia\.com$/i"; classtype:trojan-activity; sid:38160001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-malaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-malaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-malaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-mexico.com"; dns.query; content:"c-and-a-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-mexico\.com$/i"; classtype:trojan-activity; sid:38160011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-outlet.com"; dns.query; content:"c-and-a-outlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-outlet\.com$/i"; classtype:trojan-activity; sid:38160021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-outlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-outlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-outlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-philippines.com"; dns.query; content:"c-and-a-philippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-philippines\.com$/i"; classtype:trojan-activity; sid:38160031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-philippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-philippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-philippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-singapore.com"; dns.query; content:"c-and-a-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-singapore\.com$/i"; classtype:trojan-activity; sid:38160041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-suomi.com"; dns.query; content:"c-and-a-suomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-suomi\.com$/i"; classtype:trojan-activity; sid:38160051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-suomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-suomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-suomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain c-and-a-uk.com"; dns.query; content:"c-and-a-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-uk\.com$/i"; classtype:trojan-activity; sid:38160061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain c-and-a-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c-and-a-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c\-and\-a\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletespana.com"; dns.query; content:"melissaoutletespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletespana\.com$/i"; classtype:trojan-activity; sid:38160071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukai-mexico.com"; dns.query; content:"olukai-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukai\-mexico\.com$/i"; classtype:trojan-activity; sid:38160081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukai-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukai-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukai\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiemportugal.com"; dns.query; content:"tumiemportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiemportugal\.com$/i"; classtype:trojan-activity; sid:38160091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiemportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiemportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiemportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-indonesia.com"; dns.query; content:"tumi-indonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-indonesia\.com$/i"; classtype:trojan-activity; sid:38160101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-indonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-indonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-indonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tuminobrasil.com"; dns.query; content:"tuminobrasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tuminobrasil\.com$/i"; classtype:trojan-activity; sid:38160111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tuminobrasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tuminobrasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tuminobrasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-philippines.com"; dns.query; content:"tumi-philippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-philippines\.com$/i"; classtype:trojan-activity; sid:38160121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-philippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-philippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-philippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiusasale.com"; dns.query; content:"tumiusasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiusasale\.com$/i"; classtype:trojan-activity; sid:38160131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiusasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiusasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiusasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain varleyuksale.com"; dns.query; content:"varleyuksale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])varleyuksale\.com$/i"; classtype:trojan-activity; sid:38160141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain varleyuksale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"varleyuksale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])varleyuksale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> 47.104.28.38 81 (msg: "MISP e27434 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//47.104.28.38|3a|81/require-jquery-v1.js"; flow:to_server,established; http.header; content:"47.104.28.38"; fast_pattern; nocase; http.uri; content:"/require-jquery-v1.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37933111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 118.194.233.185 $HTTP_PORTS (msg: "MISP e27434 [CobaltStrike,cs-watermark-987654321,UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED] Outgoing URL http|3a|//118.194.233.185/__utm.gif"; flow:to_server,established; http.header; content:"118.194.233.185"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37933121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 118.194.233.185 $HTTP_PORTS (msg: "MISP e27478 [] Outgoing URL http|3a|//118.194.233.185/__utm.gif"; flow:to_server,established; http.header; content:"118.194.233.185"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37938991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 47.104.28.38 81 (msg: "MISP e27478 [] Outgoing URL http|3a|//47.104.28.38|3a|81/require-jquery-v1.js"; flow:to_server,established; http.header; content:"47.104.28.38"; fast_pattern; nocase; http.uri; content:"/require-jquery-v1.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37939001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e24600 [] Domain www.airisled.es"; dns.query; content:"www.airisled.es"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.airisled\.es$/i"; classtype:trojan-activity; sid:38180031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain www.airisled.es"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.airisled.es"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.airisled\.es[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180032; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 124.71.9.23 8500 (msg: "MISP e27434 [CobaltStrike,cs-watermark-987654321,Huawei Cloud Service data center] Outgoing URL http|3a|//124.71.9.23|3a|8500/j.ad"; flow:to_server,established; http.header; content:"124.71.9.23"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37933131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [CobaltStrike,cs-watermark-100000,The Constant Company LLC] Domain ns1.netiapp.org"; dns.query; content:"ns1.netiapp.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.netiapp\.org$/i"; classtype:trojan-activity; sid:37933151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [CobaltStrike,cs-watermark-100000,The Constant Company LLC] Outgoing HTTP Domain ns1.netiapp.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.netiapp.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.netiapp\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [CobaltStrike,cs-watermark-100000,The Constant Company LLC] Domain ns2.netiapp.org"; dns.query; content:"ns2.netiapp.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.netiapp\.org$/i"; classtype:trojan-activity; sid:37933161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [CobaltStrike,cs-watermark-100000,The Constant Company LLC] Outgoing HTTP Domain ns2.netiapp.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns2.netiapp.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.netiapp\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 108.61.210.72 53 (msg: "MISP e27434 [CobaltStrike,cs-watermark-100000,The Constant Company LLC] Outgoing To IP: 108.61.210.72|53"; classtype:trojan-activity; sid:37933171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Domain dns.recentbeelive.com"; dns.query; content:"dns.recentbeelive.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.recentbeelive\.com$/i"; classtype:trojan-activity; sid:37933181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing HTTP Domain dns.recentbeelive.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.recentbeelive.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.recentbeelive\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 45.77.160.60 53 (msg: "MISP e27434 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing To IP: 45.77.160.60|53"; classtype:trojan-activity; sid:37933191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 121.4.154.20 81 (msg: "MISP e27434 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//121.4.154.20|3a|81/match"; flow:to_server,established; http.header; content:"121.4.154.20"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37933201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 47.113.195.22 $HTTP_PORTS (msg: "MISP e27434 [CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.113.195.22/load"; flow:to_server,established; http.header; content:"47.113.195.22"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37933211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 79.132.130.233 443 (msg: "MISP e27478 [] Outgoing To IP: 79.132.130.233|443"; classtype:trojan-activity; sid:37939011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 47.113.195.22 $HTTP_PORTS (msg: "MISP e27478 [] Outgoing URL http|3a|//47.113.195.22/load"; flow:to_server,established; http.header; content:"47.113.195.22"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37939031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 121.4.154.20 81 (msg: "MISP e27478 [] Outgoing URL http|3a|//121.4.154.20|3a|81/match"; flow:to_server,established; http.header; content:"121.4.154.20"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37939041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain dns.recentbeelive.com"; dns.query; content:"dns.recentbeelive.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.recentbeelive\.com$/i"; classtype:trojan-activity; sid:37939051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain dns.recentbeelive.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.recentbeelive.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.recentbeelive\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain ns1.netiapp.org"; dns.query; content:"ns1.netiapp.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.netiapp\.org$/i"; classtype:trojan-activity; sid:37939061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain ns1.netiapp.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.netiapp.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.netiapp\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain ns2.netiapp.org"; dns.query; content:"ns2.netiapp.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.netiapp\.org$/i"; classtype:trojan-activity; sid:37939071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain ns2.netiapp.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns2.netiapp.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.netiapp\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 124.71.9.23 8500 (msg: "MISP e27478 [] Outgoing URL http|3a|//124.71.9.23|3a|8500/j.ad"; flow:to_server,established; http.header; content:"124.71.9.23"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37939091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 45.77.160.60 53 (msg: "MISP e27478 [] Outgoing To IP: 45.77.160.60|53"; classtype:trojan-activity; sid:37939101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 108.61.210.72 53 (msg: "MISP e27478 [] Outgoing To IP: 108.61.210.72|53"; classtype:trojan-activity; sid:37939111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27457 [] Destination Email Address: sales@sysidex.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"sales@sysidex.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37937131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27457;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27457 [] Source Email Address: sales@sysidex.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"sales@sysidex.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37937141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27457;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27457 [] Bad Email Subject"; flow:established,to_server; content:"Subject|3a|"; nocase; content:"RE|3a| Quotation Request"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37937151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27457;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27457 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"RFQ-PO414601MT.doc|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37937161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27457;) alert ip 91.142.209.125 any -> $HOME_NET any (msg: "MISP e27457 [] Incoming From IP: 91.142.209.125"; classtype:trojan-activity; sid:37937171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27457;) alert ip $HOME_NET any -> 103.67.163.213 9462 (msg: "MISP e27434 [remcos] Outgoing To IP: 103.67.163.213|9462"; classtype:trojan-activity; sid:37933261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 120.48.5.80 6666 (msg: "MISP e27434 [Beijing Baidu Netcom Science and Technology Co. Ltd.,CobaltStrike,cs-watermark-100000] Outgoing URL http|3a|//120.48.5.80|3a|6666/cx"; flow:to_server,established; http.header; content:"120.48.5.80"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37933271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 185.81.68.249 $HTTP_PORTS (msg: "MISP e27434 [Chang Way Technologies Co. Limited,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//185.81.68.249/dpixel"; flow:to_server,established; http.header; content:"185.81.68.249"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37933291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 80.85.154.37 8000 (msg: "MISP e27434 [Chelyabinsk-Signal LLC,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//80.85.154.37|3a|8000/c/msdownload/update/others/2016/12/29136388_"; flow:to_server,established; http.header; content:"80.85.154.37"; fast_pattern; nocase; http.uri; content:"/c/msdownload/update/others/2016/12/29136388_"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37933301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 49.233.44.237 8000 (msg: "MISP e27434 [CobaltStrike,cs-watermark-1359593325,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//49.233.44.237|3a|8000/match"; flow:to_server,established; http.header; content:"49.233.44.237"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37933311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 123.60.159.23 80 (msg: "MISP e27434 [CobaltStrike,cs-watermark-1234567890,Huawei Cloud Service data center] Outgoing To IP: 123.60.159.23|80"; classtype:trojan-activity; sid:37933331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 49.233.44.237 8000 (msg: "MISP e27478 [] Outgoing URL http|3a|//49.233.44.237|3a|8000/match"; flow:to_server,established; http.header; content:"49.233.44.237"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37939141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 80.85.154.37 8000 (msg: "MISP e27478 [] Outgoing URL http|3a|//80.85.154.37|3a|8000/c/msdownload/update/others/2016/12/29136388_"; flow:to_server,established; http.header; content:"80.85.154.37"; fast_pattern; nocase; http.uri; content:"/c/msdownload/update/others/2016/12/29136388_"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37939151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 185.81.68.249 $HTTP_PORTS (msg: "MISP e27478 [] Outgoing URL http|3a|//185.81.68.249/dpixel"; flow:to_server,established; http.header; content:"185.81.68.249"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37939161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 120.48.5.80 6666 (msg: "MISP e27478 [] Outgoing URL http|3a|//120.48.5.80|3a|6666/cx"; flow:to_server,established; http.header; content:"120.48.5.80"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37939181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 123.60.159.23 80 (msg: "MISP e27478 [] Outgoing To IP: 123.60.159.23|80"; classtype:trojan-activity; sid:37939191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 103.67.163.213 9462 (msg: "MISP e27478 [] Outgoing To IP: 103.67.163.213|9462"; classtype:trojan-activity; sid:37939201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27479 [] Domain nova-ljubijanska.com"; dns.query; content:"nova-ljubijanska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nova\-ljubijanska\.com$/i"; classtype:trojan-activity; sid:37941261; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27479;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27479 [] Outgoing HTTP Domain nova-ljubijanska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nova-ljubijanska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nova\-ljubijanska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37941262; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27479;) alert dns any any -> any any (msg: "MISP e27475 [] Domain a0k6rsuux.sbs"; dns.query; content:"a0k6rsuux.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])a0k6rsuux\.sbs$/i"; classtype:trojan-activity; sid:37937841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain a0k6rsuux.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"a0k6rsuux.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])a0k6rsuux\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain artsandlearning.shop"; dns.query; content:"artsandlearning.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])artsandlearning\.shop$/i"; classtype:trojan-activity; sid:37937851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain artsandlearning.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"artsandlearning.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])artsandlearning\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain beake.shop"; dns.query; content:"beake.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-])beake\.shop$/i"; classtype:trojan-activity; sid:37937861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain beake.shop"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beake.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beake\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain before-you-build.online"; dns.query; content:"before-you-build.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])before\-you\-build\.online$/i"; classtype:trojan-activity; sid:37937871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain before-you-build.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"before-you-build.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])before\-you\-build\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain berhiring.com"; dns.query; content:"berhiring.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])berhiring\.com$/i"; classtype:trojan-activity; sid:37937881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain berhiring.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"berhiring.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])berhiring\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain c4videogames.com"; dns.query; content:"c4videogames.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])c4videogames\.com$/i"; classtype:trojan-activity; sid:37937891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain c4videogames.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"c4videogames.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])c4videogames\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain colossuspay.info"; dns.query; content:"colossuspay.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])colossuspay\.info$/i"; classtype:trojan-activity; sid:37937901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain colossuspay.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"colossuspay.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])colossuspay\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain ebara-elliott-energy.biz"; dns.query; content:"ebara-elliott-energy.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-])ebara\-elliott\-energy\.biz$/i"; classtype:trojan-activity; sid:37937911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain ebara-elliott-energy.biz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ebara-elliott-energy.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ebara\-elliott\-energy\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain gender.agency"; dns.query; content:"gender.agency"; nocase; pcre: "/(^|[^A-Za-z0-9-])gender\.agency$/i"; classtype:trojan-activity; sid:37937921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain gender.agency"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gender.agency"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gender\.agency[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain guiguigohost.com"; dns.query; content:"guiguigohost.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])guiguigohost\.com$/i"; classtype:trojan-activity; sid:37937931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain guiguigohost.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"guiguigohost.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])guiguigohost\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain hillfinconsult.com"; dns.query; content:"hillfinconsult.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hillfinconsult\.com$/i"; classtype:trojan-activity; sid:37937941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain hillfinconsult.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hillfinconsult.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hillfinconsult\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain himebauch.live"; dns.query; content:"himebauch.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])himebauch\.live$/i"; classtype:trojan-activity; sid:37937951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain himebauch.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"himebauch.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])himebauch\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain hit.koeln"; dns.query; content:"hit.koeln"; nocase; pcre: "/(^|[^A-Za-z0-9-])hit\.koeln$/i"; classtype:trojan-activity; sid:37937961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain hit.koeln"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hit.koeln"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hit\.koeln[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain icsconcretecoatings.com"; dns.query; content:"icsconcretecoatings.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])icsconcretecoatings\.com$/i"; classtype:trojan-activity; sid:37937971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain icsconcretecoatings.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"icsconcretecoatings.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])icsconcretecoatings\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain issoweb.com"; dns.query; content:"issoweb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])issoweb\.com$/i"; classtype:trojan-activity; sid:37937981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain issoweb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"issoweb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])issoweb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain lululimon.homes"; dns.query; content:"lululimon.homes"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululimon\.homes$/i"; classtype:trojan-activity; sid:37937991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain lululimon.homes"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululimon.homes"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululimon\.homes[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain luotianyi0712.love"; dns.query; content:"luotianyi0712.love"; nocase; pcre: "/(^|[^A-Za-z0-9-])luotianyi0712\.love$/i"; classtype:trojan-activity; sid:37938001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain luotianyi0712.love"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luotianyi0712.love"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luotianyi0712\.love[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain lysfitz.com"; dns.query; content:"lysfitz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lysfitz\.com$/i"; classtype:trojan-activity; sid:37938011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain lysfitz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lysfitz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lysfitz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain maguirelaneliving.com"; dns.query; content:"maguirelaneliving.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])maguirelaneliving\.com$/i"; classtype:trojan-activity; sid:37938021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain maguirelaneliving.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maguirelaneliving.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maguirelaneliving\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain meliorras.com"; dns.query; content:"meliorras.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])meliorras\.com$/i"; classtype:trojan-activity; sid:37938031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain meliorras.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"meliorras.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])meliorras\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain mvmusicfactory.org"; dns.query; content:"mvmusicfactory.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mvmusicfactory\.org$/i"; classtype:trojan-activity; sid:37938041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain mvmusicfactory.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mvmusicfactory.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mvmusicfactory\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain mylashnme.com"; dns.query; content:"mylashnme.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mylashnme\.com$/i"; classtype:trojan-activity; sid:37938051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain mylashnme.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mylashnme.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mylashnme\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain nctallstars.com"; dns.query; content:"nctallstars.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nctallstars\.com$/i"; classtype:trojan-activity; sid:37938061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain nctallstars.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nctallstars.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nctallstars\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain newstantonlocksmith.us"; dns.query; content:"newstantonlocksmith.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])newstantonlocksmith\.us$/i"; classtype:trojan-activity; sid:37938071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain newstantonlocksmith.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"newstantonlocksmith.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])newstantonlocksmith\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain nithcraftsman.life"; dns.query; content:"nithcraftsman.life"; nocase; pcre: "/(^|[^A-Za-z0-9-])nithcraftsman\.life$/i"; classtype:trojan-activity; sid:37938081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain nithcraftsman.life"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nithcraftsman.life"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nithcraftsman\.life[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain o649o.vip"; dns.query; content:"o649o.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-])o649o\.vip$/i"; classtype:trojan-activity; sid:37938091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain o649o.vip"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"o649o.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])o649o\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain rajaslot777.work"; dns.query; content:"rajaslot777.work"; nocase; pcre: "/(^|[^A-Za-z0-9-])rajaslot777\.work$/i"; classtype:trojan-activity; sid:37938101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain rajaslot777.work"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rajaslot777.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rajaslot777\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain seductionsessions.co.uk"; dns.query; content:"seductionsessions.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])seductionsessions\.co\.uk$/i"; classtype:trojan-activity; sid:37938111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain seductionsessions.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"seductionsessions.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])seductionsessions\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain smarteduindonesia.com"; dns.query; content:"smarteduindonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])smarteduindonesia\.com$/i"; classtype:trojan-activity; sid:37938121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain smarteduindonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"smarteduindonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])smarteduindonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain studiomoody.com"; dns.query; content:"studiomoody.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])studiomoody\.com$/i"; classtype:trojan-activity; sid:37938131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain studiomoody.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"studiomoody.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])studiomoody\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain sunesconepal.com"; dns.query; content:"sunesconepal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sunesconepal\.com$/i"; classtype:trojan-activity; sid:37938141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain sunesconepal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sunesconepal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sunesconepal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain texploraco.online"; dns.query; content:"texploraco.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])texploraco\.online$/i"; classtype:trojan-activity; sid:37938151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain texploraco.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"texploraco.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])texploraco\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain thegreenpenmedia.com"; dns.query; content:"thegreenpenmedia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thegreenpenmedia\.com$/i"; classtype:trojan-activity; sid:37938161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain thegreenpenmedia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thegreenpenmedia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thegreenpenmedia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain uc9d1.us"; dns.query; content:"uc9d1.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])uc9d1\.us$/i"; classtype:trojan-activity; sid:37938171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain uc9d1.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uc9d1.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uc9d1\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain uyrepwu44.sbs"; dns.query; content:"uyrepwu44.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])uyrepwu44\.sbs$/i"; classtype:trojan-activity; sid:37938181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain uyrepwu44.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uyrepwu44.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uyrepwu44\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain veikkausbonukset.guru"; dns.query; content:"veikkausbonukset.guru"; nocase; pcre: "/(^|[^A-Za-z0-9-])veikkausbonukset\.guru$/i"; classtype:trojan-activity; sid:37938191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain veikkausbonukset.guru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"veikkausbonukset.guru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])veikkausbonukset\.guru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain x26345.xyz"; dns.query; content:"x26345.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])x26345\.xyz$/i"; classtype:trojan-activity; sid:37938201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain x26345.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"x26345.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])x26345\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert dns any any -> any any (msg: "MISP e27475 [] Domain yogicdrishti.com"; dns.query; content:"yogicdrishti.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])yogicdrishti\.com$/i"; classtype:trojan-activity; sid:37938211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27475 [] Outgoing HTTP Domain yogicdrishti.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"yogicdrishti.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])yogicdrishti\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37938212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27475;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27668 [] Outgoing URL http|3a|//gulappa.app/"; flow:to_server,established; http.header; content:"gulappa.app"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38012561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27668;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27668 [] Outgoing URL http|3a|//muagol.com/"; flow:to_server,established; http.header; content:"muagol.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38012581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27668;) alert dns any any -> any any (msg: "MISP e27453 [] Domain dpd.sensa.com.pk"; dns.query; content:"dpd.sensa.com.pk"; nocase; pcre: "/(^|[^A-Za-z0-9-])dpd\.sensa\.com\.pk$/i"; classtype:trojan-activity; sid:37936941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27453;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27453 [] Outgoing HTTP Domain dpd.sensa.com.pk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dpd.sensa.com.pk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dpd\.sensa\.com\.pk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37936942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27453;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27669 [] Outgoing URL http|3a|//porsherses.com/a"; flow:to_server,established; http.header; content:"porsherses.com"; fast_pattern; nocase; http.uri; content:"/a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38012851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27669;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27669 [] Outgoing URL http|3a|//porsherses.com/iwiedsjq"; flow:to_server,established; http.header; content:"porsherses.com"; fast_pattern; nocase; http.uri; content:"/iwiedsjq"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38012861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27669;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27669 [] Outgoing URL http|3a|//porsherses.com/miipnznj"; flow:to_server,established; http.header; content:"porsherses.com"; fast_pattern; nocase; http.uri; content:"/miipnznj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38012871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27669;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27669 [] Outgoing URL http|3a|//porsherses.com/mvrqrkmx"; flow:to_server,established; http.header; content:"porsherses.com"; fast_pattern; nocase; http.uri; content:"/mvrqrkmx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38012881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27669;) alert dns any any -> any any (msg: "MISP e27452 [] Domain vmi-deklaracijaa-lt.com"; dns.query; content:"vmi-deklaracijaa-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com$/i"; classtype:trojan-activity; sid:37936631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27452;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27452 [] Outgoing HTTP Domain vmi-deklaracijaa-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracijaa-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37936632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27452;) alert dns any any -> any any (msg: "MISP e27461 [] Domain vmi-deklaracijaa-lt.com"; dns.query; content:"vmi-deklaracijaa-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com$/i"; classtype:trojan-activity; sid:37937281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27461;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27461 [] Outgoing HTTP Domain vmi-deklaracijaa-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracijaa-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27461;) alert dns any any -> any any (msg: "MISP e27509 [] Domain vmi-deklaracijaa-lt.com"; dns.query; content:"vmi-deklaracijaa-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com$/i"; classtype:trojan-activity; sid:37943431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27509;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27509 [] Outgoing HTTP Domain vmi-deklaracijaa-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracijaa-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27509;) alert dns any any -> any any (msg: "MISP e27510 [] Domain vmi-deklaracijaa-lt.com"; dns.query; content:"vmi-deklaracijaa-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com$/i"; classtype:trojan-activity; sid:37943461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27510 [] Outgoing HTTP Domain vmi-deklaracijaa-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracijaa-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27510;) alert dns any any -> any any (msg: "MISP e27472 [] Domain vmi-deklaracijaa-lt.com"; dns.query; content:"vmi-deklaracijaa-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com$/i"; classtype:trojan-activity; sid:37937751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27472;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27472 [] Outgoing HTTP Domain vmi-deklaracijaa-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracijaa-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27472;) alert dns any any -> any any (msg: "MISP e27468 [] Domain vmi-deklaracijaa-lt.com"; dns.query; content:"vmi-deklaracijaa-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com$/i"; classtype:trojan-activity; sid:37937651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27468;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27468 [] Outgoing HTTP Domain vmi-deklaracijaa-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracijaa-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27468;) alert dns any any -> any any (msg: "MISP e27488 [] Domain vmi-deklaracijaa-lt.com"; dns.query; content:"vmi-deklaracijaa-lt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com$/i"; classtype:trojan-activity; sid:37942551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27488;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27488 [] Outgoing HTTP Domain vmi-deklaracijaa-lt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vmi-deklaracijaa-lt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vmi\-deklaracijaa\-lt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37942552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27488;) alert dns any any -> any any (msg: "MISP e27669 [c2] Domain porsherses.com"; dns.query; content:"porsherses.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])porsherses\.com$/i"; classtype:trojan-activity; sid:38012951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27669;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27669 [c2] Outgoing HTTP Domain porsherses.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"porsherses.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])porsherses\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38012952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27669;) alert dns any any -> any any (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain www.ucaresupport.com"; dns.query; content:"www.ucaresupport.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ucaresupport\.com$/i"; classtype:trojan-activity; sid:37933401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain www.ucaresupport.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.ucaresupport.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ucaresupport\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Domain beautiful-fermi.104-168-102-175.plesk.page"; dns.query; content:"beautiful-fermi.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])beautiful\-fermi\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37933411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain beautiful-fermi.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beautiful-fermi.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beautiful\-fermi\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS208046,c2,censys] Domain www.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"www.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37933421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS208046,c2,censys] Outgoing HTTP Domain www.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Domain adoring-hellman.104-168-102-175.plesk.page"; dns.query; content:"adoring-hellman.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])adoring\-hellman\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37933431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain adoring-hellman.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adoring-hellman.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adoring\-hellman\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.festive-euclid.104-168-102-175.plesk.page"; dns.query; content:"www.festive-euclid.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.festive\-euclid\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37933441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.festive-euclid.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.festive-euclid.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.festive\-euclid\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS208046,c2,censys] Domain dirapushka.com"; dns.query; content:"dirapushka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dirapushka\.com$/i"; classtype:trojan-activity; sid:37933451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS208046,c2,censys] Outgoing HTTP Domain dirapushka.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dirapushka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dirapushka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS394711,c2,censys,LIMENET] Domain 192.lan-vg2-1.static.rozabg.com"; dns.query; content:"192.lan-vg2-1.static.rozabg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])192\.lan\-vg2\-1\.static\.rozabg\.com$/i"; classtype:trojan-activity; sid:37933461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS394711,c2,censys,LIMENET] Outgoing HTTP Domain 192.lan-vg2-1.static.rozabg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"192.lan-vg2-1.static.rozabg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])192\.lan\-vg2\-1\.static\.rozabg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.jovial-ellis.104-168-102-175.plesk.page"; dns.query; content:"www.jovial-ellis.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.jovial\-ellis\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37933471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.jovial-ellis.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.jovial-ellis.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.jovial\-ellis\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS55990,c2,censys] Domain ecs-110-41-134-233.compute.hwclouds-dns.com"; dns.query; content:"ecs-110-41-134-233.compute.hwclouds-dns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-110\-41\-134\-233\.compute\.hwclouds\-dns\.com$/i"; classtype:trojan-activity; sid:37933481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS55990,c2,censys] Outgoing HTTP Domain ecs-110-41-134-233.compute.hwclouds-dns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecs-110-41-134-233.compute.hwclouds-dns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecs\-110\-41\-134\-233\.compute\.hwclouds\-dns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 42.192.4.189 54333 (msg: "MISP e27434 [AS45090,c2,censys] Outgoing To IP: 42.192.4.189|54333"; classtype:trojan-activity; sid:37933491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 38.6.223.9 8888 (msg: "MISP e27434 [AS55933,c2,censys] Outgoing To IP: 38.6.223.9|8888"; classtype:trojan-activity; sid:37933501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain 167-71-186-178.ipv4.staticdns2.io"; dns.query; content:"167-71-186-178.ipv4.staticdns2.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])167\-71\-186\-178\.ipv4\.staticdns2\.io$/i"; classtype:trojan-activity; sid:37933511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain 167-71-186-178.ipv4.staticdns2.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"167-71-186-178.ipv4.staticdns2.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])167\-71\-186\-178\.ipv4\.staticdns2\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain ucaresupport.com"; dns.query; content:"ucaresupport.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ucaresupport\.com$/i"; classtype:trojan-activity; sid:37933521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain ucaresupport.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ucaresupport.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ucaresupport\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Domain www.nice-torvalds.104-168-102-175.plesk.page"; dns.query; content:"www.nice-torvalds.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nice\-torvalds\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37933531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain www.nice-torvalds.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nice-torvalds.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nice\-torvalds\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Domain angry-khorana.104-168-102-175.plesk.page"; dns.query; content:"angry-khorana.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])angry\-khorana\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37933541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain angry-khorana.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"angry-khorana.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])angry\-khorana\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 139.180.192.219 80 (msg: "MISP e27434 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 139.180.192.219|80"; classtype:trojan-activity; sid:37933551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 139.180.192.219 443 (msg: "MISP e27434 [AS-CHOOPA,AS20473,c2,censys] Outgoing To IP: 139.180.192.219|443"; classtype:trojan-activity; sid:37933561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 123.254.107.57 8443 (msg: "MISP e27434 [AS55933,c2,censys] Outgoing To IP: 123.254.107.57|8443"; classtype:trojan-activity; sid:37933571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 43.156.27.199 804 (msg: "MISP e27434 [AS132203,c2,censys] Outgoing To IP: 43.156.27.199|804"; classtype:trojan-activity; sid:37933581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 101.133.148.66 8023 (msg: "MISP e27434 [AS37963,c2,censys] Outgoing To IP: 101.133.148.66|8023"; classtype:trojan-activity; sid:37933591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 49.235.169.136 4444 (msg: "MISP e27434 [AS45090,c2,censys] Outgoing To IP: 49.235.169.136|4444"; classtype:trojan-activity; sid:37933601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 43.241.16.222 56158 (msg: "MISP e27434 [AS134771,c2,censys] Outgoing To IP: 43.241.16.222|56158"; classtype:trojan-activity; sid:37933611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 185.196.10.224 443 (msg: "MISP e27434 [AS42624,c2,censys,SIMPLECARRIER] Outgoing To IP: 185.196.10.224|443"; classtype:trojan-activity; sid:37933621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 185.196.10.224 2096 (msg: "MISP e27434 [AS42624,c2,censys,SIMPLECARRIER] Outgoing To IP: 185.196.10.224|2096"; classtype:trojan-activity; sid:37933631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 49.4.115.199 80 (msg: "MISP e27434 [AS55990,c2,censys] Outgoing To IP: 49.4.115.199|80"; classtype:trojan-activity; sid:37933641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Domain jovial-ellis.104-168-102-175.plesk.page"; dns.query; content:"jovial-ellis.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])jovial\-ellis\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37933651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing HTTP Domain jovial-ellis.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jovial-ellis.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jovial\-ellis\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 107.173.171.251 65443 (msg: "MISP e27434 [AS-COLOCROSSING,AS36352,c2,censys] Outgoing To IP: 107.173.171.251|65443"; classtype:trojan-activity; sid:37933661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 60.204.133.143 9876 (msg: "MISP e27434 [AS55990,c2,censys] Outgoing To IP: 60.204.133.143|9876"; classtype:trojan-activity; sid:37933671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 45.159.210.152 80 (msg: "MISP e27434 [AS56971,c2,censys,CLOUDBACKBONE] Outgoing To IP: 45.159.210.152|80"; classtype:trojan-activity; sid:37933681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 45.159.210.152 443 (msg: "MISP e27434 [AS56971,c2,censys,CLOUDBACKBONE] Outgoing To IP: 45.159.210.152|443"; classtype:trojan-activity; sid:37933691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 146.190.160.218 80 (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 146.190.160.218|80"; classtype:trojan-activity; sid:37933701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 94.156.66.44 8080 (msg: "MISP e27434 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.66.44|8080"; classtype:trojan-activity; sid:37933711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 8.130.119.173 80 (msg: "MISP e27434 [AS37963,c2,censys] Outgoing To IP: 8.130.119.173|80"; classtype:trojan-activity; sid:37933721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 8.130.119.173 443 (msg: "MISP e27434 [AS37963,c2,censys] Outgoing To IP: 8.130.119.173|443"; classtype:trojan-activity; sid:37933731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 123.57.204.175 80 (msg: "MISP e27434 [AS37963,c2,censys] Outgoing To IP: 123.57.204.175|80"; classtype:trojan-activity; sid:37933741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 61.160.207.61 443 (msg: "MISP e27434 [AS4134,c2,censys] Outgoing To IP: 61.160.207.61|443"; classtype:trojan-activity; sid:37933751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 101.34.243.38 80 (msg: "MISP e27434 [AS45090,c2,censys] Outgoing To IP: 101.34.243.38|80"; classtype:trojan-activity; sid:37933761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 193.42.61.102 2083 (msg: "MISP e27434 [AS29066,c2,censys] Outgoing To IP: 193.42.61.102|2083"; classtype:trojan-activity; sid:37933771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 47.236.248.52 2052 (msg: "MISP e27434 [AS45102,c2,censys] Outgoing To IP: 47.236.248.52|2052"; classtype:trojan-activity; sid:37933781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 47.236.248.52 10000 (msg: "MISP e27434 [AS45102,c2,censys] Outgoing To IP: 47.236.248.52|10000"; classtype:trojan-activity; sid:37933791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 95.169.24.74 443 (msg: "MISP e27434 [AS25820,c2,censys,IT7NET] Outgoing To IP: 95.169.24.74|443"; classtype:trojan-activity; sid:37933801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 148.135.127.214 443 (msg: "MISP e27434 [AS35916,c2,censys,MULTA-ASN1] Outgoing To IP: 148.135.127.214|443"; classtype:trojan-activity; sid:37933811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 148.135.127.214 80 (msg: "MISP e27434 [AS35916,c2,censys,MULTA-ASN1] Outgoing To IP: 148.135.127.214|80"; classtype:trojan-activity; sid:37933821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 8.130.105.233 80 (msg: "MISP e27434 [AS37963,c2,censys] Outgoing To IP: 8.130.105.233|80"; classtype:trojan-activity; sid:37933831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 120.46.94.192 8785 (msg: "MISP e27434 [AS55990,c2,censys] Outgoing To IP: 120.46.94.192|8785"; classtype:trojan-activity; sid:37933841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 1.32.228.98 80 (msg: "MISP e27434 [AS64050,c2,censys] Outgoing To IP: 1.32.228.98|80"; classtype:trojan-activity; sid:37933851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 209.141.44.168 443 (msg: "MISP e27434 [AS53667,c2,censys,PONYNET] Outgoing To IP: 209.141.44.168|443"; classtype:trojan-activity; sid:37933861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 101.36.111.175 2053 (msg: "MISP e27434 [AS135377,c2,censys] Outgoing To IP: 101.36.111.175|2053"; classtype:trojan-activity; sid:37933871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 124.70.158.35 80 (msg: "MISP e27434 [AS55990,c2,censys] Outgoing To IP: 124.70.158.35|80"; classtype:trojan-activity; sid:37933881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 47.109.106.162 80 (msg: "MISP e27434 [AS37963,c2,censys] Outgoing To IP: 47.109.106.162|80"; classtype:trojan-activity; sid:37933891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 121.5.69.117 8081 (msg: "MISP e27434 [AS45090,c2,censys] Outgoing To IP: 121.5.69.117|8081"; classtype:trojan-activity; sid:37933901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 47.94.241.49 8080 (msg: "MISP e27434 [AS37963,c2,censys] Outgoing To IP: 47.94.241.49|8080"; classtype:trojan-activity; sid:37933911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 121.199.40.70 80 (msg: "MISP e27434 [AS37963,c2,censys] Outgoing To IP: 121.199.40.70|80"; classtype:trojan-activity; sid:37933921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 105.102.177.34 443 (msg: "MISP e27434 [ALGTEL-AS,AS36947,c2,censys] Outgoing To IP: 105.102.177.34|443"; classtype:trojan-activity; sid:37933931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 188.127.237.45 443 (msg: "MISP e27434 [AS56694,c2,censys,SMARTAPE] Outgoing To IP: 188.127.237.45|443"; classtype:trojan-activity; sid:37933941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 64.225.53.227 443 (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 64.225.53.227|443"; classtype:trojan-activity; sid:37933951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 207.174.3.213 38443 (msg: "MISP e27434 [AS398019,c2,censys,DYNU] Outgoing To IP: 207.174.3.213|38443"; classtype:trojan-activity; sid:37933961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 68.183.236.120 443 (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing To IP: 68.183.236.120|443"; classtype:trojan-activity; sid:37933971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 194.87.213.6 443 (msg: "MISP e27434 [AS29470,c2,censys,RETNNET-AS] Outgoing To IP: 194.87.213.6|443"; classtype:trojan-activity; sid:37933981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 5.180.151.91 31337 (msg: "MISP e27434 [AS40021,c2,censys,NL-811-40021] Outgoing To IP: 5.180.151.91|31337"; classtype:trojan-activity; sid:37933991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 91.149.253.90 31337 (msg: "MISP e27434 [AS26383,ASNET,c2,censys] Outgoing To IP: 91.149.253.90|31337"; classtype:trojan-activity; sid:37934001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 15.235.166.83 443 (msg: "MISP e27434 [AS16276,c2,censys,OVH] Outgoing To IP: 15.235.166.83|443"; classtype:trojan-activity; sid:37934011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 139.162.63.45 8888 (msg: "MISP e27434 [AS63949,c2,censys,Supershell] Outgoing To IP: 139.162.63.45|8888"; classtype:trojan-activity; sid:37934021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 135.125.21.74 4242 (msg: "MISP e27434 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 135.125.21.74|4242"; classtype:trojan-activity; sid:37934031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 45.138.16.125 777 (msg: "MISP e27434 [AS210558,c2,censys,RAT] Outgoing To IP: 45.138.16.125|777"; classtype:trojan-activity; sid:37934041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 23.26.201.73 5555 (msg: "MISP e27434 [AS23470,c2,censys,RAT,RELIABLESITE] Outgoing To IP: 23.26.201.73|5555"; classtype:trojan-activity; sid:37934051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 89.117.49.133 1996 (msg: "MISP e27434 [AS51167,c2,censys,CONTABO,RAT] Outgoing To IP: 89.117.49.133|1996"; classtype:trojan-activity; sid:37934061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 147.124.213.188 6606 (msg: "MISP e27434 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 147.124.213.188|6606"; classtype:trojan-activity; sid:37934071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 69.64.95.233 8808 (msg: "MISP e27434 [AS18501,c2,censys,CODERO-DFW,RAT] Outgoing To IP: 69.64.95.233|8808"; classtype:trojan-activity; sid:37934081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 69.64.95.233 6606 (msg: "MISP e27434 [AS18501,c2,censys,CODERO-DFW,RAT] Outgoing To IP: 69.64.95.233|6606"; classtype:trojan-activity; sid:37934091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 94.156.69.174 7707 (msg: "MISP e27434 [AS394711,c2,censys,LIMENET,RAT] Outgoing To IP: 94.156.69.174|7707"; classtype:trojan-activity; sid:37934101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 147.124.217.110 6666 (msg: "MISP e27434 [AS396073,c2,censys,MAJESTIC-HOSTING-01,RAT] Outgoing To IP: 147.124.217.110|6666"; classtype:trojan-activity; sid:37934111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 185.174.101.80 7707 (msg: "MISP e27434 [AS8100,ASN-QUADRANET-GLOBAL,c2,censys,RAT] Outgoing To IP: 185.174.101.80|7707"; classtype:trojan-activity; sid:37934121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 51.195.231.121 8808 (msg: "MISP e27434 [AS16276,c2,censys,OVH,RAT] Outgoing To IP: 51.195.231.121|8808"; classtype:trojan-activity; sid:37934131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS47516,c2,censys,HookBot] Domain fi119-files.canceltap.online"; dns.query; content:"fi119-files.canceltap.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])fi119\-files\.canceltap\.online$/i"; classtype:trojan-activity; sid:37934141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS47516,c2,censys,HookBot] Outgoing HTTP Domain fi119-files.canceltap.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fi119-files.canceltap.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fi119\-files\.canceltap\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain s1.devsapi.ru"; dns.query; content:"s1.devsapi.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])s1\.devsapi\.ru$/i"; classtype:trojan-activity; sid:37934151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain s1.devsapi.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"s1.devsapi.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])s1\.devsapi\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS29182,c2,censys,HookBot,RU-JSCIOT] Domain grinevitchnicolas5.fvds.ru"; dns.query; content:"grinevitchnicolas5.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas5\.fvds\.ru$/i"; classtype:trojan-activity; sid:37934161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS29182,c2,censys,HookBot,RU-JSCIOT] Outgoing HTTP Domain grinevitchnicolas5.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grinevitchnicolas5.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas5\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Domain mesixcrypto.com"; dns.query; content:"mesixcrypto.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mesixcrypto\.com$/i"; classtype:trojan-activity; sid:37934171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS13335,c2,censys,CLOUDFLARENET,HookBot] Outgoing HTTP Domain mesixcrypto.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mesixcrypto.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mesixcrypto\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 45.145.42.229 80 (msg: "MISP e27434 [AS58212,c2,censys,DATAFOREST,HookBot] Outgoing To IP: 45.145.42.229|80"; classtype:trojan-activity; sid:37934181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 185.221.198.67 8081 (msg: "MISP e27434 [AS-NUXTCLOUD,AS216127,c2,censys] Outgoing To IP: 185.221.198.67|8081"; classtype:trojan-activity; sid:37934191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 181.162.168.165 8080 (msg: "MISP e27434 [AS7418,c2,censys,RAT] Outgoing To IP: 181.162.168.165|8080"; classtype:trojan-activity; sid:37934201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 14.225.210.222 12345 (msg: "MISP e27434 [AS135905,c2,censys,RAT] Outgoing To IP: 14.225.210.222|12345"; classtype:trojan-activity; sid:37934211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 191.82.223.234 2000 (msg: "MISP e27434 [AS22927,c2,censys,RAT] Outgoing To IP: 191.82.223.234|2000"; classtype:trojan-activity; sid:37934221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 81.69.242.185 80 (msg: "MISP e27434 [AS45090,c2,censys] Outgoing To IP: 81.69.242.185|80"; classtype:trojan-activity; sid:37934231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 81.69.242.185 443 (msg: "MISP e27434 [AS45090,c2,censys] Outgoing To IP: 81.69.242.185|443"; classtype:trojan-activity; sid:37934241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain edgarmcneil.autos"; dns.query; content:"edgarmcneil.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])edgarmcneil\.autos$/i"; classtype:trojan-activity; sid:37934251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain edgarmcneil.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edgarmcneil.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edgarmcneil\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AMAZON-02,AS16509,c2,censys] Domain ec2-54-169-174-23.ap-southeast-1.compute.amazonaws.com"; dns.query; content:"ec2-54-169-174-23.ap-southeast-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-169\-174\-23\.ap\-southeast\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37934261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AMAZON-02,AS16509,c2,censys] Outgoing HTTP Domain ec2-54-169-174-23.ap-southeast-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-169-174-23.ap-southeast-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-169\-174\-23\.ap\-southeast\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Domain 126.124.141.34.bc.googleusercontent.com"; dns.query; content:"126.124.141.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])126\.124\.141\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37934271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM] Outgoing HTTP Domain 126.124.141.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"126.124.141.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])126\.124\.141\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS29802,c2,censys,HVC-AS] Domain www.fresocialcasinogames.com"; dns.query; content:"www.fresocialcasinogames.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fresocialcasinogames\.com$/i"; classtype:trojan-activity; sid:37934281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS29802,c2,censys,HVC-AS] Outgoing HTTP Domain www.fresocialcasinogames.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.fresocialcasinogames.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fresocialcasinogames\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Domain kardiocentrumnitra-fingera.com"; dns.query; content:"kardiocentrumnitra-fingera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kardiocentrumnitra\-fingera\.com$/i"; classtype:trojan-activity; sid:37934291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS14061,c2,censys,DIGITALOCEAN-ASN] Outgoing HTTP Domain kardiocentrumnitra-fingera.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kardiocentrumnitra-fingera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kardiocentrumnitra\-fingera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 91.92.242.137 8443 (msg: "MISP e27434 [AS394711,c2,censys,LIMENET] Outgoing To IP: 91.92.242.137|8443"; classtype:trojan-activity; sid:37934301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 172.208.54.18 80 (msg: "MISP e27434 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 172.208.54.18|80"; classtype:trojan-activity; sid:37934311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 45.128.96.74 80 (msg: "MISP e27434 [AS203168,c2,censys,UNKNOW] Outgoing To IP: 45.128.96.74|80"; classtype:trojan-activity; sid:37934321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 193.222.96.33 80 (msg: "MISP e27434 [AS203168,c2,censys,UNKNOW] Outgoing To IP: 193.222.96.33|80"; classtype:trojan-activity; sid:37934331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 185.78.76.40 80 (msg: "MISP e27434 [AS-NUXTCLOUD,AS216127,c2,censys] Outgoing To IP: 185.78.76.40|80"; classtype:trojan-activity; sid:37934341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 20.77.71.31 80 (msg: "MISP e27434 [AS8075,c2,censys,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.77.71.31|80"; classtype:trojan-activity; sid:37934351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 195.211.97.9 80 (msg: "MISP e27434 [AS204957,c2,censys,GREENFLOID-AS,stealer] Outgoing To IP: 195.211.97.9|80"; classtype:trojan-activity; sid:37934361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 34.200.37.176 443 (msg: "MISP e27434 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing To IP: 34.200.37.176|443"; classtype:trojan-activity; sid:37934371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Domain ec2-34-200-37-176.compute-1.amazonaws.com"; dns.query; content:"ec2-34-200-37-176.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-200\-37\-176\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37934381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AMAZON-AES,AS14618,c2,censys,SerpentStealer,stealer] Outgoing HTTP Domain ec2-34-200-37-176.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-34-200-37-176.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-200\-37\-176\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS16276,c2,censys,EpsilonStealer,OVH,stealer] Domain ip140.ip-51-195-83.eu"; dns.query; content:"ip140.ip-51-195-83.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])ip140\.ip\-51\-195\-83\.eu$/i"; classtype:trojan-activity; sid:37934391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS16276,c2,censys,EpsilonStealer,OVH,stealer] Outgoing HTTP Domain ip140.ip-51-195-83.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ip140.ip-51-195-83.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ip140\.ip\-51\-195\-83\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 183.249.20.106 8090 (msg: "MISP e27434 [AS56041,c2,censys] Outgoing To IP: 183.249.20.106|8090"; classtype:trojan-activity; sid:37934401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 36.152.201.67 65535 (msg: "MISP e27434 [AS56046,c2,censys] Outgoing To IP: 36.152.201.67|65535"; classtype:trojan-activity; sid:37934411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 194.127.178.5 80 (msg: "MISP e27434 [AS62240,c2,censys] Outgoing To IP: 194.127.178.5|80"; classtype:trojan-activity; sid:37934421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 103.172.79.74 80 (msg: "MISP e27434 [AS135901,c2,censys] Outgoing To IP: 103.172.79.74|80"; classtype:trojan-activity; sid:37934431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 103.116.52.207 80 (msg: "MISP e27434 [AS150830,c2,censys] Outgoing To IP: 103.116.52.207|80"; classtype:trojan-activity; sid:37934441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 81.230.10.189 80 (msg: "MISP e27434 [AS3301,c2,censys,UNAM] Outgoing To IP: 81.230.10.189|80"; classtype:trojan-activity; sid:37934451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 134.255.254.225 80 (msg: "MISP e27434 [AS213250,c2,censys,ITP-SOLUTIONS,UNAM] Outgoing To IP: 134.255.254.225|80"; classtype:trojan-activity; sid:37934461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS32475,c2,censys,SINGLEHOP-LLC,UNAM] Domain binplat.elementfx.com"; dns.query; content:"binplat.elementfx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])binplat\.elementfx\.com$/i"; classtype:trojan-activity; sid:37934471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS32475,c2,censys,SINGLEHOP-LLC,UNAM] Outgoing HTTP Domain binplat.elementfx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"binplat.elementfx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])binplat\.elementfx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AEZA-AS,AS210644,c2,censys,UNAM] Domain se-5.ironhide.su"; dns.query; content:"se-5.ironhide.su"; nocase; pcre: "/(^|[^A-Za-z0-9-])se\-5\.ironhide\.su$/i"; classtype:trojan-activity; sid:37934481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AEZA-AS,AS210644,c2,censys,UNAM] Outgoing HTTP Domain se-5.ironhide.su"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"se-5.ironhide.su"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])se\-5\.ironhide\.su[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS13335,c2,censys,CLOUDFLARENET,UNAM] Domain panel.niggas.icu"; dns.query; content:"panel.niggas.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.niggas\.icu$/i"; classtype:trojan-activity; sid:37934491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS13335,c2,censys,CLOUDFLARENET,UNAM] Outgoing HTTP Domain panel.niggas.icu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"panel.niggas.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.niggas\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 34.172.89.75 80 (msg: "MISP e27434 [AS396982,c2,censys,GOOGLE-CLOUD-PLATFORM,RAT] Outgoing To IP: 34.172.89.75|80"; classtype:trojan-activity; sid:37934501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 8.140.55.145 60000 (msg: "MISP e27434 [AS37963,censys,Viper] Outgoing To IP: 8.140.55.145|60000"; classtype:trojan-activity; sid:37934511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 117.72.10.229 60000 (msg: "MISP e27434 [AS141679,censys,Viper] Outgoing To IP: 117.72.10.229|60000"; classtype:trojan-activity; sid:37934521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 91.92.242.137 60000 (msg: "MISP e27434 [AS394711,censys,LIMENET,Viper] Outgoing To IP: 91.92.242.137|60000"; classtype:trojan-activity; sid:37934531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 154.223.21.28 60000 (msg: "MISP e27434 [AS138915,censys,Viper] Outgoing To IP: 154.223.21.28|60000"; classtype:trojan-activity; sid:37934541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AS16276,censys,EvilGinx,OVH,phishing] Domain ip177.ip-51-210-73.eu"; dns.query; content:"ip177.ip-51-210-73.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])ip177\.ip\-51\-210\-73\.eu$/i"; classtype:trojan-activity; sid:37934551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AS16276,censys,EvilGinx,OVH,phishing] Outgoing HTTP Domain ip177.ip-51-210-73.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ip177.ip-51-210-73.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ip177\.ip\-51\-210\-73\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [AMAZON-AES,AS14618,censys,EvilGinx,phishing] Domain accountcapabilities-pa.accguide.com"; dns.query; content:"accountcapabilities-pa.accguide.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])accountcapabilities\-pa\.accguide\.com$/i"; classtype:trojan-activity; sid:37934561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [AMAZON-AES,AS14618,censys,EvilGinx,phishing] Outgoing HTTP Domain accountcapabilities-pa.accguide.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"accountcapabilities-pa.accguide.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])accountcapabilities\-pa\.accguide\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 44.222.157.145 3333 (msg: "MISP e27434 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 44.222.157.145|3333"; classtype:trojan-activity; sid:37934571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 103.27.202.188 3333 (msg: "MISP e27434 [AS58955,censys,GoPhish,phishing] Outgoing To IP: 103.27.202.188|3333"; classtype:trojan-activity; sid:37934581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 52.28.220.250 80 (msg: "MISP e27434 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 52.28.220.250|80"; classtype:trojan-activity; sid:37934591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 52.28.220.250 443 (msg: "MISP e27434 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 52.28.220.250|443"; classtype:trojan-activity; sid:37934601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 3.135.49.252 8443 (msg: "MISP e27434 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.135.49.252|8443"; classtype:trojan-activity; sid:37934611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 149.129.241.76 3333 (msg: "MISP e27434 [AS45102,censys,GoPhish,phishing] Outgoing To IP: 149.129.241.76|3333"; classtype:trojan-activity; sid:37934621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 186.121.34.135 443 (msg: "MISP e27434 [AS3816,censys,GoPhish,phishing] Outgoing To IP: 186.121.34.135|443"; classtype:trojan-activity; sid:37934631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 159.89.212.121 4433 (msg: "MISP e27434 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 159.89.212.121|4433"; classtype:trojan-activity; sid:37934641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 91.134.226.170 2053 (msg: "MISP e27434 [AS16276,censys,GoPhish,OVH,phishing] Outgoing To IP: 91.134.226.170|2053"; classtype:trojan-activity; sid:37934651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 3.21.161.218 8443 (msg: "MISP e27434 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.21.161.218|8443"; classtype:trojan-activity; sid:37934661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 54.89.6.172 443 (msg: "MISP e27434 [AMAZON-AES,AS14618,censys,GoPhish,phishing] Outgoing To IP: 54.89.6.172|443"; classtype:trojan-activity; sid:37934671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 128.199.98.189 43333 (msg: "MISP e27434 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 128.199.98.189|43333"; classtype:trojan-activity; sid:37934681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 64.226.106.235 3333 (msg: "MISP e27434 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 64.226.106.235|3333"; classtype:trojan-activity; sid:37934691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 43.132.234.114 3333 (msg: "MISP e27434 [AS132203,censys,GoPhish,phishing] Outgoing To IP: 43.132.234.114|3333"; classtype:trojan-activity; sid:37934701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 24.199.126.139 3333 (msg: "MISP e27434 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 24.199.126.139|3333"; classtype:trojan-activity; sid:37934711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 198.13.46.179 9999 (msg: "MISP e27434 [AS-CHOOPA,AS20473,censys,GoPhish,phishing] Outgoing To IP: 198.13.46.179|9999"; classtype:trojan-activity; sid:37934721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 43.229.134.14 3333 (msg: "MISP e27434 [AS56309,censys,GoPhish,phishing] Outgoing To IP: 43.229.134.14|3333"; classtype:trojan-activity; sid:37934731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 106.15.52.156 9999 (msg: "MISP e27434 [AS37963,censys,GoPhish,phishing] Outgoing To IP: 106.15.52.156|9999"; classtype:trojan-activity; sid:37934741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 43.136.86.22 31220 (msg: "MISP e27434 [AS45090,censys,GoPhish,phishing] Outgoing To IP: 43.136.86.22|31220"; classtype:trojan-activity; sid:37934751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 3.69.130.202 443 (msg: "MISP e27434 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 3.69.130.202|443"; classtype:trojan-activity; sid:37934761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 194.182.90.109 3333 (msg: "MISP e27434 [AS24806,censys,GoPhish,phishing] Outgoing To IP: 194.182.90.109|3333"; classtype:trojan-activity; sid:37934771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 20.212.234.70 3333 (msg: "MISP e27434 [AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,phishing] Outgoing To IP: 20.212.234.70|3333"; classtype:trojan-activity; sid:37934781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 121.37.222.182 5001 (msg: "MISP e27434 [AS55990,censys,GoPhish,phishing] Outgoing To IP: 121.37.222.182|5001"; classtype:trojan-activity; sid:37934791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 93.119.13.109 443 (msg: "MISP e27434 [AS20857,censys,GoPhish,phishing] Outgoing To IP: 93.119.13.109|443"; classtype:trojan-activity; sid:37934801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 18.192.93.230 4444 (msg: "MISP e27434 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 18.192.93.230|4444"; classtype:trojan-activity; sid:37934811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 47.99.186.100 8080 (msg: "MISP e27434 [AS37963,censys,GoPhish,phishing] Outgoing To IP: 47.99.186.100|8080"; classtype:trojan-activity; sid:37934821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 54.148.146.229 3333 (msg: "MISP e27434 [AMAZON-02,AS16509,censys,GoPhish,phishing] Outgoing To IP: 54.148.146.229|3333"; classtype:trojan-activity; sid:37934831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 74.207.231.13 3333 (msg: "MISP e27434 [AS63949,censys,GoPhish,phishing] Outgoing To IP: 74.207.231.13|3333"; classtype:trojan-activity; sid:37934841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 165.232.101.47 3333 (msg: "MISP e27434 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 165.232.101.47|3333"; classtype:trojan-activity; sid:37934851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 139.59.16.171 9999 (msg: "MISP e27434 [AS14061,censys,DIGITALOCEAN-ASN,GoPhish,phishing] Outgoing To IP: 139.59.16.171|9999"; classtype:trojan-activity; sid:37934861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 45.77.154.69 30092 (msg: "MISP e27434 [AS-CHOOPA,AS20473,censys,GoPhish,phishing] Outgoing To IP: 45.77.154.69|30092"; classtype:trojan-activity; sid:37934871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27357 [] Domain banestado-cuentapro.pages.dev"; dns.query; content:"banestado-cuentapro.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuentapro\.pages\.dev$/i"; classtype:trojan-activity; sid:37917791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27357;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27357 [] Outgoing HTTP Domain banestado-cuentapro.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-cuentapro.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuentapro\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37917792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27357;) alert dns any any -> any any (msg: "MISP e27478 [] Domain kardiocentrumnitra-fingera.com"; dns.query; content:"kardiocentrumnitra-fingera.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kardiocentrumnitra\-fingera\.com$/i"; classtype:trojan-activity; sid:37939211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain kardiocentrumnitra-fingera.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kardiocentrumnitra-fingera.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kardiocentrumnitra\-fingera\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain www.fresocialcasinogames.com"; dns.query; content:"www.fresocialcasinogames.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fresocialcasinogames\.com$/i"; classtype:trojan-activity; sid:37939221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain www.fresocialcasinogames.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.fresocialcasinogames.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fresocialcasinogames\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain 126.124.141.34.bc.googleusercontent.com"; dns.query; content:"126.124.141.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])126\.124\.141\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37939231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain 126.124.141.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"126.124.141.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])126\.124\.141\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain ec2-54-169-174-23.ap-southeast-1.compute.amazonaws.com"; dns.query; content:"ec2-54-169-174-23.ap-southeast-1.compute.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-169\-174\-23\.ap\-southeast\-1\.compute\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37939241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain ec2-54-169-174-23.ap-southeast-1.compute.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-54-169-174-23.ap-southeast-1.compute.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-54\-169\-174\-23\.ap\-southeast\-1\.compute\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain edgarmcneil.autos"; dns.query; content:"edgarmcneil.autos"; nocase; pcre: "/(^|[^A-Za-z0-9-])edgarmcneil\.autos$/i"; classtype:trojan-activity; sid:37939251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain edgarmcneil.autos"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"edgarmcneil.autos"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])edgarmcneil\.autos[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain grinevitchnicolas5.fvds.ru"; dns.query; content:"grinevitchnicolas5.fvds.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas5\.fvds\.ru$/i"; classtype:trojan-activity; sid:37939261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain grinevitchnicolas5.fvds.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grinevitchnicolas5.fvds.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grinevitchnicolas5\.fvds\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain mesixcrypto.com"; dns.query; content:"mesixcrypto.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mesixcrypto\.com$/i"; classtype:trojan-activity; sid:37939271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain mesixcrypto.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mesixcrypto.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mesixcrypto\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain fi119-files.canceltap.online"; dns.query; content:"fi119-files.canceltap.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])fi119\-files\.canceltap\.online$/i"; classtype:trojan-activity; sid:37939281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain fi119-files.canceltap.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fi119-files.canceltap.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fi119\-files\.canceltap\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain s1.devsapi.ru"; dns.query; content:"s1.devsapi.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])s1\.devsapi\.ru$/i"; classtype:trojan-activity; sid:37939291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain s1.devsapi.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"s1.devsapi.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])s1\.devsapi\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain jovial-ellis.104-168-102-175.plesk.page"; dns.query; content:"jovial-ellis.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])jovial\-ellis\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37939301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain jovial-ellis.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jovial-ellis.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jovial\-ellis\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain angry-khorana.104-168-102-175.plesk.page"; dns.query; content:"angry-khorana.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])angry\-khorana\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37939311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain angry-khorana.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"angry-khorana.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])angry\-khorana\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain ucaresupport.com"; dns.query; content:"ucaresupport.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ucaresupport\.com$/i"; classtype:trojan-activity; sid:37939321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain ucaresupport.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ucaresupport.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ucaresupport\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain www.nice-torvalds.104-168-102-175.plesk.page"; dns.query; content:"www.nice-torvalds.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nice\-torvalds\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37939331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain www.nice-torvalds.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.nice-torvalds.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.nice\-torvalds\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain 167-71-186-178.ipv4.staticdns2.io"; dns.query; content:"167-71-186-178.ipv4.staticdns2.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])167\-71\-186\-178\.ipv4\.staticdns2\.io$/i"; classtype:trojan-activity; sid:37939341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain 167-71-186-178.ipv4.staticdns2.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"167-71-186-178.ipv4.staticdns2.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])167\-71\-186\-178\.ipv4\.staticdns2\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain 192.lan-vg2-1.static.rozabg.com"; dns.query; content:"192.lan-vg2-1.static.rozabg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])192\.lan\-vg2\-1\.static\.rozabg\.com$/i"; classtype:trojan-activity; sid:37939361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain 192.lan-vg2-1.static.rozabg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"192.lan-vg2-1.static.rozabg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])192\.lan\-vg2\-1\.static\.rozabg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain www.jovial-ellis.104-168-102-175.plesk.page"; dns.query; content:"www.jovial-ellis.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.jovial\-ellis\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37939371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain www.jovial-ellis.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.jovial-ellis.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.jovial\-ellis\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain dirapushka.com"; dns.query; content:"dirapushka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dirapushka\.com$/i"; classtype:trojan-activity; sid:37939381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain dirapushka.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dirapushka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dirapushka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain www.festive-euclid.104-168-102-175.plesk.page"; dns.query; content:"www.festive-euclid.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.festive\-euclid\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37939391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain www.festive-euclid.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.festive-euclid.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.festive\-euclid\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain www.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; dns.query; content:"www.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz$/i"; classtype:trojan-activity; sid:37939401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain www.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.hg23jh4gk234gjhk2j3g4h2kjh3g4.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.hg23jh4gk234gjhk2j3g4h2kjh3g4\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain adoring-hellman.104-168-102-175.plesk.page"; dns.query; content:"adoring-hellman.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])adoring\-hellman\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37939411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain adoring-hellman.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adoring-hellman.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adoring\-hellman\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain www.ucaresupport.com"; dns.query; content:"www.ucaresupport.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ucaresupport\.com$/i"; classtype:trojan-activity; sid:37939421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain www.ucaresupport.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.ucaresupport.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.ucaresupport\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain beautiful-fermi.104-168-102-175.plesk.page"; dns.query; content:"beautiful-fermi.104-168-102-175.plesk.page"; nocase; pcre: "/(^|[^A-Za-z0-9-])beautiful\-fermi\.104\-168\-102\-175\.plesk\.page$/i"; classtype:trojan-activity; sid:37939431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain beautiful-fermi.104-168-102-175.plesk.page"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beautiful-fermi.104-168-102-175.plesk.page"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beautiful\-fermi\.104\-168\-102\-175\.plesk\.page[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37939432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 20.77.71.31 80 (msg: "MISP e27478 [] Outgoing To IP: 20.77.71.31|80"; classtype:trojan-activity; sid:37939441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 185.78.76.40 80 (msg: "MISP e27478 [] Outgoing To IP: 185.78.76.40|80"; classtype:trojan-activity; sid:37939451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 193.222.96.33 80 (msg: "MISP e27478 [] Outgoing To IP: 193.222.96.33|80"; classtype:trojan-activity; sid:37939461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 45.128.96.74 80 (msg: "MISP e27478 [] Outgoing To IP: 45.128.96.74|80"; classtype:trojan-activity; sid:37939471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 172.208.54.18 80 (msg: "MISP e27478 [] Outgoing To IP: 172.208.54.18|80"; classtype:trojan-activity; sid:37939481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 91.92.242.137 8443 (msg: "MISP e27478 [] Outgoing To IP: 91.92.242.137|8443"; classtype:trojan-activity; sid:37939491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 81.69.242.185 443 (msg: "MISP e27478 [] Outgoing To IP: 81.69.242.185|443"; classtype:trojan-activity; sid:37939501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 81.69.242.185 80 (msg: "MISP e27478 [] Outgoing To IP: 81.69.242.185|80"; classtype:trojan-activity; sid:37939511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 191.82.223.234 2000 (msg: "MISP e27478 [] Outgoing To IP: 191.82.223.234|2000"; classtype:trojan-activity; sid:37939521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 14.225.210.222 12345 (msg: "MISP e27478 [] Outgoing To IP: 14.225.210.222|12345"; classtype:trojan-activity; sid:37939531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 181.162.168.165 8080 (msg: "MISP e27478 [] Outgoing To IP: 181.162.168.165|8080"; classtype:trojan-activity; sid:37939541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 185.221.198.67 8081 (msg: "MISP e27478 [] Outgoing To IP: 185.221.198.67|8081"; classtype:trojan-activity; sid:37939551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 45.145.42.229 80 (msg: "MISP e27478 [] Outgoing To IP: 45.145.42.229|80"; classtype:trojan-activity; sid:37939561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 51.195.231.121 8808 (msg: "MISP e27478 [] Outgoing To IP: 51.195.231.121|8808"; classtype:trojan-activity; sid:37939571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 185.174.101.80 7707 (msg: "MISP e27478 [] Outgoing To IP: 185.174.101.80|7707"; classtype:trojan-activity; sid:37939581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 147.124.217.110 6666 (msg: "MISP e27478 [] Outgoing To IP: 147.124.217.110|6666"; classtype:trojan-activity; sid:37939591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 94.156.69.174 7707 (msg: "MISP e27478 [] Outgoing To IP: 94.156.69.174|7707"; classtype:trojan-activity; sid:37939601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 69.64.95.233 8808 (msg: "MISP e27478 [] Outgoing To IP: 69.64.95.233|8808"; classtype:trojan-activity; sid:37939611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 69.64.95.233 6606 (msg: "MISP e27478 [] Outgoing To IP: 69.64.95.233|6606"; classtype:trojan-activity; sid:37939621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 147.124.213.188 6606 (msg: "MISP e27478 [] Outgoing To IP: 147.124.213.188|6606"; classtype:trojan-activity; sid:37939631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 89.117.49.133 1996 (msg: "MISP e27478 [] Outgoing To IP: 89.117.49.133|1996"; classtype:trojan-activity; sid:37939641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 23.26.201.73 5555 (msg: "MISP e27478 [] Outgoing To IP: 23.26.201.73|5555"; classtype:trojan-activity; sid:37939651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 45.138.16.125 777 (msg: "MISP e27478 [] Outgoing To IP: 45.138.16.125|777"; classtype:trojan-activity; sid:37939661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 135.125.21.74 4242 (msg: "MISP e27478 [] Outgoing To IP: 135.125.21.74|4242"; classtype:trojan-activity; sid:37939671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 139.162.63.45 8888 (msg: "MISP e27478 [] Outgoing To IP: 139.162.63.45|8888"; classtype:trojan-activity; sid:37939681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 15.235.166.83 443 (msg: "MISP e27478 [] Outgoing To IP: 15.235.166.83|443"; classtype:trojan-activity; sid:37939691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 5.180.151.91 31337 (msg: "MISP e27478 [] Outgoing To IP: 5.180.151.91|31337"; classtype:trojan-activity; sid:37939701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 91.149.253.90 31337 (msg: "MISP e27478 [] Outgoing To IP: 91.149.253.90|31337"; classtype:trojan-activity; sid:37939711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 194.87.213.6 443 (msg: "MISP e27478 [] Outgoing To IP: 194.87.213.6|443"; classtype:trojan-activity; sid:37939721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 68.183.236.120 443 (msg: "MISP e27478 [] Outgoing To IP: 68.183.236.120|443"; classtype:trojan-activity; sid:37939731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 64.225.53.227 443 (msg: "MISP e27478 [] Outgoing To IP: 64.225.53.227|443"; classtype:trojan-activity; sid:37939741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 207.174.3.213 38443 (msg: "MISP e27478 [] Outgoing To IP: 207.174.3.213|38443"; classtype:trojan-activity; sid:37939751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 188.127.237.45 443 (msg: "MISP e27478 [] Outgoing To IP: 188.127.237.45|443"; classtype:trojan-activity; sid:37939761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 105.102.177.34 443 (msg: "MISP e27478 [] Outgoing To IP: 105.102.177.34|443"; classtype:trojan-activity; sid:37939771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 47.94.241.49 8080 (msg: "MISP e27478 [] Outgoing To IP: 47.94.241.49|8080"; classtype:trojan-activity; sid:37939781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 121.199.40.70 80 (msg: "MISP e27478 [] Outgoing To IP: 121.199.40.70|80"; classtype:trojan-activity; sid:37939791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 121.5.69.117 8081 (msg: "MISP e27478 [] Outgoing To IP: 121.5.69.117|8081"; classtype:trojan-activity; sid:37939801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 47.109.106.162 80 (msg: "MISP e27478 [] Outgoing To IP: 47.109.106.162|80"; classtype:trojan-activity; sid:37939811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 124.70.158.35 80 (msg: "MISP e27478 [] Outgoing To IP: 124.70.158.35|80"; classtype:trojan-activity; sid:37939821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 101.36.111.175 2053 (msg: "MISP e27478 [] Outgoing To IP: 101.36.111.175|2053"; classtype:trojan-activity; sid:37939831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 1.32.228.98 80 (msg: "MISP e27478 [] Outgoing To IP: 1.32.228.98|80"; classtype:trojan-activity; sid:37939841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 209.141.44.168 443 (msg: "MISP e27478 [] Outgoing To IP: 209.141.44.168|443"; classtype:trojan-activity; sid:37939851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 120.46.94.192 8785 (msg: "MISP e27478 [] Outgoing To IP: 120.46.94.192|8785"; classtype:trojan-activity; sid:37939861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 8.130.105.233 80 (msg: "MISP e27478 [] Outgoing To IP: 8.130.105.233|80"; classtype:trojan-activity; sid:37939871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 148.135.127.214 443 (msg: "MISP e27478 [] Outgoing To IP: 148.135.127.214|443"; classtype:trojan-activity; sid:37939881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 148.135.127.214 80 (msg: "MISP e27478 [] Outgoing To IP: 148.135.127.214|80"; classtype:trojan-activity; sid:37939891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 95.169.24.74 443 (msg: "MISP e27478 [] Outgoing To IP: 95.169.24.74|443"; classtype:trojan-activity; sid:37939901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 47.236.248.52 10000 (msg: "MISP e27478 [] Outgoing To IP: 47.236.248.52|10000"; classtype:trojan-activity; sid:37939911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 47.236.248.52 2052 (msg: "MISP e27478 [] Outgoing To IP: 47.236.248.52|2052"; classtype:trojan-activity; sid:37939921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 193.42.61.102 2083 (msg: "MISP e27478 [] Outgoing To IP: 193.42.61.102|2083"; classtype:trojan-activity; sid:37939931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 61.160.207.61 443 (msg: "MISP e27478 [] Outgoing To IP: 61.160.207.61|443"; classtype:trojan-activity; sid:37939941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 101.34.243.38 80 (msg: "MISP e27478 [] Outgoing To IP: 101.34.243.38|80"; classtype:trojan-activity; sid:37939951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 123.57.204.175 80 (msg: "MISP e27478 [] Outgoing To IP: 123.57.204.175|80"; classtype:trojan-activity; sid:37939961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 8.130.119.173 443 (msg: "MISP e27478 [] Outgoing To IP: 8.130.119.173|443"; classtype:trojan-activity; sid:37939971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 94.156.66.44 8080 (msg: "MISP e27478 [] Outgoing To IP: 94.156.66.44|8080"; classtype:trojan-activity; sid:37939981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 8.130.119.173 80 (msg: "MISP e27478 [] Outgoing To IP: 8.130.119.173|80"; classtype:trojan-activity; sid:37939991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 146.190.160.218 80 (msg: "MISP e27478 [] Outgoing To IP: 146.190.160.218|80"; classtype:trojan-activity; sid:37940001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 45.159.210.152 443 (msg: "MISP e27478 [] Outgoing To IP: 45.159.210.152|443"; classtype:trojan-activity; sid:37940011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 60.204.133.143 9876 (msg: "MISP e27478 [] Outgoing To IP: 60.204.133.143|9876"; classtype:trojan-activity; sid:37940021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 45.159.210.152 80 (msg: "MISP e27478 [] Outgoing To IP: 45.159.210.152|80"; classtype:trojan-activity; sid:37940031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 107.173.171.251 65443 (msg: "MISP e27478 [] Outgoing To IP: 107.173.171.251|65443"; classtype:trojan-activity; sid:37940041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 49.4.115.199 80 (msg: "MISP e27478 [] Outgoing To IP: 49.4.115.199|80"; classtype:trojan-activity; sid:37940051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 185.196.10.224 443 (msg: "MISP e27478 [] Outgoing To IP: 185.196.10.224|443"; classtype:trojan-activity; sid:37940061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 185.196.10.224 2096 (msg: "MISP e27478 [] Outgoing To IP: 185.196.10.224|2096"; classtype:trojan-activity; sid:37940071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 43.241.16.222 56158 (msg: "MISP e27478 [] Outgoing To IP: 43.241.16.222|56158"; classtype:trojan-activity; sid:37940081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 49.235.169.136 4444 (msg: "MISP e27478 [] Outgoing To IP: 49.235.169.136|4444"; classtype:trojan-activity; sid:37940091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 101.133.148.66 8023 (msg: "MISP e27478 [] Outgoing To IP: 101.133.148.66|8023"; classtype:trojan-activity; sid:37940101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 43.156.27.199 804 (msg: "MISP e27478 [] Outgoing To IP: 43.156.27.199|804"; classtype:trojan-activity; sid:37940111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 139.180.192.219 443 (msg: "MISP e27478 [] Outgoing To IP: 139.180.192.219|443"; classtype:trojan-activity; sid:37940121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 123.254.107.57 8443 (msg: "MISP e27478 [] Outgoing To IP: 123.254.107.57|8443"; classtype:trojan-activity; sid:37940131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 139.180.192.219 80 (msg: "MISP e27478 [] Outgoing To IP: 139.180.192.219|80"; classtype:trojan-activity; sid:37940141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 42.192.4.189 54333 (msg: "MISP e27478 [] Outgoing To IP: 42.192.4.189|54333"; classtype:trojan-activity; sid:37940151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 38.6.223.9 8888 (msg: "MISP e27478 [] Outgoing To IP: 38.6.223.9|8888"; classtype:trojan-activity; sid:37940161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain accountcapabilities-pa.accguide.com"; dns.query; content:"accountcapabilities-pa.accguide.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])accountcapabilities\-pa\.accguide\.com$/i"; classtype:trojan-activity; sid:37940171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain accountcapabilities-pa.accguide.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"accountcapabilities-pa.accguide.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])accountcapabilities\-pa\.accguide\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain panel.niggas.icu"; dns.query; content:"panel.niggas.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.niggas\.icu$/i"; classtype:trojan-activity; sid:37940191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain panel.niggas.icu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"panel.niggas.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])panel\.niggas\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain binplat.elementfx.com"; dns.query; content:"binplat.elementfx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])binplat\.elementfx\.com$/i"; classtype:trojan-activity; sid:37940201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain binplat.elementfx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"binplat.elementfx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])binplat\.elementfx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain se-5.ironhide.su"; dns.query; content:"se-5.ironhide.su"; nocase; pcre: "/(^|[^A-Za-z0-9-])se\-5\.ironhide\.su$/i"; classtype:trojan-activity; sid:37940211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain se-5.ironhide.su"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"se-5.ironhide.su"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])se\-5\.ironhide\.su[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain ip140.ip-51-195-83.eu"; dns.query; content:"ip140.ip-51-195-83.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])ip140\.ip\-51\-195\-83\.eu$/i"; classtype:trojan-activity; sid:37940221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain ip140.ip-51-195-83.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ip140.ip-51-195-83.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ip140\.ip\-51\-195\-83\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain ec2-34-200-37-176.compute-1.amazonaws.com"; dns.query; content:"ec2-34-200-37-176.compute-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-200\-37\-176\.compute\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37940231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain ec2-34-200-37-176.compute-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ec2-34-200-37-176.compute-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ec2\-34\-200\-37\-176\.compute\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 139.59.16.171 9999 (msg: "MISP e27478 [] Outgoing To IP: 139.59.16.171|9999"; classtype:trojan-activity; sid:37940241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 45.77.154.69 30092 (msg: "MISP e27478 [] Outgoing To IP: 45.77.154.69|30092"; classtype:trojan-activity; sid:37940251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 165.232.101.47 3333 (msg: "MISP e27478 [] Outgoing To IP: 165.232.101.47|3333"; classtype:trojan-activity; sid:37940261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 74.207.231.13 3333 (msg: "MISP e27478 [] Outgoing To IP: 74.207.231.13|3333"; classtype:trojan-activity; sid:37940271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 54.148.146.229 3333 (msg: "MISP e27478 [] Outgoing To IP: 54.148.146.229|3333"; classtype:trojan-activity; sid:37940281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 47.99.186.100 8080 (msg: "MISP e27478 [] Outgoing To IP: 47.99.186.100|8080"; classtype:trojan-activity; sid:37940291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 18.192.93.230 4444 (msg: "MISP e27478 [] Outgoing To IP: 18.192.93.230|4444"; classtype:trojan-activity; sid:37940301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 93.119.13.109 443 (msg: "MISP e27478 [] Outgoing To IP: 93.119.13.109|443"; classtype:trojan-activity; sid:37940311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 121.37.222.182 5001 (msg: "MISP e27478 [] Outgoing To IP: 121.37.222.182|5001"; classtype:trojan-activity; sid:37940321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 20.212.234.70 3333 (msg: "MISP e27478 [] Outgoing To IP: 20.212.234.70|3333"; classtype:trojan-activity; sid:37940331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 194.182.90.109 3333 (msg: "MISP e27478 [] Outgoing To IP: 194.182.90.109|3333"; classtype:trojan-activity; sid:37940341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 3.69.130.202 443 (msg: "MISP e27478 [] Outgoing To IP: 3.69.130.202|443"; classtype:trojan-activity; sid:37940351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 43.136.86.22 31220 (msg: "MISP e27478 [] Outgoing To IP: 43.136.86.22|31220"; classtype:trojan-activity; sid:37940361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 106.15.52.156 9999 (msg: "MISP e27478 [] Outgoing To IP: 106.15.52.156|9999"; classtype:trojan-activity; sid:37940371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 43.229.134.14 3333 (msg: "MISP e27478 [] Outgoing To IP: 43.229.134.14|3333"; classtype:trojan-activity; sid:37940381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 198.13.46.179 9999 (msg: "MISP e27478 [] Outgoing To IP: 198.13.46.179|9999"; classtype:trojan-activity; sid:37940391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 24.199.126.139 3333 (msg: "MISP e27478 [] Outgoing To IP: 24.199.126.139|3333"; classtype:trojan-activity; sid:37940401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 43.132.234.114 3333 (msg: "MISP e27478 [] Outgoing To IP: 43.132.234.114|3333"; classtype:trojan-activity; sid:37940411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 64.226.106.235 3333 (msg: "MISP e27478 [] Outgoing To IP: 64.226.106.235|3333"; classtype:trojan-activity; sid:37940421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 128.199.98.189 43333 (msg: "MISP e27478 [] Outgoing To IP: 128.199.98.189|43333"; classtype:trojan-activity; sid:37940431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 54.89.6.172 443 (msg: "MISP e27478 [] Outgoing To IP: 54.89.6.172|443"; classtype:trojan-activity; sid:37940441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 3.21.161.218 8443 (msg: "MISP e27478 [] Outgoing To IP: 3.21.161.218|8443"; classtype:trojan-activity; sid:37940451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 91.134.226.170 2053 (msg: "MISP e27478 [] Outgoing To IP: 91.134.226.170|2053"; classtype:trojan-activity; sid:37940461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 159.89.212.121 4433 (msg: "MISP e27478 [] Outgoing To IP: 159.89.212.121|4433"; classtype:trojan-activity; sid:37940471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 186.121.34.135 443 (msg: "MISP e27478 [] Outgoing To IP: 186.121.34.135|443"; classtype:trojan-activity; sid:37940481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 149.129.241.76 3333 (msg: "MISP e27478 [] Outgoing To IP: 149.129.241.76|3333"; classtype:trojan-activity; sid:37940491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 3.135.49.252 8443 (msg: "MISP e27478 [] Outgoing To IP: 3.135.49.252|8443"; classtype:trojan-activity; sid:37940501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 52.28.220.250 443 (msg: "MISP e27478 [] Outgoing To IP: 52.28.220.250|443"; classtype:trojan-activity; sid:37940511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 52.28.220.250 80 (msg: "MISP e27478 [] Outgoing To IP: 52.28.220.250|80"; classtype:trojan-activity; sid:37940521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 103.27.202.188 3333 (msg: "MISP e27478 [] Outgoing To IP: 103.27.202.188|3333"; classtype:trojan-activity; sid:37940531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 44.222.157.145 3333 (msg: "MISP e27478 [] Outgoing To IP: 44.222.157.145|3333"; classtype:trojan-activity; sid:37940541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 154.223.21.28 60000 (msg: "MISP e27478 [] Outgoing To IP: 154.223.21.28|60000"; classtype:trojan-activity; sid:37940551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 91.92.242.137 60000 (msg: "MISP e27478 [] Outgoing To IP: 91.92.242.137|60000"; classtype:trojan-activity; sid:37940561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 117.72.10.229 60000 (msg: "MISP e27478 [] Outgoing To IP: 117.72.10.229|60000"; classtype:trojan-activity; sid:37940571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 8.140.55.145 60000 (msg: "MISP e27478 [] Outgoing To IP: 8.140.55.145|60000"; classtype:trojan-activity; sid:37940581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 34.172.89.75 80 (msg: "MISP e27478 [] Outgoing To IP: 34.172.89.75|80"; classtype:trojan-activity; sid:37940591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 134.255.254.225 80 (msg: "MISP e27478 [] Outgoing To IP: 134.255.254.225|80"; classtype:trojan-activity; sid:37940601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 81.230.10.189 80 (msg: "MISP e27478 [] Outgoing To IP: 81.230.10.189|80"; classtype:trojan-activity; sid:37940611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 103.116.52.207 80 (msg: "MISP e27478 [] Outgoing To IP: 103.116.52.207|80"; classtype:trojan-activity; sid:37940621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 103.172.79.74 80 (msg: "MISP e27478 [] Outgoing To IP: 103.172.79.74|80"; classtype:trojan-activity; sid:37940631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 194.127.178.5 80 (msg: "MISP e27478 [] Outgoing To IP: 194.127.178.5|80"; classtype:trojan-activity; sid:37940641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 36.152.201.67 65535 (msg: "MISP e27478 [] Outgoing To IP: 36.152.201.67|65535"; classtype:trojan-activity; sid:37940651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 183.249.20.106 8090 (msg: "MISP e27478 [] Outgoing To IP: 183.249.20.106|8090"; classtype:trojan-activity; sid:37940661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 34.200.37.176 443 (msg: "MISP e27478 [] Outgoing To IP: 34.200.37.176|443"; classtype:trojan-activity; sid:37940671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 195.211.97.9 80 (msg: "MISP e27478 [] Outgoing To IP: 195.211.97.9|80"; classtype:trojan-activity; sid:37940681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27434 [Pony] Outgoing URL http|3a|//myetherwallet.kl.com.ua/1/web/gate.php"; flow:to_server,established; http.header; content:"myetherwallet.kl.com.ua"; fast_pattern; nocase; http.uri; content:"/1/web/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37934891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27434 [Pony] Outgoing URL http|3a|//myetherwallet.kl.com.ua/1/web/path/gate.php"; flow:to_server,established; http.header; content:"myetherwallet.kl.com.ua"; fast_pattern; nocase; http.uri; content:"/1/web/path/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37934901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27478 [] Outgoing URL http|3a|//myetherwallet.kl.com.ua/1/web/path/gate.php"; flow:to_server,established; http.header; content:"myetherwallet.kl.com.ua"; fast_pattern; nocase; http.uri; content:"/1/web/path/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37940691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27478 [] Outgoing URL http|3a|//myetherwallet.kl.com.ua/1/web/gate.php"; flow:to_server,established; http.header; content:"myetherwallet.kl.com.ua"; fast_pattern; nocase; http.uri; content:"/1/web/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37940701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 149.56.252.31 8094 (msg: "MISP e27434 [CA,DarkGate,OVH SAS,PRUEBASVBS,self-signed] Outgoing URL http|3a|//149.56.252.31|3a|8094/"; flow:to_server,established; http.header; content:"149.56.252.31"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37934911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 107.175.3.10 7536 (msg: "MISP e27434 [] Outgoing To IP: 107.175.3.10|7536"; classtype:trojan-activity; sid:37933371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [SocGholish] Domain aus.mimico-cooperative.org"; dns.query; content:"aus.mimico-cooperative.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])aus\.mimico\-cooperative\.org$/i"; classtype:trojan-activity; sid:37933381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [SocGholish] Outgoing HTTP Domain aus.mimico-cooperative.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aus.mimico-cooperative.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aus\.mimico\-cooperative\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [SocGholish] Domain zofav.aus.mimico-cooperative.org"; dns.query; content:"zofav.aus.mimico-cooperative.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])zofav\.aus\.mimico\-cooperative\.org$/i"; classtype:trojan-activity; sid:37933391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [SocGholish] Outgoing HTTP Domain zofav.aus.mimico-cooperative.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zofav.aus.mimico-cooperative.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zofav\.aus\.mimico\-cooperative\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 149.56.252.31 8094 (msg: "MISP e27434 [CA,OVH SAS,PRUEBASVBS,self-signed,vbs] Outgoing To IP: 149.56.252.31|8094"; classtype:trojan-activity; sid:37934881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [moobot] Domain cnc.moneymakernation.online"; dns.query; content:"cnc.moneymakernation.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.moneymakernation\.online$/i"; classtype:trojan-activity; sid:37933351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [moobot] Outgoing HTTP Domain cnc.moneymakernation.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cnc.moneymakernation.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.moneymakernation\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 45.155.249.96 2023 (msg: "MISP e27434 [] Outgoing To IP: 45.155.249.96|2023"; classtype:trojan-activity; sid:37933361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [moobot] Domain botnet.vani.ovh"; dns.query; content:"botnet.vani.ovh"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.vani\.ovh$/i"; classtype:trojan-activity; sid:37933251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [moobot] Outgoing HTTP Domain botnet.vani.ovh"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.vani.ovh"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.vani\.ovh[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37933252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 194.127.178.5 23597 (msg: "MISP e27434 [moobot] Outgoing To IP: 194.127.178.5|23597"; classtype:trojan-activity; sid:37933341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 103.78.0.41 42597 (msg: "MISP e27434 [moobot] Outgoing To IP: 103.78.0.41|42597"; classtype:trojan-activity; sid:37933241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27478 [] Domain botnet.vani.ovh"; dns.query; content:"botnet.vani.ovh"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.vani\.ovh$/i"; classtype:trojan-activity; sid:37940711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain botnet.vani.ovh"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.vani.ovh"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.vani\.ovh[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain cnc.moneymakernation.online"; dns.query; content:"cnc.moneymakernation.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.moneymakernation\.online$/i"; classtype:trojan-activity; sid:37940721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain cnc.moneymakernation.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cnc.moneymakernation.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.moneymakernation\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain zofav.aus.mimico-cooperative.org"; dns.query; content:"zofav.aus.mimico-cooperative.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])zofav\.aus\.mimico\-cooperative\.org$/i"; classtype:trojan-activity; sid:37940731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain zofav.aus.mimico-cooperative.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zofav.aus.mimico-cooperative.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zofav\.aus\.mimico\-cooperative\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain aus.mimico-cooperative.org"; dns.query; content:"aus.mimico-cooperative.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])aus\.mimico\-cooperative\.org$/i"; classtype:trojan-activity; sid:37940741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain aus.mimico-cooperative.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aus.mimico-cooperative.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aus\.mimico\-cooperative\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 149.56.252.31 8094 (msg: "MISP e27478 [] Outgoing URL http|3a|//149.56.252.31|3a|8094/"; flow:to_server,established; http.header; content:"149.56.252.31"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37940751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 103.78.0.41 42597 (msg: "MISP e27478 [] Outgoing To IP: 103.78.0.41|42597"; classtype:trojan-activity; sid:37940761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 194.127.178.5 23597 (msg: "MISP e27478 [] Outgoing To IP: 194.127.178.5|23597"; classtype:trojan-activity; sid:37940771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 45.155.249.96 2023 (msg: "MISP e27478 [] Outgoing To IP: 45.155.249.96|2023"; classtype:trojan-activity; sid:37940781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 107.175.3.10 7536 (msg: "MISP e27478 [] Outgoing To IP: 107.175.3.10|7536"; classtype:trojan-activity; sid:37940791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 149.56.252.31 8094 (msg: "MISP e27478 [] Outgoing To IP: 149.56.252.31|8094"; classtype:trojan-activity; sid:37940801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27373 [] Outgoing URL http|3a|//dev-infobancoitaupy.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-infobancoitaupy.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37923611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27373;) alert dns any any -> any any (msg: "MISP e27373 [] Domain dev-infobancoitaupy.pantheonsite.io"; dns.query; content:"dev-infobancoitaupy.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-infobancoitaupy\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37923631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27373;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27373 [] Outgoing HTTP Domain dev-infobancoitaupy.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-infobancoitaupy.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-infobancoitaupy\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37923632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27373;) alert dns any any -> any any (msg: "MISP e27007 [] Domain altrarunning-au.com"; dns.query; content:"altrarunning-au.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-au\.com$/i"; classtype:trojan-activity; sid:38160151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain altrarunning-au.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"altrarunning-au.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])altrarunning\-au\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenaustria.com"; dns.query; content:"bodenaustria.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenaustria\.com$/i"; classtype:trojan-activity; sid:38160161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenaustria.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenaustria.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenaustria\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boden-chile.com"; dns.query; content:"boden-chile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-chile\.com$/i"; classtype:trojan-activity; sid:38160171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boden-chile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boden-chile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-chile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boden-colombia.com"; dns.query; content:"boden-colombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-colombia\.com$/i"; classtype:trojan-activity; sid:38160181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boden-colombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boden-colombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-colombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodencostarica.com"; dns.query; content:"bodencostarica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodencostarica\.com$/i"; classtype:trojan-activity; sid:38160191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodencostarica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodencostarica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodencostarica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boden-deutschland.com"; dns.query; content:"boden-deutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-deutschland\.com$/i"; classtype:trojan-activity; sid:38160201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boden-deutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boden-deutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-deutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenecuador.com"; dns.query; content:"bodenecuador.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenecuador\.com$/i"; classtype:trojan-activity; sid:38160211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenecuador.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenecuador.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenecuador\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenespana.com"; dns.query; content:"bodenespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenespana\.com$/i"; classtype:trojan-activity; sid:38160221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boden-peru.com"; dns.query; content:"boden-peru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-peru\.com$/i"; classtype:trojan-activity; sid:38160231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boden-peru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boden-peru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-peru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenswitzerland.com"; dns.query; content:"bodenswitzerland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenswitzerland\.com$/i"; classtype:trojan-activity; sid:38160241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenswitzerland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenswitzerland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenswitzerland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenuruguay.com"; dns.query; content:"bodenuruguay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenuruguay\.com$/i"; classtype:trojan-activity; sid:38160251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenuruguay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenuruguay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenuruguay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain crocsaustralia-au.com"; dns.query; content:"crocsaustralia-au.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])crocsaustralia\-au\.com$/i"; classtype:trojan-activity; sid:38160261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain crocsaustralia-au.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crocsaustralia-au.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crocsaustralia\-au\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain crocs-store-nz.com"; dns.query; content:"crocs-store-nz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])crocs\-store\-nz\.com$/i"; classtype:trojan-activity; sid:38160271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain crocs-store-nz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crocs-store-nz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crocs\-store\-nz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain docmartensbootsmalaysia.com"; dns.query; content:"docmartensbootsmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])docmartensbootsmalaysia\.com$/i"; classtype:trojan-activity; sid:38160281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain docmartensbootsmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"docmartensbootsmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])docmartensbootsmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doc-martens-dubai.com"; dns.query; content:"doc-martens-dubai.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doc\-martens\-dubai\.com$/i"; classtype:trojan-activity; sid:38160291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doc-martens-dubai.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doc-martens-dubai.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doc\-martens\-dubai\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doctor-martens-ph.com"; dns.query; content:"doctor-martens-ph.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doctor\-martens\-ph\.com$/i"; classtype:trojan-activity; sid:38160301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doctor-martens-ph.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doctor-martens-ph.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doctor\-martens\-ph\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain drmartensbakancs-hu.com"; dns.query; content:"drmartensbakancs-hu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartensbakancs\-hu\.com$/i"; classtype:trojan-activity; sid:38160311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain drmartensbakancs-hu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drmartensbakancs-hu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartensbakancs\-hu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martens-egypt.com"; dns.query; content:"dr-martens-egypt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-egypt\.com$/i"; classtype:trojan-activity; sid:38160321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martens-egypt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martens-egypt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-egypt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martensisrael.com"; dns.query; content:"dr-martensisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martensisrael\.com$/i"; classtype:trojan-activity; sid:38160331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martensisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martensisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martensisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martens-ksa.com"; dns.query; content:"dr-martens-ksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-ksa\.com$/i"; classtype:trojan-activity; sid:38160341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martens-ksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martens-ksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-ksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martens-ph.com"; dns.query; content:"dr-martens-ph.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-ph\.com$/i"; classtype:trojan-activity; sid:38160351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martens-ph.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martens-ph.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-ph\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martens-sg.com"; dns.query; content:"dr-martens-sg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-sg\.com$/i"; classtype:trojan-activity; sid:38160361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martens-sg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martens-sg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martens\-sg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martensuae.com"; dns.query; content:"dr-martensuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martensuae\.com$/i"; classtype:trojan-activity; sid:38160371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martensuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martensuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martensuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletdeutschland.com"; dns.query; content:"melissaoutletdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletdeutschland\.com$/i"; classtype:trojan-activity; sid:38160381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletfrance.com"; dns.query; content:"melissaoutletfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletfrance\.com$/i"; classtype:trojan-activity; sid:38160391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumibudapest.com"; dns.query; content:"tumibudapest.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumibudapest\.com$/i"; classtype:trojan-activity; sid:38160401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumibudapest.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumibudapest.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumibudapest\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-chile.com"; dns.query; content:"tumi-chile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-chile\.com$/i"; classtype:trojan-activity; sid:38160411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-chile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-chile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-chile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-danmark.com"; dns.query; content:"tumi-danmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-danmark\.com$/i"; classtype:trojan-activity; sid:38160421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-danmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-danmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-danmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiencolombia.com"; dns.query; content:"tumiencolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiencolombia\.com$/i"; classtype:trojan-activity; sid:38160431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiencolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiencolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiencolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-ireland.com"; dns.query; content:"tumi-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-ireland\.com$/i"; classtype:trojan-activity; sid:38160441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-israel.com"; dns.query; content:"tumi-israel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-israel\.com$/i"; classtype:trojan-activity; sid:38160451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-israel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-israel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-israel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumijapanoutlet.com"; dns.query; content:"tumijapanoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumijapanoutlet\.com$/i"; classtype:trojan-activity; sid:38160461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumijapanoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumijapanoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumijapanoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumikuwait.com"; dns.query; content:"tumikuwait.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumikuwait\.com$/i"; classtype:trojan-activity; sid:38160471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumikuwait.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumikuwait.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumikuwait\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tuminewzealand.com"; dns.query; content:"tuminewzealand.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tuminewzealand\.com$/i"; classtype:trojan-activity; sid:38160481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tuminewzealand.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tuminewzealand.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tuminewzealand\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumioutletuk.com"; dns.query; content:"tumioutletuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumioutletuk\.com$/i"; classtype:trojan-activity; sid:38160491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumioutletuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumioutletuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumioutletuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiqatar.com"; dns.query; content:"tumiqatar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiqatar\.com$/i"; classtype:trojan-activity; sid:38160501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiqatar.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiqatar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiqatar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumisaustralia.com"; dns.query; content:"tumisaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisaustralia\.com$/i"; classtype:trojan-activity; sid:38160511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumisaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumisaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumisaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-schweiz.com"; dns.query; content:"tumi-schweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-schweiz\.com$/i"; classtype:trojan-activity; sid:38160521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-schweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-schweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-schweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-singapore.com"; dns.query; content:"tumi-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-singapore\.com$/i"; classtype:trojan-activity; sid:38160531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumismalaysia.com"; dns.query; content:"tumismalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumismalaysia\.com$/i"; classtype:trojan-activity; sid:38160541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumismalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumismalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumismalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-sverige.com"; dns.query; content:"tumi-sverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-sverige\.com$/i"; classtype:trojan-activity; sid:38160551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-sverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-sverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-sverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumithailand.com"; dns.query; content:"tumithailand.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumithailand\.com$/i"; classtype:trojan-activity; sid:38160561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumithailand.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumithailand.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumithailand\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-turkiye.com"; dns.query; content:"tumi-turkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-turkiye\.com$/i"; classtype:trojan-activity; sid:38160571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-turkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-turkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-turkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain varleycanada.com"; dns.query; content:"varleycanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])varleycanada\.com$/i"; classtype:trojan-activity; sid:38160581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain varleycanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"varleycanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])varleycanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain varleyusastore.com"; dns.query; content:"varleyusastore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])varleyusastore\.com$/i"; classtype:trojan-activity; sid:38160591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain varleyusastore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"varleyusastore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])varleyusastore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesaustralia.com"; dns.query; content:"andotherstoriesaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesaustralia\.com$/i"; classtype:trojan-activity; sid:38160601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesdanmark.com"; dns.query; content:"andotherstoriesdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesdanmark\.com$/i"; classtype:trojan-activity; sid:38160611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesdeutschland.com"; dns.query; content:"andotherstoriesdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesdeutschland\.com$/i"; classtype:trojan-activity; sid:38160621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesespana.com"; dns.query; content:"andotherstoriesespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesespana\.com$/i"; classtype:trojan-activity; sid:38160631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesfrance.com"; dns.query; content:"andotherstoriesfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesfrance\.com$/i"; classtype:trojan-activity; sid:38160641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesgreece.com"; dns.query; content:"andotherstoriesgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesgreece\.com$/i"; classtype:trojan-activity; sid:38160651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstorieshrvatska.com"; dns.query; content:"andotherstorieshrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstorieshrvatska\.com$/i"; classtype:trojan-activity; sid:38160661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstorieshrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstorieshrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstorieshrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesireland.com"; dns.query; content:"andotherstoriesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesireland\.com$/i"; classtype:trojan-activity; sid:38160671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesisrael.com"; dns.query; content:"andotherstoriesisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesisrael\.com$/i"; classtype:trojan-activity; sid:38160681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesitalia.com"; dns.query; content:"andotherstoriesitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesitalia\.com$/i"; classtype:trojan-activity; sid:38160691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesjapan.com"; dns.query; content:"andotherstoriesjapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesjapan\.com$/i"; classtype:trojan-activity; sid:38160701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesjapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesjapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesjapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesmalaysia.com"; dns.query; content:"andotherstoriesmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesmalaysia\.com$/i"; classtype:trojan-activity; sid:38160711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesnetherlands.com"; dns.query; content:"andotherstoriesnetherlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesnetherlands\.com$/i"; classtype:trojan-activity; sid:38160721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesnetherlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesnetherlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesnetherlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesnorge.com"; dns.query; content:"andotherstoriesnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesnorge\.com$/i"; classtype:trojan-activity; sid:38160731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesnz.com"; dns.query; content:"andotherstoriesnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesnz\.com$/i"; classtype:trojan-activity; sid:38160741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesosterreich.com"; dns.query; content:"andotherstoriesosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesosterreich\.com$/i"; classtype:trojan-activity; sid:38160751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesromania.com"; dns.query; content:"andotherstoriesromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesromania\.com$/i"; classtype:trojan-activity; sid:38160761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesschweiz.com"; dns.query; content:"andotherstoriesschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesschweiz\.com$/i"; classtype:trojan-activity; sid:38160771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriessingapore.com"; dns.query; content:"andotherstoriessingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriessingapore\.com$/i"; classtype:trojan-activity; sid:38160781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriessingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriessingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriessingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriessuomi.com"; dns.query; content:"andotherstoriessuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriessuomi\.com$/i"; classtype:trojan-activity; sid:38160791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriessuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriessuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriessuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesturkiye.com"; dns.query; content:"andotherstoriesturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesturkiye\.com$/i"; classtype:trojan-activity; sid:38160801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesuae.com"; dns.query; content:"andotherstoriesuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesuae\.com$/i"; classtype:trojan-activity; sid:38160811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstories-uk.com"; dns.query; content:"andotherstories-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstories\-uk\.com$/i"; classtype:trojan-activity; sid:38160821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstories-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstories-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstories\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lotusshoesaustralia.com"; dns.query; content:"lotusshoesaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesaustralia\.com$/i"; classtype:trojan-activity; sid:38160831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lotusshoesaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lotusshoesaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lotusshoescanada.com"; dns.query; content:"lotusshoescanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoescanada\.com$/i"; classtype:trojan-activity; sid:38160841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lotusshoescanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lotusshoescanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoescanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lotusshoesindia.com"; dns.query; content:"lotusshoesindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesindia\.com$/i"; classtype:trojan-activity; sid:38160851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lotusshoesindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lotusshoesindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lotusshoesireland.com"; dns.query; content:"lotusshoesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesireland\.com$/i"; classtype:trojan-activity; sid:38160861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lotusshoesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lotusshoesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lotusshoesnz.com"; dns.query; content:"lotusshoesnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesnz\.com$/i"; classtype:trojan-activity; sid:38160871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lotusshoesnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lotusshoesnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lotusshoesuk.com"; dns.query; content:"lotusshoesuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesuk\.com$/i"; classtype:trojan-activity; sid:38160881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lotusshoesuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lotusshoesuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lotusshoesusa.com"; dns.query; content:"lotusshoesusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesusa\.com$/i"; classtype:trojan-activity; sid:38160891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lotusshoesusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lotusshoesusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lotusshoesusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletmalaysia.com"; dns.query; content:"melissaoutletmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletmalaysia\.com$/i"; classtype:trojan-activity; sid:38160901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onitsukashoesindia.com"; dns.query; content:"onitsukashoesindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesindia\.com$/i"; classtype:trojan-activity; sid:38160911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onitsukashoesindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onitsukashoesindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onitsukashoes-ireland.com"; dns.query; content:"onitsukashoes-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoes\-ireland\.com$/i"; classtype:trojan-activity; sid:38160921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onitsukashoes-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onitsukashoes-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoes\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onitsukashoesnz.com"; dns.query; content:"onitsukashoesnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesnz\.com$/i"; classtype:trojan-activity; sid:38160931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onitsukashoesnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onitsukashoesnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onitsukashoesuae.com"; dns.query; content:"onitsukashoesuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesuae\.com$/i"; classtype:trojan-activity; sid:38160941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onitsukashoesuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onitsukashoesuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27483 [] Source Email Address: becky@tibshraenyelectric.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"becky@tibshraenyelectric.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37941521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27483;) alert dns any any -> any any (msg: "MISP e27483 [] Domain flimmflamm.com"; dns.query; content:"flimmflamm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])flimmflamm\.com$/i"; classtype:trojan-activity; sid:37941531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27483;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27483 [] Outgoing HTTP Domain flimmflamm.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"flimmflamm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])flimmflamm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37941532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27483;) alert dns any any -> any any (msg: "MISP e27483 [] Domain bmwag-rt-prod2-t.campaign.adobe.com"; dns.query; content:"bmwag-rt-prod2-t.campaign.adobe.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bmwag\-rt\-prod2\-t\.campaign\.adobe\.com$/i"; classtype:trojan-activity; sid:37941541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27483;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27483 [] Outgoing HTTP Domain bmwag-rt-prod2-t.campaign.adobe.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bmwag-rt-prod2-t.campaign.adobe.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bmwag\-rt\-prod2\-t\.campaign\.adobe\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37941542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27483;) alert dns any any -> any any (msg: "MISP e27483 [] Domain 345u9.greav.ru"; dns.query; content:"345u9.greav.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])345u9\.greav\.ru$/i"; classtype:trojan-activity; sid:37941551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27483;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27483 [] Outgoing HTTP Domain 345u9.greav.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"345u9.greav.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])345u9\.greav\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37941552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27483;) alert http $HOME_NET any -> 149.56.252.31 $HTTP_PORTS (msg: "MISP e27434 [CA,DarkGate,OVH SAS,PRUEBASVBS,vbs] Outgoing URL http|3a|//149.56.252.31/dark.vbs"; flow:to_server,established; http.header; content:"149.56.252.31"; fast_pattern; nocase; http.uri; content:"/dark.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37934921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 149.56.252.31 $HTTP_PORTS (msg: "MISP e27478 [] Outgoing URL http|3a|//149.56.252.31/dark.vbs"; flow:to_server,established; http.header; content:"149.56.252.31"; fast_pattern; nocase; http.uri; content:"/dark.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37940811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 37.49.228.234 $HTTP_PORTS (msg: "MISP e27434 [ESTOXY OU,NL,stealer,vbs] Outgoing URL http|3a|//37.49.228.234/order%20list.vbs"; flow:to_server,established; http.header; content:"37.49.228.234"; fast_pattern; nocase; http.uri; content:"/order%20list.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37934931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 37.49.228.234 $HTTP_PORTS (msg: "MISP e27434 [ESTOXY OU,NL,stealer,vbs] Outgoing URL http|3a|//37.49.228.234/purchase.vbs"; flow:to_server,established; http.header; content:"37.49.228.234"; fast_pattern; nocase; http.uri; content:"/purchase.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37934941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dr-martenssaudiarabia.com"; dns.query; content:"dr-martenssaudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martenssaudiarabia\.com$/i"; classtype:trojan-activity; sid:38160951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dr-martenssaudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dr-martenssaudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dr\-martenssaudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> 37.49.228.234 $HTTP_PORTS (msg: "MISP e27478 [] Outgoing URL http|3a|//37.49.228.234/Order%20List.vbs"; flow:to_server,established; http.header; content:"37.49.228.234"; fast_pattern; nocase; http.uri; content:"/Order%20List.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37940821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 37.49.228.234 $HTTP_PORTS (msg: "MISP e27478 [] Outgoing URL http|3a|//37.49.228.234/Purchase.vbs"; flow:to_server,established; http.header; content:"37.49.228.234"; fast_pattern; nocase; http.uri; content:"/Purchase.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37940831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27434 [Mirai,moobot] Domain 314.hongdrama.xyz"; dns.query; content:"314.hongdrama.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])314\.hongdrama\.xyz$/i"; classtype:trojan-activity; sid:37934951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [Mirai,moobot] Outgoing HTTP Domain 314.hongdrama.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"314.hongdrama.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])314\.hongdrama\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [Mirai,moobot] Domain hongdrama.xyz"; dns.query; content:"hongdrama.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hongdrama\.xyz$/i"; classtype:trojan-activity; sid:37934961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [Mirai,moobot] Outgoing HTTP Domain hongdrama.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hongdrama.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hongdrama\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37934962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 103.116.52.207 23597 (msg: "MISP e27434 [Mirai,moobot] Outgoing To IP: 103.116.52.207|23597"; classtype:trojan-activity; sid:37934971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27478 [] Domain 314.hongdrama.xyz"; dns.query; content:"314.hongdrama.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])314\.hongdrama\.xyz$/i"; classtype:trojan-activity; sid:37940841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain 314.hongdrama.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"314.hongdrama.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])314\.hongdrama\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain hongdrama.xyz"; dns.query; content:"hongdrama.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])hongdrama\.xyz$/i"; classtype:trojan-activity; sid:37940851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain hongdrama.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hongdrama.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hongdrama\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 103.116.52.207 23597 (msg: "MISP e27478 [] Outgoing To IP: 103.116.52.207|23597"; classtype:trojan-activity; sid:37940861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27395 [] Domain cl.gouzhang.top"; dns.query; content:"cl.gouzhang.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\.gouzhang\.top$/i"; classtype:trojan-activity; sid:37929211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27395;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27395 [] Outgoing HTTP Domain cl.gouzhang.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cl.gouzhang.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\.gouzhang\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37929212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27395;) alert ip $HOME_NET any -> 49.12.103.42 5432 (msg: "MISP e27434 [Vidar] Outgoing To IP: 49.12.103.42|5432"; classtype:trojan-activity; sid:37935011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 65.109.11.145 443 (msg: "MISP e27434 [Vidar] Outgoing To IP: 65.109.11.145|443"; classtype:trojan-activity; sid:37935021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 116.202.2.143 443 (msg: "MISP e27434 [Vidar] Outgoing To IP: 116.202.2.143|443"; classtype:trojan-activity; sid:37935031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 121.43.62.136 5000 (msg: "MISP e27434 [CobaltStrike,cs-watermark-1234567890,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//121.43.62.136|3a|5000/fwlink"; flow:to_server,established; http.header; content:"121.43.62.136"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37935041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 43.143.143.195 6666 (msg: "MISP e27434 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//43.143.143.195|3a|6666/updates.rss"; flow:to_server,established; http.header; content:"43.143.143.195"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37935051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 101.43.191.108 9998 (msg: "MISP e27434 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//101.43.191.108|3a|9998/push"; flow:to_server,established; http.header; content:"101.43.191.108"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37935061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 43.143.143.195 6666 (msg: "MISP e27478 [] Outgoing URL http|3a|//43.143.143.195|3a|6666/updates.rss"; flow:to_server,established; http.header; content:"43.143.143.195"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37940871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 121.43.62.136 5000 (msg: "MISP e27478 [] Outgoing URL http|3a|//121.43.62.136|3a|5000/fwlink"; flow:to_server,established; http.header; content:"121.43.62.136"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37940881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 65.109.11.145 443 (msg: "MISP e27478 [] Outgoing To IP: 65.109.11.145|443"; classtype:trojan-activity; sid:37940921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 116.202.2.143 443 (msg: "MISP e27478 [] Outgoing To IP: 116.202.2.143|443"; classtype:trojan-activity; sid:37940931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 49.12.103.42 5432 (msg: "MISP e27478 [] Outgoing To IP: 49.12.103.42|5432"; classtype:trojan-activity; sid:37940941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 101.43.191.108 9998 (msg: "MISP e27478 [] Outgoing URL http|3a|//101.43.191.108|3a|9998/push"; flow:to_server,established; http.header; content:"101.43.191.108"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37940951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 185.81.68.249 $HTTP_PORTS (msg: "MISP e27434 [Chang Way Technologies Co. Limited,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//185.81.68.249/__utm.gif"; flow:to_server,established; http.header; content:"185.81.68.249"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37935131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 185.81.68.249 $HTTP_PORTS (msg: "MISP e27478 [] Outgoing URL http|3a|//185.81.68.249/__utm.gif"; flow:to_server,established; http.header; content:"185.81.68.249"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37940961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 94.72.114.95 5552 (msg: "MISP e27434 [njrat] Outgoing To IP: 94.72.114.95|5552"; classtype:trojan-activity; sid:37935141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 94.72.114.95 5552 (msg: "MISP e27478 [] Outgoing To IP: 94.72.114.95|5552"; classtype:trojan-activity; sid:37940971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 3.124.142.205 16267 (msg: "MISP e27434 [njrat] Outgoing To IP: 3.124.142.205|16267"; classtype:trojan-activity; sid:37935151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 3.125.102.39 16267 (msg: "MISP e27434 [njrat] Outgoing To IP: 3.125.102.39|16267"; classtype:trojan-activity; sid:37935161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [BlackBasta] Domain artstrailreviews.com"; dns.query; content:"artstrailreviews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])artstrailreviews\.com$/i"; classtype:trojan-activity; sid:37935121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [BlackBasta] Outgoing HTTP Domain artstrailreviews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"artstrailreviews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])artstrailreviews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [BlackBasta] Domain trailcocompany.com"; dns.query; content:"trailcocompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])trailcocompany\.com$/i"; classtype:trojan-activity; sid:37935101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [BlackBasta] Outgoing HTTP Domain trailcocompany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trailcocompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trailcocompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [BlackBasta] Domain trailcosolutions.com"; dns.query; content:"trailcosolutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])trailcosolutions\.com$/i"; classtype:trojan-activity; sid:37935111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [BlackBasta] Outgoing HTTP Domain trailcosolutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trailcosolutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trailcosolutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [BlackBasta] Domain recentbeelive.com"; dns.query; content:"recentbeelive.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])recentbeelive\.com$/i"; classtype:trojan-activity; sid:37935091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [BlackBasta] Outgoing HTTP Domain recentbeelive.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"recentbeelive.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])recentbeelive\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [BlackBasta] Domain onedogsclub.com"; dns.query; content:"onedogsclub.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onedogsclub\.com$/i"; classtype:trojan-activity; sid:37935071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [BlackBasta] Outgoing HTTP Domain onedogsclub.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onedogsclub.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onedogsclub\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27434 [BlackBasta] Domain wipresolutions.com"; dns.query; content:"wipresolutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wipresolutions\.com$/i"; classtype:trojan-activity; sid:37935081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27434 [BlackBasta] Outgoing HTTP Domain wipresolutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wipresolutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wipresolutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert dns any any -> any any (msg: "MISP e27478 [] Domain onedogsclub.com"; dns.query; content:"onedogsclub.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onedogsclub\.com$/i"; classtype:trojan-activity; sid:37940981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain onedogsclub.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onedogsclub.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onedogsclub\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain wipresolutions.com"; dns.query; content:"wipresolutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wipresolutions\.com$/i"; classtype:trojan-activity; sid:37940991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain wipresolutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wipresolutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wipresolutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37940992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain recentbeelive.com"; dns.query; content:"recentbeelive.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])recentbeelive\.com$/i"; classtype:trojan-activity; sid:37941001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain recentbeelive.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"recentbeelive.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])recentbeelive\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37941002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain trailcocompany.com"; dns.query; content:"trailcocompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])trailcocompany\.com$/i"; classtype:trojan-activity; sid:37941011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain trailcocompany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trailcocompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trailcocompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37941012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain trailcosolutions.com"; dns.query; content:"trailcosolutions.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])trailcosolutions\.com$/i"; classtype:trojan-activity; sid:37941021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain trailcosolutions.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trailcosolutions.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trailcosolutions\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37941022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert dns any any -> any any (msg: "MISP e27478 [] Domain artstrailreviews.com"; dns.query; content:"artstrailreviews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])artstrailreviews\.com$/i"; classtype:trojan-activity; sid:37941031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27478 [] Outgoing HTTP Domain artstrailreviews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"artstrailreviews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])artstrailreviews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37941032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 3.125.102.39 16267 (msg: "MISP e27478 [] Outgoing To IP: 3.125.102.39|16267"; classtype:trojan-activity; sid:37941041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 3.124.142.205 16267 (msg: "MISP e27478 [] Outgoing To IP: 3.124.142.205|16267"; classtype:trojan-activity; sid:37941051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 43.154.25.56 8888 (msg: "MISP e27434 [sliver,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue] Outgoing To IP: 43.154.25.56|8888"; classtype:trojan-activity; sid:37935171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 185.225.70.160 43029 (msg: "MISP e27434 [Bianlian Go Trojan,NET23-AS] Outgoing To IP: 185.225.70.160|43029"; classtype:trojan-activity; sid:37935211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 154.90.62.224 53 (msg: "MISP e27434 [Bianlian Go Trojan,KAOPU-HK Kaopu Cloud HK Limited] Outgoing To IP: 154.90.62.224|53"; classtype:trojan-activity; sid:37935221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 175.197.65.135 6379 (msg: "MISP e27434 [Havoc,KIXS-AS-KR Korea Telecom] Outgoing To IP: 175.197.65.135|6379"; classtype:trojan-activity; sid:37935231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 152.136.171.162 4433 (msg: "MISP e27434 [Havoc,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 152.136.171.162|4433"; classtype:trojan-activity; sid:37935241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 72.27.83.159 443 (msg: "MISP e27434 [FLOW-NET,QakBot] Outgoing To IP: 72.27.83.159|443"; classtype:trojan-activity; sid:37935251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 104.233.192.16 80 (msg: "MISP e27434 [Hookbot Pegasus,PEG-SV] Outgoing To IP: 104.233.192.16|80"; classtype:trojan-activity; sid:37935261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 84.201.167.175 80 (msg: "MISP e27434 [Hookbot Pegasus,YANDEXCLOUD] Outgoing To IP: 84.201.167.175|80"; classtype:trojan-activity; sid:37935271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 84.201.167.175 80 (msg: "MISP e27478 [] Outgoing To IP: 84.201.167.175|80"; classtype:trojan-activity; sid:37941061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 104.233.192.16 80 (msg: "MISP e27478 [] Outgoing To IP: 104.233.192.16|80"; classtype:trojan-activity; sid:37941071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 72.27.83.159 443 (msg: "MISP e27478 [] Outgoing To IP: 72.27.83.159|443"; classtype:trojan-activity; sid:37941081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 152.136.171.162 4433 (msg: "MISP e27478 [] Outgoing To IP: 152.136.171.162|4433"; classtype:trojan-activity; sid:37941091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 175.197.65.135 6379 (msg: "MISP e27478 [] Outgoing To IP: 175.197.65.135|6379"; classtype:trojan-activity; sid:37941101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 154.90.62.224 53 (msg: "MISP e27478 [] Outgoing To IP: 154.90.62.224|53"; classtype:trojan-activity; sid:37941111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 185.225.70.160 43029 (msg: "MISP e27478 [] Outgoing To IP: 185.225.70.160|43029"; classtype:trojan-activity; sid:37941121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 43.154.25.56 8888 (msg: "MISP e27478 [] Outgoing To IP: 43.154.25.56|8888"; classtype:trojan-activity; sid:37941131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 20.205.11.156 9506 (msg: "MISP e27434 [c2,elf,Mirai] Outgoing To IP: 20.205.11.156|9506"; classtype:trojan-activity; sid:37935281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 45.128.232.238 999 (msg: "MISP e27434 [c2,elf,Mirai] Outgoing To IP: 45.128.232.238|999"; classtype:trojan-activity; sid:37935191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 91.92.244.11 6697 (msg: "MISP e27434 [c2,elf,Mirai] Outgoing To IP: 91.92.244.11|6697"; classtype:trojan-activity; sid:37935201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 157.230.110.136 8899 (msg: "MISP e27434 [c2,elf,Mirai] Outgoing To IP: 157.230.110.136|8899"; classtype:trojan-activity; sid:37935181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 157.230.110.136 8899 (msg: "MISP e27478 [] Outgoing To IP: 157.230.110.136|8899"; classtype:trojan-activity; sid:37941141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 45.128.232.238 999 (msg: "MISP e27478 [] Outgoing To IP: 45.128.232.238|999"; classtype:trojan-activity; sid:37941151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 91.92.244.11 6697 (msg: "MISP e27478 [] Outgoing To IP: 91.92.244.11|6697"; classtype:trojan-activity; sid:37941161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 20.205.11.156 9506 (msg: "MISP e27478 [] Outgoing To IP: 20.205.11.156|9506"; classtype:trojan-activity; sid:37941171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> 91.92.242.139 $HTTP_PORTS (msg: "MISP e27434 [Amadey] Outgoing URL http|3a|//91.92.242.139/pneh2sxqk0/index.php"; flow:to_server,established; http.header; content:"91.92.242.139"; fast_pattern; nocase; http.uri; content:"/pneh2sxqk0/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37935291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 195.54.170.36 22033 (msg: "MISP e27434 [RAT,RemcosRAT] Outgoing To IP: 195.54.170.36|22033"; classtype:trojan-activity; sid:37935301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert http $HOME_NET any -> 91.92.242.139 $HTTP_PORTS (msg: "MISP e27478 [] Outgoing URL http|3a|//91.92.242.139/Pneh2sXQk0/index.php"; flow:to_server,established; http.header; content:"91.92.242.139"; fast_pattern; nocase; http.uri; content:"/Pneh2sXQk0/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37941181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 195.54.170.36 22033 (msg: "MISP e27478 [] Outgoing To IP: 195.54.170.36|22033"; classtype:trojan-activity; sid:37941191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 3.125.223.134 10757 (msg: "MISP e27434 [njrat] Outgoing To IP: 3.125.223.134|10757"; classtype:trojan-activity; sid:37935311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 18.192.31.165 10757 (msg: "MISP e27434 [njrat] Outgoing To IP: 18.192.31.165|10757"; classtype:trojan-activity; sid:37935321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 3.125.102.39 10757 (msg: "MISP e27434 [njrat] Outgoing To IP: 3.125.102.39|10757"; classtype:trojan-activity; sid:37935331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 18.158.249.75 10757 (msg: "MISP e27434 [njrat] Outgoing To IP: 18.158.249.75|10757"; classtype:trojan-activity; sid:37935341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 18.158.249.75 10757 (msg: "MISP e27478 [] Outgoing To IP: 18.158.249.75|10757"; classtype:trojan-activity; sid:37941201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 18.192.31.165 10757 (msg: "MISP e27478 [] Outgoing To IP: 18.192.31.165|10757"; classtype:trojan-activity; sid:37941211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 3.125.102.39 10757 (msg: "MISP e27478 [] Outgoing To IP: 3.125.102.39|10757"; classtype:trojan-activity; sid:37941221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 3.125.223.134 10757 (msg: "MISP e27478 [] Outgoing To IP: 3.125.223.134|10757"; classtype:trojan-activity; sid:37941231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27432 [] Source Email Address: saglex@portxglobal.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"saglex@portxglobal.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37932351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27432;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27432 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"Bank Confirmation.html|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:37932371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27432;) alert ip 107.173.156.225 any -> $HOME_NET any (msg: "MISP e27432 [] Incoming From IP: 107.173.156.225"; classtype:trojan-activity; sid:37932391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27432;) alert dns any any -> any any (msg: "MISP e27432 [] Domain portxglobal.com"; dns.query; content:"portxglobal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])portxglobal\.com$/i"; classtype:trojan-activity; sid:37932401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27432;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27432 [] Outgoing HTTP Domain portxglobal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portxglobal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portxglobal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27432;) alert ip $HOME_NET any -> 147.185.221.16 30641 (msg: "MISP e27434 [njrat] Outgoing To IP: 147.185.221.16|30641"; classtype:trojan-activity; sid:37935351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 147.185.221.16 30641 (msg: "MISP e27478 [] Outgoing To IP: 147.185.221.16|30641"; classtype:trojan-activity; sid:37941241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert ip $HOME_NET any -> 91.92.242.139 80 (msg: "MISP e27434 [Amadey,ViriBack] Outgoing To IP: 91.92.242.139|80"; classtype:trojan-activity; sid:37935361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27434;) alert ip $HOME_NET any -> 91.92.242.139 80 (msg: "MISP e27478 [] Outgoing To IP: 91.92.242.139|80"; classtype:trojan-activity; sid:37941251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27478;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27433 [] Outgoing URL http|3a|//dev-funzone24.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-funzone24.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37932411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27433;) alert dns any any -> any any (msg: "MISP e27433 [] Domain 2024shopping.ru"; dns.query; content:"2024shopping.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])2024shopping\.ru$/i"; classtype:trojan-activity; sid:37932441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27433;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27433 [] Outgoing HTTP Domain 2024shopping.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"2024shopping.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])2024shopping\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37932442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27433;) alert ip $HOME_NET any -> 128.90.115.54 4433 (msg: "MISP e27551 [c2,Venom] Outgoing To IP: 128.90.115.54|4433"; classtype:trojan-activity; sid:37954311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 5.75.213.10 443 (msg: "MISP e27551 [c2,Vidar] Outgoing To IP: 5.75.213.10|443"; classtype:trojan-activity; sid:37954321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 5.75.213.10 80 (msg: "MISP e27551 [c2,Vidar] Outgoing To IP: 5.75.213.10|80"; classtype:trojan-activity; sid:37954331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 116.202.2.143 80 (msg: "MISP e27551 [c2,Vidar] Outgoing To IP: 116.202.2.143|80"; classtype:trojan-activity; sid:37954341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 95.216.180.93 443 (msg: "MISP e27551 [c2,Vidar] Outgoing To IP: 95.216.180.93|443"; classtype:trojan-activity; sid:37954351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 95.216.180.93 9000 (msg: "MISP e27551 [c2,Vidar] Outgoing To IP: 95.216.180.93|9000"; classtype:trojan-activity; sid:37954361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 95.216.180.93 80 (msg: "MISP e27551 [c2,Vidar] Outgoing To IP: 95.216.180.93|80"; classtype:trojan-activity; sid:37954371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 46.226.166.200 80 (msg: "MISP e27551 [c2,Meduza] Outgoing To IP: 46.226.166.200|80"; classtype:trojan-activity; sid:37954381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 144.202.23.219 80 (msg: "MISP e27551 [c2,Meduza] Outgoing To IP: 144.202.23.219|80"; classtype:trojan-activity; sid:37954391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 193.233.132.69 80 (msg: "MISP e27551 [c2,recordbreaker] Outgoing To IP: 193.233.132.69|80"; classtype:trojan-activity; sid:37954401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 188.25.164.217 8080 (msg: "MISP e27551 [c2,orcus_rat] Outgoing To IP: 188.25.164.217|8080"; classtype:trojan-activity; sid:37954411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 38.207.173.147 8443 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 38.207.173.147|8443"; classtype:trojan-activity; sid:37954421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 69.30.232.229 80 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 69.30.232.229|80"; classtype:trojan-activity; sid:37954431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 69.30.232.226 80 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 69.30.232.226|80"; classtype:trojan-activity; sid:37954441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 89.23.103.208 80 (msg: "MISP e27551 [c2,hook] Outgoing To IP: 89.23.103.208|80"; classtype:trojan-activity; sid:37954451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 107.148.37.67 80 (msg: "MISP e27551 [c2,hook] Outgoing To IP: 107.148.37.67|80"; classtype:trojan-activity; sid:37954461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 187.135.95.46 2080 (msg: "MISP e27551 [c2,darkcomet] Outgoing To IP: 187.135.95.46|2080"; classtype:trojan-activity; sid:37954471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 187.135.95.46 2082 (msg: "MISP e27551 [c2,darkcomet] Outgoing To IP: 187.135.95.46|2082"; classtype:trojan-activity; sid:37954481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 187.135.95.46 2083 (msg: "MISP e27551 [c2,darkcomet] Outgoing To IP: 187.135.95.46|2083"; classtype:trojan-activity; sid:37954491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 187.135.95.46 2086 (msg: "MISP e27551 [c2,darkcomet] Outgoing To IP: 187.135.95.46|2086"; classtype:trojan-activity; sid:37954501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 187.135.95.46 2095 (msg: "MISP e27551 [c2,darkcomet] Outgoing To IP: 187.135.95.46|2095"; classtype:trojan-activity; sid:37954511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 187.135.95.46 2222 (msg: "MISP e27551 [c2,darkcomet] Outgoing To IP: 187.135.95.46|2222"; classtype:trojan-activity; sid:37954521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 187.135.95.46 1723 (msg: "MISP e27551 [c2,darkcomet] Outgoing To IP: 187.135.95.46|1723"; classtype:trojan-activity; sid:37954531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 187.135.95.46 2053 (msg: "MISP e27551 [c2,darkcomet] Outgoing To IP: 187.135.95.46|2053"; classtype:trojan-activity; sid:37954541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 182.149.199.249 50050 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 182.149.199.249|50050"; classtype:trojan-activity; sid:37954551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 5.199.161.93 6783 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 5.199.161.93|6783"; classtype:trojan-activity; sid:37954561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 37.44.238.80 8190 (msg: "MISP e27551 [Mirai] Outgoing To IP: 37.44.238.80|8190"; classtype:trojan-activity; sid:37954271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.124.67.191 15966 (msg: "MISP e27551 [njrat,RAT] Outgoing To IP: 3.124.67.191|15966"; classtype:trojan-activity; sid:37954291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.68.56.232 15966 (msg: "MISP e27551 [njrat,RAT] Outgoing To IP: 3.68.56.232|15966"; classtype:trojan-activity; sid:37954281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.125.188.168 15966 (msg: "MISP e27551 [njrat,RAT] Outgoing To IP: 3.125.188.168|15966"; classtype:trojan-activity; sid:37954301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 217.195.153.215 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 217.195.153.215|443"; classtype:trojan-activity; sid:37954251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 209.54.96.58 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 209.54.96.58|443"; classtype:trojan-activity; sid:37954261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 193.168.143.165 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 193.168.143.165|443"; classtype:trojan-activity; sid:37954241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 155.94.208.162 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 155.94.208.162|443"; classtype:trojan-activity; sid:37954231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 80.66.88.70 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 80.66.88.70|443"; classtype:trojan-activity; sid:37954221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 45.129.199.202 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 45.129.199.202|443"; classtype:trojan-activity; sid:37954201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 46.246.98.52 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 46.246.98.52|443"; classtype:trojan-activity; sid:37954211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 193.168.143.114 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 193.168.143.114|443"; classtype:trojan-activity; sid:37954111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 5.255.120.61 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 5.255.120.61|443"; classtype:trojan-activity; sid:37954121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 155.94.208.159 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 155.94.208.159|443"; classtype:trojan-activity; sid:37954131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 45.61.156.54 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 45.61.156.54|443"; classtype:trojan-activity; sid:37954141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 193.168.143.128 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 193.168.143.128|443"; classtype:trojan-activity; sid:37954151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 5.255.115.46 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 5.255.115.46|443"; classtype:trojan-activity; sid:37954161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 5.255.118.76 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 5.255.118.76|443"; classtype:trojan-activity; sid:37954171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 37.221.67.4 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 37.221.67.4|443"; classtype:trojan-activity; sid:37954181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 45.85.117.121 443 (msg: "MISP e27551 [Latrodectus] Outgoing To IP: 45.85.117.121|443"; classtype:trojan-activity; sid:37954191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27551 [njrat,RAT] Domain stories-boulevard.gl.at.ply.gg"; dns.query; content:"stories-boulevard.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])stories\-boulevard\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37954101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27551 [njrat,RAT] Outgoing HTTP Domain stories-boulevard.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stories-boulevard.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stories\-boulevard\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37954102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27551 [njrat,RAT] Domain points-detect.gl.at.ply.gg"; dns.query; content:"points-detect.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])points\-detect\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37954081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27551 [njrat,RAT] Outgoing HTTP Domain points-detect.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"points-detect.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])points\-detect\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37954082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27551 [njrat,RAT] Domain artist-shared.gl.at.ply.gg"; dns.query; content:"artist-shared.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])artist\-shared\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37954091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27551 [njrat,RAT] Outgoing HTTP Domain artist-shared.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"artist-shared.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])artist\-shared\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37954092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27551 [njrat,RAT] Domain electric-guest.gl.at.ply.gg"; dns.query; content:"electric-guest.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])electric\-guest\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:37954061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27551 [njrat,RAT] Outgoing HTTP Domain electric-guest.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"electric-guest.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])electric\-guest\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37954062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 147.185.221.18 35608 (msg: "MISP e27551 [njrat,RAT] Outgoing To IP: 147.185.221.18|35608"; classtype:trojan-activity; sid:37954071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.125.209.94 10757 (msg: "MISP e27551 [njrat,RAT] Outgoing To IP: 3.125.209.94|10757"; classtype:trojan-activity; sid:37954051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.124.142.205 10757 (msg: "MISP e27551 [njrat,RAT] Outgoing To IP: 3.124.142.205|10757"; classtype:trojan-activity; sid:37954041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 95.142.35.43 $HTTP_PORTS (msg: "MISP e27551 [dcrat] Outgoing URL http|3a|//95.142.35.43/line/updateflower4external/eternalpacketprocesslongpollprotectbasewindowstraffictemporary.php"; flow:to_server,established; http.header; content:"95.142.35.43"; fast_pattern; nocase; http.uri; content:"/line/updateflower4external/eternalpacketprocesslongpollprotectbasewindowstraffictemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37954571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 103.214.173.80 20000 (msg: "MISP e27551 [CLOUDIE-AS-AP Cloudie Limited,sliver] Outgoing To IP: 103.214.173.80|20000"; classtype:trojan-activity; sid:37954601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 179.8.14.54 7443 (msg: "MISP e27551 [Covenant,TELEFONICA CHILE S.A.] Outgoing To IP: 179.8.14.54|7443"; classtype:trojan-activity; sid:37954611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 172.174.105.127 7443 (msg: "MISP e27551 [MICROSOFT-CORP-MSN-AS-BLOCK,Mythic] Outgoing To IP: 172.174.105.127|7443"; classtype:trojan-activity; sid:37954621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 94.103.87.88 445 (msg: "MISP e27551 [Bianlian Go Trojan,VDSINA-AS] Outgoing To IP: 94.103.87.88|445"; classtype:trojan-activity; sid:37954631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 175.197.65.135 8082 (msg: "MISP e27551 [Havoc,KIXS-AS-KR Korea Telecom] Outgoing To IP: 175.197.65.135|8082"; classtype:trojan-activity; sid:37954641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 37.1.214.6 443 (msg: "MISP e27551 [Havoc,HVC-AS] Outgoing To IP: 37.1.214.6|443"; classtype:trojan-activity; sid:37954651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 185.94.164.105 443 (msg: "MISP e27551 [FIRST-SERVER-EU-AS,Havoc] Outgoing To IP: 185.94.164.105|443"; classtype:trojan-activity; sid:37954661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 185.130.46.231 443 (msg: "MISP e27551 [Havoc,PRIVEX] Outgoing To IP: 185.130.46.231|443"; classtype:trojan-activity; sid:37954671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 146.19.173.108 445 (msg: "MISP e27551 [IPCONNECT,Responder] Outgoing To IP: 146.19.173.108|445"; classtype:trojan-activity; sid:37954681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 201.124.218.102 995 (msg: "MISP e27551 [QakBot,UNINET] Outgoing To IP: 201.124.218.102|995"; classtype:trojan-activity; sid:37954691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 41.99.9.210 443 (msg: "MISP e27551 [ALGTEL-AS,QakBot] Outgoing To IP: 41.99.9.210|443"; classtype:trojan-activity; sid:37954701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 46.246.12.2 6000 (msg: "MISP e27551 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.12.2|6000"; classtype:trojan-activity; sid:37954711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 59.174.225.176 8888 (msg: "MISP e27551 [CHINANET-BACKBONE No.31Jin-rong Street,Supershell] Outgoing To IP: 59.174.225.176|8888"; classtype:trojan-activity; sid:37954721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 85.192.40.131 80 (msg: "MISP e27551 [AEZA-AS,Meduza Stealer] Outgoing To IP: 85.192.40.131|80"; classtype:trojan-activity; sid:37954731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 157.245.16.54 80 (msg: "MISP e27551 [DIGITALOCEAN-ASN,Hookbot Pegasus] Outgoing To IP: 157.245.16.54|80"; classtype:trojan-activity; sid:37954741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 188.120.254.185 80 (msg: "MISP e27551 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 188.120.254.185|80"; classtype:trojan-activity; sid:37954751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e24600 [] Domain post-lu.work"; dns.query; content:"post-lu.work"; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\.work$/i"; classtype:trojan-activity; sid:38180081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain post-lu.work"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"post-lu.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180082; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain post-lu.fit"; dns.query; content:"post-lu.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\.fit$/i"; classtype:trojan-activity; sid:38180131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain post-lu.fit"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"post-lu.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180132; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e27651 [] Domain e-seb-lt-v3eservicescom458109.codeanyapp.com"; dns.query; content:"e-seb-lt-v3eservicescom458109.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-seb\-lt\-v3eservicescom458109\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:38011971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27651;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27651 [] Outgoing HTTP Domain e-seb-lt-v3eservicescom458109.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e-seb-lt-v3eservicescom458109.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e\-seb\-lt\-v3eservicescom458109\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38011972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27651;) alert dns any any -> any any (msg: "MISP e27435 [] Domain acceso-personal-banestado.pages.dev"; dns.query; content:"acceso-personal-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])acceso\-personal\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37935381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27435;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27435 [] Outgoing HTTP Domain acceso-personal-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"acceso-personal-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])acceso\-personal\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27435;) alert ip $HOME_NET any -> 5.75.214.7 9000 (msg: "MISP e27551 [Vidar] Outgoing To IP: 5.75.214.7|9000"; classtype:trojan-activity; sid:37954761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 172.96.14.4 2404 (msg: "MISP e27565 [] Outgoing To IP: 172.96.14.4|2404"; classtype:trojan-activity; sid:37957291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27565;) alert ip $HOME_NET any -> 103.151.123.225 7800 (msg: "MISP e27551 [STRRAT] Outgoing To IP: 103.151.123.225|7800"; classtype:trojan-activity; sid:37954861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e24600 [] Domain qwxwuej.wixsite.com"; dns.query; content:"qwxwuej.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qwxwuej\.wixsite\.com$/i"; classtype:trojan-activity; sid:38180181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain qwxwuej.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qwxwuej.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qwxwuej\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180182; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 122.51.118.39 23333 (msg: "MISP e27551 [CobaltStrike] Outgoing To IP: 122.51.118.39|23333"; classtype:trojan-activity; sid:37954871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e24600 [] Domain reset.hubup.cloud"; dns.query; content:"reset.hubup.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])reset\.hubup\.cloud$/i"; classtype:trojan-activity; sid:38180231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain reset.hubup.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reset.hubup.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reset\.hubup\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180232; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 122.51.118.39 23333 (msg: "MISP e27551 [CobaltStrike] Outgoing URL http|3a|//122.51.118.39|3a|23333/vfo2"; flow:to_server,established; http.header; content:"122.51.118.39"; fast_pattern; nocase; http.uri; content:"/vfo2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37954881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27648 [] Domain bancontact.pay-startauth.com"; dns.query; content:"bancontact.pay-startauth.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancontact\.pay\-startauth\.com$/i"; classtype:trojan-activity; sid:38007871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27648;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27648 [] Outgoing HTTP Domain bancontact.pay-startauth.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancontact.pay-startauth.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancontact\.pay\-startauth\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007872; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27648;) alert dns any any -> any any (msg: "MISP e27674 [] Hostname mail.eigrace.com"; dns.query; content:"mail.eigrace.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.eigrace\.com$/i"; classtype:trojan-activity; sid:38013191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27674;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27674 [] Outgoing HTTP Hostname mail.eigrace.com"; flow:to_server,established; http.header; content: "Host|3a| mail.eigrace.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.eigrace\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38013192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27674;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27674 [] Source Email Address: matjaz@eigrace.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"matjaz@eigrace.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38013201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27674;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27674 [] Destination Email Address: matjaz@eigrace.com"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"matjaz@eigrace.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38013211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27674;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesbelgium.com"; dns.query; content:"andotherstoriesbelgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesbelgium\.com$/i"; classtype:trojan-activity; sid:38160961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesbelgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesbelgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesbelgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesusa.com"; dns.query; content:"andotherstoriesusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesusa\.com$/i"; classtype:trojan-activity; sid:38160971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boden-hrvatska.com"; dns.query; content:"boden-hrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-hrvatska\.com$/i"; classtype:trojan-activity; sid:38160981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boden-hrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boden-hrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boden\-hrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodensrbija.com"; dns.query; content:"bodensrbija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodensrbija\.com$/i"; classtype:trojan-activity; sid:38160991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodensrbija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodensrbija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodensrbija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38160992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doc-martensisrael.com"; dns.query; content:"doc-martensisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doc\-martensisrael\.com$/i"; classtype:trojan-activity; sid:38161001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doc-martensisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doc-martensisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doc\-martensisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doctor-martens-sg.com"; dns.query; content:"doctor-martens-sg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doctor\-martens\-sg\.com$/i"; classtype:trojan-activity; sid:38161011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doctor-martens-sg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doctor-martens-sg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doctor\-martens\-sg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkshop-schweiz.com"; dns.query; content:"gymsharkshop-schweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkshop\-schweiz\.com$/i"; classtype:trojan-activity; sid:38161021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkshop-schweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkshop-schweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkshop\-schweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lojalululemonportugal.com"; dns.query; content:"lojalululemonportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lojalululemonportugal\.com$/i"; classtype:trojan-activity; sid:38161031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lojalululemonportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lojalululemonportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lojalululemonportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonch.com"; dns.query; content:"lululemonch.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonch\.com$/i"; classtype:trojan-activity; sid:38161041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonch.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonch.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonch\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonforhandlerdanmark.com"; dns.query; content:"lululemonforhandlerdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonforhandlerdanmark\.com$/i"; classtype:trojan-activity; sid:38161051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonforhandlerdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonforhandlerdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonforhandlerdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonhrvatska.com"; dns.query; content:"lululemonhrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonhrvatska\.com$/i"; classtype:trojan-activity; sid:38161061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonhrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonhrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonhrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonjakkenorge.com"; dns.query; content:"lululemonjakkenorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonjakkenorge\.com$/i"; classtype:trojan-activity; sid:38161071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonjakkenorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonjakkenorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonjakkenorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonjapanoutlet.com"; dns.query; content:"lululemonjapanoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonjapanoutlet\.com$/i"; classtype:trojan-activity; sid:38161081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonjapanoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonjapanoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonjapanoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonleggingssuomi.com"; dns.query; content:"lululemonleggingssuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonleggingssuomi\.com$/i"; classtype:trojan-activity; sid:38161091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonleggingssuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonleggingssuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonleggingssuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonlegginsypolska.com"; dns.query; content:"lululemonlegginsypolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonlegginsypolska\.com$/i"; classtype:trojan-activity; sid:38161101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonlegginsypolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonlegginsypolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonlegginsypolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonmagyarorszag.com"; dns.query; content:"lululemonmagyarorszag.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonmagyarorszag\.com$/i"; classtype:trojan-activity; sid:38161111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonmagyarorszag.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonmagyarorszag.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonmagyarorszag\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonoutletnederland.com"; dns.query; content:"lululemonoutletnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonoutletnederland\.com$/i"; classtype:trojan-activity; sid:38161121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonoutletnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonoutletnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonoutletnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonslovensko.com"; dns.query; content:"lululemonslovensko.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonslovensko\.com$/i"; classtype:trojan-activity; sid:38161131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonslovensko.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonslovensko.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonslovensko\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onitsukashoesuk.com"; dns.query; content:"onitsukashoesuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesuk\.com$/i"; classtype:trojan-activity; sid:38161141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onitsukashoesuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onitsukashoesuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendalululemonchile.com"; dns.query; content:"tiendalululemonchile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendalululemonchile\.com$/i"; classtype:trojan-activity; sid:38161151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendalululemonchile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendalululemonchile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendalululemonchile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumihelsinki.com"; dns.query; content:"tumihelsinki.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumihelsinki\.com$/i"; classtype:trojan-activity; sid:38161161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumihelsinki.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumihelsinki.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumihelsinki\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumi-norge.com"; dns.query; content:"tumi-norge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-norge\.com$/i"; classtype:trojan-activity; sid:38161171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumi-norge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumi-norge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumi\-norge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiriyadh.com"; dns.query; content:"tumiriyadh.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiriyadh\.com$/i"; classtype:trojan-activity; sid:38161181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiriyadh.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiriyadh.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiriyadh\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> 79.124.40.106 81 (msg: "MISP e27551 [CobaltStrike,cs-watermark-987654321,Tamatiya EOOD] Outgoing URL http|3a|//79.124.40.106|3a|81/en_us/all.js"; flow:to_server,established; http.header; content:"79.124.40.106"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37954941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 43.153.222.28 4646 (msg: "MISP e27551 [CobaltStrike,cs-watermark-100000,Tencent Building Kejizhongyi Avenue] Outgoing URL http|3a|//43.153.222.28|3a|4646/dot.gif"; flow:to_server,established; http.header; content:"43.153.222.28"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37954951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27551 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Domain dns.trailcocompany.com"; dns.query; content:"dns.trailcocompany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.trailcocompany\.com$/i"; classtype:trojan-activity; sid:37954961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27551 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing HTTP Domain dns.trailcocompany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.trailcocompany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.trailcocompany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37954962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 137.220.55.94 53 (msg: "MISP e27551 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing To IP: 137.220.55.94|53"; classtype:trojan-activity; sid:37954971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 47.100.229.207 $HTTP_PORTS (msg: "MISP e27551 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-1359593325] Outgoing URL http|3a|//47.100.229.207/dot.gif"; flow:to_server,established; http.header; content:"47.100.229.207"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 118.194.233.185 $HTTP_PORTS (msg: "MISP e27551 [CobaltStrike,cs-watermark-987654321,UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED] Outgoing URL http|3a|//118.194.233.185/load"; flow:to_server,established; http.header; content:"118.194.233.185"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27436 [] Domain banco.estadosoporte.info"; dns.query; content:"banco.estadosoporte.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estadosoporte\.info$/i"; classtype:trojan-activity; sid:37935461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27436;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27436 [] Outgoing HTTP Domain banco.estadosoporte.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banco.estadosoporte.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estadosoporte\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27436;) alert dns any any -> any any (msg: "MISP e27551 [CobaltStrike,cs-watermark-1452042342,DIGITALOCEAN-ASN] Domain wizjqpi1.azureedge.net"; dns.query; content:"wizjqpi1.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])wizjqpi1\.azureedge\.net$/i"; classtype:trojan-activity; sid:37955041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27551 [CobaltStrike,cs-watermark-1452042342,DIGITALOCEAN-ASN] Outgoing HTTP Domain wizjqpi1.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wizjqpi1.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wizjqpi1\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37955042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 159.203.67.15 443 (msg: "MISP e27551 [CobaltStrike,cs-watermark-1452042342,DIGITALOCEAN-ASN] Outgoing To IP: 159.203.67.15|443"; classtype:trojan-activity; sid:37955051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 8.219.54.123 $HTTP_PORTS (msg: "MISP e27551 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//8.219.54.123/ga.js"; flow:to_server,established; http.header; content:"8.219.54.123"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27676 [] Outgoing URL banakanet-nkbm.com"; flow:to_server,established; http.uri; content:"banakanet-nkbm.com"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38013411; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27676;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing URL order-lu.com"; flow:to_server,established; http.uri; content:"order-lu.com"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38180241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 145.239.202.110 81 (msg: "MISP e27551 [DarkGate,GB,OVH SAS,PRUEBASVBS,vbs] Outgoing URL http|3a|//145.239.202.110|3a|81/dark.vbs"; flow:to_server,established; http.header; content:"145.239.202.110"; fast_pattern; nocase; http.uri; content:"/dark.vbs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37954901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 145.239.202.110 8094 (msg: "MISP e27551 [DarkGate,GB,OVH SAS,preubasvbs,vbs] Outgoing To IP: 145.239.202.110|8094"; classtype:trojan-activity; sid:37954891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.67.112.102 19976 (msg: "MISP e27551 [njrat,RAT] Outgoing To IP: 3.67.112.102|19976"; classtype:trojan-activity; sid:37954581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.64.4.198 19976 (msg: "MISP e27551 [njrat,RAT] Outgoing To IP: 3.64.4.198|19976"; classtype:trojan-activity; sid:37954591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 104.237.252.14 80 (msg: "MISP e27551 [infostealer,LokiBot,stealer] Outgoing To IP: 104.237.252.14|80"; classtype:trojan-activity; sid:37954851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27437 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37935541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27437;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27437 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27437;) alert dns any any -> any any (msg: "MISP e27438 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37935621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27438;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27438 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27438;) alert dns any any -> any any (msg: "MISP e27439 [] Domain bepass-bestado.pages.dev"; dns.query; content:"bepass-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37935701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27439;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27439 [] Outgoing HTTP Domain bepass-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bepass-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27439;) alert dns any any -> any any (msg: "MISP e27440 [] Domain portal-estado.pages.dev"; dns.query; content:"portal-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37935781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27440;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27440 [] Outgoing HTTP Domain portal-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27440;) alert dns any any -> any any (msg: "MISP e27441 [] Domain bepass-bestado.pages.dev"; dns.query; content:"bepass-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37935861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27441;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27441 [] Outgoing HTTP Domain bepass-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bepass-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27441;) alert dns any any -> any any (msg: "MISP e27442 [] Domain portal-banestado.pages.dev"; dns.query; content:"portal-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37935941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27442;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27442 [] Outgoing HTTP Domain portal-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37935942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27442;) alert dns any any -> any any (msg: "MISP e27443 [] Domain simula-banestado.pages.dev"; dns.query; content:"simula-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])simula\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37936021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27443;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27443 [] Outgoing HTTP Domain simula-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"simula-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])simula\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37936022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27443;) alert dns any any -> any any (msg: "MISP e27444 [] Domain micro-bancaestado.pages.dev"; dns.query; content:"micro-bancaestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37936101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27444;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27444 [] Outgoing HTTP Domain micro-bancaestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"micro-bancaestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37936102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27444;) alert dns any any -> any any (msg: "MISP e27445 [] Domain ifepatito.khansouq.com"; dns.query; content:"ifepatito.khansouq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com$/i"; classtype:trojan-activity; sid:37936181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27445;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27445 [] Outgoing HTTP Domain ifepatito.khansouq.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ifepatito.khansouq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ifepatito\.khansouq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37936182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27445;) alert dns any any -> any any (msg: "MISP e27446 [] Domain ingreso-banestado.pages.dev"; dns.query; content:"ingreso-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])ingreso\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37936261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27446;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27446 [] Outgoing HTTP Domain ingreso-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ingreso-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ingreso\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37936262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27446;) alert dns any any -> any any (msg: "MISP e27447 [] Domain wwwhomstadosms.info"; dns.query; content:"wwwhomstadosms.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwhomstadosms\.info$/i"; classtype:trojan-activity; sid:37936361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27447;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27447 [] Outgoing HTTP Domain wwwhomstadosms.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwhomstadosms.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwhomstadosms\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37936362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27447;) alert http $HOME_NET any -> 60.246.28.219 34035 (msg: "MISP e27551 [] Outgoing URL http|3a|//60.246.28.219|3a|34035/mozi.m"; flow:to_server,established; http.header; content:"60.246.28.219"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27448 [] Domain wwwhomstadosms.info"; dns.query; content:"wwwhomstadosms.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwhomstadosms\.info$/i"; classtype:trojan-activity; sid:37936461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27448;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27448 [] Outgoing HTTP Domain wwwhomstadosms.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwhomstadosms.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwhomstadosms\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37936462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27448;) alert dns any any -> any any (msg: "MISP e27449 [] Domain estado.accesoclientes.info"; dns.query; content:"estado.accesoclientes.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info$/i"; classtype:trojan-activity; sid:37936541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27449;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27449 [] Outgoing HTTP Domain estado.accesoclientes.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado.accesoclientes.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37936542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27449;) alert http $HOME_NET any -> 117.72.46.146 $HTTP_PORTS (msg: "MISP e27551 [China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//117.72.46.146/ga.js"; flow:to_server,established; http.header; content:"117.72.46.146"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 117.72.46.146 80 (msg: "MISP e27551 [China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 117.72.46.146|80"; classtype:trojan-activity; sid:37955101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27454 [] Domain consumos-banestado.pages.dev"; dns.query; content:"consumos-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37936991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27454;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27454 [] Outgoing HTTP Domain consumos-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consumos-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37936992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27454;) alert dns any any -> any any (msg: "MISP e27463 [] Domain ingresos-banestado-webcl.pages.dev"; dns.query; content:"ingresos-banestado-webcl.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])ingresos\-banestado\-webcl\.pages\.dev$/i"; classtype:trojan-activity; sid:37937391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27463;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27463 [] Outgoing HTTP Domain ingresos-banestado-webcl.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ingresos-banestado-webcl.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ingresos\-banestado\-webcl\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27463;) alert ip $HOME_NET any -> 3.127.138.57 17647 (msg: "MISP e27551 [njrat,RAT] Outgoing To IP: 3.127.138.57|17647"; classtype:trojan-activity; sid:37955121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.68.56.232 10352 (msg: "MISP e27551 [njrat,RAT] Outgoing To IP: 3.68.56.232|10352"; classtype:trojan-activity; sid:37955131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 18.156.13.209 17647 (msg: "MISP e27551 [njrat,RAT] Outgoing To IP: 18.156.13.209|17647"; classtype:trojan-activity; sid:37955111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27465 [] Domain wwwhomstadosms.info"; dns.query; content:"wwwhomstadosms.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwhomstadosms\.info$/i"; classtype:trojan-activity; sid:37937531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27465;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27465 [] Outgoing HTTP Domain wwwhomstadosms.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wwwhomstadosms.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wwwhomstadosms\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37937532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27465;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27656 [] Outgoing URL http|3a|//marine.chevalier.online.fr/yVFmsRPrpPNhPKWbQs"; flow:to_server,established; http.header; content:"marine.chevalier.online.fr"; fast_pattern; nocase; http.uri; content:"/yVFmsRPrpPNhPKWbQs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38012111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27656;) alert dns any any -> any any (msg: "MISP e24600 [] Domain ddf.is-a-soxfan.org"; dns.query; content:"ddf.is-a-soxfan.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])ddf\.is\-a\-soxfan\.org$/i"; classtype:trojan-activity; sid:38180301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain ddf.is-a-soxfan.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ddf.is-a-soxfan.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ddf\.is\-a\-soxfan\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180302; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriescanada.com"; dns.query; content:"andotherstoriescanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriescanada\.com$/i"; classtype:trojan-activity; sid:38161191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriescanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriescanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriescanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain andotherstoriesportugal.com"; dns.query; content:"andotherstoriesportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesportugal\.com$/i"; classtype:trojan-activity; sid:38161201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain andotherstoriesportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"andotherstoriesportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])andotherstoriesportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bodenslovenia.com"; dns.query; content:"bodenslovenia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenslovenia\.com$/i"; classtype:trojan-activity; sid:38161211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bodenslovenia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bodenslovenia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bodenslovenia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain drmartenschile-cl.com"; dns.query; content:"drmartenschile-cl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartenschile\-cl\.com$/i"; classtype:trojan-activity; sid:38161221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain drmartenschile-cl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drmartenschile-cl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartenschile\-cl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonbelgie.com"; dns.query; content:"lululemonbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonbelgie\.com$/i"; classtype:trojan-activity; sid:38161231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonoutletfrance.com"; dns.query; content:"lululemonoutletfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonoutletfrance\.com$/i"; classtype:trojan-activity; sid:38161241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonoutletfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonoutletfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonoutletfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonsrbija.com"; dns.query; content:"lululemonsrbija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonsrbija\.com$/i"; classtype:trojan-activity; sid:38161251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonsrbija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonsrbija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonsrbija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemontr.com"; dns.query; content:"lululemontr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemontr\.com$/i"; classtype:trojan-activity; sid:38161261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemontr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemontr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemontr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain luluoutletstore.com"; dns.query; content:"luluoutletstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])luluoutletstore\.com$/i"; classtype:trojan-activity; sid:38161271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain luluoutletstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luluoutletstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luluoutletstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletargentina.com"; dns.query; content:"melissaoutletargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletargentina\.com$/i"; classtype:trojan-activity; sid:38161281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletitalia.com"; dns.query; content:"melissaoutletitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletitalia\.com$/i"; classtype:trojan-activity; sid:38161291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletromania.com"; dns.query; content:"melissaoutletromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletromania\.com$/i"; classtype:trojan-activity; sid:38161301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaaustria.com"; dns.query; content:"rimowaaustria.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaaustria\.com$/i"; classtype:trojan-activity; sid:38161311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaaustria.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaaustria.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaaustria\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-ireland.com"; dns.query; content:"rimowa-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-ireland\.com$/i"; classtype:trojan-activity; sid:38161321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaluggagenz.com"; dns.query; content:"rimowaluggagenz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaluggagenz\.com$/i"; classtype:trojan-activity; sid:38161331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaluggagenz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaluggagenz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaluggagenz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-norge.com"; dns.query; content:"rimowa-norge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-norge\.com$/i"; classtype:trojan-activity; sid:38161341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-norge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-norge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-norge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaphilippinesonline.com"; dns.query; content:"rimowaphilippinesonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaphilippinesonline\.com$/i"; classtype:trojan-activity; sid:38161351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaphilippinesonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaphilippinesonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaphilippinesonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-suomi.com"; dns.query; content:"rimowa-suomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-suomi\.com$/i"; classtype:trojan-activity; sid:38161361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-suomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-suomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-suomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-uk.com"; dns.query; content:"rimowa-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-uk\.com$/i"; classtype:trojan-activity; sid:38161371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> 200.58.122.18 $HTTP_PORTS (msg: "MISP e27551 [FakeUpdateRU] Outgoing URL http|3a|//200.58.122.18/"; flow:to_server,established; http.header; content:"200.58.122.18"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 96.126.101.138 $HTTP_PORTS (msg: "MISP e27551 [FakeUpdateRU] Outgoing URL http|3a|//96.126.101.138/"; flow:to_server,established; http.header; content:"96.126.101.138"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27489 [] Domain tarifas-banestado.pages.dev"; dns.query; content:"tarifas-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37942591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27489;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27489 [] Outgoing HTTP Domain tarifas-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tarifas-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37942592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27489;) alert dns any any -> any any (msg: "MISP e27007 [] Domain adidasyeezyireland.com"; dns.query; content:"adidasyeezyireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])adidasyeezyireland\.com$/i"; classtype:trojan-activity; sid:38161381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain adidasyeezyireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adidasyeezyireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adidasyeezyireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aetrexshoesireland.com"; dns.query; content:"aetrexshoesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aetrexshoesireland\.com$/i"; classtype:trojan-activity; sid:38161391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aetrexshoesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aetrexshoesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aetrexshoesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aigleireland.com"; dns.query; content:"aigleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aigleireland\.com$/i"; classtype:trojan-activity; sid:38161401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aigleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aigleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aigleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aiglestockistsireland.com"; dns.query; content:"aiglestockistsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aiglestockistsireland\.com$/i"; classtype:trojan-activity; sid:38161411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aiglestockistsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aiglestockistsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aiglestockistsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain airjordan-ireland.com"; dns.query; content:"airjordan-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])airjordan\-ireland\.com$/i"; classtype:trojan-activity; sid:38161421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain airjordan-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"airjordan-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])airjordan\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain airjordanireland.com"; dns.query; content:"airjordanireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])airjordanireland\.com$/i"; classtype:trojan-activity; sid:38161431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain airjordanireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"airjordanireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])airjordanireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aldoirelandonline.com"; dns.query; content:"aldoirelandonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aldoirelandonline\.com$/i"; classtype:trojan-activity; sid:38161441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aldoirelandonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aldoirelandonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aldoirelandonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain allsaintsireland.com"; dns.query; content:"allsaintsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])allsaintsireland\.com$/i"; classtype:trojan-activity; sid:38161451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain allsaintsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"allsaintsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])allsaintsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aloyogasaleireland.com"; dns.query; content:"aloyogasaleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aloyogasaleireland\.com$/i"; classtype:trojan-activity; sid:38161461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aloyogasaleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aloyogasaleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aloyogasaleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain amiparisireland.com"; dns.query; content:"amiparisireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])amiparisireland\.com$/i"; classtype:trojan-activity; sid:38161471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain amiparisireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"amiparisireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])amiparisireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arashoessaleireland.com"; dns.query; content:"arashoessaleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arashoessaleireland\.com$/i"; classtype:trojan-activity; sid:38161481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arashoessaleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arashoessaleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arashoessaleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arcteryx-ireland.com"; dns.query; content:"arcteryx-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arcteryx\-ireland\.com$/i"; classtype:trojan-activity; sid:38161491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arcteryx-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arcteryx-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arcteryx\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain arcteryxireland.com"; dns.query; content:"arcteryxireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arcteryxireland\.com$/i"; classtype:trojan-activity; sid:38161501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain arcteryxireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arcteryxireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arcteryxireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain armani-ireland.com"; dns.query; content:"armani-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])armani\-ireland\.com$/i"; classtype:trojan-activity; sid:38161511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain armani-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"armani-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])armani\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain armaniireland.com"; dns.query; content:"armaniireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])armaniireland\.com$/i"; classtype:trojan-activity; sid:38161521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain armaniireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"armaniireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])armaniireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asics-ie.com"; dns.query; content:"asics-ie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asics\-ie\.com$/i"; classtype:trojan-activity; sid:38161531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asics-ie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asics-ie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asics\-ie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asics-ireland.com"; dns.query; content:"asics-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asics\-ireland\.com$/i"; classtype:trojan-activity; sid:38161541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asics-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asics-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asics\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicsirelandoutlet.com"; dns.query; content:"asicsirelandoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsirelandoutlet\.com$/i"; classtype:trojan-activity; sid:38161551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicsirelandoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicsirelandoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsirelandoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicsoutletsireland.com"; dns.query; content:"asicsoutletsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsoutletsireland\.com$/i"; classtype:trojan-activity; sid:38161561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicsoutletsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicsoutletsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsoutletsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain autryireland.com"; dns.query; content:"autryireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])autryireland\.com$/i"; classtype:trojan-activity; sid:38161571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain autryireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"autryireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])autryireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bataireland.com"; dns.query; content:"bataireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bataireland\.com$/i"; classtype:trojan-activity; sid:38161581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bataireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bataireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bataireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain belstaffoutletireland.com"; dns.query; content:"belstaffoutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])belstaffoutletireland\.com$/i"; classtype:trojan-activity; sid:38161591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain belstaffoutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"belstaffoutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])belstaffoutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain benetton-ireland.com"; dns.query; content:"benetton-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])benetton\-ireland\.com$/i"; classtype:trojan-activity; sid:38161601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain benetton-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"benetton-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])benetton\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain benettonireland.com"; dns.query; content:"benettonireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])benettonireland\.com$/i"; classtype:trojan-activity; sid:38161611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain benettonireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"benettonireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])benettonireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain betseyjohnsonireland.com"; dns.query; content:"betseyjohnsonireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])betseyjohnsonireland\.com$/i"; classtype:trojan-activity; sid:38161621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain betseyjohnsonireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"betseyjohnsonireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])betseyjohnsonireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain billabong-ireland.com"; dns.query; content:"billabong-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])billabong\-ireland\.com$/i"; classtype:trojan-activity; sid:38161631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain billabong-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"billabong-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])billabong\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain billabongireland.com"; dns.query; content:"billabongireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])billabongireland\.com$/i"; classtype:trojan-activity; sid:38161641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain billabongireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"billabongireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])billabongireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain blundstonebootsdublin.com"; dns.query; content:"blundstonebootsdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])blundstonebootsdublin\.com$/i"; classtype:trojan-activity; sid:38161651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain blundstonebootsdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blundstonebootsdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blundstonebootsdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain brixtonireland.com"; dns.query; content:"brixtonireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])brixtonireland\.com$/i"; classtype:trojan-activity; sid:38161661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain brixtonireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brixtonireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brixtonireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain brookssaleireland.com"; dns.query; content:"brookssaleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])brookssaleireland\.com$/i"; classtype:trojan-activity; sid:38161671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain brookssaleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"brookssaleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])brookssaleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bugatti-ireland.com"; dns.query; content:"bugatti-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bugatti\-ireland\.com$/i"; classtype:trojan-activity; sid:38161681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bugatti-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bugatti-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bugatti\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bugattishoesdublin.com"; dns.query; content:"bugattishoesdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bugattishoesdublin\.com$/i"; classtype:trojan-activity; sid:38161691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bugattishoesdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bugattishoesdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bugattishoesdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bugattishoesireland.com"; dns.query; content:"bugattishoesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bugattishoesireland\.com$/i"; classtype:trojan-activity; sid:38161701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bugattishoesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bugattishoesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bugattishoesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casioireland.com"; dns.query; content:"casioireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casioireland\.com$/i"; classtype:trojan-activity; sid:38161711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casioireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casioireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casioireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain catbootsdublin.com"; dns.query; content:"catbootsdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])catbootsdublin\.com$/i"; classtype:trojan-activity; sid:38161721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain catbootsdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"catbootsdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])catbootsdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain caterpillardublin.com"; dns.query; content:"caterpillardublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillardublin\.com$/i"; classtype:trojan-activity; sid:38161731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain caterpillardublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caterpillardublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillardublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain caterpillaronlineireland.com"; dns.query; content:"caterpillaronlineireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillaronlineireland\.com$/i"; classtype:trojan-activity; sid:38161741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain caterpillaronlineireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caterpillaronlineireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillaronlineireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain caterpillaroutletireland.com"; dns.query; content:"caterpillaroutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillaroutletireland\.com$/i"; classtype:trojan-activity; sid:38161751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain caterpillaroutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caterpillaroutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillaroutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain champion-ireland.com"; dns.query; content:"champion-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])champion\-ireland\.com$/i"; classtype:trojan-activity; sid:38161761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain champion-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"champion-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])champion\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain chloeireland.net"; dns.query; content:"chloeireland.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])chloeireland\.net$/i"; classtype:trojan-activity; sid:38161771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain chloeireland.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chloeireland.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chloeireland\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksireland.com"; dns.query; content:"clarksireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksireland\.com$/i"; classtype:trojan-activity; sid:38161781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksshoesonlineireland.com"; dns.query; content:"clarksshoesonlineireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksshoesonlineireland\.com$/i"; classtype:trojan-activity; sid:38161791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksshoesonlineireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksshoesonlineireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksshoesonlineireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksstoreireland.com"; dns.query; content:"clarksstoreireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksstoreireland\.com$/i"; classtype:trojan-activity; sid:38161801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksstoreireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksstoreireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksstoreireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain columbiadublin.com"; dns.query; content:"columbiadublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])columbiadublin\.com$/i"; classtype:trojan-activity; sid:38161811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain columbiadublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"columbiadublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])columbiadublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain columbiairelandoutlet.com"; dns.query; content:"columbiairelandoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])columbiairelandoutlet\.com$/i"; classtype:trojan-activity; sid:38161821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain columbiairelandoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"columbiairelandoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])columbiairelandoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain commonprojectsdublin.com"; dns.query; content:"commonprojectsdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])commonprojectsdublin\.com$/i"; classtype:trojan-activity; sid:38161831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain commonprojectsdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"commonprojectsdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])commonprojectsdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain converseinireland.com"; dns.query; content:"converseinireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])converseinireland\.com$/i"; classtype:trojan-activity; sid:38161841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain converseinireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"converseinireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])converseinireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain converseonlineireland.com"; dns.query; content:"converseonlineireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])converseonlineireland\.com$/i"; classtype:trojan-activity; sid:38161851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain converseonlineireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"converseonlineireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])converseonlineireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoes-ireland.com"; dns.query; content:"dcshoes-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-ireland\.com$/i"; classtype:trojan-activity; sid:38161861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoes-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoes-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain demoniashoeireland.com"; dns.query; content:"demoniashoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])demoniashoeireland\.com$/i"; classtype:trojan-activity; sid:38161871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain demoniashoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"demoniashoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])demoniashoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain desigualireland.com"; dns.query; content:"desigualireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])desigualireland\.com$/i"; classtype:trojan-activity; sid:38161881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain desigualireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"desigualireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])desigualireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain diadoraoutletireland.com"; dns.query; content:"diadoraoutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])diadoraoutletireland\.com$/i"; classtype:trojan-activity; sid:38161891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain diadoraoutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"diadoraoutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])diadoraoutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dickies-ireland.com"; dns.query; content:"dickies-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dickies\-ireland\.com$/i"; classtype:trojan-activity; sid:38161901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dickies-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dickies-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dickies\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doccmartensireland.com"; dns.query; content:"doccmartensireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doccmartensireland\.com$/i"; classtype:trojan-activity; sid:38161911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doccmartensireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doccmartensireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doccmartensireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain drmartens-ireland.com"; dns.query; content:"drmartens-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartens\-ireland\.com$/i"; classtype:trojan-activity; sid:38161921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain drmartens-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drmartens-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartens\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dubarryireland.com"; dns.query; content:"dubarryireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dubarryireland\.com$/i"; classtype:trojan-activity; sid:38161931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dubarryireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dubarryireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dubarryireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dunelondonirelands.com"; dns.query; content:"dunelondonirelands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dunelondonirelands\.com$/i"; classtype:trojan-activity; sid:38161941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dunelondonirelands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dunelondonirelands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dunelondonirelands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ecco-dublin.com"; dns.query; content:"ecco-dublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecco\-dublin\.com$/i"; classtype:trojan-activity; sid:38161951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ecco-dublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecco-dublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecco\-dublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain eccoclearanceireland.com"; dns.query; content:"eccoclearanceireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eccoclearanceireland\.com$/i"; classtype:trojan-activity; sid:38161961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain eccoclearanceireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eccoclearanceireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eccoclearanceireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain eccoshoesdublin.com"; dns.query; content:"eccoshoesdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eccoshoesdublin\.com$/i"; classtype:trojan-activity; sid:38161971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain eccoshoesdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eccoshoesdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eccoshoesdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain eireannmada.com"; dns.query; content:"eireannmada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eireannmada\.com$/i"; classtype:trojan-activity; sid:38161981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain eireannmada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eireannmada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eireannmada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain etniesireland.com"; dns.query; content:"etniesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])etniesireland\.com$/i"; classtype:trojan-activity; sid:38161991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain etniesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"etniesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])etniesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38161992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fila-ireland.com"; dns.query; content:"fila-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fila\-ireland\.com$/i"; classtype:trojan-activity; sid:38162001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fila-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fila-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fila\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain filaireland.com"; dns.query; content:"filaireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])filaireland\.com$/i"; classtype:trojan-activity; sid:38162011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain filaireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"filaireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])filaireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fitflopdublin.com"; dns.query; content:"fitflopdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopdublin\.com$/i"; classtype:trojan-activity; sid:38162021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fitflopdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fitflopdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fitflopoutletireland.com"; dns.query; content:"fitflopoutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopoutletireland\.com$/i"; classtype:trojan-activity; sid:38162031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fitflopoutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fitflopoutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopoutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fossilireland.com"; dns.query; content:"fossilireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fossilireland\.com$/i"; classtype:trojan-activity; sid:38162041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fossilireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fossilireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fossilireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fossilirelandsale.com"; dns.query; content:"fossilirelandsale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fossilirelandsale\.com$/i"; classtype:trojan-activity; sid:38162051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fossilirelandsale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fossilirelandsale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fossilirelandsale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fredperrydublin.com"; dns.query; content:"fredperrydublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrydublin\.com$/i"; classtype:trojan-activity; sid:38162061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fredperrydublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fredperrydublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrydublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fredperryireland.com"; dns.query; content:"fredperryireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperryireland\.com$/i"; classtype:trojan-activity; sid:38162071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fredperryireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fredperryireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperryireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fredperrysaleireland.com"; dns.query; content:"fredperrysaleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrysaleireland\.com$/i"; classtype:trojan-activity; sid:38162081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fredperrysaleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fredperrysaleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrysaleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fryeireland.com"; dns.query; content:"fryeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fryeireland\.com$/i"; classtype:trojan-activity; sid:38162091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fryeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fryeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fryeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain furlaireland.com"; dns.query; content:"furlaireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])furlaireland\.com$/i"; classtype:trojan-activity; sid:38162101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain furlaireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"furlaireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])furlaireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain g-stardublin.com"; dns.query; content:"g-stardublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])g\-stardublin\.com$/i"; classtype:trojan-activity; sid:38162111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain g-stardublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"g-stardublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])g\-stardublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gcdsireland.com"; dns.query; content:"gcdsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gcdsireland\.com$/i"; classtype:trojan-activity; sid:38162121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gcdsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gcdsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gcdsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain geox-ireland.com"; dns.query; content:"geox-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])geox\-ireland\.com$/i"; classtype:trojan-activity; sid:38162131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain geox-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"geox-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])geox\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain guessinireland.com"; dns.query; content:"guessinireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])guessinireland\.com$/i"; classtype:trojan-activity; sid:38162141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain guessinireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"guessinireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])guessinireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain guessoutletireland.com"; dns.query; content:"guessoutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])guessoutletireland\.com$/i"; classtype:trojan-activity; sid:38162151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain guessoutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"guessoutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])guessoutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gym-shark-ireland.com"; dns.query; content:"gym-shark-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gym\-shark\-ireland\.com$/i"; classtype:trojan-activity; sid:38162161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gym-shark-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gym-shark-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gym\-shark\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkdublin.com"; dns.query; content:"gymsharkdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkdublin\.com$/i"; classtype:trojan-activity; sid:38162171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkirelandeurope.com"; dns.query; content:"gymsharkirelandeurope.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkirelandeurope\.com$/i"; classtype:trojan-activity; sid:38162181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkirelandeurope.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkirelandeurope.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkirelandeurope\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkstoreireland.com"; dns.query; content:"gymsharkstoreireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkstoreireland\.com$/i"; classtype:trojan-activity; sid:38162191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkstoreireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkstoreireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkstoreireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain haglofs-ireland.com"; dns.query; content:"haglofs-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])haglofs\-ireland\.com$/i"; classtype:trojan-activity; sid:38162201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain haglofs-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haglofs-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haglofs\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain haglofsirelandsale.com"; dns.query; content:"haglofsirelandsale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])haglofsirelandsale\.com$/i"; classtype:trojan-activity; sid:38162211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain haglofsirelandsale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haglofsirelandsale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haglofsirelandsale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hanwagbootsireland.com"; dns.query; content:"hanwagbootsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hanwagbootsireland\.com$/i"; classtype:trojan-activity; sid:38162221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hanwagbootsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hanwagbootsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hanwagbootsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hokaoneoneireland.com"; dns.query; content:"hokaoneoneireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hokaoneoneireland\.com$/i"; classtype:trojan-activity; sid:38162231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hokaoneoneireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hokaoneoneireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hokaoneoneireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hokasaleirelandoutlet.com"; dns.query; content:"hokasaleirelandoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hokasaleirelandoutlet\.com$/i"; classtype:trojan-activity; sid:38162241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hokasaleirelandoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hokasaleirelandoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hokasaleirelandoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hokashoesdublin.com"; dns.query; content:"hokashoesdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hokashoesdublin\.com$/i"; classtype:trojan-activity; sid:38162251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hokashoesdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hokashoesdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hokashoesdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hugobossireland.com"; dns.query; content:"hugobossireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hugobossireland\.com$/i"; classtype:trojan-activity; sid:38162261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hugobossireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hugobossireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hugobossireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hunterireland.com"; dns.query; content:"hunterireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hunterireland\.com$/i"; classtype:trojan-activity; sid:38162271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hunterireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hunterireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hunterireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hunterwelliesdublin.com"; dns.query; content:"hunterwelliesdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hunterwelliesdublin\.com$/i"; classtype:trojan-activity; sid:38162281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hunterwelliesdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hunterwelliesdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hunterwelliesdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hurleyireland.com"; dns.query; content:"hurleyireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hurleyireland\.com$/i"; classtype:trojan-activity; sid:38162291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hurleyireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hurleyireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hurleyireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hushpuppiesdublin.com"; dns.query; content:"hushpuppiesdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hushpuppiesdublin\.com$/i"; classtype:trojan-activity; sid:38162301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hushpuppiesdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hushpuppiesdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hushpuppiesdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ilsejacobsendublin.com"; dns.query; content:"ilsejacobsendublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ilsejacobsendublin\.com$/i"; classtype:trojan-activity; sid:38162311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ilsejacobsendublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ilsejacobsendublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ilsejacobsendublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ilsejacobsenireland.com"; dns.query; content:"ilsejacobsenireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ilsejacobsenireland\.com$/i"; classtype:trojan-activity; sid:38162321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ilsejacobsenireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ilsejacobsenireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ilsejacobsenireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain inov-8ireland.com"; dns.query; content:"inov-8ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])inov\-8ireland\.com$/i"; classtype:trojan-activity; sid:38162331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain inov-8ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"inov-8ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])inov\-8ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ireland-asics.com"; dns.query; content:"ireland-asics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ireland\-asics\.com$/i"; classtype:trojan-activity; sid:38162341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ireland-asics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ireland-asics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ireland\-asics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ireland-veja.com"; dns.query; content:"ireland-veja.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ireland\-veja\.com$/i"; classtype:trojan-activity; sid:38162351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ireland-veja.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ireland-veja.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ireland\-veja\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jackwolfskinireland.com"; dns.query; content:"jackwolfskinireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jackwolfskinireland\.com$/i"; classtype:trojan-activity; sid:38162361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jackwolfskinireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jackwolfskinireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jackwolfskinireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jeffreycampbell-ireland.com"; dns.query; content:"jeffreycampbell-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jeffreycampbell\-ireland\.com$/i"; classtype:trojan-activity; sid:38162371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jeffreycampbell-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jeffreycampbell-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jeffreycampbell\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jomaireland.com"; dns.query; content:"jomaireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jomaireland\.com$/i"; classtype:trojan-activity; sid:38162381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jomaireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jomaireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jomaireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jordan-dublin.com"; dns.query; content:"jordan-dublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jordan\-dublin\.com$/i"; classtype:trojan-activity; sid:38162391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jordan-dublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jordan-dublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jordan\-dublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain josefseibeldublin.com"; dns.query; content:"josefseibeldublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])josefseibeldublin\.com$/i"; classtype:trojan-activity; sid:38162401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain josefseibeldublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"josefseibeldublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])josefseibeldublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeldireland.com"; dns.query; content:"karllagerfeldireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldireland\.com$/i"; classtype:trojan-activity; sid:38162411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeldireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeldireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain keenoutletireland.com"; dns.query; content:"keenoutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])keenoutletireland\.com$/i"; classtype:trojan-activity; sid:38162421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain keenoutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"keenoutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])keenoutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain keensandalsonlineireland.com"; dns.query; content:"keensandalsonlineireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])keensandalsonlineireland\.com$/i"; classtype:trojan-activity; sid:38162431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain keensandalsonlineireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"keensandalsonlineireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])keensandalsonlineireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain keenshoeireland.com"; dns.query; content:"keenshoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])keenshoeireland\.com$/i"; classtype:trojan-activity; sid:38162441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain keenshoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"keenshoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])keenshoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kennethcoleireland.com"; dns.query; content:"kennethcoleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kennethcoleireland\.com$/i"; classtype:trojan-activity; sid:38162451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kennethcoleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kennethcoleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kennethcoleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kiplingdublin.com"; dns.query; content:"kiplingdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kiplingdublin\.com$/i"; classtype:trojan-activity; sid:38162461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kiplingdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kiplingdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kiplingdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kiplingireland.com"; dns.query; content:"kiplingireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kiplingireland\.com$/i"; classtype:trojan-activity; sid:38162471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kiplingireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kiplingireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kiplingireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kiplingoutletireland.com"; dns.query; content:"kiplingoutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kiplingoutletireland\.com$/i"; classtype:trojan-activity; sid:38162481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kiplingoutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kiplingoutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kiplingoutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain koifootwearireland.com"; dns.query; content:"koifootwearireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])koifootwearireland\.com$/i"; classtype:trojan-activity; sid:38162491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain koifootwearireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"koifootwearireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])koifootwearireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lanvinireland.com"; dns.query; content:"lanvinireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lanvinireland\.com$/i"; classtype:trojan-activity; sid:38162501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lanvinireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lanvinireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lanvinireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportiva-ireland.com"; dns.query; content:"lasportiva-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-ireland\.com$/i"; classtype:trojan-activity; sid:38162511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportiva-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportiva-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportivaireland.com"; dns.query; content:"lasportivaireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivaireland\.com$/i"; classtype:trojan-activity; sid:38162521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportivaireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportivaireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivaireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain legeroshoeireland.com"; dns.query; content:"legeroshoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])legeroshoeireland\.com$/i"; classtype:trojan-activity; sid:38162531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain legeroshoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"legeroshoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])legeroshoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain liujo-ireland.com"; dns.query; content:"liujo-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])liujo\-ireland\.com$/i"; classtype:trojan-activity; sid:38162541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain liujo-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liujo-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liujo\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain liujoireland.com"; dns.query; content:"liujoireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])liujoireland\.com$/i"; classtype:trojan-activity; sid:38162551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain liujoireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liujoireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liujoireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain loefflerrandallireland.com"; dns.query; content:"loefflerrandallireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])loefflerrandallireland\.com$/i"; classtype:trojan-activity; sid:38162561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain loefflerrandallireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"loefflerrandallireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])loefflerrandallireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain longchampsaleireland.com"; dns.query; content:"longchampsaleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])longchampsaleireland\.com$/i"; classtype:trojan-activity; sid:38162571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain longchampsaleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"longchampsaleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])longchampsaleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajaneireland.com"; dns.query; content:"lornajaneireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajaneireland\.com$/i"; classtype:trojan-activity; sid:38162581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajaneireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajaneireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajaneireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain marcjacobsireland.com"; dns.query; content:"marcjacobsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsireland\.com$/i"; classtype:trojan-activity; sid:38162591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain marcjacobsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"marcjacobsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])marcjacobsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain merrellieireland.com"; dns.query; content:"merrellieireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellieireland\.com$/i"; classtype:trojan-activity; sid:38162601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain merrellieireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merrellieireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellieireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain merrellonlineireland.com"; dns.query; content:"merrellonlineireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellonlineireland\.com$/i"; classtype:trojan-activity; sid:38162611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain merrellonlineireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merrellonlineireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellonlineireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mexxireland.com"; dns.query; content:"mexxireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mexxireland\.com$/i"; classtype:trojan-activity; sid:38162621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mexxireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mexxireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mexxireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain michaelkors-dublin.com"; dns.query; content:"michaelkors-dublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])michaelkors\-dublin\.com$/i"; classtype:trojan-activity; sid:38162631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain michaelkors-dublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"michaelkors-dublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])michaelkors\-dublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain michaelkorsireland.com"; dns.query; content:"michaelkorsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])michaelkorsireland\.com$/i"; classtype:trojan-activity; sid:38162641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain michaelkorsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"michaelkorsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])michaelkorsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoireland.com"; dns.query; content:"mizunoireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoireland\.com$/i"; classtype:trojan-activity; sid:38162651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain monkiireland.com"; dns.query; content:"monkiireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])monkiireland\.com$/i"; classtype:trojan-activity; sid:38162661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain monkiireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"monkiireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])monkiireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain moonboot-ireland.com"; dns.query; content:"moonboot-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])moonboot\-ireland\.com$/i"; classtype:trojan-activity; sid:38162671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain moonboot-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moonboot-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moonboot\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain moschinoireland.com"; dns.query; content:"moschinoireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])moschinoireland\.com$/i"; classtype:trojan-activity; sid:38162681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain moschinoireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moschinoireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moschinoireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain napapijriireland.com"; dns.query; content:"napapijriireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])napapijriireland\.com$/i"; classtype:trojan-activity; sid:38162691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain napapijriireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"napapijriireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])napapijriireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nauticaireland.com"; dns.query; content:"nauticaireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nauticaireland\.com$/i"; classtype:trojan-activity; sid:38162701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nauticaireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nauticaireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nauticaireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nike-ireland.com"; dns.query; content:"nike-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-ireland\.com$/i"; classtype:trojan-activity; sid:38162711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nike-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nike-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nikefactorystoredublin.com"; dns.query; content:"nikefactorystoredublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikefactorystoredublin\.com$/i"; classtype:trojan-activity; sid:38162721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nikefactorystoredublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikefactorystoredublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikefactorystoredublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nikeirelandonline.com"; dns.query; content:"nikeirelandonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeirelandonline\.com$/i"; classtype:trojan-activity; sid:38162731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nikeirelandonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikeirelandonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeirelandonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nikeirelandoutlet.com"; dns.query; content:"nikeirelandoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeirelandoutlet\.com$/i"; classtype:trojan-activity; sid:38162741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nikeirelandoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikeirelandoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeirelandoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nikeirelandshoes.com"; dns.query; content:"nikeirelandshoes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeirelandshoes\.com$/i"; classtype:trojan-activity; sid:38162751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nikeirelandshoes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikeirelandshoes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeirelandshoes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nikeoutletsireland.com"; dns.query; content:"nikeoutletsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeoutletsireland\.com$/i"; classtype:trojan-activity; sid:38162761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nikeoutletsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikeoutletsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeoutletsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nikewebsiteireland.com"; dns.query; content:"nikewebsiteireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikewebsiteireland\.com$/i"; classtype:trojan-activity; sid:38162771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nikewebsiteireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikewebsiteireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikewebsiteireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nobulldublin.com"; dns.query; content:"nobulldublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nobulldublin\.com$/i"; classtype:trojan-activity; sid:38162781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nobulldublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nobulldublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nobulldublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nobullieonline.com"; dns.query; content:"nobullieonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nobullieonline\.com$/i"; classtype:trojan-activity; sid:38162791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nobullieonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nobullieonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nobullieonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nobullireland.com"; dns.query; content:"nobullireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nobullireland\.com$/i"; classtype:trojan-activity; sid:38162801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nobullireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nobullireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nobullireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain northfaceshopdublin.com"; dns.query; content:"northfaceshopdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])northfaceshopdublin\.com$/i"; classtype:trojan-activity; sid:38162811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain northfaceshopdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"northfaceshopdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])northfaceshopdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain oakleystockistsireland.com"; dns.query; content:"oakleystockistsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])oakleystockistsireland\.com$/i"; classtype:trojan-activity; sid:38162821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain oakleystockistsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oakleystockistsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oakleystockistsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaiflipflopsireland.com"; dns.query; content:"olukaiflipflopsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaiflipflopsireland\.com$/i"; classtype:trojan-activity; sid:38162831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaiflipflopsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaiflipflopsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaiflipflopsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaiirelandoutlet.com"; dns.query; content:"olukaiirelandoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaiirelandoutlet\.com$/i"; classtype:trojan-activity; sid:38162841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaiirelandoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaiirelandoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaiirelandoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain oneilldublin.com"; dns.query; content:"oneilldublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])oneilldublin\.com$/i"; classtype:trojan-activity; sid:38162851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain oneilldublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oneilldublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oneilldublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain oneillireland.com"; dns.query; content:"oneillireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])oneillireland\.com$/i"; classtype:trojan-activity; sid:38162861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain oneillireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oneillireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oneillireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain oofossaleireland.com"; dns.query; content:"oofossaleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])oofossaleireland\.com$/i"; classtype:trojan-activity; sid:38162871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain oofossaleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oofossaleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oofossaleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain outletnikeireland.com"; dns.query; content:"outletnikeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])outletnikeireland\.com$/i"; classtype:trojan-activity; sid:38162881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain outletnikeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"outletnikeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])outletnikeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain palladiumirelandonline.com"; dns.query; content:"palladiumirelandonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])palladiumirelandonline\.com$/i"; classtype:trojan-activity; sid:38162891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain palladiumirelandonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"palladiumirelandonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])palladiumirelandonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain palladiumirelandoutlet.com"; dns.query; content:"palladiumirelandoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])palladiumirelandoutlet\.com$/i"; classtype:trojan-activity; sid:38162901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain palladiumirelandoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"palladiumirelandoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])palladiumirelandoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain persolireland.com"; dns.query; content:"persolireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])persolireland\.com$/i"; classtype:trojan-activity; sid:38162911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain persolireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"persolireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])persolireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pinkoireland.com"; dns.query; content:"pinkoireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pinkoireland\.com$/i"; classtype:trojan-activity; sid:38162921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pinkoireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pinkoireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pinkoireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain poleneireland.com"; dns.query; content:"poleneireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])poleneireland\.com$/i"; classtype:trojan-activity; sid:38162931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain poleneireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"poleneireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])poleneireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pradaireland.com"; dns.query; content:"pradaireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pradaireland\.com$/i"; classtype:trojan-activity; sid:38162941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pradaireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pradaireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pradaireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain puma-ireland.com"; dns.query; content:"puma-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])puma\-ireland\.com$/i"; classtype:trojan-activity; sid:38162951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain puma-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"puma-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])puma\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumaireland.com"; dns.query; content:"pumaireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumaireland\.com$/i"; classtype:trojan-activity; sid:38162961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumaireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumaireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumaireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumairelandoutlet.com"; dns.query; content:"pumairelandoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumairelandoutlet\.com$/i"; classtype:trojan-activity; sid:38162971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumairelandoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumairelandoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumairelandoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumasaleireland.com"; dns.query; content:"pumasaleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumasaleireland\.com$/i"; classtype:trojan-activity; sid:38162981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumasaleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumasaleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumasaleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain quiksilverireland.com"; dns.query; content:"quiksilverireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])quiksilverireland\.com$/i"; classtype:trojan-activity; sid:38162991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain quiksilverireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"quiksilverireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])quiksilverireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38162992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rebeccaminkoffireland.com"; dns.query; content:"rebeccaminkoffireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rebeccaminkoffireland\.com$/i"; classtype:trojan-activity; sid:38163001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rebeccaminkoffireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rebeccaminkoffireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rebeccaminkoffireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain redwing-ireland.com"; dns.query; content:"redwing-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])redwing\-ireland\.com$/i"; classtype:trojan-activity; sid:38163011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain redwing-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"redwing-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])redwing\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain reebokireland.com"; dns.query; content:"reebokireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])reebokireland\.com$/i"; classtype:trojan-activity; sid:38163021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain reebokireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reebokireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reebokireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain reebokirelandoutlet.com"; dns.query; content:"reebokirelandoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])reebokirelandoutlet\.com$/i"; classtype:trojan-activity; sid:38163031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain reebokirelandoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reebokirelandoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reebokirelandoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain reefflipflopsireland.com"; dns.query; content:"reefflipflopsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])reefflipflopsireland\.com$/i"; classtype:trojan-activity; sid:38163041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain reefflipflopsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reefflipflopsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reefflipflopsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain riekerireland.com"; dns.query; content:"riekerireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])riekerireland\.com$/i"; classtype:trojan-activity; sid:38163051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain riekerireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"riekerireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])riekerireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rockportshoesdublin.com"; dns.query; content:"rockportshoesdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rockportshoesdublin\.com$/i"; classtype:trojan-activity; sid:38163061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rockportshoesdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rockportshoesdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rockportshoesdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain russellbromleydublin.com"; dns.query; content:"russellbromleydublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])russellbromleydublin\.com$/i"; classtype:trojan-activity; sid:38163071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain russellbromleydublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"russellbromleydublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])russellbromleydublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rvca-ireland.com"; dns.query; content:"rvca-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rvca\-ireland\.com$/i"; classtype:trojan-activity; sid:38163081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rvca-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rvca-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rvca\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain salomon-dublin.com"; dns.query; content:"salomon-dublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salomon\-dublin\.com$/i"; classtype:trojan-activity; sid:38163091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain salomon-dublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salomon-dublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salomon\-dublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain salomon-ireland.com"; dns.query; content:"salomon-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salomon\-ireland\.com$/i"; classtype:trojan-activity; sid:38163101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain salomon-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salomon-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salomon\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain salomondublin.com"; dns.query; content:"salomondublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salomondublin\.com$/i"; classtype:trojan-activity; sid:38163111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain salomondublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salomondublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salomondublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain salomonirelandonline.com"; dns.query; content:"salomonirelandonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salomonirelandonline\.com$/i"; classtype:trojan-activity; sid:38163121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain salomonirelandonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salomonirelandonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salomonirelandonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain salomonoutletsireland.com"; dns.query; content:"salomonoutletsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])salomonoutletsireland\.com$/i"; classtype:trojan-activity; sid:38163131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain salomonoutletsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"salomonoutletsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])salomonoutletsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanitaireland.com"; dns.query; content:"sanitaireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaireland\.com$/i"; classtype:trojan-activity; sid:38163141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanitaireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanitaireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanukshoeireland.com"; dns.query; content:"sanukshoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanukshoeireland\.com$/i"; classtype:trojan-activity; sid:38163151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanukshoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanukshoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanukshoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sauconyoutletireland.com"; dns.query; content:"sauconyoutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sauconyoutletireland\.com$/i"; classtype:trojan-activity; sid:38163161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sauconyoutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sauconyoutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sauconyoutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain shoezoneireland.com"; dns.query; content:"shoezoneireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])shoezoneireland\.com$/i"; classtype:trojan-activity; sid:38163171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain shoezoneireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"shoezoneireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])shoezoneireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechers-ireland.com"; dns.query; content:"skechers-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechers\-ireland\.com$/i"; classtype:trojan-activity; sid:38163181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechers-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechers-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechers\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersirelandsale.com"; dns.query; content:"skechersirelandsale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersirelandsale\.com$/i"; classtype:trojan-activity; sid:38163191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersirelandsale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersirelandsale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersirelandsale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain skechersonlineireland.com"; dns.query; content:"skechersonlineireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersonlineireland\.com$/i"; classtype:trojan-activity; sid:38163201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain skechersonlineireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"skechersonlineireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])skechersonlineireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sorelsaleireland.com"; dns.query; content:"sorelsaleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sorelsaleireland\.com$/i"; classtype:trojan-activity; sid:38163211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sorelsaleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sorelsaleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sorelsaleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sorelstoreireland.com"; dns.query; content:"sorelstoreireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sorelstoreireland\.com$/i"; classtype:trojan-activity; sid:38163221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sorelstoreireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sorelstoreireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sorelstoreireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sperry-ireland.com"; dns.query; content:"sperry-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sperry\-ireland\.com$/i"; classtype:trojan-activity; sid:38163231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sperry-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sperry-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sperry\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sperryieonline.com"; dns.query; content:"sperryieonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sperryieonline\.com$/i"; classtype:trojan-activity; sid:38163241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sperryieonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sperryieonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sperryieonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain superdryoutletireland.com"; dns.query; content:"superdryoutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])superdryoutletireland\.com$/i"; classtype:trojan-activity; sid:38163251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain superdryoutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"superdryoutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])superdryoutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sweatybetty-ireland.com"; dns.query; content:"sweatybetty-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sweatybetty\-ireland\.com$/i"; classtype:trojan-activity; sid:38163261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sweatybetty-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sweatybetty-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sweatybetty\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tamarisshoesireland.com"; dns.query; content:"tamarisshoesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tamarisshoesireland\.com$/i"; classtype:trojan-activity; sid:38163271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tamarisshoesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tamarisshoesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tamarisshoesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeroutletireland.com"; dns.query; content:"tedbakeroutletireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletireland\.com$/i"; classtype:trojan-activity; sid:38163281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeroutletireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeroutletireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain thegirlfriendcollectiveireland.com"; dns.query; content:"thegirlfriendcollectiveireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thegirlfriendcollectiveireland\.com$/i"; classtype:trojan-activity; sid:38163291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain thegirlfriendcollectiveireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thegirlfriendcollectiveireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thegirlfriendcollectiveireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain thursdayireland.com"; dns.query; content:"thursdayireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thursdayireland\.com$/i"; classtype:trojan-activity; sid:38163301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain thursdayireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thursdayireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thursdayireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain timberlandirelandie.com"; dns.query; content:"timberlandirelandie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timberlandirelandie\.com$/i"; classtype:trojan-activity; sid:38163311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain timberlandirelandie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timberlandirelandie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timberlandirelandie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain timberlandsaleireland.com"; dns.query; content:"timberlandsaleireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timberlandsaleireland\.com$/i"; classtype:trojan-activity; sid:38163321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain timberlandsaleireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timberlandsaleireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timberlandsaleireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tommybahamaireland.com"; dns.query; content:"tommybahamaireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tommybahamaireland\.com$/i"; classtype:trojan-activity; sid:38163331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tommybahamaireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tommybahamaireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tommybahamaireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tommyhilfigerieonline.com"; dns.query; content:"tommyhilfigerieonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tommyhilfigerieonline\.com$/i"; classtype:trojan-activity; sid:38163341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tommyhilfigerieonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tommyhilfigerieonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tommyhilfigerieonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tommyhilfigerireland.com"; dns.query; content:"tommyhilfigerireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tommyhilfigerireland\.com$/i"; classtype:trojan-activity; sid:38163351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tommyhilfigerireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tommyhilfigerireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tommyhilfigerireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tretornshoeireland.com"; dns.query; content:"tretornshoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tretornshoeireland\.com$/i"; classtype:trojan-activity; sid:38163361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tretornshoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tretornshoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tretornshoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain uairelanddublin.com"; dns.query; content:"uairelanddublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])uairelanddublin\.com$/i"; classtype:trojan-activity; sid:38163371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain uairelanddublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uairelanddublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uairelanddublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain uggdublinireland.com"; dns.query; content:"uggdublinireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])uggdublinireland\.com$/i"; classtype:trojan-activity; sid:38163381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain uggdublinireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"uggdublinireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])uggdublinireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vansirelandonline.com"; dns.query; content:"vansirelandonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vansirelandonline\.com$/i"; classtype:trojan-activity; sid:38163391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vansirelandonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vansirelandonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vansirelandonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain veja-ireland.com"; dns.query; content:"veja-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-ireland\.com$/i"; classtype:trojan-activity; sid:38163401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain veja-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"veja-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vibramiireland.com"; dns.query; content:"vibramiireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vibramiireland\.com$/i"; classtype:trojan-activity; sid:38163411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vibramiireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vibramiireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vibramiireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vivobarefoot-dublin.com"; dns.query; content:"vivobarefoot-dublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefoot\-dublin\.com$/i"; classtype:trojan-activity; sid:38163421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vivobarefoot-dublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vivobarefoot-dublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefoot\-dublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain volcomireland.com"; dns.query; content:"volcomireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])volcomireland\.com$/i"; classtype:trojan-activity; sid:38163431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain volcomireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"volcomireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])volcomireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain wolkyshoeireland.com"; dns.query; content:"wolkyshoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wolkyshoeireland\.com$/i"; classtype:trojan-activity; sid:38163441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain wolkyshoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wolkyshoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wolkyshoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain wolverinebootsdublin.com"; dns.query; content:"wolverinebootsdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wolverinebootsdublin\.com$/i"; classtype:trojan-activity; sid:38163451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain wolverinebootsdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wolverinebootsdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wolverinebootsdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain wolverineireland.com"; dns.query; content:"wolverineireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wolverineireland\.com$/i"; classtype:trojan-activity; sid:38163461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain wolverineireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wolverineireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wolverineireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain wolverineirelandshop.com"; dns.query; content:"wolverineirelandshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wolverineirelandshop\.com$/i"; classtype:trojan-activity; sid:38163471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain wolverineirelandshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wolverineirelandshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wolverineirelandshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain wondersshoesdublin.com"; dns.query; content:"wondersshoesdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wondersshoesdublin\.com$/i"; classtype:trojan-activity; sid:38163481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain wondersshoesdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wondersshoesdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wondersshoesdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain billabongusasale.com"; dns.query; content:"billabongusasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])billabongusasale\.com$/i"; classtype:trojan-activity; sid:38163491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain billabongusasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"billabongusasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])billabongusasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casiogreece.com"; dns.query; content:"casiogreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casiogreece\.com$/i"; classtype:trojan-activity; sid:38163501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casiogreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casiogreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casiogreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casiohrvatska.com"; dns.query; content:"casiohrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casiohrvatska\.com$/i"; classtype:trojan-activity; sid:38163511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casiohrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casiohrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casiohrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casionederland.com"; dns.query; content:"casionederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casionederland\.com$/i"; classtype:trojan-activity; sid:38163521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casionederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casionederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casionederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casio-outletstore.com"; dns.query; content:"casio-outletstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casio\-outletstore\.com$/i"; classtype:trojan-activity; sid:38163531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casio-outletstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casio-outletstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casio\-outletstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casiooutletuk.com"; dns.query; content:"casiooutletuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casiooutletuk\.com$/i"; classtype:trojan-activity; sid:38163541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casiooutletuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casiooutletuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casiooutletuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casio-peru.com"; dns.query; content:"casio-peru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casio\-peru\.com$/i"; classtype:trojan-activity; sid:38163551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casio-peru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casio-peru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casio\-peru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casiowatches-uk.com"; dns.query; content:"casiowatches-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casiowatches\-uk\.com$/i"; classtype:trojan-activity; sid:38163561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casiowatches-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casiowatches-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casiowatches\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain digitalsavingses-geox.com"; dns.query; content:"digitalsavingses-geox.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])digitalsavingses\-geox\.com$/i"; classtype:trojan-activity; sid:38163571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain digitalsavingses-geox.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"digitalsavingses-geox.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])digitalsavingses\-geox\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain filasko-norge.com"; dns.query; content:"filasko-norge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])filasko\-norge\.com$/i"; classtype:trojan-activity; sid:38163581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain filasko-norge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"filasko-norge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])filasko\-norge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fitflop-newzealand.com"; dns.query; content:"fitflop-newzealand.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflop\-newzealand\.com$/i"; classtype:trojan-activity; sid:38163591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fitflop-newzealand.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fitflop-newzealand.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflop\-newzealand\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fitflopsch-schweiz.com"; dns.query; content:"fitflopsch-schweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopsch\-schweiz\.com$/i"; classtype:trojan-activity; sid:38163601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fitflopsch-schweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fitflopsch-schweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopsch\-schweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fitflopschweiz-onlineshop.com"; dns.query; content:"fitflopschweiz-onlineshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopschweiz\-onlineshop\.com$/i"; classtype:trojan-activity; sid:38163611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fitflopschweiz-onlineshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fitflopschweiz-onlineshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopschweiz\-onlineshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fitflopshoesindia.com"; dns.query; content:"fitflopshoesindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopshoesindia\.com$/i"; classtype:trojan-activity; sid:38163621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fitflopshoesindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fitflopshoesindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopshoesindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fitflopterlikturkey.com"; dns.query; content:"fitflopterlikturkey.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopterlikturkey\.com$/i"; classtype:trojan-activity; sid:38163631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fitflopterlikturkey.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fitflopterlikturkey.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopterlikturkey\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fredperryukshop.com"; dns.query; content:"fredperryukshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperryukshop\.com$/i"; classtype:trojan-activity; sid:38163641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fredperryukshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fredperryukshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperryukshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain guessihungary.com"; dns.query; content:"guessihungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])guessihungary\.com$/i"; classtype:trojan-activity; sid:38163651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain guessihungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"guessihungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])guessihungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hokamalaysiasale.com"; dns.query; content:"hokamalaysiasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hokamalaysiasale\.com$/i"; classtype:trojan-activity; sid:38163661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hokamalaysiasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hokamalaysiasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hokamalaysiasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kipling-chile.com"; dns.query; content:"kipling-chile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kipling\-chile\.com$/i"; classtype:trojan-activity; sid:38163671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kipling-chile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kipling-chile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kipling\-chile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajanefrancefr.com"; dns.query; content:"lornajanefrancefr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanefrancefr\.com$/i"; classtype:trojan-activity; sid:38163681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajanefrancefr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajanefrancefr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanefrancefr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajane-israel.com"; dns.query; content:"lornajane-israel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-israel\.com$/i"; classtype:trojan-activity; sid:38163691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajane-israel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajane-israel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-israel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajane-japan.com"; dns.query; content:"lornajane-japan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-japan\.com$/i"; classtype:trojan-activity; sid:38163701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajane-japan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajane-japan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-japan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajane-malaysia.com"; dns.query; content:"lornajane-malaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-malaysia\.com$/i"; classtype:trojan-activity; sid:38163711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajane-malaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajane-malaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-malaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajane-mexico.com"; dns.query; content:"lornajane-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-mexico\.com$/i"; classtype:trojan-activity; sid:38163721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajane-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajane-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajanenzonline.com"; dns.query; content:"lornajanenzonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanenzonline\.com$/i"; classtype:trojan-activity; sid:38163731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajanenzonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajanenzonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanenzonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajanenzsale.com"; dns.query; content:"lornajanenzsale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanenzsale\.com$/i"; classtype:trojan-activity; sid:38163741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajanenzsale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajanenzsale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanenzsale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajane-osterreich.com"; dns.query; content:"lornajane-osterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-osterreich\.com$/i"; classtype:trojan-activity; sid:38163751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajane-osterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajane-osterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-osterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajanephilippines.com"; dns.query; content:"lornajanephilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanephilippines\.com$/i"; classtype:trojan-activity; sid:38163761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajanephilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajanephilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanephilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajane-us.com"; dns.query; content:"lornajane-us.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-us\.com$/i"; classtype:trojan-activity; sid:38163771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajane-us.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajane-us.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-us\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain merrellecuadoroutlet.com"; dns.query; content:"merrellecuadoroutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellecuadoroutlet\.com$/i"; classtype:trojan-activity; sid:38163781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain merrellecuadoroutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merrellecuadoroutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellecuadoroutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain merrellfioutlet.com"; dns.query; content:"merrellfioutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellfioutlet\.com$/i"; classtype:trojan-activity; sid:38163791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain merrellfioutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merrellfioutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellfioutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoayakkabiturkiye.com"; dns.query; content:"mizunoayakkabiturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoayakkabiturkiye\.com$/i"; classtype:trojan-activity; sid:38163801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoayakkabiturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoayakkabiturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoayakkabiturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunochilezapatillas.com"; dns.query; content:"mizunochilezapatillas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunochilezapatillas\.com$/i"; classtype:trojan-activity; sid:38163811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunochilezapatillas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunochilezapatillas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunochilezapatillas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunocolombiaco.com"; dns.query; content:"mizunocolombiaco.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunocolombiaco\.com$/i"; classtype:trojan-activity; sid:38163821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunocolombiaco.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunocolombiaco.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunocolombiaco\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoembrasil.com"; dns.query; content:"mizunoembrasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoembrasil\.com$/i"; classtype:trojan-activity; sid:38163831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoembrasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoembrasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoembrasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoencolombia.com"; dns.query; content:"mizunoencolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoencolombia\.com$/i"; classtype:trojan-activity; sid:38163841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoencolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoencolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoencolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoenuae.com"; dns.query; content:"mizunoenuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoenuae\.com$/i"; classtype:trojan-activity; sid:38163851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoenuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoenuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoenuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunopoland.com"; dns.query; content:"mizunopoland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunopoland\.com$/i"; classtype:trojan-activity; sid:38163861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunopoland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunopoland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunopoland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoe-greece.com"; dns.query; content:"mizunoshoe-greece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoe\-greece\.com$/i"; classtype:trojan-activity; sid:38163871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoe-greece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoe-greece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoe\-greece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoesindias.com"; dns.query; content:"mizunoshoesindias.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoesindias\.com$/i"; classtype:trojan-activity; sid:38163881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoesindias.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoesindias.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoesindias\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshrvatskas.com"; dns.query; content:"mizunoshrvatskas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshrvatskas\.com$/i"; classtype:trojan-activity; sid:38163891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshrvatskas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshrvatskas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshrvatskas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosjapan.com"; dns.query; content:"mizunosjapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosjapan\.com$/i"; classtype:trojan-activity; sid:38163901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosjapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosjapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosjapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosslovenijas.com"; dns.query; content:"mizunosslovenijas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosslovenijas\.com$/i"; classtype:trojan-activity; sid:38163911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosslovenijas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosslovenijas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosslovenijas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosuomioutlet.com"; dns.query; content:"mizunosuomioutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosuomioutlet\.com$/i"; classtype:trojan-activity; sid:38163921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosuomioutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosuomioutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosuomioutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nike-elsalvador.com"; dns.query; content:"nike-elsalvador.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-elsalvador\.com$/i"; classtype:trojan-activity; sid:38163931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nike-elsalvador.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nike-elsalvador.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-elsalvador\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nike-factoryoutletuk.com"; dns.query; content:"nike-factoryoutletuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-factoryoutletuk\.com$/i"; classtype:trojan-activity; sid:38163941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nike-factoryoutletuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nike-factoryoutletuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-factoryoutletuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nike-paraguay.com"; dns.query; content:"nike-paraguay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-paraguay\.com$/i"; classtype:trojan-activity; sid:38163951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nike-paraguay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nike-paraguay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-paraguay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nikestoregr.com"; dns.query; content:"nikestoregr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikestoregr\.com$/i"; classtype:trojan-activity; sid:38163961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nikestoregr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikestoregr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikestoregr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain niketunisie.com"; dns.query; content:"niketunisie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])niketunisie\.com$/i"; classtype:trojan-activity; sid:38163971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain niketunisie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"niketunisie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])niketunisie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nikeukwebsite.com"; dns.query; content:"nikeukwebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeukwebsite\.com$/i"; classtype:trojan-activity; sid:38163981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nikeukwebsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikeukwebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeukwebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nike--uruguay.com"; dns.query; content:"nike--uruguay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-\-uruguay\.com$/i"; classtype:trojan-activity; sid:38163991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nike--uruguay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nike--uruguay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-\-uruguay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38163992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain outletmizunomexico.com"; dns.query; content:"outletmizunomexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])outletmizunomexico\.com$/i"; classtype:trojan-activity; sid:38164001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain outletmizunomexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"outletmizunomexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])outletmizunomexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain reebokfactoryoutlet-uk.com"; dns.query; content:"reebokfactoryoutlet-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])reebokfactoryoutlet\-uk\.com$/i"; classtype:trojan-activity; sid:38164011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain reebokfactoryoutlet-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reebokfactoryoutlet-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reebokfactoryoutlet\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-nederland.com"; dns.query; content:"rimowa-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-nederland\.com$/i"; classtype:trojan-activity; sid:38164021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-vietnam.com"; dns.query; content:"rimowa-vietnam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-vietnam\.com$/i"; classtype:trojan-activity; sid:38164031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-vietnam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-vietnam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-vietnam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanitaaustralia.com"; dns.query; content:"sanitaaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaaustralia\.com$/i"; classtype:trojan-activity; sid:38164041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanitaaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanitaaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain saucony-factoryoutletaustralia.com"; dns.query; content:"saucony-factoryoutletaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])saucony\-factoryoutletaustralia\.com$/i"; classtype:trojan-activity; sid:38164051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain saucony-factoryoutletaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saucony-factoryoutletaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saucony\-factoryoutletaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sauconymexico-mx.com"; dns.query; content:"sauconymexico-mx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sauconymexico\-mx\.com$/i"; classtype:trojan-activity; sid:38164061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sauconymexico-mx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sauconymexico-mx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sauconymexico\-mx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain saucony-outlet-canada.com"; dns.query; content:"saucony-outlet-canada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])saucony\-outlet\-canada\.com$/i"; classtype:trojan-activity; sid:38164071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain saucony-outlet-canada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"saucony-outlet-canada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])saucony\-outlet\-canada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain thenorthfaceindonesiajacket.com"; dns.query; content:"thenorthfaceindonesiajacket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthfaceindonesiajacket\.com$/i"; classtype:trojan-activity; sid:38164081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain thenorthfaceindonesiajacket.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thenorthfaceindonesiajacket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthfaceindonesiajacket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendamizunoargentina.com"; dns.query; content:"tiendamizunoargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendamizunoargentina\.com$/i"; classtype:trojan-activity; sid:38164091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendamizunoargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendamizunoargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendamizunoargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendamizuno-costarica.com"; dns.query; content:"tiendamizuno-costarica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendamizuno\-costarica\.com$/i"; classtype:trojan-activity; sid:38164101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendamizuno-costarica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendamizuno-costarica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendamizuno\-costarica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendanikepanama.com"; dns.query; content:"tiendanikepanama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendanikepanama\.com$/i"; classtype:trojan-activity; sid:38164111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendanikepanama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendanikepanama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendanikepanama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendasmizunoespana.com"; dns.query; content:"tiendasmizunoespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendasmizunoespana\.com$/i"; classtype:trojan-activity; sid:38164121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendasmizunoespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendasmizunoespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendasmizunoespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain wolverineshoeoutlet.com"; dns.query; content:"wolverineshoeoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wolverineshoeoutlet\.com$/i"; classtype:trojan-activity; sid:38164131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain wolverineshoeoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wolverineshoeoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wolverineshoeoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27495 [] Domain app-express-estado.pages.dev"; dns.query; content:"app-express-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-express\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:37942821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27495;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27495 [] Outgoing HTTP Domain app-express-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-express-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-express\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37942822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27495;) alert dns any any -> any any (msg: "MISP e27496 [] Domain acceso-personal-banestado.pages.dev"; dns.query; content:"acceso-personal-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])acceso\-personal\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37942901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27496;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27496 [] Outgoing HTTP Domain acceso-personal-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"acceso-personal-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])acceso\-personal\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37942902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27496;) alert ip $HOME_NET any -> 65.108.20.226 37715 (msg: "MISP e27551 [RedLineStealer] Outgoing To IP: 65.108.20.226|37715"; classtype:trojan-activity; sid:37955201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27551 [dcrat] Outgoing URL http|3a|//113304cm.n9shteam2.top/externalpollsqldblinuxgenerator.php"; flow:to_server,established; http.header; content:"113304cm.n9shteam2.top"; fast_pattern; nocase; http.uri; content:"/externalpollsqldblinuxgenerator.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27500 [] Domain acceso-personal-banestado.pages.dev"; dns.query; content:"acceso-personal-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])acceso\-personal\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37943071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27500;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27500 [] Outgoing HTTP Domain acceso-personal-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"acceso-personal-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])acceso\-personal\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27500;) alert dns any any -> any any (msg: "MISP e27501 [] Domain acceso-personal-banestado.pages.dev"; dns.query; content:"acceso-personal-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])acceso\-personal\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37943151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27501;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27501 [] Outgoing HTTP Domain acceso-personal-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"acceso-personal-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])acceso\-personal\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37943152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27501;) alert dns any any -> any any (msg: "MISP e27657 [] Domain venipak.safefundsget.fun"; dns.query; content:"venipak.safefundsget.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safefundsget\.fun$/i"; classtype:trojan-activity; sid:38012131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27657;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27657 [] Outgoing HTTP Domain venipak.safefundsget.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"venipak.safefundsget.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safefundsget\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38012132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27657;) alert ip $HOME_NET any -> 65.21.21.176 50500 (msg: "MISP e27551 [RiseProStealer] Outgoing To IP: 65.21.21.176|50500"; classtype:trojan-activity; sid:37955221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27551 [admin888,DarkGate] Domain afdhf198jfadafdkfad.com"; dns.query; content:"afdhf198jfadafdkfad.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])afdhf198jfadafdkfad\.com$/i"; classtype:trojan-activity; sid:37955231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27551 [admin888,DarkGate] Outgoing HTTP Domain afdhf198jfadafdkfad.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"afdhf198jfadafdkfad.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])afdhf198jfadafdkfad\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37955232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 193.203.203.211 443 (msg: "MISP e27551 [admin888,DarkGate] Outgoing To IP: 193.203.203.211|443"; classtype:trojan-activity; sid:37955241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27007 [] Domain crocs-hungary-eu.com"; dns.query; content:"crocs-hungary-eu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])crocs\-hungary\-eu\.com$/i"; classtype:trojan-activity; sid:38164141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain crocs-hungary-eu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crocs-hungary-eu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crocs\-hungary\-eu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fredsperryoutletuk.com"; dns.query; content:"fredsperryoutletuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fredsperryoutletuk\.com$/i"; classtype:trojan-activity; sid:38164151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fredsperryoutletuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fredsperryoutletuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fredsperryoutletuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajanefinland.com"; dns.query; content:"lornajanefinland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanefinland\.com$/i"; classtype:trojan-activity; sid:38164161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajanefinland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajanefinland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanefinland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonoutletespana.com"; dns.query; content:"lululemonoutletespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonoutletespana\.com$/i"; classtype:trojan-activity; sid:38164171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonoutletespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonoutletespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonoutletespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunooutlethu.com"; dns.query; content:"mizunooutlethu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutlethu\.com$/i"; classtype:trojan-activity; sid:38164181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunooutlethu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunooutlethu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutlethu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain thenorthfacemalaysiajacket.com"; dns.query; content:"thenorthfacemalaysiajacket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthfacemalaysiajacket\.com$/i"; classtype:trojan-activity; sid:38164191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain thenorthfacemalaysiajacket.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thenorthfacemalaysiajacket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthfacemalaysiajacket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vansshoes-philippines.com"; dns.query; content:"vansshoes-philippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vansshoes\-philippines\.com$/i"; classtype:trojan-activity; sid:38164201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vansshoes-philippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vansshoes-philippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vansshoes\-philippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vansdanmark-dk.com"; dns.query; content:"vansdanmark-dk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vansdanmark\-dk\.com$/i"; classtype:trojan-activity; sid:38164211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vansdanmark-dk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vansdanmark-dk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vansdanmark\-dk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vansperupe.com"; dns.query; content:"vansperupe.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vansperupe\.com$/i"; classtype:trojan-activity; sid:38164221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vansperupe.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vansperupe.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vansperupe\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nikebolivia.com"; dns.query; content:"nikebolivia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikebolivia\.com$/i"; classtype:trojan-activity; sid:38164231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nikebolivia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikebolivia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikebolivia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pinkooutletusa.com"; dns.query; content:"pinkooutletusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pinkooutletusa\.com$/i"; classtype:trojan-activity; sid:38164241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pinkooutletusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pinkooutletusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pinkooutletusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vanscostaricacr.com"; dns.query; content:"vanscostaricacr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vanscostaricacr\.com$/i"; classtype:trojan-activity; sid:38164251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vanscostaricacr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vanscostaricacr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vanscostaricacr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonmexicotiendaonline.com"; dns.query; content:"lululemonmexicotiendaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonmexicotiendaonline\.com$/i"; classtype:trojan-activity; sid:38164261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonmexicotiendaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonmexicotiendaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonmexicotiendaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 65.21.21.176 8081 (msg: "MISP e27551 [Risepro,ViriBack] Outgoing To IP: 65.21.21.176|8081"; classtype:trojan-activity; sid:37955251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27529 [] Domain mi-tarjetacencosud-cl.olivason.com.tr"; dns.query; content:"mi-tarjetacencosud-cl.olivason.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.olivason\.com\.tr$/i"; classtype:trojan-activity; sid:37951851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27529;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27529 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.olivason.com.tr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.olivason.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.olivason\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37951852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27529;) alert http $HOME_NET any -> 179.60.150.34 $HTTP_PORTS (msg: "MISP e27551 [CobaltStrike,cs-watermark-1580103824,LAYER7-FRA2] Outgoing URL http|3a|//179.60.150.34/preload"; flow:to_server,established; http.header; content:"179.60.150.34"; fast_pattern; nocase; http.uri; content:"/preload"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 179.60.150.34 80 (msg: "MISP e27551 [CobaltStrike,cs-watermark-1580103824,LAYER7-FRA2] Outgoing To IP: 179.60.150.34|80"; classtype:trojan-activity; sid:37955281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 69.176.89.82 443 (msg: "MISP e27551 [BCPL-SG BGPNET Global ASN,Brute Ratel C4] Outgoing To IP: 69.176.89.82|443"; classtype:trojan-activity; sid:37955331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 143.244.186.6 7443 (msg: "MISP e27551 [DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 143.244.186.6|7443"; classtype:trojan-activity; sid:37955341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 104.238.60.87 443 (msg: "MISP e27551 [ASN-QUADRANET-GLOBAL,Bianlian Go Trojan] Outgoing To IP: 104.238.60.87|443"; classtype:trojan-activity; sid:37955351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 23.94.120.119 80 (msg: "MISP e27551 [AS-COLOCROSSING,Bianlian Go Trojan] Outgoing To IP: 23.94.120.119|80"; classtype:trojan-activity; sid:37955361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 23.227.202.28 35676 (msg: "MISP e27551 [Bianlian Go Trojan,HVC-AS] Outgoing To IP: 23.227.202.28|35676"; classtype:trojan-activity; sid:37955371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 151.236.16.48 5901 (msg: "MISP e27551 [Bianlian Go Trojan,M247] Outgoing To IP: 151.236.16.48|5901"; classtype:trojan-activity; sid:37955381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 172.247.113.97 8443 (msg: "MISP e27551 [CNSERVERS,Havoc] Outgoing To IP: 172.247.113.97|8443"; classtype:trojan-activity; sid:37955391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 37.1.214.247 443 (msg: "MISP e27551 [Havoc,HVC-AS] Outgoing To IP: 37.1.214.247|443"; classtype:trojan-activity; sid:37955401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 124.223.215.119 65413 (msg: "MISP e27551 [Havoc,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 124.223.215.119|65413"; classtype:trojan-activity; sid:37955411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 172.105.0.147 443 (msg: "MISP e27551 [AKAMAI-LINODE-AP Akamai Connected Cloud,Havoc] Outgoing To IP: 172.105.0.147|443"; classtype:trojan-activity; sid:37955421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 81.95.8.174 443 (msg: "MISP e27551 [CORE-BACKBONE CORE-BACKBONE GMBH GLOBAL NETWORK,Havoc] Outgoing To IP: 81.95.8.174|443"; classtype:trojan-activity; sid:37955431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 89.23.107.13 80 (msg: "MISP e27551 [GIR-AS,Havoc] Outgoing To IP: 89.23.107.13|80"; classtype:trojan-activity; sid:37955441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 37.56.108.122 443 (msg: "MISP e27551 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 37.56.108.122|443"; classtype:trojan-activity; sid:37955451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 85.110.178.102 443 (msg: "MISP e27551 [QakBot,TTNET] Outgoing To IP: 85.110.178.102|443"; classtype:trojan-activity; sid:37955461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 46.246.14.3 6000 (msg: "MISP e27551 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.14.3|6000"; classtype:trojan-activity; sid:37955471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 20.19.32.59 1024 (msg: "MISP e27551 [dcrat,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.19.32.59|1024"; classtype:trojan-activity; sid:37955481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 111.229.149.200 8888 (msg: "MISP e27551 [Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 111.229.149.200|8888"; classtype:trojan-activity; sid:37955491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 84.46.240.42 2083 (msg: "MISP e27551 [CONTABO,Pikabot] Outgoing To IP: 84.46.240.42|2083"; classtype:trojan-activity; sid:37955501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 161.35.186.154 8080 (msg: "MISP e27551 [CobaltStrike,cs-watermark-1335812032,DigitalOcean LLC] Outgoing URL http|3a|//161.35.186.154|3a|8080/pixel"; flow:to_server,established; http.header; content:"161.35.186.154"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 121.5.66.186 1082 (msg: "MISP e27551 [CobaltStrike,cs-watermark-0,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//121.5.66.186|3a|1082/cm"; flow:to_server,established; http.header; content:"121.5.66.186"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 39.107.70.26 8888 (msg: "MISP e27551 [CobaltStrike,cs-watermark-1234567890,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//39.107.70.26|3a|8888/dot.gif"; flow:to_server,established; http.header; content:"39.107.70.26"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27537 [] Domain acceso-personal-banestado.pages.dev"; dns.query; content:"acceso-personal-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])acceso\-personal\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37952771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27537;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27537 [] Outgoing HTTP Domain acceso-personal-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"acceso-personal-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])acceso\-personal\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37952772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27537;) alert dns any any -> any any (msg: "MISP e27538 [] Domain correogcl.buzz"; dns.query; content:"correogcl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correogcl\.buzz$/i"; classtype:trojan-activity; sid:37952861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27538;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27538 [] Outgoing HTTP Domain correogcl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correogcl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correogcl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37952862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27538;) alert dns any any -> any any (msg: "MISP e27539 [] Domain correogcl.buzz"; dns.query; content:"correogcl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correogcl\.buzz$/i"; classtype:trojan-activity; sid:37952941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27539;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27539 [] Outgoing HTTP Domain correogcl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correogcl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correogcl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37952942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27539;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27540 [] Outgoing URL http|3a|//correohcl.buzz/index"; flow:to_server,established; http.header; content:"correohcl.buzz"; fast_pattern; nocase; http.uri; content:"/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37953011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27540;) alert dns any any -> any any (msg: "MISP e27540 [] Domain correohcl.buzz"; dns.query; content:"correohcl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correohcl\.buzz$/i"; classtype:trojan-activity; sid:37953031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27540;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27540 [] Outgoing HTTP Domain correohcl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correohcl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correohcl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37953032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27540;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27541 [] Outgoing URL http|3a|//correolcl.buzz/"; flow:to_server,established; http.header; content:"correolcl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37953101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27541;) alert dns any any -> any any (msg: "MISP e27541 [] Domain correolcl.buzz"; dns.query; content:"correolcl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correolcl\.buzz$/i"; classtype:trojan-activity; sid:37953121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27541;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27541 [] Outgoing HTTP Domain correolcl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correolcl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correolcl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37953122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27541;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27542 [] Outgoing URL http|3a|//correoecl.buzz/"; flow:to_server,established; http.header; content:"correoecl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37953191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27542;) alert dns any any -> any any (msg: "MISP e27542 [] Domain correoecl.buzz"; dns.query; content:"correoecl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correoecl\.buzz$/i"; classtype:trojan-activity; sid:37953211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27542;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27542 [] Outgoing HTTP Domain correoecl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correoecl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correoecl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37953212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27542;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27543 [] Outgoing URL http|3a|//correodcl.buzz/"; flow:to_server,established; http.header; content:"correodcl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37953281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27543;) alert dns any any -> any any (msg: "MISP e27543 [] Domain correodcl.buzz"; dns.query; content:"correodcl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correodcl\.buzz$/i"; classtype:trojan-activity; sid:37953301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27543;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27543 [] Outgoing HTTP Domain correodcl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correodcl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correodcl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37953302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27543;) alert ip $HOME_NET any -> 181.131.218.39 4041 (msg: "MISP e27551 [asyncrat,RAT] Outgoing To IP: 181.131.218.39|4041"; classtype:trojan-activity; sid:37955631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27544 [] Outgoing URL http|3a|//correofcl.buzz/"; flow:to_server,established; http.header; content:"correofcl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37953371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27544;) alert dns any any -> any any (msg: "MISP e27544 [] Domain correofcl.buzz"; dns.query; content:"correofcl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correofcl\.buzz$/i"; classtype:trojan-activity; sid:37953391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27544;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27544 [] Outgoing HTTP Domain correofcl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correofcl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correofcl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37953392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27544;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27545 [] Outgoing URL http|3a|//correoqcl.buzz/"; flow:to_server,established; http.header; content:"correoqcl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37953461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27545;) alert dns any any -> any any (msg: "MISP e27545 [] Domain correoqcl.buzz"; dns.query; content:"correoqcl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correoqcl\.buzz$/i"; classtype:trojan-activity; sid:37953481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27545;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27545 [] Outgoing HTTP Domain correoqcl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correoqcl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correoqcl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37953482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27545;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27546 [] Outgoing URL http|3a|//correojcl.buzz/"; flow:to_server,established; http.header; content:"correojcl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37953551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27546;) alert dns any any -> any any (msg: "MISP e27546 [] Domain correojcl.buzz"; dns.query; content:"correojcl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correojcl\.buzz$/i"; classtype:trojan-activity; sid:37953571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27546;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27546 [] Outgoing HTTP Domain correojcl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correojcl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correojcl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37953572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27546;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27547 [] Outgoing URL http|3a|//correokcl.buzz/"; flow:to_server,established; http.header; content:"correokcl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37953641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27547;) alert dns any any -> any any (msg: "MISP e27547 [] Domain correokcl.buzz"; dns.query; content:"correokcl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correokcl\.buzz$/i"; classtype:trojan-activity; sid:37953661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27547;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27547 [] Outgoing HTTP Domain correokcl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correokcl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correokcl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37953662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27547;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27548 [] Outgoing URL http|3a|//correowcl.buzz/"; flow:to_server,established; http.header; content:"correowcl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37953731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27548;) alert dns any any -> any any (msg: "MISP e27548 [] Domain correowcl.buzz"; dns.query; content:"correowcl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correowcl\.buzz$/i"; classtype:trojan-activity; sid:37953751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27548;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27548 [] Outgoing HTTP Domain correowcl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correowcl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correowcl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37953752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27548;) alert ip $HOME_NET any -> 3.125.223.134 14210 (msg: "MISP e27551 [Gh0stRAT] Outgoing To IP: 3.125.223.134|14210"; classtype:trojan-activity; sid:37955651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.124.142.205 14210 (msg: "MISP e27551 [Gh0stRAT] Outgoing To IP: 3.124.142.205|14210"; classtype:trojan-activity; sid:37955661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 18.158.249.75 14210 (msg: "MISP e27551 [Gh0stRAT] Outgoing To IP: 18.158.249.75|14210"; classtype:trojan-activity; sid:37955671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 18.192.31.165 14210 (msg: "MISP e27551 [Gh0stRAT] Outgoing To IP: 18.192.31.165|14210"; classtype:trojan-activity; sid:37955681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 95.217.250.22 36043 (msg: "MISP e27551 [RedLineStealer] Outgoing To IP: 95.217.250.22|36043"; classtype:trojan-activity; sid:37955711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27549 [] Domain mi-tarjetacencosud-cl.itsdjlucky.com"; dns.query; content:"mi-tarjetacencosud-cl.itsdjlucky.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.itsdjlucky\.com$/i"; classtype:trojan-activity; sid:37953841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27549;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27549 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.itsdjlucky.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.itsdjlucky.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.itsdjlucky\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37953842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27549;) alert http $HOME_NET any -> 91.92.252.146 $HTTP_PORTS (msg: "MISP e27551 [Loki] Outgoing URL http|3a|//91.92.252.146/kioy/five/fre.php"; flow:to_server,established; http.header; content:"91.92.252.146"; fast_pattern; nocase; http.uri; content:"/kioy/five/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 91.92.252.146 4002 (msg: "MISP e27551 [LokiBot] Outgoing URL http|3a|//91.92.252.146|3a|4002/kioy/five/fre.php"; flow:to_server,established; http.header; content:"91.92.252.146"; fast_pattern; nocase; http.uri; content:"/kioy/five/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27551 [dcrat] Outgoing URL http|3a|//h172956.srv11.test-hf.su/providervmjs_pollauthapibasecdndownloads.php"; flow:to_server,established; http.header; content:"h172956.srv11.test-hf.su"; fast_pattern; nocase; http.uri; content:"/providervmjs_pollauthapibasecdndownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27551 [Loki] Outgoing URL http|3a|//sempersim.su/c12/fre.php"; flow:to_server,established; http.header; content:"sempersim.su"; fast_pattern; nocase; http.uri; content:"/c12/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27551 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing URL http|3a|//security-socks.expert/understand/v2.61/rylqupm8ll"; flow:to_server,established; http.header; content:"security-socks.expert"; fast_pattern; nocase; http.uri; content:"/understand/v2.61/rylqupm8ll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27551 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Domain security-socks.expert"; dns.query; content:"security-socks.expert"; nocase; pcre: "/(^|[^A-Za-z0-9-])security\-socks\.expert$/i"; classtype:trojan-activity; sid:37955781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27551 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing HTTP Domain security-socks.expert"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"security-socks.expert"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])security\-socks\.expert[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37955782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 194.165.16.55 $HTTP_PORTS (msg: "MISP e27551 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing URL http|3a|//194.165.16.55/understand/v2.61/rylqupm8ll"; flow:to_server,established; http.header; content:"194.165.16.55"; fast_pattern; nocase; http.uri; content:"/understand/v2.61/rylqupm8ll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 194.165.16.55 80 (msg: "MISP e27551 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing To IP: 194.165.16.55|80"; classtype:trojan-activity; sid:37955801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 91.92.252.146 4002 (msg: "MISP e27551 [infostealer,LokiBot,stealer] Outgoing To IP: 91.92.252.146|4002"; classtype:trojan-activity; sid:37955761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 193.178.170.30 7771 (msg: "MISP e27551 [] Outgoing To IP: 193.178.170.30|7771"; classtype:trojan-activity; sid:37955701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27551 [Planet Stealer] Domain hzp02itt0a.com"; dns.query; content:"hzp02itt0a.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hzp02itt0a\.com$/i"; classtype:trojan-activity; sid:37955691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27551 [Planet Stealer] Outgoing HTTP Domain hzp02itt0a.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hzp02itt0a.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hzp02itt0a\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37955692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 193.178.170.30 $HTTP_PORTS (msg: "MISP e27551 [Planet Stealer] Outgoing URL http|3a|//193.178.170.30"; flow:to_server,established; http.header; content:"193.178.170.30"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> 194.147.140.138 $HTTP_PORTS (msg: "MISP e27551 [XWorm] Outgoing URL http|3a|//194.147.140.138"; flow:to_server,established; http.header; content:"194.147.140.138"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27551 [XWorm] Outgoing URL http|3a|//nzaria.org/img/marxrwo.txt"; flow:to_server,established; http.header; content:"nzaria.org"; fast_pattern; nocase; http.uri; content:"/img/marxrwo.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27551 [XWorm] Outgoing URL http|3a|//marxrwo9090.duckdns.org"; flow:to_server,established; http.header; content:"marxrwo9090.duckdns.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert dns any any -> any any (msg: "MISP e27550 [] Domain accesso-bono-banestado-apps.pages.dev"; dns.query; content:"accesso-bono-banestado-apps.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])accesso\-bono\-banestado\-apps\.pages\.dev$/i"; classtype:trojan-activity; sid:37953971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27550;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27550 [] Outgoing HTTP Domain accesso-bono-banestado-apps.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"accesso-bono-banestado-apps.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])accesso\-bono\-banestado\-apps\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37953972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27550;) alert http $HOME_NET any -> 128.254.207.135 $HTTP_PORTS (msg: "MISP e27551 [SocGholish] Outgoing URL http|3a|//128.254.207.135"; flow:to_server,established; http.header; content:"128.254.207.135"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27551 [SocGholish] Outgoing URL http|3a|//commdistinc.com"; flow:to_server,established; http.header; content:"commdistinc.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27551 [SocGholish] Outgoing URL http|3a|//apicachebot.com"; flow:to_server,established; http.header; content:"apicachebot.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27551 [SocGholish] Outgoing URL http|3a|//apicachebot.com/ui_cache.js"; flow:to_server,established; http.header; content:"apicachebot.com"; fast_pattern; nocase; http.uri; content:"/ui_cache.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37955301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 37.120.141.144 5903 (msg: "MISP e27551 [AS9009,c2,censys,NL,RAT] Outgoing To IP: 37.120.141.144|5903"; classtype:trojan-activity; sid:37955831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 91.92.252.33 80 (msg: "MISP e27551 [AS394711,c2,elf,LIMENET,moobot,NL] Outgoing To IP: 91.92.252.33|80"; classtype:trojan-activity; sid:37955811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 91.92.248.206 80 (msg: "MISP e27551 [AS394711,c2,censys,Cobalt Strike,NL] Outgoing To IP: 91.92.248.206|80"; classtype:trojan-activity; sid:37955821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 69.30.232.230 1433 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 69.30.232.230|1433"; classtype:trojan-activity; sid:37955841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 193.222.96.156 443 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 193.222.96.156|443"; classtype:trojan-activity; sid:37955851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 120.48.5.80 6666 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 120.48.5.80|6666"; classtype:trojan-activity; sid:37955861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 43.136.71.208 8881 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 43.136.71.208|8881"; classtype:trojan-activity; sid:37955871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.11.29.211 443 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 3.11.29.211|443"; classtype:trojan-activity; sid:37955881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 8.222.158.76 80 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 8.222.158.76|80"; classtype:trojan-activity; sid:37955891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 107.174.241.206 7989 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 107.174.241.206|7989"; classtype:trojan-activity; sid:37955901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 47.92.146.233 8888 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 47.92.146.233|8888"; classtype:trojan-activity; sid:37955911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 45.76.196.30 9999 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 45.76.196.30|9999"; classtype:trojan-activity; sid:37955921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 39.104.66.132 5555 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 39.104.66.132|5555"; classtype:trojan-activity; sid:37955931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.146.206.189 80 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 3.146.206.189|80"; classtype:trojan-activity; sid:37955941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 154.9.255.31 6666 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 154.9.255.31|6666"; classtype:trojan-activity; sid:37955951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 54.145.92.29 8083 (msg: "MISP e27551 [c2,sliver] Outgoing To IP: 54.145.92.29|8083"; classtype:trojan-activity; sid:37955961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 34.88.176.115 2376 (msg: "MISP e27551 [c2,sliver] Outgoing To IP: 34.88.176.115|2376"; classtype:trojan-activity; sid:37955971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 46.249.38.211 3790 (msg: "MISP e27551 [c2,Meterpreter] Outgoing To IP: 46.249.38.211|3790"; classtype:trojan-activity; sid:37955981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 67.205.152.19 3790 (msg: "MISP e27551 [c2,Meterpreter] Outgoing To IP: 67.205.152.19|3790"; classtype:trojan-activity; sid:37955991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 154.23.178.139 8848 (msg: "MISP e27551 [c2,dcrat] Outgoing To IP: 154.23.178.139|8848"; classtype:trojan-activity; sid:37956001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 74.91.29.67 8848 (msg: "MISP e27551 [c2,dcrat] Outgoing To IP: 74.91.29.67|8848"; classtype:trojan-activity; sid:37956011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 94.156.8.188 8081 (msg: "MISP e27551 [c2,Risepro] Outgoing To IP: 94.156.8.188|8081"; classtype:trojan-activity; sid:37956021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 164.92.191.107 443 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 164.92.191.107|443"; classtype:trojan-activity; sid:37956031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 111.229.198.177 50050 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 111.229.198.177|50050"; classtype:trojan-activity; sid:37956041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 8.130.122.174 50050 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 8.130.122.174|50050"; classtype:trojan-activity; sid:37956051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 20.163.176.140 50050 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 20.163.176.140|50050"; classtype:trojan-activity; sid:37956061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 174.78.242.29 9100 (msg: "MISP e27551 [c2,extreme_rat] Outgoing To IP: 174.78.242.29|9100"; classtype:trojan-activity; sid:37956071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 31.6.179.181 54984 (msg: "MISP e27551 [c2,NanoCore] Outgoing To IP: 31.6.179.181|54984"; classtype:trojan-activity; sid:37956081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 128.90.145.218 54984 (msg: "MISP e27551 [c2,NanoCore] Outgoing To IP: 128.90.145.218|54984"; classtype:trojan-activity; sid:37956091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 110.164.146.49 1177 (msg: "MISP e27551 [c2,njrat] Outgoing To IP: 110.164.146.49|1177"; classtype:trojan-activity; sid:37956101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 45.83.207.249 1177 (msg: "MISP e27551 [c2,njrat] Outgoing To IP: 45.83.207.249|1177"; classtype:trojan-activity; sid:37956111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 193.124.205.30 80 (msg: "MISP e27551 [c2,Mirai] Outgoing To IP: 193.124.205.30|80"; classtype:trojan-activity; sid:37956121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 154.23.141.66 4449 (msg: "MISP e27551 [c2,Venom] Outgoing To IP: 154.23.141.66|4449"; classtype:trojan-activity; sid:37956131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 20.169.80.43 4449 (msg: "MISP e27551 [c2,Venom] Outgoing To IP: 20.169.80.43|4449"; classtype:trojan-activity; sid:37956141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 5.75.209.178 5432 (msg: "MISP e27551 [c2,Vidar] Outgoing To IP: 5.75.209.178|5432"; classtype:trojan-activity; sid:37956151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 116.203.13.151 80 (msg: "MISP e27551 [c2,Vidar] Outgoing To IP: 116.203.13.151|80"; classtype:trojan-activity; sid:37956161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 116.203.13.151 443 (msg: "MISP e27551 [c2,Vidar] Outgoing To IP: 116.203.13.151|443"; classtype:trojan-activity; sid:37956171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 142.132.224.223 443 (msg: "MISP e27551 [c2,Vidar] Outgoing To IP: 142.132.224.223|443"; classtype:trojan-activity; sid:37956181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 142.132.224.223 80 (msg: "MISP e27551 [c2,Vidar] Outgoing To IP: 142.132.224.223|80"; classtype:trojan-activity; sid:37956191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 103.155.214.72 443 (msg: "MISP e27551 [c2,orcus_rat] Outgoing To IP: 103.155.214.72|443"; classtype:trojan-activity; sid:37956201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 197.119.48.109 80 (msg: "MISP e27551 [c2,orcus_rat] Outgoing To IP: 197.119.48.109|80"; classtype:trojan-activity; sid:37956211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 89.23.99.198 8081 (msg: "MISP e27551 [c2,Risepro] Outgoing To IP: 89.23.99.198|8081"; classtype:trojan-activity; sid:37956221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 13.50.244.252 80 (msg: "MISP e27551 [c2,cobalt_strike] Outgoing To IP: 13.50.244.252|80"; classtype:trojan-activity; sid:37956231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27551;) alert ip $HOME_NET any -> 3.146.206.189 8888 (msg: "MISP e27568 [c2,cobalt_strike] Outgoing To IP: 3.146.206.189|8888"; classtype:trojan-activity; sid:37957761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 39.108.229.236 800 (msg: "MISP e27568 [c2,cobalt_strike] Outgoing To IP: 39.108.229.236|800"; classtype:trojan-activity; sid:37957771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 47.123.4.117 8099 (msg: "MISP e27568 [c2,cobalt_strike] Outgoing To IP: 47.123.4.117|8099"; classtype:trojan-activity; sid:37957781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 124.71.9.23 8005 (msg: "MISP e27568 [c2,cobalt_strike] Outgoing To IP: 124.71.9.23|8005"; classtype:trojan-activity; sid:37957791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 45.134.225.247 5555 (msg: "MISP e27568 [c2,cobalt_strike] Outgoing To IP: 45.134.225.247|5555"; classtype:trojan-activity; sid:37957801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 109.248.170.151 7443 (msg: "MISP e27568 [c2,cobalt_strike] Outgoing To IP: 109.248.170.151|7443"; classtype:trojan-activity; sid:37957811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 185.158.251.20 23 (msg: "MISP e27568 [c2,cobalt_strike] Outgoing To IP: 185.158.251.20|23"; classtype:trojan-activity; sid:37957821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 62.122.184.95 8888 (msg: "MISP e27568 [StealthWorker] Outgoing To IP: 62.122.184.95|8888"; classtype:trojan-activity; sid:37957831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 174.93.198.242 10134 (msg: "MISP e27568 [c2,orcus_rat] Outgoing To IP: 174.93.198.242|10134"; classtype:trojan-activity; sid:37957841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> 79.174.94.173 $HTTP_PORTS (msg: "MISP e27568 [dcrat] Outgoing URL http|3a|//79.174.94.173/base93/3multibasetest/3/trackauth/linuxtoasync6/longpoll/cpuserver2wp/tracklinux/phpasynccentral.php"; flow:to_server,established; http.header; content:"79.174.94.173"; fast_pattern; nocase; http.uri; content:"/base93/3multibasetest/3/trackauth/linuxtoasync6/longpoll/cpuserver2wp/tracklinux/phpasynccentral.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37957851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27552 [] Domain liderbciserviciosfinancieros-cl.olivason.com.tr"; dns.query; content:"liderbciserviciosfinancieros-cl.olivason.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-])liderbciserviciosfinancieros\-cl\.olivason\.com\.tr$/i"; classtype:trojan-activity; sid:37956271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27552;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27552 [] Outgoing HTTP Domain liderbciserviciosfinancieros-cl.olivason.com.tr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liderbciserviciosfinancieros-cl.olivason.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liderbciserviciosfinancieros\-cl\.olivason\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37956272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27552;) alert dns any any -> any any (msg: "MISP e27553 [] Domain moi.safecity.com"; dns.query; content:"moi.safecity.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])moi\.safecity\.com$/i"; classtype:trojan-activity; sid:37956351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27553;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27553 [] Outgoing HTTP Domain moi.safecity.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"moi.safecity.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])moi\.safecity\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37956352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27553;) alert ip $HOME_NET any -> 192.3.216.140 16519 (msg: "MISP e27568 [remcos] Outgoing To IP: 192.3.216.140|16519"; classtype:trojan-activity; sid:37957861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 45.140.146.2 443 (msg: "MISP e27568 [AS44477,c2,DarkGate,STARK-INDUSTRIES] Outgoing To IP: 45.140.146.2|443"; classtype:trojan-activity; sid:37957741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 193.149.129.179 80 (msg: "MISP e27568 [AS399629,BLNWX,c2,censys,Cobalt Strike] Outgoing To IP: 193.149.129.179|80"; classtype:trojan-activity; sid:37957721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 5.188.87.40 36543 (msg: "MISP e27568 [AS49453,c2,censys,Cobalt Strike,GLOBALLAYER,NL] Outgoing To IP: 5.188.87.40|36543"; classtype:trojan-activity; sid:37957731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 4.210.191.162 443 (msg: "MISP e27568 [AS8075,c2,censys,Cobalt Strike,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 4.210.191.162|443"; classtype:trojan-activity; sid:37957711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 206.188.197.213 443 (msg: "MISP e27568 [AS399629,BLNWX,c2,censys,RAT] Outgoing To IP: 206.188.197.213|443"; classtype:trojan-activity; sid:37957701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 185.237.206.57 8081 (msg: "MISP e27568 [AS21100,c2,censys,ITLDC-NL,NL,stealer] Outgoing To IP: 185.237.206.57|8081"; classtype:trojan-activity; sid:37957691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 91.92.253.149 443 (msg: "MISP e27568 [AS394711,c2,censys,Cobalt Strike,LIMENET,NL] Outgoing To IP: 91.92.253.149|443"; classtype:trojan-activity; sid:37957671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 185.233.203.43 31337 (msg: "MISP e27568 [AS200740,c2,censys,FIRST-SERVER-EU-AS,sliver] Outgoing To IP: 185.233.203.43|31337"; classtype:trojan-activity; sid:37957681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 15.235.166.83 80 (msg: "MISP e27568 [OVH,sliver] Outgoing To IP: 15.235.166.83|80"; classtype:trojan-activity; sid:37957871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 20.168.0.131 7443 (msg: "MISP e27568 [MICROSOFT-CORP-MSN-AS-BLOCK,Mythic] Outgoing To IP: 20.168.0.131|7443"; classtype:trojan-activity; sid:37957881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 136.0.3.71 443 (msg: "MISP e27568 [Bianlian Go Trojan,EVOXTENTERPRISE-AS-AP Evoxt Enterprise] Outgoing To IP: 136.0.3.71|443"; classtype:trojan-activity; sid:37957891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 185.11.61.57 443 (msg: "MISP e27568 [CHANGWAY-AS,Havoc] Outgoing To IP: 185.11.61.57|443"; classtype:trojan-activity; sid:37957901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 94.156.66.44 443 (msg: "MISP e27568 [Havoc,LIMENET] Outgoing To IP: 94.156.66.44|443"; classtype:trojan-activity; sid:37957911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 91.143.101.212 445 (msg: "MISP e27568 [GSTW-AS,Responder] Outgoing To IP: 91.143.101.212|445"; classtype:trojan-activity; sid:37957921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 38.147.189.157 443 (msg: "MISP e27568 [Pupy RAT,XNNET] Outgoing To IP: 38.147.189.157|443"; classtype:trojan-activity; sid:37957931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 45.150.198.28 443 (msg: "MISP e27568 [Pupy RAT,XNNET] Outgoing To IP: 45.150.198.28|443"; classtype:trojan-activity; sid:37957941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 72.27.199.181 443 (msg: "MISP e27568 [FLOW-NET,QakBot] Outgoing To IP: 72.27.199.181|443"; classtype:trojan-activity; sid:37957951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 70.31.125.184 2222 (msg: "MISP e27568 [BACOM,QakBot] Outgoing To IP: 70.31.125.184|2222"; classtype:trojan-activity; sid:37957961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 89.117.23.25 46450 (msg: "MISP e27568 [dcrat,NL-811-40021] Outgoing To IP: 89.117.23.25|46450"; classtype:trojan-activity; sid:37957971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 46.246.80.10 6000 (msg: "MISP e27568 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.80.10|6000"; classtype:trojan-activity; sid:37957981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 209.126.86.48 1194 (msg: "MISP e27568 [NL-811-40021,Pikabot] Outgoing To IP: 209.126.86.48|1194"; classtype:trojan-activity; sid:37957991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 163.197.242.202 80 (msg: "MISP e27568 [Hookbot Pegasus,IDCCLOUD] Outgoing To IP: 163.197.242.202|80"; classtype:trojan-activity; sid:37958001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 193.57.41.76 80 (msg: "MISP e27568 [Hookbot Pegasus,KEYUBU] Outgoing To IP: 193.57.41.76|80"; classtype:trojan-activity; sid:37958011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 88.99.127.167 9000 (msg: "MISP e27568 [Vidar] Outgoing To IP: 88.99.127.167|9000"; classtype:trojan-activity; sid:37958021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 95.216.183.48 443 (msg: "MISP e27568 [Vidar] Outgoing To IP: 95.216.183.48|443"; classtype:trojan-activity; sid:37958031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 116.203.13.151 9494 (msg: "MISP e27568 [Vidar] Outgoing To IP: 116.203.13.151|9494"; classtype:trojan-activity; sid:37958061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 81.71.140.170 443 (msg: "MISP e27568 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 81.71.140.170|443"; classtype:trojan-activity; sid:37958101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 195.20.16.45 any (msg: "MISP e27650 [] Outgoing To IP: 195.20.16.45"; classtype:trojan-activity; sid:38011931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27650;) alert ip $HOME_NET any -> 77.105.147.130 any (msg: "MISP e27650 [] Outgoing To IP: 77.105.147.130"; classtype:trojan-activity; sid:38011941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27650;) alert ip $HOME_NET any -> 45.15.156.229 any (msg: "MISP e27650 [] Outgoing To IP: 45.15.156.229"; classtype:trojan-activity; sid:38011951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27650;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bapeoutletportugal.com"; dns.query; content:"bapeoutletportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletportugal\.com$/i"; classtype:trojan-activity; sid:38164271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bapeoutletportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bapeoutletportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bapeoutletportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain botinesmizunoargentina.com"; dns.query; content:"botinesmizunoargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])botinesmizunoargentina\.com$/i"; classtype:trojan-activity; sid:38164281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain botinesmizunoargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botinesmizunoargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botinesmizunoargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casio-philippines.com"; dns.query; content:"casio-philippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casio\-philippines\.com$/i"; classtype:trojan-activity; sid:38164291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casio-philippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casio-philippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casio\-philippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain demoniasmexico.com"; dns.query; content:"demoniasmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])demoniasmexico\.com$/i"; classtype:trojan-activity; sid:38164301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain demoniasmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"demoniasmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])demoniasmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fitflopsnl-nederland.com"; dns.query; content:"fitflopsnl-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopsnl\-nederland\.com$/i"; classtype:trojan-activity; sid:38164311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fitflopsnl-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fitflopsnl-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopsnl\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain guessoutletsingapore.com"; dns.query; content:"guessoutletsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])guessoutletsingapore\.com$/i"; classtype:trojan-activity; sid:38164321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain guessoutletsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"guessoutletsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])guessoutletsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajaneca.com"; dns.query; content:"lornajaneca.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajaneca\.com$/i"; classtype:trojan-activity; sid:38164331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajaneca.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajaneca.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajaneca\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajanech.com"; dns.query; content:"lornajanech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanech\.com$/i"; classtype:trojan-activity; sid:38164341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajanech.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajanech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajanedenmark.com"; dns.query; content:"lornajanedenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanedenmark\.com$/i"; classtype:trojan-activity; sid:38164351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajanedenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajanedenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanedenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajane-espana.com"; dns.query; content:"lornajane-espana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-espana\.com$/i"; classtype:trojan-activity; sid:38164361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajane-espana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajane-espana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-espana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajanepolska.com"; dns.query; content:"lornajanepolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanepolska\.com$/i"; classtype:trojan-activity; sid:38164371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajanepolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajanepolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanepolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajane-southafrica.com"; dns.query; content:"lornajane-southafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-southafrica\.com$/i"; classtype:trojan-activity; sid:38164381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajane-southafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajane-southafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajane\-southafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajaneuae.com"; dns.query; content:"lornajaneuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajaneuae\.com$/i"; classtype:trojan-activity; sid:38164391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajaneuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajaneuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajaneuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonitalia.com"; dns.query; content:"lululemonitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonitalia\.com$/i"; classtype:trojan-activity; sid:38164401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemon-romania.com"; dns.query; content:"lululemon-romania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemon\-romania\.com$/i"; classtype:trojan-activity; sid:38164411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemon-romania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemon-romania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemon\-romania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonslovenija.com"; dns.query; content:"lululemonslovenija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonslovenija\.com$/i"; classtype:trojan-activity; sid:38164421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonslovenija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonslovenija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonslovenija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain melissaoutletnorge.com"; dns.query; content:"melissaoutletnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletnorge\.com$/i"; classtype:trojan-activity; sid:38164431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain melissaoutletnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"melissaoutletnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])melissaoutletnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoaustraliashoes.com"; dns.query; content:"mizunoaustraliashoes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoaustraliashoes\.com$/i"; classtype:trojan-activity; sid:38164441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoaustraliashoes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoaustraliashoes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoaustraliashoes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoboty.com"; dns.query; content:"mizunoboty.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoboty\.com$/i"; classtype:trojan-activity; sid:38164451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoboty.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoboty.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoboty\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoencostarica.com"; dns.query; content:"mizunoencostarica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoencostarica\.com$/i"; classtype:trojan-activity; sid:38164461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoencostarica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoencostarica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoencostarica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunooutletphilippines.com"; dns.query; content:"mizunooutletphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutletphilippines\.com$/i"; classtype:trojan-activity; sid:38164471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunooutletphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunooutletphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutletphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoecanada.com"; dns.query; content:"mizunoshoecanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoecanada\.com$/i"; classtype:trojan-activity; sid:38164481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoecanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoecanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoecanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoeireland.com"; dns.query; content:"mizunoshoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeireland\.com$/i"; classtype:trojan-activity; sid:38164491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoephilippines.com"; dns.query; content:"mizunoshoephilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoephilippines\.com$/i"; classtype:trojan-activity; sid:38164501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoephilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoephilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoephilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoeuk.com"; dns.query; content:"mizunoshoeuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeuk\.com$/i"; classtype:trojan-activity; sid:38164511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoeuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoeuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshopmalaysia.com"; dns.query; content:"mizunoshopmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshopmalaysia\.com$/i"; classtype:trojan-activity; sid:38164521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshopmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshopmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshopmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoskorsverige.com"; dns.query; content:"mizunoskorsverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoskorsverige\.com$/i"; classtype:trojan-activity; sid:38164531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoskorsverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoskorsverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoskorsverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosromania.com"; dns.query; content:"mizunosromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosromania\.com$/i"; classtype:trojan-activity; sid:38164541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotcanadas.com"; dns.query; content:"naotcanadas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotcanadas\.com$/i"; classtype:trojan-activity; sid:38164551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotcanadas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotcanadas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotcanadas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotgreece.com"; dns.query; content:"naotgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotgreece\.com$/i"; classtype:trojan-activity; sid:38164561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotisrael.com"; dns.query; content:"naotisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotisrael\.com$/i"; classtype:trojan-activity; sid:38164571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotmalaysia.com"; dns.query; content:"naotmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotmalaysia\.com$/i"; classtype:trojan-activity; sid:38164581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotromania.com"; dns.query; content:"naotromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotromania\.com$/i"; classtype:trojan-activity; sid:38164591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotslovensko.com"; dns.query; content:"naotslovensko.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotslovensko\.com$/i"; classtype:trojan-activity; sid:38164601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotslovensko.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotslovensko.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotslovensko\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nike-factoryoutletnz.com"; dns.query; content:"nike-factoryoutletnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-factoryoutletnz\.com$/i"; classtype:trojan-activity; sid:38164611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nike-factoryoutletnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nike-factoryoutletnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-factoryoutletnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nike-outletschweiz.com"; dns.query; content:"nike-outletschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-outletschweiz\.com$/i"; classtype:trojan-activity; sid:38164621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nike-outletschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nike-outletschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-outletschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nike-winkelbelgie.com"; dns.query; content:"nike-winkelbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-winkelbelgie\.com$/i"; classtype:trojan-activity; sid:38164631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nike-winkelbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nike-winkelbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-winkelbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain northfacechilechaqueta.com"; dns.query; content:"northfacechilechaqueta.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])northfacechilechaqueta\.com$/i"; classtype:trojan-activity; sid:38164641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain northfacechilechaqueta.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"northfacechilechaqueta.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])northfacechilechaqueta\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onrunningschuheschweiz.com"; dns.query; content:"onrunningschuheschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onrunningschuheschweiz\.com$/i"; classtype:trojan-activity; sid:38164651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onrunningschuheschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onrunningschuheschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onrunningschuheschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain reeboknzstore.com"; dns.query; content:"reeboknzstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])reeboknzstore\.com$/i"; classtype:trojan-activity; sid:38164661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain reeboknzstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reeboknzstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reeboknzstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain reebokoutletschweiz.com"; dns.query; content:"reebokoutletschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])reebokoutletschweiz\.com$/i"; classtype:trojan-activity; sid:38164671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain reebokoutletschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reebokoutletschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reebokoutletschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-australia.com"; dns.query; content:"rimowa-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-australia\.com$/i"; classtype:trojan-activity; sid:38164681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaczechrepublic.com"; dns.query; content:"rimowaczechrepublic.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaczechrepublic\.com$/i"; classtype:trojan-activity; sid:38164691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaczechrepublic.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaczechrepublic.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaczechrepublic\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowadenmark.com"; dns.query; content:"rimowadenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowadenmark\.com$/i"; classtype:trojan-activity; sid:38164701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowadenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowadenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowadenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-indonesia.com"; dns.query; content:"rimowa-indonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-indonesia\.com$/i"; classtype:trojan-activity; sid:38164711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-indonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-indonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-indonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowakuwait.com"; dns.query; content:"rimowakuwait.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowakuwait\.com$/i"; classtype:trojan-activity; sid:38164721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowakuwait.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowakuwait.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowakuwait\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowamalaysiasale.com"; dns.query; content:"rimowamalaysiasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowamalaysiasale\.com$/i"; classtype:trojan-activity; sid:38164731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowamalaysiasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowamalaysiasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowamalaysiasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaportugalstores.com"; dns.query; content:"rimowaportugalstores.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaportugalstores\.com$/i"; classtype:trojan-activity; sid:38164741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaportugalstores.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaportugalstores.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaportugalstores\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowasingaporestore.com"; dns.query; content:"rimowasingaporestore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasingaporestore\.com$/i"; classtype:trojan-activity; sid:38164751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowasingaporestore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowasingaporestore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasingaporestore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowasouthkorea.com"; dns.query; content:"rimowasouthkorea.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasouthkorea\.com$/i"; classtype:trojan-activity; sid:38164761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowasouthkorea.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowasouthkorea.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasouthkorea\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaswitzerland.com"; dns.query; content:"rimowaswitzerland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaswitzerland\.com$/i"; classtype:trojan-activity; sid:38164771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaswitzerland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaswitzerland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaswitzerland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowathailandoutlet.com"; dns.query; content:"rimowathailandoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowathailandoutlet\.com$/i"; classtype:trojan-activity; sid:38164781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowathailandoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowathailandoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowathailandoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-uae.com"; dns.query; content:"rimowa-uae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-uae\.com$/i"; classtype:trojan-activity; sid:38164791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-uae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-uae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-uae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain scarpemizunooutlet.com"; dns.query; content:"scarpemizunooutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpemizunooutlet\.com$/i"; classtype:trojan-activity; sid:38164801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain scarpemizunooutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"scarpemizunooutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])scarpemizunooutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sperrycanadastore.com"; dns.query; content:"sperrycanadastore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sperrycanadastore\.com$/i"; classtype:trojan-activity; sid:38164811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sperrycanadastore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sperrycanadastore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sperrycanadastore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerirelandshoes.com"; dns.query; content:"tedbakerirelandshoes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerirelandshoes\.com$/i"; classtype:trojan-activity; sid:38164821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerirelandshoes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerirelandshoes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerirelandshoes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tenismizunocolombia.com"; dns.query; content:"tenismizunocolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tenismizunocolombia\.com$/i"; classtype:trojan-activity; sid:38164831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tenismizunocolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tenismizunocolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tenismizunocolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain zapatosmizunochile.com"; dns.query; content:"zapatosmizunochile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatosmizunochile\.com$/i"; classtype:trojan-activity; sid:38164841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain zapatosmizunochile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zapatosmizunochile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatosmizunochile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 45.90.97.172 2211 (msg: "MISP e27568 [Mirai] Outgoing To IP: 45.90.97.172|2211"; classtype:trojan-activity; sid:37958111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27568 [ASSEFLOW,CobaltStrike,cs-watermark-987654321] Domain googlesupportacc.top"; dns.query; content:"googlesupportacc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])googlesupportacc\.top$/i"; classtype:trojan-activity; sid:37958131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27568 [ASSEFLOW,CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain googlesupportacc.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"googlesupportacc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])googlesupportacc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 95.141.41.8 443 (msg: "MISP e27568 [ASSEFLOW,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 95.141.41.8|443"; classtype:trojan-activity; sid:37958141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27568 [CobaltStrike,cs-watermark-1497914425,MICROSOFT-CORP-MSN-AS-BLOCK] Domain i-wallet.net"; dns.query; content:"i-wallet.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])i\-wallet\.net$/i"; classtype:trojan-activity; sid:37958161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27568 [CobaltStrike,cs-watermark-1497914425,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain i-wallet.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"i-wallet.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])i\-wallet\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27554 [] Outgoing URL http|3a|//dev-bamcolombia.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-bamcolombia.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37956421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27554;) alert dns any any -> any any (msg: "MISP e27554 [] Domain dev-bamcolombia.pantheonsite.io"; dns.query; content:"dev-bamcolombia.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-bamcolombia\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37956451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27554;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27554 [] Outgoing HTTP Domain dev-bamcolombia.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-bamcolombia.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-bamcolombia\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37956452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27554;) alert dns any any -> any any (msg: "MISP e24600 [] Domain pub-70eaa32e5b5d42c7b98de15c99c531d2.r2.dev"; dns.query; content:"pub-70eaa32e5b5d42c7b98de15c99c531d2.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-70eaa32e5b5d42c7b98de15c99c531d2\.r2\.dev$/i"; classtype:trojan-activity; sid:38180341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain pub-70eaa32e5b5d42c7b98de15c99c531d2.r2.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pub-70eaa32e5b5d42c7b98de15c99c531d2.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-70eaa32e5b5d42c7b98de15c99c531d2\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180342; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e27555 [] Domain suportesmstado.com"; dns.query; content:"suportesmstado.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])suportesmstado\.com$/i"; classtype:trojan-activity; sid:37956541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27555;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27555 [] Outgoing HTTP Domain suportesmstado.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suportesmstado.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suportesmstado\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37956542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27555;) alert ip $HOME_NET any -> 178.238.112.11 56555 (msg: "MISP e27568 [RemoteManipulator] Outgoing To IP: 178.238.112.11|56555"; classtype:trojan-activity; sid:37958171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dc-shoeireland.com"; dns.query; content:"dc-shoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoeireland\.com$/i"; classtype:trojan-activity; sid:38165381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dc-shoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dc-shoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoegreece.com"; dns.query; content:"dcshoegreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoegreece\.com$/i"; classtype:trojan-activity; sid:38165411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoegreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoegreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoegreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoehu.com"; dns.query; content:"dcshoehu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoehu\.com$/i"; classtype:trojan-activity; sid:38165421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoehu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoehu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoehu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoedanmark.com"; dns.query; content:"dcshoedanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoedanmark\.com$/i"; classtype:trojan-activity; sid:38165431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoedanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoedanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoedanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoefinland.com"; dns.query; content:"dcshoefinland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoefinland\.com$/i"; classtype:trojan-activity; sid:38165441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoefinland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoefinland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoefinland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeaus.com"; dns.query; content:"dcshoeaus.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeaus\.com$/i"; classtype:trojan-activity; sid:38165451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeaus.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeaus.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeaus\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoecanada.com"; dns.query; content:"dcshoecanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoecanada\.com$/i"; classtype:trojan-activity; sid:38165461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoecanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoecanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoecanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoechile.com"; dns.query; content:"dcshoechile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoechile\.com$/i"; classtype:trojan-activity; sid:38165471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoechile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoechile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoechile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain buyvionicmalaysia.com"; dns.query; content:"buyvionicmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])buyvionicmalaysia\.com$/i"; classtype:trojan-activity; sid:38165481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain buyvionicmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"buyvionicmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])buyvionicmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casioromania.com"; dns.query; content:"casioromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casioromania\.com$/i"; classtype:trojan-activity; sid:38165491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casioromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casioromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casioromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boteeuk.com"; dns.query; content:"boteeuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boteeuk\.com$/i"; classtype:trojan-activity; sid:38165501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boteeuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boteeuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boteeuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain buyvioniccanada.com"; dns.query; content:"buyvioniccanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])buyvioniccanada\.com$/i"; classtype:trojan-activity; sid:38165511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain buyvioniccanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"buyvioniccanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])buyvioniccanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain buyvionicireland.com"; dns.query; content:"buyvionicireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])buyvionicireland\.com$/i"; classtype:trojan-activity; sid:38165521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain buyvionicireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"buyvionicireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])buyvionicireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boteenederland.com"; dns.query; content:"boteenederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boteenederland\.com$/i"; classtype:trojan-activity; sid:38165531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boteenederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boteenederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boteenederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boteenz.com"; dns.query; content:"boteenz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boteenz\.com$/i"; classtype:trojan-activity; sid:38165541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boteenz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boteenz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boteenz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boteeuae.com"; dns.query; content:"boteeuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boteeuae\.com$/i"; classtype:trojan-activity; sid:38165551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boteeuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boteeuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boteeuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boteefactoryoutlet.com"; dns.query; content:"boteefactoryoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boteefactoryoutlet\.com$/i"; classtype:trojan-activity; sid:38165561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boteefactoryoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boteefactoryoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boteefactoryoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boteeireland.com"; dns.query; content:"boteeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boteeireland\.com$/i"; classtype:trojan-activity; sid:38165571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boteeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boteeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boteeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boteeaustralia.com"; dns.query; content:"boteeaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boteeaustralia\.com$/i"; classtype:trojan-activity; sid:38165581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boteeaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boteeaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boteeaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoes-switzerland.com"; dns.query; content:"dcshoes-switzerland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-switzerland\.com$/i"; classtype:trojan-activity; sid:38165151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoes-switzerland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoes-switzerland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-switzerland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoes-poland.com"; dns.query; content:"dcshoes-poland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-poland\.com$/i"; classtype:trojan-activity; sid:38165181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoes-poland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoes-poland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-poland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesportugal.com"; dns.query; content:"dcshoesportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesportugal\.com$/i"; classtype:trojan-activity; sid:38165191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoessouth-africa.com"; dns.query; content:"dcshoessouth-africa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoessouth\-africa\.com$/i"; classtype:trojan-activity; sid:38165201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoessouth-africa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoessouth-africa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoessouth\-africa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoes-mexico.com"; dns.query; content:"dcshoes-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-mexico\.com$/i"; classtype:trojan-activity; sid:38165211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoes-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoes-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesmexico-mx.com"; dns.query; content:"dcshoesmexico-mx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesmexico\-mx\.com$/i"; classtype:trojan-activity; sid:38165221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesmexico-mx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesmexico-mx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesmexico\-mx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesmexicotiendas.com"; dns.query; content:"dcshoesmexicotiendas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesmexicotiendas\.com$/i"; classtype:trojan-activity; sid:38165231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesmexicotiendas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesmexicotiendas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesmexicotiendas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesindonesia.com"; dns.query; content:"dcshoesindonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesindonesia\.com$/i"; classtype:trojan-activity; sid:38165241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesindonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesindonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesindonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesingapore.com"; dns.query; content:"dcshoesingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesingapore\.com$/i"; classtype:trojan-activity; sid:38165251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesmalaysiastore.com"; dns.query; content:"dcshoesmalaysiastore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesmalaysiastore\.com$/i"; classtype:trojan-activity; sid:38165261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesmalaysiastore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesmalaysiastore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesmalaysiastore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesdeutschland.com"; dns.query; content:"dcshoesdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesdeutschland\.com$/i"; classtype:trojan-activity; sid:38165271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dc-shoesfactoryoutlet.com"; dns.query; content:"dc-shoesfactoryoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoesfactoryoutlet\.com$/i"; classtype:trojan-activity; sid:38165281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dc-shoesfactoryoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dc-shoesfactoryoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoesfactoryoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesfrance.com"; dns.query; content:"dcshoesfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesfrance\.com$/i"; classtype:trojan-activity; sid:38165291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeportugal.com"; dns.query; content:"dcshoeportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeportugal\.com$/i"; classtype:trojan-activity; sid:38165301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeromania.com"; dns.query; content:"dcshoeromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeromania\.com$/i"; classtype:trojan-activity; sid:38165311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesaudiarabia.com"; dns.query; content:"dcshoesaudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesaudiarabia\.com$/i"; classtype:trojan-activity; sid:38165321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesaudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesaudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesaudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoephilippines.com"; dns.query; content:"dcshoephilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoephilippines\.com$/i"; classtype:trojan-activity; sid:38165331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoephilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoephilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoephilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoenetherlands.com"; dns.query; content:"dcshoenetherlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoenetherlands\.com$/i"; classtype:trojan-activity; sid:38165341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoenetherlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoenetherlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoenetherlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoenorway.com"; dns.query; content:"dcshoenorway.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoenorway\.com$/i"; classtype:trojan-activity; sid:38165351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoenorway.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoenorway.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoenorway\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoenz.com"; dns.query; content:"dcshoenz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoenz\.com$/i"; classtype:trojan-activity; sid:38165361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoenz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoenz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoenz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeperu.com"; dns.query; content:"dcshoeperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeperu\.com$/i"; classtype:trojan-activity; sid:38165371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoemalaysia.com"; dns.query; content:"dcshoemalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoemalaysia\.com$/i"; classtype:trojan-activity; sid:38165391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoemalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoemalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoemalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoemexico.com"; dns.query; content:"dcshoemexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoemexico\.com$/i"; classtype:trojan-activity; sid:38165401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoemexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoemexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoemexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kswiss-hu.com"; dns.query; content:"kswiss-hu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kswiss\-hu\.com$/i"; classtype:trojan-activity; sid:38164911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kswiss-hu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kswiss-hu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kswiss\-hu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissirelands.com"; dns.query; content:"k-swissirelands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissirelands\.com$/i"; classtype:trojan-activity; sid:38164921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissirelands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissirelands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissirelands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissisrael.com"; dns.query; content:"k-swissisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissisrael\.com$/i"; classtype:trojan-activity; sid:38164931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissdeutschland.com"; dns.query; content:"k-swissdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissdeutschland\.com$/i"; classtype:trojan-activity; sid:38164951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swiss-france.com"; dns.query; content:"k-swiss-france.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swiss\-france\.com$/i"; classtype:trojan-activity; sid:38164961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swiss-france.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swiss-france.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swiss\-france\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kswiss-greece.com"; dns.query; content:"kswiss-greece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kswiss\-greece\.com$/i"; classtype:trojan-activity; sid:38164971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kswiss-greece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kswiss-greece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kswiss\-greece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissbelgie.com"; dns.query; content:"k-swissbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissbelgie\.com$/i"; classtype:trojan-activity; sid:38164981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swisscz.com"; dns.query; content:"k-swisscz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swisscz\.com$/i"; classtype:trojan-activity; sid:38164991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swisscz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swisscz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swisscz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissdanmark.com"; dns.query; content:"k-swissdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissdanmark\.com$/i"; classtype:trojan-activity; sid:38165001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kiplingbagnederland.com"; dns.query; content:"kiplingbagnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kiplingbagnederland\.com$/i"; classtype:trojan-activity; sid:38165011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kiplingbagnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kiplingbagnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kiplingbagnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissargentina.com"; dns.query; content:"k-swissargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissargentina\.com$/i"; classtype:trojan-activity; sid:38165021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissaustralian.com"; dns.query; content:"k-swissaustralian.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissaustralian\.com$/i"; classtype:trojan-activity; sid:38165031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissaustralian.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissaustralian.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissaustralian\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gannibagireland.com"; dns.query; content:"gannibagireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gannibagireland\.com$/i"; classtype:trojan-activity; sid:38165041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gannibagireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gannibagireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gannibagireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain irishsetterbootireland.com"; dns.query; content:"irishsetterbootireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])irishsetterbootireland\.com$/i"; classtype:trojan-activity; sid:38165051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain irishsetterbootireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"irishsetterbootireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])irishsetterbootireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain etniesshoes-canada.com"; dns.query; content:"etniesshoes-canada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])etniesshoes\-canada\.com$/i"; classtype:trojan-activity; sid:38165061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain etniesshoes-canada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"etniesshoes-canada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])etniesshoes\-canada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain etniesshoesespana.com"; dns.query; content:"etniesshoesespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])etniesshoesespana\.com$/i"; classtype:trojan-activity; sid:38165071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain etniesshoesespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"etniesshoesespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])etniesshoesespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain etniesshoesfr.com"; dns.query; content:"etniesshoesfr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])etniesshoesfr\.com$/i"; classtype:trojan-activity; sid:38165081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain etniesshoesfr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"etniesshoesfr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])etniesshoesfr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeturkey.com"; dns.query; content:"dcshoeturkey.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeturkey\.com$/i"; classtype:trojan-activity; sid:38165091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeturkey.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeturkey.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeturkey\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeuae.com"; dns.query; content:"dcshoeuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeuae\.com$/i"; classtype:trojan-activity; sid:38165101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeuk.com"; dns.query; content:"dcshoeuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeuk\.com$/i"; classtype:trojan-activity; sid:38165111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain etniesshoeireland.com"; dns.query; content:"etniesshoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])etniesshoeireland\.com$/i"; classtype:trojan-activity; sid:38165121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain etniesshoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"etniesshoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])etniesshoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dc-shoesuomi.com"; dns.query; content:"dc-shoesuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoesuomi\.com$/i"; classtype:trojan-activity; sid:38165131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dc-shoesuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dc-shoesuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoesuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeswitzerland.com"; dns.query; content:"dcshoeswitzerland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeswitzerland\.com$/i"; classtype:trojan-activity; sid:38165141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeswitzerland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeswitzerland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeswitzerland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesturkiye-tr.com"; dns.query; content:"dcshoesturkiye-tr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesturkiye\-tr\.com$/i"; classtype:trojan-activity; sid:38165161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesturkiye-tr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesturkiye-tr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesturkiye\-tr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesukstore.com"; dns.query; content:"dcshoesukstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesukstore\.com$/i"; classtype:trojan-activity; sid:38165171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesukstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesukstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesukstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissmalaysia.com"; dns.query; content:"k-swissmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissmalaysia\.com$/i"; classtype:trojan-activity; sid:38164851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissmexico.com"; dns.query; content:"k-swissmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissmexico\.com$/i"; classtype:trojan-activity; sid:38164861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissnederlands.com"; dns.query; content:"k-swissnederlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissnederlands\.com$/i"; classtype:trojan-activity; sid:38164871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissnederlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissnederlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissnederlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kswissjapanese.com"; dns.query; content:"kswissjapanese.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kswissjapanese\.com$/i"; classtype:trojan-activity; sid:38164891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kswissjapanese.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kswissjapanese.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kswissjapanese\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kswisslosangeles.com"; dns.query; content:"kswisslosangeles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kswisslosangeles\.com$/i"; classtype:trojan-activity; sid:38164901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kswisslosangeles.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kswisslosangeles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kswisslosangeles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissitalia.com"; dns.query; content:"k-swissitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissitalia\.com$/i"; classtype:trojan-activity; sid:38164941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissnorge.com"; dns.query; content:"k-swissnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissnorge\.com$/i"; classtype:trojan-activity; sid:38164881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38164882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kswissnyc.com"; dns.query; content:"kswissnyc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kswissnyc\.com$/i"; classtype:trojan-activity; sid:38165591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kswissnyc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kswissnyc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kswissnyc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissnz.com"; dns.query; content:"k-swissnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissnz\.com$/i"; classtype:trojan-activity; sid:38165601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissosterreich.com"; dns.query; content:"k-swissosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissosterreich\.com$/i"; classtype:trojan-activity; sid:38165611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissphilippine.com"; dns.query; content:"k-swissphilippine.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissphilippine\.com$/i"; classtype:trojan-activity; sid:38165621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissphilippine.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissphilippine.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissphilippine\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swisspolska.com"; dns.query; content:"k-swisspolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swisspolska\.com$/i"; classtype:trojan-activity; sid:38165631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swisspolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swisspolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swisspolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissportugal.com"; dns.query; content:"k-swissportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissportugal\.com$/i"; classtype:trojan-activity; sid:38165641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissromania.com"; dns.query; content:"k-swissromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissromania\.com$/i"; classtype:trojan-activity; sid:38165651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kswisssaleusa.com"; dns.query; content:"kswisssaleusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kswisssaleusa\.com$/i"; classtype:trojan-activity; sid:38165661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kswisssaleusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kswisssaleusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kswisssaleusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissschweiz.com"; dns.query; content:"k-swissschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissschweiz\.com$/i"; classtype:trojan-activity; sid:38165671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kswiss-se.com"; dns.query; content:"kswiss-se.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kswiss\-se\.com$/i"; classtype:trojan-activity; sid:38165681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kswiss-se.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kswiss-se.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kswiss\-se\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swiss-singapore.com"; dns.query; content:"k-swiss-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swiss\-singapore\.com$/i"; classtype:trojan-activity; sid:38165691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swiss-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swiss-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swiss\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain kswissslovak.com"; dns.query; content:"kswissslovak.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kswissslovak\.com$/i"; classtype:trojan-activity; sid:38165701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain kswissslovak.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kswissslovak.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kswissslovak\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swisssouthafrica.com"; dns.query; content:"k-swisssouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swisssouthafrica\.com$/i"; classtype:trojan-activity; sid:38165711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swisssouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swisssouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swisssouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swisssuomi.com"; dns.query; content:"k-swisssuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swisssuomi\.com$/i"; classtype:trojan-activity; sid:38165721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swisssuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swisssuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swisssuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissuksale.com"; dns.query; content:"k-swissuksale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissuksale\.com$/i"; classtype:trojan-activity; sid:38165731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissuksale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissuksale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissuksale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain k-swissxcanada.com"; dns.query; content:"k-swissxcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissxcanada\.com$/i"; classtype:trojan-activity; sid:38165741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain k-swissxcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"k-swissxcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])k\-swissxcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lucchese-egypt.com"; dns.query; content:"lucchese-egypt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchese\-egypt\.com$/i"; classtype:trojan-activity; sid:38165751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lucchese-egypt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lucchese-egypt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchese\-egypt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lucchese-ireland.com"; dns.query; content:"lucchese-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchese\-ireland\.com$/i"; classtype:trojan-activity; sid:38165761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lucchese-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lucchese-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchese\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lucchese-saudiarabia.com"; dns.query; content:"lucchese-saudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchese\-saudiarabia\.com$/i"; classtype:trojan-activity; sid:38165771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lucchese-saudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lucchese-saudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchese\-saudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoamsterdam.com"; dns.query; content:"mizunoamsterdam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoamsterdam\.com$/i"; classtype:trojan-activity; sid:38165781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoamsterdam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoamsterdam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoamsterdam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizuno-dublin.com"; dns.query; content:"mizuno-dublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-dublin\.com$/i"; classtype:trojan-activity; sid:38165791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizuno-dublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizuno-dublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-dublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosdanmark.com"; dns.query; content:"mizunosdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosdanmark\.com$/i"; classtype:trojan-activity; sid:38165801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoemalaysia.com"; dns.query; content:"mizunoshoemalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoemalaysia\.com$/i"; classtype:trojan-activity; sid:38165811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoemalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoemalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoemalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoesouthafrica.com"; dns.query; content:"mizunoshoesouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoesouthafrica\.com$/i"; classtype:trojan-activity; sid:38165821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoesouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoesouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoesouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoeuae.com"; dns.query; content:"mizunoshoeuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeuae\.com$/i"; classtype:trojan-activity; sid:38165831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoeuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoeuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowacanada.com"; dns.query; content:"rimowacanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowacanada\.com$/i"; classtype:trojan-activity; sid:38165841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowacanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowacanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowacanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-france.com"; dns.query; content:"rimowa-france.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-france\.com$/i"; classtype:trojan-activity; sid:38165851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-france.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-france.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-france\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaslovakia.com"; dns.query; content:"rimowaslovakia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaslovakia\.com$/i"; classtype:trojan-activity; sid:38165861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaslovakia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaslovakia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaslovakia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendamizunoperu.com"; dns.query; content:"tiendamizunoperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendamizunoperu\.com$/i"; classtype:trojan-activity; sid:38165871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendamizunoperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendamizunoperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendamizunoperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27556 [] Domain correogcl.buzz"; dns.query; content:"correogcl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])correogcl\.buzz$/i"; classtype:trojan-activity; sid:37956631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27556;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27556 [] Outgoing HTTP Domain correogcl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"correogcl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])correogcl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37956632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27556;) alert dns any any -> any any (msg: "MISP e24600 [] Domain qwxwuej.wixsite.com"; dns.query; content:"qwxwuej.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])qwxwuej\.wixsite\.com$/i"; classtype:trojan-activity; sid:38180391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain qwxwuej.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qwxwuej.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qwxwuej\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180392; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 179.15.14.181 9091 (msg: "MISP e27568 [RAT,RemcosRAT] Outgoing To IP: 179.15.14.181|9091"; classtype:trojan-activity; sid:37958201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 198.44.174.232 10086 (msg: "MISP e27568 [Gh0stRAT] Outgoing To IP: 198.44.174.232|10086"; classtype:trojan-activity; sid:37958211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27568 [CobaltStrike,Cogent Communications,cs-watermark-100000000] Domain ns1.msn-microsoft.co"; dns.query; content:"ns1.msn-microsoft.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.msn\-microsoft\.co$/i"; classtype:trojan-activity; sid:37958221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27568 [CobaltStrike,Cogent Communications,cs-watermark-100000000] Outgoing HTTP Domain ns1.msn-microsoft.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.msn-microsoft.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.msn\-microsoft\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27568 [CobaltStrike,Cogent Communications,cs-watermark-100000000] Domain ns2.msn-microsoft.co"; dns.query; content:"ns2.msn-microsoft.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.msn\-microsoft\.co$/i"; classtype:trojan-activity; sid:37958231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27568 [CobaltStrike,Cogent Communications,cs-watermark-100000000] Outgoing HTTP Domain ns2.msn-microsoft.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns2.msn-microsoft.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.msn\-microsoft\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 206.237.16.117 53 (msg: "MISP e27568 [CobaltStrike,Cogent Communications,cs-watermark-100000000] Outgoing To IP: 206.237.16.117|53"; classtype:trojan-activity; sid:37958241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e27568 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.110.130|3a|808/g.pixel"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37958251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e24600 [] Domain lu-post.cfd"; dns.query; content:"lu-post.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-])lu\-post\.cfd$/i"; classtype:trojan-activity; sid:38180441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain lu-post.cfd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lu-post.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lu\-post\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180442; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 101.200.164.66 1234 (msg: "MISP e27568 [CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//101.200.164.66|3a|1234/ca"; flow:to_server,established; http.header; content:"101.200.164.66"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37958261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27568 [CobaltStrike,cs-watermark-0,Google LLC] Outgoing URL http|3a|//55.18.131.34.bc.googleusercontent.com/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"55.18.131.34.bc.googleusercontent.com"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37958271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27568 [CobaltStrike,cs-watermark-0,Google LLC] Domain 55.18.131.34.bc.googleusercontent.com"; dns.query; content:"55.18.131.34.bc.googleusercontent.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])55\.18\.131\.34\.bc\.googleusercontent\.com$/i"; classtype:trojan-activity; sid:37958281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27568 [CobaltStrike,cs-watermark-0,Google LLC] Outgoing HTTP Domain 55.18.131.34.bc.googleusercontent.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"55.18.131.34.bc.googleusercontent.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])55\.18\.131\.34\.bc\.googleusercontent\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 34.131.18.55 80 (msg: "MISP e27568 [CobaltStrike,cs-watermark-0,Google LLC] Outgoing To IP: 34.131.18.55|80"; classtype:trojan-activity; sid:37958291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e28734 [] Domain adstat477d.xyz"; dns.query; content:"adstat477d.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])adstat477d\.xyz$/i"; classtype:trojan-activity; sid:38703621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28734 [] Outgoing HTTP Domain adstat477d.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adstat477d.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adstat477d\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert dns any any -> any any (msg: "MISP e28734 [] Domain demstat577d.xyz"; dns.query; content:"demstat577d.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])demstat577d\.xyz$/i"; classtype:trojan-activity; sid:38703631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28734 [] Outgoing HTTP Domain demstat577d.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"demstat577d.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])demstat577d\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert dns any any -> any any (msg: "MISP e28734 [] Domain serverxlogs21.xyz"; dns.query; content:"serverxlogs21.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])serverxlogs21\.xyz$/i"; classtype:trojan-activity; sid:38703641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28734 [] Outgoing HTTP Domain serverxlogs21.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"serverxlogs21.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])serverxlogs21\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38703642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert http $HOME_NET any -> 123.56.251.159 $HTTP_PORTS (msg: "MISP e27568 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//123.56.251.159/en_us/all.js"; flow:to_server,established; http.header; content:"123.56.251.159"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37958301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET 8880 (msg: "MISP e27568 [CobaltStrike,cs-watermark-1234567890,Tencent Building Kejizhongyi Avenue] Outgoing URL http|3a|//test.qqweixinzhuce.top|3a|8880/include/template/isx.php"; flow:to_server,established; http.header; content:"test.qqweixinzhuce.top"; fast_pattern; nocase; http.uri; content:"/include/template/isx.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37958311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27568 [CobaltStrike,cs-watermark-987654321,M247 Europe SRL] Domain www.cloudflarecache.top"; dns.query; content:"www.cloudflarecache.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cloudflarecache\.top$/i"; classtype:trojan-activity; sid:37958331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27568 [CobaltStrike,cs-watermark-987654321,M247 Europe SRL] Outgoing HTTP Domain www.cloudflarecache.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.cloudflarecache.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.cloudflarecache\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: albetpattisson1981@protonmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"albetpattisson1981@protonmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: henryk@onionmail.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"henryk@onionmail.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: atomicday@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"atomicday@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: info@fobos.one"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"info@fobos.one"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: axdus@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"axdus@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: it.issues.solving@outlook.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"it.issues.solving@outlook.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: barenuckles@tutanota.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"barenuckles@tutanota.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: johnwilliams1887@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"johnwilliams1887@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: bernard.bunyan@aol.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"bernard.bunyan@aol.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: jonson_eight@gmx.us"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"jonson_eight@gmx.us"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: bill.g@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"bill.g@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: joshuabernandead@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"joshuabernandead@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: bill.g@msgsafe.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"bill.g@msgsafe.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: lettointago@onionmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"lettointago@onionmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: bill.g@onionmail.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"bill.g@onionmail.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: luiza.li@tutanota.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"luiza.li@tutanota.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: bill.gteam@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"bill.gteam@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: matheuscosta0194@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"matheuscosta0194@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: blair_lockyer@aol.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"blair_lockyer@aol.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: mccreight.ellery@tutanota.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"mccreight.ellery@tutanota.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: carljohnson1948@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"carljohnson1948@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: megaport@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"megaport@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: cashonlycash@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"cashonlycash@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: miadowson@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"miadowson@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: chocolate_muffin@tutanota.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"chocolate_muffin@tutanota.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: michaelwayne1973@tutanota.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"michaelwayne1973@tutanota.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: claredrinkall@aol.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"claredrinkall@aol.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: normanbaker1929@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"normanbaker1929@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: clausmeyer070@cock.li"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"clausmeyer070@cock.li"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: nud_satanakia@keemail.me"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"nud_satanakia@keemail.me"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: colexpro@keemail.me"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"colexpro@keemail.me"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: please@countermail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"please@countermail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: cox.barthel@aol.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"cox.barthel@aol.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38703991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: precorpman@onionmail.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"precorpman@onionmail.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: crashonlycash@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"crashonlycash@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: recovery2021@inboxhub.net"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"recovery2021@inboxhub.net"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: everymoment@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"everymoment@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: recovery2021@onionmail.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"recovery2021@onionmail.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: expertbox@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"expertbox@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: samuelwhite1821@tutanota.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"samuelwhite1821@tutanota.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: fastway@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"fastway@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: saraconor@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"saraconor@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: fquatela@techie.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"fquatela@techie.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: secdatltd@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"secdatltd@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: fredmoneco@tutanota.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"fredmoneco@tutanota.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: skymix@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"skymix@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: getdata@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"getdata@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: sory@countermail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"sory@countermail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: greenbookbtc@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"greenbookbtc@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: spacegroup@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"spacegroup@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: greenbookbtc@protonmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"greenbookbtc@protonmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: stafordpalin@protonmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"stafordpalin@protonmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: helperfiles@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"helperfiles@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: starcomp@keemail.me"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"starcomp@keemail.me"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: helpermail@onionmail.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"helpermail@onionmail.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: helpfiles@onionmail.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"helpfiles@onionmail.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: xgen@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"xgen@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: helpfiles102030@inboxhub.net"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"helpfiles102030@inboxhub.net"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: xspacegroup@protonmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"xspacegroup@protonmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: helpforyou@gmx.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"helpforyou@gmx.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: zgen@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"zgen@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: helpforyou@onionmail.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"helpforyou@onionmail.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e28734 [] Source Email Address: zodiacx@tuta.io"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"zodiacx@tuta.io"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38704301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert ip 194.165.16.4 any -> $HOME_NET any (msg: "MISP e28734 [] Incoming From IP: 194.165.16.4"; classtype:trojan-activity; sid:38704331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert ip 45.9.74.14 any -> $HOME_NET any (msg: "MISP e28734 [] Incoming From IP: 45.9.74.14"; classtype:trojan-activity; sid:38704341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert ip 147.78.47.224 any -> $HOME_NET any (msg: "MISP e28734 [] Incoming From IP: 147.78.47.224"; classtype:trojan-activity; sid:38704351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert dns any any -> any any (msg: "MISP e27562 [] Domain suportesmstado.com"; dns.query; content:"suportesmstado.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])suportesmstado\.com$/i"; classtype:trojan-activity; sid:37957031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27562;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27562 [] Outgoing HTTP Domain suportesmstado.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"suportesmstado.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])suportesmstado\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37957032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27562;) alert ip 185.202.0.111 any -> $HOME_NET any (msg: "MISP e28734 [] Incoming From IP: 185.202.0.111"; classtype:trojan-activity; sid:38704361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28734;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//89.117.1.161/mtdi/ZQCw.txt"; flow:to_server,established; http.uri; content:"file|3a|//89.117.1.161/mtdi/ZQCw.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38712641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 89.117.1.161 any (msg: "MISP e28751 [] Outgoing To IP: 89.117.1.161"; classtype:trojan-activity; sid:38712661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//89.117.2.33/hvwsuw/udrh.txt"; flow:to_server,established; http.uri; content:"file|3a|//89.117.2.33/hvwsuw/udrh.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38712701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 89.117.2.33 any (msg: "MISP e28751 [] Outgoing To IP: 89.117.2.33"; classtype:trojan-activity; sid:38712721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//176.123.2.146/vbcsn/UOx.txt"; flow:to_server,established; http.uri; content:"file|3a|//176.123.2.146/vbcsn/UOx.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38712821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 176.123.2.146 any (msg: "MISP e28751 [] Outgoing To IP: 176.123.2.146"; classtype:trojan-activity; sid:38712841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//89.117.1.160/4bvt1yw/iC.txt"; flow:to_server,established; http.uri; content:"file|3a|//89.117.1.160/4bvt1yw/iC.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38712881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 89.117.1.160 any (msg: "MISP e28751 [] Outgoing To IP: 89.117.1.160"; classtype:trojan-activity; sid:38712901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//89.117.2.34/4qp/8Y.txt"; flow:to_server,established; http.uri; content:"file|3a|//89.117.2.34/4qp/8Y.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38712941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 89.117.2.34 any (msg: "MISP e28751 [] Outgoing To IP: 89.117.2.34"; classtype:trojan-activity; sid:38712961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//104.129.20.167/xhsmd/bOWEU.txt"; flow:to_server,established; http.uri; content:"file|3a|//104.129.20.167/xhsmd/bOWEU.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//146.19.213.36/dbna/H.txt"; flow:to_server,established; http.uri; content:"file|3a|//146.19.213.36/dbna/H.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 146.19.213.36 any (msg: "MISP e28751 [] Outgoing To IP: 146.19.213.36"; classtype:trojan-activity; sid:38713081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//89.117.2.34/3m3sxh6/IuM.txt"; flow:to_server,established; http.uri; content:"file|3a|//89.117.2.34/3m3sxh6/IuM.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 89.117.2.34 any (msg: "MISP e28751 [] Outgoing To IP: 89.117.2.34"; classtype:trojan-activity; sid:38713201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//89.117.2.33/7ipw/7ohq.txt"; flow:to_server,established; http.uri; content:"file|3a|//89.117.2.33/7ipw/7ohq.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 89.117.2.33 any (msg: "MISP e28751 [] Outgoing To IP: 89.117.2.33"; classtype:trojan-activity; sid:38713141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//103.124.104.22/zjxb/bO.txt"; flow:to_server,established; http.uri; content:"file|3a|//103.124.104.22/zjxb/bO.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//89.117.1.161/epxq/A.txt"; flow:to_server,established; http.uri; content:"file|3a|//89.117.1.161/epxq/A.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 89.117.1.161 any (msg: "MISP e28751 [] Outgoing To IP: 89.117.1.161"; classtype:trojan-activity; sid:38713321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//176.123.2.146/5aohv/9mn.txt"; flow:to_server,established; http.uri; content:"file|3a|//176.123.2.146/5aohv/9mn.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 176.123.2.146 any (msg: "MISP e28751 [] Outgoing To IP: 176.123.2.146"; classtype:trojan-activity; sid:38713381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//66.63.188.19/bmkmsw/2.txt"; flow:to_server,established; http.uri; content:"file|3a|//66.63.188.19/bmkmsw/2.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//89.117.1.160/zkf2r4j/VmD.txt"; flow:to_server,established; http.uri; content:"file|3a|//89.117.1.160/zkf2r4j/VmD.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 89.117.1.160 any (msg: "MISP e28751 [] Outgoing To IP: 89.117.1.160"; classtype:trojan-activity; sid:38713501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//103.124.104.76/wsr6oh/Y.txt"; flow:to_server,established; http.uri; content:"file|3a|//103.124.104.76/wsr6oh/Y.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//103.124.105.208/wha5uxh/D.txt"; flow:to_server,established; http.uri; content:"file|3a|//103.124.105.208/wha5uxh/D.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//103.124.105.233/yusx/dMA.txt"; flow:to_server,established; http.uri; content:"file|3a|//103.124.105.233/yusx/dMA.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//103.124.106.224/uuny19/bb1nG.txt"; flow:to_server,established; http.uri; content:"file|3a|//103.124.106.224/uuny19/bb1nG.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//85.239.33.149/naams/p3aV.txt"; flow:to_server,established; http.uri; content:"file|3a|//85.239.33.149/naams/p3aV.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 85.239.33.149 any (msg: "MISP e28751 [] Outgoing To IP: 85.239.33.149"; classtype:trojan-activity; sid:38713801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//155.94.208.137/tgnd/zH9.txt"; flow:to_server,established; http.uri; content:"file|3a|//155.94.208.137/tgnd/zH9.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38713841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28751 [] Outgoing URL file|3a|//146.19.213.36/vei/yEZZ.txt"; flow:to_server,established; http.uri; content:"file|3a|//146.19.213.36/vei/yEZZ.txt"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38712761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 146.19.213.36 any (msg: "MISP e28751 [] Outgoing To IP: 146.19.213.36"; classtype:trojan-activity; sid:38712771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/28751;) alert ip $HOME_NET any -> 209.182.234.69 5000 (msg: "MISP e27568 [QuasarRAT,RAT] Outgoing To IP: 209.182.234.69|5000"; classtype:trojan-activity; sid:37958351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 154.12.236.248 13786 (msg: "MISP e27568 [] Outgoing To IP: 154.12.236.248|13786"; classtype:trojan-activity; sid:37958361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 158.247.240.58 5632 (msg: "MISP e27568 [] Outgoing To IP: 158.247.240.58|5632"; classtype:trojan-activity; sid:37958371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 70.34.199.64 9785 (msg: "MISP e27568 [] Outgoing To IP: 70.34.199.64|9785"; classtype:trojan-activity; sid:37958381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 94.72.104.77 13724 (msg: "MISP e27568 [] Outgoing To IP: 94.72.104.77|13724"; classtype:trojan-activity; sid:37958391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 154.53.55.165 13783 (msg: "MISP e27568 [] Outgoing To IP: 154.53.55.165|13783"; classtype:trojan-activity; sid:37958401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 45.77.63.237 5632 (msg: "MISP e27568 [] Outgoing To IP: 45.77.63.237|5632"; classtype:trojan-activity; sid:37958411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 94.72.104.80 5000 (msg: "MISP e27568 [] Outgoing To IP: 94.72.104.80|5000"; classtype:trojan-activity; sid:37958421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 198.38.94.213 2224 (msg: "MISP e27568 [] Outgoing To IP: 198.38.94.213|2224"; classtype:trojan-activity; sid:37958431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 70.34.223.164 5000 (msg: "MISP e27568 [] Outgoing To IP: 70.34.223.164|5000"; classtype:trojan-activity; sid:37958441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoepolska.com"; dns.query; content:"dcshoepolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoepolska\.com$/i"; classtype:trojan-activity; sid:38165881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoepolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoepolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoepolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoescl.com"; dns.query; content:"dcshoescl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoescl\.com$/i"; classtype:trojan-activity; sid:38165891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoescl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoescl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoescl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesfactoryusa.com"; dns.query; content:"dcshoesfactoryusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesfactoryusa\.com$/i"; classtype:trojan-activity; sid:38165901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesfactoryusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesfactoryusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesfactoryusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoes-germany.com"; dns.query; content:"dcshoes-germany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-germany\.com$/i"; classtype:trojan-activity; sid:38165911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoes-germany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoes-germany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-germany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dc-shoesnz.com"; dns.query; content:"dc-shoesnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoesnz\.com$/i"; classtype:trojan-activity; sid:38165921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dc-shoesnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dc-shoesnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoesnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesonlineaustralia.com"; dns.query; content:"dcshoesonlineaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesonlineaustralia\.com$/i"; classtype:trojan-activity; sid:38165931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesonlineaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesonlineaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesonlineaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain filacanadashoes.com"; dns.query; content:"filacanadashoes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])filacanadashoes\.com$/i"; classtype:trojan-activity; sid:38165941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain filacanadashoes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"filacanadashoes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])filacanadashoes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fredperrysfactoryoutlets.com"; dns.query; content:"fredperrysfactoryoutlets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrysfactoryoutlets\.com$/i"; classtype:trojan-activity; sid:38165951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fredperrysfactoryoutlets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fredperrysfactoryoutlets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrysfactoryoutlets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemongreece.com"; dns.query; content:"lululemongreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemongreece\.com$/i"; classtype:trojan-activity; sid:38165961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemongreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemongreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemongreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizuno-amsterdam.com"; dns.query; content:"mizuno-amsterdam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-amsterdam\.com$/i"; classtype:trojan-activity; sid:38165971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizuno-amsterdam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizuno-amsterdam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-amsterdam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunobuty.com"; dns.query; content:"mizunobuty.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunobuty\.com$/i"; classtype:trojan-activity; sid:38165981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunobuty.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunobuty.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunobuty\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunojapan-jp.com"; dns.query; content:"mizunojapan-jp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunojapan\-jp\.com$/i"; classtype:trojan-activity; sid:38165991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunojapan-jp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunojapan-jp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunojapan\-jp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38165992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunonorge-no.com"; dns.query; content:"mizunonorge-no.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunonorge\-no\.com$/i"; classtype:trojan-activity; sid:38166001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunonorge-no.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunonorge-no.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunonorge\-no\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoparis.com"; dns.query; content:"mizunoparis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoparis\.com$/i"; classtype:trojan-activity; sid:38166011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoparis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoparis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoparis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunorunningshoesindia.com"; dns.query; content:"mizunorunningshoesindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunorunningshoesindia\.com$/i"; classtype:trojan-activity; sid:38166021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunorunningshoesindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunorunningshoesindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunorunningshoesindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoschweizch.com"; dns.query; content:"mizunoschweizch.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoschweizch\.com$/i"; classtype:trojan-activity; sid:38166031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoschweizch.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoschweizch.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoschweizch\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoesindonesia.com"; dns.query; content:"mizunoshoesindonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoesindonesia\.com$/i"; classtype:trojan-activity; sid:38166041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoesindonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoesindonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoesindonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunotenisice.com"; dns.query; content:"mizunotenisice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunotenisice\.com$/i"; classtype:trojan-activity; sid:38166051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunotenisice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunotenisice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunotenisice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotczech.com"; dns.query; content:"naotczech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotczech\.com$/i"; classtype:trojan-activity; sid:38166061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotczech.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotczech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotczech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotschweiz.com"; dns.query; content:"naotschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotschweiz\.com$/i"; classtype:trojan-activity; sid:38166071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naot-uk.com"; dns.query; content:"naot-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naot\-uk\.com$/i"; classtype:trojan-activity; sid:38166081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naot-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naot-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naot\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nikefactoryoutletsale.com"; dns.query; content:"nikefactoryoutletsale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikefactoryoutletsale\.com$/i"; classtype:trojan-activity; sid:38166091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nikefactoryoutletsale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikefactoryoutletsale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikefactoryoutletsale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nike-irelandsale.com"; dns.query; content:"nike-irelandsale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-irelandsale\.com$/i"; classtype:trojan-activity; sid:38166101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nike-irelandsale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nike-irelandsale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-irelandsale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumauruguay.com"; dns.query; content:"pumauruguay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumauruguay\.com$/i"; classtype:trojan-activity; sid:38166111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumauruguay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumauruguay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumauruguay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bearpaw-japan.com"; dns.query; content:"bearpaw-japan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bearpaw\-japan\.com$/i"; classtype:trojan-activity; sid:38166121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bearpaw-japan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bearpaw-japan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bearpaw\-japan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bearpawmexicos.com"; dns.query; content:"bearpawmexicos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bearpawmexicos\.com$/i"; classtype:trojan-activity; sid:38166131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bearpawmexicos.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bearpawmexicos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bearpawmexicos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain bluzagappolska.com"; dns.query; content:"bluzagappolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bluzagappolska\.com$/i"; classtype:trojan-activity; sid:38166141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain bluzagappolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bluzagappolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bluzagappolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain carharttdenmarks.com"; dns.query; content:"carharttdenmarks.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])carharttdenmarks\.com$/i"; classtype:trojan-activity; sid:38166151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain carharttdenmarks.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"carharttdenmarks.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])carharttdenmarks\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain carharttpolskasklep.com"; dns.query; content:"carharttpolskasklep.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])carharttpolskasklep\.com$/i"; classtype:trojan-activity; sid:38166161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain carharttpolskasklep.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"carharttpolskasklep.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])carharttpolskasklep\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gapboltbudapest.com"; dns.query; content:"gapboltbudapest.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gapboltbudapest\.com$/i"; classtype:trojan-activity; sid:38166181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gapboltbudapest.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gapboltbudapest.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gapboltbudapest\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gapbrasilonline.com"; dns.query; content:"gapbrasilonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gapbrasilonline\.com$/i"; classtype:trojan-activity; sid:38166191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gapbrasilonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gapbrasilonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gapbrasilonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gapclothingjapan.com"; dns.query; content:"gapclothingjapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gapclothingjapan\.com$/i"; classtype:trojan-activity; sid:38166201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gapclothingjapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gapclothingjapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gapclothingjapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaphoodieromania.com"; dns.query; content:"gaphoodieromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaphoodieromania\.com$/i"; classtype:trojan-activity; sid:38166211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaphoodieromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaphoodieromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaphoodieromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaplondontshirt.com"; dns.query; content:"gaplondontshirt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaplondontshirt\.com$/i"; classtype:trojan-activity; sid:38166221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaplondontshirt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaplondontshirt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaplondontshirt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gapmexicomujer.com"; dns.query; content:"gapmexicomujer.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gapmexicomujer\.com$/i"; classtype:trojan-activity; sid:38166231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gapmexicomujer.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gapmexicomujer.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gapmexicomujer\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gapoutletturkiye.com"; dns.query; content:"gapoutletturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gapoutletturkiye\.com$/i"; classtype:trojan-activity; sid:38166241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gapoutletturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gapoutletturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gapoutletturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gapukhoodie.com"; dns.query; content:"gapukhoodie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gapukhoodie\.com$/i"; classtype:trojan-activity; sid:38166251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gapukhoodie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gapukhoodie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gapukhoodie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gregorybackpackcanada.com"; dns.query; content:"gregorybackpackcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gregorybackpackcanada\.com$/i"; classtype:trojan-activity; sid:38166261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gregorybackpackcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gregorybackpackcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gregorybackpackcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gregorybackpackuk.com"; dns.query; content:"gregorybackpackuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gregorybackpackuk\.com$/i"; classtype:trojan-activity; sid:38166271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gregorybackpackuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gregorybackpackuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gregorybackpackuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lorna-jane-ireland.com"; dns.query; content:"lorna-jane-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lorna\-jane\-ireland\.com$/i"; classtype:trojan-activity; sid:38166281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lorna-jane-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lorna-jane-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lorna\-jane\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lorna-jane-uk.com"; dns.query; content:"lorna-jane-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lorna\-jane\-uk\.com$/i"; classtype:trojan-activity; sid:38166291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lorna-jane-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lorna-jane-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lorna\-jane\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain magnanni-singapore.com"; dns.query; content:"magnanni-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])magnanni\-singapore\.com$/i"; classtype:trojan-activity; sid:38166301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain magnanni-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"magnanni-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])magnanni\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain northfacsingapore.com"; dns.query; content:"northfacsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])northfacsingapore\.com$/i"; classtype:trojan-activity; sid:38166311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain northfacsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"northfacsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])northfacsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nothingnewmalaysia.com"; dns.query; content:"nothingnewmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewmalaysia\.com$/i"; classtype:trojan-activity; sid:38166321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nothingnewmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nothingnewmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nothingnewnederland.com"; dns.query; content:"nothingnewnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewnederland\.com$/i"; classtype:trojan-activity; sid:38166331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nothingnewnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nothingnewnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nothingnewshoessg.com"; dns.query; content:"nothingnewshoessg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewshoessg\.com$/i"; classtype:trojan-activity; sid:38166341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nothingnewshoessg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nothingnewshoessg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewshoessg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nothingnewsneakerscanada.com"; dns.query; content:"nothingnewsneakerscanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewsneakerscanada\.com$/i"; classtype:trojan-activity; sid:38166351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nothingnewsneakerscanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nothingnewsneakerscanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewsneakerscanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nothingnew-sneakers.com"; dns.query; content:"nothingnew-sneakers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnew\-sneakers\.com$/i"; classtype:trojan-activity; sid:38166361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nothingnew-sneakers.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nothingnew-sneakers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnew\-sneakers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nothingnewsneakersuk.com"; dns.query; content:"nothingnewsneakersuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewsneakersuk\.com$/i"; classtype:trojan-activity; sid:38166371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nothingnewsneakersuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nothingnewsneakersuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewsneakersuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nydjsingapore.com"; dns.query; content:"nydjsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nydjsingapore\.com$/i"; classtype:trojan-activity; sid:38166381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nydjsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nydjsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nydjsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain polenesbelgie.com"; dns.query; content:"polenesbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])polenesbelgie\.com$/i"; classtype:trojan-activity; sid:38166391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain polenesbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"polenesbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])polenesbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain polenesespana.com"; dns.query; content:"polenesespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])polenesespana\.com$/i"; classtype:trojan-activity; sid:38166401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain polenesespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"polenesespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])polenesespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain polenesfrance.com"; dns.query; content:"polenesfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])polenesfrance\.com$/i"; classtype:trojan-activity; sid:38166411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain polenesfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"polenesfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])polenesfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain polenesitalia.com"; dns.query; content:"polenesitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])polenesitalia\.com$/i"; classtype:trojan-activity; sid:38166421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain polenesitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"polenesitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])polenesitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain polenesportugal.com"; dns.query; content:"polenesportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])polenesportugal\.com$/i"; classtype:trojan-activity; sid:38166431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain polenesportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"polenesportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])polenesportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain polenestaske.com"; dns.query; content:"polenestaske.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])polenestaske\.com$/i"; classtype:trojan-activity; sid:38166441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain polenestaske.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"polenestaske.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])polenestaske\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain spyderjacketssingapore.com"; dns.query; content:"spyderjacketssingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])spyderjacketssingapore\.com$/i"; classtype:trojan-activity; sid:38166451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain spyderjacketssingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"spyderjacketssingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])spyderjacketssingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain supremeinsingapore.com"; dns.query; content:"supremeinsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])supremeinsingapore\.com$/i"; classtype:trojan-activity; sid:38166461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain supremeinsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"supremeinsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])supremeinsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27563 [] Domain mi-tarjetacencosud-cl.turtleproperties.co.uk"; dns.query; content:"mi-tarjetacencosud-cl.turtleproperties.co.uk"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.turtleproperties\.co\.uk$/i"; classtype:trojan-activity; sid:37957121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27563;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27563 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.turtleproperties.co.uk"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.turtleproperties.co.uk"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.turtleproperties\.co\.uk[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37957122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27563;) alert ip $HOME_NET any -> 84.54.51.103 32105 (msg: "MISP e27568 [c2,Mirai] Outgoing To IP: 84.54.51.103|32105"; classtype:trojan-activity; sid:37958181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 87.121.58.103 32105 (msg: "MISP e27568 [c2,Mirai] Outgoing To IP: 87.121.58.103|32105"; classtype:trojan-activity; sid:37958191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27568 [SocGholish] Domain distributors.commdistinc.com"; dns.query; content:"distributors.commdistinc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])distributors\.commdistinc\.com$/i"; classtype:trojan-activity; sid:37958341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27568 [SocGholish] Outgoing HTTP Domain distributors.commdistinc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"distributors.commdistinc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])distributors\.commdistinc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 185.163.124.133 7777 (msg: "MISP e27568 [Fletchen,panel] Outgoing To IP: 185.163.124.133|7777"; classtype:trojan-activity; sid:37958471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 91.198.77.158 4483 (msg: "MISP e27568 [AS211895,infostealer,NL,RedLineStealer,SERVERIUS-USERS-AS,stealer] Outgoing To IP: 91.198.77.158|4483"; classtype:trojan-activity; sid:37958511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> 91.198.77.158 9999 (msg: "MISP e27568 [AS211895,infostealer,NL,RedLineStealer,SERVERIUS-USERS-AS,stealer] Outgoing URL http|3a|//91.198.77.158|3a|9999/s1.exe"; flow:to_server,established; http.header; content:"91.198.77.158"; fast_pattern; nocase; http.uri; content:"/s1.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37958521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> 185.163.124.133 $HTTP_PORTS (msg: "MISP e27568 [Fletchen,panel] Outgoing URL http|3a|//185.163.124.133/login/?next=/"; flow:to_server,established; http.header; content:"185.163.124.133"; fast_pattern; nocase; http.uri; content:"/login/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37958501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 185.163.124.133 80 (msg: "MISP e27568 [Fletchen,panel] Outgoing To IP: 185.163.124.133|80"; classtype:trojan-activity; sid:37958481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> 185.163.124.133 7777 (msg: "MISP e27568 [Fletchen,panel] Outgoing URL http|3a|//185.163.124.133|3a|7777/login/?next=/"; flow:to_server,established; http.header; content:"185.163.124.133"; fast_pattern; nocase; http.uri; content:"/login/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37958491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 5.206.224.58 7443 (msg: "MISP e27568 [Covenant,NETSOLUTIONS] Outgoing To IP: 5.206.224.58|7443"; classtype:trojan-activity; sid:37958541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 198.23.228.167 7443 (msg: "MISP e27568 [AS-COLOCROSSING,Mythic] Outgoing To IP: 198.23.228.167|7443"; classtype:trojan-activity; sid:37958551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 45.152.85.15 443 (msg: "MISP e27568 [Bianlian Go Trojan,DATA-CHEAP-AS] Outgoing To IP: 45.152.85.15|443"; classtype:trojan-activity; sid:37958561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 8.219.183.36 443 (msg: "MISP e27568 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Havoc] Outgoing To IP: 8.219.183.36|443"; classtype:trojan-activity; sid:37958571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 157.245.45.26 443 (msg: "MISP e27568 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 157.245.45.26|443"; classtype:trojan-activity; sid:37958581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 39.40.148.240 995 (msg: "MISP e27568 [PKTELECOM-AS-PK Pakistan Telecommunication Company Limited,QakBot] Outgoing To IP: 39.40.148.240|995"; classtype:trojan-activity; sid:37958591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 154.247.162.241 2078 (msg: "MISP e27568 [ALGTEL-AS,QakBot] Outgoing To IP: 154.247.162.241|2078"; classtype:trojan-activity; sid:37958601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 51.142.10.24 80 (msg: "MISP e27568 [dcrat,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 51.142.10.24|80"; classtype:trojan-activity; sid:37958611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 161.35.62.207 4000 (msg: "MISP e27568 [DIGITALOCEAN-ASN,Evilginx EvilGoPhish] Outgoing To IP: 161.35.62.207|4000"; classtype:trojan-activity; sid:37958621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 192.119.110.233 4000 (msg: "MISP e27568 [Evilginx EvilGoPhish,HOSTWINDS] Outgoing To IP: 192.119.110.233|4000"; classtype:trojan-activity; sid:37958631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27564 [] Domain mi-tarjetacencosud-cl.freschidesign.com"; dns.query; content:"mi-tarjetacencosud-cl.freschidesign.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.freschidesign\.com$/i"; classtype:trojan-activity; sid:37957211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27564;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27564 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.freschidesign.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.freschidesign.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.freschidesign\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37957212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27564;) alert ip $HOME_NET any -> 35.158.159.254 11855 (msg: "MISP e27568 [njrat] Outgoing To IP: 35.158.159.254|11855"; classtype:trojan-activity; sid:37958641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 52.28.112.211 11855 (msg: "MISP e27568 [njrat] Outgoing To IP: 52.28.112.211|11855"; classtype:trojan-activity; sid:37958651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 194.165.16.55 443 (msg: "MISP e27568 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing To IP: 194.165.16.55|443"; classtype:trojan-activity; sid:37958681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> 45.84.0.177 $HTTP_PORTS (msg: "MISP e27568 [CobaltStrike,cs-watermark-391144938,STARK-INDUSTRIES] Outgoing URL http|3a|//45.84.0.177/quit/message/amd"; flow:to_server,established; http.header; content:"45.84.0.177"; fast_pattern; nocase; http.uri; content:"/quit/message/amd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37958691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 45.84.0.177 80 (msg: "MISP e27568 [CobaltStrike,cs-watermark-391144938,STARK-INDUSTRIES] Outgoing To IP: 45.84.0.177|80"; classtype:trojan-activity; sid:37958701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> 1.94.52.236 88 (msg: "MISP e27568 [CobaltStrike,cs-watermark-0,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.52.236|3a|88/j.ad"; flow:to_server,established; http.header; content:"1.94.52.236"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37958711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27568 [AS62904,CobaltStrike,cs-watermark-1357776117] Domain shopmoneyweb.com"; dns.query; content:"shopmoneyweb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])shopmoneyweb\.com$/i"; classtype:trojan-activity; sid:37958731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27568 [AS62904,CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain shopmoneyweb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"shopmoneyweb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])shopmoneyweb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 170.130.165.129 443 (msg: "MISP e27568 [AS62904,CobaltStrike,cs-watermark-1357776117] Outgoing To IP: 170.130.165.129|443"; classtype:trojan-activity; sid:37958741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 45.84.0.177 443 (msg: "MISP e27568 [CobaltStrike,cs-watermark-391144938,STARK-INDUSTRIES] Outgoing To IP: 45.84.0.177|443"; classtype:trojan-activity; sid:37958761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27566 [] Outgoing URL http|3a|//dev-lhfbsitesmodelos.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-lhfbsitesmodelos.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37957481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27566;) alert dns any any -> any any (msg: "MISP e27566 [] Domain 2024shopping.ru"; dns.query; content:"2024shopping.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])2024shopping\.ru$/i"; classtype:trojan-activity; sid:37957511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27566;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27566 [] Outgoing HTTP Domain 2024shopping.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"2024shopping.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])2024shopping\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37957512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27566;) alert dns any any -> any any (msg: "MISP e27568 [njrat,RAT] Domain rverde.duckdns.org"; dns.query; content:"rverde.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])rverde\.duckdns\.org$/i"; classtype:trojan-activity; sid:37958811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27568 [njrat,RAT] Outgoing HTTP Domain rverde.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rverde.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rverde\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 46.246.84.18 1981 (msg: "MISP e27568 [njrat,RAT] Outgoing To IP: 46.246.84.18|1981"; classtype:trojan-activity; sid:37958801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 46.246.86.5 8090 (msg: "MISP e27568 [njrat,RAT] Outgoing To IP: 46.246.86.5|8090"; classtype:trojan-activity; sid:37958791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 18.198.77.177 11855 (msg: "MISP e27568 [njrat,RAT] Outgoing To IP: 18.198.77.177|11855"; classtype:trojan-activity; sid:37958781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 3.127.59.75 11855 (msg: "MISP e27568 [njrat,RAT] Outgoing To IP: 3.127.59.75|11855"; classtype:trojan-activity; sid:37958771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27568 [CobaltStrike,cs-watermark-0,HWCSNET Huawei Cloud Service data center] Domain xunleicloud.com"; dns.query; content:"xunleicloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])xunleicloud\.com$/i"; classtype:trojan-activity; sid:37958831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27568 [CobaltStrike,cs-watermark-0,HWCSNET Huawei Cloud Service data center] Outgoing HTTP Domain xunleicloud.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xunleicloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xunleicloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert ip $HOME_NET any -> 1.94.52.236 8443 (msg: "MISP e27568 [CobaltStrike,cs-watermark-0,HWCSNET Huawei Cloud Service data center] Outgoing To IP: 1.94.52.236|8443"; classtype:trojan-activity; sid:37958841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27568;) alert dns any any -> any any (msg: "MISP e27641 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Domain xunleicloud.com"; dns.query; content:"xunleicloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])xunleicloud\.com$/i"; classtype:trojan-activity; sid:38006651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing HTTP Domain xunleicloud.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"xunleicloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])xunleicloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38006652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27641 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Domain wizjqpi1.azureedge.net"; dns.query; content:"wizjqpi1.azureedge.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])wizjqpi1\.azureedge\.net$/i"; classtype:trojan-activity; sid:38006671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing HTTP Domain wizjqpi1.azureedge.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wizjqpi1.azureedge.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wizjqpi1\.azureedge\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38006672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 1.94.52.236 8443 (msg: "MISP e27641 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing To IP: 1.94.52.236|8443"; classtype:trojan-activity; sid:38006681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27567 [] Domain mi-tarjetacencosud-cl.masterstroke.consulting"; dns.query; content:"mi-tarjetacencosud-cl.masterstroke.consulting"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.masterstroke\.consulting$/i"; classtype:trojan-activity; sid:37957601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27567;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27567 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.masterstroke.consulting"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.masterstroke.consulting"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.masterstroke\.consulting[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37957602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27567;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27580 [dcrat] Outgoing URL http|3a|//a0927241.xsph.ru/_defaultwindows.php"; flow:to_server,established; http.header; content:"a0927241.xsph.ru"; fast_pattern; nocase; http.uri; content:"/_defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37959831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//a0927241.xsph.ru/_Defaultwindows.php"; flow:to_server,established; http.header; content:"a0927241.xsph.ru"; fast_pattern; nocase; http.uri; content:"/_Defaultwindows.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38006691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27569 [] Domain mi-tarjetacencosud-cl.merryangels.in"; dns.query; content:"mi-tarjetacencosud-cl.merryangels.in"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.merryangels\.in$/i"; classtype:trojan-activity; sid:37958871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27569;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27569 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.merryangels.in"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.merryangels.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.merryangels\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27569;) alert ip $HOME_NET any -> 191.88.249.10 4433 (msg: "MISP e27580 [Colombia Movil,dcrat] Outgoing To IP: 191.88.249.10|4433"; classtype:trojan-activity; sid:37959861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 191.88.249.10 4433 (msg: "MISP e27641 [] Outgoing To IP: 191.88.249.10|4433"; classtype:trojan-activity; sid:38006701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 85.204.116.119 1234 (msg: "MISP e27580 [c2,Mirai] Outgoing To IP: 85.204.116.119|1234"; classtype:trojan-activity; sid:37959951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 94.156.68.231 1312 (msg: "MISP e27580 [c2,Mirai] Outgoing To IP: 94.156.68.231|1312"; classtype:trojan-activity; sid:37959941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 78.40.117.36 1302 (msg: "MISP e27580 [c2,Mirai] Outgoing To IP: 78.40.117.36|1302"; classtype:trojan-activity; sid:37959921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 141.98.7.2 1 (msg: "MISP e27580 [c2,Mirai] Outgoing To IP: 141.98.7.2|1"; classtype:trojan-activity; sid:37959931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 185.216.70.30 420 (msg: "MISP e27580 [c2,Mirai] Outgoing To IP: 185.216.70.30|420"; classtype:trojan-activity; sid:37959911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 185.216.70.21 60195 (msg: "MISP e27580 [c2,Mirai] Outgoing To IP: 185.216.70.21|60195"; classtype:trojan-activity; sid:37959901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 94.156.66.226 6996 (msg: "MISP e27580 [c2,moobot] Outgoing To IP: 94.156.66.226|6996"; classtype:trojan-activity; sid:37959891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 85.204.116.119 6666 (msg: "MISP e27580 [c2,moobot] Outgoing To IP: 85.204.116.119|6666"; classtype:trojan-activity; sid:37959881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 3.127.181.115 10058 (msg: "MISP e27580 [njrat,RAT] Outgoing To IP: 3.127.181.115|10058"; classtype:trojan-activity; sid:37959851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 193.124.205.30 42597 (msg: "MISP e27580 [c2,moobot] Outgoing To IP: 193.124.205.30|42597"; classtype:trojan-activity; sid:37959871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 3.67.161.133 10058 (msg: "MISP e27580 [njrat,RAT] Outgoing To IP: 3.67.161.133|10058"; classtype:trojan-activity; sid:37959841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 139.84.139.29 5273 (msg: "MISP e27580 [NanoCore,RAT] Outgoing To IP: 139.84.139.29|5273"; classtype:trojan-activity; sid:37959821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 185.14.30.218 443 (msg: "MISP e27580 [AS21100,censys,ITLDC-NL,UNAM] Outgoing To IP: 185.14.30.218|443"; classtype:trojan-activity; sid:37959961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 139.84.139.29 5273 (msg: "MISP e27641 [] Outgoing To IP: 139.84.139.29|5273"; classtype:trojan-activity; sid:38006711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 3.67.161.133 10058 (msg: "MISP e27641 [] Outgoing To IP: 3.67.161.133|10058"; classtype:trojan-activity; sid:38006721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 3.127.181.115 10058 (msg: "MISP e27641 [] Outgoing To IP: 3.127.181.115|10058"; classtype:trojan-activity; sid:38006731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 193.124.205.30 42597 (msg: "MISP e27641 [] Outgoing To IP: 193.124.205.30|42597"; classtype:trojan-activity; sid:38006741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 85.204.116.119 6666 (msg: "MISP e27641 [] Outgoing To IP: 85.204.116.119|6666"; classtype:trojan-activity; sid:38006751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 94.156.66.226 6996 (msg: "MISP e27641 [] Outgoing To IP: 94.156.66.226|6996"; classtype:trojan-activity; sid:38006761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 185.216.70.21 60195 (msg: "MISP e27641 [] Outgoing To IP: 185.216.70.21|60195"; classtype:trojan-activity; sid:38006771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 185.216.70.30 420 (msg: "MISP e27641 [] Outgoing To IP: 185.216.70.30|420"; classtype:trojan-activity; sid:38006781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 78.40.117.36 1302 (msg: "MISP e27641 [] Outgoing To IP: 78.40.117.36|1302"; classtype:trojan-activity; sid:38006791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 141.98.7.2 1 (msg: "MISP e27641 [] Outgoing To IP: 141.98.7.2|1"; classtype:trojan-activity; sid:38006801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 94.156.68.231 1312 (msg: "MISP e27641 [] Outgoing To IP: 94.156.68.231|1312"; classtype:trojan-activity; sid:38006811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 85.204.116.119 1234 (msg: "MISP e27641 [] Outgoing To IP: 85.204.116.119|1234"; classtype:trojan-activity; sid:38006821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27580 [AS200350,UNAM,YANDEXCLOUD] Domain livinglearning.info"; dns.query; content:"livinglearning.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])livinglearning\.info$/i"; classtype:trojan-activity; sid:37959981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [AS200350,UNAM,YANDEXCLOUD] Outgoing HTTP Domain livinglearning.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"livinglearning.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])livinglearning\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37959982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 185.14.30.218 443 (msg: "MISP e27641 [] Outgoing To IP: 185.14.30.218|443"; classtype:trojan-activity; sid:38006831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27641 [] Domain livinglearning.info"; dns.query; content:"livinglearning.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])livinglearning\.info$/i"; classtype:trojan-activity; sid:38006851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain livinglearning.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"livinglearning.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])livinglearning\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38006852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e24600 [] Outgoing URL http|3a|//post-lu.vip/"; flow:to_server,established; http.header; content:"post-lu.vip"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38180461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain post-lu.vip"; dns.query; content:"post-lu.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\.vip$/i"; classtype:trojan-activity; sid:38180491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain post-lu.vip"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"post-lu.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])post\-lu\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180492; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain lu-post.bar"; dns.query; content:"lu-post.bar"; nocase; pcre: "/(^|[^A-Za-z0-9-])lu\-post\.bar$/i"; classtype:trojan-activity; sid:38180541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain lu-post.bar"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lu-post.bar"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lu\-post\.bar[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180542; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain zud5ug.l57i1k.com"; dns.query; content:"zud5ug.l57i1k.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zud5ug\.l57i1k\.com$/i"; classtype:trojan-activity; sid:38180591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain zud5ug.l57i1k.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zud5ug.l57i1k.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zud5ug\.l57i1k\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180592; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27580 [Amadey] Outgoing URL http|3a|//topgamecheats.dev/j4fvskd3/index.php"; flow:to_server,established; http.header; content:"topgamecheats.dev"; fast_pattern; nocase; http.uri; content:"/j4fvskd3/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//topgamecheats.dev/j4Fvskd3/index.php"; flow:to_server,established; http.header; content:"topgamecheats.dev"; fast_pattern; nocase; http.uri; content:"/j4Fvskd3/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38006871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 91.92.254.77 222 (msg: "MISP e27580 [AS394711,Dropper,LIMENET,opendir] Outgoing URL http|3a|//91.92.254.77|3a|222/jj.jpg"; flow:to_server,established; http.header; content:"91.92.254.77"; fast_pattern; nocase; http.uri; content:"/jj.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 91.92.254.77 222 (msg: "MISP e27641 [] Outgoing URL http|3a|//91.92.254.77|3a|222/jj.jpg"; flow:to_server,established; http.header; content:"91.92.254.77"; fast_pattern; nocase; http.uri; content:"/jj.jpg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38006881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 80.66.75.53 $HTTP_PORTS (msg: "MISP e27580 [CobaltStrike,cs-watermark-987654321,Kakharov Orinbassar Maratuly] Outgoing URL http|3a|//80.66.75.53/functionalstatus/5gn1hb9coo2yjr2gfysvdjro2gm1e9rk"; flow:to_server,established; http.header; content:"80.66.75.53"; fast_pattern; nocase; http.uri; content:"/functionalstatus/5gn1hb9coo2yjr2gfysvdjro2gm1e9rk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 79.124.40.106 81 (msg: "MISP e27580 [CobaltStrike,cs-watermark-987654321,Tamatiya EOOD] Outgoing URL http|3a|//79.124.40.106|3a|81/fwlink"; flow:to_server,established; http.header; content:"79.124.40.106"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 5.101.0.245 $HTTP_PORTS (msg: "MISP e27580 [CobaltStrike,cs-watermark-1580103824,Petersburg Internet Network ltd.] Outgoing URL http|3a|//5.101.0.245/ptj"; flow:to_server,established; http.header; content:"5.101.0.245"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 5.101.0.245 $HTTP_PORTS (msg: "MISP e27580 [CobaltStrike,cs-watermark-1580103824,Petersburg Internet Network ltd.] Outgoing URL http|3a|//5.101.0.245/dpixel"; flow:to_server,established; http.header; content:"5.101.0.245"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 118.194.233.185 $HTTP_PORTS (msg: "MISP e27580 [CobaltStrike,cs-watermark-987654321,UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED] Outgoing URL http|3a|//118.194.233.185/ptj"; flow:to_server,established; http.header; content:"118.194.233.185"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 8.222.165.110 $HTTP_PORTS (msg: "MISP e27580 [Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//8.222.165.110/load"; flow:to_server,established; http.header; content:"8.222.165.110"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27580 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing URL http|3a|//security-socks777.com/understand/v2.61/rylqupm8ll"; flow:to_server,established; http.header; content:"security-socks777.com"; fast_pattern; nocase; http.uri; content:"/understand/v2.61/rylqupm8ll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert dns any any -> any any (msg: "MISP e27580 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Domain security-socks777.com"; dns.query; content:"security-socks777.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])security\-socks777\.com$/i"; classtype:trojan-activity; sid:37960151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing HTTP Domain security-socks777.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"security-socks777.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])security\-socks777\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 192.3.101.133 88 (msg: "MISP e27580 [CobaltStrike,cs-watermark-1580103824,HostPapa] Outgoing URL http|3a|//192.3.101.133|3a|88/ca"; flow:to_server,established; http.header; content:"192.3.101.133"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 5.101.0.245 $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//5.101.0.245/dpixel"; flow:to_server,established; http.header; content:"5.101.0.245"; fast_pattern; nocase; http.uri; content:"/dpixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38006901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 5.101.0.245 $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//5.101.0.245/ptj"; flow:to_server,established; http.header; content:"5.101.0.245"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38006911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 79.124.40.106 81 (msg: "MISP e27641 [] Outgoing URL http|3a|//79.124.40.106|3a|81/fwlink"; flow:to_server,established; http.header; content:"79.124.40.106"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38006921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 80.66.75.53 $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//80.66.75.53/functionalStatus/5gN1hB9COo2yjR2gfYsvdjRO2gm1e9RK"; flow:to_server,established; http.header; content:"80.66.75.53"; fast_pattern; nocase; http.uri; content:"/functionalStatus/5gN1hB9COo2yjR2gfYsvdjRO2gm1e9RK"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38006941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 45.134.225.245 $HTTP_PORTS (msg: "MISP e27580 [CobaltStrike,ColocationX Ltd.,cs-watermark-987654321] Outgoing URL http|3a|//45.134.225.245/activity"; flow:to_server,established; http.header; content:"45.134.225.245"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 114.55.133.151 $HTTP_PORTS (msg: "MISP e27580 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//114.55.133.151/en_us/all.js"; flow:to_server,established; http.header; content:"114.55.133.151"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 95.217.142.46 50500 (msg: "MISP e27580 [RiseProStealer] Outgoing To IP: 95.217.142.46|50500"; classtype:trojan-activity; sid:37960231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 114.55.133.151 $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//114.55.133.151/en_US/all.js"; flow:to_server,established; http.header; content:"114.55.133.151"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38006961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 45.134.225.245 $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//45.134.225.245/activity"; flow:to_server,established; http.header; content:"45.134.225.245"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38006971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 192.3.101.133 88 (msg: "MISP e27641 [] Outgoing URL http|3a|//192.3.101.133|3a|88/ca"; flow:to_server,established; http.header; content:"192.3.101.133"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38006981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27641 [] Domain security-socks777.com"; dns.query; content:"security-socks777.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])security\-socks777\.com$/i"; classtype:trojan-activity; sid:38007031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain security-socks777.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"security-socks777.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])security\-socks777\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//security-socks777.com/Understand/v2.61/RYLQUPM8LL"; flow:to_server,established; http.header; content:"security-socks777.com"; fast_pattern; nocase; http.uri; content:"/Understand/v2.61/RYLQUPM8LL"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 8.222.165.110 $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//8.222.165.110/load"; flow:to_server,established; http.header; content:"8.222.165.110"; fast_pattern; nocase; http.uri; content:"/load"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 118.194.233.185 $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//118.194.233.185/ptj"; flow:to_server,established; http.header; content:"118.194.233.185"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27580 [] Domain galaxybotnet.site"; dns.query; content:"galaxybotnet.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])galaxybotnet\.site$/i"; classtype:trojan-activity; sid:37960241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [] Outgoing HTTP Domain galaxybotnet.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"galaxybotnet.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])galaxybotnet\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert dns any any -> any any (msg: "MISP e27580 [] Domain cnc.shakeit.biz"; dns.query; content:"cnc.shakeit.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.shakeit\.biz$/i"; classtype:trojan-activity; sid:37960251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [] Outgoing HTTP Domain cnc.shakeit.biz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cnc.shakeit.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.shakeit\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert dns any any -> any any (msg: "MISP e27580 [] Domain botnet.freetube.me"; dns.query; content:"botnet.freetube.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.freetube\.me$/i"; classtype:trojan-activity; sid:37960261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [] Outgoing HTTP Domain botnet.freetube.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.freetube.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.freetube\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 95.217.142.46 50500 (msg: "MISP e27641 [] Outgoing To IP: 95.217.142.46|50500"; classtype:trojan-activity; sid:38007101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e28246 [] Outgoing URL http|3a|//b.9-9-8.com/brysj/d/c.sh"; flow:to_server,established; http.header; content:"b.9-9-8.com"; fast_pattern; nocase; http.uri; content:"/brysj/d/c.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38363771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28246;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e28246 [] Outgoing URL http|3a|//b.9-9-8.com/brysj/d/ar.sh"; flow:to_server,established; http.header; content:"b.9-9-8.com"; fast_pattern; nocase; http.uri; content:"/brysj/d/ar.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38363851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28246;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e28246 [] Outgoing URL http|3a|//b.9-9-8.com/brysj/d/enbio.tar"; flow:to_server,established; http.header; content:"b.9-9-8.com"; fast_pattern; nocase; http.uri; content:"/brysj/d/enbio.tar"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38363881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28246;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e28246 [] Outgoing URL http|3a|//b.9-9-8.com/brysj/cronb.sh"; flow:to_server,established; http.header; content:"b.9-9-8.com"; fast_pattern; nocase; http.uri; content:"/brysj/cronb.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38363951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28246;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e28246 [] Outgoing URL http|3a|//b.9-9-8.com/brysj/d/h.sh"; flow:to_server,established; http.header; content:"b.9-9-8.com"; fast_pattern; nocase; http.uri; content:"/brysj/d/h.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38363961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/28246;) alert dns any any -> any any (msg: "MISP e27580 [Amadey,ViriBack] Domain topgamecheats.dev"; dns.query; content:"topgamecheats.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])topgamecheats\.dev$/i"; classtype:trojan-activity; sid:37960271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [Amadey,ViriBack] Outgoing HTTP Domain topgamecheats.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topgamecheats.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topgamecheats\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert dns any any -> any any (msg: "MISP e27580 [BlackBasta] Domain startupbuss.com"; dns.query; content:"startupbuss.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])startupbuss\.com$/i"; classtype:trojan-activity; sid:37960311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [BlackBasta] Outgoing HTTP Domain startupbuss.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"startupbuss.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])startupbuss\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert dns any any -> any any (msg: "MISP e27580 [BlackBasta] Domain oneblackwood.com"; dns.query; content:"oneblackwood.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])oneblackwood\.com$/i"; classtype:trojan-activity; sid:37960291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [BlackBasta] Outgoing HTTP Domain oneblackwood.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oneblackwood.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oneblackwood\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert dns any any -> any any (msg: "MISP e27580 [BlackBasta] Domain buygreenstudio.com"; dns.query; content:"buygreenstudio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])buygreenstudio\.com$/i"; classtype:trojan-activity; sid:37960301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [BlackBasta] Outgoing HTTP Domain buygreenstudio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"buygreenstudio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])buygreenstudio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert dns any any -> any any (msg: "MISP e27641 [] Domain galaxybotnet.site"; dns.query; content:"galaxybotnet.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])galaxybotnet\.site$/i"; classtype:trojan-activity; sid:38007111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain galaxybotnet.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"galaxybotnet.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])galaxybotnet\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27641 [] Domain cnc.shakeit.biz"; dns.query; content:"cnc.shakeit.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.shakeit\.biz$/i"; classtype:trojan-activity; sid:38007121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain cnc.shakeit.biz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cnc.shakeit.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.shakeit\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27641 [] Domain botnet.freetube.me"; dns.query; content:"botnet.freetube.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.freetube\.me$/i"; classtype:trojan-activity; sid:38007131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain botnet.freetube.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet.freetube.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet\.freetube\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27580 [BlackBasta] Domain securecloudmanage.com"; dns.query; content:"securecloudmanage.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])securecloudmanage\.com$/i"; classtype:trojan-activity; sid:37960281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [BlackBasta] Outgoing HTTP Domain securecloudmanage.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"securecloudmanage.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])securecloudmanage\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert dns any any -> any any (msg: "MISP e27641 [] Domain securecloudmanage.com"; dns.query; content:"securecloudmanage.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])securecloudmanage\.com$/i"; classtype:trojan-activity; sid:38007141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain securecloudmanage.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"securecloudmanage.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])securecloudmanage\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27641 [] Domain oneblackwood.com"; dns.query; content:"oneblackwood.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])oneblackwood\.com$/i"; classtype:trojan-activity; sid:38007151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain oneblackwood.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oneblackwood.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oneblackwood\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27641 [] Domain buygreenstudio.com"; dns.query; content:"buygreenstudio.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])buygreenstudio\.com$/i"; classtype:trojan-activity; sid:38007161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain buygreenstudio.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"buygreenstudio.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])buygreenstudio\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27641 [] Domain startupbuss.com"; dns.query; content:"startupbuss.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])startupbuss\.com$/i"; classtype:trojan-activity; sid:38007171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain startupbuss.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"startupbuss.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])startupbuss\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27641 [] Domain topgamecheats.dev"; dns.query; content:"topgamecheats.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])topgamecheats\.dev$/i"; classtype:trojan-activity; sid:38007181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain topgamecheats.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"topgamecheats.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])topgamecheats\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicsskor-sverige.com"; dns.query; content:"asicsskor-sverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsskor\-sverige\.com$/i"; classtype:trojan-activity; sid:38166471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicsskor-sverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicsskor-sverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsskor\-sverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain blundstonegermany.com"; dns.query; content:"blundstonegermany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])blundstonegermany\.com$/i"; classtype:trojan-activity; sid:38166481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain blundstonegermany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blundstonegermany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blundstonegermany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain blundstone-oslo.com"; dns.query; content:"blundstone-oslo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])blundstone\-oslo\.com$/i"; classtype:trojan-activity; sid:38166491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain blundstone-oslo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blundstone-oslo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blundstone\-oslo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain crocshungary-eu.com"; dns.query; content:"crocshungary-eu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])crocshungary\-eu\.com$/i"; classtype:trojan-activity; sid:38166501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain crocshungary-eu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crocshungary-eu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crocshungary\-eu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain crocssnzoutlet.com"; dns.query; content:"crocssnzoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])crocssnzoutlet\.com$/i"; classtype:trojan-activity; sid:38166511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain crocssnzoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crocssnzoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crocssnzoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoefrance.com"; dns.query; content:"dcshoefrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoefrance\.com$/i"; classtype:trojan-activity; sid:38166521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoefrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoefrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoefrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeindia.com"; dns.query; content:"dcshoeindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeindia\.com$/i"; classtype:trojan-activity; sid:38166531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeireland.com"; dns.query; content:"dcshoeireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeireland\.com$/i"; classtype:trojan-activity; sid:38166541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeisrael.com"; dns.query; content:"dcshoeisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeisrael\.com$/i"; classtype:trojan-activity; sid:38166551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeitalia.com"; dns.query; content:"dcshoeitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeitalia\.com$/i"; classtype:trojan-activity; sid:38166561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesaustraliaau.com"; dns.query; content:"dcshoesaustraliaau.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesaustraliaau\.com$/i"; classtype:trojan-activity; sid:38166571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesaustraliaau.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesaustraliaau.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesaustraliaau\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoescanadaca.com"; dns.query; content:"dcshoescanadaca.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoescanadaca\.com$/i"; classtype:trojan-activity; sid:38166581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoescanadaca.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoescanadaca.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoescanadaca\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoes-colombia.com"; dns.query; content:"dcshoes-colombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-colombia\.com$/i"; classtype:trojan-activity; sid:38166591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoes-colombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoes-colombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-colombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesczeshop.com"; dns.query; content:"dcshoesczeshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesczeshop\.com$/i"; classtype:trojan-activity; sid:38166601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesczeshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesczeshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesczeshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesdk.com"; dns.query; content:"dcshoesdk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesdk\.com$/i"; classtype:trojan-activity; sid:38166611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesdk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesdk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesdk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoes-espana.com"; dns.query; content:"dcshoes-espana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-espana\.com$/i"; classtype:trojan-activity; sid:38166621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoes-espana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoes-espana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-espana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dc-shoesgreece.com"; dns.query; content:"dc-shoesgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoesgreece\.com$/i"; classtype:trojan-activity; sid:38166631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dc-shoesgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dc-shoesgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoesgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeshungary.com"; dns.query; content:"dcshoeshungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeshungary\.com$/i"; classtype:trojan-activity; sid:38166641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeshungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeshungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeshungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesmx.com"; dns.query; content:"dcshoesmx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesmx\.com$/i"; classtype:trojan-activity; sid:38166651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesmx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesmx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesmx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoesromaniaonline.com"; dns.query; content:"dcshoesromaniaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesromaniaonline\.com$/i"; classtype:trojan-activity; sid:38166661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoesromaniaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoesromaniaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoesromaniaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoessverige.com"; dns.query; content:"dcshoessverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoessverige\.com$/i"; classtype:trojan-activity; sid:38166671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoessverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoessverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoessverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dgksingapore.com"; dns.query; content:"dgksingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dgksingapore\.com$/i"; classtype:trojan-activity; sid:38166681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dgksingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dgksingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dgksingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dunelondonchiles.com"; dns.query; content:"dunelondonchiles.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dunelondonchiles\.com$/i"; classtype:trojan-activity; sid:38166691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dunelondonchiles.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dunelondonchiles.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dunelondonchiles\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fitflops-nl.com"; dns.query; content:"fitflops-nl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflops\-nl\.com$/i"; classtype:trojan-activity; sid:38166701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fitflops-nl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fitflops-nl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflops\-nl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fredperrystockholms.com"; dns.query; content:"fredperrystockholms.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrystockholms\.com$/i"; classtype:trojan-activity; sid:38166711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fredperrystockholms.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fredperrystockholms.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrystockholms\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloomperu.com"; dns.query; content:"fruitoftheloomperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomperu\.com$/i"; classtype:trojan-activity; sid:38166721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloomperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloomperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloomperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gapconcept.com"; dns.query; content:"gapconcept.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gapconcept\.com$/i"; classtype:trojan-activity; sid:38166731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gapconcept.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gapconcept.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gapconcept\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gapespanaoutlet.com"; dns.query; content:"gapespanaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gapespanaoutlet\.com$/i"; classtype:trojan-activity; sid:38166741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gapespanaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gapespanaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gapespanaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gaponlinecz.com"; dns.query; content:"gaponlinecz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gaponlinecz\.com$/i"; classtype:trojan-activity; sid:38166751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gaponlinecz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gaponlinecz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gaponlinecz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain guesssaleuk.com"; dns.query; content:"guesssaleuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])guesssaleuk\.com$/i"; classtype:trojan-activity; sid:38166761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain guesssaleuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"guesssaleuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])guesssaleuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportivafootwear.com"; dns.query; content:"lasportivafootwear.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivafootwear\.com$/i"; classtype:trojan-activity; sid:38166771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportivafootwear.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportivafootwear.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivafootwear\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportiva-hungary.com"; dns.query; content:"lasportiva-hungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-hungary\.com$/i"; classtype:trojan-activity; sid:38166781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportiva-hungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportiva-hungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-hungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportivainindia.com"; dns.query; content:"lasportivainindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivainindia\.com$/i"; classtype:trojan-activity; sid:38166791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportivainindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportivainindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivainindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportivanetherlands.com"; dns.query; content:"lasportivanetherlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivanetherlands\.com$/i"; classtype:trojan-activity; sid:38166801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportivanetherlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportivanetherlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivanetherlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportivaphilippine.com"; dns.query; content:"lasportivaphilippine.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivaphilippine\.com$/i"; classtype:trojan-activity; sid:38166811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportivaphilippine.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportivaphilippine.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivaphilippine\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportiva-slovensko.com"; dns.query; content:"lasportiva-slovensko.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-slovensko\.com$/i"; classtype:trojan-activity; sid:38166821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportiva-slovensko.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportiva-slovensko.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-slovensko\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportivas-malaysia.com"; dns.query; content:"lasportivas-malaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivas\-malaysia\.com$/i"; classtype:trojan-activity; sid:38166831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportivas-malaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportivas-malaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivas\-malaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lojalasportiva.com"; dns.query; content:"lojalasportiva.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lojalasportiva\.com$/i"; classtype:trojan-activity; sid:38166841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lojalasportiva.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lojalasportiva.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lojalasportiva\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajaneau.com"; dns.query; content:"lornajaneau.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajaneau\.com$/i"; classtype:trojan-activity; sid:38166851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajaneau.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajaneau.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajaneau\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajanegermany.com"; dns.query; content:"lornajanegermany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanegermany\.com$/i"; classtype:trojan-activity; sid:38166861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajanegermany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajanegermany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanegermany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajanenederlandnl.com"; dns.query; content:"lornajanenederlandnl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanenederlandnl\.com$/i"; classtype:trojan-activity; sid:38166871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajanenederlandnl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajanenederlandnl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanenederlandnl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lornajanesingapore.com"; dns.query; content:"lornajanesingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanesingapore\.com$/i"; classtype:trojan-activity; sid:38166881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lornajanesingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lornajanesingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lornajanesingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain miumiusingaporesale.com"; dns.query; content:"miumiusingaporesale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])miumiusingaporesale\.com$/i"; classtype:trojan-activity; sid:38166891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain miumiusingaporesale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"miumiusingaporesale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])miumiusingaporesale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoathens.com"; dns.query; content:"mizunoathens.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoathens\.com$/i"; classtype:trojan-activity; sid:38166901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoathens.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoathens.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoathens\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunocipobudapest.com"; dns.query; content:"mizunocipobudapest.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunocipobudapest\.com$/i"; classtype:trojan-activity; sid:38166911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunocipobudapest.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunocipobudapest.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunocipobudapest\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoclchile.com"; dns.query; content:"mizunoclchile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoclchile\.com$/i"; classtype:trojan-activity; sid:38166921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoclchile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoclchile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoclchile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunocostarica-cr.com"; dns.query; content:"mizunocostarica-cr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunocostarica\-cr\.com$/i"; classtype:trojan-activity; sid:38166931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunocostarica-cr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunocostarica-cr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunocostarica\-cr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoenecuador.com"; dns.query; content:"mizunoenecuador.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoenecuador\.com$/i"; classtype:trojan-activity; sid:38166941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoenecuador.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoenecuador.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoenecuador\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunohrvatskahr.com"; dns.query; content:"mizunohrvatskahr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunohrvatskahr\.com$/i"; classtype:trojan-activity; sid:38166951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunohrvatskahr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunohrvatskahr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunohrvatskahr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunohungaryhu.com"; dns.query; content:"mizunohungaryhu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunohungaryhu\.com$/i"; classtype:trojan-activity; sid:38166961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunohungaryhu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunohungaryhu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunohungaryhu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunomagyarorszaghu.com"; dns.query; content:"mizunomagyarorszaghu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunomagyarorszaghu\.com$/i"; classtype:trojan-activity; sid:38166971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunomagyarorszaghu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunomagyarorszaghu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunomagyarorszaghu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizuno-outletcanada.com"; dns.query; content:"mizuno-outletcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-outletcanada\.com$/i"; classtype:trojan-activity; sid:38166981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizuno-outletcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizuno-outletcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-outletcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunooutletdeutschland.com"; dns.query; content:"mizunooutletdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutletdeutschland\.com$/i"; classtype:trojan-activity; sid:38166991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunooutletdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunooutletdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutletdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38166992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunooutlet-portugal.com"; dns.query; content:"mizunooutlet-portugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutlet\-portugal\.com$/i"; classtype:trojan-activity; sid:38167001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunooutlet-portugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunooutlet-portugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutlet\-portugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunooutlet-usa.com"; dns.query; content:"mizunooutlet-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutlet\-usa\.com$/i"; classtype:trojan-activity; sid:38167011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunooutlet-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunooutlet-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutlet\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoparaguay.com"; dns.query; content:"mizunoparaguay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoparaguay\.com$/i"; classtype:trojan-activity; sid:38167021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoparaguay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoparaguay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoparaguay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunopatikesrbija.com"; dns.query; content:"mizunopatikesrbija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunopatikesrbija\.com$/i"; classtype:trojan-activity; sid:38167031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunopatikesrbija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunopatikesrbija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunopatikesrbija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoperupe.com"; dns.query; content:"mizunoperupe.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoperupe\.com$/i"; classtype:trojan-activity; sid:38167041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoperupe.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoperupe.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoperupe\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunorunningshoesnz.com"; dns.query; content:"mizunorunningshoesnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunorunningshoesnz\.com$/i"; classtype:trojan-activity; sid:38167051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunorunningshoesnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunorunningshoesnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunorunningshoesnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosbelgie.com"; dns.query; content:"mizunosbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosbelgie\.com$/i"; classtype:trojan-activity; sid:38167061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoschuhschweiz.com"; dns.query; content:"mizunoschuhschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoschuhschweiz\.com$/i"; classtype:trojan-activity; sid:38167071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoschuhschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoschuhschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoschuhschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosgreece.com"; dns.query; content:"mizunosgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosgreece\.com$/i"; classtype:trojan-activity; sid:38167081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoeaustralia.com"; dns.query; content:"mizunoshoeaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeaustralia\.com$/i"; classtype:trojan-activity; sid:38167091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoeaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoeaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoenz.com"; dns.query; content:"mizunoshoenz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoenz\.com$/i"; classtype:trojan-activity; sid:38167101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoenz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoenz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoenz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoeusa.com"; dns.query; content:"mizunoshoeusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeusa\.com$/i"; classtype:trojan-activity; sid:38167111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoeusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoeusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshopwien.com"; dns.query; content:"mizunoshopwien.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshopwien\.com$/i"; classtype:trojan-activity; sid:38167121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshopwien.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshopwien.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshopwien\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosk.com"; dns.query; content:"mizunosk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosk\.com$/i"; classtype:trojan-activity; sid:38167131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosko-danmark.com"; dns.query; content:"mizunosko-danmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosko\-danmark\.com$/i"; classtype:trojan-activity; sid:38167141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosko-danmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosko-danmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosko\-danmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosnorge.com"; dns.query; content:"mizunosnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosnorge\.com$/i"; classtype:trojan-activity; sid:38167151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosrbijars.com"; dns.query; content:"mizunosrbijars.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosrbijars\.com$/i"; classtype:trojan-activity; sid:38167161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosrbijars.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosrbijars.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosrbijars\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosuomi-fi.com"; dns.query; content:"mizunosuomi-fi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosuomi\-fi\.com$/i"; classtype:trojan-activity; sid:38167171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosuomi-fi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosuomi-fi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosuomi\-fi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosuomifi.com"; dns.query; content:"mizunosuomifi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosuomifi\.com$/i"; classtype:trojan-activity; sid:38167181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosuomifi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosuomifi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosuomifi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosverigegolf.com"; dns.query; content:"mizunosverigegolf.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosverigegolf\.com$/i"; classtype:trojan-activity; sid:38167191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosverigegolf.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosverigegolf.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosverigegolf\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunouaeonline.com"; dns.query; content:"mizunouaeonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunouaeonline\.com$/i"; classtype:trojan-activity; sid:38167201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunouaeonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunouaeonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunouaeonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunousaoutlet.com"; dns.query; content:"mizunousaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunousaoutlet\.com$/i"; classtype:trojan-activity; sid:38167211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunousaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunousaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunousaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotnorge.com"; dns.query; content:"naotnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotnorge\.com$/i"; classtype:trojan-activity; sid:38167221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotpolska.com"; dns.query; content:"naotpolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotpolska\.com$/i"; classtype:trojan-activity; sid:38167231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotpolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotpolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotpolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotturkey.com"; dns.query; content:"naotturkey.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotturkey\.com$/i"; classtype:trojan-activity; sid:38167241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotturkey.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotturkey.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotturkey\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nothingnewaustralia.com"; dns.query; content:"nothingnewaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewaustralia\.com$/i"; classtype:trojan-activity; sid:38167251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nothingnewaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nothingnewaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nothingnewireland.com"; dns.query; content:"nothingnewireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewireland\.com$/i"; classtype:trojan-activity; sid:38167261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nothingnewireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nothingnewireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nothingnewshoesph.com"; dns.query; content:"nothingnewshoesph.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewshoesph\.com$/i"; classtype:trojan-activity; sid:38167271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nothingnewshoesph.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nothingnewshoesph.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nothingnewshoesph\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaihrvatska.com"; dns.query; content:"olukaihrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaihrvatska\.com$/i"; classtype:trojan-activity; sid:38167281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaihrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaihrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaihrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain outletmizunousa.com"; dns.query; content:"outletmizunousa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])outletmizunousa\.com$/i"; classtype:trojan-activity; sid:38167291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain outletmizunousa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"outletmizunousa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])outletmizunousa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain persoloutletturkiye.com"; dns.query; content:"persoloutletturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])persoloutletturkiye\.com$/i"; classtype:trojan-activity; sid:38167301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain persoloutletturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"persoloutletturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])persoloutletturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain polenessk.com"; dns.query; content:"polenessk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])polenessk\.com$/i"; classtype:trojan-activity; sid:38167311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain polenessk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"polenessk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])polenessk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaargentina.com"; dns.query; content:"rimowaargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaargentina\.com$/i"; classtype:trojan-activity; sid:38167321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaaustralia.com"; dns.query; content:"rimowaaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaaustralia\.com$/i"; classtype:trojan-activity; sid:38167331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-belgium.com"; dns.query; content:"rimowa-belgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-belgium\.com$/i"; classtype:trojan-activity; sid:38167341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-belgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-belgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-belgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowabrazil.com"; dns.query; content:"rimowabrazil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowabrazil\.com$/i"; classtype:trojan-activity; sid:38167351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowabrazil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowabrazil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowabrazil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaegypt.com"; dns.query; content:"rimowaegypt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaegypt\.com$/i"; classtype:trojan-activity; sid:38167361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaegypt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaegypt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaegypt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-greece.com"; dns.query; content:"rimowa-greece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-greece\.com$/i"; classtype:trojan-activity; sid:38167371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-greece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-greece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-greece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-hungary.com"; dns.query; content:"rimowa-hungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-hungary\.com$/i"; classtype:trojan-activity; sid:38167381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-hungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-hungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-hungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-israel.com"; dns.query; content:"rimowa-israel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-israel\.com$/i"; classtype:trojan-activity; sid:38167391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-israel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-israel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-israel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowajapan.com"; dns.query; content:"rimowajapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowajapan\.com$/i"; classtype:trojan-activity; sid:38167401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowajapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowajapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowajapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-romania.com"; dns.query; content:"rimowa-romania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-romania\.com$/i"; classtype:trojan-activity; sid:38167411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-romania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-romania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-romania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowasaudiarabia.com"; dns.query; content:"rimowasaudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasaudiarabia\.com$/i"; classtype:trojan-activity; sid:38167421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowasaudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowasaudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowasaudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaturkey.com"; dns.query; content:"rimowaturkey.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaturkey\.com$/i"; classtype:trojan-activity; sid:38167431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaturkey.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaturkey.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaturkey\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-usa.com"; dns.query; content:"rimowa-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-usa\.com$/i"; classtype:trojan-activity; sid:38167441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanitaclogsretailers.com"; dns.query; content:"sanitaclogsretailers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaclogsretailers\.com$/i"; classtype:trojan-activity; sid:38167451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanitaclogsretailers.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanitaclogsretailers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaclogsretailers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanitafactoryoutlet.com"; dns.query; content:"sanitafactoryoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitafactoryoutlet\.com$/i"; classtype:trojan-activity; sid:38167461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanitafactoryoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanitafactoryoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitafactoryoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanitazuecosespana.com"; dns.query; content:"sanitazuecosespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitazuecosespana\.com$/i"; classtype:trojan-activity; sid:38167471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanitazuecosespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanitazuecosespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitazuecosespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain schweizveja.com"; dns.query; content:"schweizveja.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])schweizveja\.com$/i"; classtype:trojan-activity; sid:38167481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain schweizveja.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"schweizveja.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])schweizveja\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sorel-jp.com"; dns.query; content:"sorel-jp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sorel\-jp\.com$/i"; classtype:trojan-activity; sid:38167491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sorel-jp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sorel-jp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sorel\-jp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain teccovietnam.com"; dns.query; content:"teccovietnam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])teccovietnam\.com$/i"; classtype:trojan-activity; sid:38167501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain teccovietnam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"teccovietnam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])teccovietnam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeraustraliaau.com"; dns.query; content:"tedbakeraustraliaau.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeraustraliaau\.com$/i"; classtype:trojan-activity; sid:38167511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeraustraliaau.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeraustraliaau.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeraustraliaau\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendamizunoespana.com"; dns.query; content:"tiendamizunoespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendamizunoespana\.com$/i"; classtype:trojan-activity; sid:38167521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendamizunoespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendamizunoespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendamizunoespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain timberlandchiletiendas.com"; dns.query; content:"timberlandchiletiendas.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timberlandchiletiendas\.com$/i"; classtype:trojan-activity; sid:38167531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain timberlandchiletiendas.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timberlandchiletiendas.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timberlandchiletiendas\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vivobarefootza.com"; dns.query; content:"vivobarefootza.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefootza\.com$/i"; classtype:trojan-activity; sid:38167551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vivobarefootza.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vivobarefootza.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefootza\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casioargentinarelojes.com"; dns.query; content:"casioargentinarelojes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casioargentinarelojes\.com$/i"; classtype:trojan-activity; sid:38167561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casioargentinarelojes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casioargentinarelojes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casioargentinarelojes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain casiowatch-usa.com"; dns.query; content:"casiowatch-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])casiowatch\-usa\.com$/i"; classtype:trojan-activity; sid:38167571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain casiowatch-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"casiowatch-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])casiowatch\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dc-shoesuruguay.com"; dns.query; content:"dc-shoesuruguay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoesuruguay\.com$/i"; classtype:trojan-activity; sid:38167581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dc-shoesuruguay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dc-shoesuruguay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dc\-shoesuruguay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotdeutschland.com"; dns.query; content:"naotdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotdeutschland\.com$/i"; classtype:trojan-activity; sid:38167601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotespana.com"; dns.query; content:"naotespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotespana\.com$/i"; classtype:trojan-activity; sid:38167611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotitaly.com"; dns.query; content:"naotitaly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotitaly\.com$/i"; classtype:trojan-activity; sid:38167621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotitaly.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotitaly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotitaly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nike-indiawebsite.com"; dns.query; content:"nike-indiawebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-indiawebsite\.com$/i"; classtype:trojan-activity; sid:38167631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nike-indiawebsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nike-indiawebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-indiawebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanitaclogsusa.com"; dns.query; content:"sanitaclogsusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaclogsusa\.com$/i"; classtype:trojan-activity; sid:38167641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanitaclogsusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanitaclogsusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaclogsusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain supremestoreireland.com"; dns.query; content:"supremestoreireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])supremestoreireland\.com$/i"; classtype:trojan-activity; sid:38167651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain supremestoreireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"supremestoreireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])supremestoreireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27570 [] Domain banco.estadosoporte.info"; dns.query; content:"banco.estadosoporte.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estadosoporte\.info$/i"; classtype:trojan-activity; sid:37958951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27570;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27570 [] Outgoing HTTP Domain banco.estadosoporte.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banco.estadosoporte.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banco\.estadosoporte\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37958952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27570;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27580 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//static.chat5188.top/api/v3/s25fogl"; flow:to_server,established; http.header; content:"static.chat5188.top"; fast_pattern; nocase; http.uri; content:"/api/v3/s25fogl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27571 [] Outgoing URL http|3a|//patito.larissakovalchuk.com/"; flow:to_server,established; http.header; content:"patito.larissakovalchuk.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37959021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27571;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27571 [] Outgoing URL http|3a|//patito.larissakovalchuk.com/1709816053/imagenes/_personas/home/default.asp"; flow:to_server,established; http.header; content:"patito.larissakovalchuk.com"; fast_pattern; nocase; http.uri; content:"/1709816053/imagenes/_personas/home/default.asp"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37959031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27571;) alert dns any any -> any any (msg: "MISP e27571 [] Domain patito.larissakovalchuk.com"; dns.query; content:"patito.larissakovalchuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.larissakovalchuk\.com$/i"; classtype:trojan-activity; sid:37959041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27571 [] Outgoing HTTP Domain patito.larissakovalchuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patito.larissakovalchuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.larissakovalchuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37959042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27571;) alert dns any any -> any any (msg: "MISP e27580 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Domain static.chat5188.top"; dns.query; content:"static.chat5188.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.chat5188\.top$/i"; classtype:trojan-activity; sid:37960351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain static.chat5188.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.chat5188.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.chat5188\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 47.243.108.86 80 (msg: "MISP e27580 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 47.243.108.86|80"; classtype:trojan-activity; sid:37960361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 83.97.20.141 443 (msg: "MISP e27580 [CobaltStrike,cs-watermark-987654321,M247 Europe SRL] Outgoing To IP: 83.97.20.141|443"; classtype:trojan-activity; sid:37960381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 124.71.38.170 6006 (msg: "MISP e27580 [CobaltStrike,cs-watermark-100000,Huawei Cloud Service data center] Outgoing URL http|3a|//124.71.38.170|3a|6006/ca"; flow:to_server,established; http.header; content:"124.71.38.170"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg: "MISP e27580 [CobaltStrike,cs-watermark-1234567890,Tencent Building Kejizhongyi Avenue] Outgoing URL http|3a|//qq.qqweixinzhuce.top|3a|8080/wp06/wp-includes/po.php"; flow:to_server,established; http.header; content:"qq.qqweixinzhuce.top"; fast_pattern; nocase; http.uri; content:"/wp06/wp-includes/po.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 101.35.19.133 $HTTP_PORTS (msg: "MISP e27580 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//101.35.19.133/push"; flow:to_server,established; http.header; content:"101.35.19.133"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 83.97.20.141 $HTTP_PORTS (msg: "MISP e27580 [CobaltStrike,cs-watermark-987654321,M247 Europe SRL] Outgoing URL http|3a|//83.97.20.141/en_us/all.js"; flow:to_server,established; http.header; content:"83.97.20.141"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 83.97.20.141 80 (msg: "MISP e27580 [CobaltStrike,cs-watermark-987654321,M247 Europe SRL] Outgoing To IP: 83.97.20.141|80"; classtype:trojan-activity; sid:37960441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27572 [] Outgoing URL http|3a|//patito.larissakovalchuk.com/1709150768/imagenes/_personas/home/default.asp"; flow:to_server,established; http.header; content:"patito.larissakovalchuk.com"; fast_pattern; nocase; http.uri; content:"/1709150768/imagenes/_personas/home/default.asp"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37959111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27572;) alert dns any any -> any any (msg: "MISP e27572 [] Domain patito.larissakovalchuk.com"; dns.query; content:"patito.larissakovalchuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.larissakovalchuk\.com$/i"; classtype:trojan-activity; sid:37959121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27572;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27572 [] Outgoing HTTP Domain patito.larissakovalchuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patito.larissakovalchuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patito\.larissakovalchuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37959122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27572;) alert http $HOME_NET any -> 83.97.20.141 $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//83.97.20.141/en_US/all.js"; flow:to_server,established; http.header; content:"83.97.20.141"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 101.35.19.133 $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//101.35.19.133/push"; flow:to_server,established; http.header; content:"101.35.19.133"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg: "MISP e27641 [] Outgoing URL http|3a|//qq.qqweixinzhuce.top|3a|8080/wp06/wp-includes/po.php"; flow:to_server,established; http.header; content:"qq.qqweixinzhuce.top"; fast_pattern; nocase; http.uri; content:"/wp06/wp-includes/po.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 124.71.38.170 6006 (msg: "MISP e27641 [] Outgoing URL http|3a|//124.71.38.170|3a|6006/ca"; flow:to_server,established; http.header; content:"124.71.38.170"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27641 [] Domain static.chat5188.top"; dns.query; content:"static.chat5188.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.chat5188\.top$/i"; classtype:trojan-activity; sid:38007251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain static.chat5188.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"static.chat5188.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])static\.chat5188\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//static.chat5188.top/api/v3/s25FogL"; flow:to_server,established; http.header; content:"static.chat5188.top"; fast_pattern; nocase; http.uri; content:"/api/v3/s25FogL"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 83.97.20.141 80 (msg: "MISP e27641 [] Outgoing To IP: 83.97.20.141|80"; classtype:trojan-activity; sid:38007271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 83.97.20.141 443 (msg: "MISP e27641 [] Outgoing To IP: 83.97.20.141|443"; classtype:trojan-activity; sid:38007281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 47.243.108.86 80 (msg: "MISP e27641 [] Outgoing To IP: 47.243.108.86|80"; classtype:trojan-activity; sid:38007291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 20.121.128.235 4674 (msg: "MISP e27580 [remcos] Outgoing To IP: 20.121.128.235|4674"; classtype:trojan-activity; sid:37960451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 20.121.128.235 4834 (msg: "MISP e27580 [remcos] Outgoing To IP: 20.121.128.235|4834"; classtype:trojan-activity; sid:37960461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 20.121.128.235 4845 (msg: "MISP e27580 [remcos] Outgoing To IP: 20.121.128.235|4845"; classtype:trojan-activity; sid:37960471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 20.121.128.235 4876 (msg: "MISP e27580 [remcos] Outgoing To IP: 20.121.128.235|4876"; classtype:trojan-activity; sid:37960481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 20.121.128.235 4876 (msg: "MISP e27641 [] Outgoing To IP: 20.121.128.235|4876"; classtype:trojan-activity; sid:38007301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 20.121.128.235 4845 (msg: "MISP e27641 [] Outgoing To IP: 20.121.128.235|4845"; classtype:trojan-activity; sid:38007311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 20.121.128.235 4834 (msg: "MISP e27641 [] Outgoing To IP: 20.121.128.235|4834"; classtype:trojan-activity; sid:38007321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 20.121.128.235 4674 (msg: "MISP e27641 [] Outgoing To IP: 20.121.128.235|4674"; classtype:trojan-activity; sid:38007331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e24600 [] Domain todayaction.lol"; dns.query; content:"todayaction.lol"; nocase; pcre: "/(^|[^A-Za-z0-9-])todayaction\.lol$/i"; classtype:trojan-activity; sid:38180651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain todayaction.lol"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"todayaction.lol"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])todayaction\.lol[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180652; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain pub-e119bb50e05a485ba59cc4fcc30e8c49.r2.dev"; dns.query; content:"pub-e119bb50e05a485ba59cc4fcc30e8c49.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-e119bb50e05a485ba59cc4fcc30e8c49\.r2\.dev$/i"; classtype:trojan-activity; sid:38180701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain pub-e119bb50e05a485ba59cc4fcc30e8c49.r2.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pub-e119bb50e05a485ba59cc4fcc30e8c49.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pub\-e119bb50e05a485ba59cc4fcc30e8c49\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180702; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain public-ccss.com"; dns.query; content:"public-ccss.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])public\-ccss\.com$/i"; classtype:trojan-activity; sid:38180741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain public-ccss.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"public-ccss.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])public\-ccss\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180742; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27580 [Loki] Outgoing URL http|3a|//sempersim.su/c11/fre.php"; flow:to_server,established; http.header; content:"sempersim.su"; fast_pattern; nocase; http.uri; content:"/c11/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//sempersim.su/c11/fre.php"; flow:to_server,established; http.header; content:"sempersim.su"; fast_pattern; nocase; http.uri; content:"/c11/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27573 [] Domain scotiankbank.accesoclientes.info"; dns.query; content:"scotiankbank.accesoclientes.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])scotiankbank\.accesoclientes\.info$/i"; classtype:trojan-activity; sid:37959201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27573;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27573 [] Outgoing HTTP Domain scotiankbank.accesoclientes.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"scotiankbank.accesoclientes.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])scotiankbank\.accesoclientes\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37959202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27573;) alert dns any any -> any any (msg: "MISP e27580 [CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Domain ns1.bwork.online"; dns.query; content:"ns1.bwork.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.bwork\.online$/i"; classtype:trojan-activity; sid:37960501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain ns1.bwork.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.bwork.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.bwork\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 124.221.133.199 53 (msg: "MISP e27580 [CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 124.221.133.199|53"; classtype:trojan-activity; sid:37960511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert dns any any -> any any (msg: "MISP e27641 [] Domain ns1.bwork.online"; dns.query; content:"ns1.bwork.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.bwork\.online$/i"; classtype:trojan-activity; sid:38007351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain ns1.bwork.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.bwork.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.bwork\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 124.221.133.199 53 (msg: "MISP e27641 [] Outgoing To IP: 124.221.133.199|53"; classtype:trojan-activity; sid:38007361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27640 [] Hostname cfd.igtrades-capital.com"; dns.query; content:"cfd.igtrades-capital.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cfd\.igtrades\-capital\.com$/i"; classtype:trojan-activity; sid:38006611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27640;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27640 [] Outgoing HTTP Hostname cfd.igtrades-capital.com"; flow:to_server,established; http.header; content: "Host|3a| cfd.igtrades-capital.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cfd\.igtrades\-capital\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38006612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27640;) alert ip $HOME_NET any -> 173.201.180.75 443 (msg: "MISP e27580 [infostealer,phemedrone] Outgoing To IP: 173.201.180.75|443"; classtype:trojan-activity; sid:37960321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert dns any any -> any any (msg: "MISP e27580 [AS394711,LIMENET,RAT] Domain windows11.loseyourip.com"; dns.query; content:"windows11.loseyourip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])windows11\.loseyourip\.com$/i"; classtype:trojan-activity; sid:37960331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27580 [AS394711,LIMENET,RAT] Outgoing HTTP Domain windows11.loseyourip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"windows11.loseyourip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])windows11\.loseyourip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert dns any any -> any any (msg: "MISP e27641 [] Domain windows11.loseyourip.com"; dns.query; content:"windows11.loseyourip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])windows11\.loseyourip\.com$/i"; classtype:trojan-activity; sid:38007371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27641 [] Outgoing HTTP Domain windows11.loseyourip.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"windows11.loseyourip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])windows11\.loseyourip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38007372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 173.201.180.75 443 (msg: "MISP e27641 [] Outgoing To IP: 173.201.180.75|443"; classtype:trojan-activity; sid:38007381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 194.116.173.25 6519 (msg: "MISP e27580 [RedLineStealer] Outgoing To IP: 194.116.173.25|6519"; classtype:trojan-activity; sid:37960521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 194.116.173.25 6519 (msg: "MISP e27641 [] Outgoing To IP: 194.116.173.25|6519"; classtype:trojan-activity; sid:38007391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> 86.110.194.110 $HTTP_PORTS (msg: "MISP e27580 [dcrat] Outgoing URL http|3a|//86.110.194.110/2wpcdn/multi/88/bigload/sql8defaultlow/httprequestprotonbigload/api7voiddbdatalife/publicjavascripttemp5/videobigloadmultidefaultwindowswordpresspublictemporary.php"; flow:to_server,established; http.header; content:"86.110.194.110"; fast_pattern; nocase; http.uri; content:"/2wpcdn/multi/88/bigload/sql8defaultlow/httprequestprotonbigload/api7voiddbdatalife/publicjavascripttemp5/videobigloadmultidefaultwindowswordpresspublictemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 147.45.47.116 50500 (msg: "MISP e27580 [RiseProStealer] Outgoing To IP: 147.45.47.116|50500"; classtype:trojan-activity; sid:37960541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> 86.110.194.110 $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//86.110.194.110/2Wpcdn/Multi/88/bigload/sql8defaultlow/HttpRequestProtonbigload/Api7voiddbDatalife/PublicjavascriptTemp5/videoBigloadmultiDefaultWindowsWordpresspublicTemporary.php"; flow:to_server,established; http.header; content:"86.110.194.110"; fast_pattern; nocase; http.uri; content:"/2Wpcdn/Multi/88/bigload/sql8defaultlow/HttpRequestProtonbigload/Api7voiddbDatalife/PublicjavascriptTemp5/videoBigloadmultiDefaultWindowsWordpresspublicTemporary.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 147.45.47.116 50500 (msg: "MISP e27641 [] Outgoing To IP: 147.45.47.116|50500"; classtype:trojan-activity; sid:38007411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 147.45.47.116 8081 (msg: "MISP e27580 [Risepro,ViriBack] Outgoing To IP: 147.45.47.116|8081"; classtype:trojan-activity; sid:37960551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 147.45.47.116 8081 (msg: "MISP e27641 [] Outgoing To IP: 147.45.47.116|8081"; classtype:trojan-activity; sid:38007451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27580 [dcrat] Outgoing URL http|3a|//421820cm.n9shteam2.top/eternalpythonrequestpollbaseasyncgeneratorwpdlepublic.php"; flow:to_server,established; http.header; content:"421820cm.n9shteam2.top"; fast_pattern; nocase; http.uri; content:"/eternalpythonrequestpollbaseasyncgeneratorwpdlepublic.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//421820cm.n9shteam2.top/eternalPythonrequestPollbaseasyncGeneratorwpDlePublic.php"; flow:to_server,established; http.header; content:"421820cm.n9shteam2.top"; fast_pattern; nocase; http.uri; content:"/eternalPythonrequestPollbaseasyncGeneratorwpDlePublic.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 172.93.160.2 2404 (msg: "MISP e27580 [remcos] Outgoing To IP: 172.93.160.2|2404"; classtype:trojan-activity; sid:37960601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 91.92.241.203 37942 (msg: "MISP e27580 [remcos] Outgoing To IP: 91.92.241.203|37942"; classtype:trojan-activity; sid:37960611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 91.92.241.203 37942 (msg: "MISP e27641 [] Outgoing To IP: 91.92.241.203|37942"; classtype:trojan-activity; sid:38007471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 172.93.160.2 2404 (msg: "MISP e27641 [] Outgoing To IP: 172.93.160.2|2404"; classtype:trojan-activity; sid:38007481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 142.93.131.96 43555 (msg: "MISP e27580 [DIGITALOCEAN-ASN,sliver] Outgoing To IP: 142.93.131.96|43555"; classtype:trojan-activity; sid:37960631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 142.93.131.96 8888 (msg: "MISP e27580 [DIGITALOCEAN-ASN,sliver] Outgoing To IP: 142.93.131.96|8888"; classtype:trojan-activity; sid:37960641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 103.193.176.76 8080 (msg: "MISP e27580 [IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia,sliver] Outgoing To IP: 103.193.176.76|8080"; classtype:trojan-activity; sid:37960651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 103.193.176.76 443 (msg: "MISP e27580 [IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia,sliver] Outgoing To IP: 103.193.176.76|443"; classtype:trojan-activity; sid:37960661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 35.233.38.208 443 (msg: "MISP e27580 [Covenant,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 35.233.38.208|443"; classtype:trojan-activity; sid:37960671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 170.187.232.104 7443 (msg: "MISP e27580 [AKAMAI-LINODE-AP Akamai Connected Cloud,Covenant] Outgoing To IP: 170.187.232.104|7443"; classtype:trojan-activity; sid:37960681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 37.1.208.232 7443 (msg: "MISP e27580 [Covenant,HVC-AS] Outgoing To IP: 37.1.208.232|7443"; classtype:trojan-activity; sid:37960691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 47.98.126.140 10004 (msg: "MISP e27580 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Deimos] Outgoing To IP: 47.98.126.140|10004"; classtype:trojan-activity; sid:37960701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 104.238.35.20 16655 (msg: "MISP e27580 [ASN-QUADRANET-GLOBAL,Bianlian Go Trojan] Outgoing To IP: 104.238.35.20|16655"; classtype:trojan-activity; sid:37960711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 185.196.11.148 8443 (msg: "MISP e27580 [Bianlian Go Trojan,SIMPLECARRIER] Outgoing To IP: 185.196.11.148|8443"; classtype:trojan-activity; sid:37960721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 95.179.189.177 443 (msg: "MISP e27580 [AS-CHOOPA,Bianlian Go Trojan] Outgoing To IP: 95.179.189.177|443"; classtype:trojan-activity; sid:37960731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 38.180.91.39 443 (msg: "MISP e27580 [Havoc,SCALAXY-AS] Outgoing To IP: 38.180.91.39|443"; classtype:trojan-activity; sid:37960741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 20.127.230.167 443 (msg: "MISP e27580 [Havoc,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.127.230.167|443"; classtype:trojan-activity; sid:37960751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 174.138.6.9 443 (msg: "MISP e27580 [DIGITALOCEAN-ASN,Havoc] Outgoing To IP: 174.138.6.9|443"; classtype:trojan-activity; sid:37960761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 47.236.84.82 80 (msg: "MISP e27580 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Havoc] Outgoing To IP: 47.236.84.82|80"; classtype:trojan-activity; sid:37960771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 47.236.84.82 443 (msg: "MISP e27580 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Havoc] Outgoing To IP: 47.236.84.82|443"; classtype:trojan-activity; sid:37960781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 70.31.125.31 2222 (msg: "MISP e27580 [BACOM,QakBot] Outgoing To IP: 70.31.125.31|2222"; classtype:trojan-activity; sid:37960791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 159.235.7.188 443 (msg: "MISP e27580 [CHARTER-20115,QakBot] Outgoing To IP: 159.235.7.188|443"; classtype:trojan-activity; sid:37960801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 189.140.59.81 443 (msg: "MISP e27580 [QakBot,UNINET] Outgoing To IP: 189.140.59.81|443"; classtype:trojan-activity; sid:37960811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 46.246.86.9 6000 (msg: "MISP e27580 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.86.9|6000"; classtype:trojan-activity; sid:37960821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 119.45.162.251 8888 (msg: "MISP e27580 [Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 119.45.162.251|8888"; classtype:trojan-activity; sid:37960831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 167.71.91.12 8888 (msg: "MISP e27580 [DIGITALOCEAN-ASN,Supershell] Outgoing To IP: 167.71.91.12|8888"; classtype:trojan-activity; sid:37960841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 45.84.226.86 80 (msg: "MISP e27580 [BEGET-AS,Hookbot Pegasus] Outgoing To IP: 45.84.226.86|80"; classtype:trojan-activity; sid:37960851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 80.87.192.43 80 (msg: "MISP e27580 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 80.87.192.43|80"; classtype:trojan-activity; sid:37960861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert ip $HOME_NET any -> 142.93.131.96 8888 (msg: "MISP e27641 [] Outgoing To IP: 142.93.131.96|8888"; classtype:trojan-activity; sid:38007501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 142.93.131.96 43555 (msg: "MISP e27641 [] Outgoing To IP: 142.93.131.96|43555"; classtype:trojan-activity; sid:38007511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 80.87.192.43 80 (msg: "MISP e27641 [] Outgoing To IP: 80.87.192.43|80"; classtype:trojan-activity; sid:38007521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 45.84.226.86 80 (msg: "MISP e27641 [] Outgoing To IP: 45.84.226.86|80"; classtype:trojan-activity; sid:38007531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 167.71.91.12 8888 (msg: "MISP e27641 [] Outgoing To IP: 167.71.91.12|8888"; classtype:trojan-activity; sid:38007541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 119.45.162.251 8888 (msg: "MISP e27641 [] Outgoing To IP: 119.45.162.251|8888"; classtype:trojan-activity; sid:38007551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 46.246.86.9 6000 (msg: "MISP e27641 [] Outgoing To IP: 46.246.86.9|6000"; classtype:trojan-activity; sid:38007561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 189.140.59.81 443 (msg: "MISP e27641 [] Outgoing To IP: 189.140.59.81|443"; classtype:trojan-activity; sid:38007571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 159.235.7.188 443 (msg: "MISP e27641 [] Outgoing To IP: 159.235.7.188|443"; classtype:trojan-activity; sid:38007581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 70.31.125.31 2222 (msg: "MISP e27641 [] Outgoing To IP: 70.31.125.31|2222"; classtype:trojan-activity; sid:38007591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 47.236.84.82 80 (msg: "MISP e27641 [] Outgoing To IP: 47.236.84.82|80"; classtype:trojan-activity; sid:38007601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 47.236.84.82 443 (msg: "MISP e27641 [] Outgoing To IP: 47.236.84.82|443"; classtype:trojan-activity; sid:38007611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 174.138.6.9 443 (msg: "MISP e27641 [] Outgoing To IP: 174.138.6.9|443"; classtype:trojan-activity; sid:38007621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 20.127.230.167 443 (msg: "MISP e27641 [] Outgoing To IP: 20.127.230.167|443"; classtype:trojan-activity; sid:38007631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 38.180.91.39 443 (msg: "MISP e27641 [] Outgoing To IP: 38.180.91.39|443"; classtype:trojan-activity; sid:38007641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 95.179.189.177 443 (msg: "MISP e27641 [] Outgoing To IP: 95.179.189.177|443"; classtype:trojan-activity; sid:38007651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 185.196.11.148 8443 (msg: "MISP e27641 [] Outgoing To IP: 185.196.11.148|8443"; classtype:trojan-activity; sid:38007661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 104.238.35.20 16655 (msg: "MISP e27641 [] Outgoing To IP: 104.238.35.20|16655"; classtype:trojan-activity; sid:38007671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 47.98.126.140 10004 (msg: "MISP e27641 [] Outgoing To IP: 47.98.126.140|10004"; classtype:trojan-activity; sid:38007681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 37.1.208.232 7443 (msg: "MISP e27641 [] Outgoing To IP: 37.1.208.232|7443"; classtype:trojan-activity; sid:38007691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 170.187.232.104 7443 (msg: "MISP e27641 [] Outgoing To IP: 170.187.232.104|7443"; classtype:trojan-activity; sid:38007701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 35.233.38.208 443 (msg: "MISP e27641 [] Outgoing To IP: 35.233.38.208|443"; classtype:trojan-activity; sid:38007711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 103.193.176.76 443 (msg: "MISP e27641 [] Outgoing To IP: 103.193.176.76|443"; classtype:trojan-activity; sid:38007721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert ip $HOME_NET any -> 103.193.176.76 8080 (msg: "MISP e27641 [] Outgoing To IP: 103.193.176.76|8080"; classtype:trojan-activity; sid:38007731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert dns any any -> any any (msg: "MISP e27574 [] Domain cl.gouzhang.top"; dns.query; content:"cl.gouzhang.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\.gouzhang\.top$/i"; classtype:trojan-activity; sid:37959301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27574;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27574 [] Outgoing HTTP Domain cl.gouzhang.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cl.gouzhang.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cl\.gouzhang\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37959302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27574;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27575 [] Outgoing URL http|3a|//cobreoscl.buzz/"; flow:to_server,established; http.header; content:"cobreoscl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37959371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27575;) alert dns any any -> any any (msg: "MISP e27575 [] Domain cobreoscl.buzz"; dns.query; content:"cobreoscl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])cobreoscl\.buzz$/i"; classtype:trojan-activity; sid:37959391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27575;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27575 [] Outgoing HTTP Domain cobreoscl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cobreoscl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cobreoscl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37959392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27575;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27576 [] Outgoing URL http|3a|//conreoscl.buzz/"; flow:to_server,established; http.header; content:"conreoscl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37959461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27576;) alert dns any any -> any any (msg: "MISP e27576 [] Domain conreoscl.buzz"; dns.query; content:"conreoscl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])conreoscl\.buzz$/i"; classtype:trojan-activity; sid:37959481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27576;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27576 [] Outgoing HTTP Domain conreoscl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"conreoscl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])conreoscl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37959482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27576;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27577 [] Outgoing URL http|3a|//cozreoscl.buzz/"; flow:to_server,established; http.header; content:"cozreoscl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37959551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27577;) alert dns any any -> any any (msg: "MISP e27577 [] Domain cozreoscl.buzz"; dns.query; content:"cozreoscl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])cozreoscl\.buzz$/i"; classtype:trojan-activity; sid:37959571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27577;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27577 [] Outgoing HTTP Domain cozreoscl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cozreoscl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cozreoscl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37959572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27577;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27578 [] Outgoing URL http|3a|//covreoscl.buzz/"; flow:to_server,established; http.header; content:"covreoscl.buzz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37959641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27578;) alert dns any any -> any any (msg: "MISP e27578 [] Domain covreoscl.buzz"; dns.query; content:"covreoscl.buzz"; nocase; pcre: "/(^|[^A-Za-z0-9-])covreoscl\.buzz$/i"; classtype:trojan-activity; sid:37959661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27578;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27578 [] Outgoing HTTP Domain covreoscl.buzz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"covreoscl.buzz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])covreoscl\.buzz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37959662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27578;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27580 [dcrat] Outgoing URL http|3a|//icanzuo.top/imagevmjspacketupdategamebigloadtraffictestdatalife.php"; flow:to_server,established; http.header; content:"icanzuo.top"; fast_pattern; nocase; http.uri; content:"/imagevmjspacketupdategamebigloadtraffictestdatalife.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37960911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27580;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27641 [] Outgoing URL http|3a|//icanzuo.top/imageVmJsPacketUpdategameBigloadTrafficTestdatalife.php"; flow:to_server,established; http.header; content:"icanzuo.top"; fast_pattern; nocase; http.uri; content:"/imageVmJsPacketUpdategameBigloadTrafficTestdatalife.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38007781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27641;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27579 [] Outgoing URL http|3a|//bc62782.hstn.me/"; flow:to_server,established; http.header; content:"bc62782.hstn.me"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37959731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27579;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27579 [] Outgoing URL http|3a|//bc62782.hstn.me/?i=1"; flow:to_server,established; http.header; content:"bc62782.hstn.me"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37959741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27579;) alert dns any any -> any any (msg: "MISP e27579 [] Domain bc62782.hstn.me"; dns.query; content:"bc62782.hstn.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])bc62782\.hstn\.me$/i"; classtype:trojan-activity; sid:37959751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27579;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27579 [] Outgoing HTTP Domain bc62782.hstn.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bc62782.hstn.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bc62782\.hstn\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37959752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27579;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain a1photoprinting.com"; dns.query; content:"a1photoprinting.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])a1photoprinting\.com$/i"; classtype:trojan-activity; sid:37961461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain a1photoprinting.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"a1photoprinting.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])a1photoprinting\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain americanhomeservicesllc.com"; dns.query; content:"americanhomeservicesllc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])americanhomeservicesllc\.com$/i"; classtype:trojan-activity; sid:37961471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain americanhomeservicesllc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"americanhomeservicesllc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])americanhomeservicesllc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain anambrabasiceducation.com"; dns.query; content:"anambrabasiceducation.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])anambrabasiceducation\.com$/i"; classtype:trojan-activity; sid:37961481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain anambrabasiceducation.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"anambrabasiceducation.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])anambrabasiceducation\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain audiolabelectronics.com"; dns.query; content:"audiolabelectronics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])audiolabelectronics\.com$/i"; classtype:trojan-activity; sid:37961491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain audiolabelectronics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"audiolabelectronics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])audiolabelectronics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain b2bsupermarkets.com"; dns.query; content:"b2bsupermarkets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])b2bsupermarkets\.com$/i"; classtype:trojan-activity; sid:37961501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain b2bsupermarkets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"b2bsupermarkets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])b2bsupermarkets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain b2bturkishtextile.com"; dns.query; content:"b2bturkishtextile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])b2bturkishtextile\.com$/i"; classtype:trojan-activity; sid:37961511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain b2bturkishtextile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"b2bturkishtextile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])b2bturkishtextile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain chryatech.com"; dns.query; content:"chryatech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])chryatech\.com$/i"; classtype:trojan-activity; sid:37961521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain chryatech.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"chryatech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])chryatech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain cmfgsi.com"; dns.query; content:"cmfgsi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cmfgsi\.com$/i"; classtype:trojan-activity; sid:37961531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain cmfgsi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cmfgsi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cmfgsi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain colortreeva.com"; dns.query; content:"colortreeva.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])colortreeva\.com$/i"; classtype:trojan-activity; sid:37961541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain colortreeva.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"colortreeva.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])colortreeva\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain computerfeuerwehr.com"; dns.query; content:"computerfeuerwehr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])computerfeuerwehr\.com$/i"; classtype:trojan-activity; sid:37961551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain computerfeuerwehr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"computerfeuerwehr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])computerfeuerwehr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain crabonchips.com"; dns.query; content:"crabonchips.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])crabonchips\.com$/i"; classtype:trojan-activity; sid:37961561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain crabonchips.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crabonchips.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crabonchips\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain cristinastanciu.com"; dns.query; content:"cristinastanciu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cristinastanciu\.com$/i"; classtype:trojan-activity; sid:37961571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain cristinastanciu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cristinastanciu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cristinastanciu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain daffigallery.com"; dns.query; content:"daffigallery.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])daffigallery\.com$/i"; classtype:trojan-activity; sid:37961581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain daffigallery.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"daffigallery.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])daffigallery\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain dallassutherland.com"; dns.query; content:"dallassutherland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dallassutherland\.com$/i"; classtype:trojan-activity; sid:37961591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain dallassutherland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dallassutherland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dallassutherland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain detectiveman.com"; dns.query; content:"detectiveman.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])detectiveman\.com$/i"; classtype:trojan-activity; sid:37961601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain detectiveman.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"detectiveman.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])detectiveman\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain etsprayfoam.com"; dns.query; content:"etsprayfoam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])etsprayfoam\.com$/i"; classtype:trojan-activity; sid:37961611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain etsprayfoam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"etsprayfoam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])etsprayfoam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain freeautotalk.com"; dns.query; content:"freeautotalk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])freeautotalk\.com$/i"; classtype:trojan-activity; sid:37961621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain freeautotalk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"freeautotalk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])freeautotalk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain happeelearning.com"; dns.query; content:"happeelearning.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])happeelearning\.com$/i"; classtype:trojan-activity; sid:37961631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain happeelearning.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"happeelearning.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])happeelearning\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain hostel99.com"; dns.query; content:"hostel99.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hostel99\.com$/i"; classtype:trojan-activity; sid:37961641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain hostel99.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hostel99.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hostel99\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain insproscp.com"; dns.query; content:"insproscp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])insproscp\.com$/i"; classtype:trojan-activity; sid:37961651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain insproscp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"insproscp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])insproscp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain jobmalta.com"; dns.query; content:"jobmalta.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jobmalta\.com$/i"; classtype:trojan-activity; sid:37961661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain jobmalta.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jobmalta.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jobmalta\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain kingtonyamerica.com"; dns.query; content:"kingtonyamerica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kingtonyamerica\.com$/i"; classtype:trojan-activity; sid:37961671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain kingtonyamerica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kingtonyamerica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kingtonyamerica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain mello-roos.com"; dns.query; content:"mello-roos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mello\-roos\.com$/i"; classtype:trojan-activity; sid:37961681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain mello-roos.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mello-roos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mello\-roos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain michaelcaneconsultants.com"; dns.query; content:"michaelcaneconsultants.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])michaelcaneconsultants\.com$/i"; classtype:trojan-activity; sid:37961691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain michaelcaneconsultants.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"michaelcaneconsultants.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])michaelcaneconsultants\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain mowilderness.com"; dns.query; content:"mowilderness.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mowilderness\.com$/i"; classtype:trojan-activity; sid:37961701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain mowilderness.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mowilderness.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mowilderness\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain mtgimports.com"; dns.query; content:"mtgimports.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mtgimports\.com$/i"; classtype:trojan-activity; sid:37961711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain mtgimports.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mtgimports.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mtgimports\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain netdognetworks.com"; dns.query; content:"netdognetworks.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])netdognetworks\.com$/i"; classtype:trojan-activity; sid:37961721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain netdognetworks.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"netdognetworks.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])netdognetworks\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain peacecheese.com"; dns.query; content:"peacecheese.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])peacecheese\.com$/i"; classtype:trojan-activity; sid:37961731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain peacecheese.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"peacecheese.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])peacecheese\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain pipelinning.com"; dns.query; content:"pipelinning.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pipelinning\.com$/i"; classtype:trojan-activity; sid:37961741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain pipelinning.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pipelinning.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pipelinning\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain pixgraphie.com"; dns.query; content:"pixgraphie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pixgraphie\.com$/i"; classtype:trojan-activity; sid:37961751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain pixgraphie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pixgraphie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pixgraphie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain redactweb.com"; dns.query; content:"redactweb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])redactweb\.com$/i"; classtype:trojan-activity; sid:37961761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain redactweb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"redactweb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])redactweb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain sdlsd.com"; dns.query; content:"sdlsd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sdlsd\.com$/i"; classtype:trojan-activity; sid:37961771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain sdlsd.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sdlsd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sdlsd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain shinemarksystems.com"; dns.query; content:"shinemarksystems.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])shinemarksystems\.com$/i"; classtype:trojan-activity; sid:37961781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain shinemarksystems.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"shinemarksystems.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])shinemarksystems\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain sms-atc.com"; dns.query; content:"sms-atc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sms\-atc\.com$/i"; classtype:trojan-activity; sid:37961791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain sms-atc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sms-atc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sms\-atc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain strokestownlearningzone.com"; dns.query; content:"strokestownlearningzone.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])strokestownlearningzone\.com$/i"; classtype:trojan-activity; sid:37961801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain strokestownlearningzone.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"strokestownlearningzone.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])strokestownlearningzone\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain thebestoftenerife.com"; dns.query; content:"thebestoftenerife.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thebestoftenerife\.com$/i"; classtype:trojan-activity; sid:37961811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain thebestoftenerife.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thebestoftenerife.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thebestoftenerife\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [Mythic] Domain thesolutionmatrix.com"; dns.query; content:"thesolutionmatrix.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thesolutionmatrix\.com$/i"; classtype:trojan-activity; sid:37961821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [Mythic] Outgoing HTTP Domain thesolutionmatrix.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thesolutionmatrix.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thesolutionmatrix\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 45.11.180.28 80 (msg: "MISP e27586 [] Outgoing To IP: 45.11.180.28|80"; classtype:trojan-activity; sid:37961831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 45.61.152.227 80 (msg: "MISP e27586 [] Outgoing To IP: 45.61.152.227|80"; classtype:trojan-activity; sid:37961841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 45.155.250.207 80 (msg: "MISP e27586 [] Outgoing To IP: 45.155.250.207|80"; classtype:trojan-activity; sid:37961851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 80.77.23.52 80 (msg: "MISP e27586 [] Outgoing To IP: 80.77.23.52|80"; classtype:trojan-activity; sid:37961861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 91.240.202.234 80 (msg: "MISP e27586 [] Outgoing To IP: 91.240.202.234|80"; classtype:trojan-activity; sid:37961871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 94.247.42.247 80 (msg: "MISP e27586 [] Outgoing To IP: 94.247.42.247|80"; classtype:trojan-activity; sid:37961881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 167.88.162.223 80 (msg: "MISP e27586 [] Outgoing To IP: 167.88.162.223|80"; classtype:trojan-activity; sid:37961891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 167.88.162.241 80 (msg: "MISP e27586 [] Outgoing To IP: 167.88.162.241|80"; classtype:trojan-activity; sid:37961901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 172.86.70.28 80 (msg: "MISP e27586 [] Outgoing To IP: 172.86.70.28|80"; classtype:trojan-activity; sid:37961911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 185.212.44.92 80 (msg: "MISP e27586 [] Outgoing To IP: 185.212.44.92|80"; classtype:trojan-activity; sid:37961921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27581 [] Domain mi-tarjetacencosud-cl.uploans.co.nz"; dns.query; content:"mi-tarjetacencosud-cl.uploans.co.nz"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.uploans\.co\.nz$/i"; classtype:trojan-activity; sid:37960941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27581;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27581 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.uploans.co.nz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.uploans.co.nz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.uploans\.co\.nz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37960942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27581;) alert ip $HOME_NET any -> 46.8.221.19 443 (msg: "MISP e27586 [ASKONTEL,Brute Ratel C4] Outgoing To IP: 46.8.221.19|443"; classtype:trojan-activity; sid:37961931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 46.8.221.19 8443 (msg: "MISP e27586 [ASKONTEL,Brute Ratel C4] Outgoing To IP: 46.8.221.19|8443"; classtype:trojan-activity; sid:37961941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 194.163.169.13 7443 (msg: "MISP e27586 [CONTABO,Mythic] Outgoing To IP: 194.163.169.13|7443"; classtype:trojan-activity; sid:37961951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 115.85.46.21 443 (msg: "MISP e27586 [ETPI-IDS-AS-AP Eastern Telecoms Phils. Inc.,Havoc] Outgoing To IP: 115.85.46.21|443"; classtype:trojan-activity; sid:37961961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 37.1.214.6 40056 (msg: "MISP e27586 [Havoc,HVC-AS] Outgoing To IP: 37.1.214.6|40056"; classtype:trojan-activity; sid:37961971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 37.1.214.247 40056 (msg: "MISP e27586 [Havoc,HVC-AS] Outgoing To IP: 37.1.214.247|40056"; classtype:trojan-activity; sid:37961981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 194.124.33.109 443 (msg: "MISP e27586 [CDNEXT,Havoc] Outgoing To IP: 194.124.33.109|443"; classtype:trojan-activity; sid:37961991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 194.124.33.109 8443 (msg: "MISP e27586 [CDNEXT,Havoc] Outgoing To IP: 194.124.33.109|8443"; classtype:trojan-activity; sid:37962001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 139.162.36.86 80 (msg: "MISP e27586 [AKAMAI-LINODE-AP Akamai Connected Cloud,Havoc] Outgoing To IP: 139.162.36.86|80"; classtype:trojan-activity; sid:37962011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 89.23.103.208 443 (msg: "MISP e27586 [GIR-AS,Havoc] Outgoing To IP: 89.23.103.208|443"; classtype:trojan-activity; sid:37962021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 129.159.131.26 443 (msg: "MISP e27586 [ORACLE-BMC-31898,Responder] Outgoing To IP: 129.159.131.26|443"; classtype:trojan-activity; sid:37962031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 37.35.109.128 445 (msg: "MISP e27586 [ALPINEDC,Responder] Outgoing To IP: 37.35.109.128|445"; classtype:trojan-activity; sid:37962041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 40.124.181.17 445 (msg: "MISP e27586 [MICROSOFT-CORP-MSN-AS-BLOCK,Responder] Outgoing To IP: 40.124.181.17|445"; classtype:trojan-activity; sid:37962051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 45.136.15.139 53 (msg: "MISP e27586 [LUCID-AS-AP LUCIDACLOUD LIMITED,Pupy RAT] Outgoing To IP: 45.136.15.139|53"; classtype:trojan-activity; sid:37962061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 72.27.99.56 443 (msg: "MISP e27586 [FLOW-NET,QakBot] Outgoing To IP: 72.27.99.56|443"; classtype:trojan-activity; sid:37962071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 41.99.0.26 443 (msg: "MISP e27586 [ALGTEL-AS,QakBot] Outgoing To IP: 41.99.0.26|443"; classtype:trojan-activity; sid:37962081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 2.88.130.140 443 (msg: "MISP e27586 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 2.88.130.140|443"; classtype:trojan-activity; sid:37962091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 151.30.227.158 443 (msg: "MISP e27586 [ASN-WINDTRE IUNET,QakBot] Outgoing To IP: 151.30.227.158|443"; classtype:trojan-activity; sid:37962101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 23.224.144.50 20300 (msg: "MISP e27586 [CNSERVERS,Supershell] Outgoing To IP: 23.224.144.50|20300"; classtype:trojan-activity; sid:37962111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 95.181.173.126 80 (msg: "MISP e27586 [AEZA-AS,Meduza Stealer] Outgoing To IP: 95.181.173.126|80"; classtype:trojan-activity; sid:37962121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 142.11.199.59 4000 (msg: "MISP e27586 [Evilginx EvilGoPhish,HOSTWINDS] Outgoing To IP: 142.11.199.59|4000"; classtype:trojan-activity; sid:37962131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 81.19.140.77 80 (msg: "MISP e27586 [GIR-AS,Hookbot Pegasus] Outgoing To IP: 81.19.140.77|80"; classtype:trojan-activity; sid:37962141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 142.171.226.188 80 (msg: "MISP e27586 [Hookbot Pegasus,MULTA-ASN1] Outgoing To IP: 142.171.226.188|80"; classtype:trojan-activity; sid:37962151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 188.120.225.37 80 (msg: "MISP e27586 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 188.120.225.37|80"; classtype:trojan-activity; sid:37962161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27640 [] Domain pastu-omniva.com"; dns.query; content:"pastu-omniva.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pastu\-omniva\.com$/i"; classtype:trojan-activity; sid:38006621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27640;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27640 [] Outgoing HTTP Domain pastu-omniva.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pastu-omniva.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pastu\-omniva\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38006622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27640;) alert http $HOME_NET any -> $EXTERNAL_NET 5060 (msg: "MISP e27586 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//vip.z886888.top|3a|5060/activity"; flow:to_server,established; http.header; content:"vip.z886888.top"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Domain vip.z886888.top"; dns.query; content:"vip.z886888.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])vip\.z886888\.top$/i"; classtype:trojan-activity; sid:37962181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain vip.z886888.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vip.z886888.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vip\.z886888\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37962182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27639 [] Outgoing URL http|3a|//govermentu.ru/media/FederalnoeUpravlenie_postanovlenie_o_vozbuzdenie_ispolnitelnogo_proizvodstava.exe"; flow:to_server,established; http.header; content:"govermentu.ru"; fast_pattern; nocase; http.uri; content:"/media/FederalnoeUpravlenie_postanovlenie_o_vozbuzdenie_ispolnitelnogo_proizvodstava.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38006571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27639;) alert dns any any -> any any (msg: "MISP e27639 [] Domain govermentu.ru"; dns.query; content:"govermentu.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])govermentu\.ru$/i"; classtype:trojan-activity; sid:38006581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27639;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27639 [] Outgoing HTTP Domain govermentu.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"govermentu.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])govermentu\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38006582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27639;) alert ip $HOME_NET any -> 193.39.185.4 any (msg: "MISP e27639 [] Outgoing To IP: 193.39.185.4"; classtype:trojan-activity; sid:38006591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27639;) alert ip $HOME_NET any -> 3.125.188.168 14402 (msg: "MISP e27586 [njrat] Outgoing To IP: 3.125.188.168|14402"; classtype:trojan-activity; sid:37962191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asics-dk.com"; dns.query; content:"asics-dk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asics\-dk\.com$/i"; classtype:trojan-activity; sid:38167661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asics-dk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asics-dk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asics\-dk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicsgreece-gr.com"; dns.query; content:"asicsgreece-gr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsgreece\-gr\.com$/i"; classtype:trojan-activity; sid:38167671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicsgreece-gr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicsgreece-gr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsgreece\-gr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicsportugal-pt.com"; dns.query; content:"asicsportugal-pt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsportugal\-pt\.com$/i"; classtype:trojan-activity; sid:38167681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicsportugal-pt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicsportugal-pt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsportugal\-pt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicssko-denmark.com"; dns.query; content:"asicssko-denmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicssko\-denmark\.com$/i"; classtype:trojan-activity; sid:38167691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicssko-denmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicssko-denmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicssko\-denmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicsskonorgeno.com"; dns.query; content:"asicsskonorgeno.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsskonorgeno\.com$/i"; classtype:trojan-activity; sid:38167701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicsskonorgeno.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicsskonorgeno.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsskonorgeno\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-singapore.com"; dns.query; content:"axelarigato-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-singapore\.com$/i"; classtype:trojan-activity; sid:38167711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksshoesromania.com"; dns.query; content:"clarksshoesromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksshoesromania\.com$/i"; classtype:trojan-activity; sid:38167721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksshoesromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksshoesromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksshoesromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksshoesukoutlet.com"; dns.query; content:"clarksshoesukoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksshoesukoutlet\.com$/i"; classtype:trojan-activity; sid:38167731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksshoesukoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksshoesukoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksshoesukoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain crocseuhungary.com"; dns.query; content:"crocseuhungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])crocseuhungary\.com$/i"; classtype:trojan-activity; sid:38167741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain crocseuhungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crocseuhungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crocseuhungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoessingapores.com"; dns.query; content:"dcshoessingapores.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoessingapores\.com$/i"; classtype:trojan-activity; sid:38167751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoessingapores.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoessingapores.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoessingapores\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoeusa.com"; dns.query; content:"dcshoeusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeusa\.com$/i"; classtype:trojan-activity; sid:38167761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoeusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoeusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoeusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fredperryschweiz.com"; dns.query; content:"fredperryschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperryschweiz\.com$/i"; classtype:trojan-activity; sid:38167771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fredperryschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fredperryschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperryschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain guessbagaustralia.com"; dns.query; content:"guessbagaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])guessbagaustralia\.com$/i"; classtype:trojan-activity; sid:38167781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain guessbagaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"guessbagaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])guessbagaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymshark-greecegr.com"; dns.query; content:"gymshark-greecegr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-greecegr\.com$/i"; classtype:trojan-activity; sid:38167791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymshark-greecegr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymshark-greecegr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-greecegr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymshark-phstore.com"; dns.query; content:"gymshark-phstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-phstore\.com$/i"; classtype:trojan-activity; sid:38167801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymshark-phstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymshark-phstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-phstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jordanandalyssabenedict.com"; dns.query; content:"jordanandalyssabenedict.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jordanandalyssabenedict\.com$/i"; classtype:trojan-activity; sid:38167811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jordanandalyssabenedict.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jordanandalyssabenedict.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jordanandalyssabenedict\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportiva-costarica.com"; dns.query; content:"lasportiva-costarica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-costarica\.com$/i"; classtype:trojan-activity; sid:38167821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportiva-costarica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportiva-costarica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-costarica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportivafootwearuk.com"; dns.query; content:"lasportivafootwearuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivafootwearuk\.com$/i"; classtype:trojan-activity; sid:38167831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportivafootwearuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportivafootwearuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivafootwearuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportivanzsale.com"; dns.query; content:"lasportivanzsale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivanzsale\.com$/i"; classtype:trojan-activity; sid:38167841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportivanzsale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportivanzsale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivanzsale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportivaonlineshop.com"; dns.query; content:"lasportivaonlineshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivaonlineshop\.com$/i"; classtype:trojan-activity; sid:38167851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportivaonlineshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportivaonlineshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivaonlineshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportivaparisfrance.com"; dns.query; content:"lasportivaparisfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivaparisfrance\.com$/i"; classtype:trojan-activity; sid:38167861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportivaparisfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportivaparisfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivaparisfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportiva-poland.com"; dns.query; content:"lasportiva-poland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-poland\.com$/i"; classtype:trojan-activity; sid:38167871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportiva-poland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportiva-poland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-poland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain la-sportivasingapore.com"; dns.query; content:"la-sportivasingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])la\-sportivasingapore\.com$/i"; classtype:trojan-activity; sid:38167881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain la-sportivasingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"la-sportivasingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])la\-sportivasingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportivasweden.com"; dns.query; content:"lasportivasweden.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivasweden\.com$/i"; classtype:trojan-activity; sid:38167891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportivasweden.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportivasweden.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportivasweden\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportiva-switzerland.com"; dns.query; content:"lasportiva-switzerland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-switzerland\.com$/i"; classtype:trojan-activity; sid:38167901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportiva-switzerland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportiva-switzerland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-switzerland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lasportiva-uruguay.com"; dns.query; content:"lasportiva-uruguay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-uruguay\.com$/i"; classtype:trojan-activity; sid:38167911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lasportiva-uruguay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lasportiva-uruguay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lasportiva\-uruguay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lulublackfriday.com"; dns.query; content:"lulublackfriday.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lulublackfriday\.com$/i"; classtype:trojan-activity; sid:38167921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lulublackfriday.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lulublackfriday.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lulublackfriday\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoblackfridaysale.com"; dns.query; content:"mizunoblackfridaysale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoblackfridaysale\.com$/i"; classtype:trojan-activity; sid:38167931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoblackfridaysale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoblackfridaysale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoblackfridaysale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunodanmarkdk.com"; dns.query; content:"mizunodanmarkdk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunodanmarkdk\.com$/i"; classtype:trojan-activity; sid:38167941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunodanmarkdk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunodanmarkdk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunodanmarkdk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunohu.com"; dns.query; content:"mizunohu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunohu\.com$/i"; classtype:trojan-activity; sid:38167951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunohu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunohu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunohu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunonchile.com"; dns.query; content:"mizunonchile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunonchile\.com$/i"; classtype:trojan-activity; sid:38167961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunonchile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunonchile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunonchile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizuno-saudiarabia.com"; dns.query; content:"mizuno-saudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-saudiarabia\.com$/i"; classtype:trojan-activity; sid:38167971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizuno-saudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizuno-saudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-saudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunousasale.com"; dns.query; content:"mizunousasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunousasale\.com$/i"; classtype:trojan-activity; sid:38167981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunousasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunousasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunousasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain naotmagyarorszag.com"; dns.query; content:"naotmagyarorszag.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])naotmagyarorszag\.com$/i"; classtype:trojan-activity; sid:38167991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain naotmagyarorszag.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"naotmagyarorszag.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])naotmagyarorszag\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38167992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nederlandveja.com"; dns.query; content:"nederlandveja.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nederlandveja\.com$/i"; classtype:trojan-activity; sid:38168001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nederlandveja.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nederlandveja.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nederlandveja\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaipoland.com"; dns.query; content:"olukaipoland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaipoland\.com$/i"; classtype:trojan-activity; sid:38168011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaipoland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaipoland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaipoland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-singapore.com"; dns.query; content:"pendleton-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-singapore\.com$/i"; classtype:trojan-activity; sid:38168021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumaenel-salvador.com"; dns.query; content:"pumaenel-salvador.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumaenel\-salvador\.com$/i"; classtype:trojan-activity; sid:38168031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumaenel-salvador.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumaenel-salvador.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumaenel\-salvador\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanita-nederland.com"; dns.query; content:"sanita-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanita\-nederland\.com$/i"; classtype:trojan-activity; sid:38168051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanita-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanita-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanita\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanitaoutletpolska.com"; dns.query; content:"sanitaoutletpolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaoutletpolska\.com$/i"; classtype:trojan-activity; sid:38168061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanitaoutletpolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanitaoutletpolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaoutletpolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanitasiteofficiel.com"; dns.query; content:"sanitasiteofficiel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitasiteofficiel\.com$/i"; classtype:trojan-activity; sid:38168071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanitasiteofficiel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanitasiteofficiel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitasiteofficiel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanitaskonorge.com"; dns.query; content:"sanitaskonorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaskonorge\.com$/i"; classtype:trojan-activity; sid:38168081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanitaskonorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanitaskonorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitaskonorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain supremestoreberlin.com"; dns.query; content:"supremestoreberlin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])supremestoreberlin\.com$/i"; classtype:trojan-activity; sid:38168101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain supremestoreberlin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"supremestoreberlin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])supremestoreberlin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tenismizunomexico.com"; dns.query; content:"tenismizunomexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tenismizunomexico\.com$/i"; classtype:trojan-activity; sid:38168111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tenismizunomexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tenismizunomexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tenismizunomexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain thenorthfacedubaimall.com"; dns.query; content:"thenorthfacedubaimall.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthfacedubaimall\.com$/i"; classtype:trojan-activity; sid:38168121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain thenorthfacedubaimall.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thenorthfacedubaimall.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthfacedubaimall\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain thenorthfaceshoesuk.com"; dns.query; content:"thenorthfaceshoesuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthfaceshoesuk\.com$/i"; classtype:trojan-activity; sid:38168131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain thenorthfaceshoesuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thenorthfaceshoesuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthfaceshoesuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain thenorthfaceusaonline.com"; dns.query; content:"thenorthfaceusaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthfaceusaonline\.com$/i"; classtype:trojan-activity; sid:38168141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain thenorthfaceusaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thenorthfaceusaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthfaceusaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain timberlandsskor.com"; dns.query; content:"timberlandsskor.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])timberlandsskor\.com$/i"; classtype:trojan-activity; sid:38168151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain timberlandsskor.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"timberlandsskor.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])timberlandsskor\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tumiscanada.com"; dns.query; content:"tumiscanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiscanada\.com$/i"; classtype:trojan-activity; sid:38168161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tumiscanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tumiscanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tumiscanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejafactoryoutletuk.com"; dns.query; content:"vejafactoryoutletuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejafactoryoutletuk\.com$/i"; classtype:trojan-activity; sid:38168171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejafactoryoutletuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejafactoryoutletuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejafactoryoutletuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejashoesksa.com"; dns.query; content:"vejashoesksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejashoesksa\.com$/i"; classtype:trojan-activity; sid:38168181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejashoesksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejashoesksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejashoesksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain veja-shoes-nz.com"; dns.query; content:"veja-shoes-nz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-shoes\-nz\.com$/i"; classtype:trojan-activity; sid:38168191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain veja-shoes-nz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"veja-shoes-nz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-shoes\-nz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain veja-shoes-uae.com"; dns.query; content:"veja-shoes-uae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-shoes\-uae\.com$/i"; classtype:trojan-activity; sid:38168201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain veja-shoes-uae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"veja-shoes-uae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-shoes\-uae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain veja-shoesuk.com"; dns.query; content:"veja-shoesuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-shoesuk\.com$/i"; classtype:trojan-activity; sid:38168211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain veja-shoesuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"veja-shoesuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-shoesuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain veja-skonorge.com"; dns.query; content:"veja-skonorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-skonorge\.com$/i"; classtype:trojan-activity; sid:38168221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain veja-skonorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"veja-skonorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-skonorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejasneakers-australia.com"; dns.query; content:"vejasneakers-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejasneakers\-australia\.com$/i"; classtype:trojan-activity; sid:38168231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejasneakers-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejasneakers-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejasneakers\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejasneakers-india.com"; dns.query; content:"vejasneakers-india.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejasneakers\-india\.com$/i"; classtype:trojan-activity; sid:38168241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejasneakers-india.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejasneakers-india.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejasneakers\-india\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain veja-stockistsuk.com"; dns.query; content:"veja-stockistsuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-stockistsuk\.com$/i"; classtype:trojan-activity; sid:38168251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain veja-stockistsuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"veja-stockistsuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-stockistsuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain zapatillas-veja-outlet.com"; dns.query; content:"zapatillas-veja-outlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatillas\-veja\-outlet\.com$/i"; classtype:trojan-activity; sid:38168261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain zapatillas-veja-outlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zapatillas-veja-outlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatillas\-veja\-outlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigatoberlin.com"; dns.query; content:"axelarigatoberlin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatoberlin\.com$/i"; classtype:trojan-activity; sid:38168271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigatoberlin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigatoberlin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatoberlin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigatodenmark.com"; dns.query; content:"axelarigatodenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatodenmark\.com$/i"; classtype:trojan-activity; sid:38168281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigatodenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigatodenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatodenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigatodubai.com"; dns.query; content:"axelarigatodubai.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatodubai\.com$/i"; classtype:trojan-activity; sid:38168291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigatodubai.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigatodubai.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatodubai\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-dublin.com"; dns.query; content:"axelarigato-dublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-dublin\.com$/i"; classtype:trojan-activity; sid:38168301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-dublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-dublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-dublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-indonesia.com"; dns.query; content:"axelarigato-indonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-indonesia\.com$/i"; classtype:trojan-activity; sid:38168311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-indonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-indonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-indonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-israel.com"; dns.query; content:"axelarigato-israel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-israel\.com$/i"; classtype:trojan-activity; sid:38168321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-israel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-israel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-israel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigatolisbon.com"; dns.query; content:"axelarigatolisbon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatolisbon\.com$/i"; classtype:trojan-activity; sid:38168331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigatolisbon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigatolisbon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatolisbon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigatolondon.com"; dns.query; content:"axelarigatolondon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatolondon\.com$/i"; classtype:trojan-activity; sid:38168341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigatolondon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigatolondon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatolondon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-malaysia.com"; dns.query; content:"axelarigato-malaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-malaysia\.com$/i"; classtype:trojan-activity; sid:38168351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-malaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-malaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-malaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigatomelbourne.com"; dns.query; content:"axelarigatomelbourne.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatomelbourne\.com$/i"; classtype:trojan-activity; sid:38168361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigatomelbourne.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigatomelbourne.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatomelbourne\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-nz.com"; dns.query; content:"axelarigato-nz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-nz\.com$/i"; classtype:trojan-activity; sid:38168371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-nz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-nz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-nz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-ph.com"; dns.query; content:"axelarigato-ph.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-ph\.com$/i"; classtype:trojan-activity; sid:38168381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-ph.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-ph.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-ph\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigatosaudiarabia.com"; dns.query; content:"axelarigatosaudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatosaudiarabia\.com$/i"; classtype:trojan-activity; sid:38168391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigatosaudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigatosaudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatosaudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-schweiz.com"; dns.query; content:"axelarigato-schweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-schweiz\.com$/i"; classtype:trojan-activity; sid:38168401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-schweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-schweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-schweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-australia.com"; dns.query; content:"pendleton-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-australia\.com$/i"; classtype:trojan-activity; sid:38168411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-belgium.com"; dns.query; content:"pendleton-belgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-belgium\.com$/i"; classtype:trojan-activity; sid:38168421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-belgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-belgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-belgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-chile.com"; dns.query; content:"pendleton-chile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-chile\.com$/i"; classtype:trojan-activity; sid:38168431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-chile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-chile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-chile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendletonclothingcanada.com"; dns.query; content:"pendletonclothingcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendletonclothingcanada\.com$/i"; classtype:trojan-activity; sid:38168441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendletonclothingcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendletonclothingcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendletonclothingcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-colombia.com"; dns.query; content:"pendleton-colombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-colombia\.com$/i"; classtype:trojan-activity; sid:38168451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-colombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-colombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-colombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendletondenmark.com"; dns.query; content:"pendletondenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendletondenmark\.com$/i"; classtype:trojan-activity; sid:38168461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendletondenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendletondenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendletondenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-deutschland.com"; dns.query; content:"pendleton-deutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-deutschland\.com$/i"; classtype:trojan-activity; sid:38168471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-deutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-deutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-deutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-espana.com"; dns.query; content:"pendleton-espana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-espana\.com$/i"; classtype:trojan-activity; sid:38168481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-espana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-espana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-espana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-france.com"; dns.query; content:"pendleton-france.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-france\.com$/i"; classtype:trojan-activity; sid:38168491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-france.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-france.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-france\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-germany.com"; dns.query; content:"pendleton-germany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-germany\.com$/i"; classtype:trojan-activity; sid:38168501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-germany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-germany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-germany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-greece.com"; dns.query; content:"pendleton-greece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-greece\.com$/i"; classtype:trojan-activity; sid:38168511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-greece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-greece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-greece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-ireland.com"; dns.query; content:"pendleton-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-ireland\.com$/i"; classtype:trojan-activity; sid:38168521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-italia.com"; dns.query; content:"pendleton-italia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-italia\.com$/i"; classtype:trojan-activity; sid:38168531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-italia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-italia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-italia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-mexico.com"; dns.query; content:"pendleton-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-mexico\.com$/i"; classtype:trojan-activity; sid:38168541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-nederland.com"; dns.query; content:"pendleton-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-nederland\.com$/i"; classtype:trojan-activity; sid:38168551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendletonnewzealand.com"; dns.query; content:"pendletonnewzealand.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendletonnewzealand\.com$/i"; classtype:trojan-activity; sid:38168561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendletonnewzealand.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendletonnewzealand.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendletonnewzealand\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-norge.com"; dns.query; content:"pendleton-norge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-norge\.com$/i"; classtype:trojan-activity; sid:38168571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-norge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-norge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-norge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-polska.com"; dns.query; content:"pendleton-polska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-polska\.com$/i"; classtype:trojan-activity; sid:38168581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-polska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-polska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-polska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-portugal.com"; dns.query; content:"pendleton-portugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-portugal\.com$/i"; classtype:trojan-activity; sid:38168591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-portugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-portugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-portugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendletonschweiz.com"; dns.query; content:"pendletonschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendletonschweiz\.com$/i"; classtype:trojan-activity; sid:38168601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendletonschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendletonschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendletonschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-suomi.com"; dns.query; content:"pendleton-suomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-suomi\.com$/i"; classtype:trojan-activity; sid:38168611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-suomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-suomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-suomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-sverige.com"; dns.query; content:"pendleton-sverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-sverige\.com$/i"; classtype:trojan-activity; sid:38168621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-sverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-sverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-sverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendletonturkey.com"; dns.query; content:"pendletonturkey.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendletonturkey\.com$/i"; classtype:trojan-activity; sid:38168631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendletonturkey.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendletonturkey.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendletonturkey\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pendleton-uae.com"; dns.query; content:"pendleton-uae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-uae\.com$/i"; classtype:trojan-activity; sid:38168641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pendleton-uae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pendleton-uae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pendleton\-uae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ropapendleton.com"; dns.query; content:"ropapendleton.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ropapendleton\.com$/i"; classtype:trojan-activity; sid:38168651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ropapendleton.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ropapendleton.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ropapendleton\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain shopaxelarigato.com"; dns.query; content:"shopaxelarigato.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])shopaxelarigato\.com$/i"; classtype:trojan-activity; sid:38168661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain shopaxelarigato.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"shopaxelarigato.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])shopaxelarigato\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain toastclothingireland.com"; dns.query; content:"toastclothingireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])toastclothingireland\.com$/i"; classtype:trojan-activity; sid:38168671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain toastclothingireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"toastclothingireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])toastclothingireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain toastclothingnz.com"; dns.query; content:"toastclothingnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])toastclothingnz\.com$/i"; classtype:trojan-activity; sid:38168681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain toastclothingnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"toastclothingnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])toastclothingnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 020802097876300b00320.is-a-lawyer.com"; dns.query; content:"020802097876300b00320.is-a-lawyer.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])020802097876300b00320\.is\-a\-lawyer\.com$/i"; classtype:trojan-activity; sid:38180791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 020802097876300b00320.is-a-lawyer.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"020802097876300b00320.is-a-lawyer.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])020802097876300b00320\.is\-a\-lawyer\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180792; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain zud5ug.l57i1k.com"; dns.query; content:"zud5ug.l57i1k.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zud5ug\.l57i1k\.com$/i"; classtype:trojan-activity; sid:38180841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain zud5ug.l57i1k.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zud5ug.l57i1k.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zud5ug\.l57i1k\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180842; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> 8.219.54.123 $HTTP_PORTS (msg: "MISP e27586 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//8.219.54.123/pixel"; flow:to_server,established; http.header; content:"8.219.54.123"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> 101.200.164.66 1234 (msg: "MISP e27586 [CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//101.200.164.66|3a|1234/ptj"; flow:to_server,established; http.header; content:"101.200.164.66"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> 45.134.225.245 $HTTP_PORTS (msg: "MISP e27586 [CobaltStrike,ColocationX Ltd.,cs-watermark-987654321] Outgoing URL http|3a|//45.134.225.245/match"; flow:to_server,established; http.header; content:"45.134.225.245"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> 120.48.58.156 811 (msg: "MISP e27586 [BAIDU Beijing Baidu Netcom Science and Technology Co. Ltd.,CobaltStrike,cs-watermark-666666] Outgoing URL http|3a|//120.48.58.156|3a|811/updates.rss"; flow:to_server,established; http.header; content:"120.48.58.156"; fast_pattern; nocase; http.uri; content:"/updates.rss"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27640 [] Domain tyxmailceo.lol"; dns.query; content:"tyxmailceo.lol"; nocase; pcre: "/(^|[^A-Za-z0-9-])tyxmailceo\.lol$/i"; classtype:trojan-activity; sid:38006631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27640;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27640 [] Outgoing HTTP Domain tyxmailceo.lol"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tyxmailceo.lol"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tyxmailceo\.lol[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38006632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27640;) alert dns any any -> any any (msg: "MISP e27640 [] Domain bytmailceo.lol"; dns.query; content:"bytmailceo.lol"; nocase; pcre: "/(^|[^A-Za-z0-9-])bytmailceo\.lol$/i"; classtype:trojan-activity; sid:38006641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27640;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27640 [] Outgoing HTTP Domain bytmailceo.lol"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bytmailceo.lol"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bytmailceo\.lol[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38006642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27640;) alert ip $HOME_NET any -> 137.184.117.57 443 (msg: "MISP e27586 [CobaltStrike,cs-watermark-666666,DIGITALOCEAN-ASN] Outgoing To IP: 137.184.117.57|443"; classtype:trojan-activity; sid:37962271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27582 [] Domain colsulta-web-banestadoapp.pages.dev"; dns.query; content:"colsulta-web-banestadoapp.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])colsulta\-web\-banestadoapp\.pages\.dev$/i"; classtype:trojan-activity; sid:37961071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27582;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27582 [] Outgoing HTTP Domain colsulta-web-banestadoapp.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"colsulta-web-banestadoapp.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])colsulta\-web\-banestadoapp\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27582;) alert http $HOME_NET any -> 128.199.71.62 88 (msg: "MISP e27586 [CobaltStrike,cs-watermark-8848,DigitalOcean LLC] Outgoing URL http|3a|//128.199.71.62|3a|88/pixel"; flow:to_server,established; http.header; content:"128.199.71.62"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET 8081 (msg: "MISP e27586 [CobaltStrike,cs-watermark-1234567890,Tencent Building Kejizhongyi Avenue] Outgoing URL http|3a|//qq.qqweixinzhuce.top|3a|8081/wp08/wp-includes/dtcla.php"; flow:to_server,established; http.header; content:"qq.qqweixinzhuce.top"; fast_pattern; nocase; http.uri; content:"/wp08/wp-includes/dtcla.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 43.153.228.97 8081 (msg: "MISP e27586 [CobaltStrike,cs-watermark-1234567890,Tencent Building Kejizhongyi Avenue] Outgoing To IP: 43.153.228.97|8081"; classtype:trojan-activity; sid:37962301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> 43.204.251.178 $HTTP_PORTS (msg: "MISP e27586 [Amazon.com Inc.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//43.204.251.178/activity"; flow:to_server,established; http.header; content:"43.204.251.178"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> 3.108.192.191 $HTTP_PORTS (msg: "MISP e27586 [Amazon.com Inc.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//3.108.192.191/ga.js"; flow:to_server,established; http.header; content:"3.108.192.191"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 3.108.192.191 80 (msg: "MISP e27586 [Amazon.com Inc.,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 3.108.192.191|80"; classtype:trojan-activity; sid:37962341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> 103.253.146.79 $HTTP_PORTS (msg: "MISP e27586 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Outgoing URL http|3a|//103.253.146.79/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"103.253.146.79"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 103.253.146.79 80 (msg: "MISP e27586 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Outgoing To IP: 103.253.146.79|80"; classtype:trojan-activity; sid:37962361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [CobaltStrike,cs-watermark-1747469675,MICROSOFT-CORP-MSN-AS-BLOCK] Domain updates.prdcdn.com"; dns.query; content:"updates.prdcdn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])updates\.prdcdn\.com$/i"; classtype:trojan-activity; sid:37962371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [CobaltStrike,cs-watermark-1747469675,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain updates.prdcdn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"updates.prdcdn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])updates\.prdcdn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37962372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [CobaltStrike,cs-watermark-1747469675,MICROSOFT-CORP-MSN-AS-BLOCK] Domain citrix.prdcdn.com"; dns.query; content:"citrix.prdcdn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])citrix\.prdcdn\.com$/i"; classtype:trojan-activity; sid:37962381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [CobaltStrike,cs-watermark-1747469675,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain citrix.prdcdn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"citrix.prdcdn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])citrix\.prdcdn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37962382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [CobaltStrike,cs-watermark-1747469675,MICROSOFT-CORP-MSN-AS-BLOCK] Domain cdn.prdcdn.com"; dns.query; content:"cdn.prdcdn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\.prdcdn\.com$/i"; classtype:trojan-activity; sid:37962391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [CobaltStrike,cs-watermark-1747469675,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain cdn.prdcdn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn.prdcdn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\.prdcdn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37962392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27586 [CobaltStrike,cs-watermark-1747469675,MICROSOFT-CORP-MSN-AS-BLOCK] Domain dnsrv.prdcdn.com"; dns.query; content:"dnsrv.prdcdn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dnsrv\.prdcdn\.com$/i"; classtype:trojan-activity; sid:37962401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27586 [CobaltStrike,cs-watermark-1747469675,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing HTTP Domain dnsrv.prdcdn.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dnsrv.prdcdn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dnsrv\.prdcdn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37962402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 20.104.183.199 53 (msg: "MISP e27586 [CobaltStrike,cs-watermark-1747469675,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.104.183.199|53"; classtype:trojan-activity; sid:37962411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-chile.com"; dns.query; content:"axelarigato-chile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-chile\.com$/i"; classtype:trojan-activity; sid:38168691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-chile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-chile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-chile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-france.com"; dns.query; content:"axelarigato-france.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-france\.com$/i"; classtype:trojan-activity; sid:38168701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-france.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-france.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-france\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-nederland.com"; dns.query; content:"axelarigato-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-nederland\.com$/i"; classtype:trojan-activity; sid:38168711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-romania.com"; dns.query; content:"axelarigato-romania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-romania\.com$/i"; classtype:trojan-activity; sid:38168721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-romania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-romania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-romania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain carharttaustraliastores.com"; dns.query; content:"carharttaustraliastores.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])carharttaustraliastores\.com$/i"; classtype:trojan-activity; sid:38168731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain carharttaustraliastores.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"carharttaustraliastores.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])carharttaustraliastores\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fitflopschweizonline.com"; dns.query; content:"fitflopschweizonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopschweizonline\.com$/i"; classtype:trojan-activity; sid:38168741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fitflopschweizonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fitflopschweizonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fitflopschweizonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hokastoreaustralia.com"; dns.query; content:"hokastoreaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hokastoreaustralia\.com$/i"; classtype:trojan-activity; sid:38168751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hokastoreaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hokastoreaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hokastoreaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jeffreycampbellespana.com"; dns.query; content:"jeffreycampbellespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jeffreycampbellespana\.com$/i"; classtype:trojan-activity; sid:38168761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jeffreycampbellespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jeffreycampbellespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jeffreycampbellespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lancelsingapore.com"; dns.query; content:"lancelsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lancelsingapore\.com$/i"; classtype:trojan-activity; sid:38168771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lancelsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lancelsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lancelsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain merrellsandalerdame.com"; dns.query; content:"merrellsandalerdame.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellsandalerdame\.com$/i"; classtype:trojan-activity; sid:38168781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain merrellsandalerdame.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merrellsandalerdame.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellsandalerdame\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain merrellsnz.com"; dns.query; content:"merrellsnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellsnz\.com$/i"; classtype:trojan-activity; sid:38168791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain merrellsnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merrellsnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellsnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nike-ksa.com"; dns.query; content:"nike-ksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-ksa\.com$/i"; classtype:trojan-activity; sid:38168801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nike-ksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nike-ksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nike\-ksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanitashoesaustralia.com"; dns.query; content:"sanitashoesaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitashoesaustralia\.com$/i"; classtype:trojan-activity; sid:38168811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanitashoesaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanitashoesaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanitashoesaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain soldesmizuno.com"; dns.query; content:"soldesmizuno.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])soldesmizuno\.com$/i"; classtype:trojan-activity; sid:38168821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain soldesmizuno.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"soldesmizuno.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])soldesmizuno\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain toastclothinglondon.com"; dns.query; content:"toastclothinglondon.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])toastclothinglondon\.com$/i"; classtype:trojan-activity; sid:38168831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain toastclothinglondon.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"toastclothinglondon.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])toastclothinglondon\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain toastclothinguk.com"; dns.query; content:"toastclothinguk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])toastclothinguk\.com$/i"; classtype:trojan-activity; sid:38168841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain toastclothinguk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"toastclothinguk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])toastclothinguk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigatoathens.com"; dns.query; content:"axelarigatoathens.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatoathens\.com$/i"; classtype:trojan-activity; sid:38168851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigatoathens.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigatoathens.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigatoathens\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-belgium.com"; dns.query; content:"axelarigato-belgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-belgium\.com$/i"; classtype:trojan-activity; sid:38168861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-belgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-belgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-belgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-colombia.com"; dns.query; content:"axelarigato-colombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-colombia\.com$/i"; classtype:trojan-activity; sid:38168871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-colombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-colombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-colombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-italia.com"; dns.query; content:"axelarigato-italia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-italia\.com$/i"; classtype:trojan-activity; sid:38168881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-italia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-italia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-italia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-oslo.com"; dns.query; content:"axelarigato-oslo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-oslo\.com$/i"; classtype:trojan-activity; sid:38168891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-oslo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-oslo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-oslo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-polska.com"; dns.query; content:"axelarigato-polska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-polska\.com$/i"; classtype:trojan-activity; sid:38168901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-polska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-polska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-polska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain dcshoes-australia.com"; dns.query; content:"dcshoes-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-australia\.com$/i"; classtype:trojan-activity; sid:38168911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain dcshoes-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dcshoes-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dcshoes\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonmalaysiaoutlet.com"; dns.query; content:"lululemonmalaysiaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonmalaysiaoutlet\.com$/i"; classtype:trojan-activity; sid:38168921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonmalaysiaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonmalaysiaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonmalaysiaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunomalaysiastore.com"; dns.query; content:"mizunomalaysiastore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunomalaysiastore\.com$/i"; classtype:trojan-activity; sid:38168931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunomalaysiastore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunomalaysiastore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunomalaysiastore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain toastclothingcanada.com"; dns.query; content:"toastclothingcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])toastclothingcanada\.com$/i"; classtype:trojan-activity; sid:38168941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain toastclothingcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"toastclothingcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])toastclothingcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vivobarefootuaeshop.com"; dns.query; content:"vivobarefootuaeshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefootuaeshop\.com$/i"; classtype:trojan-activity; sid:38168951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vivobarefootuaeshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vivobarefootuaeshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefootuaeshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 65.108.20.239 50500 (msg: "MISP e27586 [RiseProStealer] Outgoing To IP: 65.108.20.239|50500"; classtype:trojan-activity; sid:37962421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 185.255.114.104 2404 (msg: "MISP e27586 [remcos] Outgoing To IP: 185.255.114.104|2404"; classtype:trojan-activity; sid:37962431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 185.11.61.169 443 (msg: "MISP e27586 [] Outgoing To IP: 185.11.61.169|443"; classtype:trojan-activity; sid:37962441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 185.11.61.170 443 (msg: "MISP e27586 [] Outgoing To IP: 185.11.61.170|443"; classtype:trojan-activity; sid:37962451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 185.11.61.171 443 (msg: "MISP e27586 [] Outgoing To IP: 185.11.61.171|443"; classtype:trojan-activity; sid:37962461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 185.11.61.172 443 (msg: "MISP e27586 [] Outgoing To IP: 185.11.61.172|443"; classtype:trojan-activity; sid:37962471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27583 [] Domain clientes-app-bancoestado-web.pages.dev"; dns.query; content:"clientes-app-bancoestado-web.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])clientes\-app\-bancoestado\-web\.pages\.dev$/i"; classtype:trojan-activity; sid:37961201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27583;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27583 [] Outgoing HTTP Domain clientes-app-bancoestado-web.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clientes-app-bancoestado-web.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clientes\-app\-bancoestado\-web\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27583;) alert ip $HOME_NET any -> 113.190.198.225 7443 (msg: "MISP e27586 [Mythic,VNPT-AS-VN VNPT Corp] Outgoing To IP: 113.190.198.225|7443"; classtype:trojan-activity; sid:37962481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 43.198.251.145 443 (msg: "MISP e27586 [AMAZON-02,Deimos] Outgoing To IP: 43.198.251.145|443"; classtype:trojan-activity; sid:37962491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 62.182.84.172 443 (msg: "MISP e27586 [Bianlian Go Trojan,YURTEH-AS] Outgoing To IP: 62.182.84.172|443"; classtype:trojan-activity; sid:37962501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 162.252.175.153 80 (msg: "MISP e27586 [Bianlian Go Trojan,M247] Outgoing To IP: 162.252.175.153|80"; classtype:trojan-activity; sid:37962511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 136.0.3.71 5295 (msg: "MISP e27586 [Bianlian Go Trojan,EVOXTENTERPRISE-AS-AP Evoxt Enterprise] Outgoing To IP: 136.0.3.71|5295"; classtype:trojan-activity; sid:37962521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 94.232.45.42 443 (msg: "MISP e27586 [Havoc,XHOST-INTERNET-SOLUTIONS] Outgoing To IP: 94.232.45.42|443"; classtype:trojan-activity; sid:37962531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 159.69.207.158 40056 (msg: "MISP e27586 [Havoc,HETZNER-AS] Outgoing To IP: 159.69.207.158|40056"; classtype:trojan-activity; sid:37962541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 192.46.228.106 445 (msg: "MISP e27586 [AKAMAI-LINODE-AP Akamai Connected Cloud,Havoc] Outgoing To IP: 192.46.228.106|445"; classtype:trojan-activity; sid:37962551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 188.119.66.163 443 (msg: "MISP e27586 [CHANGWAY-AS,Havoc] Outgoing To IP: 188.119.66.163|443"; classtype:trojan-activity; sid:37962561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 76.142.23.238 2222 (msg: "MISP e27586 [CMCS,QakBot] Outgoing To IP: 76.142.23.238|2222"; classtype:trojan-activity; sid:37962571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 72.27.136.137 443 (msg: "MISP e27586 [FLOW-NET,QakBot] Outgoing To IP: 72.27.136.137|443"; classtype:trojan-activity; sid:37962581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 70.31.125.235 2222 (msg: "MISP e27586 [BACOM,QakBot] Outgoing To IP: 70.31.125.235|2222"; classtype:trojan-activity; sid:37962591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 2.50.45.90 22 (msg: "MISP e27586 [EMIRATES-INTERNET Emirates Internet,QakBot] Outgoing To IP: 2.50.45.90|22"; classtype:trojan-activity; sid:37962601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 39.40.181.3 995 (msg: "MISP e27586 [PKTELECOM-AS-PK Pakistan Telecommunication Company Limited,QakBot] Outgoing To IP: 39.40.181.3|995"; classtype:trojan-activity; sid:37962611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 46.246.80.7 6000 (msg: "MISP e27586 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.80.7|6000"; classtype:trojan-activity; sid:37962621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 46.246.14.6 6000 (msg: "MISP e27586 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.14.6|6000"; classtype:trojan-activity; sid:37962631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 124.220.200.241 8848 (msg: "MISP e27586 [dcrat,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 124.220.200.241|8848"; classtype:trojan-activity; sid:37962641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 198.44.178.84 80 (msg: "MISP e27586 [CHANGLIAN-AS-AP ChangLian Network Technology Co. Limited,Hookbot Pegasus] Outgoing To IP: 198.44.178.84|80"; classtype:trojan-activity; sid:37962651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 91.92.242.50 81 (msg: "MISP e27586 [RedLineStealer] Outgoing To IP: 91.92.242.50|81"; classtype:trojan-activity; sid:37962661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27586 [TeamBot] Outgoing URL http|3a|//sajdfue.com/test1/get.php"; flow:to_server,established; http.header; content:"sajdfue.com"; fast_pattern; nocase; http.uri; content:"/test1/get.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 118.178.231.68 443 (msg: "MISP e27586 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 118.178.231.68|443"; classtype:trojan-activity; sid:37962701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 186.169.53.81 2025 (msg: "MISP e27586 [njrat] Outgoing To IP: 186.169.53.81|2025"; classtype:trojan-activity; sid:37962711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert ip $HOME_NET any -> 91.92.250.61 3232 (msg: "MISP e27586 [asyncrat] Outgoing To IP: 91.92.250.61|3232"; classtype:trojan-activity; sid:37962721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27586;) alert dns any any -> any any (msg: "MISP e27585 [] Domain colsulta-web-banestadoapp.pages.dev"; dns.query; content:"colsulta-web-banestadoapp.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])colsulta\-web\-banestadoapp\.pages\.dev$/i"; classtype:trojan-activity; sid:37961391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27585;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27585 [] Outgoing HTTP Domain colsulta-web-banestadoapp.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"colsulta-web-banestadoapp.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])colsulta\-web\-banestadoapp\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37961392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27585;) alert ip $HOME_NET any -> 107.175.28.248 8082 (msg: "MISP e27591 [ViriBack,Vshell] Outgoing To IP: 107.175.28.248|8082"; classtype:trojan-activity; sid:37963551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 195.20.16.127 $HTTP_PORTS (msg: "MISP e27591 [recordbreaker] Outgoing URL http|3a|//195.20.16.127/"; flow:to_server,established; http.header; content:"195.20.16.127"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37963561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 217.195.207.156 47721 (msg: "MISP e27591 [RedLineStealer] Outgoing To IP: 217.195.207.156|47721"; classtype:trojan-activity; sid:37963571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 157.230.247.198 443 (msg: "MISP e27591 [Brute Ratel C4,DIGITALOCEAN-ASN] Outgoing To IP: 157.230.247.198|443"; classtype:trojan-activity; sid:37963601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 154.17.15.207 443 (msg: "MISP e27591 [Deimos,DMIT] Outgoing To IP: 154.17.15.207|443"; classtype:trojan-activity; sid:37963611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 103.94.185.28 8888 (msg: "MISP e27591 [CNSERVERS,Supershell] Outgoing To IP: 103.94.185.28|8888"; classtype:trojan-activity; sid:37963621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 91.202.233.135 80 (msg: "MISP e27591 [Meduza Stealer,PROSPERO-AS] Outgoing To IP: 91.202.233.135|80"; classtype:trojan-activity; sid:37963631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 89.23.103.75 80 (msg: "MISP e27591 [GIR-AS,Hookbot Pegasus] Outgoing To IP: 89.23.103.75|80"; classtype:trojan-activity; sid:37963641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 178.128.122.145 80 (msg: "MISP e27591 [DIGITALOCEAN-ASN,Hookbot Pegasus] Outgoing To IP: 178.128.122.145|80"; classtype:trojan-activity; sid:37963651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 185.246.64.139 80 (msg: "MISP e27591 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 185.246.64.139|80"; classtype:trojan-activity; sid:37963661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 107.174.138.160 $HTTP_PORTS (msg: "MISP e27622 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//107.174.138.160/18070/CNN.exe"; flow:to_server,established; http.header; content:"107.174.138.160"; fast_pattern; nocase; http.uri; content:"/18070/CNN.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37991321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27622;) alert ip 103.157.97.177 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.157.97.177"; classtype:trojan-activity; sid:37991331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 41.38.217.193 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.38.217.193"; classtype:trojan-activity; sid:37991341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.222.42.91 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.42.91"; classtype:trojan-activity; sid:37991351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 157.245.58.108 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.58.108"; classtype:trojan-activity; sid:37991361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 31.129.247.1 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.129.247.1"; classtype:trojan-activity; sid:37991371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 82.157.251.253 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.251.253"; classtype:trojan-activity; sid:37991381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 62.72.45.74 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.72.45.74"; classtype:trojan-activity; sid:37991391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 201.6.220.23 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.6.220.23"; classtype:trojan-activity; sid:37991401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 52.247.71.137 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.247.71.137"; classtype:trojan-activity; sid:37991411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 103.98.73.189 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.98.73.189"; classtype:trojan-activity; sid:37991421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.222.23.243 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.23.243"; classtype:trojan-activity; sid:37991431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 23.95.213.230 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.95.213.230"; classtype:trojan-activity; sid:37991441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 69.165.78.217 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 69.165.78.217"; classtype:trojan-activity; sid:37991451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 101.42.254.218 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.254.218"; classtype:trojan-activity; sid:37991461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 1.117.233.118 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.233.118"; classtype:trojan-activity; sid:37991471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.155.176.172 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.176.172"; classtype:trojan-activity; sid:37991481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 111.230.245.205 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.245.205"; classtype:trojan-activity; sid:37991491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 45.207.61.73 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.207.61.73"; classtype:trojan-activity; sid:37991501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 175.193.97.249 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.193.97.249"; classtype:trojan-activity; sid:37991511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 1.71.52.0 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.71.52.0"; classtype:trojan-activity; sid:37991521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 2.102.98.3 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.102.98.3"; classtype:trojan-activity; sid:37991531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 202.129.211.254 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.129.211.254"; classtype:trojan-activity; sid:37991541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 103.215.221.8 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.215.221.8"; classtype:trojan-activity; sid:37991551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.153.186.76 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.186.76"; classtype:trojan-activity; sid:37991561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 114.117.236.3 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.117.236.3"; classtype:trojan-activity; sid:37991571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.153.186.176 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.186.176"; classtype:trojan-activity; sid:37991581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 191.222.208.233 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.222.208.233"; classtype:trojan-activity; sid:37991591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 182.61.58.178 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.58.178"; classtype:trojan-activity; sid:37991601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 72.167.221.203 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 72.167.221.203"; classtype:trojan-activity; sid:37991611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.156.184.74 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.184.74"; classtype:trojan-activity; sid:37991621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.155.153.33 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.153.33"; classtype:trojan-activity; sid:37991631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 116.98.167.204 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.98.167.204"; classtype:trojan-activity; sid:37991641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 213.167.224.43 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.167.224.43"; classtype:trojan-activity; sid:37991651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 159.223.5.135 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.5.135"; classtype:trojan-activity; sid:37991661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 82.220.38.24 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.220.38.24"; classtype:trojan-activity; sid:37991671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 203.12.201.155 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.12.201.155"; classtype:trojan-activity; sid:37991681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 119.91.55.215 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.55.215"; classtype:trojan-activity; sid:37991691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.156.17.233 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.17.233"; classtype:trojan-activity; sid:37991701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 80.66.75.203 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.75.203"; classtype:trojan-activity; sid:37991711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 49.247.33.186 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.247.33.186"; classtype:trojan-activity; sid:37991721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 81.70.241.6 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.241.6"; classtype:trojan-activity; sid:37991731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 185.100.53.120 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.100.53.120"; classtype:trojan-activity; sid:37991741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 1.234.31.117 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.234.31.117"; classtype:trojan-activity; sid:37991751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.241.39 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.241.39"; classtype:trojan-activity; sid:37991761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 122.51.2.15 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.2.15"; classtype:trojan-activity; sid:37991771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 80.98.184.3 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.98.184.3"; classtype:trojan-activity; sid:37991781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 20.198.103.62 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.198.103.62"; classtype:trojan-activity; sid:37991791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 217.18.62.222 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.18.62.222"; classtype:trojan-activity; sid:37991801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.110.88 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.110.88"; classtype:trojan-activity; sid:37991811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 89.208.104.117 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.208.104.117"; classtype:trojan-activity; sid:37991821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.138.223.94 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.223.94"; classtype:trojan-activity; sid:37991831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 58.87.89.16 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.87.89.16"; classtype:trojan-activity; sid:37991841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 189.4.1.6 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.4.1.6"; classtype:trojan-activity; sid:37991851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 189.26.202.218 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.26.202.218"; classtype:trojan-activity; sid:37991861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.133.40.23 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.40.23"; classtype:trojan-activity; sid:37991871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 1.9.128.2 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.9.128.2"; classtype:trojan-activity; sid:37991881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 81.232.90.227 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.232.90.227"; classtype:trojan-activity; sid:37991891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 115.97.253.199 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.97.253.199"; classtype:trojan-activity; sid:37991901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 182.61.25.91 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.61.25.91"; classtype:trojan-activity; sid:37991911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 184.168.121.235 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.168.121.235"; classtype:trojan-activity; sid:37991921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 157.245.124.106 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.124.106"; classtype:trojan-activity; sid:37991931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 45.7.9.150 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.7.9.150"; classtype:trojan-activity; sid:37991941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 117.50.165.23 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.165.23"; classtype:trojan-activity; sid:37991951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.153.29.10 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.29.10"; classtype:trojan-activity; sid:37991961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 221.156.106.151 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.156.106.151"; classtype:trojan-activity; sid:37991971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 172.210.56.119 any -> $HOME_NET any (msg: "MISP e27623 [] Incoming From IP: 172.210.56.119"; classtype:trojan-activity; sid:37991981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.159.142.70 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.142.70"; classtype:trojan-activity; sid:37991991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 180.148.4.194 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.148.4.194"; classtype:trojan-activity; sid:37992001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 172.245.156.30 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.245.156.30"; classtype:trojan-activity; sid:37992011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 181.123.12.225 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.123.12.225"; classtype:trojan-activity; sid:37992021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 86.104.40.254 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.104.40.254"; classtype:trojan-activity; sid:37992031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.231.224 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.231.224"; classtype:trojan-activity; sid:37992041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.133.213.190 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.213.190"; classtype:trojan-activity; sid:37992051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.131.250.182 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.250.182"; classtype:trojan-activity; sid:37992061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 119.91.32.36 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.32.36"; classtype:trojan-activity; sid:37992071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 107.172.16.247 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.16.247"; classtype:trojan-activity; sid:37992081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 45.249.79.10 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.249.79.10"; classtype:trojan-activity; sid:37992091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 137.184.125.8 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.125.8"; classtype:trojan-activity; sid:37992101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 185.220.101.184 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.184"; classtype:trojan-activity; sid:37992111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 194.56.189.193 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.56.189.193"; classtype:trojan-activity; sid:37992121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 109.123.250.253 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.123.250.253"; classtype:trojan-activity; sid:37992131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 129.226.144.4 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.144.4"; classtype:trojan-activity; sid:37992141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 149.56.44.47 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.56.44.47"; classtype:trojan-activity; sid:37992151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 188.166.213.91 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.213.91"; classtype:trojan-activity; sid:37992161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 45.83.104.137 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.83.104.137"; classtype:trojan-activity; sid:37992171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.0.103 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.0.103"; classtype:trojan-activity; sid:37992181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 104.244.77.79 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.244.77.79"; classtype:trojan-activity; sid:37992191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.111.32 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.111.32"; classtype:trojan-activity; sid:37992201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 92.205.61.145 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.205.61.145"; classtype:trojan-activity; sid:37992211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 198.98.48.192 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.98.48.192"; classtype:trojan-activity; sid:37992221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 170.64.194.80 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.194.80"; classtype:trojan-activity; sid:37992231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 101.43.95.208 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.95.208"; classtype:trojan-activity; sid:37992241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 14.29.180.161 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.29.180.161"; classtype:trojan-activity; sid:37992251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 160.251.214.51 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 160.251.214.51"; classtype:trojan-activity; sid:37992261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 212.164.86.77 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.164.86.77"; classtype:trojan-activity; sid:37992271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.157.23.114 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.23.114"; classtype:trojan-activity; sid:37992281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.159.55.112 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.55.112"; classtype:trojan-activity; sid:37992291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 162.62.214.115 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.214.115"; classtype:trojan-activity; sid:37992301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 175.24.172.4 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.24.172.4"; classtype:trojan-activity; sid:37992311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 113.24.65.165 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.24.65.165"; classtype:trojan-activity; sid:37992321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 1.116.79.145 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.116.79.145"; classtype:trojan-activity; sid:37992331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 54.37.154.87 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.37.154.87"; classtype:trojan-activity; sid:37992341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 170.64.205.172 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.205.172"; classtype:trojan-activity; sid:37992351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 42.101.89.233 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.101.89.233"; classtype:trojan-activity; sid:37992361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 139.155.91.169 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.155.91.169"; classtype:trojan-activity; sid:37992371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.163.232.192 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.232.192"; classtype:trojan-activity; sid:37992381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.157.56.214 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.56.214"; classtype:trojan-activity; sid:37992391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 221.140.57.181 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.140.57.181"; classtype:trojan-activity; sid:37992401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 5.145.113.148 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.145.113.148"; classtype:trojan-activity; sid:37992411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 209.141.59.116 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.141.59.116"; classtype:trojan-activity; sid:37992421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.129.200.183 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.200.183"; classtype:trojan-activity; sid:37992431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 168.228.114.188 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.228.114.188"; classtype:trojan-activity; sid:37992441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 139.59.59.165 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.59.165"; classtype:trojan-activity; sid:37992451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 171.25.193.77 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.25.193.77"; classtype:trojan-activity; sid:37992461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 103.132.199.115 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance] Incoming From IP: 103.132.199.115"; classtype:trojan-activity; sid:37992471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.135.157.148 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.157.148"; classtype:trojan-activity; sid:37992481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 101.126.64.237 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.64.237"; classtype:trojan-activity; sid:37992491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 83.224.150.49 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.224.150.49"; classtype:trojan-activity; sid:37992501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 82.193.114.85 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.193.114.85"; classtype:trojan-activity; sid:37992511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.153.48.75 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.48.75"; classtype:trojan-activity; sid:37992521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.130.17.92 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.17.92"; classtype:trojan-activity; sid:37992531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 66.112.222.37 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.112.222.37"; classtype:trojan-activity; sid:37992541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.163.244.4 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.244.4"; classtype:trojan-activity; sid:37992551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 14.162.145.33 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.162.145.33"; classtype:trojan-activity; sid:37992561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 106.53.207.20 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.207.20"; classtype:trojan-activity; sid:37992571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 109.199.100.139 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.199.100.139"; classtype:trojan-activity; sid:37992581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 144.126.140.9 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.126.140.9"; classtype:trojan-activity; sid:37992591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 111.231.64.241 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.64.241"; classtype:trojan-activity; sid:37992601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.222.52.172 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.52.172"; classtype:trojan-activity; sid:37992611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.163.247.189 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.247.189"; classtype:trojan-activity; sid:37992621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 185.220.101.99 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.99"; classtype:trojan-activity; sid:37992631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 23.129.64.211 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.211"; classtype:trojan-activity; sid:37992641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 45.184.108.112 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.184.108.112"; classtype:trojan-activity; sid:37992651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 120.48.84.73 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.84.73"; classtype:trojan-activity; sid:37992661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.166.199 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.166.199"; classtype:trojan-activity; sid:37992671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 209.141.58.142 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.141.58.142"; classtype:trojan-activity; sid:37992681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 49.204.134.12 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.204.134.12"; classtype:trojan-activity; sid:37992691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 87.248.129.120 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.248.129.120"; classtype:trojan-activity; sid:37992701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 185.250.37.87 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.250.37.87"; classtype:trojan-activity; sid:37992711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 94.102.125.123 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.102.125.123"; classtype:trojan-activity; sid:37992721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 81.70.25.204 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.25.204"; classtype:trojan-activity; sid:37992731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 213.136.84.104 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.136.84.104"; classtype:trojan-activity; sid:37992741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 111.91.178.253 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.91.178.253"; classtype:trojan-activity; sid:37992751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 154.92.16.199 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.92.16.199"; classtype:trojan-activity; sid:37992761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 211.223.41.90 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.223.41.90"; classtype:trojan-activity; sid:37992771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 103.164.8.158 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.164.8.158"; classtype:trojan-activity; sid:37992781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 118.145.8.50 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.145.8.50"; classtype:trojan-activity; sid:37992791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.156.223.70 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.223.70"; classtype:trojan-activity; sid:37992801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.135.156.178 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.156.178"; classtype:trojan-activity; sid:37992811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 129.226.95.68 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.95.68"; classtype:trojan-activity; sid:37992821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 81.70.164.11 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance] Incoming From IP: 81.70.164.11"; classtype:trojan-activity; sid:37992831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 113.161.75.167 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.161.75.167"; classtype:trojan-activity; sid:37992841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.128.131.16 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.131.16"; classtype:trojan-activity; sid:37992851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 106.53.187.172 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.187.172"; classtype:trojan-activity; sid:37992861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 23.129.64.214 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.214"; classtype:trojan-activity; sid:37992871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 116.148.185.51 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.148.185.51"; classtype:trojan-activity; sid:37992881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 159.203.113.252 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.113.252"; classtype:trojan-activity; sid:37992891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 23.129.64.144 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.129.64.144"; classtype:trojan-activity; sid:37992901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 162.247.74.74 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.247.74.74"; classtype:trojan-activity; sid:37992911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 107.189.6.124 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.189.6.124"; classtype:trojan-activity; sid:37992921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 185.220.101.109 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.220.101.109"; classtype:trojan-activity; sid:37992931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.131.247.121 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.247.121"; classtype:trojan-activity; sid:37992941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.222.15.56 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.15.56"; classtype:trojan-activity; sid:37992951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 157.245.240.20 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.240.20"; classtype:trojan-activity; sid:37992961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 101.43.210.74 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.210.74"; classtype:trojan-activity; sid:37992971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 70.55.171.54 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 70.55.171.54"; classtype:trojan-activity; sid:37992981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 186.228.76.26 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.228.76.26"; classtype:trojan-activity; sid:37992991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 14.17.96.6 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.17.96.6"; classtype:trojan-activity; sid:37993001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 168.90.91.124 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.90.91.124"; classtype:trojan-activity; sid:37993011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 184.168.123.65 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.168.123.65"; classtype:trojan-activity; sid:37993021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 209.97.168.103 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.97.168.103"; classtype:trojan-activity; sid:37993031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 51.79.55.227 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.79.55.227"; classtype:trojan-activity; sid:37993041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 222.187.232.131 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.187.232.131"; classtype:trojan-activity; sid:37993051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.153.189.217 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.189.217"; classtype:trojan-activity; sid:37993061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 170.64.176.201 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.176.201"; classtype:trojan-activity; sid:37993071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 152.136.199.20 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.199.20"; classtype:trojan-activity; sid:37993081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.27.153 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.27.153"; classtype:trojan-activity; sid:37993091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 77.224.112.212 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.224.112.212"; classtype:trojan-activity; sid:37993101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.163.221.113 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.221.113"; classtype:trojan-activity; sid:37993111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 36.92.214.178 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.92.214.178"; classtype:trojan-activity; sid:37993121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 61.239.37.30 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.239.37.30"; classtype:trojan-activity; sid:37993131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 84.247.183.88 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.247.183.88"; classtype:trojan-activity; sid:37993141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 101.43.12.153 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.12.153"; classtype:trojan-activity; sid:37993151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 85.216.4.211 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.216.4.211"; classtype:trojan-activity; sid:37993161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 165.154.183.140 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.183.140"; classtype:trojan-activity; sid:37993171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 34.101.126.15 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.101.126.15"; classtype:trojan-activity; sid:37993181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 111.230.93.190 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.93.190"; classtype:trojan-activity; sid:37993191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 164.92.93.78 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.93.78"; classtype:trojan-activity; sid:37993201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 95.244.67.171 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.244.67.171"; classtype:trojan-activity; sid:37993211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 117.88.100.240 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.88.100.240"; classtype:trojan-activity; sid:37993221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.130.36.110 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.36.110"; classtype:trojan-activity; sid:37993231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 154.211.15.26 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.211.15.26"; classtype:trojan-activity; sid:37993241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 113.31.119.15 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.31.119.15"; classtype:trojan-activity; sid:37993251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.156.185.119 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.185.119"; classtype:trojan-activity; sid:37993261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 212.164.209.131 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.164.209.131"; classtype:trojan-activity; sid:37993271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 202.55.175.236 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.55.175.236"; classtype:trojan-activity; sid:37993281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 51.210.243.91 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.210.243.91"; classtype:trojan-activity; sid:37993291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.85.91 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.85.91"; classtype:trojan-activity; sid:37993301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 195.130.197.10 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.130.197.10"; classtype:trojan-activity; sid:37993311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.156.13.116 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.13.116"; classtype:trojan-activity; sid:37993321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 50.206.19.62 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.206.19.62"; classtype:trojan-activity; sid:37993331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 170.64.132.237 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.132.237"; classtype:trojan-activity; sid:37993341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert dns any any -> any any (msg: "MISP e27591 [Mirai] Domain botnet7.vani.ovh"; dns.query; content:"botnet7.vani.ovh"; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet7\.vani\.ovh$/i"; classtype:trojan-activity; sid:37963711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [Mirai] Outgoing HTTP Domain botnet7.vani.ovh"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botnet7.vani.ovh"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botnet7\.vani\.ovh[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 45.134.225.245 $HTTP_PORTS (msg: "MISP e27591 [CobaltStrike,ColocationX Ltd.,cs-watermark-987654321] Outgoing URL http|3a|//45.134.225.245/pixel"; flow:to_server,established; http.header; content:"45.134.225.245"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37963731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 172.86.101.115 4483 (msg: "MISP e27591 [RedLineStealer] Outgoing To IP: 172.86.101.115|4483"; classtype:trojan-activity; sid:37963751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27587 [] Outgoing URL http|3a|//dev-0409201819122013.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-0409201819122013.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27587;) alert dns any any -> any any (msg: "MISP e27587 [] Domain dev-0409201819122013.pantheonsite.io"; dns.query; content:"dev-0409201819122013.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-0409201819122013\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37962781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27587;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27587 [] Outgoing HTTP Domain dev-0409201819122013.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-0409201819122013.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-0409201819122013\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37962782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27587;) alert ip $HOME_NET any -> 164.92.116.94 443 (msg: "MISP e27591 [CobaltStrike,cs-watermark-1321798405,DIGITALOCEAN-ASN] Outgoing To IP: 164.92.116.94|443"; classtype:trojan-activity; sid:37963771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 38.27.163.244 8443 (msg: "MISP e27591 [CobaltStrike,COGENT-174,cs-watermark-1151119648] Outgoing URL http|3a|//38.27.163.244|3a|8443/styles.html"; flow:to_server,established; http.header; content:"38.27.163.244"; fast_pattern; nocase; http.uri; content:"/styles.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37963781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 45.95.147.168 1311 (msg: "MISP e27591 [TBOTNET] Outgoing To IP: 45.95.147.168|1311"; classtype:trojan-activity; sid:37963271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 85.204.116.124 1311 (msg: "MISP e27591 [TBOTNET] Outgoing To IP: 85.204.116.124|1311"; classtype:trojan-activity; sid:37963241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 85.204.116.126 1294 (msg: "MISP e27591 [TBOTNET] Outgoing To IP: 85.204.116.126|1294"; classtype:trojan-activity; sid:37963251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 85.204.116.131 1311 (msg: "MISP e27591 [TBOTNET] Outgoing To IP: 85.204.116.131|1311"; classtype:trojan-activity; sid:37963261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 85.204.116.143 1296 (msg: "MISP e27591 [TBOTNET] Outgoing To IP: 85.204.116.143|1296"; classtype:trojan-activity; sid:37963211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 85.204.116.144 1284 (msg: "MISP e27591 [TBOTNET] Outgoing To IP: 85.204.116.144|1284"; classtype:trojan-activity; sid:37963221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 85.204.116.139 1311 (msg: "MISP e27591 [TBOTNET] Outgoing To IP: 85.204.116.139|1311"; classtype:trojan-activity; sid:37963231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 94.156.69.14 1311 (msg: "MISP e27591 [AS-394711,censys,LIMENET,TBOTNET] Outgoing To IP: 94.156.69.14|1311"; classtype:trojan-activity; sid:37963191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 78.40.117.219 1311 (msg: "MISP e27591 [TBOTNET] Outgoing To IP: 78.40.117.219|1311"; classtype:trojan-activity; sid:37963201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 91.92.246.211 1311 (msg: "MISP e27591 [AS-394711,censys,LIMENET,TBOTNET] Outgoing To IP: 91.92.246.211|1311"; classtype:trojan-activity; sid:37963171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 91.92.247.229 1311 (msg: "MISP e27591 [AS-394711,censys,LIMENET,TBOTNET] Outgoing To IP: 91.92.247.229|1311"; classtype:trojan-activity; sid:37963181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 91.92.246.213 1289 (msg: "MISP e27591 [AS-394711,censys,LIMENET,TBOTNET] Outgoing To IP: 91.92.246.213|1289"; classtype:trojan-activity; sid:37963161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 171.228.226.103 42597 (msg: "MISP e27591 [c2,moobot] Outgoing To IP: 171.228.226.103|42597"; classtype:trojan-activity; sid:37963141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 91.92.246.154 1370 (msg: "MISP e27591 [AS-394711,censys,LIMENET,TBOTNET] Outgoing To IP: 91.92.246.154|1370"; classtype:trojan-activity; sid:37963151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 18.231.93.153 19606 (msg: "MISP e27591 [njrat,RAT] Outgoing To IP: 18.231.93.153|19606"; classtype:trojan-activity; sid:37963281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 18.229.248.167 19606 (msg: "MISP e27591 [njrat,RAT] Outgoing To IP: 18.229.248.167|19606"; classtype:trojan-activity; sid:37963291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain api.startservicefounds.com"; dns.query; content:"api.startservicefounds.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.startservicefounds\.com$/i"; classtype:trojan-activity; sid:37963301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain api.startservicefounds.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"api.startservicefounds.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.startservicefounds\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain dns.startservicefounds.com"; dns.query; content:"dns.startservicefounds.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.startservicefounds\.com$/i"; classtype:trojan-activity; sid:37963311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain dns.startservicefounds.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.startservicefounds.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.startservicefounds\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain start.apistatexperience.com"; dns.query; content:"start.apistatexperience.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])start\.apistatexperience\.com$/i"; classtype:trojan-activity; sid:37963321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain start.apistatexperience.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"start.apistatexperience.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])start\.apistatexperience\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 91.92.241.220 59962 (msg: "MISP e27591 [Mirai] Outgoing To IP: 91.92.241.220|59962"; classtype:trojan-activity; sid:37963331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [Mirai] Domain cnc.pr333.ggm.kr"; dns.query; content:"cnc.pr333.ggm.kr"; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.pr333\.ggm\.kr$/i"; classtype:trojan-activity; sid:37963341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [Mirai] Outgoing HTTP Domain cnc.pr333.ggm.kr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cnc.pr333.ggm.kr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cnc\.pr333\.ggm\.kr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 45.9.74.12 $HTTP_PORTS (msg: "MISP e27591 [EmailStealer,mir24] Outgoing URL http|3a|//45.9.74.12/server.php"; flow:to_server,established; http.header; content:"45.9.74.12"; fast_pattern; nocase; http.uri; content:"/server.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37963351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 45.9.74.12 80 (msg: "MISP e27591 [EmailStealer,mir24] Outgoing To IP: 45.9.74.12|80"; classtype:trojan-activity; sid:37963361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 103.153.69.114 43046 (msg: "MISP e27591 [c2,Gafgyt,Mirai] Outgoing To IP: 103.153.69.114|43046"; classtype:trojan-activity; sid:37963411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 194.9.172.135 7730 (msg: "MISP e27591 [] Outgoing To IP: 194.9.172.135|7730"; classtype:trojan-activity; sid:37963401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [AS394711,LIMENET,meshagent,RAT] Domain trscentral.duckdns.org"; dns.query; content:"trscentral.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])trscentral\.duckdns\.org$/i"; classtype:trojan-activity; sid:37963511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [AS394711,LIMENET,meshagent,RAT] Outgoing HTTP Domain trscentral.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trscentral.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trscentral\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 37.120.141.139 1113 (msg: "MISP e27591 [AS9009,c2,M247,RAT] Outgoing To IP: 37.120.141.139|1113"; classtype:trojan-activity; sid:37963491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 91.92.254.250 $HTTP_PORTS (msg: "MISP e27591 [AS394711,LIMENET,RAT] Outgoing URL http|3a|//91.92.254.250/trs_async.exe"; flow:to_server,established; http.header; content:"91.92.254.250"; fast_pattern; nocase; http.uri; content:"/trs_async.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37963501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 193.149.129.251 4443 (msg: "MISP e27591 [AS399629,BLNWX,c2] Outgoing To IP: 193.149.129.251|4443"; classtype:trojan-activity; sid:37963471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [AS9009,M247,RAT] Domain scambaiter11.ddns.net"; dns.query; content:"scambaiter11.ddns.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])scambaiter11\.ddns\.net$/i"; classtype:trojan-activity; sid:37963481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [AS9009,M247,RAT] Outgoing HTTP Domain scambaiter11.ddns.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"scambaiter11.ddns.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])scambaiter11\.ddns\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 91.92.246.100 7707 (msg: "MISP e27591 [AS394711,c2,censys,LIMENET,NL,RAT] Outgoing To IP: 91.92.246.100|7707"; classtype:trojan-activity; sid:37963441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 91.92.246.100 8808 (msg: "MISP e27591 [AS394711,c2,censys,LIMENET,NL,RAT] Outgoing To IP: 91.92.246.100|8808"; classtype:trojan-activity; sid:37963451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 91.92.246.100 6606 (msg: "MISP e27591 [AS394711,c2,censys,LIMENET,NL,RAT] Outgoing To IP: 91.92.246.100|6606"; classtype:trojan-activity; sid:37963461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 94.156.66.44 9090 (msg: "MISP e27591 [AS394711,c2,censys,LIMENET] Outgoing To IP: 94.156.66.44|9090"; classtype:trojan-activity; sid:37963421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 94.156.67.106 80 (msg: "MISP e27591 [AS394711,c2,censys,Cobalt Strike,LIMENET,NL] Outgoing To IP: 94.156.67.106|80"; classtype:trojan-activity; sid:37963431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 3.121.139.82 14314 (msg: "MISP e27591 [njrat,RAT] Outgoing To IP: 3.121.139.82|14314"; classtype:trojan-activity; sid:37963681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 18.198.77.177 14314 (msg: "MISP e27591 [njrat,RAT] Outgoing To IP: 18.198.77.177|14314"; classtype:trojan-activity; sid:37963691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 35.158.159.254 14314 (msg: "MISP e27591 [njrat,RAT] Outgoing To IP: 35.158.159.254|14314"; classtype:trojan-activity; sid:37963701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 3.66.38.117 13672 (msg: "MISP e27591 [njrat,RAT] Outgoing To IP: 3.66.38.117|13672"; classtype:trojan-activity; sid:37963581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 3.69.157.220 13672 (msg: "MISP e27591 [njrat,RAT] Outgoing To IP: 3.69.157.220|13672"; classtype:trojan-activity; sid:37963591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 192.169.69.26 313 (msg: "MISP e27591 [NanoCore,RAT] Outgoing To IP: 192.169.69.26|313"; classtype:trojan-activity; sid:37963671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [cryptbot] Domain store.klone1vt.top"; dns.query; content:"store.klone1vt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])store\.klone1vt\.top$/i"; classtype:trojan-activity; sid:37963541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [cryptbot] Outgoing HTTP Domain store.klone1vt.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"store.klone1vt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])store\.klone1vt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [cryptbot] Domain qtwo2ht.top"; dns.query; content:"qtwo2ht.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])qtwo2ht\.top$/i"; classtype:trojan-activity; sid:37963521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [cryptbot] Outgoing HTTP Domain qtwo2ht.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"qtwo2ht.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])qtwo2ht\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [cryptbot] Domain shop.klnein9ht.top"; dns.query; content:"shop.klnein9ht.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])shop\.klnein9ht\.top$/i"; classtype:trojan-activity; sid:37963531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [cryptbot] Outgoing HTTP Domain shop.klnein9ht.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"shop.klnein9ht.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])shop\.klnein9ht\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain scripts.bestresulttostart.com"; dns.query; content:"scripts.bestresulttostart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])scripts\.bestresulttostart\.com$/i"; classtype:trojan-activity; sid:37963821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain scripts.bestresulttostart.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"scripts.bestresulttostart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])scripts\.bestresulttostart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain ttincoming.traveltraffic.cc"; dns.query; content:"ttincoming.traveltraffic.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])ttincoming\.traveltraffic\.cc$/i"; classtype:trojan-activity; sid:37963801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain ttincoming.traveltraffic.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ttincoming.traveltraffic.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ttincoming\.traveltraffic\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain bestresulttostart.com"; dns.query; content:"bestresulttostart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bestresulttostart\.com$/i"; classtype:trojan-activity; sid:37963811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain bestresulttostart.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bestresulttostart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bestresulttostart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain host.cloudsonicwave.com"; dns.query; content:"host.cloudsonicwave.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])host\.cloudsonicwave\.com$/i"; classtype:trojan-activity; sid:37963791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain host.cloudsonicwave.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"host.cloudsonicwave.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])host\.cloudsonicwave\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain point.bestresulttostart.com"; dns.query; content:"point.bestresulttostart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])point\.bestresulttostart\.com$/i"; classtype:trojan-activity; sid:37963861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain point.bestresulttostart.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"point.bestresulttostart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])point\.bestresulttostart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain right.bestresulttostart.com"; dns.query; content:"right.bestresulttostart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])right\.bestresulttostart\.com$/i"; classtype:trojan-activity; sid:37963871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain right.bestresulttostart.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"right.bestresulttostart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])right\.bestresulttostart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain find.bestresulttostart.com"; dns.query; content:"find.bestresulttostart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])find\.bestresulttostart\.com$/i"; classtype:trojan-activity; sid:37963841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain find.bestresulttostart.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"find.bestresulttostart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])find\.bestresulttostart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain follow.bestresulttostart.com"; dns.query; content:"follow.bestresulttostart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])follow\.bestresulttostart\.com$/i"; classtype:trojan-activity; sid:37963851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain follow.bestresulttostart.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"follow.bestresulttostart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])follow\.bestresulttostart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [balada,wordpress inject] Domain api.bestresulttostart.com"; dns.query; content:"api.bestresulttostart.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.bestresulttostart\.com$/i"; classtype:trojan-activity; sid:37963831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [balada,wordpress inject] Outgoing HTTP Domain api.bestresulttostart.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"api.bestresulttostart.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.bestresulttostart\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27624 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//ace-unity.com/phase/rQuoIAxUHuFq165.bin"; flow:to_server,established; http.header; content:"ace-unity.com"; fast_pattern; nocase; http.uri; content:"/phase/rQuoIAxUHuFq165.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37995061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27624;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27634 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//ace-unity.com/phase/ndInZlraKyOzdckSrCaLb76.bin"; flow:to_server,established; http.header; content:"ace-unity.com"; fast_pattern; nocase; http.uri; content:"/phase/ndInZlraKyOzdckSrCaLb76.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27634;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27634 [kill-chain:Command and Control,misp-galaxy:mitre-tool="Remcos - S0332"] Outgoing URL http|3a|//ace-unity.com/phase/rQuoIAxUHuFq165.bin"; flow:to_server,established; http.header; content:"ace-unity.com"; fast_pattern; nocase; http.uri; content:"/phase/rQuoIAxUHuFq165.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27634;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27588 [] Outgoing URL http|3a|//dev-bancolombia-free.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-bancolombia-free.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37962851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27588;) alert dns any any -> any any (msg: "MISP e27588 [] Domain dev-bancolombia-free.pantheonsite.io"; dns.query; content:"dev-bancolombia-free.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-bancolombia\-free\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37962871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27588;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27588 [] Outgoing HTTP Domain dev-bancolombia-free.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-bancolombia-free.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-bancolombia\-free\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37962872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27588;) alert dns any any -> any any (msg: "MISP e27589 [] Domain liderbciserviciosfinancieros-cl.olivason.com.tr"; dns.query; content:"liderbciserviciosfinancieros-cl.olivason.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-])liderbciserviciosfinancieros\-cl\.olivason\.com\.tr$/i"; classtype:trojan-activity; sid:37962971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27589;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27589 [] Outgoing HTTP Domain liderbciserviciosfinancieros-cl.olivason.com.tr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liderbciserviciosfinancieros-cl.olivason.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liderbciserviciosfinancieros\-cl\.olivason\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37962972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27589;) alert dns any any -> any any (msg: "MISP e27591 [] Domain fzmovies.space"; dns.query; content:"fzmovies.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])fzmovies\.space$/i"; classtype:trojan-activity; sid:37964051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [] Outgoing HTTP Domain fzmovies.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fzmovies.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fzmovies\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37964052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [] Domain mail.87-119-220-245.cprapid.com"; dns.query; content:"mail.87-119-220-245.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.87\-119\-220\-245\.cprapid\.com$/i"; classtype:trojan-activity; sid:37964061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [] Outgoing HTTP Domain mail.87-119-220-245.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.87-119-220-245.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.87\-119\-220\-245\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37964062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [] Domain www.fzmovies.space"; dns.query; content:"www.fzmovies.space"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fzmovies\.space$/i"; classtype:trojan-activity; sid:37964041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [] Outgoing HTTP Domain www.fzmovies.space"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.fzmovies.space"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.fzmovies\.space[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37964042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 87.119.220.245 443 (msg: "MISP e27591 [] Outgoing To IP: 87.119.220.245|443"; classtype:trojan-activity; sid:37964021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [] Domain www.87-119-220-245.cprapid.com"; dns.query; content:"www.87-119-220-245.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.87\-119\-220\-245\.cprapid\.com$/i"; classtype:trojan-activity; sid:37964031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [] Outgoing HTTP Domain www.87-119-220-245.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.87-119-220-245.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.87\-119\-220\-245\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37964032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 87.119.220.245 4456 (msg: "MISP e27591 [] Outgoing To IP: 87.119.220.245|4456"; classtype:trojan-activity; sid:37963881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 47.101.181.195 5005 (msg: "MISP e27591 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-100000] Outgoing URL http|3a|//47.101.181.195|3a|5005/visit.js"; flow:to_server,established; http.header; content:"47.101.181.195"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 81.71.140.170 8888 (msg: "MISP e27591 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//81.71.140.170|3a|8888/ca"; flow:to_server,established; http.header; content:"81.71.140.170"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 107.174.241.206 4444 (msg: "MISP e27591 [CobaltStrike,cs-watermark-987654321,HostPapa] Outgoing URL http|3a|//107.174.241.206|3a|4444/ptj"; flow:to_server,established; http.header; content:"107.174.241.206"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 45.74.36.78 $HTTP_PORTS (msg: "MISP e27591 [CobaltStrike,cs-watermark-987654321,Datacamp Limited] Outgoing URL http|3a|//45.74.36.78/_/scs/mail-static/_/js/"; flow:to_server,established; http.header; content:"45.74.36.78"; fast_pattern; nocase; http.uri; content:"/_/scs/mail-static/_/js/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 45.74.36.78 80 (msg: "MISP e27591 [CobaltStrike,cs-watermark-987654321,Datacamp Limited] Outgoing To IP: 45.74.36.78|80"; classtype:trojan-activity; sid:37964121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 154.3.1.95 $HTTP_PORTS (msg: "MISP e27591 [CobaltStrike,Cogent Communications,cs-watermark-100000] Outgoing URL http|3a|//154.3.1.95/ptj"; flow:to_server,established; http.header; content:"154.3.1.95"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 45.74.36.78 3333 (msg: "MISP e27591 [CobaltStrike,cs-watermark-987654321,Datacamp Limited] Outgoing URL http|3a|//45.74.36.78|3a|3333/_/scs/mail-static/_/js/"; flow:to_server,established; http.header; content:"45.74.36.78"; fast_pattern; nocase; http.uri; content:"/_/scs/mail-static/_/js/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 47.109.106.162 $HTTP_PORTS (msg: "MISP e27591 [CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.109.106.162/pixel"; flow:to_server,established; http.header; content:"47.109.106.162"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 47.94.241.49 8080 (msg: "MISP e27591 [CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//47.94.241.49|3a|8080/activity"; flow:to_server,established; http.header; content:"47.94.241.49"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 139.180.192.219 $HTTP_PORTS (msg: "MISP e27591 [CobaltStrike,cs-watermark-987654321,The Constant Company LLC] Outgoing URL http|3a|//139.180.192.219/push"; flow:to_server,established; http.header; content:"139.180.192.219"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 120.48.5.80 7777 (msg: "MISP e27591 [Beijing Baidu Netcom Science and Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//120.48.5.80|3a|7777/cm"; flow:to_server,established; http.header; content:"120.48.5.80"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 178.63.148.180 5552 (msg: "MISP e27591 [njrat,RAT] Outgoing To IP: 178.63.148.180|5552"; classtype:trojan-activity; sid:37964201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip 43.159.32.216 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.32.216"; classtype:trojan-activity; sid:37993351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 49.247.198.162 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.247.198.162"; classtype:trojan-activity; sid:37993361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 104.250.49.163 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.163"; classtype:trojan-activity; sid:37993371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.153.212.161 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.212.161"; classtype:trojan-activity; sid:37993381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 41.139.174.114 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.139.174.114"; classtype:trojan-activity; sid:37993391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 178.255.222.156 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.255.222.156"; classtype:trojan-activity; sid:37993401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.153.178.30 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.178.30"; classtype:trojan-activity; sid:37993411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.155.159.171 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.159.171"; classtype:trojan-activity; sid:37993421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 185.126.10.117 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.126.10.117"; classtype:trojan-activity; sid:37993431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 111.229.143.214 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.143.214"; classtype:trojan-activity; sid:37993441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 49.205.192.246 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.205.192.246"; classtype:trojan-activity; sid:37993451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.156.8.253 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.8.253"; classtype:trojan-activity; sid:37993461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 58.144.197.234 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.144.197.234"; classtype:trojan-activity; sid:37993471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 175.24.33.7 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.24.33.7"; classtype:trojan-activity; sid:37993481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 59.56.73.141 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.56.73.141"; classtype:trojan-activity; sid:37993491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 51.254.143.15 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.254.143.15"; classtype:trojan-activity; sid:37993501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 178.47.41.254 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.47.41.254"; classtype:trojan-activity; sid:37993511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.143.218.11 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.218.11"; classtype:trojan-activity; sid:37993521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 188.121.104.75 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.121.104.75"; classtype:trojan-activity; sid:37993531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 182.71.246.11 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.71.246.11"; classtype:trojan-activity; sid:37993541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 58.209.82.184 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.209.82.184"; classtype:trojan-activity; sid:37993551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 187.87.138.163 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.87.138.163"; classtype:trojan-activity; sid:37993561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.128.108 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.128.108"; classtype:trojan-activity; sid:37993571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 129.226.210.156 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.210.156"; classtype:trojan-activity; sid:37993581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 46.28.24.69 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.28.24.69"; classtype:trojan-activity; sid:37993591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.157.40.218 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.40.218"; classtype:trojan-activity; sid:37993601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 14.103.42.143 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.42.143"; classtype:trojan-activity; sid:37993611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 181.171.38.85 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.171.38.85"; classtype:trojan-activity; sid:37993621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.142.149.45 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.149.45"; classtype:trojan-activity; sid:37993631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 113.89.53.147 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.89.53.147"; classtype:trojan-activity; sid:37993641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 180.184.135.15 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.184.135.15"; classtype:trojan-activity; sid:37993651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.139.238.141 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.139.238.141"; classtype:trojan-activity; sid:37993661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 188.35.29.19 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.35.29.19"; classtype:trojan-activity; sid:37993671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.130.27.101 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.27.101"; classtype:trojan-activity; sid:37993681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 74.208.62.83 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.208.62.83"; classtype:trojan-activity; sid:37993691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 45.119.81.249 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.119.81.249"; classtype:trojan-activity; sid:37993701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 14.225.255.177 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.225.255.177"; classtype:trojan-activity; sid:37993711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 45.90.97.215 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.90.97.215"; classtype:trojan-activity; sid:37993721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 45.95.173.24 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.95.173.24"; classtype:trojan-activity; sid:37993731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 8.219.85.7 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.219.85.7"; classtype:trojan-activity; sid:37993741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 165.22.39.190 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.39.190"; classtype:trojan-activity; sid:37993751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.157.21.152 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.21.152"; classtype:trojan-activity; sid:37993761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 118.89.56.209 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.89.56.209"; classtype:trojan-activity; sid:37993771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 102.130.119.86 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.130.119.86"; classtype:trojan-activity; sid:37993781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 165.232.180.16 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.180.16"; classtype:trojan-activity; sid:37993791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 185.17.229.65 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.17.229.65"; classtype:trojan-activity; sid:37993801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 81.69.255.132 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.69.255.132"; classtype:trojan-activity; sid:37993811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 196.218.179.10 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.218.179.10"; classtype:trojan-activity; sid:37993821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 45.15.159.48 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.15.159.48"; classtype:trojan-activity; sid:37993831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 179.43.126.93 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.43.126.93"; classtype:trojan-activity; sid:37993841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 162.62.127.194 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.127.194"; classtype:trojan-activity; sid:37993851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 106.52.232.38 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.232.38"; classtype:trojan-activity; sid:37993861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 175.178.220.36 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.220.36"; classtype:trojan-activity; sid:37993871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 35.207.98.222 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.207.98.222"; classtype:trojan-activity; sid:37993881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 101.42.30.216 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.30.216"; classtype:trojan-activity; sid:37993891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 89.23.105.23 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.23.105.23"; classtype:trojan-activity; sid:37993901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 31.41.35.29 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.41.35.29"; classtype:trojan-activity; sid:37993911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 159.203.72.183 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.72.183"; classtype:trojan-activity; sid:37993921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 170.79.37.88 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.79.37.88"; classtype:trojan-activity; sid:37993931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 139.198.163.221 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.198.163.221"; classtype:trojan-activity; sid:37993941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.140.220.188 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.220.188"; classtype:trojan-activity; sid:37993951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 121.120.80.163 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.120.80.163"; classtype:trojan-activity; sid:37993961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 93.81.248.157 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.81.248.157"; classtype:trojan-activity; sid:37993971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.221.143.204 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.143.204"; classtype:trojan-activity; sid:37993981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 152.136.116.95 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.116.95"; classtype:trojan-activity; sid:37993991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 14.103.42.227 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.42.227"; classtype:trojan-activity; sid:37994001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 23.101.130.134 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.101.130.134"; classtype:trojan-activity; sid:37994011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 110.40.156.189 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.156.189"; classtype:trojan-activity; sid:37994021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 119.91.35.15 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.35.15"; classtype:trojan-activity; sid:37994031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 42.248.120.121 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.248.120.121"; classtype:trojan-activity; sid:37994041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 157.230.252.135 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.252.135"; classtype:trojan-activity; sid:37994051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 37.9.13.105 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.9.13.105"; classtype:trojan-activity; sid:37994061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 185.142.212.70 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.142.212.70"; classtype:trojan-activity; sid:37994071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 121.4.68.179 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.68.179"; classtype:trojan-activity; sid:37994081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 84.247.175.186 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.247.175.186"; classtype:trojan-activity; sid:37994091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.157.29.38 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.29.38"; classtype:trojan-activity; sid:37994101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 104.211.156.84 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.211.156.84"; classtype:trojan-activity; sid:37994111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 118.113.245.132 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.113.245.132"; classtype:trojan-activity; sid:37994121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 185.176.9.35 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.176.9.35"; classtype:trojan-activity; sid:37994131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.155.138.181 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.138.181"; classtype:trojan-activity; sid:37994141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.156.3.27 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.3.27"; classtype:trojan-activity; sid:37994151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 117.50.190.193 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.190.193"; classtype:trojan-activity; sid:37994161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 96.44.153.135 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.44.153.135"; classtype:trojan-activity; sid:37994171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 193.122.140.203 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.122.140.203"; classtype:trojan-activity; sid:37994181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 27.128.247.120 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.128.247.120"; classtype:trojan-activity; sid:37994191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 58.211.191.14 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.211.191.14"; classtype:trojan-activity; sid:37994201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 203.121.116.7 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.121.116.7"; classtype:trojan-activity; sid:37994211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 104.131.168.56 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.168.56"; classtype:trojan-activity; sid:37994221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 186.121.240.39 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.121.240.39"; classtype:trojan-activity; sid:37994231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.156.205.16 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.205.16"; classtype:trojan-activity; sid:37994241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 45.161.204.62 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.161.204.62"; classtype:trojan-activity; sid:37994251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 82.156.161.108 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.161.108"; classtype:trojan-activity; sid:37994261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 117.72.14.49 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.14.49"; classtype:trojan-activity; sid:37994271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 203.121.40.210 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.121.40.210"; classtype:trojan-activity; sid:37994281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 156.236.73.84 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.73.84"; classtype:trojan-activity; sid:37994291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 159.75.116.199 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.116.199"; classtype:trojan-activity; sid:37994301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 51.195.97.127 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.195.97.127"; classtype:trojan-activity; sid:37994311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 178.79.133.92 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.79.133.92"; classtype:trojan-activity; sid:37994321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 191.55.13.154 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.55.13.154"; classtype:trojan-activity; sid:37994331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 38.188.248.0 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.188.248.0"; classtype:trojan-activity; sid:37994341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 212.220.115.125 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.220.115.125"; classtype:trojan-activity; sid:37994351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 86.238.33.52 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.238.33.52"; classtype:trojan-activity; sid:37994361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.156.194.147 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.194.147"; classtype:trojan-activity; sid:37994371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 222.165.138.144 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.165.138.144"; classtype:trojan-activity; sid:37994381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 213.136.80.148 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.136.80.148"; classtype:trojan-activity; sid:37994391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 175.97.136.186 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.97.136.186"; classtype:trojan-activity; sid:37994401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 164.92.93.197 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.93.197"; classtype:trojan-activity; sid:37994411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.133.35.141 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.35.141"; classtype:trojan-activity; sid:37994421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.156.42.212 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.42.212"; classtype:trojan-activity; sid:37994431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 64.225.54.6 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.225.54.6"; classtype:trojan-activity; sid:37994441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 129.226.213.186 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.213.186"; classtype:trojan-activity; sid:37994451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 103.86.177.79 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.86.177.79"; classtype:trojan-activity; sid:37994461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 14.103.42.36 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.42.36"; classtype:trojan-activity; sid:37994471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 110.40.166.227 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.166.227"; classtype:trojan-activity; sid:37994481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 129.204.181.26 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.204.181.26"; classtype:trojan-activity; sid:37994491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.85.220 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.85.220"; classtype:trojan-activity; sid:37994501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 54.37.228.73 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 54.37.228.73"; classtype:trojan-activity; sid:37994511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.93.222 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.93.222"; classtype:trojan-activity; sid:37994521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 34.175.128.103 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.175.128.103"; classtype:trojan-activity; sid:37994531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.134.235.226 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.235.226"; classtype:trojan-activity; sid:37994541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.223.222.132 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.222.132"; classtype:trojan-activity; sid:37994551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.220.90.11 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.90.11"; classtype:trojan-activity; sid:37994561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 114.99.14.167 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.99.14.167"; classtype:trojan-activity; sid:37994571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 49.77.229.233 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.77.229.233"; classtype:trojan-activity; sid:37994581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 77.68.51.213 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.68.51.213"; classtype:trojan-activity; sid:37994591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.128.108.202 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.108.202"; classtype:trojan-activity; sid:37994601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 167.235.140.235 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.235.140.235"; classtype:trojan-activity; sid:37994611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 37.60.230.168 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.60.230.168"; classtype:trojan-activity; sid:37994621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 103.115.104.226 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.115.104.226"; classtype:trojan-activity; sid:37994631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 170.64.201.61 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.201.61"; classtype:trojan-activity; sid:37994641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 143.198.222.239 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.222.239"; classtype:trojan-activity; sid:37994651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.133.138.140 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.138.140"; classtype:trojan-activity; sid:37994661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 106.52.17.12 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.17.12"; classtype:trojan-activity; sid:37994671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 45.162.216.76 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.162.216.76"; classtype:trojan-activity; sid:37994681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 198.46.235.107 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.46.235.107"; classtype:trojan-activity; sid:37994691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 84.0.63.181 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.0.63.181"; classtype:trojan-activity; sid:37994701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 52.131.210.53 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.131.210.53"; classtype:trojan-activity; sid:37994711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 106.55.78.157 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.78.157"; classtype:trojan-activity; sid:37994721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 89.104.65.176 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.104.65.176"; classtype:trojan-activity; sid:37994731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.156.132.100 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.132.100"; classtype:trojan-activity; sid:37994741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 118.193.35.98 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.35.98"; classtype:trojan-activity; sid:37994751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 118.70.169.148 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.70.169.148"; classtype:trojan-activity; sid:37994761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 123.140.114.196 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.140.114.196"; classtype:trojan-activity; sid:37994771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 52.244.67.2 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.244.67.2"; classtype:trojan-activity; sid:37994781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 103.178.235.43 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.178.235.43"; classtype:trojan-activity; sid:37994791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 137.184.118.88 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.118.88"; classtype:trojan-activity; sid:37994801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 220.205.122.62 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.205.122.62"; classtype:trojan-activity; sid:37994811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.163.211.6 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.211.6"; classtype:trojan-activity; sid:37994821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 191.241.38.94 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.241.38.94"; classtype:trojan-activity; sid:37994831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 51.75.22.187 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.75.22.187"; classtype:trojan-activity; sid:37994841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 190.128.241.2 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.128.241.2"; classtype:trojan-activity; sid:37994851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 188.166.233.158 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.233.158"; classtype:trojan-activity; sid:37994861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 185.101.159.81 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.101.159.81"; classtype:trojan-activity; sid:37994871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 117.50.183.86 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.183.86"; classtype:trojan-activity; sid:37994881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 128.199.201.57 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.201.57"; classtype:trojan-activity; sid:37994891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 185.91.126.87 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.91.126.87"; classtype:trojan-activity; sid:37994901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 80.90.178.13 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.90.178.13"; classtype:trojan-activity; sid:37994911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 187.34.225.222 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.34.225.222"; classtype:trojan-activity; sid:37994921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 124.220.21.80 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.21.80"; classtype:trojan-activity; sid:37994931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 37.60.238.213 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.60.238.213"; classtype:trojan-activity; sid:37994941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 212.192.15.250 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.192.15.250"; classtype:trojan-activity; sid:37994951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 34.29.120.92 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.29.120.92"; classtype:trojan-activity; sid:37994961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 43.153.45.212 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.45.212"; classtype:trojan-activity; sid:37994971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 170.106.114.43 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.114.43"; classtype:trojan-activity; sid:37994981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 120.48.179.33 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.179.33"; classtype:trojan-activity; sid:37994991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 183.56.237.54 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.237.54"; classtype:trojan-activity; sid:37995001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 162.62.226.224 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.226.224"; classtype:trojan-activity; sid:37995011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 112.123.8.66 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.123.8.66"; classtype:trojan-activity; sid:37995021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 221.195.52.104 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.195.52.104"; classtype:trojan-activity; sid:37995031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 140.143.22.88 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.143.22.88"; classtype:trojan-activity; sid:37995041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip 204.48.28.55 any -> $HOME_NET any (msg: "MISP e27623 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 204.48.28.55"; classtype:trojan-activity; sid:37995051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27623;) alert ip $HOME_NET any -> 65.1.107.60 80 (msg: "MISP e27591 [c2,Havoc] Outgoing To IP: 65.1.107.60|80"; classtype:trojan-activity; sid:37964211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 46.246.84.18 2121 (msg: "MISP e27591 [c2,dcrat] Outgoing To IP: 46.246.84.18|2121"; classtype:trojan-activity; sid:37964221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 179.14.8.182 6606 (msg: "MISP e27591 [c2,dcrat] Outgoing To IP: 179.14.8.182|6606"; classtype:trojan-activity; sid:37964231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 95.165.99.74 8443 (msg: "MISP e27591 [c2,dcrat] Outgoing To IP: 95.165.99.74|8443"; classtype:trojan-activity; sid:37964241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 171.41.198.240 25565 (msg: "MISP e27591 [c2,dcrat] Outgoing To IP: 171.41.198.240|25565"; classtype:trojan-activity; sid:37964251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 147.124.223.16 5903 (msg: "MISP e27591 [c2,Venom] Outgoing To IP: 147.124.223.16|5903"; classtype:trojan-activity; sid:37964261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 37.114.37.177 4444 (msg: "MISP e27591 [c2,Venom] Outgoing To IP: 37.114.37.177|4444"; classtype:trojan-activity; sid:37964271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 202.134.56.2 443 (msg: "MISP e27591 [c2,Venom] Outgoing To IP: 202.134.56.2|443"; classtype:trojan-activity; sid:37964281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 115.74.30.127 4449 (msg: "MISP e27591 [c2,Venom] Outgoing To IP: 115.74.30.127|4449"; classtype:trojan-activity; sid:37964291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 195.201.131.130 443 (msg: "MISP e27591 [c2,Vidar] Outgoing To IP: 195.201.131.130|443"; classtype:trojan-activity; sid:37964301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 116.202.4.168 443 (msg: "MISP e27591 [c2,Vidar] Outgoing To IP: 116.202.4.168|443"; classtype:trojan-activity; sid:37964311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 116.202.4.168 80 (msg: "MISP e27591 [c2,Vidar] Outgoing To IP: 116.202.4.168|80"; classtype:trojan-activity; sid:37964321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 146.0.79.19 80 (msg: "MISP e27591 [c2,recordbreaker] Outgoing To IP: 146.0.79.19|80"; classtype:trojan-activity; sid:37964331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 103.155.214.203 443 (msg: "MISP e27591 [c2,orcus_rat] Outgoing To IP: 103.155.214.203|443"; classtype:trojan-activity; sid:37964341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 154.243.121.19 80 (msg: "MISP e27591 [c2,orcus_rat] Outgoing To IP: 154.243.121.19|80"; classtype:trojan-activity; sid:37964351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 89.23.99.219 8081 (msg: "MISP e27591 [c2,Risepro] Outgoing To IP: 89.23.99.219|8081"; classtype:trojan-activity; sid:37964361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 193.233.132.127 8081 (msg: "MISP e27591 [c2,Risepro] Outgoing To IP: 193.233.132.127|8081"; classtype:trojan-activity; sid:37964371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 95.216.41.236 8081 (msg: "MISP e27591 [c2,Risepro] Outgoing To IP: 95.216.41.236|8081"; classtype:trojan-activity; sid:37964381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 193.233.132.148 8081 (msg: "MISP e27591 [c2,Risepro] Outgoing To IP: 193.233.132.148|8081"; classtype:trojan-activity; sid:37964391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 147.45.47.80 8081 (msg: "MISP e27591 [c2,Risepro] Outgoing To IP: 147.45.47.80|8081"; classtype:trojan-activity; sid:37964401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 103.5.210.28 80 (msg: "MISP e27591 [c2,cobalt_strike] Outgoing To IP: 103.5.210.28|80"; classtype:trojan-activity; sid:37964411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 69.30.232.226 443 (msg: "MISP e27591 [c2,cobalt_strike] Outgoing To IP: 69.30.232.226|443"; classtype:trojan-activity; sid:37964421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 69.30.232.229 443 (msg: "MISP e27591 [c2,cobalt_strike] Outgoing To IP: 69.30.232.229|443"; classtype:trojan-activity; sid:37964431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 105.100.63.223 6001 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 105.100.63.223|6001"; classtype:trojan-activity; sid:37964441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.82.30 2281 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.82.30|2281"; classtype:trojan-activity; sid:37964451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.82.30 1883 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.82.30|1883"; classtype:trojan-activity; sid:37964461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.82.30 2053 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.82.30|2053"; classtype:trojan-activity; sid:37964471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.82.30 2078 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.82.30|2078"; classtype:trojan-activity; sid:37964481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 45.133.36.114 8888 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 45.133.36.114|8888"; classtype:trojan-activity; sid:37964491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.178.73 2181 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.178.73|2181"; classtype:trojan-activity; sid:37964501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.178.73 1801 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.178.73|1801"; classtype:trojan-activity; sid:37964511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.178.73 1883 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.178.73|1883"; classtype:trojan-activity; sid:37964521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.178.73 1911 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.178.73|1911"; classtype:trojan-activity; sid:37964531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.178.73 1919 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.178.73|1919"; classtype:trojan-activity; sid:37964541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.178.73 1962 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.178.73|1962"; classtype:trojan-activity; sid:37964551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.178.73 2003 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.178.73|2003"; classtype:trojan-activity; sid:37964561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 187.135.178.73 2079 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 187.135.178.73|2079"; classtype:trojan-activity; sid:37964571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 120.26.222.182 8443 (msg: "MISP e27591 [c2,sliver] Outgoing To IP: 120.26.222.182|8443"; classtype:trojan-activity; sid:37964581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 188.119.67.185 443 (msg: "MISP e27591 [c2,sliver] Outgoing To IP: 188.119.67.185|443"; classtype:trojan-activity; sid:37964591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 159.203.25.245 50050 (msg: "MISP e27591 [c2,cobalt_strike] Outgoing To IP: 159.203.25.245|50050"; classtype:trojan-activity; sid:37964601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 172.104.242.152 59088 (msg: "MISP e27591 [c2,cobalt_strike] Outgoing To IP: 172.104.242.152|59088"; classtype:trojan-activity; sid:37964611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 167.99.250.80 60060 (msg: "MISP e27591 [c2,cobalt_strike] Outgoing To IP: 167.99.250.80|60060"; classtype:trojan-activity; sid:37964621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 31.192.236.82 48126 (msg: "MISP e27591 [c2,cobalt_strike] Outgoing To IP: 31.192.236.82|48126"; classtype:trojan-activity; sid:37964631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 124.221.98.94 50050 (msg: "MISP e27591 [c2,cobalt_strike] Outgoing To IP: 124.221.98.94|50050"; classtype:trojan-activity; sid:37964641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 103.82.24.193 443 (msg: "MISP e27591 [c2,Venom] Outgoing To IP: 103.82.24.193|443"; classtype:trojan-activity; sid:37964651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27621 [] Domain emta-ee-sonumeid.com"; dns.query; content:"emta-ee-sonumeid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com$/i"; classtype:trojan-activity; sid:37991291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27621;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27621 [] Outgoing HTTP Domain emta-ee-sonumeid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"emta-ee-sonumeid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37991292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27621;) alert dns any any -> any any (msg: "MISP e27626 [] Domain emta-ee-sonumeid.com"; dns.query; content:"emta-ee-sonumeid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com$/i"; classtype:trojan-activity; sid:37995101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27626;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27626 [] Outgoing HTTP Domain emta-ee-sonumeid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"emta-ee-sonumeid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27626;) alert dns any any -> any any (msg: "MISP e27632 [] Domain emta-ee-sonumeid.com"; dns.query; content:"emta-ee-sonumeid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com$/i"; classtype:trojan-activity; sid:38005801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27632;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27632 [] Outgoing HTTP Domain emta-ee-sonumeid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"emta-ee-sonumeid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27632;) alert dns any any -> any any (msg: "MISP e27625 [] Domain emta-ee-sonumeid.com"; dns.query; content:"emta-ee-sonumeid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com$/i"; classtype:trojan-activity; sid:37995071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27625;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27625 [] Outgoing HTTP Domain emta-ee-sonumeid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"emta-ee-sonumeid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27625;) alert dns any any -> any any (msg: "MISP e27629 [] Domain emta-ee-sonumeid.com"; dns.query; content:"emta-ee-sonumeid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com$/i"; classtype:trojan-activity; sid:37995171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27629;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27629 [] Outgoing HTTP Domain emta-ee-sonumeid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"emta-ee-sonumeid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27629;) alert dns any any -> any any (msg: "MISP e27628 [] Domain emta-ee-sonumeid.com"; dns.query; content:"emta-ee-sonumeid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com$/i"; classtype:trojan-activity; sid:37995141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27628;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27628 [] Outgoing HTTP Domain emta-ee-sonumeid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"emta-ee-sonumeid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])emta\-ee\-sonumeid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27628;) alert http $HOME_NET any -> 94.131.106.24 $HTTP_PORTS (msg: "MISP e27591 [recordbreaker] Outgoing URL http|3a|//94.131.106.24/"; flow:to_server,established; http.header; content:"94.131.106.24"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 180.140.153.148 30010 (msg: "MISP e27591 [c2,cobalt_strike] Outgoing To IP: 180.140.153.148|30010"; classtype:trojan-activity; sid:37964671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 195.133.45.131 80 (msg: "MISP e27591 [c2,hook] Outgoing To IP: 195.133.45.131|80"; classtype:trojan-activity; sid:37964681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 61.63.127.56 50050 (msg: "MISP e27591 [c2,cobalt_strike] Outgoing To IP: 61.63.127.56|50050"; classtype:trojan-activity; sid:37964691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 124.71.130.71 50050 (msg: "MISP e27591 [c2,cobalt_strike] Outgoing To IP: 124.71.130.71|50050"; classtype:trojan-activity; sid:37964701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 14.225.213.142 42597 (msg: "MISP e27591 [moobot] Outgoing To IP: 14.225.213.142|42597"; classtype:trojan-activity; sid:37964711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27591 [moobot] Domain hi.vani.ovh"; dns.query; content:"hi.vani.ovh"; nocase; pcre: "/(^|[^A-Za-z0-9-])hi\.vani\.ovh$/i"; classtype:trojan-activity; sid:37964721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27591 [moobot] Outgoing HTTP Domain hi.vani.ovh"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hi.vani.ovh"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hi\.vani\.ovh[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37964722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 41.103.44.20 999 (msg: "MISP e27591 [njrat] Outgoing To IP: 41.103.44.20|999"; classtype:trojan-activity; sid:37964731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27591 [dcrat] Outgoing URL http|3a|//739668cm.n9shteam2.top/imagegeoapimultibaselinuxtracktempuploads.php"; flow:to_server,established; http.header; content:"739668cm.n9shteam2.top"; fast_pattern; nocase; http.uri; content:"/imagegeoapimultibaselinuxtracktempuploads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 213.152.162.15 53525 (msg: "MISP e27591 [BitRAT,RAT] Outgoing To IP: 213.152.162.15|53525"; classtype:trojan-activity; sid:37964751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 217.195.197.48 80 (msg: "MISP e27591 [c2,darkcomet] Outgoing To IP: 217.195.197.48|80"; classtype:trojan-activity; sid:37964771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 172.233.174.11 443 (msg: "MISP e27591 [AKAMAI-LINODE-AP Akamai Connected Cloud,Havoc] Outgoing To IP: 172.233.174.11|443"; classtype:trojan-activity; sid:37964781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 173.249.59.173 445 (msg: "MISP e27591 [CONTABO,Responder] Outgoing To IP: 173.249.59.173|445"; classtype:trojan-activity; sid:37964791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 46.246.4.16 6000 (msg: "MISP e27591 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.4.16|6000"; classtype:trojan-activity; sid:37964801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 141.98.7.17 8888 (msg: "MISP e27591 [SOLIAWEB,Supershell] Outgoing To IP: 141.98.7.17|8888"; classtype:trojan-activity; sid:37964811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 20.121.128.235 4876 (msg: "MISP e27636 [] Outgoing To IP: 20.121.128.235|4876"; classtype:trojan-activity; sid:38006101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27636;) alert ip $HOME_NET any -> 20.121.128.235 4834 (msg: "MISP e27636 [] Outgoing To IP: 20.121.128.235|4834"; classtype:trojan-activity; sid:38006111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27636;) alert ip $HOME_NET any -> 20.121.128.235 4845 (msg: "MISP e27636 [] Outgoing To IP: 20.121.128.235|4845"; classtype:trojan-activity; sid:38006121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27636;) alert ip $HOME_NET any -> 20.121.128.235 4674 (msg: "MISP e27636 [] Outgoing To IP: 20.121.128.235|4674"; classtype:trojan-activity; sid:38006131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27636;) alert ip $HOME_NET any -> 20.121.128.235 any (msg: "MISP e27636 [] Outgoing To IP: 20.121.128.235"; classtype:trojan-activity; sid:38006141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27636;) alert ip $HOME_NET any -> 95.181.161.144 443 (msg: "MISP e27591 [c2,SolarMarker] Outgoing To IP: 95.181.161.144|443"; classtype:trojan-activity; sid:37964821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 47.100.87.177 443 (msg: "MISP e27591 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 47.100.87.177|443"; classtype:trojan-activity; sid:37964841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ussp.usspzk.top"; dns.query; content:"ussp.usspzk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.usspzk\.top$/i"; classtype:trojan-activity; sid:37995211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ussp.usspzk.top"; flow:to_server,established; http.header; content: "Host|3a| ussp.usspzk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.usspzk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ussp.uspsfc.top"; dns.query; content:"ussp.uspsfc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.uspsfc\.top$/i"; classtype:trojan-activity; sid:37995241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ussp.uspsfc.top"; flow:to_server,established; http.header; content: "Host|3a| ussp.uspsfc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.uspsfc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspz.uspspk.top"; dns.query; content:"uspz.uspspk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspspk\.top$/i"; classtype:trojan-activity; sid:37995271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspz.uspspk.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspspk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspspk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspz.usspaoq.top"; dns.query; content:"uspz.usspaoq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspaoq\.top$/i"; classtype:trojan-activity; sid:37995301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspz.usspaoq.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspaoq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspaoq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspz.usspaof.top"; dns.query; content:"uspz.usspaof.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspaof\.top$/i"; classtype:trojan-activity; sid:37995331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspz.usspaof.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspaof.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspaof\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspz.usplq.top"; dns.query; content:"uspz.usplq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplq\.top$/i"; classtype:trojan-activity; sid:37995361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspz.usplq.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usplq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usplq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspz.uspkh.top"; dns.query; content:"uspz.uspkh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspkh\.top$/i"; classtype:trojan-activity; sid:37995391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspz.uspkh.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspkh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspkh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspz.uspkb.top"; dns.query; content:"uspz.uspkb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspkb\.top$/i"; classtype:trojan-activity; sid:37995421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspz.uspkb.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspkb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspkb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspz.uspcr.top"; dns.query; content:"uspz.uspcr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcr\.top$/i"; classtype:trojan-activity; sid:37995451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspz.uspcr.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspcr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspcr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usps.oippltumbf.top"; dns.query; content:"usps.oippltumbf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.oippltumbf\.top$/i"; classtype:trojan-activity; sid:37995481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usps.oippltumbf.top"; flow:to_server,established; http.header; content: "Host|3a| usps.oippltumbf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.oippltumbf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usps.mytrackingr-md.top"; dns.query; content:"usps.mytrackingr-md.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingr\-md\.top$/i"; classtype:trojan-activity; sid:37995511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usps.mytrackingr-md.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingr-md.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingr\-md\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspr.usspui.top"; dns.query; content:"uspr.usspui.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspr\.usspui\.top$/i"; classtype:trojan-activity; sid:37995541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspr.usspui.top"; flow:to_server,established; http.header; content: "Host|3a| uspr.usspui.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspr\.usspui\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspr.usspuh.top"; dns.query; content:"uspr.usspuh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspr\.usspuh\.top$/i"; classtype:trojan-activity; sid:37995571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspr.usspuh.top"; flow:to_server,established; http.header; content: "Host|3a| uspr.usspuh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspr\.usspuh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspr.usspth.top"; dns.query; content:"uspr.usspth.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspr\.usspth\.top$/i"; classtype:trojan-activity; sid:37995601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspr.usspth.top"; flow:to_server,established; http.header; content: "Host|3a| uspr.usspth.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspr\.usspth\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspi.usspum.top"; dns.query; content:"uspi.usspum.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspi\.usspum\.top$/i"; classtype:trojan-activity; sid:37995631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspi.usspum.top"; flow:to_server,established; http.header; content: "Host|3a| uspi.usspum.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspi\.usspum\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspi.ussptk.top"; dns.query; content:"uspi.ussptk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspi\.ussptk\.top$/i"; classtype:trojan-activity; sid:37995661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspi.ussptk.top"; flow:to_server,established; http.header; content: "Host|3a| uspi.ussptk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspi\.ussptk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspe.uspsnq.top"; dns.query; content:"uspe.uspsnq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.uspsnq\.top$/i"; classtype:trojan-activity; sid:37995691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspe.uspsnq.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.uspsnq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.uspsnq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspe.uspsky.top"; dns.query; content:"uspe.uspsky.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.uspsky\.top$/i"; classtype:trojan-activity; sid:37995721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspe.uspsky.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.uspsky.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.uspsky\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspe.uspsjl.top"; dns.query; content:"uspe.uspsjl.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.uspsjl\.top$/i"; classtype:trojan-activity; sid:37995751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspe.uspsjl.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.uspsjl.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.uspsjl\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspd.usspair.top"; dns.query; content:"uspd.usspair.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspair\.top$/i"; classtype:trojan-activity; sid:37995781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspd.usspair.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspair.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspair\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspd.usspaip.top"; dns.query; content:"uspd.usspaip.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspaip\.top$/i"; classtype:trojan-activity; sid:37995811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspd.usspaip.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspaip.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspaip\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspd.uspsnh.top"; dns.query; content:"uspd.uspsnh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.uspsnh\.top$/i"; classtype:trojan-activity; sid:37995841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspd.uspsnh.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.uspsnh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.uspsnh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspb.uspiw.top"; dns.query; content:"uspb.uspiw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspb\.uspiw\.top$/i"; classtype:trojan-activity; sid:37995871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspb.uspiw.top"; flow:to_server,established; http.header; content: "Host|3a| uspb.uspiw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspb\.uspiw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspd.uspsjt.top"; dns.query; content:"uspd.uspsjt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.uspsjt\.top$/i"; classtype:trojan-activity; sid:37995901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspd.uspsjt.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.uspsjt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.uspsjt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname trustwalletsynchronize.erammedia.com"; dns.query; content:"trustwalletsynchronize.erammedia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trustwalletsynchronize\.erammedia\.com$/i"; classtype:trojan-activity; sid:37995931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname trustwalletsynchronize.erammedia.com"; flow:to_server,established; http.header; content: "Host|3a| trustwalletsynchronize.erammedia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trustwalletsynchronize\.erammedia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname spotty-honey-stage.glitch.me"; dns.query; content:"spotty-honey-stage.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])spotty\-honey\-stage\.glitch\.me$/i"; classtype:trojan-activity; sid:37995961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname spotty-honey-stage.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| spotty-honey-stage.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])spotty\-honey\-stage\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname shipment-is87843164.muharikat.com"; dns.query; content:"shipment-is87843164.muharikat.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com$/i"; classtype:trojan-activity; sid:37995991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname shipment-is87843164.muharikat.com"; flow:to_server,established; http.header; content: "Host|3a| shipment-is87843164.muharikat.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37995992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname shipment-is87843164.muharikat.com"; dns.query; content:"shipment-is87843164.muharikat.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com$/i"; classtype:trojan-activity; sid:37996021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname shipment-is87843164.muharikat.com"; flow:to_server,established; http.header; content: "Host|3a| shipment-is87843164.muharikat.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-ff85b3f6a2974a0e85ad06c43917a130.r2.dev"; dns.query; content:"pub-ff85b3f6a2974a0e85ad06c43917a130.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ff85b3f6a2974a0e85ad06c43917a130\.r2\.dev$/i"; classtype:trojan-activity; sid:37996051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-ff85b3f6a2974a0e85ad06c43917a130.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-ff85b3f6a2974a0e85ad06c43917a130.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ff85b3f6a2974a0e85ad06c43917a130\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-80b33fe9f751477e8852c224409ccf11.r2.dev"; dns.query; content:"pub-80b33fe9f751477e8852c224409ccf11.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-80b33fe9f751477e8852c224409ccf11\.r2\.dev$/i"; classtype:trojan-activity; sid:37996081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-80b33fe9f751477e8852c224409ccf11.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-80b33fe9f751477e8852c224409ccf11.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-80b33fe9f751477e8852c224409ccf11\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-7a6b99614f4b41658cd677a620b18951.r2.dev"; dns.query; content:"pub-7a6b99614f4b41658cd677a620b18951.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-7a6b99614f4b41658cd677a620b18951\.r2\.dev$/i"; classtype:trojan-activity; sid:37996111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-7a6b99614f4b41658cd677a620b18951.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-7a6b99614f4b41658cd677a620b18951.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-7a6b99614f4b41658cd677a620b18951\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname psychedelic-smoggy-perfume.glitch.me"; dns.query; content:"psychedelic-smoggy-perfume.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])psychedelic\-smoggy\-perfume\.glitch\.me$/i"; classtype:trojan-activity; sid:37996141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname psychedelic-smoggy-perfume.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| psychedelic-smoggy-perfume.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])psychedelic\-smoggy\-perfume\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname prestige-auto.com.pl"; dns.query; content:"prestige-auto.com.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prestige\-auto\.com\.pl$/i"; classtype:trojan-activity; sid:37996171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname prestige-auto.com.pl"; flow:to_server,established; http.header; content: "Host|3a| prestige-auto.com.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prestige\-auto\.com\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; dns.query; content:"port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])port\-3000\-php\-79100\-vulture\-voda3593936103\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37996201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])port\-3000\-php\-79100\-vulture\-voda3593936103\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; dns.query; content:"port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])port\-3000\-php\-79100\-vulture\-voda3593936103\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37996231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])port\-3000\-php\-79100\-vulture\-voda3593936103\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; dns.query; content:"port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])port\-3000\-php\-79100\-vulture\-voda3593936103\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37996261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| port-3000-php-79100-vulture-voda3593936103.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])port\-3000\-php\-79100\-vulture\-voda3593936103\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname onedrive-lsuhvhx6.pages.dev"; dns.query; content:"onedrive-lsuhvhx6.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onedrive\-lsuhvhx6\.pages\.dev$/i"; classtype:trojan-activity; sid:37996291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname onedrive-lsuhvhx6.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| onedrive-lsuhvhx6.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onedrive\-lsuhvhx6\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname nihal0710.github.io"; dns.query; content:"nihal0710.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nihal0710\.github\.io$/i"; classtype:trojan-activity; sid:37996321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname nihal0710.github.io"; flow:to_server,established; http.header; content: "Host|3a| nihal0710.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nihal0710\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname m-oiytamaskwallese.weebly.com"; dns.query; content:"m-oiytamaskwallese.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\-oiytamaskwallese\.weebly\.com$/i"; classtype:trojan-activity; sid:37996351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname m-oiytamaskwallese.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| m-oiytamaskwallese.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\-oiytamaskwallese\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname metamaskwallot.weebly.com"; dns.query; content:"metamaskwallot.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamaskwallot\.weebly\.com$/i"; classtype:trojan-activity; sid:37996381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname metamaskwallot.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| metamaskwallot.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamaskwallot\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname lnstagrram.pages.dev"; dns.query; content:"lnstagrram.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnstagrram\.pages\.dev$/i"; classtype:trojan-activity; sid:37996411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname lnstagrram.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| lnstagrram.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lnstagrram\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname likeable-steep-snout.glitch.me"; dns.query; content:"likeable-steep-snout.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])likeable\-steep\-snout\.glitch\.me$/i"; classtype:trojan-activity; sid:37996441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname likeable-steep-snout.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| likeable-steep-snout.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])likeable\-steep\-snout\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname jpyakdwnld.s-qn.my.id"; dns.query; content:"jpyakdwnld.s-qn.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jpyakdwnld\.s\-qn\.my\.id$/i"; classtype:trojan-activity; sid:37996471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname jpyakdwnld.s-qn.my.id"; flow:to_server,established; http.header; content: "Host|3a| jpyakdwnld.s-qn.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jpyakdwnld\.s\-qn\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname jdja2s.s-qn.my.id"; dns.query; content:"jdja2s.s-qn.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jdja2s\.s\-qn\.my\.id$/i"; classtype:trojan-activity; sid:37996501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname jdja2s.s-qn.my.id"; flow:to_server,established; http.header; content: "Host|3a| jdja2s.s-qn.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jdja2s\.s\-qn\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname homeattdd.weebly.com"; dns.query; content:"homeattdd.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])homeattdd\.weebly\.com$/i"; classtype:trojan-activity; sid:37996531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname homeattdd.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| homeattdd.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])homeattdd\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname home-105678.square.site"; dns.query; content:"home-105678.square.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-105678\.square\.site$/i"; classtype:trojan-activity; sid:37996561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname home-105678.square.site"; flow:to_server,established; http.header; content: "Host|3a| home-105678.square.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])home\-105678\.square\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname shipment-is87843164.muharikat.com"; dns.query; content:"shipment-is87843164.muharikat.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com$/i"; classtype:trojan-activity; sid:37996591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname shipment-is87843164.muharikat.com"; flow:to_server,established; http.header; content: "Host|3a| shipment-is87843164.muharikat.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//shipment-is87843164.muharikat.com/public/w6WZsU2tjla4ZTArhyy5v4etjOtnnfh3"; flow:to_server,established; http.header; content:"shipment-is87843164.muharikat.com"; fast_pattern; nocase; http.uri; content:"/public/w6WZsU2tjla4ZTArhyy5v4etjOtnnfh3"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37996601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname shipment-is87843164.muharikat.com"; dns.query; content:"shipment-is87843164.muharikat.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com$/i"; classtype:trojan-activity; sid:37996621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname shipment-is87843164.muharikat.com"; flow:to_server,established; http.header; content: "Host|3a| shipment-is87843164.muharikat.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//shipment-is87843164.muharikat.com/public/oZJIQ8o9oHb2lN5FjMXY5nljipLltfM3"; flow:to_server,established; http.header; content:"shipment-is87843164.muharikat.com"; fast_pattern; nocase; http.uri; content:"/public/oZJIQ8o9oHb2lN5FjMXY5nljipLltfM3"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37996631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname shipment-is87843164.muharikat.com"; dns.query; content:"shipment-is87843164.muharikat.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com$/i"; classtype:trojan-activity; sid:37996651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname shipment-is87843164.muharikat.com"; flow:to_server,established; http.header; content: "Host|3a| shipment-is87843164.muharikat.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//shipment-is87843164.muharikat.com/public/OISXiksRDNTWYECZEmZoc8"; flow:to_server,established; http.header; content:"shipment-is87843164.muharikat.com"; fast_pattern; nocase; http.uri; content:"/public/OISXiksRDNTWYECZEmZoc8"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37996661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname shipment-is87843164.muharikat.com"; dns.query; content:"shipment-is87843164.muharikat.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com$/i"; classtype:trojan-activity; sid:37996681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname shipment-is87843164.muharikat.com"; flow:to_server,established; http.header; content: "Host|3a| shipment-is87843164.muharikat.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//shipment-is87843164.muharikat.com/public/oin2ZZi0vztuBZpE6KMYNLOJiMzYFP6y"; flow:to_server,established; http.header; content:"shipment-is87843164.muharikat.com"; fast_pattern; nocase; http.uri; content:"/public/oin2ZZi0vztuBZpE6KMYNLOJiMzYFP6y"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37996691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname shipment-is87843164.muharikat.com"; dns.query; content:"shipment-is87843164.muharikat.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com$/i"; classtype:trojan-activity; sid:37996711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname shipment-is87843164.muharikat.com"; flow:to_server,established; http.header; content: "Host|3a| shipment-is87843164.muharikat.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shipment\-is87843164\.muharikat\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//shipment-is87843164.muharikat.com/public/k7Cuhq8g|30 78|zNt4o5R1CZ8NVM75xUi7tV"; flow:to_server,established; http.header; content:"shipment-is87843164.muharikat.com"; fast_pattern; nocase; http.uri; content:"/public/k7Cuhq8g0xzNt4o5R1CZ8NVM75xUi7tV"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37996721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname hello-world-wispy-mouse-bc51.verisihakobola.workers.dev"; dns.query; content:"hello-world-wispy-mouse-bc51.verisihakobola.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-wispy\-mouse\-bc51\.verisihakobola\.workers\.dev$/i"; classtype:trojan-activity; sid:37996741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname hello-world-wispy-mouse-bc51.verisihakobola.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-wispy-mouse-bc51.verisihakobola.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-wispy\-mouse\-bc51\.verisihakobola\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname grup2024new.s-qn.my.id"; dns.query; content:"grup2024new.s-qn.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup2024new\.s\-qn\.my\.id$/i"; classtype:trojan-activity; sid:37996771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname grup2024new.s-qn.my.id"; flow:to_server,established; http.header; content: "Host|3a| grup2024new.s-qn.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grup2024new\.s\-qn\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname gcyd.baiky4.com"; dns.query; content:"gcyd.baiky4.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gcyd\.baiky4\.com$/i"; classtype:trojan-activity; sid:37996801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname gcyd.baiky4.com"; flow:to_server,established; http.header; content: "Host|3a| gcyd.baiky4.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gcyd\.baiky4\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname gaoavaoba.bhz.my.id"; dns.query; content:"gaoavaoba.bhz.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gaoavaoba\.bhz\.my\.id$/i"; classtype:trojan-activity; sid:37996831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname gaoavaoba.bhz.my.id"; flow:to_server,established; http.header; content: "Host|3a| gaoavaoba.bhz.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gaoavaoba\.bhz\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname fredire2220.bhz.my.id"; dns.query; content:"fredire2220.bhz.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fredire2220\.bhz\.my\.id$/i"; classtype:trojan-activity; sid:37996861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname fredire2220.bhz.my.id"; flow:to_server,established; http.header; content: "Host|3a| fredire2220.bhz.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fredire2220\.bhz\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname fnwldh72hdjwlp.bhz.my.id"; dns.query; content:"fnwldh72hdjwlp.bhz.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fnwldh72hdjwlp\.bhz\.my\.id$/i"; classtype:trojan-activity; sid:37996891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname fnwldh72hdjwlp.bhz.my.id"; flow:to_server,established; http.header; content: "Host|3a| fnwldh72hdjwlp.bhz.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fnwldh72hdjwlp\.bhz\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname f945dcck49.onrocket.site"; dns.query; content:"f945dcck49.onrocket.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f945dcck49\.onrocket\.site$/i"; classtype:trojan-activity; sid:37996921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname f945dcck49.onrocket.site"; flow:to_server,established; http.header; content: "Host|3a| f945dcck49.onrocket.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f945dcck49\.onrocket\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname fluoridated-cubic-salmonberry.glitch.me"; dns.query; content:"fluoridated-cubic-salmonberry.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fluoridated\-cubic\-salmonberry\.glitch\.me$/i"; classtype:trojan-activity; sid:37996951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname fluoridated-cubic-salmonberry.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| fluoridated-cubic-salmonberry.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fluoridated\-cubic\-salmonberry\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname exclusivebysantos.com"; dns.query; content:"exclusivebysantos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exclusivebysantos\.com$/i"; classtype:trojan-activity; sid:37996981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname exclusivebysantos.com"; flow:to_server,established; http.header; content: "Host|3a| exclusivebysantos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exclusivebysantos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37996982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname edevlet-aidatbilgilerim-bankasorgula.app"; dns.query; content:"edevlet-aidatbilgilerim-bankasorgula.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevlet\-aidatbilgilerim\-bankasorgula\.app$/i"; classtype:trojan-activity; sid:37997011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname edevlet-aidatbilgilerim-bankasorgula.app"; flow:to_server,established; http.header; content: "Host|3a| edevlet-aidatbilgilerim-bankasorgula.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevlet\-aidatbilgilerim\-bankasorgula\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname dogi-efa.com"; dns.query; content:"dogi-efa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dogi\-efa\.com$/i"; classtype:trojan-activity; sid:37997041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname dogi-efa.com"; flow:to_server,established; http.header; content: "Host|3a| dogi-efa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dogi\-efa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname djb3.baiky4.com"; dns.query; content:"djb3.baiky4.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djb3\.baiky4\.com$/i"; classtype:trojan-activity; sid:37997071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname djb3.baiky4.com"; flow:to_server,established; http.header; content: "Host|3a| djb3.baiky4.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djb3\.baiky4\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname diterminals.com"; dns.query; content:"diterminals.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diterminals\.com$/i"; classtype:trojan-activity; sid:37997101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname diterminals.com"; flow:to_server,established; http.header; content: "Host|3a| diterminals.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diterminals\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname diannedespain.com"; dns.query; content:"diannedespain.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diannedespain\.com$/i"; classtype:trojan-activity; sid:37997131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname diannedespain.com"; flow:to_server,established; http.header; content: "Host|3a| diannedespain.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diannedespain\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname derryadsbus.com"; dns.query; content:"derryadsbus.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])derryadsbus\.com$/i"; classtype:trojan-activity; sid:37997161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname derryadsbus.com"; flow:to_server,established; http.header; content: "Host|3a| derryadsbus.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])derryadsbus\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname crystalline-beautiful-emery.glitch.me"; dns.query; content:"crystalline-beautiful-emery.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crystalline\-beautiful\-emery\.glitch\.me$/i"; classtype:trojan-activity; sid:37997191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname crystalline-beautiful-emery.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| crystalline-beautiful-emery.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crystalline\-beautiful\-emery\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname collettre-7jk.pages.dev"; dns.query; content:"collettre-7jk.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])collettre\-7jk\.pages\.dev$/i"; classtype:trojan-activity; sid:37997221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname collettre-7jk.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| collettre-7jk.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])collettre\-7jk\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname collabland-link.com"; dns.query; content:"collabland-link.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])collabland\-link\.com$/i"; classtype:trojan-activity; sid:37997251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname collabland-link.com"; flow:to_server,established; http.header; content: "Host|3a| collabland-link.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])collabland\-link\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname carpal-pinto-silica.glitch.me"; dns.query; content:"carpal-pinto-silica.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carpal\-pinto\-silica\.glitch\.me$/i"; classtype:trojan-activity; sid:37997341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname carpal-pinto-silica.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| carpal-pinto-silica.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])carpal\-pinto\-silica\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname bt-101503.weeblysite.com"; dns.query; content:"bt-101503.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-101503\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37997371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname bt-101503.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-101503.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-101503\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname bt-108103.weeblysite.com"; dns.query; content:"bt-108103.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-108103\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37997401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname bt-108103.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-108103.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-108103\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname attnet-109435.weeblysite.com"; dns.query; content:"attnet-109435.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attnet\-109435\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37997431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname attnet-109435.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| attnet-109435.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attnet\-109435\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname att-mail-105533.weeblysite.com"; dns.query; content:"att-mail-105533.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-mail\-105533\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37997461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname att-mail-105533.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-mail-105533.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-mail\-105533\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname att-109271.weeblysite.com"; dns.query; content:"att-109271.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-109271\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37997491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname att-109271.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-109271.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-109271\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname att-100791.weeblysite.com"; dns.query; content:"att-100791.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-100791\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37997521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname att-100791.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-100791.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-100791\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname antai-amande-gouv.click"; dns.query; content:"antai-amande-gouv.click"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])antai\-amande\-gouv\.click$/i"; classtype:trojan-activity; sid:37997551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname antai-amande-gouv.click"; flow:to_server,established; http.header; content: "Host|3a| antai-amande-gouv.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])antai\-amande\-gouv\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname marketfbookplace-item.frigoeng.com"; dns.query; content:"marketfbookplace-item.frigoeng.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marketfbookplace\-item\.frigoeng\.com$/i"; classtype:trojan-activity; sid:37997581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname marketfbookplace-item.frigoeng.com"; flow:to_server,established; http.header; content: "Host|3a| marketfbookplace-item.frigoeng.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marketfbookplace\-item\.frigoeng\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//marketfbookplace-item.frigoeng.com"; flow:to_server,established; http.header; content:"marketfbookplace-item.frigoeng.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37997591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname hello-world-wispy-mouse-bc51.verisihakobola.workers.dev"; dns.query; content:"hello-world-wispy-mouse-bc51.verisihakobola.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-wispy\-mouse\-bc51\.verisihakobola\.workers\.dev$/i"; classtype:trojan-activity; sid:37997611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname hello-world-wispy-mouse-bc51.verisihakobola.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-wispy-mouse-bc51.verisihakobola.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-wispy\-mouse\-bc51\.verisihakobola\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//hello-world-wispy-mouse-bc51.verisihakobola.workers.dev/1c0680cf-093b-4c2c-b9a3-415146ab6cd0"; flow:to_server,established; http.header; content:"hello-world-wispy-mouse-bc51.verisihakobola.workers.dev"; fast_pattern; nocase; http.uri; content:"/1c0680cf-093b-4c2c-b9a3-415146ab6cd0"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37997621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-481952cd52794b83847f56c94c3dcfae.r2.dev"; dns.query; content:"pub-481952cd52794b83847f56c94c3dcfae.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-481952cd52794b83847f56c94c3dcfae\.r2\.dev$/i"; classtype:trojan-activity; sid:37997641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-481952cd52794b83847f56c94c3dcfae.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-481952cd52794b83847f56c94c3dcfae.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-481952cd52794b83847f56c94c3dcfae\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-edf7fc8affe8420f829ddf59cc8549b4.r2.dev"; dns.query; content:"pub-edf7fc8affe8420f829ddf59cc8549b4.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-edf7fc8affe8420f829ddf59cc8549b4\.r2\.dev$/i"; classtype:trojan-activity; sid:37997671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-edf7fc8affe8420f829ddf59cc8549b4.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-edf7fc8affe8420f829ddf59cc8549b4.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-edf7fc8affe8420f829ddf59cc8549b4\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname tantemelayuviral69-malaysia2024.biz.id"; dns.query; content:"tantemelayuviral69-malaysia2024.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tantemelayuviral69\-malaysia2024\.biz\.id$/i"; classtype:trojan-activity; sid:37997701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname tantemelayuviral69-malaysia2024.biz.id"; flow:to_server,established; http.header; content: "Host|3a| tantemelayuviral69-malaysia2024.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tantemelayuviral69\-malaysia2024\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//tantemelayuviral69-malaysia2024.biz.id/channel1/main.php"; flow:to_server,established; http.header; content:"tantemelayuviral69-malaysia2024.biz.id"; fast_pattern; nocase; http.uri; content:"/channel1/main.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37997711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname fakeserhelpsreivew-facesonseriengoies-16839.io.vn"; dns.query; content:"fakeserhelpsreivew-facesonseriengoies-16839.io.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fakeserhelpsreivew\-facesonseriengoies\-16839\.io\.vn$/i"; classtype:trojan-activity; sid:37997731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname fakeserhelpsreivew-facesonseriengoies-16839.io.vn"; flow:to_server,established; http.header; content: "Host|3a| fakeserhelpsreivew-facesonseriengoies-16839.io.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fakeserhelpsreivew\-facesonseriengoies\-16839\.io\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//fakeserhelpsreivew-facesonseriengoies-16839.io.vn"; flow:to_server,established; http.header; content:"fakeserhelpsreivew-facesonseriengoies-16839.io.vn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37997741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname informasibansos2024.chek11.my.id"; dns.query; content:"informasibansos2024.chek11.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasibansos2024\.chek11\.my\.id$/i"; classtype:trojan-activity; sid:37997761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname informasibansos2024.chek11.my.id"; flow:to_server,established; http.header; content: "Host|3a| informasibansos2024.chek11.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasibansos2024\.chek11\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//informasibansos2024.chek11.my.id/main.php.html"; flow:to_server,established; http.header; content:"informasibansos2024.chek11.my.id"; fast_pattern; nocase; http.uri; content:"/main.php.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37997771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telegram.tgweb.ren"; dns.query; content:"telegram.tgweb.ren"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.tgweb\.ren$/i"; classtype:trojan-activity; sid:37997791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telegram.tgweb.ren"; flow:to_server,established; http.header; content: "Host|3a| telegram.tgweb.ren"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.tgweb\.ren[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname tgadminuser.tgweb.vip"; dns.query; content:"tgadminuser.tgweb.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.tgweb\.vip$/i"; classtype:trojan-activity; sid:37997821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname tgadminuser.tgweb.vip"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.tgweb.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.tgweb\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname tgadminuser.tgweb.co"; dns.query; content:"tgadminuser.tgweb.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.tgweb\.co$/i"; classtype:trojan-activity; sid:37997851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname tgadminuser.tgweb.co"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.tgweb.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.tgweb\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname tgadminuser.tgweb.club"; dns.query; content:"tgadminuser.tgweb.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.tgweb\.club$/i"; classtype:trojan-activity; sid:37997881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname tgadminuser.tgweb.club"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.tgweb.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.tgweb\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telegram.tgweb.vip"; dns.query; content:"telegram.tgweb.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.tgweb\.vip$/i"; classtype:trojan-activity; sid:37997911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telegram.tgweb.vip"; flow:to_server,established; http.header; content: "Host|3a| telegram.tgweb.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.tgweb\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname fakeserhelpsreivew-facesonseriengoies-16838.io.vn"; dns.query; content:"fakeserhelpsreivew-facesonseriengoies-16838.io.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fakeserhelpsreivew\-facesonseriengoies\-16838\.io\.vn$/i"; classtype:trojan-activity; sid:37997941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname fakeserhelpsreivew-facesonseriengoies-16838.io.vn"; flow:to_server,established; http.header; content: "Host|3a| fakeserhelpsreivew-facesonseriengoies-16838.io.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fakeserhelpsreivew\-facesonseriengoies\-16838\.io\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//fakeserhelpsreivew-facesonseriengoies-16838.io.vn"; flow:to_server,established; http.header; content:"fakeserhelpsreivew-facesonseriengoies-16838.io.vn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37997951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname edevlet-mobilbanka-girisgovtr.app"; dns.query; content:"edevlet-mobilbanka-girisgovtr.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevlet\-mobilbanka\-girisgovtr\.app$/i"; classtype:trojan-activity; sid:37997971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname edevlet-mobilbanka-girisgovtr.app"; flow:to_server,established; http.header; content: "Host|3a| edevlet-mobilbanka-girisgovtr.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevlet\-mobilbanka\-girisgovtr\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37997972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//edevlet-mobilbanka-girisgovtr.app"; flow:to_server,established; http.header; content:"edevlet-mobilbanka-girisgovtr.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37997981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname attnet-107974.weeblysite.com"; dns.query; content:"attnet-107974.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attnet\-107974\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37998001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname attnet-107974.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| attnet-107974.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attnet\-107974\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//attnet-107974.weeblysite.com"; flow:to_server,established; http.header; content:"attnet-107974.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname aiwebbyvotettytryr6.pages.dev"; dns.query; content:"aiwebbyvotettytryr6.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aiwebbyvotettytryr6\.pages\.dev$/i"; classtype:trojan-activity; sid:37998031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname aiwebbyvotettytryr6.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| aiwebbyvotettytryr6.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aiwebbyvotettytryr6\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//aiwebbyvotettytryr6.pages.dev/index_files/index_files/index_files/index_files/login.php"; flow:to_server,established; http.header; content:"aiwebbyvotettytryr6.pages.dev"; fast_pattern; nocase; http.uri; content:"/index_files/index_files/index_files/index_files/login.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname aiwebbyvotettytryr6.pages.dev"; dns.query; content:"aiwebbyvotettytryr6.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aiwebbyvotettytryr6\.pages\.dev$/i"; classtype:trojan-activity; sid:37998061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname aiwebbyvotettytryr6.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| aiwebbyvotettytryr6.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aiwebbyvotettytryr6\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//aiwebbyvotettytryr6.pages.dev/index_files/index_files/index_files/index_files/eventcheck.js"; flow:to_server,established; http.header; content:"aiwebbyvotettytryr6.pages.dev"; fast_pattern; nocase; http.uri; content:"/index_files/index_files/index_files/index_files/eventcheck.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname worker-ancient-silence-5ccd.sogniyadro.workers.dev"; dns.query; content:"worker-ancient-silence-5ccd.sogniyadro.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-ancient\-silence\-5ccd\.sogniyadro\.workers\.dev$/i"; classtype:trojan-activity; sid:37998091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname worker-ancient-silence-5ccd.sogniyadro.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-ancient-silence-5ccd.sogniyadro.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-ancient\-silence\-5ccd\.sogniyadro\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//worker-ancient-silence-5ccd.sogniyadro.workers.dev"; flow:to_server,established; http.header; content:"worker-ancient-silence-5ccd.sogniyadro.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname cfa4d.f-r-e-e.biz.id"; dns.query; content:"cfa4d.f-r-e-e.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cfa4d\.f\-r\-e\-e\.biz\.id$/i"; classtype:trojan-activity; sid:37998121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname cfa4d.f-r-e-e.biz.id"; flow:to_server,established; http.header; content: "Host|3a| cfa4d.f-r-e-e.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cfa4d\.f\-r\-e\-e\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//cfa4d.f-r-e-e.biz.id"; flow:to_server,established; http.header; content:"cfa4d.f-r-e-e.biz.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname loudflare-du2.pages.dev"; dns.query; content:"loudflare-du2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])loudflare\-du2\.pages\.dev$/i"; classtype:trojan-activity; sid:37998151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname loudflare-du2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| loudflare-du2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])loudflare\-du2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//loudflare-du2.pages.dev"; flow:to_server,established; http.header; content:"loudflare-du2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname jamricgayojs02.pages.dev"; dns.query; content:"jamricgayojs02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jamricgayojs02\.pages\.dev$/i"; classtype:trojan-activity; sid:37998181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname jamricgayojs02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jamricgayojs02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jamricgayojs02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//jamricgayojs02.pages.dev"; flow:to_server,established; http.header; content:"jamricgayojs02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname depl.pages.dev"; dns.query; content:"depl.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])depl\.pages\.dev$/i"; classtype:trojan-activity; sid:37998211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname depl.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| depl.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])depl\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//depl.pages.dev"; flow:to_server,established; http.header; content:"depl.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname dferfsde34rd.pages.dev"; dns.query; content:"dferfsde34rd.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dferfsde34rd\.pages\.dev$/i"; classtype:trojan-activity; sid:37998241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname dferfsde34rd.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dferfsde34rd.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dferfsde34rd\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//dferfsde34rd.pages.dev"; flow:to_server,established; http.header; content:"dferfsde34rd.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname syre.pages.dev"; dns.query; content:"syre.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])syre\.pages\.dev$/i"; classtype:trojan-activity; sid:37998271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname syre.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| syre.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])syre\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//syre.pages.dev"; flow:to_server,established; http.header; content:"syre.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telegrapsexdating.pages.dev"; dns.query; content:"telegrapsexdating.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrapsexdating\.pages\.dev$/i"; classtype:trojan-activity; sid:37998301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telegrapsexdating.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegrapsexdating.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrapsexdating\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//telegrapsexdating.pages.dev"; flow:to_server,established; http.header; content:"telegrapsexdating.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname vruj.pages.dev"; dns.query; content:"vruj.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vruj\.pages\.dev$/i"; classtype:trojan-activity; sid:37998331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname vruj.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| vruj.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vruj\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//vruj.pages.dev"; flow:to_server,established; http.header; content:"vruj.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname wk.pl"; dns.query; content:"wk.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wk\.pl$/i"; classtype:trojan-activity; sid:37998361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname wk.pl"; flow:to_server,established; http.header; content: "Host|3a| wk.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wk\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//wk.pl"; flow:to_server,established; http.header; content:"wk.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname swinghighandlowaeufhsvaomailservicecheckings.pages.dev"; dns.query; content:"swinghighandlowaeufhsvaomailservicecheckings.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swinghighandlowaeufhsvaomailservicecheckings\.pages\.dev$/i"; classtype:trojan-activity; sid:37998391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname swinghighandlowaeufhsvaomailservicecheckings.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| swinghighandlowaeufhsvaomailservicecheckings.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swinghighandlowaeufhsvaomailservicecheckings\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//swinghighandlowaeufhsvaomailservicecheckings.pages.dev"; flow:to_server,established; http.header; content:"swinghighandlowaeufhsvaomailservicecheckings.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname imdervillavicencio.gov.co"; dns.query; content:"imdervillavicencio.gov.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imdervillavicencio\.gov\.co$/i"; classtype:trojan-activity; sid:37998421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname imdervillavicencio.gov.co"; flow:to_server,established; http.header; content: "Host|3a| imdervillavicencio.gov.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imdervillavicencio\.gov\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-cc87db8636d3479a8418d9985707930b.r2.dev"; dns.query; content:"pub-cc87db8636d3479a8418d9985707930b.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-cc87db8636d3479a8418d9985707930b\.r2\.dev$/i"; classtype:trojan-activity; sid:37998451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-cc87db8636d3479a8418d9985707930b.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-cc87db8636d3479a8418d9985707930b.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-cc87db8636d3479a8418d9985707930b\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//pub-cc87db8636d3479a8418d9985707930b.r2.dev/mumus.html"; flow:to_server,established; http.header; content:"pub-cc87db8636d3479a8418d9985707930b.r2.dev"; fast_pattern; nocase; http.uri; content:"/mumus.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname microhaze-3820.pintwten.workers.dev"; dns.query; content:"microhaze-3820.pintwten.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microhaze\-3820\.pintwten\.workers\.dev$/i"; classtype:trojan-activity; sid:37998481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname microhaze-3820.pintwten.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| microhaze-3820.pintwten.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microhaze\-3820\.pintwten\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//microhaze-3820.pintwten.workers.dev/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/prefetch(1).html"; flow:to_server,established; http.header; content:"microhaze-3820.pintwten.workers.dev"; fast_pattern; nocase; http.uri; content:"/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/prefetch(1).html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname microhaze-3820.pintwten.workers.dev"; dns.query; content:"microhaze-3820.pintwten.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microhaze\-3820\.pintwten\.workers\.dev$/i"; classtype:trojan-activity; sid:37998511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname microhaze-3820.pintwten.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| microhaze-3820.pintwten.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microhaze\-3820\.pintwten\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//microhaze-3820.pintwten.workers.dev/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/prefetch(1).html"; flow:to_server,established; http.header; content:"microhaze-3820.pintwten.workers.dev"; fast_pattern; nocase; http.uri; content:"/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/sign%20in%20to%20your%20account_files/prefetch(1).html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telegram-xb.com"; dns.query; content:"telegram-xb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-xb\.com$/i"; classtype:trojan-activity; sid:37998541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telegram-xb.com"; flow:to_server,established; http.header; content: "Host|3a| telegram-xb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-xb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telegram-xw.com"; dns.query; content:"telegram-xw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-xw\.com$/i"; classtype:trojan-activity; sid:37998571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telegram-xw.com"; flow:to_server,established; http.header; content: "Host|3a| telegram-xw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\-xw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert ip $HOME_NET any -> 45.137.22.252 55615 (msg: "MISP e27591 [RedLineStealer] Outgoing To IP: 45.137.22.252|55615"; classtype:trojan-activity; sid:37964851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname redirected-fixed.pages.dev"; dns.query; content:"redirected-fixed.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redirected\-fixed\.pages\.dev$/i"; classtype:trojan-activity; sid:37998601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname redirected-fixed.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| redirected-fixed.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redirected\-fixed\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//redirected-fixed.pages.dev"; flow:to_server,established; http.header; content:"redirected-fixed.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname katie-wa-sexxx435.pages.dev"; dns.query; content:"katie-wa-sexxx435.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])katie\-wa\-sexxx435\.pages\.dev$/i"; classtype:trojan-activity; sid:37998631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname katie-wa-sexxx435.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| katie-wa-sexxx435.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])katie\-wa\-sexxx435\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//katie-wa-sexxx435.pages.dev"; flow:to_server,established; http.header; content:"katie-wa-sexxx435.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname aiwebbyvotettytryr6.pages.dev"; dns.query; content:"aiwebbyvotettytryr6.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aiwebbyvotettytryr6\.pages\.dev$/i"; classtype:trojan-activity; sid:37998661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname aiwebbyvotettytryr6.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| aiwebbyvotettytryr6.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aiwebbyvotettytryr6\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//aiwebbyvotettytryr6.pages.dev"; flow:to_server,established; http.header; content:"aiwebbyvotettytryr6.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname qpzjd.pages.dev"; dns.query; content:"qpzjd.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qpzjd\.pages\.dev$/i"; classtype:trojan-activity; sid:37998691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname qpzjd.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| qpzjd.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qpzjd\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//qpzjd.pages.dev"; flow:to_server,established; http.header; content:"qpzjd.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname invifog-644a.warik96420.workers.dev"; dns.query; content:"invifog-644a.warik96420.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])invifog\-644a\.warik96420\.workers\.dev$/i"; classtype:trojan-activity; sid:37998721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname invifog-644a.warik96420.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| invifog-644a.warik96420.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])invifog\-644a\.warik96420\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//invifog-644a.warik96420.workers.dev"; flow:to_server,established; http.header; content:"invifog-644a.warik96420.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname nsjsgv.godp4y.com"; dns.query; content:"nsjsgv.godp4y.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nsjsgv\.godp4y\.com$/i"; classtype:trojan-activity; sid:37998751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname nsjsgv.godp4y.com"; flow:to_server,established; http.header; content: "Host|3a| nsjsgv.godp4y.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nsjsgv\.godp4y\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//nsjsgv.godp4y.com"; flow:to_server,established; http.header; content:"nsjsgv.godp4y.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname hello-world-winter-violet-9012.kecorat885.workers.dev"; dns.query; content:"hello-world-winter-violet-9012.kecorat885.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-winter\-violet\-9012\.kecorat885\.workers\.dev$/i"; classtype:trojan-activity; sid:37998781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname hello-world-winter-violet-9012.kecorat885.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-winter-violet-9012.kecorat885.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-winter\-violet\-9012\.kecorat885\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//hello-world-winter-violet-9012.kecorat885.workers.dev"; flow:to_server,established; http.header; content:"hello-world-winter-violet-9012.kecorat885.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname h.yapaga9986.workers.dev"; dns.query; content:"h.yapaga9986.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h\.yapaga9986\.workers\.dev$/i"; classtype:trojan-activity; sid:37998811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname h.yapaga9986.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| h.yapaga9986.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h\.yapaga9986\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//h.yapaga9986.workers.dev"; flow:to_server,established; http.header; content:"h.yapaga9986.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname hello-world-muddy-bonus-a86d.brenboese.workers.dev"; dns.query; content:"hello-world-muddy-bonus-a86d.brenboese.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-muddy\-bonus\-a86d\.brenboese\.workers\.dev$/i"; classtype:trojan-activity; sid:37998841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname hello-world-muddy-bonus-a86d.brenboese.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-muddy-bonus-a86d.brenboese.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-muddy\-bonus\-a86d\.brenboese\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname beneficioregularizacao.com"; dns.query; content:"beneficioregularizacao.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beneficioregularizacao\.com$/i"; classtype:trojan-activity; sid:37998871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname beneficioregularizacao.com"; flow:to_server,established; http.header; content: "Host|3a| beneficioregularizacao.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beneficioregularizacao\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//beneficioregularizacao.com"; flow:to_server,established; http.header; content:"beneficioregularizacao.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname grurh3.des4.com.tr"; dns.query; content:"grurh3.des4.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grurh3\.des4\.com\.tr$/i"; classtype:trojan-activity; sid:37998901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname grurh3.des4.com.tr"; flow:to_server,established; http.header; content: "Host|3a| grurh3.des4.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grurh3\.des4\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//grurh3.des4.com.tr"; flow:to_server,established; http.header; content:"grurh3.des4.com.tr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname grtdr.dew4.my.id"; dns.query; content:"grtdr.dew4.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grtdr\.dew4\.my\.id$/i"; classtype:trojan-activity; sid:37998931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname grtdr.dew4.my.id"; flow:to_server,established; http.header; content: "Host|3a| grtdr.dew4.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grtdr\.dew4\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//grtdr.dew4.my.id"; flow:to_server,established; http.header; content:"grtdr.dew4.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ksudsh.com"; dns.query; content:"ksudsh.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksudsh\.com$/i"; classtype:trojan-activity; sid:37998961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ksudsh.com"; flow:to_server,established; http.header; content: "Host|3a| ksudsh.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksudsh\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//ksudsh.com"; flow:to_server,established; http.header; content:"ksudsh.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37998971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ksudsc.com"; dns.query; content:"ksudsc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksudsc\.com$/i"; classtype:trojan-activity; sid:37998991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ksudsc.com"; flow:to_server,established; http.header; content: "Host|3a| ksudsc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksudsc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37998992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//ksudsc.com"; flow:to_server,established; http.header; content:"ksudsc.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname scza837fjv.net-id.xyz"; dns.query; content:"scza837fjv.net-id.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scza837fjv\.net\-id\.xyz$/i"; classtype:trojan-activity; sid:37999021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname scza837fjv.net-id.xyz"; flow:to_server,established; http.header; content: "Host|3a| scza837fjv.net-id.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])scza837fjv\.net\-id\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//scza837fjv.net-id.xyz"; flow:to_server,established; http.header; content:"scza837fjv.net-id.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-af7c9c32ed9f4ec1a6e7a3d9f50d791e.r2.dev"; dns.query; content:"pub-af7c9c32ed9f4ec1a6e7a3d9f50d791e.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-af7c9c32ed9f4ec1a6e7a3d9f50d791e\.r2\.dev$/i"; classtype:trojan-activity; sid:37999051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-af7c9c32ed9f4ec1a6e7a3d9f50d791e.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-af7c9c32ed9f4ec1a6e7a3d9f50d791e.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-af7c9c32ed9f4ec1a6e7a3d9f50d791e\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname onedrive.bodog.workers.dev"; dns.query; content:"onedrive.bodog.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onedrive\.bodog\.workers\.dev$/i"; classtype:trojan-activity; sid:37999081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname onedrive.bodog.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| onedrive.bodog.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onedrive\.bodog\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; dns.query; content:"login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.microsoftonline\.us\.office\.rp1\.abangaritest\.govshn\.net$/i"; classtype:trojan-activity; sid:37999111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; flow:to_server,established; http.header; content: "Host|3a| login.microsoftonline.us.office.rp1.abangaritest.govshn.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.microsoftonline\.us\.office\.rp1\.abangaritest\.govshn\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname admin.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; dns.query; content:"admin.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])admin\.gov\.teams\.microsoft\.us\.office\.rp1\.abangaritest\.govshn\.net$/i"; classtype:trojan-activity; sid:37999141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname admin.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; flow:to_server,established; http.header; content: "Host|3a| admin.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])admin\.gov\.teams\.microsoft\.us\.office\.rp1\.abangaritest\.govshn\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telegrom-xa.com"; dns.query; content:"telegrom-xa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-xa\.com$/i"; classtype:trojan-activity; sid:37999171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telegrom-xa.com"; flow:to_server,established; http.header; content: "Host|3a| telegrom-xa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrom\-xa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 1whales-pumb.com"; dns.query; content:"1whales-pumb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1whales\-pumb\.com$/i"; classtype:trojan-activity; sid:37999201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 1whales-pumb.com"; flow:to_server,established; http.header; content: "Host|3a| 1whales-pumb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1whales\-pumb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname blockchainrectification9.pages.dev"; dns.query; content:"blockchainrectification9.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainrectification9\.pages\.dev$/i"; classtype:trojan-activity; sid:37999231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname blockchainrectification9.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchainrectification9.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainrectification9\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//blockchainrectification9.pages.dev"; flow:to_server,established; http.header; content:"blockchainrectification9.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname orderlist.pages.dev"; dns.query; content:"orderlist.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])orderlist\.pages\.dev$/i"; classtype:trojan-activity; sid:37999261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname orderlist.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| orderlist.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])orderlist\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//orderlist.pages.dev"; flow:to_server,established; http.header; content:"orderlist.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 06tian-olu07auth-maggie07.pages.dev"; dns.query; content:"06tian-olu07auth-maggie07.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])06tian\-olu07auth\-maggie07\.pages\.dev$/i"; classtype:trojan-activity; sid:37999291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 06tian-olu07auth-maggie07.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 06tian-olu07auth-maggie07.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])06tian\-olu07auth\-maggie07\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//06tian-olu07auth-maggie07.pages.dev"; flow:to_server,established; http.header; content:"06tian-olu07auth-maggie07.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname blockchainrectification-d89.pages.dev"; dns.query; content:"blockchainrectification-d89.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainrectification\-d89\.pages\.dev$/i"; classtype:trojan-activity; sid:37999321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname blockchainrectification-d89.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchainrectification-d89.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainrectification\-d89\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//blockchainrectification-d89.pages.dev"; flow:to_server,established; http.header; content:"blockchainrectification-d89.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname mansom.pages.dev"; dns.query; content:"mansom.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mansom\.pages\.dev$/i"; classtype:trojan-activity; sid:37999351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname mansom.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| mansom.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mansom\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//mansom.pages.dev"; flow:to_server,established; http.header; content:"mansom.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usijddklsohdshsgdkjau04.pages.dev"; dns.query; content:"usijddklsohdshsgdkjau04.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usijddklsohdshsgdkjau04\.pages\.dev$/i"; classtype:trojan-activity; sid:37999381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usijddklsohdshsgdkjau04.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| usijddklsohdshsgdkjau04.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usijddklsohdshsgdkjau04\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//usijddklsohdshsgdkjau04.pages.dev"; flow:to_server,established; http.header; content:"usijddklsohdshsgdkjau04.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname trackingdhl.eu"; dns.query; content:"trackingdhl.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trackingdhl\.eu$/i"; classtype:trojan-activity; sid:37999411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname trackingdhl.eu"; flow:to_server,established; http.header; content: "Host|3a| trackingdhl.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trackingdhl\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//trackingdhl.eu"; flow:to_server,established; http.header; content:"trackingdhl.eu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname appsweb-server787.pages.dev"; dns.query; content:"appsweb-server787.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appsweb\-server787\.pages\.dev$/i"; classtype:trojan-activity; sid:37999441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname appsweb-server787.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| appsweb-server787.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appsweb\-server787\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//appsweb-server787.pages.dev"; flow:to_server,established; http.header; content:"appsweb-server787.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname dihwijdugwtrmdn.1i1.my.id"; dns.query; content:"dihwijdugwtrmdn.1i1.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dihwijdugwtrmdn\.1i1\.my\.id$/i"; classtype:trojan-activity; sid:37999471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname dihwijdugwtrmdn.1i1.my.id"; flow:to_server,established; http.header; content: "Host|3a| dihwijdugwtrmdn.1i1.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dihwijdugwtrmdn\.1i1\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//dihwijdugwtrmdn.1i1.my.id"; flow:to_server,established; http.header; content:"dihwijdugwtrmdn.1i1.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname flexi-motohandel.com.pl"; dns.query; content:"flexi-motohandel.com.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flexi\-motohandel\.com\.pl$/i"; classtype:trojan-activity; sid:37999501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname flexi-motohandel.com.pl"; flow:to_server,established; http.header; content: "Host|3a| flexi-motohandel.com.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flexi\-motohandel\.com\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//flexi-motohandel.com.pl"; flow:to_server,established; http.header; content:"flexi-motohandel.com.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname aqawsedt3.pages.dev"; dns.query; content:"aqawsedt3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aqawsedt3\.pages\.dev$/i"; classtype:trojan-activity; sid:37999531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname aqawsedt3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| aqawsedt3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aqawsedt3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//aqawsedt3.pages.dev"; flow:to_server,established; http.header; content:"aqawsedt3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uzvost.pro"; dns.query; content:"uzvost.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uzvost\.pro$/i"; classtype:trojan-activity; sid:37999561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uzvost.pro"; flow:to_server,established; http.header; content: "Host|3a| uzvost.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uzvost\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//uzvost.pro"; flow:to_server,established; http.header; content:"uzvost.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname mail.maliyeistrgov-tr281.com"; dns.query; content:"mail.maliyeistrgov-tr281.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.maliyeistrgov\-tr281\.com$/i"; classtype:trojan-activity; sid:37999591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname mail.maliyeistrgov-tr281.com"; flow:to_server,established; http.header; content: "Host|3a| mail.maliyeistrgov-tr281.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.maliyeistrgov\-tr281\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//mail.maliyeistrgov-tr281.com"; flow:to_server,established; http.header; content:"mail.maliyeistrgov-tr281.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname happymoonstone.com"; dns.query; content:"happymoonstone.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])happymoonstone\.com$/i"; classtype:trojan-activity; sid:37999621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname happymoonstone.com"; flow:to_server,established; http.header; content: "Host|3a| happymoonstone.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])happymoonstone\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname gasthof-kolpinghaus.de"; dns.query; content:"gasthof-kolpinghaus.de"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gasthof\-kolpinghaus\.de$/i"; classtype:trojan-activity; sid:37999651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname gasthof-kolpinghaus.de"; flow:to_server,established; http.header; content: "Host|3a| gasthof-kolpinghaus.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gasthof\-kolpinghaus\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname worker-home-att-767e.rijolo7229.workers.dev"; dns.query; content:"worker-home-att-767e.rijolo7229.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-home\-att\-767e\.rijolo7229\.workers\.dev$/i"; classtype:trojan-activity; sid:37999681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname worker-home-att-767e.rijolo7229.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-home-att-767e.rijolo7229.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-home\-att\-767e\.rijolo7229\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname videohotfb2021.blogspot.com"; dns.query; content:"videohotfb2021.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])videohotfb2021\.blogspot\.com$/i"; classtype:trojan-activity; sid:37999711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname videohotfb2021.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| videohotfb2021.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])videohotfb2021\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname videohotfb2021.blogspot.ch"; dns.query; content:"videohotfb2021.blogspot.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])videohotfb2021\.blogspot\.ch$/i"; classtype:trojan-activity; sid:37999741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname videohotfb2021.blogspot.ch"; flow:to_server,established; http.header; content: "Host|3a| videohotfb2021.blogspot.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])videohotfb2021\.blogspot\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ussp.uspjj.top"; dns.query; content:"ussp.uspjj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.uspjj\.top$/i"; classtype:trojan-activity; sid:37999771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ussp.uspjj.top"; flow:to_server,established; http.header; content: "Host|3a| ussp.uspjj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.uspjj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname uspr.usspwh.top"; dns.query; content:"uspr.usspwh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspr\.usspwh\.top$/i"; classtype:trojan-activity; sid:37999801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname uspr.usspwh.top"; flow:to_server,established; http.header; content: "Host|3a| uspr.usspwh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspr\.usspwh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname tyshi235.mujxk.com"; dns.query; content:"tyshi235.mujxk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tyshi235\.mujxk\.com$/i"; classtype:trojan-activity; sid:37999831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname tyshi235.mujxk.com"; flow:to_server,established; http.header; content: "Host|3a| tyshi235.mujxk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tyshi235\.mujxk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telstra-103688.weeblysite.com"; dns.query; content:"telstra-103688.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-103688\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37999861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telstra-103688.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-103688.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-103688\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname sdxfcgjhk.weebly.com"; dns.query; content:"sdxfcgjhk.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sdxfcgjhk\.weebly\.com$/i"; classtype:trojan-activity; sid:37999891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname sdxfcgjhk.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| sdxfcgjhk.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sdxfcgjhk\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname sbc567874103564.square.site"; dns.query; content:"sbc567874103564.square.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbc567874103564\.square\.site$/i"; classtype:trojan-activity; sid:37999921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname sbc567874103564.square.site"; flow:to_server,established; http.header; content: "Host|3a| sbc567874103564.square.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sbc567874103564\.square\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname indexx-e77.pages.dev"; dns.query; content:"indexx-e77.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])indexx\-e77\.pages\.dev$/i"; classtype:trojan-activity; sid:37999951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname indexx-e77.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| indexx-e77.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])indexx\-e77\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//indexx-e77.pages.dev"; flow:to_server,established; http.header; content:"indexx-e77.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37999961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pwerokfgvxm.vfreky.my.id"; dns.query; content:"pwerokfgvxm.vfreky.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pwerokfgvxm\.vfreky\.my\.id$/i"; classtype:trojan-activity; sid:37999981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pwerokfgvxm.vfreky.my.id"; flow:to_server,established; http.header; content: "Host|3a| pwerokfgvxm.vfreky.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pwerokfgvxm\.vfreky\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37999982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname mail.146-190-41-41.cprapid.com"; dns.query; content:"mail.146-190-41-41.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.146\-190\-41\-41\.cprapid\.com$/i"; classtype:trojan-activity; sid:38000011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname mail.146-190-41-41.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a| mail.146-190-41-41.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.146\-190\-41\-41\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname imtoken-nm.com"; dns.query; content:"imtoken-nm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-nm\.com$/i"; classtype:trojan-activity; sid:38000041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname imtoken-nm.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-nm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-nm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname gheras.sa"; dns.query; content:"gheras.sa"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gheras\.sa$/i"; classtype:trojan-activity; sid:38000071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname gheras.sa"; flow:to_server,established; http.header; content: "Host|3a| gheras.sa"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gheras\.sa[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname gratisdisinispinff.xerrc.my.id"; dns.query; content:"gratisdisinispinff.xerrc.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gratisdisinispinff\.xerrc\.my\.id$/i"; classtype:trojan-activity; sid:38000101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname gratisdisinispinff.xerrc.my.id"; flow:to_server,established; http.header; content: "Host|3a| gratisdisinispinff.xerrc.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gratisdisinispinff\.xerrc\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account9992.liink2.my.id"; dns.query; content:"facebook-account9992.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account9992\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38000131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account9992.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account9992.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account9992\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account86423.liink2.my.id"; dns.query; content:"facebook-account86423.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account86423\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38000161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account86423.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account86423.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account86423\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account88948.liink2.my.id"; dns.query; content:"facebook-account88948.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account88948\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38000191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account88948.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account88948.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account88948\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account86423.liink2.my.id"; dns.query; content:"facebook-account86423.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account86423\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38000221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account86423.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account86423.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account86423\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account70240.liink2.my.id"; dns.query; content:"facebook-account70240.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account70240\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38000251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account70240.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account70240.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account70240\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account60107.liink2.my.id"; dns.query; content:"facebook-account60107.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account60107\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38000281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account60107.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account60107.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account60107\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname emiliedeflroinemil.com"; dns.query; content:"emiliedeflroinemil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emiliedeflroinemil\.com$/i"; classtype:trojan-activity; sid:38000311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname emiliedeflroinemil.com"; flow:to_server,established; http.header; content: "Host|3a| emiliedeflroinemil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])emiliedeflroinemil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname depl.pages.dev"; dns.query; content:"depl.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])depl\.pages\.dev$/i"; classtype:trojan-activity; sid:38000341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname depl.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| depl.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])depl\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname community-standards-1006436512.firebaseapp.com"; dns.query; content:"community-standards-1006436512.firebaseapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])community\-standards\-1006436512\.firebaseapp\.com$/i"; classtype:trojan-activity; sid:38000371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname community-standards-1006436512.firebaseapp.com"; flow:to_server,established; http.header; content: "Host|3a| community-standards-1006436512.firebaseapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])community\-standards\-1006436512\.firebaseapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname cloudd-9bd4.endaonyadn.workers.dev"; dns.query; content:"cloudd-9bd4.endaonyadn.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloudd\-9bd4\.endaonyadn\.workers\.dev$/i"; classtype:trojan-activity; sid:38000401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname cloudd-9bd4.endaonyadn.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cloudd-9bd4.endaonyadn.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloudd\-9bd4\.endaonyadn\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname btinternet-102307.weeblysite.com"; dns.query; content:"btinternet-102307.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-102307\.weeblysite\.com$/i"; classtype:trojan-activity; sid:38000431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname btinternet-102307.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| btinternet-102307.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-102307\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ch.hotelsexpressusa.com"; dns.query; content:"ch.hotelsexpressusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ch\.hotelsexpressusa\.com$/i"; classtype:trojan-activity; sid:38000461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ch.hotelsexpressusa.com"; flow:to_server,established; http.header; content: "Host|3a| ch.hotelsexpressusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ch\.hotelsexpressusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//ch.hotelsexpressusa.com"; flow:to_server,established; http.header; content:"ch.hotelsexpressusa.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38000471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname bafybeig4lbepupzzg7ehzpbrlpeufeiuqqpa7paf3zgh4oeace6hkgkm7m.ipfs.cf-ipfs.com"; dns.query; content:"bafybeig4lbepupzzg7ehzpbrlpeufeiuqqpa7paf3zgh4oeace6hkgkm7m.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeig4lbepupzzg7ehzpbrlpeufeiuqqpa7paf3zgh4oeace6hkgkm7m\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:38000491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname bafybeig4lbepupzzg7ehzpbrlpeufeiuqqpa7paf3zgh4oeace6hkgkm7m.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeig4lbepupzzg7ehzpbrlpeufeiuqqpa7paf3zgh4oeace6hkgkm7m.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeig4lbepupzzg7ehzpbrlpeufeiuqqpa7paf3zgh4oeace6hkgkm7m\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname bafybeifrct5q72gx4phbuwpvihgxhgrba35zpxwz6kltus7mcf3zwxl6zu.ipfs.cf-ipfs.com"; dns.query; content:"bafybeifrct5q72gx4phbuwpvihgxhgrba35zpxwz6kltus7mcf3zwxl6zu.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeifrct5q72gx4phbuwpvihgxhgrba35zpxwz6kltus7mcf3zwxl6zu\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:38000521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname bafybeifrct5q72gx4phbuwpvihgxhgrba35zpxwz6kltus7mcf3zwxl6zu.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeifrct5q72gx4phbuwpvihgxhgrba35zpxwz6kltus7mcf3zwxl6zu.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeifrct5q72gx4phbuwpvihgxhgrba35zpxwz6kltus7mcf3zwxl6zu\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu.ipfs.cf-ipfs.com"; dns.query; content:"bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:38000551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeie4xgzh6cqv3ex3syp2rtw5rguklrc7gg45mgu476356o4tnnpdwu\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname att-100650.weeblysite.com"; dns.query; content:"att-100650.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-100650\.weeblysite\.com$/i"; classtype:trojan-activity; sid:38000581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname att-100650.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-100650.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-100650\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname accounts-google-com.google.research.skyfencenet.com"; dns.query; content:"accounts-google-com.google.research.skyfencenet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])accounts\-google\-com\.google\.research\.skyfencenet\.com$/i"; classtype:trojan-activity; sid:38000611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname accounts-google-com.google.research.skyfencenet.com"; flow:to_server,established; http.header; content: "Host|3a| accounts-google-com.google.research.skyfencenet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])accounts\-google\-com\.google\.research\.skyfencenet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5ghthrh4gg3g3g3.blogspot.com"; dns.query; content:"5ghthrh4gg3g3g3.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com$/i"; classtype:trojan-activity; sid:38000641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5ghthrh4gg3g3g3.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghthrh4gg3g3g3.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5ghthrh4gg3g3g3.blogspot.com"; dns.query; content:"5ghthrh4gg3g3g3.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com$/i"; classtype:trojan-activity; sid:38000671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5ghthrh4gg3g3g3.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghthrh4gg3g3g3.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5ghthrh4gg3g3g3.blogspot.com"; dns.query; content:"5ghthrh4gg3g3g3.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com$/i"; classtype:trojan-activity; sid:38000701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5ghthrh4gg3g3g3.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghthrh4gg3g3g3.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5ghthrh4gg3g3g3.blogspot.com"; dns.query; content:"5ghthrh4gg3g3g3.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com$/i"; classtype:trojan-activity; sid:38000731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5ghthrh4gg3g3g3.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghthrh4gg3g3g3.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5ghthrh4gg3g3g3.blogspot.com"; dns.query; content:"5ghthrh4gg3g3g3.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com$/i"; classtype:trojan-activity; sid:38000761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5ghthrh4gg3g3g3.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghthrh4gg3g3g3.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5ghthrh4gg3g3g3.blogspot.com"; dns.query; content:"5ghthrh4gg3g3g3.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com$/i"; classtype:trojan-activity; sid:38000791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5ghthrh4gg3g3g3.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghthrh4gg3g3g3.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5ghthrh4gg3g3g3.blogspot.com"; dns.query; content:"5ghthrh4gg3g3g3.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com$/i"; classtype:trojan-activity; sid:38000821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5ghthrh4gg3g3g3.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghthrh4gg3g3g3.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5ghthrh4gg3g3g3.blogspot.com"; dns.query; content:"5ghthrh4gg3g3g3.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com$/i"; classtype:trojan-activity; sid:38000851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5ghthrh4gg3g3g3.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghthrh4gg3g3g3.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5ghthrh4gg3g3g3.blogspot.com"; dns.query; content:"5ghthrh4gg3g3g3.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com$/i"; classtype:trojan-activity; sid:38000881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5ghthrh4gg3g3g3.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5ghthrh4gg3g3g3.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghthrh4gg3g3g3\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5fgfggfgr4g4g.blogspot.com"; dns.query; content:"5fgfggfgr4g4g.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfggfgr4g4g\.blogspot\.com$/i"; classtype:trojan-activity; sid:38000911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5fgfggfgr4g4g.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfggfgr4g4g.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfggfgr4g4g\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5fgfggfgr4g4g.blogspot.com.co"; dns.query; content:"5fgfggfgr4g4g.blogspot.com.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfggfgr4g4g\.blogspot\.com\.co$/i"; classtype:trojan-activity; sid:38000941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5fgfggfgr4g4g.blogspot.com.co"; flow:to_server,established; http.header; content: "Host|3a| 5fgfggfgr4g4g.blogspot.com.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfggfgr4g4g\.blogspot\.com\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5fgfgfgrfgrg4g4g.blogspot.com.ee"; dns.query; content:"5fgfgfgrfgrg4g4g.blogspot.com.ee"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfgrg4g4g\.blogspot\.com\.ee$/i"; classtype:trojan-activity; sid:38000971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5fgfgfgrfgrg4g4g.blogspot.com.ee"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgrfgrg4g4g.blogspot.com.ee"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfgrg4g4g\.blogspot\.com\.ee[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38000972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5fgfgfgrfgrg4g4g.blogspot.com"; dns.query; content:"5fgfgfgrfgrg4g4g.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfgrg4g4g\.blogspot\.com$/i"; classtype:trojan-activity; sid:38001001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5fgfgfgrfgrg4g4g.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgrfgrg4g4g.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgrfgrg4g4g\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-e2c84832f771406785e1f132d4eea051.r2.dev"; dns.query; content:"pub-e2c84832f771406785e1f132d4eea051.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-e2c84832f771406785e1f132d4eea051\.r2\.dev$/i"; classtype:trojan-activity; sid:38001031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-e2c84832f771406785e1f132d4eea051.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-e2c84832f771406785e1f132d4eea051.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-e2c84832f771406785e1f132d4eea051\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//pub-e2c84832f771406785e1f132d4eea051.r2.dev/doc_start.html"; flow:to_server,established; http.header; content:"pub-e2c84832f771406785e1f132d4eea051.r2.dev"; fast_pattern; nocase; http.uri; content:"/doc_start.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-cfe3b618b25d4e3e9bfd6f4f7e843cca.r2.dev"; dns.query; content:"pub-cfe3b618b25d4e3e9bfd6f4f7e843cca.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-cfe3b618b25d4e3e9bfd6f4f7e843cca\.r2\.dev$/i"; classtype:trojan-activity; sid:38001061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-cfe3b618b25d4e3e9bfd6f4f7e843cca.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-cfe3b618b25d4e3e9bfd6f4f7e843cca.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-cfe3b618b25d4e3e9bfd6f4f7e843cca\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//pub-cfe3b618b25d4e3e9bfd6f4f7e843cca.r2.dev/owa-pageeee-owa.html"; flow:to_server,established; http.header; content:"pub-cfe3b618b25d4e3e9bfd6f4f7e843cca.r2.dev"; fast_pattern; nocase; http.uri; content:"/owa-pageeee-owa.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-ab55a6961bc9472eac9561f0245b2cea.r2.dev"; dns.query; content:"pub-ab55a6961bc9472eac9561f0245b2cea.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ab55a6961bc9472eac9561f0245b2cea\.r2\.dev$/i"; classtype:trojan-activity; sid:38001091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-ab55a6961bc9472eac9561f0245b2cea.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-ab55a6961bc9472eac9561f0245b2cea.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ab55a6961bc9472eac9561f0245b2cea\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//pub-ab55a6961bc9472eac9561f0245b2cea.r2.dev/JjegedS9oJeYV7emPkeidUiep03mgN7qmSw0m9nB7Cp02nDuGei9mOwjEDoWX9CjPnbv5S7uDpm.html"; flow:to_server,established; http.header; content:"pub-ab55a6961bc9472eac9561f0245b2cea.r2.dev"; fast_pattern; nocase; http.uri; content:"/JjegedS9oJeYV7emPkeidUiep03mgN7qmSw0m9nB7Cp02nDuGei9mOwjEDoWX9CjPnbv5S7uDpm.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-a99c53d6c23946e4a025da611a9aea62.r2.dev"; dns.query; content:"pub-a99c53d6c23946e4a025da611a9aea62.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a99c53d6c23946e4a025da611a9aea62\.r2\.dev$/i"; classtype:trojan-activity; sid:38001121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-a99c53d6c23946e4a025da611a9aea62.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-a99c53d6c23946e4a025da611a9aea62.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-a99c53d6c23946e4a025da611a9aea62\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//pub-a99c53d6c23946e4a025da611a9aea62.r2.dev/owa-pageeee-owa.html"; flow:to_server,established; http.header; content:"pub-a99c53d6c23946e4a025da611a9aea62.r2.dev"; fast_pattern; nocase; http.uri; content:"/owa-pageeee-owa.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account9992.liink2.my.id"; dns.query; content:"facebook-account9992.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account9992\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38001151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account9992.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account9992.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account9992\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//facebook-account9992.liink2.my.id/website"; flow:to_server,established; http.header; content:"facebook-account9992.liink2.my.id"; fast_pattern; nocase; http.uri; content:"/website"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account97328.liink2.my.id"; dns.query; content:"facebook-account97328.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account97328\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38001181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account97328.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account97328.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account97328\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//facebook-account97328.liink2.my.id/website"; flow:to_server,established; http.header; content:"facebook-account97328.liink2.my.id"; fast_pattern; nocase; http.uri; content:"/website"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account97328.liink2.my.id"; dns.query; content:"facebook-account97328.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account97328\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38001211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account97328.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account97328.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account97328\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//facebook-account97328.liink2.my.id"; flow:to_server,established; http.header; content:"facebook-account97328.liink2.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account88948.liink2.my.id"; dns.query; content:"facebook-account88948.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account88948\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38001241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account88948.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account88948.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account88948\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//facebook-account88948.liink2.my.id/website"; flow:to_server,established; http.header; content:"facebook-account88948.liink2.my.id"; fast_pattern; nocase; http.uri; content:"/website"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account70240.liink2.my.id"; dns.query; content:"facebook-account70240.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account70240\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38001271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account70240.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account70240.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account70240\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//facebook-account70240.liink2.my.id/website"; flow:to_server,established; http.header; content:"facebook-account70240.liink2.my.id"; fast_pattern; nocase; http.uri; content:"/website"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname facebook-account60107.liink2.my.id"; dns.query; content:"facebook-account60107.liink2.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account60107\.liink2\.my\.id$/i"; classtype:trojan-activity; sid:38001301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname facebook-account60107.liink2.my.id"; flow:to_server,established; http.header; content: "Host|3a| facebook-account60107.liink2.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])facebook\-account60107\.liink2\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//facebook-account60107.liink2.my.id"; flow:to_server,established; http.header; content:"facebook-account60107.liink2.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-f795b0b66ccc4426ab8c7a8260e91b07.r2.dev"; dns.query; content:"pub-f795b0b66ccc4426ab8c7a8260e91b07.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f795b0b66ccc4426ab8c7a8260e91b07\.r2\.dev$/i"; classtype:trojan-activity; sid:38001331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-f795b0b66ccc4426ab8c7a8260e91b07.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-f795b0b66ccc4426ab8c7a8260e91b07.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f795b0b66ccc4426ab8c7a8260e91b07\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//pub-f795b0b66ccc4426ab8c7a8260e91b07.r2.dev/hun1.html"; flow:to_server,established; http.header; content:"pub-f795b0b66ccc4426ab8c7a8260e91b07.r2.dev"; fast_pattern; nocase; http.uri; content:"/hun1.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-b846d523bc0b4d1fa6400e468b8ffde6.r2.dev"; dns.query; content:"pub-b846d523bc0b4d1fa6400e468b8ffde6.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b846d523bc0b4d1fa6400e468b8ffde6\.r2\.dev$/i"; classtype:trojan-activity; sid:38001361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-b846d523bc0b4d1fa6400e468b8ffde6.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-b846d523bc0b4d1fa6400e468b8ffde6.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b846d523bc0b4d1fa6400e468b8ffde6\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//pub-b846d523bc0b4d1fa6400e468b8ffde6.r2.dev/hun.html"; flow:to_server,established; http.header; content:"pub-b846d523bc0b4d1fa6400e468b8ffde6.r2.dev"; fast_pattern; nocase; http.uri; content:"/hun.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname edevlet-onlinebankalar-girisgovtr.app"; dns.query; content:"edevlet-onlinebankalar-girisgovtr.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevlet\-onlinebankalar\-girisgovtr\.app$/i"; classtype:trojan-activity; sid:38001391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname edevlet-onlinebankalar-girisgovtr.app"; flow:to_server,established; http.header; content: "Host|3a| edevlet-onlinebankalar-girisgovtr.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevlet\-onlinebankalar\-girisgovtr\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//edevlet-onlinebankalar-girisgovtr.app"; flow:to_server,established; http.header; content:"edevlet-onlinebankalar-girisgovtr.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname mailseries24.pages.dev"; dns.query; content:"mailseries24.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailseries24\.pages\.dev$/i"; classtype:trojan-activity; sid:38001421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname mailseries24.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| mailseries24.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mailseries24\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telegramdatingivan.pages.dev"; dns.query; content:"telegramdatingivan.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramdatingivan\.pages\.dev$/i"; classtype:trojan-activity; sid:38001451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telegramdatingivan.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramdatingivan.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramdatingivan\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname b8399.top"; dns.query; content:"b8399.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b8399\.top$/i"; classtype:trojan-activity; sid:38001481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname b8399.top"; flow:to_server,established; http.header; content: "Host|3a| b8399.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])b8399\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//b8399.top"; flow:to_server,established; http.header; content:"b8399.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname atupas.weebly.com"; dns.query; content:"atupas.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])atupas\.weebly\.com$/i"; classtype:trojan-activity; sid:38001511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname atupas.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| atupas.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])atupas\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//atupas.weebly.com"; flow:to_server,established; http.header; content:"atupas.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname attnet-108795.weeblysite.com"; dns.query; content:"attnet-108795.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attnet\-108795\.weeblysite\.com$/i"; classtype:trojan-activity; sid:38001541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname attnet-108795.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| attnet-108795.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attnet\-108795\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//attnet-108795.weeblysite.com"; flow:to_server,established; http.header; content:"attnet-108795.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname att-107488-105760.square.site"; dns.query; content:"att-107488-105760.square.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-107488\-105760\.square\.site$/i"; classtype:trojan-activity; sid:38001571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname att-107488-105760.square.site"; flow:to_server,established; http.header; content: "Host|3a| att-107488-105760.square.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-107488\-105760\.square\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//att-107488-105760.square.site"; flow:to_server,established; http.header; content:"att-107488-105760.square.site"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname att-105097-108331.weeblysite.com"; dns.query; content:"att-105097-108331.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-105097\-108331\.weeblysite\.com$/i"; classtype:trojan-activity; sid:38001601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname att-105097-108331.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-105097-108331.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-105097\-108331\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//att-105097-108331.weeblysite.com"; flow:to_server,established; http.header; content:"att-105097-108331.weeblysite.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname aolnotificattion.weebly.com"; dns.query; content:"aolnotificattion.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aolnotificattion\.weebly\.com$/i"; classtype:trojan-activity; sid:38001631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname aolnotificattion.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| aolnotificattion.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aolnotificattion\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//aolnotificattion.weebly.com"; flow:to_server,established; http.header; content:"aolnotificattion.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5ghghghh54h.blogspot.tw"; dns.query; content:"5ghghghh54h.blogspot.tw"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghghghh54h\.blogspot\.tw$/i"; classtype:trojan-activity; sid:38001661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5ghghghh54h.blogspot.tw"; flow:to_server,established; http.header; content: "Host|3a| 5ghghghh54h.blogspot.tw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ghghghh54h\.blogspot\.tw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//5ghghghh54h.blogspot.tw"; flow:to_server,established; http.header; content:"5ghghghh54h.blogspot.tw"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 5fgfgfgfg4g4gh4fg4g4.blogspot.tw"; dns.query; content:"5fgfgfgfg4g4gh4fg4g4.blogspot.tw"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fg4g4\.blogspot\.tw$/i"; classtype:trojan-activity; sid:38001691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 5fgfgfgfg4g4gh4fg4g4.blogspot.tw"; flow:to_server,established; http.header; content: "Host|3a| 5fgfgfgfg4g4gh4fg4g4.blogspot.tw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5fgfgfgfg4g4gh4fg4g4\.blogspot\.tw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//5fgfgfgfg4g4gh4fg4g4.blogspot.tw"; flow:to_server,established; http.header; content:"5fgfgfgfg4g4gh4fg4g4.blogspot.tw"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname brfcoin.com"; dns.query; content:"brfcoin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brfcoin\.com$/i"; classtype:trojan-activity; sid:38001721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname brfcoin.com"; flow:to_server,established; http.header; content: "Host|3a| brfcoin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brfcoin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//brfcoin.com"; flow:to_server,established; http.header; content:"brfcoin.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname adrasantv.com"; dns.query; content:"adrasantv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adrasantv\.com$/i"; classtype:trojan-activity; sid:38001751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname adrasantv.com"; flow:to_server,established; http.header; content: "Host|3a| adrasantv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adrasantv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//adrasantv.com"; flow:to_server,established; http.header; content:"adrasantv.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 42xawe.pages.dev"; dns.query; content:"42xawe.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])42xawe\.pages\.dev$/i"; classtype:trojan-activity; sid:38001781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 42xawe.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 42xawe.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])42xawe\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//42xawe.pages.dev"; flow:to_server,established; http.header; content:"42xawe.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ac-autosprzedaz.com.pl"; dns.query; content:"ac-autosprzedaz.com.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ac\-autosprzedaz\.com\.pl$/i"; classtype:trojan-activity; sid:38001811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ac-autosprzedaz.com.pl"; flow:to_server,established; http.header; content: "Host|3a| ac-autosprzedaz.com.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ac\-autosprzedaz\.com\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//ac-autosprzedaz.com.pl"; flow:to_server,established; http.header; content:"ac-autosprzedaz.com.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname jasmistehavsenipodefans1.pages.dev"; dns.query; content:"jasmistehavsenipodefans1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jasmistehavsenipodefans1\.pages\.dev$/i"; classtype:trojan-activity; sid:38001841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname jasmistehavsenipodefans1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jasmistehavsenipodefans1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jasmistehavsenipodefans1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//jasmistehavsenipodefans1.pages.dev"; flow:to_server,established; http.header; content:"jasmistehavsenipodefans1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ghjvhf2.pages.dev"; dns.query; content:"ghjvhf2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghjvhf2\.pages\.dev$/i"; classtype:trojan-activity; sid:38001871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ghjvhf2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ghjvhf2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghjvhf2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//ghjvhf2.pages.dev"; flow:to_server,established; http.header; content:"ghjvhf2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ksudse.com"; dns.query; content:"ksudse.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksudse\.com$/i"; classtype:trojan-activity; sid:38001901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ksudse.com"; flow:to_server,established; http.header; content: "Host|3a| ksudse.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksudse\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//ksudse.com"; flow:to_server,established; http.header; content:"ksudse.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname tg.111311.xyz"; dns.query; content:"tg.111311.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.111311\.xyz$/i"; classtype:trojan-activity; sid:38001931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname tg.111311.xyz"; flow:to_server,established; http.header; content: "Host|3a| tg.111311.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tg\.111311\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//tg.111311.xyz"; flow:to_server,established; http.header; content:"tg.111311.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 32ngfjm.pages.dev"; dns.query; content:"32ngfjm.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])32ngfjm\.pages\.dev$/i"; classtype:trojan-activity; sid:38001961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 32ngfjm.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 32ngfjm.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])32ngfjm\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//32ngfjm.pages.dev"; flow:to_server,established; http.header; content:"32ngfjm.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38001971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname imtoken-qh.pro"; dns.query; content:"imtoken-qh.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qh\.pro$/i"; classtype:trojan-activity; sid:38001991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname imtoken-qh.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-qh.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qh\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38001992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//imtoken-qh.pro"; flow:to_server,established; http.header; content:"imtoken-qh.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname tasioewurdhjsieyytdodma04.pages.dev"; dns.query; content:"tasioewurdhjsieyytdodma04.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tasioewurdhjsieyytdodma04\.pages\.dev$/i"; classtype:trojan-activity; sid:38002021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname tasioewurdhjsieyytdodma04.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| tasioewurdhjsieyytdodma04.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tasioewurdhjsieyytdodma04\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//tasioewurdhjsieyytdodma04.pages.dev"; flow:to_server,established; http.header; content:"tasioewurdhjsieyytdodma04.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname assistentevirtualcxt.com"; dns.query; content:"assistentevirtualcxt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])assistentevirtualcxt\.com$/i"; classtype:trojan-activity; sid:38002051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname assistentevirtualcxt.com"; flow:to_server,established; http.header; content: "Host|3a| assistentevirtualcxt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])assistentevirtualcxt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//assistentevirtualcxt.com"; flow:to_server,established; http.header; content:"assistentevirtualcxt.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname dferwesss2.pages.dev"; dns.query; content:"dferwesss2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dferwesss2\.pages\.dev$/i"; classtype:trojan-activity; sid:38002081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname dferwesss2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dferwesss2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dferwesss2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//dferwesss2.pages.dev"; flow:to_server,established; http.header; content:"dferwesss2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname zsdxf5.pages.dev"; dns.query; content:"zsdxf5.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zsdxf5\.pages\.dev$/i"; classtype:trojan-activity; sid:38002111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname zsdxf5.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| zsdxf5.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zsdxf5\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//zsdxf5.pages.dev"; flow:to_server,established; http.header; content:"zsdxf5.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname edevlethazine27.com"; dns.query; content:"edevlethazine27.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevlethazine27\.com$/i"; classtype:trojan-activity; sid:38002141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname edevlethazine27.com"; flow:to_server,established; http.header; content: "Host|3a| edevlethazine27.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevlethazine27\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//edevlethazine27.com"; flow:to_server,established; http.header; content:"edevlethazine27.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname etrtuigujj2.pages.dev"; dns.query; content:"etrtuigujj2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])etrtuigujj2\.pages\.dev$/i"; classtype:trojan-activity; sid:38002171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname etrtuigujj2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| etrtuigujj2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])etrtuigujj2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//etrtuigujj2.pages.dev"; flow:to_server,established; http.header; content:"etrtuigujj2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname sabisejergaerrsetanspesaiue4.pages.dev"; dns.query; content:"sabisejergaerrsetanspesaiue4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sabisejergaerrsetanspesaiue4\.pages\.dev$/i"; classtype:trojan-activity; sid:38002201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname sabisejergaerrsetanspesaiue4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sabisejergaerrsetanspesaiue4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sabisejergaerrsetanspesaiue4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//sabisejergaerrsetanspesaiue4.pages.dev"; flow:to_server,established; http.header; content:"sabisejergaerrsetanspesaiue4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname weslinshoserihaecutetzinspon02.pages.dev"; dns.query; content:"weslinshoserihaecutetzinspon02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])weslinshoserihaecutetzinspon02\.pages\.dev$/i"; classtype:trojan-activity; sid:38002231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname weslinshoserihaecutetzinspon02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| weslinshoserihaecutetzinspon02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])weslinshoserihaecutetzinspon02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//weslinshoserihaecutetzinspon02.pages.dev"; flow:to_server,established; http.header; content:"weslinshoserihaecutetzinspon02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usps.hyhtttokcm.top"; dns.query; content:"usps.hyhtttokcm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.hyhtttokcm\.top$/i"; classtype:trojan-activity; sid:38002261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usps.hyhtttokcm.top"; flow:to_server,established; http.header; content: "Host|3a| usps.hyhtttokcm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.hyhtttokcm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//usps.hyhtttokcm.top"; flow:to_server,established; http.header; content:"usps.hyhtttokcm.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usps.aeovydvwxd.top"; dns.query; content:"usps.aeovydvwxd.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.aeovydvwxd\.top$/i"; classtype:trojan-activity; sid:38002291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usps.aeovydvwxd.top"; flow:to_server,established; http.header; content: "Host|3a| usps.aeovydvwxd.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.aeovydvwxd\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//usps.aeovydvwxd.top"; flow:to_server,established; http.header; content:"usps.aeovydvwxd.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usps.hhragzupes.top"; dns.query; content:"usps.hhragzupes.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.hhragzupes\.top$/i"; classtype:trojan-activity; sid:38002321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usps.hhragzupes.top"; flow:to_server,established; http.header; content: "Host|3a| usps.hhragzupes.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.hhragzupes\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//usps.hhragzupes.top"; flow:to_server,established; http.header; content:"usps.hhragzupes.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname prtykoms.vfreky.my.id"; dns.query; content:"prtykoms.vfreky.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prtykoms\.vfreky\.my\.id$/i"; classtype:trojan-activity; sid:38002351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname prtykoms.vfreky.my.id"; flow:to_server,established; http.header; content: "Host|3a| prtykoms.vfreky.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])prtykoms\.vfreky\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//prtykoms.vfreky.my.id"; flow:to_server,established; http.header; content:"prtykoms.vfreky.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usps.qqqbtzokdu.top"; dns.query; content:"usps.qqqbtzokdu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.qqqbtzokdu\.top$/i"; classtype:trojan-activity; sid:38002381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usps.qqqbtzokdu.top"; flow:to_server,established; http.header; content: "Host|3a| usps.qqqbtzokdu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.qqqbtzokdu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//usps.qqqbtzokdu.top"; flow:to_server,established; http.header; content:"usps.qqqbtzokdu.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usps.qkwqmolwsx.top"; dns.query; content:"usps.qkwqmolwsx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.qkwqmolwsx\.top$/i"; classtype:trojan-activity; sid:38002411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usps.qkwqmolwsx.top"; flow:to_server,established; http.header; content: "Host|3a| usps.qkwqmolwsx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.qkwqmolwsx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//usps.qkwqmolwsx.top"; flow:to_server,established; http.header; content:"usps.qkwqmolwsx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-f9680c98eb164a488ed7eb7854ba366f.r2.dev"; dns.query; content:"pub-f9680c98eb164a488ed7eb7854ba366f.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f9680c98eb164a488ed7eb7854ba366f\.r2\.dev$/i"; classtype:trojan-activity; sid:38002441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-f9680c98eb164a488ed7eb7854ba366f.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-f9680c98eb164a488ed7eb7854ba366f.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-f9680c98eb164a488ed7eb7854ba366f\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-5dedeed68a754a019bb5cc319680b748.r2.dev"; dns.query; content:"pub-5dedeed68a754a019bb5cc319680b748.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5dedeed68a754a019bb5cc319680b748\.r2\.dev$/i"; classtype:trojan-activity; sid:38002471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-5dedeed68a754a019bb5cc319680b748.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-5dedeed68a754a019bb5cc319680b748.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5dedeed68a754a019bb5cc319680b748\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//pub-5dedeed68a754a019bb5cc319680b748.r2.dev/index.html"; flow:to_server,established; http.header; content:"pub-5dedeed68a754a019bb5cc319680b748.r2.dev"; fast_pattern; nocase; http.uri; content:"/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-bac5f7218dda4303a5820e4328ce0abb.r2.dev"; dns.query; content:"pub-bac5f7218dda4303a5820e4328ce0abb.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-bac5f7218dda4303a5820e4328ce0abb\.r2\.dev$/i"; classtype:trojan-activity; sid:38002501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-bac5f7218dda4303a5820e4328ce0abb.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-bac5f7218dda4303a5820e4328ce0abb.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-bac5f7218dda4303a5820e4328ce0abb\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-5eb4c2fadece4f6aa3fe27f1665fd3db.r2.dev"; dns.query; content:"pub-5eb4c2fadece4f6aa3fe27f1665fd3db.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5eb4c2fadece4f6aa3fe27f1665fd3db\.r2\.dev$/i"; classtype:trojan-activity; sid:38002531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-5eb4c2fadece4f6aa3fe27f1665fd3db.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-5eb4c2fadece4f6aa3fe27f1665fd3db.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5eb4c2fadece4f6aa3fe27f1665fd3db\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-d793447c81514171913d3664f37ee09d.r2.dev"; dns.query; content:"pub-d793447c81514171913d3664f37ee09d.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d793447c81514171913d3664f37ee09d\.r2\.dev$/i"; classtype:trojan-activity; sid:38002561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-d793447c81514171913d3664f37ee09d.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-d793447c81514171913d3664f37ee09d.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d793447c81514171913d3664f37ee09d\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname channelhub.info"; dns.query; content:"channelhub.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])channelhub\.info$/i"; classtype:trojan-activity; sid:38002591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname channelhub.info"; flow:to_server,established; http.header; content: "Host|3a| channelhub.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])channelhub\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telegrmsn.club"; dns.query; content:"telegrmsn.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmsn\.club$/i"; classtype:trojan-activity; sid:38002621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telegrmsn.club"; flow:to_server,established; http.header; content: "Host|3a| telegrmsn.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrmsn\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//telegrmsn.club/"; flow:to_server,established; http.header; content:"telegrmsn.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telegram.tgweb.club"; dns.query; content:"telegram.tgweb.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.tgweb\.club$/i"; classtype:trojan-activity; sid:38002651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telegram.tgweb.club"; flow:to_server,established; http.header; content: "Host|3a| telegram.tgweb.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.tgweb\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telegram.tgweb.co"; dns.query; content:"telegram.tgweb.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.tgweb\.co$/i"; classtype:trojan-activity; sid:38002681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telegram.tgweb.co"; flow:to_server,established; http.header; content: "Host|3a| telegram.tgweb.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.tgweb\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheaad.com"; dns.query; content:"urheaad.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaad\.com$/i"; classtype:trojan-activity; sid:38002711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheaad.com"; flow:to_server,established; http.header; content: "Host|3a| urheaad.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaad\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheaad.com"; flow:to_server,established; http.header; content:"urheaad.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urhebwt.com"; dns.query; content:"urhebwt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebwt\.com$/i"; classtype:trojan-activity; sid:38002741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urhebwt.com"; flow:to_server,established; http.header; content: "Host|3a| urhebwt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebwt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urhebwt.com"; flow:to_server,established; http.header; content:"urhebwt.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheazq.com"; dns.query; content:"urheazq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheazq\.com$/i"; classtype:trojan-activity; sid:38002771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheazq.com"; flow:to_server,established; http.header; content: "Host|3a| urheazq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheazq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheazq.com"; flow:to_server,established; http.header; content:"urheazq.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheaeh.com"; dns.query; content:"urheaeh.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaeh\.com$/i"; classtype:trojan-activity; sid:38002801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheaeh.com"; flow:to_server,established; http.header; content: "Host|3a| urheaeh.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaeh\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheaeh.com"; flow:to_server,established; http.header; content:"urheaeh.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheabu.com"; dns.query; content:"urheabu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheabu\.com$/i"; classtype:trojan-activity; sid:38002831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheabu.com"; flow:to_server,established; http.header; content: "Host|3a| urheabu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheabu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheabu.com"; flow:to_server,established; http.header; content:"urheabu.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urhebwy.com"; dns.query; content:"urhebwy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebwy\.com$/i"; classtype:trojan-activity; sid:38002861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urhebwy.com"; flow:to_server,established; http.header; content: "Host|3a| urhebwy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebwy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urhebwy.com"; flow:to_server,established; http.header; content:"urhebwy.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheaag.com"; dns.query; content:"urheaag.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaag\.com$/i"; classtype:trojan-activity; sid:38002891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheaag.com"; flow:to_server,established; http.header; content: "Host|3a| urheaag.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaag\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheaag.com"; flow:to_server,established; http.header; content:"urheaag.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheaaa.com"; dns.query; content:"urheaaa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaaa\.com$/i"; classtype:trojan-activity; sid:38002921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheaaa.com"; flow:to_server,established; http.header; content: "Host|3a| urheaaa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaaa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheaaa.com"; flow:to_server,established; http.header; content:"urheaaa.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urhebqr.com"; dns.query; content:"urhebqr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebqr\.com$/i"; classtype:trojan-activity; sid:38002951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urhebqr.com"; flow:to_server,established; http.header; content: "Host|3a| urhebqr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebqr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urhebqr.com"; flow:to_server,established; http.header; content:"urhebqr.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheaev.com"; dns.query; content:"urheaev.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaev\.com$/i"; classtype:trojan-activity; sid:38002981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheaev.com"; flow:to_server,established; http.header; content: "Host|3a| urheaev.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaev\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38002982; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheaev.com"; flow:to_server,established; http.header; content:"urheaev.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38002991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname blwwsd.pages.dev"; dns.query; content:"blwwsd.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blwwsd\.pages\.dev$/i"; classtype:trojan-activity; sid:38003011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname blwwsd.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blwwsd.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blwwsd\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//blwwsd.pages.dev"; flow:to_server,established; http.header; content:"blwwsd.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheaef.com"; dns.query; content:"urheaef.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaef\.com$/i"; classtype:trojan-activity; sid:38003041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheaef.com"; flow:to_server,established; http.header; content: "Host|3a| urheaef.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaef\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheaef.com"; flow:to_server,established; http.header; content:"urheaef.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheaen.com"; dns.query; content:"urheaen.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaen\.com$/i"; classtype:trojan-activity; sid:38003071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheaen.com"; flow:to_server,established; http.header; content: "Host|3a| urheaen.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaen\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheaen.com"; flow:to_server,established; http.header; content:"urheaen.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheazr.com"; dns.query; content:"urheazr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheazr\.com$/i"; classtype:trojan-activity; sid:38003101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheazr.com"; flow:to_server,established; http.header; content: "Host|3a| urheazr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheazr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheazr.com"; flow:to_server,established; http.header; content:"urheazr.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheaed.com"; dns.query; content:"urheaed.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaed\.com$/i"; classtype:trojan-activity; sid:38003131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheaed.com"; flow:to_server,established; http.header; content: "Host|3a| urheaed.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaed\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheaed.com"; flow:to_server,established; http.header; content:"urheaed.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 02lkooj.pages.dev"; dns.query; content:"02lkooj.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])02lkooj\.pages\.dev$/i"; classtype:trojan-activity; sid:38003161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 02lkooj.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 02lkooj.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])02lkooj\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//02lkooj.pages.dev"; flow:to_server,established; http.header; content:"02lkooj.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usps.checkuspsz.top"; dns.query; content:"usps.checkuspsz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.checkuspsz\.top$/i"; classtype:trojan-activity; sid:38003191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usps.checkuspsz.top"; flow:to_server,established; http.header; content: "Host|3a| usps.checkuspsz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.checkuspsz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//usps.checkuspsz.top"; flow:to_server,established; http.header; content:"usps.checkuspsz.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usps.checkuspsx.top"; dns.query; content:"usps.checkuspsx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.checkuspsx\.top$/i"; classtype:trojan-activity; sid:38003221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usps.checkuspsx.top"; flow:to_server,established; http.header; content: "Host|3a| usps.checkuspsx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.checkuspsx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003222; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//usps.checkuspsx.top"; flow:to_server,established; http.header; content:"usps.checkuspsx.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usps.checkuspsg.com"; dns.query; content:"usps.checkuspsg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.checkuspsg\.com$/i"; classtype:trojan-activity; sid:38003251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usps.checkuspsg.com"; flow:to_server,established; http.header; content: "Host|3a| usps.checkuspsg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.checkuspsg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//usps.checkuspsg.com"; flow:to_server,established; http.header; content:"usps.checkuspsg.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname omega.mtalk.com.br"; dns.query; content:"omega.mtalk.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omega\.mtalk\.com\.br$/i"; classtype:trojan-activity; sid:38003281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname omega.mtalk.com.br"; flow:to_server,established; http.header; content: "Host|3a| omega.mtalk.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omega\.mtalk\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//omega.mtalk.com.br"; flow:to_server,established; http.header; content:"omega.mtalk.com.br"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usps.uspsshipchecka.com"; dns.query; content:"usps.uspsshipchecka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.uspsshipchecka\.com$/i"; classtype:trojan-activity; sid:38003311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usps.uspsshipchecka.com"; flow:to_server,established; http.header; content: "Host|3a| usps.uspsshipchecka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.uspsshipchecka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//usps.uspsshipchecka.com"; flow:to_server,established; http.header; content:"usps.uspsshipchecka.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname imtoken-qu.pro"; dns.query; content:"imtoken-qu.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qu\.pro$/i"; classtype:trojan-activity; sid:38003341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname imtoken-qu.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-qu.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qu\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//imtoken-qu.pro"; flow:to_server,established; http.header; content:"imtoken-qu.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname sepprationablecongratulationsdomains02.pages.dev"; dns.query; content:"sepprationablecongratulationsdomains02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sepprationablecongratulationsdomains02\.pages\.dev$/i"; classtype:trojan-activity; sid:38003371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname sepprationablecongratulationsdomains02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sepprationablecongratulationsdomains02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sepprationablecongratulationsdomains02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//sepprationablecongratulationsdomains02.pages.dev"; flow:to_server,established; http.header; content:"sepprationablecongratulationsdomains02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname imtoken-qe.pro"; dns.query; content:"imtoken-qe.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qe\.pro$/i"; classtype:trojan-activity; sid:38003401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname imtoken-qe.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-qe.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qe\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//imtoken-qe.pro"; flow:to_server,established; http.header; content:"imtoken-qe.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname esiuedhobrveosguarogdjboines3.pages.dev"; dns.query; content:"esiuedhobrveosguarogdjboines3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])esiuedhobrveosguarogdjboines3\.pages\.dev$/i"; classtype:trojan-activity; sid:38003431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname esiuedhobrveosguarogdjboines3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| esiuedhobrveosguarogdjboines3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])esiuedhobrveosguarogdjboines3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//esiuedhobrveosguarogdjboines3.pages.dev"; flow:to_server,established; http.header; content:"esiuedhobrveosguarogdjboines3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 52fhwet.pages.dev"; dns.query; content:"52fhwet.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])52fhwet\.pages\.dev$/i"; classtype:trojan-activity; sid:38003461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 52fhwet.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 52fhwet.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])52fhwet\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//52fhwet.pages.dev"; flow:to_server,established; http.header; content:"52fhwet.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname checkverifiedhsffdgd-sfhsfjjwk883gchsjhsdhjkasgfasjkahasj3.pages.dev"; dns.query; content:"checkverifiedhsffdgd-sfhsfjjwk883gchsjhsdhjkasgfasjkahasj3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])checkverifiedhsffdgd\-sfhsfjjwk883gchsjhsdhjkasgfasjkahasj3\.pages\.dev$/i"; classtype:trojan-activity; sid:38003491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname checkverifiedhsffdgd-sfhsfjjwk883gchsjhsdhjkasgfasjkahasj3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| checkverifiedhsffdgd-sfhsfjjwk883gchsjhsdhjkasgfasjkahasj3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])checkverifiedhsffdgd\-sfhsfjjwk883gchsjhsdhjkasgfasjkahasj3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//checkverifiedhsffdgd-sfhsfjjwk883gchsjhsdhjkasgfasjkahasj3.pages.dev"; flow:to_server,established; http.header; content:"checkverifiedhsffdgd-sfhsfjjwk883gchsjhsdhjkasgfasjkahasj3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname sabisejergaerrsetanspesaiue3.pages.dev"; dns.query; content:"sabisejergaerrsetanspesaiue3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sabisejergaerrsetanspesaiue3\.pages\.dev$/i"; classtype:trojan-activity; sid:38003521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname sabisejergaerrsetanspesaiue3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sabisejergaerrsetanspesaiue3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sabisejergaerrsetanspesaiue3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//sabisejergaerrsetanspesaiue3.pages.dev"; flow:to_server,established; http.header; content:"sabisejergaerrsetanspesaiue3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname imtoken-qb.pro"; dns.query; content:"imtoken-qb.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qb\.pro$/i"; classtype:trojan-activity; sid:38003551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname imtoken-qb.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-qb.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qb\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//imtoken-qb.pro"; flow:to_server,established; http.header; content:"imtoken-qb.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname hxyff.terbaiik.com"; dns.query; content:"hxyff.terbaiik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hxyff\.terbaiik\.com$/i"; classtype:trojan-activity; sid:38003581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname hxyff.terbaiik.com"; flow:to_server,established; http.header; content: "Host|3a| hxyff.terbaiik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hxyff\.terbaiik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003582; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//hxyff.terbaiik.com"; flow:to_server,established; http.header; content:"hxyff.terbaiik.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname imtoken-ql.pro"; dns.query; content:"imtoken-ql.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ql\.pro$/i"; classtype:trojan-activity; sid:38003611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname imtoken-ql.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-ql.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-ql\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//imtoken-ql.pro"; flow:to_server,established; http.header; content:"imtoken-ql.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname cimico-07be84nkxk4ns3h3nkwnsbeiwsnwmssm.pages.dev"; dns.query; content:"cimico-07be84nkxk4ns3h3nkwnsbeiwsnwmssm.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cimico\-07be84nkxk4ns3h3nkwnsbeiwsnwmssm\.pages\.dev$/i"; classtype:trojan-activity; sid:38003641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname cimico-07be84nkxk4ns3h3nkwnsbeiwsnwmssm.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| cimico-07be84nkxk4ns3h3nkwnsbeiwsnwmssm.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cimico\-07be84nkxk4ns3h3nkwnsbeiwsnwmssm\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//cimico-07be84nkxk4ns3h3nkwnsbeiwsnwmssm.pages.dev"; flow:to_server,established; http.header; content:"cimico-07be84nkxk4ns3h3nkwnsbeiwsnwmssm.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname imtoken-qq.pro"; dns.query; content:"imtoken-qq.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qq\.pro$/i"; classtype:trojan-activity; sid:38003671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname imtoken-qq.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-qq.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qq\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//imtoken-qq.pro"; flow:to_server,established; http.header; content:"imtoken-qq.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheanw.com"; dns.query; content:"urheanw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheanw\.com$/i"; classtype:trojan-activity; sid:38003701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheanw.com"; flow:to_server,established; http.header; content: "Host|3a| urheanw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheanw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003702; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheanw.com"; flow:to_server,established; http.header; content:"urheanw.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheace.com"; dns.query; content:"urheace.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheace\.com$/i"; classtype:trojan-activity; sid:38003731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheace.com"; flow:to_server,established; http.header; content: "Host|3a| urheace.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheace\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003732; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheace.com"; flow:to_server,established; http.header; content:"urheace.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheakr.com"; dns.query; content:"urheakr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheakr\.com$/i"; classtype:trojan-activity; sid:38003761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheakr.com"; flow:to_server,established; http.header; content: "Host|3a| urheakr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheakr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheakr.com"; flow:to_server,established; http.header; content:"urheakr.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheacy.com"; dns.query; content:"urheacy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheacy\.com$/i"; classtype:trojan-activity; sid:38003791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheacy.com"; flow:to_server,established; http.header; content: "Host|3a| urheacy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheacy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheacy.com"; flow:to_server,established; http.header; content:"urheacy.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheams.com"; dns.query; content:"urheams.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheams\.com$/i"; classtype:trojan-activity; sid:38003821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheams.com"; flow:to_server,established; http.header; content: "Host|3a| urheams.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheams\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003822; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheams.com"; flow:to_server,established; http.header; content:"urheams.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urheamd.com"; dns.query; content:"urheamd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheamd\.com$/i"; classtype:trojan-activity; sid:38003851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urheamd.com"; flow:to_server,established; http.header; content: "Host|3a| urheamd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheamd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urheamd.com"; flow:to_server,established; http.header; content:"urheamd.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname rojdingserijridhsjbalsisgser04.pages.dev"; dns.query; content:"rojdingserijridhsjbalsisgser04.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rojdingserijridhsjbalsisgser04\.pages\.dev$/i"; classtype:trojan-activity; sid:38003881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname rojdingserijridhsjbalsisgser04.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| rojdingserijridhsjbalsisgser04.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rojdingserijridhsjbalsisgser04\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//rojdingserijridhsjbalsisgser04.pages.dev"; flow:to_server,established; http.header; content:"rojdingserijridhsjbalsisgser04.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname vip1.jiaoyangzxvip.com"; dns.query; content:"vip1.jiaoyangzxvip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vip1\.jiaoyangzxvip\.com$/i"; classtype:trojan-activity; sid:38003911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname vip1.jiaoyangzxvip.com"; flow:to_server,established; http.header; content: "Host|3a| vip1.jiaoyangzxvip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vip1\.jiaoyangzxvip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//vip1.jiaoyangzxvip.com"; flow:to_server,established; http.header; content:"vip1.jiaoyangzxvip.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname imtoken-qm.pro"; dns.query; content:"imtoken-qm.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qm\.pro$/i"; classtype:trojan-activity; sid:38003941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname imtoken-qm.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-qm.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qm\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003942; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//imtoken-qm.pro"; flow:to_server,established; http.header; content:"imtoken-qm.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname decentralizationserver.pages.dev"; dns.query; content:"decentralizationserver.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])decentralizationserver\.pages\.dev$/i"; classtype:trojan-activity; sid:38003971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname decentralizationserver.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| decentralizationserver.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])decentralizationserver\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38003972; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//decentralizationserver.pages.dev"; flow:to_server,established; http.header; content:"decentralizationserver.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38003981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname iran-ir.sbs"; dns.query; content:"iran-ir.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iran\-ir\.sbs$/i"; classtype:trojan-activity; sid:38004001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname iran-ir.sbs"; flow:to_server,established; http.header; content: "Host|3a| iran-ir.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iran\-ir\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname pub-c5e2dbb58028490685ab5f7a51d147da.r2.dev"; dns.query; content:"pub-c5e2dbb58028490685ab5f7a51d147da.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-c5e2dbb58028490685ab5f7a51d147da\.r2\.dev$/i"; classtype:trojan-activity; sid:38004031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname pub-c5e2dbb58028490685ab5f7a51d147da.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-c5e2dbb58028490685ab5f7a51d147da.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-c5e2dbb58028490685ab5f7a51d147da\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//pub-c5e2dbb58028490685ab5f7a51d147da.r2.dev/index2.html"; flow:to_server,established; http.header; content:"pub-c5e2dbb58028490685ab5f7a51d147da.r2.dev"; fast_pattern; nocase; http.uri; content:"/index2.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname striich.pics"; dns.query; content:"striich.pics"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])striich\.pics$/i"; classtype:trojan-activity; sid:38004061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname striich.pics"; flow:to_server,established; http.header; content: "Host|3a| striich.pics"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])striich\.pics[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004062; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname urshjaywernaedgagerfwsdhvxiuegghdu1.pages.dev"; dns.query; content:"urshjaywernaedgagerfwsdhvxiuegghdu1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urshjaywernaedgagerfwsdhvxiuegghdu1\.pages\.dev$/i"; classtype:trojan-activity; sid:38004091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname urshjaywernaedgagerfwsdhvxiuegghdu1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| urshjaywernaedgagerfwsdhvxiuegghdu1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urshjaywernaedgagerfwsdhvxiuegghdu1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004092; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//urshjaywernaedgagerfwsdhvxiuegghdu1.pages.dev"; flow:to_server,established; http.header; content:"urshjaywernaedgagerfwsdhvxiuegghdu1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname dhsaoiudslehgaiuyafgjk4.pages.dev"; dns.query; content:"dhsaoiudslehgaiuyafgjk4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhsaoiudslehgaiuyafgjk4\.pages\.dev$/i"; classtype:trojan-activity; sid:38004121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname dhsaoiudslehgaiuyafgjk4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dhsaoiudslehgaiuyafgjk4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhsaoiudslehgaiuyafgjk4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//dhsaoiudslehgaiuyafgjk4.pages.dev"; flow:to_server,established; http.header; content:"dhsaoiudslehgaiuyafgjk4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname esiuedhobrveosguarogdjboines4.pages.dev"; dns.query; content:"esiuedhobrveosguarogdjboines4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])esiuedhobrveosguarogdjboines4\.pages\.dev$/i"; classtype:trojan-activity; sid:38004151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname esiuedhobrveosguarogdjboines4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| esiuedhobrveosguarogdjboines4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])esiuedhobrveosguarogdjboines4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//esiuedhobrveosguarogdjboines4.pages.dev"; flow:to_server,established; http.header; content:"esiuedhobrveosguarogdjboines4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname sabisejergaerrsetanspesaiue2.pages.dev"; dns.query; content:"sabisejergaerrsetanspesaiue2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sabisejergaerrsetanspesaiue2\.pages\.dev$/i"; classtype:trojan-activity; sid:38004181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname sabisejergaerrsetanspesaiue2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sabisejergaerrsetanspesaiue2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sabisejergaerrsetanspesaiue2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//sabisejergaerrsetanspesaiue2.pages.dev"; flow:to_server,established; http.header; content:"sabisejergaerrsetanspesaiue2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname gsz8-qnz.all-net.cfd"; dns.query; content:"gsz8-qnz.all-net.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gsz8\-qnz\.all\-net\.cfd$/i"; classtype:trojan-activity; sid:38004211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname gsz8-qnz.all-net.cfd"; flow:to_server,established; http.header; content: "Host|3a| gsz8-qnz.all-net.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gsz8\-qnz\.all\-net\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//gsz8-qnz.all-net.cfd"; flow:to_server,established; http.header; content:"gsz8-qnz.all-net.cfd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname dhsaoiudslehgaiuyafgjk3.pages.dev"; dns.query; content:"dhsaoiudslehgaiuyafgjk3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhsaoiudslehgaiuyafgjk3\.pages\.dev$/i"; classtype:trojan-activity; sid:38004241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname dhsaoiudslehgaiuyafgjk3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dhsaoiudslehgaiuyafgjk3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhsaoiudslehgaiuyafgjk3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//dhsaoiudslehgaiuyafgjk3.pages.dev"; flow:to_server,established; http.header; content:"dhsaoiudslehgaiuyafgjk3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ambildisinigraris.xerrc.my.id"; dns.query; content:"ambildisinigraris.xerrc.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ambildisinigraris\.xerrc\.my\.id$/i"; classtype:trojan-activity; sid:38004271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ambildisinigraris.xerrc.my.id"; flow:to_server,established; http.header; content: "Host|3a| ambildisinigraris.xerrc.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ambildisinigraris\.xerrc\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//ambildisinigraris.xerrc.my.id"; flow:to_server,established; http.header; content:"ambildisinigraris.xerrc.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname vip.jiaoyangzxvip.com"; dns.query; content:"vip.jiaoyangzxvip.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vip\.jiaoyangzxvip\.com$/i"; classtype:trojan-activity; sid:38004301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname vip.jiaoyangzxvip.com"; flow:to_server,established; http.header; content: "Host|3a| vip.jiaoyangzxvip.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vip\.jiaoyangzxvip\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//vip.jiaoyangzxvip.com"; flow:to_server,established; http.header; content:"vip.jiaoyangzxvip.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname aosieh.efilles.my.id"; dns.query; content:"aosieh.efilles.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aosieh\.efilles\.my\.id$/i"; classtype:trojan-activity; sid:38004331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname aosieh.efilles.my.id"; flow:to_server,established; http.header; content: "Host|3a| aosieh.efilles.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aosieh\.efilles\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//aosieh.efilles.my.id"; flow:to_server,established; http.header; content:"aosieh.efilles.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname waterwinug.pages.dev"; dns.query; content:"waterwinug.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])waterwinug\.pages\.dev$/i"; classtype:trojan-activity; sid:38004361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname waterwinug.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| waterwinug.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])waterwinug\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//waterwinug.pages.dev"; flow:to_server,established; http.header; content:"waterwinug.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname imtoken-qo.pro"; dns.query; content:"imtoken-qo.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qo\.pro$/i"; classtype:trojan-activity; sid:38004391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname imtoken-qo.pro"; flow:to_server,established; http.header; content: "Host|3a| imtoken-qo.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-qo\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//imtoken-qo.pro"; flow:to_server,established; http.header; content:"imtoken-qo.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname imtookenc.cc"; dns.query; content:"imtookenc.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtookenc\.cc$/i"; classtype:trojan-activity; sid:38004421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname imtookenc.cc"; flow:to_server,established; http.header; content: "Host|3a| imtookenc.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtookenc\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//imtookenc.cc"; flow:to_server,established; http.header; content:"imtookenc.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname retojsbronfrs01.pages.dev"; dns.query; content:"retojsbronfrs01.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])retojsbronfrs01\.pages\.dev$/i"; classtype:trojan-activity; sid:38004451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname retojsbronfrs01.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| retojsbronfrs01.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])retojsbronfrs01\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//retojsbronfrs01.pages.dev"; flow:to_server,established; http.header; content:"retojsbronfrs01.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname offberryt.top"; dns.query; content:"offberryt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])offberryt\.top$/i"; classtype:trojan-activity; sid:38004481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname offberryt.top"; flow:to_server,established; http.header; content: "Host|3a| offberryt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])offberryt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//offberryt.top"; flow:to_server,established; http.header; content:"offberryt.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname rxp8-sn.all-net.cfd"; dns.query; content:"rxp8-sn.all-net.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rxp8\-sn\.all\-net\.cfd$/i"; classtype:trojan-activity; sid:38004511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname rxp8-sn.all-net.cfd"; flow:to_server,established; http.header; content: "Host|3a| rxp8-sn.all-net.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rxp8\-sn\.all\-net\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//rxp8-sn.all-net.cfd"; flow:to_server,established; http.header; content:"rxp8-sn.all-net.cfd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname asjwj.efilles.my.id"; dns.query; content:"asjwj.efilles.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asjwj\.efilles\.my\.id$/i"; classtype:trojan-activity; sid:38004541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname asjwj.efilles.my.id"; flow:to_server,established; http.header; content: "Host|3a| asjwj.efilles.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])asjwj\.efilles\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004542; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//asjwj.efilles.my.id"; flow:to_server,established; http.header; content:"asjwj.efilles.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname raji-6xs.pages.dev"; dns.query; content:"raji-6xs.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])raji\-6xs\.pages\.dev$/i"; classtype:trojan-activity; sid:38004571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname raji-6xs.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| raji-6xs.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])raji\-6xs\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//raji-6xs.pages.dev"; flow:to_server,established; http.header; content:"raji-6xs.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname waegjehonceprinnsadhg3.pages.dev"; dns.query; content:"waegjehonceprinnsadhg3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])waegjehonceprinnsadhg3\.pages\.dev$/i"; classtype:trojan-activity; sid:38004601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname waegjehonceprinnsadhg3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| waegjehonceprinnsadhg3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])waegjehonceprinnsadhg3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//waegjehonceprinnsadhg3.pages.dev"; flow:to_server,established; http.header; content:"waegjehonceprinnsadhg3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname mail.wholesalekitchens.co.nz"; dns.query; content:"mail.wholesalekitchens.co.nz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.wholesalekitchens\.co\.nz$/i"; classtype:trojan-activity; sid:38004631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname mail.wholesalekitchens.co.nz"; flow:to_server,established; http.header; content: "Host|3a| mail.wholesalekitchens.co.nz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.wholesalekitchens\.co\.nz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//mail.wholesalekitchens.co.nz"; flow:to_server,established; http.header; content:"mail.wholesalekitchens.co.nz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname webmailserverautnethicationdomainhostingwebmailserver04.pages.dev"; dns.query; content:"webmailserverautnethicationdomainhostingwebmailserver04.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmailserverautnethicationdomainhostingwebmailserver04\.pages\.dev$/i"; classtype:trojan-activity; sid:38004661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname webmailserverautnethicationdomainhostingwebmailserver04.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| webmailserverautnethicationdomainhostingwebmailserver04.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmailserverautnethicationdomainhostingwebmailserver04\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004662; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//webmailserverautnethicationdomainhostingwebmailserver04.pages.dev"; flow:to_server,established; http.header; content:"webmailserverautnethicationdomainhostingwebmailserver04.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 2.u.dj777.top"; dns.query; content:"2.u.dj777.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2\.u\.dj777\.top$/i"; classtype:trojan-activity; sid:38004691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 2.u.dj777.top"; flow:to_server,established; http.header; content: "Host|3a| 2.u.dj777.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2\.u\.dj777\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//2.u.dj777.top"; flow:to_server,established; http.header; content:"2.u.dj777.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname bjgsar.dtcgm.biz.id"; dns.query; content:"bjgsar.dtcgm.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bjgsar\.dtcgm\.biz\.id$/i"; classtype:trojan-activity; sid:38004721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname bjgsar.dtcgm.biz.id"; flow:to_server,established; http.header; content: "Host|3a| bjgsar.dtcgm.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bjgsar\.dtcgm\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//bjgsar.dtcgm.biz.id"; flow:to_server,established; http.header; content:"bjgsar.dtcgm.biz.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname yellow-recipe-c615.wl5n4b9b.workers.dev"; dns.query; content:"yellow-recipe-c615.wl5n4b9b.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yellow\-recipe\-c615\.wl5n4b9b\.workers\.dev$/i"; classtype:trojan-activity; sid:38004751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname yellow-recipe-c615.wl5n4b9b.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| yellow-recipe-c615.wl5n4b9b.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yellow\-recipe\-c615\.wl5n4b9b\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//yellow-recipe-c615.wl5n4b9b.workers.dev/"; flow:to_server,established; http.header; content:"yellow-recipe-c615.wl5n4b9b.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname mcsharepoint.com"; dns.query; content:"mcsharepoint.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mcsharepoint\.com$/i"; classtype:trojan-activity; sid:38004781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname mcsharepoint.com"; flow:to_server,established; http.header; content: "Host|3a| mcsharepoint.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mcsharepoint\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname explanationmailserverdomainsertisfing1.pages.dev"; dns.query; content:"explanationmailserverdomainsertisfing1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])explanationmailserverdomainsertisfing1\.pages\.dev$/i"; classtype:trojan-activity; sid:38004811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname explanationmailserverdomainsertisfing1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| explanationmailserverdomainsertisfing1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])explanationmailserverdomainsertisfing1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//explanationmailserverdomainsertisfing1.pages.dev"; flow:to_server,established; http.header; content:"explanationmailserverdomainsertisfing1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname nmhytjtrggguidhfvibisflbhfdifdd.pages.dev"; dns.query; content:"nmhytjtrggguidhfvibisflbhfdifdd.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nmhytjtrggguidhfvibisflbhfdifdd\.pages\.dev$/i"; classtype:trojan-activity; sid:38004841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname nmhytjtrggguidhfvibisflbhfdifdd.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nmhytjtrggguidhfvibisflbhfdifdd.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nmhytjtrggguidhfvibisflbhfdifdd\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//nmhytjtrggguidhfvibisflbhfdifdd.pages.dev"; flow:to_server,established; http.header; content:"nmhytjtrggguidhfvibisflbhfdifdd.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname m.teiegrom-xd.com"; dns.query; content:"m.teiegrom-xd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.teiegrom\-xd\.com$/i"; classtype:trojan-activity; sid:38004871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname m.teiegrom-xd.com"; flow:to_server,established; http.header; content: "Host|3a| m.teiegrom-xd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.teiegrom\-xd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//m.teiegrom-xd.com"; flow:to_server,established; http.header; content:"m.teiegrom-xd.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname 38cpv.cc"; dns.query; content:"38cpv.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])38cpv\.cc$/i"; classtype:trojan-activity; sid:38004901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname 38cpv.cc"; flow:to_server,established; http.header; content: "Host|3a| 38cpv.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])38cpv\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//38cpv.cc"; flow:to_server,established; http.header; content:"38cpv.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname teiegrom-xc.com"; dns.query; content:"teiegrom-xc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegrom\-xc\.com$/i"; classtype:trojan-activity; sid:38004931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname teiegrom-xc.com"; flow:to_server,established; http.header; content: "Host|3a| teiegrom-xc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegrom\-xc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004932; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//teiegrom-xc.com"; flow:to_server,established; http.header; content:"teiegrom-xc.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname usijddklsohdshsgdkjau4.pages.dev"; dns.query; content:"usijddklsohdshsgdkjau4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usijddklsohdshsgdkjau4\.pages\.dev$/i"; classtype:trojan-activity; sid:38004961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname usijddklsohdshsgdkjau4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| usijddklsohdshsgdkjau4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usijddklsohdshsgdkjau4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//usijddklsohdshsgdkjau4.pages.dev"; flow:to_server,established; http.header; content:"usijddklsohdshsgdkjau4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38004971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname telegramsxxxss.freechatlonely.com"; dns.query; content:"telegramsxxxss.freechatlonely.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsxxxss\.freechatlonely\.com$/i"; classtype:trojan-activity; sid:38004991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname telegramsxxxss.freechatlonely.com"; flow:to_server,established; http.header; content: "Host|3a| telegramsxxxss.freechatlonely.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsxxxss\.freechatlonely\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38004992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//telegramsxxxss.freechatlonely.com"; flow:to_server,established; http.header; content:"telegramsxxxss.freechatlonely.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname dhv3ee.terbaiik.com"; dns.query; content:"dhv3ee.terbaiik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhv3ee\.terbaiik\.com$/i"; classtype:trojan-activity; sid:38005021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname dhv3ee.terbaiik.com"; flow:to_server,established; http.header; content: "Host|3a| dhv3ee.terbaiik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhv3ee\.terbaiik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005022; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//dhv3ee.terbaiik.com"; flow:to_server,established; http.header; content:"dhv3ee.terbaiik.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname dug3ys.terbaiik.com"; dns.query; content:"dug3ys.terbaiik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dug3ys\.terbaiik\.com$/i"; classtype:trojan-activity; sid:38005051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname dug3ys.terbaiik.com"; flow:to_server,established; http.header; content: "Host|3a| dug3ys.terbaiik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dug3ys\.terbaiik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//dug3ys.terbaiik.com"; flow:to_server,established; http.header; content:"dug3ys.terbaiik.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname h3yfsx.dgwt.my.id"; dns.query; content:"h3yfsx.dgwt.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h3yfsx\.dgwt\.my\.id$/i"; classtype:trojan-activity; sid:38005081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname h3yfsx.dgwt.my.id"; flow:to_server,established; http.header; content: "Host|3a| h3yfsx.dgwt.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h3yfsx\.dgwt\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//h3yfsx.dgwt.my.id"; flow:to_server,established; http.header; content:"h3yfsx.dgwt.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname djb3ukd.terbaiik.com"; dns.query; content:"djb3ukd.terbaiik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djb3ukd\.terbaiik\.com$/i"; classtype:trojan-activity; sid:38005111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname djb3ukd.terbaiik.com"; flow:to_server,established; http.header; content: "Host|3a| djb3ukd.terbaiik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djb3ukd\.terbaiik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//djb3ukd.terbaiik.com"; flow:to_server,established; http.header; content:"djb3ukd.terbaiik.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname dhv3u.terbaiik.com"; dns.query; content:"dhv3u.terbaiik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhv3u\.terbaiik\.com$/i"; classtype:trojan-activity; sid:38005141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname dhv3u.terbaiik.com"; flow:to_server,established; http.header; content: "Host|3a| dhv3u.terbaiik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhv3u\.terbaiik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005142; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//dhv3u.terbaiik.com"; flow:to_server,established; http.header; content:"dhv3u.terbaiik.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname htrewrtknbvcfsazsqwerertyujlnbgfryfcb.pages.dev"; dns.query; content:"htrewrtknbvcfsazsqwerertyujlnbgfryfcb.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])htrewrtknbvcfsazsqwerertyujlnbgfryfcb\.pages\.dev$/i"; classtype:trojan-activity; sid:38005171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname htrewrtknbvcfsazsqwerertyujlnbgfryfcb.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| htrewrtknbvcfsazsqwerertyujlnbgfryfcb.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])htrewrtknbvcfsazsqwerertyujlnbgfryfcb\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//htrewrtknbvcfsazsqwerertyujlnbgfryfcb.pages.dev"; flow:to_server,established; http.header; content:"htrewrtknbvcfsazsqwerertyujlnbgfryfcb.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname hsfdeuit4jkremnfvehbhbteiiebv.pages.dev"; dns.query; content:"hsfdeuit4jkremnfvehbhbteiiebv.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hsfdeuit4jkremnfvehbhbteiiebv\.pages\.dev$/i"; classtype:trojan-activity; sid:38005201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname hsfdeuit4jkremnfvehbhbteiiebv.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hsfdeuit4jkremnfvehbhbteiiebv.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hsfdeuit4jkremnfvehbhbteiiebv\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//hsfdeuit4jkremnfvehbhbteiiebv.pages.dev"; flow:to_server,established; http.header; content:"hsfdeuit4jkremnfvehbhbteiiebv.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname marketfbookplace-item.frigoeng.com"; dns.query; content:"marketfbookplace-item.frigoeng.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marketfbookplace\-item\.frigoeng\.com$/i"; classtype:trojan-activity; sid:38005231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname marketfbookplace-item.frigoeng.com"; flow:to_server,established; http.header; content: "Host|3a| marketfbookplace-item.frigoeng.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marketfbookplace\-item\.frigoeng\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//www.marketfbookplace-item.frigoeng.com"; flow:to_server,established; http.header; content:"www.marketfbookplace-item.frigoeng.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname worker-yellow-tree-7422.michealphill03.workers.dev"; dns.query; content:"worker-yellow-tree-7422.michealphill03.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-yellow\-tree\-7422\.michealphill03\.workers\.dev$/i"; classtype:trojan-activity; sid:38005261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname worker-yellow-tree-7422.michealphill03.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-yellow-tree-7422.michealphill03.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-yellow\-tree\-7422\.michealphill03\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//worker-yellow-tree-7422.michealphill03.workers.dev"; flow:to_server,established; http.header; content:"worker-yellow-tree-7422.michealphill03.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ussp.usspvv.top"; dns.query; content:"ussp.usspvv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.usspvv\.top$/i"; classtype:trojan-activity; sid:38005291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ussp.usspvv.top"; flow:to_server,established; http.header; content: "Host|3a| ussp.usspvv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.usspvv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//ussp.usspvv.top/pg?do=index"; flow:to_server,established; http.header; content:"ussp.usspvv.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ussp.usspkz.top"; dns.query; content:"ussp.usspkz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.usspkz\.top$/i"; classtype:trojan-activity; sid:38005321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ussp.usspkz.top"; flow:to_server,established; http.header; content: "Host|3a| ussp.usspkz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.usspkz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//ussp.usspkz.top/pg?do=index"; flow:to_server,established; http.header; content:"ussp.usspkz.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ussp.uspsal.top"; dns.query; content:"ussp.uspsal.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.uspsal\.top$/i"; classtype:trojan-activity; sid:38005351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ussp.uspsal.top"; flow:to_server,established; http.header; content: "Host|3a| ussp.uspsal.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.uspsal\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//ussp.uspsal.top/pg?do=index"; flow:to_server,established; http.header; content:"ussp.uspsal.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname unbouncepages.com"; dns.query; content:"unbouncepages.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unbouncepages\.com$/i"; classtype:trojan-activity; sid:38005381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname unbouncepages.com"; flow:to_server,established; http.header; content: "Host|3a| unbouncepages.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unbouncepages\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//unbouncepages.com/345454-1"; flow:to_server,established; http.header; content:"unbouncepages.com"; fast_pattern; nocase; http.uri; content:"/345454-1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname tree-ahead-syrup.glitch.me"; dns.query; content:"tree-ahead-syrup.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tree\-ahead\-syrup\.glitch\.me$/i"; classtype:trojan-activity; sid:38005411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname tree-ahead-syrup.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| tree-ahead-syrup.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tree\-ahead\-syrup\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//tree-ahead-syrup.glitch.me/oud.html"; flow:to_server,established; http.header; content:"tree-ahead-syrup.glitch.me"; fast_pattern; nocase; http.uri; content:"/oud.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ybdaa7.suzyy.biz.id"; dns.query; content:"ybdaa7.suzyy.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ybdaa7\.suzyy\.biz\.id$/i"; classtype:trojan-activity; sid:38005441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ybdaa7.suzyy.biz.id"; flow:to_server,established; http.header; content: "Host|3a| ybdaa7.suzyy.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ybdaa7\.suzyy\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname xn--service-rpublicain-jwb.com"; dns.query; content:"xn--service-rpublicain-jwb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xn\-\-service\-rpublicain\-jwb\.com$/i"; classtype:trojan-activity; sid:38005471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname xn--service-rpublicain-jwb.com"; flow:to_server,established; http.header; content: "Host|3a| xn--service-rpublicain-jwb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xn\-\-service\-rpublicain\-jwb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname worker-yellow-tree-7422.michealphill03.workers.dev"; dns.query; content:"worker-yellow-tree-7422.michealphill03.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-yellow\-tree\-7422\.michealphill03\.workers\.dev$/i"; classtype:trojan-activity; sid:38005501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname worker-yellow-tree-7422.michealphill03.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-yellow-tree-7422.michealphill03.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-yellow\-tree\-7422\.michealphill03\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname verify.ftechblog.xyz"; dns.query; content:"verify.ftechblog.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\.ftechblog\.xyz$/i"; classtype:trojan-activity; sid:38005531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname verify.ftechblog.xyz"; flow:to_server,established; http.header; content: "Host|3a| verify.ftechblog.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\.ftechblog\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005532; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert ip $HOME_NET any -> 5.75.213.155 80 (msg: "MISP e27591 [c2,Vidar] Outgoing To IP: 5.75.213.155|80"; classtype:trojan-activity; sid:37964861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 5.75.213.155 443 (msg: "MISP e27591 [c2,Vidar] Outgoing To IP: 5.75.213.155|443"; classtype:trojan-activity; sid:37964871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 5.42.92.73 8081 (msg: "MISP e27591 [c2,Risepro] Outgoing To IP: 5.42.92.73|8081"; classtype:trojan-activity; sid:37964881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 147.45.40.66 50555 (msg: "MISP e27591 [c2,hook] Outgoing To IP: 147.45.40.66|50555"; classtype:trojan-activity; sid:37964891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname ahinmakdhaewa1.pages.dev"; dns.query; content:"ahinmakdhaewa1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ahinmakdhaewa1\.pages\.dev$/i"; classtype:trojan-activity; sid:38005561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname ahinmakdhaewa1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ahinmakdhaewa1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ahinmakdhaewa1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//ahinmakdhaewa1.pages.dev"; flow:to_server,established; http.header; content:"ahinmakdhaewa1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27590 [] Domain estado.accesoclientes.info"; dns.query; content:"estado.accesoclientes.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info$/i"; classtype:trojan-activity; sid:37963051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27590;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27590 [] Outgoing HTTP Domain estado.accesoclientes.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado.accesoclientes.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37963052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27590;) alert ip $HOME_NET any -> 107.172.31.19 8823 (msg: "MISP e27591 [RAT,RemcosRAT] Outgoing To IP: 107.172.31.19|8823"; classtype:trojan-activity; sid:37964901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27591 [Pony] Outgoing URL http|3a|//www.techlift.com.my/jsjs/gate.php"; flow:to_server,established; http.header; content:"www.techlift.com.my"; fast_pattern; nocase; http.uri; content:"/jsjs/gate.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 62.109.11.10 $HTTP_PORTS (msg: "MISP e27591 [dcrat] Outgoing URL http|3a|//62.109.11.10/dle4/javascriptrequestsecurecpuserversqlbaseflowerasynccdn.php"; flow:to_server,established; http.header; content:"62.109.11.10"; fast_pattern; nocase; http.uri; content:"/dle4/javascriptrequestsecurecpuserversqlbaseflowerasynccdn.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37964921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert ip $HOME_NET any -> 15.235.130.29 60237 (msg: "MISP e27591 [c2,sliver] Outgoing To IP: 15.235.130.29|60237"; classtype:trojan-activity; sid:37964931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27591;) alert http $HOME_NET any -> 62.109.11.10 $HTTP_PORTS (msg: "MISP e27627 [dcrat] Outgoing URL http|3a|//62.109.11.10/dle4/JavascriptrequestSecurecpuServersqlBaseFlowerasynccdn.php"; flow:to_server,established; http.header; content:"62.109.11.10"; fast_pattern; nocase; http.uri; content:"/dle4/JavascriptrequestSecurecpuServersqlBaseFlowerasynccdn.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37995131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27627;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:38005591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//egfyua-winter-sea-8755.smilingpurple.workers.dev/5320fb14-6136-468b-a1e6-45e275dd5b13"; flow:to_server,established; http.header; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; http.uri; content:"/5320fb14-6136-468b-a1e6-45e275dd5b13"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:38005621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//egfyua-winter-sea-8755.smilingpurple.workers.dev/a7d66321-c897-4ded-9fbe-30e05ddaa578"; flow:to_server,established; http.header; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; http.uri; content:"/a7d66321-c897-4ded-9fbe-30e05ddaa578"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname azul-ca0.pages.dev"; dns.query; content:"azul-ca0.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])azul\-ca0\.pages\.dev$/i"; classtype:trojan-activity; sid:38005651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname azul-ca0.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| azul-ca0.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])azul\-ca0\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005652; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//azul-ca0.pages.dev/n********************************@e********.c**.co"; flow:to_server,established; http.header; content:"azul-ca0.pages.dev"; fast_pattern; nocase; http.uri; content:"/n********************************@e********.c**.co"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname webmail.tree-mail.com"; dns.query; content:"webmail.tree-mail.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\.tree\-mail\.com$/i"; classtype:trojan-activity; sid:38005681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname webmail.tree-mail.com"; flow:to_server,established; http.header; content: "Host|3a| webmail.tree-mail.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmail\.tree\-mail\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//webmail.tree-mail.com/owa"; flow:to_server,established; http.header; content:"webmail.tree-mail.com"; fast_pattern; nocase; http.uri; content:"/owa"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname fgsrtd5.pages.dev"; dns.query; content:"fgsrtd5.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fgsrtd5\.pages\.dev$/i"; classtype:trojan-activity; sid:38005711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname fgsrtd5.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fgsrtd5.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fgsrtd5\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//fgsrtd5.pages.dev"; flow:to_server,established; http.header; content:"fgsrtd5.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname worker-holy-lake-e761.donnittaalexander.workers.dev"; dns.query; content:"worker-holy-lake-e761.donnittaalexander.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-holy\-lake\-e761\.donnittaalexander\.workers\.dev$/i"; classtype:trojan-activity; sid:38005741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname worker-holy-lake-e761.donnittaalexander.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-holy-lake-e761.donnittaalexander.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-holy\-lake\-e761\.donnittaalexander\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//worker-holy-lake-e761.donnittaalexander.workers.dev"; flow:to_server,established; http.header; content:"worker-holy-lake-e761.donnittaalexander.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert dns any any -> any any (msg: "MISP e27631 [] Hostname tokenpocket-tpnvu.com"; dns.query; content:"tokenpocket-tpnvu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpnvu\.com$/i"; classtype:trojan-activity; sid:38005771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27631 [] Outgoing HTTP Hostname tokenpocket-tpnvu.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpocket-tpnvu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpnvu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38005772; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27631 [] Outgoing URL http|3a|//tokenpocket-tpnvu.com"; flow:to_server,established; http.header; content:"tokenpocket-tpnvu.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38005781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27631;) alert ip $HOME_NET any -> 3.125.209.94 12353 (msg: "MISP e27596 [njrat] Outgoing To IP: 3.125.209.94|12353"; classtype:trojan-activity; sid:37965401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 3.124.142.205 12353 (msg: "MISP e27596 [njrat] Outgoing To IP: 3.124.142.205|12353"; classtype:trojan-activity; sid:37965411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 18.192.31.165 12353 (msg: "MISP e27596 [njrat] Outgoing To IP: 18.192.31.165|12353"; classtype:trojan-activity; sid:37965421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 135.181.10.212 27222 (msg: "MISP e27596 [RedLineStealer] Outgoing To IP: 135.181.10.212|27222"; classtype:trojan-activity; sid:37965431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip 213.89.216.193 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.89.216.193"; classtype:trojan-activity; sid:37969661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 186.250.47.238 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.250.47.238"; classtype:trojan-activity; sid:37969671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 82.199.197.245 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.199.197.245"; classtype:trojan-activity; sid:37969681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 46.232.165.208 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.232.165.208"; classtype:trojan-activity; sid:37969691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.156.204.72 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.204.72"; classtype:trojan-activity; sid:37969701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 107.151.241.20 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.151.241.20"; classtype:trojan-activity; sid:37969711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.140.225.242 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.140.225.242"; classtype:trojan-activity; sid:37969721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.175.191 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.175.191"; classtype:trojan-activity; sid:37969731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 219.152.52.221 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.152.52.221"; classtype:trojan-activity; sid:37969741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 92.32.59.165 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.32.59.165"; classtype:trojan-activity; sid:37969751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.124.196.184 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.124.196.184"; classtype:trojan-activity; sid:37969761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.18.46 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.18.46"; classtype:trojan-activity; sid:37969771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.48.214 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.48.214"; classtype:trojan-activity; sid:37969781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 146.56.213.213 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.56.213.213"; classtype:trojan-activity; sid:37969791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.223.157.172 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.157.172"; classtype:trojan-activity; sid:37969801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 45.233.58.140 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.233.58.140"; classtype:trojan-activity; sid:37969811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 90.227.196.232 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 90.227.196.232"; classtype:trojan-activity; sid:37969821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 74.234.146.205 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.234.146.205"; classtype:trojan-activity; sid:37969831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.128.141.79 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.141.79"; classtype:trojan-activity; sid:37969841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.159.149.178 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.149.178"; classtype:trojan-activity; sid:37969851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.112.166.76 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.112.166.76"; classtype:trojan-activity; sid:37969861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.178.210 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.178.210"; classtype:trojan-activity; sid:37969871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.170.86.94 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.170.86.94"; classtype:trojan-activity; sid:37969881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 201.185.10.58 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.185.10.58"; classtype:trojan-activity; sid:37969891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 42.192.86.137 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.86.137"; classtype:trojan-activity; sid:37969901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 134.17.16.40 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.17.16.40"; classtype:trojan-activity; sid:37969911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.145.163.221 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.145.163.221"; classtype:trojan-activity; sid:37969921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.137.18.165 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.137.18.165"; classtype:trojan-activity; sid:37969931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.221.214.86 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.214.86"; classtype:trojan-activity; sid:37969941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 5.56.132.81 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.56.132.81"; classtype:trojan-activity; sid:37969951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 64.225.17.80 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.225.17.80"; classtype:trojan-activity; sid:37969961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.83.142 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.83.142"; classtype:trojan-activity; sid:37969971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.223.59.243 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.59.243"; classtype:trojan-activity; sid:37969981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.158.1.176 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.1.176"; classtype:trojan-activity; sid:37969991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.5.62 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.5.62"; classtype:trojan-activity; sid:37970001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 42.51.20.14 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.20.14"; classtype:trojan-activity; sid:37970011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 218.24.54.32 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.24.54.32"; classtype:trojan-activity; sid:37970021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 49.51.195.69 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.195.69"; classtype:trojan-activity; sid:37970031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.169.62 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.169.62"; classtype:trojan-activity; sid:37970041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 134.209.97.29 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.97.29"; classtype:trojan-activity; sid:37970051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 64.23.157.69 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.157.69"; classtype:trojan-activity; sid:37970061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 159.223.37.210 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.37.210"; classtype:trojan-activity; sid:37970071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 49.175.35.79 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.175.35.79"; classtype:trojan-activity; sid:37970081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 146.190.222.176 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.222.176"; classtype:trojan-activity; sid:37970091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 37.32.15.209 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.32.15.209"; classtype:trojan-activity; sid:37970101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.195.236.38 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.195.236.38"; classtype:trojan-activity; sid:37970111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 42.192.119.148 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.119.148"; classtype:trojan-activity; sid:37970121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.171.84.7 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.171.84.7"; classtype:trojan-activity; sid:37970131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.130.42.91 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.42.91"; classtype:trojan-activity; sid:37970141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 87.251.66.78 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.251.66.78"; classtype:trojan-activity; sid:37970151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 190.28.91.197 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.28.91.197"; classtype:trojan-activity; sid:37970161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 193.176.31.99 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.176.31.99"; classtype:trojan-activity; sid:37970171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 139.59.120.249 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.120.249"; classtype:trojan-activity; sid:37970181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 198.23.167.213 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.23.167.213"; classtype:trojan-activity; sid:37970191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 154.6.93.132 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.6.93.132"; classtype:trojan-activity; sid:37970201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 62.171.133.117 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.171.133.117"; classtype:trojan-activity; sid:37970211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 211.223.96.54 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.223.96.54"; classtype:trojan-activity; sid:37970221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 82.146.59.222 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.146.59.222"; classtype:trojan-activity; sid:37970231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.30.209 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.30.209"; classtype:trojan-activity; sid:37970241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.207.166 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.207.166"; classtype:trojan-activity; sid:37970251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 49.234.32.136 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.234.32.136"; classtype:trojan-activity; sid:37970261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.216.116.44 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.216.116.44"; classtype:trojan-activity; sid:37970271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.131.240.230 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.240.230"; classtype:trojan-activity; sid:37970281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.45.239.65 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.45.239.65"; classtype:trojan-activity; sid:37970291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 74.48.219.238 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.219.238"; classtype:trojan-activity; sid:37970301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.27.119 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.27.119"; classtype:trojan-activity; sid:37970311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.52.114.20 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.52.114.20"; classtype:trojan-activity; sid:37970321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.226.216.189 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.226.216.189"; classtype:trojan-activity; sid:37970331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.106.104.91 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.106.104.91"; classtype:trojan-activity; sid:37970341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 203.12.203.114 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.12.203.114"; classtype:trojan-activity; sid:37970351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 164.92.96.88 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.96.88"; classtype:trojan-activity; sid:37970361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 158.220.121.44 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.220.121.44"; classtype:trojan-activity; sid:37970371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.222.30.145 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.30.145"; classtype:trojan-activity; sid:37970381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 154.8.178.250 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.8.178.250"; classtype:trojan-activity; sid:37970391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.138.85.23 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.85.23"; classtype:trojan-activity; sid:37970401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.221.56.127 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.56.127"; classtype:trojan-activity; sid:37970411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 123.193.240.226 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.193.240.226"; classtype:trojan-activity; sid:37970421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 92.205.238.242 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.205.238.242"; classtype:trojan-activity; sid:37970431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 139.59.23.154 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.23.154"; classtype:trojan-activity; sid:37970441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 186.233.210.86 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.233.210.86"; classtype:trojan-activity; sid:37970451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.154.154.166 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.154.166"; classtype:trojan-activity; sid:37970461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.220.53.188 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.53.188"; classtype:trojan-activity; sid:37970471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 66.94.106.42 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.94.106.42"; classtype:trojan-activity; sid:37970481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 80.218.229.42 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.218.229.42"; classtype:trojan-activity; sid:37970491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 170.64.211.165 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.211.165"; classtype:trojan-activity; sid:37970501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 186.237.243.183 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.237.243.183"; classtype:trojan-activity; sid:37970511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 49.51.102.206 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.102.206"; classtype:trojan-activity; sid:37970521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.34.56.43 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.56.43"; classtype:trojan-activity; sid:37970531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.222.104.226 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.104.226"; classtype:trojan-activity; sid:37970541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 62.3.42.164 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.3.42.164"; classtype:trojan-activity; sid:37970551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 152.136.206.54 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.206.54"; classtype:trojan-activity; sid:37970561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 122.180.244.219 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.180.244.219"; classtype:trojan-activity; sid:37970571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 218.29.8.41 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.29.8.41"; classtype:trojan-activity; sid:37970581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 183.82.100.141 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.82.100.141"; classtype:trojan-activity; sid:37970591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 14.155.107.213 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.155.107.213"; classtype:trojan-activity; sid:37970601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.54.212.205 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.212.205"; classtype:trojan-activity; sid:37970611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 74.48.101.123 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.48.101.123"; classtype:trojan-activity; sid:37970621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 119.96.100.222 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.100.222"; classtype:trojan-activity; sid:37970631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.131.251.29 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.251.29"; classtype:trojan-activity; sid:37970641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 175.178.184.202 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.184.202"; classtype:trojan-activity; sid:37970651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 175.27.235.72 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.27.235.72"; classtype:trojan-activity; sid:37970661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.158.124.243 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.124.243"; classtype:trojan-activity; sid:37970671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 74.208.42.223 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.208.42.223"; classtype:trojan-activity; sid:37970681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.54.210.244 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.210.244"; classtype:trojan-activity; sid:37970691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.131.245.109 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.245.109"; classtype:trojan-activity; sid:37970701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 139.59.127.178 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.127.178"; classtype:trojan-activity; sid:37970711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 202.137.130.150 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.137.130.150"; classtype:trojan-activity; sid:37970721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 42.236.120.28 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.236.120.28"; classtype:trojan-activity; sid:37970731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 168.194.15.110 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.194.15.110"; classtype:trojan-activity; sid:37970741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 180.179.9.26 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.179.9.26"; classtype:trojan-activity; sid:37970751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 89.37.173.89 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.37.173.89"; classtype:trojan-activity; sid:37970761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.250.46 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.250.46"; classtype:trojan-activity; sid:37970771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 135.125.161.70 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 135.125.161.70"; classtype:trojan-activity; sid:37970781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.109.203.182 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.203.182"; classtype:trojan-activity; sid:37970791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 49.235.191.204 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.235.191.204"; classtype:trojan-activity; sid:37970801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.160.148.170 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.160.148.170"; classtype:trojan-activity; sid:37970811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.130.11.180 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.11.180"; classtype:trojan-activity; sid:37970821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 170.0.235.253 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.0.235.253"; classtype:trojan-activity; sid:37970831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.0.54.85 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.0.54.85"; classtype:trojan-activity; sid:37970841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 161.132.38.35 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.132.38.35"; classtype:trojan-activity; sid:37970851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 41.63.0.127 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 41.63.0.127"; classtype:trojan-activity; sid:37970861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 156.236.70.41 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.236.70.41"; classtype:trojan-activity; sid:37970871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 156.225.148.180 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 156.225.148.180"; classtype:trojan-activity; sid:37970881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 1.14.93.77 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.93.77"; classtype:trojan-activity; sid:37970891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 36.103.227.136 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.103.227.136"; classtype:trojan-activity; sid:37970901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 121.227.152.250 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.227.152.250"; classtype:trojan-activity; sid:37970911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 42.193.181.34 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.193.181.34"; classtype:trojan-activity; sid:37970921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.138.0.199 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.0.199"; classtype:trojan-activity; sid:37970931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 203.98.76.172 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.98.76.172"; classtype:trojan-activity; sid:37970941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.32.239.87 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.32.239.87"; classtype:trojan-activity; sid:37970951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 178.40.10.77 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.40.10.77"; classtype:trojan-activity; sid:37970961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.155.173.162 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.173.162"; classtype:trojan-activity; sid:37970971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 129.226.83.30 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.83.30"; classtype:trojan-activity; sid:37970981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 117.239.253.153 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.239.253.153"; classtype:trojan-activity; sid:37970991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.153.186 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.153.186"; classtype:trojan-activity; sid:37971001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 202.157.186.98 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.157.186.98"; classtype:trojan-activity; sid:37971011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 82.156.150.54 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.150.54"; classtype:trojan-activity; sid:37971021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 168.75.92.86 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.75.92.86"; classtype:trojan-activity; sid:37971031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 183.91.4.228 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.91.4.228"; classtype:trojan-activity; sid:37971041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 1.117.59.110 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.59.110"; classtype:trojan-activity; sid:37971051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 194.116.214.228 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.116.214.228"; classtype:trojan-activity; sid:37971061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 148.66.132.204 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.66.132.204"; classtype:trojan-activity; sid:37971071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 159.203.175.40 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.203.175.40"; classtype:trojan-activity; sid:37971081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 192.210.196.66 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.210.196.66"; classtype:trojan-activity; sid:37971091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 148.72.247.54 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 148.72.247.54"; classtype:trojan-activity; sid:37971101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.54.244 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.54.244"; classtype:trojan-activity; sid:37971111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.234.180 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.234.180"; classtype:trojan-activity; sid:37971121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 217.196.107.194 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.196.107.194"; classtype:trojan-activity; sid:37971131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.51.227 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.51.227"; classtype:trojan-activity; sid:37971141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 121.161.77.147 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.161.77.147"; classtype:trojan-activity; sid:37971151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 36.108.172.220 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.108.172.220"; classtype:trojan-activity; sid:37971161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 36.66.16.233 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.66.16.233"; classtype:trojan-activity; sid:37971171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.35.252.142 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.252.142"; classtype:trojan-activity; sid:37971181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.54.215.125 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.54.215.125"; classtype:trojan-activity; sid:37971191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 132.248.103.50 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.248.103.50"; classtype:trojan-activity; sid:37971201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.136.176.218 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.176.218"; classtype:trojan-activity; sid:37971211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 14.103.35.58 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.35.58"; classtype:trojan-activity; sid:37971221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 119.29.106.59 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.106.59"; classtype:trojan-activity; sid:37971231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.175.79 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.175.79"; classtype:trojan-activity; sid:37971241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 159.65.114.62 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.114.62"; classtype:trojan-activity; sid:37971251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 111.231.25.221 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.231.25.221"; classtype:trojan-activity; sid:37971261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 36.137.191.182 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.191.182"; classtype:trojan-activity; sid:37971271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 31.133.98.8 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.133.98.8"; classtype:trojan-activity; sid:37971281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 119.160.192.75 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.160.192.75"; classtype:trojan-activity; sid:37971291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 58.221.62.195 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.221.62.195"; classtype:trojan-activity; sid:37971301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 147.50.103.212 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.50.103.212"; classtype:trojan-activity; sid:37971311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.135.182.15 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.182.15"; classtype:trojan-activity; sid:37971321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 196.127.128.52 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.127.128.52"; classtype:trojan-activity; sid:37971331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 111.53.87.28 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.53.87.28"; classtype:trojan-activity; sid:37971341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 36.134.203.156 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.134.203.156"; classtype:trojan-activity; sid:37971351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.100.211.166 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.100.211.166"; classtype:trojan-activity; sid:37971361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.116.96 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.116.96"; classtype:trojan-activity; sid:37971371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.200.217.5 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.200.217.5"; classtype:trojan-activity; sid:37971381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.135.158.203 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.158.203"; classtype:trojan-activity; sid:37971391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 36.71.207.10 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.71.207.10"; classtype:trojan-activity; sid:37971401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 114.132.244.59 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.244.59"; classtype:trojan-activity; sid:37971411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 23.94.120.100 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.120.100"; classtype:trojan-activity; sid:37971421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.156.206.84 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.84"; classtype:trojan-activity; sid:37971431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 94.254.99.97 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.254.99.97"; classtype:trojan-activity; sid:37971441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.210.59 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.210.59"; classtype:trojan-activity; sid:37971451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.115.24.11 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.115.24.11"; classtype:trojan-activity; sid:37971461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 206.189.135.113 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.135.113"; classtype:trojan-activity; sid:37971471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 120.33.34.49 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.33.34.49"; classtype:trojan-activity; sid:37971481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.43.155.178 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.155.178"; classtype:trojan-activity; sid:37971491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 203.204.241.100 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.204.241.100"; classtype:trojan-activity; sid:37971501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.58.180.187 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.180.187"; classtype:trojan-activity; sid:37971511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 62.234.20.205 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.20.205"; classtype:trojan-activity; sid:37971521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 58.27.95.2 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.27.95.2"; classtype:trojan-activity; sid:37971531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 109.247.129.89 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.247.129.89"; classtype:trojan-activity; sid:37971541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 202.137.26.6 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.137.26.6"; classtype:trojan-activity; sid:37971551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 118.195.175.130 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.175.130"; classtype:trojan-activity; sid:37971561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.155.159.34 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.159.34"; classtype:trojan-activity; sid:37971571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 173.255.254.136 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.255.254.136"; classtype:trojan-activity; sid:37971581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.42.149.56 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.149.56"; classtype:trojan-activity; sid:37971591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 164.68.98.76 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.68.98.76"; classtype:trojan-activity; sid:37971601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.43.160.129 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.160.129"; classtype:trojan-activity; sid:37971611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.109.244.185 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.244.185"; classtype:trojan-activity; sid:37971621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 123.31.20.81 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.31.20.81"; classtype:trojan-activity; sid:37971631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 113.125.9.250 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.125.9.250"; classtype:trojan-activity; sid:37971641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.129.40.83 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.40.83"; classtype:trojan-activity; sid:37971651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.220.165.94 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.165.94"; classtype:trojan-activity; sid:37971661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.109.195.101 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.195.101"; classtype:trojan-activity; sid:37971671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 121.229.42.86 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.229.42.86"; classtype:trojan-activity; sid:37971681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.163.219.169 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.219.169"; classtype:trojan-activity; sid:37971691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 85.114.138.242 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.114.138.242"; classtype:trojan-activity; sid:37971701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 170.106.107.252 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.107.252"; classtype:trojan-activity; sid:37971711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.163.205.189 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.205.189"; classtype:trojan-activity; sid:37971721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 212.227.51.209 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.227.51.209"; classtype:trojan-activity; sid:37971731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 165.22.39.218 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.39.218"; classtype:trojan-activity; sid:37971741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 110.42.140.155 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.140.155"; classtype:trojan-activity; sid:37971751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 61.50.119.110 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.50.119.110"; classtype:trojan-activity; sid:37971761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.35.255.83 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.255.83"; classtype:trojan-activity; sid:37971771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 128.199.69.78 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.69.78"; classtype:trojan-activity; sid:37971781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.46.154 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.46.154"; classtype:trojan-activity; sid:37971791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 157.230.25.101 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.25.101"; classtype:trojan-activity; sid:37971801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.96.13 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.96.13"; classtype:trojan-activity; sid:37971811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 115.159.118.94 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.159.118.94"; classtype:trojan-activity; sid:37971821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 107.173.40.116 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.40.116"; classtype:trojan-activity; sid:37971831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 202.188.109.48 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.188.109.48"; classtype:trojan-activity; sid:37971841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 1.12.220.225 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.220.225"; classtype:trojan-activity; sid:37971851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.109.198.246 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.198.246"; classtype:trojan-activity; sid:37971861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 36.40.69.55 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.40.69.55"; classtype:trojan-activity; sid:37971871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 91.80.137.127 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.80.137.127"; classtype:trojan-activity; sid:37971881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 192.232.193.247 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.232.193.247"; classtype:trojan-activity; sid:37971891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.73.115.124 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.73.115.124"; classtype:trojan-activity; sid:37971901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 176.236.226.171 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.236.226.171"; classtype:trojan-activity; sid:37971911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 107.172.79.28 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.79.28"; classtype:trojan-activity; sid:37971921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.95.31.212 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.95.31.212"; classtype:trojan-activity; sid:37971931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.131.4.186 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.4.186"; classtype:trojan-activity; sid:37971941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 177.73.255.18 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.73.255.18"; classtype:trojan-activity; sid:37971951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.249.184.157 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.249.184.157"; classtype:trojan-activity; sid:37971961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 36.137.53.76 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.137.53.76"; classtype:trojan-activity; sid:37971971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 152.32.249.30 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.249.30"; classtype:trojan-activity; sid:37971981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.16.109 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.16.109"; classtype:trojan-activity; sid:37971991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.180.212 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.180.212"; classtype:trojan-activity; sid:37972001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 190.81.117.162 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.81.117.162"; classtype:trojan-activity; sid:37972011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.222.218.189 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.218.189"; classtype:trojan-activity; sid:37972021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 175.170.149.29 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.170.149.29"; classtype:trojan-activity; sid:37972031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.17.254 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.17.254"; classtype:trojan-activity; sid:37972041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 5.189.128.109 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.189.128.109"; classtype:trojan-activity; sid:37972051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 160.251.200.107 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 160.251.200.107"; classtype:trojan-activity; sid:37972061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.43.210.115 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.210.115"; classtype:trojan-activity; sid:37972071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 123.241.18.242 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.241.18.242"; classtype:trojan-activity; sid:37972081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.30.195.6 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.30.195.6"; classtype:trojan-activity; sid:37972091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.33.74 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.33.74"; classtype:trojan-activity; sid:37972101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 162.240.149.176 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.240.149.176"; classtype:trojan-activity; sid:37972111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 23.158.56.251 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.158.56.251"; classtype:trojan-activity; sid:37972121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.133.35.46 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.35.46"; classtype:trojan-activity; sid:37972131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 117.50.175.172 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.175.172"; classtype:trojan-activity; sid:37972141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 119.29.84.119 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.29.84.119"; classtype:trojan-activity; sid:37972151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.159.59.128 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.59.128"; classtype:trojan-activity; sid:37972161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.221.136.106 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.136.106"; classtype:trojan-activity; sid:37972171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.188.177.46 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.188.177.46"; classtype:trojan-activity; sid:37972181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 190.129.122.86 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.129.122.86"; classtype:trojan-activity; sid:37972191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 107.151.248.200 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.151.248.200"; classtype:trojan-activity; sid:37972201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.222.16.86 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.16.86"; classtype:trojan-activity; sid:37972211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.130.253.72 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.253.72"; classtype:trojan-activity; sid:37972221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.81.85.216 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.81.85.216"; classtype:trojan-activity; sid:37972231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.163.244.40 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.244.40"; classtype:trojan-activity; sid:37972241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 159.65.91.105 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.91.105"; classtype:trojan-activity; sid:37972251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 179.104.67.226 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.104.67.226"; classtype:trojan-activity; sid:37972261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 157.245.218.29 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.218.29"; classtype:trojan-activity; sid:37972271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.221.144.193 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.144.193"; classtype:trojan-activity; sid:37972281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 122.225.28.209 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.225.28.209"; classtype:trojan-activity; sid:37972291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 198.23.149.3 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.23.149.3"; classtype:trojan-activity; sid:37972301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 20.193.128.146 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.193.128.146"; classtype:trojan-activity; sid:37972311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 58.87.95.240 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.87.95.240"; classtype:trojan-activity; sid:37972321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.136.217.243 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.217.243"; classtype:trojan-activity; sid:37972331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.174.103.90 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.174.103.90"; classtype:trojan-activity; sid:37972341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.174.163 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.174.163"; classtype:trojan-activity; sid:37972351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 77.128.201.189 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.128.201.189"; classtype:trojan-activity; sid:37972361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 177.204.155.227 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.204.155.227"; classtype:trojan-activity; sid:37972371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 201.0.76.40 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.0.76.40"; classtype:trojan-activity; sid:37972381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.163.201.158 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.201.158"; classtype:trojan-activity; sid:37972391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 183.111.66.59 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.111.66.59"; classtype:trojan-activity; sid:37972401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 82.157.30.176 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.30.176"; classtype:trojan-activity; sid:37972411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 168.167.228.123 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.167.228.123"; classtype:trojan-activity; sid:37972421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 112.120.89.161 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.120.89.161"; classtype:trojan-activity; sid:37972431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.55.33.76 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.55.33.76"; classtype:trojan-activity; sid:37972441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 80.66.75.92 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.66.75.92"; classtype:trojan-activity; sid:37972451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 170.64.211.164 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.211.164"; classtype:trojan-activity; sid:37972461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.223.47.191 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.223.47.191"; classtype:trojan-activity; sid:37972471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 152.136.119.137 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.119.137"; classtype:trojan-activity; sid:37972481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.34.211.195 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.211.195"; classtype:trojan-activity; sid:37972491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.70.79 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.70.79"; classtype:trojan-activity; sid:37972501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 38.207.178.112 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.207.178.112"; classtype:trojan-activity; sid:37972511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 62.234.49.53 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.49.53"; classtype:trojan-activity; sid:37972521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 122.51.51.79 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.51.51.79"; classtype:trojan-activity; sid:37972531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 111.230.249.106 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.230.249.106"; classtype:trojan-activity; sid:37972541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 159.75.122.80 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.122.80"; classtype:trojan-activity; sid:37972551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 132.232.100.125 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.232.100.125"; classtype:trojan-activity; sid:37972561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.139.83 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.139.83"; classtype:trojan-activity; sid:37972571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.109.196.134 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.196.134"; classtype:trojan-activity; sid:37972581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 203.56.121.201 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.56.121.201"; classtype:trojan-activity; sid:37972591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.67.198.122 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.67.198.122"; classtype:trojan-activity; sid:37972601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.109.84.218 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.84.218"; classtype:trojan-activity; sid:37972611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.156.213.118 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.213.118"; classtype:trojan-activity; sid:37972621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 59.36.254.224 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.36.254.224"; classtype:trojan-activity; sid:37972631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 109.199.101.179 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.199.101.179"; classtype:trojan-activity; sid:37972641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 183.56.241.3 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.241.3"; classtype:trojan-activity; sid:37972651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.118.228 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.118.228"; classtype:trojan-activity; sid:37972661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 89.208.221.235 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.208.221.235"; classtype:trojan-activity; sid:37972671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 119.27.180.103 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.27.180.103"; classtype:trojan-activity; sid:37972681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 170.64.211.163 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.211.163"; classtype:trojan-activity; sid:37972691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 154.72.69.42 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.72.69.42"; classtype:trojan-activity; sid:37972701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.25.106 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.25.106"; classtype:trojan-activity; sid:37972711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 65.109.217.138 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.109.217.138"; classtype:trojan-activity; sid:37972721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 159.223.55.122 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.223.55.122"; classtype:trojan-activity; sid:37972731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.131.247.111 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.247.111"; classtype:trojan-activity; sid:37972741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.174.136.146 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.174.136.146"; classtype:trojan-activity; sid:37972751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.133.197.152 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.197.152"; classtype:trojan-activity; sid:37972761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 3.101.56.50 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 3.101.56.50"; classtype:trojan-activity; sid:37972771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 144.126.128.229 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.126.128.229"; classtype:trojan-activity; sid:37972781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.200.122.231 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.200.122.231"; classtype:trojan-activity; sid:37972791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 91.205.24.147 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.205.24.147"; classtype:trojan-activity; sid:37972801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 116.98.170.223 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.98.170.223"; classtype:trojan-activity; sid:37972811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 139.59.92.218 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.92.218"; classtype:trojan-activity; sid:37972821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 183.132.154.147 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.132.154.147"; classtype:trojan-activity; sid:37972831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 58.22.61.221 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.22.61.221"; classtype:trojan-activity; sid:37972841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.189.89 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.189.89"; classtype:trojan-activity; sid:37972851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.42.254.10 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.254.10"; classtype:trojan-activity; sid:37972861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.232.209 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.232.209"; classtype:trojan-activity; sid:37972871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 196.220.67.231 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 196.220.67.231"; classtype:trojan-activity; sid:37972881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 1.13.197.147 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.13.197.147"; classtype:trojan-activity; sid:37972891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 82.157.20.7 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.20.7"; classtype:trojan-activity; sid:37972901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.177.119 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.177.119"; classtype:trojan-activity; sid:37972911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.34.209.225 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.209.225"; classtype:trojan-activity; sid:37972921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 114.96.71.150 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.96.71.150"; classtype:trojan-activity; sid:37972931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 104.236.67.121 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.67.121"; classtype:trojan-activity; sid:37972941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.163.216.158 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.216.158"; classtype:trojan-activity; sid:37972951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 80.249.146.240 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.249.146.240"; classtype:trojan-activity; sid:37972961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.135.179.181 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.179.181"; classtype:trojan-activity; sid:37972971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 123.125.11.1 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.125.11.1"; classtype:trojan-activity; sid:37972981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.43.122.203 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.122.203"; classtype:trojan-activity; sid:37972991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 206.189.16.103 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 206.189.16.103"; classtype:trojan-activity; sid:37973001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 179.27.60.57 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.27.60.57"; classtype:trojan-activity; sid:37973011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 24.152.119.78 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 24.152.119.78"; classtype:trojan-activity; sid:37973021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 211.253.10.96 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.253.10.96"; classtype:trojan-activity; sid:37973031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.156.211.148 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.211.148"; classtype:trojan-activity; sid:37973041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 59.120.122.64 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.120.122.64"; classtype:trojan-activity; sid:37973051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 86.104.38.239 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 86.104.38.239"; classtype:trojan-activity; sid:37973061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 170.64.211.168 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.211.168"; classtype:trojan-activity; sid:37973071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 129.226.194.131 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.194.131"; classtype:trojan-activity; sid:37973081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.138.152.236 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.152.236"; classtype:trojan-activity; sid:37973091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.52.3.234 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.3.234"; classtype:trojan-activity; sid:37973101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 34.100.196.103 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.100.196.103"; classtype:trojan-activity; sid:37973111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 14.103.44.200 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.44.200"; classtype:trojan-activity; sid:37973121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.53.217.219 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.217.219"; classtype:trojan-activity; sid:37973131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 2.87.178.211 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.87.178.211"; classtype:trojan-activity; sid:37973141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 117.72.12.205 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.72.12.205"; classtype:trojan-activity; sid:37973151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.240.248 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.240.248"; classtype:trojan-activity; sid:37973161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 46.121.218.126 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.121.218.126"; classtype:trojan-activity; sid:37973171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.241.132.10 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.241.132.10"; classtype:trojan-activity; sid:37973181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 129.226.193.173 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.193.173"; classtype:trojan-activity; sid:37973191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.132.212.32 any -> $HOME_NET any (msg: "MISP e27610 [] Incoming From IP: 43.132.212.32"; classtype:trojan-activity; sid:37973201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 112.64.33.38 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.64.33.38"; classtype:trojan-activity; sid:37973211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.158.12.47 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.12.47"; classtype:trojan-activity; sid:37973221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 64.226.76.30 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.226.76.30"; classtype:trojan-activity; sid:37973231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.135.161.42 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.161.42"; classtype:trojan-activity; sid:37973241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 192.81.223.240 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.81.223.240"; classtype:trojan-activity; sid:37973251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.43.179.10 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.179.10"; classtype:trojan-activity; sid:37973261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 66.249.155.244 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.249.155.244"; classtype:trojan-activity; sid:37973271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.142.236.101 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.236.101"; classtype:trojan-activity; sid:37973281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.133.47.86 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.47.86"; classtype:trojan-activity; sid:37973291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.253.175.77 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.253.175.77"; classtype:trojan-activity; sid:37973301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 36.155.114.62 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.155.114.62"; classtype:trojan-activity; sid:37973311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.177.244 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.177.244"; classtype:trojan-activity; sid:37973321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.156.97.62 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.97.62"; classtype:trojan-activity; sid:37973331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.105.15 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.105.15"; classtype:trojan-activity; sid:37973341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 167.172.33.138 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.172.33.138"; classtype:trojan-activity; sid:37973351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.77.154 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.77.154"; classtype:trojan-activity; sid:37973361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 111.229.21.111 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.21.111"; classtype:trojan-activity; sid:37973371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 147.182.194.131 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.182.194.131"; classtype:trojan-activity; sid:37973381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 51.255.167.42 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.255.167.42"; classtype:trojan-activity; sid:37973391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27596 [GCleaner] Outgoing URL http|3a|//ppp-gl.biz/stats/save.php"; flow:to_server,established; http.header; content:"ppp-gl.biz"; fast_pattern; nocase; http.uri; content:"/stats/save.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 213.109.192.46 443 (msg: "MISP e27596 [Backconnect] Outgoing To IP: 213.109.192.46|443"; classtype:trojan-activity; sid:37965451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 5.252.178.5 443 (msg: "MISP e27596 [Backconnect] Outgoing To IP: 5.252.178.5|443"; classtype:trojan-activity; sid:37965461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 45.134.9.140 443 (msg: "MISP e27596 [Havoc,LATITUDE-SH] Outgoing To IP: 45.134.9.140|443"; classtype:trojan-activity; sid:37965471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 185.130.46.164 443 (msg: "MISP e27596 [Havoc,PRIVEX] Outgoing To IP: 185.130.46.164|443"; classtype:trojan-activity; sid:37965481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 149.109.123.217 443 (msg: "MISP e27596 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 149.109.123.217|443"; classtype:trojan-activity; sid:37965491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 184.63.241.238 443 (msg: "MISP e27596 [QakBot,VIASAT-SP-BACKBONE] Outgoing To IP: 184.63.241.238|443"; classtype:trojan-activity; sid:37965501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 94.250.255.6 80 (msg: "MISP e27596 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 94.250.255.6|80"; classtype:trojan-activity; sid:37965511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> 43.153.173.61 80 (msg: "MISP e27596 [] Outgoing URL http|3a|//43.153.173.61|3a|80/5bae"; flow:to_server,established; http.header; content:"43.153.173.61"; fast_pattern; nocase; http.uri; content:"/5bae"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 43.248.188.181 9003 (msg: "MISP e27596 [] Outgoing To IP: 43.248.188.181|9003"; classtype:trojan-activity; sid:37965381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27596 [njrat,RAT] Domain zakifail.hopto.org"; dns.query; content:"zakifail.hopto.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])zakifail\.hopto\.org$/i"; classtype:trojan-activity; sid:37965361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [njrat,RAT] Outgoing HTTP Domain zakifail.hopto.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zakifail.hopto.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zakifail\.hopto\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 23.95.90.77 1234 (msg: "MISP e27596 [CobaltStrike] Outgoing To IP: 23.95.90.77|1234"; classtype:trojan-activity; sid:37965521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> 23.95.90.77 1234 (msg: "MISP e27596 [CobaltStrike] Outgoing URL http|3a|//23.95.90.77|3a|1234/mtrj"; flow:to_server,established; http.header; content:"23.95.90.77"; fast_pattern; nocase; http.uri; content:"/mtrj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27615 [] Hostname dutopupina.com"; dns.query; content:"dutopupina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dutopupina\.com$/i"; classtype:trojan-activity; sid:37977241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27615;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27615 [] Outgoing HTTP Hostname dutopupina.com"; flow:to_server,established; http.header; content: "Host|3a| dutopupina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dutopupina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27615;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27615 [] Outgoing URL http|3a|//dutopupina.com"; flow:to_server,established; http.header; content:"dutopupina.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27615;) alert ip $HOME_NET any -> 147.185.221.18 47077 (msg: "MISP e27596 [njrat] Outgoing To IP: 147.185.221.18|47077"; classtype:trojan-activity; sid:37965541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27592 [] Domain colsulta-web-banestadoapp.pages.dev"; dns.query; content:"colsulta-web-banestadoapp.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])colsulta\-web\-banestadoapp\.pages\.dev$/i"; classtype:trojan-activity; sid:37965001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27592;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27592 [] Outgoing HTTP Domain colsulta-web-banestadoapp.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"colsulta-web-banestadoapp.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])colsulta\-web\-banestadoapp\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27592;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27596 [dcrat] Outgoing URL http|3a|//a0927657.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"a0927657.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> 185.172.128.210 $HTTP_PORTS (msg: "MISP e27596 [Stealc] Outgoing URL http|3a|//185.172.128.210/f993692117a3fda2.php"; flow:to_server,established; http.header; content:"185.172.128.210"; fast_pattern; nocase; http.uri; content:"/f993692117a3fda2.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET 3333 (msg: "MISP e27596 [CobaltStrike,cs-watermark-987654321,Datacamp Limited] Outgoing URL http|3a|//arpa.giodnews.com|3a|3333/_/scs/mail-static/_/js/"; flow:to_server,established; http.header; content:"arpa.giodnews.com"; fast_pattern; nocase; http.uri; content:"/_/scs/mail-static/_/js/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27596 [CobaltStrike,cs-watermark-987654321,Datacamp Limited] Domain arpa.giodnews.com"; dns.query; content:"arpa.giodnews.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arpa\.giodnews\.com$/i"; classtype:trojan-activity; sid:37965601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [CobaltStrike,cs-watermark-987654321,Datacamp Limited] Outgoing HTTP Domain arpa.giodnews.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arpa.giodnews.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arpa\.giodnews\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET 3333 (msg: "MISP e27596 [CobaltStrike,cs-watermark-987654321,Datacamp Limited] Outgoing URL http|3a|//arpa.indiadreamdestinations.com|3a|3333/_/scs/mail-static/_/js/"; flow:to_server,established; http.header; content:"arpa.indiadreamdestinations.com"; fast_pattern; nocase; http.uri; content:"/_/scs/mail-static/_/js/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27596 [CobaltStrike,cs-watermark-987654321,Datacamp Limited] Domain arpa.indiadreamdestinations.com"; dns.query; content:"arpa.indiadreamdestinations.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])arpa\.indiadreamdestinations\.com$/i"; classtype:trojan-activity; sid:37965621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [CobaltStrike,cs-watermark-987654321,Datacamp Limited] Outgoing HTTP Domain arpa.indiadreamdestinations.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"arpa.indiadreamdestinations.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])arpa\.indiadreamdestinations\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e27596 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.110.130|3a|808/ca"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip 43.156.37.43 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.37.43"; classtype:trojan-activity; sid:37973401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 202.29.236.131 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.29.236.131"; classtype:trojan-activity; sid:37973411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 210.217.9.89 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.217.9.89"; classtype:trojan-activity; sid:37973421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 139.196.235.125 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.196.235.125"; classtype:trojan-activity; sid:37973431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 1.12.233.148 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.233.148"; classtype:trojan-activity; sid:37973441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.55.104.29 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.104.29"; classtype:trojan-activity; sid:37973451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 178.62.194.205 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.62.194.205"; classtype:trojan-activity; sid:37973461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.162.29.83 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.162.29.83"; classtype:trojan-activity; sid:37973471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 87.106.193.36 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.106.193.36"; classtype:trojan-activity; sid:37973481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 128.134.187.150 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.134.187.150"; classtype:trojan-activity; sid:37973491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 109.91.155.213 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.91.155.213"; classtype:trojan-activity; sid:37973501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 147.45.75.217 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.45.75.217"; classtype:trojan-activity; sid:37973511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 167.99.211.72 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.99.211.72"; classtype:trojan-activity; sid:37973521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.153.255.28 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.153.255.28"; classtype:trojan-activity; sid:37973531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.128.73.74 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.73.74"; classtype:trojan-activity; sid:37973541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.131.22.216 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.22.216"; classtype:trojan-activity; sid:37973551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.159.40.86 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.40.86"; classtype:trojan-activity; sid:37973561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 46.242.74.140 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.242.74.140"; classtype:trojan-activity; sid:37973571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 165.154.147.148 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.154.147.148"; classtype:trojan-activity; sid:37973581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 193.142.147.232 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.142.147.232"; classtype:trojan-activity; sid:37973591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 173.249.7.171 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.249.7.171"; classtype:trojan-activity; sid:37973601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 201.42.28.174 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.42.28.174"; classtype:trojan-activity; sid:37973611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 223.197.186.7 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.197.186.7"; classtype:trojan-activity; sid:37973621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.159.129.101 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.159.129.101"; classtype:trojan-activity; sid:37973631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.222.89.61 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.89.61"; classtype:trojan-activity; sid:37973641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.170.35.211 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.170.35.211"; classtype:trojan-activity; sid:37973651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 194.104.136.101 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.104.136.101"; classtype:trojan-activity; sid:37973661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 104.236.213.183 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.213.183"; classtype:trojan-activity; sid:37973671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.163.215.62 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.215.62"; classtype:trojan-activity; sid:37973681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 117.34.210.228 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.34.210.228"; classtype:trojan-activity; sid:37973691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 107.172.29.238 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.172.29.238"; classtype:trojan-activity; sid:37973701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.131.6.85 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.6.85"; classtype:trojan-activity; sid:37973711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 175.178.37.43 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.37.43"; classtype:trojan-activity; sid:37973721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 108.179.208.198 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 108.179.208.198"; classtype:trojan-activity; sid:37973731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.135.181.2 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.135.181.2"; classtype:trojan-activity; sid:37973741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 190.117.199.208 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.117.199.208"; classtype:trojan-activity; sid:37973751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.126.103.153 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.126.103.153"; classtype:trojan-activity; sid:37973761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 37.187.122.15 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.187.122.15"; classtype:trojan-activity; sid:37973771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.42.175.203 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.175.203"; classtype:trojan-activity; sid:37973781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 178.255.222.24 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.255.222.24"; classtype:trojan-activity; sid:37973791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 152.136.226.249 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.136.226.249"; classtype:trojan-activity; sid:37973801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 141.98.11.179 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.11.179"; classtype:trojan-activity; sid:37973811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 5.157.107.240 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.157.107.240"; classtype:trojan-activity; sid:37973821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 159.75.144.19 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.75.144.19"; classtype:trojan-activity; sid:37973831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 193.151.139.153 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.139.153"; classtype:trojan-activity; sid:37973841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.87.48.230 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.87.48.230"; classtype:trojan-activity; sid:37973851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 111.33.43.86 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.33.43.86"; classtype:trojan-activity; sid:37973861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 121.4.83.32 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.83.32"; classtype:trojan-activity; sid:37973871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 118.25.151.169 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.151.169"; classtype:trojan-activity; sid:37973881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 117.50.56.49 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.56.49"; classtype:trojan-activity; sid:37973891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 170.64.211.167 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.211.167"; classtype:trojan-activity; sid:37973901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 42.51.22.120 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.51.22.120"; classtype:trojan-activity; sid:37973911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 139.59.127.73 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.127.73"; classtype:trojan-activity; sid:37973921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 210.183.21.48 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.183.21.48"; classtype:trojan-activity; sid:37973931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.182.158.132 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.182.158.132"; classtype:trojan-activity; sid:37973941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 109.251.169.9 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.251.169.9"; classtype:trojan-activity; sid:37973951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 66.76.154.140 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.76.154.140"; classtype:trojan-activity; sid:37973961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 186.87.166.141 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.87.166.141"; classtype:trojan-activity; sid:37973971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.55.196.210 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.196.210"; classtype:trojan-activity; sid:37973981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.70.160 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.70.160"; classtype:trojan-activity; sid:37973991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.138.180.126 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.180.126"; classtype:trojan-activity; sid:37974001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 208.65.84.174 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 208.65.84.174"; classtype:trojan-activity; sid:37974011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 121.225.97.248 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.225.97.248"; classtype:trojan-activity; sid:37974021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.220.216.243 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.216.243"; classtype:trojan-activity; sid:37974031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 181.50.200.126 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.50.200.126"; classtype:trojan-activity; sid:37974041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 182.16.60.203 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.16.60.203"; classtype:trojan-activity; sid:37974051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 4.194.193.17 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 4.194.193.17"; classtype:trojan-activity; sid:37974061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 210.3.92.14 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.3.92.14"; classtype:trojan-activity; sid:37974071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.105.175 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.105.175"; classtype:trojan-activity; sid:37974081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.107.91 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.107.91"; classtype:trojan-activity; sid:37974091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 139.28.40.153 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.28.40.153"; classtype:trojan-activity; sid:37974101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 165.232.122.31 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.122.31"; classtype:trojan-activity; sid:37974111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.23.229.50 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.23.229.50"; classtype:trojan-activity; sid:37974121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 82.156.192.87 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.192.87"; classtype:trojan-activity; sid:37974131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.122.179 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.122.179"; classtype:trojan-activity; sid:37974141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 92.243.9.189 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.243.9.189"; classtype:trojan-activity; sid:37974151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 14.18.101.30 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.18.101.30"; classtype:trojan-activity; sid:37974161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 200.98.136.68 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.98.136.68"; classtype:trojan-activity; sid:37974171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.155.156.168 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.156.168"; classtype:trojan-activity; sid:37974181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 134.209.149.104 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.149.104"; classtype:trojan-activity; sid:37974191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.222.19.118 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.19.118"; classtype:trojan-activity; sid:37974201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.251.91.128 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.251.91.128"; classtype:trojan-activity; sid:37974211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.34.19.135 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.19.135"; classtype:trojan-activity; sid:37974221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 190.86.203.60 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.86.203.60"; classtype:trojan-activity; sid:37974231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 87.21.164.180 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.21.164.180"; classtype:trojan-activity; sid:37974241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 178.128.213.135 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.213.135"; classtype:trojan-activity; sid:37974251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.105.60 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.105.60"; classtype:trojan-activity; sid:37974261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.93.47 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.93.47"; classtype:trojan-activity; sid:37974271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.216.70.227 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.216.70.227"; classtype:trojan-activity; sid:37974281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 52.140.61.101 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 52.140.61.101"; classtype:trojan-activity; sid:37974291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 104.234.200.124 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.234.200.124"; classtype:trojan-activity; sid:37974301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.163.197.209 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.197.209"; classtype:trojan-activity; sid:37974311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 1.14.93.109 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.93.109"; classtype:trojan-activity; sid:37974321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 193.151.149.172 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.149.172"; classtype:trojan-activity; sid:37974331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 61.252.141.84 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.252.141.84"; classtype:trojan-activity; sid:37974341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.13.11.119 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.11.119"; classtype:trojan-activity; sid:37974351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 167.86.83.184 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.86.83.184"; classtype:trojan-activity; sid:37974361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 111.67.201.131 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.67.201.131"; classtype:trojan-activity; sid:37974371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 184.23.246.206 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.23.246.206"; classtype:trojan-activity; sid:37974381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.163.236.150 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.236.150"; classtype:trojan-activity; sid:37974391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.91.23 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.91.23"; classtype:trojan-activity; sid:37974401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 175.6.100.226 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.6.100.226"; classtype:trojan-activity; sid:37974411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 109.123.245.76 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.123.245.76"; classtype:trojan-activity; sid:37974421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 207.154.202.29 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.154.202.29"; classtype:trojan-activity; sid:37974431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 143.110.249.31 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.110.249.31"; classtype:trojan-activity; sid:37974441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.110.25.207 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.110.25.207"; classtype:trojan-activity; sid:37974451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 120.92.33.108 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.92.33.108"; classtype:trojan-activity; sid:37974461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 157.90.240.179 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.90.240.179"; classtype:trojan-activity; sid:37974471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 157.245.104.97 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.104.97"; classtype:trojan-activity; sid:37974481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 186.235.70.41 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.235.70.41"; classtype:trojan-activity; sid:37974491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.221.99.66 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.99.66"; classtype:trojan-activity; sid:37974501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 129.226.4.248 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.4.248"; classtype:trojan-activity; sid:37974511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 213.136.79.186 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.136.79.186"; classtype:trojan-activity; sid:37974521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 112.28.237.236 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.28.237.236"; classtype:trojan-activity; sid:37974531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.156.212.186 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.212.186"; classtype:trojan-activity; sid:37974541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 94.254.109.101 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.254.109.101"; classtype:trojan-activity; sid:37974551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 20.224.167.113 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.224.167.113"; classtype:trojan-activity; sid:37974561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert http $HOME_NET any -> 62.109.7.175 $HTTP_PORTS (msg: "MISP e27596 [dcrat] Outgoing URL http|3a|//62.109.7.175/83/process8/windowspipe3/trackjs2/2downloads2php/linesecure/serverrequestgeo/better1processor/pipedownloads5/uploadscdn/polllowapiprotectsqlwpdlecentraldownloads.php"; flow:to_server,established; http.header; content:"62.109.7.175"; fast_pattern; nocase; http.uri; content:"/83/process8/windowspipe3/trackjs2/2downloads2php/linesecure/serverrequestgeo/better1processor/pipedownloads5/uploadscdn/polllowapiprotectsqlwpdlecentraldownloads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip 43.131.31.97 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.31.97"; classtype:trojan-activity; sid:37974571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.96.232 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.96.232"; classtype:trojan-activity; sid:37974581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 104.250.50.50 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.50"; classtype:trojan-activity; sid:37974591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 82.157.139.234 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.139.234"; classtype:trojan-activity; sid:37974601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.115.104.50 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.115.104.50"; classtype:trojan-activity; sid:37974611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.156.202.51 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.202.51"; classtype:trojan-activity; sid:37974621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 64.227.7.1 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.7.1"; classtype:trojan-activity; sid:37974631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 45.45.224.72 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.45.224.72"; classtype:trojan-activity; sid:37974641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 104.131.167.19 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.131.167.19"; classtype:trojan-activity; sid:37974651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 202.145.0.90 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.145.0.90"; classtype:trojan-activity; sid:37974661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 165.227.109.251 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.109.251"; classtype:trojan-activity; sid:37974671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 37.238.159.139 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.238.159.139"; classtype:trojan-activity; sid:37974681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.142.150.229 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.142.150.229"; classtype:trojan-activity; sid:37974691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.12.204 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.12.204"; classtype:trojan-activity; sid:37974701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 191.5.55.18 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.5.55.18"; classtype:trojan-activity; sid:37974711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 122.114.199.71 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.114.199.71"; classtype:trojan-activity; sid:37974721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 14.103.25.183 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.25.183"; classtype:trojan-activity; sid:37974731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 14.225.208.92 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.225.208.92"; classtype:trojan-activity; sid:37974741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 62.234.50.55 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.50.55"; classtype:trojan-activity; sid:37974751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 160.154.94.42 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 160.154.94.42"; classtype:trojan-activity; sid:37974761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 110.40.212.99 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.40.212.99"; classtype:trojan-activity; sid:37974771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 212.33.198.185 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.33.198.185"; classtype:trojan-activity; sid:37974781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 117.50.187.144 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.187.144"; classtype:trojan-activity; sid:37974791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.156.197.192 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.197.192"; classtype:trojan-activity; sid:37974801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 46.107.214.210 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.107.214.210"; classtype:trojan-activity; sid:37974811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 139.198.153.50 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.198.153.50"; classtype:trojan-activity; sid:37974821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 1.117.87.203 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.87.203"; classtype:trojan-activity; sid:37974831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.191.79.84 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.191.79.84"; classtype:trojan-activity; sid:37974841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 78.94.76.242 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.94.76.242"; classtype:trojan-activity; sid:37974851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 83.40.233.75 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.40.233.75"; classtype:trojan-activity; sid:37974861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 64.23.157.83 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.23.157.83"; classtype:trojan-activity; sid:37974871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 143.198.91.98 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.91.98"; classtype:trojan-activity; sid:37974881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 5.189.172.146 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.189.172.146"; classtype:trojan-activity; sid:37974891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 84.247.128.93 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.247.128.93"; classtype:trojan-activity; sid:37974901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.109.149.87 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.149.87"; classtype:trojan-activity; sid:37974911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 175.178.70.121 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.178.70.121"; classtype:trojan-activity; sid:37974921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 140.246.211.161 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.246.211.161"; classtype:trojan-activity; sid:37974931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 172.206.216.164 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.206.216.164"; classtype:trojan-activity; sid:37974941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 14.103.41.223 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.41.223"; classtype:trojan-activity; sid:37974951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.43.127.47 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.127.47"; classtype:trojan-activity; sid:37974961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 111.67.196.57 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.67.196.57"; classtype:trojan-activity; sid:37974971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 23.95.169.119 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.95.169.119"; classtype:trojan-activity; sid:37974981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 91.197.78.253 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.197.78.253"; classtype:trojan-activity; sid:37974991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.223.165.214 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.165.214"; classtype:trojan-activity; sid:37975001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.130.26.185 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.130.26.185"; classtype:trojan-activity; sid:37975011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 221.226.39.202 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.226.39.202"; classtype:trojan-activity; sid:37975021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 162.19.248.235 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.19.248.235"; classtype:trojan-activity; sid:37975031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.159.133.19 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.133.19"; classtype:trojan-activity; sid:37975041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.107.112 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.107.112"; classtype:trojan-activity; sid:37975051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.193.139 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.193.139"; classtype:trojan-activity; sid:37975061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.31.225.246 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.31.225.246"; classtype:trojan-activity; sid:37975071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 111.21.195.10 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.21.195.10"; classtype:trojan-activity; sid:37975081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 217.63.207.197 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.63.207.197"; classtype:trojan-activity; sid:37975091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 117.50.119.25 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.50.119.25"; classtype:trojan-activity; sid:37975101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.230.138.17 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.230.138.17"; classtype:trojan-activity; sid:37975111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.138.80.39 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.138.80.39"; classtype:trojan-activity; sid:37975121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 27.11.84.101 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.11.84.101"; classtype:trojan-activity; sid:37975131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 184.171.255.66 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 184.171.255.66"; classtype:trojan-activity; sid:37975141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 125.160.11.46 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.160.11.46"; classtype:trojan-activity; sid:37975151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.143.20.89 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.20.89"; classtype:trojan-activity; sid:37975161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 134.209.42.7 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.42.7"; classtype:trojan-activity; sid:37975171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.143.175.139 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.175.139"; classtype:trojan-activity; sid:37975181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.249.184.36 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.249.184.36"; classtype:trojan-activity; sid:37975191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.222.90.138 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.90.138"; classtype:trojan-activity; sid:37975201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.221.225.109 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.225.109"; classtype:trojan-activity; sid:37975211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 119.247.180.22 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.247.180.22"; classtype:trojan-activity; sid:37975221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 193.112.200.6 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.112.200.6"; classtype:trojan-activity; sid:37975231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 58.119.1.146 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.119.1.146"; classtype:trojan-activity; sid:37975241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.67.20 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.67.20"; classtype:trojan-activity; sid:37975251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 198.244.246.73 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.244.246.73"; classtype:trojan-activity; sid:37975261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.33.73.168 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.73.168"; classtype:trojan-activity; sid:37975271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 170.106.199.89 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.199.89"; classtype:trojan-activity; sid:37975281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 189.190.123.245 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.190.123.245"; classtype:trojan-activity; sid:37975291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 49.51.180.127 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.180.127"; classtype:trojan-activity; sid:37975301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.224.149 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.224.149"; classtype:trojan-activity; sid:37975311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 180.76.140.66 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.76.140.66"; classtype:trojan-activity; sid:37975321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 96.231.100.190 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 96.231.100.190"; classtype:trojan-activity; sid:37975331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 49.51.189.248 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.189.248"; classtype:trojan-activity; sid:37975341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 118.25.105.205 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.25.105.205"; classtype:trojan-activity; sid:37975351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 36.92.107.106 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.92.107.106"; classtype:trojan-activity; sid:37975361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 125.99.173.162 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.99.173.162"; classtype:trojan-activity; sid:37975371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 217.196.106.229 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.196.106.229"; classtype:trojan-activity; sid:37975381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip $HOME_NET any -> 47.76.150.79 443 (msg: "MISP e27596 [Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-100000] Outgoing To IP: 47.76.150.79|443"; classtype:trojan-activity; sid:37965671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> 142.171.227.68 $HTTP_PORTS (msg: "MISP e27596 [CobaltStrike,cs-watermark-8848,MULTACOM CORPORATION] Outgoing URL http|3a|//142.171.227.68/c/msdownload/update/others/2020/12/29136388_"; flow:to_server,established; http.header; content:"142.171.227.68"; fast_pattern; nocase; http.uri; content:"/c/msdownload/update/others/2020/12/29136388_"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 142.171.227.68 80 (msg: "MISP e27596 [CobaltStrike,cs-watermark-8848,MULTACOM CORPORATION] Outgoing To IP: 142.171.227.68|80"; classtype:trojan-activity; sid:37965691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 142.171.227.68 443 (msg: "MISP e27596 [CobaltStrike,cs-watermark-8848,MULTACOM CORPORATION] Outgoing To IP: 142.171.227.68|443"; classtype:trojan-activity; sid:37965711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> 120.46.207.190 $HTTP_PORTS (msg: "MISP e27596 [CobaltStrike,cs-watermark-987654321,Huawei Cloud Service data center] Outgoing URL http|3a|//120.46.207.190/cx"; flow:to_server,established; http.header; content:"120.46.207.190"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 120.46.207.190 80 (msg: "MISP e27596 [CobaltStrike,cs-watermark-987654321,Huawei Cloud Service data center] Outgoing To IP: 120.46.207.190|80"; classtype:trojan-activity; sid:37965731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 146.19.233.250 443 (msg: "MISP e27596 [CobaltStrike,cs-watermark-987654321,STARK INDUSTRIES SOLUTIONS LTD] Outgoing To IP: 146.19.233.250|443"; classtype:trojan-activity; sid:37965751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> 47.76.150.79 $HTTP_PORTS (msg: "MISP e27596 [Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-100000] Outgoing URL http|3a|//47.76.150.79/ptj"; flow:to_server,established; http.header; content:"47.76.150.79"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 47.76.150.79 80 (msg: "MISP e27596 [Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-100000] Outgoing To IP: 47.76.150.79|80"; classtype:trojan-activity; sid:37965781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> 43.136.40.231 888 (msg: "MISP e27596 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//43.136.40.231|3a|888/www/handle/doc"; flow:to_server,established; http.header; content:"43.136.40.231"; fast_pattern; nocase; http.uri; content:"/www/handle/doc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37965791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 59.110.6.123 443 (msg: "MISP e27596 [CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing To IP: 59.110.6.123|443"; classtype:trojan-activity; sid:37965811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27596 [Amazon.com Inc.,CobaltStrike,cs-watermark-987654321] Domain 69uiu06es5.execute-api.us-east-1.amazonaws.com"; dns.query; content:"69uiu06es5.execute-api.us-east-1.amazonaws.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])69uiu06es5\.execute\-api\.us\-east\-1\.amazonaws\.com$/i"; classtype:trojan-activity; sid:37965831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [Amazon.com Inc.,CobaltStrike,cs-watermark-987654321] Outgoing HTTP Domain 69uiu06es5.execute-api.us-east-1.amazonaws.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"69uiu06es5.execute-api.us-east-1.amazonaws.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])69uiu06es5\.execute\-api\.us\-east\-1\.amazonaws\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 34.243.217.50 443 (msg: "MISP e27596 [Amazon.com Inc.,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 34.243.217.50|443"; classtype:trojan-activity; sid:37965841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 185.172.128.123 80 (msg: "MISP e27596 [Amos,Atomic Stealer,c2,macOS Stealer] Outgoing To IP: 185.172.128.123|80"; classtype:trojan-activity; sid:37965761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27596 [] Domain ipolastationplasma7class.net"; dns.query; content:"ipolastationplasma7class.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma7class\.net$/i"; classtype:trojan-activity; sid:37965901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [] Outgoing HTTP Domain ipolastationplasma7class.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipolastationplasma7class.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma7class\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27596 [] Domain ipolastationplasma8pla.com"; dns.query; content:"ipolastationplasma8pla.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma8pla\.com$/i"; classtype:trojan-activity; sid:37965911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [] Outgoing HTTP Domain ipolastationplasma8pla.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipolastationplasma8pla.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma8pla\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27596 [] Domain ipolastationplasma4samsung.net"; dns.query; content:"ipolastationplasma4samsung.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma4samsung\.net$/i"; classtype:trojan-activity; sid:37965881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [] Outgoing HTTP Domain ipolastationplasma4samsung.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipolastationplasma4samsung.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma4samsung\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27596 [] Domain ipolastationplasma5merc.com"; dns.query; content:"ipolastationplasma5merc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma5merc\.com$/i"; classtype:trojan-activity; sid:37965891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [] Outgoing HTTP Domain ipolastationplasma5merc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipolastationplasma5merc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma5merc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27596 [] Domain ipolastationplasma2ford.com"; dns.query; content:"ipolastationplasma2ford.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma2ford\.com$/i"; classtype:trojan-activity; sid:37965861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [] Outgoing HTTP Domain ipolastationplasma2ford.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipolastationplasma2ford.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma2ford\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27596 [] Domain ipolastationplasma3apple.net"; dns.query; content:"ipolastationplasma3apple.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma3apple\.net$/i"; classtype:trojan-activity; sid:37965871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [] Outgoing HTTP Domain ipolastationplasma3apple.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipolastationplasma3apple.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma3apple\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27596 [] Domain ipolastationplasma1bmx.net"; dns.query; content:"ipolastationplasma1bmx.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma1bmx\.net$/i"; classtype:trojan-activity; sid:37965851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [] Outgoing HTTP Domain ipolastationplasma1bmx.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipolastationplasma1bmx.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipolastationplasma1bmx\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27609 [] Domain maadsal.monster"; dns.query; content:"maadsal.monster"; nocase; pcre: "/(^|[^A-Za-z0-9-])maadsal\.monster$/i"; classtype:trojan-activity; sid:37969521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27609;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27609 [] Outgoing HTTP Domain maadsal.monster"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"maadsal.monster"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])maadsal\.monster[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37969522; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27609;) alert dns any any -> any any (msg: "MISP e27596 [Octo] Domain octopanel.cc"; dns.query; content:"octopanel.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])octopanel\.cc$/i"; classtype:trojan-activity; sid:37965921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [Octo] Outgoing HTTP Domain octopanel.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"octopanel.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])octopanel\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 142.202.240.134 5555 (msg: "MISP e27596 [c2,Venom] Outgoing To IP: 142.202.240.134|5555"; classtype:trojan-activity; sid:37965931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 138.201.82.227 4444 (msg: "MISP e27596 [c2,Venom] Outgoing To IP: 138.201.82.227|4444"; classtype:trojan-activity; sid:37965941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 193.233.132.159 8081 (msg: "MISP e27596 [c2,Risepro] Outgoing To IP: 193.233.132.159|8081"; classtype:trojan-activity; sid:37965951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 45.132.237.13 443 (msg: "MISP e27596 [c2,cobalt_strike] Outgoing To IP: 45.132.237.13|443"; classtype:trojan-activity; sid:37965961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 91.201.40.221 80 (msg: "MISP e27596 [c2,hook] Outgoing To IP: 91.201.40.221|80"; classtype:trojan-activity; sid:37965971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 142.93.140.199 31337 (msg: "MISP e27596 [c2,sliver] Outgoing To IP: 142.93.140.199|31337"; classtype:trojan-activity; sid:37965981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 2htdt.pages.dev"; dns.query; content:"2htdt.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2htdt\.pages\.dev$/i"; classtype:trojan-activity; sid:37977511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 2htdt.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 2htdt.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2htdt\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//2htdt.pages.dev"; flow:to_server,established; http.header; content:"2htdt.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname launchpadlpx-xyz.pages.dev"; dns.query; content:"launchpadlpx-xyz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])launchpadlpx\-xyz\.pages\.dev$/i"; classtype:trojan-activity; sid:37977551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname launchpadlpx-xyz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| launchpadlpx-xyz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])launchpadlpx\-xyz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//launchpadlpx-xyz.pages.dev"; flow:to_server,established; http.header; content:"launchpadlpx-xyz.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname yijfgyiusdhhvwerxokvenre2.pages.dev"; dns.query; content:"yijfgyiusdhhvwerxokvenre2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yijfgyiusdhhvwerxokvenre2\.pages\.dev$/i"; classtype:trojan-activity; sid:37977591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname yijfgyiusdhhvwerxokvenre2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yijfgyiusdhhvwerxokvenre2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yijfgyiusdhhvwerxokvenre2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//yijfgyiusdhhvwerxokvenre2.pages.dev"; flow:to_server,established; http.header; content:"yijfgyiusdhhvwerxokvenre2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.uspscheckshipping.top"; dns.query; content:"usps.uspscheckshipping.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.uspscheckshipping\.top$/i"; classtype:trojan-activity; sid:37977631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.uspscheckshipping.top"; flow:to_server,established; http.header; content: "Host|3a| usps.uspscheckshipping.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.uspscheckshipping\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//usps.uspscheckshipping.top"; flow:to_server,established; http.header; content:"usps.uspscheckshipping.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hostingproviderservicesmailserverauthenication3.pages.dev"; dns.query; content:"hostingproviderservicesmailserverauthenication3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hostingproviderservicesmailserverauthenication3\.pages\.dev$/i"; classtype:trojan-activity; sid:37977671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hostingproviderservicesmailserverauthenication3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hostingproviderservicesmailserverauthenication3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hostingproviderservicesmailserverauthenication3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//hostingproviderservicesmailserverauthenication3.pages.dev"; flow:to_server,established; http.header; content:"hostingproviderservicesmailserverauthenication3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ai-smartfixdecentralised.pages.dev"; dns.query; content:"ai-smartfixdecentralised.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ai\-smartfixdecentralised\.pages\.dev$/i"; classtype:trojan-activity; sid:37977711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ai-smartfixdecentralised.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ai-smartfixdecentralised.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ai\-smartfixdecentralised\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//ai-smartfixdecentralised.pages.dev"; flow:to_server,established; http.header; content:"ai-smartfixdecentralised.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname yijfgyiusdhhvwerxokvenre1.pages.dev"; dns.query; content:"yijfgyiusdhhvwerxokvenre1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yijfgyiusdhhvwerxokvenre1\.pages\.dev$/i"; classtype:trojan-activity; sid:37977751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname yijfgyiusdhhvwerxokvenre1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yijfgyiusdhhvwerxokvenre1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yijfgyiusdhhvwerxokvenre1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//yijfgyiusdhhvwerxokvenre1.pages.dev"; flow:to_server,established; http.header; content:"yijfgyiusdhhvwerxokvenre1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname vip.fauzivpn.my.id"; dns.query; content:"vip.fauzivpn.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vip\.fauzivpn\.my\.id$/i"; classtype:trojan-activity; sid:37977791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname vip.fauzivpn.my.id"; flow:to_server,established; http.header; content: "Host|3a| vip.fauzivpn.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vip\.fauzivpn\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//vip.fauzivpn.my.id"; flow:to_server,established; http.header; content:"vip.fauzivpn.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname verificationupdate873.weebly.com"; dns.query; content:"verificationupdate873.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verificationupdate873\.weebly\.com$/i"; classtype:trojan-activity; sid:37977831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname verificationupdate873.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| verificationupdate873.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verificationupdate873\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//verificationupdate873.weebly.com"; flow:to_server,established; http.header; content:"verificationupdate873.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspz.usspayb.top"; dns.query; content:"uspz.usspayb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspayb\.top$/i"; classtype:trojan-activity; sid:37977871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspz.usspayb.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspayb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspayb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//uspz.usspayb.top"; flow:to_server,established; http.header; content:"uspz.usspayb.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspi.usspum.top"; dns.query; content:"uspi.usspum.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspi\.usspum\.top$/i"; classtype:trojan-activity; sid:37977911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspi.usspum.top"; flow:to_server,established; http.header; content: "Host|3a| uspi.usspum.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspi\.usspum\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//uspi.usspum.top/index"; flow:to_server,established; http.header; content:"uspi.usspum.top"; fast_pattern; nocase; http.uri; content:"/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspe.uspslz.top"; dns.query; content:"uspe.uspslz.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.uspslz\.top$/i"; classtype:trojan-activity; sid:37977951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspe.uspslz.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.uspslz.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.uspslz\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//uspe.uspslz.top/index"; flow:to_server,established; http.header; content:"uspe.uspslz.top"; fast_pattern; nocase; http.uri; content:"/index"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname yaservice.bohuwive8286.workers.dev"; dns.query; content:"yaservice.bohuwive8286.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yaservice\.bohuwive8286\.workers\.dev$/i"; classtype:trojan-activity; sid:37977991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname yaservice.bohuwive8286.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| yaservice.bohuwive8286.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yaservice\.bohuwive8286\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenpbaket.one"; dns.query; content:"tokenpbaket.one"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.one$/i"; classtype:trojan-activity; sid:37978031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenpbaket.one"; flow:to_server,established; http.header; content: "Host|3a| tokenpbaket.one"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.one[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokenpbaket.one"; flow:to_server,established; http.header; content:"tokenpbaket.one"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37978041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 159-65-38-201.cprapid.com"; dns.query; content:"159-65-38-201.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])159\-65\-38\-201\.cprapid\.com$/i"; classtype:trojan-activity; sid:37978071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 159-65-38-201.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a| 159-65-38-201.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])159\-65\-38\-201\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname web-autodiscover65003.pages.dev"; dns.query; content:"web-autodiscover65003.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\-autodiscover65003\.pages\.dev$/i"; classtype:trojan-activity; sid:37978111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname web-autodiscover65003.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| web-autodiscover65003.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])web\-autodiscover65003\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.ixbiaoyhwh.top"; dns.query; content:"usps.ixbiaoyhwh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.ixbiaoyhwh\.top$/i"; classtype:trojan-activity; sid:37978151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.ixbiaoyhwh.top"; flow:to_server,established; http.header; content: "Host|3a| usps.ixbiaoyhwh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.ixbiaoyhwh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspb.uspiu.top"; dns.query; content:"uspb.uspiu.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspb\.uspiu\.top$/i"; classtype:trojan-activity; sid:37978191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspb.uspiu.top"; flow:to_server,established; http.header; content: "Host|3a| uspb.uspiu.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspb\.uspiu\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname surahpdfdownload.com"; dns.query; content:"surahpdfdownload.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])surahpdfdownload\.com$/i"; classtype:trojan-activity; sid:37978231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname surahpdfdownload.com"; flow:to_server,established; http.header; content: "Host|3a| surahpdfdownload.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])surahpdfdownload\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//surahpdfdownload.com/wp-includes/blocks/audio/Corrected/Corrected/new"; flow:to_server,established; http.header; content:"surahpdfdownload.com"; fast_pattern; nocase; http.uri; content:"/wp-includes/blocks/audio/Corrected/Corrected/new"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37978241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telstra-109875.weeblysite.com"; dns.query; content:"telstra-109875.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-109875\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telstra-109875.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-109875.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-109875\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tiktok-melayu.vvip1.my.id"; dns.query; content:"tiktok-melayu.vvip1.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tiktok\-melayu\.vvip1\.my\.id$/i"; classtype:trojan-activity; sid:37978311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tiktok-melayu.vvip1.my.id"; flow:to_server,established; http.header; content: "Host|3a| tiktok-melayu.vvip1.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tiktok\-melayu\.vvip1\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telstra-108123.weeblysite.com"; dns.query; content:"telstra-108123.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-108123\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telstra-108123.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-108123.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-108123\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telstra-107823.weeblysite.com"; dns.query; content:"telstra-107823.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107823\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telstra-107823.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-107823.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107823\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telstra-107790.weeblysite.com"; dns.query; content:"telstra-107790.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107790\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telstra-107790.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-107790.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107790\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telstra-107555.weeblysite.com"; dns.query; content:"telstra-107555.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107555\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telstra-107555.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-107555.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107555\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telstra-107033.weeblysite.com"; dns.query; content:"telstra-107033.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107033\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telstra-107033.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-107033.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-107033\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telstra-103802.weeblysite.com"; dns.query; content:"telstra-103802.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-103802\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telstra-103802.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-103802.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-103802\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname mail-106171.square.site"; dns.query; content:"mail-106171.square.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\-106171\.square\.site$/i"; classtype:trojan-activity; sid:37978591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname mail-106171.square.site"; flow:to_server,established; http.header; content: "Host|3a| mail-106171.square.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\-106171\.square\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telstra-102487.weeblysite.com"; dns.query; content:"telstra-102487.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-102487\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telstra-102487.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-102487.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-102487\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telstra-102203.weeblysite.com"; dns.query; content:"telstra-102203.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-102203\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telstra-102203.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-102203.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-102203\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telstra-101131.weeblysite.com"; dns.query; content:"telstra-101131.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-101131\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telstra-101131.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-101131.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-101131\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telstra-100381.weeblysite.com"; dns.query; content:"telstra-100381.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-100381\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telstra-100381.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| telstra-100381.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telstra\-100381\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname nmj.pages.dev"; dns.query; content:"nmj.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nmj\.pages\.dev$/i"; classtype:trojan-activity; sid:37978791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname nmj.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nmj.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nmj\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname my-site-106961.weeblysite.com"; dns.query; content:"my-site-106961.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])my\-site\-106961\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname my-site-106961.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| my-site-106961.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])my\-site\-106961\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname mediamagazine.kometia.com"; dns.query; content:"mediamagazine.kometia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediamagazine\.kometia\.com$/i"; classtype:trojan-activity; sid:37978871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname mediamagazine.kometia.com"; flow:to_server,established; http.header; content: "Host|3a| mediamagazine.kometia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mediamagazine\.kometia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname mail-106171.weeblysite.com"; dns.query; content:"mail-106171.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\-106171\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37978911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname mail-106171.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| mail-106171.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\-106171\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname imtoken-av.biz"; dns.query; content:"imtoken-av.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-av\.biz$/i"; classtype:trojan-activity; sid:37978951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname imtoken-av.biz"; flow:to_server,established; http.header; content: "Host|3a| imtoken-av.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-av\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname info-mail-acc.webflow.io"; dns.query; content:"info-mail-acc.webflow.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])info\-mail\-acc\.webflow\.io$/i"; classtype:trojan-activity; sid:37978991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname info-mail-acc.webflow.io"; flow:to_server,established; http.header; content: "Host|3a| info-mail-acc.webflow.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])info\-mail\-acc\.webflow\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37978992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname imtoken-aa.fyi"; dns.query; content:"imtoken-aa.fyi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-aa\.fyi$/i"; classtype:trojan-activity; sid:37979031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname imtoken-aa.fyi"; flow:to_server,established; http.header; content: "Host|3a| imtoken-aa.fyi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-aa\.fyi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname im20.net"; dns.query; content:"im20.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])im20\.net$/i"; classtype:trojan-activity; sid:37979071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname im20.net"; flow:to_server,established; http.header; content: "Host|3a| im20.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])im20\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname signinattcom03.weebly.com"; dns.query; content:"signinattcom03.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])signinattcom03\.weebly\.com$/i"; classtype:trojan-activity; sid:37979111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname signinattcom03.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| signinattcom03.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])signinattcom03\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//signinattcom03.weebly.com/?user-agent=mozilla/5.0"; flow:to_server,established; http.header; content:"signinattcom03.weebly.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37979121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hxm7-lx.all-net.cfd"; dns.query; content:"hxm7-lx.all-net.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hxm7\-lx\.all\-net\.cfd$/i"; classtype:trojan-activity; sid:37979151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hxm7-lx.all-net.cfd"; flow:to_server,established; http.header; content: "Host|3a| hxm7-lx.all-net.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hxm7\-lx\.all\-net\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hbsgls.gvaca.my.id"; dns.query; content:"hbsgls.gvaca.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hbsgls\.gvaca\.my\.id$/i"; classtype:trojan-activity; sid:37979191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hbsgls.gvaca.my.id"; flow:to_server,established; http.header; content: "Host|3a| hbsgls.gvaca.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hbsgls\.gvaca\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ght6.pages.dev"; dns.query; content:"ght6.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ght6\.pages\.dev$/i"; classtype:trojan-activity; sid:37979231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ght6.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ght6.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ght6\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname g7f6v6v55v5b.blogspot.com.uy"; dns.query; content:"g7f6v6v55v5b.blogspot.com.uy"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g7f6v6v55v5b\.blogspot\.com\.uy$/i"; classtype:trojan-activity; sid:37979271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname g7f6v6v55v5b.blogspot.com.uy"; flow:to_server,established; http.header; content: "Host|3a| g7f6v6v55v5b.blogspot.com.uy"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g7f6v6v55v5b\.blogspot\.com\.uy[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname g7f6v6v55v5b.blogspot.com"; dns.query; content:"g7f6v6v55v5b.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g7f6v6v55v5b\.blogspot\.com$/i"; classtype:trojan-activity; sid:37979311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname g7f6v6v55v5b.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| g7f6v6v55v5b.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])g7f6v6v55v5b\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname findallgadget.altervista.org"; dns.query; content:"findallgadget.altervista.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])findallgadget\.altervista\.org$/i"; classtype:trojan-activity; sid:37979351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname findallgadget.altervista.org"; flow:to_server,established; http.header; content: "Host|3a| findallgadget.altervista.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])findallgadget\.altervista\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname servicewebformoes.weebly.com"; dns.query; content:"servicewebformoes.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servicewebformoes\.weebly\.com$/i"; classtype:trojan-activity; sid:37979391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname servicewebformoes.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| servicewebformoes.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servicewebformoes\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//servicewebformoes.weebly.com/?user-agent=mozilla/5.0"; flow:to_server,established; http.header; content:"servicewebformoes.weebly.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37979401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname djh3hjfn.terbaiik.com"; dns.query; content:"djh3hjfn.terbaiik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djh3hjfn\.terbaiik\.com$/i"; classtype:trojan-activity; sid:37979431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname djh3hjfn.terbaiik.com"; flow:to_server,established; http.header; content: "Host|3a| djh3hjfn.terbaiik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djh3hjfn\.terbaiik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname verify-metamaskwallet.ddnss.eu"; dns.query; content:"verify-metamaskwallet.ddnss.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\-metamaskwallet\.ddnss\.eu$/i"; classtype:trojan-activity; sid:37979471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname verify-metamaskwallet.ddnss.eu"; flow:to_server,established; http.header; content: "Host|3a| verify-metamaskwallet.ddnss.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\-metamaskwallet\.ddnss\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname dhv3us.terbaiik.com"; dns.query; content:"dhv3us.terbaiik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhv3us\.terbaiik\.com$/i"; classtype:trojan-activity; sid:37979511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname dhv3us.terbaiik.com"; flow:to_server,established; http.header; content: "Host|3a| dhv3us.terbaiik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhv3us\.terbaiik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname dh801ed.pages.dev"; dns.query; content:"dh801ed.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dh801ed\.pages\.dev$/i"; classtype:trojan-activity; sid:37979551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname dh801ed.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dh801ed.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dh801ed\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname cjh3.dgwt.my.id"; dns.query; content:"cjh3.dgwt.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cjh3\.dgwt\.my\.id$/i"; classtype:trojan-activity; sid:37979591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname cjh3.dgwt.my.id"; flow:to_server,established; http.header; content: "Host|3a| cjh3.dgwt.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cjh3\.dgwt\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname cjb3hhd.terbaiik.com"; dns.query; content:"cjb3hhd.terbaiik.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cjb3hhd\.terbaiik\.com$/i"; classtype:trojan-activity; sid:37979631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname cjb3hhd.terbaiik.com"; flow:to_server,established; http.header; content: "Host|3a| cjb3hhd.terbaiik.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cjb3hhd\.terbaiik\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname btinternet-107962.weeblysite.com"; dns.query; content:"btinternet-107962.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-107962\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37979671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname btinternet-107962.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| btinternet-107962.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-107962\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname btinternet-105781.weeblysite.com"; dns.query; content:"btinternet-105781.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-105781\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37979711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname btinternet-105781.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| btinternet-105781.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-105781\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname btinternet-104787.weeblysite.com"; dns.query; content:"btinternet-104787.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-104787\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37979751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname btinternet-104787.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| btinternet-104787.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])btinternet\-104787\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname bt-109047.weeblysite.com"; dns.query; content:"bt-109047.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-109047\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37979791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname bt-109047.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-109047.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-109047\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname bd.vipsystem.com.br"; dns.query; content:"bd.vipsystem.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bd\.vipsystem\.com\.br$/i"; classtype:trojan-activity; sid:37979831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname bd.vipsystem.com.br"; flow:to_server,established; http.header; content: "Host|3a| bd.vipsystem.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bd\.vipsystem\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname bafybeih6rtemhzrtashvkuup3tjqikqnsowd4hvayj43ulfdrody7esxpy.ipfs.cf-ipfs.com"; dns.query; content:"bafybeih6rtemhzrtashvkuup3tjqikqnsowd4hvayj43ulfdrody7esxpy.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeih6rtemhzrtashvkuup3tjqikqnsowd4hvayj43ulfdrody7esxpy\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37979871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname bafybeih6rtemhzrtashvkuup3tjqikqnsowd4hvayj43ulfdrody7esxpy.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeih6rtemhzrtashvkuup3tjqikqnsowd4hvayj43ulfdrody7esxpy.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeih6rtemhzrtashvkuup3tjqikqnsowd4hvayj43ulfdrody7esxpy\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname bafybeiaspi7hvqixv6hohpytclccekq55bilc3o27fsiw2tahipl7yq2cq.ipfs.cf-ipfs.com"; dns.query; content:"bafybeiaspi7hvqixv6hohpytclccekq55bilc3o27fsiw2tahipl7yq2cq.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeiaspi7hvqixv6hohpytclccekq55bilc3o27fsiw2tahipl7yq2cq\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:37979911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname bafybeiaspi7hvqixv6hohpytclccekq55bilc3o27fsiw2tahipl7yq2cq.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeiaspi7hvqixv6hohpytclccekq55bilc3o27fsiw2tahipl7yq2cq.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeiaspi7hvqixv6hohpytclccekq55bilc3o27fsiw2tahipl7yq2cq\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname attsystemidentifiercheckpoint.weebly.com"; dns.query; content:"attsystemidentifiercheckpoint.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attsystemidentifiercheckpoint\.weebly\.com$/i"; classtype:trojan-activity; sid:37979951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname attsystemidentifiercheckpoint.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| attsystemidentifiercheckpoint.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attsystemidentifiercheckpoint\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname rapter.configura.workers.dev"; dns.query; content:"rapter.configura.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rapter\.configura\.workers\.dev$/i"; classtype:trojan-activity; sid:37979991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname rapter.configura.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| rapter.configura.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rapter\.configura\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37979992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname jennelcheng.com"; dns.query; content:"jennelcheng.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jennelcheng\.com$/i"; classtype:trojan-activity; sid:37980031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname jennelcheng.com"; flow:to_server,established; http.header; content: "Host|3a| jennelcheng.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jennelcheng\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//jennelcheng.com/accpt/1drv/1drv"; flow:to_server,established; http.header; content:"jennelcheng.com"; fast_pattern; nocase; http.uri; content:"/accpt/1drv/1drv"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname imtoken.cam"; dns.query; content:"imtoken.cam"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\.cam$/i"; classtype:trojan-activity; sid:37980071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname imtoken.cam"; flow:to_server,established; http.header; content: "Host|3a| imtoken.cam"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\.cam[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//imtoken.cam"; flow:to_server,established; http.header; content:"imtoken.cam"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname imtoken-bm.ist"; dns.query; content:"imtoken-bm.ist"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bm\.ist$/i"; classtype:trojan-activity; sid:37980111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname imtoken-bm.ist"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bm.ist"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bm\.ist[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//imtoken-bm.ist"; flow:to_server,established; http.header; content:"imtoken-bm.ist"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 666-sb.com"; dns.query; content:"666-sb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])666\-sb\.com$/i"; classtype:trojan-activity; sid:37980151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 666-sb.com"; flow:to_server,established; http.header; content: "Host|3a| 666-sb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])666\-sb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//666-sb.com/index.php"; flow:to_server,established; http.header; content:"666-sb.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname attsevrices.weebly.com"; dns.query; content:"attsevrices.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attsevrices\.weebly\.com$/i"; classtype:trojan-activity; sid:37980191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname attsevrices.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| attsevrices.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attsevrices\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//attsevrices.weebly.com/?user-agent=mozilla/5.0"; flow:to_server,established; http.header; content:"attsevrices.weebly.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ca3mijhnsg.download-soft.xyz"; dns.query; content:"ca3mijhnsg.download-soft.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ca3mijhnsg\.download\-soft\.xyz$/i"; classtype:trojan-activity; sid:37980231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ca3mijhnsg.download-soft.xyz"; flow:to_server,established; http.header; content: "Host|3a| ca3mijhnsg.download-soft.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ca3mijhnsg\.download\-soft\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//ca3mijhnsg.download-soft.xyz"; flow:to_server,established; http.header; content:"ca3mijhnsg.download-soft.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname wandering-butterfly-890a.info4663.workers.dev"; dns.query; content:"wandering-butterfly-890a.info4663.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wandering\-butterfly\-890a\.info4663\.workers\.dev$/i"; classtype:trojan-activity; sid:37980271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname wandering-butterfly-890a.info4663.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| wandering-butterfly-890a.info4663.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wandering\-butterfly\-890a\.info4663\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname teleghlk-cbk.top"; dns.query; content:"teleghlk-cbk.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleghlk\-cbk\.top$/i"; classtype:trojan-activity; sid:37980311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname teleghlk-cbk.top"; flow:to_server,established; http.header; content: "Host|3a| teleghlk-cbk.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleghlk\-cbk\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname m.teiegrom-xc.com"; dns.query; content:"m.teiegrom-xc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.teiegrom\-xc\.com$/i"; classtype:trojan-activity; sid:37980351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname m.teiegrom-xc.com"; flow:to_server,established; http.header; content: "Host|3a| m.teiegrom-xc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.teiegrom\-xc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname snapsexfreeonly.pages.dev"; dns.query; content:"snapsexfreeonly.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snapsexfreeonly\.pages\.dev$/i"; classtype:trojan-activity; sid:37980391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname snapsexfreeonly.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| snapsexfreeonly.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snapsexfreeonly\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telegnam.work"; dns.query; content:"telegnam.work"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegnam\.work$/i"; classtype:trojan-activity; sid:37980431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telegnam.work"; flow:to_server,established; http.header; content: "Host|3a| telegnam.work"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegnam\.work[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//telegnam.work/"; flow:to_server,established; http.header; content:"telegnam.work"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telegnam.club"; dns.query; content:"telegnam.club"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegnam\.club$/i"; classtype:trojan-activity; sid:37980471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telegnam.club"; flow:to_server,established; http.header; content: "Host|3a| telegnam.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegnam\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//telegnam.club/"; flow:to_server,established; http.header; content:"telegnam.club"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname m.teiegrom-xb.com"; dns.query; content:"m.teiegrom-xb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.teiegrom\-xb\.com$/i"; classtype:trojan-activity; sid:37980511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname m.teiegrom-xb.com"; flow:to_server,established; http.header; content: "Host|3a| m.teiegrom-xb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.teiegrom\-xb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//m.teiegrom-xb.com/"; flow:to_server,established; http.header; content:"m.teiegrom-xb.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname projectfix.pages.dev"; dns.query; content:"projectfix.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])projectfix\.pages\.dev$/i"; classtype:trojan-activity; sid:37980551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname projectfix.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| projectfix.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])projectfix\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//projectfix.pages.dev"; flow:to_server,established; http.header; content:"projectfix.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname besgr.pages.dev"; dns.query; content:"besgr.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])besgr\.pages\.dev$/i"; classtype:trojan-activity; sid:37980591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname besgr.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| besgr.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])besgr\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//besgr.pages.dev"; flow:to_server,established; http.header; content:"besgr.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname beyrv.pages.dev"; dns.query; content:"beyrv.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beyrv\.pages\.dev$/i"; classtype:trojan-activity; sid:37980631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname beyrv.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| beyrv.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beyrv\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//beyrv.pages.dev"; flow:to_server,established; http.header; content:"beyrv.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname h0egwujayomasaremyceue03.pages.dev"; dns.query; content:"h0egwujayomasaremyceue03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h0egwujayomasaremyceue03\.pages\.dev$/i"; classtype:trojan-activity; sid:37980671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname h0egwujayomasaremyceue03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| h0egwujayomasaremyceue03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h0egwujayomasaremyceue03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//h0egwujayomasaremyceue03.pages.dev"; flow:to_server,established; http.header; content:"h0egwujayomasaremyceue03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname kolah-qermezi.com"; dns.query; content:"kolah-qermezi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kolah\-qermezi\.com$/i"; classtype:trojan-activity; sid:37980711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname kolah-qermezi.com"; flow:to_server,established; http.header; content: "Host|3a| kolah-qermezi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kolah\-qermezi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname jejvd3kk.des4.com.tr"; dns.query; content:"jejvd3kk.des4.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jejvd3kk\.des4\.com\.tr$/i"; classtype:trojan-activity; sid:37980751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname jejvd3kk.des4.com.tr"; flow:to_server,established; http.header; content: "Host|3a| jejvd3kk.des4.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jejvd3kk\.des4\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//jejvd3kk.des4.com.tr"; flow:to_server,established; http.header; content:"jejvd3kk.des4.com.tr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname assure-formulaire.net"; dns.query; content:"assure-formulaire.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])assure\-formulaire\.net$/i"; classtype:trojan-activity; sid:37980791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname assure-formulaire.net"; flow:to_server,established; http.header; content: "Host|3a| assure-formulaire.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])assure\-formulaire\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hdbfgy77.hyperphp.com"; dns.query; content:"hdbfgy77.hyperphp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hdbfgy77\.hyperphp\.com$/i"; classtype:trojan-activity; sid:37980831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hdbfgy77.hyperphp.com"; flow:to_server,established; http.header; content: "Host|3a| hdbfgy77.hyperphp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hdbfgy77\.hyperphp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//hdbfgy77.hyperphp.com/?i=2"; flow:to_server,established; http.header; content:"hdbfgy77.hyperphp.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname drapwkuy.f4iz.my.id"; dns.query; content:"drapwkuy.f4iz.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])drapwkuy\.f4iz\.my\.id$/i"; classtype:trojan-activity; sid:37980871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname drapwkuy.f4iz.my.id"; flow:to_server,established; http.header; content: "Host|3a| drapwkuy.f4iz.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])drapwkuy\.f4iz\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//drapwkuy.f4iz.my.id"; flow:to_server,established; http.header; content:"drapwkuy.f4iz.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname suspeito.pages.dev"; dns.query; content:"suspeito.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])suspeito\.pages\.dev$/i"; classtype:trojan-activity; sid:37980911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname suspeito.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| suspeito.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])suspeito\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//suspeito.pages.dev"; flow:to_server,established; http.header; content:"suspeito.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname dhjmklpsdr762904.1i1.my.id"; dns.query; content:"dhjmklpsdr762904.1i1.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhjmklpsdr762904\.1i1\.my\.id$/i"; classtype:trojan-activity; sid:37980951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname dhjmklpsdr762904.1i1.my.id"; flow:to_server,established; http.header; content: "Host|3a| dhjmklpsdr762904.1i1.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhjmklpsdr762904\.1i1\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//dhjmklpsdr762904.1i1.my.id"; flow:to_server,established; http.header; content:"dhjmklpsdr762904.1i1.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37980961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname dehecegjouygrcesbayoisvolo1.pages.dev"; dns.query; content:"dehecegjouygrcesbayoisvolo1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dehecegjouygrcesbayoisvolo1\.pages\.dev$/i"; classtype:trojan-activity; sid:37980991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname dehecegjouygrcesbayoisvolo1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dehecegjouygrcesbayoisvolo1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dehecegjouygrcesbayoisvolo1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37980992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//dehecegjouygrcesbayoisvolo1.pages.dev"; flow:to_server,established; http.header; content:"dehecegjouygrcesbayoisvolo1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname djh3qn.ktt55.my.id"; dns.query; content:"djh3qn.ktt55.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djh3qn\.ktt55\.my\.id$/i"; classtype:trojan-activity; sid:37981031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname djh3qn.ktt55.my.id"; flow:to_server,established; http.header; content: "Host|3a| djh3qn.ktt55.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djh3qn\.ktt55\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//djh3qn.ktt55.my.id"; flow:to_server,established; http.header; content:"djh3qn.ktt55.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname chpokalshik.ushermotherfaker.com"; dns.query; content:"chpokalshik.ushermotherfaker.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chpokalshik\.ushermotherfaker\.com$/i"; classtype:trojan-activity; sid:37981071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname chpokalshik.ushermotherfaker.com"; flow:to_server,established; http.header; content: "Host|3a| chpokalshik.ushermotherfaker.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chpokalshik\.ushermotherfaker\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:37981111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname gjjjbjv.pages.dev"; dns.query; content:"gjjjbjv.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gjjjbjv\.pages\.dev$/i"; classtype:trojan-activity; sid:37981151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname gjjjbjv.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gjjjbjv.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gjjjbjv\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname walterslosung.com"; dns.query; content:"walterslosung.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])walterslosung\.com$/i"; classtype:trojan-activity; sid:37981191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname walterslosung.com"; flow:to_server,established; http.header; content: "Host|3a| walterslosung.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])walterslosung\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname nodedapps-inqubeta.pages.dev"; dns.query; content:"nodedapps-inqubeta.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodedapps\-inqubeta\.pages\.dev$/i"; classtype:trojan-activity; sid:37981231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname nodedapps-inqubeta.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nodedapps-inqubeta.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodedapps\-inqubeta\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//nodedapps-inqubeta.pages.dev"; flow:to_server,established; http.header; content:"nodedapps-inqubeta.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname cbiym.pages.dev"; dns.query; content:"cbiym.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cbiym\.pages\.dev$/i"; classtype:trojan-activity; sid:37981271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname cbiym.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| cbiym.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cbiym\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//cbiym.pages.dev"; flow:to_server,established; http.header; content:"cbiym.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenpazket.pro"; dns.query; content:"tokenpazket.pro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.pro$/i"; classtype:trojan-activity; sid:37981311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenpazket.pro"; flow:to_server,established; http.header; content: "Host|3a| tokenpazket.pro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.pro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokenpazket.pro"; flow:to_server,established; http.header; content:"tokenpazket.pro"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname zlf.pages.dev"; dns.query; content:"zlf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zlf\.pages\.dev$/i"; classtype:trojan-activity; sid:37981351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname zlf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| zlf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zlf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//zlf.pages.dev"; flow:to_server,established; http.header; content:"zlf.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname test.hcwe.cn"; dns.query; content:"test.hcwe.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])test\.hcwe\.cn$/i"; classtype:trojan-activity; sid:37981391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname test.hcwe.cn"; flow:to_server,established; http.header; content: "Host|3a| test.hcwe.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])test\.hcwe\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//test.hcwe.cn"; flow:to_server,established; http.header; content:"test.hcwe.cn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 7rhd.des4.com.tr"; dns.query; content:"7rhd.des4.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])7rhd\.des4\.com\.tr$/i"; classtype:trojan-activity; sid:37981431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 7rhd.des4.com.tr"; flow:to_server,established; http.header; content: "Host|3a| 7rhd.des4.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])7rhd\.des4\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//7rhd.des4.com.tr"; flow:to_server,established; http.header; content:"7rhd.des4.com.tr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname gg3yfs.des4.com.tr"; dns.query; content:"gg3yfs.des4.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gg3yfs\.des4\.com\.tr$/i"; classtype:trojan-activity; sid:37981471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname gg3yfs.des4.com.tr"; flow:to_server,established; http.header; content: "Host|3a| gg3yfs.des4.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gg3yfs\.des4\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//gg3yfs.des4.com.tr"; flow:to_server,established; http.header; content:"gg3yfs.des4.com.tr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telegram18.privatemessage25.com"; dns.query; content:"telegram18.privatemessage25.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram18\.privatemessage25\.com$/i"; classtype:trojan-activity; sid:37981511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telegram18.privatemessage25.com"; flow:to_server,established; http.header; content: "Host|3a| telegram18.privatemessage25.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram18\.privatemessage25\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//telegram18.privatemessage25.com"; flow:to_server,established; http.header; content:"telegram18.privatemessage25.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname dutopupina.com"; dns.query; content:"dutopupina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dutopupina\.com$/i"; classtype:trojan-activity; sid:37981551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname dutopupina.com"; flow:to_server,established; http.header; content: "Host|3a| dutopupina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dutopupina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//dutopupina.com"; flow:to_server,established; http.header; content:"dutopupina.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hv3gf4r.ktt55.my.id"; dns.query; content:"hv3gf4r.ktt55.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hv3gf4r\.ktt55\.my\.id$/i"; classtype:trojan-activity; sid:37981591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hv3gf4r.ktt55.my.id"; flow:to_server,established; http.header; content: "Host|3a| hv3gf4r.ktt55.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hv3gf4r\.ktt55\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//hv3gf4r.ktt55.my.id"; flow:to_server,established; http.header; content:"hv3gf4r.ktt55.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname blockchainrectification-1tu.pages.dev"; dns.query; content:"blockchainrectification-1tu.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainrectification\-1tu\.pages\.dev$/i"; classtype:trojan-activity; sid:37981631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname blockchainrectification-1tu.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| blockchainrectification-1tu.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blockchainrectification\-1tu\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//blockchainrectification-1tu.pages.dev"; flow:to_server,established; http.header; content:"blockchainrectification-1tu.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname unrohesgevseolaordgeswefes1.pages.dev"; dns.query; content:"unrohesgevseolaordgeswefes1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unrohesgevseolaordgeswefes1\.pages\.dev$/i"; classtype:trojan-activity; sid:37981671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname unrohesgevseolaordgeswefes1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| unrohesgevseolaordgeswefes1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unrohesgevseolaordgeswefes1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//unrohesgevseolaordgeswefes1.pages.dev"; flow:to_server,established; http.header; content:"unrohesgevseolaordgeswefes1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname fceve2.pages.dev"; dns.query; content:"fceve2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fceve2\.pages\.dev$/i"; classtype:trojan-activity; sid:37981711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname fceve2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fceve2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fceve2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//fceve2.pages.dev"; flow:to_server,established; http.header; content:"fceve2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telegram13.privatemessage25.com"; dns.query; content:"telegram13.privatemessage25.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram13\.privatemessage25\.com$/i"; classtype:trojan-activity; sid:37981751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telegram13.privatemessage25.com"; flow:to_server,established; http.header; content: "Host|3a| telegram13.privatemessage25.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram13\.privatemessage25\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//telegram13.privatemessage25.com"; flow:to_server,established; http.header; content:"telegram13.privatemessage25.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname adulthotgrils.pages.dev"; dns.query; content:"adulthotgrils.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adulthotgrils\.pages\.dev$/i"; classtype:trojan-activity; sid:37981791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname adulthotgrils.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| adulthotgrils.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adulthotgrils\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//adulthotgrils.pages.dev"; flow:to_server,established; http.header; content:"adulthotgrils.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname dhfrumv76291cfrehlg.1i1.my.id"; dns.query; content:"dhfrumv76291cfrehlg.1i1.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhfrumv76291cfrehlg\.1i1\.my\.id$/i"; classtype:trojan-activity; sid:37981831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname dhfrumv76291cfrehlg.1i1.my.id"; flow:to_server,established; http.header; content: "Host|3a| dhfrumv76291cfrehlg.1i1.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dhfrumv76291cfrehlg\.1i1\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//dhfrumv76291cfrehlg.1i1.my.id"; flow:to_server,established; http.header; content:"dhfrumv76291cfrehlg.1i1.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urhebrs.com"; dns.query; content:"urhebrs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebrs\.com$/i"; classtype:trojan-activity; sid:37981871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urhebrs.com"; flow:to_server,established; http.header; content: "Host|3a| urhebrs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebrs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urhebrs.com"; flow:to_server,established; http.header; content:"urhebrs.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urheamf.com"; dns.query; content:"urheamf.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheamf\.com$/i"; classtype:trojan-activity; sid:37981911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urheamf.com"; flow:to_server,established; http.header; content: "Host|3a| urheamf.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheamf\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urheamf.com"; flow:to_server,established; http.header; content:"urheamf.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ujomewehuoserzemeaneo1.pages.dev"; dns.query; content:"ujomewehuoserzemeaneo1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ujomewehuoserzemeaneo1\.pages\.dev$/i"; classtype:trojan-activity; sid:37981951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ujomewehuoserzemeaneo1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ujomewehuoserzemeaneo1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ujomewehuoserzemeaneo1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//ujomewehuoserzemeaneo1.pages.dev"; flow:to_server,established; http.header; content:"ujomewehuoserzemeaneo1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37981961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urhebtj.com"; dns.query; content:"urhebtj.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebtj\.com$/i"; classtype:trojan-activity; sid:37981991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urhebtj.com"; flow:to_server,established; http.header; content: "Host|3a| urhebtj.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebtj\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37981992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urhebtj.com"; flow:to_server,established; http.header; content:"urhebtj.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urhebeq.com"; dns.query; content:"urhebeq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebeq\.com$/i"; classtype:trojan-activity; sid:37982031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urhebeq.com"; flow:to_server,established; http.header; content: "Host|3a| urhebeq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebeq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urhebeq.com"; flow:to_server,established; http.header; content:"urhebeq.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urhebru.com"; dns.query; content:"urhebru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebru\.com$/i"; classtype:trojan-activity; sid:37982071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urhebru.com"; flow:to_server,established; http.header; content: "Host|3a| urhebru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urhebru.com"; flow:to_server,established; http.header; content:"urhebru.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urheaxp.com"; dns.query; content:"urheaxp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaxp\.com$/i"; classtype:trojan-activity; sid:37982111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urheaxp.com"; flow:to_server,established; http.header; content: "Host|3a| urheaxp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaxp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urheaxp.com"; flow:to_server,established; http.header; content:"urheaxp.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urheacq.com"; dns.query; content:"urheacq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheacq\.com$/i"; classtype:trojan-activity; sid:37982151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urheacq.com"; flow:to_server,established; http.header; content: "Host|3a| urheacq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheacq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urheacq.com"; flow:to_server,established; http.header; content:"urheacq.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname fhfiuhse2.pages.dev"; dns.query; content:"fhfiuhse2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fhfiuhse2\.pages\.dev$/i"; classtype:trojan-activity; sid:37982191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname fhfiuhse2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fhfiuhse2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fhfiuhse2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//fhfiuhse2.pages.dev"; flow:to_server,established; http.header; content:"fhfiuhse2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urhebew.com"; dns.query; content:"urhebew.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebew\.com$/i"; classtype:trojan-activity; sid:37982231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urhebew.com"; flow:to_server,established; http.header; content: "Host|3a| urhebew.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebew\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urhebew.com"; flow:to_server,established; http.header; content:"urhebew.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urheane.com"; dns.query; content:"urheane.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheane\.com$/i"; classtype:trojan-activity; sid:37982271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urheane.com"; flow:to_server,established; http.header; content: "Host|3a| urheane.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheane\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urheane.com"; flow:to_server,established; http.header; content:"urheane.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urhebtf.com"; dns.query; content:"urhebtf.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebtf\.com$/i"; classtype:trojan-activity; sid:37982311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urhebtf.com"; flow:to_server,established; http.header; content: "Host|3a| urhebtf.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebtf\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urhebtf.com"; flow:to_server,established; http.header; content:"urhebtf.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urhebtg.com"; dns.query; content:"urhebtg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebtg\.com$/i"; classtype:trojan-activity; sid:37982351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urhebtg.com"; flow:to_server,established; http.header; content: "Host|3a| urhebtg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebtg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urhebtg.com"; flow:to_server,established; http.header; content:"urhebtg.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urhebet.com"; dns.query; content:"urhebet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebet\.com$/i"; classtype:trojan-activity; sid:37982391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urhebet.com"; flow:to_server,established; http.header; content: "Host|3a| urhebet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urhebet.com"; flow:to_server,established; http.header; content:"urhebet.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urhebee.com"; dns.query; content:"urhebee.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebee\.com$/i"; classtype:trojan-activity; sid:37982431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urhebee.com"; flow:to_server,established; http.header; content: "Host|3a| urhebee.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebee\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urhebee.com"; flow:to_server,established; http.header; content:"urhebee.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urheaxa.com"; dns.query; content:"urheaxa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaxa\.com$/i"; classtype:trojan-activity; sid:37982471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urheaxa.com"; flow:to_server,established; http.header; content: "Host|3a| urheaxa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaxa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urheaxa.com"; flow:to_server,established; http.header; content:"urheaxa.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urheact.com"; dns.query; content:"urheact.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheact\.com$/i"; classtype:trojan-activity; sid:37982511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urheact.com"; flow:to_server,established; http.header; content: "Host|3a| urheact.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheact\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urheact.com"; flow:to_server,established; http.header; content:"urheact.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname jhhfyhtr2.pages.dev"; dns.query; content:"jhhfyhtr2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhhfyhtr2\.pages\.dev$/i"; classtype:trojan-activity; sid:37982551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname jhhfyhtr2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jhhfyhtr2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhhfyhtr2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//jhhfyhtr2.pages.dev"; flow:to_server,established; http.header; content:"jhhfyhtr2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urheake.com"; dns.query; content:"urheake.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheake\.com$/i"; classtype:trojan-activity; sid:37982591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urheake.com"; flow:to_server,established; http.header; content: "Host|3a| urheake.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheake\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urheake.com"; flow:to_server,established; http.header; content:"urheake.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urheanq.com"; dns.query; content:"urheanq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheanq\.com$/i"; classtype:trojan-activity; sid:37982631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urheanq.com"; flow:to_server,established; http.header; content: "Host|3a| urheanq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheanq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urheanq.com"; flow:to_server,established; http.header; content:"urheanq.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urhebtd.com"; dns.query; content:"urhebtd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebtd\.com$/i"; classtype:trojan-activity; sid:37982671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urhebtd.com"; flow:to_server,established; http.header; content: "Host|3a| urhebtd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebtd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urhebtd.com"; flow:to_server,established; http.header; content:"urhebtd.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urhebry.com"; dns.query; content:"urhebry.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebry\.com$/i"; classtype:trojan-activity; sid:37982711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urhebry.com"; flow:to_server,established; http.header; content: "Host|3a| urhebry.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebry\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//urhebry.com"; flow:to_server,established; http.header; content:"urhebry.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenp0ckft.biz"; dns.query; content:"tokenp0ckft.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0ckft\.biz$/i"; classtype:trojan-activity; sid:37982751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenp0ckft.biz"; flow:to_server,established; http.header; content: "Host|3a| tokenp0ckft.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0ckft\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokenp0ckft.biz"; flow:to_server,established; http.header; content:"tokenp0ckft.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenp0ckct.biz"; dns.query; content:"tokenp0ckct.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0ckct\.biz$/i"; classtype:trojan-activity; sid:37982791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenp0ckct.biz"; flow:to_server,established; http.header; content: "Host|3a| tokenp0ckct.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0ckct\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokenp0ckct.biz"; flow:to_server,established; http.header; content:"tokenp0ckct.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenp0ckdt.biz"; dns.query; content:"tokenp0ckdt.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0ckdt\.biz$/i"; classtype:trojan-activity; sid:37982831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenp0ckdt.biz"; flow:to_server,established; http.header; content: "Host|3a| tokenp0ckdt.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0ckdt\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokenp0ckdt.biz"; flow:to_server,established; http.header; content:"tokenp0ckdt.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenp0ckht.biz"; dns.query; content:"tokenp0ckht.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0ckht\.biz$/i"; classtype:trojan-activity; sid:37982871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenp0ckht.biz"; flow:to_server,established; http.header; content: "Host|3a| tokenp0ckht.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0ckht\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokenp0ckht.biz"; flow:to_server,established; http.header; content:"tokenp0ckht.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname alist.xuebiw.workers.dev"; dns.query; content:"alist.xuebiw.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alist\.xuebiw\.workers\.dev$/i"; classtype:trojan-activity; sid:37982911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname alist.xuebiw.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| alist.xuebiw.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])alist\.xuebiw\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//alist.xuebiw.workers.dev"; flow:to_server,established; http.header; content:"alist.xuebiw.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname dmifkoueystdnahsmckifoir8730982smdjkiryu3.pages.dev"; dns.query; content:"dmifkoueystdnahsmckifoir8730982smdjkiryu3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dmifkoueystdnahsmckifoir8730982smdjkiryu3\.pages\.dev$/i"; classtype:trojan-activity; sid:37982951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname dmifkoueystdnahsmckifoir8730982smdjkiryu3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dmifkoueystdnahsmckifoir8730982smdjkiryu3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dmifkoueystdnahsmckifoir8730982smdjkiryu3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//dmifkoueystdnahsmckifoir8730982smdjkiryu3.pages.dev"; flow:to_server,established; http.header; content:"dmifkoueystdnahsmckifoir8730982smdjkiryu3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37982961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telegrem-f.com"; dns.query; content:"telegrem-f.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-f\.com$/i"; classtype:trojan-activity; sid:37982991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telegrem-f.com"; flow:to_server,established; http.header; content: "Host|3a| telegrem-f.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegrem\-f\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37982992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//telegrem-f.com/"; flow:to_server,established; http.header; content:"telegrem-f.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname distrosourcess5.sg-host.com"; dns.query; content:"distrosourcess5.sg-host.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])distrosourcess5\.sg\-host\.com$/i"; classtype:trojan-activity; sid:37983031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname distrosourcess5.sg-host.com"; flow:to_server,established; http.header; content: "Host|3a| distrosourcess5.sg-host.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])distrosourcess5\.sg\-host\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//distrosourcess5.sg-host.com/"; flow:to_server,established; http.header; content:"distrosourcess5.sg-host.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname teiegrom-xd.com"; dns.query; content:"teiegrom-xd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegrom\-xd\.com$/i"; classtype:trojan-activity; sid:37983071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname teiegrom-xd.com"; flow:to_server,established; http.header; content: "Host|3a| teiegrom-xd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegrom\-xd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname teiegrom-xb.com"; dns.query; content:"teiegrom-xb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegrom\-xb\.com$/i"; classtype:trojan-activity; sid:37983111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname teiegrom-xb.com"; flow:to_server,established; http.header; content: "Host|3a| teiegrom-xb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegrom\-xb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname join-live-now.best-share.my.id"; dns.query; content:"join-live-now.best-share.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join\-live\-now\.best\-share\.my\.id$/i"; classtype:trojan-activity; sid:37983151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname join-live-now.best-share.my.id"; flow:to_server,established; http.header; content: "Host|3a| join-live-now.best-share.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])join\-live\-now\.best\-share\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname wallstmemeschain.pages.dev"; dns.query; content:"wallstmemeschain.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wallstmemeschain\.pages\.dev$/i"; classtype:trojan-activity; sid:37983191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname wallstmemeschain.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| wallstmemeschain.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wallstmemeschain\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//wallstmemeschain.pages.dev"; flow:to_server,established; http.header; content:"wallstmemeschain.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname jhjutyretrejfxzhtyuyiklktrewertrygcgjdfcjhlkjhphp.pages.dev"; dns.query; content:"jhjutyretrejfxzhtyuyiklktrewertrygcgjdfcjhlkjhphp.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhjutyretrejfxzhtyuyiklktrewertrygcgjdfcjhlkjhphp\.pages\.dev$/i"; classtype:trojan-activity; sid:37983231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname jhjutyretrejfxzhtyuyiklktrewertrygcgjdfcjhlkjhphp.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jhjutyretrejfxzhtyuyiklktrewertrygcgjdfcjhlkjhphp.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jhjutyretrejfxzhtyuyiklktrewertrygcgjdfcjhlkjhphp\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//jhjutyretrejfxzhtyuyiklktrewertrygcgjdfcjhlkjhphp.pages.dev"; flow:to_server,established; http.header; content:"jhjutyretrejfxzhtyuyiklktrewertrygcgjdfcjhlkjhphp.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname kartaidattdevlet2.com"; dns.query; content:"kartaidattdevlet2.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kartaidattdevlet2\.com$/i"; classtype:trojan-activity; sid:37983271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname kartaidattdevlet2.com"; flow:to_server,established; http.header; content: "Host|3a| kartaidattdevlet2.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kartaidattdevlet2\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//kartaidattdevlet2.com"; flow:to_server,established; http.header; content:"kartaidattdevlet2.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname mail.kartaidattdevlet2.com"; dns.query; content:"mail.kartaidattdevlet2.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.kartaidattdevlet2\.com$/i"; classtype:trojan-activity; sid:37983311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname mail.kartaidattdevlet2.com"; flow:to_server,established; http.header; content: "Host|3a| mail.kartaidattdevlet2.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.kartaidattdevlet2\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//mail.kartaidattdevlet2.com"; flow:to_server,established; http.header; content:"mail.kartaidattdevlet2.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ahsnjeurio8476yshdjkam84905lkodirus673jsuhe8950lhsur8mdhy2.pages.dev"; dns.query; content:"ahsnjeurio8476yshdjkam84905lkodirus673jsuhe8950lhsur8mdhy2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ahsnjeurio8476yshdjkam84905lkodirus673jsuhe8950lhsur8mdhy2\.pages\.dev$/i"; classtype:trojan-activity; sid:37983351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ahsnjeurio8476yshdjkam84905lkodirus673jsuhe8950lhsur8mdhy2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ahsnjeurio8476yshdjkam84905lkodirus673jsuhe8950lhsur8mdhy2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ahsnjeurio8476yshdjkam84905lkodirus673jsuhe8950lhsur8mdhy2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//ahsnjeurio8476yshdjkam84905lkodirus673jsuhe8950lhsur8mdhy2.pages.dev"; flow:to_server,established; http.header; content:"ahsnjeurio8476yshdjkam84905lkodirus673jsuhe8950lhsur8mdhy2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname lkgjfv.badp4r.biz.id"; dns.query; content:"lkgjfv.badp4r.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lkgjfv\.badp4r\.biz\.id$/i"; classtype:trojan-activity; sid:37983391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname lkgjfv.badp4r.biz.id"; flow:to_server,established; http.header; content: "Host|3a| lkgjfv.badp4r.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lkgjfv\.badp4r\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//lkgjfv.badp4r.biz.id"; flow:to_server,established; http.header; content:"lkgjfv.badp4r.biz.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname xxzmklc.lnpsss.my.id"; dns.query; content:"xxzmklc.lnpsss.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xxzmklc\.lnpsss\.my\.id$/i"; classtype:trojan-activity; sid:37983431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname xxzmklc.lnpsss.my.id"; flow:to_server,established; http.header; content: "Host|3a| xxzmklc.lnpsss.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xxzmklc\.lnpsss\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//xxzmklc.lnpsss.my.id"; flow:to_server,established; http.header; content:"xxzmklc.lnpsss.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenpazket.one"; dns.query; content:"tokenpazket.one"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.one$/i"; classtype:trojan-activity; sid:37983471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenpazket.one"; flow:to_server,established; http.header; content: "Host|3a| tokenpazket.one"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.one[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokenpazket.one"; flow:to_server,established; http.header; content:"tokenpazket.one"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hcrthfeojvejaugtroewserthg04.pages.dev"; dns.query; content:"hcrthfeojvejaugtroewserthg04.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hcrthfeojvejaugtroewserthg04\.pages\.dev$/i"; classtype:trojan-activity; sid:37983511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hcrthfeojvejaugtroewserthg04.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hcrthfeojvejaugtroewserthg04.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hcrthfeojvejaugtroewserthg04\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//hcrthfeojvejaugtroewserthg04.pages.dev"; flow:to_server,established; http.header; content:"hcrthfeojvejaugtroewserthg04.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenpbaket.net"; dns.query; content:"tokenpbaket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.net$/i"; classtype:trojan-activity; sid:37983551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenpbaket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpbaket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokenpbaket.net"; flow:to_server,established; http.header; content:"tokenpbaket.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname mail.yshdjig.manttap.com"; dns.query; content:"mail.yshdjig.manttap.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.yshdjig\.manttap\.com$/i"; classtype:trojan-activity; sid:37983591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname mail.yshdjig.manttap.com"; flow:to_server,established; http.header; content: "Host|3a| mail.yshdjig.manttap.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.yshdjig\.manttap\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//mail.yshdjig.manttap.com"; flow:to_server,established; http.header; content:"mail.yshdjig.manttap.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname nemsegastrefutomehaserh1.pages.dev"; dns.query; content:"nemsegastrefutomehaserh1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nemsegastrefutomehaserh1\.pages\.dev$/i"; classtype:trojan-activity; sid:37983631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname nemsegastrefutomehaserh1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nemsegastrefutomehaserh1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nemsegastrefutomehaserh1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//nemsegastrefutomehaserh1.pages.dev"; flow:to_server,established; http.header; content:"nemsegastrefutomehaserh1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenpbaket.fyi"; dns.query; content:"tokenpbaket.fyi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.fyi$/i"; classtype:trojan-activity; sid:37983671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenpbaket.fyi"; flow:to_server,established; http.header; content: "Host|3a| tokenpbaket.fyi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.fyi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokenpbaket.fyi"; flow:to_server,established; http.header; content:"tokenpbaket.fyi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname grudee4.ktt55.my.id"; dns.query; content:"grudee4.ktt55.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grudee4\.ktt55\.my\.id$/i"; classtype:trojan-activity; sid:37983711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname grudee4.ktt55.my.id"; flow:to_server,established; http.header; content: "Host|3a| grudee4.ktt55.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grudee4\.ktt55\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//grudee4.ktt55.my.id"; flow:to_server,established; http.header; content:"grudee4.ktt55.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname fieshugehjsuiotacescgy02.pages.dev"; dns.query; content:"fieshugehjsuiotacescgy02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fieshugehjsuiotacescgy02\.pages\.dev$/i"; classtype:trojan-activity; sid:37983751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname fieshugehjsuiotacescgy02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fieshugehjsuiotacescgy02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fieshugehjsuiotacescgy02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//fieshugehjsuiotacescgy02.pages.dev"; flow:to_server,established; http.header; content:"fieshugehjsuiotacescgy02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname kopyjct4.pages.dev"; dns.query; content:"kopyjct4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kopyjct4\.pages\.dev$/i"; classtype:trojan-activity; sid:37983791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname kopyjct4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| kopyjct4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kopyjct4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//kopyjct4.pages.dev"; flow:to_server,established; http.header; content:"kopyjct4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname gryfde2.ktt55.my.id"; dns.query; content:"gryfde2.ktt55.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gryfde2\.ktt55\.my\.id$/i"; classtype:trojan-activity; sid:37983831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname gryfde2.ktt55.my.id"; flow:to_server,established; http.header; content: "Host|3a| gryfde2.ktt55.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gryfde2\.ktt55\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//gryfde2.ktt55.my.id"; flow:to_server,established; http.header; content:"gryfde2.ktt55.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hcrthfeojvejaugtroewserthg02.pages.dev"; dns.query; content:"hcrthfeojvejaugtroewserthg02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hcrthfeojvejaugtroewserthg02\.pages\.dev$/i"; classtype:trojan-activity; sid:37983871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hcrthfeojvejaugtroewserthg02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hcrthfeojvejaugtroewserthg02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hcrthfeojvejaugtroewserthg02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//hcrthfeojvejaugtroewserthg02.pages.dev"; flow:to_server,established; http.header; content:"hcrthfeojvejaugtroewserthg02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 1adyjwfety11.pages.dev"; dns.query; content:"1adyjwfety11.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1adyjwfety11\.pages\.dev$/i"; classtype:trojan-activity; sid:37983911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 1adyjwfety11.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 1adyjwfety11.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1adyjwfety11\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//1adyjwfety11.pages.dev"; flow:to_server,established; http.header; content:"1adyjwfety11.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 5eeevufwkegy55.pages.dev"; dns.query; content:"5eeevufwkegy55.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5eeevufwkegy55\.pages\.dev$/i"; classtype:trojan-activity; sid:37983951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 5eeevufwkegy55.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 5eeevufwkegy55.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5eeevufwkegy55\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//5eeevufwkegy55.pages.dev"; flow:to_server,established; http.header; content:"5eeevufwkegy55.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37983961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname whatasap-yu.com"; dns.query; content:"whatasap-yu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatasap\-yu\.com$/i"; classtype:trojan-activity; sid:37983991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname whatasap-yu.com"; flow:to_server,established; http.header; content: "Host|3a| whatasap-yu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatasap\-yu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37983992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//whatasap-yu.com"; flow:to_server,established; http.header; content:"whatasap-yu.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname fgrbnh2.pages.dev"; dns.query; content:"fgrbnh2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fgrbnh2\.pages\.dev$/i"; classtype:trojan-activity; sid:37984031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname fgrbnh2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fgrbnh2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fgrbnh2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//fgrbnh2.pages.dev"; flow:to_server,established; http.header; content:"fgrbnh2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenpbaket.biz"; dns.query; content:"tokenpbaket.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.biz$/i"; classtype:trojan-activity; sid:37984071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenpbaket.biz"; flow:to_server,established; http.header; content: "Host|3a| tokenpbaket.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokenpbaket.biz"; flow:to_server,established; http.header; content:"tokenpbaket.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname j8sis.godp4y.com"; dns.query; content:"j8sis.godp4y.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j8sis\.godp4y\.com$/i"; classtype:trojan-activity; sid:37984111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname j8sis.godp4y.com"; flow:to_server,established; http.header; content: "Host|3a| j8sis.godp4y.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])j8sis\.godp4y\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//j8sis.godp4y.com"; flow:to_server,established; http.header; content:"j8sis.godp4y.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 2gyjthm.pages.dev"; dns.query; content:"2gyjthm.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2gyjthm\.pages\.dev$/i"; classtype:trojan-activity; sid:37984151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 2gyjthm.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 2gyjthm.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2gyjthm\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//2gyjthm.pages.dev"; flow:to_server,established; http.header; content:"2gyjthm.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tesioewurdhjsieyytdodma101.pages.dev"; dns.query; content:"tesioewurdhjsieyytdodma101.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tesioewurdhjsieyytdodma101\.pages\.dev$/i"; classtype:trojan-activity; sid:37984191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tesioewurdhjsieyytdodma101.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| tesioewurdhjsieyytdodma101.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tesioewurdhjsieyytdodma101\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tesioewurdhjsieyytdodma101.pages.dev"; flow:to_server,established; http.header; content:"tesioewurdhjsieyytdodma101.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname jsks.godp4y.com"; dns.query; content:"jsks.godp4y.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jsks\.godp4y\.com$/i"; classtype:trojan-activity; sid:37984231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname jsks.godp4y.com"; flow:to_server,established; http.header; content: "Host|3a| jsks.godp4y.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jsks\.godp4y\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//jsks.godp4y.com"; flow:to_server,established; http.header; content:"jsks.godp4y.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname harjegdiscweoksjhudhquters2.pages.dev"; dns.query; content:"harjegdiscweoksjhudhquters2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])harjegdiscweoksjhudhquters2\.pages\.dev$/i"; classtype:trojan-activity; sid:37984271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname harjegdiscweoksjhudhquters2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| harjegdiscweoksjhudhquters2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])harjegdiscweoksjhudhquters2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//harjegdiscweoksjhudhquters2.pages.dev"; flow:to_server,established; http.header; content:"harjegdiscweoksjhudhquters2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname nsksj.godp4y.com"; dns.query; content:"nsksj.godp4y.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nsksj\.godp4y\.com$/i"; classtype:trojan-activity; sid:37984311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname nsksj.godp4y.com"; flow:to_server,established; http.header; content: "Host|3a| nsksj.godp4y.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nsksj\.godp4y\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//nsksj.godp4y.com"; flow:to_server,established; http.header; content:"nsksj.godp4y.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname unrohesgevseolaordgeswefes03.pages.dev"; dns.query; content:"unrohesgevseolaordgeswefes03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unrohesgevseolaordgeswefes03\.pages\.dev$/i"; classtype:trojan-activity; sid:37984351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname unrohesgevseolaordgeswefes03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| unrohesgevseolaordgeswefes03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unrohesgevseolaordgeswefes03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//unrohesgevseolaordgeswefes03.pages.dev"; flow:to_server,established; http.header; content:"unrohesgevseolaordgeswefes03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hcrthfeojvejaugtroewserthg03.pages.dev"; dns.query; content:"hcrthfeojvejaugtroewserthg03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hcrthfeojvejaugtroewserthg03\.pages\.dev$/i"; classtype:trojan-activity; sid:37984391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hcrthfeojvejaugtroewserthg03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hcrthfeojvejaugtroewserthg03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hcrthfeojvejaugtroewserthg03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//hcrthfeojvejaugtroewserthg03.pages.dev"; flow:to_server,established; http.header; content:"hcrthfeojvejaugtroewserthg03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname aloalo33222.stalling.top"; dns.query; content:"aloalo33222.stalling.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aloalo33222\.stalling\.top$/i"; classtype:trojan-activity; sid:37984431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname aloalo33222.stalling.top"; flow:to_server,established; http.header; content: "Host|3a| aloalo33222.stalling.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aloalo33222\.stalling\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//aloalo33222.stalling.top"; flow:to_server,established; http.header; content:"aloalo33222.stalling.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname jgfsj.godp4y.com"; dns.query; content:"jgfsj.godp4y.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jgfsj\.godp4y\.com$/i"; classtype:trojan-activity; sid:37984471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname jgfsj.godp4y.com"; flow:to_server,established; http.header; content: "Host|3a| jgfsj.godp4y.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jgfsj\.godp4y\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//jgfsj.godp4y.com"; flow:to_server,established; http.header; content:"jgfsj.godp4y.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 44dvdwleui.pages.dev"; dns.query; content:"44dvdwleui.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])44dvdwleui\.pages\.dev$/i"; classtype:trojan-activity; sid:37984511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 44dvdwleui.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 44dvdwleui.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])44dvdwleui\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//44dvdwleui.pages.dev"; flow:to_server,established; http.header; content:"44dvdwleui.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname djvw.godp4y.com"; dns.query; content:"djvw.godp4y.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djvw\.godp4y\.com$/i"; classtype:trojan-activity; sid:37984551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname djvw.godp4y.com"; flow:to_server,established; http.header; content: "Host|3a| djvw.godp4y.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djvw\.godp4y\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//djvw.godp4y.com"; flow:to_server,established; http.header; content:"djvw.godp4y.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname fieshugehjsuiotacescgyu01.pages.dev"; dns.query; content:"fieshugehjsuiotacescgyu01.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fieshugehjsuiotacescgyu01\.pages\.dev$/i"; classtype:trojan-activity; sid:37984591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname fieshugehjsuiotacescgyu01.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fieshugehjsuiotacescgyu01.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fieshugehjsuiotacescgyu01\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//fieshugehjsuiotacescgyu01.pages.dev"; flow:to_server,established; http.header; content:"fieshugehjsuiotacescgyu01.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenp0ckct.fyi"; dns.query; content:"tokenp0ckct.fyi"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0ckct\.fyi$/i"; classtype:trojan-activity; sid:37984631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenp0ckct.fyi"; flow:to_server,established; http.header; content: "Host|3a| tokenp0ckct.fyi"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0ckct\.fyi[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname luonade.cn"; dns.query; content:"luonade.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])luonade\.cn$/i"; classtype:trojan-activity; sid:37984671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname luonade.cn"; flow:to_server,established; http.header; content: "Host|3a| luonade.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])luonade\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//luonade.cn"; flow:to_server,established; http.header; content:"luonade.cn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname e5y57u556u656u665u.pages.dev"; dns.query; content:"e5y57u556u656u665u.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e5y57u556u656u665u\.pages\.dev$/i"; classtype:trojan-activity; sid:37984711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname e5y57u556u656u665u.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| e5y57u556u656u665u.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e5y57u556u656u665u\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//e5y57u556u656u665u.pages.dev"; flow:to_server,established; http.header; content:"e5y57u556u656u665u.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 2drthsr.pages.dev"; dns.query; content:"2drthsr.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2drthsr\.pages\.dev$/i"; classtype:trojan-activity; sid:37984751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 2drthsr.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 2drthsr.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2drthsr\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//2drthsr.pages.dev"; flow:to_server,established; http.header; content:"2drthsr.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname zxetxr2.pages.dev"; dns.query; content:"zxetxr2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zxetxr2\.pages\.dev$/i"; classtype:trojan-activity; sid:37984791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname zxetxr2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| zxetxr2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zxetxr2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//zxetxr2.pages.dev"; flow:to_server,established; http.header; content:"zxetxr2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname oujusedksuyihosjsgfudk2.pages.dev"; dns.query; content:"oujusedksuyihosjsgfudk2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oujusedksuyihosjsgfudk2\.pages\.dev$/i"; classtype:trojan-activity; sid:37984831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname oujusedksuyihosjsgfudk2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| oujusedksuyihosjsgfudk2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oujusedksuyihosjsgfudk2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//oujusedksuyihosjsgfudk2.pages.dev"; flow:to_server,established; http.header; content:"oujusedksuyihosjsgfudk2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname dl.imtookenc.cc"; dns.query; content:"dl.imtookenc.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dl\.imtookenc\.cc$/i"; classtype:trojan-activity; sid:37984871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname dl.imtookenc.cc"; flow:to_server,established; http.header; content: "Host|3a| dl.imtookenc.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dl\.imtookenc\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//dl.imtookenc.cc"; flow:to_server,established; http.header; content:"dl.imtookenc.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname nsisb.godp4y.com"; dns.query; content:"nsisb.godp4y.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nsisb\.godp4y\.com$/i"; classtype:trojan-activity; sid:37984911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname nsisb.godp4y.com"; flow:to_server,established; http.header; content: "Host|3a| nsisb.godp4y.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nsisb\.godp4y\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//nsisb.godp4y.com"; flow:to_server,established; http.header; content:"nsisb.godp4y.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname trackingdhl.eu"; dns.query; content:"trackingdhl.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trackingdhl\.eu$/i"; classtype:trojan-activity; sid:37984951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname trackingdhl.eu"; flow:to_server,established; http.header; content: "Host|3a| trackingdhl.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])trackingdhl\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//www.trackingdhl.eu"; flow:to_server,established; http.header; content:"www.trackingdhl.eu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37984961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname we-addeed-your-post.github.io"; dns.query; content:"we-addeed-your-post.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])we\-addeed\-your\-post\.github\.io$/i"; classtype:trojan-activity; sid:37984991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname we-addeed-your-post.github.io"; flow:to_server,established; http.header; content: "Host|3a| we-addeed-your-post.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])we\-addeed\-your\-post\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37984992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//we-addeed-your-post.github.io/ft"; flow:to_server,established; http.header; content:"we-addeed-your-post.github.io"; fast_pattern; nocase; http.uri; content:"/ft"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37985001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ussp.usspvw.top"; dns.query; content:"ussp.usspvw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.usspvw\.top$/i"; classtype:trojan-activity; sid:37985031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ussp.usspvw.top"; flow:to_server,established; http.header; content: "Host|3a| ussp.usspvw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.usspvw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//ussp.usspvw.top/pg?do=index"; flow:to_server,established; http.header; content:"ussp.usspvw.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37985041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ussp.usspvw.top"; dns.query; content:"ussp.usspvw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.usspvw\.top$/i"; classtype:trojan-activity; sid:37985071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ussp.usspvw.top"; flow:to_server,established; http.header; content: "Host|3a| ussp.usspvw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.usspvw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//ussp.usspvw.top"; flow:to_server,established; http.header; content:"ussp.usspvw.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37985081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ussp.uspib.top"; dns.query; content:"ussp.uspib.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.uspib\.top$/i"; classtype:trojan-activity; sid:37985111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ussp.uspib.top"; flow:to_server,established; http.header; content: "Host|3a| ussp.uspib.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussp\.uspib\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//ussp.uspib.top/pg?do=index"; flow:to_server,established; http.header; content:"ussp.uspib.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37985121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspz.uspaix.top"; dns.query; content:"uspz.uspaix.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaix\.top$/i"; classtype:trojan-activity; sid:37985151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspz.uspaix.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspaix.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaix\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//uspz.uspaix.top/pg?do=index"; flow:to_server,established; http.header; content:"uspz.uspaix.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37985161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspz.uspib.top"; dns.query; content:"uspz.uspib.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspib\.top$/i"; classtype:trojan-activity; sid:37985191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspz.uspib.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspib.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspib\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//uspz.uspib.top/pg?do=index"; flow:to_server,established; http.header; content:"uspz.uspib.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37985201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspz.uspsec.top"; dns.query; content:"uspz.uspsec.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsec\.top$/i"; classtype:trojan-activity; sid:37985231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspz.uspsec.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspsec.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspsec\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//uspz.uspsec.top"; flow:to_server,established; http.header; content:"uspz.uspsec.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37985241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspz.uspaij.top"; dns.query; content:"uspz.uspaij.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaij\.top$/i"; classtype:trojan-activity; sid:37985271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspz.uspaij.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspaij.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaij\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//uspz.uspaij.top/pg?do=index"; flow:to_server,established; http.header; content:"uspz.uspaij.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37985281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname zmwpldurng.weebly.com"; dns.query; content:"zmwpldurng.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zmwpldurng\.weebly\.com$/i"; classtype:trojan-activity; sid:37985311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname zmwpldurng.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| zmwpldurng.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zmwpldurng\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname zir.ywv.mybluehost.me"; dns.query; content:"zir.ywv.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zir\.ywv\.mybluehost\.me$/i"; classtype:trojan-activity; sid:37985351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname zir.ywv.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| zir.ywv.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zir\.ywv\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname zhb4.info"; dns.query; content:"zhb4.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zhb4\.info$/i"; classtype:trojan-activity; sid:37985391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname zhb4.info"; flow:to_server,established; http.header; content: "Host|3a| zhb4.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zhb4\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname yugchapherkar.github.io"; dns.query; content:"yugchapherkar.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yugchapherkar\.github\.io$/i"; classtype:trojan-activity; sid:37985431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname yugchapherkar.github.io"; flow:to_server,established; http.header; content: "Host|3a| yugchapherkar.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yugchapherkar\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname yenib36.top"; dns.query; content:"yenib36.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yenib36\.top$/i"; classtype:trojan-activity; sid:37985471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname yenib36.top"; flow:to_server,established; http.header; content: "Host|3a| yenib36.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yenib36\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname www-swisspass-login-ch-swisspass-ch.codeanyapp.com"; dns.query; content:"www-swisspass-login-ch-swisspass-ch.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-swisspass\-login\-ch\-swisspass\-ch\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37985511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname www-swisspass-login-ch-swisspass-ch.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| www-swisspass-login-ch-swisspass-ch.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-swisspass\-login\-ch\-swisspass\-ch\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname rcvvry-accnt-scrty7842ib.duckdns.org"; dns.query; content:"rcvvry-accnt-scrty7842ib.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcvvry\-accnt\-scrty7842ib\.duckdns\.org$/i"; classtype:trojan-activity; sid:37985551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname rcvvry-accnt-scrty7842ib.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a| rcvvry-accnt-scrty7842ib.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcvvry\-accnt\-scrty7842ib\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname www-swisspass-login-ch-swisspass-ch.codeanyapp.com"; dns.query; content:"www-swisspass-login-ch-swisspass-ch.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-swisspass\-login\-ch\-swisspass\-ch\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:37985591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname www-swisspass-login-ch-swisspass-ch.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a| www-swisspass-login-ch-swisspass-ch.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])www\-swisspass\-login\-ch\-swisspass\-ch\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname rcvvry-accnt-scrty4597pj.duckdns.org"; dns.query; content:"rcvvry-accnt-scrty4597pj.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcvvry\-accnt\-scrty4597pj\.duckdns\.org$/i"; classtype:trojan-activity; sid:37985631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname rcvvry-accnt-scrty4597pj.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a| rcvvry-accnt-scrty4597pj.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcvvry\-accnt\-scrty4597pj\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname post-financ.online"; dns.query; content:"post-financ.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])post\-financ\.online$/i"; classtype:trojan-activity; sid:37985671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname post-financ.online"; flow:to_server,established; http.header; content: "Host|3a| post-financ.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])post\-financ\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname post-financ.online"; dns.query; content:"post-financ.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])post\-financ\.online$/i"; classtype:trojan-activity; sid:37985711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname post-financ.online"; flow:to_server,established; http.header; content: "Host|3a| post-financ.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])post\-financ\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname floridavacationrentalsbyowners.com"; dns.query; content:"floridavacationrentalsbyowners.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])floridavacationrentalsbyowners\.com$/i"; classtype:trojan-activity; sid:37985751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname floridavacationrentalsbyowners.com"; flow:to_server,established; http.header; content: "Host|3a| floridavacationrentalsbyowners.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])floridavacationrentalsbyowners\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname worker-autumn-moon-9c58.kentkj.workers.dev"; dns.query; content:"worker-autumn-moon-9c58.kentkj.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-autumn\-moon\-9c58\.kentkj\.workers\.dev$/i"; classtype:trojan-activity; sid:37985791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname worker-autumn-moon-9c58.kentkj.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-autumn-moon-9c58.kentkj.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-autumn\-moon\-9c58\.kentkj\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname verify-metamaskwallet.ddnss.eu"; dns.query; content:"verify-metamaskwallet.ddnss.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\-metamaskwallet\.ddnss\.eu$/i"; classtype:trojan-activity; sid:37985831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname verify-metamaskwallet.ddnss.eu"; flow:to_server,established; http.header; content: "Host|3a| verify-metamaskwallet.ddnss.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\-metamaskwallet\.ddnss\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname verify-metamaskwallet.ddnss.eu"; dns.query; content:"verify-metamaskwallet.ddnss.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\-metamaskwallet\.ddnss\.eu$/i"; classtype:trojan-activity; sid:37985871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname verify-metamaskwallet.ddnss.eu"; flow:to_server,established; http.header; content: "Host|3a| verify-metamaskwallet.ddnss.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\-metamaskwallet\.ddnss\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname verify-metamaskwallet.ddnss.eu"; dns.query; content:"verify-metamaskwallet.ddnss.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\-metamaskwallet\.ddnss\.eu$/i"; classtype:trojan-activity; sid:37985911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname verify-metamaskwallet.ddnss.eu"; flow:to_server,established; http.header; content: "Host|3a| verify-metamaskwallet.ddnss.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\-metamaskwallet\.ddnss\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname verify-metamaskwallet.ddnss.eu"; dns.query; content:"verify-metamaskwallet.ddnss.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\-metamaskwallet\.ddnss\.eu$/i"; classtype:trojan-activity; sid:37985951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname verify-metamaskwallet.ddnss.eu"; flow:to_server,established; http.header; content: "Host|3a| verify-metamaskwallet.ddnss.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])verify\-metamaskwallet\.ddnss\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspz.usspaol.top"; dns.query; content:"uspz.usspaol.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspaol\.top$/i"; classtype:trojan-activity; sid:37985991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspz.usspaol.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspaol.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspaol\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37985992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspz.usspaof.top"; dns.query; content:"uspz.usspaof.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspaof\.top$/i"; classtype:trojan-activity; sid:37986031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspz.usspaof.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspaof.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspaof\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspz.uspjj.top"; dns.query; content:"uspz.uspjj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjj\.top$/i"; classtype:trojan-activity; sid:37986071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspz.uspjj.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspjj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspjj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspz.uspiw.top"; dns.query; content:"uspz.uspiw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspiw\.top$/i"; classtype:trojan-activity; sid:37986111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspz.uspiw.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspiw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspiw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspz.uspiw.top"; dns.query; content:"uspz.uspiw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspiw\.top$/i"; classtype:trojan-activity; sid:37986151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspz.uspiw.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspiw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspiw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.yhbdqkalzs.top"; dns.query; content:"usps.yhbdqkalzs.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.yhbdqkalzs\.top$/i"; classtype:trojan-activity; sid:37986191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.yhbdqkalzs.top"; flow:to_server,established; http.header; content: "Host|3a| usps.yhbdqkalzs.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.yhbdqkalzs\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.sekuunivdc.top"; dns.query; content:"usps.sekuunivdc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.sekuunivdc\.top$/i"; classtype:trojan-activity; sid:37986231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.sekuunivdc.top"; flow:to_server,established; http.header; content: "Host|3a| usps.sekuunivdc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.sekuunivdc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.nvdpxzevrw.top"; dns.query; content:"usps.nvdpxzevrw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.nvdpxzevrw\.top$/i"; classtype:trojan-activity; sid:37986271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.nvdpxzevrw.top"; flow:to_server,established; http.header; content: "Host|3a| usps.nvdpxzevrw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.nvdpxzevrw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.lfyocggajr.top"; dns.query; content:"usps.lfyocggajr.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.lfyocggajr\.top$/i"; classtype:trojan-activity; sid:37986311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.lfyocggajr.top"; flow:to_server,established; http.header; content: "Host|3a| usps.lfyocggajr.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.lfyocggajr\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.lnvlcobtno.top"; dns.query; content:"usps.lnvlcobtno.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.lnvlcobtno\.top$/i"; classtype:trojan-activity; sid:37986351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.lnvlcobtno.top"; flow:to_server,established; http.header; content: "Host|3a| usps.lnvlcobtno.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.lnvlcobtno\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.jlfogbgcub.top"; dns.query; content:"usps.jlfogbgcub.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.jlfogbgcub\.top$/i"; classtype:trojan-activity; sid:37986391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.jlfogbgcub.top"; flow:to_server,established; http.header; content: "Host|3a| usps.jlfogbgcub.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.jlfogbgcub\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.hqffrlfyri.top"; dns.query; content:"usps.hqffrlfyri.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.hqffrlfyri\.top$/i"; classtype:trojan-activity; sid:37986431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.hqffrlfyri.top"; flow:to_server,established; http.header; content: "Host|3a| usps.hqffrlfyri.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.hqffrlfyri\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.express.64738923248.310lnc.com"; dns.query; content:"usps.express.64738923248.310lnc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.express\.64738923248\.310lnc\.com$/i"; classtype:trojan-activity; sid:37986471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.express.64738923248.310lnc.com"; flow:to_server,established; http.header; content: "Host|3a| usps.express.64738923248.310lnc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.express\.64738923248\.310lnc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.bzvvbqqynx.top"; dns.query; content:"usps.bzvvbqqynx.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.bzvvbqqynx\.top$/i"; classtype:trojan-activity; sid:37986511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.bzvvbqqynx.top"; flow:to_server,established; http.header; content: "Host|3a| usps.bzvvbqqynx.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.bzvvbqqynx\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname usps.express.64738923248.310lnc.com"; dns.query; content:"usps.express.64738923248.310lnc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.express\.64738923248\.310lnc\.com$/i"; classtype:trojan-activity; sid:37986551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname usps.express.64738923248.310lnc.com"; flow:to_server,established; http.header; content: "Host|3a| usps.express.64738923248.310lnc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.express\.64738923248\.310lnc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspm.usspzv.top"; dns.query; content:"uspm.usspzv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspm\.usspzv\.top$/i"; classtype:trojan-activity; sid:37986591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspm.usspzv.top"; flow:to_server,established; http.header; content: "Host|3a| uspm.usspzv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspm\.usspzv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspm.usspsv.top"; dns.query; content:"uspm.usspsv.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspm\.usspsv\.top$/i"; classtype:trojan-activity; sid:37986631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspm.usspsv.top"; flow:to_server,established; http.header; content: "Host|3a| uspm.usspsv.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspm\.usspsv\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspi.usspnw.top"; dns.query; content:"uspi.usspnw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspi\.usspnw\.top$/i"; classtype:trojan-activity; sid:37986671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspi.usspnw.top"; flow:to_server,established; http.header; content: "Host|3a| uspi.usspnw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspi\.usspnw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspe.ussppb.top"; dns.query; content:"uspe.ussppb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppb\.top$/i"; classtype:trojan-activity; sid:37986711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspe.ussppb.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.ussppb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.ussppb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspe.usspnw.top"; dns.query; content:"uspe.usspnw.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspnw\.top$/i"; classtype:trojan-activity; sid:37986751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspe.usspnw.top"; flow:to_server,established; http.header; content: "Host|3a| uspe.usspnw.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspe\.usspnw\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname uspd.usspaup.top"; dns.query; content:"uspd.usspaup.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspaup\.top$/i"; classtype:trojan-activity; sid:37986791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname uspd.usspaup.top"; flow:to_server,established; http.header; content: "Host|3a| uspd.usspaup.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspd\.usspaup\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urheaxd.com"; dns.query; content:"urheaxd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaxd\.com$/i"; classtype:trojan-activity; sid:37986831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urheaxd.com"; flow:to_server,established; http.header; content: "Host|3a| urheaxd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaxd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname urheama.com"; dns.query; content:"urheama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheama\.com$/i"; classtype:trojan-activity; sid:37986871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname urheama.com"; flow:to_server,established; http.header; content: "Host|3a| urheama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname swissipasstonline.web.app"; dns.query; content:"swissipasstonline.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swissipasstonline\.web\.app$/i"; classtype:trojan-activity; sid:37986911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname swissipasstonline.web.app"; flow:to_server,established; http.header; content: "Host|3a| swissipasstonline.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swissipasstonline\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname swissipasstonline.firebaseapp.com"; dns.query; content:"swissipasstonline.firebaseapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swissipasstonline\.firebaseapp\.com$/i"; classtype:trojan-activity; sid:37986951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname swissipasstonline.firebaseapp.com"; flow:to_server,established; http.header; content: "Host|3a| swissipasstonline.firebaseapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])swissipasstonline\.firebaseapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname snprentalstampa.com"; dns.query; content:"snprentalstampa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snprentalstampa\.com$/i"; classtype:trojan-activity; sid:37986991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname snprentalstampa.com"; flow:to_server,established; http.header; content: "Host|3a| snprentalstampa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])snprentalstampa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37986992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname serviswissspasss.web.app"; dns.query; content:"serviswissspasss.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])serviswissspasss\.web\.app$/i"; classtype:trojan-activity; sid:37987031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname serviswissspasss.web.app"; flow:to_server,established; http.header; content: "Host|3a| serviswissspasss.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])serviswissspasss\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname serviswissspasss.firebaseapp.com"; dns.query; content:"serviswissspasss.firebaseapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])serviswissspasss\.firebaseapp\.com$/i"; classtype:trojan-activity; sid:37987071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname serviswissspasss.firebaseapp.com"; flow:to_server,established; http.header; content: "Host|3a| serviswissspasss.firebaseapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])serviswissspasss\.firebaseapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname radiosatelit.ro"; dns.query; content:"radiosatelit.ro"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])radiosatelit\.ro$/i"; classtype:trojan-activity; sid:37987111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname radiosatelit.ro"; flow:to_server,established; http.header; content: "Host|3a| radiosatelit.ro"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])radiosatelit\.ro[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname pub-b8e155282af0441db198b500a4d2ff90.r2.dev"; dns.query; content:"pub-b8e155282af0441db198b500a4d2ff90.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b8e155282af0441db198b500a4d2ff90\.r2\.dev$/i"; classtype:trojan-activity; sid:37987151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname pub-b8e155282af0441db198b500a4d2ff90.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-b8e155282af0441db198b500a4d2ff90.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-b8e155282af0441db198b500a4d2ff90\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname priotizeupdatennetmailsendnow.weebly.com"; dns.query; content:"priotizeupdatennetmailsendnow.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])priotizeupdatennetmailsendnow\.weebly\.com$/i"; classtype:trojan-activity; sid:37987191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname priotizeupdatennetmailsendnow.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| priotizeupdatennetmailsendnow.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])priotizeupdatennetmailsendnow\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname oki4.info"; dns.query; content:"oki4.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oki4\.info$/i"; classtype:trojan-activity; sid:37987231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname oki4.info"; flow:to_server,established; http.header; content: "Host|3a| oki4.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])oki4\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname od.668810.xyz"; dns.query; content:"od.668810.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])od\.668810\.xyz$/i"; classtype:trojan-activity; sid:37987271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname od.668810.xyz"; flow:to_server,established; http.header; content: "Host|3a| od.668810.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])od\.668810\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname nnananszksmspkqpspaijwjsjejejjejejej.ttrbru.eu.org"; dns.query; content:"nnananszksmspkqpspaijwjsjejejjejejej.ttrbru.eu.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nnananszksmspkqpspaijwjsjejejjejejej\.ttrbru\.eu\.org$/i"; classtype:trojan-activity; sid:37987311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname nnananszksmspkqpspaijwjsjejejjejejej.ttrbru.eu.org"; flow:to_server,established; http.header; content: "Host|3a| nnananszksmspkqpspaijwjsjejejjejejej.ttrbru.eu.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nnananszksmspkqpspaijwjsjejejjejejej\.ttrbru\.eu\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname nidhi500.github.io"; dns.query; content:"nidhi500.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nidhi500\.github\.io$/i"; classtype:trojan-activity; sid:37987351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname nidhi500.github.io"; flow:to_server,established; http.header; content: "Host|3a| nidhi500.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nidhi500\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname multipackaging.in"; dns.query; content:"multipackaging.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])multipackaging\.in$/i"; classtype:trojan-activity; sid:37987391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname multipackaging.in"; flow:to_server,established; http.header; content: "Host|3a| multipackaging.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])multipackaging\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname mjyehdsvdgh.weebly.com"; dns.query; content:"mjyehdsvdgh.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mjyehdsvdgh\.weebly\.com$/i"; classtype:trojan-activity; sid:37987431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname mjyehdsvdgh.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| mjyehdsvdgh.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mjyehdsvdgh\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname metamaaskwalet.webflow.io"; dns.query; content:"metamaaskwalet.webflow.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamaaskwalet\.webflow\.io$/i"; classtype:trojan-activity; sid:37987471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname metamaaskwalet.webflow.io"; flow:to_server,established; http.header; content: "Host|3a| metamaaskwalet.webflow.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])metamaaskwalet\.webflow\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname mango-nickel-balmoral.glitch.me"; dns.query; content:"mango-nickel-balmoral.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mango\-nickel\-balmoral\.glitch\.me$/i"; classtype:trojan-activity; sid:37987511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname mango-nickel-balmoral.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| mango-nickel-balmoral.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mango\-nickel\-balmoral\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname mainnetsynchronizer.pages.dev"; dns.query; content:"mainnetsynchronizer.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mainnetsynchronizer\.pages\.dev$/i"; classtype:trojan-activity; sid:37987551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname mainnetsynchronizer.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| mainnetsynchronizer.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mainnetsynchronizer\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname mail.159-65-38-201.cprapid.com"; dns.query; content:"mail.159-65-38-201.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.159\-65\-38\-201\.cprapid\.com$/i"; classtype:trojan-activity; sid:37987591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname mail.159-65-38-201.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a| mail.159-65-38-201.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.159\-65\-38\-201\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname lucah-malaysia64.vvip1.my.id"; dns.query; content:"lucah-malaysia64.vvip1.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucah\-malaysia64\.vvip1\.my\.id$/i"; classtype:trojan-activity; sid:37987631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname lucah-malaysia64.vvip1.my.id"; flow:to_server,established; http.header; content: "Host|3a| lucah-malaysia64.vvip1.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucah\-malaysia64\.vvip1\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname like-past-curiosity.glitch.me"; dns.query; content:"like-past-curiosity.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])like\-past\-curiosity\.glitch\.me$/i"; classtype:trojan-activity; sid:37987671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname like-past-curiosity.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| like-past-curiosity.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])like\-past\-curiosity\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname kiranv1410.github.io"; dns.query; content:"kiranv1410.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kiranv1410\.github\.io$/i"; classtype:trojan-activity; sid:37987711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname kiranv1410.github.io"; flow:to_server,established; http.header; content: "Host|3a| kiranv1410.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kiranv1410\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname imtokenwallet.mom"; dns.query; content:"imtokenwallet.mom"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenwallet\.mom$/i"; classtype:trojan-activity; sid:37987751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname imtokenwallet.mom"; flow:to_server,established; http.header; content: "Host|3a| imtokenwallet.mom"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokenwallet\.mom[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hgx.net-x.xyz"; dns.query; content:"hgx.net-x.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hgx\.net\-x\.xyz$/i"; classtype:trojan-activity; sid:37987791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hgx.net-x.xyz"; flow:to_server,established; http.header; content: "Host|3a| hgx.net-x.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hgx\.net\-x\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname help-center-324235.io.vn"; dns.query; content:"help-center-324235.io.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])help\-center\-324235\.io\.vn$/i"; classtype:trojan-activity; sid:37987831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname help-center-324235.io.vn"; flow:to_server,established; http.header; content: "Host|3a| help-center-324235.io.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])help\-center\-324235\.io\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname helloeservicemypass.web.app"; dns.query; content:"helloeservicemypass.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helloeservicemypass\.web\.app$/i"; classtype:trojan-activity; sid:37987871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname helloeservicemypass.web.app"; flow:to_server,established; http.header; content: "Host|3a| helloeservicemypass.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helloeservicemypass\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname helloeservicemypass.firebaseapp.com"; dns.query; content:"helloeservicemypass.firebaseapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helloeservicemypass\.firebaseapp\.com$/i"; classtype:trojan-activity; sid:37987911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname helloeservicemypass.firebaseapp.com"; flow:to_server,established; http.header; content: "Host|3a| helloeservicemypass.firebaseapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])helloeservicemypass\.firebaseapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname gbchomebuilders.com"; dns.query; content:"gbchomebuilders.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gbchomebuilders\.com$/i"; classtype:trojan-activity; sid:37987951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname gbchomebuilders.com"; flow:to_server,established; http.header; content: "Host|3a| gbchomebuilders.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gbchomebuilders\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname flexi-motohandel.com.pl"; dns.query; content:"flexi-motohandel.com.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flexi\-motohandel\.com\.pl$/i"; classtype:trojan-activity; sid:37987991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname flexi-motohandel.com.pl"; flow:to_server,established; http.header; content: "Host|3a| flexi-motohandel.com.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])flexi\-motohandel\.com\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37987992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ff.nhanqua-mienphi.com"; dns.query; content:"ff.nhanqua-mienphi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.nhanqua\-mienphi\.com$/i"; classtype:trojan-activity; sid:37988031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ff.nhanqua-mienphi.com"; flow:to_server,established; http.header; content: "Host|3a| ff.nhanqua-mienphi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ff\.nhanqua\-mienphi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname enyvdgfjglh.weebly.com"; dns.query; content:"enyvdgfjglh.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])enyvdgfjglh\.weebly\.com$/i"; classtype:trojan-activity; sid:37988071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname enyvdgfjglh.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| enyvdgfjglh.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])enyvdgfjglh\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ct98317.tw1.ru"; dns.query; content:"ct98317.tw1.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ct98317\.tw1\.ru$/i"; classtype:trojan-activity; sid:37988111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ct98317.tw1.ru"; flow:to_server,established; http.header; content: "Host|3a| ct98317.tw1.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ct98317\.tw1\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname cloudreve-onedrive-proxy.kishore.workers.dev"; dns.query; content:"cloudreve-onedrive-proxy.kishore.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloudreve\-onedrive\-proxy\.kishore\.workers\.dev$/i"; classtype:trojan-activity; sid:37988151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname cloudreve-onedrive-proxy.kishore.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cloudreve-onedrive-proxy.kishore.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloudreve\-onedrive\-proxy\.kishore\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname beritacpnsdanpppk2024new.iform5.my.id"; dns.query; content:"beritacpnsdanpppk2024new.iform5.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beritacpnsdanpppk2024new\.iform5\.my\.id$/i"; classtype:trojan-activity; sid:37988191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname beritacpnsdanpppk2024new.iform5.my.id"; flow:to_server,established; http.header; content: "Host|3a| beritacpnsdanpppk2024new.iform5.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])beritacpnsdanpppk2024new\.iform5\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname bbcusswistes.web.app"; dns.query; content:"bbcusswistes.web.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bbcusswistes\.web\.app$/i"; classtype:trojan-activity; sid:37988231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname bbcusswistes.web.app"; flow:to_server,established; http.header; content: "Host|3a| bbcusswistes.web.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bbcusswistes\.web\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname bbcusswistes.firebaseapp.com"; dns.query; content:"bbcusswistes.firebaseapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bbcusswistes\.firebaseapp\.com$/i"; classtype:trojan-activity; sid:37988271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname bbcusswistes.firebaseapp.com"; flow:to_server,established; http.header; content: "Host|3a| bbcusswistes.firebaseapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bbcusswistes\.firebaseapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname autko-prestige.com.pl"; dns.query; content:"autko-prestige.com.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autko\-prestige\.com\.pl$/i"; classtype:trojan-activity; sid:37988311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname autko-prestige.com.pl"; flow:to_server,established; http.header; content: "Host|3a| autko-prestige.com.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autko\-prestige\.com\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname att-mail-103794.weeblysite.com"; dns.query; content:"att-mail-103794.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-mail\-103794\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37988351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname att-mail-103794.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-mail-103794.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-mail\-103794\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname attblt.weebly.com"; dns.query; content:"attblt.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attblt\.weebly\.com$/i"; classtype:trojan-activity; sid:37988391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname attblt.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| attblt.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])attblt\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname att-109582-103277.weeblysite.com"; dns.query; content:"att-109582-103277.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-109582\-103277\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37988431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname att-109582-103277.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-109582-103277.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-109582\-103277\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname att-105664.weeblysite.com"; dns.query; content:"att-105664.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-105664\.weeblysite\.com$/i"; classtype:trojan-activity; sid:37988471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname att-105664.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| att-105664.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-105664\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname apsverficaationpgase.ydns.eu"; dns.query; content:"apsverficaationpgase.ydns.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apsverficaationpgase\.ydns\.eu$/i"; classtype:trojan-activity; sid:37988511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname apsverficaationpgase.ydns.eu"; flow:to_server,established; http.header; content: "Host|3a| apsverficaationpgase.ydns.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])apsverficaationpgase\.ydns\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname aquatic-lowly-firefly.glitch.me"; dns.query; content:"aquatic-lowly-firefly.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aquatic\-lowly\-firefly\.glitch\.me$/i"; classtype:trojan-activity; sid:37988551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname aquatic-lowly-firefly.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| aquatic-lowly-firefly.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aquatic\-lowly\-firefly\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname dxghsrthsr2.pages.dev"; dns.query; content:"dxghsrthsr2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dxghsrthsr2\.pages\.dev$/i"; classtype:trojan-activity; sid:37988591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname dxghsrthsr2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dxghsrthsr2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dxghsrthsr2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//dxghsrthsr2.pages.dev"; flow:to_server,established; http.header; content:"dxghsrthsr2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37988601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname aiwebbyvotettytryr6.pages.dev"; dns.query; content:"aiwebbyvotettytryr6.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aiwebbyvotettytryr6\.pages\.dev$/i"; classtype:trojan-activity; sid:37988631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname aiwebbyvotettytryr6.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| aiwebbyvotettytryr6.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])aiwebbyvotettytryr6\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname adsmanage.nuxitop.top"; dns.query; content:"adsmanage.nuxitop.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsmanage\.nuxitop\.top$/i"; classtype:trojan-activity; sid:37988671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname adsmanage.nuxitop.top"; flow:to_server,established; http.header; content: "Host|3a| adsmanage.nuxitop.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adsmanage\.nuxitop\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ac-autosprzedaz.com.pl"; dns.query; content:"ac-autosprzedaz.com.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ac\-autosprzedaz\.com\.pl$/i"; classtype:trojan-activity; sid:37988711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ac-autosprzedaz.com.pl"; flow:to_server,established; http.header; content: "Host|3a| ac-autosprzedaz.com.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ac\-autosprzedaz\.com\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ijeug.godp4y.com"; dns.query; content:"ijeug.godp4y.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ijeug\.godp4y\.com$/i"; classtype:trojan-activity; sid:37988751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ijeug.godp4y.com"; flow:to_server,established; http.header; content: "Host|3a| ijeug.godp4y.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ijeug\.godp4y\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//ijeug.godp4y.com"; flow:to_server,established; http.header; content:"ijeug.godp4y.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37988761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname rcvvry-accnt-scrty7842ib.duckdns.org"; dns.query; content:"rcvvry-accnt-scrty7842ib.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcvvry\-accnt\-scrty7842ib\.duckdns\.org$/i"; classtype:trojan-activity; sid:37988791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname rcvvry-accnt-scrty7842ib.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a| rcvvry-accnt-scrty7842ib.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcvvry\-accnt\-scrty7842ib\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//rcvvry-accnt-scrty7842ib.duckdns.org"; flow:to_server,established; http.header; content:"rcvvry-accnt-scrty7842ib.duckdns.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37988801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname rcvvry-accnt-scrty4597pj.duckdns.org"; dns.query; content:"rcvvry-accnt-scrty4597pj.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcvvry\-accnt\-scrty4597pj\.duckdns\.org$/i"; classtype:trojan-activity; sid:37988831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname rcvvry-accnt-scrty4597pj.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a| rcvvry-accnt-scrty4597pj.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rcvvry\-accnt\-scrty4597pj\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//rcvvry-accnt-scrty4597pj.duckdns.org/?/pages-reviews/&fbclid=IwAR3qWoypGOg2u8Ky5_q8yf0C4BdAfoRMdG5-IB1WiIbUNyicKzI5mS-32FI&/service-center-.404-2024"; flow:to_server,established; http.header; content:"rcvvry-accnt-scrty4597pj.duckdns.org"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37988841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname discokit.net"; dns.query; content:"discokit.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])discokit\.net$/i"; classtype:trojan-activity; sid:37988871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname discokit.net"; flow:to_server,established; http.header; content: "Host|3a| discokit.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])discokit\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//discokit.net/index.php"; flow:to_server,established; http.header; content:"discokit.net"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37988881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 3656r.net"; dns.query; content:"3656r.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656r\.net$/i"; classtype:trojan-activity; sid:37988911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 3656r.net"; flow:to_server,established; http.header; content: "Host|3a| 3656r.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])3656r\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//3656r.net/mobile-client/index/index.html"; flow:to_server,established; http.header; content:"3656r.net"; fast_pattern; nocase; http.uri; content:"/mobile-client/index/index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37988921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname teiegarm.bond"; dns.query; content:"teiegarm.bond"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegarm\.bond$/i"; classtype:trojan-activity; sid:37988951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname teiegarm.bond"; flow:to_server,established; http.header; content: "Host|3a| teiegarm.bond"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegarm\.bond[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname pumbly-dad.com"; dns.query; content:"pumbly-dad.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pumbly\-dad\.com$/i"; classtype:trojan-activity; sid:37988991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname pumbly-dad.com"; flow:to_server,established; http.header; content: "Host|3a| pumbly-dad.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pumbly\-dad\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37988992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//www.pumbly-dad.com/"; flow:to_server,established; http.header; content:"www.pumbly-dad.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname pumbly-dad.com"; dns.query; content:"pumbly-dad.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pumbly\-dad\.com$/i"; classtype:trojan-activity; sid:37989031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname pumbly-dad.com"; flow:to_server,established; http.header; content: "Host|3a| pumbly-dad.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pumbly\-dad\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//pumbly-dad.com/"; flow:to_server,established; http.header; content:"pumbly-dad.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname abtecci.cl"; dns.query; content:"abtecci.cl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])abtecci\.cl$/i"; classtype:trojan-activity; sid:37989071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname abtecci.cl"; flow:to_server,established; http.header; content: "Host|3a| abtecci.cl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])abtecci\.cl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//abtecci.cl/rap/st/a"; flow:to_server,established; http.header; content:"abtecci.cl"; fast_pattern; nocase; http.uri; content:"/rap/st/a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname yergafumilegidangasaprefucehutevas1.pages.dev"; dns.query; content:"yergafumilegidangasaprefucehutevas1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yergafumilegidangasaprefucehutevas1\.pages\.dev$/i"; classtype:trojan-activity; sid:37989111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname yergafumilegidangasaprefucehutevas1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yergafumilegidangasaprefucehutevas1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yergafumilegidangasaprefucehutevas1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//yergafumilegidangasaprefucehutevas1.pages.dev"; flow:to_server,established; http.header; content:"yergafumilegidangasaprefucehutevas1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname gndhhdgf2.pages.dev"; dns.query; content:"gndhhdgf2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gndhhdgf2\.pages\.dev$/i"; classtype:trojan-activity; sid:37989151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname gndhhdgf2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gndhhdgf2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gndhhdgf2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//gndhhdgf2.pages.dev"; flow:to_server,established; http.header; content:"gndhhdgf2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ahinmakdhaewa02.pages.dev"; dns.query; content:"ahinmakdhaewa02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ahinmakdhaewa02\.pages\.dev$/i"; classtype:trojan-activity; sid:37989191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ahinmakdhaewa02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ahinmakdhaewa02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ahinmakdhaewa02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//ahinmakdhaewa02.pages.dev"; flow:to_server,established; http.header; content:"ahinmakdhaewa02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname bvfwgefw2.pages.dev"; dns.query; content:"bvfwgefw2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bvfwgefw2\.pages\.dev$/i"; classtype:trojan-activity; sid:37989231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname bvfwgefw2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bvfwgefw2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bvfwgefw2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//bvfwgefw2.pages.dev"; flow:to_server,established; http.header; content:"bvfwgefw2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname h0egwujayomasaremyceue02.pages.dev"; dns.query; content:"h0egwujayomasaremyceue02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h0egwujayomasaremyceue02\.pages\.dev$/i"; classtype:trojan-activity; sid:37989271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname h0egwujayomasaremyceue02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| h0egwujayomasaremyceue02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h0egwujayomasaremyceue02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//h0egwujayomasaremyceue02.pages.dev"; flow:to_server,established; http.header; content:"h0egwujayomasaremyceue02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 4.u.dj777.top"; dns.query; content:"4.u.dj777.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])4\.u\.dj777\.top$/i"; classtype:trojan-activity; sid:37989311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 4.u.dj777.top"; flow:to_server,established; http.header; content: "Host|3a| 4.u.dj777.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])4\.u\.dj777\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//4.u.dj777.top"; flow:to_server,established; http.header; content:"4.u.dj777.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname wet-97y.pages.dev"; dns.query; content:"wet-97y.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wet\-97y\.pages\.dev$/i"; classtype:trojan-activity; sid:37989351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname wet-97y.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| wet-97y.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wet\-97y\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//wet-97y.pages.dev"; flow:to_server,established; http.header; content:"wet-97y.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname h0egwujayomasaremyceue04.pages.dev"; dns.query; content:"h0egwujayomasaremyceue04.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h0egwujayomasaremyceue04\.pages\.dev$/i"; classtype:trojan-activity; sid:37989391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname h0egwujayomasaremyceue04.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| h0egwujayomasaremyceue04.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h0egwujayomasaremyceue04\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//h0egwujayomasaremyceue04.pages.dev"; flow:to_server,established; http.header; content:"h0egwujayomasaremyceue04.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert ip 93.123.62.38 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 93.123.62.38"; classtype:trojan-activity; sid:37976471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 81.70.219.136 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.219.136"; classtype:trojan-activity; sid:37976481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 81.213.27.60 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.213.27.60"; classtype:trojan-activity; sid:37976491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 81.213.29.204 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.213.29.204"; classtype:trojan-activity; sid:37976501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 78.96.92.174 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.96.92.174"; classtype:trojan-activity; sid:37976511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 81.213.26.136 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.213.26.136"; classtype:trojan-activity; sid:37976521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 59.98.28.12 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.98.28.12"; classtype:trojan-activity; sid:37976531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 68.98.1.121 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.98.1.121"; classtype:trojan-activity; sid:37976541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 59.26.123.218 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.26.123.218"; classtype:trojan-activity; sid:37976551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 59.98.176.142 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.98.176.142"; classtype:trojan-activity; sid:37976561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 58.52.106.116 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.52.106.116"; classtype:trojan-activity; sid:37976571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 59.1.47.130 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.1.47.130"; classtype:trojan-activity; sid:37976581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 47.106.218.87 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.106.218.87"; classtype:trojan-activity; sid:37976591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 49.86.37.86 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.86.37.86"; classtype:trojan-activity; sid:37976601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 45.175.250.43 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.175.250.43"; classtype:trojan-activity; sid:37976611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 46.185.71.197 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 46.185.71.197"; classtype:trojan-activity; sid:37976621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 39.40.132.228 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.40.132.228"; classtype:trojan-activity; sid:37976631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 45.128.232.196 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.128.232.196"; classtype:trojan-activity; sid:37976641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 36.48.140.74 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.48.140.74"; classtype:trojan-activity; sid:37976651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 27.21.171.111 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.21.171.111"; classtype:trojan-activity; sid:37976661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 27.156.249.62 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.156.249.62"; classtype:trojan-activity; sid:37976671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 222.142.243.23 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.142.243.23"; classtype:trojan-activity; sid:37976681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 223.10.53.95 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.10.53.95"; classtype:trojan-activity; sid:37976691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 221.232.31.197 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.232.31.197"; classtype:trojan-activity; sid:37976701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 221.232.194.62 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.232.194.62"; classtype:trojan-activity; sid:37976711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 216.154.17.116 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.154.17.116"; classtype:trojan-activity; sid:37976721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 219.107.11.115 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.107.11.115"; classtype:trojan-activity; sid:37976731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 211.54.200.93 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.54.200.93"; classtype:trojan-activity; sid:37976741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 209.105.140.242 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 209.105.140.242"; classtype:trojan-activity; sid:37976751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 202.98.75.15 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.98.75.15"; classtype:trojan-activity; sid:37976761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 203.223.51.162 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.223.51.162"; classtype:trojan-activity; sid:37976771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 2.187.209.25 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.187.209.25"; classtype:trojan-activity; sid:37976781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 193.124.205.45 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.124.205.45"; classtype:trojan-activity; sid:37976791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 186.251.55.196 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.251.55.196"; classtype:trojan-activity; sid:37976801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 190.109.227.164 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.109.227.164"; classtype:trojan-activity; sid:37976811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 180.137.21.145 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.137.21.145"; classtype:trojan-activity; sid:37976821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 181.97.222.126 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.97.222.126"; classtype:trojan-activity; sid:37976831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 177.23.229.21 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.23.229.21"; classtype:trojan-activity; sid:37976841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 178.74.109.86 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.74.109.86"; classtype:trojan-activity; sid:37976851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 162.191.236.96 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.191.236.96"; classtype:trojan-activity; sid:37976861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 175.11.188.119 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.188.119"; classtype:trojan-activity; sid:37976871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27616 [] Outgoing URL http|3a|//omnei-va.top/rk"; flow:to_server,established; http.header; content:"omnei-va.top"; fast_pattern; nocase; http.uri; content:"/rk"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27616;) alert ip 124.153.133.117 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.153.133.117"; classtype:trojan-activity; sid:37976881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert dns any any -> any any (msg: "MISP e27616 [] Domain omnei-va.top"; dns.query; content:"omnei-va.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])omnei\-va\.top$/i"; classtype:trojan-activity; sid:37977471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27616;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27616 [] Outgoing HTTP Domain omnei-va.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"omnei-va.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])omnei\-va\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27616;) alert ip 14.46.194.145 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.46.194.145"; classtype:trojan-activity; sid:37976891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 122.222.121.49 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.222.121.49"; classtype:trojan-activity; sid:37976901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 122.96.50.118 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.96.50.118"; classtype:trojan-activity; sid:37976911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 116.55.78.246 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.55.78.246"; classtype:trojan-activity; sid:37976921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 121.154.61.79 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.154.61.79"; classtype:trojan-activity; sid:37976931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 117.214.78.182 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.214.78.182"; classtype:trojan-activity; sid:37976941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 118.91.54.34 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.91.54.34"; classtype:trojan-activity; sid:37976951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 115.96.157.222 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.96.157.222"; classtype:trojan-activity; sid:37976961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 103.39.126.74 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.39.126.74"; classtype:trojan-activity; sid:37976971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 1.206.205.166 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.206.205.166"; classtype:trojan-activity; sid:37976981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 110.159.7.112 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.159.7.112"; classtype:trojan-activity; sid:37976991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 43.159.40.34 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.40.34"; classtype:trojan-activity; sid:37975391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 81.70.55.204 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.55.204"; classtype:trojan-activity; sid:37975401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 39.129.9.180 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.129.9.180"; classtype:trojan-activity; sid:37975411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 216.126.108.102 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 216.126.108.102"; classtype:trojan-activity; sid:37975421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 162.14.106.145 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.14.106.145"; classtype:trojan-activity; sid:37975431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 164.90.233.55 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.90.233.55"; classtype:trojan-activity; sid:37975441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 138.68.143.68 any -> $HOME_NET any (msg: "MISP e27601 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.68.143.68"; classtype:trojan-activity; sid:37968701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27601;) alert ip 103.231.248.225 any -> $HOME_NET any (msg: "MISP e27601 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.231.248.225"; classtype:trojan-activity; sid:37968711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27601;) alert ip 139.59.23.204 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.23.204"; classtype:trojan-activity; sid:37975451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 1.15.122.64 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.15.122.64"; classtype:trojan-activity; sid:37975461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 198.235.24.243 any -> $HOME_NET any (msg: "MISP e27607 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.243"; classtype:trojan-activity; sid:37969421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27607;) alert ip 27.71.25.157 any -> $HOME_NET any (msg: "MISP e27601 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.71.25.157"; classtype:trojan-activity; sid:37968721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27601;) alert ip 103.180.134.151 any -> $HOME_NET any (msg: "MISP e27601 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.180.134.151"; classtype:trojan-activity; sid:37968731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27601;) alert ip 112.173.170.12 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.173.170.12"; classtype:trojan-activity; sid:37977001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 112.113.132.140 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.113.132.140"; classtype:trojan-activity; sid:37977011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 172.81.62.245 any -> $HOME_NET any (msg: "MISP e27599 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.81.62.245"; classtype:trojan-activity; sid:37968441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27599;) alert ip 117.210.169.232 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.210.169.232"; classtype:trojan-activity; sid:37977021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 59.110.171.86 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.110.171.86"; classtype:trojan-activity; sid:37975471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 107.170.253.38 any -> $HOME_NET any (msg: "MISP e27607 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.253.38"; classtype:trojan-activity; sid:37969431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27607;) alert ip 101.108.101.130 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.108.101.130"; classtype:trojan-activity; sid:37977031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 42.192.108.39 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.192.108.39"; classtype:trojan-activity; sid:37975481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 119.26.161.86 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.26.161.86"; classtype:trojan-activity; sid:37977041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 110.181.110.5 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.181.110.5"; classtype:trojan-activity; sid:37977051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 117.242.47.184 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.242.47.184"; classtype:trojan-activity; sid:37977061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 219.134.180.30 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.134.180.30"; classtype:trojan-activity; sid:37975491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 116.54.109.203 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.54.109.203"; classtype:trojan-activity; sid:37977071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 162.243.142.59 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.142.59"; classtype:trojan-activity; sid:37975501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 109.149.202.226 any -> $HOME_NET any (msg: "MISP e27612 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.149.202.226"; classtype:trojan-activity; sid:37977081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27612;) alert ip 198.235.24.32 any -> $HOME_NET any (msg: "MISP e27601 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.32"; classtype:trojan-activity; sid:37968741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27601;) alert ip 159.89.47.106 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.47.106"; classtype:trojan-activity; sid:37975511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 185.233.19.209 any -> $HOME_NET any (msg: "MISP e27601 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.233.19.209"; classtype:trojan-activity; sid:37968751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27601;) alert ip 103.39.124.45 any -> $HOME_NET any (msg: "MISP e27601 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.39.124.45"; classtype:trojan-activity; sid:37968761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27601;) alert ip 35.200.157.232 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 35.200.157.232"; classtype:trojan-activity; sid:37975521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 89.208.107.86 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.208.107.86"; classtype:trojan-activity; sid:37975531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.254.1.83 any -> $HOME_NET any (msg: "MISP e27599 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.254.1.83"; classtype:trojan-activity; sid:37968451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27599;) alert ip 116.113.17.210 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.113.17.210"; classtype:trojan-activity; sid:37975541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 34.66.72.251 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 34.66.72.251"; classtype:trojan-activity; sid:37975551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.186.149.177 any -> $HOME_NET any (msg: "MISP e27601 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.186.149.177"; classtype:trojan-activity; sid:37968771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27601;) alert ip 20.121.123.172 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.121.123.172"; classtype:trojan-activity; sid:37975561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 176.115.140.225 any -> $HOME_NET any (msg: "MISP e27599 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.115.140.225"; classtype:trojan-activity; sid:37968461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27599;) alert ip 198.199.92.122 any -> $HOME_NET any (msg: "MISP e27607 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.92.122"; classtype:trojan-activity; sid:37969441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27607;) alert dns any any -> any any (msg: "MISP e27603 [] Hostname clickuzbank.site"; dns.query; content:"clickuzbank.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clickuzbank\.site$/i"; classtype:trojan-activity; sid:37969041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27603;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27603 [] Outgoing HTTP Hostname clickuzbank.site"; flow:to_server,established; http.header; content: "Host|3a| clickuzbank.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clickuzbank\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37969042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27603;) alert dns any any -> any any (msg: "MISP e27620 [] Hostname sorche.sbs"; dns.query; content:"sorche.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sorche\.sbs$/i"; classtype:trojan-activity; sid:37991001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27620;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27620 [] Outgoing HTTP Hostname sorche.sbs"; flow:to_server,established; http.header; content: "Host|3a| sorche.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sorche\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37991002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27620;) alert http $HOME_NET any -> 85.14.74.241 34524 (msg: "MISP e27598 [] Outgoing URL http|3a|//85.14.74.241|3a|34524/Mozi.m"; flow:to_server,established; http.header; content:"85.14.74.241"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 85.14.74.241 34524 (msg: "MISP e27598 [] Outgoing URL http|3a|//85.14.74.241|3a|34524/"; flow:to_server,established; http.header; content:"85.14.74.241"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.235.157.90 46015 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.235.157.90|3a|46015/Mozi.m"; flow:to_server,established; http.header; content:"42.235.157.90"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.227.207.11 57464 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.227.207.11|3a|57464/bin.sh"; flow:to_server,established; http.header; content:"42.227.207.11"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.224.212.5 52681 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.224.212.5|3a|52681/"; flow:to_server,established; http.header; content:"42.224.212.5"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 222.246.114.67 54169 (msg: "MISP e27598 [] Outgoing URL http|3a|//222.246.114.67|3a|54169/bin.sh"; flow:to_server,established; http.header; content:"222.246.114.67"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.122.215.234 57446 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.122.215.234|3a|57446/bin.sh"; flow:to_server,established; http.header; content:"182.122.215.234"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.122.215.234 57446 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.122.215.234|3a|57446/"; flow:to_server,established; http.header; content:"182.122.215.234"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.116.93.216 53170 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.116.93.216|3a|53170/"; flow:to_server,established; http.header; content:"182.116.93.216"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.114.196.191 35781 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.114.196.191|3a|35781/"; flow:to_server,established; http.header; content:"182.114.196.191"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 175.162.51.246 54600 (msg: "MISP e27598 [] Outgoing URL http|3a|//175.162.51.246|3a|54600/Mozi.m"; flow:to_server,established; http.header; content:"175.162.51.246"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 125.45.71.128 58459 (msg: "MISP e27598 [] Outgoing URL http|3a|//125.45.71.128|3a|58459/bin.sh"; flow:to_server,established; http.header; content:"125.45.71.128"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 125.45.71.128 58459 (msg: "MISP e27598 [] Outgoing URL http|3a|//125.45.71.128|3a|58459/"; flow:to_server,established; http.header; content:"125.45.71.128"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 125.44.215.47 39144 (msg: "MISP e27598 [] Outgoing URL http|3a|//125.44.215.47|3a|39144/Mozi.m"; flow:to_server,established; http.header; content:"125.44.215.47"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 125.43.59.7 42279 (msg: "MISP e27598 [] Outgoing URL http|3a|//125.43.59.7|3a|42279/Mozi.m"; flow:to_server,established; http.header; content:"125.43.59.7"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 123.8.79.130 48745 (msg: "MISP e27598 [] Outgoing URL http|3a|//123.8.79.130|3a|48745/i"; flow:to_server,established; http.header; content:"123.8.79.130"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 119.187.236.75 50833 (msg: "MISP e27598 [] Outgoing URL http|3a|//119.187.236.75|3a|50833/Mozi.m"; flow:to_server,established; http.header; content:"119.187.236.75"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 118.173.89.202 49919 (msg: "MISP e27598 [] Outgoing URL http|3a|//118.173.89.202|3a|49919/Mozi.m"; flow:to_server,established; http.header; content:"118.173.89.202"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.211.209.144 37228 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.211.209.144|3a|37228/Mozi.m"; flow:to_server,established; http.header; content:"117.211.209.144"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.194.173.103 54973 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.194.173.103|3a|54973/Mozi.m"; flow:to_server,established; http.header; content:"117.194.173.103"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 1.70.135.150 44089 (msg: "MISP e27598 [] Outgoing URL http|3a|//1.70.135.150|3a|44089/bin.sh"; flow:to_server,established; http.header; content:"1.70.135.150"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 1.70.128.163 36546 (msg: "MISP e27598 [] Outgoing URL http|3a|//1.70.128.163|3a|36546/bin.sh"; flow:to_server,established; http.header; content:"1.70.128.163"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 89.200.227.78 53176 (msg: "MISP e27598 [] Outgoing URL http|3a|//89.200.227.78|3a|53176/Mozi.m"; flow:to_server,established; http.header; content:"89.200.227.78"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 61.52.40.27 56368 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.52.40.27|3a|56368/i"; flow:to_server,established; http.header; content:"61.52.40.27"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 61.52.40.27 56368 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.52.40.27|3a|56368/bin.sh"; flow:to_server,established; http.header; content:"61.52.40.27"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 59.89.203.156 53379 (msg: "MISP e27598 [] Outgoing URL http|3a|//59.89.203.156|3a|53379/Mozi.m"; flow:to_server,established; http.header; content:"59.89.203.156"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.231.67.88 41250 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.231.67.88|3a|41250/i"; flow:to_server,established; http.header; content:"42.231.67.88"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 39.90.145.243 39020 (msg: "MISP e27598 [] Outgoing URL http|3a|//39.90.145.243|3a|39020/Mozi.m"; flow:to_server,established; http.header; content:"39.90.145.243"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 27.215.82.136 43748 (msg: "MISP e27598 [] Outgoing URL http|3a|//27.215.82.136|3a|43748/Mozi.m"; flow:to_server,established; http.header; content:"27.215.82.136"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 27.215.82.136 43748 (msg: "MISP e27598 [] Outgoing URL http|3a|//27.215.82.136|3a|43748/bin.sh"; flow:to_server,established; http.header; content:"27.215.82.136"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 27.157.144.34 52534 (msg: "MISP e27598 [] Outgoing URL http|3a|//27.157.144.34|3a|52534/Mozi.m"; flow:to_server,established; http.header; content:"27.157.144.34"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 221.13.234.45 43142 (msg: "MISP e27598 [] Outgoing URL http|3a|//221.13.234.45|3a|43142/"; flow:to_server,established; http.header; content:"221.13.234.45"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.124.51.145 51715 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.124.51.145|3a|51715/Mozi.m"; flow:to_server,established; http.header; content:"182.124.51.145"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.121.54.87 52780 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.121.54.87|3a|52780/Mozi.m"; flow:to_server,established; http.header; content:"182.121.54.87"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 125.44.216.34 54108 (msg: "MISP e27598 [] Outgoing URL http|3a|//125.44.216.34|3a|54108/bin.sh"; flow:to_server,established; http.header; content:"125.44.216.34"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.216.67.133 44031 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.216.67.133|3a|44031/Mozi.m"; flow:to_server,established; http.header; content:"117.216.67.133"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.214.95.17 60791 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.214.95.17|3a|60791/i"; flow:to_server,established; http.header; content:"117.214.95.17"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.214.95.17 60791 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.214.95.17|3a|60791/bin.sh"; flow:to_server,established; http.header; content:"117.214.95.17"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.55.223.64 41204 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.55.223.64|3a|41204/"; flow:to_server,established; http.header; content:"115.55.223.64"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 59.89.201.31 51447 (msg: "MISP e27598 [] Outgoing URL http|3a|//59.89.201.31|3a|51447/bin.sh"; flow:to_server,established; http.header; content:"59.89.201.31"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 58.47.21.80 51097 (msg: "MISP e27598 [] Outgoing URL http|3a|//58.47.21.80|3a|51097/bin.sh"; flow:to_server,established; http.header; content:"58.47.21.80"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.227.207.11 57464 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.227.207.11|3a|57464/i"; flow:to_server,established; http.header; content:"42.227.207.11"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 27.215.213.3 33545 (msg: "MISP e27598 [] Outgoing URL http|3a|//27.215.213.3|3a|33545/Mozi.m"; flow:to_server,established; http.header; content:"27.215.213.3"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 27.215.125.185 50258 (msg: "MISP e27598 [] Outgoing URL http|3a|//27.215.125.185|3a|50258/Mozi.m"; flow:to_server,established; http.header; content:"27.215.125.185"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 27.215.125.185 50258 (msg: "MISP e27598 [] Outgoing URL http|3a|//27.215.125.185|3a|50258/"; flow:to_server,established; http.header; content:"27.215.125.185"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 222.139.13.15 37676 (msg: "MISP e27598 [] Outgoing URL http|3a|//222.139.13.15|3a|37676/Mozi.m"; flow:to_server,established; http.header; content:"222.139.13.15"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 222.134.175.222 49000 (msg: "MISP e27598 [] Outgoing URL http|3a|//222.134.175.222|3a|49000/i"; flow:to_server,established; http.header; content:"222.134.175.222"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 222.134.175.222 49000 (msg: "MISP e27598 [] Outgoing URL http|3a|//222.134.175.222|3a|49000/bin.sh"; flow:to_server,established; http.header; content:"222.134.175.222"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 201.131.163.246 55136 (msg: "MISP e27598 [] Outgoing URL http|3a|//201.131.163.246|3a|55136/Mozi.m"; flow:to_server,established; http.header; content:"201.131.163.246"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.121.54.87 52780 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.121.54.87|3a|52780/"; flow:to_server,established; http.header; content:"182.121.54.87"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.116.94.95 52238 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.116.94.95|3a|52238/Mozi.m"; flow:to_server,established; http.header; content:"182.116.94.95"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.116.93.228 47800 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.116.93.228|3a|47800/Mozi.m"; flow:to_server,established; http.header; content:"182.116.93.228"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.112.30.27 46543 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.112.30.27|3a|46543/i"; flow:to_server,established; http.header; content:"182.112.30.27"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.112.30.27 46543 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.112.30.27|3a|46543/"; flow:to_server,established; http.header; content:"182.112.30.27"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 170.233.176.69 56835 (msg: "MISP e27598 [] Outgoing URL http|3a|//170.233.176.69|3a|56835/i"; flow:to_server,established; http.header; content:"170.233.176.69"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 125.44.215.47 39144 (msg: "MISP e27598 [] Outgoing URL http|3a|//125.44.215.47|3a|39144/"; flow:to_server,established; http.header; content:"125.44.215.47"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 119.179.239.213 54745 (msg: "MISP e27598 [] Outgoing URL http|3a|//119.179.239.213|3a|54745/bin.sh"; flow:to_server,established; http.header; content:"119.179.239.213"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.242.232.158 41625 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.242.232.158|3a|41625/Mozi.m"; flow:to_server,established; http.header; content:"117.242.232.158"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.194.162.134 48368 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.194.162.134|3a|48368/bin.sh"; flow:to_server,established; http.header; content:"117.194.162.134"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.55.251.24 55894 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.55.251.24|3a|55894/bin.sh"; flow:to_server,established; http.header; content:"115.55.251.24"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.55.251.142 41619 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.55.251.142|3a|41619/bin.sh"; flow:to_server,established; http.header; content:"115.55.251.142"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.50.40.155 52521 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.50.40.155|3a|52521/Mozi.m"; flow:to_server,established; http.header; content:"115.50.40.155"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 113.245.217.0 46175 (msg: "MISP e27598 [] Outgoing URL http|3a|//113.245.217.0|3a|46175/Mozi.m"; flow:to_server,established; http.header; content:"113.245.217.0"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27598 [] Outgoing URL http|3a|//booomaahuuoooapl.ru/m.exe"; flow:to_server,established; http.header; content:"booomaahuuoooapl.ru"; fast_pattern; nocase; http.uri; content:"/m.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 61.52.157.25 60635 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.52.157.25|3a|60635/i"; flow:to_server,established; http.header; content:"61.52.157.25"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 61.52.157.25 60635 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.52.157.25|3a|60635/bin.sh"; flow:to_server,established; http.header; content:"61.52.157.25"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 59.93.22.206 59369 (msg: "MISP e27598 [] Outgoing URL http|3a|//59.93.22.206|3a|59369/Mozi.a"; flow:to_server,established; http.header; content:"59.93.22.206"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 59.35.93.105 40816 (msg: "MISP e27598 [] Outgoing URL http|3a|//59.35.93.105|3a|40816/Mozi.m"; flow:to_server,established; http.header; content:"59.35.93.105"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.230.213.82 48301 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.230.213.82|3a|48301/bin.sh"; flow:to_server,established; http.header; content:"42.230.213.82"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.228.88.249 43304 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.228.88.249|3a|43304/i"; flow:to_server,established; http.header; content:"42.228.88.249"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.224.211.44 53746 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.224.211.44|3a|53746/bin.sh"; flow:to_server,established; http.header; content:"42.224.211.44"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 219.155.236.190 34425 (msg: "MISP e27598 [] Outgoing URL http|3a|//219.155.236.190|3a|34425/Mozi.m"; flow:to_server,established; http.header; content:"219.155.236.190"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 187.148.246.247 38060 (msg: "MISP e27598 [] Outgoing URL http|3a|//187.148.246.247|3a|38060/Mozi.m"; flow:to_server,established; http.header; content:"187.148.246.247"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.119.226.58 55692 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.119.226.58|3a|55692/Mozi.m"; flow:to_server,established; http.header; content:"182.119.226.58"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.116.90.122 55968 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.116.90.122|3a|55968/Mozi.m"; flow:to_server,established; http.header; content:"182.116.90.122"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 125.43.25.7 58209 (msg: "MISP e27598 [] Outgoing URL http|3a|//125.43.25.7|3a|58209/bin.sh"; flow:to_server,established; http.header; content:"125.43.25.7"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 124.78.167.107 59363 (msg: "MISP e27598 [] Outgoing URL http|3a|//124.78.167.107|3a|59363/Mozi.a"; flow:to_server,established; http.header; content:"124.78.167.107"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 124.234.185.51 36814 (msg: "MISP e27598 [] Outgoing URL http|3a|//124.234.185.51|3a|36814/Mozi.m"; flow:to_server,established; http.header; content:"124.234.185.51"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 118.174.70.79 51326 (msg: "MISP e27598 [] Outgoing URL http|3a|//118.174.70.79|3a|51326/Mozi.m"; flow:to_server,established; http.header; content:"118.174.70.79"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.220.111.136 43708 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.220.111.136|3a|43708/Mozi.m"; flow:to_server,established; http.header; content:"117.220.111.136"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.213.90.223 34274 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.213.90.223|3a|34274/bin.sh"; flow:to_server,established; http.header; content:"117.213.90.223"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.199.74.221 60049 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.199.74.221|3a|60049/Mozi.m"; flow:to_server,established; http.header; content:"117.199.74.221"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.55.53.143 41781 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.55.53.143|3a|41781/bin.sh"; flow:to_server,established; http.header; content:"115.55.53.143"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.49.67.79 34114 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.49.67.79|3a|34114/Mozi.m"; flow:to_server,established; http.header; content:"115.49.67.79"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 112.248.80.32 51127 (msg: "MISP e27598 [] Outgoing URL http|3a|//112.248.80.32|3a|51127/i"; flow:to_server,established; http.header; content:"112.248.80.32"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 112.239.99.30 42485 (msg: "MISP e27598 [] Outgoing URL http|3a|//112.239.99.30|3a|42485/Mozi.m"; flow:to_server,established; http.header; content:"112.239.99.30"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 106.41.74.115 53617 (msg: "MISP e27598 [] Outgoing URL http|3a|//106.41.74.115|3a|53617/i"; flow:to_server,established; http.header; content:"106.41.74.115"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27598 [] Outgoing URL http|3a|//booomaahuuoooapl.ru/t.exe"; flow:to_server,established; http.header; content:"booomaahuuoooapl.ru"; fast_pattern; nocase; http.uri; content:"/t.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.231.228.68 39484 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.231.228.68|3a|39484/"; flow:to_server,established; http.header; content:"42.231.228.68"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.230.213.82 48301 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.230.213.82|3a|48301/i"; flow:to_server,established; http.header; content:"42.230.213.82"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.224.30.235 47332 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.224.30.235|3a|47332/bin.sh"; flow:to_server,established; http.header; content:"42.224.30.235"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 223.8.191.188 54575 (msg: "MISP e27598 [] Outgoing URL http|3a|//223.8.191.188|3a|54575/i"; flow:to_server,established; http.header; content:"223.8.191.188"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 190.109.228.234 54270 (msg: "MISP e27598 [] Outgoing URL http|3a|//190.109.228.234|3a|54270/bin.sh"; flow:to_server,established; http.header; content:"190.109.228.234"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.240.21.227 36181 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.240.21.227|3a|36181/Mozi.m"; flow:to_server,established; http.header; content:"182.240.21.227"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.127.112.14 59921 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.127.112.14|3a|59921/bin.sh"; flow:to_server,established; http.header; content:"182.127.112.14"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.121.247.67 41842 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.121.247.67|3a|41842/bin.sh"; flow:to_server,established; http.header; content:"182.121.247.67"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.116.93.228 47800 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.116.93.228|3a|47800/"; flow:to_server,established; http.header; content:"182.116.93.228"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 123.14.23.240 54506 (msg: "MISP e27598 [] Outgoing URL http|3a|//123.14.23.240|3a|54506/Mozi.m"; flow:to_server,established; http.header; content:"123.14.23.240"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 119.179.238.2 33842 (msg: "MISP e27598 [] Outgoing URL http|3a|//119.179.238.2|3a|33842/Mozi.m"; flow:to_server,established; http.header; content:"119.179.238.2"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.58.154.135 54636 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.58.154.135|3a|54636/bin.sh"; flow:to_server,established; http.header; content:"115.58.154.135"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.55.251.24 55894 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.55.251.24|3a|55894/i"; flow:to_server,established; http.header; content:"115.55.251.24"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 61.52.44.82 40885 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.52.44.82|3a|40885/bin.sh"; flow:to_server,established; http.header; content:"61.52.44.82"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.238.84.34 57343 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.238.84.34|3a|57343/"; flow:to_server,established; http.header; content:"42.238.84.34"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 221.15.167.38 50690 (msg: "MISP e27598 [] Outgoing URL http|3a|//221.15.167.38|3a|50690/"; flow:to_server,established; http.header; content:"221.15.167.38"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.121.247.67 41842 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.121.247.67|3a|41842/"; flow:to_server,established; http.header; content:"182.121.247.67"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.120.53.191 37303 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.120.53.191|3a|37303/"; flow:to_server,established; http.header; content:"182.120.53.191"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 125.43.25.7 58209 (msg: "MISP e27598 [] Outgoing URL http|3a|//125.43.25.7|3a|58209/i"; flow:to_server,established; http.header; content:"125.43.25.7"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.49.209.71 56600 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.49.209.71|3a|56600/i"; flow:to_server,established; http.header; content:"115.49.209.71"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 59.89.202.187 33409 (msg: "MISP e27598 [] Outgoing URL http|3a|//59.89.202.187|3a|33409/Mozi.m"; flow:to_server,established; http.header; content:"59.89.202.187"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 58.47.25.181 53757 (msg: "MISP e27598 [] Outgoing URL http|3a|//58.47.25.181|3a|53757/i"; flow:to_server,established; http.header; content:"58.47.25.181"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.238.84.34 57343 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.238.84.34|3a|57343/Mozi.m"; flow:to_server,established; http.header; content:"42.238.84.34"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.230.213.82 48301 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.230.213.82|3a|48301/Mozi.m"; flow:to_server,established; http.header; content:"42.230.213.82"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.224.30.235 47332 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.224.30.235|3a|47332/i"; flow:to_server,established; http.header; content:"42.224.30.235"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 41.140.112.107 42481 (msg: "MISP e27598 [] Outgoing URL http|3a|//41.140.112.107|3a|42481/Mozi.m"; flow:to_server,established; http.header; content:"41.140.112.107"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 221.15.167.38 50690 (msg: "MISP e27598 [] Outgoing URL http|3a|//221.15.167.38|3a|50690/Mozi.m"; flow:to_server,established; http.header; content:"221.15.167.38"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.127.112.14 59921 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.127.112.14|3a|59921/i"; flow:to_server,established; http.header; content:"182.127.112.14"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 171.123.229.222 53573 (msg: "MISP e27598 [] Outgoing URL http|3a|//171.123.229.222|3a|53573/bin.sh"; flow:to_server,established; http.header; content:"171.123.229.222"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 123.5.150.28 38926 (msg: "MISP e27598 [] Outgoing URL http|3a|//123.5.150.28|3a|38926/i"; flow:to_server,established; http.header; content:"123.5.150.28"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.57.26.173 45089 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.57.26.173|3a|45089/bin.sh"; flow:to_server,established; http.header; content:"115.57.26.173"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 112.248.80.32 51127 (msg: "MISP e27598 [] Outgoing URL http|3a|//112.248.80.32|3a|51127/bin.sh"; flow:to_server,established; http.header; content:"112.248.80.32"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 61.0.144.29 53940 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.0.144.29|3a|53940/Mozi.m"; flow:to_server,established; http.header; content:"61.0.144.29"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 27.215.51.239 52602 (msg: "MISP e27598 [] Outgoing URL http|3a|//27.215.51.239|3a|52602/Mozi.m"; flow:to_server,established; http.header; content:"27.215.51.239"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 222.139.60.213 43733 (msg: "MISP e27598 [] Outgoing URL http|3a|//222.139.60.213|3a|43733/bin.sh"; flow:to_server,established; http.header; content:"222.139.60.213"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 219.157.212.164 58002 (msg: "MISP e27598 [] Outgoing URL http|3a|//219.157.212.164|3a|58002/Mozi.m"; flow:to_server,established; http.header; content:"219.157.212.164"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 219.157.194.147 44865 (msg: "MISP e27598 [] Outgoing URL http|3a|//219.157.194.147|3a|44865/i"; flow:to_server,established; http.header; content:"219.157.194.147"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.120.53.191 37303 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.120.53.191|3a|37303/Mozi.m"; flow:to_server,established; http.header; content:"182.120.53.191"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 123.5.150.28 38926 (msg: "MISP e27598 [] Outgoing URL http|3a|//123.5.150.28|3a|38926/bin.sh"; flow:to_server,established; http.header; content:"123.5.150.28"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 123.10.136.73 54253 (msg: "MISP e27598 [] Outgoing URL http|3a|//123.10.136.73|3a|54253/Mozi.m"; flow:to_server,established; http.header; content:"123.10.136.73"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 120.211.137.177 35701 (msg: "MISP e27598 [] Outgoing URL http|3a|//120.211.137.177|3a|35701/Mozi.m"; flow:to_server,established; http.header; content:"120.211.137.177"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.212.49.248 47387 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.212.49.248|3a|47387/bin.sh"; flow:to_server,established; http.header; content:"117.212.49.248"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.52.19.32 35987 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.52.19.32|3a|35987/Mozi.m"; flow:to_server,established; http.header; content:"115.52.19.32"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 111.61.93.2 37613 (msg: "MISP e27598 [] Outgoing URL http|3a|//111.61.93.2|3a|37613/Mozi.m"; flow:to_server,established; http.header; content:"111.61.93.2"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 110.183.50.132 42874 (msg: "MISP e27598 [] Outgoing URL http|3a|//110.183.50.132|3a|42874/bin.sh"; flow:to_server,established; http.header; content:"110.183.50.132"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname mail.tcbmtrhazineidgov456.com"; dns.query; content:"mail.tcbmtrhazineidgov456.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.tcbmtrhazineidgov456\.com$/i"; classtype:trojan-activity; sid:37989431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname mail.tcbmtrhazineidgov456.com"; flow:to_server,established; http.header; content: "Host|3a| mail.tcbmtrhazineidgov456.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.tcbmtrhazineidgov456\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//mail.tcbmtrhazineidgov456.com"; flow:to_server,established; http.header; content:"mail.tcbmtrhazineidgov456.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokb.app"; dns.query; content:"tokb.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokb\.app$/i"; classtype:trojan-activity; sid:37989471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokb.app"; flow:to_server,established; http.header; content: "Host|3a| tokb.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokb\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokb.app"; flow:to_server,established; http.header; content:"tokb.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:37989511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname 5ayfhoif-7356533-7672532-322876283-637523872-278365723298.pages.dev"; dns.query; content:"5ayfhoif-7356533-7672532-322876283-637523872-278365723298.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ayfhoif\-7356533\-7672532\-322876283\-637523872\-278365723298\.pages\.dev$/i"; classtype:trojan-activity; sid:37989551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname 5ayfhoif-7356533-7672532-322876283-637523872-278365723298.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 5ayfhoif-7356533-7672532-322876283-637523872-278365723298.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])5ayfhoif\-7356533\-7672532\-322876283\-637523872\-278365723298\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname lobber.com.ar"; dns.query; content:"lobber.com.ar"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lobber\.com\.ar$/i"; classtype:trojan-activity; sid:37989591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname lobber.com.ar"; flow:to_server,established; http.header; content: "Host|3a| lobber.com.ar"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lobber\.com\.ar[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//lobber.com.ar/.well-known/pki-validation/pagescode/main/"; flow:to_server,established; http.header; content:"lobber.com.ar"; fast_pattern; nocase; http.uri; content:"/.well-known/pki-validation/pagescode/main/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname nodechains-tradecurve.pages.dev"; dns.query; content:"nodechains-tradecurve.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechains\-tradecurve\.pages\.dev$/i"; classtype:trojan-activity; sid:37989631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname nodechains-tradecurve.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nodechains-tradecurve.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nodechains\-tradecurve\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//nodechains-tradecurve.pages.dev"; flow:to_server,established; http.header; content:"nodechains-tradecurve.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hello-world-sweet-term-0f54.gogeni1087.workers.dev"; dns.query; content:"hello-world-sweet-term-0f54.gogeni1087.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-sweet\-term\-0f54\.gogeni1087\.workers\.dev$/i"; classtype:trojan-activity; sid:37989671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hello-world-sweet-term-0f54.gogeni1087.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-sweet-term-0f54.gogeni1087.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-sweet\-term\-0f54\.gogeni1087\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//hello-world-sweet-term-0f54.gogeni1087.workers.dev/"; flow:to_server,established; http.header; content:"hello-world-sweet-term-0f54.gogeni1087.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hello-world-throbbing-heart-b2fd.derzuteydo.workers.dev"; dns.query; content:"hello-world-throbbing-heart-b2fd.derzuteydo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-throbbing\-heart\-b2fd\.derzuteydo\.workers\.dev$/i"; classtype:trojan-activity; sid:37989711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hello-world-throbbing-heart-b2fd.derzuteydo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-throbbing-heart-b2fd.derzuteydo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-throbbing\-heart\-b2fd\.derzuteydo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//hello-world-throbbing-heart-b2fd.derzuteydo.workers.dev/"; flow:to_server,established; http.header; content:"hello-world-throbbing-heart-b2fd.derzuteydo.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname hitchhouse.pages.dev"; dns.query; content:"hitchhouse.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hitchhouse\.pages\.dev$/i"; classtype:trojan-activity; sid:37989751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname hitchhouse.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hitchhouse.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hitchhouse\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//hitchhouse.pages.dev/"; flow:to_server,established; http.header; content:"hitchhouse.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname pmdentistry.pages.dev"; dns.query; content:"pmdentistry.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pmdentistry\.pages\.dev$/i"; classtype:trojan-activity; sid:37989791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname pmdentistry.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pmdentistry.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pmdentistry\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//pmdentistry.pages.dev/"; flow:to_server,established; http.header; content:"pmdentistry.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37989801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname telegram.jp-line.cc"; dns.query; content:"telegram.jp-line.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.jp\-line\.cc$/i"; classtype:trojan-activity; sid:37989831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname telegram.jp-line.cc"; flow:to_server,established; http.header; content: "Host|3a| telegram.jp-line.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.jp\-line\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname adminuser.jp-line.cc"; dns.query; content:"adminuser.jp-line.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.jp\-line\.cc$/i"; classtype:trojan-activity; sid:37989871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname adminuser.jp-line.cc"; flow:to_server,established; http.header; content: "Host|3a| adminuser.jp-line.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.jp\-line\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname teiegarm.bond"; dns.query; content:"teiegarm.bond"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegarm\.bond$/i"; classtype:trojan-activity; sid:37989911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname teiegarm.bond"; flow:to_server,established; http.header; content: "Host|3a| teiegarm.bond"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegarm\.bond[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname m.teiegrom-xc.com"; dns.query; content:"m.teiegrom-xc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.teiegrom\-xc\.com$/i"; classtype:trojan-activity; sid:37989951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname m.teiegrom-xc.com"; flow:to_server,established; http.header; content: "Host|3a| m.teiegrom-xc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.teiegrom\-xc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname teiegrom-xd.com"; dns.query; content:"teiegrom-xd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegrom\-xd\.com$/i"; classtype:trojan-activity; sid:37989991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname teiegrom-xd.com"; flow:to_server,established; http.header; content: "Host|3a| teiegrom-xd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegrom\-xd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37989992; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname teiegrom-xb.com"; dns.query; content:"teiegrom-xb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegrom\-xb\.com$/i"; classtype:trojan-activity; sid:37990031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname teiegrom-xb.com"; flow:to_server,established; http.header; content: "Host|3a| teiegrom-xb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teiegrom\-xb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tgcdn.xyz"; dns.query; content:"tgcdn.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgcdn\.xyz$/i"; classtype:trojan-activity; sid:37990071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tgcdn.xyz"; flow:to_server,established; http.header; content: "Host|3a| tgcdn.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgcdn\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname jasmistehavsenipodefans03.pages.dev"; dns.query; content:"jasmistehavsenipodefans03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jasmistehavsenipodefans03\.pages\.dev$/i"; classtype:trojan-activity; sid:37990111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname jasmistehavsenipodefans03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| jasmistehavsenipodefans03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jasmistehavsenipodefans03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//jasmistehavsenipodefans03.pages.dev"; flow:to_server,established; http.header; content:"jasmistehavsenipodefans03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname gkprb.pages.dev"; dns.query; content:"gkprb.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gkprb\.pages\.dev$/i"; classtype:trojan-activity; sid:37990151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname gkprb.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gkprb.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gkprb\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//gkprb.pages.dev"; flow:to_server,established; http.header; content:"gkprb.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> 222.246.110.3 43907 (msg: "MISP e27598 [] Outgoing URL http|3a|//222.246.110.3|3a|43907/Mozi.a"; flow:to_server,established; http.header; content:"222.246.110.3"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 221.15.167.38 50690 (msg: "MISP e27598 [] Outgoing URL http|3a|//221.15.167.38|3a|50690/bin.sh"; flow:to_server,established; http.header; content:"221.15.167.38"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 221.13.234.45 43142 (msg: "MISP e27598 [] Outgoing URL http|3a|//221.13.234.45|3a|43142/Mozi.m"; flow:to_server,established; http.header; content:"221.13.234.45"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.114.252.20 52568 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.114.252.20|3a|52568/Mozi.m"; flow:to_server,established; http.header; content:"182.114.252.20"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.114.252.20 52568 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.114.252.20|3a|52568/"; flow:to_server,established; http.header; content:"182.114.252.20"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.114.196.191 35781 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.114.196.191|3a|35781/Mozi.m"; flow:to_server,established; http.header; content:"182.114.196.191"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 175.30.83.240 56542 (msg: "MISP e27598 [] Outgoing URL http|3a|//175.30.83.240|3a|56542/i"; flow:to_server,established; http.header; content:"175.30.83.240"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 175.30.83.240 56542 (msg: "MISP e27598 [] Outgoing URL http|3a|//175.30.83.240|3a|56542/bin.sh"; flow:to_server,established; http.header; content:"175.30.83.240"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.242.235.147 36837 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.242.235.147|3a|36837/i"; flow:to_server,established; http.header; content:"117.242.235.147"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.57.49.95 40656 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.57.49.95|3a|40656/i"; flow:to_server,established; http.header; content:"115.57.49.95"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.54.66.173 37848 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.54.66.173|3a|37848/Mozi.m"; flow:to_server,established; http.header; content:"115.54.66.173"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert dns any any -> any any (msg: "MISP e27620 [] Domain sorche.sbs"; dns.query; content:"sorche.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-])sorche\.sbs$/i"; classtype:trojan-activity; sid:37991171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27620;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27620 [] Outgoing HTTP Domain sorche.sbs"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sorche.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sorche\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37991172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27620;) alert dns any any -> any any (msg: "MISP e27593 [] Domain app-clientes-bannestado.pages.dev"; dns.query; content:"app-clientes-bannestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37965131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27593;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27593 [] Outgoing HTTP Domain app-clientes-bannestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-clientes-bannestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27593;) alert ip 104.250.50.3 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.3"; classtype:trojan-activity; sid:37975571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.157.42.231 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.42.231"; classtype:trojan-activity; sid:37975581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.80.192 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.80.192"; classtype:trojan-activity; sid:37975591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 138.2.5.77 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.2.5.77"; classtype:trojan-activity; sid:37975601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 36.66.66.195 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.66.66.195"; classtype:trojan-activity; sid:37975611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 1.12.220.16 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.12.220.16"; classtype:trojan-activity; sid:37975621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 13.200.170.15 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.200.170.15"; classtype:trojan-activity; sid:37975631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 165.22.158.14 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.158.14"; classtype:trojan-activity; sid:37975641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 81.68.247.148 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.68.247.148"; classtype:trojan-activity; sid:37975651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 123.253.33.195 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.253.33.195"; classtype:trojan-activity; sid:37975661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 171.244.57.45 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.244.57.45"; classtype:trojan-activity; sid:37975671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 146.190.225.241 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.190.225.241"; classtype:trojan-activity; sid:37975681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.223.165.245 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.165.245"; classtype:trojan-activity; sid:37975691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 122.117.75.89 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.117.75.89"; classtype:trojan-activity; sid:37975701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 188.148.146.8 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.148.146.8"; classtype:trojan-activity; sid:37975711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 168.119.123.17 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.119.123.17"; classtype:trojan-activity; sid:37975721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 38.117.122.249 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.117.122.249"; classtype:trojan-activity; sid:37975731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 61.93.178.238 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.93.178.238"; classtype:trojan-activity; sid:37975741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 62.234.190.70 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.190.70"; classtype:trojan-activity; sid:37975751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.165.130.26 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.165.130.26"; classtype:trojan-activity; sid:37975761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 197.248.187.251 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 197.248.187.251"; classtype:trojan-activity; sid:37975771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.138.111.189 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.111.189"; classtype:trojan-activity; sid:37975781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 104.250.50.63 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.63"; classtype:trojan-activity; sid:37975791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.163.139.96 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.163.139.96"; classtype:trojan-activity; sid:37975801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 37.44.41.93 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 37.44.41.93"; classtype:trojan-activity; sid:37975811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.177.212.2 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.177.212.2"; classtype:trojan-activity; sid:37975821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.136.95.69 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.95.69"; classtype:trojan-activity; sid:37975831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 14.116.196.31 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.116.196.31"; classtype:trojan-activity; sid:37975841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.231.40.36 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.231.40.36"; classtype:trojan-activity; sid:37975851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 218.17.177.37 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.17.177.37"; classtype:trojan-activity; sid:37975861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 81.70.55.120 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.55.120"; classtype:trojan-activity; sid:37975871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 82.156.78.109 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.78.109"; classtype:trojan-activity; sid:37975881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.131.36.184 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.36.184"; classtype:trojan-activity; sid:37975891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 101.43.37.212 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.37.212"; classtype:trojan-activity; sid:37975901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 220.228.152.176 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.228.152.176"; classtype:trojan-activity; sid:37975911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 194.5.237.80 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.5.237.80"; classtype:trojan-activity; sid:37975921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 104.236.195.149 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.236.195.149"; classtype:trojan-activity; sid:37975931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 188.121.100.238 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.121.100.238"; classtype:trojan-activity; sid:37975941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 92.220.197.113 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.220.197.113"; classtype:trojan-activity; sid:37975951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 80.249.113.18 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 80.249.113.18"; classtype:trojan-activity; sid:37975961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 213.32.95.76 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.32.95.76"; classtype:trojan-activity; sid:37975971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 119.91.206.17 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.91.206.17"; classtype:trojan-activity; sid:37975981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.196.72 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.196.72"; classtype:trojan-activity; sid:37975991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 81.70.186.78 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.186.78"; classtype:trojan-activity; sid:37976001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 170.64.159.2 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.159.2"; classtype:trojan-activity; sid:37976011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.10.44.30 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.10.44.30"; classtype:trojan-activity; sid:37976021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.157.111.92 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.111.92"; classtype:trojan-activity; sid:37976031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 188.40.172.139 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.40.172.139"; classtype:trojan-activity; sid:37976041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 137.184.208.169 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.208.169"; classtype:trojan-activity; sid:37976051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 123.207.35.225 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.35.225"; classtype:trojan-activity; sid:37976061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.135.172.115 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.135.172.115"; classtype:trojan-activity; sid:37976071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 45.79.239.177 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.79.239.177"; classtype:trojan-activity; sid:37976081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.215.231 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.215.231"; classtype:trojan-activity; sid:37976091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 62.234.217.197 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.217.197"; classtype:trojan-activity; sid:37976101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 123.207.40.101 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.40.101"; classtype:trojan-activity; sid:37976111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 114.113.235.166 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.113.235.166"; classtype:trojan-activity; sid:37976121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 144.126.157.219 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.126.157.219"; classtype:trojan-activity; sid:37976131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 58.221.62.191 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.221.62.191"; classtype:trojan-activity; sid:37976141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.143.43.63 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.43.63"; classtype:trojan-activity; sid:37976151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.153.178.47 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.178.47"; classtype:trojan-activity; sid:37976161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 94.228.168.221 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 94.228.168.221"; classtype:trojan-activity; sid:37976171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 81.70.48.194 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.48.194"; classtype:trojan-activity; sid:37976181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 114.132.198.94 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.198.94"; classtype:trojan-activity; sid:37976191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 103.100.208.238 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.100.208.238"; classtype:trojan-activity; sid:37976201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.134.72.45 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.72.45"; classtype:trojan-activity; sid:37976211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 81.71.119.193 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.71.119.193"; classtype:trojan-activity; sid:37976221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 152.32.133.174 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.133.174"; classtype:trojan-activity; sid:37976231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 164.92.109.62 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 164.92.109.62"; classtype:trojan-activity; sid:37976241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 170.64.221.42 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.221.42"; classtype:trojan-activity; sid:37976251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.223.98.170 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.98.170"; classtype:trojan-activity; sid:37976261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 203.195.182.32 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.195.182.32"; classtype:trojan-activity; sid:37976271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.163.195.17 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.195.17"; classtype:trojan-activity; sid:37976281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 202.29.229.129 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.29.229.129"; classtype:trojan-activity; sid:37976291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.136.112.152 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.112.152"; classtype:trojan-activity; sid:37976301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 112.6.41.110 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.6.41.110"; classtype:trojan-activity; sid:37976311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 147.135.169.233 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.135.169.233"; classtype:trojan-activity; sid:37976321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 150.109.25.52 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.25.52"; classtype:trojan-activity; sid:37976331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 74.208.62.138 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.208.62.138"; classtype:trojan-activity; sid:37976341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 142.93.215.69 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.215.69"; classtype:trojan-activity; sid:37976351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 124.220.37.13 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.220.37.13"; classtype:trojan-activity; sid:37976361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 178.216.99.150 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.216.99.150"; classtype:trojan-activity; sid:37976371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 125.138.204.206 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.138.204.206"; classtype:trojan-activity; sid:37976381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 188.166.250.251 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.250.251"; classtype:trojan-activity; sid:37976391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 88.198.95.51 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.198.95.51"; classtype:trojan-activity; sid:37976401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 106.12.143.44 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.143.44"; classtype:trojan-activity; sid:37976411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert ip 43.129.74.120 any -> $HOME_NET any (msg: "MISP e27610 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.129.74.120"; classtype:trojan-activity; sid:37976421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27610;) alert dns any any -> any any (msg: "MISP e27615 [] Domain dutopupina.com"; dns.query; content:"dutopupina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dutopupina\.com$/i"; classtype:trojan-activity; sid:37977361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27615;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27615 [] Outgoing HTTP Domain dutopupina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dutopupina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dutopupina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27615;) alert ip $HOME_NET any -> 193.233.132.224 50500 (msg: "MISP e27596 [RiseProStealer] Outgoing To IP: 193.233.132.224|50500"; classtype:trojan-activity; sid:37965991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27603 [] Domain clickuzbank.site"; dns.query; content:"clickuzbank.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])clickuzbank\.site$/i"; classtype:trojan-activity; sid:37969161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27603;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27603 [] Outgoing HTTP Domain clickuzbank.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clickuzbank.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clickuzbank\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37969162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27603;) alert dns any any -> any any (msg: "MISP e27600 [] Hostname green.whatsyourfavoritecolor.xyz"; dns.query; content:"green.whatsyourfavoritecolor.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])green\.whatsyourfavoritecolor\.xyz$/i"; classtype:trojan-activity; sid:37968501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27600 [] Outgoing HTTP Hostname green.whatsyourfavoritecolor.xyz"; flow:to_server,established; http.header; content: "Host|3a| green.whatsyourfavoritecolor.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])green\.whatsyourfavoritecolor\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37968502; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27600;) alert dns any any -> any any (msg: "MISP e27600 [] Domain whatsyourfavoritecolor.xyz"; dns.query; content:"whatsyourfavoritecolor.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])whatsyourfavoritecolor\.xyz$/i"; classtype:trojan-activity; sid:37968511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27600 [] Outgoing HTTP Domain whatsyourfavoritecolor.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"whatsyourfavoritecolor.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])whatsyourfavoritecolor\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37968512; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27600;) alert ip $HOME_NET any -> 193.233.132.224 8081 (msg: "MISP e27596 [Risepro,ViriBack] Outgoing To IP: 193.233.132.224|8081"; classtype:trojan-activity; sid:37966001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> 113.26.81.251 50380 (msg: "MISP e27596 [] Outgoing URL http|3a|//113.26.81.251|3a|50380/mozi.m"; flow:to_server,established; http.header; content:"113.26.81.251"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 167.71.184.214 31337 (msg: "MISP e27596 [DIGITALOCEAN-ASN,sliver] Outgoing To IP: 167.71.184.214|31337"; classtype:trojan-activity; sid:37966021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 167.71.184.214 8081 (msg: "MISP e27596 [DIGITALOCEAN-ASN,sliver] Outgoing To IP: 167.71.184.214|8081"; classtype:trojan-activity; sid:37966031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 88.151.192.114 443 (msg: "MISP e27596 [Brute Ratel C4,BYTES-AS] Outgoing To IP: 88.151.192.114|443"; classtype:trojan-activity; sid:37966041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 34.126.126.52 443 (msg: "MISP e27596 [Deimos,GOOGLE-CLOUD-PLATFORM] Outgoing To IP: 34.126.126.52|443"; classtype:trojan-activity; sid:37966051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 163.177.79.82 7443 (msg: "MISP e27596 [Bianlian Go Trojan,UNICOM-SHENZHEN-IDC China Unicom Guangdong IP network] Outgoing To IP: 163.177.79.82|7443"; classtype:trojan-activity; sid:37966061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 151.236.16.232 8226 (msg: "MISP e27596 [Bianlian Go Trojan,M247] Outgoing To IP: 151.236.16.232|8226"; classtype:trojan-activity; sid:37966071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 66.85.27.144 24513 (msg: "MISP e27596 [ASN-QUADRANET-GLOBAL,Bianlian Go Trojan] Outgoing To IP: 66.85.27.144|24513"; classtype:trojan-activity; sid:37966081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 179.60.149.241 8443 (msg: "MISP e27596 [Bianlian Go Trojan,HOSTKEY-USA] Outgoing To IP: 179.60.149.241|8443"; classtype:trojan-activity; sid:37966091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 80.75.212.148 445 (msg: "MISP e27596 [FERDINANDZINK,Responder] Outgoing To IP: 80.75.212.148|445"; classtype:trojan-activity; sid:37966101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 45.245.103.58 995 (msg: "MISP e27596 [LINKdotNET-AS,QakBot] Outgoing To IP: 45.245.103.58|995"; classtype:trojan-activity; sid:37966111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 72.27.110.218 443 (msg: "MISP e27596 [FLOW-NET,QakBot] Outgoing To IP: 72.27.110.218|443"; classtype:trojan-activity; sid:37966121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 94.198.54.154 8888 (msg: "MISP e27596 [SMARTAPE,Supershell] Outgoing To IP: 94.198.54.154|8888"; classtype:trojan-activity; sid:37966131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 103.163.208.187 8888 (msg: "MISP e27596 [STARBOWLTD-AS-AP Starbow Ltd.,Supershell] Outgoing To IP: 103.163.208.187|8888"; classtype:trojan-activity; sid:37966141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 95.217.234.153 443 (msg: "MISP e27596 [Vidar] Outgoing To IP: 95.217.234.153|443"; classtype:trojan-activity; sid:37966151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 49.13.89.149 443 (msg: "MISP e27596 [Vidar] Outgoing To IP: 49.13.89.149|443"; classtype:trojan-activity; sid:37966161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 78.46.233.36 9000 (msg: "MISP e27596 [Vidar] Outgoing To IP: 78.46.233.36|9000"; classtype:trojan-activity; sid:37966171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 142.171.8.253 80 (msg: "MISP e27596 [Hookbot Pegasus,MULTA-ASN1] Outgoing To IP: 142.171.8.253|80"; classtype:trojan-activity; sid:37966231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 82.197.93.210 80 (msg: "MISP e27596 [AS-HOSTINGER,Hookbot Pegasus] Outgoing To IP: 82.197.93.210|80"; classtype:trojan-activity; sid:37966241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 123.99.198.201 20064 (msg: "MISP e27596 [Gh0stRAT] Outgoing To IP: 123.99.198.201|20064"; classtype:trojan-activity; sid:37966251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27594 [] Domain info-personas-banestado.pages.dev"; dns.query; content:"info-personas-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])info\-personas\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37965211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27594;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27594 [] Outgoing HTTP Domain info-personas-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"info-personas-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])info\-personas\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27594;) alert http $HOME_NET any -> 193.233.132.204 $HTTP_PORTS (msg: "MISP e27596 [recordbreaker] Outgoing URL http|3a|//193.233.132.204/"; flow:to_server,established; http.header; content:"193.233.132.204"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27614 [] Hostname renouvellement-vitale-enligne.fr"; dns.query; content:"renouvellement-vitale-enligne.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])renouvellement\-vitale\-enligne\.fr$/i"; classtype:trojan-activity; sid:37977121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27614;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27614 [] Outgoing HTTP Hostname renouvellement-vitale-enligne.fr"; flow:to_server,established; http.header; content: "Host|3a| renouvellement-vitale-enligne.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])renouvellement\-vitale\-enligne\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27614;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27614 [] Outgoing URL http|3a|//renouvellement-vitale-enligne.fr"; flow:to_server,established; http.header; content:"renouvellement-vitale-enligne.fr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37977141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27614;) alert ip $HOME_NET any -> 147.185.221.18 49626 (msg: "MISP e27596 [Cybergate] Outgoing To IP: 147.185.221.18|49626"; classtype:trojan-activity; sid:37966271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27602 [] Hostname gncelinteraktifgib.fun"; dns.query; content:"gncelinteraktifgib.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gncelinteraktifgib\.fun$/i"; classtype:trojan-activity; sid:37968791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27602;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27602 [] Outgoing HTTP Hostname gncelinteraktifgib.fun"; flow:to_server,established; http.header; content: "Host|3a| gncelinteraktifgib.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gncelinteraktifgib\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37968792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27602;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27602 [] Outgoing URL http|3a|//gncelinteraktifgib.fun"; flow:to_server,established; http.header; content:"gncelinteraktifgib.fun"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27602;) alert http $HOME_NET any -> 150.107.201.170 $HTTP_PORTS (msg: "MISP e27596 [CobaltStrike,cs-watermark-1357776117,HOSTHATCH] Outgoing URL http|3a|//150.107.201.170/aerotable_generate_ai"; flow:to_server,established; http.header; content:"150.107.201.170"; fast_pattern; nocase; http.uri; content:"/aerotable_generate_ai"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 193.26.115.138 4782 (msg: "MISP e27596 [QuasarRAT,RAT] Outgoing To IP: 193.26.115.138|4782"; classtype:trojan-activity; sid:37966291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname xiaohuojian01.icu"; dns.query; content:"xiaohuojian01.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xiaohuojian01\.icu$/i"; classtype:trojan-activity; sid:37990191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname xiaohuojian01.icu"; flow:to_server,established; http.header; content: "Host|3a| xiaohuojian01.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xiaohuojian01\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//xiaohuojian01.icu"; flow:to_server,established; http.header; content:"xiaohuojian01.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname sdtgz.pages.dev"; dns.query; content:"sdtgz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sdtgz\.pages\.dev$/i"; classtype:trojan-activity; sid:37990231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname sdtgz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sdtgz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sdtgz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//sdtgz.pages.dev"; flow:to_server,established; http.header; content:"sdtgz.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname pqdnr.pages.dev"; dns.query; content:"pqdnr.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pqdnr\.pages\.dev$/i"; classtype:trojan-activity; sid:37990271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname pqdnr.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| pqdnr.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pqdnr\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//pqdnr.pages.dev"; flow:to_server,established; http.header; content:"pqdnr.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname rpcconfigureprotocol.com"; dns.query; content:"rpcconfigureprotocol.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rpcconfigureprotocol\.com$/i"; classtype:trojan-activity; sid:37990311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname rpcconfigureprotocol.com"; flow:to_server,established; http.header; content: "Host|3a| rpcconfigureprotocol.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rpcconfigureprotocol\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//rpcconfigureprotocol.com"; flow:to_server,established; http.header; content:"rpcconfigureprotocol.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname yergafumilegidangasaprefucehutevas4.pages.dev"; dns.query; content:"yergafumilegidangasaprefucehutevas4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yergafumilegidangasaprefucehutevas4\.pages\.dev$/i"; classtype:trojan-activity; sid:37990351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname yergafumilegidangasaprefucehutevas4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yergafumilegidangasaprefucehutevas4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yergafumilegidangasaprefucehutevas4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//yergafumilegidangasaprefucehutevas4.pages.dev"; flow:to_server,established; http.header; content:"yergafumilegidangasaprefucehutevas4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname redirectblackpringkilitss.pages.dev"; dns.query; content:"redirectblackpringkilitss.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redirectblackpringkilitss\.pages\.dev$/i"; classtype:trojan-activity; sid:37990391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname redirectblackpringkilitss.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| redirectblackpringkilitss.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])redirectblackpringkilitss\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//redirectblackpringkilitss.pages.dev"; flow:to_server,established; http.header; content:"redirectblackpringkilitss.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname renouvellement-vitale-enligne.fr"; dns.query; content:"renouvellement-vitale-enligne.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])renouvellement\-vitale\-enligne\.fr$/i"; classtype:trojan-activity; sid:37990431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname renouvellement-vitale-enligne.fr"; flow:to_server,established; http.header; content: "Host|3a| renouvellement-vitale-enligne.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])renouvellement\-vitale\-enligne\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//renouvellement-vitale-enligne.fr"; flow:to_server,established; http.header; content:"renouvellement-vitale-enligne.fr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname long-cake-d7d9.137952361962342.workers.dev"; dns.query; content:"long-cake-d7d9.137952361962342.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])long\-cake\-d7d9\.137952361962342\.workers\.dev$/i"; classtype:trojan-activity; sid:37990471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname long-cake-d7d9.137952361962342.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| long-cake-d7d9.137952361962342.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])long\-cake\-d7d9\.137952361962342\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname azul-ca0.pages.dev"; dns.query; content:"azul-ca0.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])azul\-ca0\.pages\.dev$/i"; classtype:trojan-activity; sid:37990511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname azul-ca0.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| azul-ca0.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])azul\-ca0\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990512; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname tokenpazket.tel"; dns.query; content:"tokenpazket.tel"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.tel$/i"; classtype:trojan-activity; sid:37990551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname tokenpazket.tel"; flow:to_server,established; http.header; content: "Host|3a| tokenpazket.tel"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.tel[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990552; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//tokenpazket.tel"; flow:to_server,established; http.header; content:"tokenpazket.tel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname ksudsf.com"; dns.query; content:"ksudsf.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksudsf\.com$/i"; classtype:trojan-activity; sid:37990591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname ksudsf.com"; flow:to_server,established; http.header; content: "Host|3a| ksudsf.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksudsf\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990592; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//ksudsf.com"; flow:to_server,established; http.header; content:"ksudsf.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname stand2-toptop.ru"; dns.query; content:"stand2-toptop.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stand2\-toptop\.ru$/i"; classtype:trojan-activity; sid:37990631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname stand2-toptop.ru"; flow:to_server,established; http.header; content: "Host|3a| stand2-toptop.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stand2\-toptop\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990632; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//stand2-toptop.ru"; flow:to_server,established; http.header; content:"stand2-toptop.ru"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname normallegendryspecialdomainwindowmails1.pages.dev"; dns.query; content:"normallegendryspecialdomainwindowmails1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])normallegendryspecialdomainwindowmails1\.pages\.dev$/i"; classtype:trojan-activity; sid:37990671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname normallegendryspecialdomainwindowmails1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| normallegendryspecialdomainwindowmails1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])normallegendryspecialdomainwindowmails1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990672; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//normallegendryspecialdomainwindowmails1.pages.dev"; flow:to_server,established; http.header; content:"normallegendryspecialdomainwindowmails1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname yijfgyiusdhhvwerxokvenre4.pages.dev"; dns.query; content:"yijfgyiusdhhvwerxokvenre4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yijfgyiusdhhvwerxokvenre4\.pages\.dev$/i"; classtype:trojan-activity; sid:37990711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname yijfgyiusdhhvwerxokvenre4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yijfgyiusdhhvwerxokvenre4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yijfgyiusdhhvwerxokvenre4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//yijfgyiusdhhvwerxokvenre4.pages.dev"; flow:to_server,established; http.header; content:"yijfgyiusdhhvwerxokvenre4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname fieshugehjsuiotacescgy03.pages.dev"; dns.query; content:"fieshugehjsuiotacescgy03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fieshugehjsuiotacescgy03\.pages\.dev$/i"; classtype:trojan-activity; sid:37990751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname fieshugehjsuiotacescgy03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fieshugehjsuiotacescgy03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fieshugehjsuiotacescgy03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990752; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//fieshugehjsuiotacescgy03.pages.dev"; flow:to_server,established; http.header; content:"fieshugehjsuiotacescgy03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname unrohesgevseolaordgeswefes4.pages.dev"; dns.query; content:"unrohesgevseolaordgeswefes4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unrohesgevseolaordgeswefes4\.pages\.dev$/i"; classtype:trojan-activity; sid:37990791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname unrohesgevseolaordgeswefes4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| unrohesgevseolaordgeswefes4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unrohesgevseolaordgeswefes4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//unrohesgevseolaordgeswefes4.pages.dev"; flow:to_server,established; http.header; content:"unrohesgevseolaordgeswefes4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname faecbokcom.kafela.shop"; dns.query; content:"faecbokcom.kafela.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])faecbokcom\.kafela\.shop$/i"; classtype:trojan-activity; sid:37990831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname faecbokcom.kafela.shop"; flow:to_server,established; http.header; content: "Host|3a| faecbokcom.kafela.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])faecbokcom\.kafela\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//faecbokcom.kafela.shop"; flow:to_server,established; http.header; content:"faecbokcom.kafela.shop"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname whatsapp-m6.com"; dns.query; content:"whatsapp-m6.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsapp\-m6\.com$/i"; classtype:trojan-activity; sid:37990871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname whatsapp-m6.com"; flow:to_server,established; http.header; content: "Host|3a| whatsapp-m6.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsapp\-m6\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//whatsapp-m6.com"; flow:to_server,established; http.header; content:"whatsapp-m6.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert dns any any -> any any (msg: "MISP e27618 [] Hostname groupsexxxfree-ncm.pages.dev"; dns.query; content:"groupsexxxfree-ncm.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])groupsexxxfree\-ncm\.pages\.dev$/i"; classtype:trojan-activity; sid:37990911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27618 [] Outgoing HTTP Hostname groupsexxxfree-ncm.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| groupsexxxfree-ncm.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])groupsexxxfree\-ncm\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37990912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27618 [] Outgoing URL http|3a|//groupsexxxfree-ncm.pages.dev"; flow:to_server,established; http.header; content:"groupsexxxfree-ncm.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37990921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27618;) alert http $HOME_NET any -> 95.132.252.88 36485 (msg: "MISP e27598 [] Outgoing URL http|3a|//95.132.252.88|3a|36485/i"; flow:to_server,established; http.header; content:"95.132.252.88"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 95.132.252.88 36485 (msg: "MISP e27598 [] Outgoing URL http|3a|//95.132.252.88|3a|36485/bin.sh"; flow:to_server,established; http.header; content:"95.132.252.88"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 95.132.252.88 36485 (msg: "MISP e27598 [] Outgoing URL http|3a|//95.132.252.88|3a|36485/"; flow:to_server,established; http.header; content:"95.132.252.88"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 94.156.8.116 $HTTP_PORTS (msg: "MISP e27598 [] Outgoing URL http|3a|//94.156.8.116/bins/UnHAnaAW.x86"; flow:to_server,established; http.header; content:"94.156.8.116"; fast_pattern; nocase; http.uri; content:"/bins/UnHAnaAW.x86"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 94.156.8.116 $HTTP_PORTS (msg: "MISP e27598 [] Outgoing URL http|3a|//94.156.8.116/bins/UnHAnaAW.mpsl"; flow:to_server,established; http.header; content:"94.156.8.116"; fast_pattern; nocase; http.uri; content:"/bins/UnHAnaAW.mpsl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 94.156.8.116 $HTTP_PORTS (msg: "MISP e27598 [] Outgoing URL http|3a|//94.156.8.116/bins/UnHAnaAW.mips"; flow:to_server,established; http.header; content:"94.156.8.116"; fast_pattern; nocase; http.uri; content:"/bins/UnHAnaAW.mips"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 78.9.100.207 59257 (msg: "MISP e27598 [] Outgoing URL http|3a|//78.9.100.207|3a|59257/Mozi.a"; flow:to_server,established; http.header; content:"78.9.100.207"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 61.53.216.230 52418 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.53.216.230|3a|52418/"; flow:to_server,established; http.header; content:"61.53.216.230"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 61.52.72.217 34006 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.52.72.217|3a|34006/bin.sh"; flow:to_server,established; http.header; content:"61.52.72.217"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 61.52.72.217 34006 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.52.72.217|3a|34006/"; flow:to_server,established; http.header; content:"61.52.72.217"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 61.52.223.79 44003 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.52.223.79|3a|44003/i"; flow:to_server,established; http.header; content:"61.52.223.79"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 61.52.223.79 44003 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.52.223.79|3a|44003/"; flow:to_server,established; http.header; content:"61.52.223.79"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 27.207.162.152 38707 (msg: "MISP e27598 [] Outgoing URL http|3a|//27.207.162.152|3a|38707/i"; flow:to_server,established; http.header; content:"27.207.162.152"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 27.207.162.152 38707 (msg: "MISP e27598 [] Outgoing URL http|3a|//27.207.162.152|3a|38707/bin.sh"; flow:to_server,established; http.header; content:"27.207.162.152"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37967991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 223.14.160.114 37929 (msg: "MISP e27598 [] Outgoing URL http|3a|//223.14.160.114|3a|37929/Mozi.m"; flow:to_server,established; http.header; content:"223.14.160.114"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 190.109.227.59 48175 (msg: "MISP e27598 [] Outgoing URL http|3a|//190.109.227.59|3a|48175/Mozi.m"; flow:to_server,established; http.header; content:"190.109.227.59"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.59.200.147 52885 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.59.200.147|3a|52885/Mozi.m"; flow:to_server,established; http.header; content:"182.59.200.147"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.121.84.236 47227 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.121.84.236|3a|47227/i"; flow:to_server,established; http.header; content:"182.121.84.236"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.121.47.15 60409 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.121.47.15|3a|60409/bin.sh"; flow:to_server,established; http.header; content:"182.121.47.15"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.112.30.27 46543 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.112.30.27|3a|46543/bin.sh"; flow:to_server,established; http.header; content:"182.112.30.27"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 176.36.148.87 47995 (msg: "MISP e27598 [] Outgoing URL http|3a|//176.36.148.87|3a|47995/i"; flow:to_server,established; http.header; content:"176.36.148.87"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 147.45.47.93 30487 (msg: "MISP e27598 [] Outgoing URL http|3a|//147.45.47.93|3a|30487/zigma/kefir.exe"; flow:to_server,established; http.header; content:"147.45.47.93"; fast_pattern; nocase; http.uri; content:"/zigma/kefir.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 125.25.183.210 60837 (msg: "MISP e27598 [] Outgoing URL http|3a|//125.25.183.210|3a|60837/i"; flow:to_server,established; http.header; content:"125.25.183.210"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 123.13.26.249 35186 (msg: "MISP e27598 [] Outgoing URL http|3a|//123.13.26.249|3a|35186/i"; flow:to_server,established; http.header; content:"123.13.26.249"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 119.186.209.132 41584 (msg: "MISP e27598 [] Outgoing URL http|3a|//119.186.209.132|3a|41584/bin.sh"; flow:to_server,established; http.header; content:"119.186.209.132"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.242.235.147 36837 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.242.235.147|3a|36837/bin.sh"; flow:to_server,established; http.header; content:"117.242.235.147"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.55.225.84 38865 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.55.225.84|3a|38865/Mozi.m"; flow:to_server,established; http.header; content:"115.55.225.84"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 112.113.124.67 54766 (msg: "MISP e27598 [] Outgoing URL http|3a|//112.113.124.67|3a|54766/Mozi.m"; flow:to_server,established; http.header; content:"112.113.124.67"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.231.67.88 41250 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.231.67.88|3a|41250/bin.sh"; flow:to_server,established; http.header; content:"42.231.67.88"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 42.224.212.5 52681 (msg: "MISP e27598 [] Outgoing URL http|3a|//42.224.212.5|3a|52681/Mozi.m"; flow:to_server,established; http.header; content:"42.224.212.5"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 27.223.253.87 41820 (msg: "MISP e27598 [] Outgoing URL http|3a|//27.223.253.87|3a|41820/bin.sh"; flow:to_server,established; http.header; content:"27.223.253.87"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 219.157.241.112 51390 (msg: "MISP e27598 [] Outgoing URL http|3a|//219.157.241.112|3a|51390/"; flow:to_server,established; http.header; content:"219.157.241.112"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 213.99.112.238 35605 (msg: "MISP e27598 [] Outgoing URL http|3a|//213.99.112.238|3a|35605/i"; flow:to_server,established; http.header; content:"213.99.112.238"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 213.99.112.238 35605 (msg: "MISP e27598 [] Outgoing URL http|3a|//213.99.112.238|3a|35605/bin.sh"; flow:to_server,established; http.header; content:"213.99.112.238"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 190.109.227.71 37465 (msg: "MISP e27598 [] Outgoing URL http|3a|//190.109.227.71|3a|37465/Mozi.m"; flow:to_server,established; http.header; content:"190.109.227.71"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.123.242.72 43400 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.123.242.72|3a|43400/Mozi.m"; flow:to_server,established; http.header; content:"182.123.242.72"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 123.8.79.130 48745 (msg: "MISP e27598 [] Outgoing URL http|3a|//123.8.79.130|3a|48745/bin.sh"; flow:to_server,established; http.header; content:"123.8.79.130"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 123.175.67.59 48059 (msg: "MISP e27598 [] Outgoing URL http|3a|//123.175.67.59|3a|48059/Mozi.m"; flow:to_server,established; http.header; content:"123.175.67.59"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.55.245.245 54116 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.55.245.245|3a|54116/Mozi.m"; flow:to_server,established; http.header; content:"115.55.245.245"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.55.236.60 41720 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.55.236.60|3a|41720/"; flow:to_server,established; http.header; content:"115.55.236.60"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.55.223.64 41204 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.55.223.64|3a|41204/Mozi.m"; flow:to_server,established; http.header; content:"115.55.223.64"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 112.255.131.5 47915 (msg: "MISP e27598 [] Outgoing URL http|3a|//112.255.131.5|3a|47915/Mozi.m"; flow:to_server,established; http.header; content:"112.255.131.5"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert dns any any -> any any (msg: "MISP e27595 [] Domain info-personas-banestado.pages.dev"; dns.query; content:"info-personas-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])info\-personas\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:37965291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27595;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27595 [] Outgoing HTTP Domain info-personas-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"info-personas-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])info\-personas\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37965292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27595;) alert dns any any -> any any (msg: "MISP e27602 [] Domain gncelinteraktifgib.fun"; dns.query; content:"gncelinteraktifgib.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-])gncelinteraktifgib\.fun$/i"; classtype:trojan-activity; sid:37968911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27602;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27602 [] Outgoing HTTP Domain gncelinteraktifgib.fun"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gncelinteraktifgib.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gncelinteraktifgib\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37968912; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27602;) alert dns any any -> any any (msg: "MISP e27596 [Amazon.com Inc.,CobaltStrike,cs-watermark-520024723] Domain umfi.live"; dns.query; content:"umfi.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])umfi\.live$/i"; classtype:trojan-activity; sid:37966311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27596 [Amazon.com Inc.,CobaltStrike,cs-watermark-520024723] Outgoing HTTP Domain umfi.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"umfi.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])umfi\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37966312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert ip $HOME_NET any -> 34.216.132.82 443 (msg: "MISP e27596 [Amazon.com Inc.,CobaltStrike,cs-watermark-520024723] Outgoing To IP: 34.216.132.82|443"; classtype:trojan-activity; sid:37966321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27596;) alert dns any any -> any any (msg: "MISP e27617 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Domain umfi.live"; dns.query; content:"umfi.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])umfi\.live$/i"; classtype:trojan-activity; sid:37977481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27617;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27617 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing HTTP Domain umfi.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"umfi.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])umfi\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37977482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27617;) alert ip $HOME_NET any -> 34.216.132.82 443 (msg: "MISP e27617 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing To IP: 34.216.132.82|443"; classtype:trojan-activity; sid:37977501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27617;) alert http $HOME_NET any -> 61.1.147.84 57345 (msg: "MISP e27598 [] Outgoing URL http|3a|//61.1.147.84|3a|57345/Mozi.m"; flow:to_server,established; http.header; content:"61.1.147.84"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 59.99.136.99 50042 (msg: "MISP e27598 [] Outgoing URL http|3a|//59.99.136.99|3a|50042/bin.sh"; flow:to_server,established; http.header; content:"59.99.136.99"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 219.157.241.112 51390 (msg: "MISP e27598 [] Outgoing URL http|3a|//219.157.241.112|3a|51390/Mozi.m"; flow:to_server,established; http.header; content:"219.157.241.112"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.121.106.72 42042 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.121.106.72|3a|42042/Mozi.m"; flow:to_server,established; http.header; content:"182.121.106.72"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.120.58.228 59095 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.120.58.228|3a|59095/Mozi.m"; flow:to_server,established; http.header; content:"182.120.58.228"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 182.116.94.95 52238 (msg: "MISP e27598 [] Outgoing URL http|3a|//182.116.94.95|3a|52238/bin.sh"; flow:to_server,established; http.header; content:"182.116.94.95"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.222.252.92 59187 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.222.252.92|3a|59187/Mozi.m"; flow:to_server,established; http.header; content:"117.222.252.92"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 117.213.80.97 55540 (msg: "MISP e27598 [] Outgoing URL http|3a|//117.213.80.97|3a|55540/Mozi.m"; flow:to_server,established; http.header; content:"117.213.80.97"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.63.188.206 55037 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.63.188.206|3a|55037/i"; flow:to_server,established; http.header; content:"115.63.188.206"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.58.154.135 54636 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.58.154.135|3a|54636/Mozi.m"; flow:to_server,established; http.header; content:"115.58.154.135"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.56.158.255 59617 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.56.158.255|3a|59617/i"; flow:to_server,established; http.header; content:"115.56.158.255"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.55.236.60 41720 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.55.236.60|3a|41720/Mozi.m"; flow:to_server,established; http.header; content:"115.55.236.60"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.53.245.129 51104 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.53.245.129|3a|51104/Mozi.m"; flow:to_server,established; http.header; content:"115.53.245.129"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 115.49.203.209 55065 (msg: "MISP e27598 [] Outgoing URL http|3a|//115.49.203.209|3a|55065/Mozi.m"; flow:to_server,established; http.header; content:"115.49.203.209"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 112.248.116.237 60463 (msg: "MISP e27598 [] Outgoing URL http|3a|//112.248.116.237|3a|60463/bin.sh"; flow:to_server,established; http.header; content:"112.248.116.237"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 111.61.191.211 35723 (msg: "MISP e27598 [] Outgoing URL http|3a|//111.61.191.211|3a|35723/bin.sh"; flow:to_server,established; http.header; content:"111.61.191.211"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37968431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27598;) alert http $HOME_NET any -> 175.178.103.238 443 (msg: "MISP e27681 [CobaltStrike] Outgoing URL http|3a|//175.178.103.238|3a|443/64yz"; flow:to_server,established; http.header; content:"175.178.103.238"; fast_pattern; nocase; http.uri; content:"/64yz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38013801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 192.3.216.131 1808 (msg: "MISP e27681 [RAT,RemcosRAT] Outgoing To IP: 192.3.216.131|1808"; classtype:trojan-activity; sid:38013841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 147.45.47.39 80 (msg: "MISP e27681 [RedLineStealer] Outgoing To IP: 147.45.47.39|80"; classtype:trojan-activity; sid:38013851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27597 [] Outgoing URL http|3a|//dev-aol-web-atlantida.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-aol-web-atlantida.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:37966331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27597;) alert dns any any -> any any (msg: "MISP e27597 [] Domain dev-aol-web-atlantida.pantheonsite.io"; dns.query; content:"dev-aol-web-atlantida.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-aol\-web\-atlantida\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:37966351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27597;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27597 [] Outgoing HTTP Domain dev-aol-web-atlantida.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-aol-web-atlantida.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-aol\-web\-atlantida\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:37966352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27597;) alert ip $HOME_NET any -> 3.125.223.134 11258 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.125.223.134|11258"; classtype:trojan-activity; sid:38013861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 18.192.31.165 11258 (msg: "MISP e27681 [njrat] Outgoing To IP: 18.192.31.165|11258"; classtype:trojan-activity; sid:38013871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.124.142.205 11258 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.124.142.205|11258"; classtype:trojan-activity; sid:38013881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.125.102.39 11258 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.125.102.39|11258"; classtype:trojan-activity; sid:38013891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27681 [Pony] Outgoing URL http|3a|//criminallawdc.com/default.php"; flow:to_server,established; http.header; content:"criminallawdc.com"; fast_pattern; nocase; http.uri; content:"/default.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38013911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27681 [Pony] Outgoing URL http|3a|//choiceonesupport.org/default.php"; flow:to_server,established; http.header; content:"choiceonesupport.org"; fast_pattern; nocase; http.uri; content:"/default.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38013921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27681 [Pony] Outgoing URL http|3a|//1callalert.com/default.php"; flow:to_server,established; http.header; content:"1callalert.com"; fast_pattern; nocase; http.uri; content:"/default.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38013931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27638 [] Domain info-personas-banestado.pages.dev"; dns.query; content:"info-personas-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])info\-personas\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38006441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27638;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27638 [] Outgoing HTTP Domain info-personas-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"info-personas-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])info\-personas\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38006442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27638;) alert ip $HOME_NET any -> 46.246.6.12 2054 (msg: "MISP e27681 [njrat,RAT] Outgoing To IP: 46.246.6.12|2054"; classtype:trojan-activity; sid:38013821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27681 [njrat,RAT] Domain mexico2020.duckdns.org"; dns.query; content:"mexico2020.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])mexico2020\.duckdns\.org$/i"; classtype:trojan-activity; sid:38013831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27681 [njrat,RAT] Outgoing HTTP Domain mexico2020.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mexico2020.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mexico2020\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38013832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.125.209.94 11258 (msg: "MISP e27681 [njrat,RAT] Outgoing To IP: 3.125.209.94|11258"; classtype:trojan-activity; sid:38013901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 193.233.132.204 80 (msg: "MISP e27681 [infostealer,RaccoonV2,recordbreaker,stealer] Outgoing To IP: 193.233.132.204|80"; classtype:trojan-activity; sid:38013791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 94.156.8.116 1024 (msg: "MISP e27681 [Mirai] Outgoing To IP: 94.156.8.116|1024"; classtype:trojan-activity; sid:38013771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 103.173.255.143 839 (msg: "MISP e27681 [Gafgyt] Outgoing To IP: 103.173.255.143|839"; classtype:trojan-activity; sid:38013781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 161.97.141.230 7443 (msg: "MISP e27681 [CONTABO,Mythic] Outgoing To IP: 161.97.141.230|7443"; classtype:trojan-activity; sid:38013941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 41.98.180.188 443 (msg: "MISP e27681 [ALGTEL-AS,QakBot] Outgoing To IP: 41.98.180.188|443"; classtype:trojan-activity; sid:38013951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 75.173.32.149 443 (msg: "MISP e27681 [BRSPD-PUBLIC,QakBot] Outgoing To IP: 75.173.32.149|443"; classtype:trojan-activity; sid:38013961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 190.134.52.14 995 (msg: "MISP e27681 [Administracion Nacional de Telecomunicaciones,QakBot] Outgoing To IP: 190.134.52.14|995"; classtype:trojan-activity; sid:38013971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 120.26.243.135 4545 (msg: "MISP e27681 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Supershell] Outgoing To IP: 120.26.243.135|4545"; classtype:trojan-activity; sid:38013981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 101.34.222.185 8888 (msg: "MISP e27681 [Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 101.34.222.185|8888"; classtype:trojan-activity; sid:38013991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 62.109.20.47 80 (msg: "MISP e27681 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 62.109.20.47|80"; classtype:trojan-activity; sid:38014001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 52.28.112.211 14314 (msg: "MISP e27681 [njrat] Outgoing To IP: 52.28.112.211|14314"; classtype:trojan-activity; sid:38014011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.127.253.86 14314 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.127.253.86|14314"; classtype:trojan-activity; sid:38014021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.127.59.75 14314 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.127.59.75|14314"; classtype:trojan-activity; sid:38014031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e24600 [] Domain gdrla-goov.top"; dns.query; content:"gdrla-goov.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])gdrla\-goov\.top$/i"; classtype:trojan-activity; sid:38180881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain gdrla-goov.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gdrla-goov.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gdrla\-goov\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180882; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain online_srevice-alexdamayok569043.codeanyapp.com"; dns.query; content:"online_srevice-alexdamayok569043.codeanyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])online_srevice\-alexdamayok569043\.codeanyapp\.com$/i"; classtype:trojan-activity; sid:38180931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain online_srevice-alexdamayok569043.codeanyapp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"online_srevice-alexdamayok569043.codeanyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])online_srevice\-alexdamayok569043\.codeanyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180932; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 80inc4.wixsite.com"; dns.query; content:"80inc4.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])80inc4\.wixsite\.com$/i"; classtype:trojan-activity; sid:38180971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 80inc4.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"80inc4.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])80inc4\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38180972; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 1certificat-lux8292024.from-tx.com"; dns.query; content:"1certificat-lux8292024.from-tx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])1certificat\-lux8292024\.from\-tx\.com$/i"; classtype:trojan-activity; sid:38181021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 1certificat-lux8292024.from-tx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"1certificat-lux8292024.from-tx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])1certificat\-lux8292024\.from\-tx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38181022; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 92777820092eb0032024.selfip.info"; dns.query; content:"92777820092eb0032024.selfip.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])92777820092eb0032024\.selfip\.info$/i"; classtype:trojan-activity; sid:38181071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 92777820092eb0032024.selfip.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"92777820092eb0032024.selfip.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])92777820092eb0032024\.selfip\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38181072; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 82.156.211.202 1145 (msg: "MISP e27681 [Meterpreter] Outgoing To IP: 82.156.211.202|1145"; classtype:trojan-activity; sid:38014041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 49.12.116.63 443 (msg: "MISP e27681 [Vidar] Outgoing To IP: 49.12.116.63|443"; classtype:trojan-activity; sid:38014061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.125.102.39 16779 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.125.102.39|16779"; classtype:trojan-activity; sid:38014171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 18.158.249.75 16779 (msg: "MISP e27681 [njrat] Outgoing To IP: 18.158.249.75|16779"; classtype:trojan-activity; sid:38014181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 18.192.31.165 16779 (msg: "MISP e27681 [njrat] Outgoing To IP: 18.192.31.165|16779"; classtype:trojan-activity; sid:38014191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 141.98.7.17 49760 (msg: "MISP e27681 [c2,moobot] Outgoing To IP: 141.98.7.17|49760"; classtype:trojan-activity; sid:38014161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 45.13.227.12 43957 (msg: "MISP e27681 [c2,moobot] Outgoing To IP: 45.13.227.12|43957"; classtype:trojan-activity; sid:38014151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 103.67.197.185 2023 (msg: "MISP e27681 [c2,moobot] Outgoing To IP: 103.67.197.185|2023"; classtype:trojan-activity; sid:38014141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 103.172.79.74 43957 (msg: "MISP e27681 [c2,moobot] Outgoing To IP: 103.172.79.74|43957"; classtype:trojan-activity; sid:38014131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 103.173.255.143 42516 (msg: "MISP e27681 [c2,elf,Mirai] Outgoing To IP: 103.173.255.143|42516"; classtype:trojan-activity; sid:38014111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 91.92.251.30 9506 (msg: "MISP e27681 [c2,elf,Mirai] Outgoing To IP: 91.92.251.30|9506"; classtype:trojan-activity; sid:38014121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 51.81.0.241 1312 (msg: "MISP e27681 [c2,elf,Mirai] Outgoing To IP: 51.81.0.241|1312"; classtype:trojan-activity; sid:38014071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 147.78.103.89 5958 (msg: "MISP e27681 [c2,elf,Mirai] Outgoing To IP: 147.78.103.89|5958"; classtype:trojan-activity; sid:38014091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 45.125.66.129 37215 (msg: "MISP e27681 [c2,elf,Mirai] Outgoing To IP: 45.125.66.129|37215"; classtype:trojan-activity; sid:38014101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 141.98.7.12 1985 (msg: "MISP e27681 [c2,elf,Mirai] Outgoing To IP: 141.98.7.12|1985"; classtype:trojan-activity; sid:38014081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 192.3.216.140 52498 (msg: "MISP e27681 [remcos] Outgoing To IP: 192.3.216.140|52498"; classtype:trojan-activity; sid:38014201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.125.223.134 16779 (msg: "MISP e27681 [njrat,RAT] Outgoing To IP: 3.125.223.134|16779"; classtype:trojan-activity; sid:38014211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET 2096 (msg: "MISP e27681 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-305419896] Outgoing URL http|3a|//www.test9977.tk|3a|2096/cx"; flow:to_server,established; http.header; content:"www.test9977.tk"; fast_pattern; nocase; http.uri; content:"/cx"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET 2095 (msg: "MISP e27681 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-305419896] Outgoing URL http|3a|//www.test9977.tk|3a|2095/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"www.test9977.tk"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> 47.99.177.59 3389 (msg: "MISP e27681 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-305419896] Outgoing URL http|3a|//47.99.177.59|3a|3389/ca"; flow:to_server,established; http.header; content:"47.99.177.59"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> 1.94.110.130 808 (msg: "MISP e27681 [CobaltStrike,cs-watermark-987654321,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.110.130|3a|808/pixel.gif"; flow:to_server,established; http.header; content:"1.94.110.130"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 141.98.7.62 44556 (msg: "MISP e27681 [c2,moobot] Outgoing To IP: 141.98.7.62|44556"; classtype:trojan-activity; sid:38014251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27681 [CobaltStrike,cs-watermark-0,Eons Data Communications Limited] Domain ns1.dice1018.top"; dns.query; content:"ns1.dice1018.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.dice1018\.top$/i"; classtype:trojan-activity; sid:38014291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27681 [CobaltStrike,cs-watermark-0,Eons Data Communications Limited] Outgoing HTTP Domain ns1.dice1018.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.dice1018.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.dice1018\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38014292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27681 [CobaltStrike,cs-watermark-0,Eons Data Communications Limited] Domain ns2.dice1018.top"; dns.query; content:"ns2.dice1018.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.dice1018\.top$/i"; classtype:trojan-activity; sid:38014301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27681 [CobaltStrike,cs-watermark-0,Eons Data Communications Limited] Outgoing HTTP Domain ns2.dice1018.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns2.dice1018.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.dice1018\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38014302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 38.181.70.201 53 (msg: "MISP e27681 [CobaltStrike,cs-watermark-0,Eons Data Communications Limited] Outgoing To IP: 38.181.70.201|53"; classtype:trojan-activity; sid:38014311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aiglebootsaustralia.com"; dns.query; content:"aiglebootsaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aiglebootsaustralia\.com$/i"; classtype:trojan-activity; sid:38168961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aiglebootsaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aiglebootsaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aiglebootsaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain air-jordan-usdt.com"; dns.query; content:"air-jordan-usdt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])air\-jordan\-usdt\.com$/i"; classtype:trojan-activity; sid:38168971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain air-jordan-usdt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"air-jordan-usdt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])air\-jordan\-usdt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicsmagyarorszaghu.com"; dns.query; content:"asicsmagyarorszaghu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsmagyarorszaghu\.com$/i"; classtype:trojan-activity; sid:38168981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicsmagyarorszaghu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicsmagyarorszaghu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsmagyarorszaghu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicsphilippinestore.com"; dns.query; content:"asicsphilippinestore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsphilippinestore\.com$/i"; classtype:trojan-activity; sid:38168991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicsphilippinestore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicsphilippinestore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsphilippinestore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38168992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicstr-turkiye.com"; dns.query; content:"asicstr-turkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicstr\-turkiye\.com$/i"; classtype:trojan-activity; sid:38169001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicstr-turkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicstr-turkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicstr\-turkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicsuruguay-uy.com"; dns.query; content:"asicsuruguay-uy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsuruguay\-uy\.com$/i"; classtype:trojan-activity; sid:38169011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicsuruguay-uy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicsuruguay-uy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsuruguay\-uy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain axelarigato-se.com"; dns.query; content:"axelarigato-se.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-se\.com$/i"; classtype:trojan-activity; sid:38169021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain axelarigato-se.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"axelarigato-se.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])axelarigato\-se\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain balenciagasingaporeonline.com"; dns.query; content:"balenciagasingaporeonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])balenciagasingaporeonline\.com$/i"; classtype:trojan-activity; sid:38169031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain balenciagasingaporeonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"balenciagasingaporeonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])balenciagasingaporeonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain carhartt-australia.com"; dns.query; content:"carhartt-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])carhartt\-australia\.com$/i"; classtype:trojan-activity; sid:38169041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain carhartt-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"carhartt-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])carhartt\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain carhartt--nz.com"; dns.query; content:"carhartt--nz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])carhartt\-\-nz\.com$/i"; classtype:trojan-activity; sid:38169051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain carhartt--nz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"carhartt--nz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])carhartt\-\-nz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain carharttphilippines.com"; dns.query; content:"carharttphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])carharttphilippines\.com$/i"; classtype:trojan-activity; sid:38169061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain carharttphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"carharttphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])carharttphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain colombia-veja.com"; dns.query; content:"colombia-veja.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])colombia\-veja\.com$/i"; classtype:trojan-activity; sid:38169071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain colombia-veja.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"colombia-veja.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])colombia\-veja\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain crocscloghungary.com"; dns.query; content:"crocscloghungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])crocscloghungary\.com$/i"; classtype:trojan-activity; sid:38169081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain crocscloghungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crocscloghungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crocscloghungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain demoniaitalia.com"; dns.query; content:"demoniaitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])demoniaitalia\.com$/i"; classtype:trojan-activity; sid:38169091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain demoniaitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"demoniaitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])demoniaitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain demoniashoes-portugal.com"; dns.query; content:"demoniashoes-portugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])demoniashoes\-portugal\.com$/i"; classtype:trojan-activity; sid:38169101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain demoniashoes-portugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"demoniashoes-portugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])demoniashoes\-portugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain diadora-turkiy.com"; dns.query; content:"diadora-turkiy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])diadora\-turkiy\.com$/i"; classtype:trojan-activity; sid:38169111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain diadora-turkiy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"diadora-turkiy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])diadora\-turkiy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain docmartensbootssale.com"; dns.query; content:"docmartensbootssale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])docmartensbootssale\.com$/i"; classtype:trojan-activity; sid:38169121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain docmartensbootssale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"docmartensbootssale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])docmartensbootssale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain docmartenshaesireland.com"; dns.query; content:"docmartenshaesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])docmartenshaesireland\.com$/i"; classtype:trojan-activity; sid:38169131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain docmartenshaesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"docmartenshaesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])docmartenshaesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doctormartensboty.com"; dns.query; content:"doctormartensboty.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doctormartensboty\.com$/i"; classtype:trojan-activity; sid:38169141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doctormartensboty.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doctormartensboty.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doctormartensboty\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain drmartenswinkelbelgie.com"; dns.query; content:"drmartenswinkelbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartenswinkelbelgie\.com$/i"; classtype:trojan-activity; sid:38169151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain drmartenswinkelbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"drmartenswinkelbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])drmartenswinkelbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain eccogreece-gr.com"; dns.query; content:"eccogreece-gr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eccogreece\-gr\.com$/i"; classtype:trojan-activity; sid:38169161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain eccogreece-gr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eccogreece-gr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eccogreece\-gr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain eccoshoessingapore-sg.com"; dns.query; content:"eccoshoessingapore-sg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eccoshoessingapore\-sg\.com$/i"; classtype:trojan-activity; sid:38169171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain eccoshoessingapore-sg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eccoshoessingapore-sg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eccoshoessingapore\-sg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain eccosouthafrica-za.com"; dns.query; content:"eccosouthafrica-za.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eccosouthafrica\-za\.com$/i"; classtype:trojan-activity; sid:38169181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain eccosouthafrica-za.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eccosouthafrica-za.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eccosouthafrica\-za\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ecuadors-puma.com"; dns.query; content:"ecuadors-puma.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecuadors\-puma\.com$/i"; classtype:trojan-activity; sid:38169191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ecuadors-puma.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecuadors-puma.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecuadors\-puma\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-singapore.com"; dns.query; content:"ellesse-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-singapore\.com$/i"; classtype:trojan-activity; sid:38169201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinissingapore.com"; dns.query; content:"frankiesbikinissingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinissingapore\.com$/i"; classtype:trojan-activity; sid:38169211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinissingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinissingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinissingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fredperrysdublin.com"; dns.query; content:"fredperrysdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrysdublin\.com$/i"; classtype:trojan-activity; sid:38169221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fredperrysdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fredperrysdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrysdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fredperrysperu.com"; dns.query; content:"fredperrysperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrysperu\.com$/i"; classtype:trojan-activity; sid:38169231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fredperrysperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fredperrysperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fredperrysperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain fruitoftheloom-india.com"; dns.query; content:"fruitoftheloom-india.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloom\-india\.com$/i"; classtype:trojan-activity; sid:38169241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain fruitoftheloom-india.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fruitoftheloom-india.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fruitoftheloom\-india\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gl-lulustapa.com"; dns.query; content:"gl-lulustapa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gl\-lulustapa\.com$/i"; classtype:trojan-activity; sid:38169251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gl-lulustapa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gl-lulustapa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gl\-lulustapa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain greece-veja.com"; dns.query; content:"greece-veja.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])greece\-veja\.com$/i"; classtype:trojan-activity; sid:38169261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain greece-veja.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"greece-veja.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])greece\-veja\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain guessproduct.com"; dns.query; content:"guessproduct.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])guessproduct\.com$/i"; classtype:trojan-activity; sid:38169271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain guessproduct.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"guessproduct.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])guessproduct\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkbe.com"; dns.query; content:"gymsharkbe.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkbe\.com$/i"; classtype:trojan-activity; sid:38169281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkbe.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkbe.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkbe\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkcolombiaonline.com"; dns.query; content:"gymsharkcolombiaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkcolombiaonline\.com$/i"; classtype:trojan-activity; sid:38169291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkcolombiaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkcolombiaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkcolombiaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkgreeces.com"; dns.query; content:"gymsharkgreeces.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkgreeces\.com$/i"; classtype:trojan-activity; sid:38169301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkgreeces.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkgreeces.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkgreeces\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkvenezuela.com"; dns.query; content:"gymsharkvenezuela.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkvenezuela\.com$/i"; classtype:trojan-activity; sid:38169311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkvenezuela.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkvenezuela.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkvenezuela\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hokapolska-pl.com"; dns.query; content:"hokapolska-pl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hokapolska\-pl\.com$/i"; classtype:trojan-activity; sid:38169321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hokapolska-pl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hokapolska-pl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hokapolska\-pl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jordanshoesgreeceshop.com"; dns.query; content:"jordanshoesgreeceshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jordanshoesgreeceshop\.com$/i"; classtype:trojan-activity; sid:38169331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jordanshoesgreeceshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jordanshoesgreeceshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jordanshoesgreeceshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lojasdiadorasportugal.com"; dns.query; content:"lojasdiadorasportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lojasdiadorasportugal\.com$/i"; classtype:trojan-activity; sid:38169341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lojasdiadorasportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lojasdiadorasportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lojasdiadorasportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonamerica.com"; dns.query; content:"lululemonamerica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonamerica\.com$/i"; classtype:trojan-activity; sid:38169351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonamerica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonamerica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonamerica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonargentinaar.com"; dns.query; content:"lululemonargentinaar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonargentinaar\.com$/i"; classtype:trojan-activity; sid:38169361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonargentinaar.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonargentinaar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonargentinaar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonathleticauk.com"; dns.query; content:"lululemonathleticauk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonathleticauk\.com$/i"; classtype:trojan-activity; sid:38169371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonathleticauk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonathleticauk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonathleticauk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonausale.com"; dns.query; content:"lululemonausale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonausale\.com$/i"; classtype:trojan-activity; sid:38169381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonausale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonausale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonausale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemon-belgium.com"; dns.query; content:"lululemon-belgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemon\-belgium\.com$/i"; classtype:trojan-activity; sid:38169391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemon-belgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemon-belgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemon\-belgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonbudapest.com"; dns.query; content:"lululemonbudapest.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonbudapest\.com$/i"; classtype:trojan-activity; sid:38169401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonbudapest.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonbudapest.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonbudapest\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemoncananda.com"; dns.query; content:"lululemoncananda.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemoncananda\.com$/i"; classtype:trojan-activity; sid:38169411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemoncananda.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemoncananda.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemoncananda\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemoncapetown.com"; dns.query; content:"lululemoncapetown.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemoncapetown\.com$/i"; classtype:trojan-activity; sid:38169421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemoncapetown.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemoncapetown.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemoncapetown\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemondeutschland.com"; dns.query; content:"lululemondeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemondeutschland\.com$/i"; classtype:trojan-activity; sid:38169431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemondeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemondeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemondeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemondublin.com"; dns.query; content:"lululemondublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemondublin\.com$/i"; classtype:trojan-activity; sid:38169441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemondublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemondublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemondublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemondublinireland.com"; dns.query; content:"lululemondublinireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemondublinireland\.com$/i"; classtype:trojan-activity; sid:38169451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemondublinireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemondublinireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemondublinireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemoneesti.com"; dns.query; content:"lululemoneesti.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemoneesti\.com$/i"; classtype:trojan-activity; sid:38169461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemoneesti.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemoneesti.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemoneesti\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonhelsinki.com"; dns.query; content:"lululemonhelsinki.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonhelsinki\.com$/i"; classtype:trojan-activity; sid:38169471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonhelsinki.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonhelsinki.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonhelsinki\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemon-hrvatska.com"; dns.query; content:"lululemon-hrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemon\-hrvatska\.com$/i"; classtype:trojan-activity; sid:38169481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemon-hrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemon-hrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemon\-hrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonhungaryhu.com"; dns.query; content:"lululemonhungaryhu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonhungaryhu\.com$/i"; classtype:trojan-activity; sid:38169491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonhungaryhu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonhungaryhu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonhungaryhu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonindiaonline.com"; dns.query; content:"lululemonindiaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonindiaonline\.com$/i"; classtype:trojan-activity; sid:38169501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonindiaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonindiaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonindiaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonjapanjp.com"; dns.query; content:"lululemonjapanjp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonjapanjp\.com$/i"; classtype:trojan-activity; sid:38169511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonjapanjp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonjapanjp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonjapanjp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonnzsale.com"; dns.query; content:"lululemonnzsale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonnzsale\.com$/i"; classtype:trojan-activity; sid:38169521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonnzsale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonnzsale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonnzsale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonoutletmexico.com"; dns.query; content:"lululemonoutletmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonoutletmexico\.com$/i"; classtype:trojan-activity; sid:38169531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonoutletmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonoutletmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonoutletmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonromaniaro.com"; dns.query; content:"lululemonromaniaro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonromaniaro\.com$/i"; classtype:trojan-activity; sid:38169541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonromaniaro.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonromaniaro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonromaniaro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonschweizch.com"; dns.query; content:"lululemonschweizch.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonschweizch\.com$/i"; classtype:trojan-activity; sid:38169551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonschweizch.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonschweizch.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonschweizch\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonsgonline.com"; dns.query; content:"lululemonsgonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonsgonline\.com$/i"; classtype:trojan-activity; sid:38169561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonsgonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonsgonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonsgonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonsydney.com"; dns.query; content:"lululemonsydney.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonsydney\.com$/i"; classtype:trojan-activity; sid:38169571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonsydney.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonsydney.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonsydney\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonturkey.com"; dns.query; content:"lululemonturkey.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonturkey\.com$/i"; classtype:trojan-activity; sid:38169581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonturkey.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonturkey.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonturkey\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonuaeonline.com"; dns.query; content:"lululemonuaeonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonuaeonline\.com$/i"; classtype:trojan-activity; sid:38169591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonuaeonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonuaeonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonuaeonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonudsalg.com"; dns.query; content:"lululemonudsalg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonudsalg\.com$/i"; classtype:trojan-activity; sid:38169601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonudsalg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonudsalg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonudsalg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonunitedkingdom.com"; dns.query; content:"lululemonunitedkingdom.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonunitedkingdom\.com$/i"; classtype:trojan-activity; sid:38169611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonunitedkingdom.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonunitedkingdom.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonunitedkingdom\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain luluoutletcanada.com"; dns.query; content:"luluoutletcanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])luluoutletcanada\.com$/i"; classtype:trojan-activity; sid:38169641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain luluoutletcanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luluoutletcanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luluoutletcanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain luluoutletvancouver.com"; dns.query; content:"luluoutletvancouver.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])luluoutletvancouver\.com$/i"; classtype:trojan-activity; sid:38169651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain luluoutletvancouver.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luluoutletvancouver.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luluoutletvancouver\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain luluperu.com"; dns.query; content:"luluperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])luluperu\.com$/i"; classtype:trojan-activity; sid:38169661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain luluperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luluperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luluperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain luluphilippines.com"; dns.query; content:"luluphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])luluphilippines\.com$/i"; classtype:trojan-activity; sid:38169671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain luluphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luluphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luluphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lulupolska.com"; dns.query; content:"lulupolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lulupolska\.com$/i"; classtype:trojan-activity; sid:38169681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lulupolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lulupolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lulupolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lulusverige.com"; dns.query; content:"lulusverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lulusverige\.com$/i"; classtype:trojan-activity; sid:38169691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lulusverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lulusverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lulusverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain merrell-fr.com"; dns.query; content:"merrell-fr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])merrell\-fr\.com$/i"; classtype:trojan-activity; sid:38169711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain merrell-fr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merrell-fr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merrell\-fr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain merrellshoesukclearance.com"; dns.query; content:"merrellshoesukclearance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellshoesukclearance\.com$/i"; classtype:trojan-activity; sid:38169721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain merrellshoesukclearance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merrellshoesukclearance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellshoesukclearance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunochileoutlet.com"; dns.query; content:"mizunochileoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunochileoutlet\.com$/i"; classtype:trojan-activity; sid:38169731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunochileoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunochileoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunochileoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoncolombia.com"; dns.query; content:"mizunoncolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoncolombia\.com$/i"; classtype:trojan-activity; sid:38169741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoncolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoncolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoncolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain monteccolombia.com"; dns.query; content:"monteccolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])monteccolombia\.com$/i"; classtype:trojan-activity; sid:38169751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain monteccolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"monteccolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])monteccolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockssingapore.com"; dns.query; content:"motelrockssingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockssingapore\.com$/i"; classtype:trojan-activity; sid:38169761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockssingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockssingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockssingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nikeoutlet-ar.com"; dns.query; content:"nikeoutlet-ar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeoutlet\-ar\.com$/i"; classtype:trojan-activity; sid:38169771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nikeoutlet-ar.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nikeoutlet-ar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nikeoutlet\-ar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain oakleyxsunglassesindia.com"; dns.query; content:"oakleyxsunglassesindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])oakleyxsunglassesindia\.com$/i"; classtype:trojan-activity; sid:38169781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain oakleyxsunglassesindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oakleyxsunglassesindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oakleyxsunglassesindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukaioutletpt.com"; dns.query; content:"olukaioutletpt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaioutletpt\.com$/i"; classtype:trojan-activity; sid:38169791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukaioutletpt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukaioutletpt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukaioutletpt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain palladiumsingaporea.com"; dns.query; content:"palladiumsingaporea.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])palladiumsingaporea\.com$/i"; classtype:trojan-activity; sid:38169801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain palladiumsingaporea.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"palladiumsingaporea.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])palladiumsingaporea\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain persol-greece.com"; dns.query; content:"persol-greece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])persol\-greece\.com$/i"; classtype:trojan-activity; sid:38169811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain persol-greece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"persol-greece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])persol\-greece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain polenescanada.com"; dns.query; content:"polenescanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])polenescanada\.com$/i"; classtype:trojan-activity; sid:38169821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain polenescanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"polenescanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])polenescanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumacipo-hu.com"; dns.query; content:"pumacipo-hu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumacipo\-hu\.com$/i"; classtype:trojan-activity; sid:38169831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumacipo-hu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumacipo-hu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumacipo\-hu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumacolombiabogota.com"; dns.query; content:"pumacolombiabogota.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumacolombiabogota\.com$/i"; classtype:trojan-activity; sid:38169841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumacolombiabogota.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumacolombiabogota.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumacolombiabogota\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumascostarica.com"; dns.query; content:"pumascostarica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumascostarica\.com$/i"; classtype:trojan-activity; sid:38169851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumascostarica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumascostarica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumascostarica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowabrasil.com"; dns.query; content:"rimowabrasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowabrasil\.com$/i"; classtype:trojan-activity; sid:38169861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowabrasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowabrasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowabrasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-dubai.com"; dns.query; content:"rimowa-dubai.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-dubai\.com$/i"; classtype:trojan-activity; sid:38169871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-dubai.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-dubai.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-dubai\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain romaniapuma.com"; dns.query; content:"romaniapuma.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])romaniapuma\.com$/i"; classtype:trojan-activity; sid:38169881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain romaniapuma.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"romaniapuma.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])romaniapuma\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sauconyfactory-outlet.com"; dns.query; content:"sauconyfactory-outlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sauconyfactory\-outlet\.com$/i"; classtype:trojan-activity; sid:38169891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sauconyfactory-outlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sauconyfactory-outlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sauconyfactory\-outlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain slovenija-veja.com"; dns.query; content:"slovenija-veja.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])slovenija\-veja\.com$/i"; classtype:trojan-activity; sid:38169901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain slovenija-veja.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"slovenija-veja.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])slovenija\-veja\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sperryschwaiz.com"; dns.query; content:"sperryschwaiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sperryschwaiz\.com$/i"; classtype:trojan-activity; sid:38169911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sperryschwaiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sperryschwaiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sperryschwaiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendahokachile.com"; dns.query; content:"tiendahokachile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendahokachile\.com$/i"; classtype:trojan-activity; sid:38169921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendahokachile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendahokachile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendahokachile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendasnorthfacecdmx.com"; dns.query; content:"tiendasnorthfacecdmx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendasnorthfacecdmx\.com$/i"; classtype:trojan-activity; sid:38169931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendasnorthfacecdmx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendasnorthfacecdmx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendasnorthfacecdmx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionclothinguk.com"; dns.query; content:"truereligionclothinguk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionclothinguk\.com$/i"; classtype:trojan-activity; sid:38169941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionclothinguk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionclothinguk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionclothinguk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligioncz.com"; dns.query; content:"truereligioncz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligioncz\.com$/i"; classtype:trojan-activity; sid:38169951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligioncz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligioncz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligioncz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionfarkutsuomi.com"; dns.query; content:"truereligionfarkutsuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionfarkutsuomi\.com$/i"; classtype:trojan-activity; sid:38169961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionfarkutsuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionfarkutsuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionfarkutsuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansbelgie.com"; dns.query; content:"truereligionjeansbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansbelgie\.com$/i"; classtype:trojan-activity; sid:38169971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeanschile.com"; dns.query; content:"truereligionjeanschile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeanschile\.com$/i"; classtype:trojan-activity; sid:38169981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeanschile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeanschile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeanschile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansdanmark.com"; dns.query; content:"truereligionjeansdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansdanmark\.com$/i"; classtype:trojan-activity; sid:38169991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38169992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansespana.com"; dns.query; content:"truereligionjeansespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansespana\.com$/i"; classtype:trojan-activity; sid:38170001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansgreece.com"; dns.query; content:"truereligionjeansgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansgreece\.com$/i"; classtype:trojan-activity; sid:38170011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansindia.com"; dns.query; content:"truereligionjeansindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansindia\.com$/i"; classtype:trojan-activity; sid:38170021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansireland.com"; dns.query; content:"truereligionjeansireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansireland\.com$/i"; classtype:trojan-activity; sid:38170031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansisrael.com"; dns.query; content:"truereligionjeansisrael.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansisrael\.com$/i"; classtype:trojan-activity; sid:38170041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansisrael.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansisrael.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansisrael\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansjapan.com"; dns.query; content:"truereligionjeansjapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansjapan\.com$/i"; classtype:trojan-activity; sid:38170051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansjapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansjapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansjapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansmalaysia.com"; dns.query; content:"truereligionjeansmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansmalaysia\.com$/i"; classtype:trojan-activity; sid:38170061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansmexico.com"; dns.query; content:"truereligionjeansmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansmexico\.com$/i"; classtype:trojan-activity; sid:38170071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansphilippines.com"; dns.query; content:"truereligionjeansphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansphilippines\.com$/i"; classtype:trojan-activity; sid:38170081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeanspolska.com"; dns.query; content:"truereligionjeanspolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeanspolska\.com$/i"; classtype:trojan-activity; sid:38170091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeanspolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeanspolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeanspolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansportugal.com"; dns.query; content:"truereligionjeansportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansportugal\.com$/i"; classtype:trojan-activity; sid:38170101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansromania.com"; dns.query; content:"truereligionjeansromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansromania\.com$/i"; classtype:trojan-activity; sid:38170111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeanssingapore.com"; dns.query; content:"truereligionjeanssingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeanssingapore\.com$/i"; classtype:trojan-activity; sid:38170121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeanssingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeanssingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeanssingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionksa.com"; dns.query; content:"truereligionksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionksa\.com$/i"; classtype:trojan-activity; sid:38170131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionschweiz.com"; dns.query; content:"truereligionschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionschweiz\.com$/i"; classtype:trojan-activity; sid:38170141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ukcarhartt.com"; dns.query; content:"ukcarhartt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ukcarhartt\.com$/i"; classtype:trojan-activity; sid:38170151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ukcarhartt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ukcarhartt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ukcarhartt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain urbanrevivesingapore.com"; dns.query; content:"urbanrevivesingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])urbanrevivesingapore\.com$/i"; classtype:trojan-activity; sid:38170161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain urbanrevivesingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"urbanrevivesingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])urbanrevivesingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejaaustralia-au.com"; dns.query; content:"vejaaustralia-au.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejaaustralia\-au\.com$/i"; classtype:trojan-activity; sid:38170171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejaaustralia-au.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejaaustralia-au.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejaaustralia\-au\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain veja-ecuador.com"; dns.query; content:"veja-ecuador.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-ecuador\.com$/i"; classtype:trojan-activity; sid:38170181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain veja-ecuador.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"veja-ecuador.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-ecuador\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejakenatale.com"; dns.query; content:"vejakenatale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejakenatale\.com$/i"; classtype:trojan-activity; sid:38170191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejakenatale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejakenatale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejakenatale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejamexicos.com"; dns.query; content:"vejamexicos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejamexicos\.com$/i"; classtype:trojan-activity; sid:38170201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejamexicos.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejamexicos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejamexicos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejaportugal-pt.com"; dns.query; content:"vejaportugal-pt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejaportugal\-pt\.com$/i"; classtype:trojan-activity; sid:38170211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejaportugal-pt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejaportugal-pt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejaportugal\-pt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejashoes-hungary.com"; dns.query; content:"vejashoes-hungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejashoes\-hungary\.com$/i"; classtype:trojan-activity; sid:38170221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejashoes-hungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejashoes-hungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejashoes\-hungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain veja-shoes-philippines.com"; dns.query; content:"veja-shoes-philippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-shoes\-philippines\.com$/i"; classtype:trojan-activity; sid:38170231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain veja-shoes-philippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"veja-shoes-philippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-shoes\-philippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejashoessrbija.com"; dns.query; content:"vejashoessrbija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejashoessrbija\.com$/i"; classtype:trojan-activity; sid:38170241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejashoessrbija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejashoessrbija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejashoessrbija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejasportugal.com"; dns.query; content:"vejasportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejasportugal\.com$/i"; classtype:trojan-activity; sid:38170251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejasportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejasportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejasportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain veja-zapatillaschile.com"; dns.query; content:"veja-zapatillaschile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-zapatillaschile\.com$/i"; classtype:trojan-activity; sid:38170261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain veja-zapatillaschile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"veja-zapatillaschile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])veja\-zapatillaschile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain whitesbootssingapore.com"; dns.query; content:"whitesbootssingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])whitesbootssingapore\.com$/i"; classtype:trojan-activity; sid:38170271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain whitesbootssingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"whitesbootssingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])whitesbootssingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain wolverinebootsstore.com"; dns.query; content:"wolverinebootsstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wolverinebootsstore\.com$/i"; classtype:trojan-activity; sid:38170281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain wolverinebootsstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wolverinebootsstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wolverinebootsstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain zapatillasmerrell-argentina.com"; dns.query; content:"zapatillasmerrell-argentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatillasmerrell\-argentina\.com$/i"; classtype:trojan-activity; sid:38170291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain zapatillasmerrell-argentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zapatillasmerrell-argentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatillasmerrell\-argentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain zapatillasmerrelluruguay.com"; dns.query; content:"zapatillasmerrelluruguay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatillasmerrelluruguay\.com$/i"; classtype:trojan-activity; sid:38170301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain zapatillasmerrelluruguay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zapatillasmerrelluruguay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatillasmerrelluruguay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain zapatillasvejaperu.com"; dns.query; content:"zapatillasvejaperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatillasvejaperu\.com$/i"; classtype:trojan-activity; sid:38170311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain zapatillasvejaperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zapatillasvejaperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatillasvejaperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain zapatoseccochile-cl.com"; dns.query; content:"zapatoseccochile-cl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatoseccochile\-cl\.com$/i"; classtype:trojan-activity; sid:38170321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain zapatoseccochile-cl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zapatoseccochile-cl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatoseccochile\-cl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain zapetossperrycolombia.com"; dns.query; content:"zapetossperrycolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zapetossperrycolombia\.com$/i"; classtype:trojan-activity; sid:38170331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain zapetossperrycolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zapetossperrycolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zapetossperrycolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27681 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing URL http|3a|//blm-wiki.com/validate/v8.18/84le6psohs"; flow:to_server,established; http.header; content:"blm-wiki.com"; fast_pattern; nocase; http.uri; content:"/validate/v8.18/84le6psohs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27681 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Domain blm-wiki.com"; dns.query; content:"blm-wiki.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])blm\-wiki\.com$/i"; classtype:trojan-activity; sid:38014331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27681 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing HTTP Domain blm-wiki.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blm-wiki.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blm\-wiki\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38014332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27681 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing URL http|3a|//jango-pulse.com/validate/v8.18/84le6psohs"; flow:to_server,established; http.header; content:"jango-pulse.com"; fast_pattern; nocase; http.uri; content:"/validate/v8.18/84le6psohs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27681 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Domain jango-pulse.com"; dns.query; content:"jango-pulse.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jango\-pulse\.com$/i"; classtype:trojan-activity; sid:38014351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27681 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing HTTP Domain jango-pulse.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jango-pulse.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jango\-pulse\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38014352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> 194.165.16.59 $HTTP_PORTS (msg: "MISP e27681 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing URL http|3a|//194.165.16.59/validate/v8.18/84le6psohs"; flow:to_server,established; http.header; content:"194.165.16.59"; fast_pattern; nocase; http.uri; content:"/validate/v8.18/84le6psohs"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 194.165.16.59 80 (msg: "MISP e27681 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing To IP: 194.165.16.59|80"; classtype:trojan-activity; sid:38014371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> 47.92.158.101 8080 (msg: "MISP e27681 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-666666666] Outgoing URL http|3a|//47.92.158.101|3a|8080/mall_100_100.html"; flow:to_server,established; http.header; content:"47.92.158.101"; fast_pattern; nocase; http.uri; content:"/mall_100_100.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 93.123.85.75 666 (msg: "MISP e27681 [Gafgyt] Outgoing To IP: 93.123.85.75|666"; classtype:trojan-activity; sid:38014281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.124.142.205 19607 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.124.142.205|19607"; classtype:trojan-activity; sid:38014401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 18.192.31.165 19607 (msg: "MISP e27681 [njrat] Outgoing To IP: 18.192.31.165|19607"; classtype:trojan-activity; sid:38014411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.125.102.39 19607 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.125.102.39|19607"; classtype:trojan-activity; sid:38014421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.125.223.134 19607 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.125.223.134|19607"; classtype:trojan-activity; sid:38014431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.125.209.94 19607 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.125.209.94|19607"; classtype:trojan-activity; sid:38014441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 18.192.31.165 17485 (msg: "MISP e27681 [njrat] Outgoing To IP: 18.192.31.165|17485"; classtype:trojan-activity; sid:38014451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.125.223.134 17485 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.125.223.134|17485"; classtype:trojan-activity; sid:38014461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.125.102.39 17485 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.125.102.39|17485"; classtype:trojan-activity; sid:38014471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 18.158.249.75 17485 (msg: "MISP e27681 [njrat] Outgoing To IP: 18.158.249.75|17485"; classtype:trojan-activity; sid:38014481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.124.142.205 17485 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.124.142.205|17485"; classtype:trojan-activity; sid:38014491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 147.45.77.28 4258 (msg: "MISP e27681 [Gafgyt] Outgoing To IP: 147.45.77.28|4258"; classtype:trojan-activity; sid:38014391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27677 [] Domain tarjetacencosud-cl.masterstroke.consulting"; dns.query; content:"tarjetacencosud-cl.masterstroke.consulting"; nocase; pcre: "/(^|[^A-Za-z0-9-])tarjetacencosud\-cl\.masterstroke\.consulting$/i"; classtype:trojan-activity; sid:38013451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27677;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27677 [] Outgoing HTTP Domain tarjetacencosud-cl.masterstroke.consulting"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tarjetacencosud-cl.masterstroke.consulting"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tarjetacencosud\-cl\.masterstroke\.consulting[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38013452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27677;) alert ip $HOME_NET any -> 194.48.250.133 23 (msg: "MISP e27681 [Gafgyt] Outgoing To IP: 194.48.250.133|23"; classtype:trojan-activity; sid:38014571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 178.20.40.225 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 178.20.40.225|1311"; classtype:trojan-activity; sid:38014551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 95.142.45.151 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 95.142.45.151|1311"; classtype:trojan-activity; sid:38014541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 193.178.170.114 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 193.178.170.114|1311"; classtype:trojan-activity; sid:38014561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 18.158.249.75 19607 (msg: "MISP e27681 [njrat,RAT] Outgoing To IP: 18.158.249.75|19607"; classtype:trojan-activity; sid:38014511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 62.113.112.234 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 62.113.112.234|1311"; classtype:trojan-activity; sid:38014521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 94.103.85.34 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 94.103.85.34|1311"; classtype:trojan-activity; sid:38014531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.125.209.94 17485 (msg: "MISP e27681 [njrat,RAT] Outgoing To IP: 3.125.209.94|17485"; classtype:trojan-activity; sid:38014501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 3.69.115.178 13672 (msg: "MISP e27681 [njrat] Outgoing To IP: 3.69.115.178|13672"; classtype:trojan-activity; sid:38014581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 18.197.239.109 13672 (msg: "MISP e27681 [njrat] Outgoing To IP: 18.197.239.109|13672"; classtype:trojan-activity; sid:38014591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> 46.183.223.73 7000 (msg: "MISP e27681 [RAT,WSHRAT] Outgoing URL http|3a|//46.183.223.73|3a|7000/is-ready"; flow:to_server,established; http.header; content:"46.183.223.73"; fast_pattern; nocase; http.uri; content:"/is-ready"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aldobootssouthafrica.com"; dns.query; content:"aldobootssouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aldobootssouthafrica\.com$/i"; classtype:trojan-activity; sid:38170351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aldobootssouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aldobootssouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aldobootssouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain allbirdsshoessingapore.com"; dns.query; content:"allbirdsshoessingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])allbirdsshoessingapore\.com$/i"; classtype:trojan-activity; sid:38170361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain allbirdsshoessingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"allbirdsshoessingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])allbirdsshoessingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain barbourphilippines.com"; dns.query; content:"barbourphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])barbourphilippines\.com$/i"; classtype:trojan-activity; sid:38170371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain barbourphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"barbourphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])barbourphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain belgie-veja.com"; dns.query; content:"belgie-veja.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])belgie\-veja\.com$/i"; classtype:trojan-activity; sid:38170381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain belgie-veja.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"belgie-veja.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])belgie\-veja\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain caterpillarmy.com"; dns.query; content:"caterpillarmy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillarmy\.com$/i"; classtype:trojan-activity; sid:38170391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain caterpillarmy.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caterpillarmy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillarmy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain caterpillaroutletpl.com"; dns.query; content:"caterpillaroutletpl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillaroutletpl\.com$/i"; classtype:trojan-activity; sid:38170401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain caterpillaroutletpl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"caterpillaroutletpl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])caterpillaroutletpl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksespanaoutlet.com"; dns.query; content:"clarksespanaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksespanaoutlet\.com$/i"; classtype:trojan-activity; sid:38170411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksespanaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksespanaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksespanaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain demoniacultromania.com"; dns.query; content:"demoniacultromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])demoniacultromania\.com$/i"; classtype:trojan-activity; sid:38170421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain demoniacultromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"demoniacultromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])demoniacultromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain docsmartensblackfriday.com"; dns.query; content:"docsmartensblackfriday.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])docsmartensblackfriday\.com$/i"; classtype:trojan-activity; sid:38170431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain docsmartensblackfriday.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"docsmartensblackfriday.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])docsmartensblackfriday\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain doctormartens-turkiye.com"; dns.query; content:"doctormartens-turkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])doctormartens\-turkiye\.com$/i"; classtype:trojan-activity; sid:38170441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain doctormartens-turkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"doctormartens-turkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])doctormartens\-turkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gym-shark-ecuador.com"; dns.query; content:"gym-shark-ecuador.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gym\-shark\-ecuador\.com$/i"; classtype:trojan-activity; sid:38170451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gym-shark-ecuador.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gym-shark-ecuador.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gym\-shark\-ecuador\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharktunisie.com"; dns.query; content:"gymsharktunisie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharktunisie\.com$/i"; classtype:trojan-activity; sid:38170461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharktunisie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharktunisie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharktunisie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeldoutletfr.com"; dns.query; content:"karllagerfeldoutletfr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldoutletfr\.com$/i"; classtype:trojan-activity; sid:38170471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeldoutletfr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeldoutletfr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldoutletfr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain luluchile.com"; dns.query; content:"luluchile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])luluchile\.com$/i"; classtype:trojan-activity; sid:38170481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain luluchile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"luluchile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])luluchile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunocanadashoes.com"; dns.query; content:"mizunocanadashoes.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunocanadashoes\.com$/i"; classtype:trojan-activity; sid:38170491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunocanadashoes.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunocanadashoes.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunocanadashoes\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onitsukashoeschile.com"; dns.query; content:"onitsukashoeschile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoeschile\.com$/i"; classtype:trojan-activity; sid:38170501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onitsukashoeschile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onitsukashoeschile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoeschile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumaindia-sale.com"; dns.query; content:"pumaindia-sale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumaindia\-sale\.com$/i"; classtype:trojan-activity; sid:38170511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumaindia-sale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumaindia-sale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumaindia\-sale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumajapan-jp.com"; dns.query; content:"pumajapan-jp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumajapan\-jp\.com$/i"; classtype:trojan-activity; sid:38170521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumajapan-jp.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumajapan-jp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumajapan\-jp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumashoes-israel.com"; dns.query; content:"pumashoes-israel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumashoes\-israel\.com$/i"; classtype:trojan-activity; sid:38170531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumashoes-israel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumashoes-israel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumashoes\-israel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowaaustraliasale.com"; dns.query; content:"rimowaaustraliasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaaustraliasale\.com$/i"; classtype:trojan-activity; sid:38170541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowaaustraliasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowaaustraliasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowaaustraliasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain soreltalvikengat.com"; dns.query; content:"soreltalvikengat.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])soreltalvikengat\.com$/i"; classtype:trojan-activity; sid:38170551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain soreltalvikengat.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"soreltalvikengat.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])soreltalvikengat\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain thenorthface-malaysia.com"; dns.query; content:"thenorthface-malaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthface\-malaysia\.com$/i"; classtype:trojan-activity; sid:38170561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain thenorthface-malaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"thenorthface-malaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])thenorthface\-malaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tommyhilfigersouthafricaa.com"; dns.query; content:"tommyhilfigersouthafricaa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tommyhilfigersouthafricaa\.com$/i"; classtype:trojan-activity; sid:38170571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tommyhilfigersouthafricaa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tommyhilfigersouthafricaa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tommyhilfigersouthafricaa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansaustralia.com"; dns.query; content:"truereligionjeansaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansaustralia\.com$/i"; classtype:trojan-activity; sid:38170581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansfrance.com"; dns.query; content:"truereligionjeansfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansfrance\.com$/i"; classtype:trojan-activity; sid:38170591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansitalia.com"; dns.query; content:"truereligionjeansitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansitalia\.com$/i"; classtype:trojan-activity; sid:38170601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-argentina.com"; dns.query; content:"ellesse-argentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-argentina\.com$/i"; classtype:trojan-activity; sid:38170611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-argentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-argentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-argentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellessebelgium.com"; dns.query; content:"ellessebelgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellessebelgium\.com$/i"; classtype:trojan-activity; sid:38170621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellessebelgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellessebelgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellessebelgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-brasil.com"; dns.query; content:"ellesse-brasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-brasil\.com$/i"; classtype:trojan-activity; sid:38170631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-brasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-brasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-brasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-canada.com"; dns.query; content:"ellesse-canada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-canada\.com$/i"; classtype:trojan-activity; sid:38170641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-canada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-canada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-canada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesseemportugal.com"; dns.query; content:"ellesseemportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesseemportugal\.com$/i"; classtype:trojan-activity; sid:38170651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesseemportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesseemportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesseemportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-greece.com"; dns.query; content:"ellesse-greece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-greece\.com$/i"; classtype:trojan-activity; sid:38170661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-greece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-greece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-greece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-ireland.com"; dns.query; content:"ellesse-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-ireland\.com$/i"; classtype:trojan-activity; sid:38170671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-israel.com"; dns.query; content:"ellesse-israel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-israel\.com$/i"; classtype:trojan-activity; sid:38170681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-israel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-israel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-israel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellessemalaysia.com"; dns.query; content:"ellessemalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellessemalaysia\.com$/i"; classtype:trojan-activity; sid:38170691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellessemalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellessemalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellessemalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-nederland.com"; dns.query; content:"ellesse-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-nederland\.com$/i"; classtype:trojan-activity; sid:38170701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-norge.com"; dns.query; content:"ellesse-norge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-norge\.com$/i"; classtype:trojan-activity; sid:38170711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-norge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-norge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-norge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-nz.com"; dns.query; content:"ellesse-nz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-nz\.com$/i"; classtype:trojan-activity; sid:38170721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-nz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-nz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-nz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-philippines.com"; dns.query; content:"ellesse-philippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-philippines\.com$/i"; classtype:trojan-activity; sid:38170731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-philippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-philippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-philippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-romania.com"; dns.query; content:"ellesse-romania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-romania\.com$/i"; classtype:trojan-activity; sid:38170741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-romania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-romania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-romania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-suomi.com"; dns.query; content:"ellesse-suomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-suomi\.com$/i"; classtype:trojan-activity; sid:38170751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-suomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-suomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-suomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-sverige.com"; dns.query; content:"ellesse-sverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-sverige\.com$/i"; classtype:trojan-activity; sid:38170761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-sverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-sverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-sverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-turkiye.com"; dns.query; content:"ellesse-turkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-turkiye\.com$/i"; classtype:trojan-activity; sid:38170771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-turkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-turkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-turkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ellesse-uk.com"; dns.query; content:"ellesse-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-uk\.com$/i"; classtype:trojan-activity; sid:38170781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ellesse-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ellesse-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ellesse\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisaustralia.com"; dns.query; content:"frankiesbikinisaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisaustralia\.com$/i"; classtype:trojan-activity; sid:38170791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisbelgie.com"; dns.query; content:"frankiesbikinisbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisbelgie\.com$/i"; classtype:trojan-activity; sid:38170801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikiniscanada.com"; dns.query; content:"frankiesbikiniscanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikiniscanada\.com$/i"; classtype:trojan-activity; sid:38170811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikiniscanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikiniscanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikiniscanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisdanmark.com"; dns.query; content:"frankiesbikinisdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisdanmark\.com$/i"; classtype:trojan-activity; sid:38170821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisdeutschland.com"; dns.query; content:"frankiesbikinisdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisdeutschland\.com$/i"; classtype:trojan-activity; sid:38170831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisfrance.com"; dns.query; content:"frankiesbikinisfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisfrance\.com$/i"; classtype:trojan-activity; sid:38170841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisgreece.com"; dns.query; content:"frankiesbikinisgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisgreece\.com$/i"; classtype:trojan-activity; sid:38170851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisireland.com"; dns.query; content:"frankiesbikinisireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisireland\.com$/i"; classtype:trojan-activity; sid:38170861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisnederland.com"; dns.query; content:"frankiesbikinisnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisnederland\.com$/i"; classtype:trojan-activity; sid:38170871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisnorge.com"; dns.query; content:"frankiesbikinisnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisnorge\.com$/i"; classtype:trojan-activity; sid:38170881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisnz.com"; dns.query; content:"frankiesbikinisnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisnz\.com$/i"; classtype:trojan-activity; sid:38170891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisphilippines.com"; dns.query; content:"frankiesbikinisphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisphilippines\.com$/i"; classtype:trojan-activity; sid:38170901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisromania.com"; dns.query; content:"frankiesbikinisromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisromania\.com$/i"; classtype:trojan-activity; sid:38170911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinissale.com"; dns.query; content:"frankiesbikinissale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinissale\.com$/i"; classtype:trojan-activity; sid:38170921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinissale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinissale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinissale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisschweiz.com"; dns.query; content:"frankiesbikinisschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisschweiz\.com$/i"; classtype:trojan-activity; sid:38170931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinissuomi.com"; dns.query; content:"frankiesbikinissuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinissuomi\.com$/i"; classtype:trojan-activity; sid:38170941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinissuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinissuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinissuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisuae.com"; dns.query; content:"frankiesbikinisuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisuae\.com$/i"; classtype:trojan-activity; sid:38170951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisuk.com"; dns.query; content:"frankiesbikinisuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisuk\.com$/i"; classtype:trojan-activity; sid:38170961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkbolivia.com"; dns.query; content:"gymsharkbolivia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkbolivia\.com$/i"; classtype:trojan-activity; sid:38170971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkbolivia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkbolivia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkbolivia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkparaguay.com"; dns.query; content:"gymsharkparaguay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkparaguay\.com$/i"; classtype:trojan-activity; sid:38170981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkparaguay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkparaguay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkparaguay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hestraglovessingapore.com"; dns.query; content:"hestraglovessingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovessingapore\.com$/i"; classtype:trojan-activity; sid:38170991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hestraglovessingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hestraglovessingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovessingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38170992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hokaoneonepk.com"; dns.query; content:"hokaoneonepk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hokaoneonepk\.com$/i"; classtype:trojan-activity; sid:38171001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hokaoneonepk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hokaoneonepk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hokaoneonepk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeldoutlethu.com"; dns.query; content:"karllagerfeldoutlethu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldoutlethu\.com$/i"; classtype:trojan-activity; sid:38171011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeldoutlethu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeldoutlethu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldoutlethu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksaus.com"; dns.query; content:"motelrocksaus.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksaus\.com$/i"; classtype:trojan-activity; sid:38171021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksaus.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksaus.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksaus\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksaustralia.com"; dns.query; content:"motelrocksaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksaustralia\.com$/i"; classtype:trojan-activity; sid:38171031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksaustria.com"; dns.query; content:"motelrocksaustria.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksaustria\.com$/i"; classtype:trojan-activity; sid:38171041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksaustria.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksaustria.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksaustria\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksbelgium.com"; dns.query; content:"motelrocksbelgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksbelgium\.com$/i"; classtype:trojan-activity; sid:38171051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksbelgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksbelgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksbelgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksbrasil.com"; dns.query; content:"motelrocksbrasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksbrasil\.com$/i"; classtype:trojan-activity; sid:38171061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksbrasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksbrasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksbrasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockschile.com"; dns.query; content:"motelrockschile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockschile\.com$/i"; classtype:trojan-activity; sid:38171071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockschile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockschile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockschile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockscolombia.com"; dns.query; content:"motelrockscolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockscolombia\.com$/i"; classtype:trojan-activity; sid:38171081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockscolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockscolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockscolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockscz.com"; dns.query; content:"motelrockscz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockscz\.com$/i"; classtype:trojan-activity; sid:38171091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockscz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockscz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockscz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksdanmark.com"; dns.query; content:"motelrocksdanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksdanmark\.com$/i"; classtype:trojan-activity; sid:38171101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksdanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksdanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksdanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksdenmark.com"; dns.query; content:"motelrocksdenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksdenmark\.com$/i"; classtype:trojan-activity; sid:38171111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksdenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksdenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksdenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksdeutschland.com"; dns.query; content:"motelrocksdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksdeutschland\.com$/i"; classtype:trojan-activity; sid:38171121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksecuador.com"; dns.query; content:"motelrocksecuador.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksecuador\.com$/i"; classtype:trojan-activity; sid:38171131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksecuador.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksecuador.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksecuador\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksespana.com"; dns.query; content:"motelrocksespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksespana\.com$/i"; classtype:trojan-activity; sid:38171141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksfrance.com"; dns.query; content:"motelrocksfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksfrance\.com$/i"; classtype:trojan-activity; sid:38171151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksgermany.com"; dns.query; content:"motelrocksgermany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksgermany\.com$/i"; classtype:trojan-activity; sid:38171161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksgermany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksgermany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksgermany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksgreece.com"; dns.query; content:"motelrocksgreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksgreece\.com$/i"; classtype:trojan-activity; sid:38171171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksgreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksgreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksgreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockshungary.com"; dns.query; content:"motelrockshungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockshungary\.com$/i"; classtype:trojan-activity; sid:38171181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockshungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockshungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockshungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksindia.com"; dns.query; content:"motelrocksindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksindia\.com$/i"; classtype:trojan-activity; sid:38171191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksireland.com"; dns.query; content:"motelrocksireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksireland\.com$/i"; classtype:trojan-activity; sid:38171201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksitalia.com"; dns.query; content:"motelrocksitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksitalia\.com$/i"; classtype:trojan-activity; sid:38171211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksitaly.com"; dns.query; content:"motelrocksitaly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksitaly\.com$/i"; classtype:trojan-activity; sid:38171221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksitaly.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksitaly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksitaly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksjapan.com"; dns.query; content:"motelrocksjapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksjapan\.com$/i"; classtype:trojan-activity; sid:38171231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksjapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksjapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksjapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockskleid.com"; dns.query; content:"motelrockskleid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockskleid\.com$/i"; classtype:trojan-activity; sid:38171241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockskleid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockskleid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockskleid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksmalaysia.com"; dns.query; content:"motelrocksmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksmalaysia\.com$/i"; classtype:trojan-activity; sid:38171251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksmexico.com"; dns.query; content:"motelrocksmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksmexico\.com$/i"; classtype:trojan-activity; sid:38171261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksnederland.com"; dns.query; content:"motelrocksnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksnederland\.com$/i"; classtype:trojan-activity; sid:38171271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksnetherlands.com"; dns.query; content:"motelrocksnetherlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksnetherlands\.com$/i"; classtype:trojan-activity; sid:38171281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksnetherlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksnetherlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksnetherlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksnorge.com"; dns.query; content:"motelrocksnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksnorge\.com$/i"; classtype:trojan-activity; sid:38171291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksnorway.com"; dns.query; content:"motelrocksnorway.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksnorway\.com$/i"; classtype:trojan-activity; sid:38171301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksnorway.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksnorway.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksnorway\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksosterreich.com"; dns.query; content:"motelrocksosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksosterreich\.com$/i"; classtype:trojan-activity; sid:38171311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockspoland.com"; dns.query; content:"motelrockspoland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockspoland\.com$/i"; classtype:trojan-activity; sid:38171321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockspoland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockspoland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockspoland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockspolska.com"; dns.query; content:"motelrockspolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockspolska\.com$/i"; classtype:trojan-activity; sid:38171331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockspolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockspolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockspolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksportugal.com"; dns.query; content:"motelrocksportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksportugal\.com$/i"; classtype:trojan-activity; sid:38171341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksromania.com"; dns.query; content:"motelrocksromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksromania\.com$/i"; classtype:trojan-activity; sid:38171351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksschweiz.com"; dns.query; content:"motelrocksschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksschweiz\.com$/i"; classtype:trojan-activity; sid:38171361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksserbia.com"; dns.query; content:"motelrocksserbia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksserbia\.com$/i"; classtype:trojan-activity; sid:38171371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksserbia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksserbia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksserbia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksslovenija.com"; dns.query; content:"motelrocksslovenija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksslovenija\.com$/i"; classtype:trojan-activity; sid:38171381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksslovenija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksslovenija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksslovenija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksslovensko.com"; dns.query; content:"motelrocksslovensko.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksslovensko\.com$/i"; classtype:trojan-activity; sid:38171391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksslovensko.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksslovensko.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksslovensko\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockssouthafrica.com"; dns.query; content:"motelrockssouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockssouthafrica\.com$/i"; classtype:trojan-activity; sid:38171401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockssouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockssouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockssouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksspain.com"; dns.query; content:"motelrocksspain.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksspain\.com$/i"; classtype:trojan-activity; sid:38171411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksspain.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksspain.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksspain\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockssuomi.com"; dns.query; content:"motelrockssuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockssuomi\.com$/i"; classtype:trojan-activity; sid:38171421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockssuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockssuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockssuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockssverige.com"; dns.query; content:"motelrockssverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockssverige\.com$/i"; classtype:trojan-activity; sid:38171431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockssverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockssverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockssverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrockssweden.com"; dns.query; content:"motelrockssweden.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockssweden\.com$/i"; classtype:trojan-activity; sid:38171441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrockssweden.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrockssweden.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrockssweden\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksturkiye.com"; dns.query; content:"motelrocksturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksturkiye\.com$/i"; classtype:trojan-activity; sid:38171451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksuae.com"; dns.query; content:"motelrocksuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksuae\.com$/i"; classtype:trojan-activity; sid:38171461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain motelrocksuruguay.com"; dns.query; content:"motelrocksuruguay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksuruguay\.com$/i"; classtype:trojan-activity; sid:38171471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain motelrocksuruguay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"motelrocksuruguay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])motelrocksuruguay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpolly-australia.com"; dns.query; content:"ohpolly-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpolly\-australia\.com$/i"; classtype:trojan-activity; sid:38171481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpolly-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpolly-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpolly\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollybelgium.com"; dns.query; content:"ohpollybelgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollybelgium\.com$/i"; classtype:trojan-activity; sid:38171491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollybelgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollybelgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollybelgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollycanada.com"; dns.query; content:"ohpollycanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollycanada\.com$/i"; classtype:trojan-activity; sid:38171501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollycanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollycanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollycanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollychile.com"; dns.query; content:"ohpollychile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollychile\.com$/i"; classtype:trojan-activity; sid:38171511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollychile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollychile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollychile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollydanmark.com"; dns.query; content:"ohpollydanmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollydanmark\.com$/i"; classtype:trojan-activity; sid:38171521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollydanmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollydanmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollydanmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyfactoryoutlet.com"; dns.query; content:"ohpollyfactoryoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyfactoryoutlet\.com$/i"; classtype:trojan-activity; sid:38171531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyfactoryoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyfactoryoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyfactoryoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyfinland.com"; dns.query; content:"ohpollyfinland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyfinland\.com$/i"; classtype:trojan-activity; sid:38171541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyfinland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyfinland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyfinland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollygermany.com"; dns.query; content:"ohpollygermany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollygermany\.com$/i"; classtype:trojan-activity; sid:38171551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollygermany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollygermany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollygermany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollygreece.com"; dns.query; content:"ohpollygreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollygreece\.com$/i"; classtype:trojan-activity; sid:38171561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollygreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollygreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollygreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyhungary.com"; dns.query; content:"ohpollyhungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyhungary\.com$/i"; classtype:trojan-activity; sid:38171571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyhungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyhungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyhungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyireland.com"; dns.query; content:"ohpollyireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyireland\.com$/i"; classtype:trojan-activity; sid:38171581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollymalaysia.com"; dns.query; content:"ohpollymalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollymalaysia\.com$/i"; classtype:trojan-activity; sid:38171591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollymalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollymalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollymalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollynederland.com"; dns.query; content:"ohpollynederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollynederland\.com$/i"; classtype:trojan-activity; sid:38171601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollynederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollynederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollynederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollynorge.com"; dns.query; content:"ohpollynorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollynorge\.com$/i"; classtype:trojan-activity; sid:38171611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollynorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollynorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollynorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollynz.com"; dns.query; content:"ohpollynz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollynz\.com$/i"; classtype:trojan-activity; sid:38171621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollynz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollynz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollynz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyperu.com"; dns.query; content:"ohpollyperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyperu\.com$/i"; classtype:trojan-activity; sid:38171631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyphilippines.com"; dns.query; content:"ohpollyphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyphilippines\.com$/i"; classtype:trojan-activity; sid:38171641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyromania.com"; dns.query; content:"ohpollyromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyromania\.com$/i"; classtype:trojan-activity; sid:38171651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollysaleukstore.com"; dns.query; content:"ohpollysaleukstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollysaleukstore\.com$/i"; classtype:trojan-activity; sid:38171661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollysaleukstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollysaleukstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollysaleukstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyschweiz.com"; dns.query; content:"ohpollyschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyschweiz\.com$/i"; classtype:trojan-activity; sid:38171671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyspain.com"; dns.query; content:"ohpollyspain.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyspain\.com$/i"; classtype:trojan-activity; sid:38171681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyspain.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyspain.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyspain\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyuae.com"; dns.query; content:"ohpollyuae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyuae\.com$/i"; classtype:trojan-activity; sid:38171691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyuae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyuae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyuae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain patricianashbagsuk.com"; dns.query; content:"patricianashbagsuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])patricianashbagsuk\.com$/i"; classtype:trojan-activity; sid:38171701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain patricianashbagsuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patricianashbagsuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patricianashbagsuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain patricianashireland.com"; dns.query; content:"patricianashireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])patricianashireland\.com$/i"; classtype:trojan-activity; sid:38171711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain patricianashireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patricianashireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patricianashireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleaseramsterdam.com"; dns.query; content:"pleaseramsterdam.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleaseramsterdam\.com$/i"; classtype:trojan-activity; sid:38171721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleaseramsterdam.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleaseramsterdam.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleaseramsterdam\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleaserargentina.com"; dns.query; content:"pleaserargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleaserargentina\.com$/i"; classtype:trojan-activity; sid:38171731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleaserargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleaserargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleaserargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleasercipobudapest.com"; dns.query; content:"pleasercipobudapest.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasercipobudapest\.com$/i"; classtype:trojan-activity; sid:38171741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleasercipobudapest.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleasercipobudapest.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasercipobudapest\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleaserfactoryoutlet.com"; dns.query; content:"pleaserfactoryoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleaserfactoryoutlet\.com$/i"; classtype:trojan-activity; sid:38171751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleaserfactoryoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleaserfactoryoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleaserfactoryoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleaserireland.com"; dns.query; content:"pleaserireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleaserireland\.com$/i"; classtype:trojan-activity; sid:38171761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleaserireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleaserireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleaserireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleasernederland.com"; dns.query; content:"pleasernederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasernederland\.com$/i"; classtype:trojan-activity; sid:38171771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleasernederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleasernederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasernederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleasershoesaustralia.com"; dns.query; content:"pleasershoesaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoesaustralia\.com$/i"; classtype:trojan-activity; sid:38171781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleasershoesaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleasershoesaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoesaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleasershoeschile.com"; dns.query; content:"pleasershoeschile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoeschile\.com$/i"; classtype:trojan-activity; sid:38171791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleasershoeschile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleasershoeschile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoeschile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleasershoesdeutschland.com"; dns.query; content:"pleasershoesdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoesdeutschland\.com$/i"; classtype:trojan-activity; sid:38171801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleasershoesdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleasershoesdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoesdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleasershoesparis.com"; dns.query; content:"pleasershoesparis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoesparis\.com$/i"; classtype:trojan-activity; sid:38171811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleasershoesparis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleasershoesparis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoesparis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleasershoesretailers.com"; dns.query; content:"pleasershoesretailers.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoesretailers\.com$/i"; classtype:trojan-activity; sid:38171821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleasershoesretailers.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleasershoesretailers.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoesretailers\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleasershoeswebsite.com"; dns.query; content:"pleasershoeswebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoeswebsite\.com$/i"; classtype:trojan-activity; sid:38171831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleasershoeswebsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleasershoeswebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoeswebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleaserskodk.com"; dns.query; content:"pleaserskodk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleaserskodk\.com$/i"; classtype:trojan-activity; sid:38171841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleaserskodk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleaserskodk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleaserskodk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanukshoescanada.com"; dns.query; content:"sanukshoescanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanukshoescanada\.com$/i"; classtype:trojan-activity; sid:38171851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanukshoescanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanukshoescanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanukshoescanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain whitesbootsireland.com"; dns.query; content:"whitesbootsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])whitesbootsireland\.com$/i"; classtype:trojan-activity; sid:38171861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain whitesbootsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"whitesbootsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])whitesbootsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain whitesbootsuk.com"; dns.query; content:"whitesbootsuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])whitesbootsuk\.com$/i"; classtype:trojan-activity; sid:38171871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain whitesbootsuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"whitesbootsuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])whitesbootsuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain zapatospleaserespana.com"; dns.query; content:"zapatospleaserespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatospleaserespana\.com$/i"; classtype:trojan-activity; sid:38171881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain zapatospleaserespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zapatospleaserespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatospleaserespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 52.28.247.255 13672 (msg: "MISP e27681 [njrat,RAT] Outgoing To IP: 52.28.247.255|13672"; classtype:trojan-activity; sid:38014611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 199.59.243.225 80 (msg: "MISP e27681 [RedLineStealer] Outgoing To IP: 199.59.243.225|80"; classtype:trojan-activity; sid:38014631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27678 [] Domain aldalayacontac.com"; dns.query; content:"aldalayacontac.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aldalayacontac\.com$/i"; classtype:trojan-activity; sid:38013531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27678;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27678 [] Outgoing HTTP Domain aldalayacontac.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aldalayacontac.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aldalayacontac\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38013532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27678;) alert ip $HOME_NET any -> 54.94.118.7 333 (msg: "MISP e27681 [RevengeRAT] Outgoing To IP: 54.94.118.7|333"; classtype:trojan-activity; sid:38014721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27679 [] Outgoing URL http|3a|//dev-stbanrevw24.pantheonsite.io"; flow:to_server,established; http.header; content:"dev-stbanrevw24.pantheonsite.io"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38013601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27679;) alert dns any any -> any any (msg: "MISP e27679 [] Domain dev-stbanrevw24.pantheonsite.io"; dns.query; content:"dev-stbanrevw24.pantheonsite.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-stbanrevw24\.pantheonsite\.io$/i"; classtype:trojan-activity; sid:38013621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27679;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27679 [] Outgoing HTTP Domain dev-stbanrevw24.pantheonsite.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-stbanrevw24.pantheonsite.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-stbanrevw24\.pantheonsite\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38013622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27679;) alert dns any any -> any any (msg: "MISP e27007 [] Domain barbourdanmarkdk.com"; dns.query; content:"barbourdanmarkdk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])barbourdanmarkdk\.com$/i"; classtype:trojan-activity; sid:38171891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain barbourdanmarkdk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"barbourdanmarkdk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])barbourdanmarkdk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain barboursespana.com"; dns.query; content:"barboursespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])barboursespana\.com$/i"; classtype:trojan-activity; sid:38171901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain barboursespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"barboursespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])barboursespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain barboursschweiz.com"; dns.query; content:"barboursschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])barboursschweiz\.com$/i"; classtype:trojan-activity; sid:38171911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain barboursschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"barboursschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])barboursschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain boutiqueunderarmourparis.com"; dns.query; content:"boutiqueunderarmourparis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])boutiqueunderarmourparis\.com$/i"; classtype:trojan-activity; sid:38171921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain boutiqueunderarmourparis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boutiqueunderarmourparis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boutiqueunderarmourparis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain buyunderarmoursg.com"; dns.query; content:"buyunderarmoursg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])buyunderarmoursg\.com$/i"; classtype:trojan-activity; sid:38171931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain buyunderarmoursg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"buyunderarmoursg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])buyunderarmoursg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain comprarunderarmourchile.com"; dns.query; content:"comprarunderarmourchile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])comprarunderarmourchile\.com$/i"; classtype:trojan-activity; sid:38171941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain comprarunderarmourchile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"comprarunderarmourchile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])comprarunderarmourchile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisespana.com"; dns.query; content:"frankiesbikinisespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisespana\.com$/i"; classtype:trojan-activity; sid:38171951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisitalia.com"; dns.query; content:"frankiesbikinisitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisitalia\.com$/i"; classtype:trojan-activity; sid:38171961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hestraglovesireland.com"; dns.query; content:"hestraglovesireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovesireland\.com$/i"; classtype:trojan-activity; sid:38171971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hestraglovesireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hestraglovesireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovesireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hestragloves-uk.com"; dns.query; content:"hestragloves-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hestragloves\-uk\.com$/i"; classtype:trojan-activity; sid:38171981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hestragloves-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hestragloves-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hestragloves\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturedenmark.com"; dns.query; content:"juicycouturedenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturedenmark\.com$/i"; classtype:trojan-activity; sid:38171991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturedenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturedenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturedenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38171992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturefinland.com"; dns.query; content:"juicycouturefinland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturefinland\.com$/i"; classtype:trojan-activity; sid:38172001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturefinland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturefinland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturefinland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycoutureosterreich.com"; dns.query; content:"juicycoutureosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycoutureosterreich\.com$/i"; classtype:trojan-activity; sid:38172011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycoutureosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycoutureosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycoutureosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicy-coutureromania.com"; dns.query; content:"juicy-coutureromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicy\-coutureromania\.com$/i"; classtype:trojan-activity; sid:38172021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicy-coutureromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicy-coutureromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicy\-coutureromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouture-southafrica.com"; dns.query; content:"juicycouture-southafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-southafrica\.com$/i"; classtype:trojan-activity; sid:38172031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouture-southafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouture-southafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-southafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturezagreb.com"; dns.query; content:"juicycouturezagreb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturezagreb\.com$/i"; classtype:trojan-activity; sid:38172041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturezagreb.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturezagreb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturezagreb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifbudapest.com"; dns.query; content:"lecoqsportifbudapest.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifbudapest\.com$/i"; classtype:trojan-activity; sid:38172051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifbudapest.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifbudapest.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifbudapest\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifenmexico.com"; dns.query; content:"lecoqsportifenmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifenmexico\.com$/i"; classtype:trojan-activity; sid:38172061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifenmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifenmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifenmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifinindia.com"; dns.query; content:"lecoqsportifinindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifinindia\.com$/i"; classtype:trojan-activity; sid:38172071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifinindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifinindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifinindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-ireland.com"; dns.query; content:"lecoqsportif-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-ireland\.com$/i"; classtype:trojan-activity; sid:38172081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-romania.com"; dns.query; content:"lecoqsportif-romania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-romania\.com$/i"; classtype:trojan-activity; sid:38172091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-romania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-romania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-romania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain magazineunderarmourromania.com"; dns.query; content:"magazineunderarmourromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])magazineunderarmourromania\.com$/i"; classtype:trojan-activity; sid:38172101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain magazineunderarmourromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"magazineunderarmourromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])magazineunderarmourromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizuno-ksa.com"; dns.query; content:"mizuno-ksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-ksa\.com$/i"; classtype:trojan-activity; sid:38172111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizuno-ksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizuno-ksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-ksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunooutlet-uk.com"; dns.query; content:"mizunooutlet-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutlet\-uk\.com$/i"; classtype:trojan-activity; sid:38172121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunooutlet-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunooutlet-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunooutlet\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain negoziunderarmourmilano.com"; dns.query; content:"negoziunderarmourmilano.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])negoziunderarmourmilano\.com$/i"; classtype:trojan-activity; sid:38172131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain negoziunderarmourmilano.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"negoziunderarmourmilano.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])negoziunderarmourmilano\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain poleneshrvatska.com"; dns.query; content:"poleneshrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])poleneshrvatska\.com$/i"; classtype:trojan-activity; sid:38172141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain poleneshrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"poleneshrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])poleneshrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowa-brasil.com"; dns.query; content:"rimowa-brasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-brasil\.com$/i"; classtype:trojan-activity; sid:38172151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowa-brasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowa-brasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowa\-brasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonbelgie.com"; dns.query; content:"stetsonbelgie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonbelgie\.com$/i"; classtype:trojan-activity; sid:38172161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonbelgie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonbelgie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonbelgie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsoncasquette.com"; dns.query; content:"stetsoncasquette.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsoncasquette\.com$/i"; classtype:trojan-activity; sid:38172171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsoncasquette.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsoncasquette.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsoncasquette\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonchile.com"; dns.query; content:"stetsonchile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonchile\.com$/i"; classtype:trojan-activity; sid:38172181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonchile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonchile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonchile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsoncolombia.com"; dns.query; content:"stetsoncolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsoncolombia\.com$/i"; classtype:trojan-activity; sid:38172191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsoncolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsoncolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsoncolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonfrance.com"; dns.query; content:"stetsonfrance.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonfrance\.com$/i"; classtype:trojan-activity; sid:38172201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonfrance.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonfrance.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonfrance\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonhatsaustralia.com"; dns.query; content:"stetsonhatsaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonhatsaustralia\.com$/i"; classtype:trojan-activity; sid:38172211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonhatsaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonhatsaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonhatsaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonhatsjapan.com"; dns.query; content:"stetsonhatsjapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonhatsjapan\.com$/i"; classtype:trojan-activity; sid:38172221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonhatsjapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonhatsjapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonhatsjapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonhrvatska.com"; dns.query; content:"stetsonhrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonhrvatska\.com$/i"; classtype:trojan-activity; sid:38172231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonhrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonhrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonhrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonindia.com"; dns.query; content:"stetsonindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonindia\.com$/i"; classtype:trojan-activity; sid:38172241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonklobuk.com"; dns.query; content:"stetsonklobuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonklobuk\.com$/i"; classtype:trojan-activity; sid:38172251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonklobuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonklobuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonklobuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonluxembourg.com"; dns.query; content:"stetsonluxembourg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonluxembourg\.com$/i"; classtype:trojan-activity; sid:38172261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonluxembourg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonluxembourg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonluxembourg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonmagyarorszag.com"; dns.query; content:"stetsonmagyarorszag.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonmagyarorszag\.com$/i"; classtype:trojan-activity; sid:38172271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonmagyarorszag.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonmagyarorszag.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonmagyarorszag\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonmalaysia.com"; dns.query; content:"stetsonmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonmalaysia\.com$/i"; classtype:trojan-activity; sid:38172281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonnederland.com"; dns.query; content:"stetsonnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonnederland\.com$/i"; classtype:trojan-activity; sid:38172291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonnorge.com"; dns.query; content:"stetsonnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonnorge\.com$/i"; classtype:trojan-activity; sid:38172301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonosterreich.com"; dns.query; content:"stetsonosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonosterreich\.com$/i"; classtype:trojan-activity; sid:38172311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonphilippines.com"; dns.query; content:"stetsonphilippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonphilippines\.com$/i"; classtype:trojan-activity; sid:38172321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonphilippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonphilippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonphilippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonpolska.com"; dns.query; content:"stetsonpolska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonpolska\.com$/i"; classtype:trojan-activity; sid:38172331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonpolska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonpolska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonpolska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonromania.com"; dns.query; content:"stetsonromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonromania\.com$/i"; classtype:trojan-activity; sid:38172341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonschweiz.com"; dns.query; content:"stetsonschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonschweiz\.com$/i"; classtype:trojan-activity; sid:38172351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonsouthafrica.com"; dns.query; content:"stetsonsouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonsouthafrica\.com$/i"; classtype:trojan-activity; sid:38172361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonsouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonsouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonsouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonsuomi.com"; dns.query; content:"stetsonsuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonsuomi\.com$/i"; classtype:trojan-activity; sid:38172371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonsuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonsuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonsuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansnorge.com"; dns.query; content:"truereligionjeansnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansnorge\.com$/i"; classtype:trojan-activity; sid:38172381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmour-australia.com"; dns.query; content:"underarmour-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-australia\.com$/i"; classtype:trojan-activity; sid:38172391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmour-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmour-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmour-ca.com"; dns.query; content:"underarmour-ca.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-ca\.com$/i"; classtype:trojan-activity; sid:38172401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmour-ca.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmour-ca.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-ca\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmour-eg.com"; dns.query; content:"underarmour-eg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-eg\.com$/i"; classtype:trojan-activity; sid:38172411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmour-eg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmour-eg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-eg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmourfactoryoutlet.com"; dns.query; content:"underarmourfactoryoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmourfactoryoutlet\.com$/i"; classtype:trojan-activity; sid:38172421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmourfactoryoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmourfactoryoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmourfactoryoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmourhungary.com"; dns.query; content:"underarmourhungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmourhungary\.com$/i"; classtype:trojan-activity; sid:38172431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmourhungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmourhungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmourhungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmour-israel.com"; dns.query; content:"underarmour-israel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-israel\.com$/i"; classtype:trojan-activity; sid:38172441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmour-israel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmour-israel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-israel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmour-italia.com"; dns.query; content:"underarmour-italia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-italia\.com$/i"; classtype:trojan-activity; sid:38172451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmour-italia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmour-italia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-italia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmour-nl.com"; dns.query; content:"underarmour-nl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-nl\.com$/i"; classtype:trojan-activity; sid:38172461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmour-nl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmour-nl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-nl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmour-nz.com"; dns.query; content:"underarmour-nz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-nz\.com$/i"; classtype:trojan-activity; sid:38172471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmour-nz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmour-nz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-nz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmourosterreich.com"; dns.query; content:"underarmourosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmourosterreich\.com$/i"; classtype:trojan-activity; sid:38172481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmourosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmourosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmourosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmourromania-ro.com"; dns.query; content:"underarmourromania-ro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmourromania\-ro\.com$/i"; classtype:trojan-activity; sid:38172491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmourromania-ro.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmourromania-ro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmourromania\-ro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain underarmour-saudiarabia.com"; dns.query; content:"underarmour-saudiarabia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-saudiarabia\.com$/i"; classtype:trojan-activity; sid:38172501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain underarmour-saudiarabia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"underarmour-saudiarabia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])underarmour\-saudiarabia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain zapatillasmerrellcolombia.com"; dns.query; content:"zapatillasmerrellcolombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatillasmerrellcolombia\.com$/i"; classtype:trojan-activity; sid:38172511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain zapatillasmerrellcolombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"zapatillasmerrellcolombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])zapatillasmerrellcolombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 185.196.9.25 38242 (msg: "MISP e27681 [c2,Mirai] Outgoing To IP: 185.196.9.25|38242"; classtype:trojan-activity; sid:38014781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 85.204.116.144 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 85.204.116.144|1311"; classtype:trojan-activity; sid:38014751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 93.123.85.121 5555 (msg: "MISP e27681 [c2,Mirai] Outgoing To IP: 93.123.85.121|5555"; classtype:trojan-activity; sid:38014771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 85.204.116.126 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 85.204.116.126|1311"; classtype:trojan-activity; sid:38014731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 85.204.116.143 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 85.204.116.143|1311"; classtype:trojan-activity; sid:38014741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27681 [Mirai] Domain hex.lumosora.us"; dns.query; content:"hex.lumosora.us"; nocase; pcre: "/(^|[^A-Za-z0-9-])hex\.lumosora\.us$/i"; classtype:trojan-activity; sid:38014761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27681 [Mirai] Outgoing HTTP Domain hex.lumosora.us"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hex.lumosora.us"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hex\.lumosora\.us[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38014762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 78.40.117.174 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 78.40.117.174|1311"; classtype:trojan-activity; sid:38014701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 78.40.117.251 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 78.40.117.251|1311"; classtype:trojan-activity; sid:38014711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 78.40.117.110 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 78.40.117.110|1311"; classtype:trojan-activity; sid:38014681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 78.40.117.169 1311 (msg: "MISP e27681 [TBOTNET] Outgoing To IP: 78.40.117.169|1311"; classtype:trojan-activity; sid:38014691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27007 [] Domain canadajuicycouture.com"; dns.query; content:"canadajuicycouture.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])canadajuicycouture\.com$/i"; classtype:trojan-activity; sid:38172521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain canadajuicycouture.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"canadajuicycouture.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])canadajuicycouture\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hestraglovesnz.com"; dns.query; content:"hestraglovesnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovesnz\.com$/i"; classtype:trojan-activity; sid:38172531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hestraglovesnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hestraglovesnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovesnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemamagyarorszag.com"; dns.query; content:"ipanemamagyarorszag.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemamagyarorszag\.com$/i"; classtype:trojan-activity; sid:38172541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemamagyarorszag.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemamagyarorszag.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemamagyarorszag\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemashoesgr.com"; dns.query; content:"ipanemashoesgr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemashoesgr\.com$/i"; classtype:trojan-activity; sid:38172551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemashoesgr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemashoesgr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemashoesgr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemashoesusa.com"; dns.query; content:"ipanemashoesusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemashoesusa\.com$/i"; classtype:trojan-activity; sid:38172561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemashoesusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemashoesusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemashoesusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemasouthafrica.com"; dns.query; content:"ipanemasouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemasouthafrica\.com$/i"; classtype:trojan-activity; sid:38172571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemasouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemasouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemasouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouture-mexico.com"; dns.query; content:"juicycouture-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-mexico\.com$/i"; classtype:trojan-activity; sid:38172581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouture-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouture-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouture-srbija.com"; dns.query; content:"juicycouture-srbija.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-srbija\.com$/i"; classtype:trojan-activity; sid:38172591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouture-srbija.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouture-srbija.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-srbija\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifinmalaysia.com"; dns.query; content:"lecoqsportifinmalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifinmalaysia\.com$/i"; classtype:trojan-activity; sid:38172601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifinmalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifinmalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifinmalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifsg.com"; dns.query; content:"lecoqsportifsg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifsg\.com$/i"; classtype:trojan-activity; sid:38172611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifsg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifsg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifsg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonbrasilbr.com"; dns.query; content:"lululemonbrasilbr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonbrasilbr\.com$/i"; classtype:trojan-activity; sid:38172621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonbrasilbr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonbrasilbr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonbrasilbr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain merrellusaoutletwebsite.com"; dns.query; content:"merrellusaoutletwebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellusaoutletwebsite\.com$/i"; classtype:trojan-activity; sid:38172631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain merrellusaoutletwebsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"merrellusaoutletwebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])merrellusaoutletwebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onitsukashoesjapan.com"; dns.query; content:"onitsukashoesjapan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesjapan\.com$/i"; classtype:trojan-activity; sid:38172641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onitsukashoesjapan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onitsukashoesjapan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesjapan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27680 [] Domain app-clientes-bannestado.pages.dev"; dns.query; content:"app-clientes-bannestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38013701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27680;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27680 [] Outgoing HTTP Domain app-clientes-bannestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-clientes-bannestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38013702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27680;) alert http $HOME_NET any -> 195.2.84.94 $HTTP_PORTS (msg: "MISP e27681 [dcrat] Outgoing URL http|3a|//195.2.84.94/dumpdlepipe/pipeprovider0python/3dumpdump/dumpsecure/db6locallow/async9/pipetosql.php"; flow:to_server,established; http.header; content:"195.2.84.94"; fast_pattern; nocase; http.uri; content:"/dumpdlepipe/pipeprovider0python/3dumpdump/dumpsecure/db6locallow/async9/pipetosql.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27781 [] Domain lhv-ee.arb.com.kw"; dns.query; content:"lhv-ee.arb.com.kw"; nocase; pcre: "/(^|[^A-Za-z0-9-])lhv\-ee\.arb\.com\.kw$/i"; classtype:trojan-activity; sid:38074811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27781;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27781 [] Outgoing HTTP Domain lhv-ee.arb.com.kw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lhv-ee.arb.com.kw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lhv\-ee\.arb\.com\.kw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074812; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27781;) alert ip $HOME_NET any -> 49.12.116.63 80 (msg: "MISP e27681 [Vidar] Outgoing To IP: 49.12.116.63|80"; classtype:trojan-activity; sid:38014801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 95.217.240.152 8081 (msg: "MISP e27681 [Vidar] Outgoing To IP: 95.217.240.152|8081"; classtype:trojan-activity; sid:38014811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> 49.12.116.63 $HTTP_PORTS (msg: "MISP e27681 [Vidar] Outgoing URL http|3a|//49.12.116.63/"; flow:to_server,established; http.header; content:"49.12.116.63"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 45.15.157.90 3000 (msg: "MISP e27681 [c2,Venom] Outgoing To IP: 45.15.157.90|3000"; classtype:trojan-activity; sid:38014861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 77.91.124.37 3001 (msg: "MISP e27681 [c2,Venom] Outgoing To IP: 77.91.124.37|3001"; classtype:trojan-activity; sid:38014871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 95.216.117.33 8088 (msg: "MISP e27681 [c2,Venom] Outgoing To IP: 95.216.117.33|8088"; classtype:trojan-activity; sid:38014881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 193.233.161.246 443 (msg: "MISP e27681 [c2,Venom] Outgoing To IP: 193.233.161.246|443"; classtype:trojan-activity; sid:38014891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 188.27.166.233 8080 (msg: "MISP e27681 [c2,orcus_rat] Outgoing To IP: 188.27.166.233|8080"; classtype:trojan-activity; sid:38014901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 45.156.21.39 8081 (msg: "MISP e27681 [c2,Risepro] Outgoing To IP: 45.156.21.39|8081"; classtype:trojan-activity; sid:38014911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 193.233.132.162 8081 (msg: "MISP e27681 [c2,Risepro] Outgoing To IP: 193.233.132.162|8081"; classtype:trojan-activity; sid:38014921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 193.143.1.195 30293 (msg: "MISP e27681 [c2,cobalt_strike] Outgoing To IP: 193.143.1.195|30293"; classtype:trojan-activity; sid:38014931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 85.175.101.203 50050 (msg: "MISP e27681 [c2,cobalt_strike] Outgoing To IP: 85.175.101.203|50050"; classtype:trojan-activity; sid:38014941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 217.67.178.79 51177 (msg: "MISP e27681 [c2,cobalt_strike] Outgoing To IP: 217.67.178.79|51177"; classtype:trojan-activity; sid:38014951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg: "MISP e27681 [CobaltStrike] Outgoing URL http|3a|//bellebobas.com|3a|443/static/"; flow:to_server,established; http.header; content:"bellebobas.com"; fast_pattern; nocase; http.uri; content:"/static/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38014961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 141.98.7.7 1 (msg: "MISP e27681 [c2,Mirai] Outgoing To IP: 141.98.7.7|1"; classtype:trojan-activity; sid:38014981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 89.190.156.61 60124 (msg: "MISP e27681 [c2,Mirai] Outgoing To IP: 89.190.156.61|60124"; classtype:trojan-activity; sid:38014971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 154.9.29.154 55650 (msg: "MISP e27681 [moobot] Outgoing To IP: 154.9.29.154|55650"; classtype:trojan-activity; sid:38015041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27681 [moobot] Domain wcjwcj.cn"; dns.query; content:"wcjwcj.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])wcjwcj\.cn$/i"; classtype:trojan-activity; sid:38015051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27681 [moobot] Outgoing HTTP Domain wcjwcj.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wcjwcj.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wcjwcj\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38015052; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 38.54.63.253 7443 (msg: "MISP e27681 [KAOPU-HK Kaopu Cloud HK Limited,Mythic] Outgoing To IP: 38.54.63.253|7443"; classtype:trojan-activity; sid:38015091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturebrasil.com"; dns.query; content:"juicycouturebrasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturebrasil\.com$/i"; classtype:trojan-activity; sid:38172651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturebrasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturebrasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturebrasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturegypt.com"; dns.query; content:"juicycouturegypt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturegypt\.com$/i"; classtype:trojan-activity; sid:38172661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturegypt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturegypt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturegypt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturemalaysiaoutlet.com"; dns.query; content:"juicycouturemalaysiaoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturemalaysiaoutlet\.com$/i"; classtype:trojan-activity; sid:38172671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturemalaysiaoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturemalaysiaoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturemalaysiaoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouture-turkiye.com"; dns.query; content:"juicycouture-turkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-turkiye\.com$/i"; classtype:trojan-activity; sid:38172681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouture-turkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouture-turkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-turkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeldoutletcz.com"; dns.query; content:"karllagerfeldoutletcz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldoutletcz\.com$/i"; classtype:trojan-activity; sid:38172691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeldoutletcz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeldoutletcz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldoutletcz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumacolombiastores.com"; dns.query; content:"pumacolombiastores.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumacolombiastores\.com$/i"; classtype:trojan-activity; sid:38172701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumacolombiastores.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumacolombiastores.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumacolombiastores\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain puma-tenisice-hrvatska.com"; dns.query; content:"puma-tenisice-hrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])puma\-tenisice\-hrvatska\.com$/i"; classtype:trojan-activity; sid:38172711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain puma-tenisice-hrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"puma-tenisice-hrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])puma\-tenisice\-hrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert ip $HOME_NET any -> 154.223.20.108 8443 (msg: "MISP e27681 [Bianlian Go Trojan,KAOPU-HK Kaopu Cloud HK Limited] Outgoing To IP: 154.223.20.108|8443"; classtype:trojan-activity; sid:38015101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 94.198.50.195 9800 (msg: "MISP e27681 [Bianlian Go Trojan,SMARTAPE] Outgoing To IP: 94.198.50.195|9800"; classtype:trojan-activity; sid:38015111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 94.198.50.195 10000 (msg: "MISP e27681 [Bianlian Go Trojan,SMARTAPE] Outgoing To IP: 94.198.50.195|10000"; classtype:trojan-activity; sid:38015121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 45.87.246.76 443 (msg: "MISP e27681 [Havoc,KVMKA] Outgoing To IP: 45.87.246.76|443"; classtype:trojan-activity; sid:38015131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 79.114.226.14 443 (msg: "MISP e27681 [QakBot,RCS-RDS 73-75 Dr. Staicovici] Outgoing To IP: 79.114.226.14|443"; classtype:trojan-activity; sid:38015141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 167.88.160.158 8888 (msg: "MISP e27681 [ROUTERHOSTING,Supershell] Outgoing To IP: 167.88.160.158|8888"; classtype:trojan-activity; sid:38015151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 146.56.238.25 8888 (msg: "MISP e27681 [Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 146.56.238.25|8888"; classtype:trojan-activity; sid:38015161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 142.202.242.172 30098 (msg: "MISP e27681 [RedLineStealer] Outgoing To IP: 142.202.242.172|30098"; classtype:trojan-activity; sid:38015171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> 154.92.19.29 999 (msg: "MISP e27681 [CobaltStrike,cs-watermark-987654321,YISUCLOUDLTD-HK YISU CLOUD LTD] Outgoing URL http|3a|//154.92.19.29|3a|999/updates"; flow:to_server,established; http.header; content:"154.92.19.29"; fast_pattern; nocase; http.uri; content:"/updates"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38015181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert http $HOME_NET any -> 170.130.55.104 8080 (msg: "MISP e27681 [AS62904,CobaltStrike,cs-watermark-1357776117] Outgoing URL http|3a|//170.130.55.104|3a|8080/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"170.130.55.104"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38015201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 45.74.36.210 80 (msg: "MISP e27681 [CDNEXT,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 45.74.36.210|80"; classtype:trojan-activity; sid:38015211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 194.165.16.59 443 (msg: "MISP e27681 [CobaltStrike,cs-watermark-674054486,FLYSERVERS-ENDCLIENTS] Outgoing To IP: 194.165.16.59|443"; classtype:trojan-activity; sid:38015251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27681;) alert ip $HOME_NET any -> 204.95.99.109 5552 (msg: "MISP e27714 [njrat] Outgoing To IP: 204.95.99.109|5552"; classtype:trojan-activity; sid:38018021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27714 [AZORult] Outgoing URL http|3a|//xcelonline.000webhostapp.com/index.php"; flow:to_server,established; http.header; content:"xcelonline.000webhostapp.com"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 45.128.232.59 59666 (msg: "MISP e27714 [c2,Mirai] Outgoing To IP: 45.128.232.59|59666"; classtype:trojan-activity; sid:38017981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 91.92.243.162 45162 (msg: "MISP e27714 [infostealer,RedLine,stealer] Outgoing To IP: 91.92.243.162|45162"; classtype:trojan-activity; sid:38017991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27714 [SocGholish] Domain apifunctioncall.com"; dns.query; content:"apifunctioncall.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])apifunctioncall\.com$/i"; classtype:trojan-activity; sid:38018001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27714 [SocGholish] Outgoing HTTP Domain apifunctioncall.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"apifunctioncall.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])apifunctioncall\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38018002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27714 [SocGholish] Domain asyncawaitapi.com"; dns.query; content:"asyncawaitapi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asyncawaitapi\.com$/i"; classtype:trojan-activity; sid:38018011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27714 [SocGholish] Outgoing HTTP Domain asyncawaitapi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asyncawaitapi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asyncawaitapi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38018012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 154.90.49.110 7443 (msg: "MISP e27714 [KAOPU-HK Kaopu Cloud HK Limited,Mythic] Outgoing To IP: 154.90.49.110|7443"; classtype:trojan-activity; sid:38018041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 50.19.168.53 443 (msg: "MISP e27714 [AMAZON-AES,Deimos] Outgoing To IP: 50.19.168.53|443"; classtype:trojan-activity; sid:38018051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 37.1.212.112 443 (msg: "MISP e27714 [Havoc,HVC-AS] Outgoing To IP: 37.1.212.112|443"; classtype:trojan-activity; sid:38018061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 122.114.192.234 80 (msg: "MISP e27714 [CHINA169-BACKBONE CHINA UNICOM China169 Backbone,Havoc] Outgoing To IP: 122.114.192.234|80"; classtype:trojan-activity; sid:38018071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 122.114.10.11 80 (msg: "MISP e27714 [CHINA169-BACKBONE CHINA UNICOM China169 Backbone,Havoc] Outgoing To IP: 122.114.10.11|80"; classtype:trojan-activity; sid:38018081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 122.114.197.147 80 (msg: "MISP e27714 [CHINA169-BACKBONE CHINA UNICOM China169 Backbone,Havoc] Outgoing To IP: 122.114.197.147|80"; classtype:trojan-activity; sid:38018091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 122.114.156.47 80 (msg: "MISP e27714 [CHINA169-BACKBONE CHINA UNICOM China169 Backbone,Havoc] Outgoing To IP: 122.114.156.47|80"; classtype:trojan-activity; sid:38018101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 122.114.192.32 80 (msg: "MISP e27714 [CHINA169-BACKBONE CHINA UNICOM China169 Backbone,Havoc] Outgoing To IP: 122.114.192.32|80"; classtype:trojan-activity; sid:38018111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 122.114.225.100 80 (msg: "MISP e27714 [CHINA169-BACKBONE CHINA UNICOM China169 Backbone,Havoc] Outgoing To IP: 122.114.225.100|80"; classtype:trojan-activity; sid:38018121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 104.248.92.16 445 (msg: "MISP e27714 [DIGITALOCEAN-ASN,Responder] Outgoing To IP: 104.248.92.16|445"; classtype:trojan-activity; sid:38018131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 175.10.220.200 4432 (msg: "MISP e27714 [CHINANET-BACKBONE No.31Jin-rong Street,QakBot] Outgoing To IP: 175.10.220.200|4432"; classtype:trojan-activity; sid:38018141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 72.27.34.29 443 (msg: "MISP e27714 [FLOW-NET,QakBot] Outgoing To IP: 72.27.34.29|443"; classtype:trojan-activity; sid:38018151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 70.31.127.214 2222 (msg: "MISP e27714 [BACOM,QakBot] Outgoing To IP: 70.31.127.214|2222"; classtype:trojan-activity; sid:38018161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 23.93.94.187 443 (msg: "MISP e27714 [AS-SONICTELECOM,QakBot] Outgoing To IP: 23.93.94.187|443"; classtype:trojan-activity; sid:38018171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 64.23.194.166 80 (msg: "MISP e27714 [DIGITALOCEAN-ASN,Hookbot Pegasus] Outgoing To IP: 64.23.194.166|80"; classtype:trojan-activity; sid:38018181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 66.103.202.47 80 (msg: "MISP e27714 [Hookbot Pegasus,MULTA-ASN1] Outgoing To IP: 66.103.202.47|80"; classtype:trojan-activity; sid:38018191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 66.103.202.31 80 (msg: "MISP e27714 [Hookbot Pegasus,MULTA-ASN1] Outgoing To IP: 66.103.202.31|80"; classtype:trojan-activity; sid:38018201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 143.110.180.125 80 (msg: "MISP e27714 [DIGITALOCEAN-ASN,Hookbot Pegasus] Outgoing To IP: 143.110.180.125|80"; classtype:trojan-activity; sid:38018211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 185.196.11.210 80 (msg: "MISP e27714 [Hookbot Pegasus,SIMPLECARRIER] Outgoing To IP: 185.196.11.210|80"; classtype:trojan-activity; sid:38018221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 194.33.191.105 50555 (msg: "MISP e27714 [Hookbot Pegasus,UNKNOW] Outgoing To IP: 194.33.191.105|50555"; classtype:trojan-activity; sid:38018231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 103.186.117.66 1906 (msg: "MISP e27714 [RAT,RemcosRAT] Outgoing To IP: 103.186.117.66|1906"; classtype:trojan-activity; sid:38018241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27853 [] Hostname elalermennederim.online"; dns.query; content:"elalermennederim.online"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])elalermennederim\.online$/i"; classtype:trojan-activity; sid:38131161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27853;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27853 [] Outgoing HTTP Hostname elalermennederim.online"; flow:to_server,established; http.header; content: "Host|3a| elalermennederim.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])elalermennederim\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38131162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27853;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27853 [] Outgoing URL http|3a|//elalermennederim.online"; flow:to_server,established; http.header; content:"elalermennederim.online"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38131181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27853;) alert ip $HOME_NET any -> 49.13.32.231 443 (msg: "MISP e27714 [Vidar] Outgoing To IP: 49.13.32.231|443"; classtype:trojan-activity; sid:38018281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 116.202.4.240 443 (msg: "MISP e27714 [Vidar] Outgoing To IP: 116.202.4.240|443"; classtype:trojan-activity; sid:38018291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 88.198.107.0 443 (msg: "MISP e27714 [Vidar] Outgoing To IP: 88.198.107.0|443"; classtype:trojan-activity; sid:38018301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27802 [] Source Email Address: info@unfallgutachten24.nrw"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"info@unfallgutachten24.nrw"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38087531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27802;) alert ip 109.237.142.242 any -> $HOME_NET any (msg: "MISP e27802 [] Incoming From IP: 109.237.142.242"; classtype:trojan-activity; sid:38087541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27802;) alert http $HOME_NET any -> 8.219.54.123 $HTTP_PORTS (msg: "MISP e27714 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//8.219.54.123/ptj"; flow:to_server,established; http.header; content:"8.219.54.123"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 185.246.67.26 $HTTP_PORTS (msg: "MISP e27714 [dcrat] Outgoing URL http|3a|//185.246.67.26/limitgameruleboot/systemcore/war/basewordpressdatalife.php"; flow:to_server,established; http.header; content:"185.246.67.26"; fast_pattern; nocase; http.uri; content:"/limitgameruleboot/systemcore/war/basewordpressdatalife.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e24600 [] Domain grameenbazar.com"; dns.query; content:"grameenbazar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])grameenbazar\.com$/i"; classtype:trojan-activity; sid:38181111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain grameenbazar.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"grameenbazar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])grameenbazar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38181112; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert dns any any -> any any (msg: "MISP e27007 [] Domain barboursnorge.com"; dns.query; content:"barboursnorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])barboursnorge\.com$/i"; classtype:trojan-activity; sid:38172721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain barboursnorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"barboursnorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])barboursnorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain barboursosterreich.com"; dns.query; content:"barboursosterreich.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])barboursosterreich\.com$/i"; classtype:trojan-activity; sid:38172731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain barboursosterreich.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"barboursosterreich.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])barboursosterreich\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain botyclarkscz.com"; dns.query; content:"botyclarkscz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])botyclarkscz\.com$/i"; classtype:trojan-activity; sid:38172741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain botyclarkscz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"botyclarkscz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])botyclarkscz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarksoutletsromania.com"; dns.query; content:"clarksoutletsromania.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksoutletsromania\.com$/i"; classtype:trojan-activity; sid:38172751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarksoutletsromania.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarksoutletsromania.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarksoutletsromania\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarkspolskasklep.com"; dns.query; content:"clarkspolskasklep.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkspolskasklep\.com$/i"; classtype:trojan-activity; sid:38172761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarkspolskasklep.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarkspolskasklep.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarkspolskasklep\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain clarks-romaniaonline.com"; dns.query; content:"clarks-romaniaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-romaniaonline\.com$/i"; classtype:trojan-activity; sid:38172771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain clarks-romaniaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"clarks-romaniaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])clarks\-romaniaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymshark-egypt.com"; dns.query; content:"gymshark-egypt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-egypt\.com$/i"; classtype:trojan-activity; sid:38172781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymshark-egypt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymshark-egypt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-egypt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hestraglovesaustralia.com"; dns.query; content:"hestraglovesaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovesaustralia\.com$/i"; classtype:trojan-activity; sid:38172791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hestraglovesaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hestraglovesaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovesaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hestraglovescanada.com"; dns.query; content:"hestraglovescanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovescanada\.com$/i"; classtype:trojan-activity; sid:38172801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hestraglovescanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hestraglovescanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovescanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hestraglovesuk.com"; dns.query; content:"hestraglovesuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovesuk\.com$/i"; classtype:trojan-activity; sid:38172811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hestraglovesuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hestraglovesuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hestraglovesuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanema-ch.com"; dns.query; content:"ipanema-ch.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanema\-ch\.com$/i"; classtype:trojan-activity; sid:38172821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanema-ch.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanema-ch.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanema\-ch\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemachinelos.com"; dns.query; content:"ipanemachinelos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemachinelos\.com$/i"; classtype:trojan-activity; sid:38172831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemachinelos.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemachinelos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemachinelos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanema-cl.com"; dns.query; content:"ipanema-cl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanema\-cl\.com$/i"; classtype:trojan-activity; sid:38172841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanema-cl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanema-cl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanema\-cl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemadenmark.com"; dns.query; content:"ipanemadenmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemadenmark\.com$/i"; classtype:trojan-activity; sid:38172851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemadenmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemadenmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemadenmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemaindonesia.com"; dns.query; content:"ipanemaindonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemaindonesia\.com$/i"; classtype:trojan-activity; sid:38172861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemaindonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemaindonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemaindonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemajapanke.com"; dns.query; content:"ipanemajapanke.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemajapanke\.com$/i"; classtype:trojan-activity; sid:38172871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemajapanke.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemajapanke.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemajapanke\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemapapuci.com"; dns.query; content:"ipanemapapuci.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemapapuci\.com$/i"; classtype:trojan-activity; sid:38172881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemapapuci.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemapapuci.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemapapuci\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemashoescanada.com"; dns.query; content:"ipanemashoescanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemashoescanada\.com$/i"; classtype:trojan-activity; sid:38172891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemashoescanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemashoescanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemashoescanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouture-deutschland.com"; dns.query; content:"juicycouture-deutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-deutschland\.com$/i"; classtype:trojan-activity; sid:38172901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouture-deutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouture-deutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-deutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouture-espana.com"; dns.query; content:"juicycouture-espana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-espana\.com$/i"; classtype:trojan-activity; sid:38172911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouture-espana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouture-espana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-espana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouture-ksa.com"; dns.query; content:"juicycouture-ksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-ksa\.com$/i"; classtype:trojan-activity; sid:38172921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouture-ksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouture-ksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-ksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturelisboa.com"; dns.query; content:"juicycouturelisboa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturelisboa\.com$/i"; classtype:trojan-activity; sid:38172931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturelisboa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturelisboa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturelisboa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturephilippinesstores.com"; dns.query; content:"juicycouturephilippinesstores.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturephilippinesstores\.com$/i"; classtype:trojan-activity; sid:38172941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturephilippinesstores.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturephilippinesstores.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturephilippinesstores\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturesingaporeoutlet.com"; dns.query; content:"juicycouturesingaporeoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturesingaporeoutlet\.com$/i"; classtype:trojan-activity; sid:38172951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturesingaporeoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturesingaporeoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturesingaporeoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycoutureswitzerland.com"; dns.query; content:"juicycoutureswitzerland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycoutureswitzerland\.com$/i"; classtype:trojan-activity; sid:38172961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycoutureswitzerland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycoutureswitzerland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycoutureswitzerland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeld-ca.com"; dns.query; content:"karllagerfeld-ca.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeld\-ca\.com$/i"; classtype:trojan-activity; sid:38172971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeld-ca.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeld-ca.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeld\-ca\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeldde.com"; dns.query; content:"karllagerfeldde.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldde\.com$/i"; classtype:trojan-activity; sid:38172981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeldde.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeldde.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldde\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeld-hrvatska.com"; dns.query; content:"karllagerfeld-hrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeld\-hrvatska\.com$/i"; classtype:trojan-activity; sid:38172991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeld-hrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeld-hrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeld\-hrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38172992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeld-slovensko.com"; dns.query; content:"karllagerfeld-slovensko.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeld\-slovensko\.com$/i"; classtype:trojan-activity; sid:38173001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeld-slovensko.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeld-slovensko.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeld\-slovensko\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeldsouth-africa.com"; dns.query; content:"karllagerfeldsouth-africa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldsouth\-africa\.com$/i"; classtype:trojan-activity; sid:38173011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeldsouth-africa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeldsouth-africa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldsouth\-africa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeldtorbesi.com"; dns.query; content:"karllagerfeldtorbesi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldtorbesi\.com$/i"; classtype:trojan-activity; sid:38173021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeldtorbesi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeldtorbesi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldtorbesi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeld-uk.com"; dns.query; content:"karllagerfeld-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeld\-uk\.com$/i"; classtype:trojan-activity; sid:38173031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeld-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeld-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeld\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-australia.com"; dns.query; content:"lecoqsportif-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-australia\.com$/i"; classtype:trojan-activity; sid:38173041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-danmark.com"; dns.query; content:"lecoqsportif-danmark.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-danmark\.com$/i"; classtype:trojan-activity; sid:38173051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-danmark.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-danmark.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-danmark\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportiflojasportugal.com"; dns.query; content:"lecoqsportiflojasportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportiflojasportugal\.com$/i"; classtype:trojan-activity; sid:38173061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportiflojasportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportiflojasportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportiflojasportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-nederland.com"; dns.query; content:"lecoqsportif-nederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-nederland\.com$/i"; classtype:trojan-activity; sid:38173071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-nederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-nederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-nederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifnz.com"; dns.query; content:"lecoqsportifnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifnz\.com$/i"; classtype:trojan-activity; sid:38173081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-slovensko.com"; dns.query; content:"lecoqsportif-slovensko.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-slovensko\.com$/i"; classtype:trojan-activity; sid:38173091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-slovensko.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-slovensko.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-slovensko\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-southafrica.com"; dns.query; content:"lecoqsportif-southafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-southafrica\.com$/i"; classtype:trojan-activity; sid:38173101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-southafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-southafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-southafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifuaestore.com"; dns.query; content:"lecoqsportifuaestore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifuaestore\.com$/i"; classtype:trojan-activity; sid:38173111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifuaestore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifuaestore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifuaestore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifukstores.com"; dns.query; content:"lecoqsportifukstores.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifukstores\.com$/i"; classtype:trojan-activity; sid:38173121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifukstores.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifukstores.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifukstores\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonmadrid.com"; dns.query; content:"lululemonmadrid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonmadrid\.com$/i"; classtype:trojan-activity; sid:38173131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonmadrid.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonmadrid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonmadrid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lululemonnorway.com"; dns.query; content:"lululemonnorway.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonnorway\.com$/i"; classtype:trojan-activity; sid:38173141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lululemonnorway.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lululemonnorway.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lululemonnorway\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunofactoryoutletusa.com"; dns.query; content:"mizunofactoryoutletusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunofactoryoutletusa\.com$/i"; classtype:trojan-activity; sid:38173151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunofactoryoutletusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunofactoryoutletusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunofactoryoutletusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizuno-israel.com"; dns.query; content:"mizuno-israel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-israel\.com$/i"; classtype:trojan-activity; sid:38173161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizuno-israel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizuno-israel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-israel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoeindia.com"; dns.query; content:"mizunoshoeindia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeindia\.com$/i"; classtype:trojan-activity; sid:38173171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoeindia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoeindia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoeindia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunostoreaustralia.com"; dns.query; content:"mizunostoreaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunostoreaustralia\.com$/i"; classtype:trojan-activity; sid:38173181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunostoreaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunostoreaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunostoreaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain oakleymalaysia.com"; dns.query; content:"oakleymalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])oakleymalaysia\.com$/i"; classtype:trojan-activity; sid:38173191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain oakleymalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oakleymalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oakleymalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain oakleyuaeshop.com"; dns.query; content:"oakleyuaeshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])oakleyuaeshop\.com$/i"; classtype:trojan-activity; sid:38173201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain oakleyuaeshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oakleyuaeshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oakleyuaeshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollysingapore.com"; dns.query; content:"ohpollysingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollysingapore\.com$/i"; classtype:trojan-activity; sid:38173211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollysingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollysingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollysingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onitsuka-singapore.com"; dns.query; content:"onitsuka-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsuka\-singapore\.com$/i"; classtype:trojan-activity; sid:38173221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onitsuka-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onitsuka-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsuka\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onitsukasingaporeoutlet.com"; dns.query; content:"onitsukasingaporeoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukasingaporeoutlet\.com$/i"; classtype:trojan-activity; sid:38173231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onitsukasingaporeoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onitsukasingaporeoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukasingaporeoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pleasershoesuk.com"; dns.query; content:"pleasershoesuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoesuk\.com$/i"; classtype:trojan-activity; sid:38173241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pleasershoesuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pleasershoesuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pleasershoesuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumagreece-gr.com"; dns.query; content:"pumagreece-gr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumagreece\-gr\.com$/i"; classtype:trojan-activity; sid:38173251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumagreece-gr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumagreece-gr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumagreece\-gr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain puma-store-peru.com"; dns.query; content:"puma-store-peru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])puma\-store\-peru\.com$/i"; classtype:trojan-activity; sid:38173261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain puma-store-peru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"puma-store-peru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])puma\-store\-peru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain repettosingapore.com"; dns.query; content:"repettosingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])repettosingapore\.com$/i"; classtype:trojan-activity; sid:38173271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain repettosingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"repettosingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])repettosingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sauconyportugaloutlets.com"; dns.query; content:"sauconyportugaloutlets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sauconyportugaloutlets\.com$/i"; classtype:trojan-activity; sid:38173281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sauconyportugaloutlets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sauconyportugaloutlets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sauconyportugaloutlets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tiendasbarbourespana.com"; dns.query; content:"tiendasbarbourespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendasbarbourespana\.com$/i"; classtype:trojan-activity; sid:38173291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tiendasbarbourespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tiendasbarbourespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tiendasbarbourespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligioncanadajeans.com"; dns.query; content:"truereligioncanadajeans.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligioncanadajeans\.com$/i"; classtype:trojan-activity; sid:38173301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligioncanadajeans.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligioncanadajeans.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligioncanadajeans\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeanssouthafrica.com"; dns.query; content:"truereligionjeanssouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeanssouthafrica\.com$/i"; classtype:trojan-activity; sid:38173311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeanssouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeanssouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeanssouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionjeansusa.com"; dns.query; content:"truereligionjeansusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansusa\.com$/i"; classtype:trojan-activity; sid:38173321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionjeansusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionjeansusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionjeansusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain truereligionoutletnz.com"; dns.query; content:"truereligionoutletnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionoutletnz\.com$/i"; classtype:trojan-activity; sid:38173331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain truereligionoutletnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"truereligionoutletnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])truereligionoutletnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> 79.124.40.106 81 (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,Tamatiya EOOD] Outgoing URL http|3a|//79.124.40.106|3a|81/ptj"; flow:to_server,established; http.header; content:"79.124.40.106"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 81.19.138.57 $HTTP_PORTS (msg: "MISP e27714 [Alviva Holding Limited,CobaltStrike,cs-watermark-1580103824] Outgoing URL http|3a|//81.19.138.57/ptj"; flow:to_server,established; http.header; content:"81.19.138.57"; fast_pattern; nocase; http.uri; content:"/ptj"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 221.150.72.75 $HTTP_PORTS (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,Korea Telecom] Outgoing URL http|3a|//221.150.72.75/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"221.150.72.75"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 194.169.175.31 2323 (msg: "MISP e27714 [c2,Mirai] Outgoing To IP: 194.169.175.31|2323"; classtype:trojan-activity; sid:38018331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 194.169.175.33 2323 (msg: "MISP e27714 [c2,Mirai] Outgoing To IP: 194.169.175.33|2323"; classtype:trojan-activity; sid:38018341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 51.89.157.32 4200 (msg: "MISP e27714 [c2,Mirai] Outgoing To IP: 51.89.157.32|4200"; classtype:trojan-activity; sid:38018351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 141.98.7.7 2 (msg: "MISP e27714 [c2,Mirai] Outgoing To IP: 141.98.7.7|2"; classtype:trojan-activity; sid:38018371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 94.156.69.226 1337 (msg: "MISP e27714 [AS394711,c2,censys,LIMENET,NL,RAT] Outgoing To IP: 94.156.69.226|1337"; classtype:trojan-activity; sid:38018381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 15.204.211.32 888 (msg: "MISP e27714 [c2,Mirai] Outgoing To IP: 15.204.211.32|888"; classtype:trojan-activity; sid:38018361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27714 [Mirai] Domain neko.ltd"; dns.query; content:"neko.ltd"; nocase; pcre: "/(^|[^A-Za-z0-9-])neko\.ltd$/i"; classtype:trojan-activity; sid:38018391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27714 [Mirai] Outgoing HTTP Domain neko.ltd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"neko.ltd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])neko\.ltd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38018392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27714 [Mirai] Domain rx.neko.ltd"; dns.query; content:"rx.neko.ltd"; nocase; pcre: "/(^|[^A-Za-z0-9-])rx\.neko\.ltd$/i"; classtype:trojan-activity; sid:38018401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27714 [Mirai] Outgoing HTTP Domain rx.neko.ltd"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rx.neko.ltd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rx\.neko\.ltd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38018402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27714 [Mirai] Domain catgirls.network"; dns.query; content:"catgirls.network"; nocase; pcre: "/(^|[^A-Za-z0-9-])catgirls\.network$/i"; classtype:trojan-activity; sid:38018411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27714 [Mirai] Outgoing HTTP Domain catgirls.network"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"catgirls.network"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])catgirls\.network[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38018412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 91.92.246.100 4443 (msg: "MISP e27714 [AS394711,c2,censys,LIMENET,NL,RAT] Outgoing To IP: 91.92.246.100|4443"; classtype:trojan-activity; sid:38018431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27714 [] Domain nekololis.ovh"; dns.query; content:"nekololis.ovh"; nocase; pcre: "/(^|[^A-Za-z0-9-])nekololis\.ovh$/i"; classtype:trojan-activity; sid:38018421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27714 [] Outgoing HTTP Domain nekololis.ovh"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nekololis.ovh"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nekololis\.ovh[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38018422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 43.143.143.195 6666 (msg: "MISP e27714 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//43.143.143.195|3a|6666/cm"; flow:to_server,established; http.header; content:"43.143.143.195"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 82.157.169.10 7999 (msg: "MISP e27714 [CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//82.157.169.10|3a|7999/fwlink"; flow:to_server,established; http.header; content:"82.157.169.10"; fast_pattern; nocase; http.uri; content:"/fwlink"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 8.136.241.0 $HTTP_PORTS (msg: "MISP e27714 [CobaltStrike,cs-watermark-666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing URL http|3a|//8.136.241.0/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"8.136.241.0"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 5.34.179.101 443 (msg: "MISP e27714 [CobaltStrike,cs-watermark-391144938,GREENFLOID-AS] Outgoing To IP: 5.34.179.101|443"; classtype:trojan-activity; sid:38018571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 5.34.179.101 $HTTP_PORTS (msg: "MISP e27714 [CobaltStrike,cs-watermark-391144938,GREENFLOID-AS] Outgoing URL http|3a|//5.34.179.101/quit/message/amd"; flow:to_server,established; http.header; content:"5.34.179.101"; fast_pattern; nocase; http.uri; content:"/quit/message/amd"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 5.34.179.101 80 (msg: "MISP e27714 [CobaltStrike,cs-watermark-391144938,GREENFLOID-AS] Outgoing To IP: 5.34.179.101|80"; classtype:trojan-activity; sid:38018601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27807 [] Domain undercooksimilarly.cloud"; dns.query; content:"undercooksimilarly.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-])undercooksimilarly\.cloud$/i"; classtype:trojan-activity; sid:38087681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27807;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27807 [] Outgoing HTTP Domain undercooksimilarly.cloud"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"undercooksimilarly.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])undercooksimilarly\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38087682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27807;) alert dns any any -> any any (msg: "MISP e27007 [] Domain colsinbase-seccoutconfirminfo.com"; dns.query; content:"colsinbase-seccoutconfirminfo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])colsinbase\-seccoutconfirminfo\.com$/i"; classtype:trojan-activity; sid:38173341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain colsinbase-seccoutconfirminfo.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"colsinbase-seccoutconfirminfo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])colsinbase\-seccoutconfirminfo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain crocshungary-hu.com"; dns.query; content:"crocshungary-hu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])crocshungary\-hu\.com$/i"; classtype:trojan-activity; sid:38173351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain crocshungary-hu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crocshungary-hu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crocshungary\-hu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain frankiesbikinisoutlet.com"; dns.query; content:"frankiesbikinisoutlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisoutlet\.com$/i"; classtype:trojan-activity; sid:38173361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain frankiesbikinisoutlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"frankiesbikinisoutlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])frankiesbikinisoutlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hoka-south-africa.com"; dns.query; content:"hoka-south-africa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hoka\-south\-africa\.com$/i"; classtype:trojan-activity; sid:38173371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hoka-south-africa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hoka-south-africa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hoka\-south\-africa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanemaaustraliaau.com"; dns.query; content:"ipanemaaustraliaau.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemaaustraliaau\.com$/i"; classtype:trojan-activity; sid:38173381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanemaaustraliaau.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanemaaustraliaau.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanemaaustraliaau\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanema-brazil.com"; dns.query; content:"ipanema-brazil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanema\-brazil\.com$/i"; classtype:trojan-activity; sid:38173391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanema-brazil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanema-brazil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanema\-brazil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jordans-greece.com"; dns.query; content:"jordans-greece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jordans\-greece\.com$/i"; classtype:trojan-activity; sid:38173401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jordans-greece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jordans-greece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jordans\-greece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturebelgium.com"; dns.query; content:"juicycouturebelgium.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturebelgium\.com$/i"; classtype:trojan-activity; sid:38173411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturebelgium.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturebelgium.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturebelgium\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturenorway.com"; dns.query; content:"juicycouturenorway.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturenorway\.com$/i"; classtype:trojan-activity; sid:38173421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturenorway.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturenorway.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturenorway\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicytracksuitaustralia.com"; dns.query; content:"juicytracksuitaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicytracksuitaustralia\.com$/i"; classtype:trojan-activity; sid:38173431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicytracksuitaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicytracksuitaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicytracksuitaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeldau.com"; dns.query; content:"karllagerfeldau.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldau\.com$/i"; classtype:trojan-activity; sid:38173441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeldau.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeldau.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldau\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeldoutletat.com"; dns.query; content:"karllagerfeldoutletat.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldoutletat\.com$/i"; classtype:trojan-activity; sid:38173451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeldoutletat.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeldoutletat.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldoutletat\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeldserbia.com"; dns.query; content:"karllagerfeldserbia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldserbia\.com$/i"; classtype:trojan-activity; sid:38173461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeldserbia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeldserbia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldserbia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifaustria.com"; dns.query; content:"lecoqsportifaustria.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifaustria\.com$/i"; classtype:trojan-activity; sid:38173471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifaustria.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifaustria.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifaustria\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-colombia.com"; dns.query; content:"lecoqsportif-colombia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-colombia\.com$/i"; classtype:trojan-activity; sid:38173481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-colombia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-colombia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-colombia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifgreeceeshop.com"; dns.query; content:"lecoqsportifgreeceeshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifgreeceeshop\.com$/i"; classtype:trojan-activity; sid:38173491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifgreeceeshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifgreeceeshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifgreeceeshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifpanorge.com"; dns.query; content:"lecoqsportifpanorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifpanorge\.com$/i"; classtype:trojan-activity; sid:38173501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifpanorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifpanorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifpanorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-philippines.com"; dns.query; content:"lecoqsportif-philippines.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-philippines\.com$/i"; classtype:trojan-activity; sid:38173511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-philippines.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-philippines.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-philippines\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-polska.com"; dns.query; content:"lecoqsportif-polska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-polska\.com$/i"; classtype:trojan-activity; sid:38173521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-polska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-polska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-polska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunomalaysia-outlet.com"; dns.query; content:"mizunomalaysia-outlet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunomalaysia\-outlet\.com$/i"; classtype:trojan-activity; sid:38173531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunomalaysia-outlet.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunomalaysia-outlet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunomalaysia\-outlet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunonl.com"; dns.query; content:"mizunonl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunonl\.com$/i"; classtype:trojan-activity; sid:38173541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunonl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunonl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunonl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain onitsukashoesmexico.com"; dns.query; content:"onitsukashoesmexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesmexico\.com$/i"; classtype:trojan-activity; sid:38173551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain onitsukashoesmexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onitsukashoesmexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onitsukashoesmexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain rimowagermany.com"; dns.query; content:"rimowagermany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowagermany\.com$/i"; classtype:trojan-activity; sid:38173561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain rimowagermany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rimowagermany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rimowagermany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sauconyenperu.com"; dns.query; content:"sauconyenperu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sauconyenperu\.com$/i"; classtype:trojan-activity; sid:38173571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sauconyenperu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sauconyenperu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sauconyenperu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakercanada.com"; dns.query; content:"ted-bakercanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakercanada\.com$/i"; classtype:trojan-activity; sid:38173581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakercanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakercanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakercanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakergreece.com"; dns.query; content:"ted-bakergreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakergreece\.com$/i"; classtype:trojan-activity; sid:38173591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakergreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakergreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakergreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerie.com"; dns.query; content:"tedbakerie.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerie\.com$/i"; classtype:trojan-activity; sid:38173601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerie.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerie.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerie\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeroutletnederland.com"; dns.query; content:"tedbakeroutletnederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletnederland\.com$/i"; classtype:trojan-activity; sid:38173611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeroutletnederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeroutletnederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletnederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakersouthafricasale.com"; dns.query; content:"tedbakersouthafricasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersouthafricasale\.com$/i"; classtype:trojan-activity; sid:38173621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakersouthafricasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakersouthafricasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakersouthafricasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tommy-hilfigersalecanada.com"; dns.query; content:"tommy-hilfigersalecanada.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tommy\-hilfigersalecanada\.com$/i"; classtype:trojan-activity; sid:38173631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tommy-hilfigersalecanada.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tommy-hilfigersalecanada.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tommy\-hilfigersalecanada\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27812 [] Domain venipak.safedealmoney.site"; dns.query; content:"venipak.safedealmoney.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safedealmoney\.site$/i"; classtype:trojan-activity; sid:38087901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27812;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27812 [] Outgoing HTTP Domain venipak.safedealmoney.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"venipak.safedealmoney.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safedealmoney\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38087902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27812;) alert dns any any -> any any (msg: "MISP e27007 [] Domain haflingerslippersaustralia.com"; dns.query; content:"haflingerslippersaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])haflingerslippersaustralia\.com$/i"; classtype:trojan-activity; sid:38173641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain haflingerslippersaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haflingerslippersaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haflingerslippersaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain haflingerslippersireland.com"; dns.query; content:"haflingerslippersireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])haflingerslippersireland\.com$/i"; classtype:trojan-activity; sid:38173651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain haflingerslippersireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haflingerslippersireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haflingerslippersireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain haflingerslippersnz.com"; dns.query; content:"haflingerslippersnz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])haflingerslippersnz\.com$/i"; classtype:trojan-activity; sid:38173661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain haflingerslippersnz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haflingerslippersnz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haflingerslippersnz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain haflingerslipperswebsite.com"; dns.query; content:"haflingerslipperswebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])haflingerslipperswebsite\.com$/i"; classtype:trojan-activity; sid:38173671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain haflingerslipperswebsite.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"haflingerslipperswebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])haflingerslipperswebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain nativeshoesdublin.com"; dns.query; content:"nativeshoesdublin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nativeshoesdublin\.com$/i"; classtype:trojan-activity; sid:38173681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain nativeshoesdublin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nativeshoesdublin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nativeshoesdublin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain speedohrvatska.com"; dns.query; content:"speedohrvatska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])speedohrvatska\.com$/i"; classtype:trojan-activity; sid:38173691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain speedohrvatska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"speedohrvatska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])speedohrvatska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain speedoireland.com"; dns.query; content:"speedoireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])speedoireland\.com$/i"; classtype:trojan-activity; sid:38173701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain speedoireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"speedoireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])speedoireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27714 [CobaltStrike,cs-watermark-100000,HostPapa] Domain bbo.microsoft360.xyz"; dns.query; content:"bbo.microsoft360.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])bbo\.microsoft360\.xyz$/i"; classtype:trojan-activity; sid:38018611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27714 [CobaltStrike,cs-watermark-100000,HostPapa] Outgoing HTTP Domain bbo.microsoft360.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bbo.microsoft360.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bbo\.microsoft360\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38018612; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27714 [CobaltStrike,cs-watermark-100000,HostPapa] Domain oob.microsoft360.xyz"; dns.query; content:"oob.microsoft360.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])oob\.microsoft360\.xyz$/i"; classtype:trojan-activity; sid:38018621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27714 [CobaltStrike,cs-watermark-100000,HostPapa] Outgoing HTTP Domain oob.microsoft360.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oob.microsoft360.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oob\.microsoft360\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38018622; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 23.95.208.14 53 (msg: "MISP e27714 [CobaltStrike,cs-watermark-100000,HostPapa] Outgoing To IP: 23.95.208.14|53"; classtype:trojan-activity; sid:38018631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27714 [AMAZON-02,CobaltStrike,cs-watermark-331797103] Domain dns.tecbanis.com"; dns.query; content:"dns.tecbanis.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.tecbanis\.com$/i"; classtype:trojan-activity; sid:38018641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27714 [AMAZON-02,CobaltStrike,cs-watermark-331797103] Outgoing HTTP Domain dns.tecbanis.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.tecbanis.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.tecbanis\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38018642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 3.141.100.233 53 (msg: "MISP e27714 [AMAZON-02,CobaltStrike,cs-watermark-331797103] Outgoing To IP: 3.141.100.233|53"; classtype:trojan-activity; sid:38018651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 134.122.129.173 53 (msg: "MISP e27714 [BGPNET Global ASN,CobaltStrike,cs-watermark-100000] Outgoing To IP: 134.122.129.173|53"; classtype:trojan-activity; sid:38018661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 95.179.177.99 9999 (msg: "MISP e27714 [Mirai] Outgoing To IP: 95.179.177.99|9999"; classtype:trojan-activity; sid:38018671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27811 [] Domain venipak.safedealmoney.site"; dns.query; content:"venipak.safedealmoney.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safedealmoney\.site$/i"; classtype:trojan-activity; sid:38087871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27811;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27811 [] Outgoing HTTP Domain venipak.safedealmoney.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"venipak.safedealmoney.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safedealmoney\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38087872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27811;) alert dns any any -> any any (msg: "MISP e27810 [] Domain venipak.safedealmoney.site"; dns.query; content:"venipak.safedealmoney.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safedealmoney\.site$/i"; classtype:trojan-activity; sid:38087841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27810;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27810 [] Outgoing HTTP Domain venipak.safedealmoney.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"venipak.safedealmoney.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safedealmoney\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38087842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27810;) alert dns any any -> any any (msg: "MISP e27808 [] Domain venipak.safedealmoney.site"; dns.query; content:"venipak.safedealmoney.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safedealmoney\.site$/i"; classtype:trojan-activity; sid:38087691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27808;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27808 [] Outgoing HTTP Domain venipak.safedealmoney.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"venipak.safedealmoney.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])venipak\.safedealmoney\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38087692; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27808;) alert http $HOME_NET any -> 69.30.232.226 1433 (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,WholeSale Internet Inc.] Outgoing URL http|3a|//69.30.232.226|3a|1433/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"69.30.232.226"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 69.30.232.227 1433 (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,WholeSale Internet Inc.] Outgoing URL http|3a|//69.30.232.227|3a|1433/match"; flow:to_server,established; http.header; content:"69.30.232.227"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 69.30.232.228 1433 (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,WholeSale Internet Inc.] Outgoing URL http|3a|//69.30.232.228|3a|1433/cm"; flow:to_server,established; http.header; content:"69.30.232.228"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 69.30.232.229 1433 (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,WholeSale Internet Inc.] Outgoing URL http|3a|//69.30.232.229|3a|1433/__utm.gif"; flow:to_server,established; http.header; content:"69.30.232.229"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 69.30.232.230 1433 (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,WholeSale Internet Inc.] Outgoing URL http|3a|//69.30.232.230|3a|1433/g.pixel"; flow:to_server,established; http.header; content:"69.30.232.230"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27797 [] Domain project8852041.tilda.ws"; dns.query; content:"project8852041.tilda.ws"; nocase; pcre: "/(^|[^A-Za-z0-9-])project8852041\.tilda\.ws$/i"; classtype:trojan-activity; sid:38087081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27797;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27797 [] Outgoing HTTP Domain project8852041.tilda.ws"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"project8852041.tilda.ws"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])project8852041\.tilda\.ws[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38087082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27797;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27797 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"bc00ca53d74d111323276fabd05594e5c3ed483253043663f32b4e71d87f6153|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38087101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27797;) alert dns any any -> any any (msg: "MISP e27802 [] Domain ferrofusion.com"; dns.query; content:"ferrofusion.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ferrofusion\.com$/i"; classtype:trojan-activity; sid:38087571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27802;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27802 [] Outgoing HTTP Domain ferrofusion.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ferrofusion.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ferrofusion\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38087572; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27802;) alert dns any any -> any any (msg: "MISP e27714 [Cookie,WSF] Domain 7t.nz"; dns.query; content:"7t.nz"; nocase; pcre: "/(^|[^A-Za-z0-9-])7t\.nz$/i"; classtype:trojan-activity; sid:38018741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27714 [Cookie,WSF] Outgoing HTTP Domain 7t.nz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"7t.nz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])7t\.nz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38018742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 5.75.208.68 $HTTP_PORTS (msg: "MISP e27714 [Vidar] Outgoing URL http|3a|//5.75.208.68/"; flow:to_server,established; http.header; content:"5.75.208.68"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 5.75.208.68 80 (msg: "MISP e27714 [Vidar] Outgoing To IP: 5.75.208.68|80"; classtype:trojan-activity; sid:38018781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 5.75.208.68 443 (msg: "MISP e27714 [Vidar] Outgoing To IP: 5.75.208.68|443"; classtype:trojan-activity; sid:38018791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 95.217.28.198 8081 (msg: "MISP e27714 [Vidar] Outgoing To IP: 95.217.28.198|8081"; classtype:trojan-activity; sid:38018801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 134.122.129.173 4433 (msg: "MISP e27714 [BGPNET Global ASN,CobaltStrike,cs-watermark-100000] Outgoing To IP: 134.122.129.173|4433"; classtype:trojan-activity; sid:38018821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 69.30.232.227 $HTTP_PORTS (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,WholeSale Internet Inc.] Outgoing URL http|3a|//69.30.232.227/ca"; flow:to_server,established; http.header; content:"69.30.232.227"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 69.30.232.228 $HTTP_PORTS (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,WholeSale Internet Inc.] Outgoing URL http|3a|//69.30.232.228/cm"; flow:to_server,established; http.header; content:"69.30.232.228"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 69.30.232.229 $HTTP_PORTS (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,WholeSale Internet Inc.] Outgoing URL http|3a|//69.30.232.229/match"; flow:to_server,established; http.header; content:"69.30.232.229"; fast_pattern; nocase; http.uri; content:"/match"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> 69.30.232.230 $HTTP_PORTS (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,WholeSale Internet Inc.] Outgoing URL http|3a|//69.30.232.230/ca"; flow:to_server,established; http.header; content:"69.30.232.230"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38018861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 69.30.232.230 443 (msg: "MISP e27714 [CobaltStrike,cs-watermark-987654321,WholeSale Internet Inc.] Outgoing To IP: 69.30.232.230|443"; classtype:trojan-activity; sid:38018871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 193.233.132.159 50500 (msg: "MISP e27714 [RiseProStealer] Outgoing To IP: 193.233.132.159|50500"; classtype:trojan-activity; sid:38018881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 95.164.19.54 8085 (msg: "MISP e27714 [Bianlian Go Trojan,STARK-INDUSTRIES] Outgoing To IP: 95.164.19.54|8085"; classtype:trojan-activity; sid:38018891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 37.120.239.146 23250 (msg: "MISP e27714 [Bianlian Go Trojan,M247] Outgoing To IP: 37.120.239.146|23250"; classtype:trojan-activity; sid:38018901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 20.191.195.105 443 (msg: "MISP e27714 [Havoc,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.191.195.105|443"; classtype:trojan-activity; sid:38018911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 124.106.197.167 443 (msg: "MISP e27714 [Havoc,IPG-AS-AP Philippine Long Distance Telephone Company] Outgoing To IP: 124.106.197.167|443"; classtype:trojan-activity; sid:38018921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 210.2.169.247 443 (msg: "MISP e27714 [Havoc,LDN-AS-PK LINKdotNET Telecom Limited] Outgoing To IP: 210.2.169.247|443"; classtype:trojan-activity; sid:38018931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 51.211.208.112 443 (msg: "MISP e27714 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 51.211.208.112|443"; classtype:trojan-activity; sid:38018941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 41.96.29.46 443 (msg: "MISP e27714 [ALGTEL-AS,QakBot] Outgoing To IP: 41.96.29.46|443"; classtype:trojan-activity; sid:38018951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 191.88.250.232 4433 (msg: "MISP e27714 [Colombia Movil,dcrat] Outgoing To IP: 191.88.250.232|4433"; classtype:trojan-activity; sid:38018961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 27.156.108.198 6079 (msg: "MISP e27714 [CHINANET-BACKBONE No.31Jin-rong Street,dcrat] Outgoing To IP: 27.156.108.198|6079"; classtype:trojan-activity; sid:38018971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 34.81.83.87 80 (msg: "MISP e27714 [GOOGLE-CLOUD-PLATFORM,Supershell] Outgoing To IP: 34.81.83.87|80"; classtype:trojan-activity; sid:38018981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 137.184.177.175 80 (msg: "MISP e27714 [DIGITALOCEAN-ASN,Hookbot Pegasus] Outgoing To IP: 137.184.177.175|80"; classtype:trojan-activity; sid:38018991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 114.130.36.120 80 (msg: "MISP e27714 [Hookbot Pegasus,MANGOTELESERVICE-AS-BD Tire-1 IP Transit Provider of Bangladesh] Outgoing To IP: 114.130.36.120|80"; classtype:trojan-activity; sid:38019001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 110.42.102.82 6688 (msg: "MISP e27714 [Gh0stRAT] Outgoing To IP: 110.42.102.82|6688"; classtype:trojan-activity; sid:38019011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 115.231.218.42 14363 (msg: "MISP e27714 [Gh0stRAT] Outgoing To IP: 115.231.218.42|14363"; classtype:trojan-activity; sid:38019021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip $HOME_NET any -> 124.248.69.29 14363 (msg: "MISP e27714 [Gh0stRAT] Outgoing To IP: 124.248.69.29|14363"; classtype:trojan-activity; sid:38019031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27796 [diamond-model:Infrastructure] Outgoing URL http|3a|//ad2.gotdns.ch/ps"; flow:to_server,established; http.header; content:"ad2.gotdns.ch"; fast_pattern; nocase; http.uri; content:"/ps"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38086971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27796;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27796 [diamond-model:Infrastructure] Outgoing URL http|3a|//ad2.gotdns.ch/21"; flow:to_server,established; http.header; content:"ad2.gotdns.ch"; fast_pattern; nocase; http.uri; content:"/21"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38086981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27796;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27796 [diamond-model:Infrastructure] Outgoing URL http|3a|//ad2.gotdns.ch/22"; flow:to_server,established; http.header; content:"ad2.gotdns.ch"; fast_pattern; nocase; http.uri; content:"/22"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38086991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27796;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27796 [diamond-model:Infrastructure] Outgoing URL http|3a|//ad2.gotdns.ch/251"; flow:to_server,established; http.header; content:"ad2.gotdns.ch"; fast_pattern; nocase; http.uri; content:"/251"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38087001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27796;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27796 [diamond-model:Infrastructure] Outgoing URL http|3a|//ad2.gotdns.ch/nv"; flow:to_server,established; http.header; content:"ad2.gotdns.ch"; fast_pattern; nocase; http.uri; content:"/nv"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38086961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27796;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27714 [dcrat] Outgoing URL http|3a|//737165cm.nyashsens.top/processorbase.php"; flow:to_server,established; http.header; content:"737165cm.nyashsens.top"; fast_pattern; nocase; http.uri; content:"/processorbase.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip 101.109.225.58 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.109.225.58"; classtype:trojan-activity; sid:38131381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 1.206.205.222 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.206.205.222"; classtype:trojan-activity; sid:38131391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 110.177.104.121 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.177.104.121"; classtype:trojan-activity; sid:38131401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 110.0.250.4 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.0.250.4"; classtype:trojan-activity; sid:38131411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 111.225.103.19 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.225.103.19"; classtype:trojan-activity; sid:38131421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 110.24.36.50 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.24.36.50"; classtype:trojan-activity; sid:38131431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 111.61.245.77 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.61.245.77"; classtype:trojan-activity; sid:38131441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 112.102.220.231 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.220.231"; classtype:trojan-activity; sid:38131451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 112.112.78.212 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.112.78.212"; classtype:trojan-activity; sid:38131461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 112.117.100.82 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.117.100.82"; classtype:trojan-activity; sid:38131471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 114.229.105.222 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.229.105.222"; classtype:trojan-activity; sid:38131481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 113.90.227.193 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.90.227.193"; classtype:trojan-activity; sid:38131491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 116.252.75.53 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.252.75.53"; classtype:trojan-activity; sid:38131501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 114.236.141.137 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.236.141.137"; classtype:trojan-activity; sid:38131511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 116.53.21.225 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.53.21.225"; classtype:trojan-activity; sid:38131521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 117.202.46.53 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.202.46.53"; classtype:trojan-activity; sid:38131531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 117.21.110.234 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.21.110.234"; classtype:trojan-activity; sid:38131541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 117.241.227.120 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.241.227.120"; classtype:trojan-activity; sid:38131551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 117.233.133.230 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.233.133.230"; classtype:trojan-activity; sid:38131561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 117.90.20.95 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.90.20.95"; classtype:trojan-activity; sid:38131571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 119.98.123.0 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.98.123.0"; classtype:trojan-activity; sid:38131581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 125.21.132.218 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.21.132.218"; classtype:trojan-activity; sid:38131591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 122.236.90.195 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.236.90.195"; classtype:trojan-activity; sid:38131601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 125.228.90.158 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.228.90.158"; classtype:trojan-activity; sid:38131611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 125.26.175.70 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.26.175.70"; classtype:trojan-activity; sid:38131621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 14.54.91.181 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.54.91.181"; classtype:trojan-activity; sid:38131631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 142.202.188.242 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.202.188.242"; classtype:trojan-activity; sid:38131641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 141.98.10.52 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.98.10.52"; classtype:trojan-activity; sid:38131651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 162.191.29.117 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.191.29.117"; classtype:trojan-activity; sid:38131661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 165.90.16.5 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.90.16.5"; classtype:trojan-activity; sid:38131671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 171.40.128.202 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.40.128.202"; classtype:trojan-activity; sid:38131681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 175.148.41.83 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.148.41.83"; classtype:trojan-activity; sid:38131691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 175.215.215.166 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.215.215.166"; classtype:trojan-activity; sid:38131701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 175.19.138.10 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.19.138.10"; classtype:trojan-activity; sid:38131711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 180.105.236.239 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.105.236.239"; classtype:trojan-activity; sid:38131721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 185.212.251.86 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.212.251.86"; classtype:trojan-activity; sid:38131731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 176.111.90.181 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.111.90.181"; classtype:trojan-activity; sid:38131741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 201.213.128.61 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.213.128.61"; classtype:trojan-activity; sid:38131751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 182.244.181.93 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.244.181.93"; classtype:trojan-activity; sid:38131761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 185.49.249.100 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.49.249.100"; classtype:trojan-activity; sid:38131771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 220.116.253.144 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.116.253.144"; classtype:trojan-activity; sid:38131781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip $HOME_NET any -> 43.248.129.152 8000 (msg: "MISP e27714 [Gh0stRAT] Outgoing To IP: 43.248.129.152|8000"; classtype:trojan-activity; sid:38019051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert ip 202.231.117.220 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.231.117.220"; classtype:trojan-activity; sid:38131791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 220.164.221.8 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.164.221.8"; classtype:trojan-activity; sid:38131801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert ip 222.104.28.85 any -> $HOME_NET any (msg: "MISP e27854 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.104.28.85"; classtype:trojan-activity; sid:38131811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27854;) alert dns any any -> any any (msg: "MISP e27853 [] Domain elalermennederim.online"; dns.query; content:"elalermennederim.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])elalermennederim\.online$/i"; classtype:trojan-activity; sid:38131281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27853;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27853 [] Outgoing HTTP Domain elalermennederim.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"elalermennederim.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])elalermennederim\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38131282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27853;) alert dns any any -> any any (msg: "MISP e27683 [] Domain liderbciserviciosfinancieros-cl.gulcecevre.com"; dns.query; content:"liderbciserviciosfinancieros-cl.gulcecevre.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])liderbciserviciosfinancieros\-cl\.gulcecevre\.com$/i"; classtype:trojan-activity; sid:38015441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27683;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27683 [] Outgoing HTTP Domain liderbciserviciosfinancieros-cl.gulcecevre.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liderbciserviciosfinancieros-cl.gulcecevre.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liderbciserviciosfinancieros\-cl\.gulcecevre\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38015442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27683;) alert dns any any -> any any (msg: "MISP e27684 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38015521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27684;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27684 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38015522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27684;) alert dns any any -> any any (msg: "MISP e27685 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38015601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27685;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27685 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38015602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27685;) alert dns any any -> any any (msg: "MISP e27686 [] Domain crecemujer-bestado.pages.dev"; dns.query; content:"crecemujer-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38015681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27686;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27686 [] Outgoing HTTP Domain crecemujer-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"crecemujer-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])crecemujer\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38015682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27686;) alert http $HOME_NET any -> 188.120.241.126 $HTTP_PORTS (msg: "MISP e27714 [dcrat] Outgoing URL http|3a|//188.120.241.126/69pipe4/2temp/betterpipetrackpipe/62test/geoprocessauth.php"; flow:to_server,established; http.header; content:"188.120.241.126"; fast_pattern; nocase; http.uri; content:"/69pipe4/2temp/betterpipetrackpipe/62test/geoprocessauth.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27687 [] Domain bepass-bestado.pages.dev"; dns.query; content:"bepass-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38015761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27687;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27687 [] Outgoing HTTP Domain bepass-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bepass-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38015762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27687;) alert dns any any -> any any (msg: "MISP e27688 [] Domain portal-estado.pages.dev"; dns.query; content:"portal-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:38015841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27688;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27688 [] Outgoing HTTP Domain portal-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38015842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27688;) alert dns any any -> any any (msg: "MISP e27689 [] Domain bepass-bestado.pages.dev"; dns.query; content:"bepass-bestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38015921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27689;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27689 [] Outgoing HTTP Domain bepass-bestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bepass-bestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bepass\-bestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38015922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27689;) alert dns any any -> any any (msg: "MISP e27690 [] Domain portal-banestado.pages.dev"; dns.query; content:"portal-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38016001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27690;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27690 [] Outgoing HTTP Domain portal-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"portal-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])portal\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27690;) alert dns any any -> any any (msg: "MISP e27691 [] Domain simula-banestado.pages.dev"; dns.query; content:"simula-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])simula\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38016081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27691;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27691 [] Outgoing HTTP Domain simula-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"simula-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])simula\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27691;) alert dns any any -> any any (msg: "MISP e27692 [] Domain micro-bancaestado.pages.dev"; dns.query; content:"micro-bancaestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38016161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27692;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27692 [] Outgoing HTTP Domain micro-bancaestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"micro-bancaestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])micro\-bancaestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27692;) alert dns any any -> any any (msg: "MISP e27693 [] Domain banestado-cuotas.pages.dev"; dns.query; content:"banestado-cuotas.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuotas\.pages\.dev$/i"; classtype:trojan-activity; sid:38016241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27693;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27693 [] Outgoing HTTP Domain banestado-cuotas.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-cuotas.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuotas\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27693;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27694 [] Outgoing URL http|3a|//banestado-cuotas.pages.dev"; flow:to_server,established; http.header; content:"banestado-cuotas.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38016311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27694;) alert dns any any -> any any (msg: "MISP e27694 [] Domain banestado-cuotas.pages.dev"; dns.query; content:"banestado-cuotas.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuotas\.pages\.dev$/i"; classtype:trojan-activity; sid:38016331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27694;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27694 [] Outgoing HTTP Domain banestado-cuotas.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-cuotas.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuotas\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27694;) alert dns any any -> any any (msg: "MISP e27695 [] Domain app-clientes-bannestado.pages.dev"; dns.query; content:"app-clientes-bannestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38016451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27695;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27695 [] Outgoing HTTP Domain app-clientes-bannestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-clientes-bannestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27695;) alert http $HOME_NET any -> 193.143.1.226 $HTTP_PORTS (msg: "MISP e27714 [Stealc] Outgoing URL http|3a|//193.143.1.226/129edec4272dc2c8.php"; flow:to_server,established; http.header; content:"193.143.1.226"; fast_pattern; nocase; http.uri; content:"/129edec4272dc2c8.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27714;) alert dns any any -> any any (msg: "MISP e27793 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Domain jango-pulse.com"; dns.query; content:"jango-pulse.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jango\-pulse\.com$/i"; classtype:trojan-activity; sid:38075111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27793 [CobaltStrike,Cobalt Strike,misp-galaxy:malpedia="Cobalt Strike"] Outgoing HTTP Domain jango-pulse.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jango-pulse.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jango\-pulse\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38075112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert dns any any -> any any (msg: "MISP e27696 [] Domain app-clientes-bannestado.pages.dev"; dns.query; content:"app-clientes-bannestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38016531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27696;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27696 [] Outgoing HTTP Domain app-clientes-bannestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-clientes-bannestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27696;) alert dns any any -> any any (msg: "MISP e27697 [] Domain estado.accesoclientes.info"; dns.query; content:"estado.accesoclientes.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info$/i"; classtype:trojan-activity; sid:38016611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27697;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27697 [] Outgoing HTTP Domain estado.accesoclientes.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado.accesoclientes.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27697;) alert dns any any -> any any (msg: "MISP e27698 [] Domain info-personas-banestado.pages.dev"; dns.query; content:"info-personas-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])info\-personas\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38016691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27698;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27698 [] Outgoing HTTP Domain info-personas-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"info-personas-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])info\-personas\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27698;) alert dns any any -> any any (msg: "MISP e27699 [] Domain bancoestado-cuentarut.pages.dev"; dns.query; content:"bancoestado-cuentarut.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-cuentarut\.pages\.dev$/i"; classtype:trojan-activity; sid:38016771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27699;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27699 [] Outgoing HTTP Domain bancoestado-cuentarut.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancoestado-cuentarut.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-cuentarut\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27699;) alert dns any any -> any any (msg: "MISP e27700 [] Domain liderbciserviciosfinancieros-cl.gulcecevre.com"; dns.query; content:"liderbciserviciosfinancieros-cl.gulcecevre.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])liderbciserviciosfinancieros\-cl\.gulcecevre\.com$/i"; classtype:trojan-activity; sid:38016861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27700;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27700 [] Outgoing HTTP Domain liderbciserviciosfinancieros-cl.gulcecevre.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"liderbciserviciosfinancieros-cl.gulcecevre.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])liderbciserviciosfinancieros\-cl\.gulcecevre\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27700;) alert dns any any -> any any (msg: "MISP e27701 [] Domain beneficio-banestado.pages.dev"; dns.query; content:"beneficio-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])beneficio\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38016941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27701;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27701 [] Outgoing HTTP Domain beneficio-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"beneficio-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])beneficio\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38016942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27701;) alert dns any any -> any any (msg: "MISP e27702 [] Domain banestado-beneficio.pages.dev"; dns.query; content:"banestado-beneficio.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-beneficio\.pages\.dev$/i"; classtype:trojan-activity; sid:38017021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27702;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27702 [] Outgoing HTTP Domain banestado-beneficio.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-beneficio.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-beneficio\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27702;) alert dns any any -> any any (msg: "MISP e27703 [] Domain banestado-cuentapro.pages.dev"; dns.query; content:"banestado-cuentapro.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuentapro\.pages\.dev$/i"; classtype:trojan-activity; sid:38017101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27703;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27703 [] Outgoing HTTP Domain banestado-cuentapro.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-cuentapro.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuentapro\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27703;) alert dns any any -> any any (msg: "MISP e27704 [] Domain bancoestado-cuentarut.pages.dev"; dns.query; content:"bancoestado-cuentarut.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-cuentarut\.pages\.dev$/i"; classtype:trojan-activity; sid:38017181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27704;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27704 [] Outgoing HTTP Domain bancoestado-cuentarut.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancoestado-cuentarut.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancoestado\-cuentarut\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27704;) alert dns any any -> any any (msg: "MISP e27705 [] Domain cuentapro-banestado.pages.dev"; dns.query; content:"cuentapro-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentapro\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38017261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27705;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27705 [] Outgoing HTTP Domain cuentapro-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cuentapro-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentapro\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27705;) alert dns any any -> any any (msg: "MISP e27706 [] Domain cuentarut-bancoestado.pages.dev"; dns.query; content:"cuentarut-bancoestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-bancoestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38017341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27706;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27706 [] Outgoing HTTP Domain cuentarut-bancoestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cuentarut-bancoestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cuentarut\-bancoestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27706;) alert dns any any -> any any (msg: "MISP e27707 [] Domain consumos-banestado.pages.dev"; dns.query; content:"consumos-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38017421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27707;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27707 [] Outgoing HTTP Domain consumos-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consumos-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27707;) alert dns any any -> any any (msg: "MISP e27708 [] Domain banestado-tarifas.pages.dev"; dns.query; content:"banestado-tarifas.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-tarifas\.pages\.dev$/i"; classtype:trojan-activity; sid:38017501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27708;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27708 [] Outgoing HTTP Domain banestado-tarifas.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-tarifas.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-tarifas\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27708;) alert dns any any -> any any (msg: "MISP e27709 [] Domain tarifas-banestado.pages.dev"; dns.query; content:"tarifas-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38017581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27709;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27709 [] Outgoing HTTP Domain tarifas-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tarifas-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tarifas\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27709;) alert dns any any -> any any (msg: "MISP e27710 [] Domain consumos-banestado.pages.dev"; dns.query; content:"consumos-banestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38017661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27710;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27710 [] Outgoing HTTP Domain consumos-banestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"consumos-banestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])consumos\-banestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27710;) alert dns any any -> any any (msg: "MISP e27711 [] Domain app-express-estado.pages.dev"; dns.query; content:"app-express-estado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-express\-estado\.pages\.dev$/i"; classtype:trojan-activity; sid:38017741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27711;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27711 [] Outgoing HTTP Domain app-express-estado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-express-estado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-express\-estado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27711;) alert dns any any -> any any (msg: "MISP e27712 [] Domain banestado-cuotas.pages.dev"; dns.query; content:"banestado-cuotas.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuotas\.pages\.dev$/i"; classtype:trojan-activity; sid:38017821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27712;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27712 [] Outgoing HTTP Domain banestado-cuotas.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"banestado-cuotas.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])banestado\-cuotas\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27712;) alert dns any any -> any any (msg: "MISP e27713 [] Domain tarjetacencosud-cl.slcomerciodevidros.com.br"; dns.query; content:"tarjetacencosud-cl.slcomerciodevidros.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-])tarjetacencosud\-cl\.slcomerciodevidros\.com\.br$/i"; classtype:trojan-activity; sid:38017911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27713;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27713 [] Outgoing HTTP Domain tarjetacencosud-cl.slcomerciodevidros.com.br"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tarjetacencosud-cl.slcomerciodevidros.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tarjetacencosud\-cl\.slcomerciodevidros\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38017912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27713;) alert dns any any -> any any (msg: "MISP e27784 [] Domain savme.xyz"; dns.query; content:"savme.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])savme\.xyz$/i"; classtype:trojan-activity; sid:38074901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27784;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27784 [] Outgoing HTTP Domain savme.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"savme.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])savme\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074902; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27784;) alert ip $HOME_NET any -> 139.84.137.24 7443 (msg: "MISP e27720 [AS-CHOOPA,Mythic] Outgoing To IP: 139.84.137.24|7443"; classtype:trojan-activity; sid:38019611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 87.122.8.35 443 (msg: "MISP e27720 [Deimos,VERSATEL] Outgoing To IP: 87.122.8.35|443"; classtype:trojan-activity; sid:38019621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 37.1.208.95 443 (msg: "MISP e27720 [Havoc,HVC-AS] Outgoing To IP: 37.1.208.95|443"; classtype:trojan-activity; sid:38019631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 23.227.193.87 443 (msg: "MISP e27720 [Havoc,HVC-AS] Outgoing To IP: 23.227.193.87|443"; classtype:trojan-activity; sid:38019641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 37.1.212.112 40056 (msg: "MISP e27720 [Havoc,HVC-AS] Outgoing To IP: 37.1.212.112|40056"; classtype:trojan-activity; sid:38019651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 45.137.10.34 80 (msg: "MISP e27720 [Havoc,XNNET] Outgoing To IP: 45.137.10.34|80"; classtype:trojan-activity; sid:38019661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 24.148.11.98 443 (msg: "MISP e27720 [QakBot,RCN-AS] Outgoing To IP: 24.148.11.98|443"; classtype:trojan-activity; sid:38019671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 39.40.175.239 995 (msg: "MISP e27720 [PKTELECOM-AS-PK Pakistan Telecommunication Company Limited,QakBot] Outgoing To IP: 39.40.175.239|995"; classtype:trojan-activity; sid:38019681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 2.50.45.215 22 (msg: "MISP e27720 [EMIRATES-INTERNET Emirates Internet,QakBot] Outgoing To IP: 2.50.45.215|22"; classtype:trojan-activity; sid:38019691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 72.27.137.129 443 (msg: "MISP e27720 [FLOW-NET,QakBot] Outgoing To IP: 72.27.137.129|443"; classtype:trojan-activity; sid:38019701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 58.84.90.93 443 (msg: "MISP e27720 [QakBot,TPG-INTERNET-AP TPG Telecom Limited] Outgoing To IP: 58.84.90.93|443"; classtype:trojan-activity; sid:38019711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 46.246.80.4 6000 (msg: "MISP e27720 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.80.4|6000"; classtype:trojan-activity; sid:38019721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 178.73.192.11 5000 (msg: "MISP e27720 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 178.73.192.11|5000"; classtype:trojan-activity; sid:38019731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 37.1.205.231 8888 (msg: "MISP e27720 [SCALAXY-AS,Supershell] Outgoing To IP: 37.1.205.231|8888"; classtype:trojan-activity; sid:38019741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 213.189.201.252 3333 (msg: "MISP e27720 [AS-REG,Evilginx EvilGoPhish] Outgoing To IP: 213.189.201.252|3333"; classtype:trojan-activity; sid:38019751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 83.220.169.98 80 (msg: "MISP e27720 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 83.220.169.98|80"; classtype:trojan-activity; sid:38019761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 83.220.169.98 80 (msg: "MISP e27793 [] Outgoing To IP: 83.220.169.98|80"; classtype:trojan-activity; sid:38075121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 213.189.201.252 3333 (msg: "MISP e27793 [] Outgoing To IP: 213.189.201.252|3333"; classtype:trojan-activity; sid:38075131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 37.1.205.231 8888 (msg: "MISP e27793 [] Outgoing To IP: 37.1.205.231|8888"; classtype:trojan-activity; sid:38075141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 178.73.192.11 5000 (msg: "MISP e27793 [] Outgoing To IP: 178.73.192.11|5000"; classtype:trojan-activity; sid:38075151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 46.246.80.4 6000 (msg: "MISP e27793 [] Outgoing To IP: 46.246.80.4|6000"; classtype:trojan-activity; sid:38075161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 58.84.90.93 443 (msg: "MISP e27793 [] Outgoing To IP: 58.84.90.93|443"; classtype:trojan-activity; sid:38075171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 72.27.137.129 443 (msg: "MISP e27793 [] Outgoing To IP: 72.27.137.129|443"; classtype:trojan-activity; sid:38075181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 2.50.45.215 22 (msg: "MISP e27793 [] Outgoing To IP: 2.50.45.215|22"; classtype:trojan-activity; sid:38075191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 39.40.175.239 995 (msg: "MISP e27793 [] Outgoing To IP: 39.40.175.239|995"; classtype:trojan-activity; sid:38075201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 24.148.11.98 443 (msg: "MISP e27793 [] Outgoing To IP: 24.148.11.98|443"; classtype:trojan-activity; sid:38075211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 45.137.10.34 80 (msg: "MISP e27793 [] Outgoing To IP: 45.137.10.34|80"; classtype:trojan-activity; sid:38075221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 37.1.212.112 40056 (msg: "MISP e27793 [] Outgoing To IP: 37.1.212.112|40056"; classtype:trojan-activity; sid:38075231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 23.227.193.87 443 (msg: "MISP e27793 [] Outgoing To IP: 23.227.193.87|443"; classtype:trojan-activity; sid:38075241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 37.1.208.95 443 (msg: "MISP e27793 [] Outgoing To IP: 37.1.208.95|443"; classtype:trojan-activity; sid:38075251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 87.122.8.35 443 (msg: "MISP e27793 [] Outgoing To IP: 87.122.8.35|443"; classtype:trojan-activity; sid:38075261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 139.84.137.24 7443 (msg: "MISP e27793 [] Outgoing To IP: 139.84.137.24|7443"; classtype:trojan-activity; sid:38075271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert dns any any -> any any (msg: "MISP e27792 [] Domain hier-im-netz.de"; dns.query; content:"hier-im-netz.de"; nocase; pcre: "/(^|[^A-Za-z0-9-])hier\-im\-netz\.de$/i"; classtype:trojan-activity; sid:38075081; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27792;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27792 [] Outgoing HTTP Domain hier-im-netz.de"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hier-im-netz.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hier\-im\-netz\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38075082; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27792;) alert dns any any -> any any (msg: "MISP e24600 [] Domain eboo-retablir-net.com"; dns.query; content:"eboo-retablir-net.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eboo\-retablir\-net\.com$/i"; classtype:trojan-activity; sid:38181151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain eboo-retablir-net.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eboo-retablir-net.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eboo\-retablir\-net\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38181152; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 66.63.162.155 1608 (msg: "MISP e27720 [remcos] Outgoing To IP: 66.63.162.155|1608"; classtype:trojan-activity; sid:38019771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 66.63.162.155 1608 (msg: "MISP e27793 [] Outgoing To IP: 66.63.162.155|1608"; classtype:trojan-activity; sid:38075281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 1.92.90.232 8080 (msg: "MISP e27844 [kill-chain:Command and Control,misp-galaxy:tool="Gh0st Rat"] Outgoing URL http|3a|//1.92.90.232|3a|8080/Jserver.exe"; flow:to_server,established; http.header; content:"1.92.90.232"; fast_pattern; nocase; http.uri; content:"/Jserver.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27844;) alert http $HOME_NET any -> 82.146.45.177 $HTTP_PORTS (msg: "MISP e27720 [recordbreaker] Outgoing URL http|3a|//82.146.45.177/"; flow:to_server,established; http.header; content:"82.146.45.177"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert dns any any -> any any (msg: "MISP e24600 [] Domain 9982663cnslux9928.is-a-financialadvisor.com"; dns.query; content:"9982663cnslux9928.is-a-financialadvisor.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])9982663cnslux9928\.is\-a\-financialadvisor\.com$/i"; classtype:trojan-activity; sid:38181211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain 9982663cnslux9928.is-a-financialadvisor.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"9982663cnslux9928.is-a-financialadvisor.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])9982663cnslux9928\.is\-a\-financialadvisor\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38181212; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 5.75.213.121 80 (msg: "MISP e27720 [Vidar] Outgoing To IP: 5.75.213.121|80"; classtype:trojan-activity; sid:38019791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 5.75.213.121 443 (msg: "MISP e27720 [Vidar] Outgoing To IP: 5.75.213.121|443"; classtype:trojan-activity; sid:38019801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 5.75.221.28 80 (msg: "MISP e27720 [Vidar] Outgoing To IP: 5.75.221.28|80"; classtype:trojan-activity; sid:38019811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 5.75.213.121 $HTTP_PORTS (msg: "MISP e27720 [Vidar] Outgoing URL http|3a|//5.75.213.121/"; flow:to_server,established; http.header; content:"5.75.213.121"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 5.75.221.28 $HTTP_PORTS (msg: "MISP e27720 [Vidar] Outgoing URL http|3a|//5.75.221.28/"; flow:to_server,established; http.header; content:"5.75.221.28"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 82.146.45.177 $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//82.146.45.177/"; flow:to_server,established; http.header; content:"82.146.45.177"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 5.75.221.28 $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//5.75.221.28/"; flow:to_server,established; http.header; content:"5.75.221.28"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 5.75.213.121 $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//5.75.213.121/"; flow:to_server,established; http.header; content:"5.75.213.121"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 5.75.213.121 443 (msg: "MISP e27793 [] Outgoing To IP: 5.75.213.121|443"; classtype:trojan-activity; sid:38075331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 5.75.221.28 80 (msg: "MISP e27793 [] Outgoing To IP: 5.75.221.28|80"; classtype:trojan-activity; sid:38075341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 5.75.213.121 80 (msg: "MISP e27793 [] Outgoing To IP: 5.75.213.121|80"; classtype:trojan-activity; sid:38075351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 1.92.240.113 any (msg: "MISP e27776 [] Outgoing To IP: 1.92.240.113"; classtype:trojan-activity; sid:38073051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert ip $HOME_NET any -> 45.9.149.215 any (msg: "MISP e27776 [] Outgoing To IP: 45.9.149.215"; classtype:trojan-activity; sid:38073061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert ip $HOME_NET any -> 94.156.71.115 any (msg: "MISP e27776 [] Outgoing To IP: 94.156.71.115"; classtype:trojan-activity; sid:38073071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 91.92.240.113 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//91.92.240.113/auth.js"; flow:to_server,established; http.header; content:"91.92.240.113"; fast_pattern; nocase; http.uri; content:"/auth.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 91.92.240.113 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//91.92.240.113/login.cgi"; flow:to_server,established; http.header; content:"91.92.240.113"; fast_pattern; nocase; http.uri; content:"/login.cgi"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 91.92.240.113 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//91.92.240.113/aparche2"; flow:to_server,established; http.header; content:"91.92.240.113"; fast_pattern; nocase; http.uri; content:"/aparche2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 91.92.240.113 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//91.92.240.113/agent"; flow:to_server,established; http.header; content:"91.92.240.113"; fast_pattern; nocase; http.uri; content:"/agent"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 45.9.149.215 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//45.9.149.215/aparche2"; flow:to_server,established; http.header; content:"45.9.149.215"; fast_pattern; nocase; http.uri; content:"/aparche2"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 45.9.149.215 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//45.9.149.215/agent"; flow:to_server,established; http.header; content:"45.9.149.215"; fast_pattern; nocase; http.uri; content:"/agent"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 94.156.71.115 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//94.156.71.115/lxrt"; flow:to_server,established; http.header; content:"94.156.71.115"; fast_pattern; nocase; http.uri; content:"/lxrt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 94.156.71.115 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//94.156.71.115/agent"; flow:to_server,established; http.header; content:"94.156.71.115"; fast_pattern; nocase; http.uri; content:"/agent"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 94.156.71.115 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//94.156.71.115/instali.ps1"; flow:to_server,established; http.header; content:"94.156.71.115"; fast_pattern; nocase; http.uri; content:"/instali.ps1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 94.156.71.115 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//94.156.71.115/ligocert.dat"; flow:to_server,established; http.header; content:"94.156.71.115"; fast_pattern; nocase; http.uri; content:"/ligocert.dat"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 94.156.71.115 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//94.156.71.115/angel.dat"; flow:to_server,established; http.header; content:"94.156.71.115"; fast_pattern; nocase; http.uri; content:"/angel.dat"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 94.156.71.115 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//94.156.71.115/windows.xml"; flow:to_server,established; http.header; content:"94.156.71.115"; fast_pattern; nocase; http.uri; content:"/windows.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 94.156.71.115 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//94.156.71.115/instal1.ps1"; flow:to_server,established; http.header; content:"94.156.71.115"; fast_pattern; nocase; http.uri; content:"/instal1.ps1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 94.156.71.115 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//94.156.71.115/Maintenance.ps1"; flow:to_server,established; http.header; content:"94.156.71.115"; fast_pattern; nocase; http.uri; content:"/Maintenance.ps1"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 94.156.71.115 $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//94.156.71.115/baba.dat"; flow:to_server,established; http.header; content:"94.156.71.115"; fast_pattern; nocase; http.uri; content:"/baba.dat"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//cloudflareaddons.com/assets/img/Image_Slider15.1.png"; flow:to_server,established; http.header; content:"cloudflareaddons.com"; fast_pattern; nocase; http.uri; content:"/assets/img/Image_Slider15.1.png"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27776 [] Outgoing URL http|3a|//oncloud-analytics.com/files/mg/elf/RT1.50.png"; flow:to_server,established; http.header; content:"oncloud-analytics.com"; fast_pattern; nocase; http.uri; content:"/files/mg/elf/RT1.50.png"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert dns any any -> any any (msg: "MISP e27776 [] Domain mailchimp-addons.com"; dns.query; content:"mailchimp-addons.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mailchimp\-addons\.com$/i"; classtype:trojan-activity; sid:38073251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27776 [] Outgoing HTTP Domain mailchimp-addons.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mailchimp-addons.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mailchimp\-addons\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073252; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert dns any any -> any any (msg: "MISP e27776 [] Domain allsecurehosting.com"; dns.query; content:"allsecurehosting.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])allsecurehosting\.com$/i"; classtype:trojan-activity; sid:38073261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27776 [] Outgoing HTTP Domain allsecurehosting.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"allsecurehosting.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])allsecurehosting\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert dns any any -> any any (msg: "MISP e27776 [] Domain dev-clientservice.com"; dns.query; content:"dev-clientservice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-clientservice\.com$/i"; classtype:trojan-activity; sid:38073271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27776 [] Outgoing HTTP Domain dev-clientservice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dev-clientservice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dev\-clientservice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert dns any any -> any any (msg: "MISP e27776 [] Domain oncloud-analytics.com"; dns.query; content:"oncloud-analytics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])oncloud\-analytics\.com$/i"; classtype:trojan-activity; sid:38073281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27776 [] Outgoing HTTP Domain oncloud-analytics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"oncloud-analytics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])oncloud\-analytics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert dns any any -> any any (msg: "MISP e27776 [] Domain cloudflareaddons.com"; dns.query; content:"cloudflareaddons.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])cloudflareaddons\.com$/i"; classtype:trojan-activity; sid:38073291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27776 [] Outgoing HTTP Domain cloudflareaddons.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cloudflareaddons.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cloudflareaddons\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert dns any any -> any any (msg: "MISP e27776 [] Domain textsmsonline.com"; dns.query; content:"textsmsonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])textsmsonline\.com$/i"; classtype:trojan-activity; sid:38073301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27776 [] Outgoing HTTP Domain textsmsonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"textsmsonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])textsmsonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert dns any any -> any any (msg: "MISP e27776 [] Domain proreceive.com"; dns.query; content:"proreceive.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])proreceive\.com$/i"; classtype:trojan-activity; sid:38073311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27776 [] Outgoing HTTP Domain proreceive.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"proreceive.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])proreceive\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert ip $HOME_NET any -> 172.86.66.165 any (msg: "MISP e27776 [] Outgoing To IP: 172.86.66.165"; classtype:trojan-activity; sid:38073321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert ip $HOME_NET any -> 45.153.240.73 any (msg: "MISP e27776 [] Outgoing To IP: 45.153.240.73"; classtype:trojan-activity; sid:38073331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27776;) alert http $HOME_NET any -> 147.45.47.71 $HTTP_PORTS (msg: "MISP e27720 [Stealc] Outgoing URL http|3a|//147.45.47.71/eb6f29c6a60b3865.php"; flow:to_server,established; http.header; content:"147.45.47.71"; fast_pattern; nocase; http.uri; content:"/eb6f29c6a60b3865.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 147.45.47.71 $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//147.45.47.71/eb6f29c6a60b3865.php"; flow:to_server,established; http.header; content:"147.45.47.71"; fast_pattern; nocase; http.uri; content:"/eb6f29c6a60b3865.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 81.19.138.57 $HTTP_PORTS (msg: "MISP e27720 [Alviva Holding Limited,CobaltStrike,cs-watermark-1580103824] Outgoing URL http|3a|//81.19.138.57/pixel.gif"; flow:to_server,established; http.header; content:"81.19.138.57"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert dns any any -> any any (msg: "MISP e27780 [] Hostname cecar.com.ar"; dns.query; content:"cecar.com.ar"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cecar\.com\.ar$/i"; classtype:trojan-activity; sid:38074581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Hostname cecar.com.ar"; flow:to_server,established; http.header; content: "Host|3a| cecar.com.ar"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cecar\.com\.ar[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert dns any any -> any any (msg: "MISP e27780 [] Hostname estiloplus.tur.ar"; dns.query; content:"estiloplus.tur.ar"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])estiloplus\.tur\.ar$/i"; classtype:trojan-activity; sid:38074591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Hostname estiloplus.tur.ar"; flow:to_server,established; http.header; content: "Host|3a| estiloplus.tur.ar"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])estiloplus\.tur\.ar[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET 8081 (msg: "MISP e27720 [CobaltStrike,cs-watermark-1234567890,Tencent Building Kejizhongyi Avenue] Outgoing URL http|3a|//qq.qqweixinzhuce.top|3a|8081/wp06/wp-includes/po.php"; flow:to_server,established; http.header; content:"qq.qqweixinzhuce.top"; fast_pattern; nocase; http.uri; content:"/wp06/wp-includes/po.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert dns any any -> any any (msg: "MISP e27780 [] Domain obs-software.cc"; dns.query; content:"obs-software.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])obs\-software\.cc$/i"; classtype:trojan-activity; sid:38074601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Domain obs-software.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"obs-software.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])obs\-software\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert dns any any -> any any (msg: "MISP e27780 [] Domain bandi-cam.cc"; dns.query; content:"bandi-cam.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])bandi\-cam\.cc$/i"; classtype:trojan-activity; sid:38074611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Domain bandi-cam.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bandi-cam.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bandi\-cam\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert dns any any -> any any (msg: "MISP e27780 [] Domain breavas.app"; dns.query; content:"breavas.app"; nocase; pcre: "/(^|[^A-Za-z0-9-])breavas\.app$/i"; classtype:trojan-activity; sid:38074621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Domain breavas.app"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"breavas.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])breavas\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert dns any any -> any any (msg: "MISP e27780 [] Domain open-project.org"; dns.query; content:"open-project.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])open\-project\.org$/i"; classtype:trojan-activity; sid:38074631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Domain open-project.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"open-project.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])open\-project\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert dns any any -> any any (msg: "MISP e27780 [] Domain onenote-download.com"; dns.query; content:"onenote-download.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])onenote\-download\.com$/i"; classtype:trojan-activity; sid:38074641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Domain onenote-download.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"onenote-download.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])onenote\-download\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert dns any any -> any any (msg: "MISP e27780 [] Domain epicgames-store.org"; dns.query; content:"epicgames-store.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])epicgames\-store\.org$/i"; classtype:trojan-activity; sid:38074651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Domain epicgames-store.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"epicgames-store.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])epicgames\-store\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert dns any any -> any any (msg: "MISP e27780 [] Domain blcnder.org"; dns.query; content:"blcnder.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])blcnder\.org$/i"; classtype:trojan-activity; sid:38074661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Domain blcnder.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"blcnder.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])blcnder\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing URL bezynet.com/OBS-Studio-30.0.2-Full-Installer-x64.msix"; flow:to_server,established; http.uri; content:"bezynet.com/OBS-Studio-30.0.2-Full-Installer-x64.msix"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing URL bezynet.com/Bandicam_7.21_win64.msix"; flow:to_server,established; http.uri; content:"bezynet.com/Bandicam_7.21_win64.msix"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing URL church-notes.com/Braavos-Wallet.msix"; flow:to_server,established; http.uri; content:"church-notes.com/Braavos-Wallet.msix"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing URL church-notes.com/Epic-Games_Setup.msix"; flow:to_server,established; http.uri; content:"church-notes.com/Epic-Games_Setup.msix"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing URL church-notes.com/Onenote_setup.msix"; flow:to_server,established; http.uri; content:"church-notes.com/Onenote_setup.msix"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert dns any any -> any any (msg: "MISP e27780 [] Domain ads-pill.xyz"; dns.query; content:"ads-pill.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-pill\.xyz$/i"; classtype:trojan-activity; sid:38074771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Domain ads-pill.xyz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ads-pill.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-pill\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert dns any any -> any any (msg: "MISP e27780 [] Domain ads-pill.top"; dns.query; content:"ads-pill.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-pill\.top$/i"; classtype:trojan-activity; sid:38074781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Domain ads-pill.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ads-pill.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-pill\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert dns any any -> any any (msg: "MISP e27780 [] Domain ads-tooth.top"; dns.query; content:"ads-tooth.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-tooth\.top$/i"; classtype:trojan-activity; sid:38074791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Domain ads-tooth.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ads-tooth.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-tooth\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert dns any any -> any any (msg: "MISP e27780 [] Domain ads-analyze.top"; dns.query; content:"ads-analyze.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-analyze\.top$/i"; classtype:trojan-activity; sid:38074801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27780 [] Outgoing HTTP Domain ads-analyze.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ads-analyze.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ads\-analyze\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27780;) alert http $HOME_NET any -> 120.48.5.80 7777 (msg: "MISP e27720 [Beijing Baidu Netcom Science and Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//120.48.5.80|3a|7777/g.pixel"; flow:to_server,established; http.header; content:"120.48.5.80"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 39.107.242.125 $HTTP_PORTS (msg: "MISP e27720 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-426352781] Outgoing URL http|3a|//39.107.242.125/push"; flow:to_server,established; http.header; content:"39.107.242.125"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 139.224.188.165 $HTTP_PORTS (msg: "MISP e27720 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938] Outgoing URL http|3a|//139.224.188.165/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"139.224.188.165"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 120.48.5.80 7777 (msg: "MISP e27793 [] Outgoing URL http|3a|//120.48.5.80|3a|7777/g.pixel"; flow:to_server,established; http.header; content:"120.48.5.80"; fast_pattern; nocase; http.uri; content:"/g.pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> $EXTERNAL_NET 8081 (msg: "MISP e27793 [] Outgoing URL http|3a|//qq.qqweixinzhuce.top|3a|8081/wp06/wp-includes/po.php"; flow:to_server,established; http.header; content:"qq.qqweixinzhuce.top"; fast_pattern; nocase; http.uri; content:"/wp06/wp-includes/po.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 81.19.138.57 $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//81.19.138.57/pixel.gif"; flow:to_server,established; http.header; content:"81.19.138.57"; fast_pattern; nocase; http.uri; content:"/pixel.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert dns any any -> any any (msg: "MISP e27720 [CobaltStrike,cs-watermark-987654321,LUCID-AS-AP LUCIDACLOUD LIMITED] Domain service-lhtzt3wh-1319979259.sh.tencentapigw.com"; dns.query; content:"service-lhtzt3wh-1319979259.sh.tencentapigw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-lhtzt3wh\-1319979259\.sh\.tencentapigw\.com$/i"; classtype:trojan-activity; sid:38019951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27720 [CobaltStrike,cs-watermark-987654321,LUCID-AS-AP LUCIDACLOUD LIMITED] Outgoing HTTP Domain service-lhtzt3wh-1319979259.sh.tencentapigw.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-lhtzt3wh-1319979259.sh.tencentapigw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-lhtzt3wh\-1319979259\.sh\.tencentapigw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38019952; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert dns any any -> any any (msg: "MISP e27793 [] Domain service-lhtzt3wh-1319979259.sh.tencentapigw.com"; dns.query; content:"service-lhtzt3wh-1319979259.sh.tencentapigw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-lhtzt3wh\-1319979259\.sh\.tencentapigw\.com$/i"; classtype:trojan-activity; sid:38075411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27793 [] Outgoing HTTP Domain service-lhtzt3wh-1319979259.sh.tencentapigw.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-lhtzt3wh-1319979259.sh.tencentapigw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-lhtzt3wh\-1319979259\.sh\.tencentapigw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38075412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 139.224.188.165 $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//139.224.188.165/IE9CompatViewList.xml"; flow:to_server,established; http.header; content:"139.224.188.165"; fast_pattern; nocase; http.uri; content:"/IE9CompatViewList.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 39.107.242.125 $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//39.107.242.125/push"; flow:to_server,established; http.header; content:"39.107.242.125"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 39.107.89.22 $HTTP_PORTS (msg: "MISP e27720 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//39.107.89.22/activity"; flow:to_server,established; http.header; content:"39.107.89.22"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 39.107.89.22 80 (msg: "MISP e27720 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 39.107.89.22|80"; classtype:trojan-activity; sid:38019971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 154.90.63.253 443 (msg: "MISP e27720 [CobaltStrike,cs-watermark-987654321,KAOPU-HK Kaopu Cloud HK Limited] Outgoing To IP: 154.90.63.253|443"; classtype:trojan-activity; sid:38019991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 192.210.201.57 52499 (msg: "MISP e27720 [RAT,RemcosRAT] Outgoing To IP: 192.210.201.57|52499"; classtype:trojan-activity; sid:38020001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 39.107.89.22 $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//39.107.89.22/activity"; flow:to_server,established; http.header; content:"39.107.89.22"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 154.90.63.253 443 (msg: "MISP e27793 [] Outgoing To IP: 154.90.63.253|443"; classtype:trojan-activity; sid:38075491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 39.107.89.22 80 (msg: "MISP e27793 [] Outgoing To IP: 39.107.89.22|80"; classtype:trojan-activity; sid:38075501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 192.210.201.57 52499 (msg: "MISP e27793 [] Outgoing To IP: 192.210.201.57|52499"; classtype:trojan-activity; sid:38075511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert dns any any -> any any (msg: "MISP e27774 [] Domain bancontact.auth-pay.com"; dns.query; content:"bancontact.auth-pay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bancontact\.auth\-pay\.com$/i"; classtype:trojan-activity; sid:38072951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27774;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27774 [] Outgoing HTTP Domain bancontact.auth-pay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bancontact.auth-pay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bancontact\.auth\-pay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38072952; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27774;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//avfa-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"avfa-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//factalia-ofh2cutija-uc.a.run.app"; flow:to_server,established; http.header; content:"factalia-ofh2cutija-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//gasgas-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"gasgas-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//haergsd-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"haergsd-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//jx-krrdbo6imq-uc.a.run.app"; flow:to_server,established; http.header; content:"jx-krrdbo6imq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//ptb-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"ptb-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//ptm-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"ptm-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38073991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//pto-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content:"pto-wd3463btrq-uc.a.run.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//w3iuwl.nextmax.my.id/?5/"; flow:to_server,established; http.header; content:"w3iuwl.nextmax.my.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?76849368130628733"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?39829895502632947"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?61694995802639066"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?41991463280678058"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?51999170290693658"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27778 [] Outgoing URL http|3a|//wae4w.mariomanagement.biz.id/?75129547751613994"; flow:to_server,established; http.header; content:"wae4w.mariomanagement.biz.id"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38074071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert ip $HOME_NET any -> 34.135.1.100 any (msg: "MISP e27778 [] Outgoing To IP: 34.135.1.100"; classtype:trojan-activity; sid:38074081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname arr-wd3463btrq-uc.a.run.app"; dns.query; content:"arr-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arr\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:38074091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname arr-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a| arr-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arr\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname portu-wd3463btrq-uc.a.run.app"; dns.query; content:"portu-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portu\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:38074101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname portu-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a| portu-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portu\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname xwago.creativeplus.my.id"; dns.query; content:"xwago.creativeplus.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xwago\.creativeplus\.my\.id$/i"; classtype:trojan-activity; sid:38074111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname xwago.creativeplus.my.id"; flow:to_server,established; http.header; content: "Host|3a| xwago.creativeplus.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xwago\.creativeplus\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname wae4w.mariomanagement.biz.id"; dns.query; content:"wae4w.mariomanagement.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wae4w\.mariomanagement\.biz\.id$/i"; classtype:trojan-activity; sid:38074121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname wae4w.mariomanagement.biz.id"; flow:to_server,established; http.header; content: "Host|3a| wae4w.mariomanagement.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wae4w\.mariomanagement\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname h4aowa.mariostrategy.my.id"; dns.query; content:"h4aowa.mariostrategy.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h4aowa\.mariostrategy\.my\.id$/i"; classtype:trojan-activity; sid:38074131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname h4aowa.mariostrategy.my.id"; flow:to_server,established; http.header; content: "Host|3a| h4aowa.mariostrategy.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])h4aowa\.mariostrategy\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname yaiinr.actiongroup.my.id"; dns.query; content:"yaiinr.actiongroup.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yaiinr\.actiongroup\.my\.id$/i"; classtype:trojan-activity; sid:38074141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname yaiinr.actiongroup.my.id"; flow:to_server,established; http.header; content: "Host|3a| yaiinr.actiongroup.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yaiinr\.actiongroup\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname e0aonr.creativeplus.my.id"; dns.query; content:"e0aonr.creativeplus.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e0aonr\.creativeplus\.my\.id$/i"; classtype:trojan-activity; sid:38074151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname e0aonr.creativeplus.my.id"; flow:to_server,established; http.header; content: "Host|3a| e0aonr.creativeplus.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])e0aonr\.creativeplus\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname wiae5.marioadvisory.my.id"; dns.query; content:"wiae5.marioadvisory.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wiae5\.marioadvisory\.my\.id$/i"; classtype:trojan-activity; sid:38074161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname wiae5.marioadvisory.my.id"; flow:to_server,established; http.header; content: "Host|3a| wiae5.marioadvisory.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wiae5\.marioadvisory\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname caiiaf.businesswise.biz.id"; dns.query; content:"caiiaf.businesswise.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])caiiaf\.businesswise\.biz\.id$/i"; classtype:trojan-activity; sid:38074171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname caiiaf.businesswise.biz.id"; flow:to_server,established; http.header; content: "Host|3a| caiiaf.businesswise.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])caiiaf\.businesswise\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname 2joafm.marioanalytics.my.id"; dns.query; content:"2joafm.marioanalytics.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2joafm\.marioanalytics\.my\.id$/i"; classtype:trojan-activity; sid:38074181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname 2joafm.marioanalytics.my.id"; flow:to_server,established; http.header; content: "Host|3a| 2joafm.marioanalytics.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2joafm\.marioanalytics\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname nqaa8e.businesswise.biz.id"; dns.query; content:"nqaa8e.businesswise.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nqaa8e\.businesswise\.biz\.id$/i"; classtype:trojan-activity; sid:38074191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname nqaa8e.businesswise.biz.id"; flow:to_server,established; http.header; content: "Host|3a| nqaa8e.businesswise.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nqaa8e\.businesswise\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname nweow8.mariostrategy.my.id"; dns.query; content:"nweow8.mariostrategy.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nweow8\.mariostrategy\.my\.id$/i"; classtype:trojan-activity; sid:38074201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname nweow8.mariostrategy.my.id"; flow:to_server,established; http.header; content: "Host|3a| nweow8.mariostrategy.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nweow8\.mariostrategy\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname wba0s.produtoeletro.my.id"; dns.query; content:"wba0s.produtoeletro.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wba0s\.produtoeletro\.my\.id$/i"; classtype:trojan-activity; sid:38074211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname wba0s.produtoeletro.my.id"; flow:to_server,established; http.header; content: "Host|3a| wba0s.produtoeletro.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wba0s\.produtoeletro\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname 4hawb.produtoeletro.my.id"; dns.query; content:"4hawb.produtoeletro.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])4hawb\.produtoeletro\.my\.id$/i"; classtype:trojan-activity; sid:38074221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname 4hawb.produtoeletro.my.id"; flow:to_server,established; http.header; content: "Host|3a| 4hawb.produtoeletro.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])4hawb\.produtoeletro\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname cua3e.mariosolutions.biz.id"; dns.query; content:"cua3e.mariosolutions.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cua3e\.mariosolutions\.biz\.id$/i"; classtype:trojan-activity; sid:38074231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname cua3e.mariosolutions.biz.id"; flow:to_server,established; http.header; content: "Host|3a| cua3e.mariosolutions.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cua3e\.mariosolutions\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname eeiul.marioadvisory.my.id"; dns.query; content:"eeiul.marioadvisory.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eeiul\.marioadvisory\.my\.id$/i"; classtype:trojan-activity; sid:38074241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname eeiul.marioadvisory.my.id"; flow:to_server,established; http.header; content: "Host|3a| eeiul.marioadvisory.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])eeiul\.marioadvisory\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname kka5c.marioanalytics.my.id"; dns.query; content:"kka5c.marioanalytics.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kka5c\.marioanalytics\.my\.id$/i"; classtype:trojan-activity; sid:38074251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname kka5c.marioanalytics.my.id"; flow:to_server,established; http.header; content: "Host|3a| kka5c.marioanalytics.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kka5c\.marioanalytics\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname w8oaa0.mariosolutions.biz.id"; dns.query; content:"w8oaa0.mariosolutions.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])w8oaa0\.mariosolutions\.biz\.id$/i"; classtype:trojan-activity; sid:38074261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname w8oaa0.mariosolutions.biz.id"; flow:to_server,established; http.header; content: "Host|3a| w8oaa0.mariosolutions.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])w8oaa0\.mariosolutions\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname 0tuiwp.mariomanagement.biz.id"; dns.query; content:"0tuiwp.mariomanagement.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0tuiwp\.mariomanagement\.biz\.id$/i"; classtype:trojan-activity; sid:38074271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname 0tuiwp.mariomanagement.biz.id"; flow:to_server,established; http.header; content: "Host|3a| 0tuiwp.mariomanagement.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0tuiwp\.mariomanagement\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname lwafa.actiongroup.my.id"; dns.query; content:"lwafa.actiongroup.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lwafa\.actiongroup\.my\.id$/i"; classtype:trojan-activity; sid:38074281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname lwafa.actiongroup.my.id"; flow:to_server,established; http.header; content: "Host|3a| lwafa.actiongroup.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lwafa\.actiongroup\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname avfa-wd3463btrq-uc.a.run.app"; dns.query; content:"avfa-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])avfa\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:38074291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname avfa-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a| avfa-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])avfa\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname factalia-ofh2cutija-uc.a.run.app"; dns.query; content:"factalia-ofh2cutija-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])factalia\-ofh2cutija\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:38074301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname factalia-ofh2cutija-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a| factalia-ofh2cutija-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])factalia\-ofh2cutija\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname gasgas-wd3463btrq-uc.a.run.app"; dns.query; content:"gasgas-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gasgas\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:38074311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname gasgas-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a| gasgas-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gasgas\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname haergsd-wd3463btrq-uc.a.run.app"; dns.query; content:"haergsd-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])haergsd\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:38074321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname haergsd-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a| haergsd-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])haergsd\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname jx-krrdbo6imq-uc.a.run.app"; dns.query; content:"jx-krrdbo6imq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jx\-krrdbo6imq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:38074331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname jx-krrdbo6imq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a| jx-krrdbo6imq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jx\-krrdbo6imq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname ptb-wd3463btrq-uc.a.run.app"; dns.query; content:"ptb-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ptb\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:38074341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname ptb-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a| ptb-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ptb\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname ptm-wd3463btrq-uc.a.run.app"; dns.query; content:"ptm-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ptm\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:38074351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname ptm-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a| ptm-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ptm\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname pto-wd3463btrq-uc.a.run.app"; dns.query; content:"pto-wd3463btrq-uc.a.run.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pto\-wd3463btrq\-uc\.a\.run\.app$/i"; classtype:trojan-activity; sid:38074361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname pto-wd3463btrq-uc.a.run.app"; flow:to_server,established; http.header; content: "Host|3a| pto-wd3463btrq-uc.a.run.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pto\-wd3463btrq\-uc\.a\.run\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert dns any any -> any any (msg: "MISP e27778 [] Hostname 1.tcp.sa.ngrok.io"; dns.query; content:"1.tcp.sa.ngrok.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1\.tcp\.sa\.ngrok\.io$/i"; classtype:trojan-activity; sid:38074371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27778 [] Outgoing HTTP Hostname 1.tcp.sa.ngrok.io"; flow:to_server,established; http.header; content: "Host|3a| 1.tcp.sa.ngrok.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1\.tcp\.sa\.ngrok\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38074372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27778;) alert http $HOME_NET any -> 185.172.128.146 443 (msg: "MISP e27720 [Tsunami] Outgoing URL http|3a|//185.172.128.146|3a|443/sys/index.php"; flow:to_server,established; http.header; content:"185.172.128.146"; fast_pattern; nocase; http.uri; content:"/sys/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38020011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 185.172.128.146 443 (msg: "MISP e27720 [Tsunami] Outgoing To IP: 185.172.128.146|443"; classtype:trojan-activity; sid:38020021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert dns any any -> any any (msg: "MISP e27720 [moobot] Domain bachlong-sro.com"; dns.query; content:"bachlong-sro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bachlong\-sro\.com$/i"; classtype:trojan-activity; sid:38020031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27720 [moobot] Outgoing HTTP Domain bachlong-sro.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bachlong-sro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bachlong\-sro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38020032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert dns any any -> any any (msg: "MISP e27715 [] Domain estado.accesoclientes.info"; dns.query; content:"estado.accesoclientes.info"; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info$/i"; classtype:trojan-activity; sid:38019101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27715;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27715 [] Outgoing HTTP Domain estado.accesoclientes.info"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"estado.accesoclientes.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])estado\.accesoclientes\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38019102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27715;) alert dns any any -> any any (msg: "MISP e27793 [] Domain bachlong-sro.com"; dns.query; content:"bachlong-sro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])bachlong\-sro\.com$/i"; classtype:trojan-activity; sid:38075521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27793 [] Outgoing HTTP Domain bachlong-sro.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bachlong-sro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bachlong\-sro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38075522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 185.172.128.146 443 (msg: "MISP e27793 [] Outgoing URL http|3a|//185.172.128.146|3a|443/sys/index.php"; flow:to_server,established; http.header; content:"185.172.128.146"; fast_pattern; nocase; http.uri; content:"/sys/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 185.172.128.146 443 (msg: "MISP e27793 [] Outgoing To IP: 185.172.128.146|443"; classtype:trojan-activity; sid:38075541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 192.3.109.132 4445 (msg: "MISP e27720 [remcos] Outgoing To IP: 192.3.109.132|4445"; classtype:trojan-activity; sid:38020041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 192.3.109.132 4445 (msg: "MISP e27793 [] Outgoing To IP: 192.3.109.132|4445"; classtype:trojan-activity; sid:38075551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27722 [] Source Email Address: grosales@seltek.net"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"grosales@seltek.net"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38020921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27722;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27722 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"Orden de compra (OC)008979 (1).xla|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38020941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27722;) alert ip 187.217.245.25 any -> $HOME_NET any (msg: "MISP e27722 [] Incoming From IP: 187.217.245.25"; classtype:trojan-activity; sid:38020951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27722;) alert dns any any -> any any (msg: "MISP e27722 [] Domain expertics.com.mx"; dns.query; content:"expertics.com.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-])expertics\.com\.mx$/i"; classtype:trojan-activity; sid:38020961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27722;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27722 [] Outgoing HTTP Domain expertics.com.mx"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"expertics.com.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])expertics\.com\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38020962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27722;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27787 [] Source Email Address: ab9518908@gmail.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"ab9518908@gmail.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38074951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27787;) alert dns any any -> any any (msg: "MISP e27716 [] Domain app-clientes-bannestado.pages.dev"; dns.query; content:"app-clientes-bannestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38019231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27716;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27716 [] Outgoing HTTP Domain app-clientes-bannestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-clientes-bannestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38019232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27716;) alert dns any any -> any any (msg: "MISP e27717 [] Domain app-clientes-bannestado.pages.dev"; dns.query; content:"app-clientes-bannestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38019361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27717;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27717 [] Outgoing HTTP Domain app-clientes-bannestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-clientes-bannestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38019362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27717;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27718 [] Outgoing URL http|3a|//cancelar1-aqui.hstn.me"; flow:to_server,established; http.header; content:"cancelar1-aqui.hstn.me"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27718;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27718 [] Outgoing URL http|3a|//cancelar1-aqui.hstn.me/?i=1"; flow:to_server,established; http.header; content:"cancelar1-aqui.hstn.me"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38019441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27718;) alert dns any any -> any any (msg: "MISP e27718 [] Domain cancelar1-aqui.hstn.me"; dns.query; content:"cancelar1-aqui.hstn.me"; nocase; pcre: "/(^|[^A-Za-z0-9-])cancelar1\-aqui\.hstn\.me$/i"; classtype:trojan-activity; sid:38019451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27718;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27718 [] Outgoing HTTP Domain cancelar1-aqui.hstn.me"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cancelar1-aqui.hstn.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cancelar1\-aqui\.hstn\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38019452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27718;) alert http $HOME_NET any -> 175.27.162.205 $HTTP_PORTS (msg: "MISP e27720 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//175.27.162.205/en_us/all.js"; flow:to_server,established; http.header; content:"175.27.162.205"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38020051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 175.27.162.205 80 (msg: "MISP e27720 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 175.27.162.205|80"; classtype:trojan-activity; sid:38020061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 39.105.4.90 443 (msg: "MISP e27720 [CobaltStrike,cs-watermark-666666,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing To IP: 39.105.4.90|443"; classtype:trojan-activity; sid:38020091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 205.189.160.217 80 (msg: "MISP e27720 [CobaltStrike,cs-watermark-987654321,Leaseweb Asia Pacific pte. ltd.] Outgoing To IP: 205.189.160.217|80"; classtype:trojan-activity; sid:38020101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 47.236.111.110 8899 (msg: "MISP e27720 [Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//47.236.111.110|3a|8899/__utm.gif"; flow:to_server,established; http.header; content:"47.236.111.110"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38020111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 175.178.47.86 6666 (msg: "MISP e27720 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//175.178.47.86|3a|6666/dot.gif"; flow:to_server,established; http.header; content:"175.178.47.86"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38020121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 198.12.81.158 $HTTP_PORTS (msg: "MISP e27841 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//198.12.81.158/jjh/jj/weconnectedlovereachotherformakethemhappyandsmilethemwithallheartstilltheyarereallyhappy____withourloverstogetbackintheworldoflove.doc"; flow:to_server,established; http.header; content:"198.12.81.158"; fast_pattern; nocase; http.uri; content:"/jjh/jj/weconnectedlovereachotherformakethemhappyandsmilethemwithallheartstilltheyarereallyhappy____withourloverstogetbackintheworldoflove.doc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27841;) alert http $HOME_NET any -> 47.236.111.110 8899 (msg: "MISP e27793 [] Outgoing URL http|3a|//47.236.111.110|3a|8899/__utm.gif"; flow:to_server,established; http.header; content:"47.236.111.110"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 175.27.162.205 $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//175.27.162.205/en_US/all.js"; flow:to_server,established; http.header; content:"175.27.162.205"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 205.189.160.217 80 (msg: "MISP e27793 [] Outgoing To IP: 205.189.160.217|80"; classtype:trojan-activity; sid:38075601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 39.105.4.90 443 (msg: "MISP e27793 [] Outgoing To IP: 39.105.4.90|443"; classtype:trojan-activity; sid:38075611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 175.27.162.205 80 (msg: "MISP e27793 [] Outgoing To IP: 175.27.162.205|80"; classtype:trojan-activity; sid:38075621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 175.178.47.86 6666 (msg: "MISP e27793 [] Outgoing URL http|3a|//175.178.47.86|3a|6666/dot.gif"; flow:to_server,established; http.header; content:"175.178.47.86"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert dns any any -> any any (msg: "MISP e27007 [] Domain aiglecanadashop.com"; dns.query; content:"aiglecanadashop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])aiglecanadashop\.com$/i"; classtype:trojan-activity; sid:38173711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain aiglecanadashop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"aiglecanadashop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])aiglecanadashop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymshark-panama.com"; dns.query; content:"gymshark-panama.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-panama\.com$/i"; classtype:trojan-activity; sid:38173721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymshark-panama.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymshark-panama.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymshark\-panama\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173722; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ipanema-nl.com"; dns.query; content:"ipanema-nl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanema\-nl\.com$/i"; classtype:trojan-activity; sid:38173731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ipanema-nl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ipanema-nl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ipanema\-nl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173732; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturecz.com"; dns.query; content:"juicycouturecz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturecz\.com$/i"; classtype:trojan-activity; sid:38173741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturecz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturecz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturecz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173742; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifczeshop.com"; dns.query; content:"lecoqsportifczeshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifczeshop\.com$/i"; classtype:trojan-activity; sid:38173751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifczeshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifczeshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifczeshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173752; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-deutschland.com"; dns.query; content:"lecoqsportif-deutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-deutschland\.com$/i"; classtype:trojan-activity; sid:38173761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-deutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-deutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-deutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173762; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-italia.com"; dns.query; content:"lecoqsportif-italia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-italia\.com$/i"; classtype:trojan-activity; sid:38173771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-italia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-italia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-italia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173772; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-suomi.com"; dns.query; content:"lecoqsportif-suomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-suomi\.com$/i"; classtype:trojan-activity; sid:38173781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-suomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-suomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-suomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173782; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-sverige.com"; dns.query; content:"lecoqsportif-sverige.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-sverige\.com$/i"; classtype:trojan-activity; sid:38173791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-sverige.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-sverige.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-sverige\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173792; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunonzstore.com"; dns.query; content:"mizunonzstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunonzstore\.com$/i"; classtype:trojan-activity; sid:38173801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunonzstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunonzstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunonzstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173802; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunophilippinestore.com"; dns.query; content:"mizunophilippinestore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunophilippinestore\.com$/i"; classtype:trojan-activity; sid:38173811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunophilippinestore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunophilippinestore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunophilippinestore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173812; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain speedo-brasil.com"; dns.query; content:"speedo-brasil.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])speedo\-brasil\.com$/i"; classtype:trojan-activity; sid:38173821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain speedo-brasil.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"speedo-brasil.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])speedo\-brasil\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain speedogreece.com"; dns.query; content:"speedogreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])speedogreece\.com$/i"; classtype:trojan-activity; sid:38173831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain speedogreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"speedogreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])speedogreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173832; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain speedohungary.com"; dns.query; content:"speedohungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])speedohungary\.com$/i"; classtype:trojan-activity; sid:38173841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain speedohungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"speedohungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])speedohungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173842; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakeraustralia.com"; dns.query; content:"ted-bakeraustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakeraustralia\.com$/i"; classtype:trojan-activity; sid:38173851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakeraustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakeraustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakeraustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173852; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeraustraliaoutlets.com"; dns.query; content:"tedbakeraustraliaoutlets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeraustraliaoutlets\.com$/i"; classtype:trojan-activity; sid:38173861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeraustraliaoutlets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeraustraliaoutlets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeraustraliaoutlets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173862; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerindonesia.com"; dns.query; content:"tedbakerindonesia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerindonesia\.com$/i"; classtype:trojan-activity; sid:38173871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerindonesia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerindonesia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerindonesia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173872; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerirelandoutlets.com"; dns.query; content:"tedbakerirelandoutlets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerirelandoutlets\.com$/i"; classtype:trojan-activity; sid:38173881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerirelandoutlets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerirelandoutlets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerirelandoutlets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173882; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakermalaysia.com"; dns.query; content:"ted-bakermalaysia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakermalaysia\.com$/i"; classtype:trojan-activity; sid:38173891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakermalaysia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakermalaysia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakermalaysia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173892; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tous-singapore.com"; dns.query; content:"tous-singapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tous\-singapore\.com$/i"; classtype:trojan-activity; sid:38173901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tous-singapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tous-singapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tous\-singapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173902; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27720 [smokeloader] Outgoing URL http|3a|//nidoe.org/tmp/index.php"; flow:to_server,established; http.header; content:"nidoe.org"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38020131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27720 [smokeloader] Outgoing URL http|3a|//sodez.ru/tmp/index.php"; flow:to_server,established; http.header; content:"sodez.ru"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38020141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27720 [smokeloader] Outgoing URL http|3a|//talesofpirates.net/tmp/index.php"; flow:to_server,established; http.header; content:"talesofpirates.net"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38020151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27720 [smokeloader] Outgoing URL http|3a|//uama.com.ua/tmp/index.php"; flow:to_server,established; http.header; content:"uama.com.ua"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38020161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//uama.com.ua/tmp/index.php"; flow:to_server,established; http.header; content:"uama.com.ua"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//talesofpirates.net/tmp/index.php"; flow:to_server,established; http.header; content:"talesofpirates.net"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//sodez.ru/tmp/index.php"; flow:to_server,established; http.header; content:"sodez.ru"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//nidoe.org/tmp/index.php"; flow:to_server,established; http.header; content:"nidoe.org"; fast_pattern; nocase; http.uri; content:"/tmp/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert dns any any -> any any (msg: "MISP e27777 [] Domain atendesolucao.com"; dns.query; content:"atendesolucao.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])atendesolucao\.com$/i"; classtype:trojan-activity; sid:38073601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27777 [] Outgoing HTTP Domain atendesolucao.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"atendesolucao.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])atendesolucao\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert dns any any -> any any (msg: "MISP e27777 [] Domain servicoasso.com"; dns.query; content:"servicoasso.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])servicoasso\.com$/i"; classtype:trojan-activity; sid:38073611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27777 [] Outgoing HTTP Domain servicoasso.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"servicoasso.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])servicoasso\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert dns any any -> any any (msg: "MISP e27777 [] Domain dowfinanceiro.com"; dns.query; content:"dowfinanceiro.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dowfinanceiro\.com$/i"; classtype:trojan-activity; sid:38073621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27777 [] Outgoing HTTP Domain dowfinanceiro.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dowfinanceiro.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dowfinanceiro\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert dns any any -> any any (msg: "MISP e27777 [] Domain centralsolucao.com"; dns.query; content:"centralsolucao.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])centralsolucao\.com$/i"; classtype:trojan-activity; sid:38073631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27777 [] Outgoing HTTP Domain centralsolucao.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"centralsolucao.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])centralsolucao\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert dns any any -> any any (msg: "MISP e27777 [] Domain traktinves.com"; dns.query; content:"traktinves.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])traktinves\.com$/i"; classtype:trojan-activity; sid:38073641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27777 [] Outgoing HTTP Domain traktinves.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"traktinves.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])traktinves\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert dns any any -> any any (msg: "MISP e27777 [] Domain diadaacaodegraca.com"; dns.query; content:"diadaacaodegraca.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])diadaacaodegraca\.com$/i"; classtype:trojan-activity; sid:38073651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27777 [] Outgoing HTTP Domain diadaacaodegraca.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"diadaacaodegraca.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])diadaacaodegraca\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert dns any any -> any any (msg: "MISP e27777 [] Domain segurancasys.com"; dns.query; content:"segurancasys.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])segurancasys\.com$/i"; classtype:trojan-activity; sid:38073661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27777 [] Outgoing HTTP Domain segurancasys.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"segurancasys.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])segurancasys\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27777;) alert ip $HOME_NET any -> 185.106.96.225 53 (msg: "MISP e27720 [CobaltStrike,cs-watermark-100000000,DESIVPS] Outgoing To IP: 185.106.96.225|53"; classtype:trojan-activity; sid:38020171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 121.43.55.149 53 (msg: "MISP e27720 [CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.] Outgoing To IP: 121.43.55.149|53"; classtype:trojan-activity; sid:38020181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 121.43.55.149 53 (msg: "MISP e27793 [] Outgoing To IP: 121.43.55.149|53"; classtype:trojan-activity; sid:38075681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 185.106.96.225 53 (msg: "MISP e27793 [] Outgoing To IP: 185.106.96.225|53"; classtype:trojan-activity; sid:38075691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 193.233.132.57 50500 (msg: "MISP e27720 [RiseProStealer] Outgoing To IP: 193.233.132.57|50500"; classtype:trojan-activity; sid:38020191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 193.233.132.57 50500 (msg: "MISP e27793 [] Outgoing To IP: 193.233.132.57|50500"; classtype:trojan-activity; sid:38075701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert dns any any -> any any (msg: "MISP e27775 [] Domain be-spfjustice.com"; dns.query; content:"be-spfjustice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])be\-spfjustice\.com$/i"; classtype:trojan-activity; sid:38072981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27775;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27775 [] Outgoing HTTP Domain be-spfjustice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"be-spfjustice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])be\-spfjustice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38072982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27775;) alert dns any any -> any any (msg: "MISP e27775 [] Domain fod.be16219.com"; dns.query; content:"fod.be16219.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])fod\.be16219\.com$/i"; classtype:trojan-activity; sid:38072991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27775;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27775 [] Outgoing HTTP Domain fod.be16219.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fod.be16219.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fod\.be16219\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38072992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27775;) alert dns any any -> any any (msg: "MISP e27775 [] Domain fod.taxonweb.live"; dns.query; content:"fod.taxonweb.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])fod\.taxonweb\.live$/i"; classtype:trojan-activity; sid:38073001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27775;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27775 [] Outgoing HTTP Domain fod.taxonweb.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"fod.taxonweb.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])fod\.taxonweb\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27775;) alert dns any any -> any any (msg: "MISP e27775 [] Domain inposdomw.cc"; dns.query; content:"inposdomw.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])inposdomw\.cc$/i"; classtype:trojan-activity; sid:38073011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27775;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27775 [] Outgoing HTTP Domain inposdomw.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"inposdomw.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])inposdomw\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27775;) alert dns any any -> any any (msg: "MISP e27775 [] Domain spfinfo-justice.com"; dns.query; content:"spfinfo-justice.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])spfinfo\-justice\.com$/i"; classtype:trojan-activity; sid:38073021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27775;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27775 [] Outgoing HTTP Domain spfinfo-justice.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"spfinfo-justice.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])spfinfo\-justice\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38073022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27775;) alert http $HOME_NET any -> 94.156.66.115 4012 (msg: "MISP e27720 [LokiBot] Outgoing URL http|3a|//94.156.66.115|3a|4012/dolul/five/fre.php"; flow:to_server,established; http.header; content:"94.156.66.115"; fast_pattern; nocase; http.uri; content:"/dolul/five/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38020201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 23.95.60.74 $HTTP_PORTS (msg: "MISP e27841 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//23.95.60.74/ilovrormmrmrmrmrmaccccc.txt"; flow:to_server,established; http.header; content:"23.95.60.74"; fast_pattern; nocase; http.uri; content:"/ilovrormmrmrmrmrmaccccc.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27841;) alert http $HOME_NET any -> 94.156.66.115 4012 (msg: "MISP e27793 [] Outgoing URL http|3a|//94.156.66.115|3a|4012/dolul/five/fre.php"; flow:to_server,established; http.header; content:"94.156.66.115"; fast_pattern; nocase; http.uri; content:"/dolul/five/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38075711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 77.105.162.176 995 (msg: "MISP e27720 [c2,QakBot] Outgoing To IP: 77.105.162.176|995"; classtype:trojan-activity; sid:38020211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 116.202.4.240 80 (msg: "MISP e27720 [c2,Vidar] Outgoing To IP: 116.202.4.240|80"; classtype:trojan-activity; sid:38020221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 88.198.107.0 80 (msg: "MISP e27720 [c2,Vidar] Outgoing To IP: 88.198.107.0|80"; classtype:trojan-activity; sid:38020231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 193.233.132.180 8081 (msg: "MISP e27720 [c2,Risepro] Outgoing To IP: 193.233.132.180|8081"; classtype:trojan-activity; sid:38020241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 193.233.132.147 8081 (msg: "MISP e27720 [c2,Risepro] Outgoing To IP: 193.233.132.147|8081"; classtype:trojan-activity; sid:38020251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 185.196.9.38 8081 (msg: "MISP e27720 [c2,Risepro] Outgoing To IP: 185.196.9.38|8081"; classtype:trojan-activity; sid:38020261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 101.99.92.169 8081 (msg: "MISP e27720 [c2,Risepro] Outgoing To IP: 101.99.92.169|8081"; classtype:trojan-activity; sid:38020271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert dns any any -> any any (msg: "MISP e27790 [] Domain ce189072612ee.postai.lat"; dns.query; content:"ce189072612ee.postai.lat"; nocase; pcre: "/(^|[^A-Za-z0-9-])ce189072612ee\.postai\.lat$/i"; classtype:trojan-activity; sid:38075011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27790 [] Outgoing HTTP Domain ce189072612ee.postai.lat"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ce189072612ee.postai.lat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ce189072612ee\.postai\.lat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38075012; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27790;) alert ip $HOME_NET any -> 39.104.200.45 80 (msg: "MISP e27720 [c2,cobalt_strike] Outgoing To IP: 39.104.200.45|80"; classtype:trojan-activity; sid:38020281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 20.19.35.117 443 (msg: "MISP e27720 [c2,cobalt_strike] Outgoing To IP: 20.19.35.117|443"; classtype:trojan-activity; sid:38020291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 74.48.151.50 11212 (msg: "MISP e27720 [c2,cobalt_strike] Outgoing To IP: 74.48.151.50|11212"; classtype:trojan-activity; sid:38020301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 2.45.75.48 88 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 2.45.75.48|88"; classtype:trojan-activity; sid:38020311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.30 1723 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.30|1723"; classtype:trojan-activity; sid:38020321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.30 2079 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.30|2079"; classtype:trojan-activity; sid:38020331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.30 2083 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.30|2083"; classtype:trojan-activity; sid:38020341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.30 1761 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.30|1761"; classtype:trojan-activity; sid:38020351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.30 1801 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.30|1801"; classtype:trojan-activity; sid:38020361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.30 1911 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.30|1911"; classtype:trojan-activity; sid:38020371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.30 2082 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.30|2082"; classtype:trojan-activity; sid:38020381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.30 2087 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.30|2087"; classtype:trojan-activity; sid:38020391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.30 2181 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.30|2181"; classtype:trojan-activity; sid:38020401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 185.11.61.124 55779 (msg: "MISP e27720 [c2,cobalt_strike] Outgoing To IP: 185.11.61.124|55779"; classtype:trojan-activity; sid:38020411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 45.154.3.56 56789 (msg: "MISP e27720 [c2,moobot] Outgoing To IP: 45.154.3.56|56789"; classtype:trojan-activity; sid:38020421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 144.91.109.161 42597 (msg: "MISP e27720 [c2,moobot] Outgoing To IP: 144.91.109.161|42597"; classtype:trojan-activity; sid:38020431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 144.91.109.161 42597 (msg: "MISP e27793 [] Outgoing To IP: 144.91.109.161|42597"; classtype:trojan-activity; sid:38075721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 45.154.3.56 56789 (msg: "MISP e27793 [] Outgoing To IP: 45.154.3.56|56789"; classtype:trojan-activity; sid:38075731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 185.11.61.124 55779 (msg: "MISP e27793 [] Outgoing To IP: 185.11.61.124|55779"; classtype:trojan-activity; sid:38075741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.30 2181 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.30|2181"; classtype:trojan-activity; sid:38075751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.30 2087 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.30|2087"; classtype:trojan-activity; sid:38075761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.30 2082 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.30|2082"; classtype:trojan-activity; sid:38075771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.30 1911 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.30|1911"; classtype:trojan-activity; sid:38075781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.30 1801 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.30|1801"; classtype:trojan-activity; sid:38075791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.30 1761 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.30|1761"; classtype:trojan-activity; sid:38075801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.30 2083 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.30|2083"; classtype:trojan-activity; sid:38075811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.30 2079 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.30|2079"; classtype:trojan-activity; sid:38075821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.30 1723 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.30|1723"; classtype:trojan-activity; sid:38075831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 2.45.75.48 88 (msg: "MISP e27793 [] Outgoing To IP: 2.45.75.48|88"; classtype:trojan-activity; sid:38075841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 74.48.151.50 11212 (msg: "MISP e27793 [] Outgoing To IP: 74.48.151.50|11212"; classtype:trojan-activity; sid:38075851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 20.19.35.117 443 (msg: "MISP e27793 [] Outgoing To IP: 20.19.35.117|443"; classtype:trojan-activity; sid:38075861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 39.104.200.45 80 (msg: "MISP e27793 [] Outgoing To IP: 39.104.200.45|80"; classtype:trojan-activity; sid:38075871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 101.99.92.169 8081 (msg: "MISP e27793 [] Outgoing To IP: 101.99.92.169|8081"; classtype:trojan-activity; sid:38075881; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 185.196.9.38 8081 (msg: "MISP e27793 [] Outgoing To IP: 185.196.9.38|8081"; classtype:trojan-activity; sid:38075891; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 193.233.132.147 8081 (msg: "MISP e27793 [] Outgoing To IP: 193.233.132.147|8081"; classtype:trojan-activity; sid:38075901; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 193.233.132.180 8081 (msg: "MISP e27793 [] Outgoing To IP: 193.233.132.180|8081"; classtype:trojan-activity; sid:38075911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 88.198.107.0 80 (msg: "MISP e27793 [] Outgoing To IP: 88.198.107.0|80"; classtype:trojan-activity; sid:38075921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 116.202.4.240 80 (msg: "MISP e27793 [] Outgoing To IP: 116.202.4.240|80"; classtype:trojan-activity; sid:38075931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 77.105.162.176 995 (msg: "MISP e27793 [] Outgoing To IP: 77.105.162.176|995"; classtype:trojan-activity; sid:38075941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 193.233.132.57 8081 (msg: "MISP e27720 [Risepro,ViriBack] Outgoing To IP: 193.233.132.57|8081"; classtype:trojan-activity; sid:38020441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 193.233.132.57 8081 (msg: "MISP e27793 [] Outgoing To IP: 193.233.132.57|8081"; classtype:trojan-activity; sid:38075951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> 107.175.69.54 $HTTP_PORTS (msg: "MISP e27850 [kill-chain:Command and Control,misp-galaxy:tool="QUASARRAT"] Outgoing URL http|3a|//107.175.69.54/Quazart/qztM.txt"; flow:to_server,established; http.header; content:"107.175.69.54"; fast_pattern; nocase; http.uri; content:"/Quazart/qztM.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38130061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27850;) alert ip 102.53.9.67 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 102.53.9.67"; classtype:trojan-activity; sid:38122481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 128.199.168.119 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.168.119"; classtype:trojan-activity; sid:38122491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.153.189.26 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.189.26"; classtype:trojan-activity; sid:38122501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.155.153.20 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.153.20"; classtype:trojan-activity; sid:38122511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.153.178.198 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.178.198"; classtype:trojan-activity; sid:38122521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 203.252.10.6 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.252.10.6"; classtype:trojan-activity; sid:38122531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 175.45.17.14 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.45.17.14"; classtype:trojan-activity; sid:38122541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.128.109.251 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.109.251"; classtype:trojan-activity; sid:38122551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.163.238.149 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.238.149"; classtype:trojan-activity; sid:38122561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 1.15.252.13 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.15.252.13"; classtype:trojan-activity; sid:38122571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.134.15.205 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.15.205"; classtype:trojan-activity; sid:38122581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.159.35.57 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.159.35.57"; classtype:trojan-activity; sid:38122591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 101.43.18.30 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.18.30"; classtype:trojan-activity; sid:38122601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 45.14.5.90 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.14.5.90"; classtype:trojan-activity; sid:38122611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 170.64.221.227 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.221.227"; classtype:trojan-activity; sid:38122621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.128.75.168 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.75.168"; classtype:trojan-activity; sid:38122631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 151.252.109.3 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 151.252.109.3"; classtype:trojan-activity; sid:38122641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 150.109.245.81 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.109.245.81"; classtype:trojan-activity; sid:38122651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.155.147.95 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.147.95"; classtype:trojan-activity; sid:38122661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 158.51.124.128 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.51.124.128"; classtype:trojan-activity; sid:38122671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 170.106.110.213 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.110.213"; classtype:trojan-activity; sid:38122681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 123.206.115.249 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.206.115.249"; classtype:trojan-activity; sid:38122691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 139.59.188.13 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.188.13"; classtype:trojan-activity; sid:38122701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 103.67.79.165 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.67.79.165"; classtype:trojan-activity; sid:38122711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 118.27.115.139 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.27.115.139"; classtype:trojan-activity; sid:38122721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 58.214.249.122 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.214.249.122"; classtype:trojan-activity; sid:38122731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 103.248.43.98 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.248.43.98"; classtype:trojan-activity; sid:38122741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 97.107.96.22 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 97.107.96.22"; classtype:trojan-activity; sid:38122751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 192.227.192.89 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.227.192.89"; classtype:trojan-activity; sid:38122761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 106.225.197.128 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.225.197.128"; classtype:trojan-activity; sid:38122771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.154.189.227 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.154.189.227"; classtype:trojan-activity; sid:38122781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 146.59.93.12 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 146.59.93.12"; classtype:trojan-activity; sid:38122791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 171.104.143.176 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.104.143.176"; classtype:trojan-activity; sid:38122801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.156.68.109 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.68.109"; classtype:trojan-activity; sid:38122811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 14.103.44.165 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.44.165"; classtype:trojan-activity; sid:38122821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 183.180.128.204 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.180.128.204"; classtype:trojan-activity; sid:38122831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 170.64.211.247 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.211.247"; classtype:trojan-activity; sid:38122841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 179.43.180.106 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.43.180.106"; classtype:trojan-activity; sid:38122851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 222.98.122.37 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.98.122.37"; classtype:trojan-activity; sid:38122861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 158.220.112.218 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.220.112.218"; classtype:trojan-activity; sid:38122871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 45.195.198.15 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.195.198.15"; classtype:trojan-activity; sid:38122881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 101.33.66.20 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.66.20"; classtype:trojan-activity; sid:38122891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 161.132.180.115 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.132.180.115"; classtype:trojan-activity; sid:38122901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 104.250.49.218 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.49.218"; classtype:trojan-activity; sid:38122911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 64.227.40.101 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.40.101"; classtype:trojan-activity; sid:38122921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 186.209.55.162 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.209.55.162"; classtype:trojan-activity; sid:38122931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 51.89.94.28 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.89.94.28"; classtype:trojan-activity; sid:38122941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 150.158.35.76 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.158.35.76"; classtype:trojan-activity; sid:38122951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 106.58.213.2 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.213.2"; classtype:trojan-activity; sid:38122961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 195.199.155.35 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.199.155.35"; classtype:trojan-activity; sid:38122971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 101.43.188.121 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.43.188.121"; classtype:trojan-activity; sid:38122981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 5.182.83.231 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.182.83.231"; classtype:trojan-activity; sid:38122991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.153.43.145 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.43.145"; classtype:trojan-activity; sid:38123001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 115.238.65.114 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.238.65.114"; classtype:trojan-activity; sid:38123011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 47.242.95.159 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.242.95.159"; classtype:trojan-activity; sid:38123021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 121.40.219.56 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.40.219.56"; classtype:trojan-activity; sid:38123031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 150.230.133.120 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.230.133.120"; classtype:trojan-activity; sid:38123041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 118.193.39.171 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.193.39.171"; classtype:trojan-activity; sid:38123051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 58.96.87.129 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.96.87.129"; classtype:trojan-activity; sid:38123061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 103.55.49.10 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.55.49.10"; classtype:trojan-activity; sid:38123071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 157.230.113.181 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.230.113.181"; classtype:trojan-activity; sid:38123081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 121.179.93.147 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.179.93.147"; classtype:trojan-activity; sid:38123091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 121.160.237.197 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.160.237.197"; classtype:trojan-activity; sid:38123101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 14.103.40.89 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.40.89"; classtype:trojan-activity; sid:38123111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 117.190.226.115 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.190.226.115"; classtype:trojan-activity; sid:38123121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 120.48.171.103 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.171.103"; classtype:trojan-activity; sid:38123131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 123.160.165.107 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.160.165.107"; classtype:trojan-activity; sid:38123141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.163.208.196 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.208.196"; classtype:trojan-activity; sid:38123151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.153.8.15 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.8.15"; classtype:trojan-activity; sid:38123161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 198.144.179.125 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.144.179.125"; classtype:trojan-activity; sid:38123171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 101.33.74.13 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.74.13"; classtype:trojan-activity; sid:38123181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 101.35.42.67 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.42.67"; classtype:trojan-activity; sid:38123191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 114.216.4.149 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.216.4.149"; classtype:trojan-activity; sid:38123201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 163.172.213.11 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.172.213.11"; classtype:trojan-activity; sid:38123211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.153.96.249 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.96.249"; classtype:trojan-activity; sid:38123221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 106.52.73.242 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.52.73.242"; classtype:trojan-activity; sid:38123231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 106.13.27.211 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.13.27.211"; classtype:trojan-activity; sid:38123241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.134.163.234 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.163.234"; classtype:trojan-activity; sid:38123251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 110.42.217.251 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.42.217.251"; classtype:trojan-activity; sid:38123261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 65.49.196.227 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 65.49.196.227"; classtype:trojan-activity; sid:38123271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 112.5.155.64 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.5.155.64"; classtype:trojan-activity; sid:38123281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 116.24.67.20 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.24.67.20"; classtype:trojan-activity; sid:38123291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 121.4.195.240 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.4.195.240"; classtype:trojan-activity; sid:38123301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 170.64.221.192 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.221.192"; classtype:trojan-activity; sid:38123311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.153.220.11 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.220.11"; classtype:trojan-activity; sid:38123321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 129.211.2.88 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.211.2.88"; classtype:trojan-activity; sid:38123331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 82.156.169.242 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.156.169.242"; classtype:trojan-activity; sid:38123341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 170.80.224.88 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.80.224.88"; classtype:trojan-activity; sid:38123351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 51.68.174.3 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.68.174.3"; classtype:trojan-activity; sid:38123361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 177.53.215.134 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.53.215.134"; classtype:trojan-activity; sid:38123371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 202.158.139.57 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.158.139.57"; classtype:trojan-activity; sid:38123381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 212.64.17.67 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.64.17.67"; classtype:trojan-activity; sid:38123391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 142.93.13.232 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 142.93.13.232"; classtype:trojan-activity; sid:38123401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 181.48.99.155 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.48.99.155"; classtype:trojan-activity; sid:38123411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 121.17.75.174 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.17.75.174"; classtype:trojan-activity; sid:38123421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 111.26.43.89 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.26.43.89"; classtype:trojan-activity; sid:38123431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 85.198.10.67 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.198.10.67"; classtype:trojan-activity; sid:38123441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 220.229.43.162 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.229.43.162"; classtype:trojan-activity; sid:38123451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 115.144.44.174 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.144.44.174"; classtype:trojan-activity; sid:38123461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.156.6.162 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.156.6.162"; classtype:trojan-activity; sid:38123471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 201.51.64.95 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.51.64.95"; classtype:trojan-activity; sid:38123481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 179.185.90.114 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.185.90.114"; classtype:trojan-activity; sid:38123491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 49.51.201.72 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.51.201.72"; classtype:trojan-activity; sid:38123501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 103.245.237.51 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.245.237.51"; classtype:trojan-activity; sid:38123511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 51.178.137.178 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.178.137.178"; classtype:trojan-activity; sid:38123521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 116.111.187.238 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.111.187.238"; classtype:trojan-activity; sid:38123531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 115.241.74.35 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.241.74.35"; classtype:trojan-activity; sid:38123541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 49.254.172.237 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.254.172.237"; classtype:trojan-activity; sid:38123551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 116.236.187.4 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.236.187.4"; classtype:trojan-activity; sid:38123561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 171.226.152.117 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.226.152.117"; classtype:trojan-activity; sid:38123571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 124.222.227.105 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.227.105"; classtype:trojan-activity; sid:38123581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 185.185.82.115 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.185.82.115"; classtype:trojan-activity; sid:38123591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 172.105.52.239 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 172.105.52.239"; classtype:trojan-activity; sid:38123601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 124.156.206.82 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.206.82"; classtype:trojan-activity; sid:38123611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.132.167.8 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.132.167.8"; classtype:trojan-activity; sid:38123621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 194.164.207.116 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.164.207.116"; classtype:trojan-activity; sid:38123631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 68.183.63.174 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 68.183.63.174"; classtype:trojan-activity; sid:38123641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 178.128.161.183 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.161.183"; classtype:trojan-activity; sid:38123651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 201.40.210.4 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 201.40.210.4"; classtype:trojan-activity; sid:38123661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 125.160.11.78 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.160.11.78"; classtype:trojan-activity; sid:38123671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 203.161.59.132 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.161.59.132"; classtype:trojan-activity; sid:38123681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 101.126.69.203 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.126.69.203"; classtype:trojan-activity; sid:38123691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 149.200.0.29 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.200.0.29"; classtype:trojan-activity; sid:38123701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 116.238.88.78 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.238.88.78"; classtype:trojan-activity; sid:38123711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 136.228.161.67 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 136.228.161.67"; classtype:trojan-activity; sid:38123721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 114.132.73.249 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 114.132.73.249"; classtype:trojan-activity; sid:38123731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 178.166.6.153 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.166.6.153"; classtype:trojan-activity; sid:38123741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 103.186.48.42 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.186.48.42"; classtype:trojan-activity; sid:38123751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 218.89.6.4 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.89.6.4"; classtype:trojan-activity; sid:38123761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 118.195.226.188 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.226.188"; classtype:trojan-activity; sid:38123771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 13.233.117.88 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 13.233.117.88"; classtype:trojan-activity; sid:38123781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 202.103.157.115 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.103.157.115"; classtype:trojan-activity; sid:38123791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 111.229.114.132 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.114.132"; classtype:trojan-activity; sid:38123801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 62.117.173.222 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.117.173.222"; classtype:trojan-activity; sid:38123811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 178.128.233.109 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.128.233.109"; classtype:trojan-activity; sid:38123821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 218.28.192.117 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.28.192.117"; classtype:trojan-activity; sid:38123831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 134.175.229.235 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.175.229.235"; classtype:trojan-activity; sid:38123841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 132.248.204.95 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.248.204.95"; classtype:trojan-activity; sid:38123851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 45.176.31.117 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.176.31.117"; classtype:trojan-activity; sid:38123861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 128.199.172.7 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.172.7"; classtype:trojan-activity; sid:38123871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 125.88.218.164 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.88.218.164"; classtype:trojan-activity; sid:38123881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 144.76.204.121 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 144.76.204.121"; classtype:trojan-activity; sid:38123891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 203.251.37.199 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 203.251.37.199"; classtype:trojan-activity; sid:38123901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 147.182.149.132 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 147.182.149.132"; classtype:trojan-activity; sid:38123911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 103.75.189.236 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.75.189.236"; classtype:trojan-activity; sid:38123921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 124.221.105.167 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.105.167"; classtype:trojan-activity; sid:38123931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 207.180.241.98 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 207.180.241.98"; classtype:trojan-activity; sid:38123941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 79.31.92.247 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.31.92.247"; classtype:trojan-activity; sid:38123951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 77.222.37.94 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.222.37.94"; classtype:trojan-activity; sid:38123961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 123.207.219.189 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.207.219.189"; classtype:trojan-activity; sid:38123971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 139.59.13.84 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.13.84"; classtype:trojan-activity; sid:38123981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 140.143.167.234 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.143.167.234"; classtype:trojan-activity; sid:38123991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 129.226.201.243 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 129.226.201.243"; classtype:trojan-activity; sid:38124001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 124.156.227.73 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.227.73"; classtype:trojan-activity; sid:38124011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 186.190.247.76 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.190.247.76"; classtype:trojan-activity; sid:38124021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.225.186.171 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.225.186.171"; classtype:trojan-activity; sid:38124031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 193.151.151.27 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.151.27"; classtype:trojan-activity; sid:38124041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 117.64.224.49 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.64.224.49"; classtype:trojan-activity; sid:38124051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 101.33.235.237 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.33.235.237"; classtype:trojan-activity; sid:38124061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 139.99.99.234 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.99.99.234"; classtype:trojan-activity; sid:38124071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 36.112.138.63 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 36.112.138.63"; classtype:trojan-activity; sid:38124081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 31.131.18.146 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.131.18.146"; classtype:trojan-activity; sid:38124091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 118.182.97.35 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.182.97.35"; classtype:trojan-activity; sid:38124101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 165.22.101.75 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.101.75"; classtype:trojan-activity; sid:38124111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 167.86.90.16 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.86.90.16"; classtype:trojan-activity; sid:38124121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 103.77.233.166 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.77.233.166"; classtype:trojan-activity; sid:38124131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 101.35.129.202 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.35.129.202"; classtype:trojan-activity; sid:38124141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 158.51.125.158 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 158.51.125.158"; classtype:trojan-activity; sid:38124151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 170.64.171.189 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.171.189"; classtype:trojan-activity; sid:38124161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 5.181.51.178 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.181.51.178"; classtype:trojan-activity; sid:38124171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 170.64.195.167 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.195.167"; classtype:trojan-activity; sid:38124181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 124.156.224.20 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.224.20"; classtype:trojan-activity; sid:38124191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 107.173.181.153 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.181.153"; classtype:trojan-activity; sid:38124201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 27.254.235.2 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.254.235.2"; classtype:trojan-activity; sid:38124211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 101.34.133.91 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.133.91"; classtype:trojan-activity; sid:38124221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 125.142.224.115 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.142.224.115"; classtype:trojan-activity; sid:38124231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.155.140.35 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.140.35"; classtype:trojan-activity; sid:38124241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 103.250.11.211 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.250.11.211"; classtype:trojan-activity; sid:38124251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 47.243.192.190 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.243.192.190"; classtype:trojan-activity; sid:38124261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 223.18.61.211 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.18.61.211"; classtype:trojan-activity; sid:38124271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 124.156.199.148 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.156.199.148"; classtype:trojan-activity; sid:38124281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.133.21.39 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.21.39"; classtype:trojan-activity; sid:38124291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 59.23.39.74 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 59.23.39.74"; classtype:trojan-activity; sid:38124301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 104.234.36.229 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.234.36.229"; classtype:trojan-activity; sid:38124311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 139.59.7.127 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.7.127"; classtype:trojan-activity; sid:38124321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 111.161.125.133 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.161.125.133"; classtype:trojan-activity; sid:38124331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.155.159.250 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.159.250"; classtype:trojan-activity; sid:38124341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 200.52.91.154 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.52.91.154"; classtype:trojan-activity; sid:38124351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 66.70.188.24 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 66.70.188.24"; classtype:trojan-activity; sid:38124361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 170.106.167.185 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.167.185"; classtype:trojan-activity; sid:38124371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 64.227.166.181 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.227.166.181"; classtype:trojan-activity; sid:38124381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip $HOME_NET any -> 69.30.232.226 1433 (msg: "MISP e27720 [c2,cobalt_strike] Outgoing To IP: 69.30.232.226|1433"; classtype:trojan-activity; sid:38020461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip 124.152.181.97 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.152.181.97"; classtype:trojan-activity; sid:38124391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 103.187.26.15 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.187.26.15"; classtype:trojan-activity; sid:38124401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 211.53.225.69 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.53.225.69"; classtype:trojan-activity; sid:38124411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 45.92.195.77 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.92.195.77"; classtype:trojan-activity; sid:38124421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip $HOME_NET any -> 14.239.3.253 80 (msg: "MISP e27720 [c2,hook] Outgoing To IP: 14.239.3.253|80"; classtype:trojan-activity; sid:38020471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip 51.161.8.244 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.161.8.244"; classtype:trojan-activity; sid:38124431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip $HOME_NET any -> 146.70.44.156 50051 (msg: "MISP e27720 [c2,cobalt_strike] Outgoing To IP: 146.70.44.156|50051"; classtype:trojan-activity; sid:38020481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip 134.209.145.141 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.145.141"; classtype:trojan-activity; sid:38124441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 103.97.247.139 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.97.247.139"; classtype:trojan-activity; sid:38124451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 123.253.35.25 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.253.35.25"; classtype:trojan-activity; sid:38124461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 91.134.253.23 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.134.253.23"; classtype:trojan-activity; sid:38124471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.138.149.68 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.149.68"; classtype:trojan-activity; sid:38124481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 120.48.2.241 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.48.2.241"; classtype:trojan-activity; sid:38124491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 139.198.30.206 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.198.30.206"; classtype:trojan-activity; sid:38124501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 190.18.103.201 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.18.103.201"; classtype:trojan-activity; sid:38124511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 1.14.70.242 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.70.242"; classtype:trojan-activity; sid:38124521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 103.82.145.99 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.82.145.99"; classtype:trojan-activity; sid:38124531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 149.202.134.49 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.202.134.49"; classtype:trojan-activity; sid:38124541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 23.94.143.153 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.143.153"; classtype:trojan-activity; sid:38124551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 117.232.107.108 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.232.107.108"; classtype:trojan-activity; sid:38124561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.153.225.63 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.225.63"; classtype:trojan-activity; sid:38124571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 14.116.187.37 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.116.187.37"; classtype:trojan-activity; sid:38124581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 195.178.191.5 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 195.178.191.5"; classtype:trojan-activity; sid:38124591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 61.171.68.198 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.171.68.198"; classtype:trojan-activity; sid:38124601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 99.126.153.63 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 99.126.153.63"; classtype:trojan-activity; sid:38124611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 118.113.244.254 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.113.244.254"; classtype:trojan-activity; sid:38124621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 91.107.183.183 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.107.183.183"; classtype:trojan-activity; sid:38124631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 154.201.70.6 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.201.70.6"; classtype:trojan-activity; sid:38124641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.163.196.224 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.196.224"; classtype:trojan-activity; sid:38124651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 152.32.210.193 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.32.210.193"; classtype:trojan-activity; sid:38124661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 92.205.191.254 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.205.191.254"; classtype:trojan-activity; sid:38124671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 101.42.22.97 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.22.97"; classtype:trojan-activity; sid:38124681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 23.94.134.160 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.94.134.160"; classtype:trojan-activity; sid:38124691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 118.195.149.151 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.195.149.151"; classtype:trojan-activity; sid:38124701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 106.58.179.219 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.58.179.219"; classtype:trojan-activity; sid:38124711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 89.46.223.86 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 89.46.223.86"; classtype:trojan-activity; sid:38124721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 58.243.93.59 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.243.93.59"; classtype:trojan-activity; sid:38124731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 168.228.114.238 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.228.114.238"; classtype:trojan-activity; sid:38124741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 14.103.48.212 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.48.212"; classtype:trojan-activity; sid:38124751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 45.154.89.246 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.154.89.246"; classtype:trojan-activity; sid:38124761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 211.193.0.92 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 211.193.0.92"; classtype:trojan-activity; sid:38124771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.163.210.160 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.210.160"; classtype:trojan-activity; sid:38124781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 192.144.207.149 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.144.207.149"; classtype:trojan-activity; sid:38124791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 186.53.126.60 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.53.126.60"; classtype:trojan-activity; sid:38124801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 85.198.8.133 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.198.8.133"; classtype:trojan-activity; sid:38124811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 85.243.39.117 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 85.243.39.117"; classtype:trojan-activity; sid:38124821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 143.244.172.59 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.244.172.59"; classtype:trojan-activity; sid:38124831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 92.27.101.99 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.27.101.99"; classtype:trojan-activity; sid:38124841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 79.224.96.85 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.224.96.85"; classtype:trojan-activity; sid:38124851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 170.64.221.149 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.221.149"; classtype:trojan-activity; sid:38124861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 170.64.205.218 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.205.218"; classtype:trojan-activity; sid:38124871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.134.31.15 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.31.15"; classtype:trojan-activity; sid:38124881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 168.228.42.145 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 168.228.42.145"; classtype:trojan-activity; sid:38124891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 107.173.155.45 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.173.155.45"; classtype:trojan-activity; sid:38124901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 116.198.216.58 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.198.216.58"; classtype:trojan-activity; sid:38124911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 221.165.136.172 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.165.136.172"; classtype:trojan-activity; sid:38124921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 139.59.7.145 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 139.59.7.145"; classtype:trojan-activity; sid:38124931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 107.167.2.202 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.167.2.202"; classtype:trojan-activity; sid:38124941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert ip 43.153.223.232 any -> $HOME_NET any (msg: "MISP e27839 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.223.232"; classtype:trojan-activity; sid:38124951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27839;) alert http $HOME_NET any -> 23.95.235.35 $HTTP_PORTS (msg: "MISP e27841 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//23.95.235.35/imfeelingalotandbleedingseriouslywithmyheartandiamtryingtofigureoutfromentierthings_____ireallyloveutrulyfromtheheartbutiknowmysituations.doc"; flow:to_server,established; http.header; content:"23.95.235.35"; fast_pattern; nocase; http.uri; content:"/imfeelingalotandbleedingseriouslywithmyheartandiamtryingtofigureoutfromentierthings_____ireallyloveutrulyfromtheheartbutiknowmysituations.doc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27841;) alert ip $HOME_NET any -> 146.70.44.156 50051 (msg: "MISP e27793 [] Outgoing To IP: 146.70.44.156|50051"; classtype:trojan-activity; sid:38075971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 14.239.3.253 80 (msg: "MISP e27793 [] Outgoing To IP: 14.239.3.253|80"; classtype:trojan-activity; sid:38075981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 69.30.232.226 1433 (msg: "MISP e27793 [] Outgoing To IP: 69.30.232.226|1433"; classtype:trojan-activity; sid:38075991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert dns any any -> any any (msg: "MISP e27791 [] Domain minu-lhv.arb.com.kw"; dns.query; content:"minu-lhv.arb.com.kw"; nocase; pcre: "/(^|[^A-Za-z0-9-])minu\-lhv\.arb\.com\.kw$/i"; classtype:trojan-activity; sid:38075041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27791;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27791 [] Outgoing HTTP Domain minu-lhv.arb.com.kw"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"minu-lhv.arb.com.kw"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])minu\-lhv\.arb\.com\.kw[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38075042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27791;) alert dns any any -> any any (msg: "MISP e27790 [] Domain poosten.cc"; dns.query; content:"poosten.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])poosten\.cc$/i"; classtype:trojan-activity; sid:38075031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27790;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27790 [] Outgoing HTTP Domain poosten.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"poosten.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])poosten\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38075032; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27790;) alert ip $HOME_NET any -> 45.157.69.156 443 (msg: "MISP e27720 [c2,orcus_rat] Outgoing To IP: 45.157.69.156|443"; classtype:trojan-activity; sid:38020491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 45.89.54.206 443 (msg: "MISP e27720 [c2,cobalt_strike] Outgoing To IP: 45.89.54.206|443"; classtype:trojan-activity; sid:38020501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 49.232.214.141 8888 (msg: "MISP e27720 [c2,cobalt_strike] Outgoing To IP: 49.232.214.141|8888"; classtype:trojan-activity; sid:38020511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 103.216.51.35 80 (msg: "MISP e27720 [c2,hook] Outgoing To IP: 103.216.51.35|80"; classtype:trojan-activity; sid:38020521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 103.216.51.35 80 (msg: "MISP e27793 [] Outgoing To IP: 103.216.51.35|80"; classtype:trojan-activity; sid:38076001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 49.232.214.141 8888 (msg: "MISP e27793 [] Outgoing To IP: 49.232.214.141|8888"; classtype:trojan-activity; sid:38076011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 45.89.54.206 443 (msg: "MISP e27793 [] Outgoing To IP: 45.89.54.206|443"; classtype:trojan-activity; sid:38076021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 45.157.69.156 443 (msg: "MISP e27793 [] Outgoing To IP: 45.157.69.156|443"; classtype:trojan-activity; sid:38076031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 157.230.175.190 4891 (msg: "MISP e27720 [Bianlian Go Trojan,DIGITALOCEAN-ASN] Outgoing To IP: 157.230.175.190|4891"; classtype:trojan-activity; sid:38020531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 92.177.126.152 2222 (msg: "MISP e27720 [QakBot,UNI2-AS] Outgoing To IP: 92.177.126.152|2222"; classtype:trojan-activity; sid:38020541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 185.51.171.169 2222 (msg: "MISP e27720 [QakBot,WicitY - Internet Service Provider] Outgoing To IP: 185.51.171.169|2222"; classtype:trojan-activity; sid:38020551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 188.49.94.176 443 (msg: "MISP e27720 [QakBot,SAUDINETSTC-AS] Outgoing To IP: 188.49.94.176|443"; classtype:trojan-activity; sid:38020561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 167.56.207.201 995 (msg: "MISP e27720 [Administracion Nacional de Telecomunicaciones,QakBot] Outgoing To IP: 167.56.207.201|995"; classtype:trojan-activity; sid:38020571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 46.246.84.5 6000 (msg: "MISP e27720 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.84.5|6000"; classtype:trojan-activity; sid:38020581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 194.87.74.14 80 (msg: "MISP e27720 [Hookbot Pegasus,MTW-AS] Outgoing To IP: 194.87.74.14|80"; classtype:trojan-activity; sid:38020591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 194.87.74.14 80 (msg: "MISP e27793 [] Outgoing To IP: 194.87.74.14|80"; classtype:trojan-activity; sid:38076041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 46.246.84.5 6000 (msg: "MISP e27793 [] Outgoing To IP: 46.246.84.5|6000"; classtype:trojan-activity; sid:38076051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 167.56.207.201 995 (msg: "MISP e27793 [] Outgoing To IP: 167.56.207.201|995"; classtype:trojan-activity; sid:38076061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 188.49.94.176 443 (msg: "MISP e27793 [] Outgoing To IP: 188.49.94.176|443"; classtype:trojan-activity; sid:38076071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 185.51.171.169 2222 (msg: "MISP e27793 [] Outgoing To IP: 185.51.171.169|2222"; classtype:trojan-activity; sid:38076081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 92.177.126.152 2222 (msg: "MISP e27793 [] Outgoing To IP: 92.177.126.152|2222"; classtype:trojan-activity; sid:38076091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 157.230.175.190 4891 (msg: "MISP e27793 [] Outgoing To IP: 157.230.175.190|4891"; classtype:trojan-activity; sid:38076101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27720 [BlackNET] Outgoing URL http|3a|//dbhg.duckdns.org/receive.php"; flow:to_server,established; http.header; content:"dbhg.duckdns.org"; fast_pattern; nocase; http.uri; content:"/receive.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38020601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27793 [] Outgoing URL http|3a|//dbhg.duckdns.org/receive.php"; flow:to_server,established; http.header; content:"dbhg.duckdns.org"; fast_pattern; nocase; http.uri; content:"/receive.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38131031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27840 [diamond-model:Infrastructure,kill-chain:Delivery] Outgoing URL http|3a|//doc-assina.s3.ir-thr-at1.arvanstorage.ir/DocAnalisis.html"; flow:to_server,established; http.header; content:"doc-assina.s3.ir-thr-at1.arvanstorage.ir"; fast_pattern; nocase; http.uri; content:"/DocAnalisis.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38124991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27840;) alert dns any any -> any any (msg: "MISP e27719 [] Domain mi-tarjetacencosud-cl.xn--ugbhs4dl.chat"; dns.query; content:"mi-tarjetacencosud-cl.xn--ugbhs4dl.chat"; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.xn\-\-ugbhs4dl\.chat$/i"; classtype:trojan-activity; sid:38019541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27719;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27719 [] Outgoing HTTP Domain mi-tarjetacencosud-cl.xn--ugbhs4dl.chat"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mi-tarjetacencosud-cl.xn--ugbhs4dl.chat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mi\-tarjetacencosud\-cl\.xn\-\-ugbhs4dl\.chat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38019542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27719;) alert ip $HOME_NET any -> 147.185.221.18 56901 (msg: "MISP e27720 [OrcusRAT] Outgoing To IP: 147.185.221.18|56901"; classtype:trojan-activity; sid:38020611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 147.185.221.18 56901 (msg: "MISP e27793 [] Outgoing To IP: 147.185.221.18|56901"; classtype:trojan-activity; sid:38131041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 193.42.63.146 2053 (msg: "MISP e27720 [c2,cobalt_strike] Outgoing To IP: 193.42.63.146|2053"; classtype:trojan-activity; sid:38020621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 129.204.201.114 80 (msg: "MISP e27720 [c2,cobalt_strike] Outgoing To IP: 129.204.201.114|80"; classtype:trojan-activity; sid:38020631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.22 2079 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.22|2079"; classtype:trojan-activity; sid:38020641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.22 2095 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.22|2095"; classtype:trojan-activity; sid:38020651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.22 2053 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.22|2053"; classtype:trojan-activity; sid:38020661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 187.135.82.22 2077 (msg: "MISP e27720 [c2,darkcomet] Outgoing To IP: 187.135.82.22|2077"; classtype:trojan-activity; sid:38020671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 57.151.120.22 443 (msg: "MISP e27720 [c2,sliver] Outgoing To IP: 57.151.120.22|443"; classtype:trojan-activity; sid:38020681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 81.70.71.30 62233 (msg: "MISP e27720 [c2,cobalt_strike] Outgoing To IP: 81.70.71.30|62233"; classtype:trojan-activity; sid:38020691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 81.70.71.30 62233 (msg: "MISP e27793 [] Outgoing To IP: 81.70.71.30|62233"; classtype:trojan-activity; sid:38131051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 57.151.120.22 443 (msg: "MISP e27793 [] Outgoing To IP: 57.151.120.22|443"; classtype:trojan-activity; sid:38131061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.22 2077 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.22|2077"; classtype:trojan-activity; sid:38131071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.22 2053 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.22|2053"; classtype:trojan-activity; sid:38131081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.22 2095 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.22|2095"; classtype:trojan-activity; sid:38131091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 187.135.82.22 2079 (msg: "MISP e27793 [] Outgoing To IP: 187.135.82.22|2079"; classtype:trojan-activity; sid:38131101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 129.204.201.114 80 (msg: "MISP e27793 [] Outgoing To IP: 129.204.201.114|80"; classtype:trojan-activity; sid:38131111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 193.42.63.146 2053 (msg: "MISP e27793 [] Outgoing To IP: 193.42.63.146|2053"; classtype:trojan-activity; sid:38131121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert dns any any -> any any (msg: "MISP e27720 [CobaltStrike,cs-watermark-987654321,DIGITALOCEAN-ASN] Domain newcleos.com"; dns.query; content:"newcleos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])newcleos\.com$/i"; classtype:trojan-activity; sid:38020711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27720 [CobaltStrike,cs-watermark-987654321,DIGITALOCEAN-ASN] Outgoing HTTP Domain newcleos.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"newcleos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])newcleos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38020712; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 142.93.97.142 443 (msg: "MISP e27720 [CobaltStrike,cs-watermark-987654321,DIGITALOCEAN-ASN] Outgoing To IP: 142.93.97.142|443"; classtype:trojan-activity; sid:38020721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert dns any any -> any any (msg: "MISP e27793 [] Domain newcleos.com"; dns.query; content:"newcleos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])newcleos\.com$/i"; classtype:trojan-activity; sid:38131131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27793 [] Outgoing HTTP Domain newcleos.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"newcleos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])newcleos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38131132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert ip $HOME_NET any -> 142.93.97.142 443 (msg: "MISP e27793 [] Outgoing To IP: 142.93.97.142|443"; classtype:trojan-activity; sid:38131151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27793;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname quyangds.cn"; dns.query; content:"quyangds.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quyangds\.cn$/i"; classtype:trojan-activity; sid:38100601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname quyangds.cn"; flow:to_server,established; http.header; content: "Host|3a| quyangds.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])quyangds\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38100602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//quyangds.cn"; flow:to_server,established; http.header; content:"quyangds.cn"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38100611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 7gy6rffsuaygxhnzvududfvdheshdu3uyryhsgfaffeiidowehtxggahhe.pages.dev"; dns.query; content:"7gy6rffsuaygxhnzvududfvdheshdu3uyryhsgfaffeiidowehtxggahhe.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])7gy6rffsuaygxhnzvududfvdheshdu3uyryhsgfaffeiidowehtxggahhe\.pages\.dev$/i"; classtype:trojan-activity; sid:38100641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 7gy6rffsuaygxhnzvududfvdheshdu3uyryhsgfaffeiidowehtxggahhe.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 7gy6rffsuaygxhnzvududfvdheshdu3uyryhsgfaffeiidowehtxggahhe.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])7gy6rffsuaygxhnzvududfvdheshdu3uyryhsgfaffeiidowehtxggahhe\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38100642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//7gy6rffsuaygxhnzvududfvdheshdu3uyryhsgfaffeiidowehtxggahhe.pages.dev"; flow:to_server,established; http.header; content:"7gy6rffsuaygxhnzvududfvdheshdu3uyryhsgfaffeiidowehtxggahhe.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38100651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname vgix.i-india.in"; dns.query; content:"vgix.i-india.in"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vgix\.i\-india\.in$/i"; classtype:trojan-activity; sid:38100681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname vgix.i-india.in"; flow:to_server,established; http.header; content: "Host|3a| vgix.i-india.in"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vgix\.i\-india\.in[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38100682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//vgix.i-india.in/sfr/www.sfr.fr-login-return_url/"; flow:to_server,established; http.header; content:"vgix.i-india.in"; fast_pattern; nocase; http.uri; content:"/sfr/www.sfr.fr-login-return_url/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38100691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname kawarthaeats.ca"; dns.query; content:"kawarthaeats.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kawarthaeats\.ca$/i"; classtype:trojan-activity; sid:38100721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname kawarthaeats.ca"; flow:to_server,established; http.header; content: "Host|3a| kawarthaeats.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kawarthaeats\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38100722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspw.usspaqi.top"; dns.query; content:"uspw.usspaqi.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspw\.usspaqi\.top$/i"; classtype:trojan-activity; sid:38100761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspw.usspaqi.top"; flow:to_server,established; http.header; content: "Host|3a| uspw.usspaqi.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspw\.usspaqi\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38100762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//uspw.usspaqi.top"; flow:to_server,established; http.header; content:"uspw.usspaqi.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38100771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegwam.icu"; dns.query; content:"telegwam.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegwam\.icu$/i"; classtype:trojan-activity; sid:38100801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegwam.icu"; flow:to_server,established; http.header; content: "Host|3a| telegwam.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegwam\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38100802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegwam.icu"; flow:to_server,established; http.header; content:"telegwam.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38100811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname vvhats.cc"; dns.query; content:"vvhats.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vvhats\.cc$/i"; classtype:trojan-activity; sid:38100841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname vvhats.cc"; flow:to_server,established; http.header; content: "Host|3a| vvhats.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vvhats\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38100842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspz.usspayo.top"; dns.query; content:"uspz.usspayo.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspayo\.top$/i"; classtype:trojan-activity; sid:38100881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspz.usspayo.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspayo.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspayo\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38100882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspz.usspaor.top"; dns.query; content:"uspz.usspaor.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspaor\.top$/i"; classtype:trojan-activity; sid:38100921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspz.usspaor.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.usspaor.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.usspaor\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38100922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname usps.posthelobn.top"; dns.query; content:"usps.posthelobn.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.posthelobn\.top$/i"; classtype:trojan-activity; sid:38100961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname usps.posthelobn.top"; flow:to_server,established; http.header; content: "Host|3a| usps.posthelobn.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.posthelobn\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38100962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname usps.atdvrjimdg.top"; dns.query; content:"usps.atdvrjimdg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.atdvrjimdg\.top$/i"; classtype:trojan-activity; sid:38101001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname usps.atdvrjimdg.top"; flow:to_server,established; http.header; content: "Host|3a| usps.atdvrjimdg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.atdvrjimdg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspo.usspnh.top"; dns.query; content:"uspo.usspnh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspnh\.top$/i"; classtype:trojan-activity; sid:38101041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspo.usspnh.top"; flow:to_server,established; http.header; content: "Host|3a| uspo.usspnh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspo\.usspnh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspc.usspnc.top"; dns.query; content:"uspc.usspnc.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspnc\.top$/i"; classtype:trojan-activity; sid:38101081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspc.usspnc.top"; flow:to_server,established; http.header; content: "Host|3a| uspc.usspnc.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspc\.usspnc\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokexpocket.com"; dns.query; content:"tokexpocket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokexpocket\.com$/i"; classtype:trojan-activity; sid:38101121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokexpocket.com"; flow:to_server,established; http.header; content: "Host|3a| tokexpocket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokexpocket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ukl.pages.dev"; dns.query; content:"ukl.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ukl\.pages\.dev$/i"; classtype:trojan-activity; sid:38101161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ukl.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ukl.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ukl\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpocket-tpmvu.com"; dns.query; content:"tokenpocket-tpmvu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpmvu\.com$/i"; classtype:trojan-activity; sid:38101201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpocket-tpmvu.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpocket-tpmvu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpocket\-tpmvu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbpket.biz"; dns.query; content:"tokenpbpket.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbpket\.biz$/i"; classtype:trojan-activity; sid:38101241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbpket.biz"; flow:to_server,established; http.header; content: "Host|3a| tokenpbpket.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbpket\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tok2np0cklt.top"; dns.query; content:"tok2np0cklt.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2np0cklt\.top$/i"; classtype:trojan-activity; sid:38101281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tok2np0cklt.top"; flow:to_server,established; http.header; content: "Host|3a| tok2np0cklt.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tok2np0cklt\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname seriouspsawe.weebly.com"; dns.query; content:"seriouspsawe.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])seriouspsawe\.weebly\.com$/i"; classtype:trojan-activity; sid:38101321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname seriouspsawe.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| seriouspsawe.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])seriouspsawe\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname page-policy-appeal-review-case-585552.vercel.app"; dns.query; content:"page-policy-appeal-review-case-585552.vercel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])page\-policy\-appeal\-review\-case\-585552\.vercel\.app$/i"; classtype:trojan-activity; sid:38101361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname page-policy-appeal-review-case-585552.vercel.app"; flow:to_server,established; http.header; content: "Host|3a| page-policy-appeal-review-case-585552.vercel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])page\-policy\-appeal\-review\-case\-585552\.vercel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname onedrive-proxy.lm379.workers.dev"; dns.query; content:"onedrive-proxy.lm379.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onedrive\-proxy\.lm379\.workers\.dev$/i"; classtype:trojan-activity; sid:38101401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname onedrive-proxy.lm379.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| onedrive-proxy.lm379.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])onedrive\-proxy\.lm379\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname nxh.pages.dev"; dns.query; content:"nxh.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nxh\.pages\.dev$/i"; classtype:trojan-activity; sid:38101441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname nxh.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nxh.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nxh\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname netzeeros4cons73.weebly.com"; dns.query; content:"netzeeros4cons73.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netzeeros4cons73\.weebly\.com$/i"; classtype:trojan-activity; sid:38101481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname netzeeros4cons73.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| netzeeros4cons73.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])netzeeros4cons73\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname modenetworks.xyz"; dns.query; content:"modenetworks.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])modenetworks\.xyz$/i"; classtype:trojan-activity; sid:38101521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname modenetworks.xyz"; flow:to_server,established; http.header; content: "Host|3a| modenetworks.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])modenetworks\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname misaki4552.github.io"; dns.query; content:"misaki4552.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])misaki4552\.github\.io$/i"; classtype:trojan-activity; sid:38101561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname misaki4552.github.io"; flow:to_server,established; http.header; content: "Host|3a| misaki4552.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])misaki4552\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname m.fxykgm.com"; dns.query; content:"m.fxykgm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.fxykgm\.com$/i"; classtype:trojan-activity; sid:38101601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname m.fxykgm.com"; flow:to_server,established; http.header; content: "Host|3a| m.fxykgm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])m\.fxykgm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname inquireuspsship.com"; dns.query; content:"inquireuspsship.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inquireuspsship\.com$/i"; classtype:trojan-activity; sid:38101641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname inquireuspsship.com"; flow:to_server,established; http.header; content: "Host|3a| inquireuspsship.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inquireuspsship\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//inquireuspsship.com"; flow:to_server,established; http.header; content:"inquireuspsship.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38101651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname microsoft-verificacion.weebly.com"; dns.query; content:"microsoft-verificacion.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsoft\-verificacion\.weebly\.com$/i"; classtype:trojan-activity; sid:38101681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname microsoft-verificacion.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| microsoft-verificacion.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])microsoft\-verificacion\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname marcuswinshowllcpay4dportal.pages.dev"; dns.query; content:"marcuswinshowllcpay4dportal.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marcuswinshowllcpay4dportal\.pages\.dev$/i"; classtype:trojan-activity; sid:38101721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname marcuswinshowllcpay4dportal.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| marcuswinshowllcpay4dportal.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marcuswinshowllcpay4dportal\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname liveviralvideo23.private-x.my.id"; dns.query; content:"liveviralvideo23.private-x.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveviralvideo23\.private\-x\.my\.id$/i"; classtype:trojan-activity; sid:38101761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname liveviralvideo23.private-x.my.id"; flow:to_server,established; http.header; content: "Host|3a| liveviralvideo23.private-x.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveviralvideo23\.private\-x\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname inboxx-89f1.nkbrehmyetae.workers.dev"; dns.query; content:"inboxx-89f1.nkbrehmyetae.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inboxx\-89f1\.nkbrehmyetae\.workers\.dev$/i"; classtype:trojan-activity; sid:38101801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname inboxx-89f1.nkbrehmyetae.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| inboxx-89f1.nkbrehmyetae.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inboxx\-89f1\.nkbrehmyetae\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ioeuenvea-e854bf.ingress-baronn.ewp.live"; dns.query; content:"ioeuenvea-e854bf.ingress-baronn.ewp.live"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ioeuenvea\-e854bf\.ingress\-baronn\.ewp\.live$/i"; classtype:trojan-activity; sid:38101841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ioeuenvea-e854bf.ingress-baronn.ewp.live"; flow:to_server,established; http.header; content: "Host|3a| ioeuenvea-e854bf.ingress-baronn.ewp.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ioeuenvea\-e854bf\.ingress\-baronn\.ewp\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname imtoken-rf.top"; dns.query; content:"imtoken-rf.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rf\.top$/i"; classtype:trojan-activity; sid:38101881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname imtoken-rf.top"; flow:to_server,established; http.header; content: "Host|3a| imtoken-rf.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-rf\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname imtoken-r.com"; dns.query; content:"imtoken-r.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-r\.com$/i"; classtype:trojan-activity; sid:38101921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname imtoken-r.com"; flow:to_server,established; http.header; content: "Host|3a| imtoken-r.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-r\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname imtoken-br.net"; dns.query; content:"imtoken-br.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-br\.net$/i"; classtype:trojan-activity; sid:38101961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname imtoken-br.net"; flow:to_server,established; http.header; content: "Host|3a| imtoken-br.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-br\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38101962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname i8.ae"; dns.query; content:"i8.ae"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])i8\.ae$/i"; classtype:trojan-activity; sid:38102001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname i8.ae"; flow:to_server,established; http.header; content: "Host|3a| i8.ae"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])i8\.ae[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname httpsfoodnetworkspringchampionship.blogspot.com"; dns.query; content:"httpsfoodnetworkspringchampionship.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])httpsfoodnetworkspringchampionship\.blogspot\.com$/i"; classtype:trojan-activity; sid:38102041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname httpsfoodnetworkspringchampionship.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| httpsfoodnetworkspringchampionship.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])httpsfoodnetworkspringchampionship\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname greg-56e7.lleabtiswhe.workers.dev"; dns.query; content:"greg-56e7.lleabtiswhe.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])greg\-56e7\.lleabtiswhe\.workers\.dev$/i"; classtype:trojan-activity; sid:38102081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname greg-56e7.lleabtiswhe.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| greg-56e7.lleabtiswhe.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])greg\-56e7\.lleabtiswhe\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname greg-56e7.lleabtiswhe.workers.dev"; dns.query; content:"greg-56e7.lleabtiswhe.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])greg\-56e7\.lleabtiswhe\.workers\.dev$/i"; classtype:trojan-activity; sid:38102121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname greg-56e7.lleabtiswhe.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| greg-56e7.lleabtiswhe.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])greg\-56e7\.lleabtiswhe\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname enjucm-6424.anotudhoeah.workers.dev"; dns.query; content:"enjucm-6424.anotudhoeah.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])enjucm\-6424\.anotudhoeah\.workers\.dev$/i"; classtype:trojan-activity; sid:38102161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname enjucm-6424.anotudhoeah.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| enjucm-6424.anotudhoeah.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])enjucm\-6424\.anotudhoeah\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname doocloud-323b.teerhanlnuchmar.workers.dev"; dns.query; content:"doocloud-323b.teerhanlnuchmar.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])doocloud\-323b\.teerhanlnuchmar\.workers\.dev$/i"; classtype:trojan-activity; sid:38102201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname doocloud-323b.teerhanlnuchmar.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| doocloud-323b.teerhanlnuchmar.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])doocloud\-323b\.teerhanlnuchmar\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname egovbilgitr.sytes.net"; dns.query; content:"egovbilgitr.sytes.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egovbilgitr\.sytes\.net$/i"; classtype:trojan-activity; sid:38102241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname egovbilgitr.sytes.net"; flow:to_server,established; http.header; content: "Host|3a| egovbilgitr.sytes.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egovbilgitr\.sytes\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname djv3ugd.ktt55.my.id"; dns.query; content:"djv3ugd.ktt55.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djv3ugd\.ktt55\.my\.id$/i"; classtype:trojan-activity; sid:38102281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname djv3ugd.ktt55.my.id"; flow:to_server,established; http.header; content: "Host|3a| djv3ugd.ktt55.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])djv3ugd\.ktt55\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname dduenamnea-e854bf.ingress-baronn.ewp.live"; dns.query; content:"dduenamnea-e854bf.ingress-baronn.ewp.live"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dduenamnea\-e854bf\.ingress\-baronn\.ewp\.live$/i"; classtype:trojan-activity; sid:38102321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname dduenamnea-e854bf.ingress-baronn.ewp.live"; flow:to_server,established; http.header; content: "Host|3a| dduenamnea-e854bf.ingress-baronn.ewp.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dduenamnea\-e854bf\.ingress\-baronn\.ewp\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname coreplesk-cake-7dbf.leacshlenmmdgza.workers.dev"; dns.query; content:"coreplesk-cake-7dbf.leacshlenmmdgza.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coreplesk\-cake\-7dbf\.leacshlenmmdgza\.workers\.dev$/i"; classtype:trojan-activity; sid:38102361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname coreplesk-cake-7dbf.leacshlenmmdgza.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| coreplesk-cake-7dbf.leacshlenmmdgza.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coreplesk\-cake\-7dbf\.leacshlenmmdgza\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname clouds-tain-fce5.cmcayeyuhnaess.workers.dev"; dns.query; content:"clouds-tain-fce5.cmcayeyuhnaess.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clouds\-tain\-fce5\.cmcayeyuhnaess\.workers\.dev$/i"; classtype:trojan-activity; sid:38102401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname clouds-tain-fce5.cmcayeyuhnaess.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| clouds-tain-fce5.cmcayeyuhnaess.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])clouds\-tain\-fce5\.cmcayeyuhnaess\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname coin-us-base.weebly.com"; dns.query; content:"coin-us-base.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coin\-us\-base\.weebly\.com$/i"; classtype:trojan-activity; sid:38102441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname coin-us-base.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| coin-us-base.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coin\-us\-base\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname coherent-little-warlock.glitch.me"; dns.query; content:"coherent-little-warlock.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coherent\-little\-warlock\.glitch\.me$/i"; classtype:trojan-activity; sid:38102481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname coherent-little-warlock.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| coherent-little-warlock.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coherent\-little\-warlock\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname cloude-dd47.aeancsesekhi.workers.dev"; dns.query; content:"cloude-dd47.aeancsesekhi.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloude\-dd47\.aeancsesekhi\.workers\.dev$/i"; classtype:trojan-activity; sid:38102561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname cloude-dd47.aeancsesekhi.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cloude-dd47.aeancsesekhi.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloude\-dd47\.aeancsesekhi\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname chat.whatsap.com.co"; dns.query; content:"chat.whatsap.com.co"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chat\.whatsap\.com\.co$/i"; classtype:trojan-activity; sid:38102641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname chat.whatsap.com.co"; flow:to_server,established; http.header; content: "Host|3a| chat.whatsap.com.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chat\.whatsap\.com\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bt-105702.weeblysite.com"; dns.query; content:"bt-105702.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-105702\.weeblysite\.com$/i"; classtype:trojan-activity; sid:38102801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bt-105702.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-105702.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-105702\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bt-101980.weeblysite.com"; dns.query; content:"bt-101980.weeblysite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-101980\.weeblysite\.com$/i"; classtype:trojan-activity; sid:38102841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bt-101980.weeblysite.com"; flow:to_server,established; http.header; content: "Host|3a| bt-101980.weeblysite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bt\-101980\.weeblysite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname cainbise_pra_loggunn.godaddysites.com"; dns.query; content:"cainbise_pra_loggunn.godaddysites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cainbise_pra_loggunn\.godaddysites\.com$/i"; classtype:trojan-activity; sid:38102881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname cainbise_pra_loggunn.godaddysites.com"; flow:to_server,established; http.header; content: "Host|3a| cainbise_pra_loggunn.godaddysites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cainbise_pra_loggunn\.godaddysites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bafybeig76bt64r63fd4sgaec5q723nov4apvgghzdrmhl7dyc26xposifm.ipfs.cf-ipfs.com"; dns.query; content:"bafybeig76bt64r63fd4sgaec5q723nov4apvgghzdrmhl7dyc26xposifm.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeig76bt64r63fd4sgaec5q723nov4apvgghzdrmhl7dyc26xposifm\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:38102921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bafybeig76bt64r63fd4sgaec5q723nov4apvgghzdrmhl7dyc26xposifm.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeig76bt64r63fd4sgaec5q723nov4apvgghzdrmhl7dyc26xposifm.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeig76bt64r63fd4sgaec5q723nov4apvgghzdrmhl7dyc26xposifm\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38102922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bafybeifseseuymfsm5gm3qo7mpfnkxdy25gjollhpdguxrk4gxc6ivr6ju.ipfs.cf-ipfs.com"; dns.query; content:"bafybeifseseuymfsm5gm3qo7mpfnkxdy25gjollhpdguxrk4gxc6ivr6ju.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeifseseuymfsm5gm3qo7mpfnkxdy25gjollhpdguxrk4gxc6ivr6ju\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:38103001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bafybeifseseuymfsm5gm3qo7mpfnkxdy25gjollhpdguxrk4gxc6ivr6ju.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeifseseuymfsm5gm3qo7mpfnkxdy25gjollhpdguxrk4gxc6ivr6ju.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeifseseuymfsm5gm3qo7mpfnkxdy25gjollhpdguxrk4gxc6ivr6ju\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bafybeibezj3hyup2az3u657iy6nijblr25z2zxuvjfzoiklse6wr7b35zu.ipfs.cf-ipfs.com"; dns.query; content:"bafybeibezj3hyup2az3u657iy6nijblr25z2zxuvjfzoiklse6wr7b35zu.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeibezj3hyup2az3u657iy6nijblr25z2zxuvjfzoiklse6wr7b35zu\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:38103041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bafybeibezj3hyup2az3u657iy6nijblr25z2zxuvjfzoiklse6wr7b35zu.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeibezj3hyup2az3u657iy6nijblr25z2zxuvjfzoiklse6wr7b35zu.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeibezj3hyup2az3u657iy6nijblr25z2zxuvjfzoiklse6wr7b35zu\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bafybeidyzhjzppimoayqowcmmtnxmlg45yqlqgerc4smjbmqppt47cfk6u.ipfs.cf-ipfs.com"; dns.query; content:"bafybeidyzhjzppimoayqowcmmtnxmlg45yqlqgerc4smjbmqppt47cfk6u.ipfs.cf-ipfs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeidyzhjzppimoayqowcmmtnxmlg45yqlqgerc4smjbmqppt47cfk6u\.ipfs\.cf\-ipfs\.com$/i"; classtype:trojan-activity; sid:38103081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bafybeidyzhjzppimoayqowcmmtnxmlg45yqlqgerc4smjbmqppt47cfk6u.ipfs.cf-ipfs.com"; flow:to_server,established; http.header; content: "Host|3a| bafybeidyzhjzppimoayqowcmmtnxmlg45yqlqgerc4smjbmqppt47cfk6u.ipfs.cf-ipfs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bafybeidyzhjzppimoayqowcmmtnxmlg45yqlqgerc4smjbmqppt47cfk6u\.ipfs\.cf\-ipfs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname autodiscover-unil-mail.tankdrx.com"; dns.query; content:"autodiscover-unil-mail.tankdrx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autodiscover\-unil\-mail\.tankdrx\.com$/i"; classtype:trojan-activity; sid:38103121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname autodiscover-unil-mail.tankdrx.com"; flow:to_server,established; http.header; content: "Host|3a| autodiscover-unil-mail.tankdrx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])autodiscover\-unil\-mail\.tankdrx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname att-107792.square.site"; dns.query; content:"att-107792.square.site"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-107792\.square\.site$/i"; classtype:trojan-activity; sid:38103161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname att-107792.square.site"; flow:to_server,established; http.header; content: "Host|3a| att-107792.square.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])att\-107792\.square\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname robinhoodslogin.weebly.com"; dns.query; content:"robinhoodslogin.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])robinhoodslogin\.weebly\.com$/i"; classtype:trojan-activity; sid:38103201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname robinhoodslogin.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| robinhoodslogin.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])robinhoodslogin\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//robinhoodslogin.weebly.com"; flow:to_server,established; http.header; content:"robinhoodslogin.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-724860db1cc744d68f746bade6c2daf6.r2.dev"; dns.query; content:"pub-724860db1cc744d68f746bade6c2daf6.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-724860db1cc744d68f746bade6c2daf6\.r2\.dev$/i"; classtype:trojan-activity; sid:38103241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-724860db1cc744d68f746bade6c2daf6.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-724860db1cc744d68f746bade6c2daf6.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-724860db1cc744d68f746bade6c2daf6\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//pub-724860db1cc744d68f746bade6c2daf6.r2.dev/owa-index.html"; flow:to_server,established; http.header; content:"pub-724860db1cc744d68f746bade6c2daf6.r2.dev"; fast_pattern; nocase; http.uri; content:"/owa-index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname office-client.pages.dev"; dns.query; content:"office-client.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])office\-client\.pages\.dev$/i"; classtype:trojan-activity; sid:38103281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname office-client.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| office-client.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])office\-client\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//office-client.pages.dev/robots.txt"; flow:to_server,established; http.header; content:"office-client.pages.dev"; fast_pattern; nocase; http.uri; content:"/robots.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname liveprivatevideo22.viralmalaysia.my.id"; dns.query; content:"liveprivatevideo22.viralmalaysia.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatevideo22\.viralmalaysia\.my\.id$/i"; classtype:trojan-activity; sid:38103321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname liveprivatevideo22.viralmalaysia.my.id"; flow:to_server,established; http.header; content: "Host|3a| liveprivatevideo22.viralmalaysia.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])liveprivatevideo22\.viralmalaysia\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//liveprivatevideo22.viralmalaysia.my.id"; flow:to_server,established; http.header; content:"liveprivatevideo22.viralmalaysia.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname jungle-excessive-horn.glitch.me"; dns.query; content:"jungle-excessive-horn.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jungle\-excessive\-horn\.glitch\.me$/i"; classtype:trojan-activity; sid:38103361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname jungle-excessive-horn.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| jungle-excessive-horn.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jungle\-excessive\-horn\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//jungle-excessive-horn.glitch.me/air.html"; flow:to_server,established; http.header; content:"jungle-excessive-horn.glitch.me"; fast_pattern; nocase; http.uri; content:"/air.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname izxax94he1-1324839608.cos.ap-bangkok.myqcloud.com"; dns.query; content:"izxax94he1-1324839608.cos.ap-bangkok.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])izxax94he1\-1324839608\.cos\.ap\-bangkok\.myqcloud\.com$/i"; classtype:trojan-activity; sid:38103401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname izxax94he1-1324839608.cos.ap-bangkok.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| izxax94he1-1324839608.cos.ap-bangkok.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])izxax94he1\-1324839608\.cos\.ap\-bangkok\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//izxax94he1-1324839608.cos.ap-bangkok.myqcloud.com/izxax94he1.html"; flow:to_server,established; http.header; content:"izxax94he1-1324839608.cos.ap-bangkok.myqcloud.com"; fast_pattern; nocase; http.uri; content:"/izxax94he1.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname jkhkg.tk-ggod32y.biz.id"; dns.query; content:"jkhkg.tk-ggod32y.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jkhkg\.tk\-ggod32y\.biz\.id$/i"; classtype:trojan-activity; sid:38103441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname jkhkg.tk-ggod32y.biz.id"; flow:to_server,established; http.header; content: "Host|3a| jkhkg.tk-ggod32y.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jkhkg\.tk\-ggod32y\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//jkhkg.tk-ggod32y.biz.id/index.php"; flow:to_server,established; http.header; content:"jkhkg.tk-ggod32y.biz.id"; fast_pattern; nocase; http.uri; content:"/index.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname instagram-system-voting001.blogspot.com"; dns.query; content:"instagram-system-voting001.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-system\-voting001\.blogspot\.com$/i"; classtype:trojan-activity; sid:38103481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname instagram-system-voting001.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| instagram-system-voting001.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-system\-voting001\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//instagram-system-voting001.blogspot.com"; flow:to_server,established; http.header; content:"instagram-system-voting001.blogspot.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname impossiblefi-kyc-fix.netlify.app"; dns.query; content:"impossiblefi-kyc-fix.netlify.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])impossiblefi\-kyc\-fix\.netlify\.app$/i"; classtype:trojan-activity; sid:38103521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname impossiblefi-kyc-fix.netlify.app"; flow:to_server,established; http.header; content: "Host|3a| impossiblefi-kyc-fix.netlify.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])impossiblefi\-kyc\-fix\.netlify\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//impossiblefi-kyc-fix.netlify.app"; flow:to_server,established; http.header; content:"impossiblefi-kyc-fix.netlify.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname hxjvc-hfdyg.blogspot.com"; dns.query; content:"hxjvc-hfdyg.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hxjvc\-hfdyg\.blogspot\.com$/i"; classtype:trojan-activity; sid:38103561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname hxjvc-hfdyg.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| hxjvc-hfdyg.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hxjvc\-hfdyg\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//hxjvc-hfdyg.blogspot.com"; flow:to_server,established; http.header; content:"hxjvc-hfdyg.blogspot.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname gadismelayuviral69-malaysian2024.biz.id"; dns.query; content:"gadismelayuviral69-malaysian2024.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gadismelayuviral69\-malaysian2024\.biz\.id$/i"; classtype:trojan-activity; sid:38103601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname gadismelayuviral69-malaysian2024.biz.id"; flow:to_server,established; http.header; content: "Host|3a| gadismelayuviral69-malaysian2024.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gadismelayuviral69\-malaysian2024\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//gadismelayuviral69-malaysian2024.biz.id"; flow:to_server,established; http.header; content:"gadismelayuviral69-malaysian2024.biz.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname fffb663f.instagram-gravity-mod.pages.dev"; dns.query; content:"fffb663f.instagram-gravity-mod.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fffb663f\.instagram\-gravity\-mod\.pages\.dev$/i"; classtype:trojan-activity; sid:38103641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname fffb663f.instagram-gravity-mod.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fffb663f.instagram-gravity-mod.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fffb663f\.instagram\-gravity\-mod\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//fffb663f.instagram-gravity-mod.pages.dev"; flow:to_server,established; http.header; content:"fffb663f.instagram-gravity-mod.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname f5da8ac7.instagram-gravity-mod.pages.dev"; dns.query; content:"f5da8ac7.instagram-gravity-mod.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f5da8ac7\.instagram\-gravity\-mod\.pages\.dev$/i"; classtype:trojan-activity; sid:38103681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname f5da8ac7.instagram-gravity-mod.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| f5da8ac7.instagram-gravity-mod.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])f5da8ac7\.instagram\-gravity\-mod\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//f5da8ac7.instagram-gravity-mod.pages.dev"; flow:to_server,established; http.header; content:"f5da8ac7.instagram-gravity-mod.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname htrdhjhgfdscvvcdfghjhvcdfghjopo0987tr54edxzsedfghgfdsqwwsc.pages.dev"; dns.query; content:"htrdhjhgfdscvvcdfghjhvcdfghjopo0987tr54edxzsedfghgfdsqwwsc.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])htrdhjhgfdscvvcdfghjhvcdfghjopo0987tr54edxzsedfghgfdsqwwsc\.pages\.dev$/i"; classtype:trojan-activity; sid:38103761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname htrdhjhgfdscvvcdfghjhvcdfghjopo0987tr54edxzsedfghgfdsqwwsc.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| htrdhjhgfdscvvcdfghjhvcdfghjopo0987tr54edxzsedfghgfdsqwwsc.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])htrdhjhgfdscvvcdfghjhvcdfghjopo0987tr54edxzsedfghgfdsqwwsc\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//htrdhjhgfdscvvcdfghjhvcdfghjopo0987tr54edxzsedfghgfdsqwwsc.pages.dev"; flow:to_server,established; http.header; content:"htrdhjhgfdscvvcdfghjhvcdfghjopo0987tr54edxzsedfghgfdsqwwsc.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname dubai-bnm.blogspot.com"; dns.query; content:"dubai-bnm.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dubai\-bnm\.blogspot\.com$/i"; classtype:trojan-activity; sid:38103801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname dubai-bnm.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| dubai-bnm.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dubai\-bnm\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//dubai-bnm.blogspot.com/?m=1"; flow:to_server,established; http.header; content:"dubai-bnm.blogspot.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38103811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urlpdfportfolio.pages.dev"; dns.query; content:"urlpdfportfolio.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urlpdfportfolio\.pages\.dev$/i"; classtype:trojan-activity; sid:38103841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urlpdfportfolio.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| urlpdfportfolio.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urlpdfportfolio\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname outlook2.bepstein2224.workers.dev"; dns.query; content:"outlook2.bepstein2224.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])outlook2\.bepstein2224\.workers\.dev$/i"; classtype:trojan-activity; sid:38103881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname outlook2.bepstein2224.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| outlook2.bepstein2224.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])outlook2\.bepstein2224\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; dns.query; content:"egfyua-winter-sea-8755.smilingpurple.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev$/i"; classtype:trojan-activity; sid:38103921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname egfyua-winter-sea-8755.smilingpurple.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| egfyua-winter-sea-8755.smilingpurple.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])egfyua\-winter\-sea\-8755\.smilingpurple\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname main.d5x7htv9fl2qe.amplifyapp.com"; dns.query; content:"main.d5x7htv9fl2qe.amplifyapp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])main\.d5x7htv9fl2qe\.amplifyapp\.com$/i"; classtype:trojan-activity; sid:38103961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname main.d5x7htv9fl2qe.amplifyapp.com"; flow:to_server,established; http.header; content: "Host|3a| main.d5x7htv9fl2qe.amplifyapp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])main\.d5x7htv9fl2qe\.amplifyapp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38103962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-372b16c5d0c44f42875a26ea514c0d71.r2.dev"; dns.query; content:"pub-372b16c5d0c44f42875a26ea514c0d71.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-372b16c5d0c44f42875a26ea514c0d71\.r2\.dev$/i"; classtype:trojan-activity; sid:38104001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-372b16c5d0c44f42875a26ea514c0d71.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-372b16c5d0c44f42875a26ea514c0d71.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-372b16c5d0c44f42875a26ea514c0d71\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//pub-372b16c5d0c44f42875a26ea514c0d71.r2.dev/General-index.html"; flow:to_server,established; http.header; content:"pub-372b16c5d0c44f42875a26ea514c0d71.r2.dev"; fast_pattern; nocase; http.uri; content:"/General-index.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname vcbhc7867cc8v89v89b8b-0-0fd785f5jsdghdghd-dgdhbd645w341hg-33xxg.replit.app"; dns.query; content:"vcbhc7867cc8v89v89b8b-0-0fd785f5jsdghdghd-dgdhbd645w341hg-33xxg.replit.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vcbhc7867cc8v89v89b8b\-0\-0fd785f5jsdghdghd\-dgdhbd645w341hg\-33xxg\.replit\.app$/i"; classtype:trojan-activity; sid:38104041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname vcbhc7867cc8v89v89b8b-0-0fd785f5jsdghdghd-dgdhbd645w341hg-33xxg.replit.app"; flow:to_server,established; http.header; content: "Host|3a| vcbhc7867cc8v89v89b8b-0-0fd785f5jsdghdghd-dgdhbd645w341hg-33xxg.replit.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vcbhc7867cc8v89v89b8b\-0\-0fd785f5jsdghdghd\-dgdhbd645w341hg\-33xxg\.replit\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//vcbhc7867cc8v89v89b8b-0-0fd785f5jsdghdghd-dgdhbd645w341hg-33xxg.replit.app/"; flow:to_server,established; http.header; content:"vcbhc7867cc8v89v89b8b-0-0fd785f5jsdghdghd-dgdhbd645w341hg-33xxg.replit.app"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname mesharepoint.com"; dns.query; content:"mesharepoint.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mesharepoint\.com$/i"; classtype:trojan-activity; sid:38104081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname mesharepoint.com"; flow:to_server,established; http.header; content: "Host|3a| mesharepoint.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mesharepoint\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ijhsk.github.io"; dns.query; content:"ijhsk.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ijhsk\.github\.io$/i"; classtype:trojan-activity; sid:38104121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ijhsk.github.io"; flow:to_server,established; http.header; content: "Host|3a| ijhsk.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ijhsk\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname mail.47-236-110-202.cprapid.com"; dns.query; content:"mail.47-236-110-202.cprapid.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.47\-236\-110\-202\.cprapid\.com$/i"; classtype:trojan-activity; sid:38104161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname mail.47-236-110-202.cprapid.com"; flow:to_server,established; http.header; content: "Host|3a| mail.47-236-110-202.cprapid.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.47\-236\-110\-202\.cprapid\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname malaysia.1dy1.com"; dns.query; content:"malaysia.1dy1.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])malaysia\.1dy1\.com$/i"; classtype:trojan-activity; sid:38104201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname malaysia.1dy1.com"; flow:to_server,established; http.header; content: "Host|3a| malaysia.1dy1.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])malaysia\.1dy1\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//malaysia.1dy1.com/my/"; flow:to_server,established; http.header; content:"malaysia.1dy1.com"; fast_pattern; nocase; http.uri; content:"/my/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:38104241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname betaposta777.blogspot.com"; dns.query; content:"betaposta777.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betaposta777\.blogspot\.com$/i"; classtype:trojan-activity; sid:38104281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname betaposta777.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| betaposta777.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])betaposta777\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//betaposta777.blogspot.com"; flow:to_server,established; http.header; content:"betaposta777.blogspot.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname usps.inquireuspsshipus.com"; dns.query; content:"usps.inquireuspsshipus.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.inquireuspsshipus\.com$/i"; classtype:trojan-activity; sid:38104321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname usps.inquireuspsshipus.com"; flow:to_server,established; http.header; content: "Host|3a| usps.inquireuspsshipus.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.inquireuspsshipus\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//usps.inquireuspsshipus.com"; flow:to_server,established; http.header; content:"usps.inquireuspsshipus.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname cknkk.pages.dev"; dns.query; content:"cknkk.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cknkk\.pages\.dev$/i"; classtype:trojan-activity; sid:38104361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname cknkk.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| cknkk.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cknkk\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//cknkk.pages.dev"; flow:to_server,established; http.header; content:"cknkk.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname positif-ngelit21.pages.dev"; dns.query; content:"positif-ngelit21.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])positif\-ngelit21\.pages\.dev$/i"; classtype:trojan-activity; sid:38104401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname positif-ngelit21.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| positif-ngelit21.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])positif\-ngelit21\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//positif-ngelit21.pages.dev"; flow:to_server,established; http.header; content:"positif-ngelit21.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname gerusjoslwesytnbcveousg02.pages.dev"; dns.query; content:"gerusjoslwesytnbcveousg02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gerusjoslwesytnbcveousg02\.pages\.dev$/i"; classtype:trojan-activity; sid:38104441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname gerusjoslwesytnbcveousg02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gerusjoslwesytnbcveousg02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gerusjoslwesytnbcveousg02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//gerusjoslwesytnbcveousg02.pages.dev"; flow:to_server,established; http.header; content:"gerusjoslwesytnbcveousg02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname dapps-dff.pages.dev"; dns.query; content:"dapps-dff.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dapps\-dff\.pages\.dev$/i"; classtype:trojan-activity; sid:38104481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname dapps-dff.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dapps-dff.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dapps\-dff\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//dapps-dff.pages.dev"; flow:to_server,established; http.header; content:"dapps-dff.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname appresolveauth.pages.dev"; dns.query; content:"appresolveauth.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appresolveauth\.pages\.dev$/i"; classtype:trojan-activity; sid:38104521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname appresolveauth.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| appresolveauth.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])appresolveauth\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//appresolveauth.pages.dev"; flow:to_server,established; http.header; content:"appresolveauth.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname imtoken-bo.biz"; dns.query; content:"imtoken-bo.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bo\.biz$/i"; classtype:trojan-activity; sid:38104561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname imtoken-bo.biz"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bo.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bo\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//imtoken-bo.biz"; flow:to_server,established; http.header; content:"imtoken-bo.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname msgr.com"; dns.query; content:"msgr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])msgr\.com$/i"; classtype:trojan-activity; sid:38104601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname msgr.com"; flow:to_server,established; http.header; content: "Host|3a| msgr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])msgr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//msgr.com"; flow:to_server,established; http.header; content:"msgr.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname whetspappx.com"; dns.query; content:"whetspappx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whetspappx\.com$/i"; classtype:trojan-activity; sid:38104641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname whetspappx.com"; flow:to_server,established; http.header; content: "Host|3a| whetspappx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whetspappx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//whetspappx.com"; flow:to_server,established; http.header; content:"whetspappx.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname yucoksewervizuygdlocasdhyfwe02.pages.dev"; dns.query; content:"yucoksewervizuygdlocasdhyfwe02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yucoksewervizuygdlocasdhyfwe02\.pages\.dev$/i"; classtype:trojan-activity; sid:38104681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname yucoksewervizuygdlocasdhyfwe02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yucoksewervizuygdlocasdhyfwe02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yucoksewervizuygdlocasdhyfwe02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//yucoksewervizuygdlocasdhyfwe02.pages.dev"; flow:to_server,established; http.header; content:"yucoksewervizuygdlocasdhyfwe02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname auto-kazmierczak.pl"; dns.query; content:"auto-kazmierczak.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-kazmierczak\.pl$/i"; classtype:trojan-activity; sid:38104721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname auto-kazmierczak.pl"; flow:to_server,established; http.header; content: "Host|3a| auto-kazmierczak.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])auto\-kazmierczak\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//auto-kazmierczak.pl"; flow:to_server,established; http.header; content:"auto-kazmierczak.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname mail.maliyeistrgov-tr32546.com"; dns.query; content:"mail.maliyeistrgov-tr32546.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.maliyeistrgov\-tr32546\.com$/i"; classtype:trojan-activity; sid:38104761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname mail.maliyeistrgov-tr32546.com"; flow:to_server,established; http.header; content: "Host|3a| mail.maliyeistrgov-tr32546.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.maliyeistrgov\-tr32546\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//mail.maliyeistrgov-tr32546.com"; flow:to_server,established; http.header; content:"mail.maliyeistrgov-tr32546.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname imtoken-bn.rip"; dns.query; content:"imtoken-bn.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bn\.rip$/i"; classtype:trojan-activity; sid:38104801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname imtoken-bn.rip"; flow:to_server,established; http.header; content: "Host|3a| imtoken-bn.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-bn\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//imtoken-bn.rip"; flow:to_server,established; http.header; content:"imtoken-bn.rip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname edamhingch1-ubs.click"; dns.query; content:"edamhingch1-ubs.click"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edamhingch1\-ubs\.click$/i"; classtype:trojan-activity; sid:38104841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname edamhingch1-ubs.click"; flow:to_server,established; http.header; content: "Host|3a| edamhingch1-ubs.click"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edamhingch1\-ubs\.click[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tzz.ywv.mybluehost.me"; dns.query; content:"tzz.ywv.mybluehost.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tzz\.ywv\.mybluehost\.me$/i"; classtype:trojan-activity; sid:38104881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tzz.ywv.mybluehost.me"; flow:to_server,established; http.header; content: "Host|3a| tzz.ywv.mybluehost.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tzz\.ywv\.mybluehost\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname login.sharepoint-auth-50e.workers.dev"; dns.query; content:"login.sharepoint-auth-50e.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.sharepoint\-auth\-50e\.workers\.dev$/i"; classtype:trojan-activity; sid:38104921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname login.sharepoint-auth-50e.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| login.sharepoint-auth-50e.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.sharepoint\-auth\-50e\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//login.sharepoint-auth-50e.workers.dev"; flow:to_server,established; http.header; content:"login.sharepoint-auth-50e.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38104931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname munday3410.wixsite.com"; dns.query; content:"munday3410.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])munday3410\.wixsite\.com$/i"; classtype:trojan-activity; sid:38104961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname munday3410.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| munday3410.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])munday3410\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38104962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname munday3410.systeme.io"; dns.query; content:"munday3410.systeme.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])munday3410\.systeme\.io$/i"; classtype:trojan-activity; sid:38105001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname munday3410.systeme.io"; flow:to_server,established; http.header; content: "Host|3a| munday3410.systeme.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])munday3410\.systeme\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urhebdq.com"; dns.query; content:"urhebdq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebdq\.com$/i"; classtype:trojan-activity; sid:38105041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urhebdq.com"; flow:to_server,established; http.header; content: "Host|3a| urhebdq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebdq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urhebdq.com"; flow:to_server,established; http.header; content:"urhebdq.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urhebsr.com"; dns.query; content:"urhebsr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebsr\.com$/i"; classtype:trojan-activity; sid:38105081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urhebsr.com"; flow:to_server,established; http.header; content: "Host|3a| urhebsr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebsr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urhebsr.com"; flow:to_server,established; http.header; content:"urhebsr.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urhebsy.com"; dns.query; content:"urhebsy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebsy\.com$/i"; classtype:trojan-activity; sid:38105121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urhebsy.com"; flow:to_server,established; http.header; content: "Host|3a| urhebsy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebsy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urhebsy.com"; flow:to_server,established; http.header; content:"urhebsy.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urheatw.com"; dns.query; content:"urheatw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheatw\.com$/i"; classtype:trojan-activity; sid:38105161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urheatw.com"; flow:to_server,established; http.header; content: "Host|3a| urheatw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheatw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urheatw.com"; flow:to_server,established; http.header; content:"urheatw.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname worker-dry-haze-e3b4.carloscanejo.workers.dev"; dns.query; content:"worker-dry-haze-e3b4.carloscanejo.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-dry\-haze\-e3b4\.carloscanejo\.workers\.dev$/i"; classtype:trojan-activity; sid:38105201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname worker-dry-haze-e3b4.carloscanejo.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-dry-haze-e3b4.carloscanejo.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-dry\-haze\-e3b4\.carloscanejo\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//worker-dry-haze-e3b4.carloscanejo.workers.dev"; flow:to_server,established; http.header; content:"worker-dry-haze-e3b4.carloscanejo.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeasw.com"; dns.query; content:"urkeasw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeasw\.com$/i"; classtype:trojan-activity; sid:38105241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeasw.com"; flow:to_server,established; http.header; content: "Host|3a| urkeasw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeasw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeasw.com"; flow:to_server,established; http.header; content:"urkeasw.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname downimtp.com"; dns.query; content:"downimtp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downimtp\.com$/i"; classtype:trojan-activity; sid:38105281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname downimtp.com"; flow:to_server,established; http.header; content: "Host|3a| downimtp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])downimtp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeagf.com"; dns.query; content:"urkeagf.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeagf\.com$/i"; classtype:trojan-activity; sid:38105321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeagf.com"; flow:to_server,established; http.header; content: "Host|3a| urkeagf.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeagf\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeagf.com"; flow:to_server,established; http.header; content:"urkeagf.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeagh.com"; dns.query; content:"urkeagh.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeagh\.com$/i"; classtype:trojan-activity; sid:38105361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeagh.com"; flow:to_server,established; http.header; content: "Host|3a| urkeagh.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeagh\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeagh.com"; flow:to_server,established; http.header; content:"urkeagh.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokei.im"; dns.query; content:"tokei.im"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokei\.im$/i"; classtype:trojan-activity; sid:38105401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokei.im"; flow:to_server,established; http.header; content: "Host|3a| tokei.im"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokei\.im[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokei.im"; flow:to_server,established; http.header; content:"tokei.im"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbbket.com"; dns.query; content:"tokenpbbket.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbbket\.com$/i"; classtype:trojan-activity; sid:38105441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbbket.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpbbket.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbbket\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpbbket.com"; flow:to_server,established; http.header; content:"tokenpbbket.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeahd.com"; dns.query; content:"urkeahd.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahd\.com$/i"; classtype:trojan-activity; sid:38105481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeahd.com"; flow:to_server,established; http.header; content: "Host|3a| urkeahd.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahd\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeahd.com"; flow:to_server,established; http.header; content:"urkeahd.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeahx.com"; dns.query; content:"urkeahx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahx\.com$/i"; classtype:trojan-activity; sid:38105521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeahx.com"; flow:to_server,established; http.header; content: "Host|3a| urkeahx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeahx.com"; flow:to_server,established; http.header; content:"urkeahx.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeafy.com"; dns.query; content:"urkeafy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeafy\.com$/i"; classtype:trojan-activity; sid:38105561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeafy.com"; flow:to_server,established; http.header; content: "Host|3a| urkeafy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeafy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeafy.com"; flow:to_server,established; http.header; content:"urkeafy.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenp0kczt.com"; dns.query; content:"tokenp0kczt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0kczt\.com$/i"; classtype:trojan-activity; sid:38105601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenp0kczt.com"; flow:to_server,established; http.header; content: "Host|3a| tokenp0kczt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenp0kczt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenp0kczt.com"; flow:to_server,established; http.header; content:"tokenp0kczt.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname srvrmailsso-r657etywy4.pages.dev"; dns.query; content:"srvrmailsso-r657etywy4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvrmailsso\-r657etywy4\.pages\.dev$/i"; classtype:trojan-activity; sid:38105641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname srvrmailsso-r657etywy4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| srvrmailsso-r657etywy4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvrmailsso\-r657etywy4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//srvrmailsso-r657etywy4.pages.dev"; flow:to_server,established; http.header; content:"srvrmailsso-r657etywy4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urhebyr.com"; dns.query; content:"urhebyr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebyr\.com$/i"; classtype:trojan-activity; sid:38105681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urhebyr.com"; flow:to_server,established; http.header; content: "Host|3a| urhebyr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebyr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urhebyr.com"; flow:to_server,established; http.header; content:"urhebyr.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urheauc.com"; dns.query; content:"urheauc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheauc\.com$/i"; classtype:trojan-activity; sid:38105721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urheauc.com"; flow:to_server,established; http.header; content: "Host|3a| urheauc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheauc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urheauc.com"; flow:to_server,established; http.header; content:"urheauc.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urhebpr.com"; dns.query; content:"urhebpr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebpr\.com$/i"; classtype:trojan-activity; sid:38105761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urhebpr.com"; flow:to_server,established; http.header; content: "Host|3a| urhebpr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebpr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urhebpr.com"; flow:to_server,established; http.header; content:"urhebpr.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urheatp.com"; dns.query; content:"urheatp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheatp\.com$/i"; classtype:trojan-activity; sid:38105801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urheatp.com"; flow:to_server,established; http.header; content: "Host|3a| urheatp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheatp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urheatp.com"; flow:to_server,established; http.header; content:"urheatp.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeadt.com"; dns.query; content:"urkeadt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeadt\.com$/i"; classtype:trojan-activity; sid:38105841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeadt.com"; flow:to_server,established; http.header; content: "Host|3a| urkeadt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeadt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeadt.com"; flow:to_server,established; http.header; content:"urkeadt.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urheaec.com"; dns.query; content:"urheaec.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaec\.com$/i"; classtype:trojan-activity; sid:38105881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urheaec.com"; flow:to_server,established; http.header; content: "Host|3a| urheaec.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaec\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urheaec.com"; flow:to_server,established; http.header; content:"urheaec.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urhebde.com"; dns.query; content:"urhebde.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebde\.com$/i"; classtype:trojan-activity; sid:38105921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urhebde.com"; flow:to_server,established; http.header; content: "Host|3a| urhebde.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebde\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urhebde.com"; flow:to_server,established; http.header; content:"urhebde.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urheauu.com"; dns.query; content:"urheauu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheauu\.com$/i"; classtype:trojan-activity; sid:38105961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urheauu.com"; flow:to_server,established; http.header; content: "Host|3a| urheauu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheauu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38105962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urheauu.com"; flow:to_server,established; http.header; content:"urheauu.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38105971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urhebyw.com"; dns.query; content:"urhebyw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebyw\.com$/i"; classtype:trojan-activity; sid:38106001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urhebyw.com"; flow:to_server,established; http.header; content: "Host|3a| urhebyw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebyw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urhebyw.com"; flow:to_server,established; http.header; content:"urhebyw.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeafp.com"; dns.query; content:"urkeafp.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeafp\.com$/i"; classtype:trojan-activity; sid:38106041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeafp.com"; flow:to_server,established; http.header; content: "Host|3a| urkeafp.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeafp\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeafp.com"; flow:to_server,established; http.header; content:"urkeafp.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname channelhub.info"; dns.query; content:"channelhub.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])channelhub\.info$/i"; classtype:trojan-activity; sid:38106081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname channelhub.info"; flow:to_server,established; http.header; content: "Host|3a| channelhub.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])channelhub\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tgweb.pages.dev"; dns.query; content:"tgweb.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgweb\.pages\.dev$/i"; classtype:trojan-activity; sid:38106121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tgweb.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| tgweb.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgweb\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname cecilroad.pages.dev"; dns.query; content:"cecilroad.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cecilroad\.pages\.dev$/i"; classtype:trojan-activity; sid:38106161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname cecilroad.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| cecilroad.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cecilroad\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname malaysia.1dy1.com"; dns.query; content:"malaysia.1dy1.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])malaysia\.1dy1\.com$/i"; classtype:trojan-activity; sid:38106201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname malaysia.1dy1.com"; flow:to_server,established; http.header; content: "Host|3a| malaysia.1dy1.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])malaysia\.1dy1\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//malaysia.1dy1.com/id1/"; flow:to_server,established; http.header; content:"malaysia.1dy1.com"; fast_pattern; nocase; http.uri; content:"/id1/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname al-ghazali-vip.my.id"; dns.query; content:"al-ghazali-vip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])al\-ghazali\-vip\.my\.id$/i"; classtype:trojan-activity; sid:38106241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname al-ghazali-vip.my.id"; flow:to_server,established; http.header; content: "Host|3a| al-ghazali-vip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])al\-ghazali\-vip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname singapore-government-cash.myk-1d.com"; dns.query; content:"singapore-government-cash.myk-1d.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])singapore\-government\-cash\.myk\-1d\.com$/i"; classtype:trojan-activity; sid:38106281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname singapore-government-cash.myk-1d.com"; flow:to_server,established; http.header; content: "Host|3a| singapore-government-cash.myk-1d.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])singapore\-government\-cash\.myk\-1d\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//singapore-government-cash.myk-1d.com/main.php"; flow:to_server,established; http.header; content:"singapore-government-cash.myk-1d.com"; fast_pattern; nocase; http.uri; content:"/main.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname awekz-tudunng-melayunesia.stabdreal.asia"; dns.query; content:"awekz-tudunng-melayunesia.stabdreal.asia"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])awekz\-tudunng\-melayunesia\.stabdreal\.asia$/i"; classtype:trojan-activity; sid:38106321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname awekz-tudunng-melayunesia.stabdreal.asia"; flow:to_server,established; http.header; content: "Host|3a| awekz-tudunng-melayunesia.stabdreal.asia"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])awekz\-tudunng\-melayunesia\.stabdreal\.asia[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname latestviralvideo.mmyg1.com"; dns.query; content:"latestviralvideo.mmyg1.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latestviralvideo\.mmyg1\.com$/i"; classtype:trojan-activity; sid:38106361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname latestviralvideo.mmyg1.com"; flow:to_server,established; http.header; content: "Host|3a| latestviralvideo.mmyg1.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])latestviralvideo\.mmyg1\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname adminuser.telegramg.cyou"; dns.query; content:"adminuser.telegramg.cyou"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.telegramg\.cyou$/i"; classtype:trojan-activity; sid:38106401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname adminuser.telegramg.cyou"; flow:to_server,established; http.header; content: "Host|3a| adminuser.telegramg.cyou"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adminuser\.telegramg\.cyou[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname miss-sulaikah.vvip-private.my.id"; dns.query; content:"miss-sulaikah.vvip-private.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])miss\-sulaikah\.vvip\-private\.my\.id$/i"; classtype:trojan-activity; sid:38106441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname miss-sulaikah.vvip-private.my.id"; flow:to_server,established; http.header; content: "Host|3a| miss-sulaikah.vvip-private.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])miss\-sulaikah\.vvip\-private\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname informasiterupdatecpnspppknhonorer.frm6.my.id"; dns.query; content:"informasiterupdatecpnspppknhonorer.frm6.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasiterupdatecpnspppknhonorer\.frm6\.my\.id$/i"; classtype:trojan-activity; sid:38106481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname informasiterupdatecpnspppknhonorer.frm6.my.id"; flow:to_server,established; http.header; content: "Host|3a| informasiterupdatecpnspppknhonorer.frm6.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])informasiterupdatecpnspppknhonorer\.frm6\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname lucah-malay-virall.live-vip.my.id"; dns.query; content:"lucah-malay-virall.live-vip.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucah\-malay\-virall\.live\-vip\.my\.id$/i"; classtype:trojan-activity; sid:38106521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname lucah-malay-virall.live-vip.my.id"; flow:to_server,established; http.header; content: "Host|3a| lucah-malay-virall.live-vip.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lucah\-malay\-virall\.live\-vip\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname blog.plpone.win"; dns.query; content:"blog.plpone.win"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blog\.plpone\.win$/i"; classtype:trojan-activity; sid:38106561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname blog.plpone.win"; flow:to_server,established; http.header; content: "Host|3a| blog.plpone.win"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blog\.plpone\.win[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//blog.plpone.win/web-telegram/#/login"; flow:to_server,established; http.header; content:"blog.plpone.win"; fast_pattern; nocase; http.uri; content:"/web-telegram/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname qkd.telegrpm.cc"; dns.query; content:"qkd.telegrpm.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qkd\.telegrpm\.cc$/i"; classtype:trojan-activity; sid:38106601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname qkd.telegrpm.cc"; flow:to_server,established; http.header; content: "Host|3a| qkd.telegrpm.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qkd\.telegrpm\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//qkd.telegrpm.cc/"; flow:to_server,established; http.header; content:"qkd.telegrpm.cc"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname cikgu-viral.dydd67.biz.id"; dns.query; content:"cikgu-viral.dydd67.biz.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cikgu\-viral\.dydd67\.biz\.id$/i"; classtype:trojan-activity; sid:38106641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname cikgu-viral.dydd67.biz.id"; flow:to_server,established; http.header; content: "Host|3a| cikgu-viral.dydd67.biz.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cikgu\-viral\.dydd67\.biz\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname cek-all-informasi.my.id"; dns.query; content:"cek-all-informasi.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cek\-all\-informasi\.my\.id$/i"; classtype:trojan-activity; sid:38106681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname cek-all-informasi.my.id"; flow:to_server,established; http.header; content: "Host|3a| cek-all-informasi.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cek\-all\-informasi\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urhebaw.com"; dns.query; content:"urhebaw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebaw\.com$/i"; classtype:trojan-activity; sid:38106721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urhebaw.com"; flow:to_server,established; http.header; content: "Host|3a| urhebaw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebaw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urhebaw.com"; flow:to_server,established; http.header; content:"urhebaw.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urhebft.com"; dns.query; content:"urhebft.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebft\.com$/i"; classtype:trojan-activity; sid:38106761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urhebft.com"; flow:to_server,established; http.header; content: "Host|3a| urhebft.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebft\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urhebft.com"; flow:to_server,established; http.header; content:"urhebft.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urheasw.com"; dns.query; content:"urheasw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheasw\.com$/i"; classtype:trojan-activity; sid:38106801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urheasw.com"; flow:to_server,established; http.header; content: "Host|3a| urheasw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheasw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urheasw.com"; flow:to_server,established; http.header; content:"urheasw.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urheaus.com"; dns.query; content:"urheaus.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaus\.com$/i"; classtype:trojan-activity; sid:38106841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urheaus.com"; flow:to_server,established; http.header; content: "Host|3a| urheaus.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urheaus\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urheaus.com"; flow:to_server,established; http.header; content:"urheaus.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname yfswqazaq21qasxcvbjujmnbvcxzxcvjko098765432qasxcvyvcxswety.pages.dev"; dns.query; content:"yfswqazaq21qasxcvbjujmnbvcxzxcvjko098765432qasxcvyvcxswety.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yfswqazaq21qasxcvbjujmnbvcxzxcvjko098765432qasxcvyvcxswety\.pages\.dev$/i"; classtype:trojan-activity; sid:38106881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname yfswqazaq21qasxcvbjujmnbvcxzxcvjko098765432qasxcvyvcxswety.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yfswqazaq21qasxcvbjujmnbvcxzxcvjko098765432qasxcvyvcxswety.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yfswqazaq21qasxcvbjujmnbvcxzxcvjko098765432qasxcvyvcxswety\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//yfswqazaq21qasxcvbjujmnbvcxzxcvjko098765432qasxcvyvcxswety.pages.dev"; flow:to_server,established; http.header; content:"yfswqazaq21qasxcvbjujmnbvcxzxcvjko098765432qasxcvyvcxswety.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname breezy-wiggly-swordtail.glitch.me"; dns.query; content:"breezy-wiggly-swordtail.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])breezy\-wiggly\-swordtail\.glitch\.me$/i"; classtype:trojan-activity; sid:38106921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname breezy-wiggly-swordtail.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| breezy-wiggly-swordtail.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])breezy\-wiggly\-swordtail\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urhebae.com"; dns.query; content:"urhebae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebae\.com$/i"; classtype:trojan-activity; sid:38106961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urhebae.com"; flow:to_server,established; http.header; content: "Host|3a| urhebae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urhebae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38106962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urhebae.com"; flow:to_server,established; http.header; content:"urhebae.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38106971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uaosjgreskaoynaserolfhgsjwerndvs03.pages.dev"; dns.query; content:"uaosjgreskaoynaserolfhgsjwerndvs03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uaosjgreskaoynaserolfhgsjwerndvs03\.pages\.dev$/i"; classtype:trojan-activity; sid:38107041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uaosjgreskaoynaserolfhgsjwerndvs03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| uaosjgreskaoynaserolfhgsjwerndvs03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uaosjgreskaoynaserolfhgsjwerndvs03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//uaosjgreskaoynaserolfhgsjwerndvs03.pages.dev"; flow:to_server,established; http.header; content:"uaosjgreskaoynaserolfhgsjwerndvs03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38107051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname dc08a747c6.nxcli.io"; dns.query; content:"dc08a747c6.nxcli.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dc08a747c6\.nxcli\.io$/i"; classtype:trojan-activity; sid:38107081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname dc08a747c6.nxcli.io"; flow:to_server,established; http.header; content: "Host|3a| dc08a747c6.nxcli.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dc08a747c6\.nxcli\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname mnoipiop.weebly.com"; dns.query; content:"mnoipiop.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mnoipiop\.weebly\.com$/i"; classtype:trojan-activity; sid:38107121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname mnoipiop.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| mnoipiop.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mnoipiop\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname wesyfusjosavcnsiosdnzcewdgs03.pages.dev"; dns.query; content:"wesyfusjosavcnsiosdnzcewdgs03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wesyfusjosavcnsiosdnzcewdgs03\.pages\.dev$/i"; classtype:trojan-activity; sid:38107241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname wesyfusjosavcnsiosdnzcewdgs03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| wesyfusjosavcnsiosdnzcewdgs03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wesyfusjosavcnsiosdnzcewdgs03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//wesyfusjosavcnsiosdnzcewdgs03.pages.dev"; flow:to_server,established; http.header; content:"wesyfusjosavcnsiosdnzcewdgs03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38107251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname gena.templtrial.com"; dns.query; content:"gena.templtrial.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gena\.templtrial\.com$/i"; classtype:trojan-activity; sid:38107281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname gena.templtrial.com"; flow:to_server,established; http.header; content: "Host|3a| gena.templtrial.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gena\.templtrial\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname coda.io"; dns.query; content:"coda.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coda\.io$/i"; classtype:trojan-activity; sid:38107321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname coda.io"; flow:to_server,established; http.header; content: "Host|3a| coda.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])coda\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bttelecommplc-6-20.grwebsite.com"; dns.query; content:"bttelecommplc-6-20.grwebsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bttelecommplc\-6\-20\.grwebsite\.com$/i"; classtype:trojan-activity; sid:38107361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bttelecommplc-6-20.grwebsite.com"; flow:to_server,established; http.header; content: "Host|3a| bttelecommplc-6-20.grwebsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bttelecommplc\-6\-20\.grwebsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname renovatiesantwerpen.be"; dns.query; content:"renovatiesantwerpen.be"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])renovatiesantwerpen\.be$/i"; classtype:trojan-activity; sid:38107401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname renovatiesantwerpen.be"; flow:to_server,established; http.header; content: "Host|3a| renovatiesantwerpen.be"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])renovatiesantwerpen\.be[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpblket.rip"; dns.query; content:"tokenpblket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpblket\.rip$/i"; classtype:trojan-activity; sid:38107441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpblket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpblket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpblket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname buiejska.com"; dns.query; content:"buiejska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])buiejska\.com$/i"; classtype:trojan-activity; sid:38107481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname buiejska.com"; flow:to_server,established; http.header; content: "Host|3a| buiejska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])buiejska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbkket.rip"; dns.query; content:"tokenpbkket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbkket\.rip$/i"; classtype:trojan-activity; sid:38107521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbkket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpbkket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbkket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbjket.rip"; dns.query; content:"tokenpbjket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbjket\.rip$/i"; classtype:trojan-activity; sid:38107561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbjket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpbjket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbjket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbiket.rip"; dns.query; content:"tokenpbiket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbiket\.rip$/i"; classtype:trojan-activity; sid:38107601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbiket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpbiket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbiket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbgket.rip"; dns.query; content:"tokenpbgket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbgket\.rip$/i"; classtype:trojan-activity; sid:38107641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbgket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpbgket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbgket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbfket.rip"; dns.query; content:"tokenpbfket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbfket\.rip$/i"; classtype:trojan-activity; sid:38107681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbfket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpbfket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbfket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbeket.rip"; dns.query; content:"tokenpbeket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbeket\.rip$/i"; classtype:trojan-activity; sid:38107721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbeket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpbeket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbeket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname chiss-rk.y7qu.info"; dns.query; content:"chiss-rk.y7qu.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chiss\-rk\.y7qu\.info$/i"; classtype:trojan-activity; sid:38107761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname chiss-rk.y7qu.info"; flow:to_server,established; http.header; content: "Host|3a| chiss-rk.y7qu.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])chiss\-rk\.y7qu\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbdket.rip"; dns.query; content:"tokenpbdket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbdket\.rip$/i"; classtype:trojan-activity; sid:38107801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbdket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpbdket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbdket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname qte3.info"; dns.query; content:"qte3.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qte3\.info$/i"; classtype:trojan-activity; sid:38107841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname qte3.info"; flow:to_server,established; http.header; content: "Host|3a| qte3.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])qte3\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbaket.rip"; dns.query; content:"tokenpbaket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.rip$/i"; classtype:trojan-activity; sid:38107881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbaket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpbaket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpazket.rip"; dns.query; content:"tokenpazket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.rip$/i"; classtype:trojan-activity; sid:38107921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpazket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpazket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpayket.rip"; dns.query; content:"tokenpayket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpayket\.rip$/i"; classtype:trojan-activity; sid:38107961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpayket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpayket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpayket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38107962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpaxket.rip"; dns.query; content:"tokenpaxket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaxket\.rip$/i"; classtype:trojan-activity; sid:38108001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpaxket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpaxket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaxket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpauket.rip"; dns.query; content:"tokenpauket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpauket\.rip$/i"; classtype:trojan-activity; sid:38108041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpauket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpauket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpauket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpatket.rip"; dns.query; content:"tokenpatket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpatket\.rip$/i"; classtype:trojan-activity; sid:38108081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpatket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpatket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpatket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpasket.rip"; dns.query; content:"tokenpasket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpasket\.rip$/i"; classtype:trojan-activity; sid:38108121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpasket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpasket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpasket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname sblackman7.wixsite.com"; dns.query; content:"sblackman7.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sblackman7\.wixsite\.com$/i"; classtype:trojan-activity; sid:38108201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname sblackman7.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| sblackman7.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sblackman7\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname inquireuspsshipus.com"; dns.query; content:"inquireuspsshipus.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inquireuspsshipus\.com$/i"; classtype:trojan-activity; sid:38108241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname inquireuspsshipus.com"; flow:to_server,established; http.header; content: "Host|3a| inquireuspsshipus.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])inquireuspsshipus\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//inquireuspsshipus.com"; flow:to_server,established; http.header; content:"inquireuspsshipus.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbbket.rip"; dns.query; content:"tokenpbbket.rip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbbket\.rip$/i"; classtype:trojan-activity; sid:38108281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbbket.rip"; flow:to_server,established; http.header; content: "Host|3a| tokenpbbket.rip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbbket\.rip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpbbket.rip"; flow:to_server,established; http.header; content:"tokenpbbket.rip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 025ks.cc"; dns.query; content:"025ks.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])025ks\.cc$/i"; classtype:trojan-activity; sid:38108321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 025ks.cc"; flow:to_server,established; http.header; content: "Host|3a| 025ks.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])025ks\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//025ks.cc"; flow:to_server,established; http.header; content:"025ks.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeahv.com"; dns.query; content:"urkeahv.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahv\.com$/i"; classtype:trojan-activity; sid:38108361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeahv.com"; flow:to_server,established; http.header; content: "Host|3a| urkeahv.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahv\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeahv.com"; flow:to_server,established; http.header; content:"urkeahv.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeahc.com"; dns.query; content:"urkeahc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahc\.com$/i"; classtype:trojan-activity; sid:38108401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeahc.com"; flow:to_server,established; http.header; content: "Host|3a| urkeahc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeahc.com"; flow:to_server,established; http.header; content:"urkeahc.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeahz.com"; dns.query; content:"urkeahz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahz\.com$/i"; classtype:trojan-activity; sid:38108441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeahz.com"; flow:to_server,established; http.header; content: "Host|3a| urkeahz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeahz.com"; flow:to_server,established; http.header; content:"urkeahz.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeayq.com"; dns.query; content:"urkeayq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeayq\.com$/i"; classtype:trojan-activity; sid:38108481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeayq.com"; flow:to_server,established; http.header; content: "Host|3a| urkeayq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeayq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeayq.com"; flow:to_server,established; http.header; content:"urkeayq.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeagj.com"; dns.query; content:"urkeagj.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeagj\.com$/i"; classtype:trojan-activity; sid:38108521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeagj.com"; flow:to_server,established; http.header; content: "Host|3a| urkeagj.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeagj\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeagj.com"; flow:to_server,established; http.header; content:"urkeagj.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeadw.com"; dns.query; content:"urkeadw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeadw\.com$/i"; classtype:trojan-activity; sid:38108561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeadw.com"; flow:to_server,established; http.header; content: "Host|3a| urkeadw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeadw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeadw.com"; flow:to_server,established; http.header; content:"urkeadw.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeayr.com"; dns.query; content:"urkeayr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeayr\.com$/i"; classtype:trojan-activity; sid:38108601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeayr.com"; flow:to_server,established; http.header; content: "Host|3a| urkeayr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeayr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeayr.com"; flow:to_server,established; http.header; content:"urkeayr.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname urkeahq.com"; dns.query; content:"urkeahq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahq\.com$/i"; classtype:trojan-activity; sid:38108641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname urkeahq.com"; flow:to_server,established; http.header; content: "Host|3a| urkeahq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])urkeahq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//urkeahq.com"; flow:to_server,established; http.header; content:"urkeahq.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname dnkmed.com"; dns.query; content:"dnkmed.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dnkmed\.com$/i"; classtype:trojan-activity; sid:38108681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname dnkmed.com"; flow:to_server,established; http.header; content: "Host|3a| dnkmed.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dnkmed\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//dnkmed.com/hene"; flow:to_server,established; http.header; content:"dnkmed.com"; fast_pattern; nocase; http.uri; content:"/hene"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenan.app"; dns.query; content:"tokenan.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenan\.app$/i"; classtype:trojan-activity; sid:38108721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenan.app"; flow:to_server,established; http.header; content: "Host|3a| tokenan.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenan\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenan.app"; flow:to_server,established; http.header; content:"tokenan.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname fjkgoitkmjsndhfjuriuasbdnjfuryhsmvkgoplkos4758ankjm33.pages.dev"; dns.query; content:"fjkgoitkmjsndhfjuriuasbdnjfuryhsmvkgoplkos4758ankjm33.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fjkgoitkmjsndhfjuriuasbdnjfuryhsmvkgoplkos4758ankjm33\.pages\.dev$/i"; classtype:trojan-activity; sid:38108761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname fjkgoitkmjsndhfjuriuasbdnjfuryhsmvkgoplkos4758ankjm33.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fjkgoitkmjsndhfjuriuasbdnjfuryhsmvkgoplkos4758ankjm33.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fjkgoitkmjsndhfjuriuasbdnjfuryhsmvkgoplkos4758ankjm33\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//fjkgoitkmjsndhfjuriuasbdnjfuryhsmvkgoplkos4758ankjm33.pages.dev"; flow:to_server,established; http.header; content:"fjkgoitkmjsndhfjuriuasbdnjfuryhsmvkgoplkos4758ankjm33.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 38cp66.cc"; dns.query; content:"38cp66.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])38cp66\.cc$/i"; classtype:trojan-activity; sid:38108801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 38cp66.cc"; flow:to_server,established; http.header; content: "Host|3a| 38cp66.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])38cp66\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//38cp66.cc"; flow:to_server,established; http.header; content:"38cp66.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname concreleal.com.br"; dns.query; content:"concreleal.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])concreleal\.com\.br$/i"; classtype:trojan-activity; sid:38108841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname concreleal.com.br"; flow:to_server,established; http.header; content: "Host|3a| concreleal.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])concreleal\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ubicaritasetamordeitibiesthryrilekediyoachorchinimeotu.pages.dev"; dns.query; content:"ubicaritasetamordeitibiesthryrilekediyoachorchinimeotu.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ubicaritasetamordeitibiesthryrilekediyoachorchinimeotu\.pages\.dev$/i"; classtype:trojan-activity; sid:38108881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ubicaritasetamordeitibiesthryrilekediyoachorchinimeotu.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ubicaritasetamordeitibiesthryrilekediyoachorchinimeotu.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ubicaritasetamordeitibiesthryrilekediyoachorchinimeotu\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//ubicaritasetamordeitibiesthryrilekediyoachorchinimeotu.pages.dev"; flow:to_server,established; http.header; content:"ubicaritasetamordeitibiesthryrilekediyoachorchinimeotu.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname imtoken-wj.biz"; dns.query; content:"imtoken-wj.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-wj\.biz$/i"; classtype:trojan-activity; sid:38108921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname imtoken-wj.biz"; flow:to_server,established; http.header; content: "Host|3a| imtoken-wj.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-wj\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname rdjjlt.org"; dns.query; content:"rdjjlt.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rdjjlt\.org$/i"; classtype:trojan-activity; sid:38108961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname rdjjlt.org"; flow:to_server,established; http.header; content: "Host|3a| rdjjlt.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rdjjlt\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38108962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//rdjjlt.org"; flow:to_server,established; http.header; content:"rdjjlt.org"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38108971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname yojwbdlwourijahgwershodebigtj01.pages.dev"; dns.query; content:"yojwbdlwourijahgwershodebigtj01.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yojwbdlwourijahgwershodebigtj01\.pages\.dev$/i"; classtype:trojan-activity; sid:38109001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname yojwbdlwourijahgwershodebigtj01.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yojwbdlwourijahgwershodebigtj01.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yojwbdlwourijahgwershodebigtj01\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//yojwbdlwourijahgwershodebigtj01.pages.dev"; flow:to_server,established; http.header; content:"yojwbdlwourijahgwershodebigtj01.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname comesionexprinceautomaticalmailservers02.pages.dev"; dns.query; content:"comesionexprinceautomaticalmailservers02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])comesionexprinceautomaticalmailservers02\.pages\.dev$/i"; classtype:trojan-activity; sid:38109041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname comesionexprinceautomaticalmailservers02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| comesionexprinceautomaticalmailservers02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])comesionexprinceautomaticalmailservers02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//comesionexprinceautomaticalmailservers02.pages.dev"; flow:to_server,established; http.header; content:"comesionexprinceautomaticalmailservers02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uk-driver-assist.com"; dns.query; content:"uk-driver-assist.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uk\-driver\-assist\.com$/i"; classtype:trojan-activity; sid:38109081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uk-driver-assist.com"; flow:to_server,established; http.header; content: "Host|3a| uk-driver-assist.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uk\-driver\-assist\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname valorant.cash"; dns.query; content:"valorant.cash"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])valorant\.cash$/i"; classtype:trojan-activity; sid:38109121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname valorant.cash"; flow:to_server,established; http.header; content: "Host|3a| valorant.cash"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])valorant\.cash[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//valorant.cash/ra/"; flow:to_server,established; http.header; content:"valorant.cash"; fast_pattern; nocase; http.uri; content:"/ra/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname sjdfoeusoednhskiuovescenisu01.pages.dev"; dns.query; content:"sjdfoeusoednhskiuovescenisu01.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjdfoeusoednhskiuovescenisu01\.pages\.dev$/i"; classtype:trojan-activity; sid:38109161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname sjdfoeusoednhskiuovescenisu01.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sjdfoeusoednhskiuovescenisu01.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjdfoeusoednhskiuovescenisu01\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//sjdfoeusoednhskiuovescenisu01.pages.dev"; flow:to_server,established; http.header; content:"sjdfoeusoednhskiuovescenisu01.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname worker-white-glade-0e4b.a887556413454640.workers.dev"; dns.query; content:"worker-white-glade-0e4b.a887556413454640.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-white\-glade\-0e4b\.a887556413454640\.workers\.dev$/i"; classtype:trojan-activity; sid:38109201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname worker-white-glade-0e4b.a887556413454640.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-white-glade-0e4b.a887556413454640.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-white\-glade\-0e4b\.a887556413454640\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//worker-white-glade-0e4b.a887556413454640.workers.dev/"; flow:to_server,established; http.header; content:"worker-white-glade-0e4b.a887556413454640.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-902d39b862604b67a9cdd21d6e0bdb6f.r2.dev"; dns.query; content:"pub-902d39b862604b67a9cdd21d6e0bdb6f.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-902d39b862604b67a9cdd21d6e0bdb6f\.r2\.dev$/i"; classtype:trojan-activity; sid:38109241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-902d39b862604b67a9cdd21d6e0bdb6f.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-902d39b862604b67a9cdd21d6e0bdb6f.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-902d39b862604b67a9cdd21d6e0bdb6f\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname volki-taxi.ch"; dns.query; content:"volki-taxi.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])volki\-taxi\.ch$/i"; classtype:trojan-activity; sid:38109281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname volki-taxi.ch"; flow:to_server,established; http.header; content: "Host|3a| volki-taxi.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])volki\-taxi\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname adobeoutlookcom.s3-website.fr-par.scw.cloud"; dns.query; content:"adobeoutlookcom.s3-website.fr-par.scw.cloud"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adobeoutlookcom\.s3\-website\.fr\-par\.scw\.cloud$/i"; classtype:trojan-activity; sid:38109321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname adobeoutlookcom.s3-website.fr-par.scw.cloud"; flow:to_server,established; http.header; content: "Host|3a| adobeoutlookcom.s3-website.fr-par.scw.cloud"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])adobeoutlookcom\.s3\-website\.fr\-par\.scw\.cloud[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname worker-cool-firefly-e4da.im-swellen.workers.dev"; dns.query; content:"worker-cool-firefly-e4da.im-swellen.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-cool\-firefly\-e4da\.im\-swellen\.workers\.dev$/i"; classtype:trojan-activity; sid:38109361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname worker-cool-firefly-e4da.im-swellen.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-cool-firefly-e4da.im-swellen.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-cool\-firefly\-e4da\.im\-swellen\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//worker-cool-firefly-e4da.im-swellen.workers.dev/"; flow:to_server,established; http.header; content:"worker-cool-firefly-e4da.im-swellen.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname dbpyenli.github.io"; dns.query; content:"dbpyenli.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dbpyenli\.github\.io$/i"; classtype:trojan-activity; sid:38109401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname dbpyenli.github.io"; flow:to_server,established; http.header; content: "Host|3a| dbpyenli.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dbpyenli\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegram.tg-myroom.my.id"; dns.query; content:"telegram.tg-myroom.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.tg\-myroom\.my\.id$/i"; classtype:trojan-activity; sid:38109441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegram.tg-myroom.my.id"; flow:to_server,established; http.header; content: "Host|3a| telegram.tg-myroom.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.tg\-myroom\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegqam.fit"; dns.query; content:"telegqam.fit"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegqam\.fit$/i"; classtype:trojan-activity; sid:38109481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegqam.fit"; flow:to_server,established; http.header; content: "Host|3a| telegqam.fit"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegqam\.fit[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegqam.fit/"; flow:to_server,established; http.header; content:"telegqam.fit"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegramjembittvipdating.pages.dev"; dns.query; content:"telegramjembittvipdating.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramjembittvipdating\.pages\.dev$/i"; classtype:trojan-activity; sid:38109521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegramjembittvipdating.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| telegramjembittvipdating.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramjembittvipdating\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegramjembittvipdating.pages.dev/"; flow:to_server,established; http.header; content:"telegramjembittvipdating.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname imtokem223.xyz"; dns.query; content:"imtokem223.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokem223\.xyz$/i"; classtype:trojan-activity; sid:38109561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname imtokem223.xyz"; flow:to_server,established; http.header; content: "Host|3a| imtokem223.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtokem223\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//imtokem223.xyz"; flow:to_server,established; http.header; content:"imtokem223.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tp739.xyz"; dns.query; content:"tp739.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp739\.xyz$/i"; classtype:trojan-activity; sid:38109601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tp739.xyz"; flow:to_server,established; http.header; content: "Host|3a| tp739.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tp739\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname stretcams.pages.dev"; dns.query; content:"stretcams.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stretcams\.pages\.dev$/i"; classtype:trojan-activity; sid:38109641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname stretcams.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| stretcams.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stretcams\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//stretcams.pages.dev"; flow:to_server,established; http.header; content:"stretcams.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokalp.app"; dns.query; content:"tokalp.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokalp\.app$/i"; classtype:trojan-activity; sid:38109681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokalp.app"; flow:to_server,established; http.header; content: "Host|3a| tokalp.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokalp\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokalp.app"; flow:to_server,established; http.header; content:"tokalp.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bhfdsw3432wey78ufdsazxxdeew21wertyu9ijnbfrewsazxfghhgfdews.pages.dev"; dns.query; content:"bhfdsw3432wey78ufdsazxxdeew21wertyu9ijnbfrewsazxfghhgfdews.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bhfdsw3432wey78ufdsazxxdeew21wertyu9ijnbfrewsazxfghhgfdews\.pages\.dev$/i"; classtype:trojan-activity; sid:38109721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bhfdsw3432wey78ufdsazxxdeew21wertyu9ijnbfrewsazxfghhgfdews.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bhfdsw3432wey78ufdsazxxdeew21wertyu9ijnbfrewsazxfghhgfdews.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bhfdsw3432wey78ufdsazxxdeew21wertyu9ijnbfrewsazxfghhgfdews\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//bhfdsw3432wey78ufdsazxxdeew21wertyu9ijnbfrewsazxfghhgfdews.pages.dev"; flow:to_server,established; http.header; content:"bhfdsw3432wey78ufdsazxxdeew21wertyu9ijnbfrewsazxfghhgfdews.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbbket.net"; dns.query; content:"tokenpbbket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbbket\.net$/i"; classtype:trojan-activity; sid:38109761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbbket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpbbket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbbket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpbbket.net"; flow:to_server,established; http.header; content:"tokenpbbket.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname joseibanezgarciasa.com"; dns.query; content:"joseibanezgarciasa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joseibanezgarciasa\.com$/i"; classtype:trojan-activity; sid:38109801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname joseibanezgarciasa.com"; flow:to_server,established; http.header; content: "Host|3a| joseibanezgarciasa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])joseibanezgarciasa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 12032024tjrs.tumblr.com"; dns.query; content:"12032024tjrs.tumblr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])12032024tjrs\.tumblr\.com$/i"; classtype:trojan-activity; sid:38109841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 12032024tjrs.tumblr.com"; flow:to_server,established; http.header; content: "Host|3a| 12032024tjrs.tumblr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])12032024tjrs\.tumblr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname brandnewprojekt.de"; dns.query; content:"brandnewprojekt.de"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brandnewprojekt\.de$/i"; classtype:trojan-activity; sid:38109881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname brandnewprojekt.de"; flow:to_server,established; http.header; content: "Host|3a| brandnewprojekt.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])brandnewprojekt\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 365611.cc"; dns.query; content:"365611.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365611\.cc$/i"; classtype:trojan-activity; sid:38109921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 365611.cc"; flow:to_server,established; http.header; content: "Host|3a| 365611.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])365611\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//365611.cc"; flow:to_server,established; http.header; content:"365611.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname blfedu.com"; dns.query; content:"blfedu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blfedu\.com$/i"; classtype:trojan-activity; sid:38109961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname blfedu.com"; flow:to_server,established; http.header; content: "Host|3a| blfedu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])blfedu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38109962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//blfedu.com"; flow:to_server,established; http.header; content:"blfedu.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38109971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname gratasuphomujaecoprinsehu02.pages.dev"; dns.query; content:"gratasuphomujaecoprinsehu02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gratasuphomujaecoprinsehu02\.pages\.dev$/i"; classtype:trojan-activity; sid:38110001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname gratasuphomujaecoprinsehu02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gratasuphomujaecoprinsehu02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gratasuphomujaecoprinsehu02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//gratasuphomujaecoprinsehu02.pages.dev"; flow:to_server,established; http.header; content:"gratasuphomujaecoprinsehu02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname teamtepei.com"; dns.query; content:"teamtepei.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teamtepei\.com$/i"; classtype:trojan-activity; sid:38110041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname teamtepei.com"; flow:to_server,established; http.header; content: "Host|3a| teamtepei.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teamtepei\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//teamtepei.com"; flow:to_server,established; http.header; content:"teamtepei.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname srvrmailsso-r657drrt4.pages.dev"; dns.query; content:"srvrmailsso-r657drrt4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvrmailsso\-r657drrt4\.pages\.dev$/i"; classtype:trojan-activity; sid:38110081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname srvrmailsso-r657drrt4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| srvrmailsso-r657drrt4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvrmailsso\-r657drrt4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//srvrmailsso-r657drrt4.pages.dev"; flow:to_server,established; http.header; content:"srvrmailsso-r657drrt4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname shcoztfkbh2l.pages.dev"; dns.query; content:"shcoztfkbh2l.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shcoztfkbh2l\.pages\.dev$/i"; classtype:trojan-activity; sid:38110121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname shcoztfkbh2l.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| shcoztfkbh2l.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])shcoztfkbh2l\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//shcoztfkbh2l.pages.dev"; flow:to_server,established; http.header; content:"shcoztfkbh2l.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bebasindo.info-2024.com"; dns.query; content:"bebasindo.info-2024.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bebasindo\.info\-2024\.com$/i"; classtype:trojan-activity; sid:38110161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bebasindo.info-2024.com"; flow:to_server,established; http.header; content: "Host|3a| bebasindo.info-2024.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bebasindo\.info\-2024\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//bebasindo.info-2024.com"; flow:to_server,established; http.header; content:"bebasindo.info-2024.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ghsfgyowkunoeweijacziajhd03.pages.dev"; dns.query; content:"ghsfgyowkunoeweijacziajhd03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghsfgyowkunoeweijacziajhd03\.pages\.dev$/i"; classtype:trojan-activity; sid:38110201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ghsfgyowkunoeweijacziajhd03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ghsfgyowkunoeweijacziajhd03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghsfgyowkunoeweijacziajhd03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//ghsfgyowkunoeweijacziajhd03.pages.dev"; flow:to_server,established; http.header; content:"ghsfgyowkunoeweijacziajhd03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname vbvcbrt565.pages.dev"; dns.query; content:"vbvcbrt565.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vbvcbrt565\.pages\.dev$/i"; classtype:trojan-activity; sid:38110241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname vbvcbrt565.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| vbvcbrt565.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vbvcbrt565\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//vbvcbrt565.pages.dev"; flow:to_server,established; http.header; content:"vbvcbrt565.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 69fashion.xyz"; dns.query; content:"69fashion.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])69fashion\.xyz$/i"; classtype:trojan-activity; sid:38110281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 69fashion.xyz"; flow:to_server,established; http.header; content: "Host|3a| 69fashion.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])69fashion\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//69fashion.xyz"; flow:to_server,established; http.header; content:"69fashion.xyz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname srvrmailsso-r657ryt6y6e.pages.dev"; dns.query; content:"srvrmailsso-r657ryt6y6e.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvrmailsso\-r657ryt6y6e\.pages\.dev$/i"; classtype:trojan-activity; sid:38110321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname srvrmailsso-r657ryt6y6e.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| srvrmailsso-r657ryt6y6e.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvrmailsso\-r657ryt6y6e\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//srvrmailsso-r657ryt6y6e.pages.dev"; flow:to_server,established; http.header; content:"srvrmailsso-r657ryt6y6e.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname srvrmailsso-r657e5y4ye.pages.dev"; dns.query; content:"srvrmailsso-r657e5y4ye.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvrmailsso\-r657e5y4ye\.pages\.dev$/i"; classtype:trojan-activity; sid:38110361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname srvrmailsso-r657e5y4ye.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| srvrmailsso-r657e5y4ye.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvrmailsso\-r657e5y4ye\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//srvrmailsso-r657e5y4ye.pages.dev"; flow:to_server,established; http.header; content:"srvrmailsso-r657e5y4ye.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname dwed3ea4.pages.dev"; dns.query; content:"dwed3ea4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dwed3ea4\.pages\.dev$/i"; classtype:trojan-activity; sid:38110401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname dwed3ea4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dwed3ea4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dwed3ea4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//dwed3ea4.pages.dev"; flow:to_server,established; http.header; content:"dwed3ea4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname hello-world-odd-haze-bfbc.samuelokitipi.workers.dev"; dns.query; content:"hello-world-odd-haze-bfbc.samuelokitipi.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-odd\-haze\-bfbc\.samuelokitipi\.workers\.dev$/i"; classtype:trojan-activity; sid:38110441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname hello-world-odd-haze-bfbc.samuelokitipi.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-odd-haze-bfbc.samuelokitipi.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-odd\-haze\-bfbc\.samuelokitipi\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//hello-world-odd-haze-bfbc.samuelokitipi.workers.dev"; flow:to_server,established; http.header; content:"hello-world-odd-haze-bfbc.samuelokitipi.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname wesyfusjosavcnsiosdnzcewdgs04.pages.dev"; dns.query; content:"wesyfusjosavcnsiosdnzcewdgs04.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wesyfusjosavcnsiosdnzcewdgs04\.pages\.dev$/i"; classtype:trojan-activity; sid:38110481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname wesyfusjosavcnsiosdnzcewdgs04.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| wesyfusjosavcnsiosdnzcewdgs04.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wesyfusjosavcnsiosdnzcewdgs04\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//wesyfusjosavcnsiosdnzcewdgs04.pages.dev"; flow:to_server,established; http.header; content:"wesyfusjosavcnsiosdnzcewdgs04.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname celebrityawardi2023.pages.dev"; dns.query; content:"celebrityawardi2023.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])celebrityawardi2023\.pages\.dev$/i"; classtype:trojan-activity; sid:38110521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname celebrityawardi2023.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| celebrityawardi2023.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])celebrityawardi2023\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//celebrityawardi2023.pages.dev"; flow:to_server,established; http.header; content:"celebrityawardi2023.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname gerusjoslwesytnbcveousg03.pages.dev"; dns.query; content:"gerusjoslwesytnbcveousg03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gerusjoslwesytnbcveousg03\.pages\.dev$/i"; classtype:trojan-activity; sid:38110561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname gerusjoslwesytnbcveousg03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gerusjoslwesytnbcveousg03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gerusjoslwesytnbcveousg03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//gerusjoslwesytnbcveousg03.pages.dev"; flow:to_server,established; http.header; content:"gerusjoslwesytnbcveousg03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbaket.run"; dns.query; content:"tokenpbaket.run"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.run$/i"; classtype:trojan-activity; sid:38110601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbaket.run"; flow:to_server,established; http.header; content: "Host|3a| tokenpbaket.run"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.run[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpbaket.run"; flow:to_server,established; http.header; content:"tokenpbaket.run"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname achpaymentauthorization.pages.dev"; dns.query; content:"achpaymentauthorization.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])achpaymentauthorization\.pages\.dev$/i"; classtype:trojan-activity; sid:38110641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname achpaymentauthorization.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| achpaymentauthorization.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])achpaymentauthorization\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//achpaymentauthorization.pages.dev"; flow:to_server,established; http.header; content:"achpaymentauthorization.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname iphone-zm.com"; dns.query; content:"iphone-zm.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iphone\-zm\.com$/i"; classtype:trojan-activity; sid:38110681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname iphone-zm.com"; flow:to_server,established; http.header; content: "Host|3a| iphone-zm.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iphone\-zm\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//iphone-zm.com"; flow:to_server,established; http.header; content:"iphone-zm.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname rfvah.pages.dev"; dns.query; content:"rfvah.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rfvah\.pages\.dev$/i"; classtype:trojan-activity; sid:38110721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname rfvah.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| rfvah.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rfvah\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//rfvah.pages.dev"; flow:to_server,established; http.header; content:"rfvah.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname thgfdedxcvbnhr5678jji9ojhgfdsxcvcxzaqazxcvbnmkiolpoiuytrde.pages.dev"; dns.query; content:"thgfdedxcvbnhr5678jji9ojhgfdsxcvcxzaqazxcvbnmkiolpoiuytrde.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thgfdedxcvbnhr5678jji9ojhgfdsxcvcxzaqazxcvbnmkiolpoiuytrde\.pages\.dev$/i"; classtype:trojan-activity; sid:38110761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname thgfdedxcvbnhr5678jji9ojhgfdsxcvcxzaqazxcvbnmkiolpoiuytrde.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| thgfdedxcvbnhr5678jji9ojhgfdsxcvcxzaqazxcvbnmkiolpoiuytrde.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])thgfdedxcvbnhr5678jji9ojhgfdsxcvcxzaqazxcvbnmkiolpoiuytrde\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//thgfdedxcvbnhr5678jji9ojhgfdsxcvcxzaqazxcvbnmkiolpoiuytrde.pages.dev"; flow:to_server,established; http.header; content:"thgfdedxcvbnhr5678jji9ojhgfdsxcvcxzaqazxcvbnmkiolpoiuytrde.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pai4c2wd9z-1324839608.cos.eu-frankfurt.myqcloud.com"; dns.query; content:"pai4c2wd9z-1324839608.cos.eu-frankfurt.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pai4c2wd9z\-1324839608\.cos\.eu\-frankfurt\.myqcloud\.com$/i"; classtype:trojan-activity; sid:38110801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pai4c2wd9z-1324839608.cos.eu-frankfurt.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| pai4c2wd9z-1324839608.cos.eu-frankfurt.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pai4c2wd9z\-1324839608\.cos\.eu\-frankfurt\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname outlook-service.notifymailout.workers.dev"; dns.query; content:"outlook-service.notifymailout.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])outlook\-service\.notifymailout\.workers\.dev$/i"; classtype:trojan-activity; sid:38110841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname outlook-service.notifymailout.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| outlook-service.notifymailout.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])outlook\-service\.notifymailout\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//outlook-service.notifymailout.workers.dev/"; flow:to_server,established; http.header; content:"outlook-service.notifymailout.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegeram-tc.com"; dns.query; content:"telegeram-tc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegeram\-tc\.com$/i"; classtype:trojan-activity; sid:38110881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegeram-tc.com"; flow:to_server,established; http.header; content: "Host|3a| telegeram-tc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegeram\-tc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname teleghlk-fis.top"; dns.query; content:"teleghlk-fis.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleghlk\-fis\.top$/i"; classtype:trojan-activity; sid:38110921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname teleghlk-fis.top"; flow:to_server,established; http.header; content: "Host|3a| teleghlk-fis.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])teleghlk\-fis\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname xjkla.pages.dev"; dns.query; content:"xjkla.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xjkla\.pages\.dev$/i"; classtype:trojan-activity; sid:38110961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname xjkla.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| xjkla.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xjkla\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38110962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//xjkla.pages.dev"; flow:to_server,established; http.header; content:"xjkla.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38110971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname okerosincvjaoetcsfhxogjh02.pages.dev"; dns.query; content:"okerosincvjaoetcsfhxogjh02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])okerosincvjaoetcsfhxogjh02\.pages\.dev$/i"; classtype:trojan-activity; sid:38111001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname okerosincvjaoetcsfhxogjh02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| okerosincvjaoetcsfhxogjh02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])okerosincvjaoetcsfhxogjh02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//okerosincvjaoetcsfhxogjh02.pages.dev"; flow:to_server,established; http.header; content:"okerosincvjaoetcsfhxogjh02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname zakazavtobusa70.ru"; dns.query; content:"zakazavtobusa70.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zakazavtobusa70\.ru$/i"; classtype:trojan-activity; sid:38111041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname zakazavtobusa70.ru"; flow:to_server,established; http.header; content: "Host|3a| zakazavtobusa70.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zakazavtobusa70\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 654essaqazxcvcxsw212wefvcdrtyhbnjujmkiolmnbvcdeeeeewsw34r6.pages.dev"; dns.query; content:"654essaqazxcvcxsw212wefvcdrtyhbnjujmkiolmnbvcdeeeeewsw34r6.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])654essaqazxcvcxsw212wefvcdrtyhbnjujmkiolmnbvcdeeeeewsw34r6\.pages\.dev$/i"; classtype:trojan-activity; sid:38111081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 654essaqazxcvcxsw212wefvcdrtyhbnjujmkiolmnbvcdeeeeewsw34r6.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 654essaqazxcvcxsw212wefvcdrtyhbnjujmkiolmnbvcdeeeeewsw34r6.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])654essaqazxcvcxsw212wefvcdrtyhbnjujmkiolmnbvcdeeeeewsw34r6\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//654essaqazxcvcxsw212wefvcdrtyhbnjujmkiolmnbvcdeeeeewsw34r6.pages.dev"; flow:to_server,established; http.header; content:"654essaqazxcvcxsw212wefvcdrtyhbnjujmkiolmnbvcdeeeeewsw34r6.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname groups-on-telegram69.pages.dev"; dns.query; content:"groups-on-telegram69.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])groups\-on\-telegram69\.pages\.dev$/i"; classtype:trojan-activity; sid:38111121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname groups-on-telegram69.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| groups-on-telegram69.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])groups\-on\-telegram69\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//groups-on-telegram69.pages.dev"; flow:to_server,established; http.header; content:"groups-on-telegram69.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 87y7878y8y5r5.pages.dev"; dns.query; content:"87y7878y8y5r5.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])87y7878y8y5r5\.pages\.dev$/i"; classtype:trojan-activity; sid:38111161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 87y7878y8y5r5.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 87y7878y8y5r5.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])87y7878y8y5r5\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//87y7878y8y5r5.pages.dev"; flow:to_server,established; http.header; content:"87y7878y8y5r5.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bba.whatsyy2282s.shop"; dns.query; content:"bba.whatsyy2282s.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bba\.whatsyy2282s\.shop$/i"; classtype:trojan-activity; sid:38111201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bba.whatsyy2282s.shop"; flow:to_server,established; http.header; content: "Host|3a| bba.whatsyy2282s.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bba\.whatsyy2282s\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//bba.whatsyy2282s.shop"; flow:to_server,established; http.header; content:"bba.whatsyy2282s.shop"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname celebrityawardf2023.pages.dev"; dns.query; content:"celebrityawardf2023.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])celebrityawardf2023\.pages\.dev$/i"; classtype:trojan-activity; sid:38111241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname celebrityawardf2023.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| celebrityawardf2023.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])celebrityawardf2023\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//celebrityawardf2023.pages.dev"; flow:to_server,established; http.header; content:"celebrityawardf2023.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname sso-maiwebsrvr-5tefwwr3rf.pages.dev"; dns.query; content:"sso-maiwebsrvr-5tefwwr3rf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sso\-maiwebsrvr\-5tefwwr3rf\.pages\.dev$/i"; classtype:trojan-activity; sid:38111281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname sso-maiwebsrvr-5tefwwr3rf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sso-maiwebsrvr-5tefwwr3rf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sso\-maiwebsrvr\-5tefwwr3rf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//sso-maiwebsrvr-5tefwwr3rf.pages.dev"; flow:to_server,established; http.header; content:"sso-maiwebsrvr-5tefwwr3rf.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname instagram-gravity-mod.pages.dev"; dns.query; content:"instagram-gravity-mod.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-gravity\-mod\.pages\.dev$/i"; classtype:trojan-activity; sid:38111321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname instagram-gravity-mod.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| instagram-gravity-mod.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])instagram\-gravity\-mod\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//instagram-gravity-mod.pages.dev"; flow:to_server,established; http.header; content:"instagram-gravity-mod.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname wesyfusjosavcnsiosdnzcewdgs02.pages.dev"; dns.query; content:"wesyfusjosavcnsiosdnzcewdgs02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wesyfusjosavcnsiosdnzcewdgs02\.pages\.dev$/i"; classtype:trojan-activity; sid:38111361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname wesyfusjosavcnsiosdnzcewdgs02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| wesyfusjosavcnsiosdnzcewdgs02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wesyfusjosavcnsiosdnzcewdgs02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//wesyfusjosavcnsiosdnzcewdgs02.pages.dev"; flow:to_server,established; http.header; content:"wesyfusjosavcnsiosdnzcewdgs02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ksudsg.com"; dns.query; content:"ksudsg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksudsg\.com$/i"; classtype:trojan-activity; sid:38111401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ksudsg.com"; flow:to_server,established; http.header; content: "Host|3a| ksudsg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksudsg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//ksudsg.com"; flow:to_server,established; http.header; content:"ksudsg.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname defender.pages.dev"; dns.query; content:"defender.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])defender\.pages\.dev$/i"; classtype:trojan-activity; sid:38111441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname defender.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| defender.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])defender\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//defender.pages.dev"; flow:to_server,established; http.header; content:"defender.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname cfhdth2.pages.dev"; dns.query; content:"cfhdth2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cfhdth2\.pages\.dev$/i"; classtype:trojan-activity; sid:38111481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname cfhdth2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| cfhdth2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cfhdth2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//cfhdth2.pages.dev"; flow:to_server,established; http.header; content:"cfhdth2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uswasmcidofhebesoudsvue02.pages.dev"; dns.query; content:"uswasmcidofhebesoudsvue02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uswasmcidofhebesoudsvue02\.pages\.dev$/i"; classtype:trojan-activity; sid:38111521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uswasmcidofhebesoudsvue02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| uswasmcidofhebesoudsvue02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uswasmcidofhebesoudsvue02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//uswasmcidofhebesoudsvue02.pages.dev"; flow:to_server,established; http.header; content:"uswasmcidofhebesoudsvue02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ua3omh4whjkmz.pages.dev"; dns.query; content:"ua3omh4whjkmz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ua3omh4whjkmz\.pages\.dev$/i"; classtype:trojan-activity; sid:38111561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ua3omh4whjkmz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ua3omh4whjkmz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ua3omh4whjkmz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//ua3omh4whjkmz.pages.dev"; flow:to_server,established; http.header; content:"ua3omh4whjkmz.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname hr-review-royal-boat-bb4f.8stace.workers.dev"; dns.query; content:"hr-review-royal-boat-bb4f.8stace.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hr\-review\-royal\-boat\-bb4f\.8stace\.workers\.dev$/i"; classtype:trojan-activity; sid:38111601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname hr-review-royal-boat-bb4f.8stace.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hr-review-royal-boat-bb4f.8stace.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hr\-review\-royal\-boat\-bb4f\.8stace\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname cdrsearch.com"; dns.query; content:"cdrsearch.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cdrsearch\.com$/i"; classtype:trojan-activity; sid:38111641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname cdrsearch.com"; flow:to_server,established; http.header; content: "Host|3a| cdrsearch.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cdrsearch\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname nhh-97z.pages.dev"; dns.query; content:"nhh-97z.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nhh\-97z\.pages\.dev$/i"; classtype:trojan-activity; sid:38111681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname nhh-97z.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nhh-97z.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nhh\-97z\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//nhh-97z.pages.dev"; flow:to_server,established; http.header; content:"nhh-97z.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname jeosl.des4.com.tr"; dns.query; content:"jeosl.des4.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jeosl\.des4\.com\.tr$/i"; classtype:trojan-activity; sid:38111721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname jeosl.des4.com.tr"; flow:to_server,established; http.header; content: "Host|3a| jeosl.des4.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])jeosl\.des4\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//jeosl.des4.com.tr"; flow:to_server,established; http.header; content:"jeosl.des4.com.tr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname sjdfoeusoednhskiuovescenisu02.pages.dev"; dns.query; content:"sjdfoeusoednhskiuovescenisu02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjdfoeusoednhskiuovescenisu02\.pages\.dev$/i"; classtype:trojan-activity; sid:38111761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname sjdfoeusoednhskiuovescenisu02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sjdfoeusoednhskiuovescenisu02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjdfoeusoednhskiuovescenisu02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//sjdfoeusoednhskiuovescenisu02.pages.dev"; flow:to_server,established; http.header; content:"sjdfoeusoednhskiuovescenisu02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname vhtrh13.pages.dev"; dns.query; content:"vhtrh13.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vhtrh13\.pages\.dev$/i"; classtype:trojan-activity; sid:38111801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname vhtrh13.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| vhtrh13.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])vhtrh13\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//vhtrh13.pages.dev"; flow:to_server,established; http.header; content:"vhtrh13.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname yeoisgdoiuhdysidaryjewsg02.pages.dev"; dns.query; content:"yeoisgdoiuhdysidaryjewsg02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeoisgdoiuhdysidaryjewsg02\.pages\.dev$/i"; classtype:trojan-activity; sid:38111841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname yeoisgdoiuhdysidaryjewsg02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yeoisgdoiuhdysidaryjewsg02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeoisgdoiuhdysidaryjewsg02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//yeoisgdoiuhdysidaryjewsg02.pages.dev"; flow:to_server,established; http.header; content:"yeoisgdoiuhdysidaryjewsg02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspz.07us2w090ps.top"; dns.query; content:"uspz.07us2w090ps.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.07us2w090ps\.top$/i"; classtype:trojan-activity; sid:38111881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspz.07us2w090ps.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.07us2w090ps.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.07us2w090ps\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//uspz.07us2w090ps.top/pg?do=index"; flow:to_server,established; http.header; content:"uspz.07us2w090ps.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspz.uspaim.top"; dns.query; content:"uspz.uspaim.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaim\.top$/i"; classtype:trojan-activity; sid:38111921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspz.uspaim.top"; flow:to_server,established; http.header; content: "Host|3a| uspz.uspaim.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspz\.uspaim\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//uspz.uspaim.top/pg"; flow:to_server,established; http.header; content:"uspz.uspaim.top"; fast_pattern; nocase; http.uri; content:"/pg"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspw.usspaqg.top"; dns.query; content:"uspw.usspaqg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspw\.usspaqg\.top$/i"; classtype:trojan-activity; sid:38111961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspw.usspaqg.top"; flow:to_server,established; http.header; content: "Host|3a| uspw.usspaqg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspw\.usspaqg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38111962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//uspw.usspaqg.top"; flow:to_server,established; http.header; content:"uspw.usspaqg.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38111971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tech-lord.pl"; dns.query; content:"tech-lord.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tech\-lord\.pl$/i"; classtype:trojan-activity; sid:38112001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tech-lord.pl"; flow:to_server,established; http.header; content: "Host|3a| tech-lord.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tech\-lord\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tech-lord.pl"; flow:to_server,established; http.header; content:"tech-lord.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38112011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname node-data.com"; dns.query; content:"node-data.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])node\-data\.com$/i"; classtype:trojan-activity; sid:38112041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname node-data.com"; flow:to_server,established; http.header; content: "Host|3a| node-data.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])node\-data\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; dns.query; content:"nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nkbihfbeogaeaoehlefnkodbefgpgknn\.metamaskk\.skyhighfirstclass\.com\.ng$/i"; classtype:trojan-activity; sid:38112081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; flow:to_server,established; http.header; content: "Host|3a| nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nkbihfbeogaeaoehlefnkodbefgpgknn\.metamaskk\.skyhighfirstclass\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname kawarthaeats.ca"; dns.query; content:"kawarthaeats.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kawarthaeats\.ca$/i"; classtype:trojan-activity; sid:38112121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname kawarthaeats.ca"; flow:to_server,established; http.header; content: "Host|3a| kawarthaeats.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kawarthaeats\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-81830046eeab45d79131bcf4d0750ede.r2.dev"; dns.query; content:"pub-81830046eeab45d79131bcf4d0750ede.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-81830046eeab45d79131bcf4d0750ede\.r2\.dev$/i"; classtype:trojan-activity; sid:38112161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-81830046eeab45d79131bcf4d0750ede.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-81830046eeab45d79131bcf4d0750ede.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-81830046eeab45d79131bcf4d0750ede\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uwi.pages.dev"; dns.query; content:"uwi.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uwi\.pages\.dev$/i"; classtype:trojan-activity; sid:38112201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uwi.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| uwi.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uwi\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspw.usspaqb.top"; dns.query; content:"uspw.usspaqb.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspw\.usspaqb\.top$/i"; classtype:trojan-activity; sid:38112241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspw.usspaqb.top"; flow:to_server,established; http.header; content: "Host|3a| uspw.usspaqb.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspw\.usspaqb\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname usps.ypjbpdhjxp.top"; dns.query; content:"usps.ypjbpdhjxp.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.ypjbpdhjxp\.top$/i"; classtype:trojan-activity; sid:38112281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname usps.ypjbpdhjxp.top"; flow:to_server,established; http.header; content: "Host|3a| usps.ypjbpdhjxp.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.ypjbpdhjxp\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname usps.xtifheqotj.top"; dns.query; content:"usps.xtifheqotj.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.xtifheqotj\.top$/i"; classtype:trojan-activity; sid:38112321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname usps.xtifheqotj.top"; flow:to_server,established; http.header; content: "Host|3a| usps.xtifheqotj.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.xtifheqotj\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname usps.mytrackingur.top"; dns.query; content:"usps.mytrackingur.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingur\.top$/i"; classtype:trojan-activity; sid:38112361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname usps.mytrackingur.top"; flow:to_server,established; http.header; content: "Host|3a| usps.mytrackingur.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.mytrackingur\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname usps.jtjaakaapq.top"; dns.query; content:"usps.jtjaakaapq.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.jtjaakaapq\.top$/i"; classtype:trojan-activity; sid:38112401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname usps.jtjaakaapq.top"; flow:to_server,established; http.header; content: "Host|3a| usps.jtjaakaapq.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usps\.jtjaakaapq\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspr.ussppm.top"; dns.query; content:"uspr.ussppm.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspr\.ussppm\.top$/i"; classtype:trojan-activity; sid:38112441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspr.ussppm.top"; flow:to_server,established; http.header; content: "Host|3a| uspr.ussppm.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspr\.ussppm\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspi.usspuh.top"; dns.query; content:"uspi.usspuh.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspi\.usspuh\.top$/i"; classtype:trojan-activity; sid:38112481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspi.usspuh.top"; flow:to_server,established; http.header; content: "Host|3a| uspi.usspuh.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspi\.usspuh\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38112521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//support.samcontech.com/public/Wa7YxZ65mmxYhFQ7TkctuPpMEPiIY7Fa"; flow:to_server,established; http.header; content:"support.samcontech.com"; fast_pattern; nocase; http.uri; content:"/public/Wa7YxZ65mmxYhFQ7TkctuPpMEPiIY7Fa"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38112531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38112561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//support.samcontech.com/public/vKvwu5WlXwFYK81aqsQHWq6QeckivIWw"; flow:to_server,established; http.header; content:"support.samcontech.com"; fast_pattern; nocase; http.uri; content:"/public/vKvwu5WlXwFYK81aqsQHWq6QeckivIWw"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38112571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38112601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//support.samcontech.com/public/RpxdDn44TL1IIAzZtwyV7sOwVMRnrOzh"; flow:to_server,established; http.header; content:"support.samcontech.com"; fast_pattern; nocase; http.uri; content:"/public/RpxdDn44TL1IIAzZtwyV7sOwVMRnrOzh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38112611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38112641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//support.samcontech.com/public/pkhKgloPumW6nLBbaIhhI6VosY0zM3Zb"; flow:to_server,established; http.header; content:"support.samcontech.com"; fast_pattern; nocase; http.uri; content:"/public/pkhKgloPumW6nLBbaIhhI6VosY0zM3Zb"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38112651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38112681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//support.samcontech.com/public/OcKRu4xxcmrryNDvLRRmL9O4MZ1BIt6r"; flow:to_server,established; http.header; content:"support.samcontech.com"; fast_pattern; nocase; http.uri; content:"/public/OcKRu4xxcmrryNDvLRRmL9O4MZ1BIt6r"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38112691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38112721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//support.samcontech.com/public/mbzdwZmJ41QcYuBMbssZgOdqvBfoMSuW"; flow:to_server,established; http.header; content:"support.samcontech.com"; fast_pattern; nocase; http.uri; content:"/public/mbzdwZmJ41QcYuBMbssZgOdqvBfoMSuW"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38112731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38112761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//support.samcontech.com/public/lCmqzaJCpF9PtPTnKnyJVnqTFuDhS1hB"; flow:to_server,established; http.header; content:"support.samcontech.com"; fast_pattern; nocase; http.uri; content:"/public/lCmqzaJCpF9PtPTnKnyJVnqTFuDhS1hB"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38112771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38112801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//support.samcontech.com/public/h9RaMBo66IbrvXCGJzwQ93mjBDKoNf6R"; flow:to_server,established; http.header; content:"support.samcontech.com"; fast_pattern; nocase; http.uri; content:"/public/h9RaMBo66IbrvXCGJzwQ93mjBDKoNf6R"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38112811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38112841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//support.samcontech.com/public/EnjA47Ticm1fJgW1EAoidjn9VS1wKeIm"; flow:to_server,established; http.header; content:"support.samcontech.com"; fast_pattern; nocase; http.uri; content:"/public/EnjA47Ticm1fJgW1EAoidjn9VS1wKeIm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38112851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38112881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//support.samcontech.com/public/cGAj8JwnaV1XtpZrH8s3RMMUfGNtIP0U"; flow:to_server,established; http.header; content:"support.samcontech.com"; fast_pattern; nocase; http.uri; content:"/public/cGAj8JwnaV1XtpZrH8s3RMMUfGNtIP0U"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38112891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tele-grraam.xyz"; dns.query; content:"tele-grraam.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tele\-grraam\.xyz$/i"; classtype:trojan-activity; sid:38112921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tele-grraam.xyz"; flow:to_server,established; http.header; content: "Host|3a| tele-grraam.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tele\-grraam\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38112961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38112962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38113001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38113041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38113081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38113121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38113161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38113201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname support.samcontech.com"; dns.query; content:"support.samcontech.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com$/i"; classtype:trojan-activity; sid:38113241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname support.samcontech.com"; flow:to_server,established; http.header; content: "Host|3a| support.samcontech.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])support\.samcontech\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname sto-autosprzedaz.com.pl"; dns.query; content:"sto-autosprzedaz.com.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sto\-autosprzedaz\.com\.pl$/i"; classtype:trojan-activity; sid:38113281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname sto-autosprzedaz.com.pl"; flow:to_server,established; http.header; content: "Host|3a| sto-autosprzedaz.com.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sto\-autosprzedaz\.com\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname solidarity.yumana.io"; dns.query; content:"solidarity.yumana.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])solidarity\.yumana\.io$/i"; classtype:trojan-activity; sid:38113321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname solidarity.yumana.io"; flow:to_server,established; http.header; content: "Host|3a| solidarity.yumana.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])solidarity\.yumana\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname sachin-8582.github.io"; dns.query; content:"sachin-8582.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sachin\-8582\.github\.io$/i"; classtype:trojan-activity; sid:38113361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname sachin-8582.github.io"; flow:to_server,established; http.header; content: "Host|3a| sachin-8582.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sachin\-8582\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ron-autohandel.com.pl"; dns.query; content:"ron-autohandel.com.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ron\-autohandel\.com\.pl$/i"; classtype:trojan-activity; sid:38113401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ron-autohandel.com.pl"; flow:to_server,established; http.header; content: "Host|3a| ron-autohandel.com.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ron\-autohandel\.com\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname raw-ker-od.xixisubdomain.workers.dev"; dns.query; content:"raw-ker-od.xixisubdomain.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])raw\-ker\-od\.xixisubdomain\.workers\.dev$/i"; classtype:trojan-activity; sid:38113441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname raw-ker-od.xixisubdomain.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| raw-ker-od.xixisubdomain.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])raw\-ker\-od\.xixisubdomain\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-ff5bacf94a4d474b9c7cb1c0ba1c5e8f.r2.dev"; dns.query; content:"pub-ff5bacf94a4d474b9c7cb1c0ba1c5e8f.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ff5bacf94a4d474b9c7cb1c0ba1c5e8f\.r2\.dev$/i"; classtype:trojan-activity; sid:38113481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-ff5bacf94a4d474b9c7cb1c0ba1c5e8f.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-ff5bacf94a4d474b9c7cb1c0ba1c5e8f.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-ff5bacf94a4d474b9c7cb1c0ba1c5e8f\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-d36e877a26d14bf79275c71d5b61ff18.r2.dev"; dns.query; content:"pub-d36e877a26d14bf79275c71d5b61ff18.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d36e877a26d14bf79275c71d5b61ff18\.r2\.dev$/i"; classtype:trojan-activity; sid:38113521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-d36e877a26d14bf79275c71d5b61ff18.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-d36e877a26d14bf79275c71d5b61ff18.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-d36e877a26d14bf79275c71d5b61ff18\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-fb18fd8aaa2c453dab56d6f0ae35acae.r2.dev"; dns.query; content:"pub-fb18fd8aaa2c453dab56d6f0ae35acae.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-fb18fd8aaa2c453dab56d6f0ae35acae\.r2\.dev$/i"; classtype:trojan-activity; sid:38113561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-fb18fd8aaa2c453dab56d6f0ae35acae.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-fb18fd8aaa2c453dab56d6f0ae35acae.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-fb18fd8aaa2c453dab56d6f0ae35acae\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-6fe948597b9343d18b9e153c4ac38460.r2.dev"; dns.query; content:"pub-6fe948597b9343d18b9e153c4ac38460.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-6fe948597b9343d18b9e153c4ac38460\.r2\.dev$/i"; classtype:trojan-activity; sid:38113601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-6fe948597b9343d18b9e153c4ac38460.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-6fe948597b9343d18b9e153c4ac38460.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-6fe948597b9343d18b9e153c4ac38460\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-5dfda753a0044475a0a7ab4a3257d3bf.r2.dev"; dns.query; content:"pub-5dfda753a0044475a0a7ab4a3257d3bf.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5dfda753a0044475a0a7ab4a3257d3bf\.r2\.dev$/i"; classtype:trojan-activity; sid:38113641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-5dfda753a0044475a0a7ab4a3257d3bf.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-5dfda753a0044475a0a7ab4a3257d3bf.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-5dfda753a0044475a0a7ab4a3257d3bf\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-13d29bad833946aabfbfb6a91a8b34e6.r2.dev"; dns.query; content:"pub-13d29bad833946aabfbfb6a91a8b34e6.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-13d29bad833946aabfbfb6a91a8b34e6\.r2\.dev$/i"; classtype:trojan-activity; sid:38113681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-13d29bad833946aabfbfb6a91a8b34e6.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-13d29bad833946aabfbfb6a91a8b34e6.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-13d29bad833946aabfbfb6a91a8b34e6\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-039661bdd4c44b3b976f11cdb9a02c48.r2.dev"; dns.query; content:"pub-039661bdd4c44b3b976f11cdb9a02c48.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-039661bdd4c44b3b976f11cdb9a02c48\.r2\.dev$/i"; classtype:trojan-activity; sid:38113721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-039661bdd4c44b3b976f11cdb9a02c48.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-039661bdd4c44b3b976f11cdb9a02c48.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-039661bdd4c44b3b976f11cdb9a02c48\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname officialkayda.com"; dns.query; content:"officialkayda.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officialkayda\.com$/i"; classtype:trojan-activity; sid:38113761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname officialkayda.com"; flow:to_server,established; http.header; content: "Host|3a| officialkayda.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])officialkayda\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; dns.query; content:"nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nkbihfbeogaeaoehlefnkodbefgpgknn\.metamaskk\.skyhighfirstclass\.com\.ng$/i"; classtype:trojan-activity; sid:38113801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; flow:to_server,established; http.header; content: "Host|3a| nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nkbihfbeogaeaoehlefnkodbefgpgknn\.metamaskk\.skyhighfirstclass\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname meta-support-appeals.pages.dev"; dns.query; content:"meta-support-appeals.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meta\-support\-appeals\.pages\.dev$/i"; classtype:trojan-activity; sid:38113841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname meta-support-appeals.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| meta-support-appeals.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meta\-support\-appeals\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname meta-businessmanager.pages.dev"; dns.query; content:"meta-businessmanager.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meta\-businessmanager\.pages\.dev$/i"; classtype:trojan-activity; sid:38113881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname meta-businessmanager.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| meta-businessmanager.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])meta\-businessmanager\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ksls.des4.com.tr"; dns.query; content:"ksls.des4.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksls\.des4\.com\.tr$/i"; classtype:trojan-activity; sid:38113921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ksls.des4.com.tr"; flow:to_server,established; http.header; content: "Host|3a| ksls.des4.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ksls\.des4\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname krok-zycia.pl"; dns.query; content:"krok-zycia.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])krok\-zycia\.pl$/i"; classtype:trojan-activity; sid:38113961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname krok-zycia.pl"; flow:to_server,established; http.header; content: "Host|3a| krok-zycia.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])krok\-zycia\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38113962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname kjf.pages.dev"; dns.query; content:"kjf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kjf\.pages\.dev$/i"; classtype:trojan-activity; sid:38114001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname kjf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| kjf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kjf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname iccarson.com.selus.mx"; dns.query; content:"iccarson.com.selus.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iccarson\.com\.selus\.mx$/i"; classtype:trojan-activity; sid:38114041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname iccarson.com.selus.mx"; flow:to_server,established; http.header; content: "Host|3a| iccarson.com.selus.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iccarson\.com\.selus\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname industry-ready-2125.github.io"; dns.query; content:"industry-ready-2125.github.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])industry\-ready\-2125\.github\.io$/i"; classtype:trojan-activity; sid:38114081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname industry-ready-2125.github.io"; flow:to_server,established; http.header; content: "Host|3a| industry-ready-2125.github.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])industry\-ready\-2125\.github\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname iccarson.com.selus.mx"; dns.query; content:"iccarson.com.selus.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iccarson\.com\.selus\.mx$/i"; classtype:trojan-activity; sid:38114121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname iccarson.com.selus.mx"; flow:to_server,established; http.header; content: "Host|3a| iccarson.com.selus.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iccarson\.com\.selus\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname iccarson.com"; dns.query; content:"iccarson.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iccarson\.com$/i"; classtype:trojan-activity; sid:38114161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname iccarson.com"; flow:to_server,established; http.header; content: "Host|3a| iccarson.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iccarson\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname yyds22222.pages.dev"; dns.query; content:"yyds22222.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yyds22222\.pages\.dev$/i"; classtype:trojan-activity; sid:38114201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname yyds22222.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yyds22222.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yyds22222\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//yyds22222.pages.dev"; flow:to_server,established; http.header; content:"yyds22222.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38114211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname grupwaouxl.terbaru-2023.com"; dns.query; content:"grupwaouxl.terbaru-2023.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwaouxl\.terbaru\-2023\.com$/i"; classtype:trojan-activity; sid:38114241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname grupwaouxl.terbaru-2023.com"; flow:to_server,established; http.header; content: "Host|3a| grupwaouxl.terbaru-2023.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])grupwaouxl\.terbaru\-2023\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname gbp.pages.dev"; dns.query; content:"gbp.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gbp\.pages\.dev$/i"; classtype:trojan-activity; sid:38114281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname gbp.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gbp.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gbp\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname free-flre-spinvdkvkbh.jagungsmp.cfd"; dns.query; content:"free-flre-spinvdkvkbh.jagungsmp.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])free\-flre\-spinvdkvkbh\.jagungsmp\.cfd$/i"; classtype:trojan-activity; sid:38114321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname free-flre-spinvdkvkbh.jagungsmp.cfd"; flow:to_server,established; http.header; content: "Host|3a| free-flre-spinvdkvkbh.jagungsmp.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])free\-flre\-spinvdkvkbh\.jagungsmp\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname free-flre-spinvdkvkbh.jagungsmp.cfd"; dns.query; content:"free-flre-spinvdkvkbh.jagungsmp.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])free\-flre\-spinvdkvkbh\.jagungsmp\.cfd$/i"; classtype:trojan-activity; sid:38114361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname free-flre-spinvdkvkbh.jagungsmp.cfd"; flow:to_server,established; http.header; content: "Host|3a| free-flre-spinvdkvkbh.jagungsmp.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])free\-flre\-spinvdkvkbh\.jagungsmp\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname free-flre-spinitdkpkv.jagungsmp.cfd"; dns.query; content:"free-flre-spinitdkpkv.jagungsmp.cfd"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])free\-flre\-spinitdkpkv\.jagungsmp\.cfd$/i"; classtype:trojan-activity; sid:38114401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname free-flre-spinitdkpkv.jagungsmp.cfd"; flow:to_server,established; http.header; content: "Host|3a| free-flre-spinitdkpkv.jagungsmp.cfd"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])free\-flre\-spinitdkpkv\.jagungsmp\.cfd[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname diligent-spot-dart.glitch.me"; dns.query; content:"diligent-spot-dart.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diligent\-spot\-dart\.glitch\.me$/i"; classtype:trojan-activity; sid:38114441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname diligent-spot-dart.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| diligent-spot-dart.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])diligent\-spot\-dart\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname cloudreve.husimon.workers.dev"; dns.query; content:"cloudreve.husimon.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloudreve\.husimon\.workers\.dev$/i"; classtype:trojan-activity; sid:38114481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname cloudreve.husimon.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| cloudreve.husimon.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])cloudreve\.husimon\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname certain-teal-pocket.glitch.me"; dns.query; content:"certain-teal-pocket.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])certain\-teal\-pocket\.glitch\.me$/i"; classtype:trojan-activity; sid:38114521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname certain-teal-pocket.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| certain-teal-pocket.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])certain\-teal\-pocket\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bnw-2fu.pages.dev"; dns.query; content:"bnw-2fu.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bnw\-2fu\.pages\.dev$/i"; classtype:trojan-activity; sid:38114561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bnw-2fu.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bnw-2fu.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bnw\-2fu\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bnw-2fu.pages.dev"; dns.query; content:"bnw-2fu.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bnw\-2fu\.pages\.dev$/i"; classtype:trojan-activity; sid:38114601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bnw-2fu.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bnw-2fu.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bnw\-2fu\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname account-login-b3384b.webflow.io"; dns.query; content:"account-login-b3384b.webflow.io"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])account\-login\-b3384b\.webflow\.io$/i"; classtype:trojan-activity; sid:38114641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname account-login-b3384b.webflow.io"; flow:to_server,established; http.header; content: "Host|3a| account-login-b3384b.webflow.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])account\-login\-b3384b\.webflow\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 386hdv.ktt55.my.id"; dns.query; content:"386hdv.ktt55.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])386hdv\.ktt55\.my\.id$/i"; classtype:trojan-activity; sid:38114681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 386hdv.ktt55.my.id"; flow:to_server,established; http.header; content: "Host|3a| 386hdv.ktt55.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])386hdv\.ktt55\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 375sh.ktt55.my.id"; dns.query; content:"375sh.ktt55.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])375sh\.ktt55\.my\.id$/i"; classtype:trojan-activity; sid:38114721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 375sh.ktt55.my.id"; flow:to_server,established; http.header; content: "Host|3a| 375sh.ktt55.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])375sh\.ktt55\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-6f65a77143a146c39956cd6d0797a2df.r2.dev"; dns.query; content:"pub-6f65a77143a146c39956cd6d0797a2df.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-6f65a77143a146c39956cd6d0797a2df\.r2\.dev$/i"; classtype:trojan-activity; sid:38114761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-6f65a77143a146c39956cd6d0797a2df.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-6f65a77143a146c39956cd6d0797a2df.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-6f65a77143a146c39956cd6d0797a2df\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//pub-6f65a77143a146c39956cd6d0797a2df.r2.dev/newdayowa.html"; flow:to_server,established; http.header; content:"pub-6f65a77143a146c39956cd6d0797a2df.r2.dev"; fast_pattern; nocase; http.uri; content:"/newdayowa.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38114771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ghsfgyowkunoeweijacziajhd3.pages.dev"; dns.query; content:"ghsfgyowkunoeweijacziajhd3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghsfgyowkunoeweijacziajhd3\.pages\.dev$/i"; classtype:trojan-activity; sid:38114801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ghsfgyowkunoeweijacziajhd3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ghsfgyowkunoeweijacziajhd3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghsfgyowkunoeweijacziajhd3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//ghsfgyowkunoeweijacziajhd3.pages.dev"; flow:to_server,established; http.header; content:"ghsfgyowkunoeweijacziajhd3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38114811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; dns.query; content:"nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nkbihfbeogaeaoehlefnkodbefgpgknn\.metamaskk\.skyhighfirstclass\.com\.ng$/i"; classtype:trojan-activity; sid:38114841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; flow:to_server,established; http.header; content: "Host|3a| nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nkbihfbeogaeaoehlefnkodbefgpgknn\.metamaskk\.skyhighfirstclass\.com\.ng[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng/12a54ee/Info.htm"; flow:to_server,established; http.header; content:"nkbihfbeogaeaoehlefnkodbefgpgknn.metamaskk.skyhighfirstclass.com.ng"; fast_pattern; nocase; http.uri; content:"/12a54ee/Info.htm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38114851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname momentumagencyco.com"; dns.query; content:"momentumagencyco.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])momentumagencyco\.com$/i"; classtype:trojan-activity; sid:38114881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname momentumagencyco.com"; flow:to_server,established; http.header; content: "Host|3a| momentumagencyco.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])momentumagencyco\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//momentumagencyco.com/hmd/hmd/pass"; flow:to_server,established; http.header; content:"momentumagencyco.com"; fast_pattern; nocase; http.uri; content:"/hmd/hmd/pass"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38114891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname mail.jdidus.des4.com.tr"; dns.query; content:"mail.jdidus.des4.com.tr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.jdidus\.des4\.com\.tr$/i"; classtype:trojan-activity; sid:38114921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname mail.jdidus.des4.com.tr"; flow:to_server,established; http.header; content: "Host|3a| mail.jdidus.des4.com.tr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.jdidus\.des4\.com\.tr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//mail.jdidus.des4.com.tr"; flow:to_server,established; http.header; content:"mail.jdidus.des4.com.tr"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38114931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname kawarthaeats.ca"; dns.query; content:"kawarthaeats.ca"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kawarthaeats\.ca$/i"; classtype:trojan-activity; sid:38114961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname kawarthaeats.ca"; flow:to_server,established; http.header; content: "Host|3a| kawarthaeats.ca"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])kawarthaeats\.ca[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38114962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//kawarthaeats.ca/info/send/loginsend.php?enc=8abdcfb57a06a719a95"; flow:to_server,established; http.header; content:"kawarthaeats.ca"; fast_pattern; nocase; http.uri; content:"/info/send/loginsend.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38114971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname imtoken-wg.biz"; dns.query; content:"imtoken-wg.biz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-wg\.biz$/i"; classtype:trojan-activity; sid:38115001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname imtoken-wg.biz"; flow:to_server,established; http.header; content: "Host|3a| imtoken-wg.biz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])imtoken\-wg\.biz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//imtoken-wg.biz"; flow:to_server,established; http.header; content:"imtoken-wg.biz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname iccarson.com.selus.mx"; dns.query; content:"iccarson.com.selus.mx"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iccarson\.com\.selus\.mx$/i"; classtype:trojan-activity; sid:38115041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname iccarson.com.selus.mx"; flow:to_server,established; http.header; content: "Host|3a| iccarson.com.selus.mx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iccarson\.com\.selus\.mx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//iccarson.com.selus.mx/23/login/login.php"; flow:to_server,established; http.header; content:"iccarson.com.selus.mx"; fast_pattern; nocase; http.uri; content:"/23/login/login.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname iccarson.com"; dns.query; content:"iccarson.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iccarson\.com$/i"; classtype:trojan-activity; sid:38115081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname iccarson.com"; flow:to_server,established; http.header; content: "Host|3a| iccarson.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iccarson\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//iccarson.com/23/login/login.php"; flow:to_server,established; http.header; content:"iccarson.com"; fast_pattern; nocase; http.uri; content:"/23/login/login.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname htppdffilee.weebly.com"; dns.query; content:"htppdffilee.weebly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])htppdffilee\.weebly\.com$/i"; classtype:trojan-activity; sid:38115121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname htppdffilee.weebly.com"; flow:to_server,established; http.header; content: "Host|3a| htppdffilee.weebly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])htppdffilee\.weebly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//htppdffilee.weebly.com"; flow:to_server,established; http.header; content:"htppdffilee.weebly.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname crimson-flower-941f.3invyzig.workers.dev"; dns.query; content:"crimson-flower-941f.3invyzig.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crimson\-flower\-941f\.3invyzig\.workers\.dev$/i"; classtype:trojan-activity; sid:38115161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname crimson-flower-941f.3invyzig.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| crimson-flower-941f.3invyzig.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])crimson\-flower\-941f\.3invyzig\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname mlcro-out-look-verify.pages.dev"; dns.query; content:"mlcro-out-look-verify.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlcro\-out\-look\-verify\.pages\.dev$/i"; classtype:trojan-activity; sid:38115201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname mlcro-out-look-verify.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| mlcro-out-look-verify.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mlcro\-out\-look\-verify\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//mlcro-out-look-verify.pages.dev/"; flow:to_server,established; http.header; content:"mlcro-out-look-verify.pages.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname billowing-limit-216c.tk6913.workers.dev"; dns.query; content:"billowing-limit-216c.tk6913.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])billowing\-limit\-216c\.tk6913\.workers\.dev$/i"; classtype:trojan-activity; sid:38115241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname billowing-limit-216c.tk6913.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| billowing-limit-216c.tk6913.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])billowing\-limit\-216c\.tk6913\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//billowing-limit-216c.tk6913.workers.dev/"; flow:to_server,established; http.header; content:"billowing-limit-216c.tk6913.workers.dev"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname amicom.com.br"; dns.query; content:"amicom.com.br"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])amicom\.com\.br$/i"; classtype:trojan-activity; sid:38115281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname amicom.com.br"; flow:to_server,established; http.header; content: "Host|3a| amicom.com.br"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])amicom\.com\.br[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//amicom.com.br/.well-known/mot/auth/bids/3****@b.c"; flow:to_server,established; http.header; content:"amicom.com.br"; fast_pattern; nocase; http.uri; content:"/.well-known/mot/auth/bids/3****@b.c"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname pub-84fe46a5e6524c2d87cd06f1c312b868.r2.dev"; dns.query; content:"pub-84fe46a5e6524c2d87cd06f1c312b868.r2.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-84fe46a5e6524c2d87cd06f1c312b868\.r2\.dev$/i"; classtype:trojan-activity; sid:38115321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname pub-84fe46a5e6524c2d87cd06f1c312b868.r2.dev"; flow:to_server,established; http.header; content: "Host|3a| pub-84fe46a5e6524c2d87cd06f1c312b868.r2.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])pub\-84fe46a5e6524c2d87cd06f1c312b868\.r2\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 1m9xro06d8-1324839608.cos.ap-bangkok.myqcloud.com"; dns.query; content:"1m9xro06d8-1324839608.cos.ap-bangkok.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1m9xro06d8\-1324839608\.cos\.ap\-bangkok\.myqcloud\.com$/i"; classtype:trojan-activity; sid:38115361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 1m9xro06d8-1324839608.cos.ap-bangkok.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| 1m9xro06d8-1324839608.cos.ap-bangkok.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])1m9xro06d8\-1324839608\.cos\.ap\-bangkok\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname worker-shrill-wood-50f3.jln95cha.workers.dev"; dns.query; content:"worker-shrill-wood-50f3.jln95cha.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-shrill\-wood\-50f3\.jln95cha\.workers\.dev$/i"; classtype:trojan-activity; sid:38115401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname worker-shrill-wood-50f3.jln95cha.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker-shrill-wood-50f3.jln95cha.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\-shrill\-wood\-50f3\.jln95cha\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//worker-shrill-wood-50f3.jln95cha.workers.dev/%2522%2522%2522%2522%2522%2522%2522%2522"; flow:to_server,established; http.header; content:"worker-shrill-wood-50f3.jln95cha.workers.dev"; fast_pattern; nocase; http.uri; content:"/%2522%2522%2522%2522%2522%2522%2522%2522"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname securembly.fr"; dns.query; content:"securembly.fr"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])securembly\.fr$/i"; classtype:trojan-activity; sid:38115441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname securembly.fr"; flow:to_server,established; http.header; content: "Host|3a| securembly.fr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])securembly\.fr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname channelhub.info"; dns.query; content:"channelhub.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])channelhub\.info$/i"; classtype:trojan-activity; sid:38115481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname channelhub.info"; flow:to_server,established; http.header; content: "Host|3a| channelhub.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])channelhub\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegram.web-tgg.top"; dns.query; content:"telegram.web-tgg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.web\-tgg\.top$/i"; classtype:trojan-activity; sid:38115521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegram.web-tgg.top"; flow:to_server,established; http.header; content: "Host|3a| telegram.web-tgg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.web\-tgg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tgadminuser.webptt.vip"; dns.query; content:"tgadminuser.webptt.vip"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webptt\.vip$/i"; classtype:trojan-activity; sid:38115561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tgadminuser.webptt.vip"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.webptt.vip"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.webptt\.vip[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tgadminuser.web-tgg.top"; dns.query; content:"tgadminuser.web-tgg.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-tgg\.top$/i"; classtype:trojan-activity; sid:38115601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tgadminuser.web-tgg.top"; flow:to_server,established; http.header; content: "Host|3a| tgadminuser.web-tgg.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tgadminuser\.web\-tgg\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarm-c.com"; dns.query; content:"telegarm-c.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarm\-c\.com$/i"; classtype:trojan-activity; sid:38115641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarm-c.com"; flow:to_server,established; http.header; content: "Host|3a| telegarm-c.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarm\-c\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarm-c.com/"; flow:to_server,established; http.header; content:"telegarm-c.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname frkhg5fcd.vyiz.my.id"; dns.query; content:"frkhg5fcd.vyiz.my.id"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frkhg5fcd\.vyiz\.my\.id$/i"; classtype:trojan-activity; sid:38115681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname frkhg5fcd.vyiz.my.id"; flow:to_server,established; http.header; content: "Host|3a| frkhg5fcd.vyiz.my.id"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])frkhg5fcd\.vyiz\.my\.id[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//frkhg5fcd.vyiz.my.id"; flow:to_server,established; http.header; content:"frkhg5fcd.vyiz.my.id"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname terraportdapps.pages.dev"; dns.query; content:"terraportdapps.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])terraportdapps\.pages\.dev$/i"; classtype:trojan-activity; sid:38115721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname terraportdapps.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| terraportdapps.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])terraportdapps\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//terraportdapps.pages.dev"; flow:to_server,established; http.header; content:"terraportdapps.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname group-susucilik-online.pages.dev"; dns.query; content:"group-susucilik-online.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])group\-susucilik\-online\.pages\.dev$/i"; classtype:trojan-activity; sid:38115761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname group-susucilik-online.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| group-susucilik-online.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])group\-susucilik\-online\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//group-susucilik-online.pages.dev"; flow:to_server,established; http.header; content:"group-susucilik-online.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname usdohxjosmxhqaruidozhusjki01.pages.dev"; dns.query; content:"usdohxjosmxhqaruidozhusjki01.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usdohxjosmxhqaruidozhusjki01\.pages\.dev$/i"; classtype:trojan-activity; sid:38115801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname usdohxjosmxhqaruidozhusjki01.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| usdohxjosmxhqaruidozhusjki01.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usdohxjosmxhqaruidozhusjki01\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//usdohxjosmxhqaruidozhusjki01.pages.dev"; flow:to_server,established; http.header; content:"usdohxjosmxhqaruidozhusjki01.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname com-helpcenter.info"; dns.query; content:"com-helpcenter.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])com\-helpcenter\.info$/i"; classtype:trojan-activity; sid:38115841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname com-helpcenter.info"; flow:to_server,established; http.header; content: "Host|3a| com-helpcenter.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])com\-helpcenter\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//com-helpcenter.info"; flow:to_server,established; http.header; content:"com-helpcenter.info"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname sexgroup-televip.pages.dev"; dns.query; content:"sexgroup-televip.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sexgroup\-televip\.pages\.dev$/i"; classtype:trojan-activity; sid:38115881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname sexgroup-televip.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sexgroup-televip.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sexgroup\-televip\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//sexgroup-televip.pages.dev"; flow:to_server,established; http.header; content:"sexgroup-televip.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname hot-sex-room.pages.dev"; dns.query; content:"hot-sex-room.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hot\-sex\-room\.pages\.dev$/i"; classtype:trojan-activity; sid:38115921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname hot-sex-room.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hot-sex-room.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hot\-sex\-room\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//hot-sex-room.pages.dev"; flow:to_server,established; http.header; content:"hot-sex-room.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname arabbasiastarfzz.pages.dev"; dns.query; content:"arabbasiastarfzz.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arabbasiastarfzz\.pages\.dev$/i"; classtype:trojan-activity; sid:38115961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname arabbasiastarfzz.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| arabbasiastarfzz.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])arabbasiastarfzz\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38115962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//arabbasiastarfzz.pages.dev"; flow:to_server,established; http.header; content:"arabbasiastarfzz.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38115971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname votepixelfarts.pages.dev"; dns.query; content:"votepixelfarts.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])votepixelfarts\.pages\.dev$/i"; classtype:trojan-activity; sid:38116001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname votepixelfarts.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| votepixelfarts.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])votepixelfarts\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//votepixelfarts.pages.dev"; flow:to_server,established; http.header; content:"votepixelfarts.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname usdohxjosmxhqaruidozhusjki03.pages.dev"; dns.query; content:"usdohxjosmxhqaruidozhusjki03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usdohxjosmxhqaruidozhusjki03\.pages\.dev$/i"; classtype:trojan-activity; sid:38116041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname usdohxjosmxhqaruidozhusjki03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| usdohxjosmxhqaruidozhusjki03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])usdohxjosmxhqaruidozhusjki03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//usdohxjosmxhqaruidozhusjki03.pages.dev"; flow:to_server,established; http.header; content:"usdohxjosmxhqaruidozhusjki03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert ip $HOME_NET any -> 81.94.150.166 443 (msg: "MISP e27720 [c2,Havoc] Outgoing To IP: 81.94.150.166|443"; classtype:trojan-activity; sid:38020731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 38.242.236.116 7777 (msg: "MISP e27720 [asyncrat,RAT] Outgoing To IP: 38.242.236.116|7777"; classtype:trojan-activity; sid:38020741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 3.94.102.197 80 (msg: "MISP e27720 [c2,Havoc] Outgoing To IP: 3.94.102.197|80"; classtype:trojan-activity; sid:38020751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 3.88.102.160 80 (msg: "MISP e27720 [c2,Havoc] Outgoing To IP: 3.88.102.160|80"; classtype:trojan-activity; sid:38020761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 34.162.156.94 443 (msg: "MISP e27720 [c2,Havoc] Outgoing To IP: 34.162.156.94|443"; classtype:trojan-activity; sid:38020771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 124.106.197.167 4343 (msg: "MISP e27720 [c2,Havoc] Outgoing To IP: 124.106.197.167|4343"; classtype:trojan-activity; sid:38020781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 5.181.80.13 8848 (msg: "MISP e27720 [c2,dcrat] Outgoing To IP: 5.181.80.13|8848"; classtype:trojan-activity; sid:38020791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert ip $HOME_NET any -> 141.255.167.251 4760 (msg: "MISP e27720 [c2,Meterpreter] Outgoing To IP: 141.255.167.251|4760"; classtype:trojan-activity; sid:38020801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27720;) alert http $HOME_NET any -> 42.236.253.30 59730 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.236.253.30|3a|59730/i"; flow:to_server,established; http.header; content:"42.236.253.30"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.234.163.23 48751 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.234.163.23|3a|48751/bin.sh"; flow:to_server,established; http.header; content:"42.234.163.23"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 39.90.150.80 52712 (msg: "MISP e27842 [] Outgoing URL http|3a|//39.90.150.80|3a|52712/i"; flow:to_server,established; http.header; content:"39.90.150.80"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 39.90.150.80 52712 (msg: "MISP e27842 [] Outgoing URL http|3a|//39.90.150.80|3a|52712/bin.sh"; flow:to_server,established; http.header; content:"39.90.150.80"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.215.178.89 37326 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.215.178.89|3a|37326/Mozi.m"; flow:to_server,established; http.header; content:"27.215.178.89"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 24.53.190.209 43276 (msg: "MISP e27842 [] Outgoing URL http|3a|//24.53.190.209|3a|43276/bin.sh"; flow:to_server,established; http.header; content:"24.53.190.209"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.139.50.69 39399 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.139.50.69|3a|39399/i"; flow:to_server,established; http.header; content:"222.139.50.69"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 221.14.104.6 40705 (msg: "MISP e27842 [] Outgoing URL http|3a|//221.14.104.6|3a|40705/Mozi.m"; flow:to_server,established; http.header; content:"221.14.104.6"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 219.157.161.208 60635 (msg: "MISP e27842 [] Outgoing URL http|3a|//219.157.161.208|3a|60635/bin.sh"; flow:to_server,established; http.header; content:"219.157.161.208"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 210.22.177.142 47669 (msg: "MISP e27842 [] Outgoing URL http|3a|//210.22.177.142|3a|47669/Mozi.m"; flow:to_server,established; http.header; content:"210.22.177.142"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.124.21.254 41213 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.124.21.254|3a|41213/bin.sh"; flow:to_server,established; http.header; content:"182.124.21.254"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.121.8.94 49182 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.121.8.94|3a|49182/Mozi.m"; flow:to_server,established; http.header; content:"182.121.8.94"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.121.199.205 52537 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.121.199.205|3a|52537/bin.sh"; flow:to_server,established; http.header; content:"182.121.199.205"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.120.62.47 60750 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.120.62.47|3a|60750/bin.sh"; flow:to_server,established; http.header; content:"182.120.62.47"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.113.38.234 50019 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.113.38.234|3a|50019/i"; flow:to_server,established; http.header; content:"182.113.38.234"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.113.38.234 50019 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.113.38.234|3a|50019/bin.sh"; flow:to_server,established; http.header; content:"182.113.38.234"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 180.180.217.199 35110 (msg: "MISP e27842 [] Outgoing URL http|3a|//180.180.217.199|3a|35110/Mozi.a"; flow:to_server,established; http.header; content:"180.180.217.199"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 147.45.47.71 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//147.45.47.71/9f244f7bc6ab2605/vcruntime140.dll"; flow:to_server,established; http.header; content:"147.45.47.71"; fast_pattern; nocase; http.uri; content:"/9f244f7bc6ab2605/vcruntime140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 147.45.47.71 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//147.45.47.71/9f244f7bc6ab2605/sqlite3.dll"; flow:to_server,established; http.header; content:"147.45.47.71"; fast_pattern; nocase; http.uri; content:"/9f244f7bc6ab2605/sqlite3.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 147.45.47.71 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//147.45.47.71/9f244f7bc6ab2605/msvcp140.dll"; flow:to_server,established; http.header; content:"147.45.47.71"; fast_pattern; nocase; http.uri; content:"/9f244f7bc6ab2605/msvcp140.dll"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 125.45.60.180 44940 (msg: "MISP e27842 [] Outgoing URL http|3a|//125.45.60.180|3a|44940/i"; flow:to_server,established; http.header; content:"125.45.60.180"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 125.44.56.55 40353 (msg: "MISP e27842 [] Outgoing URL http|3a|//125.44.56.55|3a|40353/i"; flow:to_server,established; http.header; content:"125.44.56.55"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 124.131.83.33 38412 (msg: "MISP e27842 [] Outgoing URL http|3a|//124.131.83.33|3a|38412/bin.sh"; flow:to_server,established; http.header; content:"124.131.83.33"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.9.26.246 43934 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.9.26.246|3a|43934/bin.sh"; flow:to_server,established; http.header; content:"123.9.26.246"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.4.77.37 42840 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.4.77.37|3a|42840/bin.sh"; flow:to_server,established; http.header; content:"123.4.77.37"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.4.24.118 51253 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.4.24.118|3a|51253/Mozi.m"; flow:to_server,established; http.header; content:"123.4.24.118"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.217.84.68 56723 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.217.84.68|3a|56723/Mozi.m"; flow:to_server,established; http.header; content:"117.217.84.68"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.213.82.147 52868 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.213.82.147|3a|52868/Mozi.m"; flow:to_server,established; http.header; content:"117.213.82.147"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.194.175.222 43295 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.194.175.222|3a|43295/bin.sh"; flow:to_server,established; http.header; content:"117.194.175.222"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.56.172.154 60484 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.56.172.154|3a|60484/i"; flow:to_server,established; http.header; content:"115.56.172.154"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.56.172.154 60484 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.56.172.154|3a|60484/bin.sh"; flow:to_server,established; http.header; content:"115.56.172.154"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.99.28 36897 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.99.28|3a|36897/bin.sh"; flow:to_server,established; http.header; content:"115.55.99.28"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38125991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.49.66.157 34114 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.49.66.157|3a|34114/Mozi.m"; flow:to_server,established; http.header; content:"115.49.66.157"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 113.26.212.154 55782 (msg: "MISP e27842 [] Outgoing URL http|3a|//113.26.212.154|3a|55782/bin.sh"; flow:to_server,established; http.header; content:"113.26.212.154"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 112.239.98.42 38666 (msg: "MISP e27842 [] Outgoing URL http|3a|//112.239.98.42|3a|38666/i"; flow:to_server,established; http.header; content:"112.239.98.42"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 112.239.98.42 38666 (msg: "MISP e27842 [] Outgoing URL http|3a|//112.239.98.42|3a|38666/bin.sh"; flow:to_server,established; http.header; content:"112.239.98.42"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 110.182.79.202 52663 (msg: "MISP e27842 [] Outgoing URL http|3a|//110.182.79.202|3a|52663/bin.sh"; flow:to_server,established; http.header; content:"110.182.79.202"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 106.41.45.167 50843 (msg: "MISP e27842 [] Outgoing URL http|3a|//106.41.45.167|3a|50843/i"; flow:to_server,established; http.header; content:"106.41.45.167"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//www.cjwdev.com/Software/ADTidy/ADTidyInstaller.zip"; flow:to_server,established; http.header; content:"www.cjwdev.com"; fast_pattern; nocase; http.uri; content:"/Software/ADTidy/ADTidyInstaller.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.53.85.74 39937 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.53.85.74|3a|39937/Mozi.m"; flow:to_server,established; http.header; content:"61.53.85.74"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 60.214.33.84 50833 (msg: "MISP e27842 [] Outgoing URL http|3a|//60.214.33.84|3a|50833/Mozi.m"; flow:to_server,established; http.header; content:"60.214.33.84"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 59.96.161.114 33217 (msg: "MISP e27842 [] Outgoing URL http|3a|//59.96.161.114|3a|33217/Mozi.m"; flow:to_server,established; http.header; content:"59.96.161.114"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.227.186.89 36617 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.227.186.89|3a|36617/Mozi.m"; flow:to_server,established; http.header; content:"42.227.186.89"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.141.249.23 50688 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.141.249.23|3a|50688/Mozi.m"; flow:to_server,established; http.header; content:"222.141.249.23"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 185.172.128.146 443 (msg: "MISP e27842 [] Outgoing URL http|3a|//185.172.128.146|3a|443/bin"; flow:to_server,established; http.header; content:"185.172.128.146"; fast_pattern; nocase; http.uri; content:"/bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.122.208.19 53135 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.122.208.19|3a|53135/"; flow:to_server,established; http.header; content:"182.122.208.19"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.113.38.234 50019 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.113.38.234|3a|50019/"; flow:to_server,established; http.header; content:"182.113.38.234"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.112.54.124 39449 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.112.54.124|3a|39449/Mozi.m"; flow:to_server,established; http.header; content:"182.112.54.124"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 171.39.154.108 59291 (msg: "MISP e27842 [] Outgoing URL http|3a|//171.39.154.108|3a|59291/Mozi.m"; flow:to_server,established; http.header; content:"171.39.154.108"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 125.42.126.200 48177 (msg: "MISP e27842 [] Outgoing URL http|3a|//125.42.126.200|3a|48177/Mozi.m"; flow:to_server,established; http.header; content:"125.42.126.200"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.13.7.0 50700 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.13.7.0|3a|50700/bin.sh"; flow:to_server,established; http.header; content:"123.13.7.0"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.13.7.0 50700 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.13.7.0|3a|50700/"; flow:to_server,established; http.header; content:"123.13.7.0"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.179.240.65 56876 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.179.240.65|3a|56876/bin.sh"; flow:to_server,established; http.header; content:"119.179.240.65"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.208.93.247 40270 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.208.93.247|3a|40270/Mozi.m"; flow:to_server,established; http.header; content:"117.208.93.247"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.52.2.14 35987 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.52.2.14|3a|35987/bin.sh"; flow:to_server,established; http.header; content:"115.52.2.14"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 113.221.28.89 53225 (msg: "MISP e27842 [] Outgoing URL http|3a|//113.221.28.89|3a|53225/bin.sh"; flow:to_server,established; http.header; content:"113.221.28.89"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.213.132.56 45511 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.213.132.56|3a|45511/Mozi.m"; flow:to_server,established; http.header; content:"27.213.132.56"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.241.51.49 40121 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.241.51.49|3a|40121/bin.sh"; flow:to_server,established; http.header; content:"222.241.51.49"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//193.233.132.167/cost/lenin.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/cost/lenin.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 183.188.148.146 48488 (msg: "MISP e27842 [] Outgoing URL http|3a|//183.188.148.146|3a|48488/bin.sh"; flow:to_server,established; http.header; content:"183.188.148.146"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.121.199.205 52537 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.121.199.205|3a|52537/i"; flow:to_server,established; http.header; content:"182.121.199.205"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.121.155.185 40285 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.121.155.185|3a|40285/Mozi.m"; flow:to_server,established; http.header; content:"182.121.155.185"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.10.38.60 60493 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.10.38.60|3a|60493/bin.sh"; flow:to_server,established; http.header; content:"123.10.38.60"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.217.32.248 37566 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.217.32.248|3a|37566/Mozi.m"; flow:to_server,established; http.header; content:"117.217.32.248"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.50.188.146 58381 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.50.188.146|3a|58381/i"; flow:to_server,established; http.header; content:"115.50.188.146"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 112.248.105.3 37892 (msg: "MISP e27842 [] Outgoing URL http|3a|//112.248.105.3|3a|37892/Mozi.m"; flow:to_server,established; http.header; content:"112.248.105.3"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 103.169.187.173 46237 (msg: "MISP e27842 [] Outgoing URL http|3a|//103.169.187.173|3a|46237/Mozi.m"; flow:to_server,established; http.header; content:"103.169.187.173"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.224.137.147 35783 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.224.137.147|3a|35783/Mozi.a"; flow:to_server,established; http.header; content:"42.224.137.147"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 39.174.173.54 35713 (msg: "MISP e27842 [] Outgoing URL http|3a|//39.174.173.54|3a|35713/Mozi.m"; flow:to_server,established; http.header; content:"39.174.173.54"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.141.249.23 50688 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.141.249.23|3a|50688/"; flow:to_server,established; http.header; content:"222.141.249.23"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.137.205.92 39798 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.137.205.92|3a|39798/i"; flow:to_server,established; http.header; content:"222.137.205.92"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 189.165.248.63 3224 (msg: "MISP e27842 [] Outgoing URL http|3a|//189.165.248.63|3a|3224/i"; flow:to_server,established; http.header; content:"189.165.248.63"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 189.165.248.63 3224 (msg: "MISP e27842 [] Outgoing URL http|3a|//189.165.248.63|3a|3224/bin.sh"; flow:to_server,established; http.header; content:"189.165.248.63"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.127.52.131 41886 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.127.52.131|3a|41886/i"; flow:to_server,established; http.header; content:"182.127.52.131"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.127.208.236 53280 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.127.208.236|3a|53280/bin.sh"; flow:to_server,established; http.header; content:"182.127.208.236"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.9.26.246 43934 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.9.26.246|3a|43934/i"; flow:to_server,established; http.header; content:"123.9.26.246"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.4.77.37 42840 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.4.77.37|3a|42840/i"; flow:to_server,established; http.header; content:"123.4.77.37"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.251.160.116 40149 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.251.160.116|3a|40149/Mozi.m"; flow:to_server,established; http.header; content:"117.251.160.116"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.99.28 36897 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.99.28|3a|36897/i"; flow:to_server,established; http.header; content:"115.55.99.28"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.246.95 55601 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.246.95|3a|55601/bin.sh"; flow:to_server,established; http.header; content:"115.55.246.95"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.50.188.146 58381 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.50.188.146|3a|58381/bin.sh"; flow:to_server,established; http.header; content:"115.50.188.146"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 113.26.94.194 52929 (msg: "MISP e27842 [] Outgoing URL http|3a|//113.26.94.194|3a|52929/Mozi.a"; flow:to_server,established; http.header; content:"113.26.94.194"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.53.124.182 36736 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.53.124.182|3a|36736/bin.sh"; flow:to_server,established; http.header; content:"61.53.124.182"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.53.121.248 45418 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.53.121.248|3a|45418/bin.sh"; flow:to_server,established; http.header; content:"61.53.121.248"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.220.11.244 59187 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.220.11.244|3a|59187/Mozi.m"; flow:to_server,established; http.header; content:"27.220.11.244"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.215.83.241 39436 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.215.83.241|3a|39436/Mozi.m"; flow:to_server,established; http.header; content:"27.215.83.241"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 223.15.52.192 56151 (msg: "MISP e27842 [] Outgoing URL http|3a|//223.15.52.192|3a|56151/i"; flow:to_server,established; http.header; content:"223.15.52.192"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.138.73.31 39780 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.138.73.31|3a|39780/i"; flow:to_server,established; http.header; content:"222.138.73.31"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.138.73.31 39780 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.138.73.31|3a|39780/bin.sh"; flow:to_server,established; http.header; content:"222.138.73.31"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 219.156.32.83 42274 (msg: "MISP e27842 [] Outgoing URL http|3a|//219.156.32.83|3a|42274/"; flow:to_server,established; http.header; content:"219.156.32.83"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 218.91.173.103 46325 (msg: "MISP e27842 [] Outgoing URL http|3a|//218.91.173.103|3a|46325/Mozi.a"; flow:to_server,established; http.header; content:"218.91.173.103"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.127.52.131 41886 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.127.52.131|3a|41886/bin.sh"; flow:to_server,established; http.header; content:"182.127.52.131"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.126.211.172 45406 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.126.211.172|3a|45406/Mozi.m"; flow:to_server,established; http.header; content:"182.126.211.172"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.114.198.142 47436 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.114.198.142|3a|47436/Mozi.a"; flow:to_server,established; http.header; content:"182.114.198.142"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.113.36.53 45548 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.113.36.53|3a|45548/bin.sh"; flow:to_server,established; http.header; content:"182.113.36.53"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.113.36.53 45548 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.113.36.53|3a|45548/"; flow:to_server,established; http.header; content:"182.113.36.53"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 180.180.217.199 35110 (msg: "MISP e27842 [] Outgoing URL http|3a|//180.180.217.199|3a|35110/Mozi.m"; flow:to_server,established; http.header; content:"180.180.217.199"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.14.159.130 45089 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.14.159.130|3a|45089/Mozi.m"; flow:to_server,established; http.header; content:"123.14.159.130"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.14.145.210 53874 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.14.145.210|3a|53874/Mozi.m"; flow:to_server,established; http.header; content:"123.14.145.210"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.235.54.224 56445 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.235.54.224|3a|56445/Mozi.m"; flow:to_server,established; http.header; content:"117.235.54.224"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.53.121.248 45418 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.53.121.248|3a|45418/i"; flow:to_server,established; http.header; content:"61.53.121.248"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.237.101.32 54395 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.237.101.32|3a|54395/Mozi.m"; flow:to_server,established; http.header; content:"42.237.101.32"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.231.206.22 51706 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.231.206.22|3a|51706/i"; flow:to_server,established; http.header; content:"42.231.206.22"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.231.206.22 51706 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.231.206.22|3a|51706/bin.sh"; flow:to_server,established; http.header; content:"42.231.206.22"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.227.238.10 44048 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.227.238.10|3a|44048/i"; flow:to_server,established; http.header; content:"42.227.238.10"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.137.205.92 39798 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.137.205.92|3a|39798/bin.sh"; flow:to_server,established; http.header; content:"222.137.205.92"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.136.170.25 55077 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.136.170.25|3a|55077/i"; flow:to_server,established; http.header; content:"222.136.170.25"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 219.156.32.83 42274 (msg: "MISP e27842 [] Outgoing URL http|3a|//219.156.32.83|3a|42274/i"; flow:to_server,established; http.header; content:"219.156.32.83"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 219.155.41.155 54889 (msg: "MISP e27842 [] Outgoing URL http|3a|//219.155.41.155|3a|54889/Mozi.m"; flow:to_server,established; http.header; content:"219.155.41.155"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 193.233.132.139 30468 (msg: "MISP e27842 [] Outgoing URL http|3a|//193.233.132.139|3a|30468/zigma/fraer.exe"; flow:to_server,established; http.header; content:"193.233.132.139"; fast_pattern; nocase; http.uri; content:"/zigma/fraer.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 189.165.248.63 3224 (msg: "MISP e27842 [] Outgoing URL http|3a|//189.165.248.63|3a|3224/"; flow:to_server,established; http.header; content:"189.165.248.63"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.124.162.204 48927 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.124.162.204|3a|48927/Mozi.a"; flow:to_server,established; http.header; content:"182.124.162.204"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.213.93.139 40749 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.213.93.139|3a|40749/Mozi.m"; flow:to_server,established; http.header; content:"117.213.93.139"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.50.188.146 58381 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.50.188.146|3a|58381/"; flow:to_server,established; http.header; content:"115.50.188.146"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.48.153.24 34046 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.48.153.24|3a|34046/i"; flow:to_server,established; http.header; content:"115.48.153.24"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.48.153.24 34046 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.48.153.24|3a|34046/bin.sh"; flow:to_server,established; http.header; content:"115.48.153.24"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 112.248.0.43 58533 (msg: "MISP e27842 [] Outgoing URL http|3a|//112.248.0.43|3a|58533/bin.sh"; flow:to_server,established; http.header; content:"112.248.0.43"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.53.94.219 38186 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.53.94.219|3a|38186/i"; flow:to_server,established; http.header; content:"61.53.94.219"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.53.94.219 38186 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.53.94.219|3a|38186/bin.sh"; flow:to_server,established; http.header; content:"61.53.94.219"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.52.116.207 38233 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.52.116.207|3a|38233/Mozi.m"; flow:to_server,established; http.header; content:"61.52.116.207"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.232.225.156 33628 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.232.225.156|3a|33628/Mozi.m"; flow:to_server,established; http.header; content:"42.232.225.156"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.227.238.10 44048 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.227.238.10|3a|44048/bin.sh"; flow:to_server,established; http.header; content:"42.227.238.10"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.227.21.170 53627 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.227.21.170|3a|53627/Mozi.m"; flow:to_server,established; http.header; content:"42.227.21.170"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.226.223.211 40267 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.226.223.211|3a|40267/Mozi.m"; flow:to_server,established; http.header; content:"42.226.223.211"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 39.174.238.92 37339 (msg: "MISP e27842 [] Outgoing URL http|3a|//39.174.238.92|3a|37339/Mozi.m"; flow:to_server,established; http.header; content:"39.174.238.92"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 223.13.85.169 48765 (msg: "MISP e27842 [] Outgoing URL http|3a|//223.13.85.169|3a|48765/i"; flow:to_server,established; http.header; content:"223.13.85.169"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.136.170.25 55077 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.136.170.25|3a|55077/bin.sh"; flow:to_server,established; http.header; content:"222.136.170.25"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.117.27.210 45673 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.117.27.210|3a|45673/bin.sh"; flow:to_server,established; http.header; content:"182.117.27.210"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 125.46.241.41 35142 (msg: "MISP e27842 [] Outgoing URL http|3a|//125.46.241.41|3a|35142/i"; flow:to_server,established; http.header; content:"125.46.241.41"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.14.159.130 45089 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.14.159.130|3a|45089/"; flow:to_server,established; http.header; content:"123.14.159.130"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.200.179.201 52307 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.200.179.201|3a|52307/Mozi.m"; flow:to_server,established; http.header; content:"117.200.179.201"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.237.113 56099 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.237.113|3a|56099/Mozi.m"; flow:to_server,established; http.header; content:"115.55.237.113"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38126991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.196.217 44455 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.196.217|3a|44455/Mozi.m"; flow:to_server,established; http.header; content:"115.55.196.217"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.52.2.14 35987 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.52.2.14|3a|35987/Mozi.m"; flow:to_server,established; http.header; content:"115.52.2.14"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 112.248.113.132 60683 (msg: "MISP e27842 [] Outgoing URL http|3a|//112.248.113.132|3a|60683/Mozi.m"; flow:to_server,established; http.header; content:"112.248.113.132"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.53.82.149 57391 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.53.82.149|3a|57391/Mozi.m"; flow:to_server,established; http.header; content:"61.53.82.149"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.53.252.199 56247 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.53.252.199|3a|56247/Mozi.m"; flow:to_server,established; http.header; content:"61.53.252.199"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.53.119.233 38411 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.53.119.233|3a|38411/i"; flow:to_server,established; http.header; content:"61.53.119.233"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.53.119.233 38411 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.53.119.233|3a|38411/bin.sh"; flow:to_server,established; http.header; content:"61.53.119.233"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 59.93.23.119 35275 (msg: "MISP e27842 [] Outgoing URL http|3a|//59.93.23.119|3a|35275/Mozi.m"; flow:to_server,established; http.header; content:"59.93.23.119"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 39.74.66.78 59736 (msg: "MISP e27842 [] Outgoing URL http|3a|//39.74.66.78|3a|59736/Mozi.m"; flow:to_server,established; http.header; content:"39.74.66.78"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 39.72.210.61 39912 (msg: "MISP e27842 [] Outgoing URL http|3a|//39.72.210.61|3a|39912/Mozi.a"; flow:to_server,established; http.header; content:"39.72.210.61"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.207.226.87 40935 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.207.226.87|3a|40935/bin.sh"; flow:to_server,established; http.header; content:"27.207.226.87"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.140.185.169 57464 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.140.185.169|3a|57464/i"; flow:to_server,established; http.header; content:"222.140.185.169"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.124.12.132 41231 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.124.12.132|3a|41231/Mozi.m"; flow:to_server,established; http.header; content:"182.124.12.132"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.11.160.180 58176 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.11.160.180|3a|58176/i"; flow:to_server,established; http.header; content:"123.11.160.180"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.186.205.191 57011 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.186.205.191|3a|57011/Mozi.m"; flow:to_server,established; http.header; content:"119.186.205.191"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.186.189.122 35974 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.186.189.122|3a|35974/i"; flow:to_server,established; http.header; content:"119.186.189.122"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.186.189.122 35974 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.186.189.122|3a|35974/bin.sh"; flow:to_server,established; http.header; content:"119.186.189.122"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.179.239.213 54745 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.179.239.213|3a|54745/i"; flow:to_server,established; http.header; content:"119.179.239.213"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.211.208.253 48676 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.211.208.253|3a|48676/Mozi.m"; flow:to_server,established; http.header; content:"117.211.208.253"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert ip $HOME_NET any -> 38.242.236.116 7777 (msg: "MISP e27819 [asyncrat,RAT] Outgoing To IP: 38.242.236.116|7777"; classtype:trojan-activity; sid:38088621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 81.94.150.166 443 (msg: "MISP e27819 [c2] Outgoing To IP: 81.94.150.166|443"; classtype:trojan-activity; sid:38088631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname authenticationndomainmailservernow03.pages.dev"; dns.query; content:"authenticationndomainmailservernow03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])authenticationndomainmailservernow03\.pages\.dev$/i"; classtype:trojan-activity; sid:38116081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname authenticationndomainmailservernow03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| authenticationndomainmailservernow03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])authenticationndomainmailservernow03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//authenticationndomainmailservernow03.pages.dev"; flow:to_server,established; http.header; content:"authenticationndomainmailservernow03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname wiopesalfhksiemainsoedkines03.pages.dev"; dns.query; content:"wiopesalfhksiemainsoedkines03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wiopesalfhksiemainsoedkines03\.pages\.dev$/i"; classtype:trojan-activity; sid:38116121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname wiopesalfhksiemainsoedkines03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| wiopesalfhksiemainsoedkines03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wiopesalfhksiemainsoedkines03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//wiopesalfhksiemainsoedkines03.pages.dev"; flow:to_server,established; http.header; content:"wiopesalfhksiemainsoedkines03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegram.dog"; dns.query; content:"telegram.dog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog$/i"; classtype:trojan-activity; sid:38116161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegram.dog"; flow:to_server,established; http.header; content: "Host|3a| telegram.dog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegram\.dog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname channelhub.info"; dns.query; content:"channelhub.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])channelhub\.info$/i"; classtype:trojan-activity; sid:38116201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname channelhub.info"; flow:to_server,established; http.header; content: "Host|3a| channelhub.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])channelhub\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//channelhub.info/2d62bb17alb5bc4012sa0fa8bfab5fa3fc12.html"; flow:to_server,established; http.header; content:"channelhub.info"; fast_pattern; nocase; http.uri; content:"/2d62bb17alb5bc4012sa0fa8bfab5fa3fc12.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname iofa8sni2r-1324839608.cos.ap-beijing-fsi.myqcloud.com"; dns.query; content:"iofa8sni2r-1324839608.cos.ap-beijing-fsi.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iofa8sni2r\-1324839608\.cos\.ap\-beijing\-fsi\.myqcloud\.com$/i"; classtype:trojan-activity; sid:38116241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname iofa8sni2r-1324839608.cos.ap-beijing-fsi.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| iofa8sni2r-1324839608.cos.ap-beijing-fsi.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])iofa8sni2r\-1324839608\.cos\.ap\-beijing\-fsi\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//iofa8sni2r-1324839608.cos.ap-beijing-fsi.myqcloud.com/iofa8sni2r.html?e=b*******@s************.com/"; flow:to_server,established; http.header; content:"iofa8sni2r-1324839608.cos.ap-beijing-fsi.myqcloud.com"; fast_pattern; nocase; http.uri; content:"/iofa8sni2r.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname fw4nrzngjix-1324839608.cos.ap-bangkok.myqcloud.com"; dns.query; content:"fw4nrzngjix-1324839608.cos.ap-bangkok.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fw4nrzngjix\-1324839608\.cos\.ap\-bangkok\.myqcloud\.com$/i"; classtype:trojan-activity; sid:38116281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname fw4nrzngjix-1324839608.cos.ap-bangkok.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| fw4nrzngjix-1324839608.cos.ap-bangkok.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fw4nrzngjix\-1324839608\.cos\.ap\-bangkok\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname channelhub.info"; dns.query; content:"channelhub.info"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])channelhub\.info$/i"; classtype:trojan-activity; sid:38116321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname channelhub.info"; flow:to_server,established; http.header; content: "Host|3a| channelhub.info"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])channelhub\.info[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//channelhub.info/231e98bb1ld3c0428bs885d0541b183c3ceb.html"; flow:to_server,established; http.header; content:"channelhub.info"; fast_pattern; nocase; http.uri; content:"/231e98bb1ld3c0428bs885d0541b183c3ceb.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname camp.vip-scripter.xyz"; dns.query; content:"camp.vip-scripter.xyz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])camp\.vip\-scripter\.xyz$/i"; classtype:trojan-activity; sid:38116361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname camp.vip-scripter.xyz"; flow:to_server,established; http.header; content: "Host|3a| camp.vip-scripter.xyz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])camp\.vip\-scripter\.xyz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname amazingchannel.sbs"; dns.query; content:"amazingchannel.sbs"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])amazingchannel\.sbs$/i"; classtype:trojan-activity; sid:38116401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname amazingchannel.sbs"; flow:to_server,established; http.header; content: "Host|3a| amazingchannel.sbs"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])amazingchannel\.sbs[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//amazingchannel.sbs/"; flow:to_server,established; http.header; content:"amazingchannel.sbs"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname sjdfoeusoednhskiuovescenisu04.pages.dev"; dns.query; content:"sjdfoeusoednhskiuovescenisu04.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjdfoeusoednhskiuovescenisu04\.pages\.dev$/i"; classtype:trojan-activity; sid:38116441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname sjdfoeusoednhskiuovescenisu04.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sjdfoeusoednhskiuovescenisu04.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjdfoeusoednhskiuovescenisu04\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//sjdfoeusoednhskiuovescenisu04.pages.dev"; flow:to_server,established; http.header; content:"sjdfoeusoednhskiuovescenisu04.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname lkjhsgvcxzaq21234567889ijhgu90oklmnbvcxzaq123345rcxzswqazx.pages.dev"; dns.query; content:"lkjhsgvcxzaq21234567889ijhgu90oklmnbvcxzaq123345rcxzswqazx.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lkjhsgvcxzaq21234567889ijhgu90oklmnbvcxzaq123345rcxzswqazx\.pages\.dev$/i"; classtype:trojan-activity; sid:38116481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname lkjhsgvcxzaq21234567889ijhgu90oklmnbvcxzaq123345rcxzswqazx.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| lkjhsgvcxzaq21234567889ijhgu90oklmnbvcxzaq123345rcxzswqazx.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lkjhsgvcxzaq21234567889ijhgu90oklmnbvcxzaq123345rcxzswqazx\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//lkjhsgvcxzaq21234567889ijhgu90oklmnbvcxzaq123345rcxzswqazx.pages.dev"; flow:to_server,established; http.header; content:"lkjhsgvcxzaq21234567889ijhgu90oklmnbvcxzaq123345rcxzswqazx.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname whatsaowap.cc"; dns.query; content:"whatsaowap.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsaowap\.cc$/i"; classtype:trojan-activity; sid:38116521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname whatsaowap.cc"; flow:to_server,established; http.header; content: "Host|3a| whatsaowap.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])whatsaowap\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//whatsaowap.cc"; flow:to_server,established; http.header; content:"whatsaowap.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname semeoisjgaoeiwxbcnjshdue2.pages.dev"; dns.query; content:"semeoisjgaoeiwxbcnjshdue2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])semeoisjgaoeiwxbcnjshdue2\.pages\.dev$/i"; classtype:trojan-activity; sid:38116561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname semeoisjgaoeiwxbcnjshdue2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| semeoisjgaoeiwxbcnjshdue2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])semeoisjgaoeiwxbcnjshdue2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//semeoisjgaoeiwxbcnjshdue2.pages.dev"; flow:to_server,established; http.header; content:"semeoisjgaoeiwxbcnjshdue2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname walletconnect-dapps.pages.dev"; dns.query; content:"walletconnect-dapps.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])walletconnect\-dapps\.pages\.dev$/i"; classtype:trojan-activity; sid:38116601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname walletconnect-dapps.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| walletconnect-dapps.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])walletconnect\-dapps\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//walletconnect-dapps.pages.dev"; flow:to_server,established; http.header; content:"walletconnect-dapps.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ysb238.cc"; dns.query; content:"ysb238.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ysb238\.cc$/i"; classtype:trojan-activity; sid:38116641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ysb238.cc"; flow:to_server,established; http.header; content: "Host|3a| ysb238.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ysb238\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//ysb238.cc"; flow:to_server,established; http.header; content:"ysb238.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname siuhpagwesbvazxlckjweroiuqazbxm3.pages.dev"; dns.query; content:"siuhpagwesbvazxlckjweroiuqazbxm3.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])siuhpagwesbvazxlckjweroiuqazbxm3\.pages\.dev$/i"; classtype:trojan-activity; sid:38116681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname siuhpagwesbvazxlckjweroiuqazbxm3.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| siuhpagwesbvazxlckjweroiuqazbxm3.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])siuhpagwesbvazxlckjweroiuqazbxm3\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//siuhpagwesbvazxlckjweroiuqazbxm3.pages.dev"; flow:to_server,established; http.header; content:"siuhpagwesbvazxlckjweroiuqazbxm3.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname semeoisjgaoeiwxbcnjshdue02.pages.dev"; dns.query; content:"semeoisjgaoeiwxbcnjshdue02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])semeoisjgaoeiwxbcnjshdue02\.pages\.dev$/i"; classtype:trojan-activity; sid:38116721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname semeoisjgaoeiwxbcnjshdue02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| semeoisjgaoeiwxbcnjshdue02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])semeoisjgaoeiwxbcnjshdue02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//semeoisjgaoeiwxbcnjshdue02.pages.dev"; flow:to_server,established; http.header; content:"semeoisjgaoeiwxbcnjshdue02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarm-pfy.com"; dns.query; content:"telegarm-pfy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarm\-pfy\.com$/i"; classtype:trojan-activity; sid:38116761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarm-pfy.com"; flow:to_server,established; http.header; content: "Host|3a| telegarm-pfy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarm\-pfy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarm-pfy.com/"; flow:to_server,established; http.header; content:"telegarm-pfy.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegatm-rtg.com"; dns.query; content:"telegatm-rtg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegatm\-rtg\.com$/i"; classtype:trojan-activity; sid:38116801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegatm-rtg.com"; flow:to_server,established; http.header; content: "Host|3a| telegatm-rtg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegatm\-rtg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegatm-rtg.com/"; flow:to_server,established; http.header; content:"telegatm-rtg.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegatm-ril.com"; dns.query; content:"telegatm-ril.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegatm\-ril\.com$/i"; classtype:trojan-activity; sid:38116841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegatm-ril.com"; flow:to_server,established; http.header; content: "Host|3a| telegatm-ril.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegatm\-ril\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegatm-ril.com/"; flow:to_server,established; http.header; content:"telegatm-ril.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarn-fn.com"; dns.query; content:"telegarn-fn.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarn\-fn\.com$/i"; classtype:trojan-activity; sid:38116881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarn-fn.com"; flow:to_server,established; http.header; content: "Host|3a| telegarn-fn.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarn\-fn\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarn-fn.com/"; flow:to_server,established; http.header; content:"telegarn-fn.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarn-el.com"; dns.query; content:"telegarn-el.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarn\-el\.com$/i"; classtype:trojan-activity; sid:38116921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarn-el.com"; flow:to_server,established; http.header; content: "Host|3a| telegarn-el.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarn\-el\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarn-el.com/"; flow:to_server,established; http.header; content:"telegarn-el.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarc-rqw.com"; dns.query; content:"telegarc-rqw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-rqw\.com$/i"; classtype:trojan-activity; sid:38116961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarc-rqw.com"; flow:to_server,established; http.header; content: "Host|3a| telegarc-rqw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-rqw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38116962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarc-rqw.com/"; flow:to_server,established; http.header; content:"telegarc-rqw.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38116971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarc-pmc.com"; dns.query; content:"telegarc-pmc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-pmc\.com$/i"; classtype:trojan-activity; sid:38117001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarc-pmc.com"; flow:to_server,established; http.header; content: "Host|3a| telegarc-pmc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-pmc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarc-pmc.com/"; flow:to_server,established; http.header; content:"telegarc-pmc.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarc-oud.com"; dns.query; content:"telegarc-oud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-oud\.com$/i"; classtype:trojan-activity; sid:38117041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarc-oud.com"; flow:to_server,established; http.header; content: "Host|3a| telegarc-oud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-oud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarc-oud.com/"; flow:to_server,established; http.header; content:"telegarc-oud.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarc-nzb.com"; dns.query; content:"telegarc-nzb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-nzb\.com$/i"; classtype:trojan-activity; sid:38117081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarc-nzb.com"; flow:to_server,established; http.header; content: "Host|3a| telegarc-nzb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-nzb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarc-nzb.com/"; flow:to_server,established; http.header; content:"telegarc-nzb.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarc-kcs.com"; dns.query; content:"telegarc-kcs.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-kcs\.com$/i"; classtype:trojan-activity; sid:38117121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarc-kcs.com"; flow:to_server,established; http.header; content: "Host|3a| telegarc-kcs.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-kcs\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarc-kcs.com/"; flow:to_server,established; http.header; content:"telegarc-kcs.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarc-jej.com"; dns.query; content:"telegarc-jej.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-jej\.com$/i"; classtype:trojan-activity; sid:38117161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarc-jej.com"; flow:to_server,established; http.header; content: "Host|3a| telegarc-jej.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-jej\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarc-jej.com/"; flow:to_server,established; http.header; content:"telegarc-jej.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarc-fki.com"; dns.query; content:"telegarc-fki.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-fki\.com$/i"; classtype:trojan-activity; sid:38117201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarc-fki.com"; flow:to_server,established; http.header; content: "Host|3a| telegarc-fki.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-fki\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarc-fki.com/"; flow:to_server,established; http.header; content:"telegarc-fki.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarc-feq.com"; dns.query; content:"telegarc-feq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-feq\.com$/i"; classtype:trojan-activity; sid:38117241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarc-feq.com"; flow:to_server,established; http.header; content: "Host|3a| telegarc-feq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-feq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarc-feq.com/"; flow:to_server,established; http.header; content:"telegarc-feq.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarc-ayy.com"; dns.query; content:"telegarc-ayy.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-ayy\.com$/i"; classtype:trojan-activity; sid:38117281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarc-ayy.com"; flow:to_server,established; http.header; content: "Host|3a| telegarc-ayy.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarc\-ayy\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegarc-ayy.com/"; flow:to_server,established; http.header; content:"telegarc-ayy.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegatm-ryq.com"; dns.query; content:"telegatm-ryq.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegatm\-ryq\.com$/i"; classtype:trojan-activity; sid:38117321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegatm-ryq.com"; flow:to_server,established; http.header; content: "Host|3a| telegatm-ryq.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegatm\-ryq\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telegatm-ryq.com/"; flow:to_server,established; http.header; content:"telegatm-ryq.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ussptc.com"; dns.query; content:"ussptc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussptc\.com$/i"; classtype:trojan-activity; sid:38117361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ussptc.com"; flow:to_server,established; http.header; content: "Host|3a| ussptc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussptc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname intolwieol.com"; dns.query; content:"intolwieol.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intolwieol\.com$/i"; classtype:trojan-activity; sid:38117401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname intolwieol.com"; flow:to_server,established; http.header; content: "Host|3a| intolwieol.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])intolwieol\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//intolwieol.com"; flow:to_server,established; http.header; content:"intolwieol.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname yeoisgdoiuhdysidaryjewsg4.pages.dev"; dns.query; content:"yeoisgdoiuhdysidaryjewsg4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeoisgdoiuhdysidaryjewsg4\.pages\.dev$/i"; classtype:trojan-activity; sid:38117441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname yeoisgdoiuhdysidaryjewsg4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| yeoisgdoiuhdysidaryjewsg4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])yeoisgdoiuhdysidaryjewsg4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//yeoisgdoiuhdysidaryjewsg4.pages.dev"; flow:to_server,established; http.header; content:"yeoisgdoiuhdysidaryjewsg4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname siuhpagwesbvazxlckjweroiuqazbxm.pages.dev"; dns.query; content:"siuhpagwesbvazxlckjweroiuqazbxm.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])siuhpagwesbvazxlckjweroiuqazbxm\.pages\.dev$/i"; classtype:trojan-activity; sid:38117481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname siuhpagwesbvazxlckjweroiuqazbxm.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| siuhpagwesbvazxlckjweroiuqazbxm.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])siuhpagwesbvazxlckjweroiuqazbxm\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//siuhpagwesbvazxlckjweroiuqazbxm.pages.dev"; flow:to_server,established; http.header; content:"siuhpagwesbvazxlckjweroiuqazbxm.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname processingref.pages.dev"; dns.query; content:"processingref.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])processingref\.pages\.dev$/i"; classtype:trojan-activity; sid:38117521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname processingref.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| processingref.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])processingref\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//processingref.pages.dev"; flow:to_server,established; http.header; content:"processingref.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname peugeot-404.com"; dns.query; content:"peugeot-404.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])peugeot\-404\.com$/i"; classtype:trojan-activity; sid:38117561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname peugeot-404.com"; flow:to_server,established; http.header; content: "Host|3a| peugeot-404.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])peugeot\-404\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokev.cc"; dns.query; content:"tokev.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokev\.cc$/i"; classtype:trojan-activity; sid:38117601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokev.cc"; flow:to_server,established; http.header; content: "Host|3a| tokev.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokev\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokev.cc"; flow:to_server,established; http.header; content:"tokev.cc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname dmksiodkfuyewns894509sdjfui3278dnfuiesmdkiyr75asnjfki4.pages.dev"; dns.query; content:"dmksiodkfuyewns894509sdjfui3278dnfuiesmdkiyr75asnjfki4.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dmksiodkfuyewns894509sdjfui3278dnfuiesmdkiyr75asnjfki4\.pages\.dev$/i"; classtype:trojan-activity; sid:38117641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname dmksiodkfuyewns894509sdjfui3278dnfuiesmdkiyr75asnjfki4.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| dmksiodkfuyewns894509sdjfui3278dnfuiesmdkiyr75asnjfki4.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dmksiodkfuyewns894509sdjfui3278dnfuiesmdkiyr75asnjfki4\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//dmksiodkfuyewns894509sdjfui3278dnfuiesmdkiyr75asnjfki4.pages.dev"; flow:to_server,established; http.header; content:"dmksiodkfuyewns894509sdjfui3278dnfuiesmdkiyr75asnjfki4.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname nbfgdertyujkljuytrfgvbhtrtdfcbvnjhtrtf.pages.dev"; dns.query; content:"nbfgdertyujkljuytrfgvbhtrtdfcbvnjhtrtf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nbfgdertyujkljuytrfgvbhtrtdfcbvnjhtrtf\.pages\.dev$/i"; classtype:trojan-activity; sid:38117681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname nbfgdertyujkljuytrfgvbhtrtdfcbvnjhtrtf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nbfgdertyujkljuytrfgvbhtrtdfcbvnjhtrtf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nbfgdertyujkljuytrfgvbhtrtdfcbvnjhtrtf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//nbfgdertyujkljuytrfgvbhtrtdfcbvnjhtrtf.pages.dev"; flow:to_server,established; http.header; content:"nbfgdertyujkljuytrfgvbhtrtdfcbvnjhtrtf.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname marttinsdomaindevolopentstratagescomputerservice2.pages.dev"; dns.query; content:"marttinsdomaindevolopentstratagescomputerservice2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marttinsdomaindevolopentstratagescomputerservice2\.pages\.dev$/i"; classtype:trojan-activity; sid:38117721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname marttinsdomaindevolopentstratagescomputerservice2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| marttinsdomaindevolopentstratagescomputerservice2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])marttinsdomaindevolopentstratagescomputerservice2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//marttinsdomaindevolopentstratagescomputerservice2.pages.dev"; flow:to_server,established; http.header; content:"marttinsdomaindevolopentstratagescomputerservice2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname hjsuhdmj83749oslkfmjduhba78394ijshdyena89d04nm1.pages.dev"; dns.query; content:"hjsuhdmj83749oslkfmjduhba78394ijshdyena89d04nm1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hjsuhdmj83749oslkfmjduhba78394ijshdyena89d04nm1\.pages\.dev$/i"; classtype:trojan-activity; sid:38117761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname hjsuhdmj83749oslkfmjduhba78394ijshdyena89d04nm1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hjsuhdmj83749oslkfmjduhba78394ijshdyena89d04nm1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hjsuhdmj83749oslkfmjduhba78394ijshdyena89d04nm1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//hjsuhdmj83749oslkfmjduhba78394ijshdyena89d04nm1.pages.dev"; flow:to_server,established; http.header; content:"hjsuhdmj83749oslkfmjduhba78394ijshdyena89d04nm1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname comunicationmailserverdomailserviceintelactual1.pages.dev"; dns.query; content:"comunicationmailserverdomailserviceintelactual1.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])comunicationmailserverdomailserviceintelactual1\.pages\.dev$/i"; classtype:trojan-activity; sid:38117801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname comunicationmailserverdomailserviceintelactual1.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| comunicationmailserverdomailserviceintelactual1.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])comunicationmailserverdomailserviceintelactual1\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//comunicationmailserverdomailserviceintelactual1.pages.dev"; flow:to_server,established; http.header; content:"comunicationmailserverdomailserviceintelactual1.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname use2.pages.dev"; dns.query; content:"use2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])use2\.pages\.dev$/i"; classtype:trojan-activity; sid:38117841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname use2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| use2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])use2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//use2.pages.dev"; flow:to_server,established; http.header; content:"use2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname httpjdhdkdjwwperiodicupdates2hoqqhsj.pages.dev"; dns.query; content:"httpjdhdkdjwwperiodicupdates2hoqqhsj.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])httpjdhdkdjwwperiodicupdates2hoqqhsj\.pages\.dev$/i"; classtype:trojan-activity; sid:38117881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname httpjdhdkdjwwperiodicupdates2hoqqhsj.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| httpjdhdkdjwwperiodicupdates2hoqqhsj.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])httpjdhdkdjwwperiodicupdates2hoqqhsj\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//httpjdhdkdjwwperiodicupdates2hoqqhsj.pages.dev"; flow:to_server,established; http.header; content:"httpjdhdkdjwwperiodicupdates2hoqqhsj.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname sevreh59.pages.dev"; dns.query; content:"sevreh59.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sevreh59\.pages\.dev$/i"; classtype:trojan-activity; sid:38117961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname sevreh59.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sevreh59.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sevreh59\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38117962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//sevreh59.pages.dev"; flow:to_server,established; http.header; content:"sevreh59.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38117971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpoeket.net"; dns.query; content:"tokenpoeket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpoeket\.net$/i"; classtype:trojan-activity; sid:38118001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpoeket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpoeket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpoeket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpoeket.net/"; flow:to_server,established; http.header; content:"tokenpoeket.net"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38118011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname token-pocket.net"; dns.query; content:"token-pocket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])token\-pocket\.net$/i"; classtype:trojan-activity; sid:38118041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname token-pocket.net"; flow:to_server,established; http.header; content: "Host|3a| token-pocket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])token\-pocket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbpket.net"; dns.query; content:"tokenpbpket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbpket\.net$/i"; classtype:trojan-activity; sid:38118081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbpket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpbpket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbpket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpblket.net"; dns.query; content:"tokenpblket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpblket\.net$/i"; classtype:trojan-activity; sid:38118121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpblket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpblket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpblket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpblket.net/"; flow:to_server,established; http.header; content:"tokenpblket.net"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38118131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbkket.net"; dns.query; content:"tokenpbkket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbkket\.net$/i"; classtype:trojan-activity; sid:38118161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbkket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpbkket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbkket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpbkket.net/"; flow:to_server,established; http.header; content:"tokenpbkket.net"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38118171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname nemsegastrefutomehaser03.pages.dev"; dns.query; content:"nemsegastrefutomehaser03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nemsegastrefutomehaser03\.pages\.dev$/i"; classtype:trojan-activity; sid:38118201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname nemsegastrefutomehaser03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| nemsegastrefutomehaser03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])nemsegastrefutomehaser03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//nemsegastrefutomehaser03.pages.dev"; flow:to_server,established; http.header; content:"nemsegastrefutomehaser03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38118211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbiket.net"; dns.query; content:"tokenpbiket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbiket\.net$/i"; classtype:trojan-activity; sid:38118241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbiket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpbiket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbiket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpbiket.net/"; flow:to_server,established; http.header; content:"tokenpbiket.net"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38118251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbgket.net"; dns.query; content:"tokenpbgket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbgket\.net$/i"; classtype:trojan-activity; sid:38118281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbgket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpbgket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbgket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbeket.net"; dns.query; content:"tokenpbeket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbeket\.net$/i"; classtype:trojan-activity; sid:38118321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbeket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpbeket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbeket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbdket.net"; dns.query; content:"tokenpbdket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbdket\.net$/i"; classtype:trojan-activity; sid:38118361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbdket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpbdket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbdket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbcket.net"; dns.query; content:"tokenpbcket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbcket\.net$/i"; classtype:trojan-activity; sid:38118401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbcket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpbcket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbcket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpazket.net"; dns.query; content:"tokenpazket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.net$/i"; classtype:trojan-activity; sid:38118441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpazket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpazket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpazket.net/"; flow:to_server,established; http.header; content:"tokenpazket.net"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38118451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpayket.net"; dns.query; content:"tokenpayket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpayket\.net$/i"; classtype:trojan-activity; sid:38118481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpayket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpayket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpayket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpaxket.net"; dns.query; content:"tokenpaxket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaxket\.net$/i"; classtype:trojan-activity; sid:38118521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpaxket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpaxket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaxket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpauket.net"; dns.query; content:"tokenpauket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpauket\.net$/i"; classtype:trojan-activity; sid:38118561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpauket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpauket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpauket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpatket.net"; dns.query; content:"tokenpatket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpatket\.net$/i"; classtype:trojan-activity; sid:38118601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpatket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpatket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpatket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenparket.net"; dns.query; content:"tokenparket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenparket\.net$/i"; classtype:trojan-activity; sid:38118641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenparket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenparket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenparket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpaqket.net"; dns.query; content:"tokenpaqket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaqket\.net$/i"; classtype:trojan-activity; sid:38118681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpaqket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpaqket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaqket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpaoket.net"; dns.query; content:"tokenpaoket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaoket\.net$/i"; classtype:trojan-activity; sid:38118721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpaoket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpaoket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaoket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpanket.net"; dns.query; content:"tokenpanket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpanket\.net$/i"; classtype:trojan-activity; sid:38118761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpanket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpanket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpanket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpanket.net/"; flow:to_server,established; http.header; content:"tokenpanket.net"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38118771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpamket.net"; dns.query; content:"tokenpamket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpamket\.net$/i"; classtype:trojan-activity; sid:38118801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpamket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpamket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpamket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpalket.net"; dns.query; content:"tokenpalket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpalket\.net$/i"; classtype:trojan-activity; sid:38118841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpalket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpalket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpalket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpalket.net/"; flow:to_server,established; http.header; content:"tokenpalket.net"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38118851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpakket.net"; dns.query; content:"tokenpakket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpakket\.net$/i"; classtype:trojan-activity; sid:38118881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpakket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpakket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpakket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpakket.net/"; flow:to_server,established; http.header; content:"tokenpakket.net"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38118891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpajket.net"; dns.query; content:"tokenpajket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpajket\.net$/i"; classtype:trojan-activity; sid:38118921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpajket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpajket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpajket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpaiket.net"; dns.query; content:"tokenpaiket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaiket\.net$/i"; classtype:trojan-activity; sid:38118961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpaiket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpaiket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaiket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38118962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpahket.net"; dns.query; content:"tokenpahket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpahket\.net$/i"; classtype:trojan-activity; sid:38119001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpahket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpahket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpahket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpafket.net"; dns.query; content:"tokenpafket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpafket\.net$/i"; classtype:trojan-activity; sid:38119041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpafket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpafket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpafket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpaeket.net"; dns.query; content:"tokenpaeket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaeket\.net$/i"; classtype:trojan-activity; sid:38119081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpaeket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpaeket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpaeket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpadket.net"; dns.query; content:"tokenpadket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpadket\.net$/i"; classtype:trojan-activity; sid:38119121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpadket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpadket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpadket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpadket.net/"; flow:to_server,established; http.header; content:"tokenpadket.net"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38119131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname odelltim43.wixsite.com"; dns.query; content:"odelltim43.wixsite.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])odelltim43\.wixsite\.com$/i"; classtype:trojan-activity; sid:38119161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname odelltim43.wixsite.com"; flow:to_server,established; http.header; content: "Host|3a| odelltim43.wixsite.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])odelltim43\.wixsite\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uzbancolishka.shop"; dns.query; content:"uzbancolishka.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uzbancolishka\.shop$/i"; classtype:trojan-activity; sid:38119241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uzbancolishka.shop"; flow:to_server,established; http.header; content: "Host|3a| uzbancolishka.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uzbancolishka\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//uzbancolishka.shop"; flow:to_server,established; http.header; content:"uzbancolishka.shop"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38119251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbrket.ist"; dns.query; content:"tokenpbrket.ist"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbrket\.ist$/i"; classtype:trojan-activity; sid:38119281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbrket.ist"; flow:to_server,established; http.header; content: "Host|3a| tokenpbrket.ist"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbrket\.ist[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbqket.ist"; dns.query; content:"tokenpbqket.ist"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.ist$/i"; classtype:trojan-activity; sid:38119321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbqket.ist"; flow:to_server,established; http.header; content: "Host|3a| tokenpbqket.ist"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbqket\.ist[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpbqket.ist/"; flow:to_server,established; http.header; content:"tokenpbqket.ist"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38119331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbfket.ist"; dns.query; content:"tokenpbfket.ist"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbfket\.ist$/i"; classtype:trojan-activity; sid:38119361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbfket.ist"; flow:to_server,established; http.header; content: "Host|3a| tokenpbfket.ist"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbfket\.ist[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpbfket.ist/"; flow:to_server,established; http.header; content:"tokenpbfket.ist"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38119371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbaket.ist"; dns.query; content:"tokenpbaket.ist"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.ist$/i"; classtype:trojan-activity; sid:38119401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbaket.ist"; flow:to_server,established; http.header; content: "Host|3a| tokenpbaket.ist"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbaket\.ist[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpazket.ist"; dns.query; content:"tokenpazket.ist"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.ist$/i"; classtype:trojan-activity; sid:38119441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpazket.ist"; flow:to_server,established; http.header; content: "Host|3a| tokenpazket.ist"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpazket\.ist[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ussptb.com"; dns.query; content:"ussptb.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussptb\.com$/i"; classtype:trojan-activity; sid:38119481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ussptb.com"; flow:to_server,established; http.header; content: "Host|3a| ussptb.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussptb\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//ussptb.com"; flow:to_server,established; http.header; content:"ussptb.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38119491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname edsaqasdwertyujbvcxzaqasdcfvbnmkjhgftyuikmnbvbnjkiopoiuyre.pages.dev"; dns.query; content:"edsaqasdwertyujbvcxzaqasdcfvbnmkjhgftyuikmnbvbnjkiopoiuyre.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edsaqasdwertyujbvcxzaqasdcfvbnmkjhgftyuikmnbvbnjkiopoiuyre\.pages\.dev$/i"; classtype:trojan-activity; sid:38119521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname edsaqasdwertyujbvcxzaqasdcfvbnmkjhgftyuikmnbvbnjkiopoiuyre.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| edsaqasdwertyujbvcxzaqasdcfvbnmkjhgftyuikmnbvbnjkiopoiuyre.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edsaqasdwertyujbvcxzaqasdcfvbnmkjhgftyuikmnbvbnjkiopoiuyre\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//edsaqasdwertyujbvcxzaqasdcfvbnmkjhgftyuikmnbvbnjkiopoiuyre.pages.dev"; flow:to_server,established; http.header; content:"edsaqasdwertyujbvcxzaqasdcfvbnmkjhgftyuikmnbvbnjkiopoiuyre.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38119531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname unrepotmd.store"; dns.query; content:"unrepotmd.store"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unrepotmd\.store$/i"; classtype:trojan-activity; sid:38119561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname unrepotmd.store"; flow:to_server,established; http.header; content: "Host|3a| unrepotmd.store"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])unrepotmd\.store[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname xsvhjfwryf.fun"; dns.query; content:"xsvhjfwryf.fun"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xsvhjfwryf\.fun$/i"; classtype:trojan-activity; sid:38119601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname xsvhjfwryf.fun"; flow:to_server,established; http.header; content: "Host|3a| xsvhjfwryf.fun"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xsvhjfwryf\.fun[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname xcdwefdzaqwsdftrtyunmkolkmkbvcxde32wsxzaqwegvcfghytrr4efvc.pages.dev"; dns.query; content:"xcdwefdzaqwsdftrtyunmkolkmkbvcxde32wsxzaqwegvcfghytrr4efvc.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xcdwefdzaqwsdftrtyunmkolkmkbvcxde32wsxzaqwegvcfghytrr4efvc\.pages\.dev$/i"; classtype:trojan-activity; sid:38119641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname xcdwefdzaqwsdftrtyunmkolkmkbvcxde32wsxzaqwegvcfghytrr4efvc.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| xcdwefdzaqwsdftrtyunmkolkmkbvcxde32wsxzaqwegvcfghytrr4efvc.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])xcdwefdzaqwsdftrtyunmkolkmkbvcxde32wsxzaqwegvcfghytrr4efvc\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//xcdwefdzaqwsdftrtyunmkolkmkbvcxde32wsxzaqwegvcfghytrr4efvc.pages.dev"; flow:to_server,established; http.header; content:"xcdwefdzaqwsdftrtyunmkolkmkbvcxde32wsxzaqwegvcfghytrr4efvc.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38119651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname securembly.com"; dns.query; content:"securembly.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])securembly\.com$/i"; classtype:trojan-activity; sid:38119681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname securembly.com"; flow:to_server,established; http.header; content: "Host|3a| securembly.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])securembly\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 2oqnjc8zlu-1324839608.cos.na-ashburn.myqcloud.com"; dns.query; content:"2oqnjc8zlu-1324839608.cos.na-ashburn.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2oqnjc8zlu\-1324839608\.cos\.na\-ashburn\.myqcloud\.com$/i"; classtype:trojan-activity; sid:38119721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 2oqnjc8zlu-1324839608.cos.na-ashburn.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| 2oqnjc8zlu-1324839608.cos.na-ashburn.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])2oqnjc8zlu\-1324839608\.cos\.na\-ashburn\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegarm-c.com"; dns.query; content:"telegarm-c.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarm\-c\.com$/i"; classtype:trojan-activity; sid:38119761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegarm-c.com"; flow:to_server,established; http.header; content: "Host|3a| telegarm-c.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegarm\-c\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpockeo.com"; dns.query; content:"tokenpockeo.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpockeo\.com$/i"; classtype:trojan-activity; sid:38119801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpockeo.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpockeo.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpockeo\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ghsfgyowkunoeweijacziajhd04.pages.dev"; dns.query; content:"ghsfgyowkunoeweijacziajhd04.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghsfgyowkunoeweijacziajhd04\.pages\.dev$/i"; classtype:trojan-activity; sid:38119841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ghsfgyowkunoeweijacziajhd04.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ghsfgyowkunoeweijacziajhd04.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghsfgyowkunoeweijacziajhd04\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//ghsfgyowkunoeweijacziajhd04.pages.dev"; flow:to_server,established; http.header; content:"ghsfgyowkunoeweijacziajhd04.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38119851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname hello-world-orange-fire-d357.ccem1929.workers.dev"; dns.query; content:"hello-world-orange-fire-d357.ccem1929.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-orange\-fire\-d357\.ccem1929\.workers\.dev$/i"; classtype:trojan-activity; sid:38119881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname hello-world-orange-fire-d357.ccem1929.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-orange-fire-d357.ccem1929.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-orange\-fire\-d357\.ccem1929\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//hello-world-orange-fire-d357.ccem1929.workers.dev"; flow:to_server,established; http.header; content:"hello-world-orange-fire-d357.ccem1929.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38119891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ghsfgyowkunoeweijacziajhd02.pages.dev"; dns.query; content:"ghsfgyowkunoeweijacziajhd02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghsfgyowkunoeweijacziajhd02\.pages\.dev$/i"; classtype:trojan-activity; sid:38119921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ghsfgyowkunoeweijacziajhd02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| ghsfgyowkunoeweijacziajhd02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ghsfgyowkunoeweijacziajhd02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//ghsfgyowkunoeweijacziajhd02.pages.dev"; flow:to_server,established; http.header; content:"ghsfgyowkunoeweijacziajhd02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38119931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telegramsites.com"; dns.query; content:"telegramsites.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsites\.com$/i"; classtype:trojan-activity; sid:38119961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telegramsites.com"; flow:to_server,established; http.header; content: "Host|3a| telegramsites.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telegramsites\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38119962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname telwgram.top"; dns.query; content:"telwgram.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telwgram\.top$/i"; classtype:trojan-activity; sid:38120001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname telwgram.top"; flow:to_server,established; http.header; content: "Host|3a| telwgram.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])telwgram\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//telwgram.top"; flow:to_server,established; http.header; content:"telwgram.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname ussptc.com"; dns.query; content:"ussptc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussptc\.com$/i"; classtype:trojan-activity; sid:38120041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname ussptc.com"; flow:to_server,established; http.header; content: "Host|3a| ussptc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])ussptc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//ussptc.com"; flow:to_server,established; http.header; content:"ussptc.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname webmailserverautnethicationdomainwebmail01.pages.dev"; dns.query; content:"webmailserverautnethicationdomainwebmail01.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmailserverautnethicationdomainwebmail01\.pages\.dev$/i"; classtype:trojan-activity; sid:38120081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname webmailserverautnethicationdomainwebmail01.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| webmailserverautnethicationdomainwebmail01.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])webmailserverautnethicationdomainwebmail01\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//webmailserverautnethicationdomainwebmail01.pages.dev"; flow:to_server,established; http.header; content:"webmailserverautnethicationdomainwebmail01.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname islemlerimozel.app"; dns.query; content:"islemlerimozel.app"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])islemlerimozel\.app$/i"; classtype:trojan-activity; sid:38120121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname islemlerimozel.app"; flow:to_server,established; http.header; content: "Host|3a| islemlerimozel.app"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])islemlerimozel\.app[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//islemlerimozel.app"; flow:to_server,established; http.header; content:"islemlerimozel.app"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname fpbnp.pages.dev"; dns.query; content:"fpbnp.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fpbnp\.pages\.dev$/i"; classtype:trojan-activity; sid:38120161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname fpbnp.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| fpbnp.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])fpbnp\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//fpbnp.pages.dev"; flow:to_server,established; http.header; content:"fpbnp.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname omurc.pages.dev"; dns.query; content:"omurc.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omurc\.pages\.dev$/i"; classtype:trojan-activity; sid:38120201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname omurc.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| omurc.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])omurc\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//omurc.pages.dev"; flow:to_server,established; http.header; content:"omurc.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname waegjehonceprinnsadhg01.pages.dev"; dns.query; content:"waegjehonceprinnsadhg01.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])waegjehonceprinnsadhg01\.pages\.dev$/i"; classtype:trojan-activity; sid:38120241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname waegjehonceprinnsadhg01.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| waegjehonceprinnsadhg01.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])waegjehonceprinnsadhg01\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//waegjehonceprinnsadhg01.pages.dev"; flow:to_server,established; http.header; content:"waegjehonceprinnsadhg01.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname gsuteyyxtgjsfokerucasdhjxg04.pages.dev"; dns.query; content:"gsuteyyxtgjsfokerucasdhjxg04.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gsuteyyxtgjsfokerucasdhjxg04\.pages\.dev$/i"; classtype:trojan-activity; sid:38120281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname gsuteyyxtgjsfokerucasdhjxg04.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| gsuteyyxtgjsfokerucasdhjxg04.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])gsuteyyxtgjsfokerucasdhjxg04\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//gsuteyyxtgjsfokerucasdhjxg04.pages.dev"; flow:to_server,established; http.header; content:"gsuteyyxtgjsfokerucasdhjxg04.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname lagerino.ch"; dns.query; content:"lagerino.ch"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lagerino\.ch$/i"; classtype:trojan-activity; sid:38120321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname lagerino.ch"; flow:to_server,established; http.header; content: "Host|3a| lagerino.ch"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])lagerino\.ch[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 0000000okjnbgfkjhbvcxswqaszxsw23edfcxzsdfghjhbvcxsdfghjnbv.pages.dev"; dns.query; content:"0000000okjnbgfkjhbvcxswqaszxsw23edfcxzsdfghjhbvcxsdfghjnbv.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0000000okjnbgfkjhbvcxswqaszxsw23edfcxzsdfghjhbvcxsdfghjnbv\.pages\.dev$/i"; classtype:trojan-activity; sid:38120361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 0000000okjnbgfkjhbvcxswqaszxsw23edfcxzsdfghjhbvcxsdfghjnbv.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 0000000okjnbgfkjhbvcxswqaszxsw23edfcxzsdfghjhbvcxsdfghjnbv.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])0000000okjnbgfkjhbvcxswqaszxsw23edfcxzsdfghjhbvcxsdfghjnbv\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//0000000okjnbgfkjhbvcxswqaszxsw23edfcxzsdfghjhbvcxsdfghjnbv.pages.dev"; flow:to_server,established; http.header; content:"0000000okjnbgfkjhbvcxswqaszxsw23edfcxzsdfghjhbvcxsdfghjnbv.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpbbket.ist"; dns.query; content:"tokenpbbket.ist"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbbket\.ist$/i"; classtype:trojan-activity; sid:38120441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpbbket.ist"; flow:to_server,established; http.header; content: "Host|3a| tokenpbbket.ist"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpbbket\.ist[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpbbket.ist"; flow:to_server,established; http.header; content:"tokenpbbket.ist"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname wise-intriguing-debt.glitch.me"; dns.query; content:"wise-intriguing-debt.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wise\-intriguing\-debt\.glitch\.me$/i"; classtype:trojan-activity; sid:38120481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname wise-intriguing-debt.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| wise-intriguing-debt.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wise\-intriguing\-debt\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname low-fish-animantarx.glitch.me"; dns.query; content:"low-fish-animantarx.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])low\-fish\-animantarx\.glitch\.me$/i"; classtype:trojan-activity; sid:38120601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname low-fish-animantarx.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| low-fish-animantarx.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])low\-fish\-animantarx\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname groovy-four-infinity.glitch.me"; dns.query; content:"groovy-four-infinity.glitch.me"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])groovy\-four\-infinity\.glitch\.me$/i"; classtype:trojan-activity; sid:38120721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname groovy-four-infinity.glitch.me"; flow:to_server,established; http.header; content: "Host|3a| groovy-four-infinity.glitch.me"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])groovy\-four\-infinity\.glitch\.me[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpockell.com"; dns.query; content:"tokenpockell.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpockell\.com$/i"; classtype:trojan-activity; sid:38120761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpockell.com"; flow:to_server,established; http.header; content: "Host|3a| tokenpockell.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpockell\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpockell.com"; flow:to_server,established; http.header; content:"tokenpockell.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname hostingservervalidationserverauthinticationrequired2.pages.dev"; dns.query; content:"hostingservervalidationserverauthinticationrequired2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hostingservervalidationserverauthinticationrequired2\.pages\.dev$/i"; classtype:trojan-activity; sid:38120961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname hostingservervalidationserverauthinticationrequired2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hostingservervalidationserverauthinticationrequired2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hostingservervalidationserverauthinticationrequired2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38120962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//hostingservervalidationserverauthinticationrequired2.pages.dev"; flow:to_server,established; http.header; content:"hostingservervalidationserverauthinticationrequired2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38120971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname app2.esc-repro.skyfencenet.com"; dns.query; content:"app2.esc-repro.skyfencenet.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])app2\.esc\-repro\.skyfencenet\.com$/i"; classtype:trojan-activity; sid:38121001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname app2.esc-repro.skyfencenet.com"; flow:to_server,established; http.header; content: "Host|3a| app2.esc-repro.skyfencenet.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])app2\.esc\-repro\.skyfencenet\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//app2.esc-repro.skyfencenet.com"; flow:to_server,established; http.header; content:"app2.esc-repro.skyfencenet.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname filf.pages.dev"; dns.query; content:"filf.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filf\.pages\.dev$/i"; classtype:trojan-activity; sid:38121041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname filf.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| filf.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])filf\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121042; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//filf.pages.dev"; flow:to_server,established; http.header; content:"filf.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname srvrmailsso-r657regesr.pages.dev"; dns.query; content:"srvrmailsso-r657regesr.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvrmailsso\-r657regesr\.pages\.dev$/i"; classtype:trojan-activity; sid:38121081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname srvrmailsso-r657regesr.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| srvrmailsso-r657regesr.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])srvrmailsso\-r657regesr\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//srvrmailsso-r657regesr.pages.dev"; flow:to_server,established; http.header; content:"srvrmailsso-r657regesr.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname human-resources-internal.b-cdn.net"; dns.query; content:"human-resources-internal.b-cdn.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])human\-resources\-internal\.b\-cdn\.net$/i"; classtype:trojan-activity; sid:38121121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname human-resources-internal.b-cdn.net"; flow:to_server,established; http.header; content: "Host|3a| human-resources-internal.b-cdn.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])human\-resources\-internal\.b\-cdn\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname exchange.choicecorp.net"; dns.query; content:"exchange.choicecorp.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exchange\.choicecorp\.net$/i"; classtype:trojan-activity; sid:38121161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname exchange.choicecorp.net"; flow:to_server,established; http.header; content: "Host|3a| exchange.choicecorp.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])exchange\.choicecorp\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 9--48f5--b927--c408e570c637--00--g7jvv2beujbn-picard-replit-dev.translate.goog"; dns.query; content:"9--48f5--b927--c408e570c637--00--g7jvv2beujbn-picard-replit-dev.translate.goog"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9\-\-48f5\-\-b927\-\-c408e570c637\-\-00\-\-g7jvv2beujbn\-picard\-replit\-dev\.translate\.goog$/i"; classtype:trojan-activity; sid:38121201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 9--48f5--b927--c408e570c637--00--g7jvv2beujbn-picard-replit-dev.translate.goog"; flow:to_server,established; http.header; content: "Host|3a| 9--48f5--b927--c408e570c637--00--g7jvv2beujbn-picard-replit-dev.translate.goog"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])9\-\-48f5\-\-b927\-\-c408e570c637\-\-00\-\-g7jvv2beujbn\-picard\-replit\-dev\.translate\.goog[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname office.falcon-commercials.com"; dns.query; content:"office.falcon-commercials.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])office\.falcon\-commercials\.com$/i"; classtype:trojan-activity; sid:38121241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname office.falcon-commercials.com"; flow:to_server,established; http.header; content: "Host|3a| office.falcon-commercials.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])office\.falcon\-commercials\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname doctrical.org"; dns.query; content:"doctrical.org"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])doctrical\.org$/i"; classtype:trojan-activity; sid:38121281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname doctrical.org"; flow:to_server,established; http.header; content: "Host|3a| doctrical.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])doctrical\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname dark-silence-8824.unitedcargosan5885.workers.dev"; dns.query; content:"dark-silence-8824.unitedcargosan5885.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dark\-silence\-8824\.unitedcargosan5885\.workers\.dev$/i"; classtype:trojan-activity; sid:38121321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname dark-silence-8824.unitedcargosan5885.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| dark-silence-8824.unitedcargosan5885.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])dark\-silence\-8824\.unitedcargosan5885\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname banknown.de"; dns.query; content:"banknown.de"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])banknown\.de$/i"; classtype:trojan-activity; sid:38121361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname banknown.de"; flow:to_server,established; http.header; content: "Host|3a| banknown.de"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])banknown\.de[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname login.falcon-commercials.com"; dns.query; content:"login.falcon-commercials.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.falcon\-commercials\.com$/i"; classtype:trojan-activity; sid:38121401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname login.falcon-commercials.com"; flow:to_server,established; http.header; content: "Host|3a| login.falcon-commercials.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])login\.falcon\-commercials\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname czehr5op5f-1324839608.cos.eu-frankfurt.myqcloud.com"; dns.query; content:"czehr5op5f-1324839608.cos.eu-frankfurt.myqcloud.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])czehr5op5f\-1324839608\.cos\.eu\-frankfurt\.myqcloud\.com$/i"; classtype:trojan-activity; sid:38121441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname czehr5op5f-1324839608.cos.eu-frankfurt.myqcloud.com"; flow:to_server,established; http.header; content: "Host|3a| czehr5op5f-1324839608.cos.eu-frankfurt.myqcloud.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])czehr5op5f\-1324839608\.cos\.eu\-frankfurt\.myqcloud\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname peugeot-404.com"; dns.query; content:"peugeot-404.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])peugeot\-404\.com$/i"; classtype:trojan-activity; sid:38121481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname peugeot-404.com"; flow:to_server,established; http.header; content: "Host|3a| peugeot-404.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])peugeot\-404\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bekawin.kz"; dns.query; content:"bekawin.kz"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bekawin\.kz$/i"; classtype:trojan-activity; sid:38121521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bekawin.kz"; flow:to_server,established; http.header; content: "Host|3a| bekawin.kz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bekawin\.kz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121522; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//bekawin.kz/"; flow:to_server,established; http.header; content:"bekawin.kz"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uzbancolish.shop"; dns.query; content:"uzbancolish.shop"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uzbancolish\.shop$/i"; classtype:trojan-activity; sid:38121561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uzbancolish.shop"; flow:to_server,established; http.header; content: "Host|3a| uzbancolish.shop"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uzbancolish\.shop[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121562; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//uzbancolish.shop/"; flow:to_server,established; http.header; content:"uzbancolish.shop"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname samwueoieudhgsuwyecube03.pages.dev"; dns.query; content:"samwueoieudhgsuwyecube03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])samwueoieudhgsuwyecube03\.pages\.dev$/i"; classtype:trojan-activity; sid:38121601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname samwueoieudhgsuwyecube03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| samwueoieudhgsuwyecube03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])samwueoieudhgsuwyecube03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121602; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//samwueoieudhgsuwyecube03.pages.dev"; flow:to_server,established; http.header; content:"samwueoieudhgsuwyecube03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tokenpasket.net"; dns.query; content:"tokenpasket.net"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpasket\.net$/i"; classtype:trojan-activity; sid:38121641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tokenpasket.net"; flow:to_server,established; http.header; content: "Host|3a| tokenpasket.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tokenpasket\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121642; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tokenpasket.net"; flow:to_server,established; http.header; content:"tokenpasket.net"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname guos.hen.whatsyy22822.icu"; dns.query; content:"guos.hen.whatsyy22822.icu"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])guos\.hen\.whatsyy22822\.icu$/i"; classtype:trojan-activity; sid:38121681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname guos.hen.whatsyy22822.icu"; flow:to_server,established; http.header; content: "Host|3a| guos.hen.whatsyy22822.icu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])guos\.hen\.whatsyy22822\.icu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121682; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//guos.hen.whatsyy22822.icu"; flow:to_server,established; http.header; content:"guos.hen.whatsyy22822.icu"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname edevvletaidaat1.com"; dns.query; content:"edevvletaidaat1.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevvletaidaat1\.com$/i"; classtype:trojan-activity; sid:38121721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname edevvletaidaat1.com"; flow:to_server,established; http.header; content: "Host|3a| edevvletaidaat1.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])edevvletaidaat1\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121722; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//edevvletaidaat1.com"; flow:to_server,established; http.header; content:"edevvletaidaat1.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname 001-a3s.pages.dev"; dns.query; content:"001-a3s.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])001\-a3s\.pages\.dev$/i"; classtype:trojan-activity; sid:38121761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname 001-a3s.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| 001-a3s.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])001\-a3s\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121762; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//001-a3s.pages.dev"; flow:to_server,established; http.header; content:"001-a3s.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname hello-world-square-king-7638.laugarde.workers.dev"; dns.query; content:"hello-world-square-king-7638.laugarde.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-square\-king\-7638\.laugarde\.workers\.dev$/i"; classtype:trojan-activity; sid:38121801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname hello-world-square-king-7638.laugarde.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| hello-world-square-king-7638.laugarde.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hello\-world\-square\-king\-7638\.laugarde\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121802; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//hello-world-square-king-7638.laugarde.workers.dev"; flow:to_server,established; http.header; content:"hello-world-square-king-7638.laugarde.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname zetx.pp.ua"; dns.query; content:"zetx.pp.ua"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zetx\.pp\.ua$/i"; classtype:trojan-activity; sid:38121841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname zetx.pp.ua"; flow:to_server,established; http.header; content: "Host|3a| zetx.pp.ua"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])zetx\.pp\.ua[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//zetx.pp.ua"; flow:to_server,established; http.header; content:"zetx.pp.ua"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname worker.microsoft-login.workers.dev"; dns.query; content:"worker.microsoft-login.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\.microsoft\-login\.workers\.dev$/i"; classtype:trojan-activity; sid:38121881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname worker.microsoft-login.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| worker.microsoft-login.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])worker\.microsoft\-login\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//worker.microsoft-login.workers.dev"; flow:to_server,established; http.header; content:"worker.microsoft-login.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname portal.microsoft-login.workers.dev"; dns.query; content:"portal.microsoft-login.workers.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portal\.microsoft\-login\.workers\.dev$/i"; classtype:trojan-activity; sid:38121921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname portal.microsoft-login.workers.dev"; flow:to_server,established; http.header; content: "Host|3a| portal.microsoft-login.workers.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])portal\.microsoft\-login\.workers\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121922; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//portal.microsoft-login.workers.dev"; flow:to_server,established; http.header; content:"portal.microsoft-login.workers.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38121931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname rzlt-nchlh-hhh.blogspot.com"; dns.query; content:"rzlt-nchlh-hhh.blogspot.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rzlt\-nchlh\-hhh\.blogspot\.com$/i"; classtype:trojan-activity; sid:38121961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname rzlt-nchlh-hhh.blogspot.com"; flow:to_server,established; http.header; content: "Host|3a| rzlt-nchlh-hhh.blogspot.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])rzlt\-nchlh\-hhh\.blogspot\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38121962; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname servicenoreply.wpenginepowered.com"; dns.query; content:"servicenoreply.wpenginepowered.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servicenoreply\.wpenginepowered\.com$/i"; classtype:trojan-activity; sid:38122001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname servicenoreply.wpenginepowered.com"; flow:to_server,established; http.header; content: "Host|3a| servicenoreply.wpenginepowered.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])servicenoreply\.wpenginepowered\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38122002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname sjdfoeusoednhskiuovescenisu03.pages.dev"; dns.query; content:"sjdfoeusoednhskiuovescenisu03.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjdfoeusoednhskiuovescenisu03\.pages\.dev$/i"; classtype:trojan-activity; sid:38122081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname sjdfoeusoednhskiuovescenisu03.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| sjdfoeusoednhskiuovescenisu03.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])sjdfoeusoednhskiuovescenisu03\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38122082; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//sjdfoeusoednhskiuovescenisu03.pages.dev"; flow:to_server,established; http.header; content:"sjdfoeusoednhskiuovescenisu03.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38122091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uswasmcidofhebesoudsvue01.pages.dev"; dns.query; content:"uswasmcidofhebesoudsvue01.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uswasmcidofhebesoudsvue01\.pages\.dev$/i"; classtype:trojan-activity; sid:38122161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uswasmcidofhebesoudsvue01.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| uswasmcidofhebesoudsvue01.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uswasmcidofhebesoudsvue01\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38122162; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//uswasmcidofhebesoudsvue01.pages.dev"; flow:to_server,established; http.header; content:"uswasmcidofhebesoudsvue01.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38122171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname tms-autohandel.com.pl"; dns.query; content:"tms-autohandel.com.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tms\-autohandel\.com\.pl$/i"; classtype:trojan-activity; sid:38122201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname tms-autohandel.com.pl"; flow:to_server,established; http.header; content: "Host|3a| tms-autohandel.com.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])tms\-autohandel\.com\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38122202; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//tms-autohandel.com.pl"; flow:to_server,established; http.header; content:"tms-autohandel.com.pl"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38122211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname hitnhoozgauposernusawbcoqu02.pages.dev"; dns.query; content:"hitnhoozgauposernusawbcoqu02.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hitnhoozgauposernusawbcoqu02\.pages\.dev$/i"; classtype:trojan-activity; sid:38122241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname hitnhoozgauposernusawbcoqu02.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| hitnhoozgauposernusawbcoqu02.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])hitnhoozgauposernusawbcoqu02\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38122242; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//hitnhoozgauposernusawbcoqu02.pages.dev"; flow:to_server,established; http.header; content:"hitnhoozgauposernusawbcoqu02.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38122251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname stand2hiway.ru"; dns.query; content:"stand2hiway.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stand2hiway\.ru$/i"; classtype:trojan-activity; sid:38122281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname stand2hiway.ru"; flow:to_server,established; http.header; content: "Host|3a| stand2hiway.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])stand2hiway\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38122282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//stand2hiway.ru"; flow:to_server,established; http.header; content:"stand2hiway.ru"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38122291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname wesyfusjosavcnsiosdnzcewdgs01.pages.dev"; dns.query; content:"wesyfusjosavcnsiosdnzcewdgs01.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wesyfusjosavcnsiosdnzcewdgs01\.pages\.dev$/i"; classtype:trojan-activity; sid:38122321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname wesyfusjosavcnsiosdnzcewdgs01.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| wesyfusjosavcnsiosdnzcewdgs01.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])wesyfusjosavcnsiosdnzcewdgs01\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38122322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//wesyfusjosavcnsiosdnzcewdgs01.pages.dev"; flow:to_server,established; http.header; content:"wesyfusjosavcnsiosdnzcewdgs01.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38122331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname bhd2.pages.dev"; dns.query; content:"bhd2.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bhd2\.pages\.dev$/i"; classtype:trojan-activity; sid:38122361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname bhd2.pages.dev"; flow:to_server,established; http.header; content: "Host|3a| bhd2.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])bhd2\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38122362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//bhd2.pages.dev"; flow:to_server,established; http.header; content:"bhd2.pages.dev"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38122371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname uspost-ssvip.top"; dns.query; content:"uspost-ssvip.top"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspost\-ssvip\.top$/i"; classtype:trojan-activity; sid:38122401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname uspost-ssvip.top"; flow:to_server,established; http.header; content: "Host|3a| uspost-ssvip.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])uspost\-ssvip\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38122402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//uspost-ssvip.top"; flow:to_server,established; http.header; content:"uspost-ssvip.top"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38122411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert dns any any -> any any (msg: "MISP e27838 [] Hostname mail.yhshdyxd.manttap.com"; dns.query; content:"mail.yhshdyxd.manttap.com"; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.yhshdyxd\.manttap\.com$/i"; classtype:trojan-activity; sid:38122441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27838 [] Outgoing HTTP Hostname mail.yhshdyxd.manttap.com"; flow:to_server,established; http.header; content: "Host|3a| mail.yhshdyxd.manttap.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-\.])mail\.yhshdyxd\.manttap\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38122442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27838 [] Outgoing URL http|3a|//mail.yhshdyxd.manttap.com"; flow:to_server,established; http.header; content:"mail.yhshdyxd.manttap.com"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38122451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27838;) alert ip $HOME_NET any -> 141.255.167.251 4760 (msg: "MISP e27819 [c2,Meterpreter] Outgoing To IP: 141.255.167.251|4760"; classtype:trojan-activity; sid:38088641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 5.181.80.13 8848 (msg: "MISP e27819 [c2,dcrat] Outgoing To IP: 5.181.80.13|8848"; classtype:trojan-activity; sid:38088651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 124.106.197.167 4343 (msg: "MISP e27819 [c2] Outgoing To IP: 124.106.197.167|4343"; classtype:trojan-activity; sid:38088661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 34.162.156.94 443 (msg: "MISP e27819 [c2] Outgoing To IP: 34.162.156.94|443"; classtype:trojan-activity; sid:38088671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 3.88.102.160 80 (msg: "MISP e27819 [c2] Outgoing To IP: 3.88.102.160|80"; classtype:trojan-activity; sid:38088681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 3.94.102.197 80 (msg: "MISP e27819 [c2] Outgoing To IP: 3.94.102.197|80"; classtype:trojan-activity; sid:38088691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 66.38.93.123 53166 (msg: "MISP e27842 [] Outgoing URL http|3a|//66.38.93.123|3a|53166/bin.sh"; flow:to_server,established; http.header; content:"66.38.93.123"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 59.93.26.232 58058 (msg: "MISP e27842 [] Outgoing URL http|3a|//59.93.26.232|3a|58058/i"; flow:to_server,established; http.header; content:"59.93.26.232"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.235.178.96 41573 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.235.178.96|3a|41573/Mozi.m"; flow:to_server,established; http.header; content:"42.235.178.96"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.232.225.236 50720 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.232.225.236|3a|50720/Mozi.m"; flow:to_server,established; http.header; content:"42.232.225.236"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.232.214.158 48091 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.232.214.158|3a|48091/Mozi.m"; flow:to_server,established; http.header; content:"42.232.214.158"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.225.62.77 53561 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.225.62.77|3a|53561/Mozi.a"; flow:to_server,established; http.header; content:"42.225.62.77"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.215.210.163 41356 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.215.210.163|3a|41356/i"; flow:to_server,established; http.header; content:"27.215.210.163"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.213.132.56 45511 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.213.132.56|3a|45511/i"; flow:to_server,established; http.header; content:"27.213.132.56"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.213.132.56 45511 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.213.132.56|3a|45511/bin.sh"; flow:to_server,established; http.header; content:"27.213.132.56"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.121.83.224 52394 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.121.83.224|3a|52394/Mozi.m"; flow:to_server,established; http.header; content:"27.121.83.224"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.140.185.169 57464 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.140.185.169|3a|57464/bin.sh"; flow:to_server,established; http.header; content:"222.140.185.169"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 219.157.64.166 41756 (msg: "MISP e27842 [] Outgoing URL http|3a|//219.157.64.166|3a|41756/Mozi.m"; flow:to_server,established; http.header; content:"219.157.64.166"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.121.46.101 46255 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.121.46.101|3a|46255/Mozi.m"; flow:to_server,established; http.header; content:"182.121.46.101"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.116.22.187 48672 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.116.22.187|3a|48672/"; flow:to_server,established; http.header; content:"182.116.22.187"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.115.226.189 54589 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.115.226.189|3a|54589/i"; flow:to_server,established; http.header; content:"182.115.226.189"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 124.95.9.70 47010 (msg: "MISP e27842 [] Outgoing URL http|3a|//124.95.9.70|3a|47010/i"; flow:to_server,established; http.header; content:"124.95.9.70"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 124.131.83.33 38412 (msg: "MISP e27842 [] Outgoing URL http|3a|//124.131.83.33|3a|38412/i"; flow:to_server,established; http.header; content:"124.131.83.33"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 121.186.161.74 48234 (msg: "MISP e27842 [] Outgoing URL http|3a|//121.186.161.74|3a|48234/i"; flow:to_server,established; http.header; content:"121.186.161.74"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.4.158.236 10404 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.4.158.236|3a|10404/bin.sh"; flow:to_server,established; http.header; content:"119.4.158.236"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.83.40.202 51550 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.83.40.202|3a|51550/i"; flow:to_server,established; http.header; content:"117.83.40.202"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.254.181.39 36032 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.254.181.39|3a|36032/i"; flow:to_server,established; http.header; content:"117.254.181.39"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.243.166.152 46426 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.243.166.152|3a|46426/Mozi.m"; flow:to_server,established; http.header; content:"117.243.166.152"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 116.248.185.14 56904 (msg: "MISP e27842 [] Outgoing URL http|3a|//116.248.185.14|3a|56904/bin.sh"; flow:to_server,established; http.header; content:"116.248.185.14"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 113.26.234.127 42767 (msg: "MISP e27842 [] Outgoing URL http|3a|//113.26.234.127|3a|42767/Mozi.m"; flow:to_server,established; http.header; content:"113.26.234.127"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 113.26.212.154 55782 (msg: "MISP e27842 [] Outgoing URL http|3a|//113.26.212.154|3a|55782/i"; flow:to_server,established; http.header; content:"113.26.212.154"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 112.113.124.67 39222 (msg: "MISP e27842 [] Outgoing URL http|3a|//112.113.124.67|3a|39222/Mozi.a"; flow:to_server,established; http.header; content:"112.113.124.67"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 111.61.103.83 60112 (msg: "MISP e27842 [] Outgoing URL http|3a|//111.61.103.83|3a|60112/Mozi.m"; flow:to_server,established; http.header; content:"111.61.103.83"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 66.38.93.123 53166 (msg: "MISP e27842 [] Outgoing URL http|3a|//66.38.93.123|3a|53166/i"; flow:to_server,established; http.header; content:"66.38.93.123"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.215.139.198 37612 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.215.139.198|3a|37612/mozi.m"; flow:to_server,established; http.header; content:"27.215.139.198"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.121.13.5 55895 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.121.13.5|3a|55895/Mozi.m"; flow:to_server,established; http.header; content:"182.121.13.5"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.117.55.50 51256 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.117.55.50|3a|51256/Mozi.m"; flow:to_server,established; http.header; content:"182.117.55.50"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.11.243.247 60193 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.11.243.247|3a|60193/Mozi.m"; flow:to_server,established; http.header; content:"123.11.243.247"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.213.80.53 51457 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.213.80.53|3a|51457/mozi.m"; flow:to_server,established; http.header; content:"117.213.80.53"; fast_pattern; nocase; http.uri; content:"/mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.211.213.58 56129 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.211.213.58|3a|56129/Mozi.m"; flow:to_server,established; http.header; content:"117.211.213.58"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 117.194.175.222 43295 (msg: "MISP e27842 [] Outgoing URL http|3a|//117.194.175.222|3a|43295/i"; flow:to_server,established; http.header; content:"117.194.175.222"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.97.134 45662 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.97.134|3a|45662/i"; flow:to_server,established; http.header; content:"115.55.97.134"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.97.134 45662 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.97.134|3a|45662/bin.sh"; flow:to_server,established; http.header; content:"115.55.97.134"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.236.253.30 59730 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.236.253.30|3a|59730/bin.sh"; flow:to_server,established; http.header; content:"42.236.253.30"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.225.54.6 42607 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.225.54.6|3a|42607/Mozi.m"; flow:to_server,established; http.header; content:"42.225.54.6"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 39.87.59.69 34404 (msg: "MISP e27842 [] Outgoing URL http|3a|//39.87.59.69|3a|34404/i"; flow:to_server,established; http.header; content:"39.87.59.69"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 39.87.59.69 34404 (msg: "MISP e27842 [] Outgoing URL http|3a|//39.87.59.69|3a|34404/bin.sh"; flow:to_server,established; http.header; content:"39.87.59.69"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.207.226.87 40935 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.207.226.87|3a|40935/i"; flow:to_server,established; http.header; content:"27.207.226.87"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.141.46.177 53571 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.141.46.177|3a|53571/Mozi.m"; flow:to_server,established; http.header; content:"222.141.46.177"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.139.50.69 39399 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.139.50.69|3a|39399/bin.sh"; flow:to_server,established; http.header; content:"222.139.50.69"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 193.222.96.98 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//193.222.96.98/yZswWGHhlQk193.bin"; flow:to_server,established; http.header; content:"193.222.96.98"; fast_pattern; nocase; http.uri; content:"/yZswWGHhlQk193.bin"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.121.46.101 46255 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.121.46.101|3a|46255/"; flow:to_server,established; http.header; content:"182.121.46.101"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 125.47.71.176 58002 (msg: "MISP e27842 [] Outgoing URL http|3a|//125.47.71.176|3a|58002/Mozi.m"; flow:to_server,established; http.header; content:"125.47.71.176"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.13.7.0 50700 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.13.7.0|3a|50700/i"; flow:to_server,established; http.header; content:"123.13.7.0"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.56.58.96 36241 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.56.58.96|3a|36241/Mozi.m"; flow:to_server,established; http.header; content:"115.56.58.96"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.48.149.48 41252 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.48.149.48|3a|41252/bin.sh"; flow:to_server,established; http.header; content:"115.48.149.48"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 112.248.82.15 56828 (msg: "MISP e27842 [] Outgoing URL http|3a|//112.248.82.15|3a|56828/bin.sh"; flow:to_server,established; http.header; content:"112.248.82.15"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 110.182.79.202 52663 (msg: "MISP e27842 [] Outgoing URL http|3a|//110.182.79.202|3a|52663/Mozi.a"; flow:to_server,established; http.header; content:"110.182.79.202"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.237.7.218 47028 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.237.7.218|3a|47028/i"; flow:to_server,established; http.header; content:"42.237.7.218"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.237.7.218 47028 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.237.7.218|3a|47028/bin.sh"; flow:to_server,established; http.header; content:"42.237.7.218"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.223.231.47 57895 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.223.231.47|3a|57895/i"; flow:to_server,established; http.header; content:"27.223.231.47"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.223.231.47 57895 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.223.231.47|3a|57895/bin.sh"; flow:to_server,established; http.header; content:"27.223.231.47"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 219.157.161.208 60635 (msg: "MISP e27842 [] Outgoing URL http|3a|//219.157.161.208|3a|60635/i"; flow:to_server,established; http.header; content:"219.157.161.208"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.122.208.19 53135 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.122.208.19|3a|53135/i"; flow:to_server,established; http.header; content:"182.122.208.19"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.122.208.19 53135 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.122.208.19|3a|53135/bin.sh"; flow:to_server,established; http.header; content:"182.122.208.19"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.9.92.9 41321 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.9.92.9|3a|41321/Mozi.m"; flow:to_server,established; http.header; content:"123.9.92.9"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.9.92.9 41321 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.9.92.9|3a|41321/i"; flow:to_server,established; http.header; content:"123.9.92.9"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.9.92.9 41321 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.9.92.9|3a|41321/bin.sh"; flow:to_server,established; http.header; content:"123.9.92.9"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.186.205.191 57011 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.186.205.191|3a|57011/i"; flow:to_server,established; http.header; content:"119.186.205.191"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.186.75 34872 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.186.75|3a|34872/bin.sh"; flow:to_server,established; http.header; content:"115.55.186.75"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.48.147.74 56873 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.48.147.74|3a|56873/i"; flow:to_server,established; http.header; content:"115.48.147.74"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 113.26.189.190 38746 (msg: "MISP e27842 [] Outgoing URL http|3a|//113.26.189.190|3a|38746/bin.sh"; flow:to_server,established; http.header; content:"113.26.189.190"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 112.195.127.97 46479 (msg: "MISP e27842 [] Outgoing URL http|3a|//112.195.127.97|3a|46479/bin.sh"; flow:to_server,established; http.header; content:"112.195.127.97"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 110.243.24.61 37804 (msg: "MISP e27842 [] Outgoing URL http|3a|//110.243.24.61|3a|37804/Mozi.a"; flow:to_server,established; http.header; content:"110.243.24.61"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 102.39.242.53 50000 (msg: "MISP e27842 [] Outgoing URL http|3a|//102.39.242.53|3a|50000/"; flow:to_server,established; http.header; content:"102.39.242.53"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 102.39.242.53 50000 (msg: "MISP e27842 [] Outgoing URL http|3a|//102.39.242.53|3a|50000/.i"; flow:to_server,established; http.header; content:"102.39.242.53"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 103.125.163.10 7080 (msg: "MISP e27842 [] Outgoing URL http|3a|//103.125.163.10|3a|7080/Hajime"; flow:to_server,established; http.header; content:"103.125.163.10"; fast_pattern; nocase; http.uri; content:"/Hajime"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 103.164.200.170 7080 (msg: "MISP e27842 [] Outgoing URL http|3a|//103.164.200.170|3a|7080/.i"; flow:to_server,established; http.header; content:"103.164.200.170"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 103.230.153.181 2570 (msg: "MISP e27842 [] Outgoing URL http|3a|//103.230.153.181|3a|2570/.i"; flow:to_server,established; http.header; content:"103.230.153.181"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 109.248.58.238 50004 (msg: "MISP e27842 [] Outgoing URL http|3a|//109.248.58.238|3a|50004/.i"; flow:to_server,established; http.header; content:"109.248.58.238"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 110.182.126.76 54841 (msg: "MISP e27842 [] Outgoing URL http|3a|//110.182.126.76|3a|54841/bin.sh"; flow:to_server,established; http.header; content:"110.182.126.76"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 110.183.50.132 42874 (msg: "MISP e27842 [] Outgoing URL http|3a|//110.183.50.132|3a|42874/i"; flow:to_server,established; http.header; content:"110.183.50.132"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 110.183.55.6 48775 (msg: "MISP e27842 [] Outgoing URL http|3a|//110.183.55.6|3a|48775/i"; flow:to_server,established; http.header; content:"110.183.55.6"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 110.183.58.200 52459 (msg: "MISP e27842 [] Outgoing URL http|3a|//110.183.58.200|3a|52459/Mozi.a"; flow:to_server,established; http.header; content:"110.183.58.200"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 110.183.58.200 52459 (msg: "MISP e27842 [] Outgoing URL http|3a|//110.183.58.200|3a|52459/Mozi.m"; flow:to_server,established; http.header; content:"110.183.58.200"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 112.238.22.184 36935 (msg: "MISP e27842 [] Outgoing URL http|3a|//112.238.22.184|3a|36935/Mozi.m"; flow:to_server,established; http.header; content:"112.238.22.184"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38127991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 112.248.63.109 43866 (msg: "MISP e27842 [] Outgoing URL http|3a|//112.248.63.109|3a|43866/i"; flow:to_server,established; http.header; content:"112.248.63.109"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 113.190.92.200 40563 (msg: "MISP e27842 [] Outgoing URL http|3a|//113.190.92.200|3a|40563/Mozi.m"; flow:to_server,established; http.header; content:"113.190.92.200"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 113.224.160.213 37486 (msg: "MISP e27842 [] Outgoing URL http|3a|//113.224.160.213|3a|37486/bin.sh"; flow:to_server,established; http.header; content:"113.224.160.213"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 113.224.160.213 37486 (msg: "MISP e27842 [] Outgoing URL http|3a|//113.224.160.213|3a|37486/i"; flow:to_server,established; http.header; content:"113.224.160.213"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 113.237.104.187 36545 (msg: "MISP e27842 [] Outgoing URL http|3a|//113.237.104.187|3a|36545/Mozi.m"; flow:to_server,established; http.header; content:"113.237.104.187"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 113.26.158.223 47990 (msg: "MISP e27842 [] Outgoing URL http|3a|//113.26.158.223|3a|47990/i"; flow:to_server,established; http.header; content:"113.26.158.223"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 114.226.126.209 59200 (msg: "MISP e27842 [] Outgoing URL http|3a|//114.226.126.209|3a|59200/Mozi.m"; flow:to_server,established; http.header; content:"114.226.126.209"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 114.238.33.85 40556 (msg: "MISP e27842 [] Outgoing URL http|3a|//114.238.33.85|3a|40556/i"; flow:to_server,established; http.header; content:"114.238.33.85"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 114.238.33.85 40556 (msg: "MISP e27842 [] Outgoing URL http|3a|//114.238.33.85|3a|40556/Mozi.m"; flow:to_server,established; http.header; content:"114.238.33.85"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 114.239.43.225 52895 (msg: "MISP e27842 [] Outgoing URL http|3a|//114.239.43.225|3a|52895/Mozi.m"; flow:to_server,established; http.header; content:"114.239.43.225"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.40.65.61 62394 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.40.65.61|3a|62394/.i"; flow:to_server,established; http.header; content:"115.40.65.61"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.52.242.48 60043 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.52.242.48|3a|60043/Mozi.m"; flow:to_server,established; http.header; content:"115.52.242.48"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.54.160.110 41711 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.54.160.110|3a|41711/Mozi.m"; flow:to_server,established; http.header; content:"115.54.160.110"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.131.27 44077 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.131.27|3a|44077/Mozi.m"; flow:to_server,established; http.header; content:"115.55.131.27"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.207.147 48283 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.207.147|3a|48283/bin.sh"; flow:to_server,established; http.header; content:"115.55.207.147"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.21.17 48970 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.21.17|3a|48970/bin.sh"; flow:to_server,established; http.header; content:"115.55.21.17"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.21.17 48970 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.21.17|3a|48970/i"; flow:to_server,established; http.header; content:"115.55.21.17"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.55.238.0 45213 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.55.238.0|3a|45213/Mozi.m"; flow:to_server,established; http.header; content:"115.55.238.0"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.58.164.138 49809 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.58.164.138|3a|49809/i"; flow:to_server,established; http.header; content:"115.58.164.138"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.62.147.196 59915 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.62.147.196|3a|59915/Mozi.m"; flow:to_server,established; http.header; content:"115.62.147.196"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.63.48.119 36226 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.63.48.119|3a|36226/bin.sh"; flow:to_server,established; http.header; content:"115.63.48.119"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 115.63.55.136 44467 (msg: "MISP e27842 [] Outgoing URL http|3a|//115.63.55.136|3a|44467/i"; flow:to_server,established; http.header; content:"115.63.55.136"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 118.79.47.51 53187 (msg: "MISP e27842 [] Outgoing URL http|3a|//118.79.47.51|3a|53187/i"; flow:to_server,established; http.header; content:"118.79.47.51"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.109.133.111 58783 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.109.133.111|3a|58783/Mozi.a"; flow:to_server,established; http.header; content:"119.109.133.111"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.178.174.50 50504 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.178.174.50|3a|50504/bin.sh"; flow:to_server,established; http.header; content:"119.178.174.50"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.178.174.50 50504 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.178.174.50|3a|50504/Mozi.m"; flow:to_server,established; http.header; content:"119.178.174.50"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128251; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.185.129.199 43848 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.185.129.199|3a|43848/i"; flow:to_server,established; http.header; content:"119.185.129.199"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128261; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 119.5.51.75 2337 (msg: "MISP e27842 [] Outgoing URL http|3a|//119.5.51.75|3a|2337/Mozi.m"; flow:to_server,established; http.header; content:"119.5.51.75"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128271; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.11.89.66 34549 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.11.89.66|3a|34549/Mozi.m"; flow:to_server,established; http.header; content:"123.11.89.66"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128281; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.128.130.107 54257 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.128.130.107|3a|54257/Mozi.m"; flow:to_server,established; http.header; content:"123.128.130.107"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.14.198.84 45212 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.14.198.84|3a|45212/Mozi.m"; flow:to_server,established; http.header; content:"123.14.198.84"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.4.64.242 59320 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.4.64.242|3a|59320/bin.sh"; flow:to_server,established; http.header; content:"123.4.64.242"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128311; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 123.4.64.242 59320 (msg: "MISP e27842 [] Outgoing URL http|3a|//123.4.64.242|3a|59320/i"; flow:to_server,established; http.header; content:"123.4.64.242"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128321; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 124.234.202.119 50007 (msg: "MISP e27842 [] Outgoing URL http|3a|//124.234.202.119|3a|50007/Mozi.m"; flow:to_server,established; http.header; content:"124.234.202.119"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128331; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 124.78.167.107 59363 (msg: "MISP e27842 [] Outgoing URL http|3a|//124.78.167.107|3a|59363/Mozi.m"; flow:to_server,established; http.header; content:"124.78.167.107"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128341; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 125.40.114.21 41253 (msg: "MISP e27842 [] Outgoing URL http|3a|//125.40.114.21|3a|41253/Mozi.m"; flow:to_server,established; http.header; content:"125.40.114.21"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128351; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 125.41.242.173 51759 (msg: "MISP e27842 [] Outgoing URL http|3a|//125.41.242.173|3a|51759/Mozi.m"; flow:to_server,established; http.header; content:"125.41.242.173"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 125.43.36.58 56264 (msg: "MISP e27842 [] Outgoing URL http|3a|//125.43.36.58|3a|56264/Mozi.m"; flow:to_server,established; http.header; content:"125.43.36.58"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128371; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 125.44.21.196 47843 (msg: "MISP e27842 [] Outgoing URL http|3a|//125.44.21.196|3a|47843/Mozi.m"; flow:to_server,established; http.header; content:"125.44.21.196"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128381; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 142.202.188.244 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//142.202.188.244/arm"; flow:to_server,established; http.header; content:"142.202.188.244"; fast_pattern; nocase; http.uri; content:"/arm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128391; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 142.202.188.244 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//142.202.188.244/arm5"; flow:to_server,established; http.header; content:"142.202.188.244"; fast_pattern; nocase; http.uri; content:"/arm5"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128401; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 142.202.188.244 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//142.202.188.244/arm6"; flow:to_server,established; http.header; content:"142.202.188.244"; fast_pattern; nocase; http.uri; content:"/arm6"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 142.202.188.244 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//142.202.188.244/arm7"; flow:to_server,established; http.header; content:"142.202.188.244"; fast_pattern; nocase; http.uri; content:"/arm7"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128421; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 142.202.188.244 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//142.202.188.244/bins/arm5?ddos"; flow:to_server,established; http.header; content:"142.202.188.244"; fast_pattern; nocase; http.uri; content:"/bins/arm5"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128431; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 142.202.188.244 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//142.202.188.244/bins/arm6?ddos"; flow:to_server,established; http.header; content:"142.202.188.244"; fast_pattern; nocase; http.uri; content:"/bins/arm6"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128441; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 142.202.188.244 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//142.202.188.244/bins/arm7"; flow:to_server,established; http.header; content:"142.202.188.244"; fast_pattern; nocase; http.uri; content:"/bins/arm7"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128451; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 142.202.188.244 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//142.202.188.244/bins/arm?ddos"; flow:to_server,established; http.header; content:"142.202.188.244"; fast_pattern; nocase; http.uri; content:"/bins/arm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128461; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 15.204.223.194 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//15.204.223.194/bins.sh"; flow:to_server,established; http.header; content:"15.204.223.194"; fast_pattern; nocase; http.uri; content:"/bins.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128471; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 154.126.170.119 13722 (msg: "MISP e27842 [] Outgoing URL http|3a|//154.126.170.119|3a|13722/.i"; flow:to_server,established; http.header; content:"154.126.170.119"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 154.126.178.16 30629 (msg: "MISP e27842 [] Outgoing URL http|3a|//154.126.178.16|3a|30629/.i"; flow:to_server,established; http.header; content:"154.126.178.16"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128491; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 1.69.206.204 52180 (msg: "MISP e27842 [] Outgoing URL http|3a|//1.69.206.204|3a|52180/i"; flow:to_server,established; http.header; content:"1.69.206.204"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128501; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 1.69.206.204 52180 (msg: "MISP e27842 [] Outgoing URL http|3a|//1.69.206.204|3a|52180/Mozi.a"; flow:to_server,established; http.header; content:"1.69.206.204"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128511; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 1.70.128.163 36546 (msg: "MISP e27842 [] Outgoing URL http|3a|//1.70.128.163|3a|36546/Mozi.m"; flow:to_server,established; http.header; content:"1.70.128.163"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 175.148.52.76 53973 (msg: "MISP e27842 [] Outgoing URL http|3a|//175.148.52.76|3a|53973/bin.sh"; flow:to_server,established; http.header; content:"175.148.52.76"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128531; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 176.120.211.83 26214 (msg: "MISP e27842 [] Outgoing URL http|3a|//176.120.211.83|3a|26214/.i"; flow:to_server,established; http.header; content:"176.120.211.83"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128541; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 178.141.166.27 52842 (msg: "MISP e27842 [] Outgoing URL http|3a|//178.141.166.27|3a|52842/Mozi.m"; flow:to_server,established; http.header; content:"178.141.166.27"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128551; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 178.151.143.2 21623 (msg: "MISP e27842 [] Outgoing URL http|3a|//178.151.143.2|3a|21623/.i"; flow:to_server,established; http.header; content:"178.151.143.2"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 180.115.172.175 43241 (msg: "MISP e27842 [] Outgoing URL http|3a|//180.115.172.175|3a|43241/i"; flow:to_server,established; http.header; content:"180.115.172.175"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128571; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 181.129.137.29 32770 (msg: "MISP e27842 [] Outgoing URL http|3a|//181.129.137.29|3a|32770/.i"; flow:to_server,established; http.header; content:"181.129.137.29"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128581; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 181.224.242.131 59072 (msg: "MISP e27842 [] Outgoing URL http|3a|//181.224.242.131|3a|59072/.i"; flow:to_server,established; http.header; content:"181.224.242.131"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128591; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.113.34.238 60158 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.113.34.238|3a|60158/Mozi.m"; flow:to_server,established; http.header; content:"182.113.34.238"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128601; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.117.78.100 43396 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.117.78.100|3a|43396/Mozi.m"; flow:to_server,established; http.header; content:"182.117.78.100"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128611; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.120.0.198 38773 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.120.0.198|3a|38773/Mozi.m"; flow:to_server,established; http.header; content:"182.120.0.198"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128621; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.123.165.0 35317 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.123.165.0|3a|35317/i"; flow:to_server,established; http.header; content:"182.123.165.0"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128631; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.124.24.37 40075 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.124.24.37|3a|40075/bin.sh"; flow:to_server,established; http.header; content:"182.124.24.37"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128641; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 182.124.24.37 40075 (msg: "MISP e27842 [] Outgoing URL http|3a|//182.124.24.37|3a|40075/i"; flow:to_server,established; http.header; content:"182.124.24.37"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128651; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 185.12.78.161 36220 (msg: "MISP e27842 [] Outgoing URL http|3a|//185.12.78.161|3a|36220/.i"; flow:to_server,established; http.header; content:"185.12.78.161"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128661; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 185.172.128.126 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//185.172.128.126/InstallSetupNew.exe"; flow:to_server,established; http.header; content:"185.172.128.126"; fast_pattern; nocase; http.uri; content:"/InstallSetupNew.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128671; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 187.73.244.188 45366 (msg: "MISP e27842 [] Outgoing URL http|3a|//187.73.244.188|3a|45366/bin.sh"; flow:to_server,established; http.header; content:"187.73.244.188"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128681; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 187.73.244.188 45366 (msg: "MISP e27842 [] Outgoing URL http|3a|//187.73.244.188|3a|45366/i"; flow:to_server,established; http.header; content:"187.73.244.188"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128691; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 190.109.227.71 37465 (msg: "MISP e27842 [] Outgoing URL http|3a|//190.109.227.71|3a|37465/i"; flow:to_server,established; http.header; content:"190.109.227.71"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128701; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 190.109.229.110 54690 (msg: "MISP e27842 [] Outgoing URL http|3a|//190.109.229.110|3a|54690/bin.sh"; flow:to_server,established; http.header; content:"190.109.229.110"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128711; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 190.12.99.194 28516 (msg: "MISP e27842 [] Outgoing URL http|3a|//190.12.99.194|3a|28516/.i"; flow:to_server,established; http.header; content:"190.12.99.194"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 190.186.137.100 57572 (msg: "MISP e27842 [] Outgoing URL http|3a|//190.186.137.100|3a|57572/.i"; flow:to_server,established; http.header; content:"190.186.137.100"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128731; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 193.233.132.167 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//193.233.132.167/lend/win.exe"; flow:to_server,established; http.header; content:"193.233.132.167"; fast_pattern; nocase; http.uri; content:"/lend/win.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128741; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 194.152.35.139 45737 (msg: "MISP e27842 [] Outgoing URL http|3a|//194.152.35.139|3a|45737/.i"; flow:to_server,established; http.header; content:"194.152.35.139"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128751; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 202.4.124.58 12137 (msg: "MISP e27842 [] Outgoing URL http|3a|//202.4.124.58|3a|12137/.i"; flow:to_server,established; http.header; content:"202.4.124.58"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128761; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 203.145.165.14 61828 (msg: "MISP e27842 [] Outgoing URL http|3a|//203.145.165.14|3a|61828/.i"; flow:to_server,established; http.header; content:"203.145.165.14"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128771; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 203.223.44.206 8418 (msg: "MISP e27842 [] Outgoing URL http|3a|//203.223.44.206|3a|8418/.i"; flow:to_server,established; http.header; content:"203.223.44.206"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128781; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 212.46.197.114 17739 (msg: "MISP e27842 [] Outgoing URL http|3a|//212.46.197.114|3a|17739/.i"; flow:to_server,established; http.header; content:"212.46.197.114"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128791; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 213.16.63.103 38011 (msg: "MISP e27842 [] Outgoing URL http|3a|//213.16.63.103|3a|38011/.i"; flow:to_server,established; http.header; content:"213.16.63.103"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128801; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 213.243.216.3 8480 (msg: "MISP e27842 [] Outgoing URL http|3a|//213.243.216.3|3a|8480/.i"; flow:to_server,established; http.header; content:"213.243.216.3"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128811; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 217.11.75.162 7110 (msg: "MISP e27842 [] Outgoing URL http|3a|//217.11.75.162|3a|7110/.i"; flow:to_server,established; http.header; content:"217.11.75.162"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128821; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 2.178.255.23 54524 (msg: "MISP e27842 [] Outgoing URL http|3a|//2.178.255.23|3a|54524/Mozi.m"; flow:to_server,established; http.header; content:"2.178.255.23"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128831; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 219.91.53.19 34791 (msg: "MISP e27842 [] Outgoing URL http|3a|//219.91.53.19|3a|34791/bin.sh"; flow:to_server,established; http.header; content:"219.91.53.19"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128841; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 219.91.53.19 34791 (msg: "MISP e27842 [] Outgoing URL http|3a|//219.91.53.19|3a|34791/i"; flow:to_server,established; http.header; content:"219.91.53.19"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128851; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 221.15.161.52 50274 (msg: "MISP e27842 [] Outgoing URL http|3a|//221.15.161.52|3a|50274/Mozi.m"; flow:to_server,established; http.header; content:"221.15.161.52"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128861; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 221.15.195.22 39194 (msg: "MISP e27842 [] Outgoing URL http|3a|//221.15.195.22|3a|39194/Mozi.m"; flow:to_server,established; http.header; content:"221.15.195.22"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128871; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 221.15.86.108 41529 (msg: "MISP e27842 [] Outgoing URL http|3a|//221.15.86.108|3a|41529/bin.sh"; flow:to_server,established; http.header; content:"221.15.86.108"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128881; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.142.204.80 51268 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.142.204.80|3a|51268/Mozi.m"; flow:to_server,established; http.header; content:"222.142.204.80"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128891; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.245.2.62 41253 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.245.2.62|3a|41253/Mozi.a"; flow:to_server,established; http.header; content:"222.245.2.62"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 222.92.82.91 19737 (msg: "MISP e27842 [] Outgoing URL http|3a|//222.92.82.91|3a|19737/.i"; flow:to_server,established; http.header; content:"222.92.82.91"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128911; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 223.13.29.191 59842 (msg: "MISP e27842 [] Outgoing URL http|3a|//223.13.29.191|3a|59842/Mozi.a"; flow:to_server,established; http.header; content:"223.13.29.191"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128921; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 223.15.16.119 40329 (msg: "MISP e27842 [] Outgoing URL http|3a|//223.15.16.119|3a|40329/bin.sh"; flow:to_server,established; http.header; content:"223.15.16.119"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128931; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.207.38.144 38856 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.207.38.144|3a|38856/Mozi.a"; flow:to_server,established; http.header; content:"27.207.38.144"; fast_pattern; nocase; http.uri; content:"/Mozi.a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128941; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.215.52.29 35438 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.215.52.29|3a|35438/bin.sh"; flow:to_server,established; http.header; content:"27.215.52.29"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.215.81.0 44503 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.215.81.0|3a|44503/Mozi.m"; flow:to_server,established; http.header; content:"27.215.81.0"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128961; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.223.226.131 45426 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.223.226.131|3a|45426/bin.sh"; flow:to_server,established; http.header; content:"27.223.226.131"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128971; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 27.223.226.131 45426 (msg: "MISP e27842 [] Outgoing URL http|3a|//27.223.226.131|3a|45426/i"; flow:to_server,established; http.header; content:"27.223.226.131"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128981; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 36.104.221.190 36800 (msg: "MISP e27842 [] Outgoing URL http|3a|//36.104.221.190|3a|36800/Mozi.m"; flow:to_server,established; http.header; content:"36.104.221.190"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38128991; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 36.66.139.36 53736 (msg: "MISP e27842 [] Outgoing URL http|3a|//36.66.139.36|3a|53736/.i"; flow:to_server,established; http.header; content:"36.66.139.36"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129001; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 37.52.211.252 55707 (msg: "MISP e27842 [] Outgoing URL http|3a|//37.52.211.252|3a|55707/bin.sh"; flow:to_server,established; http.header; content:"37.52.211.252"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129011; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 39.126.203.159 4221 (msg: "MISP e27842 [] Outgoing URL http|3a|//39.126.203.159|3a|4221/i"; flow:to_server,established; http.header; content:"39.126.203.159"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129021; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 39.126.203.159 4221 (msg: "MISP e27842 [] Outgoing URL http|3a|//39.126.203.159|3a|4221/Mozi.m"; flow:to_server,established; http.header; content:"39.126.203.159"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129031; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 39.72.210.61 39912 (msg: "MISP e27842 [] Outgoing URL http|3a|//39.72.210.61|3a|39912/bin.sh"; flow:to_server,established; http.header; content:"39.72.210.61"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129041; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.178.171.27 48310 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.178.171.27|3a|48310/bin.sh"; flow:to_server,established; http.header; content:"42.178.171.27"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129051; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.178.171.27 48310 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.178.171.27|3a|48310/i"; flow:to_server,established; http.header; content:"42.178.171.27"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129061; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.224.137.27 33149 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.224.137.27|3a|33149/Mozi.m"; flow:to_server,established; http.header; content:"42.224.137.27"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129071; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.224.23.153 47454 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.224.23.153|3a|47454/bin.sh"; flow:to_server,established; http.header; content:"42.224.23.153"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129081; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.224.23.153 47454 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.224.23.153|3a|47454/i"; flow:to_server,established; http.header; content:"42.224.23.153"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129091; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.230.214.94 54265 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.230.214.94|3a|54265/Mozi.m"; flow:to_server,established; http.header; content:"42.230.214.94"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129101; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.235.49.48 54289 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.235.49.48|3a|54289/bin.sh"; flow:to_server,established; http.header; content:"42.235.49.48"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129111; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.235.49.48 54289 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.235.49.48|3a|54289/i"; flow:to_server,established; http.header; content:"42.235.49.48"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129121; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.59.83.102 46109 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.59.83.102|3a|46109/bin.sh"; flow:to_server,established; http.header; content:"42.59.83.102"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129131; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 42.59.83.102 46109 (msg: "MISP e27842 [] Outgoing URL http|3a|//42.59.83.102|3a|46109/i"; flow:to_server,established; http.header; content:"42.59.83.102"; fast_pattern; nocase; http.uri; content:"/i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129141; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 45.64.128.244 $HTTP_PORTS (msg: "MISP e27842 [] Outgoing URL http|3a|//45.64.128.244/aminer.gz"; flow:to_server,established; http.header; content:"45.64.128.244"; fast_pattern; nocase; http.uri; content:"/aminer.gz"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129151; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 5.89.36.162 58396 (msg: "MISP e27842 [] Outgoing URL http|3a|//5.89.36.162|3a|58396/.i"; flow:to_server,established; http.header; content:"5.89.36.162"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129161; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.247.183.18 3311 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.247.183.18|3a|3311/.i"; flow:to_server,established; http.header; content:"61.247.183.18"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129171; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 61.52.39.175 59198 (msg: "MISP e27842 [] Outgoing URL http|3a|//61.52.39.175|3a|59198/bin.sh"; flow:to_server,established; http.header; content:"61.52.39.175"; fast_pattern; nocase; http.uri; content:"/bin.sh"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129181; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 66.54.98.184 40244 (msg: "MISP e27842 [] Outgoing URL http|3a|//66.54.98.184|3a|40244/Mozi.m"; flow:to_server,established; http.header; content:"66.54.98.184"; fast_pattern; nocase; http.uri; content:"/Mozi.m"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129191; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 82.207.61.194 54133 (msg: "MISP e27842 [] Outgoing URL http|3a|//82.207.61.194|3a|54133/.i"; flow:to_server,established; http.header; content:"82.207.61.194"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129201; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 84.242.139.134 2601 (msg: "MISP e27842 [] Outgoing URL http|3a|//84.242.139.134|3a|2601/.i"; flow:to_server,established; http.header; content:"84.242.139.134"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129211; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 92.114.191.82 3230 (msg: "MISP e27842 [] Outgoing URL http|3a|//92.114.191.82|3a|3230/.i"; flow:to_server,established; http.header; content:"92.114.191.82"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129221; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> 95.170.113.227 32493 (msg: "MISP e27842 [] Outgoing URL http|3a|//95.170.113.227|3a|32493/.i"; flow:to_server,established; http.header; content:"95.170.113.227"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129231; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> $EXTERNAL_NET 39497 (msg: "MISP e27842 [] Outgoing URL http|3a|//oys0ro.static.otenet.gr|3a|39497/.i"; flow:to_server,established; http.header; content:"oys0ro.static.otenet.gr"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129241; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert http $HOME_NET any -> $EXTERNAL_NET 19635 (msg: "MISP e27842 [] Outgoing URL http|3a|//static062038222098.dsl.hol.gr|3a|19635/.i"; flow:to_server,established; http.header; content:"static062038222098.dsl.hol.gr"; fast_pattern; nocase; http.uri; content:"/.i"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38129291; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27842;) alert ip $HOME_NET any -> 154.23.178.70 8848 (msg: "MISP e27728 [c2,dcrat] Outgoing To IP: 154.23.178.70|8848"; classtype:trojan-activity; sid:38021651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 154.23.178.70 8848 (msg: "MISP e27819 [c2,dcrat] Outgoing To IP: 154.23.178.70|8848"; classtype:trojan-activity; sid:38088701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 185.104.113.237 $HTTP_PORTS (msg: "MISP e27728 [dcrat] Outgoing URL http|3a|//185.104.113.237/image1/linuxhttp/_/53secure/phplocal/externalrequestlow6/cdn/multi3auth/vmmultiflower.php"; flow:to_server,established; http.header; content:"185.104.113.237"; fast_pattern; nocase; http.uri; content:"/image1/linuxhttp/_/53secure/phplocal/externalrequestlow6/cdn/multi3auth/vmmultiflower.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38021661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 185.104.113.237 $HTTP_PORTS (msg: "MISP e27819 [dcrat] Outgoing URL http|3a|//185.104.113.237/Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php"; flow:to_server,established; http.header; content:"185.104.113.237"; fast_pattern; nocase; http.uri; content:"/Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38088711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27728 [dcrat] Outgoing URL http|3a|//rosalihi.beget.tech/l1nc0in.php"; flow:to_server,established; http.header; content:"rosalihi.beget.tech"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38021671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27819 [dcrat] Outgoing URL http|3a|//rosalihi.beget.tech/L1nc0In.php"; flow:to_server,established; http.header; content:"rosalihi.beget.tech"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38088721; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 49.13.200.170 7878 (msg: "MISP e27728 [asyncrat,RAT] Outgoing To IP: 49.13.200.170|7878"; classtype:trojan-activity; sid:38021681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 49.13.200.170 7878 (msg: "MISP e27819 [asyncrat,RAT] Outgoing To IP: 49.13.200.170|7878"; classtype:trojan-activity; sid:38088731; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip 43.128.72.192 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.128.72.192"; classtype:trojan-activity; sid:38097161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 193.151.139.5 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.151.139.5"; classtype:trojan-activity; sid:38097171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 101.42.18.174 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.42.18.174"; classtype:trojan-activity; sid:38097181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 143.198.152.170 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.152.170"; classtype:trojan-activity; sid:38097191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 177.158.65.214 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.158.65.214"; classtype:trojan-activity; sid:38097201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 162.62.57.144 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.62.57.144"; classtype:trojan-activity; sid:38097211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 124.221.219.243 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.219.243"; classtype:trojan-activity; sid:38097221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 141.11.92.31 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.11.92.31"; classtype:trojan-activity; sid:38097231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 185.182.187.36 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.182.187.36"; classtype:trojan-activity; sid:38097241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 111.229.208.170 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.229.208.170"; classtype:trojan-activity; sid:38097251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.136.122.160 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.136.122.160"; classtype:trojan-activity; sid:38097261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 154.56.63.103 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.56.63.103"; classtype:trojan-activity; sid:38097271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 143.244.165.222 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.244.165.222"; classtype:trojan-activity; sid:38097281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 104.250.50.119 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 104.250.50.119"; classtype:trojan-activity; sid:38097291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 62.192.173.169 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.192.173.169"; classtype:trojan-activity; sid:38097301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 82.157.66.192 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.157.66.192"; classtype:trojan-activity; sid:38097311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 171.15.130.194 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.15.130.194"; classtype:trojan-activity; sid:38097321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 8.219.58.206 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.219.58.206"; classtype:trojan-activity; sid:38097331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 159.69.107.145 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.69.107.145"; classtype:trojan-activity; sid:38097341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 84.247.178.198 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.247.178.198"; classtype:trojan-activity; sid:38097351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.155.179.36 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.179.36"; classtype:trojan-activity; sid:38097361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 165.227.43.64 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.43.64"; classtype:trojan-activity; sid:38097371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 200.72.176.60 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 200.72.176.60"; classtype:trojan-activity; sid:38097381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 174.138.6.9 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 174.138.6.9"; classtype:trojan-activity; sid:38097391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 5.42.77.17 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 5.42.77.17"; classtype:trojan-activity; sid:38097401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 123.253.32.45 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.253.32.45"; classtype:trojan-activity; sid:38097411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.133.168.145 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.168.145"; classtype:trojan-activity; sid:38097421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 137.184.166.224 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.166.224"; classtype:trojan-activity; sid:38097431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.153.225.174 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.225.174"; classtype:trojan-activity; sid:38097441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 103.82.240.194 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.82.240.194"; classtype:trojan-activity; sid:38097451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 106.53.175.38 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.53.175.38"; classtype:trojan-activity; sid:38097461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 119.8.146.250 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.8.146.250"; classtype:trojan-activity; sid:38097471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 45.135.250.247 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.135.250.247"; classtype:trojan-activity; sid:38097481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 49.74.52.80 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.74.52.80"; classtype:trojan-activity; sid:38097491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 162.241.124.116 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.241.124.116"; classtype:trojan-activity; sid:38097501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 103.40.253.135 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.40.253.135"; classtype:trojan-activity; sid:38097511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 1.14.10.97 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.14.10.97"; classtype:trojan-activity; sid:38097521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.133.235.144 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.133.235.144"; classtype:trojan-activity; sid:38097531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 138.84.41.188 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 138.84.41.188"; classtype:trojan-activity; sid:38097541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 137.184.174.170 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 137.184.174.170"; classtype:trojan-activity; sid:38097551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.134.94.87 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.94.87"; classtype:trojan-activity; sid:38097561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 170.106.173.36 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.106.173.36"; classtype:trojan-activity; sid:38097571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 159.65.167.88 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.65.167.88"; classtype:trojan-activity; sid:38097581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 31.131.26.246 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.131.26.246"; classtype:trojan-activity; sid:38097591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 156.236.75.252 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance] Incoming From IP: 156.236.75.252"; classtype:trojan-activity; sid:38097601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 47.247.116.211 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance] Incoming From IP: 47.247.116.211"; classtype:trojan-activity; sid:38097611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.131.250.155 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.131.250.155"; classtype:trojan-activity; sid:38097621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 218.94.28.22 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.94.28.22"; classtype:trojan-activity; sid:38097631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 45.137.192.163 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.137.192.163"; classtype:trojan-activity; sid:38097641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 218.55.114.89 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.55.114.89"; classtype:trojan-activity; sid:38097651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 91.186.116.20 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 91.186.116.20"; classtype:trojan-activity; sid:38097661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 154.201.67.57 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.201.67.57"; classtype:trojan-activity; sid:38097671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 92.34.183.195 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 92.34.183.195"; classtype:trojan-activity; sid:38097681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 185.53.130.183 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.53.130.183"; classtype:trojan-activity; sid:38097691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 103.91.64.152 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.91.64.152"; classtype:trojan-activity; sid:38097701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 122.237.103.241 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.237.103.241"; classtype:trojan-activity; sid:38097711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 152.42.189.40 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 152.42.189.40"; classtype:trojan-activity; sid:38097721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 42.116.218.145 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.116.218.145"; classtype:trojan-activity; sid:38097731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.155.165.32 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.155.165.32"; classtype:trojan-activity; sid:38097741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 103.118.244.28 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.118.244.28"; classtype:trojan-activity; sid:38097751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.153.2.16 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.2.16"; classtype:trojan-activity; sid:38097761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 187.225.139.183 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.225.139.183"; classtype:trojan-activity; sid:38097771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 163.5.194.171 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 163.5.194.171"; classtype:trojan-activity; sid:38097781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 165.232.108.139 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.108.139"; classtype:trojan-activity; sid:38097791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 47.243.57.112 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.243.57.112"; classtype:trojan-activity; sid:38097801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.157.34.218 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.34.218"; classtype:trojan-activity; sid:38097811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 125.124.167.64 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.124.167.64"; classtype:trojan-activity; sid:38097821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 31.131.22.161 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.131.22.161"; classtype:trojan-activity; sid:38097831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 95.67.90.66 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 95.67.90.66"; classtype:trojan-activity; sid:38097841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 159.89.227.175 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.227.175"; classtype:trojan-activity; sid:38097851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 74.208.98.33 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.208.98.33"; classtype:trojan-activity; sid:38097861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 183.56.243.172 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.56.243.172"; classtype:trojan-activity; sid:38097871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.134.97.51 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.134.97.51"; classtype:trojan-activity; sid:38097881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 58.34.198.170 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.34.198.170"; classtype:trojan-activity; sid:38097891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 27.13.236.245 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 27.13.236.245"; classtype:trojan-activity; sid:38097901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 106.12.160.238 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.12.160.238"; classtype:trojan-activity; sid:38097911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 189.223.247.222 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.223.247.222"; classtype:trojan-activity; sid:38097921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 14.103.41.21 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.103.41.21"; classtype:trojan-activity; sid:38097931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 128.199.5.115 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 128.199.5.115"; classtype:trojan-activity; sid:38097941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.157.57.142 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.157.57.142"; classtype:trojan-activity; sid:38097951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 181.113.114.115 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.113.114.115"; classtype:trojan-activity; sid:38097961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 188.166.210.39 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 188.166.210.39"; classtype:trojan-activity; sid:38097971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 119.96.168.33 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.96.168.33"; classtype:trojan-activity; sid:38097981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 78.92.227.56 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 78.92.227.56"; classtype:trojan-activity; sid:38097991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 51.91.111.73 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.91.111.73"; classtype:trojan-activity; sid:38098001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 118.123.1.199 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.123.1.199"; classtype:trojan-activity; sid:38098011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 154.113.10.103 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.113.10.103"; classtype:trojan-activity; sid:38098021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 124.223.119.209 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.223.119.209"; classtype:trojan-activity; sid:38098031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 186.64.121.69 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 186.64.121.69"; classtype:trojan-activity; sid:38098041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 82.65.17.52 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 82.65.17.52"; classtype:trojan-activity; sid:38098051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 190.119.66.238 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 190.119.66.238"; classtype:trojan-activity; sid:38098061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 217.30.161.190 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 217.30.161.190"; classtype:trojan-activity; sid:38098071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 132.145.115.97 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 132.145.115.97"; classtype:trojan-activity; sid:38098081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.153.19.12 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.19.12"; classtype:trojan-activity; sid:38098091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 218.78.106.188 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.78.106.188"; classtype:trojan-activity; sid:38098101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 194.186.112.148 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 194.186.112.148"; classtype:trojan-activity; sid:38098111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.163.224.221 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.163.224.221"; classtype:trojan-activity; sid:38098121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 125.59.20.74 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.59.20.74"; classtype:trojan-activity; sid:38098131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 170.64.195.129 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.195.129"; classtype:trojan-activity; sid:38098141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 107.158.225.94 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.158.225.94"; classtype:trojan-activity; sid:38098151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 60.188.58.60 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.188.58.60"; classtype:trojan-activity; sid:38098161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 170.64.203.128 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.203.128"; classtype:trojan-activity; sid:38098171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.153.17.163 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.153.17.163"; classtype:trojan-activity; sid:38098181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 115.239.139.153 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 115.239.139.153"; classtype:trojan-activity; sid:38098191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 143.198.37.118 any -> $HOME_NET any (msg: "MISP e27828 [] Incoming From IP: 143.198.37.118"; classtype:trojan-activity; sid:38098201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 154.20.19.26 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.20.19.26"; classtype:trojan-activity; sid:38098211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 179.157.150.32 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.157.150.32"; classtype:trojan-activity; sid:38098221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 101.34.252.117 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 101.34.252.117"; classtype:trojan-activity; sid:38098231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 141.11.192.70 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 141.11.192.70"; classtype:trojan-activity; sid:38098241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 43.143.13.168 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.143.13.168"; classtype:trojan-activity; sid:38098251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 165.227.65.229 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.227.65.229"; classtype:trojan-activity; sid:38098261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 1.207.8.206 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.207.8.206"; classtype:trojan-activity; sid:38099471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 106.56.149.181 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.56.149.181"; classtype:trojan-activity; sid:38099481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 1.34.174.173 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.34.174.173"; classtype:trojan-activity; sid:38099491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 111.179.76.184 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.179.76.184"; classtype:trojan-activity; sid:38099501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 1.10.214.130 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.10.214.130"; classtype:trojan-activity; sid:38099511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 106.59.120.251 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.59.120.251"; classtype:trojan-activity; sid:38099521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 109.72.241.66 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.72.241.66"; classtype:trojan-activity; sid:38099531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 110.159.109.152 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.159.109.152"; classtype:trojan-activity; sid:38099541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 110.179.123.227 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.179.123.227"; classtype:trojan-activity; sid:38099551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 107.170.240.44 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 107.170.240.44"; classtype:trojan-activity; sid:38099561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 111.124.98.67 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.124.98.67"; classtype:trojan-activity; sid:38099571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 110.177.106.72 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.177.106.72"; classtype:trojan-activity; sid:38099581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 110.177.101.106 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.177.101.106"; classtype:trojan-activity; sid:38099591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 116.86.200.16 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.86.200.16"; classtype:trojan-activity; sid:38099601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 100.38.216.38 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 100.38.216.38"; classtype:trojan-activity; sid:38099611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 113.88.142.96 any -> $HOME_NET any (msg: "MISP e27837 [] Incoming From IP: 113.88.142.96"; classtype:trojan-activity; sid:38099621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 112.102.169.9 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.102.169.9"; classtype:trojan-activity; sid:38099631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 119.123.236.153 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.123.236.153"; classtype:trojan-activity; sid:38098271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 118.122.185.245 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.122.185.245"; classtype:trojan-activity; sid:38099641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 150.117.117.168 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.117.117.168"; classtype:trojan-activity; sid:38099651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 118.174.155.176 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.174.155.176"; classtype:trojan-activity; sid:38099661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 117.147.86.132 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.147.86.132"; classtype:trojan-activity; sid:38099671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 122.55.89.240 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.55.89.240"; classtype:trojan-activity; sid:38099681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 124.222.144.28 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.144.28"; classtype:trojan-activity; sid:38098281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 176.197.107.85 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.197.107.85"; classtype:trojan-activity; sid:38099691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 121.171.116.185 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.171.116.185"; classtype:trojan-activity; sid:38099701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 14.36.184.199 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 14.36.184.199"; classtype:trojan-activity; sid:38099711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 117.243.233.162 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.243.233.162"; classtype:trojan-activity; sid:38099721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 166.168.97.127 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 166.168.97.127"; classtype:trojan-activity; sid:38099731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 123.172.79.116 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 123.172.79.116"; classtype:trojan-activity; sid:38099741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 175.8.113.8 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.8.113.8"; classtype:trojan-activity; sid:38099751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 185.12.68.221 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.12.68.221"; classtype:trojan-activity; sid:38099761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 121.61.200.147 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 121.61.200.147"; classtype:trojan-activity; sid:38099771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 182.244.189.42 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.244.189.42"; classtype:trojan-activity; sid:38099781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 176.90.18.73 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 176.90.18.73"; classtype:trojan-activity; sid:38099791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 213.6.103.90 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 213.6.103.90"; classtype:trojan-activity; sid:38099801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 2.99.207.161 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.99.207.161"; classtype:trojan-activity; sid:38099811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 192.241.212.33 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.212.33"; classtype:trojan-activity; sid:38099821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 198.235.24.172 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.172"; classtype:trojan-activity; sid:38099831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 219.102.136.163 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.102.136.163"; classtype:trojan-activity; sid:38099841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 181.5.223.148 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.5.223.148"; classtype:trojan-activity; sid:38099851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 202.178.125.67 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.178.125.67"; classtype:trojan-activity; sid:38099861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 15.204.166.135 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 15.204.166.135"; classtype:trojan-activity; sid:38098291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 222.246.42.241 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.246.42.241"; classtype:trojan-activity; sid:38099871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 117.197.238.155 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.197.238.155"; classtype:trojan-activity; sid:38099881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 2.101.152.45 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.101.152.45"; classtype:trojan-activity; sid:38099891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 62.234.41.123 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.41.123"; classtype:trojan-activity; sid:38098301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 117.211.70.209 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.211.70.209"; classtype:trojan-activity; sid:38099901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 84.54.51.90 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 84.54.51.90"; classtype:trojan-activity; sid:38099911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 62.84.68.114 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.84.68.114"; classtype:trojan-activity; sid:38099921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 125.4.221.206 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.4.221.206"; classtype:trojan-activity; sid:38099931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 39.129.34.198 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 39.129.34.198"; classtype:trojan-activity; sid:38099941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 74.123.22.58 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 74.123.22.58"; classtype:trojan-activity; sid:38099951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 58.57.88.2 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 58.57.88.2"; classtype:trojan-activity; sid:38099961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 219.138.101.201 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 219.138.101.201"; classtype:trojan-activity; sid:38099971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 61.174.208.90 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 61.174.208.90"; classtype:trojan-activity; sid:38099981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 187.190.60.112 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 187.190.60.112"; classtype:trojan-activity; sid:38096701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 111.7.96.148 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.7.96.148"; classtype:trojan-activity; sid:38098311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 223.159.14.170 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.159.14.170"; classtype:trojan-activity; sid:38099991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 88.210.9.34 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 88.210.9.34"; classtype:trojan-activity; sid:38098321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 221.234.220.157 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.234.220.157"; classtype:trojan-activity; sid:38100001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 49.71.70.140 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.71.70.140"; classtype:trojan-activity; sid:38100011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 49.64.12.62 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 49.64.12.62"; classtype:trojan-activity; sid:38100021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 50.200.214.4 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 50.200.214.4"; classtype:trojan-activity; sid:38100031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 223.198.186.121 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.198.186.121"; classtype:trojan-activity; sid:38100041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 81.70.25.230 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.70.25.230"; classtype:trojan-activity; sid:38098331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 62.234.160.249 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 62.234.160.249"; classtype:trojan-activity; sid:38098341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 178.137.49.213 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.137.49.213"; classtype:trojan-activity; sid:38100051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 134.209.66.61 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 134.209.66.61"; classtype:trojan-activity; sid:38098351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 161.97.141.176 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 161.97.141.176"; classtype:trojan-activity; sid:38096711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 43.138.186.26 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 43.138.186.26"; classtype:trojan-activity; sid:38098361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 192.241.218.21 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.218.21"; classtype:trojan-activity; sid:38096721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 218.75.45.86 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.75.45.86"; classtype:trojan-activity; sid:38099051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 179.97.61.58 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 179.97.61.58"; classtype:trojan-activity; sid:38100061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 202.29.148.82 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.29.148.82"; classtype:trojan-activity; sid:38098371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 202.188.193.207 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.188.193.207"; classtype:trojan-activity; sid:38100071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 119.45.115.87 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 119.45.115.87"; classtype:trojan-activity; sid:38098381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 191.252.205.35 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 191.252.205.35"; classtype:trojan-activity; sid:38098391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 20.226.9.78 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 20.226.9.78"; classtype:trojan-activity; sid:38098401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 47.74.96.31 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.74.96.31"; classtype:trojan-activity; sid:38098411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 170.64.195.37 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.64.195.37"; classtype:trojan-activity; sid:38098421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 223.8.202.167 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 223.8.202.167"; classtype:trojan-activity; sid:38100081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 113.221.40.224 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.221.40.224"; classtype:trojan-activity; sid:38100091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 60.205.169.24 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 60.205.169.24"; classtype:trojan-activity; sid:38098431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 113.22.127.78 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.22.127.78"; classtype:trojan-activity; sid:38098441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 167.248.133.123 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.248.133.123"; classtype:trojan-activity; sid:38099061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 83.97.73.186 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 83.97.73.186"; classtype:trojan-activity; sid:38096731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 140.246.96.209 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 140.246.96.209"; classtype:trojan-activity; sid:38098451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 87.236.176.178 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.178"; classtype:trojan-activity; sid:38096741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 173.212.232.115 any -> $HOME_NET any (msg: "MISP e27826 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 173.212.232.115"; classtype:trojan-activity; sid:38097041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27826;) alert ip 205.210.31.71 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.71"; classtype:trojan-activity; sid:38096751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 79.21.47.27 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 79.21.47.27"; classtype:trojan-activity; sid:38100101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 38.130.132.30 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 38.130.132.30"; classtype:trojan-activity; sid:38100111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 198.199.115.116 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.115.116"; classtype:trojan-activity; sid:38096761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 198.199.102.29 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.102.29"; classtype:trojan-activity; sid:38099071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 192.241.227.61 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.227.61"; classtype:trojan-activity; sid:38096771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 171.38.139.46 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 171.38.139.46"; classtype:trojan-activity; sid:38100121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 87.236.176.19 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.19"; classtype:trojan-activity; sid:38099081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 205.210.31.68 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.68"; classtype:trojan-activity; sid:38096781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 87.236.176.176 any -> $HOME_NET any (msg: "MISP e27822 [] Incoming From IP: 87.236.176.176"; classtype:trojan-activity; sid:38096791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 87.236.176.153 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.153"; classtype:trojan-activity; sid:38096801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 87.236.176.20 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.20"; classtype:trojan-activity; sid:38099091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 193.118.55.182 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.118.55.182"; classtype:trojan-activity; sid:38096811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 193.118.51.130 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.118.51.130"; classtype:trojan-activity; sid:38096821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 210.121.193.52 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 210.121.193.52"; classtype:trojan-activity; sid:38096831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 193.118.55.181 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 193.118.55.181"; classtype:trojan-activity; sid:38096841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 167.94.145.57 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.94.145.57"; classtype:trojan-activity; sid:38096851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 198.199.116.108 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.199.116.108"; classtype:trojan-activity; sid:38099101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 222.119.55.52 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.119.55.52"; classtype:trojan-activity; sid:38100131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 170.239.92.190 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 170.239.92.190"; classtype:trojan-activity; sid:38100141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 222.219.79.224 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.219.79.224"; classtype:trojan-activity; sid:38100151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 178.32.140.218 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.32.140.218"; classtype:trojan-activity; sid:38098461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 124.221.89.71 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.221.89.71"; classtype:trojan-activity; sid:38098471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 1.117.26.65 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.117.26.65"; classtype:trojan-activity; sid:38098481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 31.223.7.27 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 31.223.7.27"; classtype:trojan-activity; sid:38098491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 180.167.153.230 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.167.153.230"; classtype:trojan-activity; sid:38098501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 198.235.24.84 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 198.235.24.84"; classtype:trojan-activity; sid:38098511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 189.33.64.201 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 189.33.64.201"; classtype:trojan-activity; sid:38098521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 167.71.38.138 any -> $HOME_NET any (msg: "MISP e27826 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 167.71.38.138"; classtype:trojan-activity; sid:38097051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27826;) alert ip 120.88.46.226 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 120.88.46.226"; classtype:trojan-activity; sid:38098531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 112.103.94.180 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 112.103.94.180"; classtype:trojan-activity; sid:38100161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 157.245.219.63 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 157.245.219.63"; classtype:trojan-activity; sid:38098541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 51.38.128.124 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 51.38.128.124"; classtype:trojan-activity; sid:38096861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27728 [dcrat] Outgoing URL http|3a|//f0929508.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"f0929508.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38021691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27819 [] Outgoing URL http|3a|//f0929508.xsph.ru/L1nc0In.php"; flow:to_server,established; http.header; content:"f0929508.xsph.ru"; fast_pattern; nocase; http.uri; content:"/L1nc0In.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38088741; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 51.195.231.121 6606 (msg: "MISP e27728 [asyncrat] Outgoing To IP: 51.195.231.121|6606"; classtype:trojan-activity; sid:38021701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 51.195.231.121 6606 (msg: "MISP e27819 [] Outgoing To IP: 51.195.231.121|6606"; classtype:trojan-activity; sid:38088751; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 138.197.116.57 7443 (msg: "MISP e27728 [DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 138.197.116.57|7443"; classtype:trojan-activity; sid:38021711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 85.111.0.39 10250 (msg: "MISP e27728 [Deimos,TTNET] Outgoing To IP: 85.111.0.39|10250"; classtype:trojan-activity; sid:38021721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 37.1.208.95 40056 (msg: "MISP e27728 [Havoc,HVC-AS] Outgoing To IP: 37.1.208.95|40056"; classtype:trojan-activity; sid:38021731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 74.138.4.64 443 (msg: "MISP e27728 [QakBot,TWC-10796-MIDWEST] Outgoing To IP: 74.138.4.64|443"; classtype:trojan-activity; sid:38021741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 82.7.3.113 443 (msg: "MISP e27728 [NTL,QakBot] Outgoing To IP: 82.7.3.113|443"; classtype:trojan-activity; sid:38021751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 41.96.78.253 443 (msg: "MISP e27728 [ALGTEL-AS,QakBot] Outgoing To IP: 41.96.78.253|443"; classtype:trojan-activity; sid:38021761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 27.124.34.14 1145 (msg: "MISP e27728 [BCPL-SG BGPNET Global ASN,dcrat] Outgoing To IP: 27.124.34.14|1145"; classtype:trojan-activity; sid:38021771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 78.46.191.105 6666 (msg: "MISP e27728 [dcrat,HETZNER-AS] Outgoing To IP: 78.46.191.105|6666"; classtype:trojan-activity; sid:38021781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 46.246.80.13 6000 (msg: "MISP e27728 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.80.13|6000"; classtype:trojan-activity; sid:38021791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 123.1.189.241 8888 (msg: "MISP e27728 [HKBN-AS-AP HK Broadband Network Ltd.,Supershell] Outgoing To IP: 123.1.189.241|8888"; classtype:trojan-activity; sid:38021801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 124.70.19.189 8888 (msg: "MISP e27728 [HWCSNET Huawei Cloud Service data center,Supershell] Outgoing To IP: 124.70.19.189|8888"; classtype:trojan-activity; sid:38021811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 124.70.19.189 8888 (msg: "MISP e27819 [] Outgoing To IP: 124.70.19.189|8888"; classtype:trojan-activity; sid:38088761; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 123.1.189.241 8888 (msg: "MISP e27819 [] Outgoing To IP: 123.1.189.241|8888"; classtype:trojan-activity; sid:38088771; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 46.246.80.13 6000 (msg: "MISP e27819 [] Outgoing To IP: 46.246.80.13|6000"; classtype:trojan-activity; sid:38088781; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 78.46.191.105 6666 (msg: "MISP e27819 [] Outgoing To IP: 78.46.191.105|6666"; classtype:trojan-activity; sid:38088791; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 27.124.34.14 1145 (msg: "MISP e27819 [] Outgoing To IP: 27.124.34.14|1145"; classtype:trojan-activity; sid:38088801; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 41.96.78.253 443 (msg: "MISP e27819 [] Outgoing To IP: 41.96.78.253|443"; classtype:trojan-activity; sid:38088811; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 82.7.3.113 443 (msg: "MISP e27819 [] Outgoing To IP: 82.7.3.113|443"; classtype:trojan-activity; sid:38088821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 74.138.4.64 443 (msg: "MISP e27819 [] Outgoing To IP: 74.138.4.64|443"; classtype:trojan-activity; sid:38088831; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 37.1.208.95 40056 (msg: "MISP e27819 [] Outgoing To IP: 37.1.208.95|40056"; classtype:trojan-activity; sid:38088841; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 85.111.0.39 10250 (msg: "MISP e27819 [] Outgoing To IP: 85.111.0.39|10250"; classtype:trojan-activity; sid:38088851; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 138.197.116.57 7443 (msg: "MISP e27819 [] Outgoing To IP: 138.197.116.57|7443"; classtype:trojan-activity; sid:38088861; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27728 [Loki] Outgoing URL http|3a|//mauricioclopatofsky.tel/user/five/fre.php"; flow:to_server,established; http.header; content:"mauricioclopatofsky.tel"; fast_pattern; nocase; http.uri; content:"/user/five/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38021821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 198.12.81.158 $HTTP_PORTS (msg: "MISP e27835 [kill-chain:Command and Control,misp-galaxy:mitre-malware="Agent Tesla - S0331"] Outgoing URL http|3a|//198.12.81.158/jxx/jx/tourserettulovercomeandkissmehardandsheneverknowthatiwillkissherbodytokiss___iamgreatlovertounderstandtheprcess.doc"; flow:to_server,established; http.header; content:"198.12.81.158"; fast_pattern; nocase; http.uri; content:"/jxx/jx/tourserettulovercomeandkissmehardandsheneverknowthatiwillkissherbodytokiss___iamgreatlovertounderstandtheprcess.doc"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38099221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27835;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27819 [] Outgoing URL http|3a|//mauricioclopatofsky.tel/user/five/fre.php"; flow:to_server,established; http.header; content:"mauricioclopatofsky.tel"; fast_pattern; nocase; http.uri; content:"/user/five/fre.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38088871; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 93.123.39.145 $HTTP_PORTS (msg: "MISP e27836 [] Outgoing URL http|3a|//93.123.39.145/13.txt"; flow:to_server,established; http.header; content:"93.123.39.145"; fast_pattern; nocase; http.uri; content:"/13.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38099251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27836;) alert dns any any -> any any (msg: "MISP e27836 [] Domain boydjackson.org"; dns.query; content:"boydjackson.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])boydjackson\.org$/i"; classtype:trojan-activity; sid:38099261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27836;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27836 [] Outgoing HTTP Domain boydjackson.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boydjackson.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boydjackson\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38099262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27836;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27836 [] Source Email Address: biz@boydjackson.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"biz@boydjackson.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38099271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27836;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27836 [] Destination Email Address: me@boydjackson.org"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"me@boydjackson.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38099281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27836;) alert ip $HOME_NET any -> 65.109.240.54 8081 (msg: "MISP e27728 [Vidar] Outgoing To IP: 65.109.240.54|8081"; classtype:trojan-activity; sid:38021841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 5.75.208.156 80 (msg: "MISP e27728 [Vidar] Outgoing To IP: 5.75.208.156|80"; classtype:trojan-activity; sid:38021851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 5.75.208.156 443 (msg: "MISP e27728 [Vidar] Outgoing To IP: 5.75.208.156|443"; classtype:trojan-activity; sid:38021861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 116.203.15.173 443 (msg: "MISP e27728 [Vidar] Outgoing To IP: 116.203.15.173|443"; classtype:trojan-activity; sid:38021871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 5.75.215.43 443 (msg: "MISP e27728 [Vidar] Outgoing To IP: 5.75.215.43|443"; classtype:trojan-activity; sid:38021881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 159.69.103.100 443 (msg: "MISP e27728 [Vidar] Outgoing To IP: 159.69.103.100|443"; classtype:trojan-activity; sid:38021891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 5.75.208.156 $HTTP_PORTS (msg: "MISP e27728 [Vidar] Outgoing URL http|3a|//5.75.208.156/"; flow:to_server,established; http.header; content:"5.75.208.156"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38021911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 5.75.208.156 $HTTP_PORTS (msg: "MISP e27819 [] Outgoing URL http|3a|//5.75.208.156/"; flow:to_server,established; http.header; content:"5.75.208.156"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38088931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 116.203.15.173 443 (msg: "MISP e27819 [] Outgoing To IP: 116.203.15.173|443"; classtype:trojan-activity; sid:38088941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 5.75.215.43 443 (msg: "MISP e27819 [] Outgoing To IP: 5.75.215.43|443"; classtype:trojan-activity; sid:38088951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 159.69.103.100 443 (msg: "MISP e27819 [] Outgoing To IP: 159.69.103.100|443"; classtype:trojan-activity; sid:38088961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 65.109.240.54 8081 (msg: "MISP e27819 [] Outgoing To IP: 65.109.240.54|8081"; classtype:trojan-activity; sid:38088971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 5.75.208.156 80 (msg: "MISP e27819 [] Outgoing To IP: 5.75.208.156|80"; classtype:trojan-activity; sid:38088981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 5.75.208.156 443 (msg: "MISP e27819 [] Outgoing To IP: 5.75.208.156|443"; classtype:trojan-activity; sid:38088991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert dns any any -> any any (msg: "MISP e27007 [] Domain asicsksaonline.com"; dns.query; content:"asicsksaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsksaonline\.com$/i"; classtype:trojan-activity; sid:38173911; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain asicsksaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"asicsksaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])asicsksaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173912; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain eccodeutschlandshop.com"; dns.query; content:"eccodeutschlandshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eccodeutschlandshop\.com$/i"; classtype:trojan-activity; sid:38173921; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain eccodeutschlandshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eccodeutschlandshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eccodeutschlandshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173922; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain eccofootwearuk.com"; dns.query; content:"eccofootwearuk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eccofootwearuk\.com$/i"; classtype:trojan-activity; sid:38173931; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain eccofootwearuk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eccofootwearuk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eccofootwearuk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173932; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ecco-za.com"; dns.query; content:"ecco-za.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ecco\-za\.com$/i"; classtype:trojan-activity; sid:38173941; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ecco-za.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ecco-za.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ecco\-za\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173942; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain gymsharkgreeceonline.com"; dns.query; content:"gymsharkgreeceonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkgreeceonline\.com$/i"; classtype:trojan-activity; sid:38173951; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain gymsharkgreeceonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"gymsharkgreeceonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])gymsharkgreeceonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173952; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hurleymexicomx.com"; dns.query; content:"hurleymexicomx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hurleymexicomx\.com$/i"; classtype:trojan-activity; sid:38173961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hurleymexicomx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hurleymexicomx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hurleymexicomx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain jackwolfskin-sweden.com"; dns.query; content:"jackwolfskin-sweden.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jackwolfskin\-sweden\.com$/i"; classtype:trojan-activity; sid:38173971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain jackwolfskin-sweden.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jackwolfskin-sweden.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jackwolfskin\-sweden\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouture-israel.com"; dns.query; content:"juicycouture-israel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-israel\.com$/i"; classtype:trojan-activity; sid:38173981; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouture-israel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouture-israel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-israel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173982; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouturenetherlands.com"; dns.query; content:"juicycouturenetherlands.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturenetherlands\.com$/i"; classtype:trojan-activity; sid:38173991; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouturenetherlands.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouturenetherlands.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouturenetherlands\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38173992; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain juicycouture-polska.com"; dns.query; content:"juicycouture-polska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-polska\.com$/i"; classtype:trojan-activity; sid:38174001; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain juicycouture-polska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"juicycouture-polska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])juicycouture\-polska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174002; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeldoutletpe.com"; dns.query; content:"karllagerfeldoutletpe.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldoutletpe\.com$/i"; classtype:trojan-activity; sid:38174011; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeldoutletpe.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeldoutletpe.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeldoutletpe\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174012; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain karllagerfeld-usa.com"; dns.query; content:"karllagerfeld-usa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeld\-usa\.com$/i"; classtype:trojan-activity; sid:38174021; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain karllagerfeld-usa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"karllagerfeld-usa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])karllagerfeld\-usa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174022; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifargentina-ar.com"; dns.query; content:"lecoqsportifargentina-ar.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifargentina\-ar\.com$/i"; classtype:trojan-activity; sid:38174031; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifargentina-ar.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifargentina-ar.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifargentina\-ar\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174032; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-costarica.com"; dns.query; content:"lecoqsportif-costarica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-costarica\.com$/i"; classtype:trojan-activity; sid:38174041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-costarica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-costarica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-costarica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174042; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-espana.com"; dns.query; content:"lecoqsportif-espana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-espana\.com$/i"; classtype:trojan-activity; sid:38174051; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-espana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-espana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-espana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174052; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportif-france.com"; dns.query; content:"lecoqsportif-france.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-france\.com$/i"; classtype:trojan-activity; sid:38174061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportif-france.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportif-france.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportif\-france\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lecoqsportifswitzerland.com"; dns.query; content:"lecoqsportifswitzerland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifswitzerland\.com$/i"; classtype:trojan-activity; sid:38174071; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lecoqsportifswitzerland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lecoqsportifswitzerland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lecoqsportifswitzerland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174072; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lojasmizuno-portugal.com"; dns.query; content:"lojasmizuno-portugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lojasmizuno\-portugal\.com$/i"; classtype:trojan-activity; sid:38174081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lojasmizuno-portugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lojasmizuno-portugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lojasmizuno\-portugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174082; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lucchese-deutschland.com"; dns.query; content:"lucchese-deutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchese\-deutschland\.com$/i"; classtype:trojan-activity; sid:38174091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lucchese-deutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lucchese-deutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchese\-deutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174092; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lucchesegermany.com"; dns.query; content:"lucchesegermany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchesegermany\.com$/i"; classtype:trojan-activity; sid:38174101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lucchesegermany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lucchesegermany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchesegermany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174102; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain lucchese-southafrica.com"; dns.query; content:"lucchese-southafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchese\-southafrica\.com$/i"; classtype:trojan-activity; sid:38174111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain lucchese-southafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lucchese-southafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lucchese\-southafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174112; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mexicojackwolfskin.com"; dns.query; content:"mexicojackwolfskin.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mexicojackwolfskin\.com$/i"; classtype:trojan-activity; sid:38174121; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mexicojackwolfskin.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mexicojackwolfskin.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mexicojackwolfskin\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174122; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoenuruguay.com"; dns.query; content:"mizunoenuruguay.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoenuruguay\.com$/i"; classtype:trojan-activity; sid:38174131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoenuruguay.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoenuruguay.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoenuruguay\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174132; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizuno-germany.com"; dns.query; content:"mizuno-germany.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-germany\.com$/i"; classtype:trojan-activity; sid:38174141; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizuno-germany.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizuno-germany.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizuno\-germany\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174142; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunopl.com"; dns.query; content:"mizunopl.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunopl\.com$/i"; classtype:trojan-activity; sid:38174151; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunopl.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunopl.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunopl\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174152; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunosgsingapore.com"; dns.query; content:"mizunosgsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosgsingapore\.com$/i"; classtype:trojan-activity; sid:38174161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunosgsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunosgsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunosgsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174162; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunoshoes-ireland.com"; dns.query; content:"mizunoshoes-ireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoes\-ireland\.com$/i"; classtype:trojan-activity; sid:38174171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunoshoes-ireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunoshoes-ireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunoshoes\-ireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174172; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain mizunostoresydney.com"; dns.query; content:"mizunostoresydney.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunostoresydney\.com$/i"; classtype:trojan-activity; sid:38174181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain mizunostoresydney.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mizunostoresydney.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mizunostoresydney\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174182; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyargentina.com"; dns.query; content:"ohpollyargentina.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyargentina\.com$/i"; classtype:trojan-activity; sid:38174191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyargentina.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyargentina.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyargentina\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174192; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpolly-uk.com"; dns.query; content:"ohpolly-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpolly\-uk\.com$/i"; classtype:trojan-activity; sid:38174201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpolly-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpolly-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpolly\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174202; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ohpollyusa.com"; dns.query; content:"ohpollyusa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyusa\.com$/i"; classtype:trojan-activity; sid:38174211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ohpollyusa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ohpollyusa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ohpollyusa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain palladiumpolskabuty.com"; dns.query; content:"palladiumpolskabuty.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])palladiumpolskabuty\.com$/i"; classtype:trojan-activity; sid:38174221; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain palladiumpolskabuty.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"palladiumpolskabuty.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])palladiumpolskabuty\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174222; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain patricianashaustralia.com"; dns.query; content:"patricianashaustralia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])patricianashaustralia\.com$/i"; classtype:trojan-activity; sid:38174231; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain patricianashaustralia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"patricianashaustralia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])patricianashaustralia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174232; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pedroshoessingapore.com"; dns.query; content:"pedroshoessingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pedroshoessingapore\.com$/i"; classtype:trojan-activity; sid:38174241; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pedroshoessingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pedroshoessingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pedroshoessingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174242; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumacl-chile.com"; dns.query; content:"pumacl-chile.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumacl\-chile\.com$/i"; classtype:trojan-activity; sid:38174251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumacl-chile.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumacl-chile.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumacl\-chile\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumaecuadorzapatos.com"; dns.query; content:"pumaecuadorzapatos.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumaecuadorzapatos\.com$/i"; classtype:trojan-activity; sid:38174261; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumaecuadorzapatos.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumaecuadorzapatos.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumaecuadorzapatos\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174262; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain pumahrvatska-hr.com"; dns.query; content:"pumahrvatska-hr.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])pumahrvatska\-hr\.com$/i"; classtype:trojan-activity; sid:38174271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain pumahrvatska-hr.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"pumahrvatska-hr.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])pumahrvatska\-hr\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174272; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain retrosuperfuturesingapore.com"; dns.query; content:"retrosuperfuturesingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])retrosuperfuturesingapore\.com$/i"; classtype:trojan-activity; sid:38174281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain retrosuperfuturesingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"retrosuperfuturesingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])retrosuperfuturesingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174282; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain russellbromley-hungary.com"; dns.query; content:"russellbromley-hungary.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])russellbromley\-hungary\.com$/i"; classtype:trojan-activity; sid:38174291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain russellbromley-hungary.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"russellbromley-hungary.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])russellbromley\-hungary\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174292; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain russellbromley-mexico.com"; dns.query; content:"russellbromley-mexico.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])russellbromley\-mexico\.com$/i"; classtype:trojan-activity; sid:38174301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain russellbromley-mexico.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"russellbromley-mexico.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])russellbromley\-mexico\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174302; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain russellbromley-polska.com"; dns.query; content:"russellbromley-polska.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])russellbromley\-polska\.com$/i"; classtype:trojan-activity; sid:38174311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain russellbromley-polska.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"russellbromley-polska.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])russellbromley\-polska\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain sanukshoescz.com"; dns.query; content:"sanukshoescz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sanukshoescz\.com$/i"; classtype:trojan-activity; sid:38174321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain sanukshoescz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sanukshoescz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sanukshoescz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174322; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain speedoschweiz.com"; dns.query; content:"speedoschweiz.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])speedoschweiz\.com$/i"; classtype:trojan-activity; sid:38174331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain speedoschweiz.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"speedoschweiz.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])speedoschweiz\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174332; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain speedoturkiye.com"; dns.query; content:"speedoturkiye.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])speedoturkiye\.com$/i"; classtype:trojan-activity; sid:38174341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain speedoturkiye.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"speedoturkiye.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])speedoturkiye\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174342; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain speedo-uk.com"; dns.query; content:"speedo-uk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])speedo\-uk\.com$/i"; classtype:trojan-activity; sid:38174351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain speedo-uk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"speedo-uk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])speedo\-uk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsondeutschland.com"; dns.query; content:"stetsondeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsondeutschland\.com$/i"; classtype:trojan-activity; sid:38174361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsondeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsondeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsondeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174362; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonespana.com"; dns.query; content:"stetsonespana.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonespana\.com$/i"; classtype:trojan-activity; sid:38174371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonespana.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonespana.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonespana\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsongreece.com"; dns.query; content:"stetsongreece.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsongreece\.com$/i"; classtype:trojan-activity; sid:38174381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsongreece.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsongreece.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsongreece\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonireland.com"; dns.query; content:"stetsonireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonireland\.com$/i"; classtype:trojan-activity; sid:38174391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174392; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonitalia.com"; dns.query; content:"stetsonitalia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonitalia\.com$/i"; classtype:trojan-activity; sid:38174401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonitalia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonitalia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonitalia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonportugal.com"; dns.query; content:"stetsonportugal.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonportugal\.com$/i"; classtype:trojan-activity; sid:38174411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonportugal.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonportugal.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonportugal\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174412; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonpraha.com"; dns.query; content:"stetsonpraha.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonpraha\.com$/i"; classtype:trojan-activity; sid:38174421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonpraha.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonpraha.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonpraha\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174422; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain stetsonsingapore.com"; dns.query; content:"stetsonsingapore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonsingapore\.com$/i"; classtype:trojan-activity; sid:38174431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain stetsonsingapore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"stetsonsingapore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])stetsonsingapore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174432; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerbagsouthafrica.com"; dns.query; content:"tedbakerbagsouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerbagsouthafrica\.com$/i"; classtype:trojan-activity; sid:38174441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerbagsouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerbagsouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerbagsouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174442; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerbaguk.com"; dns.query; content:"tedbakerbaguk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerbaguk\.com$/i"; classtype:trojan-activity; sid:38174451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerbaguk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerbaguk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerbaguk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174452; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakerbe.com"; dns.query; content:"ted-bakerbe.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerbe\.com$/i"; classtype:trojan-activity; sid:38174461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakerbe.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakerbe.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerbe\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakerdeutschland.com"; dns.query; content:"ted-bakerdeutschland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerdeutschland\.com$/i"; classtype:trojan-activity; sid:38174471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakerdeutschland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakerdeutschland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerdeutschland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174472; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerdk.com"; dns.query; content:"tedbakerdk.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerdk\.com$/i"; classtype:trojan-activity; sid:38174481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerdk.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerdk.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerdk\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174482; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakerfinland.com"; dns.query; content:"ted-bakerfinland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerfinland\.com$/i"; classtype:trojan-activity; sid:38174491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakerfinland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakerfinland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerfinland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174492; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerhu.com"; dns.query; content:"tedbakerhu.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerhu\.com$/i"; classtype:trojan-activity; sid:38174501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerhu.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerhu.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerhu\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174502; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerindiaonline.com"; dns.query; content:"tedbakerindiaonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerindiaonline\.com$/i"; classtype:trojan-activity; sid:38174511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerindiaonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerindiaonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerindiaonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174512; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerinsouthafrica.com"; dns.query; content:"tedbakerinsouthafrica.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerinsouthafrica\.com$/i"; classtype:trojan-activity; sid:38174521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerinsouthafrica.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerinsouthafrica.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerinsouthafrica\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174522; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakerksa.com"; dns.query; content:"ted-bakerksa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerksa\.com$/i"; classtype:trojan-activity; sid:38174531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakerksa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakerksa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerksa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174532; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakermexicoonline.com"; dns.query; content:"tedbakermexicoonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakermexicoonline\.com$/i"; classtype:trojan-activity; sid:38174541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakermexicoonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakermexicoonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakermexicoonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174542; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakernederland.com"; dns.query; content:"ted-bakernederland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakernederland\.com$/i"; classtype:trojan-activity; sid:38174551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakernederland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakernederland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakernederland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174552; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakernzoutlets.com"; dns.query; content:"tedbakernzoutlets.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakernzoutlets\.com$/i"; classtype:trojan-activity; sid:38174561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakernzoutlets.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakernzoutlets.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakernzoutlets\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174562; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeroutletfactory.com"; dns.query; content:"tedbakeroutletfactory.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletfactory\.com$/i"; classtype:trojan-activity; sid:38174571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeroutletfactory.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeroutletfactory.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeroutletfactory\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174572; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakersg.com"; dns.query; content:"ted-bakersg.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakersg\.com$/i"; classtype:trojan-activity; sid:38174581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakersg.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakersg.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakersg\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakersuomi.com"; dns.query; content:"ted-bakersuomi.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakersuomi\.com$/i"; classtype:trojan-activity; sid:38174591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakersuomi.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakersuomi.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakersuomi\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174592; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakerswitzerland.com"; dns.query; content:"ted-bakerswitzerland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerswitzerland\.com$/i"; classtype:trojan-activity; sid:38174601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakerswitzerland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakerswitzerland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakerswitzerland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174602; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain ted-bakeruae.com"; dns.query; content:"ted-bakeruae.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakeruae\.com$/i"; classtype:trojan-activity; sid:38174611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain ted-bakeruae.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ted-bakeruae.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ted\-bakeruae\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174612; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakeruaeonline.com"; dns.query; content:"tedbakeruaeonline.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeruaeonline\.com$/i"; classtype:trojan-activity; sid:38174621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakeruaeonline.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakeruaeonline.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakeruaeonline\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174622; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain tedbakerukoutletfactory.com"; dns.query; content:"tedbakerukoutletfactory.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerukoutletfactory\.com$/i"; classtype:trojan-activity; sid:38174631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain tedbakerukoutletfactory.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"tedbakerukoutletfactory.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])tedbakerukoutletfactory\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174632; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejanzstore.com"; dns.query; content:"vejanzstore.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejanzstore\.com$/i"; classtype:trojan-activity; sid:38174641; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejanzstore.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejanzstore.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejanzstore\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174642; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vejastore-australia.com"; dns.query; content:"vejastore-australia.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vejastore\-australia\.com$/i"; classtype:trojan-activity; sid:38174651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vejastore-australia.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vejastore-australia.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vejastore\-australia\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174652; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vivobarefoot-cz-eshop.com"; dns.query; content:"vivobarefoot-cz-eshop.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefoot\-cz\-eshop\.com$/i"; classtype:trojan-activity; sid:38174661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vivobarefoot-cz-eshop.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vivobarefoot-cz-eshop.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefoot\-cz\-eshop\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174662; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vivobarefootportugal-pt.com"; dns.query; content:"vivobarefootportugal-pt.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefootportugal\-pt\.com$/i"; classtype:trojan-activity; sid:38174671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vivobarefootportugal-pt.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vivobarefootportugal-pt.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefootportugal\-pt\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174672; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain volcom-mx.com"; dns.query; content:"volcom-mx.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])volcom\-mx\.com$/i"; classtype:trojan-activity; sid:38174681; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain volcom-mx.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"volcom-mx.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])volcom\-mx\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174682; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27721 [] Domain app-clientes-bannestado.pages.dev"; dns.query; content:"app-clientes-bannestado.pages.dev"; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev$/i"; classtype:trojan-activity; sid:38020821; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27721;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27721 [] Outgoing HTTP Domain app-clientes-bannestado.pages.dev"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"app-clientes-bannestado.pages.dev"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])app\-clientes\-bannestado\.pages\.dev[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38020822; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27721;) alert dns any any -> any any (msg: "MISP e27728 [CobaltStrike,cs-watermark-1321798405,DIGITALOCEAN-ASN] Domain docloudstorage.com"; dns.query; content:"docloudstorage.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])docloudstorage\.com$/i"; classtype:trojan-activity; sid:38022001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27728 [CobaltStrike,cs-watermark-1321798405,DIGITALOCEAN-ASN] Outgoing HTTP Domain docloudstorage.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"docloudstorage.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])docloudstorage\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38022002; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 120.46.207.190 $HTTP_PORTS (msg: "MISP e27728 [CobaltStrike,cs-watermark-987654321,Huawei Cloud Service data center] Outgoing URL http|3a|//120.46.207.190/visit.js"; flow:to_server,established; http.header; content:"120.46.207.190"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 1.94.52.236 88 (msg: "MISP e27728 [CobaltStrike,cs-watermark-0,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.52.236|3a|88/ca"; flow:to_server,established; http.header; content:"1.94.52.236"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 162.14.107.218 $HTTP_PORTS (msg: "MISP e27728 [CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//162.14.107.218/en_us/all.js"; flow:to_server,established; http.header; content:"162.14.107.218"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 103.146.140.99 $HTTP_PORTS (msg: "MISP e27728 [CobaltStrike,cs-watermark-0,YISU CLOUD LTD] Outgoing URL http|3a|//103.146.140.99/__utm.gif"; flow:to_server,established; http.header; content:"103.146.140.99"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 8.219.54.123 $HTTP_PORTS (msg: "MISP e27728 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//8.219.54.123/cm"; flow:to_server,established; http.header; content:"8.219.54.123"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 120.46.207.190 $HTTP_PORTS (msg: "MISP e27819 [] Outgoing URL http|3a|//120.46.207.190/visit.js"; flow:to_server,established; http.header; content:"120.46.207.190"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089041; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert dns any any -> any any (msg: "MISP e27819 [] Domain docloudstorage.com"; dns.query; content:"docloudstorage.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])docloudstorage\.com$/i"; classtype:trojan-activity; sid:38089061; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27819 [] Outgoing HTTP Domain docloudstorage.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"docloudstorage.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])docloudstorage\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38089062; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 119.91.26.244 $HTTP_PORTS (msg: "MISP e27728 [CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//119.91.26.244/activity"; flow:to_server,established; http.header; content:"119.91.26.244"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 119.91.26.244 $HTTP_PORTS (msg: "MISP e27819 [] Outgoing URL http|3a|//119.91.26.244/activity"; flow:to_server,established; http.header; content:"119.91.26.244"; fast_pattern; nocase; http.uri; content:"/activity"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089081; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 8.219.54.123 $HTTP_PORTS (msg: "MISP e27819 [] Outgoing URL http|3a|//8.219.54.123/cm"; flow:to_server,established; http.header; content:"8.219.54.123"; fast_pattern; nocase; http.uri; content:"/cm"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089091; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 103.146.140.99 $HTTP_PORTS (msg: "MISP e27819 [] Outgoing URL http|3a|//103.146.140.99/__utm.gif"; flow:to_server,established; http.header; content:"103.146.140.99"; fast_pattern; nocase; http.uri; content:"/__utm.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089101; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 162.14.107.218 $HTTP_PORTS (msg: "MISP e27819 [] Outgoing URL http|3a|//162.14.107.218/en_US/all.js"; flow:to_server,established; http.header; content:"162.14.107.218"; fast_pattern; nocase; http.uri; content:"/en_US/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089111; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 1.94.52.236 88 (msg: "MISP e27819 [] Outgoing URL http|3a|//1.94.52.236|3a|88/ca"; flow:to_server,established; http.header; content:"1.94.52.236"; fast_pattern; nocase; http.uri; content:"/ca"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089131; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27829 [] Source Email Address: reply@dirrectoroffices.online"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"reply@dirrectoroffices.online"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38098731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27829;) alert http $HOME_NET any -> 112.124.65.163 8089 (msg: "MISP e27728 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//112.124.65.163|3a|8089/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"112.124.65.163"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert dns any any -> any any (msg: "MISP e27829 [] Domain dirrectoroffices.online"; dns.query; content:"dirrectoroffices.online"; nocase; pcre: "/(^|[^A-Za-z0-9-])dirrectoroffices\.online$/i"; classtype:trojan-activity; sid:38098741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27829;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27829 [] Outgoing HTTP Domain dirrectoroffices.online"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dirrectoroffices.online"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dirrectoroffices\.online[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38098742; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27829;) alert ip $HOME_NET any -> 47.92.158.101 443 (msg: "MISP e27728 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-666666666] Outgoing To IP: 47.92.158.101|443"; classtype:trojan-activity; sid:38022121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27829 [] Outgoing URL http|3a|//dirrectoroffices.online/"; flow:to_server,established; http.header; content:"dirrectoroffices.online"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38098751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27829;) alert ip $HOME_NET any -> 107.172.31.178 2404 (msg: "MISP e27728 [remcos] Outgoing To IP: 107.172.31.178|2404"; classtype:trojan-activity; sid:38022131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 112.124.65.163 8089 (msg: "MISP e27819 [] Outgoing URL http|3a|//112.124.65.163|3a|8089/jquery-3.3.1.min.js"; flow:to_server,established; http.header; content:"112.124.65.163"; fast_pattern; nocase; http.uri; content:"/jquery-3.3.1.min.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089161; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 107.172.31.178 2404 (msg: "MISP e27819 [] Outgoing To IP: 107.172.31.178|2404"; classtype:trojan-activity; sid:38089171; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 47.92.158.101 443 (msg: "MISP e27819 [] Outgoing To IP: 47.92.158.101|443"; classtype:trojan-activity; sid:38089181; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27824 [] Outgoing URL https.//skb24.net/SKB-Podjetja/ProSKB/Poslovne-finance/Portal/Sl/MOI/IndexFinance_1.php"; flow:to_server,established; http.uri; content:"https.//skb24.net/SKB-Podjetja/ProSKB/Poslovne-finance/Portal/Sl/MOI/IndexFinance_1.php"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38096991; rev:1; priority:4; reference:url,https://misp.finsin.cl/events/view/27824;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e24599 [] Outgoing URL http|3a|//links.infos.clubmed.com/ctt?m=17415468&r=LTY4NDQwMDAyMjYS1&b=0&j=MjE3MzY0NjQ4MwS2&k=preheader&kx=1&kt=12&kd=https|3a|//cloudflare-ipfs.com/ipfs/QmTvnZiZMoWjaejLVLMzRaB2TQmSwwqsuqmfufXxuMRjYn/index2ton0503.html"; flow:to_server,established; http.header; content:"links.infos.clubmed.com"; fast_pattern; nocase; http.uri; content:"/ctt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38178901; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24599;) alert ip $HOME_NET any -> 3.219.159.186 80 (msg: "MISP e27728 [c2,Serpent] Outgoing To IP: 3.219.159.186|80"; classtype:trojan-activity; sid:38022141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 3.213.37.39 80 (msg: "MISP e27728 [c2,Serpent] Outgoing To IP: 3.213.37.39|80"; classtype:trojan-activity; sid:38022151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 3.219.159.186 80 (msg: "MISP e27819 [] Outgoing To IP: 3.219.159.186|80"; classtype:trojan-activity; sid:38089191; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 3.213.37.39 80 (msg: "MISP e27819 [] Outgoing To IP: 3.213.37.39|80"; classtype:trojan-activity; sid:38089201; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27728 [CobaltStrike,cs-watermark-666666666,MULTACOM CORPORATION] Outgoing URL http|3a|//jspassport.ssl.qhimg.com.dsa.dnsv1.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; flow:to_server,established; http.header; content:"jspassport.ssl.qhimg.com.dsa.dnsv1.com"; fast_pattern; nocase; http.uri; content:"/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert dns any any -> any any (msg: "MISP e27728 [CobaltStrike,cs-watermark-666666666,MULTACOM CORPORATION] Domain jspassport.ssl.qhimg.com.dsa.dnsv1.com"; dns.query; content:"jspassport.ssl.qhimg.com.dsa.dnsv1.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jspassport\.ssl\.qhimg\.com\.dsa\.dnsv1\.com$/i"; classtype:trojan-activity; sid:38022171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27728 [CobaltStrike,cs-watermark-666666666,MULTACOM CORPORATION] Outgoing HTTP Domain jspassport.ssl.qhimg.com.dsa.dnsv1.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jspassport.ssl.qhimg.com.dsa.dnsv1.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jspassport\.ssl\.qhimg\.com\.dsa\.dnsv1\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38022172; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 74.48.19.146 80 (msg: "MISP e27728 [CobaltStrike,cs-watermark-666666666,MULTACOM CORPORATION] Outgoing To IP: 74.48.19.146|80"; classtype:trojan-activity; sid:38022181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 42.186.17.183 8080 (msg: "MISP e27728 [CobaltStrike,cs-watermark-391144938,Netease-Network] Outgoing URL http|3a|//42.186.17.183|3a|8080/j.ad"; flow:to_server,established; http.header; content:"42.186.17.183"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 35.153.33.243 8000 (msg: "MISP e27728 [Amazon.com Inc.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//35.153.33.243|3a|8000/ga.js"; flow:to_server,established; http.header; content:"35.153.33.243"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 172.210.42.227 $HTTP_PORTS (msg: "MISP e27728 [CobaltStrike,cs-watermark-1172270780,Microsoft Corporation] Outgoing URL http|3a|//172.210.42.227/ocsp/"; flow:to_server,established; http.header; content:"172.210.42.227"; fast_pattern; nocase; http.uri; content:"/ocsp/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 172.210.42.227 80 (msg: "MISP e27728 [CobaltStrike,cs-watermark-1172270780,Microsoft Corporation] Outgoing To IP: 172.210.42.227|80"; classtype:trojan-activity; sid:38022221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 37.1.197.252 443 (msg: "MISP e27728 [CobaltStrike,cs-watermark-987654321,Leaseweb Deutschland GmbH] Outgoing To IP: 37.1.197.252|443"; classtype:trojan-activity; sid:38022241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert dns any any -> any any (msg: "MISP e27728 [CobaltStrike,cs-watermark-666,SIMPLECARRIER] Domain cdn-1488.winstate.cc"; dns.query; content:"cdn-1488.winstate.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-1488\.winstate\.cc$/i"; classtype:trojan-activity; sid:38022261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27728 [CobaltStrike,cs-watermark-666,SIMPLECARRIER] Outgoing HTTP Domain cdn-1488.winstate.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn-1488.winstate.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-1488\.winstate\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38022262; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 185.196.9.234 7443 (msg: "MISP e27728 [CobaltStrike,cs-watermark-666,SIMPLECARRIER] Outgoing To IP: 185.196.9.234|7443"; classtype:trojan-activity; sid:38022271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert dns any any -> any any (msg: "MISP e27728 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Domain kumbaraan.com"; dns.query; content:"kumbaraan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kumbaraan\.com$/i"; classtype:trojan-activity; sid:38022301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27728 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Outgoing HTTP Domain kumbaraan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kumbaraan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kumbaraan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38022302; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 103.253.146.79 443 (msg: "MISP e27728 [CobaltStrike,cs-watermark-987654321,DigitalOcean LLC] Outgoing To IP: 103.253.146.79|443"; classtype:trojan-activity; sid:38022311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert dns any any -> any any (msg: "MISP e27819 [] Domain kumbaraan.com"; dns.query; content:"kumbaraan.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kumbaraan\.com$/i"; classtype:trojan-activity; sid:38089211; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27819 [] Outgoing HTTP Domain kumbaraan.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kumbaraan.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kumbaraan\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38089212; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert dns any any -> any any (msg: "MISP e27819 [] Domain cdn-1488.winstate.cc"; dns.query; content:"cdn-1488.winstate.cc"; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-1488\.winstate\.cc$/i"; classtype:trojan-activity; sid:38089251; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27819 [] Outgoing HTTP Domain cdn-1488.winstate.cc"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cdn-1488.winstate.cc"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cdn\-1488\.winstate\.cc[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38089252; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 172.210.42.227 $HTTP_PORTS (msg: "MISP e27819 [] Outgoing URL http|3a|//172.210.42.227/ocsp/"; flow:to_server,established; http.header; content:"172.210.42.227"; fast_pattern; nocase; http.uri; content:"/ocsp/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089271; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 35.153.33.243 8000 (msg: "MISP e27819 [] Outgoing URL http|3a|//35.153.33.243|3a|8000/ga.js"; flow:to_server,established; http.header; content:"35.153.33.243"; fast_pattern; nocase; http.uri; content:"/ga.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089281; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 42.186.17.183 8080 (msg: "MISP e27819 [] Outgoing URL http|3a|//42.186.17.183|3a|8080/j.ad"; flow:to_server,established; http.header; content:"42.186.17.183"; fast_pattern; nocase; http.uri; content:"/j.ad"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27819 [] Outgoing URL http|3a|//jspassport.ssl.qhimg.com.dsa.dnsv1.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; flow:to_server,established; http.header; content:"jspassport.ssl.qhimg.com.dsa.dnsv1.com"; fast_pattern; nocase; http.uri; content:"/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089301; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert dns any any -> any any (msg: "MISP e27819 [] Domain jspassport.ssl.qhimg.com.dsa.dnsv1.com"; dns.query; content:"jspassport.ssl.qhimg.com.dsa.dnsv1.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jspassport\.ssl\.qhimg\.com\.dsa\.dnsv1\.com$/i"; classtype:trojan-activity; sid:38089311; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27819 [] Outgoing HTTP Domain jspassport.ssl.qhimg.com.dsa.dnsv1.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jspassport.ssl.qhimg.com.dsa.dnsv1.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jspassport\.ssl\.qhimg\.com\.dsa\.dnsv1\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38089312; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 103.253.146.79 443 (msg: "MISP e27819 [] Outgoing To IP: 103.253.146.79|443"; classtype:trojan-activity; sid:38089321; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 185.196.9.234 7443 (msg: "MISP e27819 [] Outgoing To IP: 185.196.9.234|7443"; classtype:trojan-activity; sid:38089331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 37.1.197.252 443 (msg: "MISP e27819 [] Outgoing To IP: 37.1.197.252|443"; classtype:trojan-activity; sid:38089341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 172.210.42.227 80 (msg: "MISP e27819 [] Outgoing To IP: 172.210.42.227|80"; classtype:trojan-activity; sid:38089351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 74.48.19.146 80 (msg: "MISP e27819 [] Outgoing To IP: 74.48.19.146|80"; classtype:trojan-activity; sid:38089361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert dns any any -> any any (msg: "MISP e27007 [] Domain hoffsandalsireland.com"; dns.query; content:"hoffsandalsireland.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hoffsandalsireland\.com$/i"; classtype:trojan-activity; sid:38174691; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain hoffsandalsireland.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hoffsandalsireland.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hoffsandalsireland\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174692; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e28746 [] Domain guvalas.ru"; dns.query; content:"guvalas.ru"; nocase; pcre: "/(^|[^A-Za-z0-9-])guvalas\.ru$/i"; classtype:trojan-activity; sid:38709951; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28746;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28746 [] Outgoing HTTP Domain guvalas.ru"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"guvalas.ru"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])guvalas\.ru[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38709952; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28746;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28746 [] Outgoing URL telegra.ph/home-11-29-16"; flow:to_server,established; http.uri; content:"telegra.ph/home-11-29-16"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38710301; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28746;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28746 [] Outgoing URL telegra.ph/osnmbfjr1h-09-07"; flow:to_server,established; http.uri; content:"telegra.ph/osnmbfjr1h-09-07"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38710361; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28746;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28746 [] Outgoing URL telegra.ph/j7bl93kg8t-07-18"; flow:to_server,established; http.uri; content:"telegra.ph/j7bl93kg8t-07-18"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38710411; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28746;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e28746 [] Outgoing URL telegra.ph/25mct8ogil-08-21"; flow:to_server,established; http.uri; content:"telegra.ph/25mct8ogil-08-21"; fast_pattern; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38710481; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/28746;) alert dns any any -> any any (msg: "MISP e27728 [CobaltStrike,cs-watermark-1357776117,DigitalOcean LLC] Domain dns.otxcosmeticscare.com"; dns.query; content:"dns.otxcosmeticscare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.otxcosmeticscare\.com$/i"; classtype:trojan-activity; sid:38022321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27728 [CobaltStrike,cs-watermark-1357776117,DigitalOcean LLC] Outgoing HTTP Domain dns.otxcosmeticscare.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.otxcosmeticscare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.otxcosmeticscare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38022322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 134.209.87.204 53 (msg: "MISP e27728 [CobaltStrike,cs-watermark-1357776117,DigitalOcean LLC] Outgoing To IP: 134.209.87.204|53"; classtype:trojan-activity; sid:38022331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert dns any any -> any any (msg: "MISP e27728 [BL Networks,CobaltStrike,cs-watermark-1357776117] Domain dns.otxcarecosmetics.com"; dns.query; content:"dns.otxcarecosmetics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.otxcarecosmetics\.com$/i"; classtype:trojan-activity; sid:38022341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27728 [BL Networks,CobaltStrike,cs-watermark-1357776117] Outgoing HTTP Domain dns.otxcarecosmetics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.otxcarecosmetics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.otxcarecosmetics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38022342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 168.100.11.227 53 (msg: "MISP e27728 [BL Networks,CobaltStrike,cs-watermark-1357776117] Outgoing To IP: 168.100.11.227|53"; classtype:trojan-activity; sid:38022351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert dns any any -> any any (msg: "MISP e27819 [] Domain dns.otxcarecosmetics.com"; dns.query; content:"dns.otxcarecosmetics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.otxcarecosmetics\.com$/i"; classtype:trojan-activity; sid:38089371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27819 [] Outgoing HTTP Domain dns.otxcarecosmetics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.otxcarecosmetics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.otxcarecosmetics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38089372; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert dns any any -> any any (msg: "MISP e27819 [] Domain dns.otxcosmeticscare.com"; dns.query; content:"dns.otxcosmeticscare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.otxcosmeticscare\.com$/i"; classtype:trojan-activity; sid:38089381; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27819 [] Outgoing HTTP Domain dns.otxcosmeticscare.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.otxcosmeticscare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.otxcosmeticscare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38089382; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 168.100.11.227 53 (msg: "MISP e27819 [] Outgoing To IP: 168.100.11.227|53"; classtype:trojan-activity; sid:38089391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 134.209.87.204 53 (msg: "MISP e27819 [] Outgoing To IP: 134.209.87.204|53"; classtype:trojan-activity; sid:38089401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27723 [] Source Email Address: ops@thurlestone-shipping.com.sg"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"ops@thurlestone-shipping.com.sg"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38021061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27723;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27723 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"INVOICE .xls|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38021081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27723;) alert ip 45.137.22.136 any -> $HOME_NET any (msg: "MISP e27723 [] Incoming From IP: 45.137.22.136"; classtype:trojan-activity; sid:38021091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27723;) alert dns any any -> any any (msg: "MISP e27723 [] Domain hosted-by.rootlayer.net"; dns.query; content:"hosted-by.rootlayer.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])hosted\-by\.rootlayer\.net$/i"; classtype:trojan-activity; sid:38021101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27723;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27723 [] Outgoing HTTP Domain hosted-by.rootlayer.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hosted-by.rootlayer.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hosted\-by\.rootlayer\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38021102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27723;) alert http $HOME_NET any -> 93.123.39.145 $HTTP_PORTS (msg: "MISP e27818 [] Outgoing URL http|3a|//93.123.39.145/13.txt"; flow:to_server,established; http.header; content:"93.123.39.145"; fast_pattern; nocase; http.uri; content:"/13.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38088331; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27818;) alert ip $HOME_NET any -> 93.123.39.145 any (msg: "MISP e27818 [] Outgoing To IP: 93.123.39.145"; classtype:trojan-activity; sid:38088341; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27818;) alert dns any any -> any any (msg: "MISP e27818 [] Domain boydjackson.org"; dns.query; content:"boydjackson.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])boydjackson\.org$/i"; classtype:trojan-activity; sid:38088351; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27818;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27818 [] Outgoing HTTP Domain boydjackson.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"boydjackson.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])boydjackson\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38088352; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27818;) alert dns any any -> any any (msg: "MISP e27829 [] Domain wjzblog.top"; dns.query; content:"wjzblog.top"; nocase; pcre: "/(^|[^A-Za-z0-9-])wjzblog\.top$/i"; classtype:trojan-activity; sid:38098781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27829;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27829 [] Outgoing HTTP Domain wjzblog.top"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wjzblog.top"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wjzblog\.top[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38098782; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27829;) alert dns any any -> any any (msg: "MISP e27823 [] Domain www.vakantie-in-kroatie.eu"; dns.query; content:"www.vakantie-in-kroatie.eu"; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.vakantie\-in\-kroatie\.eu$/i"; classtype:trojan-activity; sid:38096961; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27823 [] Outgoing HTTP Domain www.vakantie-in-kroatie.eu"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"www.vakantie-in-kroatie.eu"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])www\.vakantie\-in\-kroatie\.eu[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38096962; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27823;) alert dns any any -> any any (msg: "MISP e27823 [] Domain cld.lat"; dns.query; content:"cld.lat"; nocase; pcre: "/(^|[^A-Za-z0-9-])cld\.lat$/i"; classtype:trojan-activity; sid:38096971; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27823;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27823 [] Outgoing HTTP Domain cld.lat"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cld.lat"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cld\.lat[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38096972; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27823;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27724 [] Source Email Address: ezequiel.armendariz@bitech.net"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"ezequiel.armendariz@bitech.net"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38021271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27724;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27724 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"Orden de compra (OC)_0079124.xla|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38021291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27724;) alert ip 190.0.227.15 any -> $HOME_NET any (msg: "MISP e27724 [] Incoming From IP: 190.0.227.15"; classtype:trojan-activity; sid:38021301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27724;) alert dns any any -> any any (msg: "MISP e27724 [] Domain sl8.cyberfuel.com"; dns.query; content:"sl8.cyberfuel.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])sl8\.cyberfuel\.com$/i"; classtype:trojan-activity; sid:38021311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27724;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27724 [] Outgoing HTTP Domain sl8.cyberfuel.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"sl8.cyberfuel.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])sl8\.cyberfuel\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38021312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27724;) alert ip 176.117.72.68 any -> $HOME_NET any (msg: "MISP e27725 [] Incoming From IP: 176.117.72.68"; classtype:trojan-activity; sid:38021391; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27725;) alert dns any any -> any any (msg: "MISP e27725 [] Domain mail.siderick.co"; dns.query; content:"mail.siderick.co"; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.siderick\.co$/i"; classtype:trojan-activity; sid:38021401; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27725;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27725 [] Outgoing HTTP Domain mail.siderick.co"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mail.siderick.co"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mail\.siderick\.co[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38021402; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27725;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27725 [] Source Email Address: no-reply@siderick.co"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"no-reply@siderick.co"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38021411; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27725;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27725 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"Invoice DHA2024-002.html|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38021431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27725;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27818 [] Destination Email Address: me@boydjackson.org"; flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"me@boydjackson.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38088371; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27818;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27818 [] Source Email Address: biz@boydjackson.org"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"biz@boydjackson.org"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38088361; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27818;) alert dns any any -> any any (msg: "MISP e27726 [] Domain mitarjetacencosud-cl.itsdjlucky.com"; dns.query; content:"mitarjetacencosud-cl.itsdjlucky.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencosud\-cl\.itsdjlucky\.com$/i"; classtype:trojan-activity; sid:38021461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27726;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27726 [] Outgoing HTTP Domain mitarjetacencosud-cl.itsdjlucky.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mitarjetacencosud-cl.itsdjlucky.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mitarjetacencosud\-cl\.itsdjlucky\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38021462; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27726;) alert ip 103.209.124.236 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.209.124.236"; classtype:trojan-activity; sid:38100171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 1.87.219.209 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.87.219.209"; classtype:trojan-activity; sid:38100181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 103.175.183.45 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.175.183.45"; classtype:trojan-activity; sid:38100191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 1.10.219.252 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 1.10.219.252"; classtype:trojan-activity; sid:38100201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 106.51.152.212 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.51.152.212"; classtype:trojan-activity; sid:38100211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 87.236.176.180 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.180"; classtype:trojan-activity; sid:38099111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 87.236.176.181 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.181"; classtype:trojan-activity; sid:38099121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 106.41.90.51 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.41.90.51"; classtype:trojan-activity; sid:38100221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 87.236.176.174 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.174"; classtype:trojan-activity; sid:38099131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 110.150.118.91 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.150.118.91"; classtype:trojan-activity; sid:38100231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 110.178.74.182 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 110.178.74.182"; classtype:trojan-activity; sid:38100241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 113.0.132.91 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.0.132.91"; classtype:trojan-activity; sid:38100251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 111.123.89.132 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 111.123.89.132"; classtype:trojan-activity; sid:38100261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 113.110.201.51 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 113.110.201.51"; classtype:trojan-activity; sid:38100271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 116.25.105.89 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 116.25.105.89"; classtype:trojan-activity; sid:38100281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 117.205.84.235 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.205.84.235"; classtype:trojan-activity; sid:38100291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 117.193.182.209 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.193.182.209"; classtype:trojan-activity; sid:38100301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 117.209.102.197 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 117.209.102.197"; classtype:trojan-activity; sid:38100311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 118.26.39.98 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 118.26.39.98"; classtype:trojan-activity; sid:38100321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 122.190.209.129 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.190.209.129"; classtype:trojan-activity; sid:38100331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 125.25.192.116 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 125.25.192.116"; classtype:trojan-activity; sid:38100341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 122.190.202.156 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 122.190.202.156"; classtype:trojan-activity; sid:38100351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 149.50.103.48 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 149.50.103.48"; classtype:trojan-activity; sid:38100361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 175.11.9.20 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.11.9.20"; classtype:trojan-activity; sid:38100371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 175.30.204.244 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.30.204.244"; classtype:trojan-activity; sid:38100381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 177.135.64.34 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.135.64.34"; classtype:trojan-activity; sid:38100391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 150.116.99.131 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 150.116.99.131"; classtype:trojan-activity; sid:38100401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 175.193.247.245 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 175.193.247.245"; classtype:trojan-activity; sid:38100411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 180.108.47.221 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.108.47.221"; classtype:trojan-activity; sid:38100421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 181.19.0.20 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 181.19.0.20"; classtype:trojan-activity; sid:38100431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 177.12.185.44 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 177.12.185.44"; classtype:trojan-activity; sid:38100441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 178.161.21.240 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 178.161.21.240"; classtype:trojan-activity; sid:38100451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 182.53.71.208 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 182.53.71.208"; classtype:trojan-activity; sid:38100461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 180.136.243.137 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 180.136.243.137"; classtype:trojan-activity; sid:38100471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 183.81.33.94 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 183.81.33.94"; classtype:trojan-activity; sid:38100481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 185.31.195.54 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.31.195.54"; classtype:trojan-activity; sid:38100491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 185.145.126.95 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 185.145.126.95"; classtype:trojan-activity; sid:38100501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 2.187.99.117 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 2.187.99.117"; classtype:trojan-activity; sid:38100511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 218.172.42.159 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 218.172.42.159"; classtype:trojan-activity; sid:38100521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 220.77.147.33 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.77.147.33"; classtype:trojan-activity; sid:38100531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 220.163.150.119 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 220.163.150.119"; classtype:trojan-activity; sid:38100541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 221.226.118.50 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 221.226.118.50"; classtype:trojan-activity; sid:38100551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 222.93.55.28 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 222.93.55.28"; classtype:trojan-activity; sid:38100561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 42.100.21.237 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 42.100.21.237"; classtype:trojan-activity; sid:38100571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 45.228.190.124 any -> $HOME_NET any (msg: "MISP e27837 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.228.190.124"; classtype:trojan-activity; sid:38100581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 27.20.6.65 any -> $HOME_NET any (msg: "MISP e27837 [stone:attack-categorization="Brute Force",stone:false-positive="low-risk",kill-chain:Reconnaissance,kill-chain:Exploitation,misp-galaxy:mitre-attack-pattern="Reconnaissance - TA0043",misp-galaxy:mitre-attack-pattern="Scanning IP Blocks - T1595.001",misp-galaxy:mitre-attack-pattern="Credential Access - TA0006",misp-galaxy:mitre-attack-pattern="Password Guessing - T1110.001"] Incoming From IP: 27.20.6.65"; classtype:trojan-activity; sid:38100591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27837;) alert ip 109.199.104.207 any -> $HOME_NET any (msg: "MISP e27826 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 109.199.104.207"; classtype:trojan-activity; sid:38097061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27826;) alert ip 87.236.176.159 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.159"; classtype:trojan-activity; sid:38099141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 205.210.31.77 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.77"; classtype:trojan-activity; sid:38096871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 165.22.143.162 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.22.143.162"; classtype:trojan-activity; sid:38096881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 124.222.183.27 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 124.222.183.27"; classtype:trojan-activity; sid:38098551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 77.97.192.77 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.97.192.77"; classtype:trojan-activity; sid:38098561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 159.89.18.106 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 159.89.18.106"; classtype:trojan-activity; sid:38098571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 47.236.24.134 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.236.24.134"; classtype:trojan-activity; sid:38098581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 153.99.92.11 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 153.99.92.11"; classtype:trojan-activity; sid:38098591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 205.210.31.73 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.73"; classtype:trojan-activity; sid:38098601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 103.45.246.42 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 103.45.246.42"; classtype:trojan-activity; sid:38096891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 45.33.115.221 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 45.33.115.221"; classtype:trojan-activity; sid:38096901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 165.232.56.158 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 165.232.56.158"; classtype:trojan-activity; sid:38096911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 205.210.31.80 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 205.210.31.80"; classtype:trojan-activity; sid:38096921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 162.243.141.30 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.243.141.30"; classtype:trojan-activity; sid:38099151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 64.62.197.108 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 64.62.197.108"; classtype:trojan-activity; sid:38098611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 212.129.187.86 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 212.129.187.86"; classtype:trojan-activity; sid:38098621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 81.3.157.110 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 81.3.157.110"; classtype:trojan-activity; sid:38098631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 47.97.10.152 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 47.97.10.152"; classtype:trojan-activity; sid:38098641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 143.198.222.155 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 143.198.222.155"; classtype:trojan-activity; sid:38098651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 23.90.160.12 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.90.160.12"; classtype:trojan-activity; sid:38098661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 162.142.125.221 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 162.142.125.221"; classtype:trojan-activity; sid:38098671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 192.241.206.18 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 192.241.206.18"; classtype:trojan-activity; sid:38096931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 87.236.176.154 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.154"; classtype:trojan-activity; sid:38099161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 23.90.160.14 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 23.90.160.14"; classtype:trojan-activity; sid:38098681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 8.142.157.244 any -> $HOME_NET any (msg: "MISP e27822 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 8.142.157.244"; classtype:trojan-activity; sid:38096941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27822;) alert ip 106.55.54.56 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 106.55.54.56"; classtype:trojan-activity; sid:38098691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 166.62.94.122 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 166.62.94.122"; classtype:trojan-activity; sid:38098701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 87.236.176.165 any -> $HOME_NET any (msg: "MISP e27832 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 87.236.176.165"; classtype:trojan-activity; sid:38099171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27832;) alert ip 77.82.90.210 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 77.82.90.210"; classtype:trojan-activity; sid:38098711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert ip 202.169.62.58 any -> $HOME_NET any (msg: "MISP e27826 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 202.169.62.58"; classtype:trojan-activity; sid:38097071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27826;) alert ip 154.49.137.116 any -> $HOME_NET any (msg: "MISP e27828 [kill-chain:Reconnaissance,kill-chain:Exploitation] Incoming From IP: 154.49.137.116"; classtype:trojan-activity; sid:38098721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27828;) alert http $HOME_NET any -> 124.106.197.167 $HTTP_PORTS (msg: "MISP e27830 [kill-chain:Command and Control] Outgoing URL http|3a|//124.106.197.167/reverse.exe"; flow:to_server,established; http.header; content:"124.106.197.167"; fast_pattern; nocase; http.uri; content:"/reverse.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38098801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27830;) alert http $HOME_NET any -> 1.92.90.232 8080 (msg: "MISP e27833 [kill-chain:Command and Control,misp-galaxy:tool="Gh0st Rat"] Outgoing URL http|3a|//1.92.90.232|3a|8080/Xzserver.exe"; flow:to_server,established; http.header; content:"1.92.90.232"; fast_pattern; nocase; http.uri; content:"/Xzserver.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38099181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27833;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27727 [] Source Email Address: tallerdelgado@agitadoresjdelgado.com"; flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"tallerdelgado@agitadoresjdelgado.com"; fast_pattern; nocase; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38021541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27727;) alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg: "MISP e27727 [] Bad Email Attachment"; flow:established,to_server; content:"Content-Disposition|3a| attachment|3b| filename|3d 22|"; content:"TALLERES J. DELGADO, SLU.ARTÍCULOS DE LA ORDEN DE COMPRA SE ADJUNTA LISTA.rar|22|"; fast_pattern; content:"|0D 0A 0D 0A|"; within:8192; tag:session,600,seconds; classtype:trojan-activity; sid:38021561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27727;) alert ip 195.211.98.124 any -> $HOME_NET any (msg: "MISP e27727 [] Incoming From IP: 195.211.98.124"; classtype:trojan-activity; sid:38021571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27727;) alert dns any any -> any any (msg: "MISP e27727 [] Domain vds1272952.hosted-by-itldc.com"; dns.query; content:"vds1272952.hosted-by-itldc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vds1272952\.hosted\-by\-itldc\.com$/i"; classtype:trojan-activity; sid:38021581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27727;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27727 [] Outgoing HTTP Domain vds1272952.hosted-by-itldc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vds1272952.hosted-by-itldc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vds1272952\.hosted\-by\-itldc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38021582; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27727;) alert http $HOME_NET any -> 45.144.28.165 49119 (msg: "MISP e27728 [Vidar] Outgoing URL http|3a|//45.144.28.165|3a|49119/"; flow:to_server,established; http.header; content:"45.144.28.165"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 103.35.188.34 39119 (msg: "MISP e27728 [Vidar] Outgoing URL http|3a|//103.35.188.34|3a|39119/"; flow:to_server,established; http.header; content:"103.35.188.34"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 45.144.28.165 49119 (msg: "MISP e27728 [Vidar] Outgoing To IP: 45.144.28.165|49119"; classtype:trojan-activity; sid:38022391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 103.35.188.34 39119 (msg: "MISP e27728 [Vidar] Outgoing To IP: 103.35.188.34|39119"; classtype:trojan-activity; sid:38022401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 116.203.117.12 443 (msg: "MISP e27728 [Vidar] Outgoing To IP: 116.203.117.12|443"; classtype:trojan-activity; sid:38022411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 103.35.188.34 39119 (msg: "MISP e27819 [] Outgoing URL http|3a|//103.35.188.34|3a|39119/"; flow:to_server,established; http.header; content:"103.35.188.34"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089421; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 45.144.28.165 49119 (msg: "MISP e27819 [] Outgoing URL http|3a|//45.144.28.165|3a|49119/"; flow:to_server,established; http.header; content:"45.144.28.165"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089431; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 116.203.117.12 443 (msg: "MISP e27819 [] Outgoing To IP: 116.203.117.12|443"; classtype:trojan-activity; sid:38089441; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 45.144.28.165 49119 (msg: "MISP e27819 [] Outgoing To IP: 45.144.28.165|49119"; classtype:trojan-activity; sid:38089451; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 103.35.188.34 39119 (msg: "MISP e27819 [] Outgoing To IP: 103.35.188.34|39119"; classtype:trojan-activity; sid:38089461; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 3.0.250.71 7443 (msg: "MISP e27728 [AMAZON-02,Mythic] Outgoing To IP: 3.0.250.71|7443"; classtype:trojan-activity; sid:38022421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 45.8.146.116 443 (msg: "MISP e27728 [Havoc,STARK-INDUSTRIES] Outgoing To IP: 45.8.146.116|443"; classtype:trojan-activity; sid:38022431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 103.152.254.139 443 (msg: "MISP e27728 [COMSATS Commission on Science and Technology for,Havoc] Outgoing To IP: 103.152.254.139|443"; classtype:trojan-activity; sid:38022441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 45.144.31.57 8080 (msg: "MISP e27728 [Havoc,STARK-INDUSTRIES] Outgoing To IP: 45.144.31.57|8080"; classtype:trojan-activity; sid:38022451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 45.144.31.57 40000 (msg: "MISP e27728 [Havoc,STARK-INDUSTRIES] Outgoing To IP: 45.144.31.57|40000"; classtype:trojan-activity; sid:38022461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 23.95.48.151 80 (msg: "MISP e27728 [AS-COLOCROSSING,Havoc] Outgoing To IP: 23.95.48.151|80"; classtype:trojan-activity; sid:38022471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 54.245.19.64 445 (msg: "MISP e27728 [AMAZON-02,Responder] Outgoing To IP: 54.245.19.64|445"; classtype:trojan-activity; sid:38022481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 54.37.138.65 445 (msg: "MISP e27728 [OVH,Responder] Outgoing To IP: 54.37.138.65|445"; classtype:trojan-activity; sid:38022491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 50.35.133.42 443 (msg: "MISP e27728 [AS-WHOLESAIL,QakBot] Outgoing To IP: 50.35.133.42|443"; classtype:trojan-activity; sid:38022501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 20.107.243.137 3000 (msg: "MISP e27728 [dcrat,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.107.243.137|3000"; classtype:trojan-activity; sid:38022511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 46.246.6.11 5000 (msg: "MISP e27728 [dcrat,PORTLANE www.portlane.com] Outgoing To IP: 46.246.6.11|5000"; classtype:trojan-activity; sid:38022521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 167.179.105.44 8888 (msg: "MISP e27728 [AS-CHOOPA,Supershell] Outgoing To IP: 167.179.105.44|8888"; classtype:trojan-activity; sid:38022531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 45.67.230.185 8888 (msg: "MISP e27728 [STARK-INDUSTRIES,Supershell] Outgoing To IP: 45.67.230.185|8888"; classtype:trojan-activity; sid:38022541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 147.78.103.233 80 (msg: "MISP e27728 [Hookbot Pegasus,HOTMILK-AS] Outgoing To IP: 147.78.103.233|80"; classtype:trojan-activity; sid:38022551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 206.238.42.236 80 (msg: "MISP e27728 [Hookbot Pegasus,TERAEXCH] Outgoing To IP: 206.238.42.236|80"; classtype:trojan-activity; sid:38022561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 82.146.59.110 80 (msg: "MISP e27728 [Hookbot Pegasus,RU-JSCIOT] Outgoing To IP: 82.146.59.110|80"; classtype:trojan-activity; sid:38022571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 82.146.59.110 80 (msg: "MISP e27819 [] Outgoing To IP: 82.146.59.110|80"; classtype:trojan-activity; sid:38089471; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 206.238.42.236 80 (msg: "MISP e27819 [] Outgoing To IP: 206.238.42.236|80"; classtype:trojan-activity; sid:38089481; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 147.78.103.233 80 (msg: "MISP e27819 [] Outgoing To IP: 147.78.103.233|80"; classtype:trojan-activity; sid:38089491; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 45.67.230.185 8888 (msg: "MISP e27819 [] Outgoing To IP: 45.67.230.185|8888"; classtype:trojan-activity; sid:38089501; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 167.179.105.44 8888 (msg: "MISP e27819 [] Outgoing To IP: 167.179.105.44|8888"; classtype:trojan-activity; sid:38089511; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 46.246.6.11 5000 (msg: "MISP e27819 [] Outgoing To IP: 46.246.6.11|5000"; classtype:trojan-activity; sid:38089521; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 20.107.243.137 3000 (msg: "MISP e27819 [] Outgoing To IP: 20.107.243.137|3000"; classtype:trojan-activity; sid:38089531; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 50.35.133.42 443 (msg: "MISP e27819 [] Outgoing To IP: 50.35.133.42|443"; classtype:trojan-activity; sid:38089541; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 54.37.138.65 445 (msg: "MISP e27819 [] Outgoing To IP: 54.37.138.65|445"; classtype:trojan-activity; sid:38089551; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 54.245.19.64 445 (msg: "MISP e27819 [] Outgoing To IP: 54.245.19.64|445"; classtype:trojan-activity; sid:38089561; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 23.95.48.151 80 (msg: "MISP e27819 [] Outgoing To IP: 23.95.48.151|80"; classtype:trojan-activity; sid:38089571; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 45.144.31.57 8080 (msg: "MISP e27819 [] Outgoing To IP: 45.144.31.57|8080"; classtype:trojan-activity; sid:38089581; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 45.144.31.57 40000 (msg: "MISP e27819 [] Outgoing To IP: 45.144.31.57|40000"; classtype:trojan-activity; sid:38089591; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 103.152.254.139 443 (msg: "MISP e27819 [] Outgoing To IP: 103.152.254.139|443"; classtype:trojan-activity; sid:38089601; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 45.8.146.116 443 (msg: "MISP e27819 [] Outgoing To IP: 45.8.146.116|443"; classtype:trojan-activity; sid:38089611; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 3.0.250.71 7443 (msg: "MISP e27819 [] Outgoing To IP: 3.0.250.71|7443"; classtype:trojan-activity; sid:38089621; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 107.174.228.79 443 (msg: "MISP e27728 [AS-COLOCROSSING,CobaltStrike,cs-watermark-391144938] Outgoing To IP: 107.174.228.79|443"; classtype:trojan-activity; sid:38022591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 86.106.20.179 3389 (msg: "MISP e27728 [CobaltStrike,cs-watermark-987654321,GLOBALLAYER] Outgoing URL http|3a|//86.106.20.179|3a|3389/kj.html"; flow:to_server,established; http.header; content:"86.106.20.179"; fast_pattern; nocase; http.uri; content:"/kj.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 5.188.86.215 3389 (msg: "MISP e27728 [CobaltStrike,cs-watermark-987654321,GLOBALLAYER] Outgoing To IP: 5.188.86.215|3389"; classtype:trojan-activity; sid:38022611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 86.106.20.179 3389 (msg: "MISP e27819 [] Outgoing URL http|3a|//86.106.20.179|3a|3389/kj.html"; flow:to_server,established; http.header; content:"86.106.20.179"; fast_pattern; nocase; http.uri; content:"/kj.html"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089631; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 5.188.86.215 3389 (msg: "MISP e27819 [] Outgoing To IP: 5.188.86.215|3389"; classtype:trojan-activity; sid:38089651; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 107.174.228.79 443 (msg: "MISP e27819 [] Outgoing To IP: 107.174.228.79|443"; classtype:trojan-activity; sid:38089661; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert http $HOME_NET any -> 91.220.109.66 $HTTP_PORTS (msg: "MISP e27728 [dcrat] Outgoing URL http|3a|//91.220.109.66/eternalgeocentral.php"; flow:to_server,established; http.header; content:"91.220.109.66"; fast_pattern; nocase; http.uri; content:"/eternalgeocentral.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert http $HOME_NET any -> 91.220.109.66 $HTTP_PORTS (msg: "MISP e27819 [] Outgoing URL http|3a|//91.220.109.66/eternalgeocentral.php"; flow:to_server,established; http.header; content:"91.220.109.66"; fast_pattern; nocase; http.uri; content:"/eternalgeocentral.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38089671; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27819;) alert ip $HOME_NET any -> 85.239.238.79 1235 (msg: "MISP e27728 [Meterpreter] Outgoing To IP: 85.239.238.79|1235"; classtype:trojan-activity; sid:38022631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27728;) alert ip $HOME_NET any -> 139.180.144.32 9001 (msg: "MISP e27729 [c2,Havoc] Outgoing To IP: 139.180.144.32|9001"; classtype:trojan-activity; sid:38024211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 54.156.182.111 443 (msg: "MISP e27729 [c2,Serpent] Outgoing To IP: 54.156.182.111|443"; classtype:trojan-activity; sid:38024221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 222.114.183.144 54984 (msg: "MISP e27729 [NanoCore,RAT] Outgoing To IP: 222.114.183.144|54984"; classtype:trojan-activity; sid:38024231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> 107.174.228.79 4444 (msg: "MISP e27729 [AS-COLOCROSSING,CobaltStrike,cs-watermark-391144938] Outgoing URL http|3a|//107.174.228.79|3a|4444/dot.gif"; flow:to_server,established; http.header; content:"107.174.228.79"; fast_pattern; nocase; http.uri; content:"/dot.gif"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38024241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [dcrat] Outgoing URL http|3a|//392065cm.n9shteam2.top/nyashsupport.php"; flow:to_server,established; http.header; content:"392065cm.n9shteam2.top"; fast_pattern; nocase; http.uri; content:"/nyashsupport.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38024281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 143.244.132.162 7443 (msg: "MISP e27729 [DIGITALOCEAN-ASN,Mythic] Outgoing To IP: 143.244.132.162|7443"; classtype:trojan-activity; sid:38024391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 8.130.10.159 443 (msg: "MISP e27729 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Havoc] Outgoing To IP: 8.130.10.159|443"; classtype:trojan-activity; sid:38024401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 194.246.114.147 443 (msg: "MISP e27729 [Havoc,STARK-INDUSTRIES] Outgoing To IP: 194.246.114.147|443"; classtype:trojan-activity; sid:38024411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 23.227.194.177 443 (msg: "MISP e27729 [Havoc,HVC-AS] Outgoing To IP: 23.227.194.177|443"; classtype:trojan-activity; sid:38024421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 23.95.48.151 8443 (msg: "MISP e27729 [AS-COLOCROSSING,Havoc] Outgoing To IP: 23.95.48.151|8443"; classtype:trojan-activity; sid:38024431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 139.162.180.174 443 (msg: "MISP e27729 [AKAMAI-LINODE-AP Akamai Connected Cloud,Havoc] Outgoing To IP: 139.162.180.174|443"; classtype:trojan-activity; sid:38024441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 54.209.66.233 443 (msg: "MISP e27729 [AMAZON-AES,Havoc] Outgoing To IP: 54.209.66.233|443"; classtype:trojan-activity; sid:38024451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 46.37.96.110 443 (msg: "MISP e27729 [ASN-QUADRANET-GLOBAL,Havoc] Outgoing To IP: 46.37.96.110|443"; classtype:trojan-activity; sid:38024461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 23.227.198.236 443 (msg: "MISP e27729 [HVC-AS,Responder] Outgoing To IP: 23.227.198.236|443"; classtype:trojan-activity; sid:38024471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 172.232.14.44 445 (msg: "MISP e27729 [AKAMAI-LINODE-AP Akamai Connected Cloud,Responder] Outgoing To IP: 172.232.14.44|445"; classtype:trojan-activity; sid:38024481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 72.27.11.159 443 (msg: "MISP e27729 [FLOW-NET,QakBot] Outgoing To IP: 72.27.11.159|443"; classtype:trojan-activity; sid:38024491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 137.103.187.32 443 (msg: "MISP e27729 [ATLANTICBB-JOHNSTOWN,QakBot] Outgoing To IP: 137.103.187.32|443"; classtype:trojan-activity; sid:38024501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 41.96.85.67 443 (msg: "MISP e27729 [ALGTEL-AS,QakBot] Outgoing To IP: 41.96.85.67|443"; classtype:trojan-activity; sid:38024511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 27.124.34.16 1145 (msg: "MISP e27729 [BCPL-SG BGPNET Global ASN,dcrat] Outgoing To IP: 27.124.34.16|1145"; classtype:trojan-activity; sid:38024521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 179.14.9.152 4433 (msg: "MISP e27729 [Colombia Movil,dcrat] Outgoing To IP: 179.14.9.152|4433"; classtype:trojan-activity; sid:38024531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 123.253.108.131 8888 (msg: "MISP e27729 [EDGENAP,Supershell] Outgoing To IP: 123.253.108.131|8888"; classtype:trojan-activity; sid:38024541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 172.245.34.171 58888 (msg: "MISP e27729 [AS-COLOCROSSING,Supershell] Outgoing To IP: 172.245.34.171|58888"; classtype:trojan-activity; sid:38024551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 140.143.125.127 8888 (msg: "MISP e27729 [Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 140.143.125.127|8888"; classtype:trojan-activity; sid:38024561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 97.74.95.68 8888 (msg: "MISP e27729 [AS-26496-GO-DADDY-COM-LLC,Supershell] Outgoing To IP: 97.74.95.68|8888"; classtype:trojan-activity; sid:38024571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 124.70.78.129 8888 (msg: "MISP e27729 [HWCSNET Huawei Cloud Service data center,Supershell] Outgoing To IP: 124.70.78.129|8888"; classtype:trojan-activity; sid:38024581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [dcrat] Outgoing URL http|3a|//f0885058.xsph.ru/l1nc0in.php"; flow:to_server,established; http.header; content:"f0885058.xsph.ru"; fast_pattern; nocase; http.uri; content:"/l1nc0in.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38024591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> 206.188.196.222 $HTTP_PORTS (msg: "MISP e27729 [ADMIN000,AS399629,BLNWX,DarkGate,NL] Outgoing URL http|3a|//206.188.196.222/ex.zip"; flow:to_server,established; http.header; content:"206.188.196.222"; fast_pattern; nocase; http.uri; content:"/ex.zip"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.15.157.139 11070 (msg: "MISP e27729 [] Outgoing To IP: 45.15.157.139|11070"; classtype:trojan-activity; sid:38022681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.15.157.139 1337 (msg: "MISP e27729 [NewBot,NewBotLoader] Outgoing To IP: 45.15.157.139|1337"; classtype:trojan-activity; sid:38022691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 186.169.60.250 1987 (msg: "MISP e27729 [AS3816,c2,co,COLOMBIA TELECOMUNICACIONES S.A,RAT] Outgoing To IP: 186.169.60.250|1987"; classtype:trojan-activity; sid:38022661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 2.58.56.142 4782 (msg: "MISP e27729 [AS210558,c2,censys,NL,QuasarRAT,RAT,SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK] Outgoing To IP: 2.58.56.142|4782"; classtype:trojan-activity; sid:38022641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.94.31.49 9999 (msg: "MISP e27729 [AS210558,c2,censys,NL,QuasarRAT,RAT,SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK] Outgoing To IP: 45.94.31.49|9999"; classtype:trojan-activity; sid:38022651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 149.50.213.215 23 (msg: "MISP e27729 [c2,Mirai] Outgoing To IP: 149.50.213.215|23"; classtype:trojan-activity; sid:38022731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 185.172.128.145 80 (msg: "MISP e27729 [AS216309,c2,EVILEMPIRE-AS,stealer] Outgoing To IP: 185.172.128.145|80"; classtype:trojan-activity; sid:38022711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 185.172.128.90 80 (msg: "MISP e27729 [AS216309,c2,EVILEMPIRE-AS,stealer] Outgoing To IP: 185.172.128.90|80"; classtype:trojan-activity; sid:38022721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> 185.172.128.187 $HTTP_PORTS (msg: "MISP e27729 [AS216309,EVILEMPIRE-AS,stealer] Outgoing URL http|3a|//185.172.128.187/ledger-live.exe"; flow:to_server,established; http.header; content:"185.172.128.187"; fast_pattern; nocase; http.uri; content:"/ledger-live.exe"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 91.92.253.149 8080 (msg: "MISP e27729 [AS394711,c2,censys,CobaltStrike,LIMENET,NL] Outgoing To IP: 91.92.253.149|8080"; classtype:trojan-activity; sid:38022741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 128.90.61.78 9999 (msg: "MISP e27729 [AS22363,c2,censys,PHMGMT-AS1,RAT] Outgoing To IP: 128.90.61.78|9999"; classtype:trojan-activity; sid:38022751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 51.79.87.4 34241 (msg: "MISP e27729 [Mirai] Outgoing To IP: 51.79.87.4|34241"; classtype:trojan-activity; sid:38022801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 185.209.160.19 54438 (msg: "MISP e27729 [c2,Mirai] Outgoing To IP: 185.209.160.19|54438"; classtype:trojan-activity; sid:38022811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 185.209.160.19 54439 (msg: "MISP e27729 [c2,Mirai] Outgoing To IP: 185.209.160.19|54439"; classtype:trojan-activity; sid:38022821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 5.255.108.56 443 (msg: "MISP e27729 [Latrodectus] Outgoing To IP: 5.255.108.56|443"; classtype:trojan-activity; sid:38022901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [] Outgoing URL http|3a|//gaming7core.info/windowsflowerlongpoll/datalifemariadb0/9/requestapi/videojavascriptbigloaddefaultflowerdlecdn.php"; flow:to_server,established; http.header; content:"gaming7core.info"; fast_pattern; nocase; http.uri; content:"/windowsflowerlongpoll/datalifemariadb0/9/requestapi/videojavascriptbigloaddefaultflowerdlecdn.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38022911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 193.168.143.173 443 (msg: "MISP e27729 [Latrodectus] Outgoing To IP: 193.168.143.173|443"; classtype:trojan-activity; sid:38022881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 91.235.234.195 443 (msg: "MISP e27729 [Latrodectus] Outgoing To IP: 91.235.234.195|443"; classtype:trojan-activity; sid:38022891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 85.239.33.54 443 (msg: "MISP e27729 [Latrodectus] Outgoing To IP: 85.239.33.54|443"; classtype:trojan-activity; sid:38022861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 91.235.234.121 443 (msg: "MISP e27729 [Latrodectus] Outgoing To IP: 91.235.234.121|443"; classtype:trojan-activity; sid:38022871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 80.87.206.160 8090 (msg: "MISP e27729 [AS16276,c2,censys,CobaltStrike,cs-watermark-987654321,OVH] Outgoing To IP: 80.87.206.160|8090"; classtype:trojan-activity; sid:38022841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.94.31.49 8888 (msg: "MISP e27729 [AS210558,c2,censys,RAT,SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK] Outgoing To IP: 45.94.31.49|8888"; classtype:trojan-activity; sid:38022851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 94.156.71.187 7678 (msg: "MISP e27729 [5.1,AS394711,c2,censys,LIMENET,NL,RAT] Outgoing To IP: 94.156.71.187|7678"; classtype:trojan-activity; sid:38022831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 103.174.73.85 1500 (msg: "MISP e27729 [moobot] Outgoing To IP: 103.174.73.85|1500"; classtype:trojan-activity; sid:38023141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [moobot] Domain bot.nhankimcuong.vn"; dns.query; content:"bot.nhankimcuong.vn"; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.nhankimcuong\.vn$/i"; classtype:trojan-activity; sid:38023151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [moobot] Outgoing HTTP Domain bot.nhankimcuong.vn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"bot.nhankimcuong.vn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])bot\.nhankimcuong\.vn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38023152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [javascript,Obfuscated] Domain t6m.pics"; dns.query; content:"t6m.pics"; nocase; pcre: "/(^|[^A-Za-z0-9-])t6m\.pics$/i"; classtype:trojan-activity; sid:38023131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [javascript,Obfuscated] Outgoing HTTP Domain t6m.pics"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"t6m.pics"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])t6m\.pics[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38023132; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [javascript,Obfuscated] Domain 1v.nz"; dns.query; content:"1v.nz"; nocase; pcre: "/(^|[^A-Za-z0-9-])1v\.nz$/i"; classtype:trojan-activity; sid:38023111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [javascript,Obfuscated] Outgoing HTTP Domain 1v.nz"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"1v.nz"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])1v\.nz[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38023112; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 34.216.132.82 80 (msg: "MISP e27729 [Amazon.com Inc.,c2,censys,CobaltStrike,cs-watermark-520024723] Outgoing To IP: 34.216.132.82|80"; classtype:trojan-activity; sid:38023001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 18.144.30.84 8000 (msg: "MISP e27729 [AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 18.144.30.84|8000"; classtype:trojan-activity; sid:38022991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 188.116.36.109 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 188.116.36.109|1311"; classtype:trojan-activity; sid:38022921; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 194.36.188.83 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 194.36.188.83|1311"; classtype:trojan-activity; sid:38022931; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [javascript,Obfuscated] Domain 1b.cx"; dns.query; content:"1b.cx"; nocase; pcre: "/(^|[^A-Za-z0-9-])1b\.cx$/i"; classtype:trojan-activity; sid:38023121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [javascript,Obfuscated] Outgoing HTTP Domain 1b.cx"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"1b.cx"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])1b\.cx[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38023122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 152.42.185.20 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 152.42.185.20|1311"; classtype:trojan-activity; sid:38023091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 170.64.211.86 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 170.64.211.86|1311"; classtype:trojan-activity; sid:38023101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 24.199.125.76 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 24.199.125.76|1311"; classtype:trojan-activity; sid:38023061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 152.42.185.16 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 152.42.185.16|1311"; classtype:trojan-activity; sid:38023081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 128.199.198.141 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 128.199.198.141|1311"; classtype:trojan-activity; sid:38023051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 152.42.169.247 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 152.42.169.247|1311"; classtype:trojan-activity; sid:38023071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 178.128.94.83 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 178.128.94.83|1311"; classtype:trojan-activity; sid:38023021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 152.42.185.24 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 152.42.185.24|1311"; classtype:trojan-activity; sid:38023031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 152.42.169.205 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 152.42.169.205|1311"; classtype:trojan-activity; sid:38023041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 194.36.188.62 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 194.36.188.62|1311"; classtype:trojan-activity; sid:38022981; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 164.90.202.142 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 164.90.202.142|1311"; classtype:trojan-activity; sid:38023011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 185.82.200.181 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 185.82.200.181|1311"; classtype:trojan-activity; sid:38022961; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 194.36.188.56 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 194.36.188.56|1311"; classtype:trojan-activity; sid:38022971; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 185.141.24.10 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 185.141.24.10|1311"; classtype:trojan-activity; sid:38022941; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 194.36.188.66 1311 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 194.36.188.66|1311"; classtype:trojan-activity; sid:38022951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 91.235.234.149 443 (msg: "MISP e27729 [Latrodectus] Outgoing To IP: 91.235.234.149|443"; classtype:trojan-activity; sid:38024171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 87.251.67.74 443 (msg: "MISP e27729 [Latrodectus] Outgoing To IP: 87.251.67.74|443"; classtype:trojan-activity; sid:38024161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 213.139.205.137 443 (msg: "MISP e27729 [Latrodectus] Outgoing To IP: 213.139.205.137|443"; classtype:trojan-activity; sid:38024181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 51.144.73.229 80 (msg: "MISP e27729 [AS8075,c2,censys,CobaltStrike,cs-watermark-318419940,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 51.144.73.229|80"; classtype:trojan-activity; sid:38024131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 5.255.123.240 443 (msg: "MISP e27729 [Latrodectus] Outgoing To IP: 5.255.123.240|443"; classtype:trojan-activity; sid:38024141; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 5.255.116.222 443 (msg: "MISP e27729 [Latrodectus] Outgoing To IP: 5.255.116.222|443"; classtype:trojan-activity; sid:38024151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [infostealer,LokiBot,stealer] Domain mauricioclopatofsky.tel"; dns.query; content:"mauricioclopatofsky.tel"; nocase; pcre: "/(^|[^A-Za-z0-9-])mauricioclopatofsky\.tel$/i"; classtype:trojan-activity; sid:38024101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [infostealer,LokiBot,stealer] Outgoing HTTP Domain mauricioclopatofsky.tel"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"mauricioclopatofsky.tel"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])mauricioclopatofsky\.tel[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024102; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 194.147.140.188 4781 (msg: "MISP e27729 [STRRAT] Outgoing To IP: 194.147.140.188|4781"; classtype:trojan-activity; sid:38024111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [] Domain voshu.art"; dns.query; content:"voshu.art"; nocase; pcre: "/(^|[^A-Za-z0-9-])voshu\.art$/i"; classtype:trojan-activity; sid:38024121; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [] Outgoing HTTP Domain voshu.art"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"voshu.art"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])voshu\.art[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024122; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 94.156.68.16 137 (msg: "MISP e27729 [AS394711,c2,censys,LIMENET,NL,RAT] Outgoing To IP: 94.156.68.16|137"; classtype:trojan-activity; sid:38024091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [admin888,AS44477,DarkGate,STARK INDUSTRIES SOLUTIONS LTD] Domain adfhjadfbjadbfjkhad44jka.com"; dns.query; content:"adfhjadfbjadbfjkhad44jka.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])adfhjadfbjadbfjkhad44jka\.com$/i"; classtype:trojan-activity; sid:38024071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [admin888,AS44477,DarkGate,STARK INDUSTRIES SOLUTIONS LTD] Outgoing HTTP Domain adfhjadfbjadbfjkhad44jka.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"adfhjadfbjadbfjkhad44jka.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])adfhjadfbjadbfjkhad44jka\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024072; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 206.217.139.231 8081 (msg: "MISP e27729 [AS-COLOCROSSING,AS36352,c2,censys,CobaltStrike,cs-watermark-0] Outgoing To IP: 206.217.139.231|8081"; classtype:trojan-activity; sid:38024041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 206.217.139.231 8082 (msg: "MISP e27729 [AS-COLOCROSSING,AS36352,c2,censys,CobaltStrike,cs-watermark-0] Outgoing To IP: 206.217.139.231|8082"; classtype:trojan-activity; sid:38024051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 1.13.17.185 50050 (msg: "MISP e27729 [AS45090,c2,censys,CobaltStrike] Outgoing To IP: 1.13.17.185|50050"; classtype:trojan-activity; sid:38024061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 170.130.165.132 444 (msg: "MISP e27729 [AS62904,c2,censys,CobaltStrike,cs-watermark-1357776117] Outgoing To IP: 170.130.165.132|444"; classtype:trojan-activity; sid:38024031; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [admin888,DarkGate,stealer] Domain nextroundst.com"; dns.query; content:"nextroundst.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])nextroundst\.com$/i"; classtype:trojan-activity; sid:38024191; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [admin888,DarkGate,stealer] Outgoing HTTP Domain nextroundst.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"nextroundst.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])nextroundst\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024192; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 204.93.201.142 80 (msg: "MISP e27729 [admin888,AS142036,DarkGate,HOSTEONS-AS-AP] Outgoing To IP: 204.93.201.142|80"; classtype:trojan-activity; sid:38024201; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 35.213.200.121 80 (msg: "MISP e27729 [infostealer,LokiBot,stealer] Outgoing To IP: 35.213.200.121|80"; classtype:trojan-activity; sid:38024251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 192.185.115.239 80 (msg: "MISP e27729 [infostealer,LokiBot,stealer] Outgoing To IP: 192.185.115.239|80"; classtype:trojan-activity; sid:38024261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 3.66.38.117 13040 (msg: "MISP e27729 [njrat,RAT] Outgoing To IP: 3.66.38.117|13040"; classtype:trojan-activity; sid:38024371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 3.125.223.134 12607 (msg: "MISP e27729 [njrat,RAT] Outgoing To IP: 3.125.223.134|12607"; classtype:trojan-activity; sid:38024381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [njrat,RAT] Domain links-annually.gl.at.ply.gg"; dns.query; content:"links-annually.gl.at.ply.gg"; nocase; pcre: "/(^|[^A-Za-z0-9-])links\-annually\.gl\.at\.ply\.gg$/i"; classtype:trojan-activity; sid:38024341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [njrat,RAT] Outgoing HTTP Domain links-annually.gl.at.ply.gg"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"links-annually.gl.at.ply.gg"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])links\-annually\.gl\.at\.ply\.gg[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 52.14.81.142 22206 (msg: "MISP e27729 [njrat,RAT] Outgoing To IP: 52.14.81.142|22206"; classtype:trojan-activity; sid:38024351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [njrat,RAT] Domain 7.tcp.ngrok.io"; dns.query; content:"7.tcp.ngrok.io"; nocase; pcre: "/(^|[^A-Za-z0-9-])7\.tcp\.ngrok\.io$/i"; classtype:trojan-activity; sid:38024361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [njrat,RAT] Outgoing HTTP Domain 7.tcp.ngrok.io"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"7.tcp.ngrok.io"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])7\.tcp\.ngrok\.io[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [njrat,RAT] Domain njtrial.duckdns.org"; dns.query; content:"njtrial.duckdns.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])njtrial\.duckdns\.org$/i"; classtype:trojan-activity; sid:38024321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [njrat,RAT] Outgoing HTTP Domain njtrial.duckdns.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"njtrial.duckdns.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])njtrial\.duckdns\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 147.185.221.18 38122 (msg: "MISP e27729 [njrat,RAT] Outgoing To IP: 147.185.221.18|38122"; classtype:trojan-activity; sid:38024331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 67.213.108.79 4782 (msg: "MISP e27729 [NanoCore,RAT] Outgoing To IP: 67.213.108.79|4782"; classtype:trojan-activity; sid:38024301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [NanoCore,RAT] Domain api.fwfy.club"; dns.query; content:"api.fwfy.club"; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.fwfy\.club$/i"; classtype:trojan-activity; sid:38024311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [NanoCore,RAT] Outgoing HTTP Domain api.fwfy.club"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"api.fwfy.club"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])api\.fwfy\.club[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [infostealer,LokiBot,stealer] Domain avatar.ps"; dns.query; content:"avatar.ps"; nocase; pcre: "/(^|[^A-Za-z0-9-])avatar\.ps$/i"; classtype:trojan-activity; sid:38024271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [infostealer,LokiBot,stealer] Outgoing HTTP Domain avatar.ps"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"avatar.ps"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])avatar\.ps[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024272; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [NanoCore,RAT] Domain kgj112233.codns.com"; dns.query; content:"kgj112233.codns.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])kgj112233\.codns\.com$/i"; classtype:trojan-activity; sid:38024291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [NanoCore,RAT] Outgoing HTTP Domain kgj112233.codns.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"kgj112233.codns.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])kgj112233\.codns\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024292; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 35.237.192.132 443 (msg: "MISP e27729 [] Outgoing To IP: 35.237.192.132|443"; classtype:trojan-activity; sid:38023161; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 34.125.56.40 443 (msg: "MISP e27729 [] Outgoing To IP: 34.125.56.40|443"; classtype:trojan-activity; sid:38023171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 138.68.78.110 443 (msg: "MISP e27729 [] Outgoing To IP: 138.68.78.110|443"; classtype:trojan-activity; sid:38023181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 141.98.10.52 61616 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 141.98.10.52|61616"; classtype:trojan-activity; sid:38024611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 124.221.163.107 61616 (msg: "MISP e27729 [TBOTNET] Outgoing To IP: 124.221.163.107|61616"; classtype:trojan-activity; sid:38024601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 88.198.109.225 443 (msg: "MISP e27729 [Vidar] Outgoing To IP: 88.198.109.225|443"; classtype:trojan-activity; sid:38024631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e24600 [] Domain synergysolution.gr"; dns.query; content:"synergysolution.gr"; nocase; pcre: "/(^|[^A-Za-z0-9-])synergysolution\.gr$/i"; classtype:trojan-activity; sid:38865521; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain synergysolution.gr"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"synergysolution.gr"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])synergysolution\.gr[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38865522; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 45.125.66.146 1311 (msg: "MISP e27729 [Mirai,TBOTNET] Outgoing To IP: 45.125.66.146|1311"; classtype:trojan-activity; sid:38024721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.125.66.152 1311 (msg: "MISP e27729 [Mirai,TBOTNET] Outgoing To IP: 45.125.66.152|1311"; classtype:trojan-activity; sid:38024731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.125.66.109 1311 (msg: "MISP e27729 [Mirai,TBOTNET] Outgoing To IP: 45.125.66.109|1311"; classtype:trojan-activity; sid:38024701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.125.66.137 1311 (msg: "MISP e27729 [Mirai,TBOTNET] Outgoing To IP: 45.125.66.137|1311"; classtype:trojan-activity; sid:38024711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.125.66.68 1311 (msg: "MISP e27729 [Mirai,TBOTNET] Outgoing To IP: 45.125.66.68|1311"; classtype:trojan-activity; sid:38024681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.125.66.95 1311 (msg: "MISP e27729 [Mirai,TBOTNET] Outgoing To IP: 45.125.66.95|1311"; classtype:trojan-activity; sid:38024691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.125.66.61 1311 (msg: "MISP e27729 [Mirai,TBOTNET] Outgoing To IP: 45.125.66.61|1311"; classtype:trojan-activity; sid:38024661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.125.66.64 1311 (msg: "MISP e27729 [Mirai,TBOTNET] Outgoing To IP: 45.125.66.64|1311"; classtype:trojan-activity; sid:38024671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.125.66.37 1311 (msg: "MISP e27729 [Mirai,TBOTNET] Outgoing To IP: 45.125.66.37|1311"; classtype:trojan-activity; sid:38024641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.125.66.54 1311 (msg: "MISP e27729 [Mirai,TBOTNET] Outgoing To IP: 45.125.66.54|1311"; classtype:trojan-activity; sid:38024651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e24600 [] Domain eventpotwojemu.pl"; dns.query; content:"eventpotwojemu.pl"; nocase; pcre: "/(^|[^A-Za-z0-9-])eventpotwojemu\.pl$/i"; classtype:trojan-activity; sid:38865561; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e24600 [] Outgoing HTTP Domain eventpotwojemu.pl"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eventpotwojemu.pl"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eventpotwojemu\.pl[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38865562; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/24600;) alert ip $HOME_NET any -> 192.151.244.144 14782 (msg: "MISP e27729 [QuasarRAT,RAT] Outgoing To IP: 192.151.244.144|14782"; classtype:trojan-activity; sid:38024751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Domain service-mx77zdhn-1303081427.sh.tencentapigw.com"; dns.query; content:"service-mx77zdhn-1303081427.sh.tencentapigw.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-mx77zdhn\-1303081427\.sh\.tencentapigw\.com$/i"; classtype:trojan-activity; sid:38024791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain service-mx77zdhn-1303081427.sh.tencentapigw.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"service-mx77zdhn-1303081427.sh.tencentapigw.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])service\-mx77zdhn\-1303081427\.sh\.tencentapigw\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024792; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 77.232.143.206 443 (msg: "MISP e27729 [AEZA-AS,CobaltStrike,cs-watermark-987654321] Outgoing To IP: 77.232.143.206|443"; classtype:trojan-activity; sid:38024811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [BlackBasta] Domain businessprofessionalllc.com"; dns.query; content:"businessprofessionalllc.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])businessprofessionalllc\.com$/i"; classtype:trojan-activity; sid:38024881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [BlackBasta] Outgoing HTTP Domain businessprofessionalllc.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"businessprofessionalllc.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])businessprofessionalllc\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024882; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [BlackBasta] Domain ontexcare.com"; dns.query; content:"ontexcare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])ontexcare\.com$/i"; classtype:trojan-activity; sid:38024851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [BlackBasta] Outgoing HTTP Domain ontexcare.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ontexcare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ontexcare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024852; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [BlackBasta] Domain trackgroup.net"; dns.query; content:"trackgroup.net"; nocase; pcre: "/(^|[^A-Za-z0-9-])trackgroup\.net$/i"; classtype:trojan-activity; sid:38024871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [BlackBasta] Outgoing HTTP Domain trackgroup.net"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"trackgroup.net"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])trackgroup\.net[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024872; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [BlackBasta] Domain artstrailman.com"; dns.query; content:"artstrailman.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])artstrailman\.com$/i"; classtype:trojan-activity; sid:38024861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [BlackBasta] Outgoing HTTP Domain artstrailman.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"artstrailman.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])artstrailman\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024862; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [BlackBasta] Domain otxcosmeticscare.com"; dns.query; content:"otxcosmeticscare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])otxcosmeticscare\.com$/i"; classtype:trojan-activity; sid:38024831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [BlackBasta] Outgoing HTTP Domain otxcosmeticscare.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"otxcosmeticscare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])otxcosmeticscare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024832; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [BlackBasta] Domain otxcarecosmetics.com"; dns.query; content:"otxcarecosmetics.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])otxcarecosmetics\.com$/i"; classtype:trojan-activity; sid:38024841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [BlackBasta] Outgoing HTTP Domain otxcarecosmetics.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"otxcarecosmetics.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])otxcarecosmetics\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024842; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [NetSupport] Outgoing URL http|3a|//fatttjapan.com/xjadlcqfulrmbgzmnncyaldkmqglyjbkix.txt"; flow:to_server,established; http.header; content:"fatttjapan.com"; fast_pattern; nocase; http.uri; content:"/xjadlcqfulrmbgzmnncyaldkmqglyjbkix.txt"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38024771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Domain ns1.jd-vip.cn"; dns.query; content:"ns1.jd-vip.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.jd\-vip\.cn$/i"; classtype:trojan-activity; sid:38024891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain ns1.jd-vip.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns1.jd-vip.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns1\.jd\-vip\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024892; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Domain ns2.jd-vip.cn"; dns.query; content:"ns2.jd-vip.cn"; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.jd\-vip\.cn$/i"; classtype:trojan-activity; sid:38024901; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing HTTP Domain ns2.jd-vip.cn"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"ns2.jd-vip.cn"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])ns2\.jd\-vip\.cn[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38024902; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> 8.219.54.123 $HTTP_PORTS (msg: "MISP e27729 [ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321] Outgoing URL http|3a|//8.219.54.123/ie9compatviewlist.xml"; flow:to_server,established; http.header; content:"8.219.54.123"; fast_pattern; nocase; http.uri; content:"/ie9compatviewlist.xml"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38024911; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> 123.20.56.214 7777 (msg: "MISP e27729 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//123.20.56.214|3a|7777/en_us/all.js"; flow:to_server,established; http.header; content:"123.20.56.214"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38024951; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [CobaltStrike,cs-watermark-391144938,Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//service-bvvdi136-1317500845.gz.tencentapigw.com/pixel"; flow:to_server,established; http.header; content:"service-bvvdi136-1317500845.gz.tencentapigw.com"; fast_pattern; nocase; http.uri; content:"/pixel"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38024991; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> 1.94.52.236 88 (msg: "MISP e27729 [CobaltStrike,cs-watermark-0,HWCSNET Huawei Cloud Service data center] Outgoing URL http|3a|//1.94.52.236|3a|88/visit.js"; flow:to_server,established; http.header; content:"1.94.52.236"; fast_pattern; nocase; http.uri; content:"/visit.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025001; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> 111.229.19.199 $HTTP_PORTS (msg: "MISP e27729 [CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing URL http|3a|//111.229.19.199/en_us/all.js"; flow:to_server,established; http.header; content:"111.229.19.199"; fast_pattern; nocase; http.uri; content:"/en_us/all.js"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025011; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 91.92.252.232 80 (msg: "MISP e27729 [RedLineStealer] Outgoing To IP: 91.92.252.232|80"; classtype:trojan-activity; sid:38025111; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> 199.195.252.200 4433 (msg: "MISP e27729 [CobaltStrike,cs-watermark-987654321,FranTech Solutions] Outgoing URL http|3a|//199.195.252.200|3a|4433/content"; flow:to_server,established; http.header; content:"199.195.252.200"; fast_pattern; nocase; http.uri; content:"/content"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025131; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [CobaltStrike,cs-watermark-666666666,TERAEXCH] Domain apps.nbcnews.site"; dns.query; content:"apps.nbcnews.site"; nocase; pcre: "/(^|[^A-Za-z0-9-])apps\.nbcnews\.site$/i"; classtype:trojan-activity; sid:38025151; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [CobaltStrike,cs-watermark-666666666,TERAEXCH] Outgoing HTTP Domain apps.nbcnews.site"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"apps.nbcnews.site"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])apps\.nbcnews\.site[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025152; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 51.79.87.4 1482 (msg: "MISP e27729 [Mirai] Outgoing To IP: 51.79.87.4|1482"; classtype:trojan-activity; sid:38025101; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 85.204.116.169 666 (msg: "MISP e27729 [Gafgyt] Outgoing To IP: 85.204.116.169|666"; classtype:trojan-activity; sid:38025091; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 187.135.82.22 2222 (msg: "MISP e27729 [AS8151,c2,censys,darkcomet,UNINET] Outgoing To IP: 187.135.82.22|2222"; classtype:trojan-activity; sid:38025061; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 187.135.82.22 2052 (msg: "MISP e27729 [AS8151,c2,censys,darkcomet,UNINET] Outgoing To IP: 187.135.82.22|2052"; classtype:trojan-activity; sid:38025071; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 23.95.132.42 23 (msg: "MISP e27729 [c2,Mirai] Outgoing To IP: 23.95.132.42|23"; classtype:trojan-activity; sid:38025081; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 193.47.46.10 4433 (msg: "MISP e27729 [AS201776,c2,censys,L3MON,MIRANDA-AS] Outgoing To IP: 193.47.46.10|4433"; classtype:trojan-activity; sid:38025041; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 105.99.46.173 6001 (msg: "MISP e27729 [ALGTEL-AS,AS36947,c2,censys,darkcomet] Outgoing To IP: 105.99.46.173|6001"; classtype:trojan-activity; sid:38025051; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 128.90.128.157 9999 (msg: "MISP e27729 [AS22363,c2,censys,PHMGMT-AS1,RAT] Outgoing To IP: 128.90.128.157|9999"; classtype:trojan-activity; sid:38025021; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 103.67.163.213 9462 (msg: "MISP e27863 [c2] Outgoing To IP: 103.67.163.213|9462"; classtype:trojan-activity; sid:38132291; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27863;) alert dns any any -> any any (msg: "MISP e27729 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Domain dns.ontexcare.com"; dns.query; content:"dns.ontexcare.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.ontexcare\.com$/i"; classtype:trojan-activity; sid:38025211; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing HTTP Domain dns.ontexcare.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dns.ontexcare.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dns\.ontexcare\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025212; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 95.179.190.134 53 (msg: "MISP e27729 [CobaltStrike,cs-watermark-1357776117,The Constant Company LLC] Outgoing To IP: 95.179.190.134|53"; classtype:trojan-activity; sid:38025221; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 213.248.43.34 80 (msg: "MISP e27729 [] Outgoing To IP: 213.248.43.34|80"; classtype:trojan-activity; sid:38025261; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> 213.248.43.34 $HTTP_PORTS (msg: "MISP e27729 [] Outgoing URL http|3a|//213.248.43.34/loader/screen/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms"; flow:to_server,established; http.header; content:"213.248.43.34"; fast_pattern; nocase; http.uri; content:"/loader/screen/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025241; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> 213.248.43.34 $HTTP_PORTS (msg: "MISP e27729 [] Outgoing URL http|3a|//213.248.43.34/task/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms"; flow:to_server,established; http.header; content:"213.248.43.34"; fast_pattern; nocase; http.uri; content:"/task/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025251; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [] Domain cheaterpro.live"; dns.query; content:"cheaterpro.live"; nocase; pcre: "/(^|[^A-Za-z0-9-])cheaterpro\.live$/i"; classtype:trojan-activity; sid:38025231; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [] Outgoing HTTP Domain cheaterpro.live"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"cheaterpro.live"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])cheaterpro\.live[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025232; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 193.35.18.164 59432 (msg: "MISP e27729 [c2,Mirai] Outgoing To IP: 193.35.18.164|59432"; classtype:trojan-activity; sid:38025171; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [RAT] Domain franco1.no-ip.org"; dns.query; content:"franco1.no-ip.org"; nocase; pcre: "/(^|[^A-Za-z0-9-])franco1\.no\-ip\.org$/i"; classtype:trojan-activity; sid:38025181; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [RAT] Outgoing HTTP Domain franco1.no-ip.org"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"franco1.no-ip.org"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])franco1\.no\-ip\.org[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025182; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 192.236.192.48 443 (msg: "MISP e27729 [NetSupport,RAT] Outgoing To IP: 192.236.192.48|443"; classtype:trojan-activity; sid:38025271; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [NetSupport,RAT] Domain parabmasale.com"; dns.query; content:"parabmasale.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])parabmasale\.com$/i"; classtype:trojan-activity; sid:38025281; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [NetSupport,RAT] Outgoing HTTP Domain parabmasale.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"parabmasale.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])parabmasale\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025282; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 103.119.1.73 1111 (msg: "MISP e27729 [Mirai] Outgoing To IP: 103.119.1.73|1111"; classtype:trojan-activity; sid:38025291; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [dcrat] Outgoing URL http|3a|//951499cm.nyashtech.top/sqlcentraluploads.php"; flow:to_server,established; http.header; content:"951499cm.nyashtech.top"; fast_pattern; nocase; http.uri; content:"/sqlcentraluploads.php"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025301; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain 0buue2.padelixoobjeto.sa.com"; dns.query; content:"0buue2.padelixoobjeto.sa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])0buue2\.padelixoobjeto\.sa\.com$/i"; classtype:trojan-activity; sid:38025311; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain 0buue2.padelixoobjeto.sa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"0buue2.padelixoobjeto.sa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])0buue2\.padelixoobjeto\.sa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025312; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain 3ba7r.almofadaobjeto.ru.com"; dns.query; content:"3ba7r.almofadaobjeto.ru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])3ba7r\.almofadaobjeto\.ru\.com$/i"; classtype:trojan-activity; sid:38025321; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain 3ba7r.almofadaobjeto.ru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"3ba7r.almofadaobjeto.ru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])3ba7r\.almofadaobjeto\.ru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025322; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain 9ja7t.maquinadecafeobjeto.ru.com"; dns.query; content:"9ja7t.maquinadecafeobjeto.ru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])9ja7t\.maquinadecafeobjeto\.ru\.com$/i"; classtype:trojan-activity; sid:38025331; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain 9ja7t.maquinadecafeobjeto.ru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"9ja7t.maquinadecafeobjeto.ru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])9ja7t\.maquinadecafeobjeto\.ru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025332; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain a5aoee.caixadeferramentasobjeto.za.com"; dns.query; content:"a5aoee.caixadeferramentasobjeto.za.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])a5aoee\.caixadeferramentasobjeto\.za\.com$/i"; classtype:trojan-activity; sid:38025341; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain a5aoee.caixadeferramentasobjeto.za.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"a5aoee.caixadeferramentasobjeto.za.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])a5aoee\.caixadeferramentasobjeto\.za\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025342; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain dwai1l.papelhigienicoobjeto.ru.com"; dns.query; content:"dwai1l.papelhigienicoobjeto.ru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])dwai1l\.papelhigienicoobjeto\.ru\.com$/i"; classtype:trojan-activity; sid:38025351; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain dwai1l.papelhigienicoobjeto.ru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"dwai1l.papelhigienicoobjeto.ru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])dwai1l\.papelhigienicoobjeto\.ru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025352; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain e3iu8c.carregadorobjeto.za.com"; dns.query; content:"e3iu8c.carregadorobjeto.za.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])e3iu8c\.carregadorobjeto\.za\.com$/i"; classtype:trojan-activity; sid:38025361; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain e3iu8c.carregadorobjeto.za.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"e3iu8c.carregadorobjeto.za.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])e3iu8c\.carregadorobjeto\.za\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025362; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain eeu6r.etiquetaadesivaobjeto.ru.com"; dns.query; content:"eeu6r.etiquetaadesivaobjeto.ru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])eeu6r\.etiquetaadesivaobjeto\.ru\.com$/i"; classtype:trojan-activity; sid:38025371; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain eeu6r.etiquetaadesivaobjeto.ru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"eeu6r.etiquetaadesivaobjeto.ru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])eeu6r\.etiquetaadesivaobjeto\.ru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025372; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain freodr.kitdesocorrosobjeto.za.com"; dns.query; content:"freodr.kitdesocorrosobjeto.za.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])freodr\.kitdesocorrosobjeto\.za\.com$/i"; classtype:trojan-activity; sid:38025381; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain freodr.kitdesocorrosobjeto.za.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"freodr.kitdesocorrosobjeto.za.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])freodr\.kitdesocorrosobjeto\.za\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025382; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain hiui7e.kitdesocorrosobjeto.za.com"; dns.query; content:"hiui7e.kitdesocorrosobjeto.za.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])hiui7e\.kitdesocorrosobjeto\.za\.com$/i"; classtype:trojan-activity; sid:38025391; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain hiui7e.kitdesocorrosobjeto.za.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"hiui7e.kitdesocorrosobjeto.za.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])hiui7e\.kitdesocorrosobjeto\.za\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025392; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain jwafy.canecaobjeto.ru.com"; dns.query; content:"jwafy.canecaobjeto.ru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])jwafy\.canecaobjeto\.ru\.com$/i"; classtype:trojan-activity; sid:38025401; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain jwafy.canecaobjeto.ru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"jwafy.canecaobjeto.ru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])jwafy\.canecaobjeto\.ru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025402; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain lwajt.caixadeferramentasobjeto.za.com"; dns.query; content:"lwajt.caixadeferramentasobjeto.za.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])lwajt\.caixadeferramentasobjeto\.za\.com$/i"; classtype:trojan-activity; sid:38025411; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain lwajt.caixadeferramentasobjeto.za.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"lwajt.caixadeferramentasobjeto.za.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])lwajt\.caixadeferramentasobjeto\.za\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025412; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain r6oacr.papelhigienicoobjeto.ru.com"; dns.query; content:"r6oacr.papelhigienicoobjeto.ru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])r6oacr\.papelhigienicoobjeto\.ru\.com$/i"; classtype:trojan-activity; sid:38025421; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain r6oacr.papelhigienicoobjeto.ru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"r6oacr.papelhigienicoobjeto.ru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])r6oacr\.papelhigienicoobjeto\.ru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025422; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain raipd.carregadorobjeto.za.com"; dns.query; content:"raipd.carregadorobjeto.za.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])raipd\.carregadorobjeto\.za\.com$/i"; classtype:trojan-activity; sid:38025431; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain raipd.carregadorobjeto.za.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"raipd.carregadorobjeto.za.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])raipd\.carregadorobjeto\.za\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025432; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain reoer.canecaobjeto.ru.com"; dns.query; content:"reoer.canecaobjeto.ru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])reoer\.canecaobjeto\.ru\.com$/i"; classtype:trojan-activity; sid:38025441; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain reoer.canecaobjeto.ru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"reoer.canecaobjeto.ru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])reoer\.canecaobjeto\.ru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025442; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain rgar0.padelixoobjeto.sa.com"; dns.query; content:"rgar0.padelixoobjeto.sa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])rgar0\.padelixoobjeto\.sa\.com$/i"; classtype:trojan-activity; sid:38025451; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain rgar0.padelixoobjeto.sa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"rgar0.padelixoobjeto.sa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])rgar0\.padelixoobjeto\.sa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025452; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain t2uehw.etiquetaadesivaobjeto.ru.com"; dns.query; content:"t2uehw.etiquetaadesivaobjeto.ru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])t2uehw\.etiquetaadesivaobjeto\.ru\.com$/i"; classtype:trojan-activity; sid:38025461; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain t2uehw.etiquetaadesivaobjeto.ru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"t2uehw.etiquetaadesivaobjeto.ru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])t2uehw\.etiquetaadesivaobjeto\.ru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025462; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain veea5y.gpsdecarroobjeto.sa.com"; dns.query; content:"veea5y.gpsdecarroobjeto.sa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])veea5y\.gpsdecarroobjeto\.sa\.com$/i"; classtype:trojan-activity; sid:38025471; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain veea5y.gpsdecarroobjeto.sa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"veea5y.gpsdecarroobjeto.sa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])veea5y\.gpsdecarroobjeto\.sa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025472; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain w8oafr.almofadaobjeto.ru.com"; dns.query; content:"w8oafr.almofadaobjeto.ru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])w8oafr\.almofadaobjeto\.ru\.com$/i"; classtype:trojan-activity; sid:38025481; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain w8oafr.almofadaobjeto.ru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"w8oafr.almofadaobjeto.ru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])w8oafr\.almofadaobjeto\.ru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025482; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain wadn.maquinadecafeobjeto.ru.com"; dns.query; content:"wadn.maquinadecafeobjeto.ru.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wadn\.maquinadecafeobjeto\.ru\.com$/i"; classtype:trojan-activity; sid:38025491; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain wadn.maquinadecafeobjeto.ru.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wadn.maquinadecafeobjeto.ru.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wadn\.maquinadecafeobjeto\.ru\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025492; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Domain wafu.gpsdecarroobjeto.sa.com"; dns.query; content:"wafu.gpsdecarroobjeto.sa.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])wafu\.gpsdecarroobjeto\.sa\.com$/i"; classtype:trojan-activity; sid:38025501; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing HTTP Domain wafu.gpsdecarroobjeto.sa.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"wafu.gpsdecarroobjeto.sa.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])wafu\.gpsdecarroobjeto\.sa\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38025502; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//hiui7e.kitdesocorrosobjeto.za.com/"; flow:to_server,established; http.header; content:"hiui7e.kitdesocorrosobjeto.za.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025511; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//lwajt.caixadeferramentasobjeto.za.com/"; flow:to_server,established; http.header; content:"lwajt.caixadeferramentasobjeto.za.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025521; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//9ja7t.maquinadecafeobjeto.ru.com/"; flow:to_server,established; http.header; content:"9ja7t.maquinadecafeobjeto.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025531; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//raipd.carregadorobjeto.za.com/"; flow:to_server,established; http.header; content:"raipd.carregadorobjeto.za.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025541; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//freodr.kitdesocorrosobjeto.za.com/"; flow:to_server,established; http.header; content:"freodr.kitdesocorrosobjeto.za.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025551; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//jwafy.canecaobjeto.ru.com/"; flow:to_server,established; http.header; content:"jwafy.canecaobjeto.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025561; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//rgar0.padelixoobjeto.sa.com/"; flow:to_server,established; http.header; content:"rgar0.padelixoobjeto.sa.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025571; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//eeu6r.etiquetaadesivaobjeto.ru.com/"; flow:to_server,established; http.header; content:"eeu6r.etiquetaadesivaobjeto.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025581; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//3ba7r.almofadaobjeto.ru.com/"; flow:to_server,established; http.header; content:"3ba7r.almofadaobjeto.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025591; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//r6oacr.papelhigienicoobjeto.ru.com/"; flow:to_server,established; http.header; content:"r6oacr.papelhigienicoobjeto.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025601; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//reoer.canecaobjeto.ru.com/"; flow:to_server,established; http.header; content:"reoer.canecaobjeto.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025611; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//a5aoee.caixadeferramentasobjeto.za.com/"; flow:to_server,established; http.header; content:"a5aoee.caixadeferramentasobjeto.za.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025621; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//wadn.maquinadecafeobjeto.ru.com/"; flow:to_server,established; http.header; content:"wadn.maquinadecafeobjeto.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025631; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//wafu.gpsdecarroobjeto.sa.com/"; flow:to_server,established; http.header; content:"wafu.gpsdecarroobjeto.sa.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025641; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//t2uehw.etiquetaadesivaobjeto.ru.com/"; flow:to_server,established; http.header; content:"t2uehw.etiquetaadesivaobjeto.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025651; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//0buue2.padelixoobjeto.sa.com/"; flow:to_server,established; http.header; content:"0buue2.padelixoobjeto.sa.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025661; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//e3iu8c.carregadorobjeto.za.com/"; flow:to_server,established; http.header; content:"e3iu8c.carregadorobjeto.za.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025671; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//veea5y.gpsdecarroobjeto.sa.com/"; flow:to_server,established; http.header; content:"veea5y.gpsdecarroobjeto.sa.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025681; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//w8oafr.almofadaobjeto.ru.com/"; flow:to_server,established; http.header; content:"w8oafr.almofadaobjeto.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025691; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "MISP e27729 [astaroth,BRA,geo,guildma] Outgoing URL http|3a|//dwai1l.papelhigienicoobjeto.ru.com/"; flow:to_server,established; http.header; content:"dwai1l.papelhigienicoobjeto.ru.com"; fast_pattern; nocase; http.uri; content:"/"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025701; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert http $HOME_NET any -> 120.46.207.190 $HTTP_PORTS (msg: "MISP e27729 [CobaltStrike,cs-watermark-100000,Huawei Cloud Service data center] Outgoing URL http|3a|//120.46.207.190/push"; flow:to_server,established; http.header; content:"120.46.207.190"; fast_pattern; nocase; http.uri; content:"/push"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38025711; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 172.105.58.129 7443 (msg: "MISP e27729 [AKAMAI-LINODE-AP Akamai Connected Cloud,Covenant] Outgoing To IP: 172.105.58.129|7443"; classtype:trojan-activity; sid:38025721; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 136.0.3.71 49737 (msg: "MISP e27729 [Bianlian Go Trojan,EVOXTENTERPRISE-AS-AP Evoxt Enterprise] Outgoing To IP: 136.0.3.71|49737"; classtype:trojan-activity; sid:38025731; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 20.244.47.98 443 (msg: "MISP e27729 [Havoc,MICROSOFT-CORP-MSN-AS-BLOCK] Outgoing To IP: 20.244.47.98|443"; classtype:trojan-activity; sid:38025741; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 69.30.249.148 81 (msg: "MISP e27729 [Havoc,WII] Outgoing To IP: 69.30.249.148|81"; classtype:trojan-activity; sid:38025751; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 69.30.249.148 443 (msg: "MISP e27729 [Havoc,WII] Outgoing To IP: 69.30.249.148|443"; classtype:trojan-activity; sid:38025761; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 69.30.249.148 80 (msg: "MISP e27729 [Havoc,WII] Outgoing To IP: 69.30.249.148|80"; classtype:trojan-activity; sid:38025771; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 103.113.68.85 443 (msg: "MISP e27729 [Havoc,STARK-INDUSTRIES] Outgoing To IP: 103.113.68.85|443"; classtype:trojan-activity; sid:38025781; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 103.113.68.85 81 (msg: "MISP e27729 [Havoc,STARK-INDUSTRIES] Outgoing To IP: 103.113.68.85|81"; classtype:trojan-activity; sid:38025791; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 45.138.157.4 80 (msg: "MISP e27729 [Havoc,STARK-INDUSTRIES] Outgoing To IP: 45.138.157.4|80"; classtype:trojan-activity; sid:38025801; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 69.30.249.147 80 (msg: "MISP e27729 [Havoc,WII] Outgoing To IP: 69.30.249.147|80"; classtype:trojan-activity; sid:38025811; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 46.41.139.162 445 (msg: "MISP e27729 [HOMEPL-AS,Responder] Outgoing To IP: 46.41.139.162|445"; classtype:trojan-activity; sid:38025821; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 167.56.66.0 995 (msg: "MISP e27729 [Administracion Nacional de Telecomunicaciones,QakBot] Outgoing To IP: 167.56.66.0|995"; classtype:trojan-activity; sid:38025831; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 39.51.186.81 995 (msg: "MISP e27729 [PKTELECOM-AS-PK Pakistan Telecommunication Company Limited,QakBot] Outgoing To IP: 39.51.186.81|995"; classtype:trojan-activity; sid:38025841; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 180.76.231.105 8888 (msg: "MISP e27729 [BAIDU Beijing Baidu Netcom Science and Technology Co. Ltd.,Supershell] Outgoing To IP: 180.76.231.105|8888"; classtype:trojan-activity; sid:38025851; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 121.41.168.126 8888 (msg: "MISP e27729 [ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Supershell] Outgoing To IP: 121.41.168.126|8888"; classtype:trojan-activity; sid:38025861; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 43.143.130.124 8888 (msg: "MISP e27729 [Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited] Outgoing To IP: 43.143.130.124|8888"; classtype:trojan-activity; sid:38025871; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 104.233.187.229 8888 (msg: "MISP e27729 [PEG-SV,Supershell] Outgoing To IP: 104.233.187.229|8888"; classtype:trojan-activity; sid:38025881; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert ip $HOME_NET any -> 206.238.113.242 80 (msg: "MISP e27729 [Hookbot Pegasus,TERAEXCH] Outgoing To IP: 206.238.113.242|80"; classtype:trojan-activity; sid:38025891; rev:1; priority:2; reference:url,https://misp.finsin.cl/events/view/27729;) alert dns any any -> any any (msg: "MISP e27007 [] Domain olukainorge.com"; dns.query; content:"olukainorge.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])olukainorge\.com$/i"; classtype:trojan-activity; sid:38174701; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain olukainorge.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"olukainorge.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])olukainorge\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174702; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert dns any any -> any any (msg: "MISP e27007 [] Domain vivobarefootsouthafrica-za.com"; dns.query; content:"vivobarefootsouthafrica-za.com"; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefootsouthafrica\-za\.com$/i"; classtype:trojan-activity; sid:38174711; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg: "MISP e27007 [] Outgoing HTTP Domain vivobarefootsouthafrica-za.com"; flow:to_server,established; http.header; content: "Host|3a|"; nocase; http.header; content:"vivobarefootsouthafrica-za.com"; fast_pattern; nocase; pcre: "/(^|[^A-Za-z0-9-])vivobarefootsouthafrica\-za\.com[^A-Za-z0-9-\.]/Hi"; tag:session,600,seconds; classtype:trojan-activity; sid:38174712; rev:1; priority:3; reference:url,https://misp.finsin.cl/events/view/27007;) alert http $HOME_NET any -> 80.87.206.36 $HTTP_PORTS (msg: "MISP e27882 [] Outgoing URL http|3a|//80.87.206.36/a"; flow:to_server,established; http.header; content:"80.87.206.36"; fast_pattern; nocase; http.uri; content:"/a"; nocase; tag:session,600,seconds; classtype:trojan-activity; sid:38135721; rev:1; priority:1; reference:url,https://misp.finsin.cl/events/view/27882;)